From greminn at gmail.com Tue Apr 1 00:54:57 2014 From: greminn at gmail.com (Simon) Date: Tue, 1 Apr 2014 13:54:57 +1300 Subject: [Dovecot] Connection refused userdb lookup ..dovecot/auth-userdb In-Reply-To: <53390cee.8566cc0a.72ad.ffffdba4SMTPIN_ADDED_BROKEN@mx.google.com> References: <831C5383-75E3-46C6-8689-0118BD26D680@gmail.com> <53216498.41af0e0a.6c31.ffff86d1SMTPIN_ADDED_BROKEN@mx.google.com> <532FE88B.1020302@whyscream.net> <53308EE6.4050904@Media-Brokers.com> <53316562.6020709@Media-Brokers.com> <5332B398.2060400@Media-Brokers.com> <5333A626.8020700@whyscream.net> <53390cee.8566cc0a.72ad.ffffdba4SMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: On Mon, Mar 31, 2014 at 7:37 PM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Mon, 31 Mar 2014, Simon wrote: > > On 3/24/2014 7:10 PM, Simon wrote: >>>>>> >>>>>>> Mar 13 09:55:44 vmail1 dovecot: lda: Error: userdb lookup: >>>>>>> connect(/usr/local/dovecot/var/run/dovecot/auth-userdb) >>>>>>> failed: Connection refused >>>>>>> >>>>>> > What's the output of: > > lsof -c dovecot|grep auth-userdb > > [root at vmail1 ~]# lsof -c dovecot|grep auth-userdb dovecot 3147 root 38u unix 0xffff88004fce0680 0t0 24739 /var/run/dovecot/auth-userdb From noloader at gmail.com Tue Apr 1 01:14:23 2014 From: noloader at gmail.com (Jeffrey Walton) Date: Mon, 31 Mar 2014 21:14:23 -0400 Subject: [Dovecot] Dovecot not honoring configuration settings (auth failure) In-Reply-To: References: Message-ID: On Mon, Mar 31, 2014 at 6:29 PM, Joseph Tam wrote: > Jeffrey Walton writes: > >> I specified the following in my dovecot.conf. >> >> >> passdb { >> args = /var/mail/%d/users >> driver = passwd-file >> } >> >> Attempts to use the configuration result in an authentication failure. >> Here's an entry from dovecot.log when the failure happens: >> >> Mar 31 16:04:12 imap-login: Info: Disconnected (auth failed, 1 >> attempts in 5 secs): user=, method=PLAIN, rip=127.0.0.1, >> lip=127.0.1.1, secured, session= > > Just to confirm, your specified in the passdb corresponds to what > is being authenticated (i.e. client is authenticating as "jeff at foo.com", > not "jeff")? Otherwise, you'll need to add domains to your passdb, > or configure "username_format=%n" Yes, I believe so: $ sudo cat /var/mail/foo.com/users # Generate passwords with: # doveadm pw -s PLAIN -p # Real users tad at foo.com:{PLAIN}some-password jeff at foo.com:{PLAIN}some-password In case it matters, here are the Postfix settings (but they should not apply since this is an IMAP exercise): $ sudo cat /etc/postfix/mailboxes # Real users tad at foo.com foo.com/tad/ jeff at foo.com foo.com/jeff/ Its compiled with `postmap`: postmap /etc/postfix/mailboxes And then specified in `main.cf` with: virtual_mailbox_maps = hash:/etc/postfix/mailboxes And my two domains are handled similarly in `domains`. Jeff From jtam.home at gmail.com Tue Apr 1 02:28:15 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 31 Mar 2014 19:28:15 -0700 (PDT) Subject: [Dovecot] Dovecot not honoring configuration settings (auth failure) In-Reply-To: References: Message-ID: On Mon, 31 Mar 2014, Jeffrey Walton wrote: >> Just to confirm, your specified in the passdb corresponds to what >> is being authenticated (i.e. client is authenticating as "jeff at foo.com", >> not "jeff")? Otherwise, you'll need to add domains to your passdb, >> or configure "username_format=%n" > Yes, I believe so: > > $ sudo cat /var/mail/foo.com/users > # Generate passwords with: > # doveadm pw -s PLAIN -p > > # Real users > tad at foo.com:{PLAIN}some-password > jeff at foo.com:{PLAIN}some-password OK, I guess the next step is to see whether the dovecot auth process is able to read the passdb file. Does your dovecot auth process have enough authorization to get/read to these files (check what dovecot/auth runs as versus the file permissions of your passdb)? "doveadm user jeff at foo.com" checks the userdb, and if it coincides with your passdb, might point out a problem. Tracing the auth process might also help. Joseph Tam From dwain.blazej at gmail.com Tue Apr 1 06:56:23 2014 From: dwain.blazej at gmail.com (Dwain Blazej) Date: Mon, 31 Mar 2014 23:56:23 -0700 Subject: [Dovecot] [Bug] doveadm pw Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied In-Reply-To: <533743D9.3010904@thelounge.net> References: <533743D9.3010904@thelounge.net> Message-ID: I'm writing some code for Posty, a Postfix and Dovecot Administration App. One way to support all of dovecot's password hashes is to have "dovecot pw" do the work, however I don't want to run the web facing Posty as root or the same user as Dovecot. Is the output of "dovecot pw" is effected by the contents of the configuration files? What in the configuration file does "dovecot pw" require to operate? I personally care about SHA512-crypt support, so I just called an outside library to generate the hash. However, others might want to use a different scheme, or Dovecot might not have support for SHA512-crypt on other systems (I think Mac OS X is an example). Hence the elegance of using dovecot pw to do all the work. If a normal user can call dovecot pw, then I'll add back in that code. On Sat, Mar 29, 2014 at 3:06 PM, Reindl Harald wrote: > > > Am 29.03.2014 22:51, schrieb Dwain Blazej: > > dovecot --version => 2.1.7 > > > > When I as a normal user the command: > > > > doveadm pw -s sha512-crypt -p example_password > > > > the command exit with return code 89 and the message > > > > doveconf: Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission > denied > > > > If I make Dovecot's configuration files world readable the error goes > away > > what about calling administrative commands not as normal user? > > > Please remove configuration file dependencies from "doveadm pw" > > and how is it supposed to work without the configuration? > > how do you come to the conclusion that a command called "doveadm" > is supposed to be started as non-admin? > > > From bourek at thinline.cz Tue Apr 1 08:08:00 2014 From: bourek at thinline.cz (=?UTF-8?B?SmnFmcOtIEJvdXJlaw==?=) Date: Tue, 01 Apr 2014 10:08:00 +0200 Subject: [Dovecot] Specifying passwd-file with virtual domains? In-Reply-To: References: Message-ID: <533A73E0.9060705@thinline.cz> On 03/31/2014 10:13 PM, Jeffrey Walton wrote: > I'm trying to use virtual domains and I'm suffering a disconnect. > > I have two domains - foo.com and bar.com. On the filesystem, they are > located at /var/mail/foo.com/ and /var/mail/bar.com/. Users are > located at /var/mail/foo.com/john/, /var/mail/bar.com/jane/, etc. > > There are two password files with : entries. > The scheme is {PLAIN}. They are located at /var/mail/foo.com/users and > /var/mail/bar.com/users. According to the wiki, these are passwd-file > databases (http://wiki2.dovecot.org/AuthDatabase/PasswdFile). > > I specified the following in my dovecot.conf. > > passdb { > args = /var/mail/%d/users > driver = passwd-file > } > > Attempts to use the configuration result in an authentication failure. > Here's an entry from dovecot.log when the failure happens: > > Mar 31 16:04:12 imap-login: Info: Disconnected (auth failed, 1 > attempts in 5 secs): user=, method=PLAIN, rip=127.0.0.1, > lip=127.0.1.1, secured, session= > Did you try setting auth_verbose = yes ? From bourek at thinline.cz Tue Apr 1 08:37:50 2014 From: bourek at thinline.cz (=?UTF-8?B?SmnFmcOtIEJvdXJlaw==?=) Date: Tue, 01 Apr 2014 10:37:50 +0200 Subject: [Dovecot] [Bug] doveadm pw Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied In-Reply-To: References: <533743D9.3010904@thelounge.net> Message-ID: <533A7ADE.2070407@thinline.cz> On 04/01/2014 08:56 AM, Dwain Blazej wrote: > I'm writing some code for Posty, a Postfix and Dovecot Administration App. > One way to support all of dovecot's password hashes is to have "dovecot pw" > do the work, however I don't want to run the web facing Posty as root or > the same user as Dovecot. > > Is the output of "dovecot pw" is effected by the contents of the > configuration files? What in the configuration file does "dovecot pw" > require to operate? > > I personally care about SHA512-crypt support, so I just called an outside > library to generate the hash. However, others might want to use a different > scheme, or Dovecot might not have support for SHA512-crypt on other systems > (I think Mac OS X is an example). Hence the elegance of using dovecot pw > to do all the work. If a normal user can call dovecot pw, then I'll add > back in that code. > Well if you're using an external library for one scheme, you may just as well use your own code for other schemes. For example: require 'digest' require 'base64' hash = '{SSHA512.b64}' + Base64.strict_encode64( Digest::SHA512.digest("#{secret}#{salt}") + salt ) IMO there's no need to call external program for this. From bourek at thinline.cz Tue Apr 1 08:48:15 2014 From: bourek at thinline.cz (=?UTF-8?B?SmnFmcOtIEJvdXJlaw==?=) Date: Tue, 01 Apr 2014 10:48:15 +0200 Subject: [Dovecot] Deduplicate not processing all messages - bug? In-Reply-To: <5335A593.5080305@thinline.cz> References: <5335A593.5080305@thinline.cz> Message-ID: <533A7D4F.4020407@thinline.cz> Judging from lack of replies I guess either not many people use the feature, or it's supposed to work this way. After a bit of more research I realized repeated calls of doveadm deduplicate won't be very reliable - the cycle is prone to be interrupted prematurely in a busy mailbox (if deduplicate removes x messages and x new messages arrive into the mailbox, it seems like nothing was done and the cycle interrupts.) Solving this requires to know more details about the contents of the mailbox, which leads to avoiding deduplicate altogether. I'm thinking along the lines of using doveadm fetch to get guid, date.saved, mailbox-guid and uid fields - find duplicates in guid, preserve the message with oldes date.saved, doveadm expunge the rest using mailbox-guid and uid. I'll probably be duplicating most of doveadm deduplicate, but in the end it should prove more reliable. Just my 2 cents in case someone else runs into this issue. Jiri Bourek wrote: > Hello, > > I'm trying to create automated backup recovery using "doveadm import" > and "doveadm deduplicate". During testing I noticed that deduplicate > only deletes some duplicates and has to be called multiple times to find > them all. Here's what I've been trying (in shell commands): > > First, expunge inbox (the end result is the same even if you delete only > some messages): > > # doveadm expunge -u test mailbox inbox all > # ls /home/mailboxes/test/cur | wc -l > 0 > > Then import data from backup - twice, so duplicates are created (again, > if you don't delete all messages and call import only once, resulting > behaviour is the same.) > > # doveadm import -u test maildir:/home/test "" mailbox INBOX > # doveadm import -u test maildir:/home/test "" mailbox INBOX > # ls /home/mailboxes/test/cur | wc -l > 1046 > > Then try to deduplicate > > # doveadm deduplicate -u test mailbox INBOX > # ls /home/mailboxes/test/cur | wc -l > 1040 > > And again > > # doveadm deduplicate -u test mailbox INBOX > # ls /home/mailboxes/test/cur | wc -l > 1029 > > And so on until the message count holds on 523 > > Each repetition removes 10 - 30 duplicates so eventually all duplicates > are removed if "doveadm deduplicate" is called enough times in a row. I > also noticed that when I repeat the test, import the backup again and > call deduplicate, the steps - how many messages are removed at one time > - are the same. That is I start with 1046 messages in the mailbox, after > first run there's 1040, then 1029 and so on. My guess would be the > behaviour depends on what is stored in the mailbox, but that's pretty > much all I can figure out on my own at this time. > > My question is - is this intended behaviour, ie. are you supposed to run > doveadm deduplicate as long as the number of messages in the mailbox > keeps changing? Or is it a bug? Tried to Google for the answer but no > luck, so thanks for any answers. > > Tested on Dovecot version 2.2.9 and 2.2.12 (both from Debian repositories.) From tobi at oetiker.ch Tue Apr 1 10:09:19 2014 From: tobi at oetiker.ch (Tobias Oetiker) Date: Tue, 1 Apr 2014 12:09:19 +0200 (CEST) Subject: [Dovecot] BUG dovecot and nginx Message-ID: we have setup a two level proxy configuration for our zimbra server: [ dovecot 2.2.12 (imap proxy mode) ] V [ nginx (imap proxy mode) ] V [ zimbra imap server] and it does not work ... after tying a login, the connection just hangs and ends after 30 seconds with a timeout. - if I try again rightaway in the same dovecot connection, the login goes though without trouble. - looking at this with tshark I can see that on the second attempt, there is no capabilities query, dovecot just goes ahead and connects. if we drop nginx from the setup all is well also (login