From mwd at md5i.com Thu Aug 1 04:07:48 2013 From: mwd at md5i.com (Michael Welsh Duggan) Date: Wed, 31 Jul 2013 21:07:48 -0400 Subject: [Dovecot] Maildir permissions and Solr re-indexing References: Message-ID: <87pptyfcbf.fsf@maru2.md5i.com> Joseph Tam writes: > Michael Welsh Duggan writes: > >> All the files in my Maildir are owned by md5i:mail (I am md5i), and have >> 660 permissions. All directories have the same user:group permissions, >> and 770 with the setguid bit set. (That last may not be necessary, but >> ... >> >> doveadm(md5i): Error: >> fchown(/home/md5i/Maildir/.mail.test/dovecot.index.log.newlock, >> group=8(mail)) failed: Operation not permitted (egid=1000(md5i), >> group based on /home/md5i/Maildir/.mail.test - see >> http://wiki2.dovecot.org/Errors/ChgrpNoPerm) >> >> After this, each directory has a dovecot.index.log with md5i:md5i 600 >> permissions. > > I think the cause is clear enough: you (user=md5i/uid=1000) are not > part of group mail (gid=8), so the dovecot user process doing things on > your behalf cannot create index files that are anlogous to the mailbox > it's indexing. > > You can either > > 1) add "md5i" to group mail > 2) remove g+w permission on your mail files (making group > membership irrelevant) > 3) fiddle with "mail_privileged_group = mail", but I'm a little > hazy on all the ramifications of this. > > I don't know your particular circumstances, so I don't know which > is best. If (big if) nothing on your system (particularly the MTA) > requires access to your mail spool files by running as group=mail, > probably 2) is your best option. Thank you. 2) did the trick, and I think I understand how this works now. -- Michael Welsh Duggan (md5i at md5i.com) From aoster at novanetwork.de Thu Aug 1 11:09:09 2013 From: aoster at novanetwork.de (Andreas Oster) Date: Thu, 01 Aug 2013 10:09:09 +0200 Subject: [Dovecot] trouble with setting individual quota values for multiple namespaces Message-ID: Hello all please apologize that I repost this problem again. I tried to get some help several times on the list but did not find/get a solution. I am still struggling to setup different quotas for namespaces. In addition to the default "INBOX" namespace I have created a namespace called "MailArchive" which should have its own quota value of 5G per user. At first I configured quota2 like this: quota2 = maildir:MailArchive quota:ns=MailArchive/ quota2_rule = *:storage=5G and this seemd to work quite well. Users, accessing the MailArchive namespace can see the 5G limit in their mail client, unfortunately in the mail.err log file, errors like these repeatedly appear: Jul 29 11:40:24 mailserver dovecot: imap(testuser): Error: quota: Unknown namespace: MailArchive/ Jul 29 11:41:43 dovecot: last message repeated 47 times In the WIKI I have read, that in order to have quota for different namespaces, one would have to use different quota backends so I changed the quota config for the MailArchive namespace to SQL. namespace inbox { disabled = no hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe driver = special_use = \Drafts } mailbox Junk { auto = subscribe driver = special_use = \Junk } mailbox Sent { auto = subscribe driver = special_use = \Sent } mailbox "Sent Messages" { auto = no driver = special_use = \Sent } mailbox Trash { auto = subscribe driver = special_use = \Trash } prefix = separator = / subscriptions = yes type = private } namespace { disabled = no hidden = no ignore_on_failure = no inbox = no list = yes location = maildir:/var/vmail/archive/%Ln/Maildir mailbox "Archived Mails" { auto = subscribe driver = } prefix = MailArchive/ separator = / subscriptions = yes type = private } plugin { quota = maildir:User quota:ns= quota2 = dict:Archive Quota:%u.mailarchive:ns=MailArchive/:proxy::sqlquota quota2_rule = *:storage=5G quota_rule = *:storage=1G quota_rule2 = Trash:storage=+200M } dict { sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } Unfortunately this did not change anything. Quota is working like expected but I still get the same errors in mail.err. I am currently using dovecot version 2.2.4. Thank you for your kind help best regards Andreas From Jost.Krieger+dovecot at rub.de Thu Aug 1 11:31:02 2013 From: Jost.Krieger+dovecot at rub.de (Jost Krieger) Date: 1 Aug 2013 10:31:02 +0200 Subject: [Dovecot] Antispam folder names Message-ID: <20130801083102.GO32299@ruhr-uni-bochum.de> Is there anywhere a collection of folder names for the antispam_trash and antispam_spam configuration? Our problem is that in academia, you have a vast amount of different clients, and some, like Microsoft, use language-specific folder names *on the server*. So we're now collecting folder names to better handle the rare cases. Two more problems: 1. We needed to fix UTF-8 handling in the plugin, so that we kow canb say antispam_trash_pattern_ignorecase = gel?scht* in place of :set sp antispam_trash_pattern_ignorecase = gel&APY-scht* 2. Some clients allow prefixing the IMAP folders with a fixed name, often "INBOX". So we would like to specify something like antispam_trash_pattern_ignorecase = Junk*;*/Junk* which is not supported. Working on a patch ... Yours Jost -- | Helft Spam ausrotten! HTML in Mail ist unh?flich. | | Postmaster, JAPH, manchmal Wahrsager am RZ der RUB | | Wahre Worte sind nicht gef?llig, gef?llige Worte sind nicht wahr.| | Lao Tse, Tao Te King 81 | From AxelLuttgens at swing.be Thu Aug 1 13:11:55 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Thu, 1 Aug 2013 12:11:55 +0200 Subject: [Dovecot] 2.2.4 - quota-status changing the user it is running as In-Reply-To: <90360D60-DD05-4DB8-A0B7-3372B6083461@swing.be> References: <90360D60-DD05-4DB8-A0B7-3372B6083461@swing.be> Message-ID: <5F4413BC-3C85-4523-BA45-F9802E100BA4@swing.be> Le 30 juil. 2013 ? 20:36, Axel Luttgens a ?crit : > [...] > Do you really mean "either", not "both"? I ask, because those patches seem to intervene at quite different levels (but I guess I'll have, one day or another, to get more acquainted with Dovecot's coding, so as not to come with such silly questions...). > [...] So, even if I could only test a unique mail uid/gid (i.e. dovemailer/dovemailer) kind of setup, I've applied both patches so as to verify they don't enter in conflict. Seems to be fine now with my initial attempt: service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-policyd { user = postfix } } as far as the switch from root to dovemailer is concerned: the service doesn't complain anymore about not being able to access the config. On the other hand, trying to run the service as another user: service quota-status { client_limit = 1 executable = quota-status -p postfix user = dovemailer group = dovemailer unix_listener /var/spool/postfix/private/quota-policyd { user = postfix } } unfortunately still requires to relax the permissions on the config unix socket: service config { unix_listener config { group = dovemailer mode = 0660 } } so as to avoid such immediate failures: quota-status: Fatal: Error reading configuration: net_connect_unix(/_ROOT/var/run/dovecot/config) failed: Permission denied master: Error: service(quota-status): command startup failed, throttling for 2 secs But now a failure, very likely related to patch 2470bb9106b0, occurs at the first query: quota-status: Fatal: seteuid(0) failed: Operation not permitted Perhaps am I missing some needed setting in the case of that second config? Axel From tss at iki.fi Thu Aug 1 13:17:43 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 1 Aug 2013 13:17:43 +0300 Subject: [Dovecot] trouble with setting individual quota values for multiple namespaces In-Reply-To: References: Message-ID: <2B9C3A91-03D9-46E9-B704-234558484B3C@iki.fi> On 1.8.2013, at 11.09, Andreas Oster wrote: > please apologize that I repost this problem again. I tried to get some > help several times on the list but did not find/get a solution. > > I am still struggling to setup different quotas for namespaces. > > In addition to the default "INBOX" namespace I have created a namespace > called "MailArchive" which should have its own quota value of 5G per user. > > At first I configured quota2 like this: > > quota2 = maildir:MailArchive quota:ns=MailArchive/ > quota2_rule = *:storage=5G > > and this seemd to work quite well. Users, accessing the MailArchive > namespace can see the 5G limit in their mail client, unfortunately in > the mail.err log file, errors like these repeatedly appear: > > Jul 29 11:40:24 mailserver dovecot: imap(testuser): Error: quota: > Unknown namespace: MailArchive/ > Jul 29 11:41:43 dovecot: last message repeated 47 times I can't reproduce this, works fine for me. Show your entire doveconf -n output? Also set mail_debug=yes and show what it logs when you log in. > In the WIKI I have read, that in order to have quota for different > namespaces, one would have to use different quota backends so I changed > the quota config for the MailArchive namespace to SQL. The wiki was wrong, you can use two Maildir++ quota backends for different namespaces. I updated the wiki now. From tss at iki.fi Thu Aug 1 13:44:08 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 1 Aug 2013 13:44:08 +0300 Subject: [Dovecot] 2.2.4 - quota-status changing the user it is running as In-Reply-To: <5F4413BC-3C85-4523-BA45-F9802E100BA4@swing.be> References: <90360D60-DD05-4DB8-A0B7-3372B6083461@swing.be> <5F4413BC-3C85-4523-BA45-F9802E100BA4@swing.be> Message-ID: <90CCBF21-9238-4ABA-A7F7-3B765B515265@iki.fi> On 1.8.2013, at 13.11, Axel Luttgens wrote: > Le 30 juil. 2013 ? 20:36, Axel Luttgens a ?crit : > >> [...] >> Do you really mean "either", not "both"? I ask, because those patches seem to intervene at quite different levels (but I guess I'll have, one day or another, to get more acquainted with Dovecot's coding, so as not to come with such silly questions...). >> [?] I meant "either". > So, even if I could only test a unique mail uid/gid (i.e. dovemailer/dovemailer) kind of setup, I've applied both patches so as to verify they don't enter in conflict. > On the other hand, trying to run the service as another user: > > service quota-status { > client_limit = 1 > executable = quota-status -p postfix > user = dovemailer > group = dovemailer > unix_listener /var/spool/postfix/private/quota-policyd { > user = postfix > } > } > > unfortunately still requires to relax the permissions on the config unix socket: > > service config { > unix_listener config { > group = dovemailer > mode = 0660 > } > } > > so as to avoid such immediate failures: > > quota-status: Fatal: Error reading configuration: net_connect_unix(/_ROOT/var/run/dovecot/config) failed: Permission denied > master: Error: service(quota-status): command startup failed, throttling for 2 secs Yeah. Hmm. I guess this is a good idea to fix too: http://hg.dovecot.org/dovecot-2.2/rev/eb63eca74471 Although now if the config process crashes, this error comes back and Dovecot can't fix it automatically. That's in my TODO as well. Config process never crashes though :) > But now a failure, very likely related to patch 2470bb9106b0, occurs at the first query: > > quota-status: Fatal: seteuid(0) failed: Operation not permitted Fixed: http://hg.dovecot.org/dovecot-2.2/rev/43488e1044c9 From tss at iki.fi Thu Aug 1 14:20:49 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 1 Aug 2013 14:20:49 +0300 Subject: [Dovecot] Dovecot v2.2.4 (ebbe00999da8) doveadm crash In-Reply-To: <51F7ACC7.8050500@gmx.de> References: <51E57DDD.6090200@gmx.de> <76E43277-6B6B-46E6-A7FC-36F5193D03E2@iki.fi> <51F7ACC7.8050500@gmx.de> Message-ID: <1ABFC54B-F077-4E8F-B320-EB88AD1D3CE9@iki.fi> On 30.7.2013, at 15.08, e-frog wrote: >> Fixed the crash: http://hg.dovecot.org/dovecot-2.2/rev/0cab916b28c6 > > Thanks, with this change I get an error message instead of the crash: > doveadm(test1 at local.lan): Fatal: seteuid(0) failed: Operation not permitted Try once more with latest hg. Should be at least a different error now? From srf at sanger.ac.uk Thu Aug 1 14:56:20 2013 From: srf at sanger.ac.uk (Simon Fraser) Date: Thu, 01 Aug 2013 12:56:20 +0100 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <1375088722.26546.2.camel@ubu101751> References: <1374834533.6696.10.camel@ubu101751> <1375088722.26546.2.camel@ubu101751> Message-ID: <1375358180.3649.66.camel@ubu101751> Hi, is there anything I can do to help debug this - any tools I should run to discover where the cause might be? Simon. On Mon, 2013-07-29 at 10:05 +0100, Simon Fraser wrote: > On Fri, 2013-07-26 at 20:26 +0200, Daniel Parthey wrote: > > Hi Simon, > > > > Version 2.2.2 is not current any more. I would try to update to the > > latest stable version 2.2.4 first, since some dsync bugs have been > > fixed between 2.2.2 and 2.2.4: > > I've now upgraded to 2.2.4 (and pigeonhole 0.4.1 from 0.4.0 at the same > time). I'm still experiencing the same problem, with both Maildir and > mdbox format mailboxes. > > My test imap connection is to only one of the servers at a time - I can > reproduce this using 'telnet server imap' and issuing "store +flags > (\Deleted)" and expunge as well as deleting messages with a mail client. > > Thanks, > Simon. > > > > -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From tss at iki.fi Thu Aug 1 15:02:05 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 01 Aug 2013 15:02:05 +0300 Subject: [Dovecot] trouble with setting individual quota values for multiple namespaces In-Reply-To: <2B9C3A91-03D9-46E9-B704-234558484B3C@iki.fi> References: <2B9C3A91-03D9-46E9-B704-234558484B3C@iki.fi> Message-ID: <1375358525.31867.0.camel@innu.dovecot.net> On Thu, 2013-08-01 at 13:17 +0300, Timo Sirainen wrote: > On 1.8.2013, at 11.09, Andreas Oster wrote: > > > please apologize that I repost this problem again. I tried to get some > > help several times on the list but did not find/get a solution. > > > > I am still struggling to setup different quotas for namespaces. > > > > In addition to the default "INBOX" namespace I have created a namespace > > called "MailArchive" which should have its own quota value of 5G per user. > > > > At first I configured quota2 like this: > > > > quota2 = maildir:MailArchive quota:ns=MailArchive/ > > quota2_rule = *:storage=5G > > > > and this seemd to work quite well. Users, accessing the MailArchive > > namespace can see the 5G limit in their mail client, unfortunately in > > the mail.err log file, errors like these repeatedly appear: > > > > Jul 29 11:40:24 mailserver dovecot: imap(testuser): Error: quota: > > Unknown namespace: MailArchive/ > > Jul 29 11:41:43 dovecot: last message repeated 47 times > > I can't reproduce this, works fine for me. Show your entire doveconf -n output? Also set mail_debug=yes and show what it logs when you log in. Fixed, happened because of shared mailboxes: http://hg.dovecot.org/dovecot-2.2/rev/1705bf7bf484 From tss at iki.fi Thu Aug 1 15:09:40 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 01 Aug 2013 15:09:40 +0300 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <1374834533.6696.10.camel@ubu101751> References: <1374834533.6696.10.camel@ubu101751> Message-ID: <1375358980.31867.5.camel@innu.dovecot.net> On Fri, 2013-07-26 at 11:28 +0100, Simon Fraser wrote: > I am running dovecot 2.2.2 with tcp based replication, and experiencing > some duplicated emails. `doveconf -n` output is below. Are both of the servers using the same mailbox format? > I have narrowed it down to the following scenario: > > An email arrives, and is successfully replicated to both nodes. It is in > INBOX/new/ at this point on both servers. > > Connect with a mail client, and delete the message - without delayed > expunge. So, for example, mutt (press 'd' then '$' to sync the mailbox), > or Evolution set to immediately delete. Can you reproduce this by disabling automatic replication (e.g. just remove replicator from mail_plugins) and running dsync manually? So basically delete the message, then run: doveadm sync -r rawlog -u user at domain -d If that reproduces it, send the rawlog to me. > The following log entry appears on the server the client is connected > to: > > Jul 26 10:40:55 intmail3a dovecot: imap(srf): > Warning: /mail/spool/s/srf/mail/INBOX/dovecot-uidlist: Duplicate file > entry at line 5: 1374831638.M830754P11591.intmail3a,S=1289,W=1321 (uid > 733481 -> 733482) - retrying by re-reading from beginning > Jul 26 10:40:55 intmail3a dovecot: imap(srf): Warning: > Maildir /mail/spool/s/srf/mail/INBOX: Expunged message reappeared, > giving a new UID (old uid=733481, > file=1374831638.M830754P11591.intmail3a,S=1289,W=1321) This seems to be a bug of its own regardless of what happens with replication. From aoster at novanetwork.de Thu Aug 1 15:18:10 2013 From: aoster at novanetwork.de (Andreas Oster) Date: Thu, 01 Aug 2013 14:18:10 +0200 Subject: [Dovecot] trouble with setting individual quota values for multiple namespaces In-Reply-To: <1375358525.31867.0.camel@innu.dovecot.net> References: <2B9C3A91-03D9-46E9-B704-234558484B3C@iki.fi> <1375358525.31867.0.camel@innu.dovecot.net> Message-ID: <51FA5202.2030000@novanetwork.de> Am 01.08.2013 14:02, schrieb Timo Sirainen: > On Thu, 2013-08-01 at 13:17 +0300, Timo Sirainen wrote: >> On 1.8.2013, at 11.09, Andreas Oster wrote: >> >>> please apologize that I repost this problem again. I tried to get some >>> help several times on the list but did not find/get a solution. >>> >>> I am still struggling to setup different quotas for namespaces. >>> >>> In addition to the default "INBOX" namespace I have created a namespace >>> called "MailArchive" which should have its own quota value of 5G per user. >>> >>> At first I configured quota2 like this: >>> >>> quota2 = maildir:MailArchive quota:ns=MailArchive/ >>> quota2_rule = *:storage=5G >>> >>> and this seemd to work quite well. Users, accessing the MailArchive >>> namespace can see the 5G limit in their mail client, unfortunately in >>> the mail.err log file, errors like these repeatedly appear: >>> >>> Jul 29 11:40:24 mailserver dovecot: imap(testuser): Error: quota: >>> Unknown namespace: MailArchive/ >>> Jul 29 11:41:43 dovecot: last message repeated 47 times >> >> I can't reproduce this, works fine for me. Show your entire doveconf -n output? Also set mail_debug=yes and show what it logs when you log in. > > Fixed, happened because of shared mailboxes: > http://hg.dovecot.org/dovecot-2.2/rev/1705bf7bf484 > > > Hello Timo, that was really fast, thank you very much. I will try your patch and report my findings. best regards Andreas From aoster at novanetwork.de Thu Aug 1 15:18:10 2013 From: aoster at novanetwork.de (Andreas Oster) Date: Thu, 01 Aug 2013 14:18:10 +0200 Subject: [Dovecot] trouble with setting individual quota values for multiple namespaces In-Reply-To: <1375358525.31867.0.camel@innu.dovecot.net> References: <2B9C3A91-03D9-46E9-B704-234558484B3C@iki.fi> <1375358525.31867.0.camel@innu.dovecot.net> Message-ID: <51FA5202.2030000@novanetwork.de> Am 01.08.2013 14:02, schrieb Timo Sirainen: > On Thu, 2013-08-01 at 13:17 +0300, Timo Sirainen wrote: >> On 1.8.2013, at 11.09, Andreas Oster wrote: >> >>> please apologize that I repost this problem again. I tried to get some >>> help several times on the list but did not find/get a solution. >>> >>> I am still struggling to setup different quotas for namespaces. >>> >>> In addition to the default "INBOX" namespace I have created a namespace >>> called "MailArchive" which should have its own quota value of 5G per user. >>> >>> At first I configured quota2 like this: >>> >>> quota2 = maildir:MailArchive quota:ns=MailArchive/ >>> quota2_rule = *:storage=5G >>> >>> and this seemd to work quite well. Users, accessing the MailArchive >>> namespace can see the 5G limit in their mail client, unfortunately in >>> the mail.err log file, errors like these repeatedly appear: >>> >>> Jul 29 11:40:24 mailserver dovecot: imap(testuser): Error: quota: >>> Unknown namespace: MailArchive/ >>> Jul 29 11:41:43 dovecot: last message repeated 47 times >> >> I can't reproduce this, works fine for me. Show your entire doveconf -n output? Also set mail_debug=yes and show what it logs when you log in. > > Fixed, happened because of shared mailboxes: > http://hg.dovecot.org/dovecot-2.2/rev/1705bf7bf484 > > > Hello Timo, that was really fast, thank you very much. I will try your patch and report my findings. best regards Andreas From tss at iki.fi Thu Aug 1 15:29:15 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 1 Aug 2013 15:29:15 +0300 Subject: [Dovecot] 2.2.4 - Some questions about and needing help with quota-status In-Reply-To: References: <99EDABF1-7E72-4044-B6B9-58E936248C14@swing.be> <2CFCCEC9-3CBD-4A3C-8256-620FED5B957D@swing.be> Message-ID: On 19.7.2013, at 16.02, Axel Luttgens wrote: > Le 18 juil. 2013 ? 11:25, Axel Luttgens a ?crit : > >> [...] >> It is to be noted that no lines in the log are related to possible problems encountered for launching [the dict server]. It is a bit as if quota_check() in src/plugins/quota/quota-status.c always immediately returned with 1 at the first test. >> [...] > > Tracing with gdb, it appears this is indeed the case. > > Here's the beginning of quota_check(): > > static int > quota_check(struct mail_user *user, uoff_t mail_size, const char **error_r) > { > struct quota_user *quser = QUOTA_USER_CONTEXT(user); > [...] > > if (quser == NULL) { > /* no quota for user */ > return 1; > } > [...] > > and one has for quser: > > (gdb) p quser > $1 = (struct quota_user *) 0x0 And if you're still stuck with this, set a breakpoint to quota_mail_user_created and step through it to figure out why MODULE_CONTEXT_SET() isn't being called. From AxelLuttgens at swing.be Thu Aug 1 15:31:31 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Thu, 1 Aug 2013 14:31:31 +0200 Subject: [Dovecot] 2.2.4 - quota-status changing the user it is running as In-Reply-To: <90CCBF21-9238-4ABA-A7F7-3B765B515265@iki.fi> References: <90360D60-DD05-4DB8-A0B7-3372B6083461@swing.be> <5F4413BC-3C85-4523-BA45-F9802E100BA4@swing.be> <90CCBF21-9238-4ABA-A7F7-3B765B515265@iki.fi> Message-ID: Le 1 ao?t 2013 ? 12:44, Timo Sirainen a ?crit : > On 1.8.2013, at 13.11, Axel Luttgens wrote: > >> [...] >> unfortunately still requires to relax the permissions on the config unix socket: >> [...] > > Yeah. Hmm. I guess this is a good idea to fix too: http://hg.dovecot.org/dovecot-2.2/rev/eb63eca74471 Fine! Seems to do the job here; and I guess this is a more wide change that may prove helpful for other cases as well. > Although now if the config process crashes, this error comes back and Dovecot can't fix it automatically. That's in my TODO as well. Haven't you already begun to work on that (just had a quick look at the hg)? > Config process never crashes though :) Indeed. Never saw such an ugly event happen up to now. ;-) >> But now a failure, very likely related to patch 2470bb9106b0, occurs at the first query: >> >> quota-status: Fatal: seteuid(0) failed: Operation not permitted > > Fixed: http://hg.dovecot.org/dovecot-2.2/rev/43488e1044c9 As a summary, with: http://hg.dovecot.org/dovecot-2.2/rev/2470bb9106b0 http://hg.dovecot.org/dovecot-2.2/rev/51b8020b29f6 http://hg.dovecot.org/dovecot-2.2/rev/eb63eca74471 http://hg.dovecot.org/dovecot-2.2/rev/43488e1044c9 it seems that either: service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-policyd { user = postfix } } or: service quota-status { client_limit = 1 executable = quota-status -p postfix user = dovemailer unix_listener /var/spool/postfix/private/quota-policyd { user = postfix } } are now functional, without any additional settings needed. Many thanks, Timo. Axel PS - I may now focus on why the hell I always get "action=OK"... From tss at iki.fi Thu Aug 1 15:36:37 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 1 Aug 2013 15:36:37 +0300 Subject: [Dovecot] SSL warning messages In-Reply-To: References: Message-ID: On 18.7.2013, at 19.33, Anand Kumria wrote: > I've had the following appear in my logfile, and am just wondering > what the warning means? > > dovecot: managesieve-login: Warning: SSL alert: where=0x4008, ret=256: > warning close notify [a.b.c.d] > dovecot: imap-login: Warning: SSL alert: where=0x4004, ret=256: > warning close notify [w.x.y.z] > > Should I be worrying about these kinds of messages? No. They are normal. Since this gets asked a bit too often, changing it to a debug message should help I hope: http://hg.dovecot.org/dovecot-2.2/rev/2714f51e2355 Anyway, you probably shouldn't be using verbose_ssl=yes unless you're actually debugging some SSL issues (I guess the setting should have really been named ssl_debug=yes). From aoster at novanetwork.de Thu Aug 1 16:10:41 2013 From: aoster at novanetwork.de (Andreas Oster) Date: Thu, 01 Aug 2013 15:10:41 +0200 Subject: [Dovecot] trouble with setting individual quota values for multiple namespaces In-Reply-To: <1375358525.31867.0.camel@innu.dovecot.net> References: <2B9C3A91-03D9-46E9-B704-234558484B3C@iki.fi> <1375358525.31867.0.camel@innu.dovecot.net> Message-ID: <51FA5E51.9090705@novanetwork.de> Am 01.08.2013 14:02, schrieb Timo Sirainen: > On Thu, 2013-08-01 at 13:17 +0300, Timo Sirainen wrote: >> On 1.8.2013, at 11.09, Andreas Oster wrote: >> >>> please apologize that I repost this problem again. I tried to get some >>> help several times on the list but did not find/get a solution. >>> >>> I am still struggling to setup different quotas for namespaces. >>> >>> In addition to the default "INBOX" namespace I have created a namespace >>> called "MailArchive" which should have its own quota value of 5G per user. >>> >>> At first I configured quota2 like this: >>> >>> quota2 = maildir:MailArchive quota:ns=MailArchive/ >>> quota2_rule = *:storage=5G >>> >>> and this seemd to work quite well. Users, accessing the MailArchive >>> namespace can see the 5G limit in their mail client, unfortunately in >>> the mail.err log file, errors like these repeatedly appear: >>> >>> Jul 29 11:40:24 mailserver dovecot: imap(testuser): Error: quota: >>> Unknown namespace: MailArchive/ >>> Jul 29 11:41:43 dovecot: last message repeated 47 times >> >> I can't reproduce this, works fine for me. Show your entire doveconf -n output? Also set mail_debug=yes and show what it logs when you log in. > > Fixed, happened because of shared mailboxes: > http://hg.dovecot.org/dovecot-2.2/rev/1705bf7bf484 > > > Hello Timo, thanks to your patch the error messages have disappeared. Thank you very much for your kind help. best regards Andreas From aoster at novanetwork.de Thu Aug 1 16:10:41 2013 From: aoster at novanetwork.de (Andreas Oster) Date: Thu, 01 Aug 2013 15:10:41 +0200 Subject: [Dovecot] trouble with setting individual quota values for multiple namespaces In-Reply-To: <1375358525.31867.0.camel@innu.dovecot.net> References: <2B9C3A91-03D9-46E9-B704-234558484B3C@iki.fi> <1375358525.31867.0.camel@innu.dovecot.net> Message-ID: <51FA5E51.9090705@novanetwork.de> Am 01.08.2013 14:02, schrieb Timo Sirainen: > On Thu, 2013-08-01 at 13:17 +0300, Timo Sirainen wrote: >> On 1.8.2013, at 11.09, Andreas Oster wrote: >> >>> please apologize that I repost this problem again. I tried to get some >>> help several times on the list but did not find/get a solution. >>> >>> I am still struggling to setup different quotas for namespaces. >>> >>> In addition to the default "INBOX" namespace I have created a namespace >>> called "MailArchive" which should have its own quota value of 5G per user. >>> >>> At first I configured quota2 like this: >>> >>> quota2 = maildir:MailArchive quota:ns=MailArchive/ >>> quota2_rule = *:storage=5G >>> >>> and this seemd to work quite well. Users, accessing the MailArchive >>> namespace can see the 5G limit in their mail client, unfortunately in >>> the mail.err log file, errors like these repeatedly appear: >>> >>> Jul 29 11:40:24 mailserver dovecot: imap(testuser): Error: quota: >>> Unknown namespace: MailArchive/ >>> Jul 29 11:41:43 dovecot: last message repeated 47 times >> >> I can't reproduce this, works fine for me. Show your entire doveconf -n output? Also set mail_debug=yes and show what it logs when you log in. > > Fixed, happened because of shared mailboxes: > http://hg.dovecot.org/dovecot-2.2/rev/1705bf7bf484 > > > Hello Timo, thanks to your patch the error messages have disappeared. Thank you very much for your kind help. best regards Andreas From felixrubiodalmau at gmail.com Thu Aug 1 16:43:26 2013 From: felixrubiodalmau at gmail.com (Felix Rubio Dalmau) Date: Thu, 01 Aug 2013 15:43:26 +0200 Subject: [Dovecot] misconception in uid and gid Message-ID: <1835876.F3jSxvAigA@jarvis> Hi, I'm using a SQL database to store the usernames and passwords of my users. However, I have found that I must explicitly return the uid and gid with every query, even though all virtual users use the same uid and gid. The query, that works, is: user_query = SELECT mail, 'vmail' AS uid, 'vmail' AS gid, home, CONCAT('*:storage=', quota_MB*1024) AS quota_rule \ FROM virtual_users AS V LEFT JOIN virtual_domains AS D ON V.domain_id=D.id WHERE V.user='%n' AND D.name='%d' Nevertheless, if I remove the segments "'vmail' AS uid, 'vmail' AS gid" and modify the file conf.d/10-mail.conf to show mail_uid = vmail mail_gid = vmail I get this error: dovecot: auth: Error: userdb(): client doesn't have lookup permissions for this user: userdb reply doesn't contain uid (change userdb socket permissions) Does anybody know what is wrong in my set-up? Regards, Felix From srf at sanger.ac.uk Thu Aug 1 17:02:44 2013 From: srf at sanger.ac.uk (Simon Fraser) Date: Thu, 01 Aug 2013 15:02:44 +0100 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <1375358980.31867.5.camel@innu.dovecot.net> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> Message-ID: <1375365764.15036.11.camel@ubu101751> On Thu, 2013-08-01 at 15:09 +0300, Timo Sirainen wrote: > On Fri, 2013-07-26 at 11:28 +0100, Simon Fraser wrote: > > > I am running dovecot 2.2.2 with tcp based replication, and experiencing > > some duplicated emails. `doveconf -n` output is below. > > Are both of the servers using the same mailbox format? Yes, they are. `doveconf -n | grep mail_location` on both nodes gives: mail_location = maildir:~/mail:INBOX=~/mail/INBOX I've also tried with mdbox. > > Connect with a mail client, and delete the message - without delayed > > expunge. So, for example, mutt (press 'd' then '$' to sync the mailbox), > > or Evolution set to immediately delete. > > Can you reproduce this by disabling automatic replication (e.g. just > remove replicator from mail_plugins) and running dsync manually? So > basically delete the message, then run: > > doveadm sync -r rawlog -u user at domain -d > > If that reproduces it, send the rawlog to me. I can't reproduce it with that, sorry. Message deletion appears to work that way, and the command only produces I/O leak errors: dsync-local(srf at sanger.ac.uk): Warning: I/O leak: 0x7f00e50cc960 (line 341, fd 9) Using mail delivery and imap connections to node 'a' only, I have tried: 1) mail delivered, connecting/deleting/expunging, then sync 2) mail delivered, syncing, connecting/deleting/expunging, not syncing, then checking 3) mail delivered, syncing, connecting/deleting/expunging, syncing None cause the message to reappear. I tried initiating the sync from both nodes, just in case. Leaving the replication plugin enabled causes it to happen, though, so perhaps my timing is off. Other things I have discovered by running 'watch' or a while loop, both grepping the mail_location for my test subject line: A message is visible over imap before being written to mail_location. If I can manage to delete it in this time (there isn't much time!) then the message does not reappear. When the message reappears it gets a different filename (please excuse the grep output on the end): cur/1375364237.M969208P14576.intmail3a,S=2672,W=2731:2,:Subject: dup test is replaced with: cur/1375364242.M782761P838.intmail3b,S=2672,W=2731:2,:Subject: dup test This occurs less than a second after the expunge. There's only a log entry on intmail3a, not 3b: Aug 1 14:37:26 intmail3a dovecot: imap(srf): Warning: /mail/spool/s/srf/mail/INBOX/dovecot-uidlist: Duplicate file entry at line 105: 1375364237.M969208P14576.intmail3a,S=2672,W=2731 (uid 772051 -> 772052) I'm happy to run as many diagnostics as required, just let me know what you'd like. Simon. -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From ulrich-dovecot at topfen.net Thu Aug 1 17:27:02 2013 From: ulrich-dovecot at topfen.net (Ulrich Zehl) Date: Thu, 1 Aug 2013 16:27:02 +0200 Subject: [Dovecot] 2.2.4 - quota-status changing the user it is running as In-Reply-To: References: <90360D60-DD05-4DB8-A0B7-3372B6083461@swing.be> <5F4413BC-3C85-4523-BA45-F9802E100BA4@swing.be> <90CCBF21-9238-4ABA-A7F7-3B765B515265@iki.fi> Message-ID: <20130801142702.GA11515@zwirn.topfen.net> On Thu, Aug 01, 2013 at 02:31:31PM +0200, Axel Luttgens wrote: > > http://hg.dovecot.org/dovecot-2.2/rev/2470bb9106b0 > http://hg.dovecot.org/dovecot-2.2/rev/51b8020b29f6 > http://hg.dovecot.org/dovecot-2.2/rev/eb63eca74471 > http://hg.dovecot.org/dovecot-2.2/rev/43488e1044c9 Is there any chance to get these backported to 2.1 as well? After all, it has the same issues without these patches. The individual patches seem to apply just fine to current 2.1 tip without any code changes: $ patch -p1 < p/2470bb9106b0 patching file src/lib-storage/mail-storage-service.c Hunk #1 succeeded at 946 (offset -21 lines). Hunk #2 succeeded at 966 (offset -21 lines). $ patch -p1 < p/51b8020b29f6 patching file src/plugins/quota/quota-status.c Hunk #1 succeeded at 218 (offset 3 lines). $ patch -p1 < p/eb63eca74471 patching file src/lib-master/master-service-settings.c Hunk #1 succeeded at 323 (offset -13 lines). patching file src/lib-master/master-service-settings.h Hunk #1 succeeded at 53 (offset -3 lines). patching file src/lib-master/master-service.c Hunk #1 succeeded at 229 (offset -7 lines). patching file src/lib-master/master-service.h Hunk #1 succeeded at 12 (offset -3 lines). $ patch -p1 < p/43488e1044c9 patching file src/lib-storage/mail-storage-service.c Hunk #1 succeeded at 728 with fuzz 2 (offset -20 lines). After that, everything works just fine and as expected, as Axel described for 2.2: - Running under non-root user is possible - Querying for more than one user under the same connection is possible $ printf "recipient=m.mustermann at example.net\nsize=1234\n\nrecipient=m.mustermann at example.net\nsize=12340000\n\nrecipient=test at example.net\nsize=12340000\n\n" | nc 127.0.0.1 12340 action=OK action=REJECT Over quota action=REJECT Over quota So it seems to me that I can apply them well enough on my own. I'd just like them to come with the default source, so I cannot forget them when upgrading. :-) Ulrich From ulrich-dovecot at topfen.net Thu Aug 1 17:39:40 2013 From: ulrich-dovecot at topfen.net (Ulrich Zehl) Date: Thu, 1 Aug 2013 16:39:40 +0200 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: <20130730132047.GA31198@nihlus.leuxner.net> References: <20130730132047.GA31198@nihlus.leuxner.net> Message-ID: <20130801143940.GA20958@zwirn.topfen.net> On Tue, Jul 30, 2013 at 03:20:47PM +0200, Thomas Leuxner wrote: > This is probably intended behaviour, just want to make sure that I'm not > missing a point here. For now the only fix that comes to my mind to create > "quota aware" aliases - is creating 'dummy' users in Dovecot which point to > the same mailbox rather than performing aliasing on the Postfix end. Open > to suggestions... It depends on your user and/or alias database (i.e. how and where they're stored). I use LDAP, and configured Dovecot's userdb lookup to handle both "main" and "alias" addresses, like so: user_filter = (|(mail=%u)(mailAlternateAddress=%u)) (As far as Dovecot is concerned, there's actually no difference between "main" and "alias".) If you store your mailbox and alias information in the same data source (LDAP, SQL, ...), you should be able to do the same. From skdovecot at smail.inf.fh-brs.de Thu Aug 1 17:52:20 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 1 Aug 2013 16:52:20 +0200 (CEST) Subject: [Dovecot] Getting default uid/gid of users via socket for virtual user support for sendmail Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm trying to make my life easier with sendmail and virtual users. For that I'd like to pass sendmail the home directory and uid/gid for each user. The user data is storred in a LDAP,& I retrieve it from the auth-userdb socket fine. If I add uid / gid to each user, I get them via that socket as well, but is there a way I get the default uid/gid? I mean, without calling an external program, such as doveadm. There is an "initialize" phase, so the default information is retrieved just once per lifetime of the demon, but each time the sendmail binary is invoked. Kind regards, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUfp2JF3r2wJMiz2NAQL61Af+MuF1BTwaX+Tm+rOWe+smcVUzRmMYZdtL J08wDGNB2EyQ9a0zXwZleO/X3Jvaqr8HSHaC6oTzliS25yqPT4AYG0VVswZoyDTg hggyS9kVse2R1koLZKPAM1EatTmpTsKfUKDjsB3cxbYsBU5NYMJY+u4YATPTl7ui 46K4YmeL4xkKirRXc7j0fIMxdXttuD9zPq20qJ0p41HK2W0ECVHeQpUahozWY45h DREbwdZBZe9PeZNbfOYTLWnxPi1/FK/AX20QH3y3uxEhgMDfYAUHNwAleSCpack5 JEuVYwTPchxsH6uibk62qIsK/uWO3vZM0Zj18S0BBWDNvPhg0Nz92w== =abqh -----END PGP SIGNATURE----- From tss at iki.fi Thu Aug 1 18:08:04 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 1 Aug 2013 18:08:04 +0300 Subject: [Dovecot] Getting default uid/gid of users via socket for virtual user support for sendmail In-Reply-To: References: Message-ID: <3288F414-56C2-4310-8CD7-F0CBC42738A1@iki.fi> On 1.8.2013, at 17.52, Steffen Kaiser wrote: > I'm trying to make my life easier with sendmail and virtual users. For that I'd like to pass sendmail the home directory and uid/gid for each user. The user data is storred in a LDAP,& I retrieve it from the auth-userdb socket fine. > > If I add uid / gid to each user, I get them via that socket as well, but is there a way I get the default uid/gid? I mean, without calling an external program, such as doveadm. There is an "initialize" phase, so the default information is retrieved just once per lifetime of the demon, but each time the sendmail binary is invoked. You can't get the mail_uid/gid/home, because they really don't belong to auth process.. But what you could do with v2.2 is: userdb { driver = ldap args = .. default_fields = uid=1234 gid=1234 home=/home/user/%u } But anyway, what is sendmail going to be doing with these fields? For Postfix I've been trying to remove its need to know anything at all about users (only domains and aliases). From AxelLuttgens at swing.be Thu Aug 1 18:50:33 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Thu, 1 Aug 2013 17:50:33 +0200 Subject: [Dovecot] misconception in uid and gid In-Reply-To: <1835876.F3jSxvAigA@jarvis> References: <1835876.F3jSxvAigA@jarvis> Message-ID: <89AC3212-EFE6-41E5-A22D-97DC8E771218@swing.be> Le 1 ao?t 2013 ? 15:43, Felix Rubio Dalmau a ?crit : > [...] > > Nevertheless, if I remove the segments "'vmail' AS uid, 'vmail' AS gid" and modify the file conf.d/10-mail.conf to show > > mail_uid = vmail > mail_gid = vmail > > I get this error: > > dovecot: auth: Error: userdb(): client doesn't have lookup permissions for this user: userdb reply doesn't contain uid (change userdb socket permissions) > > Does anybody know what is wrong in my set-up? Hello Felix, Yes and no... This still remains a bit unclear to me, but you could try something like this: service auth { unix_listener auth-userdb { # default: user = $default_internal_user group = vmail # default: group = mode = 0660 # default: mode = 0666 } } The code has some provisions to avoid the auth-userdb to be too widely open, in spite of that default mode 0666. Changing that mode short-circuits those provisions, and the above is the most secure setting I could think of in the case of a single uid/gid setup. HTH, Axel From AxelLuttgens at swing.be Thu Aug 1 19:02:49 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Thu, 1 Aug 2013 18:02:49 +0200 Subject: [Dovecot] 2.2.4 - Some questions about and needing help with quota-status In-Reply-To: References: <99EDABF1-7E72-4044-B6B9-58E936248C14@swing.be> <2CFCCEC9-3CBD-4A3C-8256-620FED5B957D@swing.be> Message-ID: Le 1 ao?t 2013 ? 14:29, Timo Sirainen a ?crit : > And if you're still stuck with this, set a breakpoint to quota_mail_user_created and step through it to figure out why MODULE_CONTEXT_SET() isn't being called. Yes, still stuck. :-( Did you mean function quota_mail_user_created from quota-storage.c? If yes, could it be that it is never called in my case? Desperately trying to have the program break there, without success... Could I try to break somewhere earlier in the call chain? TIA, Axel From tss at iki.fi Thu Aug 1 19:05:27 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 1 Aug 2013 19:05:27 +0300 Subject: [Dovecot] 2.2.4 - Some questions about and needing help with quota-status In-Reply-To: References: <99EDABF1-7E72-4044-B6B9-58E936248C14@swing.be> <2CFCCEC9-3CBD-4A3C-8256-620FED5B957D@swing.be> Message-ID: On 1.8.2013, at 19.02, Axel Luttgens wrote: > Le 1 ao?t 2013 ? 14:29, Timo Sirainen a ?crit : > >> And if you're still stuck with this, set a breakpoint to quota_mail_user_created and step through it to figure out why MODULE_CONTEXT_SET() isn't being called. > > Yes, still stuck. :-( > > Did you mean function quota_mail_user_created from quota-storage.c? Yes. > If yes, could it be that it is never called in my case? If not, then there's definitely some problem :) > Desperately trying to have the program break there, without success... > > Could I try to break somewhere earlier in the call chain? It should definitely stop in hook_mail_user_created, which should call quota_mail_user_created as one of the hooks. If not, the user then doesn't actually have quota plugin enabled.. From ulrich-dovecot at topfen.net Thu Aug 1 19:26:53 2013 From: ulrich-dovecot at topfen.net (Ulrich Zehl) Date: Thu, 1 Aug 2013 18:26:53 +0200 Subject: [Dovecot] [PATCH] quota-status: remove unnecessary newlines Message-ID: <20130801162653.GA19372@zwirn.topfen.net> Here's a trivial patch for quota-status.c that removes unecessary newlines present in the default overquota message. It applies to 2.2 and 2.1. Ulrich --- a/src/plugins/quota/quota-status.c 2013-08-01 14:35:35.000000000 +0200 +++ b/src/plugins/quota/quota-status.c 2013-08-01 17:58:26.000000000 +0200 @@ -107,7 +107,7 @@ /* over quota */ value = mail_user_plugin_getenv(user, "quota_status_overquota"); if (value == NULL) - value = t_strdup_printf("554 5.2.2 %s\n\n", error); + value = t_strdup_printf("554 5.2.2 %s", error); } value = t_strdup(value); /* user's pool is being freed */ mail_user_unref(&user); From ulrich-dovecot at topfen.net Thu Aug 1 19:27:24 2013 From: ulrich-dovecot at topfen.net (Ulrich Zehl) Date: Thu, 1 Aug 2013 18:27:24 +0200 Subject: [Dovecot] [PATCH] quota-status: allow different action for messages that are too large (over maximum quota) Message-ID: <20130801162724.GA23846@zwirn.topfen.net> This proposed patch to quota-status allows the administrator to return different actions for messages that (a) cannot currently fit in the quota (because there's not enough free space) and (b) are over the maximum quota limit (and could not even be delivered if the mailbox was empty). Configuration works like this: plugin { quota_status_overquota = DEFER_IF_PERMIT 4.2.2 Mailbox full quota_status_toolarge = REJECT 5.2.3 Message length exceeds administrative limit } The patch is backwards compatible: If quota_status_toolarge is not set, quota_status_overquota is returned. No changes are necessary in setups where the new feature is not desired. The reason I developed this patch is: In my environment, I have mostly POP3 mailboxes, where condition (a) changes frequently (usually after each login), but condition (b) will almost never change (users do not get additional mailbox space often). Thus, I'd like to avoid bouncing mails that could be delivered half an hour later. This patch works for 2.2 and 2.1. (This assumes you have already applied the trivial patch I sent earlier; otherwise patch(1) will report some fuzz.) What do you think of this? Ulrich --- a/src/plugins/quota/quota-status.c 2013-08-01 18:05:24.000000000 +0200 +++ b/src/plugins/quota/quota-status.c 2013-08-01 18:03:30.000000000 +0200 @@ -46,13 +46,12 @@ } static int -quota_check(struct mail_user *user, uoff_t mail_size, const char **error_r) +quota_check(struct mail_user *user, uoff_t mail_size, const char **error_r, bool *too_large) { struct quota_user *quser = QUOTA_USER_CONTEXT(user); struct mail_namespace *ns; struct mailbox *box; struct quota_transaction_context *ctx; - bool too_large; int ret; if (quser == NULL) { @@ -64,7 +63,7 @@ box = mailbox_alloc(ns->list, "INBOX", 0); ctx = quota_transaction_begin(box); - ret = quota_test_alloc(ctx, I_MAX(1, mail_size), &too_large); + ret = quota_test_alloc(ctx, I_MAX(1, mail_size), too_large); quota_transaction_rollback(&ctx); mailbox_free(&box); @@ -82,6 +81,7 @@ struct mail_storage_service_user *service_user; struct mail_user *user; const char *value = NULL, *error; + bool too_large; int ret; if (client->recipient == NULL) { @@ -98,14 +98,21 @@ if (ret == 0) { value = nouser_reply; } else if (ret > 0) { - if ((ret = quota_check(user, client->size, &error)) > 0) { + if ((ret = quota_check(user, client->size, &error, &too_large)) > 0) { /* under quota */ value = mail_user_plugin_getenv(user, "quota_status_success"); if (value == NULL) value = "OK"; } else if (ret == 0) { - /* over quota */ - value = mail_user_plugin_getenv(user, "quota_status_overquota"); + if (too_large == TRUE) { + /* even over maximum quota */ + value = mail_user_plugin_getenv(user, "quota_status_toolarge"); + if (value == NULL) /* backwards compatibility */ + value = mail_user_plugin_getenv(user, "quota_status_overquota"); + } else { + /* over quota */ + value = mail_user_plugin_getenv(user, "quota_status_overquota"); + } if (value == NULL) value = t_strdup_printf("554 5.2.2 %s", error); } From e-frog at gmx.de Thu Aug 1 20:10:05 2013 From: e-frog at gmx.de (e-frog) Date: Thu, 01 Aug 2013 19:10:05 +0200 Subject: [Dovecot] Dovecot v2.2.4 (ebbe00999da8) doveadm crash In-Reply-To: <1ABFC54B-F077-4E8F-B320-EB88AD1D3CE9@iki.fi> References: <51E57DDD.6090200@gmx.de> <76E43277-6B6B-46E6-A7FC-36F5193D03E2@iki.fi> <51F7ACC7.8050500@gmx.de> <1ABFC54B-F077-4E8F-B320-EB88AD1D3CE9@iki.fi> Message-ID: <51FA966D.8080302@gmx.de> On 01.08.2013 13:20, wrote Timo Sirainen: > On 30.7.2013, at 15.08, e-frog wrote: > >>> Fixed the crash: http://hg.dovecot.org/dovecot-2.2/rev/0cab916b28c6 >> >> Thanks, with this change I get an error message instead of the crash: >> doveadm(test1 at local.lan): Fatal: seteuid(0) failed: Operation not permitted > > Try once more with latest hg. Should be at least a different error now? > Hmm, now it's crashing again: doveadm mailbox status -A -t unseen 'virtual/unread' test1 at local.lan unseen=1 Segmentation fault Please note that it seems to work for the first user but crashes for the second. Core was generated by `doveadm mailbox status -A -t unseen virtual/unread'. Program terminated with signal 11, Segmentation fault. #0 i_stream_next_line (stream=0x0) at istream.c:382 382 istream.c: No such file or directory. (gdb) bt full #0 i_stream_next_line (stream=0x0) at istream.c:382 _stream = pos = #1 0xb752c711 in auth_master_user_list_next (ctx=0xb7edabc8) at auth-master.c:694 line = #2 0xb761aaeb in mail_storage_service_all_next (ctx=0xb7edfb98, username_r=username_r at entry=0xbf852880) at mail-storage-service.c:1294 __FUNCTION__ = "mail_storage_service_all_next" #3 0xb7736d46 in doveadm_mail_cmd_get_next_user (ctx=0xb7ed9468, username_r=0xbf852880) at doveadm-mail.c:416 No locals. #4 0xb7737e95 in doveadm_mail_all_users (wildcard_user=0x0, argv=0xb7ed51e4, ctx=0xb7ed9468) at doveadm-mail.c:368 ret = input = {module = 0x0, service = 0xb77758f3 "doveadm", username = 0xb7eda890 "test1 at local.lan", session_id = 0x0, local_ip = {family = 0, u = {ip6 = {__in6_u = {__u6_addr8 = '\000' , __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, remote_ip = {family = 0, u = {ip6 = {__in6_u = { __u6_addr8 = '\000' , __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, ip4 = { s_addr = 0}}}, local_port = 0, remote_port = 0, userdb_fields = 0x0, flags_override_add = (unknown: 0), flags_override_remove = (unknown: 0), no_userdb_lookup = 0} user_idx = 0 user = 0xb7eda890 "test1 at local.lan" error = 0x10
#5 doveadm_mail_cmd (argv=0xb7ed51e4, argc=-1209183772, cmd=0xbf8528dc) at doveadm-mail.c:523 ctx = 0xb7ed9468 getopt_args = ret = c = wildcard_user = 0x0 error = #6 doveadm_mail_try_run (cmd_name=cmd_name at entry=0xb7ed51f8 "mailbox", argc=5, argc at entry=6, argv=argv at entry=0xb7ed51d4) at doveadm-mail.c:608 cmd = 0xbf8528dc #7 0xb7736903 in main (argc=6, argv=0xb7ed51d4) at doveadm.c:398 cmd_name = 0xb7ed51f8 "mailbox" i = quick_init = false c = From pvsuja at gmail.com Fri Aug 2 06:41:17 2013 From: pvsuja at gmail.com (pvsuja) Date: Thu, 1 Aug 2013 20:41:17 -0700 (PDT) Subject: [Dovecot] Wrong remote IP (rip) in mail.log using IMAP login In-Reply-To: <4DA80FFA.2060005@gmail.com> References: <4DA8086B.10206@tylmann.ch> <4DA80FFA.2060005@gmail.com> Message-ID: <1375414877471-43548.post@n4.nabble.com> Hi, I am also facing the same problem. When dovecot is accessed through a web mail, the rip is logged as 127.0.0.1 (localhost). /Aug 1 16:28:04 mailspace dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=/ So I am also unable to configure fail2ban with dovecot. Is there a way we can log the actual remote IP ? Thanks and regards, Suja -- View this message in context: http://dovecot.2317879.n4.nabble.com/Wrong-remote-IP-rip-in-mail-log-using-IMAP-login-tp35176p43548.html Sent from the Dovecot mailing list archive at Nabble.com. From professa at dementianati.com Fri Aug 2 07:01:07 2013 From: professa at dementianati.com (Professa Dementia) Date: Thu, 01 Aug 2013 21:01:07 -0700 Subject: [Dovecot] Wrong remote IP (rip) in mail.log using IMAP login In-Reply-To: <1375414877471-43548.post@n4.nabble.com> References: <4DA8086B.10206@tylmann.ch> <4DA80FFA.2060005@gmail.com> <1375414877471-43548.post@n4.nabble.com> Message-ID: <51FB2F03.3050707@dementianati.com> On 8/1/2013 8:41 PM, pvsuja wrote: > > Hi, > > I am also facing the same problem. When dovecot is accessed through a web > mail, the rip is logged as 127.0.0.1 (localhost). > > /Aug 1 16:28:04 mailspace dovecot: imap-login: Aborted login (auth failed, > 1 attempts in 2 secs): user=, method=PLAIN, rip=127.0.0.1, > lip=127.0.0.1, TLS, session=/ > > So I am also unable to configure fail2ban with dovecot. > Is there a way we can log the actual remote IP ? Dovecot has no way of determining the remote IP when a proxy is the system making the connection, which is what is happening. Your webmail is the proxy in this case. Have fail2ban scan your web server logs, not the mail logs. Dem From felixrubiodalmau at gmail.com Fri Aug 2 08:43:01 2013 From: felixrubiodalmau at gmail.com (Felix Rubio Dalmau) Date: Thu, 01 Aug 2013 22:43:01 -0700 (PDT) Subject: [Dovecot] dovecot Digest, Vol 124, Issue 4 In-Reply-To: References: Message-ID: <2402388.oQIDo0nD0O@jarvis> Hello Axel, but then I don't get it: I thought that "uid" and "gid" in the user_query where used to access the local FS, whereas the "unix_listener auth-userdb" are used to indicate under which owner/group must be auth-userdb run... although maybe I'm wrong :-S :-) What I'm looking forward to is to eliminate the need for returning these two fixed items, as long as all the virtual_users will be using the same uid and gid. Does anybody know how can I do it?? Regards, and thank you! Felix > Date: Thu, 1 Aug 2013 17:50:33 +0200 > From: Axel Luttgens > To: Dovecot Mailing List > Subject: Re: [Dovecot] misconception in uid and gid > Message-ID: <89AC3212-EFE6-41E5-A22D-97DC8E771218 at swing.be> > Content-Type: text/plain; charset=iso-8859-1 > > Le 1 ao?t 2013 ? 15:43, Felix Rubio Dalmau a ?crit : > > > [...] > > > > Nevertheless, if I remove the segments "'vmail' AS uid, 'vmail' AS gid" and modify the file conf.d/10-mail.conf to show > > > > mail_uid = vmail > > mail_gid = vmail > > > > I get this error: > > > > dovecot: auth: Error: userdb(): client doesn't have lookup permissions for this user: userdb reply doesn't contain uid (change userdb socket permissions) > > > > Does anybody know what is wrong in my set-up? > > Hello Felix, > > Yes and no... > This still remains a bit unclear to me, but you could try something like this: > > service auth { > > unix_listener auth-userdb { > > # default: user = $default_internal_user > group = vmail # default: group = > mode = 0660 # default: mode = 0666 > } > } > > The code has some provisions to avoid the auth-userdb to be too widely open, in spite of that default mode 0666. Changing that mode short-circuits those provisions, and the above is the most secure setting I could think of in the case of a single uid/gid setup. > > HTH, > Axel From pvsuja at gmail.com Fri Aug 2 08:40:33 2013 From: pvsuja at gmail.com (pvsuja) Date: Thu, 1 Aug 2013 22:40:33 -0700 (PDT) Subject: [Dovecot] Wrong remote IP (rip) in mail.log using IMAP login In-Reply-To: <51FB2F03.3050707@dementianati.com> References: <4DA8086B.10206@tylmann.ch> <4DA80FFA.2060005@gmail.com> <1375414877471-43548.post@n4.nabble.com> <51FB2F03.3050707@dementianati.com> Message-ID: <1375422033876-43550.post@n4.nabble.com> Hi, Thanks for the response. I got it working with web mail logs. Thanks again. -- View this message in context: http://dovecot.2317879.n4.nabble.com/Wrong-remote-IP-rip-in-mail-log-using-IMAP-login-tp35176p43550.html Sent from the Dovecot mailing list archive at Nabble.com. From skdovecot at smail.inf.fh-brs.de Fri Aug 2 09:55:33 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 2 Aug 2013 08:55:33 +0200 (CEST) Subject: [Dovecot] misconception in uid and gid In-Reply-To: <1835876.F3jSxvAigA@jarvis> References: <1835876.F3jSxvAigA@jarvis> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 1 Aug 2013, Felix Rubio Dalmau wrote: > I'm using a SQL database to store the usernames and passwords of my users. However, I have found that I must explicitly return the uid and gid with every query, even though all virtual users use the same uid and gid. The query, that works, is: > > user_query = SELECT mail, 'vmail' AS uid, 'vmail' AS gid, home, CONCAT('*:storage=', quota_MB*1024) AS quota_rule \ > FROM virtual_users AS V LEFT JOIN virtual_domains AS D ON V.domain_id=D.id WHERE V.user='%n' AND D.name='%d' > > Nevertheless, if I remove the segments "'vmail' AS uid, 'vmail' AS gid" and modify the file conf.d/10-mail.conf to show > > mail_uid = vmail > mail_gid = vmail > > I get this error: > > dovecot: auth: Error: userdb(): client doesn't have lookup permissions for this user: userdb reply doesn't contain uid (change userdb socket permissions) > > Does anybody know what is wrong in my set-up? Did you posted your setup (aka configuration, dovecot -n) somewhere to look at? You seem to use an elder Dovecot, because newer versions use a more descriptive error message, see: http://www.dovecot.org/list/dovecot/2012-November/069651.html Because, first you need to know which socket makes the problem, then you can see, if changing the owner helps. This error has nothing to do with Unix permission per se, but you can disable Dovecot's access checks when you chmod a+x that particular socket. IMHO, the check itself tests if the querying Unix uid is either the owner or group member of the socket or owner of the retrieved record. In a single uid-system this check has no meaning - on a dedicated mail system at least. Because the global mail_uid has no meaning in the auth code (as this is no "default" value), you are left with: a) return uid with the query _and_ have all users use the same uid,or b) disable the Dovecot check by changing the socket's Unix permission to something different that 0666, e.g. set x-Unix-permission,or c) change the owner of the socket to vmail (then root cannot access the entries, if necessary),or d) put all Unix users, that access the socket, into one group and have the socket owned by that group. This is the code ./src/auth/auth-master-connection.c: st contains the data of the socket, cred the data of the accessing user, when conn->userdb_restricted_uid is set, later in the code the entries owner uid must match that number. /*!!! at this point variant b) would apply */ /* figure out what permissions we want to give to this client */ if ((st->st_mode & 0777) != 0666) { /* permissions were already restricted by the socket permissions. also +x bit indicates that we shouldn't do any permission checks. */ return 0; } [snip] /*!!! at this point variants c) and d) would apply */ if (cred.uid == st->st_uid || cred.gid == st->st_gid) { /* full permissions */ return 0; } else { /* restrict permissions: return only lookups whose returned uid matches the peer's uid */ conn->userdb_restricted_uid = cred.uid; return 0; } - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUftX5l3r2wJMiz2NAQLPBgf+M8jdWIjLttu+dl/aIKAmuAGnt8qreBa1 dxfeinqNdzd14ZaJUnF+hjSUeyVdydeuRwhMXXtPoAFdT+S4Uf5AG4yAT6iMqZPX nalaTMxCCymUuEBxX3K8LvD6iT5cmAdFP0ejTivSiDuOw2i76t0qsfyIi+2e26jd i46jvEmQxYu6WMtZrUnmjb+5d46BPNL/8hWjNo7yT4sqdMI+GEZO5Osfv+VsqUNd zoQPDrcoDT+CtMqi4pdEFJbR5QTNppu56Gs0ibNMhSO3NvHleKAy2+jtmx5FyLjk uvnxjsh9wjGi24UiAXD1knJqiZqrx5J3FTZMDdPQejHmSjGsYPdPCw== =RHpW -----END PGP SIGNATURE----- From AxelLuttgens at swing.be Fri Aug 2 10:11:18 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Fri, 2 Aug 2013 09:11:18 +0200 Subject: [Dovecot] dovecot Digest, Vol 124, Issue 4 In-Reply-To: <2402388.oQIDo0nD0O@jarvis> References: <2402388.oQIDo0nD0O@jarvis> Message-ID: Le 2 ao?t 2013 ? 07:43, Felix Rubio Dalmau a ?crit : > Hello Axel, > > but then I don't get it: I thought that "uid" and "gid" in the user_query where used to access the local FS, whereas the "unix_listener auth-userdb" are used to indicate under which owner/group must be auth-userdb run... although maybe I'm wrong :-S :-) A service process may indeed be told to run as a given user/group; that service may listen to sockets whose reachability may be configured too, with similar keywords; for service someservice { user = ... group = ... unix_listener somepath { user = ... group = ... mode = ... } } In the case of auth, one has by default for the service and its auth-userdb socket: service auth { user = dovecot group = wheel unix_listener auth-userdb { user = dovecot group = wheel mode = O666 } } Taken literally, those defaults mean that everyone may, without restrictions, read from and write to auth-userdb, and thus "speak" with service auth for userdb matters. This is indeed potentially needed, but would be too permissive without some cautions enforced by auth, hence the kind of errors you are facing: auth: Error: userdb(): client doesn't have lookup permissions for this user: userdb reply doesn't contain uid (change userdb socket permissions) > What I'm looking forward to is to eliminate the need for returning these two fixed items, as long as all the virtual_users will be using the same uid and gid. Since your mail users are all running as vmail/vmail, I suggested to override the defaults for the auth-userdb socket: service auth { unix_listener auth-userdb { group = vmail mode = O660 } } Having a non-default mode for the socket tells auth not to perform its usual checks; it's then up to the admin to devise some sufficiently secure setup. HTH, Axel From felixrubiodalmau at gmail.com Fri Aug 2 10:32:12 2013 From: felixrubiodalmau at gmail.com (Felix Rubio Dalmau) Date: Fri, 02 Aug 2013 09:32:12 +0200 Subject: [Dovecot] misconception in uid and gid In-Reply-To: References: <1835876.F3jSxvAigA@jarvis> Message-ID: <152827415.Wjm0gcrSsH@jarvis> Hi everybody, I have pasted my configuration in http://snipt.org/AThd4 Then, I understand that the easiest to do is to change the permissions of the socket but... which socket?? Additionally, userdb-auth is showing permissions srw-rw-rw- Regards! Felix On Friday 02 August 2013 08:55:33 you wrote: > On Thu, 1 Aug 2013, Felix Rubio Dalmau wrote: > > > I'm using a SQL database to store the usernames and passwords of my users. However, I have found that I must explicitly return the uid and gid with every query, even though all virtual users use the same uid and gid. The query, that works, is: > > > > user_query = SELECT mail, 'vmail' AS uid, 'vmail' AS gid, home, CONCAT('*:storage=', quota_MB*1024) AS quota_rule \ > > FROM virtual_users AS V LEFT JOIN virtual_domains AS D ON V.domain_id=D.id WHERE V.user='%n' AND D.name='%d' > > > > Nevertheless, if I remove the segments "'vmail' AS uid, 'vmail' AS gid" and modify the file conf.d/10-mail.conf to show > > > > mail_uid = vmail > > mail_gid = vmail > > > > I get this error: > > > > dovecot: auth: Error: userdb(): client doesn't have lookup permissions for this user: userdb reply doesn't contain uid (change userdb socket permissions) > > > > Does anybody know what is wrong in my set-up? > > Did you posted your setup (aka configuration, dovecot -n) somewhere to > look at? > > You seem to use an elder Dovecot, because newer versions use a more > descriptive error message, see: > http://www.dovecot.org/list/dovecot/2012-November/069651.html > > Because, first you need to know which socket makes the problem, then you > can see, if changing the owner helps. This error has nothing to do with > Unix permission per se, but you can disable Dovecot's access checks when > you chmod a+x that particular socket. > > IMHO, the check itself tests if the querying Unix uid is either the owner > or group member of the socket or owner of the retrieved record. In a > single uid-system this check has no meaning - on a dedicated mail system > at least. Because the global mail_uid has no meaning in the auth code (as > this is no "default" value), you are left with: > > a) return uid with the query _and_ have all users use the same uid,or > b) disable the Dovecot check by changing the socket's Unix permission to > something different that 0666, e.g. set x-Unix-permission,or > c) change the owner of the socket to vmail (then root cannot access the > entries, if necessary),or > d) put all Unix users, that access the socket, into one group and have the > socket owned by that group. > > This is the code ./src/auth/auth-master-connection.c: > > st contains the data of the socket, cred the data of the accessing user, > when conn->userdb_restricted_uid is set, later in the code the entries > owner uid must match that number. > > > /*!!! at this point variant b) would apply */ > /* figure out what permissions we want to give to this client */ > if ((st->st_mode & 0777) != 0666) { > /* permissions were already restricted by the socket > permissions. also +x bit indicates that we shouldn't do > any permission checks. */ > return 0; > } > > [snip] > > /*!!! at this point variants c) and d) would apply */ > if (cred.uid == st->st_uid || cred.gid == st->st_gid) { > /* full permissions */ > return 0; > } else { > /* restrict permissions: return only lookups whose > returned > uid matches the peer's uid */ > conn->userdb_restricted_uid = cred.uid; > return 0; > } > > > -- > Steffen Kaiser > From kavish.karkera at yahoo.com Fri Aug 2 10:34:00 2013 From: kavish.karkera at yahoo.com (Kavish Karkera) Date: Fri, 2 Aug 2013 15:34:00 +0800 (SGT) Subject: [Dovecot] Maildir Synchronization warnings Message-ID: <1375428840.90646.YahooMailNeo@web193505.mail.sg3.yahoo.com> Hi, We are repeatedly getting these below warnings for some of our users, al though we have no complaints from them yet, ?we need to know why these warning occurs. So it would be help full if some one explain these warning msg in detail. ----------------------------------------------------------------------------------------------------------------------------------------------------- Aug? 2 12:52:55 blade8 dovecot: imap(kavish.karkera at example.com): Warning: Maildir: Scanning /mail/v3store/example.com/kavish.karkera at example.com/Maildir/cur took 94 seconds (23191 readdir()s, 0 rename()s to cur/, why=0x1) Aug? 2 12:52:55 blade8 dovecot: imap(kavish.karkera at example.com): Warning: Maildir /mail/v3store/example.com/kavish.karkera at example.com/Maildir: Synchronization took 94 seconds (0 new msgs, 0 flag change attempts, 0 expunge attempts) Aug? 2 12:53:54 blade6 dovecot: imap(kavish.karkera at example.com): Warning: Maildir: Scanning /mail/v3store/example.com/kavish.karkera at example.com/Maildir/cur took 154 seconds (43129 readdir()s, 0 rename()s to cur/, why=0x1) Aug? 2 12:53:54 blade6 dovecot: imap(kavish.karkera at example.com): Warning: Maildir: Scanning /mail/v3store/example.com/kavish.karkera at example.com/Maildir/cur took 162 seconds (43129 readdir()s, 0 rename()s to cur/, why=0xc) Aug? 2 12:53:54 blade6 dovecot: imap(kavish.karkera at example.com): Warning: Maildir /mail/v3store/example.com/kavish.karkera at example.com/Maildir: Synchronization took 162 seconds (0 new msgs, 0 flag change attempts, 0 expunge attempts) Aug? 2 12:53:54 blade6 dovecot: imap(kavish.karkera at example.com): Warning: Locking transaction log file /indexes//mail/v3store/example.com/kavish.karkera at example.com/.INBOX/dovecot.index.log took 50 seconds ----------------------------------------------------------------------------------------------------------------------------------------------------- Thanks In advance, Regards, Kavish Karkera From felixrubiodalmau at gmail.com Fri Aug 2 10:47:54 2013 From: felixrubiodalmau at gmail.com (Felix Rubio Dalmau) Date: Fri, 02 Aug 2013 09:47:54 +0200 Subject: [Dovecot] misconception in uid and gid In-Reply-To: References: <1835876.F3jSxvAigA@jarvis> Message-ID: <1466782.8SiPTLLFm2@jarvis> Axel, Steffen :-) Thank you very much, by following your advice I have gotten to work dovecot :-). I finally took Axel's approach, because looked more simple to me. Thanks! Regards! Felix From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 11:07:11 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 09:07:11 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox Message-ID: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> Dovecot :? 2.0.19 (see config at http://pastebin.com/raw.php?i=KMaQ9Ccc) Postfix :? 2.9.6 (see config at http://pastebin.com/raw.php?i=EEeevHfk) I'm trying to get Dovecot and Postfix working on Ubuntu 12.04LTS but am not having much luck. The problem is that although mail gets delivered to the correct place, however pointing a MUA of any description at Dovecot just yields a purportedly empty inbox ! I will first demonstrate correct delivery of mail, then I will show MUA - domain names changed to protect the innocent ! (1) Mail Delivery Aug? 2 08:57:17 ukc-vm02-mx01 postfix/smtpd[2640]: connect from unknown[192.168.199.198] Aug? 2 08:57:39 ukc-vm02-mx01 postfix/smtpd[2640]: 76AB04470E: client=unknown[192.168.199.198] Aug? 2 08:57:47 ukc-vm02-mx01 postfix/cleanup[2644]: 76AB04470E: message-id=<> Aug? 2 08:57:47 ukc-vm02-mx01 postfix/qmgr[2093]: 76AB04470E: from=, size=208, nrcpt=1 (queue active) Aug? 2 08:57:47 ukc-vm02-mx01 dovecot: lmtp(2192): Debug: none: root=, index=, control=, inbox=, alt= Aug? 2 08:57:47 ukc-vm02-mx01 dovecot: lmtp(2192): Connect from local Aug? 2 08:57:47 ukc-vm02-mx01 dovecot: lmtp(2192): Debug: auth input: test at ops.example.com uid=1001 gid=1001 home=/srv/mail/ops.example.com/test/./ Aug? 2 08:57:47 ukc-vm02-mx01 dovecot: lmtp(2192, test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/ops.example.com/test Aug? 2 08:57:47 ukc-vm02-mx01 dovecot: lmtp(2192, test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test, index=, control=, inbox=/srv/mail/ops.example.com/test, alt= Aug? 2 08:57:47 ukc-vm02-mx01 dovecot: lmtp(2192, test at ops.example.com): ZH9VM3tm+1GQCAAAwf4bjw: msgid=unspecified: saved mail to INBOX Aug? 2 08:57:47 ukc-vm02-mx01 postfix/lmtp[2645]: 76AB04470E: to=, relay=ukc-vm02-mx01.ops.example.com[private/dovecot-lmtp], delay=24, delays=24/0.01/0/0.09, dsn=2.0.0, status=sent (250 2.0.0 ZH9VM3tm+1GQCAAAwf4bjw Saved) Aug? 2 08:57:47 ukc-vm02-mx01 dovecot: lmtp(2192): Disconnect from local: Client quit (in reset) Aug? 2 08:57:47 ukc-vm02-mx01 postfix/qmgr[2093]: 76AB04470E: removed Aug? 2 08:57:48 ukc-vm02-mx01 postfix/smtpd[2640]: disconnect from unknown[192.168.199.198] The mail is correctly saved in the right place?.. # cat /srv/mail/ops.ops.example.com/test/new/1375430267.M868397P2192.ukc-vm02-mx01\,S\=477\,W\=486 Return-Path: Delivered-To: Received: from ukc-vm02-mx01.ops.ops.example.com ??????? by ukc-vm02-mx01.ops.ops.example.com (Dovecot) with LMTP id ZH9VM3tm+1GQCAAAwf4bjw ??????? for ; Fri, 02 Aug 2013 08:57:47 +0100 Received: from x (unknown [192.168.199.198]) ??????? by ukc-vm02-mx01.ops.ops.example.com (Postfix) with ESMTP id 76AB04470E ??????? for ; Fri,? 2 Aug 2013 08:57:24 +0100 (BST) Subject: test (2) MUA * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. a1 LOGIN test at ops.example.com test a1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in a2 EXAMINE INBOX * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS ()] Read-only mailbox. * 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 1375424854] UIDs valid * OK [UIDNEXT 1] Predicted next UID * OK [HIGHESTMODSEQ 1] Highest a2 OK [READ-ONLY] Select completed. a3 LOGOUT * BYE Logging out a3 OK Logout completed. closed From stan at hardwarefreak.com Fri Aug 2 11:21:42 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 02 Aug 2013 03:21:42 -0500 Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> Message-ID: <51FB6C16.2010205@hardwarefreak.com> On 8/2/2013 3:07 AM, Nigel Smith wrote: > Dovecot : 2.0.19 (see config at http://pastebin.com/raw.php?i=KMaQ9Ccc) > Postfix : 2.9.6 (see config at http://pastebin.com/raw.php?i=EEeevHfk) > > I'm trying to get Dovecot and Postfix working on Ubuntu 12.04LTS but am not having much luck. > > The problem is that although mail gets delivered to the correct place, however pointing a MUA of any description at Dovecot just yields a purportedly empty inbox ! Probably a namespace issue. The imap daemon is telling you there's not new mail. So wherever it's looking it sees no mail. So either it's looking in the wrong place, and the configuration isn't correct. Error logs will inform you about the latter, 'dovecot -n' about the former. Show dovecot client connection and error logging, and dovecot -n. -- Stan > I will first demonstrate correct delivery of mail, then I will show MUA - domain names changed to protect the innocent ! > > (1) Mail Delivery > > Aug 2 08:57:17 ukc-vm02-mx01 postfix/smtpd[2640]: connect from unknown[192.168.199.198] > Aug 2 08:57:39 ukc-vm02-mx01 postfix/smtpd[2640]: 76AB04470E: client=unknown[192.168.199.198] > Aug 2 08:57:47 ukc-vm02-mx01 postfix/cleanup[2644]: 76AB04470E: message-id=<> > Aug 2 08:57:47 ukc-vm02-mx01 postfix/qmgr[2093]: 76AB04470E: from=, size=208, nrcpt=1 (queue active) > Aug 2 08:57:47 ukc-vm02-mx01 dovecot: lmtp(2192): Debug: none: root=, index=, control=, inbox=, alt= > Aug 2 08:57:47 ukc-vm02-mx01 dovecot: lmtp(2192): Connect from local > Aug 2 08:57:47 ukc-vm02-mx01 dovecot: lmtp(2192): Debug: auth input: test at ops.example.com uid=1001 gid=1001 home=/srv/mail/ops.example.com/test/./ > Aug 2 08:57:47 ukc-vm02-mx01 dovecot: lmtp(2192, test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/ops.example.com/test > Aug 2 08:57:47 ukc-vm02-mx01 dovecot: lmtp(2192, test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test, index=, control=, inbox=/srv/mail/ops.example.com/test, alt= > Aug 2 08:57:47 ukc-vm02-mx01 dovecot: lmtp(2192, test at ops.example.com): ZH9VM3tm+1GQCAAAwf4bjw: msgid=unspecified: saved mail to INBOX > Aug 2 08:57:47 ukc-vm02-mx01 postfix/lmtp[2645]: 76AB04470E: to=, relay=ukc-vm02-mx01.ops.example.com[private/dovecot-lmtp], delay=24, delays=24/0.01/0/0.09, dsn=2.0.0, status=sent (250 2.0.0 ZH9VM3tm+1GQCAAAwf4bjw Saved) > Aug 2 08:57:47 ukc-vm02-mx01 dovecot: lmtp(2192): Disconnect from local: Client quit (in reset) > Aug 2 08:57:47 ukc-vm02-mx01 postfix/qmgr[2093]: 76AB04470E: removed > Aug 2 08:57:48 ukc-vm02-mx01 postfix/smtpd[2640]: disconnect from unknown[192.168.199.198] > > The mail is correctly saved in the right place?.. > > # cat /srv/mail/ops.ops.example.com/test/new/1375430267.M868397P2192.ukc-vm02-mx01\,S\=477\,W\=486 > Return-Path: > Delivered-To: > Received: from ukc-vm02-mx01.ops.ops.example.com > by ukc-vm02-mx01.ops.ops.example.com (Dovecot) with LMTP id ZH9VM3tm+1GQCAAAwf4bjw > for ; Fri, 02 Aug 2013 08:57:47 +0100 > Received: from x (unknown [192.168.199.198]) > by ukc-vm02-mx01.ops.ops.example.com (Postfix) with ESMTP id 76AB04470E > for ; Fri, 2 Aug 2013 08:57:24 +0100 (BST) > Subject: test > > > (2) MUA > > > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. > a1 LOGIN test at ops.example.com test > a1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in > a2 EXAMINE INBOX > * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) > * OK [PERMANENTFLAGS ()] Read-only mailbox. > * 0 EXISTS > * 0 RECENT > * OK [UIDVALIDITY 1375424854] UIDs valid > * OK [UIDNEXT 1] Predicted next UID > * OK [HIGHESTMODSEQ 1] Highest > a2 OK [READ-ONLY] Select completed. > a3 LOGOUT > * BYE Logging out > a3 OK Logout completed. > closed > From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 11:25:10 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 09:25:10 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <51FB6C16.2010205@hardwarefreak.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> Message-ID: <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> >Probably a namespace issue.? The imap daemon is telling you there's not >new mail.? So wherever it's looking it sees no mail.? So either it's >looking in the wrong place, and the configuration isn't correct.? Error >logs will inform you about the latter, 'dovecot -n' about the former. >Show dovecot client connection and error logging, and dovecot -n. Hi Stan, Unfortunatley not. As demonstrated in my initial post, I can do : #cat /srv/mail/ops.example.com/test/new/1375430267.M868397P2192.ukc-vm02-mx01\,S\=477\,W\=486 And the debug shows the MUA looking in the same place? (forgot to include the Dovecot MUA debug earlier) : Aug? 2 09:01:09 ukc-vm02-mx01 postfix/anvil[2642]: statistics: max connection rate 1/60s for (smtp:192.168.198.199) at Aug? 2 08:57:17 Aug? 2 09:01:09 ukc-vm02-mx01 postfix/anvil[2642]: statistics: max connection count 1 for (smtp:192.168.198.199) at Aug? 2 08:57:17 Aug? 2 09:01:09 ukc-vm02-mx01 postfix/anvil[2642]: statistics: max cache size 1 at Aug? 2 08:57:17 Aug? 2 09:03:38 ukc-vm02-mx01 dovecot: imap-login: Login: user=, method=PLAIN, rip=192.168.198.199, lip=79.170.177.71, mpid=2667, TLS Aug? 2 09:03:38 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/ Aug? 2 09:03:38 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test, index=, control=, inbox=/srv/mail/ops.example.com/test, alt= Aug? 2 09:03:51 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Disconnected: Logged out bytes=26/599 From AxelLuttgens at swing.be Fri Aug 2 11:30:51 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Fri, 2 Aug 2013 10:30:51 +0200 Subject: [Dovecot] 2.2.4 - Some questions about and needing help with quota-status In-Reply-To: References: <99EDABF1-7E72-4044-B6B9-58E936248C14@swing.be> <2CFCCEC9-3CBD-4A3C-8256-620FED5B957D@swing.be> Message-ID: Le 1 ao?t 2013 ? 18:05, Timo Sirainen a ?crit : > On 1.8.2013, at 19.02, Axel Luttgens wrote: > >> [...] >> If yes, could it be that it is never called in my case? > > If not, then there's definitely some problem :) > >> [...] >> Could I try to break somewhere earlier in the call chain? > > It should definitely stop in hook_mail_user_created, which should call quota_mail_user_created as one of the hooks. If not, the user then doesn't actually have quota plugin enabled.. And I'm definitely not a gdb guru. :-( Still trying to have it provide me with some enlightening info, but if I may in the meantime paraphrase one of my initial questions on this thread: What makes doveadm-quota/lmtp and quota-status different? As a reminder: doveadm-quota and lmtp correctly understand my quota-related settings, and over-qauota users are handled as such. On the other hand, quota-status always returns "action=OK" for any existing user, whether over-quota or not. According to the logs, the userdb queries correctly return all needed quota-related info for the user; on the other hand, the dict service never gets launched. It could thus be inferred that quota-status is following a slightly different path for fetching/handling quota information. Knowing the difference could help to focus my miserable gdb investigations and/or to understand what may be at the fringe in my config. TIA, Axel From kavish.karkera at yahoo.com Fri Aug 2 11:36:56 2013 From: kavish.karkera at yahoo.com (Kavish Karkera) Date: Fri, 2 Aug 2013 16:36:56 +0800 (SGT) Subject: [Dovecot] Maildir Synchronization warnings Message-ID: <1375432616.60451.YahooMailNeo@web193504.mail.sg3.yahoo.com> Hi, We are repeatedly getting these below warnings for some of our users, al though we have no complaints from them yet, ?we need to know why these warning occurs. So it would be help full if some one explain these warning msg in detail. ----------------------------------------------------------------------------------------------------------------------------------------------------- Aug? 2 12:52:55 blade8 dovecot: imap(kavish.karkera at example.com): Warning: Maildir: Scanning /mail/v3store/example.com/kavish.karkera at example.com/Maildir/cur took 94 seconds (23191 readdir()s, 0 rename()s to cur/, why=0x1) Aug? 2 12:52:55 blade8 dovecot: imap(kavish.karkera at example.com): Warning: Maildir /mail/v3store/example.com/kavish.karkera at example.com/Maildir: Synchronization took 94 seconds (0 new msgs, 0 flag change attempts, 0 expunge attempts) Aug? 2 12:53:54 blade6 dovecot: imap(kavish.karkera at example.com): Warning: Maildir: Scanning /mail/v3store/example.com/kavish.karkera at example.com/Maildir/cur took 154 seconds (43129 readdir()s, 0 rename()s to cur/, why=0x1) Aug? 2 12:53:54 blade6 dovecot: imap(kavish.karkera at example.com): Warning: Maildir: Scanning /mail/v3store/example.com/kavish.karkera at example.com/Maildir/cur took 162 seconds (43129 readdir()s, 0 rename()s to cur/, why=0xc) Aug? 2 12:53:54 blade6 dovecot: imap(kavish.karkera at example.com): Warning: Maildir /mail/v3store/example.com/kavish.karkera at example.com/Maildir: Synchronization took 162 seconds (0 new msgs, 0 flag change attempts, 0 expunge attempts) Aug? 2 12:53:54 blade6 dovecot: imap(kavish.karkera at example.com): Warning: Locking transaction log file /indexes//mail/v3store/example.com/kavish.karkera at example.com/.INBOX/dovecot.index.log took 50 seconds ----------------------------------------------------------------------------------------------------------------------------------------------------- Thanks In advance, Regards, Kavish Karkera From AxelLuttgens at swing.be Fri Aug 2 11:56:17 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Fri, 2 Aug 2013 10:56:17 +0200 Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> Message-ID: <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> Le 2 ao?t 2013 ? 10:25, Nigel Smith a ?crit : > [...] > > As demonstrated in my initial post, I can do : > > #cat /srv/mail/ops.example.com/test/new/1375430267.M868397P2192.ukc-vm02-mx01\,S\=477\,W\=486 > > [...] Hello Nigel, Somewhat blindly, what's the output of: id its-virtmail grep 'test at ops.example.com' /etc/dovecot/users ls -al '/srv/mail/ops.ops.example.com/test/new/1375430267.M868397P2192.ukc-vm02-mx01\,S\=477\,W\=486' Axel From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 12:02:26 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 10:02:26 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> Message-ID: <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> >Somewhat blindly, what's the output of: > >??? id its-virtmail >??? grep 'test at ops.example.com' /etc/dovecot/users >??? ls -al '/srv/mail/ops.ops.example.com/test/new/1375430267.M868397P2192.ukc-vm02-mx01\,S\=477\,W\=486' > >Axel Hello Axel, # id its-virtmail uid=1001(its-virtmail) gid=1001(its-virtmail) groups=1001(its-virtmail) # grep 'test at ops.example.com' /etc/dovecot/users test at ops.example.com:{SSHA512}xxxxxxxxxxxxx:1001:1001::/srv/mail/ops.example.com/test/./:/bin/false:: # ls -al /srv/mail/ops.example.com/test/new/1375430267.M868397P2192.ukc-vm02-mx01\,S\=477\,W\=486 -rw-r--r-- 1 its-virtmail its-virtmail 477 Aug? 2 08:57 /srv/mail/ops.example.com/test/new/1375430267.M868397P2192.ukc-vm02-mx01,S=477,W=486 From stan at hardwarefreak.com Fri Aug 2 12:20:28 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 02 Aug 2013 04:20:28 -0500 Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> Message-ID: <51FB79DC.9080402@hardwarefreak.com> On 8/2/2013 3:25 AM, Nigel Smith wrote: >> Probably a namespace issue. The imap daemon is telling you there's not >> new mail. So wherever it's looking it sees no mail. So either it's >> looking in the wrong place, and the configuration isn't correct. Error >> logs will inform you about the latter, 'dovecot -n' about the former. >> Show dovecot client connection and error logging, and dovecot -n. > > Hi Stan, > > Unfortunatley not. Unfortunately you failed to provide 'dovecot -n' output which makes assisting you much more difficult. Providing this is standard operating procedure. > As demonstrated in my initial post, I can do : > > #cat /srv/mail/ops.example.com/test/new/1375430267.M868397P2192.ukc-vm02-mx01\,S\=477\,W\=486 > > And the debug shows the MUA looking in the same place (forgot to include the Dovecot MUA debug earlier) : > > Aug 2 09:01:09 ukc-vm02-mx01 postfix/anvil[2642]: statistics: max connection rate 1/60s for (smtp:192.168.198.199) at Aug 2 08:57:17 > Aug 2 09:01:09 ukc-vm02-mx01 postfix/anvil[2642]: statistics: max connection count 1 for (smtp:192.168.198.199) at Aug 2 08:57:17 > Aug 2 09:01:09 ukc-vm02-mx01 postfix/anvil[2642]: statistics: max cache size 1 at Aug 2 08:57:17 > Aug 2 09:03:38 ukc-vm02-mx01 dovecot: imap-login: Login: user=, method=PLAIN, rip=192.168.198.199, lip=79.170.177.71, mpid=2667, TLS > Aug 2 09:03:38 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/ > Aug 2 09:03:38 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test, index=, control=, inbox=/srv/mail/ops.example.com/test, alt= > Aug 2 09:03:51 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Disconnected: Logged out bytes=26/599 All of this logging isn't telling us anything. Seeing your configuration should. Given that Dovecot relies on indexes for everything it does, including listing of INBOX and mailbox contents, the fact that you're not seeing new mail is likely due to an index problem of some sort, either misconfiguration or corrupion, etc. Unfortunately all I can do is make general educated guesses about your problem because you refuse to provide your 'dovecot -n' output. -- Stan From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 12:34:41 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 10:34:41 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <51FB79DC.9080402@hardwarefreak.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB79DC.9080402@hardwarefreak.com> Message-ID: <1375436081.50075.YahooMailNeo@web28905.mail.ir2.yahoo.com> >Unfortunately you failed to provide 'dovecot -n' output which makes >assisting you much more difficult.? Providing this is standard operating >procedure. Sorry, but ....What on earth are you on about ? From the man page "?-n ? ? Dump non-default settings to stdout and exit successfully. ?The same as doveconf -n." From the ***TOP*** of my original email : Dovecot :? 2.0.19 (see config at?http://pastebin.com/raw.php?i=KMaQ9Ccc) Postfix :? 2.9.6 (see config at?http://pastebin.com/raw.php?i=EEeevHfk) The configs are right there.... for both postifx and dovecot. ? I was being courteous by posting them on pastebin instead of pasting them into an email which would become clutterd with lines of config ! From AxelLuttgens at swing.be Fri Aug 2 12:39:38 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Fri, 2 Aug 2013 11:39:38 +0200 Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> Message-ID: Le 2 ao?t 2013 ? 11:02, Nigel Smith a ?crit : > Hello Axel, > > # id its-virtmail > uid=1001(its-virtmail) gid=1001(its-virtmail) groups=1001(its-virtmail) > > # grep 'test at ops.example.com' /etc/dovecot/users > test at ops.example.com:{SSHA512}xxxxxxxxxxxxx:1001:1001::/srv/mail/ops.example.com/test/./:/bin/false:: > > # ls -al /srv/mail/ops.example.com/test/new/1375430267.M868397P2192.ukc-vm02-mx01\,S\=477\,W\=486 > -rw-r--r-- > 1 its-virtmail its-virtmail 477 Aug 2 08:57 > /srv/mail/ops.example.com/test/new/1375430267.M868397P2192.ukc-vm02-mx01,S=477,W=486 Thanks! So, it's a single uid/gid setting, and the permissions seem to be consistent. (you could probably simplify your config, but it's another matter) Looking at the home folder for test at ops.example.com: /srv/mail/ops.example.com/test/./ I'm not sure how Dovecot is supposed to interpret the ending "/./" part. On the other hand, according to your global setting: mail_location = maildir:/srv/mail/%d/%n this would translate as: maildir:/srv/mail/ops.example.com/test for user test at ops.example.com. Someone more knowledgeable than I am with maildir? Axel PS - Yes, Stan is right: always better to provide the output doveconf -n (and postconf -n), and even better in a message's body. :-) From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 12:41:53 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 10:41:53 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <51FB79DC.9080402@hardwarefreak.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB79DC.9080402@hardwarefreak.com> Message-ID: <1375436513.12038.YahooMailNeo@web28903.mail.ir2.yahoo.com> To save Stan the inconvenience of clicking on a link, I hereby copy my configs from pastbin and paste to the list, apologies for the clutter....... Happy now Stan ? ?;-) (1) Doveconf # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.5.0-37-generic x86_64 Ubuntu 12.04.2 LTS ext4 mail_chroot = /srv/mail mail_debug = yes mail_location = maildir:/srv/mail/%d/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = its-virtmail user = its-virtmail } } service lmtp { process_min_avail = 5 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } user = its-virtmail } ssl_cert = was automatically rejected:%n%r } (2) Postifx alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix home_mailbox = Maildir/ html_directory = /usr/share/doc/postfix/html inet_interfaces = all mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-mail-stack-delivery.conf -m "${EXTENSION}" mailbox_size_limit = 0 mydestination = ukc-vm02-mx01.ops.example.com, localhost.ops.example.com, , localhost myhostname = ukc-vm02-mx01.ops.example.com mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.17.18.0/24 myorigin = /etc/mailname readme_directory = /usr/share/doc/postfix recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/dovecot-auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes tls_random_source = dev:/dev/urandom virtual_alias_maps = cdb:/etc/postfix/virtual virtual_gid_maps = static:1001 virtual_mailbox_base = /srv/mail virtual_mailbox_domains = /etc/postfix/vhosts virtual_mailbox_maps = cdb:/etc/postfix/vmaps virtual_minimum_uid = 1000 virtual_transport = lmtp:unix:private/dovecot-lmtp virtual_uid_maps = static:1001 From jtam.home at gmail.com Fri Aug 2 12:43:04 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 2 Aug 2013 02:43:04 -0700 (PDT) Subject: [Dovecot] LDA vs. LMTP Message-ID: (Weird: this message digest got dumped into Google's spam folder. Maybe it didn't like the string in a later post (obfuscated here) master(dot)cf, which in the context of this mailing list is a postfix configuration file, but which Gmail interpret as a website. However, that domain is a SURBL/DBL blacklisted URI). Ben Morrow writes: > > > And when it's running as root there is always the danger > > > of privilege escalation. LDA only runs when it's needed and since it > > > uses only user rights it shoudbe more harmless. > > > > ... > > (I'm assuming LMTP stays as root, and not spawning off user > > processes to do the real work.) > > It doesn't stay as root; Dovecot's LMTP switches down to the user's uid > to perform delivery, including sieve scripts. I stand corrected. This removes the other objection that the original poster for running a peristent LMTP process. Joseph Tam From h.reindl at thelounge.net Fri Aug 2 12:44:41 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 02 Aug 2013 11:44:41 +0200 Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <1375436081.50075.YahooMailNeo@web28905.mail.ir2.yahoo.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB79DC.9080402@hardwarefreak.com> <1375436081.50075.YahooMailNeo@web28905.mail.ir2.yahoo.com> Message-ID: <51FB7F89.2000704@thelounge.net> Am 02.08.2013 11:34, schrieb Nigel Smith: >> Unfortunately you failed to provide 'dovecot -n' output which makes >> assisting you much more difficult. Providing this is standard operating >> procedure. > > Sorry, but ....What on earth are you on about ? > From the ***TOP*** of my original email : > > Dovecot : 2.0.19 (see config at http://pastebin.com/raw.php?i=KMaQ9Ccc) > Postfix : 2.9.6 (see config at http://pastebin.com/raw.php?i=EEeevHfk) > > The configs are right there.... for both postifx and dovecot. > I was being courteous by posting them on pastebin instead of pasting them into an email which would become clutterd with lines of config ! thats fine *but* on mailing-lists you should paste the output *inline* nobody likes to c&p things for quoting from whatever online services nor is it useful in context of list-archives as well as nobody right on his mind clicks on tiny-urls -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 12:44:49 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 10:44:49 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> Message-ID: <1375436689.53678.YahooMailNeo@web28905.mail.ir2.yahoo.com> >> PS - Yes, Stan is right: always better to provide the output doveconf -n (and postconf -n), and even better in a message's body. :-) As I told Stan and I'll tell you.... the configs were right there from the start for all to see ;-) From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 12:47:44 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 10:47:44 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <51FB7F89.2000704@thelounge.net> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB79DC.9080402@hardwarefreak.com> <1375436081.50075.YahooMailNeo@web28905.mail.ir2.yahoo.com> <51FB7F89.2000704@thelounge.net> Message-ID: <1375436864.69977.YahooMailNeo@web28905.mail.ir2.yahoo.com> >thats fine *but* on mailing-lists you should paste the output *inline* > >nobody likes to c&p things for quoting from whatever online >services nor is it useful in context of list-archives as well >as nobody right on his mind clicks on tiny-urls Fine, but then just ask me to post them on the list instead of making up a stupid story that I never provided them in the first place ! ? ?;-( From h.reindl at thelounge.net Fri Aug 2 12:50:34 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 02 Aug 2013 11:50:34 +0200 Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <1375436864.69977.YahooMailNeo@web28905.mail.ir2.yahoo.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB79DC.9080402@hardwarefreak.com> <1375436081.50075.YahooMailNeo@web28905.mail.ir2.yahoo.com> <51FB7F89.2000704@thelounge.net> <1375436864.69977.YahooMailNeo@web28905.mail.ir2.yahoo.com> Message-ID: <51FB80EA.6060307@thelounge.net> Am 02.08.2013 11:47, schrieb Nigel Smith: >> thats fine *but* on mailing-lists you should paste the output *inline* >> >> nobody likes to c&p things for quoting from whatever online >> services nor is it useful in context of list-archives as well >> as nobody right on his mind clicks on tiny-urls > > Fine, but then just ask me to post them on the list instead of making up a stupid story that I never provided them in the first place ! ;-( maybe people simply oversee it because for them who knows how the output looks like it is one short view on the message to find out if they are present -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 12:57:42 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 10:57:42 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <51FB80EA.6060307@thelounge.net> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB79DC.9080402@hardwarefreak.com> <1375436081.50075.YahooMailNeo@web28905.mail.ir2.yahoo.com> <51FB7F89.2000704@thelounge.net> <1375436864.69977.YahooMailNeo@web28905.mail.ir2.yahoo.com> <51FB80EA.6060307@thelounge.net> Message-ID: <1375437462.48608.YahooMailNeo@web28902.mail.ir2.yahoo.com> Reindl, Can we please get this thread back on topic now ? Thank you Nigel From AxelLuttgens at swing.be Fri Aug 2 13:02:26 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Fri, 2 Aug 2013 12:02:26 +0200 Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> Message-ID: <3BC36A0B-F440-4253-A645-6881452B2F61@swing.be> Le 2 ao?t 2013 ? 11:39, Axel Luttgens a ?crit : > [...] > > Someone more knowledgeable than I am with maildir? I wanted to add before above question that I would at least try something like this: mail_location = maildir:~/mails test at ops.example.com:{SSHA512}xxxxxxxxxxxxx:1001:1001::/srv/mail/ops.example.com/test::: Sorry, Axel From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 13:13:29 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 11:13:29 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <3BC36A0B-F440-4253-A645-6881452B2F61@swing.be> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> <3BC36A0B-F440-4253-A645-6881452B2F61@swing.be> Message-ID: <1375438409.95783.YahooMailNeo@web28901.mail.ir2.yahoo.com> > I wanted to add before above question that I would at least try something like this: >mail_location = maildir:~/mails > test at ops.example.com:{SSHA512}xxxxxxxxxxxxx:1001:1001::/srv/mail/ops.example.com/test::: I'll admit I'm a little confused Axel .... ;-) Are you just saying I should test removing the "/./" chroot from the user homedir ?? (I think I already tried this, but happy to try again if that's what you're saying) I'm not quite sure how proposed changing mail_location to ~/mails would work ? From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 13:22:30 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 11:22:30 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> Message-ID: <1375438950.69900.YahooMailNeo@web28902.mail.ir2.yahoo.com> > I'm not sure how Dovecot is supposed to interpret the ending "/./" part. Axel, Re: the above http://wiki2.dovecot.org/Chrooting "Insert "/./" inside the returned home directory, eg.: home=/home/./user to chroot into /home, or home=/home/user/./ to chroot into /home/user." From AxelLuttgens at swing.be Fri Aug 2 13:32:44 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Fri, 2 Aug 2013 12:32:44 +0200 Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <1375438409.95783.YahooMailNeo@web28901.mail.ir2.yahoo.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> <3BC36A0B-F440-4253-A645-6881452B2F61@swing.be> <1375438409.95783.YahooMailNeo@web28901.mail.ir2.yahoo.com> Message-ID: <2B2EFE3A-E8FD-4365-BAE5-0193912AAEF4@swing.be> Le 2 ao?t 2013 ? 12:13, Nigel Smith a ?crit : > > >> I wanted to add before above question that I would at least try something like this: >> mail_location = maildir:~/mails >> test at ops.example.com:{SSHA512}xxxxxxxxxxxxx:1001:1001::/srv/mail/ops.example.com/test::: > > > I'll admit I'm a little confused Axel .... ;-) Me too... > > Are you just saying I should test removing the "/./" chroot from the user homedir ? (I think I already tried this, but happy to try again if that's what you're saying) In a first time, yes, for various reasons: - I haven't checked in the code whether that /./ convention applies to non-system users - your global config valid_chroot_dirs = /srv/mail doesn't, strictly speaking, apply to directories below /srv/mail - those chrooting matters often come with their own problems: better be sure to have everything working without in a first time > I'm not quite sure how proposed changing mail_location to ~/mails would work ? Since you're already providing the home directory thru the passdb/userdb databases, lets simplify... On the other hand, having all maildir data in its own subdirectory, rather than the home directory itself, appears safer to me. Axel From kremels at kreme.com Fri Aug 2 13:38:25 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 2 Aug 2013 04:38:25 -0600 Subject: [Dovecot] ./configure dovecot Message-ID: <9C453D73-A794-4066-A561-04F07296FD82@kreme.com> When I do a ./configure in dovecot (2.2.1) I get this notice (first line): configure: WARNING: you should use --build, --host, --target Then, much later on: checking sys/ucred.h presence... yes configure: WARNING: sys/ucred.h: present but cannot be compiled configure: WARNING: sys/ucred.h: check for missing prerequisite headers? configure: WARNING: sys/ucred.h: see the Autoconf documentation configure: WARNING: sys/ucred.h: section "Present But Cannot Be Compiled" configure: WARNING: sys/ucred.h: proceeding with the compiler's result configure: WARNING: ## ---------------------------------- ## configure: WARNING: ## Report this to dovecot at dovecot.org ## configure: WARNING: ## ---------------------------------- ## checking for sys/ucred.h... no at the end I get: configure: creating ./config.status Install prefix . : /usr/local File offsets ... : 64bit I/O polling .... : kqueue I/O notifys .... : kqueue SSL ............ : yes (OpenSSL) GSSAPI ......... : no passdbs ........ : static passwd passwd-file pam checkpassword : -shadow -bsdauth -sia -ldap -sql -vpopmail userdbs ........ : static prefetch passwd passwd-file checkpassword nss : -ldap -sql -vpopmail SQL drivers .... : : -pgsql -mysql -sqlite Full text search : squat : -lucene -solr but there is no makefile created. ./configure --help just runs the configure script again, and none of --build --host or --target have any effect on the errors shown, including the first line error. So I think, ok, fine, I'll grab the latest build (2.2.4). Same result. OK, fine. Let's look at 1.2.17. Same thing, only without the cured.h warning. Still the same error on the first line after ./configure and still no make file. There's no big flashing warning anywhere that I can see that says, "Hey, dummy, this isn't going to work." config.log even ends with a "configure: exit 0" (The system already has dovecot 1.2.17 installed, but I was looking at installing $LATEST). -- May you live in interesting times From CMarcus at Media-Brokers.com Fri Aug 2 13:44:27 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 02 Aug 2013 06:44:27 -0400 Subject: [Dovecot] Maildir Synchronization warnings In-Reply-To: <1375432616.60451.YahooMailNeo@web193504.mail.sg3.yahoo.com> References: <1375432616.60451.YahooMailNeo@web193504.mail.sg3.yahoo.com> Message-ID: <51FB8D8B.70803@Media-Brokers.com> On 2013-08-02 4:36 AM, Kavish Karkera wrote: > We are repeatedly getting these below warnings for some of our users, al though we have no complaints from them yet, we need to know why these warning occurs. > > So it would be help full if some one explain these warning msg in detail. > > > Aug 2 12:52:55 blade8 dovecot: imap(kavish.karkera at example.com): Warning: Maildir: Scanning/mail/v3store/example.com/kavish.karkera at example.com/Maildir/cur took 94 seconds (23191 readdir()s, 0 rename()s to cur/, why=0x1) Please don't spam the list with multiple postings of the same question. Most people do not have crystal balls, and those that do often find them broken, so it would be helpful if you could provide at least a bare minimum of details about your setup... What version of dovecot is this? doveconf -n output? Singe server or cluster? -- Best regards, Charles From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 13:49:59 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 11:49:59 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <2B2EFE3A-E8FD-4365-BAE5-0193912AAEF4@swing.be> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> <3BC36A0B-F440-4253-A645-6881452B2F61@swing.be> <1375438409.95783.YahooMailNeo@web28901.mail.ir2.yahoo.com> <2B2EFE3A-E8FD-4365-BAE5-0193912AAEF4@swing.be> Message-ID: <1375440599.86172.YahooMailNeo@web28906.mail.ir2.yahoo.com> > Are you just saying I should test removing the "/./" chroot from the user homedir ?? (I think I already tried this, but happy to try again if that's what you're saying) > In a first time, yes, for various reasons: Per Axel's request, snippet from users..... ?1001:1001::/srv/mail/ops.example.com/test:/bin/false:: # rm -rf /srv/mail/ops.example.com/test/* Receiving mail???.. Aug ?2 11:43:14 ukc-vm02-mx01 postfix/smtpd[3947]: connect from unknown[192.168.10.43] Aug ?2 11:43:30 ukc-vm02-mx01 postfix/smtpd[3947]: 3C2C0448D4: client=unknown[192.168.10.43] Aug ?2 11:43:41 ukc-vm02-mx01 postfix/cleanup[3951]: 3C2C0448D4: message-id=<> Aug ?2 11:43:42 ukc-vm02-mx01 postfix/qmgr[2093]: 3C2C0448D4: from=, size=207, nrcpt=1 (queue active) Aug ?2 11:43:42 ukc-vm02-mx01 dovecot: lmtp(2254): Debug: none: root=, index=, control=, inbox=, alt= Aug ?2 11:43:42 ukc-vm02-mx01 dovecot: lmtp(2254): Connect from local Aug ?2 11:43:42 ukc-vm02-mx01 dovecot: lmtp(2254): Debug: auth input: test at ops.example.com uid=1001 gid=1001 home=/srv/mail/ops.example.com/test Aug ?2 11:43:42 ukc-vm02-mx01 dovecot: lmtp(2254, test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/srv/mail/ops.example.com/test Aug ?2 11:43:42 ukc-vm02-mx01 dovecot: lmtp(2254, test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test, index=, control=, inbox=/srv/mail/ops.example.com/test, alt= Aug ?2 11:43:42 ukc-vm02-mx01 dovecot: lmtp(2254, test at ops.example.com): Debug: Namespace : Using permissions from /srv/mail/ops.example.com/test: mode=0755 gid=-1 Aug ?2 11:43:42 ukc-vm02-mx01 dovecot: lmtp(2254, test at ops.example.com): KYtNAl6N+1HOCAAAwf4bjw: msgid=unspecified: saved mail to INBOX Aug ?2 11:43:42 ukc-vm02-mx01 dovecot: lmtp(2254): Disconnect from local: Client quit (in reset) Aug ?2 11:43:42 ukc-vm02-mx01 postfix/lmtp[3952]: 3C2C0448D4: to=, relay=ukc-vm02-mx01.ops.example.com[private/dovecot-lmtp], delay=18, delays=18/0/0/0.16, dsn=2.0.0, status=sent (250 2.0.0 KYtNAl6N+1HOCAAAwf4bjw Saved) Aug ?2 11:43:42 ukc-vm02-mx01 postfix/qmgr[2093]: 3C2C0448D4: removed Aug ?2 11:43:49 ukc-vm02-mx01 postfix/smtpd[3947]: disconnect from unknown[192.168.10.43] # ls -la /srv/mail/ops.example.com/test/new/ total 12 drwxr-xr-x 2 its-virtmail its-virtmail 4096 Aug ?2 11:43 . drwxr-xr-x 5 its-virtmail its-virtmail 4096 Aug ?2 11:43 .. -rw-r--r-- 1 its-virtmail its-virtmail ?476 Aug ?2 11:43 1375440222.M45272P2254.ukc-vm02-mx01,S=476,W=485 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. a1 LOGIN test at ops.example.com test a1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in a2 EXAMINE INBOX * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS ()] Read-only mailbox. * 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 1375440274] UIDs valid * OK [UIDNEXT 1] Predicted next UID * OK [HIGHESTMODSEQ 1] Highest a2 OK [READ-ONLY] Select completed. a3 LOGOUT * BYE Logging out a3 OK Logout completed. closed Checking mail??. Aug ?2 11:44:29 ukc-vm02-mx01 dovecot: imap-login: Login: user=, method=PLAIN, rip=192.168.10.43, lip=10.17.177.71, mpid=3956, TLS Aug ?2 11:44:29 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Error: chdir(/srv/mail/ops.example.com/test) failed: No such file or directory Aug ?2 11:44:29 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/ops.example.com/test Aug ?2 11:44:29 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Home dir not found: /srv/mail/ops.example.com/test Aug ?2 11:44:29 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test, index=, control=, inbox=/srv/mail/ops.example.com/test, alt= Aug ?2 11:44:29 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Namespace : /srv/mail/ops.example.com/test doesn't exist yet, using default permissions Aug ?2 11:44:29 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Namespace : Using permissions from /srv/mail/ops.example.com/test: mode=0700 gid=-1 Aug ?2 11:44:38 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Disconnected: Logged out bytes=26/599 From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 13:59:05 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 11:59:05 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <2B2EFE3A-E8FD-4365-BAE5-0193912AAEF4@swing.be> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> <3BC36A0B-F440-4253-A645-6881452B2F61@swing.be> <1375438409.95783.YahooMailNeo@web28901.mail.ir2.yahoo.com> <2B2EFE3A-E8FD-4365-BAE5-0193912AAEF4@swing.be> Message-ID: <1375441145.80023.YahooMailNeo@web28903.mail.ir2.yahoo.com> Also re-ran Axel's test with a forward slash after the username, no better.... Although unlike my original config, With Axel's new user home, ?Dovecot seems to be creating an extra directory ?/srv/mail/srv/mail/ops.example.com/test/ Messages are being delivered to the original path though?/srv/mail/ops.example.com/test/new/ Aug ?2 11:53:08 ukc-vm02-mx01 postfix/smtpd[3967]: connect from unknown[10.16.15.43] Aug ?2 11:53:26 ukc-vm02-mx01 postfix/smtpd[3967]: 13D87448D4: client=unknown[10.16.15.43] Aug ?2 11:53:31 ukc-vm02-mx01 postfix/cleanup[3971]: 13D87448D4: message-id=<> Aug ?2 11:53:31 ukc-vm02-mx01 postfix/qmgr[2093]: 13D87448D4: from=, size=207, nrcpt=1 (queue active) Aug ?2 11:53:31 ukc-vm02-mx01 dovecot: lmtp(3953): Debug: none: root=, index=, control=, inbox=, alt= Aug ?2 11:53:31 ukc-vm02-mx01 dovecot: lmtp(3953): Connect from local Aug ?2 11:53:31 ukc-vm02-mx01 dovecot: lmtp(3953): Debug: auth input: test at ops.example.com uid=1001 gid=1001 home=/srv/mail/ops.example.com/test/ Aug ?2 11:53:31 ukc-vm02-mx01 dovecot: lmtp(3953, test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/srv/mail/ops.example.com/test/ Aug ?2 11:53:31 ukc-vm02-mx01 dovecot: lmtp(3953, test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test, index=, control=, inbox=/srv/mail/ops.example.com/test, alt= Aug ?2 11:53:31 ukc-vm02-mx01 dovecot: lmtp(3953, test at ops.example.com): Debug: Namespace : Using permissions from /srv/mail/ops.example.com/test: mode=0755 gid=-1 Aug ?2 11:53:31 ukc-vm02-mx01 dovecot: lmtp(3953, test at ops.example.com): QhhaFauP+1FxDwAAwf4bjw: msgid=unspecified: saved mail to INBOX Aug ?2 11:53:31 ukc-vm02-mx01 postfix/lmtp[3972]: 13D87448D4: to=, relay=ukc-vm02-mx01.ops.example.com[private/dovecot-lmtp], delay=17, delays=17/0.01/0/0.16, dsn=2.0.0, status=sent (250 2.0.0 QhhaFauP+1FxDwAAwf4bjw Saved) Aug ?2 11:53:31 ukc-vm02-mx01 dovecot: lmtp(3953): Disconnect from local: Client quit (in reset) Aug ?2 11:53:31 ukc-vm02-mx01 postfix/qmgr[2093]: 13D87448D4: removed Aug ?2 11:54:03 ukc-vm02-mx01 dovecot: imap-login: Login: user=, method=PLAIN, rip=10.16.15.43, lip=10.17.10.71, mpid=3977, TLS Aug ?2 11:54:03 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Error: chdir(/srv/mail/ops.example.com/test/) failed: No such file or directory Aug ?2 11:54:03 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/ops.example.com/test/ Aug ?2 11:54:03 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Home dir not found: /srv/mail/ops.example.com/test/ Aug ?2 11:54:03 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test, index=, control=, inbox=/srv/mail/ops.example.com/test, alt= Aug ?2 11:54:03 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Namespace : /srv/mail/ops.example.com/test doesn't exist yet, using default permissions Aug ?2 11:54:03 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Namespace : Using permissions from /srv/mail/ops.example.com/test: mode=0700 gid=-1 Aug ?2 11:54:23 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Disconnected: Logged out bytes=43/908 From AxelLuttgens at swing.be Fri Aug 2 14:08:20 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Fri, 2 Aug 2013 13:08:20 +0200 Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <1375441145.80023.YahooMailNeo@web28903.mail.ir2.yahoo.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> <3BC36A0B-F440-4253-A645-6881452B2F61@swing.be> <1375438409.95783.YahooMailNeo@web28901.mail.ir2.yahoo.com> <2B2EFE3A-E8FD-4365-BAE5-0193912AAEF4@swing.be> <1375441145.80023.YahooMailNeo@web28903.mail.ir2.yahoo.com> Message-ID: Le 2 ao?t 2013 ? 12:59, Nigel Smith a ?crit : > Also re-ran Axel's test with a forward slash after the username, no better.... Ouch! Did I write such a thing? ;-) Anyway, could you now: - comment out all chroot-related settings in dovecot.conf - ensure you have reloaded dovecot - provide the current output of doveconf -n TIA, Axel From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 14:30:29 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 12:30:29 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> <3BC36A0B-F440-4253-A645-6881452B2F61@swing.be> <1375438409.95783.YahooMailNeo@web28901.mail.ir2.yahoo.com> <2B2EFE3A-E8FD-4365-BAE5-0193912AAEF4@swing.be> <1375441145.80023.YahooMailNeo@web28903.mail.ir2.yahoo.com> Message-ID: <1375443029.55263.YahooMailNeo@web28901.mail.ir2.yahoo.com> Looking more promising with the chroot commented out Axel (doveconf at the bottom) ..... ;-) # rm -rf /srv/mail/ops.example.com/test Aug ?2 12:25:50 ukc-vm02-mx01 postfix/smtpd[4480]: connect from unknown[17.16.10.43] Aug ?2 12:26:04 ukc-vm02-mx01 postfix/smtpd[4480]: 8E0454470E: client=unknown[17.16.10.43] Aug ?2 12:26:09 ukc-vm02-mx01 postfix/cleanup[4484]: 8E0454470E: message-id=<> Aug ?2 12:26:09 ukc-vm02-mx01 postfix/qmgr[2093]: 8E0454470E: from=, size=210, nrcpt=1 (queue active) Aug ?2 12:26:09 ukc-vm02-mx01 dovecot: lmtp(4466): Debug: none: root=, index=, control=, inbox=, alt= Aug ?2 12:26:09 ukc-vm02-mx01 dovecot: lmtp(4466): Connect from local Aug ?2 12:26:09 ukc-vm02-mx01 dovecot: lmtp(4466): Debug: auth input: test at ops.example.com uid=1001 gid=1001 home=/srv/mail/ops.example.com/test/ Aug ?2 12:26:09 ukc-vm02-mx01 dovecot: lmtp(4466, test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/ops.example.com/test/ Aug ?2 12:26:09 ukc-vm02-mx01 dovecot: lmtp(4466, test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test, index=, control=, inbox=/srv/mail/ops.example.com/test, alt= Aug ?2 12:26:09 ukc-vm02-mx01 dovecot: lmtp(4466, test at ops.example.com): Debug: Namespace : /srv/mail/ops.example.com/test doesn't exist yet, using default permissions Aug ?2 12:26:09 ukc-vm02-mx01 dovecot: lmtp(4466, test at ops.example.com): Debug: Namespace : Using permissions from /srv/mail/ops.example.com/test: mode=0700 gid=-1 Aug ?2 12:26:09 ukc-vm02-mx01 dovecot: lmtp(4466, test at ops.example.com): wD94LVGX+1FyEQAAwf4bjw: msgid=unspecified: saved mail to INBOX Aug ?2 12:26:09 ukc-vm02-mx01 postfix/lmtp[4485]: 8E0454470E: to=, relay=ukc-vm02-mx01.ops.example.com[private/dovecot-lmtp], delay=12, delays=12/0.01/0/0.16, dsn=2.0.0, status=sent (250 2.0.0 wD94LVGX+1FyEQAAwf4bjw Saved) Aug ?2 12:26:09 ukc-vm02-mx01 dovecot: lmtp(4466): Disconnect from local: Client quit (in reset) Aug ?2 12:26:09 ukc-vm02-mx01 postfix/qmgr[2093]: 8E0454470E: removed Aug ?2 12:26:15 ukc-vm02-mx01 postfix/smtpd[4480]: disconnect from unknown[17.16.10.43] * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. a1 LOGIN test at ops.example.com test a1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in a2 EXAMINE INBOX * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS ()] Read-only mailbox. * 1 EXISTS * 1 RECENT * OK [UNSEEN 1] First unseen. * OK [UIDVALIDITY 1375442769] UIDs valid * OK [UIDNEXT 2] Predicted next UID * OK [HIGHESTMODSEQ 1] Highest a2 OK [READ-ONLY] Select completed. a3 FETCH 1 BODY[] * 1 FETCH (BODY[] {488} Return-Path: Delivered-To: Received: from ukc-vm02-mx01.ops.example.com by ukc-vm02-mx01.ops.example.com (Dovecot) with LMTP id wD94LVGX+1FyEQAAwf4bjw for ; Fri, 02 Aug 2013 12:26:09 +0100 Received: from x (unknown [17.16.10.43]) by ukc-vm02-mx01.ops.example.com (Postfix) with ESMTP id 8E0454470E for ; Fri, ?2 Aug 2013 12:25:57 +0100 (BST) Subject: x s ) a3 OK Fetch completed. a4 LOGOUT * BYE Logging out a4 OK Logout completed. closed Aug ?2 12:26:34 ukc-vm02-mx01 dovecot: imap-login: Login: user=, method=PLAIN, rip=17.16.10.43, lip=10.17.10.71, mpid=4490, TLS Aug ?2 12:26:34 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/ops.example.com/test/ Aug ?2 12:26:34 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test, index=, control=, inbox=/srv/mail/ops.example.com/test, alt= Aug ?2 12:27:15 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Disconnected: Logged out bytes=44/1170 # doveconf -n ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?[20/270] # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.5.0-37-generic x86_64 Ubuntu 12.04.2 LTS ext4 mail_debug = yes mail_location = maildir:/srv/mail/%d/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeri c relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { ? args = scheme=CRYPT username_format=%u /etc/dovecot/users ? driver = passwd-file } plugin { ? sieve = ~/.dovecot.sieve ? sieve_dir = ~/sieve } protocols = imap lmtp service auth { ? unix_listener /var/spool/postfix/private/dovecot-auth { ? ? group = postfix ? ? mode = 0660 ? ? user = postfix ? } ? unix_listener auth-userdb { ? ? group = its-virtmail ? ? user = its-virtmail ? } } service lmtp { ? process_min_avail = 5 ? unix_listener /var/spool/postfix/private/dovecot-lmtp { ? ? group = postfix ? ? mode = 0600 ? ? user = postfix ? } ? user = its-virtmail } ssl_cert = was automatically rejected:%n%r } From jerry at seibercom.net Fri Aug 2 14:49:22 2013 From: jerry at seibercom.net (Jerry) Date: Fri, 2 Aug 2013 07:49:22 -0400 Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <1375436081.50075.YahooMailNeo@web28905.mail.ir2.yahoo.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB79DC.9080402@hardwarefreak.com> <1375436081.50075.YahooMailNeo@web28905.mail.ir2.yahoo.com> Message-ID: <20130802074922.40dc8f54@scorpio> On Fri, 2 Aug 2013 10:34:41 +0100 (BST) Nigel Smith articulated: > The configs are right there.... for both postifx and dovecot. ? I was > being courteous by posting them on pastebin instead of pasting them > into an email which would become clutterd with lines of config ! The problem isn't the posting of the documentation into the email, it is the stupidity of those replying to the post who are either too lazy, stupid or inconsiderate (perhaps a combination of all three) of others to properly trim the message when replying. -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From AxelLuttgens at swing.be Fri Aug 2 14:50:46 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Fri, 2 Aug 2013 13:50:46 +0200 Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <1375443029.55263.YahooMailNeo@web28901.mail.ir2.yahoo.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> <3BC36A0B-F440-4253-A645-6881452B2F61@swing.be> <1375438409.95783.YahooMailNeo@web28901.mail.ir2.yahoo.com> <2B2EFE3A-E8FD-4365-BAE5-0193912AAEF4@swing.be> <1375441145.80023.YahooMailNeo@web28903.mail.ir2.yahoo.com> <1375443029.55263.YahooMailNeo@web28901.mail.ir2.yahoo.com> Message-ID: <69FAA672-7E69-4D0B-A90D-579E7D268723@swing.be> Le 2 ao?t 2013 ? 13:30, Nigel Smith a ?crit : > Looking more promising with the chroot commented out Axel (doveconf at the bottom) ..... ;-) Indeed, looks faaar better. Fine! So, I'll now be a bit insisting, but could you now try with: mail_location = maildir:~/mails (or whathever name you find more convenient for the subdirectory "mails") This assumes that the entry for test at ops.example.com is still 1001:1001::/srv/mail/ops.example.com/test:/bin/false:: and of course require another preliminary "rm -rf /srv/mail/ops.example.com/test". If it works, this may prove useful in the future (for example, should you want make use of sieve or easily avoid to have the control/index files taken into account for the quotas). As a last step, you could then try to chroot again. Axel From jerry at seibercom.net Fri Aug 2 14:52:05 2013 From: jerry at seibercom.net (Jerry) Date: Fri, 2 Aug 2013 07:52:05 -0400 Subject: [Dovecot] ./configure dovecot In-Reply-To: <9C453D73-A794-4066-A561-04F07296FD82@kreme.com> References: <9C453D73-A794-4066-A561-04F07296FD82@kreme.com> Message-ID: <20130802075205.51506c9e@scorpio> On Fri, 2 Aug 2013 04:38:25 -0600 LuKreme articulated: > When I do a ./configure in dovecot (2.2.1) I get this notice (first > line): > > configure: WARNING: you should use --build, --host, --target {snip} What OS and version are you attempting this on? -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From tss at iki.fi Fri Aug 2 14:57:59 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 02 Aug 2013 14:57:59 +0300 Subject: [Dovecot] Maildir Synchronization warnings In-Reply-To: <1375428840.90646.YahooMailNeo@web193505.mail.sg3.yahoo.com> References: <1375428840.90646.YahooMailNeo@web193505.mail.sg3.yahoo.com> Message-ID: <1375444679.31867.7.camel@innu.dovecot.net> On Fri, 2013-08-02 at 15:34 +0800, Kavish Karkera wrote: > Hi, > > We are repeatedly getting these below warnings for some of our users, al though we have no complaints from them yet, > we need to know why these warning occurs. > > So it would be help full if some one explain these warning msg in detail. .. > Aug 2 12:52:55 blade8 dovecot: imap(kavish.karkera at example.com): Warning: Maildir: Scanning /mail/v3store/example.com/kavish.karkera at example.com/Maildir/cur took 94 seconds (23191 readdir()s, 0 rename()s to cur/, why=0x1) It means that the maildir INBOX is huge, and it takes a long time to access them with your available disk IO. Possibilities: a) Move move of your mails away from INBOX. b) Switch to different mailbox format that can handle large mailboxes, such as mdbox or sdbox. From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 14:59:30 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 12:59:30 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <69FAA672-7E69-4D0B-A90D-579E7D268723@swing.be> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> <3BC36A0B-F440-4253-A645-6881452B2F61@swing.be> <1375438409.95783.YahooMailNeo@web28901.mail.ir2.yahoo.com> <2B2EFE3A-E8FD-4365-BAE5-0193912AAEF4@swing.be> <1375441145.80023.YahooMailNeo@web28903.mail.ir2.yahoo.com> <1375443029.55263.YahooMailNeo@web28901.mail.ir2.yahoo.com> <69FAA672-7E69-4D0B-A90D-579E7D268723@swing.be> Message-ID: <1375444770.48493.YahooMailNeo@web28906.mail.ir2.yahoo.com> > So, I'll now be a bit insisting, but could you now try with: > mail_location = maildir:~/mails Ok, will go try now. >If it works, this may prove useful in the future (for example, should you want make use of sieve or easily avoid to have >the control/index files taken into account for the quotas). Ah yes, Sieve.? That's going to be my next challenge.? I have not tested it yet, but have been wondering if the various sieve directory settings (e.g. sieve_dir,sieve,sieve_global_dir etc. etc.) operate independently of the "general" Dovecot directory settings (e.g. mail_location, the home directory in user files etc.) ?? > As a last step, you could then try to chroot again. Only if someone can suggest why my original chroot config didn't work first, otherwise I'll just be breaking things again? ;-) From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 15:01:31 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 13:01:31 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <20130802074922.40dc8f54@scorpio> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB79DC.9080402@hardwarefreak.com> <1375436081.50075.YahooMailNeo@web28905.mail.ir2.yahoo.com> <20130802074922.40dc8f54@scorpio> Message-ID: <1375444891.79789.YahooMailNeo@web28901.mail.ir2.yahoo.com> Jerry, We drew a line in the sand over the Steve issue hours ago. Please keep this thread on-topic now, or post nothing at all.? I don't want to re-open that old debate. Thank you for your understanding. ;-) From kavish.karkera at yahoo.com Fri Aug 2 15:10:45 2013 From: kavish.karkera at yahoo.com (Kavish Karkera) Date: Fri, 2 Aug 2013 20:10:45 +0800 (SGT) Subject: [Dovecot] Maildir Synchronization warnings In-Reply-To: <1375444679.31867.7.camel@innu.dovecot.net> References: <1375428840.90646.YahooMailNeo@web193505.mail.sg3.yahoo.com> <1375444679.31867.7.camel@innu.dovecot.net> Message-ID: <1375445445.72862.YahooMailNeo@web193502.mail.sg3.yahoo.com> Thanks Timo, Temporarly would move the messages and keep a watch. Updating to mdbox is add to the list. Thanks&Regards, Kavish Karkera ________________________________ From: Timo Sirainen To: Kavish Karkera Cc: "dovecot at dovecot.org" Sent: Friday, 2 August 2013 5:27 PM Subject: Re: [Dovecot] Maildir Synchronization warnings On Fri, 2013-08-02 at 15:34 +0800, Kavish Karkera wrote: > Hi, > > We are repeatedly getting these below warnings for some of our users, al though we have no complaints from them yet, >? we need to know why these warning occurs. > > So it would be help full if some one explain these warning msg in detail. .. > Aug? 2 12:52:55 blade8 dovecot: imap(kavish.karkera at example.com): Warning: Maildir: Scanning /mail/v3store/example.com/kavish.karkera at example.com/Maildir/cur took 94 seconds (23191 readdir()s, 0 rename()s to cur/, why=0x1) It means that the maildir INBOX is huge, and it takes a long time to access them with your available disk IO. Possibilities: a) Move move of your mails away from INBOX. b) Switch to different mailbox format that can handle large mailboxes, such as mdbox or sdbox. From tss at iki.fi Fri Aug 2 15:13:04 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 02 Aug 2013 15:13:04 +0300 Subject: [Dovecot] 2.2.4 - Some questions about and needing help with quota-status In-Reply-To: References: <99EDABF1-7E72-4044-B6B9-58E936248C14@swing.be> <2CFCCEC9-3CBD-4A3C-8256-620FED5B957D@swing.be> Message-ID: <1375445584.31867.10.camel@innu.dovecot.net> On Fri, 2013-08-02 at 10:30 +0200, Axel Luttgens wrote: > Le 1 ao?t 2013 ? 18:05, Timo Sirainen a ?crit : > > > On 1.8.2013, at 19.02, Axel Luttgens wrote: > > > >> [...] > >> If yes, could it be that it is never called in my case? > > > > If not, then there's definitely some problem :) > > > >> [...] > >> Could I try to break somewhere earlier in the call chain? > > > > It should definitely stop in hook_mail_user_created, which should call quota_mail_user_created as one of the hooks. If not, the user then doesn't actually have quota plugin enabled.. > > And I'm definitely not a gdb guru. :-( I'd just do: 1) start quota-status service by e.g. connecting to it via telnet 2) gdb -p `pidof quota-status` b hook_mail_user_created cont 3) recipient=user 4) does it stop?.. if yes, keep hitting "s" to see if it goes to quota code. > Still trying to have it provide me with some enlightening info, but if I may in the meantime paraphrase one of my initial questions on this thread: > > What makes doveadm-quota/lmtp and quota-status different? Not much.. > doveadm-quota and lmtp correctly understand my quota-related settings, and over-qauota users are handled as such. > > On the other hand, quota-status always returns "action=OK" for any existing user, whether over-quota or not. I've no idea. Send your current doveconf -n and I'll see if I can reproduce the problem with it? From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 15:17:57 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 13:17:57 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <69FAA672-7E69-4D0B-A90D-579E7D268723@swing.be> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> <3BC36A0B-F440-4253-A645-6881452B2F61@swing.be> <1375438409.95783.YahooMailNeo@web28901.mail.ir2.yahoo.com> <2B2EFE3A-E8FD-4365-BAE5-0193912AAEF4@swing.be> <1375441145.80023.YahooMailNeo@web28903.mail.ir2.yahoo.com> <1375443029.55263.YahooMailNeo@web28901.mail.ir2.yahoo.com> <69FAA672-7E69-4D0B-A90D-579E7D268723@swing.be> Message-ID: <1375445877.61476.YahooMailNeo@web28902.mail.ir2.yahoo.com> > So, I'll now be a bit insisting, but could you now try with: > mail_location = maildir:~/mails Axel, This seems to bring up a new problem. ;-( Before that change, I could see the new mails in both Telnet and Apple Mail. Now, I can only see the mail in Telnet and not in Apple Mail.?? No config changes apart form your suggestion (mail_location = maildir:~/Maildir) Logs below..... RECEIVING EMAIL...... Aug? 2 13:10:06 ukc-vm02-mx01 postfix/smtpd[5089]: connect from unknown[10.1.123.43] Aug? 2 13:10:26 ukc-vm02-mx01 postfix/smtpd[5089]: 0331F448FD: client=unknown[10.1.123.43] Aug? 2 13:10:30 ukc-vm02-mx01 postfix/cleanup[5092]: 0331F448FD: message-id=<> Aug? 2 13:10:30 ukc-vm02-mx01 postfix/qmgr[2093]: 0331F448FD: from=, size=208, nrcpt=1 (queue active) Aug? 2 13:10:30 ukc-vm02-mx01 dovecot: lmtp(4700): Debug: none: root=, index=, control=, inbox=, alt= Aug? 2 13:10:30 ukc-vm02-mx01 dovecot: lmtp(4700): Connect from local Aug? 2 13:10:30 ukc-vm02-mx01 dovecot: lmtp(4700): Debug: auth input: test at ops.example.com uid=1001 gid=1001 home=/srv/mail/ops.example.com/test Aug? 2 13:10:30 ukc-vm02-mx01 dovecot: lmtp(4700, test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/ops.example.com/test Aug? 2 13:10:30 ukc-vm02-mx01 dovecot: lmtp(4700, test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test/Maildir, index=, control=, inbox=/srv/mail/ops.example.com/test/Maildir, alt= Aug? 2 13:10:30 ukc-vm02-mx01 dovecot: lmtp(4700, test at ops.example.com): Debug: Namespace : /srv/mail/ops.example.com/test/Maildir doesn't exist yet, using default permissions Aug? 2 13:10:30 ukc-vm02-mx01 dovecot: lmtp(4700, test at ops.example.com): Debug: Namespace : Using permissions from /srv/mail/ops.example.com/test/Maildir: mode=0700 gid=-1 Aug? 2 13:10:30 ukc-vm02-mx01 dovecot: lmtp(4700, test at ops.example.com): mCAHILah+1FcEgAAwf4bjw: msgid=unspecified: saved mail to INBOX Aug? 2 13:10:30 ukc-vm02-mx01 postfix/lmtp[5093]: 0331F448FD: to=, relay=ukc-vm02-mx01.ops.example.com[private/dovecot-lmtp], delay=11, delays=10/0.01/0/0.13, dsn=2.0.0, status=sent (250 2.0.0 mCAHILah+1FcEgAAwf4bjw Saved) Aug? 2 13:10:30 ukc-vm02-mx01 dovecot: lmtp(4700): Disconnect from local: Client quit (in reset) Aug? 2 13:10:30 ukc-vm02-mx01 postfix/qmgr[2093]: 0331F448FD: removed Aug? 2 13:10:32 ukc-vm02-mx01 postfix/smtpd[5089]: disconnect from unknown[10.1.123.43] ls -la /srv/mail/ops.example.com/test/Maildir/ total 48 drwx------ 5 its-virtmail its-virtmail? 