From p at sys4.de Sun Sep 1 10:43:12 2013 From: p at sys4.de (Patrick Ben Koetter) Date: Sun, 1 Sep 2013 09:43:12 +0200 Subject: [Dovecot] Auto-blocking faulty login attempts In-Reply-To: <52224E52.2040108@webrz.net> References: <52224E52.2040108@webrz.net> Message-ID: <20130901074310.GB20600@sys4.de> * Jos Chrispijn : > Dear group, > > How can I block login attempts to dovecot after trying 5 times in error? If you can read German take a look at this: p at rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From adrian.minta at gmail.com Sun Sep 1 17:53:32 2013 From: adrian.minta at gmail.com (Adrian Minta) Date: Sun, 01 Sep 2013 17:53:32 +0300 Subject: [Dovecot] Auto-blocking faulty login attempts In-Reply-To: <52224E52.2040108@webrz.net> References: <52224E52.2040108@webrz.net> Message-ID: <522354EC.2080801@gmail.com> On 08/31/13 23:13, Jos Chrispijn wrote: > Dear group, > > How can I block login attempts to dovecot after trying 5 times in error? > You need to use fail2ban: http://wiki2.dovecot.org/HowTo/Fail2Ban -- Best regards, Adrian Minta From CMarcus at Media-Brokers.com Sun Sep 1 18:00:17 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sun, 01 Sep 2013 11:00:17 -0400 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: References: Message-ID: <52235681.5030804@Media-Brokers.com> On 2013-08-30 7:55 PM, Joseph Tam wrote: > Michael Smith writes: > >> We're already running fail2ban, but it doesn't seem that effective >> against botnets, when they only do one attempt per IP. > > Yeah, distributed BFDs are tough to block unless you can characterize > the clients well. Wonder if there's a way to leverage Stan Hoeppner's most excellent botnet killer to reject AUTHs from the same types of clients before they even try? Stan? -- Best regards, */Charles/* From kremels at kreme.com Sun Sep 1 18:48:16 2013 From: kremels at kreme.com (LuKreme) Date: Sun, 1 Sep 2013 09:48:16 -0600 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: <52235681.5030804@Media-Brokers.com> References: <52235681.5030804@Media-Brokers.com> Message-ID: <2EE01612-5435-41EF-A5E8-B1FF32DEB436@kreme.com> On 01 Sep 2013, at 09:00 , Charles Marcus wrote: > On 2013-08-30 7:55 PM, Joseph Tam wrote: >> Michael Smith writes: >> >>> We're already running fail2ban, but it doesn't seem that effective >>> against botnets, when they only do one attempt per IP. >> >> Yeah, distributed BFDs are tough to block unless you can characterize >> the clients well. > > Wonder if there's a way to leverage Stan Hoeppner's most excellent botnet killer to reject AUTHs from the same types of clients before they even try? Looking at Stan's pcre file, it seems like it's a brilliant tool for anyone who is using an older version of postfix that does not support postscreen and cannot upgrade. Anyone using a postscreen-capable postfix should use postscreen with zen and would gain very little (if anything) from adding this. Really, postscreen is the best thing to come along for postfix since... I dunno, auth? As far as the botnets go, at a certain point it is essentially worrying about "too many notes". Yes, there's a lot of failed attempts in the logs, but that't the thing, they are FAILED attempts. postfix already does a good job of dealing with those (for example, anvil). If there are so many bonnet connections that they are overwhelming your server and legitimate users can't login and legitimate email is being constantly and repeatedly temp-failed, then you start having to look into something else. But even if you are seeing thousands of connections a day, that is unlikely to affect your server. Denyssh might be worth looking into, as I recall it has a feature to distribute a ban list which can be somewhat effective against botnets, if you are willing to trust the essentially crowd-sourced list of hosts to block. If your server is small and non-commercial, this might be acceptable. I'd be hesitant to do it otherwise. I'd probably end up doing it anyway, but I'd at least hesitate. (I may be remembering something other than DenySsh) -- "640K ought to be enough RAM for anybody." - Bill Gates, 1981 From noeldude at gmail.com Sun Sep 1 22:59:35 2013 From: noeldude at gmail.com (Noel) Date: Sun, 01 Sep 2013 14:59:35 -0500 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: <52235681.5030804@Media-Brokers.com> References: <52235681.5030804@Media-Brokers.com> Message-ID: <52239CA7.7050300@gmail.com> On 9/1/2013 10:00 AM, Charles Marcus wrote: > On 2013-08-30 7:55 PM, Joseph Tam wrote: >> Michael Smith writes: >> >>> We're already running fail2ban, but it doesn't seem that effective >>> against botnets, when they only do one attempt per IP. >> >> Yeah, distributed BFDs are tough to block unless you can >> characterize >> the clients well. > > Wonder if there's a way to leverage Stan Hoeppner's most excellent > botnet killer to reject AUTHs from the same types of clients > before they even try? > > Stan? > The objective of Stan's list is to reject dynamic hosts, because the overwhelming majority of dynamic hosts trying to send via SMTP are zombies. For dovecot, the situation is quite different. Blocking all dynamic IPs would be an obvious mistake. -- Noel Jones From andreas at cymail.eu Mon Sep 2 02:37:04 2013 From: andreas at cymail.eu (Andreas Kasenides) Date: Mon, 02 Sep 2013 02:37:04 +0300 Subject: [Dovecot] Getting back into Dovecot 2.2.5 In-Reply-To: <20130831100701.GA6727@sg.webconverger.com> References: <20130831100701.GA6727@sg.webconverger.com> Message-ID: On 31-08-2013 13:07, Kai Hendry wrote: > > However I found /usr/share/doc/dovecot/example-config/conf.d/ a little > scary, since I like to have my configs as minimalistic as possible, > e.g. I suggest you forget all the options and concentrate on the ones you intend to use. Dovecot has defaults for most options that make sense. > > I was kinda hoping for a Maildir, but this doesn't work: > mail_location = maildir:~/Maildir:LAYOUT=fs:INBOX=/var/mail/%u I have mail_location =maildir:/Mail/%d/%n:INDEX=/Mail/dovecot/indexes/%d/%n:CONTROL=/Mail/dovecot/control/%d/%n and it works nicely. So why don't you try mail_location=maildir:/var/spool/mail/%u first and see how it works before moving the INBOX separately from other boxes > > I do realise /var/mail/%u is a mbox, but I was wondering if there could > be some clever conversion. /var/mail/%u is a directory. It only becomes an mbox if you say so in Dovecot. > > I was surprised something like INBOX=/var/mail/%u wasn't the default > btw. Also surprised dovecot seems to choke on single line syntax like > `passdb { driver = pam }` :-) Actually Dovecot will even auto-discover your mail in /var/mail/ among other locations (~Maildir, /var/mail/username, ~/mail, ~/Mail) if you leave mail_location empty. Verified for passdb { driver = pam }. But this works: userdb { driver = sql; args = /usr/local/etc/dovecot/dovecot-sql.conf.ext } This does not: userdb { driver = sql; args = /usr/local/etc/dovecot/dovecot-sql.conf.ext } Not sure of the exact syntax though. > > Next thing I'm confused about is the `namespace inbox {` stuff. Is it > really needed? I was expecting Dovecot to create the folders once I > defined them, but mutt couldn't see them until I created them myself. > Never touched namespace myself, did not have to. The default works nicely. Sorry never used mutt before. > The mail server is just for myself and a few colleagues. We will > probably use mutt as our MUA and Apple Mail on IOS when we are out & > about. I next plan to integrate dspam, and work out how to sort mails > into folders like I previously effectively had with Gmail's labels. > > I was confused to which mechanism I should be using to sort mail into > folders with rules. Sieve? Back to Procmail? Pigeonhole? I'm looking to > avoid complexity here. Sieve. Which is actually a two part thing: 1) the sieve filter language which you can enable on the dovecot server and manually edit each folder OR 2) the Sieve server which enables you to edit the filters from the clients (with the right plug-in/extension on the client. > > On the topic of search, can I get away with not running a Solr server? > Since I shudder at the thought of running Tomcat. > http://wiki2.dovecot.org/Plugins/FTS > Solr is not the only option. The way I understand this is that this will heavily depend on your client, if it will make use of the Dovecot indexing, thefore speeding up operations. I use Thunderbird most of the time and I have no indexing on Dovecot. Searching is quite good. Hope this helps. Andreas From hendry at dabase.com Mon Sep 2 07:04:16 2013 From: hendry at dabase.com (Kai Hendry) Date: Mon, 2 Sep 2013 12:04:16 +0800 Subject: [Dovecot] Getting back into Dovecot 2.2.5 In-Reply-To: References: <20130831100701.GA6727@sg.webconverger.com> Message-ID: <20130902040416.GA11046@sg.webconverger.com> On Mon, Sep 02, 2013 at 02:37:04AM +0300, Andreas Kasenides wrote: > mail_location=maildir:/var/spool/mail/%u > first and see how it works before moving the INBOX separately from > other boxes That won't work: imap(hendry): Error: stat(/var/spool/mail/hendry/tmp) failed: Not a directory > /var/mail/%u is a directory. It only becomes an mbox if you say so > in Dovecot. IIUC Postfix places by default mail in /var/mail/%u as an mbox. sg:/etc/postfix$ sudo postconf | grep mail_spool mail_spool_directory = /var/mail I think the solution from looking around is to use dovecot as an lda. http://wiki2.dovecot.org/LDA/Postfix I guess that will solve my mbox to maildir problem. :-) > Actually Dovecot will even auto-discover your mail in > /var/mail/ among other locations (~Maildir, > /var/mail/username, ~/mail, ~/Mail) if you leave mail_location > empty. I take that back. Dovecot without mail_location= seems to discover /var/mail/$username. > Solr is not the only option. The way I understand this is that this > will heavily depend on your client, if it will make use of the > Dovecot indexing, thefore speeding up operations. I use Thunderbird > most of the time and I have no indexing on Dovecot. Searching is > quite good. I use mutt & Apple Mail IOS. http://www.flickr.com/photos/hendry/9652360692/ Thanks for replying! I will update https://github.com/webconverger/sg.webconverger.com with my setup in future. From stan at hardwarefreak.com Mon Sep 2 11:12:49 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Mon, 02 Sep 2013 03:12:49 -0500 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: <52239CA7.7050300@gmail.com> References: <52235681.5030804@Media-Brokers.com> <52239CA7.7050300@gmail.com> Message-ID: <52244881.80202@hardwarefreak.com> On 9/1/2013 2:59 PM, Noel wrote: > On 9/1/2013 10:00 AM, Charles Marcus wrote: ... >> Wonder if there's a way to leverage Stan Hoeppner's most excellent >> botnet killer to reject AUTHs from the same types of clients >> before they even try? > > The objective of Stan's list is to reject dynamic hosts, because the > overwhelming majority of dynamic hosts trying to send via SMTP are > zombies. Yep. > For dovecot, the situation is quite different. Blocking all dynamic > IPs would be an obvious mistake. Yep. Unfortunately the hosts we want to block at the public SMTP port are the same hosts that are your typical legitimate IMAP clients. To do something similar to Postscreen with Dovecot would require Timo writing code similar to Postscreen that would look for IMAP protocol violations or similar signs that the client is a bot and not a legit MUA. But given that Dovecot is designed for inherently greater client parallelism (thousands) than Postfix smtpd (100), I don't think anyone is rejecting clients due to running out of auth process slots taken by bots. As others have suggested this seems a log clutter issue, nothing more. -- Stan From andreas at cymail.eu Mon Sep 2 12:00:22 2013 From: andreas at cymail.eu (Andreas Kasenides) Date: Mon, 02 Sep 2013 12:00:22 +0300 Subject: [Dovecot] Getting back into Dovecot 2.2.5 In-Reply-To: <20130902040416.GA11046@sg.webconverger.com> References: <20130831100701.GA6727@sg.webconverger.com> <20130902040416.GA11046@sg.webconverger.com> Message-ID: <80b94cf20676bbd27b48081f5d1cd784@cymail.eu> On 02-09-2013 07:04, Kai Hendry wrote: > On Mon, Sep 02, 2013 at 02:37:04AM +0300, Andreas Kasenides wrote: > > IIUC Postfix places by default mail in /var/mail/%u as an mbox. > > sg:/etc/postfix$ sudo postconf | grep mail_spool > mail_spool_directory = /var/mail > > I think the solution from looking around is to use dovecot as an lda. > http://wiki2.dovecot.org/LDA/Postfix Yes! Sorry for not saying that. While the Dovecot LDA is preferred (it will also do on-line indexing), it is not the only option. Postfix will also deliver into a maildir (both the local and virtual delivery agents) if you just add a "/" at the end of the delivery directory! I prefer the Dovecot LDA of course with necessary Postfix configs for it. By the way I consider mbox format to be a relic of the mail systems. But it may be what you are looking for a really small setup to get away from Gmail. Straight forward and simple. Andreas > >> Solr is not the only option. The way I understand this is that this >> will heavily depend on your client, if it will make use of the >> Dovecot indexing, thefore speeding up operations. I use Thunderbird >> most of the time and I have no indexing on Dovecot. Searching is >> quite good. > > I use mutt & Apple Mail IOS. > http://www.flickr.com/photos/hendry/9652360692/ > > Thanks for replying! I will update > https://github.com/webconverger/sg.webconverger.com with my setup in > future. From nik600 at gmail.com Mon Sep 2 14:46:28 2013 From: nik600 at gmail.com (nik600) Date: Mon, 2 Sep 2013 13:46:28 +0200 Subject: [Dovecot] migration from IMAP/POP3 courier server to a remote dovecot server Message-ID: Dear all i'm planning a transparent migration from a courier server that provides both IMAP and POP3 access to users to a remote dovecot server with both IMAP and POP3 access. I have to migrate about 2500 users for 250 GB of space. I'm using dovecot 2.2.5.4 on debian6 squeeze. To make a transparent migration i have to maintain old IMAP UIDs and POP3 UIDs, so i've read http://wiki2.dovecot.org/Migration and http://wiki2.dovecot.org/Migration/Courier and http://wiki2.dovecot.org/Migration/Dsync And decided that probably the best tool to use is Dsync, as the courier-dovecot-migrate.pl script works only locally. I've tested the dsync following instructions reported above but after the migration of one test-account the client re-download messages. If i want to keep both IMAP UIDs and POP3 UIDs i have to sync both imapc and pop3c with two commands? doveadm -o imapc_user=foo -o pop3c_user=foo -o imapc_password=bar -o pop3c_password=bar backup -R -u user at domain imapc: doveadm -o imapc_user=foo -o pop3c_user=foo -o imapc_password=bar -o pop3c_password=bar backup -R -u user at domain pop3c: Or imapc is enough? Do you have any suggestion? Thanks -- /*************/ nik600 http://www.kumbe.it From nik600 at gmail.com Mon Sep 2 16:18:40 2013 From: nik600 at gmail.com (nik600) Date: Mon, 2 Sep 2013 15:18:40 +0200 Subject: [Dovecot] migration from IMAP/POP3 courier server to a remote dovecot server In-Reply-To: References: Message-ID: to give some more information, i've set pop3_uidl_format = UID%u-%v on the courier-side i get this UIDL answer: UIDL +OK 1 1378040847.Vfe11I12801312M172099.myserver.cloud923 2 UID2-1378040947 3 UID3-1378040947 4 UID4-1378040947 5 UID5-1378040947 on the dovecot-side i get this UIDL answer: UIDL +OK 1 UID1-1378127599 2 UID2-1378127599 3 UID3-1378127599 4 UID4-1378127599 5 UID5-1378127599 2013/9/2 nik600 > Dear all > > i'm planning a transparent migration from a courier server that provides > both IMAP and POP3 access to users to a remote dovecot server with both > IMAP and POP3 access. > > I have to migrate about 2500 users for 250 GB of space. > > I'm using dovecot 2.2.5.4 on debian6 squeeze. > > To make a transparent migration i have to maintain old IMAP UIDs and POP3 > UIDs, so i've read > > http://wiki2.dovecot.org/Migration > and > http://wiki2.dovecot.org/Migration/Courier > and > http://wiki2.dovecot.org/Migration/Dsync > > And decided that probably the best tool to use is Dsync, as the > courier-dovecot-migrate.pl script > works only locally. > > I've tested the dsync following instructions reported above but after the > migration of one test-account the client re-download messages. > > > If i want to keep both IMAP UIDs and POP3 UIDs i have to sync both imapc > and pop3c with two commands? > > doveadm -o imapc_user=foo -o pop3c_user=foo -o imapc_password=bar -o pop3c_password=bar backup -R -u user at domain imapc: > > doveadm -o imapc_user=foo -o pop3c_user=foo -o imapc_password=bar -o pop3c_password=bar backup -R -u user at domain pop3c: > > Or imapc is enough? > > Do you have any suggestion? > > Thanks > > -- > /*************/ > nik600 > http://www.kumbe.it > -- /*************/ nik600 http://www.kumbe.it From CMarcus at Media-Brokers.com Mon Sep 2 16:25:29 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 02 Sep 2013 09:25:29 -0400 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: <52239CA7.7050300@gmail.com> References: <52235681.5030804@Media-Brokers.com> <52239CA7.7050300@gmail.com> Message-ID: <522491C9.6060303@Media-Brokers.com> On 2013-09-01 3:59 PM, Noel wrote: > The objective of Stan's list is to reject dynamic hosts, because the > overwhelming majority of dynamic hosts trying to send via SMTP are > zombies. > > For dovecot, the situation is quite different. Blocking all dynamic > IPs would be an obvious mistake. Oops... you're right of course, sorry for the noise... -- Best regards, */Charles/* From CMarcus at Media-Brokers.com Mon Sep 2 16:35:11 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 02 Sep 2013 09:35:11 -0400 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: <52244881.80202@hardwarefreak.com> References: <52235681.5030804@Media-Brokers.com> <52239CA7.7050300@gmail.com> <52244881.80202@hardwarefreak.com> Message-ID: <5224940F.1020806@Media-Brokers.com> On 2013-09-02 4:12 AM, Stan Hoeppner wrote: > As others have suggested this seems a log clutter issue, nothing more. Well, it would be nice to have some way to stop brute force attacks (rather than just letting one run rampant until the attacker gives up) - ie, attempted FAILED logins to the same user account. Maybe a two pronged approach... 1. A whitelist that whitelists IP+username for *successful* logins (maybe with a configurable age-out option) to prevent the real user from being locked out if accessing from an IP on the whitelist, and 2. A blacklist that when triggered (x failed login attempts in x seconds), doesn't try to block the IP, but rather prevents login attempts for that user account from even reaching the AUTH stage - *unless* the IP in question is in the whitelist. The question is, where is this best dealt with - firewall (can fail2ban do anything like this?), or would it have to be done in dovecot? -- Best regards, */Charles/* From ph at whatever.nu Mon Sep 2 16:40:14 2013 From: ph at whatever.nu (Per-Henrik Lundblom) Date: Mon, 2 Sep 2013 15:40:14 +0200 Subject: [Dovecot] Auth error in log In-Reply-To: <20130821065252.GY2125@whatever.nu> References: <20130821065252.GY2125@whatever.nu> Message-ID: <20130902134014.GI8173@whatever.nu> Hi, > When a virtual user defined in the MySQL database tries to log in using > IMAP or SMTP I always get auth failures logged in the system logs. > Entries are like this: > > Aug 21 06:25:36 roadrunner dovecot-auth: pam_unix(dovecot:auth): > authentication failure; logname= uid=0 euid=0 tty=dovecot > ruser=luser at mydomain.com rhost=85.224.xx.xx > > I assume these failures comes form the fact that PAM doesn't recognize > the virtual users and Dovecot continues to the SQL passdb entry. As a > result I get a _lot_ of auth failures in the logs. > > I have tried to come up with a way where the auth failures from PAM > arent't logged if the the SQL authenication is successful. Is this > possible or are there any other recommended ways to handle this? How do other users solve this issue? The simple way is to just ignore all the logged auth failures but that seems too easy. /PH -- Per-Henrik Lundblom email: ph at whatever.nu cell: +46 733-20 71 26 webpage: www.whatever.nu From CMarcus at Media-Brokers.com Mon Sep 2 16:53:46 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 02 Sep 2013 09:53:46 -0400 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: <5224940F.1020806@Media-Brokers.com> References: <52235681.5030804@Media-Brokers.com> <52239CA7.7050300@gmail.com> <52244881.80202@hardwarefreak.com> <5224940F.1020806@Media-Brokers.com> Message-ID: <5224986A.5070002@Media-Brokers.com> On 2013-09-02 9:35 AM, Charles Marcus wrote: > Well, it would be nice to have some way to stop brute force attacks > (rather than just letting one run rampant until the attacker gives up) And I left out the obvious "... or worst case, is successful ..." - which obviously is why we are having this conversation in the first place... > Maybe a two pronged approach... > > 1. A whitelist that whitelists IP+username for *successful* logins > (maybe with a configurable age-out option) Of course there should be a default age-out option (24 hours? 48 hours? longer? shorter?), but should it be configurable? > 2. A blacklist that when triggered (x failed login attempts in x seconds) Configurable? Maybe to make it simplest, some sane defaults could be decided on, and hard code them, with a single config option to enable or disable botnet brute-force protection? -- Best regards, */Charles/* From CMarcus at Media-Brokers.com Mon Sep 2 17:27:27 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 02 Sep 2013 10:27:27 -0400 Subject: [Dovecot] Getting back into Dovecot 2.2.5 In-Reply-To: References: <20130831100701.GA6727@sg.webconverger.com> Message-ID: <5224A04F.9000503@Media-Brokers.com> On 2013-09-01 7:37 PM, Andreas Kasenides wrote: > On 31-08-2013 13:07, Kai Hendry wrote: >> >> However I found /usr/share/doc/dovecot/example-config/conf.d/ a little >> scary, since I like to have my configs as minimalistic as possible, e.g. > > I suggest you forget all the options and concentrate on the ones you > intend to use. > Dovecot has defaults for most options that make sense. Precisely. *Never* change a default (goes for any/all software) unless you know exactly why you are doing so. One technique you can use is to create your own config file in conf.d/ for your modifications, name it something like 99-myConfig.conf (as long as config files in conf.f/ are included which they are by default) which causes it to be loaded last, and add your changes there. This way, it doesn't matter what is in any of the other config files, any changes you make will override them, and if you don't override something, you know you'll be using the default. This makes keeping up with your mods during upgrades much easier too. -- Best regards, */Charles/* From nik600 at gmail.com Mon Sep 2 17:41:01 2013 From: nik600 at gmail.com (nik600) Date: Mon, 2 Sep 2013 16:41:01 +0200 Subject: [Dovecot] migration from IMAP/POP3 courier server to a remote dovecot server In-Reply-To: References: Message-ID: Ok, it seems i found the problem, i was missing the plugin declaration into dovecot.conf imapc_host = mail.foo.com imapc_features = rfc822.size pop3c_host = mail.foo.com namespace { separator = / inbox = yes } protocol doveadm { mail_plugins = $mail_plugins pop3_migration } disable_plaintext_auth = no pop3_uidl_format = UID%u-%v And then using command: *doveadm -o imapc_user=foo -o pop3c_user=foo -o imapc_password=bar -o pop3c_password=bar backup -R -u user at domain pop3c:* The only doubt i have is how to sync both imap and pop3, i've seen that if i made a pop3c sync ath then impac sync gives an error, and if execute imapc and then pop3c it gives an error too. 2013/9/2 nik600 > to give some more information, i've set > > pop3_uidl_format = UID%u-%v > > on the courier-side i get this UIDL answer: > > UIDL > +OK > 1 1378040847.Vfe11I12801312M172099.myserver.cloud923 > 2 UID2-1378040947 > 3 UID3-1378040947 > 4 UID4-1378040947 > 5 UID5-1378040947 > > > on the dovecot-side i get this UIDL answer: > UIDL > +OK > 1 UID1-1378127599 > 2 UID2-1378127599 > 3 UID3-1378127599 > 4 UID4-1378127599 > 5 UID5-1378127599 > > > > > > 2013/9/2 nik600 > >> Dear all >> >> i'm planning a transparent migration from a courier server that provides >> both IMAP and POP3 access to users to a remote dovecot server with both >> IMAP and POP3 access. >> >> I have to migrate about 2500 users for 250 GB of space. >> >> I'm using dovecot 2.2.5.4 on debian6 squeeze. >> >> To make a transparent migration i have to maintain old IMAP UIDs and POP3 >> UIDs, so i've read >> >> http://wiki2.dovecot.org/Migration >> and >> http://wiki2.dovecot.org/Migration/Courier >> and >> http://wiki2.dovecot.org/Migration/Dsync >> >> And decided that probably the best tool to use is Dsync, as the >> courier-dovecot-migrate.pl script >> works only locally. >> >> I've tested the dsync following instructions reported above but after the >> migration of one test-account the client re-download messages. >> >> >> If i want to keep both IMAP UIDs and POP3 UIDs i have to sync both imapc >> and pop3c with two commands? >> >> doveadm -o imapc_user=foo -o pop3c_user=foo -o imapc_password=bar -o pop3c_password=bar backup -R -u user at domain imapc: >> >> doveadm -o imapc_user=foo -o pop3c_user=foo -o imapc_password=bar -o pop3c_password=bar backup -R -u user at domain pop3c: >> >> >> Or imapc is enough? >> >> Do you have any suggestion? >> >> Thanks >> >> -- >> /*************/ >> nik600 >> http://www.kumbe.it >> > > > > -- > /*************/ > nik600 > http://www.kumbe.it > -- /*************/ nik600 http://www.kumbe.it From pbraun at nethence.com Mon Sep 2 20:47:33 2013 From: pbraun at nethence.com (Pierre-Philipp Braun) Date: Mon, 02 Sep 2013 19:47:33 +0200 Subject: [Dovecot] local AND virtual mail locations ? In-Reply-To: References: <521B4F2E.9070908@nethence.com> <20130826131702.GJ13717@harrier.slackbuilds.org> <521B7E1C.90002@nethence.com> <20130830151155.GX13717@harrier.slackbuilds.org> <5220E9EE.9070407@nethence.com> Message-ID: <5224CF35.5030009@nethence.com> > Well, first of all, why are you using mbox? > > truncated output from my doeveconf -n > > # for Local users > mail_location = maildir:~/Maildir > > For SQL users > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > default_fields = uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u > driver = sql > } > > Notice that using default_fields I am able to respecify the mail_location for the sql users. You should be able to do something similar, right? > > Of course, you are using dovecot 1.x, so maybe it's more difficult? > > Still, mbox is bad. No one should use mbox. Ok I've switched to Dovecot version 2 which indeed allows to use a per userdb mail location (mail= instead of mail_location). As for maildir versus mbox I was able to turn to maildir for the local users which messages are delivered by procmail. For the virtual users, unfortunately for now, my smtp daemon, postoffice smtpd, is only mbox capable with no alternate LDA possibility. # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.3-RELEASE amd64 disable_plaintext_auth = no first_valid_gid = 6 first_valid_uid = 6 mail_privileged_group = mail passdb { args = * driver = pam } passdb { args = username_format=%n /etc/virtual/%d/passwd driver = passwd-file } protocols = imap service auth { user = root } ssl = no userdb { args = blocking=yes driver = passwd override_fields = mail=maildir:~/Maildir/ } userdb { args = uid=mail gid=mail driver = static override_fields = mail=mbox:/var/spool/virtual/%d/%n.imap/:INBOX=/var/spool/virtual/%d/%n } protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep } Thanks to all! From kremels at kreme.com Tue Sep 3 00:06:03 2013 From: kremels at kreme.com (LuKreme) Date: Mon, 2 Sep 2013 15:06:03 -0600 Subject: [Dovecot] Auth error in log In-Reply-To: <20130902134014.GI8173@whatever.nu> References: <20130821065252.GY2125@whatever.nu> <20130902134014.GI8173@whatever.nu> Message-ID: On 02 Sep 2013, at 07:40 , Per-Henrik Lundblom wrote: >> When a virtual user defined in the MySQL database tries to log in using >> IMAP or SMTP I always get auth failures logged in the system logs. >> Entries are like this: >> >> Aug 21 06:25:36 roadrunner dovecot-auth: pam_unix(dovecot:auth): >> authentication failure; logname= uid=0 euid=0 tty=dovecot >> ruser=luser at mydomain.com rhost=85.224.xx.xx >> >> I assume these failures comes form the fact that PAM doesn't recognize >> the virtual users and Dovecot continues to the SQL passdb entry. As a >> result I get a _lot_ of auth failures in the logs. >> >> I have tried to come up with a way where the auth failures from PAM >> arent't logged if the the SQL authenication is successful. Is this >> possible or are there any other recommended ways to handle this? > > How do other users solve this issue? The simple way is to just ignore > all the logged auth failures but that seems too easy. There's nothing to solve. If you have multiple authentication methods then any but the right one will fail, obviously. That said, I don't see these at all (I have pam and sql set). Are you logging to a dovecot log file or to syslog? This is what I see in maillog: Sep 2 15:00:51 mail dovecot: imap-login: Login: user=<*user*@*domain.tld*>, 12.34.56.789, PLAIN, TLS Sep 2 10:10:54 mail dovecot: imap-login: Login: user=, 12.34.56.798, PLAIN, TLS -- In other news, Gandalf died. -- Secret Diary of Boromir From noeldude at gmail.com Tue Sep 3 00:11:49 2013 From: noeldude at gmail.com (Noel) Date: Mon, 02 Sep 2013 16:11:49 -0500 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: <5224940F.1020806@Media-Brokers.com> References: <52235681.5030804@Media-Brokers.com> <52239CA7.7050300@gmail.com> <52244881.80202@hardwarefreak.com> <5224940F.1020806@Media-Brokers.com> Message-ID: <5224FF15.4090908@gmail.com> On 9/2/2013 8:35 AM, Charles Marcus wrote: > 2. A blacklist that when triggered (x failed login attempts in x > seconds), doesn't try to block the IP, but rather prevents login > attempts for that user account from even reaching the AUTH stage - > *unless* the IP in question is in the whitelist. > > The question is, where is this best dealt with - firewall (can > fail2ban do anything like this?), or would it have to be done in > dovecot? > I'm already using fail2ban to block IPs that have too many AUTH failures. Fail2ban is pretty flexible -- it watches the log and counts strings you specify, then runs a command or script you specify. If the username is logged, I suppose it's possible to run something to temporarily disable that user. It would be a lot easier to deploy if some sort of blocker were built into dovecot -- after X number of failures during Y seconds, fail all future attempts for the account for T seconds. Maybe reset the timer on each attempt during the blackout period so the timer never expires on the persistent distributed brute force attacks. I suppose there would also need to be a way to whitelist IPs so the account owner can get in. -- Noel Jones From other at ahhyes.net Tue Sep 3 04:59:23 2013 From: other at ahhyes.net (other at ahhyes.net) Date: Tue, 03 Sep 2013 11:59:23 +1000 Subject: [Dovecot] stopping dictionary attacks (pop3) Message-ID: Hi Guys, I was really hoping a couple of years later this would be addressed... I'm running Dovecot 2.2.5 on FreeBSD. Is there anyway to limit the number of auth attempts allowed in a single session? The reason for this is because I have "fail2ban" setup to firewall out any IP addresses that repeatedly auth fails. The issue occurs when the connection is already in an "established" state and the attacker uses the existing session to hammer away, fail2ban becomes ineffective as dovecot appears to allow the person to attempt authentication ad infinitum. It would be nice if there was config option that would for example cause the software to close the connection after X failed attempts. I use "pf" as the firewall on FreeBSD. Unless there was some command I could have fail2ban run a command that would destroy any tcp sessions in an established state prior to adding the offending IP to the block list, that would be the only way around the problem. Ideally it would be nice for dovecot have an option to control the number of failed auth attempts. Any suggestions? Cheers, Alex. From reganyelcich at gmail.com Tue Sep 3 05:22:30 2013 From: reganyelcich at gmail.com (Regan Yelcich) Date: Tue, 3 Sep 2013 14:22:30 +1200 Subject: [Dovecot] setup of dovecot as proxy to dbmail Message-ID: Can anyone point me in the direction of a detailed how-to for setting up a postfix and dovecot (proxy) node with dbmail? In particular I'm looking for a how-to which shows dovecot authenticating against the dbmail database directly. The only example I've found is this one which requires a duplication of the user database. http://content.fens.org/index.php?q=admin-howto/mail/dovecot2dbmail-proxy Thanks. From h.reindl at thelounge.net Tue Sep 3 05:43:09 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 03 Sep 2013 04:43:09 +0200 Subject: [Dovecot] setup of dovecot as proxy to dbmail In-Reply-To: References: Message-ID: <52254CBD.2060309@thelounge.net> Am 03.09.2013 04:22, schrieb Regan Yelcich: > Can anyone point me in the direction of a detailed how-to for setting up a postfix and dovecot (proxy) node with dbmail? > > In particular I'm looking for a how-to which shows dovecot authenticating against the dbmail database directly. > > The only example I've found is this one which requires a duplication of the user database. > http://content.fens.org/index.php?q=admin-howto/mail/dovecot2dbmail-proxy no idea why someone would duplicate existing data ___________________________________________________ [root at testserver:~]$ cat /etc/dovecot/sql.conf driver = mysql connect = host=/var/lib/mysql/mysqld.sock dbname=dbmail user=dbmail password=*********** password_query = SELECT passwd as password, '127.0.0.1' as host, userid as destuser, passwd AS pass, 'Y' AS nologin, 'Y' AS nodelay, 'Y' AS proxy FROM dbmail_users WHERE userid='%u' default_pass_scheme = plain ___________________________________________________ [root at testserver:~]$ cat /etc/dovecot/dovecot.conf # provided services protocols = imap pop3 # configure ssl ssl = yes ssl_cert = port = 143 } inet_listener imaps { address = port = 993 } vsz_limit = 256M service_count = 0 process_min_avail = 1 process_limit = 1 client_limit = 200 } # configure pop3-proxy service pop3-login { inet_listener pop3 { address = port = 110 } inet_listener pop3s { address = port = 995 } vsz_limit = 256M service_count = 0 process_min_avail = 1 process_limit = 1 client_limit = 200 } # default settings imap_capability = IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE login_greeting = login_log_format_elements = %u %r %m %c login_log_format = %$: %s mail_max_userip_connections = 100 auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN disable_plaintext_auth = no shutdown_clients = no version_ignore = yes # Logging syslog_facility = mail # authentication process auth_worker_max_count = 50 auth_cache_size = 1024 auth_cache_ttl = 600 auth_cache_negative_ttl = 600 auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz # debug options auth_debug = no auth_debug_passwords = no auth_verbose = no mail_debug = no verbose_ssl = no # configure proxy-database passdb { driver = sql args = /etc/dovecot/sql.conf } # we are not using local users userdb { driver = static args = static uid=10000 gid=10000 home=/dev/null } # configure backend for postfix sasl-auth service auth { unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From noeldude at gmail.com Tue Sep 3 07:34:33 2013 From: noeldude at gmail.com (Noel) Date: Mon, 02 Sep 2013 23:34:33 -0500 Subject: [Dovecot] stopping dictionary attacks (pop3) In-Reply-To: References: Message-ID: <522566D9.1040800@gmail.com> On 9/2/2013 8:59 PM, other at ahhyes.net wrote: > Hi Guys, > > I was really hoping a couple of years later this would be > addressed... I'm running Dovecot 2.2.5 on FreeBSD. > > Is there anyway to limit the number of auth attempts allowed in a > single session? The reason for this is because I have "fail2ban" > setup to firewall out any IP addresses that repeatedly auth fails. > The issue occurs when the connection is already in an > "established" state and the attacker uses the existing session to > hammer away, fail2ban becomes ineffective as dovecot appears to > allow the person to attempt authentication ad infinitum. > > It would be nice if there was config option that would for example > cause the software to close the connection after X failed > attempts. I use "pf" as the firewall on FreeBSD. The secret is the "pfctl -k IP" command to drop state for the offending IP. Just add it to your fail2ban action command. action = /sbin/pfctl {whatever you have now} && /sbin/pfctl -k A nice writeup of fail2ban and pf can be found here: http://www.effu.se/2011/03/Integrating-PF-with-Fail2ban-0.9 -- Noel Jones From CMarcus at Media-Brokers.com Tue Sep 3 13:12:45 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 03 Sep 2013 06:12:45 -0400 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: <5224FF15.4090908@gmail.com> References: <52235681.5030804@Media-Brokers.com> <52239CA7.7050300@gmail.com> <52244881.80202@hardwarefreak.com> <5224940F.1020806@Media-Brokers.com> <5224FF15.4090908@gmail.com> Message-ID: <5225B61D.1080004@Media-Brokers.com> On 2013-09-02 5:11 PM, Noel wrote: > It would be a lot easier to deploy if some sort of blocker were > built into dovecot -- after X number of failures during Y seconds, > fail all future attempts for the account for T seconds. But again, totally blocking all AUTH attempts like that even blocks valid attempts by the real user. Having a whitelist that tracks valid user+IP logins would prevent that. > Maybe reset the timer on each attempt during the blackout period so the timer > never expires on the persistent distributed brute force attacks. I > suppose there would also need to be a way to whitelist IPs so the > account owner can get in. Ummm... maybe you didn't read what I wrote? That is what I meant by 'whitelist' in item 1... ;) On 2013-09-02 9:59 PM, other at ahhyes.net wrote: > Is there anyway to limit the number of auth attempts allowed in a > single session? The reason for this is because I have "fail2ban" setup > to firewall out any IP addresses that repeatedly auth fails. Is there a way to tell fail2ban to block connection attempts NOT based on IP, but based on other values or value combinations (like user+IP)? From wildfire at progsoc.org Tue Sep 3 16:42:46 2013 From: wildfire at progsoc.org (Anand Kumria) Date: Tue, 3 Sep 2013 14:42:46 +0100 Subject: [Dovecot] sync re-copies emails assigning new UIDs In-Reply-To: References: Message-ID: I've now upgraded my server to Dovecot v2.2.5 - and the same problem still occurs. Has anyone else had Dovecot consistently fail to sync remote users? I've been trying this essentially daily for the last month to finish this migration off, with no success. :-( A On 3 August 2013 11:28, Anand Kumria wrote: > Hi, > > I have been (attempting) to transition a company from in-house dovecot 1.x > to a hosted dovecot 2.2 setup. > > I am running the doveadm sync command, and for the four mailboxes have > been blocked -- sync'ing seem to be copying the same mails, over and over > (note, initially I was using doveadm backup but my reading has indicated > that 'doveadm sync' is better) > > Example: > > # date && doveadm -v -o imapc_user=kaye at example.com -o > imapc_password=*pass* -o imapc_host=imap.example.com -o imapc_port=993 -o > imapc_ssl=imaps -o imap > c_ssl_dir=/etc/ssl -o imapc_feature=rfc822.size -o imapc_ssl_verify=no > sync -1 -R -u kaye at example.com imapc: > Sat Aug 3 09:05:37 UTC 2013 > [...] > dsync(kaye at example.com): Info: copy from INBOX: box=INBOX, uid=5306, > msgid=, size=13544 > dsync(kaye at example.com): Info: copy from INBOX: box=INBOX, uid=5307, > msgid=<006b01ce8dad$b8864930$2992db90$@com.au>, size=10163563 > [...] > dsync(kaye at example.com): Info: copy from INBOX: box=INBOX, uid=5311, > msgid=, size=46658 > [...] > > > # date && doveadm -v -o imapc_user=kaye at example.com -o > imapc_password=*pass* -o imapc_host=imap.example.com -o imapc_port=993 -o > imapc_ssl=imaps -o imapc_ssl_dir=/etc/ssl -o imapc_feature=rfc822.size -o > imapc_ssl_verify=no sync -1 -R -u kaye at example.com imapc: > Sat Aug 3 10:01:48 UTC 2013 > [...] > dsync(kaye at kamdha.com): Info: copy from INBOX: box=INBOX, uid=5324, > msgid=, size=13544 > dsync(kaye at kamdha.com): Info: copy from INBOX: box=INBOX, uid=5325, > msgid=<006b01ce8dad$b8864930$2992db90$@com.au>, size=10163563 > [...] > dsync(kaye at kamdha.com): Info: copy from INBOX: box=INBOX, uid=5329, > msgid=, size=46658 > [...] > > The exact same number of emails (some in the INBOX, some in the Sent > folder) are transferred each time. > > In this case, I've firewalled the origin - so their entire mail system is > stopped whilst I do the transfer just in case modifications of IMAP flags > or additional delivieres might have been the problem. > > I am using Dovecot v2.2.4; is this normal expected behaviour? If so, what > is the best way to ensure that a migration is done without data loss. > > If this isn't expected, has anyone else seen this kind of error before? > > Thanks, > Anand > From noeldude at gmail.com Tue Sep 3 17:23:48 2013 From: noeldude at gmail.com (Noel) Date: Tue, 03 Sep 2013 09:23:48 -0500 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: <5225B61D.1080004@Media-Brokers.com> References: <52235681.5030804@Media-Brokers.com> <52239CA7.7050300@gmail.com> <52244881.80202@hardwarefreak.com> <5224940F.1020806@Media-Brokers.com> <5224FF15.4090908@gmail.com> <5225B61D.1080004@Media-Brokers.com> Message-ID: <5225F0F4.4020702@gmail.com> On 9/3/2013 5:12 AM, Charles Marcus wrote: > > Ummm... maybe you didn't read what I wrote? That is what I meant > by 'whitelist' in item 1... ;) > Yes, I think we're on the same page. > > On 2013-09-02 9:59 PM, other at ahhyes.net wrote: >> Is there anyway to limit the number of auth attempts allowed in a >> single session? The reason for this is because I have "fail2ban" >> setup to firewall out any IP addresses that repeatedly auth fails. > > Is there a way to tell fail2ban to block connection attempts NOT > based on IP, but based on other values or value combinations (like > user+IP)? > I'm not sure if fail2ban can trigger on a value combination, but it should be able to pull a username out of a log line and run some command on the username. Basically whatever you can do with a regexp and a single log line. Pull any value out of the log line and run a command or script with the value (usually an IP, but can be anything in that line). From vorgusa at gmail.com Tue Sep 3 17:49:42 2013 From: vorgusa at gmail.com (Chris Lasater) Date: Tue, 3 Sep 2013 10:49:42 -0400 Subject: [Dovecot] Dovecot is not creating directories properly for new accounts Message-ID: Hi, I have just set up a new dovecot server with Dovecot 2.2.5. When I create a new user and try to authenticate I get the following error Sep 03 14:33:38 imap(test2): Error: user test2: Initialization failed: Initializing mail storage from mail_location setting failed: mkdir(/home/user/apps/var/mail/imap/test2/mailboxes) failed: Permission denied (euid=503(imapd) egid=503(imapd) missing +w perm: /home/user/apps/var/mail, we're not in group 502(dovecot), dir owned by 502:502 mode=0775) Sep 03 14:33:38 imap(test2): Error: Invalid user settings. Refer to server log for more information. imapd is in the dovecot group and here are the permissions [user at MB1 logs]$ ll /home/user/apps/var/ total 4 drwxrwxr-x 4 dovecot dovecot 4096 Sep 3 14:35 mail [user at MB1 logs]$ id imapd uid=503(imapd) gid=503(imapd) groups=503(imapd),500(user),502(dovecot) if I su - imapd and then run mkdir -p /home/user/apps/var/mail/imap/test2/mailboxes everything starts working and the user can log in. Isn't Dovecot supposed to be able to create these? From tim.schneider at portabile.net Tue Sep 3 20:11:40 2013 From: tim.schneider at portabile.net (Tim Schneider) Date: Tue, 3 Sep 2013 19:11:40 +0200 Subject: [Dovecot] Deleting messages with Mac Mail via IMAP Message-ID: <74E461A1-D5D1-48D1-94EA-23ED9FB2EC99@portabile.net> Hello mailing list subscribers! When I delete a message in Mac Mail 6.5 (OS X 10.8.4), with the option to move messages to the trash set in Mac Mail account preferences, the message is copied to the trash, and markes as trashed in the cur/inbox directory on the server (STa flag in the file name). My horde webmail then displays this messages correctly as trashed in the inbox. However, I want the message to be gone from the inbox. Quitting Mac Mail deletes it in the inbox reliably. Is there any IMAP setting for dovecot to get move, and not copy and mark as trashed behavior? Here are my dovecot settings: # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 ext4 auth_mechanisms = plain login mail_location = maildir:/var/mail/vhosts/%d/%n mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = admin at xxx.xxx protocols = imap pop3 lmtp sieve service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 995 ssl = yes } } ssl = required ssl_cert = References: <74E461A1-D5D1-48D1-94EA-23ED9FB2EC99@portabile.net> Message-ID: <52262A0C.8020102@enas.net> Hi, if I remember correctly, there is no option in the IMAP protocol to move a message per se. Moving a message to trash or elswere will copy the message first and then mark the message as deleted from original folder. If you would like to delete it immediately after storing in the odther folder, there must be some flag (expunge) to set in your mail client. As I just said, I'm not shure if I rember correctly. Regards Urban Am 03.09.2013 19:11, schrieb Tim Schneider: > Hello mailing list subscribers! > > When I delete a message in Mac Mail 6.5 (OS X 10.8.4), > with the option to move messages to the trash set in Mac Mail account preferences, > the message is copied to the trash, and markes as trashed in the cur/inbox directory on the server (STa flag in the file name). > > My horde webmail then displays this messages correctly as trashed in the inbox. > However, I want the message to be gone from the inbox. > > Quitting Mac Mail deletes it in the inbox reliably. > > Is there any IMAP setting for dovecot to get move, and not copy and mark as trashed behavior? > > Here are my dovecot settings: > > # 2.1.7: /etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 ext4 > auth_mechanisms = plain login > mail_location = maildir:/var/mail/vhosts/%d/%n > mail_privileged_group = mail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > postmaster_address = admin at xxx.xxx > protocols = imap pop3 lmtp sieve > service auth-worker { > user = vmail > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > unix_listener auth-userdb { > mode = 0600 > user = vmail > } > user = dovecot > } > service imap-login { > inet_listener imap { > port = 0 > } > inet_listener imaps { > port = 993 > ssl = yes > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service pop3-login { > inet_listener pop3 { > port = 0 > } > inet_listener pop3s { > port = 995 > ssl = yes > } > } > ssl = required > ssl_cert = ssl_key = submission_host = localhost > userdb { > args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n > driver = static > } > protocol lda { > mail_plugins = " sieve" > } > From slusarz at curecanti.org Tue Sep 3 21:32:05 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Tue, 03 Sep 2013 12:32:05 -0600 Subject: [Dovecot] Deleting messages with Mac Mail via IMAP In-Reply-To: <52262A0C.8020102@enas.net> References: <74E461A1-D5D1-48D1-94EA-23ED9FB2EC99@portabile.net> <52262A0C.8020102@enas.net> Message-ID: <20130903123205.Horde.5zGOuZOCWhfuK9p-KZDQcw8@bigworm.curecanti.org> Quoting Urban Loesch : > if I remember correctly, there is no option in the IMAP protocol to > move a message per se. That recently changed: http://tools.ietf.org/html/rfc6851 michael From tim.schneider at portabile.net Wed Sep 4 00:25:11 2013 From: tim.schneider at portabile.net (Tim Schneider) Date: Tue, 3 Sep 2013 23:25:11 +0200 Subject: [Dovecot] Deleting messages with Mac Mail via IMAP In-Reply-To: <2A8B7A40C130385F7578C44D@ritz.innovate.net> References: <74E461A1-D5D1-48D1-94EA-23ED9FB2EC99@portabile.net> <2A8B7A40C130385F7578C44D@ritz.innovate.net> Message-ID: <5B730855-7286-4E49-B265-D3918D0969C2@portabile.net> The right wording (expunge) provided me with some clues. Anyway, Mac Mail does not have such a flag. It seems to be deliberately designed to do the expunge on quitting the application. Expunge can also be triggered by using cmd+shift+k with no marked messages to empty all trashes. Using this command, one can also mark a message and expunge it directly, bypassing the trash. I don't want to exclude the possiblity that this has got something to do with the IDLE system, and could be resolved by, for example, providing the right IMAP capabilities flags upon com init. Interestingly, iOS mail does delete the message in the inbox directly when moving it to trash. Thanks anyway to the contributors of this thread, I think I will have to accept this behavior, since Apple does usually not care about customer requests to resolve bugs. Mostly they declare them to be intended stupidity, even when they sell items that behave just the opposite way. Anyway, Zarafa mail server has a flag imap_expunge_on_delete. Perhaps this would be a useful feature for Dovecot to protect admins from angry customers who use well-designed Apple products. On 2013-09-03, at 20:16 , lists-dovecot wrote: > > > ------------ Original Message ------------ >> Date: Tuesday, September 03, 2013 07:11:40 PM +0200 >> From: Tim Schneider >> To: dovecot at dovecot.org >> Subject: [Dovecot] Deleting messages with Mac Mail via IMAP >> >> Hello mailing list subscribers! >> >> When I delete a message in Mac Mail 6.5 (OS X 10.8.4), >> with the option to move messages to the trash set in Mac Mail >> account preferences, the message is copied to the trash, and >> markes as trashed in the cur/inbox directory on the server (STa >> flag in the file name). >> >> My horde webmail then displays this messages correctly as trashed >> in the inbox. However, I want the message to be gone from the >> inbox. >> >> Quitting Mac Mail deletes it in the inbox reliably. >> >> Is there any IMAP setting for dovecot to get move, and not copy >> and mark as trashed behavior? >> From reganyelcich at gmail.com Wed Sep 4 02:49:56 2013 From: reganyelcich at gmail.com (Regan Yelcich) Date: Wed, 4 Sep 2013 11:49:56 +1200 Subject: [Dovecot] dsync - convert plugin missing? Message-ID: <65D8C7FB-DC7B-4CCD-8817-AB8CA4DB3F16@gmail.com> I'm looking to convert my mbox mailboxes over to Maildir. But when I try to run the dsync command: (changed with my variables) dsync -u username mirror mbox:~/mail:INBOX=/var/mail/username found on this dovecot v2.X page here: http://wiki2.dovecot.org/Migration/MailFormat I get an error that it can't find the "convert" plugin. Am I doing something wrong? Thanks. From kremels at kreme.com Wed Sep 4 17:12:49 2013 From: kremels at kreme.com (LuKreme) Date: Wed, 4 Sep 2013 08:12:49 -0600 Subject: [Dovecot] OT: z-Push In-Reply-To: References: <2527D796-B1BC-4D21-B59E-35DC9A7C46F5@roessner-network-solutions.com> Message-ID: On 19 Sep 2012, at 13:48 , Christian R??ner wrote: > unfortunately z-Push is much too buggy here. So I dropped it in favor of standard IMAP. I don't understand this statement (and yes, I know this was last year). z-Push is, as I understand it, a tool that runs on top of 'standard IMAP' and not something that you would replace with standard IMAP. And standard IMAP doesn't (or at least not on any mobile phones I've seen) push notifications for any folders, though most mobile MUAs will poll INBOX and notify you about those messages. -- If it wasn't for the pirates, I bet Star Wars: Ep III would have mad $50 million its first DAY! From dovecot at lars-uhlmann.de Wed Sep 4 17:20:39 2013 From: dovecot at lars-uhlmann.de (Lars Uhlmann) Date: Wed, 4 Sep 2013 16:20:39 +0200 Subject: [Dovecot] permission problem when using public namespace and "subscription = yes" Message-ID: <20130904162039.726bde3e@achilles.local.net> I have configured an public namespace "Test" for a group of users: | namespace public { | separator = . | prefix = Test. | location = maildir:/mailroot/public/Test | hidden = no | list = yes | subscriptions = yes | } Using each users own subscription file for a public mailbox doesn't make sense when the mailbox is heavily used. Every directory operation (create/rename) needs to be synced between all subscribers automatically and immediately. So I set "subscriptions = yes". My ACLS look like this: | user=mark lrwstiekx | user=tim lrwstiekx | user=max lr | user=jenny lrwstiekx | user=louis lr Nevertheless _all_ my mail users still have access to the namespace's directory tree. It is my understanding that when a user doesn't has 'lookup' access, he should not be able to subscribe to this mailbox. In my opinion this is a security problem. ACLs must be processed _before_ a shared subscrition file is parsed. regards Lars From vorgusa at gmail.com Wed Sep 4 17:45:15 2013 From: vorgusa at gmail.com (Chris) Date: Wed, 04 Sep 2013 10:45:15 -0400 Subject: [Dovecot] Dovecot is not creating directories properly for new accounts In-Reply-To: References: Message-ID: <5227477B.9030502@gmail.com> Dovecot is able to create the other directories after the main home folder is created, it might be having issues creating the parent directories On 09/03/2013 10:49 AM, Chris Lasater wrote: > Hi, > I have just set up a new dovecot server with Dovecot 2.2.5. When I > create a new user and try to authenticate I get the following error > > Sep 03 14:33:38 imap(test2): Error: user test2: Initialization failed: > Initializing mail storage from mail_location setting failed: > mkdir(/home/user/apps/var/mail/imap/test2/mailboxes) failed: > Permission denied (euid=503(imapd) egid=503(imapd) missing +w perm: > /home/user/apps/var/mail, we're not in group 502(dovecot), dir owned > by 502:502 mode=0775) > Sep 03 14:33:38 imap(test2): Error: Invalid user settings. Refer to > server log for more information. > > imapd is in the dovecot group and here are the permissions > > [user at MB1 logs]$ ll /home/user/apps/var/ > total 4 > drwxrwxr-x 4 dovecot dovecot 4096 Sep 3 14:35 mail > > [user at MB1 logs]$ id imapd > uid=503(imapd) gid=503(imapd) groups=503(imapd),500(user),502(dovecot) > > > if I su - imapd and then run mkdir -p > /home/user/apps/var/mail/imap/test2/mailboxes > > everything starts working and the user can log in. Isn't Dovecot > supposed to be able to create these? From rs at sys4.de Wed Sep 4 20:20:10 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 04 Sep 2013 19:20:10 +0200 Subject: [Dovecot] OT: z-Push In-Reply-To: References: <2527D796-B1BC-4D21-B59E-35DC9A7C46F5@roessner-network-solutions.com> Message-ID: <52276BCA.2050001@sys4.de> Am 04.09.2013 16:12, schrieb LuKreme: > On 19 Sep 2012, at 13:48 , Christian R??ner wrote: >> unfortunately z-Push is much too buggy here. So I dropped it in favor of standard IMAP. > > I don't understand this statement (and yes, I know this was last year). > > z-Push is, as I understand it, a tool that runs on top of 'standard IMAP' and not something that you would replace with standard IMAP. its a free php solution for active sync mail, backend is imap you may try new horde webmail with "more complete" active sync solution ( this means it basicly http(s) hosted ) also give you addressbook, calendar etc "with active sync compatible clients" like outlook 2013 etc > > And standard IMAP doesn't (or at least not on any mobile phones I've seen) push notifications for any folders, though most mobile MUAs will poll INBOX and notify you about those messages. > "push mail" is more some "buzz wording" then an exact tec description, for "pure mail", imap clients like android k9 act "push mail", with imap idle just like the android mail client in exchange mode ( active sync ) for "normal" users if you want only mail/imap i.e k9 mail imap seems to me the better tec solution the "push mail" imap stuff for mobiles is "overnamed" with "imap lemonade extensions" , some of them are on the road for dovecot or implemented ( lots of rfcs ), at my last review, but however it may last some time lemonade clients will get out Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From vorgusa at gmail.com Wed Sep 4 21:29:45 2013 From: vorgusa at gmail.com (Chris) Date: Wed, 04 Sep 2013 14:29:45 -0400 Subject: [Dovecot] login_log_format_elements does not appear to be changing log format 2.2.5 Message-ID: <52277C19.4020001@gmail.com> Hi, login_log_format_elements does not seem to change the login logs. I have it set to the below setting and the word "home" does not even appear. Is there something I have to do to for this? Also I use ldap for authentication. [user at MB1 logs]$ doveconf -n | grep -i log debug_log_path = /home/user/apps/logs/dovecot_debug.log info_log_path = /home/user/apps/logs/dovecot_info.log log_path = /home/user/apps/logs/dovecot.log login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c home=%h service imap-login { chroot = login executable = imap-login type = login user = $default_login_user [user at MB1 dovecot]$ tail -1 ~/apps/logs/dovecot_info.log Sep 04 18:19:55 imap-login: Info: Login: user=, method=PLAIN, rip=10.100.5.6, lip=10.100.5.103, mpid=6571 [user at MB1 dovecot]$ dovecot --version 2.2.5 From matt at the-wyvern.net Thu Sep 5 00:01:42 2013 From: matt at the-wyvern.net (Matt Devaney) Date: Wed, 4 Sep 2013 22:01:42 +0100 Subject: [Dovecot] Received header only showing localhost In-Reply-To: References: <008601cea27c$65eba6f0$31c2f4d0$@the-wyvern.net> <00d701cea4fd$8a061a60$9e124f20$@the-wyvern.net> Message-ID: <007801cea9b1$f5421fa0$dfc65ee0$@the-wyvern.net> Bill / Richard, Many thanks to both of you for your answers, they helped me take a step back and look at this again - and when I did that I found the problem in under 5 minutes :) Turns out my first guess (and indeed second guess) was wrong; it had nothing to do with Dovecot (as you'd both said). It was actually Postfix, which is configured to filter headers using the 'headers_check' functionality. I'd noticed this before, but when I saw the following: /^Received:/ IGNORE I initially assumed (incorrectly) that 'ignore' meant 'don't try check this header'. It doesn't, it means 'please remove it from the message' Remove that line and all is well with the world. Matt -----Original Message----- From: Bill Oliver [mailto:vendor at billoblog.com] Sent: 29 August 2013 23:01 To: Matt Devaney Cc: dovecot at dovecot.org Subject: Re: [Dovecot] Received header only showing localhost On Thu, 29 Aug 2013, Bill Oliver wrote: > nonsense Sorry, belay that -- I misread my own output. Doh. Headsmack. I thought I had fixed that issue but did not. billo From other at ahhyes.net Thu Sep 5 02:57:16 2013 From: other at ahhyes.net (other at ahhyes.net) Date: Thu, 05 Sep 2013 09:57:16 +1000 Subject: [Dovecot] stopping dictionary attacks (pop3) In-Reply-To: <522566D9.1040800@gmail.com> References: <522566D9.1040800@gmail.com> Message-ID: Hi Noel, Thank you for the hint. I've added what you suggested to the fail2ban action. I've had to resort to firewalling off the pop3 port to my ISP subnets and any subnets of ISP's I use when I am on the go. This will work for me since it's a personal server with only a few external users. Operators of shared hosting servers certainly wont have that luxury. I had no choice but to do this. Getting fail2ban to work effectively with dovecot is like trying to make a bad marriage work out. So, it would appear that dovecot only logs multiple failed auth's for a single session in ONE line of text in a log "failed, X attempts" rather than X lines of failures logged. This makes fail2ban useless in this case. Since one can fail to auth 10 times in a single session and fail2ban will not pick it up. Some feedback for the author, please try and improve things in this area. I really cant see why some functionality cannot be added as outlined in my original email, to disconnect the session after X failed attempts, and have a variable in a config file that allows some fine tuning of that. It's not a lot of code to add, you could probably do it in less than 10 lines of C. Cheers. A. On 2013-09-03 14:34, Noel wrote: > On 9/2/2013 8:59 PM, other at ahhyes.net wrote: >> Hi Guys, >> >> I was really hoping a couple of years later this would be >> addressed... I'm running Dovecot 2.2.5 on FreeBSD. >> >> Is there anyway to limit the number of auth attempts allowed in a >> single session? The reason for this is because I have "fail2ban" >> setup to firewall out any IP addresses that repeatedly auth fails. >> The issue occurs when the connection is already in an >> "established" state and the attacker uses the existing session to >> hammer away, fail2ban becomes ineffective as dovecot appears to >> allow the person to attempt authentication ad infinitum. >> >> It would be nice if there was config option that would for example >> cause the software to close the connection after X failed >> attempts. I use "pf" as the firewall on FreeBSD. > > The secret is the "pfctl -k IP" command to drop state for the > offending IP. Just add it to your fail2ban action command. > action = /sbin/pfctl {whatever you have now} && /sbin/pfctl -k > > > A nice writeup of fail2ban and pf can be found here: > http://www.effu.se/2011/03/Integrating-PF-with-Fail2ban-0.9 > > > > > -- Noel Jones From noeldude at gmail.com Thu Sep 5 05:04:22 2013 From: noeldude at gmail.com (Noel) Date: Wed, 04 Sep 2013 21:04:22 -0500 Subject: [Dovecot] stopping dictionary attacks (pop3) In-Reply-To: References: <522566D9.1040800@gmail.com> Message-ID: <5227E6A6.6040904@gmail.com> On 9/4/2013 6:57 PM, other at ahhyes.net wrote: > > I've had to resort to firewalling off the pop3 port to my ISP > subnets and any subnets of ISP's > I use when I am on the go. > > This will work for me since it's a personal server with only a few > external users. > Operators of shared hosting servers certainly wont have that luxury. On my personal sever I use http://www.ipdeny.com/ cidr blocks to only allow the countries where users are expected to be. Obviously not a solution for an ISP... -- Noel Jones From gerson at digirati.com.br Thu Sep 5 22:55:06 2013 From: gerson at digirati.com.br (Gerson Moraes) Date: Thu, 05 Sep 2013 16:55:06 -0300 Subject: [Dovecot] Vacation message and DMARC validation Message-ID: <5228E19A.7010503@digirati.com.br> Greetings, I have found an issue in the interaction between sieve vacation messages and the SPF, DKIM and DMARC email validation systems. For example, let's say we have a message coming from a at a.com to b at b.com at a server imap.mydomain.com. The account b at b.com has a vacation rule in sieve, and that generates an autoresponse to a at a.com. Our problem begins with the definition of section-5.1 in RFC5230 . It says that the envelope-from in vacation messages should be set to <>. This is the behavior currently implemented in Dovecot. We have recently added DMARC's authentication to our e-mail servers. DMARC needs one of the two authentication to pass, either SPF or DKIM. SPF works, but not the way DMARC needs it to. DMARC needs a valid SPF record that also matches the "From:" header. In this message, there are no envelope-from, so there are no domain to validate. This is the reason we use SRS to rewrite envelope-from (to do that we use the server address). The last option is to use DKIM authentication. We have clustered SMTP servers. So, in order to make a DKIM signature, the vacation message needs to be sent to the right server. That is, the server where the key to account b at b.com is available. To do that, we are implementing a modification to Dovecot source allowing the use of the envelope-from. The modified envelope-from will be used with the Postfix option "sender_dependent_relayhost_maps" in order to choose the right cluster. This does not break RFC5230, because the use of null sender is only a recommendation. I would like to know if a patch to the main project would be appreciated. Could you also please confirm if there are any future plans involving this feature, like an optional configuration for custom envelope-from? Thanks in advance, Gerson Moraes Digirati From vijayrajah at gmail.com Fri Sep 6 10:08:59 2013 From: vijayrajah at gmail.com (Vijay Rajah) Date: Fri, 6 Sep 2013 12:38:59 +0530 Subject: [Dovecot] fdatasync -- Error -- bad file descriptor Message-ID: Hello list, I have a dovecot 2.2.5 instance configured to use mdbox as mailbox format. I configured to use separate storage attachments and use SIS.. (doveconf -n below) I get this error Sep 6 12:29:52 vrajah.mydomain.tld dovecot: lmtp(14258, email at mydomain.tld): Error: fdatasync(/apps/mail/mailbox/attachments/23/12/2312039008db057a1c75-2efc2d00687d2952b2370000f89409f1) failed: Bad file descriptor I'm using centos 6.4 on a KVM with ext4 as fs. Can someone tell me why i'm getting this error? and how to fix this? -Thanks in advance Vijay ##########doveconf -n # 2.2.5: /apps/mail/dovecot/2.2.5/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.14.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) ext4 auth_mechanisms = plain login digest-md5 cram-md5 auth_socket_path = /apps/mail/var/dovecot/run/auth-userdb base_dir = /apps/mail/var/dovecot/run/ debug_log_path = /var/log/dovecot-debug.log dict { sqlquota = mysql:/apps/mail/dovecot/2.2.5/etc/dovecot/conf.d/sqlquota.dict.ext } hostname = mail1 at mydomain.tldmydomain.tld mail_attachment_dir = /apps/mail/mailbox/attachments mail_attachment_hash = %{sha256:80} mail_debug = yes mail_location = mdbox:/apps/mail/mailbox/%d/%n/mdbox mail_plugin_dir = /apps/mail/dovecot/2.2.5/lib/dovecot/ mail_plugins = " virtual quota zlib" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl dotlock mdbox_rotate_size = 1 M namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /apps/mail/dovecot/2.2.5/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = dict:User quota::proxy::sqlquota quota_grace = 10%% quota_rule = *:storage=1GB quota_rule2 = Trash:storage=+10%% quota_rule3 = Spam:storage=+20%% quota_status_nouser = DUNNO quota_status_overquota = 450 4.2.2 Mailbox is full. Try again later quota_status_success = DUNNO quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u quota_warning3 = -storage=100%% quota-warning below %u sieve = ~/.dovecot.sieve sieve_before = /apps/mail/var/dovecot/sieve/ sieve_dir = ~/sieve sieve_global_dir = /apps/mail/var/dovecot/sieve zlib_save = bz2 zlib_save_level = 9 } protocols = imap lmtp sieve service auth { unix_listener /apps/mail/var/postfix/dovecot-auth { group = postfix mode = 0660 user = postfix } } service dict { unix_listener dict { group = vmail mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 143 } } service lmtp { unix_listener /apps/mail/var/postfix/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 10 vsz_limit = 64 M } service managesieve { process_limit = 1024 } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12340 } } service quota-warning { executable = script /apps/mail/dovecot/2.2.5/etc/dovecot/conf.d/quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } user = vmail } shutdown_clients = no ssl_ca = Hello there, I'm trying to use the doveadm expunge function, but it doesn't seems to work.. I have installed a mail test server using iredmail, Dovecot and postfix using mysql for authentications. I sent a email to this server, and change the timestamp using touch. the mail boxes are as follow : /home/mail/vmail1/mydomain.fr/n/i/c/nicolas-2013.09.05.14.30.49/Maildir I want to delete mails that are, let's say, 1day old from the "Junk" folder. (I put the mail I changed the date in it). I run this command : doveadm -Dv expunge -u nicolas at mydomain.fr mailbox "Junk" savedbefore 1d The mail is still in the "Junk" folder, and I have this output : root at mail:/home/mail/vmail1# doveadm -Dv expunge -u nicolas at mydomain.fr mailbox "Junk" savedbefore 1d doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot/modules doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm doveadm(root): Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so doveadm(root): Debug: Skipping module doveadm_zlib_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_zlib_plugin.so: undefined symbol: i_stream_create_deflate (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_backend_rescan (this is usually intentional, so just ignore this message) doveadm(nicolas at mydomain.fr): Debug: Added userdb setting: plugin/master_user=nicolas at mydomain.fr doveadm(nicolas at mydomain.fr): Debug: Added userdb setting: plugin/quota_rule=*:bytes=1073741824 doveadm(nicolas at mydomain.fr): Debug: Effective uid=2000, gid=2000, home=/home/mail/vmail1/mydomain.fr/n/i/c/nicolas-2013.09.05.14.30.49/ doveadm(nicolas at mydomain.fr): Debug: Quota root: name=user backend=dict args=:proxy::quotadict doveadm(nicolas at mydomain.fr): Debug: Quota rule: root=user mailbox=* bytes=1073741824 messages=0 doveadm(nicolas at mydomain.fr): Debug: Quota warning: bytes=912680550 (85%) messages=0 reverse=no command=quota-warning 85 nicolas at mydomain.fr doveadm(nicolas at mydomain.fr): Debug: Quota warning: bytes=966367641 (90%) messages=0 reverse=no command=quota-warning 90 nicolas at mydomain.fr doveadm(nicolas at mydomain.fr): Debug: Quota warning: bytes=1020054732 (95%) messages=0 reverse=no command=quota-warning 95 nicolas at mydomain.fr doveadm(nicolas at mydomain.fr): Debug: dict quota: user=nicolas at mydomain.fr, uri=proxy::quotadict, noenforcing=0 doveadm(nicolas at mydomain.fr): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir://home/mail/vmail1/mydomain.fr/n/i/c/nicolas-2013.09.05.14.30.49//Maildir/:INDEX=//home/mail/vmail1/mydomain.fr/n/i/c/nicolas-2013.09.05.14.30.49//Maildir/ doveadm(nicolas at mydomain.fr): Debug: maildir++: root=//home/mail/vmail1/mydomain.fr/n/i/c/nicolas-2013.09.05.14.30.49//Maildir, index=, control=, inbox=//home/mail/vmail1/mydomain.fr/n/i/c/nicolas-2013.09.05.14.30.49//Maildir, alt= doveadm(nicolas at mydomain.fr): Debug: Namespace : type=shared, prefix=Shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=yes location=maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/Shared/%u doveadm(nicolas at mydomain.fr): Debug: shared: root=/var/run/dovecot, index=, control=, inbox=, alt= I don't understand, the output seems to be OK, except loading modules at the begining, but I think there's no effect to expunge command... Anyone to help me, please ? Thnaks in advance Nicolas -- View this message in context: http://dovecot.2317879.n4.nabble.com/doveadm-expunge-problems-tp44200.html Sent from the Dovecot mailing list archive at Nabble.com. From nicolas at franceoxygene.fr Fri Sep 6 11:51:26 2013 From: nicolas at franceoxygene.fr (nicolasfo) Date: Fri, 6 Sep 2013 01:51:26 -0700 (PDT) Subject: [Dovecot] doveadm expunge problems In-Reply-To: <1378454749846-44200.post@n4.nabble.com> References: <1378454749846-44200.post@n4.nabble.com> Message-ID: <1378457486348-44201.post@n4.nabble.com> I just tried the doveadm search command : doveadm search -u *@mydomain.fr MAILBOX Junk : this command lists all emails in Junk users folders : OK doveadm search -u *@mydomain.fr MAILBOX Junk savedbefore 1d : don't lists anything.. What am I missed ? Is this the good way to change file date (touch) and by this way, have results to savedbefore command ? Thanks -- View this message in context: http://dovecot.2317879.n4.nabble.com/doveadm-expunge-problems-tp44200p44201.html Sent from the Dovecot mailing list archive at Nabble.com. From aldo at iae.nl Fri Sep 6 12:59:07 2013 From: aldo at iae.nl (Aldo & Caroline) Date: Fri, 6 Sep 2013 11:59:07 +0200 Subject: [Dovecot] Dovecot 2.1.7 not starting properly, mail not delivered Message-ID: On my debian box dovecot does not start properly any more, and mails don't get delivered or sent. I've googled around without finding any useful leads. Hopefully someone is willing to educate me. My guess is it must be a config problem after an upgrade, since I didn't change anything myself directly. Not sure when it started, since I this mail server is not our default machine (yet). Symptoms Upon /etc/init.d/dovecot restart my command line says [ ok ] Restarting IMAP/POP3 mail server: dovecot. But I find in /var/log/mail.log: Sep 6 11:17:36 debian2 dovecot: master: Warning: Killed with signal 15 (by pid=19112 uid=0 code=kill) Sep 6 11:17:36 debian2 dovecot: master: Dovecot v2.1.7 starting up (core dumps disabled) Sep 6 11:17:37 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:38 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:39 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:40 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:41 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:42 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:43 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:44 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:45 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:45 debian2 postfix/cleanup[18466]: warning: tcp:127.0.0.1:10001 lookup error for "aldo at alcatoka.nl" Sep 6 11:17:45 debian2 postfix/cleanup[18466]: warning: 57B7D3640073: sender_canonical_maps map lookup problem for aldo at alcatoka.nl Sep 6 11:17:45 debian2 postfix/pickup[17004]: warning: maildrop/4EA313640071: error writing 57B7D3640073: queue file write error I do NOT see a line like ... dovecot: auth-worker(default): pgsql: Connected to 127.0.0.1 (mailserver) as mentioned in this tutorial, which I used to set up the previous Dovecot version (which worked OK). When starting Dovecot from the command line with dovecot -F -c /etc/dovecot/dovecot.conf nothing is printed (as if the process is waiting for more input), while it should at least produce some output, right? I'm running Debian 7.1 with an ext3 filesystem together with Postfix 2.9.6 on an x86 machine. CPU info: processor : 0 vendor_id : AuthenticAMD cpu family : 16 model : 6 model name : AMD Sempron(tm) 140 Processor cpu MHz : 800.000 cache size : 1024 KB As far as I can tell, Postfix is running OK. /etc/dovecot/dovecot.conf says: # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.1 ext3 auth_mechanisms = plain login disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/var/vmail/%d/%n/Maildir mail_privileged_group = mail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocols = imap pop3 service auth { unix_listener auth-master { group = vmail mode = 0600 user = vmail } user = root } ssl_cert = Hi list I currently having troubles to "connect" dovecot (for proxy) to an existing LDAP. If I got the dovecot wiki right only userdb is needed for a proxy setup where the proxy does not authenticate but just forward to the backend for authentication. So I setup the following in dovecot-ldap.conf.ext user_attrs = =password,=y=nopasswd,=y=proxy,mailHost=host user_filter = (&(objectClass=posixAccount)(uid=%u)) There is a field mailHost in LDAP which defines the correct backend for the user and defined userdb in auth-ldap.conf.ext userdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext } the same config again in auth-system.conf.ext The problem is that dovecot always reports back that the user is unknown. I turned on ldap debug and got the following Sep 6 13:06:10 kolab-frontend dovecot: auth: Debug: ldap(tobi.szyndler at datapark.li,213.196.149.1,<88FSBrXlSQDVxJUB>): pass search: base=dc=datapark,dc=li scope=subtree filter=(&(objectClass=posixAccount)(uid=tobi.szyndler at datapark.li)) fields=mailHost Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_search Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: "(&(objectClass=posixAccount)(uid=tobi.szyndler at datapark.li))" Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: AND Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter_list "(objectClass=posixAccount)(uid=tobi.szyndler at datapark.li)" Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: "(objectClass=posixAccount)" Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: simple Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_simple_filter: "objectClass=posixAccount" Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: "(uid=tobi.szyndler at datapark.li)" Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: simple Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_simple_filter: "uid=tobi.szyndler at datapark.li" Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_build_search_req ATTRS: mailHost Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_send_initial_request Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_send_server_request Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_result ld 0x7fbc43fb4110 msgid -1 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg ld 0x7fbc43fb4110 msgid -1 (timeout 0 usec) Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg continue ld 0x7fbc43fb4110 msgid -1 all 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Connections: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: * host: 213.196.149.116 port: 389 (default) Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: refcnt: 2 status: Connected Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: last used: Fri Sep 6 13:06:10 2013 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Outstanding Requests: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: * msgid 4, origid 4, status InProgress Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 request count 1 (abandoned 0) Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Response Queue: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Empty Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 response count 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList ld 0x7fbc43fb4110 msgid -1 all 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fbc43fb4110 NULL Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_int_select Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: ld 0x7fbc43fb4110 msgid -1 all 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: ld 0x7fbc43fb4110 msgid 4 message type search-result Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: ld 0x7fbc43fb4110 0 new referrals Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: mark request completed, ld 0x7fbc43fb4110 msgid 4 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: request done: ld 0x7fbc43fb4110 msgid 4 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: res_errno: 0, res_error: <>, res_matched: <> Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_free_request (origid 4, msgid 4) Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_parse_result Sep 6 13:06:10 kolab-frontend dovecot: auth: ldap(tobi.szyndler at datapark.li,213.196.149.1,<88FSBrXlSQDVxJUB>): unknown user Sep 6 13:06:10 kolab-frontend dovecot: auth: Debug: ldap(tobi.szyndler at datapark.li,213.196.149.1,<88FSBrXlSQDVxJUB>): pass search: base=dc=datapark,dc=li scope=subtree filter=(&(objectClass=posixAccount)(uid=tobi.szyndler at datapark.li)) fields=mailHost Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_search Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: "(&(objectClass=posixAccount)(uid=tobi.szyndler at datapark.li))" Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: AND Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter_list "(objectClass=posixAccount)(uid=tobi.szyndler at datapark.li)" Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: "(objectClass=posixAccount)" Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: simple Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_simple_filter: "objectClass=posixAccount" Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: "(uid=tobi.szyndler at datapark.li)" Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: simple Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_simple_filter: "uid=tobi.szyndler at datapark.li" Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_build_search_req ATTRS: mailHost Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_send_initial_request Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_send_server_request Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_msgfree Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_result ld 0x7fbc43fb4110 msgid -1 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg ld 0x7fbc43fb4110 msgid -1 (timeout 0 usec) Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg continue ld 0x7fbc43fb4110 msgid -1 all 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Connections: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: * host: 213.196.149.116 port: 389 (default) Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: refcnt: 2 status: Connected Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: last used: Fri Sep 6 13:06:10 2013 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Outstanding Requests: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: * msgid 5, origid 5, status InProgress Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 request count 1 (abandoned 0) Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Response Queue: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Empty Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 response count 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList ld 0x7fbc43fb4110 msgid -1 all 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fbc43fb4110 NULL Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_int_select Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_result ld 0x7fbc43fb4110 msgid -1 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg ld 0x7fbc43fb4110 msgid -1 (timeout 0 usec) Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg continue ld 0x7fbc43fb4110 msgid -1 all 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Connections: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: * host: 213.196.149.116 port: 389 (default) Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: refcnt: 2 status: Connected Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: last used: Fri Sep 6 13:06:10 2013 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Outstanding Requests: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: * msgid 5, origid 5, status InProgress Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 request count 1 (abandoned 0) Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Response Queue: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Empty Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 response count 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList ld 0x7fbc43fb4110 msgid -1 all 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fbc43fb4110 NULL Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_int_select Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: ld 0x7fbc43fb4110 msgid -1 all 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: ld 0x7fbc43fb4110 msgid 5 message type search-result Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: ld 0x7fbc43fb4110 0 new referrals Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: mark request completed, ld 0x7fbc43fb4110 msgid 5 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: request done: ld 0x7fbc43fb4110 msgid 5 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: res_errno: 0, res_error: <>, res_matched: <> Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_free_request (origid 5, msgid 5) Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_parse_result Sep 6 13:06:10 kolab-frontend dovecot: auth: ldap(tobi.szyndler at datapark.li,213.196.149.1,<88FSBrXlSQDVxJUB>): unknown user Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_msgfree Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_result ld 0x7fbc43fb4110 msgid -1 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg ld 0x7fbc43fb4110 msgid -1 (timeout 0 usec) Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg continue ld 0x7fbc43fb4110 msgid -1 all 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Connections: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: * host: 213.196.149.116 port: 389 (default) Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: refcnt: 1 status: Connected Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: last used: Fri Sep 6 13:06:10 2013 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Outstanding Requests: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Empty Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 request count 0 (abandoned 0) Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Response Queue: Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Empty Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 response count 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList ld 0x7fbc43fb4110 msgid -1 all 0 Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fbc43fb4110 NULL Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_int_select I'm pretty sure that the error is 30cm in front of the screen :-) but I really don't see the problem Any help is highly appreciated Thanks tobi From kremels at kreme.com Fri Sep 6 17:56:20 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 6 Sep 2013 08:56:20 -0600 Subject: [Dovecot] Plus addressing Message-ID: It appease that I can enable +address filtering into separate mailboxes by simply setting $recipient_delimiter = '+'; However, is there anyway to get great control over that? For example, on one account I have a lot of +addresses I use. A few, I sort into mailboxes (like my bank, credit cards, etc). The rest are either on the ?spammer => /dev/null? list or get sorted into a mailbox named ?Misc? (like various newsletters and offers and sales from companies I do business with). -- Sigs are b0rk3d. From dovecot at vosslamber.nl Fri Sep 6 20:26:36 2013 From: dovecot at vosslamber.nl (Luuk@dovecot) Date: Fri, 06 Sep 2013 19:26:36 +0200 Subject: [Dovecot] Plus addressing In-Reply-To: References: Message-ID: <522A104C.6060707@vosslamber.nl> On 06-09-2013 16:56, LuKreme wrote: > It appease that I can enable +address filtering into separate mailboxes by simply setting > > $recipient_delimiter = '+'; > > However, is there anyway to get great control over that? > > For example, on one account I have a lot of +addresses I use. A few, I sort into mailboxes (like my bank, credit cards, etc). The rest are either on the ?spammer => /dev/null? list or get sorted into a mailbox named ?Misc? (like various newsletters and offers and sales from companies I do business with). > procmail ? From tobster at brain-force.ch Fri Sep 6 20:55:43 2013 From: tobster at brain-force.ch (Tobi) Date: Fri, 06 Sep 2013 19:55:43 +0200 Subject: [Dovecot] userdb with LDAP In-Reply-To: <5229BFCF.2010506@brain-force.ch> References: <5229BFCF.2010506@brain-force.ch> Message-ID: <522A171F.2040105@brain-force.ch> As expected it was human error :-) I never checked the form of the uid in LDAP. I just asumed it has to be user at domain.tld but it was only user So dovecot was perfectly right in not finding any matching record. After changing the form of the uid generation for LDAP to user at domain.tld I found that my user_attrs and pass_attrs were simply wrong. So changed to pass_attrs = =password=,=proxy=y,=nopassword=y,mailhost=host and commented user_attrs (seems not needed for proxy only) tobi Am 06.09.2013 13:43, schrieb Tobi: > Hi list > > I currently having troubles to "connect" dovecot (for proxy) to an > existing LDAP. > If I got the dovecot wiki right only userdb is needed for a proxy setup > where the proxy does not authenticate but just forward to the backend > for authentication. > > So I setup the following in dovecot-ldap.conf.ext > > user_attrs = =password,=y=nopasswd,=y=proxy,mailHost=host > user_filter = (&(objectClass=posixAccount)(uid=%u)) > > There is a field mailHost in LDAP which defines the correct backend for > the user > > and defined userdb in auth-ldap.conf.ext > > userdb { > driver = ldap > args = /etc/dovecot/dovecot-ldap.conf.ext > } > > the same config again in auth-system.conf.ext > > The problem is that dovecot always reports back that the user is > unknown. I turned on ldap debug and got the following > > Sep 6 13:06:10 kolab-frontend dovecot: auth: Debug: ldap(tobi.szyndler at datapark.li,213.196.149.1,<88FSBrXlSQDVxJUB>): pass search: base=dc=datapark,dc=li scope=subtree filter=(&(objectClass=posixAccount)(uid=tobi.szyndler at datapark.li)) fields=mailHost > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_search > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: "(&(objectClass=posixAccount)(uid=tobi.szyndler at datapark.li))" > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: AND > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter_list "(objectClass=posixAccount)(uid=tobi.szyndler at datapark.li)" > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: "(objectClass=posixAccount)" > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: simple > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_simple_filter: "objectClass=posixAccount" > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: "(uid=tobi.szyndler at datapark.li)" > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: simple > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_simple_filter: "uid=tobi.szyndler at datapark.li" > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_build_search_req ATTRS: mailHost > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_send_initial_request > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_send_server_request > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_result ld 0x7fbc43fb4110 msgid -1 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg ld 0x7fbc43fb4110 msgid -1 (timeout 0 usec) > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg continue ld 0x7fbc43fb4110 msgid -1 all 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Connections: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: * host: 213.196.149.116 port: 389 (default) > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: refcnt: 2 status: Connected > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: last used: Fri Sep 6 13:06:10 2013 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Outstanding Requests: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: * msgid 4, origid 4, status InProgress > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: outstanding referrals 0, parent count 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 request count 1 (abandoned 0) > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Response Queue: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Empty > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 response count 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList ld 0x7fbc43fb4110 msgid -1 all 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fbc43fb4110 NULL > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_int_select > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: ld 0x7fbc43fb4110 msgid -1 all 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: ld 0x7fbc43fb4110 msgid 4 message type search-result > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: ld 0x7fbc43fb4110 0 new referrals > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: mark request completed, ld 0x7fbc43fb4110 msgid 4 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: request done: ld 0x7fbc43fb4110 msgid 4 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: res_errno: 0, res_error: <>, res_matched: <> > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_free_request (origid 4, msgid 4) > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_parse_result > Sep 6 13:06:10 kolab-frontend dovecot: auth: ldap(tobi.szyndler at datapark.li,213.196.149.1,<88FSBrXlSQDVxJUB>): unknown user > Sep 6 13:06:10 kolab-frontend dovecot: auth: Debug: ldap(tobi.szyndler at datapark.li,213.196.149.1,<88FSBrXlSQDVxJUB>): pass search: base=dc=datapark,dc=li scope=subtree filter=(&(objectClass=posixAccount)(uid=tobi.szyndler at datapark.li)) fields=mailHost > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_search > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: "(&(objectClass=posixAccount)(uid=tobi.szyndler at datapark.li))" > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: AND > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter_list "(objectClass=posixAccount)(uid=tobi.szyndler at datapark.li)" > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: "(objectClass=posixAccount)" > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: simple > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_simple_filter: "objectClass=posixAccount" > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: "(uid=tobi.szyndler at datapark.li)" > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_filter: simple > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: put_simple_filter: "uid=tobi.szyndler at datapark.li" > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_build_search_req ATTRS: mailHost > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_send_initial_request > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_send_server_request > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_msgfree > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_result ld 0x7fbc43fb4110 msgid -1 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg ld 0x7fbc43fb4110 msgid -1 (timeout 0 usec) > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg continue ld 0x7fbc43fb4110 msgid -1 all 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Connections: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: * host: 213.196.149.116 port: 389 (default) > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: refcnt: 2 status: Connected > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: last used: Fri Sep 6 13:06:10 2013 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Outstanding Requests: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: * msgid 5, origid 5, status InProgress > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: outstanding referrals 0, parent count 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 request count 1 (abandoned 0) > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Response Queue: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Empty > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 response count 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList ld 0x7fbc43fb4110 msgid -1 all 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fbc43fb4110 NULL > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_int_select > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_result ld 0x7fbc43fb4110 msgid -1 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg ld 0x7fbc43fb4110 msgid -1 (timeout 0 usec) > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg continue ld 0x7fbc43fb4110 msgid -1 all 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Connections: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: * host: 213.196.149.116 port: 389 (default) > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: refcnt: 2 status: Connected > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: last used: Fri Sep 6 13:06:10 2013 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Outstanding Requests: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: * msgid 5, origid 5, status InProgress > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: outstanding referrals 0, parent count 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 request count 1 (abandoned 0) > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Response Queue: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Empty > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 response count 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList ld 0x7fbc43fb4110 msgid -1 all 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fbc43fb4110 NULL > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_int_select > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: ld 0x7fbc43fb4110 msgid -1 all 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: ld 0x7fbc43fb4110 msgid 5 message type search-result > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: ld 0x7fbc43fb4110 0 new referrals > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: read1msg: mark request completed, ld 0x7fbc43fb4110 msgid 5 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: request done: ld 0x7fbc43fb4110 msgid 5 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: res_errno: 0, res_error: <>, res_matched: <> > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_free_request (origid 5, msgid 5) > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_parse_result > Sep 6 13:06:10 kolab-frontend dovecot: auth: ldap(tobi.szyndler at datapark.li,213.196.149.1,<88FSBrXlSQDVxJUB>): unknown user > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_msgfree > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_result ld 0x7fbc43fb4110 msgid -1 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg ld 0x7fbc43fb4110 msgid -1 (timeout 0 usec) > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: wait4msg continue ld 0x7fbc43fb4110 msgid -1 all 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Connections: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: * host: 213.196.149.116 port: 389 (default) > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: refcnt: 1 status: Connected > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: last used: Fri Sep 6 13:06:10 2013 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Outstanding Requests: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Empty > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 request count 0 (abandoned 0) > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ** ld 0x7fbc43fb4110 Response Queue: > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: Empty > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ld 0x7fbc43fb4110 response count 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList ld 0x7fbc43fb4110 msgid -1 all 0 > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fbc43fb4110 NULL > Sep 6 13:06:10 kolab-frontend dovecot: auth: Error: ldap_int_select > > I'm pretty sure that the error is 30cm in front of the screen :-) but I > really don't see the problem > > Any help is highly appreciated > Thanks > > tobi > > From CMarcus at Media-Brokers.com Fri Sep 6 21:22:22 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 06 Sep 2013 14:22:22 -0400 Subject: [Dovecot] Plus addressing In-Reply-To: <522A104C.6060707@vosslamber.nl> References: <522A104C.6060707@vosslamber.nl> Message-ID: <522A1D5E.1020408@Media-Brokers.com> On 2013-09-06 1:26 PM, Luuk at dovecot wrote: > On 06-09-2013 16:56, LuKreme wrote: >> It appease that I can enable +address filtering into separate >> mailboxes by simply setting >> >> $recipient_delimiter = '+'; >> >> However, is there anyway to get great control over that? >> >> For example, on one account I have a lot of +addresses I use. A few, >> I sort into mailboxes (like my bank, credit cards, etc). The rest are >> either on the ?spammer => /dev/null? list or get sorted into a >> mailbox named ?Misc? (like various newsletters and offers and sales >> from companies I do business with). >> > > procmail ? > No way, not with dovecot - use sieve... the only reason to even remotely consider procmial is if you had a huge investment in procmail rules. Procmail is ancient, unmaintained crap-crud... ;) -- Best regards, */Charles/* From dovecot at vosslamber.nl Fri Sep 6 22:09:44 2013 From: dovecot at vosslamber.nl (Luuk) Date: Fri, 06 Sep 2013 21:09:44 +0200 Subject: [Dovecot] Plus addressing In-Reply-To: <522A1D5E.1020408@Media-Brokers.com> References: <522A104C.6060707@vosslamber.nl> <522A1D5E.1020408@Media-Brokers.com> Message-ID: <522A2878.8090904@vosslamber.nl> On 06-09-2013 20:22, Charles Marcus wrote: > On 2013-09-06 1:26 PM, Luuk at dovecot wrote: >> On 06-09-2013 16:56, LuKreme wrote: >>> It appease that I can enable +address filtering into separate >>> mailboxes by simply setting >>> >>> $recipient_delimiter = '+'; >>> >>> However, is there anyway to get great control over that? >>> >>> For example, on one account I have a lot of +addresses I use. A few, >>> I sort into mailboxes (like my bank, credit cards, etc). The rest are >>> either on the ?spammer => /dev/null? list or get sorted into a >>> mailbox named ?Misc? (like various newsletters and offers and sales >>> from companies I do business with). >>> >> >> procmail ? >> > > No way, not with dovecot - use sieve... > > the only reason to even remotely consider procmial is if you had a huge > investment in procmail rules. > > Procmail is ancient, unmaintained crap-crud... ;) > but i need time, and some good docs to get to know sieve..... (hints are welcome) the short time that i had so far only revealed that it seems to be more complex than the simple procmail things i use ;) From lstone19 at stonejongleux.com Fri Sep 6 22:41:59 2013 From: lstone19 at stonejongleux.com (Larry Stone) Date: Fri, 6 Sep 2013 14:41:59 -0500 (CDT) Subject: [Dovecot] Plus addressing In-Reply-To: <522A1D5E.1020408@Media-Brokers.com> References: <522A104C.6060707@vosslamber.nl> <522A1D5E.1020408@Media-Brokers.com> Message-ID: On Fri, 6 Sep 2013, Charles Marcus wrote: > On 2013-09-06 1:26 PM, Luuk at dovecot wrote: >> >> procmail ? >> > > No way, not with dovecot - use sieve... > > the only reason to even remotely consider procmial is if you had a huge > investment in procmail rules. > > Procmail is ancient, unmaintained crap-crud... ;) It may be unmaintained but since it works, what maintenance is needed. I've looked at Sieve but from what I've read, it's not as capable as Procmail. One thing I do with Procmail that I've yet to see as possible with Sieve is for messages from a particular sender, scan the contents for certain key phrases and if there, send an email to another external address (the email address for sending text messages to my phone) with content extracted from the original message (no, not a simple forward due to the SMS character limit). If Sieve is capable of the above, I'd appreciate a pointer to appropriate documentation. -- Larry Stone lstone19 at stonejongleux.com From delrio at mie.utoronto.ca Fri Sep 6 23:05:37 2013 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Fri, 06 Sep 2013 16:05:37 -0400 Subject: [Dovecot] Plus addressing In-Reply-To: References: <522A104C.6060707@vosslamber.nl> <522A1D5E.1020408@Media-Brokers.com> Message-ID: <522A3591.3090904@mie.utoronto.ca> On 09/ 6/13 03:41 PM, Larry Stone wrote: > > I've looked at Sieve but from what I've read, it's not as capable as > Procmail. One thing I do with Procmail that I've yet to see as > possible with Sieve is for messages from a particular sender, scan the > contents for certain key phrases and if there, send an email to > another external address (the email address for sending text messages > to my phone) with content extracted from the original message (no, not > a simple forward due to the SMS character limit). > > If Sieve is capable of the above, I'd appreciate a pointer to > appropriate documentation. > I guess the sieve extprograms extension should be able to do anything that can be scripted. http://hg.rename-it.nl/dovecot-2.2-pigeonhole/raw-file/tip/doc/rfc/spec-bosch-sieve-extprograms.txt From sca at andreasschulze.de Fri Sep 6 23:40:19 2013 From: sca at andreasschulze.de (Andreas Schulze) Date: Fri, 6 Sep 2013 22:40:19 +0200 Subject: [Dovecot] sieve vacation question Message-ID: <20130906204019.GA26278@solar.andreasschulze.de> Hello Stephan, I love to use the vacation extension to build an echo service. I have not to worry about whether to answer or not if the sender is a list, postmaster, mailer-daemon or other crasy thing. But i like to echo the *complete headers* back. I did not found a solution with sieve yet. Is it really impossible? Thanks Andreas From jtam.home at gmail.com Sat Sep 7 01:09:12 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 6 Sep 2013 15:09:12 -0700 (PDT) Subject: [Dovecot] doveadm expunge problems In-Reply-To: References: Message-ID: nicolasfo wrote: > doveadm search -u *@mydomain.fr MAILBOX Junk savedbefore 1d : don't lists > anything.. > > What am I missed ? > > Is this the good way to change file date (touch) and by this way, have > results to savedbefore command ? No. The date.saved value is (I think) stored in its indices, and is updated via IMAP operations. This value is not derived from file timestamps. You can use doveadm fetch to get the values that dovecot uses dovecot -ftab fetch -A 'mailbox date.saved' mailbox Junk If you actually use IMAP operations to move messages from INBOX to Junk, I think you'll find that date.saved reflects the correct value. Joseph Tam From h.reindl at thelounge.net Sat Sep 7 04:17:23 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 07 Sep 2013 03:17:23 +0200 Subject: [Dovecot] which clients support SCRAM-SHA-1 Message-ID: <522A7EA3.8020902@thelounge.net> Hi running dovecot as IMAP/POP3-proxy with auth_mechanisms = CRAM-MD5 DIGEST-MD5 SCRAM-SHA-1 APOP LOGIN PLAIN which client supports currently "SCRAM-SHA-1" to test it? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From aldo at iae.nl Sat Sep 7 11:22:33 2013 From: aldo at iae.nl (Aldo & Caroline) Date: Sat, 7 Sep 2013 10:22:33 +0200 Subject: [Dovecot] Dovecot 2.1.7 not starting properly, mail not delivered In-Reply-To: Message-ID: <5366A80D56634EEF822938AF86FEFB5A@DELLXP> Hi all, Further digging (and then some more) revealed that dovecot wasn't the problem (of course). The port numbers (10001, 10002) finally put me on the right track. It turned out that de SRS daemon (pfix-srsd) had stopped for some reason. Doing /etc/init.d/pfix-srsd restart solved the issue. Now I'm only facing an SASL error, but that's outside the scope of this mailing list. Hope I didn't waste too much of anyone's time with this question. Aldo -----Oorspronkelijk bericht----- Van: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] Namens Aldo & Caroline Verzonden: vrijdag 6 september 2013 11:59 Aan: dovecot at dovecot.org Onderwerp: [Dovecot] Dovecot 2.1.7 not starting properly, mail not delivered On my debian box dovecot does not start properly any more, and mails don't get delivered or sent. I've googled around without finding any useful leads. Hopefully someone is willing to educate me. My guess is it must be a config problem after an upgrade, since I didn't change anything myself directly. Not sure when it started, since I this mail server is not our default machine (yet). Symptoms Upon /etc/init.d/dovecot restart my command line says [ ok ] Restarting IMAP/POP3 mail server: dovecot. But I find in /var/log/mail.log: Sep 6 11:17:36 debian2 dovecot: master: Warning: Killed with signal 15 (by pid=19112 uid=0 code=kill) Sep 6 11:17:36 debian2 dovecot: master: Dovecot v2.1.7 starting up (core dumps disabled) Sep 6 11:17:37 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:38 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:39 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:40 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:41 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:42 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:43 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:44 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:45 debian2 postfix/cleanup[18466]: warning: connect to TCP map 127.0.0.1:10001: Connection refused Sep 6 11:17:45 debian2 postfix/cleanup[18466]: warning: tcp:127.0.0.1:10001 lookup error for "aldo at alcatoka.nl" Sep 6 11:17:45 debian2 postfix/cleanup[18466]: warning: 57B7D3640073: sender_canonical_maps map lookup problem for aldo at alcatoka.nl Sep 6 11:17:45 debian2 postfix/pickup[17004]: warning: maildrop/4EA313640071: error writing 57B7D3640073: queue file write error I do NOT see a line like ... dovecot: auth-worker(default): pgsql: Connected to 127.0.0.1 (mailserver) as mentioned in this tutorial, which I used to set up the previous Dovecot version (which worked OK). When starting Dovecot from the command line with dovecot -F -c /etc/dovecot/dovecot.conf nothing is printed (as if the process is waiting for more input), while it should at least produce some output, right? I'm running Debian 7.1 with an ext3 filesystem together with Postfix 2.9.6 on an x86 machine. CPU info: processor : 0 vendor_id : AuthenticAMD cpu family : 16 model : 6 model name : AMD Sempron(tm) 140 Processor cpu MHz : 800.000 cache size : 1024 KB As far as I can tell, Postfix is running OK. /etc/dovecot/dovecot.conf says: # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.1 ext3 auth_mechanisms = plain login disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/var/vmail/%d/%n/Maildir mail_privileged_group = mail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocols = imap pop3 service auth { unix_listener auth-master { group = vmail mode = 0600 user = vmail } user = root } ssl_cert = References: <522A104C.6060707@vosslamber.nl> Message-ID: <84FDCC21-A9EF-4442-874C-05B500193A0A@kreme.com> On 06 Sep 2013, at 11:26 , Luuk at dovecot wrote: > On 06-09-2013 16:56, LuKreme wrote: >> It appease that I can enable +address filtering into separate mailboxes by simply setting >> >> $recipient_delimiter = '+'; >> >> However, is there anyway to get great control over that? >> >> For example, on one account I have a lot of +addresses I use. A few, I sort into mailboxes (like my bank, credit cards, etc). The rest are either on the ?spammer => /dev/null? list or get sorted into a mailbox named ?Misc? (like various newsletters and offers and sales from companies I do business with). >> > > procmail ? Sorry, I meant "in dovecot" (or maybe sieve) I'm already using procmail. -- I WILL NOT PLEDGE ALLEGIANCE TO BART Bart chalkboard Ep. 7F09 From micah at riseup.net Sat Sep 7 15:51:48 2013 From: micah at riseup.net (Micah Anderson) Date: Sat, 07 Sep 2013 08:51:48 -0400 Subject: [Dovecot] More fine-grained connection limitations? Message-ID: <87li3894m3.fsf@muck.riseup.net> There is the mail_max_userip_connections setting, which helps for dealing with number of connections at any given time, but I'm looking for something that will help deal with users who configure their mail clients to connect too frequently. For example, I've seen users who configured their clients to check (IMAP) mail every 3 seconds. This is far too frequent and puts unnecessary load on the server. Even once per minute seems excessive to me. It would be really great if there were a way to tarpit those users to slow them down, or send them an imap message saying they are connecting to often and connections have been disabled for the next 5 minutes or something. Micah ps - what happens to a user when they hit mail_mx_userip_connections? Further connections are just denied, or dropped? From dovecot at mygaia.org Sun Sep 8 15:07:24 2013 From: dovecot at mygaia.org (Matt) Date: Sun, 08 Sep 2013 20:07:24 +0800 Subject: [Dovecot] Postfixadmin/MySQL/Dovecot 2 and quota Message-ID: <522C687C.5000001@mygaia.org> Hi all, I'm setting up a new email server based on the softwares list below: * Postfix * Dovecot 2.0.9 * MySQL * Postfixadmin 2.3.6 My current problem is I'm unsure whether quota feature is well configured or not. In order to test and validate, I use Roundcubemail GUI which provides percentage of the space used by the mailbox (quota should be applied per mailbox). Here, my dovecot configuration: dovecot.conf: dict { quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf } dovecot-dict-quota.conf: connect = host=localhost dbname=postfix user=postfix password=postfix map { pattern = priv/quota/storage table = quota2 username_field = username value_field = bytes } map { pattern = priv/quota/messages table = quota2 username_field = username value_field = messages } dovecot-sql.conf.ext: driver = mysql connect = host=localhost dbname=postfix user=postfix password=postfix default_pass_scheme = PLAIN-MD5 password_query = SELECT username AS user, password, \ CONCAT('*:storage=', CAST(quota AS CHAR), 'b') AS quota_rule \ FROM mailbox WHERE username = '%u' AND active='1' user_query = SELECT maildir, 89 AS uid, 12 AS gid, \ concat('dict:storage=',floor(quota/1000),'::proxy::quotadict') AS quota, \ CONCAT('*:storage=', CAST(quota AS CHAR), 'b') AS quota_rule \ FROM mailbox WHERE username = '%u' AND active='1' conf.d/90-quota.conf: plugin { quota = dict:user::proxy::quotadict quota_rule2 = Trash:storage=+10%% } conf.d/20-imap.conf: protocol imap { mail_plugins = $mail_plugins imap_quota } When I check postfixadmin GUI, I can see that quota in realtime in quota2 table, no problem. But Roundcubemail cannot get this information and shows a unknown quota. If I add this line: quota_rule = *:storage=1G in conf.d/90-quota.conf file, it works, I mean roundcubemail gets and shows information (but not the one stored in db of course). I think I'm close to the right configuration but I need your help to complete this setup. Thank you in advance for your help. Best, Matt From d.parthey at metaways.de Sun Sep 8 16:53:29 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Sun, 08 Sep 2013 15:53:29 +0200 Subject: [Dovecot] Postfixadmin/MySQL/Dovecot 2 and quota In-Reply-To: <522C687C.5000001@mygaia.org> References: <522C687C.5000001@mygaia.org> Message-ID: Hi Matt, sounds like the quota is correctly updated in MySQL, but your roundcube isn't able to fetch quota information via IMAP. Can you reproduce this via telnet or another IMAP client (e.g. Thunderbird with Quota Display Extension)? Can you be so kind and post your whole dovecot config (doveconf -n)? Are there any error messages in your dovecot logs regarding quota? I think that quota_rule, quota_rule2, quota_rule3 etc. are applied in sequence, so if you only need one quota_rule, then it should be named quota_rule. Regards Daniel Matt schrieb: >Hi all, > >I'm setting up a new email server based on the softwares list below: > > * Postfix > * Dovecot 2.0.9 > * MySQL > * Postfixadmin 2.3.6 > >My current problem is I'm unsure whether quota feature is well >configured or not. >In order to test and validate, I use Roundcubemail GUI which provides >percentage of the space used by the mailbox (quota should be applied >per >mailbox). > >Here, my dovecot configuration: >dovecot.conf: >dict { > quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf >} > >dovecot-dict-quota.conf: >connect = host=localhost dbname=postfix user=postfix password=postfix >map { > pattern = priv/quota/storage > table = quota2 > username_field = username > value_field = bytes >} >map { > pattern = priv/quota/messages > table = quota2 > username_field = username > value_field = messages >} > >dovecot-sql.conf.ext: >driver = mysql >connect = host=localhost dbname=postfix user=postfix password=postfix >default_pass_scheme = PLAIN-MD5 >password_query = SELECT username AS user, password, \ > CONCAT('*:storage=', CAST(quota AS CHAR), 'b') AS quota_rule \ > FROM mailbox WHERE username = '%u' AND active='1' >user_query = SELECT maildir, 89 AS uid, 12 AS gid, \ > concat('dict:storage=',floor(quota/1000),'::proxy::quotadict') AS >quota, \ > CONCAT('*:storage=', CAST(quota AS CHAR), 'b') AS quota_rule \ > FROM mailbox WHERE username = '%u' AND active='1' > >conf.d/90-quota.conf: >plugin { > quota = dict:user::proxy::quotadict > quota_rule2 = Trash:storage=+10%% >} > >conf.d/20-imap.conf: >protocol imap { > mail_plugins = $mail_plugins imap_quota >} > >When I check postfixadmin GUI, I can see that quota in realtime in >quota2 table, no problem. > >But Roundcubemail cannot get this information and shows a unknown >quota. >If I add this line: > quota_rule = *:storage=1G >in conf.d/90-quota.conf file, it works, I mean roundcubemail gets and >shows information (but not the one stored in db of course). > >I think I'm close to the right configuration but I need your help to >complete this setup. > >Thank you in advance for your help. > >Best, >Matt From d.parthey at metaways.de Sun Sep 8 17:13:28 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Sun, 08 Sep 2013 16:13:28 +0200 Subject: [Dovecot] Postfixadmin/MySQL/Dovecot 2 and quota In-Reply-To: <522C687C.5000001@mygaia.org> References: <522C687C.5000001@mygaia.org> Message-ID: <23a19f21-d77f-44dc-82ba-a5ce0c0c4ccf@email.android.com> Hi Matt, I forgot to mention that if you're using userdb prefetch, then you might need to use userdb_quota_rule instead of quota_rule in your user_query. Please have a look at the docs: http://wiki2.dovecot.org/Quota/Configuration Regards Daniel From dovecot at mygaia.org Sun Sep 8 18:32:52 2013 From: dovecot at mygaia.org (Matt) Date: Sun, 08 Sep 2013 23:32:52 +0800 Subject: [Dovecot] Postfixadmin/MySQL/Dovecot 2 and quota In-Reply-To: References: <522C687C.5000001@mygaia.org> Message-ID: <522C98A4.1020702@mygaia.org> Hi Daniel, Thanks for your quick feedback. I've installed the Quota Display Extension in my Thunderbird (thanks for the plugin) and the progress bar remains desperately empty but it works with my Gmail account. Sorry, I forgot the send my docevot -n previously: # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.el6.x86_64 x86_64 CentOS release 6.4 (Final) ext4 auth_debug = yes auth_mechanisms = plain login auth_verbose = yes dict { quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf } mail_debug = yes mail_location = maildir:/var/mail/vmail/%d/%n mail_plugins = " quota" mail_privileged_group = mail mbox_write_locks = fcntl passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { quota = dict:user::proxy::quotadict quota_rule2 = Trash:storage=+10%% } postmaster_address = test at test.com quota_full_tempfail = yes service dict { unix_listener dict { group = mail mode = 0660 user = vmail } } service imap-login { inet_listener imap { port = 0 } } service pop3-login { inet_listener pop3 { port = 0 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl_cert = Sep 8 23:22:54 my_server dovecot: auth: Debug: sql(test at test.com,::1): query: SELECT username AS user, password, CONCAT('*:storage=', CAST(quota AS CHAR), 'b') AS quota_rule FROM mailbox WHERE username = 'test at test.com' AND active='1' Sep 8 23:22:54 my_server dovecot: auth: Debug: client out: OK#0111#011user=test at test.com#011quota_rule=*:storage=30720000b Sep 8 23:22:54 my_server dovecot: auth: Debug: master in: REQUEST#011317980673#01112146#0111#0110725da6b7ab19fc4fac7f0cf54764b18 Sep 8 23:22:54 my_server dovecot: auth: Debug: master out: USER#011317980673#011test at test.com#011uid=5000#011gid=5000#011home=/var/mail/vmail/test.com/test Sep 8 23:22:54 my_server dovecot: imap-login: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=12147, TLS Sep 8 23:22:54 my_server dovecot: imap: Debug: Loading modules from directory: /usr/lib64/dovecot Sep 8 23:22:54 my_server dovecot: imap: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Sep 8 23:22:54 my_server dovecot: imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_imap_quota_plugin.so Sep 8 23:22:54 my_server dovecot: imap(test at test.com): Debug: Effective uid=5000, gid=5000, home=/var/mail/vmail/test.com/test Sep 8 23:22:54 my_server dovecot: imap(test at test.com): Debug: Quota root: name=user backend=dict args=:proxy::quotadict Sep 8 23:22:54 my_server dovecot: imap(test at test.com): Debug: dict quota: user=test at test.com, uri=proxy::quotadict, noenforcing=0 Sep 8 23:22:54 my_server dovecot: imap(test at test.com): Debug: maildir++: root=/var/mail/vmail/test.com/test, index=, control=, inbox=/var/mail/vmail/test.com/test Sep 8 23:22:54 my_server dovecot: dict: mysql: Connected to localhost (postfix) Sep 8 23:22:54 my_server dovecot: imap(test at ecritel.cn): Disconnected: Logged out bytes=70/529 Sep 8 23:22:57 my_server dovecot: auth: Debug: auth client connected (pid=12150) Sep 8 23:22:57 my_server dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=::1#011rip=::1#011lport=993#011rport=39056#011resp= Sep 8 23:22:57 my_server dovecot: auth: Debug: sql(test at test.com,::1): query: SELECT username AS user, password, CONCAT('*:storage=', CAST(quota AS CHAR), 'b') AS quota_rule FROM mailbox WHERE username = 'test at test.com' AND active='1' Sep 8 23:22:57 my_server dovecot: auth: Debug: client out: OK#0111#011user=test at test.com#011quota_rule=*:storage=30720000b Sep 8 23:22:57 my_server dovecot: auth: Debug: master in: REQUEST#0111253179393#01112150#0111#0117aeb8af5e5292a96188f20b12f455c7c Sep 8 23:22:57 my_server dovecot: auth: Debug: master out: USER#0111253179393#011test at test.com#011uid=5000#011gid=5000#011home=/var/mail/vmail/test.com/test Sep 8 23:22:57 my_server dovecot: imap-login: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=12152, TLS Sep 8 23:22:57 my_server dovecot: imap: Debug: Loading modules from directory: /usr/lib64/dovecot Sep 8 23:22:57 my_server dovecot: imap: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Sep 8 23:22:57 my_server dovecot: imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_imap_quota_plugin.so Sep 8 23:22:57 my_server dovecot: imap(test at test.com): Debug: Effective uid=5000, gid=5000, home=/var/mail/vmail/test.com/test Sep 8 23:22:57 my_server dovecot: imap(test at test.com): Debug: Quota root: name=user backend=dict args=:proxy::quotadict Sep 8 23:22:57 my_server dovecot: imap(test at test.com): Debug: dict quota: user=test at test.com, uri=proxy::quotadict, noenforcing=0 Sep 8 23:22:57 my_server dovecot: imap(test at test.com): Debug: maildir++: root=/var/mail/vmail/test.com/test, index=, control=, inbox=/var/mail/vmail/test.com/test Sep 8 23:22:57 my_server dovecot: imap(test at test.com): Disconnected: Logged out bytes=305/1700 Sep 8 23:22:57 my_server dovecot: auth: Debug: auth client connected (pid=12153) Sep 8 23:22:57 my_server dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=::1#011rip=::1#011lport=993#011rport=39057#011resp= Sep 8 23:22:57 my_server dovecot: auth: Debug: sql(test at test.com,::1): query: SELECT username AS user, password, CONCAT('*:storage=', CAST(quota AS CHAR), 'b') AS quota_rule FROM mailbox WHERE username = 'test.com' AND active='1' [...] About quota_rule, I thought that quota_rule gotten from the MySQL query had its importance... that's why I've kept quota_rule2, etc... Matt > Hi Matt, > > sounds like the quota is correctly updated in MySQL, but your > roundcube isn't able to fetch quota information via IMAP. > > Can you reproduce this via telnet or another IMAP client (e.g. > Thunderbird with Quota Display Extension)? > > Can you be so kind and post your whole dovecot config (doveconf -n)? > > Are there any error messages in your dovecot logs regarding quota? > > I think that quota_rule, quota_rule2, quota_rule3 etc. are applied in > sequence, so if you only need one quota_rule, then it should be named > quota_rule. > > Regards > Daniel > > > > Matt schrieb: > > Hi all, > > I'm setting up a new email server based on the softwares list below: > > * Postfix > * Dovecot 2.0.9 > * MySQL > * Postfixadmin 2.3.6 > > My current problem is I'm unsure whether quota feature is well > configured or not. > In order to test and validate, I use Roundcubemail GUI which provides > percentage of the space used by the mailbox (quota should be applied per > mailbox). > > Here, my dovecot configuration: > dovecot.conf: > dict { > quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf > } > > dovecot-dict-quota.conf: > connect = host=localhost dbname=postfix user=postfix password=postfix > map { > pattern = priv/quota/storage > table = quota2 > username_field = username > value_field = bytes > } > map { > pattern = priv/quota/messages > table = quota2 > username_field = username > value_field = messages > } > > dovecot-sql.conf.ext: > driver = mysql > connect = host=localhost dbname=postfix user=postfix password=postfix > default_pass_scheme = PLAIN-MD5 > password_query = SELECT username AS user, password, \ > CONCAT('*:storage=', CAST(quota AS CHAR), 'b') AS quota_rule \ > FROM mailbox WHERE username = '%u' AND active='1' > user_query = SELECT maildir, 89 AS uid, 12 AS gid, \ > concat('dict:storage=',floor(quota/1000),'::proxy::quotadict') AS > quota, \ > CONCAT('*:storage=', CAST(quota AS CHAR), 'b') AS quota_rule \ > FROM mailbox WHERE username = '%u' AND active='1' > > conf.d/90-quota.conf: > plugin { > quota = dict:user::proxy::quotadict > quota_rule2 = Trash:storage=+10%% > } > > conf.d/20-imap.conf: > protocol imap { > mail_plugins = $mail_plugins imap_quota > } > > When I check postfixadmin GUI, I can see that quota in realtime in > quota2 table, no problem. > > But Roundcubemail cannot ge > t this > information and shows a unknown quota. > If I add this line: > quota_rule = *:storage=1G > in conf.d/90-quota.conf file, it works, I mean roundcubemail gets and > shows information (but not the one stored in db of course). > > I think I'm close to the right configuration but I need your help to > complete this setup. > > Thank you in advance for your help. > > Best, > Matt > From thomas at koch.ro Sun Sep 8 19:04:43 2013 From: thomas at koch.ro (Thomas Koch) Date: Sun, 8 Sep 2013 18:04:43 +0200 Subject: [Dovecot] best practice to have sent mail folder on dovecot imap server Message-ID: <201309081804.44168.thomas@koch.ro> I've already asked this here: http://serverfault.com/questions/533940/best-practice-to-have-sent-mail- folder-on-dovecot-imap-server Hi, when I add a mail account to KMail (or most other MUA I suppose) the sent mail folder is on the local machine and I don't have my sent mails on other machines. I'd like to have a sent mail folder in IMAP and I thought that there would already exist a standard or best practice how to set this up so that the mail is only transfered once to the MTA and from the MTA to the IMAP server. I even thought to remember an RFC related to this problem? It isn't that simple, is it? I'm using Exim. Regards, Thomas Koch From h.reindl at thelounge.net Sun Sep 8 19:15:57 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 08 Sep 2013 18:15:57 +0200 Subject: [Dovecot] best practice to have sent mail folder on dovecot imap server In-Reply-To: <201309081804.44168.thomas@koch.ro> References: <201309081804.44168.thomas@koch.ro> Message-ID: <522CA2BD.4040604@thelounge.net> Am 08.09.2013 18:04, schrieb Thomas Koch: > I've already asked this here: > http://serverfault.com/questions/533940/best-practice-to-have-sent-mail- > folder-on-dovecot-imap-server > > when I add a mail account to KMail (or most other MUA I suppose) the sent mail > folder is on the local machine and I don't have my sent mails on other > machines. > > I'd like to have a sent mail folder in IMAP and I thought that there would > already exist a standard or best practice how to set this up so that the mail > is only transfered once to the MTA and from the MTA to the IMAP server > > I even thought to remember an RFC related to this problem? > It isn't that simple, is it? I'm using Exim these days any kown mail client in case of IMAP copies the message after successful sending via APPEND to the sent folder on the IMAP server - if kmail as default stores it only in a local folder file a bug against kmail hence you can even configure in which IMAP folder sent messages should be stored which is one of the biggest problem because every random client handles this different instead look if there is a "Sent" folder use it and display the locale name unindependet of the servers name mix different clients and in case of Apple mail.app and iPhones with different patchlevels and you will see a ton of different named sent-folder until you configure any device to use the same and remove the orphans the XLIST capability promises to solve this problem but it will take years until any relevant client is supporting this and only god knows how to act in the situtation where you still have 5 different sent-folders - so in the real world expect the problem exists the next 5 years http://www.limilabs.com/blog/imap-list-xlist-and-lsub _______________________________________________ transfer it only once to the MTA and from there to the sent-folder is more or less impossible - most mail systems deliver messages via LMTP to dovecot or whatever MDA and in that case have no predictable way to put it in the sent folder serverside, at least not if you keep in mind that people access their mail with different clients at the same time in days of smartphones, tablets and whatever clients acess the same account at the same time -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From rs at sys4.de Sun Sep 8 19:44:14 2013 From: rs at sys4.de (Robert Schetterer) Date: Sun, 08 Sep 2013 18:44:14 +0200 Subject: [Dovecot] best practice to have sent mail folder on dovecot imap server In-Reply-To: <522CA2BD.4040604@thelounge.net> References: <201309081804.44168.thomas@koch.ro> <522CA2BD.4040604@thelounge.net> Message-ID: <522CA95E.2030806@sys4.de> Am 08.09.2013 18:15, schrieb Reindl Harald: > > Am 08.09.2013 18:04, schrieb Thomas Koch: >> I've already asked this here: >> http://serverfault.com/questions/533940/best-practice-to-have-sent-mail- >> folder-on-dovecot-imap-server you may use special-use RFC 6154 http://tools.ietf.org/html/rfc6154 have a look http://www.imapwiki.org/ImapRFCList http://www.imapwiki.org/SpecialUse also only german http://sys4.de/de/blog/2013/03/25/outlook-2013-special-use-mit-dovecot/ some more info http://dovecot.org/list/dovecot/2011-December/062327.html so you might be happy with Outlook 2013, K9 Mail new Horde webmail versions, for thunderbird http://wiki2.dovecot.org/Plugins/Autocreate might help too dont know the status of kmail older blog https://blog.flameeyes.eu/2013/03/i-ll-stick-with-thunderbird-still .. Third problem ? KMail does not implement the Special Folder extension defined in RFC 6154 ... >> >> when I add a mail account to KMail (or most other MUA I suppose) the sent mail >> folder is on the local machine and I don't have my sent mails on other >> machines. >> >> I'd like to have a sent mail folder in IMAP and I thought that there would >> already exist a standard or best practice how to set this up so that the mail >> is only transfered once to the MTA and from the MTA to the IMAP server >> >> I even thought to remember an RFC related to this problem? >> It isn't that simple, is it? I'm using Exim > > these days any kown mail client in case of IMAP copies the message after successful > sending via APPEND to the sent folder on the IMAP server - if kmail as default stores > it only in a local folder file a bug against kmail > > hence you can even configure in which IMAP folder sent messages should be stored which > is one of the biggest problem because every random client handles this different instead > look if there is a "Sent" folder use it and display the locale name unindependet of > the servers name > > mix different clients and in case of Apple mail.app and iPhones with different patchlevels > and you will see a ton of different named sent-folder until you configure any device to use > the same and remove the orphans yes i recent saw equal stuff at a migration from another namespace really bad behave by apple clients, but there should be no problems with brand new installs and mailboxes , which means no problem was reported to me yet > > the XLIST capability promises to solve this problem but it will take years until any relevant > client is supporting this and only god knows how to act in the situtation where you still have > 5 different sent-folders - so in the real world expect the problem exists the next 5 years > > http://www.limilabs.com/blog/imap-list-xlist-and-lsub > _______________________________________________ > > transfer it only once to the MTA and from there to the sent-folder is more > or less impossible - most mail systems deliver messages via LMTP to dovecot > or whatever MDA and in that case have no predictable way to put it in the > sent folder serverside, at least not if you keep in mind that people > access their mail with different clients at the same time in days > of smartphones, tablets and whatever clients acess the same account > at the same time > > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From d.parthey at metaways.de Sun Sep 8 22:45:10 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Sun, 08 Sep 2013 21:45:10 +0200 Subject: [Dovecot] Postfixadmin/MySQL/Dovecot 2 and quota In-Reply-To: <522C98A4.1020702@mygaia.org> References: <522C687C.5000001@mygaia.org> <522C98A4.1020702@mygaia.org> Message-ID: <522CD3C6.1010301@metaways.de> Hi Matt Am 08.09.2013 17:32, schrieb Matt: > I've installed the Quota Display Extension in my Thunderbird (thanks for > the plugin) and the progress bar remains desperately empty but it works > with my Gmail account. This is exactly what was expected. Dovecot userdb doesn't know about your user specific quota_rule. > userdb { > args = uid=vmail gid=vmail home=/var/mail/vmail/%d/%n > driver = static > } Dynamic extra fields like "userdb_quota_rule" from SQL would not work with a static userdb, since static db is only able to return static extra fields. You will need to use userdb driver = sql to fetch quota_rule from SQL. If it works, the following command should show the user's quota rule: doveadm user test at test.com Regards Daniel From kremels at kreme.com Mon Sep 9 02:20:39 2013 From: kremels at kreme.com (LuKreme) Date: Sun, 8 Sep 2013 17:20:39 -0600 Subject: [Dovecot] Is this odd? Message-ID: $ doveadm user kremels field value uid 1033 gid 1033 home /home/kremels mail maildir:~/Maildir system_groups_user kreme $ doveadm user user at virtual.example.com field value uid 89 gid 89 home /usr/local/virtual/user at virtual.example.com/ mail /usr/local/virtual/user at virtual.example.com mail_location /usr/local/virtual/user at virtual.example.com The local users doesn't have a mail_location set at all, and has a very different mail definition. This seem to be a side-effect of the fact that the home of the virtual user is the top level maildir, but should I set mail to maildir:~ ?? -- Where there is a party, everyone is there Everyone will leave at exactly the same time When this party is over it will start again But not been any different be exactly the same From jtam.home at gmail.com Mon Sep 9 06:29:29 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Sun, 8 Sep 2013 20:29:29 -0700 (PDT) Subject: [Dovecot] More fine-grained connection limitations? In-Reply-To: References: Message-ID: > There is the mail_max_userip_connections setting, which helps for > dealing with number of connections at any given time, but I'm looking > for something that will help deal with users who configure their mail > clients to connect too frequently. > > ... > > It would be really great if there were a way to tarpit those users to > slow them down, or send them an imap message saying they are connecting > to often and connections have been disabled for the next 5 minutes or > something. There might be an unintended consequence: I see connection spikes when users try to do a global string search across mailboxes. Joseph Tam From vijayrajah at gmail.com Mon Sep 9 09:54:48 2013 From: vijayrajah at gmail.com (Vijay Rajah) Date: Mon, 9 Sep 2013 12:24:48 +0530 Subject: [Dovecot] fdatasync -- Error -- bad file descriptor In-Reply-To: References: Message-ID: Ok I finally figured it... It was because of improper permissions for the attachments folder.... I did an strace and found this. Once I changed the permision to the attachments folder it was alright.. I think this is a bug... it must check and fail and report a proper error message.. instead of this cryptic error... here is the strace output... open("/apps/mail/mailbox/attachments/23/12/hashes/2312039008db057a1c75", O_RDONLY) = -1 ENOENT (No such file or directory) lstat("/apps/mail/mailbox/attachments/23/12/.temp.vrajah-vps5.15910.c9ec404edac079b3", 0x7fff1d300260) = -1 ENOENT (No such file or directory) umask(066) = 077 open("/apps/mail/mailbox/attachments/23/12/.temp.vrajah-vps5.15910.c9ec404edac079b3", O_RDWR|O_CREAT|O_EXCL, 0666) = -1 ENOENT (No such file or directory) umask(077) = 066 umask(0) = 077 mkdir("/apps/mail/mailbox/attachments/23/12", 0700) = -1 ENOENT (No such file or directory) umask(077) = 0 umask(0) = 077 mkdir("/apps/mail/mailbox/attachments/23", 0700) = -1 EACCES (Permission denied) umask(077) = 0 fstat(22, {st_mode=S_IFREG|0600, st_size=137728, ...}) = 0 pread(22, "\320\317\21\340\241\261\32\341\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0>\0\3\0\376\377\t\0"..., 8192, 0) = 8192 . . . pread(22, "\n\0%\1\3\0\202\0\16\0\0\0\1\2\6\0&\1\0\0\261\0\375\0\n\0&\1\1\0\201\0"..., 8192, 131072) = 6656 pread(22, "", 1536, 137728) = 0 fdatasync(4294967295) = -1 EBADF (Bad file descriptor) write(2, "\1\00415910 fdatasync(/apps/mail/mai"..., 138) = 138 On Fri, Sep 6, 2013 at 12:38 PM, Vijay Rajah wrote: > > > Hello list, > > I have a dovecot 2.2.5 instance configured to use mdbox as mailbox format. > I configured to use separate storage attachments and use SIS.. (doveconf -n > below) > > I get this error > > Sep 6 12:29:52 vrajah.mydomain.tld dovecot: lmtp(14258, email at mydomain.tld): > Error: > fdatasync(/apps/mail/mailbox/attachments/23/12/2312039008db057a1c75-2efc2d00687d2952b2370000f89409f1) > failed: Bad file descriptor > > I'm using centos 6.4 on a KVM with ext4 as fs. > > Can someone tell me why i'm getting this error? and how to fix this? > > -Thanks in advance > Vijay > > > ##########doveconf -n > > # 2.2.5: /apps/mail/dovecot/2.2.5/etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-358.14.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) > ext4 > auth_mechanisms = plain login digest-md5 cram-md5 > auth_socket_path = /apps/mail/var/dovecot/run/auth-userdb > base_dir = /apps/mail/var/dovecot/run/ > debug_log_path = /var/log/dovecot-debug.log > dict { > sqlquota = > mysql:/apps/mail/dovecot/2.2.5/etc/dovecot/conf.d/sqlquota.dict.ext > } > hostname = mail1 at mydomain.tldmydomain.tld > mail_attachment_dir = /apps/mail/mailbox/attachments > mail_attachment_hash = %{sha256:80} > mail_debug = yes > mail_location = mdbox:/apps/mail/mailbox/%d/%n/mdbox > mail_plugin_dir = /apps/mail/dovecot/2.2.5/lib/dovecot/ > mail_plugins = " virtual quota zlib" > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date ihave > mbox_write_locks = fcntl dotlock > mdbox_rotate_size = 1 M > namespace inbox { > inbox = yes > location = > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Junk { > auto = subscribe > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Spam { > auto = subscribe > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > separator = / > type = private > } > passdb { > args = /apps/mail/dovecot/2.2.5/etc/dovecot/conf.d/dovecot-sql.conf.ext > driver = sql > } > plugin { > mail_log_events = delete undelete expunge copy mailbox_delete > mailbox_rename > mail_log_fields = uid box msgid size > quota = dict:User quota::proxy::sqlquota > quota_grace = 10%% > quota_rule = *:storage=1GB > quota_rule2 = Trash:storage=+10%% > quota_rule3 = Spam:storage=+20%% > quota_status_nouser = DUNNO > quota_status_overquota = 450 4.2.2 Mailbox is full. Try again later > quota_status_success = DUNNO > quota_warning = storage=95%% quota-warning 95 %u > quota_warning2 = storage=80%% quota-warning 80 %u > quota_warning3 = -storage=100%% quota-warning below %u > sieve = ~/.dovecot.sieve > sieve_before = /apps/mail/var/dovecot/sieve/ > sieve_dir = ~/sieve > sieve_global_dir = /apps/mail/var/dovecot/sieve > zlib_save = bz2 > zlib_save_level = 9 > } > protocols = imap lmtp sieve > service auth { > unix_listener /apps/mail/var/postfix/dovecot-auth { > group = postfix > mode = 0660 > user = postfix > } > } > service dict { > unix_listener dict { > group = vmail > mode = 0600 > user = vmail > } > } > service imap-login { > inet_listener imap { > port = 143 > } > } > service lmtp { > unix_listener /apps/mail/var/postfix/dovecot-lmtp { > group = postfix > mode = 0660 > user = postfix > } > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > service_count = 10 > vsz_limit = 64 M > } > service managesieve { > process_limit = 1024 > } > service quota-status { > client_limit = 1 > executable = quota-status -p postfix > inet_listener { > port = 12340 > } > } > service quota-warning { > executable = script > /apps/mail/dovecot/2.2.5/etc/dovecot/conf.d/quota-warning.sh > unix_listener quota-warning { > group = vmail > mode = 0660 > user = vmail > } > user = vmail > } > shutdown_clients = no > ssl_ca = ssl_cert = ssl_key = ssl_parameters_regenerate = 30 hours > submission_host = 127.0.0.1:587 > userdb { > driver = prefetch > } > userdb { > args = /apps/mail/dovecot/2.2.5/etc/dovecot/conf.d/dovecot-sql.conf.ext > driver = sql > } > protocol lda { > mail_plugins = " virtual quota zlib sieve zlib" > } > protocol imap { > mail_plugins = " virtual quota zlib imap_quota imap_zlib" > } > protocol lmtp { > debug_log_path = /var/log/dovecot-lmtp-debg.log > mail_plugins = " virtual quota zlib sieve zlib" > } > > From dovecot at mygaia.org Mon Sep 9 10:05:52 2013 From: dovecot at mygaia.org (Matt) Date: Mon, 09 Sep 2013 15:05:52 +0800 Subject: [Dovecot] Postfixadmin/MySQL/Dovecot 2 and quota In-Reply-To: <522CD3C6.1010301@metaways.de> References: <522C687C.5000001@mygaia.org> <522C98A4.1020702@mygaia.org> <522CD3C6.1010301@metaways.de> Message-ID: <522D7350.2060800@mygaia.org> >> userdb { >> args = uid=vmail gid=vmail home=/var/mail/vmail/%d/%n >> driver = static >> } Hum, forgot to modify this file.... > Dynamic extra fields like "userdb_quota_rule" from SQL would not > work with a static userdb, since static db is only able to return > static extra fields. > > You will need to use userdb driver = sql to fetch quota_rule from SQL. Changed. > If it works, the following command should show the user's quota rule: > doveadm user test at test.com And it works fine now !!! I can get quota information from Roundcubemail and Thunderbird !!! Many thanks ! Best, Matt From scottg at extremehosting.ca Mon Sep 9 10:35:51 2013 From: scottg at extremehosting.ca (Scott Galambos) Date: Mon, 09 Sep 2013 03:35:51 -0400 Subject: [Dovecot] Is dovecot locking properly? Message-ID: <522D7A57.6020204@extremehosting.ca> Hello, I'm attempting to move form qpopper 4.1 to Dovecot 2.2.5 on Linux. When a user checks POP mail qpopper seems to make a .username.pop temporary file in the same /var/mail directory as the mbox INBOX file. Watching what dovecot does I don't see this happening. Is this .pop file a lock file or just a temporary file? If its a temp file does dovecot do the same thing elsewhere? I'm concerned dovecot is not locking properly and there will be mailbox corruption, so I'm trying to get dovecot to mimic what qpopper does as much as possible. I'm using procmail and its Locking strategies are: dotlocking, fcntl(), lockf(), flock(). I'm using sendmail too. I left dovecot's locking as the defaults. Thanks for any tips. From stephan at rename-it.nl Mon Sep 9 11:26:53 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 09 Sep 2013 10:26:53 +0200 Subject: [Dovecot] sieve vacation question In-Reply-To: <20130906204019.GA26278@solar.andreasschulze.de> References: <20130906204019.GA26278@solar.andreasschulze.de> Message-ID: <522D864D.8050409@rename-it.nl> Op 6-9-2013 22:40, Andreas Schulze schreef: > Hello Stephan, > > I love to use the vacation extension to build an echo service. > I have not to worry about whether to answer or not if the sender is a list, > postmaster, mailer-daemon or other crasy thing. > > But i like to echo the *complete headers* back. > I did not found a solution with sieve yet. Is it really impossible? Well, Sieve is certainly not meant for something like that. To echo the complete message back verbatim you could do the following: require "envelope"; require "variables"; require "relational"; if envelope :matches "from" "*" { if string :count "gt" "${1}" "0" { redirect "${1}"; } } Pigeonhole doesn't currently implement anything that could modify that message's body. Only the header can be modified using the editheader extension. That way you could swap from and to and modify the subject, e.g. as follows: require "envelope"; require "variables"; require "relational"; require "editheader"; if envelope :matches "from" "*" { if string :count "gt" "${1}" "0" { set "sender" "${1}"; if header :matches "from" "*" { set "from" "${1}"; } if header :matches "subject" "*" { set "subject" "${1}"; } deleteheader "from"; deleteheader "to"; deleteheader "cc"; deleteheader "subject"; addheader "subject" "ECHO: ${subject}"; addheader "from" "Echo Service "; addheader "to" "${from}"; redirect "${sender}"; } } I haven't tested the above only with sieve-test and not in the wild. Regards, Stephan. From stephan at rename-it.nl Mon Sep 9 11:31:43 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 09 Sep 2013 10:31:43 +0200 Subject: [Dovecot] Vacation message and DMARC validation In-Reply-To: <5228E19A.7010503@digirati.com.br> References: <5228E19A.7010503@digirati.com.br> Message-ID: <522D876F.7070405@rename-it.nl> Op 5-9-2013 21:55, Gerson Moraes schreef: > I would like to know if a patch to the main project would be > appreciated. Could you also please confirm if there are any future > plans involving this feature, like an optional configuration for > custom envelope-from? Since it is not direct a violation of the specification, I can accept such a feature. What exactly do you need? Is it enough if it uses the recipient address or do you want to be able to set it freely to a server-wide static address? Regards, Stephan. From pw at wk-serv.de Mon Sep 9 12:13:36 2013 From: pw at wk-serv.de (Patrick Westenberg) Date: Mon, 09 Sep 2013 11:13:36 +0200 Subject: [Dovecot] Ring SYNC appears to have got lost, resending after upgrade Message-ID: <522D9140.9090403@wk-serv.de> Hi @all, on Saturday I upgraded two dovecot servers from squeeze to wheezy and dovecot from 2.1.x to 2.2.5 (compiled from sources). After the upgrade everything worked fine at first. On Sunday Morning I recognized these errors (they occured after a reload for logging purpose on midnight) on one server: director: Error: Ring SYNC appears to have got lost, resending After reloading/restarting both dovecot services the error occured on both servers. After some research I deleted some "zlib"-File which isn't needed anymore in dovecot 2.2.x and reinstalled dovecot. The error message disappeared. Today the error occured again (after the reload on midnight) and again on one node only until reloading/restarting the other node too. However, there is an additional error message: Sep 09 10:27:07 director: Error: Ring SYNC appears to have got lost, resending Sep 09 10:27:10 director: Panic: file login-connection.c: line 88 (login_host_callback): assertion failed: (strncmp(request->line, "OK\t", 3) == 0) Any ideas? Patrick node1: # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 auth_mechanisms = plain login director_mail_servers = 172.17.1.2 172.17.1.1 director_servers = 172.17.1.3 172.17.1.4 director_user_expire = 5 mins lmtp_proxy = yes log_path = /var/log/dovecot.log managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { user = dovecot } } service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { address = 172.17.1.3 port = 9090 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director } service lmtp { inet_listener lmtp { address = 172.17.1.3 port = 24 } } service managesieve-login { executable = managesieve-login director inet_listener sieve { port = 4190 } } service pop3-login { executable = pop3-login director } ssl_cert = Hello, I've been using vacation.pl from postfixadmin for many years, and since the most recent modification that allows me to specify my own strings to test for for when NOT to send a message, I'm extremely happy with it (no more auto-responses to linked-in/facebook crap, etc)... But, there is one thing I'd like to be able to do that it can't do, and there hasn't been any positive response about implementing it, so I'm asking about if this is possible to do with sieve right now, and if not, how hard would it be to implement... What I'd like is to be able to set a company (domain-wide) auto-response for when our company is closed for holidays... more specifically, extra holidays (often the boss will close an extra day for an extra long weekend). He has asked more than once about setting an auto-response for *everyone* during these periods... Thanks, -- Best regards, */Charles/* From skdovecot at smail.inf.fh-brs.de Mon Sep 9 14:52:48 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 9 Sep 2013 13:52:48 +0200 (CEST) Subject: [Dovecot] Read-only account through INDEX=MEMORY:CONTROL=MEMORY and non-writable Unix-permissions Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, my goal is to provide a special mailbox for some mail accounts. The user should get the information, to look somewhere else. The user must not change anything at all. I also don't want to provide a mailbox for each user. I got the setup below, which seems to run with Dovecot v2.2; however, "CONTROL=MEMORY" is not documented. Is the setup stable for next versions of Dovecot or is CONTROL=MEMORY not a feature, but a bug? ====== user settings: home=/home/nomailbox mail=maildir:/home/nomailbox/Maildir:INDEX=MEMORY:CONTROL=MEMORY uid=vmail gid=vmail The structure of the directory: /home/nomailbox/: total 12 drwxr-xr-x 3 root root 4096 Oct 24 2007 ./ drwxr-xr-x 18 root root 4096 Sep 9 10:36 ../ dr-xr-xr-x 5 root root 4096 Oct 24 2007 Maildir/ /home/nomailbox/Maildir: total 20 dr-xr-xr-x 5 root root 4096 Oct 24 2007 ./ drwxr-xr-x 3 root root 4096 Oct 24 2007 ../ dr-xr-xr-x 2 root root 4096 Oct 24 2007 cur/ dr-xr-xr-x 2 root root 4096 Sep 9 08:23 new/ dr-xr-xr-- 2 root root 4096 Oct 24 2007 tmp/ /home/nomailbox/Maildir/cur: total 8 dr-xr-xr-x 2 root root 4096 Oct 24 2007 ./ dr-xr-xr-x 5 root root 4096 Oct 24 2007 ../ - -rw-r--r-- 1 root root 0 Oct 24 2007 .placeholder /home/nomailbox/Maildir/new: total 12 dr-xr-xr-x 2 root root 4096 Sep 9 08:23 ./ dr-xr-xr-x 5 root root 4096 Oct 24 2007 ../ - -r--r--r-- 1 root root 804 Sep 9 08:24 no-mailbox-for-you /home/nomailbox/Maildir/tmp: total 8 dr-xr-xr-- 2 root root 4096 Oct 24 2007 ./ dr-xr-xr-x 5 root root 4096 Oct 24 2007 ../ - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUi22kF3r2wJMiz2NAQLJEAf/WM0jXqVmZ6HtEvoKTB4grE2xFfN4Ylig imhPVf/yufYLzQw+w98fhrozEcm7UK0mUWpiJQzMowYyLNdF8tVwhgTdAfFa6fhK +L0+GxVcCuvRq/YjIivhgQ7gwZlhjLWa43Fo65HAqude4nnuyb5/RuVb0aPBlB73 1V5nMB5f9PSrlAjtK4kLOq1VRNp2SCVfBem/ESqhYSZ+O51gGZ8JRm7skWr82GmZ tdeYDa52h8CWm67S1lzNK42yNoElkLrH5MZJLCBmjg/hLjD99aMCAdgWRL5zyg/h bZzoOZNztQq0CwBHTB+KY9YBkfMmXzFtse3C0a2Eg9m5bmJmNblPGw== =iYWU -----END PGP SIGNATURE----- From gheskett at wdtv.com Mon Sep 9 15:29:50 2013 From: gheskett at wdtv.com (Gene Heskett) Date: Mon, 9 Sep 2013 08:29:50 -0400 Subject: [Dovecot] Sieve, vacation, company (domain-wide) message possible? In-Reply-To: <522DA2BC.9010504@Media-Brokers.com> References: <522DA2BC.9010504@Media-Brokers.com> Message-ID: <201309090829.51031.gheskett@wdtv.com> On Monday 09 September 2013 08:28:26 Charles Marcus did opine: > Hello, > > I've been using vacation.pl from postfixadmin for many years, and since > the most recent modification that allows me to specify my own strings to > test for for when NOT to send a message, I'm extremely happy with it (no > more auto-responses to linked-in/facebook crap, etc)... > > But, there is one thing I'd like to be able to do that it can't do, and > there hasn't been any positive response about implementing it, so I'm > asking about if this is possible to do with sieve right now, and if not, > how hard would it be to implement... > > What I'd like is to be able to set a company (domain-wide) auto-response > for when our company is closed for holidays... more specifically, extra > holidays (often the boss will close an extra day for an extra long > weekend). He has asked more than once about setting an auto-response for > *everyone* during these periods... > > Thanks, I would be very careful about doing that. You will wind up on the spam blocker lists & have a hell of a time getting back off them. Cheers, Gene -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) My web page: should be up! May you do Good Magic with Perl. -- Larry Wall's blessing A pen in the hand of this president is far more dangerous than 200 million guns in the hands of law-abiding citizens. From rob0 at gmx.co.uk Mon Sep 9 15:41:10 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 9 Sep 2013 07:41:10 -0500 Subject: [Dovecot] Ring SYNC appears to have got lost, resending after upgrade In-Reply-To: <522D9140.9090403@wk-serv.de> References: <522D9140.9090403@wk-serv.de> Message-ID: <20130909124110.GO13717@harrier.slackbuilds.org> On Mon, Sep 09, 2013 at 11:13:36AM +0200, Patrick Westenberg wrote: > on Saturday I upgraded two dovecot servers from squeeze to wheezy > and dovecot from 2.1.x to 2.2.5 (compiled from sources). After the > upgrade everything worked fine at first. > > On Sunday Morning I recognized these errors (they occured after a > reload for logging purpose on midnight) on one server: > > director: Error: Ring SYNC appears to have got lost, resending > > After reloading/restarting both dovecot services the error occured > on both servers. After some research I deleted some "zlib"-File > which isn't needed anymore in dovecot 2.2.x and reinstalled > dovecot. The error message disappeared. > > Today the error occured again (after the reload on midnight) and > again on one node only until reloading/restarting the other node > too. However, there is an additional error message: > > Sep 09 10:27:07 director: Error: Ring SYNC appears to have got > lost, resending > Sep 09 10:27:10 director: Panic: file login-connection.c: line 88 > (login_host_callback): assertion failed: (strncmp(request->line, > "OK\t", 3) == 0) I had the same issue (CentOS 6.4 upgraded with third-party RPMs) on Thu/Fri, and I asked Timo about it in IRC. Apparently a 2.2.6 release is due soon. He gave me two hg links claimed to fix it: http://hg.dovecot.org/dovecot-2.2/rev/f7a37b169f4a http://hg.dovecot.org/dovecot-2.2/rev/9531ec8afe8b However I did have the lost ring SYNC error recur after the cluster was upgraded to the RPM packages currently in Dovecot's EE repo (non-free, pay for access) which does include these fixes. Restart of all director instances worked for me. Actually I stopped all, then started all. So far so good. We're going to go live with this cluster soon, I hope. > node1: > # 2.2.5: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 > auth_mechanisms = plain login > director_mail_servers = 172.17.1.2 172.17.1.1 > director_servers = 172.17.1.3 172.17.1.4 > director_user_expire = 5 mins > lmtp_proxy = yes > log_path = /var/log/dovecot.log > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date ihave > protocols = imap pop3 lmtp sieve > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > unix_listener auth-userdb { > user = dovecot > } > } > service director { > fifo_listener login/proxy-notify { > mode = 0666 > } > inet_listener { > address = 172.17.1.3 > port = 9090 > } > unix_listener director-userdb { > mode = 0600 > } > unix_listener login/director { > mode = 0666 > } > } > service imap-login { > executable = imap-login director > } > service lmtp { > inet_listener lmtp { > address = 172.17.1.3 > port = 24 > } > } > service managesieve-login { > executable = managesieve-login director > inet_listener sieve { > port = 4190 > } > } > service pop3-login { > executable = pop3-login director > } > ssl_cert = ssl_key = protocol !smtp { > passdb { > args = proxy=y nopassword=y starttls=any-cert > driver = static > } > } > protocol smtp { > passdb { > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > userdb { > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > } > protocol lmtp { > auth_socket_path = director-userdb > } > > > node2: > # 2.2.5: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 > auth_mechanisms = plain login > director_mail_servers = 172.17.1.2 172.17.1.1 > director_servers = 172.17.1.4 172.17.1.3 > director_user_expire = 5 mins > lmtp_proxy = yes > log_path = /var/log/dovecot.log > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date ihave > protocols = imap pop3 lmtp sieve > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > unix_listener auth-userdb { > user = dovecot > } > } > service director { > fifo_listener login/proxy-notify { > mode = 0666 > } > inet_listener { > address = 172.17.1.4 > port = 9090 > } > unix_listener director-userdb { > mode = 0600 > } > unix_listener login/director { > mode = 0666 > } > } > service imap-login { > executable = imap-login director > process_min_avail = 2 > service_count = 0 > vsz_limit = 128 M > } > service lmtp { > inet_listener lmtp { > address = 172.17.1.4 > port = 24 > } > } > service managesieve-login { > executable = managesieve-login director > inet_listener sieve { > port = 4190 > } > } > service pop3-login { > executable = pop3-login director > } > ssl_cert = ssl_key = protocol !smtp { > passdb { > args = proxy=y nopassword=y starttls=any-cert > driver = static > } > } > protocol smtp { > passdb { > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > userdb { > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > } > protocol lmtp { > auth_socket_path = director-userdb > } > -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From rs at sys4.de Mon Sep 9 15:44:38 2013 From: rs at sys4.de (Robert Schetterer) Date: Mon, 09 Sep 2013 14:44:38 +0200 Subject: [Dovecot] Sieve, vacation, company (domain-wide) message possible? In-Reply-To: <201309090829.51031.gheskett@wdtv.com> References: <522DA2BC.9010504@Media-Brokers.com> <201309090829.51031.gheskett@wdtv.com> Message-ID: <522DC2B6.3060601@sys4.de> Am 09.09.2013 14:29, schrieb Gene Heskett: > On Monday 09 September 2013 08:28:26 Charles Marcus did opine: > >> Hello, >> >> I've been using vacation.pl from postfixadmin for many years, and since >> the most recent modification that allows me to specify my own strings to >> test for for when NOT to send a message, I'm extremely happy with it (no >> more auto-responses to linked-in/facebook crap, etc)... >> >> But, there is one thing I'd like to be able to do that it can't do, and >> there hasn't been any positive response about implementing it, so I'm >> asking about if this is possible to do with sieve right now, and if not, >> how hard would it be to implement... >> >> What I'd like is to be able to set a company (domain-wide) auto-response >> for when our company is closed for holidays... more specifically, extra >> holidays (often the boss will close an extra day for an extra long >> weekend). He has asked more than once about setting an auto-response for >> *everyone* during these periods... >> >> Thanks, dont use vacation.pl anymore , migrate to sieve, for company wide vacation you may use a global sieve rule http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration > > I would be very careful about doing that. You will wind up on the spam > blocker lists & have a hell of a time getting back off them. filter spam in global sieve rules before vacation > > Cheers, Gene > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From genie at geniechka.ru Mon Sep 9 21:27:21 2013 From: genie at geniechka.ru (Eugene) Date: Mon, 9 Sep 2013 22:27:21 +0400 Subject: [Dovecot] Is this odd? In-Reply-To: References: Message-ID: Hi LuKreme, Do you have any special reasons NOT to use standard layout (Maildir under home) for virtual users, as suggested in the docs and by users here? Best wishes Eugene -----Original Message----- From: LuKreme Sent: Monday, September 09, 2013 3:20 AM To: dovecot at dovecot.org Subject: [Dovecot] Is this odd? $ doveadm user kremels field value uid 1033 gid 1033 home /home/kremels mail maildir:~/Maildir system_groups_user kreme $ doveadm user user at virtual.example.com field value uid 89 gid 89 home /usr/local/virtual/user at virtual.example.com/ mail /usr/local/virtual/user at virtual.example.com mail_location /usr/local/virtual/user at virtual.example.com The local users doesn't have a mail_location set at all, and has a very different mail definition. This seem to be a side-effect of the fact that the home of the virtual user is the top level maildir, but should I set mail to maildir:~ ?? -- Where there is a party, everyone is there Everyone will leave at exactly the same time When this party is over it will start again But not been any different be exactly the same From kremels at kreme.com Mon Sep 9 21:34:11 2013 From: kremels at kreme.com (LuKreme) Date: Mon, 9 Sep 2013 12:34:11 -0600 Subject: [Dovecot] Is this odd? In-Reply-To: References: Message-ID: On 09 Sep 2013, at 12:27 , Eugene wrote: > Hi LuKreme, > > Do you have any special reasons NOT to use standard layout (Maildir under home) for virtual users, as suggested in the docs and by users here? The virtual users were setup in /usr/local/virtual/user at domain.tld way back in the last century. Going through and changing the MySQL database and moving everyone's mail didn't seem like a good plan. (The virtual users ONLY have mail access and ONLY via IMAP). -- Traveling through hyperspace ain't like dusting crops, boy. From sca at andreasschulze.de Tue Sep 10 00:11:49 2013 From: sca at andreasschulze.de (Andreas Schulze) Date: Mon, 9 Sep 2013 23:11:49 +0200 Subject: [Dovecot] sieve vacation question In-Reply-To: <522D864D.8050409@rename-it.nl> References: <20130906204019.GA26278@solar.andreasschulze.de> <522D864D.8050409@rename-it.nl> Message-ID: <20130909211149.GA11080@solar.andreasschulze.de> Am 09.09.2013 10:26 schrieb Stephan Bosch: > Well, Sieve is certainly not meant for something like that. To echo > the complete message back verbatim you could do the following: ... > I haven't tested the above only with sieve-test and not in the wild. Stephan, thanks for your response. I tried both scripts. They work as expected with the mentioned limitation: no header is echoed back in the body. But I learned: the editheader extension must be enabled in dovecot.conf :-) Andreas From list_dovecot at bluerosetech.com Mon Sep 9 23:56:43 2013 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Mon, 09 Sep 2013 13:56:43 -0700 Subject: [Dovecot] How to disable SSL and TLSv1.1? Message-ID: <522E360B.2050505@bluerosetech.com> I'm running Dovecot 2.2.5 and want to make it refuse SSLv2, SSLv3 and TLSv1.0. Clients will opportunistically use TLS 1.1 and 1.2, but now I want require they do so. Is it enough to set ssl_cipher_list = HIGH:!SSLv2:!SSLv3:!TLSv1.0:!aNULL:!MD5 or are there additional settings I need to specify? From h.reindl at thelounge.net Tue Sep 10 02:09:20 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 10 Sep 2013 01:09:20 +0200 Subject: [Dovecot] How to disable SSL and TLSv1.1? In-Reply-To: <522E360B.2050505@bluerosetech.com> References: <522E360B.2050505@bluerosetech.com> Message-ID: <522E5520.2010904@thelounge.net> Am 09.09.2013 22:56, schrieb Darren Pilgrim: > I'm running Dovecot 2.2.5 and want to make it refuse SSLv2, SSLv3 and TLSv1.0. Clients will opportunistically use > TLS 1.1 and 1.2, but now I want require they do so. Is it enough to set > > ssl_cipher_list = HIGH:!SSLv2:!SSLv3:!TLSv1.0:!aNULL:!MD5 > or are there additional settings I need to specify? and what clients do you imagine to connect? on most widely used distributions you even have no openssl version supporting TLS 1.2 and so you lock them all out -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From jtam.home at gmail.com Tue Sep 10 02:18:32 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 9 Sep 2013 16:18:32 -0700 (PDT) Subject: [Dovecot] Is dovecot locking properly? In-Reply-To: References: Message-ID: Scott Galambos writes: > Hello, I'm attempting to move form qpopper 4.1 to Dovecot 2.2.5 on > Linux. When a user checks POP mail qpopper seems to make a > .username.pop temporary file in the same /var/mail directory as the mbox > INBOX file. Watching what dovecot does I don't see this happening. Probably too quick (or perhaps you haven't configured dotlocking). Qpopper locks the INBOX when it creates a drop copy: this can be a time consuming operation, during which you can see the .$user.pop lock file. Dovecot is more intelligent: it doesn't create copies, and goes out of its way to avoid grautitous I/O. Most of the operations can be done by consulting the indices. However, I did contrive a situation to observe lock files being created. 1) Create large INBOX file test user (assuming mbox /inbox/testuser) 2a) In one window, run a shell loop monitor while : ; do ls -al /inbox/testuser.lock done 2b) In another window, create a POP3 session and do an operation that would require a lock: telnet pop-server 110 USER testuser PASS testpassword DELE 1 ... this still won't need locking -- not until ... QUIT If you use maildir format, it may still be too quick to catch. in this situation, you can process trace the pop3 worker process to verify a lock file is created. > Is this .pop file a lock file or just a temporary file? Temporary. If you have them lying around, qpopper crashed. Note: dovecot makes lockfiles of the form "$user.lock". > If its a temp file does dovecot do the same thing elsewhere? I'm > concerned dovecot is not locking properly and there will be mailbox > corruption, so I'm trying to get dovecot to mimic what qpopper does as > much as possible. By "mimic" you mean that locking works, but otherwise, you don't want dovecot to mimic qpopper: the former is much better. I have not had problems with users complaining about scrambled files. As I said, process trace your pop3 worker process if you need to verify the locking process. Joseph Tam From reganyelcich at gmail.com Tue Sep 10 02:28:53 2013 From: reganyelcich at gmail.com (Regan Yelcich) Date: Tue, 10 Sep 2013 11:28:53 +1200 Subject: [Dovecot] Proxy and Master Config Message-ID: I'm just sitting down to configure a Proxy & Master Dovecot setup with Postfix and virtual users. I have read plenty about how to configure Dovecot as a proxy, but I'm unclear what's required on the "master" end. Does the master need the -pop and -imap scripts? or does the proxy handle that and call -deliver on the master? Can anyone explain the basic setup so I get it right. Thanks. From bruce at secryption.com Tue Sep 10 02:56:53 2013 From: bruce at secryption.com (Bruce Markey) Date: Mon, 09 Sep 2013 19:56:53 -0400 Subject: [Dovecot] Default mail folders. Message-ID: <207f5bcf6a7d027fb924f6a316084c70@secryption.com> Just want to make sure before I set this up. I read that the autocreate plugin is deprecated and to use "Mailbox settings" as listed here http://wiki2.dovecot.org/MailboxSettings. If that is correct then do I just add those mailbox blocks in /etc/dovecot/conf.d/10-mail.conf? Lastly, will "sent items" auto populate with sent items or is there something else that needs to be done. I just switched over from courier and I'm still getting used to where/how things are done. Thanks Bruce -- Please use PGP, ENCRYPT everything. For information about acquiring a secryption.com account, email me. My public key: https://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com From liuyingying5496 at 126.com Tue Sep 10 09:59:48 2013 From: liuyingying5496 at 126.com (=?GBK?B?wfXTqNOo?=) Date: Tue, 10 Sep 2013 14:59:48 +0800 (CST) Subject: [Dovecot] Error: BUG: Worker sent reply with id 393, expected 394 Message-ID: <460aa9d2.15832.14106ab403d.Coremail.liuyingying5496@126.com> hi dovecot: when i login 100 users with imap protocol ,Someusers appeared a BUG in maillog like : Sep 10 09:05:22 auth(default): Error: BUG: Worker sent reply with id 393, expected 394 Sep 10 09:05:22 auth(default): Error: worker-server(q82 at t.com,10.12.80.3): Aborted: Worker is buggy Sep 10 09:05:22 auth(default): Error: BUG: Worker sent reply with id 31, expected 32 Sep 10 09:05:22 auth(default): Error: worker-server(q95 at t.com,10.12.80.3): Aborted: Worker is buggy Sep 10 09:05:22 auth(default): Error: BUG: Worker sent reply with id 32, expected 33 Sep 10 09:05:22 auth(default): Error: worker-server(q99 at t.com,10.12.80.3): Aborted: Worker is buggy Sep 10 09:05:22 auth(default): Error: BUG: Worker sent reply with id 29, expected 30 Sep 10 09:05:22 auth(default): Error: worker-server(q22 at t.com,10.12.80.3): Aborted: Worker is buggy Sep 10 09:05:22 imap-login: Info: Internal login failure (auth failed, 1 attempts): user=, method=PLAIN, rip=10.12.80.3, lip=10.12.80.6 From skdovecot at smail.inf.fh-brs.de Tue Sep 10 10:41:28 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 10 Sep 2013 09:41:28 +0200 (CEST) Subject: [Dovecot] Default mail folders. In-Reply-To: <207f5bcf6a7d027fb924f6a316084c70@secryption.com> References: <207f5bcf6a7d027fb924f6a316084c70@secryption.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 9 Sep 2013, Bruce Markey wrote: > If that is correct then do I just add those mailbox blocks in > /etc/dovecot/conf.d/10-mail.conf? I would add new, private .conf files with the appropriate settings. > Lastly, will "sent items" auto populate with sent items or is there something > else that needs to be done. That's something the MUA (client) does. If they do now, they behave the same in the future. However, if you enable "special use" folders, the clients may (but need not) change their own sent-folder to that you've configured. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUi7NKV3r2wJMiz2NAQKkhQf+NfmuGbrUKXDofLKb8W3p37G+HulBfU74 Quu82udxE+OcIJCzpJVNCtmDg34r2jHQWrsbCmbr8lhvXbFk8QSYq7lZq0ixyEBA cM4qXxba1Dw64eBv1dz0KqhvLn9tC1yjQbtqT1aJKR9NTiDNdVYTSAzbF0b6h0ny vqK2WouMJGK6aVW6OvPy/e3CUiFFO8LbEkCEdCe5kv2jysGl4xwrkqHPEmF+W4l4 cJ6U8jOaQVHO0iA8imv8kpEKX2oXTbAgCtkgM0/CGQVlqJsAgtdSyBAgawZ93xjz tlMnPxc9vMOnI2+BRd5T4pBY7mlH2cE/NWsmj5Fjgy0PR/1EvOj+7Q== =wbnl -----END PGP SIGNATURE----- From manu at netbsd.org Tue Sep 10 10:54:50 2013 From: manu at netbsd.org (Emmanuel Dreyfus) Date: Tue, 10 Sep 2013 07:54:50 +0000 Subject: [Dovecot] dovecot and PFS Message-ID: <20130910075450.GA3628@homeworld.netbsd.org> Hi Is there known advices on how to favor PFS with dovecot? In Apache, I use the following directives, with cause all modern browsers to adopt 256 bit PFS ciphers, while keeping backward compatibility with older browsers and avoiding BEAST attack: SSLProtocol all -SSLv2 SSLHonorCipherOrder On SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10 -SHA1:RC4:!MD5:!DES:!aNULL:!eNULL dovecot does not care about BEAST, since attacker cannot inject trafic. Therefore the cipher list get simplier in dovecot.conf: ssl_cipher_list = ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:!MD5:!DES:!aNULL :!eNULL But that list is good for browsers. I am not aware of documentation about what ciphers are advertised by various mail client. How can I know if that setting has some success pushing PFS? How can I discover which clients fail to negociate PFS ciphers? -- Emmanuel Dreyfus manu at netbsd.org From rs at sys4.de Tue Sep 10 11:14:50 2013 From: rs at sys4.de (Robert Schetterer) Date: Tue, 10 Sep 2013 10:14:50 +0200 Subject: [Dovecot] dovecot and PFS In-Reply-To: <20130910075450.GA3628@homeworld.netbsd.org> References: <20130910075450.GA3628@homeworld.netbsd.org> Message-ID: <522ED4FA.30909@sys4.de> Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus: > Hi > > Is there known advices on how to favor PFS with dovecot? > > In Apache, I use the following directives, with cause all modern > browsers to adopt 256 bit PFS ciphers, while keeping backward > compatibility with older browsers and avoiding BEAST attack: > SSLProtocol all -SSLv2 > SSLHonorCipherOrder On > SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10 > -SHA1:RC4:!MD5:!DES:!aNULL:!eNULL > > dovecot does not care about BEAST, since attacker cannot inject > trafic. Therefore the cipher list get simplier in dovecot.conf: > ssl_cipher_list = ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:!MD5:!DES:!aNULL > :!eNULL > > But that list is good for browsers. I am not aware of documentation > about what ciphers are advertised by various mail client. How can I > know if that setting has some success pushing PFS? How can I > discover which clients fail to negociate PFS ciphers? > > to my last tests if you want to stay compatible to most clients use the defaults, if do changes it might fail with old clients, however change might be acceptable with i.e company only mail systems with using only a few known clients. sorry only german http://sys4.de/de/blog/2013/08/15/dovecot-tls-perfect-forward-secrecy/ some advice for apple mail http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/ Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From strack at hm.edu Tue Sep 10 13:25:59 2013 From: strack at hm.edu (Harald Strack) Date: Tue, 10 Sep 2013 12:25:59 +0200 Subject: [Dovecot] Dovecot 2.0, 2.1 and 2.2.5 core dump when Quota Plugin (FS) is enabled Message-ID: <1378808759.12335.26.camel@fx.intern> Hi, we are actually deploying a new IMAP-Server, targeting dovecot 2.1.17. Unfortunately, our tests with imaptest did not succeed, were ending in core dumps. We did this test: ./imaptest host=example.com port=143 user=strack pass=secret disconnect_quit no_pipelining mbox=dovecot-crlf That's what we get in dovecot's log: Sep 10 11:17:04 imap-login: Info: Login: user=, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22810, session= Sep 10 11:17:04 imap-login: Info: Login: user=, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22811, session= Sep 10 11:17:04 imap-login: Info: Login: user=, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22812, session=<1GbR9wPmWACBu/Qf> Sep 10 11:17:04 imap-login: Info: Login: user=, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22813, session= Sep 10 11:17:04 imap-login: Info: Login: user=, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22814, session= Sep 10 11:17:04 imap(strack): Panic: file mbox-storage.c: line 712 (mbox_transaction_unlock): assertion failed: (mbox->box.transaction_count > 0 || mbox->mbox_lock_type == F_UNLCK) Sep 10 11:17:04 imap(strack): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0() [0x3c7824660a] -> /usr/lib64/dovecot/libdovecot.so.0() [0x3c78246656] -> /usr/lib64/dovecot/libdovecot.so.0() [0x3c78219eaa] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3c786600c0] -> /usr/lib/dovecot/lib10_quota_plugin.so(+0xb7e7) [0x7f113b5427e7] -> /usr/lib/dovecot/lib10_quota_plugin.so(+0xb218) [0x7f113b542218] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mbox_sync+0x88) [0x3c7865fea8] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mbox_transaction_save_commit_post+0x27) [0x3c78657c07] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3c786a5313] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_index_transaction_commit_full+0x9f) [0x3c786b3cdf] -> /usr/lib64/dovecot/libdovecot-storage.so.0(index_transaction_commit+0x8a) [0x3c786a4f5a] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3c78660121] -> /usr/lib/dovecot/lib10_quota_plugin.so(+0xb8af) [0x7f113b5428af] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_transaction_commit_get_changes+0x3e) [0x3c7867aa9e] -> dovecot/imap() [0x408b3a] -> dovecot/imap() [0x4088e4] -> dovecot/imap() [0x408d3c] -> dovecot/imap(cmd_append+0x139) [0x408f99] -> dovecot/imap(command_exec+0x3d) [0x41155d] -> dovecot/imap() [0x41046e] -> dovecot/imap() [0x41055a] -> dovecot/imap(client_handle_input+0x135) [0x410785] -> dovecot/imap(client_input+0x5f) [0x4110af] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x3c78252c16] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9f) [0x3c78253c9f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x3c78252bb8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x3c7823e083] -> dovecot/imap(main+0x29d) [0x4195bd] Sep 10 11:17:04 imap-login: Info: Login: user=, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22826, session= Sep 10 11:17:04 imap-login: Info: Login: user=, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22827, session= Sep 10 11:17:04 imap-login: Info: Login: user=, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22828, session= Sep 10 11:17:05 imap(strack): Fatal: master: service(imap): child 22806 killed with signal 6 (core dumped) Sep 10 11:17:05 imap(strack): Info: Connection closed in=49 out=3832 Sep 10 11:17:05 imap(strack): Info: Connection closed in=49 out=3832 That's the backtrace of the coredump: Loaded symbols for /lib64/libnss_files.so.2 Reading symbols from /lib64/libnss_sss.so.2...Reading symbols from /usr/lib/debug/lib64/libnss_sss.so.2.debug...done. done. Loaded symbols for /lib64/libnss_sss.so.2 Reading symbols from /lib64/libgcc_s.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libgcc_s.so.1 Core was generated by `dovecot/imap'. Program terminated with signal 6, Aborted. #0 0x0000003bc02328a5 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.107.el6_4.2.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6_4.4.x86_64 libcom_err-1.41.12-14.el6_4.2.x86_64 libgcc-4.4.7-3.el6.x86_64 libselinux-2.0.94-5.3.el6_4.1.x86_64 openssl-1.0.0-27.el6_4.2.x86_64 zlib-1.2.3-29.el6.x86_64 (gdb) bt #0 0x0000003bc02328a5 in raise () from /lib64/libc.so.6 #1 0x0000003bc0234085 in abort () from /lib64/libc.so.6 #2 0x0000003c78246618 in default_fatal_finish (type=, status=0) at failures.c:191 #3 0x0000003c78246656 in i_internal_fatal_handler (ctx=0x7fff1c87efa0, format=, args=) at failures.c:649 #4 0x0000003c78219eaa in i_panic (format=0x2c1e
) at failures.c:263 #5 0x0000003c786600c0 in mbox_transaction_unlock (box=0x1a51270, lock_id=) at mbox-storage.c:711 #6 0x00007f95c08c77e7 in quota_mailbox_transaction_rollback (ctx=0x1a589e0) at quota-storage.c:142 #7 0x00007f95c08c7218 in quota_mailbox_sync_notify (box=0x1a51270, uid=0, sync_type=0) at quota-storage.c:301 #8 0x0000003c7865fea8 in mbox_sync (mbox=0x1a51270, flags=) at mbox-sync.c:2006 #9 0x0000003c78657c07 in mbox_transaction_save_commit_post (_ctx=0x1a53e20, result=) at mbox-save.c:807 #10 0x0000003c786a5313 in index_transaction_index_commit (index_trans=0x1a5a530, result_r=0x7fff1c87f190) at index-transaction.c:50 #11 0x0000003c786b3cdf in mail_index_transaction_commit_full (_t=0x7fff1c87f1b8, result_r=0x7fff1c87f190) at mail-index-transaction.c:251 #12 0x0000003c786a4f5a in index_transaction_commit (t=, changes_r=) at index-transaction.c:132 #13 0x0000003c78660121 in mbox_transaction_commit (t=, changes_r=) at mbox-storage.c:729 #14 0x00007f95c08c78af in quota_mailbox_transaction_commit (ctx=0x1a5a390, changes_r=0x7fff1c87f260) at quota-storage.c:124 #15 0x0000003c7867aa9e in mailbox_transaction_commit_get_changes (_t=, changes_r=0x7fff1c87f260) at mail-storage.c:1515 #16 0x0000000000408b3a in cmd_append_continue_parsing (cmd=0x1a4ea50) at cmd-append.c:284 #17 0x00000000004088e4 in cmd_append_continue_message (cmd=0x1a4ea50) at cmd-append.c:466 #18 0x0000000000408d3c in cmd_append_continue_parsing (cmd=0x1a4ea50) at cmd-append.c:399 #19 0x0000000000408f99 in cmd_append (cmd=0x1a4ea50) at cmd-append.c:519 #20 0x000000000041155d in command_exec (cmd=0x1a4ea50) at imap-commands.c:148 #21 0x000000000041046e in client_command_input (cmd=0x1a4ea50) at imap-client.c:684 #22 0x000000000041055a in client_command_input (cmd=0x1a4ea50) at imap-client.c:735 #23 0x0000000000410785 in client_handle_next_command (client=0x1a4e240) at imap-client.c:776 #24 client_handle_input (client=0x1a4e240) at imap-client.c:788 #25 0x00000000004110af in client_input (client=0x1a4e240) at imap-client.c:827 #26 0x0000003c78252c16 in io_loop_call_io (io=0x1a4cb70) at ioloop.c:379 #27 0x0000003c78253c9f in io_loop_handler_run (ioloop=) at ioloop-epoll.c:213 #28 0x0000003c78252bb8 in io_loop_run (ioloop=0x1a35670) at ioloop.c:398 #29 0x0000003c7823e083 in master_service_run (service=0x1a35520, callback=) at master-service.c:544 #30 0x00000000004195bd in main (argc=1, argv=0x1a35370) at main.c:389 That's the full backtrace of the coredump: #0 0x0000003bc02328a5 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.107.el6_4.2.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6_4.4.x86_64 libcom_err-1.41.12-14.el6_4.2.x86_64 libgcc-4.4.7-3.el6.x86_64 libselinux-2.0.94-5.3.el6_4.1.x86_64 openssl-1.0.0-27.el6_4.2.x86_64 zlib-1.2.3-29.el6.x86_64 (gdb) bt full #0 0x0000003bc02328a5 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x0000003bc0234085 in abort () from /lib64/libc.so.6 No symbol table info available. #2 0x0000003c78246618 in default_fatal_finish (type=, status=0) at failures.c:191 backtrace = 0x1a2d3a8 "/usr/lib64/dovecot/libdovecot.so.0() [0x3c7824660a] -> /usr/lib64/dovecot/libdovecot.so.0() [0x3c78246656] -> /usr/lib64/dovecot/libdovecot.so.0() [0x3c78219eaa] -> /usr/lib64/dovecot/libdovecot-stora"... #3 0x0000003c78246656 in i_internal_fatal_handler (ctx=0x7fff1c87efa0, format=, args=) at failures.c:649 status = 0 #4 0x0000003c78219eaa in i_panic (format=0x2c1e
) at failures.c:263 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff1c87f070, reg_save_area = 0x7fff1c87efb0}} #5 0x0000003c786600c0 in mbox_transaction_unlock (box=0x1a51270, lock_id=) at mbox-storage.c:711 mbox = 0x1a51270 __FUNCTION__ = "mbox_transaction_unlock" #6 0x00007f95c08c77e7 in quota_mailbox_transaction_rollback (ctx=0x1a589e0) at quota-storage.c:142 qbox = 0x1a51858 qt = 0x1a66a90 #7 0x00007f95c08c7218 in quota_mailbox_sync_notify (box=0x1a51270, uid=0, sync_type=0) at quota-storage.c:301 qbox = 0x1a51858 uids = sizep = i = count = size = #8 0x0000003c7865fea8 in mbox_sync (mbox=0x1a51270, flags=) at mbox-sync.c:2006 lock_id = 11 ---Type to continue, or q to quit--- ret = 0 __FUNCTION__ = "mbox_sync" #9 0x0000003c78657c07 in mbox_transaction_save_commit_post (_ctx=0x1a53e20, result=) at mbox-save.c:807 ctx = 0x1a53e20 __FUNCTION__ = "mbox_transaction_save_commit_post" #10 0x0000003c786a5313 in index_transaction_index_commit (index_trans=0x1a5a530, result_r=0x7fff1c87f190) at index-transaction.c:50 t = 0x1a5a390 ret = 0 __FUNCTION__ = "index_transaction_index_commit" #11 0x0000003c786b3cdf in mail_index_transaction_commit_full (_t=0x7fff1c87f1b8, result_r=0x7fff1c87f190) at mail-index-transaction.c:251 t = 0x1a5a530 index = 0x1a4ccc0 index_undeleted = #12 0x0000003c786a4f5a in index_transaction_commit (t=, changes_r=) at index-transaction.c:132 box = 0x1a51270 itrans = 0x0 result = {log_file_seq = 17, log_file_offset = 6032, commit_size = 196, ignored_modseq_changes = 0} ret = #13 0x0000003c78660121 in mbox_transaction_commit (t=, changes_r=) at mbox-storage.c:729 mt = box = 0x1a51270 lock_id = 11 ret = #14 0x00007f95c08c78af in quota_mailbox_transaction_commit (ctx=0x1a5a390, changes_r=0x7fff1c87f260) ---Type to continue, or q to quit--- at quota-storage.c:124 qbox = 0x1a51858 qt = 0x1a5a1e0 #15 0x0000003c7867aa9e in mailbox_transaction_commit_get_changes (_t=, changes_r=0x7fff1c87f260) at mail-storage.c:1515 _data_stack_cur_id = 4 t = 0x1a5a390 ret = #16 0x0000000000408b3a in cmd_append_continue_parsing (cmd=0x1a4ea50) at cmd-append.c:284 sync_flags = imap_flags = changes = {pool = 0x1a61fe0, uid_validity = 1268835246, saved_uids = {arr = {buffer = 0x1a62000, element_size = 8}, v = 0x1a62000, v_modifiable = 0x1a62000}, ignored_modseq_changes = 0, changed = true, no_read_perm = false} msg = client = 0x1a4e240 ctx = 0x1a4eb48 args = 0x1a59a98 flags_list = flags = keywords_list = keywords = internal_date_str = msg = internal_date = ret = timezone_offset = save_count = nonsync = ---Type to continue, or q to quit--- fatal = __FUNCTION__ = "cmd_append_continue_parsing" #17 0x00000000004088e4 in cmd_append_continue_message (cmd=0x1a4ea50) at cmd-append.c:466 all_written = true client = 0x1a4e240 ctx = 0x1a4eb48 size = 0 ret = #18 0x0000000000408d3c in cmd_append_continue_parsing (cmd=0x1a4ea50) at cmd-append.c:399 client = 0x1a4e240 ctx = 0x1a4eb48 args = 0x1a59a98 flags_list = 0x0 flags = 0 keywords_list = 0x3c782426aa keywords = 0x0 internal_date_str = msg = internal_date = -1 ret = 0 timezone_offset = 0 save_count = nonsync = true fatal = __FUNCTION__ = "cmd_append_continue_parsing" #19 0x0000000000408f99 in cmd_append (cmd=0x1a4ea50) at cmd-append.c:519 client = 0x1a4e240 ctx = 0x1a4eb48 mailbox = 0x1a38910 "INBOX" ---Type to continue, or q to quit--- #20 0x000000000041155d in command_exec (cmd=0x1a4ea50) at imap-commands.c:148 hook = 0x1a36cd0 ret = #21 0x000000000041046e in client_command_input (cmd=0x1a4ea50) at imap-client.c:684 client = 0x1a4e240 command = __FUNCTION__ = "client_command_input" #22 0x000000000041055a in client_command_input (cmd=0x1a4ea50) at imap-client.c:735 client = 0x1a4e240 command = __FUNCTION__ = "client_command_input" #23 0x0000000000410785 in client_handle_next_command (client=0x1a4e240) at imap-client.c:776 size = 1320 #24 client_handle_input (client=0x1a4e240) at imap-client.c:788 _data_stack_cur_id = 3 ret = false remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" #25 0x00000000004110af in client_input (client=0x1a4e240) at imap-client.c:827 cmd = output = 0x1a4ca88 bytes = 1320 __FUNCTION__ = "client_input" #26 0x0000003c78252c16 in io_loop_call_io (io=0x1a4cb70) at ioloop.c:379 ioloop = 0x1a35670 t_id = 2 #27 0x0000003c78253c9f in io_loop_handler_run (ioloop=) at ioloop-epoll.c:213 ctx = 0x1a359e0 ---Type to continue, or q to quit--- events = event = 0x1a35a50 list = 0x1a4cbc0 io = tv = {tv_sec = 1799, tv_usec = 999319} msecs = ret = 1 i = call = #28 0x0000003c78252bb8 in io_loop_run (ioloop=0x1a35670) at ioloop.c:398 No locals. #29 0x0000003c7823e083 in master_service_run (service=0x1a35520, callback=) at master-service.c:544 No locals. #30 0x00000000004195bd in main (argc=1, argv=0x1a35370) at main.c:389 set_roots = {0x41c460, 0x0} login_set = {auth_socket_path = 0x1a2d078 "/var/run/dovecot/auth-master", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x419710 , failure_callback = 0x418f30 } service_flags = storage_service_flags = username = c = That's our configuration: # 2.1.17: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.18.1.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.4 (Santiago) xfs auth_debug = yes auth_verbose = yes debug_log_path = /var/log/dovecot/dovecot-debug.log default_client_limit = 3000 default_process_limit = 8192 disable_plaintext_auth = no log_path = /var/log/dovecot/dovecot.log login_greeting = Server ready. mail_debug = yes mail_location = mbox:/var/spool/fhmrz_imap/% u/dovecot-home:LAYOUT=maildir++:INBOX=/var/spool/mail/% u:INDEX=/var/opt/index/%u/dovecot-indexes:CONTROL=/var/opt/index/% u/dovecot-control mail_plugin_dir = /usr/lib/dovecot mail_plugins = listescape quota mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size flags quota = fs:User quota:user:noenforcing quota_exceeded_message = Quota exceeded, please go to http://www.timbuktu.edu/over_quota_help for instructions on how to fix this. } protocols = imap pop3 service anvil { client_limit = 16744 } service auth { client_limit = 16800 } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_limit = 8192 process_min_avail = 8 } service imap { process_limit = 16084 } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { process_limit = 16084 } ssl_cert = References: <522DA2BC.9010504@Media-Brokers.com> <201309090829.51031.gheskett@wdtv.com> Message-ID: <522EFCE0.5080307@Media-Brokers.com> On 2013-09-09 8:29 AM, Gene Heskett wrote: > On Monday 09 September 2013 08:28:26 Charles Marcus did opine: >> What I'd like is to be able to set a company (domain-wide) auto-response >> for when our company is closed for holidays... more specifically, extra >> holidays (often the boss will close an extra day for an extra long >> weekend). He has asked more than once about setting an auto-response for >> *everyone* during these periods... > I would be very careful about doing that. You will wind up on the spam > blocker lists & have a hell of a time getting back off them. ? If it works exactly the same as normal vacation messages - doesn't auto-reply to any type of list or other auto generated content, and only replies once per day per sender (and for this company wide responder if the same sender sends to more than one of our addresses, they only get ONE response, not one for each recipient - why would doing this at the company/domain level be any different? -- Best regards, */Charles/* From gheskett at wdtv.com Tue Sep 10 15:36:43 2013 From: gheskett at wdtv.com (Gene Heskett) Date: Tue, 10 Sep 2013 08:36:43 -0400 Subject: [Dovecot] Sieve, vacation, company (domain-wide) message possible? In-Reply-To: <522EFCE0.5080307@Media-Brokers.com> References: <522DA2BC.9010504@Media-Brokers.com> <201309090829.51031.gheskett@wdtv.com> <522EFCE0.5080307@Media-Brokers.com> Message-ID: <201309100836.43649.gheskett@wdtv.com> On Tuesday 10 September 2013 08:34:24 Charles Marcus did opine: > On 2013-09-09 8:29 AM, Gene Heskett wrote: > > On Monday 09 September 2013 08:28:26 Charles Marcus did opine: > >> What I'd like is to be able to set a company (domain-wide) > >> auto-response for when our company is closed for holidays... more > >> specifically, extra holidays (often the boss will close an extra day > >> for an extra long weekend). He has asked more than once about > >> setting an auto-response for *everyone* during these periods... > > > > I would be very careful about doing that. You will wind up on the > > spam blocker lists & have a hell of a time getting back off them. > > ? > > If it works exactly the same as normal vacation messages - doesn't > auto-reply to any type of list or other auto generated content, and only > replies once per day per sender (and for this company wide responder if > the same sender sends to more than one of our addresses, they only get > ONE response, not one for each recipient - why would doing this at the > company/domain level be any different? You just setup so many conditions that the average windows using salesperson cannot understand, that you just answered why it would be different. Cheers, Gene -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) My web page: should be up! My father was a God-fearing man, but he never missed a copy of the New York Times, either. -- E. B. White A pen in the hand of this president is far more dangerous than 200 million guns in the hands of law-abiding citizens. From foren at familie-kallies.de Tue Sep 10 16:42:05 2013 From: foren at familie-kallies.de (inkubus) Date: Tue, 10 Sep 2013 06:42:05 -0700 (PDT) Subject: [Dovecot] Sieve Filter global vs user specific Message-ID: <1378820525303-44253.post@n4.nabble.com> Hi at all! I'm actually fighting to make sieve in dovecot work and made quite a success by now. However, I still fail at the following constellation: Background: I'm a Mail Admin of a small IT department and we are already using Dovecot as LDA with a filtering server. Any user can easily create filter rules that apply to him (to make it easier for my colleagues we use the Roundcube plugin for rule design). I can formulate global rules that apply to all. Individual users create their rules for redirectiong mails home (a la redirect: copy "users at theirhomes.de";) According to the policy of my company, certain file types (eg avi, mp4, mp3, wav, etc.) must NOT be sent out to the internet. But our phone system does INTERNALLY just that - receiving calls in absence of the user it sends mails with attachments MP3 (the spoken message). These mails must of course not be forwarded outside. I also created a global rule, which supresses the delivery of these mails (using the stop command), But after my global rule follows the user specific rule and the message ist sent anyway. QUESTION: Can cause dovecot somehow not to follow the user specific rules that apply to a message after going through my global ones? The mail has to remain directly in the inbox (and must not be forwarded by the user specific filter aftwerwards) My configuration: dovecot.conf (excerpt): plugin { sieve = /home/%n/.dovecot.sieve sieve_dir = /home/%n/.mailstore/sieve sieve_global_dir = /etc/dovecot/sieve/ sieve_before = /etc/dovecot/sieve/global } /etc/dovecot/sieve/global: require ["vacation","copy","fileinto","body","imap4flags"]; # rule:[Redirect] if anyof(header :contains "From" "f...ing.telefonanlage at firma.intern", header :contains "Subject" "Sprachnachricht") { stop; } user specific rules are as follows # rule:[Redirect] if true { redirect :copy "users at theirhomes.de"; } I hope my English is understandable (got quite a cold andfighting to keep my eyes open so my English is not the best today ;-) ) I'm sure the solution for this problem is a nobvious & simple one but I'm having my blond moments today... Any help would be appreciated! yours Sven P.S. Klar bin ich mir bewusst, dass einfach die Benutzerfilter aufgebohrt werden k?nnten. Da aber nicht alle Kollegen... sagen wir entsprechend firm... sind, w?rde ich den Pflegeaufwand gern gering halten und dieses Ausnehmen vo der weiterleitung zentralisieren. -- View this message in context: http://dovecot.2317879.n4.nabble.com/Sieve-Filter-global-vs-user-specific-tp44253.html Sent from the Dovecot mailing list archive at Nabble.com. From raabe at froglogic.com Tue Sep 10 16:55:06 2013 From: raabe at froglogic.com (Frerich Raabe) Date: Tue, 10 Sep 2013 15:55:06 +0200 Subject: [Dovecot] Sieve Filter global vs user specific In-Reply-To: <1378820525303-44253.post@n4.nabble.com> References: <1378820525303-44253.post@n4.nabble.com> Message-ID: On 2013-09-10 15:42, inkubus wrote: > QUESTION: Can cause dovecot somehow not to follow the user specific > rules > that apply to a message after going through my global ones? The mail > has to > remain directly in the inbox (and must not be forwarded by the user > specific > filter aftwerwards) [..] > My configuration: dovecot.conf (excerpt): > > plugin { > sieve = /home/%n/.dovecot.sieve > sieve_dir = /home/%n/.mailstore/sieve > sieve_global_dir = /etc/dovecot/sieve/ > sieve_before = /etc/dovecot/sieve/global > } > > /etc/dovecot/sieve/global: > > require ["vacation","copy","fileinto","body","imap4flags"]; > # rule:[Redirect] > if anyof(header :contains "From" > "f...ing.telefonanlage at firma.intern", > header :contains "Subject" "Sprachnachricht") > { > stop; > } You're almost there, I think. Just add a fileinto "INBOX"; before the "stop;" to have the message get stored in the INBOX of the recipient and then stop any further processing. -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From skdovecot at smail.inf.fh-brs.de Tue Sep 10 16:56:14 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 10 Sep 2013 15:56:14 +0200 (CEST) Subject: [Dovecot] Sieve, vacation, company (domain-wide) message possible? In-Reply-To: <522EFCE0.5080307@Media-Brokers.com> References: <522DA2BC.9010504@Media-Brokers.com> <201309090829.51031.gheskett@wdtv.com> <522EFCE0.5080307@Media-Brokers.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 10 Sep 2013, Charles Marcus wrote: > On 2013-09-09 8:29 AM, Gene Heskett wrote: >> On Monday 09 September 2013 08:28:26 Charles Marcus did opine: >>> What I'd like is to be able to set a company (domain-wide) auto-response >>> for when our company is closed for holidays... more specifically, extra >>> holidays (often the boss will close an extra day for an extra long >>> weekend). He has asked more than once about setting an auto-response for >>> *everyone* during these periods... > >> I would be very careful about doing that. You will wind up on the spam >> blocker lists & have a hell of a time getting back off them. > > If it works exactly the same as normal vacation messages - doesn't auto-reply > to any type of list or other auto generated content, and only replies once > per day per sender (and for this company wide responder if the same sender > sends to more than one of our addresses, they only get ONE response, not one > for each recipient - why would doing this at the company/domain level be any > different? When you do this at delivery time (via Sieve), the sender gets one vacation response per recipient once in the configured period. If you setup a domain wide vacation responder at incoming level (aka postfix), the sender might get one central response and one per recipient, who setup a resonse on his/her own. (Say, because s/he is ill, on holiday, missed the global vacation setting or whatever.) Well, besides, it might be a nice extension for a global Sieve script, to choose from a dupe database, usually ~user/.dovecot.lda-dupes, _and_ the information, whether or not the current script already resonded. Then you could add an global "after" script, that makes the usual no-respond tests (bulk, spam, ...) and if no response by current script alreade and use a domain-wide lda-dupes file. :-) - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUi8k/13r2wJMiz2NAQI6Lgf/bZrQEXcFwRk6PwrcxpjXFdPBuANOBD0S yzbKknt42uc4DV6o1x0G3OeuQydCihd5d3ZV9iCCYv4aWdsHhBUVhcA3bRBNgNxV DvKkA00fo0pHz1dlRs6J9rSrCPc8ZqFa4eomAIE/BGJSsvwhmdZEWXJLXGDWgvjw /6gH92is1X210Q3rUyCVY4dCx59lJ+BE7mjIOE2OfsZBKwB2mfSa8fPC3oN8rkp8 uHM8i43cCIqUSIaedGCGnDE19oYnVnmC54f03WcNEZ/wcJqwjNixYLJ5+kYgub/Z Q6yxexFmJqf9JjwOrkngFGqF/7Sjtrnu7NhzNZagpxuNI9ve6U/Mzg== =ijnA -----END PGP SIGNATURE----- From CMarcus at Media-Brokers.com Tue Sep 10 17:51:15 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 10 Sep 2013 10:51:15 -0400 Subject: [Dovecot] Sieve, vacation, company (domain-wide) message possible? In-Reply-To: References: <522DA2BC.9010504@Media-Brokers.com> <201309090829.51031.gheskett@wdtv.com> <522EFCE0.5080307@Media-Brokers.com> Message-ID: <522F31E3.3060504@Media-Brokers.com> On 2013-09-10 9:56 AM, Steffen Kaiser wrote: > On Tue, 10 Sep 2013, Charles Marcus wrote: >> On 2013-09-09 8:29 AM, Gene Heskett wrote: >>> On Monday 09 September 2013 08:28:26 Charles Marcus did opine: >>>> What I'd like is to be able to set a company (domain-wide) >>>> auto-response >>>> for when our company is closed for holidays... more specifically, >>>> extra >>>> holidays (often the boss will close an extra day for an extra long >>>> weekend). He has asked more than once about setting an >>>> auto-response for >>>> *everyone* during these periods... >>> I would be very careful about doing that. You will wind up on the spam >>> blocker lists & have a hell of a time getting back off them. >> If it works exactly the same as normal vacation messages - doesn't >> auto-reply to any type of list or other auto generated content, and >> only replies once per day per sender (and for this company wide >> responder if the same sender sends to more than one of our addresses, >> they only get ONE response, not one for each recipient - why would >> doing this at the company/domain level be any different? > When you do this at delivery time (via Sieve), the sender gets one > vacation response per recipient once in the configured period. > > If you setup a domain wide vacation responder at incoming level (aka > postfix), the sender might get one central response and one per > recipient, who setup a resonse on his/her own. (Say, because s/he is > ill, on holiday, missed the global vacation setting or whatever.) > > Well, besides, it might be a nice extension for a global Sieve script, > to choose from a dupe database, usually ~user/.dovecot.lda-dupes, > _and_ the information, whether or not the current script already > resonded. Then you could add an global "after" script, that makes the > usual no-respond tests (bulk, spam, ...) and if no response by current > script alreade and use a domain-wide lda-dupes file. Yeah, vacation.pl checks an sql database for the whether the script has already responded. Also, I'd just as soon have the domain-wide response simply override the user specific response, then once the domain-wide response is deactivated, user specific ones start working again - but I see the argument for the opposite - ie, if the domain-wide response is active and a user has one of their own set, the users is the one sent, but if not, then the domain-wide response is sent. -- Best regards, */Charles/* From kremels at kreme.com Tue Sep 10 18:03:29 2013 From: kremels at kreme.com (LuKreme) Date: Tue, 10 Sep 2013 09:03:29 -0600 Subject: [Dovecot] Sieve, vacation, company (domain-wide) message possible? In-Reply-To: <522EFCE0.5080307@Media-Brokers.com> References: <522DA2BC.9010504@Media-Brokers.com> <201309090829.51031.gheskett@wdtv.com> <522EFCE0.5080307@Media-Brokers.com> Message-ID: On 10 Sep 2013, at 05:05 , Charles Marcus wrote: > On 2013-09-09 8:29 AM, Gene Heskett wrote: >> On Monday 09 September 2013 08:28:26 Charles Marcus did opine: >>> What I'd like is to be able to set a company (domain-wide) auto-response >>> for when our company is closed for holidays... more specifically, extra >>> holidays (often the boss will close an extra day for an extra long >>> weekend). He has asked more than once about setting an auto-response for >>> *everyone* during these periods... > >> I would be very careful about doing that. You will wind up on the spam >> blocker lists & have a hell of a time getting back off them. > > ? > > If it works exactly the same as normal vacation messages - doesn't auto-reply to any type of list or other auto generated content, and only replies once per day per sender (and for this company wide responder if the same sender sends to more than one of our addresses, they only get ONE response, not one for each recipient That is the "be very careful" part. Auto-responders are notoriously fiddly to get quite right. > - why would doing this at the company/domain level be any different? Because there is much more opportunity to screw it up. -- NOTHING IS FINAL. NOTHING IS ABSOLUTE. EXCEPT ME, OF COURSE. SUCH TINKERING WITH DESTINY COULD MEAN THE DOWNFALL OF THE WORLD. THERE MUST BE A CHANCE, HOWEVER SMALL. THE LAWYERS OF FATE DEMAND A LOOPHOLE IN EVERY PROPHECY. --Sourcery From user+dovecot at localhost.localdomain.org Tue Sep 10 21:38:54 2013 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Tue, 10 Sep 2013 18:38:54 +0000 Subject: [Dovecot] Default mail folders. In-Reply-To: <207f5bcf6a7d027fb924f6a316084c70@secryption.com> References: <207f5bcf6a7d027fb924f6a316084c70@secryption.com> Message-ID: <522F673E.1060709@localhost.localdomain.org> On 09/09/2013 11:56 PM Bruce Markey wrote: > Just want to make sure before I set this up. > > I read that the autocreate plugin is deprecated and to use "Mailbox > settings" as listed here http://wiki2.dovecot.org/MailboxSettings. > > If that is correct then do I just add those mailbox blocks in > /etc/dovecot/conf.d/10-mail.conf? > > Lastly, will "sent items" auto populate with sent items or is there > something else that needs to be done. > ? As mentioned by Steffen, you could create your own/additionally .conf files. You may also have a look at http://hg.dovecot.org/dovecot-2.2/file/tip/doc/example-config/conf.d/15-mailboxes.conf It shows also an example for the 'sent' mailbox. Regards, Pascal -- The trapper recommends today: decade.1325320 at localdomain.org From gerson at digirati.com.br Tue Sep 10 22:20:50 2013 From: gerson at digirati.com.br (Gerson Moraes) Date: Tue, 10 Sep 2013 16:20:50 -0300 Subject: [Dovecot] Vacation message and DMARC validation In-Reply-To: <522D876F.7070405@rename-it.nl> References: <5228E19A.7010503@digirati.com.br> <522D876F.7070405@rename-it.nl> Message-ID: <522F7112.701@digirati.com.br> > Op 5-9-2013 21:55, Gerson Moraes schreef: >> I would like to know if a patch to the main project would be >> appreciated. Could you also please confirm if there are any future >> plans involving this feature, like an optional configuration for >> custom envelope-from? > > Since it is not direct a violation of the specification, I can accept > such a feature. What exactly do you need? Is it enough if it uses the > recipient address or do you want to be able to set it freely to a > server-wide static address? It is enough to use the recipient address. It will make DKIM validation work. Regards, Gerson From bruce at secryption.com Wed Sep 11 04:27:12 2013 From: bruce at secryption.com (Bruce Markey) Date: Tue, 10 Sep 2013 21:27:12 -0400 Subject: [Dovecot] Default mail folders. In-Reply-To: <522F673E.1060709@localhost.localdomain.org> References: <207f5bcf6a7d027fb924f6a316084c70@secryption.com> <522F673E.1060709@localhost.localdomain.org> Message-ID: <2b79182d-404e-4c93-8ef8-99fef2634a81@email.android.com> Thanks for all the help everyone. Bruce Pascal Volk wrote: >On 09/09/2013 11:56 PM Bruce Markey wrote: >> Just want to make sure before I set this up. >> >> I read that the autocreate plugin is deprecated and to use "Mailbox >> settings" as listed here http://wiki2.dovecot.org/MailboxSettings. >> >> If that is correct then do I just add those mailbox blocks in >> /etc/dovecot/conf.d/10-mail.conf? >> >> Lastly, will "sent items" auto populate with sent items or is there >> something else that needs to be done. >> ? > >As mentioned by Steffen, you could create your own/additionally .conf >files. >You may also have a look at >http://hg.dovecot.org/dovecot-2.2/file/tip/doc/example-config/conf.d/15-mailboxes.conf >It shows also an example for the 'sent' mailbox. > > >Regards, >Pascal Please use PGP, ENCRYPT everything. For information about acquiring a secryption.com account, email me. My public key: https://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com From skdovecot at smail.inf.fh-brs.de Tue Sep 10 23:33:47 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen) Date: Tue, 10 Sep 2013 22:33:47 +0200 Subject: [Dovecot] Vacation message and DMARC validation In-Reply-To: <5228E19A.7010503@digirati.com.br> References: <5228E19A.7010503@digirati.com.br> Message-ID: <522F822B.4000706@smail.inf.fh-brs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerson Moraes wrote: > I would like to know if a patch to the main project would be > appreciated. Could you also please confirm if there are any future > plans involving this feature, like an optional configuration for > custom envelope-from? how do you prevent loops, e.g. both sides have an autoresponder activated? Does the custom env-from is dropped by the MTA, if it arrives from the outside? IMHO, one should not assume that another side does honor Preference: bulk/auto. - -- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBUi+CK13r2wJMiz2NAQLTDQgAwtMy0en9r30rdliywECXCE7Fr0Rt6bFM 9BQcxnVZ5T3YJRxGoNJ1Za/hxwzQzULtO/a3VhBJ4g4fwyfuf2zuF9W2ZM7bQxR5 ECTLwrXxH/TwBO9MwurwVzk6AY7cpKs8LrfnVEt1qB1m7bRnJU/OPA6rVCsXzOsv cIqJRvJ5jw+1StCgsiyutMWAhdd8BWS76BnoswmLchCxiimLIJM8hMVa1meT0+Dx r2YcDVq/Z+B2r1f8MZ3vStnSjWsQabfHdg6gUETZhHCdgJ+A7BUDjb19K9VRGNQ+ Jqt25bNFRekwIFZYnqch7wZqjZddWjd5vM1fNZtZ9gUnsRTmxKuwLw== =H5eP -----END PGP SIGNATURE----- From wildfire at progsoc.org Wed Sep 11 14:31:33 2013 From: wildfire at progsoc.org (Anand Kumria) Date: Wed, 11 Sep 2013 12:31:33 +0100 Subject: [Dovecot] slow dict lookups? Message-ID: Hi, I am beginning to see many entries like: Sep 10 21:32:06 mail1 dovecot: imap(user1 at example1.com): Warning: read(/var/run/dovecot/dict): dict lookup took 20 seconds Sep 10 21:32:11 mail1 dovecot: imap(user2 at example2.com): Warning: read(/var/run/dovecot/dict): dict lookup took 25 seconds Sep 10 21:32:16 mail1 dovecot: imap(user3 at example3.com): Warning: read(/var/run/dovecot/dict): dict lookup took 30 seconds Sep 10 21:32:21 mail1 dovecot: imap(user3 at example3.com): Error: read(/var/run/dovecot/dict) failed: Timeout after 30 seconds Sep 10 21:32:21 mail1 dovecot: imap(user1 at example1.com): Warning: read(/var/run/dovecot/dict): dict lookup took 25 seconds Sep 10 21:32:21 mail1 dovecot: imap(user4 at example2.com): Warning: read(/var/run/dovecot/dict): dict lookup took 24 seconds Sep 10 21:32:26 mail1 dovecot: imap(user5 at example2.com): Warning: read(/var/run/dovecot/dict): dict lookup took 29 seconds What is the best way to look into making dict lookups faster? In my case the dict is use for user / domain quotas and is looked up via Postgres (on another host). Is there further logging I can enable to see where the problem is? Thanks, Anand From mnewpipe at gmail.com Wed Sep 11 15:34:48 2013 From: mnewpipe at gmail.com (Michael Neurohr) Date: Wed, 11 Sep 2013 14:34:48 +0200 Subject: [Dovecot] Need help with Replication Message-ID: Hi! I set up two mail servers with Postfix and Dovecot and I would like to sync all mails between the servers. So I set up replication. Now I'm still getting the following errors: =======Server 1======= Sep 11 13:43:52 mx0 dovecot: master: Dovecot v2.1.7 starting up (core dumps disabled) Sep 11 13:43:52 mx0 dovecot: auth-worker(4245): mysql(127.0.0.1): Connected to database mailserver Sep 11 13:43:52 mx0 dovecot: dsync-local(user1 at domain.com): Error: stat(/var/mail/vhosts/domain.com/user1/.dovecot.sieve/tmp) failed: Not a directory Sep 11 13:43:52 mx0 dovecot: dsync-local(user1 at domain.com): Error: Failed to sync mailbox dovecot.sieve: Internal error occurred. Refer to server log for more information. [2013-09-11 13:43:52] ==================== =======Server 2======= Sep 11 13:45:30 mx1 dovecot: master: Dovecot v2.1.7 starting up (core dumps disabled) Sep 11 13:45:32 mx1 dovecot: auth-worker(30031): mysql(127.0.0.1): Connected to database mailserver Sep 11 13:45:34 mx1 dovecot: dsync-local(user1 at domain.com): Error: remote: dsync-remote(user1 at domain.com): Error: stat(/var/mail/vhosts/ domain.com/user1/.dovecot.sieve/tmp) failed: Not a directory Sep 11 13:45:34 mx1 dovecot: doveadm: Error: dsync-remote(user1 at domain.com): Error: Failed to sync mailbox dovecot.sieve: Internal error occurred. Refer to server log for more information. [2013-09-11 13:45:33] Sep 11 13:45:34 mx1 dovecot: doveadm: Error: dsync-remote(user1 at domain.com): Error: command BOX-LIST failed Sep 11 13:45:34 mx1 dovecot: dsync-local(user1 at domain.com): Error: Worker server's mailbox iteration failed ==================== Currently Server 1 holds all mails. Server 2 has no mails. Dovecot Version: 2.1.7 on both servers. =======Dovecot Config Server 1======= root at mx0:/home/mine# dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.1 ext4 auth_mechanisms = plain login mail_location = maildir:/var/mail/vhosts/%d/%n mail_plugins = notify replication mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { antispam_backend = dspam antispam_dspam_args = --deliver;--user;%u antispam_dspam_binary = /usr/bin/dspam antispam_signature = X-DSPAM-Signature antispam_signature_missing = move antispam_spam = Spam antispam_trash = trash;Trash;Deleted Items;Deleted Messages mail_replica = remote:vmail at mx1.neurohr.at replication_full_sync_interval = 1 hours sieve = ~/.dovecot.sieve sieve_before = /etc/sieve/conf.d/before sieve_dir = ~/sieve sieve_extensions = +imapflags } protocols = imap pop3 lmtp sieve service aggregator { fifo_listener replication-notify-fifo { mode = 0600 user = vmail } unix_listener replication-notify { mode = 0600 user = vmail } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service config { unix_listener config { user = vmail } } service dict { unix_listener dict { user = vmail } } service doveadm { user = vmail } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } service replicator { process_min_avail = 1 } ssl = required ssl_ca = Hello, Sorry for posting on both list spamassassin and dovecot : my question is on dovecot antispam plugin, used to learn spamassassin with sa-learn. I wonder if there is a way to confirme sa-learn is correctly feeded by the antispam plugin. dovecot version : 2.1.7 spamassassin version : 3.3.2 (both packaged in debian stable, with postfix and amavis) i configured dovecot's antispam plugin this way : plugin { ... #Antispam antispam_debug_target = syslog antispam_verbose_debug = 1 antispam_backend = pipe antispam_trash = Trash antispam_spam = Junk antispam_allow_append_to_spam = no antispam_pipe_program = /srv/datadisk01/bin/sa-learn-pipe.sh antispam_pipe_program_spam_arg = --spam antispam_pipe_program_notspam_arg = --ham } refering to : http://wiki2.dovecot.org/Plugins/Antispam using that script to pipe message to sa-learn : #!/bin/sh echo /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ; echo "$$-start ($*)" >> /tmp/sa-learn-pipe.log ; #echo $* > /tmp/sendmail-parms.txt ; cat<&0 >> /tmp/sendmail-msg-$$.txt ; /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ; rm -f /tmp/sendmail-msg-$$.txt ; echo "$$-end" >> /tmp/sa-learn-pipe.log ; exit 0; here is what i got when i move a mail to Junk folder : Sep 11 18:10:10 effraie01 imap: antispam: plugin initialising (2.0-notgit) Sep 11 18:10:10 effraie01 imap: antispam: verbose debug enabled Sep 11 18:10:10 effraie01 imap: antispam: "Junk" is exact match spam folder Sep 11 18:10:10 effraie01 imap: antispam: no unsure folders Sep 11 18:10:10 effraie01 imap: antispam: "Trash" is exact match trash folder Sep 11 18:10:10 effraie01 imap: antispam: pipe backend spam argument = --spam Sep 11 18:10:10 effraie01 imap: antispam: pipe backend not-spam argument = --ham Sep 11 18:10:10 effraie01 imap: antispam: pipe backend program = /srv/datadisk01/bin/sa-learn-pipe.sh Sep 11 18:10:10 effraie01 imap: antispam: pipe backend tmpdir /tmp Sep 11 18:11:10 effraie01 imap: antispam: plugin initialising (2.0-notgit) Sep 11 18:11:10 effraie01 imap: antispam: verbose debug enabled Sep 11 18:11:10 effraie01 imap: antispam: "Junk" is exact match spam folder Sep 11 18:11:10 effraie01 imap: antispam: no unsure folders Sep 11 18:11:10 effraie01 imap: antispam: "Trash" is exact match trash folder Sep 11 18:11:10 effraie01 imap: antispam: pipe backend spam argument = --spam Sep 11 18:11:10 effraie01 imap: antispam: pipe backend not-spam argument = --ham Sep 11 18:11:10 effraie01 imap: antispam: pipe backend program = /srv/datadisk01/bin/sa-learn-pipe.sh Sep 11 18:11:10 effraie01 imap: antispam: pipe backend tmpdir /tmp Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_unsure(Junk): 0 Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_trash(INBOX): 0 Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_trash(Junk): 0 Sep 11 18:12:04 effraie01 imap: antispam: mail copy: from trash: 0, to trash: 0 Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_spam(INBOX): 0 Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_spam(Junk): 1 Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_unsure(INBOX): 0 Sep 11 18:12:04 effraie01 imap: antispam: mail copy: src spam: 0, dst spam: 1, src unsure: 0 Sep 11 18:12:04 effraie01 imap: antispam: running mailtrain backend program /srv/datadisk01/bin/sa-learn-pipe.sh Sep 11 18:12:04 effraie01 imap: antispam: running mailtrain backend program /srv/datadisk01/bin/sa-learn-pipe.sh Sep 11 18:12:04 effraie01 imap: antispam: running mailtrain backend program parameter 1 --spam and here is what i got in /tmp/sa-learn-pipe.log: 10545-start (--spam) 10545-end For me, it's working, but when i run sa-learn --backup, i just get this : v 3 db_version # this must be the first line!!! v 0 num_spam v 0 num_nonspam it's probably cause i'm using ***STANDARD-ANTI-UBE-TEST-EMAIL*** wich probably teach nothing to sa-learn, but i wonder if i can find somewher a log or something confirming sa-learn correctly get the email i pipe to it. thanks a lot in advance -- Mathieu From frank at pinky.sax.de Wed Sep 11 20:10:43 2013 From: frank at pinky.sax.de (Frank Behrens) Date: Wed, 11 Sep 2013 19:10:43 +0200 Subject: [Dovecot] dovecot and PFS In-Reply-To: <20130910075450.GA3628@homeworld.netbsd.org> References: <20130910075450.GA3628@homeworld.netbsd.org> Message-ID: <5230A413.5090100@pinky.sax.de> Hi Emmanuel! Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus: > Hi > > Is there known advices on how to favor PFS with dovecot? > > In Apache, I use the following directives, with cause all modern > browsers to adopt 256 bit PFS ciphers, while keeping backward > compatibility with older browsers and avoiding BEAST attack: > SSLProtocol all -SSLv2 > SSLHonorCipherOrder On "SSLHonorCipherOrder" is not yet supported in dovecot. I use the following hack/patch: --- src/login-common/ssl-proxy-openssl.c.orig 2013-08-05 18:08:13.000000000 +0200 +++ src/login-common/ssl-proxy-openssl.c 2013-09-09 18:20:05.184890563 +0200 @@ -1276,6 +1276,7 @@ ssl_server_context_init(const struct log ctx->cipher_list, ssl_last_error()); } SSL_CTX_set_options(ssl_ctx, openssl_get_protocol_options(ctx->protocols)); + SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); if (ssl_proxy_ctx_use_certificate_chain(ctx->ctx, ctx->cert) != 1) { i_fatal("Can't load ssl_cert: %s", > SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10 > -SHA1:RC4:!MD5:!DES:!aNULL:!eNULL > > dovecot does not care about BEAST, since attacker cannot inject > trafic. Therefore the cipher list get simplier in dovecot.conf: > ssl_cipher_list = ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:!MD5:!DES:!aNULL > :!eNULL > > But that list is good for browsers. I am not aware of documentation > about what ciphers are advertised by various mail client. How can I > know if that setting has some success pushing PFS? How can I > discover which clients fail to negociate PFS ciphers? I have in my dovecot.conf: login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c %k The "%k" writes the negotiated cipher into the log, see also http://wiki2.dovecot.org/Variables Regards, Frank -- Frank Behrens Osterwieck, Germany From rs at sys4.de Wed Sep 11 20:16:02 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 11 Sep 2013 19:16:02 +0200 Subject: [Dovecot] dovecot and PFS In-Reply-To: <5230A413.5090100@pinky.sax.de> References: <20130910075450.GA3628@homeworld.netbsd.org> <5230A413.5090100@pinky.sax.de> Message-ID: <5230A552.6050502@sys4.de> Am 11.09.2013 19:10, schrieb Frank Behrens: > Hi Emmanuel! > > Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus: >> Hi >> >> Is there known advices on how to favor PFS with dovecot? >> >> In Apache, I use the following directives, with cause all modern >> browsers to adopt 256 bit PFS ciphers, while keeping backward >> compatibility with older browsers and avoiding BEAST attack: >> SSLProtocol all -SSLv2 >> SSLHonorCipherOrder On > > "SSLHonorCipherOrder" is not yet supported in dovecot. I use the following hack/patch: > > --- src/login-common/ssl-proxy-openssl.c.orig 2013-08-05 18:08:13.000000000 +0200 > +++ src/login-common/ssl-proxy-openssl.c 2013-09-09 18:20:05.184890563 +0200 > @@ -1276,6 +1276,7 @@ ssl_server_context_init(const struct log > ctx->cipher_list, ssl_last_error()); > } > SSL_CTX_set_options(ssl_ctx, openssl_get_protocol_options(ctx->protocols)); > + SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); > > if (ssl_proxy_ctx_use_certificate_chain(ctx->ctx, ctx->cert) != 1) { > i_fatal("Can't load ssl_cert: %s", > that looks interesting, whats Timos meaning to that patch ? > > >> SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10 >> -SHA1:RC4:!MD5:!DES:!aNULL:!eNULL >> >> dovecot does not care about BEAST, since attacker cannot inject >> trafic. Therefore the cipher list get simplier in dovecot.conf: >> ssl_cipher_list = ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:!MD5:!DES:!aNULL >> :!eNULL >> >> But that list is good for browsers. I am not aware of documentation >> about what ciphers are advertised by various mail client. How can I >> know if that setting has some success pushing PFS? How can I >> discover which clients fail to negociate PFS ciphers? > > I have in my dovecot.conf: > login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c %k > The "%k" writes the negotiated cipher into the log, see also > http://wiki2.dovecot.org/Variables > > Regards, > Frank > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From bruce at secryption.com Wed Sep 11 21:32:56 2013 From: bruce at secryption.com (Bruce Markey) Date: Wed, 11 Sep 2013 14:32:56 -0400 Subject: [Dovecot] Quota question. Message-ID: I have quotas setup with dovecot. Everything seems to be running fine. Values show up fine in mysql. I set up Roundcube to show quota amounts, this also works. For some reason it's showing the old value, I had upped a quot I assume that dovecot is reporting this wrong since roundcube talks to dovecot for its info. Imap debug info: [11-Sep-2013 15:57:47 +0000]: [5986] S: A0003 OK List completed. [11-Sep-2013 15:57:47 +0000]: [5986] C: A0004 GETQUOTAROOT INBOX [11-Sep-2013 15:57:47 +0000]: [5986] S: * QUOTAROOT "INBOX" "User quota" [11-Sep-2013 15:57:47 +0000]: [5986] S: * QUOTA "User quota" (STORAGE 81 256000) [11-Sep-2013 15:57:47 +0000]: [5986] S: A0004 OK Getquotaroot completed. [11-Sep-2013 15:57:47 +0000]: [5986] C: A0005 LOGOUT I'm not sure where next to look. I made sure I didn't have a hard defaut value set in 90-quota.conf. Thank you Bruce -- Please use PGP, ENCRYPT everything. For information about acquiring a secryption.com account, email me. My public key: https://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com From bruce at secryption.com Wed Sep 11 22:05:00 2013 From: bruce at secryption.com (Bruce Markey) Date: Wed, 11 Sep 2013 15:05:00 -0400 Subject: [Dovecot] Quota question. In-Reply-To: References: Message-ID: <234fc7a392383652f7991b6c005d5622@secryption.com> I think it's something more. Apparently it's not even looking at the database. Not sure what I didn't do. If anyone can point me to a good dovecot / mysql quota how to that would be helpful. Thank you bruce -- Please use PGP, ENCRYPT everything. For information about acquiring a secryption.com account, email me. My public key: https://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com From gerson at digirati.com.br Thu Sep 12 00:35:13 2013 From: gerson at digirati.com.br (Gerson Moraes) Date: Wed, 11 Sep 2013 18:35:13 -0300 Subject: [Dovecot] Vacation message and DMARC validation In-Reply-To: <522F822B.4000706@smail.inf.fh-brs.de> References: <5228E19A.7010503@digirati.com.br> <522F822B.4000706@smail.inf.fh-brs.de> Message-ID: <5230E211.50007@digirati.com.br> Hi Stephan, > how do you prevent loops, e.g. both sides have an autoresponder > activated? We use the parameter "days" available for setting the frequency of vacation messages. For example, if "days" is set to 1, only one auto-response will be generated for the same e-mail per day. So, it prevents loops correctly. > Does the custom env-from is dropped by the MTA, if it > arrives from the outside? IMHO, one should not assume that another > side does honor Preference: bulk/auto. I did not understand what you meant. Can you give an example? Regards, Gerson From bruce at secryption.com Thu Sep 12 01:29:30 2013 From: bruce at secryption.com (Bruce Markey) Date: Wed, 11 Sep 2013 18:29:30 -0400 Subject: [Dovecot] Double Maildir folders. Message-ID: <6be0cce5f8de4b7d68ed50b95c8ab62b@secryption.com> Somehow in setting up quotas and sieve I somehow doubled my maildir. I noticed that when I logged into my webmail I didn't see the folders I created. I went to the actual location and noticed this. Mail location is set correctly in 10-mail.conf mail_location = maildir:/var/vmail/%d/%n/Maildir So I went to /var/vmail/domain/user and saw: drwx------ 8 vmail vmail 4.0K Sep 11 22:08 . drwx------ 4 vmail vmail 4.0K Sep 10 18:40 .. drwx------ 5 vmail vmail 4.0K Sep 11 22:04 .Sent lrwxrwxrwx 1 vmail vmail 21 Sep 11 15:44 .dovecot.sieve -> sieve/roundcube.sieve -rw------- 1 vmail vmail 199 Sep 11 15:45 .dovecot.svbin drwx------ 10 vmail vmail 4.0K Sep 11 18:40 Maildir drwx------ 2 vmail vmail 4.0K Sep 11 19:46 cur -rw------- 1 vmail vmail 51 Sep 11 19:47 dovecot-uidlist -rw------- 1 vmail vmail 8 Sep 11 19:47 dovecot-uidvalidity -r--r--r-- 1 vmail vmail 0 Sep 11 19:46 dovecot-uidvalidity.5230c8a2 -rw------- 1 vmail vmail 248 Sep 11 19:47 dovecot.index.log -rw------- 1 vmail vmail 24 Sep 11 19:47 dovecot.mailbox.log -rw------- 1 vmail vmail 15 Sep 11 22:08 maildirsize drwx------ 2 vmail vmail 4.0K Sep 11 19:46 new drwx------ 3 vmail vmail 4.0K Sep 11 15:44 sieve -rw------- 1 vmail vmail 5 Sep 11 19:47 subscriptions drwx------ 2 vmail vmail 4.0K Sep 11 19:46 tmp Which I shouldn't see correct? Because then in /var/vmail/domain/user/Maildir I see. drwx------ 10 vmail vmail 4.0K Sep 11 18:40 . drwx------ 8 vmail vmail 4.0K Sep 11 22:08 .. drwx------ 5 vmail vmail 4.0K Sep 10 00:23 .Drafts drwx------ 5 vmail vmail 4.0K Sep 11 15:45 .Sent drwx------ 5 vmail vmail 4.0K Sep 10 01:08 .Spam drwx------ 5 vmail vmail 4.0K Sep 11 15:46 .Test Folder drwx------ 5 vmail vmail 4.0K Sep 11 15:57 .Trash drwx------ 2 vmail vmail 4.0K Sep 11 01:37 cur -rw------- 1 vmail vmail 52 Sep 11 09:17 dovecot-uidlist -rw------- 1 vmail vmail 8 Sep 11 15:45 dovecot-uidvalidity -r--r--r-- 1 vmail vmail 0 Sep 10 00:17 dovecot-uidvalidity.522e6523 -rw------- 1 vmail vmail 600 Sep 10 23:08 dovecot.index -rw------- 1 vmail vmail 39K Sep 11 01:37 dovecot.index.cache -rw------- 1 vmail vmail 21K Sep 11 09:17 dovecot.index.log -rw------- 1 vmail vmail 120 Sep 11 15:44 dovecot.mailbox.log -rw------- 1 vmail vmail 20 Sep 11 18:40 maildirsize drwx------ 2 vmail vmail 4.0K Sep 11 00:16 new -rw------- 1 vmail vmail 35 Sep 11 15:44 subscriptions drwx------ 2 vmail vmail 4.0K Sep 11 00:13 tmp I went through all the conf files under /etc/dovecot/conf. and made sure I hadn't missed something. As above the maildir is correct. The only two places I can think are 90-plugin.conf which are my sieve settings. plugin { # The location of the user's active script: sieve = ~/.dovecot.sieve # If the user has no personal active script (i.e. if the file # indicated in sieve= does not exist), use this one: sieve_global_path = /var/lib/dovecot/sieve/default.sieve # The include extension fetches the :personal scripts from this # directory. When ManageSieve is used, this is also where scripts # are uploaded. sieve_dir = ~/sieve # The include extension fetches the :global scripts from this # directory. sieve_global_dir = /var/lib/dovecot/sieve/global/ } But I don't see how that would affect it. And the password and user queries were changed for the quotas. password_query = SELECT username AS user, password,CONCAT('/var/vmail/', maildir) AS userdb_home,\ '5000' AS userdb_uid, '5000' AS userdb_gid,\ concat('*:storage=', quota) AS userdb_quota_rule\ FROM mailbox WHERE username='%u' AND domain='%d' AND active=1 user_query = SELECT CONCAT('/var/vmail/', maildir) AS home, 'maildir:~/' as mail, '5000' AS uid, '5000' AS gid,\ concat('*:storage=', quota) AS quota_rule\ FROM mailbox WHERE username='%u' AND domain='%d' AND active=1 maildir in the mailbox is domain/user/ <- do I have to concat on Maildir in the query? Thanks Bruce -- Please use PGP, ENCRYPT everything. For information about acquiring a secryption.com account, email me. My public key: https://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com From list_dovecot at bluerosetech.com Thu Sep 12 01:46:38 2013 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Wed, 11 Sep 2013 15:46:38 -0700 Subject: [Dovecot] How to disable SSL and TLSv1.1? In-Reply-To: <522E5520.2010904@thelounge.net> References: <522E360B.2050505@bluerosetech.com> <522E5520.2010904@thelounge.net> Message-ID: <5230F2CE.7020701@bluerosetech.com> On 9/9/2013 4:09 PM, Reindl Harald wrote: > Am 09.09.2013 22:56, schrieb Darren Pilgrim: >> I'm running Dovecot 2.2.5 and want to make it refuse SSLv2, SSLv3 and TLSv1.0. Clients will opportunistically use >> TLS 1.1 and 1.2, but now I want require they do so. Is it enough to set >> >> ssl_cipher_list = HIGH:!SSLv2:!SSLv3:!TLSv1.0:!aNULL:!MD5 >> or are there additional settings I need to specify? > > and what clients do you imagine to connect? Thunderbird and a Webmail app. > on most widely used distributions you even have no openssl > version supporting TLS 1.2 and so you lock them all out OpenSSL 1.0.1 supports TLS 1.2. So does Windows 7/8 and MacOS X. Mozilla NSS 3.15 does 1.2. FWIW, I was able to get it working with the following: ssl_protocols = !SSLv2 !SSLv3 !TLSv1 ssl_cipher_list = ALL:HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL:@STRENGTH The above disables SSLv2, v3 and TLSv1.0, leaving only TLSv1.1 with AES/Camellia/3DES and TLSv1.2 with AES/AES-GCM. Dovecot lacks the ability to disable TLS 1.1 or 1.2. Adding support for specifying TLSv1.1 and TLSv1.2 in ssl_protocols looks pretty straight forward: add 0x08 and 0x10 to the enum in src/lib-ssl-iostream/iostream-openssl-common.c and expand the various tests to include the appropriate strings. Would a user-submitted patch to add TLSv1.1 and TLSv1.2 support to ssl_protocols be appreciated? -- Please reply on list. From h.reindl at thelounge.net Thu Sep 12 01:52:32 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 12 Sep 2013 00:52:32 +0200 Subject: [Dovecot] How to disable SSL and TLSv1.1? In-Reply-To: <5230F2CE.7020701@bluerosetech.com> References: <522E360B.2050505@bluerosetech.com> <522E5520.2010904@thelounge. net> <5230F2CE.7020701@bluerosetech.com> Message-ID: <5230F430.4090105@thelounge.net> Am 12.09.2013 00:46, schrieb Darren Pilgrim: > On 9/9/2013 4:09 PM, Reindl Harald wrote: >> Am 09.09.2013 22:56, schrieb Darren Pilgrim: >>> I'm running Dovecot 2.2.5 and want to make it refuse SSLv2, SSLv3 and TLSv1.0. Clients will opportunistically use >>> TLS 1.1 and 1.2, but now I want require they do so. Is it enough to set >>> >>> ssl_cipher_list = HIGH:!SSLv2:!SSLv3:!TLSv1.0:!aNULL:!MD5 >>> or are there additional settings I need to specify? >> >> and what clients do you imagine to connect? > > Thunderbird and a Webmail app in that special case you may be lucky >> on most widely used distributions you even have no openssl >> version supporting TLS 1.2 and so you lock them all out > > OpenSSL 1.0.1 supports TLS 1.2 and that is why i said most widely used does not RHEL5: openssl-0.9.8e RHEL6: openssl-1.0.0 Fedora 17: openssl-1.0.0k Fedora 18: openssl-1.0.1e if you have only a few users where you know OS and mail-client this is doable, for any server with customers it is a no-go -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From amandy_lda at outlook.com Thu Sep 12 05:39:53 2013 From: amandy_lda at outlook.com (liuamandy) Date: Thu, 12 Sep 2013 02:39:53 +0000 Subject: [Dovecot] question about dovecot-auth Message-ID: hello : i'm new to dovecot-list: i have a question about dovecot auth: the database of dovecot-auth is memcached, when i test 200 users login by imap at the same time, there are some error like this: Is there any Parameter matches wrong ? =====================error========================= Sep 12 10:14:15 IMAP(q56 at t.com): Info: Quota warning: bytes=1048471142 (90%) messages=0 command=/opt/email/bin/dovecot-quota-warning.sh 90 q56 at t.com Sep 12 10:14:15 IMAP(q56 at t.com): Info: Quota warning: bytes=1106719539 (95%) messages=0 command=/opt/email/bin/dovecot-quota-warning.sh 95 q56 at t.com Sep 12 10:14:16 auth(default): Info: 1111111111111111111111111111!:id:22 OK q148 at t.com username=q148 at t.com password={CRYPT}$1$711536ed$Q4xYrsYOS6bVq9mJvNoc40 home=/opt/mail mail=maildir:/opt/mail/t.com/q148/ quota_rule2=*:messages=1111 quota_rule=*:bytes=1164967936 line: OK q148 at t.com username=q148 at t.com password={CRYPT}$1$711536ed$Q4xYrsYOS6bVq9mJvNoc40 home=/opt/email mail=maildir:/opt/email/t.com/q148/ quota_rule2=*:messages=1111 quota_rule=*:bytes=1164967936 request:23 Sep 12 10:14:16 auth(default): Error: BUG: Worker sent reply with id 22, expected 23 Sep 12 10:14:16 auth(default): Error: worker-server(q92 at t.com,127.0.0.1): Aborted: Worker is buggy Sep 12 10:14:16 auth(default): Info: 1111111111111111111111111111!:id:7 OK q32 at t.com {CRYPT}$1$557ecad6$SOQhh76yfMx4zAIp3KKX61 home=/opt/mail mail=maildir:/opt/mail/t.com/q32 quota_rule2=*:messages=1111 quota_rule=*:bytes=1164967936 username=q32 at t.com line: OK q32 at t.com {CRYPT}$1$557ecad6$SOQhh76yfMx4zAIp3KKX61 home=/opt/mail mail=maildir:/opt/mail/t.com/q32 quota_rule2=*:messages=1111 quota_rule=*:bytes=1164967936 username=q32 at t.com request:7 Sep 12 10:14:16 IMAP(q156 at t.com): Info: Namespace: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes Sep 12 10:14:16 IMAP(q156 at t.com): Info: maildir: data=/opt/email/t.com/q156/...ep 12 10:14:21 auth(default): Info: new auth connection: pid=14558 Sep 12 10:14:22 imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Sep 12 10:14:23 auth(default): Info: new auth connection: pid=14562 Sep 12 10:17:14 imap-login: Info: Disconnected: Inactivity (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Sep 12 10:17:15 auth(default): Info: new auth connection: pid=14601 ======================concurrent-script======================== my concurrent-login script is: use strict; use warnings; use Net::IMAP::Client; use Getopt::Long; use threads; my %opt = (); GetOptions(\%opt, 'pth_num|n=s'); my $pths = $opt{pth_num}; my $t1 = 0; my $passwd = "qwer1234"; sub thread_fun { my $j = 0; my $count = 2; my $k = $_[0]; my $pid = threads->self()->tid(); while ($count != 0){ my $username = "q$k\@t.com"; print "#####$pid $username $passwd #####\n"; my $imap = Net::IMAP::Client->new( server => '127.0.0.1', user => $username, password => $passwd, )or die "can not connect:$@"; $imap->login($username, $passwd) or die ('login failed!'. $imap->last_error); $imap->noop; $imap->select('INBOX'); $imap->noop; $imap->noop; $imap->noop; $imap->noop; $imap->logout; print "------------$username logout------------------\n"; $count--; sleep(1); } print "GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG\n" } my $i = 1; while($pths){ $t1 = threads->create(\&thread_fun, $i); if($pths != 1){ $t1->detach(); } print "create $pths\'s threads\n"; $i++; $pths--; } my $ret = $t1->join(); =========================dovecot.conf====================== my dovecot.conf about auth is:log_path = /var/log/maillog login_processes_count = 128 #listen_start_process login_max_processes_count = 128 login_max_connections = 128 #login_max_connections = 256 max_mail_processes = 1024disable_plaintext_auth = nologin_process_per_connection=yes thanks amandy From mohsen at pahlevanzadeh.org Thu Sep 12 06:19:14 2013 From: mohsen at pahlevanzadeh.org (Mohsen Pahlevanzadeh) Date: Thu, 12 Sep 2013 07:49:14 +0430 Subject: [Dovecot] Where's Dovecot's ports? Message-ID: <1378955954.16832.5.camel@debian> Dear all, I installed "dovecot dovecoot-mysql postfix and postfix-mysql" from debian repository 7. I start them with "/etc/init.d/postfix start" and "/etc/init.d/dovecot start" but When i use nmap localhost I see the following output: root at sito:/etc/dovecot# nmap localhost Starting Nmap 6.00 ( http://nmap.org ) at 2013-09-12 07:35 IRDT Nmap scan report for localhost (127.0.0.1) Host is up (0.0000030s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 3128/tcp open squid-http 3306/tcp open mysql My Question is , Where's dovecot ? i don't see its' ports.... From mohsen at pahlevanzadeh.org Thu Sep 12 07:03:05 2013 From: mohsen at pahlevanzadeh.org (Mohsen Pahlevanzadeh) Date: Thu, 12 Sep 2013 08:33:05 +0430 Subject: [Dovecot] Where's Dovecot's ports? In-Reply-To: <1378955954.16832.5.camel@debian> References: <1378955954.16832.5.camel@debian> Message-ID: <1378958585.16832.6.camel@debian> But When i use netsta -anp |egrep -i dovecot i get the following output: root at sito:/home/mohsen# netstat -nap |egrep -i dovecot unix 2 [ ACC ] STREAM LISTENING 69634 18414/dovecot /var/run/dovecot/anvil unix 2 [ ACC ] STREAM LISTENING 69638 18414/dovecot /var/run/dovecot/anvil-auth-penalty unix 2 [ ACC ] STREAM LISTENING 65456 18414/dovecot /var/run/dovecot/stats unix 2 [ ACC ] STREAM LISTENING 65459 18414/dovecot /var/run/dovecot/login/ssl-params unix 2 [ ACC ] STREAM LISTENING 65463 18414/dovecot /var/run/dovecot/replicator unix 2 [ ACC ] STREAM LISTENING 65467 18414/dovecot /var/run/dovecot/replication-notify unix 2 [ ACC ] STREAM LISTENING 65472 18414/dovecot /var/run/dovecot/log-errors unix 2 [ ACC ] STREAM LISTENING 65476 18414/dovecot /var/run/dovecot/ipc unix 2 [ ACC ] STREAM LISTENING 65478 18414/dovecot /var/run/dovecot/login/ipc-proxy unix 2 [ ACC ] STREAM LISTENING 65482 18414/dovecot /var/run/dovecot/indexer-worker unix 2 [ ACC ] STREAM LISTENING 65486 18414/dovecot /var/run/dovecot/indexer unix 2 [ ACC ] STREAM LISTENING 65490 18414/dovecot /var/run/dovecot/doveadm-server unix 2 [ ACC ] STREAM LISTENING 65494 18414/dovecot /var/run/dovecot/dns-client unix 2 [ ACC ] STREAM LISTENING 65496 18414/dovecot /var/run/dovecot/login/dns-client unix 2 [ ACC ] STREAM LISTENING 65500 18414/dovecot /var/run/dovecot/director-admin unix 2 [ ACC ] STREAM LISTENING 65504 18414/dovecot /var/run/dovecot/director-userdb unix 2 [ ACC ] STREAM LISTENING 65508 18414/dovecot /var/run/dovecot/dict unix 2 [ ACC ] STREAM LISTENING 65512 18414/dovecot /var/run/dovecot/config unix 2 [ ACC ] STREAM LISTENING 65514 18414/dovecot /var/run/dovecot/login/login unix 2 [ ACC ] STREAM LISTENING 65518 18414/dovecot /var/run/dovecot/auth-login unix 2 [ ACC ] STREAM LISTENING 65522 18414/dovecot /var/run/dovecot/auth-client unix 2 [ ACC ] STREAM LISTENING 65526 18414/dovecot /var/run/dovecot/auth-userdb unix 2 [ ACC ] STREAM LISTENING 65530 18414/dovecot /var/run/dovecot/auth-master unix 2 [ ACC ] STREAM LISTENING 65534 18414/dovecot /var/run/dovecot/auth-worker unix 3 [ ] STREAM CONNECTED 65453 18414/dovecot unix 3 [ ] STREAM CONNECTED 65452 18414/dovecot unix 2 [ ] DGRAM 65448 18414/dovecot On Thu, 2013-09-12 at 07:49 +0430, Mohsen Pahlevanzadeh wrote: > Dear all, > > I installed "dovecot dovecoot-mysql postfix and postfix-mysql" from > debian repository 7. > > I start them with "/etc/init.d/postfix start" and "/etc/init.d/dovecot > start" > > but When i use nmap localhost I see the following output: > root at sito:/etc/dovecot# nmap localhost > > Starting Nmap 6.00 ( http://nmap.org ) at 2013-09-12 07:35 IRDT > Nmap scan report for localhost (127.0.0.1) > Host is up (0.0000030s latency). > Other addresses for localhost (not scanned): 127.0.0.1 > Not shown: 993 closed ports > PORT STATE SERVICE > 21/tcp open ftp > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 111/tcp open rpcbind > 3128/tcp open squid-http > 3306/tcp open mysql > > My Question is , Where's dovecot ? i don't see its' ports.... > > From vijayrajah at gmail.com Thu Sep 12 08:31:42 2013 From: vijayrajah at gmail.com (Vijay Rajah) Date: Thu, 12 Sep 2013 11:01:42 +0530 Subject: [Dovecot] Quota question. In-Reply-To: <234fc7a392383652f7991b6c005d5622@secryption.com> References: <234fc7a392383652f7991b6c005d5622@secryption.com> Message-ID: Check if new quota is recognized using 'doveadm quota get -u ' If it does then there is some other issue... It is hard to tell without knowing how it is setup. Thanks VIjay On Thu, Sep 12, 2013 at 12:35 AM, Bruce Markey wrote: > I think it's something more. Apparently it's not even looking at the > database. Not sure what I didn't do. > If anyone can point me to a good dovecot / mysql quota how to that would > be helpful. > > > Thank you > bruce > > > -- > Please use PGP, ENCRYPT everything. > For information about acquiring a secryption.com account, email me. > > My public key: https://www.secryption.com/**BruceMarkey.asc or > https://keyserver.pgp.com > > From andreas.schulze at datev.de Thu Sep 12 08:45:39 2013 From: andreas.schulze at datev.de (Andreas Schulze) Date: Thu, 12 Sep 2013 07:45:39 +0200 Subject: [Dovecot] SOLVED: dovecot-2.2.5 build failed if openssl < 0.9.8 Message-ID: <20130912054539.GB11312@spider.services.datevnet.de> Hello, to build dovecot-2.2.5 on a system based on openssl-0.9.7 I had to apply the attached patch. Maybe it could be applied in the next versions Thanks. -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 N?rnberg, Paumgartnerstr. 6-14 | Registergericht N?rnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr J?rg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen -------------- next part -------------- A non-text attachment was scrubbed... Name: openssl-0.9.7.patch Type: text/x-diff Size: 1638 bytes Desc: not available URL: From skdovecot at smail.inf.fh-brs.de Thu Sep 12 09:12:19 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 12 Sep 2013 08:12:19 +0200 (CEST) Subject: [Dovecot] slow dict lookups? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 11 Sep 2013, Anand Kumria wrote: > Sep 10 21:32:06 mail1 dovecot: imap(user1 at example1.com): Warning: > read(/var/run/dovecot/dict): dict lookup took 20 seconds > Sep 10 21:32:11 mail1 dovecot: imap(user2 at example2.com): Warning: > read(/var/run/dovecot/dict): dict lookup took 25 seconds > Sep 10 21:32:16 mail1 dovecot: imap(user3 at example3.com): Warning: > read(/var/run/dovecot/dict): dict lookup took 30 seconds > Sep 10 21:32:21 mail1 dovecot: imap(user3 at example3.com): Error: > read(/var/run/dovecot/dict) failed: Timeout after 30 seconds > Sep 10 21:32:21 mail1 dovecot: imap(user1 at example1.com): Warning: > read(/var/run/dovecot/dict): dict lookup took 25 seconds > Sep 10 21:32:21 mail1 dovecot: imap(user4 at example2.com): Warning: > read(/var/run/dovecot/dict): dict lookup took 24 seconds > Sep 10 21:32:26 mail1 dovecot: imap(user5 at example2.com): Warning: > read(/var/run/dovecot/dict): dict lookup took 29 seconds > > What is the best way to look into making dict lookups faster? > > In my case the dict is use for user / domain quotas and is looked up via > Postgres (on another host). Is there further logging I can enable to see > where the problem is? There is a timeout, the server did not send the reply in less than 32s. You have to look into client -> network -> server -> postgres -> network - -> client chain. Maybe network problems, postgres server overload, bad SQL queries, ... . - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUjFbQ13r2wJMiz2NAQIOBwgArn+4ov5H909ksmK1xc/+kw/HlNip/G5M BySv+bhSmH0V0g58AYdc3cPD4YgZGJKn2+ecIGxaatQyUvyxDr8tcaojkBp6cWrr eGejSTuFMsSe8iMUKycs3+3UfC3UD1UzUSME/hCROMkgw64c4T1Dma0KyBICvLkp vSF2+maKNcmhiUa2J4AwG532ePKw/+OcCatcTQHeUVLBqSI2VROLyRYQIhzcl4PR wQDFOqtjZerWblwe9XG0lxtd8iaEglKLA12Tf/PVhX8UXw5pFdljxKr8G/e17N9v ZMqW+z27rZX7xOiEeKkS2NRhe+Ift9Bj6Gi50V7xkPwX/MA4e27F5Q== =n5E2 -----END PGP SIGNATURE----- From d.parthey at metaways.de Thu Sep 12 09:21:45 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Thu, 12 Sep 2013 08:21:45 +0200 Subject: [Dovecot] Quota question. In-Reply-To: References: Message-ID: <9d1d3f67-9540-4de4-80b6-c8fe375365f8@email.android.com> Hi Bruce, please follow the Dovecot Mailing List guidelines and post your output of doveconf -n Also have a look in the List Archives. There has been a similar quota question in the last few days. Regards Daniel From skdovecot at smail.inf.fh-brs.de Thu Sep 12 09:31:24 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 12 Sep 2013 08:31:24 +0200 (CEST) Subject: [Dovecot] Antispam plugin / sa-learn In-Reply-To: <1378916759.8725.20.camel@kubrick> References: <1378916759.8725.20.camel@kubrick> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 11 Sep 2013, Mathieu R. wrote: > Sorry for posting on both list spamassassin and dovecot : my question is > on dovecot antispam plugin, used to learn spamassassin with sa-learn. > > I wonder if there is a way to confirme sa-learn is correctly feeded by > the antispam plugin. > using that script to pipe message to sa-learn : > > #!/bin/sh > echo /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ; > echo "$$-start ($*)" >> /tmp/sa-learn-pipe.log ; > #echo $* > /tmp/sendmail-parms.txt ; > cat<&0 >> /tmp/sendmail-msg-$$.txt ; > /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ; > rm -f /tmp/sendmail-msg-$$.txt ; > echo "$$-end" >> /tmp/sa-learn-pipe.log ; > exit 0; above script is missing important log information: the current uid and $HOME; also sa-learn knows -D I would change for a testing period: #!/bin/sh echo /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ; echo "$$-start ($*)" >> /tmp/sa-learn-pipe.log ; #echo $* > /tmp/sendmail-parms.txt ; cat<&0 >> /tmp/sendmail-msg-$$.txt ; /usr/bin/sa-learn -D $* /tmp/sendmail-msg-$$.txt >/tmp/sa-learn-pipe.$$.tmp 2>&1; echo $$ sa-learn rc=$? id=$(id) HOME=$HOME >> /tmp/sa-learn-pipe.log while read line; do echo $$-sa-learn "$line" >> /tmp/sa-learn-pipe.log done < /tmp/sa-learn-pipe.$$.tmp rm -f /tmp/sendmail-msg-$$.txt /tmp/sa-learn-pipe.$$.tmp echo "$$-end" >> /tmp/sa-learn-pipe.log ; exit 0; > For me, it's working, but when i run sa-learn --backup, i just get > this : > > v 3 db_version # this must be the first line!!! > v 0 num_spam > v 0 num_nonspam Read man sa-learn section MIGRATION: "Note that if you have individual user databases you will have to perform a similar procedure for each one of them." sa-learn --backup > backup.txt backups the database of one particular user, I assume you use root to issue the command? But is the antispam learning script above runs as root, too? I assume you need some --username=username and/or --prefspath=file setting. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUjFfvF3r2wJMiz2NAQIzIwgAt3414bPm+imJkaocSJRgfveJGCDnSnKB hRZNbXuA9qpQwOUpoKSwoUTi4oXoS/Jh0mhHZkumKLp6NXNym99IhezWjmw54vV4 nwWQ8ZJI6JCeR2y6i+/QHmQipUH1/8sYez3ouFyR+8kBck6ZkywPnntB/FiiOwY0 uLRPErefGQ2xQdkN5L4nTeCVcS4IarEL9W6pUQKhA9wgBhqNzf8ocM1riwauuWMr Y6YSagSnOx/89q1/XCpb8YMO+ZDYY4cbMPVR9AlHW1XwT7f0QWY/8Ztjo9fC3m0K HTC4+NRkiFBp1ept6Qs5Itb0z9n//lz7V2bXgThcWloTmcOScqZ2kQ== =blum -----END PGP SIGNATURE----- From d.parthey at metaways.de Thu Sep 12 09:33:47 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Thu, 12 Sep 2013 08:33:47 +0200 Subject: [Dovecot] Where's Dovecot's ports? In-Reply-To: <1378958585.16832.6.camel@debian> References: <1378955954.16832.5.camel@debian> <1378958585.16832.6.camel@debian> Message-ID: <34d57382-912d-44e6-bad9-21096e692f92@email.android.com> Hi Mohsen, please post the output of doveconf -n Regards Daniel From noel.butler at ausics.net Thu Sep 12 09:41:46 2013 From: noel.butler at ausics.net (Noel Butler) Date: Thu, 12 Sep 2013 16:41:46 +1000 Subject: [Dovecot] SOLVED: dovecot-2.2.5 build failed if openssl < 0.9.8 In-Reply-To: <20130912054539.GB11312@spider.services.datevnet.de> References: <20130912054539.GB11312@spider.services.datevnet.de> Message-ID: <1378968107.5462.3.camel@tardis> 0.9.7? that was released in 2001 IIRC, and ceased being supported in 2005, that's 8 years ago, are you really suggesting dovecot be patched to process something that's so old, you likely have far more problems, of a security nature that is. On Thu, 2013-09-12 at 07:45 +0200, Andreas Schulze wrote: > Hello, > > to build dovecot-2.2.5 on a system based on openssl-0.9.7 I had to apply the attached patch. > Maybe it could be applied in the next versions > > Thanks. > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From noel.butler at ausics.net Thu Sep 12 09:54:02 2013 From: noel.butler at ausics.net (Noel Butler) Date: Thu, 12 Sep 2013 16:54:02 +1000 Subject: [Dovecot] How to disable SSL and TLSv1.1? In-Reply-To: <5230F2CE.7020701@bluerosetech.com> References: <522E360B.2050505@bluerosetech.com> <522E5520.2010904@thelounge.net> <5230F2CE.7020701@bluerosetech.com> Message-ID: <1378968842.5462.12.camel@tardis> On Wed, 2013-09-11 at 15:46 -0700, Darren Pilgrim wrote: > > on most widely used distributions you even have no openssl > > version supporting TLS 1.2 and so you lock them all out > > OpenSSL 1.0.1 supports TLS 1.2. So does Windows 7/8 and MacOS X. > Mozilla NSS 3.15 does 1.2. > > FWIW, I was able to get it working with the following: > > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 > ssl_cipher_list = > ALL:HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL:@STRENGTH > > The above disables SSLv2, v3 and TLSv1.0, leaving only TLSv1.1 with > AES/Camellia/3DES and TLSv1.2 with AES/AES-GCM. > > Dovecot lacks the ability to disable TLS 1.1 or 1.2. Adding support for > specifying TLSv1.1 and TLSv1.2 in ssl_protocols looks pretty straight > forward: add 0x08 and 0x10 to the enum in > src/lib-ssl-iostream/iostream-openssl-common.c and expand the various > tests to include the appropriate strings. > > Would a user-submitted patch to add TLSv1.1 and TLSv1.2 support to > ssl_protocols be appreciated? Frankly I think your idea is crazy :) But if your in a closed network and known all clients, including mobiles and tablets etc will work with what you want, well, your network, your rules. I'm always of the belief that if one person wants a feature, they might be the only vocal person, but they are never really alone, so post your patch, Timo can only either pull it in, or decline it, as for its useful for others, only time will tell, but not even god will help those who use it on a commercial network with paying customers - thats just plain professional suicide. Cheers -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From noel.butler at ausics.net Thu Sep 12 09:56:41 2013 From: noel.butler at ausics.net (Noel Butler) Date: Thu, 12 Sep 2013 16:56:41 +1000 Subject: [Dovecot] Quota question. In-Reply-To: <234fc7a392383652f7991b6c005d5622@secryption.com> References: <234fc7a392383652f7991b6c005d5622@secryption.com> Message-ID: <1378969001.5462.13.camel@tardis> On Wed, 2013-09-11 at 15:05 -0400, Bruce Markey wrote: > I think it's something more. Apparently it's not even looking at the > database. Not sure what I didn't do. > If anyone can point me to a good dovecot / mysql quota how to that would > be helpful. > > Thank you > bruce > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From mohsen at pahlevanzadeh.org Thu Sep 12 10:05:37 2013 From: mohsen at pahlevanzadeh.org (Mohsen Pahlevanzadeh) Date: Thu, 12 Sep 2013 11:35:37 +0430 Subject: [Dovecot] Where's Dovecot's ports? In-Reply-To: <34d57382-912d-44e6-bad9-21096e692f92@email.android.com> References: <1378955954.16832.5.camel@debian> <1378958585.16832.6.camel@debian> <34d57382-912d-44e6-bad9-21096e692f92@email.android.com> Message-ID: <1378969537.16832.12.camel@debian> On Thu, 2013-09-12 at 08:33 +0200, Daniel Parthey wrote: > Hi Mohsen, > > please post the output of doveconf -n > > Regards > Daniel i attached my "doveconf -n" -------------- next part -------------- # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 mail_location = mbox:~/mail:INBOX=/var/mail/%u namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } ssl_cert = References: <522E360B.2050505@bluerosetech.com> <522E5520.2010904@thelounge.net> <5230F2CE.7020701@bluerosetech.com> <1378968842.5462.12.camel@tardis> Message-ID: <52316C03.4060305@puzzled.xs4all.nl> Hi Noel, On 09/12/2013 08:54 AM, Noel Butler wrote: [snip] > I'm always of the belief that if one person wants a feature, they might > be the only vocal person, but they are never really alone, so post your > patch, Timo can only either pull it in, or decline it, as for its useful > for others, only time will tell, but not even god will help those who > use it on a commercial network with paying customers - thats just plain > professional suicide. Unless it was clearly stated what the requirements are when they sign up. With NIST sleeping at the helm and the NSA having a field day it would not surprise me if businesses understand the importance of stronger encryption. Regards, Patrick From andreas.schulze at datev.de Thu Sep 12 10:46:17 2013 From: andreas.schulze at datev.de (Andreas Schulze) Date: Thu, 12 Sep 2013 09:46:17 +0200 Subject: [Dovecot] 2.2.4 + metadata plugin: autoconf failed In-Reply-To: <20130723053234.GA19123@spider.services.datevnet.de> References: <20130723053234.GA19123@spider.services.datevnet.de> Message-ID: <20130912074616.GA13437@spider.services.datevnet.de> Am 23.07.2013 07:32 schrieb Andreas Schulze: > sles9: (autoconf-2.59) > ---------------------- > autoreconf: /usr/bin/autoconf failed with exit status: 1 > > sles10: (autoconf-2.59) > ----------------------- > autoreconf: /usr/bin/autoconf failed with exit status: 1 > > sles11: (autoconf-2.63) > ----------------------- > autoreconf: automake failed with exit status: 1 > > openSUSE_Factory: (autoconf-2.69) > --------------------------------- > autoreconf: automake failed with exit status: 1 Hello, Now I finaly had success compiling the metadata plugin on archaic systems. First I had to include dovecot.m4 in my dovecot-devel package. This is unnessesary when building the pigeonhole plugin and so I did not notice my packaging fault. After that I had to apply two patches to the metadata source. 1. Fix configure.ac - lower needed autoconf version - lower needed automake version - add libtool - don't use C99 extension 2. As my system have no C99 capable compiler I had to adjust the source to move the declaration of loop variables outside the loops. patch && compile && install && work Thanks to all pointing me in the right direction... Andreas -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 N?rnberg, Paumgartnerstr. 6-14 | Registergericht N?rnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr J?rg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen -------------- next part -------------- A non-text attachment was scrubbed... Name: configure.patch Type: text/x-diff Size: 679 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: no_c99.patch Type: text/x-diff Size: 6748 bytes Desc: not available URL: From noel.butler at ausics.net Thu Sep 12 12:50:11 2013 From: noel.butler at ausics.net (Noel Butler) Date: Thu, 12 Sep 2013 19:50:11 +1000 Subject: [Dovecot] How to disable SSL and TLSv1.1? In-Reply-To: <52316C03.4060305@puzzled.xs4all.nl> References: <522E360B.2050505@bluerosetech.com> <522E5520.2010904@thelounge.net> <5230F2CE.7020701@bluerosetech.com> <1378968842.5462.12.camel@tardis> <52316C03.4060305@puzzled.xs4all.nl> Message-ID: <1378979411.7036.7.camel@tardis> Hi Patrick, On Thu, 2013-09-12 at 09:23 +0200, Patrick Lists wrote: > Hi Noel, > > On 09/12/2013 08:54 AM, Noel Butler wrote: > [snip] > > I'm always of the belief that if one person wants a feature, they might > > be the only vocal person, but they are never really alone, so post your > > patch, Timo can only either pull it in, or decline it, as for its useful > > for others, only time will tell, but not even god will help those who > > use it on a commercial network with paying customers - thats just plain > > professional suicide. > > Unless it was clearly stated what the requirements are when they sign > up. With NIST sleeping at the helm and the NSA having a field day it > would not surprise me if businesses understand the importance of > stronger encryption. > Yeah, but you wont have many customers, or keep them if you inflict that much pain, I'm well known for being pretty anal about security policies, but not even I would contemplate that on a commercial (isp/web-host) scale, on corporate LAN, there will also always be one who wont support it, and its likely going to be the CEO's mobile device hah. Which reminds me, if the OP is interested in knowing how many and who wants it, they could always email the NSA ans GCHQ, if your American, Brittish, or your data traverses the US or UK, they I'm sure will have a record of who ;) Cheers -- CZlY6zU4Hd4O9ciGSQTwDs/l82IexuIWo4MUSMBVfeyXfdO/fDnk99mA0H3tVduiHm7RsdUtxO9wjiBrMM7BCgoTRdnqeax/3o1W0iXU29/B+vs/eHYH6O81yhe5mNe7SUuWStEdfEavy3ZqCCzOh2JNwbpO6iLXn8Q/Jc0qDM5SidAl0Rg7i8tYx+T2oD+y1UK8JB6pE= -------------- next part -------------- A non-text attachment was scrubbed... Name: face-wink.png Type: image/png Size: 876 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From joh.hendriks at gmail.com Thu Sep 12 13:20:36 2013 From: joh.hendriks at gmail.com (Johan Hendriks) Date: Thu, 12 Sep 2013 12:20:36 +0200 Subject: [Dovecot] Where's Dovecot's ports? In-Reply-To: <1378969537.16832.12.camel@debian> References: <1378955954.16832.5.camel@debian> <1378958585.16832.6.camel@debian> <34d57382-912d-44e6-bad9-21096e692f92@email.android.com> <1378969537.16832.12.camel@debian> Message-ID: <52319574.4000409@gmail.com> Mohsen Pahlevanzadeh wrote: > On Thu, 2013-09-12 at 08:33 +0200, Daniel Parthey wrote: >> Hi Mohsen, >> >> please post the output of doveconf -n >> >> Regards >> Daniel > i attached my "doveconf -n" maybe dovecot is not using the ports on localhost but on the interface ip adress itself. So nmap would show other things than nmap localhost. regards Johan From mohsen at pahlevanzadeh.org Thu Sep 12 13:44:03 2013 From: mohsen at pahlevanzadeh.org (Mohsen Pahlevanzadeh) Date: Thu, 12 Sep 2013 15:14:03 +0430 Subject: [Dovecot] Where's Dovecot's ports? In-Reply-To: <52319574.4000409@gmail.com> References: <1378955954.16832.5.camel@debian> <1378958585.16832.6.camel@debian> <34d57382-912d-44e6-bad9-21096e692f92@email.android.com> <1378969537.16832.12.camel@debian> <52319574.4000409@gmail.com> Message-ID: <1378982643.9698.0.camel@debian> I tested but i got such as nmap localhost On Thu, 2013-09-12 at 12:20 +0200, Johan Hendriks wrote: > Mohsen Pahlevanzadeh wrote: > > On Thu, 2013-09-12 at 08:33 +0200, Daniel Parthey wrote: > >> Hi Mohsen, > >> > >> please post the output of doveconf -n > >> > >> Regards > >> Daniel > > i attached my "doveconf -n" > maybe dovecot is not using the ports on localhost but on the interface > ip adress itself. > So nmap would show other things than nmap localhost. > > regards > Johan > From 00tj45 at gmail.com Tue Sep 10 22:57:58 2013 From: 00tj45 at gmail.com (Dimi -) Date: Tue, 10 Sep 2013 21:57:58 +0200 Subject: [Dovecot] DH Parameter Message-ID: Hi! Is there any possibility to let dovecot serve >1024 Bit DH Parameters at SSL/TLS-connections? Is it possible to replace /var/lib/dovecot/ssl-parameters.ssl with DH-parameter generated by openssl? If not: Are there any plans to implement that? Thank you! From bind at enas.net Thu Sep 12 15:04:30 2013 From: bind at enas.net (Urban Loesch) Date: Thu, 12 Sep 2013 14:04:30 +0200 Subject: [Dovecot] Where's Dovecot's ports? In-Reply-To: <1378982643.9698.0.camel@debian> References: <1378955954.16832.5.camel@debian> <1378958585.16832.6.camel@debian> <34d57382-912d-44e6-bad9-21096e692f92@email.android.com> <1378969537.16832.12.camel@debian> <52319574.4000409@gmail.com> <1378982643.9698.0.camel@debian> Message-ID: <5231ADCE.8020802@enas.net> What does "netstat -tunplo" say? Am 12.09.2013 12:44, schrieb Mohsen Pahlevanzadeh: > I tested but i got such as nmap localhost > On Thu, 2013-09-12 at 12:20 +0200, Johan Hendriks wrote: >> Mohsen Pahlevanzadeh wrote: >>> On Thu, 2013-09-12 at 08:33 +0200, Daniel Parthey wrote: >>>> Hi Mohsen, >>>> >>>> please post the output of doveconf -n >>>> >>>> Regards >>>> Daniel >>> i attached my "doveconf -n" >> maybe dovecot is not using the ports on localhost but on the interface >> ip adress itself. >> So nmap would show other things than nmap localhost. >> >> regards >> Johan >> > > > > From tsvetkov_av at grandvision.ru Thu Sep 12 15:23:15 2013 From: tsvetkov_av at grandvision.ru (Aleksey Tsvetkov) Date: Thu, 12 Sep 2013 16:23:15 +0400 Subject: [Dovecot] Dsync error: Failed to set attribute vendor/vendor.dovecot/pvt/sieve/default Message-ID: <20130912162315.443801cf@work> Hi, Introduction: There are two domains, for example (aaa.com, bbb.com). In the aaa.com domain two users (bob at aaa.com, alex at aaa.com). In the bbb.com domain there are no users. In time full sync replication (replication_full_sync_interval) operations in logs appear errors: dovecot: dsync-local(bob at aaa.com): Error: Mailbox INBOX: Failed to set attribute vendor/vendor.dovecot/pvt/sieve/default: Invalid value for default sieve attribute dovecot: dsync-remote(bob at aaa.com): Error: Mailbox INBOX: Failed to set attribute vendor/vendor.dovecot/pvt/sieve/default: Invalid value for default sieve attribute One more error: dovecot: auth-worker(46263): sql(bob at bbb.com): unknown user dovecot: auth-worker(46263): sql(bob at bbb.com): Unknown user dovecot: auth-worker(46263): sql(bob): unknown user dovecot: auth-worker(46263): sql(bob): Unknown user dovecot: auth-worker(46263): sql(alex at aaa.com): unknown user dovecot: auth-worker(46263): sql(alex at aaa.com): Unknown user dovecot: auth-worker(46263): sql(alex): unknown user dovecot: auth-worker(46263): sql(alex): Unknown user Command: doveadm user '*' bob at aaa.com alex at aaa.com dovecot --build-options Build options: ioloop=kqueue notify=kqueue ipv6 openssl io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail SQL drivers: mysql Passdb: checkpassword pam passwd passwd-file sql Userdb: checkpassword nss passwd prefetch passwd-file sql dovecot --version 2.2.5 Somebody faced this problem? -- Best regards, Aleksey Tsvetkov System Administrator Company Grand Vision tel. +7(495)933-39-79, ext. 184 From avanheuvelen at gmail.com Thu Sep 12 18:03:37 2013 From: avanheuvelen at gmail.com (Arnoud van Heuvelen) Date: Thu, 12 Sep 2013 17:03:37 +0200 Subject: [Dovecot] Problem getting a dovecot proxy to connect to another dovecot machine via STARTTLS Message-ID: Hi, I'm having a bit of a problem trying to setup a dovecot proxy. I have a setup with two nodes. One is a working Dovecot/Postfix mail server (node a). The other is running a dovecot proxy and roundcube webmail. Currently I can telnet to port 143 (or openssl s_client to port 993) to localhost on node b. I can then login to a test account on node a. This all works. However, once I instruct the proxy to use SSL or TLS my problems start. When I try to login on node b (both on port 143 and 993), it will send two TCP packets on port 993 to node a. There is no TLS handshake. Consequently, my telnet session will just hang until dovecot reaches a timeout. It will then disconnect me for inactivity. I can not find any information in the logs. To clarify, the dialog: Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a login atest at company.nl test123 * BYE Disconnected for inactivity. I have tried to use the following values in my proxy database: ssl='any-cert', starttls='Y' ssl='any-cert', starttls='any-cert' ssl=NULL, starttls='any-cert' Here is a strace of the imap-login process on node B: http://dpaste.com/1377232/ The illegal seek on line 30 of the strace looked suspicious to me. Here is the corresponding lsof: http://dpaste.com/1377239/ Here is node A's config: http://dpaste.com/1377247/ And here is node B's: http://dpaste.com/1377241/ This is node B's password query: password_query = SELECT NULL AS password, 'Y' AS nopassword, host, 'Y' as proxy, starttls, `ssl`, 10 AS proxy_timeout FROM proxy WHERE domain = '%d' The logs tell me the password query succeeds: Sep 12 16:32:35 auth-worker: Debug: sql(atest at company.nl,127.0.0.1): query: SELECT NULL AS password, 'Y' AS nopassword, host, 'Y' as proxy, starttls, `ssl`, 10 AS proxy_timeout FROM proxy WHERE domain = 'company.nl' Sep 12 16:32:35 auth: Debug: client out: OK 1 user= atest at company.nl host=31.CENCOR p roxy starttls=Yt ssl=any-cert proxy_timeout=10 pass=test123 Nothing after that. Node A's log gives me this: 2013-09-12 16:26:51 imap-login: Info: Disconnected (no auth attempts): rip=149.CENCORED, lip=31.CENCORED, TLS handshaking: Disconnected I'm running out of ideas. If anyone would be able to help I would be extremely grateful. Regards, Arnoud van Heuvelen From hans at dailystuff.nl Thu Sep 12 18:46:33 2013 From: hans at dailystuff.nl (Hans Spaans) Date: Thu, 12 Sep 2013 17:46:33 +0200 Subject: [Dovecot] =?utf-8?q?How_to_disable_SSL_and_TLSv1=2E1=3F?= In-Reply-To: <52316C03.4060305@puzzled.xs4all.nl> References: <522E360B.2050505@bluerosetech.com> <522E5520.2010904@thelounge.net> <5230F2CE.7020701@bluerosetech.com> <1378968842.5462.12.camel@tardis> <52316C03.4060305@puzzled.xs4all.nl> Message-ID: <5e43299b3233b71eff5e95f713c5d044@imap-proxy.nexit.nl> Patrick Lists schreef op 2013-09-12 09:23: > Hi Noel, > > On 09/12/2013 08:54 AM, Noel Butler wrote: > [snip] >> I'm always of the belief that if one person wants a feature, they >> might >> be the only vocal person, but they are never really alone, so post >> your >> patch, Timo can only either pull it in, or decline it, as for its >> useful >> for others, only time will tell, but not even god will help those who >> use it on a commercial network with paying customers - thats just >> plain >> professional suicide. > > Unless it was clearly stated what the requirements are when they sign > up. With NIST sleeping at the helm and the NSA having a field day it > would not surprise me if businesses understand the importance of > stronger encryption. Why not turn it around? Why not tell the paying customer he is using an unencrypted connection or with options that are insecure. Parse the logfiles and make an additional section on the website where he/she can see from where he/she had a successful login and the security level? Make it red for unencrypted, orange/amber for insecure and green for a "secure" connection. Most people like to have everything in the green and you give them a choice what to do. Also the cost is almost nothing for doing this. You could even make it a service for companies who get a weekly/monthly PDF with an overview. For now only Dovecot tells if it is a TLS-connection or not. Postfix for example already tells if it is TLSv1 connection and the cipher. If this could be extended then sysadmins have a way to make a decision about the path to follow or to advise to management. Hans From hans at dailystuff.nl Thu Sep 12 18:55:56 2013 From: hans at dailystuff.nl (Hans Spaans) Date: Thu, 12 Sep 2013 17:55:56 +0200 Subject: [Dovecot] Plugin antispam - mailtrain realtime sa-learn Message-ID: Hi, On Dovecot Wiki2[1] it is written that you need a wrapper script for sa-learn as it shouldn't support pipped input, but that is supported since SpamAssassin 2.6 at least. As far as I can see and test, the following config makes it work without a wrapper script. Can someone confirm it before the wiki is updated? plugins { antispam_backend = pipe antispam_trash = Trash antispam_spam = Junk antispam_mail_spam = --spam antispam_mail_notspam = --ham antispam_mail_sendmail = /usr/bin/sa-learn } Hans [1] http://wiki2.dovecot.org/Plugins/Antispam From user+dovecot at localhost.localdomain.org Thu Sep 12 22:40:31 2013 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Thu, 12 Sep 2013 19:40:31 +0000 Subject: [Dovecot] Where's Dovecot's ports? In-Reply-To: <1378955954.16832.5.camel@debian> References: <1378955954.16832.5.camel@debian> Message-ID: <523218AF.7090507@localhost.localdomain.org> On 09/12/2013 03:19 AM Mohsen Pahlevanzadeh wrote: > Dear all, > > I installed "dovecot dovecoot-mysql postfix and postfix-mysql" from > debian repository 7. > > I start them with "/etc/init.d/postfix start" and "/etc/init.d/dovecot > start" > > but When i use nmap localhost I see the following output: > root at sito:/etc/dovecot# nmap localhost > > Starting Nmap 6.00 ( http://nmap.org ) at 2013-09-12 07:35 IRDT > Nmap scan report for localhost (127.0.0.1) > Host is up (0.0000030s latency). > Other addresses for localhost (not scanned): 127.0.0.1 > Not shown: 993 closed ports > PORT STATE SERVICE > 21/tcp open ftp > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 111/tcp open rpcbind > 3128/tcp open squid-http > 3306/tcp open mysql > > My Question is , Where's dovecot ? i don't see its' ports.... If you want to use/serve ? imap/imaps: install dovecot-imapd pop3/pop3s: install dovecot-pop3d lmtp: install dovecot-lmtpd sieve: install dovecot-managesieved Regards, Pascal -- The trapper recommends today: defaced.1325521 at localdomain.org From mathieu at 400iso.net Thu Sep 12 23:09:42 2013 From: mathieu at 400iso.net (Mathieu R.) Date: Thu, 12 Sep 2013 22:09:42 +0200 Subject: [Dovecot] Antispam plugin / sa-learn In-Reply-To: References: <1378916759.8725.20.camel@kubrick> Message-ID: Le 12/09/2013 08:31, Steffen Kaiser a ?crit?: > above script is missing important log information: the current uid > and $HOME; also sa-learn knows -D > > I would change for a testing period: > #!/bin/sh > echo /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ; > echo "$$-start ($*)" >> /tmp/sa-learn-pipe.log ; > #echo $* > /tmp/sendmail-parms.txt ; > cat<&0 >> /tmp/sendmail-msg-$$.txt ; > /usr/bin/sa-learn -D $* /tmp/sendmail-msg-$$.txt > >/tmp/sa-learn-pipe.$$.tmp 2>&1; > echo $$ sa-learn rc=$? id=$(id) HOME=$HOME >> /tmp/sa-learn-pipe.log > while read line; do > echo $$-sa-learn "$line" >> /tmp/sa-learn-pipe.log > done < /tmp/sa-learn-pipe.$$.tmp > rm -f /tmp/sendmail-msg-$$.txt /tmp/sa-learn-pipe.$$.tmp > echo "$$-end" >> /tmp/sa-learn-pipe.log ; > exit 0; thank you a lot, i tried this, and here is what i got in the log : 22:00 root at effraie01 ~ # cat /tmp/sa-learn-pipe.log ... 4933-start (--ham) 4933 sa-learn rc=0 id=uid=3000(vmail) gid=3000(vmail) groups=3000(vmail) HOME= 4933-end 4953-start (--spam) 4953 sa-learn rc=0 id=uid=3000(vmail) gid=3000(vmail) groups=3000(vmail) HOME= 4953-end so i tried 22:01 root at effraie01 ~ # sa-learn --username=vmail --backup v 3 db_version # this must be the first line!!! v 0 num_spam v 0 num_nonspam > Read man sa-learn section MIGRATION: "Note that if you have > individual > user databases you will have to perform a similar procedure for each > one of them." > > sa-learn --backup > backup.txt > > backups the database of one particular user, I assume you use root to > issue the command? But is the antispam learning script above runs as > root, too? if i correctly understood what you told me, the sa-learn-pipe (and so sa-learn itself) run as vmail, wich is the global user i use for email. and there is still nothing in sa-learn database. (i dod not have many spam on that server, but still have passed a few to sa-learn via that dovecot-antispam plugin). Maybe everything is normal, but with my low level spamassassin/dovecot comprehension, i think i would have something in sa-learn db. -- Mathieu R. From mohsen at pahlevanzadeh.org Fri Sep 13 02:30:45 2013 From: mohsen at pahlevanzadeh.org (Mohsen Pahlevanzadeh) Date: Fri, 13 Sep 2013 04:00:45 +0430 Subject: [Dovecot] adding user for maildir and mail_location Message-ID: <1379028645.9698.12.camel@debian> Dear all, I install postfix ,postfix-mysql,dovecot-core,dovecot-mysql,dovecot-pop3,dovecot-imapd and postfixadmin form debian repo. Also i configured postfixadmin. It work fine with mbox storage, But i need to change it to my path/domain/users i saw devecot have mail_location directive. i changed it to : mail_location = maildir:/var/pool/%d/%u My questions are: 1. how can i assign mail_location directive to a maildir storage according to my path and domain/user , such as qmail? 2. i want to mysql, i need to write bash script to add/delete/update for doing them ? or dovecot provides them with command line? 3. What's permission of path in mail_location ? 4. How can i enable mysql in dovecot? My dovceconf -n is: ////////////////////////////////////// # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 ext4 mail_location = maildir:/var/pool/Maildir/%d/%u namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = " imap pop3" ssl_cert = References: <1378955954.16832.5.camel@debian> <523218AF.7090507@localhost.localdomain.org> Message-ID: <1379029086.9698.13.camel@debian> Thank you with installation of other packages such as dovecot-pop3 and dovecot-imapd my problem was solved. On Thu, 2013-09-12 at 19:40 +0000, Pascal Volk wrote: > On 09/12/2013 03:19 AM Mohsen Pahlevanzadeh wrote: > > Dear all, > > > > I installed "dovecot dovecoot-mysql postfix and postfix-mysql" from > > debian repository 7. > > > > I start them with "/etc/init.d/postfix start" and "/etc/init.d/dovecot > > start" > > > > but When i use nmap localhost I see the following output: > > root at sito:/etc/dovecot# nmap localhost > > > > Starting Nmap 6.00 ( http://nmap.org ) at 2013-09-12 07:35 IRDT > > Nmap scan report for localhost (127.0.0.1) > > Host is up (0.0000030s latency). > > Other addresses for localhost (not scanned): 127.0.0.1 > > Not shown: 993 closed ports > > PORT STATE SERVICE > > 21/tcp open ftp > > 22/tcp open ssh > > 25/tcp open smtp > > 80/tcp open http > > 111/tcp open rpcbind > > 3128/tcp open squid-http > > 3306/tcp open mysql > > > > My Question is , Where's dovecot ? i don't see its' ports.... > > If you want to use/serve ? > imap/imaps: > install dovecot-imapd > pop3/pop3s: > install dovecot-pop3d > lmtp: > install dovecot-lmtpd > sieve: > install dovecot-managesieved > > > Regards, > Pascal From scottg at extremehosting.ca Fri Sep 13 06:12:31 2013 From: scottg at extremehosting.ca (Scott Galambos) Date: Thu, 12 Sep 2013 23:12:31 -0400 Subject: [Dovecot] Change mail_location for one user? Message-ID: <5232829F.3090204@extremehosting.ca> Hello, I'm running the latest version of dovecot on Linux with mbox mailboxes. Everything works fine. So in my dovecot config I have mail_location = mbox:~/mail:INBOX=/var/mail/%u I would like to now change the mail_location for one user in an attempt to slowly migrate to Maildir format. I'm confused how to do this. I'm running shadow passwords: $: doveconf -n passdb passdb { driver = shadow } Testing any given user gives: $: dovecot user sarah field value uid 1478 gid 116 home /home/sarah mail mbox:~/mail:INBOX=/var/mail/sarah system_groups_user sarah What would I have to do to make only sarah's mail_location ~/Maildir now? My userdb is: $: doveconf -n userdb userdb { driver = passwd } I tried following the wiki's but its confusing. Thanks for any help or tips. From vijayrajah at gmail.com Fri Sep 13 09:06:00 2013 From: vijayrajah at gmail.com (Vijay Rajah) Date: Fri, 13 Sep 2013 11:36:00 +0530 Subject: [Dovecot] Plugin antispam - mailtrain realtime sa-learn In-Reply-To: References: Message-ID: > antispam_backend = pipe Does not work with dovecot2.2 ( plugin rev 990a43d44c73) . I think Pipe Backend has been either removed or re-named as Mailtrain. Generally I'm unable to get the plugin work with dovecot 2.2 On Thu, Sep 12, 2013 at 9:25 PM, Hans Spaans wrote: > Hi, > > On Dovecot Wiki2[1] it is written that you need a wrapper script for > sa-learn as it shouldn't support pipped input, but that is supported since > SpamAssassin 2.6 at least. As far as I can see and test, the following > config makes it work without a wrapper script. Can someone confirm it > before the wiki is updated? > > plugins { > antispam_backend = pipe > antispam_trash = Trash > antispam_spam = Junk > antispam_mail_spam = --spam > antispam_mail_notspam = --ham > antispam_mail_sendmail = /usr/bin/sa-learn > } > > Hans > > [1] http://wiki2.dovecot.org/**Plugins/Antispam > From skdovecot at smail.inf.fh-brs.de Fri Sep 13 09:40:45 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 13 Sep 2013 08:40:45 +0200 (CEST) Subject: [Dovecot] Change mail_location for one user? In-Reply-To: <5232829F.3090204@extremehosting.ca> References: <5232829F.3090204@extremehosting.ca> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 12 Sep 2013, Scott Galambos wrote: > Testing any given user gives: > $: dovecot user sarah > field value > uid 1478 > gid 116 > home /home/sarah > mail mbox:~/mail:INBOX=/var/mail/sarah > system_groups_user sarah > > What would I have to do to make only sarah's mail_location ~/Maildir now? My > userdb is: > $: doveconf -n userdb > userdb { > driver = passwd > } > > I tried following the wiki's but its confusing. Thanks for any help or tips. you need to pass "Extra Fields" to Dovecot, see last example in: http://wiki2.dovecot.org/UserDatabase/ExtraFields "passwd-file" is similiar to "passwd", but I don't know, if you break something (outside Dovecot), if you add the last field to /etc/passwd. Because Dovecot supports multiple userdb's, you could add a passwd-file userdb _before_ passwd userdb, copy the line of sarah from /etc/passwd into that new file and add the extra fields there. See http://wiki2.dovecot.org/AuthDatabase/PasswdFile userdb { driver = passwd-file args = username_format=%n /etc/dovecot/imap.passwd } userdb { driver = passwd } - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUjKzbV3r2wJMiz2NAQLvFAgAt7qRAZjJOoIUI2hDOKmjGHFnWZECTwDB W6bFT9PMw7rwcBSIWAzUkYO1lJeOuuOQrlSyw21g1AA+WQJ3Vb9Ti+T8HNJJb4A3 COZ14e0HXBEn2WFftmYVeLS6Okp70tuJ8g8dUYSnd+e+OFTy9iPYbk08+IOk9j+v lSPLcrGiKewuzoSBqHzQmY5iL2rb1AZaUHFH2geNUF2AvvRvnvnjvKQ1oJBHHLXz rbCZdIVhG1Q+9WfMsxvAX9VZsJ+lcDmpHPCEciU30frfCJQdaxjsam+iBGyHSIo5 ZxkGsDGQ/Ta6CBdSX5Ii01IXQ0C6ZRpZheYPBPITdHjD+ZuO5McZrA== =qG6G -----END PGP SIGNATURE----- From scottg at extremehosting.ca Fri Sep 13 10:15:15 2013 From: scottg at extremehosting.ca (Scott Galambos) Date: Fri, 13 Sep 2013 03:15:15 -0400 Subject: [Dovecot] Change mail_location for one user? In-Reply-To: References: <5232829F.3090204@extremehosting.ca> Message-ID: <5232BB83.1090904@extremehosting.ca> I tried something similar already. passdb { driver = shadow } userdb { driver = passwd-file args = username_format=%n /path/to/passwd } With only the one sarah user defined in /path/to/passwd. But then all other users cannot log in anymore. Thunderbird says "Sending of password did not succeed". Does anyone know if specifying a userdb stops passdb/shadow from being used? Do I need to copy all users from the passdb/shadow system to /path/to/passwd? Was hoping to just specify single users I wanted to override in /path/to/passwd. On 9/13/2013 2:40 AM, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 12 Sep 2013, Scott Galambos wrote: > >> Testing any given user gives: >> $: dovecot user sarah >> field value >> uid 1478 >> gid 116 >> home /home/sarah >> mail mbox:~/mail:INBOX=/var/mail/sarah >> system_groups_user sarah >> >> What would I have to do to make only sarah's mail_location ~/Maildir >> now? My userdb is: >> $: doveconf -n userdb >> userdb { >> driver = passwd >> } >> >> I tried following the wiki's but its confusing. Thanks for any help >> or tips. > > you need to pass "Extra Fields" to Dovecot, see last example in: > http://wiki2.dovecot.org/UserDatabase/ExtraFields > > "passwd-file" is similiar to "passwd", but I don't know, if you break > something (outside Dovecot), if you add the last field to /etc/passwd. > > Because Dovecot supports multiple userdb's, you could add a passwd-file > userdb _before_ passwd userdb, copy the line of sarah from /etc/passwd > into that new file and add the extra fields there. See > http://wiki2.dovecot.org/AuthDatabase/PasswdFile > > userdb { > driver = passwd-file > args = username_format=%n /etc/dovecot/imap.passwd > } > userdb { > driver = passwd > } > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUjKzbV3r2wJMiz2NAQLvFAgAt7qRAZjJOoIUI2hDOKmjGHFnWZECTwDB > W6bFT9PMw7rwcBSIWAzUkYO1lJeOuuOQrlSyw21g1AA+WQJ3Vb9Ti+T8HNJJb4A3 > COZ14e0HXBEn2WFftmYVeLS6Okp70tuJ8g8dUYSnd+e+OFTy9iPYbk08+IOk9j+v > lSPLcrGiKewuzoSBqHzQmY5iL2rb1AZaUHFH2geNUF2AvvRvnvnjvKQ1oJBHHLXz > rbCZdIVhG1Q+9WfMsxvAX9VZsJ+lcDmpHPCEciU30frfCJQdaxjsam+iBGyHSIo5 > ZxkGsDGQ/Ta6CBdSX5Ii01IXQ0C6ZRpZheYPBPITdHjD+ZuO5McZrA== > =qG6G > -----END PGP SIGNATURE----- > From lst_hoe02 at kwsoft.de Fri Sep 13 10:56:48 2013 From: lst_hoe02 at kwsoft.de (lst_hoe02 at kwsoft.de) Date: Fri, 13 Sep 2013 09:56:48 +0200 Subject: [Dovecot] How to disable SSL and TLSv1.1? In-Reply-To: <5e43299b3233b71eff5e95f713c5d044@imap-proxy.nexit.nl> References: <522E360B.2050505@bluerosetech.com> <522E5520.2010904@thelounge.net> <5230F2CE.7020701@bluerosetech.com> <1378968842.5462.12.camel@tardis> <52316C03.4060305@puzzled.xs4all.nl> <5e43299b3233b71eff5e95f713c5d044@imap-proxy.nexit.nl> Message-ID: <20130913095648.Horde.S0IgIEVIwp6Oy-HesCszTg2@webmail.kwsoft.de> Zitat von Hans Spaans : > Patrick Lists schreef op 2013-09-12 09:23: >> Hi Noel, >> >> On 09/12/2013 08:54 AM, Noel Butler wrote: >> [snip] >>> I'm always of the belief that if one person wants a feature, they might >>> be the only vocal person, but they are never really alone, so post your >>> patch, Timo can only either pull it in, or decline it, as for its useful >>> for others, only time will tell, but not even god will help those who >>> use it on a commercial network with paying customers - thats just plain >>> professional suicide. >> >> Unless it was clearly stated what the requirements are when they sign >> up. With NIST sleeping at the helm and the NSA having a field day it >> would not surprise me if businesses understand the importance of >> stronger encryption. > > Why not turn it around? Why not tell the paying customer he is using > an unencrypted connection or with options that are insecure. Parse > the logfiles and make an additional section on the website where > he/she can see from where he/she had a successful login and the > security level? Make it red for unencrypted, orange/amber for > insecure and green for a "secure" connection. Most people like to > have everything in the green and you give them a choice what to do. > Also the cost is almost nothing for doing this. You could even make > it a service for companies who get a weekly/monthly PDF with an > overview. > > For now only Dovecot tells if it is a TLS-connection or not. Postfix > for example already tells if it is TLSv1 connection and the cipher. > If this could be extended then sysadmins have a way to make a > decision about the path to follow or to advise to management. > > Hans http://dovecot.2317879.n4.nabble.com/Patch-to-log-the-cipher-suite-used-for-TLS-td43843.html ?? Regards Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6144 bytes Desc: S/MIME Cryptographic Signature URL: From list_dovecot at bluerosetech.com Fri Sep 13 12:45:54 2013 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Fri, 13 Sep 2013 02:45:54 -0700 Subject: [Dovecot] How to disable SSL and TLSv1.1? In-Reply-To: <5230F430.4090105@thelounge.net> References: <522E360B.2050505@bluerosetech.com> <522E5520.2010904@thelounge. net> <5230F2CE.7020701@bluerosetech.com> <5230F430.4090105@thelounge.net> Message-ID: <5232DED2.7090303@bluerosetech.com> On 9/11/2013 3:52 PM, Reindl Harald wrote: > and that is why i said most widely used does not > > RHEL5: openssl-0.9.8e > RHEL6: openssl-1.0.0 > Fedora 17: openssl-1.0.0k > Fedora 18: openssl-1.0.1e RHEL with outdated software bundled? You don't say. ;) Let's look at the rest of the world: Firefox and Thunderbird currently ship with TLS 1.1/1.2 support, but not enabled by default. Mozilla is still working on automatic fallback to SSLv3/TLSv1.0. Firefox 24 supposedly has ability and will enable TLS 1.1 and 1.2 by default. On Windows 7, 8, 2008R2 and 2012, the schannel libraries support TLS 1.1 and 1.2. Versions of IE, Office, IIS, Exchange, SQL Server et al dating to as early as 2010 or so use those schannel library versions. IE 11 should have TLS 1.1 and 1.2 enabled by default. One nice thing: IE 10 will report the TLS version in the page properties. For example, Google's front page gives "TLS 1.2, AES with 128 bit encryption (High); ECDH_P256 with 256 bit exchange". With Apple, the SecureTransport libraries since 2011 or so supports TLS 1.1 and 1.2. That should include iOS 5 and 6 and OS X 10.6+. Version info is hard to find for Apple software, so my apologies if the version alignment isn't correct. Safari has TLS 1.1 and 1.2 enabled by default. Other things that support TLS 1.1+: - Google servers - Facebook - Twitter - Cloudflare - Chrome - GnuTLS - Java SSE I'm not sure we can agree on what comprises the "most widely used" case or even at what point we can say TLS 1.1+ is "well supported"; but the above is at least a good start. From h.reindl at thelounge.net Fri Sep 13 13:01:23 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 13 Sep 2013 12:01:23 +0200 Subject: [Dovecot] How to disable SSL and TLSv1.1? In-Reply-To: <5232DED2.7090303@bluerosetech.com> References: <522E360B.2050505@bluerosetech.com> <522E5520.2010904@thelounge. net> <5230F2CE.7020701@bluerosetech.com> <5230F430.4090105@thelounge.net> <5232DED2.7090303@bluerosetech.com> Message-ID: <5232E273.7010805@thelounge.net> Am 13.09.2013 11:45, schrieb Darren Pilgrim: > On 9/11/2013 3:52 PM, Reindl Harald wrote: >> and that is why i said most widely used does not >> >> RHEL5: openssl-0.9.8e >> RHEL6: openssl-1.0.0 >> Fedora 17: openssl-1.0.0k >> Fedora 18: openssl-1.0.1e > > RHEL with outdated software bundled? You don't say. ;) bulls** - google for LTS > Let's look at the rest of the world: > > Firefox and Thunderbird currently ship with TLS 1.1/1.2 support, but not enabled by default so it is nut relevant > Mozilla is still working on automatic fallback to SSLv3/TLSv1.0. off-topic in context of the threads subject > Firefox 24 supposedly has ability and will enable TLS 1.1 and 1.2 by default. does not help much > On Windows 7, 8, 2008R2 and 2012, the schannel libraries support TLS 1.1 and 1.2. Versions of IE, Office, IIS, > Exchange, SQL Server et al dating to as early as 2010 or so use those schannel library versions. IE 11 should have > TLS 1.1 and 1.2 enabled by default. One nice thing: IE 10 will report the TLS version in the page properties. For > example, Google's front page gives "TLS 1.2, AES with 128 bit encryption (High); ECDH_P256 with 256 bit exchange". as long the support for Windows XP is active and it comes to business you have to support it - period > With Apple, the SecureTransport libraries since 2011 or so supports TLS 1.1 and 1.2. That should include iOS 5 and > 6 and OS X 10.6+. Version info is hard to find for Apple software, so my apologies if the version alignment isn't > correct. Safari has TLS 1.1 and 1.2 enabled by default. that must be te reason for do not using it with Apple Mail i guess so you need to distinct between theory and the real life Anonymous TLS connection established from ****: TLSv1 with cipher AES128-SHA (128/128 bits) and yes postfix logs the TLS version as well the machine in question supports TLS1.2 Anonymous TLS connection established from ****: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits) > Other things that support TLS 1.1+: > > - Google servers > - Facebook > - Twitter > - Cloudflare > - Chrome > - GnuTLS > - Java SSE fine but what helps 1.1 in case someone asks how to disable it - read the subject > I'm not sure we can agree on what comprises the "most widely used" case or even at what point we can say TLS 1.1+ > is "well supported"; but the above is at least a good start it's not well supported -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From dan at langille.org Fri Sep 13 14:59:07 2013 From: dan at langille.org (Dan Langille) Date: Fri, 13 Sep 2013 07:59:07 -0400 Subject: [Dovecot] SSL with startssl.com certificates Message-ID: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> I'm using Dovecot 2.2.5. I'm setting up and new IMAPS server for personal use (i.e. only me). I have success with self-signed certificates but not with others (e.g. StartSSL.com) With StartSSL certs: I've been able to connect and test commands via: openssl s_client -connect imaps.unixathome.org:993 Can you configure your iPhone or Macbook to access the above? Authentication isn't the issue. Connection is the issue. I've been able to get Thunderbird to connect and access my mail. However, I've been unable to get my iPhone or my Mac configured to use the same IMAP server. On the iPhone, adding the new Mail account causes the Settings app to crash on a persistently consistent basis when adding the new account. The crash occurs when connecting to the IMAPS server. Configuration never completes. I suspect the problem is SSL because in both cases (iPhone and Mac), I see these messages I see in the logs: *** /var/log/debug.log *** Sep 13 11:50:32 imaps dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [166.137.84.11] Sep 13 11:50:45 imaps dovecot: auth: Debug: auth client connected (pid=31647) Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [166.137.84.11] *** /var/log/maillog *** Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [166.137.84.11] Sep 13 11:50:46 imaps dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=166.137.84.11, lip=199.233.228.197, TLS handshaking: Disconnected, session= /usr/local/etc/ssl/imaps.unixathome.org.crt contains only the cert issued by StartSSL /usr/local/etc/ssl/imaps.unixathome.org.nopassword.key contains a no-password key generated by myself. Output of doveconf -n: # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE-p6 amd64 auth_debug = yes auth_verbose = yes first_valid_gid = 1001 first_valid_uid = 1001 mail_debug = yes mail_location = maildir:~/Maildir mail_privileged_group = mail passdb { args = scheme=BLF-CRYPT /var/db/dovecot.users driver = passwd-file } protocols = imap service imap-login { inet_listener imap { port = 0 } inet_listener imaps { address = 199.233.228.197 } } ssl = required ssl_cert = References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> Message-ID: <523310AD.30209@mie.utoronto.ca> On 09/13/13 07:59 AM, Dan Langille wrote: > I'm using Dovecot 2.2.5. I'm setting up and new IMAPS server for > personal use (i.e. only me). > > I have success with self-signed certificates but not with others (e.g. > StartSSL.com) > > /usr/local/etc/ssl/imaps.unixathome.org.crt contains only the cert > issued by StartSSL > Maybe you are missing some of the certificate chain. http://wiki2.dovecot.org/SSL/DovecotConfiguration "Chained SSL certificates" From dan at langille.org Fri Sep 13 17:18:54 2013 From: dan at langille.org (Dan Langille) Date: Fri, 13 Sep 2013 10:18:54 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <523310AD.30209@mie.utoronto.ca> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD.30209@mie.utoronto.ca> Message-ID: <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome.org> On 2013-09-13 09:18, Oscar del Rio wrote: > On 09/13/13 07:59 AM, Dan Langille wrote: > I'm using Dovecot 2.2.5. I'm setting up and new IMAPS server for > personal use (i.e. only me). > > I have success with self-signed certificates but not with others (e.g. > StartSSL.com) > > /usr/local/etc/ssl/imaps.unixathome.org.crt contains only the cert > issued by StartSSL > > > Maybe you are missing some of the certificate chain. > http://wiki2.dovecot.org/SSL/DovecotConfiguration > "Chained SSL certificates" I tried that yesterday and it seemed to make no difference. My attempts were based on http://openssl.6102.n7.nabble.com/check-certificate-chain-in-a-pem-file-td43871.html Perhaps I am doing the chain incorrectly. I just tried again. The server is now set up with the following: I have three certs in this chain file: cat imaps.unixathome.org.pem sub.class1.server.ca.pem ca.pem > testing.chain.pem 1 - the certificate issued by startssl for my server 2 & 3 - the PEM files for StartSSL as found at http://www.startssl.com/certs/ I am not convinced that I have the appropriate PEM files for StartSSL. I verified the cert chain: # openssl verify -CAfile testing.chain.pem imaps.unixathome.org.crt imaps.unixathome.org.crt: OK When I test the connection, I see: $ openssl s_client -connect imaps.unixathome.org:993 -quiet depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. Ideas? -- Dan Langille - http://langille.org/ From rwmaillists at googlemail.com Fri Sep 13 18:29:39 2013 From: rwmaillists at googlemail.com (RW) Date: Fri, 13 Sep 2013 16:29:39 +0100 Subject: [Dovecot] Antispam plugin / sa-learn References: <1378916759.8725.20.camel@kubrick> Message-ID: <20130913162939.58525b3b@gumby.homeunix.com> On Thu, 12 Sep 2013 22:09:42 +0200 Mathieu R. wrote: > 22:01 root at effraie01 ~ # sa-learn --username=vmail --backup > v 3 db_version # this must be the first line!!! > v 0 num_spam > v 0 num_nonspam sa-learn --username sets the virtual user not the unix user. (BTW sa-learn --dump magic is a quicker way of reading the metadata) By default SA stores the bayes database files under a user's home directory. If you run sa-learn as vmail, which doesn't have a home directory, it will probably just give up. What you need to do is set bayes_path (in local.cf) to a directory to which vmail has access, then run sa-learn as vmail. Alternately you can setup one of the SQL backends. I'm posting this through gmane as I'm not subscribed to dovecot list. I replied in that SpamAssassin list before spotting that it was cross-posted. You can ignore most of it now, but I'll quote what I wrote about learning ham: "I'm sceptical that the Antispam plugin can learn enough ham this way. As I understand it the only mail that gets learnt as ham will be false-positives based on the overall spamassassin score, irrespective of the Bayes result. Bayes needs (by default) 200 spams and hams to even start classifying and much more for optimal results - I don't expect to get 200 FPs in the rest of my life. Unless this is high volume server with a shared database, I'd suggest either learning a few thousand hams manually, or implementing an unsure folder. You can also mitigate the problem by autotraining with a high ham threshold, but then you really need to be careful to move all spam to the spam folder. " From CMarcus at Media-Brokers.com Fri Sep 13 18:59:03 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 13 Sep 2013 11:59:03 -0400 Subject: [Dovecot] Change mail_location for one user? In-Reply-To: References: <5232829F.3090204@extremehosting.ca> Message-ID: <52333647.6040600@Media-Brokers.com> On 2013-09-13 2:40 AM, Steffen Kaiser wrote: > Because Dovecot supports multiple userdb's, you could add a > passwd-file userdb _before_ passwd userdb, copy the line of sarah from > /etc/passwd into that new file and add the extra fields there. See > http://wiki2.dovecot.org/AuthDatabase/PasswdFile > > userdb { > driver = passwd-file > args = username_format=%n /etc/dovecot/imap.passwd > } > userdb { > driver = passwd > } This looks very interesting to me... I've been contemplating slowly converting users (one at a time) over to SIS storage - looks like this would work for doing that too? The main thing holding me back is/was the MySQL DB I use for userdb doesn't natively/easily support extra fields - so, with this method, I could add a passwd-file userdb with the extra field(s) *before* my passwd userdb, then add the users to convert one by one, then once all are converted, change the main config and eliminate the temporary userdb... ? Thanks! -- Best regards, */Charles/* From mathieu at 400iso.net Fri Sep 13 19:06:38 2013 From: mathieu at 400iso.net (Mathieu R.) Date: Fri, 13 Sep 2013 18:06:38 +0200 Subject: [Dovecot] Antispam plugin / sa-learn In-Reply-To: <20130913162939.58525b3b@gumby.homeunix.com> References: <1378916759.8725.20.camel@kubrick> <20130913162939.58525b3b@gumby.homeunix.com> Message-ID: <7312e4772a3a52c2bb703f5e2655bc0a@400iso.net> Le 13/09/2013 17:29, RW a ?crit?: > On Thu, 12 Sep 2013 22:09:42 +0200 > Mathieu R. wrote: > >> 22:01 root at effraie01 ~ # sa-learn --username=vmail --backup >> v 3 db_version # this must be the first line!!! >> v 0 num_spam >> v 0 num_nonspam > > sa-learn --username sets the virtual user not the unix user. (BTW > sa-learn --dump magic is a quicker way of reading the metadata) > > By default SA stores the bayes database files under a user's home > directory. If you run sa-learn as vmail, which doesn't have a home > directory, it will probably just give up. > > > What you need to do is set bayes_path (in local.cf) to a directory to > which vmail has access, then run sa-learn as vmail. Alternately you > can > setup one of the SQL backends. Setting bayes_path made it fall in work, thank a lot! > > I'm posting this through gmane as I'm not subscribed to dovecot list. > I > replied in that SpamAssassin list before spotting that it was > cross-posted. You can ignore most of it now, but I'll quote what I > wrote about learning ham: > > "I'm sceptical that the Antispam plugin can learn enough ham this > way. > As I understand it the only mail that gets learnt as ham will be > false-positives based on the overall spamassassin score, > irrespective > of the Bayes result. Bayes needs (by default) 200 spams and hams to > even start classifying and much more for optimal results - I don't > expect to get 200 FPs in the rest of my life. Unless this is high > volume server with a shared database, I'd suggest either learning a > few thousand hams manually, or implementing an unsure folder. You > can > also mitigate the problem by autotraining with a high ham > threshold, > but then you really need to be careful to move all spam to the spam > folder. " as my english is approximative, i'm not sure to really understand what you mean : should i : - do not use antispam-plugin to learn spam, but do it manually with sa-learn /path/to/ham ? - do not use antispam-plugin at alla ? - use antispam-plugin to learn ham, but still do it by hand with sa-learn /path/to/ham ? - take care for something else ? -- Mathieu R. From micah at riseup.net Fri Sep 13 19:07:50 2013 From: micah at riseup.net (Micah Anderson) Date: Fri, 13 Sep 2013 12:07:50 -0400 Subject: [Dovecot] Migrating from dovecot 2.1 to 2.2 Message-ID: <87fvt8ogbt.fsf@muck.riseup.net> Due to the incompatibilities with the dsync protocol version between 2.1 and 2.2, I am unable to use dsync to move users to a new machine where we have 2.2.5 setup. This wouldn't normally be a problem, as I could just rsync the user's mdbox and dovecot would happily do the right thing. However, on the new system I've placed the indexes into a faster storage medium, where on the older system the indexes were included in their mail directory. I can rsync over the entire thing, including their old indexes, and dovecot will try to do the right thing and build new indexes, but what happens is all mail is marked as unread, and I get some old index cruft left around in the directories. How can I preserve the seen/unseen flags in such a migration? Thanks! micah From CMarcus at Media-Brokers.com Fri Sep 13 19:14:29 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 13 Sep 2013 12:14:29 -0400 Subject: [Dovecot] Migrating from dovecot 2.1 to 2.2 In-Reply-To: <87fvt8ogbt.fsf@muck.riseup.net> References: <87fvt8ogbt.fsf@muck.riseup.net> Message-ID: <523339E5.2070002@Media-Brokers.com> On 2013-09-13 12:07 PM, Micah Anderson wrote: > Due to the incompatibilities with the dsync protocol version between 2.1 > and 2.2, I am unable to use dsync to move users to a new machine where > we have 2.2.5 setup. This wouldn't normally be a problem, as I could > just rsync the user's mdbox and dovecot would happily do the right > thing. However, on the new system I've placed the indexes into a faster > storage medium, where on the older system the indexes were included in > their mail directory. You could either simply upgrade the 2.1 server to 2.2 (that looks to me to be the simplest/best option), or, I believe I recall reading that you can install 2.2 in a separate location, and use the dsync in 2.2 on the 2.1 server...? -- Best regards, */Charles/* From dan at langille.org Fri Sep 13 19:51:32 2013 From: dan at langille.org (Dan Langille) Date: Fri, 13 Sep 2013 12:51:32 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome.org> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD.30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome.org> Message-ID: <5b988b9d77382153a7b5fd42d885f423@mail.unixathome.org> On 2013-09-13 10:18, Dan Langille wrote: > On 2013-09-13 09:18, Oscar del Rio wrote: > On 09/13/13 07:59 AM, Dan Langille wrote: > I'm using Dovecot 2.2.5. I'm setting up and new IMAPS server for > personal use (i.e. only me). > > I have success with self-signed certificates but not with others (e.g. > StartSSL.com) > > /usr/local/etc/ssl/imaps.unixathome.org.crt contains only the cert > issued by StartSSL > > > Maybe you are missing some of the certificate chain. > http://wiki2.dovecot.org/SSL/DovecotConfiguration > "Chained SSL certificates" > > I tried that yesterday and it seemed to make no difference. > My attempts were based on > http://openssl.6102.n7.nabble.com/check-certificate-chain-in-a-pem-file-td43871.html > > Perhaps I am doing the chain incorrectly. I just tried again. The > server is now set up with the following: > > I have three certs in this chain file: > > cat imaps.unixathome.org.pem sub.class1.server.ca.pem ca.pem > > testing.chain.pem > > 1 - the certificate issued by startssl for my server > 2 & 3 - the PEM files for StartSSL as found at > http://www.startssl.com/certs/ The following test seems to indicate I have SSL configured correctly: http://www.sslshopper.com/ssl-checker.html#hostname=imaps.unixathome.org:993 A similar test from http://www.digicert.com/help/ does not find an issue. Even better, this test shows the certs it finds: http://certlogik.com/ssl-checker/ Not sure what to conclude yet. From rob0 at gmx.co.uk Fri Sep 13 20:32:39 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Fri, 13 Sep 2013 12:32:39 -0500 Subject: [Dovecot] Change mail_location for one user? In-Reply-To: <5232BB83.1090904@extremehosting.ca> References: <5232829F.3090204@extremehosting.ca> <5232BB83.1090904@extremehosting.ca> Message-ID: <20130913173239.GB13717@harrier.slackbuilds.org> Top-posting fixed. On Fri, Sep 13, 2013 at 03:15:15AM -0400, Scott Galambos wrote: > On 9/13/2013 2:40 AM, Steffen Kaiser wrote: > >On Thu, 12 Sep 2013, Scott Galambos wrote: > >>What would I have to do to make only sarah's mail_location > >>~/Maildir now? My userdb is: > >>$: doveconf -n userdb > >>userdb { > >> driver = passwd > >>} > > > >you need to pass "Extra Fields" to Dovecot, see last example in: > >http://wiki2.dovecot.org/UserDatabase/ExtraFields > > > >"passwd-file" is similiar to "passwd", but I don't know, if you break > >something (outside Dovecot), if you add the last field to /etc/passwd. > > > >Because Dovecot supports multiple userdb's, you could add a Reread that: _multiple_ means "more than one." > >passwd-file userdb _before_ passwd userdb, copy the line of sarah > >from /etc/passwd into that new file and add the extra fields > >there. See http://wiki2.dovecot.org/AuthDatabase/PasswdFile > > > >userdb { > > driver = passwd-file > > args = username_format=%n /etc/dovecot/imap.passwd > >} > >userdb { > > driver = passwd > >} > > > I tried something similar already. Close, but not the same. Look back at Steffen's post. There are TWO userdb definitions. Do it that way and all is well. He answered you completely. > passdb { > driver = shadow > } > > userdb { > driver = passwd-file > args = username_format=%n /path/to/passwd > } > > With only the one sarah user defined in /path/to/passwd. But then all > other users cannot log in anymore. Only one user had a userdb entry. If you specify a userdb, the built-in defaults do not apply. > Thunderbird says "Sending of > password did not succeed". Does anyone know if specifying a userdb > stops passdb/shadow from being used? Do I need to copy all users > from the passdb/shadow system to /path/to/passwd? Was hoping to just > specify single users I wanted to override in /path/to/passwd. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From skdovecot at smail.inf.fh-brs.de Fri Sep 13 22:38:30 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen) Date: Fri, 13 Sep 2013 21:38:30 +0200 Subject: [Dovecot] Change mail_location for one user? In-Reply-To: <52333647.6040600@Media-Brokers.com> References: <5232829F.3090204@extremehosting.ca> <52333647.6040600@Media-Brokers.com> Message-ID: <523369B6.8070906@smail.inf.fh-brs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Charles Marcus wrote: > On 2013-09-13 2:40 AM, Steffen Kaiser > wrote: >> Because Dovecot supports multiple userdb's, you could add a >> passwd-file userdb _before_ passwd userdb, copy the line of sarah >> from /etc/passwd into that new file and add the extra fields >> there. See http://wiki2.dovecot.org/AuthDatabase/PasswdFile >> >> userdb { driver = passwd-file args = username_format=%n >> /etc/dovecot/imap.passwd } userdb { driver = passwd } > > This looks very interesting to me... > > I've been contemplating slowly converting users (one at a time) > over to SIS storage - looks like this would work for doing that > too? > > The main thing holding me back is/was the MySQL DB I use for > userdb doesn't natively/easily support extra fields - so, with this > method, I could add a passwd-file userdb with the extra field(s) > *before* my passwd userdb, then add the users to convert one by > one, then once all are converted, change the main config and > eliminate the temporary userdb... ? You can do so. Dovecot really does not care where the user data comes from. But, I wonder why you would need the extra DB with mySQL. a) You can add new fields to the DB on the fly at runtime and adjust the query in Dovecot and reload. b) http://wiki2.dovecot.org/UserDatabase/ExtraFields; make use of "userdb_import" - generic field with delimited settings. - -- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBUjNptV3r2wJMiz2NAQJkhwf+N/nOtUb+9UtwvtF4evMvnHkfv1Ciw6c8 QLKgJV/+QoOpUiM+YVbzFCAWfofL4sTOqoV+G/s9c5RKDbCwDn/MbgP1hQ+TRx0h vE+lL0RbTTdkRGUCoOkuA6BIggPdfp4VmNZLlOsXldfjnhZ8r76NNKko5wzRdp7K oSdt3XEE2wg9+hrCq4IYLSG2rN8rnklaY0v1A38oO75Xx0i3XDxQnkxvtlsvFJ8k X4L829hIrZ7+MIo4M6qFd01Ef7xP/oBYFEMW7ByEZs92ERJiM8WrB2h31U5VhFEY iBYwiabjcXAhNheK98RZvKiIH7DYzOZXvfd7GGLdGEsZ1qfcLOt8Aw== =oRmK -----END PGP SIGNATURE----- From slusarz at curecanti.org Sat Sep 14 01:37:42 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Fri, 13 Sep 2013 16:37:42 -0600 Subject: [Dovecot] SELECT: Bug in untagged response Message-ID: <20130913163742.Horde.V2HvBtfet1OvWQlx6LD5Pg1@bigworm.curecanti.org> Dovecot 2.2.5 In selected state: C: 1 SELECT &#-&#/# S: 1 NO Mailbox name is not valid mUTF-7 S: * OK [CLOSED] Previous mailbox closed. I can verify that this only seems to happen when the mailbox name is incorrect mUTF-7. Things work fine if I access a non-existent mailbox: C: 1 SELECT non-existent-mailbox S: * OK [CLOSED] Previous mailbox closed. S: a NO Mailbox doesn't exist: non-existent-mailbox FYI: Switching to Dave C's workaround discussed here -- http://mailman2.u.washington.edu/pipermail/imap-protocol/2005-September/000053.html -- regarding servers that don't support UNSELECT. This would normally never happen on Dovecot since it supports UNSELECT; I'm intentionally ignoring that capability for testing purposes. I'm not pipelining a CLOSE with the above SELECT command, like Dave suggests, because the likelihood this SELECT will be successful is about zero and I'd rather avoid a BAD response to a CLOSE command, since it is plausible that a server could issue a CLIENTBUG response for a client that is trying to CLOSE a mailbox in Authenticated State. (Granted, a server could also plausibly issue a CLIENTBUG for identifying a mailbox in incorrect mUTF-7 also, but whatever.) michael From johan+dovecot at huldtgren.com Sat Sep 14 03:15:34 2013 From: johan+dovecot at huldtgren.com (Johan Huldtgren) Date: Fri, 13 Sep 2013 20:15:34 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> Message-ID: <5233AAA6.2070608@huldtgren.com> > I'm using Dovecot 2.2.5. I'm setting up and new IMAPS server for > personal use (i.e. only me). > > I have success with self-signed certificates but not with others (e.g. my setup is similar (although I'm at dovecot 2.1.17) using certs from StartSSL with several macs and many iphones, and it works. The only thing (that seems relevant) that's different in our configs is that I have this line: ssl_ca = References: <522E360B.2050505@bluerosetech.com> <522E5520.2010904@thelounge. net> <5230F2CE.7020701@bluerosetech.com> <5230F430.4090105@thelounge.net> < 5232DED2.7090303@bluerosetech.com> <5232E273.7010805@thelounge.net> <5233775C.2020907@bluerosetech.com> Message-ID: <5233B055.1010004@thelounge.net> Am 13.09.2013 22:36, schrieb Darren Pilgrim: > This has kind of wandered out of the scope of the list i don't think so because having a question in public means also everyone reads it understands the real usefulness > On 9/13/2013 3:01 AM, Reindl Harald wrote: >> Am 13.09.2013 11:45, schrieb Darren Pilgrim: >>> On 9/11/2013 3:52 PM, Reindl Harald wrote: >>>> and that is why i said most widely used does not >>>> >>>> RHEL5: openssl-0.9.8e >>>> RHEL6: openssl-1.0.0 >>>> Fedora 17: openssl-1.0.0k >>>> Fedora 18: openssl-1.0.1e >>> >>> RHEL with outdated software bundled? You don't say. ;) >> >> bulls** - google for LTS > > My point is that you don't have to use the stock libraries. My *nix of choice, FreeBSD, still has 0.9.8 in the > current releases. Luckily there's 1.0.1e in ports and the framework makes it easy to switch port builds between > the base and port libraries. There are 1.0.1e packages for every Linux distro I've checked. my point is that it does not help much if you have the best of all available encryptions on your IMAP server because all the messages you receive pass the wire and since you can't disable SSL/TLSv1.0/TLS1.1 on the MTA side or if you do so you receive a lot of messages *completly unecnrypted* because the sending MTA falls back >>> Firefox and Thunderbird currently ship with TLS 1.1/1.2 support, >>> but not enabled by default >> >> so it is nut relevant > > How is TLS 1.1 and 1.2 support in one of the most popular suites of software not relevant? "but not enabled by default" is not relevant in the reality except you are the only user of your private server and even if see above what benefit do you have from TLS1.2 if the message passed the wire with SSL3 or unencrpyted at all > Sure, it's not enabled by default, but those of us working proactively can enable it taht will not go to happen for the majority of users > On by default simply means the feature has matured to the point where the cost of > supporting the general userbase is reasonably small. on by default means the ordinary users will use it off by default means the ordinary users will not use it >> as long the support for Windows XP is active and it comes to business >> you have to support it - period > > Yeah I know. Fortunately XP is EoS in less than a year. and until then it doe snot help much I will be very happy to see it and all of it creaky > legacy inanity go away. me too, and if it's only about having SSL-webhosts without a dedicated IP currently you can't use SNI in case of business websites as well as you can't disable SSL/TLS1.1/TLS1.2 as long you have potentially customers with WinXP/Outlook2003 and as long they are supported with updates you can't force a customer to upgrade >> fine but what helps 1.1 in case someone asks how to disable it - read >> the subject > > The subject line should have read TLSv1.0. Sorry for the typo. > FWIW, the body of my original email correctly said > I wanted to disable TLSv1.0, not 1.1 while it's not that hardliner attitude to at least support TLS1.1 i think i explained now well the non existing benefits in what you are doing if you think about the complete way a e-mail goes and in case you are not the only user of the server it's impossible to do so without lose customers or get a lot of complaints until you revert the settings -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From noel.butler at ausics.net Sat Sep 14 04:55:47 2013 From: noel.butler at ausics.net (Noel Butler) Date: Sat, 14 Sep 2013 11:55:47 +1000 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome.org> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD.30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome.org> Message-ID: <1379123747.7900.19.camel@tardis> On Fri, 2013-09-13 at 10:18 -0400, Dan Langille wrote: > Perhaps I am doing the chain incorrectly. I just tried again. The > server is now set up with the following: > > I have three certs in this chain file: > > cat imaps.unixathome.org.pem sub.class1.server.ca.pem ca.pem > > testing.chain.pem > > 1 - the certificate issued by startssl for my server > 2 & 3 - the PEM files for StartSSL as found at > http://www.startssl.com/certs/ > That is the correct chain method, and order > $ openssl s_client -connect imaps.unixathome.org:993 -quiet > depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > verify error:num=19:self signed certificate in certificate chain Never panic about the above, it is just indicating (rightly so) you have a local certificate (the first) in your chain. >ssl_cert = ssl_key = ssl = required Bit dangerous... and may be the cause of your problems, change to : ssl = yes We use startssl and have many android, blackberry, and iphone users (maybe even win phone Lusers too ;) who knows) amongst desktop/laptop types and never had any problems with them using startssl -------------- next part -------------- A non-text attachment was scrubbed... Name: face-wink.png Type: image/png Size: 876 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From scottg at extremehosting.ca Sat Sep 14 07:55:06 2013 From: scottg at extremehosting.ca (Scott Galambos) Date: Sat, 14 Sep 2013 00:55:06 -0400 Subject: [Dovecot] Change mail_location for one user? In-Reply-To: References: <5232829F.3090204@extremehosting.ca> Message-ID: <5233EC2A.3020703@extremehosting.ca> On 9/13/2013 2:40 AM, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > "passwd-file" is similiar to "passwd", but I don't know, if you break > something (outside Dovecot), if you add the last field to /etc/passwd. > > Because Dovecot supports multiple userdb's, you could add a passwd-file > userdb _before_ passwd userdb, copy the line of sarah from /etc/passwd > into that new file and add the extra fields there. See > http://wiki2.dovecot.org/AuthDatabase/PasswdFile > > userdb { > driver = passwd-file > args = username_format=%n /etc/dovecot/imap.passwd > } > userdb { > driver = passwd > } This works. But I noticed when I do use it to override mail_location dovecot doesn't report system_groups_user anymore. Not sure if that matters.... $: dovecot user sarah field value uid 1403 gid 101 home /home/sarah mail mbox:~/mail:INBOX=/var/mail/sarah system_groups_user sarah Now I add to imap.passwd: sarah::1403:101::/home/sarah::userdb_mail=maildir:~/Maildir $: dovecot user sarah field value uid 1403 gid 101 home /home/sarah mail maildir:~/Maildir $: From avinash.s at yukthi.com Sat Sep 14 08:33:44 2013 From: avinash.s at yukthi.com (Avinash Sultanpur) Date: Sat, 14 Sep 2013 11:03:44 +0530 Subject: [Dovecot] Temporarily disable mail delivery when using Dovecot's LDA Message-ID: <20130914053343.GB32538@sultanpur.org> Hi, How can I disable mail delivery to a user or a mailbox temporarily. Is there something in the lines of qmail where you set a sticky bit on the home directory and mail delivery is deferred? Thanks, Avinash. From stan at hardwarefreak.com Sat Sep 14 09:36:00 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Sat, 14 Sep 2013 01:36:00 -0500 Subject: [Dovecot] Temporarily disable mail delivery when using Dovecot's LDA In-Reply-To: <20130914053343.GB32538@sultanpur.org> References: <20130914053343.GB32538@sultanpur.org> Message-ID: <523403D0.9060203@hardwarefreak.com> On 9/14/2013 12:33 AM, Avinash Sultanpur wrote: > How can I disable mail delivery to a user or a mailbox temporarily. Is > there something in the lines of qmail where you set a sticky bit on > the home directory and mail delivery is deferred? This is a job for your MTA, not Dovecot. Dovecot has no deferred queue, and in fact has no mail queues at all. Do you actually want to defer the mail into a queue, or do you want to return a 4xx "mailbox temporarily unavailable" to the sender? In other words, what problem are you trying to solve? -- Stan From avinash.s at yukthi.com Sat Sep 14 11:32:16 2013 From: avinash.s at yukthi.com (Avinash Sultanpur) Date: Sat, 14 Sep 2013 14:02:16 +0530 Subject: [Dovecot] Temporarily disable mail delivery when using Dovecot's LDA In-Reply-To: <523403D0.9060203@hardwarefreak.com> References: <20130914053343.GB32538@sultanpur.org> <523403D0.9060203@hardwarefreak.com> Message-ID: <20130914083214.GA1755@sultanpur.org> On Sat, Sep 14, 2013 at 01:36:00AM -0500, Stan Hoeppner wrote: > On 9/14/2013 12:33 AM, Avinash Sultanpur wrote: > > > How can I disable mail delivery to a user or a mailbox temporarily. Is > > there something in the lines of qmail where you set a sticky bit on > > the home directory and mail delivery is deferred? > > This is a job for your MTA, not Dovecot. Dovecot has no deferred queue, > and in fact has no mail queues at all. > > Do you actually want to defer the mail into a queue, or do you want to > return a 4xx "mailbox temporarily unavailable" to the sender? > > In other words, what problem are you trying to solve? I should have described it earlier. My mailboxes are named after the usernames and I want to rename the mailbox whenever the username changes. Found this thread about the same topic. http://dovecot.org/list/dovecot/2012-February/133339.html Also the doveadm-mailbox(1) has a rename argument. I will check out what it does. Thanks, Avinash. From hendry at dabase.com Sat Sep 14 14:14:46 2013 From: hendry at dabase.com (Kai Hendry) Date: Sat, 14 Sep 2013 19:14:46 +0800 Subject: [Dovecot] mailbox virtual/All Message-ID: <20130914111446.GA2030@sg.webconverger.com> Anyone using "mailbox virtual/All" ? Can't get it to work. At best I get an empty folder showing in mutt. Wondering if someone can share their complete working config with me please? This is my conf http://ix.io/838 Thanks! From claude.xavier at gmail.com Sat Sep 14 15:16:59 2013 From: claude.xavier at gmail.com (Xavier Claude) Date: Sat, 14 Sep 2013 14:16:59 +0200 Subject: [Dovecot] Unable to use dovecot-antispam plugin In-Reply-To: <1816742.fAMCONA0qj@linux-s4x4.site> References: <1458010.NeIMt30kEy@linux-s4x4.site> <1816742.fAMCONA0qj@linux-s4x4.site> Message-ID: <1428659.haNG2Vc9Lj@coruscant.claudexcorp> I've finally found the issue, dspam was not configured properly. -- Xavier Claude claude.xavier at gmail.com From dan at langille.org Sat Sep 14 22:21:44 2013 From: dan at langille.org (Dan Langille) Date: Sat, 14 Sep 2013 15:21:44 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <1379123747.7900.19.camel@tardis> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD.30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome.org> <1379123747.7900.19.camel@tardis> Message-ID: <5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> On Sep 13, 2013, at 9:55 PM, Noel Butler wrote: > On Fri, 2013-09-13 at 10:18 -0400, Dan Langille wrote: > > >> Perhaps I am doing the chain incorrectly. I just tried again. The >> server is now set up with the following: >> >> I have three certs in this chain file: >> >> cat imaps.unixathome.org.pem sub.class1.server.ca.pem ca.pem > >> testing.chain.pem >> >> 1 - the certificate issued by startssl for my server >> 2 & 3 - the PEM files for StartSSL as found at >> http://www.startssl.com/certs/ >> > > > That is the correct chain method, and order > > >> $ openssl s_client -connect imaps.unixathome.org:993 -quiet >> depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Certification Authority >> verify error:num=19:self signed certificate in certificate chain > > > > Never panic about the above, it is just indicating (rightly so) you > have a local certificate (the first) in your chain. > > >> ssl_cert = > ssl_key = > correct method, so long as the cert and key files are named correctly > and in the right location. > > >> ssl = required > > Bit dangerous... and may be the cause of your problems, change to : > ssl = yes > > > We use startssl and have many android, blackberry, and iphone users > (maybe even win phone Lusers too ;) who knows) amongst desktop/laptop > types and never had any problems with them using startssl Hmmm, I tried ssl = yes. Mail.app still crashes when trying to connect. I also try the cert bundle mentioned by Johan. The server says: Sep 14 19:19:22 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [173.49.195.214] Sep 14 19:19:22 imaps dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=173.49.195.214, lip=199.233.228.197, TLS handshaking: Disconnected, session=<8+862VzmPwCtMcPW> What is this? read client certificate? There is no client certification in this config. : doveconf -n # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE-p6 amd64 auth_debug = yes auth_verbose = yes first_valid_gid = 1001 first_valid_uid = 1001 mail_debug = yes mail_location = maildir:~/Maildir mail_privileged_group = mail passdb { args = scheme=BLF-CRYPT /var/db/dovecot.users driver = passwd-file } protocols = imap service imap-login { inet_listener imap { port = 0 } inet_listener imaps { address = 199.233.228.197 } } ssl_cert = References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD.30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome.org> <1379123747.7900.19.camel@tardis> <5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> Message-ID: Are you getting asked to add an exception to the email applications certificate dialogue box? This is an example with Thunderbird. http://jwrr.com/content/Hostgator-Thunderbird-Email-Configuration/images/thunderbird-mail-account-add-security-exception.jpg Dan On Sat, Sep 14, 2013 at 7:21 PM, Dan Langille wrote: > > On Sep 13, 2013, at 9:55 PM, Noel Butler wrote: > > > On Fri, 2013-09-13 at 10:18 -0400, Dan Langille wrote: > > > > > >> Perhaps I am doing the chain incorrectly. I just tried again. The > >> server is now set up with the following: > >> > >> I have three certs in this chain file: > >> > >> cat imaps.unixathome.org.pem sub.class1.server.ca.pem ca.pem > > >> testing.chain.pem > >> > >> 1 - the certificate issued by startssl for my server > >> 2 & 3 - the PEM files for StartSSL as found at > >> http://www.startssl.com/certs/ > >> > > > > > > That is the correct chain method, and order > > > > > >> $ openssl s_client -connect imaps.unixathome.org:993 -quiet > >> depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > >> Signing/CN=StartCom Certification Authority > >> verify error:num=19:self signed certificate in certificate chain > > > > > > > > Never panic about the above, it is just indicating (rightly so) you > > have a local certificate (the first) in your chain. > > > > > >> ssl_cert = >> ssl_key = > > > correct method, so long as the cert and key files are named correctly > > and in the right location. > > > > > >> ssl = required > > > > Bit dangerous... and may be the cause of your problems, change to : > > ssl = yes > > > > > > We use startssl and have many android, blackberry, and iphone users > > (maybe even win phone Lusers too ;) who knows) amongst desktop/laptop > > types and never had any problems with them using startssl > > Hmmm, I tried ssl = yes. Mail.app still crashes when trying to connect. > > I also try the cert bundle mentioned by Johan. > > The server says: > > Sep 14 19:19:22 imaps dovecot: imap-login: Warning: SSL failed: > where=0x2002: SSLv3 read client certificate A [173.49.195.214] > Sep 14 19:19:22 imaps dovecot: imap-login: Disconnected (no auth attempts > in 0 secs): user=<>, rip=173.49.195.214, lip=199.233.228.197, TLS > handshaking: Disconnected, session=<8+862VzmPwCtMcPW> > > What is this? read client certificate? There is no client certification > in this config. > > : doveconf -n > # 2.2.5: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 9.1-RELEASE-p6 amd64 > auth_debug = yes > auth_verbose = yes > first_valid_gid = 1001 > first_valid_uid = 1001 > mail_debug = yes > mail_location = maildir:~/Maildir > mail_privileged_group = mail > passdb { > args = scheme=BLF-CRYPT /var/db/dovecot.users > driver = passwd-file > } > protocols = imap > service imap-login { > inet_listener imap { > port = 0 > } > inet_listener imaps { > address = 199.233.228.197 > } > } > ssl_cert = ssl_key = userdb { > args = /var/db/dovecot.users > driver = passwd-file > } > verbose_proctitle = yes > verbose_ssl = yes > protocol imap { > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep > } > > > -- > Dan Langille - http://langille.org > > -- Daniel Reinhardt cryptodan at cryptodan.net http://www.cryptodan.net 301-875-7018(c) 410-455-0488(h) From dan at langille.org Sat Sep 14 22:30:30 2013 From: dan at langille.org (Dan Langille) Date: Sat, 14 Sep 2013 15:30:30 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD.30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome.org> <1379123747.7900.19.camel@tardis> <5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> Message-ID: <1E783D15-9721-4A11-97F0-48649E95D6C3@langille.org> On Sep 14, 2013, at 3:28 PM, Daniel Reinhardt wrote: > Are you getting asked to add an exception to the email applications > certificate dialogue box? > > This is an example with Thunderbird. > > http://jwrr.com/content/Hostgator-Thunderbird-Email-Configuration/images/thunderbird-mail-account-add-security-exception.jpg No, it never gets to that point. Mail.app crashes right after I start it. I am able to access this IMAP server with Thunderbird. > > Dan > > > On Sat, Sep 14, 2013 at 7:21 PM, Dan Langille wrote: > >> >> On Sep 13, 2013, at 9:55 PM, Noel Butler wrote: >> >>> On Fri, 2013-09-13 at 10:18 -0400, Dan Langille wrote: >>> >>> >>>> Perhaps I am doing the chain incorrectly. I just tried again. The >>>> server is now set up with the following: >>>> >>>> I have three certs in this chain file: >>>> >>>> cat imaps.unixathome.org.pem sub.class1.server.ca.pem ca.pem > >>>> testing.chain.pem >>>> >>>> 1 - the certificate issued by startssl for my server >>>> 2 & 3 - the PEM files for StartSSL as found at >>>> http://www.startssl.com/certs/ >>>> >>> >>> >>> That is the correct chain method, and order >>> >>> >>>> $ openssl s_client -connect imaps.unixathome.org:993 -quiet >>>> depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >>>> Signing/CN=StartCom Certification Authority >>>> verify error:num=19:self signed certificate in certificate chain >>> >>> >>> >>> Never panic about the above, it is just indicating (rightly so) you >>> have a local certificate (the first) in your chain. >>> >>> >>>> ssl_cert = >>> ssl_key = >> >>> correct method, so long as the cert and key files are named correctly >>> and in the right location. >>> >>> >>>> ssl = required >>> >>> Bit dangerous... and may be the cause of your problems, change to : >>> ssl = yes >>> >>> >>> We use startssl and have many android, blackberry, and iphone users >>> (maybe even win phone Lusers too ;) who knows) amongst desktop/laptop >>> types and never had any problems with them using startssl >> >> Hmmm, I tried ssl = yes. Mail.app still crashes when trying to connect. >> >> I also try the cert bundle mentioned by Johan. >> >> The server says: >> >> Sep 14 19:19:22 imaps dovecot: imap-login: Warning: SSL failed: >> where=0x2002: SSLv3 read client certificate A [173.49.195.214] >> Sep 14 19:19:22 imaps dovecot: imap-login: Disconnected (no auth attempts >> in 0 secs): user=<>, rip=173.49.195.214, lip=199.233.228.197, TLS >> handshaking: Disconnected, session=<8+862VzmPwCtMcPW> >> >> What is this? read client certificate? There is no client certification >> in this config. >> >> : doveconf -n >> # 2.2.5: /usr/local/etc/dovecot/dovecot.conf >> # OS: FreeBSD 9.1-RELEASE-p6 amd64 >> auth_debug = yes >> auth_verbose = yes >> first_valid_gid = 1001 >> first_valid_uid = 1001 >> mail_debug = yes >> mail_location = maildir:~/Maildir >> mail_privileged_group = mail >> passdb { >> args = scheme=BLF-CRYPT /var/db/dovecot.users >> driver = passwd-file >> } >> protocols = imap >> service imap-login { >> inet_listener imap { >> port = 0 >> } >> inet_listener imaps { >> address = 199.233.228.197 >> } >> } >> ssl_cert = > ssl_key = > userdb { >> args = /var/db/dovecot.users >> driver = passwd-file >> } >> verbose_proctitle = yes >> verbose_ssl = yes >> protocol imap { >> imap_client_workarounds = delay-newmail tb-extra-mailbox-sep >> } >> >> >> -- >> Dan Langille - http://langille.org >> >> > > > -- > Daniel Reinhardt > cryptodan at cryptodan.net > http://www.cryptodan.net > 301-875-7018(c) > 410-455-0488(h) -- Dan Langille - http://langille.org From noel.butler at ausics.net Sun Sep 15 05:36:04 2013 From: noel.butler at ausics.net (Noel Butler) Date: Sun, 15 Sep 2013 12:36:04 +1000 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD.30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome.org> <1379123747.7900.19.camel@tardis> <5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> Message-ID: <1379212564.7813.26.camel@tardis> On Sat, 2013-09-14 at 15:21 -0400, Dan Langille wrote: > > > > Hmmm, I tried ssl = yes. Mail.app still crashes when trying to connect. > Well, its likely an Apple fault, after all their implementation of pop3 has been known to be broken for many many many years, but still after all these years are incapable of finding a developer to fix it by inserting a QUIT after its done everything. > > Sep 14 19:19:22 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client > certificate A [173.49.195.214] > What is this? read client certificate? There is no client certification in this config. dovecot wants to know if your client wishes to authenticate using a local-to-client certificate, wouldnt focus too much on that (unless that client is trying to give a certificate that is invalid - not sure, I have never ever in 20 years, seen any client try to auth with a local certificate to a mail server)... is this just one user? or all using apple? is it you? Have you/they tried simply using TLS on 143? (preferred as POP3s/IMAPs has really be deprecated everywhere for some time now) a successful TLS login appears like (and this particular user I know uses an ipad) : Sep 15 12:09:38 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [101.xxxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [101.xx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [101.xxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [101.xxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [101.xxxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [101.xxxxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [101.xxxxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [101.xxxxxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [101.xxxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [101.xxx] Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [101.xxxx] Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A [101.xxxxxxx] Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [101.xxxx] Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A [101.xxxxx] Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [101.xxxxxx] Sep 15 12:09:45 imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [101.xxxxxx] Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [101.xxxxx] Sep 15 12:09:45 imap-login: Info: Login: user, method=PLAIN, rip=xxxxx, TLS > protocols = imap > service imap-login { > inet_listener imap { > port = 0 > } > inet_listener imaps { > address = 199.233.228.197 > } > } inet_listener imap { port = 143 <-- use it for TLS, its possible this is why fails as its falling back to TLS, i cant test that theory } since we all use android devices. inet_listener imaps { port = 993 } Anyway, the fact you said thunderbird works, indicates it is not a cert issue, and I fail to see dovecot issue, have they tried another mail app? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From sh.habbal at hotmail.com Mon Sep 16 00:39:22 2013 From: sh.habbal at hotmail.com (Shadi Habbal) Date: Mon, 16 Sep 2013 01:39:22 +0400 Subject: [Dovecot] Dovecot replies with default SSL certificate instead of the vhost's Message-ID: Hello, I'm using dovecot v2.0.21. According to http://wiki2.dovecot.org/SSL/DovecotConfiguration,dovecot 2.x supports different SSL certificate for different virtual hosts by using "local_name" directive, but I can't get it to work. When testing the certificate using "openssl s_client -connect domain.com:pop3s" I get the default certificate instead of domain.com's.----------------------------------------------------------------------------Here is the my dovecot.conf:# 2.0.21: /etc/dovecot/dovecot.conf# OS: Linux 2.6.32-358.6.2.