works directly as expected) - investigating the traffic differences between the setups with and without nginx, we find that for some reason dovecot does not react to the capabily answer from nginx. while it seems to happily accept the same answer when it is coming from zimbra directly. - the only difference I can see on the wire is that nginx is much quicker (2.5ms) in responding than the zimbra (25ms) server and that the position of the STARTTLS and SASL=PLAIN capabilities in the capability answer differs between the two. any ideas ? cheers tobi -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland www.oetiker.ch tobi at oetiker.ch +41 62 775 9902 *** We are hiring IT staff: www.oetiker.ch/jobs *** From CMarcus at Media-Brokers.com Tue Apr 1 10:22:51 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 01 Apr 2014 06:22:51 -0400 Subject: [Dovecot] Dovecot not honoring configuration settings (auth failure) In-Reply-To: References: <5339E09D.3000407@thelounge.net> Message-ID: <533A937B.1080907@Media-Brokers.com> On 3/31/2014 5:47 PM, Jeffrey Walton wrote: > On Mon, Mar 31, 2014 at 5:39 PM, Reindl Harald wrote: >> >and the settings are*really* in /etc/dovecot/dovecot.conf >> >or in some ".d"-folder which may or may not be included? > I believe they are in /etc/dovecot/dovecot.conf: > > # cat /etc/dovecot/dovecot.conf | grep -i auth_ > auth_mechanisms = plain login digest-md5 cram-md5 > #auth_proxy_self = Jeffrey, What you are missing is that there is a very good reason that ONLY the output of doveconf -n is wanted here... It proves that you are using the settings you think you are using. simply cat'ing the contents of a file that you areediting is not good enough. Like postconf -n in postfix, doveconf -n dumps the output of the config that the running version of dovecot is qactually using. This shines the light on obvious errors, like when you are editing a config file that is NOT being used. This is a common mistake, especially in distributions that put things in non-standard places. So, what is output of doveconf -n? And postconf -n (if needed)? -- Best regards, Charles From skdovecot at smail.inf.fh-brs.de Tue Apr 1 10:29:53 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 1 Apr 2014 12:29:53 +0200 (CEST) Subject: [Dovecot] Connection refused userdb lookup ..dovecot/auth-userdb In-Reply-To: References: <831C5383-75E3-46C6-8689-0118BD26D680@gmail.com> <53216498.41af0e0a.6c31.ffff86d1SMTPIN_ADDED_BROKEN@mx.google.com> <532FE88B.1020302@whyscream.net> <53308EE6.4050904@Media-Brokers.com> <53316562.6020709@Media-Brokers.com> <5332B398.2060400@Media-Brokers.com> <5333A626.8020700@whyscream.net> <53390cee.8566cc0a.72ad.ffffdba4SMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 1 Apr 2014, Simon wrote: > On Mon, Mar 31, 2014 at 7:37 PM, Steffen Kaiser < > skdovecot at smail.inf.fh-brs.de> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> On Mon, 31 Mar 2014, Simon wrote: >> >> On 3/24/2014 7:10 PM, Simon wrote: >>>>>>> >>>>>>>> Mar 13 09:55:44 vmail1 dovecot: lda: Error: userdb lookup: >>>>>>>> connect(/usr/local/dovecot/var/run/dovecot/auth-userdb) >>>>>>>> failed: Connection refused >> What's the output of: >> >> lsof -c dovecot|grep auth-userdb >> > [root at vmail1 ~]# lsof -c dovecot|grep auth-userdb > dovecot 3147 root 38u unix 0xffff88004fce0680 0t0 24739 > /var/run/dovecot/auth-userdb Dovecot is configured to use /var/run/dovecot/auth-userdb whereas your LDA uses /usr/local/dovecot/var/run/dovecot/auth-userdb . You do not have symlinks to merge both locations, do you? Check, why the Dovecot LDA is using another config file. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUzqVIXD1/YhP6VMHAQIX2QgAwGD/QNlVWfCdVUQk1u6WLaWyI5fvea+B X4snbyMTSg3z8kM0zUW0oooRoiTPNPvHowIiFXauEcoGxIbGbkSLuL8o1m3//WhT roAIYRvl/LgExqkZYe+rPCXkXiBcwAF4t59i5RYR6V4l80EEEUzo3CXRjGV2hDu6 2Inc6MSIVWluxTQESgEw4HC8Mhb4piyYdnXZfOKpGuxIVfqjNusnfgdKvoOkpe9S UUw7wWDM8jISJ3PxYVDLqUIZi3iNmFeREUa7ufVhIWdADWqTSVPjOH1pbJh1PshZ F6GX/4UAqEs0caGqg+s50jGW0Ma79AeJXh7bzsXuidao9tFPe0IveQ== =EFHa -----END PGP SIGNATURE----- From CMarcus at Media-Brokers.com Tue Apr 1 10:33:34 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 01 Apr 2014 06:33:34 -0400 Subject: [Dovecot] Dovecot not honoring configuration settings (auth failure) In-Reply-To: References: Message-ID: <533A95FE.8020505@Media-Brokers.com> On 3/31/2014 5:37 PM, Jeffrey Walton wrote: > My dovecot.conf has the following: You still have yet to prove this (doveconf -n output). > # No results when searching the wiki > disable_plaintext_auth = no Then you are searching the wiki wrong. After entering the parameter in the searchbox (obviously you should not add the '=no' part), did you click 'Titles'? Or 'Text'? Or did you just hit [enter]? You have to click the 'Text' button (to the right of the searchbox) to search the article CONTENT. Just hitting [Enter] results in a simple 'Titles' search, which only searches the wiki article Titles. Personally I don't like this. I think the default should be to search content. > #http://wiki2.dovecot.org/Authentication/Mechanisms > auth_mechanisms = plain login digest-md5 cram-md5 > > When I attempt to run imapsync, I receive an error: > > Host2: says it has NO CAPABILITY for AUTHENTICATE LOGIN > > imapsync also dumps the helo string, and it is missing: > > Host2: * OK [CAPABILITY IMAP4rev1 LITERAL+ ... STARTTLS > AUTH=PLAIN] Dovecot ready. > > I've restarted the dovecot service with 'service dovecot restart' and > even rebooted the machine. > > There is nothing reported in any on the log files > (/var/mail/dovecot.log and /var/log/mail.). Then you are looking at the wrong log files. > Any ideas why dovecot is not honoring the setting in its config file? Best guess is you are not using the config file you think you are using. What distro is this? -- Best regards, Charles From noloader at gmail.com Tue Apr 1 10:34:03 2014 From: noloader at gmail.com (Jeffrey Walton) Date: Tue, 1 Apr 2014 06:34:03 -0400 Subject: [Dovecot] Dovecot not honoring configuration settings (auth failure) In-Reply-To: <533A937B.1080907@Media-Brokers.com> References: <5339E09D.3000407@thelounge.net> <533A937B.1080907@Media-Brokers.com> Message-ID: On Tue, Apr 1, 2014 at 6:22 AM, Charles Marcus wrote: > ... > > What you are missing is that there is a very good reason that ONLY the > output of doveconf -n is wanted here... > > It proves that you are using the settings you think you are using. > # doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.4 disable_plaintext_auth = no log_path = /var/log/dovecot.log mail_location = mbox:~/mail:INBOX=/var/mail/%u namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /var/mail/%d/users driver = passwd-file } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap pop3" ssl_cert = References: <5339E09D.3000407@thelounge.net> <533A937B.1080907@Media-Brokers.com> Message-ID: <533A9878.5030302@Media-Brokers.com> On 4/1/2014 6:34 AM, Jeffrey Walton wrote: > On Tue, Apr 1, 2014 at 6:22 AM, Charles Marcus > wrote: >> ... >> >> What you are missing is that there is a very good reason that ONLY the >> output of doveconf -n is wanted here... >> >> It proves that you are using the settings you think you are using. >> > # doveconf -n > # 2.1.7: /etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-4-686-pae i686 Debian 7.4 > disable_plaintext_auth = no So... where is auth_mechanisms? You said you had it set to auth_mechanisms = plain login digest-md5 cram-md5 Fix this and try again... -- Best regards, Charles From h.reindl at thelounge.net Tue Apr 1 10:47:25 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 01 Apr 2014 12:47:25 +0200 Subject: [Dovecot] Dovecot not honoring configuration settings (auth failure) In-Reply-To: <533A937B.1080907@Media-Brokers.com> References: <5339E09D.3000407@thelounge.net> <533A937B.1080907@Media-Brokers.com> Message-ID: <533A993D.6010705@thelounge.net> Am 01.04.2014 12:22, schrieb Charles Marcus: > On 3/31/2014 5:47 PM, Jeffrey Walton wrote: >> On Mon, Mar 31, 2014 at 5:39 PM, Reindl Harald wrote: >>> >and the settings are*really* in /etc/dovecot/dovecot.conf >>> >or in some ".d"-folder which may or may not be included? >> I believe they are in /etc/dovecot/dovecot.conf: >> >> # cat /etc/dovecot/dovecot.conf | grep -i auth_ >> auth_mechanisms = plain login digest-md5 cram-md5 >> #auth_proxy_self = > > What you are missing is that there is a very good reason that ONLY > the output of doveconf -n is wanted here... if you would really follow the thread you whould have noticed that he did that already and i asked for the complete config file because: * the mentioned one is clearly stated by doveconf -n * the values in question are not displayed in the output Am 01.04.2014 12:44, schrieb Charles Marcus: > So... where is auth_mechanisms? You said you had it set to > > auth_mechanisms = plain login digest-md5 cram-md5 > > Fix this and try again.. and *that* is why i asked for the complete config yesterday because 2.1.7: /etc/dovecot/dovecot.conf is stated as config file and the value in question is not listed -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From noloader at gmail.com Tue Apr 1 10:56:14 2014 From: noloader at gmail.com (Jeffrey Walton) Date: Tue, 1 Apr 2014 06:56:14 -0400 Subject: [Dovecot] Dovecot not honoring configuration settings (auth failure) In-Reply-To: <533A9878.5030302@Media-Brokers.com> References: <5339E09D.3000407@thelounge.net> <533A937B.1080907@Media-Brokers.com> <533A9878.5030302@Media-Brokers.com> Message-ID: On Tue, Apr 1, 2014 at 6:44 AM, Charles Marcus wrote: > On 4/1/2014 6:34 AM, Jeffrey Walton wrote: >> >> On Tue, Apr 1, 2014 at 6:22 AM, Charles Marcus >> wrote: >>> >>> ... >>> >>> What you are missing is that there is a very good reason that ONLY the >>> output of doveconf -n is wanted here... >>> >>> It proves that you are using the settings you think you are using. >>> >> # doveconf -n >> # 2.1.7: /etc/dovecot/dovecot.conf >> # OS: Linux 3.2.0-4-686-pae i686 Debian 7.4 >> disable_plaintext_auth = no > > > So... where is auth_mechanisms? You said you had it set to # doveconf -n | head -1 # 2.1.7: /etc/dovecot/dovecot.conf # cat /etc/dovecot/dovecot.conf | grep -i auth_ auth_mechanisms = plain login digest-md5 cram-md5 #auth_proxy_self = Obviously, I don't know how. That's the file that conf dovecot claims it is using. It you know how to find out the conf file dovecot is *really* using, then please let me know. Jeff From CMarcus at Media-Brokers.com Tue Apr 1 11:09:25 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 01 Apr 2014 07:09:25 -0400 Subject: [Dovecot] Dovecot not honoring configuration settings (auth failure) In-Reply-To: References: <5339E09D.3000407@thelounge.net> <533A937B.1080907@Media-Brokers.com> <533A9878.5030302@Media-Brokers.com> Message-ID: <533A9E65.5090906@Media-Brokers.com> On 4/1/2014 6:56 AM, Jeffrey Walton wrote: > Obviously, I don't know how. That's the file that conf dovecot claims > it is using. It you know how to find out the conf file dovecot is > *really* using, then please let me know. First read this: http://wiki2.dovecot.org/BasicConfiguration Especially this part: "The default configuration starts from dovecot.conf, which contains an !include conf.d/*.conf statement to read the rest of the configuration. This split of configuration files isn't a requirement to use, and it doesn't really matter which .conf file you add any particular setting, just as long as it isn't overridden in another file. You can verify with doveconf -n that everything looks as you intended." If you want all settings in a single config file, you need to tell dovecot this. If you don't, then the last settings that are applied, based on the order these split config files (in conf.d) are read (the number prefix determines the order) win. Personally, I put all of mine in /etc/dovecot/conf.d/99-mysettings.conf The 99- prefix makes sure that these settings get applied plast. Also, you never answered my last question - what distro? Some distros put config files in different (non-standard) places, and/or enable chroot by default, complicating things for their users (although it is fully documented, so users who encounter problems because of this do so because they didn't rtfm well enough)... -- Best regards, Charles From CMarcus at Media-Brokers.com Tue Apr 1 11:11:44 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 01 Apr 2014 07:11:44 -0400 Subject: [Dovecot] Dovecot not honoring configuration settings (auth failure) In-Reply-To: <533A937B.1080907@Media-Brokers.com> References: <5339E09D.3000407@thelounge.net> <533A937B.1080907@Media-Brokers.com> Message-ID: <533A9EF0.5030908@Media-Brokers.com> On 4/1/2014 6:22 AM, Charles Marcus wrote: > > What you are missing is that there is a very good reason that ONLY the > output of doveconf -n is wanted here... Apologies