4096 Aug? 2 13:12 . drwx------ 3 its-virtmail its-virtmail? 4096 Aug? 2 13:10 .. drwx------ 2 its-virtmail its-virtmail? 4096 Aug? 2 13:11 cur -rw------- 1 its-virtmail its-virtmail 16384 Aug? 2 13:12 dovecot.index.cache -rw------- 1 its-virtmail its-virtmail?? 580 Aug? 2 13:11 dovecot.index.log -rw------- 1 its-virtmail its-virtmail?? 104 Aug? 2 13:10 dovecot-uidlist -rw------- 1 its-virtmail its-virtmail???? 8 Aug? 2 13:10 dovecot-uidvalidity -r--r--r-- 1 its-virtmail its-virtmail???? 0 Aug? 2 13:10 dovecot-uidvalidity.51fba1b6 drwx------ 2 its-virtmail its-virtmail? 4096 Aug? 2 13:11 new drwx------ 2 its-virtmail its-virtmail? 4096 Aug? 2 13:10 tmp TELNET Aug? 2 13:12:09 ukc-vm02-mx01 dovecot: imap-login: Login: user=, method=PLAIN, rip=10.1.123.43, lip=172.16.1.71, mpid=5404, TLS Aug? 2 13:12:09 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/ops.example.com/test Aug? 2 13:12:09 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test/Maildir, index=, control=, inbox=/srv/mail/ops.example.com/test/Maildir, alt= Aug? 2 13:13:11 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Disconnected: Logged out bytes=59/1273 APPLE MAIL Aug? 2 13:11:14 ukc-vm02-mx01 dovecot: imap-login: Login: user=, method=PLAIN, rip=10.1.123.43, lip=172.16.1.71, mpid=5394, TLS Aug? 2 13:11:14 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/ops.example.com/test Aug? 2 13:11:14 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test/Maildir, index=, control=, inbox=/srv/mail/ops.example.com/test/Maildir, alt= Aug? 2 13:11:15 ukc-vm02-mx01 dovecot: imap-login: Login: user=, method=PLAIN, rip=10.1.123.43, lip=172.16.1.71, mpid=5396, TLS Aug? 2 13:11:15 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/ops.example.com/test Aug? 2 13:11:15 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test/Maildir, index=, control=, inbox=/srv/mail/ops.example.com/test/Maildir, alt= Aug? 2 13:11:15 ukc-vm02-mx01 dovecot: imap-login: Login: user=, method=PLAIN, rip=10.1.123.43, lip=172.16.1.71, mpid=5398, TLS Aug? 2 13:11:15 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/ops.example.com/test Aug? 2 13:11:15 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test/Maildir, index=, control=, inbox=/srv/mail/ops.example.com/test/Maildir, alt= Aug? 2 13:11:16 ukc-vm02-mx01 dovecot: imap-login: Login: user=, method=PLAIN, rip=10.1.123.43, lip=172.16.1.71, mpid=5400, TLS Aug? 2 13:11:16 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/ops.example.com/test Aug? 2 13:11:16 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test/Maildir, index=, control=, inbox=/srv/mail/ops.example.com/test/Maildir, alt= Aug? 2 13:11:16 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Connection closed bytes=17/340 Aug? 2 13:11:17 ukc-vm02-mx01 dovecot: imap-login: Login: user=, method=PLAIN, rip=10.1.123.43, lip=172.16.1.71, mpid=5402, TLS Aug? 2 13:11:17 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: Effective uid=1001, gid=1001, home=/srv/mail/ops.example.com/test Aug? 2 13:11:17 ukc-vm02-mx01 dovecot: imap(test at ops.example.com): Debug: maildir++: root=/srv/mail/ops.example.com/test/Maildir, index=, control=, inbox=/srv/mail/ops.example.com/test/Maildir, alt= From tss at iki.fi Fri Aug 2 15:20:15 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 02 Aug 2013 15:20:15 +0300 Subject: [Dovecot] [PATCH] quota-status: allow different action for messages that are too large (over maximum quota) In-Reply-To: <20130801162724.GA23846@zwirn.topfen.net> References: <20130801162724.GA23846@zwirn.topfen.net> Message-ID: <1375446015.31867.11.camel@innu.dovecot.net> On Thu, 2013-08-01 at 18:27 +0200, Ulrich Zehl wrote: > This proposed patch to quota-status allows the administrator to return > different actions for messages that (a) cannot currently fit in the quota > (because there's not enough free space) and (b) are over the maximum quota > limit (and could not even be delivered if the mailbox was empty). Committed with some small coding style changes: http://hg.dovecot.org/dovecot-2.2/rev/78225937a030 and your other patch: http://hg.dovecot.org/dovecot-2.2/rev/3e98654cbb54 From kavish.karkera at yahoo.com Fri Aug 2 15:21:26 2013 From: kavish.karkera at yahoo.com (Kavish Karkera) Date: Fri, 2 Aug 2013 20:21:26 +0800 (SGT) Subject: [Dovecot] Maildir Synchronization warnings In-Reply-To: <51FB8D8B.70803@Media-Brokers.com> References: <1375432616.60451.YahooMailNeo@web193504.mail.sg3.yahoo.com> <51FB8D8B.70803@Media-Brokers.com> Message-ID: <1375446086.2193.YahooMailNeo@web193505.mail.sg3.yahoo.com> Sorry Charles, it was posted twice unintentionally (becuase of network issue). We have 2 pop/imap servers running with director. Dovecot version = 2.1.12 Dovecot version = 2.1.13 Output of doveconf -n # 2.1.12: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.19.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) default_client_limit = 50000 default_vsz_limit = 1 G disable_plaintext_auth = no doveadm_proxy_port = 24245 first_valid_uid = 99 last_valid_gid = 99 listen = * mail_fsync = always mail_location = maildir:~/Maildir:INDEX=/indexes/%h:CONTROL=/indexes/%h mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = quota mmap_disable = yes namespace inbox { ? inbox = yes ? location = ? mailbox Drafts { ??? special_use = \Drafts ? } ? mailbox Junk { ??? special_use = \Junk ? } ? mailbox Sent { ??? special_use = \Sent ? } ? mailbox "Sent Messages" { ??? special_use = \Sent ? } ? mailbox Trash { ??? special_use = \Trash ? } ? prefix = } passdb { ? args = /usr/local/etc/dovecot/dovecot-sql.conf.ext ? driver = sql } plugin { ? quota = maildir:storage=1024 ? quota_rule = *:storage=1024 } service auth { ? client_limit = 50000 ? unix_listener auth-userdb { ??? group = nobody ??? mode = 0666 ??? user = nobody ? } } service doveadm { ? inet_listener { ??? port = 24245 ? } } service imap-login { ? process_min_avail = 8 ? service_count = 0 ? vsz_limit = 1 G } service imap { ? process_limit = 4096 ? service_count = 0 ? vsz_limit = 1 G } service pop3-login { ? process_min_avail = 8 ? service_count = 0 ? vsz_limit = 1 G } service pop3 { ? process_min_avail = 8 ? service_count = 0 ? vsz_limit = 1 G } ssl_cert = To: dovecot at dovecot.org Sent: Friday, 2 August 2013 4:14 PM Subject: Re: [Dovecot] Maildir Synchronization warnings On 2013-08-02 4:36 AM, Kavish Karkera wrote: > We are repeatedly getting these below warnings for some of our users, al though we have no complaints from them yet, we need to know why these warning occurs. > > So it would be help full if some one explain these warning msg in detail. > > > Aug? 2 12:52:55 blade8 dovecot: imap(kavish.karkera at example.com): Warning: Maildir: Scanning/mail/v3store/example.com/kavish.karkera at example.com/Maildir/cur took 94 seconds (23191 readdir()s, 0 rename()s to cur/, why=0x1) Please don't spam the list with multiple postings of the same question. Most people do not have crystal balls, and those that do often find them broken, so it would be helpful if you could provide at least a bare minimum of details about your setup... What version of dovecot is this? doveconf -n output? Singe server or cluster? -- Best regards, Charles From tss at iki.fi Fri Aug 2 15:22:10 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 02 Aug 2013 15:22:10 +0300 Subject: [Dovecot] 2.2.4 - quota-status changing the user it is running as In-Reply-To: <20130801142702.GA11515@zwirn.topfen.net> References: <90360D60-DD05-4DB8-A0B7-3372B6083461@swing.be> <5F4413BC-3C85-4523-BA45-F9802E100BA4@swing.be> <90CCBF21-9238-4ABA-A7F7-3B765B515265@iki.fi> <20130801142702.GA11515@zwirn.topfen.net> Message-ID: <1375446130.31867.12.camel@innu.dovecot.net> On Thu, 2013-08-01 at 16:27 +0200, Ulrich Zehl wrote: > On Thu, Aug 01, 2013 at 02:31:31PM +0200, Axel Luttgens wrote: > > > > http://hg.dovecot.org/dovecot-2.2/rev/2470bb9106b0 > > http://hg.dovecot.org/dovecot-2.2/rev/51b8020b29f6 > > http://hg.dovecot.org/dovecot-2.2/rev/eb63eca74471 > > http://hg.dovecot.org/dovecot-2.2/rev/43488e1044c9 > > Is there any chance to get these backported to 2.1 as well? After all, it > has the same issues without these patches. Added http://hg.dovecot.org/dovecot-2.1/rev/b986ac5e1d98 which is good enough and definitely won't cause any problems. From tss at iki.fi Fri Aug 2 15:24:12 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 02 Aug 2013 15:24:12 +0300 Subject: [Dovecot] Lowering Log Levels Back to Defaults In-Reply-To: <51F92B62.8050703@globalchangemusic.org> References: <51F92B62.8050703@globalchangemusic.org> Message-ID: <1375446252.31867.13.camel@innu.dovecot.net> On Wed, 2013-07-31 at 08:21 -0700, Asai wrote: > Greetings, > > I'm sorry for asking what may be a really obvious question, but I'm > having a hard time turning off logging, or at least getting less verbose > logging. My dsync logs are about 7 MB daily, and I'm trying to get that > switched off. At one point I had it on a lower level of verbosity, and > I turned it up for debugging purposes, but now I cannot seem to turn it > back down, which is something I did many times before. For example the > logs are getting tons of Info level messages. > > dsync(asai at globalchangemusic.org): Info: expunge: box=Trash, uid=61625, msgid=, size=9586 Disable mail_log plugin. From tss at iki.fi Fri Aug 2 15:25:51 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 02 Aug 2013 15:25:51 +0300 Subject: [Dovecot] Calling dovecot-lda correctly from exim for virtual user setup In-Reply-To: <187f7a76e122c8604515305d36f8d57a@roundcube.froglogic.com> References: <187f7a76e122c8604515305d36f8d57a@roundcube.froglogic.com> Message-ID: <1375446351.31867.14.camel@innu.dovecot.net> On Tue, 2013-07-30 at 14:55 +0200, Frerich Raabe wrote: > Hi, > > I'm running Dovecot 2.1.7 on Debian. Exim is the MTA. I was recently > made aware of the fact that the way in which Exim invokes dovecot-lda is > prone to code injection: > > dovecot_virtual_delivery: > driver = pipe > command = HOME=/home/vmail/\$local_part /usr/lib/dovecot/dovecot-lda > -f \$sender_address > use_shell > .. > > I.e. a command is executed via the shell, and Exim uses non-sanitized > user input (mail header fields) to construct the command. > > Now, the reason I invoked dovecot like that is to pass a plausible > value for the HOME environment variable, so that dovecot-lda can > determine where the Maildir directory of the recipient is. Is there any > way to achieve this without requiring HOME to be set correctly? I looked > at the -m switch but as far as I can see that merely defines the > destination mailbox, but not the path to the Maildir directory, correct? Maybe set mail_home = /home/vmail/%n ? From hummel at pasteur.fr Fri Aug 2 15:30:56 2013 From: hummel at pasteur.fr (Thomas Hummel) Date: Fri, 2 Aug 2013 14:30:56 +0200 Subject: [Dovecot] Unlock non existent locks Message-ID: <20130802123054.GA7196@parmesan.sis.pasteur.fr> Hello Timo, I'm running a single instance of dovecot-2.1.15 on a single host running 8.3-RELEASE-p3 FreeBSD amd64 mailboxes (Maildir), control files and indexes are on NFS (v3,tcp) mail_nfs_storage = yes lock_method = fcntl [didn't touch the following] # Mail index files also exist in NFS. Setting this to yes requires # mmap_disable=yes and fsync_disable=no. mail_nfs_index = yes served by an Isilon s200 node (OneFS 6.5.5.22) procmail delivers in the same location through postfix-2.8.7 The filer shows *a lot* of such messages : 2013-08-02T14:12:29+02:00 <0.5> XXXX-10(id10) /boot/kernel.amd64/kernel: [lkf_delegate.c:2752](pid 46390="kt: dwt3")(tid=101282) dev_local_lkf_unlock(): no lock entry present to unlock for resource: 1:19d5:fdbe ;client: 0xa51cc3f444107 Corresponding file may be a message, a maildir, an index, ... I can experience the same message with a simple fcntl C program which tries to unlock an NFS file without prior locking of it. However, the problem occurs only on a FreeBSD client (I tried the old nfs client and the new (mount_newnfs), not on a 2.6.32-358.11.1.el6.x86_64 CentOS release 6.4 (Final) Linux release. So my guess is that dovecot has some safety mechanism which tries to unlock locked files, maybe after some timeout and that, in the case of a an already unlocked file, the FreeBSD client sends the unlock RPC request to the server anyway whereas the linux client does not, noticing there isn't anything to unlock. Can you help me explaining such a behavior ? Are those "unlock a file with no prior lock" made on purpose or is it a bug ? Would it be an application or a RPC bug ? Can you think of another reason ? Thanks -- Thomas Hummel | Institut Pasteur | Groupe Exploitation et Infrastructure From tss at iki.fi Fri Aug 2 15:30:58 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 02 Aug 2013 15:30:58 +0300 Subject: [Dovecot] Dovecot never release preallocated space in mdbox In-Reply-To: <51F63A50.9010002@emisfr.com> References: <51F63A50.9010002@emisfr.com> Message-ID: <1375446658.31867.18.camel@innu.dovecot.net> On Mon, 2013-07-29 at 11:48 +0200, St?phane BERTHELOT wrote: > mdbox_rotate_size = 128M > mdbox_rotate_interval = 1d > mdbox_preallocate_space = yes > with virtual users and location like : > mail_location = mdbox:~/mdbox > > I don't think the remaining config is relevant but ask me if you need > some other parts. > > Using test accounts for 2 weeks now I've figured that the 128M > preallocated space is never 'hole punched" (to use a similar term than > "man fallocate" on Linux), even when rotating m.* files. Yeah, those settings weren't really intended to be used together. > There would certainly be smart to use something similar to > "FALLOC_FL_PUNCH_HOLE" on rotation (when doing close() ?) so that when > we're sure there won't be anymore data appended to file that the > allocated space == used space. The problem is that there is no "rotation time". In normal operation Dovecot would be wasting time (=disk IO) looking at old files and figuring out if they would need hole punching. I guess the doveadm purge job could do that, but I'm not sure if that's always the best idea either. I remember some people using different mdbox settings for normal operations and for doveadm purge runs, so this could also unintentionally break things.. From tss at iki.fi Fri Aug 2 15:32:42 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 02 Aug 2013 15:32:42 +0300 Subject: [Dovecot] Passing data safely in password_key? In-Reply-To: <51F61818.8010500@fsn.hu> References: <51F50542.9080103@fsn.hu> <51F61818.8010500@fsn.hu> Message-ID: <1375446762.31867.20.camel@innu.dovecot.net> On Mon, 2013-07-29 at 09:22 +0200, Attila Nagy wrote: > On 07/28/13 13:49, Attila Nagy wrote: > > Hi, > > > > I would like to convert my custom POP/IMAP proxy to Dovecot's. In this > > proxy I do more than giving back user name, password and the host and > > I need extra information. > > Luckily all of them are available as variables, but more than one > > comes as user input (like user name and cleartext password) and I'm > > not sure how to pass them safely. > > Obviously I would need a separator, which is guaranteed not to show up > > either in user name and the cleartext password. > > Should I use escape (%E) here, or is there a better way? > > > Just for the record, this is what I use currently: > password_key = dovecot/passdb^MAuth-User: %u^MAuth-Pass: > %w^MAuth-Protocol: %s^M > Client-IP: %r^M I have no idea what you're talking about. What is password_key? The password that is being sent to the backend IMAP/POP3 server? From tss at iki.fi Fri Aug 2 15:34:33 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 02 Aug 2013 15:34:33 +0300 Subject: [Dovecot] Auth-woker log lines In-Reply-To: References: Message-ID: <1375446873.31867.21.camel@innu.dovecot.net> On Sun, 2013-07-28 at 19:58 +0200, Grzegorz Staniak wrote: > Hi, > > Are log lines like the following: > > Jul 28 15:30:50 mx1.somewhere dovecot: auth-worker(18980): > sql(user at domain,217.67.x.x): unknown user > Jul 28 15:32:56 mx1.somewhere dovecot: auth-worker(18980): > sql(user at domain,212.182.x.x): Password mismatch > > written every time any authetntication phase fails, in SASL as well as > in POP3/IMAP mailbox access? I have a legacy app that would gain a lot > if I could distinguish between failed SASL authentication and failed > POP3/IMAP authentication. I know I can use the "auth failed" lines for > the latter case, and postfix log lines in the former, but they don't > contain user info. Is there a way for log monitoring software to get > failed login lines with both user info, and the reason (SASL, POP3, > IMAP)? With newer Dovecot versions the auth log lines include . Simplest way to differentiate then POP3/IMAP vs SMTP is to see if there is a at all, becauseSMTP doesn't (currently at least) provide one. From AxelLuttgens at swing.be Fri Aug 2 15:35:17 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Fri, 2 Aug 2013 14:35:17 +0200 Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <1375445877.61476.YahooMailNeo@web28902.mail.ir2.yahoo.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> <3BC36A0B-F440-4253-A645-6881452B2F61@swing.be> <1375438409.95783.YahooMailNeo@web28901.mail.ir2.yahoo.com> <2B2EFE3A-E8FD-4365-BAE5-0193912AAEF4@swing.be> <1375441145.80023.YahooMailNeo@web28903.mail.ir2.yahoo.com> <1375443029.55263.YahooMailNeo@web28901.mail.ir2.yahoo.com> <69FAA672-7E69-4D0B-A90D-579E7D268723@swing.be> <1375445877.61476.YahooMailNeo@web28902.mail.ir2.yahoo.com> Message-ID: <0B3D457B-3E64-4235-B4C3-F8012B02A750@swing.be> Le 2 ao?t 2013 ? 14:17, Nigel Smith a ?crit : > Axel, > > This seems to bring up a new problem. ;-( > > Before that change, I could see the new mails in both Telnet and Apple Mail. > > Now, I can only see the mail in Telnet and not in Apple Mail. No config changes apart form your suggestion (mail_location = maildir:~/Maildir) A quick test would be to delete the account (and all local copies of emails) in Mail, then to re-create it. Mail is of course a more sophisticated client than telnet, and may choke on various niceties such as uidvalidity... Axel From tss at iki.fi Fri Aug 2 15:37:04 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 02 Aug 2013 15:37:04 +0300 Subject: [Dovecot] Maildir Synchronization warnings In-Reply-To: <1375446086.2193.YahooMailNeo@web193505.mail.sg3.yahoo.com> References: <1375432616.60451.YahooMailNeo@web193504.mail.sg3.yahoo.com> <51FB8D8B.70803@Media-Brokers.com> <1375446086.2193.YahooMailNeo@web193505.mail.sg3.yahoo.com> Message-ID: <1375447024.31867.23.camel@innu.dovecot.net> On Fri, 2013-08-02 at 20:21 +0800, Kavish Karkera wrote: > We have 2 pop/imap servers running with director. > > Dovecot version = 2.1.12 > Dovecot version = 2.1.13 .. > mail_nfs_index = yes > mail_nfs_storage = yes To improve performance you can remove these two since you're using director. Also you could set maildir_very_dirty_syncs=yes. From tss at iki.fi Fri Aug 2 15:38:47 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 02 Aug 2013 15:38:47 +0300 Subject: [Dovecot] Unlock non existent locks In-Reply-To: <20130802123054.GA7196@parmesan.sis.pasteur.fr> References: <20130802123054.GA7196@parmesan.sis.pasteur.fr> Message-ID: <1375447127.31867.25.camel@innu.dovecot.net> On Fri, 2013-08-02 at 14:30 +0200, Thomas Hummel wrote: > Hello Timo, > > I'm running > > a single instance of dovecot-2.1.15 > on a single host running 8.3-RELEASE-p3 FreeBSD amd64 > mailboxes (Maildir), control files and indexes are on NFS (v3,tcp) > > mail_nfs_storage = yes > lock_method = fcntl > [didn't touch the following] > # Mail index files also exist in NFS. Setting this to yes requires > # mmap_disable=yes and fsync_disable=no. > mail_nfs_index = yes Since you have only one Dovecot accessing the NFS, you don't need either mail_nfs_storage=yes or mail_nfs_index=yes. My guess is that by setting those to "no", you'll also solve this: > 2013-08-02T14:12:29+02:00 <0.5> XXXX-10(id10) /boot/kernel.amd64/kernel: [lkf_delegate.c:2752](pid 46390="kt: dwt3")(tid=101282) dev_local_lkf_unlock(): no lock entry present to unlock for resource: 1:19d5:fdbe ;client: 0xa51cc3f444107 From sberthelot at emisfr.com Fri Aug 2 15:51:27 2013 From: sberthelot at emisfr.com (=?UTF-8?B?U3TDqXBoYW5lIEJFUlRIRUxPVA==?=) Date: Fri, 02 Aug 2013 14:51:27 +0200 Subject: [Dovecot] Dovecot never release preallocated space in mdbox In-Reply-To: <1375446658.31867.18.camel@innu.dovecot.net> References: <51F63A50.9010002@emisfr.com> <1375446658.31867.18.camel@innu.dovecot.net> Message-ID: <51FBAB4F.2060301@emisfr.com> Le 02/08/2013 14:30, Timo Sirainen a ?crit : > On Mon, 2013-07-29 at 11:48 +0200, St?phane BERTHELOT wrote: > >> mdbox_rotate_size = 128M >> mdbox_rotate_interval = 1d >> mdbox_preallocate_space = yes >> with virtual users and location like : >> mail_location = mdbox:~/mdbox >> >> I don't think the remaining config is relevant but ask me if you need >> some other parts. >> >> Using test accounts for 2 weeks now I've figured that the 128M >> preallocated space is never 'hole punched" (to use a similar term than >> "man fallocate" on Linux), even when rotating m.* files. > Yeah, those settings weren't really intended to be used together. I am not sure to understand. Preallocation is based on rotate size actually, so you mean I shouldn't use a rotate interval with this kind of settings ? It would effectively "lose" less space since all files would be around the preallocated size except the last one (current). >> There would certainly be smart to use something similar to >> "FALLOC_FL_PUNCH_HOLE" on rotation (when doing close() ?) so that when >> we're sure there won't be anymore data appended to file that the >> allocated space == used space. > The problem is that there is no "rotation time". In normal operation > Dovecot would be wasting time (=disk IO) looking at old files and > figuring out if they would need hole punching. I guess the doveadm purge > job could do that, but I'm not sure if that's always the best idea > either. I remember some people using different mdbox settings for normal > operations and for doveadm purge runs, so this could also > unintentionally break things.. Ok, I'm sorry I forgot to add that I'm using a cronjob to doveadm purge weekly. That effectively may be a good time to remove unneeded preallocated sectors. I didn't have a look at the internals of the devecot process but I meant that this could happen when it chooses to switch to another file (because of rotation time, not purge). Effectively it may be at a time that we would want to avoid adding more IO... When reading linux docs lately the more appropriate term may be "truncation" rather than "hole punching". That's what I did on command line (truncate with proper args) and it resetted the allocated size to "real" size. I am pretty sure my understanding on those options was wrong so I already changed to 2M/no preallocation (since I didn't find any evidence that preallocation is making dovecot perform so much better ; there seemed to be a thread once on this list but noone concluded on that I think). My objective was to get a good compromise on performance (since I'm using ext4 anyways) and backup time (otherwise I wouldn't bother with rotation to "compensate" the potentially full rebuild of doveadm purge) Maybe a documentation update should do the trick or a configuration warning stating that preallocation+rotate time would leave "wasted" space on disk. From tss at iki.fi Fri Aug 2 16:00:27 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 Aug 2013 16:00:27 +0300 Subject: [Dovecot] dsync backup mails compressed In-Reply-To: <51EB7568.1@sys4.de> References: <51EB7568.1@sys4.de> Message-ID: <779ECC63-988C-41B6-BAF0-FDC2C96080E0@iki.fi> On 21.7.2013, at 8.45, Robert Schetterer wrote: > Hi Timo , looks like if zlib plugin is enabled > all backupmails ( Maildir ) getting compressed > > i tested this > > dsync -o plugin/acl= -o plugin/quota= -u user at beispiel.de backup > maildir://nfs-backup-data/user at beispiel.de > > adding > > -o plugin/zlib= > > didnt help There is no plugin { zlib } setting, but zlib_save. So you'd use -o plugin/zlib_save= From tss at iki.fi Fri Aug 2 16:02:30 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 Aug 2013 16:02:30 +0300 Subject: [Dovecot] dovecot fts solr plugin In-Reply-To: References: Message-ID: <233273A5-024D-4FA3-A6ED-EB64B5ADD5C4@iki.fi> On 21.7.2013, at 23.11, Thomas Baumann wrote: > (1) doveadm fts fails: > > Error message: > doveadm(tom at tirism.support.tiri.li): Error: fts not enabled for user's > namespace (null) .. > protocol imap { > plugin { > fts = solr > fts_solr = break-imap-search url=http://localhost:8983/solr/ > } > } > protocol pop3 { > plugin { > fts = solr > fts_solr = break-imap-search url=http://localhost:8983/solr/ > } > } Don't put these inside protocol sections. They need to be enabled globally. > (2) > solr schema has errors > > Jul 21, 2013 4:35:46 PM org.apache.solr.common.SolrException log > SEVERE: org.apache.solr.common.SolrException: undefined field text I did some Solr schema fixes to v2.2 recently.. From AxelLuttgens at swing.be Fri Aug 2 16:18:30 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Fri, 2 Aug 2013 15:18:30 +0200 Subject: [Dovecot] 2.2.4 - Some questions about and needing help with quota-status In-Reply-To: <1375445584.31867.10.camel@innu.dovecot.net> References: <99EDABF1-7E72-4044-B6B9-58E936248C14@swing.be> <2CFCCEC9-3CBD-4A3C-8256-620FED5B957D@swing.be> <1375445584.31867.10.camel@innu.dovecot.net> Message-ID: <4A82631C-BC81-4F90-822D-144B95DC66AE@swing.be> Le 2 ao?t 2013 ? 14:13, Timo Sirainen a ?crit : > I'd just do: > > 1) start quota-status service by e.g. connecting to it via telnet > > 2) gdb -p `pidof quota-status` > b hook_mail_user_created > cont > > 3) recipient=user > > 4) does it stop?.. if yes, keep hitting "s" to see if it goes to quota > code. To be sure, tried again, but still getting quite anarchistic behaviors, requiring some "luck" for retrieving useful info... Could be a clang vs gdb thing; I also tried to compile the quota plugin without optimization in the hope to bring some consistency back, without much success. >> Still trying to have it provide me with some enlightening info, but if I may in the meantime paraphrase one of my initial questions on this thread: >> >> What makes doveadm-quota/lmtp and quota-status different? > > Not much.. This is what I was tempted to believe, until... ;-) >> doveadm-quota and lmtp correctly understand my quota-related settings, and over-qauota users are handled as such. >> >> On the other hand, quota-status always returns "action=OK" for any existing user, whether over-quota or not. > > I've no idea. Send your current doveconf -n and I'll see if I can > reproduce the problem with it? Thank you for your kind proposal; it would be such a relief, should you find something I'm overlooking. I provided that info at the very beginning of the thread, but I may have changed one detail or another in the meantime; I'll thus send you my current config privately. Best Regards, Axel From tss at iki.fi Fri Aug 2 16:30:44 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 Aug 2013 16:30:44 +0300 Subject: [Dovecot] mails delivered to the wrong user when using lmtp_proxy and reject_unverified_recipient In-Reply-To: <51E95716.4000101@heinlein-support.de> References: <51E95716.4000101@heinlein-support.de> Message-ID: On 19.7.2013, at 18.11, Peer Heinlein wrote: > looks like we detected a serious bug in dovecot's lmtp proxying where > e-mails are delivered to the wrong user. > > The setup is: > > *) Dovecot is configured with "lmtp_proxy=yes" > > # Support proxying to other LMTP/SMTP servers by performing passdb lookups. > lmtp_proxy = yes > > *) Postfix uses "dynamic recipient verification", so Postfix starts > sending a (verify) mail by LMTP to dovecot, but quits the lmtp-session > right after the RCPT TO:. No DATA-stage is reached in the protocol and > no real e-mail is sent. But Postfix had a LMTP-connection for "user1". > > *) Just some seconds later a "real" e-mail to "user2" has to be > delivered to dovecot by LMTP. But Dovecot will deliver this mail to the > wrong "user1" instead of "user2". Looks like dovecot re-uses the (still > opened?) lmtp-proxy-connection from "user1" to deliver an e-mail to "user2". As others mentioned, seeing what Postfix <-> Dovecot (and Dovecot proxy <-> Dovecot backend) talk to each others would help. I can't reproduce this in an easy way and the code looks correct also: All proxied connections are dropped on LHLO and RSET. The proxy connections also aren't being reused between different incoming LMTP connections. From tss at iki.fi Fri Aug 2 16:33:14 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 Aug 2013 16:33:14 +0300 Subject: [Dovecot] 2.2.4 - Some questions about and needing help with quota-status In-Reply-To: <4A82631C-BC81-4F90-822D-144B95DC66AE@swing.be> References: <99EDABF1-7E72-4044-B6B9-58E936248C14@swing.be> <2CFCCEC9-3CBD-4A3C-8256-620FED5B957D@swing.be> <1375445584.31867.10.camel@innu.dovecot.net> <4A82631C-BC81-4F90-822D-144B95DC66AE@swing.be> Message-ID: <52FEB570-D813-4F83-A641-1E8C0658378B@iki.fi> On 2.8.2013, at 16.18, Axel Luttgens wrote: > Le 2 ao?t 2013 ? 14:13, Timo Sirainen a ?crit : > >> I'd just do: >> >> 1) start quota-status service by e.g. connecting to it via telnet >> >> 2) gdb -p `pidof quota-status` >> b hook_mail_user_created >> cont >> >> 3) recipient=user >> >> 4) does it stop?.. if yes, keep hitting "s" to see if it goes to quota >> code. > > To be sure, tried again, but still getting quite anarchistic behaviors, requiring some "luck" for retrieving useful info... > Could be a clang vs gdb thing; I also tried to compile the quota plugin without optimization in the hope to bring some consistency back, without much success. Optimization always makes things rather annoying. Especially with clang -O2 makes it just about impossible for gdb to do anything useful. You'd probably need to disable optimization for lib-storage also, not just quota plugin. From skdovecot at smail.inf.fh-brs.de Fri Aug 2 16:47:06 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 2 Aug 2013 15:47:06 +0200 (CEST) Subject: [Dovecot] Getting default uid/gid of users via socket for virtual user support for sendmail In-Reply-To: <3288F414-56C2-4310-8CD7-F0CBC42738A1@iki.fi> References: <3288F414-56C2-4310-8CD7-F0CBC42738A1@iki.fi> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 1 Aug 2013, Timo Sirainen wrote: > You can't get the mail_uid/gid/home, because they really don't belong to auth process.. But what you could do with v2.2 is: > > userdb { > driver = ldap > args = .. > default_fields = uid=1234 gid=1234 home=/home/user/%u > } I'll try that. > But anyway, what is sendmail going to be doing with these fields? For > Postfix I've been trying to remove its need to know anything at all > about users (only domains and aliases). sendmail's forward feature is tied to plain text files. I'm relucant to drop the feature and replace it by, say, aliases, because some forwards deliver to files, programs or rather large lists. But sendmail's logic get the user with a MailboxDatabase, that returns user, home, uid, gid and shell, well the passwd entries; without them the user forward feature deactivated. This is by design, I have been told, when I tried to submit a patch to fetch user forwards from LDAP. By default, sendmail uses this database, too, to verify local users before accepting a message. But unlike for user forwards, one can achieve this check through other means. I have a few systems users, too, and it would be easier if I could use Dovecot to merge all sources together. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUfu4Wl3r2wJMiz2NAQJMvgf/V/UZJRunTVfot0z2M4Y7x3RsVEluUPXv AscAWueU9YodizyO2gb/bB0shsN7xQ61hZ0Z817fZSYrFzyO8zGxxVVdNiLqRBjP NyxATsCzrkDyskzocOnvOJNfu2GXXPgnnsca+oifousHkWjuQ07JdVVmd/vAUsX1 dJXTlZ/70rgkGUwZFO1J8uaYQMmj/PC64y9Bdq5Soh8LX/CVlZWfu0vWCwqKRdy6 KYnwUIv8kupI5PqJqJr/0vNfA/RlY9pXFcsCZ2EGUJEsZv1vzoWKFoz7BiH8JclP Km/yNUBIKW9sQOmRBu3eLgrPO5xQCfRIhCFRaRVWFkv1V1OEIjU4sw== =ZsLf -----END PGP SIGNATURE----- From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 2 16:45:26 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 2 Aug 2013 14:45:26 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <51FBA3A6.3080408@dementianati.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <67864A48-C649-4607-A555-EF31AD63A94B@swing.be> <1375434146.29440.YahooMailNeo@web28904.mail.ir2.yahoo.com> <3BC36A0B-F440-4253-A645-6881452B2F61@swing.be> <1375438409.95783.YahooMailNeo@web28901.mail.ir2.yahoo.com> <2B2EFE3A-E8FD-4365-BAE5-0193912AAEF4@swing.be> <1375441145.80023.YahooMailNeo@web28903.mail.ir2.yahoo.com> <51FBA3A6.3080408@dementianati.com> Message-ID: <1375451126.28470.YahooMailNeo@web28906.mail.ir2.yahoo.com> > You should take this discussion off list. Tell me Dem.... which part of my original question was not fit for the list ?? It was a perfectly valid technical question relating to Dovecot, and according to the description of the mailing list "This is the main list for requesting help with Dovecot or talking about it in general" So I was "requesting help" with Dovecot, and everyone else is perfectly within their rights to "talk about it". From rplatel at tucows.com Fri Aug 2 18:15:09 2013 From: rplatel at tucows.com (Richard Platel) Date: Fri, 2 Aug 2013 11:15:09 -0400 Subject: [Dovecot] Custom quota setup Message-ID: <70B8EF19-C76C-4452-B2BF-EFB07021BFEC@tucows.com> (Dovecot 2.2-ee) We have a weird quota requirement, we have file storage that we manage through our own APIs but want that usage to come out of the user's mail quota. The usage is in a maildirsize like file uncreatively called filestoresize in the user's maildir. In the past we've been doing this by modifying the quota plugin and re-compiling, but it seems like it should be possible to do this via configuration. Is there a way to add a quota setting pointing at this file for additional usage (not limits)? The feature is used infrequently so it would probably be acceptable use the dirsize backend, but I can't figure out how to configure that to point at a certain directory. We pass custom quota rules for each user in our userdb, and use a custom dict proxy program, so that program could read the file and pass a setting at log in time too (if, for example, there was a setting that said "offset the user's quota usage by X amount") Thanks. From rplatel at tucows.com Fri Aug 2 18:20:19 2013 From: rplatel at tucows.com (Richard Platel) Date: Fri, 2 Aug 2013 11:20:19 -0400 Subject: [Dovecot] feature request: IMAP passdb prefetch Message-ID: <4E60837F-0B78-49D4-957F-42B6FDC39F88@tucows.com> It'd be useful for us if the IMAP passdb could be used as a prefetch userdb. The remote IMAP server could respond with something like * OK key=value * OK key=value SEQ OK [CAPABILITY ...] Logged in. Or * OK SEQ OK [CAPABILITY ...] Logged in. Would anyone else find this useful? From tss at iki.fi Fri Aug 2 18:26:57 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 Aug 2013 18:26:57 +0300 Subject: [Dovecot] feature request: IMAP passdb prefetch In-Reply-To: <4E60837F-0B78-49D4-957F-42B6FDC39F88@tucows.com> References: <4E60837F-0B78-49D4-957F-42B6FDC39F88@tucows.com> Message-ID: On 2.8.2013, at 18.20, Richard Platel wrote: > It'd be useful for us if the IMAP passdb could be used as a prefetch userdb. > > The remote IMAP server could respond with something like > > * OK key=value > * OK key=value > SEQ OK [CAPABILITY ...] Logged in. > > Or > > * OK > SEQ OK [CAPABILITY ...] Logged in. > > Would anyone else find this useful? Uh. Why not simply something completely different like HTTP-based passdb? From tss at iki.fi Fri Aug 2 18:34:09 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 Aug 2013 18:34:09 +0300 Subject: [Dovecot] Custom quota setup In-Reply-To: <70B8EF19-C76C-4452-B2BF-EFB07021BFEC@tucows.com> References: <70B8EF19-C76C-4452-B2BF-EFB07021BFEC@tucows.com> Message-ID: <2910005D-1467-412A-A603-B3F876ECB038@iki.fi> On 2.8.2013, at 18.15, Richard Platel wrote: > We have a weird quota requirement, we have file storage that we manage through our own APIs but want that usage to come out of the user's mail quota. I've been thinking something like that as well for various other things: IMAP METADATA/ANNOTATE extension data, Sieve scripts, and also the actual file storage once Dovecot implements WebDAV. The quota plugin probably needs to be made extensible in some way to allow calculation of quota from multiple data sources. Or maybe lib-storage API needs to be made more aware of quota. I'm not entirely sure yet. > The usage is in a maildirsize like file uncreatively called filestoresize in the user's maildir. > > In the past we've been doing this by modifying the quota plugin and re-compiling, but it seems like it should be possible to do this via configuration. > > Is there a way to add a quota setting pointing at this file for additional usage (not limits)? I can't think of any good way to do that. > The feature is used infrequently so it would probably be acceptable use the dirsize backend, but I can't figure out how to configure that to point at a certain directory. I guess if you had a hidden non-listable namespace pointing to your file storage, the dirsize would find it and count them. The problem is, you would have to use dirsize backend for the Maildir as well, which is too slow. (Using a separate dirsize quota for files wouldn't then share the mail quota.) And the Maildir++ backend reads only new/ and cur/ directories. > We pass custom quota rules for each user in our userdb, and use a custom dict proxy program, so that program could read the file and pass a setting at log in time too (if, for example, there was a setting that said "offset the user's quota usage by X amount") That I think would work. From rplatel at tucows.com Fri Aug 2 18:34:59 2013 From: rplatel at tucows.com (Richard Platel) Date: Fri, 2 Aug 2013 11:34:59 -0400 Subject: [Dovecot] feature request: IMAP passdb prefetch References: Message-ID: <9416232E-D924-4189-B754-E9CCEA940407@tucows.com> > On 2.8.2013, at 18.20, Richard Platel wrote: > >> It'd be useful for us if the IMAP passdb could be used as a prefetch userdb. >> >> The remote IMAP server could respond with something like >> >> * OK key=value >> * OK key=value >> SEQ OK [CAPABILITY ...] Logged in. >> >> Or >> >> * OK >> SEQ OK [CAPABILITY ...] Logged in. >> >> Would anyone else find this useful? > > Uh. Why not simply something completely different like HTTP-based passdb? > I can't find info for HTTP on the wiki, can we set that up as a success/fail passdb? We do our own password auth (so we can support custom hash types, etc). From tss at iki.fi Fri Aug 2 18:44:21 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 Aug 2013 18:44:21 +0300 Subject: [Dovecot] HTTP passdb (was: feature request: IMAP passdb prefetch) In-Reply-To: References: <4E60837F-0B78-49D4-957F-42B6FDC39F88@tucows.com> Message-ID: <67F3FFED-951E-409A-A082-776668378E0D@iki.fi> (Cc'd to dovecot list anyway since other people might be interested) On 2.8.2013, at 18.34, Richard Platel wrote: >> Uh. Why not simply something completely different like HTTP-based passdb? > > I can't find info for HTTP on the wiki, can we set that up as a success/fail passdb? We do our own password auth (so we can support custom hash types, etc). I've only a private version of a HTTP-based passdb implemented for a customer. I'm not sure if I should bother adding something to be distributed with Dovecot, since I guess most people would want to modify it in some way anyway. Here's a somewhat modified version of it that hopefully works (at least it compiles): http://dovecot.org/patches/2.2/passdb-openam.c From rplatel at tucows.com Fri Aug 2 18:56:24 2013 From: rplatel at tucows.com (Richard Platel) Date: Fri, 2 Aug 2013 11:56:24 -0400 Subject: [Dovecot] Custom quota setup In-Reply-To: <2910005D-1467-412A-A603-B3F876ECB038@iki.fi> References: <70B8EF19-C76C-4452-B2BF-EFB07021BFEC@tucows.com> <2910005D-1467-412A-A603-B3F876ECB038@iki.fi> Message-ID: On 2013-08-02, at 11:34 AM, Timo Sirainen wrote: > On 2.8.2013, at 18.15, Richard Platel wrote: > >> We pass custom quota rules for each user in our userdb, and use a custom dict proxy program, so that program could read the file and pass a setting at log in time too (if, for example, there was a setting that said "offset the user's quota usage by X amount") > > That I think would work. > That's future development though? No such setting exists now? From tss at iki.fi Fri Aug 2 19:05:18 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 Aug 2013 19:05:18 +0300 Subject: [Dovecot] Custom quota setup In-Reply-To: References: <70B8EF19-C76C-4452-B2BF-EFB07021BFEC@tucows.com> <2910005D-1467-412A-A603-B3F876ECB038@iki.fi> Message-ID: On 2.8.2013, at 18.56, Richard Platel wrote: > On 2013-08-02, at 11:34 AM, Timo Sirainen wrote: > >> On 2.8.2013, at 18.15, Richard Platel wrote: >> >>> We pass custom quota rules for each user in our userdb, and use a custom dict proxy program, so that program could read the file and pass a setting at log in time too (if, for example, there was a setting that said "offset the user's quota usage by X amount") >> >> That I think would work. >> > > That's future development though? No such setting exists now? I'm not exactly sure what you thought of, but my idea was simply that you'd add your own dict proxy in the middle which hooks into the GET command, and increases its value by reading the filestoresize. You can already do that by pointing to a UNIX socket different from the normal dict server socket, similar as in http://wiki2.dovecot.org/AuthDatabase/Dict From rplatel at tucows.com Fri Aug 2 19:18:13 2013 From: rplatel at tucows.com (Richard Platel) Date: Fri, 2 Aug 2013 12:18:13 -0400 Subject: [Dovecot] Custom quota setup In-Reply-To: References: <70B8EF19-C76C-4452-B2BF-EFB07021BFEC@tucows.com> <2910005D-1467-412A-A603-B3F876ECB038@iki.fi> Message-ID: On 2013-08-02, at 12:05 PM, Timo Sirainen wrote: > On 2.8.2013, at 18.56, Richard Platel wrote: > >> On 2013-08-02, at 11:34 AM, Timo Sirainen wrote: >> >>> On 2.8.2013, at 18.15, Richard Platel wrote: >>> >>>> We pass custom quota rules for each user in our userdb, and use a custom dict proxy program, so that program could read the file and pass a setting at log in time too (if, for example, there was a setting that said "offset the user's quota usage by X amount") >>> >>> That I think would work. >>> >> >> That's future development though? No such setting exists now? > > I'm not exactly sure what you thought of, but my idea was simply that you'd add your own dict proxy in the middle which hooks into the GET command, and increases its value by reading the filestoresize. You can already do that by pointing to a UNIX socket different from the normal dict server socket, similar as in http://wiki2.dovecot.org/AuthDatabase/Dict > If, for example, the user has 2GB quota, and 750MB of mail, and 500MB of files, we'd like the mail client to show that the user has 2GB quota, and 1.25GB used, .75GB free. I see how via the dict userdb proxy I could reduce the user's quota allowance by the filestorage amount: quota_rule=*:storage=, and the client would show the correct free amount, but not the correct total or used amount. Is this what you mean, or is there some other setting or some other dict proxy entirely that I'm missing? From rs at sys4.de Fri Aug 2 19:24:53 2013 From: rs at sys4.de (Robert Schetterer) Date: Fri, 02 Aug 2013 18:24:53 +0200 Subject: [Dovecot] dsync backup mails compressed In-Reply-To: <779ECC63-988C-41B6-BAF0-FDC2C96080E0@iki.fi> References: <51EB7568.1@sys4.de> <779ECC63-988C-41B6-BAF0-FDC2C96080E0@iki.fi> Message-ID: <51FBDD55.5030005@sys4.de> Am 02.08.2013 15:00, schrieb Timo Sirainen: > On 21.7.2013, at 8.45, Robert Schetterer wrote: > >> Hi Timo , looks like if zlib plugin is enabled >> all backupmails ( Maildir ) getting compressed >> >> i tested this >> >> dsync -o plugin/acl= -o plugin/quota= -u user at beispiel.de backup >> maildir://nfs-backup-data/user at beispiel.de >> >> adding >> >> -o plugin/zlib= >> >> didnt help > > There is no plugin { zlib } setting, but zlib_save. So you'd use -o plugin/zlib_save= > ahh..., thx i will try Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From tss at iki.fi Fri Aug 2 19:28:16 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 Aug 2013 19:28:16 +0300 Subject: [Dovecot] Custom quota setup In-Reply-To: References: <70B8EF19-C76C-4452-B2BF-EFB07021BFEC@tucows.com> <2910005D-1467-412A-A603-B3F876ECB038@iki.fi> Message-ID: <70E93130-353E-498E-AB42-6DC1A860D53F@iki.fi> On 2.8.2013, at 19.18, Richard Platel wrote: >> I'm not exactly sure what you thought of, but my idea was simply that you'd add your own dict proxy in the middle which hooks into the GET command, and increases its value by reading the filestoresize. You can already do that by pointing to a UNIX socket different from the normal dict server socket, similar as in http://wiki2.dovecot.org/AuthDatabase/Dict > > If, for example, the user has 2GB quota, and 750MB of mail, and 500MB of files, we'd like the mail client to show that the user has 2GB quota, and 1.25GB used, .75GB free. > > I see how via the dict userdb proxy I could reduce the user's quota allowance by the filestorage amount: > quota_rule=*:storage=, > and the client would show the correct free amount, but not the correct total or used amount. > > Is this what you mean, or is there some other setting or some other dict proxy entirely that I'm missing? I didn't mean userdb dict proxy. I meant you'd use dict backend for calculating quota instead of Maildir++. http://wiki2.dovecot.org/Quota/Dict So for example you could still keep using the file based quota and first step would be to configure: plugin { quota = dict:User quota::file:%h/Maildir/dovecot-quota } Next I thought you could have configured dict proxy to access the file, but %h or ~/ don't actually work there.. So you'd probably have to implement the whole file access via your dict server: plugin { quota = dict:User quota::proxy:/var/run/dovecot/tucows-quota:quota } Then you'd have a process listening on tucows-quota UNIX socket that handles the get/set/unset/atomic-inc dict commands. Or alternatively implement a new dict backend as a Dovecot plugin that does the same thing: plugin { quota = dict:User quota::proxy::quota } dict { quota = tucowsquota: } From julius_ahenobarbus at yahoo.co.uk Fri Aug 2 19:36:44 2013 From: julius_ahenobarbus at yahoo.co.uk (ray klassen) Date: Fri, 2 Aug 2013 17:36:44 +0100 (BST) Subject: [Dovecot] system_groups_user syntax especially in LDAP Message-ID: <1375461404.34592.YahooMailNeo@web133002.mail.ir2.yahoo.com> so if possible, I'd like an example of how to include system_groups_user in the userdb setup. I'm using ldap, but I could revert to using pam on ldap. There is a ldap query (gleaned from smbldap-tools) that will return a list of groups for a user (&(objectclass=posixGroup)(memberuid=%u)) but I don't know if the ldap driver will handle it but above all I can't figure out how it fits into the dovecot configuration! I'm trying to get Dovecot 2.1.7 on debian wheezy to recognize shared folders that have group ownership. From asai at globalchangemusic.org Fri Aug 2 19:50:42 2013 From: asai at globalchangemusic.org (Asai) Date: Fri, 02 Aug 2013 09:50:42 -0700 Subject: [Dovecot] Lowering Log Levels Back to Defaults In-Reply-To: <1375446252.31867.13.camel@innu.dovecot.net> References: <51F92B62.8050703@globalchangemusic.org> <1375446252.31867.13.camel@innu.dovecot.net> Message-ID: <51FBE362.2020903@globalchangemusic.org> Thank you for that simple answer. --Asai On 8/2/13 5:24 AM, Timo Sirainen wrote: > On Wed, 2013-07-31 at 08:21 -0700, Asai wrote: >> Greetings, >> >> I'm sorry for asking what may be a really obvious question, but I'm >> having a hard time turning off logging, or at least getting less verbose >> logging. My dsync logs are about 7 MB daily, and I'm trying to get that >> switched off. At one point I had it on a lower level of verbosity, and >> I turned it up for debugging purposes, but now I cannot seem to turn it >> back down, which is something I did many times before. For example the >> logs are getting tons of Info level messages. >> >> dsync(asai at globalchangemusic.org): Info: expunge: box=Trash, uid=61625, msgid=, size=9586 > Disable mail_log plugin. > > From kremels at kreme.com Fri Aug 2 20:57:06 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 2 Aug 2013 11:57:06 -0600 Subject: [Dovecot] ./configure dovecot In-Reply-To: <20130802075205.51506c9e@scorpio> References: <9C453D73-A794-4066-A561-04F07296FD82@kreme.com> <20130802075205.51506c9e@scorpio> Message-ID: On 02 Aug 2013, at 05:52 , Jerry wrote: > What OS and version are you attempting this on? FreeBSD 6.3-RELEASE -- Gehm's Corollary to Clarke's law: Any technology distinguishable from magic is insufficiently advanced. From julius_ahenobarbus at yahoo.co.uk Fri Aug 2 23:14:33 2013 From: julius_ahenobarbus at yahoo.co.uk (ray klassen) Date: Fri, 2 Aug 2013 21:14:33 +0100 (BST) Subject: [Dovecot] system_groups_user syntax especially in LDAP In-Reply-To: <1375461404.34592.YahooMailNeo@web133002.mail.ir2.yahoo.com> References: <1375461404.34592.YahooMailNeo@web133002.mail.ir2.yahoo.com> Message-ID: <1375474473.74708.YahooMailNeo@web133001.mail.ir2.yahoo.com> ________________________________ To answer my own question: I completely misunderstood the purpose of the system_groups_user variable. I thought it would return a list of groups the user belongs to dovecot on login. Instead I find it's simply the user for whom dovecot will query group membership on demand. Seems a bit crazy not to default that value to the logged in user. Maybe someone will tell me why that is not the case. At any rate setting that value for an ldap set up in debian wheezy is actually fairly easy after all I added uid=system_groups_user to the user_attrs variable in /etc/dovecot/dovecot-ldap.conf.ext. Like so. user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid,uid=system_groups_user From: ray klassen To: "dovecot at dovecot.org" Sent: Friday, 2 August 2013, 9:36 Subject: [Dovecot] system_groups_user syntax especially in LDAP so if possible, I'd like an example of how to include system_groups_user in the userdb setup. I'm using ldap, but I could revert to using pam on ldap. There is a ldap query (gleaned from smbldap-tools) that will return a list of groups for a user (&(objectclass=posixGroup)(memberuid=%u)) but I don't know if the ldap driver will handle it but above all I can't figure out how it fits into the dovecot configuration! I'm trying to get Dovecot 2.1.7 on debian wheezy to recognize shared folders that have group ownership. From bra at fsn.hu Fri Aug 2 23:32:00 2013 From: bra at fsn.hu (Attila Nagy) Date: Fri, 02 Aug 2013 22:32:00 +0200 Subject: [Dovecot] Passing data safely in password_key? In-Reply-To: <1375446762.31867.20.camel@innu.dovecot.net> References: <51F50542.9080103@fsn.hu> <51F61818.8010500@fsn.hu> <1375446762.31867.20.camel@innu.dovecot.net> Message-ID: <51FC1740.8000303@fsn.hu> On 08/02/2013 02:32 PM, Timo Sirainen wrote: > On Mon, 2013-07-29 at 09:22 +0200, Attila Nagy wrote: >> On 07/28/13 13:49, Attila Nagy wrote: >>> Hi, >>> >>> I would like to convert my custom POP/IMAP proxy to Dovecot's. In this >>> proxy I do more than giving back user name, password and the host and >>> I need extra information. >>> Luckily all of them are available as variables, but more than one >>> comes as user input (like user name and cleartext password) and I'm >>> not sure how to pass them safely. >>> Obviously I would need a separator, which is guaranteed not to show up >>> either in user name and the cleartext password. >>> Should I use escape (%E) here, or is there a better way? >>> >> Just for the record, this is what I use currently: >> password_key = dovecot/passdb^MAuth-User: %u^MAuth-Pass: >> %w^MAuth-Protocol: %s^M >> Client-IP: %r^M > I have no idea what you're talking about. What is password_key? The > password that is being sent to the backend IMAP/POP3 server? > > RTFM? ;) http://wiki2.dovecot.org/AuthDatabase/Dict?highlight=%28password_key%29 From jerry at seibercom.net Sat Aug 3 01:02:39 2013 From: jerry at seibercom.net (Jerry) Date: Fri, 2 Aug 2013 18:02:39 -0400 Subject: [Dovecot] ./configure dovecot In-Reply-To: References: <9C453D73-A794-4066-A561-04F07296FD82@kreme.com> <20130802075205.51506c9e@scorpio> Message-ID: <20130802180239.051977f1@scorpio> On Fri, 2 Aug 2013 11:57:06 -0600 LuKreme articulated: > FreeBSD 6.3-RELEASE 1) That version is not even supported anymore. 2) Did you try to install Dovecot via the ports system? -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From stan at hardwarefreak.com Sat Aug 3 03:34:24 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 02 Aug 2013 19:34:24 -0500 Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <1375436081.50075.YahooMailNeo@web28905.mail.ir2.yahoo.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB79DC.9080402@hardwarefreak.com> <1375436081.50075.YahooMailNeo@web28905.mail.ir2.yahoo.com> Message-ID: <51FC5010.7050900@hardwarefreak.com> On 8/2/2013 4:34 AM, Nigel Smith wrote: >> Unfortunately you failed to provide 'dovecot -n' output which makes >> assisting you much more difficult. Providing this is standard operating >> procedure. > Sorry, but ....What on earth are you on about ? > > From the man page " -n Dump non-default settings to stdout and exit successfully. The same as doveconf -n." > > From the ***TOP*** of my original email : > > Dovecot : 2.0.19 (see config at http://pastebin.com/raw.php?i=KMaQ9Ccc) > Postfix : 2.9.6 (see config at http://pastebin.com/raw.php?i=EEeevHfk) > The configs are right there.... for both postifx and dovecot. I was being courteous by posting them on pastebin instead of pasting them into an email which would become clutterd with lines of config ! My apologies Nigel. I completely missed the links. I guess I'm so used to seeing configs inline that I skimmed over those links. My visual acuity problems aside, for future reference it's usually better to inline config output so folks can highlight problems and point out exactly where corrections need to be made. In this particular case it wouldn't be necessary to include postconf -n output though. -- Stan From kremels at kreme.com Sat Aug 3 06:45:33 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 2 Aug 2013 21:45:33 -0600 Subject: [Dovecot] ./configure dovecot In-Reply-To: <20130802180239.051977f1@scorpio> References: <9C453D73-A794-4066-A561-04F07296FD82@kreme.com> <20130802075205.51506c9e@scorpio> <20130802180239.051977f1@scorpio> Message-ID: <8CB00173-717B-4B8E-A97D-1F066AB208F1@kreme.com> On 02 Aug 2013, at 16:02 , Jerry wrote: > On Fri, 2 Aug 2013 11:57:06 -0600 > LuKreme articulated: > >> FreeBSD 6.3-RELEASE > > 1) That version is not even supported anymore. True, but it is what it is, and it was supported when 1.2.17 was current. > 2) Did you try to install Dovecot via the ports system? That is how it was originally installed, I believe (there is a dovecot binary of 1.2.17 installed, but seems to be missing many other needed files). I am trying to get permission to move the server to at least FreeBSD8, but I've been trying to get that for ... years. -- "There will always be women in rubber flirting with me." From jerry at seibercom.net Sat Aug 3 08:50:00 2013 From: jerry at seibercom.net (Jerry) Date: Sat, 3 Aug 2013 01:50:00 -0400 Subject: [Dovecot] ./configure dovecot In-Reply-To: <8CB00173-717B-4B8E-A97D-1F066AB208F1@kreme.com> References: <9C453D73-A794-4066-A561-04F07296FD82@kreme.com> <20130802075205.51506c9e@scorpio> <20130802180239.051977f1@scorpio> <8CB00173-717B-4B8E-A97D-1F066AB208F1@kreme.com> Message-ID: <20130803015000.2019a739@scorpio> On Fri, 2 Aug 2013 21:45:33 -0600 LuKreme articulated: > > On 02 Aug 2013, at 16:02 , Jerry wrote: > > > On Fri, 2 Aug 2013 11:57:06 -0600 > > LuKreme articulated: > > > >> FreeBSD 6.3-RELEASE > > > > 1) That version is not even supported anymore. > > True, but it is what it is, and it was supported when 1.2.17 was > current. > > > 2) Did you try to install Dovecot via the ports system? > > That is how it was originally installed, I believe (there is a > dovecot binary of 1.2.17 installed, but seems to be missing many > other needed files). > > I am trying to get permission to move the server to at least > FreeBSD8, but I've been trying to get that for ... years. Both dovecot-1.2.17 and dovecot-2.2.4 are available in the ports. If you feel something is wrong with the version you have installed, and you have not demonstrated that yet, simply do a deinstall & reinstall of the port or use a port management program to force a reinstall of the port. -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From felixrubiodalmau at gmail.com Sat Aug 3 10:56:39 2013 From: felixrubiodalmau at gmail.com (Felix Rubio Dalmau) Date: Sat, 03 Aug 2013 09:56:39 +0200 Subject: [Dovecot] problems with expire plugin Message-ID: <1617119.BhFMf2OcFb@jarvis> Hi all, I'm experiencing problems to set-up the expire plugin in dovecot. This is the relevant part of my dovecot configuration dict { expire = mysql:/etc/dovecot/dovecot-dict-expire.conf.ext } plugin { expire = Trash 15 Junk 15 expire_dict = proxy::expire } protocol imap { mail_plugins = quota zlib expire imap_quota } File dovecot-dict-expire.conf.ext looks like: connect = host=127.0.0.1 dbname=virtual_email user= password= map { pattern = shared/expire/$user/$mailbox table = virtual_expires value_field = expire_stamp fields { username = $user mailbox = $mailbox } } and the mysql schema for table virtual_expires is: +--------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------------+------+-----+---------+-------+ | username | varchar(75) | NO | PRI | NULL | | | mailbox | varchar(255) | NO | PRI | NULL | | | expire_stamp | int(11) | NO | | NULL | | +--------------+--------------+------+-----+---------+-------+ However, when I delete any mail from the Inbox, the table is not updated, and there are no messages in the log, although mail_debug is set to "yes" Does anybody has any idea on how to solve this issue? Regards! Felix From wildfire at progsoc.org Sat Aug 3 13:28:07 2013 From: wildfire at progsoc.org (Anand Kumria) Date: Sat, 3 Aug 2013 11:28:07 +0100 Subject: [Dovecot] sync re-copies emails assigning new UIDs Message-ID: Hi, I have been (attempting) to transition a company from in-house dovecot 1.x to a hosted dovecot 2.2 setup. I am running the doveadm sync command, and for the four mailboxes have been blocked -- sync'ing seem to be copying the same mails, over and over (note, initially I was using doveadm backup but my reading has indicated that 'doveadm sync' is better) Example: # date && doveadm -v -o imapc_user=kaye at example.com -o imapc_password=*pass* -o imapc_host=imap.example.com -o imapc_port=993 -o imapc_ssl=imaps -o imap c_ssl_dir=/etc/ssl -o imapc_feature=rfc822.size -o imapc_ssl_verify=no sync -1 -R -u kaye at example.com imapc: Sat Aug 3 09:05:37 UTC 2013 [...] dsync(kaye at example.com): Info: copy from INBOX: box=INBOX, uid=5306, msgid=, size=13544 dsync(kaye at example.com): Info: copy from INBOX: box=INBOX, uid=5307, msgid=<006b01ce8dad$b8864930$2992db90$@com.au>, size=10163563 [...] dsync(kaye at example.com): Info: copy from INBOX: box=INBOX, uid=5311, msgid=< cm.083930.bijjdjk.jdkimlhij.r at createsend5.com>, size=46658 [...] # date && doveadm -v -o imapc_user=kaye at example.com -o imapc_password=*pass* -o imapc_host=imap.example.com -o imapc_port=993 -o imapc_ssl=imaps -o imapc_ssl_dir=/etc/ssl -o imapc_feature=rfc822.size -o imapc_ssl_verify=no sync -1 -R -u kaye at example.com imapc: Sat Aug 3 10:01:48 UTC 2013 [...] dsync(kaye at kamdha.com): Info: copy from INBOX: box=INBOX, uid=5324, msgid=, size=13544 dsync(kaye at kamdha.com): Info: copy from INBOX: box=INBOX, uid=5325, msgid=<006b01ce8dad$b8864930$2992db90$@com.au>, size=10163563 [...] dsync(kaye at kamdha.com): Info: copy from INBOX: box=INBOX, uid=5329, msgid=< cm.083930.bijjdjk.jdkimlhij.r at createsend5.com>, size=46658 [...] The exact same number of emails (some in the INBOX, some in the Sent folder) are transferred each time. In this case, I've firewalled the origin - so their entire mail system is stopped whilst I do the transfer just in case modifications of IMAP flags or additional delivieres might have been the problem. I am using Dovecot v2.2.4; is this normal expected behaviour? If so, what is the best way to ensure that a migration is done without data loss. If this isn't expected, has anyone else seen this kind of error before? Thanks, Anand From listserv at xtlv.cn Sat Aug 3 14:21:04 2013 From: listserv at xtlv.cn (listserv) Date: Sat, 03 Aug 2013 13:21:04 +0200 Subject: [Dovecot] problems with doveadm Message-ID: <51FCE7A0.8080107@xtlv.cn> Hello, since few weeks i have problems with the command: doveadm expunge -A mailbox Trash savedbefore 7d => kernel: doveadm[11609]: segfault at 10 ip b75f146a sp bf856ad0 error 4 in libdovecot.so.0.0.0[b7585000+c8000] but for a single user it's works fine: doveadm expunge -u test at vtlx.de mailbox Trash savedbefore 30h I hope there is a solution for this. with regards Mario -- ??????? From listserv at xtlv.cn Sat Aug 3 14:25:08 2013 From: listserv at xtlv.cn (listserv) Date: Sat, 03 Aug 2013 13:25:08 +0200 Subject: [Dovecot] problems with doveadm Message-ID: <51FCE894.7000007@xtlv.cn> Hello, since few weeks i have problems with the command: doveadm expunge -A mailbox Trash savedbefore 7d => kernel: doveadm[11609]: segfault at 10 ip b75f146a sp bf856ad0 error 4 in libdovecot.so.0.0.0[b7585000+c8000] but for a single user it's works fine: doveadm expunge -u test at vtlx.de mailbox Trash savedbefore 30h doveconf -n # 2.2.4 (f16816a69130): /etc/dovecot/dovecot.conf # OS: Linux 3.2.45.stk32 i686 Debian jessie/sid ext3 I hope there is a solution for this. with regards Mario -- ??????? From jerry at seibercom.net Sat Aug 3 17:12:27 2013 From: jerry at seibercom.net (Jerry) Date: Sat, 3 Aug 2013 10:12:27 -0400 Subject: [Dovecot] ./configure dovecot In-Reply-To: <8CB00173-717B-4B8E-A97D-1F066AB208F1@kreme.com> References: <9C453D73-A794-4066-A561-04F07296FD82@kreme.com> <20130802075205.51506c9e@scorpio> <20130802180239.051977f1@scorpio> <8CB00173-717B-4B8E-A97D-1F066AB208F1@kreme.com> Message-ID: <20130803101227.460093de@scorpio> On Fri, 2 Aug 2013 21:45:33 -0600 LuKreme articulated: > I am trying to get permission to move the server to at least > FreeBSD8, but I've been trying to get that for ... years. 8.x is okay, but 9.x sucks. I would wait until the 10.x version is released. By that time they should have gotten the "clang" problems ironed out as well as those pesky "package" problems. I am still on 8.3 myself. In any case, I would strongly recommend that you do a fresh install. Format the disk and start over. I hear horror stories about left over crap from a previous installation that causes massive headaches. Besides, it gives you a good excuse to update your applications, like Dovecot. Just my 2? -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From gb10hkzo-dovecot at yahoo.co.uk Sat Aug 3 18:55:42 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Sat, 3 Aug 2013 16:55:42 +0100 (BST) Subject: [Dovecot] Mail being delivered but MUA showing empty inbox In-Reply-To: <51FC5010.7050900@hardwarefreak.com> References: <1375430831.89819.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB6C16.2010205@hardwarefreak.com> <1375431910.96159.YahooMailNeo@web28904.mail.ir2.yahoo.com> <51FB79DC.9080402@hardwarefreak.com> <1375436081.50075.YahooMailNeo@web28905.mail.ir2.yahoo.com> <51FC5010.7050900@hardwarefreak.com> Message-ID: <1375545342.21134.YahooMailNeo@web28905.mail.ir2.yahoo.com> All's well that ends well Stan ! I've learnt how the list prefers its config specimens to be displayed, and the list has solved my original problem.? I've even managed to get Sieve and SOLR working without any issues whatsoever. ?;-) Guess that makes me a happy bunny so far. ?Now I guess I need to transfer a few live accounts to the box and see if I can break it ! All the best. From kremels at kreme.com Sat Aug 3 19:19:36 2013 From: kremels at kreme.com (LuKreme) Date: Sat, 3 Aug 2013 10:19:36 -0600 Subject: [Dovecot] ./configure dovecot In-Reply-To: <20130803015000.2019a739@scorpio> References: <9C453D73-A794-4066-A561-04F07296FD82@kreme.com> <20130802075205.51506c9e@scorpio> <20130802180239.051977f1@scorpio> <8CB00173-717B-4B8E-A97D-1F066AB208F1@kreme.com> <20130803015000.2019a739@scorpio> Message-ID: On 02 Aug 2013, at 23:50 , Jerry wrote: > If > you feel something is wrong with the version you have installed, and > you have not demonstrated that yet, From reading on how to setup dovecot with postfix there should be a /etc/dovecot/conf.d/ or /usr/local/etc/dovecot/conf.d/ folder with 10-auth.conf and 10-master.conf files. It appears to be missing. > simply do a deinstall & reinstall of the port or use a port management program to force a reinstall of the port. Yes, if I could do that I would have. -- YOU [humans] NEED TO BELIEVE IN THINGS THAT AREN'T TRUE. HOW ELSE CAN THEY BECOME? --Hogfather From kremels at kreme.com Sat Aug 3 19:24:23 2013 From: kremels at kreme.com (LuKreme) Date: Sat, 3 Aug 2013 10:24:23 -0600 Subject: [Dovecot] ./configure dovecot In-Reply-To: <20130803101227.460093de@scorpio> References: <9C453D73-A794-4066-A561-04F07296FD82@kreme.com> <20130802075205.51506c9e@scorpio> <20130802180239.051977f1@scorpio> <8CB00173-717B-4B8E-A97D-1F066AB208F1@kreme.com> <20130803101227.460093de@scorpio> Message-ID: On 03 Aug 2013, at 08:12 , Jerry wrote: > 8.x is okay, but 9.x sucks. Much like Windows, it seems best to avoid the alternate numbered versions, although for windows you want the ODD and for FreeBSD you want the even. I don't recall anyone singing the praises for FreeBSD 7. :) -- When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is probably wrong. From jerry at seibercom.net Sat Aug 3 20:14:22 2013 From: jerry at seibercom.net (Jerry) Date: Sat, 3 Aug 2013 13:14:22 -0400 Subject: [Dovecot] ./configure dovecot In-Reply-To: References: <9C453D73-A794-4066-A561-04F07296FD82@kreme.com> <20130802075205.51506c9e@scorpio> <20130802180239.051977f1@scorpio> <8CB00173-717B-4B8E-A97D-1F066AB208F1@kreme.com> <20130803015000.2019a739@scorpio> Message-ID: <20130803131422.0d2bc70a@scorpio> On Sat, 3 Aug 2013 10:19:36 -0600 LuKreme articulated: > > On 02 Aug 2013, at 23:50 , Jerry wrote: > > > If > > you feel something is wrong with the version you have installed, and > > you have not demonstrated that yet, > > From reading on how to setup dovecot with postfix there should be > a /etc/dovecot/conf.d/ or /usr/local/etc/dovecot/conf.d/ folder with > 10-auth.conf and 10-master.conf files. It appears to be missing. I many be wrong; however, I believe that is only for 2.x versions of Dovecot. You are on version 1.x I believe. > > simply do a deinstall & reinstall of the port or use a port > > management program to force a reinstall of the port. > > Yes, if I could do that I would have. Something like: "portupgrade -Cfev mail/dovecot" should do it. You could eliminate the "C" flag if you are sure everything is configured correctly. I would insure that you have updated your ports list and updated your other programs first thought. -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From tss at iki.fi Sun Aug 4 16:06:57 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 4 Aug 2013 16:06:57 +0300 Subject: [Dovecot] problems with doveadm In-Reply-To: <51FCE894.7000007@xtlv.cn> References: <51FCE894.7000007@xtlv.cn> Message-ID: <2B2E5A69-2E5D-4978-A277-8FB23F1FD36E@iki.fi> On 3.8.2013, at 14.25, listserv wrote: > doveadm expunge -A mailbox Trash savedbefore 7d > => kernel: doveadm[11609]: segfault at 10 ip b75f146a sp bf856ad0 error 4 in > libdovecot.so.0.0.0[b7585000+c8000] gdb backtrace would be useful, for example: gdb --args doveadm expunge -A mailbox Trash savedbefore 7d run bt full From tss at iki.fi Sun Aug 4 18:39:44 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 4 Aug 2013 18:39:44 +0300 Subject: [Dovecot] script to test CATENATE In-Reply-To: <2FE70D92-8C50-4D9F-BBAF-387995E714CE@apple.com> References: <2FE70D92-8C50-4D9F-BBAF-387995E714CE@apple.com> Message-ID: On 23.7.2013, at 1.17, Mike Abbott wrote: > Attached please find a perl script which tests the CATENATE support in dovecot. I used this to test my CATENATE implementation a few years ago and it runs fine against dovecot in OS X Server. When run against dovecot-2.2.4 though it always fails or hangs, which in some cases means we interpreted RFCs differently and in other cases means it's finding bugs; both conditions are worthy of scrutiny. (It's random-number driven so every run is different.) A couple months ago I reported a few simple bugs which this script found and you fixed them; thanks. Then it started finding problems for which it's harder to isolate simple reproducible test cases. Vacations and other work interceded but now Apple is pleased to give you the script itself to allow you to iterate faster. Thanks. I finally tested this and fixed various bugs: http://hg.dovecot.org/dovecot-2.2/rev/3c2e1879fdf6 There is still one difference between what the script expects and what Dovecot does: x append inbox catenate (url ;invalid; url {5} Dovecot replies with "+ OK" because it wants to read all the URLs into memory before parsing them, while catenate.pl expects an error message immediately. It doesn't look like this could be easily changed in Dovecot. From CMarcus at Media-Brokers.com Sun Aug 4 23:53:02 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sun, 04 Aug 2013 16:53:02 -0400 Subject: [Dovecot] Maildir Synchronization warnings In-Reply-To: <1375446086.2193.YahooMailNeo@web193505.mail.sg3.yahoo.com> References: <1375432616.60451.YahooMailNeo@web193504.mail.sg3.yahoo.com> <51FB8D8B.70803@Media-Brokers.com> <1375446086.2193.YahooMailNeo@web193505.mail.sg3.yahoo.com> Message-ID: <51FEBF2E.7000401@Media-Brokers.com> On 8/2/2013 8:21 AM, Kavish Karkera wrote: > Sorry Charles, it was posted twice unintentionally (becuase of network issue). No worries... now, please don't top-post... ;) > We have 2 pop/imap servers running with director. > > Dovecot version = 2.1.12 > Dovecot version = 2.1.13 Very first thing on your troubleshooting ToDo list should always be to make sure you are using the latest version of whichever series you decide to run. So, you should upgrade to 2.1.17 > Output of doveconf -n > > > # 2.1.12: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-279.19.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) If you aren't willing to do that for political reasons (ie, phbfh) to do with the distro you are using, then your first line of support should be that distro's support service, because they may or may not have incorporated certain bug fixes in the older version... > default_client_limit = 50000 > default_vsz_limit = 1 G > disable_plaintext_auth = no > doveadm_proxy_port = 24245 > first_valid_uid = 99 > last_valid_gid = 99 > listen = * > mail_fsync = always > mail_location = maildir:~/Maildir:INDEX=/indexes/%h:CONTROL=/indexes/%h > mail_nfs_index = yes > mail_nfs_storage = yes > mail_plugins = quota > mmap_disable = yes > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > quota = maildir:storage=1024 > quota_rule = *:storage=1024 > } > service auth { > client_limit = 50000 > unix_listener auth-userdb { > group = nobody > mode = 0666 > user = nobody > } > } > service doveadm { > inet_listener { > port = 24245 > } > } > service imap-login { > process_min_avail = 8 > service_count = 0 > vsz_limit = 1 G > } > service imap { > process_limit = 4096 > service_count = 0 > vsz_limit = 1 G > } > service pop3-login { > process_min_avail = 8 > service_count = 0 > vsz_limit = 1 G > } > service pop3 { > process_min_avail = 8 > service_count = 0 > vsz_limit = 1 G > } > ssl_cert = ssl_key = syslog_facility = local0 > userdb { > driver = prefetch > } > protocol doveadm { > auth_socket_path = director-userdb > } > protocol imap { > imap_logout_format = bytes=%i/%o > mail_max_userip_connections = 15000 > mail_plugins = quota imap_quota > } > protocol pop3 { > mail_max_userip_connections = 2048 > mail_plugins = quota > pop3_client_workarounds = outlook-no-nuls > pop3_lock_session = yes > pop3_no_flag_updates = yes > pop3_uidl_format = %08Xu%08Xv > } From skdovecot at smail.inf.fh-brs.de Mon Aug 5 09:20:38 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 5 Aug 2013 08:20:38 +0200 (CEST) Subject: [Dovecot] problems with expire plugin In-Reply-To: <1617119.BhFMf2OcFb@jarvis> References: <1617119.BhFMf2OcFb@jarvis> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 3 Aug 2013, Felix Rubio Dalmau wrote: > I'm experiencing problems to set-up the expire plugin in dovecot. This is the relevant part of my dovecot configuration Well, one "relevant" part is missing: your Dovecot version. Therefore you should always post the dovecot -n output. > plugin { > expire = Trash 15 Junk 15 This is a setting for Dovecot v1. Are you using Dovecot v2? Then see http://wiki2.dovecot.org/Plugins/Expire. Regards, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUf9ENl3r2wJMiz2NAQI/hAf5AQpkY7T/vmHbL/5FN6nyFC7yz8AJk4ta zxXTKC+GNisuwym9n6PVWXVxuQErQ4616U7xP241tZlbJSs9gJnhV9hvuV1SCKY1 uA2c5+u62H5ejKo3RPsqWeidmjopZ/UyQfO1wvbCl10KhT/UsC78yxInGCwHXnoR Dihmb3JCMRZbTrCpApLLmG+T2ouyd88YPW5WFdVstVLXvmCnCE3XPXwhZqk9QebV oEFPNeMgjmEA9ya8PhCB1EVtDtdz1BTpk1MOJlQwlv4vc1C0dNNKPA384Tjen8d7 bEywZfIPsyLa9lEB5CQl2Z0EFuXrLraC6VlMvdYbCbnolsfFNp0miA== =TA9E -----END PGP SIGNATURE----- From felixrubiodalmau at gmail.com Mon Aug 5 09:26:34 2013 From: felixrubiodalmau at gmail.com (Felix Rubio Dalmau) Date: Mon, 05 Aug 2013 08:26:34 +0200 Subject: [Dovecot] problems with expire plugin In-Reply-To: References: <1617119.BhFMf2OcFb@jarvis> Message-ID: <4738496.eUCU5oY30z@jarvis> Sorry, Steffen. My version of dovecot is # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.9.4-15 x86_64 Debian jessie/sid ext4 Sorry for the mistake. Regards, Felix On Monday 05 August 2013 08:20:38 Steffen Kaiser wrote: > On Sat, 3 Aug 2013, Felix Rubio Dalmau wrote: > > > I'm experiencing problems to set-up the expire plugin in dovecot. This is the relevant part of my dovecot configuration > > Well, one "relevant" part is missing: your Dovecot version. > Therefore you should always post the dovecot -n output. > > > plugin { > > expire = Trash 15 Junk 15 > > This is a setting for Dovecot v1. Are you using Dovecot v2? Then see > http://wiki2.dovecot.org/Plugins/Expire. > > Regards, > > -- > Steffen Kaiser > From martin.bg at web.de Mon Aug 5 10:36:44 2013 From: martin.bg at web.de (Martin Burgraf) Date: Mon, 5 Aug 2013 09:36:44 +0200 (CEST) Subject: [Dovecot] =?utf-8?q?Fileoperations_in_Maildir_=E2=80=93_problemat?= =?utf-8?q?ic_or_okay=3F?= Message-ID: Hi, I'm wondering: Is it a problem to move and delete files inside a dovecot-managed maildir? For example: I have a folder ~/.maildir/.Sub1.Start/cur and a folder ~/.maildir/.Sub1.Start.old/cur and like to regularly move old mails from the first to the second one. Can you create a cron job saying something like: find ~/.maildir/.Sub1.Start/cur -mtime +5 -exec mv {} ~/.maildir/.Sub1.Start.old/cur \; ? I guess this would be some sort of problem, wouldn't it? IIRC dovecot keeps indexes of the files inside a folder and moving them around like this may confuse the software, am I right? bye Martin From skdovecot at smail.inf.fh-brs.de Mon Aug 5 11:26:00 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 5 Aug 2013 10:26:00 +0200 (CEST) Subject: [Dovecot] =?utf-8?q?Fileoperations_in_Maildir_=E2=80=93_problemat?= =?utf-8?q?ic_or_okay=3F?= In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 5 Aug 2013, Martin Burgraf wrote: > I'm wondering: Is it a problem to move and delete files inside a dovecot-managed maildir? > > For example: > I have a folder ~/.maildir/.Sub1.Start/cur and a folder ~/.maildir/.Sub1.Start.old/cur > and like to regularly move old mails from the first to the second one. > Can you create a cron job saying something like: > find ~/.maildir/.Sub1.Start/cur -mtime +5 -exec mv {} ~/.maildir/.Sub1.Start.old/cur \; > ? > > I guess this would be some sort of problem, wouldn't it? No problem with it basically, if both directories are located at the same parition (under the same mountpoint), in order to use the "rename()" syscall. Dovecot (and Maildir spec) expects the permissions a.s.o. in place when a file is seen in a folder new or cur. Also mtime should not change. If you use keywords (labels, ...) they should be present in both folders, though. Look at the dovecot-keywords files, in it all relevant keywords must map to the same letter / digit. That also means: You cannot have more than 36 keywords per mailbox, because the others are storred in the index files only. I use something like this: find ..... -print0 | xargs -r0 mv -t target-dir Regards, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUf9hmF3r2wJMiz2NAQJR1gf+Pso1E//le1G+HiTbLWBCF3VZ8zl/bGNy xENVV85KjOT5N8MlV1OWCc+yw8ARXd3uywEaTvrt6QRag/DFMWX/+HxrypAZLIz9 Ap2MCDmCzNBD313DTBjvMliiMhg03ULcBpKlPS5O1sS0zK/Wibrx9EufsLIyfVyn 4l7DM1+jUznkTdcCY3uOffikz/qEB0pJa6uF6QkeegciBFDN69WEmTTni/PaMMYq BCR41rEBf9VGzRlleQjvI4yni9ss4uaU7NUKxUQhcAvAjk3w4yIyRkDm8xh0j+cW lbQvnd2f9pO6GUWb51+rYg5rSkSA1zaudOEVq6xUfyiHQ9kJoTPVhg== =OAy1 -----END PGP SIGNATURE----- From alpotr at gmail.com Mon Aug 5 10:44:06 2013 From: alpotr at gmail.com (alfdc) Date: Mon, 5 Aug 2013 00:44:06 -0700 (PDT) Subject: [Dovecot] How to configure sendmail using dovecot lmtp Message-ID: <1375688646950-43648.post@n4.nabble.com> Hi, I can't seems to find any posting on how to configure sendmail to use dovecot as lmtp. All I see is using it as LDA. I am particularly interested on how to tell sendmail to ask dovecot to deliver the message to the user. In the wiki for lda it says to add the following in the sendmail config: FEATURE(`local_procmail', `/usr/local/libexec/dovecot/deliver',`/usr/local/libexec/dovecot/deliver -d $u') MODIFY_MAILER_FLAGS(`LOCAL', `-f') MAILER(procmail) Is this the same for lmtp? If so how does it know when to use lda or lmtp? Beside, is procmail playing any role in any of these? Can the I just replace the whole thing as: FEATURE(`local_lmtp',`/usr/local/libexec/dovecot/deliver',`/usr/local/libexec/dovecot/deliver -d $u) MAILER(`local') Thanks. -- View this message in context: http://dovecot.2317879.n4.nabble.com/How-to-configure-sendmail-using-dovecot-lmtp-tp43648.html Sent from the Dovecot mailing list archive at Nabble.com. From felixrubiodalmau at gmail.com Mon Aug 5 11:34:23 2013 From: felixrubiodalmau at gmail.com (Felix Rubio Dalmau) Date: Mon, 05 Aug 2013 10:34:23 +0200 Subject: [Dovecot] problems with expire plugin In-Reply-To: References: <1617119.BhFMf2OcFb@jarvis> Message-ID: <9767738.tZspPeQ480@jarvis> Sorry, Steffen. My version of dovecot is # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.9.4-15 x86_64 Debian jessie/sid ext4 Additionally, I have corrected the plugin parameters as you suggested. Now looks like: plugin { expire = Trash expire2 = Trash/* expire3 = Junk expire4 = Junk/* expire_dict = proxy::expire } However, the table is not updated anyway :S Sorry for the mistake. Regards, Felix On Monday 05 August 2013 08:20:38 Steffen Kaiser wrote: > On Sat, 3 Aug 2013, Felix Rubio Dalmau wrote: > > > I'm experiencing problems to set-up the expire plugin in dovecot. This is the relevant part of my dovecot configuration > > Well, one "relevant" part is missing: your Dovecot version. > Therefore you should always post the dovecot -n output. > > > plugin { > > expire = Trash 15 Junk 15 > > This is a setting for Dovecot v1. Are you using Dovecot v2? Then see > http://wiki2.dovecot.org/Plugins/Expire. > > Regards, > > -- > Steffen Kaiser > From skdovecot at smail.inf.fh-brs.de Mon Aug 5 12:03:16 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 5 Aug 2013 11:03:16 +0200 (CEST) Subject: [Dovecot] How to configure sendmail using dovecot lmtp In-Reply-To: <1375688646950-43648.post@n4.nabble.com> References: <1375688646950-43648.post@n4.nabble.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 5 Aug 2013, alfdc wrote: > I can't seems to find any posting on how to configure sendmail to use > dovecot as lmtp. All I see is using it as LDA. I am particularly interested > on how to tell sendmail to ask dovecot to deliver the message to the user. > > In the wiki for lda it says to add the following in the sendmail config: > > FEATURE(`local_procmail', > `/usr/local/libexec/dovecot/deliver',`/usr/local/libexec/dovecot/deliver -d > $u') > MODIFY_MAILER_FLAGS(`LOCAL', `-f') > MAILER(procmail) > > Is this the same for lmtp? If so how does it know when to use lda or lmtp? > Beside, is procmail playing any role in any of these? Can the I just replace > the whole thing as: > > FEATURE(`local_lmtp',`/usr/local/libexec/dovecot/deliver',`/usr/local/libexec/dovecot/deliver > -d $u) > MAILER(`local') you are using system users, then you can use: FEATURE(`local_lmtp',`[IPC]',`FILE /var/run/dovecot2.2/lmtp')dnl - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUf9qVV3r2wJMiz2NAQIe5AgAgpyBIHxno6TZYcqxt4dVpvvKG0gIfedV ic98tm25zWBCsPA6flKDv5Wo7dCYEROsldA2iiTyBcUcKSwADtzbQwvFWCL52hiV FQ/K1P0/ibyCd7maMCj1qGVjBtDNp90YXl3CxMRf4hJJ3LnbdQv0EbxrRQxCOmJa XJu0o+QiAMG50ewYIAVXorp4sUUWIZyKLsgmvhIbGApwWlM8IgBc7EDpWwv4uTry xtn4f6IlEeV73eCuFET0mhjQx4AGf2sq2WRXAZhcSxqUi9qbZ6AgdQtHZL3h5BRR ltNi0wCo8caaJ2l5L6/c8gJRcIUjG7hBjYsL2hnfIPseykY0JxCduA== =DvTP -----END PGP SIGNATURE----- From dovecot at lists.wgwh.ch Mon Aug 5 12:21:02 2013 From: dovecot at lists.wgwh.ch (Oli Schacher) Date: Mon, 5 Aug 2013 11:21:02 +0200 Subject: [Dovecot] =?utf-8?q?Fileoperations_in_Maildir_=E2=80=93__problema?= =?utf-8?q?tic_or_okay=3F?= In-Reply-To: References: Message-ID: <20130805112102.30e97948@lists.wgwh.ch> On Mon, 5 Aug 2013 09:36:44 +0200 (CEST) "Martin Burgraf" wrote: > find ~/.maildir/.Sub1.Start/cur -mtime +5 -exec mv {} > ~/.maildir/.Sub1.Start.old/cur \; ? instead of using find / mv you could use dovecot's 'doveadm' command to search/move/expunge messages see: http://wiki2.dovecot.org/Tools/Doveadm http://wiki2.dovecot.org/Tools/Doveadm/Move -- message transmitted on 100% recycled electrons From AxelLuttgens at swing.be Mon Aug 5 13:08:40 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Mon, 5 Aug 2013 12:08:40 +0200 Subject: [Dovecot] problems with expire plugin In-Reply-To: <9767738.tZspPeQ480@jarvis> References: <1617119.BhFMf2OcFb@jarvis> <9767738.tZspPeQ480@jarvis> Message-ID: <8AC61E94-7805-409A-9BD2-6A12057F56EE@swing.be> Le 5 ao?t 2013 ? 10:34, Felix Rubio Dalmau a ?crit : > Sorry, Steffen. My version of dovecot is > > # 2.1.7: /etc/dovecot/dovecot.conf > # OS: Linux 3.9.4-15 x86_64 Debian jessie/sid ext4 > > Additionally, I have corrected the plugin parameters as you suggested. Now looks like: > > plugin { > expire = Trash > expire2 = Trash/* > expire3 = Junk > expire4 = Junk/* > expire_dict = proxy::expire > } > > However, the table is not updated anyway :S Hello Felix, Have you enabled the plugin globally (i.e. mail_plugins = expire ...)? Otherwise, please help us with the output of doveconf -n. ;-) Axel From andreas.jobs+dovecot at ruhr-uni-bochum.de Mon Aug 5 13:45:05 2013 From: andreas.jobs+dovecot at ruhr-uni-bochum.de (Andreas Jobs) Date: 5 Aug 2013 12:45:05 +0200 Subject: [Dovecot] Antispam folder names In-Reply-To: <20130801083102.GO32299@ruhr-uni-bochum.de> References: <20130801083102.GO32299@ruhr-uni-bochum.de> Message-ID: <20130805104505.GA24605@ruhr-uni-bochum.de> On Thu, Aug 01, 2013 at 10:31:02AM +0200, Jost Krieger wrote: > 1. We needed to fix UTF-8 handling in the plugin, so that we kow canb > say > > antispam_trash_pattern_ignorecase = gel?scht* > > in place of > > antispam_trash_pattern_ignorecase = gel&APY-scht* dovecot-antispam-utf8-logging.patch contains a patch for that (and adds some logging). The second patch (dovecot-antispam-configure.patch) fixes only a minor problem that I had with the configure script. --Andreas -- ! Andreas Jobs Network Operation Center ! ! Ruhr-Universitaet Bochum ! ! One Day I Will Find This Peer Guy and Then I Will Reset HIS Connection ! -------------- next part -------------- diff -r 5ebc6aae4d7c configure.ac --- a/configure.ac Mon Apr 29 14:59:26 2013 +0200 +++ b/configure.ac Mon Aug 05 11:24:45 2013 +0200 @@ -17,9 +17,11 @@ AC_CONFIG_HEADERS(config.h) DC_DOVECOT +CFLAGS="$DOVECOT_CFLAGS" +LIBS="$DOVECOT_LIBS" AC_MSG_CHECKING([for dovecot tree type]) -if test x$LIBDOVECOT_STORAGE_DEPS != x; then +if test x"$LIBDOVECOT_STORAGE_DEPS" != x""; then AC_MSG_RESULT([build]) AC_ERROR([Please install dovecot first and use that tree instead.]) fi -------------- next part -------------- diff -r 5ebc6aae4d7c src/mailbox.c --- a/src/mailbox.c Mon Apr 29 14:59:26 2013 +0200 +++ b/src/mailbox.c Mon Aug 05 11:24:45 2013 +0200 @@ -3,6 +3,7 @@ #include "user.h" #include "mailbox.h" #include "backends.h" +#include "str-sanitize.h" static MODULE_CONTEXT_DEFINE_INIT(antispam_storage_module, &mail_storage_module_register); @@ -10,6 +11,7 @@ &mail_storage_module_register); #define TRANSACTION_CONTEXT(obj) MODULE_CONTEXT(obj, antispam_transaction_module) +#define MAILBOX_NAME_LOG_LEN 64 struct antispam_transaction { @@ -27,7 +29,7 @@ static enum mailbox_class antispam_mailbox_classify(struct mailbox *box) { - const char *name = mailbox_get_name(box); + const char *name = mailbox_get_vname(box); struct antispam_user *asu = USER_CONTEXT(box->storage->user); enum match_type i; char **iter; @@ -107,22 +109,35 @@ enum mailbox_copy_type copy_type = antispam_classify_copy(asms->box_class, asmb->box_class); +#define LOG_COPYTYPE(ct) \ + i_info("antispam: copytype for '%s' -> '%s' is %s", \ + str_sanitize(mailbox_get_vname(mail->box), MAILBOX_NAME_LOG_LEN), \ + str_sanitize(mailbox_get_vname(t->box), MAILBOX_NAME_LOG_LEN), \ + (ct)); + switch (copy_type) { case MCT_HAM: + LOG_COPYTYPE("HAM"); + /* will continue processing further in this function */ + break; case MCT_SPAM: + LOG_COPYTYPE("SPAM"); /* will continue processing further in this function */ break; case MCT_IGNORE: + LOG_COPYTYPE("IGNORE"); return asmb->module_ctx.super.copy(ctx, mail); break; case MCT_DENY: + LOG_COPYTYPE("DENY"); mail_storage_set_error(t->box->storage, MAIL_ERROR_NOTPOSSIBLE, "This type of copy is forbidden"); return -1; break; } +#undef LOG_COPYTYPE if (asmb->module_ctx.super.copy(ctx, mail) != 0) return -1; From felixrubiodalmau at gmail.com Mon Aug 5 14:15:33 2013 From: felixrubiodalmau at gmail.com (Felix Rubio Dalmau) Date: Mon, 05 Aug 2013 13:15:33 +0200 Subject: [Dovecot] problems with expire plugin In-Reply-To: <8AC61E94-7805-409A-9BD2-6A12057F56EE@swing.be> References: <1617119.BhFMf2OcFb@jarvis> <9767738.tZspPeQ480@jarvis> <8AC61E94-7805-409A-9BD2-6A12057F56EE@swing.be> Message-ID: <12868081.FHO9KEajFY@jarvis> Ooook! Here it goes! :-) Thank you! Felix # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.9.4-15 x86_64 Debian jessie/sid ext4 auth_cache_size = 1 M auth_failure_delay = 10 secs auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = sha1 auth_worker_max_count = 2 base_dir = /var/run/dovecot/ dict { expire = mysql:/etc/dovecot/dovecot-dict-expire.conf.ext } listen = * log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Imap Server ready. mail_access_groups = vmail mail_gid = vmail mail_home = /home/vmail/%d/%n/home mail_location = maildir:/home/vmail/%d/%n mail_plugins = quota zlib mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { expire = Trash expire2 = Trash/* expire3 = Junk expire4 = Junk/* expire_dict = proxy::expire quota = maildir:User quota quota_rule = *:storage=200M quota_rule2 = Trash:storage=+10%% quota_rule3 = Junk:ignore quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = /home/vmail/%d/%n/dovecot.sieve sieve_default = /home/vmail/sieve/default.sieve sieve_dir = /home/vmail/%d/%n/sieve sieve_global_dir = /home/vmail/sieve/global/ zlib_save = gz zlib_save_level = 6 } postmaster_address = some at mail.org protocols = imap sieve lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 } } service dict { unix_listener dict { group = vmail mode = 0660 } } service imap-login { inet_listener imaps { port = 0 } process_min_avail = 3 service_count = 1 } service imap { process_limit = 30 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 0 service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 } } ssl_cert = References: <1617119.BhFMf2OcFb@jarvis> <9767738.tZspPeQ480@jarvis> <8AC61E94-7805-409A-9BD2-6A12057F56EE@swing.be> <12868081.FHO9KEajFY@jarvis> Message-ID: Le 5 ao?t 2013 ? 13:15, Felix Rubio Dalmau a ?crit : > Ooook! Here it goes! :-) > > Thank you! > > Felix > > # 2.1.7: /etc/dovecot/dovecot.conf > # OS: Linux 3.9.4-15 x86_64 Debian jessie/sid ext4 > [...] > mail_plugins = quota zlib > [...] Thanks too. :-) The first thing I would try is this one: mail_plugins = quota zlib expire Axel From mweippert at eteleon.de Mon Aug 5 14:33:44 2013 From: mweippert at eteleon.de (Markus Weippert) Date: Mon, 05 Aug 2013 13:33:44 +0200 Subject: [Dovecot] ACL not copied to new mailboxes Message-ID: <51FF8D98.6070907@eteleon.de> Hi, I had some trouble with ACLs not being copied to new child mailboxes in dovecot 2.2.4. It doesn't matter whether it's a private, shared or public mailbox I create the folder in, the ACLs just seems to be ignored. Anyway, I debugged the executable and came up with the attached patch. Since I'm not a developer, I'm not 100% sure about this but it works for me now. Regards, Markus # dovecot --build-options Build options: ioloop=epoll notify=inotify ipv6 openssl io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail SQL drivers: mysql Passdb: checkpassword ldap pam passwd passwd-file shadow sql Userdb: checkpassword ldap nss passwd prefetch passwd-file sql # doveconf -n # 2.2.4: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.2.0-48-generic x86_64 Ubuntu 12.04.2 LTS auth_cache_negative_ttl = 5 mins auth_cache_size = 10 M auth_cache_ttl = 1 mins auth_debug = yes auth_master_user_separator = * auth_mechanisms = plain login auth_verbose = yes first_valid_gid = 122 first_valid_uid = 114 imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags last_valid_gid = 122 last_valid_uid = 114 mail_debug = yes mail_gid = vmail mail_plugins = acl mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { alias_for = hidden = yes inbox = no list = no location = prefix = INBOX. separator = . type = private } namespace { list = children location = maildir:/var/vmail/public/%d:LAYOUT=fs prefix = Public/ separator = / subscriptions = no type = public } namespace { list = children location = maildir:/var/vmail/mail/%%d/%%n:INDEX=~/shared/%%d/%%n prefix = Shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/auth/%s.master driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile:/var/vmail/acls:cache_secs=300 acl_shared_dict = file:/var/vmail/mail/shared-mailboxes.db sieve = ~/dovecot.sieve sieve_after = /var/vmail/sieve/after sieve_before = /var/vmail/sieve/before sieve_default = /var/vmail/sieve/default.sieve sieve_dir = ~/sieve sieve_global_dir = /var/vmail/sieve/global } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { mode = 0777 } } service imap-login { process_min_avail = 10 service_count = 0 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } ssl_cert = From AxelLuttgens at swing.be Mon Aug 5 14:45:18 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Mon, 5 Aug 2013 13:45:18 +0200 Subject: [Dovecot] problems with expire plugin In-Reply-To: References: <1617119.BhFMf2OcFb@jarvis> <9767738.tZspPeQ480@jarvis> <8AC61E94-7805-409A-9BD2-6A12057F56EE@swing.be> <12868081.FHO9KEajFY@jarvis> Message-ID: <63C2F8C2-C6F6-49DB-992B-3F98D9D55ED4@swing.be> Le 5 ao?t 2013 ? 13:28, Axel Luttgens a ?crit : > [...] > > The first thing I would try is this one: > > mail_plugins = quota zlib expire > Moreover, I guess you should also update your lmtp/lda sections: protocol lmtp { mail_plugins = quota zlib sieve expire } protocol lda { mail_plugins = quota zlib sieve expire } Axel From kae at midnighthax.com Mon Aug 5 14:48:35 2013 From: kae at midnighthax.com (Keith Edmunds) Date: Mon, 5 Aug 2013 12:48:35 +0100 Subject: [Dovecot] Subfolders of Inbox with LAYOUT=fs Message-ID: <20130805124835.7d90fd02@kae.tiger-computing.wbp> We've just converted to LAYOUT=fs. Some users had subfolders under Inbox, and for those users some MUAs no longer show those folders. The directory structure is that the cur, tmp and new folders are in the 'location' directory, but the subfolders are in $location/INBOX/$foldername. I am suspicious of this: 12 list "" INBOX * LIST (\HasNoChildren) "/" "INBOX" 12 OK List completed. I have tried moving the cur, tmp and new folders to $location/INBOX, and changing 'location' in dovecot.conf, but the subfolders still do not show. Question: is it legitimate to have subfolders of INBOX when using LAYOUT=fs? If so, what am I missing? Thanks, Keith Config: # dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 ext3 lda_mailbox_autocreate = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_home = /home/%u mail_location = maildir:/home/imapmail/%u:LAYOUT=fs mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = maildir:/home/imapmail/%u:LAYOUT=fs prefix = separator = / type = private } namespace { hidden = no list = children location = maildir:/home/imapmail/public:INDEX=/home/imapmail/public.indexes/%u.index:LAYOUT=fs prefix = public/ separator = / subscriptions = no type = public } passdb { driver = pam } plugin { acl = vfile acl_shared_dict = file:/home/imapmail/shared-mailboxes fts = squat home = /home/%u sieve = /home/sieve/%u.sieve sieve_dir = /home/sieve/%u } protocols = imap sieve service auth { user = root } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert = References: <1375428840.90646.YahooMailNeo@web193505.mail.sg3.yahoo.com> <1375444679.31867.7.camel@innu.dovecot.net> Message-ID: <51FF97F5.4070805@hardwarefreak.com> On 8/2/2013 6:57 AM, Timo Sirainen wrote: > On Fri, 2013-08-02 at 15:34 +0800, Kavish Karkera wrote: >> Hi, >> >> We are repeatedly getting these below warnings for some of our users, al though we have no complaints from them yet, >> we need to know why these warning occurs. >> >> So it would be help full if some one explain these warning msg in detail. > .. >> Aug 2 12:52:55 blade8 dovecot: imap(kavish.karkera at example.com): Warning: Maildir: Scanning /mail/v3store/example.com/kavish.karkera at example.com/Maildir/cur took 94 seconds (23191 readdir()s, 0 rename()s to cur/, why=0x1) > > It means that the maildir INBOX is huge, and it takes a long time to > access them with your available disk IO. Possibilities: Yes, 23K+ and 43K+ emails in a maildir INBOX will generate quite a bit of read IO. Are these shared mailboxes used for some business process, or normal user mailboxes? If the former are these tends of thousands of emails arriving in a single day? > a) Move move of your mails away from INBOX. If the former you'll want to create a workflow that moves each email to archival storage, or some temporary location, after each email has been processed, either by your automated system or human beings. As you've discovered, allowing so many emails to pile up in a maildir INBOX causes problems. If the latter, the users need to be properly educated on mail folder hierarchy, sorting, and storage best practices. > b) Switch to different mailbox format that can handle large mailboxes, > such as mdbox or sdbox. This will help but not nearly as much as Timo's first suggestion. For many reasons it's not always possible or feasible for an organization to switch mailbox storage formats. So the last option, which is always the least bang for the buck, is optimizing your storage stack on the NFS server for maximum IOPS. For instance if you're currently using parity RAID, migrating to RAID10 will give you a 5-15x+ boost in mixed read/write random IOPS throughput. If your RAID has large strips (chunks) of say 128KB+ switching to small strips of 16-32KB will increase IOPS, especially if you're using parity RAID--smaller chunks significantly decrease RMW latency. Switching from EXT3/4 to XFS w/inode64 will provide a boost due to parallelism across allocation groups, and files being clustered around their metadata inodes which decreases head seek latency--this is especially beneficial to maildir which manipulates metadata more than file data. And then there's always the option of adding more hardware, typically more/faster spindles, maybe more HW RAID cache and more system RAM for greater filesystem buffer cache, or all three. -- Stan From list.dovecot at tiri.li Mon Aug 5 15:27:19 2013 From: list.dovecot at tiri.li (Thomas Baumann) Date: Mon, 5 Aug 2013 14:27:19 +0200 Subject: [Dovecot] dovecot fts solr plugin In-Reply-To: <233273A5-024D-4FA3-A6ED-EB64B5ADD5C4@iki.fi> References: <233273A5-024D-4FA3-A6ED-EB64B5ADD5C4@iki.fi> Message-ID: <14429b95793b3c5c3831ffa7c113cf16@mail.gmail.com> Hello Timo, I did following (using apache-solr-3.6.2): wget "http://hg.dovecot.org/dovecot-2.0/raw-file/3fbfdda3e5d3/src/plugins/fts-s olr/schema.xml" -O solr/conf/schema.xml Then I started solr java -jar start.jar And and SEVERE Error is thrown, but searching seems to work. 05.08.2013 14:22:29 org.apache.solr.common.SolrException log SEVERE: org.apache.solr.common.SolrException: undefined field text at org.apache.solr.schema.IndexSchema.getDynamicFieldType(IndexSchema.java:13 30) at org.apache.solr.schema.IndexSchema$SolrQueryAnalyzer.getAnalyzer(IndexSche ma.java:408) at org.apache.solr.schema.IndexSchema$SolrIndexAnalyzer.reusableTokenStream(I ndexSchema.java:383) at org.apache.lucene.queryParser.QueryParser.getFieldQuery(QueryParser.java:5 74) at org.apache.solr.search.SolrQueryParser.getFieldQuery(SolrQueryParser.java: 206) at org.apache.lucene.queryParser.QueryParser.Term(QueryParser.java:1436) at org.apache.lucene.queryParser.QueryParser.Clause(QueryParser.java:1319) at org.apache.lucene.queryParser.QueryParser.Query(QueryParser.java:1245) at org.apache.lucene.queryParser.QueryParser.TopLevelQuery(QueryParser.java:1 234) at org.apache.lucene.queryParser.QueryParser.parse(QueryParser.java:206) at org.apache.solr.search.LuceneQParser.parse(LuceneQParserPlugin.java:79) at org.apache.solr.search.QParser.getQuery(QParser.java:143) at org.apache.solr.handler.component.QueryComponent.prepare(QueryComponent.ja va:105) at org.apache.solr.handler.component.SearchHandler.handleRequestBody(SearchHa ndler.java:165) at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBas e.java:129) at org.apache.solr.core.SolrCore.execute(SolrCore.java:1376) at org.apache.solr.core.QuerySenderListener.newSearcher(QuerySenderListener.j ava:59) at org.apache.solr.core.SolrCore$3.call(SolrCore.java:1182) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:314) at java.util.concurrent.FutureTask.run(FutureTask.java:149) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor. java:897) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java :919) at java.lang.Thread.run(Thread.java:736) And for solr-4.3.1 the schema is not useable. "Caused by: org.apache.solr.common.SolrException: Plugin init failure for [schema.xml] analyzer/filter: Error loading class 'solr.EnglishPorterFilterFactory'" **Do you have a Schema for 4.3.1 as well?** 10361d30f8c4ea51ad7c00002ecaff3b 1 10361d30f8c4ea51ad7c00002ecaff3b 2 10361d30f8c4ea51ad7c00002ecaff3b 3 Thanks for your help in advance, Thomas. -----Urspr?ngliche Nachricht----- Von: Timo Sirainen [mailto:tss at iki.fi] Gesendet: Freitag, 2. August 2013 15:03 An: Thomas Baumann Cc: dovecot at dovecot.org Betreff: Re: [Dovecot] dovecot fts solr plugin On 21.7.2013, at 23.11, Thomas Baumann wrote: > (1) doveadm fts fails: > > Error message: > doveadm(tom at tirism.support.tiri.li): Error: fts not enabled for user's > namespace (null) .. > protocol imap { > plugin { > fts = solr > fts_solr = break-imap-search url=http://localhost:8983/solr/ } } > protocol pop3 { plugin { > fts = solr > fts_solr = break-imap-search url=http://localhost:8983/solr/ } } Don't put these inside protocol sections. They need to be enabled globally. > (2) > solr schema has errors > > Jul 21, 2013 4:35:46 PM org.apache.solr.common.SolrException log > SEVERE: org.apache.solr.common.SolrException: undefined field text I did some Solr schema fixes to v2.2 recently.. From tss at iki.fi Mon Aug 5 15:47:53 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 15:47:53 +0300 Subject: [Dovecot] Design: Adding checksums to index files Message-ID: <3172067D-6306-4BF4-9327-4E45931FCE6A@iki.fi> I've been planning on adding these for years. Maybe it's about time soon. I guess they could be added already to v2.2, but enabled only by a new setting because it requires file format changes that old Dovecots can't then read. I could probably patch v2.1 also so it is able to at least read the new format without failing. For v2.3 this new format could then be made the default. And what would the checksums be exactly? Would the standard CRC32 and CRC8 work fine, or are there any better ones? 1. dovecot.index v2.1+ always only fully recreates this file, never overwrites data to it. So the checksums could be written only when the dovecot.index is being recreated. There are 3 possible things to checksum: - header (32bit checksum) - all of the mail records (32bit checksum) - each mail record independently (8bit checksum per mail) The header's checksum could be verified every time the index is opened. The full mail record checksum could be verified when something appears to be wrong, but it's probably a waste of time to check it in normal operation. I'm not really sure about the per-mail checksums. It would be easy to create them while dovecot.index is being created, but after reading the file into memory the records are updated in many ways in many places. It's probably not worth the complexity and extra slowness to verify and/or update the checksums in all the different places. So is it worth it to even have them? In error conditions when fixing up indexes it could be useful to skip over records with broken checksums (and check if the mail is in dovecot.index.backup with correct checksum). Maybe that's enough to be worth 1 byte per message?.. 2. dovecot.index.log This file is only appended to. Each committed transaction could be prefixed in the new format with . With the new format this wouldn't actually increase the log file size much, because there is already some space wasted for a compatibility "boundary" record that could be removed now. 3. dovecot.index.cache Cache file is the most complex file. Its headers get overwritten once in a while. Probably not worth the trouble to checksum the header itself, and there's not a lot that could be done even if a broken checksum was found. But each mail_cache_record could have its own checksum. A 8bit checksum could be added without increasing the file's size. Maybe that would be enough? 4. dovecot.index.thread This is a rather simple file and a 32bit checksum could be added to its header, and verified every time the file is read (because it's fully read anyway). 5. dovecot.mailbox.log This file doesn't even have a header. There are 3 unused bytes in each record currently. One of them could be used for a new "flags" parameter, with the only flag being "checksum added". There would still be space left for 8bit or 16bit checksum. 6. Other files There are also some text files, like dovecot-acl, subscriptions, quota usage and Sieve scripts. They probably have to be without checksums for now. From felixrubiodalmau at gmail.com Mon Aug 5 16:10:33 2013 From: felixrubiodalmau at gmail.com (Felix Rubio Dalmau) Date: Mon, 05 Aug 2013 15:10:33 +0200 Subject: [Dovecot] problems with expire plugin In-Reply-To: <63C2F8C2-C6F6-49DB-992B-3F98D9D55ED4@swing.be> References: <1617119.BhFMf2OcFb@jarvis> <63C2F8C2-C6F6-49DB-992B-3F98D9D55ED4@swing.be> Message-ID: <1715779.PL1BhhVnpK@jarvis> AWESOME!!! I'm sorry I missed it! Now the table gets correctly updated. Now the question is: How should I configure the expires to be different for different boxes? I see that the expires plugin keeps the track of the oldest message on the boxes tracked, only. Should I configure cronjobs like this, for each mailbox to be expunged? doveadm expunge -A mailbox Trash savedbefore d Thank you very much to you all!! :-) Felix On Monday 05 August 2013 13:45:18 Axel Luttgens wrote: > Le 5 ao?t 2013 ? 13:28, Axel Luttgens a ?crit : > > > [...] > > > > The first thing I would try is this one: > > > > mail_plugins = quota zlib expire > > > > Moreover, I guess you should also update your lmtp/lda sections: > > protocol lmtp { > mail_plugins = quota zlib sieve expire > } > protocol lda { > mail_plugins = quota zlib sieve expire > } > > Axel > From john.williams at otago.ac.nz Mon Aug 5 12:28:14 2013 From: john.williams at otago.ac.nz (John Williams) Date: Mon, 05 Aug 2013 20:28:14 +1100 Subject: [Dovecot] How to troubleshoot LDA or LMTP? Message-ID: <874nb4fpw1.fsf@otago.ac.nz> Please forgive me if these are silly questions. I am a normal user, not a system administrator. I am using Dovecot as a kind of IMAP caching proxy, i.e. reading IMAP mail via Gnus + Dovecot + Offlineimap. I am trying to enable sieve functionality. *Desired behaviour* When Gnus (or whatever MUA) asks for new mail from Dovecot, that before Dovecot returns and answer, the sieve rules are executed. Please tell me if I completely misunderstand how the mail system works in this instance. *Actual behaviour* As far as I can tell, not only are the sieve rules not executed, but also neither LDA or LMTP is invoked. *What works* Running the scripts manually via `sieve-filter` works fine. The next time I read from my local dovecot server the mail is all in the desired place. Also, the LMTP service is running, listening on port 24. *What doesn't work* I thought the next step would be to execute dovecot-lda manually (as is suggested on the wiki and in numerous newsgroup posts), but I can't figure out how to do this. When I execute it as root and provide my non-root username via the -u option, it hangs. I can see that it spawns a child process that executes as the non-root user (specified with the -u option). So, could someone tell how to execute dovecot-lda manually please? Also, when does LMTP process messages? When sending mail via SMTP, or when reading mail via IMAP? I would prefer to use LMTP rather than LDA. *My environment* Fedora 19 & sendmail. Is any other information relevant, apart from the dovecot configuration? Thank you, John .2.4: /etc/dovecot/dovecot.conf # OS: Linux 3.10.4-300.fc19.x86_64 x86_64 Fedora release 19 (Schr?dinger?s Cat) auth_socket_path = /var/run/dovecot/auth-userdb debug_log_path = /var/log/dovecot-debug.log disable_plaintext_auth = no hostname = falcon.novoalexandrovsk.ru info_log_path = /var/log/dovecot-info.log lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes login_greeting = Dovecot ready, folks! mail_access_groups = mail mail_debug = yes mail_location = mbox:~/mail/mailboxes:DIRNAME=mBoX-MeSsAgEs:INDEX=~/mail/index:CONTROL=~/mail/control:INBOX=/var/spool/mail/%u managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = /var/lib/dovecot/sieve/global/ sieve_global_path = /var/lib/dovecot/sieve/default.sieve } postmaster_address = johnfrombluff at gmail.com protocols = imap lmtp sieve service auth { unix_listener auth-userdb { mode = 0600 user = mail } } service lmtp { executable = lmtp -L inet_listener lmtp { address = 192.168.0.101 127.0.0.1 ::1 port = 24 } user = mail } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 1 service_count = 1 vsz_limit = 64 M } service managesieve { process_limit = 10 } ssl = required ssl_cert = References: <874nb4fpw1.fsf@otago.ac.nz> Message-ID: <51FFAF9D.2070001@hardwarefreak.com> On 8/5/2013 4:28 AM, John Williams wrote: > *Desired behaviour* When Gnus (or whatever MUA) asks for new mail from > Dovecot, that before Dovecot returns and answer, the sieve rules are > executed. Please tell me if I completely misunderstand how the mail > system works in this instance. Sieve is invoked by LDA or LMTP during delivery from the upstream MTA. The purpose of this is to sort the mail into the appropriate folder during delivery, and update the Dovecot indexes at this time. ... > *What doesn't work* I thought the next step would be to execute > dovecot-lda manually (as is suggested on the wiki and in numerous > newsgroup posts), but I can't figure out how to do this. When I execute > it as root and provide my non-root username via the -u option, it > hangs. I can see that it spawns a child process that executes as the > non-root user (specified with the -u option). So, could someone tell > how to execute dovecot-lda manually please? I don't have the answer to this question. You desire to use Dovecot in a manner likely not anticipated by its designer. What you want may/not be possible. > Also, when does LMTP process messages? When the upstream MTA connects and delivers a message. LMTP is identical to SMTP but for a few commands, thus transmission of messages occurs in an almost identical manner to SMTP, over a network socket. The socket connection can be local to a host, or over a network between two hosts. -- Stan From tss at iki.fi Mon Aug 5 17:39:24 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 17:39:24 +0300 Subject: [Dovecot] Subfolders of Inbox with LAYOUT=fs In-Reply-To: <20130805124835.7d90fd02@kae.tiger-computing.wbp> References: <20130805124835.7d90fd02@kae.tiger-computing.wbp> Message-ID: On 5.8.2013, at 14.48, Keith Edmunds wrote: > We've just converted to LAYOUT=fs. Some users had subfolders under Inbox, > and for those users some MUAs no longer show those folders. Oh, looks like this has been broken for a while. Fixed: http://hg.dovecot.org/dovecot-2.1/rev/589d2f485a6e From CMarcus at Media-Brokers.com Mon Aug 5 17:45:57 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 05 Aug 2013 10:45:57 -0400 Subject: [Dovecot] Weird log entries when some users are composing messages in Thunderbird Message-ID: <51FFBAA5.9030805@Media-Brokers.com> Hi all/Timo, When some of our users are composing a message in Thunderbird, I see a ton of these in the logs, and they keep repeating the entire time they are typing until the message gets sent... > 2013-08-05T10:34:42-04:00 myhost dovecot: imap-login: Login: user=, method=PLAIN, rip=###.###.###.###, lport=993, mpid=8152, TLS, session= > 2013-08-05T10:34:42-04:00 myhost dovecot: imap(user at media-brokers.com): Disconnected: Disconnected in IDLE in=149 out=12449 > 2013-08-05T10:34:42-04:00 myhost dovecot: imap-login: Login: user=, method=PLAIN, rip=###.###.###.###, lport=993, mpid=8153, TLS, session= > 2013-08-05T10:34:42-04:00 myhost dovecot: imap(user at media-brokers.com): Disconnected: Disconnected in IDLE in=149 out=12449 I confirmed that their 'Auto-Save' settings are the defaults (5 minutes, same as mine), and when I'm composing a message, there are no entries like this. The only other option I could think of that might affect t his is the 'spell check as you type', which is also enabled on mine. Also - I'm not sure this *always* happens to these users... all I know is, I see these flooding the logs sometimes, and when I remote in, that user is composing a message. Anyone have any idea why this happens to only a few of our users, and possibly only sometimes? Could it be something in the HTML of the quoted text when they are replying to certain messages? Thanks, -- Best regards, Charles From tss at iki.fi Mon Aug 5 17:48:22 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 17:48:22 +0300 Subject: [Dovecot] Weird log entries when some users are composing messages in Thunderbird In-Reply-To: <51FFBAA5.9030805@Media-Brokers.com> References: <51FFBAA5.9030805@Media-Brokers.com> Message-ID: <641EAAA8-2429-4EDD-8150-F607F9BFC6A0@iki.fi> On 5.8.2013, at 17.45, Charles Marcus wrote: > Hi all/Timo, > > When some of our users are composing a message in Thunderbird, I see a ton of these in the logs, and they keep repeating the entire time they are typing until the message gets sent... > >> 2013-08-05T10:34:42-04:00 myhost dovecot: imap-login: Login: user=, method=PLAIN, rip=###.###.###.###, lport=993, mpid=8152, TLS, session= >> 2013-08-05T10:34:42-04:00 myhost dovecot: imap(user at media-brokers.com): Disconnected: Disconnected in IDLE in=149 out=12449 >> 2013-08-05T10:34:42-04:00 myhost dovecot: imap-login: Login: user=, method=PLAIN, rip=###.###.###.###, lport=993, mpid=8153, TLS, session= >> 2013-08-05T10:34:42-04:00 myhost dovecot: imap(user at media-brokers.com): Disconnected: Disconnected in IDLE in=149 out=12449 No idea, but check what the sessions do: http://wiki2.dovecot.org/Debugging/Rawlog From alpotr at gmail.com Mon Aug 5 17:52:48 2013 From: alpotr at gmail.com (AlR) Date: Mon, 5 Aug 2013 22:52:48 +0800 Subject: [Dovecot] How to configure sendmail using dovecot lmtp In-Reply-To: References: <1375688646950-43648.post@n4.nabble.com> Message-ID: On Mon, Aug 5, 2013 at 5:03 PM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote: > you are using system users, then you can use: > > FEATURE(`local_lmtp',`[IPC]',`**FILE /var/run/dovecot2.2/lmtp')dnl > > - -- Steffen Kaiser > That worked. Thanks From bra at fsn.hu Mon Aug 5 17:52:52 2013 From: bra at fsn.hu (Attila Nagy) Date: Mon, 05 Aug 2013 16:52:52 +0200 Subject: [Dovecot] Design: Adding checksums to index files In-Reply-To: <3172067D-6306-4BF4-9327-4E45931FCE6A@iki.fi> References: <3172067D-6306-4BF4-9327-4E45931FCE6A@iki.fi> Message-ID: <51FFBC44.2050204@fsn.hu> On 08/05/13 14:47, Timo Sirainen wrote: > I've been planning on adding these for years. Maybe it's about time soon. I guess they could be added already to v2.2, but enabled only by a new setting because it requires file format changes that old Dovecots can't then read. I could probably patch v2.1 also so it is able to at least read the new format without failing. For v2.3 this new format could then be made the default. > What would these solve? Pointing out errors in dovecot, operating system, or faulty hardware? Modern file/storage systems checksum the data all the way to the platters. From tss at iki.fi Mon Aug 5 18:12:10 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 18:12:10 +0300 Subject: [Dovecot] Design: Adding checksums to index files In-Reply-To: <51FFBC44.2050204@fsn.hu> References: <3172067D-6306-4BF4-9327-4E45931FCE6A@iki.fi> <51FFBC44.2050204@fsn.hu> Message-ID: <85A4A747-7257-4961-9A83-884FE4019BC5@iki.fi> On 5.8.2013, at 17.52, Attila Nagy wrote: > On 08/05/13 14:47, Timo Sirainen wrote: >> I've been planning on adding these for years. Maybe it's about time soon. I guess they could be added already to v2.2, but enabled only by a new setting because it requires file format changes that old Dovecots can't then read. I could probably patch v2.1 also so it is able to at least read the new format without failing. For v2.3 this new format could then be made the default. >> > What would these solve? Pointing out errors in dovecot, operating system, or faulty hardware? > Modern file/storage systems checksum the data all the way to the platters. Currently most corruptions happen due to NFS or other shared filesystems. Also local filesystems can corrupt themselves in some bad conditions. So they're useful at least for: * figuring out if the "corruption" is actual filesystem corruption or a bug in Dovecot * detecting corruption early and not giving user corrupted data * fixing corruption in a way that doesn't cause more problems (e.g. in some bad cases IMAP UIDs could go over 2^31 causing trouble with some clients) I hear about index corruption all the time. It's not always obvious where the problem is.. From dovecot-list at mohtex.net Mon Aug 5 18:12:02 2013 From: dovecot-list at mohtex.net (Tamsy) Date: Mon, 05 Aug 2013 22:12:02 +0700 Subject: [Dovecot] dovecot fts solr plugin In-Reply-To: <14429b95793b3c5c3831ffa7c113cf16@mail.gmail.com> References: <233273A5-024D-4FA3-A6ED-EB64B5ADD5C4@iki.fi> <14429b95793b3c5c3831ffa7c113cf16@mail.gmail.com> Message-ID: <51FFC0C2.4000302@mohtex.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas Baumann wrote the following on 05.08.2013 19:27: Regarding: "org.apache.solr.common.SolrException log SEVERE: org.apache.solr.common.SolrException: undefined field text" As for Solr 4.4.0 this went away after editing solr-schema.xml (from Dovecot 2.2.4), Changing the call to: fieldType name="text" to fieldType name="text_general" Changing all calls to field name type="text" to type="text_general" and by adding: before: Although fts solr searches are working fine even with the above errors in the logs. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iQEcBAEBAgAGBQJR/8DCAAoJEFJuhDv/UPjwuFoIALV/W4Az52nTEImAPPu6cE6l H95rVMFpQ2bvIyyjY9I0AZrPB/Fk2RudVGVJTj3AXwCFph/nKEJ2Rc1AZsio5HQz evJA1KR+U7mXh2SEw0mADUM83JTQPCiBipu5g3w91XWX8D9kvYBRmSmDwuYkDp94 byLqxwEbJ5f8AeNDhYQ5QNmBYd/j7r8e5bYEzxcjHr/ICXkCIWiO/mvV1/NlHYE6 QS3SVEx9FLDOZoAb0c/UDvQyF/khUDZ028b1Afo1b4qHVU0r41KccoTvHgBl6sl5 x1+4f+qQLP4I5NZohfOxBHvU0jaSQk+jBDXuQU+FNuqkfwlkbhLTQdwgBcx22o8= =7PcO -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: 0xFF50F8F0.asc Type: application/pgp-keys Size: 1750 bytes Desc: not available URL: From CMarcus at Media-Brokers.com Mon Aug 5 18:18:06 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 05 Aug 2013 11:18:06 -0400 Subject: [Dovecot] Weird log entries when some users are composing messages in Thunderbird In-Reply-To: <641EAAA8-2429-4EDD-8150-F607F9BFC6A0@iki.fi> References: <51FFBAA5.9030805@Media-Brokers.com> <641EAAA8-2429-4EDD-8150-F607F9BFC6A0@iki.fi> Message-ID: <51FFC22E.5090308@Media-Brokers.com> On 2013-08-05 10:48 AM, Timo Sirainen wrote: > On 5.8.2013, at 17.45, Charles Marcus wrote: > >> Hi all/Timo, >> >> When some of our users are composing a message in Thunderbird, I see a ton of these in the logs, and they keep repeating the entire time they are typing until the message gets sent... >> >>> 2013-08-05T10:34:42-04:00 myhost dovecot: imap-login: Login: user=, method=PLAIN, rip=###.###.###.###, lport=993, mpid=8152, TLS, session= >>> 2013-08-05T10:34:42-04:00 myhost dovecot: imap(user at media-brokers.com): Disconnected: Disconnected in IDLE in=149 out=12449 >>> 2013-08-05T10:34:42-04:00 myhost dovecot: imap-login: Login: user=, method=PLAIN, rip=###.###.###.###, lport=993, mpid=8153, TLS, session= >>> 2013-08-05T10:34:42-04:00 myhost dovecot: imap(user at media-brokers.com): Disconnected: Disconnected in IDLE in=149 out=12449 > No idea, but check what the sessions do: http://wiki2.dovecot.org/Debugging/Rawlog Thanks Timo, I'll do this in the morning when no one is here... Hmmm... can this be enabled for this a couple of users (those that I've noticed this happening to)? The wiki says that it works 'by checking if dovecot.rawlog/ directory exists in the logged in user's home directory'... so, does this mean I would just need to make sure I only had that directory for the users I wanted to monitor? Or would I get lots of errors for all of the users that*didn't* have this directory? -- Best regards, Charles From tss at iki.fi Mon Aug 5 18:19:18 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 18:19:18 +0300 Subject: [Dovecot] dovecot fts solr plugin In-Reply-To: <51FFC0C2.4000302@mohtex.net> References: <233273A5-024D-4FA3-A6ED-EB64B5ADD5C4@iki.fi> <14429b95793b3c5c3831ffa7c113cf16@mail.gmail.com> <51FFC0C2.4000302@mohtex.net> Message-ID: On 5.8.2013, at 18.12, Tamsy wrote: > Regarding: > "org.apache.solr.common.SolrException log SEVERE: > org.apache.solr.common.SolrException: undefined field text" I wonder what tries to access such "text" field .. I don't see any such code in Dovecot. Or does Solr assume that there always is a field named "text"? > As for Solr 4.4.0 this went away after editing solr-schema.xml (from > Dovecot 2.2.4), > Changing the call to: > fieldType name="text" to fieldType name="text_general" > Changing all calls to field name type="text" to type="text_general" > and by adding: > multiValued="true"/> > before: > So basically you're adding a new field named "text" that is always empty (because Dovecot Solr plugin doesn't add anything to it)? I'm not sure if the text_general changes did anything good. From tss at iki.fi Mon Aug 5 18:28:38 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 18:28:38 +0300 Subject: [Dovecot] Weird log entries when some users are composing messages in Thunderbird In-Reply-To: <51FFC22E.5090308@Media-Brokers.com> References: <51FFBAA5.9030805@Media-Brokers.com> <641EAAA8-2429-4EDD-8150-F607F9BFC6A0@iki.fi> <51FFC22E.5090308@Media-Brokers.com> Message-ID: <41CA785B-2897-4112-B771-852CCA2D0885@iki.fi> On 5.8.2013, at 18.18, Charles Marcus wrote: >> No idea, but check what the sessions do: http://wiki2.dovecot.org/Debugging/Rawlog > > Thanks Timo, I'll do this in the morning when no one is here... > > Hmmm... can this be enabled for this a couple of users (those that I've noticed this happening to)? The wiki says that it works 'by checking if dovecot.rawlog/ directory exists in the logged in user's home directory'... so, does this mean I would just need to make sure I only had that directory for the users I wanted to monitor? Yes. > Or would I get lots of errors for all of the users that*didn't* have this directory? No errors, just silent skipping. From listserv at xtlv.cn Mon Aug 5 18:36:31 2013 From: listserv at xtlv.cn (listserv) Date: Mon, 05 Aug 2013 17:36:31 +0200 Subject: [Dovecot] problems with doveadm In-Reply-To: References: Message-ID: <51FFC67F.8050500@xtlv.cn> > > On 3.8.2013, at 14.25, listserv wrote: > >> doveadm expunge -A mailbox Trash savedbefore 7d >> => kernel: doveadm[11609]: segfault at 10 ip b75f146a sp bf856ad0 error 4 in >> libdovecot.so.0.0.0[b7585000+c8000] > > gdb backtrace would be useful, for example: > > gdb --args doveadm expunge -A mailbox Trash savedbefore 7d > run > bt full > Thank you for your advice. Here the backtrace: gdb --args doveadm expunge -A mailbox Trash savedbefore 7d GNU gdb (GDB) 7.6 (Debian 7.6-5) Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /usr/bin/doveadm...Reading symbols from /usr/lib/debug/usr/bin/doveadm...done. done. (gdb) run Starting program: /usr/bin/doveadm expunge -A mailbox Trash savedbefore 7d warning: Could not load shared library symbols for linux-gate.