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_master_user_separator = *auth_mechanisms = PLAIN LOGINdict { acl = mysql:/etc/dovecot/dovecot-share-folder.conf quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf}first_valid_uid = 2000last_valid_uid = 2000listen = *log_path = /var/log/dovecot.logmail_gid = 2000mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/mail_plugins = quotamail_uid = 2000managesieve_notify_capability = mailtomanagesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihavenamespace { inbox = yes location = prefix = separator = / type = private}namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u prefix = Shared/%%u/ separator = / subscriptions = yes type = shared}passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql}passdb { args = /etc/dovecot/dovecot-master-users-password driver = passwd-file master = yes}plugin { acl = vfile acl_shared_dict = proxy::acl auth_socket_path = /var/run/dovecot/auth-master autocreate = INBOX autocreate2 = Sent autocreate3 = Trash autocreate4 = Drafts autocreate5 = Junk autosubscribe = INBOX autosubscribe2 = Sent autosubscribe3 = Trash autosubscribe4 = Drafts autosubscribe5 = Junk quota = dict:user::proxy::quotadict quota_rule = *:storage=1G quota_warning = storage=85%% quota-warning 85 %u quota_warning2 = storage=90%% quota-warning 90 %u quota_warning3 = storage=95%% quota-warning 95 %u sieve = /%Lh/sieve/dovecot.sieve sieve_dir = /%Lh/sieve sieve_global_dir = /var/vmail/sieve sieve_global_path = /var/vmail/sieve/dovecot.sieve}protocols = pop3 imap sieveservice auth { unix_listener /var/spool/postfix/dovecot-auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { group = vmail mode = 0666 user = vmail } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail }}service dict { unix_listener dict { group = vmail mode = 0660 user = vmail }}service imap-login { process_limit = 500 service_count = 1}service pop3-login { service_count = 1}service quota-warning { executable = script /usr/local/bin/dovecot-quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail }}ssl = requiredssl_cert = References: Message-ID: Sorry for the mess, forgot to change the formatting to plain text. I'm using dovecot v2.0.21. According to?http://wiki2.dovecot.org/SSL/DovecotConfiguration, dovecot 2.x supports different SSL certificate for different virtual hosts by using "local_name" directive, but I can't get it to work. When testing the certificate using "openssl s_client -connect domain.com:pop3s" I get the default certificate instead of domain.com's. ---------------------------------------------------------------------------- Here is the my dovecot.conf: # 2.0.21: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.6.2.el6.x86_64 x86_64 CentOS release 6.4 (Final)? auth_master_user_separator = * auth_mechanisms = PLAIN LOGIN dict { ? acl = mysql:/etc/dovecot/dovecot-share-folder.conf ? quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf } first_valid_uid = 2000 last_valid_uid = 2000 listen = * log_path = /var/log/dovecot.log mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ mail_plugins = quota mail_uid = 2000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { ? inbox = yes ? location =? ? prefix =? ? separator = / ? type = private } namespace { ? list = children ? location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u ? prefix = Shared/%%u/ ? separator = / ? subscriptions = yes ? type = shared } passdb { ? args = /etc/dovecot/dovecot-mysql.conf ? driver = sql } passdb { ? args = /etc/dovecot/dovecot-master-users-password ? driver = passwd-file ? master = yes } plugin { ? acl = vfile ? acl_shared_dict = proxy::acl ? auth_socket_path = /var/run/dovecot/auth-master ? autocreate = INBOX ? autocreate2 = Sent ? autocreate3 = Trash ? autocreate4 = Drafts ? autocreate5 = Junk ? autosubscribe = INBOX ? autosubscribe2 = Sent ? autosubscribe3 = Trash ? autosubscribe4 = Drafts ? autosubscribe5 = Junk ? quota = dict:user::proxy::quotadict ? quota_rule = *:storage=1G ? quota_warning = storage=85%% quota-warning 85 %u ? quota_warning2 = storage=90%% quota-warning 90 %u ? quota_warning3 = storage=95%% quota-warning 95 %u ? sieve = /%Lh/sieve/dovecot.sieve ? sieve_dir = /%Lh/sieve ? sieve_global_dir = /var/vmail/sieve ? sieve_global_path = /var/vmail/sieve/dovecot.sieve } protocols = pop3 imap sieve service auth { ? unix_listener /var/spool/postfix/dovecot-auth { ? ? group = postfix ? ? mode = 0666 ? ? user = postfix ? } ? unix_listener auth-master { ? ? group = vmail ? ? mode = 0666 ? ? user = vmail ? } ? unix_listener auth-userdb { ? ? group = vmail ? ? mode = 0660 ? ? user = vmail ? } } service dict { ? unix_listener dict { ? ? group = vmail ? ? mode = 0660 ? ? user = vmail ? } } service imap-login { ? process_limit = 500 ? service_count = 1 } service pop3-login { ? service_count = 1 } service quota-warning { ? executable = script /usr/local/bin/dovecot-quota-warning.sh ? unix_listener quota-warning { ? ? group = vmail ? ? mode = 0660 ? ? user = vmail ? } } ssl = required ssl_cert = References: Message-ID: <5236302A.7010103@thelounge.net> Am 15.09.2013 23:45, schrieb Shadi Habbal: > I'm using dovecot v2.0.21. > > According to http://wiki2.dovecot.org/SSL/DovecotConfiguration, > dovecot 2.x supports different SSL certificate for different virtual hosts by using "local_name" directive, but I can't get it to work. > > When testing the certificate using "openssl s_client -connect domain.com:pop3s" I get the default certificate instead of domain.com's you did read "With client TLS SNI (Server Name Indication) support" and "Different certificates per IP and protocol" http://en.wikipedia.org/wiki/Server_Name_Indication on POP3s (995) you have *most likely* no SNI and even with STATTLS only less chances to work relieable with different clients which is also part of the documentation you refer to why do people waste their time with such useless things instead setup "mail.yourcompany.tld" and tell every user exactly tjis hostname? servernames in case of *email* are worthless becasue you do not have different document roots -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From sh.habbal at hotmail.com Mon Sep 16 01:30:56 2013 From: sh.habbal at hotmail.com (Shadi Habbal) Date: Mon, 16 Sep 2013 02:30:56 +0400 Subject: [Dovecot] Dovecot replies with default SSL certificate instead of the vhost's In-Reply-To: <5236302A.7010103@thelounge.net> References: , , <5236302A.7010103@thelounge.net> Message-ID: Simply put, didn't know it was a limitation of POP3s. Note taken. Thanks ---------------------------------------- > Date: Mon, 16 Sep 2013 00:09:46 +0200 > From: h.reindl at thelounge.net > To: dovecot at dovecot.org > Subject: Re: [Dovecot] Dovecot replies with default SSL certificate instead of the vhost's > > > > Am 15.09.2013 23:45, schrieb Shadi Habbal: >> I'm using dovecot v2.0.21. >> >> According to http://wiki2.dovecot.org/SSL/DovecotConfiguration, >> dovecot 2.x supports different SSL certificate for different virtual hosts by using "local_name" directive, but I can't get it to work. >> >> When testing the certificate using "openssl s_client -connect domain.com:pop3s" I get the default certificate instead of domain.com's > > you did read "With client TLS SNI (Server Name Indication) support" > and "Different certificates per IP and protocol" > > http://en.wikipedia.org/wiki/Server_Name_Indication > > on POP3s (995) you have *most likely* no SNI and even with > STATTLS only less chances to work relieable with different > clients which is also part of the documentation you refer to > > why do people waste their time with such useless things instead setup > "mail.yourcompany.tld" and tell every user exactly tjis hostname? > > servernames in case of *email* are worthless becasue you do > not have different document roots > From skdovecot at smail.inf.fh-brs.de Mon Sep 16 11:04:08 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen) Date: Mon, 16 Sep 2013 10:04:08 +0200 Subject: [Dovecot] Change mail_location for one user? In-Reply-To: <5233EC2A.3020703@extremehosting.ca> References: <5232829F.3090204@extremehosting.ca> <5233EC2A.3020703@extremehosting.ca> Message-ID: <5236BB78.4090508@smail.inf.fh-brs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Galambos wrote: > On 9/13/2013 2:40 AM, Steffen Kaiser wrote: >> -----BEGIN PGP SIGNED MESSAGE----- "passwd-file" is similiar to >> "passwd", but I don't know, if you break something (outside >> Dovecot), if you add the last field to /etc/passwd. >> >> Because Dovecot supports multiple userdb's, you could add a >> passwd-file userdb _before_ passwd userdb, copy the line of sarah >> from /etc/passwd into that new file and add the extra fields >> there. See http://wiki2.dovecot.org/AuthDatabase/PasswdFile >> >> userdb { driver = passwd-file args = username_format=%n >> /etc/dovecot/imap.passwd } userdb { driver = passwd } > > > This works. But I noticed when I do use it to override > mail_location dovecot doesn't report system_groups_user anymore. > Not sure if that matters.... > > $: dovecot user sarah field value uid 1403 gid 101 home > /home/sarah mail mbox:~/mail:INBOX=/var/mail/sarah > system_groups_user sarah > > Now I add to imap.passwd: > sarah::1403:101::/home/sarah::userdb_mail=maildir:~/Maildir > > $: dovecot user sarah field value uid 1403 gid 101 home > /home/sarah mail maildir:~/Maildir $: see http://wiki2.dovecot.org/UserDatabase/ExtraFields first section "A user database lookup typically returns uid, gid, home and mail fields. Other possibilities are:" /etc/groups won't be queried now, because of the different driver. - -- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBUja7eF3r2wJMiz2NAQIU6Af7BIyZauXNgdFTO0lr899d+8AftQF4pEi8 J11k3Zw2Bn74IPYymbD//ORcboRqUxBK6BJjtcJoGf67KarOd+1Bi5CsOtbLZe/2 a4+f0jRjbsdTahkCBeVIpdEQhb92YMQHfq8XGbfpYaSfWN/Nq3fIyvrmB66OohRg yt2QSm2uwP4YormgGQ/0Yi/T4opP2dLrV86HN92gvb3NRhEEfWpSKoWScw0HRMMR uS3WIPoWC930YNeL6TB5sSTO6jJmPS7W2V/T1XbicCSO+gAlosm0y+WNuaz3EPx6 g2Ih3tmzayCWtlCobLVf8wAkdqrEEUoYeclbTvyeDK90sUwuqdTvxA== =COLU -----END PGP SIGNATURE----- From antondollmaier at aditsystems.de Mon Sep 16 11:24:29 2013 From: antondollmaier at aditsystems.de (Anton Dollmaier) Date: Mon, 16 Sep 2013 10:24:29 +0200 Subject: [Dovecot] Dovecot replies with default SSL certificate instead of the vhost's In-Reply-To: <5236302A.7010103@thelounge.net> References: <5236302A.7010103@thelounge.net> Message-ID: <5236C03D.7000909@aditsystems.de> Hi, > why do people waste their time with such useless things instead setup > "mail.yourcompany.tld" and tell every user exactly tjis hostname? Could also bei simplefied by using AutoDiscovery (MS) or autoconfig (Thunderbird, Evolution). e.g. by setting up www.automx.org. > servernames in case of *email* are worthless becasue you do > not have different document roots Could be different "mail document roots", e.g. a distinct user base with different backends for each hostname :) Best regards, Anton -- ADIT Systems Anton Dollmaier, M.Sc. Im Moos 22 84323 Massing Telefon: +49-8724-3949990 (Mo-Sa, 10:00-20:00 Uhr, dt. Festnetz) Telefax: +49-8724-3949999 Umsatzsteuer-ID: DE221493781 Twitter: http://twitter.com/ADITSystems Blog: http://blog.aditsystems.de/ Facebook: http://www.facebook.com/ADITSystems KundenCenter: https://kunden.aditsystems.de/kc/ Wiki: https://kunden.aditsystems.de/wiki/ From dovecot at ace-electronics.be Mon Sep 16 12:28:16 2013 From: dovecot at ace-electronics.be (Koenraad Lelong) Date: Mon, 16 Sep 2013 11:28:16 +0200 Subject: [Dovecot] Permission error Message-ID: <5236CF30.4030708@ace-electronics.be> Hi, I'm migrating an existing dovecot (1. series) to new hardware. The new dovecot is a 2. series. I copied the old config and did a doveconf -n -c /etc/dovecot/dovecot.conf > dovecot-2.conf Then I moved the dovecot-2.conf to dovecot.conf and restarted dovecot. When Postfix tries to deliver a message I get this error : 2013-09-16 11:00:10 auth: Fatal: net_connect_unix(auth-worker) in directory /run/dovecot failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +r perm: /run/dovecot/auth-worker, dir owned by 0:0 mode=0755) 2013-09-16 11:00:10 master: Error: service(auth): command startup failed, throttling I tried different things with /run/dovecot/auth-worker, but the error remains. I tried to chmod 777 the socket, I chown-ed to dovecot:dovecot, vmail:vmail. What am I missing ? AFAIK the sql-tables are OK. Thanks. doveconf -n is this : # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.5.0-39-generic x86_64 Ubuntu 12.04.3 LTS auth_debug = yes auth_mechanisms = plain login auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_uid = 499 info_log_path = /var/log/dovecot.debug last_valid_uid = 499 log_path = /var/log/dovecot log_timestamp = "%Y-%m-%d %H:%M:%S " mail_debug = yes mail_location = maildir:/var/vmail/%u managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } user = nobody } service imap-login { executable = /usr/lib/dovecot/imap-login inet_listener imap { address = * port = 143 } inet_listener imaps { address = * port = 993 } } service imap { executable = /usr/lib/dovecot/imap } service pop3-login { executable = /usr/lib/dovecot/pop3-login inet_listener pop3 { address = * port = 110 } } service pop3 { executable = /usr/lib/dovecot/pop3 } ssl_ca = Hi, I'm running dovecot on a OmniOS installation and I'm wondering what I can do about all those mount point warnings in my logfile. The problem occurs because of the running auto-mounter which manages my mail directories. Isn't it possible for dovecot just try to access the directories before logging an error message. Shall I remove the corresponding mount points from the list of tracked mount points with the doveadm mount-command? The documentation does say nothing about situation with an active auto mounter. Thanks for any suggestions. Cheers, Steffen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: From h.reindl at thelounge.net Mon Sep 16 12:46:37 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 16 Sep 2013 11:46:37 +0200 Subject: [Dovecot] Mountpoints with auto mounter In-Reply-To: <50F285BE-D498-4677-9DB0-1CB30D0C9EAE@kram.io> References: <50F285BE-D498-4677-9DB0-1CB30D0C9EAE@kram.io> Message-ID: <5236D37D.5040705@thelounge.net> Am 16.09.2013 11:41, schrieb Steffen Kram: > I'm running dovecot on a OmniOS installation and I'm wondering what I can do about all those mount point warnings in my logfile. The problem occurs because of the running auto-mounter which manages my mail directories. Isn't it possible for dovecot just try to access the directories before logging an error message. Shall I remove the corresponding mount points from the list of tracked mount points with the doveadm mount-command? The documentation does say nothing about situation with an active auto mounter. i generally do not understand why dovecot insists in warning about whatever mountpoints - what is the point that dovecot needs to care about anything ever mounted on a machine as long it is not referred in any configuration -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From dovecot at ace-electronics.be Mon Sep 16 12:48:28 2013 From: dovecot at ace-electronics.be (Koenraad Lelong) Date: Mon, 16 Sep 2013 11:48:28 +0200 Subject: [Dovecot] Permission error In-Reply-To: <5236CF30.4030708@ace-electronics.be> References: <5236CF30.4030708@ace-electronics.be> Message-ID: <5236D3EC.3010409@ace-electronics.be> Op 16-09-13 11:28, Koenraad Lelong schreef: > Hi, > > I'm migrating an existing dovecot (1. series) to new hardware. The new > dovecot is a 2. series. > I copied the old config and did a > doveconf -n -c /etc/dovecot/dovecot.conf > dovecot-2.conf > Then I moved the dovecot-2.conf to dovecot.conf and restarted dovecot. > When Postfix tries to deliver a message I get this error : > > 2013-09-16 11:00:10 auth: Fatal: net_connect_unix(auth-worker) in > directory /run/dovecot failed: Permission denied (euid=65534(nobody) > egid=65534(nogroup) missing +r perm: /run/dovecot/auth-worker, dir owned > by 0:0 mode=0755) > 2013-09-16 11:00:10 master: Error: service(auth): command startup > failed, throttling > > I tried different things with /run/dovecot/auth-worker, but the error > remains. I tried to chmod 777 the socket, I chown-ed to dovecot:dovecot, > vmail:vmail. > > What am I missing ? AFAIK the sql-tables are OK. > Hi, I just tried with chown nobody:nogroup auth-worker Now the error is gone. The question remains : what does create auth-worker ? The installer ? then I think ubuntu does it wrong. Any comments ? Regards, Koenraad. From sk at kram.io Mon Sep 16 12:59:31 2013 From: sk at kram.io (Steffen Kram) Date: Mon, 16 Sep 2013 11:59:31 +0200 Subject: [Dovecot] Mountpoints with auto mounter In-Reply-To: <5236D37D.5040705@thelounge.net> References: <50F285BE-D498-4677-9DB0-1CB30D0C9EAE@kram.io> <5236D37D.5040705@thelounge.net> Message-ID: <7D9B8C4B-66D6-4288-96E1-612E0841569B@kram.io> > i generally do not understand why dovecot insists > in warning about whatever mountpoints - what is > the point that dovecot needs to care about anything > ever mounted on a machine as long it is not referred > in any configuration I absolutely agree. In my opinion it is not the problem of dovecot if my mount points exists or not. If the only purpose is to track if a user already existed or if its a new user for whom directories and mailboxes have to be created. Or are there other use cases I just read http://wiki2.dovecot.org/Mountpoints. As pointed out in http://www.dovecot.org/list/dovecot/2012-January/063419.html there might be problems for dbox mailboxes, if the indexes are stored on a different mount. What's the point in doing that? It would be great if there was a way to just disable the mount point tracking if I don't store indexes on different mounts and don't use the dsync replication feature, even if it's just a compile time option. Cheers, Steffen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: From h.reindl at thelounge.net Mon Sep 16 13:01:17 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 16 Sep 2013 12:01:17 +0200 Subject: [Dovecot] Mountpoints with auto mounter In-Reply-To: <7D9B8C4B-66D6-4288-96E1-612E0841569B@kram.io> References: <50F285BE-D498-4677-9DB0-1CB30D0C9EAE@kram.io> <5236D37D.5040705 @thelounge.net> <7D9B8C4B-66D6-4288-96E1-612E0841569B@kram.io> Message-ID: <5236D6ED.5050705@thelounge.net> Am 16.09.2013 11:59, schrieb Steffen Kram: >> i generally do not understand why dovecot insists >> in warning about whatever mountpoints - what is >> the point that dovecot needs to care about anything >> ever mounted on a machine as long it is not referred >> in any configuration > > I absolutely agree. In my opinion it is not the problem of dovecot if my mount points exists or not. If the only purpose is to track if a user already existed or if its a new user for whom directories and mailboxes have to be created. Or are there other use cases I just read http://wiki2.dovecot.org/Mountpoints. > > As pointed out in http://www.dovecot.org/list/dovecot/2012-January/063419.html there might be problems for dbox mailboxes, if the indexes are stored on a different mount. What's the point in doing that? It would be great if there was a way to just disable the mount point tracking if I don't store indexes on different mounts and don't use the dsync replication feature, even if it's just a compile time option. and in case you are running dovecot only as a proxy it needs not to care about *any* mountpoint at all - consider the mess if every software out there would act this way..... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From nik600 at gmail.com Mon Sep 16 13:45:13 2013 From: nik600 at gmail.com (nik600) Date: Mon, 16 Sep 2013 12:45:13 +0200 Subject: [Dovecot] problem with dovecot replication over tcp Message-ID: Dear all i'm following the wiki at this page http://wiki2.dovecot.org/Replication but i'm getting this errors: #doveadm -v sync tcp:dst_hostname #doveadm(root): Fatal: Failed to start dsync-server command: 75 If i look at the dst dovecot.log file i get: Sep 16 12:42:18 auth: Error: passdb(root,xx): Auth client doesn't have permissions to do a PASS lookup: /var/run/dovecot/auth-userdb mode=0666, but not owned by UID 1002(vmail) Sep 16 12:42:18 doveadm(xx,root): Error: user root: Auth PASS lookup failed Sep 16 12:42:18 doveadm(xx,root): Debug: auth input: Sep 16 12:42:18 doveadm(xx,root): Error: dsync-server: /var/run/dovecot/auth-userdb: passdb lookup failed (to see if user is proxied, because doveadm_proxy_port is set) I've also tried to perform a #chown vmail /var/run/dovecot/auth-userdb But the error is the same. If i do the #doveadm user * I get a list of users loaded from the database i've added these line to my dovecot-sql.conf iterate_query = SELECT username from mailbox where active=1 Any idea? Thanks -- /*************/ nik600 http://www.kumbe.it From sh.habbal at hotmail.com Mon Sep 16 14:33:04 2013 From: sh.habbal at hotmail.com (Shadi Habbal) Date: Mon, 16 Sep 2013 15:33:04 +0400 Subject: [Dovecot] Dovecot replies with default SSL certificate instead of the vhost's In-Reply-To: <5236C03D.7000909@aditsystems.de> References: , , <5236302A.7010103@thelounge.net>, <5236C03D.7000909@aditsystems.de> Message-ID: After some digging, Subject Alternative Names (SANs) is the way to have one certificate which holds many domain names in the SubjectAltNames field. Here is a script to generate a CSR that holds different SANs: http://svn.cacert.org/CAcert/Software/CSRGenerator/csr For more information: http://wiki.cacert.org/CSRGenerator You can then have a certificate signed by CaCert for free, or any other vendor, like Comodo (UC Certificate). If you want free cert, join the CaCert community> login to your acct> Add Domains that you own to the authorized list> Under server certificates click New and place your CSR> Submit and get your certificate. Unfortunately there is no "paid" UC certificate free trial to test it in real world. If you have more comments/thoughts on that, let us know. Shadi From h.reindl at thelounge.net Mon Sep 16 14:36:53 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 16 Sep 2013 13:36:53 +0200 Subject: [Dovecot] Dovecot replies with default SSL certificate instead of the vhost's In-Reply-To: References: , < DUB112-W1327C38DEEE07AE9F0C4DEBFE250@phx.gbl>, <5236302A.7010103@thelounge. net>, <5236C03D.7000909@aditsystems.de> Message-ID: <5236ED55.2080209@thelounge.net> Am 16.09.2013 13:33, schrieb Shadi Habbal: > After some digging, Subject Alternative Names (SANs) is the way to have one certificate which holds many domain names in the SubjectAltNames field > Here is a script to generate a CSR that holds different SANs: http://svn.cacert.org/CAcert/Software/CSRGenerator/csr that's nice but not practically useable you hardly can add a SAN everytime you get a new domain the main question remains: * why is anybody doing this? * "the user wants "mail.hisdomain.tld" is *not* a valid reason and should lead to explain the user the stupidity of doing so for no benefit -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From jeroen at massar.ch Mon Sep 16 14:52:01 2013 From: jeroen at massar.ch (Jeroen Massar) Date: Mon, 16 Sep 2013 13:52:01 +0200 Subject: [Dovecot] Dovecot replies with default SSL certificate instead of the vhost's In-Reply-To: <5236ED55.2080209@thelounge.net> References: , < DUB112-W1327C38DEEE07AE9F0C4DEBFE250@phx.gbl>, <5236302A.7010103@thelounge. net>, <5236C03D.7000909@aditsystems.de> <5236ED55.2080209@thelounge.net> Message-ID: <5236F0E1.1050808@massar.ch> On 2013-09-16 13:36, Reindl Harald wrote: > > > Am 16.09.2013 13:33, schrieb Shadi Habbal: >> After some digging, Subject Alternative Names (SANs) is the way to have one certificate which holds many domain names in the SubjectAltNames field >> Here is a script to generate a CSR that holds different SANs: http://svn.cacert.org/CAcert/Software/CSRGenerator/csr > > that's nice but not practically useable > you hardly can add a SAN everytime you get a new domain It works perfectly for small time setups. Indeed, not scalable after a few hundreds domains, but for private/small setups it works quite fine. > the main question remains: > > * why is anybody doing this? Because IPv4 addresses are running out (or harder/pricy to get) and not all clients on IPv4 yet and thus you will have to have multiple certs on a single IP instead of an IP each per cert. Yep, with IPv6 you can easily go back to the old model... but unless one does per-IP acl/ratelimits/filtering/etc why bother? > * "the user wants "mail.hisdomain.tld" is *not* a valid reason and should > lead to explain the user the stupidity of doing so for no benefit I don't see anything "stupid" about this. It is so much easier to explain to a user "your email is xxx at example.com, your mail client does the rest" than "oh, you need to use this mail server and that here and that there". Thunderbird (and likely other clients) autoconfigure by guessing {mail|smtp|imap}. and thus a proper cert is nice to have there instead of "warning untrusted mail.example.net!" everytime. Thus it might not be suited for your use, it is definitely very useful for other people. Greets, Jeroen From sh.habbal at hotmail.com Mon Sep 16 15:19:17 2013 From: sh.habbal at hotmail.com (Shadi Habbal) Date: Mon, 16 Sep 2013 16:19:17 +0400 Subject: [Dovecot] Dovecot replies with default SSL certificate instead of the vhost's In-Reply-To: <5236F0E1.1050808@massar.ch> References: ,,< DUB112-W1327C38DEEE07AE9F0C4DEBFE250@phx.gbl>, , <5236302A.7010103@thelounge. net>, , <5236C03D.7000909@aditsystems.de>, , <5236ED55.2080209@thelounge.net>, <5236F0E1.1050808@massar.ch> Message-ID: @Jeroen: very well explanation, thank you very much. The company I work for rented a VPS through digitalocean.com, and DO don't yet provide more than 1 IP per droplet (vps). The company have few domains with few services, but, different business types and different associates. They can't really be called a company since I'm working for one of the associates but trying to serve all their requirements). Ofcourse I can still pick up a semi random domain name and make it primary for services that don't support SNI, much like shared hosting companies, but that means I'll have to walk with every non-techie user on how to configure their mail client, their iPhone, their Android, ... I've seen old mobile devices (like Nokia 5800) showing warnings about the certificate every time it tries to sync mail, even if you tell it to ignore that warning and never bother with it again; but it keep showing it either way, which is very annoying on every sync. Jeroen's reply pretty much sums up the reasons behind the need for different SSL certificates on a single IP. Regards. From anmeyer at anup.de Mon Sep 16 15:33:28 2013 From: anmeyer at anup.de (Andreas Meyer) Date: Mon, 16 Sep 2013 14:33:28 +0200 Subject: [Dovecot] both passwd-file and MySQL Message-ID: <20130916143328.43ce7ba4@itxnew.bitcorner.intern> Hello all! Wondering if it is possible to use a flat passwd-file for some domains and for some other a MySQL-database for queries? All of our domains are handled by passdb { args = /etc/dovecot/passwd driver = passwd-file } userdb { args = /etc/dovecot/passwd driver = passwd-file } Can one use MySQL in addition for another domain? Greetings Andreas From h.reindl at thelounge.net Mon Sep 16 15:36:49 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 16 Sep 2013 14:36:49 +0200 Subject: [Dovecot] Dovecot replies with default SSL certificate instead of the vhost's In-Reply-To: <5236F0E1.1050808@massar.ch> References: , < DUB112-W1327C38DEEE07AE9F0C4DEBFE250@phx.gbl>, <5236302A.7010103@thelounge. net>, <5236C03D.7000909@aditsystems.de> < DUB112-W43FEF40C0A5332481DFB10FE260@phx.gbl> <5236ED55.2080209@thelounge. net> <5236F0E1.1050808@massar.ch> Message-ID: <5236FB61.6050408@thelounge.net> Am 16.09.2013 13:52, schrieb Jeroen Massar: > On 2013-09-16 13:36, Reindl Harald wrote: >> the main question remains: >> >> * why is anybody doing this? > > Because IPv4 addresses are running out (or harder/pricy to get) and not > all clients on IPv4 yet and thus you will have to have multiple certs on > a single IP instead of an IP each per cert the main question was why deal with different server names at all and not about IPv4 and how many IP addresses you get "mail.hosting-company.tld" with a certificate, PTR-record and A-Record and you are done for 100, 1000, 10000, 100000 domains >> * "the user wants "mail.hisdomain.tld" is *not* a valid reason and should >> lead to explain the user the stupidity of doing so for no benefit > > I don't see anything "stupid" about this. It is so much easier to > explain to a user "your email is xxx at example.com, your mail client does > the rest" than "oh, you need to use this mail server and that here and > that there". really? you need to privide the user his username and password anyway so no there is no magical configuration at all so what makes it hard to write one line more? * mailserver: mail.hosting-company.tld * username: you at yourdomain.tld * password: yourpassword > Thunderbird (and likely other clients) autoconfigure by guessing > {mail|smtp|imap}. and thus a proper cert is nice to have there > instead of "warning untrusted mail.example.net!" everytime "mail.example.net" does not need to exist at all https://wiki.mozilla.org/Thunderbird:Autoconfiguration -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From rs at sys4.de Mon Sep 16 15:54:35 2013 From: rs at sys4.de (Robert Schetterer) Date: Mon, 16 Sep 2013 14:54:35 +0200 Subject: [Dovecot] both passwd-file and MySQL In-Reply-To: <20130916143328.43ce7ba4@itxnew.bitcorner.intern> References: <20130916143328.43ce7ba4@itxnew.bitcorner.intern> Message-ID: <5236FF8B.5050705@sys4.de> Am 16.09.2013 14:33, schrieb Andreas Meyer: > Hello all! > > Wondering if it is possible to use a flat passwd-file for some domains > and for some other a MySQL-database for queries? > > All of our domains are handled by > > passdb { > args = /etc/dovecot/passwd > driver = passwd-file > } > userdb { > args = /etc/dovecot/passwd > driver = passwd-file > } > > Can one use MySQL in addition for another domain? > > Greetings > > Andreas > passwd-file for master users are working in addition to sql auth i guess, it should work too for normal users/domains but there should not be overlapping or same info in both for same users perhaps this helps http://sys4.de/de/blog/2013/02/11/master-user-dovecot-isp-layout-mit-postfixadmin/ sorry only german Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From skdovecot at smail.inf.fh-brs.de Mon Sep 16 15:56:56 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 16 Sep 2013 14:56:56 +0200 (CEST) Subject: [Dovecot] Dovecot replies with default SSL certificate instead of the vhost's In-Reply-To: <5236FB61.6050408@thelounge.net> References: , < DUB112-W1327C38DEEE07AE9F0C4DEBFE250@phx.gbl>, <5236302A.7010103@thelounge. net>, <5236C03D.7000909@aditsystems.de> < DUB112-W43FEF40C0A5332481DFB10FE260@phx.gbl> <5236ED55.2080209@thelounge. net> <5236F0E1.1050808@massar.ch> <5236FB61.6050408@thelounge.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 16 Sep 2013, Reindl Harald wrote: > the main question was why deal with different server names at all > and not about IPv4 and how many IP addresses you get because many companies want to show up as single entity and some users are believed to get worried, if they shall use other sites, esp. because you've trained them to _not_ trust sites other than your company's ones. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUjcAGF3r2wJMiz2NAQLrnwgAh6i66cbGPuY2x6HbwfjwJHp+2wd/f+wn 2ltdeQCL6WANNVeGavr1i7Bmbt+sJIQIw5ZLRobedhYFwrKj38MKemXs4V8HTMm8 i6aIrMlTakkmJAFYZMFavuqUdFceYV+jrOTazBLJ/1/G8Vd3YZyGerASVsDicSge 3+mDiGkJ3O4sl2qilJ3HSpJLy9Ec+G/N7SfkI4XK/KEhNKJcqc0i/J8Dgz3qXWkc F5ja51ToSe4d0TenHIwSXNyPxildGXdtVdQ5QkQ7smEzTsvkx9UAXXDIkUwCzi7h iFASB9T4A0Jutk1HxnNiRq3CtnDg0fRu33w6DDXFqysWsYBkRM1v7Q== =kjA8 -----END PGP SIGNATURE----- From rs at sys4.de Mon Sep 16 15:59:22 2013 From: rs at sys4.de (Robert Schetterer) Date: Mon, 16 Sep 2013 14:59:22 +0200 Subject: [Dovecot] both passwd-file and MySQL In-Reply-To: <5236FF8B.5050705@sys4.de> References: <20130916143328.43ce7ba4@itxnew.bitcorner.intern> <5236FF8B.5050705@sys4.de> Message-ID: <523700AA.4040105@sys4.de> Am 16.09.2013 14:54, schrieb Robert Schetterer: > Am 16.09.2013 14:33, schrieb Andreas Meyer: >> Hello all! >> >> Wondering if it is possible to use a flat passwd-file for some domains >> and for some other a MySQL-database for queries? >> >> All of our domains are handled by >> >> passdb { >> args = /etc/dovecot/passwd >> driver = passwd-file >> } >> userdb { >> args = /etc/dovecot/passwd >> driver = passwd-file >> } >> >> Can one use MySQL in addition for another domain? >> >> Greetings >> >> Andreas >> > > passwd-file for master users are working in addition to sql auth > i guess, it should work too for normal users/domains but there should > not be overlapping or same info in both for same users > > perhaps this helps > > http://sys4.de/de/blog/2013/02/11/master-user-dovecot-isp-layout-mit-postfixadmin/ > > sorry only german > > > Best Regards > MfG Robert Schetterer > this one might be better, for help http://wiki2.dovecot.org/Authentication/MultipleDatabases Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From list at airstreamcomm.net Mon Sep 16 16:18:16 2013 From: list at airstreamcomm.net (List) Date: Mon, 16 Sep 2013 08:18:16 -0500 Subject: [Dovecot] Dovecot 2.1.1 crash Message-ID: <52370518.4030904@airstreamcomm.net> Dovecot RPM from atrpms crashed, here are the logs: Aug 31 11:55:08 10.123.128.231 dovecot: imap(user at domain): Panic: Message count decreased Aug 31 11:55:08 10.123.128.231 dovecot: imap(user at domain): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x4184a) [0x7f144f00384a] -> /usr/lib64/dovecot/libdovecot.so.0(+0x41896) [0x7f144f003896] -> /usr/lib64/dovec ot/libdovecot.so.0(+0x1934a) [0x7f144efdb34a] -> dovecot/imap() [0x417ba9] -> dovecot/imap() [0x40a636] -> dovecot/imap() [0x40a96c] -> dovecot/imap(command_exec+0x3d) [0x410a5d] -> dovecot/imap(client_command_cancel+0x3a) [0x40f3da] -> dovecot/imap(client_destroy+0xdd) [0x41025d] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f144f00fd16] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9f) [0x7f144f010d9f] -> /usr/lib64/dovecot/libdovecot.s o.0(io_loop_run+0x28) [0x7f144f00fcb8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f144effc0d3] -> dovecot/imap(main+0x29d) [0x418a0d] -> /lib64/libc.so.6(__libc_start_main+0xfd) [0x7f144ec4dcdd] -> dovecot/imap() [0x408469] Aug 31 11:55:09 10.123.128.231 dovecot: imap(user at domain): Fatal: master: service(imap): child 20986 killed with signal 6 (core dumps disabled) Doveconf -n: # 2.1.1: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.19.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) auth_master_user_separator = * auth_mechanisms = plain login disable_plaintext_auth = no first_valid_uid = 300 mail_fsync = always mail_location = maildir:~/Maildir mail_nfs_index = yes mail_nfs_storage = yes mbox_write_locks = fcntl mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/sql.conf.ext driver = sql } service imap-login { inet_listener imap { port = 143 } process_min_avail = 4 service_count = 0 vsz_limit = 128 M } service pop3-login { inet_listener pop3 { port = 110 } process_min_avail = 4 service_count = 0 vsz_limit = 128 M } ssl_ca = References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> <1375950077.5211.18.camel@ubu101751> <1376910508.32032.13.camel@ubu101751> <1377852542.30210.0.camel@ubu101751> Message-ID: <1379337860.9665.7.camel@ubu101751> Time marches on, and I need to continue the service migration. I'd still like to use Dovecot (we're migrating away from Cyrus). I'm assuming the only other alternative without existing shared storage is to use DRBD and a cluster file system to provide the replication, and to ensure Director is enabled. Are there any things to watch for surrounding this? Simon. On Fri, 2013-08-30 at 09:49 +0100, Simon Fraser wrote: > On Mon, 2013-08-19 at 12:08 +0100, Simon Fraser wrote: > > Are there any more tests I can run for this? > > I've tried an ssh-based replication configuration, and still experience > the same symptoms. Going through a director proxy also doesn't help (as > expected, that one, since I was already only connecting to one of the > servers) > > Simon. > > > On Thu, 2013-08-08 at 09:21 +0100, Simon Fraser wrote: > > > On Tue, 2013-08-06 at 19:15 +0300, Timo Sirainen wrote: > > > > > > > > Presumably it's thinking the "-r /tmp/dsync-rawlog" is a mail location? > > > > > I've tried changing its location in the appends, but it doesn't make a > > > > > difference. > > > > > > > > Oops, I messed up the parameter order. It was supposed to have -s state but now it had -s -r rawlog state. New patch should work better. > > > > > > I ran two tests: one using 'doveadm expunge' and one deleting the > > > message using mutt. Since the hosts mentioned so far have a copy of my > > > full mailbox on, I re-ran the tests (with the same results) on a test > > > server with a fresh mailbox on, so there was no extra folder > > > synchronisation in there to fill up the rawlog. > > > > > > Those log entries are too big for the mailing list (70k+), so are here: > > > > > > 'doveadm expunge' dsync-rawlog node A > > > http://pastebin.com/LtUnENPv > > > > > > 'doveadm expunge' dsync-rawlog node B > > > http://pastebin.com/QaWLyZq2 > > > > > > imap expunge dsync-rawlog node A > > > http://pastebin.com/SuFdWn0w > > > > > > imap expunge dsync-rawlog node B > > > http://pastebin.com/Ex66s7hq > > > > > > Mail logs on both contain entries like this: > > > Aug 6 18:04:37 dcot2a dovecot: master: Dovecot v2.2.5 starting up (core > > > dumps disabled) > > > Aug 6 18:04:38 dcot2a dovecot: doveadm: Error: Don't give mail location > > > with -d parameter > > > > > > Simon. > > > > > > > > > > > > > > > > > > > > > > > > -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From CMarcus at Media-Brokers.com Mon Sep 16 16:30:00 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 16 Sep 2013 09:30:00 -0400 Subject: [Dovecot] Dovecot 2.1.1 crash In-Reply-To: <52370518.4030904@airstreamcomm.net> References: <52370518.4030904@airstreamcomm.net> Message-ID: <523707D8.3080108@Media-Brokers.com> On 2013-09-16 9:18 AM, List wrote: > Aug 31 11:55:09 10.123.128.231 dovecot: imap(user at domain): Fatal: > master: service(imap): child 20986 killed with signal 6 (core dumps > disabled) > > Doveconf -n: > > # 2.1.1: /etc/dovecot/dovecot.conf Upgrade (latest in the 2.1.x series is 2.1.17), or go ask for help in the CentOS forums, since they are the ones locking you into an old (and probably buggy) version. -- Best regards, */Charles/* From rs at sys4.de Mon Sep 16 17:09:56 2013 From: rs at sys4.de (Robert Schetterer) Date: Mon, 16 Sep 2013 16:09:56 +0200 Subject: [Dovecot] Basic clustered filesystem advice In-Reply-To: <1379337860.9665.7.camel@ubu101751> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> <1375950077.5211.18.camel@ubu101751> <1376910508.32032.13.camel@ubu101751> <1377852542.30210.0.camel@ubu101751> <1379337860.9665.7.camel@ubu101751> Message-ID: <52371134.3080601@sys4.de> Am 16.09.2013 15:24, schrieb Simon Fraser: > > Time marches on, and I need to continue the service migration. I'd still > like to use Dovecot (we're migrating away from Cyrus). I'm assuming the > only other alternative without existing shared storage is to use DRBD > and a cluster file system to provide the replication, and to ensure > Director is enabled. Are there any things to watch for surrounding > this? > > Simon. please search the list archives, there are many posts with clustered filesystems or nfs setups, both are possible, depends what might fit best at your place / size, i have ocfs2 and drbd cluster working with maildir on ubuntu lucid ( for better performance in special with bigger mailboxes dbox or mdbox might be better today ) behind loadbalancers, if you brave you might try ceph perhaps have a look http://sys4.de/de/blog/2013/06/10/loadbalancing-mit-keepalived-postfix-dovecot/ http://sys4.de/de/blog/2013/06/06/postfix-dovecot-ceph-cluster-storage/ sorry only german i have no good reports in using gfs2 for cluster, but this might got fixed recent > > > On Fri, 2013-08-30 at 09:49 +0100, Simon Fraser wrote: >> On Mon, 2013-08-19 at 12:08 +0100, Simon Fraser wrote: >>> Are there any more tests I can run for this? >> >> I've tried an ssh-based replication configuration, and still experience >> the same symptoms. Going through a director proxy also doesn't help (as >> expected, that one, since I was already only connecting to one of the >> servers) >> >> Simon. >> >>> On Thu, 2013-08-08 at 09:21 +0100, Simon Fraser wrote: >>>> On Tue, 2013-08-06 at 19:15 +0300, Timo Sirainen wrote: >>>> >>>>>> Presumably it's thinking the "-r /tmp/dsync-rawlog" is a mail location? >>>>>> I've tried changing its location in the appends, but it doesn't make a >>>>>> difference. >>>>> >>>>> Oops, I messed up the parameter order. It was supposed to have -s state but now it had -s -r rawlog state. New patch should work better. >>>> >>>> I ran two tests: one using 'doveadm expunge' and one deleting the >>>> message using mutt. Since the hosts mentioned so far have a copy of my >>>> full mailbox on, I re-ran the tests (with the same results) on a test >>>> server with a fresh mailbox on, so there was no extra folder >>>> synchronisation in there to fill up the rawlog. >>>> >>>> Those log entries are too big for the mailing list (70k+), so are here: >>>> >>>> 'doveadm expunge' dsync-rawlog node A >>>> http://pastebin.com/LtUnENPv >>>> >>>> 'doveadm expunge' dsync-rawlog node B >>>> http://pastebin.com/QaWLyZq2 >>>> >>>> imap expunge dsync-rawlog node A >>>> http://pastebin.com/SuFdWn0w >>>> >>>> imap expunge dsync-rawlog node B >>>> http://pastebin.com/Ex66s7hq >>>> >>>> Mail logs on both contain entries like this: >>>> Aug 6 18:04:37 dcot2a dovecot: master: Dovecot v2.2.5 starting up (core >>>> dumps disabled) >>>> Aug 6 18:04:38 dcot2a dovecot: doveadm: Error: Don't give mail location >>>> with -d parameter >>>> >>>> Simon. >>>> >>>> >>>> >>> >>> >>> >>> >>> >> >> >> >> >> > > > > > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From dan at langille.org Mon Sep 16 17:10:01 2013 From: dan at langille.org (Dan Langille) Date: Mon, 16 Sep 2013 10:10:01 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <1379212564.7813.26.camel@tardis> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD.30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome.org> <1379123747.7900.19.camel@tardis> <5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26.camel@tardis> Message-ID: On Sep 14, 2013, at 10:36 PM, Noel Butler wrote: > On Sat, 2013-09-14 at 15:21 -0400, Dan Langille wrote: > > >>> >> >> Hmmm, I tried ssl = yes. Mail.app still crashes when trying to connect. >> > > > Well, its likely an Apple fault, after all their implementation of pop3 > has been known to be broken for many many many years, but still after > all these years are incapable of finding a developer to fix it by > inserting a QUIT after its done everything. > > >> >> Sep 14 19:19:22 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client >> certificate A [173.49.195.214] > > > >> What is this? read client certificate? There is no client certification in this config. > > > > dovecot wants to know if your client wishes to authenticate using a > local-to-client certificate, wouldnt focus too much on that > (unless that client is trying to give a certificate that is invalid - > not sure, I have never ever in 20 years, seen any client try to auth > with a local certificate to a mail server)... > > is this just one user? or all using apple? is it you? It is just me (I'm my only user). Neither my Macbook nor my iPhone can use this IMAP server. I got a colleague to try his iPhone; same problem there too. > Have you/they tried simply using TLS on 143? (preferred as POP3s/IMAPs > has really be deprecated everywhere for some time now) For this test, I reconfigured the server to NOT use IMAPS and restarted it. Then I went to my iPhone and turned off SSL for this mail account. That configuration works for my iPhone. # doveconf nf -n # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE-p6 amd64 auth_debug = yes auth_verbose = yes disable_plaintext_auth = no first_valid_gid = 1001 first_valid_uid = 1001 mail_debug = yes mail_location = maildir:~/Maildir mail_privileged_group = mail passdb { args = scheme=BLF-CRYPT /var/db/dovecot.users driver = passwd-file } protocols = imap service imap-login { inet_listener imap { address = 199.233.228.197 } inet_listener imaps { port = 0 } } userdb { args = /var/db/dovecot.users driver = passwd-file } verbose_proctitle = yes verbose_ssl = yes protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep } Looking via tcpdump, I can see that emails are indeed being downloaded in clear text. I suppose that's not so big an issue, given they are delivered in plain text. But it would be better to have the IMAP connection secured. > > a successful TLS login appears like (and this particular user I know > uses an ipad) : > > Sep 15 12:09:38 imap-login: Debug: SSL: where=0x10, ret=1: before/accept > initialization [101.xxxx] > Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: > before/accept initialization [101.xx] > Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 > read client hello A [101.xxx] > Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read > client hello A [101.xxx] > Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > server hello A [101.xxxx] > Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > certificate A [101.xxxxx] > Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > server done A [101.xxxxx] > Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush > data [101.xxxxxx] > Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read > client certificate A [101.xxxx] > Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read > client certificate A [101.xxx] > Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read > client key exchange A [101.xxxx] > Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read > finished A [101.xxxxxxx] > Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > change cipher spec A [101.xxxx] > Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > finished A [101.xxxxx] > Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush > data [101.xxxxxx] > Sep 15 12:09:45 imap-login: Debug: SSL: where=0x20, ret=1: SSL > negotiation finished successfully [101.xxxxxx] > Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2002, ret=1: SSL > negotiation finished successfully [101.xxxxx] > Sep 15 12:09:45 imap-login: Info: Login: user, method=PLAIN, > rip=xxxxx, TLS > > > >> protocols = imap >> service imap-login { >> inet_listener imap { >> port = 0 >> } >> inet_listener imaps { >> address = 199.233.228.197 >> } >> } > > inet_listener imap { > port = 143 <-- use it for TLS, its possible > this is why fails as its falling back to TLS, i cant test that theory > } since we all use > android devices. > inet_listener imaps { > port = 993 > } > > Anyway, the fact you said thunderbird works, indicates it is not a cert > issue, and I fail to see dovecot issue, have they tried another mail > app? I have not. That's a good test? I'm searching for a free mail client to test with now?. failing... -- Dan Langille - http://langille.org From h.reindl at thelounge.net Mon Sep 16 17:21:25 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 16 Sep 2013 16:21:25 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD .30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome. org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> Message-ID: <523713E5.7020503@thelounge.net> Am 16.09.2013 16:10, schrieb Dan Langille: >> Have you/they tried simply using TLS on 143? (preferred as POP3s/IMAPs >> has really be deprecated everywhere for some time now) > > For this test, I reconfigured the server to NOT use IMAPS and restarted it. Then I went > to my iPhone and turned off SSL for this mail account. > > That configuration works for my iPhone. > > Looking via tcpdump, I can see that emails are indeed being downloaded in clear text you need to understand the difference between IMAPS/POP3S on the dedicated 9xx ports versus STARTLS on 143/110 http://en.wikipedia.org/wiki/STARTTLS if you turn off SSL it is turned off on sane clients like thunderbird you can switch between cleartext/STARTTLS and SSL -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From dan at langille.org Mon Sep 16 17:48:18 2013 From: dan at langille.org (Dan Langille) Date: Mon, 16 Sep 2013 10:48:18 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <523713E5.7020503@thelounge.net> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD .30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome. org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> <523713E5.7020503@thelounge.net> Message-ID: On Sep 16, 2013, at 10:21 AM, Reindl Harald wrote: > > > Am 16.09.2013 16:10, schrieb Dan Langille: >>> Have you/they tried simply using TLS on 143? (preferred as POP3s/IMAPs >>> has really be deprecated everywhere for some time now) >> >> For this test, I reconfigured the server to NOT use IMAPS and restarted it. Then I went >> to my iPhone and turned off SSL for this mail account. >> >> That configuration works for my iPhone. >> >> Looking via tcpdump, I can see that emails are indeed being downloaded in clear text > > you need to understand the difference between IMAPS/POP3S on the dedicated > 9xx ports versus STARTLS on 143/110 I believe I do understand. > > http://en.wikipedia.org/wiki/STARTTLS Yes, that's what I those STARTTLS was. > if you turn off SSL it is turned off > on sane clients like thunderbird you can switch between cleartext/STARTTLS and SSL So far, with all we've tried, the only secure option appears to be self signed certificates. -- Dan Langille - http://langille.org From h.reindl at thelounge.net Mon Sep 16 17:56:15 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 16 Sep 2013 16:56:15 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD .30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome. org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> <523713E5 .7020503@thelounge.net> Message-ID: <52371C0F.5060404@thelounge.net> Am 16.09.2013 16:48, schrieb Dan Langille: > On Sep 16, 2013, at 10:21 AM, Reindl Harald wrote: > >> Am 16.09.2013 16:10, schrieb Dan Langille: >>>> Have you/they tried simply using TLS on 143? (preferred as POP3s/IMAPs >>>> has really be deprecated everywhere for some time now) >>> >>> For this test, I reconfigured the server to NOT use IMAPS and restarted it. Then I went >>> to my iPhone and turned off SSL for this mail account. >>> >>> That configuration works for my iPhone. >>> >>> Looking via tcpdump, I can see that emails are indeed being downloaded in clear text >> >> you need to understand the difference between IMAPS/POP3S on the dedicated >> 9xx ports versus STARTLS on 143/110 > > I believe I do understand. > >> http://en.wikipedia.org/wiki/STARTTLS > > Yes, that's what I those STARTTLS was. > >> if you turn off SSL it is turned off >> on sane clients like thunderbird you can switch between cleartext/STARTTLS and SSL > > So far, with all we've tried, the only secure option appears to be self signed certificates having like here since 2009 a Thawte certificate for SMTP/POP3/IMAP/HTTPS without any issue is the better option because it is accepted by *any* client and not *that* expensive dealing with self-signed certificates is *plain wrong* because you educate your users happily confirm SSL warnings in their clients and having the final result of this in mind it's better not offer SSL at all -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From dan at langille.org Mon Sep 16 18:00:18 2013 From: dan at langille.org (Dan Langille) Date: Mon, 16 Sep 2013 11:00:18 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <52371C0F.5060404@thelounge.net> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD .30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome. org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> <523713E5 .7020503@thelounge.net> <52371C0F.5060404@thelounge.net> Message-ID: <35E56184-9B05-43DB-991D-BE813113E346@langille.org> On Sep 16, 2013, at 10:56 AM, Reindl Harald wrote: > > > Am 16.09.2013 16:48, schrieb Dan Langille: >> On Sep 16, 2013, at 10:21 AM, Reindl Harald wrote: >> >>> Am 16.09.2013 16:10, schrieb Dan Langille: >>>>> Have you/they tried simply using TLS on 143? (preferred as POP3s/IMAPs >>>>> has really be deprecated everywhere for some time now) >>>> >>>> For this test, I reconfigured the server to NOT use IMAPS and restarted it. Then I went >>>> to my iPhone and turned off SSL for this mail account. >>>> >>>> That configuration works for my iPhone. >>>> >>>> Looking via tcpdump, I can see that emails are indeed being downloaded in clear text >>> >>> you need to understand the difference between IMAPS/POP3S on the dedicated >>> 9xx ports versus STARTLS on 143/110 >> >> I believe I do understand. >> >>> http://en.wikipedia.org/wiki/STARTTLS >> >> Yes, that's what I those STARTTLS was. >> >>> if you turn off SSL it is turned off >>> on sane clients like thunderbird you can switch between cleartext/STARTTLS and SSL >> >> So far, with all we've tried, the only secure option appears to be self signed certificates > > having like here since 2009 a Thawte certificate for SMTP/POP3/IMAP/HTTPS > without any issue is the better option because it is accepted by *any* > client and not *that* expensive > > dealing with self-signed certificates is *plain wrong* because you educate > your users happily confirm SSL warnings in their clients and having > the final result of this in mind it's better not offer SSL at all When I am setting up servers for others to use, I agree. In this case. I am the only user. -- Dan Langille - http://langille.org From anmeyer at anup.de Mon Sep 16 18:05:10 2013 From: anmeyer at anup.de (Andreas Meyer) Date: Mon, 16 Sep 2013 17:05:10 +0200 Subject: [Dovecot] both passwd-file and MySQL In-Reply-To: <523700AA.4040105@sys4.de> References: <20130916143328.43ce7ba4@itxnew.bitcorner.intern> <5236FF8B.5050705@sys4.de> <523700AA.4040105@sys4.de> Message-ID: <20130916170510.2e15ffab@itxnew.bitcorner.intern> Robert Schetterer wrote: > > passwd-file for master users are working in addition to sql auth > > i guess, it should work too for normal users/domains but there should > > not be overlapping or same info in both for same users > > > > perhaps this helps > > > > http://sys4.de/de/blog/2013/02/11/master-user-dovecot-isp-layout-mit-postfixadmin/ > > > > sorry only german > > > > > > Best Regards > > MfG Robert Schetterer > > > > this one might be better, for help > > http://wiki2.dovecot.org/Authentication/MultipleDatabases Great! Just upgraded from v 2.1.16 to 2.1.17 with ./configure --prefix=/usr --sysconfdir=/etc --with-mysql --with-solr --with-ldap and everything is fine. Andreas From support1 at otel.com.np Mon Sep 16 13:23:43 2013 From: support1 at otel.com.np (prabin) Date: Mon, 16 Sep 2013 16:08:43 +0545 Subject: [Dovecot] Can't download emails with large file attachment Message-ID: <5236DC2F.9020900@otel.com.np> Hi, I am using CentOS 5.9 with postfix+dovecot v1.0.7 I have problem in downloading emails with attachment of more than 3MB via my email client. (Thunderbird, Outlook, etc) I can send emails out with more than 3MB without any problem, whereas i can't download emails. Following are the errors i found on maillog *dovecot: pop3-login: SSL_write() syscall failed: Bad file descriptor** **dovecot: impa-login: SSL_write() syscall failed: Bad file descriptor* After this the email client stops downloading emails. What could be the problem ? Please help me fix this . Thank You * **dovecot version: dovecot-1.0.7-8.el5_9.1** **openssl version: openssl-0.9.8e-26.el5_9.1** **CentOS 5.9* dovecot: POP3(support1): Disconnected top=0/0, retr=1/0, del=0/17, size=57279820 *Sep 16 17:25:56 mail dovecot: pop3-login: SSL_write() syscall failed: Bad file descriptor [110.44.xx.xx]* dovecot -n # 1.0.7: /etc/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S listen(default): 61.xx.xx.XX:143 listen(imap): 61.xx.xx.XX:143 listen(pop3): 61.xx.xx.XX:110 ssl_listen(default): 61.xx.xx.XX:993 ssl_listen(imap): 61.xx.xx.XX:993 ssl_listen(pop3): 61.xx.xx.XX:995 ssl_cert_file: /etc/pki/tls/certs/dovecot.pem ssl_key_file: /etc/pki/tls/private/dovecot.pem ssl_cipher_list: ALL:!LOW verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_process_per_connection: no login_process_size: 512 mail_location: maildir:~/Maildir mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib64/dovecot/imap mail_plugin_dir(imap): /usr/lib64/dovecot/imap mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3 auth default: mechanisms: plain login verbose: yes debug: yes debug_passwords: yes passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix From sottilette at rfx.it Mon Sep 16 19:13:15 2013 From: sottilette at rfx.it (Paolo) Date: Mon, 16 Sep 2013 18:13:15 +0200 (CEST) Subject: [Dovecot] passwd-file and MySQL Message-ID: Speaking about multiple DB ... A my customer has a server (CentOS 6.x, dovecot 2.0.x, postfix, Squirrel+RoundCube with vacation and password plug-in), with about 3.000 users (about 200 different domains), all defined as system users and home as /home/mail/%user% The system works fine. Its only additional interest is authenticating users like user at domain.tld / password (maintaining also the current user.domain / password). Is it possible and How complex configuring a similar environment? Only matter of sync /etc/shadow and DB or other problems? Regards, Paolo From rs at sys4.de Mon Sep 16 19:29:22 2013 From: rs at sys4.de (Robert Schetterer) Date: Mon, 16 Sep 2013 18:29:22 +0200 Subject: [Dovecot] passwd-file and MySQL In-Reply-To: References: Message-ID: <523731E2.4050804@sys4.de> Am 16.09.2013 18:13, schrieb Paolo: > The system works fine. Its only additional interest is authenticating > users like user at domain.tld / password (maintaining also the current > user.domain / password) try solve it for system user user.domain / password driver = pam in additional passwd file http://wiki.dovecot.org/AuthDatabase/PasswdFile http://wiki2.dovecot.org/Authentication/MultipleDatabases ... Currently the fallback works only with the PLAIN authentication mechanism ... # if not found, fallback to /etc/passwd userdb { driver = passwd } but that isnt good design, better migrate all to full virtual setup Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From noel.butler at ausics.net Tue Sep 17 03:28:38 2013 From: noel.butler at ausics.net (Noel Butler) Date: Tue, 17 Sep 2013 10:28:38 +1000 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD.30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome.org> <1379123747.7900.19.camel@tardis> <5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26.camel@tardis> Message-ID: <1379377718.5447.30.camel@tardis> On Mon, 2013-09-16 at 10:10 -0400, Dan Langille wrote: > On Sep 14, 2013, at 10:36 PM, Noel Butler wrote: > > > On Sat, 2013-09-14 at 15:21 -0400, Dan Langille wrote: > > > > > >>> > >> > >> Hmmm, I tried ssl = yes. Mail.app still crashes when trying to connect. > >> > > > > > > Well, its likely an Apple fault, after all their implementation of pop3 > > has been known to be broken for many many many years, but still after > > all these years are incapable of finding a developer to fix it by > > inserting a QUIT after its done everything. > > Since we just ruled this one out, might I suggest you grab the source and build it, install it all under /opt/dovecot that way it wont interfere with your ports installation and try that, the one you successfully just tested uses dovecot 2.1 not 2.2, so maybe try source of 2.1 and see if it works. But, if it does work on port 143 with TLS I wouldnt worry too much about it, the only place that seems to prefer it is the NSA's mail server, oops, I mean gmail, not many ISP's these days bother with it, it has been withdrawn for years since most clients can handle TLS, the better way to do it, like they dont bother with smtps either, the *s version is really only supported for those running antique versions of windows that dont understand TLS, and yes thats more micro$lops fault, just like SNI thats been available even in lynx and other older browsers/ epihany/galeon etc) since 2005ish. But M$ doesnt give a toss about its users, a very senior M$ dev on his personal blog a year or so ago wrote " they need to upgrade to windows 7 or 8" yup they only see $$$ not happy users (I posted a comment btw that went along the lines of "or mid last decade version of linux" ;) -------------- next part -------------- A non-text attachment was scrubbed... Name: face-wink.png Type: image/png Size: 876 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From ryman.greg at gmail.com Tue Sep 17 05:04:08 2013 From: ryman.greg at gmail.com (Greg Ryman) Date: Mon, 16 Sep 2013 19:04:08 -0700 Subject: [Dovecot] (no subject) Message-ID: Hello, I've been out of the sysadmin game for some time and I've recently setup a mail server. Everything is working except for the quota, which I believe is likely an error in how I'm using my SQL queries. Any guidance, pointers, or advice would be greatly appreciated. root at mail:/etc/dovecot/conf.d# dovecot -n # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-042stab079.6 x86_64 Ubuntu 12.04.3 LTS reiserfs auth_mechanisms = plain login dict { sqldomainquota = mysql:/etc/dovecot/dovecot-sql-domain.conf sqluserquota = mysql:/etc/dovecot/dovecot-dict-sql-user.conf } first_valid_uid = 150 last_valid_uid = 150 mail_gid = mail mail_location = maildir:/var/vmail/%d/%n mail_plugins = quota mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { antispam_allow_append_to_spam = YES antispam_backend = dspam antispam_dspam_args = --user;%u;--deliver=;--source=error antispam_dspam_binary = /usr/bin/dspam antispam_dspam_notspam = --class=innocent antispam_dspam_result_header = X-DSPAM-Result antispam_dspam_spam = --class=spam antispam_signature = X-DSPAM-Signature antispam_signature_missing = error antispam_spam = Spam;Junk antispam_trash = trash;Trash autocreate = Trash autocreate2 = Junk autocreate3 = Sent autocreate4 = Drafts autocreate5 = Archive quota = dict:User Quota::proxy::sqluserquota quota_rule2 = Trash:storage=+10%% sieve = ~/.dovecot.sieve sieve_after = /etc/sieve/conf.d/after sieve_before = /etc/sieve/conf.d/before sieve_dir = ~/sieve } postmaster_address = admin at gryman.com protocols = " imap sieve pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = mail mode = 0600 user = vmail } } service dict { unix_listener dict { mode = 0600 user = vmail } } ssl_cert = References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> <1375950077.5211.18.camel@ubu101751> <1376910508.32032.13.camel@ubu101751> <1377852542.30210.0.camel@ubu101751> <1379337860.9665.7.camel@ubu101751> Message-ID: <5237B977.8090003@hardwarefreak.com> On 9/16/2013 8:24 AM, Simon Fraser wrote: > > Time marches on, and I need to continue the service migration. I'd still > like to use Dovecot (we're migrating away from Cyrus). I'm assuming the > only other alternative without existing shared storage is to use DRBD > and a cluster file system to provide the replication, and to ensure > Director is enabled. Are there any things to watch for surrounding > this? Just the basics: 1. DRBD is limited to two nodes 2. Twice as many disks are required vs single host, NFS share, SAN LUN 3. GFS2/OCFS2 metadata exchange is slow and gets slower with load 4. maildir doesn't scale well due to metadata modification rate DRBD may or may not be your best solution. I didn't read the previous incarnation of this thread as the subject lacked keywords in my area of interest/expertise. This subject one has both cluster and filesystem. If you'd like to further discuss storage options for your Dovecot workload I'd be glad to. Knowing your current/future mailbox count, avg mail and mailbox size, msgs/day, etc, is required for proper analysis. -- Stan From wildfire at progsoc.org Tue Sep 17 06:25:53 2013 From: wildfire at progsoc.org (Anand Kumria) Date: Tue, 17 Sep 2013 04:25:53 +0100 Subject: [Dovecot] unusual dsync lines Message-ID: Hi, Another day, another dysnc attempt. Using Dovecot v2.2.5.4; I see: # doveadm -v -o imapc_user=user at example.com -o imapc_password=password -o imapc_host=imap.example.com -o imapc_port=993 -o imapc_ssl=imaps -o imapc_ssl_dir=/etc/ssl -o imapc_feature=rfc822.size -o imapc_ssl_verify=no sync -1 -R -u user at example.com imapc: dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8343, msgid=<4F387A25.5010900 at example.com>, size=2954969 dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8344, msgid=<5237B0BF.7030402 at example.com>, size=3371710 dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8345, msgid=<5237B588.6040009 at example.com>, size=3266 dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8346, msgid=<5237B6B4.2030203 at example.com>, size=4201 dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8347, msgid=<5237B888.7030807 at example.com>, size=3371445 dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8348, msgid=<5237C224.9010608 at example.com>, size=3371745 dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8349, msgid=<5237C350.5080608 at example.com>, size=3371700 dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8350, msgid=<5237C5EE.5030408 at example.com>, size=3371619 dsync(user at example.com): Info: expunge: box=Drafts, uid=8209, msgid=< 4F387A25.5010900 at example.com>, size=2954969 The interesting lines being uid=8209 and uid=8343; why would dsync both copy and then expunge the same message from the same mailbox? Regards, Anand From mohsen at pahlevanzadeh.org Tue Sep 17 08:17:28 2013 From: mohsen at pahlevanzadeh.org (Mohsen Pahlevanzadeh) Date: Tue, 17 Sep 2013 09:47:28 +0430 Subject: [Dovecot] passwd-file and MySQL In-Reply-To: References: Message-ID: <1379395048.24093.27.camel@debian> Indeed you should forget effectivive user/group for same system.You shoud use sql backend. On Mon, 2013-09-16 at 18:13 +0200, Paolo wrote: > Speaking about multiple DB ... > > A my customer has a server (CentOS 6.x, dovecot 2.0.x, postfix, > Squirrel+RoundCube with vacation and password plug-in), with about 3.000 > users (about 200 different domains), all defined as system users and home > as /home/mail/%user% > > The system works fine. Its only additional interest is authenticating > users like user at domain.tld / password (maintaining also the > current user.domain / password). > > Is it possible and How complex configuring a similar environment? > > Only matter of sync /etc/shadow and DB or other problems? > > Regards, Paolo > From noel.butler at ausics.net Tue Sep 17 08:40:42 2013 From: noel.butler at ausics.net (Noel Butler) Date: Tue, 17 Sep 2013 15:40:42 +1000 Subject: [Dovecot] (no subject) In-Reply-To: References: Message-ID: <1379396442.4569.27.camel@tardis> Greg, Just taking a cursory look.... On Mon, 2013-09-16 at 19:04 -0700, Greg Ryman wrote: > mail_location = maildir:/var/vmail/%d/%n > mail_plugins = quota > mail_uid = vmail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date ihave Be careful declaring capabilities, personally I dont eg: protocol sieve { managesieve_max_line_length = 65536 managesieve_logout_format = bytes=%i/%o managesieve_implementation_string = Dovecot Pigeonhole managesieve_max_compile_errors = 5 mail_max_userip_connections = 10 } seems to work just fine, though 99% of our users, use pop3, not imap > protocols = " imap sieve pop3" You have defined a lmtp below but are not defining it here in protocols, by looks of postfix master.cf, your not using it so dont want it at all anywaymso if you are not intending on using it, clean it up below > protocol lmtp { > mail_plugins = " sieve autocreate quota" > } Youve already declared quota in global plugins > protocol lda { > mail_plugins = sieve quota replace to: mail_plugins = $mail_plugins sieve > } > protocol imap { > mail_plugins = quota antispam autocreate quota imap_quota > } mail_plugins = $mail_plugins imap_quota (antispam/autocreate - check up on, I dont use them so wont comment) > root at mail:/etc/dovecot# grep -v '^ *\(#.*\)\?$' dovecot-sql.conf > driver = mysql > connect = host=localhost dbname=mail user=mail password=mailpassword > default_pass_scheme = MD5-CRYPT not affecting, but a word of advice, if you have a modern system change that to CRYPT (no, it if you have a modern OS it will NOT use the old exploitable, 8 char limited "crypt" but will allow you to use salted sha512 etc) > password_query = \ > SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, \ > 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as > userdb_gid \ > FROM mailbox WHERE username = '%u' AND active = '1' Try cleaning that up, for example password_query = SELECT username, password FROM mailbox WHERE username='%u' and active='1' (it doesnt need all that other stuff, it gets it from user query) user_query looks ok (see below), but you can drop off the "and active" stuff > user_query = \ > SELECT '/var/vmail/%d/%n' as home, 'maildir:/var/vmail/%d/%n' as mail, \ > 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota \ > FROM mailbox WHERE username = '%u' AND active = '1' > concat('*:storage=', quota,'M') if you dont specify a type, I might be wrong, but I think it would likely default to bytes, which might be ok if thats how you've setup your database anyway. > # Integration with Dovecot - hand mail over to it for local delivery, and > # run the process under the vmail user and mail group. > dovecot unix - n n - - pipe > flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/dovecot-lda -d > $(recipient) > > dovecot-lda -f ${sender} -e -d ${user}@${nexthop} would be better, can allow you to use recip delim as well. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From ryman.greg at gmail.com Tue Sep 17 09:07:04 2013 From: ryman.greg at gmail.com (Greg Ryman) Date: Mon, 16 Sep 2013 23:07:04 -0700 Subject: [Dovecot] (no subject) In-Reply-To: <1379396442.4569.27.camel@tardis> References: <1379396442.4569.27.camel@tardis> Message-ID: Thank you Noel. I did manage to get this working before you posted. As I thought, there was a problem with my SQL syntax. Now my issue is that the 1G limit I have hardset in my files is not being overwritten by the SQL query. I assume this is again because of my query. On Mon, Sep 16, 2013 at 10:40 PM, Noel Butler wrote: > Greg, > Just taking a cursory look.... > > On Mon, 2013-09-16 at 19:04 -0700, Greg Ryman wrote: > > > > mail_location = maildir:/var/vmail/%d/%n > > mail_plugins = quota > > mail_uid = vmail > > managesieve_notify_capability = mailto > > managesieve_sieve_capability = fileinto reject envelope encoded-character > > vacation subaddress comparator-i;ascii-numeric relational regex > imap4flags > > copy include variables body enotify environment mailbox date ihave > > Be careful declaring capabilities, personally I dont eg: > > protocol sieve { > managesieve_max_line_length = 65536 > managesieve_logout_format = bytes=%i/%o > managesieve_implementation_string = Dovecot Pigeonhole > managesieve_max_compile_errors = 5 > mail_max_userip_connections = 10 > } > > seems to work just fine, though 99% of our users, use pop3, not imap > > > > protocols = " imap sieve pop3" > > > You have defined a lmtp below but are not defining it here in protocols, > by looks of postfix master.cf, your not using it so dont want it at all > anywaymso if you are not intending on using it, clean it up below > > > > > > protocol lmtp { > > mail_plugins = " sieve autocreate quota" > > } > > > > > > Youve already declared quota in global plugins > > > > protocol lda { > > mail_plugins = sieve quota > > replace to: mail_plugins = $mail_plugins sieve > > > > } > > > > > > protocol imap { > > mail_plugins = quota antispam autocreate quota imap_quota > > } > > mail_plugins = $mail_plugins imap_quota (antispam/autocreate - check up > on, I dont use them so wont comment) > > > > > > > root at mail:/etc/dovecot# grep -v '^ *\(#.*\)\?$' dovecot-sql.conf > > driver = mysql > > connect = host=localhost dbname=mail user=mail password=mailpassword > > default_pass_scheme = MD5-CRYPT > > > not affecting, but a word of advice, if you have a modern system change > that to CRYPT (no, it if you have a modern OS it will NOT use the old > exploitable, 8 char limited "crypt" but will allow you to use salted > sha512 etc) > > > > password_query = \ > > SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, \ > > 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as > > userdb_gid \ > > FROM mailbox WHERE username = '%u' AND active = '1' > > > Try cleaning that up, for example > password_query = SELECT username, password FROM mailbox WHERE > username='%u' and active='1' > (it doesnt need all that other stuff, it gets it from user query) > > user_query looks ok (see below), but you can drop off the "and active" > stuff > > > > user_query = \ > > SELECT '/var/vmail/%d/%n' as home, 'maildir:/var/vmail/%d/%n' as mail, > \ > > 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota \ > > FROM mailbox WHERE username = '%u' AND active = '1' > > > > concat('*:storage=', quota,'M') if you dont specify a type, I might be > wrong, but I think it would likely default to bytes, which might be ok > if thats how you've setup your database anyway. > > > > > > # Integration with Dovecot - hand mail over to it for local delivery, and > > # run the process under the vmail user and mail group. > > dovecot unix - n n - - pipe > > flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/dovecot-lda -d > > $(recipient) > > > > > > dovecot-lda -f ${sender} -e -d ${user}@${nexthop} would be better, > can allow you to use recip delim as well. > > > -- Greg Ryman From campbell at cnpapers.com Tue Sep 17 15:33:07 2013 From: campbell at cnpapers.com (Steve Campbell) Date: Tue, 17 Sep 2013 08:33:07 -0400 Subject: [Dovecot] (no subject) In-Reply-To: <1379396442.4569.27.camel@tardis> References: <1379396442.4569.27.camel@tardis> Message-ID: <52384C03.9030901@cnpapers.com> Noel, What a superb reply. I wish they all were so thorough. It not only helps the OP, but also anyone who views it now or later. steve campbell On 9/17/2013 1:40 AM, Noel Butler wrote: > Greg, > Just taking a cursory look.... > > On Mon, 2013-09-16 at 19:04 -0700, Greg Ryman wrote: > > >> mail_location = maildir:/var/vmail/%d/%n >> mail_plugins = quota >> mail_uid = vmail >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope encoded-character >> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags >> copy include variables body enotify environment mailbox date ihave > Be careful declaring capabilities, personally I dont eg: > > protocol sieve { > managesieve_max_line_length = 65536 > managesieve_logout_format = bytes=%i/%o > managesieve_implementation_string = Dovecot Pigeonhole > managesieve_max_compile_errors = 5 > mail_max_userip_connections = 10 > } > > seems to work just fine, though 99% of our users, use pop3, not imap > > >> protocols = " imap sieve pop3" > > You have defined a lmtp below but are not defining it here in protocols, > by looks of postfix master.cf, your not using it so dont want it at all > anywaymso if you are not intending on using it, clean it up below > > > > >> protocol lmtp { >> mail_plugins = " sieve autocreate quota" >> } > > > > > Youve already declared quota in global plugins > > >> protocol lda { >> mail_plugins = sieve quota > replace to: mail_plugins = $mail_plugins sieve > > >> } > > > >> protocol imap { >> mail_plugins = quota antispam autocreate quota imap_quota >> } > mail_plugins = $mail_plugins imap_quota (antispam/autocreate - check up on, I dont use them so wont comment) > > > > > >> root at mail:/etc/dovecot# grep -v '^ *\(#.*\)\?$' dovecot-sql.conf >> driver = mysql >> connect = host=localhost dbname=mail user=mail password=mailpassword >> default_pass_scheme = MD5-CRYPT > > not affecting, but a word of advice, if you have a modern system change > that to CRYPT (no, it if you have a modern OS it will NOT use the old > exploitable, 8 char limited "crypt" but will allow you to use salted > sha512 etc) > > >> password_query = \ >> SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, \ >> 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as >> userdb_gid \ >> FROM mailbox WHERE username = '%u' AND active = '1' > > Try cleaning that up, for example > password_query = SELECT username, password FROM mailbox WHERE > username='%u' and active='1' > (it doesnt need all that other stuff, it gets it from user query) > > user_query looks ok (see below), but you can drop off the "and active" > stuff > > >> user_query = \ >> SELECT '/var/vmail/%d/%n' as home, 'maildir:/var/vmail/%d/%n' as mail, \ >> 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota \ >> FROM mailbox WHERE username = '%u' AND active = '1' >> > concat('*:storage=', quota,'M') if you dont specify a type, I might be > wrong, but I think it would likely default to bytes, which might be ok > if thats how you've setup your database anyway. > > > > >> # Integration with Dovecot - hand mail over to it for local delivery, and >> # run the process under the vmail user and mail group. >> dovecot unix - n n - - pipe >> flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/dovecot-lda -d >> $(recipient) >> >> > dovecot-lda -f ${sender} -e -d ${user}@${nexthop} would be better, > can allow you to use recip delim as well. > > > From dan at langille.org Tue Sep 17 15:39:07 2013 From: dan at langille.org (Dan Langille) Date: Tue, 17 Sep 2013 08:39:07 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <1379377718.5447.30.camel@tardis> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD.30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome.org> <1379123747.7900.19.camel@tardis> <5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26.camel@tardis> <1379377718.5447.30.camel@tardis> Message-ID: <5ad696a456446b9d638c257a61ac6cae@mail.unixathome.org> On 2013-09-16 20:28, Noel Butler wrote: > On Mon, 2013-09-16 at 10:10 -0400, Dan Langille wrote: > > On Sep 14, 2013, at 10:36 PM, Noel Butler wrote: > > > On Sat, 2013-09-14 at 15:21 -0400, Dan Langille wrote: > > > > > >>> > >> > >> Hmmm, I tried ssl = yes. Mail.app still crashes when trying to connect. > >> > > > > > > Well, its likely an Apple fault, after all their implementation of pop3 > > has been known to be broken for many many many years, but still after > > all these years are incapable of finding a developer to fix it by > > inserting a QUIT after its done everything. > > > > > > Since we just ruled this one out, might I suggest you grab the source > and build it, install it all under /opt/dovecot that way it wont > interfere with your ports installation and try that, the one you > successfully just tested uses dovecot 2.1 not 2.2, so maybe try source > of 2.1 and see if it works. I just tried 2.1.16. The iPhone has no trouble on 143 but on 993, it's just like 2.2 > But, if it does work on port 143 with TLS I wouldnt worry too much > about it tcpdump is showing me raw text going past, so I know I'm not getting TLS on either Dovecot 2.1 or 2.2 It seems that TLS is not supported by my client. Pity. I thank you for your help though. We have a workaround, which is good enough for my particular situation: self-signed certificates. However, that solution is not ideal for most people. It is for that reason that I'm willing to keep hacking at this if others have further ideas / suggestions. -- Dan Langille - http://langille.org/ From h.reindl at thelounge.net Tue Sep 17 15:43:03 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 17 Sep 2013 14:43:03 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5ad696a456446b9d638c257a61ac6cae@mail.unixathome.org> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD .30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome. org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < 1379377718.5447.30.camel@tardis> <5ad696a456446b9d638c257a61ac6cae@mail.unixathome.org> Message-ID: <52384E57.10509@thelounge.net> Am 17.09.2013 14:39, schrieb Dan Langille: > On 2013-09-16 20:28, Noel Butler wrote: >> Since we just ruled this one out, might I suggest you grab the source >> and build it, install it all under /opt/dovecot that way it wont >> interfere with your ports installation and try that, the one you >> successfully just tested uses dovecot 2.1 not 2.2, so maybe try source >> of 2.1 and see if it works. > > I just tried 2.1.16. The iPhone has no trouble on 143 but on 993, it's just like 2.2 > >> But, if it does work on port 143 with TLS I wouldnt worry too much about it > > tcpdump is showing me raw text going past, so I know I'm not getting TLS on either Dovecot 2.1 or 2.2 > > It seems that TLS is not supported by my client. Pity. iPhone is the worst mail client on this planet but for sure supports TLS Apple is here the same as Microsoft * remove the account completly * add it again and it will detect that encryption is available -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From dan at langille.org Tue Sep 17 16:01:49 2013 From: dan at langille.org (Dan Langille) Date: Tue, 17 Sep 2013 09:01:49 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <52384E57.10509@thelounge.net> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome. org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < 1379377718.5447.30.camel@tardis> <5ad696a456446b9d638c257a61ac6cae@mail.unixathome.org> <52384E57.10509@thelounge.net> Message-ID: <0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> On 2013-09-17 08:43, Reindl Harald wrote: > Am 17.09.2013 14:39, schrieb Dan Langille: > On 2013-09-16 20:28, Noel Butler wrote: > Since we just ruled this one out, might I suggest you grab the source > and build it, install it all under /opt/dovecot that way it wont > interfere with your ports installation and try that, the one you > successfully just tested uses dovecot 2.1 not 2.2, so maybe try source > of 2.1 and see if it works. > > I just tried 2.1.16. The iPhone has no trouble on 143 but on 993, it's > just like 2.2 > > But, if it does work on port 143 with TLS I wouldnt worry too much > about it > > tcpdump is showing me raw text going past, so I know I'm not getting > TLS on either Dovecot 2.1 or 2.2 > > It seems that TLS is not supported by my client. Pity. > > iPhone is the worst mail client on this planet but for sure supports > TLS > > Apple is here the same as Microsoft > > * remove the account completly > * add it again and it will detect that encryption is available Done. But tcpdump is still showing me plain text. # dovecot -n # 2.1.16: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE-p6 amd64 auth_debug = yes auth_verbose = yes disable_plaintext_auth = no first_valid_gid = 1001 first_valid_uid = 1001 mail_debug = yes mail_location = maildir:~/Maildir mail_privileged_group = mail passdb { args = scheme=BLF-CRYPT /var/db/dovecot.users driver = passwd-file } protocols = imap service imap-login { inet_listener imap { address = 199.233.228.197 } inet_listener imaps { address = 199.233.228.197 port = 0 } } ssl_cert = References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome. org> <1379123747.7900.19.camel@tardis> <5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> <1379377718.5447.30.camel@tardis> <5ad696a456446b9d638c257a61ac6cae@mail.unixathome.org> <52384E57.10509@thelounge.net> <0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> Message-ID: <20130917090845.12c46e5f@scorpio> On Tue, 17 Sep 2013 09:01:49 -0400 Dan Langille articulated: > On 2013-09-17 08:43, Reindl Harald wrote: > > Am 17.09.2013 14:39, schrieb Dan Langille: > > On 2013-09-16 20:28, Noel Butler wrote: > > Since we just ruled this one out, might I suggest you grab the > > source and build it, install it all under /opt/dovecot that way it > > wont interfere with your ports installation and try that, the one > > you successfully just tested uses dovecot 2.1 not 2.2, so maybe try > > source of 2.1 and see if it works. > > > > I just tried 2.1.16. The iPhone has no trouble on 143 but on 993, > > it's just like 2.2 > > > > But, if it does work on port 143 with TLS I wouldnt worry too much > > about it > > > > tcpdump is showing me raw text going past, so I know I'm not > > getting TLS on either Dovecot 2.1 or 2.2 > > > > It seems that TLS is not supported by my client. Pity. > > > > iPhone is the worst mail client on this planet but for sure > > supports TLS > > > > Apple is here the same as Microsoft > > > > * remove the account completly > > * add it again and it will detect that encryption is available > > Done. But tcpdump is still showing me plain text. > > # dovecot -n > # 2.1.16: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 9.1-RELEASE-p6 amd64 > auth_debug = yes > auth_verbose = yes > disable_plaintext_auth = no > first_valid_gid = 1001 > first_valid_uid = 1001 > mail_debug = yes > mail_location = maildir:~/Maildir > mail_privileged_group = mail > passdb { > args = scheme=BLF-CRYPT /var/db/dovecot.users > driver = passwd-file > } > protocols = imap > service imap-login { > inet_listener imap { > address = 199.233.228.197 > } > inet_listener imaps { > address = 199.233.228.197 > port = 0 > } > } > ssl_cert = ssl_key = userdb { > args = /var/db/dovecot.users > driver = passwd-file > } > verbose_proctitle = yes > verbose_ssl = yes > protocol imap { > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep > } Show the entire dump from when you first attempt to make a connection to the start of message transmission. -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From h.reindl at thelounge.net Tue Sep 17 16:26:38 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 17 Sep 2013 15:26:38 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < 1379377718.5447.30.camel@tardis> <5ad696a456446b9d638c257a61ac6cae@mail. unixathome.org> <52384E57.10509@thelounge.net> <0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> Message-ID: <5238588E.4010405@thelounge.net> Am 17.09.2013 15:01, schrieb Dan Langille: > On 2013-09-17 08:43, Reindl Harald wrote: >> Am 17.09.2013 14:39, schrieb Dan Langille: >> On 2013-09-16 20:28, Noel Butler wrote: >> Since we just ruled this one out, might I suggest you grab the source >> and build it, install it all under /opt/dovecot that way it wont >> interfere with your ports installation and try that, the one you >> successfully just tested uses dovecot 2.1 not 2.2, so maybe try source >> of 2.1 and see if it works. >> >> I just tried 2.1.16. The iPhone has no trouble on 143 but on 993, it's just like 2.2 >> >> But, if it does work on port 143 with TLS I wouldnt worry too much about it >> >> tcpdump is showing me raw text going past, so I know I'm not getting TLS on either Dovecot 2.1 or 2.2 >> >> It seems that TLS is not supported by my client. Pity. >> >> iPhone is the worst mail client on this planet but for sure supports TLS >> >> Apple is here the same as Microsoft >> >> * remove the account completly >> * add it again and it will detect that encryption is available > > Done. But tcpdump is still showing me plain text. and you surely have "ssl = yes" in your configuration? "dovecot -n" does not show it here too while it is there *what* says "telnet your-server 143" if it is configured correctly you see "STARTTLS" in the capabilities if you do not see it than the problem is a completl?y different one * OK [CAPABILITY IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE STARTTLS AUTH=CRAM-MD5 AUTH=DIGEST-MD5 AUTH=LOGIN AUTH=PLAIN AUTH=SCRAM-SHA-1] -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From dan at langille.org Tue Sep 17 16:53:12 2013 From: dan at langille.org (Dan Langille) Date: Tue, 17 Sep 2013 09:53:12 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <20130917090845.12c46e5f@scorpio> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD "\".30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome. org> <1379123747.7900.19.camel@tardis> <5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> <1379377718.5447.30.camel@tardis> <5ad696a456446b9d638c257a61ac6cae@mail.unixathome.org> <52384E57.10509@thelounge.net> <0db334276e557faf03f1c0950ca21da3@mail.unixathome.org>" <20130917090845.12c46e5f@scorpio> Message-ID: On 2013-09-17 09:08, Jerry wrote: > On Tue, 17 Sep 2013 09:01:49 -0400 > Dan Langille articulated: > > On 2013-09-17 08:43, Reindl Harald wrote: > > Am 17.09.2013 14:39, schrieb Dan Langille: > > On 2013-09-16 20:28, Noel Butler wrote: > > Since we just ruled this one out, might I suggest you grab the > > source and build it, install it all under /opt/dovecot that way it > > wont interfere with your ports installation and try that, the one > > you successfully just tested uses dovecot 2.1 not 2.2, so maybe try > > source of 2.1 and see if it works. > > > > I just tried 2.1.16. The iPhone has no trouble on 143 but on 993, > > it's just like 2.2 > > > > But, if it does work on port 143 with TLS I wouldnt worry too much > > about it > > > > tcpdump is showing me raw text going past, so I know I'm not > > getting TLS on either Dovecot 2.1 or 2.2 > > > > It seems that TLS is not supported by my client. Pity. > > > > iPhone is the worst mail client on this planet but for sure > > supports TLS > > > > Apple is here the same as Microsoft > > > > * remove the account completly > > * add it again and it will detect that encryption is available > > Done. But tcpdump is still showing me plain text. > > # dovecot -n > # 2.1.16: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 9.1-RELEASE-p6 amd64 > auth_debug = yes > auth_verbose = yes > disable_plaintext_auth = no > first_valid_gid = 1001 > first_valid_uid = 1001 > mail_debug = yes > mail_location = maildir:~/Maildir > mail_privileged_group = mail > passdb { > args = scheme=BLF-CRYPT /var/db/dovecot.users > driver = passwd-file > } > protocols = imap > service imap-login { > inet_listener imap { > address = 199.233.228.197 > } > inet_listener imaps { > address = 199.233.228.197 > port = 0 > } > } > ssl_cert = ssl_key = userdb { > args = /var/db/dovecot.users > driver = passwd-file > } > verbose_proctitle = yes > verbose_ssl = yes > protocol imap { > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep > } > > Show the entire dump from when you first attempt to make a connection > to > the start of message transmission. 13:22:17.985508 IP 166.137.85.50.51685 > 199.233.228.197.143: Flags [S], seq 2703590158, win 65535, options [mss 1370,nop,wscale 4,nop,nop,TS val 773682446 ecr 0,sackOK,eol], length 0 EH.@?. at .3._...U2.........%.................Z....... ..u......... 13:22:17.985579 IP 199.233.228.197.143 > 166.137.85.50.51685: Flags [S.], seq 2030926149, ack 2703590159, win 65535, options [mss 1370,nop,wscale 6,sackOK,TS val 2484342793 ecr 773682446], length 0 yE.%......w......Z....... ... ..u. 13:22:18.066507 IP 166.137.85.50.51685 > 199.233.228.197.143: Flags [.], ack 1, win 8232, options [nop,nop,TS val 773682522 ecr 2484342793], length 0 yF.. (........U2.........%..y ..uZ... 13:22:18.093983 IP 199.233.228.197.143 > 166.137.85.50.51685: Flags [P.], seq 1:113, ack 1, win 1039, options [nop,nop,TS val 2484342901 ecr 773682522], length 112 yF.%......R.......U2....y ...u..uZ* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. 13:22:18.224227 IP 166.137.85.50.51685 > 199.233.228.197.143: Flags [.], ack 113, win 8225, options [nop,nop,TS val 773682659 ecr 2484342901], length 0 y... !.9......U2.........%..y ..u....u It was after this that the login details were passsed. That was in plain text, and omitted from this paste. 13:22:18.245486 IP 199.233.228.197.143 > 166.137.85.50.51685: Flags [P.], seq 113:432, ack 32, win 1039, options [nop,nop,TS val 2484343053 ecr 773682667], length 319 y..%..............U2....y ..u.1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE] Logged in 13:22:18.311309 IP 166.137.85.50.51685 > 199.233.228.197.143: Flags [.], ack 432, win 8205, options [nop,nop,TS val 773682774 ecr 2484343053], length 0 ........3.s...U2.........%..y ..vV... 13:22:18.384236 IP 166.137.85.50.51685 > 199.233.228.197.143: Flags [P.], seq 32:121, ack 432, win 8205, options [nop,nop,TS val 773682824 ecr 2484343053], length 89 .!......3.6...U2.........%..y 2 ID ("name" "iPhone Mail" "version" "10B350" "os" "iOS" "os-version" "6.1.4 (10B350)") 13:22:18.384634 IP 199.233.228.197.143 > 166.137.85.50.51685: Flags [P.], seq 432:462, ack 121, win 1039, options [nop,nop,TS val 2484343192 ecr 773682824], length 30 z..%..............U2....y ......v.* ID NIL 2 OK ID completed. 13:22:18.455096 IP 166.137.85.50.51685 > 199.233.228.197.143: Flags [.], ack 462, win 8204, options [nop,nop,TS val 773682899 ecr 2484343192], length 0 {... ..f......U2.........%..y ..v..... 13:22:18.464945 IP 166.137.85.50.51685 > 199.233.228.197.143: Flags [P.], seq 121:136, ack 462, win 8204, options [nop,nop,TS val 773682901 ecr 2484343192], length 15 {... .........U2.........%..y ..v.....3 LIST "" "*" -- Dan Langille - http://langille.org/ From dan at langille.org Tue Sep 17 16:57:15 2013 From: dan at langille.org (Dan Langille) Date: Tue, 17 Sep 2013 09:57:15 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5238588E.4010405@thelounge.net> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < "1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. "unixathome.org>" <52384E57.10509@thelounge.net> <0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@thelounge.net> Message-ID: <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> On 2013-09-17 09:26, Reindl Harald wrote: > Am 17.09.2013 15:01, schrieb Dan Langille: > On 2013-09-17 08:43, Reindl Harald wrote: > Am 17.09.2013 14:39, schrieb Dan Langille: > On 2013-09-16 20:28, Noel Butler wrote: > Since we just ruled this one out, might I suggest you grab the source > and build it, install it all under /opt/dovecot that way it wont > interfere with your ports installation and try that, the one you > successfully just tested uses dovecot 2.1 not 2.2, so maybe try source > of 2.1 and see if it works. > > I just tried 2.1.16. The iPhone has no trouble on 143 but on 993, it's > just like 2.2 > > But, if it does work on port 143 with TLS I wouldnt worry too much > about it > > tcpdump is showing me raw text going past, so I know I'm not getting > TLS on either Dovecot 2.1 or 2.2 > > It seems that TLS is not supported by my client. Pity. > > iPhone is the worst mail client on this planet but for sure supports > TLS > > Apple is here the same as Microsoft > > * remove the account completly > * add it again and it will detect that encryption is available > > Done. But tcpdump is still showing me plain text. > > and you surely have "ssl = yes" in your configuration? > "dovecot -n" does not show it here too while it is there I do. > "dovecot -n" does not show it here too while it is there > > *what* says "telnet your-server 143" $ telnet imaps.unixathome.org 143 Trying 199.233.228.197... Connected to imaps.unixathome.org. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. > if it is configured correctly you see "STARTTLS" in the capabilities > if you do not see it than the problem is a completl?y different one > > * OK [CAPABILITY IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE CHILDREN > SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE > STARTTLS AUTH=CRAM-MD5 AUTH=DIGEST-MD5 AUTH=LOGIN AUTH=PLAIN > AUTH=SCRAM-SHA-1] -- Dan Langille - http://langille.org/ From h.reindl at thelounge.net Tue Sep 17 17:05:39 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 17 Sep 2013 16:05:39 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < " 1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. " unixathome.org>" <52384E57.10509@thelounge.net> < 0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@ thelounge.net> <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> Message-ID: <523861B3.7090703@thelounge.net> Am 17.09.2013 15:57, schrieb Dan Langille: > On 2013-09-17 09:26, Reindl Harald wrote: >> Am 17.09.2013 15:01, schrieb Dan Langille: >> On 2013-09-17 08:43, Reindl Harald wrote: >> Am 17.09.2013 14:39, schrieb Dan Langille: >> On 2013-09-16 20:28, Noel Butler wrote: >> Since we just ruled this one out, might I suggest you grab the source >> and build it, install it all under /opt/dovecot that way it wont >> interfere with your ports installation and try that, the one you >> successfully just tested uses dovecot 2.1 not 2.2, so maybe try source >> of 2.1 and see if it works. >> >> I just tried 2.1.16. The iPhone has no trouble on 143 but on 993, it's just like 2.2 >> >> But, if it does work on port 143 with TLS I wouldnt worry too much about it >> >> tcpdump is showing me raw text going past, so I know I'm not getting TLS on either Dovecot 2.1 or 2.2 >> >> It seems that TLS is not supported by my client. Pity. >> >> iPhone is the worst mail client on this planet but for sure supports TLS >> >> Apple is here the same as Microsoft >> >> * remove the account completly >> * add it again and it will detect that encryption is available >> >> Done. But tcpdump is still showing me plain text. >> >> and you surely have "ssl = yes" in your configuration? >> "dovecot -n" does not show it here too while it is there > > I do. > >> "dovecot -n" does not show it here too while it is there >> >> *what* says "telnet your-server 143" > > $ telnet imaps.unixathome.org 143 > Trying 199.233.228.197... > Connected to imaps.unixathome.org. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. > > >> if it is configured correctly you see "STARTTLS" in the capabilities >> if you do not see it than the problem is a completl?y different one >> >> * OK [CAPABILITY IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE CHILDREN >> SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE >> STARTTLS AUTH=CRAM-MD5 AUTH=DIGEST-MD5 AUTH=LOGIN AUTH=PLAIN AUTH=SCRAM-SHA-1] may i suggest that you try a different mail client? pretty sure that this is one of the uncountable cases where Apple devices are failing -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From dan at langille.org Tue Sep 17 17:32:14 2013 From: dan at langille.org (Dan Langille) Date: Tue, 17 Sep 2013 10:32:14 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <523861B3.7090703@thelounge.net> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < " 1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. " unixathome.org>" <52384E57.10509@thelounge.net> < 0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@ thelounge.net> <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> <523861B3.7090703@thelounge.net> Message-ID: On 2013-09-17 10:05, Reindl Harald wrote: > Am 17.09.2013 15:57, schrieb Dan Langille: > On 2013-09-17 09:26, Reindl Harald wrote: > Am 17.09.2013 15:01, schrieb Dan Langille: > On 2013-09-17 08:43, Reindl Harald wrote: > Am 17.09.2013 14:39, schrieb Dan Langille: > On 2013-09-16 20:28, Noel Butler wrote: > Since we just ruled this one out, might I suggest you grab the source > and build it, install it all under /opt/dovecot that way it wont > interfere with your ports installation and try that, the one you > successfully just tested uses dovecot 2.1 not 2.2, so maybe try source > of 2.1 and see if it works. > > I just tried 2.1.16. The iPhone has no trouble on 143 but on 993, it's > just like 2.2 > > But, if it does work on port 143 with TLS I wouldnt worry too much > about it > > tcpdump is showing me raw text going past, so I know I'm not getting > TLS on either Dovecot 2.1 or 2.2 > > It seems that TLS is not supported by my client. Pity. > > iPhone is the worst mail client on this planet but for sure supports > TLS > > Apple is here the same as Microsoft > > * remove the account completly > * add it again and it will detect that encryption is available > > Done. But tcpdump is still showing me plain text. > > and you surely have "ssl = yes" in your configuration? > "dovecot -n" does not show it here too while it is there > > I do. > > "dovecot -n" does not show it here too while it is there > > *what* says "telnet your-server 143" > > $ telnet imaps.unixathome.org 143 > Trying 199.233.228.197... > Connected to imaps.unixathome.org. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE STARTTLS AUTH=PLAIN] Dovecot ready. > > > if it is configured correctly you see "STARTTLS" in the capabilities > if you do not see it than the problem is a completl?y different one > > * OK [CAPABILITY IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE CHILDREN > SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE > STARTTLS AUTH=CRAM-MD5 AUTH=DIGEST-MD5 AUTH=LOGIN AUTH=PLAIN > AUTH=SCRAM-SHA-1] > > may i suggest that you try a different mail client? > pretty sure that this is one of the uncountable cases where Apple > devices are failing At present, I am using dovecot-1.2.17 on another server with a certificate from StartCom: $ openssl s_client -connect nyi.unixathome.org:993 -quiet depth=0 /description=khACEsbS0LZ8es5F/C=US/CN=nyi.unixathome.org/emailAddress=postmaster at unixathome.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /description=khACEsbS0LZ8es5F/C=US/CN=nyi.unixathome.org/emailAddress=postmaster at unixathome.org verify error:num=27:certificate not trusted verify return:1 depth=0 /description=khACEsbS0LZ8es5F/C=US/CN=nyi.unixathome.org/emailAddress=postmaster at unixathome.org verify error:num=21:unable to verify the first certificate verify return:1 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN] Dovecot ready. The server which fails me is running 2.1.16 (was 2.2 before this morning) $ openssl s_client -connect imaps.unixathome.org:993 -quiet depth=0 /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org verify error:num=27:certificate not trusted verify return:1 depth=0 /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org verify error:num=21:unable to verify the first certificate verify return:1 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. Somewhere, somehow, there is something vastly different and not working. -- Dan Langille - http://langille.org/ From h.reindl at thelounge.net Tue Sep 17 17:39:38 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 17 Sep 2013 16:39:38 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < " 1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. " unixathome.org>" <52384E57.10509@thelounge.net> < 0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@ thelounge.net> <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> < 523861B3.7090703@thelounge.net> Message-ID: <523869AA.8070502@thelounge.net> Am 17.09.2013 16:32, schrieb Dan Langille: >> *what* says "telnet your-server 143" >> $ telnet imaps.unixathome.org 143 >> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. > > At present, I am using dovecot-1.2.17 on another server with a certificate from StartCom: > > $ openssl s_client -connect nyi.unixathome.org:993 -quiet > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN] Dovecot ready. > > > The server which fails me is running 2.1.16 (was 2.2 before this morning) > > $ openssl s_client -connect imaps.unixathome.org:993 -quiet > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. > > Somewhere, somehow, there is something vastly different and not working you are making it hard to impossible to help you if you are mixing servers and their responses and port 993 will *never ever* show STARTTLS because it is IMAPS which enforces a encrypted connection and *not* STARTTLS where the inital connection is unencrpyted by design so *please* stay at *one* config, *one* machine and *one* port for debugging if the machine in question announces STARTTLS on port 143 it should work and that is why i asked if *a different client* than a iPhone is using STARTTLS on *that* machine with *that config* -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From dan at langille.org Tue Sep 17 17:44:40 2013 From: dan at langille.org (Dan Langille) Date: Tue, 17 Sep 2013 10:44:40 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <523869AA.8070502@thelounge.net> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < " 1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. " unixathome.org>" <52384E57.10509@thelounge.net> < 0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@ thelounge.net> <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> < 523861B3.7090703@thelounge.net> <523869AA.8070502@thelounge.net> Message-ID: <3ae359fe83c1a97980bf33816ff0f93d@mail.unixathome.org> On 2013-09-17 10:39, Reindl Harald wrote: > Am 17.09.2013 16:32, schrieb Dan Langille: > *what* says "telnet your-server 143" > $ telnet imaps.unixathome.org 143 > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE STARTTLS AUTH=PLAIN] Dovecot ready. > > At present, I am using dovecot-1.2.17 on another server with a > certificate from StartCom: > > $ openssl s_client -connect nyi.unixathome.org:993 -quiet > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > AUTH=PLAIN] Dovecot ready. > > > The server which fails me is running 2.1.16 (was 2.2 before this > morning) > > $ openssl s_client -connect imaps.unixathome.org:993 -quiet > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE AUTH=PLAIN] Dovecot ready. > > Somewhere, somehow, there is something vastly different and not working > > you are making it hard to impossible to help you if you are mixing > servers and > their responses and port 993 will *never ever* show STARTTLS because it > is > IMAPS which enforces a encrypted connection and *not* STARTTLS where > the > inital connection is unencrpyted by design > > so *please* stay at *one* config, *one* machine and *one* port for > debugging > > if the machine in question announces STARTTLS on port 143 it should > work > and that is why i asked if *a different client* than a iPhone is using > STARTTLS on *that* machine with *that config* Oh I misunderstood. I thought you were suggesting I stop trying to get this to work, give in, and *just use another email client*. My apologies. I was looking for another iPhone email client which was free and did iMap. I failed. I think I'll just have to pay for one and try it. I've run out of time just now. I'll try again soon. Thank you. -- Dan Langille - http://langille.org/ From h.reindl at thelounge.net Tue Sep 17 17:50:07 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 17 Sep 2013 16:50:07 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <3ae359fe83c1a97980bf33816ff0f93d@mail.unixathome.org> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < " 1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. " unixathome.org>" <52384E57.10509@thelounge.net> < 0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@ thelounge.net> <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> < 523861B3.7090703@thelounge.net> <523869AA.8070502@thelounge.net> <3ae359fe83c1a97980bf33816ff0f93d@mail.unixathome.org> Message-ID: <52386C1F.80007@thelounge.net> Am 17.09.2013 16:44, schrieb Dan Langille: > On 2013-09-17 10:39, Reindl Harald wrote: >> you are making it hard to impossible to help you if you are mixing servers and >> their responses and port 993 will *never ever* show STARTTLS because it is >> IMAPS which enforces a encrypted connection and *not* STARTTLS where the >> inital connection is unencrpyted by design >> >> so *please* stay at *one* config, *one* machine and *one* port for debugging >> >> if the machine in question announces STARTTLS on port 143 it should work >> and that is why i asked if *a different client* than a iPhone is using >> STARTTLS on *that* machine with *that config* > > Oh I misunderstood. I thought you were suggesting I stop trying to get this to work, > give in, and *just use another email client*. My apologies. > > I was looking for another iPhone email client which was free and did iMap. I failed. I think I'll > just have to pay for one and try it. > > I've run out of time just now. I'll try again soon i asked for using *a different device* like Thunderbird or whatever on a PC to confirm that STARTLS is working in general or not and not a different application on the same Apple device as we all know that any app on a iPhone is using *the same* backends as the vendor application that's why there is no Firefox because the would have to use Safari and make a nice window around it but not a own rendering engine with thunderbird you can *explicit* switch between IMAPS on 993 and STARTTLS on port 143 and so easy verify if the server is working and only your specific client have a problem -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From Bruno.Treguier at shom.fr Tue Sep 17 17:59:46 2013 From: Bruno.Treguier at shom.fr (=?UTF-8?B?QnJ1bm8gVHLDqWd1aWVy?=) Date: Tue, 17 Sep 2013 16:59:46 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < " 1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. " unixathome.org>" <52384E57.10509@thelounge.net> < 0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@ thelounge.net> <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> <523861B3.7090703@thelounge.net> Message-ID: <52386E62.6040806@shom.fr> Le 17/09/2013 ? 16:32, Dan Langille a ?crit : > $ openssl s_client -connect imaps.unixathome.org:993 -quiet > depth=0 > /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org > > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 > /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org > > verify error:num=27:certificate not trusted > verify return:1 > depth=0 > /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org > > verify error:num=21:unable to verify the first certificate > verify return:1 > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE AUTH=PLAIN] Dovecot ready. > > Somewhere, somehow, there is something vastly different and not working. Hi, Something is definitely wrong with your certificate chain. The first certificate listed in your chain (depth 2) should be StartCom's root CA, bearing "CN = StartCom Certification Authority", the 2nd one (depth 1) should be the intermediate cert, bearing "CN = StartCom Class 1 Primary Intermediate Server CA" and the last one (depth 0) should be yours. You told in an earlier message that you had put the 3 certs (yours, then the intermediate, and then the root) in your crt file. Is it still the case ? If not, you really *must* do it, even if you find it makes no difference. Maybe there's another problem somewhere else, but this chain is a prerequisite for many clients to work. Regards, Bruno -- - Service Hydrographique et Oceanographique de la Marine - DMGS/INF - 13, rue du Chatellier - CS 92803 - 29228 Brest Cedex 2, FRANCE - Phone: +33 2 98 22 17 49 - Email: Bruno.Treguier at shom.fr From info at multifake.net Tue Sep 17 23:23:38 2013 From: info at multifake.net (Andreas Gaiser) Date: Tue, 17 Sep 2013 22:23:38 +0200 Subject: [Dovecot] Basic clustered filesystem advice In-Reply-To: <1379337860.9665.7.camel@ubu101751> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> <1375950077.5211.18.camel@ubu101751> <1376910508.32032.13.camel@ubu101751> <1377852542.30210.0.camel@ubu101751> <1379337860.9665.7.camel@ubu101751> Message-ID: <5238BA4A.7030608@multifake.net> Does anybody know about GlusterFS & Dovecot? ...Andreas > Time marches on, and I need to continue the service migration. I'd still > like to use Dovecot (we're migrating away from Cyrus). I'm assuming the > only other alternative without existing shared storage is to use DRBD > and a cluster file system to provide the replication, and to ensure > Director is enabled. Are there any things to watch for surrounding > this? -- Andreas Gaiser - Berlin agaiser at multifake.net From kremels at kreme.com Tue Sep 17 23:47:45 2013 From: kremels at kreme.com (LuKreme) Date: Tue, 17 Sep 2013 14:47:45 -0600 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD.30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome.org> <1379123747.7900.19.camel@tardis> <5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26.camel@tardis> Message-ID: <631C659D-4BA8-4DA7-A47E-371F1AB320C2@kreme.com> On 16 Sep 2013, at 08:10 , Dan Langille wrote: > For this test, I reconfigured the server to NOT use IMAPS and restarted it. Then I went > to my iPhone and turned off SSL for this mail account. > > That configuration works for my iPhone. This is very odd. For the record, I used an iPhone (iOS 7) and iPad (iOS 7), and a couple of Macs, and at least 5 other users use iPhones with iOS 6, and several people are using Macs (OS X 10.6 through 10.9) to connect to my server via SSL. The only thing that may be different is that I do not allow non-secure connections. in the account setting on the phone: Use SSL [X] authentication: Password IMAP Path Prefix: / Server Port: 993 the '/' is grayed out as the default no entry choice STARTTLS works just fine on the Submission port (587) -- Evil is a little man afraid for his job. From noel.butler at ausics.net Tue Sep 17 23:59:14 2013 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 18 Sep 2013 06:59:14 +1000 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5ad696a456446b9d638c257a61ac6cae@mail.unixathome.org> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD.30209@mie.utoronto.ca> <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome.org> <1379123747.7900.19.camel@tardis> <5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26.camel@tardis> <1379377718.5447.30.camel@tardis> <5ad696a456446b9d638c257a61ac6cae@mail.unixathome.org> Message-ID: <1379451554.3895.13.camel@tardis> On Tue, 2013-09-17 at 08:39 -0400, Dan Langille wrote: > > Since we just ruled this one out, might I suggest you grab the source > > and build it, install it all under /opt/dovecot that way it wont > > interfere with your ports installation and try that, the one you > > successfully just tested uses dovecot 2.1 not 2.2, so maybe try source > > of 2.1 and see if it works. > > I just tried 2.1.16. The iPhone has no trouble on 143 but on 993, it's > just like 2.2 > > > But, if it does work on port 143 with TLS I wouldnt worry too much > > about it > > tcpdump is showing me raw text going past, so I know I'm not getting TLS > on either Dovecot 2.1 or 2.2 > Hrmm, do you still have that profile of when you used my test a/c? if so TLS definitely worked, so just try changing the user/pass/server... or see whats different between the two profiles. > It seems that TLS is not supported by my client. Pity. > Yes, TLS is supported on your iphone, and works imap-login: Info: Login: user=, method=PLAIN, rip=xxxxxxx, TLS > I thank you for your help though. We have a workaround, which is good > enough for my particular > situation: self-signed certificates. However, that solution is not > ideal for most people. It is > for that reason that I'm willing to keep hacking at this if others have > further ideas / suggestions. > Do you have another PC based mail client you can test with? one that you have never used to the mail server before and wont have ever accepted a cert from that server, be it startssl's, or self signed, so something completely clean, and try connect and see if cert fails? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From noel.butler at ausics.net Wed Sep 18 00:04:27 2013 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 18 Sep 2013 07:04:27 +1000 Subject: [Dovecot] (no subject) In-Reply-To: References: <1379396442.4569.27.camel@tardis> Message-ID: <1379451867.3895.18.camel@tardis> On Mon, 2013-09-16 at 23:07 -0700, Greg Ryman wrote: > Thank you Noel. I did manage to get this working before you posted. As I > thought, there was a problem with my SQL syntax. Now my issue is that the > 1G limit I have hardset in my files is not being overwritten by the SQL > query. I assume this is again because of my query. > > I'd say so, yes, once you corrected that,it should work -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From charlesc-dovecot at pyropus.ca Wed Sep 18 02:33:36 2013 From: charlesc-dovecot at pyropus.ca (Charles Cazabon) Date: Tue, 17 Sep 2013 17:33:36 -0600 Subject: [Dovecot] mail-filter plugin v2.2 - corrupts IMAP indexes? Message-ID: <20130917233336.GA27821@pyropus.ca> Hi, I'm trying out the mail-filter plugin (v2.2, with Dovecot 2.2.5 built from source), and it seems like any nontrivial filter causes some sort of index corruption that breaks IMAP use. i.e. using a null filter (basically `cat -`) for mail-filter.sh and mail-filter-out.sh appears to work fine, and the debug logging shows it's using the filters (though it reports the wrong Unix socket for one of them - not sure if that's an actual bug or just a copy&paste error where it logs it; there's a similar accidental use of the same Unix socket path in the readme for the plugin): Sep 15 14:24:03 imap: Debug: Loading modules from directory: .../dovecot/lib/dovecot Sep 15 14:24:03 imap: Debug: Module loaded: .../dovecot/lib/dovecot/mail_filter_plugin.so Sep 15 14:24:03 imap(charlesc): Debug: Effective uid=1000, gid=1000, home=/home/charlesc Sep 15 14:24:03 imap(charlesc): Debug: mail_filter: Filtering mail_filter via socket .../dovecot/var/run/dovecot/mail-filter Sep 15 14:24:03 imap(charlesc): Debug: mail_filter: Filtering mail_filter_out via socket .../dovecot/var/run/dovecot/mail-filter If I use a slightly more complex pair of filter scripts that just swap the case of all alpha chars in the message body (not headers), so this pair of filters results in the same output as the original message, something seems to get corrupted in the indexes, and the IMAP process fails to respond correctly to FETCH requests, and logs this: Sep 15 14:24:03 imap(charlesc): Debug: maildir++: root=.../Mail-test, index=, indexpvt=, control=, inbox=.../Mail-test, alt= Sep 15 14:24:03 imap(charlesc): Error: Cached message size smaller than expected (0 < 1092) Sep 15 14:24:03 imap(charlesc): Error: Maildir filename has wrong S value, renamed the file from .../Mail-test/new/1379276625.M25480P28541.ludmilla,S=0,W=1122 to .../Mail-test/new/1379276625.M25480P28541.ludmilla,S=1092 Sep 15 14:24:03 imap(charlesc): Error: Corrupted index cache file .../Mail-test/dovecot.index.cache: Broken physical size for mail UID 5 Sep 15 14:24:03 imap(charlesc): Error: read(BODY[]) failed: Invalid argument (FETCH for mailbox INBOX UID 5) Sep 15 14:24:03 imap(charlesc): Info: Disconnected: FETCH failed in=105 out=1176 It reports the size of the message changes, too, which is odd, as running the filters manually confirms the output is identical to the input. mail-filter.sh attached; mail-filter-out.sh is identical except using a different temp file name to avoid clashes. Am I doing something wrong? How can I prevent this "Corrupted index cache file" problem? Thanks, Charles -- ----------------------------------------------------------------------- Charles Cazabon GPL'ed software available at: http://pyropus.ca/software/ ----------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: mail-filter.sh Type: application/x-sh Size: 266 bytes Desc: not available URL: From kremels at kreme.com Wed Sep 18 03:42:49 2013 From: kremels at kreme.com (LuKreme) Date: Tue, 17 Sep 2013 18:42:49 -0600 Subject: [Dovecot] mail_plugins = antispam (was Re: (no subject)) In-Reply-To: <1379396442.4569.27.camel@tardis> References: <1379396442.4569.27.camel@tardis> Message-ID: <295158A2-A32F-4C86-9696-2C45D49D7ACC@kreme.com> On 16 Sep 2013, at 23:40 , Noel Butler wrote: > mail_plugins = $mail_plugins imap_quota (antispam/autocreate - check up on, I dont use them so wont comment) Anyone out there who does use antispam and wants to comment? -- 'On whose authority?' demanded Wert. Trymon turned his grey eyes on him. 'Mine. I need no other.' --The Light Fantastic From stan at hardwarefreak.com Wed Sep 18 04:40:51 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Tue, 17 Sep 2013 20:40:51 -0500 Subject: [Dovecot] Basic clustered filesystem advice In-Reply-To: <5238BA4A.7030608@multifake.net> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> <1375950077.5211.18.camel@ubu101751> <1376910508.32032.13.camel@ubu101751> <1377852542.30210.0.camel@ubu101751> <1379337860.9665.7.camel@ubu101751> <5238BA4A.7030608@multifake.net> Message-ID: <523904A3.9030409@hardwarefreak.com> On 9/17/2013 3:23 PM, Andreas Gaiser wrote: > Does anybody know about GlusterFS & Dovecot? http://lmgtfy.com/?q=dovecot+glusterfs -- Stan From noel.butler at ausics.net Wed Sep 18 05:19:37 2013 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 18 Sep 2013 12:19:37 +1000 Subject: [Dovecot] mail_plugins = antispam (was Re: (no subject)) In-Reply-To: <295158A2-A32F-4C86-9696-2C45D49D7ACC@kreme.com> References: <1379396442.4569.27.camel@tardis> <295158A2-A32F-4C86-9696-2C45D49D7ACC@kreme.com> Message-ID: <1379470777.11400.4.camel@tardis> On Tue, 2013-09-17 at 18:42 -0600, LuKreme wrote: > On 16 Sep 2013, at 23:40 , Noel Butler wrote: > > > mail_plugins = $mail_plugins imap_quota (antispam/autocreate - check up on, I dont use them so wont comment) > > Anyone out there who does use antispam and wants to comment? > Sure I'll comment :) all antispam tasks are best left to the MTA or its associated software (amavisd, mailscanner, etc), that's part of its job - not a receivers, like pop3/imap... -------------- next part -------------- A non-text attachment was scrubbed... Name: face-smile.png Type: image/png Size: 873 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From genie at geniechka.ru Wed Sep 18 06:48:16 2013 From: genie at geniechka.ru (Eugene) Date: Wed, 18 Sep 2013 07:48:16 +0400 Subject: [Dovecot] mail_plugins = antispam (was Re: (no subject)) In-Reply-To: <1379470777.11400.4.camel@tardis> References: <1379396442.4569.27.camel@tardis><295158A2-A32F-4C86-9696-2C45D49D7ACC@kreme.com> <1379470777.11400.4.camel@tardis> Message-ID: <1DB8D58436494CB388D82485C29ECD84@geniepc2011> Hi all, Actually the antispam plugin for dovecot provides (re)training functionality initiated by moving a message to/from Spam folder. It was originally developed for DSPAM filtering but I assume is now more general. Personally I stopped using DSPAM and other content-based filters some time ago (in favor of more thorough postfix checks + DNSBL), but when I used it, the plugin worked just fine =) Best wishes Eugene -----Original Message----- From: Noel Butler Sent: Wednesday, September 18, 2013 6:19 AM To: dovecot at dovecot.org Subject: Re: [Dovecot] mail_plugins = antispam (was Re: (no subject)) On Tue, 2013-09-17 at 18:42 -0600, LuKreme wrote: > On 16 Sep 2013, at 23:40 , Noel Butler wrote: > > > mail_plugins = $mail_plugins imap_quota (antispam/autocreate - check up > > on, I dont use them so wont comment) > > Anyone out there who does use antispam and wants to comment? > Sure I'll comment :) all antispam tasks are best left to the MTA or its associated software (amavisd, mailscanner, etc), that's part of its job - not a receivers, like pop3/imap... From rs at sys4.de Wed Sep 18 08:32:01 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 18 Sep 2013 07:32:01 +0200 Subject: [Dovecot] Basic clustered filesystem advice In-Reply-To: <5238BA4A.7030608@multifake.net> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> <1375950077.5211.18.camel@ubu101751> <1376910508.32032.13.camel@ubu101751> <1377852542.30210.0.camel@ubu101751> <1379337860.9665.7.camel@ubu101751> <5238BA4A.7030608@multifake.net> Message-ID: <52393AD1.9000909@sys4.de> Am 17.09.2013 22:23, schrieb Andreas Gaiser: > Does anybody know about GlusterFS & Dovecot? > > > ...Andreas to my latest Infos all fuse based filesystems are not working very well by design, if youre brave go try out ceph, but perhaps wait for more other infos from the list about glusterfs > >> Time marches on, and I need to continue the service migration. I'd still >> like to use Dovecot (we're migrating away from Cyrus). I'm assuming the >> only other alternative without existing shared storage is to use DRBD >> and a cluster file system to provide the replication, and to ensure >> Director is enabled. Are there any things to watch for surrounding >> this? Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Wed Sep 18 08:33:28 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 18 Sep 2013 07:33:28 +0200 Subject: [Dovecot] Basic clustered filesystem advice In-Reply-To: <523904A3.9030409@hardwarefreak.com> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> <1375950077.5211.18.camel@ubu101751> <1376910508.32032.13.camel@ubu101751> <1377852542.30210.0.camel@ubu101751> <1379337860.9665.7.camel@ubu101751> <5238BA4A.7030608@multifake.net> <523904A3.9030409@hardwarefreak.com> Message-ID: <52393B28.1040907@sys4.de> Am 18.09.2013 03:40, schrieb Stan Hoeppner: > On 9/17/2013 3:23 PM, Andreas Gaiser wrote: >> Does anybody know about GlusterFS & Dovecot? > > http://lmgtfy.com/?q=dovecot+glusterfs wow cool trick *g > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From ben+dovecot at mail-subs.com Wed Sep 18 10:43:50 2013 From: ben+dovecot at mail-subs.com (Ben) Date: Wed, 18 Sep 2013 08:43:50 +0100 Subject: [Dovecot] Dovecot and CAPITALISATION = grrrr ;-( Message-ID: <523959B6.2050906@mail-subs.com> Hello, As far as I'm aware, email is case insensitive ? Dovecot however, seems to be taking offence at the fact that someone is sending mail to user at SOMEDOMAIN.XYZ. Postfix has no issues handling it, it when it gets passed over to Dovecot LMTP that I get log lines such as : Sep 17 13:48:22 ukc-vm02-mx01 dovecot: auth: passwd-file(user at SOMEDOMAIN.XYZ): unknown user However user at somedomain.xyz *DOES* exist in the passwd file. Just not with a capitalised domain ! I am confused. Ben From tom at whyscream.net Wed Sep 18 11:02:12 2013 From: tom at whyscream.net (Tom Hendrikx) Date: Wed, 18 Sep 2013 10:02:12 +0200 Subject: [Dovecot] Dovecot and CAPITALISATION = grrrr ;-( In-Reply-To: <523959B6.2050906@mail-subs.com> References: <523959B6.2050906@mail-subs.com> Message-ID: <52395E04.5020608@whyscream.net> On 09/18/2013 09:43 AM, Ben wrote: > Hello, > > As far as I'm aware, email is case insensitive ? > > Dovecot however, seems to be taking offence at the fact that someone is > sending mail to user at SOMEDOMAIN.XYZ. > > Postfix has no issues handling it, it when it gets passed over to > Dovecot LMTP that I get log lines such as : > > Sep 17 13:48:22 ukc-vm02-mx01 dovecot: auth: > passwd-file(user at SOMEDOMAIN.XYZ): unknown user This is an IMAP username that seems to be formatted similar to an e-mail address because your setup is built like that. Usernames (IMAP or otherwise) and passwords are not part of any email spec, but checking them case-sensitive sounds like a good idea in general. You should make sure that the username string used by dovecot-auth is formatted according to what your setup dictates (i.e. probably all lowercase). Probably you need something along the lines of: userdb { driver = passwd-file args = username_format=%Lu /path/to/file } See http://wiki2.dovecot.org/AuthDatabase/PasswdFile and http://wiki2.dovecot.org/Variables Regards, Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 899 bytes Desc: OpenPGP digital signature URL: From h.reindl at thelounge.net Wed Sep 18 11:23:24 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 18 Sep 2013 10:23:24 +0200 Subject: [Dovecot] Dovecot and CAPITALISATION = grrrr ;-( In-Reply-To: <523959B6.2050906@mail-subs.com> References: <523959B6.2050906@mail-subs.com> Message-ID: <523962FC.6010601@thelounge.net> Am 18.09.2013 09:43, schrieb Ben: > As far as I'm aware, email is case insensitive? yes, the localpart in theory is, but only fools would configure me at exacmple.com and ME at example.com for different users because it doe snot work in the real world > Dovecot however, seems to be taking offence at the fact that someone is sending mail to user at SOMEDOMAIN.XYZ. > Postfix has no issues handling it, it when it gets passed over to Dovecot LMTP that I get log lines such as : > > Sep 17 13:48:22 ukc-vm02-mx01 dovecot: auth: passwd-file(user at SOMEDOMAIN.XYZ): unknown user > > However user at somedomain.xyz *DOES* exist in the passwd file. Just not with a capitalised domain ! > I am confused RTFM auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From ben+dovecot at mail-subs.com Wed Sep 18 13:38:08 2013 From: ben+dovecot at mail-subs.com (Ben) Date: Wed, 18 Sep 2013 11:38:08 +0100 Subject: [Dovecot] Dovecot and CAPITALISATION = grrrr ;-( In-Reply-To: <52395E04.5020608@whyscream.net> References: <523959B6.2050906@mail-subs.com> <52395E04.5020608@whyscream.net> Message-ID: <52398290.8090003@mail-subs.com> On 18/09/2013 09:02, Tom Hendrikx wrote: > On 09/18/2013 09:43 AM, Ben wrote: >> Hello, >> >> As far as I'm aware, email is case insensitive ? >> >> Dovecot however, seems to be taking offence at the fact that someone is >> sending mail to user at SOMEDOMAIN.XYZ. >> >> Postfix has no issues handling it, it when it gets passed over to >> Dovecot LMTP that I get log lines such as : >> >> Sep 17 13:48:22 ukc-vm02-mx01 dovecot: auth: >> passwd-file(user at SOMEDOMAIN.XYZ): unknown user > > This is an IMAP username that seems to be formatted similar to an e-mail > address because your setup is built like that. > Usernames (IMAP or otherwise) and passwords are not part of any email > spec, but checking them case-sensitive sounds like a good idea in general. > > You should make sure that the username string used by dovecot-auth is > formatted according to what your setup dictates (i.e. probably all > lowercase). Probably you need something along the lines of: > > userdb { > driver = passwd-file > args = username_format=%Lu /path/to/file > } > > See http://wiki2.dovecot.org/AuthDatabase/PasswdFile and > http://wiki2.dovecot.org/Variables > > Regards, > Tom > Thanks Tom, will try ! From ben+dovecot at mail-subs.com Wed Sep 18 13:39:13 2013 From: ben+dovecot at mail-subs.com (Ben) Date: Wed, 18 Sep 2013 11:39:13 +0100 Subject: [Dovecot] Dovecot and CAPITALISATION = grrrr ;-( In-Reply-To: <523962FC.6010601@thelounge.net> References: <523959B6.2050906@mail-subs.com> <523962FC.6010601@thelounge.net> Message-ID: <523982D1.9050009@mail-subs.com> On 18/09/2013 09:23, Reindl Harald wrote: > > > Am 18.09.2013 09:43, schrieb Ben: >> As far as I'm aware, email is case insensitive? > > yes, the localpart in theory is, but only fools would configure > me at exacmple.com and ME at example.com for different users because > it doe snot work in the real world > >> Dovecot however, seems to be taking offence at the fact that someone is sending mail to user at SOMEDOMAIN.XYZ. >> Postfix has no issues handling it, it when it gets passed over to Dovecot LMTP that I get log lines such as : >> >> Sep 17 13:48:22 ukc-vm02-mx01 dovecot: auth: passwd-file(user at SOMEDOMAIN.XYZ): unknown user >> >> However user at somedomain.xyz *DOES* exist in the passwd file. Just not with a capitalised domain ! >> I am confused > > RTFM > > auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% > auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz > If I knew what I was looking for in TFM, I would have R'd it ;-) From list at airstreamcomm.net Wed Sep 18 18:47:24 2013 From: list at airstreamcomm.net (List) Date: Wed, 18 Sep 2013 10:47:24 -0500 Subject: [Dovecot] Basic clustered filesystem advice In-Reply-To: <5238BA4A.7030608@multifake.net> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> <1375950077.5211.18.camel@ubu101751> <1376910508.32032.13.camel@ubu101751> <1377852542.30210.0.camel@ubu101751> <1379337860.9665.7.camel@ubu101751> <5238BA4A.7030608@multifake.net> Message-ID: <5239CB0C.1000404@airstreamcomm.net> On 9/17/13 3:23 PM, Andreas Gaiser wrote: > Does anybody know about GlusterFS & Dovecot? > > > ...Andreas > >> Time marches on, and I need to continue the service migration. I'd still >> like to use Dovecot (we're migrating away from Cyrus). I'm assuming the >> only other alternative without existing shared storage is to use DRBD >> and a cluster file system to provide the replication, and to ensure >> Director is enabled. Are there any things to watch for surrounding >> this? We tested glusterfs 3.2 a while ago using four storage nodes, four Dovecot/Postfix machines, and a number of email client bots that generated upwards of a 180k inbound messages per hour, and upwards of 360k pop/imap connections per hour. Unfortunately we did not grab any metrics on how long it took for a POP/IMAP session to open/read/delete/close or how long SMTP transactions took, we simply wanted to see how much load would be generated which was reasonable for the machines we used. All storage and mail machines were virtual (vmware) and consisted of 2vcpu with 8gigs mem running Centos 6.1. We tested both NFS and the gluster native client and didn't see much difference in perceived load on the system. We did not run into any of the issues that are common with running Dovecot over NFS during our testing, which we attribute to a proper configuration for NFS and solid NTP. We ran an extended test that lasted for about two months and nothing really hiccuped or failed to function so I would call it a success to that extent. We also tested stretching the glusterfs cluster between our two data centers which are 100 miles apart as the fiber lays. Our latency is very low and stable between sites, and resulted in a small increase in load on the cluster. I would not recommend this concept over anything but the most stable and fault tolerant WAN imaginable, but it seemed to work reasonably well for the duration of the testing we did (about a day long test). If I were to do it again obviously I would grab metrics and compare it to access times for a basic single server system on local disk and an NFS backed system using multiple servers, but alas we were just propping it up for fun and see how far we could abuse it. If one could assume that Glusterfs does scale linearly with more nodes you could continue to add capacity to the storage layer and grow the cluster, but that's another level of testing all together. From list at airstreamcomm.net Wed Sep 18 21:35:04 2013 From: list at airstreamcomm.net (List) Date: Wed, 18 Sep 2013 13:35:04 -0500 Subject: [Dovecot] Basic clustered filesystem advice In-Reply-To: <31307757.18316.1379521208038.JavaMail.root@timgws.com.au> References: <31307757.18316.1379521208038.JavaMail.root@timgws.com.au> Message-ID: <5239F258.40502@airstreamcomm.net> On 9/18/13 11:20 AM, Tim Groeneveld wrote: > > ----- Original Message ----- >> On 9/17/13 3:23 PM, Andreas Gaiser wrote: >>> Does anybody know about GlusterFS & Dovecot? >>> >>>> Time marches on, and I need to continue the service migration. I'd >>>> still >>>> like to use Dovecot (we're migrating away from Cyrus). I'm >>>> assuming the >>>> only other alternative without existing shared storage is to use >>>> DRBD >>>> and a cluster file system to provide the replication, and to >>>> ensure >>>> Director is enabled. Are there any things to watch for >>>> surrounding >>>> this? > > I still want my dream of the perfect mail storage engine in > dovecot to one day to be true. > > This magical mailbox format & storage engine would allow > storing emails in different geographical locations. There > would be an attempt to ensure that mail is always closest > to the user (ie, the mail server that the user connects > to retrieve email from). > > Then you could define how many copies of each user's mail > would be stored on a per-user basis, but those copies could > be stored on any storage server, but not more then x times > per network location. > > Unfortunately, this mystical engine does not sound like > it is going to be built in the next handful of years at > least. > > A man can dream. > > Regards, > Tim > > > > Tim, I too have had this dream but it feels very much like people just don't care about Geo-distributed messaging at scale. Since Dovecot now supports storing messages in s3 compatible storage (using obox) I was thinking about extending an object storage app I developed using node.js on top of Cassandra to implement the s3 API and see if that could breath some life into this concept. When time permits I suppose. From kremels at kreme.com Thu Sep 19 04:26:18 2013 From: kremels at kreme.com (LuKreme) Date: Wed, 18 Sep 2013 19:26:18 -0600 Subject: [Dovecot] mail_plugins = antispam (was Re: (no subject)) In-Reply-To: <1DB8D58436494CB388D82485C29ECD84@geniepc2011> References: <1379396442.4569.27.camel@tardis><295158A2-A32F-4C86-9696-2C45D49D7ACC@kreme.com> <1379470777.11400.4.camel@tardis> <1DB8D58436494CB388D82485C29ECD84@geniepc2011> Message-ID: <11099D99-54A7-4750-8CCE-85A3E236FA28@kreme.com> On 17 Sep 2013, at 21:48 , Eugene wrote: > Actually the antispam plugin for dovecot provides (re)training functionality initiated by moving a message to/from Spam folder. Hmm, that sounds interesting, retraining is a real problem. I've setup scripts to do it, but it requires users moving spam out of the spam folder into a specific "notSpam" folder, and they just won't do that. > Personally I stopped using DSPAM and other content-based filters some time ago (in favor of more thorough postfix checks + DNSBL), but when I used it, the plugin worked just fine =) I use postfix with postscreen and RBLs, but that still lets in a considerable amount of spam, so I run SpamAssassin on the mail that does get through. -- For more than a thousand generations the Jedi were the guardians of peace and justice in the galaxy. Before the dark times. Before the Empire. From spork at bway.net Thu Sep 19 04:53:51 2013 From: spork at bway.net (Charles Sprickman) Date: Wed, 18 Sep 2013 21:53:51 -0400 Subject: [Dovecot] Courier migration and vpopmail with dovecot-lda References: Message-ID: <96C76A9D-D737-4EF9-974B-8936E3954716@bway.net> I've been using Dovecot in some fresh installs lately and have found it fairly easy to configure. However I'm starting on a migration that involves moving from some very old software (ancient vpopmail, qmail and Courier). On the Courier front, I've reviewed the migration page in the wiki, and it looks like the main concerns are just matching the namespace and then using the migration script to create new subscription and uidlist files. Given that my Courier IMAP setup is so old (4.0.6), is there anything to be aware of that's not covered in the wiki due to the age of Courier here? Are there any other general issues to be aware of as far as interactions with MUAs are concerned? For example, if Courier has been presenting the user's MUA with a given set of IMAP capabilities and then the MUA sees a bunch of extra capabilities on a subsequent login, will that trigger any strange behavior? And lastly on this subject, I will obviously be doing some testing before cutting over to the other server. Is it valid in something like Thunderbird to have it pointed to "imap.domain.com" and then change the imap server to point to something like "testimap.domain.com" for testing whether subscriptions and the uidlists are working as expected or should I fully replicate the move as an end user would see it by making the change in my local hosts file? Now, assuming that portion of the move goes alright, I'm incredibly confused about getting Dovecot and Vpopmail working together. I assume that initially I can stick with the Maildir++ mailbox format and let vpopmail's vdelivermail continue working as my LDA - vdelivermail understands how to find the user's Maildir, it can check quotas, and it can update the maildirsize file (which I'm assuming dovecot can also read and then report quota/usage to an IMAP client). However it does look like the Dovecot-only mailbox format(s) will offer much better performance than Maildir as the two dbox formats are the only supported mailbox formats with separate index files, correct? Is there any guidance on how to use dovecot's LDA with a virtual mail system such as vpopmail? From what I've read so far, I probably don't want to use the vpopmail extension supplied with dovecot, but query the mysql vpopmail db directly. I'm finding a ton of info while searching for this, but most deals with older versions of dovecot, and there are also many "this works but I don't know why" tutorials on combining dovecot and vpopmail and dovecot's own LDA. I'm not even able to guess how one handles the per-user .qmail files in vpopmail if not using vdelivermail (this is where we enable/disable spam filtering by piping the message through spamc). Any input on the overall migration process is appreciated. It's a bit overwhelming as I have to deal with a big jump in the vpopmail version, rebuilding qmail with a ridiculous number of patches, and then on top of that a migration to new imap/pop server software. eek. Thanks, Charles -- Charles Sprickman NetEng/SysAdmin Bway.net - New York's Best Internet www.bway.net spork at bway.net - 212.982.9800 From raubvogel at gmail.com Thu Sep 19 07:50:27 2013 From: raubvogel at gmail.com (Mauricio Tavares) Date: Thu, 19 Sep 2013 00:50:27 -0400 Subject: [Dovecot] Yet another going from 1.2 to 2.X question: authentication Message-ID: So in 1.2.9 I had something like this: [...] socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = virtual # User running Dovecot LDA's deliver } } # Dovecot as SASL Auth socket listen { client { path = /var/spool/postfix/private/dovecot-auth mode = 0660 user = postfix group = postfix } } I see I can, per http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL, setup the sasl entry as # Dovecot as SASL Auth service auth { unix_listener /var/spool/postfix/private/dovecot-auth mode = 0660 user = postfix group = postfix } what about the lda? From http://wiki2.dovecot.org/LDA I take it would be as simple as service auth { unix_listener auth-userdb { mode = 0600 user = virtual # User running Dovecot LDA's deliver } } Am I correct? From noel.butler at ausics.net Thu Sep 19 09:40:37 2013 From: noel.butler at ausics.net (Noel Butler) Date: Thu, 19 Sep 2013 16:40:37 +1000 Subject: [Dovecot] Yet another going from 1.2 to 2.X question: authentication In-Reply-To: References: Message-ID: <1379572837.11128.11.camel@tardis> On Thu, 2013-09-19 at 00:50 -0400, Mauricio Tavares wrote: > So in 1.2.9 I had something like this: > > [...] > > socket listen { > master { > path = /var/run/dovecot/auth-master > mode = 0600 > user = virtual # User running Dovecot LDA's deliver > } > } > > # Dovecot as SASL Auth > socket listen { > client { > path = /var/spool/postfix/private/dovecot-auth > mode = 0660 > user = postfix > group = postfix > } > } > > I see I can, per http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL, > setup the sasl entry as > > # Dovecot as SASL Auth > service auth { > unix_listener /var/spool/postfix/private/dovecot-auth > mode = 0660 > user = postfix > group = postfix > } > > what about the lda? From http://wiki2.dovecot.org/LDA I take it would > be as simple as > > service auth { > unix_listener auth-userdb { > mode = 0600 > user = virtual # User running Dovecot LDA's deliver > } > } > > Am I correct? Yes, but no need for two service auth's, put them under the one. you might want to also include group= in addition to user, probably wont matter too much if you don't, I cant remember the consequences of not. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From glance at acc.umu.se Thu Sep 19 11:59:23 2013 From: glance at acc.umu.se (Anton Lundin) Date: Thu, 19 Sep 2013 10:59:23 +0200 Subject: [Dovecot] Courier migration and vpopmail with dovecot-lda In-Reply-To: <96C76A9D-D737-4EF9-974B-8936E3954716@bway.net> References: <96C76A9D-D737-4EF9-974B-8936E3954716@bway.net> Message-ID: <20130919085923.GF11752@acc.umu.se> On 18 September, 2013 - Charles Sprickman wrote: > I've been using Dovecot in some fresh installs lately and have found > it fairly easy to configure. However I'm starting on a migration > that involves moving from some very old software (ancient vpopmail, > qmail and Courier). > > On the Courier front, I've reviewed the migration page in the wiki, > and it looks like the main concerns are just matching the namespace > and then using the migration script to create new subscription and > uidlist files. Given that my Courier IMAP setup is so old (4.0.6), > is there anything to be aware of that's not covered in the wiki due > to the age of Courier here? > > Are there any other general issues to be aware of as far as > interactions with MUAs are concerned? For example, if Courier has > been presenting the user's MUA with a given set of IMAP capabilities > and then the MUA sees a bunch of extra capabilities on a subsequent > login, will that trigger any strange behavior? > > And lastly on this subject, I will obviously be doing some testing > before cutting over to the other server. Is it valid in something > like Thunderbird to have it pointed to "imap.domain.com" and then > change the imap server to point to something like > "testimap.domain.com" for testing whether subscriptions and the > uidlists are working as expected or should I fully replicate the > move as an end user would see it by making the change in my local > hosts file? > > Now, assuming that portion of the move goes alright, I'm incredibly > confused about getting Dovecot and Vpopmail working together. I > assume that initially I can stick with the Maildir++ mailbox format > and let vpopmail's vdelivermail continue working as my LDA - > vdelivermail understands how to find the user's Maildir, it can > check quotas, and it can update the maildirsize file (which I'm > assuming dovecot can also read and then report quota/usage to an > IMAP client). However it does look like the Dovecot-only mailbox > format(s) will offer much better performance than Maildir as the two > dbox formats are the only supported mailbox formats with separate > index files, correct? Is there any guidance on how to use dovecot's > LDA with a virtual mail system such as vpopmail? From what I've > read so far, I probably don't want to use the vpopmail extension > supplied with dovecot, but query the mysql vpopmail db directly. > I'm finding a ton of info while searching for this, but most deals > with older versions of dovecot, and there are also many "this works > but I don't know why" tutorials on combining dovecot and vpopmail > and dovecot's own LDA. I'm not even able to guess how one handles > the per-user .qmail files in vpopmail if not using vdelivermail > (this is where we enable/disable spam filtering by piping the > message through spamc). > > Any input on the overall migration process is appreciated. It's a > bit overwhelming as I have to deal with a big jump in the vpopmail > version, rebuilding qmail with a ridiculous number of patches, and > then on top of that a migration to new imap/pop server software. > eek. Hi Charles! I can share some of my war-stories about qmail/vpopmail. Along time ago i ran quite a few qmail/vpopmail/courier/ezmlm/qmailadmin clusters and back then i thought it was the only rely good way of running it. Then the years passed and when i needed to add patches to qmail consisting of more code than qmail started out with it got quite frustrated. Due to speed and scalability we didn't run with a db-backend for vpopmail, we used vpasswd/cdb(?) hash-files and that ran quite well. So when it was time to migrate i came up with the following solution: I ran postfix as smtp-server, querying vpopmail via a tcp:-maps to a daemon written in perl, that ran diffrent vpopmail-commands. That old daemon is now available at: https://github.com/glance-/postfixvpopmail/ For some reason that i can't really remember vdelivermail was just incapable of being used in this case to deliver mail, i think it had something to do with .qmail-files and might have bin something with ezmlm, so i used qmail as a lda, and had postfix pipe mail to qmail-inject. This way we kept qmailadmin/ezmlm running as they did before and just replaced the world-facing components. On top of that i ran Dovecot with the vpopmail plugin. This was a realy old dovecot, probaby like 1.0.x or something, but everything worked smoothly. I just followed the notes on the wiki about uidl-format and no users noticed. I actually just checked, and that server is still running strong, and handling mail for a couple of k users, so it couldn't bin that bad design =) Btw. Its still running Debian Sarge =) I hope you might have gotten some ideas about what to do with a old qmail/vpopmail install. //Anton -- Anton Lundin +46702-161604 From amateo at um.es Thu Sep 19 14:37:40 2013 From: amateo at um.es (Angel L. Mateo) Date: Thu, 19 Sep 2013 13:37:40 +0200 Subject: [Dovecot] Attachment file larger than expected Message-ID: <523AE204.40903@um.es> Hello, I'm using dovecot 2.1.16 with SiS configured as: mail_attachment_dir = mail_attachment_min_size = 128 k mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} I'm having a few errors like: Sep 18 15:46:32 myotis51 dovecot: imap(igd): Error: Attachment file /mail/users/attachments/16/b0/16b0b2023a903db14d7f7bcdb1cc04c3f67a4fcb-b32c0a2aa6ae39527c870000a9061514 larger than expected (235866) They are really few and users haven't reported any problem, but the errors are there. In this case, actual file size of the attachment is: amateo_adm at myotis51:~$ sudo stat /mail/users/attachments/16/b0/16b0b2023a903db14d7f7bcdb1cc04c3f67a4fcb-b32c0a2aa6ae39527c870000a9061514 Fichero: ?/mail/users/attachments/16/b0/16b0b2023a903db14d7f7bcdb1cc04c3f67a4fcb-b32c0a2aa6ae39527c870000a9061514? Tama?o: 174476 Bloques: 344 Bloque E/S: 4096 fichero regular Dispositivo: fc00h/64512d Nodo-i: 152334473 Enlaces: 2 Acceso: (0600/-rw-------) Uid: ( 2012/ vmail) Gid: ( 204/ vmail) Acceso: 2013-09-18 15:46:20.540728654 +0200 Modificaci?n: 2013-09-18 15:46:20.556728948 +0200 Cambio: 2013-09-18 15:46:20.556728949 +0200 Creaci?n: - and file is identified as: amateo_adm at myotis51:~$ sudo file /mail/users/attachments/16/b0/16b0b2023a903db14d7f7bcdb1cc04c3f67a4fcb-b32c0a2aa6ae39527c870000a9061514 /mail/users/attachments/16/b0/16b0b2023a903db14d7f7bcdb1cc04c3f67a4fcb-b32c0a2aa6ae39527c870000a9061514: MIME entity, UTF-8 Unicode text, with very long lines, with CRLF line terminators Any idea? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 868888337 From davide.marchi at mail.cgilfe.it Thu Sep 19 19:40:14 2013 From: davide.marchi at mail.cgilfe.it (Davide) Date: Thu, 19 Sep 2013 18:40:14 +0200 Subject: [Dovecot] Dovecot antispam plugin Message-ID: <523B28EE.5090403@mail.cgilfe.it> someone use dovecot antispam with crm114? -- *Davide Marchi* *T*eorema *F*errara *Srl* Via Spronello, 7 - Ferrara - 44121 Tel. *0532783161* Fax. *0532783368* E-m at il: *davide.marchi at mail.cgilfe.it* Skype: *davide.marchi73* Web: *http://www.cgilfe.it* *CONFIDENZIALITA'* *Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario/dei destinatari. Qualora il messaggio in parola Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione.* *Per favore, pensa all'ambiente. Stampa questa email solo se necessario.* From rplatel at tucows.com Thu Sep 19 23:59:33 2013 From: rplatel at tucows.com (Richard Platel) Date: Thu, 19 Sep 2013 16:59:33 -0400 Subject: [Dovecot] Index error copying compressed message Message-ID: <72E20246-A20D-4B55-A90C-8EA10BD74719@tucows.com> Hi. Dovecot 2.2, with the zlib plugin, I think we're getting bad index entries on IMAP COPY. On copying a message to an empty folder, in the dovecot error log I see: Sep 19 20:34:25 imap01 dovecot: imap(grain at rp-auth-test.com): Error: Cached message size smaller than expected (615 < 971) Sep 19 20:34:25 imap01 dovecot: imap(grain at rp-auth-test.com): Error: Corrupted index cache file /mail/index01/434/860/grain at rp-auth-test.com/.Bup/dovecot.index.cache: Broken physical size for mail UID 0 Sep 19 20:34:25 imap01 dovecot: imap(grain at rp-auth-test.com): Error: read() failed: Invalid argument (uid=0) (Note this happens from the copy operation, not a subsequent access. Also note the UID is always 0). The filename for the message is: -rw------- 2862 mail mail 615 Aug 29 15:38 1379622865.M228140P11548.imap01,S=971,W=988:2,S S= size looks correct: $ zcat 1379622865.M228140P11548.imap01\,S\=971\,W\=988\:2\,S |wc 17 51 971 doveadm dump says: $ sudo -u mail doveadm -c /he/dovecot/conf/dovecot.conf dump /mail/index01/434/860/grain at rp-auth-test.com/.Bup/ Detected file type: index -- INDEX: /mail/index01/434/860/grain at rp-auth-test.com/.Bup//dovecot.index version .................. = 7.3 base header size ......... = 120 header size .............. = 208 record size .............. = 12 compat flags ............. = 1 index id ................. = 1379605150 (2013-09-19 15:39:10) flags .................... = 0 uid validity ............. = 1377629137 (2013-08-27 18:45:37) next uid ................. = 14309 messages count ........... = 1 seen messages count ...... = 1 deleted messages count ... = 0 first recent uid ......... = 14308 first unseen uid lowwater = 14309 first deleted uid lowwater = 14308 log file seq ............. = 6 log file tail offset ..... = 204 log file head offset ..... = 204 day stamp ................ = 1379548800 (2013-09-19 00:00:00) day first uid[0] ......... = 1 day first uid[1] ......... = 0 day first uid[2] ......... = 0 day first uid[3] ......... = 0 day first uid[4] ......... = 0 day first uid[5] ......... = 0 day first uid[6] ......... = 0 day first uid[7] ......... = 0 -- Extension 0 -- name ........ = maildir hdr_size .... = 36 reset_id .... = 0 record_offset = 0 record_size . = 0 record_align = 0 header - new_check_time .... = 2013-09-19 20:34:10 - new_mtime ......... = 2013-09-19 20:08:51 - new_mtime_nsecs ... = 792530000 - cur_check_time .... = 2013-09-19 20:35:38 - cur_mtime ......... = 2013-09-19 20:35:38 - cur_mtime_nsecs.... = 227710000 - uidlist_mtime ..... = 2013-09-19 20:35:38 - uidlist_mtime_nsecs = 254613000 - uidlist_size ...... = 1025178 -- Extension 1 -- name ........ = cache hdr_size .... = 0 reset_id .... = 1379605174 record_offset = 8 record_size . = 4 record_align = 4 -- Keywords -- -- CACHE: /mail/index01/434/860/grain at rp-auth-test.com/.Bup//dovecot.index.cache major version ........ = 1 minor version ........ = 1 indexid .............. = 1379605150 (2013-09-19 15:39:10) file_seq ............. = 1379605174 (2013-09-19 15:39:34) (24 compressions) continued_record_count = 0 record_count ......... = 0 used_file_size (old) . = 108 deleted_record_count . = 0 field_header_offset .. = 32 (0x88808080 nontranslated) -- Cache fields -- # Name Type Size Dec Last used 0: flags bit 4 tmp 2013-09-19 20:07 1: hdr.Message-ID hdr - tmp 2013-09-19 20:07 2: hdr.X-HE-Tag hdr - tmp 2013-09-19 20:07 -- RECORDS: 1 RECORD: seq=1, uid=14308, flags=0x08 (Seen) - ext 3 cache : 0 (00000000) $ sudo -u mail dovecot -c /he/dovecot/conf/dovecot.conf -n # 2.2.4.3 (12e60e803a54+): /he/dovecot/conf/dovecot.conf # OS: Linux 3.4.46-dom0-2.0.0 x86_64 Debian 7.0 debug_log_path = syslog disable_plaintext_auth = no first_valid_uid = 8 info_log_path = syslog lock_method = dotlock log_path = /var/run/dovecot/log-fifo log_timestamp = mail_fsync = always mail_gid = mail mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = zlib quota tc_mail_log notify tc_proc stats mail_uid = mail maildir_very_dirty_syncs = yes mmap_disable = yes namespace inbox { inbox = yes location = prefix = } passdb { args = host=localhost port=1143 username=%L{user}::%L{service}::%L{rip}::%L{session} driver = imap } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append mail_log_fields = uid box msgid flags hetag memcached_servers = 10.5.47.223,10.5.47.222 quota = dict:User quota::proxy:/var/run/auth_proxy_dovecot/quotasocket:quota stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 16 M stats_refresh = 30 secs stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours zlib_save = gz zlib_save_level = 6 } protocols = imap pop3 service anvil { unix_listener anvil-auth-penalty { mode = 00 } } service imap-login { inet_listener imap { address = 0 } inet_listener imaps { port = 0 } process_limit = 29 process_min_avail = 14 service_count = 0 } service imap-postlogin { executable = script-login -d /he/dovecot/utils/post_login.sh } service imap { executable = imap imap-postlogin process_limit = 1270 vsz_limit = 0 } service pop3-login { inet_listener pop3 { address = 0 } inet_listener pop3s { port = 0 } process_limit = 29 process_min_avail = 14 service_count = 0 } service pop3-postlogin { executable = script-login -d /he/dovecot/utils/post_login.sh } service pop3 { executable = pop3 pop3-postlogin process_limit = 206 vsz_limit = 512 M } service stats { fifo_listener stats-mail { mode = 0600 user = mail } } ssl = no userdb { args = /he/dovecot/conf/dovecot-tc-dict-auth.conf driver = dict } verbose_proctitle = yes protocol imap { mail_plugins = zlib quota tc_mail_log notify tc_proc stats imap_stats imap_quota } From rob0 at gmx.co.uk Fri Sep 20 02:14:32 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Thu, 19 Sep 2013 18:14:32 -0500 Subject: [Dovecot] zlib_save per-user or per-mailbox? Message-ID: <20130919231432.GJ13717@harrier.slackbuilds.org> We'd like to be able to activate zlib_save per-user or per-mailbox, but it seems to be global, all or nothing. Search of this list revealed a comment from Timo in 2012: http://www.dovecot.org/list/dovecot/2012-March/064909.html where he was thinking that compression per-namespace would be a worthy feature. Was that done? I'm in the process of replacing a 2.0 system with 2.2 EE. The old system had zlib_save activated, but seems to deliver to maildirs without compression. Does a userdb_mail entry override global zlib_save? (I'm about to test that, but duh, I am asking first.) Thanks. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From rob0 at gmx.co.uk Fri Sep 20 02:43:02 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Thu, 19 Sep 2013 18:43:02 -0500 Subject: [Dovecot] zlib_save per-user or per-mailbox? In-Reply-To: <20130919231432.GJ13717@harrier.slackbuilds.org> References: <20130919231432.GJ13717@harrier.slackbuilds.org> Message-ID: <20130919234302.GL13717@harrier.slackbuilds.org> On Thu, Sep 19, 2013 at 06:14:32PM -0500, /dev/rob0 wrote: > We'd like to be able to activate zlib_save per-user or per-mailbox, > but it seems to be global, all or nothing. Search of this list > revealed a comment from Timo in 2012: > > http://www.dovecot.org/list/dovecot/2012-March/064909.html > > where he was thinking that compression per-namespace would be a > worthy feature. Was that done? > > I'm in the process of replacing a 2.0 system with 2.2 EE. The old > system had zlib_save activated, but seems to deliver to maildirs > without compression. Does a userdb_mail entry override global > zlib_save? (I'm about to test that, but duh, I am asking first.) The test user having a nonstandard userdb_mail "maildir:~/mail", new mail was delivered in compressed format. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From malocatze at trash-mail.com Fri Sep 20 01:47:32 2013 From: malocatze at trash-mail.com (malocatze) Date: Thu, 19 Sep 2013 15:47:32 -0700 (PDT) Subject: [Dovecot] dovecot v-2.0, postfix+mysql configuration issue. In-Reply-To: <1234485632.20130329164516@dlutt.de> References: <1234485632.20130329164516@dlutt.de> Message-ID: <1379630852781-44415.post@n4.nabble.com> Hey, i have the same problem. My Dovecot server runs quite good i can do all the things i would like to do. but i have this in my log when i connect to the server. Sep 20 00:29:57 lx.x.x.x dovecot: auth-worker(9971): Warning: mysql: Query failed, retrying: Table 'mailserver.users' doesn't exist Sep 20 00:29:57 lx.x.x.x dovecot: auth-worker(9971): Error: sql(postmaster at lx.x.x.x.dedicated.hosteurope.de,x.x.x.x): User query failed: Table 'mailserver.users' doesn't exist (using built-in default user_query: SELECT home, uid, gid FROM users WHERE username = '%n' AND domain = '%d') Sep 20 00:29:57 lx.x.x.x dovecot: imap-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=9975, TLS, session= But the mail system works? Now when i create the table users from the example in the config file an it is been empty no errors are in the login and the mail system works also.. Maybe this can be an bug? I have read all your examples and tips -- View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-v-2-0-postfix-mysql-configuration-issue-tp41175p44415.html Sent from the Dovecot mailing list archive at Nabble.com. From rob0 at gmx.co.uk Fri Sep 20 09:07:10 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Fri, 20 Sep 2013 01:07:10 -0500 Subject: [Dovecot] Ring SYNC appears to have got lost, resending after upgrade In-Reply-To: <20130909124110.GO13717@harrier.slackbuilds.org> References: <522D9140.9090403@wk-serv.de> <20130909124110.GO13717@harrier.slackbuilds.org> Message-ID: <20130920060710.GM13717@harrier.slackbuilds.org> This issue still occurs. It varies which of the four director instances gets it, but it seems that once one of them does, the only fix is to restart all four. On Mon, Sep 09, 2013 at 07:41:10AM -0500, /dev/rob0 wrote: > On Mon, Sep 09, 2013 at 11:13:36AM +0200, Patrick Westenberg wrote: > > on Saturday I upgraded two dovecot servers from squeeze to wheezy > > and dovecot from 2.1.x to 2.2.5 (compiled from sources). After the > > upgrade everything worked fine at first. > > > > On Sunday Morning I recognized these errors (they occured after a > > reload for logging purpose on midnight) on one server: > > > > director: Error: Ring SYNC appears to have got lost, resending > > > > After reloading/restarting both dovecot services the error occured > > on both servers. After some research I deleted some "zlib"-File > > which isn't needed anymore in dovecot 2.2.x and reinstalled > > dovecot. The error message disappeared. > > > > Today the error occured again (after the reload on midnight) and > > again on one node only until reloading/restarting the other node > > too. However, there is an additional error message: > > > > Sep 09 10:27:07 director: Error: Ring SYNC appears to have got > > lost, resending > > Sep 09 10:27:10 director: Panic: file login-connection.c: line 88 > > (login_host_callback): assertion failed: (strncmp(request->line, > > "OK\t", 3) == 0) > > I had the same issue (CentOS 6.4 upgraded with third-party RPMs) on > Thu/Fri, and I asked Timo about it in IRC. Apparently a 2.2.6 release > is due soon. He gave me two hg links claimed to fix it: > > http://hg.dovecot.org/dovecot-2.2/rev/f7a37b169f4a > http://hg.dovecot.org/dovecot-2.2/rev/9531ec8afe8b > > However I did have the lost ring SYNC error recur after the cluster > was upgraded to the RPM packages currently in Dovecot's EE repo > (non-free, pay for access) which does include these fixes. > > Restart of all director instances worked for me. Actually I stopped > all, then started all. > > So far so good. We're going to go live with this cluster soon, I > hope. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From tss at iki.fi Fri Sep 20 10:17:19 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 20 Sep 2013 10:17:19 +0300 Subject: [Dovecot] Ring SYNC appears to have got lost, resending after upgrade In-Reply-To: <20130920060710.GM13717@harrier.slackbuilds.org> References: <522D9140.9090403@wk-serv.de> <20130909124110.GO13717@harrier.slackbuilds.org> <20130920060710.GM13717@harrier.slackbuilds.org> Message-ID: <25A608C9-A72A-48F2-AFF0-591085E55913@iki.fi> On 20.9.2013, at 9.07, /dev/rob0 wrote: > This issue still occurs. It varies which of the four director > instances gets it, but it seems that once one of them does, the only > fix is to restart all four. Do you see any other errors or warnings besides this? Are any of the directors restarted or do they for any reason get disconnected from each others before this happens? Are the clocks synchronized in all the directors? I'm guessing the directors did get restarted at some point and some of the other directors didn't notice this because of a bug: http://hg.dovecot.org/dovecot-2.2/rev/b78c705bbb8d I think with 3 directors this error wouldn't happen, because all directors have direct connections to each others and this bug doesn't affect them. I'm fixing bugs for the rest of this week and I'll make new Dovecot release hopefully next week. And -ee release with this fix probably sooner. Maybe I'll even have time to go through this mailing list at some point. :) From lampacz+dovecot at gmail.com Fri Sep 20 13:20:07 2013 From: lampacz+dovecot at gmail.com (Lampa) Date: Fri, 20 Sep 2013 12:20:07 +0200 Subject: [Dovecot] Fwd: lmtp In-Reply-To: References: Message-ID: Hello, using dovecot with postfix with mysql. Some domains have alias. Local delivery is realized over lmtp. When lmtp delivery to aliased domains, it takes bad mail_location - it takes aliased instead real domain, so lmtp is creating domain and user directory. Lmtp doesn't make sql lookup. I need lmtp delivery to real domain and i don't want to create symlinks. mail_location = maildir:/home/mail/%d/%n/Maildir real domain: domain1.com aliased domain: domain2.com rcpt: user at domain2.com lmtp deliver message to /home/mail/domain2.com/user/Maildir instead /home/mail/domain1.com/user/Maildir -- Lampa From vijayrajah at gmail.com Fri Sep 20 14:58:56 2013 From: vijayrajah at gmail.com (Vijay Rajah) Date: Fri, 20 Sep 2013 17:28:56 +0530 Subject: [Dovecot] dovecot v-2.0, postfix+mysql configuration issue. In-Reply-To: <1379630852781-44415.post@n4.nabble.com> References: <1234485632.20130329164516@dlutt.de> <1379630852781-44415.post@n4.nabble.com> Message-ID: >Sep 20 00:29:57 lx.x.x.x dovecot: auth-worker(9971): Error: sql(postmaster at lx.x.x.x.dedicated.hosteurope.de,x.x.x.x): User query failed: Table 'mailserver.users' doesn't exist (using built-in default user_query: SELECT home, uid, gid FROM users WHERE username = '%n' AND domain = '%d') If you are using SQL as Auth backend echeck if you have enabled 'iterate_query' in your configuration Check the http://wiki2.dovecot.org/AuthDatabase/SQL page, specifically the section about 'User Iteration' -Thanks Vijay On Fri, Sep 20, 2013 at 4:17 AM, malocatze wrote: > Hey, i have the same problem. > > My Dovecot server runs quite good i can do all the things i would like to > do. but i have this in my log when i connect to the server. > > Sep 20 00:29:57 lx.x.x.x dovecot: auth-worker(9971): Warning: mysql: Query > failed, retrying: Table 'mailserver.users' doesn't exist > Sep 20 00:29:57 lx.x.x.x dovecot: auth-worker(9971): Error: > sql(postmaster at lx.x.x.x.dedicated.hosteurope.de,x.x.x.x): User query > failed: > Table 'mailserver.users' doesn't exist (using built-in default user_query: > SELECT home, uid, gid FROM users WHERE username = '%n' AND domain = '%d') > Sep 20 00:29:57 lx.x.x.x dovecot: imap-login: Login: > user=, method=PLAIN, > rip=x.x.x.x, lip=x.x.x.x, mpid=9975, TLS, session= > > But the mail system works? > > Now when i create the table users from the example in the config file an it > is been empty no errors are in the login and the mail system works also.. > > Maybe this can be an bug? I have read all your examples and tips > > > > -- > View this message in context: > http://dovecot.2317879.n4.nabble.com/dovecot-v-2-0-postfix-mysql-configuration-issue-tp41175p44415.html > Sent from the Dovecot mailing list archive at Nabble.com. > From megodin at inboxalias.com Fri Sep 20 17:42:45 2013 From: megodin at inboxalias.com (megodin at inboxalias.com) Date: Fri, 20 Sep 2013 10:42:45 -0400 (EDT) Subject: [Dovecot] Bug report: "doveadm rename" encodes special characters wrongly in mUTF-7 (in fs) Message-ID: Hello there, I'm pretty sure I found a bug in latest Dovecot 2.2.5.5 (EE) when playing with the doveadm command. Naturally renaming a users mail folder should be done via "doveadm es consistent. So when using "doveadm rename" trying to rename a folder with special characters e.g. german umlauts like "??" it seems to create the folder wrongly in the filesystem. Example: When I want to rename a users folder 'geschaftliches' to 'gesch&AOQ-ftliches' ("&AOQ-" is the correct mUTF-7 encoding for "??") using the command doveadm mailbox rename -u user 'geschaftliches' 'gesch&AOQ-ftliches' it ends up in the filesystem renamed as "gesch&-AOQ-ftliches" which has an falsely added "-" set after the "&" and therefore the folder is also wrongly shown in Mailclients like Thunderbird or web-mail systems like Horde. (Apparently "doveadm rename" supports only UTF-8 which shows up when trying to rename the folder with "doveadm mailbox rename -u user 'gesch??ftliches'" I get the error message "Fatal: Mailbox name not valid UTF-8: gesch??ftliches") To get things worse, when renaming the mailfolder in Thunderbird to "gesch??ftliches" it gets correctly written in the filesystem as "gesch&AOQ-ftliches" - but afterwards it's NOT found anymore in the dovecot index, e.g. when trying doveadm force-resync -u user it is not listed anymore (until back-renaming in fs to the name it was indexed before). This problem can be reproduced. Can you please fix this? (Not sure if this might change - maybe add an option to support UTF-7 similar to doveadm mailbox list "-7" option) Thanks in advance, Megodin My (relevant part) dovecot configuration (dovecot -n): mailstorage @ NFS with nfsvers=3 (NetApp) # 2.2.5.5 (e5350245ad9b): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.22.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) nfs auth_cache_size = 10 M auth_cache_ttl = 10 mins auth_debug = yes auth_master_user_separator = * auth_username_format = %n auth_verbose = yes disable_plaintext_auth = no listen = * lock_method = dotlock mail_debug = yes mail_fsync = always mail_gid = vmail mail_home = /mnt/placeholder/%u mail_location = sdbox:/mnt/placeholder/%u/mailstore mail_plugins = " quota fts fts_lucene" mail_privileged_group = mail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mmap_disable = yes passdb { args = /etc/dovecot/users.blocked deny = yes driver = passwd-file } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { fts = lucene fts_lucene = whitespace_chars=@. quota = dict:User quota::file:%h/dovecot-quota quota_rule = *:storage=100M quota_rule2 = Trash:storage=+50M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=98%% quota-warning 98 %u sieve = /mnt/placeholder/%u/.dovecot.sieve sieve_dir = /mnt/placeholder/%u/sieve sieve_global_dir = /var/lib/dovecot/sieve/global/ sieve_global_path = /var/lib/dovecot/sieve/default.sieve } postmaster_address = postmaster at example.com protocols = imap pop3 sieve service auth { unix_listener auth-userdb { group = vmail user = vmail } } service managesieve-login { inet_listener sieve { port = 4190 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } ssl_cert = Sorry, it seems like some part of the sh*tty freenet webmailer omitted half of my second sentence of the message I just posted before... . ..so please replace the weird sentence: "Naturally renaming a users mail folder should be done via "doveadm es consistent." with: "Naturally renaming a users mail folder should be done via "doveadm es consistent." Sorry for confusion, Megodin --- Alle Postf??cher an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen _________________________________________________________________ Send and receive anonymous emails to your inbox with InboxAlias. http://www.inboxalias.com From megodin at inboxalias.com Fri Sep 20 18:17:46 2013 From: megodin at inboxalias.com (megodin at inboxalias.com) Date: Fri, 20 Sep 2013 11:17:46 -0400 (EDT) Subject: [Dovecot] Bug report: "doveadm rename" encodes special characters wrongly in mUTF-7 (in fs) Message-ID: What the heck, I don't get it... seems like it's bug's day for me today... the d*mn freenet web-mailclient omitted half of the sentence on exact the same part *again* - so I split it to several lines and omit some quotes... Hope this is the last try to get the _whole_ message out: Naturally renaming a users mail folder should be done via doveadm rename - and not via filesystems "mv" command - to keep dovecot indexes consistent. So sorry again for all that additional reading garbage (forum admins, please feel free to fill in the correct sentence to my original post and delete the 2 correction posts). Seems like a have to write another bug report to freenet admins... (sigh) Sorry again, Megodin --- Alle Postf??cher an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen _________________________________________________________________ Send and receive anonymous emails to your inbox with InboxAlias. http://www.inboxalias.com From megodin at inboxalias.com Fri Sep 20 19:40:39 2013 From: megodin at inboxalias.com (megodin at inboxalias.com) Date: Fri, 20 Sep 2013 12:40:39 -0400 (EDT) Subject: [Dovecot] Migrating from dovecot 2.1 to 2.2 Message-ID: Hey there micah, assuming you have your Dovecot set up using virtual users, I would advise you to use imapsync for that. It does incremental and recursive IMAP transfers from one mailbox to another (on different servers too). As it doesn't make a file copy, but let the two dovecot servers talk directly to each other via IMAP, all your mails with all flags, dates etc. will be preserved on the destination system exactly like on your source system. In your case also the indexes will be written on the fast system automatically by Dovecot 2.2.5 (if configured to do so), so this might do exactly what you are looking for. I have myself successfully transferred over 35000 accounts with imapsync (with very few problems, almost all of them because of corrupt mailboxes or special character encoding problems occured through former use of weird obsolete mail clients) and can highly recommend it. Best regards and good luck, Megodin --- Alle Postf??cher an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen _________________________________________________________________ Send and receive anonymous emails to your inbox with InboxAlias. http://www.inboxalias.com From d.parthey at metaways.de Sat Sep 21 03:28:06 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Sat, 21 Sep 2013 02:28:06 +0200 Subject: [Dovecot] Migrating from dovecot 2.1 to 2.2 In-Reply-To: References: Message-ID: <523CE816.7000903@metaways.de> Am 20.09.2013 18:40, schrieb megodin at inboxalias.com: > Hey there micah, > > assuming you have your Dovecot set up using virtual users, I would advise you to use imapsync for that. It does incremental and recursive IMAP transfers from one mailbox to another (on different servers too). As it doesn't make a file copy, but let the two dovecot servers talk directly to each other via IMAP, all your mails with all flags, dates etc. will be preserved on the destination system exactly like on your source system. > In your case also the indexes will be written on the fast system automatically by Dovecot 2.2.5 (if configured to do so), so this might do exactly what you are looking for. > > I have myself successfully transferred over 35000 accounts with imapsync (with very few problems, almost all of them because of corrupt mailboxes or special character encoding problems occured through former use of weird obsolete mail clients) and can highly recommend it. > > Best regards and good luck, > Megodin Yes, I can confirm imapsync works fine: https://github.com/imapsync/imapsync It doesn't replicate the dovecot IMAP UIDs / POP3 UIDLs though, since via IMAP-only it can't force the target IMAP server to use specific UUIDs. Dovecot's own tool dsync can preserve UUIDs and is therefore the better choice when migrating to dovecot: http://wiki2.dovecot.org/Tools/Dsync http://wiki2.dovecot.org/Migration/Dsync Regards Daniel -- Dipl.-Inf. Daniel Parthey System Engineer Metaways Infosystems GmbH Pickhuben 2, D-20457 Hamburg E-Mail: d.parthey at metaways.de Web: http://www.metaways.de Tel: +49 (0)40 317031-537 Fax: +49 (0)40 317031-937 Metaways Infosystems GmbH - Sitz: D-22967 Tremsb?ttel Handelsregister: Amtsgericht L?beck HRB 4508 AH Gesch?ftsf?hrung: Hermann Thaele, L?der-H.Thaele From tss at iki.fi Sat Sep 21 05:14:20 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 21 Sep 2013 05:14:20 +0300 Subject: [Dovecot] Bug report: "doveadm rename" encodes special characters wrongly in mUTF-7 (in fs) In-Reply-To: References: Message-ID: On 20.9.2013, at 17.42, megodin at inboxalias.com wrote: > So when using "doveadm rename" trying to rename a folder with special characters e.g. german umlauts like "??" it seems to create the folder wrongly in the filesystem. > > Example: When I want to rename a users folder 'geschaftliches' to 'gesch&AOQ-ftliches' ("&AOQ-" is the correct mUTF-7 encoding for "??") using the command Forget about mUTF-7 with Dovecot. It's an IMAP-protocol relic, and Dovecot is trying to get rid of it in as many places as possible. Although by default the filesystem users mUTF-7, but that can also be changed with a setting. > (Apparently "doveadm rename" supports only UTF-8 which shows up when trying to rename the folder with > "doveadm mailbox rename -u user 'gesch??ftliches'" I get the error message "Fatal: Mailbox name not valid UTF-8: gesch??ftliches") I suspect your shell is breaking the 8bit chars into invalid UTF-8. I just tried and it works fine with me. > To get things worse, when renaming the mailfolder in Thunderbird to "gesch??ftliches" it gets correctly written in the filesystem as "gesch&AOQ-ftliches" - but afterwards it's NOT found anymore in the dovecot index, e.g. when trying > doveadm force-resync -u user > it is not listed anymore (until back-renaming in fs to the name it was indexed before). Folders aren't indexed by default (mailbox_list_index=no) and force-resync doesn't affect them. Are you saying "doveadm mailbox list -u user" doesn't show some folder? I'm not aware of any bugs related to this. > This problem can be reproduced. Can you please fix this? I'd need to get some more specifics. Show show exists in filesystems and what commands don't produce expected results (and what they produce instead). > (Not sure if this might change - maybe add an option to support UTF-7 similar to doveadm mailbox list "-7" option) Nah, mUTF-7 hopefully will die some day. From tss at iki.fi Sat Sep 21 05:18:05 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 21 Sep 2013 05:18:05 +0300 Subject: [Dovecot] zlib_save per-user or per-mailbox? In-Reply-To: <20130919231432.GJ13717@harrier.slackbuilds.org> References: <20130919231432.GJ13717@harrier.slackbuilds.org> Message-ID: <5C397061-BF9C-45E1-B4AC-2D49AA8D9CCB@iki.fi> On 20.9.2013, at 2.14, /dev/rob0 wrote: > We'd like to be able to activate zlib_save per-user or per-mailbox, > but it seems to be global, all or nothing. Search of this list > revealed a comment from Timo in 2012: > > http://www.dovecot.org/list/dovecot/2012-March/064909.html > > where he was thinking that compression per-namespace would be a > worthy feature. Was that done? No. It's a bit difficult to implement since it requires some major settings code changes, and the code is already horribly complex. Maybe some day when the whole thing is redesigned. From tss at iki.fi Sat Sep 21 05:23:05 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 21 Sep 2013 05:23:05 +0300 Subject: [Dovecot] Mountpoints with auto mounter In-Reply-To: <7D9B8C4B-66D6-4288-96E1-612E0841569B@kram.io> References: <50F285BE-D498-4677-9DB0-1CB30D0C9EAE@kram.io> <5236D37D.5040705@thelounge.net> <7D9B8C4B-66D6-4288-96E1-612E0841569B@kram.io> Message-ID: <0D8CFF51-53EF-4D27-A965-4E25CE645F09@iki.fi> On 16.9.2013, at 12.59, Steffen Kram wrote: > It would be great if there was a way to just disable the mount point tracking This should work: doveadm mount add '/*' ignore From tss at iki.fi Sat Sep 21 05:29:26 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 21 Sep 2013 05:29:26 +0300 Subject: [Dovecot] SELECT: Bug in untagged response In-Reply-To: <20130913163742.Horde.V2HvBtfet1OvWQlx6LD5Pg1@bigworm.curecanti.org> References: <20130913163742.Horde.V2HvBtfet1OvWQlx6LD5Pg1@bigworm.curecanti.org> Message-ID: <8A8040A9-5E63-442D-9BDF-AFD64A1D065B@iki.fi> On 14.9.2013, at 1.37, Michael M Slusarz wrote: > In selected state: > > C: 1 SELECT &#-&#/# > S: 1 NO Mailbox name is not valid mUTF-7 > S: * OK [CLOSED] Previous mailbox closed. > > I can verify that this only seems to happen when the mailbox name is incorrect mUTF-7. Things work fine if I access a non-existent mailbox: > > C: 1 SELECT non-existent-mailbox > S: * OK [CLOSED] Previous mailbox closed. > S: a NO Mailbox doesn't exist: non-existent-mailbox Fixed: http://hg.dovecot.org/dovecot-2.2/rev/c019b298e0f6 From me at junc.eu Sat Sep 21 07:12:23 2013 From: me at junc.eu (Benny Pedersen) Date: Sat, 21 Sep 2013 06:12:23 +0200 Subject: [Dovecot] =?utf-8?q?Dovecot_and_CAPITALISATION_=3D_grrrr___=3B-?= =?utf-8?q?=28?= In-Reply-To: <52395E04.5020608@whyscream.net> References: <523959B6.2050906@mail-subs.com> <52395E04.5020608@whyscream.net> Message-ID: <9ea078f4cbaeaff9a8b5899928efe920@junc.eu> Tom Hendrikx skrev den 2013-09-18 10:02: > userdb { > driver = passwd-file > args = username_format=%Lu /path/to/file > } note that passwd is case sensitive, while username is not From davide.marchi at mail.cgilfe.it Sat Sep 21 11:51:05 2013 From: davide.marchi at mail.cgilfe.it (Davide) Date: Sat, 21 Sep 2013 10:51:05 +0200 Subject: [Dovecot] LDA quota rejection Message-ID: <523D5DF9.2000504@mail.cgilfe.it> Hi to all, i have dovecot 2.2.5 and i have implemented lda rejection through quota full this is my dovecot conf protocol lda { mail_fsync = optimized auth_socket_path = /usr/local/var/run/dovecot/auth-userdb deliver_log_format = msgid=<%f>-<%s>-%m: %$ hostname = mail.cgilfe.it info_log_path = /var/log/dovecot/dovecot-deliver.log log_path = /var/log/dovecot/dovecot-deliver.log mail_plugin_dir = /usr/local/lib/dovecot mail_plugins = $mail_plugins mail_log sieve postmaster_address = postmaster at mail.cgilfe.it rejection_subject = Rifiutato: %s rejection_reason = Messaggio a <%t> automaticamente rifiutato:%n%r submission_host = 192.16X.XXX.XX0 } If user over quota receive a messagge internally all is ok but if the user receive a mail from external domains nothing to the sender is sentback. Thanks in advance to all for possible help. -- *Davide Marchi* *T*eorema *F*errara *Srl* Via Spronello, 7 - Ferrara - 44121 Tel. *0532783161* Fax. *0532783368* E-m at il: *davide.marchi at mail.cgilfe.it* Skype: *davide.marchi73* Web: *http://www.cgilfe.it* *CONFIDENZIALITA'* *Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario/dei destinatari. Qualora il messaggio in parola Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione.* *Per favore, pensa all'ambiente. Stampa questa email solo se necessario.* From gedalya at gedalya.net Sat Sep 21 17:33:43 2013 From: gedalya at gedalya.net (Gedalya) Date: Sat, 21 Sep 2013 10:33:43 -0400 Subject: [Dovecot] LDA quota rejection In-Reply-To: <523D5DF9.2000504@mail.cgilfe.it> References: <523D5DF9.2000504@mail.cgilfe.it> Message-ID: <523DAE47.40705@gedalya.net> On 09/21/2013 04:51 AM, Davide wrote: > Hi to all, i have dovecot 2.2.5 and i have implemented lda rejection > through quota full > this is my dovecot conf > > protocol lda { > mail_fsync = optimized > auth_socket_path = /usr/local/var/run/dovecot/auth-userdb > deliver_log_format = msgid=<%f>-<%s>-%m: %$ > hostname = mail.cgilfe.it > info_log_path = /var/log/dovecot/dovecot-deliver.log > log_path = /var/log/dovecot/dovecot-deliver.log > mail_plugin_dir = /usr/local/lib/dovecot > mail_plugins = $mail_plugins mail_log sieve > postmaster_address = postmaster at mail.cgilfe.it > rejection_subject = Rifiutato: %s > rejection_reason = Messaggio a <%t> automaticamente rifiutato:%n%r > submission_host = 192.16X.XXX.XX0 > } > If user over quota receive a messagge internally all is ok but if the > user receive a mail from external domains nothing to the sender is > sentback. > Thanks in advance to all for possible help. What shows up in the logs at the host you have configured as submission_host? From charlesc-dovecot at pyropus.ca Sat Sep 21 20:23:09 2013 From: charlesc-dovecot at pyropus.ca (Charles Cazabon) Date: Sat, 21 Sep 2013 11:23:09 -0600 Subject: [Dovecot] mail-filter plugin v2.2 - corrupts IMAP indexes? In-Reply-To: <20130917233336.GA27821@pyropus.ca> References: <20130917233336.GA27821@pyropus.ca> Message-ID: <20130921172309.GA1722@pyropus.ca> Charles Cazabon wrote: > > I'm trying out the mail-filter plugin with Dovecot 2.2.5 built from source, > and it seems like any nontrivial filter causes some sort of index corruption > that breaks IMAP use. For the list archives: Timo has released a new version of this plugin that fixes this. Charles -- ----------------------------------------------------------------------- Charles Cazabon GPL'ed software available at: http://pyropus.ca/software/ ----------------------------------------------------------------------- From charlesc-dovecot at pyropus.ca Sat Sep 21 20:32:40 2013 From: charlesc-dovecot at pyropus.ca (Charles Cazabon) Date: Sat, 21 Sep 2013 11:32:40 -0600 Subject: [Dovecot] Passing info from mail process to mail_filter plugin script? Message-ID: <20130921173240.GB1722@pyropus.ca> Hi, all, The mail_filter plugin allows you to pass messages through an external script/command on the way into and out of the Maildir/mbox/etc mail store. With the recent/new version of the plugin, this seems to work correctly. However, my mail-filter script (for filtering messages on the way from the mail store through the IMAP process to a remote client) needs some extra info from the IMAP mail process. I'm having difficulty figuring out how this can be accomplished. Ideally, I'd like to pass another open file descriptor (opened in the IMAP process) to the script, but I'm not sure if this is possible. Opening the file in the IMAP main.c fails, presumably due to file descriptor limits, but I don't see where restrict_fd_limit() is called there. My second choice for passing this info would be in an environment variable or argument to the mail filter script. Adding env_put() to the IMAP code doesn't seem to get the value passed to the script, presumably because the environment is getting cleared, but again I'm not certain where the list of env vars to keep is set here. There may be another way to accomplish this that I'm not thinking of? Any assistance would be appreciated. Charles -- ----------------------------------------------------------------------- Charles Cazabon GPL'ed software available at: http://pyropus.ca/software/ ----------------------------------------------------------------------- From tss at iki.fi Sat Sep 21 22:12:03 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 21 Sep 2013 22:12:03 +0300 Subject: [Dovecot] Dovecot and CAPITALISATION = grrrr ;-( In-Reply-To: <52395E04.5020608@whyscream.net> References: <523959B6.2050906@mail-subs.com> <52395E04.5020608@whyscream.net> Message-ID: <646B7ADB-C9B8-4794-B8F0-9C50B575B348@iki.fi> On 18.9.2013, at 11.02, Tom Hendrikx wrote: > On 09/18/2013 09:43 AM, Ben wrote: >> Hello, >> >> As far as I'm aware, email is case insensitive ? >> >> Dovecot however, seems to be taking offence at the fact that someone is >> sending mail to user at SOMEDOMAIN.XYZ. >> >> Postfix has no issues handling it, it when it gets passed over to >> Dovecot LMTP that I get log lines such as : >> >> Sep 17 13:48:22 ukc-vm02-mx01 dovecot: auth: >> passwd-file(user at SOMEDOMAIN.XYZ): unknown user > > This is an IMAP username that seems to be formatted similar to an e-mail > address because your setup is built like that. > Usernames (IMAP or otherwise) and passwords are not part of any email > spec, but checking them case-sensitive sounds like a good idea in general. > > You should make sure that the username string used by dovecot-auth is > formatted according to what your setup dictates (i.e. probably all > lowercase). Probably you need something along the lines of: > > userdb { > driver = passwd-file > args = username_format=%Lu /path/to/file > } Easiest that works with all passdbs and userdbs is: auth_username_format = %Lu This has also been the default since .. v2.1 I think. From tss at iki.fi Sat Sep 21 23:36:00 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 21 Sep 2013 23:36:00 +0300 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1369448470.9631.87.camel@fermat.scientia.net> References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> <1369398711.5175.12.camel@fermat.scientia.net> <1369432080.5194.9.camel@fermat.scientia.net> <7EA4237D-B802-4DF5-885C-9FEC1AD18F19@iki.fi> <1369435595.9631.3.camel@fermat.scientia.net> <75771715-2A2B-4424-AED2-F658BD57CB26@iki.fi> <1369438253.9631.19.camel@fermat.scientia.net> <1369441111.9631.64.camel@fermat.scientia.net> <1369442624.9631.69.camel@fermat.scientia.net> <1369448470.9631.87.camel@fermat.scientia.net> Message-ID: Took a while, but finally fixed :) http://hg.dovecot.org/dovecot-2.2/rev/fce84463f508 On 25.5.2013, at 5.21, Christoph Anton Mitterer wrote: > On Sat, 2013-05-25 at 02:43 +0200, Christoph Anton Mitterer wrote: >> And I may have found one further issue: >> >> I set: >> separator = '\\' >> maildir with _not_ using LAYOUT=fs >> the list encode plugin is on >> listescape_char is left to default >> >> >> When I now create a folder "foo.bar" it seemingly works (the client >> shows it as "a.a"), but what comes out is: >> .a.2ea >> how can this work? > > > Quite sure this must be a bug... I played a bit more... > I can create a folder which is shown as "a.2ea" and in the filesystem > this becomes ".a.2e2ea". > > When I make a folder "a" and then try to make a subfolder "2ea" of it... > it doesn't work (the client seems to already fail). > > When I make subfolders (below) like "3e" or "65"... they first show up > as these.... but after several times refreshing... they become folder > "a>" and "ae". > > > Using another quote character like: > listescape_char = ^ > and things seem to work again as expected, i.e. a folder "e.e" becomes > ".e^2ee" > > > > Cheers, > Chris. From tss at iki.fi Sun Sep 22 00:02:05 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 00:02:05 +0300 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <1375950077.5211.18.camel@ubu101751> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> <1375950077.5211.18.camel@ubu101751> Message-ID: <5D40AFC6-1F36-4334-87E1-37CB4ECE8E63@iki.fi> On 8.8.2013, at 11.21, Simon Fraser wrote: > I ran two tests: one using 'doveadm expunge' and one deleting the > message using mutt. Since the hosts mentioned so far have a copy of my > full mailbox on, I re-ran the tests (with the same results) on a test > server with a fresh mailbox on, so there was no extra folder > synchronisation in there to fill up the rawlog. > > Those log entries are too big for the mailing list (70k+), so are here: > > 'doveadm expunge' dsync-rawlog node A > http://pastebin.com/LtUnENPv > > 'doveadm expunge' dsync-rawlog node B > http://pastebin.com/QaWLyZq2 > > imap expunge dsync-rawlog node A > http://pastebin.com/SuFdWn0w > > imap expunge dsync-rawlog node B > http://pastebin.com/Ex66s7hq I finally looked into this: The A and B node logs are exactly the same. I think you sent the same ones for both? Anyway, one of the sides is enough. The interesting parts are: 1375808883.299424 O: NINBOX y 0314c806e3fa0052d26a0000736ac1b0 1375795939 24 1375808883.350378 I: NINBOX y 0314c806e3fa0052d26a0000736ac1b0 1375795939 23 1375808883.360216 I: Ce 22 6e2b7029b52c015258220000736ac1b0 1375808883.360972 O: Cs 23 ae42e400732d0152d3310000736ac1b0  59  1375808883   20 One side has uidnext=23 and the other side has uidnext=24. You're deleting the last message with uid=22, so the uidnext=23 is correct. The other side however thinks that the same mail's uid is 23. There must be something wrong with the mail delivery, because both sides should have uid=22 and uidnext=23 here. So replication rawlogs of a new mail delivery would be helpful.. From tss at iki.fi Sun Sep 22 00:13:23 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 00:13:23 +0300 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <5D40AFC6-1F36-4334-87E1-37CB4ECE8E63@iki.fi> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> <1375950077.5211.18.camel@ubu101751> <5D40AFC6-1F36-4334-87E1-37CB4ECE8E63@iki.fi> Message-ID: <1A27D7CE-C98C-4E36-9A46-D463F8F9A1D2@iki.fi> On 22.9.2013, at 0.02, Timo Sirainen wrote: > The A and B node logs are exactly the same. I think you sent the same ones for both? Anyway, one of the sides is enough. The interesting parts are: > > 1375808883.299424 O: NINBOX y 0314c806e3fa0052d26a0000736ac1b0 1375795939 24 > 1375808883.350378 I: NINBOX y 0314c806e3fa0052d26a0000736ac1b0 1375795939 23 > 1375808883.360216 I: Ce 22 6e2b7029b52c015258220000736ac1b0 > 1375808883.360972 O: Cs 23 ae42e400732d0152d3310000736ac1b0  59  1375808883   20 > > One side has uidnext=23 and the other side has uidnext=24. You're deleting the last message with uid=22, so the uidnext=23 is correct. The other side however thinks that the same mail's uid is 23. There must be something wrong with the mail delivery, because both sides should have uid=22 and uidnext=23 here. So replication rawlogs of a new mail delivery would be helpful.. Or there are some other strange things here also: The GUIDs are different for the mails, so it's as if the same mail was saved to both sides via LMTP instead of being copied to the other side via replication? Also the logs show an extra dsync run that seems to mess things up even further. The whole deletion operation did: - expunge uid=22 - copy uid=23 from A to B - expunge uid=21 (the message was there twice?) - copy uid=23 from B to back to A (??) From tss at iki.fi Sun Sep 22 00:22:33 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 00:22:33 +0300 Subject: [Dovecot] INBOX protected foldername? In-Reply-To: References: <8546B309-AD20-4DD0-BCFE-8C91DA245240@iki.fi><1AD0A63288F34D69A7A6668CB1AD1B6A@hansadd566750e><0C2A766A-C116-4645-BCE9-9B223C4A24DF@iki.fi> <4E14DCF2765445F2BD5B93669B2ADB4C@ai.local> Message-ID: <7A35B6D2-09EF-4DE7-84FA-D7353D4875B4@iki.fi> On 16.8.2013, at 12.21, Hajo Locke wrote: > Hello, > >>> hmm, upgrading should fix some older errors but in my case i got new ones. > > i found the problem. it is a conf problem. > > in 2.1.7 it was enough to set the namespace once and set special_use directives later in userdb. > > now in 2.1.17 you have to set up also the special_use directives in conf and overwrite them with settings from userdb. > seems that 2.1.17 is not creating this settings in internal table if they are missing in conf. > is this expected? I think it works if you return: namespace/inbox/mailbox=Sent Drafts Trash Spam instead of returning each one separately. From tss at iki.fi Sun Sep 22 00:37:23 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 00:37:23 +0300 Subject: [Dovecot] proxy: get rid of redundant log-informations In-Reply-To: <520B9636.8080200@thelounge.net> References: <520B9636.8080200@thelounge.net> Message-ID: <8CAB6011-276E-4F74-9BD4-C6AC4F6F5360@iki.fi> On 14.8.2013, at 17.37, Reindl Harald wrote: > login_log_format_elements = user=<%u> method=%m rip=%r %k > > is it possible to get rid of the "proxy(test at testserver.rhsoft.net): started proxying to 127.0.0.1:143: " part > because on a proxy-only server i know that and it is explicitly not listed in "login_log_format_elements" Different people want different things logged. I think if I started adding settings to control those from Dovecot configuration it would quickly become a horribly complex mess. An alternative could be to send logging through a more configurable log process. Like perhaps a simple perl log proxy where you can do whatever you want using regexps and such.. This is already possible if someone just writes such a log proxy, although it would be a bit annoying as it would have to implement Dovecot's internal master service protocols. A somewhat easier way would be if Dovecot's log process supported a filtering service, similar to how the mail-filter plugin works for emails. Then you could use whatever scripting language you want to implement the filters and if the filter breaks or is too slow, the log process could just drop it and continue logging without filtering. The main problem I see with such a generic log filter is that it operates on a full log line string. Maybe for your use case it would be enough, but people have wanted other things as well where such a filter could be helpful, like logging things to SQL database. But there it would be useful to have some kind of key=value pairs of data, like username=foo mailbox=bar without having to parse it from the text, which could be difficult to do 100% correctly. So maybe some day Dovecot's whole logging system could be redesigned to support that as well. Anyway, all of this is something that I don't see myself having time to implement anytime soon. From tss at iki.fi Sun Sep 22 00:47:43 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 00:47:43 +0300 Subject: [Dovecot] Rfc: Limit the size of an email IN the mailbox In-Reply-To: <20130820083249.GH15989@charite.de> References: <20130820083249.GH15989@charite.de> Message-ID: <249F02F5-BB2D-4B1D-BF9E-40B44A54D346@iki.fi> On 20.8.2013, at 11.32, Ralf Hildebrandt wrote: > Currently we're in the process of migrating Dovecot mailboxes to > Exchange. > > This is all working very well, except for the occasional user, who used > his/her Drafts folder as a file storage: They started writing an email > containing lots of image attachments (and thus exceeding our > maximum_message_size by far). So the mail never gets sent, but stays in > the Drafts folder. > > Once I try moving that mail to exchange, it won't accept the message > since it's too big. I think it would be interesting to have a limit on > the total size of an IMAP object, just like in SMTP. > > Thought? Maybe a new mail_max_msg_size setting that is used also by the upcoming submission server. From h.reindl at thelounge.net Sun Sep 22 01:07:29 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 22 Sep 2013 00:07:29 +0200 Subject: [Dovecot] proxy: get rid of redundant log-informations In-Reply-To: <8CAB6011-276E-4F74-9BD4-C6AC4F6F5360@iki.fi> References: <520B9636.8080200@thelounge.net> <8CAB6011-276E-4F74-9BD4-C6AC4F6F5360@iki.fi> Message-ID: <523E18A1.80508@thelounge.net> Am 21.09.2013 23:37, schrieb Timo Sirainen: > On 14.8.2013, at 17.37, Reindl Harald wrote: > >> login_log_format_elements = user=<%u> method=%m rip=%r %k >> >> is it possible to get rid of the "proxy(test at testserver.rhsoft.net): started proxying to 127.0.0.1:143: " part >> because on a proxy-only server i know that and it is explicitly not listed in "login_log_format_elements" > > Different people want different things logged. I think if I started adding settings to control those from Dovecot configuration it would quickly become a horribly complex mess not really, take a look again at both login_log_format_elements = user=<%u> %r %m %c login_log_format = %$: %s if fact i would only need "login_log_format = %s" but in case of failed logins and dictionary attacks with unknown users "%u" is empty - if %u would *always* contain the used loginname, wether if it was successful or not i would have any needed information without the duplication -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From tss at iki.fi Sun Sep 22 01:11:15 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 01:11:15 +0300 Subject: [Dovecot] Deleted mails in dsync backups In-Reply-To: References: Message-ID: On 23.8.2013, at 13.43, Wolfgang.Friebel at desy.de wrote: > we are doing regular backups of the mdbox mail folders using > > dsync -u username backup mdbox:/somedir/BACKUPS/username > > (still with version 2.1.10, but 2.2.5 is in testing phase) > We do observe that the directory size in the BACKUPS directory is growing with respect to the original mail folders. I believe this is due to deleted mails not being purged in the backup. We are doing regular > > doveadm purge -A > > cleanups, but this does (of course) not affect the backups and subsequent dsync backup runs seem not to clean up deleted mails in the backup either. > > Will the behaviour of the dsync backup command deal with deleted mails in the 2.2.5 release? If not, what could we do to get rid of the deleted mails in the backup (or is there another reason for the growth in size) You could run the doveadm purge also on the destination, e.g.: doveadm -o mail=mdbox:/backups/user purge I also added -P parameter to do this more easily in v2.2.6: http://hg.dovecot.org/dovecot-2.2/rev/56be613e8ece From h.reindl at thelounge.net Sun Sep 22 01:18:46 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 22 Sep 2013 00:18:46 +0200 Subject: [Dovecot] proxy: get rid of redundant log-informations In-Reply-To: <523E18A1.80508@thelounge.net> References: <520B9636.8080200@thelounge.net> < 8CAB6011-276E-4F74-9BD4-C6AC4F6F5360@iki.fi> <523E18A1.80508@thelounge.net> Message-ID: <523E1B46.6060405@thelounge.net> Am 22.09.2013 00:07, schrieb Reindl Harald: > Am 21.09.2013 23:37, schrieb Timo Sirainen: >> On 14.8.2013, at 17.37, Reindl Harald wrote: >> >>> login_log_format_elements = user=<%u> method=%m rip=%r %k >>> >>> is it possible to get rid of the "proxy(test at testserver.rhsoft.net): started proxying to 127.0.0.1:143: " part >>> because on a proxy-only server i know that and it is explicitly not listed in "login_log_format_elements" >> >> Different people want different things logged. I think if I started adding settings to control those from Dovecot configuration it would quickly become a horribly complex mess > > not really, take a look again at both > > login_log_format_elements = user=<%u> %r %m %c > login_log_format = %$: %s > > if fact i would only need "login_log_format = %s" but in case of failed logins > and dictionary attacks with unknown users "%u" is empty - if %u would *always* > contain the used loginname, wether if it was successful or not i would have > any needed information without the duplication errta - the problem maybe was in cased of failed logins you see no difference without %$ comapred to a succesfull login login_log_format_elements = status=%status <%u> %r %m %c login_log_format = %s would perfectly solve this while %status or whatever placeholder would be failed / success -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From tss at iki.fi Sun Sep 22 01:19:32 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 01:19:32 +0300 Subject: [Dovecot] Dovecot never release preallocated space in mdbox In-Reply-To: <5217564D.4080803@Media-Brokers.com> References: <51F63A50.9010002@emisfr.com> <1375446658.31867.18.camel@innu.dovecot.net> <5217564D.4080803@Media-Brokers.com> Message-ID: <2E43E0A9-85B7-4F10-9074-500FB802678B@iki.fi> On 23.8.2013, at 15.32, Charles Marcus wrote: > On 2013-08-02 8:30 AM, Timo Sirainen wrote: >> The problem is that there is no "rotation time". In normal operation Dovecot would be wasting time (=disk IO) looking at old files and figuring out if they would need hole punching. I guess the doveadm purge job could do that, but I'm not sure if that's always the best idea either. I remember some people using different mdbox settings for normal operations and for doveadm purge runs, so this could also unintentionally break things. > > I'm considering migrating my users to mdbox, and thought that I had sent a follow-up to this, but found it in my Drafts folder... > > This does give me a little pause for concern... > > Shouldn't there be an internal, automatic mechanism in place for compacting (this I think is the more appropriate term, since it is what Thunderbird and Outlook both use, although it is used for local client files, as opposed to server based files) these files? > > Personally I'd like it to happen immediately, when a user deletes a(some) message(es). Maybe add a new setting for 'mdbox_compact_trigger' or something like that, where it only does it if it will reclaim at least ## amount of space - although checking for that in and of itself might be as much or more work as just doing it immediately when the email(s) is(are) deleted. There used to be some automatic purging done if enough mails were deleted, but that implementation made the performance much worse so I removed it. Some other better working automation could be added I guess. > But, even if it wasn't fully automatic, maybe simplest would be just another option to pass to doveadm purge (ie, -C for 'compact)? You mean for deleting the preallocated space? I guess it could look at the mdbox_rotate_interval and mdbox_preallocate_space settings and based on that remove the preallocated space from the old files.. But I'm still not convinced it's useful to combine those settings in any case, so doesn't seem like worth the trouble to implement it. > Also - what happens currently when *all* messages in any given mdbox file are deleted? Is the mdbox file deleted? When any messages are deleted from mdbox, the non-deleted messages are moved to another mdbox file and the old mdbox file is deleted. From h.reindl at thelounge.net Sun Sep 22 01:29:02 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 22 Sep 2013 00:29:02 +0200 Subject: [Dovecot] proxy: get rid of redundant log-informations In-Reply-To: <523E1B46.6060405@thelounge.net> References: <520B9636.8080200@thelounge.net> < 8CAB6011-276E-4F74-9BD4-C6AC4F6F5360@iki.fi> <523E18A1.80508@thelounge.net> <523E1B46.6060405@thelounge.net> Message-ID: <523E1DAE.1020503@thelounge.net> Am 22.09.2013 00:18, schrieb Reindl Harald: > Am 22.09.2013 00:07, schrieb Reindl Harald: >> Am 21.09.2013 23:37, schrieb Timo Sirainen: >>> Different people want different things logged. I think if I started adding settings to control those from Dovecot configuration it would quickly become a horribly complex mess >> >> if fact i would only need "login_log_format = %s" but in case of failed logins >> and dictionary attacks with unknown users "%u" is empty - if %u would *always* >> contain the used loginname, wether if it was successful or not i would have >> any needed information without the duplication > > errta - the problem maybe was in cased of failed logins you see no > difference without %$ comapred to a succesfull login > > login_log_format_elements = status=%status <%u> %r %m %c > login_log_format = %s > > would perfectly solve this while %status or whatever placeholder would be failed / success sorry for the spam and not put it in one reply login_log_format_elements = %status <%u> %r %m %c %cipher login_log_format = %s Sep 21 18:39:47 localhost dovecot: imap-login: OK, , 192.168.2.2, CRAM-MD5, DHE-RSA-CAMELLIA256-SHA "TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA" for %k leads to linebreaks in "tail -f" which makes it hard to follow while the proposd above contains any needed information and fits on a 27" screen in a single line, in case of unencrypted %cipher would be simply supressed cat maillog | grep imap | grep "OK, " cat maillog | grep imap | grep "failed, " cat maillog | grep pop3 | grep "OK, " cat maillog | grep pop3 | grep "failed, " -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From tss at iki.fi Sun Sep 22 01:42:53 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 01:42:53 +0300 Subject: [Dovecot] Logging pre-rewrite user ID for application-specific passwords In-Reply-To: <3C62E17B-2F42-4D0F-AFA8-6911E2DBBB06@cl.cam.ac.uk> References: <3C62E17B-2F42-4D0F-AFA8-6911E2DBBB06@cl.cam.ac.uk> Message-ID: <5D15F07E-27A6-4D90-936F-E4AD45DF39B7@iki.fi> On 27.8.2013, at 1.08, Steven Murdoch wrote: > I have set up Dovecot v2.2.5 with application-specific passwords, along the lines of this blog post (http://www.dgsiegel.net/news/2013_05_21-application_specific_passwords_for_dovecot). > > My users file looks like: > user-foo:{BLF-CRYPT}$2...:42:42::/home/user::allow_nets=127.0.0.1/32 user=user > user-bar:{BLF-CRYPT}$2...:42:42::/home/user::user=user > user:{BLF-CRYPT}$2...:42:42::/home/user::nologin > > In this way, user-foo can log in with one password (but only from localhost), user-bar can log in from any host with a different password, but both actually being treated as the same user. > > When these users log in through, the log entries look like: > Aug 26 23:03:01 hostname dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=12345, TLS > > Whereas I would like to see the original user name (prior to the re-write), i.e. user-foo and user-bar so I can keep track of which user names are in use and from where. > > Is there some way to do this? I couldn't see any of the variables being suitable. Added: http://hg.dovecot.org/dovecot-2.2/rev/a32eea97afc1 So you can use %{orig_user} in login_log_format_elements. From tss at iki.fi Sun Sep 22 01:46:05 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 01:46:05 +0300 Subject: [Dovecot] Error: file_dotlock_open() failed with file + Too many open files In-Reply-To: <1377600997.72588.YahooMailNeo@web193502.mail.sg3.yahoo.com> References: <1377600997.72588.YahooMailNeo@web193502.mail.sg3.yahoo.com> Message-ID: <88ABEA30-E0B2-430C-BF3D-416D3CCCA6BF@iki.fi> On 27.8.2013, at 13.56, Kavish Karkera wrote: > We are getting these below error on our IMAP server. > > is this because of open file limits.?? I guess it's because you have a virtual mailbox that consists of a ton of real mailboxes? Unfortunately the virtual mailboxes currently open all of the real mailboxes' index files immediately and keep them all open. This will be fixed some day in future, but for now you need enough file descriptors for them all. > We have set it to 4096. > > [root at vish conf.d]# ulimit -n > 4096 Dovecot's init script could have changed it. You need to look at the running dovecot process's limits to be sure: cat /proc/`pidof dovecot`/limits | grep 'Max open files' From tss at iki.fi Sun Sep 22 01:48:28 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 01:48:28 +0300 Subject: [Dovecot] Problem with MySQL virtual users and dsync In-Reply-To: <521D0E4D.20305@packethouse.com> References: <521D0E4D.20305@packethouse.com> Message-ID: On 27.8.2013, at 23.38, Jordan Cook wrote: > I am using SQL for both passdb, and userdb and this seems to work fine. The 'doveadm user' command returns all the correct information for the user. > > I am getting the following errors in my log file: > > > Aug 27 21:34:17 server dovecot: replicator: Error: userdb lookup: Connecting timed out I think I fixed this yesterday: http://hg.dovecot.org/dovecot-2.2/rev/8b3634d4c362 > Aug 27 21:34:17 server dovecot: replicator: Error: userdb lookup: Disconnected unexpectedly > Aug 27 21:34:20 server last message repeated 173381 times And this too: http://hg.dovecot.org/dovecot-2.2/rev/09f5e8d6b8d4 From tss at iki.fi Sun Sep 22 01:51:37 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 01:51:37 +0300 Subject: [Dovecot] verbose_proctitle cuts dsync to proctitle to "dsyn" In-Reply-To: <2a0lv9497av8@mids.svenhartge.de> References: <2a0lv9497av8@mids.svenhartge.de> Message-ID: <3E915CE0-4F41-44BC-BCDC-72D0642D54AF@iki.fi> On 28.8.2013, at 1.57, Sven Hartge wrote: > little cosmetic bug report: > > using "verbose_proctitle = yes" shortens the proctitle of dsync to just > "dsyn". I don't see any obvious reason for why that happens .. so: Use doveadm sync or doveadm backup instead of dsync. I'll probably add a warning to the dsync wrapper for v2.3 about it being obsolete and getting removed in future. Of course, the dsync man pages should be converted to doveadm-sync and doveadm-backup before this.. :) From tss at iki.fi Sun Sep 22 02:07:44 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 02:07:44 +0300 Subject: [Dovecot] mailbox_list_index, stops showing new mails in mailboxes In-Reply-To: <20130828084143.GO21522@acc.umu.se> References: <20130828084143.GO21522@acc.umu.se> Message-ID: On 28.8.2013, at 11.41, Anton Lundin wrote: > I'm having some weird problem with (probably) mailbox_list_index, > that it doesn't see new mail in mailboxes. > I'm using 2.2.4 over imap and ssh/imap, and after a while dovecot > stops noticing new mail in some folders. Its always the same 2-3 > folders of about 30. This should help: http://hg.dovecot.org/dovecot-2.2/rev/2a209302d064 From tss at iki.fi Sun Sep 22 02:11:03 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 02:11:03 +0300 Subject: [Dovecot] How to disable SSL and TLSv1.1? In-Reply-To: <5230F2CE.7020701@bluerosetech.com> References: <522E360B.2050505@bluerosetech.com> <522E5520.2010904@thelounge.net> <5230F2CE.7020701@bluerosetech.com> Message-ID: <10F08049-0C17-4598-90D3-697C98F94E01@iki.fi> On 12.9.2013, at 1.46, Darren Pilgrim wrote: > Would a user-submitted patch to add TLSv1.1 and TLSv1.2 support to ssl_protocols be appreciated? v2.2.5 already has them. From tss at iki.fi Sun Sep 22 02:20:57 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 02:20:57 +0300 Subject: [Dovecot] dovecot and PFS In-Reply-To: <5230A413.5090100@pinky.sax.de> References: <20130910075450.GA3628@homeworld.netbsd.org> <5230A413.5090100@pinky.sax.de> Message-ID: <87E194CD-2DA1-4CF2-A507-E1F599499631@iki.fi> On 11.9.2013, at 20.10, Frank Behrens wrote: > Hi Emmanuel! > > Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus: >> Hi >> >> Is there known advices on how to favor PFS with dovecot? >> >> In Apache, I use the following directives, with cause all modern >> browsers to adopt 256 bit PFS ciphers, while keeping backward >> compatibility with older browsers and avoiding BEAST attack: >> SSLProtocol all -SSLv2 >> SSLHonorCipherOrder On > > "SSLHonorCipherOrder" is not yet supported in dovecot. I use the following hack/patch: Added: http://hg.dovecot.org/dovecot-2.2/rev/897484f45a87 (Setting name copied from nginx.) From tss at iki.fi Sun Sep 22 02:25:05 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 02:25:05 +0300 Subject: [Dovecot] Solved: startup failures "net_listen_unix(...) failed: Invalid argument" In-Reply-To: <20130829002714.GA14411@pyropus.ca> References: <20130829002714.GA14411@pyropus.ca> Message-ID: <69F387DB-AB49-4AFE-866A-3B96E0C7EC81@iki.fi> On 29.8.2013, at 3.27, C. Mills wrote: > I ran into this and had a bit of trouble tracking a diagnosis down, so here it > is for the archives in case anyone else runs into this. > > A new installation of dovecot was failing to start, with these messages: > > $ ./sbin/dovecot > Error: service(imap-urlauth): > net_listen_unix(.../var/run/dovecot/token-login/imap-urlauth) failed: > Invalid argument > Error: service(auth): > net_listen_unix(.../var/run/dovecot/token-login/tokenlogin) failed: Invalid > argument > Fatal: Failed to start listeners > > Some of the other processes seemed to be starting up fine, and they created > sockets in the expected dir, but the above two wouldn't. stracing the > processes didn't show a lot, but eventually I checked the length of the > installation path, and found the above two socket paths were exceeding the > maximum path length limit for Unix sockets -- 108 chars on my Linux boxen. I > haven't checked SuS or Posix to see what the standards say the actual minimum > required size for the maximum path length is -- it might be shorter yet on > other systems. This should also make it clearer: http://hg.dovecot.org/dovecot-2.2/rev/07cc79e0041d So the new error will be net_listen_unix(..) failed: Value too large for defined data type From tss at iki.fi Sun Sep 22 02:47:50 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 02:47:50 +0300 Subject: [Dovecot] Logging passwords on auth failure/dealing with botnets In-Reply-To: References: Message-ID: <3F66A8DE-6A5A-408C-9271-7B5CDA06B677@iki.fi> On 30.8.2013, at 20.54, Michael Smith (DF) wrote: > We're already running fail2ban, but it doesn't seem that effective against botnets, when they only do one attempt per IP. Add that on top of load balancing between many servers... We've setup some rules to help, but still not that great. > > I've checked out several DNS BLs (those listed here, and some not), and at the most they have about 15-20 IPs out of the 8000+ that we've manually identified, and blocked, as botnet behavior. So, none of them seem effective/beneficial to us right now. > > That leaves us back to getting dovecot to log the tried password for unknown users. I'll admit that C is not my strong suit, but after poking around I've come up with a patch that appears to work. It hasn't been stress tested yet, so I don't know it's long term stability. Maybe someone more intimately familiar with the Dovecot code can review it, and maybe this could make it into the code base. This patch is against Dovecot 2.2.4, as that is what we have deployed at the moment. It would be weeks before we could begin to deploy to Dovecot 2.2.5. I guess it doesn't hurt to add this feature for everyone: http://hg.dovecot.org/dovecot-2.2/rev/4ce8f47d20af http://hg.dovecot.org/dovecot-2.2/rev/1f9294fbb118 > Also, is there a way to make the auth system report successful auths, with no option to report the password (or maybe ONLY report the hash if password debugging is enabled)? It's currently impossible to identify when a bot makes a successful auth. Dovecot doesn't report it, and postfix doesn't report it. Postfix only reports the authentication IF a message is actually sent through. These bots are only connecting, sending the auth command, and quitting. My best guess, based on the bulk of auth failures for a user, and when that user is used by a botnet is 1-8 weeks. So, if we could identify the bot's successful auth, we could warn the customer and/or force a password change before the account is used to send hundreds of thousands of spam. I'm not sure what you mean by this. Log the password also for successful connections? How would that help? From tss at iki.fi Sun Sep 22 03:03:06 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 03:03:06 +0300 Subject: [Dovecot] unusual dsync lines In-Reply-To: References: Message-ID: <4B776E73-04AF-48E1-84C3-7765926A7ADA@iki.fi> On 17.9.2013, at 6.25, Anand Kumria wrote: > Another day, another dysnc attempt. Using Dovecot v2.2.5.4; I see: Is it still duplicating mails? So if you first delete everything from destination directory, then run doveadm sync -1 twice it duplicates the mails? Or just gives them new UIDs without duplicating anything? I can't reproduce either with the latest hg version at least. There were a few fixes since v2.2.5, but I'm not sure if they were related to this. > # doveadm -v -o imapc_user=user at example.com -o imapc_password=password -o > imapc_host=imap.example.com -o imapc_port=993 -o imapc_ssl=imaps -o > imapc_ssl_dir=/etc/ssl -o imapc_feature=rfc822.size -o imapc_ssl_verify=no > sync -1 -R -u user at example.com imapc: > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8343, > msgid=<4F387A25.5010900 at example.com>, size=2954969 > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8344, > msgid=<5237B0BF.7030402 at example.com>, size=3371710 > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8345, > msgid=<5237B588.6040009 at example.com>, size=3266 > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8346, > msgid=<5237B6B4.2030203 at example.com>, size=4201 > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8347, > msgid=<5237B888.7030807 at example.com>, size=3371445 > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8348, > msgid=<5237C224.9010608 at example.com>, size=3371745 > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8349, > msgid=<5237C350.5080608 at example.com>, size=3371700 > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8350, > msgid=<5237C5EE.5030408 at example.com>, size=3371619 > dsync(user at example.com): Info: expunge: box=Drafts, uid=8209, msgid=< > 4F387A25.5010900 at example.com>, size=2954969 > > The interesting lines being uid=8209 and uid=8343; why would dsync both > copy and then expunge the same message from the same mailbox? I think "move" gets logged as copy+expunge. It probably just wanted to give a new UID to the message. Why it wanted to do that, I'm not sure .. One way to debug this would be to get rawlogs of the traffic between the two dsync brains, by running something like: doveadm sync -1 -r raw.log -R 'doveadm -o imapc_user=foo -o imapc_password=bar -o mail=imapc: dsync-server' The rawlog would then show why dsync does what it does. Also latest hg has some additional debug logging (doveadm -D), but it's still not in all the places so it might not be enough. From tss at iki.fi Sun Sep 22 03:20:35 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 03:20:35 +0300 Subject: [Dovecot] proxy: get rid of redundant log-informations In-Reply-To: <523E1DAE.1020503@thelounge.net> References: <520B9636.8080200@thelounge.net> < 8CAB6011-276E-4F74-9BD4-C6AC4F6F5360@iki.fi> <523E18A1.80508@thelounge.net> <523E1B46.6060405@thelounge.net> <523E1DAE.1020503@thelounge.net> Message-ID: On 22.9.2013, at 1.29, Reindl Harald wrote: >>> if fact i would only need "login_log_format = %s" but in case of failed logins >>> and dictionary attacks with unknown users "%u" is empty - if %u would *always* >>> contain the used loginname, wether if it was successful or not i would have >>> any needed information without the duplication %u always has username as long as client sent it. >> errta - the problem maybe was in cased of failed logins you see no >> difference without %$ comapred to a succesfull login >> >> login_log_format_elements = status=%status <%u> %r %m %c >> login_log_format = %s >> >> would perfectly solve this while %status or whatever placeholder would be failed / success > > sorry for the spam and not put it in one reply > > login_log_format_elements = %status <%u> %r %m %c %cipher > login_log_format = %s > > Sep 21 18:39:47 localhost dovecot: imap-login: OK, , 192.168.2.2, CRAM-MD5, DHE-RSA-CAMELLIA256-SHA > > "TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA" for %k leads to linebreaks in "tail -f" which > makes it hard to follow while the proposd above contains any needed information and fits > on a 27" screen in a single line, in case of unencrypted %cipher would be simply supressed > > cat maillog | grep imap | grep "OK, " > cat maillog | grep imap | grep "failed, " > > cat maillog | grep pop3 | grep "OK, " > cat maillog | grep pop3 | grep "failed, " %$ is the status, so you're asking for another status variable. Something like in the attached patch, where you can replace %$ with %{login_status}? -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: application/octet-stream Size: 785 bytes Desc: not available URL: From tss at iki.fi Sun Sep 22 03:46:30 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 03:46:30 +0300 Subject: [Dovecot] permission problem when using public namespace and "subscription = yes" In-Reply-To: <20130904162039.726bde3e@achilles.local.net> References: <20130904162039.726bde3e@achilles.local.net> Message-ID: <6B2B225A-CA80-41ED-9DA5-D82471F50F7C@iki.fi> On 4.9.2013, at 17.20, Lars Uhlmann wrote: > I have configured an public namespace "Test" for a group of users: > > | namespace public { > | separator = . > | prefix = Test. > | location = maildir:/mailroot/public/Test > | hidden = no > | list = yes > | subscriptions = yes > | } > > Using each users own subscription file for a public mailbox doesn't > make sense when the mailbox is heavily used. Every directory operation > (create/rename) needs to be synced between all subscribers > automatically and immediately. So I set "subscriptions = yes". > > My ACLS look like this: > > | user=mark lrwstiekx > | user=tim lrwstiekx > | user=max lr > | user=jenny lrwstiekx > | user=louis lr > > > Nevertheless _all_ my mail users still have access to the namespace's > directory tree. > It is my understanding that when a user doesn't has 'lookup' access, he > should not be able to subscribe to this mailbox. > In my opinion this is a security problem. ACLs must be processed > _before_ a shared subscrition file is parsed. Well, it shouldn't happen in all situations. It's comparable to deleting a subscribed mailbox, which also doesn't remove the subscription automatically. But yeah, I guess the behavior can be changed for your use case: http://hg.dovecot.org/dovecot-2.2/rev/1cf67db75455 I think a better solution would be to still have a per-user subscriptions file, but automatically subscribe to newly seen shared folders that are marked with autosubscribe-flag. Of course, there's currently no way to do that. From tss at iki.fi Sun Sep 22 03:48:42 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 03:48:42 +0300 Subject: [Dovecot] login_log_format_elements does not appear to be changing log format 2.2.5 In-Reply-To: <52277C19.4020001@gmail.com> References: <52277C19.4020001@gmail.com> Message-ID: <042FDFA5-9CCF-43CC-9801-A7FCF613F31D@iki.fi> On 4.9.2013, at 21.29, Chris wrote: > login_log_format_elements does not seem to change the login logs. I have it set to the below setting and the word "home" does not even appear. Is there something I have to do to for this? Also I use ldap for authentication. %h isn't a valid variable in there. It expands to empty, so it's not added to the log. There's no way to log the home directory in there, because auth process doesn't send it to the login process (and actually it hasn't even gotten around to looking it up at that point). From h.reindl at thelounge.net Sun Sep 22 04:13:10 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 22 Sep 2013 03:13:10 +0200 Subject: [Dovecot] proxy: get rid of redundant log-informations In-Reply-To: References: <520B9636.8080200@thelounge.net> < 8CAB6011-276E-4F74-9BD4-C6AC4F6F5360@iki.fi> <523E18A1.80508@thelounge.net> <523E1B46.6060405@thelounge.net> <523E1DAE.1020503@thelounge.net> Message-ID: <523E4426.6000505@thelounge.net> Am 22.09.2013 02:20, schrieb Timo Sirainen: > On 22.9.2013, at 1.29, Reindl Harald wrote: >> login_log_format_elements = %status <%u> %r %m %c %cipher >> login_log_format = %s >> >> Sep 21 18:39:47 localhost dovecot: imap-login: OK, , 192.168.2.2, CRAM-MD5, DHE-RSA-CAMELLIA256-SHA >> >> "TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA" for %k leads to linebreaks in "tail -f" which >> makes it hard to follow while the proposd above contains any needed information and fits >> on a 27" screen in a single line, in case of unencrypted %cipher would be simply supressed >> >> cat maillog | grep imap | grep "OK, " >> cat maillog | grep imap | grep "failed, " >> >> cat maillog | grep pop3 | grep "OK, " >> cat maillog | grep pop3 | grep "failed, " > > %$ is the status, so you're asking for another status variable. Something like in the attached patch, where you can replace %$ with %{login_status}? *exactly* that's it - many thanks! %{login_status} -> ab[2].value = client->login_success ? "OK" : "Failed"; in case of deeper debugging one can always set "%$" temporary when we can get rid of "TLSv1 with cipher" and only have the cipher the log would become really tiny and easy to follow without too much linebreaking - not to forget the logsize in case of a lot of POP3 users every few minutes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From tss at iki.fi Sun Sep 22 04:43:07 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 04:43:07 +0300 Subject: [Dovecot] fdatasync -- Error -- bad file descriptor In-Reply-To: References: Message-ID: <7F134B71-48BD-4FF0-9B07-3B7AB69233C1@iki.fi> On 9.9.2013, at 9.54, Vijay Rajah wrote: > Ok I finally figured it... > > It was because of improper permissions for the attachments folder.... I did > an strace and found this. > > Once I changed the permision to the attachments folder it was alright.. > > I think this is a bug... it must check and fail and report a proper error > message.. instead of this cryptic error? I did various fixes related to this. The new error message looks like this: Sep 22 04:36:44 lda(tss 11769 ): Error: read(stdin) failed: Couldn't create attachment /tmp/mdbox/attachments/95/84/9584a63bd21ba5db6c92f6efb162c46f9e351d16-7a1fa036ac493e52f92d00007049b30b: mkdir_parents(/tmp/mdbox/attachments/95/84) failed: Permission denied From tss at iki.fi Sun Sep 22 06:07:30 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 06:07:30 +0300 Subject: [Dovecot] Read-only account through INDEX=MEMORY:CONTROL=MEMORY and non-writable Unix-permissions In-Reply-To: References: Message-ID: On 9.9.2013, at 14.52, Steffen Kaiser wrote: > my goal is to provide a special mailbox for some mail accounts. The user should get the information, to look somewhere else. The user must not change anything at all. I also don't want to provide a mailbox for each user. > > I got the setup below, which seems to run with Dovecot v2.2; however, "CONTROL=MEMORY" is not documented. Is the setup stable for next versions of Dovecot or is CONTROL=MEMORY not a feature, but a bug? CONTROL=MEMORY means that it's actually using a directory named MEMORY in the home directory. From noel.butler at ausics.net Sun Sep 22 06:16:59 2013 From: noel.butler at ausics.net (Noel Butler) Date: Sun, 22 Sep 2013 13:16:59 +1000 Subject: [Dovecot] LDA quota rejection In-Reply-To: <523D5DF9.2000504@mail.cgilfe.it> References: <523D5DF9.2000504@mail.cgilfe.it> Message-ID: <1379819819.5593.20.camel@tardis> Dovecot should never generate a message to send to sender, this is classified as backscatter. Your MTA should get the quota answer from dovecot when the sender connects, and tries to mail and fail then, it is the MTA (maillog file) you need to look at to see why your MTA is not tempfailing the connection. On Sat, 2013-09-21 at 10:51 +0200, Davide wrote: > Hi to all, i have dovecot 2.2.5 and i have implemented lda rejection > through quota full > this is my dovecot conf > > protocol lda { > mail_fsync = optimized > auth_socket_path = /usr/local/var/run/dovecot/auth-userdb > deliver_log_format = msgid=<%f>-<%s>-%m: %$ > hostname = mail.cgilfe.it > info_log_path = /var/log/dovecot/dovecot-deliver.log > log_path = /var/log/dovecot/dovecot-deliver.log > mail_plugin_dir = /usr/local/lib/dovecot > mail_plugins = $mail_plugins mail_log sieve > postmaster_address = postmaster at mail.cgilfe.it > rejection_subject = Rifiutato: %s > rejection_reason = Messaggio a <%t> automaticamente rifiutato:%n%r > submission_host = 192.16X.XXX.XX0 > } > If user over quota receive a messagge internally all is ok but if the > user receive a mail from external domains nothing to the sender is sentback. > Thanks in advance to all for possible help. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From tss at iki.fi Sun Sep 22 06:31:38 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 06:31:38 +0300 Subject: [Dovecot] Dovecot 2.0, 2.1 and 2.2.5 core dump when Quota Plugin (FS) is enabled In-Reply-To: <1378808759.12335.26.camel@fx.intern> References: <1378808759.12335.26.camel@fx.intern> Message-ID: On 10.9.2013, at 13.25, Harald Strack wrote: > Sep 10 11:17:04 imap(strack): Panic: file mbox-storage.c: line 712 (mbox_transaction_unlock): assertion failed: (mbox->box.transaction_count > 0 || mbox->mbox_lock_type == F_UNLCK) .. > #5 0x0000003c786600c0 in mbox_transaction_unlock (box=0x1a51270, lock_id=) at mbox-storage.c:711 > #6 0x00007f95c08c77e7 in quota_mailbox_transaction_rollback (ctx=0x1a589e0) at quota-storage.c:142 > #7 0x00007f95c08c7218 in quota_mailbox_sync_notify (box=0x1a51270, uid=0, sync_type=0) at quota-storage.c:301 > #8 0x0000003c7865fea8 in mbox_sync (mbox=0x1a51270, flags=) at mbox-sync.c:2006 > #9 0x0000003c78657c07 in mbox_transaction_save_commit_post (_ctx=0x1a53e20, result=) at mbox-save.c:807 > #10 0x0000003c786a5313 in index_transaction_index_commit (index_trans=0x1a5a530, result_r=0x7fff1c87f190) at index-transaction.c:50 > #11 0x0000003c786b3cdf in mail_index_transaction_commit_full (_t=0x7fff1c87f1b8, result_r=0x7fff1c87f190) at mail-index-transaction.c:251 > #12 0x0000003c786a4f5a in index_transaction_commit (t=, changes_r=) at index-transaction.c:132 > #13 0x0000003c78660121 in mbox_transaction_commit (t=, changes_r=) at mbox-storage.c:729 > #14 0x00007f95c08c78af in quota_mailbox_transaction_commit (ctx=0x1a5a390, changes_r=0x7fff1c87f260) at quota-storage.c:124 > #15 0x0000003c7867aa9e in mailbox_transaction_commit_get_changes (_t=, changes_r=0x7fff1c87f260) at mail-storage.c:1515 Fixed: http://hg.dovecot.org/dovecot-2.2/rev/afc8c800f6ca From tss at iki.fi Sun Sep 22 06:33:18 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 06:33:18 +0300 Subject: [Dovecot] Error: BUG: Worker sent reply with id 393, expected 394 In-Reply-To: <460aa9d2.15832.14106ab403d.Coremail.liuyingying5496@126.com> References: <460aa9d2.15832.14106ab403d.Coremail.liuyingying5496@126.com> Message-ID: <0AE192B0-15E9-4EB5-B172-5B600C438FE5@iki.fi> On 10.9.2013, at 9.59, ??? wrote: > hi dovecot: > when i login 100 users with imap protocol ,Someusers appeared a BUG in maillog like : > > Sep 10 09:05:22 auth(default): Error: BUG: Worker sent reply with id 393, expected 394 > Sep 10 09:05:22 auth(default): Error: worker-server(q82 at t.com,10.12.80.3): Aborted: Worker is buggy > Sep 10 09:05:22 auth(default): Error: BUG: Worker sent reply with id 31, expected 32 > Sep 10 09:05:22 auth(default): Error: worker-server(q95 at t.com,10.12.80.3): Aborted: Worker is buggy > Sep 10 09:05:22 auth(default): Error: BUG: Worker sent reply with id 32, expected 33 > Sep 10 09:05:22 auth(default): Error: worker-server(q99 at t.com,10.12.80.3): Aborted: Worker is buggy > Sep 10 09:05:22 auth(default): Error: BUG: Worker sent reply with id 29, expected 30 > Sep 10 09:05:22 auth(default): Error: worker-server(q22 at t.com,10.12.80.3): Aborted: Worker is buggy > Sep 10 09:05:22 imap-login: Info: Internal login failure (auth failed, 1 attempts): user=, method=PLAIN, rip=10.12.80.3, lip=10.12.80.6 I haven't heard of this happening ever before. What's your doveconf -n output? From tss at iki.fi Sun Sep 22 06:51:18 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 06:51:18 +0300 Subject: [Dovecot] DH Parameter In-Reply-To: References: Message-ID: <491DCD43-DD27-4571-B495-AA54C386A694@iki.fi> On 10.9.2013, at 22.57, Dimi - <00tj45 at gmail.com> wrote: > Hi! > Is there any possibility to let dovecot serve >1024 Bit DH Parameters at > SSL/TLS-connections? Is it possible to replace > /var/lib/dovecot/ssl-parameters.ssl with DH-parameter generated by openssl? > > If not: Are there any plans to implement that? It would be simple enough to add support for more bits, but I don't know how SSL_CTX_set_tmp_dh_callback() is supposed to select between them. Should it do it based on the keylength parameter or should it just always use the highest bits parameter? How much does using larger DH keys use CPU from server and/or client? Should this be configurable? Maybe it would be a good idea to allow OpenSSL DH parameters compatible files.. All in all: I don't know enough about SSL to be very confident on how to implement this properly. From tss at iki.fi Sun Sep 22 06:59:30 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 06:59:30 +0300 Subject: [Dovecot] Dsync error: Failed to set attribute vendor/vendor.dovecot/pvt/sieve/default In-Reply-To: <20130912162315.443801cf@work> References: <20130912162315.443801cf@work> Message-ID: <3BA7F654-C6BA-4D25-87E4-71CAB608782A@iki.fi> On 12.9.2013, at 15.23, Aleksey Tsvetkov wrote: > dovecot: dsync-local(bob at aaa.com): Error: Mailbox INBOX: Failed to set attribute vendor/vendor.dovecot/pvt/sieve/default: Invalid value for default sieve attribute No idea .. The attached patch shows what value it's trying to use. That could help explain what's going on. -------------- next part -------------- A non-text attachment was scrubbed... Name: doveadm-sieve-debug.diff Type: application/octet-stream Size: 1042 bytes Desc: not available URL: -------------- next part -------------- From tss at iki.fi Sun Sep 22 07:02:02 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 07:02:02 +0300 Subject: [Dovecot] problem with dovecot replication over tcp In-Reply-To: References: Message-ID: <2D4F031B-2E9B-4EFA-81E8-E870DA1965F0@iki.fi> On 16.9.2013, at 13.45, nik600 wrote: > Sep 16 12:42:18 auth: Error: passdb(root,xx): Auth client doesn't have > permissions to do a PASS lookup: /var/run/dovecot/auth-userdb mode=0666, > but not owned by UID 1002(vmail) .. > #chown vmail /var/run/dovecot/auth-userdb > > But the error is the same. Here's one possibility: service auth { unix_listener auth-userdb { user = vmail mode = 0600 } } Another possibility is to use mode=0777 and it gives everyone permissions. From tss at iki.fi Sun Sep 22 07:22:02 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 07:22:02 +0300 Subject: [Dovecot] Attachment file larger than expected In-Reply-To: <523AE204.40903@um.es> References: <523AE204.40903@um.es> Message-ID: <26AEDF2F-2D20-414A-B6A7-528E25A90565@iki.fi> On 19.9.2013, at 14.37, Angel L. Mateo wrote: > I'm using dovecot 2.1.16 with SiS configured as: > > Sep 18 15:46:32 myotis51 dovecot: imap(igd): Error: Attachment file /mail/users/attachments/16/b0/16b0b2023a903db14d7f7bcdb1cc04c3f67a4fcb-b32c0a2aa6ae39527c870000a9061514 larger than expected (235866) That's a bug, but it's not very easy to see what's wrong.. v2.2 gives somewhat better error message about this. And the upcoming v2.2.6 will have even better error message here. Of course, having better error messages doesn't really fix the problem itself. I'm not sure but I think there are some fixes related to this in v2.2, so simply upgrading might help (although it won't fix any old attachment files if they were written wrong). From tss at iki.fi Sun Sep 22 07:29:58 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 07:29:58 +0300 Subject: [Dovecot] Passing info from mail process to mail_filter plugin script? In-Reply-To: <20130921173240.GB1722@pyropus.ca> References: <20130921173240.GB1722@pyropus.ca> Message-ID: <6684A9E4-B9B2-40E8-A2BF-5A537FBD9DF3@iki.fi> On 21.9.2013, at 20.32, Charles Cazabon wrote: > The mail_filter plugin allows you to pass messages through an external > script/command on the way into and out of the Maildir/mbox/etc mail store. > With the recent/new version of the plugin, this seems to work correctly. > > However, my mail-filter script (for filtering messages on the way from the > mail store through the IMAP process to a remote client) needs some extra info > from the IMAP mail process. I'm having difficulty figuring out how this can > be accomplished. > > Ideally, I'd like to pass another open file descriptor (opened in the IMAP > process) to the script, but I'm not sure if this is possible. Opening the > file in the IMAP main.c fails, presumably due to file descriptor limits, but I > don't see where restrict_fd_limit() is called there. imap process communicates with the mail_filter process via UNIX socket. It would be possible to pass a file descriptor, but it would need motifications to both the mail-filter/[io]stream-ext-filter.c and to src/util/script.c to use fd_send() and fd_recv(). Without modifications the only way to pass data is via the plugin { mail_filter } parameters, such as the %u expanding to username in the example. If you want some other parameters that don't exist in %variables (they get expanded immediately when the imap process starts), you need to modify for example mail-filter-plugin.c where it passes muser->args and muser->out_args to [io]_stream_create_ext_filter(). From tss at iki.fi Sun Sep 22 07:35:22 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 07:35:22 +0300 Subject: [Dovecot] Index error copying compressed message In-Reply-To: <72E20246-A20D-4B55-A90C-8EA10BD74719@tucows.com> References: <72E20246-A20D-4B55-A90C-8EA10BD74719@tucows.com> Message-ID: On 19.9.2013, at 23.59, Richard Platel wrote: > Dovecot 2.2, with the zlib plugin, I think we're getting bad index entries on IMAP COPY. > > On copying a message to an empty folder, in the dovecot error log I see: > > Sep 19 20:34:25 imap01 dovecot: imap(grain at rp-auth-test.com): Error: Cached message size smaller than expected (615 < 971) > Sep 19 20:34:25 imap01 dovecot: imap(grain at rp-auth-test.com): Error: Corrupted index cache file /mail/index01/434/860/grain at rp-auth-test.com/.Bup/dovecot.index.cache: Broken physical size for mail UID 0 > Sep 19 20:34:25 imap01 dovecot: imap(grain at rp-auth-test.com): Error: read() failed: Invalid argument (uid=0) > > (Note this happens from the copy operation, not a subsequent access. Also note the UID is always 0). UID=0 means that it's trying to get the size for the mail that is still being saved (so not the copy source mail). You mean you can easily reproduce this simply by copying a mail to a newly created folder? I couldn't. Try if you can still reproduce it with a smaller config, especially removing non-zlib plugins. From tss at iki.fi Sun Sep 22 07:40:29 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 07:40:29 +0300 Subject: [Dovecot] (Maybe stupid) question about selecting mailbox In-Reply-To: <8738q40xux.fsf@alfa.kjonca> References: <8738q40xux.fsf@alfa.kjonca> Message-ID: <7760BF72-E445-4F89-8A31-8B3AEE96DCE2@iki.fi> On 21.8.2013, at 2.02, Kamil Jo?ca wrote: > Does mailbox with "\NoSelect" can be select or examine? > > I'm not sure but IMVHO "select x" should not work. .. > mail_location = maildir:~/Mail/1:LAYOUT=fs:INBOX=~/Mail/1/INBOX Fixed: http://hg.dovecot.org/dovecot-2.2/rev/6942a3da740c From tss at iki.fi Sun Sep 22 07:45:03 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 07:45:03 +0300 Subject: [Dovecot] pop3c migration? In-Reply-To: <51EBC0BC.8030701@gedalya.net> References: <51E6739C.5030001@gedalya.net> <51EBC0BC.8030701@gedalya.net> Message-ID: <23600FC5-FDF2-4310-89E2-908A44D519D5@iki.fi> On 21.7.2013, at 14.06, Gedalya wrote: > OK so now I tried a doveadm backup -R with pop3c using dovecot 2.2.4 (50117c22151e) (auto build) and it works fine, and indeed very fast. > > Funny, I ran into a segmentation fault by mistakenly passing pop3c_password instead of imapc_password, thought it would be worth posting. Fixed: http://hg.dovecot.org/dovecot-2.2/rev/1a5d92b8d3d5 > I'm using the cutting-edge dovecot over NFS storing to the production server running 2.1.7. I'll be seeing "Corrupted index cache file .. Invalid magic in hole header" when every account logs in for the first time post-migration. Is this OK? I'm using Maildir. You should run at least v2.1.11, which adds support for v2.2 index changes. Now when those errors are happening, the entire cache file gets deleted and the performance gets worse. From matthew at eeph.com Sun Sep 22 08:27:11 2013 From: matthew at eeph.com (Matthew Kaufman) Date: Sat, 21 Sep 2013 22:27:11 -0700 Subject: [Dovecot] doveadm sync only creates directories, don't sync messages? Message-ID: <523E7FAF.4060100@eeph.com> Running Dovecot 2.1.7. I'm trying to migrate from an environment with mbox files to a maildir configuration. I remove all vestiges of my maildir over in /var/mail I put my old mailboxes in ./Mail and my old inbox in ./matthew. I issue this command: doveadm sync -u matthew at matthew.at mbox:./Mail:INBOX=./matthew Initially it gave me errors about separator, so I set the separator in the inbox namespace to "/" explicitly. Now that I've done that, and re-run it, over in the right place /var/mail, it creates "matthew" and a subdirectory "Mail". That's it. Doesn't take long to do it, either. But it doesn't copy any messages at all. I must be doing something wrong... but what? Matthew Kaufman matthew at eeph.com From e-man at gportal.hu Sun Sep 22 10:11:04 2013 From: e-man at gportal.hu (Holecz Endre) Date: Sun, 22 Sep 2013 09:11:04 +0200 Subject: [Dovecot] =?utf-8?q?mdbox_index_directories=3A_bug=3F?= Message-ID: Hi, I'm using mdbox now (Dovecot 2.2.4), with indexes on a separate disk. Works fine, but the directories for indexes are also present in the storage folder, and are empty. Userdb (sql) returns this: home /var/vmail/domains/somedomain/someuser mail mdbox:~/mdbox:INDEX=/mnt/spool/dovecot/index/somedomain/s/someuser And the created directory structure is: /var/vmail/domains/somedomain/someuser /mdbox /mailboxes /INBOX /dbox-Mails /storage /mnt/spool/dovecot/index/somedomain/s/someuser /mailboxes /INBOX /storage /var/vmail/domains/somedomain/someuser/mdbox/mailboxes/* is always empty. Am I doing something wrong, or is this by design? :) Regards, Endre From tss at iki.fi Sun Sep 22 10:22:12 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 22 Sep 2013 10:22:12 +0300 Subject: [Dovecot] mdbox index directories: bug? In-Reply-To: References: Message-ID: <51EF0A30-CA98-4D71-8A88-293B0D39D20F@iki.fi> It's by design. The empty directories are the list of folders that you have. On 22.9.2013, at 10.11, Holecz Endre wrote: > > > Hi, > > I'm using mdbox now (Dovecot 2.2.4), with indexes on a > separate disk. Works fine, but the directories for indexes are also > present in the storage folder, and are empty. Userdb (sql) returns this: > > > home /var/vmail/domains/somedomain/someuser > mail > mdbox:~/mdbox:INDEX=/mnt/spool/dovecot/index/somedomain/s/someuser > > And > the created directory structure is: > > > /var/vmail/domains/somedomain/someuser > /mdbox > /mailboxes > /INBOX > > /dbox-Mails > /storage > > /mnt/spool/dovecot/index/somedomain/s/someuser > > /mailboxes > /INBOX > > /storage > > /var/vmail/domains/somedomain/someuser/mdbox/mailboxes/* is > always empty. Am I doing something wrong, or is this by design? :) > > > Regards, > Endre From tsvetkov_av at grandvision.ru Sun Sep 22 11:37:12 2013 From: tsvetkov_av at grandvision.ru (=?UTF-8?B?0KbQstC10YLQutC+0LIg0JDQu9C10LrRgdC10Lk=?=) Date: Sun, 22 Sep 2013 12:37:12 +0400 Subject: [Dovecot] Dsync error: Failed to set attribute vendor/vendor.dovecot/pvt/sieve/default In-Reply-To: <3BA7F654-C6BA-4D25-87E4-71CAB608782A@iki.fi> References: <20130912162315.443801cf@work> <3BA7F654-C6BA-4D25-87E4-71CAB608782A@iki.fi> Message-ID: <20130922123712.479c1a64@grandvision.ru> I installed with a patch. In a log there was my sieve file. Example log: dovecot: dsync-local(bob at aaa.com): Error: Mailbox INBOX: Failed to set attribute vendor/vendor.dovecot/pvt/sieve/default: Invalid value for default sieve attribute: ?require ["fileinto", "envelope"]; dovecot: doveadm: Error: if envelope :localpart :is "from" ["monit", "monitor"] { dovecot: doveadm: Error: fileinto "INBOX.Monit"; dovecot: doveadm: Error: stop; dovecot: doveadm: Error: } dovecot: doveadm: Error: elsif address :is "from" "MAILER-DAEMON at aaa.com" { dovecot: doveadm: Error: fileinto "INBOX.mailer-daemon"; Sep 22 10:17:55 ares dovecot: doveadm: Error: stop; dovecot: doveadm: Error: } dovecot: doveadm: Error: elsif address :is "from" ["1 at example.com", "pm at example.com"] { dovecot: doveadm: Error: fileinto "INBOX.ling"; dovecot: doveadm: Error: stop; dovecot: doveadm: Error: } dovecot: doveadm: Error: elsif address :is "from" "h dovecot: dsync-local(bob at aaa.com): Error: g at aaa.com" { dovecot: doveadm: Error: fileinto "INBOX.hg"; dovecot: doveadm: Error: stop; dovecot: doveadm: Error: } dovecot: doveadm: Error: elsif envelope :domain :is "from" ["mail.aaa.com", "z.aaa.com", "a.aaa.com", dovecot: doveadm: Error: "h.aaa.com", "mx1.aaa.com", "mx2.aaa.com", dovecot: doveadm: Error: "web1.aaa.com", "web2.aaa.com", dovecot: doveadm: Error: "pg1.aaa.com", "pg2.aaa.com"] { dovecot: doveadm: Error: fileinto "INBOX.System"; dovecot: doveadm: Error: stop; dovecot: doveadm: Error: } dovecot: doveadm: Error: elsif header :contains "X-AAA-Spam" "Yes" { dovecot: doveadm: Error: fileinto "Junk"; dovecot: doveadm: Error: stop; dovecot: doveadm: Error: } dovecot: doveadm: Error: else { dovecot: doveadm: Error: keep; dovecot: doveadm: Error: } dovecot: doveadm: Error: On Sun, 22 Sep 2013 06:59:30 +0300 Timo Sirainen ?????: >On 12.9.2013, at 15.23, Aleksey Tsvetkov wrote: > >> dovecot: dsync-local(bob at aaa.com): Error: Mailbox INBOX: Failed to set attribute >> vendor/vendor.dovecot/pvt/sieve/default: Invalid value for default sieve attribute > >No idea .. The attached patch shows what value it's trying to use. That could help explain what's >going on. -- Best regards, Aleksey Tsvetkov System Administrator Company Grand Vision tel. +7(495)933-39-79, ext. 184 From stephan at rename-it.nl Sun Sep 22 12:51:36 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Sun, 22 Sep 2013 11:51:36 +0200 Subject: [Dovecot] Dsync error: Failed to set attribute vendor/vendor.dovecot/pvt/sieve/default In-Reply-To: <20130922123712.479c1a64@grandvision.ru> References: <20130912162315.443801cf@work> <3BA7F654-C6BA-4D25-87E4-71CAB608782A@iki.fi> <20130922123712.479c1a64@grandvision.ru> Message-ID: <523EBDA8.1080206@rename-it.nl> On 9/22/2013 10:37 AM, ??????? ??????? wrote: > I installed with a patch. In a log there was my sieve file. This should fix it: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/3163f3696498 Regards, Stephan. From tsvetkov_av at grandvision.ru Mon Sep 23 09:03:41 2013 From: tsvetkov_av at grandvision.ru (Aleksey Tsvetkov) Date: Mon, 23 Sep 2013 10:03:41 +0400 Subject: [Dovecot] Dsync error: Failed to set attribute vendor/vendor.dovecot/pvt/sieve/default In-Reply-To: <523EBDA8.1080206@rename-it.nl> References: <20130912162315.443801cf@work> <3BA7F654-C6BA-4D25-87E4-71CAB608782A@iki.fi> <20130922123712.479c1a64@grandvision.ru> <523EBDA8.1080206@rename-it.nl> Message-ID: <20130923100341.2c0ba542@work> Thanks! It works! On Sun, 22 Sep 2013 11:51:36 +0200 Stephan Bosch writes: >On 9/22/2013 10:37 AM, ??????? ??????? wrote: >> I installed with a patch. In a log there was my sieve file. > >This should fix it: > >http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/3163f3696498 > >Regards, > >Stephan. > > -- Best regards, Aleksey Tsvetkov System Administrator Company Grand Vision tel. +7(495)933-39-79, ext. 184 From charlesc-dovecot at pyropus.ca Mon Sep 23 00:11:15 2013 From: charlesc-dovecot at pyropus.ca (Charles Cazabon) Date: Sun, 22 Sep 2013 15:11:15 -0600 Subject: [Dovecot] Passing info from mail process to mail_filter plugin script? In-Reply-To: <6684A9E4-B9B2-40E8-A2BF-5A537FBD9DF3@iki.fi> References: <20130921173240.GB1722@pyropus.ca> <6684A9E4-B9B2-40E8-A2BF-5A537FBD9DF3@iki.fi> Message-ID: <20130922211115.GA3985@pyropus.ca> Timo Sirainen wrote: > On 21.9.2013, at 20.32, Charles Cazabon wrote: > > > > However, my mail-filter script (for filtering messages on the way from the > > mail store through the IMAP process to a remote client) needs some extra info > > from the IMAP mail process. I'm having difficulty figuring out how this can > > be accomplished. > > > > Ideally, I'd like to pass another open file descriptor (opened in the IMAP > > process) to the script, but I'm not sure if this is possible. [...] > imap process communicates with the mail_filter process via UNIX socket. It > would be possible to pass a file descriptor, but it would need motifications > to both the mail-filter/[io]stream-ext-filter.c and to src/util/script.c to > use fd_send() and fd_recv(). Thanks for the response, Timo. Okay, given that this looks a little more complex than the other route, I decided to try your suggestion of adding a new % variable which I can supply in the mail_filter plugin configuration as a commandline argument to the filter script. > If you want some other parameters that don't exist in %variables > (they get expanded immediately when the imap process starts), you need to > modify for example mail-filter-plugin.c where it passes muser->args and > muser->out_args to [io]_stream_create_ext_filter(). I *think*, if I'm reading the code correctly, that it might be simpler in my particular case to modify the var_expand_table directly. The info I want to pass to the filter becomes available in the imap code shortly after login (actually immediately after client_add_input()), so unfortunately it's just after settings_var_expand() is called in src/imap/main.c:client_create_from_input(). I hacked in some code to change the table at that point (i.e. just before client_create_from_input() returns), but it seems the table has already been used to expand the vars by then, i.e. I'm just too late and my new variable isn't recognized/expanded. Would a simple, ugly hack like calling settings_var_expand() a second time be sufficient to get my new % variable added here? Charles -- ----------------------------------------------------------------------- Charles Cazabon GPL'ed software available at: http://pyropus.ca/software/ ----------------------------------------------------------------------- From e-man at gmail.hu Sun Sep 22 10:27:22 2013 From: e-man at gmail.hu (Holecz Endre) Date: Sun, 22 Sep 2013 09:27:22 +0200 Subject: [Dovecot] =?utf-8?q?mdbox_index_directories=3A_bug=3F?= In-Reply-To: References: Message-ID: <2b2d5937473f9c599496fd0a21aabedb@gmail.hu> Ohh, the directory structure in a somewhat more readable form: /var/vmail/domains/somedomain/someuser/ /var/vmail/domains/somedomain/someuser/mdbox/ /var/vmail/domains/somedomain/someuser/mdbox/mailboxes/ /var/vmail/domains/somedomain/someuser/mdbox/mailboxes/INBOX/ /var/vmail/domains/somedomain/someuser/mdbox/mailboxes/INBOX/dbox-Mails/ Of course there are directories for all other imap folders, and they are all empty. On Sun, 22 Sep 2013 09:11:04 +0200, Holecz Endre wrote: > Hi, > > I'm using mdbox now (Dovecot 2.2.4), with indexes on a > separate disk. Works fine, but the directories for indexes are also > present in the storage folder, and are empty. Userdb (sql) returns this: > > home /var/vmail/domains/somedomain/someuser > mail > mdbox:~/mdbox:INDEX=/mnt/spool/dovecot/index/somedomain/s/someuser > > And > the created directory structure is: > > /var/vmail/domains/somedomain/someuser > /mdbox > /mailboxes > /INBOX > > /dbox-Mails > /storage > > /mnt/spool/dovecot/index/somedomain/s/someuser > > /mailboxes > /INBOX > > /storage > > /var/vmail/domains/somedomain/someuser/mdbox/mailboxes/* is > always empty. Am I doing something wrong, or is this by design? :) > > Regards, > Endre From e-man at gmail.hu Sun Sep 22 10:27:55 2013 From: e-man at gmail.hu (Holecz Endre) Date: Sun, 22 Sep 2013 09:27:55 +0200 Subject: [Dovecot] =?utf-8?q?mdbox_index_directories=3A_bug=3F?= In-Reply-To: <51EF0A30-CA98-4D71-8A88-293B0D39D20F@iki.fi> References: <51EF0A30-CA98-4D71-8A88-293B0D39D20F@iki.fi> Message-ID: <682b22d7d09f583d5e8dbdea7165e1d8@gmail.hu> I see, thank you. On Sun, 22 Sep 2013 10:22:12 +0300, Timo Sirainen wrote: > It's by design. The empty directories are the list of folders that you have. > > On 22.9.2013, at 10.11, Holecz Endre wrote: > >> Hi, I'm using mdbox now (Dovecot 2.2.4), with indexes on a separate disk. Works fine, but the directories for indexes are also present in the storage folder, and are empty. Userdb (sql) returns this: home /var/vmail/domains/somedomain/someuser mail mdbox:~/mdbox:INDEX=/mnt/spool/dovecot/index/somedomain/s/someuser And the created directory structure is: /var/vmail/domains/somedomain/someuser /mdbox /mailboxes /INBOX /dbox-Mails /storage /mnt/spool/dovecot/index/somedomain/s/someuser /mailboxes /INBOX /storage /var/vmail/domains/somedomain/someuser/mdbox/mailboxes/* is always empty. Am I doing something wrong, or is this by design? :) Regards, Endre Links: ------ [1] mailto:e-man at gportal.hu From tss at iki.fi Mon Sep 23 09:50:18 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 23 Sep 2013 09:50:18 +0300 Subject: [Dovecot] Linux SO_REUSEPORT Message-ID: <97D3689D-825D-415C-9403-6674F3808A17@iki.fi> I just read about Linux v3.9's SO_REUSEPORT feature and decided to implement it for Dovecot. Would be interesting to know how it works for people :) It's going to be in v2.2.6, which I'm planning on releasing tomorrow. Note especially the warning about the bug: http://hg.dovecot.org/dovecot-2.2/rev/a991a0547daa So the idea is that you'd do something like: service imap-login { inet_listener imap { reuse_port = yes } process_min_avail = 4 # number of CPU cores } And the load should be distributed more evenly to the processes. From dovecot at ace-electronics.be Mon Sep 23 10:33:06 2013 From: dovecot at ace-electronics.be (Koenraad Lelong) Date: Mon, 23 Sep 2013 09:33:06 +0200 Subject: [Dovecot] Permission error In-Reply-To: <5236D3EC.3010409@ace-electronics.be> References: <5236CF30.4030708@ace-electronics.be> <5236D3EC.3010409@ace-electronics.be> Message-ID: <523FEEB2.5060205@ace-electronics.be> Op 16-09-13 11:48, Koenraad Lelong schreef: > > Hi, > > I just tried with chown nobody:nogroup auth-worker > Now the error is gone. > The question remains : what does create auth-worker ? The installer ? > then I think ubuntu does it wrong. > > Any comments ? > > Regards, > Koenraad. > Hi, I'm sorry for the late reply but I'm not working full time on this migration. Unfortunately, I now experienced and remembered the fact that the /run or /var/run directories are temporary directories, i.e. they are recreated on boot. Which means that the ownership is recreated on boot and in this case set to dovecot:root. Which means dovecot can't access the "file". I googled and found I needed a section : service auth-worker { # Auth worker process is run as root by default, so that it can access # /etc/shadow. If this isn't necessary, the user should be changed to # $default_internal_user. user = $default_internal_user } This does not work, also setting the user to dovecot gives the same result : 2013-09-23 09:28:08 auth: Fatal: net_connect_unix(auth-worker) in directory /run/dovecot failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +r perm: /run/dovecot/auth-worker, dir owned by 0:0 mode=0755) 2013-09-23 09:28:08 master: Error: service(auth): command startup failed, throttling I'm stuck, can anyone please point me into the right direction ? Thanks, Koenraad Lelong From h.reindl at thelounge.net Mon Sep 23 11:22:15 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 23 Sep 2013 10:22:15 +0200 Subject: [Dovecot] Permission error In-Reply-To: <523FEEB2.5060205@ace-electronics.be> References: <5236CF30.4030708@ace-electronics.be> <5236D3EC.3010409@ ace-electronics.be> <523FEEB2.5060205@ace-electronics.be> Message-ID: <523FFA37.7040309@thelounge.net> Am 23.09.2013 09:33, schrieb Koenraad Lelong: > Op 16-09-13 11:48, Koenraad Lelong schreef: >> I just tried with chown nobody:nogroup auth-worker >> Now the error is gone. >> The question remains : what does create auth-worker ? The installer ? >> then I think ubuntu does it wrong. > > I'm sorry for the late reply but I'm not working full time on this migration. > > Unfortunately, I now experienced and remembered the fact that the /run or /var/run directories are temporary > directories, i.e. they are recreated on boot. Which means that the ownership is recreated on boot and in this case > set to dovecot:root. Which means dovecot can't access the "file" sounds like a systemd distribution man tmpfiles.d [root at srv-rhsoft:~]$ cat /etc/tmpfiles.d/dovecot.conf d /run/dovecot 0775 dovecot dovecot - -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From jerry at seibercom.net Mon Sep 23 13:54:20 2013 From: jerry at seibercom.net (Jerry) Date: Mon, 23 Sep 2013 06:54:20 -0400 Subject: [Dovecot] Linux SO_REUSEPORT In-Reply-To: <97D3689D-825D-415C-9403-6674F3808A17@iki.fi> References: <97D3689D-825D-415C-9403-6674F3808A17@iki.fi> Message-ID: <20130923065420.565a4416@scorpio> On Mon, 23 Sep 2013 09:50:18 +0300 Timo Sirainen articulated: > I just read about Linux v3.9's SO_REUSEPORT feature and decided to > implement it for Dovecot. Would be interesting to know how it works > for people :) It's going to be in v2.2.6, which I'm planning on > releasing tomorrow. Note especially the warning about the bug: > > http://hg.dovecot.org/dovecot-2.2/rev/a991a0547daa > > So the idea is that you'd do something like: > > service imap-login { > inet_listener imap { > reuse_port = yes > } > process_min_avail = 4 # number of CPU cores > } > > And the load should be distributed more evenly to the processes. From the link above, "I'm not sure if this makes any difference in BSDs." I can almost guarantee that it will not work with FreeBSD. They are years behind in keeping compatibility with Linux. They are still using the Fedora f10 base, over five years old. -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From tss at iki.fi Mon Sep 23 14:12:22 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 23 Sep 2013 14:12:22 +0300 Subject: [Dovecot] Linux SO_REUSEPORT In-Reply-To: <20130923065420.565a4416@scorpio> References: <97D3689D-825D-415C-9403-6674F3808A17@iki.fi> <20130923065420.565a4416@scorpio> Message-ID: <0DA0A207-BBA1-462A-93DE-8B4AD35A4FE8@iki.fi> On 23.9.2013, at 13.54, Jerry wrote: >> http://hg.dovecot.org/dovecot-2.2/rev/a991a0547daa > > From the link above, "I'm not sure if this makes any difference in > BSDs." I can almost guarantee that it will not work with FreeBSD. They > are years behind in keeping compatibility with Linux. They are still > using the Fedora f10 base, over five years old. This feature originated from BSDs that had it long time ago. From srf at sanger.ac.uk Mon Sep 23 16:13:07 2013 From: srf at sanger.ac.uk (Simon Fraser) Date: Mon, 23 Sep 2013 14:13:07 +0100 Subject: [Dovecot] Expunged message reappeared, giving a new UID In-Reply-To: <1A27D7CE-C98C-4E36-9A46-D463F8F9A1D2@iki.fi> References: <1374834533.6696.10.camel@ubu101751> <1375358980.31867.5.camel@innu.dovecot.net> <1375365764.15036.11.camel@ubu101751> <947B1DB5-717D-4BC5-A32F-3E9496D3C1BE@iki.fi> <1375793966.17508.0.camel@ubu101751> <061C63DC-147F-4BE3-845C-6FEBF883D4EA@iki.fi> <50133B55-DBCC-4217-87A1-19384501A117@iki.fi> <1375804711.19765.7.camel@ubu101751> <1BF2EF57-83AB-48CC-A929-F2BDF3400D46@iki.fi> <1375950077.5211.18.camel@ubu101751> <5D40AFC6-1F36-4334-87E1-37CB4ECE8E63@iki.fi> <1A27D7CE-C98C-4E36-9A46-D463F8F9A1D2@iki.fi> Message-ID: <1379941987.22451.22.camel@ubu101751> On Sun, 2013-09-22 at 00:13 +0300, Timo Sirainen wrote: > > One side has uidnext=23 and the other side has uidnext=24. You're > deleting the last message with uid=22, so the uidnext=23 is correct. > The other side however thinks that the same mail's uid is 23. There > must be something wrong with the mail delivery, because both sides > should have uid=22 and uidnext=23 here. So replication rawlogs of a > new mail delivery would be helpful.. Here's the rawlog from node A: http://pastebin.com/2hcBXNc4 (24k, hence not attached) This records the following activity: Shut down dovecot on both nodes removed the mailbox (so that the new message delivery would create it) Emptied /tmp/dsync-rawlog Started dovecot on both nodes Sent a test email to node A Deleted it - it didn't reappear Sent a second test email to node A Deleted the second email, which reappeared. After testing this a few times with a different number of messages, it seems they only start reappearing after the first deletion. > Or there are some other strange things here also: The GUIDs are > different for the mails, so it's as if the same mail was saved to both > sides via LMTP instead of being copied to the other side via > replication? Also the logs show an extra dsync run that seems to mess > things up even further. The whole deletion operation did: > > - expunge uid=22 > - copy uid=23 from A to B > - expunge uid=21 (the message was there twice?) > - copy uid=23 from B to back to A (??) I have double checked the configuration and node b has not taken delivery of any messages - exim has nothing in the logs. Thank you for your perseverance with this! Simon. -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From megodin at inboxalias.com Mon Sep 23 16:52:47 2013 From: megodin at inboxalias.com (megodin at inboxalias.com) Date: Mon, 23 Sep 2013 09:52:47 -0400 (EDT) Subject: [Dovecot] Bug report: "doveadm rename" encodes special characters wrongly in mUTF-7 (in fs) Message-ID: Hi there Timo, first of all thank you for taking your time for support! > Forget about mUTF-7 with Dovecot. It's an IMAP-protocol relic, and > Dovecot is trying to get rid of it in as many places as possible. > Although by default the filesystem users mUTF-7, but that can also > be changed with a setting. Thanks for clarifying this. > I suspect your shell is breaking the 8bit chars into invalid UTF-8. I > just tried and it works fine with me. Sorry, we got confusion here... apparently my (lousy) freemail provider which I use to post on this mailinglist doesn't send some special characters etc. unaltered exactly as I typed - so I made a console screenshot of the doveadm rename problem to make things clear. Please have a look here, it will reveal the doveadm rename problem (and that my shell is working fine): http://i.imgur.com/08wKji4.png > > To get things worse, when renaming the mailfolder in Thunderbird to > > "gesch????ftliches" it gets correctly written in the filesystem as > > "gesch&AOQ-ftliches"- but afterwards it's NOT found anymore in the > > dovecot index, e.g. when trying doveadm force-resync -u user it is > > not listed anymore (untilback-renaming in fs to the name it was > > indexed before). > Folders aren't indexed by default (mailbox_list_index=no) and > force-resync doesn't affect them. Are you saying > "doveadm mailbox list -u user" doesn't show some folder? I'm not > aware of any bugs related to this. No, the "doveadm mailbox list -u user" works just fine. BUT - I'm still wondering about the resync issue - As I understand the "doveadm force-resync -u user *" command rebuilds the index for the MAILS within the mailfolders? If so, how can the resync be done if the mailfolder itself is not found by doveadm anymore? > I'd need to get some more specifics. Show show exists in filesystems > and what commands don't produce expected results (and what they > produce instead). For clearing up my point, I made another console screenshot with red markings to point out the problem (bug). Please have another look here: http://i.imgur.com/icPfys9.png Thanks for your support, Megodin --- Alle Postf??cher an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen _________________________________________________________________ Send and receive anonymous emails to your inbox with InboxAlias. http://www.inboxalias.com From micah at riseup.net Mon Sep 23 19:32:21 2013 From: micah at riseup.net (Micah Anderson) Date: Mon, 23 Sep 2013 12:32:21 -0400 Subject: [Dovecot] default client_limit Message-ID: <87vc1ro5wq.fsf@muck.riseup.net> I recently upgraded my dovecot from 2.1 to 2.2, and when I started, I received this message: doveconf: Warning: service auth { client_limit=1000 } is lower than required under max. load (1024) Searching through my configs, I do not have 1024 set anywhere. In order to stop this I set client_limit=1024 in my auth{} block... this seemed odd that the defaults disagreed with each other. However, it made me realize that my system could probably handle more, if it were properly tuned, and the different limit settings at their defaults are probably smaller than they could be for my server and the load it is under. So, I'm wondering how I can accurately set some of these values? The different possible things that can be set are: default_process_limit (for some reason I have this set to 256) default_client_limit (default) default_vsz_limit (I have this set to 512M) for the imap-login service, I have: service_count = 0 process_min_avail = 10 vsz_limit = 512M for service pop3-login, these are set: service_count = 0 process_min_avail = 10 vsz_limit = 512M for service imap, process_limit = 2048 service auth, I've just set the client_limit=1024 I've also got a ulimit -n set to 2048 and in my sysctl.conf, I have the following: fs.inotify.max_user_instances = 2048 because I was seeing this in the logs: Warning: Inotify instance limit for user 8 (UID mail) exceeded, disabling. Increase /proc/sys/fs/inotify/max_user_instances What I am looking for is a few things: . is there a formula for setting a proper value for some of these? . will dovecot warn me when I've reached a limit, so I can adjust these? thanks for any suggestions or improvements, I'm pretty sure this system can handle a lot more than it is doing right now, I just am unclear on how to tune it up to do that. micah From james at PaceHouse.com Mon Sep 23 21:16:20 2013 From: james at PaceHouse.com (James E. Pace) Date: Mon, 23 Sep 2013 11:16:20 -0700 Subject: [Dovecot] =?utf-8?q?Delete_to_Archive=3F?= Message-ID: Hi, I recently switched from being a Gmail user to running Dovecot [2.1.10] on my server. Thank you for an easy to use piece of software that solves problems! I am trying (unsuccessfully) to replicate something from GMail. When I delete a message on my iPhone (or other client), I would like to have it moved to an "All Mail" or Archive folder, instead of actually deleting it. Is this possible? Thanks, James From stephan at rename-it.nl Mon Sep 23 23:08:09 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 23 Sep 2013 22:08:09 +0200 Subject: [Dovecot] Vacation message and DMARC validation In-Reply-To: <522F7112.701@digirati.com.br> References: <5228E19A.7010503@digirati.com.br> <522D876F.7070405@rename-it.nl> <522F7112.701@digirati.com.br> Message-ID: <52409FA9.2010306@rename-it.nl> On 9/10/2013 9:20 PM, Gerson Moraes wrote: >> Op 5-9-2013 21:55, Gerson Moraes schreef: >>> I would like to know if a patch to the main project would be >>> appreciated. Could you also please confirm if there are any future >>> plans involving this feature, like an optional configuration for >>> custom envelope-from? >> >> Since it is not direct a violation of the specification, I can accept >> such a feature. What exactly do you need? Is it enough if it uses the >> recipient address or do you want to be able to set it freely to a >> server-wide static address? > > It is enough to use the recipient address. It will make DKIM > validation work. Implemented: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/4924724b7f4f Regards, Stephan. From micah at riseup.net Mon Sep 23 23:11:43 2013 From: micah at riseup.net (Micah Anderson) Date: Mon, 23 Sep 2013 16:11:43 -0400 Subject: [Dovecot] doveadm mailbox create error codes Message-ID: <87pprznvr4.fsf@muck.riseup.net> Hello, I'm trying to find out what the different 'doveadm mailbox create' error codes are. I've been looking through the source, but I can't seem to find them. I did determine that '65' happens when "Error: Can't create mailbox x: Mailbox already exists", but I've also received error 67, and the more mysterious error code 16640. Thanks for any pointers! micah From rblayzor.bulk at inoc.net Mon Sep 23 23:16:19 2013 From: rblayzor.bulk at inoc.net (Robert Blayzor) Date: Mon, 23 Sep 2013 16:16:19 -0400 Subject: [Dovecot] Delete to Archive? In-Reply-To: References: Message-ID: <4440BC87-EF65-4431-AC2F-5D751B94CFFB@inoc.net> On Sep 23, 2013, at 2:16 PM, James E. Pace wrote: > I recently switched from being a Gmail user to running Dovecot [2.1.10] on my server. Thank you for an easy to use piece of software that solves problems! > > I am trying (unsuccessfully) to replicate something from GMail. When I delete a message on my iPhone (or other client), I would like to have it moved to an "All Mail" or Archive folder, instead of actually deleting it. > > Is this possible? I believe that would be a function of the client, not the server. I know in the new iOS you can choose an action now when you swipe a message to move it to a folder or just delete it. The GMail app/Gmail does something similar by default I believe. -- Robert Blayzor INOC, LLC rblayzor at inoc.net http://www.inoc.net/~rblayzor/ From roms2000 at free.fr Mon Sep 23 23:27:06 2013 From: roms2000 at free.fr (romain) Date: Mon, 23 Sep 2013 22:27:06 +0200 Subject: [Dovecot] dovecot 2.2.5 with plugin listescape and shared mailbox with dot in INBOX Message-ID: <5240A41A.9000906@free.fr> Hi list, I have a problem with dovecot 2.2.5 and nightly (latest 20130923) with : * plugin listescape enabled * shared mailbox * and mail_shared_explicit_inbox = no Problem is I can't get list of mails in INBOX of my shared users. For example : ---------------------------------------------------------- 2013-09-23 22:20:06 imap-login: Info: Login: user=, method=PLAIN, rip=192.168.0.203, lip=192.168.20.200, mpid=6127, TLS, session= 2013-09-23 22:20:06 imap: Debug: Loading modules from directory: /usr/local/lib/dovecot 2013-09-23 22:20:06 imap: Debug: Module loaded: /usr/local/lib/dovecot/lib01_acl_plugin.so 2013-09-23 22:20:06 imap: Debug: Module loaded: /usr/local/lib/dovecot/lib02_imap_acl_plugin.so 2013-09-23 22:20:06 imap: Debug: Module loaded: /usr/local/lib/dovecot/lib20_autocreate_plugin.so 2013-09-23 22:20:06 imap: Debug: Module loaded: /usr/local/lib/dovecot/lib20_listescape_plugin.so 2013-09-23 22:20:06 imap: Debug: Module loaded: /usr/local/lib/dovecot/lib20_zlib_plugin.so 2013-09-23 22:20:06 imap: Debug: Module loaded: /usr/local/lib/dovecot/lib30_imap_zlib_plugin.so 2013-09-23 22:20:06 imap: Debug: Added userdb setting: plugin/acl_groups=Exchange Services,Exchange Domain Servers,Propri?taires cr?ateurs de la strat?gie de groupe,Administrateurs du sch?ma,Admins du domaine,Administrateurs de l'entreprise,Administrators,Users,roms 2013-09-23 22:20:06 imap(roms): Warning: autocreate plugin is deprecated, use mailbox { auto } setting instead 2013-09-23 22:20:06 imap(roms): Debug: Effective uid=471, gid=471, home=/home/dovecot/dovecot//mail/roms 2013-09-23 22:20:06 imap(roms): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/home/dovecot/dovecot//mail/roms/Maildir 2013-09-23 22:20:06 imap(roms): Debug: maildir++: root=/home/dovecot/dovecot//mail/roms/Maildir, index=, indexpvt=, control=, inbox=/home/dovecot/dovecot//mail/roms/Maildir, alt= 2013-09-23 22:20:06 imap(roms): Debug: acl: initializing backend with data: vfile 2013-09-23 22:20:06 imap(roms): Debug: acl: acl username = roms 2013-09-23 22:20:06 imap(roms): Debug: acl: owner = 1 2013-09-23 22:20:06 imap(roms): Debug: acl vfile: Global ACL directory: (none) 2013-09-23 22:20:06 imap(roms): Debug: Namespace : type=shared, prefix=Other Users/%u/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=maildir:%h/Maildir:INDEX=~/Other Users/%u 2013-09-23 22:20:06 imap(roms): Debug: shared: root=/usr/local/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= 2013-09-23 22:20:06 imap(roms): Debug: acl: initializing backend with data: vfile 2013-09-23 22:20:06 imap(roms): Debug: acl: acl username = roms 2013-09-23 22:20:06 imap(roms): Debug: acl: owner = 0 2013-09-23 22:20:06 imap(roms): Debug: acl vfile: Global ACL directory: (none) 2013-09-23 22:20:06 imap(roms): Debug: Namespace : type=public, prefix=Shared Folders/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=maildir:/home/dovecot/dovecot//public:INDEX=~//public 2013-09-23 22:20:06 imap(roms): Debug: maildir++: root=/home/dovecot/dovecot//public, index=/home/dovecot/dovecot//mail/roms//public, indexpvt=, control=, inbox=, alt= 2013-09-23 22:20:06 imap(roms): Debug: acl: initializing backend with data: vfile 2013-09-23 22:20:06 imap(roms): Debug: acl: acl username = roms 2013-09-23 22:20:06 imap(roms): Debug: acl: owner = 0 2013-09-23 22:20:06 imap(roms): Debug: acl vfile: Global ACL directory: (none) 2013-09-23 22:20:07 imap(roms): Debug: auth input: l.dupont system_groups_user=l.dupont uid=471 gid=471 home=/home/dovecot/dovecot//mail/l.dupont 2013-09-23 22:20:07 imap(roms): Debug: maildir++: root=/home/dovecot/dovecot//mail/l.dupont/Maildir, index=/home/dovecot/dovecot//mail/l.dupont/Other Users/l.dupont, indexpvt=, control=, inbox=/home/dovecot/dovecot//mail/l.dupont/Maildir, alt= 2013-09-23 22:20:07 imap(roms): Debug: acl: initializing backend with data: vfile 2013-09-23 22:20:07 imap(roms): Debug: acl: acl username = l.dupont 2013-09-23 22:20:07 imap(roms): Debug: acl: owner = 1 2013-09-23 22:20:07 imap(roms): Debug: acl vfile: Global ACL directory: (none) 2013-09-23 22:20:07 imap(roms): Debug: maildir++: root=/home/dovecot/dovecot//mail/l.dupont/Maildir, index=/home/dovecot/dovecot//mail/roms/Other Users/l.dupont, indexpvt=, control=, inbox=/home/dovecot/dovecot//mail/l.dupont/Maildir, alt= 2013-09-23 22:20:07 imap(roms): Debug: acl: initializing backend with data: vfile 2013-09-23 22:20:07 imap(roms): Debug: acl: acl username = roms 2013-09-23 22:20:07 imap(roms): Debug: acl: owner = 0 2013-09-23 22:20:07 imap(roms): Debug: acl vfile: Global ACL directory: (none) 2013-09-23 22:20:07 imap(roms): Debug: acl vfile: file /home/dovecot/dovecot//mail/l.dupont/Maildir/.Other Users.l\2edupont/dovecot-acl not found ---------------------------------------------------------- Last line see that the Shared Mailbox "Other Users/l.dupont" is converted to "Other Users.l\2edupont" Note, that this does not append when I trie to access a subfolder like "Other Users/l.dupont/Sent" If I set "mail_shared_explicit_inbox = yes" with plugin listescape, I can access "Other Users/l.dupont/INBOX" If I remove "listescape" from my plugin directive, I can access the INBOX of "Other Users/l.dupont" Thanks for any help :) Regards, Romain From roms2000 at free.fr Mon Sep 23 23:40:44 2013 From: roms2000 at free.fr (romain) Date: Mon, 23 Sep 2013 22:40:44 +0200 Subject: [Dovecot] dovecot 2.2.x and replication with dsync and shared / public namespace Message-ID: <5240A74C.9090105@free.fr> Hi, I'm trying to configure replication with dsync on Dovecot 2.2.5 (and latest nightly). I did followed the guide at http://wiki2.dovecot.org/Replication But I can get dsync-server working only if my users do not have access to shared mailboxes and / or public mailboxes which is problematic for our setup. dsync-server is trying to create folders in public/ namespace : ------------------------------------- 2013-09-23 20:34:04 dsync-server(adupont): Panic: file dsync-brain-mailbox-tree.c: line 384 (dsync_brain_mailbox_tree_add_delete): assertion failed: (other_node->ns == NULL || other_node->ns == node->ns) 2013-09-23 20:34:04 dsync-server(adupont): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x64faa) [0x7f7bf42dcfaa] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x64fee) [0x7f7bf42dcfee] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f7bf4299299] -> dovecot/doveadm-server() [0x41ba52] -> dovecot/doveadm-server(dsync_brain_recv_mailbox_tree_deletes+0xbb) [0x41c39b] -> dovecot/doveadm-server(dsync_brain_run+0x37c) [0x41972c] -> dovecot/doveadm-server() [0x419bf8] -> dovecot/doveadm-server() [0x42ba20] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f7bf42ed3d6] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xaf) [0x7f7bf42ee23f] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7f7bf42ecf18] -> dovecot/doveadm-server() [0x416e59] -> dovecot/doveadm-server() [0x40cc77] -> dovecot/doveadm-server() [0x415ddd] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f7bf42ed3d6] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xaf) [0x7f7bf42ee23f] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7f7bf42ecf18] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f7bf429e553] -> dovecot/doveadm-server(main+0x11b) [0x40c9eb] -> /lib64/libc.so.6(__libc_start_main+0xed) [0x7f7bf3f0932d] -> dovecot/doveadm-server() [0x40ca59] 2013-09-23 20:34:04 dsync-server(adupont): Fatal: master: service(doveadm): child 28131 killed with signal 6 (core dumped) ------------------------------------- dsync-server is trying to create folders in shared/ namespace : ------------------------------------- 2013-09-23 20:34:05 dsync-server(s.durant): Panic: file dsync-mailbox-tree-sync.c: line 1029 (sync_create_mailboxes): assertion failed: (node->ns == other_node->ns) 2013-09-23 20:34:05 dsync-server(s.durant): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x64faa) [0x7ffb6fd74faa] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x64fee) [0x7ffb6fd74fee] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7ffb6fd31299] -> dovecot/doveadm-server() [0x426025] -> dovecot/doveadm-server(dsync_mailbox_trees_sync_init+0x139) [0x427789] -> dovecot/doveadm-server(dsync_brain_recv_mailbox_tree_deletes+0xdd) [0x41c3bd] -> dovecot/doveadm-server(dsync_brain_run+0x37c) [0x41972c] -> dovecot/doveadm-server() [0x419bf8] -> dovecot/doveadm-server() [0x42ba20] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7ffb6fd853d6] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xaf) [0x7ffb6fd8623f] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7ffb6fd84f18] -> dovecot/doveadm-server() [0x416e59] -> dovecot/doveadm-server() [0x40cc77] -> dovecot/doveadm-server() [0x415ddd] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7ffb6fd853d6] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xaf) [0x7ffb6fd8623f] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7ffb6fd84f18] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7ffb6fd36553] -> dovecot/doveadm-server(main+0x11b) [0x40c9eb] -> /lib64/libc.so.6(__libc_start_main+0xed) [0x7ffb6f9a132d] -> dovecot/doveadm-server() [0x40ca59] 2013-09-23 20:34:05 dsync-server(s.durant): Fatal: master: service(doveadm): child 28137 killed with signal 6 (core dumped) ------------------------------------- If I run the command "doveadm -v sync -u my.user -f tcp:10.20.0.2:12345" mailboxes are sync correctly. No problem with public and shared mailboxes. If i run the command doveadm replicator replicate 's.durant' or doveadm replicator replicate '*', I get plenty of Panic / Error for all users that can access Public mailboxes or Shared mailboxes. Regards, MARIADASSOU Romain From tss at iki.fi Tue Sep 24 01:05:44 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 24 Sep 2013 01:05:44 +0300 Subject: [Dovecot] Bug report: "doveadm rename" encodes special characters wrongly in mUTF-7 (in fs) In-Reply-To: References: Message-ID: <595DDEE4-3070-4A47-9A89-79C611D599D0@iki.fi> On 23.9.2013, at 16.52, megodin at inboxalias.com wrote: >> I suspect your shell is breaking the 8bit chars into invalid UTF-8. I >> just tried and it works fine with me. > > Sorry, we got confusion here... apparently my (lousy) freemail provider > which I use to post on this mailinglist doesn't send some special > characters etc. unaltered exactly as I typed - so I made a console > screenshot of the doveadm rename problem to make things clear. > Please have a look here, it will reveal the doveadm rename problem > (and that my shell is working fine): > http://i.imgur.com/08wKji4.png If doveadm says it's invalid UTF-8, it's invalid UTF-8. I guess your terminal isn't actually using UTF-8 then, but something else. ("locale" output should say something about UTF-8.) I guess doveadm could also automatically translate parameters to UTF-8, but that's a bit annoying to implement. > >>> To get things worse, when renaming the mailfolder in Thunderbird to >>> "gesch????ftliches" it gets correctly written in the filesystem as >>> "gesch&AOQ-ftliches"- but afterwards it's NOT found anymore in the >>> dovecot index, e.g. when trying doveadm force-resync -u user it is >>> not listed anymore (untilback-renaming in fs to the name it was >>> indexed before). > >> Folders aren't indexed by default (mailbox_list_index=no) and >> force-resync doesn't affect them. Are you saying >> "doveadm mailbox list -u user" doesn't show some folder? I'm not >> aware of any bugs related to this. > > No, the "doveadm mailbox list -u user" works just fine. > > BUT - I'm still wondering about the resync issue - As I understand the > "doveadm force-resync -u user *" command rebuilds the index for the > MAILS within the mailfolders? If so, how can the resync be done if the > mailfolder itself is not found by doveadm anymore? With mailbox_list_index=no there is no way a folder isn't found by doveadm. >> I'd need to get some more specifics. Show show exists in filesystems >> and what commands don't produce expected results (and what they >> produce instead). > > For clearing up my point, I made another console screenshot with > red markings to point out the problem (bug). > Please have another look here: > http://i.imgur.com/icPfys9.png The problem here is that * is expanded by your shell, not doveadm. And it expands into Tr&-AOQ-sh as it's in the filesystem, but that's only the mUTF-7 encoding of it. The UTF-8 version of the name is Tr&AOQ-sh. So doveadm only sees that you attempted to resync a nonexistent mailbox. Using '*' with quotes would work, since doveadm would do the expansion then. From tss at iki.fi Tue Sep 24 01:09:29 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 24 Sep 2013 01:09:29 +0300 Subject: [Dovecot] Delete to Archive? In-Reply-To: References: Message-ID: On 23.9.2013, at 21.16, James E. Pace wrote: > I recently switched from being a Gmail user to running Dovecot [2.1.10] on my server. Thank you for an easy to use piece of software that solves problems! > > I am trying (unsuccessfully) to replicate something from GMail. When I delete a message on my iPhone (or other client), I would like to have it moved to an "All Mail" or Archive folder, instead of actually deleting it. > > Is this possible? http://wiki2.dovecot.org/Plugins/Lazyexpunge is one possibility. From tss at iki.fi Tue Sep 24 01:13:09 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 24 Sep 2013 01:13:09 +0300 Subject: [Dovecot] doveadm mailbox create error codes In-Reply-To: <87pprznvr4.fsf@muck.riseup.net> References: <87pprznvr4.fsf@muck.riseup.net> Message-ID: On 23.9.2013, at 23.11, Micah Anderson wrote: > I'm trying to find out what the different 'doveadm mailbox create' error > codes are. I've been looking through the source, but I can't seem to > find them. You need to grep for "EX_" and/or "doveadm_exit_code". > I did determine that '65' happens when "Error: Can't create mailbox x: > Mailbox already exists", but I've also received error 67, and the more > mysterious error code 16640. doveadm returns the sysexits.h error codes. 67 means "unknown user". 16640 (or anything above 127) means a crash or something. From ben at morrow.me.uk Tue Sep 24 09:06:28 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Tue, 24 Sep 2013 07:06:28 +0100 Subject: [Dovecot] Linux SO_REUSEPORT In-Reply-To: <0DA0A207-BBA1-462A-93DE-8B4AD35A4FE8@iki.fi> References: <97D3689D-825D-415C-9403-6674F3808A17@iki.fi> <20130923065420.565a4416@scorpio> <0DA0A207-BBA1-462A-93DE-8B4AD35A4FE8@iki.fi> Message-ID: <20130924060627.GA2607@anubis.morrow.me.uk> At 2PM +0300 on 23/09/13 you Timo Sirainen wrote: > [SO_REUSEPORT] > > This feature originated from BSDs that had it long time ago. SO_REUSEPORT was introduced in 4.4 BSD, but the new Linux feature which includes load balancing is something rather different. It's a pity the Linux (Google?) people didn't choose a different name for it. 4.4's SO_REUSEPORT just allows multiple (pre-TIME_WAIT) sockets to bind to the same local address:port. It was introduced for the benefit of multicast apps; AFAIK its only significant non-multicast use is in ftpd, which in active mode has to create lots of outgoing sockets originating from the same source address:port. The question of load balancing obviously doesn't apply here, since the connections are initiated by the server. With a 4.4 implementation, setting SO_REUSEPORT is actively bad for something like Dovecot: while all the sockets will be allowed to bind, connections will only be passed to the first until that is closed, then to the next, and so on. Of the BSDs, DragonFly has implemented the Linux semantics (including a fix for the bug mentioned in your commit message); I believe the others, including OSX, are still using the 4.4 code. Ben From dovecot at ace-electronics.be Tue Sep 24 09:27:12 2013 From: dovecot at ace-electronics.be (Koenraad Lelong) Date: Tue, 24 Sep 2013 08:27:12 +0200 Subject: [Dovecot] Permission error In-Reply-To: <523FFA37.7040309@thelounge.net> References: <5236CF30.4030708@ace-electronics.be> <5236D3EC.3010409@ ace-electronics.be> <523FEEB2.5060205@ace-electronics.be> <523FFA37.7040309@thelounge.net> Message-ID: <524130C0.3080804@ace-electronics.be> Op 23-09-13 10:22, Reindl Harald schreef: > > > Am 23.09.2013 09:33, schrieb Koenraad Lelong: >> Op 16-09-13 11:48, Koenraad Lelong schreef: >>> I just tried with chown nobody:nogroup auth-worker >>> Now the error is gone. >>> The question remains : what does create auth-worker ? The installer ? >>> then I think ubuntu does it wrong. >> >> I'm sorry for the late reply but I'm not working full time on this migration. >> >> Unfortunately, I now experienced and remembered the fact that the /run or /var/run directories are temporary >> directories, i.e. they are recreated on boot. Which means that the ownership is recreated on boot and in this case >> set to dovecot:root. Which means dovecot can't access the "file" > > sounds like a systemd distribution > man tmpfiles.d > > [root at srv-rhsoft:~]$ cat /etc/tmpfiles.d/dovecot.conf > d /run/dovecot 0775 dovecot dovecot - > Thanks for the reply. I don't know if Ubuntu 12.04 is systemd based. I didn't find tmpfiles.d so I looked further. In dovecot.conf I finally found : service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } user = nobody } Notice that user=nobody. I commented that out, now it works. Regards, Koenraad Lelong From redneb8888 at gmail.com Tue Sep 24 09:48:37 2013 From: redneb8888 at gmail.com (Marios Titas) Date: Tue, 24 Sep 2013 02:48:37 -0400 Subject: [Dovecot] 2048-bit Diffie-Hellman parameters Message-ID: Currently, dovecot generates two primes for Diffie-Hellman key exchanges: a 512-bit one and a 1024-bit one. In light of recent events, I think it would be wise to add support for 2048-bit primes as well, or even better, add a configuration option that lets the user select a file (or files) containing the DH parameters In recent years, there has been increased interest in DH especially in its ephemeral version (DHE) because it provides perfect forward secrecy. In that context, the use of 1024-bit parameters might not seem such a terrible idea: if someone cracks the ephemeral key then they will only gain access to the data exchanged during that particular session. Therefore, it might not be worth the effort to crack such a key. But this is certainly not the case for IMAPS: it is quite likely that the session data will include the user's credentials. From skdovecot at smail.inf.fh-brs.de Tue Sep 24 09:56:07 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 24 Sep 2013 08:56:07 +0200 (CEST) Subject: [Dovecot] Fwd: lmtp In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 20 Sep 2013, Lampa wrote: > using dovecot with postfix with mysql. Some domains have alias. Local > delivery is realized over lmtp. > > When lmtp delivery to aliased domains, it takes bad mail_location - it > takes aliased instead real domain, so lmtp is creating domain and user > directory. Lmtp doesn't make sql lookup. I need lmtp delivery to real > domain and i don't want to create symlinks. > > mail_location = maildir:/home/mail/%d/%n/Maildir > real domain: domain1.com > aliased domain: domain2.com > > rcpt: user at domain2.com > > lmtp deliver message to /home/mail/domain2.com/user/Maildir instead > /home/mail/domain1.com/user/Maildir without doveconf -n and, in this case, postfix configuration, nobody can really help you. But: Postfix seems to deliver the message to recipient user at domain2.com via LMTP. Dovecot verifies user at domain2.com as valid. How should Dovecot know that user at domain2.com is user at domain1.com ? So, either: a) reconfigure postfix to rewrite user at domain2.com into user at domain1.com before the message is passed to LTMP, or b) have you Dovecot userdb rewrite the user. Return the file "user" with the correct domain. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUkE3h13r2wJMiz2NAQL2Twf9FL1TQfjgCSbqu5bxrE4ZL8KLgSjD74U8 XNSM8RHPAtNWqXuCreYt6Qg9SMjICkus6ymISbk6+c/zWj1HPIp0JonD0IYepZ+X EN18YMiBH5GhaSuyfBCVZEPRXJuKgNVqeZauyRL5sYwnTT/rLD4nxrbSzE+eWJwg fPiONQ8jj3w0veER0qHc3Zi1knWsiLYr3uAPiAGrZizwH5gUIEVkVph8/u9kAhAi alOc4vwaJ+CJJO0L/aBHfZOkgRB4bIuY+Jv8g1q2lwIS0b9kjTcpKf/6F5VgxFva qwV4FsyUPA+Bb/qSt9v5aeVjn6ekHZFRQNgvcRBj6Oi7ax3G8D3XIQ== =PIp+ -----END PGP SIGNATURE----- From bind at enas.net Tue Sep 24 10:36:36 2013 From: bind at enas.net (Urban Loesch) Date: Tue, 24 Sep 2013 09:36:36 +0200 Subject: [Dovecot] Apple IOS 7 Mail APP uses multi body searches by default Message-ID: <52414104.90707@enas.net> Hi, today we found this blogpost: http://blog.fastmail.fm/2013/09/17/ios-7-mail-app-uses-multi-folder-body-searches-by-default/ Have you any idea if this could impact performance of dovecot using mdbox format with 10MB per file size and zlib enabled? Thanks and regards Urban Loesch From yuan_mu_muy at hotmail.com Tue Sep 24 00:54:17 2013 From: yuan_mu_muy at hotmail.com (=?gb2312?B?xMHUrQ==?=) Date: Tue, 24 Sep 2013 05:54:17 +0800 Subject: [Dovecot] can't dovecot tls/ssl to openldap Message-ID: Hi, I want to dovecot connect to openldap with ssl/tls, and got error. When without tls/ssl, it works ok. from /var/log/maillog got: Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed: Connect error Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed: Can't contact LDAP server Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed: Can't contact LDAP server Sep 24 05:38:05 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=192.168.100.99, lip=10.10.120.20, TLS: Disconnected, session= Sep 24 05:38:11 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed: Can't contact LDAP server Sep 24 05:38:13 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=192.168.100.99, lip=10.10.120.20, TLS: Disconnected, session=<2T761RPnXADAqGRj> But when I use ldapsearch, it seems also ok I use this from dovecot host ldapsearch -D "cn=dovecot,ou=bindusers,dc=smuy,dc=net" -W -H ldap://ldap.sv. hm -b "ou=accounts,dc=smuy,dc=net" ?CZZ it works ok So I have no idea where to check? Or how can I got more detailed log from dovecot for that connection Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed: Connect error Because I use ldapsearch both tls/ssl works well, why dovecot connect error? What??s the detail happen in this connection? Here is my dovecot-ldap.conf.ext: # This file is commonly accessed via passdb {} or userdb {} section in # conf.d/auth-ldap.conf.ext # Space separated list of LDAP hosts to use. host:port is allowed too. #hosts = ldap.sv.hm #uris = ldaps://ldap.sv.hm:636/ uris = ldap://ldap.sv.hm:389/ dn = cn=dovecot,ou=bindusers,dc=smuy,dc=net dnpass = 1qaz2wsx #sasl_bind = no #sasl_mech = #sasl_realm = #sasl_authz_id = # Use TLS to connect to the LDAP server. tls = yes #tls = no tls_ca_cert_file = /etc/ssl/certs/ca/signing-ca.crt tls_ca_cert_dir = /etc/ssl/certs/ca #tls_cipher_suite = # TLS cert/key is used only if LDAP server requires a client certificate. #tls_cert_file = /etc/ssl/certs/mail.crt #tls_key_file = /etc/ssl/private/mail.key # Valid values: never, hard, demand, allow, try #tls_require_cert = never See some suggestions! Great thanks! muyuan From lampacz+dovecot at gmail.com Tue Sep 24 10:44:30 2013 From: lampacz+dovecot at gmail.com (Lampa) Date: Tue, 24 Sep 2013 09:44:30 +0200 Subject: [Dovecot] Fwd: lmtp In-Reply-To: References: Message-ID: Hello, a) i think not necessary because of b) b) yes password_query and user_query always returns rewrited domain (returns main domain, not aliased domain) configs: http://pastebin.com/PuZZZ5Pg http://pastebin.com/eJrp769z 2013/9/24 Steffen Kaiser > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Fri, 20 Sep 2013, Lampa wrote: > > using dovecot with postfix with mysql. Some domains have alias. Local >> delivery is realized over lmtp. >> >> When lmtp delivery to aliased domains, it takes bad mail_location - it >> takes aliased instead real domain, so lmtp is creating domain and user >> directory. Lmtp doesn't make sql lookup. I need lmtp delivery to real >> domain and i don't want to create symlinks. >> >> mail_location = maildir:/home/mail/%d/%n/**Maildir >> real domain: domain1.com >> aliased domain: domain2.com >> >> rcpt: user at domain2.com >> >> lmtp deliver message to /home/mail/domain2.com/user/**Maildirinstead >> /home/mail/domain1.com/user/**Maildir >> > > without doveconf -n and, in this case, postfix configuration, nobody can > really help you. But: > > Postfix seems to deliver the message to recipient user at domain2.com via > LMTP. Dovecot verifies user at domain2.com as valid. How should Dovecot know > that user at domain2.com is user at domain1.com ? > > So, either: > a) reconfigure postfix to rewrite user at domain2.com into user at domain1.combefore the message is passed to LTMP, or > > b) have you Dovecot userdb rewrite the user. Return the file "user" with > the correct domain. > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUkE3h13r2wJMiz2NAQL2Tw**f9FL1TQfjgCSbqu5bxrE4ZL8KLgSjD**74U8 > XNSM8RHPAtNWqXuCreYt6Qg9SMjICk**us6ymISbk6+c/**zWj1HPIp0JonD0IYepZ+X > EN18YMiBH5GhaSuyfBCVZEPRXJuKgN**VqeZauyRL5sYwnTT/rLD4nxrbSzE+**eWJwg > fPiONQ8jj3w0veER0qHc3Zi1knWsiL**Yr3uAPiAGrZizwH5gUIEVkVph8/**u9kAhAi > alOc4vwaJ+CJJO0L/**aBHfZOkgRB4bIuY+**Jv8g1q2lwIS0b9kjTcpKf/**6F5VgxFva > qwV4FsyUPA+Bb/**qSt9v5aeVjn6ekHZFRQNgvcRBj6Oi7**ax3G8D3XIQ== > =PIp+ > -----END PGP SIGNATURE----- > From rs at sys4.de Tue Sep 24 11:05:05 2013 From: rs at sys4.de (Robert Schetterer) Date: Tue, 24 Sep 2013 10:05:05 +0200 Subject: [Dovecot] 2048-bit Diffie-Hellman parameters In-Reply-To: References: Message-ID: <524147B1.10607@sys4.de> Am 24.09.2013 08:48, schrieb Marios Titas: > Currently, dovecot generates two primes for Diffie-Hellman key > exchanges: a 512-bit one and a 1024-bit one. In light of recent > events, I think it would be wise to add support for 2048-bit primes as > well, or even better, add a configuration option that lets the user > select a file (or files) containing the DH parameters > > In recent years, there has been increased interest in DH especially in > its ephemeral version (DHE) because it provides perfect forward > secrecy. In that context, the use of 1024-bit parameters might not > seem such a terrible idea: if someone cracks the ephemeral key then > they will only gain access to the data exchanged during that > particular session. Therefore, it might not be worth the effort to > crack such a key. But this is certainly not the case for IMAPS: it is > quite likely that the session data will include the user's > credentials. > you may get problems with older mail clients , on smtp side i discovered i.e netscape 7 ist not able to handle stuff bigger then 1024 but some more configure options maybe fine ever Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From skdovecot at smail.inf.fh-brs.de Tue Sep 24 11:37:24 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 24 Sep 2013 10:37:24 +0200 (CEST) Subject: [Dovecot] Fwd: lmtp In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 24 Sep 2013, Lampa wrote: > a) i think not necessary because of b) > b) yes password_query and user_query always returns rewrited domain > (returns main domain, not aliased domain) > > configs: > http://pastebin.com/PuZZZ5Pg > http://pastebin.com/eJrp769z What's your /etc/dovecot/dovecot-sql.conf.ext ? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUkFPRF3r2wJMiz2NAQKydgf9GRWttd8azegc0CelpofrFZotbCXZa4r9 5PqkKShwNWMB0qj+maVo9Wm4wTkIEAKAqC2oExkNDNkErwUVaBGQClx6TcQmDum2 PcjEsFMEK2nsmlhv3HvfcIhMvKexgesPefWvLf+RsfUT1/ClOgdgaNTGxYIfGelp 5s/Z9DzH65U65ngWYyCmydHkRoAkUf+tMqw874hgGkAgaY9ZYApDx9yGmpQkmJ1t Q0VWGCnCa8V5h3pHigucWlKtGsg3/deK0fh6XVsKqjTe0W51MdbXq8Lc39VoPm4P KW4YJVMgavRipBXOfVzs2mE1ikxF8MwhCNRfLO3c/DBd6924/X774A== =wOak -----END PGP SIGNATURE----- From lampacz+dovecot at gmail.com Tue Sep 24 11:42:41 2013 From: lampacz+dovecot at gmail.com (Lampa) Date: Tue, 24 Sep 2013 10:42:41 +0200 Subject: [Dovecot] Fwd: lmtp In-Reply-To: References: Message-ID: driver = mysql password_query = SELECT CONCAT(u.uzivatel, '@', d.domena) AS user, u.heslo AS password, CONCAT('/home/mail/', d.domena, '/', u.uzivatel) AS userdb_home, 111 AS userdb_uid, 114 AS userdb_gid, u.quota AS userdb_quota_rule, 'Trash:ignore' AS userdb_quota_rule2 FROM uzivatele AS u JOIN domeny AS d ON d.id = u.domeny_id WHERE u.domeny_id = (SELECT a.domeny_id_realna FROM domeny_aliasy AS a JOIN domeny AS d ON d.id = a.domeny_id_alias JOIN domeny AS dd ON dd.id = a.domeny_id_realna WHERE d.domena = '%d' AND d.priznak & 2 = 2 AND d.priznak & 1 = 0 AND dd.priznak & 1 = 0 UNION SELECT id FROM domeny WHERE domena = '%d' AND priznak & 2 = 0 AND priznak & 1 = 0) AND u.uzivatel = '%n' AND u.priznak & 1 = 0 user_query = SELECT CONCAT('/home/mail/', d.domena, '/', u.uzivatel) AS home, 111 AS uid, 114 AS gid, u.quota AS quota_rule, 'Trash:ignore' AS quota_rule2 FROM uzivatele AS u JOIN domeny AS d ON d.id = u.domeny_id WHERE u.domeny_id = (SELECT a.domeny_id_realna FROM domeny_aliasy AS a JOIN domeny AS d ON d.id = a.domeny_id_alias JOIN domeny AS dd ON dd.id = a.domeny_id_realna WHERE d.domena = '%d' AND d.priznak & 2 = 2 AND d.priznak & 1 = 0 AND dd.priznak & 1 = 0 UNION SELECT id FROM domeny WHERE domena = '%d' AND priznak & 2 = 0 AND priznak & 1 = 0) AND u.uzivatel = '%n' AND u.priznak & 1 = 0 2013/9/24 Steffen Kaiser > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 24 Sep 2013, Lampa wrote: > > a) i think not necessary because of b) >> b) yes password_query and user_query always returns rewrited domain >> (returns main domain, not aliased domain) >> >> configs: >> http://pastebin.com/PuZZZ5Pg >> http://pastebin.com/eJrp769z >> > > What's your /etc/dovecot/dovecot-sql.conf.**ext ? > > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUkFPRF3r2wJMiz2NAQKydg**f9GRWttd8azegc0CelpofrFZotbCXZ**a4r9 > 5PqkKShwNWMB0qj+**maVo9Wm4wTkIEAKAqC2oExkNDNkErw**UVaBGQClx6TcQmDum2 > PcjEsFMEK2nsmlhv3HvfcIhMvKexge**sPefWvLf+RsfUT1/**ClOgdgaNTGxYIfGelp > 5s/**Z9DzH65U65ngWYyCmydHkRoAkUf+**tMqw874hgGkAgaY9ZYApDx9yGmpQkm**J1t > Q0VWGCnCa8V5h3pHigucWlKtGsg3/**deK0fh6XVsKqjTe0W51MdbXq8Lc39V**oPm4P > KW4YJVMgavRipBXOfVzs2mE1ikxF8M**whCNRfLO3c/DBd6924/X774A== > =wOak > -----END PGP SIGNATURE----- > From skdovecot at smail.inf.fh-brs.de Tue Sep 24 11:54:03 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 24 Sep 2013 10:54:03 +0200 (CEST) Subject: [Dovecot] Fwd: lmtp In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 24 Sep 2013, Lampa wrote: > Date: Tue, 24 Sep 2013 10:42:41 +0200 > From: Lampa > To: dovecot at dovecot.org > Subject: Re: [Dovecot] Fwd: lmtp > > driver = mysql > > password_query = SELECT CONCAT(u.uzivatel, '@', d.domena) AS user, u.heslo > AS password, CONCAT('/home/mail/', d.domena, '/', u.uzivatel) AS > userdb_home, 111 AS userdb_uid, 114 AS userdb_gid, u.quota AS > userdb_quota_rule, 'Trash:ignore' AS userdb_quota_rule2 FROM uzivatele AS u > JOIN domeny AS d ON d.id = u.domeny_id WHERE u.domeny_id = (SELECT > a.domeny_id_realna FROM domeny_aliasy AS a JOIN domeny AS d ON d.id = > a.domeny_id_alias JOIN domeny AS dd ON dd.id = a.domeny_id_realna WHERE > d.domena = '%d' AND d.priznak & 2 = 2 AND d.priznak & 1 = 0 AND dd.priznak > & 1 = 0 UNION SELECT id FROM domeny WHERE domena = '%d' AND priznak & 2 = 0 > AND priznak & 1 = 0) AND u.uzivatel = '%n' AND u.priznak & 1 = 0 > > user_query = SELECT CONCAT('/home/mail/', d.domena, '/', u.uzivatel) AS > home, 111 AS uid, 114 AS gid, u.quota AS quota_rule, 'Trash:ignore' AS > quota_rule2 FROM uzivatele AS u JOIN domeny AS d ON d.id = u.domeny_id > WHERE u.domeny_id = (SELECT a.domeny_id_realna FROM domeny_aliasy AS a JOIN > domeny AS d ON d.id = a.domeny_id_alias JOIN domeny AS dd ON dd.id = > a.domeny_id_realna WHERE d.domena = '%d' AND d.priznak & 2 = 2 AND > d.priznak & 1 = 0 AND dd.priznak & 1 = 0 UNION SELECT id FROM domeny WHERE > domena = '%d' AND priznak & 2 = 0 AND priznak & 1 = 0) AND u.uzivatel = > '%n' AND u.priznak & 1 = 0 Dunno, if that applies in your situation, but the user_query does not return "user", hence, "doveadm user -u " should return domain2.com as domain. If this applies to LMTP as well, you could try, because there will be no password query before to fill the prefetch userdb. user_query = SELECT CONCAT(u.uzivatel, '@', d.domena) AS user, ... as above > > 2013/9/24 Steffen Kaiser > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Tue, 24 Sep 2013, Lampa wrote: >> >> a) i think not necessary because of b) >>> b) yes password_query and user_query always returns rewrited domain >>> (returns main domain, not aliased domain) >>> >>> configs: >>> http://pastebin.com/PuZZZ5Pg >>> http://pastebin.com/eJrp769z >>> >> >> What's your /etc/dovecot/dovecot-sql.conf.**ext ? >> >> >> - -- Steffen Kaiser >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.11 (GNU/Linux) >> >> iQEVAwUBUkFPRF3r2wJMiz2NAQKydg**f9GRWttd8azegc0CelpofrFZotbCXZ**a4r9 >> 5PqkKShwNWMB0qj+**maVo9Wm4wTkIEAKAqC2oExkNDNkErw**UVaBGQClx6TcQmDum2 >> PcjEsFMEK2nsmlhv3HvfcIhMvKexge**sPefWvLf+RsfUT1/**ClOgdgaNTGxYIfGelp >> 5s/**Z9DzH65U65ngWYyCmydHkRoAkUf+**tMqw874hgGkAgaY9ZYApDx9yGmpQkm**J1t >> Q0VWGCnCa8V5h3pHigucWlKtGsg3/**deK0fh6XVsKqjTe0W51MdbXq8Lc39V**oPm4P >> KW4YJVMgavRipBXOfVzs2mE1ikxF8M**whCNRfLO3c/DBd6924/X774A== >> =wOak >> -----END PGP SIGNATURE----- >> > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUkFTK13r2wJMiz2NAQK0+gf/YGFvZQNrZGCKEwU+jRjyXtBeQRBD/AHB JgP2TD0hPnqWdR10ad5BJI++oMmLMm9sDOzgBiTmDw1NgYGomVLcXslgkkxLgKHw 5IJw3Pa28HwdKa6SWAScAbvPffLipOPNjzR5c/h5VtakImR8I0V2jAqg7uBuiSlO LFQSeYIiyNheLZ+vtl1GDV3XPbzRoxNezuQwwYELuGmvAijA/2ZUng52Z055+Pm1 LQlYWSXw3WZZjxmNRriAcBDNd7tok6iBJO4RMdcDcPriRm4ojl9y4kc6vHYGjSTr BFg/d5qxamwSPa6gra03b02BZ/hMPBRfmlDekmomWuru0sC2ZUr+xg== =Q8vZ -----END PGP SIGNATURE----- From stan at hardwarefreak.com Tue Sep 24 12:21:36 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Tue, 24 Sep 2013 04:21:36 -0500 Subject: [Dovecot] 2048-bit Diffie-Hellman parameters In-Reply-To: References: Message-ID: <524159A0.2030104@hardwarefreak.com> On 9/24/2013 1:48 AM, Marios Titas wrote: > Currently, dovecot generates two primes for Diffie-Hellman key > exchanges: a 512-bit one and a 1024-bit one. In light of recent > events, I think it would be wise to add support for 2048-bit primes as > well... Why play incremental tiddly-winks with the NSA? Go straight to 1048576 bit encryption. That'll surely keep them out. Oh, wait, all of your email leaves and arrives via public SMTP, which nobody encrypts... NSA doesn't sniff the wire. They don't crack encryption. Neither are cost effective. They go straight to the source, intimidating the service provider into giving them the data, unencrypted. Or they don't get the data at all. So how does greater encryption help anyone "in light of recent events"? -- Stan From lampacz+dovecot at gmail.com Tue Sep 24 12:27:10 2013 From: lampacz+dovecot at gmail.com (Lampa) Date: Tue, 24 Sep 2013 11:27:10 +0200 Subject: [Dovecot] Fwd: lmtp In-Reply-To: References: Message-ID: Hello, is thought that home is enough to delivery for LDA/LMTP. On old version was using LDA and works ok. Added user to user_query and we will see if helps. BTW doveadm user -u is right command ? doveadm user -u : -bash: syntax error near unexpected token `newline' doveadm user -u user at domain2.com user: invalid option -- 'u' doveadm user [-a ] [-x ] [-f field] [-m] [...] 2013/9/24 Steffen Kaiser > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 24 Sep 2013, Lampa wrote: > > Date: Tue, 24 Sep 2013 10:42:41 +0200 >> From: Lampa >> To: dovecot at dovecot.org >> Subject: Re: [Dovecot] Fwd: lmtp >> >> >> driver = mysql >> >> password_query = SELECT CONCAT(u.uzivatel, '@', d.domena) AS user, u.heslo >> AS password, CONCAT('/home/mail/', d.domena, '/', u.uzivatel) AS >> userdb_home, 111 AS userdb_uid, 114 AS userdb_gid, u.quota AS >> userdb_quota_rule, 'Trash:ignore' AS userdb_quota_rule2 FROM uzivatele AS >> u >> JOIN domeny AS d ON d.id = u.domeny_id WHERE u.domeny_id = (SELECT >> a.domeny_id_realna FROM domeny_aliasy AS a JOIN domeny AS d ON d.id = >> a.domeny_id_alias JOIN domeny AS dd ON dd.id = a.domeny_id_realna WHERE >> d.domena = '%d' AND d.priznak & 2 = 2 AND d.priznak & 1 = 0 AND dd.priznak >> & 1 = 0 UNION SELECT id FROM domeny WHERE domena = '%d' AND priznak & 2 = >> 0 >> AND priznak & 1 = 0) AND u.uzivatel = '%n' AND u.priznak & 1 = 0 >> >> user_query = SELECT CONCAT('/home/mail/', d.domena, '/', u.uzivatel) AS >> home, 111 AS uid, 114 AS gid, u.quota AS quota_rule, 'Trash:ignore' AS >> quota_rule2 FROM uzivatele AS u JOIN domeny AS d ON d.id = u.domeny_id >> WHERE u.domeny_id = (SELECT a.domeny_id_realna FROM domeny_aliasy AS a >> JOIN >> domeny AS d ON d.id = a.domeny_id_alias JOIN domeny AS dd ON dd.id = >> a.domeny_id_realna WHERE d.domena = '%d' AND d.priznak & 2 = 2 AND >> d.priznak & 1 = 0 AND dd.priznak & 1 = 0 UNION SELECT id FROM domeny WHERE >> domena = '%d' AND priznak & 2 = 0 AND priznak & 1 = 0) AND u.uzivatel = >> '%n' AND u.priznak & 1 = 0 >> > > Dunno, if that applies in your situation, but the user_query does not > return "user", hence, "doveadm user -u " should return > domain2.com as domain. If this applies to LMTP as well, you could try, > because there will be no password query before to fill the prefetch userdb. > > user_query = SELECT CONCAT(u.uzivatel, '@', d.domena) AS user, > ... as above > > >> 2013/9/24 Steffen Kaiser >> >> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On Tue, 24 Sep 2013, Lampa wrote: >>> >>> a) i think not necessary because of b) >>> >>>> b) yes password_query and user_query always returns rewrited domain >>>> (returns main domain, not aliased domain) >>>> >>>> configs: >>>> http://pastebin.com/PuZZZ5Pg >>>> http://pastebin.com/eJrp769z >>>> >>>> >>> What's your /etc/dovecot/dovecot-sql.conf.****ext ? >>> >>> >>> >>> - -- Steffen Kaiser >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.11 (GNU/Linux) >>> >>> iQEVAwUBUkFPRF3r2wJMiz2NAQKydg******f9GRWttd8azegc0CelpofrFZotbCXZ** >>> **a4r9 >>> 5PqkKShwNWMB0qj+****maVo9Wm4wTkIEAKAqC2oExkNDNkErw****UVaBGQClx6TcQmDum2 >>> PcjEsFMEK2nsmlhv3HvfcIhMvKexge****sPefWvLf+RsfUT1/****ClOgdgaNTGxYIfGelp >>> 5s/****Z9DzH65U65ngWYyCmydHkRoAkUf+****tMqw874hgGkAgaY9ZYApDx9yGmpQkm** >>> **J1t >>> Q0VWGCnCa8V5h3pHigucWlKtGsg3/******deK0fh6XVsKqjTe0W51MdbXq8Lc39V** >>> **oPm4P >>> KW4YJVMgavRipBXOfVzs2mE1ikxF8M****whCNRfLO3c/DBd6924/X774A== >>> =wOak >>> -----END PGP SIGNATURE----- >>> >>> >> > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUkFTK13r2wJMiz2NAQK0+**gf/YGFvZQNrZGCKEwU+**jRjyXtBeQRBD/AHB > JgP2TD0hPnqWdR10ad5BJI++**oMmLMm9sDOzgBiTmDw1NgYGomVLcXs**lgkkxLgKHw > 5IJw3Pa28HwdKa6SWAScAbvPffLipO**PNjzR5c/**h5VtakImR8I0V2jAqg7uBuiSlO > LFQSeYIiyNheLZ+**vtl1GDV3XPbzRoxNezuQwwYELuGmvA**ijA/2ZUng52Z055+Pm1 > LQlYWSXw3WZZjxmNRriAcBDNd7tok6**iBJO4RMdcDcPriRm4ojl9y4kc6vHYG**jSTr > BFg/d5qxamwSPa6gra03b02BZ/**hMPBRfmlDekmomWuru0sC2ZUr+xg== > =Q8vZ > -----END PGP SIGNATURE----- > From h.reindl at thelounge.net Tue Sep 24 12:28:08 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 24 Sep 2013 11:28:08 +0200 Subject: [Dovecot] 2048-bit Diffie-Hellman parameters In-Reply-To: <524159A0.2030104@hardwarefreak.com> References: <524159A0.2030104@hardwarefreak.com> Message-ID: <52415B28.5000308@thelounge.net> Am 24.09.2013 11:21, schrieb Stan Hoeppner: > On 9/24/2013 1:48 AM, Marios Titas wrote: >> Currently, dovecot generates two primes for Diffie-Hellman key >> exchanges: a 512-bit one and a 1024-bit one. In light of recent >> events, I think it would be wise to add support for 2048-bit primes as >> well... > > Why play incremental tiddly-winks with the NSA? > Go straight to 1048576 bit encryption. is nothing else than a pointless polemic attitude > That'll surely keep them out. Oh, wait, all of your > email leaves and arrives via public SMTP, which nobody encrypts... maybe on your server, my logs showing the opposite and since the "smtp" are outgoing messages your conclusion of "nobody" is strange cat maillog | grep smtp | grep -v smtpd | grep TLS | wc -l 12327 cat maillog | grep smtpd | grep TLS | wc -l 13350 cat maillog | grep smtp | grep -v smtpd | grep TLSv1.2 | wc -l 2603 cat maillog | grep smtpd | grep TLSv1.2 | wc -l 2219 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From stan at hardwarefreak.com Tue Sep 24 12:32:09 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Tue, 24 Sep 2013 04:32:09 -0500 Subject: [Dovecot] 2048-bit Diffie-Hellman parameters In-Reply-To: <524147B1.10607@sys4.de> References: <524147B1.10607@sys4.de> Message-ID: <52415C19.5010309@hardwarefreak.com> On 9/24/2013 3:05 AM, Robert Schetterer wrote: > you may get problems with older mail clients , on smtp side i discovered > i.e netscape 7 ist not able to handle stuff bigger then 1024 > but some more configure options maybe fine ever Netscape 7.2 is *9* years old, 7.0 is *11* years old. I think I'd be right, in fact, there's no way I could be wrong, if I stated: Anyone using 9-11 year old software is obviously not concerned about security. -- Stan From rs at sys4.de Tue Sep 24 12:45:29 2013 From: rs at sys4.de (Robert Schetterer) Date: Tue, 24 Sep 2013 11:45:29 +0200 Subject: [Dovecot] 2048-bit Diffie-Hellman parameters In-Reply-To: <52415C19.5010309@hardwarefreak.com> References: <524147B1.10607@sys4.de> <52415C19.5010309@hardwarefreak.com> Message-ID: <52415F39.5020509@sys4.de> Am 24.09.2013 11:32, schrieb Stan Hoeppner: > On 9/24/2013 3:05 AM, Robert Schetterer wrote: > >> you may get problems with older mail clients , on smtp side i discovered >> i.e netscape 7 ist not able to handle stuff bigger then 1024 >> but some more configure options maybe fine ever > > Netscape 7.2 is *9* years old, 7.0 is *11* years old. I think I'd be > right, in fact, there's no way I could be wrong, if I stated: > > Anyone using 9-11 year old software is obviously not concerned about > security. > however people still using it, and this was only some example ( there might be other mail stuff acting like this ), i agree your argument, i only want to warn about some support question might come up with more secure settings Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From noel.butler at ausics.net Tue Sep 24 14:17:22 2013 From: noel.butler at ausics.net (Noel Butler) Date: Tue, 24 Sep 2013 21:17:22 +1000 Subject: [Dovecot] 2048-bit Diffie-Hellman parameters In-Reply-To: <524159A0.2030104@hardwarefreak.com> References: <524159A0.2030104@hardwarefreak.com> Message-ID: <1380021442.16754.14.camel@tardis> On Tue, 2013-09-24 at 04:21 -0500, Stan Hoeppner wrote: > > NSA doesn't sniff the wire. They don't crack encryption. Neither are somebody hasnt been paying attention -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From ronleach at tesco.net Tue Sep 24 15:01:31 2013 From: ronleach at tesco.net (Ron Leach) Date: Tue, 24 Sep 2013 13:01:31 +0100 Subject: [Dovecot] 2048-bit Diffie-Hellman parameters In-Reply-To: References: Message-ID: <52417F1B.906@tesco.net> On 24/09/2013 07:48, Marios Titas wrote: > Currently, dovecot generates two primes for Diffie-Hellman key > exchanges: a 512-bit one and a 1024-bit one. In light of recent > events, I think it would be wise to add support for 2048-bit primes as > well, or even better, add a configuration option that lets the user > select a file (or files) containing the DH parameters > > [snip] > the case for IMAPS: it is > quite likely that the session data will include the user's > credentials. Thank you for suggesting this and, in light of the discussion that has resulted from your post, may I describe our use-case in the hope it might help shed light on why this could be worthwhile? Most of our work is subject to various non-disclosure obligations, and our staff work around the world, on short assignments of a few days, maybe a week or so, in countries who have various approaches and cultures in respect of confidentiality. It is vital for us that remote access to our mail server does not leak the user logons, because then all previous (and future) mail could be read by strangers in that country, and indeed by strangers in any country onto which our logon credentials were passed. To leak a private message is one thing, but to leak the whole mailboxes of all projects is something else completely. Additionally, if mail user names are also system logins, the problem becomes even more serious. Blackberry (in its Enterprise configuration) was thought to solve this use-case, though I've never known what cryptographic techniques RIM employ and, in any case, RIM has come under significant pressure from several countries and, we suspect, may no longer remain secure. We'd prefer to employ strong Open Source components. Though counter-party email travels in the clear over SMTP, we'd prefer that outbound email from staff (on assignment overseas) is sent from outbound mail servers in our own country (submitting via TLS, though not part of Dovecot, of course), and we'd prefer that inbound email, to the staff's MUA, is not sent in clear while they are on assignment. Using IMAPS we can ensure that mail -> MUA is always encrypted. A recent post on the OpenSSL list http://www.mail-archive.com/openssl-users at openssl.org/msg71899.html reveals that TLS evolution is being actively discussed with a view to using stronger cryptography, and that OpenSSL and GNUTLS are divergent at the moment (something I hadn't realised). Within that exchange of views, the problem of assuring end-to-end strong security, due to use of older or non-compliant components, is mentioned but (sometimes) wrongly, in my view, as a reason not to make improvements (yet). The (quite genuine) problem of end-to-end consistency can be solved, we feel, if each component is upgraded, so that sysadmins or end-users can select compatible building-blocks, including MUAs, when implementing their organisation's mail systems. I support the OP's suggestion. Could the Dovecot developer(s) consider adding support for longer key sizes? I'd like to ask a further related question, is it possible to run Dovecot with GNUTLS instead of OpenSSL? Even if it is not possible, I would still support the inclusion of more DH parameters so that Dovecot is 'OpenSSL ready' when OpenSSL does adopt stronger cipher or protocol choices. I can sort out what MUAs we use, or move to. regards, Ron From skdovecot at smail.inf.fh-brs.de Tue Sep 24 15:03:30 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 24 Sep 2013 14:03:30 +0200 (CEST) Subject: [Dovecot] Fwd: lmtp In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 24 Sep 2013, Lampa wrote: > is thought that home is enough to delivery for LDA/LMTP. On old version was > using LDA and works ok. You use: mail_location = maildir:/home/mail/%d/%n/Maildir and return no mail field in the SQL query. Therefore you depend on a correctly set "%d". > Added user to user_query and we will see if helps. So, you could also return "mail" :-) > BTW doveadm user -u is right command ? > > doveadm user -u : > -bash: syntax error near unexpected token `newline' Well, the angle brackets are usually placeholder markers, such as below, but > doveadm user -u user at domain2.com > user: invalid option -- 'u' > doveadm user [-a ] [-x ] [-f field] [-m] > [...] you are right, -u is not correct with this particular command, hence: doveadm user -u user at domain2.com > 2013/9/24 Steffen Kaiser > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Tue, 24 Sep 2013, Lampa wrote: >> >> Date: Tue, 24 Sep 2013 10:42:41 +0200 >>> From: Lampa >>> To: dovecot at dovecot.org >>> Subject: Re: [Dovecot] Fwd: lmtp >>> >>> >>> driver = mysql >>> >>> password_query = SELECT CONCAT(u.uzivatel, '@', d.domena) AS user, u.heslo >>> AS password, CONCAT('/home/mail/', d.domena, '/', u.uzivatel) AS >>> userdb_home, 111 AS userdb_uid, 114 AS userdb_gid, u.quota AS >>> userdb_quota_rule, 'Trash:ignore' AS userdb_quota_rule2 FROM uzivatele AS >>> u >>> JOIN domeny AS d ON d.id = u.domeny_id WHERE u.domeny_id = (SELECT >>> a.domeny_id_realna FROM domeny_aliasy AS a JOIN domeny AS d ON d.id = >>> a.domeny_id_alias JOIN domeny AS dd ON dd.id = a.domeny_id_realna WHERE >>> d.domena = '%d' AND d.priznak & 2 = 2 AND d.priznak & 1 = 0 AND dd.priznak >>> & 1 = 0 UNION SELECT id FROM domeny WHERE domena = '%d' AND priznak & 2 = >>> 0 >>> AND priznak & 1 = 0) AND u.uzivatel = '%n' AND u.priznak & 1 = 0 >>> >>> user_query = SELECT CONCAT('/home/mail/', d.domena, '/', u.uzivatel) AS >>> home, 111 AS uid, 114 AS gid, u.quota AS quota_rule, 'Trash:ignore' AS >>> quota_rule2 FROM uzivatele AS u JOIN domeny AS d ON d.id = u.domeny_id >>> WHERE u.domeny_id = (SELECT a.domeny_id_realna FROM domeny_aliasy AS a >>> JOIN >>> domeny AS d ON d.id = a.domeny_id_alias JOIN domeny AS dd ON dd.id = >>> a.domeny_id_realna WHERE d.domena = '%d' AND d.priznak & 2 = 2 AND >>> d.priznak & 1 = 0 AND dd.priznak & 1 = 0 UNION SELECT id FROM domeny WHERE >>> domena = '%d' AND priznak & 2 = 0 AND priznak & 1 = 0) AND u.uzivatel = >>> '%n' AND u.priznak & 1 = 0 >>> >> >> Dunno, if that applies in your situation, but the user_query does not >> return "user", hence, "doveadm user -u " should return >> domain2.com as domain. If this applies to LMTP as well, you could try, >> because there will be no password query before to fill the prefetch userdb. >> >> user_query = SELECT CONCAT(u.uzivatel, '@', d.domena) AS user, >> ... as above >> >> >>> 2013/9/24 Steffen Kaiser >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> On Tue, 24 Sep 2013, Lampa wrote: >>>> >>>> a) i think not necessary because of b) >>>> >>>>> b) yes password_query and user_query always returns rewrited domain >>>>> (returns main domain, not aliased domain) >>>>> >>>>> configs: >>>>> http://pastebin.com/PuZZZ5Pg >>>>> http://pastebin.com/eJrp769z >>>>> >>>>> >>>> What's your /etc/dovecot/dovecot-sql.conf.****ext ? >>>> >>>> >>>> >>>> - -- Steffen Kaiser >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1.4.11 (GNU/Linux) >>>> >>>> iQEVAwUBUkFPRF3r2wJMiz2NAQKydg******f9GRWttd8azegc0CelpofrFZotbCXZ** >>>> **a4r9 >>>> 5PqkKShwNWMB0qj+****maVo9Wm4wTkIEAKAqC2oExkNDNkErw****UVaBGQClx6TcQmDum2 >>>> PcjEsFMEK2nsmlhv3HvfcIhMvKexge****sPefWvLf+RsfUT1/****ClOgdgaNTGxYIfGelp >>>> 5s/****Z9DzH65U65ngWYyCmydHkRoAkUf+****tMqw874hgGkAgaY9ZYApDx9yGmpQkm** >>>> **J1t >>>> Q0VWGCnCa8V5h3pHigucWlKtGsg3/******deK0fh6XVsKqjTe0W51MdbXq8Lc39V** >>>> **oPm4P >>>> KW4YJVMgavRipBXOfVzs2mE1ikxF8M****whCNRfLO3c/DBd6924/X774A== >>>> =wOak >>>> -----END PGP SIGNATURE----- >>>> >>>> >>> >> - -- Steffen Kaiser >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.11 (GNU/Linux) >> >> iQEVAwUBUkFTK13r2wJMiz2NAQK0+**gf/YGFvZQNrZGCKEwU+**jRjyXtBeQRBD/AHB >> JgP2TD0hPnqWdR10ad5BJI++**oMmLMm9sDOzgBiTmDw1NgYGomVLcXs**lgkkxLgKHw >> 5IJw3Pa28HwdKa6SWAScAbvPffLipO**PNjzR5c/**h5VtakImR8I0V2jAqg7uBuiSlO >> LFQSeYIiyNheLZ+**vtl1GDV3XPbzRoxNezuQwwYELuGmvA**ijA/2ZUng52Z055+Pm1 >> LQlYWSXw3WZZjxmNRriAcBDNd7tok6**iBJO4RMdcDcPriRm4ojl9y4kc6vHYG**jSTr >> BFg/d5qxamwSPa6gra03b02BZ/**hMPBRfmlDekmomWuru0sC2ZUr+xg== >> =Q8vZ >> -----END PGP SIGNATURE----- >> > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUkF/kl3r2wJMiz2NAQLQYgf/XjwEk6K/FicasCcbIISenK1bsTYRmkkZ ckF3ZR7kr+VZXsdWKFWdrEq+cuIkZpti054I+hRQOwp3vBPWyERvio/2mTUhRl67 RBDwd3vSnn3v4qWDc6q5RvWG3sw+nPKk0Xh+gsyYZ7I24DfXG4jOlxhUn4bw72pA ArrHgdxiEwBHmBL8q8jncZr9dMjZ9LPPh6tIb3zCxHlX/I5lMzwE3CG2G7lDRFWI Rz6i6oUlzSeuoG/ui7YxzGxXtxmjGns+2+3Aiwf8hcvgLmXbg3q09nngE2POoAaf fCOELv/pBBhBIZk2vZcWknttzzKgCQBwIRZkgPs1RROMeGG76HghCA== =IyiP -----END PGP SIGNATURE----- From lst_hoe02 at kwsoft.de Tue Sep 24 15:04:43 2013 From: lst_hoe02 at kwsoft.de (lst_hoe02 at kwsoft.de) Date: Tue, 24 Sep 2013 14:04:43 +0200 Subject: [Dovecot] 2048-bit Diffie-Hellman parameters In-Reply-To: <1380021442.16754.14.camel@tardis> References: <524159A0.2030104@hardwarefreak.com> <1380021442.16754.14.camel@tardis> Message-ID: <20130924140443.Horde.LPw4g9FUJ2VJ8G33YDtcng2@webmail.kwsoft.de> Zitat von Noel Butler : > On Tue, 2013-09-24 at 04:21 -0500, Stan Hoeppner wrote: > > >> >> NSA doesn't sniff the wire. They don't crack encryption. Neither are > > > somebody hasnt been paying attention [OT] Why, they actually use the english TEMPORA to get the data, so at least in part they don't sniff the wire... -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6144 bytes Desc: S/MIME Cryptographic Signature URL: From lampacz+dovecot at gmail.com Tue Sep 24 15:28:15 2013 From: lampacz+dovecot at gmail.com (Lampa) Date: Tue, 24 Sep 2013 14:28:15 +0200 Subject: [Dovecot] Fwd: lmtp In-Reply-To: References: Message-ID: After home to user and password query, log contains weird messages 2013-09-24T14:15:38.704140+02:00 server dovecot: imap(user at domain.com): Error: stat(/home/mail/domain.com/user/.dovecot.lda-dupes/tmp) failed: Not a directory 2013-09-24T14:15:38.724371+02:00 server dovecot: imap(user at domain.com): Error: stat(/home/mail/domain.com/user/.dovecot.svbin/tmp) failed: Not a directory 2013/9/24 Steffen Kaiser > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 24 Sep 2013, Lampa wrote: > > is thought that home is enough to delivery for LDA/LMTP. On old version >> was >> using LDA and works ok. >> > > You use: > > mail_location = maildir:/home/mail/%d/%n/**Maildir > > and return no mail field in the SQL query. Therefore you depend on a > correctly set "%d". > > > Added user to user_query and we will see if helps. >> > > So, you could also return "mail" :-) > > > BTW doveadm user -u is right command ? >> >> doveadm user -u : >> -bash: syntax error near unexpected token `newline' >> > > Well, the angle brackets are usually placeholder markers, such as info> below, but > > > doveadm user -u user at domain2.com >> user: invalid option -- 'u' >> doveadm user [-a ] [-x ] [-f field] [-m] >> [...] >> > > you are right, -u is not correct with this particular command, hence: > > doveadm user -u user at domain2.com > > 2013/9/24 Steffen Kaiser >> >> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On Tue, 24 Sep 2013, Lampa wrote: >>> >>> Date: Tue, 24 Sep 2013 10:42:41 +0200 >>> >>>> From: Lampa >>>> To: dovecot at dovecot.org >>>> Subject: Re: [Dovecot] Fwd: lmtp >>>> >>>> >>>> driver = mysql >>>> >>>> password_query = SELECT CONCAT(u.uzivatel, '@', d.domena) AS user, >>>> u.heslo >>>> AS password, CONCAT('/home/mail/', d.domena, '/', u.uzivatel) AS >>>> userdb_home, 111 AS userdb_uid, 114 AS userdb_gid, u.quota AS >>>> userdb_quota_rule, 'Trash:ignore' AS userdb_quota_rule2 FROM uzivatele >>>> AS >>>> u >>>> JOIN domeny AS d ON d.id = u.domeny_id WHERE u.domeny_id = (SELECT >>>> a.domeny_id_realna FROM domeny_aliasy AS a JOIN domeny AS d ON d.id = >>>> a.domeny_id_alias JOIN domeny AS dd ON dd.id = a.domeny_id_realna WHERE >>>> d.domena = '%d' AND d.priznak & 2 = 2 AND d.priznak & 1 = 0 AND >>>> dd.priznak >>>> & 1 = 0 UNION SELECT id FROM domeny WHERE domena = '%d' AND priznak & 2 >>>> = >>>> 0 >>>> AND priznak & 1 = 0) AND u.uzivatel = '%n' AND u.priznak & 1 = 0 >>>> >>>> user_query = SELECT CONCAT('/home/mail/', d.domena, '/', u.uzivatel) AS >>>> home, 111 AS uid, 114 AS gid, u.quota AS quota_rule, 'Trash:ignore' AS >>>> quota_rule2 FROM uzivatele AS u JOIN domeny AS d ON d.id = u.domeny_id >>>> WHERE u.domeny_id = (SELECT a.domeny_id_realna FROM domeny_aliasy AS a >>>> JOIN >>>> domeny AS d ON d.id = a.domeny_id_alias JOIN domeny AS dd ON dd.id = >>>> a.domeny_id_realna WHERE d.domena = '%d' AND d.priznak & 2 = 2 AND >>>> d.priznak & 1 = 0 AND dd.priznak & 1 = 0 UNION SELECT id FROM domeny >>>> WHERE >>>> domena = '%d' AND priznak & 2 = 0 AND priznak & 1 = 0) AND u.uzivatel = >>>> '%n' AND u.priznak & 1 = 0 >>>> >>>> >>> Dunno, if that applies in your situation, but the user_query does not >>> return "user", hence, "doveadm user -u " should return >>> domain2.com as domain. If this applies to LMTP as well, you could try, >>> because there will be no password query before to fill the prefetch >>> userdb. >>> >>> user_query = SELECT CONCAT(u.uzivatel, '@', d.domena) AS user, >>> ... as above >>> >>> >>> 2013/9/24 Steffen Kaiser >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> >>>>> Hash: SHA1 >>>>> >>>>> On Tue, 24 Sep 2013, Lampa wrote: >>>>> >>>>> a) i think not necessary because of b) >>>>> >>>>> b) yes password_query and user_query always returns rewrited domain >>>>>> (returns main domain, not aliased domain) >>>>>> >>>>>> configs: >>>>>> http://pastebin.com/PuZZZ5Pg >>>>>> http://pastebin.com/eJrp769z >>>>>> >>>>>> >>>>>> What's your /etc/dovecot/dovecot-sql.conf.******ext ? >>>>> >>>>> >>>>> >>>>> >>>>> - -- Steffen Kaiser >>>>> -----BEGIN PGP SIGNATURE----- >>>>> Version: GnuPG v1.4.11 (GNU/Linux) >>>>> >>>>> iQEVAwUBUkFPRF3r2wJMiz2NAQKydg**********f9GRWttd8azegc0CelpofrFZotbCXZ >>>>> **** >>>>> **a4r9 >>>>> 5PqkKShwNWMB0qj+******maVo9Wm4wTkIEAKAqC2oExkNDNkErw** >>>>> ****UVaBGQClx6TcQmDum2 >>>>> PcjEsFMEK2nsmlhv3HvfcIhMvKexge******sPefWvLf+RsfUT1/****** >>>>> ClOgdgaNTGxYIfGelp >>>>> 5s/******Z9DzH65U65ngWYyCmydHkRoAkUf+******** >>>>> tMqw874hgGkAgaY9ZYApDx9yGmpQkm**** >>>>> **J1t >>>>> Q0VWGCnCa8V5h3pHigucWlKtGsg3/**********deK0fh6XVsKqjTe0W51MdbXq8Lc39V* >>>>> *** >>>>> **oPm4P >>>>> KW4YJVMgavRipBXOfVzs2mE1ikxF8M******whCNRfLO3c/DBd6924/X774A== >>>>> =wOak >>>>> -----END PGP SIGNATURE----- >>>>> >>>>> >>>>> >>>> - -- Steffen Kaiser >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.11 (GNU/Linux) >>> >>> iQEVAwUBUkFTK13r2wJMiz2NAQK0+****gf/YGFvZQNrZGCKEwU+****jRjyXtBeQRBD/AHB >>> JgP2TD0hPnqWdR10ad5BJI++****oMmLMm9sDOzgBiTmDw1NgYGomVLcXs****lgkkxLgKHw >>> 5IJw3Pa28HwdKa6SWAScAbvPffLipO****PNjzR5c/****h5VtakImR8I0V2jAqg7uBuiSlO >>> LFQSeYIiyNheLZ+****vtl1GDV3XPbzRoxNezuQwwYELuGmvA****ijA/2ZUng52Z055+Pm1 >>> LQlYWSXw3WZZjxmNRriAcBDNd7tok6******iBJO4RMdcDcPriRm4ojl9y4kc6vHYG** >>> **jSTr >>> BFg/d5qxamwSPa6gra03b02BZ/****hMPBRfmlDekmomWuru0sC2ZUr+xg== >>> =Q8vZ >>> -----END PGP SIGNATURE----- >>> >>> >> > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUkF/**kl3r2wJMiz2NAQLQYgf/XjwEk6K/**FicasCcbIISenK1bsTYRmkkZ > ckF3ZR7kr+VZXsdWKFWdrEq+**cuIkZpti054I+**hRQOwp3vBPWyERvio/2mTUhRl67 > RBDwd3vSnn3v4qWDc6q5RvWG3sw+**nPKk0Xh+**gsyYZ7I24DfXG4jOlxhUn4bw72pA > ArrHgdxiEwBHmBL8q8jncZr9dMjZ9L**PPh6tIb3zCxHlX/**I5lMzwE3CG2G7lDRFWI > Rz6i6oUlzSeuoG/**ui7YxzGxXtxmjGns+2+**3Aiwf8hcvgLmXbg3q09nngE2POoAaf > fCOELv/**pBBhBIZk2vZcWknttzzKgCQBwIRZkg**Ps1RROMeGG76HghCA== > =IyiP > -----END PGP SIGNATURE----- > From skdovecot at smail.inf.fh-brs.de Tue Sep 24 16:17:04 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen) Date: Tue, 24 Sep 2013 15:17:04 +0200 Subject: [Dovecot] Fwd: lmtp In-Reply-To: References: Message-ID: <524190D0.2020609@smail.inf.fh-brs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lampa wrote: > After home to user and password query, log contains weird messages > > 2013-09-24T14:15:38.704140+02:00 server dovecot: > imap(user at domain.com): Error: > stat(/home/mail/domain.com/user/.dovecot.lda-dupes/tmp) failed: > Not a directory 2013-09-24T14:15:38.724371+02:00 server dovecot: > imap(user at domain.com): Error: > stat(/home/mail/domain.com/user/.dovecot.svbin/tmp) failed: Not a > directory How does your /etc/dovecot/dovecot-sql.conf.ext looks now? Did you changed something else? > 2013/9/24 Steffen Kaiser > > On Tue, 24 Sep 2013, Lampa wrote: > > is thought that home is enough to delivery for LDA/LMTP. On old > version >>>> was using LDA and works ok. >>>> > > You use: > > mail_location = maildir:/home/mail/%d/%n/**Maildir > > and return no mail field in the SQL query. Therefore you depend on > a correctly set "%d". > > > Added user to user_query and we will see if helps. >>>> > > So, you could also return "mail" :-) > > > BTW doveadm user -u is right command ? >>>> >>>> doveadm user -u : -bash: syntax error near >>>> unexpected token `newline' >>>> > > Well, the angle brackets are usually placeholder markers, such as > below, but > > > doveadm user -u user at domain2.com >>>> user: invalid option -- 'u' doveadm user [-a >>> path>] [-x ] [-f field] [-m] [...] >>>> > > you are right, -u is not correct with this particular command, > hence: > > doveadm user -u user at domain2.com > > 2013/9/24 Steffen Kaiser >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> On Tue, 24 Sep 2013, Lampa wrote: >>>>> >>>>> Date: Tue, 24 Sep 2013 10:42:41 +0200 >>>>> >>>>>> From: Lampa To: >>>>>> dovecot at dovecot.org Subject: Re: [Dovecot] Fwd: lmtp >>>>>> >>>>>> >>>>>> driver = mysql >>>>>> >>>>>> password_query = SELECT CONCAT(u.uzivatel, '@', d.domena) >>>>>> AS user, u.heslo AS password, CONCAT('/home/mail/', >>>>>> d.domena, '/', u.uzivatel) AS userdb_home, 111 AS >>>>>> userdb_uid, 114 AS userdb_gid, u.quota AS >>>>>> userdb_quota_rule, 'Trash:ignore' AS userdb_quota_rule2 >>>>>> FROM uzivatele AS u JOIN domeny AS d ON d.id = >>>>>> u.domeny_id WHERE u.domeny_id = (SELECT >>>>>> a.domeny_id_realna FROM domeny_aliasy AS a JOIN domeny AS >>>>>> d ON d.id = a.domeny_id_alias JOIN domeny AS dd ON dd.id >>>>>> = a.domeny_id_realna WHERE d.domena = '%d' AND d.priznak >>>>>> & 2 = 2 AND d.priznak & 1 = 0 AND dd.priznak & 1 = 0 >>>>>> UNION SELECT id FROM domeny WHERE domena = '%d' AND >>>>>> priznak & 2 = 0 AND priznak & 1 = 0) AND u.uzivatel = >>>>>> '%n' AND u.priznak & 1 = 0 >>>>>> >>>>>> user_query = SELECT CONCAT('/home/mail/', d.domena, '/', >>>>>> u.uzivatel) AS home, 111 AS uid, 114 AS gid, u.quota AS >>>>>> quota_rule, 'Trash:ignore' AS quota_rule2 FROM uzivatele >>>>>> AS u JOIN domeny AS d ON d.id = u.domeny_id WHERE >>>>>> u.domeny_id = (SELECT a.domeny_id_realna FROM >>>>>> domeny_aliasy AS a JOIN domeny AS d ON d.id = >>>>>> a.domeny_id_alias JOIN domeny AS dd ON dd.id = >>>>>> a.domeny_id_realna WHERE d.domena = '%d' AND d.priznak & >>>>>> 2 = 2 AND d.priznak & 1 = 0 AND dd.priznak & 1 = 0 UNION >>>>>> SELECT id FROM domeny WHERE domena = '%d' AND priznak & 2 >>>>>> = 0 AND priznak & 1 = 0) AND u.uzivatel = '%n' AND >>>>>> u.priznak & 1 = 0 >>>>>> >>>>>> >>>>> Dunno, if that applies in your situation, but the >>>>> user_query does not return "user", hence, "doveadm user -u >>>>> " should return domain2.com as domain. If >>>>> this applies to LMTP as well, you could try, because there >>>>> will be no password query before to fill the prefetch >>>>> userdb. >>>>> >>>>> user_query = SELECT CONCAT(u.uzivatel, '@', d.domena) AS >>>>> user, ... as above >>>>> >>>>> >>>>> 2013/9/24 Steffen Kaiser >>>>> >>>>>> >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> >>>>>>> Hash: SHA1 >>>>>>> >>>>>>> On Tue, 24 Sep 2013, Lampa wrote: >>>>>>> >>>>>>> a) i think not necessary because of b) >>>>>>> >>>>>>> b) yes password_query and user_query always returns >>>>>>> rewrited domain >>>>>>>> (returns main domain, not aliased domain) >>>>>>>> >>>>>>>> configs: http://pastebin.com/PuZZZ5Pg >>>>>>>> http://pastebin.com/eJrp769z >>>>>>>> >>>>>>>> >>>>>>>> What's your /etc/dovecot/dovecot-sql.conf.******ext >>>>>>>> ? >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> - -- Steffen Kaiser >>>>>>> >> > - -- Steffen Kaiser H Bonn-Rhein-Sieg | e-mail: Steffen.Kaiser at H-BRS.DE FB Informatik | Grantham-Allee 20 | phone : +49 2241/865-203 53757 Sankt Augustin | Germany - Deutschland | fax : +49 2241/865-8203 - -- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBUkGQ0F3r2wJMiz2NAQJeTwf7B/gz2z/RQ5i6mk++XRQRy2coOJpU0CUL /sZdV2UxqDZCMoHjjcUCQvCUZVB6TCiOer7nvulAQxsV3cQ9fRvnAHGW8GCqrNUr GQ5FyGqBhrt3LdPD8fhMpFoUKo1Yi4pOzFOG3VXy9+oo5YAbM+ad71kwtqetV0CK CP28/JEveWjhWW0dAAB0giOzyujINu5hrWUvWpikCbInQ+sqpD3CJwajh9Tq6gh2 9C/F1cqHgUsTeCqOTsfGTEJfXTVtQgqlInXn9ljwdmPTeiqWp3BXKph+XINYZSMK 6KgK7WexdeNM48qx0EWry9VAHY4aL8jA6IQciIkJCO546NsYTWkjLQ== =1jE2 -----END PGP SIGNATURE----- From me at staticsafe.ca Tue Sep 24 16:23:12 2013 From: me at staticsafe.ca (staticsafe) Date: Tue, 24 Sep 2013 09:23:12 -0400 Subject: [Dovecot] Linux SO_REUSEPORT In-Reply-To: <20130924060627.GA2607@anubis.morrow.me.uk> References: <97D3689D-825D-415C-9403-6674F3808A17@iki.fi> <20130923065420.565a4416@scorpio> <0DA0A207-BBA1-462A-93DE-8B4AD35A4FE8@iki.fi> <20130924060627.GA2607@anubis.morrow.me.uk> Message-ID: <52419240.3030209@staticsafe.ca> On 9/24/2013 02:06, Ben Morrow wrote: > At 2PM +0300 on 23/09/13 you Timo Sirainen wrote: >> > [SO_REUSEPORT] >> >> This feature originated from BSDs that had it long time ago. > > SO_REUSEPORT was introduced in 4.4 BSD, but the new Linux feature which > includes load balancing is something rather different. It's a pity the > Linux (Google?) people didn't choose a different name for it. > > 4.4's SO_REUSEPORT just allows multiple (pre-TIME_WAIT) sockets to bind > to the same local address:port. It was introduced for the benefit of > multicast apps; AFAIK its only significant non-multicast use is in ftpd, > which in active mode has to create lots of outgoing sockets originating > from the same source address:port. The question of load balancing > obviously doesn't apply here, since the connections are initiated by the > server. > > With a 4.4 implementation, setting SO_REUSEPORT is actively bad for > something like Dovecot: while all the sockets will be allowed to bind, > connections will only be passed to the first until that is closed, then > to the next, and so on. Of the BSDs, DragonFly has implemented the Linux > semantics (including a fix for the bug mentioned in your commit > message); I believe the others, including OSX, are still using the 4.4 > code. > > Ben > Details of Linux SO_REUSEPORT implementation can be found here: https://lwn.net/Articles/542629/ -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post. It is not logical. Please don't CC me! I'm subscribed to whatever list I just posted on. From tss at iki.fi Tue Sep 24 16:24:58 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 24 Sep 2013 16:24:58 +0300 Subject: [Dovecot] 2048-bit Diffie-Hellman parameters In-Reply-To: <52417F1B.906@tesco.net> References: <52417F1B.906@tesco.net> Message-ID: <6281C118-51F1-4E9A-840F-08A244FC1149@iki.fi> On 24.9.2013, at 15.01, Ron Leach wrote: > I support the OP's suggestion. Could the Dovecot developer(s) consider adding support for longer key sizes? My answer from a few days ago on a different thread: http://dovecot.org/list/dovecot/2013-September/092615.html > I'd like to ask a further related question, is it possible to run Dovecot with GNUTLS instead of OpenSSL? It used to be, but GNUTLS kept changing API and Dovecot nowadays doesn't support it. From megodin at inboxalias.com Tue Sep 24 17:07:38 2013 From: megodin at inboxalias.com (megodin at inboxalias.com) Date: Tue, 24 Sep 2013 10:07:38 -0400 (EDT) Subject: [Dovecot] Bug report: "doveadm rename" encodes special characters wrongly in mUTF-7 (in fs) Message-ID: > If doveadm says it's invalid UTF-8, it's invalid UTF-8. I guess your > terminal isn't actually using UTF-8 then, but something else. ("locale" > output should say something about UTF-8.) I guess doveadm could also > automatically translate parameters to UTF-8, but that's a bit annoying > to implement. You were absolutely right. After thorough testing I could make up the problem to the SSH-Client PuTTY I was using on a Windows machine while testing. The default "remote character setting" is "ISO-8859-1:1998 (Latin-1, West Europe)", when re-setting to "UTF-8", opening a new shell and testing the "doveadm mailbox rename ..." with german umlauts just works fine then. (Just for the sake of completeness, the "locale" settings were set to (LANG=de_DE.utf-8) globally in /etc/sysconfig/i18n per default.) > The problem here is that * is expanded by your shell, not doveadm. > And it expands into Tr&-AOQ-sh as it's in the filesystem, but that's > only the mUTF-7 encoding of it. The UTF-8 version of the name is > Tr&AOQ-sh. So doveadm only sees that you attempted to resync a > nonexistent mailbox. Using '*' with quotes would work, since doveadm > would do the expansion then. Thanks for pointing that * / '*' issue out. I now unterstand that the "doevadm mailbox rename" converts the input to UTF _before_ applying it in the filesystem. Now it makes sense that doveadm mailbox rename -u user 'Trash' 'Tr&AOQ-sh' must be expanded to Tr&-AOQ-sh. The "-" character directly after the "&"in Tr&-AOQ-sh comes from a special mUTF-Specification (as stated in RFC 3501, section 5.1.3): "In modified UTF-7, printable US-ASCII characters, except for "&", represent themselves; that is, characters with octet values 0x20-0x25 and 0x27-0x7e. The character "&" (0x26) is represented by the two-octet sequence "&-"." So e.g. if I wanted a german umlaut to be encoded in the filesystem, I must enter it directly into dovedm instead of the UTF encoded value. One small point left... > The UTF-8 version of the name is Tr&AOQ-sh Just for understanding - "Tr&AOQ-sh" is IMHO UTF-7, not UTF-8. Accordingly to what stated before, "Tr&-AOQ-sh" and "Tr&AOQ-sh" are encoded both the same (UTF-7), the first seen in clients as "Tr&AOQ-sh" and the second as "Tr??sh". Thanks for all your help! Megodin --- Alle Postf??cher an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen _________________________________________________________________ Send and receive anonymous emails to your inbox with InboxAlias. http://www.inboxalias.com From lists at necoro.eu Tue Sep 24 19:16:49 2013 From: lists at necoro.eu (=?ISO-8859-15?Q?Ren=E9_Neumann?