Jeffrey, I didn't see your doveconf -n at the end, guess I got distracted by someone else's nonsense... -- Best regards, Charles From noloader at gmail.com Tue Apr 1 11:22:07 2014 From: noloader at gmail.com (Jeffrey Walton) Date: Tue, 1 Apr 2014 07:22:07 -0400 Subject: [Dovecot] Book on Postfix/Dovecot or Postfix/Dovecot/Clam/Spam Assassin? Message-ID: I'm looking for a book on Postfix/Dovecot or Postfix/Dovecot/Clam/Spam Assassin The blog posts and the mini-HowTo's I am reading lack the detail to be useful to me (due to my own ignorance). Amazon does not list any books for sale. There are some hits when searching for Dovecot, but I expect them to be one section with the quality of a blog post or mini-HowTo. (I have two books on Red Hat and Fedora administration, and the discussions don't meet the quality of a blog post). Does anyone know of a book on Postfix/Dovecot or Postfix/Dovecot/Clam/Spam Assassin? If there are no books with a structured treatment, then O'Reilly is always looking for authors: http://oreilly.com/oreilly/author/intro.csp. From rs at sys4.de Tue Apr 1 11:37:56 2014 From: rs at sys4.de (Robert Schetterer) Date: Tue, 01 Apr 2014 13:37:56 +0200 Subject: [Dovecot] Book on Postfix/Dovecot or Postfix/Dovecot/Clam/Spam Assassin? In-Reply-To: References: Message-ID: <533AA514.6080002@sys4.de> Am 01.04.2014 13:22, schrieb Jeffrey Walton: > I'm looking for a book on Postfix/Dovecot or Postfix/Dovecot/Clam/Spam Assassin > > The blog posts and the mini-HowTo's I am reading lack the detail to be > useful to me (due to my own ignorance). > > Amazon does not list any books for sale. There are some hits when > searching for Dovecot, but I expect them to be one section with the > quality of a blog post or mini-HowTo. (I have two books on Red Hat and > Fedora administration, and the discussions don't meet the quality of a > blog post). > > Does anyone know of a book on Postfix/Dovecot or > Postfix/Dovecot/Clam/Spam Assassin? > > If there are no books with a structured treatment, then O'Reilly is > always looking for authors: > http://oreilly.com/oreilly/author/intro.csp. > the problem of books, they are outdated quickly also they may specialized with one software only however you may read basics there perhaps study https://www.exratione.com/2012/05/a-mailserver-on-ubuntu-1204-postfix-dovecot-mysql/ for a more ultimate setup description however you may have a look at http://www.amazon.co.uk/Book-Postfix-Ralf-Hildebrandt/dp/1593270011/ref=sr_1_2?s=books&ie=UTF8&qid=1396352179&sr=1-2&keywords=postfix Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From noloader at gmail.com Tue Apr 1 11:55:29 2014 From: noloader at gmail.com (Jeffrey Walton) Date: Tue, 1 Apr 2014 07:55:29 -0400 Subject: [Dovecot] Book on Postfix/Dovecot or Postfix/Dovecot/Clam/Spam Assassin? In-Reply-To: <533AA514.6080002@sys4.de> References: <533AA514.6080002@sys4.de> Message-ID: On Tue, Apr 1, 2014 at 7:37 AM, Robert Schetterer wrote: > Am 01.04.2014 13:22, schrieb Jeffrey Walton: >> ... >> Does anyone know of a book on Postfix/Dovecot or >> Postfix/Dovecot/Clam/Spam Assassin? >> >> If there are no books with a structured treatment, then O'Reilly is >> always looking for authors: >> http://oreilly.com/oreilly/author/intro.csp. >> > > the problem of books, they are outdated quickly > also they may specialized with one software only > however you may read basics there Yes. O'Reilly's eBook attempts to address the issue with frequent updates published electronically. (Though I personally have a taste for paper). > https://www.exratione.com/2012/05/a-mailserver-on-ubuntu-1204-postfix-dovecot-mysql/ > > for a more ultimate setup description > > however you may have a look at > > http://www.amazon.co.uk/Book-Postfix-Ralf-Hildebrandt/dp/1593270011/ref=sr_1_2?s=books&ie=UTF8&qid=1396352179&sr=1-2&keywords=postfix > Thank you very much. Jeff From skdovecot at smail.inf.fh-brs.de Tue Apr 1 12:30:29 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 1 Apr 2014 14:30:29 +0200 (CEST) Subject: [Dovecot] current config: doveconf -n vs. postconf -n In-Reply-To: <533A937B.1080907@Media-Brokers.com> References: <5339E09D.3000407@thelounge.net> <533A937B.1080907@Media-Brokers.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 1 Apr 2014, Charles Marcus wrote: > It proves that you are using the settings you think you are using. > simply cat'ing the contents of a file that you areediting is not good enough. No question about that. I do not want to argue against doveconf -n, but > Like postconf -n in postfix, doveconf -n dumps the output of the config that > the running version of dovecot is qactually using. "the running version of dovecot is actually using" seems to be wrong - as I interprete the phrase. If I change the config when Dovecot v2.2.10 runs, doveconf -n does not show the config of the _running_ Dovecot, but the config that will be used after reload. My steps are: 1) make sure Dovecot runs 2) add a non-existing item to mail_plugins 3) login -> success 4) doveconf -n shows modified config 5) doveadm reload 6) login -> fails I do not know if postconf -n behaves the same. I just wanted to point that out. It seems that one has to also request that everybody does a reload, too. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUzqxZXD1/YhP6VMHAQKsCwf6A74puuAQiTafzf4agVj45ZPMcKghmfwh 6CEERoSw6VSZ31WLXZ3wcL/58wiReG234gz+uec0Lhn69Tp/lJmCkUX4JJ/a0j2C 4sGs2aaDqy040jJlLNWD87GurCPvOUAal8WiTvurkQJPqUgMDmIeuIQaaMu/qPGi QMJ+rvHzBPKeWZyORbcKHnjcsnh/VJiRXmo3ISoLoSoL8M7EfGOXEzBYATv58SGK CFdXLlIiK6vQhTLJx+lyyqfnGsGmMNb/NMwLVl8Kkv/1NsZCdHhVJM28fPqJp5Uo lq6r1euUc/IqssVVj7adiLqdr/mEifQMLl08Vj2+kUVKjddTVER2Pw== =65nT -----END PGP SIGNATURE----- From delrio at mie.utoronto.ca Tue Apr 1 13:48:24 2014 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Tue, 01 Apr 2014 09:48:24 -0400 Subject: [Dovecot] Dovecot not honoring configuration settings (auth failure) In-Reply-To: References: <5339E09D.3000407@thelounge.net> <533A937B.1080907@Media-Brokers.com> <533A9878.5030302@Media-Brokers.com> Message-ID: <533AC3A8.1090006@mie.utoronto.ca> On 04/ 1/14 06:56 AM, Jeffrey Walton wrote: > On Tue, Apr 1, 2014 at 6:44 AM, Charles Marcus > wrote: >> On 4/1/2014 6:34 AM, Jeffrey Walton wrote: >>> On Tue, Apr 1, 2014 at 6:22 AM, Charles Marcus >>> wrote: >>>> ... >>>> >>>> What you are missing is that there is a very good reason that ONLY the >>>> output of doveconf -n is wanted here... >>>> >>>> It proves that you are using the settings you think you are using. >>>> >>> # doveconf -n >>> # 2.1.7: /etc/dovecot/dovecot.conf >>> # OS: Linux 3.2.0-4-686-pae i686 Debian 7.4 >>> disable_plaintext_auth = no >> >> So... where is auth_mechanisms? You said you had it set to > # doveconf -n | head -1 > # 2.1.7: /etc/dovecot/dovecot.conf Check ALL actual settings: # doveconf -a | grep mechanisms auth_mechanisms = plain login ...... I guess yours is missing "login" and using only "auth", as the default (hence not showing in "doveconf -n"). You should still be able to use imapsync with --authmech1 PLAIN --authmech2 PLAIN From tobi at oetiker.ch Tue Apr 1 14:49:58 2014 From: tobi at oetiker.ch (Tobias Oetiker) Date: Tue, 1 Apr 2014 16:49:58 +0200 (CEST) Subject: [Dovecot] how to enable debugging in imapc Message-ID: Hi Net, How can I enable debug messages in the imap-proxy client? Trying to figure why the imap-proxy mode does not work towards ngnix. specifically, how can i set conn->client->set.debug in ./src/lib-imap-client/imapc-connection.c cheers tobi -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland www.oetiker.ch tobi at oetiker.ch +41 62 775 9902 *** We are hiring IT staff: www.oetiker.ch/jobs *** From ju at netzwerklabor.at Tue Apr 1 14:54:31 2014 From: ju at netzwerklabor.at (Jutta Zalud) Date: Tue, 01 Apr 2014 16:54:31 +0200 Subject: [Dovecot] Book on Postfix/Dovecot or Postfix/Dovecot/Clam/Spam Assassin? In-Reply-To: References: Message-ID: <533AD327.4040607@netzwerklabor.at> Am 01.04.2014 13:22, schrieb Jeffrey Walton: > I'm looking for a book on Postfix/Dovecot or Postfix/Dovecot/Clam/Spam Assassin I can recommend the books by Peer Heinlein http://www.opensourcepress.de/de/produkte/Das-Postfix-Buch/434/978-3-941841-00-0 http://www.opensourcepress.de/de/produkte/Dovecot/13569/978-3-95539-075-4 The Dovecot-Book was just published 2 weeks ago. Both books are in German, but I know that his other IMAP-Server book (about Cyrus and Courier) has been translated into English. Maybe the new books will be translated, too. Peer Heinlein can be reached via http://www.heinlein-support.de/kontakt HTH, jutta From jtam.home at gmail.com Wed Apr 2 00:19:50 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Tue, 1 Apr 2014 17:19:50 -0700 (PDT) Subject: [Dovecot] Dovecot not honoring configuration settings (auth failure) In-Reply-To: References: Message-ID: Jeffrey Walton writes: > passdb { > args = /var/mail/%d/users > driver = passwd-file > } > ... > userdb { > driver = passwd > } Your userdb and passdb are not using the same DB: did you intend this? Does the userdb have "user at domain" entries, rather than just "user" entries? The diagnostics I referred to in my last post would have been helpful here. > # postconf -n If you're having problems authenticating to the IMAP service, then you ought to concentrate on that problem: it's likely your LDA problem is dependent on that solution. Joseph Tam From noloader at gmail.com Wed Apr 2 01:40:23 2014 From: noloader at gmail.com (Jeffrey Walton) Date: Tue, 1 Apr 2014 21:40:23 -0400 Subject: [Dovecot] Dovecot not honoring configuration settings (auth failure) In-Reply-To: References: Message-ID: On Tue, Apr 1, 2014 at 8:19 PM, Joseph Tam wrote: > Jeffrey Walton writes: > >> passdb { >> args = /var/mail/%d/users >> driver = passwd-file >> } >> ... >> userdb { >> driver = passwd >> } > > > Your userdb and passdb are not using the same DB: did you intend this? Yeah, I did not add that. That's coming from somewhere else (like the auth_mechanisms). I think Charles said it was a config file in a different directory. I'll be looking at in more detail soon. I suspect it one of these two lines from dovecot.conf: !include conf.d/*.conf or !include_try local.conf Related: what does the bang mean? I've got a programming background, and to me its a NOT. So I would read that as "don't include conf.d/...". It would have the same effect as commenting it out. > Does the userdb have "user at domain" entries, rather than just "user" > entries? user at domain I just performed a fresh install of Debian, so I can look at things without all the tutorial knob turning. Thanks for the help. From jtam.home at gmail.com Wed Apr 2 02:07:59 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Tue, 1 Apr 2014 19:07:59 -0700 (PDT) Subject: [Dovecot] Dovecot not honoring configuration settings (auth failure) In-Reply-To: References: Message-ID: On Tue, 1 Apr 2014, Jeffrey Walton wrote: > Related: what does the bang mean? I've got a programming background, > and to me its a NOT. So I would read that as "don't include > conf.d/...". It would have the same effect as commenting it out. I guess it's the semi-arbitray syntax Timo chose for the include directive. Maybe it came from the bang syntax for Unix scripts. Joseph Tam From noloader at gmail.com Wed Apr 2 03:36:16 2014 From: noloader at gmail.com (Jeffrey Walton) Date: Tue, 1 Apr 2014 23:36:16 -0400 Subject: [Dovecot] Info on Config Sharing or Unfied Config? Message-ID: Is there a wiki page or other resource on configuration sharing between Postfix and Dovecot? Or is there a unified config file somewhere that I can use for mail components (like Postfix, Dovecot, Clam, and Spam Assassin)? I'm finding that I need to add the same information in multiple places. For example, Postfix users go in /etc/postif/vmailboxes, but Dovecot uses a user/password database stored in /var/mail/%d/%u (or other methods). And the same certificates and keys get entered multiple times. I think (or hope) there's something better, but I have not come across the resource. From philipp at devh.de Wed Apr 2 06:52:33 2014 From: philipp at devh.de (Philipp Resch) Date: Wed, 02 Apr 2014 08:52:33 +0200 Subject: [Dovecot] Info on Config Sharing or Unfied Config? In-Reply-To: References: Message-ID: <533BB3B1.5090108@devh.de> Hi, I'm using a mySql database as authentification backend which can easily be shared between Dovecot and Postfix. In addition to that there is a nice webfrontend to administrate your environment: http://postfixadmin.sourceforge.net/ You can find configuration examples in the package. Cheers, Philipp Am 02.04.2014 05:36, schrieb Jeffrey Walton: > Is there a wiki page or other resource on configuration sharing > between Postfix and Dovecot? Or is there a unified config file > somewhere that I can use for mail components (like