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. i_stream_next_line (stream=0x0) at istream.c:382 382 istream.c: Datei oder Verzeichnis nicht gefunden. (gdb) bt full #0 i_stream_next_line (stream=0x0) at istream.c:382 _stream = pos = #1 0xb7dfbd01 in auth_master_user_list_next (ctx=0x80bf668) at auth-master.c:694 line = #2 0xb7ef72cb in mail_storage_service_all_next (ctx=0x80b8f60, username_r=0xbffff550) at mail-storage-service.c:1294 __FUNCTION__ = "mail_storage_service_all_next" #3 0x08057db5 in doveadm_mail_all_users (wildcard_user=0x0, argv=, ctx=0x80b53f0) at doveadm-mail.c:368 ret = input = {module = 0x0, service = 0x8092f63 "doveadm", username = 0x80bf070 "admin at xtlv.jp", session_id = 0x0, local_ip = {family = 0, u = {ip6 = {__in6_u = {__u6_addr8 = '\000' , __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, remote_ip = {family = 0, u = {ip6 = {__in6_u = {__u6_addr8 = '\000' , __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, local_port = 0, remote_port = 0, userdb_fields = 0x0, flags_override_add = (unknown: 0), flags_override_remove = (unknown: 0), no_userdb_lookup = 0} user_idx = 0 user = 0x80bf070 "admin at xtlv.jp" error = 0xb7e6f2f0 "" #4 doveadm_mail_cmd (argv=, argc=, cmd=0xbffff5ac) at doveadm-mail.c:523 ctx = 0x80b53f0 getopt_args = ret = c = wildcard_user = 0x0 error = #5 doveadm_mail_try_run (cmd_name=cmd_name at entry=0x80b1209 "expunge", argc=argc at entry=6, argv=argv at entry=0x80b11dc) at doveadm-mail.c:608 cmd = 0xbffff5ac #6 0x08056b26 in main (argc=6, argv=0x80b11dc) at doveadm.c:398 cmd_name = i = quick_init = false c = -- ??????? From CMarcus at Media-Brokers.com Mon Aug 5 19:05:11 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 05 Aug 2013 12:05:11 -0400 Subject: [Dovecot] Weird log entries when some users are composing messages in Thunderbird In-Reply-To: <41CA785B-2897-4112-B771-852CCA2D0885@iki.fi> References: <51FFBAA5.9030805@Media-Brokers.com> <641EAAA8-2429-4EDD-8150-F607F9BFC6A0@iki.fi> <51FFC22E.5090308@Media-Brokers.com> <41CA785B-2897-4112-B771-852CCA2D0885@iki.fi> Message-ID: <51FFCD37.1080809@Media-Brokers.com> On 2013-08-05 11:28 AM, Timo Sirainen wrote: > On 5.8.2013, at 18.18, Charles Marcus wrote: > >>> No idea, but check what the sessions do: http://wiki2.dovecot.org/Debugging/Rawlog >> Thanks Timo, I'll do this in the morning when no one is here... >> >> Hmmm... can this be enabled for this a couple of users (those that I've noticed this happening to)? The wiki says that it works 'by checking if dovecot.rawlog/ directory exists in the logged in user's home directory'... so, does this mean I would just need to make sure I only had that directory for the users I wanted to monitor? > Yes. > >> Or would I get lots of errors for all of the users that*didn't* have this directory? > No errors, just silent skipping. Excellent - thanks! -- Best regards, Charles From gb10hkzo-dovecot at yahoo.co.uk Mon Aug 5 19:07:15 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Mon, 5 Aug 2013 17:07:15 +0100 (BST) Subject: [Dovecot] Help needed with SOLR integration Message-ID: <1375718835.66991.YahooMailNeo@web28904.mail.ir2.yahoo.com> Hi, Is there anything wrong with this config for getting SOLR working ? I'm on Ubuntu 12.04LTS and using the bundled Jetty and SOLR. Calling "http://localhost:8080/solr/update?optimize=true" doesn't return an error. And I'm pretty sure I've replaced the schema ? Help & thanks in advance Nigel # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.5.0-37-generic x86_64 Ubuntu 12.04.2 LTS mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii -numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { ? args = scheme=CRYPT username_format=%u /etc/dovecot/users ? driver = passwd-file } plugin { ? fts = solr ? fts_solr = url=http://localhost:8080/solr/ ? sieve = ~/.dovecot.sieve ? sieve_dir = ~/sieve } protocols = imap lmtp sieve service auth { ? unix_listener /var/spool/postfix/private/dovecot-auth { ??? group = postfix ??? mode = 0660 ??? user = postfix ? } ? unix_listener auth-userdb { ??? group = its-virtmail ??? user = its-virtmail ? } } service imap-login { ? process_min_avail = 3 } service lmtp { ? process_min_avail = 5 ? unix_listener /var/spool/postfix/private/dovecot-lmtp { ??? group = postfix ??? mode = 0600 ??? user = postfix ? } ? user = its-virtmail } service managesieve-login { ? inet_listener sieve { ??? port = 4190 ? } ? process_min_avail = 3 } ssl = required ssl_cert = was automatically rejected:%n%r } protocol lmtp { ? mail_plugins = sieve ? postmaster_address = bp at example.com } From kae at midnighthax.com Mon Aug 5 19:08:46 2013 From: kae at midnighthax.com (Keith Edmunds) Date: Mon, 5 Aug 2013 17:08:46 +0100 Subject: [Dovecot] Subfolders of Inbox with LAYOUT=fs In-Reply-To: References: <20130805124835.7d90fd02@kae.tiger-computing.wbp> Message-ID: <20130805170846.624980b8@kae.tiger-computing.wbp> > Oh, looks like this has been broken for a while. Fixed: > http://hg.dovecot.org/dovecot-2.1/rev/589d2f485a6e Thanks Timo. Unfortunately we're using the packaged Debian version (2.1.7) and the current version of mailbox-list-fs-iter.c is a bit too different to apply that patch (but thanks for the very quick response). -- "You can't live a perfect day without doing something for someone who will never be able to repay you." From christoph at out-world.com Mon Aug 5 19:18:09 2013 From: christoph at out-world.com (Christoph =?ISO-8859-1?Q?Hinterm=FCller?=) Date: Mon, 05 Aug 2013 18:18:09 +0200 Subject: [Dovecot] [Metadata Plugin] Q: Source Repository Message-ID: <1375719489.2888.17.camel@starcommand> Hi I'm currently trying to package V14 of Metadata plugin for Ubuntu Quantal (https://launchpad.net/~privatedata/+archive/dovecot-2.2.2/) to be installed along with dovecot 2.2.4. According to my efforts packaging the plugin i do have some questions For future releases, is it possible to add a link to the current release on the meta data mercurial page which includes in the filename of the tar.gz archive the current version number of the plugin ( metadata-plugin-v14.tar.gz). That would allow to add an appropriate line in the debian/watch file to detect when a new release of the plugin is available. Currently i have to check mercurial page manually and use an updated version mangling entry to ensure that the packaging system downloads the latest version. The link would help to simplify this. Especially as the base link in my debian/watch file currently points to tip.tar.gz and not to the archive the linke of the V14 tag points to. The sources i got represent the tip.tar.gz downloaded on July 19th 2013 23:16 CET which likely do not exactly correspond to the contents of the archive containing sources of V14. Therefore a versioned link to the source archives of the latest version would simplify things a lot, especially adding patches released for the latest version. As well as reporting the following addition. Further I have added a doc directory stub, containing the configuration examples found in thread http://dovecot.2317879.n4.nabble.com/dovecot-metadata-8-released-tp10091.html Greetings Christoph -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot-metadata-0.14.0-package.patch Type: text/x-patch Size: 8559 bytes Desc: not available URL: From hummel at pasteur.fr Mon Aug 5 19:34:18 2013 From: hummel at pasteur.fr (Thomas Hummel) Date: Mon, 5 Aug 2013 18:34:18 +0200 Subject: [Dovecot] Unlock non existent locks In-Reply-To: <1375447127.31867.25.camel@innu.dovecot.net> References: <20130802123054.GA7196@parmesan.sis.pasteur.fr> <1375447127.31867.25.camel@innu.dovecot.net> Message-ID: <20130805163416.GA4000@parmesan.sis.pasteur.fr> On Fri, Aug 02, 2013 at 03:38:47PM +0300, Timo Sirainen wrote: > Since you have only one Dovecot accessing the NFS, you don't need either > mail_nfs_storage=yes or mail_nfs_index=yes. My guess is that by setting > those to "no", you'll also solve this: > > > 2013-08-02T14:12:29+02:00 <0.5> XXXX-10(id10) /boot/kernel.amd64/kernel: [lkf_delegate.c:2752](pid 46390="kt: dwt3")(tid=101282) dev_local_lkf_unlock(): no lock entry present to unlock for resource: 1:19d5:fdbe ;client: 0xa51cc3f444107 Thanks, I'll try that but that wouldn't be a good solution for when I'd want to use more dovecot servers anyway. My tests using a simple fcntl() C program (unlock a non-locked file) is giving me a hard time figuring out what conditions cause the file server to log this message : On some Isilon node/destination IP combinations, I'd have the message, on other I wouldn't. Still, it seems I cannot reproduce the problem on any other hosts (mounting this server) than the one running the dovecot server. Oddly enough, my fcntl test causes this message even with dovecot stopped, statd and lockd restarted and the filesystem un-and-re-mounted while the same setup (up to date via FreeBSD update, i.e. same base, same nfs client) would not make the server log the message. Anyway, the problem seems harmless. But is it legit that dovecot try to unlock non (or no more) locked files as it seems ? Thanks for your help. -- Thomas Hummel | Institut Pasteur | Groupe Exploitation et Infrastructure From tss at iki.fi Mon Aug 5 19:38:59 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 19:38:59 +0300 Subject: [Dovecot] Unlock non existent locks In-Reply-To: <20130805163416.GA4000@parmesan.sis.pasteur.fr> References: <20130802123054.GA7196@parmesan.sis.pasteur.fr> <1375447127.31867.25.camel@innu.dovecot.net> <20130805163416.GA4000@parmesan.sis.pasteur.fr> Message-ID: On 5.8.2013, at 19.34, Thomas Hummel wrote: > On Fri, Aug 02, 2013 at 03:38:47PM +0300, Timo Sirainen wrote: > >> Since you have only one Dovecot accessing the NFS, you don't need either >> mail_nfs_storage=yes or mail_nfs_index=yes. My guess is that by setting >> those to "no", you'll also solve this: >> >>> 2013-08-02T14:12:29+02:00 <0.5> XXXX-10(id10) /boot/kernel.amd64/kernel: [lkf_delegate.c:2752](pid 46390="kt: dwt3")(tid=101282) dev_local_lkf_unlock(): no lock entry present to unlock for resource: 1:19d5:fdbe ;client: 0xa51cc3f444107 > > Thanks, I'll try that but that wouldn't be a good solution for when I'd want to > use more dovecot servers anyway. mail_nfs_*=yes wouldn't be a good solution even when you add more servers! Director is the only safe way to do it, and mail_nfs_*=yes isn't required with director. > Anyway, the problem seems harmless. But is it legit that dovecot try to unlock > non (or no more) locked files as it seems ? The NFS workarounds code is doing some ugly stuff. I thought it would have, but looking at the code it doesn't seem so. But still easier to debug if you first see if the problem is with the NFS workarounds or the lib-index code. With lib-index you could also use lock_method=dotlock to see if that works better (although performance will be slightly worse also then). From Francesco.Prelz at mi.infn.it Mon Aug 5 19:46:25 2013 From: Francesco.Prelz at mi.infn.it (Francesco Prelz) Date: Mon, 5 Aug 2013 18:46:25 +0200 (CEST) Subject: [Dovecot] Corrupted mboxes with v2.2.4, posix_fallocate and GFS2 Message-ID: Hi, on a clustered Dovecot server installation that was recently moved from a shared GPFS filesystem to GFS2, occasional corruptions in the users' INBOXes started appearing, where a new incoming message would be appended directly after a block of NUL bytes, and be scanned by dovecot as being glued to the preceding message. I traced this to the file extension operation performed in mbox_sync_handle_eof_updates, where the 'file_set_size' call is used. If available, file_set_size will use the posix_fallocate call. In GFS2 posix_fallocate increases the file size in 4 kB chunks (there seems to be no guarantee anyway that posix_allocate will extend a file by the exact size requested). After a successful posix_fallocate call, mbox_sync_handle_eof_updates currently proceeds in rewriting the mailbox starting from the originally intended 'file_size': 1306 if (file_set_size(sync_ctx->write_fd, 1307 file_size + -sync_ctx->space_diff) < 0) { 1308 mbox_set_syscall_error(sync_ctx->mbox, 1309 "file_set_size()"); 1310 if (ftruncate(sync_ctx->write_fd, file_size) < 0) { 1311 mbox_set_syscall_error(sync_ctx->mbox, 1312 "ftruncate()"); 1313 } 1314 return -1; 1315 } 1316 mbox_sync_file_updated(sync_ctx, FALSE); 1317 1318 if (mbox_sync_rewrite(sync_ctx, mail_ctx, file_size, 1319 -sync_ctx->space_diff, padding, 1320 sync_ctx->need_space_seq, 1321 sync_ctx->seq) < 0) 1322 return -1; When posix_fallocate extends the mailbox beyond the requested 'file_size', a variable size block of NUL bytes is left behind at the tail of the mailbox, with the side effects described above. I successfully worked around this issue by undefining HAVE_POSIX_FALLOCATE, as the performance penalty with falling back to direct block appends seems small. At least a size check (and possible truncation) after the mbox_sync_file_updated call above should probably be added. I thought that the issue would be anyway worth bringing to your attention. Thanks. Francesco Prelz INFN - Sezione di Milano From e-frog at gmx.de Mon Aug 5 19:56:09 2013 From: e-frog at gmx.de (e-frog) Date: Mon, 05 Aug 2013 18:56:09 +0200 Subject: [Dovecot] problems with doveadm In-Reply-To: <2B2E5A69-2E5D-4978-A277-8FB23F1FD36E@iki.fi> References: <51FCE894.7000007@xtlv.cn> <2B2E5A69-2E5D-4978-A277-8FB23F1FD36E@iki.fi> Message-ID: <51FFD929.3050403@gmx.de> On 04.08.2013 15:06, wrote Timo Sirainen: > On 3.8.2013, at 14.25, listserv wrote: > >> doveadm expunge -A mailbox Trash savedbefore 7d >> => kernel: doveadm[11609]: segfault at 10 ip b75f146a sp bf856ad0 error 4 in >> libdovecot.so.0.0.0[b7585000+c8000] > > gdb backtrace would be useful, for example: > > gdb --args doveadm expunge -A mailbox Trash savedbefore 7d > run > bt full > Could this be related to http://www.dovecot.org/list/dovecot/2013-August/091695.html? From tss at iki.fi Mon Aug 5 20:13:00 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 20:13:00 +0300 Subject: [Dovecot] problems with doveadm In-Reply-To: <51FFD929.3050403@gmx.de> References: <51FCE894.7000007@xtlv.cn> <2B2E5A69-2E5D-4978-A277-8FB23F1FD36E@iki.fi> <51FFD929.3050403@gmx.de> Message-ID: <57F3399B-7035-4023-9C22-8F61BE9EB8D5@iki.fi> On 5.8.2013, at 19.56, e-frog wrote: > On 04.08.2013 15:06, wrote Timo Sirainen: >> On 3.8.2013, at 14.25, listserv wrote: >> >>> doveadm expunge -A mailbox Trash savedbefore 7d >>> => kernel: doveadm[11609]: segfault at 10 ip b75f146a sp bf856ad0 error 4 in >>> libdovecot.so.0.0.0[b7585000+c8000] >> >> gdb backtrace would be useful, for example: >> >> gdb --args doveadm expunge -A mailbox Trash savedbefore 7d >> run >> bt full >> > > Could this be related to http://www.dovecot.org/list/dovecot/2013-August/091695.html? Oh, I had accidentally marked that mail as "seen" before fixing. This should fix both the crashes: http://hg.dovecot.org/dovecot-2.2/rev/1adb8998c2a6 From rob0 at gmx.co.uk Mon Aug 5 20:22:14 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 5 Aug 2013 12:22:14 -0500 Subject: [Dovecot] Maildir Synchronization warnings In-Reply-To: <1375447024.31867.23.camel@innu.dovecot.net> References: <1375432616.60451.YahooMailNeo@web193504.mail.sg3.yahoo.com> <51FB8D8B.70803@Media-Brokers.com> <1375446086.2193.YahooMailNeo@web193505.mail.sg3.yahoo.com> <1375447024.31867.23.camel@innu.dovecot.net> Message-ID: <20130805172214.GO13717@harrier.slackbuilds.org> On Fri, Aug 02, 2013 at 03:37:04PM +0300, Timo Sirainen wrote: > On Fri, 2013-08-02 at 20:21 +0800, Kavish Karkera wrote: > > > We have 2 pop/imap servers running with director. > > > > Dovecot version = 2.1.12 > > Dovecot version = 2.1.13 > .. > > mail_nfs_index = yes > > mail_nfs_storage = yes > > To improve performance you can remove these two since you're using > director. Also you could set maildir_very_dirty_syncs=yes. What about mail_fsync=always and mmap_disable=yes? These are needed for non-director NFS, but what about with director? -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From e-frog at gmx.de Mon Aug 5 20:24:02 2013 From: e-frog at gmx.de (e-frog) Date: Mon, 05 Aug 2013 19:24:02 +0200 Subject: [Dovecot] problems with doveadm In-Reply-To: <57F3399B-7035-4023-9C22-8F61BE9EB8D5@iki.fi> References: <51FCE894.7000007@xtlv.cn> <2B2E5A69-2E5D-4978-A277-8FB23F1FD36E@iki.fi> <51FFD929.3050403@gmx.de> <57F3399B-7035-4023-9C22-8F61BE9EB8D5@iki.fi> Message-ID: <51FFDFB2.6020007@gmx.de> On 05.08.2013 19:13, wrote Timo Sirainen: > On 5.8.2013, at 19.56, e-frog wrote: > >> On 04.08.2013 15:06, wrote Timo Sirainen: >>> On 3.8.2013, at 14.25, listserv wrote: >>> >>>> doveadm expunge -A mailbox Trash savedbefore 7d >>>> => kernel: doveadm[11609]: segfault at 10 ip b75f146a sp bf856ad0 error 4 in >>>> libdovecot.so.0.0.0[b7585000+c8000] >>> >>> gdb backtrace would be useful, for example: >>> >>> gdb --args doveadm expunge -A mailbox Trash savedbefore 7d >>> run >>> bt full >>> >> >> Could this be related to http://www.dovecot.org/list/dovecot/2013-August/091695.html? > > Oh, I had accidentally marked that mail as "seen" before fixing. This should fix both the crashes: > http://hg.dovecot.org/dovecot-2.2/rev/1adb8998c2a6 > Thanks Timo. Just wanted to try it but now I get an compilation error which is unrelated to this fix however: Making all in dns make[4]: Entering directory `/?PKGBUILDDIR?/src/dns' i686-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-master -I../../src/lib-settings -D_FORTIFY_SOURCE=2 -std=gnu99 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -MT dns-client.o -MD -MP -MF .deps/dns-client.Tpo -c -o dns-client.o dns-client.c dns-client.c: In function 'dns_client_input_line': dns-client.c:39:10: error: 'EAI_ADDRFAMILY' undeclared (first use in this function) dns-client.c:39:10: note: each undeclared identifier is reported only once for each function it appears in make[4]: *** [dns-client.o] Error 1 make[4]: Leaving directory `/?PKGBUILDDIR?/src/dns' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/?PKGBUILDDIR?/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/?PKGBUILDDIR?' make[1]: *** [all] Error 2 make[1]: Leaving directory `/?PKGBUILDDIR?' make: *** [build-stamp] Error 2 This is on Linux 3.8.0-27-generic i686 Ubuntu 13.04 From tss at iki.fi Mon Aug 5 20:29:13 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 20:29:13 +0300 Subject: [Dovecot] Corrupted mboxes with v2.2.4, posix_fallocate and GFS2 In-Reply-To: References: Message-ID: On 5.8.2013, at 19.46, Francesco Prelz wrote: > on a clustered Dovecot server installation that was recently moved from a > shared GPFS filesystem to GFS2, occasional corruptions in the users' > INBOXes started appearing, where a new incoming message would be appended directly after a block of NUL bytes, and be scanned by dovecot as being > glued to the preceding message. > > I traced this to the file extension operation performed in > mbox_sync_handle_eof_updates, where the 'file_set_size' call > is used. If available, file_set_size will use the posix_fallocate > call. In GFS2 posix_fallocate increases the file size in 4 kB chunks > (there seems to be no guarantee anyway that posix_allocate will > extend a file by the exact size requested). I think that's a bug in GFS2. I understand posix_fallocate() man page to clearly say that it grows the file to the specified offset+len, not any higher. So could be a good idea to report it to their developers if they're not aware of it.. Anyway, I thought I'd just get rid of the whole syscall since it's not very useful anyway: http://hg.dovecot.org/dovecot-2.2/rev/42b2736f146b From tss at iki.fi Mon Aug 5 20:33:40 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 20:33:40 +0300 Subject: [Dovecot] problems with doveadm In-Reply-To: <51FFDFB2.6020007@gmx.de> References: <51FCE894.7000007@xtlv.cn> <2B2E5A69-2E5D-4978-A277-8FB23F1FD36E@iki.fi> <51FFD929.3050403@gmx.de> <57F3399B-7035-4023-9C22-8F61BE9EB8D5@iki.fi> <51FFDFB2.6020007@gmx.de> Message-ID: On 5.8.2013, at 20.24, e-frog wrote: > Thanks Timo. Just wanted to try it but now I get an compilation error which is unrelated to this fix however: > > dns-client.c: In function 'dns_client_input_line': > dns-client.c:39:10: error: 'EAI_ADDRFAMILY' undeclared (first use in this function) > dns-client.c:39:10: note: each undeclared identifier is reported only once for each function it appears in Oops, happens with me too :) And it wasn't supposed to be using it anyway, fixed now. From tss at iki.fi Mon Aug 5 20:41:09 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 20:41:09 +0300 Subject: [Dovecot] Maildir Synchronization warnings In-Reply-To: <20130805172214.GO13717@harrier.slackbuilds.org> References: <1375432616.60451.YahooMailNeo@web193504.mail.sg3.yahoo.com> <51FB8D8B.70803@Media-Brokers.com> <1375446086.2193.YahooMailNeo@web193505.mail.sg3.yahoo.com> <1375447024.31867.23.camel@innu.dovecot.net> <20130805172214.GO13717@harrier.slackbuilds.org> Message-ID: On 5.8.2013, at 20.22, /dev/rob0 wrote: >> To improve performance you can remove these two since you're using >> director. Also you could set maildir_very_dirty_syncs=yes. > > What about mail_fsync=always and mmap_disable=yes? These are needed > for non-director NFS, but what about with director? I'm not sure if mail_fsync=always is strictly required, but I don't think it's going to give you any performance improvements in any case. With mail_fsync=always the file is flushed to NFS storage in the fsync() call, while with mail_fsync=never the file is flushed to NFS storage in close() call. In both cases it's going to be flushed, but in error cases it's more confusing to see close() fail. mmap_disable=yes isn't required, but if the NFS storage dies the processes start dying with SIGBUS instead of logging "read() failed: Input/output error". I'm not entirely sure how changing it affects performance. Could be worse or could be better. If someone finds our let me know. :) From tss at iki.fi Mon Aug 5 20:46:45 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 20:46:45 +0300 Subject: [Dovecot] ACL not copied to new mailboxes In-Reply-To: <51FF8D98.6070907@eteleon.de> References: <51FF8D98.6070907@eteleon.de> Message-ID: <5A55DFEE-9961-4120-A48D-ED85BF21ECC8@iki.fi> On 5.8.2013, at 14.33, Markus Weippert wrote: > I had some trouble with ACLs not being copied to new child mailboxes in > dovecot 2.2.4. It doesn't matter whether it's a private, shared or > public mailbox I create the folder in, the ACLs just seems to be ignored. > Anyway, I debugged the executable and came up with the attached patch. > Since I'm not a developer, I'm not 100% sure about this but it works for > me now. Thanks. I fixed it another way: http://hg.dovecot.org/dovecot-2.2/rev/a3f645bc5195 From tss at iki.fi Mon Aug 5 20:54:25 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 20:54:25 +0300 Subject: [Dovecot] Error: dict client sent broken reply In-Reply-To: <0b8beb24a830ec79044996616a0e6614.squirrel@www.giz-works.com> References: <0b8beb24a830ec79044996616a0e6614.squirrel@www.giz-works.com> Message-ID: On 20.5.2013, at 0.33, Chris Richards wrote: > doveadm(someuseraccount at somedomain): Error: dict client > (/var/run/dovecot/dict) sent broken reply > doveadm(someuseraccount at somedomain): Error: Dictionary iteration failed > doveadm: Error: Failed to iterate through some users .. > dovecot: dict: Error: dict client: COMMIT: Can't commit while iterating .. > # 2.1.12: /etc/dovecot/dovecot.conf There are a few fixes in lib-dict since v2.1.12. Also v2.2 has one more fix, which I just added to v2.1 hg. Would be helpful to know if one of those fixes the problem before I spend a lot of time testing this.. From tss at iki.fi Mon Aug 5 21:01:13 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 21:01:13 +0300 Subject: [Dovecot] Passing data safely in password_key? In-Reply-To: <51FC1740.8000303@fsn.hu> References: <51F50542.9080103@fsn.hu> <51F61818.8010500@fsn.hu> <1375446762.31867.20.camel@innu.dovecot.net> <51FC1740.8000303@fsn.hu> Message-ID: On 2.8.2013, at 23.32, Attila Nagy wrote: > On 08/02/2013 02:32 PM, Timo Sirainen wrote: >> On Mon, 2013-07-29 at 09:22 +0200, Attila Nagy wrote: >> >>> On 07/28/13 13:49, Attila Nagy wrote: >>> >>>> Hi, >>>> >>>> I would like to convert my custom POP/IMAP proxy to Dovecot's. In this >>>> proxy I do more than giving back user name, password and the host and >>>> I need extra information. >>>> Luckily all of them are available as variables, but more than one >>>> comes as user input (like user name and cleartext password) and I'm >>>> not sure how to pass them safely. >>>> Obviously I would need a separator, which is guaranteed not to show up >>>> either in user name and the cleartext password. >>>> Should I use escape (%E) here, or is there a better way? >>>> >>>> >>> Just for the record, this is what I use currently: >>> password_key = dovecot/passdb^MAuth-User: %u^MAuth-Pass: >>> %w^MAuth-Protocol: %s^M >>> Client-IP: %r^M >>> >> I have no idea what you're talking about. What is password_key? The >> password that is being sent to the backend IMAP/POP3 server? >> >> >> > RTFM? ;) > > http://wiki2.dovecot.org/AuthDatabase/Dict?highlight=%28password_key%29 Ah, dict auth. Yeah, you need to escape the user-given username and password. They can both contain all characters, including CR and LF. (Although auth_username_chars by default disables all the bad chars.) Looks like %E is the only possibility currently. The %E escapes " \ and ' characters only. So you could for example use Auth-User: "%Eu" with quotes and make sure you handle the unescaping correctly. Or maybe you could just use \; or something as the separator since %E only gives you \" \\ and \'. From tss at iki.fi Mon Aug 5 21:19:40 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 21:19:40 +0300 Subject: [Dovecot] attachments not with email causing FETCH BODY[] failed In-Reply-To: References: Message-ID: <2795CFB2-A1BA-4114-AFD1-D038AB7A2EC6@iki.fi> On 21.7.2013, at 17.12, Anand Kumria wrote: > Anyone else experiencing this (Dovecot 2.2.4, attachments stored > separately): > > dovecot: imap(user at kamdha.com): Error: file_istream.open(/home/ > example.com/user/attachments/f5/f0/f5f0f2c08c4311fa404d090a703c3b492f2ea718-a52388285a04eb51820c0000d485234e-c92f64f79f0d1ed01e6d5b314f04886c-42501) > failed: No such file or directory > dovecot: imap(user at example.com): Error: read(BODY[]) failed: No such file > or directory (FETCH for mailbox INBOX UID 42501) > dovecot: imap(user at example.com): Disconnected: FETCH failed in=186 out=86389 I can think of one reason why this would happen that doesn't involve an actual Dovecot bug: First session starts fetching the message. It manages to open the sdbox file. Another sesssion deletes the mail and the attachment. The first session can still read the sdbox file, but can't access the attachment. But unless you were stress testing, this is quite unlikely. > - how might this occurred? > - what is the best way to find the corrupted message? > - how should I go about fixing this? I'd also like to know how it could have happened (other than accidental rm -rf). You could also later try again to read the mail, for example: doveadm fetch -u user at kamdha.com text mailbox inbox uid 42501 Does that fail with the same error? Do you see anything with: ls /home/example.com/user/attachments/f5/f0/f5f0f2c08c4311fa404d090a703c3b492f2ea718* From e-frog at gmx.de Mon Aug 5 21:28:24 2013 From: e-frog at gmx.de (e-frog) Date: Mon, 05 Aug 2013 20:28:24 +0200 Subject: [Dovecot] problems with doveadm In-Reply-To: References: <51FCE894.7000007@xtlv.cn> <2B2E5A69-2E5D-4978-A277-8FB23F1FD36E@iki.fi> <51FFD929.3050403@gmx.de> <57F3399B-7035-4023-9C22-8F61BE9EB8D5@iki.fi> <51FFDFB2.6020007@gmx.de> Message-ID: <51FFEEC8.6050606@gmx.de> On 05.08.2013 19:33, wrote Timo Sirainen: > On 5.8.2013, at 20.24, e-frog wrote: > >> Thanks Timo. Just wanted to try it but now I get an compilation error which is unrelated to this fix however: >> >> dns-client.c: In function 'dns_client_input_line': >> dns-client.c:39:10: error: 'EAI_ADDRFAMILY' undeclared (first use in this function) >> dns-client.c:39:10: note: each undeclared identifier is reported only once for each function it appears in > > Oops, happens with me too :) And it wasn't supposed to be using it anyway, fixed now. > Ok, it compiled again :). However now it's assert crashing :-( doveadm mailbox status -A -t unseen 'virtual/unread' test1 at local.lan unseen=1 doveadm: Panic: file ioloop.c: line 494 (io_loop_destroy): assertion failed: (ioloop == current_ioloop) doveadm: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x5adaa) [0xb7554daa] -> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x47) [0xb7554ec7] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0xb750cf66] -> /usr/lib/dovecot/libdovecot.so.0(+0x6cced) [0xb7566ced] -> /usr/lib/dovecot/libdovecot.so.0(master_service_deinit+0xe6) [0xb7513646] -> doveadm(main+0x442) [0xb7757932] -> /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0xb7360935] -> doveadm(+0xeb9d) [0xb7757b9d] Aborted (core dumped) Core was generated by `doveadm mailbox status -A -t unseen virtual/unread'. Program terminated with signal 6, Aborted. #0 0xb7726424 in __kernel_vsyscall () (gdb) bt full #0 0xb7726424 in __kernel_vsyscall () No symbol table info available. #1 0xb7375b1f in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 resultvar = resultvar = pid = -1219534848 selftid = 13193 #2 0xb73790b3 in __GI_abort () at abort.c:90 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0x1f3, sa_sigaction = 0x1f3}, sa_mask = {__val = {3076049190, 3075527839, 3108510040, 10, 3075818317, 3076242424, 3108510040, 3076242424, 0, 3075819944, 3218587852, 10, 3218587940, 3075969388, 3108509480, 512, 3076242424, 0, 3076242424, 2, 2, 3075820786, 3076244464, 2, 3076041829, 3218587940, 3108509480, 3076242424, 3073640072, 3075526703, 3076244464, 3076041829}}, sa_flags = -1076379356, sa_restorer = 0xb750cffe } sigs = {__val = {32, 0 }} #3 0xb7554dc0 in default_fatal_finish (type=, status=status at entry=0) at failures.c:191 backtrace = 0xb9481748 "/usr/lib/dovecot/libdovecot.so.0(+0x5adaa) [0xb7554daa] -> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x47) [0xb7554ec7] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0xb750cf66] -> /usr"... #4 0xb7554ec7 in default_fatal_handler (ctx=0xbfd7c194, format=0xb7580564 "file %s: line %d (%s): assertion failed: (%s)", args=0xbfd7c1b4 "L\310X\267\356\001") at failures.c:205 status = 0 #5 0xb750cf66 in i_panic (format=format at entry=0xb7580564 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:263 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = 0xbfd7c1b4 "L\310X\267\356\001" #6 0xb7566ced in io_loop_destroy (_ioloop=_ioloop at entry=0xb94899d8) at ioloop.c:494 ioloop = 0xb9489ab0 item = 0x0 __FUNCTION__ = "io_loop_destroy" #7 0xb7513646 in master_service_deinit (_service=0xb75bebd4 ) at master-service.c:763 service = 0xb94899d8 #8 0xb7757932 in main (argc=6, argv=0xb94891d4) at doveadm.c:416 cmd_name = 0xb94891f8 "mailbox" i = quick_init = false c = From wildfire at progsoc.org Mon Aug 5 21:38:42 2013 From: wildfire at progsoc.org (Anand Kumria) Date: Mon, 5 Aug 2013 19:38:42 +0100 Subject: [Dovecot] attachments not with email causing FETCH BODY[] failed In-Reply-To: <2795CFB2-A1BA-4114-AFD1-D038AB7A2EC6@iki.fi> References: <2795CFB2-A1BA-4114-AFD1-D038AB7A2EC6@iki.fi> Message-ID: Hi Timo, On 5 August 2013 19:19, Timo Sirainen wrote: > On 21.7.2013, at 17.12, Anand Kumria wrote: > > > Anyone else experiencing this (Dovecot 2.2.4, attachments stored > > separately): > > > > dovecot: imap(user at kamdha.com): Error: file_istream.open(/home/ > > > example.com/user/attachments/f5/f0/f5f0f2c08c4311fa404d090a703c3b492f2ea718-a52388285a04eb51820c0000d485234e-c92f64f79f0d1ed01e6d5b314f04886c-42501 > ) > > failed: No such file or directory > > dovecot: imap(user at example.com): Error: read(BODY[]) failed: No such > file > > or directory (FETCH for mailbox INBOX UID 42501) > > dovecot: imap(user at example.com): Disconnected: FETCH failed in=186 > out=86389 > > I can think of one reason why this would happen that doesn't involve an > actual Dovecot bug: > > First session starts fetching the message. It manages to open the sdbox > file. Another sesssion deletes the mail and the attachment. The first > session can still read the sdbox file, but can't access the attachment. But > unless you were stress testing, this is quite unlikely. > > > - how might this occurred? > > - what is the best way to find the corrupted message? > > - how should I go about fixing this? > > I'd also like to know how it could have happened (other than accidental rm > -rf). You could also later try again to read the mail, for example: > I actually have to make an effort to get access to the box, so it wasn't anything on the command line. > > doveadm fetch -u user at kamdha.com text mailbox inbox uid 42501 > > Does that fail with the same error? Yes. > Do you see anything with: > > ls /home/ > example.com/user/attachments/f5/f0/f5f0f2c08c4311fa404d090a703c3b492f2ea718* > > > No I did some further analysis and after learning how 'doveadm fetch' works, all the problem messages have a common problem. Basically it appears that I configured: userA at example.com and userA at kamdha.com to *both* have the same storage location. i.e. /home/kamdha/com/user And the 'mail_location' variable is set to 'sdbox:~/mail' *AND* 'mail_attachment_dir' is specified as '/home/%d/%u/attachments'. The primary domain is kamdha.com; all of the problem messages are addressed to userA at example.com. So if something was sent to userA at example.com it would wind up in /home/ example.com/userA/..../ but the mail in /home/kamdha.com/userA would reference a location that it didn't know about. My read of things was that '~' is *ONLY* valid in mail_location. If I could specify mail_attachment_dir to be '~/attachments', then things should work. Is my read of things correct? Thanks, Anand From tss at iki.fi Mon Aug 5 22:16:47 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 22:16:47 +0300 Subject: [Dovecot] problems with doveadm In-Reply-To: <51FFEEC8.6050606@gmx.de> References: <51FCE894.7000007@xtlv.cn> <2B2E5A69-2E5D-4978-A277-8FB23F1FD36E@iki.fi> <51FFD929.3050403@gmx.de> <57F3399B-7035-4023-9C22-8F61BE9EB8D5@iki.fi> <51FFDFB2.6020007@gmx.de> <51FFEEC8.6050606@gmx.de> Message-ID: <21342D23-3C2B-4B39-B6DF-AFA19886BC71@iki.fi> On 5.8.2013, at 21.28, e-frog wrote: > On 05.08.2013 19:33, wrote Timo Sirainen: >> On 5.8.2013, at 20.24, e-frog wrote: >> >>> Thanks Timo. Just wanted to try it but now I get an compilation error which is unrelated to this fix however: >>> >>> dns-client.c: In function 'dns_client_input_line': >>> dns-client.c:39:10: error: 'EAI_ADDRFAMILY' undeclared (first use in this function) >>> dns-client.c:39:10: note: each undeclared identifier is reported only once for each function it appears in >> >> Oops, happens with me too :) And it wasn't supposed to be using it anyway, fixed now. >> > > Ok, it compiled again :). However now it's assert crashing :-( The latest hg should work now, at least in my tests. From tss at iki.fi Mon Aug 5 22:18:11 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 22:18:11 +0300 Subject: [Dovecot] attachments not with email causing FETCH BODY[] failed In-Reply-To: References: <2795CFB2-A1BA-4114-AFD1-D038AB7A2EC6@iki.fi> Message-ID: <6BC7BBAF-F829-4B8B-9936-3CC3E2AE0284@iki.fi> On 5.8.2013, at 21.38, Anand Kumria wrote: > Basically it appears that I configured: > > userA at example.com > > and > > userA at kamdha.com > > to *both* have the same storage location. > > i.e. /home/kamdha/com/user > > And the 'mail_location' variable is set to 'sdbox:~/mail' > > *AND* 'mail_attachment_dir' is specified as '/home/%d/%u/attachments'. > > The primary domain is kamdha.com; all of the problem messages are addressed > to userA at example.com. > > So if something was sent to userA at example.com it would wind up in /home/ > example.com/userA/..../ but the mail in /home/kamdha.com/userA would > reference a location that it didn't know about. Ah, that explains it. > My read of things was that '~' is *ONLY* valid in mail_location. If I could > specify mail_attachment_dir to be '~/attachments', then things should work. You can use %h/attachments. From e-frog at gmx.de Mon Aug 5 22:56:13 2013 From: e-frog at gmx.de (e-frog) Date: Mon, 05 Aug 2013 21:56:13 +0200 Subject: [Dovecot] problems with doveadm In-Reply-To: <21342D23-3C2B-4B39-B6DF-AFA19886BC71@iki.fi> References: <51FCE894.7000007@xtlv.cn> <2B2E5A69-2E5D-4978-A277-8FB23F1FD36E@iki.fi> <51FFD929.3050403@gmx.de> <57F3399B-7035-4023-9C22-8F61BE9EB8D5@iki.fi> <51FFDFB2.6020007@gmx.de> <51FFEEC8.6050606@gmx.de> <21342D23-3C2B-4B39-B6DF-AFA19886BC71@iki.fi> Message-ID: <5200035D.7090805@gmx.de> On 05.08.2013 21:16, wrote Timo Sirainen: > On 5.8.2013, at 21.28, e-frog wrote: > >> On 05.08.2013 19:33, wrote Timo Sirainen: >>> On 5.8.2013, at 20.24, e-frog wrote: >>> >>>> Thanks Timo. Just wanted to try it but now I get an compilation error which is unrelated to this fix however: >>>> >>>> dns-client.c: In function 'dns_client_input_line': >>>> dns-client.c:39:10: error: 'EAI_ADDRFAMILY' undeclared (first use in this function) >>>> dns-client.c:39:10: note: each undeclared identifier is reported only once for each function it appears in >>> >>> Oops, happens with me too :) And it wasn't supposed to be using it anyway, fixed now. >>> >> >> Ok, it compiled again :). However now it's assert crashing :-( > > The latest hg should work now, at least in my tests. > Yes, confirmed works now for me again as well. Thanks! From tss at iki.fi Mon Aug 5 23:03:38 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 Aug 2013 23:03:38 +0300 Subject: [Dovecot] v2.2.5 released Message-ID: <0C48EA24-94B5-4E35-855D-41282D6CA940@iki.fi> http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz.sig So, I'm back from the first vacation I've had in about 10 years. (Well, maybe there were a few short ones.) I was planning on coding it the whole time, but looks like I didn't manage to get anything at all done. Maybe that's a good vacation?.. Anyway, I've still a few more pending things to look into, but it's been too long since v2.2.4 so here are the fixes so far. + SSL: Added support for ECDH/ECDHE cipher suites (by David Hicks) + Added some missing man pages (by Pascal Volk) + quota-status: Added quota_status_toolarge setting (by Ulrich Zehl) - director: Users near expiration could have been redirected to different servers at the same time. - pop3: Avoid assert-crash if client disconnects during LIST. - mdbox: Corrupted index header still wasn't automatically fixed. - dsync: Various fixes to work better with imapc and pop3c storages. - ldap: sasl_bind=yes caused crashes, because Dovecot's lib-sasl symbols conflicted with Cyrus SASL library. - imap: Various error handling fixes to CATENATE. (Found using Apple's stress test script.) From blynch at ameliaschools.com Mon Aug 5 23:15:15 2013 From: blynch at ameliaschools.com (Bo Lynch) Date: Mon, 5 Aug 2013 16:15:15 -0400 (EDT) Subject: [Dovecot] Using ldap and pam Message-ID: <48021.69.21.103.130.1375733715.squirrel@ameliaschools.com> Having some issues with ldap logins. I am using Centos 5,dovecot-1.0.13-1.el5.rfx and openldap-servers-2.3.43-25.el5_8.1 Trying to get this to work with the SoGo interface. First I converted all my standard system users to ldap using the openldap-tools. This worked fine, however when a user changes there password they can no longer see there email. If they change it back to the original password mail can be seen. This has stumped me for a day or so so I was hoping someone could shed some light. /etc/dovecot.conf protocols = imap imaps disable_plaintext_auth = no mbox_read_locks = fcntl mbox_write_locks = fcntl protocol imap { } protocol pop3 { } protocol lda { postmaster_address = postmaster at example.com } auth default { mechanisms = plain login passdb pam { } passdb ldap { args = /etc/dovecot-ldap.pass } userdb passwd { } user = root user = root socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } } dict { } plugin { } /etc/dovecot-ldap.conf hosts = 127.0.0.1:389 sasl_bind = no auth_bind = yes auth_bind = no ldap_version = 3 deref = never dn = cn=sogo,dc=ameliaschools,dc=com dnpass=password base = dc=ameliaschools,dc=com scope = subtree pass_attrs = uid=user, userPassword=password pass_filter = (uid=%u) From Francesco.Prelz at mi.infn.it Mon Aug 5 23:55:29 2013 From: Francesco.Prelz at mi.infn.it (Francesco Prelz) Date: Mon, 5 Aug 2013 22:55:29 +0200 (CEST) Subject: [Dovecot] Corrupted mboxes with v2.2.4, posix_fallocate and GFS2 In-Reply-To: References: Message-ID: On Mon, 5 Aug 2013, Timo Sirainen wrote: > Anyway, I thought I'd just get rid of the whole syscall since it's not > very useful anyway: http://hg.dovecot.org/dovecot-2.2/rev/42b2736f146b Sounds fair enough. Thanks for the prompt turnaround! Francesco Prelz INFN-MI From AxelLuttgens at swing.be Tue Aug 6 00:12:57 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Mon, 5 Aug 2013 23:12:57 +0200 Subject: [Dovecot] problems with expire plugin In-Reply-To: <1715779.PL1BhhVnpK@jarvis> References: <1617119.BhFMf2OcFb@jarvis> <63C2F8C2-C6F6-49DB-992B-3F98D9D55ED4@swing.be> <1715779.PL1BhhVnpK@jarvis> Message-ID: <5145CA17-9A4E-4DBE-B6F4-D9323B1272D7@swing.be> Le 5 ao?t 2013 ? 15:10, Felix Rubio Dalmau a ?crit : > [...] Now the question is: How should I configure the expires to be different for different boxes? I see that the expires plugin keeps the track of the oldest message on the boxes tracked, only. Should I configure cronjobs like this, for each mailbox to be expunged? > > doveadm expunge -A mailbox Trash savedbefore d Hello Felix, This might be worth a new thread... Anyway, I think you are right about the need of having jobs run periodically. Perhaps could you devise a single job, by ORing your queries as described in the man page for doveadm-search-query(7); you may find an example at http://www.dovecot.org/list/dovecot/2012-August/067983.html. But I don't know which approach (multiple jobs vs single job) would be the most efficient. HTH, Axel From michael.abbott at apple.com Tue Aug 6 00:56:35 2013 From: michael.abbott at apple.com (Mike Abbott) Date: Mon, 05 Aug 2013 16:56:35 -0500 Subject: [Dovecot] script to test CATENATE In-Reply-To: References: <2FE70D92-8C50-4D9F-BBAF-387995E714CE@apple.com> Message-ID: > x append inbox catenate (url ;invalid; url {5} > > Dovecot replies with "+ OK" because it wants to read all the URLs into memory before parsing them, while catenate.pl expects an error message immediately. I see that Example 4 in Appendix A of RFC 4469 explicitly allows both models. Here's a patch to catenate.pl to expect dovecot-2.2's behavior. -------------- next part -------------- A non-text attachment was scrubbed... Name: catenate-patch Type: application/octet-stream Size: 1727 bytes Desc: not available URL: From jk at jkart.de Tue Aug 6 01:19:19 2013 From: jk at jkart.de (Jim Knuth) Date: Tue, 06 Aug 2013 00:19:19 +0200 Subject: [Dovecot] v2.2.5 released In-Reply-To: <0C48EA24-94B5-4E35-855D-41282D6CA940@iki.fi> References: <0C48EA24-94B5-4E35-855D-41282D6CA940@iki.fi> Message-ID: <520024E7.1040001@jkart.de> am 05.08.13 22:03 schrieb Timo Sirainen : > http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz.sig > > So, I'm back from the first vacation I've had in about 10 years. (Well, maybe there were a few short ones.) I was planning on coding it the whole time, but looks like I didn't manage to get anything at all done. Maybe that's a good vacation?.. Anyway, I've still a few more pending things to look into, but it's been too long since v2.2.4 so here are the fixes so far. > > + SSL: Added support for ECDH/ECDHE cipher suites (by David Hicks) > + Added some missing man pages (by Pascal Volk) > + quota-status: Added quota_status_toolarge setting (by Ulrich Zehl) > - director: Users near expiration could have been redirected to > different servers at the same time. > - pop3: Avoid assert-crash if client disconnects during LIST. > - mdbox: Corrupted index header still wasn't automatically fixed. > - dsync: Various fixes to work better with imapc and pop3c storages. > - ldap: sasl_bind=yes caused crashes, because Dovecot's lib-sasl > symbols conflicted with Cyrus SASL library. > - imap: Various error handling fixes to CATENATE. (Found using > Apple's stress test script.) > thank you. Which Pigeonhole (Sieve) must I use? -- Mit freundlichen Gr??en, with kind regards, Jim Knuth --------- Mit dem Geist ist es wie mit dem Magen: Mann kann ihm nur Dinge zumuten, die er verdauen kann. [Churchill] From jtam.home at gmail.com Tue Aug 6 01:34:44 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 5 Aug 2013 15:34:44 -0700 (PDT) Subject: [Dovecot] How to troubleshoot LDA or LMTP? In-Reply-To: References: Message-ID: John Williams writes: > *What doesn't work* I thought the next step would be to execute > dovecot-lda manually (as is suggested on the wiki and in numerous > newsgroup posts), but I can't figure out how to do this. When I execute > it as root and provide my non-root username via the -u option, it > hangs. I can see that it spawns a child process that executes as the > non-root user (specified with the -u option). So, could someone tell > how to execute dovecot-lda manually please? Maybe use "-d"? I had no trouble invoking dovecot-lda -c config-file -d user < mailfile If it doesn't work for you, I suggest process tracing it. > Also, when does LMTP process messages? When sending mail via SMTP, or > when reading mail via IMAP? I would prefer to use LMTP rather than > LDA. The former. Joseph Tam From john.williams at otago.ac.nz Tue Aug 6 03:29:39 2013 From: john.williams at otago.ac.nz (John Williams) Date: Tue, 06 Aug 2013 11:29:39 +1100 Subject: [Dovecot] How to troubleshoot LDA or LMTP? References: Message-ID: <87zjsvd5l8.fsf@otago.ac.nz> Joseph Tam writes: > John Williams writes: > >> *What doesn't work* I thought the next step would be to execute >> dovecot-lda manually (as is suggested on the wiki and in numerous >> newsgroup posts), but I can't figure out how to do this. When I execute >> it as root and provide my non-root username via the -u option, it >> hangs. I can see that it spawns a child process that executes as the >> non-root user (specified with the -u option). So, could someone tell >> how to execute dovecot-lda manually please? > > Maybe use "-d"? D'oh! I meant -d. *hangs head in shame* > > I had no trouble invoking > > dovecot-lda -c config-file -d user < mailfile Aha! Piping a message to the process was the step I was not aware of. Thanks Joseph! From gedalya at gedalya.net Tue Aug 6 04:57:05 2013 From: gedalya at gedalya.net (Gedalya) Date: Mon, 05 Aug 2013 21:57:05 -0400 Subject: [Dovecot] Error: dict client sent broken reply In-Reply-To: References: <0b8beb24a830ec79044996616a0e6614.squirrel@www.giz-works.com> Message-ID: <520057F1.3030104@gedalya.net> On 08/05/2013 01:54 PM, Timo Sirainen wrote: > On 20.5.2013, at 0.33, Chris Richards wrote: > >> doveadm(someuseraccount at somedomain): Error: dict client >> (/var/run/dovecot/dict) sent broken reply >> doveadm(someuseraccount at somedomain): Error: Dictionary iteration failed >> doveadm: Error: Failed to iterate through some users > .. >> dovecot: dict: Error: dict client: COMMIT: Can't commit while iterating > .. >> # 2.1.12: /etc/dovecot/dovecot.conf > There are a few fixes in lib-dict since v2.1.12. Also v2.2 has one more fix, which I just added to v2.1 hg. Would be helpful to know if one of those fixes the problem before I spend a lot of time testing this.. > In my case it's debian's 2.1.7, and I've since deleted the entire expires table which made the error go away. I'm just letting it slowly build up again, so far it's fine. So it's going to be hard for me to reproduce the problem. From alpotr at gmail.com Tue Aug 6 05:27:18 2013 From: alpotr at gmail.com (alfdc) Date: Mon, 5 Aug 2013 19:27:18 -0700 (PDT) Subject: [Dovecot] dovecot, spamassasin and lmtp Message-ID: <1375756038642-43709.post@n4.nabble.com> Hi, Ok, so I got rid of my procmail in favor of dovecot lmtp as my MDA. However, I lost the ability to tag the emails as SPAM or not. Before, this is done by procmail. Filtering is done by the Evolution client. Is there a way to do something similar now? I still want my filtering to be done by the Evolution. So I need something similar what procmail is doing i.e. altering the email header and putting some tag on it if it is a SPAM. Thanks. -- View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-spamassasin-and-lmtp-tp43709.html Sent from the Dovecot mailing list archive at Nabble.com. From gedalya at gedalya.net Tue Aug 6 05:34:26 2013 From: gedalya at gedalya.net (Gedalya) Date: Mon, 05 Aug 2013 22:34:26 -0400 Subject: [Dovecot] dovecot, spamassasin and lmtp In-Reply-To: <1375756038642-43709.post@n4.nabble.com> References: <1375756038642-43709.post@n4.nabble.com> Message-ID: <520060B2.1070300@gedalya.net> On 08/05/2013 10:27 PM, alfdc wrote: > Hi, > > Ok, so I got rid of my procmail in favor of dovecot lmtp as my MDA. > However, I lost the ability to tag the emails as SPAM or not. Before, this > is done by procmail. Filtering is done by the Evolution client. > > Is there a way to do something similar now? I still want my filtering to be > done by the Evolution. So I need something similar what procmail is doing > i.e. altering the email header and putting some tag on it if it is a SPAM. > > Thanks. > > > > > -- > View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-spamassasin-and-lmtp-tp43709.html > Sent from the Dovecot mailing list archive at Nabble.com. You didn't mention which MTA are you using? With either postfix or exim you can pass the email through spamassassin. Personally I like to invoke spamassassin out of exim's data ACL, getting only the score but not modifying the message, and adding the headers I want later in exim's routers. From alpotr at gmail.com Tue Aug 6 05:56:04 2013 From: alpotr at gmail.com (alfdc) Date: Mon, 5 Aug 2013 19:56:04 -0700 (PDT) Subject: [Dovecot] dovecot, spamassasin and lmtp In-Reply-To: <520060B2.1070300@gedalya.net> References: <1375756038642-43709.post@n4.nabble.com> <520060B2.1070300@gedalya.net> Message-ID: <1375757763974-43711.post@n4.nabble.com> Gedalya-2 wrote > You didn't mention which MTA are you using? Oh yes. My MTA is sendmail. And for sendmail the suggested way to trigger spamassasin is via procmail. But since procmail is gone then.... -- View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-spamassasin-and-lmtp-tp43709p43711.html Sent from the Dovecot mailing list archive at Nabble.com. From gedalya at gedalya.net Tue Aug 6 07:07:42 2013 From: gedalya at gedalya.net (Gedalya) Date: Tue, 06 Aug 2013 00:07:42 -0400 Subject: [Dovecot] dovecot, spamassasin and lmtp In-Reply-To: <1375757763974-43711.post@n4.nabble.com> References: <1375756038642-43709.post@n4.nabble.com> <520060B2.1070300@gedalya.net> <1375757763974-43711.post@n4.nabble.com> Message-ID: <5200768E.9090002@gedalya.net> On 08/05/2013 10:56 PM, alfdc wrote: > Gedalya-2 wrote >> You didn't mention which MTA are you using? > Oh yes. > > My MTA is sendmail. And for sendmail the suggested way to trigger > spamassasin is via procmail. But since procmail is gone then.... > > > > > -- > View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-spamassasin-and-lmtp-tp43709p43711.html > Sent from the Dovecot mailing list archive at Nabble.com. OK... there are programs allowing you to run spamassassin as a milter, the fact that these exist is the extent of my knowledge, but procmail is certainly not the only way. From skdovecot at smail.inf.fh-brs.de Tue Aug 6 09:37:44 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 6 Aug 2013 08:37:44 +0200 (CEST) Subject: [Dovecot] dovecot, spamassasin and lmtp In-Reply-To: <1375757763974-43711.post@n4.nabble.com> References: <1375756038642-43709.post@n4.nabble.com> <520060B2.1070300@gedalya.net> <1375757763974-43711.post@n4.nabble.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 5 Aug 2013, alfdc wrote: > My MTA is sendmail. And for sendmail the suggested way to trigger > spamassasin is via procmail. But since procmail is gone then.... see http://wiki.apache.org/spamassassin/IntegratedInMta procmail is just one way. If you know Perl (well), you can control mail message flow with MIMEDefang to every bit. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUgCZuV3r2wJMiz2NAQKTQAgAmhoUfkXgakLHZO+bQcJ2dPjFSnSEDcAr t3w0NeqYTWETPmKh55eX6ym9wi8WE6BVqFuIR0FT0a1V6FVxn5G985yruEfTKIFl r733gmdbBvJmHmAwVtMv4e4MTRSBwIljKXl0GbyjMLQlRAaDSJtXvqKgzRdcUbTE +DUJ8H1OM3mZ8znhijog232jEdgwigYB/0gVa68BSc7K0C/l9jIG0VFWSw+5RBWP ChEm/D0HT/8qzTOewD0ltaRAoKG7V1dr4BIDRPkInIJP+WgHTjQVTq5f3YrzZmL2 73tUeWGn6QsnulccmsyoLMTgiWf8SL0j1O9cpD1v7RntsJL+a6AasQ== =zDJu -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Tue Aug 6 09:41:56 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 6 Aug 2013 08:41:56 +0200 (CEST) Subject: [Dovecot] Using ldap and pam In-Reply-To: <48021.69.21.103.130.1375733715.squirrel@ameliaschools.com> References: <48021.69.21.103.130.1375733715.squirrel@ameliaschools.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 5 Aug 2013, Bo Lynch wrote: > Having some issues with ldap logins. I am using Centos > 5,dovecot-1.0.13-1.el5.rfx and openldap-servers-2.3.43-25.el5_8.1 > Trying to get this to work with the SoGo interface. First I converted all > my standard system users to ldap using the openldap-tools. This worked > fine, however when a user changes there password they can no longer see > there email. If they change it back to the original password mail can be > seen. This has stumped me for a day or so so I was hoping someone could > shed some light. What are in the logs? http://wiki1.dovecot.org/Logging see auth_debug=yes > /etc/dovecot.conf > protocols = imap imaps > disable_plaintext_auth = no > mbox_read_locks = fcntl > mbox_write_locks = fcntl > protocol imap { > } > protocol pop3 { > } > protocol lda { > postmaster_address = postmaster at example.com > } > auth default { > mechanisms = plain login > passdb pam { > } > passdb ldap { > args = /etc/dovecot-ldap.pass > } You first query PAM then LDAP. If your users are in passwd still, you get a failed password response. > userdb passwd { > } You read the user data from passwd? I think you've migrated to LDAP? > user = root > user = root > socket listen { > client { > path = /var/spool/postfix/private/auth > mode = 0660 > user = postfix > group = postfix > } > } > } > dict { > } > plugin { > } > > /etc/dovecot-ldap.conf > hosts = 127.0.0.1:389 > sasl_bind = no > auth_bind = yes > auth_bind = no > ldap_version = 3 > deref = never > dn = cn=sogo,dc=ameliaschools,dc=com > dnpass=password > base = dc=ameliaschools,dc=com > scope = subtree > pass_attrs = uid=user, userPassword=password > pass_filter = (uid=%u) > > > > > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUgCatF3r2wJMiz2NAQIbPwf/dv1WYwiUjLH/EXeWnBhan6ygb33Cw9yg gluh62cH0hr4yJMCYxvbfWqUS+BjtO01x5kXJuNFQf7EyZ9PjRXv5ElyGr7Q8yHo t4rpVn4s1tDm5xlxcR7HHCh2XUFlUDmA3vrOmn6CeddFUZgfEXXlhjaI9n35Kg/5 yrO71mDi60jhz5FM3MqFskM8cvgmwP/gWiW1fpsPVHXyQcQ/B//jKCMhGaEAwGOw 1ydN7JOwkYrlOnOEoO2OQ8wKHpH5dLXtYa0lt11DaV0CnLsb9784CYAsFrXvJwud HU8EKDaWDOnqoaBr76dkl+HvhB04MfmJAapyloJa4Qtm+smnH0Md0g== =dbUQ -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Tue Aug 6 09:50:58 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 6 Aug 2013 08:50:58 +0200 (CEST) Subject: [Dovecot] dovecot, spamassasin and lmtp In-Reply-To: References: <1375756038642-43709.post@n4.nabble.com> <520060B2.1070300@gedalya.net> <1375757763974-43711.post@n4.nabble.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 6 Aug 2013, Steffen Kaiser wrote: >> My MTA is sendmail. And for sendmail the suggested way to trigger >> spamassasin is via procmail. But since procmail is gone then.... > > see > http://wiki.apache.org/spamassassin/IntegratedInMta > > procmail is just one way. If you know Perl (well), you can control mail > message flow with MIMEDefang to every bit. Ah, for easy per-user scanning you could look at Pigeonhole's execute, filter, or pipe extension: http://wiki2.dovecot.org/Pigeonhole/Sieve/ - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUgCc0l3r2wJMiz2NAQI7OQgAn2kiDWel9GX+89vgaEfZD0Un8jRePbFw +YwfIsMGqZL72PtWI1onstuvvsWQAuESwHJa7oo1KfI0WKYn7N9Et51W9J/1RnIC Jjp5pUSiWsHPVfwP4Qo4l+6zHIjTC9IyJZg7oUbnWj5egAjrqwsOpXsSDUmrjwZb VZdHzzjOXSuoQbUCjPKhZvBjX8g6JdBEx9Rw7ge4gVy/tMScedipdzLBI7dnEB0M lTkv2s8/aIRn1/coskh+nW1YUyUrFgRVot4zqXLtVHXIr7fVzktq03Vf0x1qoX3/ IwcBgbLXU85CJEezwFJMx7kaIGUgj986AQubu/PVxBRoelrOvTiazQ== =RT0a -----END PGP SIGNATURE----- From hajo.locke at gmx.de Tue Aug 6 10:52:42 2013 From: hajo.locke at gmx.de (Hajo Locke) Date: Tue, 6 Aug 2013 09:52:42 +0200 Subject: [Dovecot] INBOX protected foldername? References: Message-ID: Hello, >> [...] >> In higher dovecot versions INBOX seems to be a kind of protected >> foldername. dovecot is not offering this folder in folderlist. If i >> rename it, the folder is available again. >> [...] >> Is there an explaination for this behaviour? > The case-insensitive mailbox name INBOX is a special name reserved to > mean "the primary mailbox for this user on this server". The > interpretation of all other names is implementation-dependent. Its not about the INBOX itself in /var/mail, there are some clients like groupoffice which do their own foldermanagment and create a Folder INBOX on top-level in mailspace Hiding user created folders with Name INBOX seems to be based on standard namespace config in 2.1.x In dovecot 2.1.7 we have in global: mail_location = mbox:~/mail:INBOX=/var/mail/%u namespace inbox { inbox = yes } This seems to be the default and leads to the problem that Folders with Name INBOX are hidden. Like suggested in http://wiki2.dovecot.org/Namespaces (Examples Mixed mbox and Maildir) i changed the standard namespace to: namespace inbox { separator = / prefix = "#mbox/" location = mbox:~/mail:INBOX=/var/mail/%u inbox = yes hidden = yes list = no } namespace mbox { separator = / prefix = location = mbox:~/mail } Because we are using mbox, i have to set up the 2nd namespace again with "location = mbox:~/mail". This works and Folders with Name INBOX are shown again. This namespace configuration looks a bit strange to me, but works. Is this a recommend way to do this? I dont want to get surprised by other behaviour. Thanks, Hajo From srf at sanger.ac.uk Tue Aug 6 12:01:29 2013 From: srf at sanger.ac.uk (Simon Fraser) Date: Tue, 06 Aug 2013 10:01:29 +0100 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <1375365764.15036.11.camel@ubu101751> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> Message-ID: <1375779689.7973.5.camel@ubu101751> Hello, For what it's worth, still experiencing these symptoms with 2.2.5. Thanks, Simon. On Thu, 2013-08-01 at 15:02 +0100, Simon Fraser wrote: > On Thu, 2013-08-01 at 15:09 +0300, Timo Sirainen wrote: > > On Fri, 2013-07-26 at 11:28 +0100, Simon Fraser wrote: > > > > > I am running dovecot 2.2.2 with tcp based replication, and experiencing > > > some duplicated emails. `doveconf -n` output is below. > > > > Are both of the servers using the same mailbox format? > > Yes, they are. `doveconf -n | grep mail_location` on both nodes gives: > mail_location = maildir:~/mail:INBOX=~/mail/INBOX > > I've also tried with mdbox. > > > > Connect with a mail client, and delete the message - without delayed > > > expunge. So, for example, mutt (press 'd' then '$' to sync the mailbox), > > > or Evolution set to immediately delete. > > > > Can you reproduce this by disabling automatic replication (e.g. just > > remove replicator from mail_plugins) and running dsync manually? So > > basically delete the message, then run: > > > > doveadm sync -r rawlog -u user at domain -d > > > > If that reproduces it, send the rawlog to me. > > I can't reproduce it with that, sorry. Message deletion appears to work > that way, and the command only produces I/O leak errors: > > dsync-local(srf at sanger.ac.uk): Warning: I/O leak: 0x7f00e50cc960 (line > 341, fd 9) > > Using mail delivery and imap connections to node 'a' only, I have tried: > > 1) mail delivered, connecting/deleting/expunging, then sync > 2) mail delivered, syncing, connecting/deleting/expunging, not syncing, > then checking > 3) mail delivered, syncing, connecting/deleting/expunging, syncing > > None cause the message to reappear. I tried initiating the sync from > both nodes, just in case. > > Leaving the replication plugin enabled causes it to happen, though, so > perhaps my timing is off. > > Other things I have discovered by running 'watch' or a while loop, both > grepping the mail_location for my test subject line: > > A message is visible over imap before being written to mail_location. If > I can manage to delete it in this time (there isn't much time!) then the > message does not reappear. > > When the message reappears it gets a different filename (please excuse > the grep output on the end): > cur/1375364237.M969208P14576.intmail3a,S=2672,W=2731:2,:Subject: dup > test > > is replaced with: > cur/1375364242.M782761P838.intmail3b,S=2672,W=2731:2,:Subject: dup test > > This occurs less than a second after the expunge. There's only a log > entry on intmail3a, not 3b: > > Aug 1 14:37:26 intmail3a dovecot: imap(srf): > Warning: /mail/spool/s/srf/mail/INBOX/dovecot-uidlist: Duplicate file > entry at line 105: 1375364237.M969208P14576.intmail3a,S=2672,W=2731 (uid > 772051 -> 772052) > > I'm happy to run as many diagnostics as required, just let me know what > you'd like. > > Simon. > > > > -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From AxelLuttgens at swing.be Tue Aug 6 12:35:29 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Tue, 6 Aug 2013 11:35:29 +0200 Subject: [Dovecot] v2.2.5 released In-Reply-To: <520024E7.1040001@jkart.de> References: <0C48EA24-94B5-4E35-855D-41282D6CA940@iki.fi> <520024E7.1040001@jkart.de> Message-ID: <78B294C3-8415-4BD7-9612-0E553539EC77@swing.be> Le 6 ao?t 2013 ? 00:19, Jim Knuth a ?crit : > am 05.08.13 22:03 schrieb Timo Sirainen: > >> http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz >> http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz.sig >> >> [...] >> > > thank you. Which Pigeonhole (Sieve) must I use? Hello Jim, Unless I'm wrong, the latest one for Dovecot 2.2: http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.1.tar.gz Axel From jk at jkart.de Tue Aug 6 13:11:41 2013 From: jk at jkart.de (Jim Knuth) Date: Tue, 06 Aug 2013 12:11:41 +0200 Subject: [Dovecot] v2.2.5 released In-Reply-To: <78B294C3-8415-4BD7-9612-0E553539EC77@swing.be> References: <0C48EA24-94B5-4E35-855D-41282D6CA940@iki.fi> <520024E7.1040001@jkart.de> <78B294C3-8415-4BD7-9612-0E553539EC77@swing.be> Message-ID: <5200CBDD.7020303@jkart.de> am 06.08.13 11:35 schrieb Axel Luttgens : > Le 6 ao?t 2013 ? 00:19, Jim Knuth a ?crit : > >> am 05.08.13 22:03 schrieb Timo Sirainen: >> >>> http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz >>> http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz.sig >>> >>> [...] >>> >> >> thank you. Which Pigeonhole (Sieve) must I use? > > Hello Jim, > > Unless I'm wrong, the latest one for Dovecot 2.2: > > http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.1.tar.gz > > Axel > > Thanx, Axel. But the question was: Is that the right one? ;) Ok, I will try that. -- Mit freundlichen Gr??en, with kind regards, Jim Knuth --------- Nur Kinder, Narren und sehr alte Leute k?nnen es sich leisten, immer die Wahrheit zu sagen. [Churchill] From frank at moltke28.B.Shuttle.DE Tue Aug 6 13:28:57 2013 From: frank at moltke28.B.Shuttle.DE (Frank Elsner) Date: Tue, 6 Aug 2013 12:28:57 +0200 Subject: [Dovecot] The "<" sign in config files Message-ID: (auto-added) Hallo experts, what is the meaning of the "<" sign in config files as in ssl_key = (auto-added) References: (auto-added) Message-ID: <5896C8EE-1EE8-40F7-BF46-55C4FD571CAD@iki.fi> On 6.8.2013, at 13.28, Frank Elsner wrote: > what is the meaning of the "<" sign in config files as in > > ssl_key = ^ > | > ? Read the value from the specified file. Works for all settings. From tss at iki.fi Tue Aug 6 14:30:54 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 6 Aug 2013 14:30:54 +0300 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <1375365764.15036.11.camel@ubu101751> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> Message-ID: <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> On 1.8.2013, at 17.02, Simon Fraser wrote: >>> Connect with a mail client, and delete the message - without delayed >>> expunge. So, for example, mutt (press 'd' then '$' to sync the mailbox), >>> or Evolution set to immediately delete. >> >> Can you reproduce this by disabling automatic replication (e.g. just >> remove replicator from mail_plugins) and running dsync manually? So >> basically delete the message, then run: >> >> doveadm sync -r rawlog -u user at domain -d >> >> If that reproduces it, send the rawlog to me. > > I can't reproduce it with that, sorry. Message deletion appears to work > that way, and the command only produces I/O leak errors: Here's another idea: Try disabling replicator plugin from only one side, so there's not possibility of two dsyncs running at the same time. That should be prevented already by locking though. The servers have different hostnames, right? From tss at iki.fi Tue Aug 6 14:39:01 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 6 Aug 2013 14:39:01 +0300 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> Message-ID: <58953A51-27CB-4474-8D24-3F01229F821E@iki.fi> On 6.8.2013, at 14.30, Timo Sirainen wrote: > Here's another idea: > > Try disabling replicator plugin from only one side, so there's not possibility of two dsyncs running at the same time. That should be prevented already by locking though. > > The servers have different hostnames, right? The more I think about it, the more this makes sense. You seem to have different hostnames, but .. maybe they're not from Dovecot's point of view for some reason? I added a new dovecot --hostdomain parameter to check it: http://hg.dovecot.org/dovecot-2.2/rev/5a3821097f3c From blynch at ameliaschools.com Tue Aug 6 15:16:31 2013 From: blynch at ameliaschools.com (Bo Lynch) Date: Tue, 6 Aug 2013 08:16:31 -0400 (EDT) Subject: [Dovecot] Using ldap and pam In-Reply-To: References: <48021.69.21.103.130.1375733715.squirrel@ameliaschools.com> Message-ID: <42724.69.21.103.130.1375791391.squirrel@ameliaschools.com> On Tue, August 6, 2013 2:41 am, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, 5 Aug 2013, Bo Lynch wrote: > >> Having some issues with ldap logins. I am using Centos >> 5,dovecot-1.0.13-1.el5.rfx and openldap-servers-2.3.43-25.el5_8.1 >> Trying to get this to work with the SoGo interface. First I converted >> all >> my standard system users to ldap using the openldap-tools. This worked >> fine, however when a user changes there password they can no longer see >> there email. If they change it back to the original password mail can be >> seen. This has stumped me for a day or so so I was hoping someone could >> shed some light. > > What are in the logs? http://wiki1.dovecot.org/Logging see auth_debug=yes > >> /etc/dovecot.conf >> protocols = imap imaps >> disable_plaintext_auth = no >> mbox_read_locks = fcntl >> mbox_write_locks = fcntl >> protocol imap { >> } >> protocol pop3 { >> } >> protocol lda { >> postmaster_address = postmaster at example.com >> } >> auth default { >> mechanisms = plain login >> passdb pam { >> } >> passdb ldap { >> args = /etc/dovecot-ldap.pass >> } > > You first query PAM then LDAP. If your users are in passwd still, you get > a failed password response. > >> userdb passwd { >> } > > You read the user data from passwd? I think you've migrated to LDAP? > >> user = root >> user = root >> socket listen { >> client { >> path = /var/spool/postfix/private/auth >> mode = 0660 >> user = postfix >> group = postfix >> } >> } >> } >> dict { >> } >> plugin { >> } >> >> /etc/dovecot-ldap.conf >> hosts = 127.0.0.1:389 >> sasl_bind = no >> auth_bind = yes >> auth_bind = no >> ldap_version = 3 >> deref = never >> dn = cn=sogo,dc=ameliaschools,dc=com >> dnpass=password >> base = dc=ameliaschools,dc=com >> scope = subtree >> pass_attrs = uid=user, userPassword=password >> pass_filter = (uid=%u) >> Is it possible to have 2 auth methods? Meaning if user and passwd does not match in pam then go with ldap? From srf at sanger.ac.uk Tue Aug 6 15:59:26 2013 From: srf at sanger.ac.uk (Simon Fraser) Date: Tue, 06 Aug 2013 13:59:26 +0100 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> Message-ID: <1375793966.17508.0.camel@ubu101751> On Tue, 2013-08-06 at 14:30 +0300, Timo Sirainen wrote: > Here's another idea: > Thank you for still looking into this > Try disabling replicator plugin from only one side, so there's not possibility of two dsyncs running at the same time. That should be prevented already by locking though. I disabled the replication on node b, restarted both, and connected to node a to deliver and read mail, and had the same symptoms. Tried it with replication enabled on node b but disabled on node a, and naturally the message didn't get replicated at all, and so didn't reappear. > The servers have different hostnames, right? They do. There was a record that pointed to both IP addresses, but I've removed it after reading your suggestion here, and still see the symptoms. I also have a test system which has never had that A record that can show the same symptoms. > The more I think about it, the more this makes sense. You seem to have > different hostnames, but .. maybe they're not from Dovecot's point of > view for some reason? I added a new dovecot --hostdomain parameter to > check it: http://hg.dovecot.org/dovecot-2.2/rev/5a3821097f3c root at intmail3a:~# /mail/sbin/dovecot --hostdomain intmail3a.internal.sanger.ac.uk root at intmail3b:~# /mail/sbin/dovecot --hostdomain intmail3b.internal.sanger.ac.uk Each hostname points to 1 IP address, and the only PTR for each IP address is the hostname. No entry in /etc/hosts for either server name. Inspired by this, I have also tried disabling ipv6 on both servers, in case the lack of DNS entries there was causing an issue, but it didn't fix it. Simon. -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From skdovecot at smail.inf.fh-brs.de Tue Aug 6 16:04:13 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 6 Aug 2013 15:04:13 +0200 (CEST) Subject: [Dovecot] Using ldap and pam In-Reply-To: <42724.69.21.103.130.1375791391.squirrel@ameliaschools.com> References: <48021.69.21.103.130.1375733715.squirrel@ameliaschools.com> <42724.69.21.103.130.1375791391.squirrel@ameliaschools.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 6 Aug 2013, Bo Lynch wrote: >>> passdb pam { >>> } >>> passdb ldap { >>> args = /etc/dovecot-ldap.pass >>> } > Is it possible to have 2 auth methods? Meaning if user and passwd does not > match in pam then go with ldap? as far as I know, if PAM returns "no such user", the next passdb is tried. If PAM returns "password mismatch", it chains to next passdb. BTW: Dovecot also caches passwords, maybe you are hit by it? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUgD0TV3r2wJMiz2NAQJtgggAqyRK7O1kiACDo5LQLw0jTEIoDreRY4mu rn3air51MP1+JEhVdLyf7hajiC86L3pTdjJcoxPygHhEph1Aj1QHLXgFebFzPsN9 PNdfolRF1uDAl0E2y4A0+Ko6YeSekg9wprRgoDN8eF3NXpBX3GXIsML69wuZQmCm MkdtK3Go6knfZKNCMJiSCierE0fj7RLwBnmKaC03mZFmNx4dsQGnJGGId03BPnLK JAI49NKnmAsxXA+NCGW8ohqtjg/lxxYt7hU1INxdo3fp3Mnw64JRFCem8amlzEbz jqam7BaVYIVmu4JGyPk250HQVYnFnnPRkMHCEfoaHMvUuCy4DZAm7Q== =eZUc -----END PGP SIGNATURE----- From lists at luigirosa.com Tue Aug 6 16:10:31 2013 From: lists at luigirosa.com (Luigi Rosa) Date: Tue, 06 Aug 2013 15:10:31 +0200 Subject: [Dovecot] v2.2.5 released In-Reply-To: <5200CBDD.7020303@jkart.de> References: <0C48EA24-94B5-4E35-855D-41282D6CA940@iki.fi> <520024E7.1040001@jkart.de> <78B294C3-8415-4BD7-9612-0E553539EC77@swing.be> <5200CBDD.7020303@jkart.de> Message-ID: <5200F5C7.3060804@luigirosa.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jim Knuth said the following on 06/08/2013 12:11: >> Unless I'm wrong, the latest one for Dovecot 2.2: >> >> http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.1.tar.gz > > Thanx, Axel. But the question was: Is that the right one? ;) Works like a charm in my installations Ciao, luigi - -- / +--[Luigi Rosa]-- \ Computers make excellent and efficient servants, but I have no wish to serve under them. Captain, a starship also runs on loyalty to one man. And nothing can replace it or him. --Spock, "The Ultimate Computer" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlIA9cIACgkQ3kWu7Tfl6ZRLmQCfWQMaPcWtG+sFZEx78QfAeF1Z mg8An3gJ8Zmk6KF6aLdP/Qej/m9qZ6dB =cbJX -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Tue Aug 6 16:12:49 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 6 Aug 2013 15:12:49 +0200 (CEST) Subject: [Dovecot] How to troubleshoot LDA or LMTP? In-Reply-To: <874nb4fpw1.fsf@otago.ac.nz> References: <874nb4fpw1.fsf@otago.ac.nz> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 5 Aug 2013, John Williams wrote: > Please forgive me if these are silly questions. I am a normal user, not > a system administrator. I am using Dovecot as a kind of IMAP caching > proxy, i.e. reading IMAP mail via Gnus + Dovecot + Offlineimap. I am > trying to enable sieve functionality. Offlineimap is to replicate two IMAP instances, so it believes that the message had been already delivered (and filtered). Usually one would use fetchmail and stuffs the messages into a local MTA. But then, the message are gone from the upstream server. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUgD2UV3r2wJMiz2NAQL63gf7BrTcvMLWubqC/eYIgB88TJCA5l3uNzcV D0mklPNy05PiocFUqwIwTkq/1MNSg0yplO2zTHLLNwUiB9YIX1IBj8ojTN037LcE EYtwNGUR5eBYatw7z9w/uIzkHtJlTf+7jOtpOoqJbD19a0pujUxP5/rCtmLv/6br R0oK0IXHsLIxchA5sftWBSq+JLPcFQEbStWp+WPtJ4QJP3B2UCD7CHjqBMHhbA2g iQRZ8EfHKoc2g96DbGnTQvDNwNv/HaWeU345zMXuguKw2EhbH05/T3JaOm9BSFn1 MoHBkhmiIv2udU+x/ArqGpw0VCY2ssN+sYrJ2FGvj16qIyVGlR5edw== =3l4v -----END PGP SIGNATURE----- From blynch at ameliaschools.com Tue Aug 6 16:11:34 2013 From: blynch at ameliaschools.com (Bo Lynch) Date: Tue, 6 Aug 2013 09:11:34 -0400 (EDT) Subject: [Dovecot] Using ldap and pam In-Reply-To: References: <48021.69.21.103.130.1375733715.squirrel@ameliaschools.com> <42724.69.21.103.130.1375791391.squirrel@ameliaschools.com> Message-ID: <43552.69.21.103.130.1375794694.squirrel@ameliaschools.com> On Tue, August 6, 2013 9:04 am, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 6 Aug 2013, Bo Lynch wrote: > >>>> passdb pam { >>>> } >>>> passdb ldap { >>>> args = /etc/dovecot-ldap.pass >>>> } > >> Is it possible to have 2 auth methods? Meaning if user and passwd does >> not >> match in pam then go with ldap? > > as far as I know, if PAM returns "no such user", the next passdb is tried. > If PAM returns "password mismatch", it chains to next passdb. > > BTW: Dovecot also caches passwords, maybe you are hit by it? > > - -- In the logs I am seeing dovecot: Aug 06 09:08:45 Info: auth(default): ldap(blynch,69.21.103.133): pass search: base=dc=ameliaschools,dc=com scope=subtree filter=(&(objectClass=posixAccount)(uid=blynch)) fields=uid, userPassword dovecot: Aug 06 09:08:45 Info: auth(default): ldap(blynch,69.21.103.133): result: uid(user)=blynch dovecot: Aug 06 09:08:46 Info: auth(default): client out: FAIL 1 user=blynch temp and dovecot: Aug 06 09:08:48 Error: auth(default): ldap(blynch,69.21.103.133): No password in reply From skdovecot at smail.inf.fh-brs.de Tue Aug 6 16:17:12 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 6 Aug 2013 15:17:12 +0200 (CEST) Subject: [Dovecot] How to troubleshoot LDA or LMTP? In-Reply-To: <87zjsvd5l8.fsf@otago.ac.nz> References: <87zjsvd5l8.fsf@otago.ac.nz> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 6 Aug 2013, John Williams wrote: >> dovecot-lda -c config-file -d user < mailfile > Aha! Piping a message to the process was the step I was not aware of. does offlineimap provides logs to get to know what mails are newly arriving to your local mail storage, in order to not filter the same message twice or re-filter messages, you've moved around manually? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUgD3WF3r2wJMiz2NAQLsuggAk+leb2Hyc3F1B5A55gWd3GTuVmIzz2zH GXskHepwo3BgcdKTae6XY/XNP6tMRnG1UsLzq18HcvA8uCGzB3vKo1iM8fVPsHLV 0DDlYOxBUd8HRuCPB++AA41y66lppPUIqF1be1ILPJ56Jd6nEI2e/YB8vlOyagut 4WhsJK8Ruo+biDG++UFYZERFsI7xzvjawdtMGZto9lzYomZUP5Ig5DsXso28Y1by aRHOWzkMZYvNWGj3JDqxy4ePjzsM97QHKtOOmXNiDvyxwDQ3zMsUB+VBEjDq7z0k n491Hp9fCNyZ4SYtQhjSjeO6J4WKpcFxeaPdLvrB3JUH5moCNNDh9Q== =uBA2 -----END PGP SIGNATURE----- From tss at iki.fi Tue Aug 6 16:34:56 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 6 Aug 2013 16:34:56 +0300 Subject: [Dovecot] Using ldap and pam In-Reply-To: <43552.69.21.103.130.1375794694.squirrel@ameliaschools.com> References: <48021.69.21.103.130.1375733715.squirrel@ameliaschools.com> <42724.69.21.103.130.1375791391.squirrel@ameliaschools.com> <43552.69.21.103.130.1375794694.squirrel@ameliaschools.com> Message-ID: <2F427722-BEC7-4C59-A3F7-FAF221BC7CEE@iki.fi> On 6.8.2013, at 16.11, Bo Lynch wrote: > dovecot: Aug 06 09:08:48 Error: auth(default): ldap(blynch,69.21.103.133): > No password in reply LDAP isn't returning a "password" field. Probably because the dn doesn't have access to that field. Either give it access, or switch to auth_bind=yes From tss at iki.fi Tue Aug 6 16:42:48 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 6 Aug 2013 16:42:48 +0300 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <1375793966.17508.0.camel@ubu101751> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> Message-ID: <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> On 6.8.2013, at 15.59, Simon Fraser wrote: >> Try disabling replicator plugin from only one side, so there's not possibility of two dsyncs running at the same time. That should be prevented already by locking though. > > I disabled the replication on node b, restarted both, and connected to > node a to deliver and read mail, and had the same symptoms. Weird, I was sure that would have worked. Well, maybe rawlogs would show something interesting. I should probably add a proper option for them, but attached a patch to enable for now. Be sure to mkdir /tmp/dsync-rawlogs with enough write permissions (e.g. 0777) -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: application/octet-stream Size: 442 bytes Desc: not available URL: From tss at iki.fi Tue Aug 6 16:45:15 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 6 Aug 2013 16:45:15 +0300 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> Message-ID: <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> On 6.8.2013, at 16.42, Timo Sirainen wrote: > On 6.8.2013, at 15.59, Simon Fraser wrote: > >>> Try disabling replicator plugin from only one side, so there's not possibility of two dsyncs running at the same time. That should be prevented already by locking though. >> >> I disabled the replication on node b, restarted both, and connected to >> node a to deliver and read mail, and had the same symptoms. > > Weird, I was sure that would have worked. Well, maybe rawlogs would show something interesting. I should probably add a proper option for them, but attached a patch to enable for now. Be sure to mkdir /tmp/dsync-rawlogs with enough write permissions (e.g. 0777) Oh and do it on both the servers and send me all the logs from both servers. Hopefully it contains only the one deletion test case and no extra stuff. :) Also, instead of using IMAP client to delete the mail, try something like: doveadm expunge -u user at domain mailbox INBOX subject testmail Because I was thinking that with IMAP it first sets the \Deleted flag, which triggers replication. Then it immediately does EXPUNGE which deletes the mail locally, but I was thinking that now remote dsync also triggered because of the flag change and notices the the mail is gone and puts it back. But locking should have avoided that. Also disabling replication on the remote side should have avoided that. From tlx at leuxner.net Tue Aug 6 18:49:45 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Tue, 6 Aug 2013 17:49:45 +0200 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: <20130801143940.GA20958@zwirn.topfen.net> References: <20130730132047.GA31198@nihlus.leuxner.net> <20130801143940.GA20958@zwirn.topfen.net> Message-ID: <20130806154945.GA9582@nihlus.leuxner.net> * Ulrich Zehl 2013.08.01 16:39: > If you store your mailbox and alias information in the same data source > (LDAP, SQL, ...), you should be able to do the same. Thanks. I did address this using a restriction class which works fine for my scenario and allows selective quota checking. /etc/postfix/main.cf: smtpd_restriction_classes = quota_users quota_users = check_policy_service unix:private/quota-status smtpd_recipient_restrictions = ... reject_unverified_recipient, check_recipient_access hash:/etc/postfix/quota_users /etc/postfix/quota_users: someone at example.com quota_users ... Now the real problem along the road is the submitting server. If that server does not indicate the message size during handshake the pre-queue rejection simply can not work. MAIL FROM: SIZE=2924764 Google for instance is not doing this... Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From srf at sanger.ac.uk Tue Aug 6 18:58:31 2013 From: srf at sanger.ac.uk (Simon Fraser) Date: Tue, 06 Aug 2013 16:58:31 +0100 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> Message-ID: <1375804711.19765.7.camel@ubu101751> On Tue, 2013-08-06 at 16:45 +0300, Timo Sirainen wrote: > > > > Weird, I was sure that would have worked. Well, maybe rawlogs would > show something interesting. I should probably add a proper option for > them, but attached a patch to enable for now. Be sure to > mkdir /tmp/dsync-rawlogs with enough write permissions (e.g. 0777) I've added that patch and I'm getting: Aug 16:18:48 intmail3a dovecot: doveadm: Error: Don't give mail location with -d parameter Aug 6 16:18:48 intmail3a dovecot: doveadm(srf): Error: Saved sync state is invalid, falling back to full sync: Input too small Presumably it's thinking the "-r /tmp/dsync-rawlog" is a mail location? I've tried changing its location in the appends, but it doesn't make a difference. > Oh and do it on both the servers and send me all the logs from both > servers. Hopefully it contains only the one deletion test case and no > extra stuff. :) > > Also, instead of using IMAP client to delete the mail, try something like: > > doveadm expunge -u user at domain mailbox INBOX subject testmail That successfully expunges a message, without it reappearing. > Because I was thinking that with IMAP it first sets the \Deleted flag, > which triggers replication. Then it immediately does EXPUNGE which > deletes the mail locally, but I was thinking that now remote dsync > also triggered because of the flag change and notices the the mail is > gone and puts it back. But locking should have avoided that. Also > disabling replication on the remote side should have avoided that. Seems plausible. I tried again disabling replication on the second node to make sure I hadn't made an error - I removed 'replication' from mail_plugins and the plugins section of the lmtp and lda services, and removed the 'service replicator' block, but I'm afraid it's still there. I'm currently digging around with replication over ssh, to see if it still happens that way. Simon. -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From tss at iki.fi Tue Aug 6 19:15:04 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 6 Aug 2013 19:15:04 +0300 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <1375804711.19765.7.camel@ubu101751> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> Message-ID: <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> On 6.8.2013, at 18.58, Simon Fraser wrote: > On Tue, 2013-08-06 at 16:45 +0300, Timo Sirainen wrote: > >>> >>> Weird, I was sure that would have worked. Well, maybe rawlogs would >> show something interesting. I should probably add a proper option for >> them, but attached a patch to enable for now. Be sure to >> mkdir /tmp/dsync-rawlogs with enough write permissions (e.g. 0777) > > I've added that patch and I'm getting: > Aug 16:18:48 intmail3a dovecot: doveadm: Error: Don't give mail location > with -d parameter > Aug 6 16:18:48 intmail3a dovecot: doveadm(srf): Error: Saved sync state > is invalid, falling back to full sync: Input too small > > Presumably it's thinking the "-r /tmp/dsync-rawlog" is a mail location? > I've tried changing its location in the appends, but it doesn't make a > difference. Oops, I messed up the parameter order. It was supposed to have -s state but now it had -s -r rawlog state. New patch should work better. -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: application/octet-stream Size: 486 bytes Desc: not available URL: From tss at iki.fi Tue Aug 6 19:15:57 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 6 Aug 2013 19:15:57 +0300 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: <20130806154945.GA9582@nihlus.leuxner.net> References: <20130730132047.GA31198@nihlus.leuxner.net> <20130801143940.GA20958@zwirn.topfen.net> <20130806154945.GA9582@nihlus.leuxner.net> Message-ID: On 6.8.2013, at 18.49, Thomas Leuxner wrote: > Now the real problem along the road is the submitting server. If that server does not indicate the message size during handshake the pre-queue rejection simply can not work. quota_grace was meant to solve that. You'll allow the user to become a bit over quota. From tlx at leuxner.net Tue Aug 6 19:25:58 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Tue, 6 Aug 2013 18:25:58 +0200 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: References: <20130730132047.GA31198@nihlus.leuxner.net> <20130801143940.GA20958@zwirn.topfen.net> <20130806154945.GA9582@nihlus.leuxner.net> Message-ID: <20130806162558.GA26276@nihlus.leuxner.net> * Timo Sirainen 2013.08.06 18:15: > > Now the real problem along the road is the submitting server. If that server does not indicate the message size during handshake the pre-queue rejection simply can not work. > > quota_grace was meant to solve that. You'll allow the user to become a bit over quota. What I meant is before the mail enters the Postfix queues. If the SIZE extension is not used during MAIL FROM by the remote server, then there's no way to reject an over-quota mail upfront, losing the benefit of the policy service. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From razvan.sandu at mobexpert.ro Tue Aug 6 19:31:14 2013 From: razvan.sandu at mobexpert.ro (=?UTF-8?B?UsSDenZhbiBTYW5kdQ==?=) Date: Tue, 06 Aug 2013 19:31:14 +0300 Subject: [Dovecot] Please HELP: how to delete all messages older than X days from the server? Message-ID: <520124D2.5050003@mobexpert.ro> Hello, Would you please help me solve the following case? My (CentOS) server runs dovecot and allows both POP3 and IMAP service. Users are virtual users (no home directories), with messages stored in Maildir directories under /var/spool/mail/vhosts/example.com/username Some of them use mobile devices (without local storage space), so I must allow IMAP access, not just POP3. But the storage on the server must be for a strictly *limited* period of time. As an admin, I'm trying to force each user to: - download *locally* received messages when they arrive at the office - don't let copies of messages on the server (incoming, sent, trash, drafts, etc.) For various reasons, e-mail client configuration is not under my control (I can't rely on client configuration for implementing this). Implementing filesystem quotas is not an option because a. presently, all virtual users share same UID/GID on the server and b. administrative reasons (the "full quota" situation may occur unexpectedly and this is not tolerable in corporate policy). So I need EITHER: 1. a method of downloading locally *all* messages from the server (incoming, sent, trash, drafts, etc.) to the workstation, when the user consults his/her mailbox from a POP3 desktop client, thus completely *emptying* the user's mailbox on the server OR 2. an automatic, elegant but forceful method of deleting all messages older than X days (incoming, sent, trash, drafts, etc.) I've tried to use a line such as: doveadm expunge -u john.doe at example.com before 4w run as root, from a script in crontab, but for "expunge" doveadm won't let me skip the "-u" parameter (to perform the expunge for *all* users). Could you please help? Any sugestion is welcomed. Thanks a lot, R?zvan -------------- next part -------------- A non-text attachment was scrubbed... Name: razvan_sandu.vcf Type: text/x-vcard Size: 424 bytes Desc: not available URL: From hummel at pasteur.fr Tue Aug 6 19:44:37 2013 From: hummel at pasteur.fr (Thomas Hummel) Date: Tue, 6 Aug 2013 18:44:37 +0200 Subject: [Dovecot] Unlock non existent locks In-Reply-To: References: <20130802123054.GA7196@parmesan.sis.pasteur.fr> <1375447127.31867.25.camel@innu.dovecot.net> <20130805163416.GA4000@parmesan.sis.pasteur.fr> Message-ID: <20130806164436.GA22228@parmesan.sis.pasteur.fr> On Mon, Aug 05, 2013 at 07:38:59PM +0300, Timo Sirainen wrote: > The NFS workarounds code is doing some ugly stuff. I thought it would have, but looking at the code it doesn't seem so. But still easier to debug if you first see if the problem is with the NFS workarounds or the lib-index code. With lib-index you could also use lock_method=dotlock to see if that works better (although performance will be slightly worse also then). I just tested mail_nfs_storage and mail_nfs_index both set to no : log messages are still here. They only stop when I stop dovecot. Note : The nfs mount is made through a private network (192.168.3.x). My simple fcntl unlock test, when the isilon mount is made through the same private network behave as dovecot (i.e. make the node log warning about non-existent ressource to unlock), but not when the mount is made through the "public" network (157.99.x.x). Even when dovecot is down and statd/lockd restarted. I thought about some reverse name lookups but I don't think this is the problem. Something very strange is happening, not matter what nfs workarounds dovecot is making. But it seems to involve this host and only this host... -- Thomas Hummel | Institut Pasteur | Groupe Exploitation et Infrastructure From user+dovecot at localhost.localdomain.org Tue Aug 6 20:18:15 2013 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Tue, 06 Aug 2013 19:18:15 +0200 Subject: [Dovecot] Please HELP: how to delete all messages older than X days from the server? In-Reply-To: <520124D2.5050003@mobexpert.ro> References: <520124D2.5050003@mobexpert.ro> Message-ID: <52012FD7.2050806@localhost.localdomain.org> On 08/06/2013 06:31 PM R?zvan Sandu wrote: > ? > Implementing filesystem quotas is not an option because a. presently, > all virtual users share same UID/GID on the server and b. administrative > reasons (the "full quota" situation may occur unexpectedly and this is > not tolerable in corporate policy). Use Dovecot's quota plugin - which supports different backends. Each user may have a different quota limit. * http://wiki2.dovecot.org/Quota > So I need EITHER: > > 1. a method of downloading locally *all* messages from the server > (incoming, sent, trash, drafts, etc.) to the workstation, when the user > consults his/her mailbox from a POP3 desktop client, thus completely > *emptying* the user's mailbox on the server Usually only the INBOX is visible via POP3 ? > OR > > 2. an automatic, elegant but forceful method of deleting all messages > older than X days (incoming, sent, trash, drafts, etc.) There is the expire plugin for Dovecot. * http://wiki2.dovecot.org/Plugins/Expire > I've tried to use a line such as: > > doveadm expunge -u john.doe at example.com before 4w > > run as root, from a script in crontab, but for "expunge" doveadm won't > let me skip the "-u" parameter (to perform the expunge for *all* users). > > > Could you please help? Any sugestion is welcomed. There is also the -A option, see http://wiki2.dovecot.org/Tools/Doveadm/Expunge#section_options Regards, Pascal -- The trapper recommends today: cafebabe.1321819 at localdomain.org From tss at iki.fi Tue Aug 6 20:42:56 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 6 Aug 2013 20:42:56 +0300 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: <20130806162558.GA26276@nihlus.leuxner.net> References: <20130730132047.GA31198@nihlus.leuxner.net> <20130801143940.GA20958@zwirn.topfen.net> <20130806154945.GA9582@nihlus.leuxner.net> <20130806162558.GA26276@nihlus.leuxner.net> Message-ID: <6ADE6229-AFE3-4A87-9C27-46CA726BA6C8@iki.fi> On 6.8.2013, at 19.25, Thomas Leuxner wrote: > * Timo Sirainen 2013.08.06 18:15: > >>> Now the real problem along the road is the submitting server. If that server does not indicate the message size during handshake the pre-queue rejection simply can not work. >> >> quota_grace was meant to solve that. You'll allow the user to become a bit over quota. > > What I meant is before the mail enters the Postfix queues. If the SIZE extension is not used during MAIL FROM by the remote server, then there's no way to reject an over-quota mail upfront, losing the benefit of the policy service. The idea behind quota_grace is that the last mail would be allowed to take the user somewhat over quota (e.g. up to 109% quota usage). On the next mail delivery user is already over quota, so the size of the mail is irrelevant because a mail of any size will be rejected. The initial quota-status implementation didn't even support SIZE extension since I didn't remember it existed. From tlx at leuxner.net Tue Aug 6 20:57:55 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Tue, 6 Aug 2013 19:57:55 +0200 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: <6ADE6229-AFE3-4A87-9C27-46CA726BA6C8@iki.fi> References: <20130730132047.GA31198@nihlus.leuxner.net> <20130801143940.GA20958@zwirn.topfen.net> <20130806154945.GA9582@nihlus.leuxner.net> <20130806162558.GA26276@nihlus.leuxner.net> <6ADE6229-AFE3-4A87-9C27-46CA726BA6C8@iki.fi> Message-ID: <20130806175755.GA26868@nihlus.leuxner.net> * Timo Sirainen 2013.08.06 19:42: > The idea behind quota_grace is that the last mail would be allowed to take the user somewhat over quota (e.g. up to 109% quota usage). On the next mail delivery user is already over quota, so the size of the mail is irrelevant because a mail of any size will be rejected. The initial quota-status implementation didn't even support SIZE extension since I didn't remember it existed. I'm referring to the Postfix side _only_ or the initial SMTP Handshake if you like. My point is that there is no safe way to reject mails at this level *if* the remote server doesn't play nice. I think this was the whole point of writing a policy service for Postfix. I'm not *talking* about quotas that will be handled by the delivery agents... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From tss at iki.fi Tue Aug 6 21:27:20 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 6 Aug 2013 21:27:20 +0300 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: <20130806175755.GA26868@nihlus.leuxner.net> References: <20130730132047.GA31198@nihlus.leuxner.net> <20130801143940.GA20958@zwirn.topfen.net> <20130806154945.GA9582@nihlus.leuxner.net> <20130806162558.GA26276@nihlus.leuxner.net> <6ADE6229-AFE3-4A87-9C27-46CA726BA6C8@iki.fi> <20130806175755.GA26868@nihlus.leuxner.net> Message-ID: <0F331A75-746F-4CBE-B587-F6781F53891C@iki.fi> On 6.8.2013, at 20.57, Thomas Leuxner wrote: > * Timo Sirainen 2013.08.06 19:42: > >> The idea behind quota_grace is that the last mail would be allowed to take the user somewhat over quota (e.g. up to 109% quota usage). On the next mail delivery user is already over quota, so the size of the mail is irrelevant because a mail of any size will be rejected. The initial quota-status implementation didn't even support SIZE extension since I didn't remember it existed. > > I'm referring to the Postfix side _only_ or the initial SMTP Handshake if you like. My point is that there is no safe way to reject mails at this level *if* the remote server doesn't play nice. I think this was the whole point of writing a policy service for Postfix. I'm not *talking* about quotas that will be handled by the delivery agents... Either you're still misunderstanding me, or vice versa. The quota rejections can be done complete in SMTP side even without SIZE: 1) quota at 99% : MAIL FROM: 250 2.1.0 Ok RCPT TO: 250 2.1.0 Ok DATA ... . 250 2.0.0 Ok: queued as 12345 2) quota is now at 103% : MAIL FROM: 250 2.1.0 Ok RCPT TO: 554 5.2.2 User is over quota From jk at jkart.de Tue Aug 6 21:38:29 2013 From: jk at jkart.de (Jim Knuth) Date: Tue, 06 Aug 2013 20:38:29 +0200 Subject: [Dovecot] v2.2.5 released In-Reply-To: <5200F5C7.3060804@luigirosa.com> References: <0C48EA24-94B5-4E35-855D-41282D6CA940@iki.fi> <520024E7.1040001@jkart.de> <78B294C3-8415-4BD7-9612-0E553539EC77@swing.be> <5200CBDD.7020303@jkart.de> <5200F5C7.3060804@luigirosa.com> Message-ID: <520142A5.5080804@jkart.de> am 06.08.13 15:10 schrieb Luigi Rosa : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jim Knuth said the following on 06/08/2013 12:11: > >>> Unless I'm wrong, the latest one for Dovecot 2.2: >>> >>> http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.1.tar.gz >> >> Thanx, Axel. But the question was: Is that the right one? ;) > > > Works like a charm in my installations > > > Ciao, > luigi > I thank you :) -- Mit freundlichen Gr??en, with kind regards, Jim Knuth --------- Es hat keinen Sinn, Sorgen in Alkohol ertr?nken zu wollen, denn Sorgen sind gute Schwimmer. (Robert Musil) From rob0 at gmx.co.uk Tue Aug 6 21:49:57 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Tue, 6 Aug 2013 13:49:57 -0500 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: <0F331A75-746F-4CBE-B587-F6781F53891C@iki.fi> References: <20130730132047.GA31198@nihlus.leuxner.net> <20130801143940.GA20958@zwirn.topfen.net> <20130806154945.GA9582@nihlus.leuxner.net> <20130806162558.GA26276@nihlus.leuxner.net> <6ADE6229-AFE3-4A87-9C27-46CA726BA6C8@iki.fi> <20130806175755.GA26868@nihlus.leuxner.net> <0F331A75-746F-4CBE-B587-F6781F53891C@iki.fi> Message-ID: <20130806184956.GT13717@harrier.slackbuilds.org> On Tue, Aug 06, 2013 at 09:27:20PM +0300, Timo Sirainen wrote: > On 6.8.2013, at 20.57, Thomas Leuxner wrote: > > * Timo Sirainen 2013.08.06 19:42: > > > >> The idea behind quota_grace is that the last mail would be > >> allowed to take the user somewhat over quota (e.g. up to 109% > >> quota usage). On the next mail delivery user is already over > >> quota, so the size of the mail is irrelevant because a mail > >> of any size will be rejected. The initial quota-status > >> implementation didn't even support SIZE extension since I > >> didn't remember it existed. > > > > I'm referring to the Postfix side _only_ or the initial SMTP > > Handshake if you like. My point is that there is no safe way > > to reject mails at this level *if* the remote server doesn't > > play nice. I think this was the whole point of writing a > > policy service for Postfix. I'm not *talking* about quotas > > that will be handled by the delivery agents... > > Either you're still misunderstanding me, or vice versa. The quota > rejections can be done complete in SMTP side even without SIZE: Another way, in Postfix, is to wait for end-of-DATA. Regardless of SIZE being given, at that point, the actual size is known. Of course as Thomas would probably point out, such a rejection is unsafe, because ANY overquota recipient would cause rejection for EVERY recipient; SMTP cannot have per-recipient results except at "RCPT TO:". Personally, I'd much rather allow the last overquota mail, even in cases where the user goes far over the quota. Apparently Thomas intends to have a solid, inflexible quota. In that case I'd suggest going for a lower quota and adding quota_grace. Let quota_grace plus quota be the most you can tolerate in your users' mailboxes. > 1) quota at 99% : > > MAIL FROM: > 250 2.1.0 Ok > RCPT TO: > 250 2.1.0 Ok > DATA > ... > . > 250 2.0.0 Ok: queued as 12345 > > 2) quota is now at 103% : > > MAIL FROM: > 250 2.1.0 Ok > RCPT TO: > 554 5.2.2 User is over quota > -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From rs at sys4.de Tue Aug 6 22:05:01 2013 From: rs at sys4.de (Robert Schetterer) Date: Tue, 06 Aug 2013 21:05:01 +0200 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: <0F331A75-746F-4CBE-B587-F6781F53891C@iki.fi> References: <20130730132047.GA31198@nihlus.leuxner.net> <20130801143940.GA20958@zwirn.topfen.net> <20130806154945.GA9582@nihlus.leuxner.net> <20130806162558.GA26276@nihlus.leuxner.net> <6ADE6229-AFE3-4A87-9C27-46CA726BA6C8@iki.fi> <20130806175755.GA26868@nihlus.leuxner.net> <0F331A75-746F-4CBE-B587-F6781F53891C@iki.fi> Message-ID: <520148DD.3070302@sys4.de> Am 06.08.2013 20:27, schrieb Timo Sirainen: > On 6.8.2013, at 20.57, Thomas Leuxner wrote: > >> * Timo Sirainen 2013.08.06 19:42: >> >>> The idea behind quota_grace is that the last mail would be allowed to take the user somewhat over quota (e.g. up to 109% quota usage). On the next mail delivery user is already over quota, so the size of the mail is irrelevant because a mail of any size will be rejected. The initial quota-status implementation didn't even support SIZE extension since I didn't remember it existed. >> >> I'm referring to the Postfix side _only_ or the initial SMTP Handshake if you like. My point is that there is no safe way to reject mails at this level *if* the remote server doesn't play nice. I think this was the whole point of writing a policy service for Postfix. I'm not *talking* about quotas that will be handled by the delivery agents... > > Either you're still misunderstanding me, or vice versa. The quota rejections can be done complete in SMTP side even without SIZE: > > 1) quota at 99% : > > MAIL FROM: > 250 2.1.0 Ok > RCPT TO: > 250 2.1.0 Ok > DATA > ... > . > 250 2.0.0 Ok: queued as 12345 > > 2) quota is now at 103% : > > MAIL FROM: > 250 2.1.0 Ok > RCPT TO: > 554 5.2.2 User is over quota > Thomas is right in general, thats a general problem with mail quota, that was the reason why there wasnt some good solution out for long times, but the dove policy server does i.e reject mail in smtp session if its allready "assured" that the mailbox is definite ... percent over quota ( configurable by grace parameter ), at that point it does not mater which size the incomming mail has, it will be i.e rejected anyway also it honors ( some kind overides ) other quota setting in i.e lmtp or lda, cause if it wouldnt, a mailbox would never become overquota by rejecting mail before by lmtp/lda settings Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich From CMarcus at Media-Brokers.com Tue Aug 6 22:19:18 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 06 Aug 2013 15:19:18 -0400 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: <20130806184956.GT13717@harrier.slackbuilds.org> References: <20130730132047.GA31198@nihlus.leuxner.net> <20130801143940.GA20958@zwirn.topfen.net> <20130806154945.GA9582@nihlus.leuxner.net> <20130806162558.GA26276@nihlus.leuxner.net> <6ADE6229-AFE3-4A87-9C27-46CA726BA6C8@iki.fi> <20130806175755.GA26868@nihlus.leuxner.net> <0F331A75-746F-4CBE-B587-F6781F53891C@iki.fi> <20130806184956.GT13717@harrier.slackbuilds.org> Message-ID: <52014C36.4040006@Media-Brokers.com> On 2013-08-06 2:49 PM, /dev/rob0 wrote: > Another way, in Postfix, is to wait for end-of-DATA. Regardless of > SIZE being given, at that point, the actual size is known. > > Of course as Thomas would probably point out, such a rejection is > unsafe, because ANY overquota recipient would cause rejection for > EVERY recipient; SMTP cannot have per-recipient results except at > "RCPT TO:". But LMTP can... right? > Personally, I'd much rather allow the last overquota mail, even in > cases where the user goes far over the quota. I agree - but it could never go over more than the max mail size allowed so that shouldn't be a problem - unless you don't set a max mail size, in which case you're nuts... :) From tlx at leuxner.net Tue Aug 6 22:20:13 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Tue, 6 Aug 2013 21:20:13 +0200 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: <20130806184956.GT13717@harrier.slackbuilds.org> References: <20130730132047.GA31198@nihlus.leuxner.net> <20130801143940.GA20958@zwirn.topfen.net> <20130806154945.GA9582@nihlus.leuxner.net> <20130806162558.GA26276@nihlus.leuxner.net> <6ADE6229-AFE3-4A87-9C27-46CA726BA6C8@iki.fi> <20130806175755.GA26868@nihlus.leuxner.net> <0F331A75-746F-4CBE-B587-F6781F53891C@iki.fi> <20130806184956.GT13717@harrier.slackbuilds.org> Message-ID: <20130806192013.GA27229@nihlus.leuxner.net> * /dev/rob0 2013.08.06 20:49: > Personally, I'd much rather allow the last overquota mail, even in > cases where the user goes far over the quota. Apparently Thomas > intends to have a solid, inflexible quota. The point I'm trying to make is mail being queued by Postfix because it has no means to validate the mail would take the user over quota. In the scenarios I tested with SIZE being part of MAIL FROM the mail gets rejected at SMTPD stage, while without SIZE supplied it will get queued and eventually be rejected by the MDA. AFAIK the whole endeavour was undertaken to avoid queue injection of mails knowing they would bounce. This seems to work when the SMTPD receives enough detail. As to Timo's example: This also seems to work given the quota is *over* the limit incl. grace: $ doveadm quota get -u philo at trashheap.net Quota name Type Value Limit % user STORAGE 10914 10240 106 user MESSAGE 5 - 0 Aug 6 20:56:31 spectre postfix/smtpd[27201]: connect from mail-oa0-f44.google.com[209.85.219.44] Aug 6 20:56:32 spectre postfix/smtpd[27201]: Anonymous TLS connection established from mail-oa0-f44.google.com[209.85.219.44]: TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits) Aug 6 20:56:32 spectre postfix/smtpd[27201]: NOQUEUE: reject: RCPT from mail-oa0-f44.google.com[209.85.219.44]: 554 5.2.2 : Recipient address rejected: Quota exceeded (mailbox for user is full); from= to= proto=ESMTP helo= Now everything in between seems to create SMTPD rejections in some cases _or_ queue the mail and let it hit the quota in other cases. That's my whole point... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From me at junc.eu Wed Aug 7 00:54:06 2013 From: me at junc.eu (Benny Pedersen) Date: Tue, 06 Aug 2013 23:54:06 +0200 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: <20130806162558.GA26276@nihlus.leuxner.net> References: <20130730132047.GA31198@nihlus.leuxner.net> <20130801143940.GA20958@zwirn.topfen.net> <20130806154945.GA9582@nihlus.leuxner.net> <20130806162558.GA26276@nihlus.leuxner.net> Message-ID: <03c6a26b01ec04947900b4c2c95aaa29@junc.eu> Thomas Leuxner skrev den 2013-08-06 18:25: > * Timo Sirainen 2013.08.06 18:15: > >>> Now the real problem along the road is the submitting server. If >>> that server does not >>> indicate the message size during handshake the pre-queue rejection >>> simply can not work. >> >> quota_grace was meant to solve that. You'll allow the user to become >> a bit over quota. > > What I meant is before the mail enters the Postfix queues. If the > SIZE extension is not used during MAIL FROM by the remote server, > then > there's no way to reject an over-quota mail upfront, losing the > benefit of the policy service. dovecot dict sql qouta, then in postfix smtpd_end_of_data_restricttions check sql qoutas in policy deamons or just simple sql qoury will not solve it ?, correct if sender need to send data first to get sizes it begins to be impraktical since if there is just 1 byte free last sender can still send more then 1 byte, but next sender cant From ulrich-dovecot at topfen.net Wed Aug 7 09:29:43 2013 From: ulrich-dovecot at topfen.net (Ulrich Zehl) Date: Wed, 7 Aug 2013 08:29:43 +0200 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: <20130806192013.GA27229@nihlus.leuxner.net> References: <20130730132047.GA31198@nihlus.leuxner.net> <20130801143940.GA20958@zwirn.topfen.net> <20130806154945.GA9582@nihlus.leuxner.net> <20130806162558.GA26276@nihlus.leuxner.net> <6ADE6229-AFE3-4A87-9C27-46CA726BA6C8@iki.fi> <20130806175755.GA26868@nihlus.leuxner.net> <0F331A75-746F-4CBE-B587-F6781F53891C@iki.fi> <20130806184956.GT13717@harrier.slackbuilds.org> <20130806192013.GA27229@nihlus.leuxner.net> Message-ID: <20130807062943.GA11878@zwirn.topfen.net> On Tue, Aug 06, 2013 at 09:20:13PM +0200, Thomas Leuxner wrote: > Now everything in between seems to create SMTPD rejections in some cases > _or_ queue the mail and let it hit the quota in other cases. That's my > whole point... I'm sorry, I don't get your point. Are you saying that quota-status does not eliminate all over-quota bounces? That's to be expected. quota-status does not reserve quota when questioned, it only tells Postfix whether enough space is currently free or not. This is not free of race conditions, and therefore cannot eliminate all late bounces, even when quota-status has all the information, including size. For example, if a mailbox has 3000 bytes of free space, and two 2000 byte messages arrive close enough together so that the first one has not been delivered by the time the second one sends "RCPT TO ... SIZE=...", quota-status will allow both messages, even though the second one will be rejected when Postfix actually tries local delivery (LTMP/LDA). Are you saying that rejects depend on SIZE= being sent during the RCPT TO stage (i.e., messages that announce their size correctly are rejected during the SMTP transaction, while those without size inidcation are passed)? If so, follow Rob's suggestion, and run quota-status (again) as part of smtpd_end_of_data_restrictions. By then, Postfix will know the size of a message and pass it to quota-status. (This only works for single-recipient messages; multi-recipient messages will always pass at this stage, because Postfix' policy protocol will not send "recipient=..." in this case, and thus quota-status replies with "DUNNO". In my environment, most messages are single-recipient, so it works well enough for me.) Are you saying something else that I missed? Please tell me, because I'd like to understand your point. From tlx at leuxner.net Wed Aug 7 09:50:46 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Wed, 7 Aug 2013 08:50:46 +0200 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: <20130807062943.GA11878@zwirn.topfen.net> References: <20130801143940.GA20958@zwirn.topfen.net> <20130806154945.GA9582@nihlus.leuxner.net> <20130806162558.GA26276@nihlus.leuxner.net> <6ADE6229-AFE3-4A87-9C27-46CA726BA6C8@iki.fi> <20130806175755.GA26868@nihlus.leuxner.net> <0F331A75-746F-4CBE-B587-F6781F53891C@iki.fi> <20130806184956.GT13717@harrier.slackbuilds.org> <20130806192013.GA27229@nihlus.leuxner.net> <20130807062943.GA11878@zwirn.topfen.net> Message-ID: <20130807065046.GA13826@nihlus.leuxner.net> * Ulrich Zehl 2013.08.07 08:29: > Are you saying that rejects depend on SIZE= being sent during the RCPT TO > stage (i.e., messages that announce their size correctly are rejected > during the SMTP transaction, while those without size inidcation are > passed)? Yes. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From razvan.sandu at mobexpert.ro Wed Aug 7 11:22:21 2013 From: razvan.sandu at mobexpert.ro (=?UTF-8?B?UsSDenZhbiBTYW5kdQ==?=) Date: Wed, 07 Aug 2013 11:22:21 +0300 Subject: [Dovecot] Please HELP: how to delete all messages older than X days from the server? In-Reply-To: References: Message-ID: <520203BD.2030601@mobexpert.ro> On Tue, 06 Aug 2013 19:18:15 +0200, Pascal Volk a scris: > There is also the -A option, see > http://wiki2.dovecot.org/Tools/Doveadm/Expunge#section_options Thank you, but doveadm expunge will ask for the mailbox name: [root at mail1 ~]# doveadm expunge -u john.doe at example.com ON 2013-08-07 doveadm(root): Fatal: expunge: To avoid accidents, search query must contain MAILBOX in all search branches What I need is to traverse *all* directories under /var/spool/mail/vhosts/domainname/ (which are /var/spool/mail/vhosts/domainname/username, with further variable subdirectories, name never known in advance...) and to delete all messages older than X days (incoming, sent, drafts, trash, etc.) This must be done without manual confirmation ("are you sure...?") (if I do it via a script run from cron). >From the examples given in the wiki page, the expire plugin presents the same problem: one must know in advance the *name of the mailbox* he has to empty. Also for the correct search criteria: should I use SAVEDBEFORE or SENTBEFORE ? Thanks again, R?zvan -------------- next part -------------- A non-text attachment was scrubbed... Name: razvan_sandu.vcf Type: text/x-vcard Size: 452 bytes Desc: not available URL: From tss at iki.fi Wed Aug 7 11:32:30 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 7 Aug 2013 11:32:30 +0300 Subject: [Dovecot] Please HELP: how to delete all messages older than X days from the server? In-Reply-To: <520203BD.2030601@mobexpert.ro> References: <520203BD.2030601@mobexpert.ro> Message-ID: On 7.8.2013, at 11.22, R?zvan Sandu wrote: > On Tue, 06 Aug 2013 19:18:15 +0200, Pascal Volk a scris: > >> There is also the -A option, see >> http://wiki2.dovecot.org/Tools/Doveadm/Expunge#section_options > > > Thank you, but doveadm expunge will ask for the mailbox name: > > [root at mail1 ~]# doveadm expunge -u john.doe at example.com ON 2013-08-07 > doveadm(root): Fatal: expunge: To avoid accidents, search query must > contain MAILBOX in all search branches Add: mailbox '*' > Also for the correct search criteria: should I use SAVEDBEFORE or > SENTBEFORE ? If they are POP3 only, then SAVEDBEFORE and BEFORE and the same. SENTBEFORE usually is also almost the same, except if the mail has been stuck in queues for a while or if the sender's clock is wrong. So better not use it. From tss at iki.fi Wed Aug 7 11:35:29 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 7 Aug 2013 11:35:29 +0300 Subject: [Dovecot] Postfix aliases with quota-status service In-Reply-To: <20130807062943.GA11878@zwirn.topfen.net> References: <20130730132047.GA31198@nihlus.leuxner.net> <20130801143940.GA20958@zwirn.topfen.net> <20130806154945.GA9582@nihlus.leuxner.net> <20130806162558.GA26276@nihlus.leuxner.net> <6ADE6229-AFE3-4A87-9C27-46CA726BA6C8@iki.fi> <20130806175755.GA26868@nihlus.leuxner.net> <0F331A75-746F-4CBE-B587-F6781F53891C@iki.fi> <20130806184956.GT13717@harrier.slackbuilds.org> <20130806192013.GA27229@nihlus.leuxner.net> <20130807062943.GA11878@zwirn.topfen.net> Message-ID: On 7.8.2013, at 9.29, Ulrich Zehl wrote: > On Tue, Aug 06, 2013 at 09:20:13PM +0200, Thomas Leuxner wrote: >> Now everything in between seems to create SMTPD rejections in some cases >> _or_ queue the mail and let it hit the quota in other cases. That's my >> whole point... > > I'm sorry, I don't get your point. > > Are you saying that quota-status does not eliminate all over-quota bounces? > > That's to be expected. quota-status does not reserve quota when questioned, > it only tells Postfix whether enough space is currently free or not. This > is not free of race conditions, and therefore cannot eliminate all late > bounces, even when quota-status has all the information, including size. I think it would work also to do the check in SMTP RCPT TO stage and do quota bouncing only there. In LMTP/LDA stage use infinite quota to avoid bouncing. Yeah, user might get a little bit over quota (even over quota_grace) but not by much. From Tomi.Vainio at Oracle.COM Wed Aug 7 15:00:20 2013 From: Tomi.Vainio at Oracle.COM (Tomi Vainio) Date: Wed, 07 Aug 2013 15:00:20 +0300 Subject: [Dovecot] 2.2.5 fails to compile - SSL_OP_SINGLE_ECDH_USE : Solaris 10 + Sunstudio 12.3 Message-ID: <520236D4.7030508@Oracle.COM> Hi, Compile fails in these two files src/lib-ssl-iostream/iostream-openssl-context.c src/login-common/ssl-proxy-openssl.c due to missing SSL_OP_SINGLE_ECDH_USE In these there is only #if !defined(OPENSSL_NO_ECDH) when all the other places it always compares also SSL version #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L Tomppa From willyramos.m at gmail.com Wed Aug 7 17:32:55 2013 From: willyramos.m at gmail.com (will moura) Date: Wed, 7 Aug 2013 07:32:55 -0700 (PDT) Subject: [Dovecot] execvp /usr/local/libexec/dovecot/dovecot-lda: Permission denied In-Reply-To: References: <1285264216.2898.324.camel@kurkku.sapo.corppt.com> Message-ID: <1375885975199-43756.post@n4.nabble.com> Hi Edward Carraro, I see you got your goal. So I have same trouble and don?t solved. I used the three scenarios you used. based in http://wiki.dovecot.org/LDA/%VirtualUsers And tried using the lmtp, but too don?t worked to delivery mail, I use dovecot-lda to sieve plugin work. Please help me. See the logs: mail postfix/local[14324]: 45FCB12E89: to=, relay=local, delay=1785, delays=1785/0.05/0/0.12, dsn=4.3.0, status=deferred (temporary failure. Command output: local: fatal: execvp /usr/libexec/dovecot/deliver: Permission denied) Thanks. -- View this message in context: http://dovecot.2317879.n4.nabble.com/execvp-usr-local-libexec-dovecot-dovecot-lda-Permission-denied-tp9592p43756.html Sent from the Dovecot mailing list archive at Nabble.com. From tss at iki.fi Wed Aug 7 18:01:07 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 7 Aug 2013 18:01:07 +0300 Subject: [Dovecot] 2.2.5 fails to compile - SSL_OP_SINGLE_ECDH_USE : Solaris 10 + Sunstudio 12.3 In-Reply-To: <520236D4.7030508@Oracle.COM> References: <520236D4.7030508@Oracle.COM> Message-ID: <70EB7CA7-1C20-4281-A6CE-59E6943CBB2B@iki.fi> On 7.8.2013, at 15.00, Tomi Vainio wrote: > Compile fails in these two files > src/lib-ssl-iostream/iostream-openssl-context.c > src/login-common/ssl-proxy-openssl.c > due to missing SSL_OP_SINGLE_ECDH_USE I did some further cleanups, this should help: http://hg.dovecot.org/dovecot-2.2/rev/27ebd9552471 From ulrich-dovecot at topfen.net Wed Aug 7 19:03:45 2013 From: ulrich-dovecot at topfen.net (Ulrich Zehl) Date: Wed, 7 Aug 2013 18:03:45 +0200 Subject: [Dovecot] Override master service settigs with spaces Message-ID: <20130807160345.GB11878@zwirn.topfen.net> I'd like to override one setting for a master service in conf.d/10-master.conf. Unfortunately, said setting contains spaces, and I do not know how to escape them properly. Here's what I've tried so far. (Note: This is just the easiest/silliest test case I could come up with; not the actual setting or service I want to overwrite.) conf.d/10-master.conf: service quota-status { executable = quota-status -p postfix -o plugin/quota_status_success=Testing 1 2 3 inet_listener { port = 12340 } } Reaction: $ printf "recipient=test at example.org\nsize=0\n\n" | nc 127.0.0.1 12340 action=Testing conf.d/10-master.conf: service quota-status { executable = quota-status -p postfix -o "plugin/quota_status_success=Testing 1 2 3" inet_listener { port = 12340 } } Reaction: $ printf "recipient=test at example.org\nsize=0\n\n" | nc 127.0.0.1 12340 action=DUNNO [<-- This is the default setting] conf.d/10-master.conf: service quota-status { executable = quota-status -p postfix -o 'plugin/quota_status_success=Testing 1 2 3' inet_listener { port = 12340 } } Reaction: $ printf "recipient=test at example.org\nsize=0\n\n" | nc 127.0.0.1 12340 action=DUNNO [<-- This is the default setting] conf.d/10-master.conf: service quota-status { executable = quota-status -p postfix -o plugin/quota_status_success="Testing 1 2 3" inet_listener { port = 12340 } } Reaction: $ printf "recipient=test at example.org\nsize=0\n\n" | nc 127.0.0.1 12340 action="Testing [<-- Note the " after = ] conf.d/10-master.conf: service quota-status { executable = quota-status -p postfix -o plugin/quota_status_success=Testing\ 1\ 2\ 3 inet_listener { port = 12340 } } Reaction: $ printf "recipient=test at example.org\nsize=0\n\n" | nc 127.0.0.1 12340 action=Testing\ [<-- Note the \ ] I'm out of ideas now. What's the correct way to quote / escape these options? From david at hicks.id.au Wed Aug 7 19:06:39 2013 From: david at hicks.id.au (David Hicks) Date: Thu, 08 Aug 2013 02:06:39 +1000 Subject: [Dovecot] 2.2.5 fails to compile - SSL_OP_SINGLE_ECDH_USE : Solaris 10 + Sunstudio 12.3 In-Reply-To: <520236D4.7030508@Oracle.COM> References: <520236D4.7030508@Oracle.COM> Message-ID: <1375891599.22030.16@d.hx.id.au> On Wed, 2013-08-07 at 15:00 +0300, Tomi Vainio wrote: > Compile fails in these two files > src/lib-ssl-iostream/iostream-openssl-context.c > src/login-common/ssl-proxy-openssl.c > due to missing SSL_OP_SINGLE_ECDH_USE > > In these there is only > #if !defined(OPENSSL_NO_ECDH) > when all the other places it always compares also SSL version > #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L SSL_OP_SINGLE_ECDH_USE has been defined in OpenSSL's ssl/ssl.h since draft ECC support was first committed on 9 Aug 2002[1]. OpenSSL's CHANGES file states that draft ECC support was added between openssl-0.9.7 and openssl-0.9.8. OpenSSL has also been defining OPENSSL_NO_ECDH in the build script since 30 Jan 2009[2]. All releases in the openssl-0.9.8 series and higher should therefore have both SSL_OP_SINGLE_ECDH_USE and OPENSSL_NO_ECDH defined. Would I be correct to assume that Solaris 10 is bundling OpenSSL <=0.9.7? [1] http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=ssl/ssl.h;h=49e3c52c9c4982ccec5e280cd3577d1b783f016c;hb=ea262260469e49149cb10b25a87dfd6ad3fbb4ba#l480 [2] http://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff;f=util/mk1mf.pl;h=5f3ab059f0cccd058a89e9036a740c046d813ba8;hp=8c6370bc5dcbb470550d520b834148a027a7d3bc;hb=0b13e9f055d3f7be066dc2e89fc9f9822b12eca7;hpb=96f7065f6392e19f1449578aaeabb8dc39294fa7 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL: From david at hicks.id.au Wed Aug 7 19:09:33 2013 From: david at hicks.id.au (David Hicks) Date: Thu, 08 Aug 2013 02:09:33 +1000 Subject: [Dovecot] 2.2.5 fails to compile - SSL_OP_SINGLE_ECDH_USE : Solaris 10 + Sunstudio 12.3 In-Reply-To: <1375891599.22030.16@d.hx.id.au> References: <520236D4.7030508@Oracle.COM> <1375891599.22030.16@d.hx.id.au> Message-ID: <1375891773.22030.17@d.hx.id.au> On Thu, 2013-08-08 at 02:06 +1000, David Hicks wrote: > OpenSSL has also been defining > OPENSSL_NO_ECDH in the build script since 30 Jan 2009[2]. Correction of typo in the date: 30 Jan 2003. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL: From michael.abbott at apple.com Wed Aug 7 19:43:42 2013 From: michael.abbott at apple.com (Mike Abbott) Date: Wed, 07 Aug 2013 11:43:42 -0500 Subject: [Dovecot] keywords leak in cmd_append_handle_args() Message-ID: <67DB841E-93AE-4B44-889B-93DCCEA8F005@apple.com> In 2.2.5 and earlier it appears that mailbox_keywords_unref(&keywords) is not called in some return paths from cmd_append_handle_args(). Should it be? From tss at iki.fi Wed Aug 7 19:47:40 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 7 Aug 2013 19:47:40 +0300 Subject: [Dovecot] keywords leak in cmd_append_handle_args() In-Reply-To: <67DB841E-93AE-4B44-889B-93DCCEA8F005@apple.com> References: <67DB841E-93AE-4B44-889B-93DCCEA8F005@apple.com> Message-ID: <0DAB33DD-82B7-4ACF-9662-18A08899EEA5@iki.fi> On 7.8.2013, at 19.43, Mike Abbott wrote: > In 2.2.5 and earlier it appears that mailbox_keywords_unref(&keywords) is not called in some return paths from cmd_append_handle_args(). Should it be? Yeah, added, thanks: http://hg.dovecot.org/dovecot-2.2/rev/5dbea45eecb8 From Tomi.Vainio at Oracle.COM Wed Aug 7 20:35:07 2013 From: Tomi.Vainio at Oracle.COM (Tomi Vainio) Date: Wed, 07 Aug 2013 20:35:07 +0300 Subject: [Dovecot] 2.2.5 fails to compile - SSL_OP_SINGLE_ECDH_USE : Solaris 10 + Sunstudio 12.3 In-Reply-To: <70EB7CA7-1C20-4281-A6CE-59E6943CBB2B@iki.fi> References: <520236D4.7030508@Oracle.COM> <70EB7CA7-1C20-4281-A6CE-59E6943CBB2B@iki.fi> Message-ID: <5202854B.4030500@Oracle.COM> On 7.8.2013 18.01, Timo Sirainen wrote: > On 7.8.2013, at 15.00, Tomi Vainio wrote: > >> Compile fails in these two files >> src/lib-ssl-iostream/iostream-openssl-context.c >> src/login-common/ssl-proxy-openssl.c >> due to missing SSL_OP_SINGLE_ECDH_USE > > I did some further cleanups, this should help: http://hg.dovecot.org/dovecot-2.2/rev/27ebd9552471 > Thanks, works fine. Solaris 10 has version which is quite old base line % openssl version OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-7250 CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2008-7270 CVE-2009-0590 CVE-2009-2409 CVE-2009-3555 CVE-2010-4180 CVE-2011-4576 CVE-2011-4619 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333 CVE-2013-0166 CVE-2013-0169) Tomppa From AxelLuttgens at swing.be Wed Aug 7 23:28:16 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Wed, 7 Aug 2013 22:28:16 +0200 Subject: [Dovecot] execvp /usr/local/libexec/dovecot/dovecot-lda: Permission denied In-Reply-To: <1375885975199-43756.post@n4.nabble.com> References: <1285264216.2898.324.camel@kurkku.sapo.corppt.com> <1375885975199-43756.post@n4.nabble.com> Message-ID: <8184519D-C636-4527-8862-34C282478698@swing.be> Le 7 ao?t 2013 ? 16:32, will moura a ?crit : > Hi Edward Carraro, > > I see you got your goal. > So I have same trouble and don?t solved. > I used the three scenarios you used. > > based in http://wiki.dovecot.org/LDA/%VirtualUsers > > And tried using the lmtp, but too don?t worked to delivery mail, I use > dovecot-lda to sieve plugin work. > > Please help me. > > See the logs: > > mail postfix/local[14324]: 45FCB12E89: to=, relay=local, > delay=1785, delays=1785/0.05/0/0.12, dsn=4.3.0, status=deferred (temporary > failure. Command output: local: fatal: execvp /usr/libexec/dovecot/deliver: > Permission denied) > > Thanks. Hello Will, Are you cross-posting without knowing it? As far as I'm concerned, I'm unable to find any previous related email on this list; and the above sure is insufficient for anyone on this list to be of some help... Could you re-state your trouble for the sake of all of us? :-) Axel From AxelLuttgens at swing.be Wed Aug 7 23:49:28 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Wed, 7 Aug 2013 22:49:28 +0200 Subject: [Dovecot] Override master service settigs with spaces In-Reply-To: <20130807160345.GB11878@zwirn.topfen.net> References: <20130807160345.GB11878@zwirn.topfen.net> Message-ID: <8A7DA3DF-FAF5-487A-BA3A-7AB335DEA709@swing.be> Le 7 ao?t 2013 ? 