=) Date: Tue, 24 Sep 2013 18:16:49 +0200 Subject: [Dovecot] Strange errors with imapc+acl in 2.2.x Message-ID: <5241BAF1.3030701@necoro.eu> Hi, after migrating to 2.2 (currently using 2.2.5), I see strange error messages when using imapc + public namespace + acl My setup: I create a public shared mailbox with imapc as location. Then I restrict this mailbox to one user only using ACLs. This works for this one special user, but for all others an error gets logged and they can't access their mailbox anymore: Sep 24 18:09:46 [dovecot] imap(other at my.domain): Error: user other at my.domain: Initialization failed: Namespace 'Gemeinsam.': Ambiguous mail location setting, don't know what to do with it: yes (try prefixing it with mbox: or maildir:) Sep 24 18:09:46 [dovecot] imap(other at my.domain): Error: Invalid user settings. Refer to server log for more information. My config (relevant parts): ------------------ Dovecot conf ---------------- imapc_host = some_host imapc_port = 143 imapc_user = some_user imapc_password = some3$pwd imapc_ssl = starttls imapc_ssl_verify = no namespace gemeinsam { type = public separator = . location = imapc: prefix = Gemeinsam. subscriptions = no } # I also tried different combinations of hidden and list plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 } ------------- /etc/dovecot/global-acls/Gemeinsam ------- anyone user=special at my.domain lrwstipekxa -------------------------------------------------------- Does anyone have any thoughts about this? Thanks, Ren? From alex at wasmuth.org Tue Sep 24 21:10:59 2013 From: alex at wasmuth.org (Alexander Wasmuth) Date: Tue, 24 Sep 2013 20:10:59 +0200 Subject: [Dovecot] Delete to Archive? In-Reply-To: References: Message-ID: <5C35728E-F9A1-4708-B74B-1C78F81025FA@wasmuth.org> On 23.09.2013, at 20:16, James E. Pace wrote: > I recently switched from being a Gmail user to running Dovecot [2.1.10] on my server. Thank you for an easy to use piece of software that solves problems! > > I am trying (unsuccessfully) to replicate something from GMail. When I delete a message on my iPhone (or other client), I would like to have it moved to an "All Mail" or Archive folder, instead of actually deleting it. > > Is this possible? I guess you can just create an 'Archive' folder (that will be recognized in iOS and Mail.app) and remap your iPhone delete action to 'archive': http://appleinsider.com/articles/13/06/27/inside-ios-7-mail-gets-gesture-support-and-reworked-ui From james at PaceHouse.com Tue Sep 24 22:00:55 2013 From: james at PaceHouse.com (James E. Pace) Date: Tue, 24 Sep 2013 12:00:55 -0700 Subject: [Dovecot] =?utf-8?q?Delete_to_Archive=3F?= In-Reply-To: <5C35728E-F9A1-4708-B74B-1C78F81025FA@wasmuth.org> References: <5C35728E-F9A1-4708-B74B-1C78F81025FA@wasmuth.org> Message-ID: On 09/24/2013 11:10 AM, Alexander Wasmuth wrote: > On 23.09.2013, at 20:16, James E. Pace wrote: > >> I recently switched from being a Gmail user to running Dovecot >> [2.1.10] on my server. Thank you for an easy to use piece of software >> that solves problems! >> >> I am trying (unsuccessfully) to replicate something from GMail. When >> I delete a message on my iPhone (or other client), I would like to >> have it moved to an "All Mail" or Archive folder, instead of actually >> deleting it. >> >> Is this possible? > > I guess you can just create an 'Archive' folder (that will be > recognized in iOS and Mail.app) and remap your iPhone delete action to > 'archive': > > http://appleinsider.com/articles/13/06/27/inside-ios-7-mail-gets-gesture-support-and-reworked-ui Thank you so much! That allows me to do exactly what I want on the client side. James -- James E. Pace From alex at wasmuth.org Tue Sep 24 22:20:16 2013 From: alex at wasmuth.org (Alexander Wasmuth) Date: Tue, 24 Sep 2013 21:20:16 +0200 Subject: [Dovecot] Delete to Archive? In-Reply-To: References: <5C35728E-F9A1-4708-B74B-1C78F81025FA@wasmuth.org> Message-ID: <79452E2F-FE85-4545-ACB8-AFEAB551B233@wasmuth.org> On 24.09.2013, at 21:00, James E. Pace wrote: >> http://appleinsider.com/articles/13/06/27/inside-ios-7-mail-gets-gesture-support-and-reworked-ui > > Thank you so much! That allows me to do exactly what I want on the client side. Happy to hear. There is a bit of an inconsistency between Mail.app and iOS mail. In Mail.app you have two distinctive buttons/actions, delete (which deletes the email, or moves it to the trash folder) and archive (which moves it to the folder Archive, if there is a folder named 'Archive'). With iOS there is either or. Either delete the email or archive it. From reganyelcich at gmail.com Tue Sep 24 23:54:33 2013 From: reganyelcich at gmail.com (Regan Yelcich) Date: Wed, 25 Sep 2013 08:54:33 +1200 Subject: [Dovecot] Delete to Archive? In-Reply-To: <79452E2F-FE85-4545-ACB8-AFEAB551B233@wasmuth.org> References: <5C35728E-F9A1-4708-B74B-1C78F81025FA@wasmuth.org> <79452E2F-FE85-4545-ACB8-AFEAB551B233@wasmuth.org> Message-ID: <92787F1B-D7A3-4859-814E-D907FF16EA56@gmail.com> Would you need to set the Archive folder up to autosubscribe? Can anyone provide an example? Thanks. > On 25/09/2013, at 7:20 am, Alexander Wasmuth wrote: > > On 24.09.2013, at 21:00, James E. Pace wrote: > >>> http://appleinsider.com/articles/13/06/27/inside-ios-7-mail-gets-gesture-support-and-reworked-ui >> >> Thank you so much! That allows me to do exactly what I want on the client side. > > Happy to hear. There is a bit of an inconsistency between Mail.app and iOS mail. In Mail.app you have two distinctive buttons/actions, delete (which deletes the email, or moves it to the trash folder) and archive (which moves it to the folder Archive, if there is a folder named 'Archive'). > > With iOS there is either or. Either delete the email or archive it. From noel.butler at ausics.net Wed Sep 25 00:41:06 2013 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 25 Sep 2013 07:41:06 +1000 Subject: [Dovecot] 2048-bit Diffie-Hellman parameters In-Reply-To: <20130924140443.Horde.LPw4g9FUJ2VJ8G33YDtcng2@webmail.kwsoft.de> References: <524159A0.2030104@hardwarefreak.com> <1380021442.16754.14.camel@tardis> <20130924140443.Horde.LPw4g9FUJ2VJ8G33YDtcng2@webmail.kwsoft.de> Message-ID: <1380058866.4336.16.camel@tardis> On Tue, 2013-09-24 at 14:04 +0200, lst_hoe02 at kwsoft.de wrote: > [OT] Why, they actually use the english TEMPORA to get the data, so at > least in part they don't sniff the wire... > Tempora, amongst others (remember tempora is pretty old now) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From mark-clist at npsl.co.uk Wed Sep 25 02:06:31 2013 From: mark-clist at npsl.co.uk (Mark Weaver) Date: Wed, 25 Sep 2013 00:06:31 +0100 Subject: [Dovecot] imaptest-20130617 seems to be reporting spurious header changes Message-ID: <52421AF7.70307@npsl.co.uk> I'm trying to use this to test an IMAP server I'm developing (I picked the nightly up from the link on the wiki page at http://www.imapwiki.org/ImapTest/Installation). With one client using the mailbox dovecot-crlf (http://www.dovecot.org/tmp/dovecot-crlf) I get messages like: Error: test at npsl.co.uk[67]: 1035253882.5041.34.camel at hurina: Header From changed 'Timo Sirainen Timo Sirainen 'Timo Sirainen ' (len 26): * 1 FETCH (UID 2093 FLAGS () BODY ("text" "plain" ("charset" "us-ascii") NIL NIL "7bit" 913 0) BODY[HEADER.FIELDS (From From Delivered-To) ] "From: Timo Sirainen From: Timo Sirainen Delivered-To: dovecot at procontrol.fi " ENVELOPE ("22 Oct 2002 05:31:22 +0300" "[dovecot] Re: Architectural questions" (("Timo Sirainen" NIL "tss" "iki.fi")) (("" NIL "dovecot-bounce" "procontrol.fi")) (("Timo Sirainen" NIL "tss" "iki.fi")) (("" NIL "dovecot" "procontrol.fi")) NIL NIL "<1035249894.5044.28.camel at hurina>" "<1035253882.5041.34.camel at hurina>") BODY[HEADER.FIELDS (Cc Cc From) ] "From: Timo Sirainen ") (I added the dump of the string length by modifying the code). As I am reading it the test program has got the wrong string rather than the server -- the From header in the mbox file is From: Timo Sirainen which is 26 characters long, not 52, and includes the closing angle bracket, and the code that prints the header out is in src/mailbox-state.c, line 377: client_state_error(client, "%s: Header %s changed '%.*s' (len %d) -> '%.*\ s' (len %d)", msg->message_id, fetch_headers[i].name, (int)orig_headers[j].value_len, (const char *)orig_headers[j].value, (int)orig_headers[j].value_len, (int)fetch_headers[i].value_len, (const char *)fetch_headers[i].value, (int)fetch_headers[i].value_len); Have I read this upside down or is there an issue with the tests? If it is an issue with the tests, any pointers as to where to start looking for the issue would be helpful. Thanks, Mark From charlesc-dovecot at pyropus.ca Wed Sep 25 03:06:04 2013 From: charlesc-dovecot at pyropus.ca (Charles Cazabon) Date: Tue, 24 Sep 2013 18:06:04 -0600 Subject: [Dovecot] Passing info from mail process to mail_filter plugin script? In-Reply-To: <6684A9E4-B9B2-40E8-A2BF-5A537FBD9DF3@iki.fi> References: <20130921173240.GB1722@pyropus.ca> <6684A9E4-B9B2-40E8-A2BF-5A537FBD9DF3@iki.fi> Message-ID: <20130925000604.GA9006@pyropus.ca> Timo Sirainen wrote: > > Without modifications the only way to pass data is via the plugin { > mail_filter } parameters, such as the %u expanding to username in the > example. I hacked an additional %variable (I used %q) into a copy of mail-user.c:mail_user_var_expand_table () (and called this modified version instead of the original, in the same place it is normally called), and moved my data collection around in imap/main.c:settings_var_expand() so that my info was available at the time mail_user->var_expand_table is populated. This appears to be working thus far. If I iterate over that table, my custom variable is present and has a correct key, value, and long_key before client_create() is called. But when I put %q into the mail_filter config like so: mail_plugins = $mail_plugins mail_filter plugin { mail_filter = mail-filter %q foo %u mail_filter_out = mail-filter-out %u } ... and restart Dovecot, I find that the filter script is only being passed 2 arguments, the constant "foo" in the above and the username. The %q does not appear to be getting replaced; it's just skipped over. It's not even passing an empty string in its place. Am I modifying the correct var_expand_table here? Is there any step I've missed in making the new variable get substituted properly? lib/var-expand.c doesn't appear to require anything else, but I may have missed something... Any help appreciated, Charles -- ----------------------------------------------------------------------- Charles Cazabon GPL'ed software available at: http://pyropus.ca/software/ ----------------------------------------------------------------------- From avanheuvelen at gmail.com Tue Sep 24 17:40:32 2013 From: avanheuvelen at gmail.com (Arnoud van Heuvelen) Date: Tue, 24 Sep 2013 16:40:32 +0200 Subject: [Dovecot] Problem getting a dovecot proxy to connect to another dovecot machine via STARTTLS Message-ID: I've solved the issue by setting ssl to 'any-cert' and starttls to NULL. This does a proper SSL request to the node. I still don't understand why Dovecot does a non-SSL request on an SSL port whenever I enable starttls, but I'm happy using normal SSL. Regards, From tss at iki.fi Wed Sep 25 03:58:46 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 25 Sep 2013 03:58:46 +0300 Subject: [Dovecot] imaptest-20130617 seems to be reporting spurious header changes In-Reply-To: <52421AF7.70307@npsl.co.uk> References: <52421AF7.70307@npsl.co.uk> Message-ID: <21D6A634-7630-4224-85F2-6B86FE0E2202@iki.fi> On 25.9.2013, at 2.06, Mark Weaver wrote: > I'm trying to use this to test an IMAP server I'm developing (I picked the nightly up from the link on the wiki page at http://www.imapwiki.org/ImapTest/Installation). With one client using the mailbox dovecot-crlf (http://www.dovecot.org/tmp/dovecot-crlf) I get messages like: > > Error: test at npsl.co.uk[67]: 1035253882.5041.34.camel at hurina: Header From changed 'Timo Sirainen > Timo Sirainen 'Timo Sirainen ' (len 26): * 1 FETCH (UID 2093 FLAGS () BODY ("text" "plain" ("charset" "us-ascii") NIL NIL "7bit" 913 0) BODY[HEADER.FIELDS (From From Delivered-To) ] "From: Timo Sirainen > From: Timo Sirainen > Delivered-To: dovecot at procontrol.fi Hmm. Interesting question. The issue here is that imaptest requests the From field twice, and you return it twice. Normally clients wouldn't do that, but I think the imaptest is correct here and I think most existing server implementations handle it like imaptest expects. From RFC 3501: HEADER.FIELDS and HEADER.FIELDS.NOT are followed by a list of field-name (as defined in [RFC-2822]) names, and return a subset of the header. Duplicating a From field is no longer a subset of the original header. From matthew at eeph.com Wed Sep 25 03:59:21 2013 From: matthew at eeph.com (Matthew Kaufman) Date: Tue, 24 Sep 2013 17:59:21 -0700 Subject: [Dovecot] still having dsync issues after upgrading to latest Message-ID: <52423569.2020203@eeph.com> Trying to migrate a bunch of users with mbox format to maildir format. dsync creates some directories, but otherwise does nothing. (Complained about the lack of "/" as separator until I added that to config, now is silent when running dsync except with the -D flag) I have tried dumping all the dovecot that came with my OS and built the latest sources, hoping I'd at least get a little better debug information out... but no luck. Lots of hopefully useful output below. What am I doing wrong? Matthew Kaufman # dovecot -n # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 ext4 auth_mechanisms = plain login first_valid_uid = 4999 mail_gid = 5000 mail_location = maildir:/var/mail/%d/%n mail_privileged_group = mail mail_uid = 5000 namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { antispam_allow_append_to_spam = YES antispam_backend = dspam antispam_dspam_args = --user;%u;--deliver=;--source=error antispam_dspam_binary = /usr/bin/dspam antispam_dspam_notspam = --class=innocent antispam_dspam_result_header = X-DSPAM-Result antispam_dspam_spam = --class=spam antispam_signature = X-DSPAM-Signature antispam_signature_missing = error antispam_spam = Spam;Junk antispam_trash = trash;Trash sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmaster at eeph.com protocols = imap lmtp service auth-worker { user = mail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = mail } user = dovecot } service imap-login { inet_listener imap { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } user = mail } service pop3-login { inet_listener pop3 { port = 0 } } ssl_cert = References: <20130921173240.GB1722@pyropus.ca> <6684A9E4-B9B2-40E8-A2BF-5A537FBD9DF3@iki.fi> <20130925000604.GA9006@pyropus.ca> Message-ID: <07E6A899-AC11-4716-AC36-2D9DF11F116F@iki.fi> On 25.9.2013, at 3.06, Charles Cazabon wrote: > Timo Sirainen wrote: >> >> Without modifications the only way to pass data is via the plugin { >> mail_filter } parameters, such as the %u expanding to username in the >> example. > > I hacked an additional %variable (I used %q) into a copy of > mail-user.c:mail_user_var_expand_table () (and called this modified version > instead of the original, in the same place it is normally called), and moved > my data collection around in imap/main.c:settings_var_expand() so that my info > was available at the time mail_user->var_expand_table is populated. Better to not give a one character name, but only the long name so it won't conflict with any future Dovecot additions. > This appears to be working thus far. If I iterate over that table, my custom > variable is present and has a correct key, value, and long_key before > client_create() is called. > > But when I put %q into the mail_filter config like so: > > mail_plugins = $mail_plugins mail_filter > > plugin { > mail_filter = mail-filter %q foo %u > mail_filter_out = mail-filter-out %u > } > > ... and restart Dovecot, I find that the filter script is only being passed 2 > arguments, the constant "foo" in the above and the username. The %q does not > appear to be getting replaced; it's just skipped over. It's not even passing > an empty string in its place. Hmm. yeah, the empty string isn't there because mail-filter uses t_strsplit_spaces() instead of t_strsplit(). I suppose it should use t_strsplit(). > Am I modifying the correct var_expand_table here? Is there any step I've > missed in making the new variable get substituted properly? lib/var-expand.c > doesn't appear to require anything else, but I may have missed something? It looks like this should be correct. The plugin settings expansion i done by mail-user.c:mail_user_expand_plugins_envs(). The other possibility would be that you just modify mail-filter plugin and add the extra parameter without any %variable changes. Probably better since then you don't need to patch Dovecot core itself. From tss at iki.fi Wed Sep 25 04:14:37 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 25 Sep 2013 04:14:37 +0300 Subject: [Dovecot] still having dsync issues after upgrading to latest In-Reply-To: <52423569.2020203@eeph.com> References: <52423569.2020203@eeph.com> Message-ID: On 25.9.2013, at 3.59, Matthew Kaufman wrote: > Trying to migrate a bunch of users with mbox format to maildir format. dsync creates some directories, but otherwise does nothing. (Complained about the lack of "/" as separator until I added that to config, now is silent when running dsync except with the -D flag) > > I have tried dumping all the dovecot that came with my OS and built the latest sources, hoping I'd at least get a little better debug information out... but no luck. > > Lots of hopefully useful output below. > > What am I doing wrong? > > # /usr/local/bin/dsync -D -u matthew at matthew.at mirror mbox:./Mail:INBOX=./matthew I'm not sure how relative directories work. Try using absolute paths? so mbox:/full/path/Mail:INBOX=/full/path/matthew From matthew at eeph.com Wed Sep 25 04:21:06 2013 From: matthew at eeph.com (Matthew Kaufman) Date: Tue, 24 Sep 2013 18:21:06 -0700 Subject: [Dovecot] still having dsync issues after upgrading to latest In-Reply-To: References: <52423569.2020203@eeph.com> Message-ID: <52423A82.5000409@eeph.com> On 9/24/2013 6:14 PM, Timo Sirainen wrote: > On 25.9.2013, at 3.59, Matthew Kaufman wrote: > >> Trying to migrate a bunch of users with mbox format to maildir format. dsync creates some directories, but otherwise does nothing. (Complained about the lack of "/" as separator until I added that to config, now is silent when running dsync except with the -D flag) >> >> I have tried dumping all the dovecot that came with my OS and built the latest sources, hoping I'd at least get a little better debug information out... but no luck. >> >> Lots of hopefully useful output below. >> >> What am I doing wrong? >> >> # /usr/local/bin/dsync -D -u matthew at matthew.at mirror mbox:./Mail:INBOX=./matthew > I'm not sure how relative directories work. Try using absolute paths? so mbox:/full/path/Mail:INBOX=/full/path/matthew > Wow, sure enough. I'd tried lots of things, but not full paths. Thanks. Matthew Kaufman From tss at iki.fi Wed Sep 25 04:42:11 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 25 Sep 2013 04:42:11 +0300 Subject: [Dovecot] Strange errors with imapc+acl in 2.2.x In-Reply-To: <5241BAF1.3030701@necoro.eu> References: <5241BAF1.3030701@necoro.eu> Message-ID: <4803B21F-5647-497B-A382-918F455DFCE0@iki.fi> On 24.9.2013, at 19.16, Ren? Neumann wrote: > after migrating to 2.2 (currently using 2.2.5), I see strange error > messages when using imapc + public namespace + acl > > My setup: I create a public shared mailbox with imapc as location. Then > I restrict this mailbox to one user only using ACLs. > > This works for this one special user, but for all others an error gets > logged and they can't access their mailbox anymore: > > Sep 24 18:09:46 [dovecot] imap(other at my.domain): Error: user > other at my.domain: Initialization failed: Namespace 'Gemeinsam.': > Ambiguous mail location setting, don't know what to > do with it: yes (try prefixing it with mbox: or maildir:) I can't reproduce this. Set mail_debug=yes and show what's in the logs? From tss at iki.fi Wed Sep 25 04:45:59 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 25 Sep 2013 04:45:59 +0300 Subject: [Dovecot] Apple IOS 7 Mail APP uses multi body searches by default In-Reply-To: <52414104.90707@enas.net> References: <52414104.90707@enas.net> Message-ID: On 24.9.2013, at 10.36, Urban Loesch wrote: > today we found this blogpost: > > http://blog.fastmail.fm/2013/09/17/ios-7-mail-app-uses-multi-folder-body-searches-by-default/ > > Have you any idea if this could impact performance of dovecot using mdbox format with 10MB per file size and zlib enabled? http://wiki2.dovecot.org/Plugins/FTS would be helpful here. Dovecot could also do some extra optimizations, but those get a bit complex. From rblayzor.bulk at inoc.net Wed Sep 25 04:52:20 2013 From: rblayzor.bulk at inoc.net (Robert Blayzor) Date: Tue, 24 Sep 2013 21:52:20 -0400 Subject: [Dovecot] Delete to Archive? In-Reply-To: <92787F1B-D7A3-4859-814E-D907FF16EA56@gmail.com> References: <5C35728E-F9A1-4708-B74B-1C78F81025FA@wasmuth.org> <79452E2F-FE85-4545-ACB8-AFEAB551B233@wasmuth.org> <92787F1B-D7A3-4859-814E-D907FF16EA56@gmail.com> Message-ID: On Sep 24, 2013, at 4:54 PM, Regan Yelcich wrote: > Would you need to set the Archive folder up to autosubscribe? Can anyone provide an example? Thanks. > > Should be pretty straight forward: namespace inbox { mailbox Archive { special_use = \Archive auto=subscribe } } -- Robert Blayzor INOC, LLC rblayzor at inoc.net http://www.inoc.net/~rblayzor/ From dovecot at r.paypc.com Wed Sep 25 08:36:57 2013 From: dovecot at r.paypc.com (Robin) Date: Tue, 24 Sep 2013 22:36:57 -0700 Subject: [Dovecot] 2048-bit Diffie-Hellman parameters In-Reply-To: <52415B28.5000308@thelounge.net> References: <524159A0.2030104@hardwarefreak.com> <52415B28.5000308@thelounge.net> Message-ID: <52427679.4090306@r.paypc.com> On 9/24/2013 2:28 AM, Reindl Harald wrote: > maybe on your server, my logs showing the opposite and since > the "smtp" are outgoing messages your conclusion of "nobody" > is strange > > cat maillog | grep smtp | grep -v smtpd | grep TLS | wc -l > 12327 > > cat maillog | grep smtpd | grep TLS | wc -l > 13350 > > cat maillog | grep smtp | grep -v smtpd | grep TLSv1.2 | wc -l > 2603 > > cat maillog | grep smtpd | grep TLSv1.2 | wc -l > 2219 This doesn't necessarily mean the encryption is effective at cloaking the data exchange. Remember: 1) Most admins who use TLS on their MTAs don't reject the transaction of the presented certificates FAIL to be validated against your local trust store's certificates. Unlike the error dialog boxes presented to the end user when a certificate fails to validate against its local trust store, these "error fallbacks" are "silent" and to most users, completely invisible. (Yes, I know most MTAs will log a TLS certificate failure in the headers, but we're talking about Lusers here, not readers of this list.) Failing certificate validity means it could be ANYONE's key/cert used to setup the ephemeral connection, and you can place no reliance on that channel being opaque to third-party scrutiny. 2) Even if you DO reject all failing certifcate trust-stores (on *ALL* MX hosts that receive/send mail), it's increasingly likely that one or more of those root certificates are compromised, either publicly(*) or secretly though some back-door arrangement with the NSA. The Big Ugly elephant in the room is the notion of the NSA having a certificate signing key for VeriSlime/GeoBust/et al so that they're free to use their own key + cert in a MITM interception, with the end user being none the wiser(**). Take a tally of the jurisdictions of the big root-level CAs. It's alarmingly AUSCANNZUKUS-centric. 3) Even with all of the above dealt with, the rush for people to use Diffie-Hellman "PFS" based on elliptic curves (EC) may be itself subject to additional problems based on revelations and leaks that suggest the NSA has been busy subverting various standards and publicly designed software reference implementations to weaken its security in ways to benefit them. In particular, Schneier and Bernstein feel very uneasy about the NIST specified parametres for the EC-based cryptographic algorithms. These aren't "tin foil hatters" or kooks. To that end, there are proposals to adopt elliptic-curve parametres and methods that each and every generated public key maps to a valid EC point. See: https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1675929 http://cr.yp.to/talks/2013.05.31/slides-dan+tanja-20130531-4x3.pdf http://cr.yp.to/ecdh/curve25519-20060209.pdf An Ivory Tower organisation with total control over the clients' and the servers' configurations can pin all of its certs + keys, and configure them to dump connections that fail to validate local trust stores. This is an unfortunately very subtle and nuanced problem that defies mere "throwing more bits" at your key sizes. And I would hope that the IQ and worldly mindsets of those generally reading this list have an appreciation for why retaining complete control and privilege within your organisation's end-to-end security is important, now more than ever. It has nothing to do with "I'm not doing anything wrong, so they can read all they want." For an ISP or other provider with a "random" and "noisy" userbase with who-knows-what clients + OS/platform brain damage, the problem is probably intractable unless you accept that some users will be simply unable to access the services from some or all of their devices. =R= (*) Despite many compromised CAs (Certificate Authorities) being known publicly, I discover an annoying large number of improperly configured systems who accept these as valid. Maybe there are/were distros who incorrectly compiled lists of CAs and didn't remove those compromised CAs from the trust-store. Maybe they're out of date. Who knows why. (**) If you "pin" various trust store certificates + keys, you can detect this when it occurs. See: https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning From tss at iki.fi Wed Sep 25 10:10:05 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 25 Sep 2013 10:10:05 +0300 Subject: [Dovecot] v2.2.6 released Message-ID: <56B77929-A525-4E91-B189-697ABDBC3712@iki.fi> http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz.sig I didn't have time to look into the latest reported dsync replication bugs, but this release should have been done a long time ago already and I'm busy for next few days, so no more waiting. Things seem to be working quite well in general though. * acl: If public/shared namespace has a shared subscriptions file for all users, don't list subscription entries that are not visible to the user accessing it. + doveadm: Added "auth lookup" command for doing passdb lookup. + login_log_format_elements: Added %{orig_user}, %{orig_username} and %{orig_domain} expanding to the username exactly as sent by the client (before any changes auth process made). + Added ssl_prefer_server_ciphers setting. + auth_verbose_passwords: Log the password also for unknown users. + Linux: Added optional support for SO_REUSEPORT with inet_listener { reuse_port=yes } - director: v2.2.5 changes caused "SYNC lost" errors - dsync: Many fixes and error handling improvements - doveadm -A: Don't waste CPU by doing a separate config lookup for each user - Long-running ssl-params process no longer prevents Dovecot restart - mbox: Fixed mailbox_list_index=yes to work correctly From npap at ecs.gr Wed Sep 25 10:27:20 2013 From: npap at ecs.gr (Nikos Papadopoulos) Date: Wed, 25 Sep 2013 10:27:20 +0300 Subject: [Dovecot] unable to lock for exclusive access: Resource temporarily unavailable Message-ID: <000101ceb9c0$ac5e1770$051a4650$@gr> Dears, We have a mail server (RHEL 6.0, Postfix and Dovecot 1.0.7). The output of dovecot -n is the following: # 1.0.7: /etc/dovecot.conf protocols: pop3 login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/pop3-login mail_location: mbox:~/mail:INBOX=/var/mail/%u mail_executable: /usr/libexec/dovecot/pop3 mail_plugin_dir: /usr/lib/dovecot/pop3 pop3_client_workarounds: outlook-no-nuls oe-ns-eoh auth default: passdb: driver: pam userdb: driver: passwd During the last days we face the following problem: There is great delay in the delivery of the emails. Some seem to not be delivered at all. Issuing the mailq command we get the following message for almost all the email accounts: (cannot update mailbox /var/mail/xyz for user xyz. unable to lock for exclusive access: Resource temporarily unavailable) Please send to me any suggestions, because I cannot resolve it and I receive a lot of pressure. Best Regards, Nikos From tss at iki.fi Wed Sep 25 10:40:27 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 25 Sep 2013 10:40:27 +0300 Subject: [Dovecot] unable to lock for exclusive access: Resource temporarily unavailable In-Reply-To: <000101ceb9c0$ac5e1770$051a4650$@gr> References: <000101ceb9c0$ac5e1770$051a4650$@gr> Message-ID: On 25.9.2013, at 10.27, Nikos Papadopoulos wrote: > We have a mail server (RHEL 6.0, Postfix and Dovecot 1.0.7). > > mail_location: mbox:~/mail:INBOX=/var/mail/%u > > There is great delay in the delivery of the emails. Some seem to not be > delivered at all. Issuing the mailq command we get the following message for > almost all the email accounts: > > (cannot update mailbox /var/mail/xyz for user xyz. unable to lock for > exclusive access: Resource temporarily unavailable) mbox format is problematic in this way. Newer Dovecot versions (v2.x) do some extra work to unlock the mbox earlier with POP3. That might help you. Or you could switch to Maildir format where this isn't a problem. I'm not sure why it started happening only now and not earlier. Perhaps the POP3 clients are downloading mails more slowly, perhaps you're getting more mail and things are running slower than before. From skdovecot at smail.inf.fh-brs.de Wed Sep 25 10:45:00 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen) Date: Wed, 25 Sep 2013 09:45:00 +0200 Subject: [Dovecot] mail_plugins = antispam (was Re: (no subject)) In-Reply-To: <11099D99-54A7-4750-8CCE-85A3E236FA28@kreme.com> References: <1379396442.4569.27.camel@tardis><295158A2-A32F-4C86-9696-2C45D49D7ACC@kreme.com> <1379470777.11400.4.camel@tardis> <1DB8D58436494CB388D82485C29ECD84@geniepc2011> <11099D99-54A7-4750-8CCE-85A3E236FA28@kreme.com> Message-ID: <5242947C.6040707@smail.inf.fh-brs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 LuKreme wrote: > On 17 Sep 2013, at 21:48 , Eugene wrote: >> Actually the antispam plugin for dovecot provides (re)training >> functionality initiated by moving a message to/from Spam folder. >> > > Hmm, that sounds interesting, retraining is a real problem. I've > setup scripts to do it, but it requires users moving spam out of > the spam folder into a specific "notSpam" folder, and they just > won't do that. your users keep ham-messages in the Spam folder? The antispam plugin triggers as soon as a message is copied from a SPAM folder into another folder, that does neither match spam nor trash pattern. However, the problem is what spam folders to use, IMHO. If you use a folder, that is used by MUAs to automatically move spam into, you might learn false positives. Some systems cannot "unlearn" a message 100%, so you poison the database. If you use another folder, your users won't move messages from the MUA's junk folder there, hence, you miss spam. - -- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBUkKUfF3r2wJMiz2NAQKvQgf+M7ZKt6DKiPrKP/A6Qlp1TU9Yjs32Um5E Th1vHXPRE4p0xaRP9XQqt9hbreHfzRCNLk7ADKG3SfFEgtfzgzFhCJ5CShNkuIpI rWqt58X0fE5T0mYJii4HCG1gPaE3Pe0m8QQldxIjIpZ/pIYnIrrcgb7Dy2KV4fJ4 1UpSWsKa0iKKaKuT96ND7U5U5mO2LqSLQRRVKA4bQy6axy7zOhqoWznWTPwX5zfI M0y/ze4NHE+r7SD5kM4o2YG/1oJ0v16LCk51OBpCp+boI1TlHlHdomt4n3Pb2JRk MQzh5y5RoHcM0WB+BEidlk9nCGXvpK4Hx5zMz8pA0GCi9vDJnbhMKg== =vLSz -----END PGP SIGNATURE----- From Ralf.Hildebrandt at charite.de Wed Sep 25 11:00:39 2013 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Wed, 25 Sep 2013 10:00:39 +0200 Subject: [Dovecot] v2.2.6 released In-Reply-To: <56B77929-A525-4E91-B189-697ABDBC3712@iki.fi> References: <56B77929-A525-4E91-B189-697ABDBC3712@iki.fi> Message-ID: <20130925080039.GE23917@charite.de> * Timo Sirainen : > http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz.sig Works like a charm here. Tinkering with ciphers & ssl_prefer_server_ciphers now. -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From npap at ecs.gr Wed Sep 25 12:17:47 2013 From: npap at ecs.gr (npap at ecs.gr) Date: Wed, 25 Sep 2013 12:17:47 +0300 Subject: [Dovecot] unable to lock for exclusive access: Resource temporarily unavailable In-Reply-To: References: <000101ceb9c0$ac5e1770$051a4650$@gr> Message-ID: <20130925121747.85301rn9z3my2zi3@webmail.ecs.gr> Could you please provide more information about what you mean with Maildir format? I am not so familiar. Is it a quick and stable solution? Best Regards, Nikos Quoting Timo Sirainen : > On 25.9.2013, at 10.27, Nikos Papadopoulos wrote: > >> We have a mail server (RHEL 6.0, Postfix and Dovecot 1.0.7). >> >> mail_location: mbox:~/mail:INBOX=/var/mail/%u >> >> There is great delay in the delivery of the emails. Some seem to not be >> delivered at all. Issuing the mailq command we get the following message for >> almost all the email accounts: >> >> (cannot update mailbox /var/mail/xyz for user xyz. unable to lock for >> exclusive access: Resource temporarily unavailable) > > mbox format is problematic in this way. Newer Dovecot versions > (v2.x) do some extra work to unlock the mbox earlier with POP3. That > might help you. Or you could switch to Maildir format where this > isn't a problem. I'm not sure why it started happening only now and > not earlier. Perhaps the POP3 clients are downloading mails more > slowly, perhaps you're getting more mail and things are running > slower than before. > > From rs at sys4.de Wed Sep 25 12:30:41 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 25 Sep 2013 11:30:41 +0200 Subject: [Dovecot] unable to lock for exclusive access: Resource temporarily unavailable In-Reply-To: <20130925121747.85301rn9z3my2zi3@webmail.ecs.gr> References: <000101ceb9c0$ac5e1770$051a4650$@gr> <20130925121747.85301rn9z3my2zi3@webmail.ecs.gr> Message-ID: <5242AD41.7010202@sys4.de> Am 25.09.2013 11:17, schrieb npap at ecs.gr: > Could you please provide more information about what you mean with > Maildir format? I am not so familiar. > Is it a quick and stable solution? > > Best Regards, > > Nikos > > Quoting Timo Sirainen : > >> On 25.9.2013, at 10.27, Nikos Papadopoulos wrote: >> >>> We have a mail server (RHEL 6.0, Postfix and Dovecot 1.0.7). >>> >>> mail_location: mbox:~/mail:INBOX=/var/mail/%u >>> >>> There is great delay in the delivery of the emails. Some seem to not be >>> delivered at all. Issuing the mailq command we get the following >>> message for >>> almost all the email accounts: >>> >>> (cannot update mailbox /var/mail/xyz for user xyz. unable to lock for >>> exclusive access: Resource temporarily unavailable) >> >> mbox format is problematic in this way. Newer Dovecot versions (v2.x) >> do some extra work to unlock the mbox earlier with POP3. That might >> help you. Or you could switch to Maildir format where this isn't a >> problem. I'm not sure why it started happening only now and not >> earlier. Perhaps the POP3 clients are downloading mails more slowly, >> perhaps you're getting more mail and things are running slower than >> before. >> >> > > Maildir is a standard specification http://wiki.dovecot.org/MailboxFormat/Maildir http://wiki.dovecot.org/MailboxFormat/ there is no easy answer what might be better to use at your side , this depends on your setup ( how many mailboxes, how many mails , how big are mailboxes etc , storagekind etc, traffic , how many pop3 vs imap logins ) your dovecot version is very old , you should upgrade or migrate in any case Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From h.reindl at thelounge.net Wed Sep 25 13:30:51 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 25 Sep 2013 12:30:51 +0200 Subject: [Dovecot] proxy: get rid of redundant log-informations In-Reply-To: <523E4426.6000505@thelounge.net> References: <520B9636.8080200@thelounge.net> < 8CAB6011-276E-4F74-9BD4-C6AC4F6F5360@iki.fi> <523E18A1.80508@thelounge.net> <523E1B46.6060405@thelounge.net> <523E1DAE.1020503@thelounge.net> < D7A6F8DB-2DFF-46EF-80B6-5D0EF05F69DA@iki.fi> <523E4426.6000505@thelounge.net> Message-ID: <5242BB5B.4030801@thelounge.net> Hi Am 22.09.2013 03:13, schrieb Reindl Harald: > Am 22.09.2013 02:20, schrieb Timo Sirainen: >> %$ is the status, so you're asking for another status variable. Something like in the attached patch, where you can replace %$ with %{login_status}? > > *exactly* that's it - many thanks! > > %{login_status} -> ab[2].value = client->login_success ? "OK" : "Failed"; > in case of deeper debugging one can always set "%$" temporary > > when we can get rid of "TLSv1 with cipher" and only have the cipher the log would become > really tiny and easy to follow without too much linebreaking - not to forget the logsize > in case of a lot of POP3 users every few minutes nearly perfect _______________________________________________________________________ 2.2.6 with the patch: Sep 25 12:22:26 testserver dovecot: pop3-login: OK: pop3 at testserver.rhsoft.net, 91.118.73.100, DIGEST-MD5, TLSv1 with cipher RC4-SHA (128/128 bits) Sep 25 12:22:26 testserver dovecot: pop3-login: OK: pop3 at testserver.rhsoft.net, 91.118.73.100, DIGEST-MD5, TLSv1 with cipher RC4-SHA (128/128 bits) _______________________________________________________________________ my dream: Sep 25 12:22:26 testserver dovecot: pop3-login: OK: pop3 at testserver.rhsoft.net, 91.118.73.100, DIGEST-MD5, RC4-SHA (128/128 bits) Sep 25 12:22:26 testserver dovecot: pop3-login: OK (disconnecting): pop3 at testserver.rhsoft.net, 91.118.73.100, DIGEST-MD5, RC4-SHA (128/128 bits) _______________________________________________________________________ would allow rsyslog to skip the disconnect lines in case of OK and shorten the cipher output :msg, contains, "OK (disconnecting)" ~ -------------- next part -------------- diff -r d400c1a673cf src/login-common/client-common.c --- a/src/login-common/client-common.c Sun Sep 22 03:17:12 2013 +0300 +++ b/src/login-common/client-common.c Sun Sep 22 03:17:44 2013 +0300 @@ -561,9 +561,10 @@ static const char * client_get_log_str(struct client *client, const char *msg) { - static struct var_expand_table static_tab[3] = { + static struct var_expand_table static_tab[] = { { 's', NULL, NULL }, { '$', NULL, NULL }, + { '\0', NULL, "login_status" }, { '\0', NULL, NULL } }; const struct var_expand_table *var_expand_table; @@ -603,6 +604,7 @@ tab[0].value = t_strdup(str_c(str)); tab[1].value = msg; + tab[2].value = client->login_success ? "OK" : "Failed"; str_truncate(str, 0); var_expand(str, client->set->login_log_format, tab); -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From alessio at skye.it Wed Sep 25 18:48:12 2013 From: alessio at skye.it (Alessio Cecchi) Date: Wed, 25 Sep 2013 17:48:12 +0200 Subject: [Dovecot] "service_count = 0" for "service dict" (High-performance mode) Message-ID: <524305BC.6090308@skye.it> Hi, I'm running dovecot 2.1.17 with "Login processes" in "High-performance mode" as explained here: service imap-login { service_count = 1 http://wiki2.dovecot.org/LoginProcess but i thinks I should also set "service dict" in high-performance mode since sometimes the number of dict processes reach the limit of 100 (from default_process_limit=100) and I find these errors in the logs: Sep 25 15:32:24 imap(info at xxxx), session=: Error: read(/usr/local/dovecot-2.1/var/run/dovecot/dict) failed: Connection reset by peer Sep 25 15:32:24 imap(service at xxxx), session=: Error: read(/usr/local/dovecot-2.1/var/run/dovecot/dict) failed: Connection reset by peer or Sep 25 15:33:48 imap(info at xxxx), session=: Warning: read(/usr/local/dovecot-2.1/var/run/dovecot/dict): dict lookup took 5 seconds Sep 25 15:33:48 imap(editoria at xxxx), session=<3LpHZTTnDgBdJwmm>: Warning: read(/usr/local/dovecot-2.1/var/run/dovecot/dict): dict lookup took 5 seconds Do you think will be better set: service dict { service_count = 0 or default_process_limit=200 (instead of 100) Thanks -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/ @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From tss at iki.fi Wed Sep 25 20:13:06 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 25 Sep 2013 19:13:06 +0200 Subject: [Dovecot] "service_count = 0" for "service dict" (High-performance mode) In-Reply-To: <524305BC.6090308@skye.it> References: <524305BC.6090308@skye.it> Message-ID: <2AFD6584-95F2-4245-8DDC-25EA6B96C7B0@iki.fi> On 25.9.2013, at 17.48, Alessio Cecchi wrote: > I'm running dovecot 2.1.17 with "Login processes" in "High-performance mode" as explained here: > > service imap-login { > service_count = 1 > > http://wiki2.dovecot.org/LoginProcess > > but i thinks I should also set "service dict" in high-performance mode since sometimes the number of dict processes reach the limit of 100 (from default_process_limit=100) and I find these errors in the logs: > > Sep 25 15:32:24 imap(info at xxxx), session=: Error: read(/usr/local/dovecot-2.1/var/run/dovecot/dict) failed: Connection reset by peer > Sep 25 15:32:24 imap(service at xxxx), session=: Error: read(/usr/local/dovecot-2.1/var/run/dovecot/dict) failed: Connection reset by peer dict lookups are synchronous. There can never be more than 1 client handled simultaneously, so it's not a good idea to set dict's client_limit above 1. > Do you think will be better set: > > service dict { > service_count = 0 This is already 0 by default. The limiting factor is the client_limit, which is 1. > or default_process_limit=200 (instead of 100) Not necessary either to do such a global change. I'd set: service dict { process_limit = 200 # or more } From pato at oan.cl Thu Sep 26 01:05:01 2013 From: pato at oan.cl (Patricio Rojo) Date: Wed, 25 Sep 2013 18:05:01 -0400 Subject: [Dovecot] Dovecot extremely slow! Message-ID: <52435E0D.40402@oan.cl> Please help, Dovecot is running extremely slow for the last couple of weeks and it seems to be getting worse (or my patience running short). I attach the 10-master configuration and the log file after running strace according to: http://wiki.dovecot.org/Debugging/ProcessTracing I can click on an email and wait for a minute or more before receiving a connection dropped or no error at all. I use many clients (thunderbird, windows 8 mail, maildroid for android, squirrelmail) and they all have similar behavior. It happens both in the inbox and on imap subfolders. Sometimes it helps changing subfolders back and forth. I have many imap folders organized in up to 3 levels of subfolders and use postfix for delivery. Let me know any other info you require. Thanks! Patricio -------------- next part -------------- #default_process_limit = 100 #default_client_limit = 1000 # Default VSZ (virtual memory size) limit for service processes. This is mainly # intended to catch and kill processes that leak memory before they eat up # everything. #default_vsz_limit = 256M # Login user is internally used by login processes. This is the most untrusted # user in Dovecot system. It shouldn't have access to anything at all. #default_login_user = dovenull # Internal user is used by unprivileged processes. It should be separate from # login user, so that login processes can't disturb other processes. #default_internal_user = dovecot service imap-login { inet_listener imap { #port = 143 } inet_listener imaps { #port = 993 #ssl = yes } # Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster. #service_count = 1 # Number of processes to always keep waiting for more connections. #process_min_avail = 0 # If you set service_count=0, you probably need to grow this. #vsz_limit = $default_vsz_limit } service pop3-login { inet_listener pop3 { #port = 110 } inet_listener pop3s { #port = 995 #ssl = yes } } service lmtp { unix_listener lmtp { #mode = 0666 } # Create inet listener only if you can't use the above UNIX socket #inet_listener lmtp { # Avoid making LMTP visible for the entire internet #address = #port = #} } service imap { # Most of the memory goes to mmap()ing files. You may need to increase this # limit if you have huge mailboxes. #vsz_limit = $default_vsz_limit # Max. number of IMAP processes (connections) #process_limit = 1024 } service pop3 { # Max. number of POP3 processes (connections) #process_limit = 1024 } service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have # full permissions to this socket are able to get a list of all usernames and # get the results of everyone's userdb lookups. # # The default 0666 mode allows anyone to connect to the socket, but the # userdb lookups will succeed only if the userdb returns an "uid" field that # matches the caller process's UID. Also if caller's uid or gid matches the # socket's uid or gid the lookup succeeds. Anything else causes a failure. # # To give the caller full permissions to lookup all users, set the mode to # something else than 0666 and Dovecot lets the kernel enforce the # permissions (e.g. 0777 allows everyone full permissions). unix_listener auth-userdb { #mode = 0666 #user = #group = } # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { user = postfix group = postfix mode = 0666 } inet_listener { port = 12345 } # Auth process is run as this user. #user = $default_internal_user } service auth-worker { # Auth worker process is run as root by default, so that it can access # /etc/shadow. If this isn't necessary, the user should be changed to # $default_internal_user. #user = root } service dict { # If dict proxy is used, mail processes should have access to its socket. # For example: mode=0660, group=vmail and global mail_access_groups=vmail unix_listener dict { #mode = 0600 #user = #group = } } -------------- next part -------------- 18:29:13.833120 epoll_wait(9, {}, 6, 23980) = 0 18:29:37.837451 stat("/home/pato/mail/Astro/conferences", {st_mode=S_IFREG|0644, st_size=112122083, ...}) = 0 18:29:37.838261 epoll_wait(9, {}, 6, 29999) = 0 18:30:07.867721 stat("/home/pato/mail/Astro/conferences", {st_mode=S_IFREG|0644, st_size=112122083, ...}) = 0 18:30:07.868340 epoll_wait(9, {}, 6, 28917) = 0 18:30:36.814608 write(11, "* OK Still here\r\n", 17) = 17 18:30:36.832177 time(NULL) = 1380144636 18:30:36.833279 epoll_wait(9, {{EPOLLIN, {u32=1413012688, u64=139759648824528}}}, 6, 1034) = 1 18:30:37.065994 read(11, "DONE\r\n", 8030) = 6 18:30:37.066289 epoll_ctl(9, EPOLL_CTL_DEL, 11, {0, {u32=1413012688, u64=139759648824528}}) = 0 18:30:37.066574 inotify_rm_watch(13, 2) = 0 18:30:37.066795 epoll_ctl(9, EPOLL_CTL_DEL, 13, {0, {u32=1413125552, u64=139759648937392}}) = 0 18:30:37.067053 write(11, "8 OK Idle completed.\r\n", 22) = 22 18:30:37.067185 epoll_ctl(9, EPOLL_CTL_ADD, 11, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP, {u32=1413012688, u64=139759648824528}}) = 0 18:30:37.067301 epoll_wait(9, {{EPOLLIN, {u32=1413012688, u64=139759648824528}}}, 6, 1800000) = 1 18:30:37.291601 read(11, "9 noop\r\n", 8024) = 8 18:30:37.291914 stat("/home/pato/mail/Astro/conferences", {st_mode=S_IFREG|0644, st_size=112122083, ...}) = 0 18:30:37.292250 stat("/home/pato/mail/Astro/.imap/conferences/dovecot.index.log", {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:30:37.305654 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:30:37.305786 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:30:37.305964 alarm(180) = 0 18:30:37.306051 fcntl(10, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0 18:30:37.306458 alarm(0) = 180 18:30:37.306555 time(NULL) = 1380144637 18:30:37.306619 stat("/home/pato/mail/Astro/.imap/conferences/dovecot.index.log", {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:30:37.306971 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:30:37.307141 time(NULL) = 1380144637 18:30:37.307226 fcntl(10, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 18:30:37.307707 write(11, "9 OK NOOP completed.\r\n", 22) = 22 18:30:37.307986 epoll_wait(9, {{EPOLLIN, {u32=1413012688, u64=139759648824528}}}, 6, 1800000) = 1 18:30:37.535951 read(11, "10 UID fetch 191:* (FLAGS)\r\n", 8016) = 28 18:30:37.536285 stat("/home/pato/mail/Astro/.imap/conferences/dovecot.index.log", {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:30:37.536613 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:30:37.536904 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:30:37.537254 write(11, "* 189 FETCH (UID 190 FLAGS (\\See"..., 61) = 61 18:30:37.537349 epoll_wait(9, {{EPOLLIN, {u32=1413012688, u64=139759648824528}}}, 6, 1800000) = 1 18:30:37.763416 read(11, "11 IDLE\r\n", 7988) = 9 18:30:37.763715 time(NULL) = 1380144637 18:30:37.763994 inotify_add_watch(13, "/home/pato/mail/Astro/conferences", IN_MODIFY|IN_CLOSE_WRITE|IN_CLOSE_NOWRITE|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE|IN_DELETE_SELF) = 3 18:30:37.764617 epoll_ctl(9, EPOLL_CTL_ADD, 13, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP, {u32=1413125552, u64=139759648937392}}) = 0 18:30:37.764825 stat("/home/pato/mail/Astro/conferences", {st_mode=S_IFREG|0644, st_size=112122083, ...}) = 0 18:30:37.765039 epoll_ctl(9, EPOLL_CTL_DEL, 11, {0, {u32=1413012688, u64=139759648824528}}) = 0 18:30:37.765160 epoll_ctl(9, EPOLL_CTL_ADD, 11, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP, {u32=1413012688, u64=139759648824528}}) = 0 18:30:37.765233 stat("/home/pato/mail/Astro/conferences", {st_mode=S_IFREG|0644, st_size=112122083, ...}) = 0 18:30:37.765337 stat("/home/pato/mail/Astro/.imap/conferences/dovecot.index.log", {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:30:37.765430 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:30:37.765502 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:30:37.765588 alarm(180) = 0 18:30:37.765643 fcntl(10, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0 18:30:37.765983 alarm(0) = 180 18:30:37.766041 time(NULL) = 1380144637 18:30:37.766092 stat("/home/pato/mail/Astro/.imap/conferences/dovecot.index.log", {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:30:37.766367 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:30:37.766466 time(NULL) = 1380144637 18:30:37.766518 fcntl(10, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 18:30:37.766923 write(11, "+ idling\r\n", 10) = 10 18:30:37.767054 epoll_wait(9, {{EPOLLIN, {u32=1413125552, u64=139759648937392}}}, 6, 29998) = 1 18:30:37.767136 read(13, "\2\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0", 32768) = 16 18:30:37.767211 epoll_wait(9, {}, 6, 29998) = 0 18:31:07.794079 stat("/home/pato/mail/Astro/conferences", {st_mode=S_IFREG|0644, st_size=112122083, ...}) = 0 18:31:07.794611 epoll_wait(9, {}, 6, 30000) = 0 18:31:37.821166 stat("/home/pato/mail/Astro/conferences", {st_mode=S_IFREG|0644, st_size=112122083, ...}) = 0 18:31:37.821778 epoll_wait(9, {}, 6, 30000) = 0 18:32:07.852108 stat("/home/pato/mail/Astro/conferences", {st_mode=S_IFREG|0644, st_size=112122083, ...}) = 0 18:32:07.852770 epoll_wait(9, {}, 6, 28911) = 0 18:32:36.793076 write(11, "* OK Still here\r\n", 17) = 17 18:32:36.793376 time(NULL) = 1380144756 18:32:36.793646 epoll_wait(9, {{EPOLLIN, {u32=1413012688, u64=139759648824528}}}, 6, 1059) = 1 18:32:37.029815 read(11, "DONE\r\n", 7979) = 6 18:32:37.030105 epoll_ctl(9, EPOLL_CTL_DEL, 11, {0, {u32=1413012688, u64=139759648824528}}) = 0 18:32:37.030390 inotify_rm_watch(13, 3) = 0 18:32:37.030676 epoll_ctl(9, EPOLL_CTL_DEL, 13, {0, {u32=1413125552, u64=139759648937392}}) = 0 18:32:37.030874 write(11, "11 OK Idle completed.\r\n", 23) = 23 18:32:37.030977 epoll_ctl(9, EPOLL_CTL_ADD, 11, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP, {u32=1413012688, u64=139759648824528}}) = 0 18:32:37.031101 epoll_wait(9, {{EPOLLIN, {u32=1413012688, u64=139759648824528}}}, 6, 1799999) = 1 18:32:37.280529 read(11, "12 noop\r\n", 7973) = 9 18:32:37.280754 stat("/home/pato/mail/Astro/conferences", {st_mode=S_IFREG|0644, st_size=112122083, ...}) = 0 18:32:37.281073 stat("/home/pato/mail/Astro/.imap/conferences/dovecot.index.log", {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:32:37.281914 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:32:37.282202 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:32:37.282417 alarm(180) = 0 18:32:37.282503 fcntl(10, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0 18:32:37.282815 alarm(0) = 180 18:32:37.282867 time(NULL) = 1380144757 18:32:37.282917 stat("/home/pato/mail/Astro/.imap/conferences/dovecot.index.log", {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:32:37.283174 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:32:37.283272 time(NULL) = 1380144757 18:32:37.283321 fcntl(10, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 18:32:37.283760 write(11, "12 OK NOOP completed.\r\n", 23) = 23 18:32:37.283886 epoll_wait(9, {{EPOLLIN, {u32=1413012688, u64=139759648824528}}}, 6, 1800000) = 1 18:32:37.508552 read(11, "13 UID fetch 191:* (FLAGS)\r\n", 7964) = 28 18:32:37.508868 stat("/home/pato/mail/Astro/.imap/conferences/dovecot.index.log", {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:32:37.509183 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:32:37.509412 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:32:37.509645 write(11, "* 189 FETCH (UID 190 FLAGS (\\See"..., 61) = 61 18:32:37.509719 epoll_wait(9, {{EPOLLIN, {u32=1413012688, u64=139759648824528}}}, 6, 1800000) = 1 18:32:37.735149 read(11, "14 IDLE\r\n", 7936) = 9 18:32:37.735437 time(NULL) = 1380144757 18:32:37.735713 inotify_add_watch(13, "/home/pato/mail/Astro/conferences", IN_MODIFY|IN_CLOSE_WRITE|IN_CLOSE_NOWRITE|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE|IN_DELETE_SELF) = 4 18:32:37.736237 epoll_ctl(9, EPOLL_CTL_ADD, 13, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP, {u32=1413125552, u64=139759648937392}}) = 0 18:32:37.736487 stat("/home/pato/mail/Astro/conferences", {st_mode=S_IFREG|0644, st_size=112122083, ...}) = 0 18:32:37.736719 epoll_ctl(9, EPOLL_CTL_DEL, 11, {0, {u32=1413012688, u64=139759648824528}}) = 0 18:32:37.736845 epoll_ctl(9, EPOLL_CTL_ADD, 11, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP, {u32=1413012688, u64=139759648824528}}) = 0 18:32:37.736965 stat("/home/pato/mail/Astro/conferences", {st_mode=S_IFREG|0644, st_size=112122083, ...}) = 0 18:32:37.737068 stat("/home/pato/mail/Astro/.imap/conferences/dovecot.index.log", {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:32:37.737159 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:32:37.737229 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:32:37.737313 alarm(180) = 0 18:32:37.737365 fcntl(10, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0 18:32:37.737693 alarm(0) = 180 18:32:37.737748 time(NULL) = 1380144757 18:32:37.737802 stat("/home/pato/mail/Astro/.imap/conferences/dovecot.index.log", {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:32:37.738075 fstat(10, {st_mode=S_IFREG|0644, st_size=11400, ...}) = 0 18:32:37.738173 time(NULL) = 1380144757 18:32:37.738224 fcntl(10, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 18:32:37.738653 write(11, "+ idling\r\n", 10) = 10 18:32:37.738784 epoll_wait(9, {{EPOLLIN, {u32=1413125552, u64=139759648937392}}}, 6, 29998) = 1 18:32:37.738867 read(13, "\3\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0", 32768) = 16 18:32:37.738962 epoll_wait(9, {}, 6, 29998) = 0 18:33:07.767247 stat("/home/pato/mail/Astro/conferences", {st_mode=S_IFREG|0644, st_size=112122083, ...}) = 0 18:33:07.767582 epoll_wait(9, {}, 6, 30000) = 0 18:33:37.797914 stat("/home/pato/mail/Astro/conferences", {st_mode=S_IFREG|0644, st_size=112122083, ...}) = 0 18:33:37.798562 epoll_wait(9, {}, 6, 29999) = 0 18:34:07.827911 stat("/home/pato/mail/Astro/conferences", {st_mode=S_IFREG|0644, st_size=112122083, ...}) = 0 18:34:07.828547 epoll_wait(9, From kremels at kreme.com Thu Sep 26 01:15:03 2013 From: kremels at kreme.com (LuKreme) Date: Wed, 25 Sep 2013 16:15:03 -0600 Subject: [Dovecot] Dovecot extremely slow! In-Reply-To: <52435E0D.40402@oan.cl> References: <52435E0D.40402@oan.cl> Message-ID: <7752D061-8550-4C8F-836E-86A7E5A1CEB2@kreme.com> On 25 Sep 2013, at 16:05 , Patricio Rojo wrote: > I attach the 10-master configuration That?s not that useful. doveconf -n is useful From bob at computerisms.ca Thu Sep 26 01:15:49 2013 From: bob at computerisms.ca (Bob Miller) Date: Wed, 25 Sep 2013 15:15:49 -0700 Subject: [Dovecot] Dovecot extremely slow! In-Reply-To: <7752D061-8550-4C8F-836E-86A7E5A1CEB2@kreme.com> References: <52435E0D.40402@oan.cl> <7752D061-8550-4C8F-836E-86A7E5A1CEB2@kreme.com> Message-ID: <1380147349.2712.153.camel@worklian> -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Wed, 2013-09-25 at 16:15 -0600, LuKreme wrote: > On 25 Sep 2013, at 16:05 , Patricio Rojo wrote: > > > I attach the 10-master configuration > > That?s not that useful. > > doveconf -n is useful > > As are the server logs, as opposed to the strace output... From kremels at kreme.com Thu Sep 26 02:08:22 2013 From: kremels at kreme.com (LuKreme) Date: Wed, 25 Sep 2013 17:08:22 -0600 Subject: [Dovecot] recipient_delimiter Message-ID: <7DD224D5-9B70-40BB-B36C-2B237A200465@kreme.com> Can I enable $recipient_delimiter = ?+? for only the virtual sql users? $ doveconf -n # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE i386 auth_mechanisms = PLAIN LOGIN disable_plaintext_auth = no first_valid_uid = 89 login_log_format_elements = user=<%u> %r %m %c mail_location = maildir:~/Maildir mail_max_userip_connections = 90 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox NotJunk { auto = subscribe } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap sieve service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } ssl_cert = References: <20130921173240.GB1722@pyropus.ca> <6684A9E4-B9B2-40E8-A2BF-5A537FBD9DF3@iki.fi> <20130925000604.GA9006@pyropus.ca> <07E6A899-AC11-4716-AC36-2D9DF11F116F@iki.fi> Message-ID: <20130926012723.GA11173@pyropus.ca> Timo Sirainen wrote: > On 25.9.2013, at 3.06, Charles Cazabon wrote: > > > > I hacked an additional %variable (I used %q) into a copy of > > mail-user.c:mail_user_var_expand_table () [...] > Better to not give a one character name, but only the long name so it won't > conflict with any future Dovecot additions. That was my plan. I added the single character key when I was trying to debug why it wasn't working. > > The %q does not appear to be getting replaced; it's just skipped over. > > It's not even passing an empty string in its place. [...] > It looks like this should be correct. The plugin settings expansion i done > by mail-user.c:mail_user_expand_plugins_envs(). Aha, thanks. My code to set this information was still not being called quite early enough, so the table didn't contain a value for my variable when mail_user_expand_plugins_envs() was called. I've rejigged it some more, and now it is indeed working. Thanks very much for your help with this. > The other possibility would be that you just modify mail-filter plugin and > add the extra parameter without any %variable changes. Probably better since > then you don't need to patch Dovecot core itself. Ah, perhaps that wasn't clear - this isn't a constant or anything like that. The extra argument getting passed to mail_filter is taken from data the client sends to the IMAP server -- so I needed to be able to pull it out of the IMAP session and pass it to the mail_filter script. Charles -- ----------------------------------------------------------------------- Charles Cazabon GPL'ed software available at: http://pyropus.ca/software/ ----------------------------------------------------------------------- From vorgusa at gmail.com Thu Sep 26 07:45:01 2013 From: vorgusa at gmail.com (Chris Lasater) Date: Thu, 26 Sep 2013 00:45:01 -0400 Subject: [Dovecot] Doveadm with a 2nd Instance Message-ID: <5243BBCD.3060107@gmail.com> Hi Guys, I am trying to use 2 instances of Dovecot on the same server so I can have a Director managing my connections, everything appears to be working, but I can not use doveadm to control my 2nd instance, but doveconf seems to work fine. [user at server logs]$ doveconf -i Director | grep logs debug_log_path = /home/user/apps/logs/director/director_debug.log info_log_path = /home/user/apps/logs/director/director_info.log log_path = /home/user/apps/logs/director/director.log info_log_path = /home/user/apps/logs/director/director_lmtp.log [user at server logs]$ doveadm -i Director log find Debug: /home/user/apps/logs/dovecot_debug.log Info: /home/user/apps/logs/dovecot_info.log Warning: /home/user/apps/logs/dovecot.log Error: /home/user/apps/logs/dovecot.log Fatal: /home/user/apps/logs/dovecot.log I have stopped and started both my instances so the config running is what is in the config file, but when I use -i Director with doveadm it uses the other instances config. [user at server logs]$ doveadm instance list path name last used running /home/user/apps/dovecot/var/run/dovecot Dovecot 2013-09-26 00:39:14 yes /home/user/apps/dovecot/var/run/director Director 2013-09-26 00:32:31 yes Any ideas, or does anyone have any experience with the Dovecot instance feature? Chris From tsvetkov_av at grandvision.ru Thu Sep 26 09:15:17 2013 From: tsvetkov_av at grandvision.ru (Aleksey Tsvetkov) Date: Thu, 26 Sep 2013 10:15:17 +0400 Subject: [Dovecot] Dsync: Mailbox changes caused a desync. Message-ID: <20130926101517.71cc9a66@work> Hi! Here such synchronization error: dovecot: dsync-local(alex at aaa.com): Warning: Mailbox changes caused a desync. You may want to run dsync again. dovecot: dsync-remote(alex at aaa.com): Warning: /var/mail/virtual/aaa.com/alex/.INBOX.System/dovecot-uidlist: Duplicate file entry at line 2298: 1380157263.M585262P25253.mail1.aaa.com,S=2476,W=2553 (uid 3645 -> 3662) dovecot: dsync-remote(alex at aaa.com): Warning: Maildir /var/mail/virtual/aaa.com/alex/.INBOX.System: Expunged message reappeared, giving a new UID (old uid=3650, file=1380157264.M261919P17392.mail2.aaa.com,S=2476,W=2553) dovecot: dsync-remote(alex at aaa.com): Warning: Maildir /var/mail/virtual/aaa.com/alex/.INBOX.System: Expunged message reappeared, giving a new UID (old uid=3651, file=1380157263.M586977P17315.mail2.aaa.com,S=3119,W=3175) dovecot: dsync-remote(alex at aaa.com): Warning: Maildir /var/mail/virtual/aaa.com/alex/.INBOX.System: Expunged message reappeared, giving a new UID (old uid=3652, file=1380157264.M261920P17392.mail2.aaa.com,S=2476,W=2553) dovecot: dsync-remote(alex at aaa.com): Warning: Maildir /var/mail/virtual/aaa.com/alex/.INBOX.System: Expunged message reappeared, giving a new UID (old uid=3653, file=1380157264.M261921P17392.mail2.aaa.com,S=3119,W=3175) dovecot: dsync-remote(alex at aaa.com): Warning: Maildir /var/mail/virtual/aaa.com/alex/.INBOX.System: Expunged message reappeared, giving a new UID (old uid=3654, file=1380157263.M819006P25260.mail2.aaa.com,S=2476,W=2553:2,) dovecot: dsync-remote(alex at aaa.com): Warning: Maildir /var/mail/virtual/aaa.com/alex/.INBOX.System: Expunged message reappeared, giving a new UID (old uid=3655, file=1380157264.M261922P17392.mail2.aaa.com,S=3119,W=3175:2,) As a result, synchronization was, but there were duplicate emails. After this synchronization is working fine, no more errors. dovecot --version 2.2.5 dovecot --build-options Build options: ioloop=kqueue notify=kqueue ipv6 openssl io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail SQL drivers: mysql Passdb: checkpassword pam passwd passwd-file sql Userdb: checkpassword nss passwd prefetch passwd-file sql Thanks! -- Best regards, Aleksey Tsvetkov System Administrator Company Grand Vision tel. +7(495)933-39-79, ext. 184 From dovecot-list at mohtex.net Thu Sep 26 09:17:03 2013 From: dovecot-list at mohtex.net (Tamsy) Date: Thu, 26 Sep 2013 13:17:03 +0700 Subject: [Dovecot] Conditional jump or move depends on uninitialised value(s) Message-ID: <5243D15F.7080303@mohtex.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Timo, Dovecot 2.2.6 compiled on Ubuntu 10.04 fails on "make check" with the following errors. "make install" is finishing just fine and Dovecot itself works flawlessly so far. - ----- 8< ----- http header invalid [0]: parse failure ............................... : ok: Expected ':' after header field name 'Server', but found ' ' http header invalid [0] .............................................. : ok http header invalid [1]: parse failure ............................... : ok: Expected ':' after header field name 'X', but found ' ' http header invalid [1] .............................................. : ok http header invalid [2]: parse failure ............................... : ok: Expected LF after CR at end of header, but found 'A' http header invalid [2] .............................................. : ok http header invalid [3]: parse failure ............................... : ok: Expected line end after header field 'Accept', but found 0x7f http header invalid [3] .............................................. : ok http header invalid [4]: parse failure ............................... : ok: Expected ':' after header field name 'Suhosin-Patch', but found ' ' http header invalid [4] .............................................. : ok http header invalid [5]: parse failure ............................... : ok: Excessive header size http header invalid [5] .............................................. : ok http header invalid [6]: parse failure ............................... : ok: Excessive header field size http header invalid [6] .............................................. : ok http header invalid [7]: parse failure ............................... : ok: Excessive number of header fields http header invalid [7] .............................................. : ok 0 / 66 tests failed ==15579== Conditional jump or move depends on uninitialised value(s) ==15579== at 0x804F987: http_header_parse_next_field (http-header-parser.c:294) ==15579== by 0x804F361: test_http_header_parse_valid (test-http-header-parser.c:181) ==15579== by 0x8050251: test_run_funcs (test-common.c:228) ==15579== by 0x80503D1: test_run (test-common.c:236) ==15579== by 0x804F164: main (test-http-header-parser.c:343) ==15579== ==15579== Conditional jump or move depends on uninitialised value(s) ==15579== at 0x804F98D: http_header_parse_next_field (http-header-parser.c:294) ==15579== by 0x804F361: test_http_header_parse_valid (test-http-header-parser.c:181) ==15579== by 0x8050251: test_run_funcs (test-common.c:228) ==15579== by 0x80503D1: test_run (test-common.c:236) ==15579== by 0x804F164: main (test-http-header-parser.c:343) ==15579== ==15579== Conditional jump or move depends on uninitialised value(s) ==15579== at 0x804F9B0: http_header_parse_next_field (http-header-parser.c:296) ==15579== by 0x804F361: test_http_header_parse_valid (test-http-header-parser.c:181) ==15579== by 0x8050251: test_run_funcs (test-common.c:228) ==15579== by 0x80503D1: test_run (test-common.c:236) ==15579== by 0x804F164: main (test-http-header-parser.c:343) ==15579== ==15579== Conditional jump or move depends on uninitialised value(s) ==15579== at 0x804FC92: http_header_parse_next_field (http-header-parser.c:320) ==15579== by 0x804F361: test_http_header_parse_valid (test-http-header-parser.c:181) ==15579== by 0x8050251: test_run_funcs (test-common.c:228) ==15579== by 0x80503D1: test_run (test-common.c:236) ==15579== by 0x804F164: main (test-http-header-parser.c:343) ==15579== ==15579== Conditional jump or move depends on uninitialised value(s) ==15579== at 0x804F9B2: http_header_parse_next_field (http-header-parser.c:296) ==15579== by 0x804F361: test_http_header_parse_valid (test-http-header-parser.c:181) ==15579== by 0x8050251: test_run_funcs (test-common.c:228) ==15579== by 0x80503D1: test_run (test-common.c:236) ==15579== by 0x804F164: main (test-http-header-parser.c:343) ==15579== ==15579== Conditional jump or move depends on uninitialised value(s) ==15579== at 0x804F987: http_header_parse_next_field (http-header-parser.c:294) ==15579== by 0x804F225: test_http_header_parse_invalid (test-http-header-parser.c:325) ==15579== by 0x8050251: test_run_funcs (test-common.c:228) ==15579== by 0x80503D1: test_run (test-common.c:236) ==15579== by 0x804F164: main (test-http-header-parser.c:343) ==15579== ==15579== Conditional jump or move depends on uninitialised value(s) ==15579== at 0x804F98D: http_header_parse_next_field (http-header-parser.c:294) ==15579== by 0x804F225: test_http_header_parse_invalid (test-http-header-parser.c:325) ==15579== by 0x8050251: test_run_funcs (test-common.c:228) ==15579== by 0x80503D1: test_run (test-common.c:236) ==15579== by 0x804F164: main (test-http-header-parser.c:343) ==15579== ==15579== Conditional jump or move depends on uninitialised value(s) ==15579== at 0x804F9B0: http_header_parse_next_field (http-header-parser.c:296) ==15579== by 0x804F225: test_http_header_parse_invalid (test-http-header-parser.c:325) ==15579== by 0x8050251: test_run_funcs (test-common.c:228) ==15579== by 0x80503D1: test_run (test-common.c:236) ==15579== by 0x804F164: main (test-http-header-parser.c:343) ==15579== ==15579== Conditional jump or move depends on uninitialised value(s) ==15579== at 0x804FC92: http_header_parse_next_field (http-header-parser.c:320) ==15579== by 0x804F225: test_http_header_parse_invalid (test-http-header-parser.c:325) ==15579== by 0x8050251: test_run_funcs (test-common.c:228) ==15579== by 0x80503D1: test_run (test-common.c:236) ==15579== by 0x804F164: main (test-http-header-parser.c:343) ==15579== ==15579== Conditional jump or move depends on uninitialised value(s) ==15579== at 0x804F9B2: http_header_parse_next_field (http-header-parser.c:296) ==15579== by 0x804F225: test_http_header_parse_invalid (test-http-header-parser.c:325) ==15579== by 0x8050251: test_run_funcs (test-common.c:228) ==15579== by 0x80503D1: test_run (test-common.c:236) ==15579== by 0x804F164: main (test-http-header-parser.c:343) ==15579== ==15579== Conditional jump or move depends on uninitialised value(s) ==15579== at 0x804FCDF: http_header_parse_next_field (http-header-parser.c:320) ==15579== by 0x804F225: test_http_header_parse_invalid (test-http-header-parser.c:325) ==15579== by 0x8050251: test_run_funcs (test-common.c:228) ==15579== by 0x80503D1: test_run (test-common.c:236) ==15579== by 0x804F164: main (test-http-header-parser.c:343) ==15579== make[2]: *** [check-test] Error 1 make[2]: Leaving directory `/usr/local/src/dovecot-2.2.6/src/lib-http' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/usr/local/src/dovecot-2.2.6/src' make: *** [check-recursive] Error 1 - ----- >8 ----- Is it just me? Cheers, Tamsy -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iQEcBAEBAgAGBQJSQ9FeAAoJEKYXVM1dyOfZVsoIAOM1z1aULWvVqGJScmd8uNXz EG1gRnG6vlrjdUa+8mYQq7RPZZbZ2Cvxd73rkWtptPFAQX+gKsHsh53HS2GKohle W6dJWnEdR7cvUk1UC7FHK3KR5+Z2pdbxhwGB0G26jHKf2OM7dyNcrmtXgkvb3Mwp 4AHrRHVYnPDkcF4Mc9mCnlGdHGsG1bA2BMtI6eR1vbAMKlUy9v11EfunDJHwqkwf 9A5vWAqCnNT9QewJctrHubnN+Rzz5ZLA0cc5ngTL+hsSknIKzH/bj1R99Orca7VN AzBYkWRQ2GqKWxdSBs8RSGv/bVojW1SLjp04xEea+zUeV6sg3RMGkou/pK+lfj4= =o8pw -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x5DC8E7D9.asc Type: application/pgp-keys Size: 1733 bytes Desc: not available URL: From marco at misterunknown.de Thu Sep 26 10:38:00 2013 From: marco at misterunknown.de (marco) Date: Thu, 26 Sep 2013 09:38:00 +0200 Subject: [Dovecot] =?utf-8?q?Grant_access_for_Unix-User_=5Fand=5F_virtual_?= =?utf-8?q?Users?= Message-ID: <0e5f21eff1a7022519aee862a1a5b173@misterunknown.de> Hi group, I have installed a postfix as an MTA and configured two "main" domains as well as two virtual mailbox domains. Normal unix users have their maildir in their homes (/home/%u) and the virtual mailboxes are located in /var/mail/vhosts. It works well, I only have a problem configuring dovecot. I wondered if it's possible to configure it in a way that both, unix users and virtual users, can access their mailboxes. I found some tutorials but they either give access to the "normal" unix users or to virtual users who are defined in a text file. Here some system infos: - Ubuntu 12.04.2 LTS (Kernel Version: 3.2.0-23) - Dovecot Version: 2.0.19 Hope you understand my problem. Cheers, Marco PS: It's the very first time I use a mailing list, so I hope you can forgive me possible beginner's mistakes. From davide.marchi at mail.cgilfe.it Thu Sep 26 10:41:06 2013 From: davide.marchi at mail.cgilfe.it (Davide) Date: Thu, 26 Sep 2013 09:41:06 +0200 Subject: [Dovecot] Lot of connections IMAP Message-ID: <5243E512.5030407@mail.cgilfe.it> Hi to all, i have dovecot 2.2.5 when i digit doveadm who i see a lot of connections IMAP for single user liker the example below xxxxx.yyyyyy at mail.cgilfe.it 9 imap (20572 20614 19120 20653 19136 20655 19138 20661 20471) (192.168.x.xxx) Why so many IMAP? -- *Davide Marchi* *T*eorema *F*errara *Srl* Via Spronello, 7 - Ferrara - 44121 Tel. *0532783161* Fax. *0532783368* E-m at il: *davide.marchi at mail.cgilfe.it* Skype: *davide.marchi73* Web: *http://www.cgilfe.it* *CONFIDENZIALITA'* *Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario/dei destinatari. Qualora il messaggio in parola Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione.* *Per favore, pensa all'ambiente. Stampa questa email solo se necessario.* From voytek at sbt.net.au Thu Sep 26 10:47:47 2013 From: voytek at sbt.net.au (voytek at sbt.net.au) Date: Thu, 26 Sep 2013 17:47:47 +1000 Subject: [Dovecot] Lot of connections IMAP In-Reply-To: <5243E512.5030407@mail.cgilfe.it> References: <5243E512.5030407@mail.cgilfe.it> Message-ID: On Thu, September 26, 2013 5:41 pm, Davide wrote: > Hi to all, i have dovecot 2.2.5 when i digit doveadm who i see a lot of > connections IMAP for single user liker the example below > > xxxxx.yyyyyy at mail.cgilfe.it 9 imap (20572 20614 19120 20653 19136 20655 > 19138 20661 20471) (192.168.x.xxx) > > > Why so many IMAP? I think(?), it's that IMAP mail clients keep connections to each IMAP folder they access... From skdovecot at smail.inf.fh-brs.de Thu Sep 26 11:34:12 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 26 Sep 2013 10:34:12 +0200 (CEST) Subject: [Dovecot] Grant access for Unix-User _and_ virtual Users In-Reply-To: <0e5f21eff1a7022519aee862a1a5b173@misterunknown.de> References: <0e5f21eff1a7022519aee862a1a5b173@misterunknown.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 26 Sep 2013, marco wrote: > I have installed a postfix as an MTA and configured two "main" domains as > well as two virtual mailbox domains. Normal unix users have their maildir in > their homes (/home/%u) and the virtual mailboxes are located in > /var/mail/vhosts. It works well, I only have a problem configuring dovecot. > I wondered if it's possible to configure it in a way that both, unix users > and virtual users, can access their mailboxes. I found some tutorials but > they either give access to the "normal" unix users or to virtual users who > are defined in a text file. > > Here some system infos: > - Ubuntu 12.04.2 LTS (Kernel Version: 3.2.0-23) > - Dovecot Version: 2.0.19 In Dovecot you configure one or more password databases and one or more user databases. s. http://wiki2.dovecot.org/Authentication/MultipleDatabases that covers system user + virtual users. The order of the database definition is important, because the first database an user is defined in wins. And there is no connection between passdb and userdb, that means if an user authentificated agains the passwd password database successfully, his/her user data are not necessarily read from the passwd user database, if there is another userdb before, which contains the data of that user. Be sure to return a proper home directory for the virtual users. You can do so in various ways, eg by returning the directory individually per user and by defaults, see http://wiki2.dovecot.org/UserDatabase Or you can use the "static" userdb for virtual users and "passwd" userdb for system users, but place userdb passwd { } before userdb static { }. Actually, Dovecot allows many ways to achieve your goal, so I would take an example for system users and add the virtual users to it. Later, when you know more about Dovecot, you can make the config more efficient. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUkPxhF3r2wJMiz2NAQLkLQgAjZr00JXzbmoCx/RXyTB7r/UG92DV4ucV OnI/SSvBwlbFeIGayvt/9hrmNN8j5aep46CfKQxNZoXPrp1Y7SHgczZ6IFoAV8wN pIy8KkDG0+OhqG78hUbR7qEZO6SG32XCyP4F4KNa7+L13y1kP/MIaNI6AziHQgYE 7ML5VcvTA/0dDBjskOJQhxJf9385vT1hT7d9yMk/vbF76zMLh3FuGdrIxMrRlmTr r2/xLr3A9hDNUx3seq9EevAbxz933KyVbdeFuLH6SLN+AkEGCyhv0WlfxoSQaHe8 grL6M/tPFkYAe6yIRFW3ixLUDshflgFfZhoQLxk4D6L+sjO4A6EPRw== =AtBE -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Thu Sep 26 11:50:02 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 26 Sep 2013 10:50:02 +0200 (CEST) Subject: [Dovecot] Dovecot extremely slow! In-Reply-To: <52435E0D.40402@oan.cl> References: <52435E0D.40402@oan.cl> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 25 Sep 2013, Patricio Rojo wrote: > I can click on an email and wait for a minute or more before receiving a > connection dropped or no error at all. I use many clients (thunderbird, > windows 8 mail, maildroid for android, squirrelmail) and they all have > similar behavior. It happens both in the inbox and on imap subfolders. > Sometimes it helps changing subfolders back and forth. > > I have many imap folders organized in up to 3 levels of subfolders and use > postfix for delivery. What about I/O load on the server? Something in kernel log? Do you use FTS? Do you get many messages at once? Then, as Lukreme and Bob already said, provide doveconf -n and check out Dovecot logs, for "Error" and "Warning". - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUkP1Ol3r2wJMiz2NAQJ+ewf/ZcGWyYnAx50iZZ8/jkO9c9BU5WmRmMA3 AaBx8fM8IrSXnWtCUY+WcaIvn2wl9MnCFQn2Onigqv52wwdUXppuBKBqKlPKRl0b MF8MkqUh1hrM8gIqBNHNiMWhGJXKcMRF5+fk2JtgFtDzew5x2bvsd+g1WlAf5cPo 8W5gsEP8wfpYxNgsnMW4yzokJdoXUa9laqUKgOqArtXVsbRE/sJ5Kh8c71tj+YY3 J4G5aenCxunjjs6caJbKN4YuvLptI2vSw2WhAc2c5WnVtXvRsTARsAlsQAJo+kLU +aDTbaW1ChldCHzUkRSBEEH5cU8ij3yD2p0TRaYMdakeNxaf8MdYfw== =zrAV -----END PGP SIGNATURE----- From marco at misterunknown.de Thu Sep 26 11:53:06 2013 From: marco at misterunknown.de (marco) Date: Thu, 26 Sep 2013 10:53:06 +0200 Subject: [Dovecot] =?utf-8?q?Grant_access_for_Unix-User_=5Fand=5F_virtual_?= =?utf-8?q?Users?= In-Reply-To: References: <0e5f21eff1a7022519aee862a1a5b173@misterunknown.de> Message-ID: <15085130ee07d2a41d79afa74189312a@misterunknown.de> Hi, > In Dovecot you configure one or more password databases and one or > more user databases. > > s. http://wiki2.dovecot.org/Authentication/MultipleDatabases > > that covers system user + virtual users. Thank you very much. That is exactly that I searched for. > Or you can use the "static" userdb for virtual users and "passwd" > userdb for system users, but place userdb passwd { } before userdb > static { }. I think the static version is comfortable for me. Thanks again for your advice. > Later, when you know more about Dovecot, you can make the config more > efficient. I hope so. This whole mailserver issue is very interesting but also difficult for beginners. Cheers, Marco From stan at hardwarefreak.com Thu Sep 26 12:03:04 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 26 Sep 2013 04:03:04 -0500 Subject: [Dovecot] Dovecot extremely slow! In-Reply-To: <52435E0D.40402@oan.cl> References: <52435E0D.40402@oan.cl> Message-ID: <5243F848.7010106@hardwarefreak.com> On 9/25/2013 5:05 PM, Patricio Rojo wrote: > Please help, > > Dovecot is running extremely slow for the last couple of weeks and it > seems to be getting worse (or my patience running short). Progressive degradation of mail server performance, whether an IMAP mailbox server, or an MTA, is almost always caused by the storage subsystem, usually due to filesystem free space fragmentation. If you have a parity RAID array, have lost a disk and are running in degraded mode, this can also cause large IO latency, slowing Dovecot. Another common cause is heavy swap usage. If you have a runaway process or one with a memory leak, this will eat up physical RAM, causing heavy swap usage. If swap resides on the same spindles as your mailboxes, this will degrade Dovecot performance. If your box is hosted at a colo facility, or is in fact a VPS, it's always possible a network problem or a clogged shared segment at the provider is causing packet loss, which can also cause the client delay behavior you have described. If this server resides behind consumer ADSL there could be a problem with your DSL provider's network. In other words, if you didn't change the Dovecot configuration on the day the performance first dropped, or very shortly before, then the performance problem has nothing to do with Dovecot. And this is almost always the case with performance degradation. The source of the problem lie outside Dovecot, again, usually in the storage stack. Start your troubleshooting there. -- Stan From arnaud.abelard at univ-nantes.fr Thu Sep 26 12:33:27 2013 From: arnaud.abelard at univ-nantes.fr (=?UTF-8?B?QXJuYXVkIEFiw6lsYXJk?=) Date: Thu, 26 Sep 2013 11:33:27 +0200 Subject: [Dovecot] Lot of connections IMAP In-Reply-To: References: <5243E512.5030407@mail.cgilfe.it> Message-ID: <5243FF67.3080200@univ-nantes.fr> On 09/26/2013 09:47 AM, voytek at sbt.net.au wrote: > On Thu, September 26, 2013 5:41 pm, Davide wrote: >> Hi to all, i have dovecot 2.2.5 when i digit doveadm who i see a lot of >> connections IMAP for single user liker the example below >> >> xxxxx.yyyyyy at mail.cgilfe.it 9 imap (20572 20614 19120 20653 19136 20655 >> 19138 20661 20471) (192.168.x.xxx) >> >> >> Why so many IMAP? > > I think(?), it's that IMAP mail clients keep connections to each IMAP > folder they access... > > > Exactly and even 9 imap processes for one user isn't that bad. If most of our users use around 5 processess it's not exceptionnel to have have 20 processes for one user. We have users who check their mail on their smartphones and on their desktop, some of those have around 80 imap process just for them... Arnaud -- Arnaud Ab?lard (jabber: arnaud.abelard at univ-nantes.fr) Administrateur Syst?me - Responsable Services Web Direction des Syst?mes d'Informations Universit? de Nantes - ne pas utiliser: trapemail at univ-nantes.fr From davide.marchi at mail.cgilfe.it Thu Sep 26 13:27:39 2013 From: davide.marchi at mail.cgilfe.it (Davide) Date: Thu, 26 Sep 2013 12:27:39 +0200 Subject: [Dovecot] Lot of connections IMAP In-Reply-To: <5243FF67.3080200@univ-nantes.fr> (sfid-20130926_113431_781520_E5DBB1B0) References: <5243E512.5030407@mail.cgilfe.it> <5243FF67.3080200@univ-nantes.fr> (sfid-20130926_113431_781520_E5DBB1B0) Message-ID: <52440C1B.2070209@mail.cgilfe.it> Many thanks for explanation; do you have implemented high security mode or high performance mode with loginprocess Il 26/09/2013 11:33, Arnaud Ab?lard ha scritto: > On 09/26/2013 09:47 AM, voytek at sbt.net.au wrote: >> On Thu, September 26, 2013 5:41 pm, Davide wrote: >>> Hi to all, i have dovecot 2.2.5 when i digit doveadm who i see a lot of >>> connections IMAP for single user liker the example below >>> >>> xxxxx.yyyyyy at mail.cgilfe.it 9 imap (20572 20614 19120 20653 19136 20655 >>> 19138 20661 20471) (192.168.x.xxx) >>> >>> >>> Why so many IMAP? >> >> I think(?), it's that IMAP mail clients keep connections to each IMAP >> folder they access... >> >> >> > > Exactly and even 9 imap processes for one user isn't that bad. If most > of our users use around 5 processess it's not exceptionnel to have > have 20 processes for one user. We have users who check their mail on > their smartphones and on their desktop, some of those have around 80 > imap process just for them... > > Arnaud > > > From odhiambo at gmail.com Thu Sep 26 15:33:11 2013 From: odhiambo at gmail.com (Odhiambo Washington) Date: Thu, 26 Sep 2013 15:33:11 +0300 Subject: [Dovecot] v2.2.6 released In-Reply-To: <56B77929-A525-4E91-B189-697ABDBC3712@iki.fi> References: <56B77929-A525-4E91-B189-697ABDBC3712@iki.fi> Message-ID: While compiling on FreeBSD 9.1-STABLE and 8.4-STABLE I saw the below though compile was successful and dovecot is running! (15:25:20 <~/Tools/Dovecot/2.2/dovecot-2.2.6>) 0 $ ../build-2.2.sh checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes /usr/home/wash/Tools/Dovecot/2.2/dovecot-2.2.6/missing: Unknown `--is-lightweight' option Try `/usr/home/wash/Tools/Dovecot/2.2/dovecot-2.2.6/missing --help' for more information configure: WARNING: 'missing' script is too old or missing On 25 September 2013 10:10, Timo Sirainen wrote: > http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz.sig > > I didn't have time to look into the latest reported dsync replication > bugs, but this release should have been done a long time ago already and > I'm busy for next few days, so no more waiting. Things seem to be working > quite well in general though. > > * acl: If public/shared namespace has a shared subscriptions file > for > all users, don't list subscription entries that are not visible > to > the user accessing it. > > + doveadm: Added "auth lookup" command for doing passdb lookup. > + login_log_format_elements: Added %{orig_user}, %{orig_username} > and %{orig_domain} expanding to the username exactly as sent by > the client (before any changes auth process made). > + Added ssl_prefer_server_ciphers setting. > + auth_verbose_passwords: Log the password also for unknown users. > + Linux: Added optional support for SO_REUSEPORT with > inet_listener { reuse_port=yes } > - director: v2.2.5 changes caused "SYNC lost" errors > - dsync: Many fixes and error handling improvements > - doveadm -A: Don't waste CPU by doing a separate config lookup > for each user > - Long-running ssl-params process no longer prevents Dovecot > restart > - mbox: Fixed mailbox_list_index=yes to work correctly -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler." From vorgusa at gmail.com Thu Sep 26 15:51:00 2013 From: vorgusa at gmail.com (Chris Lasater) Date: Thu, 26 Sep 2013 08:51:00 -0400 Subject: [Dovecot] login_log_format_elements does not appear to be changing log format 2.2.5 In-Reply-To: <042FDFA5-9CCF-43CC-9801-A7FCF613F31D@iki.fi> References: <52277C19.4020001@gmail.com> <042FDFA5-9CCF-43CC-9801-A7FCF613F31D@iki.fi> Message-ID: <52442DB4.1060707@gmail.com> On 09/21/2013 08:48 PM, Timo Sirainen wrote: > On 4.9.2013, at 21.29, Chris wrote: > >> login_log_format_elements does not seem to change the login logs. I have it set to the below setting and the word "home" does not even appear. Is there something I have to do to for this? Also I use ldap for authentication. > %h isn't a valid variable in there. It expands to empty, so it's not added to the log. There's no way to log the home directory in there, because auth process doesn't send it to the login process (and actually it hasn't even gotten around to looking it up at that point). > ahh, ok. I just now saw your response. I assume any word associated with the variable (like the "home=") is not shown when its blank, that is what made me think it was not working. Thanks for the info From rob0 at gmx.co.uk Thu Sep 26 16:02:37 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Thu, 26 Sep 2013 08:02:37 -0500 Subject: [Dovecot] Doveadm with a 2nd Instance In-Reply-To: <5243BBCD.3060107@gmail.com> References: <5243BBCD.3060107@gmail.com> Message-ID: <20130926130237.GT13717@harrier.slackbuilds.org> On Thu, Sep 26, 2013 at 12:45:01AM -0400, Chris Lasater wrote: > I am trying to use 2 instances of Dovecot on the same server so I > can have a Director managing my connections, everything appears to > be working, but I can not use doveadm to control my 2nd instance, > but doveconf seems to work fine. I have noticed the same thing. It seems that doveadm ignores -i. "dovecot" works with -c /path/to/other/dovecot.conf, but it too ignores -i. We got the idea to try -i from http://wiki2.dovecot.org/Tools/Doveadm/Instance , but "doveadm help" itself does not show a -i. > I have stopped and started both my instances so the config running > is what is in the config file, but when I use -i Director with > doveadm it uses the other instances config. And this is a big problem for trying to use "doveadm director" commands when the director instance uses the nonstandard paths. I haven't found a way to do that yet! "-c /path/to/other/dovecot.conf" didn't work. http://wiki2.dovecot.org/Tools/Doveadm/Director Currently on 2.2.5, about to switch to 2.2.6 EE. It seemed like it worked back in 2.0.9 before upgrading. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From deweyto at gmail.com Thu Sep 26 16:07:27 2013 From: deweyto at gmail.com (Dewey Du) Date: Thu, 26 Sep 2013 21:07:27 +0800 Subject: [Dovecot] service anvil and ssl-params not starts with dovecot started Message-ID: Hi My dovecot started with the error below. What's the most possible reason for the error? ?2013-08-28 11:41:40 ?master: Info: Dovecot v2.2.5 starting up (core dumps disabled) ?2013-08-28 11:42:00 ?anvil: Fatal: Error reading configuration: Timeout reading config from /var/run/dovecot/config ?2013-08-28 11:42:00 ?master: Error: service(anvil): command startup failed, throttling for 2 secs ?2013-08-28 11:42:00 ?ssl-params: Fatal: Error reading configuration: Timeout reading config from /var/run/dovecot/config ?2013-08-28 11:42:00 ?master: Error: service(ssl-params): command startup failed, throttling for 2 secs Actually, After dovecot starts, I can telnet 110, but it takes 30seconds or so to get through the authentication. I suspect whether the error above cause the issue or not. Other information: dovecot version v2.2.5 use posfix, dovecot sasl, and mysql Attached my dovecot.conf: #auth_debug = yes auth_mechanisms = plain login #debug_log_path = /var/log/dovecot.debug default_internal_user = postfix default_login_user = postfix disable_plaintext_auth = no first_valid_uid = 1000 last_valid_uid = 1000 mail_gid = 1000 mail_uid = 1000 log_path = /var/log/dovecot.log mail_location = maildir:/var/vmail/%d/%u mail_privileged_group = vmail protocols = imap pop3 listen = * base_dir = /var/run/dovecot/ service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } user = root } ssl = no userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocol pop3 { pop3_uidl_format = %08Xu%08Xv } From vorgusa at gmail.com Thu Sep 26 16:11:03 2013 From: vorgusa at gmail.com (Chris Lasater) Date: Thu, 26 Sep 2013 09:11:03 -0400 Subject: [Dovecot] Doveadm with a 2nd Instance Message-ID: <52443267.9000201@gmail.com> While testing some more I found out something else. I have an alias set for doveadm so it was running with sudo and that ended up being part of the issue. If doveadm is run as a regular user then the problem goes away [user at server ~]$ doveadm -i Director log find Debug: /home/user/apps/logs/director/director_debug.log Info: /home/user/apps/logs/director/director_info.log Warning: /home/user/apps/logs/director/director.log Error: /home/user/apps/logs/director/director.log Fatal: /home/user/apps/logs/director/director.log [user at server ~]$ sudo doveadm -i Director log find Debug: /home/user/apps/logs/dovecot_debug.log Info: /home/user/apps/logs/dovecot_info.log Warning: /home/user/apps/logs/dovecot.log Error: /home/user/apps/logs/dovecot.log Fatal: /home/user/apps/logs/dovecot.log Also if I run "sudo doveadm stop" to stop the main instance, I now have the ability to use the -i Director using sudo. Unfortunately this makes it difficult to manage two instances. Does anyone have an idea of getting this to work with sudo? Chris From pato at oan.cl Thu Sep 26 17:47:44 2013 From: pato at oan.cl (Patricio Rojo) Date: Thu, 26 Sep 2013 10:47:44 -0400 Subject: [Dovecot] Dovecot extremely slow! In-Reply-To: <5243F848.7010106@hardwarefreak.com> References: <52435E0D.40402@oan.cl> <5243F848.7010106@hardwarefreak.com> Message-ID: <52444910.1060009@oan.cl> Thanks all for the quick and knowledgeable replies! More details on my system: * Debian 7.1 server hosting many daemons which do not show any slow behavior at all (apache, postfix, nfs, autofs, ssh, ...), nor is it slow to run any application for test (no resource intensive application is run routinely on this machine due to its low 4Gb RAM, in any case) * /home partition nfs mounted from a remote firewalled QNAP NAS server (TS-869U-RP), which also serves other machines (RAID-5 setup with currently no bad disks). When logging in as user in any of those machines including the dovecot server, I notice no delay (remember that dovecot hangs for 60 or more seconds). Also, the inbox hangs as often as the imap folders, but the former is found on local disk on /var/mail. * user authentification using ldap with a daemon hosted on a different server than dovecot's (and firewalled from the outside) * the logs files give no warnings or errors other than the typical failed connection attempts from chinese or so hackers. I do however, find the following lines in mail.log every once in a while: Sep 26 11:02:20 wasabi dovecot: imap(pato): Disconnected: Disconnected in IDLE in=8017978 out=490892 Sep 26 11:02:21 wasabi dovecot: imap-login: Login: user=, method=PLAIN, rip=24.58.62.118, lip=146.83.9.56, mpid=3964, TLS, session\ = Sep 26 11:03:23 wasabi dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=24.58.62.118, lip=146.83.9.56, TLS, \ session= Sep 26 11:03:26 wasabi dovecot: imap-login: Login: user=, method=PLAIN, rip=24.58.62.118, lip=146.83.9.56, mpid=3973, TLS, session\ = Sep 26 11:05:00 wasabi dovecot: imap(pato): Disconnected: Disconnected in IDLE in=1205 out=28366 note how it receives a 'user=<>' from the same ip it received a valid user a minute ago (and this is the timescale of my problem). * When the problem started I did a lot of rather simultaneous changes to my system (change the hardware of my dovecot's host, moved the ldap daemon from the dovecot machine to a firewalled machine, installed the QNAP NAS, updated CA certificate ...), so it is hard to pinpoint the cause of this. Every other daemon is working as good as it was before, though. * 'doveconf -n' output is below. Thank you very much!! Patricio ------ PS: Please warn me if any of the information I have given can be used to exploit my system. I have tried to be very careful with this ---- # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = " imap" service auth { inet_listener { port = 12345 } unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl_cert = References: <7DD224D5-9B70-40BB-B36C-2B237A200465@kreme.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 25 Sep 2013, LuKreme wrote: > Can I enable $recipient_delimiter = ?+? for only the virtual sql users? let it blank in the default config, but return a field "plugin/recipient_delimiter" from SQL. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUkRcP13r2wJMiz2NAQKC+wgAvfelpDQl8iUBMZ4IiyTNGy+3KI4kW82o Mlmgd9F2akNwr4Ow3OgBWIdBpXiAHhcteVTU7QEbLiCUw21TfX62lud1qBwpaXfL yPQiEwfuabCsgk6+VNKu0eNxkbVjfNR0ajsXDxY7eEAyiyfOMNvViyo6DBJr+5pH p1aY5TqhQ3Had2mMz/lgGQWErjjaswlZP+Kd60T6+Klf4q1B9okNpEDX4YDm8KR4 3T8h2CPVEdSHjcaleifPOS7ICE5x7yxswsfwwdyb4PeHSfcwcz3oPFMVu7hMUzR/ ZH6Shfu+qrVhWw/ViLJrl9vJz5RfUAkWwBWlNo1utFJizmYIXDUX8w== =G8/L -----END PGP SIGNATURE----- From bob at computerisms.ca Thu Sep 26 19:28:48 2013 From: bob at computerisms.ca (Bob Miller) Date: Thu, 26 Sep 2013 09:28:48 -0700 Subject: [Dovecot] Dovecot extremely slow! In-Reply-To: <52444910.1060009@oan.cl> References: <52435E0D.40402@oan.cl> <5243F848.7010106@hardwarefreak.com> <52444910.1060009@oan.cl> Message-ID: <1380212928.2712.175.camel@worklian> hi, > Sep 26 11:03:23 wasabi dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=24.58.62.118, lip=146.83.9.56, TLS, \ > > session= > > Sep 26 11:03:26 wasabi dovecot: imap-login: Login: user=, method=PLAIN, rip=24.58.62.118, lip=146.83.9.56, mpid=3973, TLS, session\ > > = try enabling the debug settings in your dovecot.conf, maybe you can get more info: #auth_debug = yes #auth_debug_passwords = yes #mail_debug = yes You also mention that your auth server is on a separate machine, and 60 seconds seems a lot like a timeout threshold, maybe you are having intermittent problems there. Maybe if you could tail the dovecot and the ldap logs simultaneously then repeat your test, you would see a discrepancy on the auth server when the dovecot logs show user=<> > ssl_cert = ssl_key = userdb { > driver = passwd > } > From kremels at kreme.com Thu Sep 26 19:32:07 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 26 Sep 2013 10:32:07 -0600 Subject: [Dovecot] recipient_delimiter In-Reply-To: References: <7DD224D5-9B70-40BB-B36C-2B237A200465@kreme.com> Message-ID: <9CE8780E-283A-4BDA-AC2A-B564320829D9@kreme.com> On 26 Sep 2013, at 10:09 , Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 25 Sep 2013, LuKreme wrote: > >> Can I enable $recipient_delimiter = ?+? for only the virtual sql users? > > let it blank in the default config, but return a field "plugin/recipient_delimiter" from SQL. Something like this: userdb { args = /etc/dovecot/dovecot-sql.conf.ext default_fields = uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u mail=maildir:/usr/local/virtual/%u recipient_delimiter='+' driver = sql } ?? -- The Earth is like a tiny grain of sand, only much, much heavier. From me at wilsonville.net Thu Sep 26 22:15:33 2013 From: me at wilsonville.net (Mike Edwards) Date: Thu, 26 Sep 2013 12:15:33 -0700 Subject: [Dovecot] Using MailDir but local messages still save in mbox format Message-ID: <524487D5.5000307@wilsonville.net> I am using MailDir format for all my virtual users and it is working well. However, if email comes in to a unix system user, it delivers in Mbox format. This is mostly cron jobs that do this. Mail addressed to my virtual users goes to the MailDir locations just fine. None of these mailboxes have ever been created, they are just incorrect assumed addresses. There should NEVER be any email to username at my.host.name because everything is virtual. Does anyone know how to fix this? Here is my config. # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.18.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_debug = yes auth_mechanisms = plain login cram-md5 ntlm auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no listen = * mail_location = maildir:~/Maildir mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { args = /etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { autocreate = Trash autocreate2 = Spam autocreate3 = Drafts autocreate4 = Sent autocreate5 = Archives autosubscribe = Trash autosubscribe2 = Spam autosubscribe3 = Drafts autosubscribe4 = Sent autosubscrube5 = Archives sieve = ~/.dovecot.sieve sieve_before = /home/vmail/movespam.sieve sieve_dir = ~/sieve } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { mode = 0600 user = vmail } } ssl_ca = /etc/pki/dovecot/ca/dovecot.pem ssl_cert = Hello Dovecot users, Now that Dovecot v2.2.6 is released, I can release a new Pigeonhole. Due to the SO_REUSEPORT changes in Dovecot, this Pigeonhole release will not compile cleanly against older Dovecot releases. This release is mainly about bugfixes. I also made a new release for Dovecot v2.1.17 that includes most of these fixes and some older ones. A word of warning for people using doveadm sync in combination with sieve: make sure you update both sides of the replication to avoid problems after upgrade. The attribute sub-tree under which Sieve scripts are replicated has moved to a different root. Since we expect that very few people are affected, there is no facility for backwards compatibility. This is no problem as long as both sides are upgraded. There is one new feature for the Sieve vacation extension. Normally vacation replies are sent with <> sender to prevent mail loops. A setting is provided to override this behavior (doc/extensions/vacation.txt), as requested on the mailing list. This is not a violation of the specification, but use this with care. Changelog v0.4.2: * Incompatible change in Sieve doveadm plugin: the root attribute for Sieve scripts is changed. Make sure that you update both sides of a dsync setup simultaneously when Sieve is involved, otherwise synchronization will likely fail. + Added support for sending Sieve vacation replies with an actual sender, rather than the default <> sender. Check the updated doc/extensions/vacation.txt for more information. - Fixed a binary code read problem in the `set' command of the Sieve variables extension. Using the set command with a modifier and an empty string value would cause code corruption problems while running the script. - Various fixes for doveadm-sieve plugin, mostly crashes. These include a fix for the `Invalid value for default sieve attribute' problem. - Various fixes for compiler and static analyzer warnings, e.g. as reported by CLang and on 32 bit systems. - Fixed the implementation of the new :options flag for the Sieve include extension. - Fixed potential segfault bug at deinitialization of the lda-sieve plugin. - Fixed messed up hex output for sieve-dump tool. Changelog v0.3.6: - Fixed a binary code read problem in the `set' command of the Sieve variables extension. Using the set command with a modifier and an empty string value would cause code corruption problems while running the script. - Various fixes for compiler and static analyzer warnings, as reported by CLang. - ManageSieve: Fixed '[' ']' stupidity for response codes (only happened before login). - Fixed setting name in example-config/conf.d/20-managesieve.conf. - Fixed messed up hex output for sieve-dump tool. The releases are available as follows: http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.2.tar.gz http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.2.tar.gz.sig http://www.rename-it.nl/dovecot/2.1/dovecot-2.1-pigeonhole-0.3.6.tar.gz http://www.rename-it.nl/dovecot/2.1/dovecot-2.1-pigeonhole-0.3.6.tar.gz.sig Refer to http://pigeonhole.dovecot.org and the Dovecot v2.x wiki for more information. Have fun testing this new release and don't hesitate to notify me when there are any problems. Regards, -- Stephan Bosch stephan at rename-it.nl From voytek at sbt.net.au Fri Sep 27 00:29:37 2013 From: voytek at sbt.net.au (voytek at sbt.net.au) Date: Fri, 27 Sep 2013 07:29:37 +1000 Subject: [Dovecot] recipient_delimiter Message-ID: >> $recipient_delimiter = ?+? ahem, dumb question coming: //I often read various threads here, and, look at my own setup, with a view of optimizing or understanding things I should...// I have working dovecot 2.1.1 with postfix, only have virtual domains, all users in mysql; '+' delimiter is enabled in postfix, and, works OK postfix]# grep _delimiter main.cf # The recipient_delimiter parameter specifies the separator between recipient_delimiter = + BUT, I seem to have nothing in dovecot.conf: postfix]# cd /etc/dovecot dovecot]# grep delimiter * dovecot]# cd conf.d conf.d]# grep delimiter * 15-lda.conf:#recipient_delimiter = + 20-lmtp.conf:# the mail to the detail mailbox. See also recipient_delimiter and 20-lmtp.c_org:# the mail to the detail mailbox. See also recipient_delimiter and should I also enter $recipient_delimiter = ?+? in my /etc/dovecot/dovecot.conf ? what will it add to this working setup, what am I missing? thanks for all pointers From spork at bway.net Fri Sep 27 01:57:48 2013 From: spork at bway.net (Charles Sprickman) Date: Thu, 26 Sep 2013 18:57:48 -0400 Subject: [Dovecot] Courier migration and vpopmail with dovecot-lda In-Reply-To: <20130919085923.GF11752@acc.umu.se> References: <96C76A9D-D737-4EF9-974B-8936E3954716@bway.net> <20130919085923.GF11752@acc.umu.se> Message-ID: <16820AD4-BFD4-4F6E-B5DD-87541AFC6AD2@bway.net> On Sep 19, 2013, at 4:59 AM, Anton Lundin wrote: > On 18 September, 2013 - Charles Sprickman wrote: > >> I've been using Dovecot in some fresh installs lately and have found >> it fairly easy to configure. However I'm starting on a migration >> that involves moving from some very old software (ancient vpopmail, >> qmail and Courier). >> >> On the Courier front, I've reviewed the migration page in the wiki, >> and it looks like the main concerns are just matching the namespace >> and then using the migration script to create new subscription and >> uidlist files. Given that my Courier IMAP setup is so old (4.0.6), >> is there anything to be aware of that's not covered in the wiki due >> to the age of Courier here? >> >> Are there any other general issues to be aware of as far as >> interactions with MUAs are concerned? For example, if Courier has >> been presenting the user's MUA with a given set of IMAP capabilities >> and then the MUA sees a bunch of extra capabilities on a subsequent >> login, will that trigger any strange behavior? >> >> And lastly on this subject, I will obviously be doing some testing >> before cutting over to the other server. Is it valid in something >> like Thunderbird to have it pointed to "imap.domain.com" and then >> change the imap server to point to something like >> "testimap.domain.com" for testing whether subscriptions and the >> uidlists are working as expected or should I fully replicate the >> move as an end user would see it by making the change in my local >> hosts file? >> >> Now, assuming that portion of the move goes alright, I'm incredibly >> confused about getting Dovecot and Vpopmail working together. I >> assume that initially I can stick with the Maildir++ mailbox format >> and let vpopmail's vdelivermail continue working as my LDA - >> vdelivermail understands how to find the user's Maildir, it can >> check quotas, and it can update the maildirsize file (which I'm >> assuming dovecot can also read and then report quota/usage to an >> IMAP client). However it does look like the Dovecot-only mailbox >> format(s) will offer much better performance than Maildir as the two >> dbox formats are the only supported mailbox formats with separate >> index files, correct? Is there any guidance on how to use dovecot's >> LDA with a virtual mail system such as vpopmail? From what I've >> read so far, I probably don't want to use the vpopmail extension >> supplied with dovecot, but query the mysql vpopmail db directly. >> I'm finding a ton of info while searching for this, but most deals >> with older versions of dovecot, and there are also many "this works >> but I don't know why" tutorials on combining dovecot and vpopmail >> and dovecot's own LDA. I'm not even able to guess how one handles >> the per-user .qmail files in vpopmail if not using vdelivermail >> (this is where we enable/disable spam filtering by piping the >> message through spamc). >> >> Any input on the overall migration process is appreciated. It's a >> bit overwhelming as I have to deal with a big jump in the vpopmail >> version, rebuilding qmail with a ridiculous number of patches, and >> then on top of that a migration to new imap/pop server software. >> eek. > > Hi Charles! > > I can share some of my war-stories about qmail/vpopmail. > > Along time ago i ran quite a few qmail/vpopmail/courier/ezmlm/qmailadmin > clusters and back then i thought it was the only rely good way of > running it. Then the years passed and when i needed to add patches to > qmail consisting of more code than qmail started out with it got quite > frustrated. > Due to speed and scalability we didn't run with a db-backend for > vpopmail, we used vpasswd/cdb(?) hash-files and that ran quite well. > > So when it was time to migrate i came up with the following solution: > > I ran postfix as smtp-server, querying vpopmail via a tcp:-maps to a daemon > written in perl, that ran diffrent vpopmail-commands. > That old daemon is now available at: > https://github.com/glance-/postfixvpopmail/ Thanks for that, I'm doing this in steps, and initially qmail will remain exposed to the interwebs. Down the line it's going to be hidden behind Postfix. That little daemon might be helpful. I wasn't sure how hard it would be to query the vpopmail db directly for users and aliases (I don't think we have any ezmlm, which is I think the one thing not tracked in the db). > For some reason that i can't really remember vdelivermail was just > incapable of being used in this case to deliver mail, i think it had > something to do with .qmail-files and might have bin something with > ezmlm, so i used qmail as a lda, and had postfix pipe mail to > qmail-inject. > This way we kept qmailadmin/ezmlm running as they did before and just > replaced the world-facing components. > > On top of that i ran Dovecot with the vpopmail plugin. This was a realy > old dovecot, probaby like 1.0.x or something, but everything worked > smoothly. I just followed the notes on the wiki about uidl-format and > no users noticed. Since this is the Dovecot list, I'll try to focus on this part. First, can anyone confirm the current state of the vpopmail plugin? Usable or no? Is it better to just query the vpopmail db for login info? What does the vpopmail plugin, if it's still maintained as part of Dovecot, bring that the db method does not? Second, I have other Dovecot installs, all using Maildir and maildrop is doing the final delivery to handle looking at amavis results and appropriately shuffle spam off to the spam box. It looks like I could do the same here, but I'm not clear on what advantages the Dovecot LDA brings. From what I gather, using the Dovecot LDA will make sure my indexes are regularly updated if people aren't checking their email regularly, and it also allows me to move from Maildir to dbox. The downside is that since our current system relies on manipulating maildrop rc files, we could not move to the Dovecot LDA until we switch everything around to support Sieve. And regarding dbox, I'm not quite sure what that's going to do to my backups. Maildir backups are slow (traversing a huge number of files), but in the end, I'm not re-copying old messages. I fear dbox might be similar to mbox - delete one message in a box and then I have to fetch the whole thing at backup time. Any input on that from the list? > I actually just checked, and that server is still running strong, and > handling mail for a couple of k users, so it couldn't bin that bad > design =) > Btw. Its still running Debian Sarge =) > > > I hope you might have gotten some ideas about what to do with a old > qmail/vpopmail install. Yes, thanks very much! Charles > > //Anton > > > -- > Anton Lundin +46702-161604 From d.parthey at metaways.de Fri Sep 27 02:06:21 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Fri, 27 Sep 2013 01:06:21 +0200 Subject: [Dovecot] Doveadm with a 2nd Instance In-Reply-To: <5243BBCD.3060107@gmail.com> References: <5243BBCD.3060107@gmail.com> Message-ID: Hi, this bug should have been fixed by Timo in some 2.1.x release. The issue should be in the list archives too. Which version are you using? BTW: I'm still using doveadm -c /etc/dovecot-director/dovecot- director.conf director status to address the director instance. Regards Daniel From noel.butler at ausics.net Fri Sep 27 02:21:04 2013 From: noel.butler at ausics.net (Noel Butler) Date: Fri, 27 Sep 2013 09:21:04 +1000 Subject: [Dovecot] recipient_delimiter In-Reply-To: References: Message-ID: <1380237664.5591.2.camel@tardis> On Fri, 2013-09-27 at 07:29 +1000, voytek at sbt.net.au wrote: > > I have working dovecot 2.1.1 with postfix, only have virtual domains, all > users in mysql; > > '+' delimiter is enabled in postfix, and, works OK > > postfix]# grep _delimiter main.cf > # The recipient_delimiter parameter specifies the separator between > > recipient_delimiter = + > > BUT, I seem to have nothing in dovecot.conf: > > postfix]# cd /etc/dovecot > dovecot]# grep delimiter * > > dovecot]# cd conf.d > conf.d]# grep delimiter * > 15-lda.conf:#recipient_delimiter = + > 20-lmtp.conf:# the mail to the detail mailbox. See also > recipient_delimiter and > 20-lmtp.c_org:# the mail to the detail mailbox. See also > recipient_delimiter and > > should I also enter $recipient_delimiter = ?+? in my > /etc/dovecot/dovecot.conf ? > > what will it add to this working setup, what am I missing? > > thanks for all pointers > Not needed, dovecot defaults to that setting, adding it in postfix is all thats required to work -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From kremels at kreme.com Fri Sep 27 02:24:37 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 26 Sep 2013 17:24:37 -0600 Subject: [Dovecot] recipient_delimiter In-Reply-To: References: Message-ID: <605F6CBB-185B-4ADB-A3C6-A36894DD12CD@kreme.com> On 26 Sep 2013, at 15:29 , voytek at sbt.net.au wrote: > should I also enter $recipient_delimiter = ?