Postfix, Dovecot, > Clam, and Spam Assassin)? > > I'm finding that I need to add the same information in multiple > places. For example, Postfix users go in /etc/postif/vmailboxes, but > Dovecot uses a user/password database stored in /var/mail/%d/%u (or > other methods). And the same certificates and keys get entered > multiple times. > > I think (or hope) there's something better, but I have not come across > the resource. From teemu.huovila at dovecot.fi Wed Apr 2 07:15:57 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Wed, 02 Apr 2014 10:15:57 +0300 Subject: [Dovecot] how to enable debugging in imapc In-Reply-To: References: Message-ID: <533BB92D.5050502@dovecot.fi> On 04/01/2014 05:49 PM, Tobias Oetiker wrote: > specifically, how can i set > > conn->client->set.debug in ./src/lib-imap-client/imapc-connection.c Set "mail_debug = yes" somewhere in your configuration file(s). Teemu Huovila From jonikula at gmail.com Wed Apr 2 10:27:39 2014 From: jonikula at gmail.com (Jouko Nikula) Date: Wed, 2 Apr 2014 13:27:39 +0300 Subject: [Dovecot] Disable maildir indexing and dovecot-uidlist on LMTP/LDA delivery Message-ID: Hello all, Is there a way to use LMTP (or LDA) so that maildir index and dovecot-uidlist are not updated? My setup is such that mail delivery sees user's maildir as write only. This setup works well when using postfix for mail delivery, but when I try to switch to dovecot LMTP the lmtp process wants to read the dovecot-uidlist and fails on insufficient privileges. Is there a way around this without exposing the maildir and mail home for read access? Regards, Jouko Nikula From tom at whyscream.net Wed Apr 2 14:48:28 2014 From: tom at whyscream.net (Tom Hendrikx) Date: Wed, 02 Apr 2014 16:48:28 +0200 Subject: [Dovecot] Disable maildir indexing and dovecot-uidlist on LMTP/LDA delivery In-Reply-To: References: Message-ID: <533C233C.7020308@whyscream.net> On 04/02/2014 12:27 PM, Jouko Nikula wrote: > Hello all, > > Is there a way to use LMTP (or LDA) so that maildir index and > dovecot-uidlist are not updated? > > My setup is such that mail delivery sees user's maildir as write only. This > setup works well when using postfix for mail delivery, but when I try to > switch to dovecot LMTP the lmtp process wants to read the dovecot-uidlist > and fails on insufficient privileges. Is there a way around this without > exposing the maildir and mail home for read access? > > Regards, > Jouko Nikula > When indexes cannot be updated upon delivery, there is no real benefit in using dovecot's delivery mechanisms. So you could just simply let postfix deliver the messages. Tom From jouko.nikula at iki.fi Wed Apr 2 14:55:32 2014 From: jouko.nikula at iki.fi (Jouko Nikula) Date: Wed, 2 Apr 2014 17:55:32 +0300 Subject: [Dovecot] Disable maildir indexing and dovecot-uidlist on LMTP/LDA delivery In-Reply-To: <533C233C.7020308@whyscream.net> References: <533C233C.7020308@whyscream.net> Message-ID: I would like to use sieve plugin for server side filtering and I've understood that LMTP/LDA is required for this. On Wed, Apr 2, 2014 at 5:48 PM, Tom Hendrikx wrote: > On 04/02/2014 12:27 PM, Jouko Nikula wrote: > > Hello all, > > > > Is there a way to use LMTP (or LDA) so that maildir index and > > dovecot-uidlist are not updated? > > > > My setup is such that mail delivery sees user's maildir as write only. > This > > setup works well when using postfix for mail delivery, but when I try to > > switch to dovecot LMTP the lmtp process wants to read the dovecot-uidlist > > and fails on insufficient privileges. Is there a way around this without > > exposing the maildir and mail home for read access? > > > > Regards, > > Jouko Nikula > > > > When indexes cannot be updated upon delivery, there is no real benefit > in using dovecot's delivery mechanisms. So you could just simply let > postfix deliver the messages. > > Tom > From mkliewe at gmx.de Tue Apr 1 18:34:05 2014 From: mkliewe at gmx.de (Michael Kliewe) Date: Tue, 01 Apr 2014 20:34:05 +0200 Subject: [Dovecot] imap process and indexer-worker crash while creating folders Message-ID: <0Lwoiq-1X6if81Ki8-016QZC@mail.gmx.com> Hi, our dovecot processes sometimes crash when we create new folders. The "imap" process and the "indexer worker" process is crashing. We can reproduce this, we have a java program with multiple threads, and sometimes 2 threads try to create the same folder for the same user, and if both collide, dovecot processes crash. We don't see this happening in the real world if "normal" imap clients are connected, but our special java program trying to create folders in parallel is producing these crashes. Below you can see the log entries and gdb "bt full" output, one for an "imap" process and one for an "indexer worker" process. We are using dovecot 2.2.9, and I did not find anything in the changelog regarding this problem. Does ist make sense to try the newest version 2.2.12? Thanks Michael ================== Apr 1 19:58:28 dovecot01 dovecot: imap(user at domain.de): Panic: file mail-index-transaction-export.c: line 117 (log_append_ext_intro): assertion failed: (intro->ext_id == idx || idx == (uint32_t)-1) Apr 1 19:58:28 dovecot01 dovecot: imap(user at domain.de): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x66ab1) [0x7f0028259ab1] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x66b8e) [0x7f0028259b8e] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f00282153ce] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xb9c72) [0x7f002857ec72] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_index_transaction_export+0x200) [0x7f002857f140] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xb932f) [0x7f002857e32f] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_index_transaction_commit_full+0x9d) [0x7f002857e78d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_index_transaction_commit+0xc) [0x7f002857e82c] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x3e1ea) [0x7f00285031ea] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x3e44c) [0x7f002850344c] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x90a15) [0x7f0028555a15] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_get_metadata+0x95) [0x7f0028542345] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_list_index_sync_name+0x2a4) [0x7f0028556324] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_list_index_sync+0x10a) [0x7f002855694a] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_list_index_refresh+0x9e) [0x7f002855184e] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_list_index_iter_init+0x129) [0x7f0028553169] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_list_iter_init_multiple+0x29) [0x7f0028556ec9] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x93179) [0x7f0028558179] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x91baf) [0x7f0028556baf] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_list_iter_next+0x334) [0x7f00285577c4] -> dovecot/imap [user at domain.de 10.0.121.43 LIST]() [0x40f089] -> dovecot/imap [user at domain.de 10.0.121.43 LIST](cmd_list_full+0x4de) [0x40f8ce] -> dovecot/imap [user at domain.de 10.0.121.43 LIST](command_exec+0x3c) [0x416adc] -> dovecot/imap [user at domain.de 10.0.121.43 LIST]() [0x415b3f] -> dovecot/imap [user at domain.de 10.0.121.43 LIST]() [0x415bf5] -> dovecot/imap [user at domain.de 10.0.121.43 LIST](client_handle_input+0x115) [0x415ef5] -> dovecot/imap [user at domain.de 10.0.121.43 LIST](client_input+0x72) [0x416282] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27) [0x7f0028269a87] Apr 1 19:58:28 dovecot01 dovecot: imap(user at domain.de): Fatal: master: service(imap): child 3928 killed with signal 6 (core dumped) ================== Core was generated by `dovecot/imap'. Program terminated with signal 6, Aborted. #0 0x00007f0027e61f77 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt full #0 0x00007f0027e61f77 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 resultvar = 0 pid = 3928 selftid = 3928 #1 0x00007f0027e655e8 in __GI_abort () at abort.c:90 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {11509168, 0, 139638656126069, 1, 0, 4283381, 139638645923048, 140736983670273, 0, 11764224, 139638656153381, 0, 139638646863616, 139638652804256, 11513608, 140736983669916}}, sa_flags = 4096, sa_restorer = 0x7f0027e79134 } sigs = {__val = {32, 0 }} #2 0x00007f0028259ad8 in default_fatal_finish (type=, status=status at entry=0) at failures.c:192 backtrace = 0xaf9eb8 "/usr/local/lib/dovecot/libdovecot.so.0(+0x66ab1) [0x7f0028259ab1] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x66b8e) [0x7f0028259b8e] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f0028215"... #3 0x00007f0028259b8e in i_internal_fatal_handler (ctx=0x7fffe1eb1e30, format=, args=) at failures.c:653 status = 0 #4 0x00007f00282153ce in i_panic (format=format at entry=0x7f0028597088 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:264 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffe1eb1f20, reg_save_area = 0x7fffe1eb1e60}} #5 0x00007f002857ec72 in log_append_ext_intro (ctx=ctx at entry=0x7fffe1eb2040, ext_id=ext_id at entry=5, reset_id=0, hdr_size_r=hdr_size_r at entry=0x7fffe1eb2018) at mail-index-transaction-export.c:117 t = 0xb3dd30 intro = 0xb3cd04 resizes = 0xb3cca0 buf = 0xaf9db0 idx = 0 count = 6 __FUNCTION__ = "log_append_ext_intro" #6 0x00007f002857f140 in mail_transaction_log_append_ext_intros (ctx=0x7fffe1eb2040) at mail-index-transaction-export.c:283 resize = ext_reset = {new_reset_id = 0, preserve_data = 0 '\000', unused_padding = "\000\000"} resize_count = ext_count = 6 hdrs = hdrs_count = 6 ext_id = 5 reset_count = 0 hdr_size = 0 reset = 0x0 reset_buf = {data = 0x7fffe1eb2020, used = 8, priv = {0x7fffe1eb2020, 0x0, 0x8, 0x0, 0x0}} t = reset_id_count = 0 reset_id = reset_ids = 0x0 #7 mail_index_transaction_export (t=t at entry=0xb3dd30, append_ctx=0xb43570) at mail-index-transaction-export.c:409 null4 = "\000\000\000" change_mask = (unknown: 0) ctx = {trans = 0xb3dd30, append_ctx = 0xb43570} __FUNCTION__ = "mail_index_transaction_export" #8 0x00007f002857e32f in mail_index_transaction_commit_real (commit_size_r=0x7fffe1eb2180, t=0xb3dd30) at mail-index-transaction.c:165 _data_stack_cur_id = 7 ctx = 0xb43570 log_seq2 = 0 log_offset1 = 0 log = 0xb38e00 trans_flags = ---Type to continue, or q to quit--- log_seq1 = 11763008 log_offset2 = 7 #9 mail_index_transaction_commit_v (t=0xb3dd30, result_r=0x7fffe1eb2170) at mail-index-transaction.c:203 index = 0xb37d40 changed = true ret = __FUNCTION__ = "mail_index_transaction_commit_v" #10 0x00007f002857e78d in mail_index_transaction_commit_full (_t=_t at entry=0x7fffe1eb21b0, result_r=result_r at entry=0x7fffe1eb2170) at mail-index-transaction.c:262 t = 0xb3dd30 index = 0xb37d40 index_undeleted = false #11 0x00007f002857e82c in mail_index_transaction_commit (t=t at entry=0x7fffe1eb21b0) at mail-index-transaction.c:236 result = {log_file_seq = 0, log_file_offset = 0, commit_size = 0, ignored_modseq_changes = 0} #12 0x00007f00285031ea in mdbox_write_index_header (box=box at entry=0xb37170, update=update at entry=0x0, trans=0xb3dd30, trans at entry=0x0) at mdbox-storage.c:312 mbox = 0xb37170 new_trans = 0x0 view = 0x0 hdr = 0xb39350 uid_validity = 1306175967 uid_next = 0 #13 0x00007f002850344c in mdbox_mailbox_get_guid (guid_r=0x7fffe1eb2370 "", mbox=0xb37170) at mdbox-storage.c:391 need_resize = true ret = 0 idx_hdr = hdr = {map_uid_validity = 0, mailbox_guid = '\000' , flags = 0 '\000', unused = "\000\000"} #14 mdbox_mailbox_get_metadata (box=0xb37170, items=, metadata_r=0x7fffe1eb2370) at mdbox-storage.c:411 items = metadata_r = 0x7fffe1eb2370 box = 0xb37170 mbox = 0xb37170 #15 0x00007f0028555a15 in index_list_get_metadata (box=0xb37170, items=MAILBOX_METADATA_GUID, metadata_r=0x7fffe1eb2370) at mailbox-list-index-status.c:202 ibox = 0xb37a70 #16 0x00007f0028542345 in mailbox_get_metadata (box=0xb37170, items=items at entry=MAILBOX_METADATA_GUID, metadata_r=metadata_r at entry=0x7fffe1eb2370) at mail-storage.c:1544 __FUNCTION__ = "mailbox_get_metadata" #17 0x00007f0028556324 in node_lookup_guid (ctx=, guid_r=0x7fffe1eb2358 "", node=0xb22780) at mailbox-list-index-sync.c:25 box = 0xb37170 vname = str = 0xaf9920 ns_sep = metadata = {guid = '\000' , virtual_size = 0, cache_fields = 0x0, precache_fields = (unknown: 0), backend_ns_prefix = 0x0, backend_ns_type = (unknown: 0)} #18 node_add_to_index (seq_r=0x7fffe1eb2330, node=0xb22780, ctx=0xb34ef0) at mailbox-list-index-sync.c:45 _data_stack_cur_id = 6 irec = {name_id = 65, parent_uid = 0, guid = '\000' , uid_validity = 0} seq = 11759984 #19 mailbox_list_index_node_add (seq_r=0x7fffe1eb2330, name=, parent=, ctx=0xb34ef0) at mailbox-list-index-sync.c:87 node = 0xb22780 dup_name = 0xb227b0 "GoogleMail 01.04.2014 19:58" #20 mailbox_list_index_sync_name (ctx=ctx at entry=0xb34ef0, name=, node_r=node_r at