18:03, Ulrich Zehl a ?crit : > I'd like to override one setting for a master service in > conf.d/10-master.conf. Unfortunately, said setting contains spaces, and I > do not know how to escape them properly. > > Here's what I've tried so far. (Note: This is just the easiest/silliest > test case I could come up with; not the actual setting or service I want to > overwrite.) > > > [...] > > > I'm out of ideas now. What's the correct way to quote / escape these > options? Hello Ulrich, What makes you think quota-status would accept a -o option? And what's that "quota_status_success" plugin supposed to do? Just curious (probably ill-informed), Axel From claude.xavier at gmail.com Thu Aug 8 00:07:31 2013 From: claude.xavier at gmail.com (Xavier Claude) Date: Wed, 07 Aug 2013 23:07:31 +0200 Subject: [Dovecot] Unable to use dovecot-antispam plugin In-Reply-To: References: <1458010.NeIMt30kEy@linux-s4x4.site> <4481015.sSPuMHpFBG@linux-s4x4.site> Message-ID: <1816742.fAMCONA0qj@linux-s4x4.site> Le mercredi 31 juillet 2013 08:51:11 Steffen Kaiser a ?crit : > > To narrow down the problem, could you: > > a) add "Drafts" to antispam_spam and try again with Drafts,& I've added it and I have the same behaviour as with the Spam directory. > a) disable antispam and try to move a message to Spam again. If I disable the plugin I can move a mail in the Spam directory. > > The config looks fine. Do you have no error in the logs or in syslog? I > wonder if your client moves the message to Spam at all ... . I don't see anything in the logs. Regards, -- Xavier Claude claude.xavier at gmail.com From eliezer at ngtech.co.il Thu Aug 8 01:42:43 2013 From: eliezer at ngtech.co.il (Eliezer Croitoru) Date: Thu, 08 Aug 2013 01:42:43 +0300 Subject: [Dovecot] The docs a re a bit weird on "Directory hashing" Message-ID: <5202CD63.9020409@ngtech.co.il> In squid we use a double layer of hashed directories on the FS to allow storage of millions of files. I was reading the "Directory hashing" section but never understood it.. since it's written.. in a way I could not understand. I am using this line: mail_location = maildir:/home/vmail/%d/%n/Maildir/ and I want to migrate to a hash based directory scheme. While trying to understand how that hash will work I stumbled a old thread at: http://www.dovecot.org/list/dovecot/2010-June/049695.html there they used: mail_location=maildir:/buzones/us.es/%1Hu/%2.1u/%n so I assume it should be used like that: mail_location=maildir:/home/vmail/%H/%2.256Hn/%d_%n/Maildir/ or: mail_location=maildir:/home/vmail/%1Mu/%2.1Mu/%d_%n/Maildir/ It's a bit hard to think alone so I hope you can assist me. let say I want to follow the model of squid cache_dir which has: cache_dir aufs /usr/local/squid/var/cache/squid 40000 16 256 And means a two layers cache of max 16 directories on the first layer and 256 directories on the second layer. The above allows millions of files storage and can benefit from all ext4 lower kernel levels of compatibly rather then do stuff on the user-land.. Since I am not 100% sure that the scheme I understood is indeed what I think I assume the above will need a small correction. Eliezer From john.williams at otago.ac.nz Thu Aug 8 09:48:22 2013 From: john.williams at otago.ac.nz (John Williams) Date: Thu, 08 Aug 2013 17:48:22 +1100 Subject: [Dovecot] How to troubleshoot LDA or LMTP? References: <87zjsvd5l8.fsf@otago.ac.nz> Message-ID: <87a9ksu18p.fsf@hotdog.falcon> Steffen Kaiser writes: > On Tue, 6 Aug 2013, John Williams wrote: > >>> dovecot-lda -c config-file -d user < mailfile >> Aha! Piping a message to the process was the step I was not aware of. > > does offlineimap provides logs to get to know what mails are newly > arriving to your local mail storage, Yes. > in order to not filter the same message twice or re-filter messages, > you've moved around manually? That is not a problem. The filtering process works perfectly when I manually invoke dovecot-lda. My problem is that I have followed the instructions here: http://wiki2.dovecot.org/LDA/ and here: http://wiki2.dovecot.org/LDA/Sendmail and here: http://wiki2.dovecot.org/LMTP but neither dovecot-lda nor LMTP seem to be triggered whenever I send email from my MUA (Gnus). At least, I *think* I have followed the instructions correctly. Would you like me to post my dovecot config again, and the relevant portion of sendmail.cf? Thank you very much for your help, I truly appreciate it. From ulrich-dovecot at topfen.net Thu Aug 8 10:10:59 2013 From: ulrich-dovecot at topfen.net (Ulrich Zehl) Date: Thu, 8 Aug 2013 09:10:59 +0200 Subject: [Dovecot] Override master service settigs with spaces In-Reply-To: <8A7DA3DF-FAF5-487A-BA3A-7AB335DEA709@swing.be> References: <20130807160345.GB11878@zwirn.topfen.net> <8A7DA3DF-FAF5-487A-BA3A-7AB335DEA709@swing.be> Message-ID: <20130808071059.GA10507@zwirn.topfen.net> On Wed, Aug 07, 2013 at 10:49:28PM +0200, Axel Luttgens wrote: > > What makes you think quota-status would accept a -o option? Every service running under master accepts -o, as far as I can tell from the code. (Additionally verified by my tests; for settings without spaces it works well.) > And what's that "quota_status_success" plugin supposed to do? It's just a setting that you'd normally set in conf.d/90-quota.conf (or similar) like this: plugin { quota_status_success = DUNNO } It tells quota-status what action to return to Postfix when the message will fit into quota, just like quota_status_overquota (and quota_status_toolarge since 2.2.5) do for messages that will not fit. From janfrode at tanso.net Thu Aug 8 10:29:54 2013 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Thu, 8 Aug 2013 09:29:54 +0200 Subject: [Dovecot] The docs a re a bit weird on "Directory hashing" In-Reply-To: <5202CD63.9020409@ngtech.co.il> References: <5202CD63.9020409@ngtech.co.il> Message-ID: <20130808072954.GA24215@mushkin.tanso.net> On Thu, Aug 08, 2013 at 01:42:43AM +0300, Eliezer Croitoru wrote: > > And means a two layers cache of max 16 directories on the first layer > and 256 directories on the second layer. > The above allows millions of files storage and can benefit from all ext4 > lower kernel levels of compatibly rather then do stuff on the user-land.. > Since I am not 100% sure that the scheme I understood is indeed what I > think I assume the above will need a small correction. I use: mail_home = /srv/mailstore/%256LRHu/%Ld/%Ln which gives me 256 buckets containing domainname/username/, and the buckets are a hash of Lowercase Reverse usernames. To get the same layout as squid, I would try: mail_home = /srv/mailstore/%16LRHu/%256LRHu/%Lu Ref: http://wiki2.dovecot.org/Variables for variables and modifiers. BTW: I'm lowercasing everything, because I once got bitten by a variable not being lowercased in one version, and suddenly this changing in another version. It's probably redundant here -- but it was painful to fix when it happened.. -jf From tss at iki.fi Thu Aug 8 11:18:42 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 8 Aug 2013 11:18:42 +0300 Subject: [Dovecot] Override master service settigs with spaces In-Reply-To: <20130807160345.GB11878@zwirn.topfen.net> References: <20130807160345.GB11878@zwirn.topfen.net> Message-ID: <700801E3-0217-4AF5-BFB4-72277C23707C@iki.fi> On 7.8.2013, at 19.03, Ulrich Zehl wrote: > I'd like to override one setting for a master service in > conf.d/10-master.conf. Unfortunately, said setting contains spaces, and I > do not know how to escape them properly. There is no support for escaping currently. > executable = quota-status -p postfix -o "plugin/quota_status_success=Testing 1 2 3" Maybe this should work.. But for now you can just write a wrapper script. From srf at sanger.ac.uk Thu Aug 8 11:21:17 2013 From: srf at sanger.ac.uk (Simon Fraser) Date: Thu, 08 Aug 2013 09:21:17 +0100 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> Message-ID: <1375950077.5211.18.camel@ubu101751> On Tue, 2013-08-06 at 19:15 +0300, Timo Sirainen wrote: > > Presumably it's thinking the "-r /tmp/dsync-rawlog" is a mail location? > > I've tried changing its location in the appends, but it doesn't make a > > difference. > > Oops, I messed up the parameter order. It was supposed to have -s state but now it had -s -r rawlog state. New patch should work better. I ran two tests: one using 'doveadm expunge' and one deleting the message using mutt. Since the hosts mentioned so far have a copy of my full mailbox on, I re-ran the tests (with the same results) on a test server with a fresh mailbox on, so there was no extra folder synchronisation in there to fill up the rawlog. Those log entries are too big for the mailing list (70k+), so are here: 'doveadm expunge' dsync-rawlog node A http://pastebin.com/LtUnENPv 'doveadm expunge' dsync-rawlog node B http://pastebin.com/QaWLyZq2 imap expunge dsync-rawlog node A http://pastebin.com/SuFdWn0w imap expunge dsync-rawlog node B http://pastebin.com/Ex66s7hq Mail logs on both contain entries like this: Aug 6 18:04:37 dcot2a dovecot: master: Dovecot v2.2.5 starting up (core dumps disabled) Aug 6 18:04:38 dcot2a dovecot: doveadm: Error: Don't give mail location with -d parameter Simon. -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From tss at iki.fi Thu Aug 8 11:25:18 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 8 Aug 2013 11:25:18 +0300 Subject: [Dovecot] The docs a re a bit weird on "Directory hashing" In-Reply-To: <5202CD63.9020409@ngtech.co.il> References: <5202CD63.9020409@ngtech.co.il> Message-ID: <27EB9018-BC80-426D-9442-4F78911E7FF2@iki.fi> BTW. If you're using v2.2.3+ %N hash works better than the old %H hash. I updated http://wiki2.dovecot.org/Variables for it also. On 8.8.2013, at 1.42, Eliezer Croitoru wrote: > In squid we use a double layer of hashed directories on the FS to allow > storage of millions of files. > I was reading the "Directory hashing" section but never understood it.. > since it's written.. in a way I could not understand. > I am using this line: > mail_location = maildir:/home/vmail/%d/%n/Maildir/ > > and I want to migrate to a hash based directory scheme. > While trying to understand how that hash will work I stumbled a old > thread at: > http://www.dovecot.org/list/dovecot/2010-June/049695.html > there they used: > mail_location=maildir:/buzones/us.es/%1Hu/%2.1u/%n > > so I assume it should be used like that: > mail_location=maildir:/home/vmail/%H/%2.256Hn/%d_%n/Maildir/ > or: > mail_location=maildir:/home/vmail/%1Mu/%2.1Mu/%d_%n/Maildir/ > > It's a bit hard to think alone so I hope you can assist me. > > let say I want to follow the model of squid cache_dir which has: > cache_dir aufs /usr/local/squid/var/cache/squid 40000 16 256 > > And means a two layers cache of max 16 directories on the first layer > and 256 directories on the second layer. > The above allows millions of files storage and can benefit from all ext4 > lower kernel levels of compatibly rather then do stuff on the user-land.. > Since I am not 100% sure that the scheme I understood is indeed what I > think I assume the above will need a small correction. > > Eliezer > From AxelLuttgens at swing.be Thu Aug 8 11:33:09 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Thu, 8 Aug 2013 10:33:09 +0200 Subject: [Dovecot] Override master service settigs with spaces In-Reply-To: <20130808071059.GA10507@zwirn.topfen.net> References: <20130807160345.GB11878@zwirn.topfen.net> <8A7DA3DF-FAF5-487A-BA3A-7AB335DEA709@swing.be> <20130808071059.GA10507@zwirn.topfen.net> Message-ID: <36C07B7C-F332-45BD-8B74-380BCC16972C@swing.be> Le 8 ao?t 2013 ? 09:10, Ulrich Zehl a ?crit : > On Wed, Aug 07, 2013 at 10:49:28PM +0200, Axel Luttgens wrote: >> >> What makes you think quota-status would accept a -o option? > > Every service running under master accepts -o, as far as I can tell from > the code. (Additionally verified by my tests; for settings without spaces > it works well.) Hello Ulrich, Sorry for the noise. I guess I was terribly tired yesterday, since I just didn't manage to understand what you were trying... Axel From tlx at leuxner.net Thu Aug 8 12:07:16 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Thu, 8 Aug 2013 11:07:16 +0200 Subject: [Dovecot] HG changes affecting received headers Message-ID: <20130808090716.GA3906@nihlus.leuxner.net> Let me say this is a rather cosmetic issue, but it appears with the latest commits (around 2.2.5 release) the scheme of 'Received' headers has changed for LMTP: 1) Inet socket: Return-Path: Delivered-To: Received: from spectre.leuxner.net ([188.138.0.199]) by spectre.leuxner.net (Dovecot) with LMTP id 8AkXDF5cA1LvDgAAZ53dLw for ; Thu, 08 Aug 2013 10:52:46 +0200 2) UNIX socket: Return-Path: Delivered-To: Received: from spectre.leuxner.net ([]) by spectre.leuxner.net (Dovecot) with LMTP id q8WuGflcA1I3DwAAZ53dLw for ; Thu, 08 Aug 2013 10:55:21 +0200 3) Old (Pre 2.2.5) build, UNIX socket: Return-Path: Delivered-To: Received: from spectre.leuxner.net by spectre.leuxner.net (Dovecot) with LMTP id 8NiKKX0h+lFRIAAAZ53dLw for ; Thu, 01 Aug 2013 10:51:09 +0200 While it probably should resolve the FQDN in 1) (Postfix does), not sure what it should do with a UNIX socket in 2). Previously as shown in 3) it had none of it... Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From skdovecot at smail.inf.fh-brs.de Thu Aug 8 12:19:37 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 8 Aug 2013 11:19:37 +0200 (CEST) Subject: [Dovecot] How to troubleshoot LDA or LMTP? In-Reply-To: <87a9ksu18p.fsf@hotdog.falcon> References: <87zjsvd5l8.fsf@otago.ac.nz> <87a9ksu18p.fsf@hotdog.falcon> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 8 Aug 2013, John Williams wrote: >> in order to not filter the same message twice or re-filter messages, >> you've moved around manually? > That is not a problem. The filtering process works perfectly when I > manually invoke dovecot-lda. My problem is that I have followed the > instructions here: > > http://wiki2.dovecot.org/LDA/ > > and here: > > http://wiki2.dovecot.org/LDA/Sendmail > > and here: > > http://wiki2.dovecot.org/LMTP > > but neither dovecot-lda nor LMTP seem to be triggered whenever I send > email from my MUA (Gnus). At least, I *think* I have followed the > instructions correctly. Would you like me to post my dovecot config > again, and the relevant portion of sendmail.cf? > > Thank you very much for your help, I truly appreciate it. As Stan already pointed out: a local delivery takes place only, when the mail arrives via a MTA. offlineimap synchronizes two IMAP folders, there is no local delivery at your side at all. Hence, neither LDA nor LMTP is invoked. So I see two ways: 1) keep offlineimap to resync your local store back to the server and keep both in-sync. Then you can: 1a) run offlineimap to get new messages from the upstream server and sync current local messages. 1b) remove the new ones from the local store and feed them _manually_ to the LDA or LMTP. Now the filtering takes place and they are re-added to the mail storage. 1c) maybe: re-run the process until no new messages got downloaded, in order to keep the server in-sync 2) no need for server messages in-sync with local message store 2a) setup a local MTA that accepts your domain and drops messages via Dovecot LDA or LMTP. Then get the new messages via fetchmail on a regular basis and hand the messages over to the local MTA. 2b) use fetchmail in combination with Dovecot LDA/LMTP. No local MTA necessary. fetchmail will see only messages in INBOX as far as I know. So no filtering on the server must take place. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUgNiqV3r2wJMiz2NAQISSAgAnSWnyf4kzNrbEd/+UcZGvmeegCWp4QY3 TWAIh8V8vbo+FyKyYomvRLt1mmq5CKJNwOUdz+A3u5R6XT25JZKxA5yYhUKlLNEU n05zIsmWvKV6DWahdTv7GL84kmyETqp7zYo5pBWRf9SqwGFH8+KcBGh1U3MTaKhQ QfzIj3eYk7a1DQld7u3ZaLSiKCBadWCakgNscY2mX+gzoN4EXt+X1zMO52uaZpJ3 QkJyd2AHrnpYgBbmr2maneYox3+67IyQChnzZ0t2c9uPodT4ukEkZFYjrucEGlfv JEUaOaVnuzx/Wi7gxSUL/agSiaksLaEkT/KMWS6wQMSI0NxUaGIHjQ== =f/Uy -----END PGP SIGNATURE----- From gstaniak at gmail.com Thu Aug 8 12:58:49 2013 From: gstaniak at gmail.com (Grzegorz Staniak) Date: Thu, 8 Aug 2013 11:58:49 +0200 Subject: [Dovecot] Errors in SASL authentication ("attempted master login") Message-ID: Hi, I'm using dovecot 2.2.4 (with Postfix 2.8.4) as both the SASL authentication backend and the delivery agent, and I keep getting lines like the following in the dovecot.log from the authentication subsystem: auth: passdb(toshiba1 at domain,8.8.8.8,master): Attempted master login with no master passdbs (trying to log in as user: plain) The connections come from an old (embedded) mail client in a printer-fax machine. I googled for this specific error, but I only found info about old clients using "user\0user\0pass" string incorrectly during authentication, which caused a problem for earlier, development versions of dovecot. Actually, I recently migrated from 1.2 to 2.2.4 exactly to alleviate this situation, but the errors persist. Is there a way to remove the problem or work around it? Regards, GS -- Grzegorz Staniak From razvan.sandu at mobexpert.ro Thu Aug 8 13:00:55 2013 From: razvan.sandu at mobexpert.ro (=?UTF-8?B?UsSDenZhbiBTYW5kdQ==?=) Date: Thu, 08 Aug 2013 13:00:55 +0300 Subject: [Dovecot] Please HELP: how to delete all messages older than X days In-Reply-To: References: Message-ID: <52036C57.3090608@mobexpert.ro> Pe 7 Aug 2013 11:35, Timo Sirainen a scris: >> Thank you, but doveadm expunge will ask for the mailbox name: >> >> [root at mail1 ~]# doveadm expunge -u john.doe at example.com ON >> 2013-08-07 doveadm(root): Fatal: expunge: To avoid accidents, >> search query must contain MAILBOX in all search branches > > Add: mailbox '*' Thank you, it works! May I use the same wildcard syntax ('*') when configuring the expire plugin? Something like: mail_plugins = $mail_plugins expire plugin { expire = * } or plugin { expire = '*' } ? Best regards, R?zvan -------------- next part -------------- A non-text attachment was scrubbed... Name: razvan_sandu.vcf Type: text/x-vcard Size: 424 bytes Desc: not available URL: From md at Linux.IT Thu Aug 8 18:53:47 2013 From: md at Linux.IT (Marco d'Itri) Date: Thu, 8 Aug 2013 17:53:47 +0200 Subject: [Dovecot] multiple passdbs and auth sockets Message-ID: <20130808155346.GA19214@bongo.bofh.it> I have a few systems which run dovecot 1.x as the authentication backend for Postfix, with multiple auth { } sections like this one, each one with a different passdb and its own socket: auth ldap-10 { passdb ldap { args = /etc/dovecot/dovecot-ldap-10.conf } socket listen { client { path = /var/spool/postfix/private/auth-10 mode = 0666 } } } I need multiple sockets tied to multiple dbs because there are duplicated accounts, but after switching to dovecot 2.1.7 apparently *all* passdbs are checked and dovecot reports this message: Warning: Obsolete setting in /etc/dovecot/conf.d/auth-local.conf.ext:91: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf shows that all my custom sockets are now part of a single "service auth { }" section, while all the passdbs appear at the top level. How can I update my configuration for dovecot 2.x? -- ciao, Marco From tss at iki.fi Thu Aug 8 22:38:32 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 8 Aug 2013 22:38:32 +0300 Subject: [Dovecot] HG changes affecting received headers In-Reply-To: <20130808090716.GA3906@nihlus.leuxner.net> References: <20130808090716.GA3906@nihlus.leuxner.net> Message-ID: On 8.8.2013, at 12.07, Thomas Leuxner wrote: > Let me say this is a rather cosmetic issue, but it appears with the latest commits (around 2.2.5 release) the scheme of 'Received' headers has changed for LMTP: Thanks. I thought I found all such occurrences, but looks like I missed that one for some reason. Fixed: http://hg.dovecot.org/dovecot-2.2/rev/9aa9944bd96e > 1) Inet socket: > Return-Path: > Delivered-To: > Received: from spectre.leuxner.net ([188.138.0.199]) > by spectre.leuxner.net (Dovecot) with LMTP id 8AkXDF5cA1LvDgAAZ53dLw > for ; Thu, 08 Aug 2013 10:52:46 +0200 > > 2) UNIX socket: > Return-Path: > Delivered-To: > Received: from spectre.leuxner.net ([]) > by spectre.leuxner.net (Dovecot) with LMTP id q8WuGflcA1I3DwAAZ53dLw > for ; Thu, 08 Aug 2013 10:55:21 +0200 > > 3) Old (Pre 2.2.5) build, UNIX socket: > Return-Path: > Delivered-To: > Received: from spectre.leuxner.net > by spectre.leuxner.net (Dovecot) with LMTP id 8NiKKX0h+lFRIAAAZ53dLw > for ; Thu, 01 Aug 2013 10:51:09 +0200 > > While it probably should resolve the FQDN in 1) (Postfix does), not sure what it should do with a UNIX socket in 2). Previously as shown in 3) it had none of it... > > Thomas From eliezer at ngtech.co.il Fri Aug 9 00:02:34 2013 From: eliezer at ngtech.co.il (Eliezer Croitoru) Date: Fri, 09 Aug 2013 00:02:34 +0300 Subject: [Dovecot] The docs a re a bit weird on "Directory hashing" In-Reply-To: <20130808072954.GA24215@mushkin.tanso.net> References: <5202CD63.9020409@ngtech.co.il> <20130808072954.GA24215@mushkin.tanso.net> Message-ID: <5204076A.3080201@ngtech.co.il> Hey, On 08/08/2013 10:29 AM, Jan-Frode Myklebust wrote: > On Thu, Aug 08, 2013 at 01:42:43AM +0300, Eliezer Croitoru wrote: >> >> And means a two layers cache of max 16 directories on the first layer >> and 256 directories on the second layer. >> The above allows millions of files storage and can benefit from all ext4 >> lower kernel levels of compatibly rather then do stuff on the user-land.. >> Since I am not 100% sure that the scheme I understood is indeed what I >> think I assume the above will need a small correction. > > I use: > > mail_home = /srv/mailstore/%256LRHu/%Ld/%Ln "R" what for?? I do understand a Lower case on the names and have seen the effect but how would R be helpful?? Eliezer > > which gives me 256 buckets containing domainname/username/, and the > buckets are a hash of Lowercase Reverse usernames. To get the same > layout as squid, I would try: > > mail_home = /srv/mailstore/%16LRHu/%256LRHu/%Lu > > Ref: http://wiki2.dovecot.org/Variables for variables and modifiers. > > BTW: I'm lowercasing everything, because I once got bitten by a variable > not being lowercased in one version, and suddenly this changing in > another version. It's probably redundant here -- but it was painful to > fix when it happened.. > > > -jf > From jeff.geiger at firespring.com Fri Aug 9 00:36:13 2013 From: jeff.geiger at firespring.com (Jeff Geiger) Date: Thu, 8 Aug 2013 16:36:13 -0500 Subject: [Dovecot] GUID Mismatch Issue Message-ID: Dovecot 2.1.7 While migrating mail from one server (Maildir) to another (mdbox), a config issue caused my dsync to fail on a few accounts. Those accounts received mail on the new server over night and it autocreated new inboxes with new GUIDs. Now dsync wants nothing to do with mirroring between the two (diff GUIDs). Is there a way to fix this? dsync(jeff at foo.bar): Error: Mailbox INBOX changed its GUID (0eee4b021dcadd5158550000eed085a1 -> 43f87412a8f00352ac340000be821591) dsync(jeff at foo.bar): Error: msg iteration failed: Couldn't open mailbox 0eee4b021dcadd5158550000eed085a1 dsync(jeff at foo.bar): Error: Mailbox INBOX changed its GUID (0eee4b021dcadd5158550000eed085a1 -> 43f87412a8f00352ac340000be821591) dsync(jeff at foo.bar): Error: Mailbox Trash changed its GUID (0fee4b021dcadd5158550000eed085a1 -> 6300df050ef10352e9350000be821591) dsync(jeff at foo.bar): Error: Mailbox Sent changed its GUID (832d1e3663cadd515f5d0000eed085a1 -> 855ef505c0f00352fc340000be821591) I need a way to merge the mailboxes, in either direction, so I can clear out one side and successfully migrate the mail accounts. Any tips or pointers are greatly appreciated. From tlx at leuxner.net Fri Aug 9 08:09:38 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Fri, 9 Aug 2013 07:09:38 +0200 Subject: [Dovecot] HG changes affecting received headers In-Reply-To: References: <20130808090716.GA3906@nihlus.leuxner.net> Message-ID: <20130809050938.GA24626@nihlus.leuxner.net> * Timo Sirainen 2013.08.08 21:38: > Thanks. I thought I found all such occurrences, but looks like I missed that one for some reason. Fixed: http://hg.dovecot.org/dovecot-2.2/rev/9aa9944bd96e Thanks, confirmed fixed. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From felixrubiodalmau at gmail.com Fri Aug 9 12:44:54 2013 From: felixrubiodalmau at gmail.com (Felix Rubio Dalmau) Date: Fri, 09 Aug 2013 11:44:54 +0200 Subject: [Dovecot] prevent dovecot from modifying maildirs Message-ID: <4966709.Rmq5fRU2dK@jarvis> Hi all, Is there any possibility to ask dovecot to write nothing to disk, something like a "read only" state, without shutting it down? I have set up a ZFS+postfix+dovecot mail server, and I need both postfix (postsuper -h ALL) and dovecot (??) to stop modifying the disk to create the snapshot to be saved. Does anybody has any idea on how to achieve this? Regards! Felix From CMarcus at Media-Brokers.com Fri Aug 9 13:26:03 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 09 Aug 2013 06:26:03 -0400 Subject: [Dovecot] prevent dovecot from modifying maildirs In-Reply-To: <4966709.Rmq5fRU2dK@jarvis> References: <4966709.Rmq5fRU2dK@jarvis> Message-ID: <5204C3BB.1030401@Media-Brokers.com> On 2013-08-09 5:44 AM, Felix Rubio Dalmau wrote: > Is there any possibility to ask dovecot to write nothing to disk, something like a "read only" state, without shutting it down? I have set up a ZFS+postfix+dovecot mail server, and I need both postfix (postsuper -h ALL) and dovecot (??) to stop modifying the disk to create the snapshot to be saved. ??? That is supposed to be (haven't used it yet) one of ZFS's strong points. You don't need to worry about this, it is all handled by the OS. If you think you do need to worry about it, then you'll have to come up with a very good reason why. -- Best regards, */Charles/* From me at junc.eu Fri Aug 9 14:43:45 2013 From: me at junc.eu (Benny Pedersen) Date: Fri, 09 Aug 2013 13:43:45 +0200 Subject: [Dovecot] prevent dovecot from modifying maildirs In-Reply-To: <4966709.Rmq5fRU2dK@jarvis> References: <4966709.Rmq5fRU2dK@jarvis> Message-ID: Felix Rubio Dalmau skrev den 2013-08-09 11:44: > Does anybody has any idea on how to achieve this? stop dovecot/postfix, maybe remember sql/ldap database aswell From trashcan at odo.in-berlin.de Fri Aug 9 15:04:02 2013 From: trashcan at odo.in-berlin.de (Michael Grimm) Date: Fri, 09 Aug 2013 14:04:02 +0200 Subject: [Dovecot] prevent dovecot from modifying maildirs In-Reply-To: <4966709.Rmq5fRU2dK@jarvis> References: <4966709.Rmq5fRU2dK@jarvis> Message-ID: <49a4513e642f55b9e9d71c7ada9ccaa3@mx1.enfer-du-nord.net> On 2013-08-09 11:44, Felix Rubio Dalmau wrote: > Is there any possibility to ask dovecot to write nothing to disk, > something like a "read only" state, without shutting it down? I have > set up a ZFS+postfix+dovecot mail server, and I need both postfix > (postsuper -h ALL) and dovecot (??) to stop modifying the disk to > create the snapshot to be saved. > > Does anybody has any idea on how to achieve this? As mentioned before, that's done by ZFS. Just create a snapshot using your ZFS functionality (zfs snapshot ). Regards, Michael From CMarcus at Media-Brokers.com Fri Aug 9 15:19:59 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 09 Aug 2013 08:19:59 -0400 Subject: [Dovecot] prevent dovecot from modifying maildirs In-Reply-To: <49a4513e642f55b9e9d71c7ada9ccaa3@mx1.enfer-du-nord.net> References: <4966709.Rmq5fRU2dK@jarvis> <49a4513e642f55b9e9d71c7ada9ccaa3@mx1.enfer-du-nord.net> Message-ID: <5204DE6F.7070403@Media-Brokers.com> On 2013-08-09 8:04 AM, Michael Grimm wrote: > On 2013-08-09 11:44, Felix Rubio Dalmau wrote: > >> Is there any possibility to ask dovecot to write nothing to disk, >> something like a "read only" state, without shutting it down? I have >> set up a ZFS+postfix+dovecot mail server, and I need both postfix >> (postsuper -h ALL) and dovecot (??) to stop modifying the disk to >> create the snapshot to be saved. >> >> Does anybody has any idea on how to achieve this? > > As mentioned before, that's done by ZFS. Just create a snapshot using > your ZFS functionality (zfs snapshot ). And the same goes for LVM snapshots. The only thing you might want/need to worry about is SQL databases... for these I always do periodic dumps (how often dicatated by how long the dumps take vs how often the data changes vs how critical the data is). -- Best regards, */Charles/* From skdovecot at smail.inf.fh-brs.de Fri Aug 9 16:10:08 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 9 Aug 2013 15:10:08 +0200 (CEST) Subject: [Dovecot] works | Re: Getting default uid/gid of users via socket for virtual user support for sendmail In-Reply-To: <3288F414-56C2-4310-8CD7-F0CBC42738A1@iki.fi> References: <3288F414-56C2-4310-8CD7-F0CBC42738A1@iki.fi> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 1 Aug 2013, Timo Sirainen wrote: > You can't get the mail_uid/gid/home, because they really don't belong to auth process.. But what you could do with v2.2 is: > > userdb { > driver = ldap > args = .. > default_fields = uid=1234 gid=1234 home=/home/user/%u > } works like charm, thanks! - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUgTqMF3r2wJMiz2NAQK1PwgAh77/ZC1PTh1qReOQ7yNr0uGswzEmw2aM dNJTdbAXnWvxUPXGl9nmmYs/GahbyyJbD42/MM2Hpl+w95vIgWOhQxkPp2QyzJFt T+MfHvLKcg6vDvmeSBUGTL08m9tGyb4EXMROh1ONLW4bAhPHtN8qJrgR4vKTTOqe Ri75cATI3LbiWPS53ub+9s+DAvCFvoakSdl08BIOJmzzVClEF0iis9AnRpOY9a4p 7y2P6DG0nGY/MvFSXnpu0wP0E3IGqQm9jFD1d7aXgznkPr5lyHFkLXe3xkSmHV0M nGBRf3WV4WPHyWVPsjZNr1h3Xcl+CzXIQImadZt/WZF41UGUz2GJbQ== =suGe -----END PGP SIGNATURE----- From Ralf.Hildebrandt at charite.de Fri Aug 9 16:45:58 2013 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Fri, 9 Aug 2013 15:45:58 +0200 Subject: [Dovecot] Error: Threading lost Message ID? Message-ID: <20130809134558.GW3081@charite.de> QUERY: THREAD REFERENCES ISO-8859-1 ALL RESPONSE: [SERVERBUG] Internal error occurred. Refer to server log for more information. [2013-08-09 15:42:34] Aug 9 15:41:48 postamt dovecot: imap(username) tTbs7oPjfACNKs4m: Error: Threading lost Message ID Aug 9 15:42:34 postamt dovecot: imap(username) tTbs7oPjfACNKs4m: Error: Threading lost Message ID What does that mean? WHY has the Message-Id been lost? How can I find out WHICH MAIL caused this? This is the most recent dovecot 2.2.x -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From Ralf.Hildebrandt at charite.de Fri Aug 9 16:50:07 2013 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Fri, 9 Aug 2013 15:50:07 +0200 Subject: [Dovecot] Error: Threading lost Message ID? In-Reply-To: <20130809134558.GW3081@charite.de> References: <20130809134558.GW3081@charite.de> Message-ID: <20130809135007.GX3081@charite.de> * Ralf Hildebrandt : > QUERY: THREAD REFERENCES ISO-8859-1 ALL > RESPONSE: [SERVERBUG] Internal error occurred. Refer to server log for more information. [2013-08-09 15:42:34] > > Aug 9 15:41:48 postamt dovecot: imap(username) tTbs7oPjfACNKs4m: Error: Threading lost Message ID > Aug 9 15:42:34 postamt dovecot: imap(username) tTbs7oPjfACNKs4m: Error: Threading lost Message ID > > What does that mean? WHY has the Message-Id been lost? How can I find > out WHICH MAIL caused this? > > This is the most recent dovecot 2.2.x 2.2.5, but actually it is yesterdays hg clone. -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From harmonicnm7h at gmail.com Fri Aug 9 17:48:49 2013 From: harmonicnm7h at gmail.com (Sam Flint) Date: Fri, 9 Aug 2013 09:48:49 -0500 Subject: [Dovecot] How to troubleshoot LDA or LMTP? In-Reply-To: References: <87zjsvd5l8.fsf@otago.ac.nz> <87a9ksu18p.fsf@hotdog.falcon> Message-ID: Gnus supports IMAP natively, and even ManageSieve. Use that, don't run a proxy, it's a lot easier. On Thu, Aug 8, 2013 at 4:19 AM, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 8 Aug 2013, John Williams wrote: > >>> in order to not filter the same message twice or re-filter messages, >>> you've moved around manually? >> >> That is not a problem. The filtering process works perfectly when I >> manually invoke dovecot-lda. My problem is that I have followed the >> instructions here: >> >> http://wiki2.dovecot.org/LDA/ >> >> and here: >> >> http://wiki2.dovecot.org/LDA/Sendmail >> >> and here: >> >> http://wiki2.dovecot.org/LMTP >> >> but neither dovecot-lda nor LMTP seem to be triggered whenever I send >> email from my MUA (Gnus). At least, I *think* I have followed the >> instructions correctly. Would you like me to post my dovecot config >> again, and the relevant portion of sendmail.cf? >> >> Thank you very much for your help, I truly appreciate it. > > > As Stan already pointed out: a local delivery takes place only, when the > mail arrives via a MTA. offlineimap synchronizes two IMAP folders, there is > no local delivery at your side at all. Hence, neither LDA nor LMTP is > invoked. > > So I see two ways: > > 1) keep offlineimap to resync your local store back to the server and keep > both in-sync. > > Then you can: > 1a) run offlineimap to get new messages from the upstream server and sync > current local messages. > 1b) remove the new ones from the local store and feed them _manually_ to the > LDA or LMTP. Now the filtering takes place and they are re-added to the mail > storage. > 1c) maybe: re-run the process until no new messages got downloaded, in order > to keep the server in-sync > > 2) no need for server messages in-sync with local message store > > 2a) setup a local MTA that accepts your domain and drops messages via > Dovecot LDA or LMTP. Then get the new messages via fetchmail on a regular > basis and hand the messages over to the local MTA. > > 2b) use fetchmail in combination with Dovecot LDA/LMTP. No local MTA > necessary. > > fetchmail will see only messages in INBOX as far as I know. So no filtering > on the server must take place. > > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUgNiqV3r2wJMiz2NAQISSAgAnSWnyf4kzNrbEd/+UcZGvmeegCWp4QY3 > TWAIh8V8vbo+FyKyYomvRLt1mmq5CKJNwOUdz+A3u5R6XT25JZKxA5yYhUKlLNEU > n05zIsmWvKV6DWahdTv7GL84kmyETqp7zYo5pBWRf9SqwGFH8+KcBGh1U3MTaKhQ > QfzIj3eYk7a1DQld7u3ZaLSiKCBadWCakgNscY2mX+gzoN4EXt+X1zMO52uaZpJ3 > QkJyd2AHrnpYgBbmr2maneYox3+67IyQChnzZ0t2c9uPodT4ukEkZFYjrucEGlfv > JEUaOaVnuzx/Wi7gxSUL/agSiaksLaEkT/KMWS6wQMSI0NxUaGIHjQ== > =f/Uy > -----END PGP SIGNATURE----- -- Sam Flint flintfam.org/~swflint From felixrubiodalmau at gmail.com Fri Aug 9 20:43:41 2013 From: felixrubiodalmau at gmail.com (Felix Rubio Dalmau) Date: Fri, 09 Aug 2013 19:43:41 +0200 Subject: [Dovecot] prevent dovecot from modifying maildirs In-Reply-To: <5204DE6F.7070403@Media-Brokers.com> References: <4966709.Rmq5fRU2dK@jarvis> <49a4513e642f55b9e9d71c7ada9ccaa3@mx1.enfer-du-nord.net> <5204DE6F.7070403@Media-Brokers.com> Message-ID: <3783375.XEcKOZCU1R@jarvis> Actually the problem is that the snapshot is instantaneous, so if some commands are being run at the time of the snapshot I could get a snapshot of a non-consistent FS, right? Then, the single solution goes through just shuting down dovecot (and other services, like apache) the seconds required to perform the snapshot, whilst holding the postfix queues to ensure not loosing any mail. Does anybody have a better approach? Regards! Felix On Friday 09 August 2013 08:19:59 Charles Marcus wrote: > On 2013-08-09 8:04 AM, Michael Grimm wrote: > > On 2013-08-09 11:44, Felix Rubio Dalmau wrote: > > > >> Is there any possibility to ask dovecot to write nothing to disk, > >> something like a "read only" state, without shutting it down? I have > >> set up a ZFS+postfix+dovecot mail server, and I need both postfix > >> (postsuper -h ALL) and dovecot (??) to stop modifying the disk to > >> create the snapshot to be saved. > >> > >> Does anybody has any idea on how to achieve this? > > > > As mentioned before, that's done by ZFS. Just create a snapshot using > > your ZFS functionality (zfs snapshot ). > > And the same goes for LVM snapshots. > > The only thing you might want/need to worry about is SQL databases... > for these I always do periodic dumps (how often dicatated by how long > the dumps take vs how often the data changes vs how critical the data is). > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3458 bytes Desc: not available URL: From CMarcus at Media-Brokers.com Fri Aug 9 20:48:59 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 09 Aug 2013 13:48:59 -0400 Subject: [Dovecot] prevent dovecot from modifying maildirs In-Reply-To: <3783375.XEcKOZCU1R@jarvis> References: <4966709.Rmq5fRU2dK@jarvis> <49a4513e642f55b9e9d71c7ada9ccaa3@mx1.enfer-du-nord.net> <5204DE6F.7070403@Media-Brokers.com> <3783375.XEcKOZCU1R@jarvis> Message-ID: <52052B8B.4060304@Media-Brokers.com> On 2013-08-09 1:43 PM, Felix Rubio Dalmau wrote: > Actually the problem is that the snapshot is instantaneous, so if some commands are being run at the time of the snapshot I could get a snapshot of a non-consistent FS, right? No, that is not right. If it was it would totally defeat the entire purpose of snapshots (which *is* to get a consistent view of the filesystem). > Then, the single solution goes through just shuting down dovecot (and other services, like apache) the seconds required to perform the snapshot, whilst holding the postfix queues to ensure not loosing any mail. > > Does anybody have a better approach? Yes - read up on how snapshots work (in your case ZFS snapshots) and stop wasting brain cycles worrying about a non existent problem. As I said earlier, the only exception to this consistency question is with SQL databases. -- Best regards, */Charles /* From trashcan at odo.in-berlin.de Fri Aug 9 21:39:31 2013 From: trashcan at odo.in-berlin.de (Michael Grimm) Date: Fri, 9 Aug 2013 20:39:31 +0200 Subject: [Dovecot] prevent dovecot from modifying maildirs In-Reply-To: <3783375.XEcKOZCU1R@jarvis> References: <4966709.Rmq5fRU2dK@jarvis> <49a4513e642f55b9e9d71c7ada9ccaa3@mx1.enfer-du-nord.net> <5204DE6F.7070403@Media-Brokers.com> <3783375.XEcKOZCU1R@jarvis> Message-ID: <08F0733B-DCBA-4D5A-9826-E42549C78358@odo.in-berlin.de> On 09.08.2013, at 19:43, Felix Rubio Dalmau wrote: > Actually the problem is that the snapshot is instantaneous, so if some commands are being run at the time of the snapshot I could get a snapshot of a non-consistent FS, right? As mentioned before: Wrong. Have a look at http://en.wikipedia.org/wiki/Zfs#Snapshots_and_clones and http://en.wikipedia.org/wiki/Snapshot_(computer_storage) and alike. Regards, Michael From felixrubiodalmau at gmail.com Fri Aug 9 22:12:01 2013 From: felixrubiodalmau at gmail.com (Felix Rubio Dalmau) Date: Fri, 09 Aug 2013 21:12:01 +0200 Subject: [Dovecot] prevent dovecot from modifying maildirs In-Reply-To: <08F0733B-DCBA-4D5A-9826-E42549C78358@odo.in-berlin.de> References: <4966709.Rmq5fRU2dK@jarvis> <3783375.XEcKOZCU1R@jarvis> <08F0733B-DCBA-4D5A-9826-E42549C78358@odo.in-berlin.de> Message-ID: <1510165.ldLr4nK7pE@jarvis> Michael, Charles, thank you for your comments. I had already seen the wikipedia entries about ZFS, but when I have performed my tests, consisting in: generate a program that writes a 100 MB file to disk and perform the snapshot during the file is being written. Obviously the snapshot shows a view of the file with the information and size it had at the time of the snapshot... so I get a portion of it. In order to save space I prefer no to have such half-files (mails) , and it is for this reason that I am asking if there is any way to prevent this. I'm not an expert in field of file systems, so I can be asking very naive questions... but I appreciate your comments on this topic. Thank you Felix On Friday 09 August 2013 20:39:31 Michael Grimm wrote: > > On 09.08.2013, at 19:43, Felix Rubio Dalmau wrote: > > > Actually the problem is that the snapshot is instantaneous, so if some commands are being run at the time of the snapshot I could get a snapshot of a non-consistent FS, right? > > As mentioned before: Wrong. > Have a look at http://en.wikipedia.org/wiki/Zfs#Snapshots_and_clones and http://en.wikipedia.org/wiki/Snapshot_(computer_storage) and alike. > > Regards, > Michael > From willyramos.m at gmail.com Fri Aug 9 22:10:57 2013 From: willyramos.m at gmail.com (will moura) Date: Fri, 9 Aug 2013 12:10:57 -0700 (PDT) Subject: [Dovecot] execvp /usr/local/libexec/dovecot/dovecot-lda: Permission denied In-Reply-To: References: <1285264216.2898.324.camel@kurkku.sapo.corppt.com> Message-ID: <1376075457493-43797.post@n4.nabble.com> Hi, Can you help me? Because my config in master.cf is: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} But now I have this problem in my postfix, logs: "fatal destination user parameter (-d user) not given" It?s funny because, this problem occur only in my domain, no to external domains. Before I was with this problem with permissions, I solved, but now happen this. Thanks. -- View this message in context: http://dovecot.2317879.n4.nabble.com/execvp-usr-local-libexec-dovecot-dovecot-lda-Permission-denied-tp9592p43797.html Sent from the Dovecot mailing list archive at Nabble.com. From john.williams at otago.ac.nz Sat Aug 10 00:33:31 2013 From: john.williams at otago.ac.nz (John Williams) Date: Sat, 10 Aug 2013 08:33:31 +1100 Subject: [Dovecot] How to troubleshoot LDA or LMTP? References: <87zjsvd5l8.fsf@otago.ac.nz> <87a9ksu18p.fsf@hotdog.falcon> Message-ID: <87fvuir1lg.fsf@hotdog.falcon> Sam Flint writes: > Gnus supports IMAP natively, and even ManageSieve. Use that, don't > run a proxy, it's a lot easier. I know. I'm using dovecot because I'm getting mail from an extremely slow connection, so Gnus blocks the Emacs UI for several seconds, making Emacs unusable. Using a local server eliminates that problem. > On Thu, Aug 8, 2013 at 4:19 AM, Steffen Kaiser > wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Thu, 8 Aug 2013, John Williams wrote: >> >>>> in order to not filter the same message twice or re-filter messages, >>>> you've moved around manually? >>> >>> That is not a problem. The filtering process works perfectly when I >>> manually invoke dovecot-lda. My problem is that I have followed the >>> instructions here: >>> >>> http://wiki2.dovecot.org/LDA/ >>> >>> and here: >>> >>> http://wiki2.dovecot.org/LDA/Sendmail >>> >>> and here: >>> >>> http://wiki2.dovecot.org/LMTP >>> >>> but neither dovecot-lda nor LMTP seem to be triggered whenever I send >>> email from my MUA (Gnus). At least, I *think* I have followed the >>> instructions correctly. Would you like me to post my dovecot config >>> again, and the relevant portion of sendmail.cf? >>> >>> Thank you very much for your help, I truly appreciate it. >> >> >> As Stan already pointed out: a local delivery takes place only, when the >> mail arrives via a MTA. offlineimap synchronizes two IMAP folders, there is >> no local delivery at your side at all. Hence, neither LDA nor LMTP is >> invoked. >> >> So I see two ways: >> >> 1) keep offlineimap to resync your local store back to the server and keep >> both in-sync. >> >> Then you can: >> 1a) run offlineimap to get new messages from the upstream server and sync >> current local messages. >> 1b) remove the new ones from the local store and feed them _manually_ to the >> LDA or LMTP. Now the filtering takes place and they are re-added to the mail >> storage. >> 1c) maybe: re-run the process until no new messages got downloaded, in order >> to keep the server in-sync >> >> 2) no need for server messages in-sync with local message store >> >> 2a) setup a local MTA that accepts your domain and drops messages via >> Dovecot LDA or LMTP. Then get the new messages via fetchmail on a regular >> basis and hand the messages over to the local MTA. >> >> 2b) use fetchmail in combination with Dovecot LDA/LMTP. No local MTA >> necessary. >> >> fetchmail will see only messages in INBOX as far as I know. So no filtering >> on the server must take place. >> >> >> - -- Steffen Kaiser >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.11 (GNU/Linux) >> >> iQEVAwUBUgNiqV3r2wJMiz2NAQISSAgAnSWnyf4kzNrbEd/+UcZGvmeegCWp4QY3 >> TWAIh8V8vbo+FyKyYomvRLt1mmq5CKJNwOUdz+A3u5R6XT25JZKxA5yYhUKlLNEU >> n05zIsmWvKV6DWahdTv7GL84kmyETqp7zYo5pBWRf9SqwGFH8+KcBGh1U3MTaKhQ >> QfzIj3eYk7a1DQld7u3ZaLSiKCBadWCakgNscY2mX+gzoN4EXt+X1zMO52uaZpJ3 >> QkJyd2AHrnpYgBbmr2maneYox3+67IyQChnzZ0t2c9uPodT4ukEkZFYjrucEGlfv >> JEUaOaVnuzx/Wi7gxSUL/agSiaksLaEkT/KMWS6wQMSI0NxUaGIHjQ== >> =f/Uy >> -----END PGP SIGNATURE----- -- Lecturer Department of Marketing University of Otago Dunedin, New Zealand From jtam.home at gmail.com Sat Aug 10 01:51:08 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 9 Aug 2013 15:51:08 -0700 (PDT) Subject: [Dovecot] prevent dovecot from modifying maildirs In-Reply-To: References: Message-ID: > In order to save space I prefer no to have such half-files (mails) , > and it is for this reason that I am asking if there is any way to > prevent this. > > I'm not an expert in field of file systems, so I can be asking very > naive questions... but I appreciate your comments on this topic. Filesystem consistency is different than, for lack of a better term, dovecot consistency. The latter places additional constraints on the content of files, rather than treating them as sequences of disk blocks. I don't think you can ensure the latter without stopping all dovecot processes (and maybe the MTA/LDA as well), which will be much more difficult and disruptive than just taking a snapshot. (I think some snapshot aware application like databases and hypervisors allows the operator to put the application in a state of acquiesence, long enough to take a snapshot, then unblock all processes after the snapshot.) I'd take the suggestion of the previous poster: take snapshots, don't worry, be happy. The small amount of inconsistencies is trivial compared with quickly recovering a mail store after disaster. Joseph Tam From vijayrajah at gmail.com Sat Aug 10 21:53:32 2013 From: vijayrajah at gmail.com (Vijay Rajah) Date: Sun, 11 Aug 2013 00:23:32 +0530 Subject: [Dovecot] Mailbox Format Message-ID: Hello List, I'm in the process of implementing a new mail server environment from scratch. I was wondering, what mailbox format is recommended? I have been using maildir format for my other projects. I would like to use some format that provides Single Instance Storage. I'm using postfix 2.11 and will use lmtp. I will be using dovecot 2.2.5 (Latest) version. I'm not planning on using NFS (if that matters) and will use dsync to backup mails to another server. Thanks in Advance Vijay Rajah From kim+dovecot at alleroedderne.adsl.dk Sat Aug 10 22:08:42 2013 From: kim+dovecot at alleroedderne.adsl.dk (Kim Bisgaard) Date: Sat, 10 Aug 2013 21:08:42 +0200 Subject: [Dovecot] constant Log synchronization error's In-Reply-To: <893ED8EA-983A-46D8-BA6D-431356221ADD@iki.fi> References: <51E27B0D.1050706@alleroedderne.adsl.dk> <893ED8EA-983A-46D8-BA6D-431356221ADD@iki.fi> Message-ID: <52068FBA.4000400@alleroedderne.adsl.dk> On 30-07-2013 12:01, Timo Sirainen wrote: > On 14.7.2013, at 13.18, Kim Bisgaard wrote: > >> 11:45:57 Y dovecot: imap(X): Error: Log synchronization error at seq=6,offset=156 for /var/mail/X/mdbox/mailboxes/Junk/dbox-Mails/dovecot.index: Extension header update points outside header size > .. >> # 2.2.4: /etc/dovecot/dovecot.conf > This is actually a bug that is fixed already in hg.. I really should have released v2.2.5 already. I guess I'll do that this week after reading this mailing list and fixing any other new issues. > Thanks Timo, 2.2.5 did apparently solve the problem - great!! Regards, Kim From tss at iki.fi Sun Aug 11 22:49:43 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 11 Aug 2013 22:49:43 +0300 Subject: [Dovecot] prevent dovecot from modifying maildirs In-Reply-To: <1510165.ldLr4nK7pE@jarvis> References: <4966709.Rmq5fRU2dK@jarvis> <3783375.XEcKOZCU1R@jarvis> <08F0733B-DCBA-4D5A-9826-E42549C78358@odo.in-berlin.de> <1510165.ldLr4nK7pE@jarvis> Message-ID: <1376250583.29299.9.camel@hurina> On Fri, 2013-08-09 at 21:12 +0200, Felix Rubio Dalmau wrote: > Michael, Charles, > > thank you for your comments. I had already seen the wikipedia entries about ZFS, but when I have performed my tests, consisting in: generate a program that writes a 100 MB file to disk and perform the snapshot during the file is being written. Obviously the snapshot shows a view of the file with the information and size it had at the time of the snapshot... so I get a portion of it. > > In order to save space I prefer no to have such half-files (mails) , and it is for this reason that I am asking if there is any way to prevent this. If you don't disable mail_fsync, you won't get partially written mails. And I'm not sure if you get them even if you do disable mail_fsync. The mails are first written to temporary files, fsynced, then renamed to the final name. So you might end up with some temporary files, but they won't be visible and they'll be deleted automatically. The above applies to all mailbox formats except mbox. From tss at iki.fi Sun Aug 11 22:56:39 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 11 Aug 2013 22:56:39 +0300 Subject: [Dovecot] Error: Threading lost Message ID? In-Reply-To: <20130809134558.GW3081@charite.de> References: <20130809134558.GW3081@charite.de> Message-ID: <1376250999.29299.13.camel@hurina> On Fri, 2013-08-09 at 15:45 +0200, Ralf Hildebrandt wrote: > QUERY: THREAD REFERENCES ISO-8859-1 ALL > RESPONSE: [SERVERBUG] Internal error occurred. Refer to server log for more information. [2013-08-09 15:42:34] > > Aug 9 15:41:48 postamt dovecot: imap(username) tTbs7oPjfACNKs4m: Error: Threading lost Message ID > Aug 9 15:42:34 postamt dovecot: imap(username) tTbs7oPjfACNKs4m: Error: Threading lost Message ID > > What does that mean? WHY has the Message-Id been lost? How can I find > out WHICH MAIL caused this? Can you reproduce it? I'm guessing dovecot.index.thread file was corrupted and caused this. It should probably rebuild the thread if this error happens. Or if you can reproduce this without dovecot.index.thread then it's definitely a bug and I'd like to get some headers to reproduce it: doveadm fetch -u user at domain 'hdr.message-id hdr.in-reply-to hdr.references' mailbox INBOX Anyway, improved the error message: http://hg.dovecot.org/dovecot-2.2/rev/5de1e4fdb758 From felixrubiodalmau at gmail.com Sun Aug 11 23:50:22 2013 From: felixrubiodalmau at gmail.com (Felix Rubio Dalmau) Date: Sun, 11 Aug 2013 22:50:22 +0200 Subject: [Dovecot] prevent dovecot from modifying maildirs In-Reply-To: <1376250583.29299.9.camel@hurina> References: <4966709.Rmq5fRU2dK@jarvis> <1510165.ldLr4nK7pE@jarvis> <1376250583.29299.9.camel@hurina> Message-ID: <2756151.lR9AbIkC0z@jarvis> Great! Thank you very much, Timo! Felix On Sunday 11 August 2013 22:49:43 Timo Sirainen wrote: > On Fri, 2013-08-09 at 21:12 +0200, Felix Rubio Dalmau wrote: > > Michael, Charles, > > > > thank you for your comments. I had already seen the wikipedia entries about ZFS, but when I have performed my tests, consisting in: generate a program that writes a 100 MB file to disk and perform the snapshot during the file is being written. Obviously the snapshot shows a view of the file with the information and size it had at the time of the snapshot... so I get a portion of it. > > > > In order to save space I prefer no to have such half-files (mails) , and it is for this reason that I am asking if there is any way to prevent this. > > If you don't disable mail_fsync, you won't get partially written mails. > And I'm not sure if you get them even if you do disable mail_fsync. The > mails are first written to temporary files, fsynced, then renamed to the > final name. So you might end up with some temporary files, but they > won't be visible and they'll be deleted automatically. > > The above applies to all mailbox formats except mbox. > > From janfrode at tanso.net Mon Aug 12 00:30:39 2013 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Sun, 11 Aug 2013 23:30:39 +0200 Subject: [Dovecot] The docs a re a bit weird on "Directory hashing" In-Reply-To: <5204076A.3080201@ngtech.co.il> References: <5202CD63.9020409@ngtech.co.il> <20130808072954.GA24215@mushkin.tanso.net> <5204076A.3080201@ngtech.co.il> Message-ID: <20130811213039.GA6687@mushkin.tanso.net> On Fri, Aug 09, 2013 at 12:02:34AM +0300, Eliezer Croitoru wrote: > > > > I use: > > > > mail_home = /srv/mailstore/%256LRHu/%Ld/%Ln > "R" what for?? > I do understand a Lower case on the names and have seen the effect but > how would R be helpful?? > According to http://wiki2.dovecot.org/Variables "%H hash function is a bit bad if all the strings end with the same text, so if you're hashing usernames being in user at domain form, you probably want to reverse the username to get better hash value variety, e.g. %3RHu. " -jf From Ralf.Hildebrandt at charite.de Mon Aug 12 10:19:24 2013 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Mon, 12 Aug 2013 09:19:24 +0200 Subject: [Dovecot] Error: Threading lost Message ID? In-Reply-To: <1376250999.29299.13.camel@hurina> References: <20130809134558.GW3081@charite.de> <1376250999.29299.13.camel@hurina> Message-ID: <20130812071924.GB8896@charite.de> * Timo Sirainen : > On Fri, 2013-08-09 at 15:45 +0200, Ralf Hildebrandt wrote: > > QUERY: THREAD REFERENCES ISO-8859-1 ALL > > RESPONSE: [SERVERBUG] Internal error occurred. Refer to server log for more information. [2013-08-09 15:42:34] > > > > Aug 9 15:41:48 postamt dovecot: imap(username) tTbs7oPjfACNKs4m: Error: Threading lost Message ID > > Aug 9 15:42:34 postamt dovecot: imap(username) tTbs7oPjfACNKs4m: Error: Threading lost Message ID > > > > What does that mean? WHY has the Message-Id been lost? How can I find > > out WHICH MAIL caused this? > > Can you reproduce it? Yes. It always happens when accessing the user's mailbox and enabling THREADING in Squirrelmail. > I'm guessing dovecot.index.thread file was corrupted and caused this. > It should probably rebuild the thread if this error happens. > > Or if you can reproduce this without dovecot.index.thread then it's > definitely a bug and I'd like to get some headers to reproduce it: > > doveadm fetch -u user at domain 'hdr.message-id hdr.in-reply-to hdr.references' mailbox INBOX > > Anyway, improved the error message: http://hg.dovecot.org/dovecot-2.2/rev/5de1e4fdb758 I'll try removin the dovecot.index.thread for starters -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From Ralf.Hildebrandt at charite.de Mon Aug 12 10:24:24 2013 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Mon, 12 Aug 2013 09:24:24 +0200 Subject: [Dovecot] Error: Threading lost Message ID? In-Reply-To: <20130812071924.GB8896@charite.de> References: <20130809134558.GW3081@charite.de> <1376250999.29299.13.camel@hurina> <20130812071924.GB8896@charite.de> Message-ID: <20130812072424.GD8896@charite.de> * Ralf Hildebrandt : > * Timo Sirainen : > > On Fri, 2013-08-09 at 15:45 +0200, Ralf Hildebrandt wrote: > > > QUERY: THREAD REFERENCES ISO-8859-1 ALL > > > RESPONSE: [SERVERBUG] Internal error occurred. Refer to server log for more information. [2013-08-09 15:42:34] > > > > > > Aug 9 15:41:48 postamt dovecot: imap(username) tTbs7oPjfACNKs4m: Error: Threading lost Message ID > > > Aug 9 15:42:34 postamt dovecot: imap(username) tTbs7oPjfACNKs4m: Error: Threading lost Message ID > > > > > > What does that mean? WHY has the Message-Id been lost? How can I find > > > out WHICH MAIL caused this? > > > > Can you reproduce it? > > Yes. It always happens when accessing the user's mailbox and enabling > THREADING in Squirrelmail. But NOW the user cleaned out his mailbox, so I *can't* reproduce. Greeeeat. -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From tss at iki.fi Mon Aug 12 17:24:57 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 12 Aug 2013 17:24:57 +0300 Subject: [Dovecot] Error: Threading lost Message ID? In-Reply-To: <1376250999.29299.13.camel@hurina> References: <20130809134558.GW3081@charite.de> <1376250999.29299.13.camel@hurina> Message-ID: <5ACD2ECC-FAB0-4F87-80BA-16F7EDC85603@iki.fi> On 11.8.2013, at 22.56, Timo Sirainen wrote: > On Fri, 2013-08-09 at 15:45 +0200, Ralf Hildebrandt wrote: >> QUERY: THREAD REFERENCES ISO-8859-1 ALL >> RESPONSE: [SERVERBUG] Internal error occurred. Refer to server log for more information. [2013-08-09 15:42:34] >> >> Aug 9 15:41:48 postamt dovecot: imap(username) tTbs7oPjfACNKs4m: Error: Threading lost Message ID >> Aug 9 15:42:34 postamt dovecot: imap(username) tTbs7oPjfACNKs4m: Error: Threading lost Message ID > > Can you reproduce it? I'm guessing dovecot.index.thread file was > corrupted and caused this. It should probably rebuild the thread if this > error happens. Now it rebuilds the thread index: http://hg.dovecot.org/dovecot-2.2/rev/e6c2a1344f86 From tss at iki.fi Mon Aug 12 17:27:49 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 12 Aug 2013 17:27:49 +0300 Subject: [Dovecot] Please HELP: how to delete all messages older than X days In-Reply-To: <52036C57.3090608@mobexpert.ro> References: <52036C57.3090608@mobexpert.ro> Message-ID: <8EE494F7-7027-4BDA-9D8B-9CE58CF06C45@iki.fi> On 8.8.2013, at 13.00, R?zvan Sandu wrote: > Pe 7 Aug 2013 11:35, Timo Sirainen a scris: > >>> Thank you, but doveadm expunge will ask for the mailbox name: >>> >>> [root at mail1 ~]# doveadm expunge -u john.doe at example.com ON >>> 2013-08-07 doveadm(root): Fatal: expunge: To avoid accidents, >>> search query must contain MAILBOX in all search branches >> >> Add: mailbox '*' > > Thank you, it works! > > May I use the same wildcard syntax ('*') when configuring the expire > plugin? Something like: > > mail_plugins = $mail_plugins expire > > plugin { > expire = * > } It should work, but I'm not sure if it's actually all that helpful. Might be more work to keep updating the expire database than to simply go through all users. From tss at iki.fi Mon Aug 12 17:35:17 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 12 Aug 2013 17:35:17 +0300 Subject: [Dovecot] Errors in SASL authentication ("attempted master login") In-Reply-To: References: Message-ID: On 8.8.2013, at 12.58, Grzegorz Staniak wrote: > I'm using dovecot 2.2.4 (with Postfix 2.8.4) as both the SASL > authentication backend and the delivery agent, and I keep getting > lines like the following in the dovecot.log from the authentication > subsystem: > > auth: passdb(toshiba1 at domain,8.8.8.8,master): Attempted master login > with no master passdbs (trying to log in as user: plain) > > The connections come from an old (embedded) mail client in a > printer-fax machine. I googled for this specific error, but I only > found info about old clients using "user\0user\0pass" string > incorrectly during authentication, which caused a problem for earlier, > development versions of dovecot. Actually, I recently migrated from > 1.2 to 2.2.4 exactly to alleviate this situation, but the errors > persist. Is there a way to remove the problem or work around it? So in general authentication works, but not from this client? Sounds like the client is using a broken SASL authentication. Nothing you can really do about it. Note that the above Dovecot message is an "info" message, not an error message. From tss at iki.fi Mon Aug 12 17:41:09 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 12 Aug 2013 17:41:09 +0300 Subject: [Dovecot] multiple passdbs and auth sockets In-Reply-To: <20130808155346.GA19214@bongo.bofh.it> References: <20130808155346.GA19214@bongo.bofh.it> Message-ID: <1989DEAC-3004-4C68-8C8A-4FBFB16E41A7@iki.fi> On 8.8.2013, at 18.53, Marco d'Itri wrote: > I have a few systems which run dovecot 1.x as the authentication backend > for Postfix, with multiple auth { } sections like this one, each one > with a different passdb and its own socket: > > auth ldap-10 { > passdb ldap { > args = /etc/dovecot/dovecot-ldap-10.conf > } > socket listen { > client { > path = /var/spool/postfix/private/auth-10 > mode = 0666 > } > } > } > > I need multiple sockets tied to multiple dbs because there are duplicated > accounts, but after switching to dovecot 2.1.7 apparently *all* passdbs > are checked and dovecot reports this message: > > Warning: Obsolete setting in /etc/dovecot/conf.d/auth-local.conf.ext:91: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely > > doveconf shows that all my custom sockets are now part of a single > "service auth { }" section, while all the passdbs appear at the top > level. > > How can I update my configuration for dovecot 2.x? I didn't think there was any point in having multiple auth {} sections the way they worked in v1.x, but looks like you've managed to find one way to use them. I'm not sure if it's possible to convert them to v2.x configuration currently. You could try this though: service auth-10 { executable = auth -c /etc/dovecot-auth-10.conf unix_listener /var/spool/postfix/private/auth-10 { mode = 0666 } process_limit = 1 } So the master process would be starting multiple auth processes, each reading their own (passdb) configuration from a different config file. From tss at iki.fi Mon Aug 12 17:43:26 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 12 Aug 2013 17:43:26 +0300 Subject: [Dovecot] GUID Mismatch Issue In-Reply-To: References: Message-ID: On 9.8.2013, at 0.36, Jeff Geiger wrote: > Dovecot 2.1.7 > > While migrating mail from one server (Maildir) to another (mdbox), a config > issue caused my dsync to fail on a few accounts. Those accounts received > mail on the new server over night and it autocreated new inboxes with new > GUIDs. Now dsync wants nothing to do with mirroring between the two (diff > GUIDs). Is there a way to fix this? v2.2 dsync handles the GUID mismatches by merging them automatically. With v2.1 you can change the GUID (first line's G123456) from Maildir/dovecot-uidlist file to the same as what exists in mdbox. From r at sys4.de Mon Aug 12 17:47:30 2013 From: r at sys4.de (Ralf Hildebrandt) Date: Mon, 12 Aug 2013 16:47:30 +0200 Subject: [Dovecot] Error: Threading lost Message ID? In-Reply-To: <5ACD2ECC-FAB0-4F87-80BA-16F7EDC85603@iki.fi> References: <20130809134558.GW3081@charite.de> <1376250999.29299.13.camel@hurina> <5ACD2ECC-FAB0-4F87-80BA-16F7EDC85603@iki.fi> Message-ID: <20130812144730.GB17456@sys4.de> * Timo Sirainen : > On 11.8.2013, at 22.56, Timo Sirainen wrote: > > > On Fri, 2013-08-09 at 15:45 +0200, Ralf Hildebrandt wrote: > >> QUERY: THREAD REFERENCES ISO-8859-1 ALL > >> RESPONSE: [SERVERBUG] Internal error occurred. Refer to server log for more information. [2013-08-09 15:42:34] > >> > >> Aug 9 15:41:48 postamt dovecot: imap(username) tTbs7oPjfACNKs4m: Error: Threading lost Message ID > >> Aug 9 15:42:34 postamt dovecot: imap(username) tTbs7oPjfACNKs4m: Error: Threading lost Message ID > > > > Can you reproduce it? I'm guessing dovecot.index.thread file was > > corrupted and caused this. It should probably rebuild the thread if this > > error happens. > > Now it rebuilds the thread index: http://hg.dovecot.org/dovecot-2.2/rev/e6c2a1344f86 I checked out today and rebuilt. Let's see what happens. -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From tss at iki.fi Mon Aug 12 18:12:28 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 12 Aug 2013 18:12:28 +0300 Subject: [Dovecot] Unlock non existent locks In-Reply-To: <20130806164436.GA22228@parmesan.sis.pasteur.fr> References: <20130802123054.GA7196@parmesan.sis.pasteur.fr> <1375447127.31867.25.camel@innu.dovecot.net> <20130805163416.GA4000@parmesan.sis.pasteur.fr> <20130806164436.GA22228@parmesan.sis.pasteur.fr> Message-ID: <67E3CD3E-72FD-4081-AFA6-8B05806286C1@iki.fi> On 6.8.2013, at 19.44, Thomas Hummel wrote: > On Mon, Aug 05, 2013 at 07:38:59PM +0300, Timo Sirainen wrote: > >> The NFS workarounds code is doing some ugly stuff. I thought it would have, but looking at the code it doesn't seem so. But still easier to debug if you first see if the problem is with the NFS workarounds or the lib-index code. With lib-index you could also use lock_method=dotlock to see if that works better (although performance will be slightly worse also then). > > I just tested mail_nfs_storage and mail_nfs_index both set to no : log messages > are still here. They only stop when I stop dovecot. What about with lock_method=dotlock? After that there should be no NFS locking in Dovecot at all. Anyway, I don't think Dovecot is trying to unlock already unlocked files. The locking APIs that Dovecot uses makes that rather difficult to do. From asai at globalchangemusic.org Mon Aug 12 18:16:48 2013 From: asai at globalchangemusic.org (Asai) Date: Mon, 12 Aug 2013 08:16:48 -0700 Subject: [Dovecot] Sieve-storage: couldn't find storage root directory Message-ID: <5208FC60.2060703@globalchangemusic.org> Greetings, Using Dovecot 2.2.4. In my DSync logs, I'm getting the error message: Error: sieve-storage: couldn't find storage root directory; sieve_dir was left unconfigured and autodetection failed However, I have the following configuration set: plugin { sieve = /vmail/%d/%n/sievescript sieve_dir = /vmail/%d/%n/ } Please, if you have a moment, tell me what I'm doing wrong here. Thank you. -- --Asai From tss at iki.fi Mon Aug 12 18:28:30 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 12 Aug 2013 18:28:30 +0300 Subject: [Dovecot] INBOX protected foldername? In-Reply-To: References: Message-ID: <8546B309-AD20-4DD0-BCFE-8C91DA245240@iki.fi> On 6.8.2013, at 10.52, Hajo Locke wrote: > Its not about the INBOX itself in /var/mail, there are some clients like groupoffice which do their own foldermanagment and create a Folder INBOX on top-level in mailspace > > Hiding user created folders with Name INBOX seems to be based on standard namespace config in 2.1.x > In dovecot 2.1.7 we have in global: > > mail_location = mbox:~/mail:INBOX=/var/mail/%u > namespace inbox { > inbox = yes > } > > This seems to be the default and leads to the problem that Folders with Name INBOX are hidden. Are you talking about INBOX's children not being visible? That could be a bug in v2.1.7. INBOX itself always exists in top level. From hajo.locke at gmx.de Mon Aug 12 20:33:41 2013 From: hajo.locke at gmx.de (Hajo Locke) Date: Mon, 12 Aug 2013 19:33:41 +0200 Subject: [Dovecot] INBOX protected foldername? References: <8546B309-AD20-4DD0-BCFE-8C91DA245240@iki.fi> Message-ID: <1AD0A63288F34D69A7A6668CB1AD1B6A@hansadd566750e> Hello, >> Are you talking about INBOX's children not being visible? That could be a >> bug in v2.1.7. INBOX itself always exists in top level. yes, exactly.subfolders of INBOX are hidden. I was confused at the first time because clients created own INBOX folders with subfolders and i misunderstood the situation. I could only make them visible with the 2 namespace solution from here: http://wiki2.dovecot.org/Namespaces (Mixed mbox and Maildir) This looks weird because its 2 times almost the same (mbox), but works. Should i keep this configuration or wait for a fix? Thanks, Hajo From tss at iki.fi Mon Aug 12 20:36:42 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 12 Aug 2013 20:36:42 +0300 Subject: [Dovecot] INBOX protected foldername? In-Reply-To: <1AD0A63288F34D69A7A6668CB1AD1B6A@hansadd566750e> References: <8546B309-AD20-4DD0-BCFE-8C91DA245240@iki.fi> <1AD0A63288F34D69A7A6668CB1AD1B6A@hansadd566750e> Message-ID: <0C2A766A-C116-4645-BCE9-9B223C4A24DF@iki.fi> On 12.8.2013, at 20.33, Hajo Locke wrote: > Hello, > >>> Are you talking about INBOX's children not being visible? That could be a bug in v2.1.7. INBOX itself always exists in top level. > yes, exactly.subfolders of INBOX are hidden. I was confused at the first time because clients created own INBOX folders with subfolders and i misunderstood the situation. > I could only make them visible with the 2 namespace solution from here: http://wiki2.dovecot.org/Namespaces (Mixed mbox and Maildir) > This looks weird because its 2 times almost the same (mbox), but works. > Should i keep this configuration or wait for a fix? It's most likely fixed in a newer v2.1, which I think is available in Debian backports. From mrvjtod at gmail.com Mon Aug 12 20:37:28 2013 From: mrvjtod at gmail.com (Chris Young) Date: Mon, 12 Aug 2013 13:37:28 -0400 Subject: [Dovecot] Please HELP: how to delete all messages older than X days In-Reply-To: <8EE494F7-7027-4BDA-9D8B-9CE58CF06C45@iki.fi> References: <52036C57.3090608@mobexpert.ro> <8EE494F7-7027-4BDA-9D8B-9CE58CF06C45@iki.fi> Message-ID: I've got a nightly cron job that runs a bash script to delete old messages from specific folders doveadm expunge -A mailbox complete savedbefore 7d doveadm expunge -A mailbox failed savedbefore 7d doveadm expunge -A mailbox % savedbefore 60d this deletes anything, in any mailbox, older than 60 days and this deletes anything from /complete or /failed that is more than 7 days old. I don't have people useing these mailboxes, they are all attached to automation agents that don't do a good job of cleaning up after themselves. On Mon, Aug 12, 2013 at 10:27 AM, Timo Sirainen wrote: > On 8.8.2013, at 13.00, R?zvan Sandu wrote: > > > Pe 7 Aug 2013 11:35, Timo Sirainen a scris: > > > >>> Thank you, but doveadm expunge will ask for the mailbox name: > >>> > >>> [root at mail1 ~]# doveadm expunge -u john.doe at example.com ON > >>> 2013-08-07 doveadm(root): Fatal: expunge: To avoid accidents, > >>> search query must contain MAILBOX in all search branches > >> > >> Add: mailbox '*' > > > > Thank you, it works! > > > > May I use the same wildcard syntax ('*') when configuring the expire > > plugin? Something like: > > > > mail_plugins = $mail_plugins expire > > > > plugin { > > expire = * > > } > > It should work, but I'm not sure if it's actually all that helpful. Might > be more work to keep updating the expire database than to simply go through > all users. > > From ebroch at whitehorsetc.com Mon Aug 12 21:12:06 2013 From: ebroch at whitehorsetc.com (Eric Broch) Date: Mon, 12 Aug 2013 12:12:06 -0600 Subject: [Dovecot] Disconnected (no auth attempts) Message-ID: <52092576.5060209@whitehorsetc.com> Hello list, I have a user who is not able to 'get' email using the 'Get Mail' option in his Thunderbird Client. The error on the server is the following: [Dovecot] dovecot: imap-login: Disconnected (no auth attempts) : rip 192.168.7.7, lip 192.168.7.12, TLS This user is able to receive mail on his phone, however. What does this error mean? Eric From d.parthey at metaways.de Mon Aug 12 21:16:52 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Mon, 12 Aug 2013 20:16:52 +0200 Subject: [Dovecot] Sieve-storage: couldn't find storage root directory In-Reply-To: <5208FC60.2060703@globalchangemusic.org> References: <5208FC60.2060703@globalchangemusic.org> Message-ID: <06a5bd15-5faa-42a1-955d-14d6a1d97af4@email.android.com> Please provide output of doveconf -n Regards Daniel From asai at globalchangemusic.org Mon Aug 12 21:20:02 2013 From: asai at globalchangemusic.org (Asai) Date: Mon, 12 Aug 2013 11:20:02 -0700 Subject: [Dovecot] Sieve-storage: couldn't find storage root directory In-Reply-To: <06a5bd15-5faa-42a1-955d-14d6a1d97af4@email.android.com> References: <5208FC60.2060703@globalchangemusic.org> <06a5bd15-5faa-42a1-955d-14d6a1d97af4@email.android.com> Message-ID: <52092752.1020807@globalchangemusic.org> # 2.2.4: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-194.32.1.el5xen x86_64 CentOS release 5.5 (Final) ext3 auth_mechanisms = plain login mail_home = /vmail/%d/%n/home mail_location = maildir:/vmail/%d/%n mail_plugins = " notify" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } plugin { sieve = /vmail/%d/%n/sievescript sieve_dir = /vmail/%d/%n/ } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } unix_listener auth-userdb { mode = 0660 user = vmail } user = root } service imap-login { process_min_avail = 3 service_count = 0 vsz_limit = 0 } ssl_cert = Please provide output of > doveconf -n > > Regards > Daniel From noeldude at gmail.com Mon Aug 12 21:33:21 2013 From: noeldude at gmail.com (Noel) Date: Mon, 12 Aug 2013 13:33:21 -0500 Subject: [Dovecot] Disconnected (no auth attempts) In-Reply-To: <52092576.5060209@whitehorsetc.com> References: <52092576.5060209@whitehorsetc.com> Message-ID: <52092A71.40900@gmail.com> On 8/12/2013 1:12 PM, Eric Broch wrote: > Hello list, > > I have a user who is not able to 'get' email using the 'Get Mail' option > in his Thunderbird Client. > > The error on the server is the following: > > [Dovecot] dovecot: imap-login: Disconnected (no auth attempts) : rip > 192.168.7.7, lip 192.168.7.12, TLS > > This user is able to receive mail on his phone, however. > > What does this error mean? The message means the client (thunderbird) disconnected without attempting to authenticate. The likely cause is incorrect settings in thunderbird, possibly the server->authentication method setting. -- Noel Jones From tss at iki.fi Mon Aug 12 21:56:51 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 12 Aug 2013 21:56:51 +0300 Subject: [Dovecot] Sieve-storage: couldn't find storage root directory In-Reply-To: <5208FC60.2060703@globalchangemusic.org> References: <5208FC60.2060703@globalchangemusic.org> Message-ID: <6BEFC092-89E7-475A-AD27-82864C99F6A3@iki.fi> On 12.8.2013, at 18.16, Asai wrote: > Using Dovecot 2.2.4. In my DSync logs, I'm getting the error message: > > Error: sieve-storage: couldn't find storage root directory; sieve_dir was left unconfigured and autodetection failed What/how/where are you dsyncing? > However, I have the following configuration set: > > plugin { > sieve = /vmail/%d/%n/sievescript > sieve_dir = /vmail/%d/%n/ > } Maybe the other side of dsync doesn't have it? From asai at globalchangemusic.org Mon Aug 12 22:01:55 2013 From: asai at globalchangemusic.org (Asai) Date: Mon, 12 Aug 2013 12:01:55 -0700 Subject: [Dovecot] Sieve-storage: couldn't find storage root directory In-Reply-To: <6BEFC092-89E7-475A-AD27-82864C99F6A3@iki.fi> References: <5208FC60.2060703@globalchangemusic.org> <6BEFC092-89E7-475A-AD27-82864C99F6A3@iki.fi> Message-ID: <52093123.20109@globalchangemusic.org> >> Using Dovecot 2.2.4. In my DSync logs, I'm getting the error message: >> >> Error: sieve-storage: couldn't find storage root directory; sieve_dir was left unconfigured and autodetection failed > What/how/where are you dsyncing? > >> However, I have the following configuration set: >> >> plugin { >> sieve = /vmail/%d/%n/sievescript >> sieve_dir = /vmail/%d/%n/ >> } > Maybe the other side of dsync doesn't have it? > I am doing daily, weekly, and monthly backups of all maildirs to a backup server using this command: dsync -u user at domain.tld backup maildir:/mnt/backups/// From dave at 661.org Mon Aug 12 22:11:04 2013 From: dave at 661.org (dave at 661.org) Date: Mon, 12 Aug 2013 19:11:04 +0000 (UTC) Subject: [Dovecot] Can't take user info from an alternate file Message-ID: I'm positive I did everything right to get Dovecot to take usernames and passwords from /etc/dovecot/users, but it still goes for /etc/passwd and /etc/shadow. The format of /etc/dovecot/users is "alice:{PLAIN}plaintextpassword" Here's my "doveconf -n": # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-51-virtual x86_64 Ubuntu 12.04.2 LTS auth_debug = yes auth_verbose = yes auth_verbose_passwords = plain hostname = papasmurf.foobar.com listen = * mbox_write_locks = fcntl passdb { args = scheme=PLAIN-MD5 username_format=%n /etc/dovecot/users driver = passwd-file } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0664 user = postfix } } ssl_cert = References: Message-ID: <09448D8A-57D2-4A02-BC1B-FB34A4E9F960@iki.fi> On 12.8.2013, at 22.11, dave at 661.org wrote: > I'm positive I did everything right to get Dovecot to take usernames and passwords from /etc/dovecot/users, but it still goes for /etc/passwd and /etc/shadow. The format of /etc/dovecot/users is "alice:{PLAIN}plaintextpassword" Here's my "doveconf -n": What does Dovecot log when you're logging in? From dave at 661.org Mon Aug 12 23:29:14 2013 From: dave at 661.org (dave at 661.org) Date: Mon, 12 Aug 2013 20:29:14 +0000 (UTC) Subject: [Dovecot] Can't take user info from an alternate file In-Reply-To: <09448D8A-57D2-4A02-BC1B-FB34A4E9F960@iki.fi> References: <09448D8A-57D2-4A02-BC1B-FB34A4E9F960@iki.fi> Message-ID: On Mon, 12 Aug 2013, Timo Sirainen wrote: > On 12.8.2013, at 22.11, dave at 661.org wrote: > >> I'm positive I did everything right to get Dovecot to take usernames and passwords from /etc/dovecot/users, but it still goes for /etc/passwd and /etc/shadow. The format of /etc/dovecot/users is "alice:{PLAIN}plaintextpassword" Here's my "doveconf -n": > > What does Dovecot log when you're logging in? 2013-08-12T20:26:44.914861+00:00 papasmurf postfix/smtpd[14219]: connect from ip6-localhost[::1] Aug 12 20:26:44 papasmurf postfix/smtpd[14219]: connect from ip6-localhost[::1] 2013-08-12T20:27:01.880523+00:00 papasmurf postfix/smtpd[14219]: warning: SASL authentication failure: Password verification failed 2013-08-12T20:27:01.880538+00:00 papasmurf postfix/smtpd[14219]: warning: ip6-localhost[::1]: SASL PLAIN authentication failed: authentication failure Aug 12 20:27:01 papasmurf postfix/smtpd[14219]: warning: SASL authentication failure: Password verification failed Aug 12 20:27:01 papasmurf postfix/smtpd[14219]: warning: ip6-localhost[::1]: SASL PLAIN authentication failed: authentication failure Commands used were "EHLO localhost" and "AUTH PLAIN -- David Griffith dave at 661.org From tss at iki.fi Mon Aug 12 23:35:43 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 12 Aug 2013 23:35:43 +0300 Subject: [Dovecot] Can't take user info from an alternate file In-Reply-To: References: <09448D8A-57D2-4A02-BC1B-FB34A4E9F960@iki.fi> Message-ID: On 12.8.2013, at 23.29, dave at 661.org wrote: >> What does Dovecot log when you're logging in? > > 2013-08-12T20:26:44.914861+00:00 papasmurf postfix/smtpd[14219]: connect from ip6-localhost[::1] > Aug 12 20:26:44 papasmurf postfix/smtpd[14219]: connect from ip6-localhost[::1] > 2013-08-12T20:27:01.880523+00:00 papasmurf postfix/smtpd[14219]: warning: SASL authentication failure: Password verification failed > 2013-08-12T20:27:01.880538+00:00 papasmurf postfix/smtpd[14219]: warning: ip6-localhost[::1]: SASL PLAIN authentication failed: authentication failure > Aug 12 20:27:01 papasmurf postfix/smtpd[14219]: warning: SASL authentication failure: Password verification failed > Aug 12 20:27:01 papasmurf postfix/smtpd[14219]: warning: ip6-localhost[::1]: SASL PLAIN authentication failed: authentication failure That's Postfix log, not Dovecot log. From aldo at placenet.org Mon Aug 12 23:50:15 2013 From: aldo at placenet.org (Aldo Reset) Date: Mon, 12 Aug 2013 22:50:15 +0200 Subject: [Dovecot] fail2ban Message-ID: <52094A87.30502@placenet.org> hi dovecot filter for fail2ban do not match: dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=67 dovecot filter: failregex = (?: pop3-login|imap-login): (?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P\S*),.* bst regards. From dave at 661.org Tue Aug 13 00:03:04 2013 From: dave at 661.org (dave at 661.org) Date: Mon, 12 Aug 2013 21:03:04 +0000 (UTC) Subject: [Dovecot] Can't take user info from an alternate file In-Reply-To: References: <09448D8A-57D2-4A02-BC1B-FB34A4E9F960@iki.fi> Message-ID: On Mon, 12 Aug 2013, Timo Sirainen wrote: > On 12.8.2013, at 23.29, dave at 661.org wrote: > >>> What does Dovecot log when you're logging in? [snip] > That's Postfix log, not Dovecot log. Dovecot doesn't emit any logs when I go in through port 25. I added a line "protocols = imap pop3 lmtp" and installed the relevant packages. I then went in through imap like this: $ telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a login "joe" "blah" * BYE Internal error occurred. Refer to server log for more information. Connection closed by foreign host. ...and got this in my logs: Aug 12 20:59:57 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Aug 12 20:59:57 auth: Error: passwd-file /etc/dovecot/users: User joe is missing userdb info Aug 12 20:59:57 auth: Debug: passwd-file /etc/dovecot/users: Read 1 users Aug 12 20:59:57 auth: Debug: auth client connected (pid=15035) Aug 12 21:00:24 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=::1 rip=::1 lport=143 rport=57586 resp=AGpvZQBmb29iYXI= Aug 12 21:00:24 auth: Debug: passwd-file(joe,::1): lookup: user=joe file=/etc/dovecot/users Aug 12 21:00:24 auth: Debug: client out: OK 1 user=joe Aug 12 21:00:24 auth: Debug: master in: REQUEST 1600520193 15035 1 444418a798323b1eb1dc21c4154719e0 Aug 12 21:00:24 auth: Debug: passwd-file(joe,::1): lookup: user=joe file=/etc/dovecot/users Aug 12 21:00:24 auth: Debug: master out: USER 1600520193 joe Aug 12 21:00:24 imap-login: Info: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=15048, secured Aug 12 21:00:24 imap(joe): Error: user joe: Couldn't drop privileges: User is missing UID (see mail_uid setting) Aug 12 21:00:24 imap(joe): Error: Internal error occurred. Refer to server log for more information. /etc/dovecot/users is mode 0644 (for now) -- David Griffith dave at 661.org From papier at sdv.fr Tue Aug 13 00:38:17 2013 From: papier at sdv.fr (Laurent Papier) Date: Mon, 12 Aug 2013 23:38:17 +0200 Subject: [Dovecot] fail2ban In-Reply-To: <52094A87.30502@placenet.org> References: <52094A87.30502@placenet.org> Message-ID: <20130812233817.11f6b06c@kalis.tuxfan.net> On Mon, 12 Aug 2013 22:50:15 +0200 Aldo Reset wrote: > hi > > dovecot filter for fail2ban do not match: > > dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=67 > > dovecot filter: > failregex = (?: pop3-login|imap-login): (?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P\S*),.* > > > bst regards. > > Hi, it would be better to send this kind of report to fail2ban mailing list. This regex should catch your log: failregex = .*(?:pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(tried to use disallowed plaintext auth).*\s+rip=(?P\S*),.* pam.*dovecot.*(?:authentication failure).*\s+rhost=(?:\s+user=.*)?\s*$ Regards -- Laurent Papier From tss at iki.fi Tue Aug 13 01:14:43 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 13 Aug 2013 01:14:43 +0300 Subject: [Dovecot] Can't take user info from an alternate file In-Reply-To: References: <09448D8A-57D2-4A02-BC1B-FB34A4E9F960@iki.fi> Message-ID: <026DBD80-DF0F-4BB4-970B-6791D35BEA05@iki.fi> On 13.8.2013, at 0.03, dave at 661.org wrote: > On Mon, 12 Aug 2013, Timo Sirainen wrote: > >> On 12.8.2013, at 23.29, dave at 661.org wrote: >> >>>> What does Dovecot log when you're logging in? > [snip] >> That's Postfix log, not Dovecot log. > > Dovecot doesn't emit any logs when I go in through port 25. Then I don't think Postfix is using Dovecot for authentication at all. With auth_debug=yes Dovecot will log debug messages about the authentication. From hajo.locke at gmx.de Tue Aug 13 10:05:01 2013 From: hajo.locke at gmx.de (Hajo Locke) Date: Tue, 13 Aug 2013 09:05:01 +0200 Subject: [Dovecot] INBOX protected foldername? References: <8546B309-AD20-4DD0-BCFE-8C91DA245240@iki.fi><1AD0A63288F34D69A7A6668CB1AD1B6A@hansadd566750e> <0C2A766A-C116-4645-BCE9-9B223C4A24DF@iki.fi> Message-ID: Hello, >>>> Are you talking about INBOX's children not being isible? That could be >>>> a bug in v2.1.7. INBOX itself always exists in top level. >> yes, exactly.subfolders of INBOX are hidden. I was confused at the first >> time because clients created own INBOX folders with subfolders and i >> misunderstood the situation. >> I could only make them visible with the 2 namespace solution from here: >> http://wiki2.dovecot.org/Namespaces (Mixed mbox and Maildir) >> This looks weird because its 2 times almost the same (mbox), but works. >> Should i keep this configuration or wait for a fix? >It's most likely fixed in a newer v2.1, which I think is available in >Debian backports. In official repos currently i found nothing newer then 2.1.7. This version is widely used in ubuntu versions. There are some repos outside of ubuntu with newer versions but i try to avoid this. Including untrusted code from unknown repos can lead to later surprises... Currently i spent a lot of time with 2.1.7. We included your userdb-import patches (you remember) and created some own patches to make xlist and special-use work at the same time by individual usersettings. I built individual packages for our 3 systemtypes and had updated already some thousand machines as we noticed this problem and did a rollback Is this fix a particular sequence in later code? so i could make an additional patch. Otherwise i tend to keep this config, even if it looks unusual. Do you see a problem when using something like this: namespace inbox { prefix = "#mbox/" location = mbox:~/mail:INBOX=/var/mail/%u inbox = yes hidden = yes list = no } namespace mboxes { location = mbox:~/mail:INBOX=/var/mail/%u } If you approve this config and it will not lead to other problems i would keep it. else i have to start at the beginning again... Thanks, Hajo From aldo at placenet.org Tue Aug 13 10:26:09 2013 From: aldo at placenet.org (Aldo Reset) Date: Tue, 13 Aug 2013 09:26:09 +0200 Subject: [Dovecot] fail2ban In-Reply-To: <20130812233817.11f6b06c@kalis.tuxfan.net> References: <52094A87.30502@placenet.org> <20130812233817.11f6b06c@kalis.tuxfan.net> Message-ID: <5209DF91.4050704@placenet.org> hi this filter is from dovecot wiki. bst regards. Le 12/08/2013 23:38, Laurent Papier a ?crit : > On Mon, 12 Aug 2013 22:50:15 +0200 > Aldo Reset wrote: > >> hi >> >> dovecot filter for fail2ban do not match: >> >> dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=67 >> >> dovecot filter: >> failregex = (?: pop3-login|imap-login): (?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P\S*),.* >> >> >> bst regards. >> >> > Hi, > it would be better to send this kind of report to fail2ban mailing list. > > This regex should catch your log: > failregex = .*(?:pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(tried to use disallowed plaintext auth).*\s+rip=(?P\S*),.* > pam.*dovecot.*(?:authentication failure).*\s+rhost=(?:\s+user=.*)?\s*$ > > Regards From d.parthey at metaways.de Tue Aug 13 10:34:27 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Tue, 13 Aug 2013 09:34:27 +0200 Subject: [Dovecot] INBOX protected foldername? In-Reply-To: References: <8546B309-AD20-4DD0-BCFE-8C91DA245240@iki.fi><1AD0A63288F34D69A7A6668CB1AD1B6A@hansadd566750e> <0C2A766A-C116-4645-BCE9-9B223C4A24DF@iki.fi> Message-ID: Since 2.1.17 fixes a lot of bugs of 2.1.7, I would propose you to open a bug report on the dovecot package in bugs.debian.org and list some of the bugs which have been fixed in the meantime. The easiest way to do so is to use the "reportbug" tool in Debian. At least then there is some hope to get a known-to-be-stable release into some of the next Debian (and Ubuntu) releases. Regards Daniel From tlx at leuxner.net Tue Aug 13 20:38:22 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Tue, 13 Aug 2013 19:38:22 +0200 Subject: [Dovecot] HG changes affecting received headers In-Reply-To: <20130809050938.GA24626@nihlus.leuxner.net> References: <20130808090716.GA3906@nihlus.leuxner.net> <20130809050938.GA24626@nihlus.leuxner.net> Message-ID: <20130813173822.GA13515@nihlus.leuxner.net> * Thomas Leuxner 2013.08.09 07:09: > * Timo Sirainen 2013.08.08 21:38: > > > Thanks. I thought I found all such occurrences, but looks like I missed that one for some reason. Fixed: http://hg.dovecot.org/dovecot-2.2/rev/9aa9944bd96e > > Thanks, confirmed fixed. Some commit around 07b41fd29a6e replaced the hostname with '0' in the headers: new: Received: from spectre.leuxner.net by 0 (Dovecot) with LMTP id iAiNAJThCVJBLQAAZ53dLw for ; Tue, 13 Aug 2013 09:34:44 +0200 before: Received: from spectre.leuxner.net by spectre.leuxner.net (Dovecot) with LMTP id 9bgTEu3wCFIbXQAAZ53dLw for ; Mon, 12 Aug 2013 16:27:57 +0200 Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From tss at iki.fi Tue Aug 13 21:04:08 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 13 Aug 2013 21:04:08 +0300 Subject: [Dovecot] HG changes affecting received headers In-Reply-To: <20130813173822.GA13515@nihlus.leuxner.net> References: <20130808090716.GA3906@nihlus.leuxner.net> <20130809050938.GA24626@nihlus.leuxner.net> <20130813173822.GA13515@nihlus.leuxner.net> Message-ID: <33F421A8-A7EB-4538-B393-B204E05A4C82@iki.fi> On 13.8.2013, at 20.38, Thomas Leuxner wrote: > * Thomas Leuxner 2013.08.09 07:09: > >> * Timo Sirainen 2013.08.08 21:38: >> >>> Thanks. I thought I found all such occurrences, but looks like I missed that one for some reason. Fixed: http://hg.dovecot.org/dovecot-2.2/rev/9aa9944bd96e >> >> Thanks, confirmed fixed. > > Some commit around 07b41fd29a6e replaced the hostname with '0' in the headers: > > new: > Received: from spectre.leuxner.net > by 0 (Dovecot) with LMTP id iAiNAJThCVJBLQAAZ53dLw > for ; Tue, 13 Aug 2013 09:34:44 +0200 Thanks, fixed in hg. From tlx at leuxner.net Tue Aug 13 22:04:13 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Tue, 13 Aug 2013 21:04:13 +0200 Subject: [Dovecot] HG changes affecting received headers In-Reply-To: <33F421A8-A7EB-4538-B393-B204E05A4C82@iki.fi> References: <20130808090716.GA3906@nihlus.leuxner.net> <20130809050938.GA24626@nihlus.leuxner.net> <20130813173822.GA13515@nihlus.leuxner.net> <33F421A8-A7EB-4538-B393-B204E05A4C82@iki.fi> Message-ID: <20130813190413.GA30263@nihlus.leuxner.net> * Timo Sirainen 2013.08.13 20:04: > Thanks, fixed in hg. Confirmed. Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From jkhashan at msn.com Wed Aug 14 09:12:02 2013 From: jkhashan at msn.com (Jay Khashan) Date: Wed, 14 Aug 2013 06:12:02 +0000 Subject: [Dovecot] Dovecot security Message-ID: Hi, THIS IS URGENT I have Debian Linux machine which I installed as a mail server with postfix, and dovecot. my mail server is setup to use SMTP relay. I currently have ports 143, 995, 25 & SSMTP ports open. in the last few days I have been under attack where email is being sent to fake email address for example xxx at evg-mail.org which does not exist in the mysql db. I need to figure out and lock down dovecot, because I believe the attack is some kind of virus /spyware. I need to know what statement in dovecot.conf or main.cf (postfix) I can modify to lock it down. Also open to install software to combat this kind of attack. Let me know what configuration files, info do you need to help out Many Thanks ~Jay From p at sys4.de Wed Aug 14 09:16:41 2013 From: p at sys4.de (Patrick Ben Koetter) Date: Wed, 14 Aug 2013 08:16:41 +0200 Subject: [Dovecot] Dovecot security In-Reply-To: References: Message-ID: <20130814061640.GD29482@sys4.de> * Jay Khashan : > Hi, > > THIS IS URGENT > > I have Debian Linux machine which I installed as a mail server with postfix, and dovecot. my mail server is setup to use SMTP relay. I currently have ports 143, 995, 25 & SSMTP ports open. in the last few days I have been under attack where email is being sent to fake email address for example xxx at evg-mail.org which does not exist in the mysql db. Show evidence. > I need to figure out and lock down dovecot, because I believe the attack is some kind of virus /spyware. I need to know what statement in dovecot.conf or main.cf (postfix) I can modify to lock it down. Also open to install software to combat this kind of attack. Let me know what configuration files, info do you need to help out At the moment Dovecot can't send mail. Postfix can. p at rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From tron at zhadum.org.uk Wed Aug 14 09:48:13 2013 From: tron at zhadum.org.uk (Matthias Scheler) Date: Wed, 14 Aug 2013 07:48:13 +0100 Subject: [Dovecot] Patch to log the cipher suite used for TLS Message-ID: <20130814064813.GA24083@colwyn.zhadum.org.uk> Hello, the attached patch for Dovecot 2.2.4 improves the logging to include information about the cipher suite used for a TLS connection. Here is an example log line: Aug 13 21:49:55 colwyn dovecot: imap-login: Login: user=, method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, mpid=10567, TLS=, session= This will e.g. allow you to find out that mobile phones use rather week cipher suites (128bit keys, no PFS). There is also something else I noticed. If I switch "mutt" (which generated the above log line) from using IMAP on port 143 and "STARTTLS" to use IMAPS on port 993 I get TLS 1.2: Aug 14 07:44:59 colwyn dovecot: imap-login: Login: user=, method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, mpid=1156, TLS=, session=<0js/suLj9gAgAQiwARQAAQAAAAAAAAAC> Not sure why TLS 1.2 is only used in this case. It might be "mutt" doing that. Kind regards -- Matthias Scheler http://zhadum.org.uk/ -------------- next part -------------- $NetBSD$ Log the cipher used by a TLS connection. --- src/login-common/client-common.c.orig 2013-06-16 22:04:28.000000000 +0100 +++ src/login-common/client-common.c 2013-08-13 21:23:15.000000000 +0100 @@ -506,7 +506,8 @@ } else { const char *ssl_state = ssl_proxy_is_handshaked(client->ssl_proxy) ? - "TLS" : "TLS handshaking"; + t_strdup_printf("TLS=<%s>", ssl_proxy_get_security_string(client->ssl_proxy)) : + "TLS handshaking"; const char *ssl_error = ssl_proxy_get_last_error(client->ssl_proxy); From mailinglist at darac.org.uk Wed Aug 14 12:17:12 2013 From: mailinglist at darac.org.uk (Darac Marjal) Date: Wed, 14 Aug 2013 10:17:12 +0100 Subject: [Dovecot] Dovecot security In-Reply-To: References: Message-ID: <20130814091712.GA13307@darac.org.uk> On Wed, Aug 14, 2013 at 06:12:02AM +0000, Jay Khashan wrote: > Hi, > > THIS IS URGENT > > I have Debian Linux machine which I installed as a mail server with postfix, and dovecot. my mail server is setup to use SMTP relay. I currently have ports 143, 995, 25 & SSMTP ports open. in the last few days I have been under attack where email is being sent to fake email address for example xxx at evg-mail.org which does not exist in the mysql db. > > I need to figure out and lock down dovecot, because I believe the attack is some kind of virus /spyware. I need to know what statement in dovecot.conf or main.cf (postfix) I can modify to lock it down. Also open to install software to combat this kind of attack. Let me know what configuration files, info do you need to help out I think it's probably going to be more effective to "lock down" postfix (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) than it is to "lock down" dovecot (http://wiki2.dovecot.org/Authentication/RestrictAccess). I think, if you want to accept the mail but then refuse to store it, you're looking at things from the wrong angle. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From al-dovecot at none.at Wed Aug 14 12:49:50 2013 From: al-dovecot at none.at (Aleksandar Lazic) Date: Wed, 14 Aug 2013 11:49:50 +0200 Subject: [Dovecot] Patch to log the cipher suite used for TLS In-Reply-To: <20130814064813.GA24083@colwyn.zhadum.org.uk> References: <20130814064813.GA24083@colwyn.zhadum.org.uk> Message-ID: <992c1289f836e146e5be37fb46e64459@none.at> Dear Matthias, Am 14-08-2013 08:48, schrieb Matthias Scheler: > Hello, > > the attached patch for Dovecot 2.2.4 improves the logging to include > information about the cipher suite used for a TLS connection. Here is > an example log line: > > Aug 13 21:49:55 colwyn dovecot: imap-login: Login: user=, > method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, > mpid=10567, TLS=, > session= [snipp] Is the %k not the same? http://wiki2.dovecot.org/Variables I have the following in my logging.conf login_log_format_elements = service=%s user=<%u> session=%{session} method=%m rip=%r lip=%l mpid=%e %c %k cheers Aleks From tss at iki.fi Wed Aug 14 13:14:17 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 14 Aug 2013 13:14:17 +0300 Subject: [Dovecot] SA54438 Message-ID: http://secunia.com/advisories/54438/ Since I already got 3 private mails about this, here's the same reply for everyone (actually updated, now that I looked at the code): This was a v2.2-only bug. And it isn't really a DoS.. It only caused the one pop3 process to crash in assert, which was handling only the connection that had already disconnected. (Unless you were running a non-recommended configuration with multiple clients per process.) So the only problem it caused was that Dovecot logged an assert error and maybe wrote a core dump. From jerry at seibercom.net Wed Aug 14 13:22:13 2013 From: jerry at seibercom.net (Jerry) Date: Wed, 14 Aug 2013 06:22:13 -0400 Subject: [Dovecot] Dovecot security In-Reply-To: <20130814091712.GA13307@darac.org.uk> References: <20130814091712.GA13307@darac.org.uk> Message-ID: <20130814062213.6a047c26@scorpio> On Wed, 14 Aug 2013 10:17:12 +0100 Darac Marjal articulated: > On Wed, Aug 14, 2013 at 06:12:02AM +0000, Jay Khashan wrote: > > Hi, > > > > THIS IS URGENT > > > > I have Debian Linux machine which I installed as a mail server with > > postfix, and dovecot. my mail server is setup to use SMTP relay. I > > currently have ports 143, 995, 25 & SSMTP ports open. in the last > > few days I have been under attack where email is being sent to fake > > email address for example xxx at evg-mail.org which does not exist in > > the mysql db. > > > > I need to figure out and lock down dovecot, because I believe the > > attack is some kind of virus /spyware. I need to know what > > statement in dovecot.conf or main.cf (postfix) I can modify to lock > > it down. Also open to install software to combat this kind of > > attack. Let me know what configuration files, info do you need to > > help out > > I think it's probably going to be more effective to "lock down" > postfix (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) > than it is to "lock down" dovecot > (http://wiki2.dovecot.org/Authentication/RestrictAccess). > > I think, if you want to accept the mail but then refuse to store it, > you're looking at things from the wrong angle. This problem would be better served on the Postfix forum. If you do decide to post there, please follow the suggestions on: http://www.postfix.org/DEBUG_README.html#mail Specifically: Output from "postconf -n". Please do not send your main.cf file, or 500+ lines of postconf output. Better, provide output from the postfinger tool. This can be found at http://ftp.wl0.org/SOURCES/postfinger -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From jkhashan at msn.com Wed Aug 14 13:48:11 2013 From: jkhashan at msn.com (Jay Khashan) Date: Wed, 14 Aug 2013 10:48:11 +0000 Subject: [Dovecot] SA54438 In-Reply-To: References: Message-ID: Hi Timo, Thanks for the info, the version of dovecot installed is root at gwvmdmzmail01:~# dovecot --version 1.2.15 root at gwvmdmzmail01:~# Whats the safest way, without loosing data or breaking the mail system is recommended to upgrade dovecot to version 2.2.5? many thanks ~Jay > From: tss at iki.fi > Date: Wed, 14 Aug 2013 13:14:17 +0300 > To: dovecot at dovecot.org > Subject: [Dovecot] SA54438 > > http://secunia.com/advisories/54438/ > > Since I already got 3 private mails about this, here's the same reply for everyone (actually updated, now that I looked at the code): > > This was a v2.2-only bug. And it isn't really a DoS.. It only caused the one pop3 process to crash in assert, which was handling only the connection that had already disconnected. (Unless you were running a non-recommended configuration with multiple clients per process.) So the only problem it caused was that Dovecot logged an assert error and maybe wrote a core dump. > From omena at aaneton.net Wed Aug 14 14:06:17 2013 From: omena at aaneton.net (Tommi A) Date: Wed, 14 Aug 2013 14:06:17 +0300 Subject: [Dovecot] Dovecot mailbox in read-only mode, Permanentflags empty Message-ID: Hi, I have installed Postfix + Dovecot 2.2.5 on a Fresh Arch Linux server (using Arch Linux repository packages). When accessing mailbox through Dovecot IMAP, all user mailboxes are in READ-ONLY mode. Here is a snippet from IMAP telnet conversation (after successful login). a LIST "" "*" * LIST (\HasNoChildren) "." INBOX a OK List completed. a EXAMINE INBOX * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS ()] Read-only mailbox. * 1 EXISTS * 1 RECENT * OK [UNSEEN 1] First unseen. * OK [UIDVALIDITY 1376459543] UIDs valid * OK [UIDNEXT 2] Predicted next UID * OK [NOMODSEQ] No permanent modsequences a OK [READ-ONLY] Examine completed (0.000 secs). I can read the messages but trying to delete results in: a uid store 1 +flags.silent (\Seen \Deleted) a OK Store ignored with read-only mailbox. I have tried ALOT of different settings (mbox/maildir/acl) but nothing seems to help, also no error messages are found in any logfiles. I noticed from mailing list archive that Dovecot has had Permanentflags problem in the past, but bugs should have been fixed. Is the bug back or is there something wrong with my configuration? Best Regards Tommi P.S. Here is my dovecot configuration: # 2.2.5: /etc/dovecot/dovecot.conf # OS: Linux 3.10.5-1-ARCH x86_64 auth_debug = yes debug_log_path = /var/log/dovecot_debug.log info_log_path = /var/log/dovecot.log mail_debug = yes mail_full_filesystem_access = yes mail_location = maildir:~/Maildir namespace inbox { hidden = no inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = type = private } passdb { driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename } ssl_cert = References: Message-ID: <520B66C4.2070301@Media-Brokers.com> On 2013-08-14 6:48 AM, Jay Khashan wrote: > Whats the safest way, without loosing data or breaking the mail system is recommended to upgrade dovecot to version 2.2.5? Follow the documented instructions? http://wiki2.dovecot.org/Upgrading -- Best regards, */Charles/* From skdovecot at smail.inf.fh-brs.de Wed Aug 14 15:20:16 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 14 Aug 2013 14:20:16 +0200 (CEST) Subject: [Dovecot] Dovecot mailbox in read-only mode, Permanentflags empty In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 14 Aug 2013, Tommi A wrote: > When accessing mailbox through Dovecot IMAP, all user mailboxes are in > READ-ONLY mode. > > Here is a snippet from IMAP telnet conversation (after successful login). > > a EXAMINE INBOX > * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) > * OK [PERMANENTFLAGS ()] Read-only mailbox. > > I have tried ALOT of different settings (mbox/maildir/acl) but nothing seems > to help, also no error messages are found in any logfiles. What are the log entries for the telnet login? > # 2.2.5: /etc/dovecot/dovecot.conf > # OS: Linux 3.10.5-1-ARCH x86_64 [...] > mail_debug = yes good, then plenty of info should be in the logs, about home directory, uids etc.pp. > mail_full_filesystem_access = yes > mail_location = maildir:~/Maildir > passdb { > driver = pam > } > userdb { > driver = passwd > } You seem to use system users, should be visible in the logs. Do the directory /Maildir and any file and directory below belong to the particular user? Do your users have a home directory at all? Kind regards, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUgt2AV3r2wJMiz2NAQKeFwf+MFcpmwDBVWd9GCT/JwgvCDunXmKsW7g0 TsOPLfTlOtjVHsFikPa7El4NZiymv8tSmfO6HJEtbJc4oEGwxZMyBfS3xbbo52FD ZRl43YksxQtDQbPYsApTE7FecN3JLRCI+0SYunq/SUhtgBdVcfzoT9ZLfdRlIX18 XDhEcBeZmJTB890VI2wD2vMEhHLL+nMNnVjVdtatj+uSD8uAsCWloF9o+40hjcLi XWdpNtqvdZdMHd5yusrIJwGl5qJt5Y8qPzVvpvFgwwjV7cqmfo+flxg1Dran8Zif MexRAxAvfLPD5rOR+YlaNeP97zRJaCOOFI6nxNH0JzUWkcC09YWerA== =y/g0 -----END PGP SIGNATURE----- From omena at aaneton.net Wed Aug 14 15:40:47 2013 From: omena at aaneton.net (Tommi A) Date: Wed, 14 Aug 2013 15:40:47 +0300 Subject: [Dovecot] Dovecot mailbox in read-only mode, Permanentflags empty In-Reply-To: References: Message-ID: > > What are the log entries for the telnet login? > > # 2.2.5: /etc/dovecot/dovecot.conf > # OS: Linux 3.10.5-1-ARCH x86_64 > [...] > mail_debug = yes > > good, then plenty of info should be in the logs, about home directory, > uids etc.pp. Logfiles entries: # dovecot.log Aug 14 15:32:11 imap-login: Info: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=516, secured, session= Aug 14 15:32:20 imap(hostmaster): Info: Disconnected: Logged out in=63 out=1423 # dovecot_debug.log Aug 14 15:32:08 auth: Debug: auth client connected (pid=515) Aug 14 15:32:11 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=izfqi+fjwgAAAAAAAAAAAAAAAAAAAAAB lip=::1 rip=::1 lport=143 rport=54210 resp= Aug 14 15:32:11 auth-worker(505): Debug: pam(hostmaster,::1): lookup service=dovecot Aug 14 15:32:11 auth-worker(505): Debug: pam(hostmaster,::1): #1/1 style=1 msg=Password: Aug 14 15:32:11 auth: Debug: client passdb out: OK 1 user=hostmaster Aug 14 15:32:11 auth: Debug: master in: REQUEST 808845313 515 1 2e1914a23f0260f309e46cee1503b61d session_pid=516 Aug 14 15:32:11 auth-worker(505): Debug: passwd(hostmaster,::1): lookup Aug 14 15:32:11 auth: Debug: master userdb out: USER 808845313 hostmaster system_groups_user=hostmaster uid=1006 gid=1006 home=/home/hostmaster auth_token=2323b6910285b26361609c145854ff23f67b85ad Aug 14 15:32:11 imap(hostmaster): Debug: Effective uid=1006, gid=1006, home=/home/hostmaster Aug 14 15:32:11 imap(hostmaster): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Aug 14 15:32:11 imap(hostmaster): Debug: maildir++: root=/home/hostmaster/Maildir, index=, indexpvt=, control=, inbox=/home/hostmaster/Maildir, alt= > > You seem to use system users, should be visible in the logs. Do the > directory /Maildir and any file and directory below > belong to the particular user? Do your users have a home directory at > all? > Yes I do use system users, this system is supposed to be a simple as it gets, and it will only have a few users. Home folder exists and Maildir gets created first time Postfix+dovecot is used for hostmaster user. # cd /home/hostmaster/Maildir/ # ls -la total 36 drwx------ 5 hostmaster hostmaster 4096 Aug 14 15:32 . drwx------ 3 hostmaster hostmaster 4096 Aug 14 13:35 .. drwx------ 2 hostmaster hostmaster 4096 Aug 14 13:35 cur -rw------- 1 hostmaster hostmaster 92 Aug 14 15:32 dovecot-uidlist -rw------- 1 hostmaster hostmaster 8 Aug 14 13:35 dovecot-uidvalidity -r--r--r-- 1 hostmaster hostmaster 0 Aug 14 13:35 dovecot-uidvalidity.520b5d6b -rw------- 1 hostmaster hostmaster 364 Aug 14 15:32 dovecot.index.cache -rw------- 1 hostmaster hostmaster 560 Aug 14 15:32 dovecot.index.log -rw------- 1 hostmaster hostmaster 0 Aug 14 13:35 maildirfolder drwx------ 2 hostmaster hostmaster 4096 Aug 14 15:32 new drwx------ 2 hostmaster hostmaster 4096 Aug 14 15:32 tmp Best regards Tommi From skdovecot at smail.inf.fh-brs.de Wed Aug 14 17:26:00 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 14 Aug 2013 16:26:00 +0200 (CEST) Subject: [Dovecot] Dovecot mailbox in read-only mode, Permanentflags empty In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 14 Aug 2013, Tommi A wrote: > a LIST "" "*" > * LIST (\HasNoChildren) "." INBOX > a OK List completed. > a EXAMINE INBOX try with: a SELECT INBOX - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUguTeV3r2wJMiz2NAQLwBgf9FHI4xhULeEIGD1thsBXHP+CYj4afs9yV UnC+dMdRbcl3wm73FbxGnDYGi4LKZbzqS8SOD8Bs99bTl8Gz1V97zwJ5UVA7AAQa sbNXSNyY9/HhaYQI/OP+tYcvvtokqQFE65COaihTJXHPHiCJst12kxzCWQ8Q1KXJ 4XCBDM7gyt+kcLIdFmZRdnO1MEx6FlDvJKpA1InWK+3xDT1oF3D9Q5igLsNq1ZgI /PEbzfKM0iKywSgXsLnWnzdM5/FUvSAyd3N4N3I8fLBRSy4hFz2JfatCmluxbe6e fny2cMCL7e7LlBqz9O61+y0yRSAgonCX2ZC+6stx6M/MHj+MUT7CQw== =TWWR -----END PGP SIGNATURE----- From h.reindl at thelounge.net Wed Aug 14 17:37:42 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 14 Aug 2013 16:37:42 +0200 Subject: [Dovecot] proxy: get rid of redundant log-informations Message-ID: <520B9636.8080200@thelounge.net> Hi login_log_format_elements = user=<%u> method=%m rip=%r %k is it possible to get rid of the "proxy(test at testserver.rhsoft.net): started proxying to 127.0.0.1:143: " part because on a proxy-only server i know that and it is explicitly not listed in "login_log_format_elements" as well as for the "TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA" it would be enough "TLSv1 DHE-RSA-CAMELLIA256-SHA" the reason is simple: * all needed informations are present * smaller logfiles * nicer "tail -f" on the syslog without breaks _____________________________________________ Aug 14 16:31:46 testserver dovecot: imap-login: proxy(test at testserver.rhsoft.net): started proxying to 127.0.0.1:143: user=, method=CRAM-MD5, rip=91.118.73.99, TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From h.reindl at thelounge.net Wed Aug 14 18:12:42 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 14 Aug 2013 17:12:42 +0200 Subject: [Dovecot] proxy: get rid of redundant log-informations In-Reply-To: <520B9636.8080200@thelounge.net> References: <520B9636.8080200@thelounge.net> Message-ID: <520B9E6A.5050303@thelounge.net> Am 14.08.2013 16:37, schrieb Reindl Harald: > Hi > > login_log_format_elements = user=<%u> method=%m rip=%r %k > > is it possible to get rid of the "proxy(test at testserver.rhsoft.net): started proxying to 127.0.0.1:143: " part > because on a proxy-only server i know that and it is explicitly not listed in "login_log_format_elements" > > as well as for the "TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA" it would be enough "TLSv1 DHE-RSA-CAMELLIA256-SHA" > > the reason is simple: > * all needed informations are present > * smaller logfiles > * nicer "tail -f" on the syslog without breaks > _____________________________________________ > > Aug 14 16:31:46 testserver dovecot: imap-login: proxy(test at testserver.rhsoft.net): started proxying to > 127.0.0.1:143: user=, method=CRAM-MD5, rip=91.118.73.99, TLSv1 with cipher > DHE-RSA-CAMELLIA256-SHA (256/256 bits) got it login_log_format_elements = user=<%u> method=%m rip=%r %k login_log_format = %s -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From rs at sys4.de Wed Aug 14 19:54:40 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 14 Aug 2013 18:54:40 +0200 Subject: [Dovecot] force ciphers order for clients Message-ID: <520BB650.4030809@sys4.de> Hi Timo, reading this http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/ it looks like DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA can be forced in use with apple mail ( if no ECDHE is possible ,by missing openssl 1.x etc, seems that apple mail tries ECDHE first if fails its going to use RSA-AES128-SHA ) force soltution as tried ssl_cipher_list = DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!PSK:!SRP:!DSS:!SSLv2:!RC4 so far so good , it worked nice with recent thunderbird too but it fails with outlook 2003 pop3s / win7 so i thought about using an order like this ssl_cipher_list = DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ALL:!LOW:!SSLv2:!EXP:!aNULL does that makes sense ? ( using dove 2.1.x / openssl 0.9x ) Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From h.reindl at thelounge.net Wed Aug 14 20:03:19 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 14 Aug 2013 19:03:19 +0200 Subject: [Dovecot] force ciphers order for clients In-Reply-To: <520BB650.4030809@sys4.de> References: <520BB650.4030809@sys4.de> Message-ID: <520BB857.6000602@thelounge.net> Am 14.08.2013 18:54, schrieb Robert Schetterer: > http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/ > > it looks like DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA can be forced in use > with apple mail > > > ( if no ECDHE is possible ,by missing openssl 1.x etc, > seems that apple mail tries ECDHE first if fails its going to use > RSA-AES128-SHA ) > > force soltution as tried > > ssl_cipher_list = > DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!PSK:!SRP:!DSS:!SSLv2:!RC4 > > so far so good , it worked nice with recent thunderbird too > but it fails with outlook 2003 pop3s / win7 > > so i thought about using an order like this > > ssl_cipher_list = > DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ALL:!LOW:!SSLv2:!EXP:!aNULL ssl_cipher_list = EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:HIGH:!aNULL:!eNULL:!EXP:!MD5:!LOW:!SSLv2 is what is *higly* recommended after testing webservers by https://www.ssllabs.com/ssltest/ and works with Outlook 2003/2007/2010 as well as Thunderbird, iOS, Apple Mail, currently there exists even no way to force web-browsers to FS without open BEAST-attack and i doubt in context mail it does not look much better however, make sure you are using *the latest* dovecot version and at least openssl 1.0.1e thunderbird: TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From tron at zhadum.org.uk Wed Aug 14 20:29:13 2013 From: tron at zhadum.org.uk (Matthias Scheler) Date: Wed, 14 Aug 2013 18:29:13 +0100 Subject: [Dovecot] Patch to log the cipher suite used for TLS In-Reply-To: <992c1289f836e146e5be37fb46e64459@none.at> References: <20130814064813.GA24083@colwyn.zhadum.org.uk> <992c1289f836e146e5be37fb46e64459@none.at> Message-ID: <20130814172913.GA386@colwyn.zhadum.org.uk> On Wed, Aug 14, 2013 at 11:49:50AM +0200, Aleksandar Lazic wrote: > >the attached patch for Dovecot 2.2.4 improves the logging to include > >information about the cipher suite used for a TLS connection. Here is > >an example log line: > > > >Aug 13 21:49:55 colwyn dovecot: imap-login: Login: user=, > >method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, > >mpid=10567, TLS=, > >session= > > [snipp] > > Is the %k not the same? Yes, it is. > http://wiki2.dovecot.org/Variables > > I have the following in my logging.conf > > login_log_format_elements = service=%s user=<%u> session=%{session} > method=%m rip=%r lip=%l mpid=%e %c %k I was looking for logging options on the SSL page but couldn't find them there. I've now configured an unpatched Dovecot according to your suggestion and I get the information I want. Thanks a lot -- Matthias Scheler http://zhadum.org.uk/ From rs at sys4.de Wed Aug 14 21:42:39 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 14 Aug 2013 20:42:39 +0200 Subject: [Dovecot] force ciphers order for clients In-Reply-To: <520BB857.6000602@thelounge.net> References: <520BB650.4030809@sys4.de> <520BB857.6000602@thelounge.net> Message-ID: <520BCF9F.5030106@sys4.de> Am 14.08.2013 19:03, schrieb Reindl Harald: > > > Am 14.08.2013 18:54, schrieb Robert Schetterer: >> http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/ >> >> it looks like DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA can be forced in use >> with apple mail >> >> >> ( if no ECDHE is possible ,by missing openssl 1.x etc, >> seems that apple mail tries ECDHE first if fails its going to use >> RSA-AES128-SHA ) >> >> force soltution as tried >> >> ssl_cipher_list = >> DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!PSK:!SRP:!DSS:!SSLv2:!RC4 >> >> so far so good , it worked nice with recent thunderbird too >> but it fails with outlook 2003 pop3s / win7 >> >> so i thought about using an order like this >> >> ssl_cipher_list = >> DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ALL:!LOW:!SSLv2:!EXP:!aNULL > > ssl_cipher_list = > EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:HIGH:!aNULL:!eNULL:!EXP:!MD5:!LOW:!SSLv2 > > is what is *higly* recommended after testing webservers by https://www.ssllabs.com/ssltest/ and > works with Outlook 2003/2007/2010 as well as Thunderbird, iOS, Apple Mail, currently hm ,do you have the exact url for test results with mail clients ? > there exists even no way to force web-browsers to FS without open BEAST-attack and > i doubt in context mail it does not look much better > > however, make sure you are using *the latest* dovecot version and at least openssl 1.0.1e > thunderbird: TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits) > thx Harald, upgrading openssl to 1.x and using dove 2.2.5 is no option at my setup lucid ubuntu yet Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From h.reindl at thelounge.net Wed Aug 14 21:54:05 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 14 Aug 2013 20:54:05 +0200 Subject: [Dovecot] force ciphers order for clients In-Reply-To: <520BCF9F.5030106@sys4.de> References: <520BB650.4030809@sys4.de> <520BB857.6000602@thelounge.net> <520BCF9F.5030106@sys4.de> Message-ID: <520BD24D.40601@thelounge.net> Am 14.08.2013 20:42, schrieb Robert Schetterer: > Am 14.08.2013 19:03, schrieb Reindl Harald: >> ssl_cipher_list = >> EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:HIGH:!aNULL:!eNULL:!EXP:!MD5:!LOW:!SSLv2 >> >> is what is *higly* recommended after testing webservers by https://www.ssllabs.com/ssltest/ and >> works with Outlook 2003/2007/2010 as well as Thunderbird, iOS, Apple Mail, currently > > hm ,do you have the exact url for test results with mail clients ? no, sadly i can only refer to https://www.ssllabs.com/ssltest/ and assume that TSL in context mail is not much different, what would be cool is a compareable test-site because the handshake-examples which client is using which ciphers in comination with your current config from ssllabs is wonderful if someone konws such a tool for mailservers post it here and on the postfix list with uppercase letters in the subject >> there exists even no way to force web-browsers to FS without open BEAST-attack and >> i doubt in context mail it does not look much better > >> however, make sure you are using *the latest* dovecot version and at least openssl 1.0.1e >> thunderbird: TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits) > > thx Harald, upgrading openssl to 1.x and using dove 2.2.5 is no option > at my setup lucid ubuntu yeter so you can practically forget it before openssl 1.0.1 TLS 1.2 does not work confirmed by our upgrade to Fedora 18 all services now support TLS 1.2, with Fedora 17 and openssl 1.0 no way and for dovecot the releae enote for 2.2.5 is pretty clear "SSL: Added support for ECDH/ECDHE cipher suite" -------- Original-Nachricht -------- Betreff: [Dovecot-news] v2.2.5 released Datum: Mon, 5 Aug 2013 23:03:38 +0300 Von: Timo Sirainen Antwort an: dovecot at dovecot.org An: dovecot-news at dovecot.org , dovecot at dovecot.org List http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz.sig So, I'm back from the first vacation I've had in about 10 years. (Well, maybe there were a few short ones.) I was planning on coding it the whole time, but looks like I didn't manage to get anything at all done. Maybe that's a good vacation?.. Anyway, I've still a few more pending things to look into, but it's been too long since v2.2.4 so here are the fixes so far. + SSL: Added support for ECDH/ECDHE cipher suites (by David Hicks) + Added some missing man pages (by Pascal Volk) + quota-status: Added quota_status_toolarge setting (by Ulrich Zehl) - director: Users near expiration could have been redirected to different servers at the same time. - pop3: Avoid assert-crash if client disconnects during LIST. - mdbox: Corrupted index header still wasn't automatically fixed. - dsync: Various fixes to work better with imapc and pop3c storages. - ldap: sasl_bind=yes caused crashes, because Dovecot's lib-sasl symbols conflicted with Cyrus SASL library. - imap: Various error handling fixes to CATENATE. (Found using Apple's stress test script.) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From rs at sys4.de Wed Aug 14 22:19:22 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 14 Aug 2013 21:19:22 +0200 Subject: [Dovecot] force ciphers order for clients In-Reply-To: <520BD24D.40601@thelounge.net> References: <520BB650.4030809@sys4.de> <520BB857.6000602@thelounge.net> <520BCF9F.5030106@sys4.de> <520BD24D.40601@thelounge.net> Message-ID: <520BD83A.7090605@sys4.de> Am 14.08.2013 20:54, schrieb Reindl Harald: > > Am 14.08.2013 20:42, schrieb Robert Schetterer: >> Am 14.08.2013 19:03, schrieb Reindl Harald: >>> ssl_cipher_list = >>> EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:HIGH:!aNULL:!eNULL:!EXP:!MD5:!LOW:!SSLv2 >>> >>> is what is *higly* recommended after testing webservers by https://www.ssllabs.com/ssltest/ and >>> works with Outlook 2003/2007/2010 as well as Thunderbird, iOS, Apple Mail, currently >> >> hm ,do you have the exact url for test results with mail clients ? > > no, sadly i can only refer to https://www.ssllabs.com/ssltest/ and > assume that TSL in context mail is not much different, what would > be cool is a compareable test-site because the handshake-examples > which client is using which ciphers in comination with your current > config from ssllabs is wonderful so if there is no proofed real world test client validation much support may come up with older clients > > if someone konws such a tool for mailservers post it here and > on the postfix list with uppercase letters in the subject > >>> there exists even no way to force web-browsers to FS without open BEAST-attack and >>> i doubt in context mail it does not look much better >> >>> however, make sure you are using *the latest* dovecot version and at least openssl 1.0.1e >>> thunderbird: TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits) >> >> thx Harald, upgrading openssl to 1.x and using dove 2.2.5 is no option >> at my setup lucid ubuntu yeter > > so you can practically forget it perhaps true forever, as long old clients are around, cause the server can only workaround them > > before openssl 1.0.1 TLS 1.2 does not work > confirmed by our upgrade to Fedora 18 > all services now support TLS 1.2, with Fedora 17 and openssl 1.0 no way > > and for dovecot the releae enote for 2.2.5 is pretty clear > "SSL: Added support for ECDH/ECDHE cipher suite" i only goal to force Forward Secrecy DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA should be enough for that and are working with 0.9x openssl, true ECDH/ECDHE is much better question was if ssl_cipher_list = DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ALL:!LOW:!SSLv2:!EXP:!aNULL does make sense , to prime the anounce of DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA before other cipers and with default restrictions > > -------- Original-Nachricht -------- > Betreff: [Dovecot-news] v2.2.5 released > Datum: Mon, 5 Aug 2013 23:03:38 +0300 > Von: Timo Sirainen > Antwort an: dovecot at dovecot.org > An: dovecot-news at dovecot.org , dovecot at dovecot.org List > > http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz.sig > > So, I'm back from the first vacation I've had in about 10 years. (Well, maybe there were a few short ones.) I was > planning on coding it the whole time, but looks like I didn't manage to get anything at all done. Maybe that's a > good vacation?.. Anyway, I've still a few more pending things to look into, but it's been too long since v2.2.4 so > here are the fixes so far. > > + SSL: Added support for ECDH/ECDHE cipher suites (by David Hicks) > + Added some missing man pages (by Pascal Volk) > + quota-status: Added quota_status_toolarge setting (by Ulrich Zehl) > - director: Users near expiration could have been redirected to > different servers at the same time. > - pop3: Avoid assert-crash if client disconnects during LIST. > - mdbox: Corrupted index header still wasn't automatically fixed. > - dsync: Various fixes to work better with imapc and pop3c storages. > - ldap: sasl_bind=yes caused crashes, because Dovecot's lib-sasl > symbols conflicted with Cyrus SASL library. > - imap: Various error handling fixes to CATENATE. (Found using > Apple's stress test script.) > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From h.reindl at thelounge.net Wed Aug 14 22:30:15 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 14 Aug 2013 21:30:15 +0200 Subject: [Dovecot] force ciphers order for clients In-Reply-To: <520BD83A.7090605@sys4.de> References: <520BB650.4030809@sys4.de> <520BB857.6000602@thelounge.net> <520BCF9F.5030106@sys4.de> <520BD24D.40601@thelounge.net> <520BD83A.7090605@sys4.de> Message-ID: <520BDAC7.5000606@thelounge.net> Am 14.08.2013 21:19, schrieb Robert Schetterer: >>> thx Harald, upgrading openssl to 1.x and using dove 2.2.5 is no option >>> at my setup lucid ubuntu yeter >> >> so you can practically forget it > > perhaps true forever, as long old clients are around, cause the server > can only workaround them not absolutely playing around with the setings below and https://www.ssllabs.com/ssltest/ turned out that the order is what counts, and that is really tricky i played around 5 hours with this absoluetly crap adding !MEDIUM results in open from CRIME or BEAST attack because some clients chosse a vulerable cipher, but it would raise up the overall points of the test BUT at the same time perfect forward secrecry for most clients while with settings below only for Apple iOS/Safari without the -SHA1 also vulernable for one of the new attacks sorry, i refused to notice what and tried ot achive best possible encryption while not fall back to classification B what is important for security audits BEAST attack is unlikely in context mail IMHO this is all bullshit currently *but* if recent clients start to act smarter they can choose the best possible cipher offered from the server and after that you have your copmpatibility net for old clients - currently this all is a tragedy, but having PRISM/NSA and the latest news about in mind most likely recent clients will be able to choose a "perfect forward secrecy" capable cipher if offered by the server independent of weaker ones the real problem in your case will most likely be that most of the shiny new things in this area will require recent openssl and TLS1.2 (sadly not supproted by Mozilla/NSS for now) ________________________________________________________________________________________________ SSLProtocol All -SSLv2 -SSLv3 SSLCompression Off SSLInsecureRenegotiation Off SSLHonorCipherOrder On SSLCipherSuite EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:HIGH:!aNULL:!eNULL:!EXP:!LOW:!MD5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From rs at sys4.de Wed Aug 14 23:04:00 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 14 Aug 2013 22:04:00 +0200 Subject: [Dovecot] force ciphers order for clients In-Reply-To: <520BDAC7.5000606@thelounge.net> References: <520BB650.4030809@sys4.de> <520BB857.6000602@thelounge.net> <520BCF9F.5030106@sys4.de> <520BD24D.40601@thelounge.net> <520BD83A.7090605@sys4.de> <520BDAC7.5000606@thelounge.net> Message-ID: <520BE2B0.6050809@sys4.de> Am 14.08.2013 21:30, schrieb Reindl Harald: > > > Am 14.08.2013 21:19, schrieb Robert Schetterer: >>>> thx Harald, upgrading openssl to 1.x and using dove 2.2.5 is no option >>>> at my setup lucid ubuntu yeter >>> >>> so you can practically forget it >> >> perhaps true forever, as long old clients are around, cause the server >> can only workaround them > > not absolutely > > playing around with the setings below and https://www.ssllabs.com/ssltest/ > turned out that the order is what counts, and that is really tricky > > i played around 5 hours with this absoluetly crap that sounds good, so you allready did many real world tests > > adding !MEDIUM results in open from CRIME or BEAST attack because > some clients chosse a vulerable cipher, but it would raise up the > overall points of the test BUT at the same time perfect forward > secrecry for most clients while with settings below only > for Apple iOS/Safari > > without the -SHA1 also vulernable for one of the new attacks > sorry, i refused to notice what and tried ot achive best possible > encryption while not fall back to classification B what is important > for security audits > > BEAST attack is unlikely in context mail > > IMHO this is all bullshit currently *but* if recent clients start > to act smarter they can choose the best possible cipher offered > from the server and after that you have your copmpatibility net > for old clients - currently this all is a tragedy, but having > PRISM/NSA and the latest news about in mind most likely recent > clients will be able to choose a "perfect forward secrecy" > capable cipher if offered by the server independent of weaker ones > > the real problem in your case will most likely be that most > of the shiny new things in this area will require recent > openssl and TLS1.2 (sadly not supproted by Mozilla/NSS for now) i will upgrade openssl and whole setup as soon as possible, meanwhile looking for best working tmp solution > ________________________________________________________________________________________________ > > SSLProtocol All -SSLv2 -SSLv3 > SSLCompression Off > SSLInsecureRenegotiation Off > SSLHonorCipherOrder On > SSLCipherSuite > EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:HIGH:!aNULL:!eNULL:!EXP:!LOW:!MD5 i have a testing setup with newer openssl/dove i will try your settings with a few clients there, but that will take time going on vacation soon > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From leolistas at solutti.com.br Wed Aug 14 23:34:48 2013 From: leolistas at solutti.com.br (Leonardo Rodrigues) Date: Wed, 14 Aug 2013 17:34:48 -0300 Subject: [Dovecot] weird situation with pop3/imap proxy and postfix authentication Message-ID: <520BE9E8.9060807@solutti.com.br> Hello dovecot mailing list, I have a server running postfix and dovecot. I havea configuration on dovecot that allows me to provide imap4/pop3 messages for local hosted users as well as for proxied users on other servers. Basically, i have a simple MySQL table (imapproxy) with two fields, 'domain' and 'host'. My password_query isa 'UNION' query, exactly like: password_query=select endereco as user, password, '/var/spool/mail/%u' as userdb_home, 'maildir:/var/spool/mail/%u' as userdb_mail, 8 as userdb_uid, 12 as userdb_gid, concat('*:storage=', quota) as userdb_quota_rule, 'Trash:storage=+100M' as userdb_quota_rule2, 'Y' as proxy_maybe, '10.252.38.2' as host from emails where endereco = '%u' and ativa = '1' UNION select NULL as user, '%w' as password, NULL as userdb_home, NULL as userdb_mail, NULL as userdb_uid, NULL as userdb_gid, NULL as userdb_quota_rule, NULL as userdb_quota_rule2, 'Y' as proxy_maybe, imapproxy.host as host from imapproxy where imapproxy.dominio = '%d' the 10.252.38.2 address, on the query, is my local server when this query received a local user, from a domain that is NOT listed on the imapproxy table, results are like: *************************** 1. row *************************** user: localuser at domain.com.br password: (SSHA256 encrypted password) userdb_home: /var/spool/mail/localuser at domain.com.br userdb_mail: maildir:/var/spool/mail/localuser at domain.com.br userdb_uid: 8 userdb_gid: 12 userdb_quota_rule: *:storage=51200 userdb_quota_rule2: Trash:storage=+100M proxy_maybe: Y host: 10.252.38.2 when it receives a proxied domain, results are: *************************** 1. row *************************** user: NULL password: password userdb_home: NULL userdb_mail: NULL userdb_uid: NULL userdb_gid: NULL userdb_quota_rule: NULL userdb_quota_rule2: NULL proxy_maybe: Y host: 10.254.116.9 This is working just fine for IMAP4 and POP3 proxying. Local users (which domains are NOT listed on imapproxy table) can successfully login to their accountsas well as users from domains listed on imapproxy table can successfully login to their accounts. On SMTP authentication, tough, things are not so fine. SMTP authentication is provided by dovecot to postfix: [root at correio dovecot]# postconf mail_version mail_version = 2.7.1 [root at correio dovecot]# smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot service auth is defined on dovecot confs as: service auth { unix_listener auth-userdb { mode = 0600 user = mail group = mail } # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } } and it seems to be allowing ANYuser on any domain listed on the imapproxy table domains to login, even if the user does not exists or provides wrong password. In fact, it seems dovecot returns OK to postfix even without trying to contact the assigned server to that domain, as i cannot find any password-failed-specific log to that user on the specific server. Example: (a proxied domain) [root at correio dovecot]# telnet mail.proxieddomain.com.br 110 Trying 10.254.116.9... Connected to mail.proxieddomain.com.br (10.254.116.9). Escape character is '^]'. +OK Dovecot ready. user teste at proxieddomain.com.br +OK pass password -ERR Authentication failed. (i can successfully find this auth trial and fail on 10.254.116.9 logs) but on SMTP authentication, i have: [root at correio dovecot]# perl -MMIME::Base64 -e \ 'print encode_base64("teste\@proxieddomain.com.br\0teste\@proxieddomain.com.br\0password");' xxxxxxxxx(not the real encoded pass)xxxxxxxxxxxxxxxx= [root at correio dovecot]# [root at correio dovecot]# telnet localhost 587 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.domain.com.br ESMTP EHLO test 250-mail.domain.com.br [ ... ] AUTH PLAIN (encoded string returned by perl encode_base64) 235 2.7.0 Authentication successful (and i cannot even find any authentication log, fail or success, on the specific server for proxieddomain.com.br) dovecot version is: [root at correio dovecot]# dovecot --version 2.2.2 [root at correio dovecot]# what am i doing wrong here ? How to have dovecot to really check users before giving OK to postfix on SMTP authentications ? Thanks for any hints ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, N?O mandem email gertrudes at solutti.com.br My SPAMTRAP, do not email it From h.reindl at thelounge.net Wed Aug 14 23:37:41 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 14 Aug 2013 22:37:41 +0200 Subject: [Dovecot] force ciphers order for clients In-Reply-To: <520BE988.3090907@thelounge.net> References: <520BE988.3090907@thelounge.net> Message-ID: <520BEA95.8000501@thelounge.net> third try - a limit of 40 KB is ridiculous given the base64 overhead for e-mail and i hardly can cut more of the screenshot before it renders unusable at all....... Am 14.08.2013 22:04, schrieb Robert Schetterer: > Am 14.08.2013 21:30, schrieb Reindl Harald: >> Am 14.08.2013 21:19, schrieb Robert Schetterer: >> >> i played around 5 hours with this absoluetly crap > > that sounds good, so you allready did many real world tests yeah and the bad is that it prove *currently* it is imposible to have perfect forward secrecy for most real world clients without open other vectors leading to fall back to a yellow B really sad is that playing around turned out how hard it is to force different clients at the same time to a good cipher and how one change in the order refelcts the overall result and facing this: "ssllabs" simulates negotiation of real clients (skipped in the screenshot) but we are missing the same for mailservers and thats why my conclusion is that we are hopeless as admins and can only offer things but not do much in case of clients using them __________________________ attached the current results for our webservers the only positive from the current resullt is that the sever supports ciphers for "Perfect Forward Secrecy" and the negative that it is only theory, so i stay at this config and say "dear browser vendors, i support it so use it with your damned client" because i can hardly use a config which get a yellow CVSS on security-audits to support FS for you" well, i could reven aise up "key exchange" to 90/95 but after that "FS" would not be listed at all the real sad thing is that the "FS" you see is not used by current clients which mostly use RC4 and if you add !MEDIUM the most start using FS-ciphers but are vulerable by BEAST-attack which let you fall down to grade B if i add !MEDIUM to dovecot Thunderbird does no longer connect at all -------------- next part -------------- A non-text attachment was scrubbed... Name: ssl_analyse.gif Type: image/gif Size: 20151 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From h.reindl at thelounge.net Wed Aug 14 23:58:17 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 14 Aug 2013 22:58:17 +0200 Subject: [Dovecot] proxy: get rid of redundant log-informations In-Reply-To: <520B9E6A.5050303@thelounge.net> References: <520B9636.8080200@thelounge.net> <520B9E6A.5050303@thelounge.net> Message-ID: <520BEF69.7030109@thelounge.net> Am 14.08.2013 17:12, schrieb Reindl Harald: >> is it possible to get rid of the "proxy(test at testserver.rhsoft.net): started proxying to 127.0.0.1:143: " part >> because on a proxy-only server i know that and it is explicitly not listed in "login_log_format_elements" >> > got it > > login_log_format_elements = user=<%u> method=%m rip=%r %k > login_log_format = %s which introduces the problem that POP3 is double-logged i guess ":msg, contains, "): disconnecting" ~" in rsyslog.conf no longer takes effect Aug 14 22:54:37 mail dovecot: pop3-login: user=, method=PLAIN, rip=80.120.xx.xx Aug 14 22:54:37 mail dovecot: pop3-login: user=, method=PLAIN, rip=80.120.xx.xx given that "example.com" has 60 addresses which are checked by a exchange connector every 3 minutes you can calculate the logsize by 2400 loglines per hour which could be 1200 without disconnect log is there a option or would it not make sense in case "login_log_format = %s" skip the second line in default (non-debug) logging, most are gardly interested in how long a POP3 user took to receive his mails, the more interesting is how often, from which IPs and how much failed logins from where thanks! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From gb10hkzo-dovecot at yahoo.co.uk Thu Aug 15 00:04:30 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Wed, 14 Aug 2013 22:04:30 +0100 (BST) Subject: [Dovecot] force ciphers order for clients In-Reply-To: <520BB857.6000602@thelounge.net> References: <520BB650.4030809@sys4.de> <520BB857.6000602@thelounge.net> Message-ID: <1376514270.69115.YahooMailNeo@web28904.mail.ir2.yahoo.com> I would like to contribute this suggestion (assuming nobody has already) : ssl_cipher_list = TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!PSK:@STRENGTH I have not tested it incredibly thoroughly, but I do believe the @STRENGTH at the end is the little secret that puts the order into the chaos. From h.reindl at thelounge.net Wed Aug 14 23:33:12 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 14 Aug 2013 22:33:12 +0200 Subject: [Dovecot] force ciphers order for clients In-Reply-To: <520BE83E.8010503@thelounge.net> References: <520BE83E.8010503@thelounge.net> Message-ID: <520BE988.3090907@thelounge.net> Am 14.08.2013 22:04, schrieb Robert Schetterer: > Am 14.08.2013 21:30, schrieb Reindl Harald: >> Am 14.08.2013 21:19, schrieb Robert Schetterer: >>>>> thx Harald, upgrading openssl to 1.x and using dove 2.2.5 is no option >>>>> at my setup lucid ubuntu yeter >>>> >>>> so you can practically forget it >>> >>> perhaps true forever, as long old clients are around, cause the server >>> can only workaround them >> >> not absolutely >> >> playing around with the setings below and https://www.ssllabs.com/ssltest/ >> turned out that the order is what counts, and that is really tricky >> >> i played around 5 hours with this absoluetly crap > > that sounds good, so you allready did many real world tests yeah and the bad is that it prove *currently* it is imposible to have perfect forward secrecy for most real world clients without open other vectors leading to fall back to a yellow B really sad is that playing around turned out how hard it is to force different clients at the same time to a good cipher and how one change in the order refelcts the overall result and facing this: "ssllabs" simulates negotiation of real clients (skipped in the screenshot) but we are missing the same for mailservers and thats why my conclusion is that we are hopeless as admins and can only offer things but not do much in case of clients using them __________________________ attached the current results for our webservers the only positive from the current resullt is that the sever supports ciphers for "Perfect Forward Secrecy" and the negative that it is only theory, so i stay at this config and say "dear browser vendors, i support it so use it with your damned client" because i can hardly use a config which get a yellow CVSS on security-audits to support FS for you" well, i could reven aise up "key exchange" to 90/95 but after that "FS" would not be listed at all the real sad thing is that the "FS" you see is not used by current clients which mostly use RC4 and if you add !MEDIUM the most start using FS-ciphers but are vulerable by BEAST-attack which let you fall down to grade B if i add !MEDIUM to dovecot Thunderbird does no longer connect at all -------------- next part -------------- A non-text attachment was scrubbed... Name: ssl_analyse.gif Type: image/gif Size: 36735 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From kremels at kreme.com Thu Aug 15 08:13:52 2013 From: kremels at kreme.com (LuKreme) Date: Wed, 14 Aug 2013 23:13:52 -0600 Subject: [Dovecot] dovecot is working, sort of Message-ID: <6748FA7A-F2E9-4950-A211-A74F09352800@kreme.com> I have dovecot setup and authenticating away for local users, but when I try to add MySQL users from postfix admin, not only does that fail, but all authentication fails. This configuration does not work: doveconf -n # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE i386 namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } ssl_cert = , rip=67.176.106.217, lip=75.148.117.91, TLS, session= This configuration works, but only for local users obviously: # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE i386 namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } ssl_cert = -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 14 Aug 2013, Tommi A wrote: > >> a LIST "" "*" >> * LIST (\HasNoChildren) "." INBOX >> a OK List completed. >> a EXAMINE INBOX > > try with: > > a SELECT INBOX > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUguTeV3r2wJMiz2NAQLwBgf9FHI4xhULeEIGD1thsBXHP+CYj4afs9yV > UnC+dMdRbcl3wm73FbxGnDYGi4LKZbzqS8SOD8Bs99bTl8Gz1V97zwJ5UVA7AAQa > sbNXSNyY9/HhaYQI/OP+tYcvvtokqQFE65COaihTJXHPHiCJst12kxzCWQ8Q1KXJ > 4XCBDM7gyt+kcLIdFmZRdnO1MEx6FlDvJKpA1InWK+3xDT1oF3D9Q5igLsNq1ZgI > /PEbzfKM0iKywSgXsLnWnzdM5/FUvSAyd3N4N3I8fLBRSy4hFz2JfatCmluxbe6e > fny2cMCL7e7LlBqz9O61+y0yRSAgonCX2ZC+6stx6M/MHj+MUT7CQw== > =TWWR > -----END PGP SIGNATURE----- From tom at whyscream.net Thu Aug 15 10:14:31 2013 From: tom at whyscream.net (Tom Hendrikx) Date: Thu, 15 Aug 2013 09:14:31 +0200 Subject: [Dovecot] dovecot is working, sort of In-Reply-To: <6748FA7A-F2E9-4950-A211-A74F09352800@kreme.com> References: <6748FA7A-F2E9-4950-A211-A74F09352800@kreme.com> Message-ID: <520C7FD7.1040308@whyscream.net> On 08/15/2013 07:13 AM, LuKreme wrote: > I have dovecot setup and authenticating away for local users, but > when I try to add MySQL users from postfix admin, not only does that > fail, but all authentication fails. > > and I get the following errors for *ALL* attempts to connect, not > just sql ones: > mail dovecot: auth: Fatal: mysql: Missing value in connect string: > password-dovecot mail dovecot: master: Error: service(auth): command > startup failed, throttling for 60 secs > > The dovecot-sql.conf.ext file is: $ cat > /etc/dovecot/dovecot-sql.conf.ext driver = mysql connect = > host=localhost dbname=postfix user=dovecot password-dovecot I see a typo there, and the error message is referring to it. Maybe try password=dovecot? The reason that all authentications fail (also the non sql ones), is because the auth process (that handles all authentications) dies because of the typo. Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 899 bytes Desc: OpenPGP digital signature URL: From kremels at kreme.com Thu Aug 15 11:05:54 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 15 Aug 2013 02:05:54 -0600 Subject: [Dovecot] dovecot is working, sort of In-Reply-To: <520C7FD7.1040308@whyscream.net> References: <6748FA7A-F2E9-4950-A211-A74F09352800@kreme.com> <520C7FD7.1040308@whyscream.net> Message-ID: On 15 Aug 2013, at 01:14 , Tom Hendrikx wrote: > I see a typo there, and the error message is referring to it. Maybe try > password=dovecot? You'll never believe this, but I *just* saw this less than a minute ago and came over to my mail to post my 'doh' message. Sigh. I think I'll wait on my next stupid question until morning. :) -- This is our music from the bachelor's den, the sound of loneliness turned up to ten. A harsh soundtrack from a stagnant waterbed and it sounds just like this. This is the sound of someone losing the plot making out that they're OK when they're not. You're gonna like it, but not a lot. And the chorus goes like this... From kremels at kreme.com Thu Aug 15 11:50:54 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 15 Aug 2013 02:50:54 -0600 Subject: [Dovecot] dovecot is working, sort of In-Reply-To: References: <6748FA7A-F2E9-4950-A211-A74F09352800@kreme.com> <520C7FD7.1040308@whyscream.net> Message-ID: <4A4A5457-E436-42A5-B959-9BAF465D324F@kreme.com> On 15 Aug 2013, at 02:05 , LuKreme wrote: > I think I'll wait on my next stupid question until morning. Or not. "Error: user lists@*munged*: Couldn't drop privileges: User is missing UID (see mail_uid setting)" These are all virtual users with a hid of 89. How do I tell dovecot that? $ cat /etc/dovecot/dovecot-sql.conf.ext driver = mysql connect = host=localhost dbname=postfix user=dovecot password=dovecot default_pass_scheme = MD5-CRYPT password_query = select password from mailbox where username ='%u' user_query = select concat('/usr/local/virtual/', maildir) from mailbox where username = '%u' $ doveconf -n # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE i386 auth_debug_passwords = yes auth_mechanisms = plain login disable_plaintext_auth = no mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox NotJunk { auto = subscribe } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } ssl_cert = References: <6748FA7A-F2E9-4950-A211-A74F09352800@kreme.com> <520C7FD7.1040308@whyscream.net> <4A4A5457-E436-42A5-B959-9BAF465D324F@kreme.com> Message-ID: <520CAE27.5010203@sterenborg.info> On 08/15/2013 10:50 AM, LuKreme wrote: > > "Error: user lists@*munged*: Couldn't drop privileges: User is missing UID (see mail_uid setting)" > > These are all virtual users with a hid of 89. How do I tell dovecot that? > > > $ cat /etc/dovecot/dovecot-sql.conf.ext > driver = mysql > connect = host=localhost dbname=postfix user=dovecot password=dovecot > default_pass_scheme = MD5-CRYPT > password_query = select password from mailbox where username ='%u' > user_query = select concat('/usr/local/virtual/', maildir) from mailbox where username = '%u' In my SQL configuration I have something like this: user_query = \ SELECT _home AS home, _uid AS uid, _gid AS gid \ FROM virtual_mailboxes \ WHERE _recipient='%u' AND _active=1 Using this I can give certain users a different UID/GID, should I want to. But if I'm not mistaken you can also statically configure the uid and gid. On page http://wiki2.dovecot.org/VirtualUsers, the last example says: userdb { driver = static args = uid=vmail gid=vmail home=/var/mail/virtual/%d/%n } I guess you should be able to adapt this to your SQL config. -- Rob From hajo.locke at gmx.de Thu Aug 15 16:46:36 2013 From: hajo.locke at gmx.de (Hajo Locke) Date: Thu, 15 Aug 2013 15:46:36 +0200 Subject: [Dovecot] INBOX protected foldername? References: <8546B309-AD20-4DD0-BCFE-8C91DA245240@iki.fi><1AD0A63288F34D69A7A6668CB1AD1B6A@hansadd566750e><0C2A766A-C116-4645-BCE9-9B223C4A24DF@iki.fi> Message-ID: <4E14DCF2765445F2BD5B93669B2ADB4C@ai.local> Hello, >> Since 2.1.17 fixes a lot of bugs of 2.1.7, I would propose you to open a >> bug report on the dovecot package in bugs.debian.org and list some of the >> bugs which have been fixed in the meantime. The >> easiest way to do so >> is to use the "reportbug" tool in Debian. hmm, upgrading should fix some older errors but in my case i got new ones. i went to 2.1.17 from http://xi.rename-it.nl/debian/ and did my changes to source debs and compiled my packages. At the moment i update from 2.1.7 to 2.1.17 my userdb-settings in mysql-db are not working any more. passdb and userdb directives are like this: passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } userdb { driver = prefetch } namespace is this: namespace inbox { inbox = yes } PasswordQuery with prefetching userdb is this: password_query = SELECT `inbox` as `user`, `password`, `home` as userdb_home, `uid` AS userdb_uid, `gid` AS userdb_gid, `userdb_import` AS userdb_userdb_import FROM `mail_users` WHERE `login` = '%u' AND `active`='Y' I tested also without prefetching -> same result. In mysql in field userdb_import i have my TAB-separated XLIST Settings: namespace/inbox/mailbox=Sent namespace/inbox/mailbox/Sent/name=Sent namespace/inbox/mailbox/Sent/auto=subscribe namespace/inbox/mailbox/Sent/special_use=\Sent namespace/inbox/mailbox=Drafts namespace/inbox/mailbox/Drafts/name=Drafts namespace/inbox/mailbox/Drafts/auto=subscribe namespace/inbox/mailbox/Drafts/special_use=\Drafts namespace/inbox/mailbox=Trash namespace/inbox/mailbox/Trash/name=Trash namespace/inbox/mailbox/Trash/auto=subscribe namespace/inbox/mailbox/Trash/special_use=\Trash namespace/inbox/mailbox=Spam namespace/inbox/mailbox/Spam/name=Spam namespace/inbox/mailbox/Spam/auto=subscribe namespace/inbox/mailbox/Spam/special_use=\Junk The 2.1.7 correct works: Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox=Drafts Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox=Sent Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox=Spam Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox=Trash Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Drafts/auto=subscribe Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Drafts/name=Entw?rfe Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Drafts/special_use=\Drafts Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Sent/auto=subscribe Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Sent/name=Gesendet Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Sent/special_use=\Sent Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Spam/auto=subscribe Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Spam/name=Spam Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Spam/special_use=\Junk Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Trash/auto=subscribe Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Trash/name=Papierkorb Aug 15 15:26:25 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Trash/special_use=\Trash After upgrading to 2.1.17 the debuglog says: Aug 15 15:24:47 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox=Spam Aug 15 15:24:47 myhostname dovecot: imap: Debug: Unknown userdb setting: plugin/namespace/inbox/mailbox/Drafts/auto=subscribe Aug 15 15:24:47 myhostname dovecot: imap: Debug: Unknown userdb setting: plugin/namespace/inbox/mailbox/Drafts/name=Entw?rfe Aug 15 15:24:47 myhostname dovecot: imap: Debug: Unknown userdb setting: plugin/namespace/inbox/mailbox/Drafts/special_use=\Drafts Aug 15 15:24:47 myhostname dovecot: imap: Debug: Unknown userdb setting: plugin/namespace/inbox/mailbox/Sent/auto=subscribe Aug 15 15:24:47 myhostname dovecot: imap: Debug: Unknown userdb setting: plugin/namespace/inbox/mailbox/Sent/name=Gesendet Aug 15 15:24:47 myhostname dovecot: imap: Debug: Unknown userdb setting: plugin/namespace/inbox/mailbox/Sent/special_use=\Sent Aug 15 15:24:47 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Spam/auto=subscribe Aug 15 15:24:47 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Spam/name=Spam Aug 15 15:24:47 myhostname dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox/Spam/special_use=\Junk Aug 15 15:24:47 myhostname dovecot: imap: Debug: Unknown userdb setting: plugin/namespace/inbox/mailbox/Trash/auto=subscribe Aug 15 15:24:47 myhostname dovecot: imap: Debug: Unknown userdb setting: plugin/namespace/inbox/mailbox/Trash/name=Papierkorb Aug 15 15:24:47 myhostname dovecot: imap: Debug: Unknown userdb setting: plugin/namespace/inbox/mailbox/Trash/special_use=\Trash just as i use more then one setting in userdb_import field, then the most of the setting are not understood. downgrade to 2.1.7 -> it works; upgrade to 2.1.7 with same mysql and same conf and it fails. I can remember that some patches are made from timo to make this userdb work in former versions. (the beginning: http://dovecot.org/list/dovecot/2013-March/089209.html) i cant find any configproblem on my side. Are still some patches needed? The patches i used for 2.1.7 dont fit for 2.1.17 What to do now? Thanks, Hajo From davidv at lamontanita.coop Thu Aug 15 17:36:11 2013 From: davidv at lamontanita.coop (David Varela) Date: Thu, 15 Aug 2013 08:36:11 -0600 Subject: [Dovecot] Nee assistance with migrating/copying a virtual user's maildir to another virtual user Message-ID: Hello, I am trying to move/copy a virtual user's maildir to another virtual user but am running into problems with dsync and doveadm. I'm trying to move the maildir of a user who is no longer with the company to a manager's maildir. For doveadm I am using the command: doveadm move -u scavenaugh at lamontanita.coop jhenning at lamontanita.coop/INBOX/scavenaugh INBOX ALL The error is: doveadm(scavenaugh at lamontanita.coop): Error: user scavenaugh at lamontanita.coop: Auth USER lookup failed /var/log/dovecot.log shows: passdb doesn't support lookups, can't verify user's existence dovecot -n # 2.1.6: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.2-RELEASE i386 ufs auth_cache_ttl = 14 mins auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain gssapi login auth_use_winbind = yes auth_verbose = yes auth_winbind_helper_path = /usr/local/bin/ntlm_auth first_valid_gid = 1001 first_valid_uid = 1001 info_log_path = /var/log/dovecot_info.log last_valid_gid = 1001 last_valid_uid = 1001 log_path = /var/log/dovecot.log mail_debug = yes mail_location = maildir:/usr/data/vmail/%u mail_max_userip_connections = 30 mail_privileged_group = mail passdb { args = /usr/local/etc/dovecot-ldap.conf driver = ldap } plugin { sieve = /usr/data/sieve-scripts/%u.sieve } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { mode = 0600 } user = root } ssl_cert = Hi, I'm new to Dovecot (switching from Cyrus). I'm using Dovecot 2.1.7 from Ubuntu 13.04. Maildir data is stored on a Linux ext4 filesystem with quotas. I would like to use mail quota in a way, so that the usage values are taken from the filesystem's quota system by the "fs" backend, while the per-user limits get read from LDAP. Due to debugging messages, it's my impression that reading the limits from LDAP works quite well when the user process starts, but when IMAP access actually takes place, the fs backend uses the filesystem's soft limits. Can anybody confirm this behavior or is there a way to achieve what I intend? -frank -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From kremels at kreme.com Thu Aug 15 18:28:17 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 15 Aug 2013 09:28:17 -0600 Subject: [Dovecot] dovecot is working, sort of In-Reply-To: <520CAE27.5010203@sterenborg.info> References: <6748FA7A-F2E9-4950-A211-A74F09352800@kreme.com> <520C7FD7.1040308@whyscream.net> <4A4A5457-E436-42A5-B959-9BAF465D324F@kreme.com> <520CAE27.5010203@sterenborg.info> Message-ID: <52C03122-010B-42F0-8369-D098C045FE65@kreme.com> On 15 Aug 2013, at 04:32 , Rob Sterenborg (lists) wrote: > userdb { > driver = static > args = uid=vmail gid=vmail home=/var/mail/virtual/%d/%n > } > > I guess you should be able to adapt this to your SQL config. Him. I did put userdb { driver = static args = uid=vpopmail gid=postfix } into dovecot.conf, but that's made no difference -- MY MOM IS NOT DATING JERRY SIENFELD Bart chalkboard Ep. AABF06 From dago at quantentunnel.de Thu Aug 15 20:23:10 2013 From: dago at quantentunnel.de (dago at quantentunnel.de) Date: Thu, 15 Aug 2013 19:23:10 +0200 (CEST) Subject: [Dovecot] IMAP Proxying and SSL Certificates on OpenBSD Message-ID: Hi list, ? I am currently trying to configure dovecot to act as a imap proxy in front of a Groupwise server. Because of a policy no services of the gw server may be directly served to the web. So currently this is only a security measure. Dovecot was previously used for providing sasl-auth capabilities to postfix. IMAP proxy features should be added now. Authentication backend is LDAP. OS is OpenBSD 5.2. Dovecot version is 2.1.8.? ? Currently I am fighting with the following error in the logs: ? dovecot: master: Dovecot v2.1.8 starting up dovecot: auth: Warning: userdb passwd: Move templates args to override_fields setting dovecot: auth: Error: passwd(username,78.104.X.X,): getpwnam() failed: Operation not permitted dovecot: imap-login: Login: user=, method=PLAIN, rip=78.104.X.X, lip=5.9.X.X, mpid=1765, session= dovecot: imap(username): Error: user username: Initialization failed: Initializing mail storage from mail_location setting failed: imapc: missing imapc_password dovecot: imap(username): Error: Invalid user settings. Refer to server log for more information. ? I hope to also see therein the cause for not providing STARTTLS: ? # openssl s_client -connect mail.example.com:143 -starttls imap CONNECTED(00000003) didn't found STARTTLS in server response, try anyway... 15096:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s23_clnt.c:607: ? As postfix is already using the certificates, they should be okay ?. ? # dovecot -n # 2.1.8: /etc/dovecot/dovecot.conf # OS: OpenBSD 5.2 i386 ? disable_plaintext_auth = no imapc_host = 10.0.0.2 mail_gid = vmail mail_home = /home/vmail/%u mail_location = imapc:~/imapc mail_uid = vmail passdb { ? args = scheme=plain-md5 username_format=%n /etc/dovecot/passwd ? driver = passwd-file } passdb { ? args = /etc/dovecot/dovecot-ldap.conf ? default_fields = userdb_imapc_user=%u userdb_imapc_password=%w ? driver = ldap } protocols = imap service auth { ? unix_listener /var/spool/postfix/private/auth { ? ? group = _postfix ? ? mode = 0660 ? ? user = _postfix ? } ? user = root } service imap-login { ? chroot = login } service pop3-login { ? chroot = login } ssl = no ssl_ca = attempts to login result in: dovecot: imap-login: Login: user=, method=PLAIN, rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=75104, TLS, session= dovecot: imap(lists@*munged*): Error: user lists@*munged*: Couldn't drop privileges: User is missing UID (see mail_uid setting) dovecot: imap(lists@*munged*): Error: Internal error occurred. Refer to server log for more information. Local (shell) user authentication works fine. It looks to me like the authentication is working based on the first line, so I don't think the issue is in the dovecot-sql.conf.ext $ cat dovecot-sql.conf.ext driver = mysql connect = host=localhost dbname=postfix user=dovecot password=dovecot default_pass_scheme = MD5-CRYPT password_query = select password from mailbox where username ='%u' user_query = select maildir from mailbox where username = '%u' # home is set in userdb static, kept for history #user_query = select concat('/usr/local/virtual/', maildir) from mailbox where username = '%u' #user_query = select concat('/usr/local/virtual/', maildir), 'vpopmail' as uid, 'postfix' as gid, from mailbox where username = '%u' #iterate_query = SELECT username AS user FROM users # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE i386 auth_mechanisms = plain login disable_plaintext_auth = no mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox NotJunk { auto = subscribe } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } ssl_cert = References: <5208FC60.2060703@globalchangemusic.org> <6BEFC092-89E7-475A-AD27-82864C99F6A3@iki.fi> Message-ID: <520D1298.2010404@globalchangemusic.org> For some reason, this error has disappeared. Maybe I forgot to restart Dovecot or something after I changed the config. --Asai On 8/12/13 11:56 AM, Timo Sirainen wrote: > On 12.8.2013, at 18.16, Asai wrote: > >> Using Dovecot 2.2.4. In my DSync logs, I'm getting the error message: >> >> Error: sieve-storage: couldn't find storage root directory; sieve_dir was left unconfigured and autodetection failed > What/how/where are you dsyncing? > >> However, I have the following configuration set: >> >> plugin { >> sieve = /vmail/%d/%n/sievescript >> sieve_dir = /vmail/%d/%n/ >> } > Maybe the other side of dsync doesn't have it? > From kremels at kreme.com Thu Aug 15 22:26:26 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 15 Aug 2013 13:26:26 -0600 Subject: [Dovecot] Couldn't drop privileges In-Reply-To: <479C1E34-D7F1-4163-A3B9-A3E7FBC16B31@kreme.com> References: <479C1E34-D7F1-4163-A3B9-A3E7FBC16B31@kreme.com> Message-ID: On 15 Aug 2013, at 11:29 , LuKreme wrote: > attempts to login result in: > > dovecot: imap-login: Login: user=, method=PLAIN, rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=75104, TLS, session= > dovecot: imap(lists@*munged*): Error: user lists@*munged*: Couldn't drop privileges: User is missing UID (see mail_uid setting) > dovecot: imap(lists@*munged*): Error: Internal error occurred. Refer to server log for more information. Turned on the debug and this is what I see: Aug 15 13:16:45 auth-worker(77340): Debug: sql(lists@*munged*,ip.xx.yy.zz): query: select password from mailbox where username ='lists@*munged*' Aug 15 13:16:45 auth: Debug: client passdb out: OK 1 user=lists@*munged* Aug 15 13:16:45 auth: Debug: master in: REQUEST 2891186177 77374 1 a2bde9e07ec4034dff654566596e062f session_pid=77375 Aug 15 13:16:45 auth-worker(77340): Debug: passwd(lists@*munged*,ip.xx.yy.zz): lookup Aug 15 13:16:45 auth-worker(77340): Info: passwd(lists@*munged*,ip.xx.yy.zz): unknown user Aug 15 13:16:45 auth-worker(77340): Debug: sql(lists@*munged*,ip.xx.yy.zz): select maildir from mailbox where username = 'lists@*munged*' Aug 15 13:16:45 auth: Debug: master userdb out: USER 2891186177 lists@*munged* maildir=lists@*munged*/ auth_token=8016448b78ce6682d24f056ad695b2158bac7ee2 Aug 15 13:16:45 imap-login: Info: Login: user=, method=PLAIN, rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=77375, TLS, session=<1hadUAHk7AAXGJaN> Aug 15 13:16:45 imap(lists@*munged*): Error: user lists@*munged*: Couldn't drop privileges: User is missing UID (see mail_uid setting) Aug 15 13:16:45 imap(lists@*munged*): Error: Internal error occurred. Refer to server log for more information. a successful userdb for a local user looks like this: Aug 15 13:16:44 auth: Debug: client passdb out: OK 1 user=kremels Aug 15 13:16:44 auth: Debug: master in: REQUEST 3532521473 77365 1 4ebb0de2b83c3e2603bc3e3ffca59d73 session_pid=77370 Aug 15 13:16:44 auth-worker(77340): Debug: passwd(kremels,ip.xx.yy.zz): lookup Aug 15 13:16:44 auth: Debug: master userdb out: USER 3532521473 kremels system_groups_user=kremels uid=1004 gid=1004 home=/home/kremels auth_token=60c1bb537e93229108f3aeceff78bfad811f5b62 Aug 15 13:16:44 imap-login: Info: Login: user=, method=PLAIN, rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=77370, TLS, session= Aug 15 13:16:44 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=VLKQUAHk6gAXGJaN lip=75.148.117.91 rip=ip.xx.yy.zz lport=993 rport=55018 resp= What is not shown is the full path to the maildir, just the maildir value returned from the sql query. It really really looks like this should be working and like the userdb { driver = static args = uid=vpopmail gid=postfix home=/usr/local/virtual/%u } block is just not having the desired effect. I've been at this for the better part of two days now, and have read hundreds (if not thousands) of web pages. I don't know what I am missing. -- Belief is one of the most powerful organic forces in the multiverse. It may not be able to move mountains, exactly. But it can create someone who can. From kremels at kreme.com Thu Aug 15 22:38:24 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 15 Aug 2013 13:38:24 -0600 Subject: [Dovecot] Couldn't drop privileges In-Reply-To: References: <479C1E34-D7F1-4163-A3B9-A3E7FBC16B31@kreme.com> Message-ID: <30F26F26-F27E-466F-92CE-805883A7914D@kreme.com> On 15 Aug 2013, at 13:26 , LuKreme wrote: > What is not shown is the full path to the maildir, just the maildir value returned from the sql query. It really really looks like this should be working and like the > > userdb { > driver = static > args = uid=vpopmail gid=postfix home=/usr/local/virtual/%u > } > > block is just not having the desired effect. Progress (I know you are all reading this with bated breath in eager anticipation of my next missive). I changed the user_query to select 89 as uid, 125 as gid, concat('/usr/local/virtual/', maildir) from mailbox where username = '%u' and got a new error, which I think reveals the source of the problem: Error: user lists@*munged*: Mail access for users with UID 89 not permitted (see first_valid_uid in config file, uid from userdb lookup). So, I set first_valid_uid = 89 and I get a NEW error. Aug 15 13:34:05 auth: Debug: master userdb out: USER 4078043137 lists@*munged* uid=89 gid=125 concat('/usr/local/virtual/', maildir)=/usr/local/virtual/lists@*munged*/ auth_token=2cb95ca06efdab697854015a93d7c3b0001b417b Aug 15 13:34:05 imap-login: Info: Login: user=, method=PLAIN, rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=77996, TLS, session= Aug 15 13:34:05 imap(lists@*munged*): Error: user lists@*munged*: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Aug 15 13:34:05 imap(lists@*munged*): Error: Invalid user settings. Refer to server log for more information. So, the uid and gid are now correct, the maildir path is correct, and it is STILL not happy. -- Stupid men are often capable of things the clever would not dare to contemplate... --Feet of Clay From gedalya at gedalya.net Thu Aug 15 22:58:27 2013 From: gedalya at gedalya.net (Gedalya) Date: Thu, 15 Aug 2013 15:58:27 -0400 Subject: [Dovecot] Error: dict client sent broken reply In-Reply-To: References: <0b8beb24a830ec79044996616a0e6614.squirrel@www.giz-works.com> Message-ID: <520D32E3.1090109@gedalya.net> On 08/05/2013 01:54 PM, Timo Sirainen wrote: > There are a few fixes in lib-dict since v2.1.12. Also v2.2 has one more fix, which I just added to v2.1 hg. Would be helpful to know if one of those fixes the problem before I spend a lot of time testing this.. Timo, can you provide any hints on how to reproduce this? I just got this error for yesterday's cron job, but not for today. So I'd like to try upgrading to the latest 2.1 hg, but I'm looking for a test procedure. The only line in my log is: dovecot: dict: Error: dict client: COMMIT: Can't commit while iterating From tss at iki.fi Thu Aug 15 23:00:50 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 15 Aug 2013 23:00:50 +0300 Subject: [Dovecot] Error: dict client sent broken reply In-Reply-To: <520D32E3.1090109@gedalya.net> References: <0b8beb24a830ec79044996616a0e6614.squirrel@www.giz-works.com> <520D32E3.1090109@gedalya.net> Message-ID: <7A8B800E-AB9E-4F2D-881C-6AEBF52D06CF@iki.fi> On 15.8.2013, at 22.58, Gedalya wrote: > On 08/05/2013 01:54 PM, Timo Sirainen wrote: >> There are a few fixes in lib-dict since v2.1.12. Also v2.2 has one more fix, which I just added to v2.1 hg. Would be helpful to know if one of those fixes the problem before I spend a lot of time testing this.. > Timo, can you provide any hints on how to reproduce this? I just got this error for yesterday's cron job, but not for today. So I'd like to try upgrading to the latest 2.1 hg, but I'm looking for a test procedure. > The only line in my log is: > dovecot: dict: Error: dict client: COMMIT: Can't commit while iterating That's what I was hoping someone would tell me :) From tss at iki.fi Thu Aug 15 23:02:36 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 15 Aug 2013 23:02:36 +0300 Subject: [Dovecot] Couldn't drop privileges In-Reply-To: <30F26F26-F27E-466F-92CE-805883A7914D@kreme.com> References: <479C1E34-D7F1-4163-A3B9-A3E7FBC16B31@kreme.com> <30F26F26-F27E-466F-92CE-805883A7914D@kreme.com> Message-ID: <78076EC7-F7B4-4429-8FDE-05516A36EE3D@iki.fi> On 15.8.2013, at 22.38, LuKreme wrote: > select 89 as uid, 125 as gid, concat('/usr/local/virtual/', maildir) from mailbox where username = '%u' concat('/usr/local/virtual/', maildir) as home from .. > Aug 15 13:34:05 imap(lists@*munged*): Error: user lists@*munged*: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir From bob at computerisms.ca Thu Aug 15 23:04:38 2013 From: bob at computerisms.ca (Bob Miller) Date: Thu, 15 Aug 2013 13:04:38 -0700 Subject: [Dovecot] lda and home directory Message-ID: <1376597078.2488.915.camel@worklian> Hello, I am using qmail and lda configured such that lda should not have to do a lookup for delivery. I set my defaultdelivery like so: |HOME=/home/mail/$USER /var/qmail/bin/preline -f /usr/local/libexec/dovecot/dovecot-lda Given that the email address being delivered to is bob.miller at computerisms.com, I expect $USER to be equal to bob.miller and $HOME to expand to /home/mail/bob.miller/. The problem is lda reports: Debug:_Home_dir_not_found:_/home/mail/bob.miller at computerisms.com/ The whole system up to here uses only the bob.miller part, and I can't find where it keeps adding the domain part from. I have tried changing all sorts of variables and config values to try and make it quit adding the domain part, but no matter what I change lda still tries to deliver the email address as username. The only measure of success I can report is that in some configurations mail delivers to /home/mail//. Where exactly is dovecot getting this value? Side question: I note in places throughout the wiki and internet variables such as $EXT, $USER, $DEST_USERNAME, and $FROM_ENVELOPE are used. I can find no documentation, beyond my own common sense anyway, to explain how/when these variables are expanded, and what I do find doesn't seem consistent to me. For example, on the CheckPassword page, $USER is implied to expand to Username, which could contain the domain or not. However on the lda/qmail page, the variable shown is $EXT@ $USER, which implies $USER will expand as only the domain part after the @ symbol and $EXT as everything before, yet changing the variable from $USER to $EXT in my defaultdelivery file has $HOME expand to /home/mail//. Where do I find the story on how these variables (as opposed to the % variables) work? (or more specifically, is there a $VAR I can use instead of $USER that will expand to just the part before the @?) -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca From tss at iki.fi Thu Aug 15 23:05:44 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 15 Aug 2013 23:05:44 +0300 Subject: [Dovecot] IMAP Proxying and SSL Certificates on OpenBSD In-Reply-To: References: Message-ID: <3E507A78-775D-46CC-8C76-35D877CBD0DB@iki.fi> On 15.8.2013, at 20.23, dago at quantentunnel.de wrote: > dovecot: imap(username): Error: user username: Initialization failed: Initializing mail storage from mail_location setting failed: imapc: missing imapc_password .. > passdb { > args = /etc/dovecot/dovecot-ldap.conf > default_fields = userdb_imapc_user=%u userdb_imapc_password=%w > driver = ldap > } Here you are setting the userdb_* fields, which work only with userdb prefetch. > userdb { > args = username_format=%n /etc/dovecot/passwd > driver = passwd > } > userdb { > args = /etc/dovecot/dovecot-ldap.conf > driver = ldap > } But you're not using userdb prefetch. From gedalya at gedalya.net Thu Aug 15 23:07:06 2013 From: gedalya at gedalya.net (Gedalya) Date: Thu, 15 Aug 2013 16:07:06 -0400 Subject: [Dovecot] Error: dict client sent broken reply In-Reply-To: <7A8B800E-AB9E-4F2D-881C-6AEBF52D06CF@iki.fi> References: <0b8beb24a830ec79044996616a0e6614.squirrel@www.giz-works.com> <520D32E3.1090109@gedalya.net> <7A8B800E-AB9E-4F2D-881C-6AEBF52D06CF@iki.fi> Message-ID: <520D34EA.2040903@gedalya.net> On 08/15/2013 04:00 PM, Timo Sirainen wrote: > On 15.8.2013, at 22.58, Gedalya wrote: > >> On 08/05/2013 01:54 PM, Timo Sirainen wrote: >>> There are a few fixes in lib-dict since v2.1.12. Also v2.2 has one more fix, which I just added to v2.1 hg. Would be helpful to know if one of those fixes the problem before I spend a lot of time testing this.. >> Timo, can you provide any hints on how to reproduce this? I just got this error for yesterday's cron job, but not for today. So I'd like to try upgrading to the latest 2.1 hg, but I'm looking for a test procedure. >> The only line in my log is: >> dovecot: dict: Error: dict client: COMMIT: Can't commit while iterating > That's what I was hoping someone would tell me :) > OK so I'll just go through the commits and try to figure it out. Let's assume the error will come back sporadically so if it just goes away after upgrading, no other action taken, then we'll kind of have an answer. From rick at havokmon.com Thu Aug 15 23:10:57 2013 From: rick at havokmon.com (Rick Romero) Date: Thu, 15 Aug 2013 15:10:57 -0500 Subject: [Dovecot] lda and home directory In-Reply-To: <1376597078.2488.915.camel@worklian> References: <1376597078.2488.915.camel@worklian> Message-ID: <20130815151057.Horde.bcvzdKZGpKLNVvLa7yiGGw7@beta.vfemail.net> Quoting Bob Miller : > Hello, > > I am using qmail and lda configured such that lda should not have to do > a lookup for delivery.? I set my defaultdelivery like so: > > |HOME=/home/mail/$USER /var/qmail/bin/preline > -f /usr/local/libexec/dovecot/dovecot-lda > > Given that the email address being delivered to is > bob.miller at computerisms.com, I expect $USER to be equal to bob.miller > and $HOME to expand to /home/mail/bob.miller/. > > The problem is lda reports: > > Debug:_Home_dir_not_found:_/home/mail/bob.miller at computerisms.com/ > > The whole system up to here uses only the bob.miller part, and I can't > find where it keeps adding the domain part from. > > I have tried changing all sorts of variables and config values to try > and make it quit adding the domain part, but no matter what I change lda > still tries to deliver the email address as username.? The only measure > of success I can report is that in some configurations mail delivers > to /home/mail//. > > Where exactly is dovecot getting this value? > > Side question: I note in places throughout the wiki and internet > variables such as $EXT, $USER, $DEST_USERNAME, and $FROM_ENVELOPE are > used.? I can find no documentation, beyond my own common sense anyway, > to explain how/when these variables are expanded, and what I do find > doesn't seem consistent to me.? For example, on the CheckPassword page, > $USER is implied to expand to Username, which could contain the domain > or not.? However on the lda/qmail page, the variable shown is $EXT@ > $USER, which implies $USER will expand as only the domain part after the > @ symbol and $EXT as everything before, yet changing the variable from > $USER to $EXT in my defaultdelivery file has $HOME expand > to /home/mail//.? Where do I find the story on how these variables (as > opposed to the % variables) work?? (or more specifically, is there a > $VAR I can use instead of $USER that will expand to just the part before > the @?) > > -- > Computerisms > Bob Miller > 867-334-7117 / 867-633-3760http://computerisms.ca Hi Bob, I had/have the same issue.?? In Dovecot 1.x I was able to use LDA with vpopmail and only environment variables to deliver to a home directory.? I was never able to get it to work with Dovecot 2.x - don't know if using environment variables is depricated, but I ended up having to setup an auth server to use lda with qmail/vpopmail.? :( For your environment variable questions, those come from Qmail.? See: http://www.lifewithqmail.org/lwq.html#environment-variables Rick From kremels at kreme.com Thu Aug 15 23:18:19 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 15 Aug 2013 14:18:19 -0600 Subject: [Dovecot] Couldn't drop privileges In-Reply-To: <30F26F26-F27E-466F-92CE-805883A7914D@kreme.com> References: <479C1E34-D7F1-4163-A3B9-A3E7FBC16B31@kreme.com> <30F26F26-F27E-466F-92CE-805883A7914D@kreme.com> Message-ID: On 15 Aug 2013, at 13:38 , LuKreme wrote: > select 89 as uid, 125 as gid, concat('/usr/local/virtual/', maildir) from mailbox where username = '%u' user_query = select 89 as uid, 125 as gid, '/usr/local/virtual/' as home, concat('/usr/local/virtual/', maildir) from mailbox where username = '%u' and it has stopped complaining. However, when I login to any virtual account, there is no mail shown. Any other debug flags I can turn on? do I have to build home to match maildir? And if so, how? -- If you must choose between two evils, pick the one you've never tried before. From kremels at kreme.com Thu Aug 15 23:28:11 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 15 Aug 2013 14:28:11 -0600 Subject: [Dovecot] Couldn't drop privileges In-Reply-To: References: <479C1E34-D7F1-4163-A3B9-A3E7FBC16B31@kreme.com> <30F26F26-F27E-466F-92CE-805883A7914D@kreme.com> Message-ID: <35AB3414-5295-4526-AA24-8026B5E04A75@kreme.com> On 15 Aug 2013, at 14:18 , LuKreme wrote: > user_query = select 89 as uid, 125 as gid, '/usr/local/virtual/' as home, concat('/usr/local/virtual/', maildir) from mailbox where username = '%u' user_query = select 89 as uid, 125 as gid, concat('/usr/local/virtual/', maildir) as home from mailbox where username = '%u' doesn't complain either (thanks Timo, that makes more sense) but still having issues with blank mailboxes on the virtual users. -- I don't have a solution but I admire the problem. From kremels at kreme.com Thu Aug 15 23:37:27 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 15 Aug 2013 14:37:27 -0600 Subject: [Dovecot] Couldn't drop privileges In-Reply-To: <35AB3414-5295-4526-AA24-8026B5E04A75@kreme.com> References: <479C1E34-D7F1-4163-A3B9-A3E7FBC16B31@kreme.com> <30F26F26-F27E-466F-92CE-805883A7914D@kreme.com> <35AB3414-5295-4526-AA24-8026B5E04A75@kreme.com> Message-ID: <5D9D9219-FC3B-4DC4-BF7B-18AFD0E7E42D@kreme.com> On 15 Aug 2013, at 14:28 , LuKreme wrote: > but still having issues with blank mailboxes on the virtual users. OK, I am having blank mailboxes because dovecot is adding Maildir to the home for the virtual users: Debug: maildir++: root=/usr/local/virtual/lists@*munged*//Maildir, The correct directory should be without the Maildir (and yes, the double slash is there in the log) /home/user/Maildir, otoh, is correct. Should I simply mkdir a Maildir for every user and move everything into it? -- They all have husbands and wives and children and houses and dogs, and you know, they've all made themselves a part of something and they can talk about what they do. What am I gonna say? "I killed the president of Paraguay with a fork. How've you been?" From dago at quantentunnel.de Fri Aug 16 00:43:47 2013 From: dago at quantentunnel.de (dago at quantentunnel.de) Date: Thu, 15 Aug 2013 23:43:47 +0200 (CEST) Subject: [Dovecot] IMAP Proxying and SSL Certificates on OpenBSD In-Reply-To: <3E507A78-775D-46CC-8C76-35D877CBD0DB@iki.fi> References: , <3E507A78-775D-46CC-8C76-35D877CBD0DB@iki.fi> Message-ID: Thank you.. ? Sorry, seem to have missed that ... It's working now. Still any ideas on the SSL thing?? ? STARTLS is not available and dovecot is not listening on 993. There is no info in the logs, even with verbose_ssl ... Certificates are working in postfix ... ? Thanks in advance! ? Best regards ? Gesendet:?Donnerstag, 15. August 2013 um 22:05 Uhr Von:?"Timo Sirainen" An:?"Dovecot Mailing List" Betreff:?Re: [Dovecot] IMAP Proxying and SSL Certificates on OpenBSD On 15.8.2013, at 20.23, dago at quantentunnel.de wrote: > dovecot: imap(username): Error: user username: Initialization failed: Initializing mail storage from mail_location setting failed: imapc: missing imapc_password .. > passdb { > args = /etc/dovecot/dovecot-ldap.conf > default_fields = userdb_imapc_user=%u userdb_imapc_password=%w > driver = ldap > } Here you are setting the userdb_* fields, which work only with userdb prefetch. > userdb { > args = username_format=%n /etc/dovecot/passwd > driver = passwd > } > userdb { > args = /etc/dovecot/dovecot-ldap.conf > driver = ldap > } But you're not using userdb prefetch. ? ? ? From h.reindl at thelounge.net Fri Aug 16 00:51:55 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 15 Aug 2013 23:51:55 +0200 Subject: [Dovecot] IMAP Proxying and SSL Certificates on OpenBSD In-Reply-To: References: , <3E507A78-775D-46CC-8C76-35D877CBD0DB@iki.fi> Message-ID: <520D4D7B.2080203@thelounge.net> Am 15.08.2013 23:43, schrieb dago at quantentunnel.de: > Sorry, seem to have missed that ... It's working now. Still any ideas on the SSL thing? > > STARTLS is not available and dovecot have you configured ssl? > is not listening on 993 has nothiung to do with STARTTLS > There is no info in the logs, even with verbose_ssl ... again: have you configureed it and if why not show how? [root at testserver:~]$ cat /etc/dovecot/dovecot.conf | grep ssl # configure ssl ssl = yes ssl_cert = Certificates are working in postfix ... has *nothing* to do with dovecot -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From kremels at kreme.com Fri Aug 16 01:34:17 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 15 Aug 2013 16:34:17 -0600 Subject: [Dovecot] Couldn't drop privileges In-Reply-To: <5D9D9219-FC3B-4DC4-BF7B-18AFD0E7E42D@kreme.com> References: <479C1E34-D7F1-4163-A3B9-A3E7FBC16B31@kreme.com> <30F26F26-F27E-466F-92CE-805883A7914D@kreme.com> <35AB3414-5295-4526-AA24-8026B5E04A75@kreme.com> <5D9D9219-FC3B-4DC4-BF7B-18AFD0E7E42D@kreme.com> Message-ID: On 15 Aug 2013, at 14:37 , LuKreme wrote: > /home/user/Maildir, otoh, is correct. > > Should I simply mkdir a Maildir for every user and move everything into it? While that works, of course new mail uses the path from the sql database and puts mail into /usr/local/virtual/user at example.com/new -- "Alas, earwax." From matthew.j.hope at gmail.com Fri Aug 16 02:08:57 2013 From: matthew.j.hope at gmail.com (duonut) Date: Thu, 15 Aug 2013 16:08:57 -0700 (PDT) Subject: [Dovecot] dovecot solr position index Message-ID: <1376608137021-43897.post@n4.nabble.com> Hi I am currently running dovecot 2.2.5 and solr 4.4.0 I am using the pre supplied schema.xml with dovecot with a single change f field type from test to text_general to get it running. When I do a multi word search in a mailbox, solr complains that a position index has not been built, throws a 500 error and dovecot reverts back to searching each mail message. Does anyone know what change I need to make to the solr schema to build the position index? -- View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-solr-position-index-tp43897.html Sent from the Dovecot mailing list archive at Nabble.com. From bob at computerisms.ca Fri Aug 16 03:00:06 2013 From: bob at computerisms.ca (Bob Miller) Date: Thu, 15 Aug 2013 17:00:06 -0700 Subject: [Dovecot] lda and home directory In-Reply-To: <20130815151057.Horde.bcvzdKZGpKLNVvLa7yiGGw7@beta.vfemail.net> References: <1376597078.2488.915.camel@worklian> <20130815151057.Horde.bcvzdKZGpKLNVvLa7yiGGw7@beta.vfemail.net> Message-ID: <1376611206.2488.939.camel@worklian> Hi Rick, > I had/have the same issue. In Dovecot 1.x I was able to use LDA with > vpopmail and only environment variables to deliver to a home directory. I > was never able to get it to work with Dovecot 2.x - don't know if using > environment variables is depricated, but I ended up having to setup an auth > server to use lda with qmail/vpopmail. :( My hosting server uses vpopmail and lda, and I don't recall having to do that. If you want to compare configs, let me know. In this case, I authenticate against samba active directory, and a (seemingly) small config change there led me on an epic quest of configuration updates through the whole email system until I got stuck in this lda box that didn't even have a problem in it. sigh. I was doing so well.... But you showed me the outside of the box: > For your environment variable questions, those come from Qmail. See: > http://www.lifewithqmail.org/lwq.html#environment-variables It's stunningly obvious now that you point it out. Soooo obvious, in fact, I probably would have been weeks figuring it out. Thank you so much... change my defaultdelivery to: |HOME=/home/mail/$LOCAL /var/qmail/bin/preline -f /usr/local/libexec/dovecot/dovecot-lda and lda looks for the correct directory again. I guess environment variables are not deprecated, presumably that's good news? From kremels at kreme.com Fri Aug 16 07:53:05 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 15 Aug 2013 22:53:05 -0600 Subject: [Dovecot] Maildirmake equiv? Message-ID: Since I am using dovecot I do not have courier installed, but Courier had a very handy tool for making maildir folders called `maildirmake` which I used in some automated backup scripts. How do I duplicate maildirmake in dovecot? for example: #!/bin/bash # v1.2a Testing for new dovecot install # Archive mail from folders without [0-9]{4} Maildirs # after they are 21 days old to a yearly folder MDIR="$HOME/Maildir" MDM="/usr/local/bin/maildirmake" YEAR=`/usr/local/bin/gdate -d "last month" '+%Y'` echo "The Year is $YEAR..." OIFS=$IFS IFS=" " for I in `find $MDIR -maxdepth 1 -mindepth 1 -type d| egrep -v "[0-9][0-9][0-9][0-9]"`; do MYDIR="${I}" TBASE=`basename $MYDIR` # if [ ! $TBASE == "Maildir" ]; then TDIR=`dirname $MYDIR` TARGET="${TDIR}/.zz${TBASE}.${YEAR}" # echo "$MYDIR $TARGET" if [ -d "$MYDIR/cur" ]; then echo -n "Processing ${MYDIR} => ${TARGET}..." if [ ! -d "${TARGET}" ]; then echo "" echo -n "WARNING ${TARGET} does not exist. invoking $MDM ${TARGET}..." $MDM "${TARGET}" fi if [ -d "${TARGET}" ]; then # echo "$TARGET does exist, moving files" find ${MYDIR}/cur -type f -ctime +21 -exec mv {} ${TARGET}/cur/ \; echo "done." else echo "$TARGET does not exist" fi fi # fi done IFS=$OIFS -- Forever was over. All the sands had fallen. The great race between entropy and energy had been run, and the favourite had been the winner after all. Perhaps he ought to sharpen the blade again? No. Not much point, really. From skdovecot at smail.inf.fh-brs.de Fri Aug 16 09:14:32 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 16 Aug 2013 08:14:32 +0200 (CEST) Subject: [Dovecot] Maildirmake equiv? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 15 Aug 2013, LuKreme wrote: > Since I am using dovecot I do not have courier installed, but Courier > had a very handy tool for making maildir folders called `maildirmake` > which I used in some automated backup scripts. How do I duplicate > maildirmake in dovecot? To replace the inner find, you could look at doveadm move -u savedbefore ... To replace maildirmake -f, look at doveadm mailbox create -u But you seem to create a new Maildir with each invokation of $MDM (no -f option). IMHO it seems to be easier to make a small script, that creates new/cur/tmp and, if not INBOX, touches maildirfolder. Kind regards, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUg3DSV3r2wJMiz2NAQJWqQf6AhVbFjyIT5wMwdT6liGI/5NI1K81c5qM N7p0kfvivCgaDM0is8DiL+eKINsL76Bk07iJfAMiRuNuIb2cAcOgJwNCEIjVtwEN 7bSvX66NmO0Fzjob5SmbBe6LNtMylpEMa7vPdQGeuN+Jm+Btx7btsuAN+wvekJ+2 NwhR+rxt0fm6wT8+jtuUkyg05FzneL5pUEt/+P+KjBdNeJ82tCwD7AFyrWICKajT br6vTS2AA9/jqh9P1dHtYg6ztkaRtqGbX5YKewmaqJQ3eu+NUo1wO0sxaRtaKdfj /hjiOs9KPpmq8iRYiKPMiihOXjoI2wVGI4HuG7j0Wv93kBhCkfFgsg== =TLXx -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Fri Aug 16 09:33:16 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 16 Aug 2013 08:33:16 +0200 (CEST) Subject: [Dovecot] Nee assistance with migrating/copying a virtual user's maildir to another virtual user In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 15 Aug 2013, David Varela wrote: > I am trying to move/copy a virtual user's maildir to another virtual user > but am running into problems with dsync and doveadm. I'm trying to move the > maildir of a user who is no longer with the company to a manager's maildir. > > For doveadm I am using the command: > doveadm move -u scavenaugh at lamontanita.coop > jhenning at lamontanita.coop/INBOX/scavenaugh INBOX ALL > > The error is: > > doveadm(scavenaugh at lamontanita.coop): Error: user > scavenaugh at lamontanita.coop: Auth USER lookup failed > > /var/log/dovecot.log shows: > > passdb doesn't support lookups, can't verify user's existence The user is gone from passdb already, right? Re-create the entry with another password or password-locked. Or, move the directories on filesystem level, e.g. something like: cd user-Maildir-basedirectory rename 's/\A(\.[^.].*)/.usr_XYZ$1/' .[^.]* mkdir -p .usr_XYZ.INBOX/{new,cur,tmp} touch .usr_XYZ.INBOX/maildirfolder chown -R vmail:vmail .usr_XYZ.INBOX mv .usr_XYZ* manage-Maildir-basedirectory .usr_XYZ is a prefix for a mail folder hierarchie identifying the user. vmail:vmail are the necessary Unix owner/group for the newly created directories with mkdir two lines above. The rename command renames all directory entries that start with a single dot to have the prefix, that should be directories only in a Maildir. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUg3HrF3r2wJMiz2NAQL1pQf9GeIEnLfG0zkFXPJ/J2CB/wmGP4m/MCMp BHxkRiLxXNezK4ckeliaLbpOD+NVyABc2n33tW11qav6IWrLTiGm9+A5p8TUOhfJ wMWBNJ0TEjtTM+0EbGJlOhkQ0QFooobfc5Sl30qR02yF+vk+SkBdRpkZK7ulpSPf 0ZtwIFF804NzMaKzZP2/SG77Z6JyW1N/TgaJ8QFtZwPrYymzD3iqtaFgoBAZqpSA g5koZIen0wjHy905Sy+uLseAFj6UIuhVdN8eG18NibaTHRBct3rTeyWAQY8GVZLq pPggEdUqHeTvrua5CzrL70iDbdcr29xezlvkxRueeDrGOApIprN4Mg== =1T6x -----END PGP SIGNATURE----- From lists at sterenborg.info Fri Aug 16 09:39:23 2013 From: lists at sterenborg.info (Rob Sterenborg (lists)) Date: Fri, 16 Aug 2013 08:39:23 +0200 Subject: [Dovecot] Maildirmake equiv? In-Reply-To: References: Message-ID: <520DC91B.2080008@sterenborg.info> On 08/16/2013 06:53 AM, LuKreme wrote: > Since I am using dovecot I do not have courier installed, but Courier had a very handy > tool for making maildir folders called `maildirmake` which I used in some automated > backup scripts. How do I duplicate maildirmake in dovecot? Dovecot can autocreate mailboxes. Is that something you can use? http://wiki2.dovecot.org/MailboxSettings http://dovecot.2317879.n4.nabble.com/dovecot-2-2-Warning-autocreate-plugin-is-deprecated-use-mailbox-auto-setting-instead-td41673.html -- Rob From skdovecot at smail.inf.fh-brs.de Fri Aug 16 09:51:08 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 16 Aug 2013 08:51:08 +0200 (CEST) Subject: [Dovecot] dovecot is working, sort of In-Reply-To: <52C03122-010B-42F0-8369-D098C045FE65@kreme.com> References: <6748FA7A-F2E9-4950-A211-A74F09352800@kreme.com> <520C7FD7.1040308@whyscream.net> <4A4A5457-E436-42A5-B959-9BAF465D324F@kreme.com> <520CAE27.5010203@sterenborg.info> <52C03122-010B-42F0-8369-D098C045FE65@kreme.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 15 Aug 2013, LuKreme wrote: > Him. I did put > userdb { > driver = static > args = uid=vpopmail gid=postfix > } > > into dovecot.conf, but that's made no difference er, what do you want to do? first you write: > userdb { > driver = passwd > } > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } Now you add yet another userdb. If you want to get the user from SQL, the static userdb is never reached, see http://wiki2.dovecot.org/UserDatabase There is default_fields, that should do it, e.g. userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql default_fields = uid=vpopmail gid=postfix } Or extent your SQL user_query to return static values for uid / gid. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUg3L3F3r2wJMiz2NAQKOnQf+P/S4MYExrDRWkODKkKaHQQWf2KNY6HNW rqut1SHF946TUBicOfyEtEeGjPTTq652hPtvtCs7b0mst5zN/M382vpU002CqMp8 tEXfhTwBeXKQsN4zaBLJL+6wN6UHd20pKr7npwuzrjgx0AudE9kMccVoJ6MtCtLE ejbQ9+UJyz4xWsMsMI8Hycef+xhjHAFDG6WqZMLcFZZ2xgWmaTlUKUKTZWSDPmCA wEuKOcjsnxmiUrhtcFWjgOqQwQkd76X9fztoU51PlS47wB7cQsl572wy4d02/wA+ 1c9pmuw0vUXzqe9XXklutixP0uMXFV9VdF6dRgKA/8Uof9hQ5y8Ytg== =fDw5 -----END PGP SIGNATURE----- From pug at felsing.net Fri Aug 16 11:36:18 2013 From: pug at felsing.net (Christian Felsing) Date: Fri, 16 Aug 2013 10:36:18 +0200 Subject: [Dovecot] Problems with openssl library path Message-ID: <520DE482.7010105@felsing.net> Hello, I tried to compile Dovecot 2.2.5 on Debian 6 with an alternate OpenSSL installation located at /usr/local/ssl A compilation with CPPFLAGS="-I/usr/local/ssl/include" \ LDFLAGS="-L/usr/local/ssl/lib -Wl,-rpath=/usr/local/ssl/lib" \ SSL_LIBS="-L/usr/local/ssl/lib -Wl,-rpath=/usr/local/ssl/lib" \ ./configure \ --prefix=/opt/dovecot-2.2.5 \ --enable-asserts \ --enable-largefile \ --with-ldap=yes \ --with-zlib \ --with-bzlib \ --with-libcap \ --with-ssl=openssl \ --with-gc \ --with-storages=maildir,mbox,mdbox,cydir \ create a working Dovecot, but it still uses the very old Debian 6 OpenSSL 0.9.8 instead my OpenSSL 1.0.1e LD_LIBRARY_PATH has also no effect, because Dovecot strips it out. Any hints? regards Christian From hajo.locke at gmx.de Fri Aug 16 12:21:49 2013 From: hajo.locke at gmx.de (Hajo Locke) Date: Fri, 16 Aug 2013 11:21:49 +0200 Subject: [Dovecot] INBOX protected foldername? References: <8546B309-AD20-4DD0-BCFE-8C91DA245240@iki.fi><1AD0A63288F34D69A7A6668CB1AD1B6A@hansadd566750e><0C2A766A-C116-4645-BCE9-9B223C4A24DF@iki.fi> <4E14DCF2765445F2BD5B93669B2ADB4C@ai.local> Message-ID: Hello, >> hmm, upgrading should fix some older errors but in my case i got new >> ones. i found the problem. it is a conf problem. in 2.1.7 it was enough to set the namespace once and set special_use directives later in userdb. now in 2.1.17 you have to set up also the special_use directives in conf and overwrite them with settings from userdb. seems that 2.1.17 is not creating this settings in internal table if they are missing in conf. is this expected? Thanks, Hajo From christian.wiese at securepoint.de Fri Aug 16 12:40:24 2013 From: christian.wiese at securepoint.de (Christian Wiese) Date: Fri, 16 Aug 2013 11:40:24 +0200 Subject: [Dovecot] Problems with openssl library path In-Reply-To: <520DE482.7010105@felsing.net> References: <520DE482.7010105@felsing.net> Message-ID: <20130816114024.5470de31@pccw> Hi, maybe you can try to export some other environment variable. When calling 'configure --help' you will see the supported ones. There are variables called SSL_CFLAGS and SSL_LIBS which override stuff detected by pkg-config. For example try to pass '-L/usr/local/lib' in SSL_LIBS doing something like this: SSL_LIBS='-L/usr/local/lib' ./configure your_options_here Cheers, Chris On Fri, 16 Aug 2013 10:36:18 +0200 Christian Felsing wrote: > Hello, > > I tried to compile Dovecot 2.2.5 on Debian 6 with an alternate OpenSSL > installation located at /usr/local/ssl > > A compilation with > > CPPFLAGS="-I/usr/local/ssl/include" \ > LDFLAGS="-L/usr/local/ssl/lib -Wl,-rpath=/usr/local/ssl/lib" \ > SSL_LIBS="-L/usr/local/ssl/lib -Wl,-rpath=/usr/local/ssl/lib" \ > ./configure \ > --prefix=/opt/dovecot-2.2.5 \ > --enable-asserts \ > --enable-largefile \ > --with-ldap=yes \ > --with-zlib \ > --with-bzlib \ > --with-libcap \ > --with-ssl=openssl \ > --with-gc \ > --with-storages=maildir,mbox,mdbox,cydir \ > > create a working Dovecot, but it still uses the very old Debian 6 > OpenSSL 0.9.8 instead my OpenSSL 1.0.1e > > LD_LIBRARY_PATH has also no effect, because Dovecot strips it out. > > Any hints? > > regards > Christian From CMarcus at Media-Brokers.com Fri Aug 16 13:07:12 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 16 Aug 2013 06:07:12 -0400 Subject: [Dovecot] IMAP Proxying and SSL Certificates on OpenBSD In-Reply-To: References: , <3E507A78-775D-46CC-8C76-35D877CBD0DB@iki.fi> Message-ID: <520DF9D0.3080909@Media-Brokers.com> On 2013-08-15 5:43 PM, dago at quantentunnel.de wrote: > Thank you.. > > Sorry, seem to have missed that ... It's working now. Still any ideas on the SSL thing? > > STARTLS is not available and dovecot is not listening on 993. There is no info in the logs, even with verbose_ssl ... Certificates are working in postfix ... Earlier you posted doveconf -n, wherein: > # dovecot -n > # 2.1.8: /etc/dovecot/dovecot.conf > # OS: OpenBSD 5.2 i386 > > ssl = no So, maybe try enabling it? -- Best regards, */Charles/* From duihi77 at gmail.com Fri Aug 16 14:04:06 2013 From: duihi77 at gmail.com (Duane Hill) Date: Fri, 16 Aug 2013 11:04:06 +0000 Subject: [Dovecot] Maildirmake equiv? In-Reply-To: <520DC91B.2080008@sterenborg.info> References: <520DC91B.2080008@sterenborg.info> Message-ID: <6348382.20130816110406@gmail.com> On Friday, August 16, 2013 at 6:39:23 AM UTC, lists at sterenborg.info confabulated: > On 08/16/2013 06:53 AM, LuKreme wrote: >> Since I am using dovecot I do not have courier installed, but Courier had a very handy >> tool for making maildir folders called `maildirmake` which I used in some automated >> backup scripts. How do I duplicate maildirmake in dovecot? > Dovecot can autocreate mailboxes. Is that something you can use? > http://wiki2.dovecot.org/MailboxSettings Keeping in mind, the mailboxes are created on disk upon first access (i.e. message is transferred to the mailbox via sieve or the mailbox is accessed via IMAP). -- If at first you don't succeed... ...so much for skydiving. From thomas-lists at nybeta.com Fri Aug 16 14:46:00 2013 From: thomas-lists at nybeta.com (Thomas Harold) Date: Fri, 16 Aug 2013 07:46:00 -0400 Subject: [Dovecot] rdiff-backup of Maildir? Message-ID: <520E10F8.1020106@nybeta.com> What's the best way to do long-term backups of the Maildir format these days? Traditionally we've just done a rdiff-backup or pointed Bacula at the Maildir. Both give us the option to reset a particular mailbox back to a previous day (any day within the last N months). Do we just need to snapshot the LVM volume that holds all the Maildir boxes, or is there some additional commands that we should run before doing the LVM snapshot? From AxelLuttgens at swing.be Fri Aug 16 15:55:49 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Fri, 16 Aug 2013 14:55:49 +0200 Subject: [Dovecot] Any way to test a master user's password? Message-ID: Hello, Is there any way to easily check a master user's password, for itself, without having to refer to another user or to weak the security by allowing master users to log in for themselves? For example, this works: # doveadm auth test 'someuser*masteruser' Password: passdb: someuser*masteruser auth succeeded but depends on the existence of another user, and is thus contingent and unnecessarily heavy. TIA, Axel From davidv at lamontanita.coop Fri Aug 16 16:12:57 2013 From: davidv at lamontanita.coop (David Varela) Date: Fri, 16 Aug 2013 07:12:57 -0600 Subject: [Dovecot] Nee assistance with migrating/copying a virtual user's maildir to another virtual user In-Reply-To: References: Message-ID: Thanks Steffan, I will test the move at the filesystem level. The virtual user still exists, although I have changed her password. Dovecot is configured to authenticate users via LDAP to Active Directory. If there's a better method of moving maildir via Dovecot rather than through the filesystem I would like to do so. Thanks, David -----Original Message----- From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] Sent: Friday, August 16, 2013 12:33 AM To: David Varela Cc: 'Dovecot Mailing List' Subject: Re: [Dovecot] Nee assistance with migrating/copying a virtual user's maildir to another virtual user -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 15 Aug 2013, David Varela wrote: > I am trying to move/copy a virtual user's maildir to another virtual > user but am running into problems with dsync and doveadm. I'm trying > to move the maildir of a user who is no longer with the company to a manager's maildir. > > For doveadm I am using the command: > doveadm move -u scavenaugh at lamontanita.coop > jhenning at lamontanita.coop/INBOX/scavenaugh INBOX ALL > > The error is: > > doveadm(scavenaugh at lamontanita.coop): Error: user > scavenaugh at lamontanita.coop: Auth USER lookup failed > > /var/log/dovecot.log shows: > > passdb doesn't support lookups, can't verify user's existence The user is gone from passdb already, right? Re-create the entry with another password or password-locked. Or, move the directories on filesystem level, e.g. something like: cd user-Maildir-basedirectory rename 's/\A(\.[^.].*)/.usr_XYZ$1/' .[^.]* mkdir -p .usr_XYZ.INBOX/{new,cur,tmp} touch .usr_XYZ.INBOX/maildirfolder chown -R vmail:vmail .usr_XYZ.INBOX mv .usr_XYZ* manage-Maildir-basedirectory .usr_XYZ is a prefix for a mail folder hierarchie identifying the user. vmail:vmail are the necessary Unix owner/group for the newly created directories with mkdir two lines above. The rename command renames all directory entries that start with a single dot to have the prefix, that should be directories only in a Maildir. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUg3HrF3r2wJMiz2NAQL1pQf9GeIEnLfG0zkFXPJ/J2CB/wmGP4m/MCMp BHxkRiLxXNezK4ckeliaLbpOD+NVyABc2n33tW11qav6IWrLTiGm9+A5p8TUOhfJ wMWBNJ0TEjtTM+0EbGJlOhkQ0QFooobfc5Sl30qR02yF+vk+SkBdRpkZK7ulpSPf 0ZtwIFF804NzMaKzZP2/SG77Z6JyW1N/TgaJ8QFtZwPrYymzD3iqtaFgoBAZqpSA g5koZIen0wjHy905Sy+uLseAFj6UIuhVdN8eG18NibaTHRBct3rTeyWAQY8GVZLq pPggEdUqHeTvrua5CzrL70iDbdcr29xezlvkxRueeDrGOApIprN4Mg== =1T6x -----END PGP SIGNATURE----- From gb10hkzo-dovecot at yahoo.co.uk Fri Aug 16 17:01:39 2013 From: gb10hkzo-dovecot at yahoo.co.uk (Nigel Smith) Date: Fri, 16 Aug 2013 15:01:39 +0100 (BST) Subject: [Dovecot] Any way to test a master user's password? In-Reply-To: References: Message-ID: <1376661699.24972.YahooMailNeo@web28906.mail.ir2.yahoo.com> Google the terms "Dictionary Attack" and "Rainbow Table" ?perhaps ? ?;-) ________________________________ From: Axel Luttgens To: Dovecot Mailing List Sent: Friday, 16 August 2013, 13:55 Subject: [Dovecot] Any way to test a master user's password? Hello, Is there any way to easily check a master user's password, for itself, without having to refer to another user or to weak the security by allowing master users to log in for themselves? For example, this works: ??? # doveadm auth test 'someuser*masteruser' ??? Password: ??? passdb: someuser*masteruser auth succeeded but depends on the existence of another user, and is thus contingent and unnecessarily heavy. TIA, Axel From zatloukal at eset.sk Fri Aug 16 10:21:58 2013 From: zatloukal at eset.sk (Michal Zatloukal) Date: Fri, 16 Aug 2013 07:21:58 +0000 Subject: [Dovecot] Using dovecot in performance tests? Message-ID: Hello, please Cc me into replies, I'm not subscribed. My job as of late involves testing the performance of software that functions as IMAP/POP proxy. I have an account set up where a known collection of emails is delivered from postfix, and is then dowloaded by MUA on the test machine. The thing is, sending the emails (from a separate machine on LAN) actually takes more time than the download by MUA and is (probably?) an unnecessary load on the system that I could avoid. Ideally, I would like dovecot to treat all messages in a user's mail store as always-new, ie. they would be downloaded whenever the user connected (MUA settings and state permitting). Is something like that possible? Michal Zatloukal From j.kenyon at icloud.com Fri Aug 16 15:42:32 2013 From: j.kenyon at icloud.com (Jonathan Kenyon) Date: Fri, 16 Aug 2013 13:42:32 +0100 Subject: [Dovecot] OS X Message-ID: Hi I have updated a 10.6.8 to 10.8.4 and it transferred the dovecot mail. All except one sent folder. This folder was a sent mail box and the CUR folder is in the correct place and i have deleted the index files but it still is not showing up in a mail app. Can someone suggest a way to re catalogue it. many thanks jonny From kremels at kreme.com Fri Aug 16 21:15:23 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 16 Aug 2013 12:15:23 -0600 Subject: [Dovecot] Maildirmake equiv? In-Reply-To: References: Message-ID: <3C4EE285-4F4E-4F24-A688-5D13EFD4B882@kreme.com> On 16 Aug 2013, at 00:14 , Steffen Kaiser wrote: > To replace the inner find, you could look at > doveadm move -u savedbefore ... > > To replace maildirmake -f, look at > doveadm mailbox create -u Thanks. If the script is running as the user, does doveadm still need the -u flag? > But you seem to create a new Maildir with each invokation of $MDM (no -f option). IMHO it seems to be easier to make a small script, that creates new/cur/tmp and, if not INBOX, touches maildirfolder. MDM is only invoked if the target folder doesn't exist. For example, for this list the current target folder is .zz.dovecot.2013. Next year, it will change to .zz.dovecot.2014 (the .zz is because iOS mail does't support unsubscribing from mailboxes and doesn't let you collapse folders, so the zz puts these archive folders way at the end.) -- I've got a sonic screwdriver! Yeah? I've got a chair! ... Chairs *are* useful. From kremels at kreme.com Fri Aug 16 21:16:35 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 16 Aug 2013 12:16:35 -0600 Subject: [Dovecot] Maildirmake equiv? In-Reply-To: <6348382.20130816110406@gmail.com> References: <520DC91B.2080008@sterenborg.info> <6348382.20130816110406@gmail.com> Message-ID: On 16 Aug 2013, at 05:04 , Duane Hill wrote: > On Friday, August 16, 2013 at 6:39:23 AM UTC, lists at sterenborg.info confabulated: > >> On 08/16/2013 06:53 AM, LuKreme wrote: >>> Since I am using dovecot I do not have courier installed, but Courier had a very handy >>> tool for making maildir folders called `maildirmake` which I used in some automated >>> backup scripts. How do I duplicate maildirmake in dovecot? > >> Dovecot can autocreate mailboxes. Is that something you can use? > >> http://wiki2.dovecot.org/MailboxSettings I don't think so. > Keeping in mind, the mailboxes are created on disk upon first access > (i.e. message is transferred to the mailbox via sieve or the mailbox > is accessed via IMAP). And that's why. I might be able to use sieve sometime in the future once I figure out what it can do, but right now I have a script that works and simply want to modify it for dovecot. -- Of course, there were various groups seeking his overthrow, and this was right and proper and the sign of a vigorous and healthy society. No-one could call him unreasonable about the matter. Why, hadn't he founded most of them himself? And what was so beautiful was the way they spent nearly all their time bickering with one another. Human nature, the Patrician always said, was a marvelous thing. Once you understood where its levers were. --Guards! Guards! From tlx at leuxner.net Fri Aug 16 21:47:30 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Fri, 16 Aug 2013 20:47:30 +0200 Subject: [Dovecot] Maildirmake equiv? In-Reply-To: <3C4EE285-4F4E-4F24-A688-5D13EFD4B882@kreme.com> References: <3C4EE285-4F4E-4F24-A688-5D13EFD4B882@kreme.com> Message-ID: <20130816184730.GA28551@nihlus.leuxner.net> * LuKreme 2013.08.16 20:15: > MDM is only invoked if the target folder doesn't exist. For example, for this list the current target folder is .zz.dovecot.2013. Next year, it will change to .zz.dovecot.2014 > > (the .zz is because iOS mail does't support unsubscribing from mailboxes and doesn't let you collapse folders, so the zz puts these archive folders way at the end.) Here's a script I wrote to archive old mail using doveadm. It should be simple enough to tweak it to your needs. Basically you call it with a mailbox name and it will archive all mails before a certain date. Source and Destination Path are in the script code: dovearchive.sh: #!/bin/bash # Archive old posts before certain date to 'Public/Archive/Mailbox/Year' # Set basic parameters accordingly: # archive=2011, before_date=$year-mm-dd # source_mailbox_base=Public/Newsletters # dest_mailbox_base=Public/Archive/Newsletters # Actual Mailbox is read from command line set -e archive=2012 let year=$archive+1 before_date=$year-01-01 mailbox_owner=tlx at leuxner.net source_mailbox_base='Public/Newsletters' dest_mailbox_base='Public/Archive/Newsletters' #acl_admin_group=owner acl_admin_group='group=PublicMailboxAdmins' acl_unlock_seq="$acl_admin_group delete expunge insert lookup post read write write-seen write-deleted" acl_lock_seq="$acl_admin_group insert lookup post read write write-seen" acl_lock_archive="$acl_admin_group insert lookup read write write-seen" msg_formatted() { echo "$(date "+%b %d %H:%M:%S") $*" } if [ $# -eq 0 ]; then echo "usage: $0 mailbox" >&2 exit 1 fi # Mailbox exists? doveadm acl get -u $mailbox_owner "$source_mailbox_base/$1" || { echo 'Mailbox not found.'; exit 1; } # Create New Archive Mailbox doveadm mailbox create -u $mailbox_owner "$dest_mailbox_base/$1/$archive" # Modify ACL, expunge mail and revert ACL msg_formatted "[>] Archiving \"$dest_mailbox_base/$1/$archive\"" doveadm acl set -u $mailbox_owner "$source_mailbox_base/$1" $acl_unlock_seq doveadm move -u $mailbox_owner "$dest_mailbox_base/$1/$archive" mailbox "$source_mailbox_base/$1" before $before_date doveadm acl set -u $mailbox_owner "$source_mailbox_base/$1" $acl_lock_seq doveadm acl set -u $mailbox_owner "$dest_mailbox_base/$1/$archive" $acl_lock_archive msg_formatted '[ Complete ]' -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From kremels at kreme.com Sat Aug 17 02:09:07 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 16 Aug 2013 17:09:07 -0600 Subject: [Dovecot] Disagreement on where mail goes. Message-ID: <24D34A78-D0C9-49E3-BC1E-B954B6D5D8EE@kreme.com> My virtual users have their mail stored in /usr/local/virtual/user at example.com/ dovecot wants to read the mail from /usr/local/virtual/user at example.com/Maildir which is causing problems since all new mail is being written in /usr/local/virtual/user at example.com/new and dovecot is looking in /usr/local/virtual/user at example.com/Maildir/new For the local users, /home/user/Maildir is the right directory. for right now I've had to kludge a script that moves mail from /usr/local/virtual/user at example.com/new to /usr/local/virtual/user at example.com/Maildir/new every two minutes. -- First we must assume a spherical cow. From kremels at kreme.com Sat Aug 17 02:14:49 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 16 Aug 2013 17:14:49 -0600 Subject: [Dovecot] dovecot is working, sort of In-Reply-To: References: <6748FA7A-F2E9-4950-A211-A74F09352800@kreme.com> <520C7FD7.1040308@whyscream.net> <4A4A5457-E436-42A5-B959-9BAF465D324F@kreme.com> <520CAE27.5010203@sterenborg.info> <52C03122-010B-42F0-8369-D098C045FE65@kreme.com> Message-ID: On 16 Aug 2013, at 00:51 , Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 15 Aug 2013, LuKreme wrote: > >> Him. I did put > >> userdb { >> driver = static >> args = uid=vpopmail gid=postfix >> } >> >> into dovecot.conf, but that's made no difference > > er, what do you want to do? first you write: > >> userdb { >> driver = passwd >> } >> userdb { >> args = /etc/dovecot/dovecot-sql.conf.ext >> driver = sql >> } > > Now you add yet another userdb. If you want to get the user from SQL, the static userdb is never reached, see http://wiki2.dovecot.org/UserDatabase I have two kinds of accounts on the machine, local (shell) accounts in /home/ and virtual (MySQL) accounts in /usr/local/virtual. I tried to add the hid/gid args in the sql block, but the syntax was incorrect. > There is default_fields, that should do it, e.g. > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > default_fields = uid=vpopmail gid=postfix > } I did not see anything about default_fields, so that is news to me. It seems better, structurally, to do this wo when I next gt int there to fix stuff, I will probably do that instead of... > Or extent your SQL user_query to return static values for uid / gid. That is what I did, though I still have a problem with it all (see "Disagreement on where mail goes." thread). -- 'What ho, b'zugda-hiara.' (Footnote: A killing insult in Dwarfish. It means 'Lawn ornament'.) --Wyrd Sisters From kremels at kreme.com Sat Aug 17 02:15:31 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 16 Aug 2013 17:15:31 -0600 Subject: [Dovecot] OS X In-Reply-To: References: Message-ID: <660F139B-0592-4CB2-8B7B-7F1B36108E34@kreme.com> On 16 Aug 2013, at 06:42 , Jonathan Kenyon wrote: > Hi I have updated a 10.6.8 to 10.8.4 and it transferred the dovecot mail. All except one sent folder. This folder was a sent mail box and the CUR folder is in the correct place and i have deleted the index files but it still is not showing up in a mail app. Can someone suggest a way to re catalogue it. Did you verify the permissions? I fate folder is not shown, that's the most likely cause. -- 'It's vital to remember who you really are. It's very important. It isn't a good idea to rely on other people or things to do it for you, you see. They always get it wrong.' --Sourcery From benfell at parts-unknown.org Sat Aug 17 02:44:07 2013 From: benfell at parts-unknown.org (David Benfell) Date: Fri, 16 Aug 2013 16:44:07 -0700 Subject: [Dovecot] Maildirmake equiv? In-Reply-To: References: Message-ID: <520EB947.9040909@parts-unknown.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/15/2013 11:14 PM, Steffen Kaiser wrote: > On Thu, 15 Aug 2013, LuKreme wrote: > >> Since I am using dovecot I do not have courier installed, but >> Courier had a very handy tool for making maildir folders called >> `maildirmake` which I used in some automated backup scripts. How >> do I duplicate maildirmake in dovecot? > > To replace the inner find, you could look at doveadm move -u > savedbefore ... > > To replace maildirmake -f, look at doveadm mailbox create -u > > > But you seem to create a new Maildir with each invokation of $MDM > (no -f option). IMHO it seems to be easier to make a small script, > that creates new/cur/tmp and, if not INBOX, touches maildirfolder. > > Kind regards, > > -- Steffen Kaiser The generic formula for creating Maildirs is: mkdir ${path}/${name}/tmp mkdir ${path}/${name}/cur mkdir ${path}/${name}/new Where ${path} is the path to the parent folder and ${name} is the name of the Maildir. That's really all there is to it. - -- David Benfell / benfell at parts-unknown.org Please see https://parts-unknown.org/node/2 for GnuPG information (or the attachment you don't understand) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSDrlHAAoJEKrN0Ha7pkCOthMP/1PyGW9Kidyzoc7bTbLunF19 ZRQeRcGj42w1BXP1NI3+yx52hlhC6OxOuhZiBa3OfzK67I1Ww4lLa2Q4MMbC7M+O 8xS2VKgRTzAD61IY0hlnInPV/+gn6AYWnRIPiH87Q7ru6r9+XudS/6cKpnybqK2i rDAr2v/crFEz772QIJ0WVycNMABOfDi+9QyHQDii6Rnhvwq1rR21A3ZkJFdN5hK+ ZOVgin8UK0Zx3y9nLE8tmdChp3NU6v1IcX2XdqnaQKvGIKoTP34dsKd2c5Cjt0fI npKncTdkwmZFSbovHssn9LGfsEiDBbES5gXMxfpYTtDmCoGhQtT62rll8nBH+l8f H2G6MFZzyRxVALO9TksKztyCOMBDohABK8+nXrJQuqV+W8+MgBN77wB56NsQQRoo ajH9OKJfbHGmCXyMinKHFMD0VMOICHYummWO5mPQIeE/YMk/+3GyjQ9iblnGu7Ma mU1k5hvh79vYB0eUEiGx4fcHB8BsC38H+DCI9eN8oLMz9W6cds3hgxiTNiIyXuFF 7WmSMrZjO2ozlXr581uQVIp7YEGBf9kJglzil9lIRlyYKEAthlQ8JH8BBUmICvz7 XB3Za+Cmaby9/binwqIdBget8MMu/wsFBtSTA6JuB2a/kYCn7P3S+jVj+xzbbh4f gpDhHczhIWFA0OS8AkLP =jIft -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: benfell.vcf Type: text/x-vcard Size: 174 bytes Desc: not available URL: From bob at computerisms.ca Sat Aug 17 02:55:58 2013 From: bob at computerisms.ca (Bob Miller) Date: Fri, 16 Aug 2013 16:55:58 -0700 Subject: [Dovecot] Disagreement on where mail goes. In-Reply-To: <24D34A78-D0C9-49E3-BC1E-B954B6D5D8EE@kreme.com> References: <24D34A78-D0C9-49E3-BC1E-B954B6D5D8EE@kreme.com> Message-ID: <1376697358.2488.972.camel@worklian> One guess: your mail_location is misconfigured. something like: mail_location = maildir:/usr/local/%u/Maildir might fix it up... -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Fri, 2013-08-16 at 17:09 -0600, LuKreme wrote: > My virtual users have their mail stored in /usr/local/virtual/user at example.com/ > > dovecot wants to read the mail from /usr/local/virtual/user at example.com/Maildir which is causing problems since all new mail is being written in /usr/local/virtual/user at example.com/new and dovecot is looking in /usr/local/virtual/user at example.com/Maildir/new > > For the local users, /home/user/Maildir is the right directory. > > for right now I've had to kludge a script that moves mail from /usr/local/virtual/user at example.com/new to /usr/local/virtual/user at example.com/Maildir/new every two minutes. > From kremels at kreme.com Sat Aug 17 07:30:55 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 16 Aug 2013 22:30:55 -0600 Subject: [Dovecot] MailLocation Message-ID: <4BA6C772-9FA7-4C2D-A456-EC05A680F3F0@kreme.com> In reading http://wiki2.dovecot.org/MailLocation it is not clear to me the syntax for setting mail_location inside a userdb block. -- From dovecot at vosslamber.nl Sat Aug 17 10:39:56 2013 From: dovecot at vosslamber.nl (Luuk@dovecot) Date: Sat, 17 Aug 2013 09:39:56 +0200 Subject: [Dovecot] MailLocation In-Reply-To: <4BA6C772-9FA7-4C2D-A456-EC05A680F3F0@kreme.com> References: <4BA6C772-9FA7-4C2D-A456-EC05A680F3F0@kreme.com> Message-ID: <520F28CC.1050805@vosslamber.nl> On 17-08-2013 06:30, LuKreme wrote: > In reading http://wiki2.dovecot.org/MailLocation it is not clear to me the syntax for setting mail_location inside a userdb block. > > Read this page too, if it's still unclear than: Show what you have in your setting so far, i'm sure someone will give a correction (if it's clear you want your setting to do) From kremels at kreme.com Sat Aug 17 12:08:08 2013 From: kremels at kreme.com (LuKreme) Date: Sat, 17 Aug 2013 03:08:08 -0600 Subject: [Dovecot] MailLocation In-Reply-To: <520F28CC.1050805@vosslamber.nl> References: <4BA6C772-9FA7-4C2D-A456-EC05A680F3F0@kreme.com> <520F28CC.1050805@vosslamber.nl> Message-ID: <11052785-93D8-4A44-B298-4033DA39AAE9@kreme.com> > On Aug 17, 2013, at 1:39, "Luuk at dovecot" wrote: > >> On 17-08-2013 06:30, LuKreme wrote: >> In reading http://wiki2.dovecot.org/MailLocation it is not clear to me the syntax for setting mail_location inside a userdb block. > > Read this page too, if it's still unclear than: > Show what you have in your setting so far, i'm sure someone will give a correction (if it's clear you want your setting to do) Read what page too? From dovecot at vosslamber.nl Sat Aug 17 12:16:27 2013 From: dovecot at vosslamber.nl (Luuk@dovecot) Date: Sat, 17 Aug 2013 11:16:27 +0200 Subject: [Dovecot] MailLocation In-Reply-To: <11052785-93D8-4A44-B298-4033DA39AAE9@kreme.com> References: <4BA6C772-9FA7-4C2D-A456-EC05A680F3F0@kreme.com> <520F28CC.1050805@vosslamber.nl> <11052785-93D8-4A44-B298-4033DA39AAE9@kreme.com> Message-ID: <520F3F6B.8010604@vosslamber.nl> On 17-08-2013 11:08, LuKreme wrote: > >> On Aug 17, 2013, at 1:39, "Luuk at dovecot" wrote: >> >>> On 17-08-2013 06:30, LuKreme wrote: >>> In reading http://wiki2.dovecot.org/MailLocation it is not clear to me the syntax for setting mail_location inside a userdb block. >> >> Read this page too, if it's still unclear than: >> Show what you have in your setting so far, i'm sure someone will give a correction (if it's clear you want your setting to do) > > Read what page too? > Oops, where did the link to this page go? ;) http://wiki2.dovecot.org/UserDatabase From h.reindl at thelounge.net Sat Aug 17 15:42:55 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 17 Aug 2013 14:42:55 +0200 Subject: [Dovecot] Proxy: %$ should contain username Message-ID: <520F6FCF.3040002@thelounge.net> for nomal operations * login_log_format_elements = %r %m %k * login_log_format = %$: %s would be perfect because "proxy(h.reindl at thelounge.net)" contains the username *but* in case of auth errors "Disconnected (auth failed, 1 attempts in 2 secs)" does not show the username - hence currently there exists no way to avoid username double-logging in normal operations without render the log unusebale in case auf dictionary attacks / authentication failers another option would be make %$ obsolete because i do not need to see "proxy(h.reindl at thelounge.net): started proxying to 127.0.0.1:143" because i know that *but* in case of auth errors "%s" doe snot contain any hint of a error and would show "user=, 10.0.0.241, CRAM-MD5, TLS" even with a wrong password and nothing else that is not really optimal, in case of "tail -f" someone does not want redundant informations leading to linebreaks as well it wastes disk space Aug 17 13:17:04 mail dovecot: imap-login: proxy(h.reindl at thelounge.net): started proxying to 127.0.0.1:143: user=, 10.0.0.241, CRAM-MD5, TLS ____________________________________________________________________________________________________________ login_log_format_elements = %r %m %k login_log_format = %$: %s Aug 17 14:31:25 testserver dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): 84.113.45.81, PLAIN ____________________________________________________________________________________________________________ login_log_format_elements = user=<%u> %r %m %c login_log_format = %$: %s Aug 17 14:29:05 mail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 0 secs): user=, 10.0.0.6, PLAIN ____________________________________________________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From kremels at kreme.com Sat Aug 17 20:50:48 2013 From: kremels at kreme.com (LuKreme) Date: Sat, 17 Aug 2013 11:50:48 -0600 Subject: [Dovecot] Disagreement on where mail goes. In-Reply-To: <1376697358.2488.972.camel@worklian> References: <24D34A78-D0C9-49E3-BC1E-B954B6D5D8EE@kreme.com> <1376697358.2488.972.camel@worklian> Message-ID: <5FCB458A-3693-441C-8188-39F2B3502F62@kreme.com> On 16 Aug 2013, at 17:55 , Bob Miller wrote: > One guess: your mail_location is misconfigured. > > something like: > > mail_location = maildir:/usr/local/%u/Maildir First, that isn't the right location. I moved the mail folders into maildir because dovecot didn?t see the mail otherwise. It shouls be /usr/local/%u But *only* for the sql users. I though mail_location would set it globally for all users. -- To read makes our speaking English good. From kremels at kreme.com Mon Aug 19 02:53:03 2013 From: kremels at kreme.com (LuKreme) Date: Sun, 18 Aug 2013 17:53:03 -0600 Subject: [Dovecot] Using procmail to mark messages as read in dovecot Message-ID: So, I use procmail extensively, and I have for a long time, but marking messages as 'read' in a Maildir has always been a little wonky: TRAP='mv "$LASTFOLDER" "${LASTFOLDER}:2,S"' Since I've switched to dovecot, is there a way to mark a message on delivery as read or not new or seen? -- Clarke's Law: Sufficiently advanced technology is indistinguishable from magic From kremels at kreme.com Mon Aug 19 03:24:10 2013 From: kremels at kreme.com (LuKreme) Date: Sun, 18 Aug 2013 18:24:10 -0600 Subject: [Dovecot] Maildirmake equiv? In-Reply-To: <520EB947.9040909@parts-unknown.org> References: <520EB947.9040909@parts-unknown.org> Message-ID: On 16 Aug 2013, at 17:44 , David Benfell wrote: > mkdir ${path}/${name}/tmp > mkdir ${path}/${name}/cur > mkdir ${path}/${name}/new > > Where ${path} is the path to the parent folder and ${name} is the name > of the Maildir. > > That's really all there is to it. $ cat ~/bin/maildirmake #!/bin/bash mkdir -p $1/{new,cur,tmp} $ ~/maildirmake .test && ls -lsR .test total 24 8 drwxr-xr-x 2 kremels kremels 512 Aug 18 18:23 cur 8 drwxr-xr-x 2 kremels kremels 512 Aug 18 18:23 new 8 drwxr-xr-x 2 kremels kremels 512 Aug 18 18:23 tmp .test/cur: total 0 .test/new: total 0 .test/tmp: total 0 Yep. seems to work fine. I think courier had a special command because it creates some extra files and a directory inside the maildir for its indexing. -- Why can't you be in a good mood? How hard is it to decide to be in a good mood and be in a good mood once in a while?" From me at junc.eu Mon Aug 19 04:46:10 2013 From: me at junc.eu (Benny Pedersen) Date: Mon, 19 Aug 2013 03:46:10 +0200 Subject: [Dovecot] Using procmail to mark messages as read in dovecot In-Reply-To: References: Message-ID: LuKreme skrev den 2013-08-19 01:53: > Since I've switched to dovecot, is there a way to mark a message on > delivery as read or not new or seen? http://www.emaildiscussions.com/showthread.php?t=43128 it just require sieve From benfell at parts-unknown.org Mon Aug 19 07:20:07 2013 From: benfell at parts-unknown.org (David Benfell) Date: Sun, 18 Aug 2013 21:20:07 -0700 Subject: [Dovecot] Using procmail to mark messages as read in dovecot In-Reply-To: References: Message-ID: <52119CF7.9060700@parts-unknown.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/18/2013 04:53 PM, LuKreme wrote: > So, I use procmail extensively, and I have for a long time, but > marking messages as 'read' in a Maildir has always been a little > wonky: > > TRAP='mv "$LASTFOLDER" "${LASTFOLDER}:2,S"' > > Since I've switched to dovecot, is there a way to mark a message on > delivery as read or not new or seen? > Perhaps I misinterpret your command above. But it isn't the folder you want to rename, but the file containing the message itself. - -- David Benfell / benfell at parts-unknown.org Please see https://parts-unknown.org/node/2 for GnuPG information (or the attachment you don't understand) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSEZz3AAoJEKrN0Ha7pkCOH+YQAIjpwbl80iBmsDG8txuF2pV2 A3JgYIUJOhVRR5Zp5jGD2LFWqLsOJBfaD14DMP190laC9RODGzmKzG2V58VzgRHR vZKfOONXErz79NeUzP8H8yboZg3KMvR8COBzwxxd0rEYL1XQ+hbBYFTCtjrtQP8j f3yR5b/07aiaD+qlIY/BVL/9OBjOjLy4QIvz+S+5wl7nMixDOLKJSFqC7JwWPJbS L/FXib58JYy/BRw2DwphTw6yaJDdIOFDszg1vwpj3axsiQceuA2NKY/XLhQ45iDX FLSlyH37TlUR6PbcoWGA4+5PBEhIPYJz84/d7j07Nk+PZDmG8eBzSKF6q/QVIqVm duWLQEIyPtYWmloD8uhQ2xZlH4Zkoec/XnW8dSZIBoeEg1dAgHJfzfQ67Yq7MXRQ bKx4CxIKCaE0Oh0OPD8XVrvE/OryKdQPt6vPTs/Dhk3HPuuUXsGWE0Ca3BbZR1dK 8Q0b3DgunsoNXbDqwpMIbaykOM93lR3WiAtgr1rTiqa7rpc/d77AX9TUOi+jQR44 HiM2Y/VrWuhwEI2ayhwmAgF6PIblZQbp3O4WdjHdJ/9mK4CCh0YOLNbev8CSlL70 038evfFopQ3LFRLNcGPMwCOrifztjfmEBXAl4YANi/BMoq5DaMe7UbdFelKBN+xO gjuyPKoo0BNi8ujwI7wW =vNBz -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: benfell.vcf Type: text/x-vcard Size: 174 bytes Desc: not available URL: From skdovecot at smail.inf.fh-brs.de Mon Aug 19 09:42:47 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 19 Aug 2013 08:42:47 +0200 (CEST) Subject: [Dovecot] Disagreement on where mail goes. In-Reply-To: <5FCB458A-3693-441C-8188-39F2B3502F62@kreme.com> References: <24D34A78-D0C9-49E3-BC1E-B954B6D5D8EE@kreme.com> <1376697358.2488.972.camel@worklian> <5FCB458A-3693-441C-8188-39F2B3502F62@kreme.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 17 Aug 2013, LuKreme wrote: > On 16 Aug 2013, at 17:55 , Bob Miller wrote: > >> One guess: your mail_location is misconfigured. >> >> something like: >> >> mail_location = maildir:/usr/local/%u/Maildir > > First, that isn't the right location. I moved the mail folders into maildir because dovecot didn?t see the mail otherwise. It shouls be /usr/local/%u > > But *only* for the sql users. I though mail_location would set it globally for all users. ? See http://wiki2.dovecot.org/MailLocation/Maildir I never used it myself, but if you specify mail_location, you should be able to drop "/Maildir" from the path. If Dovecot is to automagically detect the mailbox format, you need Maildir. If you want to use different mail locations, you need to have your userdb return another mail_location setting for (some) users. E.g. configure the default / usual mail_location in the conf files and have SQL return a field mail with the proper location for that particular user. http://wiki2.dovecot.org/MailLocation "2. mail userdb field overrides mail_location setting." http://wiki2.dovecot.org/AuthDatabase/SQL - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUhG+Z13r2wJMiz2NAQKG7gf7BPZku1Ix3vKFOOZj6LiBS5vuoubXbYXW LTaASX/LIY0x7yYwcSP+BSEmhYEKjr3iw+IyyDs/yRfr18brMTinIrBH1B0HOwms 9g/WWH1qFUe0eqBq7V6X4lRVJ5SaDoxirR9K6GDudrDI5D3N/HuLu1LQQRfLZSu6 tzAwrLKkplpI3mhooplLs9LaBn9qjuTlCu1pHrjlUHqlIqLtNnAPR20YDZrSBryX 1tq0YcVRXcvbZ/wodJYAuPmrZFzMhMjeSgqys7P24Mtoubb0YODjJZII/Dj7Bnpd X2nZ5KQn/EuzNmew/9hezVTkTyOWp3c8/RE3tQJwVMa8d73GYiDr0A== =K19R -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Mon Aug 19 09:51:02 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 19 Aug 2013 08:51:02 +0200 (CEST) Subject: [Dovecot] dovecot is working, sort of In-Reply-To: References: <6748FA7A-F2E9-4950-A211-A74F09352800@kreme.com> <520C7FD7.1040308@whyscream.net> <4A4A5457-E436-42A5-B959-9BAF465D324F@kreme.com> <520CAE27.5010203@sterenborg.info> <52C03122-010B-42F0-8369-D098C045FE65@kreme.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 16 Aug 2013, LuKreme wrote: > I have two kinds of accounts on the machine, local (shell) accounts in > /home/ and virtual (MySQL) accounts in /usr/local/virtual. I tried to > add the hid/gid args in the sql block, but the syntax was incorrect. > >> There is default_fields, that should do it, e.g. >> userdb { >> args = /etc/dovecot/dovecot-sql.conf.ext >> driver = sql >> default_fields = uid=vpopmail gid=postfix >> } > > I did not see anything about default_fields, so that is news to me. It > seems better, structurally, to do this wo when I next gt int there to > fix stuff, I will probably do that instead of... http://wiki2.dovecot.org/UserDatabase?highlight=(default_fields) >> Or extent your SQL user_query to return static values for uid / gid. > > That is what I did, though I still have a problem with it all (see "Disagreement on where mail goes." thread). With both mechanisms you can solve the mail_location problem as well, by defining mail= in default_fields or returing a field "mail". Actually, you can use both: use "default_fields = mail=/path/%u" for most SQL users and return the field "mail" with some content, in order to override even the that default. The system users would then use the mail_location setting from the conf files. BTW: Your users have a home directory and Dovecot knows about it? Use "home" with default_fields. It should differ from the mail location. http://wiki2.dovecot.org/VirtualUsers/Home Therefore, to use "%h/Maildir" is not a bad decision for virtual users, too. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUhHAVl3r2wJMiz2NAQKYEAgAmCLPax/Fk2pyckFVFF9CCh0cG1WESw5H dbEbgoRsCu/dC3BzUHYwAq3SKTGkpfl7ztiqzhzhdMYldaQYbFq6IreABB/URz15 7/wmBf46ouadREHZ7vElkOPEpxPCjg98np0SbkE+DBt83mgWFqkUACJVA3m6uVnN EpwKJnusIVIdx3Kef41pS8Qf1UpUjFKb1rvz9j3BhHlVKAODENrlZzt5ZU3liUMO W4uvM1NtG8SoUW+KQZNf9fdvnq0skEGAFP81bUZtgySZxSvyKeUXcBQUvL98ab9Q 7P6Gvz7R7gd2izPUgyex8xFNuFlsEM4SZ6qUMuKApgQsVJvqM0qduQ== =fkM0 -----END PGP SIGNATURE----- From rs at sys4.de Mon Aug 19 10:45:57 2013 From: rs at sys4.de (Robert Schetterer) Date: Mon, 19 Aug 2013 09:45:57 +0200 Subject: [Dovecot] Using procmail to mark messages as read in dovecot In-Reply-To: References: Message-ID: <5211CD35.5040706@sys4.de> Am 19.08.2013 01:53, schrieb LuKreme: > So, I use procmail extensively, and I have for a long time, but marking messages as 'read' in a Maildir has always been a little wonky: > > TRAP='mv "$LASTFOLDER" "${LASTFOLDER}:2,S"' > > Since I've switched to dovecot, is there a way to mark a message on delivery as read or not new or seen? > perhaps this helps http://www.gyford.com/phil/writing/2010/07/02/sieve-filters.php # File messages from a mailing list I never get round to reading, # and mark them as read so I don't feel guilty. if header :contains ["From"] "mailinglist at example.com" { setflag "\\Seen"; fileinto "FolderName/MailboxName"; stop; } http://wiki.dovecot.org/LDA/Sieve#Flagging_or_Highlighting_your_mail http://tools.ietf.org/html/draft-ietf-sieve-imapflags-05 Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From CMarcus at Media-Brokers.com Mon Aug 19 13:14:29 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 19 Aug 2013 06:14:29 -0400 Subject: [Dovecot] Maildirmake equiv? In-Reply-To: References: <520EB947.9040909@parts-unknown.org> Message-ID: <5211F005.3010603@Media-Brokers.com> On 2013-08-18 8:24 PM, LuKreme wrote: > Yep. seems to work fine. I think courier had a special command because it creates some extra files and a directory inside the maildir for its indexing. Courier doesn't use indexing. -- Best regards, */Charles/* From srf at sanger.ac.uk Mon Aug 19 14:08:28 2013 From: srf at sanger.ac.uk (Simon Fraser) Date: Mon, 19 Aug 2013 12:08:28 +0100 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <1375950077.5211.18.camel@ubu101751> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> <1375950077.5211.18.camel@ubu101751> Message-ID: <1376910508.32032.13.camel@ubu101751> Are there any more tests I can run for this? Thanks, Simon. On Thu, 2013-08-08 at 09:21 +0100, Simon Fraser wrote: > On Tue, 2013-08-06 at 19:15 +0300, Timo Sirainen wrote: > > > > Presumably it's thinking the "-r /tmp/dsync-rawlog" is a mail location? > > > I've tried changing its location in the appends, but it doesn't make a > > > difference. > > > > Oops, I messed up the parameter order. It was supposed to have -s state but now it had -s -r rawlog state. New patch should work better. > > I ran two tests: one using 'doveadm expunge' and one deleting the > message using mutt. Since the hosts mentioned so far have a copy of my > full mailbox on, I re-ran the tests (with the same results) on a test > server with a fresh mailbox on, so there was no extra folder > synchronisation in there to fill up the rawlog. > > Those log entries are too big for the mailing list (70k+), so are here: > > 'doveadm expunge' dsync-rawlog node A > http://pastebin.com/LtUnENPv > > 'doveadm expunge' dsync-rawlog node B > http://pastebin.com/QaWLyZq2 > > imap expunge dsync-rawlog node A > http://pastebin.com/SuFdWn0w > > imap expunge dsync-rawlog node B > http://pastebin.com/Ex66s7hq > > Mail logs on both contain entries like this: > Aug 6 18:04:37 dcot2a dovecot: master: Dovecot v2.2.5 starting up (core > dumps disabled) > Aug 6 18:04:38 dcot2a dovecot: doveadm: Error: Don't give mail location > with -d parameter > > Simon. > > > -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From ben+dovecot at mail-subs.com Mon Aug 19 13:52:15 2013 From: ben+dovecot at mail-subs.com (Ben) Date: Mon, 19 Aug 2013 11:52:15 +0100 Subject: [Dovecot] Dsync confusion... Message-ID: <5211F8DF.7020203@mail-subs.com> Hi, Maybe I've been staring at config files and man pages too long, but the doc page for Dsync is a little confusing and I don't how to solve my problem. I've probably missed something simple and stupid, but as I said, I've been staring at this problem too long and need a second pair of eyes on it ! Per doveconf below the user/owner for auth db is a user with shell /bin/false. Root SSH login is also disabled on the target machine, so I need to use a script user to do the sync. I installed dovecot on the target host and config'd it as per the second doveconf below But all I ever get are errors such as : su -c "dsync -u test at somewhere.example.com backup its-virtmail at somewhere.example.com" its_scripts dsync(its_scripts): Fatal: setuid(1001(its-virtmail) from userdb lookup) failed with euid=1002(its_scripts): Operation not permitted (This binary should probably be called with process user set to 1001(its-virtmail) instead of 1002(its_scripts)) root at ukc-vm02-mx01:/etc/dovecot/conf.d# dsync(its_scripts): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=1002(its_scripts) egid=1002(its_scripts) missing +r perm: /var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) Even if I temporarily give /bin/sh and an ssh key to the dovecot user, I still can't get it to work : ssh its-virtmail at somewhere.example.com dsync -u test at example.com dsync(its-virtmail): Error: user test at somewhere.example.com: Initialization failed: mail_location not set and autodetection failed: Mail storage autodetection failed with home=/srv/mail/example.com/test dsync(its-virtmail): Fatal: User init failed dsync-local(test at somewhere.example.com): Error: read() from worker server failed: EOF # SOURCE HOST # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.5.0-37-generic x86_64 Ubuntu 12.04.2 LTS auth_verbose = yes auth_verbose_passwords = sha1 mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } plugin { fts = solr fts_solr = url=http://localhost:8080/solr/ sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = its-virtmail mode = 0660 user = its-virtmail } } service imap-login { process_min_avail = 3 } service lmtp { process_min_avail = 5 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } user = its-virtmail } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieves { port = 5190 ssl = yes } process_min_avail = 3 } ssl = required ssl_cert = was automatically rejected:%n%r } protocol lmtp { mail_plugins = sieve postmaster_address = postmaster at example.com } #DEST HOST # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.5.0-37-generic x86_64 Ubuntu 12.04.2 LTS auth_verbose = yes auth_verbose_passwords = sha1 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap lmtp sieve" service auth { unix_listener auth-userdb { group = its-virtmail user = its-virtmail } } service lmtp { process_min_avail = 3 user = its-virtmail } ssl_cert = All of a sudden I am getting these errors on one of my accounts: imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10) It was working fine last night when I went to bed, and is posting these errors nearly constantly (about one every second) when I checked mail after waking up this morning. The account is question is my main account and has a lot of mail, but it is not the account with the most mailboxes, that one is working fine. I looked at the documentation on how to increase this setting, but is for 1.x and clicking the 'wiki2" link brings up a mostly blank page with no configuration info at all. It looks like in dovecot 1.x this would go in an protocol imap block, but I don't have one of those in my conf. # doveconf -n # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE i386 auth_mechanisms = plain login disable_plaintext_auth = no first_valid_uid = 89 log_path = /var/log/dovecot mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox NotJunk { auto = subscribe } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } ssl_cert = References: Message-ID: <521209A2.9040502@thelounge.net> Am 19.08.2013 14:00, schrieb LuKreme: > All of a sudden I am getting these errors on one of my accounts: > > imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10) > It was working fine last night when I went to bed, and is posting these errors nearly constantly in case of IMAP 10 is *way* too low! keep in mind that * a IMAP client opens one connection *per folder* * if you have 5 folders and a user with 3 devices (workstation, phone, tablet) you are done * if you have a few imap-users behind the same NAT you are done -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From h.reindl at thelounge.net Mon Aug 19 15:08:32 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 19 Aug 2013 14:08:32 +0200 Subject: [Dovecot] Maximum number of connections from user+IP exceeded In-Reply-To: <521209A2.9040502@thelounge.net> References: <521209A2.9040502@thelounge.net> Message-ID: <52120AC0.2040306@thelounge.net> Am 19.08.2013 14:03, schrieb Reindl Harald: > > > Am 19.08.2013 14:00, schrieb LuKreme: >> All of a sudden I am getting these errors on one of my accounts: >> >> imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10) >> It was working fine last night when I went to bed, and is posting these errors nearly constantly > > in case of IMAP 10 is *way* too low! > > keep in mind that > > * a IMAP client opens one connection *per folder* > * if you have 5 folders and a user with 3 devices (workstation, phone, tablet) you are done > * if you have a few imap-users behind the same NAT you are done missed "I looked at the documentation on how to increase this setting" and "It looks like in dovecot 1.x this would go in an protocol imap block, but I don't have one of those in my conf" it goes in no block, part of the main config login_log_format_elements = user=<%u> %r %m %c login_log_format = %$: %s mail_max_userip_connections = 50 auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN disable_plaintext_auth = no shutdown_clients = no version_ignore = yes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From kremels at kreme.com Mon Aug 19 15:51:46 2013 From: kremels at kreme.com (LuKreme) Date: Mon, 19 Aug 2013 06:51:46 -0600 Subject: [Dovecot] Disagreement on where mail goes. In-Reply-To: References: <24D34A78-D0C9-49E3-BC1E-B954B6D5D8EE@kreme.com> <1376697358.2488.972.camel@worklian> <5FCB458A-3693-441C-8188-39F2B3502F62@kreme.com> Message-ID: On 19 Aug 2013, at 00:42 , Steffen Kaiser wrote: > See http://wiki2.dovecot.org/MailLocation/Maildir I never used it myself, but if you specify mail_location, you should be able to drop "/Maildir" from the path. If Dovecot is to automagically detect the mailbox format, you need Maildir. > > If you want to use different mail locations, you need to have your userdb return another mail_location setting for (some) users. E.g. configure the default / usual mail_location in the conf files and have SQL return a field mail with the proper location for that particular user. > > http://wiki2.dovecot.org/MailLocation > > "2. mail userdb field overrides mail_location setting." > > http://wiki2.dovecot.org/AuthDatabase/SQL Thanks, I'v read those, but I don't know what the scope of that setting is. I have mail_location set to milder:~/Maildir at the top-level of the dovecot.conf. If I try to set it again in the userdb userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql default_fields= uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u } Well, I thought that threw an error last time I tried it. Hmm. OK. OK, never mind. I don't know what I did last time, that does seem to work. -- Nothing gold can stay -- Robert Frost Stay gold -- Johnny Cade From carlosatown at gmail.com Mon Aug 19 22:46:19 2013 From: carlosatown at gmail.com (Carlos L) Date: Mon, 19 Aug 2013 15:46:19 -0400 Subject: [Dovecot] age-limit Message-ID: I'm trying to figure if there is a "proactive" way to enforce item age on maildir . maildir-cleanup kind of does it but im looking for something similiar to quota ++ that you can add to dovecot but for item age not size. Any ideas? From stan at hardwarefreak.com Tue Aug 20 00:00:28 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Mon, 19 Aug 2013 16:00:28 -0500 Subject: [Dovecot] Maximum number of connections from user+IP exceeded In-Reply-To: <521209A2.9040502@thelounge.net> References: <521209A2.9040502@thelounge.net> Message-ID: <5212876C.9030807@hardwarefreak.com> On 8/19/2013 7:03 AM, Reindl Harald wrote: > > > Am 19.08.2013 14:00, schrieb LuKreme: >> All of a sudden I am getting these errors on one of my accounts: >> >> imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10) >> It was working fine last night when I went to bed, and is posting these errors nearly constantly > > in case of IMAP 10 is *way* too low! > > keep in mind that > > * a IMAP client opens one connection *per folder* What do you mean by "per folder"? I've been limiting Tbird to 2 IMAP connections for many years and, unsurprisingly, it never opens more than two IMAP connections to Dovecot no matter how many folders I access, tabs I have open, or searches I perform, etc: tcp 0 0 192.168.100.9:143 192.168.100.53:1663 ESTABLISHED 13189/imap tcp 0 0 192.168.100.9:143 192.168.100.53:1672 ESTABLISHED 13192/imap And with the default TB limit of 5 it never opens more than 5. Which clients exhibit this "per folder" connection behavior? That seems totally unnecessary. > * if you have 5 folders and a user with 3 devices (workstation, phone, tablet) you are done Again, not folder dependent but client configuration dependent. If your client is RC it never opens more than one connection per user, and closes the connection after each operation. > * if you have a few imap-users behind the same NAT you are done This isn't correct either. It's user+IP. So you could have 30 connections from 3 users, 100 from 10 users, through one NAT IP, with a setting of 10. -- Stan From h.reindl at thelounge.net Tue Aug 20 00:10:57 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 19 Aug 2013 23:10:57 +0200 Subject: [Dovecot] Maximum number of connections from user+IP exceeded In-Reply-To: <5212876C.9030807@hardwarefreak.com> References: <521209A2.9040502@thelounge.net> <5212876C.9030807@hardwarefreak.com> Message-ID: <521289E1.7010008@thelounge.net> Am 19.08.2013 23:00, schrieb Stan Hoeppner: > On 8/19/2013 7:03 AM, Reindl Harald wrote: >> >> Am 19.08.2013 14:00, schrieb LuKreme: >>> All of a sudden I am getting these errors on one of my accounts: >>> >>> imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10) >>> It was working fine last night when I went to bed, and is posting these errors nearly constantly >> >> in case of IMAP 10 is *way* too low! >> >> keep in mind that >> >> * a IMAP client opens one connection *per folder* > > What do you mean by "per folder"? I've been limiting Tbird to 2 IMAP > connections for many years and, unsurprisingly, it never opens more than > two IMAP connections to Dovecot no matter how many folders I access, > tabs I have open, or searches I perform, etc: > > tcp 0 0 192.168.100.9:143 192.168.100.53:1663 ESTABLISHED 13189/imap > tcp 0 0 192.168.100.9:143 192.168.100.53:1672 ESTABLISHED 13192/imap and it will never check more than 2 folder relieable and in time for new mails > And with the default TB limit of 5 it never opens more than 5 fine - and with Inbox, Sent, Trash, Junk and Drafts it will so with 2 client from the smane NAT your 10 are done > Which clients exhibit this "per folder" connection behavior? > That seems totally unnecessary. may i suggest you read about how IMAP IDLE works? http://forum.emclient.com/emclient/topics/imap_idle_should_open_a_connection_to_each_folder_but_it_does_not http://kb.mozillazine.org/IMAP:_advanced_account_configuration >> * if you have 5 folders and a user with 3 devices (workstation, phone, tablet) you are done > > Again, not folder dependent but client configuration dependent. If your > client is RC it never opens more than one connection per user, and > closes the connection after each operation. Roundcube is not a regulary client because with stateless HTTP you hardly can implement IMAP IDLE >> * if you have a few imap-users behind the same NAT you are done > > This isn't correct either. It's user+IP says who? this makes no sense to limit anything relieable hence, a bad guy has no user at all and opens a lot of connections for damage > So you could have 30 connections from 3 users, 100 from 10 users, through > one NAT IP, with a setting of 10 even with your example of 5 default connections you have a problem with the same user owning 3 devices - they most likely sometimes are behind his home NAT and turned on -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From raabe at froglogic.com Tue Aug 20 01:20:57 2013 From: raabe at froglogic.com (Frerich Raabe) Date: Tue, 20 Aug 2013 00:20:57 +0200 Subject: [Dovecot] Maximum number of connections from user+IP exceeded In-Reply-To: <5212876C.9030807@hardwarefreak.com> References: <521209A2.9040502@thelounge.net> <5212876C.9030807@hardwarefreak.com> Message-ID: <8f3837619cfe0965e7a55bf94a83a47b@roundcube.froglogic.com> On 2013-08-19 23:00, Stan Hoeppner wrote: >> * a IMAP client opens one connection *per folder* > > What do you mean by "per folder"? I've been limiting Tbird to 2 IMAP > connections for many years and, unsurprisingly, it never opens more > than > two IMAP connections to Dovecot no matter how many folders I access, > tabs I have open, or searches I perform, etc: > > tcp 0 0 192.168.100.9:143 192.168.100.53:1663 ESTABLISHED 13189/imap > tcp 0 0 192.168.100.9:143 192.168.100.53:1672 ESTABLISHED 13192/imap > > And with the default TB limit of 5 it never opens more than 5. Which > clients exhibit this "per folder" connection behavior? That seems > totally unnecessary. Any client which supports the 'IDLE' command does this; it's a mechanism to avoid that a client has to poll the IMAP server for new mail. The client does an 'IDLE' call *per folder* which only returns when the server adds new mail to the folder. Hence, the IDLE call blocks the connection, which is why mail clients which use IDLE have to establish multiple IMAP connections, one per folder which is monitored using this feature. -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From yggdrasil at gmx.co.uk Tue Aug 20 02:31:29 2013 From: yggdrasil at gmx.co.uk (Johnny) Date: Tue, 20 Aug 2013 00:31:29 +0100 Subject: [Dovecot] Dovecot + SELinux permission problems - Virtual user permissions? References: <87y5a0etua.fsf@gmx.co.uk> <20130623191817.GA23164@mushkin.tanso.net> <87r4fsb2hq.fsf@gmx.co.uk> <51C7C1A9.3060609@nybeta.com> <87d2rbbogn.fsf@gmx.co.uk> <51C87DE5.6020103@nybeta.com> Message-ID: <87ob8tntpq.fsf@deusexmachina.lan> Sorry about the delays on following up on this, I am really struggling to get somewhere, but have made some minor progress, see below. I am now starting to suspect that it may be a problem that I have a virtual user in dovecot trying to access a maildir owned by the system user. Although the maildir has full permissions (777), could it be that SELinux is blocking the virtual user access to the file through dovecot because it is owned by the system user? Thomas Harold writes: > On 6/24/2013 9:58 AM, Johnny wrote: >> Yes, /var/log/audit/ with audit.log. There are some archived logs as >> well, but no recent messages regarding dovecot perms. > > Typically you could use "sealert -a /var/log/audit/audit.log > /var/log/audit/audit.log.1" to get a feel for how many SELinux > exceptions are happening. > I found out that auditd had the wrong permissions and therefore didn't start. Setting the permissions of /var/log/audit/audit.log to 0600 enabled starting auditd. Unfortunately, audit.log doesn't log any errors with SELinux in Permissive mode (nor for Enforcing). > Also, when you say that the restorecon -R did not fix the issue, did > you check the output of "ls -Z" after running it? > I also found out that semanage didn't work initially, as there was a symbolic link in the path. Referencing the location directly, the relabelling worked, so now Maildir and all below is type mail_spool_t. ,---- ls -Z /home/user/data1/Maildir | drwx------. user user system_u:object_r:mail_spool_t:s0 juser | | drwx------. user user system_u:object_r:mail_spool_t:s0 yggdrasil | `---- > However, looking at your original message, I'm wondering why the > forward slashes are doubled up. For instance: > "/home/user/data1/Maildir//" > Good spot! I have defined different virtual users for in a 'users' file, and there was a trailing slash in the maildir location as well as a leading slash in mail folder path. I have now removed the trailing slash so there is no double slashes in the path anymore. The problem however still remains; with SELinux in Permissive, there are no issues in logging into the dovecot server. When I set it to Enforcing, the telnet session is closed immediately when trying to login with the message : telnet localhost 143 : a login [user] [password] ,---- | * BYE Internal error occurred. Refer to server log for more information. | Connection closed by foreign host. `---- >From the dovecot log (below) it looks like a write permission error. ,---- cat /var/log/dovecot | Aug 19 23:33:29 imap-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5217, secured, session=<2AKSh1Tk1QB/AAAB> | Aug 19 23:34:11 imap(juser): Info: Connection closed in=0 out=319 | Aug 19 23:34:18 imap-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5224, secured, session=<34J+ilTk1gB/AAAB> | Aug 19 23:34:18 imap(juser): Error: chdir(/home/user/data1/Maildir//) failed: Permission denied (euid=1000(user) egid=1000(user) missing +w perm: /home/user/data1/Maildir// stat(/home/user/data1/Maildir//) failed: Permission denied) | Aug 19 23:34:18 imap(juser): Error: chdir(/home/user/data1/Maildir/) failed: Permission denied | Aug 19 23:34:18 imap(juser): Error: user juser: Initialization failed: Namespace '': stat(/home/user/data1/Maildir//juser) failed: Permission denied (euid=1000(user) egid=1000(user) missing +w perm: /home/user/data1/Maildir//juser stat(/home/user/data1/Maildir//juser) failed: Permission denied) `---- ,---- ls -Z /home/user/data1/Maildir | drwx------. user user system_u:object_r:mail_spool_t:s0 juser | | drwx------. user user system_u:object_r:mail_spool_t:s0 yggdrasil | `---- Changing permissions to 777 doesn't change matters at all. Looking at the permission error in /var/log/dovecot again leads me to think that /maybe/ the issue is that I have a virtual dovecot user 'juser' which tries to read the Maildir owned by 'user'. I.e. these lines: Permission deinied: | Aug 19 23:34:18 imap(juser): Error: user juser: Initialization failed: Namespace '': stat(/home/user/data1/Maildir/juser) failed: Permission denied (euid=1000(user) egid=1000(user) missing +w perm: /home/user/data1/Maildir/juser stat(/home/user/data1/Maildir/juser) failed: Permission denied) File ownership: | drwxrwxrwx. user user system_u:object_r:mail_spool_t:s0 juser | -- Johnny From stan at hardwarefreak.com Tue Aug 20 02:45:06 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Mon, 19 Aug 2013 18:45:06 -0500 Subject: [Dovecot] Maximum number of connections from user+IP exceeded In-Reply-To: <521289E1.7010008@thelounge.net> References: <521209A2.9040502@thelounge.net> <5212876C.9030807@hardwarefreak.com> <521289E1.7010008@thelounge.net> Message-ID: <5212AE02.1070002@hardwarefreak.com> On 8/19/2013 4:10 PM, Reindl Harald wrote: > may i suggest you read about how IMAP IDLE works? Oh, well sure, if you hang your hat on IDLE then your arguments here might make sense. But because of the brain dead one socket per folder architecture of IDLE few have adopted it en masse. Which is why my comments ignored the existence of IDLE. And which is also why the creators of the RFC stated clients must not count on the existence of IDLE and must poll, which seems really odd. Many have, and still ask, why even have IDLE then if we must still poll? http://tools.ietf.org/html/rfc2177 "(While the spec actually does allow a server to push EXISTS responses aysynchronously, a client can't expect this behaviour and must poll.)" Given the option of potentially dozens of open sockets between his server and any client simply to allow IDLE to work for all folders, or one or two connections and strictly client polling, I'd guess most admins will choose the latter. -- Stan From h.reindl at thelounge.net Tue Aug 20 02:55:36 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 20 Aug 2013 01:55:36 +0200 Subject: [Dovecot] Maximum number of connections from user+IP exceeded In-Reply-To: <5212AE02.1070002@hardwarefreak.com> References: <521209A2.9040502@thelounge.net> <5212876C.9030807@hardwarefreak.com> <521289E1.7010008@thelounge.net> <5212AE02.1070002@hardwarefreak.com> Message-ID: <5212B078.3010304@thelounge.net> Am 20.08.2013 01:45, schrieb Stan Hoeppner: > On 8/19/2013 4:10 PM, Reindl Harald wrote: > >> may i suggest you read about how IMAP IDLE works? > > Oh, well sure, if you hang your hat on IDLE then your arguments here > might make sense. But because of the brain dead one socket per folder > architecture of IDLE few have adopted it en masse. Which is why my > comments ignored the existence of IDLE. And which is also why the > creators of the RFC stated clients must not count on the existence of > IDLE and must poll, which seems really odd. Many have, and still ask, > why even have IDLE then if we must still poll? > > http://tools.ietf.org/html/rfc2177 > > "(While the spec actually does allow a server to push EXISTS responses > aysynchronously, a client can't expect this behaviour and must poll.)" > > Given the option of potentially dozens of open sockets between his > server and any client simply to allow IDLE to work for all folders, or > one or two connections and strictly client polling, I'd guess most > admins will choose the latter why we have IDLE is easy explained, i get around 500 mails per day well, i can't imagine my personal work-load woking without IDLE 30 folders sorted with Sieve * several lists with own folders * company (there folders, one for internal lists) * customers * vendors * server-status (logwatch, mail-stats of 20 servers) * error-notifies from watchdog (own cron-watchdogs, HP ILO, VMware vSphere, UPS...) INBOX is a place where rarely a message comes in and with K9 on Android it's easy to select which folders should be considered for the common-inbox and which are pointless on a mobile (INBOX is none of them) on a mailserver which can handle thousands of connections there is rarely a reason to disable IDLE and so a connection limit of 10 per IP is questionable -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From raabe at froglogic.com Tue Aug 20 03:12:04 2013 From: raabe at froglogic.com (Frerich Raabe) Date: Tue, 20 Aug 2013 02:12:04 +0200 Subject: [Dovecot] Calling dovecot-lda correctly from exim for virtual user setup In-Reply-To: <1375446351.31867.14.camel@innu.dovecot.net> References: <187f7a76e122c8604515305d36f8d57a@roundcube.froglogic.com> <1375446351.31867.14.camel@innu.dovecot.net> Message-ID: On 2013-08-02 14:25, Timo Sirainen wrote: > On Tue, 2013-07-30 at 14:55 +0200, Frerich Raabe wrote: >> I'm running Dovecot 2.1.7 on Debian. Exim is the MTA. I was recently >> made aware of the fact that the way in which Exim invokes >> dovecot-lda is >> prone to code injection: >> >> dovecot_virtual_delivery: >> driver = pipe >> command = HOME=/home/vmail/\$local_part >> /usr/lib/dovecot/dovecot-lda >> -f \$sender_address >> use_shell >> .. >> >> I.e. a command is executed via the shell, and Exim uses >> non-sanitized >> user input (mail header fields) to construct the command. >> >> Now, the reason I invoked dovecot like that is to pass a plausible >> value for the HOME environment variable, so that dovecot-lda can >> determine where the Maildir directory of the recipient is. Is there >> any >> way to achieve this without requiring HOME to be set correctly? I >> looked >> at the -m switch but as far as I can see that merely defines the >> destination mailbox, but not the path to the Maildir directory, >> correct? > > Maybe set mail_home = /home/vmail/%n ? Sorry for the late reply, I totally forgot to follow-up on this. Setting mail_home didn't seem to help (according to 'doveadm user' the home directory was already computed corretly). It turned out that what *did* help was to pass '-d $local_part' to dovecot-lda. Apparently that makes it do a userdb lookup which in turn makes it figure out the home directory. -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From micah at riseup.net Tue Aug 20 03:25:18 2013 From: micah at riseup.net (micah anderson) Date: Mon, 19 Aug 2013 20:25:18 -0400 Subject: [Dovecot] DRAC plugin for Dovecot-2.x References: <4E785CD1.5030907@designet.co.jp> Message-ID: <87vc312opd.fsf@muck.riseup.net> Hello, USUDA Hisashi writes: > Hello All, > > I released the DRAC plugin for dovecot-2.x. > > http://sourceforge.jp/projects/dovecot2-drac/ > > It's based the plugin for dovecot-1.1: > http://dovecot.org/patches/1.1/drac.c I recently tried to get your DRAC plugin to work for 2.2.5, but it fails to compile as it is looking for network.h include file, and that doesn't appear to exist any longer in 2.2. Do you have plans to make a newer version of this plugin? thanks, micah From kremels at kreme.com Tue Aug 20 06:42:22 2013 From: kremels at kreme.com (LuKreme) Date: Mon, 19 Aug 2013 21:42:22 -0600 Subject: [Dovecot] Using procmail to mark messages as read in dovecot In-Reply-To: References: Message-ID: <84E5CD2B-C497-4DE8-8CC8-BE4322B844AB@kreme.com> On 18 Aug 2013, at 19:46 , Benny Pedersen wrote: > LuKreme skrev den 2013-08-19 01:53: > >> Since I've switched to dovecot, is there a way to mark a message on >> delivery as read or not new or seen? > > http://www.emaildiscussions.com/showthread.php?t=43128 > > it just require sieve On 19 Aug 2013, at 01:45 , Robert Schetterer wrote: > # File messages from a mailing list I never get round to reading, > # and mark them as read so I don't feel guilty. > if header :contains ["From"] "mailinglist at example.com" { > setflag "\\Seen"; > fileinto "FolderName/MailboxName"; > stop; > } I am assuming that sieve acts as a LDA like procmail, so it's an either/or? I have a *lot* of procmail recipes I've written over the last 20 years or so. -- I get the feeling that some people's idea of heaven is an "I told you so" T-shirt - mmalc From stan at hardwarefreak.com Tue Aug 20 08:01:21 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Tue, 20 Aug 2013 00:01:21 -0500 Subject: [Dovecot] Maximum number of connections from user+IP exceeded In-Reply-To: <5212B078.3010304@thelounge.net> References: <521209A2.9040502@thelounge.net> <5212876C.9030807@hardwarefreak.com> <521289E1.7010008@thelounge.net> <5212AE02.1070002@hardwarefreak.com> <5212B078.3010304@thelounge.net> Message-ID: <5212F821.9000306@hardwarefreak.com> On 8/19/2013 6:55 PM, Reindl Harald wrote: > Am 20.08.2013 01:45, schrieb Stan Hoeppner: >> On 8/19/2013 4:10 PM, Reindl Harald wrote: >> >>> may i suggest you read about how IMAP IDLE works? >> >> Oh, well sure, if you hang your hat on IDLE then your arguments here >> might make sense. But because of the brain dead one socket per folder >> architecture of IDLE few have adopted it en masse. Which is why my >> comments ignored the existence of IDLE. And which is also why the >> creators of the RFC stated clients must not count on the existence of >> IDLE and must poll, which seems really odd. Many have, and still ask, >> why even have IDLE then if we must still poll? >> >> http://tools.ietf.org/html/rfc2177 >> >> "(While the spec actually does allow a server to push EXISTS responses >> aysynchronously, a client can't expect this behaviour and must poll.)" >> >> Given the option of potentially dozens of open sockets between his >> server and any client simply to allow IDLE to work for all folders, or >> one or two connections and strictly client polling, I'd guess most >> admins will choose the latter > > why we have IDLE is easy explained, i get around 500 mails per day > well, i can't imagine my personal work-load woking without IDLE > > 30 folders sorted with Sieve > > * several lists with own folders > * company (there folders, one for internal lists) > * customers > * vendors > * server-status (logwatch, mail-stats of 20 servers) > * error-notifies from watchdog (own cron-watchdogs, HP ILO, VMware vSphere, UPS...) > > INBOX is a place where rarely a message comes in and with K9 on Android > it's easy to select which folders should be considered for the > common-inbox and which are pointless on a mobile (INBOX is none of them) IDLE is not required for this. Polling, which is the default on all MUAs, accomplishes the same over one socket, a few max, depending on what you're doing -concurrently- in the MUA. > on a mailserver which can handle thousands of connections there > is rarely a reason to disable IDLE and so a connection limit > of 10 per IP is questionable The server resources aren't necessarily a problem as you can always go cluster. One potential problem though, and there are likely others, is that you're potentially increasing the SPI/NAT session tracking on the edge router by 3-6 fold by allowing 30 sessions vs 5 or 10. Add that on top of the other traffic types and, for many, this may require larger routers, a license upgrade, or both. If you're an org of any size and tunneling the IMAP sessions through VPN routers, an upgrade would likely be mandatory. Thus for some orgs simply increasing allowed connections to support IDLE on arbitrary folder counts may come with a $20-100K price tag. If this was money in your pocket, would you spend it to simply replace poll with push, given that poll works fine, and given that push yields no -real- advantage over poll? -- Stan From ben+dovecot at mail-subs.com Tue Aug 20 09:47:02 2013 From: ben+dovecot at mail-subs.com (Ben) Date: Tue, 20 Aug 2013 07:47:02 +0100 Subject: [Dovecot] Maximum number of connections from user+IP exceeded In-Reply-To: <5212F821.9000306@hardwarefreak.com> References: <521209A2.9040502@thelounge.net> <5212876C.9030807@hardwarefreak.com> <521289E1.7010008@thelounge.net> <5212AE02.1070002@hardwarefreak.com> <5212B078.3010304@thelounge.net> <5212F821.9000306@hardwarefreak.com> Message-ID: <521310E6.7080209@mail-subs.com> > IDLE is not required for this. Polling, which is the default on all > MUAs, Not entirely sure I'd call it "the default", Thunderbird seems to setup for IDLE as default these days, and I suspect Apple Mail and any of the other popular ones do too. The source code probably looks something like if (canIdle) then {do stuff} else {do polling} From stan at hardwarefreak.com Tue Aug 20 11:00:23 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Tue, 20 Aug 2013 03:00:23 -0500 Subject: [Dovecot] Maximum number of connections from user+IP exceeded In-Reply-To: <521310E6.7080209@mail-subs.com> References: <521209A2.9040502@thelounge.net> <5212876C.9030807@hardwarefreak.com> <521289E1.7010008@thelounge.net> <5212AE02.1070002@hardwarefreak.com> <5212B078.3010304@thelounge.net> <5212F821.9000306@hardwarefreak.com> <521310E6.7080209@mail-subs.com> Message-ID: <52132217.5000900@hardwarefreak.com> On 8/20/2013 1:47 AM, Ben wrote: >> IDLE is not required for this. Polling, which is the default on all >> MUAs, > > Not entirely sure I'd call it "the default", Thunderbird seems to setup > for IDLE as default these days, and I suspect Apple Mail and any of the > other popular ones do too. > > The source code probably looks something like > if (canIdle) then > {do stuff} > else > {do polling} I haven't looked at a recent fresh install config of TB. If they have started enabling IDLE by default it's recently, and they'd have been required to increase the default 5 cached connections. Otherwise many folk would never see new mail notification on some of their server side sorted folders. And Joe and Susie Sixpack have no knowledge of the relationship between connection (socket) count and IDLE requirements, and I'd guess no MUA has documentation explaining this. I'm pretty sure Mozilla does not. I'm sure there are forum posts about it, but I doubt official documentation exists. For IDLE to work seamlessly requires basically 3 things: 1. MUA counts all IMAP folders and 2. Always maintains $folder_count sockets 3. IMAP servers must allow basically unlimited sockets In a closed environment such as a corp/uni this can be achieved, and without unlimited sockets, if staff can enforce a limit on folder count. In an open environment such as an ISP or freemail provider, they'd have to allow unlimited sockets. Some may do so currently. I have no knowledge of what such providers are doing in this regard as I don't use them nor support anyone who does. -- Stan From Ralf.Hildebrandt at charite.de Tue Aug 20 11:32:49 2013 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Tue, 20 Aug 2013 10:32:49 +0200 Subject: [Dovecot] Rfc: Limit the size of an email IN the mailbox Message-ID: <20130820083249.GH15989@charite.de> Currently we're in the process of migrating Dovecot mailboxes to Exchange. This is all working very well, except for the occasional user, who used his/her Drafts folder as a file storage: They started writing an email containing lots of image attachments (and thus exceeding our maximum_message_size by far). So the mail never gets sent, but stays in the Drafts folder. Once I try moving that mail to exchange, it won't accept the message since it's too big. I think it would be interesting to have a limit on the total size of an IMAP object, just like in SMTP. Thought? -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From kutnel at gmail.com Tue Aug 20 11:35:40 2013 From: kutnel at gmail.com (Kutrus Neloy) Date: Tue, 20 Aug 2013 10:35:40 +0200 Subject: [Dovecot] Question: dovecot-1.2.17 , pop3 Message-ID: Hi, you have written in your Dovecot 2.2.5 - Changelog that you have solved a Problem with pop3. *? pop3: Avoid assert-crash if client disconnects during LIST.