+? in my > /etc/dovecot/dovecot.conf ? > > what will it add to this working setup, what am I missing? Setting it will, as I understand it, cause dovecot to automatically file +extension mail in .extension/ (and auto-create the maildir if needed). -- Varium et mutabile semper Femina. From noel.butler at ausics.net Fri Sep 27 02:36:42 2013 From: noel.butler at ausics.net (Noel Butler) Date: Fri, 27 Sep 2013 09:36:42 +1000 Subject: [Dovecot] recipient_delimiter In-Reply-To: <605F6CBB-185B-4ADB-A3C6-A36894DD12CD@kreme.com> References: <605F6CBB-185B-4ADB-A3C6-A36894DD12CD@kreme.com> Message-ID: <1380238602.5591.7.camel@tardis> On Thu, 2013-09-26 at 17:24 -0600, LuKreme wrote: > On 26 Sep 2013, at 15:29 , voytek at sbt.net.au wrote: > > should I also enter $recipient_delimiter = ?+? in my > > /etc/dovecot/dovecot.conf ? > > > > what will it add to this working setup, what am I missing? > > Setting it will, as I understand it, cause dovecot to automatically file +extension mail in .extension/ (and auto-create the maildir if needed). > Certainly does not do that by _default_ in a normal mysql/virtuser/maildir setup using lda when mail arrives for foo+dovecot at example.com it gets stored in foo's cur/ leaving it for the end users mail client to decide what to do with it, if anything. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From vorgusa at gmail.com Fri Sep 27 03:08:45 2013 From: vorgusa at gmail.com (Chris) Date: Thu, 26 Sep 2013 20:08:45 -0400 Subject: [Dovecot] Doveadm with a 2nd Instance In-Reply-To: References: <5243BBCD.3060107@gmail.com> Message-ID: <5244CC8D.5090609@gmail.com> I upgraded to 2.2.6 yesterday and was one 2.2.5 before. On 09/26/2013 07:06 PM, Daniel Parthey wrote: > Hi, > > this bug should have been fixed by Timo in some 2.1.x release. The > issue should be in the list archives too. Which version are you using? > > BTW: I'm still using > doveadm -c /etc/dovecot-director/dovecot- director.conf director status > to address the director instance. > > Regards > Daniel From vizovitin at gmail.com Thu Sep 26 11:01:06 2013 From: vizovitin at gmail.com (Nicolay Vizovitin) Date: Thu, 26 Sep 2013 15:01:06 +0700 Subject: [Dovecot] How to authenticate against SQL DB with custom-ciphered passwords? Message-ID: Hello, I'm about to start developing authentication/password-scheme module for Dovecot. So I would like to get some advice before actually committing to doing things in particular way. Hope somebody will be able to help me :) For the record, I am currently targeting latest stable Dovecot version 2.2.5. I have an SQL DB with mail users' authentication data. Passwords are stored either encrypted via system crypt(3) or ciphered with some custom algorithm (think something symmetrical like AES, so passwords can be decrypted into plain form). I want to use this DB as both userdb and passdb backend. The issue, of course, is with ciphered passwords support. 1) Is it feasible to just implement a new password scheme for ciphered passwords support and still use stock passdb driver in Dovecot for SQL DB access? So that passwords in this scheme would be treated as PLAIN (in a sense that both cleartext and shared secret authentication methods would work). 2) Provided I implement custom password scheme for ciphered passwords, what is the best way to be capable to perform authentication against both ciphered and encrypted passwords? Ciphered and encrypted passwords are stored in different fields of SQL table (one of them is NULL when the other one is set). a) Do I define two passdb clauses with their own default_pass_scheme (equal to my new scheme or CRYPT for encrypted passwords) and use fallback to effectively check both of them? b) Do I modify SQL query so that it prefixes existing password with correct scheme (I'm not sure this will be easy enough to do)? 3) Is it mandatory to provide password generation routine for custom password scheme? When it will be used? 4) Maybe it's better to just implement a plugin that serves as both userdb and passdb driver (in other words a kind of generic authentication module)? What are advantages and disadvantages of each method - custom password scheme + stock SQL driver VS. custom userdb and passdb driver? Fortunately, I already have all the required credentials lookup and verification code. So in any case the question is only in figuring out suitable Dovecot APIs and integrating the existing code. 5) I have previously implemented similar custom authentication module for Courier-IMAP (Courier-Authlib to be precise) to use the same SQL DB. And I will need to support both IMAP servers for some time. So it is only natural to expect some generic solution to be possible. I'd like to remind that I need to be able to supply either encrypted password or deciphered plain password, or just check against them. Is it possible to do so in a common way? If so, what method should I use? I would expect SASL helping me out here, but AFAIK, both Dovecot and Courier-IMAP can only serve as SASL servers (providing authentication services), not clients. 6) I obviously care about providing enhanced security, especially against stealing mail passwords. So any additional advice or related guidelines are welcome. 7) Somewhat unrelated question: what is the best way to test IMAP (and maybe POP3 as well) server performance and compare it to another server? I'm interested in both login performance (the part I will influence) and performance with many mails in mailbox. I heard imaptest is suitable for this task. Are there any recipes or example testing scenarios you might share? ;) I would be grateful for any insight in these issues. If I chose a wrong mailing list to post to, please feel free to correct me. Thanks for your time! :) -- Best regards, Nick From rob at orbitalsystems.co.uk Thu Sep 26 21:37:23 2013 From: rob at orbitalsystems.co.uk (Rob) Date: Thu, 26 Sep 2013 19:37:23 +0100 Subject: [Dovecot] sieve gone mad ---help Message-ID: managesieve has gone mad. One person went on holiday when he came back his out of office would not switch off, then it replicated it's self into two other users (the vacation noticE) and started to be sent out for them and those users had never set up an out of office or looted into round cube. even deleting the vacation notice did not stop it, but if we put another vacation notice in then the new one is sent out, if we disable the new one then the old one is sent out?. mad?. how can I refresh the whole thing and start again? ? I am running this on 10.8.4 mountain lion server and I can't stop sieve? I have looked in the /Library/Server/Mail/Data/rules/USERFOLDER and removed all sieve files I have looked in each users mailbox but no seve files there? I have restarted and still sieve will not stop sending out emails?. yesterday it went crazy sending a mail a second from one mailbox back to it's self?. help?.. osx 10.8 server using latest roundcube with managesieve plugin.... bash-3.2# ps -aef|grep dovecot 0 27481 1 0 12:07am ?? 0:00.36 /Applications/Server.app/Contents/ServerRoot/usr/sbin/dovecotd -F 214 27490 27481 0 12:07am ?? 0:00.58 dovecot/anvil [4 connections] 0 28237 27481 0 12:07am ?? 0:01.69 dovecot/log 0 28239 27481 0 12:07am ?? 0:00.20 dovecot/config 227 28309 27481 0 12:08am ?? 0:42.33 dovecot/imap-login [28 connections (28 TLS)] 214 28311 27481 0 12:08am ?? 0:08.65 dovecot/auth [0 wait, 0 passdb, 0 userdb] 214 40746 27481 0 6:54am ?? 0:06.33 dovecot/imap [3 connections] 214 40747 27481 0 6:54am ?? 0:01.89 dovecot/imap [reply 192.168.5.134 IDLE] 214 45378 27481 0 8:36am ?? 0:01.73 dovecot/imap [3 connections] 214 46125 27481 0 9:03am ?? 0:00.75 dovecot/imap [2 connections] 214 46127 27481 0 9:03am ?? 0:01.84 dovecot/imap [3 connections] 214 47385 27481 0 9:35am ?? 0:01.29 dovecot/imap [3 connections] 214 56274 27481 0 1:15pm ?? 0:00.25 dovecot/imap [3 connections] 214 56275 27481 0 1:15pm ?? 0:00.36 dovecot/imap [5 connections] 214 56276 27481 0 1:15pm ?? 0:00.45 dovecot/imap [4 connections] 214 56367 27481 0 1:18pm ?? 0:00.10 dovecot/imap [liam 192.168.5.130 IDLE] 0 62854 9637 0 4:37pm ttys000 0:00.00 grep dovecot bash-3.2# /Applications/Server.app/Contents/ServerRoot/usr/sbin/dovecotd -n # 2.0.19apple1: /Library/Server/Mail/Config/dovecot/dovecot.conf # OS: Darwin 12.4.0 x86_64 hfs aps_topic = com.apple.mail.XServer.68f48c72-274a-48f9-beed-71096afe3fa6 auth_mechanisms = cram-md5 x-plain-submit plain login apop gssapi digest-md5 auth_socket_path = /var/run/dovecot/auth-userdb auth_username_format = %n default_internal_user = _dovecot default_login_user = _dovenull disable_plaintext_auth = no first_valid_gid = 6 first_valid_uid = 6 mail_access_groups = mail mail_location = maildir:/Library/Server/Mail/Data/mail/%u mail_log_prefix = "%s(pid %p user %u): " mail_plugins = quota zlib fts fts_sk managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mdbox_rotate_size = 200 M passdb { args = /Library/Server/Mail/Config/dovecot/submit.passdb driver = passwd-file pass = yes submit = yes } passdb { driver = od } plugin { fts = sk quota = maildir:User quota quota_warning = storage=100%% quota-exceeded %u sieve = /Library/Server/Mail/Data/rules/%u/roundcube.sieve sieve_dir = /Library/Server/Mail/Data/rules/%u } postmaster_address = postmaster at server.risk.gg protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth { extra_groups = _keytabusers idle_kill = 15 mins unix_listener auth-userdb { user = _dovecot } } service dns_client { unix_listener dns-client { mode = 0600 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service imap { client_limit = 5 process_limit = 200 service_count = 0 } service lmtp { unix_listener lmtp { mode = 0600 } } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { client_limit = 5 process_limit = 200 service_count = 0 } service quota-exceeded { executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-exceeded.sh unix_listener quota-exceeded { group = mail mode = 0660 user = _dovecot } user = _dovecot } service quota-warning { executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-warning.sh unix_listener quota-warning { group = mail mode = 0660 user = _dovecot } user = _dovecot } ssl = required ssl_ca = References: <52435E0D.40402@oan.cl> <5243F848.7010106@hardwarefreak.com> <52444910.1060009@oan.cl> Message-ID: <5245068B.6080908@r.paypc.com> On 9/26/2013 7:47 AM, Patricio Rojo wrote: > * /home partition nfs mounted from a remote firewalled QNAP NAS server > (TS-869U-RP), which also serves other machines (RAID-5 setup with > currently no bad disks). I assume this NAS properly implements various locking services? Dovecot, like most mail MUA + MTAs, makes use of various filesystem locking primitives to maintain conherence in a multi-user access scenario. If QNAP's stack doesn't implement proper NFS locking, this is probably a cause of these odd lags. You can probably add a "nolock" to your /etc/fstab to resolve it, but you risk mailbox corruption. You mentioned it was firewalled... are you allowing the lockd port through to the QNAP from the Dovecot machine that's mounting it? NFS2 + 3 implement locking via communication with a "lock manager" that listens on port 4045, if I recall. =R= From stan at hardwarefreak.com Fri Sep 27 07:37:36 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 26 Sep 2013 23:37:36 -0500 Subject: [Dovecot] Dovecot extremely slow! In-Reply-To: <52444910.1060009@oan.cl> References: <52435E0D.40402@oan.cl> <5243F848.7010106@hardwarefreak.com> <52444910.1060009@oan.cl> Message-ID: <52450B90.4020105@hardwarefreak.com> On 9/26/2013 9:47 AM, Patricio Rojo wrote: You failed to mention every client device you've tested is connecting to the server from over 5000 miles away, across continents and an ocean, with your packets traversing multiple national and political boundaries. > rip=24.58.62.118, lip=146.83.9.56 cpe-24-58-62-118.twcny.res.rr.com not found: 2(SERVFAIL) Time Warner Cable, New York Red Universitaria Nacional Santiago, CL Observatorio Astronomico Nacional Have you performed extensive packet tracing to eliminate the network paths as the source of the problem? From here... ~$ telnet 146.83.9.56 993 Trying 146.83.9.56... ^C ~$ telnet 146.83.9.56 143 Trying 146.83.9.56... ^C ~$ telnet 146.83.9.56 25 Trying 146.83.9.56... ^C ~$ telnet 146.83.9.56 587 Trying 146.83.9.56... ^C Given connections to the Dovecot host are apparently firewalled, either holes have been punched for 24.58.62.118, or you're going through a VPN tunnel. I'd guess your problems are network or firewall related, not Dovecot related. -- Stan From skdovecot at smail.inf.fh-brs.de Fri Sep 27 09:24:30 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 27 Sep 2013 08:24:30 +0200 (CEST) Subject: [Dovecot] recipient_delimiter In-Reply-To: <605F6CBB-185B-4ADB-A3C6-A36894DD12CD@kreme.com> References: <605F6CBB-185B-4ADB-A3C6-A36894DD12CD@kreme.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 26 Sep 2013, LuKreme wrote: > On 26 Sep 2013, at 15:29 , voytek at sbt.net.au wrote: >> should I also enter $recipient_delimiter = ?+? in my >> /etc/dovecot/dovecot.conf ? >> >> what will it add to this working setup, what am I missing? > > Setting it will, as I understand it, cause dovecot to automatically file +extension mail in .extension/ (and auto-create the maildir if needed). This setting by itself is only evaluated by Sieve scripts to let the address :detail test work. In combination with lda_mailbox_autocreate and lda_mailbox_autosubscribe and lmtp_save_to_detail_mailbox this setting is used for LMTP delivery to override the default mailbox. Dovecot LDA uses the "-m" option and only lda_mailbox_autocreate and lda_mailbox_autosubscribe, no need for recipient_delimiter to override the default mailbox. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUkUkn13r2wJMiz2NAQKalQf/S7E7mZ33S0vdfdZXD3frz6PeF5MnG0AQ dCPpv+yuK4gXADbDqMpmYvA0Kpxd/wicwNFpdz98iIH+8D02pxX5xd3vWyG9WSQK 5SSptXyIgr4sqjfQwtl0SFNFnyYKT5sZg5wtevzIK/jnnLfveucXApd1DwDA6O/F gYvoYGB6BWsh/bx7qyeXilJm2P71u/s4+85rYxdJkXFZkMJZrTgMMA22bmKXyDNg 94XCA+Ynuwhvrry01u+KJLHYZGtrF1SA8uUz0C+MbAfsa1kiqcfVmKG/xbcpKj+X zawZQX6ktj+KDiUaSjUolQbxLYyVK78oJJDGrqhXBoWTItX7djwzpQ== =1+D7 -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Fri Sep 27 09:36:09 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 27 Sep 2013 08:36:09 +0200 (CEST) Subject: [Dovecot] Using MailDir but local messages still save in mbox format In-Reply-To: <524487D5.5000307@wilsonville.net> References: <524487D5.5000307@wilsonville.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 26 Sep 2013, Mike Edwards wrote: > I am using MailDir format for all my virtual users and it is working well. > However, if email comes in to a unix system user, it delivers in Mbox format. > This is mostly cron jobs that do this. Mail addressed to my virtual users > goes to the MailDir locations just fine. None of these mailboxes have ever > been created, they are just incorrect assumed addresses. There should NEVER > be any email to username at my.host.name because everything is virtual. Er: 1) What is done by "cron jobs"?? > passdb { > args = /etc/dovecot/conf.d/dovecot-sql.conf.ext > driver = sql > } > userdb { > args = uid=vmail gid=vmail home=/home/vmail/%d/%n > driver = static > } 2) Are the mbox files for the system users located in /home/vmail/... ? What Unix uid/gid do they have? 3) Do you have any entry in the Dovecot logs, that let you assume that messages to system users are delivered through Dovecot? 4) If you do not want, that your MTA accepts messages for username at my.host.name reconfigure it. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUkUnWV3r2wJMiz2NAQKwtQf+IlXqgy2ox7gbFaBmVhz4tUpbG8QzqxEA IyugBD3aZBNagVYBDyxcN10ZKlhxopDyExIKBxDOEd7NAgCY2BaKdwErgF5LMhu7 LX64/k36X0E+w6V7yoyQ7drqn//aKlzQw3knWiKKhvaLLqgdrz63bTarNCTMP3kX Un6UgkIT2U5H8bLjE8gr1cNHWAgE0ZaFbRl5aPZg1/QV2D6yMnSNGVCb2YwKq8hJ fGMub+Hv3RDjKxYcvC8EmKCV7CawdO3dwI1az8ErlQ5uqLV9fXzxmcXAL30d8NNI 8HkiIJDye/SpNPFHhco5S2dA/Hmmx3jVu3yzpn4TSWZmSgqeWfKKdQ== =E4EC -----END PGP SIGNATURE----- From me at wilsonville.net Fri Sep 27 09:44:08 2013 From: me at wilsonville.net (Mike Edwards) Date: Thu, 26 Sep 2013 23:44:08 -0700 Subject: [Dovecot] Using MailDir but local messages still save in mbox format In-Reply-To: References: <524487D5.5000307@wilsonville.net> Message-ID: <52452938.8090007@wilsonville.net> Yes the mbox messages are showing up in /home/vmail and the ownership is vmail:vmail The messages that come from cron and other system stuff that address messages to root at my.host.name or to ownerOfCronJob at my.host.name Nobody will ever check those boxes and they are not wanted. We would like to either redirect them else where ( forward and not leave in the mbox file) or just block all messages to anyone at my.host.name. I did just find a way to put in a forward to forward everything to root at my.host.name to a virtual box and now the messages have stopped for that address. I suppose I could put in a forward each time a new mbox shows up but would rather just block all messages addressed to anyone at my.host.name if there is a way. On 9/26/2013 11:36 PM, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 26 Sep 2013, Mike Edwards wrote: > >> I am using MailDir format for all my virtual users and it is working >> well. However, if email comes in to a unix system user, it delivers >> in Mbox format. This is mostly cron jobs that do this. Mail >> addressed to my virtual users goes to the MailDir locations just >> fine. None of these mailboxes have ever been created, they are just >> incorrect assumed addresses. There should NEVER be any email to >> username at my.host.name because everything is virtual. > > Er: 1) What is done by "cron jobs"?? > >> passdb { >> args = /etc/dovecot/conf.d/dovecot-sql.conf.ext >> driver = sql >> } >> userdb { >> args = uid=vmail gid=vmail home=/home/vmail/%d/%n >> driver = static >> } > > 2) Are the mbox files for the system users located in /home/vmail/... > ? What Unix uid/gid do they have? > > 3) Do you have any entry in the Dovecot logs, that let you assume that > messages to system users are delivered through Dovecot? > > 4) If you do not want, that your MTA accepts messages for > username at my.host.name reconfigure it. > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUkUnWV3r2wJMiz2NAQKwtQf+IlXqgy2ox7gbFaBmVhz4tUpbG8QzqxEA > IyugBD3aZBNagVYBDyxcN10ZKlhxopDyExIKBxDOEd7NAgCY2BaKdwErgF5LMhu7 > LX64/k36X0E+w6V7yoyQ7drqn//aKlzQw3knWiKKhvaLLqgdrz63bTarNCTMP3kX > Un6UgkIT2U5H8bLjE8gr1cNHWAgE0ZaFbRl5aPZg1/QV2D6yMnSNGVCb2YwKq8hJ > fGMub+Hv3RDjKxYcvC8EmKCV7CawdO3dwI1az8ErlQ5uqLV9fXzxmcXAL30d8NNI > 8HkiIJDye/SpNPFHhco5S2dA/Hmmx3jVu3yzpn4TSWZmSgqeWfKKdQ== > =E4EC > -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Fri Sep 27 09:54:58 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 27 Sep 2013 08:54:58 +0200 (CEST) Subject: [Dovecot] recipient_delimiter In-Reply-To: <9CE8780E-283A-4BDA-AC2A-B564320829D9@kreme.com> References: <7DD224D5-9B70-40BB-B36C-2B237A200465@kreme.com> <9CE8780E-283A-4BDA-AC2A-B564320829D9@kreme.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 26 Sep 2013, LuKreme wrote: > On 26 Sep 2013, at 10:09 , Steffen Kaiser wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Wed, 25 Sep 2013, LuKreme wrote: >> >>> Can I enable $recipient_delimiter = ?+? for only the virtual sql users? >> >> let it blank in the default config, but return a field "plugin/recipient_delimiter" from SQL. > > Something like this: > > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > default_fields = uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u mail=maildir:/usr/local/virtual/%u recipient_delimiter='+' > driver = sql > } I thought you need: default_fields = uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u mail=maildir:/usr/local/virtual/%u plugin/recipient_delimiter='+' but http://wiki2.dovecot.org/UserDatabase/ExtraFields "Any unknown setting is placed into plugin {} section (e.g. foo=bar will be parsed as if it were plugin { foo=bar })." suggests you need no "plugin/" prefix. You can name a settings by "section/subsection/.../setting": "If you want to override settings inside sections, you can separate the section name and key with '/'. For example: namespace default { inbox = yes } The inbox setting can be overridden by returning namespace/default/inbox=yes extra field." - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUkUrwl3r2wJMiz2NAQIU3Qf/X5EkaPI+45ZEYw/pVGlfciDtiK7z1vUh UYBoXBOnT+vp3LxXdrWlfxUYp3X/FTBaeKHz3zEx2A7UDGYhbSe9taf2FIyqUfl0 OQIeeDLnbnfmZYINrnAZhGoNf/IYTf+2mNv42IN/vEqebDdONlXZCaF+1IvmQxS7 gMQzly8X92OABchM0WpjdOSbywgsFGpx7sKwncjXY4YkvIOkNtN2t9hckboWn7sz T2BfOQLs4ODwxA1DuEIUt/RXLrtlxgUvJ+cDIi6AiwWxQFI0PkQ9MoNhyRi7ubVE 02CVhCTivyXlCbfsAnemGa1JGY2ybxJRDbCIh+tJAF1x5KH108g8ng== =w1aY -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Fri Sep 27 10:32:14 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 27 Sep 2013 09:32:14 +0200 (CEST) Subject: [Dovecot] Using MailDir but local messages still save in mbox format In-Reply-To: <52452938.8090007@wilsonville.net> References: <524487D5.5000307@wilsonville.net> <52452938.8090007@wilsonville.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 26 Sep 2013, Mike Edwards wrote: > The messages that come from cron and other system stuff that address messages > to root at my.host.name or to ownerOfCronJob at my.host.name Nobody will ever ah, local messages. You still want to make sure in the MTA, these addresses are rejected from outside, to prevent spammers using them. > I did just find a way to put in a forward to forward everything to > root at my.host.name to a virtual box and now the messages have stopped for that Check out if your MTA handles catch-all aliases or forwards for the whole domain. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUkU0fl3r2wJMiz2NAQKWMQgAoTUyaMW6Zu15Fidi9MrxqRE3yUYWJqRK GXWP9SvXJr/ywieYUZMm3M80kumhU7OMqOeS/ahrHRautHz/3q9RRuZsDTejlYPV 8IbrVbsjKpFJ2Uxvm4n/hHur5qeV3vq+NN9N4MJG2/DQf/nYJvDgLPGbaKDQUdnw 6gpS2NIx9de8QAejc+1gqhgrl9SdJI1I8mk5KuXVoQ5REfBLGvnhTzdlawcx3CQp XKIv0xciRxWeSuykf/EWUGeX8etOYwiVBCPkTp0vf+WczPIoR6cgiZGLax2rk7sb Hyop59COwPd2NWwP0O3I4crNR8201GdkSNHVaJlOp9tOo1L3XWDLkQ== =b5qI -----END PGP SIGNATURE----- From me at wilsonville.net Fri Sep 27 10:35:58 2013 From: me at wilsonville.net (Mike Edwards) Date: Fri, 27 Sep 2013 00:35:58 -0700 Subject: [Dovecot] Using MailDir but local messages still save in mbox format In-Reply-To: References: <524487D5.5000307@wilsonville.net> <52452938.8090007@wilsonville.net> Message-ID: <5245355E.9010401@wilsonville.net> I think I just fixed the problem but I am not sure if I did it the right way.. It seems that it is postfix that did it, not dovecot. I found this in the log for every local message... Sep 26 11:10:10 zeus postfix/local[14565]: 9B0294AA15E: to=, orig_to=, relay=local, delay=9, delays=9/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) So, I went to the postfix master.cf and commented out this line... #local unix - n n - - local Was that the correct way to do it? On 9/27/2013 12:32 AM, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 26 Sep 2013, Mike Edwards wrote: > >> The messages that come from cron and other system stuff that address >> messages to root at my.host.name or to ownerOfCronJob at my.host.name >> Nobody will ever > > ah, local messages. You still want to make sure in the MTA, these > addresses are rejected from outside, to prevent spammers using them. > >> I did just find a way to put in a forward to forward everything to >> root at my.host.name to a virtual box and now the messages have stopped >> for that > > Check out if your MTA handles catch-all aliases or forwards for the > whole domain. > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUkU0fl3r2wJMiz2NAQKWMQgAoTUyaMW6Zu15Fidi9MrxqRE3yUYWJqRK > GXWP9SvXJr/ywieYUZMm3M80kumhU7OMqOeS/ahrHRautHz/3q9RRuZsDTejlYPV > 8IbrVbsjKpFJ2Uxvm4n/hHur5qeV3vq+NN9N4MJG2/DQf/nYJvDgLPGbaKDQUdnw > 6gpS2NIx9de8QAejc+1gqhgrl9SdJI1I8mk5KuXVoQ5REfBLGvnhTzdlawcx3CQp > XKIv0xciRxWeSuykf/EWUGeX8etOYwiVBCPkTp0vf+WczPIoR6cgiZGLax2rk7sb > Hyop59COwPd2NWwP0O3I4crNR8201GdkSNHVaJlOp9tOo1L3XWDLkQ== > =b5qI > -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Fri Sep 27 10:49:10 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 27 Sep 2013 09:49:10 +0200 (CEST) Subject: [Dovecot] Using MailDir but local messages still save in mbox format In-Reply-To: <5245355E.9010401@wilsonville.net> References: <524487D5.5000307@wilsonville.net> <52452938.8090007@wilsonville.net> <5245355E.9010401@wilsonville.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 27 Sep 2013, Mike Edwards wrote: > I think I just fixed the problem but I am not sure if I did it the right > way.. It seems that it is postfix that did it, not dovecot. I found this > in the log for every local message... > Sep 26 11:10:10 zeus postfix/local[14565]: 9B0294AA15E: > to=, orig_to=, relay=local, delay=9, > delays=9/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) > > So, I went to the postfix master.cf and commented out this line... > > #local unix - n n - - local > > Was that the correct way to do it? Correct depends on many things - and I do not use Postfix. https://ixquick.com/do/search?query=postfix+catch-all http://wiki2.dovecot.org/LDA/Postfix - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUkU4d13r2wJMiz2NAQIdiAf+Kvp+9p/UIf6IzUqBF3lCgyo3F4mi6e+s p6LhI74TCyVHlIdMfo88TmPgsAdqXz8zHzdmkJKu3+vZpOaXyhQyUr/FF9Dviyf/ 2YaayM6j/spOo19hladsng4p8nG5S4GIDe+OlWpF1yzO1+sBVEqYxrDTde3yEiqv 3hJ2GymfquoNKxA1xHFQJZ1JrA6kFfpJzOczAgWzhq8gQIdG6c/MbNytU3CBh4W0 Y0nqvmrnSzZWHaaMBNP7y3Pjn4Hs0bl7i2cyY5ZdsSGUtLJ7oSQ3pSbVSGgp0+Gb Mz3f8XTMaEb+RolbF8l4sve4K017SMkR2CsFbgS19AbJkWENyXicMw== =wl1i -----END PGP SIGNATURE----- From lists at necoro.eu Fri Sep 27 12:10:34 2013 From: lists at necoro.eu (=?ISO-8859-1?Q?Ren=E9_Neumann?=) Date: Fri, 27 Sep 2013 11:10:34 +0200 Subject: [Dovecot] Strange errors with imapc+acl in 2.2.x In-Reply-To: <4803B21F-5647-497B-A382-918F455DFCE0@iki.fi> References: <5241BAF1.3030701@necoro.eu> <4803B21F-5647-497B-A382-918F455DFCE0@iki.fi> Message-ID: <52454B8A.3090609@necoro.eu> Am 25.09.2013 03:42, schrieb Timo Sirainen: > On 24.9.2013, at 19.16, Ren? Neumann wrote: > >> after migrating to 2.2 (currently using 2.2.5), I see strange error >> messages when using imapc + public namespace + acl >> >> My setup: I create a public shared mailbox with imapc as location. Then >> I restrict this mailbox to one user only using ACLs. >> >> This works for this one special user, but for all others an error gets >> logged and they can't access their mailbox anymore: >> >> Sep 24 18:09:46 [dovecot] imap(other at my.domain): Error: user >> other at my.domain: Initialization failed: Namespace 'Gemeinsam.': >> Ambiguous mail location setting, don't know what to >> do with it: yes (try prefixing it with mbox: or maildir:) > > I can't reproduce this. Set mail_debug=yes and show what's in the logs? > > Log for a non-working user is attached. Also here is the userdb-query: user_query = \ SELECT 1002 AS uid, 1005 AS gid, '/var/vmail/%d/%n' AS home, \ IF(imapc,'imapc:','') AS 'namespace/gemeinsam/location' \ FROM virtual_users \ WHERE user='%u' >From the logs it seems that '' is converted to 'yes'. (So probably, ACL has nothing to do with the error.) - Ren? -------------- next part -------------- Sep 27 10:56:18 [dovecot] imap-login: Login: user=, method=PLAIN, rip=dead::beef, lip=dead::beef, mpid=15210, secured, session= Sep 27 10:56:18 [dovecot] imap: Debug: Loading modules from directory: /usr/lib64/dovecot Sep 27 10:56:18 [dovecot] imap: Debug: Module loaded: /usr/lib64/dovecot/lib01_acl_plugin.so Sep 27 10:56:18 [dovecot] imap: Debug: Module loaded: /usr/lib64/dovecot/lib02_imap_acl_plugin.so Sep 27 10:56:18 [dovecot] imap: Debug: Module loaded: /usr/lib64/dovecot/lib90_antispam_plugin.so Sep 27 10:56:18 [dovecot] imap: Debug: Added userdb setting: namespace/gemeinsam/location=yes Sep 27 10:56:18 [dovecot] imap(other at my.domain): Debug: Effective uid=1002, gid=1005, home=/var/vmail/my.domain/other Sep 27 10:56:18 [dovecot] imap(other at my.domain): Debug: acl: No acl_shared_dict setting - shared mailbox listing is disabled Sep 27 10:56:18 [dovecot] imap(other at my.domain): Debug: Namespace inbox: type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=sdbox:/var/vmail /necoro.eu/tum/ Sep 27 10:56:18 [dovecot] imap(other at my.domain): Debug: fs: root=/var/vmail/my.domain/other, index=, indexpvt=, control=, inbox=, alt= Sep 27 10:56:18 [dovecot] imap(other at my.domain): Debug: acl: initializing backend with data: vfile:/etc/dovecot/global-acls:cache_secs=300 Sep 27 10:56:18 [dovecot] imap(other at my.domain): Debug: acl: acl username = other at my.domain Sep 27 10:56:18 [dovecot] imap(other at my.domain): Debug: acl: owner = 1 Sep 27 10:56:18 [dovecot] imap(other at my.domain): Debug: acl vfile: Global ACL directory: /etc/dovecot/global-acls Sep 27 10:56:18 [dovecot] imap(other at my.domain): Debug: Namespace gemeinsam: type=public, prefix=Gemeinsam., sep=., inbox=no, hidden=no, list=yes, subscriptions=no location=yes Sep 27 10:56:18 [dovecot] imap(other at my.domain): Debug: sdbox autodetect: stat(yes/mailboxes) failed: No such file or directory Sep 27 10:56:18 [dovecot] imap(other at my.domain): Debug: mdbox autodetect: stat(yes/storage) failed: No such file or directory Sep 27 10:56:18 [dovecot] imap(other at my.domain): Debug: maildir autodetect: stat(yes/cur) failed: No such file or directory Sep 27 10:56:18 [dovecot] imap(other at my.domain): Debug: sdbox autodetect: stat(yes/mailboxes) failed: No such file or directory Sep 27 10:56:18 [dovecot] imap(other at my.domain): Error: user other at my.domain: Initialization failed: Namespace 'Gemeinsam.': Ambiguous mail location setting, don't know what to do with it: yes (try prefixing it with mbox: or maildir:) Sep 27 10:56:18 [dovecot] imap(other at my.domain): Error: Invalid user settings. Refer to server log for more information. From kryol at bigmir.net Fri Sep 27 12:31:34 2013 From: kryol at bigmir.net (Oleksii Krykun) Date: Fri, 27 Sep 2013 12:31:34 +0300 Subject: [Dovecot] pop3-login problem Message-ID: Hi! I have dovecot-2.2.5 installed as part of postfix+dovecot+mysql+amavisd. My server has two NICs (Internet and local). /etc/resolv.conf point to ISP DNS. Local names are not resolved. If ISP link goes to down state I see (after about 1minute) a following error: Sep 26 15:44:29 pop3-login: Error: master(pop3): Auth request timed out (received 0/12 bytes) and following informational message: Sep 26 15:44:29 pop3-login: Info: Internal login failure (pid=12809 id=17815) (internal failure, 1 successful auths): user= ..... If link is restored (even for a short time) all works fine again. After next down errors are repeated. I suppose that this is dns issue. Am I wrong? And I have a following question. Is it possible to disable dns requests? I haven't external clients. Or I must fix a name resolution e.g. to use a caching dns server? Thanks. From elhijo at 0lim.net Fri Sep 27 15:03:05 2013 From: elhijo at 0lim.net (David LEROUX) Date: Fri, 27 Sep 2013 14:03:05 +0200 Subject: [Dovecot] Truncated emails Message-ID: <524573F9.1020702@0lim.net> Hi, I'm running Dovecot IMAP and some times receive truncated emails. Don't understand why. Here are my settings: /dovecot -n # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-48-server x86_64 Ubuntu 10.04.4 LTS log_path: /var/log/dovecot/dovecot.log info_log_path: /var/log/dovecot/dovecot.log log_timestamp: ?? %Y-%m-%d %H:%M:%S ?? login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_max_userip_connections: 11 mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock imap_client_workarounds: tb-extra-mailbox-sep auth default: passdb: driver: pam userdb: driver: passwd/ Hop you can help. Thanks, David From CMarcus at Media-Brokers.com Fri Sep 27 17:04:16 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 27 Sep 2013 10:04:16 -0400 Subject: [Dovecot] Released Pigeonhole v0.4.2 for Dovecot v2.2.6 and Pigeonhole v0.3.6 for Dovecot v2.1.17. In-Reply-To: <5244938B.7080709@rename-it.nl> References: <5244938B.7080709@rename-it.nl> Message-ID: <52459060.8020608@Media-Brokers.com> On 2013-09-26 4:05 PM, Stephan Bosch wrote: > There is one new feature for the Sieve vacation extension. Normally > vacation replies are sent with <> sender to prevent mail loops. A > setting is provided to override this behavior > (doc/extensions/vacation.txt), as requested on the mailing list. This is > not a violation of the specification, but use this with care. Hmmm... I know I've seen both Wietse and Victor say in no uncertain terms that you should never change this, so I'm wondering what would be valid reasons for ever doing so? -- Best regards, */Charles/* From tss at iki.fi Fri Sep 27 17:52:13 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 27 Sep 2013 16:52:13 +0200 Subject: [Dovecot] pop3-login problem In-Reply-To: References: Message-ID: <3D63D4A5-B43E-4CFB-88CA-2935B136ABE0@iki.fi> On 27.9.2013, at 11.31, Oleksii Krykun wrote: > I have dovecot-2.2.5 installed as part of postfix+dovecot+mysql+amavisd. > My server has two NICs (Internet and local). /etc/resolv.conf point to ISP DNS. Local names are not resolved. > > If ISP link goes to down state I see (after about 1minute) a following error: > > Sep 26 15:44:29 pop3-login: Error: master(pop3): Auth request timed out (received 0/12 bytes) auth process is hanging. > and following informational message: > > Sep 26 15:44:29 pop3-login: Info: Internal login failure (pid=12809 id=17815) (internal failure, 1 successful auths): user= ..... > > If link is restored (even for a short time) all works fine again. After next down errors are repeated. > > I suppose that this is dns issue. Am I wrong? Could be. > And I have a following question. > Is it possible to disable dns requests? I haven't external clients. Or I must fix a name resolution e.g. to use a caching dns server? Dovecot doesn't do DNS requests itself, exactly because of problems like these. Your passdb or userdb might do that though. Show your doveconf -n? From justin at neonova.net Fri Sep 27 17:57:15 2013 From: justin at neonova.net (Justin McAleer) Date: Fri, 27 Sep 2013 10:57:15 -0400 Subject: [Dovecot] proxy: can I use the password returned from passdb to log in to the back-end? Message-ID: I am hoping to support encrypted passwords, which I know is generally not allowed in a proxy setup. However, I can return the password in clear-text out of the password database, so I was hoping for something similar to the destuser field. I have successfully used the master password functionality to support encrypted passwords (users impersonating themselves), as long as the back-end server supports that. However, I need to proxy POP3 to Gmail, which does not. From tss at iki.fi Fri Sep 27 17:58:06 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 27 Sep 2013 16:58:06 +0200 Subject: [Dovecot] Truncated emails In-Reply-To: <524573F9.1020702@0lim.net> References: <524573F9.1020702@0lim.net> Message-ID: On 27.9.2013, at 14.03, David LEROUX wrote: > I'm running Dovecot IMAP and some times receive truncated emails. > Don't understand why. Are they truncated on the filesystem? By how much are they truncated? Are you using Dovecot-LDA or something else to deliver mails? Doesn't sound like the problem is with Dovecot. From tss at iki.fi Fri Sep 27 18:13:40 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 27 Sep 2013 17:13:40 +0200 Subject: [Dovecot] How to authenticate against SQL DB with custom-ciphered passwords? In-Reply-To: References: Message-ID: <282ECFA9-CCB2-40CE-9ED2-23EFE695D1AC@iki.fi> On 26.9.2013, at 10.01, Nicolay Vizovitin wrote: > I'm about to start developing authentication/password-scheme module for > Dovecot. So I would like to get some advice before actually committing to > doing things in particular way. Hope somebody will be able to help me :) > > For the record, I am currently targeting latest stable Dovecot version > 2.2.5. > > I have an SQL DB with mail users' authentication data. Passwords are stored > either encrypted via system crypt(3) or ciphered with some custom algorithm > (think something symmetrical like AES, so passwords can be decrypted into > plain form). I want to use this DB as both userdb and passdb backend. The > issue, of course, is with ciphered passwords support. > > 1) Is it feasible to just implement a new password scheme for ciphered > passwords support and still use stock passdb driver in Dovecot for SQL DB > access? Plugins can implement new password schemes. http://dovecot.org/patches/password-scheme-lmpass.c is an example, although I'm not sure if it compiles with v2.2. > So that passwords in this scheme would be treated as PLAIN (in a > sense that both cleartext and shared secret authentication methods would > work). You could do that in a slightly ugly way by setting password_generate=plain_generate(), so password_scheme_is_alias() returns TRUE for that. > 2) Provided I implement custom password scheme for ciphered passwords, what > is the best way to be capable to perform authentication against both > ciphered and encrypted passwords? Ciphered and encrypted passwords are > stored in different fields of SQL table (one of them is NULL when the other > one is set). > a) Do I define two passdb clauses with their own default_pass_scheme > (equal to my new scheme or CRYPT for encrypted passwords) and use fallback > to effectively check both of them? > b) Do I modify SQL query so that it prefixes existing password with > correct scheme (I'm not sure this will be easy enough to do)? By "ciphered" I understand you mean encrypted, and by "encrypted" you mean hashed.. Scheme prefix would work, mysql and postgresql have complex enough string manipulation functions to make this possible I think. > 3) Is it mandatory to provide password generation routine for custom > password scheme? When it will be used? doveadm pw command would use it for example. But as mentioned, you should set it to plain_generate. > 4) Maybe it's better to just implement a plugin that serves as both userdb > and passdb driver (in other words a kind of generic authentication module)? > What are advantages and disadvantages of each method - custom password > scheme + stock SQL driver VS. custom userdb and passdb driver? Fortunately, > I already have all the required credentials lookup and verification code. > So in any case the question is only in figuring out suitable Dovecot APIs > and integrating the existing code. Implementing yet another sql passdb sounds like quite a lot of work. > 7) Somewhat unrelated question: what is the best way to test IMAP (and > maybe POP3 as well) server performance and compare it to another server? > I'm interested in both login performance (the part I will influence) and > performance with many mails in mailbox. I heard imaptest is suitable for > this task. Are there any recipes or example testing scenarios you might > share? ;) There are only bad non-realistic benchmarks available currently. With imaptest you can easily test the login performance though: imaptest user=test%d.%d - select=0 clients=100 From rplatel at tucows.com Fri Sep 27 18:14:09 2013 From: rplatel at tucows.com (Richard Platel) Date: Fri, 27 Sep 2013 11:14:09 -0400 Subject: [Dovecot] Index error copying compressed message In-Reply-To: References: <72E20246-A20D-4B55-A90C-8EA10BD74719@tucows.com> Message-ID: <9AD12019-AC9E-4B82-A38C-2D1852D49356@tucows.com> On 2013-09-22, at 12:35 AM, Timo Sirainen wrote: > On 19.9.2013, at 23.59, Richard Platel wrote: > >> Dovecot 2.2, with the zlib plugin, I think we're getting bad index entries on IMAP COPY. >> >> On copying a message to an empty folder, in the dovecot error log I see: >> >> Sep 19 20:34:25 imap01 dovecot: imap(grain at rp-auth-test.com): Error: Cached message size smaller than expected (615 < 971) >> Sep 19 20:34:25 imap01 dovecot: imap(grain at rp-auth-test.com): Error: Corrupted index cache file /mail/index01/434/860/grain at rp-auth-test.com/.Bup/dovecot.index.cache: Broken physical size for mail UID 0 >> Sep 19 20:34:25 imap01 dovecot: imap(grain at rp-auth-test.com): Error: read() failed: Invalid argument (uid=0) >> >> (Note this happens from the copy operation, not a subsequent access. Also note the UID is always 0). > > UID=0 means that it's trying to get the size for the mail that is still being saved (so not the copy source mail). You mean you can easily reproduce this simply by copying a mail to a newly created folder? I couldn't. Try if you can still reproduce it with a smaller config, especially removing non-zlib plugins. > This was indeed a plugin configuration problem, thanks. From tss at iki.fi Fri Sep 27 18:16:48 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 27 Sep 2013 17:16:48 +0200 Subject: [Dovecot] v2.2.6 released In-Reply-To: References: <56B77929-A525-4E91-B189-697ABDBC3712@iki.fi> Message-ID: <2DAC0E6D-CC30-4DFC-80C6-D34420B62663@iki.fi> On 26.9.2013, at 14.33, Odhiambo Washington wrote: > While compiling on FreeBSD 9.1-STABLE and 8.4-STABLE I saw the below though > compile was successful and dovecot is running! > > > (15:25:20 <~/Tools/Dovecot/2.2/dovecot-2.2.6>) 0 $ ../build-2.2.sh > checking for a BSD-compatible install... /usr/bin/install -c > checking whether build environment is sane... yes > /usr/home/wash/Tools/Dovecot/2.2/dovecot-2.2.6/missing: Unknown > `--is-lightweight' option > Try `/usr/home/wash/Tools/Dovecot/2.2/dovecot-2.2.6/missing --help' for > more information > configure: WARNING: 'missing' script is too old or missing Interesting. I haven't seen this before. I would have thought that autotools updated that file automatically when needed. Now I have to go and delete it from all of my directories manually to make sure this won't happen again.. From tss at iki.fi Fri Sep 27 18:20:11 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 27 Sep 2013 17:20:11 +0200 Subject: [Dovecot] service anvil and ssl-params not starts with dovecot started In-Reply-To: References: Message-ID: <4DA60774-EDE0-4E09-A234-E43CF306E660@iki.fi> On 26.9.2013, at 15.07, Dewey Du wrote: > My dovecot started with the error below. What's the most possible reason > for the error? > > ?2013-08-28 11:41:40 ?master: Info: Dovecot v2.2.5 starting up (core dumps > disabled) > ?2013-08-28 11:42:00 ?anvil: Fatal: Error reading configuration: Timeout > reading config from /var/run/dovecot/config The config process is stuck for some reason. Try to find out what it's doing. Immediately after you start dovecot, find the config process pid, and do: 1) strace -tt -p (for about a second or so) 2) gdb -p bt full and mail the results. From kryol at bigmir.net Fri Sep 27 18:21:10 2013 From: kryol at bigmir.net (Oleksii Krykun) Date: Fri, 27 Sep 2013 18:21:10 +0300 Subject: [Dovecot] =?utf-8?q?pop3-login_problem?= In-Reply-To: <3D63D4A5-B43E-4CFB-88CA-2935B136ABE0@iki.fi> References: <3D63D4A5-B43E-4CFB-88CA-2935B136ABE0@iki.fi> Message-ID: 27.09.2013 17:52, Timo Sirainen >On 27.9.2013, at 11.31, Oleksii Krykun wrote: > > > I have dovecot-2.2.5 installed as part of postfix+dovecot+mysql+amavisd. > > My server has two NICs (Internet and local). /etc/resolv.conf point to ISP DNS. Local names are not resolved. > > > > If ISP link goes to down state I see (after about 1minute) a following error: > > > > Sep 26 15:44:29 pop3-login: Error: master(pop3): Auth request timed out (received 0/12 bytes) > > auth process is hanging. > > > and following informational message: > > > > Sep 26 15:44:29 pop3-login: Info: Internal login failure (pid=12809 id=17815) (internal failure, 1 successful auths): user= ..... > > > > If link is restored (even for a short time) all works fine again. After next down errors are repeated. > > > > I suppose that this is dns issue. Am I wrong? > > Could be. > > > And I have a following question. > > Is it possible to disable dns requests? I haven't external clients. Or I must fix a name resolution e.g. to use a caching dns server? > > Dovecot doesn't do DNS requests itself, exactly because of problems like these. Your passdb or userdb might do that though. Show your doveconf -n? My doveconf -n: # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.4-RELEASE i386 ufs auth_mechanisms = plain login cram-md5 auth_verbose = yes auth_verbose_passwords = plain dict { expire = mysql:/usr/local/etc/dovecot/dovecot-dict-expire.conf.ext } first_valid_gid = 1991 first_valid_uid = 1991 info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log login_greeting = Welcome to IMAP/POP3 server login_trusted_networks = 127.0.0.0/8, 10.1.1.0/24 mail_location = maildir:/usr/local/mail/%d/%u mail_plugins = quota expire mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave vnd.dovecot.duplicate namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { expire = Trash expire2 = Trash/* expire3 = Spam expire_dict = proxy::expire quota = maildir:User quota quota_warning = storage=95%% quota-warning 95 %u sieve = ~/.dovecot.sieve sieve_before = /usr/local/etc/dovecot/sieve/before.sieve sieve_dir = ~/sieve sieve_extensions = +vnd.dovecot.duplicate sieve_global_dir = /usr/local/etc/dovecot/sieve } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = virtual mode = 0666 user = virtual } } service dict { unix_listener dict { mode = 0600 user = virtual } } service imap-login { process_min_avail = 5 service_count = 0 } service pop3-login { service_count = 0 } service quota-warning { executable = script /usr/local/etc/dovecot/quota-warning.sh unix_listener quota-warning { user = virtual } user = dovecot } ssl_cert = References: <5243D15F.7080303@mohtex.net> Message-ID: On 26.9.2013, at 8.17, Tamsy wrote: > Dovecot 2.2.6 compiled on Ubuntu 10.04 fails on "make check" with the > following errors. > "make install" is finishing just fine and Dovecot itself works > flawlessly so far. Yeah, the problem is only with 32bit systems. It's only in lib-http though, so you're probably not using it unless you're using fts-solr. http://hg.dovecot.org/dovecot-2.2/rev/83e74b3a0d10 From tss at iki.fi Fri Sep 27 18:28:43 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 27 Sep 2013 17:28:43 +0200 Subject: [Dovecot] proxy: can I use the password returned from passdb to log in to the back-end? In-Reply-To: References: Message-ID: On 27.9.2013, at 16.57, Justin McAleer wrote: > I am hoping to support encrypted passwords, which I know is generally not > allowed in a proxy setup. However, I can return the password in clear-text > out of the password database, so I was hoping for something similar to the > destuser field. The "pass" extra field is used by proxy to connect to the remote server. So if you can manage to return the plaintext password in that field, it'll work. From rs at sys4.de Fri Sep 27 18:29:19 2013 From: rs at sys4.de (Robert Schetterer) Date: Fri, 27 Sep 2013 17:29:19 +0200 Subject: [Dovecot] pop3-login problem In-Reply-To: References: <3D63D4A5-B43E-4CFB-88CA-2935B136ABE0@iki.fi> Message-ID: <5245A44F.5020608@sys4.de> Am 27.09.2013 17:21, schrieb Oleksii Krykun: >> If ISP link goes to down state I see (after about 1minute) a following error: >> > > >> > > Sep 26 15:44:29 pop3-login: Error: master(pop3): Auth request timed out (received 0/12 bytes) >> >> auth process is hanging. perhaps check if there is some other stuff done when link goes down, like ntpdate configured with some if-down script relation etc Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From elhijo at 0lim.net Fri Sep 27 18:46:03 2013 From: elhijo at 0lim.net (David LEROUX) Date: Fri, 27 Sep 2013 17:46:03 +0200 Subject: [Dovecot] Truncated emails In-Reply-To: References: <524573F9.1020702@0lim.net> Message-ID: <5245A83B.4030203@0lim.net> On 09/27/2013 04:58 PM, Timo Sirainen wrote: > On 27.9.2013, at 14.03, David LEROUX wrote: > >> I'm running Dovecot IMAP and some times receive truncated emails. >> Don't understand why. > Are they truncated on the filesystem? Yes they are > By how much are they truncated? That's the strange part, one could be truncated after 3 lines, while another on would be truncated after hundreds lines.... > Are you using Dovecot-LDA or something else to deliver mails? Doesn't sound like the problem is with Dovecot. > No I'm not, only postfix and dovecot. Thanks, David From rplatel at tucows.com Fri Sep 27 18:46:56 2013 From: rplatel at tucows.com (Richard Platel) Date: Fri, 27 Sep 2013 11:46:56 -0400 Subject: [Dovecot] fts-solr indexer-worker connects to wrong solr host dovecot-2.2.4 Message-ID: <7064632D-270E-4EA4-B62F-12A5151AC381@tucows.com> Hello. We're setting up fts solr and want to have the solr server host be set per-user via UserDB. It looks like if a user connects and fts indexes mail, and then another user connects and indexes mail, indexer-worker is connecting to the first user's fts host: User1, hammer at rp-auth-test.com connects, does a SEARCH for the first time, indexer-worker gets UserDB settings and correctly indexes mail on ftsvs01: [...] auth-worker(2195): Debug: dict(hammer at rp-auth-test.com): lookup shared/userdb/hammer at rp-auth-test.com auth-worker(2195): Debug: dict(hammer at rp-auth-test.com): result: {"uid":"8","fts":"solr","quota_rule4":"Spam:ignore","_session":"talk15_590ec6d100042","quota_rule3":"Trash:ignore","quota_rule2":"*:messages=2684354","quota_rule":"*:storage=5242880k","mail":"maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/","fts_solr":"debug url=http://ftsvs01:8080/solr/","gid":"8"} auth: Debug: userdb out: USER 1 hammer at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=talk15_590ec6d100042 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/ fts_solr=debug url=http://ftsvs01:8080/solr/ gid=8 indexer-worker: Debug: auth input: hammer at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=talk15_590ec6d100042 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/ fts_solr=debug url=http://ftsvs01:8080/solr/ gid=8 indexer-worker: Debug: Added userdb setting: plugin/_session=talk15_590ec6d100042 indexer-worker: Debug: Added userdb setting: plugin/fts=solr indexer-worker: Debug: Added userdb setting: plugin/fts_solr=debug url=http://ftsvs01:8080/solr/ indexer-worker: Debug: Added userdb setting: mail=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/ha mmer at rp-auth-test.com/ indexer-worker: Debug: Added userdb setting: plugin/quota_rule=*:storage=5242880k indexer-worker: Debug: Added userdb setting: plugin/quota_rule2=*:messages=2684354 indexer-worker: Debug: Added userdb setting: plugin/quota_rule3=Trash:ignore indexer-worker: Debug: Added userdb setting: plugin/quota_rule4=Spam:ignore indexer-worker(hammer at rp-auth-test.com): Debug: Effective uid=8, gid=8, home= indexer-worker(hammer at rp-auth-test.com): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions =yes location=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/ indexer-worker(hammer at rp-auth-test.com): Debug: maildir++: root=/mail/mailstore01/215/573/hammer at rp-auth-test.com, index=/mail/index01/215/ 573/hammer at rp-auth-test.com, indexpvt=, control=, inbox=/mail/mailstore01/215/573/hammer at rp-auth-test.com, alt= indexer-worker(hammer at rp-auth-test.com): Debug: Ignoring unknown cache field: pop3.order indexer-worker(hammer at rp-auth-test.com): Debug: Ignoring unknown cache field: binary.parts indexer-worker(hammer at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294685 vs 1380294612 ): /mail/index01/215/573/hammer at rp-auth-test.com/.INBOX/dovecot.index.log indexer-worker(hammer at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Submitted [...] User1 index finishes and imap searches against ftsvs01 [...] imap(hammer at rp-auth-test.com): Debug: http-client: request [GET http://ftsvs01:8080/solr/select?fl=uid,score&rows=2&sort=uid+asc&q=(hdr:%22moo%22+OR+body:%22moo%22)&fq=%2Bbox:42faee1f735b1e52b3210000386e9ade+%2Buser:%22hammer at rp-auth-test.com%22]: Submitted [...] User2 grant at rp-auth-test.com connects and does a SEARCH, index worker gets gets UserDB settings, including fts host ftsvs02, but connects to ftsvs01 (also note index-worker initially shows wrong user in loglines) [...] auth-worker(2195): Debug: dict(grant at rp-auth-test.com): lookup shared/userdb/grant at rp-auth-test.com auth-worker(2195): Debug: dict(grant at rp-auth-test.com): result: {"uid":"8","fts":"solr","quota_rule4":"Spam:ignore","_session":"cow80_609fed7600001","quota_rule3":"Trash:ignore","quota_rule2":"*:messages=2684354","quota_rule":"*:storage=5242880k","mail":"maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/","fts_solr":"debug url=http://ftsvs02:8080/solr/","gid":"8"} auth: Debug: userdb out: USER 2 grant at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=cow80_609fed7600001 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ fts_solr=debug url=http://ftsvs02:8080/solr/ gid=8 indexer-worker(hammer at rp-auth-test.com): Debug: auth input: grant at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=cow80_609fed7600001 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ fts_solr=debug url=http://ftsvs02:8080/solr/ gid=8 indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/_session=cow80_609fed7600001 indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/fts=solr indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/fts_solr=debug url=http://ftsvs02:8080/solr/ indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: mail=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule=*:storage=5242880k indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule2=*:messages=2684354 indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule3=Trash:ignore indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule4=Spam:ignore indexer-worker(grant at rp-auth-test.com): Debug: Effective uid=8, gid=8, home= indexer-worker(grant at rp-auth-test.com): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ indexer-worker(grant at rp-auth-test.com): Debug: maildir++: root=/mail/mailstore01/812/023/grant at rp-auth-test.com, index=/mail/index01/812/023/grant at rp-auth-test.com, indexpvt=, control=, inbox=/mail/mailstore01/812/023/grant at rp-auth-test.com, alt= indexer-worker(grant at rp-auth-test.com): Debug: Ignoring unknown cache field: pop3.order indexer-worker(grant at rp-auth-test.com): Debug: Ignoring unknown cache field: binary.parts indexer-worker(grant at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294736 vs 1380294664): /mail/index01/812/023/grant at rp-auth-test.com/.INBOX/dovecot.index.cache indexer-worker(grant at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294736 vs 1380294664): /mail/index01/812/023/grant at rp-auth-test.com/.INBOX/dovecot.index.log indexer-worker(grant at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294736 vs 1380294664): /mail/index01/812/023/grant at rp-auth-test.com/.INBOX/dovecot.index.cache indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Submitted [...] indexer-worker indexes User2's mail on wrong fts host: [...] indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Sent header indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload [...] indexer-worker finishes and imap searches against correct fts host ftsvs02 [...] imap(grant at rp-auth-test.com): Debug: http-client: request [GET http://ftsvs02:8080/solr/select?fl=uid,score&rows=194&sort=uid+asc&q=(hdr:%22Fasdf%22+OR+body:%22Fasdf%22)&fq=%2Bbox:62d61f003b5a1e52af130000386e9ade+%2Buser:%22grant at rp-auth-test.com%22]: Submitted [...] From tss at iki.fi Fri Sep 27 19:36:18 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 27 Sep 2013 18:36:18 +0200 Subject: [Dovecot] Truncated emails In-Reply-To: <5245A83B.4030203@0lim.net> References: <524573F9.1020702@0lim.net> <5245A83B.4030203@0lim.net> Message-ID: <3BCF2607-5CD6-44BA-BA64-8F6346D2FBCE@iki.fi> On 27.9.2013, at 17.46, David LEROUX wrote: > On 09/27/2013 04:58 PM, Timo Sirainen wrote: >> On 27.9.2013, at 14.03, David LEROUX wrote: >> >>> I'm running Dovecot IMAP and some times receive truncated emails. >>> Don't understand why. >> Are they truncated on the filesystem? > Yes they are >> By how much are they truncated? > That's the strange part, one could be truncated after 3 lines, while another on would be truncated after hundreds lines.... >> Are you using Dovecot-LDA or something else to deliver mails? Doesn't sound like the problem is with Dovecot. >> > No I'm not, only postfix and dovecot. If your new emails are truncated on the filesystem, and Dovecot isn't the one saving them to disk, then there's no way it's Dovecot's fault. From kremels at kreme.com Fri Sep 27 21:01:20 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 27 Sep 2013 12:01:20 -0600 Subject: [Dovecot] recipient_delimiter In-Reply-To: <1380238602.5591.7.camel@tardis> References: <605F6CBB-185B-4ADB-A3C6-A36894DD12CD@kreme.com> <1380238602.5591.7.camel@tardis> Message-ID: On 26 Sep 2013, at 17:36 , Noel Butler wrote: > Certainly does not do that by _default_ in a normal > mysql/virtuser/maildir setup using lda > when mail arrives for foo+dovecot at example.com > it gets stored in foo's cur/ > leaving it for the end users mail client to decide what to do with it, > if anything. Hmm. I guess I was misinformed. Too bad, since currently my procmail pipe is not working for virtual users (I am getting permission denied errors). -- The quality of our thoughts and ideas can only be as good as the quality of our language. From jerry at seibercom.net Fri Sep 27 22:45:25 2013 From: jerry at seibercom.net (Jerry) Date: Fri, 27 Sep 2013 15:45:25 -0400 Subject: [Dovecot] recipient_delimiter In-Reply-To: References: <605F6CBB-185B-4ADB-A3C6-A36894DD12CD@kreme.com> <1380238602.5591.7.camel@tardis> Message-ID: <20130927154525.7b854b78@scorpio> On Fri, 27 Sep 2013 12:01:20 -0600 LuKreme articulated: > > On 26 Sep 2013, at 17:36 , Noel Butler wrote: > > > Certainly does not do that by _default_ in a normal > > mysql/virtuser/maildir setup using lda > > when mail arrives for foo+dovecot at example.com > > it gets stored in foo's cur/ > > leaving it for the end users mail client to decide what to do with > > it, if anything. > > Hmm. I guess I was misinformed. Too bad, since currently my procmail > pipe is not working for virtual users (I am getting permission denied > errors). Why use procmail when sieve is so much more powerful? -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From kremels at kreme.com Fri Sep 27 23:39:10 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 27 Sep 2013 14:39:10 -0600 Subject: [Dovecot] recipient_delimiter In-Reply-To: <20130927154525.7b854b78@scorpio> References: <605F6CBB-185B-4ADB-A3C6-A36894DD12CD@kreme.com> <1380238602.5591.7.camel@tardis> <20130927154525.7b854b78@scorpio> Message-ID: <8CD817EC-188F-43AF-8AFD-8B5640183CEB@kreme.com> On 27 Sep 2013, at 13:45 , Jerry wrote: > On Fri, 27 Sep 2013 12:01:20 -0600 > LuKreme articulated: > >> >> On 26 Sep 2013, at 17:36 , Noel Butler wrote: >> >>> Certainly does not do that by _default_ in a normal >>> mysql/virtuser/maildir setup using lda >>> when mail arrives for foo+dovecot at example.com >>> it gets stored in foo's cur/ >>> leaving it for the end users mail client to decide what to do with >>> it, if anything. >> >> Hmm. I guess I was misinformed. Too bad, since currently my procmail >> pipe is not working for virtual users (I am getting permission denied >> errors). > > Why use procmail when sieve is so much more powerful? First, I have a lot of procmail recipes over many years. Second, there are quite a few things that sieve can?t do that procmail does well (for just one example, calling external programs). Sieve also doesn?t allow you to add or alter headers, I don?t believe. -- Qui me amat, amat et canem meam From lstone19 at stonejongleux.com Fri Sep 27 23:54:41 2013 From: lstone19 at stonejongleux.com (Larry Stone) Date: Fri, 27 Sep 2013 15:54:41 -0500 (CDT) Subject: [Dovecot] recipient_delimiter In-Reply-To: <8CD817EC-188F-43AF-8AFD-8B5640183CEB@kreme.com> References: <605F6CBB-185B-4ADB-A3C6-A36894DD12CD@kreme.com> <1380238602.5591.7.camel@tardis> <20130927154525.7b854b78@scorpio> <8CD817EC-188F-43AF-8AFD-8B5640183CEB@kreme.com> Message-ID: On Fri, 27 Sep 2013, LuKreme wrote: >> Why use procmail when sieve is so much more powerful? > > First, I have a lot of procmail recipes over many years. Second, there > are quite a few things that sieve can?t do that procmail does well (for > just one example, calling external programs). One of the things I do with Procmail is look for certain key phrases in email to a particular special account and if found, send an email that includes the line containing that key phrase to my cell phone text message address. It's easy to do with Procmail and formail (which is part of the Procmail suite); I haven't a clue how to do that (if it's even possible) in Sieve. I think those who advocate getting rid of Procmail in favor of Sieve are those whose interest is in sorting mail into folders. Those of us who advocate using Procmail are those who use Procmail for other purposes. -- Larry Stone lstone19 at stonejongleux.com From jerry at seibercom.net Sat Sep 28 01:41:22 2013 From: jerry at seibercom.net (Jerry) Date: Fri, 27 Sep 2013 18:41:22 -0400 Subject: [Dovecot] recipient_delimiter In-Reply-To: <8CD817EC-188F-43AF-8AFD-8B5640183CEB@kreme.com> References: <605F6CBB-185B-4ADB-A3C6-A36894DD12CD@kreme.com> <1380238602.5591.7.camel@tardis> <20130927154525.7b854b78@scorpio> <8CD817EC-188F-43AF-8AFD-8B5640183CEB@kreme.com> Message-ID: <20130927184122.4f70f951@scorpio> On Fri, 27 Sep 2013 14:39:10 -0600 LuKreme articulated: > > On 27 Sep 2013, at 13:45 , Jerry wrote: > > > On Fri, 27 Sep 2013 12:01:20 -0600 > > LuKreme articulated: > > > >> > >> On 26 Sep 2013, at 17:36 , Noel Butler > >> wrote: > >> > >>> Certainly does not do that by _default_ in a normal > >>> mysql/virtuser/maildir setup using lda > >>> when mail arrives for foo+dovecot at example.com > >>> it gets stored in foo's cur/ > >>> leaving it for the end users mail client to decide what to do with > >>> it, if anything. > >> > >> Hmm. I guess I was misinformed. Too bad, since currently my > >> procmail pipe is not working for virtual users (I am getting > >> permission denied errors). > > > > Why use procmail when sieve is so much more powerful? > > First, I have a lot of procmail recipes over many years. Second, > there are quite a few things that sieve can?t do that procmail does > well (for just one example, calling external programs). Is this what you are referring to: > Sieve also doesn?t allow you to add or alter headers, I don?t believe. Is this any help: -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From jerry at seibercom.net Sat Sep 28 01:47:55 2013 From: jerry at seibercom.net (Jerry) Date: Fri, 27 Sep 2013 18:47:55 -0400 Subject: [Dovecot] recipient_delimiter In-Reply-To: References: <605F6CBB-185B-4ADB-A3C6-A36894DD12CD@kreme.com> <1380238602.5591.7.camel@tardis> <20130927154525.7b854b78@scorpio> <8CD817EC-188F-43AF-8AFD-8B5640183CEB@kreme.com> Message-ID: <20130927184755.52051491@scorpio> On Fri, 27 Sep 2013 15:54:41 -0500 (CDT) Larry Stone articulated: > On Fri, 27 Sep 2013, LuKreme wrote: > > >> Why use procmail when sieve is so much more powerful? > > > > First, I have a lot of procmail recipes over many years. Second, > > there are quite a few things that sieve can?t do that procmail does > > well (for just one example, calling external programs). > > One of the things I do with Procmail is look for certain key phrases > in email to a particular special account and if found, send an email > that includes the line containing that key phrase to my cell phone > text message address. It's easy to do with Procmail and formail > (which is part of the Procmail suite); I haven't a clue how to do > that (if it's even possible) in Sieve. Clue: http://www.iana.org/assignments/sieve-extensions/sieve-extensions.xhtml and http://tools.ietf.org/html/draft-ietf-sieve-body-00 More clues are available. > I think those who advocate getting rid of Procmail in favor of Sieve > are those whose interest is in sorting mail into folders. Those of us > who advocate using Procmail are those who use Procmail for other > purposes. I have found very little that procmail can do that sieve cannot, other than being a nightmare to debug if something goes wrong. Just my 2?. -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From jgoerzen at opencsw.org Sat Sep 28 02:29:46 2013 From: jgoerzen at opencsw.org (Jake Goerzen) Date: Fri, 27 Sep 2013 16:29:46 -0700 Subject: [Dovecot] version 2.2.6 breaks compiling on Solaris 10 sparc Message-ID: <524614EA.9040900@opencsw.org> Hello, I maintain the dovecot package at opencsw.org. The latest release of dovecot verison 2.2.6 has some changes to lib-http which is breaking compiling on Solaris 10 sparc (though x86 builds successfully). Here is part of the compiler output while building: libtool: compile: /opt/SUNWspro/bin/cc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test -I../../src/lib-dns -I../../src/lib-ssl-iostream -I/opt/csw/include/mysql -I/opt/csw/include/postgresql -I/opt/csw/include -xO3 -m32 -xarch=sparc -I/opt/csw/include -c http-header-parser.c -KPIC -DPIC -o .libs/http-header-parser.o "http-header-parser.c", line 264: warning: statement not reached "http-header-parser.c", line 281: warning: argument #3 is incompatible with prototype: prototype: pointer to unsigned int : "../../src/lib/istream.h", line 152 argument : pointer to unsigned long long "http-header-parser.c", line 317: warning: argument #2 is incompatible with prototype: prototype: pointer to unsigned int : "../../src/lib/buffer.h", line 93 argument : pointer to unsigned long long and then later on a linking error: /bin/bash ../../libtool --tag=CC --mode=link /opt/SUNWspro/bin/cc -xO3 -m32 -xarch=sparc -I/opt/csw/include -no-undefined -m32 -xarch=sparc -L/opt/csw/lib -o test-http-url test-http-url.o http-url.lo ../lib-test/libtest.la ../lib/liblib.la -export-dynamic -lrt -lnsl -lsocket -lsendfile libtool: link: /opt/SUNWspro/bin/cc -xO3 -m32 -xarch=sparc -I/opt/csw/include -m32 -xarch=sparc -o test-http-url test-http-url.o .libs/http-url.o -L/opt/csw/lib ../lib-test/.libs/libtest.a ../lib/.libs/liblib.a -lrt -lnsl -lsocket -lsendfile Undefined first referenced symbol in file http_header_field_find .libs/http-url.o http_header_field_get .libs/http-url.o http_header_get_fields .libs/http-url.o ld: fatal: symbol referencing errors. No output written to test-http-url version 2.2.5 and previous releases of dovecot have compiled successfully on both Solaris sparc & x86. Regards, jgoerzen at opencsw.org From dovecot-list at mohtex.net Sat Sep 28 03:21:12 2013 From: dovecot-list at mohtex.net (Tamsy) Date: Sat, 28 Sep 2013 07:21:12 +0700 Subject: [Dovecot] Conditional jump or move depends on uninitialised value(s) In-Reply-To: References: <5243D15F.7080303@mohtex.net> Message-ID: <524620F8.8070103@mohtex.net> Timo Sirainen wrote the following on 27.09.2013 22:22: > On 26.9.2013, at 8.17, Tamsy wrote: > >> Dovecot 2.2.6 compiled on Ubuntu 10.04 fails on "make check" with the >> following errors. >> "make install" is finishing just fine and Dovecot itself works >> flawlessly so far. > Yeah, the problem is only with 32bit systems. It's only in lib-http though, so you're probably not using it unless you're using fts-solr. http://hg.dovecot.org/dovecot-2.2/rev/83e74b3a0d10 > Thank you Timo. Yes, I'm with 32bit systems und yes, I'm using fts-solr. Will try the patch later today and report back. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x5DC8E7D9.asc Type: application/pgp-keys Size: 1733 bytes Desc: not available URL: From deweyto at gmail.com Sat Sep 28 05:54:55 2013 From: deweyto at gmail.com (Dewey Du) Date: Sat, 28 Sep 2013 10:54:55 +0800 Subject: [Dovecot] service anvil and ssl-params not starts with dovecot started In-Reply-To: <4DA60774-EDE0-4E09-A234-E43CF306E660@iki.fi> References: <4DA60774-EDE0-4E09-A234-E43CF306E660@iki.fi> Message-ID: 1) strace -tt -p Process 2641 attached - interrupt to quit 22:32:35.816987 epoll_wait(9, 2) gdb -p GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: . Attaching to process 2913 Reading symbols from /usr/local/server/dovecot/libexec/dovecot/config...done. Reading symbols from /usr/local/server/dovecot/lib/dovecot/libdovecot.so.0...done. Loaded symbols for /usr/local/server/dovecot/lib/dovecot/libdovecot.so.0 Reading symbols from /lib64/libc.so.6...^[[A(no debugging symbols found)...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /usr/lib/libiconv.so.2...done. Loaded symbols for /usr/lib/libiconv.so.2 Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/librt.so.1 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. [Thread debugging using libthread_db enabled] Loaded symbols for /lib64/libpthread.so.0 Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_files.so.2 0x00007f18489ebee3 in __epoll_wait_nocancel () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.107.el6_4.2.x86_64 (gdb) Hangup detected on fd 0 error detected on stdin A debugging session is active. Inferior 1 [process 2913] will be detached. Quit anyway? (y or n) [answered Y; input not from terminal] Detaching from program: /usr/local/server/dovecot/libexec/dovecot/config, process 2913 Extra information: Everything goes well at the beginning. After a power failure, dovecot doesn't work as well as it did. I attached the log at that moment to see if it helps troubleshooting. ?2013-08-21 17:37:39 ?master: Info: Dovecot v2.2.5 starting up (core dumps disabled) ?2013-08-21 17:38:04 ?master: Error: service(anvil): Initial status notification not received in 30 seconds, killing the process ?2013-08-21 17:38:04 ?master: Error: service(ssl-params): Initial status notification not received in 30 seconds, killing the process ?2013-08-21 17:38:04 ?anvil: Fatal: master: service(anvil): child 2039 killed with signal 9 ?2013-08-21 17:38:04 ?ssl-params: Fatal: master: service(ssl-params): child 2041 killed with signal 9 ?2013-08-21 17:38:14 ?anvil: Error: Anvil client input error: Unknown command: VERSION ?2013-08-21 17:38:14 ?anvil: Error: Anvil client input error: Unknown command: VERSION Thanks very much. On Fri, Sep 27, 2013 at 11:20 PM, Timo Sirainen wrote: > On 26.9.2013, at 15.07, Dewey Du wrote: > > > My dovecot started with the error below. What's the most possible reason > > for the error? > > > > ?2013-08-28 11:41:40 ?master: Info: Dovecot v2.2.5 starting up (core > dumps > > disabled) > > ?2013-08-28 11:42:00 ?anvil: Fatal: Error reading configuration: Timeout > > reading config from /var/run/dovecot/config > > The config process is stuck for some reason. Try to find out what it's > doing. Immediately after you start dovecot, find the config process pid, > and do: > > 1) strace -tt -p (for about a second or so) > > 2) gdb -p > bt full > > and mail the results. > > From Leslie.Rhorer at twtelecom.com Sat Sep 28 07:31:40 2013 From: Leslie.Rhorer at twtelecom.com (Rhorer, Leslie) Date: Sat, 28 Sep 2013 04:31:40 +0000 Subject: [Dovecot] New install not working. Message-ID: Hello. I need some help. I was running uw-imap on my IMAP server (so I am using mbox email files), but I was having trouble with Outlook 2013, so I decided to move to dovecot. At first things were looking much better, except that most of my folders, other than the Inbox, were not showing up. I started changing both the dovecot configuration and the folder structure of my mail files, but now I can't even get the Inbox to populate. Outlooks says it is there, along with any folders I create new in Outlook, plus the Trash folder, which is the only non-local folder with anything in it. Try what I might, I can't get my Inbox to populate or any of the existing folders to show up at all. Here is the current output from dovecot -n: # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 xfs mail_location = mbox:/RAID/home/%u/mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = " imap pop3" ssl_cert = /mail. Here is a snapshot of one of t he directories: drwx------ 2 lrhorer lrhorer 59 Sep 26 21:32 Amazon -rw------- 1 lrhorer lrhorer 118889 Jul 23 09:57 CPS Energy -rw------- 1 lrhorer lrhorer 58343 Dec 26 2011 Craigs List -rw------- 1 lrhorer lrhorer 105676 Aug 24 2011 DAR Support -rw------- 1 lrhorer lrhorer 351546 Sep 20 11:21 Drafts -rw------- 1 lrhorer lrhorer 5767297 Jun 24 2012 eBay -rw------- 1 lrhorer lrhorer 50503746 Nov 27 2012 Family -rw------- 1 lrhorer lrhorer 109653 Apr 14 2012 Helipal -rw------- 1 lrhorer lrhorer 144094265 Sep 27 22:50 inbox -rw------- 1 lrhorer lrhorer 549 Jun 16 11:05 Junk E-mail -rw------- 1 lrhorer lrhorer 499 Jul 27 09:09 Junk E-mail1 -rw------- 1 lrhorer lrhorer 499 Aug 18 13:27 Junk E-mail2 -rw-r--r-- 1 lrhorer lrhorer 0 Sep 27 22:41 Junk E-mail3 -rw------- 1 lrhorer lrhorer 144094265 Sep 26 21:30 lrhorer -rw------- 1 lrhorer lrhorer 178218 Jan 11 2013 Mdadm -rw------- 1 lrhorer lrhorer 1022804 Dec 21 2011 NewEgg -rw------- 1 lrhorer lrhorer 6102422 Sep 17 2012 NUT -rw------- 1 lrhorer lrhorer 1588992 May 28 2010 RAID Halting -rw------- 1 lrhorer lrhorer 139695 Dec 13 2009 Rebuild an Array -rw------- 1 lrhorer lrhorer 3657762 Jul 26 10:24 Save -rw------- 1 root root 3657762 Sep 27 22:48 Save.sav -rw------- 1 lrhorer lrhorer 44458963 Jun 21 2011 Sent Items -rw------- 1 lrhorer lrhorer 10349 Jan 3 2010 SMART -rw-rw-rw- 1 lrhorer lrhorer 238 Sep 27 22:46 subscriptions -rw------- 1 lrhorer lrhorer 2732568 Jun 5 2011 tempAmazon -rw-r--r-- 1 lrhorer lrhorer 0 Sep 27 22:11 testing -rw------- 1 lrhorer lrhorer 19152044 Sep 27 22:42 Trash -rw------- 1 lrhorer lrhorer 536 Sep 5 01:14 Unsent -rw------- 1 lrhorer lrhorer 58550 Apr 8 2012 Wine -rw------- 1 lrhorer lrhorer 105015 Apr 2 2012 Xheli Since the home directories are on a subdirectory of a separate array, I have the following: lrwxrwxrwx 1 root root 10 Sep 27 21:22 /home -> /RAID/home /var/mail: total 140724 lrwxrwxrwx 1 root mail 30 Sep 27 21:31 ljrhorer -> /RAID/home/ljrhorer/mail/inbox lrwxrwxrwx 1 root mail 29 Sep 27 21:31 lrhorer -> /RAID/home/lrhorer/mail/inbox ------------- The content contained in this electronic message is not intended to constitute formation of a contract binding tw telecom. tw telecom will be contractually bound only upon execution, by an authorized officer, of a contract including agreed terms and conditions or by express application of its tariffs. This message is intended only for the use of the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender of this E-Mail or by telephone. From tss at iki.fi Sat Sep 28 09:35:30 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 28 Sep 2013 08:35:30 +0200 Subject: [Dovecot] version 2.2.6 breaks compiling on Solaris 10 sparc In-Reply-To: <524614EA.9040900@opencsw.org> References: <524614EA.9040900@opencsw.org> Message-ID: On 28.9.2013, at 1.29, Jake Goerzen wrote: > I maintain the dovecot package at opencsw.org. The latest release of dovecot verison 2.2.6 has some changes to lib-http which is breaking compiling on Solaris 10 sparc (though x86 builds successfully). Here is part of the compiler output while building: > > > libtool: compile: /opt/SUNWspro/bin/cc -DHAVE_CONFIG_H -I. -I../.. > -I../../src/lib -I../../src/lib-test -I../../src/lib-dns > -I../../src/lib-ssl-iostream -I/opt/csw/include/mysql > -I/opt/csw/include/postgresql -I/opt/csw/include -xO3 -m32 > -xarch=sparc -I/opt/csw/include -c http-header-parser.c -KPIC -DPIC > -o .libs/http-header-parser.o > "http-header-parser.c", line 264: warning: statement not reached > "http-header-parser.c", line 281: warning: argument #3 is > incompatible with prototype: > prototype: pointer to unsigned int : > "../../src/lib/istream.h", line 152 argument : pointer to > unsigned long long http://hg.dovecot.org/dovecot-2.2/rev/83e74b3a0d10 fixes this. From tss at iki.fi Sat Sep 28 09:37:22 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 28 Sep 2013 08:37:22 +0200 Subject: [Dovecot] New install not working. In-Reply-To: References: Message-ID: <5B80E4D8-5623-40E1-964E-06E5DD702DA8@iki.fi> On 28.9.2013, at 6.31, "Rhorer, Leslie" wrote: > I need some help. I was running uw-imap on my IMAP server (so I am using mbox email files), but I was having trouble with Outlook 2013, so I decided to move to dovecot. At first things were looking much better, except that most of my folders, other than the Inbox, were not showing up. I started changing both the dovecot configuration and the folder structure of my mail files, but now I can't even get the Inbox to populate. Outlooks says it is there, along with any folders I create new in Outlook, plus the Trash folder, which is the only non-local folder with anything in it. Try what I might, I can't get my Inbox to populate or any of the existing folders to show up at all. Here is the current output from dovecot -n: Set mail_debug=yes and check that the path Dovecot reports is equal to what you expect it to be. From jtam.home at gmail.com Sat Sep 28 10:17:55 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Sat, 28 Sep 2013 00:17:55 -0700 (PDT) Subject: [Dovecot] New install not working. In-Reply-To: References: Message-ID: "Rhorer, Leslie" writes: > At first things were looking much better, except that most of my > folders, other than the Inbox, were not showing up. I started changing > both the dovecot configuration and the folder structure of my mail > files, but now I can't even get the Inbox to populate. Outlooks says > it is there, along with any folders I create new in Outlook, plus the > Trash folder, which is the only non-local folder with anything in it. > Try what I might, I can't get my Inbox to populate or any of the > existing folders to show up at all. Here is the current output from > dovecot -n: > .... > mail_location = mbox:/RAID/home/%u/mail Maybe try mail_location = mbox:/RAID/home/%n/mail:INBOX=/RAID/home/%n/mail/inbox (%n does not include the domain part, but it might be the same as %u). Joseph Tam From dovecot-list at mohtex.net Sat Sep 28 14:07:32 2013 From: dovecot-list at mohtex.net (Tamsy) Date: Sat, 28 Sep 2013 18:07:32 +0700 Subject: [Dovecot] Conditional jump or move depends on uninitialised value(s) In-Reply-To: <524620F8.8070103@mohtex.net> References: <5243D15F.7080303@mohtex.net> <524620F8.8070103@mohtex.net> Message-ID: <5246B874.2030602@mohtex.net> Tamsy wrote the following on 28.09.2013 07:21: > Timo Sirainen wrote the following on 27.09.2013 22:22: >> On 26.9.2013, at 8.17, Tamsy wrote: >> >>> Dovecot 2.2.6 compiled on Ubuntu 10.04 fails on "make check" with the >>> following errors. >>> "make install" is finishing just fine and Dovecot itself works >>> flawlessly so far. >> Yeah, the problem is only with 32bit systems. It's only in lib-http though, so you're probably not using it unless you're using fts-solr. http://hg.dovecot.org/dovecot-2.2/rev/83e74b3a0d10 >> > Thank you Timo. > Yes, I'm with 32bit systems und yes, I'm using fts-solr. Will try the > patch later today and report back. FYI: After applying your patch "make check" finishes without problems. All good now. Thank you again, Timo. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x5DC8E7D9.asc Type: application/pgp-keys Size: 1733 bytes Desc: not available URL: From AxelLuttgens at swing.be Sat Sep 28 17:26:03 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Sat, 28 Sep 2013 16:26:03 +0200 Subject: [Dovecot] Using MailDir but local messages still save in mbox format In-Reply-To: <5245355E.9010401@wilsonville.net> References: <524487D5.5000307@wilsonville.net> <52452938.8090007@wilsonville.net> <5245355E.9010401@wilsonville.net> Message-ID: <21CC60C9-605F-43B1-9E2A-10748B559578@swing.be> Le 27 sept. 2013 ? 09:35, Mike Edwards a ?crit : > I think I just fixed the problem but I am not sure if I did it the right way.. It seems that it is postfix that did it, not dovecot. I found this in the log for every local message... > > Sep 26 11:10:10 zeus postfix/local[14565]: 9B0294AA15E: to=, orig_to=, relay=local, delay=9, delays=9/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) > > So, I went to the postfix master.cf and commented out this line... > > #local unix - n n - - local > > Was that the correct way to do it? Hello Mike, You probably have cured the symptoms... ;-) Your cron command has very likely been built for making use of the sendmail command. When facing a "naked" recipient address such as "vmail", Postfix' sendmail will look for an alias, then for a system user bearing that name. There's probably no alias for "vmail", but you clearly have a system user named "vmail"; so, sendmail will proceed with a local delivery for user "vmail". So, you could for example define an alias: vmail: yourself at your.virtual.domain since you're potentially more interested than user vmail in the messages emitted by the cron job. Or add such a line to your crontab: MAIL=yourself at your.virtual.domain so as to override the default recipient, ie the user the job runs as. HTH, Axel From wizz at mniam.net Sat Sep 28 18:11:48 2013 From: wizz at mniam.net (Kamil Andrusz) Date: Sat, 28 Sep 2013 17:11:48 +0200 Subject: [Dovecot] Panic: file mail-storage.c: line 834 (mailbox_verify_name): assertion failed Message-ID: <44D2E9CA-B21B-476A-8FD4-55B090DC658B@mniam.net> Hello List! I've encountered an error after upgrading my system and dovecot. I guess it's probably a result of a configuration problem, however after quite some tinkering with configuration I am still missing the source of the problem. Sep 28 16:57:21 shwurzbung dovecot: imap(wizz): Panic: file mail-storage.c: line 834 (mailbox_verify_name): assertion failed: (strncmp(vname, ns->prefix, ns->prefix_len-1) == 0) Sep 28 16:57:21 shwurzbung dovecot: imap(wizz): Fatal: master: service(imap): child 23203 killed with signal 6 (core not dumped - set service imap { drop_priv_before_exec=yes }) The problem above appears with both dovecot 2.2.5 and 2.2.6. It did not happen while using dovecot 2.1.12. Operating system is OpenBSD 5.4-current and AMD64. FS type is FFS (default for OpenBSD). Output of dovecot -n: # 2.2.6: /etc/dovecot/dovecot.conf # OS: OpenBSD 5.4 amd64 auth_mechanisms = plain login default_process_limit = 200 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl mmap_disable = yes namespace { hidden = yes inbox = yes list = no location = mbox:~/mail:INBOX=/var/mail/%u prefix = inbox/ type = private } namespace inbox { location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = bsdauth } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh protocols = imap pop3 lmtp sieve service auth { unix_listener /var/run/dovecot/auth-master { group = virtuals mode = 0600 user = virtuals } unix_listener /var/spool/postfix/private/auth { mode = 0660 user = _postfix } user = root } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } ssl_cert = -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 How does dovecot handle sent items and is it possible to "process" them befor they get saved in the sent item folder? My scenario is that I'm running postifx + dovecot with all incoming and outgoing mail passed to a script that encrypts the mail with the public key of the recipient. The only place now that has unencrypted mail sitting on the server is the sent items, I'd like to fix that. What would be the best way to proceed here? - -- Encrypt everything. Public key: https://www.secryption.com/BruceMarkey.asc I believe that any violation of privacy is nothing good. Lech Walesa -----BEGIN PGP SIGNATURE----- Version: OpenPGP.js v.1.20130420 Comment: http://openpgpjs.org wsFcBAEBCAAQBQJSR+odCRDIVcS4Lgc6WAAAIOYP/AqT3HWNbZZnoRXgeq27 n8id40wWemf+IgXGEe1fCTX7d/x+Zinj7bZw5EVq8WlLDxwpOhJGDNUAfA2+ 2z+6J7H0dAHk8rSJZqZfNaGWQQhY3ZehwJnojGJnM5ORuHHH/9WsY91jq26u 4Bzg54tUo+aIoWJHLWlVdqiDjJsW4n536UaHcKlVQx0JCe1byt4eXAmJP9dh Dc9YkP3lKUdW9oxgusJRLOxGfaN++nIFHSBDV6wGp0gEdCuzkgphdEFMnUX9 mD1dwPrDMlEmqHkiyHFH9RGGFvHRaTmdREW8eX9vnHp2PBXthbqd3RKWs7Q4 FmnfoS18inSbTM9Cp79HgQBMKBu66/qtdI6q5q45An9lmQAGf2ElvApSj8b+ ZI5GklVGSyrkxwRTOSRij57SDcRexNhlHg1jsDwSFvNjW5CzH0cB+mVU98eB TqfbIPKvGuqKzpdgf7SNJhZXmmkRrtsL/pI3xCheaZVh34Jxx6N/mP01pDEv d4IrajaTS+0mv6cM4z5f6k62YypHNB9fSTTjIKIqAvLgWMyQIFdjd9BQ1PQK pPiu+btbhhb4RgKa3LFSTp2xJVZlKXd2bqTaRkv63eUgF9NUIr3RYM98I75z mMnxfR5QDZIS6s5tlmZXF7zvCzXoRj30xEp8IsTMrfA4GzLpfAVsJaSUZlSo j5I3 =5Tw/ -----END PGP SIGNATURE----- From vizovitin at gmail.com Sun Sep 29 11:54:14 2013 From: vizovitin at gmail.com (Nicolay Vizovitin) Date: Sun, 29 Sep 2013 15:54:14 +0700 Subject: [Dovecot] How to authenticate against SQL DB with custom-ciphered passwords? In-Reply-To: <282ECFA9-CCB2-40CE-9ED2-23EFE695D1AC@iki.fi> References: <282ECFA9-CCB2-40CE-9ED2-23EFE695D1AC@iki.fi> Message-ID: Thanks a lot for your answers! Unfortunately I didn't have a chance to sit down and implement the thing yet, but after looking through the Dovecot code I have some additional questions. Please see inline below. On Fri, Sep 27, 2013 at 10:13 PM, Timo Sirainen wrote: > On 26.9.2013, at 10.01, Nicolay Vizovitin wrote: > > > I'm about to start developing authentication/password-scheme module for > > Dovecot. So I would like to get some advice before actually committing to > > doing things in particular way. Hope somebody will be able to help me :) > > > > For the record, I am currently targeting latest stable Dovecot version > > 2.2.5. > > > > I have an SQL DB with mail users' authentication data. Passwords are > stored > > either encrypted via system crypt(3) or ciphered with some custom > algorithm > > (think something symmetrical like AES, so passwords can be decrypted into > > plain form). I want to use this DB as both userdb and passdb backend. The > > issue, of course, is with ciphered passwords support. > > > > 1) Is it feasible to just implement a new password scheme for ciphered > > passwords support and still use stock passdb driver in Dovecot for SQL DB > > access? > > Plugins can implement new password schemes. > http://dovecot.org/patches/password-scheme-lmpass.c is an example, > although I'm not sure if it compiles with v2.2. > > > So that passwords in this scheme would be treated as PLAIN (in a > > sense that both cleartext and shared secret authentication methods would > > work). > > You could do that in a slightly ugly way by setting > password_generate=plain_generate(), so password_scheme_is_alias() returns > TRUE for that. > OK, I figured I had to use something like that. However, after looking through the code I don't think it'll work with shared-secret authentication mechanisms. Looking at struct password_scheme definition: int (*password_verify)(const char *plaintext, const char *user, const unsigned char *raw_password, size_t size, const char **error_r); void (*password_generate)(const char *plaintext, const char *user, const unsigned char **raw_password_r, size_t *size_r); password_generate would have to be equal to plain_generate(). So I'm left with password_verify, but its signature implies that it is called only when plaintext password is available from client, which is not the case with shared-secret mechanisms. A simple question to verify my hypothesis: would PLAIN-TRUNC password scheme work with CRAM-MD5 authentication? My understanding of CRAM-MD5 and what PLAIN-TRUNC does tells me it cannot work even in theory. Something tells me that I rather need a new password encoding than just a password scheme. Yet there is no way to extend password encodings, as far as I can tell (at least from looking at password_decode()). So I guess I can't use new password scheme to solve my problem without patching Dovecot, can I? > > 2) Provided I implement custom password scheme for ciphered passwords, > what > > is the best way to be capable to perform authentication against both > > ciphered and encrypted passwords? Ciphered and encrypted passwords are > > stored in different fields of SQL table (one of them is NULL when the > other > > one is set). > > a) Do I define two passdb clauses with their own default_pass_scheme > > (equal to my new scheme or CRYPT for encrypted passwords) and use > fallback > > to effectively check both of them? > > b) Do I modify SQL query so that it prefixes existing password with > > correct scheme (I'm not sure this will be easy enough to do)? > > By "ciphered" I understand you mean encrypted, and by "encrypted" you mean > hashed.. Scheme prefix would work, mysql and postgresql have complex enough > string manipulation functions to make this possible I think. > Well, yes, I meant exactly that. :) > > 3) Is it mandatory to provide password generation routine for custom > > password scheme? When it will be used? > > doveadm pw command would use it for example. But as mentioned, you should > set it to plain_generate. > > > 4) Maybe it's better to just implement a plugin that serves as both > userdb > > and passdb driver (in other words a kind of generic authentication > module)? > > What are advantages and disadvantages of each method - custom password > > scheme + stock SQL driver VS. custom userdb and passdb driver? > Fortunately, > > I already have all the required credentials lookup and verification code. > > So in any case the question is only in figuring out suitable Dovecot APIs > > and integrating the existing code. > > Implementing yet another sql passdb sounds like quite a lot of work. > I guess it is. But I'd rather trade more work now for more maintainability later (if implementing passdb would help). I don't really want to patch Dovecot as future changes may render the patch incompatible. I could invest some time into the patch provided there is a chance it would get merged into upstream. Otherwise I'd rather use my existing code for accessing SQL DB and password verification/lookup and integrate it into passdb code. BTW, is there anything else passdb/userdb plugin can do other than its direct responsibilities and returning extra userdb fields? In other words, are there any (theoretical) advantages to implementing passdb instead of password scheme? > > 7) Somewhat unrelated question: what is the best way to test IMAP (and > > maybe POP3 as well) server performance and compare it to another server? > > I'm interested in both login performance (the part I will influence) and > > performance with many mails in mailbox. I heard imaptest is suitable for > > this task. Are there any recipes or example testing scenarios you might > > share? ;) > > There are only bad non-realistic benchmarks available currently. With > imaptest you can easily test the login performance though: > > imaptest user=test%d.%d - select=0 clients=100 > > Thanks, will try it out later. -- Best regards, Nick From tss at iki.fi Sun Sep 29 12:46:32 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 29 Sep 2013 12:46:32 +0300 Subject: [Dovecot] Processing sent items In-Reply-To: <336c74f32eb767d5c1f6c74fdd682421@secryption.com> References: <336c74f32eb767d5c1f6c74fdd682421@secryption.com> Message-ID: On 29.9.2013, at 11.51, Bruce Markey wrote: > How does dovecot handle sent items and is it possible to "process" them befor they get saved in the sent item folder? > > My scenario is that I'm running postifx + dovecot with all incoming and outgoing mail passed to a script that encrypts the mail with the public key of the recipient. > > The only place now that has unencrypted mail sitting on the server is the sent items, I'd like to fix that. > > What would be the best way to proceed here? http://dovecot.org/patches/2.2/mail-filter.tar.gz is a start, but like its README says it can't quite handle modifications of mail contents, but should be possible with some smallish changes. From bruce at secryption.com Sun Sep 29 13:15:52 2013 From: bruce at secryption.com (Bruce Markey) Date: Sun, 29 Sep 2013 06:15:52 -0400 Subject: [Dovecot] Processing sent items In-Reply-To: References: <336c74f32eb767d5c1f6c74fdd682421@secryption.com> Message-ID: <039b36a637c22547d60d065afa917fd9@secryption.com> Thanks Timo, I'll give that a look. -- Encrypt everything. Public key: https://www.secryption.com/BruceMarkey.asc I believe that any violation of privacy is nothing good. Lech Walesa From rob0 at gmx.co.uk Sun Sep 29 22:28:30 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Sun, 29 Sep 2013 14:28:30 -0500 Subject: [Dovecot] Using MailDir but local messages still save in mbox format In-Reply-To: <21CC60C9-605F-43B1-9E2A-10748B559578@swing.be> References: <524487D5.5000307@wilsonville.net> <52452938.8090007@wilsonville.net> <5245355E.9010401@wilsonville.net> <21CC60C9-605F-43B1-9E2A-10748B559578@swing.be> Message-ID: <20130929192830.GY13717@harrier.slackbuilds.org> On Sat, Sep 28, 2013 at 04:26:03PM +0200, Axel Luttgens wrote: > Le 27 sept. 2013 ? 09:35, Mike Edwards a ?crit : > > > I think I just fixed the problem but I am not sure if I did it > > the right way.. It seems that it is postfix that did it, not > > dovecot. I found this in the log for every local message... > > > > Sep 26 11:10:10 zeus postfix/local[14565]: 9B0294AA15E: > > to=, orig_to=, relay=local, delay=9, > > delays=9/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to > > mailbox) > > > > So, I went to the postfix master.cf and commented out this line... > > > > #local unix - n n - - local > > > > Was that the correct way to do it? > > Hello Mike, > > You probably have cured the symptoms... ;-) I doubt it. The correct way to not route mail to local(8) is to take the domain in question out of mydestination. With no local transport available, but a domain is still listed in mydestination, Postfix will probably just complain about "transport not available". > Your cron command has very likely been built for making use of the > sendmail command. > When facing a "naked" recipient address such as "vmail", Postfix' > sendmail will look for an alias, then for a system user bearing > that name. No, this is wrong. Where did you see this? A bare localpart address without domain has @$myorigin appended. See postconf.5.html#append_at_myorigin for details. The munged @domain shown above is Mike's $myorigin, and it is listed in his $mydestination. > There's probably no alias for "vmail", but you clearly have a > system user named "vmail"; so, sendmail will proceed with a local > delivery for user "vmail". Nitpicking here, but sendmail does not do the delivery, only the acceptance and enqueueing. The now-commented local checks the alias_maps and does the delivery. > So, you could for example define an alias: > > vmail: yourself at your.virtual.domain > > since you're potentially more interested than user vmail in the > messages emitted by the cron job. This won't work if local_transport points to a service which is undefined. > Or add such a line to your crontab: > > MAIL=yourself at your.virtual.domain > > so as to override the default recipient, ie the user the job > runs as. Probably a better idea, but that feature is not available in all known cron implementations. Mike should check his own crontab(1) manual. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From tss at iki.fi Mon Sep 30 08:54:25 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 30 Sep 2013 08:54:25 +0300 Subject: [Dovecot] Panic: file mail-storage.c: line 834 (mailbox_verify_name): assertion failed In-Reply-To: <44D2E9CA-B21B-476A-8FD4-55B090DC658B@mniam.net> References: <44D2E9CA-B21B-476A-8FD4-55B090DC658B@mniam.net> Message-ID: <8B6D70A8-049E-4B0F-A2BB-786380F1A0FA@iki.fi> On 28.9.2013, at 18.11, Kamil Andrusz wrote: > Sep 28 16:57:21 shwurzbung dovecot: imap(wizz): Panic: file mail-storage.c: line 834 (mailbox_verify_name): assertion failed: (strncmp(vname, ns->prefix, ns->prefix_len-1) == 0) > namespace { > hidden = yes > inbox = yes > list = no > location = mbox:~/mail:INBOX=/var/mail/%u > prefix = inbox/ > type = private > } Don't use prefix=inbox/. Either use INBOX/ or something completely different. I think the proper fix here is to just fail to run with this configuration. From AxelLuttgens at swing.be Mon Sep 30 11:27:19 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Mon, 30 Sep 2013 10:27:19 +0200 Subject: [Dovecot] Using MailDir but local messages still save in mbox format In-Reply-To: <20130929192830.GY13717@harrier.slackbuilds.org> References: <524487D5.5000307@wilsonville.net> <52452938.8090007@wilsonville.net> <5245355E.9010401@wilsonville.net> <21CC60C9-605F-43B1-9E2A-10748B559578@swing.be> <20130929192830.GY13717@harrier.slackbuilds.org> Message-ID: <7DEEC644-3E0F-433E-93BF-33580E27C612@swing.be> Le 29 sept. 2013 ? 21:28, /dev/rob0 a ?crit : > On Sat, Sep 28, 2013 at 04:26:03PM +0200, Axel Luttgens wrote: >> Le 27 sept. 2013 ? 09:35, Mike Edwards a ?crit : >> >>> I think I just fixed the problem but I am not sure if I did it >>> the right way.. It seems that it is postfix that did it, not >>> dovecot. I found this in the log for every local message... >>> >>> Sep 26 11:10:10 zeus postfix/local[14565]: 9B0294AA15E: >>> to=, orig_to=, relay=local, delay=9, >>> delays=9/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to >>> mailbox) >>> >>> So, I went to the postfix master.cf and commented out this line... >>> >>> #local unix - n n - - local >>> >>> Was that the correct way to do it? >> >> Hello Mike, >> >> You probably have cured the symptoms... ;-) > > I doubt it. The correct way to not route mail to local(8) is to take > the domain in question out of mydestination. With no local transport > available, but a domain is still listed in mydestination, Postfix > will probably just complain about "transport not available". > >> Your cron command has very likely been built for making use of the >> sendmail command. >> When facing a "naked" recipient address such as "vmail", Postfix' >> sendmail will look for an alias, then for a system user bearing >> that name. > > No, this is wrong. Where did you see this? Thanks, I now understand I've probably been too quick in my description, by writing "sendmail" and implicitly considering the net effect of the whole chain starting with sendmail and ending with local (I made that same short-circuit in other parts of my reply as well). And the net effect is that, with defaults settings, every system user is liable to receive mail through a local submission. From Mike's description, it indeed appears that he initially had such default settings wrt the local domain class. So, the symptom was: some messages are delivered locally. And curing the symptom was: disable the local transport. With now another symptom anyway: messages are accumulating in the queue. > A bare localpart address without domain has @$myorigin appended. See > postconf.5.html#append_at_myorigin for details. The munged @domain > shown above is Mike's $myorigin, and it is listed in his > $mydestination. > >> There's probably no alias for "vmail", but you clearly have a >> system user named "vmail"; so, sendmail will proceed with a local >> delivery for user "vmail". > > Nitpicking here, but sendmail does not do the delivery, only the > acceptance and enqueueing. Sorry: I meant local "submission". :-( > The now-commented local checks the > alias_maps and does the delivery. > >> So, you could for example define an alias: >> >> vmail: yourself at your.virtual.domain >> >> since you're potentially more interested than user vmail in the >> messages emitted by the cron job. > > This won't work if local_transport points to a service which is > undefined. Unless those settings have been reverted to their default values, of course; this was the point of my reply. >> Or add such a line to your crontab: >> >> MAIL=yourself at your.virtual.domain >> >> so as to override the default recipient, ie the user the job >> runs as. > > Probably a better idea, but that feature is not available in all > known cron implementations. Mike should check his own crontab(1) > manual. Do you mean that some distributions are liable to mess with such a basic behavior of the venerable cron command? But yes, always a good idea to check the relevant man pages. ;-) Once again, sorry for my over-simplifications, Axel From justin at neonova.net Mon Sep 30 16:42:45 2013 From: justin at neonova.net (Justin McAleer) Date: Mon, 30 Sep 2013 09:42:45 -0400 Subject: [Dovecot] proxy: can I use the password returned from passdb to log in to the back-end? In-Reply-To: References: Message-ID: On Fri, Sep 27, 2013 at 11:28 AM, Timo Sirainen wrote: > On 27.9.2013, at 16.57, Justin McAleer wrote: > > > I am hoping to support encrypted passwords, which I know is generally not > > allowed in a proxy setup. However, I can return the password in > clear-text > > out of the password database, so I was hoping for something similar to > the > > destuser field. > > The "pass" extra field is used by proxy to connect to the remote server. > So if you can manage to return the plaintext password in that field, it'll > work. > > Excellent! That worked as promised. Thank you. From kryol at bigmir.net Mon Sep 30 16:46:23 2013 From: kryol at bigmir.net (Oleksii Krykun) Date: Mon, 30 Sep 2013 16:46:23 +0300 Subject: [Dovecot] =?utf-8?q?pop3-login_problem?= In-Reply-To: <5245A44F.5020608@sys4.de> References: <3D63D4A5-B43E-4CFB-88CA-2935B136ABE0@iki.fi> <5245A44F.5020608@sys4.de> Message-ID: 27.09.2013 18:29, Robert Schetterer >Am 27.09.2013 17:21, schrieb Oleksii Krykun: > >> If ISP link goes to down state I see (after about 1minute) a following error: > >> > > > >> > > Sep 26 15:44:29 pop3-login: Error: master(pop3): Auth request timed out (received 0/12 bytes) > >> > >> auth process is hanging. > > perhaps check if there is some other stuff done when link goes down, > like ntpdate configured with some if-down script relation etc No. But during usual work sometimes I can see (with tcpdump) some PTR requests after pop3/imap client connection. > > > Best Regards > MfG Robert Schetterer > > -- > [*] sys4 AG > > http://sys4.de, +49 (89) 30 90 46 64 > Franziskanerstra?e 15, 81669 M?nchen > > Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 > Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein From rob0 at gmx.co.uk Mon Sep 30 18:35:56 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 30 Sep 2013 10:35:56 -0500 Subject: [Dovecot] [ot] Re: Using MailDir but local messages still save in mbox format In-Reply-To: <7DEEC644-3E0F-433E-93BF-33580E27C612@swing.be> References: <524487D5.5000307@wilsonville.net> <52452938.8090007@wilsonville.net> <5245355E.9010401@wilsonville.net> <21CC60C9-605F-43B1-9E2A-10748B559578@swing.be> <20130929192830.GY13717@harrier.slackbuilds.org> <7DEEC644-3E0F-433E-93BF-33580E27C612@swing.be> Message-ID: <20130930153556.GA13717@harrier.slackbuilds.org> On Mon, Sep 30, 2013 at 10:27:19AM +0200, Axel Luttgens wrote: > >> Or add such a line to your crontab: > >> > >> MAIL=yourself at your.virtual.domain > >> > >> so as to override the default recipient, ie the user the job > >> runs as. > > > > Probably a better idea, but that feature is not available in all > > known cron implementations. Mike should check his own crontab(1) > > manual. > > Do you mean that some distributions are liable to mess with such a > basic behavior of the venerable cron command? But yes, always a > good idea to check the relevant man pages. ;-) In Linux land, Slackware uses the simpler Dillon's cron which lacks some of the features of the more popular Vixie cron. I bet a lot of commercial Unix flavors are also using simpler cron implementations than Vixie's. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From Leslie.Rhorer at twtelecom.com Mon Sep 30 18:49:58 2013 From: Leslie.Rhorer at twtelecom.com (Rhorer, Leslie) Date: Mon, 30 Sep 2013 15:49:58 +0000 Subject: [Dovecot] New install not working. In-Reply-To: <5B80E4D8-5623-40E1-964E-06E5DD702DA8@iki.fi> References: <5B80E4D8-5623-40E1-964E-06E5DD702DA8@iki.fi> Message-ID: It is. I was getting a bunch of sync errors in Outlook on the Trash folder. I eventually got them to stop (I'm actually not sure how). I went to bed, and in the morning I had 8 messages in the Inbox. There were over 1900 messages in the Inbox, however. I was able to use formail to get Outlook to see the rest of the messages, but it still does not bring up any other folders. I know it can see them, because I can subscribe to them, but it does not bring them up. Thunderbird brings them all up just fine. -----Original Message----- From: Timo Sirainen [mailto:tss at iki.fi] Sent: Saturday, September 28, 2013 1:37 AM To: Rhorer, Leslie Cc: dovecot at dovecot.org Subject: Re: [Dovecot] New install not working. On 28.9.2013, at 6.31, "Rhorer, Leslie" wrote: > I need some help. I was running uw-imap on my IMAP server (so I am using mbox email files), but I was having trouble with Outlook 2013, so I decided to move to dovecot. At first things were looking much better, except that most of my folders, other than the Inbox, were not showing up. I started changing both the dovecot configuration and the folder structure of my mail files, but now I can't even get the Inbox to populate. Outlooks says it is there, along with any folders I create new in Outlook, plus the Trash folder, which is the only non-local folder with anything in it. Try what I might, I can't get my Inbox to populate or any of the existing folders to show up at all. Here is the current output from dovecot -n: Set mail_debug=yes and check that the path Dovecot reports is equal to what you expect it to be. ------------- The content contained in this electronic message is not intended to constitute formation of a contract binding tw telecom. tw telecom will be contractually bound only upon execution, by an authorized officer, of a contract including agreed terms and conditions or by express application of its tariffs. This message is intended only for the use of the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender of this E-Mail or by telephone. From jgoerzen at opencsw.org Mon Sep 30 19:30:35 2013 From: jgoerzen at opencsw.org (Jake Goerzen) Date: Mon, 30 Sep 2013 09:30:35 -0700 Subject: [Dovecot] version 2.2.6 breaks compiling on Solaris 10 sparc In-Reply-To: References: <524614EA.9040900@opencsw.org> Message-ID: <5249A72B.2030705@opencsw.org> On 09/27/13 23:35, Timo Sirainen wrote: > On 28.9.2013, at 1.29, Jake Goerzen wrote: > >> I maintain the dovecot package at opencsw.org. The latest release of dovecot verison 2.2.6 has some changes to lib-http which is breaking compiling on Solaris 10 sparc (though x86 builds successfully). Here is part of the compiler output while building: >> >> >> libtool: compile: /opt/SUNWspro/bin/cc -DHAVE_CONFIG_H -I. -I../.. >> -I../../src/lib -I../../src/lib-test -I../../src/lib-dns >> -I../../src/lib-ssl-iostream -I/opt/csw/include/mysql >> -I/opt/csw/include/postgresql -I/opt/csw/include -xO3 -m32 >> -xarch=sparc -I/opt/csw/include -c http-header-parser.c -KPIC -DPIC >> -o .libs/http-header-parser.o >> "http-header-parser.c", line 264: warning: statement not reached >> "http-header-parser.c", line 281: warning: argument #3 is >> incompatible with prototype: >> prototype: pointer to unsigned int : >> "../../src/lib/istream.h", line 152 argument : pointer to >> unsigned long long > http://hg.dovecot.org/dovecot-2.2/rev/83e74b3a0d10 fixes this. > > I applied this patch and that fixes the compile error. However, I still get undefined symbols while linking: /bin/bash ../../libtool --tag=CC --mode=link /opt/SUNWspro/bin/cc -xO3 -m32 -xarch=sparc -I/opt/csw/include -no-undefined -m32 -xarch=sparc -L/opt/csw/lib -o test-http-url test-http-url.o http-url.lo ../lib-test/libtest.la ../lib/liblib.la -export-dynamic -lrt -lnsl -lsocket -lsendfile libtool: link: /opt/SUNWspro/bin/cc -xO3 -m32 -xarch=sparc -I/opt/csw/include -m32 -xarch=sparc -o test-http-url test-http-url.o .libs/http-url.o -L/opt/csw/lib ../lib-test/.libs/libtest.a ../lib/.libs/liblib.a -lrt -lnsl -lsocket -lsendfile Undefined first referenced symbol in file http_header_field_find .libs/http-url.o http_header_field_get .libs/http-url.o http_header_get_fields .libs/http-url.o ld: fatal: symbol referencing errors. No output written to test-http-url Could there be an earlier change to some header file that is causing undefined symbols? From vorgusa at gmail.com Mon Sep 30 21:24:57 2013 From: vorgusa at gmail.com (Chris Lasater) Date: Mon, 30 Sep 2013 14:24:57 -0400 Subject: [Dovecot] Doveadm with a 2nd Instance In-Reply-To: References: <5243BBCD.3060107@gmail.com> Message-ID: <5249C1F9.1010205@gmail.com> Could this bug have reappeared or not been passed to the 2.2.x release? On 09/26/2013 07:06 PM, Daniel Parthey wrote: > Hi, > > this bug should have been fixed by Timo in some 2.1.x release. The > issue should be in the list archives too. Which version are you using? > > BTW: I'm still using > doveadm -c /etc/dovecot-director/dovecot- director.conf director status > to address the director instance. > > Regards > Daniel From delrio at mie.utoronto.ca Mon Sep 30 23:52:30 2013 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Mon, 30 Sep 2013 16:52:30 -0400 Subject: [Dovecot] version 2.2.6 breaks compiling on Solaris 10 sparc In-Reply-To: <5249A72B.2030705@opencsw.org> References: <524614EA.9040900@opencsw.org> <5249A72B.2030705@opencsw.org> Message-ID: <5249E48E.7050100@mie.utoronto.ca> On 09/30/13 12:30 PM, Jake Goerzen wrote: > On 09/27/13 23:35, Timo Sirainen wrote: >> On 28.9.2013, at 1.29, Jake Goerzen wrote: >> >>> I maintain the dovecot package at opencsw.org. The latest release >>> of dovecot verison 2.2.6 has some changes to lib-http which is >>> breaking compiling on Solaris 10 sparc (though x86 builds >>> successfully). Here is part of the compiler output while building: >>> >>> >>> libtool: compile: /opt/SUNWspro/bin/cc -DHAVE_CONFIG_H -I. -I../.. >>> -I../../src/lib -I../../src/lib-test -I../../src/lib-dns >>> -I../../src/lib-ssl-iostream -I/opt/csw/include/mysql >>> -I/opt/csw/include/postgresql -I/opt/csw/include -xO3 -m32 >>> -xarch=sparc -I/opt/csw/include -c http-header-parser.c -KPIC -DPIC >>> -o .libs/http-header-parser.o >>> "http-header-parser.c", line 264: warning: statement not reached >>> "http-header-parser.c", line 281: warning: argument #3 is >>> incompatible with prototype: >>> prototype: pointer to unsigned int : >>> "../../src/lib/istream.h", line 152 argument : pointer to >>> unsigned long long >> http://hg.dovecot.org/dovecot-2.2/rev/83e74b3a0d10 fixes this. >> >> > > > I applied this patch and that fixes the compile error. However, I > still get undefined symbols while linking: > > /bin/bash ../../libtool --tag=CC --mode=link > /opt/SUNWspro/bin/cc -xO3 -m32 -xarch=sparc -I/opt/csw/include > -no-undefined -m32 -xarch=sparc -L/opt/csw/lib -o test-http-url > test-http-url.o http-url.lo ../lib-test/libtest.la ../lib/liblib.la > -export-dynamic -lrt -lnsl -lsocket -lsendfile > libtool: link: /opt/SUNWspro/bin/cc -xO3 -m32 -xarch=sparc > -I/opt/csw/include -m32 -xarch=sparc -o test-http-url > test-http-url.o .libs/http-url.o -L/opt/csw/lib > ../lib-test/.libs/libtest.a ../lib/.libs/liblib.a -lrt -lnsl > -lsocket -lsendfile > Undefined first referenced > symbol in file > http_header_field_find .libs/http-url.o > http_header_field_get .libs/http-url.o > http_header_get_fields .libs/http-url.o > ld: fatal: symbol referencing errors. No output written to > test-http-url > > > Could there be an earlier change to some header file that is causing > undefined symbols? > Just to test it, I tried on an old Solaris 10 sparc (gcc 3.4.3) and what I get is: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test -I../../src/lib-dns -I../../src/lib-ssl-iostream -I/usr/local/include -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -I/usr/sfw/include -MT test-http-server.o -MD -MP -MF .deps/test-http-server.Tpo -c -o test-http-server.o test-http-server.c test-http-server.c: In function `main': test-http-server.c:128: error: size of array `type name' is negative gmake[3]: *** [test-http-server.o] Error 1 gmake[3]: Leaving directory `/tmp/dovecot/dovecot-2.2.6/src/lib-http'