entry=0x7fffe1eb2418, created_r=created_r at entry=0x7fffe1eb240b) at mailbox-list-index-sync.c:125 path = 0xaf9808 empty_path = {0x7f00285982ff "", 0x0} node = parent = i = 0 seq = 0 ---Type to continue, or q to quit--- __FUNCTION__ = "mailbox_list_index_sync_name" #21 0x00007f002855694a in mailbox_list_index_sync_list (sync_ctx=0xb34ef0) at mailbox-list-index-sync.c:318 name = _data_stack_cur_id = 5 iter = 0xb352c0 info = 0xb35340 flags = (unknown: 0) node = 0xb21c40 seq = patterns = {0x7f00285a55d3 "*", 0x0} created = false #22 mailbox_list_index_sync (list=list at entry=0xb15df0) at mailbox-list-index-sync.c:390 sync_ctx = 0xb34ef0 ret = 0 #23 0x00007f002855184e in mailbox_list_index_refresh (list=0xb15df0) at mailbox-list-index.c:380 ilist = 0xb16288 view = 0xb27890 ret = #24 0x00007f0028553169 in iter_use_index (ctx=0xb26dc0, ctx=0xb26dc0) at mailbox-list-index-iter.c:25 ilist = 0xb16288 #25 mailbox_list_index_iter_init (list=0xb15df0, patterns=0xb26c88, flags=(MAILBOX_LIST_ITER_RETURN_CHILDREN | MAILBOX_LIST_ITER_RETURN_SPECIALUSE)) at mailbox-list-index-iter.c:52 ilist = 0xb16288 ctx = 0xb26dc0 pool = 0xb26da0 ns_sep = #26 0x00007f0028556ec9 in mailbox_list_iter_init_multiple (list=0xb15df0, patterns=, flags=(MAILBOX_LIST_ITER_RETURN_CHILDREN | MAILBOX_LIST_ITER_RETURN_SPECIALUSE)) at mailbox-list-iter.c:173 ctx = ret = 0 #27 0x00007f0028558179 in mailbox_list_ns_iter_try_next (info_r=, _ctx=0xb269b0) at mailbox-list-iter.c:574 ctx = 0xb269b0 info = errstr = has_children = ns = error = MAIL_ERROR_NONE #28 mailbox_list_ns_iter_next (_ctx=0xb269b0) at mailbox-list-iter.c:645 info = #29 0x00007f0028556baf in mailbox_list_iter_next_call (ctx=ctx at entry=0xb269b0) at mailbox-list-iter.c:941 info = set = #30 0x00007f00285577c4 in mailbox_list_iter_next (ctx=0xb269b0) at mailbox-list-iter.c:1012 _data_stack_cur_id = 4 info = #31 0x000000000040f089 in cmd_list_continue (cmd=cmd at entry=0xb24190) at cmd-list.c:229 ctx = 0xb242a8 info = flags = str = 0xaf93a0 mutf7_name = 0xaf94f0 name = ret = #32 0x000000000040f8ce in cmd_list_full (cmd=0xb24190, lsub=) at cmd-list.c:463 client = args = 0xb04a98 ---Type to continue, or q to quit--- list_args = 0x0 arg_count = 32512 ctx = 0xb242a8 patterns = {arr = {buffer = 0xb24300, element_size = 8}, v = 0xb24300, v_modifiable = 0xb24300} ref = 0xb242d8 "" pattern = 0xb242e0 "GoogleMail 01.04.2014 19:58" str = #33 0x0000000000416adc in command_exec (cmd=0xb24190) at imap-commands.c:158 hook = 0xb020f0 ret = #34 0x0000000000415b3f in client_command_input (cmd=0xb24190) at imap-client.c:780 client = 0xb235b0 command = __FUNCTION__ = "client_command_input" #35 0x0000000000415bf5 in client_command_input (cmd=0xb24190) at imap-client.c:841 client = 0xb235b0 command = __FUNCTION__ = "client_command_input" #36 0x0000000000415ef5 in client_handle_next_command (remove_io_r=, client=0xb235b0) at imap-client.c:879 No locals. #37 client_handle_input (client=client at entry=0xb235b0) at imap-client.c:891 _data_stack_cur_id = 3 remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" #38 0x0000000000416282 in client_input (client=0xb235b0) at imap-client.c:933 cmd = 0xb16a70 output = 0xb23fe0 bytes = 42 __FUNCTION__ = "client_input" #39 0x00007f0028269a87 in io_loop_call_io (io=0xb240b0) at ioloop.c:388 ioloop = 0xb01730 t_id = 2 #40 0x00007f002826a817 in io_loop_handler_run (ioloop=ioloop at entry=0xb01730) at ioloop-epoll.c:220 ctx = 0xb023d0 list = 0xb03e00 io = tv = {tv_sec = 1799, tv_usec = 999837} events_count = msecs = ret = 1 i = 0 call = __FUNCTION__ = "io_loop_handler_run" #41 0x00007f0028269628 in io_loop_run (ioloop=0xb01730) at ioloop.c:412 __FUNCTION__ = "io_loop_run" #42 0x00007f002821a5c3 in master_service_run (service=0xb015c0, callback=callback at entry=0x41ec00 ) at master-service.c:566 No locals. #43 0x000000000040b03f in main (argc=1, argv=0xb01390) at main.c:400 set_roots = {0x4269a0 , 0x0} login_set = {auth_socket_path = 0xaf9058 "(", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x41efb0 , failure_callback = 0x41ece0 , request_auth_token = 1} service_flags = storage_service_flags = username = 0x0 ---Type to continue, or q to quit--- c = ================== Apr 1 20:19:42 dovecot01 dovecot: indexer-worker(user at domain.de): Panic: file mail-index-transaction-export.c: line 117 (log_append_ext_intro): assertion failed: (intro->ext_id == idx || idx == (uint32_t)-1) Apr 1 20:19:42 dovecot01 dovecot: indexer-worker(user at domain.de): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x66ab1) [0x7f77b4f2aab1] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x66b8e) [0x7f77b4f2ab8e] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f77b4ee63ce] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xb9c72) [0x7f77b524fc72] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_index_transaction_export+0x200) [0x7f77b5250140] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xb932f) [0x7f77b524f32f] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_index_transaction_commit_full+0x9d) [0x7f77b524f78d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_index_transaction_commit+0xc) [0x7f77b524f82c] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x3e1ea) [0x7f77b51d41ea] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x3e44c) [0x7f77b51d444c] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x90a15) [0x7f77b5226a15] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_get_metadata+0x95) [0x7f77b5213345] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_list_index_sync_name+0x2a4) [0x7f77b5227324] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_list_index_sync+0x10a) [0x7f77b522794a] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_list_index_refresh+0x9e) [0x7f77b522284e] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x9072e) [0x7f77b522672e] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x909a3) [0x7f77b52269a3] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_deinit+0x22) [0x7f77b5211ef2] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x39) [0x7f77b5211fa9] -> dovecot/indexer-worker [user at domain.de INBOX]() [0x4022f7] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27) [0x7f77b4f3aa87] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7) [0x7f77b4f3b817] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f77b4f3a628] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f77b4eeb5c3] -> dovecot/indexer-worker [user at domain.de INBOX](main+0xe3) [0x401f03] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f77b4b1dde5] -> dovecot/indexer-worker [user at domain.de INBOX]() [0x401fc2] Apr 1 20:19:42 dovecot01 dovecot: indexer: Error: Indexer worker disconnected, discarding 1 requests for user at domain.de Apr 1 20:19:42 dovecot01 dovecot: indexer-worker(user at domain.de): Fatal: master: service(indexer-worker): child 8806 killed with signal 6 (core dumped) ================== Core was generated by `dovecot/indexer-worker'. Program terminated with signal 6, Aborted. #0 0x00007f77b4b32f77 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt full #0 0x00007f77b4b32f77 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 resultvar = 0 pid = 8806 selftid = 8806 #1 0x00007f77b4b365e8 in __GI_abort () at abort.c:90 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {12654816, 0, 140152119483509, 140149077835777, 0, 4202243, 140152109280488, 140733744696321, 0, 12801792, 140152119510821, 0, 140152110221056, 140152116161696, 12659256, 140733744696092}}, sa_flags = 4096, sa_restorer = 0x7f77b4b4a134 } sigs = {__val = {32, 0 }} #2 0x00007f77b4f2aad8 in default_fatal_finish (type=, status=status at entry=0) at failures.c:192 backtrace = 0xc119e8 "/usr/local/lib/dovecot/libdovecot.so.0(+0x66ab1) [0x7f77b4f2aab1] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x66b8e) [0x7f77b4f2ab8e] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f77b4ee6"... #3 0x00007f77b4f2ab8e in i_internal_fatal_handler (ctx=0x7fff20dc4cb0, format=, args=) at failures.c:653 status = 0 #4 0x00007f77b4ee63ce in i_panic (format=format at entry=0x7f77b5268088 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:264 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff20dc4da0, reg_save_area = 0x7fff20dc4ce0}} #5 0x00007f77b524fc72 in log_append_ext_intro (ctx=ctx at entry=0x7fff20dc4ec0, ext_id=ext_id at entry=5, reset_id=0, hdr_size_r=hdr_size_r at entry=0x7fff20dc4e98) at mail-index-transaction-export.c:117 t = 0xc6d700 intro = 0xc6dac4 resizes = 0xc6da60 buf = 0xc118e0 idx = 0 count = 6 __FUNCTION__ = "log_append_ext_intro" #6 0x00007f77b5250140 in mail_transaction_log_append_ext_intros (ctx=0x7fff20dc4ec0) at mail-index-transaction-export.c:283 resize = ext_reset = {new_reset_id = 0, preserve_data = 0 '\000', unused_padding = "\000\000"} resize_count = ext_count = 6 hdrs = hdrs_count = 6 ext_id = 5 reset_count = 0 hdr_size = 0 reset = 0x0 reset_buf = {data = 0x7fff20dc4ea0, used = 8, priv = {0x7fff20dc4ea0, 0x0, 0x8, 0x0, 0x0}} t = reset_id_count = 0 reset_id = reset_ids = 0x0 #7 mail_index_transaction_export (t=t at entry=0xc6d700, append_ctx=0xc6dcd0) at mail-index-transaction-export.c:409 null4 = "\000\000\000" change_mask = (unknown: 0) ctx = {trans = 0xc6d700, append_ctx = 0xc6dcd0} __FUNCTION__ = "mail_index_transaction_export" #8 0x00007f77b524f32f in mail_index_transaction_commit_real (commit_size_r=0x7fff20dc5000, t=0xc6d700) at mail-index-transaction.c:165 _data_stack_cur_id = 6 ctx = 0xc6dcd0 log_seq2 = 0 log_offset1 = 140733744697296 log = 0xc35bb0 trans_flags = ---Type to continue, or q to quit--- log_seq1 = 24 log_offset2 = 140733193388038 #9 mail_index_transaction_commit_v (t=0xc6d700, result_r=0x7fff20dc4ff0) at mail-index-transaction.c:203 index = 0xc35190 changed = true ret = __FUNCTION__ = "mail_index_transaction_commit_v" #10 0x00007f77b524f78d in mail_index_transaction_commit_full (_t=_t at entry=0x7fff20dc5030, result_r=result_r at entry=0x7fff20dc4ff0) at mail-index-transaction.c:262 t = 0xc6d700 index = 0xc35190 index_undeleted = false #11 0x00007f77b524f82c in mail_index_transaction_commit (t=t at entry=0x7fff20dc5030) at mail-index-transaction.c:236 result = {log_file_seq = 0, log_file_offset = 0, commit_size = 0, ignored_modseq_changes = 0} #12 0x00007f77b51d41ea in mdbox_write_index_header (box=box at entry=0xc345c0, update=update at entry=0x0, trans=0xc6d700, trans at entry=0x0) at mdbox-storage.c:312 mbox = 0xc345c0 new_trans = 0x0 view = 0x0 hdr = 0xc45e00 uid_validity = 1306175995 uid_next = 3038592790 #13 0x00007f77b51d444c in mdbox_mailbox_get_guid (guid_r=0x7fff20dc51f0 "", mbox=0xc345c0) at mdbox-storage.c:391 need_resize = true ret = 0 idx_hdr = hdr = {map_uid_validity = 0, mailbox_guid = '\000' , flags = 0 '\000', unused = "\000\000"} #14 mdbox_mailbox_get_metadata (box=0xc345c0, items=, metadata_r=0x7fff20dc51f0) at mdbox-storage.c:411 items = metadata_r = 0x7fff20dc51f0 box = 0xc345c0 mbox = 0xc345c0 #15 0x00007f77b5226a15 in index_list_get_metadata (box=0xc345c0, items=MAILBOX_METADATA_GUID, metadata_r=0x7fff20dc51f0) at mailbox-list-index-status.c:202 ibox = 0xc34ed0 #16 0x00007f77b5213345 in mailbox_get_metadata (box=0xc345c0, items=items at entry=MAILBOX_METADATA_GUID, metadata_r=metadata_r at entry=0x7fff20dc51f0) at mail-storage.c:1544 __FUNCTION__ = "mailbox_get_metadata" #17 0x00007f77b5227324 in node_lookup_guid (ctx=, guid_r=0x7fff20dc51d8 "", node=0xc30110) at mailbox-list-index-sync.c:25 box = 0xc345c0 vname = str = 0xc11428 ns_sep = metadata = {guid = '\000' , virtual_size = 0, cache_fields = 0x0, precache_fields = (unknown: 0), backend_ns_prefix = 0x0, backend_ns_type = (unknown: 0)} #18 node_add_to_index (seq_r=0x7fff20dc51b0, node=0xc30110, ctx=0xc25bb0) at mailbox-list-index-sync.c:45 _data_stack_cur_id = 5 irec = {name_id = 86, parent_uid = 76, guid = '\000' , uid_validity = 0} seq = 12797376 #19 mailbox_list_index_node_add (seq_r=0x7fff20dc51b0, name=, parent=, ctx=0xc25bb0) at mailbox-list-index-sync.c:87 node = 0xc30110 dup_name = 0xc30140 "Drafts" #20 mailbox_list_index_sync_name (ctx=ctx at entry=0xc25bb0, name=, node_r=node_r at entry=0x7fff20dc5298, created_r=created_r at entry=0x7fff20dc528b) at mailbox-list-index-sync.c:125 path = 0xc11310 empty_path = {0x7f77b52692ff "", 0x0} node = parent = i = 1 seq = 0 ---Type to continue, or q to quit--- __FUNCTION__ = "mailbox_list_index_sync_name" #21 0x00007f77b522794a in mailbox_list_index_sync_list (sync_ctx=0xc25bb0) at mailbox-list-index-sync.c:318 name = _data_stack_cur_id = 4 iter = 0xc31b30 info = 0xc31bb0 flags = (unknown: 0) node = 0xc2ff18 seq = patterns = {0x7f77b52765d3 "*", 0x0} created = false #22 mailbox_list_index_sync (list=list at entry=0xc49360) at mailbox-list-index-sync.c:390 sync_ctx = 0xc25bb0 ret = 0 #23 0x00007f77b522284e in mailbox_list_index_refresh (list=0xc49360) at mailbox-list-index.c:380 ilist = 0xc497f8 