* My question is: Is it possible to get this problem with my version? 1.2.17 ? Thanks From h.reindl at thelounge.net Tue Aug 20 11:41:58 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 20 Aug 2013 10:41:58 +0200 Subject: [Dovecot] Rfc: Limit the size of an email IN the mailbox In-Reply-To: <20130820083249.GH15989@charite.de> References: <20130820083249.GH15989@charite.de> Message-ID: <52132BD6.5050304@thelounge.net> Am 20.08.2013 10:32, schrieb Ralf Hildebrandt: > Currently we're in the process of migrating Dovecot mailboxes to > Exchange. > > This is all working very well, except for the occasional user, who used > his/her Drafts folder as a file storage: They started writing an email > containing lots of image attachments (and thus exceeding our > maximum_message_size by far). So the mail never gets sent, but stays in > the Drafts folder. > > Once I try moving that mail to exchange, it won't accept the message > since it's too big. I think it would be interesting to have a limit on > the total size of an IMAP object, just like in SMTP should not be difficult to implement dbmail has a setting after a feature-request from me because the "smart" Apple Mail resulted in crashing the server multiple times by a user on the LAN who draged the wrong attachment to a new message which was a some GB large video and Apple insists trying to save the draft each time the server comes back dbmail.conf: max_message_size = 36700160 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From roel at wagenaar.nu Tue Aug 20 12:36:29 2013 From: roel at wagenaar.nu (Roel Wagenaar) Date: Tue, 20 Aug 2013 11:36:29 +0200 Subject: [Dovecot] Using procmail to mark messages as read in dovecot In-Reply-To: <84E5CD2B-C497-4DE8-8CC8-BE4322B844AB@kreme.com> References: <84E5CD2B-C497-4DE8-8CC8-BE4322B844AB@kreme.com> Message-ID: You wrote: > On 18 Aug 2013, at 19:46 , Benny Pedersen wrote: > > LuKreme skrev den 2013-08-19 01:53: > > > > > Since I've switched to dovecot, is there a way to mark a message on > > > delivery as read or not new or seen? > > > > http://www.emaildiscussions.com/showthread.php?t=43128 > > > > it just require sieve > > > On 19 Aug 2013, at 01:45 , Robert Schetterer wrote: > > # File messages from a mailing list I never get round to reading, # and > > mark them as read so I don't feel guilty. if header :contains ["From"] > > "mailinglist at example.com" { > > setflag "\\Seen"; > > fileinto "FolderName/MailboxName"; > > stop; > > } > > I am assuming that sieve acts as a LDA like procmail, so it's an > either/or? I have a *lot* of procmail recipes I've written over the last > 20 years or so. > Not nesessarily, you can make procmail hand over the message to dovecot-lda if you like: Something lik this: DELIVER="/usr/lib/dovecot/dovecot-lda" :0 * ^X-RSS-Feed: .*rss2email | $DELIVER -m System.rss2email/ works flawless. This example is af course very symplified, I still use a nice procmail script to filter uot all my maillists befor handing over the rest to dovecot. -- Roel Wagenaar, Linux-User #469851 with the Linux Counter; http://linuxcounter.net/ Antw.: Omdat het de volgorde verstoord waarin mensen tekst lezen. Vraag: Waarom is top-posting een slechte gewoonte? Antw.: Top-posting. Vraag: Wat is het meest ergerlijke in e-mail? I used to have an open mind but my brains kept falling out. From erickom at kom.za.net Tue Aug 20 13:10:06 2013 From: erickom at kom.za.net (Eric Kom) Date: Tue, 20 Aug 2013 12:10:06 +0200 Subject: [Dovecot] username and password can't be verified Message-ID: <5213407E.1090302@kom.za.net> Good day Folks, I am trying to setup a mail server based on dovecot(with imap and pop3) and postfix as a smtp on debian jessie/sid. The login its system user. After I have tried to configure the client (Icedove), this last can find the imap, pop3 and smtp servers; but the can't be verified. Please see below my dovecot, postfix configurations and log details. erickom at ajk:/etc/postfix$ doveconf -n # 2.2.5 (c4f754d6967e): /etc/dovecot/dovecot.conf # OS: Linux 3.10-2-486 i686 Debian jessie/sid ext4 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login base_dir = /var/run/dovecot/ disable_plaintext_auth = no login_greeting = Great Kom, ready. mail_debug = yes mail_location = maildir:/var/mail/%d/%n/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap sieve pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_cert = , rip=10.0.0.103, lip=10.0.0.244, session= Aug 20 09:02:57 ajk postfix/smtpd[16966]: connect from unknown[10.0.0.103] Aug 20 09:02:57 ajk postfix/smtpd[16966]: improper command pipelining after EHLO from unknown[10.0.0.103]: QUIT\r\n Aug 20 09:02:57 ajk postfix/smtpd[16966]: disconnect from unknown[10.0.0.103] Aug 20 09:02:57 ajk dovecot: auth: Debug: auth client connected (pid=17037) Aug 20 09:02:57 ajk dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=10.0.0.103, lip=10.0.0.244, session= Aug 20 09:03:03 ajk dovecot: auth: Debug: auth client connected (pid=17040) Aug 20 09:03:03 ajk dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011session=okfspVvkTAAKAABn#011lip=10.0.0.244#011rip=10.0.0.103#011lport=143#011rport=57164 Aug 20 09:03:03 ajk dovecot: auth: Debug: client passdb out: CONT#0111#011 Aug 20 09:03:03 ajk dovecot: auth: Debug: client in: CONT#0111#011AGVyaWNrb21AbWV0cm9wb2xpdGFuLm9yZy56YQBuaW5hMDEwMTgzYw== (previous base64 data may contain sensitive data) Aug 20 09:03:03 ajk dovecot: auth-worker(17041): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Aug 20 09:03:03 ajk dovecot: auth-worker(17041): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so Aug 20 09:03:03 ajk dovecot: auth-worker(17041): Debug: pam(erickom at metropolitan.org.za,10.0.0.103): lookup service=dovecot Aug 20 09:03:03 ajk dovecot: auth-worker(17041): Debug: pam(erickom at metropolitan.org.za,10.0.0.103): #1/1 style=1 msg=Password: Aug 20 09:03:06 ajk dovecot: auth-worker(17041): pam(erickom at metropolitan.org.za,10.0.0.103): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: ni$ Aug 20 09:03:08 ajk dovecot: auth: Debug: client passdb out: FAIL#0111#011user=erickom at metropolitan.org.za Aug 20 09:03:08 ajk dovecot: auth: Debug: client in: AUTH#0112#011LOGIN#011service=imap#011session=okfspVvkTAAKAABn#011lip=10.0.0.244#011rip=10.0.0.103#011lport=143#011rport=57164 Aug 20 09:03:12 ajk dovecot: auth: Debug: client passdb out: CONT#0112#011VXNlcm5hbWU6 Aug 20 09:03:12 ajk dovecot: auth: Debug: client in: CONT#0112#011ZXJpY2tvbUBtZXRyb3BvbGl0YW4ub3JnLnph (previous base64 data may contain sensitive data) Aug 20 09:03:12 ajk dovecot: auth: Debug: client passdb out: CONT#0112#011UGFzc3dvcmQ6 Aug 20 09:03:12 ajk dovecot: auth: Debug: client in: CONT#0112#011bmluYTAxMDE4M2M= (previous base64 data may contain sensitive data) Aug 20 09:03:12 ajk dovecot: auth-worker(17041): Debug: pam(erickom at metropolitan.org.za,10.0.0.103): lookup service=dovecot Aug 20 09:03:12 ajk dovecot: auth-worker(17041): Debug: pam(erickom at metropolitan.org.za,10.0.0.103): #1/1 style=1 msg=Password: Aug 20 09:03:14 ajk dovecot: auth-worker(17041): pam(erickom at metropolitan.org.za,10.0.0.103): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: ni$ Aug 20 09:03:16 ajk dovecot: auth: Debug: client passdb out: FAIL#0112#011user=erickom at metropolitan.org.za Aug 20 09:03:16 ajk dovecot: auth: Debug: client in: AUTH#0113#011PLAIN#011service=imap#011session=okfspVvkTAAKAABn#011lip=10.0.0.244#011rip=10.0.0.103#011lport=143#011rport=57164#011r$ Aug 20 09:03:20 ajk dovecot: auth-worker(17041): Debug: pam(erickom at metropolitan.org.za,10.0.0.103): lookup service=dovecot Aug 20 09:03:20 ajk dovecot: auth-worker(17041): Debug: pam(erickom at metropolitan.org.za,10.0.0.103): #1/1 style=1 msg=Password: Aug 20 09:03:22 ajk dovecot: auth-worker(17041): pam(erickom at metropolitan.org.za,10.0.0.103): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: ni$ Aug 20 09:03:24 ajk dovecot: auth: Debug: client passdb out: FAIL#0113#011user=erickom at metropolitan.org.za Aug 20 09:03:24 ajk dovecot: imap-login: Disconnected (auth failed, 3 attempts in 21 secs): user=, method=PLAIN, rip=10.0.0.103, lip=10.0.0.244, session= References: Message-ID: <5213449C.7070208@Media-Brokers.com> On 2013-08-20 4:35 AM, Kutrus Neloy wrote: > My question is: > Is it possible to get this problem with my version? 1.2.17 ? It is no longer supported. Time to upgrade. -- Best regards, */Charles/* From skdovecot at smail.inf.fh-brs.de Tue Aug 20 15:21:58 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 20 Aug 2013 14:21:58 +0200 (CEST) Subject: [Dovecot] Maximum number of connections from user+IP exceeded In-Reply-To: <521310E6.7080209@mail-subs.com> References: <521209A2.9040502@thelounge.net> <5212876C.9030807@hardwarefreak.com> <521289E1.7010008@thelounge.net> <5212AE02.1070002@hardwarefreak.com> <5212B078.3010304@thelounge.net> <5212F821.9000306@hardwarefreak.com> <521310E6.7080209@mail-subs.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 20 Aug 2013, Ben wrote: >> IDLE is not required for this. Polling, which is the default on all >> MUAs, > > Not entirely sure I'd call it "the default", Thunderbird seems to setup for > IDLE as default these days, and I suspect Apple Mail and any of the other > popular ones do too. Thunderbird can IDLE since long time, but does polling, if the number of allowed connections is exceeded. So, IDLE or polling is transparent to the users, except if some new-message indicator is not as quick as usual. IMHO, this behaviour is the "default", if one will named it as such, because it makes the most sense and an ordinary user is not able to choose correctly, most of the time. If somebody has already prepared a paper, when the load of x IDLE connections exceeds the load of polling of x folders for an amount of y simultaneous users? :-) - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUhNfZl3r2wJMiz2NAQL3iwf/TYcuuQAjkwC1Puq9KiyrOoR19SzjFp32 4B0m4nNgNrfSK/lxDWwYwYmOCNuCp/NrRuoiJyn34G/LH2p9X6z4pnv4nFVE2SYV gcWPd6nAmYsi3EoaIv71rvWtFf2JhuNOuX96+14DBjZyCzneUyqAvqxK8V1a/huA b0JAzczwt75J+kEqKPOHNq4dUK514FCc7kpMUFsDUlbAlxIkY10o2Y4PK8rirbGG m6kuYN+nceF6rcoLta0afUh/lSDKLX3MDQsGbMHBN/R/RqI2DTuZszXYjn1KqK4Q FoigN61j5yzIL7Yua18m29S12Myy5jLKFvcESLeGK3Ubgv9TdC2ARA== =OK/d -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Tue Aug 20 15:44:12 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 20 Aug 2013 14:44:12 +0200 (CEST) Subject: [Dovecot] Using procmail to mark messages as read in dovecot In-Reply-To: <84E5CD2B-C497-4DE8-8CC8-BE4322B844AB@kreme.com> References: <84E5CD2B-C497-4DE8-8CC8-BE4322B844AB@kreme.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 19 Aug 2013, LuKreme wrote: > On 19 Aug 2013, at 01:45 , Robert Schetterer wrote: >> # File messages from a mailing list I never get round to reading, >> # and mark them as read so I don't feel guilty. >> if header :contains ["From"] "mailinglist at example.com" { >> setflag "\\Seen"; >> fileinto "FolderName/MailboxName"; >> stop; >> } > > I am assuming that sieve acts as a LDA like procmail, so it's an either/or? I have a *lot* of procmail recipes I've written over the last 20 years or so. you could mangle the flags in the filename yourself: append :2, unless a : is present already append S for seen move from new to cur filename =~ s!/new/!/cur/! The flags following the "," _should_ be sorted, but Dovecot does not rely on it, IMHO. Oh, websearch found: http://www.dovecot.org/list/dovecot/2009-January/036297.html Then there is doveadm flags add -u user '\Seen' mailbox XYZ header message-id ABC or something like that. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUhNknF3r2wJMiz2NAQK0wgf/ZeBLntrGpYlBmZaDF+iaKSFDI05NgR1o FRidp2FB+NU4x7Q8qxePk3fvSq801ba/qsNpViCngEEJnQhP+Tb+JMtzMMHwVdwn hgdfSu9TpJnCt7XikWlg7n83o/Gw/gUEJOhmk/gonQCrZYD9SUQJ+C02R18uLo3u 6NkbXNvh5pYbtiu1lziT7ZRTTAt+FIOxRoUTzTjPxwFJ4B5V79rnOrWpfsC83+QP BbG+vbtcHJtqKwyqmFBWYSAQrTztlbsR2w4GGublsWHrhxPTRzgY+HAXX4QMjRiP 5BxH2u/G89IhczzxGPzD1nl8Hls0sBBjNG0nlLKIr2s3SDNLYFSGcw== =FvKq -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Tue Aug 20 16:07:22 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 20 Aug 2013 15:07:22 +0200 (CEST) Subject: [Dovecot] username and password can't be verified In-Reply-To: <5213407E.1090302@kom.za.net> References: <5213407E.1090302@kom.za.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Aug 20 09:03:03 ajk dovecot: auth-worker(17041): Debug: > pam(erickom at metropolitan.org.za,10.0.0.103): lookup service=dovecot Your passwd contains the user with @domain? - -- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUhNqCl3r2wJMiz2NAQKlngf/Y0CBahthoVImrMcsnfBMaH+lOtpUY/u0 oVSPsjqI8jznkehZm90Spn5b51ugBqFdEcB0tg4uMZRU/wJAr+SCpBJ5O6zd3jsw BDxlnPbYm7TsH6CxH+IRPkdLgLQpRJhFUgaBiq7NkTJEeDjgpDMw9qitqq7txjsu UlLX3+rYnvY/rmH2CF10GMvtrzFAkyuuOqVufYS6BNN4X1OhFlm+Jl/l9Vc89ZVa +fFIUFDkvxZJFRCZ4NqGELzRsJHcW976C45GTBdCp2/T7jH/o26Ro2h0FJ3Z9Z48 ISxPYiKjkG2a5+wUPmNxQOqKK5qR7PPiTw5YWWaJY9qus3DPQLEXWw== =R6sE -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Tue Aug 20 16:08:39 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 20 Aug 2013 15:08:39 +0200 (CEST) Subject: [Dovecot] age-limit In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 19 Aug 2013, Carlos L wrote: > I'm trying to figure if there is a "proactive" way to enforce item age on > maildir . maildir-cleanup kind of does it but im looking for something > similiar to quota ++ that you can add to dovecot but for item age not size. Hmm, how would quota be involved there? Maybe: http://wiki2.dovecot.org/Plugins/Expire - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUhNqV13r2wJMiz2NAQIiZgf+N2VTT04KaLwq2LTz6PVi2tcHBabHxrJa h0UY3qM+WuYaOAWomYPxVN1QSvBKMz1BP/qiKF+/UdlWUjtC9PKXiuNEsU1nJbXV KqGN+7gdvkIEI4vLh8I0UNNOlwq7Pv+EKzX6SQVwL0z2J/QYbAjX0+PaMykMRMpG a7hFXk6F0fhwR85kAQr8xVuLDdZef/9O3R+z1dhtXOk2DGMnw/tkvxvx2jn6K2Go Xg5zWiwBWN+0kS4yvc8NXYljNIje0FBXxQ4MCu3Je7wCNCcwH7zse8QRezjRaLKR IAn5+dz4ifjlgLIYsEqppmZNJ7aN1FdIYd5iEp1bwS2C+Lj+xtL28Q== =sEsQ -----END PGP SIGNATURE----- From carlosatown at gmail.com Tue Aug 20 16:14:59 2013 From: carlosatown at gmail.com (Carlos L) Date: Tue, 20 Aug 2013 09:14:59 -0400 Subject: [Dovecot] age-limit In-Reply-To: References: Message-ID: That sounds like it would do the trick thank you very much. PS. I was just throwing quota as a parallel. On Tue, Aug 20, 2013 at 9:08 AM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Mon, 19 Aug 2013, Carlos L wrote: > > I'm trying to figure if there is a "proactive" way to enforce item age on >> maildir . maildir-cleanup kind of does it but im looking for something >> similiar to quota ++ that you can add to dovecot but for item age not >> size. >> > > Hmm, how would quota be involved there? > Maybe: http://wiki2.dovecot.org/**Plugins/Expire > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUhNqV13r2wJMiz2NAQIiZg**f+**N2VTT04KaLwq2LTz6PVi2tcHBabHxr**Ja > h0UY3qM+**WuYaOAWomYPxVN1QSvBKMz1BP/**qiKF+/UdlWUjtC9PKXiuNEsU1nJbXV > KqGN+**7gdvkIEI4vLh8I0UNNOlwq7Pv+**EKzX6SQVwL0z2J/QYbAjX0+**PaMykMRMpG > a7hFXk6F0fhwR85kAQr8xVuLDdZef/**9O3R+z1dhtXOk2DGMnw/**tkvxvx2jn6K2Go > Xg5zWiwBWN+**0kS4yvc8NXYljNIje0FBXxQ4MCu3Je**7wCNCcwH7zse8QRezjRaLKR > IAn5+**dz4ifjlgLIYsEqppmZNJ7aN1FdIYd5**iEp1bwS2C+Lj+xtL28Q== > =sEsQ > -----END PGP SIGNATURE----- > From erickom at kom.za.net Tue Aug 20 16:37:46 2013 From: erickom at kom.za.net (Eric Kom) Date: Tue, 20 Aug 2013 15:37:46 +0200 Subject: [Dovecot] username and password can't be verified In-Reply-To: References: <5213407E.1090302@kom.za.net> Message-ID: <5213712A.3090402@kom.za.net> On 20/08/2013 15:07, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >> Aug 20 09:03:03 ajk dovecot: auth-worker(17041): Debug: >> pam(erickom at metropolitan.org.za,10.0.0.103): lookup service=dovecot > > Your passwd contains the user with @domain? I don't think so. I uncommented the above # System users (NSS, /etc/passwd, or similiar). # In many systems nowadays this uses Name Service Switch, which is # configured in /etc/nsswitch.conf. passdb { driver = passwd # [blocking=no] #args = } and commented the pam authentication. see below the log: Aug 20 15:32:00 ajk dovecot: auth: Debug: auth client connected (pid=17996) Aug 20 15:32:00 ajk dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011session=TFLnFGHkuwAKAABn#011lip=10.0.0.244#011rip=10.0.0.103#011lport=143#011rport=60347 Aug 20 15:32:00 ajk dovecot: auth: Debug: client passdb out: CONT#0111#011 Aug 20 15:32:00 ajk dovecot: auth: Debug: client in: CONT#0111#011AGVyaWNrb20AbmluYTAxMDE4M2M= (previous base64 data may contain sensitive data) Aug 20 15:32:00 ajk dovecot: auth-worker(17987): Debug: passwd(erickom,10.0.0.103): lookup Aug 20 15:32:00 ajk dovecot: auth-worker(17987): Error: passwd(erickom,10.0.0.103): Invalid password 'x' in passdb: crypt() failed: Invalid argument Aug 20 15:32:00 ajk dovecot: auth-worker(17987): Debug: passwd(erickom,10.0.0.103): CRYPT(nina0c) != 'x' Aug 20 15:32:02 ajk dovecot: auth: Debug: client passdb out: FAIL#0111#011user=erickom Aug 20 15:32:02 ajk dovecot: auth: Debug: client in: > - -- Steffen > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUhNqCl3r2wJMiz2NAQKlngf/Y0CBahthoVImrMcsnfBMaH+lOtpUY/u0 > oVSPsjqI8jznkehZm90Spn5b51ugBqFdEcB0tg4uMZRU/wJAr+SCpBJ5O6zd3jsw > BDxlnPbYm7TsH6CxH+IRPkdLgLQpRJhFUgaBiq7NkTJEeDjgpDMw9qitqq7txjsu > UlLX3+rYnvY/rmH2CF10GMvtrzFAkyuuOqVufYS6BNN4X1OhFlm+Jl/l9Vc89ZVa > +fFIUFDkvxZJFRCZ4NqGELzRsJHcW976C45GTBdCp2/T7jH/o26Ro2h0FJ3Z9Z48 > ISxPYiKjkG2a5+wUPmNxQOqKK5qR7PPiTw5YWWaJY9qus3DPQLEXWw== > =R6sE > -----END PGP SIGNATURE----- > -- Kind Regards Eric Kom System Administrator & Programmer - Metropolitan College _________________________________________ / You are scrupulously honest, frank, and \ | straightforward. Therefore you have few | \ friends. / ----------------------------------------- \ \ .--. |o_o | |:_/ | // \ \ (| Kom | ) /'\_ _/`\ \___)=(___/ 2 Hennie Van Till, White River, 1240 Tel: 013 750 2255 | Fax: 013 750 0105 | Cell: 078 879 1334 erickom at kom.za.net | erickom at metropolitancollege.co.za www.kom.za.net | www.kom.za.org | www.erickom.co.za Key fingerprint: 513E E91A C243 3020 8735 09BB 2DBC 5AD7 A9DA 1EF5 From ben+dovecot at mail-subs.com Tue Aug 20 16:42:22 2013 From: ben+dovecot at mail-subs.com (Ben) Date: Tue, 20 Aug 2013 14:42:22 +0100 Subject: [Dovecot] age-limit In-Reply-To: References: Message-ID: <5213723E.6020505@mail-subs.com> On 19/08/2013 20:46, Carlos L wrote: > I'm trying to figure if there is a "proactive" way to enforce item age on > maildir . maildir-cleanup kind of does it but im looking for something > similiar to quota ++ that you can add to dovecot but for item age not size. > > Any ideas? > Something along the following lines in your crontab ? If you really want to enforce ? ;-) /usr/bin/doveadm expunge -u USERNAME mailbox MAILBOX savedbefore 2w From skdovecot at smail.inf.fh-brs.de Tue Aug 20 17:06:24 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 20 Aug 2013 16:06:24 +0200 (CEST) Subject: [Dovecot] username and password can't be verified In-Reply-To: <5213712A.3090402@kom.za.net> References: <5213407E.1090302@kom.za.net> <5213712A.3090402@kom.za.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 20 Aug 2013, Eric Kom wrote: > On 20/08/2013 15:07, Steffen Kaiser wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >>> Aug 20 09:03:03 ajk dovecot: auth-worker(17041): Debug: >>> pam(erickom at metropolitan.org.za,10.0.0.103): lookup service=dovecot >> >> Your passwd contains the user with @domain? > I don't think so. you tried to auth as user erickom at metropolitan.org.za via PAM, but your /etc/passwd would know erickom only. Hence, try to auth without domain. > I uncommented the above > # System users (NSS, /etc/passwd, or similiar). > # In many systems nowadays this uses Name Service Switch, which is > # configured in /etc/nsswitch.conf. > passdb { > driver = passwd > # [blocking=no] > #args = > } > > and commented the pam authentication. > > see below the log: > Aug 20 15:32:00 ajk dovecot: auth: Debug: auth client connected (pid=17996) > Aug 20 15:32:00 ajk dovecot: auth: Debug: client in: > AUTH#0111#011PLAIN#011service=imap#011session=TFLnFGHkuwAKAABn#011lip=10.0.0.244#011rip=10.0.0.103#011lport=143#011rport=60347 > Aug 20 15:32:00 ajk dovecot: auth: Debug: client passdb out: CONT#0111#011 > Aug 20 15:32:00 ajk dovecot: auth: Debug: client in: > CONT#0111#011AGVyaWNrb20AbmluYTAxMDE4M2M= (previous base64 data may contain > sensitive data) > Aug 20 15:32:00 ajk dovecot: auth-worker(17987): Debug: > passwd(erickom,10.0.0.103): lookup > Aug 20 15:32:00 ajk dovecot: auth-worker(17987): Error: > passwd(erickom,10.0.0.103): Invalid password 'x' in passdb: crypt() failed: > Invalid argument Now you try with another passwd driver and access /etc/passwd without PAM, but you have a shadowed passwd system. Revert to passdb pam and try the username without domain. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUhN34F3r2wJMiz2NAQIvlQgArga4yyFyaFX0GkQ3zybvbd6jO/gNL0uK +IARdKOP7w//Z+Zmzrnp4rPy1DJQahiw/IQ7FwepeOKpM8166v4Hg1JHjKJ+/pLp +opsIvuW5B2PLuYP9VE5NocNTiU5dq8YGmHr71ktCIlVizDLqRusHj54EwSNpyxH UVWYbGkiNfyzGunOHwI9hCUNMGER4E9NggMR9VQUjI5SnzKCy1me8f1T2dYRZZp5 djyN1oiuXcUycpVPo1ZcNj+vtJ5SBtTBCxll+gaRmHNR6IqkQ/QSMvUi++LpVKDZ 8tB4+j42nyAqi3Z7S/6X6li4CbjwF3jllsyKHUt8n8ie9Z5Fwavr6g== =K3/l -----END PGP SIGNATURE----- From erickom at metropolitancollege.co.za Tue Aug 20 17:32:02 2013 From: erickom at metropolitancollege.co.za (Eric Kom) Date: Tue, 20 Aug 2013 16:32:02 +0200 Subject: [Dovecot] username and password can't be verified In-Reply-To: References: <5213407E.1090302@kom.za.net> <5213712A.3090402@kom.za.net> Message-ID: <52137DE2.20002@metropolitancollege.co.za> On 20/08/2013 16:06, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 20 Aug 2013, Eric Kom wrote: > >> On 20/08/2013 15:07, Steffen Kaiser wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>>> Aug 20 09:03:03 ajk dovecot: auth-worker(17041): Debug: >>>> pam(erickom at metropolitan.org.za,10.0.0.103): lookup service=dovecot >>> >>> Your passwd contains the user with @domain? >> I don't think so. > > you tried to auth as user erickom at metropolitan.org.za via PAM, but > your /etc/passwd would know erickom only. Hence, try to auth without > domain. > >> I uncommented the above >> # System users (NSS, /etc/passwd, or similiar). >> # In many systems nowadays this uses Name Service Switch, which is >> # configured in /etc/nsswitch.conf. >> passdb { >> driver = passwd >> # [blocking=no] >> #args = >> } >> >> and commented the pam authentication. >> >> see below the log: >> Aug 20 15:32:00 ajk dovecot: auth: Debug: auth client connected >> (pid=17996) >> Aug 20 15:32:00 ajk dovecot: auth: Debug: client in: >> AUTH#0111#011PLAIN#011service=imap#011session=TFLnFGHkuwAKAABn#011lip=10.0.0.244#011rip=10.0.0.103#011lport=143#011rport=60347 >> Aug 20 15:32:00 ajk dovecot: auth: Debug: client passdb out: >> CONT#0111#011 >> Aug 20 15:32:00 ajk dovecot: auth: Debug: client in: >> CONT#0111#011AGVyaWNrb20AbmluYTAxMDE4M2M= (previous base64 data may >> contain sensitive data) >> Aug 20 15:32:00 ajk dovecot: auth-worker(17987): Debug: >> passwd(erickom,10.0.0.103): lookup >> Aug 20 15:32:00 ajk dovecot: auth-worker(17987): Error: >> passwd(erickom,10.0.0.103): Invalid password 'x' in passdb: crypt() >> failed: Invalid argument > > Now you try with another passwd driver and access /etc/passwd without > PAM, but you have a shadowed passwd system. Revert to passdb pam and > try the username without domain. > I got this in log: Aug 20 16:25:47 ajk dovecot: imap(erickom): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/mail//erickom/M$ Aug 20 16:25:47 ajk dovecot: imap(erickom): Debug: maildir++: root=/var/mail//erickom/Maildir, index=, indexpvt=, control=, inbox=/var/mail//erickom/Maildir, alt= Aug 20 16:25:47 ajk dovecot: imap(erickom): Debug: Namespace : /var/mail//erickom/Maildir doesn't exist yet, using default permissions Aug 20 16:25:47 ajk dovecot: imap(erickom): Debug: Namespace : Using permissions from /var/mail//erickom/Maildir: mode=0700 gid=default Aug 20 16:25:47 ajk dovecot: imap(erickom): Error: user erickom: Initialization failed: Namespace '': mkdir(/var/mail//erickom/Maildir) failed: Not a directory Aug 20 16:25:47 ajk dovecot: imap(erickom): Error: Invalid user settings. Refer to server log for more information. Aug 20 16:25:47 ajk dovecot: auth: Debug: auth client connected (pid=18322) Aug 20 16:25:47 ajk dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011session=GRZF1WHknQAKAABn#011lip=10.0.0.244#011rip=10.0.0.103#011lport=143#011rport=33693 Aug 20 16:25:47 ajk dovecot: auth: Debug: client passdb out: CONT#0111#011 Aug 20 16:25:47 ajk dovecot: auth: Debug: client in: CONT#0111#011AGVyaWNrb20AbmluYTAxMDE4M2M= (previous base64 data may contain sensitive data) Aug 20 16:25:47 ajk dovecot: auth-worker(18312): Debug: pam(erickom,10.0.0.103): lookup service=dovecot Aug 20 16:25:47 ajk dovecot: auth-worker(18312): Debug: pam(erickom,10.0.0.103): #1/1 style=1 msg=Password: Aug 20 16:25:47 ajk dovecot: auth: Debug: client passdb out: OK#0111#011user=erickom Aug 20 16:25:47 ajk dovecot: auth: Debug: master in: REQUEST#011272105473#01118322#0111#011212e9bee4a8613a63f5266e72ab3a350#011session_pid=18323 Aug 20 16:25:47 ajk dovecot: auth-worker(18312): Debug: passwd(erickom,10.0.0.103): lookup Aug 20 16:25:47 ajk dovecot: auth: Debug: master userdb out: USER#011272105473#011erickom#011system_groups_user=erickom#011uid=1000#011gid=1000#011home=/home/erickom#011auth_token=52c7$ Aug 20 16:25:47 ajk dovecot: imap-login: Login: user=, method=PLAIN, rip=10.0.0.103, lip=10.0.0.244, mpid=18323, session= Aug 20 16:25:47 ajk dovecot: imap(erickom): Debug: Effective uid=1000, gid=1000, home=/home/erickom Aug 20 16:25:47 ajk dovecot: imap(erickom): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/mail//erickom/M$ Aug 20 16:25:47 ajk dovecot: imap(erickom): Debug: maildir++: root=/var/mail//erickom/Maildir, index=, indexpvt=, control=, inbox=/var/mail//erickom/Maildir, alt= Aug 20 16:25:47 ajk dovecot: imap(erickom): Debug: Namespace : /var/mail//erickom/Maildir doesn't exist yet, using default permissions Aug 20 16:25:47 ajk dovecot: imap(erickom): Debug: Namespace : Using permissions from /var/mail//erickom/Maildir: mode=0700 gid=default Aug 20 16:25:47 ajk dovecot: imap(erickom): Error: user erickom: Initialization failed: Namespace '': mkdir(/var/mail//erickom/Maildir) failed: Not a directory Aug 20 16:25:47 ajk dovecot: imap(erickom): Error: Invalid user settings. Refer to server log for more information. The problem should be the maildir. This is the current maildir path for erickom: erickom at ajk:~$ ls -al /var/mail/metropolitan.org.za/erickom/Maildir/ total 20 drwxr-sr-x 5 erickom mail 4096 Aug 20 08:52 . drwx--S--- 3 erickom mail 4096 Aug 20 08:52 .. drwx--S--- 2 erickom mail 4096 Aug 20 07:59 cur drwx--S--- 2 erickom mail 4096 Aug 20 07:59 new drwx--S--- 2 erickom mail 4096 Aug 20 07:59 tmp erickom at ajk:~$ sudo doveconf -n [sudo] password for erickom: # 2.2.5 (c4f754d6967e): /etc/dovecot/dovecot.conf # OS: Linux 3.10-2-486 i686 Debian jessie/sid ext4 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login base_dir = /var/run/dovecot/ disable_plaintext_auth = no login_greeting = Great Kom, ready. mail_debug = yes mail_location = maildir:/var/mail/%d/%n/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap sieve pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_cert = - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUhN34F3r2wJMiz2NAQIvlQgArga4yyFyaFX0GkQ3zybvbd6jO/gNL0uK > +IARdKOP7w//Z+Zmzrnp4rPy1DJQahiw/IQ7FwepeOKpM8166v4Hg1JHjKJ+/pLp > +opsIvuW5B2PLuYP9VE5NocNTiU5dq8YGmHr71ktCIlVizDLqRusHj54EwSNpyxH > UVWYbGkiNfyzGunOHwI9hCUNMGER4E9NggMR9VQUjI5SnzKCy1me8f1T2dYRZZp5 > djyN1oiuXcUycpVPo1ZcNj+vtJ5SBtTBCxll+gaRmHNR6IqkQ/QSMvUi++LpVKDZ > 8tB4+j42nyAqi3Z7S/6X6li4CbjwF3jllsyKHUt8n8ie9Z5Fwavr6g== > =K3/l > -----END PGP SIGNATURE----- > -- Kind Regards Eric Kom System Administrator & Programmer - Metropolitan College _________________________________________ / You are scrupulously honest, frank, and \ | straightforward. Therefore you have few | \ friends. / ----------------------------------------- \ \ .--. |o_o | |:_/ | // \ \ (| Kom | ) /'\_ _/`\ \___)=(___/ 2 Hennie Van Till, White River, 1240 Tel: 013 750 2255 | Fax: 013 750 0105 | Cell: 078 879 1334 erickom at kom.za.net | erickom at metropolitancollege.co.za www.kom.za.net | www.kom.za.org | www.erickom.co.za Key fingerprint: 513E E91A C243 3020 8735 09BB 2DBC 5AD7 A9DA 1EF5 From ben+dovecot at mail-subs.com Tue Aug 20 18:57:54 2013 From: ben+dovecot at mail-subs.com (Ben) Date: Tue, 20 Aug 2013 16:57:54 +0100 Subject: [Dovecot] Dovecot Dsync Message-ID: <52139202.8090109@mail-subs.com> Hi, Sorry to bump it, but I've yet to receive even one reply to my question the other day about Dsync ? Everyone else seems to have been receiving replies to their questions and so I'm feeling a little lonely out in the cold. I can't believe nobody on-list uses Dsync ? Ben From gedalya at gedalya.net Tue Aug 20 19:16:25 2013 From: gedalya at gedalya.net (Gedalya) Date: Tue, 20 Aug 2013 12:16:25 -0400 Subject: [Dovecot] Dovecot Dsync In-Reply-To: <52139202.8090109@mail-subs.com> References: <52139202.8090109@mail-subs.com> Message-ID: <52139659.8020607@gedalya.net> On 08/20/2013 11:57 AM, Ben wrote: > Hi, > > Sorry to bump it, but I've yet to receive even one reply to my > question the other day about Dsync ? Everyone else seems to have been > receiving replies to their questions and so I'm feeling a little > lonely out in the cold. > > I can't believe nobody on-list uses Dsync ? > > Ben Maybe everyone is waiting for someone smarter than themselves to answer this.. :-) So.. hoping I read and understood your email correctly ... The first thing you tried failed because only root can change permissions, except for using the setuid bit which is probably not what you want here. The second might have failed because of: userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } dsync is using userdb and not authdb because it's not checking a password here. Can it be that its-virtmail doesn't have permission to read /etc/dovecot/users ? From me at junc.eu Tue Aug 20 19:22:49 2013 From: me at junc.eu (Benny Pedersen) Date: Tue, 20 Aug 2013 18:22:49 +0200 Subject: [Dovecot] Question: dovecot-1.2.17 , pop3 In-Reply-To: <5213449C.7070208@Media-Brokers.com> References: <5213449C.7070208@Media-Brokers.com> Message-ID: <8af8fbbc82a76bf118affa4f5573f2e9@junc.eu> Charles Marcus skrev den 2013-08-20 12:27: > On 2013-08-20 4:35 AM, Kutrus Neloy wrote: >> My question is: >> Is it possible to get this problem with my version? 1.2.17 ? > > It is no longer supported. > > Time to upgrade. time to ?, there might be a point of wiki vs wiki2 http://wiki2.dovecot.org/ http://wiki1.dovecot.org/ and i think its relevant to know if the same problem exists in v1 From rs at sys4.de Tue Aug 20 19:22:49 2013 From: rs at sys4.de (Robert Schetterer) Date: Tue, 20 Aug 2013 18:22:49 +0200 Subject: [Dovecot] Dovecot Dsync In-Reply-To: <52139202.8090109@mail-subs.com> References: <52139202.8090109@mail-subs.com> Message-ID: <521397D9.5000102@sys4.de> Am 20.08.2013 17:57, schrieb Ben: > Hi, > > Sorry to bump it, but I've yet to receive even one reply to my question > the other day about Dsync ? Everyone else seems to have been receiving > replies to their questions and so I'm feeling a little lonely out in the > cold. > > I can't believe nobody on-list uses Dsync ? > > Ben perhaps many people are on holidays in summer, however seems in your orig post you used 2.0.19 version there were a lot of updates perhaps first update 2.1.17 or 2.2.5 then retry also seems you have some permission problems failed: Permission denied (euid=1002(its_scripts) egid=1002(its_scripts) missing +r perm: /var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From gedalya at gedalya.net Tue Aug 20 19:32:34 2013 From: gedalya at gedalya.net (Gedalya) Date: Tue, 20 Aug 2013 12:32:34 -0400 Subject: [Dovecot] Dovecot Dsync In-Reply-To: <52139659.8020607@gedalya.net> References: <52139202.8090109@mail-subs.com> <52139659.8020607@gedalya.net> Message-ID: <52139A22.6070804@gedalya.net> On 08/20/2013 12:16 PM, Gedalya wrote: > only root can change permissions, Sorry I meant only root can change his own userid :-) From luciano at vespaperitivo.it Tue Aug 20 19:57:22 2013 From: luciano at vespaperitivo.it (Luciano Mannucci) Date: Tue, 20 Aug 2013 18:57:22 +0200 Subject: [Dovecot] Problem compiling 2.2.5 Message-ID: <20130820165723.6516B1AE88C7@dovecot.org> I'm trying to upgrade a very old sparcstation running Solaris 8 which is running dovecot 1.x for few users. All I have for the task is good old gcc 2.95.2. The poor sod complains because it can't compute the sizeof(unsigned char prefix_text[]) at line 13 of log-error-buffer.c. Can I help it by - say - putting a constant between the '[]'? Or is it unfair? :-) I don't think it's woth modifying the distribution only for us owning machines that should be in a museum by now... Thanks for the good software, BTW, luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 X AGAINST HTML MAIL / E-MAIL: posthamster at sublink.sublink.ORG / \ AND POSTINGS / WWW: http://www.lesassaie.IT/ From kremels at kreme.com Tue Aug 20 21:55:38 2013 From: kremels at kreme.com (LuKreme) Date: Tue, 20 Aug 2013 12:55:38 -0600 Subject: [Dovecot] Two of special mailboxes? Message-ID: <05B1FE35-D541-4177-B81B-BB25E872B6B7@kreme.com> # ls -lsd /path/to/virtual/.*{Junk,Drafts,Sent,Trash} 8 drwx------ 5 89 89 512 Aug 19 06:46 .Drafts 8 drwx------ 5 89 89 512 Aug 19 06:42 .INBOX.Drafts 8 drwx------ 5 89 89 512 Aug 20 11:44 .INBOX.Junk 8 drwx------ 5 89 89 512 Aug 19 06:42 .INBOX.Sent 8 drwx------ 5 89 89 512 Aug 19 19:41 .INBOX.Trash 8 drwx------ 5 89 89 512 Aug 19 06:55 .Junk 8 drwx------ 5 89 89 512 Aug 19 06:46 .Sent 8 drwx------ 5 89 89 512 Aug 20 11:44 .Trash # ls -nlsd /home/kremels/Maildir/.*{Junk,Drafts,Sent,Trash} 8 drwx------ 6 1004 1004 512 Aug 20 11:45 /home/kremels/Maildir/.Drafts 8 drwx------ 5 1004 1004 512 Aug 19 10:08 /home/kremels/Maildir/.INBOX.Drafts 8 drwx------ 5 1004 1004 512 Aug 19 10:01 /home/kremels/Maildir/.INBOX.Sent 8 drwx------ 6 1004 1004 512 Aug 20 11:42 /home/kremels/Maildir/.Junk 8 drwx------ 6 1004 1004 512 Aug 14 21:47 /home/kremels/Maildir/.NotJunk 8 drwx------ 6 1004 1004 512 Aug 19 22:24 /home/kremels/Maildir/.Sent 8 drwx------ 6 1004 1004 512 Aug 20 11:41 /home/kremels/Maildir/.Trash AS you can see, I only have SOME dupes in my list account. $ doveconf -n # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE i386 auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN disable_plaintext_auth = no first_valid_uid = 89 log_path = /var/log/dovecot login_log_format_elements = user=<%u> %r %m %c mail_location = maildir:~/Maildir mail_max_userip_connections = 50 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox NotJunk { auto = subscribe } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } ssl_cert = References: <84E5CD2B-C497-4DE8-8CC8-BE4322B844AB@kreme.com> Message-ID: On 20 Aug 2013, at 03:36 , Roel Wagenaar wrote: > DELIVER="/usr/lib/dovecot/dovecot-lda" > > :0 > * ^X-RSS-Feed: .*rss2email > | $DELIVER -m System.rss2email/ Ah, that is nice. I can run through my procmail recipes and then to dovecot-lda for sieve purposes. Can I pass a value to it for \\seen like dovecot-lda -o setflag="\\Seen"? -- The night is always old. He'd walked too often down dark streets in the secret hours and felt the night stretching away, and known in his blood that while days and kings and empires come and go, the night is always the same age, always aeons deep. Terrors unfolded in the velvet shadows and while the nature of the talons may change, the nature of the beast does not. --Jingo From AxelLuttgens at swing.be Tue Aug 20 23:29:08 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Tue, 20 Aug 2013 22:29:08 +0200 Subject: [Dovecot] Problem compiling 2.2.5 In-Reply-To: <20130820165723.6516B1AE88C7@dovecot.org> References: <20130820165723.6516B1AE88C7@dovecot.org> Message-ID: <97A4948E-1465-4FBF-B682-A1A72CFC2951@swing.be> Le 20 ao?t 2013 ? 18:57, Luciano Mannucci a ?crit : > > I'm trying to upgrade a very old sparcstation running Solaris 8 which > is running dovecot 1.x for few users. All I have for the task is good > old gcc 2.95.2. The poor sod complains because it can't compute the > sizeof(unsigned char prefix_text[]) at line 13 of log-error-buffer.c. > Can I help it by - say - putting a constant between the '[]'? > Or is it unfair? :-) Hello Luciano, Wouldn't unsigned char * prefix_text be equivalent in such a context? > I don't think it's woth modifying the distribution only for us owning > machines that should be in a museum by now... Solaris 8... yes, quite a long time now. :-) Axel From delrio at mie.utoronto.ca Tue Aug 20 23:43:31 2013 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Tue, 20 Aug 2013 16:43:31 -0400 Subject: [Dovecot] Problem compiling 2.2.5 In-Reply-To: <20130820165723.6516B1AE88C7@dovecot.org> References: <20130820165723.6516B1AE88C7@dovecot.org> Message-ID: <5213D4F3.7050609@mie.utoronto.ca> On 08/20/13 12:57 PM, Luciano Mannucci wrote: > I'm trying to upgrade a very old sparcstation running Solaris 8 which > is running dovecot 1.x for few users. All I have for the task is good > old gcc 2.95.2. opencsw.org might have dovecot 2.2.4 for Solaris 8 You might need lots of dependencies if you have not used opencsw before, but their pkg installer should take care of them too. They also have newer versions of gcc, if you still prefer to compile 2.2.5 from source. From ppi at searchy.net Tue Aug 20 23:47:10 2013 From: ppi at searchy.net (Frank de Bot) Date: Tue, 20 Aug 2013 22:47:10 +0200 Subject: [Dovecot] Delivering message to other mailbox Message-ID: <5213D5CE.8050804@searchy.net> Hi, On my mailserver I have for each mailbox a sieve script to put Spam-marked message into a folder (match header, then fileinto 'Spam'). This works, but I want to deliver spam-marked messages to a different mailbox. For each user a seperate mailbox is created next to the existing mailbox, allowing different authentication. How can I do this with dovecot/pigeonhole? I figured out I could redirect is the user.spam at domain which delivers to the other mailbox, but it will go into a new delivery process with amavis set up. (There's no point to scan a single message twice). Is there a way I can accomplish to directly deliver a spam-marked message to a different mailbox? Regards, Frank de Bot From me at junc.eu Wed Aug 21 00:27:05 2013 From: me at junc.eu (Benny Pedersen) Date: Tue, 20 Aug 2013 23:27:05 +0200 Subject: [Dovecot] Delivering message to other mailbox In-Reply-To: <5213D5CE.8050804@searchy.net> References: <5213D5CE.8050804@searchy.net> Message-ID: Frank de Bot skrev den 2013-08-20 22:47: > How can I do this with dovecot/pigeonhole? I figured out I could > redirect is the user.spam at domain which delivers to the other mailbox, > but it will go into a new delivery process with amavis set up. > (There's no point to scan a single message twice). configure amavis to deliver spam to another mailbox, this can be global or pr user with ldap or sql setup From ben+dovecot at mail-subs.com Wed Aug 21 01:03:15 2013 From: ben+dovecot at mail-subs.com (Ben) Date: Tue, 20 Aug 2013 23:03:15 +0100 Subject: [Dovecot] Dovecot Dsync In-Reply-To: <52139659.8020607@gedalya.net> References: <52139202.8090109@mail-subs.com> <52139659.8020607@gedalya.net> Message-ID: <5213E7A3.9060709@mail-subs.com> > Maybe everyone is waiting for someone smarter than themselves to answer > this.. :-) Maybe... but at the same time, there's a risk of me abandoning Dsync for rsync or something else that I know I could have implemented by now with far less frustration ! However I'm keen to learn how to utilise the power within Dsync.... ;-) > > So.. hoping I read and understood your email correctly ... Hoping that email wasn't too confusing ;-( > > The first thing you tried failed because only root can change > permissions, except for using the setuid bit which is probably not what > you want here. > The second might have failed because of: > > userdb { > args = username_format=%u /etc/dovecot/users > driver = passwd-file > } > > dsync is using userdb and not authdb because it's not checking a > password here. Can it be that its-virtmail doesn't have permission to > read /etc/dovecot/users ? > > hmmm ... its chmod 640 root:dovecot on the primary server and the same on the backup box. Do I need to mess around with permissions on both or just the backup box ? I was under the impression that Dsync was just a more modern version of a doveadm tool that went by a similar name and hence assumed it would use dovecot permissions. But then again, who knows... I was getting very confused at the end of a long day trying to make it work ! From ben+dovecot at mail-subs.com Wed Aug 21 01:11:26 2013 From: ben+dovecot at mail-subs.com (Ben) Date: Tue, 20 Aug 2013 23:11:26 +0100 Subject: [Dovecot] Dovecot Dsync In-Reply-To: <521397D9.5000102@sys4.de> References: <52139202.8090109@mail-subs.com> <521397D9.5000102@sys4.de> Message-ID: <5213E98E.8040003@mail-subs.com> > perhaps many people are on holidays in summer, > however seems in your orig post you used 2.0.19 version > there were a lot of updates perhaps first update 2.1.17 or 2.2.5 then retry True true... although from my point of view its hard not to be tempted to use rsync or something else that I know. But as I said to a previous respondent, I'm keen to get to know (and hopefully love) my new dovecot install ! I'm on an Ubuntu LTS release so the dovecot came from their release. I'd prefer to stay that way unless I really have to...especially if the only reason for doing so is to fix Dsync. 2.0.19 seems to otherwise working ok ! Maybe I'll have a look through the release notes on a rainy day ! > > also seems you have some permission problems > > failed: Permission denied (euid=1002(its_scripts) egid=1002(its_scripts) > missing +r perm: /var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) > > Hmmm... I think I tried that at some point, I think that was when the problem might have morphed into ... dsync(its-virtmail): Error: user test at somewhere.example.com: Initialization failed: mail_location not set and autodetection failed: Mail storage autodetection failed with home=/srv/mail/example.com/test dsync(its-virtmail): Fatal: User init failed dsync-local(test at somewhere.example.com): Error: read() from worker server failed: EOF But I'll give it another go tomorrow. From kjonca at o2.pl Wed Aug 21 02:02:46 2013 From: kjonca at o2.pl (Kamil =?iso-8859-2?Q?Jo=F1ca?=) Date: Wed, 21 Aug 2013 01:02:46 +0200 Subject: [Dovecot] (Maybe stupid) question about selecting mailbox Message-ID: <8738q40xux.fsf@alfa.kjonca> Does mailbox with "\NoSelect" can be select or examine? I'm not sure but IMVHO "select x" should not work. $/usr/lib/dovecot/imap * PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE COMPRESS=DEFLATE] Logged in as kjonca 2 LIST "x" "*" * LIST (\Noselect \HasChildren) "/" "x" * LIST (\HasNoChildren) "/" "x/y" 2 OK List completed. 3 SELECT x * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 1376977764] UIDs valid * OK [UIDNEXT 1] Predicted next UID * OK [NOMODSEQ] No permanent modsequences 3 OK [READ-WRITE] Select completed. 4 logout IMAP(kjonca): Info: Disconnected: Logged out in=35 out=813 * BYE Logging out 4 OK Logout completed. doveconf -n # 2.1.17 (d463fab6db95): /etc/dovecot/dovecot.conf # OS: Linux 3.8.9+1 x86_64 Debian wheezy/sid auth_debug = yes auth_mechanisms = plain digest-md5 cram-md5 login auth_username_format = %n auth_verbose = yes listen = alfa log_path = /var/log/dovecot mail_debug = yes mail_location = maildir:~/Mail/1:LAYOUT=fs:INBOX=~/Mail/1/INBOX mail_log_prefix = "%Us(%u): " mail_plugins = zlib passdb { args = scheme=PLAIN /etc/security/dovecot.pwd driver = passwd-file } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change save mail_log_fields = uid box msgid size from flags sieve = ~/.dovecot.sieve sieve_execute_bin_dir = %h/sieve/bin sieve_execute_exec_timeout = 86400s sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute +vnd.dovecot.filter sieve_filter_bin_dir = %h/sieve/bin sieve_filter_exec_timeout = 86400s sieve_pipe_bin_dir = %h/sieve/bin sieve_pipe_exec_timeout = 86400s sieve_plugins = sieve_extprograms } protocols = " imap lmtp" service auth { user = root } ssl = no ssl_cert = References: <5213407E.1090302@kom.za.net> Message-ID: <67322108-0B19-4658-AF38-D0C6C5B04FCD@kreme.com> On 20 Aug 2013, at 07:07 , Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >> Aug 20 09:03:03 ajk dovecot: auth-worker(17041): Debug: pam(erickom at metropolitan.org.za,10.0.0.103): lookup service=dovecot > > Your passwd contains the user with @domain? That's pretty normal for virtual users. All my virtual users are user at domain.tld/password. Otherwise you would have collisions between, for example, info at example.com and info at example.net -- All great truths begin as blasphemies. From ph at whatever.nu Wed Aug 21 09:52:52 2013 From: ph at whatever.nu (Per-Henrik Lundblom) Date: Wed, 21 Aug 2013 08:52:52 +0200 Subject: [Dovecot] Auth error in log Message-ID: <20130821065252.GY2125@whatever.nu> Hi, I have a setup with Dovecot handling a few virtual domains delivering mails to both local Unix account mailboxes and seperate mailboxes for virtual users defined in a MySQL database. A quick overview of the configuration shows two passdb definitions: auth default { mechanisms = plain login passdb pam { args = dovecot } passdb sql { args = /etc/dovecot/dovecot-sql.conf } userdb passwd { args = mail=maildir:~/Maildir blocking=yes } userdb static { args = uid=vmail gid=mail home=/var/spool/vmail/%d/%n allow_all_users=yes } user = root socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail group = mail } client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } !include_try /etc/dovecot/auth.d/*.auth } When a virtual user defined in the MySQL database tries to log in using IMAP or SMTP I always get auth failures logged in the system logs. Entries are like this: Aug 21 06:25:36 roadrunner dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=luser at mydomain.com rhost=85.224.xx.xx I assume these failures comes form the fact that PAM doesn't recognize the virtual users and Dovecot continues to the SQL passdb entry. As a result I get a _lot_ of auth failures in the logs. I have tried to come up with a way where the auth failures from PAM arent't logged if the the SQL authenication is successful. Is this possible or are there any other recommended ways to handle this? /PH -- Per-Henrik Lundblom email: ph at whatever.nu phone: +46 733 207126 webpage: www.whatever.nu From luciano at vespaperitivo.it Wed Aug 21 12:07:32 2013 From: luciano at vespaperitivo.it (Luciano Mannucci) Date: Wed, 21 Aug 2013 11:07:32 +0200 Subject: [Dovecot] Problem compiling 2.2.5 In-Reply-To: <97A4948E-1465-4FBF-B682-A1A72CFC2951@swing.be> References: <20130820165723.6516B1AE88C7@dovecot.org> <97A4948E-1465-4FBF-B682-A1A72CFC2951@swing.be> Message-ID: <20130821090733.D42FC1AE87D5@dovecot.org> On Tue, 20 Aug 2013 22:29:08 +0200 Axel Luttgens wrote: > Wouldn't > > unsigned char * prefix_text > > be equivalent in such a context? It should. That's the first thing I tried. It dumps core, tough... Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 X AGAINST HTML MAIL / E-MAIL: posthamster at sublink.sublink.ORG / \ AND POSTINGS / WWW: http://www.lesassaie.IT/ From luciano at vespaperitivo.it Wed Aug 21 12:08:59 2013 From: luciano at vespaperitivo.it (Luciano Mannucci) Date: Wed, 21 Aug 2013 11:08:59 +0200 Subject: [Dovecot] Problem compiling 2.2.5 In-Reply-To: <5213D4F3.7050609@mie.utoronto.ca> References: <20130820165723.6516B1AE88C7@dovecot.org> <5213D4F3.7050609@mie.utoronto.ca> Message-ID: <20130821090900.E481B1AE8826@dovecot.org> On Tue, 20 Aug 2013 16:43:31 -0400 Oscar del Rio wrote: > opencsw.org might have dovecot 2.2.4 for Solaris 8 Thanks for the pointer. I'll have a look. Thanks again, Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 X AGAINST HTML MAIL / E-MAIL: posthamster at sublink.sublink.ORG / \ AND POSTINGS / WWW: http://www.lesassaie.IT/ From kavish.karkera at yahoo.com Wed Aug 21 13:37:46 2013 From: kavish.karkera at yahoo.com (Kavish Karkera) Date: Wed, 21 Aug 2013 18:37:46 +0800 (SGT) Subject: [Dovecot] High Load Average on POP/IMAP. Message-ID: <1377081466.14923.YahooMailNeo@web193503.mail.sg3.yahoo.com> Hi, We have a serious issue running on our POP/IMAP servers these days. The load average of a servers spikes up to 400-500 as a uptime command result, for a particular time period , to be specific mostly in noon time and evening, but it last for few minutes only. We have 2 servers running dovecot 1.1.20 , in loadbanlancer, We have used KEEPLIVE (1.1.13) for loadbalacing. Server specification. Operating System : CentOS 5.5 64bit CPU cores : 16 RAM : 8GB Mail and Indexes are mounted on NFS (NetApp). Below is the dovecot -n ... (top results during high spike) ############################################################################################# # 1.1.20: /usr/local/etc/dovecot.conf # OS: Linux 2.6.28 x86_64 CentOS release 5.5 (Final) log_path: /var/log/dovecot-info.log info_log_path: /var/log/dovecot-info.log syslog_facility: local1 protocols: imap imaps pop3 pop3s listen(default): *:143 listen(imap): *:143 listen(pop3): *:110 ssl_listen(default): *:993 ssl_listen(imap): *:993 ssl_listen(pop3): *:995 ssl_cert_file: /usr/local/etc/ssl/certs/dovecot.pem ssl_key_file: /usr/local/etc/ssl/private/dovecot.pem disable_plaintext_auth: no login_dir: /usr/local/var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login login_greeting: Welcome to Popserver. login_process_per_connection: no max_mail_processes: 1024 mail_max_userip_connections(default): 100 mail_max_userip_connections(imap): 100 mail_max_userip_connections(pop3): 50 verbose_proctitle: yes first_valid_uid: 99 first_valid_gid: 99 mail_location: maildir:~/Maildir:INDEX=/indexes/%h:CONTROL=/indexes/%h mmap_disable: yes mail_nfs_storage: yes mail_nfs_index: yes lock_method: dotlock mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 pop3_no_flag_updates(default): no pop3_no_flag_updates(imap): no pop3_no_flag_updates(pop3): yes pop3_lock_session(default): no pop3_lock_session(imap): no pop3_lock_session(pop3): yes pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls lda: postmaster_address: admin at research.com mail_plugins: cmusieve quota mail_log mail_plugin_dir: /usr/local/lib/dovecot/lda auth_socket_path: /var/run/dovecot/auth-master auth default: worker_max_count: 15 passdb: driver: sql args: /usr/local/etc/dovecot-mysql.conf userdb: driver: sql args: /usr/local/etc/dovecot-mysql.conf userdb: driver: prefetch socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 user: nobody group: nobody master: path: /var/run/dovecot/auth-master mode: 384 user: nobody group: nobody plugin: quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95 %u quota_warning2: storage=80%% /usr/local/bin/quota-warning.sh 80 %u quota: maildir:storage=64 ############################################################################################## ############################################################################################## top - 12:08:31 up 206 days, 10:45, 3 users, load average: 189.88, 82.07, 55.97 Tasks: 771 total, 1 running, 767 sleeping, 1 stopped, 2 zombie Cpu(s): 8.3%us, 7.6%sy, 0.0%ni, 8.3%id, 75.0%wa, 0.0%hi, 0.8%si, 0.0%st Mem: 16279824k total, 11913788k used, 4366036k free, 334308k buffers Swap: 4192956k total, 0k used, 4192956k free, 10359492k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 408 mysql 18 0 384m 38m 4412 S 52.8 0.2 42221:44 mysqld 29326 nobody 15 0 22688 10m 1112 D 3.9 0.1 0:00.05 imap 29313 nobody 16 0 14892 4892 1000 S 3.1 0.0 0:00.07 imap 28129 nobody 16 0 23688 4148 1140 S 2.3 0.0 0:00.10 imap 28936 nobody 16 0 25048 13m 1108 S 2.3 0.1 0:00.06 imap 29302 nobody 16 0 15168 3924 1000 S 2.3 0.0 0:00.05 imap 29307 nobody 16 0 12864 2892 1000 S 2.3 0.0 0:00.03 imap 21956 root 15 0 13272 1652 800 R 1.6 0.0 0:06.46 top 29119 nobody 16 0 26000 9324 1096 D 1.6 0.1 0:00.11 imap 29158 nobody 16 0 12684 2728 1028 S 1.6 0.0 0:00.03 imap 29204 nobody 16 0 14400 4232 1000 S 1.6 0.0 0:00.08 imap 29262 nobody 16 0 25436 2776 1120 S 1.6 0.0 0:00.02 imap 3397 root 10 -5 0 0 0 S 0.8 0.0 28:02.90 rpciod/2 3401 root 10 -5 0 0 0 S 0.8 0.0 337:30.77 rpciod/6 4218 root 16 0 8948 1548 588 S 0.8 0.0 8:05.53 dovecot 10214 root 15 0 50868 1968 1468 S 0.8 0.0 0:30.08 dovecot-auth 27454 nobody 16 0 19220 5048 1256 D 0.8 0.0 0:00.17 imap 27820 nobody 16 0 18916 4704 1252 D 0.8 0.0 0:00.08 imap 27925 nobody 16 0 11180 1524 1000 S 0.8 0.0 0:00.07 imap 28094 nobody 16 0 11536 2068 1148 S 0.8 0.0 0:00.13 imap 28150 nobody 16 0 12528 2396 1104 S 0.8 0.0 0:00.08 imap 28196 nobody 16 0 13976 3792 1148 S 0.8 0.0 0:00.21 imap 28292 nobody 16 0 11984 1808 1004 S 0.8 0.0 0:00.04 imap 28343 nobody 16 0 11584 2052 1152 D 0.8 0.0 0:00.02 imap 28352 nobody 15 0 11108 1492 1004 S 0.8 0.0 0:00.04 imap 28413 nobody 16 0 11220 1568 996 S 0.8 0.0 0:00.02 imap 28434 nobody 16 0 12492 2444 1004 S 0.8 0.0 0:00.05 imap 28467 nobody 16 0 11852 2044 1004 D 0.8 0.0 0:00.06 imap 28558 nobody 16 0 11904 2316 1168 S 0.8 0.0 0:00.02 imap 28643 nobody 16 0 11312 1688 1000 S 0.8 0.0 0:00.04 imap 28711 nobody 15 0 12048 1868 1004 S 0.8 0.0 0:00.04 imap 28779 nobody 16 0 23392 10m 1000 D 0.8 0.1 0:00.05 imap ############################################################################################ Regards, Kavish Karkera From ph at whatever.nu Wed Aug 21 13:43:11 2013 From: ph at whatever.nu (Per-Henrik Lundblom) Date: Wed, 21 Aug 2013 12:43:11 +0200 Subject: [Dovecot] Auth error in log In-Reply-To: <20130821065252.GY2125@whatever.nu> References: <20130821065252.GY2125@whatever.nu> Message-ID: <20130821104311.GC2125@whatever.nu> Hi, Also attached a dovecot -n dump: # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.35-23-generic-pae i686 Ubuntu 10.04.4 LTS ext4 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login first_valid_uid: 117 mail_privileged_group: mail mail_location: maildir:/var/spool/vmail/%d/%n/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 lda: postmaster_address: postmaster at mydomain.com auth_socket_path: /var/run/dovecot/auth-master log_path: /var/spool/vmail/dovecot-deliver.log auth default: mechanisms: plain login passdb: driver: pam args: dovecot passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd args: mail=maildir:~/Maildir blocking=yes userdb: driver: static args: uid=vmail gid=mail home=/var/spool/vmail/%d/%n allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: mail /PH -- Per-Henrik Lundblom epost: ph at whatever.nu telefon: 0733-20 71 26 hemsida: www.whatever.nu From stan at hardwarefreak.com Wed Aug 21 14:32:39 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 21 Aug 2013 06:32:39 -0500 Subject: [Dovecot] Question: dovecot-1.2.17 , pop3 In-Reply-To: <5213449C.7070208@Media-Brokers.com> References: <5213449C.7070208@Media-Brokers.com> Message-ID: <5214A557.1080702@hardwarefreak.com> On 8/20/2013 5:27 AM, Charles Marcus wrote: > On 2013-08-20 4:35 AM, Kutrus Neloy wrote: >> My question is: >> Is it possible to get this problem with my version? 1.2.17 ? > > It is no longer supported. I must have missed that announcement. I recall Timo saying something to the effect that he will no longer fix bugs in 1.2.x. I don't recall him saying he won't support 1.2.x users in any way. -- Stan From andrea.gabellini.sc at telecomitalia.sm Wed Aug 21 14:57:48 2013 From: andrea.gabellini.sc at telecomitalia.sm (Andrea gabellini - SC) Date: Wed, 21 Aug 2013 13:57:48 +0200 Subject: [Dovecot] Dovecot tuning for GFS2 Message-ID: <5214AB3C.3030106@telecomitalia.sm> Hello, I'm deploing a new email cluster using Dovecot over GFS2. Actually I'm using courier over GFS. Actually I'm testing Dovecot with these parameters: mmap_disable = yes mail_fsync = always mail_nfs_storage = yes mail_nfs_index = yes lock_method = fcntl Are they correct? RedHat GFS support mmap, so is it better to enable it or leave it disabled? The documentation suggest the use of flock. What about it? Thanks, Andrea -- ---------------------------------------------------------------- Don't talk with a full mouth ... or with an empty head ---------------------------------------------------------------- Ing. *Andrea Gabellini* Email: andrea.gabellini at telecomitalia.sm Skype: andreagabellini Tel: (+378) 0549 886111 Fax: (+378) 0549 886188 Telecom Italia San Marino S.p.A. Strada degli Angariari, 3 47891 Rovereta Republic of San Marino http://www.telecomitalia.sm From rs at sys4.de Wed Aug 21 15:04:35 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 21 Aug 2013 14:04:35 +0200 Subject: [Dovecot] Dovecot tuning for GFS2 In-Reply-To: <5214AB3C.3030106@telecomitalia.sm> References: <5214AB3C.3030106@telecomitalia.sm> Message-ID: <5214ACD3.1090901@sys4.de> Am 21.08.2013 13:57, schrieb Andrea gabellini - SC: > Hello, > > I'm deploing a new email cluster using Dovecot over GFS2. Actually I'm > using courier over GFS. > > Actually I'm testing Dovecot with these parameters: > > mmap_disable = yes > mail_fsync = always > mail_nfs_storage = yes > mail_nfs_index = yes > lock_method = fcntl > > Are they correct? > > RedHat GFS support mmap, so is it better to enable it or leave it disabled? > The documentation suggest the use of flock. What about it? > > Thanks, > Andrea > > > i have mail_fsync = always mail_nfs_storage = yes mail_nfs_index = yes mmap_disable = yes with ocfs2/maildir howeveryou you use a cluster filesystem ,if you use loadbalancing additional you should use it with http://wiki2.dovecot.org/Director by the way i never tested GFS2 with dovecot myself, but others told me it doesnt work very fine.... Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From bind at enas.net Wed Aug 21 15:04:52 2013 From: bind at enas.net (Urban Loesch) Date: Wed, 21 Aug 2013 14:04:52 +0200 Subject: [Dovecot] High Load Average on POP/IMAP. In-Reply-To: <1377081466.14923.YahooMailNeo@web193503.mail.sg3.yahoo.com> References: <1377081466.14923.YahooMailNeo@web193503.mail.sg3.yahoo.com> Message-ID: <5214ACE4.9000209@enas.net> Hi, if you try the following command during the server has a high load: # ps -ostat,pid,time,wchan='WCHAN-xxxxxxxxxxxxxxxxxxxx',cmd ax |grep D Do you get back something like this? STAT PID TIME WCHAN-xxxxxxxxxxxxxxxxxxxx CMD D 18713 00:00:00 synchronize_srcu dovecot/imap D 18736 00:00:00 synchronize_srcu dovecot/imap D 18775 00:00:05 synchronize_srcu dovecot/imap D 20330 00:00:00 synchronize_srcu dovecot/imap D 20357 00:00:00 synchronize_srcu dovecot/imap D 20422 00:00:00 synchronize_srcu dovecot/imap D 20687 00:00:00 synchronize_srcu dovecot/imap S+ 20913 00:00:00 pipe_wait grep D If yes, it could be a problem with Inotify in your kernel. You can try to disable inotify in the kernel with: echo 0 > /proc/sys/fs/inotify/max_user_watches echo 0 > /proc/sys/fs/inotify/max_user_instances Full article: http://thread.gmane.org/gmane.linux.kernel/1315430 For me this resolved the problem. Load goes down to < 1.00 Regards Urban Am 21.08.2013 12:37, schrieb Kavish Karkera: > Hi, > > We have a serious issue running on our POP/IMAP servers these days. The load average of a servers > spikes up to 400-500 as a uptime command result, for a particular time period , to be specific > mostly in noon time and evening, but it last for few minutes only. > > We have 2 servers running dovecot 1.1.20 , in loadbanlancer, We have used KEEPLIVE (1.1.13) for > loadbalacing. > > Server specification. > Operating System : CentOS 5.5 64bit > CPU cores : 16 > RAM : 8GB > > Mail and Indexes are mounted on NFS (NetApp). > > Below is the dovecot -n ... (top results during high spike) > > > ############################################################################################# > > # 1.1.20: /usr/local/etc/dovecot.conf > # OS: Linux 2.6.28 x86_64 CentOS release 5.5 (Final) > log_path: /var/log/dovecot-info.log > info_log_path: /var/log/dovecot-info.log > syslog_facility: local1 > protocols: imap imaps pop3 pop3s > listen(default): *:143 > listen(imap): *:143 > listen(pop3): *:110 > ssl_listen(default): *:993 > ssl_listen(imap): *:993 > ssl_listen(pop3): *:995 > ssl_cert_file: /usr/local/etc/ssl/certs/dovecot.pem > ssl_key_file: /usr/local/etc/ssl/private/dovecot.pem > disable_plaintext_auth: no > login_dir: /usr/local/var/run/dovecot/login > login_executable(default): /usr/local/libexec/dovecot/imap-login > login_executable(imap): /usr/local/libexec/dovecot/imap-login > login_executable(pop3): /usr/local/libexec/dovecot/pop3-login > login_greeting: Welcome to Popserver. > login_process_per_connection: no > max_mail_processes: 1024 > mail_max_userip_connections(default): 100 > mail_max_userip_connections(imap): 100 > mail_max_userip_connections(pop3): 50 > verbose_proctitle: yes > first_valid_uid: 99 > first_valid_gid: 99 > mail_location: maildir:~/Maildir:INDEX=/indexes/%h:CONTROL=/indexes/%h > mmap_disable: yes > mail_nfs_storage: yes > mail_nfs_index: yes > lock_method: dotlock > mail_executable(default): /usr/local/libexec/dovecot/imap > mail_executable(imap): /usr/local/libexec/dovecot/imap > mail_executable(pop3): /usr/local/libexec/dovecot/pop3 > mail_plugins(default): quota imap_quota > mail_plugins(imap): quota imap_quota > mail_plugins(pop3): quota > mail_plugin_dir(default): /usr/local/lib/dovecot/imap > mail_plugin_dir(imap): /usr/local/lib/dovecot/imap > mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 > pop3_no_flag_updates(default): no > pop3_no_flag_updates(imap): no > pop3_no_flag_updates(pop3): yes > pop3_lock_session(default): no > pop3_lock_session(imap): no > pop3_lock_session(pop3): yes > pop3_client_workarounds(default): > pop3_client_workarounds(imap): > pop3_client_workarounds(pop3): outlook-no-nuls > lda: > postmaster_address: admin at research.com > mail_plugins: cmusieve quota mail_log > mail_plugin_dir: /usr/local/lib/dovecot/lda > auth_socket_path: /var/run/dovecot/auth-master > auth default: > worker_max_count: 15 > passdb: > driver: sql > args: /usr/local/etc/dovecot-mysql.conf > userdb: > driver: sql > args: /usr/local/etc/dovecot-mysql.conf > userdb: > driver: prefetch > socket: > type: listen > client: > path: /var/run/dovecot/auth-client > mode: 432 > user: nobody > group: nobody > master: > path: /var/run/dovecot/auth-master > mode: 384 > user: nobody > group: nobody > plugin: > quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95 %u > quota_warning2: storage=80%% /usr/local/bin/quota-warning.sh 80 %u > quota: maildir:storage=64 > ############################################################################################## > > ############################################################################################## > > top - 12:08:31 up 206 days, 10:45, 3 users, load average: 189.88, 82.07, 55.97 > Tasks: 771 total, 1 running, 767 sleeping, 1 stopped, 2 zombie > Cpu(s): 8.3%us, 7.6%sy, 0.0%ni, 8.3%id, 75.0%wa, 0.0%hi, 0.8%si, 0.0%st > Mem: 16279824k total, 11913788k used, 4366036k free, 334308k buffers > Swap: 4192956k total, 0k used, 4192956k free, 10359492k cached > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 408 mysql 18 0 384m 38m 4412 S 52.8 0.2 42221:44 mysqld > 29326 nobody 15 0 22688 10m 1112 D 3.9 0.1 0:00.05 imap > 29313 nobody 16 0 14892 4892 1000 S 3.1 0.0 0:00.07 imap > 28129 nobody 16 0 23688 4148 1140 S 2.3 0.0 0:00.10 imap > 28936 nobody 16 0 25048 13m 1108 S 2.3 0.1 0:00.06 imap > 29302 nobody 16 0 15168 3924 1000 S 2.3 0.0 0:00.05 imap > 29307 nobody 16 0 12864 2892 1000 S 2.3 0.0 0:00.03 imap > 21956 root 15 0 13272 1652 800 R 1.6 0.0 0:06.46 top > 29119 nobody 16 0 26000 9324 1096 D 1.6 0.1 0:00.11 imap > 29158 nobody 16 0 12684 2728 1028 S 1.6 0.0 0:00.03 imap > 29204 nobody 16 0 14400 4232 1000 S 1.6 0.0 0:00.08 imap > 29262 nobody 16 0 25436 2776 1120 S 1.6 0.0 0:00.02 imap > 3397 root 10 -5 0 0 0 S 0.8 0.0 28:02.90 rpciod/2 > 3401 root 10 -5 0 0 0 S 0.8 0.0 337:30.77 rpciod/6 > 4218 root 16 0 8948 1548 588 S 0.8 0.0 8:05.53 dovecot > 10214 root 15 0 50868 1968 1468 S 0.8 0.0 0:30.08 dovecot-auth > 27454 nobody 16 0 19220 5048 1256 D 0.8 0.0 0:00.17 imap > 27820 nobody 16 0 18916 4704 1252 D 0.8 0.0 0:00.08 imap > 27925 nobody 16 0 11180 1524 1000 S 0.8 0.0 0:00.07 imap > 28094 nobody 16 0 11536 2068 1148 S 0.8 0.0 0:00.13 imap > 28150 nobody 16 0 12528 2396 1104 S 0.8 0.0 0:00.08 imap > 28196 nobody 16 0 13976 3792 1148 S 0.8 0.0 0:00.21 imap > 28292 nobody 16 0 11984 1808 1004 S 0.8 0.0 0:00.04 imap > 28343 nobody 16 0 11584 2052 1152 D 0.8 0.0 0:00.02 imap > 28352 nobody 15 0 11108 1492 1004 S 0.8 0.0 0:00.04 imap > 28413 nobody 16 0 11220 1568 996 S 0.8 0.0 0:00.02 imap > 28434 nobody 16 0 12492 2444 1004 S 0.8 0.0 0:00.05 imap > 28467 nobody 16 0 11852 2044 1004 D 0.8 0.0 0:00.06 imap > 28558 nobody 16 0 11904 2316 1168 S 0.8 0.0 0:00.02 imap > 28643 nobody 16 0 11312 1688 1000 S 0.8 0.0 0:00.04 imap > 28711 nobody 15 0 12048 1868 1004 S 0.8 0.0 0:00.04 imap > 28779 nobody 16 0 23392 10m 1000 D 0.8 0.1 0:00.05 imap > > ############################################################################################ > > Regards, > Kavish Karkera > From kavish.karkera at yahoo.com Wed Aug 21 15:16:31 2013 From: kavish.karkera at yahoo.com (Kavish Karkera) Date: Wed, 21 Aug 2013 20:16:31 +0800 (SGT) Subject: [Dovecot] High Load Average on POP/IMAP. In-Reply-To: <5214ACE4.9000209@enas.net> References: <1377081466.14923.YahooMailNeo@web193503.mail.sg3.yahoo.com> <5214ACE4.9000209@enas.net> Message-ID: <1377087391.3008.YahooMailNeo@web193506.mail.sg3.yahoo.com> Thanks Urban, will try this and will let you know. Regards, Kavish Karkera ________________________________ From: Urban Loesch To: "dovecot at dovecot.org" Sent: Wednesday, 21 August 2013 5:34 PM Subject: Re: [Dovecot] High Load Average on POP/IMAP. Hi, if you try the following command during the server has a high load: # ps -ostat,pid,time,wchan='WCHAN-xxxxxxxxxxxxxxxxxxxx',cmd ax? |grep D Do you get back something like this? STAT? PID? ? TIME WCHAN-xxxxxxxxxxxxxxxxxxxx CMD D? ? 18713 00:00:00 synchronize_srcu? ? ? ? ? dovecot/imap D? ? 18736 00:00:00 synchronize_srcu? ? ? ? ? dovecot/imap D? ? 18775 00:00:05 synchronize_srcu? ? ? ? ? dovecot/imap D? ? 20330 00:00:00 synchronize_srcu? ? ? ? ? dovecot/imap D? ? 20357 00:00:00 synchronize_srcu? ? ? ? ? dovecot/imap D? ? 20422 00:00:00 synchronize_srcu? ? ? ? ? dovecot/imap D? ? 20687 00:00:00 synchronize_srcu? ? ? ? ? dovecot/imap S+? 20913 00:00:00 pipe_wait? ? ? ? ? ? ? ? ? grep D If yes, it could be a problem with Inotify in your kernel. You can try to disable inotify in the kernel with: echo 0 > /proc/sys/fs/inotify/max_user_watches echo 0 > /proc/sys/fs/inotify/max_user_instances Full article: http://thread.gmane.org/gmane.linux.kernel/1315430 For me this resolved the problem. Load goes down to < 1.00 Regards Urban Am 21.08.2013 12:37, schrieb Kavish Karkera: > Hi, > > We have a serious issue running on our POP/IMAP servers these days. The load average of a servers > spikes up to 400-500? as a uptime command result, for a particular time period , to be specific > mostly in noon time and evening, but it last for few minutes only. > > We have 2 servers running dovecot 1.1.20 , in loadbanlancer, We have used KEEPLIVE (1.1.13) for > loadbalacing. > > Server specification. > Operating System : CentOS 5.5 64bit > CPU cores : 16 > RAM : 8GB > > Mail and Indexes are mounted on NFS (NetApp). > > Below is the dovecot -n ... (top results during high spike) > > > ############################################################################################# > > # 1.1.20: /usr/local/etc/dovecot.conf > # OS: Linux 2.6.28 x86_64 CentOS release 5.5 (Final) > log_path: /var/log/dovecot-info.log > info_log_path: /var/log/dovecot-info.log > syslog_facility: local1 > protocols: imap imaps pop3 pop3s > listen(default): *:143 > listen(imap): *:143 > listen(pop3): *:110 > ssl_listen(default): *:993 > ssl_listen(imap): *:993 > ssl_listen(pop3): *:995 > ssl_cert_file: /usr/local/etc/ssl/certs/dovecot.pem > ssl_key_file: /usr/local/etc/ssl/private/dovecot.pem > disable_plaintext_auth: no > login_dir: /usr/local/var/run/dovecot/login > login_executable(default): /usr/local/libexec/dovecot/imap-login > login_executable(imap): /usr/local/libexec/dovecot/imap-login > login_executable(pop3): /usr/local/libexec/dovecot/pop3-login > login_greeting: Welcome to Popserver. > login_process_per_connection: no > max_mail_processes: 1024 > mail_max_userip_connections(default): 100 > mail_max_userip_connections(imap): 100 > mail_max_userip_connections(pop3): 50 > verbose_proctitle: yes > first_valid_uid: 99 > first_valid_gid: 99 > mail_location: maildir:~/Maildir:INDEX=/indexes/%h:CONTROL=/indexes/%h > mmap_disable: yes > mail_nfs_storage: yes > mail_nfs_index: yes > lock_method: dotlock > mail_executable(default): /usr/local/libexec/dovecot/imap > mail_executable(imap): /usr/local/libexec/dovecot/imap > mail_executable(pop3): /usr/local/libexec/dovecot/pop3 > mail_plugins(default): quota imap_quota > mail_plugins(imap): quota imap_quota > mail_plugins(pop3): quota > mail_plugin_dir(default): /usr/local/lib/dovecot/imap > mail_plugin_dir(imap): /usr/local/lib/dovecot/imap > mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 > pop3_no_flag_updates(default): no > pop3_no_flag_updates(imap): no > pop3_no_flag_updates(pop3): yes > pop3_lock_session(default): no > pop3_lock_session(imap): no > pop3_lock_session(pop3): yes > pop3_client_workarounds(default): > pop3_client_workarounds(imap): > pop3_client_workarounds(pop3): outlook-no-nuls > lda: >? ? postmaster_address: admin at research.com >? ? mail_plugins: cmusieve quota mail_log >? ? mail_plugin_dir: /usr/local/lib/dovecot/lda >? ? auth_socket_path: /var/run/dovecot/auth-master > auth default: >? ? worker_max_count: 15 >? ? passdb: >? ? ? driver: sql >? ? ? args: /usr/local/etc/dovecot-mysql.conf >? ? userdb: >? ? ? driver: sql >? ? ? args: /usr/local/etc/dovecot-mysql.conf >? ? userdb: >? ? ? driver: prefetch >? ? socket: >? ? ? type: listen >? ? ? client: >? ? ? ? path: /var/run/dovecot/auth-client >? ? ? ? mode: 432 >? ? ? ? user: nobody >? ? ? ? group: nobody >? ? ? master: >? ? ? ? path: /var/run/dovecot/auth-master >? ? ? ? mode: 384 >? ? ? ? user: nobody >? ? ? ? group: nobody > plugin: >? ? quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95 %u >? ? quota_warning2: storage=80%% /usr/local/bin/quota-warning.sh 80 %u >? ? quota: maildir:storage=64 > ############################################################################################## > > ############################################################################################## > > top - 12:08:31 up 206 days, 10:45,? 3 users,? load average: 189.88, 82.07, 55.97 > Tasks: 771 total,? 1 running, 767 sleeping,? 1 stopped,? 2 zombie > Cpu(s):? 8.3%us,? 7.6%sy,? 0.0%ni,? 8.3%id, 75.0%wa,? 0.0%hi,? 0.8%si,? 0.0%st > Mem:? 16279824k total, 11913788k used,? 4366036k free,? 334308k buffers > Swap:? 4192956k total,? ? ? ? 0k used,? 4192956k free, 10359492k cached > >? ? PID USER? ? ? PR? NI? VIRT? RES? SHR S %CPU %MEM? ? TIME+? COMMAND >? ? 408 mysql? ? 18? 0? 384m? 38m 4412 S 52.8? 0.2? 42221:44 mysqld > 29326 nobody? ? 15? 0 22688? 10m 1112 D? 3.9? 0.1? 0:00.05 imap > 29313 nobody? ? 16? 0 14892 4892 1000 S? 3.1? 0.0? 0:00.07 imap > 28129 nobody? ? 16? 0 23688 4148 1140 S? 2.3? 0.0? 0:00.10 imap > 28936 nobody? ? 16? 0 25048? 13m 1108 S? 2.3? 0.1? 0:00.06 imap > 29302 nobody? ? 16? 0 15168 3924 1000 S? 2.3? 0.0? 0:00.05 imap > 29307 nobody? ? 16? 0 12864 2892 1000 S? 2.3? 0.0? 0:00.03 imap > 21956 root? ? ? 15? 0 13272 1652? 800 R? 1.6? 0.0? 0:06.46 top > 29119 nobody? ? 16? 0 26000 9324 1096 D? 1.6? 0.1? 0:00.11 imap > 29158 nobody? ? 16? 0 12684 2728 1028 S? 1.6? 0.0? 0:00.03 imap > 29204 nobody? ? 16? 0 14400 4232 1000 S? 1.6? 0.0? 0:00.08 imap > 29262 nobody? ? 16? 0 25436 2776 1120 S? 1.6? 0.0? 0:00.02 imap >? 3397 root? ? ? 10? -5? ? 0? ? 0? ? 0 S? 0.8? 0.0? 28:02.90 rpciod/2 >? 3401 root? ? ? 10? -5? ? 0? ? 0? ? 0 S? 0.8? 0.0 337:30.77 rpciod/6 >? 4218 root? ? ? 16? 0? 8948 1548? 588 S? 0.8? 0.0? 8:05.53 dovecot > 10214 root? ? ? 15? 0 50868 1968 1468 S? 0.8? 0.0? 0:30.08 dovecot-auth > 27454 nobody? ? 16? 0 19220 5048 1256 D? 0.8? 0.0? 0:00.17 imap > 27820 nobody? ? 16? 0 18916 4704 1252 D? 0.8? 0.0? 0:00.08 imap > 27925 nobody? ? 16? 0 11180 1524 1000 S? 0.8? 0.0? 0:00.07 imap > 28094 nobody? ? 16? 0 11536 2068 1148 S? 0.8? 0.0? 0:00.13 imap > 28150 nobody? ? 16? 0 12528 2396 1104 S? 0.8? 0.0? 0:00.08 imap > 28196 nobody? ? 16? 0 13976 3792 1148 S? 0.8? 0.0? 0:00.21 imap > 28292 nobody? ? 16? 0 11984 1808 1004 S? 0.8? 0.0? 0:00.04 imap > 28343 nobody? ? 16? 0 11584 2052 1152 D? 0.8? 0.0? 0:00.02 imap > 28352 nobody? ? 15? 0 11108 1492 1004 S? 0.8? 0.0? 0:00.04 imap > 28413 nobody? ? 16? 0 11220 1568? 996 S? 0.8? 0.0? 0:00.02 imap > 28434 nobody? ? 16? 0 12492 2444 1004 S? 0.8? 0.0? 0:00.05 imap > 28467 nobody? ? 16? 0 11852 2044 1004 D? 0.8? 0.0? 0:00.06 imap > 28558 nobody? ? 16? 0 11904 2316 1168 S? 0.8? 0.0? 0:00.02 imap > 28643 nobody? ? 16? 0 11312 1688 1000 S? 0.8? 0.0? 0:00.04 imap > 28711 nobody? ? 15? 0 12048 1868 1004 S? 0.8? 0.0? 0:00.04 imap > 28779 nobody? ? 16? 0 23392? 10m 1000 D? 0.8? 0.1? 0:00.05 imap > > ############################################################################################ > > Regards, > Kavish Karkera > From andrea.gabellini.sc at telecomitalia.sm Wed Aug 21 15:18:52 2013 From: andrea.gabellini.sc at telecomitalia.sm (Andrea gabellini - SC) Date: Wed, 21 Aug 2013 14:18:52 +0200 Subject: [Dovecot] Dovecot tuning for GFS2 In-Reply-To: <5214ACD3.1090901@sys4.de> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> Message-ID: <5214B02C.3020601@telecomitalia.sm> Robert, So you are using the same config I'm testing. I forgot to write that I use maildir. the final design will be, as RedHat suggest, that the same user goes always on the same node (using proxy or director). Thanks, Andrea Il 21/08/2013 14:04, Robert Schetterer ha scritto: > Am 21.08.2013 13:57, schrieb Andrea gabellini - SC: >> Hello, >> >> I'm deploing a new email cluster using Dovecot over GFS2. Actually I'm >> using courier over GFS. >> >> Actually I'm testing Dovecot with these parameters: >> >> mmap_disable = yes >> mail_fsync = always >> mail_nfs_storage = yes >> mail_nfs_index = yes >> lock_method = fcntl >> >> Are they correct? >> >> RedHat GFS support mmap, so is it better to enable it or leave it disabled? >> The documentation suggest the use of flock. What about it? >> >> Thanks, >> Andrea >> >> >> > i have > > mail_fsync = always > mail_nfs_storage = yes > mail_nfs_index = yes > mmap_disable = yes > > with ocfs2/maildir > > howeveryou you use a cluster filesystem ,if you use loadbalancing > additional you should use it > with > > http://wiki2.dovecot.org/Director > > by the way i never tested GFS2 with dovecot myself, but others > told me it doesnt work very fine.... > > > Best Regards > MfG Robert Schetterer > -- ---------------------------------------------------------------- All men are idiots... I married their king. ---------------------------------------------------------------- Ing. *Andrea Gabellini* Email: andrea.gabellini at telecomitalia.sm Skype: andreagabellini Tel: (+378) 0549 886111 Fax: (+378) 0549 886188 Telecom Italia San Marino S.p.A. Strada degli Angariari, 3 47891 Rovereta Republic of San Marino http://www.telecomitalia.sm From stan at hardwarefreak.com Wed Aug 21 15:30:06 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 21 Aug 2013 07:30:06 -0500 Subject: [Dovecot] High Load Average on POP/IMAP. In-Reply-To: <1377081466.14923.YahooMailNeo@web193503.mail.sg3.yahoo.com> References: <1377081466.14923.YahooMailNeo@web193503.mail.sg3.yahoo.com> Message-ID: <5214B2CE.3050802@hardwarefreak.com> On 8/21/2013 5:37 AM, Kavish Karkera wrote: > We have a serious issue running on our POP/IMAP servers these days. The load average of a servers > spikes up to 400-500 as a uptime command result, for a particular time period , to be specific > mostly in noon time and evening, but it last for few minutes only. > > We have 2 servers running dovecot 1.1.20 , in loadbanlancer, We have used KEEPLIVE (1.1.13) for > loadbalacing. > > Server specification. > Operating System : CentOS 5.5 64bit > CPU cores : 16 > RAM : 8GB > > Mail and Indexes are mounted on NFS (NetApp). ... > Cpu(s): 8.3%us, 7.6%sy, 0.0%ni, 8.3%id, 75.0%wa, 0.0%hi, 0.8%si, 0.0%st ^^^^^^^ > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 408 mysql 18 0 384m 38m 4412 S 52.8 0.2 42221:44 mysqld This doesn't seem to be a dovecot issue. mysql has apparently 8 (or more) threads on 8 cores all blocking on IO. I see a few possible causes. 1. The NetApp is unable to keep up with the request rate because: a. There are too few spindles in the RAID set backing this NFS volume and/or the file(s) aren't properly striped across all spindles b. An inappropriate RAID level. The mysql job is apparently doing large table updates and you're experiencing massive RMW latency from RAID5/6. This is why one should never put a transactional database, or one that sees large frequent table updates, on a parity RAID volume--unless the disks are SSD. SSDs have no mechanical parts, thus RMW latency is almost nonexistent. 2. Apparently 8 (or more) threads are concurrently accessing the same file or files. Thus the massive iowait could simply be the result of filesystem and/or NFS locking, NFS client caching issues, etc. The cause of the massive iowait could be one or all of the above, or could be something else entirely. These are the typical causes. You seem to have a database job scheduled to run twice daily that triggers the problem. Identify this job, figure out what it does, why it does it, how necessary it is, and if it can be scheduled to run at off peak hours. If it can you may want to simply do so, as it may be expensive, in hardware and/or labor dollars, to fix the IO latency problem. -- Stan From skdovecot at smail.inf.fh-brs.de Wed Aug 21 16:33:22 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 21 Aug 2013 15:33:22 +0200 (CEST) Subject: [Dovecot] username and password can't be verified In-Reply-To: <52137DE2.20002@metropolitancollege.co.za> References: <5213407E.1090302@kom.za.net> <5213712A.3090402@kom.za.net> <52137DE2.20002@metropolitancollege.co.za> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 20 Aug 2013, Eric Kom wrote: > Aug 20 16:25:47 ajk dovecot: imap(erickom): Debug: Namespace : > /var/mail//erickom/Maildir doesn't exist yet, using default permissions > Aug 20 16:25:47 ajk dovecot: imap(erickom): Debug: Namespace : Using > permissions from /var/mail//erickom/Maildir: mode=0700 gid=default > Aug 20 16:25:47 ajk dovecot: imap(erickom): Error: user erickom: > Initialization failed: Namespace '': mkdir(/var/mail//erickom/Maildir) > failed: Not a directory > The problem should be the maildir. > > This is the current maildir path for erickom: > erickom at ajk:~$ ls -al /var/mail/metropolitan.org.za/erickom/Maildir/ > total 20 well, your system users do not have no domain, %d is empty therefore. Therefore, the mkdir(/var/mail//erickom/Maildir) contains the two // . Actually, I'm not sure whether you can keep a domain (%d), but auth to an userdb, that does not support domains. Well, you could return a domain with extra fields. But: erickom at example.com, erickom at nowhere.org, and erickom at metropolitan.org.za would be authentificate successfully to the system user erickom, but all three users would have another mail_location because of the %n. Do you actually need to support the domain %d part in mail_location? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUhTBol3r2wJMiz2NAQLehwf/UchNn9qz7k4TT1+dICipPxBJnOuqMGW/ lkhD4aBiPSUiQA8IL5juM0FvdH5IVcflqxYp6kO1KEaWgimMKFSsAGcDw5KkpbFp Gmu+dVkTHTawVb1Wt9FC8TVYCj820QAWrg9eeLLRS51FdflQ97uEjHcNkTRuhQYs nzS2Zodv7qiPsyRT3aW+hftnEu5sPop27yg6/jrOURliLlSTiSRLfXVZQGEXJJwM 2aRNBf78wXyShF30WQd6nm7BNr53piIZz38dWQDj6S60HSaG5JKvzkawi5AiM/49 twADoj0eFKChyKPmSaLxVeo1EYKcUx7sP0K/p3HrDAktoF+X2ZuefA== =9A8n -----END PGP SIGNATURE----- From CMarcus at Media-Brokers.com Wed Aug 21 17:01:36 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 21 Aug 2013 10:01:36 -0400 Subject: [Dovecot] Dsync confusion... In-Reply-To: <5211F8DF.7020203@mail-subs.com> References: <5211F8DF.7020203@mail-subs.com> Message-ID: <5214C840.8080008@Media-Brokers.com> On 2013-08-19 6:52 AM, Ben wrote: > # SOURCE HOST > # 2.0.19: /etc/dovecot/dovecot.conf > #DEST HOST > # 2.0.19: /etc/dovecot/dovecot.conf First and foremost, you need to update both to 2.2.5... dsync was completely overhauled and is much more reliable etc... -- Best regards, */Charles/* From delrio at mie.utoronto.ca Wed Aug 21 17:34:48 2013 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Wed, 21 Aug 2013 10:34:48 -0400 Subject: [Dovecot] Problem compiling 2.2.5 In-Reply-To: <20130821090900.E481B1AE8826@dovecot.org> References: <20130820165723.6516B1AE88C7@dovecot.org> <5213D4F3.7050609@mie.utoronto.ca> <20130821090900.E481B1AE8826@dovecot.org> Message-ID: <5214D008.7060408@mie.utoronto.ca> On 08/21/13 05:08 AM, Luciano Mannucci wrote: > On Tue, 20 Aug 2013 16:43:31 -0400 > Oscar del Rio wrote: >> opencsw.org might have dovecot 2.2.4 for Solaris 8 > Thanks for the pointer. > I'll have a look. > Correction. OpenCSW no longer supports Solaris 8. But they still have a "legacy" repository where you could get gcc3 and try to compile dovecot. http://mirror.opencsw.org/opencsw/legacy/sparc/5.8 From CMarcus at Media-Brokers.com Wed Aug 21 18:18:38 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 21 Aug 2013 11:18:38 -0400 Subject: [Dovecot] Question: dovecot-1.2.17 , pop3 In-Reply-To: <5214A557.1080702@hardwarefreak.com> References: <5213449C.7070208@Media-Brokers.com> <5214A557.1080702@hardwarefreak.com> Message-ID: <5214DA4E.1070105@Media-Brokers.com> On 2013-08-21 7:32 AM, Stan Hoeppner wrote: > On 8/20/2013 5:27 AM, Charles Marcus wrote: >> On 2013-08-20 4:35 AM, Kutrus Neloy wrote: >>> My question is: >>> Is it possible to get this problem with my version? 1.2.17 ? >> It is no longer supported. > I must have missed that announcement. I recall Timo saying something to > the effect that he will no longer fix bugs in 1.2.x. I don't recall him > saying he won't support 1.2.x users in any way. Sorry, terminology... When I said 'unsupported' I meant 'bugs no longer fixed'. So, if he was having that problem, it obviously wouldn't be fixed. -- Best regards, */Charles/* From luciano at vespaperitivo.it Wed Aug 21 18:35:30 2013 From: luciano at vespaperitivo.it (Luciano Mannucci) Date: Wed, 21 Aug 2013 17:35:30 +0200 Subject: [Dovecot] Problem compiling 2.2.5 In-Reply-To: <5214D008.7060408@mie.utoronto.ca> References: <20130820165723.6516B1AE88C7@dovecot.org> <5213D4F3.7050609@mie.utoronto.ca> <20130821090900.E481B1AE8826@dovecot.org> <5214D008.7060408@mie.utoronto.ca> Message-ID: <20130821153531.765A31AE88CD@dovecot.org> On Wed, 21 Aug 2013 10:34:48 -0400 Oscar del Rio wrote: > Correction. OpenCSW no longer supports Solaris 8. > But they still have a "legacy" repository where you could get gcc3 and > try to compile dovecot. Yes, I've noticed there's no more "unstable" repository for 5.8... > http://mirror.opencsw.org/opencsw/legacy/sparc/5.8 Yes. Though, "testing" seems to have newer software. There is even a dovecot 11.1.1 and a rich gcc 4: http://mirror.opencsw.org/opencsw/testing/sparc/5.8/ Thanks again, Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 X AGAINST HTML MAIL / E-MAIL: posthamster at sublink.sublink.ORG / \ AND POSTINGS / WWW: http://www.lesassaie.IT/ From ben+dovecot at mail-subs.com Wed Aug 21 18:40:17 2013 From: ben+dovecot at mail-subs.com (Ben) Date: Wed, 21 Aug 2013 16:40:17 +0100 Subject: [Dovecot] Dsync confusion... In-Reply-To: <5214C840.8080008@Media-Brokers.com> References: <5211F8DF.7020203@mail-subs.com> <5214C840.8080008@Media-Brokers.com> Message-ID: <5214DF61.4020902@mail-subs.com> On 21/08/2013 15:01, Charles Marcus wrote: > On 2013-08-19 6:52 AM, Ben wrote: >> # SOURCE HOST >> # 2.0.19: /etc/dovecot/dovecot.conf > > > >> #DEST HOST >> # 2.0.19: /etc/dovecot/dovecot.conf > > First and foremost, you need to update both to 2.2.5... dsync was > completely overhauled and is much more reliable etc... > Hmm.... I see my weekend being filled with dovecot upgrades ;-( From rs at sys4.de Wed Aug 21 19:20:03 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 21 Aug 2013 18:20:03 +0200 Subject: [Dovecot] Dsync confusion... In-Reply-To: <5214DF61.4020902@mail-subs.com> References: <5211F8DF.7020203@mail-subs.com> <5214C840.8080008@Media-Brokers.com> <5214DF61.4020902@mail-subs.com> Message-ID: <5214E8B3.4010101@sys4.de> Am 21.08.2013 17:40, schrieb Ben: > On 21/08/2013 15:01, Charles Marcus wrote: >> On 2013-08-19 6:52 AM, Ben wrote: >>> # SOURCE HOST >>> # 2.0.19: /etc/dovecot/dovecot.conf >> >> >> >>> #DEST HOST >>> # 2.0.19: /etc/dovecot/dovecot.conf >> >> First and foremost, you need to update both to 2.2.5... dsync was >> completely overhauled and is much more reliable etc... >> > > Hmm.... I see my weekend being filled with dovecot upgrades ;-( > > perhaps go here http://xi.rename-it.nl/debian/pool/testing-auto/dovecot-2.2/ Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From dovecot at andreas-borchert.de Wed Aug 21 19:32:52 2013 From: dovecot at andreas-borchert.de (Andreas F. Borchert) Date: Wed, 21 Aug 2013 18:32:52 +0200 Subject: [Dovecot] Bug in dovecot 2.2.5: segfault due to bad alignment Message-ID: <20130821163252.GW618@corcomroe.in-ulm.de> Take a look at the sources, hmac.h declares struct hmac_context: struct hmac_context { char ctx[HMAC_MAX_CONTEXT_SIZE]; char ctxo[HMAC_MAX_CONTEXT_SIZE]; const struct hash_method *hash; }; If compiled for a 32 bit virtual address space, this has an alignment requirement of 4 due to the hash pointer. In line 171 of auth-token.c, we have following declaration of ctx as a local variable in auth_token_get(): struct hmac_context ctx; This is put on an address with an alignment requirement of 4. In lines 174 and 175 hmac_init is invoked with hash_method_sha1: hmac_init(&ctx, (const unsigned char*)username, strlen(username), &hash_method_sha1); In hmac.c, lines 43 and following, ctx->ctx with an alignment of 4 is passed to meth->init and meth->loop where meth refers to hash_method_sha1: meth->init(ctx->ctx); meth->loop(ctx->ctx, k_ipad, 64); These functions refer now to sha1_init and sha1_loop where the first parameter is expected to be a pointer to struct sha1_ctxt, a data structure which is declared in sha1.h: struct sha1_ctxt { union { uint8_t b8[20]; uint32_t b32[5]; } h; union { uint8_t b8[8]; uint64_t b64[1]; } c; union { uint8_t b8[64]; uint32_t b32[16]; } m; uint8_t count; }; Here we have with b64 one uint64_t which has on a SPARC platform an alignment requirement of 8. In consequence, struct sha1_ctxt has an alignment requirement of 8. With the invocations of meth->init and meth->loop above we pass a pointer to a data structure of alignment 4 to a function expecting a pointer to a data structure of alignment 8. Chances are that the alignment requirement is not met, causing a segmentation violation. This must be solved by declaring struct hmac_context such that is not just big enough but respects also the highest alignment required for one of the hashing data structures. There are several options to do this: * Beginning with C11, you are free to use an alignment specifier, i.e. add _Alignas ( uint64_t ) (see section 6.7.5 in ISO 9899-2011) * GCC supports alignment attributes, i.e. add __attribute__ ((aligned (8))) or whatever is required instead of 8, see http://gcc.gnu.org/onlinedocs/gcc/Variable-Attributes.html * Do not use a local variable for it, allocate the data structure using malloc instead. If you want to see a live crash, here is the relevant output of gdb that debugs ${prefix}/libexec/dovecot/auth. Program received signal SIGSEGV, Segmentation fault. sha1_loop (ctxt=0xffbff63c, input=0xffbff548, len=64) at sha1.c:224 224 sha1.c: No such file or directory. (gdb) where #0 sha1_loop (ctxt=0xffbff63c, input=0xffbff548, len=64) at sha1.c:224 #1 0xff2e218c in hmac_init (ctx=ctx at entry=0xffbff63c, key=key at entry=0x6a698 "borchert", key_len=8, meth=0x555d0 ) at hmac.c:44 #2 0x00023310 in auth_token_get (service=service at entry=0x6a648 "imap", session_pid=0x56071 "26272", username=0x6a698 "borchert", session_id=0x6a650 "AErv6nbk6gB/AAAB") at auth-token.c:174 #3 0x00021708 in userdb_callback (result=USERDB_RESULT_OK, request=0x6a530) at auth-request-handler.c:668 #4 0x0001f144 in auth_request_userdb_callback (result=, result at entry=USERDB_RESULT_OK, request=request at entry=0x6a530) at auth-request.c:1039 #5 0x000312c8 in prefetch_lookup (auth_request=0x6a530, callback=0x1f058 ) at userdb-prefetch.c:40 #6 0x0001f37c in auth_request_lookup_user (request=0x6a530, callback=callback at entry=0x2150c ) at auth-request.c:1072 #7 0x00022034 in auth_request_handler_master_request ( handler=, master=master at entry=0x6b120, id=1292369921, client_id=1, params=0x55bfc) at auth-request-handler.c:758 #8 0x0001be98 in master_input_request (args=, conn=0x6b120) at auth-master-connection.c:127 #9 auth_master_input_line (line=, conn=0x6b120) at auth-master-connection.c:598 #10 master_input (conn=0x6b120) at auth-master-connection.c:653 #11 0xff2ecca4 in io_loop_call_io (io=io at entry=0x6b398) at ioloop.c:387 #12 0xff2ed604 in io_loop_handler_run (ioloop=ioloop at entry=0x5e5e8) at ioloop-poll.c:211 #13 0xff2ec7a8 in io_loop_run (ioloop=0x5e5e8) at ioloop.c:406 #14 0xff29ad7c in master_service_run (service=0x5e128, callback=0x27b40 ) at master-service.c:566 #15 0x0001852c in main (argc=1, argv=0xffbffd54) at main.c:393 (gdb) print ctxt $1 = (struct sha1_ctxt *) 0xffbff63c As you can see, ctxt is on a 4-byte boundary, not on an 8-byte boundary. The crash happens at sha1.c:224 where the 8-byte-alignment is indeed mandatory on a SPARC architecture: ctxt->c.b64[0] += copysiz * 8; The environment is Solaris 10 on SPARCv9. The sources have been compiled using gcc 4.8.0 for 32 bit. Andreas. From megodin at inboxalias.com Wed Aug 21 20:51:50 2013 From: megodin at inboxalias.com (megodin at inboxalias.com) Date: Wed, 21 Aug 2013 13:51:50 -0400 (EDT) Subject: [Dovecot] Sieve vacation reply problem (Dovecot+Sieve/Sendmail/Horde) Message-ID: Hello Dovecot community, I have an annoying problem with successfully activating Sieve vacation replies - on which I have been working hard the last days without success :( I'm using Dovecot 2.2 + Sendmail + Sieve connected with Horde web-mailer IMP H3 which is generally working fine. BUT: Whenever I activate vacation script in Horde (via Ingo) and send a test-mail to this account, the mail itself arrives but the auto-vacation-reply failes: [mail.err] dovecot: lda(exampleuser): Error: sieve: original envelope recipient address 'exampleuser at dovecot_localhost' is unparsable [mail.warning] dovecot: lda(exampleuser): Warning: sieve: msgid=: vacation action aborted: envelope recipient is <> The Sieve Script which is generated and executed: # Sieve Filter produced by Ingo (http://www.horde.org/ingo/) (20.08.2013, 16:10) require ["vacation", "regex"]; # Abwesenheit if allof ( not exists ["list-help", "list-unsubscribe", "list-subscribe", "list-owner", "list-post", "list-archive", "list-id", "Mailing-List"], not header :comparator "i;ascii-casemap" :is "Precedence" ["list", "bulk", "junk"], not header :comparator "i;ascii-casemap" :matches "To" "Multiple recipients of*" ) { vacation :days 7 :addresses "example.user at example.com" :subject "vacation" "I am on vacation until xxxx. Please refer all urgent business to devnull at example.com ."; } I understand that Sieve is trying to send vacation replies to the envelope sender - apparently it gets it on the wrong line somewhere from the sendmail config. To get sendmail working along with Dovecot, I had to do some modifications: in /etc/mail/virtusertable (Alias with domain-path) @vlmail.example.com %1 at dovecot_localhost in /etc/mail/access (allows relaying) to:dovecot_localhost RELAY in /etc/mail/mailertable (where to be relayed) dovecot_localhost dovecot:vlmail.example.com in /etc/mail/sendmail.cf (relevant part for the Dovecot Mailer specification): Mdovecot, P=/usr/libexec/dovecot/dovecot-lda, F=lDFMPhnu59, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP, U=vmail:vmail, T=DNS/RFC822/X-Unix, A=/usr/libexec/dovecot/dovecot-lda -d $u After several hours playing with sendmail's config I came to the end that sendmail's part must be already over when sieve is getting the original envelope recipient - it seems like it gets it from dovecot-lda. Though, when playing with the Dovecot Mailer specifications in sendmail.cf I can get different error message if I add A=/usr/libexec/dovecot/dovecot-lda -d $u -a $n (adding username part in destination address): [mail.info] dovecot: lda(exampleuser): sieve: msgid=: discarding vacation response for implicitly delivered message; no known (envelope) recipient address found in message headers (recipient=, and additional `:addresses' are specified) BTW, the original mails arriving have a valid Return-Path in header... I am thinking of writing global Sieve scripts (executing before the user's private sieve script), telling Sieve to use the TO: field instead of the Envelope sender but I'm not sure if this is possible, and if, which commands are needed specifically. I really start getting desperate... Can somebody get me some clue what is wrong in my config / where I should put modifications to get sieve vacation replys working properly?! Thanks in advance!! Megodin My Setup: - Dovecot EE 2.2.5.3 + pigeonhole Sieve 0.4.1 - Sendmail Version 8.14.4 (compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT) - Horde 3.3.13 (Ingo H3 1.2.6) doveconf -n # 2.2.5.3 (f54f8c8f5502): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.22.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) nfs auth_cache_size = 10 M auth_cache_ttl = 10 mins auth_debug = yes auth_master_user_separator = * auth_username_format = %n auth_verbose = yes disable_plaintext_auth = no listen = * lock_method = dotlock mail_debug = yes mail_fsync = always mail_gid = vmail mail_home = /mnt/vmails/%u mail_location = sdbox:/mnt/vmails/%u/mailstore mail_plugins = " quota fts fts_lucene" mail_privileged_group = mail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mmap_disable = yes passdb { args = /etc/dovecot/users.blocked deny = yes driver = passwd-file } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { fts = lucene fts_lucene = whitespace_chars=@. quota = dict:User quota::file:%h/dovecot-quota quota_rule = *:storage=100M quota_rule2 = Trash:storage=+50M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=98%% quota-warning 98 %u sieve = /mnt/vmails/%u/.dovecot.sieve sieve_dir = /mnt/vmails/%u/sieve sieve_global_dir = /var/lib/dovecot/sieve/global/ sieve_global_path = /var/lib/dovecot/sieve/default.sieve } postmaster_address = postmaster at example.com protocols = imap pop3 sieve service auth { unix_listener auth-userdb { group = vmail user = vmail } } service managesieve-login { inet_listener sieve { port = 4190 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } ssl_cert = --- Alle Postf??cher an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen _________________________________________________________________ Send and receive anonymous emails to your inbox with InboxAlias. http://www.inboxalias.com From micah at riseup.net Wed Aug 21 23:19:46 2013 From: micah at riseup.net (Micah Anderson) Date: Wed, 21 Aug 2013 16:19:46 -0400 Subject: [Dovecot] Dovecot antispam plugin for 2.2 Message-ID: <87ppt623vh.fsf@muck.riseup.net> Hello, I recently was looking to update to dovecot 2.2 and I have been happily using the dovecot-antispam plugin in 2.1, but found that there have been some changes in dovecot that make this version not compile against 2.2. I'm wondering if Johannes you have any plans to update it, or if others have managed to figure out what is necessary to get it to work? The particular piece that I am currently stuck on is that the dict_init() in dovecot now requires more arguments than in previous versions, it now requires this: int dict_init(const char *uri, enum dict_data_type value_type, const char *username, const char *base_dir, struct dict **dict_r, const char **error_r); but previously, we only needed four arguments. Now we need to know what to supply for '**dict_r' and '**error_r'. Any advise/help would be appreciated: make[1]: Entering directory `/home/micah/debian/dovecot-antispam/dovecot-antispam-2.0+20120225' cc -DHAVE_CONFIG_H -I/usr/include/dovecot/ -I/usr/include/dovecot/src/ -I/usr/include/dovecot/src/lib/ -I/usr/include/dovecot/src/lib-storage/ -I/usr/include/dovecot/src/lib-mail/ -I/usr/include/dovecot/src/lib-imap/ -I/usr/include/dovecot/src/lib-dict/ -I/usr/include/dovecot/src/lib-index/ -I/usr/include/dovecot/src/imap/ -o dovecot-version dovecot-version.c ./dovecot-version > dovecot-version.h CC antispam-storage.o In file included from antispam-storage-2.2.c:20:0, from antispam-storage.c:3: antispam-plugin.h: In function ?string_dict_init?: antispam-plugin.h:288:2: error: too few arguments to function ?dict_init? return dict_init(uri, DICT_DATA_TYPE_STRING, username, NULL); ^ In file included from antispam-plugin.h:13:0, from antispam-storage-2.2.c:20, from antispam-storage.c:3: /usr/include/dovecot/dict.h:34:5: note: declared here int dict_init(const char *uri, enum dict_data_type value_type, ^ micah From pixilla at macports.org Wed Aug 21 23:24:31 2013 From: pixilla at macports.org (Bradley Giesbrecht) Date: Wed, 21 Aug 2013 13:24:31 -0700 Subject: [Dovecot] Dovecot antispam plugin for 2.2 In-Reply-To: <87ppt623vh.fsf@muck.riseup.net> References: <87ppt623vh.fsf@muck.riseup.net> Message-ID: <9D9D3786-DECD-4EC6-92A2-9DF78471C304@macports.org> On Aug 21, 2013, at 1:19 PM, Micah Anderson wrote: > > Hello, > > I recently was looking to update to dovecot 2.2 and I have been happily > using the dovecot-antispam plugin in 2.1, but found that there have been > some changes in dovecot that make this version not compile against 2.2. I believe this is what you want: http://hg.dovecot.org/dovecot-antispam-plugin/ Regards, Bradley Giesbrecht (pixilla) From janfrode at tanso.net Thu Aug 22 00:07:13 2013 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Wed, 21 Aug 2013 23:07:13 +0200 Subject: [Dovecot] Dovecot tuning for GFS2 In-Reply-To: <5214B02C.3020601@telecomitalia.sm> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> Message-ID: <20130821210713.GA31477@mushkin.tanso.net> On Wed, Aug 21, 2013 at 02:18:52PM +0200, Andrea gabellini - SC wrote: > > So you are using the same config I'm testing. I forgot to write that I > use maildir. I would strongly suggest using mdbox instead. AFAIK clusterfs' aren't very good at handling many small files. It's a worst case random I/O usage pattern, with high rate of metadata operations on top. We use IBM GPFS for clusterfs, and have finally completed the conversion of a 130+ million inode maildir filesystem, into a 18 million inode mdbox filesystem. I have no hard performance data showing the difference between maildir/mdbox, but at a minimum mdbox is much easier to manage. Backup of 130+ million files is painfull.. and also it feels nice to be able do schedule batches of mailbox purges to off-hours, instead of doing them at peak hours. As for your settings, we use: mmap_disable = yes # GPFS also support cluster-wide mmap, but for some reason we've disabled it in dovecot.. mail_fsync = optimized mail_nfs_storage = no mail_nfs_index = no lock_method = fcntl and of course Dovecot Director in front of them.. -jf From terry at dop.com Thu Aug 22 01:10:42 2013 From: terry at dop.com (Terry Barnum) Date: Wed, 21 Aug 2013 15:10:42 -0700 Subject: [Dovecot] dovecot2, antispam and sieve versions Message-ID: I'm currently running dovecot2 v2.2.5 with dovecot2-antispam 0.0-51 and dovecot2-sieve 0.4.1, all via macports. If one wanted to downgrade to dovecot v2.2.0, would these versions of antispam and sieve still be okay to use? The reason for the question is I'm trying to diagnose a mailserver problem where after 2-6 days the machine goes deaf. Absolutely nothing of interest in any logfile that I can see except for an imap-login process crash which got me thinking about a downgrade test. Thanks, -Terry Terry Barnum digital OutPost http://www.dop.com From joe.lourenco at cctechnol.com.br Thu Aug 22 02:11:49 2013 From: joe.lourenco at cctechnol.com.br (Joe Lourenco) Date: Wed, 21 Aug 2013 19:11:49 -0400 Subject: [Dovecot] Sieve filterset not activating in Dovecot 2.0.15 with Sieve plug-in and Roundcube 0.5.3: "NO (TRYLATER) Internal Error." Message-ID: <52154935.4020903@cctechnol.com.br> Hello Everyone, I am running Dovecot 2.0.15 with its Sieve plug-in, and Roundcube 0.5.3. I have a problem with just one particular user, who after creating a filters set and creating a filter in Roundcube, this user cannot activate the filters set. At first, this user could not create a filter at all. That was resolved by creating the "sieve" directory with the right permissions in his /home. Logs show the following when trying to activate the filters set via the Roundcube: roundcube: S: NO (TRYLATER) "Internal error occured. Refer to server log for more information. [2013-08-21 19:01:13]" Nothing is showing up on the server log. I have tried to activate the filter via the Sieve command line, authenticating the user, then running "SETACTIVE "roundcube"", but the error is the same, an internal server error. Again, I can successfully do this via the command line or Roundcube, from say, my userid. I appreciate any help. -- Joe Lourenco Systems Administrator C & C Technologies Cell: 55-21-8596-0078 Phone: 55-21-2499-9591 From alessio at skye.it Thu Aug 22 10:27:36 2013 From: alessio at skye.it (Alessio Cecchi) Date: Thu, 22 Aug 2013 09:27:36 +0200 Subject: [Dovecot] Dovecot tuning for GFS2 In-Reply-To: <5214AB3C.3030106@telecomitalia.sm> References: <5214AB3C.3030106@telecomitalia.sm> Message-ID: <5215BD68.9010603@skye.it> Il 21/08/2013 13:57, Andrea gabellini - SC ha scritto: > Hello, > > I'm deploing a new email cluster using Dovecot over GFS2. Actually I'm > using courier over GFS. > > Actually I'm testing Dovecot with these parameters: > > mmap_disable = yes > mail_fsync = always > mail_nfs_storage = yes > mail_nfs_index = yes > lock_method = fcntl > > Are they correct? > > RedHat GFS support mmap, so is it better to enable it or leave it disabled? > The documentation suggest the use of flock. What about it? > > Thanks, > Andrea > > > Hi Andrea, I'm running a cluster with Maildir over NFS (and in past over OCFS2), with GFS2 you need to use the same options needed for NFS: http://wiki2.dovecot.org/NFS I suggest mmap_disable set on yes Ciao -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/ @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From ko.hayashi at scsk.jp Thu Aug 22 03:15:33 2013 From: ko.hayashi at scsk.jp (=?iso-2022-jp?B?GyRCTlMbKEIgGyRCOSgyTxsoQg==?=) Date: Thu, 22 Aug 2013 09:15:33 +0900 Subject: [Dovecot] Dovecot tuning for GFS2 In-Reply-To: <5214B02C.3020601@telecomitalia.sm> Message-ID: Andrea, We tried to use GFS2 + Dovecot(mdbox) but when there's many mailboxes and mails, it seem to get slow while dropping mail to the mailbox. We tested with LeftHand storage by the way. So we switched to NFSv4. Also, keep in mind that director those not detect when the backend server fails. So, we use poolmon as suggested in director wiki. We've tested and it seems to work fine. Have a look at it. Kouga > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On > Behalf Of Andrea gabellini - SC > Sent: Wednesday, August 21, 2013 9:19 PM > To: dovecot at dovecot.org > Subject: Re: [Dovecot] Dovecot tuning for GFS2 > > Robert, > > So you are using the same config I'm testing. I forgot to write that I > use maildir. > > the final design will be, as RedHat suggest, that the same user goes > always on the same node (using proxy or director). > > Thanks, > Andrea > > > > Il 21/08/2013 14:04, Robert Schetterer ha scritto: > > Am 21.08.2013 13:57, schrieb Andrea gabellini - SC: > >> Hello, > >> > >> I'm deploing a new email cluster using Dovecot over GFS2. Actually I'm > >> using courier over GFS. > >> > >> Actually I'm testing Dovecot with these parameters: > >> > >> mmap_disable = yes > >> mail_fsync = always > >> mail_nfs_storage = yes > >> mail_nfs_index = yes > >> lock_method = fcntl > >> > >> Are they correct? > >> > >> RedHat GFS support mmap, so is it better to enable it or leave it disabled? > >> The documentation suggest the use of flock. What about it? > >> > >> Thanks, > >> Andrea > >> > >> > >> > > i have > > > > mail_fsync = always > > mail_nfs_storage = yes > > mail_nfs_index = yes > > mmap_disable = yes > > > > with ocfs2/maildir > > > > howeveryou you use a cluster filesystem ,if you use loadbalancing > > additional you should use it > > with > > > > http://wiki2.dovecot.org/Director > > > > by the way i never tested GFS2 with dovecot myself, but others > > told me it doesnt work very fine.... > > > > > > Best Regards > > MfG Robert Schetterer > > > > -- > ---------------------------------------------------------------- > All men are idiots... I married their king. > ---------------------------------------------------------------- > > Ing. *Andrea Gabellini* > Email: andrea.gabellini at telecomitalia.sm > > Skype: andreagabellini > Tel: (+378) 0549 886111 > Fax: (+378) 0549 886188 > > Telecom Italia San Marino S.p.A. > Strada degli Angariari, 3 > 47891 Rovereta > Republic of San Marino > > http://www.telecomitalia.sm From skdovecot at smail.inf.fh-brs.de Thu Aug 22 12:37:19 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 22 Aug 2013 11:37:19 +0200 (CEST) Subject: [Dovecot] Sieve filterset not activating in Dovecot 2.0.15 with Sieve plug-in and Roundcube 0.5.3: "NO (TRYLATER) Internal Error." In-Reply-To: <52154935.4020903@cctechnol.com.br> References: <52154935.4020903@cctechnol.com.br> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 21 Aug 2013, Joe Lourenco wrote: > roundcube: S: NO (TRYLATER) "Internal error occured. Refer to server log > for more information. [2013-08-21 19:01:13]" > > Nothing is showing up on the server log. Check out Dovecot's error log and search for that timestamp of the message, it is there - unless, say, an out of disk error prevented the logging. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUhXb0F3r2wJMiz2NAQIm7AgAsj02pwFgMlMUDSF9pWGoSVyR88dbBQfp PN7x5pOY+9XA6fLVRK8O58VpXyDGbKg6xdQGb5UuHQumkxxWJUhbjJJzRvBXjx/R v2sR3E/MioimkDryaXqmd+Vc8Ng0gCm0aeeRRw6H9wAvWkNY+z1e1U24JNhFUkGC 0A73Dp34CHZEsyMOSb4RQouzlDmEbLQ++e9ruhjUYEpk+Zhk5GyAMXYKKhlUE4lj YYsDQioTfcFkF+R9+9Zha+VlJd4GU4ZMECXo+sMKRiKqDAPc75RIJ7F7dvYBC4hR i9rZdRJx/FlAFHFIcSvFSHFuNdEpq6Tmsw5ikmjRVKFqCRhaTnMWng== =uu5G -----END PGP SIGNATURE----- From pshirkey at boosthardware.com Thu Aug 22 14:05:25 2013 From: pshirkey at boosthardware.com (Patrick Shirkey) Date: Thu, 22 Aug 2013 21:05:25 +1000 (EST) Subject: [Dovecot] combining pop3 and imap accounts Message-ID: <55371.188.26.170.24.1377169525.squirrel@boosthardware.com> HI, I have a working exim4 + dovecot system that uses system user folders for the inbox. exim4: domains = dsearch;/etc/exim4/virtual dovecot: mail_location = mbox:~/mail:INBOX=/var/mail/%u - I would like to add additional virtual accounts using the method described in this post: http://www.debian-administration.org/articles/302 exim4: /etc/exim4/conf.d/router/360_exim4-local_vdom_aliases vdom_aliases_maildir: debug_print = "R: vdom_aliases_maildir for $local_part@$domain" driver = redirect allow_defer allow_fail domains = dsearch;/var/mail/virtual data = /var/mail/virtual/$domain/$local_part/ directory_transport = address_directory pipe_transport = address_pipe file_transport = address_file dovecot: mail_location = maildir:/var/mail/virtual/%d/%n/ auth_userdb = passwd-file /etc/passwd.imap - I have read about "Namespace" but I am not sure if they will work with virtual pop3 and virtual imap accounts. as I also want to keep the existing pop3 setup without have to modify the location of the inbox for existing accounts pop3 accounts. It seems that exim4 is fine with this method but I am not sure about dovecot. Is it possible to have pop3 and imap running while also using multiple delivery folder locations for the mail_location directive? -- Patrick Shirkey Boost Hardware Ltd From giles at coochey.net Thu Aug 22 18:27:55 2013 From: giles at coochey.net (Giles Coochey) Date: Thu, 22 Aug 2013 16:27:55 +0100 Subject: [Dovecot] Load goes up imap-login Message-ID: <52162DFB.3070302@coochey.net> Every so often recently I've seen the load on my heavily under-used dovecot server (1 mailbox) rise up to 1 A top shows imap-login to causing the issue. I have checked /var/log/secure, /var/log/maillog, /var/log/messages and cannot see anything unusual. Anybody else seen something like this? # 2.2.5: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.14.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) listen = * mail_location = maildir:~/.Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/.sieve } protocols = imap service imap { process_limit = 2048 } ssl_cert = From davidv at lamontanita.coop Thu Aug 22 18:49:14 2013 From: davidv at lamontanita.coop (David Varela) Date: Thu, 22 Aug 2013 09:49:14 -0600 Subject: [Dovecot] Nee assistance with migrating/copying a virtual user's maildir to another virtual user In-Reply-To: References: Message-ID: Good morning, I tried the command provided by Steffan, however, although it runs and moves the files beginning with . to the destination maildir other directories and files in the previous users' maildir remained in the original location, and messages in the new users' maildir are not visible in the client. Thanks, David -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of David Varela Sent: Friday, August 16, 2013 7:13 AM To: dovecot at dovecot.org Subject: Re: [Dovecot] Nee assistance with migrating/copying a virtual user's maildir to another virtual user Thanks Steffan, I will test the move at the filesystem level. The virtual user still exists, although I have changed her password. Dovecot is configured to authenticate users via LDAP to Active Directory. If there's a better method of moving maildir via Dovecot rather than through the filesystem I would like to do so. Thanks, David -----Original Message----- From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] Sent: Friday, August 16, 2013 12:33 AM To: David Varela Cc: 'Dovecot Mailing List' Subject: Re: [Dovecot] Nee assistance with migrating/copying a virtual user's maildir to another virtual user -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 15 Aug 2013, David Varela wrote: > I am trying to move/copy a virtual user's maildir to another virtual > user but am running into problems with dsync and doveadm. I'm trying > to move the maildir of a user who is no longer with the company to a manager's maildir. > > For doveadm I am using the command: > doveadm move -u scavenaugh at lamontanita.coop > jhenning at lamontanita.coop/INBOX/scavenaugh INBOX ALL > > The error is: > > doveadm(scavenaugh at lamontanita.coop): Error: user > scavenaugh at lamontanita.coop: Auth USER lookup failed > > /var/log/dovecot.log shows: > > passdb doesn't support lookups, can't verify user's existence The user is gone from passdb already, right? Re-create the entry with another password or password-locked. Or, move the directories on filesystem level, e.g. something like: cd user-Maildir-basedirectory rename 's/\A(\.[^.].*)/.usr_XYZ$1/' .[^.]* mkdir -p .usr_XYZ.INBOX/{new,cur,tmp} touch .usr_XYZ.INBOX/maildirfolder chown -R vmail:vmail .usr_XYZ.INBOX mv .usr_XYZ* manage-Maildir-basedirectory .usr_XYZ is a prefix for a mail folder hierarchie identifying the user. vmail:vmail are the necessary Unix owner/group for the newly created directories with mkdir two lines above. The rename command renames all directory entries that start with a single dot to have the prefix, that should be directories only in a Maildir. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUg3HrF3r2wJMiz2NAQL1pQf9GeIEnLfG0zkFXPJ/J2CB/wmGP4m/MCMp BHxkRiLxXNezK4ckeliaLbpOD+NVyABc2n33tW11qav6IWrLTiGm9+A5p8TUOhfJ wMWBNJ0TEjtTM+0EbGJlOhkQ0QFooobfc5Sl30qR02yF+vk+SkBdRpkZK7ulpSPf 0ZtwIFF804NzMaKzZP2/SG77Z6JyW1N/TgaJ8QFtZwPrYymzD3iqtaFgoBAZqpSA g5koZIen0wjHy905Sy+uLseAFj6UIuhVdN8eG18NibaTHRBct3rTeyWAQY8GVZLq pPggEdUqHeTvrua5CzrL70iDbdcr29xezlvkxRueeDrGOApIprN4Mg== =1T6x -----END PGP SIGNATURE----- From megodin at inboxalias.com Thu Aug 22 18:56:19 2013 From: megodin at inboxalias.com (megodin at inboxalias.com) Date: Thu, 22 Aug 2013 11:56:19 -0400 (EDT) Subject: [Dovecot] Load goes up imap-login Message-ID: Hi there Giles, not really a solution to your problem, but a hint: Try activating "verbose_proctitle = yes" in your dovecot.conf, restart service dovecot and you might get more information (when the load is produced by logged in users) - it gives you verbose information about which specific user with which IP is generating the high load. All the best, Megodin --- Alle Postf??cher an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen _________________________________________________________________ Send and receive anonymous emails to your inbox with InboxAlias. http://www.inboxalias.com From msmith at datafoundry.com Thu Aug 22 19:16:51 2013 From: msmith at datafoundry.com (Michael Smith (DF)) Date: Thu, 22 Aug 2013 16:16:51 +0000 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets Message-ID: Hi, Since upgrading our mail servers to Postfix/Dovecot, we've seen a rather large increase in botnet brute force password attacks. I guess our old servers were too slow to suit their needs. Now, when they hit upon a valid user, it's easy to see what passwords they are trying (we've enabled auth_debug_passwords and set auth_verbose_passwords = plain). We can easily have log monitors pick up the blatant password attempts (123, 1234, 12345, 3.1415926, etc) and firewall them. Aug 22 00:21:47 host1 dovecot: auth-worker(1423): sql(aea,120.198.9.221): Password mismatch (given password: 3.1415926) However, when they are plugging away on an invalid user, all the logs show is 'unknown user'. The only way to see what they are doing is to tcpdump on the box. Almost 99% of the attacks are through SMTP/SASL attempts, using 'auth login'. Postfix is configured to use Dovecot for the authentication backend. NOTE: parens contain the base64 decoded values, this is not part of the data stream. C: auth login S: 334 VXNlcm5hbWU6 (334 Username:) C: YWVi (aeb) S: 334 UGFzc3dvcmQ6 (334 Password:) C: My4xNDE1OTI2 (3.1415926) S: 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6 (535 5.7.8 Error: authentication failed: Password:) Aug 22 11:00:31 host3 dovecot: auth-worker(19844): sql(aeb,120.198.9.221): unknown user How difficult would it be to add logging the given password, observing the auth_debug_passwords and auth_verbose_passwords settings, for all authentication failures? When we see certain patterns, we want to aggressively block those IPs, regardless of if it's a valid username or an unknown user. Or another option, is there any good DNS based RBLs for botnet IPs, and is there any way to tie that in to the dovecot auth system? I've been looking for botnet rbls, but what I've found so far doesn't seem to work very well. Most of the IPs that I've had to firewall don't exist in them. -- Michael Smith From rob0 at gmx.co.uk Thu Aug 22 19:45:03 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Thu, 22 Aug 2013 11:45:03 -0500 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: References: Message-ID: <20130822164503.GA13717@harrier.slackbuilds.org> On Thu, Aug 22, 2013 at 04:16:51PM +0000, Michael Smith (DF) wrote: > Or another option, is there any good DNS based RBLs for botnet IPs, > and is there any way to tie that in to the dovecot auth system? > I've been looking for botnet rbls, but what I've found so far > doesn't seem to work very well. Most of the IPs that I've had to > firewall don't exist in them. I guess I would first have tried Spamhaus XBL, but I guess you checked that already. The problem with using XBL, anyway, is that you might have legitimate logins from listed hosts. Example: a traveler using hotel wifi. We (TINW) really would need a new DNSBL type (or a special result) for this sort of abuse. It's a nice idea, worth building upon, if someone can fund it (or find the time to develop it, which really amounts to the same thing.) Imagine also a Dovecot network of reporters, where brute force attempts worldwide are reported from Dovecots to the DNSBL, not merely a one-way tie in. I'd also suggest listing SSH brute force attacks in the same DNSBL, possibly with a different result (127.0.0.$port, so IMAP attackers list as 127.0.0.143, SSH attackers as 127.0.0.22. Yes, we'd have to incorporate the third quad for ports > 255, but the general idea is for result codes to be both machine and human readable as much as possible.) -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From tss at iki.fi Thu Aug 22 19:58:07 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 22 Aug 2013 19:58:07 +0300 Subject: [Dovecot] Problem compiling 2.2.5 In-Reply-To: <20130820165723.6516B1AE88C7@dovecot.org> References: <20130820165723.6516B1AE88C7@dovecot.org> Message-ID: <92CEF977-0E8D-4ED1-BA4A-1465281718E3@iki.fi> On 20.8.2013, at 19.57, Luciano Mannucci wrote: > I'm trying to upgrade a very old sparcstation running Solaris 8 which > is running dovecot 1.x for few users. All I have for the task is good > old gcc 2.95.2. The poor sod complains because it can't compute the > sizeof(unsigned char prefix_text[]) at line 13 of log-error-buffer.c. > Can I help it by - say - putting a constant between the '[]'? > Or is it unfair? :-) > I don't think it's woth modifying the distribution only for us owning > machines that should be in a museum by now? unsigned char prefix_text[FLEXIBLE_ARRAY_MEMBER]; probably works? Any other places where it fails? From joe.lourenco at cctechnol.com.br Thu Aug 22 20:33:22 2013 From: joe.lourenco at cctechnol.com.br (Joe Lourenco) Date: Thu, 22 Aug 2013 13:33:22 -0400 Subject: [Dovecot] Sieve filterset not activating in Dovecot 2.0.15 with, Sieve plug-in and Roundcube 0.5.3: "NO (TRYLATER) Internal Error." (Steffen Kaiser) In-Reply-To: References: Message-ID: <52164B62.7090908@cctechnol.com.br> Thank you Steffen Kaiser. I enabled the auth_debug and saw this error for permissions: Aug 22 13:41:44 managesieve($u): Error: sieve-storage: Creating symlink() /home/$u/.dovecot.sieve to sieve/Out of office.sieve failed: Permission denied The user's home directory was owned by root. Can not explain it why it was so. Thanks again! > On Wed, 21 Aug 2013, Joe Lourenco wrote: > > > roundcube: S: NO (TRYLATER) "Internal error occured. Refer to server log > > for more information. [2013-08-21 19:01:13]" > > > Nothing is showing up on the server log. > > Check out Dovecot's error log and search for that timestamp of the > message, it is there - unless, say, an out of disk error prevented the > logging. > From giles at coochey.net Thu Aug 22 22:12:40 2013 From: giles at coochey.net (Giles Coochey) Date: Thu, 22 Aug 2013 20:12:40 +0100 Subject: [Dovecot] Load goes up imap-login In-Reply-To: References: Message-ID: <521662A8.20808@coochey.net> On 22/08/2013 16:56, megodin at inboxalias.com wrote: > Hi there Giles, > > not really a solution to your problem, but a hint: > Try activating "verbose_proctitle = yes" in your dovecot.conf, restart service dovecot and you might get more information (when the load is produced by logged in users) - it gives you verbose information about which specific user with which IP is generating the high load. > > All the best, > Megodin > Hi Megodin, Thanks for the advice, I have added that to my configuration, and will review the logs the next time the problem surfaces. Thanks Giles -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4755 bytes Desc: S/MIME Cryptographic Signature URL: From dovecotmail at edschooler.com Fri Aug 23 03:50:19 2013 From: dovecotmail at edschooler.com (dovecotmail) Date: Thu, 22 Aug 2013 17:50:19 -0700 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: <20130822164503.GA13717@harrier.slackbuilds.org> References: <20130822164503.GA13717@harrier.slackbuilds.org> Message-ID: <5216B1CB.1090400@edschooler.com> Have you or anyone else tried fail2ban? I haven't had any break-in attempts since going to Dovecot yet, But with qpopper it didn't work very well unless it hit an actual user on the server. Then it would block the IP for a predetermined set amount of hits on that username then it block for the time I set it to. Just curios........ On 8/22/2013 9:45 AM, /dev/rob0 wrote: > On Thu, Aug 22, 2013 at 04:16:51PM +0000, Michael Smith (DF) wrote: >> Or another option, is there any good DNS based RBLs for botnet IPs, >> and is there any way to tie that in to the dovecot auth system? >> I've been looking for botnet rbls, but what I've found so far >> doesn't seem to work very well. Most of the IPs that I've had to >> firewall don't exist in them. > I guess I would first have tried Spamhaus XBL, but I guess you > checked that already. > > The problem with using XBL, anyway, is that you might have legitimate > logins from listed hosts. Example: a traveler using hotel wifi. We > (TINW) really would need a new DNSBL type (or a special result) for > this sort of abuse. > > It's a nice idea, worth building upon, if someone can fund it (or > find the time to develop it, which really amounts to the same thing.) > Imagine also a Dovecot network of reporters, where brute force > attempts worldwide are reported from Dovecots to the DNSBL, not > merely a one-way tie in. > > I'd also suggest listing SSH brute force attacks in the same DNSBL, > possibly with a different result (127.0.0.$port, so IMAP attackers > list as 127.0.0.143, SSH attackers as 127.0.0.22. Yes, we'd have to > incorporate the third quad for ports > 255, but the general idea is > for result codes to be both machine and human readable as much as > possible.) From stan at hardwarefreak.com Fri Aug 23 04:57:40 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 22 Aug 2013 20:57:40 -0500 Subject: [Dovecot] Dovecot tuning for GFS2 In-Reply-To: <20130821210713.GA31477@mushkin.tanso.net> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> Message-ID: <5216C194.50606@hardwarefreak.com> On 8/21/2013 4:07 PM, Jan-Frode Myklebust wrote: > I would strongly suggest using mdbox instead. AFAIK clusterfs' aren't I'd recommend mdbox as well, with a healthy rotation size. The larger files won't increase IMAP performance substantially but they can make backup significantly quicker. > very good at handling many small files. It's a worst case random I/O > usage pattern, with high rate of metadata operations on top. Just for clarification, small files and random IO patterns at the disks are only a small fraction of the maildir problem. The majority of it is metadata--the create, move, rename, etc operations. To keep the in-memory filesystem state consistent across all nodes, and to avoid putting extra IOPS on the storage if on disk data structures were to be used for synchronization, cluster filesystems exchange all metadata updates and synchronization data over the cluster interconnect. This is inherently slow. With a local filesystem and multiple processes, this coherence dance takes place at DRAM latencies--tens of nanoseconds, and scales well as load increases because DRAM bandwidth is 25-100 GB/s. With a cluster filesystem it takes place at interconnect latency, tens to hundreds of ?s, or about 1000x higher latency. And it doesn't scale well as bandwidth is limited to ~100 MB/s with GbE, ~1 GB/s with 10GbE or Myrinet. Stepping up to Infiniband 4x DDR can get you ~2 GB/s and slightly lower latency, but that's a lot of extra expense for a mail cluster, given the performance won't scale with the $$ spent. The switch and HBAs will cost more than the COTS servers. Selecting the right mailbox format is in essence free, and mostly solves the maildir metadata and IOPS problem. > We use IBM GPFS for clusterfs, and have finally completed the conversion > of a 130+ million inode maildir filesystem, into a 18 million inode mdbox > filesystem. I have no hard performance data showing the difference > between maildir/mdbox, but at a minimum mdbox is much easier to manage. > Backup of 130+ million files is painfull.. and also it feels nice to be > able do schedule batches of mailbox purges to off-hours, instead of doing > them at peak hours. 130m to 18m is 'only' a 7 fold decrease. 18m inodes is still rather large for any filesystem, cluster or local. A check on an 18m inode XFS filesystem, even on fast storage, would take quite some time. I'm sure it would take quite a bit longer to check a GFS2 with 18m inodes. Any reason you didn't go a little larger with your mdbox rotation size? -- Stan From jtam.home at gmail.com Fri Aug 23 07:30:27 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Thu, 22 Aug 2013 21:30:27 -0700 (PDT) Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: References: Message-ID: "Michael Smith (DF)" writes: > Or another option, is there any good DNS based RBLs for botnet IPs, and > is there any way to tie that in to the dovecot auth system? I've been > looking for botnet rbls, but what I've found so far doesn't seem to > work very well. Most of the IPs that I've had to firewall don't exist > in them. /dev/rob0 writes: > The problem with using XBL, anyway, is that you might have legitimate > logins from listed hosts. Example: a traveler using hotel wifi. We > (TINW) really would need a new DNSBL type (or a special result) for > this sort of abuse. > > It's a nice idea, worth building upon, if someone can fund it (or > find the time to develop it, which really amounts to the same thing.) > Imagine also a Dovecot network of reporters, where brute force > attempts worldwide are reported from Dovecots to the DNSBL, not > merely a one-way tie in. > > I'd also suggest listing SSH brute force attacks in the same DNSBL, > possibly with a different result (127.0.0.$port, so IMAP attackers > list as 127.0.0.143, SSH attackers as 127.0.0.22. Yes, we'd have to > incorporate the third quad for ports > 255, but the general idea is > for result codes to be both machine and human readable as much as > possible.) I use bl.blocklist.de as a DNSRBL for ssh BFD, but I think it also detects BFD for other protocols: http://www.blocklist.de/en/index.html The nice thing about this RBL is that you can also contribute by configuring your Fail2Ban/DenyHost to forward logs to the maintainers, to widen the detection network. I get about a 60% hit on ssh BFD attacks. I also found http://openbl.org but they distribute it as a downloadable file rather than as a DNSRBL. Maybe I can introduce the latter to the former. Joseph Tam From skdovecot at smail.inf.fh-brs.de Fri Aug 23 08:37:31 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 23 Aug 2013 07:37:31 +0200 (CEST) Subject: [Dovecot] Nee assistance with migrating/copying a virtual user's maildir to another virtual user In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 22 Aug 2013, David Varela wrote: > I tried the command provided by Steffan, however, although it runs and moves > the files beginning with . to the destination maildir other directories and > files in the previous users' maildir remained in the original location, and > messages in the new users' maildir are not visible in the client. does the old Maildir still contains new/cur folders? move them into .usr_XYZ.INBOX; Maildir/new and Maildir/cur hold the INBOX. The manager's Maildir should look like: Maildir /new /cur /tmp /.Folder1.subfolder2... /new /cur /tmp /.usr_XYZ.usrFolder /new /cur /tmp If the manager has a Maildir/.usr_XYZ.usrFolder/cur and Maildir/.usr_XYZ.usrFolder/new and at least one file is in either new or cur _and_ the manager is either displaying all folders or has usr_XYZ.usrFolder subscribed, this messages are to display in the MUA. sometimes one need to refresh the list of folders or something like that. Do the filesystem permission fit? > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On > Behalf Of David Varela > Sent: Friday, August 16, 2013 7:13 AM > To: dovecot at dovecot.org > Subject: Re: [Dovecot] Nee assistance with migrating/copying a virtual > user's maildir to another virtual user > > Thanks Steffan, > > I will test the move at the filesystem level. > > The virtual user still exists, although I have changed her password. > Dovecot is configured to authenticate users via LDAP to Active Directory. > If there's a better method of moving maildir via Dovecot rather than through > the filesystem I would like to do so. > > Thanks, > > David > > -----Original Message----- > From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] > Sent: Friday, August 16, 2013 12:33 AM > To: David Varela > Cc: 'Dovecot Mailing List' > Subject: Re: [Dovecot] Nee assistance with migrating/copying a virtual > user's maildir to another virtual user > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 15 Aug 2013, David Varela wrote: > >> I am trying to move/copy a virtual user's maildir to another virtual >> user but am running into problems with dsync and doveadm. I'm trying >> to move the maildir of a user who is no longer with the company to a > manager's maildir. >> >> For doveadm I am using the command: > >> doveadm move -u scavenaugh at lamontanita.coop >> jhenning at lamontanita.coop/INBOX/scavenaugh INBOX ALL >> >> The error is: >> >> doveadm(scavenaugh at lamontanita.coop): Error: user >> scavenaugh at lamontanita.coop: Auth USER lookup failed >> >> /var/log/dovecot.log shows: >> >> passdb doesn't support lookups, can't verify user's existence > > The user is gone from passdb already, right? Re-create the entry with > another password or password-locked. > > Or, move the directories on filesystem level, e.g. something like: > > cd user-Maildir-basedirectory > rename 's/\A(\.[^.].*)/.usr_XYZ$1/' .[^.]* mkdir -p > .usr_XYZ.INBOX/{new,cur,tmp} touch .usr_XYZ.INBOX/maildirfolder chown -R > vmail:vmail .usr_XYZ.INBOX mv .usr_XYZ* manage-Maildir-basedirectory > > .usr_XYZ is a prefix for a mail folder hierarchie identifying the user. > vmail:vmail are the necessary Unix owner/group for the newly created > directories with mkdir two lines above. The rename command renames all > directory entries that start with a single dot to have the prefix, that > should be directories only in a Maildir. > > - -- > Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUg3HrF3r2wJMiz2NAQL1pQf9GeIEnLfG0zkFXPJ/J2CB/wmGP4m/MCMp > BHxkRiLxXNezK4ckeliaLbpOD+NVyABc2n33tW11qav6IWrLTiGm9+A5p8TUOhfJ > wMWBNJ0TEjtTM+0EbGJlOhkQ0QFooobfc5Sl30qR02yF+vk+SkBdRpkZK7ulpSPf > 0ZtwIFF804NzMaKzZP2/SG77Z6JyW1N/TgaJ8QFtZwPrYymzD3iqtaFgoBAZqpSA > g5koZIen0wjHy905Sy+uLseAFj6UIuhVdN8eG18NibaTHRBct3rTeyWAQY8GVZLq > pPggEdUqHeTvrua5CzrL70iDbdcr29xezlvkxRueeDrGOApIprN4Mg== > =1T6x > -----END PGP SIGNATURE----- > ---------------Output of GPG------------------ > Decryption of block failed > gpg: Signature made Fri 16 Aug 2013 08:33:16 AM CEST using RSA key ID 4C8B3D8D > gpg: BAD signature from "Steffen Kaiser " > > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUhb1G13r2wJMiz2NAQKGOQf/Ycy/V+BOwg8Rk8geK+dALq+up321E6L1 bz7yhM/NnFklEoEH4vicGguFbpa+g42yo8FO6uAO22qTPD1Zf3VQFtMJs4zQPy52 zhl+F+7DGc0g27+tVcq/dqw7GRIT0nEXweo3FfYeTPHRozfTGqj73Ec8QvtGNkeU tt8T03om8ZDjHsvC1kH3Ta5eQyqrJxOYwkttOPVj8zsg3YfNim/Ejgb9cB4bZT+s 7cP5ySlHRKDQW/UkPcQaZKVZBxumPQNdV/HfY0LuANyTc0L7/8kQ4ly7TAKoFYhY mKPIdpPF4mCkRgx8v9PfpGZ7aZnI1DwED2nQYaheWcwH1Z6DukLn1A== =UtvU -----END PGP SIGNATURE----- From Wolfgang.Friebel at desy.de Fri Aug 23 13:43:25 2013 From: Wolfgang.Friebel at desy.de (Wolfgang.Friebel at desy.de) Date: Fri, 23 Aug 2013 12:43:25 +0200 (CEST) Subject: [Dovecot] Deleted mails in dsync backups Message-ID: Hello we are doing regular backups of the mdbox mail folders using dsync -u username backup mdbox:/somedir/BACKUPS/username (still with version 2.1.10, but 2.2.5 is in testing phase) We do observe that the directory size in the BACKUPS directory is growing with respect to the original mail folders. I believe this is due to deleted mails not being purged in the backup. We are doing regular doveadm purge -A cleanups, but this does (of course) not affect the backups and subsequent dsync backup runs seem not to clean up deleted mails in the backup either. Will the behaviour of the dsync backup command deal with deleted mails in the 2.2.5 release? If not, what could we do to get rid of the deleted mails in the backup (or is there another reason for the growth in size) We have e.g. after 9 month of running with 2.1.10 du -sk username 588520 du -sk /somedir/BACKUPS/username 863024 -- Wolfgang Friebel Deutsches Elektronen-Synchrotron DESY From lists at wildgooses.com Fri Aug 23 15:08:04 2013 From: lists at wildgooses.com (Ed W) Date: Fri, 23 Aug 2013 13:08:04 +0100 Subject: [Dovecot] Dovecot Dsync In-Reply-To: <5213E98E.8040003@mail-subs.com> References: <52139202.8090109@mail-subs.com> <521397D9.5000102@sys4.de> <5213E98E.8040003@mail-subs.com> Message-ID: <521750A4.9040908@wildgooses.com> Hi > I'm on an Ubuntu LTS release so the dovecot came from their release. > I'd prefer to stay that way unless I really have to... Everyone is entitled to their own opinions, but "IMHO" this kind of attitude is a huge detriment to most software projects. I see very little reason to take such policies personally... 1) I use virtualisation (especially lightweight virtualisation such as vservers) so that each service is in its own container. Now if I have no interest in some container and want to let it rot (ie as per LTS), then I can just do so. 2) I use a fast moving rolling distro (gentoo in my case, Arch is probably a good choice also) so that I have the option to stay up to date when I want to The end result is you can be as up to date as you want, or let things rot, as you please. Unfortunately if you want to use a very old bit of software, then you also get to keep all it's bugs... Sorry. Good luck! Hope this inspires you to try a different route! Ed W From CMarcus at Media-Brokers.com Fri Aug 23 15:17:21 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 23 Aug 2013 08:17:21 -0400 Subject: [Dovecot] mdbox - healthy rotation size vs default - WAS Re: Dovecot tuning for GFS2 In-Reply-To: <5216C194.50606@hardwarefreak.com> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> Message-ID: <521752D1.9060808@Media-Brokers.com> On 2013-08-22 9:57 PM, Stan Hoeppner wrote: > On 8/21/2013 4:07 PM, Jan-Frode Myklebust wrote: > >> I would strongly suggest using mdbox instead. AFAIK clusterfs' aren't > I'd recommend mdbox as well, with a healthy rotation size. The larger > files won't increase IMAP performance substantially but they can make > backup significantly quicker. I'm considering migrating to mdbox... wondering what you consider 'healthy' rotation size. I generally try to avoid changing defaults whenever possible, so, do you consider the default size of 2MB too small? I guess though that it depends on usage. Since we get a decent number of large attachments, maybe that is a good reason to bump it up? Thanks, -- Best regards, */Charles/* From CMarcus at Media-Brokers.com Fri Aug 23 15:32:13 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 23 Aug 2013 08:32:13 -0400 Subject: [Dovecot] Dovecot never release preallocated space in mdbox In-Reply-To: <1375446658.31867.18.camel@innu.dovecot.net> References: <51F63A50.9010002@emisfr.com> <1375446658.31867.18.camel@innu.dovecot.net> Message-ID: <5217564D.4080803@Media-Brokers.com> On 2013-08-02 8:30 AM, Timo Sirainen wrote: > The problem is that there is no "rotation time". In normal operation > Dovecot would be wasting time (=disk IO) looking at old files and > figuring out if they would need hole punching. I guess the doveadm > purge job could do that, but I'm not sure if that's always the best > idea either. I remember some people using different mdbox settings for > normal operations and for doveadm purge runs, so this could also > unintentionally break things. I'm considering migrating my users to mdbox, and thought that I had sent a follow-up to this, but found it in my Drafts folder... This does give me a little pause for concern... Shouldn't there be an internal, automatic mechanism in place for compacting (this I think is the more appropriate term, since it is what Thunderbird and Outlook both use, although it is used for local client files, as opposed to server based files) these files? Personally I'd like it to happen immediately, when a user deletes a(some) message(es). Maybe add a new setting for 'mdbox_compact_trigger' or something like that, where it only does it if it will reclaim at least ## amount of space - although checking for that in and of itself might be as much or more work as just doing it immediately when the email(s) is(are) deleted. But, even if it wasn't fully automatic, maybe simplest would be just another option to pass to doveadm purge (ie, -C for 'compact)? Also - what happens currently when *all* messages in any given mdbox file are deleted? Is the mdbox file deleted? Thanks, -- Best regards, */Charles/* From wildfire at progsoc.org Fri Aug 23 16:37:00 2013 From: wildfire at progsoc.org (Anand Kumria) Date: Fri, 23 Aug 2013 23:37:00 +1000 Subject: [Dovecot] piegonhole sieve prepending header lines with an extra space In-Reply-To: <51F0CF93.8070305@rename-it.nl> References: <51EF705A.5090502@rename-it.nl> <51EFB1E8.8010408@rename-it.nl> <51EFD6F8.6030102@rename-it.nl> <51EFE042.4020609@rename-it.nl> <51F0CF93.8070305@rename-it.nl> Message-ID: Hi Stephen, I finally had a chance to re-test this and confirm that v4.1 of the plugin does fix the problem. Thanks for your assistance. Regards, Anand On 25 July 2013 17:11, Stephan Bosch wrote: > On 7/25/2013 8:06 AM, Anand Kumria wrote: > > Hi Stephan, > > I'm not sure, I'm using Dovecot-managesieved 0.4.0-14, which I believe is > commit > > 1771:b41f5cf04b8f, which is actually *before* the commit you mentioned. > > > I'm not clear because you already have a release (v4.1) which does > contain that patch; are you suggesting that an upgrade to that version > might help? > > > Oh, right, it is already released. So, yes, upgrade. > > Regards, > > Stephan. > > From marc at grooz.de Fri Aug 23 22:30:12 2013 From: marc at grooz.de (Marc Grooz) Date: Fri, 23 Aug 2013 21:30:12 +0200 Subject: [Dovecot] SSL Cipher Order in Dovecot Message-ID: <36C769B0-992E-4019-B2D1-61ED7473C389@grooz.de> Hi, I want that dovecot uses PFS with my Apple Devices. I set the Cipher List to: ssl_cipher_list = DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!PSK:!SRP:!DSS:!SSLv2:!RC4 I got this from here: http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/ But then my only Outlook 2010 Client won't connect. If i enable rsa-aes128-SHA again on third place all clients connect without dhe. Dosen't dovecot horner the Cipher Order in the config? Kind regards Marc -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6091 bytes Desc: not available URL: From stan at hardwarefreak.com Sat Aug 24 02:08:02 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 23 Aug 2013 18:08:02 -0500 Subject: [Dovecot] mdbox - healthy rotation size vs default - WAS Re: Dovecot tuning for GFS2 In-Reply-To: <521752D1.9060808@Media-Brokers.com> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <521752D1.9060808@Media-Brokers.com> Message-ID: <5217EB52.805@hardwarefreak.com> On 8/23/2013 7:17 AM, Charles Marcus wrote: > On 2013-08-22 9:57 PM, Stan Hoeppner wrote: >> On 8/21/2013 4:07 PM, Jan-Frode Myklebust wrote: >> >>> I would strongly suggest using mdbox instead. AFAIK clusterfs' aren't >> I'd recommend mdbox as well, with a healthy rotation size. The larger >> files won't increase IMAP performance substantially but they can make >> backup significantly quicker. > > I'm considering migrating to mdbox... wondering what you consider > 'healthy' rotation size. > > I generally try to avoid changing defaults whenever possible, so, do you > consider the default size of 2MB too small? > > I guess though that it depends on usage. Since we get a decent number of > large attachments, maybe that is a good reason to bump it up? It's probably better to err large than to err small. Analyze your current maildir directories and make a distribution graph of file sizes. That should give you a good idea of what your rotation size should be. -- Stan From kremels at kreme.com Sat Aug 24 03:12:19 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 23 Aug 2013 18:12:19 -0600 Subject: [Dovecot] Dovecot LDA Message-ID: OK, I did read but it doesn't answer the question I have since it doesn't tell me what I can do with -o, exactly. What I would like to do is be able to call dovecot-lda and pass along '\\Seen', is that possible? -- Up the airy mountains, down the rushy glen... From ghosties and bogles and long-leggity beasties... My mother said I never should... We dare not go a-hunting for fear... And things that go bump... Play with the fairies in the wood... --Lords and Ladies From user+dovecot at localhost.localdomain.org Sat Aug 24 03:19:30 2013 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Sat, 24 Aug 2013 02:19:30 +0200 Subject: [Dovecot] Dovecot LDA In-Reply-To: References: Message-ID: <5217FC12.2060803@localhost.localdomain.org> On 08/24/2013 02:12 AM LuKreme wrote: > OK, I did read but it doesn't answer the question I have since it doesn't tell me what I can do with -o, exactly. -o is used to override settings, as documented in dovecot-lda(1)/http://wiki2.dovecot.org/Tools/DovecotLDA > What I would like to do is be able to call dovecot-lda and pass along '\\Seen', is that possible? That requires Sieve, see http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples#line-59 for an example. Regards, Pascal -- The trapper recommends today: cafebabe.1323602 at localdomain.org From anton.chigin at live.com Sat Aug 24 04:05:37 2013 From: anton.chigin at live.com (Anton Chigin) Date: Sat, 24 Aug 2013 05:05:37 +0400 Subject: [Dovecot] expire plugin doesn't work? Message-ID: Hello, I've configured dovecot to use expire plugin: heres my dovecot -n: --------------------- # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 ext4 auth_mechanisms = plain login dict { expire = mysql:/etc/dovecot/dovecot-dict-expire-sql.conf.ext } mail_location = maildir:/home/mail/vhosts/%d/%n mail_plugins = expire mail_privileged_group = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { auto = no special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { expire = Trash 7 expire_dict = proxy::expire sieve = ~/dovecot.sieve sieve_dir = ~/sieve sieve_max_actions = 32 sieve_max_redirects = 4 sieve_max_script_size = 1M sieve_quota_max_scripts = 32 } protocols = imap pop3 lmtp sieve service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 128 M } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 995 ssl = yes } } ssl = required ssl_ca = show create table expires; +---------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Table | Create Table | +---------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | CREATE TABLE `expires` ( `username` varchar(75) NOT NULL, `mailbox` varchar(255) NOT NULL, `expire_stamp` int(11) NOT NULL, PRIMARY KEY (`username`,`mailbox`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 | +---------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 1 row in set (0.00 sec) And nothing works dovecot debug shows nothing: only one string related to expire plugin Aug 24 04:21:37 piscola dovecot: lmtp(16927): Debug: Module loaded: /usr/lib/dovecot/modules/lib20_expire_plugin.so mysql general query log show nothing also... Can anyone help me please? Thanks a lot! From gedalya at gedalya.net Sat Aug 24 04:17:34 2013 From: gedalya at gedalya.net (Gedalya) Date: Fri, 23 Aug 2013 21:17:34 -0400 Subject: [Dovecot] expire plugin doesn't work? In-Reply-To: References: Message-ID: <521809AE.30002@gedalya.net> On 08/23/2013 09:05 PM, Anton Chigin wrote: > plugin { > expire = Trash 7 > expire_dict = proxy::expire You're using Dovecot 2.1, that configuration syntax is for 1.2. Please follow documentation at http://wiki2.dovecot.org/Plugins/Expire From jorgito1412 at gmail.com Sat Aug 24 10:52:09 2013 From: jorgito1412 at gmail.com (George) Date: Sat, 24 Aug 2013 04:52:09 -0300 Subject: [Dovecot] Disable PAM username change? Message-ID: Hi! I have a problem involving Samba4, exim4, fetchmail, Dovecot and PAM... I am using Dovecot 2.1.7 on Debian Wheezy. I have setup a "maildrop" machine, which fetches mail from an external POP3 server for multiple accounts using fetchmail, delivers to local users mailboxes through exim4 and then serves them on the intranet via IMAP with Dovecot. This works great with local unix users, but I am having some trouble to configure it to work with Samba4 AD users (Samba 4.0.9 running as a DC on the same machine). Basically, I have configured PAM with winbind and it works fine (AD users can SSH the machine for example). Dovecot also authenticates properly via PAM, but the problem is that the username gets changed in the process (PAM returrns the "username" as "DOMAIN\username"): Aug 21 22:50:22 dc2 dovecot: auth-worker(5179): Debug: auth(foo,127.0.0.1): username changed foo -> DOMAIN\foo Aug 21 22:50:22 dc2 dovecot: auth: Debug: auth(foo,127.0.0.1,<0bBfg3/kpQB/AAAB>): username changed foo -> DOMAIN\foo Aug 21 22:50:22 dc2 dovecot: auth: Debug: client out: OK#0111#011user=DOMAIN\foo So the actual problem is that exim4 is delivering the mail to, for example, "/var/mail/foo" but Dovecot is looking for the mailbox on "/var/mail/DOMAIN\foo", even if the username given in the IMAP session is just "foo". The wiki mentionsthat "a PAM module can change the username". Can this be avoided? I need either: * Exim to deliver the mail to the user mailbox, *including* the domain part (out of scope of this list, but information is welcome), or * Dovecot to fetch the mail *not* using the domain part as part of the username variable. As a quick and dirty workaround, I hardcoded the domain part in the exim delivery path (something like "/var/mail/DOMAIN\\$local_part"), but this is far from optimal since I cannot use both unix users and AD users, I cannot use dovecot_delivery LDA transport, etc. As a bottom line, I also posted this to the Samba list because I believe this could also be solved if winbind just always returned the username without the domain when queried (conf option not working, probable bug) Ideas are welcome!! Best regards, Jorge From trashcan at odo.in-berlin.de Sat Aug 24 11:47:56 2013 From: trashcan at odo.in-berlin.de (Michael Grimm) Date: Sat, 24 Aug 2013 10:47:56 +0200 Subject: [Dovecot] mdbox - healthy rotation size vs default In-Reply-To: <521752D1.9060808@Media-Brokers.com> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <521752D1.9060808@Media-Brokers.com> Message-ID: <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> On 23.08.2013, at 14:17, Charles Marcus wrote: > On 2013-08-22 9:57 PM, Stan Hoeppner wrote: >> I'd recommend mdbox as well, with a healthy rotation size. The larger >> files won't increase IMAP performance substantially but they can make >> backup significantly quicker. > > I'm considering migrating to mdbox... wondering what you consider 'healthy' rotation size. > > I generally try to avoid changing defaults whenever possible, [...] I am running "mdbox_rotate_size = 100m" for approx. a year now on a small server (a handful of users, only). All mailboxes are around 1G each with a lot of attachments. I never had an issue so far. Don't ask me why I did chose 100m, I cannot remember ;-) Ok, if one of such mdbox files will become corrupt, I will loose a lot of mail, but on the other hand I am running two dovecot servers in parallel (replicator/dsync) and I do take hourly snapshots (ZFS) of my mail storage file system as well. Regards, Michael From anton.chigin at live.com Sat Aug 24 13:16:56 2013 From: anton.chigin at live.com (Anton Chigin) Date: Sat, 24 Aug 2013 10:16:56 +0000 Subject: [Dovecot] expire plugin doesn't work? In-Reply-To: <521809AE.30002@gedalya.net> References: , <521809AE.30002@gedalya.net> Message-ID: Hi!Thanks for your suggestion, that moved me in to right direction.It was double permission issue, that I was able to debug since changed format, and now timestaps are added into the mysql table. As far as I understand expire plugin only adds timestamps to mysql table, and thats it, isn't it?I mean I want to understand how to configure mails to be removed...Do I need to add to cron "doveadm expunge -A mailbox Trash savedbefore 30d" ? Thanks a lot! > Date: Fri, 23 Aug 2013 21:17:34 -0400 > From: gedalya at gedalya.net > To: dovecot at dovecot.org; anton.chigin at live.com > Subject: Re: [Dovecot] expire plugin doesn't work? > > On 08/23/2013 09:05 PM, Anton Chigin wrote: > > plugin { > > expire = Trash 7 > > expire_dict = proxy::expire > > You're using Dovecot 2.1, that configuration syntax is for 1.2. > Please follow documentation at http://wiki2.dovecot.org/Plugins/Expire > From gedalya at gedalya.net Sat Aug 24 13:22:32 2013 From: gedalya at gedalya.net (Gedalya) Date: Sat, 24 Aug 2013 06:22:32 -0400 Subject: [Dovecot] expire plugin doesn't work? In-Reply-To: References: , <521809AE.30002@gedalya.net> Message-ID: <52188968.6040308@gedalya.net> Yes, you add that cron job, and it would work with or without the expire plugin. The thing is that if the expire plugin is enabled, the "doveadm expunge" command will look at the expires table in mysql and only process users who are in the database with a timestamp older than your specified message age. The timestamp is supposed to designate "age of oldest message in folder". Without the expires plugin, the command would have to process every user in the system (as per the result of the iterate query, if you're using SQL authentication) and actually open every Trash folder and look inside, which would normally be a lot more work and take more time. On 08/24/2013 06:16 AM, Anton Chigin wrote: > Hi! > Thanks for your suggestion, that moved me in to right direction. > It was double permission issue, that I was able to debug since changed > format, and now timestaps are added into the mysql table. > > As far as I understand expire plugin only adds timestamps to mysql > table, and thats it, isn't it? > I mean I want to understand how to configure mails to be removed... > Do I need to add to cron "doveadm expunge -A mailbox Trash savedbefore > 30d" ? > > Thanks a lot! > > > Date: Fri, 23 Aug 2013 21:17:34 -0400 > > From: gedalya at gedalya.net > > To: dovecot at dovecot.org; anton.chigin at live.com > > Subject: Re: [Dovecot] expire plugin doesn't work? > > > > On 08/23/2013 09:05 PM, Anton Chigin wrote: > > > plugin { > > > expire = Trash 7 > > > expire_dict = proxy::expire > > > > You're using Dovecot 2.1, that configuration syntax is for 1.2. > > Please follow documentation at http://wiki2.dovecot.org/Plugins/Expire > > From anton.chigin at live.com Sat Aug 24 13:46:28 2013 From: anton.chigin at live.com (Anton Chigin) Date: Sat, 24 Aug 2013 10:46:28 +0000 Subject: [Dovecot] expire plugin doesn't work? In-Reply-To: <52188968.6040308@gedalya.net> References: , <521809AE.30002@gedalya.net> , <52188968.6040308@gedalya.net> Message-ID: So,is enabling expire plugin the only way "doveadm expunge" to work with static userdb, because of lack iterate_query option? If I test it now "doveadm search" I see:Aug 24 13:28:22 piscola dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/authAug 24 13:28:22 piscola dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.soAug 24 13:28:22 piscola dovecot: auth: Debug: master in: LIST#0111Aug 24 13:28:22 piscola dovecot: auth: Error: Trying to iterate users, but userdbs don't support it userdb I have:userdb { args = uid=vmail gid=vmail home=/home/mail/vhosts/%d/%n driver = static} Is it OK and doveadm will not have to iterate users since expire plugin is enabled?Or should I still fix it to get it works properly? Thanks a lot for your help! Date: Sat, 24 Aug 2013 06:22:32 -0400 From: gedalya at gedalya.net To: anton.chigin at live.com CC: dovecot at dovecot.org Subject: Re: [Dovecot] expire plugin doesn't work? Yes, you add that cron job, and it would work with or without the expire plugin. The thing is that if the expire plugin is enabled, the "doveadm expunge" command will look at the expires table in mysql and only process users who are in the database with a timestamp older than your specified message age. The timestamp is supposed to designate "age of oldest message in folder". Without the expires plugin, the command would have to process every user in the system (as per the result of the iterate query, if you're using SQL authentication) and actually open every Trash folder and look inside, which would normally be a lot more work and take more time. On 08/24/2013 06:16 AM, Anton Chigin wrote: Hi! Thanks for your suggestion, that moved me in to right direction. It was double permission issue, that I was able to debug since changed format, and now timestaps are added into the mysql table. As far as I understand expire plugin only adds timestamps to mysql table, and thats it, isn't it? I mean I want to understand how to configure mails to be removed... Do I need to add to cron "doveadm expunge -A mailbox Trash savedbefore 30d" ? Thanks a lot! > Date: Fri, 23 Aug 2013 21:17:34 -0400 > From: gedalya at gedalya.net > To: dovecot at dovecot.org; anton.chigin at live.com > Subject: Re: [Dovecot] expire plugin doesn't work? > > On 08/23/2013 09:05 PM, Anton Chigin wrote: > > plugin { > > expire = Trash 7 > > expire_dict = proxy::expire > > You're using Dovecot 2.1, that configuration syntax is for 1.2. > Please follow documentation at http://wiki2.dovecot.org/Plugins/Expire > From Rainer at krugs.de Sat Aug 24 13:42:20 2013 From: Rainer at krugs.de (Rainer M Krug) Date: Sat, 24 Aug 2013 11:42:20 +0100 Subject: [Dovecot] Migrating from Maildir to Maildir:LAYOUT=fs Message-ID: Hi I have use dovecot together with offlineimap to download my gmail account on a single user computer and I have only one maildir (~/Maildir). As I switched to Mac, I would like to use spotlight to index my mails, which apparently does not work as they are in hidden directories (.directories). So I would like to change to LAYOUT=fs. Is there an easy way to migrate my email structure? I have several folders and subfolders, but a manual solution would be fine with me as well. My questions: 1) can I simply restructure the mailboxes and rename the folders / move them into the folders where I want them after changing the configuration of dovecot? 2) Is there an easy tool I can use for this for one mailbox which is doing it automatically? Thanks, Rainer -- Rainer M. Krug email: RMKruggmailcom From gedalya at gedalya.net Sat Aug 24 13:57:05 2013 From: gedalya at gedalya.net (Gedalya) Date: Sat, 24 Aug 2013 06:57:05 -0400 Subject: [Dovecot] expire plugin doesn't work? In-Reply-To: References: , <521809AE.30002@gedalya.net> , <52188968.6040308@gedalya.net> Message-ID: <52189181.3080702@gedalya.net> I don't know, why don't you just try? If you run the exact same command but with "search" instead of "expunge", it should also use the expire plugin in the same way, so that should be an easy test. Are you using sql for passdb? If so I wonder if you could define an sql userdb in addition to the static userdb with only an iterate_query defined..? On 08/24/2013 06:46 AM, Anton Chigin wrote: > So, > is enabling expire plugin the only way "doveadm expunge" to work with > static userdb, because of lack iterate_query option? > > If I test it now "doveadm search" I see: > Aug 24 13:28:22 piscola dovecot: auth: Debug: Loading modules from > directory: /usr/lib/dovecot/modules/auth > Aug 24 13:28:22 piscola dovecot: auth: Debug: Module loaded: > /usr/lib/dovecot/modules/auth/libdriver_mysql.so > Aug 24 13:28:22 piscola dovecot: auth: Debug: master in: LIST#0111 > Aug 24 13:28:22 piscola dovecot: auth: Error: Trying to iterate users, > but userdbs don't support it > > userdb I have: > userdb { > args = uid=vmail gid=vmail home=/home/mail/vhosts/%d/%n > driver = static > } > > Is it OK and doveadm will not have to iterate users since expire > plugin is enabled? > Or should I still fix it to get it works properly? > > Thanks a lot for your help! > > ------------------------------------------------------------------------ > Date: Sat, 24 Aug 2013 06:22:32 -0400 > From: gedalya at gedalya.net > To: anton.chigin at live.com > CC: dovecot at dovecot.org > Subject: Re: [Dovecot] expire plugin doesn't work? > > Yes, you add that cron job, and it would work with or without the > expire plugin. > The thing is that if the expire plugin is enabled, the "doveadm > expunge" command will look at the expires table in mysql and only > process users who are in the database with a timestamp older than your > specified message age. The timestamp is supposed to designate "age of > oldest message in folder". Without the expires plugin, the command > would have to process every user in the system (as per the result of > the iterate query, if you're using SQL authentication) and actually > open every Trash folder and look inside, which would normally be a lot > more work and take more time. > > > On 08/24/2013 06:16 AM, Anton Chigin wrote: > > Hi! > Thanks for your suggestion, that moved me in to right direction. > It was double permission issue, that I was able to debug since > changed format, and now timestaps are added into the mysql table. > > As far as I understand expire plugin only adds timestamps to mysql > table, and thats it, isn't it? > I mean I want to understand how to configure mails to be removed... > Do I need to add to cron "doveadm expunge -A mailbox Trash > savedbefore 30d" ? > > Thanks a lot! > > > Date: Fri, 23 Aug 2013 21:17:34 -0400 > > From: gedalya at gedalya.net > > To: dovecot at dovecot.org ; > anton.chigin at live.com > > Subject: Re: [Dovecot] expire plugin doesn't work? > > > > On 08/23/2013 09:05 PM, Anton Chigin wrote: > > > plugin { > > > expire = Trash 7 > > > expire_dict = proxy::expire > > > > You're using Dovecot 2.1, that configuration syntax is for 1.2. > > Please follow documentation at > http://wiki2.dovecot.org/Plugins/Expire > > > > From anton.chigin at live.com Sat Aug 24 14:19:26 2013 From: anton.chigin at live.com (Anton Chigin) Date: Sat, 24 Aug 2013 11:19:26 +0000 Subject: [Dovecot] expire plugin doesn't work? In-Reply-To: <52189181.3080702@gedalya.net> References: , <521809AE.30002@gedalya.net> , <52188968.6040308@gedalya.net> , <52189181.3080702@gedalya.net> Message-ID: I've set up both static userdb and mysql userdb and according to mysql logs it works as you described!Will move from static to sql usersdb anyway. Thanks! Date: Sat, 24 Aug 2013 06:57:05 -0400 From: gedalya at gedalya.net To: anton.chigin at live.com CC: dovecot at dovecot.org Subject: Re: [Dovecot] expire plugin doesn't work? I don't know, why don't you just try? If you run the exact same command but with "search" instead of "expunge", it should also use the expire plugin in the same way, so that should be an easy test. Are you using sql for passdb? If so I wonder if you could define an sql userdb in addition to the static userdb with only an iterate_query defined..? On 08/24/2013 06:46 AM, Anton Chigin wrote: So, is enabling expire plugin the only way "doveadm expunge" to work with static userdb, because of lack iterate_query option? If I test it now "doveadm search" I see: Aug 24 13:28:22 piscola dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Aug 24 13:28:22 piscola dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so Aug 24 13:28:22 piscola dovecot: auth: Debug: master in: LIST#0111 Aug 24 13:28:22 piscola dovecot: auth: Error: Trying to iterate users, but userdbs don't support it userdb I have: userdb { args = uid=vmail gid=vmail home=/home/mail/vhosts/%d/%n driver = static } Is it OK and doveadm will not have to iterate users since expire plugin is enabled? Or should I still fix it to get it works properly? Thanks a lot for your help! Date: Sat, 24 Aug 2013 06:22:32 -0400 From: gedalya at gedalya.net To: anton.chigin at live.com CC: dovecot at dovecot.org Subject: Re: [Dovecot] expire plugin doesn't work? Yes, you add that cron job, and it would work with or without the expire plugin. The thing is that if the expire plugin is enabled, the "doveadm expunge" command will look at the expires table in mysql and only process users who are in the database with a timestamp older than your specified message age. The timestamp is supposed to designate "age of oldest message in folder". Without the expires plugin, the command would have to process every user in the system (as per the result of the iterate query, if you're using SQL authentication) and actually open every Trash folder and look inside, which would normally be a lot more work and take more time. On 08/24/2013 06:16 AM, Anton Chigin wrote: Hi! Thanks for your suggestion, that moved me in to right direction. It was double permission issue, that I was able to debug since changed format, and now timestaps are added into the mysql table. As far as I understand expire plugin only adds timestamps to mysql table, and thats it, isn't it? I mean I want to understand how to configure mails to be removed... Do I need to add to cron "doveadm expunge -A mailbox Trash savedbefore 30d" ? Thanks a lot! > Date: Fri, 23 Aug 2013 21:17:34 -0400 > From: gedalya at gedalya.net > To: dovecot at dovecot.org; anton.chigin at live.com > Subject: Re: [Dovecot] expire plugin doesn't work? > > On 08/23/2013 09:05 PM, Anton Chigin wrote: > > plugin { > > expire = Trash 7 > > expire_dict = proxy::expire > > You're using Dovecot 2.1, that configuration syntax is for 1.2. > Please follow documentation at http://wiki2.dovecot.org/Plugins/Expire > From gedalya at gedalya.net Sat Aug 24 14:20:53 2013 From: gedalya at gedalya.net (Gedalya) Date: Sat, 24 Aug 2013 07:20:53 -0400 Subject: [Dovecot] expire plugin doesn't work? In-Reply-To: References: , <521809AE.30002@gedalya.net> , <52188968.6040308@gedalya.net> , <52189181.3080702@gedalya.net> Message-ID: <52189715.2030704@gedalya.net> Oh cool. Nice to hear. Remember to take a look at the prefetch http://wiki2.dovecot.org/UserDatabase/Prefetch , it saves you an extra query in cases where authentication took place before userdb lookup. On 08/24/2013 07:19 AM, Anton Chigin wrote: > I've set up both static userdb and mysql userdb and according to mysql > logs it works as you described! > Will move from static to sql usersdb anyway. > Thanks! > > ------------------------------------------------------------------------ > Date: Sat, 24 Aug 2013 06:57:05 -0400 > From: gedalya at gedalya.net > To: anton.chigin at live.com > CC: dovecot at dovecot.org > Subject: Re: [Dovecot] expire plugin doesn't work? > > I don't know, why don't you just try? > If you run the exact same command but with "search" instead of > "expunge", it should also use the expire plugin in the same way, so > that should be an easy test. > Are you using sql for passdb? If so I wonder if you could define an > sql userdb in addition to the static userdb with only an iterate_query > defined..? > > On 08/24/2013 06:46 AM, Anton Chigin wrote: > > So, > is enabling expire plugin the only way "doveadm expunge" to work > with static userdb, because of lack iterate_query option? > > If I test it now "doveadm search" I see: > Aug 24 13:28:22 piscola dovecot: auth: Debug: Loading modules from > directory: /usr/lib/dovecot/modules/auth > Aug 24 13:28:22 piscola dovecot: auth: Debug: Module loaded: > /usr/lib/dovecot/modules/auth/libdriver_mysql.so > Aug 24 13:28:22 piscola dovecot: auth: Debug: master in: LIST#0111 > Aug 24 13:28:22 piscola dovecot: auth: Error: Trying to iterate > users, but userdbs don't support it > > userdb I have: > userdb { > args = uid=vmail gid=vmail home=/home/mail/vhosts/%d/%n > driver = static > } > > Is it OK and doveadm will not have to iterate users since expire > plugin is enabled? > Or should I still fix it to get it works properly? > > Thanks a lot for your help! > > ------------------------------------------------------------------------ > Date: Sat, 24 Aug 2013 06:22:32 -0400 > From: gedalya at gedalya.net > To: anton.chigin at live.com > CC: dovecot at dovecot.org > Subject: Re: [Dovecot] expire plugin doesn't work? > > Yes, you add that cron job, and it would work with or without the > expire plugin. > The thing is that if the expire plugin is enabled, the "doveadm > expunge" command will look at the expires table in mysql and only > process users who are in the database with a timestamp older than > your specified message age. The timestamp is supposed to designate > "age of oldest message in folder". Without the expires plugin, the > command would have to process every user in the system (as per the > result of the iterate query, if you're using SQL authentication) > and actually open every Trash folder and look inside, which would > normally be a lot more work and take more time. > > > On 08/24/2013 06:16 AM, Anton Chigin wrote: > > Hi! > Thanks for your suggestion, that moved me in to right direction. > It was double permission issue, that I was able to debug since > changed format, and now timestaps are added into the mysql table. > > As far as I understand expire plugin only adds timestamps to > mysql table, and thats it, isn't it? > I mean I want to understand how to configure mails to be > removed... > Do I need to add to cron "doveadm expunge -A mailbox Trash > savedbefore 30d" ? > > Thanks a lot! > > > Date: Fri, 23 Aug 2013 21:17:34 -0400 > > From: gedalya at gedalya.net > > To: dovecot at dovecot.org ; > anton.chigin at live.com > > Subject: Re: [Dovecot] expire plugin doesn't work? > > > > On 08/23/2013 09:05 PM, Anton Chigin wrote: > > > plugin { > > > expire = Trash 7 > > > expire_dict = proxy::expire > > > > You're using Dovecot 2.1, that configuration syntax is for 1.2. > > Please follow documentation at > http://wiki2.dovecot.org/Plugins/Expire > > > > > From anton.chigin at live.com Sat Aug 24 14:28:04 2013 From: anton.chigin at live.com (Anton Chigin) Date: Sat, 24 Aug 2013 11:28:04 +0000 Subject: [Dovecot] RESOLVED: expire plugin doesn't work? In-Reply-To: <52189715.2030704@gedalya.net> References: , <521809AE.30002@gedalya.net> , <52188968.6040308@gedalya.net> , <52189181.3080702@gedalya.net> , <52189715.2030704@gedalya.net> Message-ID: Was just reading the same wiki page :)Really appreciate your help.Will mark as resolved Date: Sat, 24 Aug 2013 07:20:53 -0400 From: gedalya at gedalya.net To: anton.chigin at live.com CC: dovecot at dovecot.org Subject: Re: [Dovecot] expire plugin doesn't work? Oh cool. Nice to hear. Remember to take a look at the prefetch http://wiki2.dovecot.org/UserDatabase/Prefetch , it saves you an extra query in cases where authentication took place before userdb lookup. On 08/24/2013 07:19 AM, Anton Chigin wrote: I've set up both static userdb and mysql userdb and according to mysql logs it works as you described! Will move from static to sql usersdb anyway. Thanks! Date: Sat, 24 Aug 2013 06:57:05 -0400 From: gedalya at gedalya.net To: anton.chigin at live.com CC: dovecot at dovecot.org Subject: Re: [Dovecot] expire plugin doesn't work? I don't know, why don't you just try? If you run the exact same command but with "search" instead of "expunge", it should also use the expire plugin in the same way, so that should be an easy test. Are you using sql for passdb? If so I wonder if you could define an sql userdb in addition to the static userdb with only an iterate_query defined..? On 08/24/2013 06:46 AM, Anton Chigin wrote: So, is enabling expire plugin the only way "doveadm expunge" to work with static userdb, because of lack iterate_query option? If I test it now "doveadm search" I see: Aug 24 13:28:22 piscola dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Aug 24 13:28:22 piscola dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so Aug 24 13:28:22 piscola dovecot: auth: Debug: master in: LIST#0111 Aug 24 13:28:22 piscola dovecot: auth: Error: Trying to iterate users, but userdbs don't support it userdb I have: userdb { args = uid=vmail gid=vmail home=/home/mail/vhosts/%d/%n driver = static } Is it OK and doveadm will not have to iterate users since expire plugin is enabled? Or should I still fix it to get it works properly? Thanks a lot for your help! Date: Sat, 24 Aug 2013 06:22:32 -0400 From: gedalya at gedalya.net To: anton.chigin at live.com CC: dovecot at dovecot.org Subject: Re: [Dovecot] expire plugin doesn't work? Yes, you add that cron job, and it would work with or without the expire plugin. The thing is that if the expire plugin is enabled, the "doveadm expunge" command will look at the expires table in mysql and only process users who are in the database with a timestamp older than your specified message age. The timestamp is supposed to designate "age of oldest message in folder". Without the expires plugin, the command would have to process every user in the system (as per the result of the iterate query, if you're using SQL authentication) and actually open every Trash folder and look inside, which would normally be a lot more work and take more time. On 08/24/2013 06:16 AM, Anton Chigin wrote: Hi! Thanks for your suggestion, that moved me in to right direction. It was double permission issue, that I was able to debug since changed format, and now timestaps are added into the mysql table. As far as I understand expire plugin only adds timestamps to mysql table, and thats it, isn't it? I mean I want to understand how to configure mails to be removed... Do I need to add to cron "doveadm expunge -A mailbox Trash savedbefore 30d" ? Thanks a lot! > Date: Fri, 23 Aug 2013 21:17:34 -0400 > From: gedalya at gedalya.net > To: dovecot at dovecot.org; anton.chigin at live.com > Subject: Re: [Dovecot] expire plugin doesn't work? > > On 08/23/2013 09:05 PM, Anton Chigin wrote: > > plugin { > > expire = Trash 7 > > expire_dict = proxy::expire > > You're using Dovecot 2.1, that configuration syntax is for 1.2. > Please follow documentation at http://wiki2.dovecot.org/Plugins/Expire > From kremels at kreme.com Sat Aug 24 20:53:32 2013 From: kremels at kreme.com (LuKreme) Date: Sat, 24 Aug 2013 11:53:32 -0600 Subject: [Dovecot] Dovecot LDA In-Reply-To: <5217FC12.2060803@localhost.localdomain.org> References: <5217FC12.2060803@localhost.localdomain.org> Message-ID: <3E52857F-A253-47FA-9E61-783D6802F3F2@kreme.com> On 23 Aug 2013, at 18:19 , Pascal Volk wrote: > On 08/24/2013 02:12 AM LuKreme wrote: >> OK, I did read but it doesn't answer the question I have since it doesn't tell me what I can do with -o, exactly. > > -o is used to override settings, as documented in > dovecot-lda(1)/http://wiki2.dovecot.org/Tools/DovecotLDA > >> What I would like to do is be able to call dovecot-lda and pass along '\\Seen', is that possible? > > That requires Sieve, see > http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples#line-59 for an example. So would I be able to call dovecot-lda with the name of the sieve file I want (one which just applies \\Seen to the message in question). Could I also pass the name of the maildir I wanted the message in? Basically, I do all my sorting in procmail, but the method for marking messages in procmail as seen is... well, it's a kludge. It it is possible for me to do something like |dovecot-lda -o mail_location="/path/to/my/Maildir/.listname" -o sieve="/path/to/markread.sieve" that would be great. This page does not have a s.x equivalent, so I am guessing nothing has changed. That says that I have to use dovecot-lda as my LDA in order to invoke sieve, could I just add mail_plugins=sieve to that dovecot-lda line above? -- I WILL NOT BARF UNLESS I'M SICK Bart chalkboard Ep. 8F15 From Sulla at gmx.at Sun Aug 25 00:20:59 2013 From: Sulla at gmx.at (Sulla) Date: Sat, 24 Aug 2013 23:20:59 +0200 Subject: [Dovecot] dovecot OK for intranet, not OK for external IPs Message-ID: <521923BB.8050801@gmx.at> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear all! I'm stuck. I've got a dovecot IMAP server running (TLS, port 149) on Ubuntu 13.04 server behind a DSL router. The mailserver's IP is 10.0.0.1 When I connect to my mailbox from my intranet-PC (10.0.0.2), everything works as expected. Login OK, acces to all mailboxes is ok, everything. netstat -nt on my email server shows me: Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 10.0.0.1:143 10.0.0.2:57952 ESTABLISHED and /var/log/mail.log shows me: Aug 24 22:41:00 SERVERNAME dovecot: imap-login: Login: user=, method=PLAIN, rip=10.0.0.2, lip=10.0.0.1, mpid=24326, TLS, session=<3Ul+irfkYAAKAAAC> However, when I connect to my mailserver through the internet (from 10.196.124.7 which is a modem of my ISP), dovecot ignores the authentication request. It does nothing. Just nothing. My router forwards the connection request to my mailserver correctly, so port forwarding on the router is ok, as my mailserver gets a connection request from the client. Proof: "netstat -nt" shows me: Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 10.0.0.1:143 10.196.124.7:1024 SYN_RECV So, my server gets a connection request on port 143 from my client PC, but then nothing happens. By nothing I mean, that nothing gets written into /var/log/mail.log and my email client (Thunderbird) gets a connection timeout. Any ideas why dovecot is refusing connections? How can I solve this problem? thanx all Sulla -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIZI7sACgkQR6b2EdogPFvqxACgrUACK1J8tHCxJR0jMUui14bs TsoAnAw4QnVr2kydjk2cErKW+i6oVu1f =86wg -----END PGP SIGNATURE----- From gedalya at gedalya.net Sun Aug 25 00:49:21 2013 From: gedalya at gedalya.net (Gedalya) Date: Sat, 24 Aug 2013 17:49:21 -0400 Subject: [Dovecot] dovecot OK for intranet, not OK for external IPs In-Reply-To: <521923BB.8050801@gmx.at> References: <521923BB.8050801@gmx.at> Message-ID: <52192A61.4090003@gedalya.net> On 08/24/2013 05:20 PM, Sulla wrote: > > My router forwards the connection request to my mailserver correctly, so > port forwarding on the router is ok, as my mailserver gets a connection > request from the client. Proof: "netstat -nt" shows me: > > Proto Recv-Q Send-Q Local Address Foreign Address State > tcp 0 0 10.0.0.1:143 10.196.124.7:1024 SYN_RECV > > This proves one thing: that the SYN was received. It doesn't prove that the reply is being routed back properly. Obviously you have an asymmetrical routing or firewalling issue, and I'm not sure what kind of address translation should be / is / is not being preformed. This is a basic networking issue and has nothing to do specifically with dovecot. Try to shut dovecot down and open a listening port with netcat: #$ nc -lp 143 or for verbose output # nc -vvlp 143 On the other LAN compuer: # nc -vv 10.0.0.1 143 and start "chatting". It will work. From the outside computer it won't. If it does, dovecot will work too. Proceed with troubleshooting. TCP is handled by the kernel, not by dovecot. (you might want to look at the nc man page for the exact options available for your specific variety of netcat) You can probably do this on any other arbitrary port, it doesn't have to be 143 so you can let dovecot run at least for the LAN, if needed, while you figure this out. From sulla at gmx.at Sun Aug 25 01:31:00 2013 From: sulla at gmx.at (sulla) Date: Sat, 24 Aug 2013 15:31:00 -0700 (PDT) Subject: [Dovecot] dovecot OK for intranet, not OK for external IPs In-Reply-To: <521923BB.8050801@gmx.at> References: <521923BB.8050801@gmx.at> Message-ID: <1377383460415-44053.post@n4.nabble.com> Thanx to this very supportive list!! Richard pointed out to me that the IP which I called "external" was a net-10 IP and thus no official address, but rather belonged to the private pool of my ISP and that net-10 adresses were not routable with arbitrary results when a router nevertheless tries to route them. This hint was right on!!! I suspect that my ISP directly routed my connection request back to me without ever unleashing it to the open internet. It's a bit weird. I just set-up my (ancient) mobile phone (Sony Ericsson z770i) (IP: 213.162.68.141) to connect to my mailserver (I have different network provider, so this MUST go over the internet now), and this works! netstat -np tells me: Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 10.0.0.1:143 213.162.68.141:29650 ESTABLISHED and /var/log/mail.log shows: Aug 25 00:01:26 SERVERNA;E dovecot: imap-login: Login: user=, method=PLAIN, rip=213.162.68.141, lip=10.0.0.1, mpid=24703, TLS, session= and my phone is just synching with the account... Haven't tried SMTP-ing yet... (it only cost me about 3 hours and a few hairs...) also thanx to Javier and Gedalya: The ubuntu 13.04 server installation does not have a firewall enabled (I guess this is typical for ubuntu), at least "sudo iptables -L -n" shows for INPUT, FORWARD and OUTPUT: policy ACCEPT. route -n shows: Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.138 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 which is ok, I guess. -- View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-OK-for-intranet-not-OK-for-external-IPs-tp44051p44053.html Sent from the Dovecot mailing list archive at Nabble.com. From stan at hardwarefreak.com Sun Aug 25 01:31:54 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Sat, 24 Aug 2013 17:31:54 -0500 Subject: [Dovecot] dovecot OK for intranet, not OK for external IPs In-Reply-To: <521923BB.8050801@gmx.at> References: <521923BB.8050801@gmx.at> Message-ID: <5219345A.3060301@hardwarefreak.com> On 8/24/2013 4:20 PM, Sulla wrote: > I've got a dovecot IMAP server running (TLS, port 149) on Ubuntu 13.04 > server behind a DSL router. The mailserver's IP is 10.0.0.1 ... > However, when I connect to my mailserver through the internet (from > 10.196.124.7 which is a modem of my ISP), dovecot ignores the > authentication request. It does nothing. Just nothing. Basic IP networking problem. Your ISP is using the RFC 1918 class A private address space for its customers because it apparently has too little routable public space. Adding insult to injury you have configured the same class A subnet 10.x.x.x on the LAN segment of a consumer DSL "router" which is not an IP *router* at all. It is a Network Address Translation device. You're telling it to translate 10/8 to 10/8 which is impossible. The solution? Simple. You must use one of the other two RFC 1918 private address spaces on the LAN segment of your NAT'ing DSL modem. Here are all three. Pick one that is not 10/8. Hint, most people use 192.168/16 because the subnet masking is easier to remember, and because few people have more than 256 devices on their home network. 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) -- Stan From dovecot at pyropus.ca Sun Aug 25 21:09:46 2013 From: dovecot at pyropus.ca (C. Mills) Date: Sun, 25 Aug 2013 12:09:46 -0600 Subject: [Dovecot] Developer docs? Message-ID: <20130825180946.GB31739@pyropus.ca> Hi, I'm looking to modify Dovecot slightly to add support for a custom feature. I've spent some time reading the code, and I've been wondering if there are any contributor/developer documents I've missed that would make getting up to speed easier. I've read much of the code, and most of the wiki, including the Design/* and /*Process pages. They give a good summary of some of the design decisions, but I don't see much other than that. The docs included in the tarball are just dumps of the wiki pages. I've browsed some of the list archives as well, without finding much to help me. Are there other resources I've missed? What I'm trying to do requires passing some additional information/state from the imap-login process (presumably through the master) to the imap mail process. Any pointers much appreciated! Thanks, C. -- ----------------------------------------------------------------------- C. Mills ----------------------------------------------------------------------- From tss at iki.fi Sun Aug 25 21:47:07 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 25 Aug 2013 21:47:07 +0300 Subject: [Dovecot] Developer docs? In-Reply-To: <20130825180946.GB31739@pyropus.ca> References: <20130825180946.GB31739@pyropus.ca> Message-ID: On 25.8.2013, at 21.09, C. Mills wrote: > I'm looking to modify Dovecot slightly to add support for a custom feature. > I've spent some time reading the code, and I've been wondering if there are > any contributor/developer documents I've missed that would make getting up to > speed easier. > > I've read much of the code, and most of the wiki, including the Design/* and > /*Process pages. They give a good summary of some of the design decisions, > but I don't see much other than that. The docs included in the tarball are > just dumps of the wiki pages. > > I've browsed some of the list archives as well, without finding much to help > me. > > Are there other resources I've missed? Nope. Maybe the docs will increase some day when there's more time and developers. > What I'm trying to do requires passing > some additional information/state from the imap-login process (presumably > through the master) to the imap mail process. Any pointers much appreciated! See how imap-login/client-authenticate.c imap_client_auth_begin() sends the command tag to imap process. Or if it's something all login processes need you could modify struct master_auth_request directly. From dovecot at pyropus.ca Sun Aug 25 22:20:44 2013 From: dovecot at pyropus.ca (C. Mills) Date: Sun, 25 Aug 2013 13:20:44 -0600 Subject: [Dovecot] Developer docs? In-Reply-To: References: <20130825180946.GB31739@pyropus.ca> Message-ID: <20130825192044.GA31857@pyropus.ca> Timo Sirainen wrote: > On 25.8.2013, at 21.09, C. Mills wrote: > > > > Are there other resources I've missed? > > Nope. Maybe the docs will increase some day when there's more time and > developers. It's a real chicken-and-egg problem, that's for sure. > See how imap-login/client-authenticate.c imap_client_auth_begin() sends the > command tag to imap process. Or if it's something all login processes need > you could modify struct master_auth_request directly. Okay, thanks for the pointer. /me continues digging C. -- ----------------------------------------------------------------------- C. Mills ----------------------------------------------------------------------- From janfrode at tanso.net Sun Aug 25 16:37:48 2013 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Sun, 25 Aug 2013 15:37:48 +0200 Subject: [Dovecot] mdbox - healthy rotation size vs default In-Reply-To: <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <521752D1.9060808@Media-Brokers.com> <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> Message-ID: <20130825133748.GA18806@mushkin.tanso.net> On Sat, Aug 24, 2013 at 10:47:56AM +0200, Michael Grimm wrote: > > I am running "mdbox_rotate_size = 100m" for approx. a year now on > a small server (a handful of users, only). All mailboxes are around > 1G each with a lot of attachments. I never had an issue so far. How much space are your mdboxes using, compared to to quota usage? I.e. how much space is wasted on deleted messages? (not sure this will be easy to measure, because of compression..) -jf From janfrode at tanso.net Fri Aug 23 11:30:42 2013 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Fri, 23 Aug 2013 10:30:42 +0200 Subject: [Dovecot] Dovecot tuning for GFS2 In-Reply-To: <5216C194.50606@hardwarefreak.com> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> Message-ID: <20130823083042.GA5526@mushkin.tanso.net> On Thu, Aug 22, 2013 at 08:57:40PM -0500, Stan Hoeppner wrote: > > > 130m to 18m is 'only' a 7 fold decrease. 18m inodes is still rather > large for any filesystem, cluster or local. A check on an 18m inode XFS > filesystem, even on fast storage, would take quite some time. I'm sure > it would take quite a bit longer to check a GFS2 with 18m inodes. We use GPFS, not GFS2. Luckily we've never needed to run fsck on it, but it has support for online fsck so hopefully it would be bareable (but please, lets not talk about such things, knock on wood). > Any reason you didn't go a little larger with your mdbox rotation > size? Just that we didn't see any clear recommendation/documentation for why one would want to switch from the default 2MB. 2 MB should already be packing 50-100 messages/file, so why are we only seeing 7x decrease in number of files.. Hmm, I see the m-files isn't really utilizing 2 MB. Looking at my own mdbox-storage I see 59 m-files, using a total of 34MB (avg. 576KB/file)-- with sizes ranging from ~100 KB to 2 MB. Checking our quarantine mailbox I see 3045 files, using 2.6GB (avg. 850KB/file). Guess I should look into changing to a larger rotation size. BTW, what happens if I change the mdbox_rotate_size from 2MB to 10MB? Will all the existing 2MB m-files grow to 10MB, or is it just new m-files that will use this new size? Can I get dovecot to migrate out of the 2MB files, and reorganize to 10MB files ? -jf From stan at hardwarefreak.com Mon Aug 26 01:11:13 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Sun, 25 Aug 2013 17:11:13 -0500 Subject: [Dovecot] Dovecot tuning for GFS2 In-Reply-To: <20130823083042.GA5526@mushkin.tanso.net> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <20130823083042.GA5526@mushkin.tanso.net> Message-ID: <521A8101.8080903@hardwarefreak.com> On 8/23/2013 3:30 AM, Jan-Frode Myklebust wrote: > On Thu, Aug 22, 2013 at 08:57:40PM -0500, Stan Hoeppner wrote: >> 130m to 18m is 'only' a 7 fold decrease. 18m inodes is still rather >> large for any filesystem, cluster or local. A check on an 18m inode XFS >> filesystem, even on fast storage, would take quite some time. I'm sure >> it would take quite a bit longer to check a GFS2 with 18m inodes. > > We use GPFS, not GFS2. Understood. But it makes little difference. None of the cluster filesystems perform very well with high metadata workloads or extremely high inode counts, whether using OCFS, GFS, GPFS, CXFS, etc. > Luckily we've never needed to run fsck on it, but > it has support for online fsck so hopefully it would be bareable (but > please, lets not talk about such things, knock on wood). I'm not that familiar with the GPFS tools. It may be able to run an online check but I'd bet you have to unmount it to do a destructive repair, as with most filesystems, cluster or not. >> Any reason you didn't go a little larger with your mdbox rotation >> size? > > Just that we didn't see any clear recommendation/documentation for > why one would want to switch from the default 2MB. 2 MB should already > be packing 50-100 messages/file, so why are we only seeing 7x decrease > in number of files.. ... > Hmm, I see the m-files isn't really utilizing 2 MB. > Looking at my own mdbox-storage I see 59 m-files, using a total of 34MB > (avg. 576KB/file)-- with sizes ranging from ~100 KB to 2 MB. Checking our > quarantine mailbox I see 3045 files, using 2.6GB (avg. 850KB/file). Apparently 2MB is approximate. I'd guess if a new msg comes in that'll put the m-file over the limit, the file is closed, a new one started, and the new mail goes into the new file, leaving the current (previous) file at less that the rotate size limit. Timo will need to give the definitive answer. > Guess I should look into changing to a larger rotation size. > > BTW, what happens if I change the mdbox_rotate_size from 2MB to 10MB? > Will all the existing 2MB m-files grow to 10MB, or is it just new > m-files that will use this new size? Can I get dovecot to migrate out of > the 2MB files, and reorganize to 10MB files ? I'd guess existing m-files will remain as they are. The rotation logic acts on the currently open and not yet full file. This is a serial operation, only forward, not back. Again, Timo should have a definitive answer. -- Stan From kremels at kreme.com Mon Aug 26 02:42:26 2013 From: kremels at kreme.com (LuKreme) Date: Sun, 25 Aug 2013 17:42:26 -0600 Subject: [Dovecot] Disabled pop3-login Message-ID: <46A9E6FC-9D9E-4654-82FE-87FADC4459B9@kreme.com> In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3): # doveconf -n # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE i386 auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN disable_plaintext_auth = no first_valid_uid = 89 log_path = /var/log/dovecot login_log_format_elements = user=<%u> %r %m %c mail_location = maildir:~/Maildir mail_max_userip_connections = 50 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox NotJunk { auto = subscribe } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } ssl_cert = , method=PLAIN, rip=74.95.82.150, lip=75.148.117.93, session=<+VcroT7kUgBKX1KW> dovecot:Aug 18 14:26:10 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=, method=PLAIN, rip=74.95.82.150, lip=75.148.117.93, session= dovecot:Aug 18 14:26:13 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=, method=PLAIN, rip=74.95.82.150, lip=75.148.117.93, session= dovecot:Aug 18 14:26:15 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=, method=PLAIN, rip=74.95.82.150, lip=75.148.117.91, session= dovecot:Aug 18 14:26:16 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=, method=PLAIN, rip=74.95.82.150, lip=75.148.117.93, session= dovecot:Aug 18 14:26:18 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=, method=PLAIN, rip=74.95.82.150, lip=75.148.117.91, session=<5oPcoT7ktABKX1KW> Yes, I need to install fail2ban or something on this new machine, but still... -- Mom: There was more than one lobster present at the birth of Jesus? Daughter: Duh. From kremels at kreme.com Mon Aug 26 02:43:22 2013 From: kremels at kreme.com (LuKreme) Date: Sun, 25 Aug 2013 17:43:22 -0600 Subject: [Dovecot] commented lines still active Message-ID: <035D6FAF-4D64-4EFF-AC99-527E2167598A@kreme.com> despite the manage sieve lines on dovecot.conf being currently commented out show as active in doveconf -n # cd /usr/local/etc/dovecot/ # grep -ir sieve . ./dovecot.conf:#managesieve_notify_capability = mailto ./dovecot.conf:#managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave ? -- 'You know me,' said Rincewind. 'Just when I'm getting a grip on something Fate comes along and jumps on my fingers.' --Interesting Times From h.reindl at thelounge.net Mon Aug 26 03:00:50 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 26 Aug 2013 02:00:50 +0200 Subject: [Dovecot] Disabled pop3-login In-Reply-To: <46A9E6FC-9D9E-4654-82FE-87FADC4459B9@kreme.com> References: <46A9E6FC-9D9E-4654-82FE-87FADC4459B9@kreme.com> Message-ID: <521A9AB2.6060406@thelounge.net> Am 26.08.2013 01:42, schrieb LuKreme: > In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3) but you do not have it disabled protocols = imap -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From dovecot-list at mohtex.net Mon Aug 26 03:46:36 2013 From: dovecot-list at mohtex.net (Tamsy) Date: Mon, 26 Aug 2013 07:46:36 +0700 Subject: [Dovecot] Disabled pop3-login In-Reply-To: <46A9E6FC-9D9E-4654-82FE-87FADC4459B9@kreme.com> References: <46A9E6FC-9D9E-4654-82FE-87FADC4459B9@kreme.com> Message-ID: <521AA56C.8050302@mohtex.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 LuKreme wrote the following on 26.08.2013 06:42: > In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3): > > # doveconf -n > # 2.2.5: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 9.1-RELEASE i386 > auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN > disable_plaintext_auth = no > first_valid_uid = 89 > log_path = /var/log/dovecot > login_log_format_elements = user=<%u> %r %m %c > mail_location = maildir:~/Maildir > mail_max_userip_connections = 50 > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > auto = subscribe > special_use = \Junk > } > mailbox NotJunk { > auto = subscribe > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > driver = pam > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0666 > } > } > service imap-login { > inet_listener imaps { > port = 993 > ssl = yes > } > } > ssl_cert = ssl_key = userdb { > driver = passwd > } > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > default_fields = uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u > driver = sql > } > > but I see thousands (tens of thousands) of > > dovecot:Aug 18 14:26:06 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=, method=PLAIN, rip=74.95.82.150, lip=75.148.117.93, session=<+VcroT7kUgBKX1KW> > dovecot:Aug 18 14:26:10 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=, method=PLAIN, rip=74.95.82.150, lip=75.148.117.93, session= > dovecot:Aug 18 14:26:13 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=, method=PLAIN, rip=74.95.82.150, lip=75.148.117.93, session= > dovecot:Aug 18 14:26:15 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=, method=PLAIN, rip=74.95.82.150, lip=75.148.117.91, session= > dovecot:Aug 18 14:26:16 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=, method=PLAIN, rip=74.95.82.150, lip=75.148.117.93, session= > dovecot:Aug 18 14:26:18 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=, method=PLAIN, rip=74.95.82.150, lip=75.148.117.91, session=<5oPcoT7ktABKX1KW> > > Yes, I need to install fail2ban or something on this new machine, but still... > > Besides of the above, if you are not going to use POP3 at all I would close port 110 and port 995 with DROP to let to go these accesses to nowhere. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iQEcBAEBAgAGBQJSGqVsAAoJEKYXVM1dyOfZYEIH+wT//iSbLbn7mwruVTm7N7vC G4NIUduFeW/s+zFJ+36QwPHG+gGnSM0uDk0upfeytjh0IMh0ADRZGhKQ/A3wnQy+ qNsu1Cvy5GsBag1mi4gJndJoPPZe8JAMaHncbm6lAN3s5wDFGtqyT7V/4BYUSsmV NkeWayP/r6NK9LCKsV2jnxJvdSyn20iiViMRYWRqNViPyvmlUKEpkjSqbGhDPpv4 DYCKBx1DO17j2S2nbpeqYEuQoZNkHVWi10UzLBFt05Ubt0AIMMIGcTOcPzZftn5a UL1d8M7JvGDd50u9B4/Xh8zdr8PKZT05kpPqMe0rVDNkwHpUe9Se/oyfXNwU2tk= =rKgv -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x5DC8E7D9.asc Type: application/pgp-keys Size: 1733 bytes Desc: not available URL: From h.reindl at thelounge.net Mon Aug 26 03:56:21 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 26 Aug 2013 02:56:21 +0200 Subject: [Dovecot] Disabled pop3-login In-Reply-To: <521AA56C.8050302@mohtex.net> References: <46A9E6FC-9D9E-4654-82FE-87FADC4459B9@kreme.com> <521AA56C.8050302@mohtex.net> Message-ID: <521AA7B5.5020102@thelounge.net> Am 26.08.2013 02:46, schrieb Tamsy: > LuKreme wrote the following on 26.08.2013 06:42: >> In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3): as said already, it's one line in dovecot.conf protocols = imap > Besides of the above, if you are not going to use POP3 at all I would > close port 110 and port 995 with DROP to let to go these accesses to > nowhere besides the fact that unused services should not listen at all this advice in case of firewalls is wrong - close *any* port as default and open *only* the one you are using not the other direction DROP specific ones you do not want frankly, there are 65535 possible ports -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From dovecot-list at mohtex.net Mon Aug 26 04:12:14 2013 From: dovecot-list at mohtex.net (Tamsy) Date: Mon, 26 Aug 2013 08:12:14 +0700 Subject: [Dovecot] Disabled pop3-login In-Reply-To: <521AA7B5.5020102@thelounge.net> References: <46A9E6FC-9D9E-4654-82FE-87FADC4459B9@kreme.com> <521AA56C.8050302@mohtex.net> <521AA7B5.5020102@thelounge.net> Message-ID: <521AAB6E.9040909@mohtex.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reindl Harald wrote the following on 26.08.2013 07:56: > > > Am 26.08.2013 02:46, schrieb Tamsy: >> LuKreme wrote the following on 26.08.2013 06:42: >>> In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3): > > as said already, it's one line in dovecot.conf > protocols = imap > >> Besides of the above, if you are not going to use POP3 at all I would >> close port 110 and port 995 with DROP to let to go these accesses to >> nowhere > > besides the fact that unused services should not listen at all > this advice in case of firewalls is wrong - close *any* port > as default and open *only* the one you are using > > not the other direction DROP specific ones you do not want > > frankly, there are 65535 possible ports > > > Reindl is correct like almost always. But isn't it the basics anyway when going for IPtables, to drop all at first and open one by one as needed? Obviously LuKreme has at least port left 110 open and what I ment is to close it right away to let these thousands (tens of thousands) accesses to go nowhere.... -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iQEcBAEBAgAGBQJSGqtuAAoJEKYXVM1dyOfZvKYH/2MSgMAyq6hyt1g8SmEkdVpC XL4SYjg2Fj0TYo6NjMSUTo7FWwz+8rO3cvqKeoMUzv4vwzzdHnG52LVRq71NrwwY nbL1IKN/HsQp7SfF9Gy+H5l9tkTiXrPZU6/6Ku0DQ7JtLCsi6Q0KP9+66ZnW+uqH T82Z0KlJDVizFxeSPb4MiNmIj/AaOe+brFX8iXisXuSG4toZFkL2VtWaVYsIW3+V +9ao+8mw4IJt/9F9t40YUsINqokWkbhG5VZKdln93lUd4m/+LbTUPwEMG+PAsmHE MoysHKbmBniPvLvIlj7oNIeZROYuxSm1fndHlXewlq/vD/Qt9TBHYN3S/UmtN3I= =IuF8 -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x5DC8E7D9.asc Type: application/pgp-keys Size: 1733 bytes Desc: not available URL: From kremels at kreme.com Mon Aug 26 07:43:45 2013 From: kremels at kreme.com (LuKreme) Date: Sun, 25 Aug 2013 22:43:45 -0600 Subject: [Dovecot] Disabled pop3-login In-Reply-To: <521A9AB2.6060406@thelounge.net> References: <46A9E6FC-9D9E-4654-82FE-87FADC4459B9@kreme.com> <521A9AB2.6060406@thelounge.net> Message-ID: On 25 Aug 2013, at 18:00 , Reindl Harald wrote: > Am 26.08.2013 01:42, schrieb LuKreme: >> In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3) > > but you do not have it disabled > > protocols = imap First, that is imap. Second, the string "pop3" does not appear anywhere in the output of dovecot.conf. Third, there is no protocols line in dovecot.conf either. Are you saying that to DISABLE pop3-login I have to ENABLE IMAP specifically even though IMAP already works fine? -- FRIDAYS ARE NOT "PANTS OPTIONAL" Bart chalkboard Ep. AABF23 From gedalya at gedalya.net Mon Aug 26 09:28:02 2013 From: gedalya at gedalya.net (Gedalya) Date: Mon, 26 Aug 2013 02:28:02 -0400 Subject: [Dovecot] Disabled pop3-login In-Reply-To: References: <46A9E6FC-9D9E-4654-82FE-87FADC4459B9@kreme.com> <521A9AB2.6060406@thelounge.net> Message-ID: <521AF572.3080607@gedalya.net> On 08/26/2013 12:43 AM, LuKreme wrote: > On 25 Aug 2013, at 18:00 , Reindl Harald wrote: > >> Am 26.08.2013 01:42, schrieb LuKreme: >>> In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3) >> but you do not have it disabled >> >> protocols = imap > First, that is imap. Second, the string "pop3" does not appear anywhere in the output of dovecot.conf. Third, there is no protocols line in dovecot.conf either. > > Are you saying that to DISABLE pop3-login I have to ENABLE IMAP specifically even though IMAP already works fine? > It sounds like that's exactly what he's saying. All dovecot configuration values have defaults. Reindl is saying that the default for protocols includes pop3, and your experience seems to prove he's right. If you do set that configuration item, it will include only what you specify. From AxelLuttgens at swing.be Mon Aug 26 09:48:51 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Mon, 26 Aug 2013 08:48:51 +0200 Subject: [Dovecot] commented lines still active In-Reply-To: <035D6FAF-4D64-4EFF-AC99-527E2167598A@kreme.com> References: <035D6FAF-4D64-4EFF-AC99-527E2167598A@kreme.com> Message-ID: <9DBD7A8C-2169-4A67-9E3A-A1E89994DBCF@swing.be> Le 26 ao?t 2013 ? 01:43, LuKreme a ?crit : > despite the manage sieve lines on dovecot.conf being currently commented out show as active in doveconf -n > > [...] Does your dovecot.conf include other config files? Axel From AxelLuttgens at swing.be Mon Aug 26 09:58:15 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Mon, 26 Aug 2013 08:58:15 +0200 Subject: [Dovecot] Disabled pop3-login In-Reply-To: References: <46A9E6FC-9D9E-4654-82FE-87FADC4459B9@kreme.com> <521A9AB2.6060406@thelounge.net> Message-ID: <2DF6239A-CAF3-4AB7-97D8-77EBACBB7CAF@swing.be> Le 26 ao?t 2013 ? 06:43, LuKreme a ?crit : > [...] > First, that is imap. Second, the string "pop3" does not appear anywhere in the output of dovecot.conf. Third, there is no protocols line in dovecot.conf either. > > Are you saying that to DISABLE pop3-login I have to ENABLE IMAP specifically even though IMAP already works fine? Hello, You have to override the defaults currently in use. In the case of setting "protocols", which you haven't changed as shown by the output of "doveconf -n", you should see something like this: $ doveconf protocols protocols = imap pop3 lmtp Axel From stephan at rename-it.nl Mon Aug 26 10:41:27 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 26 Aug 2013 09:41:27 +0200 Subject: [Dovecot] commented lines still active In-Reply-To: <035D6FAF-4D64-4EFF-AC99-527E2167598A@kreme.com> References: <035D6FAF-4D64-4EFF-AC99-527E2167598A@kreme.com> Message-ID: <521B06A7.8000200@rename-it.nl> On 8/26/2013 1:43 AM, LuKreme wrote: > despite the manage sieve lines on dovecot.conf being currently commented out show as active in doveconf -n > > # cd /usr/local/etc/dovecot/ > # grep -ir sieve . > ./dovecot.conf:#managesieve_notify_capability = mailto > ./dovecot.conf:#managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave These settings are automatically generated if not set explicitly. What is your problem exactly? Regards, Stephan. From liuyingying5496 at 126.com Mon Aug 26 11:05:50 2013 From: liuyingying5496 at 126.com (=?GBK?B?wfXTqNOo?=) Date: Mon, 26 Aug 2013 16:05:50 +0800 (CST) Subject: [Dovecot] A question of imap timeout exit Message-ID: <50e9ea2.19e2f.140b9a84f7c.Coremail.liuyingying5496@126.com> hello: I have a question on imap process: if a client connect to dovecot like foxmail(version 10) , dovecot will start at least 3 imap processes , and these imap processes will online until client logout , if the client not logout ,the imap process will always online. this is similar to the long connection and imap's auto logout timer is not effect in this case. now I have two questions: 1: if there are a large number of users online at the same time ( eg about 30 000 users): so dovecot should shart at least 30 000 * 3 imap processes, if user not logout ,so many processes are online all the time .this is terrible. I dot'n know if there is a solution ?? now I have changed the timeout = 2min and test ,dovecot active disconnected imap process ,but I don't think this is a appropriate option. 2: I want to know why auto logout timer duration of IMAP protocol must be not less than 30 minuters ?? My English is not vary good ,I'm sorry but I really want to know the answer . thanks From h.reindl at thelounge.net Mon Aug 26 11:57:24 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 26 Aug 2013 10:57:24 +0200 Subject: [Dovecot] Disabled pop3-login In-Reply-To: References: <46A9E6FC-9D9E-4654-82FE-87FADC4459B9@kreme.com> <521A9AB2.6060406@thelounge.net> Message-ID: <521B1874.2090707@thelounge.net> Am 26.08.2013 06:43, schrieb LuKreme: > On 25 Aug 2013, at 18:00 , Reindl Harald wrote: > >> Am 26.08.2013 01:42, schrieb LuKreme: >>> In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3) >> >> but you do not have it disabled >> >> protocols = imap > > First, that is imap i know that, dovecot knows that but protocols lists *all* enabled and if you only enable imap then you have only imap > Second, the string "pop3" does not appear anywhere in the output of dovecot.conf so what - but it appears in the *defaults* because you hardly would be able to get software like dovecot or postfix running at all if you would need to write *every* config line in the config with correct values [root at srv-rhsoft:~]$ doveconf -d | grep protocols protocols = imap pop3 lmtp ssl_protocols = !SSLv2 [root at srv-rhsoft:~]$ doveconf -n | grep protocols protocols = imap -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From pbraun at nethence.com Mon Aug 26 15:50:54 2013 From: pbraun at nethence.com (Pierre-Philipp Braun) Date: Mon, 26 Aug 2013 14:50:54 +0200 Subject: [Dovecot] local AND virtual mail locations ? Message-ID: <521B4F2E.9070908@nethence.com> Hi, I would like to use Dovecot not only for virtual mboxes, but also for local users. In other words, I would like to use different "mail_location"s depending on "passdb" "passwd-file" versus "passwd". I need that as the smtp daemon I am using (david parsons' postoffice smtp server) serves both but is only able to process messages through procmail on local users. Here are the two mail_locations I would like to use: mail_location: mbox:~/mail/:INBOX=/var/mail/%u mail_location: mbox:/var/spool/virtual/%d/%n.imap:INBOX=/var/spool/virtual/%d/%n depending on those passdb stanzas, respectively: passdb passwd-file { args = username_format=%n /etc/virtual/%d/passwd } passdb passwd { } Any help would be appreciated. Here's my Dovecot version and current working configuration for virtual users only: # dovecot -n dovecot -n # 1.2.17: /usr/local/etc/dovecot.conf # OS: FreeBSD 8.3-RELEASE amd64 ufs protocols: imap ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login first_valid_uid: 6 first_valid_gid: 6 mail_location: mbox:/var/spool/virtual/%d/%n.imap:INBOX=/var/spool/virtual/%d/%n imap_client_workarounds: tb-extra-mailbox-sep auth default: user: mail passdb: driver: passwd-file args: username_format=%n /etc/virtual/%d/passwd userdb: driver: static args: uid=6 gid=6 I find that first_valid_uid and first_valid_gid don't look pretty but it seems mandatory for the standard 'mail' user and group ownerships to work on the virtual mbox files and folders. I created the user while the group already existed. If you have any advices on that too, I would be pleased. Thanks Pierre-Philipp From rob0 at gmx.co.uk Mon Aug 26 15:53:38 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 26 Aug 2013 07:53:38 -0500 Subject: [Dovecot] Disabled pop3-login In-Reply-To: <521AF572.3080607@gedalya.net> References: <46A9E6FC-9D9E-4654-82FE-87FADC4459B9@kreme.com> <521A9AB2.6060406@thelounge.net> <521AF572.3080607@gedalya.net> Message-ID: <20130826125338.GI13717@harrier.slackbuilds.org> On Mon, Aug 26, 2013 at 02:28:02AM -0400, Gedalya wrote: > On 08/26/2013 12:43 AM, LuKreme wrote: > >On 25 Aug 2013, at 18:00 , Reindl Harald > >wrote: > >>Am 26.08.2013 01:42, schrieb LuKreme: > >>>In my dovecot.conf I do not have pop3-login anabled (since I do > >>>not support pop3) > >>but you do not have it disabled > >> > >>protocols = imap > >First, that is imap. Second, the string "pop3" does not appear > >anywhere in the output of dovecot.conf. Third, there is no > >protocols line in dovecot.conf either. > > > >Are you saying that to DISABLE pop3-login I have to ENABLE IMAP > >specifically even though IMAP already works fine? > > > It sounds like that's exactly what he's saying. > All dovecot configuration values have defaults. Reindl is saying > that the default for protocols includes pop3, and your experience > seems to prove he's right. If you do set that configuration item, > it will include only what you specify. The original "doveconf -n" in the OP indicated that managesieve is desired, so that should also be in the protocols line: protocols = imap sieve -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From nosratien at yahoo.com Sun Aug 25 14:33:49 2013 From: nosratien at yahoo.com (mehrdad nosrati) Date: Sun, 25 Aug 2013 04:33:49 -0700 (PDT) Subject: [Dovecot] Dovecot auth error In-Reply-To: <1377429928.22494.YahooMailNeo@web163002.mail.bf1.yahoo.com> References: <1377429928.22494.YahooMailNeo@web163002.mail.bf1.yahoo.com> Message-ID: <1377430429.94373.YahooMailNeo@web163004.mail.bf1.yahoo.com> Greeting I'm newbie to Squirrelmail and just installed Dovecot in CentOS6.3. When I try to login to the Squirrelmail, then I get the following error: ?auth: Info: passwd(myusername at myserver.com): unknown user my config file is as follow: # /usr/bin/doveconf -n -c /etc/dovecot/dovecot.conf # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.el6.x86_64 x86_64 CentOS release 6.3 (Final) auth_debug = yes auth_mechanisms = plain login auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no info_log_path = /var/log/dovecot-deliver.log log_path = /var/log/dovecot-deliver.log mail_debug = yes mail_location = maildir:~/MaIL mbox_write_locks = fcntl passdb { ? driver = passwd } service auth { ? unix_listener /var/spool/postfix/private/auth { ? ? group = postfix ? ? mode = 0666 ? ? user = postfix ? } } ssl_cert = References: <521B4F2E.9070908@nethence.com> Message-ID: <20130826131702.GJ13717@harrier.slackbuilds.org> On Mon, Aug 26, 2013 at 02:50:54PM +0200, Pierre-Philipp Braun wrote: > I would like to use Dovecot not only for virtual mboxes, but also for > local users. In other words, I would like to use different > "mail_location"s depending on "passdb" "passwd-file" versus "passwd". I believe that the default mail_location would be overridden by userdb, not passdb. > I need that as the smtp daemon I am using (david parsons' postoffice > smtp server) serves both but is only able to process messages through > procmail on local users. Here are the two mail_locations I would > like to use: > > mail_location: mbox:~/mail/:INBOX=/var/mail/%u > mail_location: > mbox:/var/spool/virtual/%d/%n.imap:INBOX=/var/spool/virtual/%d/%n This exercise becomes trivial when you follow the advice of the Dovecot wiki and give your virtual users a $HOME. (Well, to be simple, you'd also have to have INBOX in $HOME. An alternative is to specify INBOX for virtual users in your virtual userdb.) > depending on those passdb stanzas, respectively: > > passdb passwd-file { > args = username_format=%n /etc/virtual/%d/passwd > } > > passdb passwd { > } > > Any help would be appreciated. > > Here's my Dovecot version and current working configuration for > virtual users only: > > # dovecot -n > dovecot -n > # 1.2.17: /usr/local/etc/dovecot.conf Very old! Consider an upgrade to 2.2. > # OS: FreeBSD 8.3-RELEASE amd64 ufs > protocols: imap > ssl: no > disable_plaintext_auth: no Hmmm, plaintext AUTH without TLS/SSL could be dangerous. If a spammer can get in a position to sniff those credentials, you could be inundated with spam to relay. > login_dir: /var/run/dovecot/login > login_executable: /usr/local/libexec/dovecot/imap-login > first_valid_uid: 6 > first_valid_gid: 6 > mail_location: > mbox:/var/spool/virtual/%d/%n.imap:INBOX=/var/spool/virtual/%d/%n > imap_client_workarounds: tb-extra-mailbox-sep > auth default: > user: mail > passdb: > driver: passwd-file > args: username_format=%n /etc/virtual/%d/passwd > userdb: > driver: static > args: uid=6 gid=6 > > I find that first_valid_uid and first_valid_gid don't look > pretty but it seems mandatory for the standard 'mail' user and > group ownerships to work on the virtual mbox files and folders. > I created the user while the group already existed. If you > have any advices on that too, I would be pleased. There is no "standard" UID/GID for virtual mailboxes. In fact there is no need to have them all share the same UID/GID. But on a shared UID/GID virtual system, typically you should set a higher UID/GID such that you exclude all the system accounts (<100 or <500 or maybe <1000 depending on OS. If your OS starts human user accounts at UID 1000, UID 999 would be a good choice for virtual mailbox owner, with that as first_valid_uid also.) -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From gedalya at gedalya.net Mon Aug 26 16:25:33 2013 From: gedalya at gedalya.net (Gedalya) Date: Mon, 26 Aug 2013 09:25:33 -0400 Subject: [Dovecot] A question of imap timeout exit In-Reply-To: <50e9ea2.19e2f.140b9a84f7c.Coremail.liuyingying5496@126.com> References: <50e9ea2.19e2f.140b9a84f7c.Coremail.liuyingying5496@126.com> Message-ID: <521B574D.9040102@gedalya.net> On 08/26/2013 04:05 AM, ??? wrote: > hello: > I have a question on imap process: > if a client connect to dovecot like foxmail(version 10) , dovecot will start at least 3 imap processes , and these imap processes will online until client logout , if the client not logout ,the imap process will always online. this is similar to the long connection and imap's auto logout timer is not effect in this case. Try to set: verbose_proctitle = yes in your config. This will let you see why each process is open. Also read this http://wiki2.dovecot.org/LoginProcess and make sure you're using "High-performance mode", or basically service_count = 0 for imap-login. > now I have two questions: > 1: if there are a large number of users online at the same time ( eg about 30 000 users): so dovecot should shart at least 30 000 * 3 imap processes, if user not logout ,so many processes are online all the time .this is terrible. I dot'n know if there is a solution ?? > now I have changed the timeout = 2min and test ,dovecot active disconnected imap process ,but I don't think this is a appropriate option. A process is kept open on the server only if the client keeps a connection open. This is the client's choice. A non-malicious client does not keep a connection open without a reason. The most common reason is that they are using the IDLE command. In simpler words, every process exists because it's serving an active client, these are not wasted processes that dovecot forgot to kill because the client forgot to log out. > > 2: I want to know why auto logout timer duration of IMAP protocol must be not less than 30 minuters ?? That was actually discussed here before.. maybe someone wants to comment on that again. But either way. If you actually have 30,000 users, you will not likely have 90,000 processes. Every mail client behaves completely differently. Many do just connect on a fixed interval and disconnect immediately if there is no new mail. Others will keep a certain number of open connections, one for each folder being monitored. Actual memory utilization for each process can be around 500-800 KB, or tens of megabytes for large mailboxes. > > My English is not vary good ,I'm sorry but I really want to know the answer . > thanks > From rob0 at gmx.co.uk Mon Aug 26 16:26:45 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 26 Aug 2013 08:26:45 -0500 Subject: [Dovecot] Dovecot auth error In-Reply-To: <1377430429.94373.YahooMailNeo@web163004.mail.bf1.yahoo.com> References: <1377429928.22494.YahooMailNeo@web163002.mail.bf1.yahoo.com> <1377430429.94373.YahooMailNeo@web163004.mail.bf1.yahoo.com> Message-ID: <20130826132644.GK13717@harrier.slackbuilds.org> On Sun, Aug 25, 2013 at 04:33:49AM -0700, mehrdad nosrati wrote: > I'm newbie to Squirrelmail and just installed Dovecot in > CentOS6.3. When I try to login to the Squirrelmail, then I get > the following error: > > ?auth: Info: passwd(myusername at myserver.com): unknown user http://wiki2.dovecot.org/QuickConfiguration#Authentication For system/PAM users, typically you'd also tell your MUA (Squirrelmail here) to omit the @domain from the username. > my config file is as follow: > > # /usr/bin/doveconf -n -c /etc/dovecot/dovecot.conf > > > # 2.0.9: /etc/dovecot/dovecot.conf -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From leolistas at solutti.com.br Mon Aug 26 17:49:50 2013 From: leolistas at solutti.com.br (Leonardo Rodrigues) Date: Mon, 26 Aug 2013 11:49:50 -0300 Subject: [Dovecot] SMTP Proxy Message-ID: <521B6B0E.3070601@solutti.com.br> Hi, I have found a message on this mailing list dated August/2012 in which is said that dovecot could not (at least at that time) do SMTP Authentication using Proxy Features. http://www.dovecot.org/list/dovecot/2012-August/067998.html is this still true, given i'm using latest stable dovecot, v2.2.5 ? extra informations ... smtp authentication is done by postfix using: dovecot: service auth { unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } } postfix: smtpd_sasl_type = dovecot smtpd_sasl_path = /var/spool/postfix/private/auth Thanks ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, N?O mandem email gertrudes at solutti.com.br My SPAMTRAP, do not email it From rob0 at gmx.co.uk Mon Aug 26 17:58:03 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 26 Aug 2013 09:58:03 -0500 Subject: [Dovecot] SMTP Proxy In-Reply-To: <521B6B0E.3070601@solutti.com.br> References: <521B6B0E.3070601@solutti.com.br> Message-ID: <20130826145803.GL13717@harrier.slackbuilds.org> On Mon, Aug 26, 2013 at 11:49:50AM -0300, Leonardo Rodrigues wrote: > I have found a message on this mailing list dated August/2012 > in which is said that dovecot could not (at least at that time) > so SMTP Authentication using Proxy Features. > > http://www.dovecot.org/list/dovecot/2012-August/067998.html > > is this still true, given i'm using latest stable dovecot, > v2.2.5 ? I believe it is. > extra informations ... smtp authentication is done by > postfix using: A bit of extra information which might help: what is the goal? Exactly what problem are you trying to solve? You have given us nothing to go on here. > dovecot: > > service auth { > > unix_listener /var/spool/postfix/private/auth { > mode = 0660 > user = postfix > group = postfix > } > } > > > postfix: > > smtpd_sasl_type = dovecot > smtpd_sasl_path = /var/spool/postfix/private/auth -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From leolistas at solutti.com.br Mon Aug 26 18:53:20 2013 From: leolistas at solutti.com.br (Leonardo Rodrigues) Date: Mon, 26 Aug 2013 12:53:20 -0300 Subject: [Dovecot] SMTP Proxy In-Reply-To: <20130826145803.GL13717@harrier.slackbuilds.org> References: <521B6B0E.3070601@solutti.com.br> <20130826145803.GL13717@harrier.slackbuilds.org> Message-ID: <521B79F0.2@solutti.com.br> Em 26/08/13 11:58, /dev/rob0 escreveu: > On Mon, Aug 26, 2013 at 11:49:50AM -0300, Leonardo Rodrigues wrote: >> I have found a message on this mailing list dated August/2012 >> in which is said that dovecot could not (at least at that time) >> so SMTP Authentication using Proxy Features. >> >> http://www.dovecot.org/list/dovecot/2012-August/067998.html >> >> is this still true, given i'm using latest stable dovecot, >> v2.2.5 ? > I believe it is. > >> extra informations ... smtp authentication is done by >> postfix using: > A bit of extra information which might help: what is the goal? > Exactly what problem are you trying to solve? You have given us > nothing to go on here. > Well, actually i have already done a well detailed post on the dovecot mailing list some days ago explaining my whole problem, but got no answers on that. If you'd like to check it, it's archived on: http://dovecot.org/list/dovecot/2013-August/092012.html Thanks for your attention ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, N?O mandem email gertrudes at solutti.com.br My SPAMTRAP, do not email it From rob0 at gmx.co.uk Mon Aug 26 19:05:10 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 26 Aug 2013 11:05:10 -0500 Subject: [Dovecot] SMTP Proxy In-Reply-To: <521B79F0.2@solutti.com.br> References: <521B6B0E.3070601@solutti.com.br> <20130826145803.GL13717@harrier.slackbuilds.org> <521B79F0.2@solutti.com.br> Message-ID: <20130826160510.GM13717@harrier.slackbuilds.org> On Mon, Aug 26, 2013 at 12:53:20PM -0300, Leonardo Rodrigues wrote: > Em 26/08/13 11:58, /dev/rob0 escreveu: > >On Mon, Aug 26, 2013 at 11:49:50AM -0300, Leonardo Rodrigues > >wrote: > >> extra informations ... smtp authentication is done by > >> postfix using: > >A bit of extra information which might help: what is the > >goal? Exactly what problem are you trying to solve? You > >have given us nothing to go on here. > > Well, actually i have already done a well detailed post on the > dovecot mailing list some days ago explaining my whole problem, > but got no answers on that. If you'd like to check it, it's > archived on: > > http://dovecot.org/list/dovecot/2013-August/092012.html So you did. I didn't have an opinion on that at first sight, but on review, perhaps this is an idea for you: http://wiki2.dovecot.org/PasswordDatabase/IMAP It might not be relevant at all, so I posted to this thread. You should update the other thread if it helped. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From pbraun at nethence.com Mon Aug 26 19:11:08 2013 From: pbraun at nethence.com (Pierre-Philipp Braun) Date: Mon, 26 Aug 2013 18:11:08 +0200 Subject: [Dovecot] local AND virtual mail locations ? In-Reply-To: <20130826131702.GJ13717@harrier.slackbuilds.org> References: <521B4F2E.9070908@nethence.com> <20130826131702.GJ13717@harrier.slackbuilds.org> Message-ID: <521B7E1C.90002@nethence.com> Hi rob0, Quoting /dev/rob0 26/08/2013 15:17, >> mail_location: mbox:~/mail/:INBOX=/var/mail/%u >> mail_location: >> mbox:/var/spool/virtual/%d/%n.imap:INBOX=/var/spool/virtual/%d/%n > > This exercise becomes trivial when you follow the advice of the > Dovecot wiki and give your virtual users a $HOME. (Well, to be > simple, you'd also have to have INBOX in $HOME. An alternative is to > specify INBOX for virtual users in your virtual userdb.) Thank for your answer. Are you referring to the VirtualUsers page? (http://wiki.dovecot.org/VirtualUsers) Ok I tried the mbox:~/ and userdb home= trick, # dovecot -n # 1.2.17: /usr/local/etc/dovecot.conf # OS: FreeBSD 8.3-RELEASE amd64 protocols: imap ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login first_valid_uid: 6 first_valid_gid: 6 mail_privileged_group: mail mail_location: mbox:~/ imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep auth default: passdb: driver: passwd-file args: username_format=%n /etc/virtual/%d/passwd passdb: driver: passwd userdb: driver: static args: uid=mail gid=mail home=/var/spool/virtual/%d/%n.imap but I end up with the same result, everything is read from the virtual folders, namely /var/spool/virtual. How to also access local users' email? >> # 1.2.17: /usr/local/etc/dovecot.conf > > Very old! Consider an upgrade to 2.2. Well if it's the only way to get that double impact feature I need, I will! I won't upgrade today if there is no practical advantage over the 1.2 version. > Hmmm, plaintext AUTH without TLS/SSL could be dangerous. If a spammer > can get in a position to sniff those credentials, you could be > inundated with spam to relay. Yes I will deal with that some other time. >> I find that first_valid_uid and first_valid_gid don't look >> pretty but it seems mandatory for the standard 'mail' user and >> group ownerships to work on the virtual mbox files and folders. >> I created the user while the group already existed. If you >> have any advices on that too, I would be pleased. > > There is no "standard" UID/GID for virtual mailboxes. In fact there > is no need to have them all share the same UID/GID. But on a shared > UID/GID virtual system, typically you should set a higher UID/GID > such that you exclude all the system accounts (<100 or <500 or maybe > <1000 depending on OS. If your OS starts human user accounts at UID > 1000, UID 999 would be a good choice for virtual mailbox owner, with > that as first_valid_uid also.) I tried with uid 999 and even if I update the ownerships on /etc/virtual/ /var/spool/virtual /var/spool/mqueue/ (no need for /var/mail/ which get the sticky bit, here) the smtp daemon isn't able to write to the virtual mbox anymore, and I don't know why. I have searched the whole file system for relying '6' UID, nothing wrong is left. I don't see why my smtp deamon won't work once I change the UID _and_ update the file and folder ownerships. Maybe some freebsd system security which is today unknown to me. So I switched back to uid 6. From davidv at lamontanita.coop Mon Aug 26 19:15:03 2013 From: davidv at lamontanita.coop (David Varela) Date: Mon, 26 Aug 2013 10:15:03 -0600 Subject: [Dovecot] Nee assistance with migrating/copying a virtual user's maildir to another virtual user In-Reply-To: References: Message-ID: Thanks Steffen, Yes, the old Maildir contains cur and new with email in each. The manager's maildir looks like: Maildir /new /cur /tmp /.INBOX.subfolder /new /cur /tmp /.INBOX.usr_XYZ.usrFolder /new /cur /tmp /.INBOX.subfolder(s) I tried to copy OldMaildir/cur to NewMaildir/.INBOX.usr_XYZ.usrFolder/cur but the MUA generates errors that it could not update headers and the IMAP server severed the connection. In addition, the MUA does not display the subfolders for the old maildir although they are listed on the server. Thanks, David -----Original Message----- From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] Sent: Thursday, August 22, 2013 11:38 PM To: David Varela Cc: dovecot at dovecot.org Subject: Re: [Dovecot] Nee assistance with migrating/copying a virtual user's maildir to another virtual user -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 22 Aug 2013, David Varela wrote: > I tried the command provided by Steffan, however, although it runs and > moves the files beginning with . to the destination maildir other > directories and files in the previous users' maildir remained in the > original location, and messages in the new users' maildir are not visible in the client. does the old Maildir still contains new/cur folders? move them into .usr_XYZ.INBOX; Maildir/new and Maildir/cur hold the INBOX. The manager's Maildir should look like: Maildir /new /cur /tmp /.Folder1.subfolder2... /new /cur /tmp /.usr_XYZ.usrFolder /new /cur /tmp If the manager has a Maildir/.usr_XYZ.usrFolder/cur and Maildir/.usr_XYZ.usrFolder/new and at least one file is in either new or cur _and_ the manager is either displaying all folders or has usr_XYZ.usrFolder subscribed, this messages are to display in the MUA. sometimes one need to refresh the list of folders or something like that. Do the filesystem permission fit? > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] > On Behalf Of David Varela > Sent: Friday, August 16, 2013 7:13 AM > To: dovecot at dovecot.org > Subject: Re: [Dovecot] Nee assistance with migrating/copying a virtual > user's maildir to another virtual user > > Thanks Steffan, > > I will test the move at the filesystem level. > > The virtual user still exists, although I have changed her password. > Dovecot is configured to authenticate users via LDAP to Active Directory. > If there's a better method of moving maildir via Dovecot rather than > through the filesystem I would like to do so. > > Thanks, > > David > > -----Original Message----- > From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] > Sent: Friday, August 16, 2013 12:33 AM > To: David Varela > Cc: 'Dovecot Mailing List' > Subject: Re: [Dovecot] Nee assistance with migrating/copying a virtual > user's maildir to another virtual user > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 15 Aug 2013, David Varela wrote: > >> I am trying to move/copy a virtual user's maildir to another virtual >> user but am running into problems with dsync and doveadm. I'm trying >> to move the maildir of a user who is no longer with the company to a > manager's maildir. >> >> For doveadm I am using the command: > >> doveadm move -u scavenaugh at lamontanita.coop >> jhenning at lamontanita.coop/INBOX/scavenaugh INBOX ALL >> >> The error is: >> >> doveadm(scavenaugh at lamontanita.coop): Error: user >> scavenaugh at lamontanita.coop: Auth USER lookup failed >> >> /var/log/dovecot.log shows: >> >> passdb doesn't support lookups, can't verify user's existence > > The user is gone from passdb already, right? Re-create the entry with > another password or password-locked. > > Or, move the directories on filesystem level, e.g. something like: > > cd user-Maildir-basedirectory > rename 's/\A(\.[^.].*)/.usr_XYZ$1/' .[^.]* mkdir -p > .usr_XYZ.INBOX/{new,cur,tmp} touch .usr_XYZ.INBOX/maildirfolder chown > -R vmail:vmail .usr_XYZ.INBOX mv .usr_XYZ* > manage-Maildir-basedirectory > > .usr_XYZ is a prefix for a mail folder hierarchie identifying the user. > vmail:vmail are the necessary Unix owner/group for the newly created > directories with mkdir two lines above. The rename command renames all > directory entries that start with a single dot to have the prefix, > that should be directories only in a Maildir. > > - -- > Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUg3HrF3r2wJMiz2NAQL1pQf9GeIEnLfG0zkFXPJ/J2CB/wmGP4m/MCMp > BHxkRiLxXNezK4ckeliaLbpOD+NVyABc2n33tW11qav6IWrLTiGm9+A5p8TUOhfJ > wMWBNJ0TEjtTM+0EbGJlOhkQ0QFooobfc5Sl30qR02yF+vk+SkBdRpkZK7ulpSPf > 0ZtwIFF804NzMaKzZP2/SG77Z6JyW1N/TgaJ8QFtZwPrYymzD3iqtaFgoBAZqpSA > g5koZIen0wjHy905Sy+uLseAFj6UIuhVdN8eG18NibaTHRBct3rTeyWAQY8GVZLq > pPggEdUqHeTvrua5CzrL70iDbdcr29xezlvkxRueeDrGOApIprN4Mg== > =1T6x > -----END PGP SIGNATURE----- > ---------------Output of GPG------------------ Decryption of block > failed > gpg: Signature made Fri 16 Aug 2013 08:33:16 AM CEST using RSA key ID > 4C8B3D8D > gpg: BAD signature from "Steffen Kaiser " > > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUhb1G13r2wJMiz2NAQKGOQf/Ycy/V+BOwg8Rk8geK+dALq+up321E6L1 bz7yhM/NnFklEoEH4vicGguFbpa+g42yo8FO6uAO22qTPD1Zf3VQFtMJs4zQPy52 zhl+F+7DGc0g27+tVcq/dqw7GRIT0nEXweo3FfYeTPHRozfTGqj73Ec8QvtGNkeU tt8T03om8ZDjHsvC1kH3Ta5eQyqrJxOYwkttOPVj8zsg3YfNim/Ejgb9cB4bZT+s 7cP5ySlHRKDQW/UkPcQaZKVZBxumPQNdV/HfY0LuANyTc0L7/8kQ4ly7TAKoFYhY mKPIdpPF4mCkRgx8v9PfpGZ7aZnI1DwED2nQYaheWcwH1Z6DukLn1A== =UtvU -----END PGP SIGNATURE----- From leolistas at solutti.com.br Mon Aug 26 19:19:30 2013 From: leolistas at solutti.com.br (Leonardo Rodrigues) Date: Mon, 26 Aug 2013 13:19:30 -0300 Subject: [Dovecot] SMTP Proxy In-Reply-To: <20130826160510.GM13717@harrier.slackbuilds.org> References: <521B6B0E.3070601@solutti.com.br> <20130826145803.GL13717@harrier.slackbuilds.org> <521B79F0.2@solutti.com.br> <20130826160510.GM13717@harrier.slackbuilds.org> Message-ID: <521B8012.7050606@solutti.com.br> Em 26/08/13 13:05, /dev/rob0 escreveu: > Well, actually i have already done a well detailed post on the > dovecot mailing list some days ago explaining my whole problem, > but got no answers on that. If you'd like to check it, it's > archived on: > > http://dovecot.org/list/dovecot/2013-August/092012.html > So you did. > > I didn't have an opinion on that at first sight, but on review, > perhaps this is an idea for you: > > http://wiki2.dovecot.org/PasswordDatabase/IMAP > > remote authentication using IMAP ... it might work. I'll take a closer look on that and, if i can acchieve some useful configuration scenario, i'll update the other thread for archiving purposes :) thanks again ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, N?O mandem email gertrudes at solutti.com.br My SPAMTRAP, do not email it From matt at the-wyvern.net Mon Aug 26 19:50:40 2013 From: matt at the-wyvern.net (Matt Devaney) Date: Mon, 26 Aug 2013 17:50:40 +0100 Subject: [Dovecot] Received header only showing localhost Message-ID: <008601cea27c$65eba6f0$31c2f4d0$@the-wyvern.net> Hi all, I?m a new dovecot user and a first-time poster so please forgive me if this is a stupid question, or even (as I suspect it might be) not really a Dovecot question. My system is the fairly typical mix of postfix, amavis-new, and Dovecot. For some reason I?ve noticed that when I look at the mail headers for delivered messages the Received header is missing the detail of any external servers that the mail went through, and additionally the tag appears twice; for example the ?Welcome to the dovecot mailing list? email has: Received:?from localhost (localhost [127.0.0.1]) ????by droplet.the-wyvern.net (Postfix) with ESMTP id DDDD163F73 ????for ; Mon, 26 Aug 2013 16:40:19 +0000 (UTC) Received:?from droplet.the-wyvern.net ([127.0.0.1]) ????by localhost (droplet.the-wyvern.net [127.0.0.1]) (amavisd-new, port 10024) ????with ESMTP id 6AFMiG0TAHUv for ; ????Mon, 26 Aug 2013 16:40:17 +0000 (UTC) Searching through the dovecot.markmail archive I can see this doesn?t seem to be too unusual in that there are other examples where folk have posted message headers with the above format, however I?m wondering if there?s a good reason for it and if I can turn it off? I quite like being able to see where my mail came from :) If there?s a man / wiki page to read somewhere that explains it then please feel free to tell me to RTM (.. long as you also point me in the right direction :p ) Thanks, Matt From vijayrajah at gmail.com Mon Aug 26 20:15:33 2013 From: vijayrajah at gmail.com (Vijay Rajah) Date: Mon, 26 Aug 2013 22:45:33 +0530 Subject: [Dovecot] zlib plugin issues Message-ID: Hello, I'm running dovecot 2.2.5 in Centos 6.4 on EXT4 fs. I have activated zlib plugin. The incoming mails is compressed. However, when i try to retrieve the mail using imap I'm getting this error Aug 25 22:17:31 vrajah-vps5 dovecot: imap(me@): Error: Cached message size smaller than expected (1464 < 2452) Aug 25 22:17:31 vrajah-vps5 dovecot: imap(me@): Error: Maildir filename has wrong S value, renamed the file from /mail/mailbox/ rvijay.me/me/Maildir/.vijay_gmail/cur/1377448276.M960004P32378.vrajah-vps5,S=1464:2, to /mail/mailbox//me/Maildir/.vijay_gmail/cur/1377448276.M960004P32378.vrajah-vps5,S=1464:2, Aug 25 22:17:31 vrajah-vps5 dovecot: imap(me@): Error: Corrupted index cache file /mail/mailbox//me/Mai ldir/.vijay_gmail/dovecot.index.cache: Broken physical size for mail UID 12 $ file /mail/mailbox//me/Maildir/.vijay_gmail/cur/1377448276.M960004P32378.vrajah-vps5\,S\=1464\:2\,S /mail/mailbox//me/Maildir/.vijay_gmail/cur/1377448276.M960004P32378.vrajah-vps5,S=1464:2,S: bzip2 compressed data, block size = 900k Am I missing anything? any ideas is much appreciated. Thanks Vijay ###################doveconf -n ############################ Here is my doveconf -n # 2.2.5: /mail/dovecot/2.2.5/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.14.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) ext4 auth_mechanisms = plain login digest-md5 cram-md5 auth_socket_path = /mail/var/dovecot/run/auth-userdb base_dir = /mail/var/dovecot/run/ debug_log_path = /var/log/dovecot-debug.log hostname = mail1 at rvijay.me mail_location = maildir:/mail/mailbox/%d/%n/Maildir mail_plugin_dir = /mail/dovecot/2.2.5/lib/dovecot/ mail_plugins = " virtual quota zlib" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /mail/dovecot/2.2.5/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = maildir:User quota quota_grace = 10%% quota_rule = *:storage=1GB quota_rule2 = Trash:storage=+10%% quota_rule3 = Spam:storage=+20%% quota_status_nouser = DUNNO quota_status_overquota = 450 4.2.2 Mailbox is full. Try again later quota_status_success = DUNNO quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u quota_warning3 = -storage=100%% quota-warning below %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = /mail/var/dovecot/sieve zlib_save = bz2 zlib_save_level = 9 } protocols = imap lmtp sieve service auth { unix_listener /mail/var/postfix/dovecot-auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { port = 143 } } service lmtp { unix_listener /mail/var/postfix/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 10 vsz_limit = 64 M } service managesieve { process_limit = 1024 } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12340 } } service quota-warning { executable = script /mail/dovecot/2.2.5/etc/dovecot/conf.d/quota-warning.sh user = vmail } shutdown_clients = no ssl_ca = References: Message-ID: Just realized the imap plugin must be imap_zlib... It works now. Thanks Vijay On Mon, Aug 26, 2013 at 10:45 PM, Vijay Rajah wrote: > Hello, > > I'm running dovecot 2.2.5 in Centos 6.4 on EXT4 fs. > > I have activated zlib plugin. The incoming mails is compressed. However, > when i try to retrieve the mail using imap I'm getting this error > > Aug 25 22:17:31 vrajah-vps5 dovecot: imap(me@): Error: > Cached message size smaller than expected (1464 < 2452) > Aug 25 22:17:31 vrajah-vps5 dovecot: imap(me@): Error: > Maildir filename has wrong S value, renamed the file from /mail/mailbox/ > rvijay.me/me/Maildir/.vijay_gmail/cur/1377448276.M960004P32378.vrajah-vps5,S=1464:2, > to > /mail/mailbox//me/Maildir/.vijay_gmail/cur/1377448276.M960004P32378.vrajah-vps5,S=1464:2, > Aug 25 22:17:31 vrajah-vps5 dovecot: imap(me@): Error: > Corrupted index cache file /mail/mailbox//me/Mai > ldir/.vijay_gmail/dovecot.index.cache: Broken physical size for mail UID 12 > > > $ file > /mail/mailbox//me/Maildir/.vijay_gmail/cur/1377448276.M960004P32378.vrajah-vps5\,S\=1464\:2\,S > /mail/mailbox//me/Maildir/.vijay_gmail/cur/1377448276.M960004P32378.vrajah-vps5,S=1464:2,S: > bzip2 compressed data, block size = 900k > > Am I missing anything? any ideas is much appreciated. > > Thanks > Vijay > > > ###################doveconf -n ############################ > > Here is my doveconf -n > > # 2.2.5: /mail/dovecot/2.2.5/etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-358.14.