view = 0xc275a0 ret = #24 0x00007f77b522672e in index_list_update_mailbox (box=box at entry=0xc4a1a0) at mailbox-list-index-status.c:363 ilist = 0xc497f8 list_sync_ctx = 0xc27270 list_view = 0xc48c20 list_trans = 0x7f77b5213a75 changes = {status = {messages = 256, recent = 0, unseen = 12890576, uidvalidity = 0, uidnext = 65, first_unseen_seq = 0, first_recent_uid = 12886432, last_cached_seq = 0, highest_modseq = 140733744698432, highest_pvt_modseq = 12888328, keywords = 0xc49718, permanent_flags = 3025012879, permanent_keywords = 1, allow_new_keywords = 1, nonpermanent_modseqs = 1, have_guids = 0, have_save_guids = 1, have_only_guid128 = 1}, guid = "\360\261\304\000\000\000\000\000p\247\304\000\000\000\000", seq = 12890576, rec_changed = false, msgs_changed = false, hmodseq_changed = false} ret = __FUNCTION__ = "index_list_update_mailbox" #25 0x00007f77b52269a3 in index_list_sync_deinit (ctx=0x0, status_r=0x7fff20dc5440) at mailbox-list-index-status.c:470 box = 0xc4a1a0 ibox = #26 0x00007f77b5211ef2 in mailbox_sync_deinit (_ctx=_ctx at entry=0x7fff20dc5448, status_r=status_r at entry=0x7fff20dc5440) at mail-storage.c:1691 ctx = box = 0xc4a1a0 errormsg = error = MAIL_ERROR_NONE ret = #27 0x00007f77b5211fa9 in mailbox_sync (box=, flags=) at mail-storage.c:1717 ctx = 0x0 status = {sync_delayed_expunges = 0} #28 0x00000000004022f7 in index_mailbox (what=0xc0f07e "i", max_recent_msgs=0, mailbox=0xc0f076 "INBOX", user=0xc52f00, conn=0xc1bfb0) at master-connection.c:161 box = 0xc4a1a0 status = {messages = 5000, recent = 0, unseen = 3035915435, uidvalidity = 32631, uidnext = 64, first_unseen_seq = 0, first_recent_uid = 12679056, last_cached_seq = 0, highest_modseq = 5000, highest_pvt_modseq = 213, keywords = 0x7f77b4f01ac0 , permanent_flags = 12838464, permanent_keywords = 0, allow_new_keywords = 0, nonpermanent_modseqs = 0, have_guids = 0, have_save_guids = 0, have_only_guid128 = 0} errstr = ret = 0 ns = path = 0xc11048 "/mnt/filestorage01/team.mail.de/m.kliewe/maildir/mailboxes/INBOX/dbox-Mails" error = MAIL_ERROR_NONE sync_flags = #29 master_connection_input_line (line=, conn=0xc1bfb0) at master-connection.c:208 str = max_recent_msgs = 0 ---Type to continue, or q to quit--- ret = args = input = {module = 0x4029ff "mail", service = 0x4029f0 "indexer-worker", username = 0xc0f060 "m.kliewe at team.mail.de", session_id = 0x0, local_ip = {family = 0, u = {ip6 = { __in6_u = {__u6_addr8 = '\000' , __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, remote_ip = { family = 0, u = {ip6 = {__in6_u = {__u6_addr8 = '\000' , __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, local_port = 0, remote_port = 0, userdb_fields = 0x0, flags_override_add = (unknown: 0), flags_override_remove = (unknown: 0), no_userdb_lookup = 0} service_user = 0xc1f098 user = 0xc52f00 error = 0x7fff20dc5620 "\002" #30 master_connection_input (conn=0xc1bfb0) at master-connection.c:245 _data_stack_cur_id = 3 line = #31 0x00007f77b4f3aa87 in io_loop_call_io (io=0xc1bff0) at ioloop.c:388 ioloop = 0xc17730 t_id = 2 #32 0x00007f77b4f3b817 in io_loop_handler_run (ioloop=ioloop at entry=0xc17730) at ioloop-epoll.c:220 ctx = 0xc1a560 list = 0xc1c040 io = tv = {tv_sec = 0, tv_usec = 0} events_count = msecs = ret = 1 i = 0 call = __FUNCTION__ = "io_loop_handler_run" #33 0x00007f77b4f3a628 in io_loop_run (ioloop=0xc17730) at ioloop.c:412 __FUNCTION__ = "io_loop_run" #34 0x00007f77b4eeb5c3 in master_service_run (service=0xc175c0, callback=callback at entry=0x402090 ) at master-service.c:566 No locals. #35 0x0000000000401f03 in main (argc=1, argv=0xc17390) at indexer-worker.c:78 storage_service_flags = (MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP | MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP | MAIL_STORAGE_SERVICE_FLAG_NO_IDLE_TIMEOUT) c = ================== From tobi at oetiker.ch Wed Apr 2 15:12:50 2014 From: tobi at oetiker.ch (Tobias Oetiker) Date: Wed, 2 Apr 2014 17:12:50 +0200 (CEST) Subject: [Dovecot] how to enable debugging in imapc In-Reply-To: <533BB92D.5050502@dovecot.fi> References: <533BB92D.5050502@dovecot.fi> Message-ID: Hi Teemu, Today Teemu Huovila wrote: > On 04/01/2014 05:49 PM, Tobias Oetiker wrote: > > specifically, how can i set > > > > conn->client->set.debug in ./src/lib-imap-client/imapc-connection.c > Set "mail_debug = yes" somewhere in your configuration file(s). hmm that does not seem to get ./src/lib-imap-client/imapc-connection.c to talk more ... or is this not the part of the code that gets active when implementing an imap proxy with dovecot ? cheers tobi -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland www.oetiker.ch tobi at oetiker.ch +41 62 775 9902 *** We are hiring IT staff: www.oetiker.ch/jobs *** From bourek at thinline.cz Wed Apr 2 15:23:34 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Wed, 02 Apr 2014 17:23:34 +0200 Subject: [Dovecot] Disable maildir indexing and dovecot-uidlist on LMTP/LDA delivery In-Reply-To: References: <533C233C.7020308@whyscream.net> Message-ID: <533C2B76.9030000@thinline.cz> If you're trying to do this without reading, you can't read the sieve rules. If you only want to prevent the delivery process from reading Maildir data (messages) and don't mind when it reads dovecot-uidlist, one possible solution may be moving dovecot-uidlist (and others) out of the Maildir. For example: mail_location = maildir:/somewhere/mailboxes:INDEX=/somewhere/else/index/:CONTROL=/somewhere/else/control/ (It's written by heart, so check syntax and adapt for your setup before using) Also you'll need to move index and control data to new location before switching this on. I'm not sure if that can be done without downtime. Jouko Nikula wrote: > I would like to use sieve plugin for server side filtering and I've > understood that LMTP/LDA is required for this. > > > On Wed, Apr 2, 2014 at 5:48 PM, Tom Hendrikx wrote: > >> On 04/02/2014 12:27 PM, Jouko Nikula wrote: >>> Hello all, >>> >>> Is there a way to use LMTP (or LDA) so that maildir index and >>> dovecot-uidlist are not updated? >>> >>> My setup is such that mail delivery sees user's maildir as write only. >> This >>> setup works well when using postfix for mail delivery, but when I try to >>> switch to dovecot LMTP the lmtp process wants to read the dovecot-uidlist >>> and fails on insufficient privileges. Is there a way around this without >>> exposing the maildir and mail home for read access? >>> >>> Regards, >>> Jouko Nikula >>> >> >> When indexes cannot be updated upon delivery, there is no real benefit >> in using dovecot's delivery mechanisms. So you could just simply let >> postfix deliver the messages. >> >> Tom >> From itgeek31 at googlemail.com Wed Apr 2 18:29:23 2014 From: itgeek31 at googlemail.com (IT geek 31) Date: Wed, 2 Apr 2014 20:29:23 +0200 Subject: [Dovecot] Is replication broken? In-Reply-To: <5326F8F1.1050001@Media-Brokers.com> References: <5321CAB8.9000200@Media-Brokers.com> <5326D5AF.6020902@Media-Brokers.com> <5326F8F1.1050001@Media-Brokers.com> Message-ID: > Actually asked another way, "why should I waste time rtfm when I can just be lazy and waste everyone else's time with questions that I could otherwise easily answer myself?"... Actually pal that's utter bollocks. I did RTFM, but I think it's widely recognised the Dovecot wiki (Replication especially) isn't as informative as it could be. If it was I wouldn't be asking for help. > Sorry, but it is a pet peeve of mine when someone provides an answer that makes it painfully obvious that they didn't even *try* to answer the question themself. And that's fine. Despite your patronising tone, I appreciate you contribute heavily this thread and where you do offer help it is appreciated. Look... I'm not looking for a spat here. This mailing list already has a few unhelpful toads without us adding to the list :-) I plan to follow your advice and migrate a test mailbox to mdbox using the following command: dsync -v -u username mirror mbox:~/mail:INBOX=/var/mail/username And adding the following to my dovecot.conf: mail_location = mdbox:~/mdbox According to http://wiki2.dovecot.org/MailboxFormat/dbox, the Inbox will then be moved under $HOME:/mdbox/mailboxes/INBOX. Before I do this, my question is this - will Postfix automatically know where to find the inbox, or will I have to do modify my Postfix config somehow? Thanks, -Mark From huang at utsc.utoronto.ca Wed Apr 2 18:44:09 2014 From: huang at utsc.utoronto.ca (Wesley Huang) Date: Wed, 02 Apr 2014 14:44:09 -0400 Subject: [Dovecot] nfs flush/fsync config settings problem In-Reply-To: <201401080923.35386.yebo@psg.sk> References: <201401080923.35386.yebo@psg.sk> Message-ID: <533C5A79.8080906@utsc.utoronto.ca> Hi All, Same as Troton, I'm hitting the same problem in the latest 2.2.12 with the exact same error "Fatal: nfs flush requires mail_fsync=always". The mail_fsync config parameter has been set to "always" and all-settings.c detects correctly parsed_fsync_mode=2. But the index->fsync_mode is detected as "0" in the mailbox_list_index_refresh() function in lib-storage/list/mailbox-list-index.c: ilist->index->fsync_mode=0. FYI I'm pointing the 2.2.12 to mail data served by 2.2.4 and I couldn't find any index format changes in the release notes. Anyone has more insights? Cheers, Wesley From itgeek31 at googlemail.com Wed Apr 2 19:40:18 2014 From: itgeek31 at googlemail.com (IT geek 31) Date: Wed, 2 Apr 2014 21:40:18 +0200 Subject: [Dovecot] Is replication broken? In-Reply-To: References: <5321CAB8.9000200@Media-Brokers.com> <5326D5AF.6020902@Media-Brokers.com> <5326F8F1.1050001@Media-Brokers.com> Message-ID: > > Before I do this, my question is this - will Postfix automatically > know where to find the inbox, or will I have to do modify my Postfix > config somehow? > To answer my own question, I have to edit my Postfix main.cf file with the following command: mailbox_command = /usr/pkg/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" More info can be found here: http://wiki2.dovecot.org/LDA/Postfix I'm still having permission issues though: (Command died with status 126: "/usr/pkg/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"". Command output: sh: /usr/pkg/libexec/dovecot/dovecot-lda: permission denied ) More to follow. -Mark From jtam.home at gmail.com Wed Apr 2 22:36:18 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Wed, 2 Apr 2014 15:36:18 -0700 (PDT) Subject: [Dovecot] Disable maildir indexing and dovecot-uidlist on LMTP/LDA delivery In-Reply-To: References: Message-ID: Jouko Nikula writes: > Is there a way to use LMTP (or LDA) so that maildir index and > dovecot-uidlist are not updated? > > My setup is such that mail delivery sees user's maildir as write only. This > setup works well when using postfix for mail delivery, but when I try to > switch to dovecot LMTP the lmtp process wants to read the dovecot-uidlist > and fails on insufficient privileges. Is there a way around this without > exposing the maildir and mail home for read access? You could create MEMORY indices e.g. mail_location = maildir:~/Maildir:INDEX=MEMORY which will allow all the other processing like sieve to work. However, I would look at the cause of the "insufficient privileges": it is a symptom of something that could lead to other problems. Joseph Tam From mtrainer at westnet.com.au Thu Apr 3 03:51:10 2014 From: mtrainer at westnet.com.au (Murray Trainer) Date: Thu, 03 Apr 2014 11:51:10 +0800 Subject: [Dovecot] Test outgoing email on director setup Message-ID: HI All, I have a several Exim MTA's relaying mail to a pair of director proxies via LMTP which then relayi to several mailstores via LMTP?? Incoming mail is working fine.? My outgoing mail uses LMTP also in the reverse of above.?? How do I manually test outgoing mail on the mailstores and proxies as I only have dovecot and not exim installed on them? I have the following set in dovecot.conf for LMTP ?submission_host = mailproxy01:24 mailproxy02:24 Hopefully that works with multiple submission hosts to give redundancy? Thanks Murray From skdovecot at smail.inf.fh-brs.de Thu Apr 3 06:28:52 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 3 Apr 2014 08:28:52 +0200 (CEST) Subject: [Dovecot] Is replication broken? In-Reply-To: References: <5321CAB8.9000200@Media-Brokers.com> <5326D5AF.6020902@Media-Brokers.com> <5326F8F1.1050001@Media-Brokers.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 2 Apr 2014, IT geek 31 wrote: > To answer my own question, I have to edit my Postfix main.cf file with the > following command: > > mailbox_command = /usr/pkg/libexec/dovecot/dovecot-lda -f "$SENDER" -a > "$RECIPIENT" > > More info can be found here: > > http://wiki2.dovecot.org/LDA/Postfix > > I'm still having permission issues though: > > (Command died with status 126: "/usr/pkg/libexec/dovecot/dovecot-lda -f > "$SENDER" -a "$RECIPIENT"". Command output: sh: > /usr/pkg/libexec/dovecot/dovecot-lda: permission denied ) Honestly, for most setups I would recommend LMTP nowadays. I don't use Postfix, but that page looks good: http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP You do not need to do anything special in postfix, if you use Dovecot's LDA or LMTP, when you change the storage backend. Most importantly, that way you can let UserDB return a different mail_location per recipient without postfix knowing anything about the difference. BTW: If the Wiki seems missing information, add it once you've acquired the info. :-) - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUzz/pXD1/YhP6VMHAQID+ggAjib19D7JsUKKySdbj3bFx8NyEFmjexQI G3iwRBKnQYANp/KQdnJL+N0jnxmQNrl9MrjdciYxFO2dln0pcehz8QlsK6VGbIcf Lz0o5Ht7RMJD1kIxfeug+lIREqd5s7FJZ3JdZPkE/IfF/50cTJgL4G//KdA4wo1e s+5PHar+60eVo1BAMN/VK35jasI/JM7VCR8n86dsI2aJ6KNGqg8l6yaIVMKaqXUd +Hs1zYSDzL8PFLsrzTJLXKD9dHQiOqEnUhVfVyC951YyZVfp5HV/XxiP9QSXiU0h HtYcszoOPAfPW/MTld2BxmZ+UvaXHDEVe1GUtV1Y1rDfCiRQnXwPeg== =vfi7 -----END PGP SIGNATURE----- From teemu.huovila at dovecot.fi Thu Apr 3 07:39:02 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Thu, 03 Apr 2014 10:39:02 +0300 Subject: [Dovecot] how to enable debugging in imapc In-Reply-To: References: <533BB92D.5050502@dovecot.fi> Message-ID: <533D1016.9090309@dovecot.fi> On 04/02/2014 06:12 PM, Tobias Oetiker wrote: > hmm that does not seem to get ./src/lib-imap-client/imapc-connection.c > to talk more ... or is this not the part of the code that gets > active when implementing an imap proxy with dovecot ? I do not know exactly what you are trying to do, but I suspect that is not the file you are looknig for. Proxy functionality is in src/login-common/*proxy.c , src/imap-login/imap-proxy.c and perhaps others that I have omitted here. I think your best bet would be to expand on your problem in your other thread. Describe in more detail what you are trying to do, maybe especially why you need both nginx and Dovecot infront of your Zimbra. Also post (inline) your full doveconf -n output and the relevent configuration files for the other components of your system. I am hopeful there will be somebody who can easily help you based on their own experience. I am nowhere near as experienced in configuring Dovecot as some of the people on this list. br, Teemu Huovila From alessio at skye.it Thu Apr 3 08:22:43 2014 From: alessio at skye.it (Alessio Cecchi) Date: Thu, 03 Apr 2014 10:22:43 +0200 Subject: [Dovecot] nfs flush/fsync config settings problem In-Reply-To: <201401080923.35386.yebo@psg.sk> References: <201401080923.35386.yebo@psg.sk> Message-ID: <533D1A53.6050109@skye.it> Il 08/01/2014 09:23, Troton_admin ha scritto: > Hi, > > I need to place a maildir storage on a NFS filesystem, so I set up the config like this: > > mmap_disable = yes > mail_nfs_storage = yes > mail_nfs_index = yes > mail_fsync = always > lock_method = dotlock (also tried fcntl - local lockd is running, no success, now using dotlock, to be sure while debugging) > > The problem is that Dovecot (2.2.9/2.2.10 - the relevant code in mail-index.c is the same) logs a fatal error and quits the session (no daemon crash/coredump). Hi, I have a similar configuration but with dovecot 2.2.12 and NFS for me works fine. Have you insert the "mail_fsync = always" in the right place? Is there only one "mail_fsync" setting in your config? First check this: root at mx:/etc/dovecot# grep mail_fsync /etc/dovecot/ -R conf.d/10-mail.conf:mail_fsync = always root at mx:/etc/dovecot# dovecot -n | grep -E 'sync|nfs' mail_fsync = always mail_nfs_index = yes mail_nfs_storage = yes maildir_very_dirty_syncs = yes # 2.2.12: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.9 Let me know. Ciao -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz Cloud Email Hosting -> http://www.qboxmail.com @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From itgeek31 at googlemail.com Thu Apr 3 08:25:49 2014 From: itgeek31 at googlemail.com (IT geek 31) Date: Thu, 3 Apr 2014 10:25:49 +0200 Subject: [Dovecot] Is replication broken? In-Reply-To: <533cff7e.036e0e0a.4ce2.4e7fSMTPIN_ADDED_BROKEN@mx.google.com> References: <5321CAB8.9000200@Media-Brokers.com> <5326D5AF.6020902@Media-Brokers.com> <5326F8F1.1050001@Media-Brokers.com> <533cff7e.036e0e0a.4ce2.4e7fSMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: > > Honestly, for most setups I would recommend LMTP nowadays. > I don't use Postfix, but that page looks good: > http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP > > You do not need to do anything special in postfix, if you use Dovecot's > LDA or LMTP, when you change the storage backend. Most importantly, that > way you can let UserDB return a different mail_location per recipient > without postfix knowing anything about the difference. > Thank you Steffen, I shall give that a go and report back with how I get on. -Mark From dar at darklajid.de Thu Apr 3 08:32:17 2014 From: dar at darklajid.de (Benjamin Podszun) Date: Thu, 03 Apr 2014 10:32:17 +0200 Subject: [Dovecot] =?iso-8859-1?q?dovecot_2=2E2=2E10_=26_fts=5Flucene=3A_F?= =?iso-8859-1?q?ailed_to_initialize_backend?= Message-ID: <4190417e-505f-4bd9-9130-412ec08800e2@darklajid.de> Hey there. Lurking most of the time here, currently I'm trying to make FTS work? From itgeek31 at googlemail.com Thu Apr 3 09:08:52 2014 From: itgeek31 at googlemail.com (IT geek 31) Date: Thu, 3 Apr 2014 11:08:52 +0200 Subject: [Dovecot] Is replication broken? In-Reply-To: <533cff7e.036e0e0a.4ce2.4e7fSMTPIN_ADDED_BROKEN@mx.google.com> References: <5321CAB8.9000200@Media-Brokers.com> <5326D5AF.6020902@Media-Brokers.com> <5326F8F1.1050001@Media-Brokers.com> <533cff7e.036e0e0a.4ce2.4e7fSMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: > > Honestly, for most setups I would recommend LMTP nowadays. >> > I don't use Postfix, but that page looks good: > http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP I followed the guide, but I received the following error: Apr 3 08:41:31 server1 postfix/lmtp[4084]: DE4321F83A: to=, relay=server1.test.com[private/dovecot-lmtp], delay=491, delays=490/0.21/0.02/0.02, dsn=5.1.1, status=bounced (host server1.test.com[private/dovecot-lmtp] said: 550 5.1.1 User doesn't exist: user1 at test.com (in reply to RCPT TO command)) The solution was to add the following line to my dovecot.conf: auth_username_format = %Ln All is now working as expected. Now to crack on with replication... :-) -Mark From dar at darklajid.de Thu Apr 3 09:18:22 2014 From: dar at darklajid.de (Benjamin Podszun) Date: Thu, 03 Apr 2014 11:18:22 +0200 Subject: [Dovecot] =?iso-8859-1?q?dovecot_2=2E2=2E10_=26_fts=5Flucene=3A_F?= =?iso-8859-1?q?ailed_to_initialize_backend?= Message-ID: <24ad279a-c558-4c35-b0bb-6e19097c9f95@darklajid.de> Hey there. (Lesson to self: Don't try to be cute. Somehow a trademark sign breaks my setup and the rest of the mail is discarded? Sorry for the previous, incomplete post) Lurking most of the time here, currently I'm trying to make FTS work. As far as I understand [1], squat is deprecated, solr is a rather big dependency for my 'friends & family' type of installation: Lucene it is! My problem: The lucene backend isn't working, I get this error whenever I try to access it (be it doveadm fts or a search, triggering an index): # doveadm fts rescan -u dar at darklajid.de doveadm(dar at darklajid.de): Error: fts: Failed to initialize backend 'lucene': Unknown backend doveadm(dar at darklajid.de): Error: fts not enabled for user's namespace (null) Any ideas what I might be doing wrong here? All the details I could think of are below, any help would be appreciated. Regards, Ben -- Package information # pkg info dovecot2 dovecot2-2.2.10 Name : dovecot2 Version : 2.2.10 Installed on : Mon Mar 31 17:14:26 CEST 2014 Origin : mail/dovecot2 Architecture : freebsd:10:x86:64 Prefix : /usr/local Categories : mail ipv6 Licenses : MIT or LGPL21 Maintainer : bra at fsn.hu WWW : http://www.dovecot.org/ Comment : Secure and compact IMAP and POP3 servers Options : DOCS : off EXAMPLES : off GSSAPI : off KQUEUE : on LDAP : off LIBWRAP : off LUCENE : on MYSQL : off PGSQL : on SOLR : off SQLITE : off SSL : on VPOPMAIL : off Shared Libs required: libssl.so.8 libpq.so.5 libdovecot.so.0 libdovecot-storage.so.0 libdovecot-login.so.0 libdovecot-lda.so.0 libcrypto.so.8 libclucene-shared.so.1 libclucene-core.so.1 Shared Libs provided: libssl_iostream_openssl.so libdovecot.so.0 libdovecot-storage.so.0 libdovecot-sql.so.0 libdovecot-login.so.0 libdovecot-lda.so.0 libdovecot-compression.so.0 libauthdb_imap.so lib95_imap_stats_plugin.so lib90_stats_plugin.so lib30_imap_zlib_plugin.so lib21_fts_squat_plugin.so lib21_fts_lucene_plugin.so lib20_zlib_plugin.so lib20_virtual_plugin.so lib20_replication_plugin.so lib20_mailbox_alias_plugin.so lib20_mail_log_plugin.so lib20_listescape_plugin.so lib20_fts_plugin.so lib20_expire_plugin.so lib20_doveadm_fts_plugin.so lib20_doveadm_fts_lucene_plugin.so lib20_autocreate_plugin.so lib15_notify_plugin.so lib11_trash_plugin.so lib11_imap_quota_plugin.so lib10_quota_plugin.so lib10_doveadm_quota_plugin.so lib10_doveadm_expire_plugin.so lib10_doveadm_acl_plugin.so lib05_snarf_plugin.so lib05_pop3_migration_plugin.so lib02_lazy_expunge_plugin.so lib02_imap_acl_plugin.so lib01_acl_plugin.so -- Sure enough, the libraries are there/in places that look fine to me: # pkg info -l dovecot2 | grep -i fts /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.a /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.la /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.a /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.la /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so /usr/local/lib/dovecot/lib20_fts_plugin.a /usr/local/lib/dovecot/lib20_fts_plugin.la /usr/local/lib/dovecot/lib20_fts_plugin.so /usr/local/lib/dovecot/lib21_fts_lucene_plugin.a /usr/local/lib/dovecot/lib21_fts_lucene_plugin.la /usr/local/lib/dovecot/lib21_fts_lucene_plugin.so /usr/local/lib/dovecot/lib21_fts_squat_plugin.a /usr/local/lib/dovecot/lib21_fts_squat_plugin.la /usr/local/lib/dovecot/lib21_fts_squat_plugin.so -- Doveconf: # 2.2.10: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-RELEASE amd64 ufs first_valid_uid = 1 login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k mail_home = /var/vmail/%d/%n mail_location = maildir:/var/vmail/%d/%n/Maildir mail_plugins = fts mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = mailbox Drafts { auto = no special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = create special_use = \Trash } prefix = separator = / } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { antispam_backend = dspam antispam_dspam_args = --user;%Lu;--source=error;--signature=%%s antispam_dspam_binary = /usr/local/bin/dspamc antispam_dspam_notspam = --class=innocent antispam_dspam_result_header = X-DSPAM-Result antispam_dspam_spam = --class=spam antispam_signature = X-DSPAM-Signature antispam_signature_missing = error antispam_spam = Spam;Junk antispam_trash = trash;Trash fts = lucene fts_lucene = whitespace_chars=@. sieve = ~/.dovecot.sieve sieve_before = /usr/local/etc/dovecot/sieve/before sieve_dir = ~/sieve } postmaster_address = postmaster at ben.sh protocols = imap lmtp sieve service auth-worker { user = vmail } service auth { unix_listener /var/prosody/private/auth { group = prosody mode = 0660 user = prosody } unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } user = dovecot } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { process_limit = 128 } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 } } ssl = required ssl_cert = References: <24ad279a-c558-4c35-b0bb-6e19097c9f95@darklajid.de> Message-ID: <533D29B1.4030704@myzel.net> Am 2014-04-03 11:18, schrieb Benjamin Podszun: > My problem: The lucene backend isn't working, I get this error whenever > I try to access it (be it doveadm fts or a search, triggering an index): > > # doveadm fts rescan -u dar at darklajid.de > doveadm(dar at darklajid.de): Error: fts: Failed to initialize backend > 'lucene': Unknown backend > doveadm(dar at darklajid.de): Error: fts not enabled for user's namespace > (null) > > Any ideas what I might be doing wrong here? All the details I could > think of are below, any help would be appreciated. > > Regards, > Ben > Ben, in the wiki it says, lucene has to be v2.1+ Dont know enough of freebsd naming schemes, but to me this looks like you only have lucene v1? > Shared Libs required: > libclucene-shared.so.1 > libclucene-core.so.1 > 1: http://wiki2.dovecot.org/Plugins/FTS -- peter From dar at darklajid.de Thu Apr 3 10:13:49 2014 From: dar at darklajid.de (Benjamin Podszun) Date: Thu, 03 Apr 2014 12:13:49 +0200 Subject: [Dovecot] =?iso-8859-1?q?dovecot_2=2E2=2E10_=26_fts=5Flucene=3A_F?= =?iso-8859-1?q?ailed_to_initialize_backend?