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) > ext4 > auth_mechanisms = plain login digest-md5 cram-md5 > auth_socket_path = /mail/var/dovecot/run/auth-userdb > base_dir = /mail/var/dovecot/run/ > debug_log_path = /var/log/dovecot-debug.log > hostname = mail1 at rvijay.me > mail_location = maildir:/mail/mailbox/%d/%n/Maildir > mail_plugin_dir = /mail/dovecot/2.2.5/lib/dovecot/ > mail_plugins = " virtual quota zlib" > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date ihave > namespace inbox { > inbox = yes > location = > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Junk { > auto = subscribe > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > separator = / > type = private > } > passdb { > args = /mail/dovecot/2.2.5/etc/dovecot/conf.d/dovecot-sql.conf.ext > driver = sql > } > plugin { > mail_log_events = delete undelete expunge copy mailbox_delete > mailbox_rename > mail_log_fields = uid box msgid size > quota = maildir:User quota > quota_grace = 10%% > quota_rule = *:storage=1GB > quota_rule2 = Trash:storage=+10%% > quota_rule3 = Spam:storage=+20%% > quota_status_nouser = DUNNO > quota_status_overquota = 450 4.2.2 Mailbox is full. Try again later > quota_status_success = DUNNO > quota_warning = storage=95%% quota-warning 95 %u > quota_warning2 = storage=80%% quota-warning 80 %u > quota_warning3 = -storage=100%% quota-warning below %u > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > sieve_global_dir = /mail/var/dovecot/sieve > zlib_save = bz2 > zlib_save_level = 9 > } > protocols = imap lmtp sieve > service auth { > unix_listener /mail/var/postfix/dovecot-auth { > group = postfix > mode = 0660 > user = postfix > } > } > service imap-login { > inet_listener imap { > port = 143 > } > } > service lmtp { > unix_listener /mail/var/postfix/dovecot-lmtp { > group = postfix > mode = 0660 > user = postfix > } > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > service_count = 10 > vsz_limit = 64 M > } > service managesieve { > process_limit = 1024 > } > service quota-status { > client_limit = 1 > executable = quota-status -p postfix > inet_listener { > port = 12340 > } > } > service quota-warning { > executable = script > /mail/dovecot/2.2.5/etc/dovecot/conf.d/quota-warning.sh > user = vmail > } > shutdown_clients = no > ssl_ca = ssl_cert = ssl_key = ssl_parameters_regenerate = 30 hours > submission_host = 127.0.0.1:587 > userdb { > driver = prefetch > } > userdb { > args = /mail/dovecot/2.2.5/etc/dovecot/conf.d/dovecot-sql.conf.ext > driver = sql > } > protocol lda { > mail_plugins = " virtual quota sieve zlib" > } > protocol imap { > mail_plugins = " virtual quota imap_quota zlib" > } > protocol lmtp { > mail_plugins = " virtual quota sieve zlib" > } > > > From CMarcus at Media-Brokers.com Mon Aug 26 21:35:40 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 26 Aug 2013 14:35:40 -0400 Subject: [Dovecot] mdbox - healthy rotation size vs default In-Reply-To: <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <521752D1.9060808@Media-Brokers.com> <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> Message-ID: <521B9FFC.30204@Media-Brokers.com> On 2013-08-24 4:47 AM, Michael Grimm wrote: > Don't ask me why I did chose 100m, I cannot remember;-) Ok, if one of such mdbox files will become corrupt, I will loose a lot of mail, but on the other hand I am running two dovecot servers in parallel (replicator/dsync) and I do take hourly snapshots (ZFS) of my mail storage file system as well. Well, if they are stored on ZFS, I guess the chances of corruption are extremely minimal (much less than for other filesystems)... I'm curious, is this on FreeBSD? Linux? I'm interested in details, as I'd love to be able to use ZFS on my gentoo linux box without having to enable modules... -- Best regards, */Charles/* From trashcan at odo.in-berlin.de Mon Aug 26 21:58:13 2013 From: trashcan at odo.in-berlin.de (Michael Grimm) Date: Mon, 26 Aug 2013 20:58:13 +0200 Subject: [Dovecot] mdbox - healthy rotation size vs default In-Reply-To: <20130825133748.GA18806@mushkin.tanso.net> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <521752D1.9060808@Media-Brokers.com> <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> <20130825133748.GA18806@mushkin.tanso.net> Message-ID: <6917BA4C-0286-453C-957C-661B35AE56E6@odo.in-berlin.de> On 25.08.2013, at 15:37, Jan-Frode Myklebust wrote: > On Sat, Aug 24, 2013 at 10:47:56AM +0200, Michael Grimm wrote: >> I am running "mdbox_rotate_size = 100m" for approx. a year now on >> a small server (a handful of users, only). All mailboxes are around >> 1G each with a lot of attachments. I never had an issue so far. > > How much space are your mdboxes using, compared to to quota usage? Sorry, but I do not understand your question. > I.e. how much space is wasted on deleted messages? > > (not sure this will be easy to measure, because of compression..) True, it is hard to answer ;-) As a very rough estimate I do estimate a 5% waste of space regarding deleted messages. But, my handful users are very disciplined in purging their deleted messages on a regular basis (I told them to do), and thus my regular "doveadm purge -A" runs will reduce that amount of wasted disk space to a minimum. Not very helpful, I know, Michael From trashcan at odo.in-berlin.de Mon Aug 26 22:05:07 2013 From: trashcan at odo.in-berlin.de (Michael Grimm) Date: Mon, 26 Aug 2013 21:05:07 +0200 Subject: [Dovecot] mdbox - healthy rotation size vs default In-Reply-To: <521B9FFC.30204@Media-Brokers.com> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <521752D1.9060808@Media-Brokers.com> <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> <521B9FFC.30204@Media-Brokers.com> Message-ID: On 26.08.2013, at 20:35, Charles Marcus wrote: > On 2013-08-24 4:47 AM, Michael Grimm wrote: >> Don't ask me why I did chose 100m, I cannot remember;-) Ok, if one of such mdbox files will become corrupt, I will loose a lot of mail, but on the other hand I am running two dovecot servers in parallel (replicator/dsync) and I do take hourly snapshots (ZFS) of my mail storage file system as well. > > Well, if they are stored on ZFS, I guess the chances of corruption are extremely minimal (much less than for other filesystems)... Haven't had any file system corruption for a very long time now, even before switching to ZFS. > I'm curious, is this on FreeBSD? Yes I migrated my servers to FreeBSD some years ago, and I am using ZFS for approx. two years now. > Linux? I'm interested in details, as I'd love to be able to use ZFS on my gentoo linux box without having to enable modules... Sorry, but I never used ZFS with Linux. But, ZFS and snapshots as such are pretty awesome and helped me a lot in the past when it comes to "recovering from human mistakes" ;-) Regrads, Michael From CMarcus at Media-Brokers.com Mon Aug 26 22:10:07 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 26 Aug 2013 15:10:07 -0400 Subject: [Dovecot] mdbox - healthy rotation size vs default In-Reply-To: References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <521752D1.9060808@Media-Brokers.com> <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> <521B9FFC.30204@Media-Brokers.com> Message-ID: <521BA80F.1070904@Media-Brokers.com> On 2013-08-26 3:05 PM, Michael Grimm wrote: > On 26.08.2013, at 20:35, Charles Marcus wrote: >> On 2013-08-24 4:47 AM, Michael Grimm wrote: >>> Don't ask me why I did chose 100m, I cannot remember;-) Ok, if one of such mdbox files will become corrupt, I will loose a lot of mail, but on the other hand I am running two dovecot servers in parallel (replicator/dsync) and I do take hourly snapshots (ZFS) of my mail storage file system as well. >> Well, if they are stored on ZFS, I guess the chances of corruption are extremely minimal (much less than for other filesystems)... > Haven't had any file system corruption for a very long time now, even before switching to ZFS. I know, me neither (knock on wood), which is why I put the 'extremely' in there... ;) >> I'm curious, is this on FreeBSD? > Yes I migrated my servers to FreeBSD some years ago, and I am using ZFS for approx. two years now. >> Linux? I'm interested in details, as I'd love to be able to use ZFS on my gentoo linux box without having to enable modules... > Sorry, but I never used ZFS with Linux. But, ZFS and snapshots as such are pretty awesome and helped me a lot in the past when it comes to "recovering from human mistakes" ;-) Heh - that (and the resistance to hidden/silent filesystem corruption) is the main reason I'm interested in using it. :) From CMarcus at Media-Brokers.com Mon Aug 26 22:23:42 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 26 Aug 2013 15:23:42 -0400 Subject: [Dovecot] mdbox - healthy rotation size vs default In-Reply-To: <6917BA4C-0286-453C-957C-661B35AE56E6@odo.in-berlin.de> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <521752D1.9060808@Media-Brokers.com> <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> <20130825133748.GA18806@mushkin.tanso.net> <6917BA4C-0286-453C-957C-661B35AE56E6@odo.in-berlin.de> Message-ID: <521BAB3E.7020800@Media-Brokers.com> On 2013-08-26 2:58 PM, Michael Grimm wrote: > As a very rough estimate I do estimate a 5% waste of space regarding deleted messages. But, my handful users are very disciplined in purging their deleted messages on a regular basis (I told them to do), and thus my regular "doveadm purge -A" runs will reduce that amount of wasted disk space to a minimum. > > Not very helpful, I know, Are you sure about that? There was a thread a while back (I recently posted a response to it) about this, and it sounded like the mdbox files would *never* be 'compacted' (reduced in size from deleted messages)... my reply was on 8/23, thread titled "Dovecot never release preallocated space in mdbox'... -- Best regards, */Charles/* From CMarcus at Media-Brokers.com Mon Aug 26 22:31:20 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 26 Aug 2013 15:31:20 -0400 Subject: [Dovecot] mdbox - healthy rotation size vs default In-Reply-To: <521BAB3E.7020800@Media-Brokers.com> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <521752D1.9060808@Media-Brokers.com> <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> <20130825133748.GA18806@mushkin.tanso.net> <6917BA4C-0286-453C-957C-661B35AE56E6@odo.in-berlin.de> <521BAB3E.7020800@Media-Brokers.com> Message-ID: <521BAD08.1020707@Media-Brokers.com> On 2013-08-26 3:23 PM, Charles Marcus wrote: > On 2013-08-26 2:58 PM, Michael Grimm wrote: >> As a very rough estimate I do estimate a 5% waste of space regarding >> deleted messages. But, my handful users are very disciplined in >> purging their deleted messages on a regular basis (I told them to >> do), and thus my regular "doveadm purge -A" runs will reduce that >> amount of wasted disk space to a minimum. >> >> Not very helpful, I know, > > Are you sure about that? There was a thread a while back (I recently > posted a response to it) about this, and it sounded like the mdbox > files would *never* be 'compacted' (reduced in size from deleted > messages)... my reply was on 8/23, thread titled "Dovecot never > release preallocated space in mdbox'... Ooops, sorry, it was about *automatically* compacting them... I think... ** From trashcan at odo.in-berlin.de Mon Aug 26 22:40:07 2013 From: trashcan at odo.in-berlin.de (Michael Grimm) Date: Mon, 26 Aug 2013 21:40:07 +0200 Subject: [Dovecot] mdbox - healthy rotation size vs default In-Reply-To: <521BAB3E.7020800@Media-Brokers.com> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <521752D1.9060808@Media-Brokers.com> <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> <20130825133748.GA18806@mushkin.tanso.net> <6917BA4C-0286-453C-957C-661B35AE56E6@odo.in-berlin.de> <521BAB3E.7020800@Media-Brokers.com> Message-ID: <1A1DD500-7C31-44C7-A9BF-298616110D1C@odo.in-berlin.de> On 26.08.2013, at 21:23, Charles Marcus wrote: > On 2013-08-26 2:58 PM, Michael Grimm wrote: >> As a very rough estimate I do estimate a 5% waste of space regarding deleted messages. But, my handful users are very disciplined in purging their deleted messages on a regular basis (I told them to do), and thus my regular "doveadm purge -A" runs will reduce that amount of wasted disk space to a minimum. >> >> Not very helpful, I know, > > Are you sure about that? There was a thread a while back (I recently posted a response to it) about this, and it sounded like the mdbox files would *never* be 'compacted' (reduced in size from deleted messages)... my reply was on 8/23, thread titled "Dovecot never release preallocated space in mdbox'... I must have missed that thread, sorry. My observations are as follows: 1) if I delete mails in my mail client, mdbox files will not become reduced accordingly 2) if I do run something in my client like "remove all deleted mails from my account" (purged in client), mdbox files will not become reduced accordingly 3) if I do run "doveadm purge -A" on the server, mdbox files will become modified, see an example of a purge run a couple of minutes ago: before (all my mail, ~800 mails purged in client): -rw------- 1 vmail dovecot 104856511 Aug 14 20:20 /var/mail/mike/storage/m.77 -rw------- 1 vmail dovecot 104769054 Aug 25 03:14 /var/mail/mike/storage/m.89 -rw------- 1 vmail dovecot 104848809 Aug 24 18:33 /var/mail/mike/storage/m.90 -rw------- 1 vmail dovecot 24762837 Aug 26 21:26 /var/mail/mike/storage/m.91 after (all my mail, after "doveadm purge -A"): -rw------- 1 vmail dovecot 104856511 Aug 14 20:20 /var/mail/mike/storage/m.77 -rw------- 1 vmail dovecot 104803218 Aug 26 21:26 /var/mail/mike/storage/m.92 -rw------- 1 vmail dovecot 104802874 Aug 26 21:26 /var/mail/mike/storage/m.93 -rw------- 1 vmail dovecot 21580496 Aug 26 21:26 /var/mail/mike/storage/m.94 Thus, from my point of view one needs to run "doveadm purge -A" on a regular basis *and* educate users to purge deleted mails in their clients on a regular basis as well. (I hope I didn't misunderstand you right from the beginning.) Regards, Michael From janfrode at tanso.net Mon Aug 26 22:50:12 2013 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Mon, 26 Aug 2013 21:50:12 +0200 Subject: [Dovecot] mdbox - healthy rotation size vs default In-Reply-To: <521BAD08.1020707@Media-Brokers.com> References: <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <521752D1.9060808@Media-Brokers.com> <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> <20130825133748.GA18806@mushkin.tanso.net> <6917BA4C-0286-453C-957C-661B35AE56E6@odo.in-berlin.de> <521BAB3E.7020800@Media-Brokers.com> <521BAD08.1020707@Media-Brokers.com> Message-ID: <20130826195012.GA12508@mushkin.tanso.net> On Mon, Aug 26, 2013 at 03:31:20PM -0400, Charles Marcus wrote: > >On 2013-08-26 2:58 PM, Michael Grimm wrote: > >>As a very rough estimate I do estimate a 5% waste of space > >>regarding deleted messages. But, my handful users are very > >>disciplined in purging their deleted messages on a regular basis > >>(I told them to do), and thus my regular "doveadm purge -A" runs > >>will reduce that amount of wasted disk space to a minimum. > > > >Are you sure about that? There was a thread a while back (I > >recently posted a response to it) about this, and it sounded like > >the mdbox files would *never* be 'compacted' (reduced in size from > >deleted messages)... my reply was on 8/23, thread titled "Dovecot > >never release preallocated space in mdbox'... > > Ooops, sorry, it was about *automatically* compacting them... I think... > And Timo seemed to reply that hole punching was something doveadm purge could conceivably do, but doesn't do at the moment. Timo, could you please clearify a bit here? Does non-preallocated (mdbox_preallocate_space=no) m-files get hole punched (or space re-used for new messages) after running doveadm purge? Or can we end up with a huge $mdbox_rotate_size size m-file, with only a single small message remaining after all other messages has been purged? -jf From javierdemiguel-ext at us.es Mon Aug 26 22:59:17 2013 From: javierdemiguel-ext at us.es (=?UTF-8?Q?Javier_de_Miguel_Rodr=C3=ADguez?=) Date: Mon, 26 Aug 2013 21:59:17 +0200 Subject: [Dovecot] mdbox - healthy rotation size vs default In-Reply-To: <6917BA4C-0286-453C-957C-661B35AE56E6@odo.in-berlin.de> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <521752D1.9060808@Media-Brokers.com> <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> <20130825133748.GA18806@mushkin.tanso.net> <6917BA4C-0286-453C-957C-661B35AE56E6@odo.in-berlin.de> Message-ID: <5a43a8575b06f8c44039fc7b9d9e27a2@us.es> Another intesting thing for this thread: if you set a very high value for mdbox rotate settings, your incremental backups will be awful. If you have hundreds of messages in a mdbox and you doveadm purge one of them, the full .m file must be copied in the incremental / diferential backup. I use 10 MB+zlib for "main storage" and 250 MB+bzip2 for alternate storage. Regards Javier From trashcan at odo.in-berlin.de Mon Aug 26 23:20:01 2013 From: trashcan at odo.in-berlin.de (Michael Grimm) Date: Mon, 26 Aug 2013 22:20:01 +0200 Subject: [Dovecot] mdbox - healthy rotation size vs default In-Reply-To: <5a43a8575b06f8c44039fc7b9d9e27a2@us.es> References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <521752D1.9060808@Media-Brokers.com> <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> <20130825133748.GA18806@mushkin.tanso.net> <6917BA4C-0286-453C-957C-661B35AE56E6@odo.in-berlin.de> <5a43a8575b06f8c44039fc7b9d9e27a2@us.es> Message-ID: On 26.08.2013, at 21:59, Javier de Miguel Rodr?guez wrote: > If you have hundreds of messages in a mdbox and you doveadm purge one of > them, the full .m file must be copied in the incremental / diferential > backup. Good point! I won't suffer from that, but those with thousands of users will suffer for sure, see my example mailed before. Three mdbox files became deleted and copied to w ones. Regards, Michael From trashcan at odo.in-berlin.de Mon Aug 26 23:27:43 2013 From: trashcan at odo.in-berlin.de (Michael Grimm) Date: Mon, 26 Aug 2013 22:27:43 +0200 Subject: [Dovecot] mdbox - healthy rotation size vs default In-Reply-To: References: <5214AB3C.3030106@telecomitalia.sm> <5214ACD3.1090901@sys4.de> <5214B02C.3020601@telecomitalia.sm> <20130821210713.GA31477@mushkin.tanso.net> <5216C194.50606@hardwarefreak.com> <521752D1.9060808@Media-Brokers.com> <04556FFC-F849-4C16-BB85-00188570DD37@odo.in-berlin.de> <20130825133748.GA18806@mushkin.tanso.net> <6917BA4C-0286-453C-957C-661B35AE56E6@odo.in-berlin.de> <5a43a8575b06f8c44039fc7b9d9e27a2@us.es> Message-ID: On 26.08.2013, at 22:20, Michael Grimm wrote: > Three mdbox files became deleted and copied to w ones. s/to w ones/to new ones/ Sorry. From steven.murdoch at cl.cam.ac.uk Tue Aug 27 01:08:41 2013 From: steven.murdoch at cl.cam.ac.uk (Steven Murdoch) Date: Mon, 26 Aug 2013 23:08:41 +0100 Subject: [Dovecot] Logging pre-rewrite user ID for application-specific passwords Message-ID: <3C62E17B-2F42-4D0F-AFA8-6911E2DBBB06@cl.cam.ac.uk> I have set up Dovecot v2.2.5 with application-specific passwords, along the lines of this blog post (http://www.dgsiegel.net/news/2013_05_21-application_specific_passwords_for_dovecot). My users file looks like: user-foo:{BLF-CRYPT}$2...:42:42::/home/user::allow_nets=127.0.0.1/32 user=user user-bar:{BLF-CRYPT}$2...:42:42::/home/user::user=user user:{BLF-CRYPT}$2...:42:42::/home/user::nologin In this way, user-foo can log in with one password (but only from localhost), user-bar can log in from any host with a different password, but both actually being treated as the same user. When these users log in through, the log entries look like: Aug 26 23:03:01 hostname dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=12345, TLS Whereas I would like to see the original user name (prior to the re-write), i.e. user-foo and user-bar so I can keep track of which user names are in use and from where. Is there some way to do this? I couldn't see any of the variables being suitable. There is some information in the debug logs, but I would prefer not to need to leave this on when I don't need them. Thanks in advance. Steven -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: From dovecot at pyropus.ca Tue Aug 27 02:19:06 2013 From: dovecot at pyropus.ca (C. Mills) Date: Mon, 26 Aug 2013 17:19:06 -0600 Subject: [Dovecot] Developer docs? In-Reply-To: References: <20130825180946.GB31739@pyropus.ca> Message-ID: <20130826231906.GA1982@pyropus.ca> Timo Sirainen wrote: > On 25.8.2013, at 21.09, C. Mills wrote: > > > What I'm trying to do requires passing some additional information/state > > from the imap-login process (presumably through the master) to the imap > > mail process. Any pointers much appreciated! > > See how imap-login/client-authenticate.c imap_client_auth_begin() sends the > command tag to imap process. Or if it's something all login processes need > you could modify struct master_auth_request directly. I do see how it's put into the imap_client->common.master_data_prefix there, but it's not clear to me how to get it back *out* in the imap mail client. The only place I see that data actually used is in /login-common/sasl-server.c. For a concrete example, I'd like to pass an additional string/char * of state information from the imap-login code to imap mail client code. I think, based on the above, that you suggest putting it into the imap_client->common struct, which I've done, so that struct is then passed to client_auth_begin(), and presumably goes to the master process. But where does that information/data get passed to the imap mail client? For example, if I wanted to access it in /imap/cmd-fetch.c : cmd_fetch(), cmd->client appears to be a different structure? Thanks, C. C. -- ----------------------------------------------------------------------- C. Mills ----------------------------------------------------------------------- From tss at iki.fi Tue Aug 27 02:31:30 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 27 Aug 2013 02:31:30 +0300 Subject: [Dovecot] Developer docs? In-Reply-To: <20130826231906.GA1982@pyropus.ca> References: <20130825180946.GB31739@pyropus.ca> <20130826231906.GA1982@pyropus.ca> Message-ID: <25243D33-5317-4660-9C15-A352F59D9545@iki.fi> On 27.8.2013, at 2.19, C. Mills wrote: >> See how imap-login/client-authenticate.c imap_client_auth_begin() sends the >> command tag to imap process. Or if it's something all login processes need >> you could modify struct master_auth_request directly. > > I do see how it's put into the imap_client->common.master_data_prefix there, > but it's not clear to me how to get it back *out* in the imap mail client. > The only place I see that data actually used is in > /login-common/sasl-server.c. In imap-login process write it to master_data_prefix. This gets passed through to imap process directly, which reads it in imap/main.c : client_parse_input(). You can use whatever format in there as long as the reading and writing part are compatible with each others. Note that after the master_data_prefix may come some actual IMAP client input that needs to be parsed. So you'll probably want to add your extra string before or after the imap tag string. > For a concrete example, I'd like to pass an additional string/char * of state > information from the imap-login code to imap mail client code. I think, based > on the above, that you suggest putting it into the imap_client->common struct, > which I've done, so that struct is then passed to client_auth_begin(), and > presumably goes to the master process. But where does that information/data > get passed to the imap mail client? For example, if I wanted to access it in > /imap/cmd-fetch.c : cmd_fetch(), cmd->client appears to be a different > structure? I'm beginning to wonder if another way would be better. Why does the data need to be passed before login, why can't it be passed after login so there wouldn't need to be any imap-login <-> imap communication for it? Or if the information you're passing is coming from an external source and not exactly from the IMAP client, maybe you can get it from auth process userdb lookup? Those fields are also passed to imap process. From Rainer at krugs.de Tue Aug 27 11:57:20 2013 From: Rainer at krugs.de (Rainer M Krug) Date: Tue, 27 Aug 2013 10:57:20 +0200 Subject: [Dovecot] Migrating from Maildir to Maildir:LAYOUT=fs References: Message-ID: Could somebody please point me in the right direction where I could get this info, if this is not the right list? Thanks, Rainer Rainer M Krug writes: > Hi > I have use dovecot together with offlineimap to download my gmail > account on a single user computer and I have only one maildir > (~/Maildir). > > As I switched to Mac, I would like to use spotlight to index my mails, > which apparently does not work as they are in hidden directories > (.directories). So I would like to change to LAYOUT=fs. Is there an easy > way to migrate my email structure? I have several folders and > subfolders, but a manual solution would be fine with me as well. > > My questions: > > 1) can I simply restructure the mailboxes and rename the folders / move > them into the folders where I want them after changing the configuration > of dovecot? > > 2) Is there an easy tool I can use for this for one mailbox which is > doing it automatically? > > Thanks, > > Rainer -- Rainer M. Krug email: RMKruggmailcom From Christian.Schmidt at chemie.uni-hamburg.de Tue Aug 27 12:30:01 2013 From: Christian.Schmidt at chemie.uni-hamburg.de (Christian Schmidt) Date: Tue, 27 Aug 2013 11:30:01 +0200 Subject: [Dovecot] Migrating from Maildir to Maildir:LAYOUT=fs In-Reply-To: References: Message-ID: <521C7199.3040003@chemie.uni-hamburg.de> Hello Rainer, 24.08.2013 12:42, Rainer M Krug: > I have use dovecot together with offlineimap to download my gmail > account on a single user computer and I have only one maildir > (~/Maildir). > > As I switched to Mac, I would like to use spotlight to index my mails, > which apparently does not work as they are in hidden directories > (.directories). So I would like to change to LAYOUT=fs. Is there an easy > way to migrate my email structure? I have several folders and > subfolders, but a manual solution would be fine with me as well. Wouldn't it be best for spotlight if you used "local storage" for your mails? In other words: Just download them from your server into your local account. The you're done, and spoltlight will be able to index them. Mit freundlichen Gr??en Christian Schmidt -- No signature available. From Rainer at krugs.de Tue Aug 27 12:45:26 2013 From: Rainer at krugs.de (Rainer M Krug) Date: Tue, 27 Aug 2013 11:45:26 +0200 Subject: [Dovecot] Migrating from Maildir to Maildir:LAYOUT=fs References: <521C7199.3040003@chemie.uni-hamburg.de> Message-ID: Christian Schmidt writes: > Hello Rainer, > > 24.08.2013 12:42, Rainer M Krug: >> I have use dovecot together with offlineimap to download my gmail >> account on a single user computer and I have only one maildir >> (~/Maildir). >> >> As I switched to Mac, I would like to use spotlight to index my mails, >> which apparently does not work as they are in hidden directories >> (.directories). So I would like to change to LAYOUT=fs. Is there an easy >> way to migrate my email structure? I have several folders and >> subfolders, but a manual solution would be fine with me as well. > > Wouldn't it be best for spotlight if you used "local storage" for your > mails? In other words: Just download them from your server into your > local account. The you're done, and spoltlight will be able to index them. I am using gnus as my mail client. Before switching to mac, I had an old hp and thunderbird just got to slow. So I switched to gnus and I started loving it. After switching to mac, I tried thunderbird again but can't get used to it again and the same with OS X mail (whatever the proiper name of the OS X Mountain Lion mail client is). I could use one of these and link to the local imap server to index the mails for spotlight, but this would mean doubling my mail storage space (at the moment about 8GB). Cheers und mit freundlichen Gruessen, Rainer > > Mit freundlichen Gr??en > Christian Schmidt -- Rainer M. Krug email: RMKruggmailcom From kavish.karkera at yahoo.com Tue Aug 27 13:56:37 2013 From: kavish.karkera at yahoo.com (Kavish Karkera) Date: Tue, 27 Aug 2013 18:56:37 +0800 (SGT) Subject: [Dovecot] Error: file_dotlock_open() failed with file + Too many open files Message-ID: <1377600997.72588.YahooMailNeo@web193502.mail.sg3.yahoo.com> Hi All, We are getting these below error on our IMAP server. is this because of open file limits.?? We have set it to 4096. [root at vish conf.d]# ulimit -n 4096 Aug 27 16:08:26 imap(kavish.karkera at example.com-24685): Error: file_dotlock_open() failed with file /data/quarantine/index//data/quarantine/mailstore/24685/.INBOX.kavish.karkera/dovecot.index.cache: Too many open files Aug 27 16:08:26 imap(kavish.karkera at example.com-24685): Error: open(/data/quarantine/index//data/quarantine/mailstore/24685/.INBOX.kavish.karkera/dovecot.index.cache.lock) failed: Too many open files Below is our dovecot conf file. ====================================================================== # 2.2.5: /usr/local/dovecot-2.2.5/etc/dovecot-imap/dovecot.conf # OS: Linux 2.6.18-194.26.1.el5 x86_64 CentOS release 5.5 (Final) auth_socket_path = /usr/local/var/run/dovecot2.2-imap/auth-userdb base_dir = /usr/local/var/run/dovecot2.2-imap/ default_vsz_limit = 1 G first_valid_gid = 99 first_valid_uid = 99 hostname = log_path = /var/log/dovecot2.2-imap.log mail_location = maildir:~:INDEX=/data/quarantine/index/%h:CONTROL=/data/quarantine/index/%h mail_plugins = " virtual notify" namespace { ? inbox = no ? location = ? prefix = ? separator = . ? type = private } namespace { ? hidden = yes ? inbox = yes ? list = yes ? location = virtual:~/virtual:LAYOUT=maildir++:INDEX=~/virtual:CONTROL=~/virtual ? prefix = virtual. ? separator = . ? subscriptions = no ? type = private } namespace { ? hidden = yes ? inbox = no ? list = no ? location = maildir:~:INDEX=/data/quarantine/index/%h:CONTROL=/data/quarantine/index/%h:LAYOUT=maildir++ ? prefix = boxvirtual. ? separator = . ? subscriptions = no ? type = private } passdb { ? args = /usr/local/dovecot-2.2.5/etc/dovecot-imap/dovecot-sql.conf.ext ? driver = sql } protocols = imap service auth { ? unix_listener auth-userdb { ??? group = nobody ??? mode = 0666 ??? user = nobody ? } } service imap-login { ? inet_listener imap { ??? port = 20143 ? } ? vsz_limit = 1 G } service imap-postlogin { ? executable = script-login -d /usr/local/bin/dovecot.virtual.sh ? unix_listener imap-postlogin { ??? mode = 0666 ? } } service imap { ? executable = /usr/local/dovecot-2.2.5/libexec/dovecot/imap imap-postlogin ? vsz_limit = 1 G } ssl = no userdb { ? args = /usr/local/dovecot-2.2.5/etc/dovecot-imap/dovecot-sql.conf.ext ? driver = sql } protocol imap { ? mail_max_userip_connections = 1000 ? mail_plugins = " virtual notify" } Regards, Kavish Karkera From skdovecot at smail.inf.fh-brs.de Tue Aug 27 14:53:46 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 27 Aug 2013 13:53:46 +0200 (CEST) Subject: [Dovecot] Migrating from Maildir to Maildir:LAYOUT=fs In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 24 Aug 2013, Rainer M Krug wrote: > 2) Is there an easy tool I can use for this for one mailbox which is > doing it automatically? Check out http://wiki2.dovecot.org/Tools/Dsync , section "Converting". - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUhyTSl3r2wJMiz2NAQKxGwgAxA08ZB/xcnofSALuUy7hzeUnlA3QwEPm tzq/U28sbwtLvX8Me1DQOZsQYhn0wPbaEj5Pkksp9HHhg/pZjXwLni5rSJZa1lCh dNytguX7dksfgKvKdURP5RHaUpCibfZGZMLVdwjNWLnoc+6vo+Wes//Ta/rSSejB HWWZ63j8dbnlRTBJDLNDwqXwytXn7xqmHGZr8TSJaTX6tJgQrNQd0vdjO8UJXfMq dyTwI5Jtl1MN4TMfMzTo2Y+5eiZqmxMH2ZFbaVO1ewhwQmkk7O1YNYWcBdT8zd2D a+tBm7O7GTzCENRbN28V2Bcn1HQyONACfwlRwKzLJNYMM769Q0QRWQ== =KFkC -----END PGP SIGNATURE----- From jordan at packethouse.com Tue Aug 27 23:38:37 2013 From: jordan at packethouse.com (Jordan Cook) Date: Tue, 27 Aug 2013 21:38:37 +0100 Subject: [Dovecot] Problem with MySQL virtual users and dsync Message-ID: <521D0E4D.20305@packethouse.com> Hello, I am using dovecot 2.2.5 on FreeBSD and I am having trouble using dsync with SSH. Everything on the server seems to be working fine (I can login, receive and send emails etc). I am using SQL for both passdb, and userdb and this seems to work fine. The 'doveadm user' command returns all the correct information for the user. I am getting the following errors in my log file: Aug 27 21:34:17 server dovecot: replicator: Error: userdb lookup: Connecting timed out Aug 27 21:34:17 server dovecot: replicator: Error: userdb lookup: Disconnected unexpectedly Aug 27 21:34:20 server last message repeated 173381 times It did seem to do an initial sync, but after that nothing is being synchronised. Has anyone else solved this problem previously or is able to help? Regards, Jordan Cook -- Packet House Limited is a company registered in England and Wales. Registered number: 07602377. Registered office: 40 Preston Avenue, Alfreton, Derbyshire, DE55 7JY This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Packet House Limited. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. From kremels at kreme.com Wed Aug 28 01:24:57 2013 From: kremels at kreme.com (LuKreme) Date: Tue, 27 Aug 2013 16:24:57 -0600 Subject: [Dovecot] How do I get CRAM-MD5 to work? Message-ID: <1C93511D-85D9-4B1B-A5BA-7F7E7392BF6C@kreme.com> I know how to ENABLE CRAM-MD5, but getting it to actually work? It looks like I have to 1) manually create a CRAM-MD5 data file and, I suppose, 2) manually manage the file? Given I do not know user's passwords, this might be tricky. Currently I have users authenticate against MySQL (virtual users) or pam (local users). Or do i just ignore it all and stick with PLAIN since the connection is already encrypted? What is LOGIN? My MUA supports "Password" (which is PLAIN evidently), kerberos 5, MD5 Challenge-response (CRAM-MD5), and NTML (??) -- If you have any young friends who aspire to become writers, the second-greatest favor you can do them is to present them with copies of The Elements of Style. The first-greatest, of course, is to shoot them now, while they're happy. -Dorothy Parker From sven at svenhartge.de Wed Aug 28 01:57:10 2013 From: sven at svenhartge.de (Sven Hartge) Date: Wed, 28 Aug 2013 00:57:10 +0200 Subject: [Dovecot] verbose_proctitle cuts dsync to proctitle to "dsyn" Message-ID: <2a0lv9497av8@mids.svenhartge.de> Hi Timo, little cosmetic bug report: using "verbose_proctitle = yes" shortens the proctitle of dsync to just "dsyn". Example: Note the whitespace instead of the 'c' in the proctitle: root at m-st-01:~# ps auwwwx | grep [d]syn virtmail 18141 13.0 0.1 49916 7952 pts/6 R+ 00:49 0:00 dsyn -v -u xxyyzz7 -R backup maildir:/staging/xxyyzz7/Maildir With "verbose_proctitle = no" the output looks like this: root at m-st-01:~# ps auwwwx | grep [d]syn virtmail 18347 78.6 1.6 127356 68884 pts/6 D+ 00:53 0:02 dsync -v -u aabbcc7 -R backup maildir:/staging/aabbcc7/Maildir Version of dovecot is 2.2.5 from the autobuilder (but rebuild locally): root at m-st-01:~# doveadm config -n # 2.2.5 (ec62ea3c940e): /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 [...] Gr??e, Sven. -- Sigmentation fault. Core dumped. From dovecot.org at practiceofcode.com Wed Aug 28 04:09:52 2013 From: dovecot.org at practiceofcode.com (Jason Discount) Date: Wed, 28 Aug 2013 11:09:52 +1000 Subject: [Dovecot] Trouble with case-sensitive LDAP user logins Message-ID: Hi All, I have a client running Dovecot-Postfix on Debian Squeeze. I'm using Dovecot from the Squeeze repository. # dovecot --version 1.2.15 I've implemented a central mail_location and am using one vmail user, as I thought this would be be the best approach for when it came time to implement Shared and Public Mailboxes. # dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-xen-686 i686 Debian 6.0.7 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3s managesieve listen(default): 127.0.0.1:143 listen(imap): 127.0.0.1:143 listen(pop3): 127.0.0.1:110 listen(managesieve): * ssl_listen(default): *:993 ssl_listen(imap): *:993 ssl_listen(pop3): *:995 ssl_listen(managesieve): ssl_ca_file: /etc/ssl/certs/RapidSSL_CA_bundle.pem ssl_cert_file: /etc/ssl/certs/mail.example.com.2013.chain.pem ssl_key_file: /etc/ssl/private/example.2013.key login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_max_userip_connections(default): 40 mail_max_userip_connections(imap): 40 mail_max_userip_connections(pop3): 10 mail_max_userip_connections(managesieve): 10 mail_privileged_group: mail mail_uid: vmail mail_gid: vmail mail_location: maildir:/var/spool/dovecot/%d/%u mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve namespace: type: private separator: / inbox: yes list: yes subscriptions: yes lda: postmaster_address: postmaster at example.com mail_plugins: sieve quota log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver.log auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap-userdb.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: quota: maildir:User quota_rule: *:storage=1200M quota_rule2: Deleted Messages:storage=10%% quota_rule3: Deleted Items:storage=10%% quota_rule4: Trash:storage=10%% sieve: /var/spool/sieve/%d/%u/.dovecot.sieve sieve_dir: /var/spool/sieve/%d/%u All of the mail users are LDAP users only (not local UNIX users - not using nsswitch). dovecot-ldap-userdb.conf is a symbolic link to dovecot-ldap.conf # grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-ldap.conf uris = ldaps://mail.example.com/ dn = uid=mail,ou=Services,dc=example,dc=com dnpass = ****************** tls_require_cert = hard auth_bind = yes base = ou=People,dc=example,dc=com user_attrs = quota=quota_rule=*:storage=%$M user_filter = (&(objectClass=posixAccount)(mail=%u)) pass_attrs = uid=mail,userPassword=password pass_filter = (&(objectClass=posixAccount)(mail=%u)) Now, mail addressed to user at example.com and user at EXAMPLE.com correctly gets delivered to the correct mail location of /var/spool/dovecot/example.com/user, but the problem occurs when the user creates their account with uppercase characters in their username, e.g. user at exaMPLE.com. This creates a new directory at /var/spool/dovecot/exaMPLE.com/user, which ever receives any mail. Is it possible to ignore the case the user enters in their mail client and always land them at the lowercase mail directory? Where would this be done? Thank you, Jay From marco.fretz at gmail.com Wed Aug 28 09:57:53 2013 From: marco.fretz at gmail.com (Marco Fretz) Date: Wed, 28 Aug 2013 08:57:53 +0200 Subject: [Dovecot] Log successful login plain text password Message-ID: <521D9F71.9070800@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, I want to use dovecot as a IMAP and POP3 proxy in front of our current E-Mail hosting server to log the plain text passwords of all successful logins for migration reasons. Actually I don't need the password to see in plain text, storing them as SHA256-CRYPT (or something dovecot can use later for auth) hash in a file or DB would be fine, too. I need this for the migration from the current mail server (using proprietary hashing to store passwords) to a new postfix / dovecot base mail system. I played around with "auth_debug_passwords" and all debug / logging options I found in the manual. Nothing logs successful login plaintext passwords. Any hint welcome. Thanks a lot, Marco -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSHZ9tAAoJEKxm7Ju3UATui2cP/A3cf2TrNvOjjtP1TCgZZ5EC igsgngPlKiXU/RwHO9shBLXUyhKDHPGihNf9KL/RjoFnrgX1asPd/RF/2b080IU3 bNO49BLs8QqoroKz5E+TL8UNixlO5YQjnerKfJ5GIJbSUTC3MaxmN62Cl9jEaTWu 4dX3MXoB3ghoxt6FETSLXz6cEXsGd6KvqxolQC13NYtvpZED+qk7z3RywK8Xp/Au Ipx3xEnDRc/YvG3PeJlsjF9Ge80GxVVH0nudNOV/zmyuNfh4PkPRerk1R4Px01zI sxnXvcNjjenCJ6DMKBmOCyBii9Wl9i4opw9k4X4Z6MFEZGiodRz1usKWJMT0VqUG NBEJDOWsoWpasWMCtduBRrNQS3JI+o1tebDAI5n3K4lJ2d27+nosDvdQ8vNlVszM 8nhSn228RQNy9SJZNAvspOYQBM2gt5IQyWGA4jhrMUkwKeTfHZik8vh8lEcwbK9q H6Myue+i+G8wVa57F1V7/7x2LNGn56BWxTDlBrtKdK3KphCgEoCny/f5VYerO8It MnCMLPXI2oCC8qqkK7x45SYSe/eQhgV93LHpI5z25TqyeJ6R+7dglderRDQcNN0n OtbYMYkqlF8xJ4k+rVFwOC5VD7Bq+S2Q4LyLEf7wFH32Dc12pI/SnAL8DPvkNgbL FshgaVOXUEkb0WhnvROl =oEzx -----END PGP SIGNATURE----- From wkaha at yahoo.com Wed Aug 28 10:08:22 2013 From: wkaha at yahoo.com (wkaha at yahoo.com) Date: Wed, 28 Aug 2013 09:08:22 +0200 Subject: [Dovecot] Log successful login plain text password In-Reply-To: <521D9F71.9070800@gmail.com> References: <521D9F71.9070800@gmail.com> Message-ID: Hi Marco when running dovecot -a you will find auth_* I think you could you auth_verbose_passwords to fit your needs. all the best On 28.08.2013, at 08:57, Marco Fretz wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi everyone, > > I want to use dovecot as a IMAP and POP3 proxy in front of our current > E-Mail hosting server to log the plain text passwords of all successful > logins for migration reasons. Actually I don't need the password to see > in plain text, storing them as SHA256-CRYPT (or something dovecot can > use later for auth) hash in a file or DB would be fine, too. > > I need this for the migration from the current mail server (using > proprietary hashing to store passwords) to a new postfix / dovecot base > mail system. > > I played around with "auth_debug_passwords" and all debug / logging > options I found in the manual. Nothing logs successful login plaintext > passwords. > > Any hint welcome. > > Thanks a lot, > Marco > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.13 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBAgAGBQJSHZ9tAAoJEKxm7Ju3UATui2cP/A3cf2TrNvOjjtP1TCgZZ5EC > igsgngPlKiXU/RwHO9shBLXUyhKDHPGihNf9KL/RjoFnrgX1asPd/RF/2b080IU3 > bNO49BLs8QqoroKz5E+TL8UNixlO5YQjnerKfJ5GIJbSUTC3MaxmN62Cl9jEaTWu > 4dX3MXoB3ghoxt6FETSLXz6cEXsGd6KvqxolQC13NYtvpZED+qk7z3RywK8Xp/Au > Ipx3xEnDRc/YvG3PeJlsjF9Ge80GxVVH0nudNOV/zmyuNfh4PkPRerk1R4Px01zI > sxnXvcNjjenCJ6DMKBmOCyBii9Wl9i4opw9k4X4Z6MFEZGiodRz1usKWJMT0VqUG > NBEJDOWsoWpasWMCtduBRrNQS3JI+o1tebDAI5n3K4lJ2d27+nosDvdQ8vNlVszM > 8nhSn228RQNy9SJZNAvspOYQBM2gt5IQyWGA4jhrMUkwKeTfHZik8vh8lEcwbK9q > H6Myue+i+G8wVa57F1V7/7x2LNGn56BWxTDlBrtKdK3KphCgEoCny/f5VYerO8It > MnCMLPXI2oCC8qqkK7x45SYSe/eQhgV93LHpI5z25TqyeJ6R+7dglderRDQcNN0n > OtbYMYkqlF8xJ4k+rVFwOC5VD7Bq+S2Q4LyLEf7wFH32Dc12pI/SnAL8DPvkNgbL > FshgaVOXUEkb0WhnvROl > =oEzx > -----END PGP SIGNATURE----- > From marco.fretz at gmail.com Wed Aug 28 10:14:03 2013 From: marco.fretz at gmail.com (Marco Fretz) Date: Wed, 28 Aug 2013 09:14:03 +0200 Subject: [Dovecot] Log successful login plain text password In-Reply-To: References: <521D9F71.9070800@gmail.com> Message-ID: <521DA33B.20803@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/28/2013 09:08 AM, wkaha at yahoo.com wrote: > Hi Marco > > when running dovecot -a you will find > auth_* > > I think you could you auth_verbose_passwords to fit your needs. thanks. I've already tried this, but it doesn't log the password on successful logins, only when there is password missmatch: from the conf / manual: " # In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. #auth_verbose_passwords = no " any other ideas? :) > > all the best > > > > > On 28.08.2013, at 08:57, Marco Fretz wrote: > >> > Hi everyone, > > I want to use dovecot as a IMAP and POP3 proxy in front of our current > E-Mail hosting server to log the plain text passwords of all successful > logins for migration reasons. Actually I don't need the password to see > in plain text, storing them as SHA256-CRYPT (or something dovecot can > use later for auth) hash in a file or DB would be fine, too. > > I need this for the migration from the current mail server (using > proprietary hashing to store passwords) to a new postfix / dovecot base > mail system. > > I played around with "auth_debug_passwords" and all debug / logging > options I found in the manual. Nothing logs successful login plaintext > passwords. > > Any hint welcome. > > Thanks a lot, > Marco > >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSHaM2AAoJEKxm7Ju3UATuaDcQAIIisd1T999xbuP8fBP19gAV c0/rMGZxy69P2QLp7Y3Lwn6LXXeAiICFWRBtXkoOsVzGXazM+IB6OMr2H3Xa/37v kyO3nfS9+nD3crzPIVM6pQKnDH5ON8Jwr1Y7pufnwb5cvxZzrcB4hZk+dFcLu9eN wwAAB0mRuT1b3gqnX8rtVqqDQPF+vgefrEDEDxysO7fq7I+RlWsbHDKV4porGkd8 3mf+PoQ+QmStgMyVh906taGpainYaARe0O5yoeAO/5/jTOODrzT6vcwv4ffDcp/p NGZUtpomPw9+C4/BXBwPPlYcUNCktaxpVFp5LyBnOLs9WckDZzNpzD0m/HjvFmEI WvgFh3QPK1APTKwsLD1YArfHGqs7/tJRhPDPTI9oO7Y55WP6hJvMNNji0eihDwoG SO7dQkfs/3jIx0AwNN/2M/cT/zBTCPsuqyhAimRMStxR/TYbp9pXxBwAjRv16NS5 NwoL0nXnyPUt+l3deYiYF+wMJG8LVVn11UXTrwEJ7hzIfkiOs9EHKAdKznw74ryl FaqVL3D52cLdYUpfVVj1GaLQT+eIxP9uRbzIKLGzTR6bYWYX4W3YwflicPt9HozH 5H/1eiXXbEu44/h5jbZ2+AAncwsLomBC5fJYRiyZVZcXSozpRFhKkk5q7LSwZtVM WgX/qVgpWSKAsuTPbgtG =C9DH -----END PGP SIGNATURE----- From wkaha at yahoo.com Wed Aug 28 11:36:33 2013 From: wkaha at yahoo.com (wkaha at yahoo.com) Date: Wed, 28 Aug 2013 10:36:33 +0200 Subject: [Dovecot] Log successful login plain text password In-Reply-To: <521DA33B.20803@gmail.com> References: <521D9F71.9070800@gmail.com> <521DA33B.20803@gmail.com> Message-ID: <824AB53F-BB7F-481E-AD3A-B8661376B163@yahoo.com> Maybe you can find a way in this direction http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes all the best On 28.08.2013, at 09:14, Marco Fretz wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 08/28/2013 09:08 AM, wkaha at yahoo.com wrote: >> Hi Marco >> >> when running dovecot -a you will find >> auth_* >> >> I think you could you auth_verbose_passwords to fit your needs. > > thanks. I've already tried this, but it doesn't log the password on > successful logins, only when there is password missmatch: > > from the conf / manual: > " > # In case of password mismatches, log the attempted password. Valid > values are > # no, plain and sha1. sha1 can be useful for detecting brute force password > # attempts vs. user simply trying the same password over and over again. > #auth_verbose_passwords = no > " > > any other ideas? :) > >> >> all the best >> >> >> >> >> On 28.08.2013, at 08:57, Marco Fretz wrote: >> >>> >> Hi everyone, >> >> I want to use dovecot as a IMAP and POP3 proxy in front of our current >> E-Mail hosting server to log the plain text passwords of all successful >> logins for migration reasons. Actually I don't need the password to see >> in plain text, storing them as SHA256-CRYPT (or something dovecot can >> use later for auth) hash in a file or DB would be fine, too. >> >> I need this for the migration from the current mail server (using >> proprietary hashing to store passwords) to a new postfix / dovecot base >> mail system. >> >> I played around with "auth_debug_passwords" and all debug / logging >> options I found in the manual. Nothing logs successful login plaintext >> passwords. >> >> Any hint welcome. >> >> Thanks a lot, >> Marco >> >>> >> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.13 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBAgAGBQJSHaM2AAoJEKxm7Ju3UATuaDcQAIIisd1T999xbuP8fBP19gAV > c0/rMGZxy69P2QLp7Y3Lwn6LXXeAiICFWRBtXkoOsVzGXazM+IB6OMr2H3Xa/37v > kyO3nfS9+nD3crzPIVM6pQKnDH5ON8Jwr1Y7pufnwb5cvxZzrcB4hZk+dFcLu9eN > wwAAB0mRuT1b3gqnX8rtVqqDQPF+vgefrEDEDxysO7fq7I+RlWsbHDKV4porGkd8 > 3mf+PoQ+QmStgMyVh906taGpainYaARe0O5yoeAO/5/jTOODrzT6vcwv4ffDcp/p > NGZUtpomPw9+C4/BXBwPPlYcUNCktaxpVFp5LyBnOLs9WckDZzNpzD0m/HjvFmEI > WvgFh3QPK1APTKwsLD1YArfHGqs7/tJRhPDPTI9oO7Y55WP6hJvMNNji0eihDwoG > SO7dQkfs/3jIx0AwNN/2M/cT/zBTCPsuqyhAimRMStxR/TYbp9pXxBwAjRv16NS5 > NwoL0nXnyPUt+l3deYiYF+wMJG8LVVn11UXTrwEJ7hzIfkiOs9EHKAdKznw74ryl > FaqVL3D52cLdYUpfVVj1GaLQT+eIxP9uRbzIKLGzTR6bYWYX4W3YwflicPt9HozH > 5H/1eiXXbEu44/h5jbZ2+AAncwsLomBC5fJYRiyZVZcXSozpRFhKkk5q7LSwZtVM > WgX/qVgpWSKAsuTPbgtG > =C9DH > -----END PGP SIGNATURE----- > From glance at acc.umu.se Wed Aug 28 11:41:43 2013 From: glance at acc.umu.se (Anton Lundin) Date: Wed, 28 Aug 2013 10:41:43 +0200 Subject: [Dovecot] mailbox_list_index, stops showing new mails in mailboxes Message-ID: <20130828084143.GO21522@acc.umu.se> Hello. I'm having some weird problem with (probably) mailbox_list_index, that it doesn't see new mail in mailboxes. I'm using 2.2.4 over imap and ssh/imap, and after a while dovecot stops noticing new mail in some folders. Its always the same 2-3 folders of about 30. I read something about list-index corruption in 2.2.2, and i thought it was that i was running into earlier, but this problem still occurs. This is dovecot 2.2.4, running on Solaris 10 x86_64 to homedirs on zfs, where procmail is used to deliver mail to mailboxes in mbox-format. I've tried to purge all indexes and let dovecot rebuild them, but the problem reoccurs after a couple of days. How can i help to debug this issue? Should i grab dovecot.list.index when its out-of-sync for debugging? //Anton -- Anton Lundin +46702-161604 From donald.haney at petnetsolutions.com Tue Aug 27 23:11:06 2013 From: donald.haney at petnetsolutions.com (Haney, Donald) Date: Tue, 27 Aug 2013 16:11:06 -0400 Subject: [Dovecot] Install of Dovecot 2.2.5 on Solaris 10/Openssl version 0.9.7d 17 Mar 2004 Message-ID: <9889FD54058A8F43A8C435E8EB19BCA00206083CE3AF@USMLVA0E925MSX.ww017.siemens.net> Greetings! I am attempting to install Dovecot 2.2.5 on Solaris 10 Sparc hardware with openssl version 0.9.7d 17 Mar 2004. I have created a dovecot user and a dove null user, assigned them their own login directories specifying the ksh shell and assigned them to their own groups. I have run the configure command successfully and am having trouble with the make. At first, I received the problem listed below: /bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test -DMODULE_DIR=\""/usr/local/lib/dovecot"\" -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -I/usr/sfw/include -MT iostream-openssl-context.lo -MD -MP -MF .deps/iostream-openssl-context.Tpo -c -o iostream-openssl-context.lo iostream-openssl-context.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test -DMODULE_DIR=\"/usr/local/lib/dovecot\" -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -I/usr/sfw/include -MT iostream-openssl-context.lo -MD -MP -MF .deps/iostream-openssl-context.Tpo -c iostream-openssl-context.c -fPIC -DPIC -o .libs/iostream-openssl-context.o iostream-openssl-context.c: In function `ssl_proxy_ctx_set_crypto_params': iostream-openssl-context.c:451: error: `SSL_OP_SINGLE_ECDH_USE' undeclared (first use in this function) iostream-openssl-context.c:451: error: (Each undeclared identifier is reported only once iostream-openssl-context.c:451: error: for each function it appears in.) I followed directions found in http://hg.dovecot.org/dovecot-2.2/rev/27ebd9552471 to resolve this problem (I believe). I am now seeing the following error: test-http-server.c: In function `main': test-http-server.c:122: error: size of array `type name' is negative *** Error code 1 make: Fatal error: Command failed for target `test-http-server.o' Current working directory /export/home/hanedo00/dovecot-2.2.5/src/lib-http *** Error code 1 The following command caused the error: fail= failcom='exit 1'; \ for f in x $MAKEFLAGS; do \ case $f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ I have not had any luck thus far finding the solution for this error against test-http-server.o. Any assistance would be appreciated. Thanks, Don Haney This message and any attachments are solely for the use of intended recipients. The information contained herein may include trade secrets, protected health or personal information, privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you are not an intended recipient, you are hereby notified that you received this email in error, and that any review, dissemination, distribution or copying of this email and any attachment is strictly prohibited. If you have received this email in error, please contact the sender and delete the message and any attachment from your system. Thank you for your cooperation From laurent at elanor.org Wed Aug 28 13:18:48 2013 From: laurent at elanor.org (Laurent Blume) Date: Wed, 28 Aug 2013 12:18:48 +0200 Subject: [Dovecot] Install of Dovecot 2.2.5 on Solaris 10/Openssl version 0.9.7d 17 Mar 2004 In-Reply-To: <9889FD54058A8F43A8C435E8EB19BCA00206083CE3AF@USMLVA0E925MSX.ww017.siemens.net> References: <9889FD54058A8F43A8C435E8EB19BCA00206083CE3AF@USMLVA0E925MSX.ww017.siemens.net> Message-ID: <521DCE88.2020601@elanor.org> Hello, It's not a direct answer, but have you tried the one on OpenCSW? http://www.opencsw.org/packages/CSWdovecot/ I've switched to it from my own build a while ago, and it works well for me. Cheers, Laurent On 27/08/13 22:11, Haney, Donald wrote: > Greetings! > > I am attempting to install Dovecot 2.2.5 on Solaris 10 Sparc hardware with openssl version 0.9.7d 17 Mar 2004. I have created a dovecot user and a dove null user, assigned them their own login directories specifying the ksh shell and assigned them to their own groups. I have run the configure command successfully and am having trouble with the make. > > At first, I received the problem listed below: > > /bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test -DMODULE_DIR=\""/usr/local/lib/dovecot"\" -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -I/usr/sfw/include -MT iostream-openssl-context.lo -MD -MP -MF .deps/iostream-openssl-context.Tpo -c -o iostream-openssl-context.lo iostream-openssl-context.c > libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test -DMODULE_DIR=\"/usr/local/lib/dovecot\" -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -I/usr/sfw/include -MT iostream-openssl-context.lo -MD -MP -MF .deps/iostream-openssl-context.Tpo -c iostream-openssl-context.c -fPIC -DPIC -o .libs/iostream-openssl-context.o > iostream-openssl-context.c: In function `ssl_proxy_ctx_set_crypto_params': > iostream-openssl-context.c:451: error: `SSL_OP_SINGLE_ECDH_USE' undeclared (first use in this function) > iostream-openssl-context.c:451: error: (Each undeclared identifier is reported only once > iostream-openssl-context.c:451: error: for each function it appears in.) > > I followed directions found in http://hg.dovecot.org/dovecot-2.2/rev/27ebd9552471 to resolve this problem (I believe). > > I am now seeing the following error: > > test-http-server.c: In function `main': > test-http-server.c:122: error: size of array `type name' is negative > *** Error code 1 > make: Fatal error: Command failed for target `test-http-server.o' > Current working directory /export/home/hanedo00/dovecot-2.2.5/src/lib-http > *** Error code 1 > The following command caused the error: > fail= failcom='exit 1'; \ > for f in x $MAKEFLAGS; do \ > case $f in \ > *=* | --[!k]*);; \ > *k*) failcom='fail=yes';; \ > esac; \ > done; \ > dot_seen=no; \ > > I have not had any luck thus far finding the solution for this error against test-http-server.o. Any assistance would be appreciated. > > Thanks, > > Don Haney > > From jorgito1412 at gmail.com Wed Aug 28 20:12:47 2013 From: jorgito1412 at gmail.com (George) Date: Wed, 28 Aug 2013 14:12:47 -0300 Subject: [Dovecot] Disable PAM username change? In-Reply-To: References: Message-ID: Ok, I figured it out. I used the dovecot_delivery transport with Exim. When using the "-d $local_part" option, it does the same userdb lookup that Dovecot itself does later, so the mail gets delivered and is fetched to the right location. Hope this helps. Best regards. On Sat, Aug 24, 2013 at 4:52 AM, George wrote: > Hi! I have a problem involving Samba4, exim4, fetchmail, Dovecot and PAM... > I am using Dovecot 2.1.7 on Debian Wheezy. > > I have setup a "maildrop" machine, which fetches mail from an external > POP3 server for multiple accounts using fetchmail, delivers to local users > mailboxes through exim4 and then serves them on the intranet via IMAP with > Dovecot. > This works great with local unix users, but I am having some trouble to > configure it to work with Samba4 AD users (Samba 4.0.9 running as a DC on > the same machine). > > Basically, I have configured PAM with winbind and it works fine (AD users > can SSH the machine for example). Dovecot also authenticates properly via > PAM, but the problem is that the username gets changed in the process (PAM > returrns the "username" as "DOMAIN\username"): > > Aug 21 22:50:22 dc2 dovecot: auth-worker(5179): Debug: > auth(foo,127.0.0.1): username changed foo -> DOMAIN\foo > Aug 21 22:50:22 dc2 dovecot: auth: Debug: > auth(foo,127.0.0.1,<0bBfg3/kpQB/AAAB>): username changed foo -> DOMAIN\foo > Aug 21 22:50:22 dc2 dovecot: auth: Debug: client out: > OK#0111#011user=DOMAIN\foo > > So the actual problem is that exim4 is delivering the mail to, for > example, "/var/mail/foo" but Dovecot is looking for the mailbox on > "/var/mail/DOMAIN\foo", even if the username given in the IMAP session is > just "foo". The wiki mentionsthat "a PAM module can change the username". Can this be avoided? > > I need either: > * Exim to deliver the mail to the user mailbox, *including* the domain > part (out of scope of this list, but information is welcome), or > * Dovecot to fetch the mail *not* using the domain part as part of the > username variable. > > As a quick and dirty workaround, I hardcoded the domain part in the exim > delivery path (something like "/var/mail/DOMAIN\\$local_part"), but this is > far from optimal since I cannot use both unix users and AD users, I cannot > use dovecot_delivery LDA transport, etc. > > As a bottom line, I also posted this to the Samba list because I believe > this could also be solved if winbind just always returned the username > without the domain when queried (conf option not working, probable bug) > > Ideas are welcome!! > > Best regards, > > Jorge > From ricardomachini at gmail.com Thu Aug 29 00:00:51 2013 From: ricardomachini at gmail.com (Ricardo Machini Barbosa) Date: Wed, 28 Aug 2013 18:00:51 -0300 Subject: [Dovecot] Dovecot proxy to Microsoft Exchange 2013 In-Reply-To: <51C91B58.5040900@gmail.com> References: <51C1F046.9090607@gmail.com> <5905F081-4105-4E17-A868-8B11B31BA550@iki.fi> <1372112521.31839.0.camel@hurina> <51C91B58.5040900@gmail.com> Message-ID: <521E6503.9010901@gmail.com> Hello Timo, I tried to compile this patch again on version 2.2.5 and I got the same error: /imap-proxy.c: In function ?proxy_write_login?:// //imap-proxy.c:95: error: ?struct client? has no member named ?pre_proxy_auth?// //imap-proxy.c: In function ?imap_proxy_parse_line?:// //imap-proxy.c:216: error: ?struct client? has no member named ?proxy_banner?// //imap-proxy.c:287: error: ?struct client? has no member named ?post_proxy_auth?/ Thanks, Ricardo Machini Em 25/06/2013 01:23, Ricardo Machini Barbosa escreveu: > Timo, thanks for your help. > > But I can't compile with this patch: > > /imap-proxy.c: In function ?proxy_write_login?:// > //imap-proxy.c:95: error: ?struct client? has no member named > ?pre_proxy_auth?// > //imap-proxy.c: In function ?imap_proxy_parse_line?:// > //imap-proxy.c:217: error: ?struct client? has no member named > ?proxy_banner?// > //imap-proxy.c:288: error: ?struct client? has no member named > ?post_proxy_auth?/ > > > Em 24/06/2013 19:22, Timo Sirainen escreveu: >> On Mon, 2013-06-24 at 23:40 +0300, Timo Sirainen wrote: >>> Looks like Exchange 2013 IMAP has broken command pipelining :( See if it gets fixed byhttp://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 and the attached patch on top of that? If it works, I'll commit that patch too. >> Attached another patch that doesn't crash on successful logins :) >> > From tss at iki.fi Thu Aug 29 01:44:08 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 29 Aug 2013 01:44:08 +0300 Subject: [Dovecot] Bug in dovecot 2.2.5: segfault due to bad alignment In-Reply-To: <20130821163252.GW618@corcomroe.in-ulm.de> References: <20130821163252.GW618@corcomroe.in-ulm.de> Message-ID: <82039B29-79E0-47B2-84BE-D0AEE2E4ED36@iki.fi> Attached patch fixes this? If yes, I'll commit it. -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: application/octet-stream Size: 2705 bytes Desc: not available URL: -------------- next part -------------- On 21.8.2013, at 19.32, Andreas F. Borchert wrote: > Take a look at the sources, hmac.h declares struct hmac_context: > > struct hmac_context { > char ctx[HMAC_MAX_CONTEXT_SIZE]; > char ctxo[HMAC_MAX_CONTEXT_SIZE]; > const struct hash_method *hash; > }; > > If compiled for a 32 bit virtual address space, this has an alignment > requirement of 4 due to the hash pointer. > > In line 171 of auth-token.c, we have following declaration of ctx > as a local variable in auth_token_get(): > > struct hmac_context ctx; > > This is put on an address with an alignment requirement of 4. In > lines 174 and 175 hmac_init is invoked with hash_method_sha1: > > hmac_init(&ctx, (const unsigned char*)username, strlen(username), > &hash_method_sha1); > > In hmac.c, lines 43 and following, ctx->ctx with an alignment of > 4 is passed to meth->init and meth->loop where meth refers to > hash_method_sha1: > > meth->init(ctx->ctx); > meth->loop(ctx->ctx, k_ipad, 64); > > These functions refer now to sha1_init and sha1_loop where the > first parameter is expected to be a pointer to struct sha1_ctxt, > a data structure which is declared in sha1.h: > > struct sha1_ctxt { > union { > uint8_t b8[20]; > uint32_t b32[5]; > } h; > union { > uint8_t b8[8]; > uint64_t b64[1]; > } c; > union { > uint8_t b8[64]; > uint32_t b32[16]; > } m; > uint8_t count; > }; > > Here we have with b64 one uint64_t which has on a SPARC platform > an alignment requirement of 8. In consequence, struct sha1_ctxt > has an alignment requirement of 8. With the invocations of > meth->init and meth->loop above we pass a pointer to a data > structure of alignment 4 to a function expecting a pointer to > a data structure of alignment 8. Chances are that the alignment > requirement is not met, causing a segmentation violation. > > This must be solved by declaring struct hmac_context such that > is not just big enough but respects also the highest alignment > required for one of the hashing data structures. > > There are several options to do this: > > * Beginning with C11, you are free to use an alignment specifier, > i.e. add _Alignas ( uint64_t ) > (see section 6.7.5 in ISO 9899-2011) > > * GCC supports alignment attributes, > i.e. add __attribute__ ((aligned (8))) > or whatever is required instead of 8, > see http://gcc.gnu.org/onlinedocs/gcc/Variable-Attributes.html > > * Do not use a local variable for it, allocate the data structure > using malloc instead. > > If you want to see a live crash, here is the relevant output of gdb > that debugs ${prefix}/libexec/dovecot/auth. > > Program received signal SIGSEGV, Segmentation fault. > sha1_loop (ctxt=0xffbff63c, input=0xffbff548, len=64) at sha1.c:224 > 224 sha1.c: No such file or directory. > (gdb) where > #0 sha1_loop (ctxt=0xffbff63c, input=0xffbff548, len=64) at sha1.c:224 > #1 0xff2e218c in hmac_init (ctx=ctx at entry=0xffbff63c, > key=key at entry=0x6a698 "borchert", key_len=8, > meth=0x555d0 ) at hmac.c:44 > #2 0x00023310 in auth_token_get (service=service at entry=0x6a648 "imap", > session_pid=0x56071 "26272", username=0x6a698 "borchert", > session_id=0x6a650 "AErv6nbk6gB/AAAB") at auth-token.c:174 > #3 0x00021708 in userdb_callback (result=USERDB_RESULT_OK, request=0x6a530) > at auth-request-handler.c:668 > #4 0x0001f144 in auth_request_userdb_callback (result=, > result at entry=USERDB_RESULT_OK, request=request at entry=0x6a530) > at auth-request.c:1039 > #5 0x000312c8 in prefetch_lookup (auth_request=0x6a530, > callback=0x1f058 ) at userdb-prefetch.c:40 > #6 0x0001f37c in auth_request_lookup_user (request=0x6a530, > callback=callback at entry=0x2150c ) at auth-request.c:1072 > #7 0x00022034 in auth_request_handler_master_request ( > handler=, master=master at entry=0x6b120, id=1292369921, > client_id=1, params=0x55bfc) at auth-request-handler.c:758 > #8 0x0001be98 in master_input_request (args=, conn=0x6b120) > at auth-master-connection.c:127 > #9 auth_master_input_line (line=, conn=0x6b120) > at auth-master-connection.c:598 > #10 master_input (conn=0x6b120) at auth-master-connection.c:653 > #11 0xff2ecca4 in io_loop_call_io (io=io at entry=0x6b398) at ioloop.c:387 > #12 0xff2ed604 in io_loop_handler_run (ioloop=ioloop at entry=0x5e5e8) > at ioloop-poll.c:211 > #13 0xff2ec7a8 in io_loop_run (ioloop=0x5e5e8) at ioloop.c:406 > #14 0xff29ad7c in master_service_run (service=0x5e128, > callback=0x27b40 ) at master-service.c:566 > #15 0x0001852c in main (argc=1, argv=0xffbffd54) at main.c:393 > (gdb) print ctxt > $1 = (struct sha1_ctxt *) 0xffbff63c > > As you can see, ctxt is on a 4-byte boundary, not on an 8-byte boundary. > The crash happens at sha1.c:224 where the 8-byte-alignment is indeed > mandatory on a SPARC architecture: > > ctxt->c.b64[0] += copysiz * 8; > > The environment is Solaris 10 on SPARCv9. The sources have been compiled > using gcc 4.8.0 for 32 bit. > > Andreas. > From jtam.home at gmail.com Thu Aug 29 02:37:48 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Wed, 28 Aug 2013 16:37:48 -0700 (PDT) Subject: [Dovecot] Log successful login plain text password In-Reply-To: References: Message-ID: Marco Fretz writes: > Maybe you can find a way in this direction > > http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes I've sync'd a separate password system by process tracing dovecot's auth process and dumping out the arguments of read() calls for some fixed set of descriptors and piping it into password synching script. A bit of a hack, but it works without having to touch dovecot. Joseph Tam From phillip.odam at nitorgroup.com Thu Aug 29 02:51:48 2013 From: phillip.odam at nitorgroup.com (Phillip Odam) Date: Wed, 28 Aug 2013 19:51:48 -0400 Subject: [Dovecot] Enforcing server cipher list order Message-ID: <521E8D14.2030406@nitorgroup.com> I noticed a similar/same discussion back on Aug 14th titled force ciphers order for clients. However from that thread I can't find quite what I'm after. From my testing of dovecot 2.1.6, by default it appears to honor the clients cipher list order for SSL/TLS connections. I can't find any documentation on dovecot providing a setting like Apache HTTPDs to either honor the client or server cipher list i.e. SSLHonorCipherOrder. Do newer versions (> 2.1.6) of dovecot either make this configurable or force honoring of the servers cipher list order? Or is the cipher selection a function that openssl performs? The version of openssl in use is 1.0.1e-fips. Thanks Phillip From jtam.home at gmail.com Thu Aug 29 03:10:31 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Wed, 28 Aug 2013 17:10:31 -0700 (PDT) Subject: [Dovecot] mailbox_list_index, stops showing new mails in mailboxes In-Reply-To: References: Message-ID: Anton Lundin writes: > I'm using 2.2.4 over imap and ssh/imap, and after a while dovecot > stops noticing new mail in some folders. Its always the same 2-3 > folders of about 30. > ... > This is dovecot 2.2.4, running on Solaris 10 x86_64 to homedirs on zfs, > where procmail is used to deliver mail to mailboxes in mbox-format. What's your procmail recipe for delivering messages? If you're storing it directly to a mbox file, dovecot will never get a chance to see it and update the indices. An example of invoking LDA to store messages :0 Hw * /^From:.*dummy@/ | dovecot-lda -d yourusername -m dummybox # Dump mail into my INBOX using dovecot's LDA :0 w | dovecot-lda -d yourusername Joseph Tam From dovecot at pyropus.ca Thu Aug 29 03:27:14 2013 From: dovecot at pyropus.ca (C. Mills) Date: Wed, 28 Aug 2013 18:27:14 -0600 Subject: [Dovecot] Solved: startup failures "net_listen_unix(...) failed: Invalid argument" Message-ID: <20130829002714.GA14411@pyropus.ca> I ran into this and had a bit of trouble tracking a diagnosis down, so here it is for the archives in case anyone else runs into this. A new installation of dovecot was failing to start, with these messages: $ ./sbin/dovecot Error: service(imap-urlauth): net_listen_unix(.../var/run/dovecot/token-login/imap-urlauth) failed: Invalid argument Error: service(auth): net_listen_unix(.../var/run/dovecot/token-login/tokenlogin) failed: Invalid argument Fatal: Failed to start listeners Some of the other processes seemed to be starting up fine, and they created sockets in the expected dir, but the above two wouldn't. stracing the processes didn't show a lot, but eventually I checked the length of the installation path, and found the above two socket paths were exceeding the maximum path length limit for Unix sockets -- 108 chars on my Linux boxen. I haven't checked SuS or Posix to see what the standards say the actual minimum required size for the maximum path length is -- it might be shorter yet on other systems. Moving the installation to a less deeply nested hierarchy fixed the problem. I hope this saves someone else a headache someday. C. C. -- ----------------------------------------------------------------------- C. Mills ----------------------------------------------------------------------- From vijayrajah at gmail.com Thu Aug 29 08:36:17 2013 From: vijayrajah at gmail.com (Vijay Rajah) Date: Thu, 29 Aug 2013 11:06:17 +0530 Subject: [Dovecot] Issues with dovecot-antipsam plugin Message-ID: Hello list, I have a postfix 2.11 with dovecot 2.2.5 instance. I have configured and installed anavisd-new to use Spamassassin. I want to train the filter. For that i choose dovecot's antispam plugin using mailtrain backend. I compiled and installed the latest version of the antispam plugin from http://hg.dovecot.org/dovecot-antispam-plugin/rev/5ebc6aae4d7c The configuration is below. Whenever I receive an email, the LMTP process segfaults. If I comment out the antispam plugin part in the config files, all works good. THis leads me to believe the issue is with antispam plugin, or its configuration. Here is what i see in /var/log/mailllog Aug 28 23:06:31 hostname.tld postfix/qmgr[1437]: 055F6345E: from=< sender at example.com>, size=10370, nrcpt=1 (queue active) Aug 28 23:06:31 hostname.tld postfix/smtpd[5512]: disconnect from localhost[127.0.0.1] Aug 28 23:06:31 hostname.tld amavis[5369]: (05369-05) Passed SPAM {RelayedTaggedInbound,Quarantined}, [74.125.82.176]:51219 [74.125.82.176] < sender at example.com> -> , quarantine: spam-J09TFNU33sxa.gz, Queue-ID: 3A8093119, Message-ID: < CAMGVk5vH9YzkNFJ3xnWJ0060vpuf1PPzaCHWx71AmGF_qgJTmg at mail.gmail.com>, mail_id: J09TFNU33sxa, Hits: 12.123, size: 9323, queued_as: 055F6345E, dkim_sd=20120113:gmail.com, 606 ms Aug 28 23:06:31 hostname.tld postfix/lmtp[5510]: 3A8093119: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=1.6, delays=0.94/0/0/0.61, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 055F6345E) Aug 28 23:06:31 hostname.tld postfix/qmgr[1437]: 3A8093119: removed Aug 28 23:06:31 hostname.tld dovecot: lmtp(5514): Connect from local Aug 28 23:06:31 hostname.tld dovecot: lmtp(5514): Fatal: master: service(lmtp): child 5514 killed with signal 11 (core dumps disabled) Aug 28 23:06:31 hostname.tld postfix/lmtp[5513]: 055F6345E: to=, relay=hostname.tld[/opt/var/postfix/dovecot-lmtp], delay=0.09, delays=0.04/0/0.04/0, dsn=4.4.2, status=deferred (lost connection with hostname.tld[/opt/var/postfix/dovecot-lmtp] while sending end of data -- message may be sent more than once) Can someone help in fixing the issue? -Thanks in advance Vijay ######doveconf -n # 2.2.5: /opt/dovecot/2.2.5/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.14.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) ext4 auth_mechanisms = plain login digest-md5 cram-md5 auth_socket_path = /opt/var/dovecot/run/auth-userdb base_dir = /opt/var/dovecot/run/ debug_log_path = /var/log/dovecot-debug.log hostname = mail1 at rvijay.me mail_debug = yes mail_location = maildir:/opt/mailbox/%d/%n/Maildir mail_plugin_dir = /opt/dovecot/2.2.5/lib/dovecot/ mail_plugins = " virtual quota antispam zlib" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /opt/dovecot/2.2.5/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { antispam_allow_append_to_spam = no antispam_backend = mailtrain antispam_mail_notspam = --ham antispam_mail_sendmail = /opt/dovecot/2.2.5/bin/sa-learn-pipe.sh antispam_mail_sendmail_args = -u vmail antispam_mail_spam = --spam antispam_mail_tmpdir = /tmp antispam_spam = Spam antispam_trash = Trash mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = maildir:User quota quota_grace = 10%% quota_rule = *:storage=1GB quota_rule2 = Trash:storage=+10%% quota_rule3 = Spam:storage=+20%% quota_status_nouser = DUNNO quota_status_overquota = 450 4.2.2 Mailbox is full. Try again later quota_status_success = DUNNO quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u quota_warning3 = -storage=100%% quota-warning below %u sieve = ~/.dovecot.sieve sieve_before = /opt/var/dovecot/sieve/ sieve_dir = ~/sieve sieve_global_dir = /opt/var/dovecot/sieve zlib_save = bz2 zlib_save_level = 9 } protocols = imap lmtp sieve service auth { unix_listener /opt/var/postfix/dovecot-auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { port = 143 } } service lmtp { unix_listener /opt/var/postfix/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 10 vsz_limit = 64 M } service managesieve { process_limit = 1024 } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12340 } } service quota-warning { executable = script /opt/dovecot/2.2.5/etc/dovecot/conf.d/quota-warning.sh user = vmail } shutdown_clients = no ssl_ca = References: Message-ID: <20130829071014.GQ21522@acc.umu.se> On 28 August, 2013 - Joseph Tam wrote: > Anton Lundin writes: > > >I'm using 2.2.4 over imap and ssh/imap, and after a while dovecot > >stops noticing new mail in some folders. Its always the same 2-3 > >folders of about 30. > >... > >This is dovecot 2.2.4, running on Solaris 10 x86_64 to homedirs on zfs, > >where procmail is used to deliver mail to mailboxes in mbox-format. > > What's your procmail recipe for delivering messages? If you're storing > it directly to a mbox file, dovecot will never get a chance to see it > and update the indices. > We let procmail deliver mail straight to the mbox file. Usualy dovecot picks up the change and reads the mailbox, probably by checking timestamps. It used to work just fine before i turned mailbox_list_index on. Is using dovecot-lda a prerequisite for using mailbox_list_index? //Anton -- Anton Lundin +46702-161604 From lists at wildgooses.com Thu Aug 29 11:20:59 2013 From: lists at wildgooses.com (Ed W) Date: Thu, 29 Aug 2013 09:20:59 +0100 Subject: [Dovecot] Dovecot Dsync In-Reply-To: <521C693C.40408@list-subs.com> References: <52139202.8090109@mail-subs.com> <521397D9.5000102@sys4.de> <5213E98E.8040003@mail-subs.com> <521750A4.9040908@wildgooses.com> <521C693C.40408@list-subs.com> Message-ID: <521F046B.901@wildgooses.com> On 27/08/2013 09:54, Ben wrote: > On 23/08/2013 13:08, Ed W wrote: >> Hi >> >>> I'm on an Ubuntu LTS release so the dovecot came from their release. >>> I'd prefer to stay that way unless I really have to... >> >> Everyone is entitled to their own opinions, but "IMHO" this kind of >> attitude is a huge detriment to most software projects. I see very >> little reason to take such policies personally... >> >> 1) I use virtualisation (especially lightweight virtualisation such as >> vservers) so that each service is in its own container. Now if I have no >> interest in some container and want to let it rot (ie as per LTS), then >> I can just do so. >> 2) I use a fast moving rolling distro (gentoo in my case, Arch is >> probably a good choice also) so that I have the option to stay up to >> date when I want to >> >> The end result is you can be as up to date as you want, or let things >> rot, as you please. >> >> Unfortunately if you want to use a very old bit of software, then you >> also get to keep all it's bugs... Sorry. >> >> Good luck! Hope this inspires you to try a different route! >> >> Ed W > > Whilst to some degree I appreciate where you're coming from and agree > with you to a certain extent, I would caution that following the > bleeding edge, always running the latest versions is not without risk > or bugs either ! OK, but virtualisation also helps you mitigate this: - I setup my "containers" so that I have at least two mount points, one for the operating system and any data broken out into it's own mount. - This makes it quite simple to duplicate the container and spin up a test version pointing if required at the live data - Now you can run a test upgrade on the test container. If it works either swap them around or upgrade the original Additionally: - My choice of distro (gentoo) makes it fairly simple to build binary packages of the software I'm using. - I then use these binary packages on all my containers, additionally with guided profiles which control which packages and which options we deploy. - It's fairly simple to roll back most packages to the previous binary version if a problem is detected (logging of package changes is built-in) So it's quite low risk to use such a rolling distro in general. Note, I can't speak for other distros, but gentoo "stable" is fairly conservative and shouldn't be a problem for an experienced admin to keep up to date. It has the option to unmask "bleeding edge" packages where necessary and this can be useful to hit specific version numbers of software. It's also pretty trivial to keep a private repo of customised packages (ebuilds) with either personal patches or to pin certain versions of software. (So for example if you run, say, Dovecot with a few custom patches, then it's fairly trivial to drop these patches in a directory and now you can use the package manager to follow stable builds, but your custom patches will be rolled in for you with each update - can be very handy for some requirements) I don't have the same experience with RPM/DEB so I can't say that all the same is easy to do, but the key thing is the use of containers/virtualisation to assist with testing and upgrades. Even worst case you have to do a whole OS upgrade, at least if you can do that in a test container while the live remains running, is a big advantage Good luck Ed W From christian.wiese at securepoint.de Thu Aug 29 17:38:29 2013 From: christian.wiese at securepoint.de (Christian Wiese) Date: Thu, 29 Aug 2013 16:38:29 +0200 Subject: [Dovecot] 2.2.4 + metadata plugin: autoconf failed In-Reply-To: <20130722125620.GA15492@spider.services.datevnet.de> References: <20130722125620.GA15492@spider.services.datevnet.de> Message-ID: <20130829163829.646ffe45@pccw> Hi Andreas, sorry to hear that you didn't had much luck so far to solve the issue. I just tested to run the supplied autogen.sh on a freshly checked out metadata plugin tree, and had no issues. Somehow it seems to me that you might miss some important development files like some 3rd party .m4 files defining certain macros for autoconf. Can you please tell me the versions of autoconf, automake, m4, libtool you are using and paste me the output of following commands? Please provide the information for the debian host where it actually builds and for one of the other hosts where it fails to build. ---------------------------------------------------------------------- grep -rn "AC_PROG_CC_C99" /usr/share/auto* ---------------------------------------------------------------------- that particular macro should be found in something like /usr/share/autoconf/autoconf/c.m4 ---------------------------------------------------------------------- find /usr/share/ -name "dovecot.m4" ---------------------------------------------------------------------- Actually I am nearly sure that you are missing the 'dovecot.m4' file, which is installed at '/usr/share/aclocal/dovecot.m4' on my test host. I bet the debian host is having the 'dovecot.m4' installed and the others don't have it, because after renaming the 'dovecot.m4' here I ran into the very same issue you have ;) ---------------------------------------------------------------------- bash-4.2# mv /usr/share/aclocal/dovecot.m4{,.orig} bash-4.2# ./autogen.sh + creating m4/ ... + running autoreconf ... libtoolize: putting auxiliary files in `.'. libtoolize: copying file `./ltmain.sh' libtoolize: putting macros in AC_CONFIG_MACRO_DIR, `m4'. libtoolize: copying file `m4/libtool.m4' libtoolize: copying file `m4/ltoptions.m4' libtoolize: copying file `m4/ltsugar.m4' libtoolize: copying file `m4/ltversion.m4' libtoolize: copying file `m4/lt~obsolete.m4' src/Makefile.am:33: DOVECOT_PLUGIN_DEPS does not appear in AM_CONDITIONAL src/Makefile.am:41: DOVECOT_PLUGIN_DEPS does not appear in AM_CONDITIONAL src/Makefile.am:10: `dovecot_pkglib_LTLIBRARIES' is used but `dovecot_pkglibdir' is undefined src/Makefile.am:13: variable `libdovecot_metadata_la_SOURCES' is defined but no program or src/Makefile.am:13: library has `libdovecot_metadata_la' as canonical name (possible typo) autoreconf: automake failed with exit status: 1 ---------------------------------------------------------------------- So now we only need to find why the file was not installed on your "failing hosts". How did you compiled and installed dovecot on those? As I am compiling/installing dovecot from sources using the provided autotools infrastructure which seems to install the needed 'dovecot.m4', I suppose you ran into an issue with the (S)RPMs provided for your SLES version. For example it is simply not installing the file because RPM is such a "marvelous" packaging system forcing package maintainers to specify what to install instead of simply relying on the way provided by the author to simply run 'make install'. Another reason could be that you simply missed to install the 'dovecot-devel' package, which should install the 'dovecot.m4'. At least in the case of Fedora that seems to be the case. http://pkgs.fedoraproject.org/cgit/dovecot.git/tree/dovecot.spec#n444 Cheers Chris On Mon, 22 Jul 2013 14:56:20 +0200 Andreas Schulze wrote: > Hello, > > I can compile metadata plugin using debian squeeze + wheezy. > But build on suse enterprise server 9,10 and 11 failed. > > The metadata plugin require autoconf-2.65 which i too new. > On the other side I can build the dovecot-2.2.4 and pigeonhole-0.4.0 > plugin without problems: dovecot require autoconf-2.59 and pigeonhole > does not require any specific autoconf version. > > I asked the authors of the plugin for support but got no response. > Maybe somebody could review the plugin. > > Thanks > Andreas > From i.thierack at iwt-promotion.com Thu Aug 29 20:57:55 2013 From: i.thierack at iwt-promotion.com (Ingo Thierack) Date: Thu, 29 Aug 2013 19:57:55 +0200 Subject: [Dovecot] Pigeonhole Sieve - sent message to xmpp account Message-ID: <521F8BA3.6000707@iwt-promotion.com> Hello, does someone know, how far the implementation of enotify - xmpp is. Would be nice to push notifications to an jabber account for specific filtered mails. Regards, Ingo From stephan at rename-it.nl Thu Aug 29 21:02:17 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 29 Aug 2013 20:02:17 +0200 Subject: [Dovecot] Sieve vacation reply problem (Dovecot+Sieve/Sendmail/Horde) In-Reply-To: References: Message-ID: <521F8CA9.1090709@rename-it.nl> On 8/21/2013 7:51 PM, megodin at inboxalias.com wrote: > [mail.err] dovecot: lda(exampleuser): Error: sieve: original envelope recipient address 'exampleuser at dovecot_localhost' is unparsable > This is the core of your problem. The '_' is not an allowed character according to the SMTP `Domain' syntax (https://tools.ietf.org/html/rfc5321#section-4.1.2). The current implementation of Pigeonhole follows that quite strictly for parsing envelope addresses. I think I'll make this a bit more lenient in the future, since you're not the first to complain about things like this (e.g. space characters in unquoted local part). Regards, Stephan. From vendor at billoblog.com Fri Aug 30 00:17:55 2013 From: vendor at billoblog.com (Bill Oliver) Date: Thu, 29 Aug 2013 16:17:55 -0500 (EST) Subject: [Dovecot] Bizarre permissions problem Message-ID: Help! I have been using dovecot for some years with great success. A little while ago, I changed my mail server from Fedora to CentOS linux. I reinstalled dovecot, and *almost* everything seems to be working, but one thing. There's *one* user I can't get it to work on without a workaround. The user is "newuser" and the uid is 1111 (actual name and number changed to protect the innocent). The error I get in my maillog is: The error I get in may maillog is: Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: chown(/home/newuser/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=1111(newuser), group based on /var/mail/newuser) Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: mkdir(/home/newuser/mail/.imap/INBOX) failed: Operation not permitted Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: chown(/home/newuser/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=1111(newuser), group based on /var/mail/newuser) Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: mkdir(/home/newuser/mail/.imap/INBOX) failed: Operation not permitted Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: chown(/home/newuser/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=1111(newuser), group based on /var/mail/newuser) Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: mkdir(/home/newuser/mail/.imap/INBOX) failed: Operation not permitted Aug 29 16:02:11 localbox dovecot: imap(newuser): Disconnected: Logged out bytes=108/669 Now, it looks to me like dovecot is saying that the user newuser can't get to the /home/newuser/mail/.imap directory because it doesn't have permission. However, the user newuser has all the permissions it needs: $ ls -la /home/newuser/mail total 20 drwxrw---- 3 newuser newuser 4096 Aug 29 15:01 . drwxrw---- 6 newuser newuser 4096 Aug 29 12:16 .. drwxrwx--- 2 newuser newuser 4096 Aug 29 16:05 .imap -rw-rw---- 1 newuser newuser 499 Aug 13 07:56 saved-messages -rw-rw---- 1 newuser newuser 1756 Aug 16 11:15 sent-mail newuser has the correct uid (1111) in /etc/dovecot/users newuser *is* the correct uid for that user, i.e.: $ id -u newuser 1111 the password is correct Both my web mail package (roundcube) and my android fail. Both work fine with all other accounts that are set up for imap services. The workaround, it turns out, is that if I make the directory /home/newuser/.imap/INBOX by hand as the user newuser, then things work. So, things seem to be working. However, I just don't understand why *this* user is having problems when none of the others are... The only thing that sets this user apart from any of the others is that it has administration privileges for the roundcube mailer MySQL database. Any explanations? Thanks! billo From matt at the-wyvern.net Fri Aug 30 00:20:08 2013 From: matt at the-wyvern.net (Matt Devaney) Date: Thu, 29 Aug 2013 22:20:08 +0100 Subject: [Dovecot] Received header only showing localhost In-Reply-To: <008601cea27c$65eba6f0$31c2f4d0$@the-wyvern.net> References: <008601cea27c$65eba6f0$31c2f4d0$@the-wyvern.net> Message-ID: <00d701cea4fd$8a061a60$9e124f20$@the-wyvern.net> Apologies for giving this a gentle nudge, but still confused as to where the headers are going / what's causing them to be removed and hoping someone may have some insight. Thanks, Matt -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Matt Devaney Sent: 26 August 2013 17:51 To: dovecot at dovecot.org Subject: [Dovecot] Received header only showing localhost Hi all, I?m a new dovecot user and a first-time poster so please forgive me if this is a stupid question, or even (as I suspect it might be) not really a Dovecot question. My system is the fairly typical mix of postfix, amavis-new, and Dovecot. For some reason I?ve noticed that when I look at the mail headers for delivered messages the Received header is missing the detail of any external servers that the mail went through, and additionally the tag appears twice; for example the ?Welcome to the dovecot mailing list? email has: Received:?from localhost (localhost [127.0.0.1]) ????by droplet.the-wyvern.net (Postfix) with ESMTP id DDDD163F73 ????for ; Mon, 26 Aug 2013 16:40:19 +0000 (UTC) Received:?from droplet.the-wyvern.net ([127.0.0.1]) ????by localhost (droplet.the-wyvern.net [127.0.0.1]) (amavisd-new, port 10024) ????with ESMTP id 6AFMiG0TAHUv for ; ????Mon, 26 Aug 2013 16:40:17 +0000 (UTC) Searching through the dovecot.markmail archive I can see this doesn?t seem to be too unusual in that there are other examples where folk have posted message headers with the above format, however I?m wondering if there?s a good reason for it and if I can turn it off? I quite like being able to see where my mail came from :) If there?s a man / wiki page to read somewhere that explains it then please feel free to tell me to RTM (.. long as you also point me in the right direction :p ) Thanks, Matt From professa at dementianati.com Fri Aug 30 00:47:22 2013 From: professa at dementianati.com (Professa Dementia) Date: Thu, 29 Aug 2013 14:47:22 -0700 Subject: [Dovecot] Bizarre permissions problem In-Reply-To: References: Message-ID: <521FC16A.4070505@dementianati.com> On 8/29/2013 2:17 PM, Bill Oliver wrote: > > Help! > > The user is "newuser" and the uid is 1111 (actual name and > number changed to protect the innocent). Since you gave a fake UID, and no GID it is hard to tell. When posting, you can change the username, but leave the UID as is. If that number is so critically sensitive, then you should probably not ask your question in a public forum and instead seek assistance via more private communications. Special UIDs- Is the actual UID below a threshold so that the system thinks it is a system or admin user, subject to different restrictions? These thresholds vary, but 1000, 500 and 100 are common. SELinux- Are you running the SELinux extensions which would impose additional restrictions? ACLs- Do you have ACLs (filesystem or Dovecot) that would affect this user differently? Groups- You stated that the user is a Roundcube admin. Is the user in the same group as the rest of your normal mail users or a special group for the Roundcube functions? Do you need to manually add the user to the group for regular mail users? What are the group settings on your directories? Could it be the group permissions that is giving access to most users? Dem From vendor at billoblog.com Fri Aug 30 00:51:07 2013 From: vendor at billoblog.com (Bill Oliver) Date: Thu, 29 Aug 2013 16:51:07 -0500 (EST) Subject: [Dovecot] Received header only showing localhost In-Reply-To: <00d701cea4fd$8a061a60$9e124f20$@the-wyvern.net> References: <008601cea27c$65eba6f0$31c2f4d0$@the-wyvern.net> <00d701cea4fd$8a061a60$9e124f20$@the-wyvern.net> Message-ID: On Thu, 29 Aug 2013, Matt Devaney wrote: > Apologies for giving this a gentle nudge, but still confused as to where the > headers are going / what's causing them to be removed and hoping someone may > have some insight. > > Thanks, > Matt > I don't know why the mailserver at wyvern.net is stripping stuff, but the reason the two at the top of the list are localhost and the name of the local box is that you have your mailserver set up that way. Mine is the same way. I'm a sendmail guy, not a postfix guy, but notice what happens when I walk through the handshake when sending mail. In this case I'm logged on to my mailserver (hope.billoblog.com) and am sending mail. What does my mailserver do? It talks to itself -- as localhost! See below: /usr/lib/sendmail -v oliver at billoblog.com < /dev/null oliver at billoblog.com... Connecting to [127.0.0.1] via relay... 220 hope.billoblog.com ESMTP Sendmail 8.14.4/8.14.4; Thu, 29 Aug 2013 16:31:50 -0500 >>> EHLO hope.billoblog.com 250-hope.billoblog.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN 250-STARTTLS 250-DELIVERBY 250 HELP >>> STARTTLS 220 2.0.0 Ready to start TLS >>> EHLO hope.billoblog.com 250-hope.billoblog.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN 250-DELIVERBY 250 HELP >>> MAIL From: AUTH=vendor at hope.billoblog.com 250 2.1.0 ... Sender ok >>> RCPT To: >>> DATA 250 2.1.5 ... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 r7TLVont002782 Message accepted for delivery oliver at billoblog.com... Sent (r7TLVont002782 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 hope.billoblog.com closing connection For me as a sendmail user, the reason it does this (as far as I can tell) is that localhost appears before hope.billoblog.com in the file /etc/access. My /etc/access file looks like: Connect:localhost.localdomain RELAY Connect:localhost RELAY Connect:127.0.0.1 RELAY Connect:billoblog.com RELAY If I change that to: Connect:localhost.localdomain DISCARD Connect:localhost DISCARD Connect:127.0.0.1 DISCARD Connect:billoblog.com RELAY Then my handshake looks like this. Note that localhost has dropped from the picture. /usr/lib/sendmail -v oliver at billoblog.com < /dev/null oliver at billoblog.com... Connecting to [127.0.0.1] via relay... 220 hope.billoblog.com ESMTP Sendmail 8.14.4/8.14.4; Thu, 29 Aug 2013 16:49:06 -0500 >>> EHLO hope.billoblog.com 250-hope.billoblog.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN 250-STARTTLS 250-DELIVERBY 250 HELP >>> STARTTLS 220 2.0.0 Ready to start TLS >>> EHLO hope.billoblog.com 250-hope.billoblog.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN 250-DELIVERBY 250 HELP >>> MAIL From: AUTH=oliver at hope.billoblog.com 250 2.1.0 ... Sender ok >>> RCPT To: >>> DATA 250 2.1.5 ... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 r7TLn6q4002959 Message accepted for delivery oliver at billoblog.com... Sent (r7TLn6q4002959 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 hope.billoblog.com closing connection From vendor at billoblog.com Fri Aug 30 01:01:11 2013 From: vendor at billoblog.com (Bill Oliver) Date: Thu, 29 Aug 2013 17:01:11 -0500 (EST) Subject: [Dovecot] Received header only showing localhost In-Reply-To: References: <008601cea27c$65eba6f0$31c2f4d0$@the-wyvern.net> <00d701cea4fd$8a061a60$9e124f20$@the-wyvern.net> Message-ID: On Thu, 29 Aug 2013, Bill Oliver wrote: > nonsense Sorry, belay that -- I misread my own output. Doh. Headsmack. I thought I had fixed that issue but did not. billo From lpmusix at gmail.com Fri Aug 30 02:17:15 2013 From: lpmusix at gmail.com (Daniel Ballenger) Date: Thu, 29 Aug 2013 16:17:15 -0700 Subject: [Dovecot] Pigeonhole Sieve - sent message to xmpp account In-Reply-To: <521F8BA3.6000707@iwt-promotion.com> References: <521F8BA3.6000707@iwt-promotion.com> Message-ID: Looks like you can use the extprograms plugin: http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extprograms http://hg.rename-it.nl/pigeonhole-0.3-sieve-extprograms/raw-file/tip/doc/rfc/spec-bosch-sieve-extprograms.txt On Thu, Aug 29, 2013 at 10:57 AM, Ingo Thierack < i.thierack at iwt-promotion.com> wrote: > Hello, > > does someone know, how far the implementation of enotify - xmpp is. > Would be nice to push notifications to an jabber account for specific > filtered mails. > > Regards, > Ingo > -- Daniel Ballenger http://denetron.com Sr. Systems Engineer - Denetron LLC From marco.fretz at gmail.com Fri Aug 30 09:31:08 2013 From: marco.fretz at gmail.com (Marco Fretz) Date: Fri, 30 Aug 2013 08:31:08 +0200 Subject: [Dovecot] Log successful login plain text password In-Reply-To: <824AB53F-BB7F-481E-AD3A-B8661376B163@yahoo.com> References: <521D9F71.9070800@gmail.com> <521DA33B.20803@gmail.com> <824AB53F-BB7F-481E-AD3A-B8661376B163@yahoo.com> Message-ID: <52203C2C.2070002@gmail.com> On 08/28/2013 10:36 AM, wkaha at yahoo.com wrote: > Maybe you can find a way in this direction > > http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes This looks interesting. Looks like I could automate also a lot of other stuff this way, e.g. imap syncing accounts to new server, etc. I found out that "auth_debug_passwords=yes" does log passwords (also successful logins) in proxy mode. But it does not in normal imap/pop server mode, or I did something wrong... It logs something like this: Aug 28 11:13:03 barney dovecot: auth: Debug: client out: OK#0111#011user=marco at example.com#011host=imap.example.com#011nologin#011proxy#011pass=CLEARPASWORD where CLEARPASWORD is the plain text password.that's pretty much what I need. but using some postlogin script might be the more beautiful way... thanks you all for the responses. > > all the best > > > On 28.08.2013, at 09:14, Marco Fretz wrote: > >> > On 08/28/2013 09:08 AM, wkaha at yahoo.com wrote: > >>> Hi Marco > >>> > >>> when running dovecot -a you will find > >>> auth_* > >>> > >>> I think you could you auth_verbose_passwords to fit your needs. > > thanks. I've already tried this, but it doesn't log the password on > successful logins, only when there is password missmatch: > > from the conf / manual: > " > # In case of password mismatches, log the attempted password. Valid > values are > # no, plain and sha1. sha1 can be useful for detecting brute force > password > # attempts vs. user simply trying the same password over and over again. > #auth_verbose_passwords = no > " > > any other ideas? :) > > >>> > >>> all the best > >>> > >>> > >>> > >>> > >>> On 28.08.2013, at 08:57, Marco Fretz wrote: > >>> > >>>> > >>> Hi everyone, > >>> > >>> I want to use dovecot as a IMAP and POP3 proxy in front of our current > >>> E-Mail hosting server to log the plain text passwords of all > successful > >>> logins for migration reasons. Actually I don't need the password > to see > >>> in plain text, storing them as SHA256-CRYPT (or something dovecot can > >>> use later for auth) hash in a file or DB would be fine, too. > >>> > >>> I need this for the migration from the current mail server (using > >>> proprietary hashing to store passwords) to a new postfix / dovecot > base > >>> mail system. > >>> > >>> I played around with "auth_debug_passwords" and all debug / logging > >>> options I found in the manual. Nothing logs successful login plaintext > >>> passwords. > >>> > >>> Any hint welcome. > >>> > >>> Thanks a lot, > >>> Marco > >>> > >>>> > >>> > >> > From srf at sanger.ac.uk Fri Aug 30 11:49:02 2013 From: srf at sanger.ac.uk (Simon Fraser) Date: Fri, 30 Aug 2013 09:49:02 +0100 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <1376910508.32032.13.camel@ubu101751> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> <1375950077.5211.18.camel@ubu101751> <1376910508.32032.13.camel@ubu101751> Message-ID: <1377852542.30210.0.camel@ubu101751> On Mon, 2013-08-19 at 12:08 +0100, Simon Fraser wrote: > Are there any more tests I can run for this? I've tried an ssh-based replication configuration, and still experience the same symptoms. Going through a director proxy also doesn't help (as expected, that one, since I was already only connecting to one of the servers) Simon. > On Thu, 2013-08-08 at 09:21 +0100, Simon Fraser wrote: > > On Tue, 2013-08-06 at 19:15 +0300, Timo Sirainen wrote: > > > > > > Presumably it's thinking the "-r /tmp/dsync-rawlog" is a mail location? > > > > I've tried changing its location in the appends, but it doesn't make a > > > > difference. > > > > > > Oops, I messed up the parameter order. It was supposed to have -s state but now it had -s -r rawlog state. New patch should work better. > > > > I ran two tests: one using 'doveadm expunge' and one deleting the > > message using mutt. Since the hosts mentioned so far have a copy of my > > full mailbox on, I re-ran the tests (with the same results) on a test > > server with a fresh mailbox on, so there was no extra folder > > synchronisation in there to fill up the rawlog. > > > > Those log entries are too big for the mailing list (70k+), so are here: > > > > 'doveadm expunge' dsync-rawlog node A > > http://pastebin.com/LtUnENPv > > > > 'doveadm expunge' dsync-rawlog node B > > http://pastebin.com/QaWLyZq2 > > > > imap expunge dsync-rawlog node A > > http://pastebin.com/SuFdWn0w > > > > imap expunge dsync-rawlog node B > > http://pastebin.com/Ex66s7hq > > > > Mail logs on both contain entries like this: > > Aug 6 18:04:37 dcot2a dovecot: master: Dovecot v2.2.5 starting up (core > > dumps disabled) > > Aug 6 18:04:38 dcot2a dovecot: doveadm: Error: Don't give mail location > > with -d parameter > > > > Simon. > > > > > > > > > > > -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From wkaha at yahoo.com Fri Aug 30 14:12:46 2013 From: wkaha at yahoo.com (wkaha at yahoo.com) Date: Fri, 30 Aug 2013 13:12:46 +0200 Subject: [Dovecot] Log successful login plain text password In-Reply-To: <52203C2C.2070002@gmail.com> References: <521D9F71.9070800@gmail.com> <521DA33B.20803@gmail.com> <824AB53F-BB7F-481E-AD3A-B8661376B163@yahoo.com> <52203C2C.2070002@gmail.com> Message-ID: <965EC135-55B3-41D0-B45A-636C241DF2AA@yahoo.com> Cool. I tried doing the same. I've installed a proxy with the smallest possible setting ----dovecot.conf---------------------------- protocols = imap ssl = no mail_uid = dovenull mail_gid = dovenull first_valid_uid = 143 first_valid_gid = 143 auth_mechanisms = plain login auth_debug_passwords=yes mail_location=imapc:~/imapc mail_home = /home/%u imapc_host = server.name.com imapc_port = 143 passdb { args = host=server.name.com default_fields = userdb_imapc_user=%u userdb_imapc_password=%w driver=imap } userdb { driver = prefetch } ------------------------------------- and the result in my logs was ---- Aug 30 15:06:23 free92 dovecot: auth: Debug: master userdb out: USER 12341234124 username at server.name.com imapc_user=username at servername.com imapc_password=ClearPassword auth_token=***some token*** ---- that's nice for migrating servers. all the best On 30.08.2013, at 08:31, Marco Fretz wrote: > On 08/28/2013 10:36 AM, wkaha at yahoo.com wrote: >> Maybe you can find a way in this direction >> >> http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes > > This looks interesting. Looks like I could automate also a lot of other > stuff this way, e.g. imap syncing accounts to new server, etc. > > I found out that "auth_debug_passwords=yes" does log passwords (also > successful logins) in proxy mode. But it does not in normal imap/pop > server mode, or I did something wrong... > > It logs something like this: > Aug 28 11:13:03 barney dovecot: auth: Debug: client out: > OK#0111#011user=marco at example.com#011host=imap.example.com#011nologin#011proxy#011pass=CLEARPASWORD > > where CLEARPASWORD is the plain text password.that's pretty much what I > need. but using some postlogin script might be the more beautiful way... > > thanks you all for the responses. > >> >> all the best >> >> >> On 28.08.2013, at 09:14, Marco Fretz wrote: >> >>> >> On 08/28/2013 09:08 AM, wkaha at yahoo.com wrote: >>>>> Hi Marco >>>>> >>>>> when running dovecot -a you will find >>>>> auth_* >>>>> >>>>> I think you could you auth_verbose_passwords to fit your needs. >> >> thanks. I've already tried this, but it doesn't log the password on >> successful logins, only when there is password missmatch: >> >> from the conf / manual: >> " >> # In case of password mismatches, log the attempted password. Valid >> values are >> # no, plain and sha1. sha1 can be useful for detecting brute force >> password >> # attempts vs. user simply trying the same password over and over again. >> #auth_verbose_passwords = no >> " >> >> any other ideas? :) >> >>>>> >>>>> all the best >>>>> >>>>> >>>>> >>>>> >>>>> On 28.08.2013, at 08:57, Marco Fretz wrote: >>>>> >>>>>> >>>>> Hi everyone, >>>>> >>>>> I want to use dovecot as a IMAP and POP3 proxy in front of our current >>>>> E-Mail hosting server to log the plain text passwords of all >> successful >>>>> logins for migration reasons. Actually I don't need the password >> to see >>>>> in plain text, storing them as SHA256-CRYPT (or something dovecot can >>>>> use later for auth) hash in a file or DB would be fine, too. >>>>> >>>>> I need this for the migration from the current mail server (using >>>>> proprietary hashing to store passwords) to a new postfix / dovecot >> base >>>>> mail system. >>>>> >>>>> I played around with "auth_debug_passwords" and all debug / logging >>>>> options I found in the manual. Nothing logs successful login plaintext >>>>> passwords. >>>>> >>>>> Any hint welcome. >>>>> >>>>> Thanks a lot, >>>>> Marco From tss at iki.fi Fri Aug 30 17:14:36 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 30 Aug 2013 17:14:36 +0300 Subject: [Dovecot] kqueue bug? Message-ID: Apparently Dovecot with kqueue ioloop enabled causes random crashes in FreeBSD 9.1. Anyone else noticed something like that? I'm wondering if Dovecot's kqueue code has a bug somewhere (I can't find it) or could it be that FreeBSD itself has a bug? Anyway it seems to be returning events for filters that have already been removed. From pbraun at nethence.com Fri Aug 30 17:22:58 2013 From: pbraun at nethence.com (Pierre-Philipp Braun) Date: Fri, 30 Aug 2013 16:22:58 +0200 Subject: [Dovecot] local AND virtual mail locations ? In-Reply-To: <521B7E1C.90002@nethence.com> References: <521B4F2E.9070908@nethence.com> <20130826131702.GJ13717@harrier.slackbuilds.org> <521B7E1C.90002@nethence.com> Message-ID: <5220AAC2.4080605@nethence.com> Since I've got no answer since my previous message about that, I suppose it isn't that trivial to serve both, local and virtual users at the same time with Dovecot. I think I'll use two separate servers. Thanks for the hints, anyway. P.Ph From rob0 at gmx.co.uk Fri Aug 30 18:11:55 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Fri, 30 Aug 2013 10:11:55 -0500 Subject: [Dovecot] local AND virtual mail locations ? In-Reply-To: <521B7E1C.90002@nethence.com> References: <521B4F2E.9070908@nethence.com> <20130826131702.GJ13717@harrier.slackbuilds.org> <521B7E1C.90002@nethence.com> Message-ID: <20130830151155.GX13717@harrier.slackbuilds.org> You posted today that it must not be possible to serve both virtual and system users on a single Dovecot instance. This is wrong. On Mon, Aug 26, 2013 at 06:11:08PM +0200, Pierre-Philipp Braun wrote: > Quoting /dev/rob0 26/08/2013 15:17, > >>mail_location: mbox:~/mail/:INBOX=/var/mail/%u > >>mail_location: > >>mbox:/var/spool/virtual/%d/%n.imap:INBOX=/var/spool/virtual/%d/%n > > > >This exercise becomes trivial when you follow the advice of the > >Dovecot wiki and give your virtual users a $HOME. (Well, to be > >simple, you'd also have to have INBOX in $HOME. An alternative > >is to specify INBOX for virtual users in your virtual userdb.) > > Thank for your answer. Are you referring to the VirtualUsers > page? (http://wiki.dovecot.org/VirtualUsers) Ok I tried the > mbox:~/ and userdb home= trick, > > # dovecot -n > # 1.2.17: /usr/local/etc/dovecot.conf > # OS: FreeBSD 8.3-RELEASE amd64 > protocols: imap > ssl: no > disable_plaintext_auth: no > login_dir: /var/run/dovecot/login > login_executable: /usr/local/libexec/dovecot/imap-login > first_valid_uid: 6 > first_valid_gid: 6 > mail_privileged_group: mail > mail_location: mbox:~/ Mbox refers to a file name. Here you have given just a directory. http://wiki.dovecot.org/FindMailLocation http://wiki.dovecot.org/MailLocation/Mbox http://wiki.dovecot.org/MailboxFormat/mbox > imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep > auth default: > passdb: > driver: passwd-file > args: username_format=%n /etc/virtual/%d/passwd > passdb: > driver: passwd I think the second passdb should possibly be first, but it should work. You probably also need either "shadow" or "pam" as driver, not "passwd". > userdb: > driver: static > args: uid=mail gid=mail home=/var/spool/virtual/%d/%n.imap You forgot your userdb: with "driver: passwd". That must precede the static userdb, because a static userdb, by definition, matches everything. http://wiki.dovecot.org/AuthDatabase/Passwd > but I end up with the same result, everything is read from the > virtual folders, namely /var/spool/virtual. How to also access > local users' email? Yes, give them a proper userdb. This won't work on your second server either, without a userdb. If you can get the userdb right there, it would also work here. [snip] > I tried with uid 999 and even if I update the ownerships on > /etc/virtual/ /var/spool/virtual /var/spool/mqueue/ (no need for I don't know what /etc/virtual is. I presume that /var/spool/mqueue is the Sendmail MTA queue directory. I don't know, but it does not sound right to me that it should be owned by a virtual mailbox owner. Don't go changing ownerships at random. ONLY the virtual mailboxes should be owned by your shared-UID/GID virtual mailbox owner. > /var/mail/ which get the sticky bit, here) the smtp daemon isn't > able to write to the virtual mbox anymore, and I don't know why. It probably logged why/why not. > I have searched the whole file system for relying '6' UID, nothing > wrong is left. I don't see why my smtp deamon won't work once I > change the UID _and_ update the file and folder ownerships. Maybe > some freebsd system security which is today unknown to me. So I > switched back to uid 6. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From msmith at datafoundry.com Fri Aug 30 20:54:45 2013 From: msmith at datafoundry.com (Michael Smith (DF)) Date: Fri, 30 Aug 2013 17:54:45 +0000 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: References: Message-ID: We're already running fail2ban, but it doesn't seem that effective against botnets, when they only do one attempt per IP. Add that on top of load balancing between many servers... We've setup some rules to help, but still not that great. I've checked out several DNS BLs (those listed here, and some not), and at the most they have about 15-20 IPs out of the 8000+ that we've manually identified, and blocked, as botnet behavior. So, none of them seem effective/beneficial to us right now. That leaves us back to getting dovecot to log the tried password for unknown users. I'll admit that C is not my strong suit, but after poking around I've come up with a patch that appears to work. It hasn't been stress tested yet, so I don't know it's long term stability. Maybe someone more intimately familiar with the Dovecot code can review it, and maybe this could make it into the code base. This patch is against Dovecot 2.2.4, as that is what we have deployed at the moment. It would be weeks before we could begin to deploy to Dovecot 2.2.5. Also, is there a way to make the auth system report successful auths, with no option to report the password (or maybe ONLY report the hash if password debugging is enabled)? It's currently impossible to identify when a bot makes a successful auth. Dovecot doesn't report it, and postfix doesn't report it. Postfix only reports the authentication IF a message is actually sent through. These bots are only connecting, sending the auth command, and quitting. My best guess, based on the bulk of auth failures for a user, and when that user is used by a botnet is 1-8 weeks. So, if we could identify the bot's successful auth, we could warn the customer and/or force a password change before the account is used to send hundreds of thousands of spam. -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Joseph Tam Sent: Thursday, August 22, 2013 11:30 PM To: dovecot at dovecot.org Subject: Re: [Dovecot] Logging passwords on auth failure/dealing with botnets "Michael Smith (DF)" writes: > Or another option, is there any good DNS based RBLs for botnet IPs, and > is there any way to tie that in to the dovecot auth system? I've been > looking for botnet rbls, but what I've found so far doesn't seem to > work very well. Most of the IPs that I've had to firewall don't exist > in them. /dev/rob0 writes: > The problem with using XBL, anyway, is that you might have legitimate > logins from listed hosts. Example: a traveler using hotel wifi. We > (TINW) really would need a new DNSBL type (or a special result) for > this sort of abuse. > > It's a nice idea, worth building upon, if someone can fund it (or > find the time to develop it, which really amounts to the same thing.) > Imagine also a Dovecot network of reporters, where brute force > attempts worldwide are reported from Dovecots to the DNSBL, not > merely a one-way tie in. > > I'd also suggest listing SSH brute force attacks in the same DNSBL, > possibly with a different result (127.0.0.$port, so IMAP attackers > list as 127.0.0.143, SSH attackers as 127.0.0.22. Yes, we'd have to > incorporate the third quad for ports > 255, but the general idea is > for result codes to be both machine and human readable as much as > possible.) I use bl.blocklist.de as a DNSRBL for ssh BFD, but I think it also detects BFD for other protocols: http://www.blocklist.de/en/index.html The nice thing about this RBL is that you can also contribute by configuring your Fail2Ban/DenyHost to forward logs to the maintainers, to widen the detection network. I get about a 60% hit on ssh BFD attacks. I also found http://openbl.org but they distribute it as a downloadable file rather than as a DNSRBL. Maybe I can introduce the latter to the former. Joseph Tam -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot-2.2.4-log-unknownuser.patch Type: application/octet-stream Size: 10083 bytes Desc: dovecot-2.2.4-log-unknownuser.patch URL: From trashcan at odo.in-berlin.de Fri Aug 30 21:13:22 2013 From: trashcan at odo.in-berlin.de (Michael Grimm) Date: Fri, 30 Aug 2013 20:13:22 +0200 Subject: [Dovecot] kqueue bug? In-Reply-To: References: Message-ID: On 30.08.2013, at 16:14, Timo Sirainen wrote: > Apparently Dovecot with kqueue ioloop enabled causes random crashes in FreeBSD 9.1. Anyone else noticed something like that? No, I never had had random crashes with FreeBSD 9.1, and now FreeBSD 9.2: | mail> dovecot --build-options | Build options: ioloop=kqueue notify=kqueue ipv6 openssl io_block_size=8192 | Mail storages: shared mdbox sdbox raw fail | SQL drivers: sqlite | Passdb: checkpassword pam passwd passwd-file sql | Userdb: checkpassword nss passwd prefetch passwd-file sql > Anyway it seems to be returning events for filters that have already been removed. What do you mean by that? Regards, Michael From pbraun at nethence.com Fri Aug 30 21:52:30 2013 From: pbraun at nethence.com (Pierre-Philipp Braun) Date: Fri, 30 Aug 2013 20:52:30 +0200 Subject: [Dovecot] local AND virtual mail locations ? In-Reply-To: <20130830151155.GX13717@harrier.slackbuilds.org> References: <521B4F2E.9070908@nethence.com> <20130826131702.GJ13717@harrier.slackbuilds.org> <521B7E1C.90002@nethence.com> <20130830151155.GX13717@harrier.slackbuilds.org> Message-ID: <5220E9EE.9070407@nethence.com> Quoting /dev/rob0 30/08/2013 17:11, > You posted today that it must not be possible to serve both virtual > and system users on a single Dovecot instance. This is wrong. I don't say it is impossible, I'm just saying it isn't as trivial as you supposed in your first answer. In fact, I got it _almost_ working, the only quirk is about mail_location parameter being shared among all kinds of users, local and virtual, which causes the troubles I try to explain hereby. When I use, mail_location = mbox:~/ * YES this is the best way, afaict, to get the mboxes within the userdb defined home= variable * the problems are: 1) local users' home dir is served, which is not appropriate as I want them to have other files, not only emails, especially the ~/.forward file, 2) I need to setup the smtp daemon or its LDA to write to local users' ~/inbox or make a link to /var/(spool/)mail/%u. Otherwise the local users don't get any INBOX as the :INBOX= part is missing in the mail_location declaration. (everything is fine for virtual users) When I use, mail_location = mbox:~/mail/ the problems are: 1) I have to create the 'mail/' folder in virtual users' imap folder and move the content to it for every virtual user, 2) I need to setup the smtp daemon or its LDA to write to local users' ~/mail/inbox or make a link to /var/(spool/)mail/%u. Otherwise the local users don't get any INBOX either as the :INBOX= part is missing in the mail_location declaration. When I use, mail_location = mbox:~/mail/:INBOX=/var/mail/%u it just won't work as the virtual and local users don't share the same locations for inboxes and this cannot be set with the userdb home= trick. So here is it, finally (still got the ssl part to fix). I am probably going to use the second mail_location possibility, it just bothers me to add a useless folder to virtual users' mail path (/var/spool/virtual/domain/username.folder/*mail/*). # dovecot -n # 1.2.17: /usr/local/etc/dovecot.conf # OS: FreeBSD 8.3-RELEASE amd64 protocols: imap ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login first_valid_uid: 6 first_valid_gid: 6 mail_privileged_group: mail mail_location: mbox:~/mail/ imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep auth default: username_format: %Lu passdb: driver: pam args: * passdb: driver: passwd-file args: username_format=%n /etc/virtual/%d/passwd userdb: driver: passwd args: blocking=yes userdb: driver: static args: uid=mail gid=mail home=/var/spool/virtual/%d/%n.imap option as I didn't couldn't find Pierre-Philipp From genie at geniechka.ru Fri Aug 30 22:54:32 2013 From: genie at geniechka.ru (Eugene) Date: Fri, 30 Aug 2013 23:54:32 +0400 Subject: [Dovecot] kqueue bug? In-Reply-To: References: Message-ID: <2B232B4D91694E7A8B8F500D5D66A012@geniepc2011> Hi Timo, Also no problems here: FreeBSD 9.1-RELEASE-p3, Dovecot 2.2.5 with default port config including Build options: ioloop=kqueue notify=kqueue ipv6 openssl io_block_size=8192 Best wishes Eugene -----Original Message----- From: Michael Grimm Sent: Friday, August 30, 2013 10:13 PM To: Dovecot Mailing List Subject: Re: [Dovecot] kqueue bug? On 30.08.2013, at 16:14, Timo Sirainen wrote: > Apparently Dovecot with kqueue ioloop enabled causes random crashes in > FreeBSD 9.1. Anyone else noticed something like that? No, I never had had random crashes with FreeBSD 9.1, and now FreeBSD 9.2: | mail> dovecot --build-options | Build options: ioloop=kqueue notify=kqueue ipv6 openssl io_block_size=8192 | Mail storages: shared mdbox sdbox raw fail | SQL drivers: sqlite | Passdb: checkpassword pam passwd passwd-file sql | Userdb: checkpassword nss passwd prefetch passwd-file sql > Anyway it seems to be returning events for filters that have already been > removed. What do you mean by that? Regards, Michael From kremels at kreme.com Fri Aug 30 23:24:41 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 30 Aug 2013 14:24:41 -0600 Subject: [Dovecot] local AND virtual mail locations ? In-Reply-To: <5220E9EE.9070407@nethence.com> References: <521B4F2E.9070908@nethence.com> <20130826131702.GJ13717@harrier.slackbuilds.org> <521B7E1C.90002@nethence.com> <20130830151155.GX13717@harrier.slackbuilds.org> <5220E9EE.9070407@nethence.com> Message-ID: On 30 Aug 2013, at 12:52 , Pierre-Philipp Braun wrote: > mail_location = mbox:~/ Well, first of all, why are you using mbox? truncated output from my doeveconf -n # for Local users mail_location = maildir:~/Maildir For SQL users userdb { args = /etc/dovecot/dovecot-sql.conf.ext default_fields = uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u driver = sql } Notice that using default_fields I am able to respecify the mail_location for the sql users. You should be able to do something similar, right? Of course, you are using dovecot 1.x, so maybe it's more difficult? Still, mbox is bad. No one should use mbox. -- "Is that a star?" "Nah, that's Ted Danson." From AxelLuttgens at swing.be Sat Aug 31 01:09:43 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Sat, 31 Aug 2013 00:09:43 +0200 Subject: [Dovecot] kqueue bug? In-Reply-To: References: Message-ID: <6BF65320-023B-4981-A6E0-5F0CF1005406@swing.be> Le 30 ao?t 2013 ? 16:14, Timo Sirainen a ?crit : > Apparently Dovecot with kqueue ioloop enabled causes random crashes in FreeBSD 9.1. Anyone else noticed something like that? I'm wondering if Dovecot's kqueue code has a bug somewhere (I can't find it) or could it be that FreeBSD itself has a bug? Anyway it seems to be returning events for filters that have already been removed. > Hello Timo, For what it is worth, seemingly no such problems with Mac OX 10.6 up to 10.8, which also tend to share some code with FreeBSD (not sure about the exact version matches); in the case of my current trial setup: Build options: ioloop=kqueue notify=kqueue ipv6 openssl io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail SQL drivers: sqlite Passdb: checkpassword pam passwd passwd-file sql Userdb: checkpassword passwd prefetch passwd-file sql Seconding Michael's question, are there some specific trials we could conduct? Axel From jtam.home at gmail.com Sat Aug 31 02:00:45 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 30 Aug 2013 16:00:45 -0700 (PDT) Subject: [Dovecot] Bizarre permissions problem In-Reply-To: References: Message-ID: Bill Oliver writes: > There's *one* user I can't get it to work on without a > workaround. The user is "newuser" and the uid is 1111 (actual name and > number changed to protect the innocent). The error I get in my maillog > is: > > The error I get in may maillog is: > Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: chown(/home/newuser/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=1111(newuser), group based on /var/mail/newuser) > Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: mkdir(/home/newuser/mail/.imap/INBOX) failed: Operation not permitted > Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: chown(/home/newuser/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=1111(newuser), group based on /var/mail/newuser) > Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: mkdir(/home/newuser/mail/.imap/INBOX) failed: Operation not permitted > Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: chown(/home/newuser/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=1111(newuser), group based on /var/mail/newuser) > Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: mkdir(/home/newuser/mail/.imap/INBOX) failed: Operation not permitted > > Now, it looks to me like dovecot is saying that the user newuser can't > get to the /home/newuser/mail/.imap directory because it doesn't have > permission. However, the user newuser has all the permissions it needs: > > $ ls -la /home/newuser/mail > > total 20 > drwxrw---- 3 newuser newuser 4096 Aug 29 15:01 . > drwxrw---- 6 newuser newuser 4096 Aug 29 12:16 .. > drwxrwx--- 2 newuser newuser 4096 Aug 29 16:05 .imap > -rw-rw---- 1 newuser newuser 499 Aug 13 07:56 saved-messages > -rw-rw---- 1 newuser newuser 1756 Aug 16 11:15 sent-mail The output of doveconf -n would have been useful, especially as it relates to your mail_location value, but I can make a pretty good guess at what is happening. Dovecot is trying to create indices with analogous permissions to your mailbox files. Your user's INBOX (/var/mail/newuser) has permission user:group:mode = 1111:12:0660 *but* newuser is not in group "mail" (GID 12), hence it cannot do the required chown operations. (Notice the mode of .imap/: the group write is on so the chmod worked.) Your INBOX ended up this way because some LDA's auto-create new INBOX's with these permissions (to allow access to other part of the mail sysyem that are set-gid "mail"). Options: 1) chmod g-rwx /var/mail/newuser - assumes you have no other parts of your mailsystem that needs access to all user INBOX by assuming group "mail". - dovecot is smart enough to figure out group membersip is irrelevant is groups access is nil. 2) chgrp newuser /var/mail/newuser 3) To avoid future problems: make sure new mailboxes are created with workable permissions. There are also dovecot configs that loosen up some group access, but you'll have to investigate that yourself. Joseph Tam From jtam.home at gmail.com Sat Aug 31 02:55:00 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 30 Aug 2013 16:55:00 -0700 (PDT) Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: References: Message-ID: Michael Smith writes: > We're already running fail2ban, but it doesn't seem that effective > against botnets, when they only do one attempt per IP. Yeah, distributed BFDs are tough to block unless you can characterize the clients well. > That leaves us back to getting dovecot to log the tried password for > unknown users. Another tactic might be to hook in a authentication script: http://wiki2.dovecot.org/AuthDatabase/CheckPassword You can run this as an external plugin and won't have to muck into the dovecot innards. From here, you can log attempts, keep track of bad IPs, or take action if you spot a username/password combination that merits instant blacklisting. Joseph Tam From chtrom at gmail.com Sat Aug 31 05:37:32 2013 From: chtrom at gmail.com (Christopher Trom) Date: Fri, 30 Aug 2013 21:37:32 -0500 Subject: [Dovecot] Dovecot and Postfix Authentication Message-ID: I am a student and am trying to get a mail server setup for a project. I have all of the Postfix configuration taken care of, but I am confused by the way that authentication works with Dovecot in the mix. As a user of the system, am I supposed to authenticate myself to Postfix, Dovecot, both individually, or both together? My Postfix users are stored in a PostgreSQL database, should Dovecot also be connected to this db? Some basic pointers on how this setup ought to look is all that I'm hoping for. Thank you, Christopher From kremels at kreme.com Sat Aug 31 09:58:57 2013 From: kremels at kreme.com (LuKreme) Date: Sat, 31 Aug 2013 00:58:57 -0600 Subject: [Dovecot] Dovecot and Postfix Authentication In-Reply-To: References: Message-ID: <3FF7395C-6C28-4307-BA0F-D2A6AF591C37@kreme.com> On 30 Aug 2013, at 20:37 , Christopher Trom wrote: > As a user of the > system, am I supposed to authenticate myself to Postfix, No. Postfix has no authentication methods on its own. > Dovecot, both > individually, or both together? My Postfix users are stored in a PostgreSQL > database, should Dovecot also be connected to this db? Yes. > Some basic pointers > on how this setup ought to look is all that I'm hoping for. # Certs ssl_cert = Hi there, I'm prompted to get into running my own mail server again with Gmail going bad. However I found /usr/share/doc/dovecot/example-config/conf.d/ a little scary, since I like to have my configs as minimalistic as possible, e.g. http://dabase.com/blog/Minimal_squid3_proxy_configuration/ So far I have: https://github.com/Webconverger/sg.webconverger.com/blob/master/dovecot/dovecot.conf I was kinda hoping for a Maildir, but this doesn't work: mail_location = maildir:~/Maildir:LAYOUT=fs:INBOX=/var/mail/%u I do realise /var/mail/%u is a mbox, but I was wondering if there could be some clever conversion. I was surprised something like INBOX=/var/mail/%u wasn't the default btw. Also surprised dovecot seems to choke on single line syntax like `passdb { driver = pam }` :-) Next thing I'm confused about is the `namespace inbox {` stuff. Is it really needed? I was expecting Dovecot to create the folders once I defined them, but mutt couldn't see them until I created them myself. The mail server is just for myself and a few colleagues. We will probably use mutt as our MUA and Apple Mail on IOS when we are out & about. I next plan to integrate dspam, and work out how to sort mails into folders like I previously effectively had with Gmail's labels. I was confused to which mechanism I should be using to sort mail into folders with rules. Sieve? Back to Procmail? Pigeonhole? I'm looking to avoid complexity here. On the topic of search, can I get away with not running a Solr server? Since I shudder at the thought of running Tomcat. http://wiki2.dovecot.org/Plugins/FTS Kiitos paljon for any pointers! From dovecot at webrz.net Sat Aug 31 23:13:06 2013 From: dovecot at webrz.net (Jos Chrispijn) Date: Sat, 31 Aug 2013 22:13:06 +0200 Subject: [Dovecot] Auto-blocking faulty login attempts Message-ID: <52224E52.2040108@webrz.net> Dear group, How can I block login attempts to dovecot after trying 5 times in error? -- Best regards, Jos Chrispijn --- Artificial intelligence is no match for natural stupidity