= In-Reply-To: <533D29B1.4030704@myzel.net> References: <24ad279a-c558-4c35-b0bb-6e19097c9f95@darklajid.de> <533D29B1.4030704@myzel.net> Message-ID: On Thursday, April 3, 2014 11:28:17 AM CEST, Peter Chiochetti wrote: > Am 2014-04-03 11:18, schrieb Benjamin Podszun: >> My problem: The lucene backend isn't working, I get this error whenever >> I try to access it (be it doveadm fts or a search, triggering an index): >> >> # doveadm fts rescan -u dar at darklajid.de >> doveadm(dar at darklajid.de): Error: fts: Failed to initialize backend >> 'lucene': Unknown backend > ... > > Ben, in the wiki it says, lucene has to be v2.1+ > > Dont know enough of freebsd naming schemes, but to me this > looks like you only have lucene v1? > >> Shared Libs required: >> libclucene-shared.so.1 >> libclucene-core.so.1 Thanks, good idea. But -- # pkg info clucene clucene-2.3.3.4_3 Name : clucene Version : 2.3.3.4_3 Installed on : Mon Mar 31 17:14:25 CEST 2014 Origin : textproc/clucene Architecture : freebsd:10:x86:64 Prefix : /usr/local Categories : textproc Licenses : LGPL21 or APACHE20 Maintainer : office at FreeBSD.org WWW : http://sourceforge.net/projects/clucene/ Comment : CLucene is a C++ port of Lucene Shared Libs provided: libclucene-shared.so.2.3.3.4 libclucene-core.so.2.3.3.4 libclucene-contribs-lib.so.2.3.3.4 # ls -l /usr/local/lib/libclucene*so lrwxr-xr-x 1 root wheel 28 Feb 13 11:03 /usr/local/lib/libclucene-contribs-lib.so -> libclucene-contribs-lib.so.1 lrwxr-xr-x 1 root wheel 20 Feb 13 11:03 /usr/local/lib/libclucene-core.so -> libclucene-core.so.1 lrwxr-xr-x 1 root wheel 22 Feb 13 11:03 /usr/local/lib/libclucene-shared.so -> libclucene-shared.so.1 -- So the version should be fine I guess. On top of that: I hope that the port itself isn't broken (possible of course, but I'd rather expect the f-up in my installation/my configuration?). Thanks, Ben From jouko.nikula at iki.fi Thu Apr 3 10:13:45 2014 From: jouko.nikula at iki.fi (Jouko Nikula) Date: Thu, 3 Apr 2014 13:13:45 +0300 Subject: [Dovecot] Disable maildir indexing and dovecot-uidlist on LMTP/LDA delivery In-Reply-To: References: Message-ID: On Thu, Apr 3, 2014 at 1:36 AM, Joseph Tam wrote: > > Jouko Nikula writes: > >> Is there a way to use LMTP (or LDA) so that maildir index and >> dovecot-uidlist are not updated? >> >> My setup is such that mail delivery sees user's maildir as write only. This >> setup works well when using postfix for mail delivery, but when I try to >> switch to dovecot LMTP the lmtp process wants to read the dovecot-uidlist >> and fails on insufficient privileges. Is there a way around this without >> exposing the maildir and mail home for read access? > > > You could create MEMORY indices e.g. > > mail_location = maildir:~/Maildir:INDEX=MEMORY > > which will allow all the other processing like sieve to work. > I now used: mail_location = maildir:~/mail:INDEX=MEMORY:CONTROL=/var/mail/%d/ctrl/%u and for sieve: plugin { sieve = /var/mail/%d/ctrl/%u/dovecot.sieve sieve_dir = /var/mail/%d/ctrl/%u/ } I also have two dovecot instances. One is responsible for imap/pop3 and other is responsible for sasl and and lmtp. The latter uses configuration above and the former differs on the mail location so that it does not have the INDEX=MEMORY setting: mail_location = maildir:~/mail:CONTROL=/var/mail/%d/ctrl/%u Do you see problems in this setup? My understanding is that now I'm wasting little bit CPU on creating indices for new mail, but I nevertheless have working and stored indices on the dovecot's imap instance. > However, I would look at the cause of the "insufficient privileges": > it is a symptom of something that could lead to other problems. > > Joseph Tam The cause is that I have not given lmtp read access to mail/home dir. :-) So this is intentional. From skull at bofhland.org Thu Apr 3 11:28:36 2014 From: skull at bofhland.org (Emanuele Balla (aka Skull)) Date: Thu, 03 Apr 2014 13:28:36 +0200 Subject: [Dovecot] Sieve (randomly?) flagging messages as \\Seen \\Deleted Message-ID: <533D45E4.50703@bofhland.org> Hi, I'm trying to debug (without great results, so far) a very weird behaviour in my environment. Sorry if this came out in another form before, but I've not been able to find out anything resembling what I'm experiencing, so far... OS is a debian wheezy and dovecot is the version provided by the OS: # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.4 The system uses postfix with virtual users, credentials and maildir locations stored on mysql, local delivery through LMTP and sieve+managesieve available to users (although managesieve only listens on localhost and is only usable through the webmail interface). FWIW, I've been running 10-20 systems just like this one (mostly with earlier dovecot versions and using LDA when LMTP wasn't available yet) for many years, and this is the very first time I'm so puzzled I end up searching for help here :-| Even though the system has been working for months (more or less 1 year now) without big changes, a strange behaviour appeared (or became evident enough to be noticed) in the last few days, apparently involving sieve and some sort of "default/hidden" action triggered by something. Or at least that's what I ended up supposing. The problem in short: Messages I expected to find in certain folders were simply not there, although sieve logs reported them as delivered in those same folders. By manually inspecting the maildir, I actually found the messages, but they were all flagged as \\Seen + \\Deleted and therefore not displayed by the MUA (ThunderBird in my case). I initially supposed this to be a TB issue, 'cause nothing in my sieve script ever flags messages that way, but I could not find anything on my client explaining that. Then I received a notification from one of my users saying he was experiencing exactly the same, except he's using mutt as IMAP client; that restricted the issue to server-side interactions only, but nothing useful could be found in logfiles... This is the "relevant" portion of a "dovecot -n" output: [...] plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +vacation-seconds +editheader sieve_vacation_default_period = 2d sieve_vacation_dont_check_recipient = yes sieve_vacation_max_period = 30d sieve_vacation_min_period = 2s sieve_vacation_use_original_recipient = no } [...] protocol lmtp { mail_plugins = sieve hostname = alternativename.bofhland.org } There is no sieve_(before|after) script in addition to what users create for themselves. The mailboxes are relatively low-traffic; most of the traffic is caused by a single role address translated into multiple-recipients alias going to many of the users (100-300 messages per day). Almost all the users using sieve rely on it to store traffic for that role-address in a dedicated folder, including the mutt user and myself. Not that's all that important, but means that most of the misbehaviours observed (but not all) are observed in these folders. I enabled mail_debug, but there's nothing unusual in there AFAICT: it just says: - using the following location for user's Sieve script: /blabla/.dovecot.sieve - opening script /blabla/.dovecot.sieve - script binary /blabla/.dovecot.svbin successfully loaded - not saving binary /blabla/.dovecot.svbin, because it is already stored - executing script from /blabla/.dovecot.svbin - stored mail into mailbox 'DedicatedFolder' And it does, except the message happens to be flagged as seen and deleted... In order to try restricting what may be causing the issue, I added... removeflag "\\Deleted"; removeflag "\\Seen"; ...to the rule sending messages to the dedicated folder cited above for my mailbox. The problem apparently disappeared for me as long as I kept those in place. This should mean (I suppose) that the decision of flagging messages that way is taken before the users' sieve scripts are applied (sort of "hidden sieve_before"). The problem is hard to replicate as it's apparently not deterministic: the same message is being flagged for one user but not for the other, different messages between the same people and with the same thread are sometimes flagged and sometimes not. Something is surely triggering whatever is causing this, but it's not evident enough for me to point a finger and say "ha ha!" (https://www.youtube.com/watch?v=rX7wtNOkuHo) So, a question for people knowing pigeonhole's internals: does it ever choose to mark messages as described above for any reason? If yes, I may be triggering this behavior with something I recently added/modified, and at least I'll have something to focus my investigation on. :-| Any other suggestion is obviously welcome... From alessio at skye.it Thu Apr 3 12:08:44 2014 From: alessio at skye.it (Alessio Cecchi) Date: Thu, 03 Apr 2014 14:08:44 +0200 Subject: [Dovecot] Disable maildir indexing and dovecot-uidlist on LMTP/LDA delivery In-Reply-To: References: Message-ID: <533D4F4C.7010204@skye.it> Il 02/04/2014 12:27, Jouko Nikula ha scritto: > Hello all, > > Is there a way to use LMTP (or LDA) so that maildir index and > dovecot-uidlist are not updated? > > My setup is such that mail delivery sees user's maildir as write only. This > setup works well when using postfix for mail delivery, but when I try to > switch to dovecot LMTP the lmtp process wants to read the dovecot-uidlist > and fails on insufficient privileges. Is there a way around this without > exposing the maildir and mail home for read access? > > Regards, > Jouko Nikula > Hi, I'm running dovecot with index disabled on LDA (but isn't possibile to disable dovecot-uidlist update). Disable index update with LDA is usefull in some situation (one POP/IMAP server and two or more MX) and can be set up with: protocol lda { mail_location = whatever-you-have-now:INDEX=MEMORY } Take a look at this thread: http://www.dovecot.org/list/dovecot/2012-January/062924.html Ciao -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz Cloud Email Hosting -> http://www.qboxmail.com @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From skdovecot at smail.inf.fh-brs.de Thu Apr 3 12:23:50 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 3 Apr 2014 14:23:50 +0200 (CEST) Subject: [Dovecot] Sieve (randomly?) flagging messages as \\Seen \\Deleted In-Reply-To: <533D45E4.50703@bofhland.org> References: <533D45E4.50703@bofhland.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 3 Apr 2014, Emanuele Balla (aka Skull) wrote: > I'm trying to debug (without great results, so far) a very weird > behaviour in my environment. Did you tried with enabled mail_log plugin? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUz1S1nD1/YhP6VMHAQKdiAgApn+4IYZry7RYN0YZFdMxp8BGPMUkCsKI OOya2vQR62rFg3pKqw4PWlgOSaHV0e8DWk64S/N63FGNxz2fMfaF6om+8LQYJ5Yo 4WSa39LHeQPqCzg1G8tEMf6rqctr3++lIcWWfOu/09Yug6yvPVeJBPA59ZuJ4udu GHMkFb6NL54DIhsjKuIEeLMBiQcfFiX70X9ql9CPwNZvxbPZ04ayQiMw0wtr6bSY X3inQIaUXE40SHxcQyVYddSkEunl80ZBUnsyQxwjMg4E3N1NoDxVGN7JjR4JPykX m8IZYK25KidBBC1cPPg2DmVtBcDCgWmGjNTH+rNZGTsdgrGJxoA55Q== =r1bW -----END PGP SIGNATURE----- From stano at websupport.sk Thu Apr 3 13:12:21 2014 From: stano at websupport.sk (Pavel Stano) Date: Thu, 3 Apr 2014 15:12:21 +0200 Subject: [Dovecot] mdbox with mail_attachment_dir per user in 2.2.12 Message-ID: <20140403151221.725c125d@ass> Hello, we have 2 netapp arrays with 2 volumes and we need to store our mail data in one or other volume for every user. We want keep data for one user in one volume only. So we would like to have 2 separate mail_attachment_dir, one on every volume. But in latest version 2.2.12 it look like it is only possible to set one global mail_attachment_dir. I have an idea with 2 separate dovecot instances per machine with different mail_attachment_dir. Or it is possible to somehow specify it per user ? Thanks -- [ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ] Pavel Stano | Troubleshooter http://WebSupport.sk *** BERTE A VYCHUTNAVAJTE *** -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From skull at bofhland.org Thu Apr 3 13:21:59 2014 From: skull at bofhland.org (Emanuele Balla (aka Skull)) Date: Thu, 03 Apr 2014 15:21:59 +0200 Subject: [Dovecot] Sieve (randomly?) flagging messages as \\Seen \\Deleted In-Reply-To: References: <533D45E4.50703@bofhland.org> Message-ID: <533D6077.7040500@bofhland.org> On 03/04/14 14:23, Steffen Kaiser wrote: > On Thu, 3 Apr 2014, Emanuele Balla (aka Skull) wrote: > >> I'm trying to debug (without great results, so far) a very weird >> behaviour in my environment. > > Did you tried with enabled mail_log plugin? > I didn't but I tried it now: as far as I see/understand, that plugin tracks only status changes taking place on the IMAP side of things, as I don't see anything related with the LMTP session. It confirmed, however, what I already found out through other means: I see messages marked as \Seen,\Deleted in my folder, without any flag_change being logged by mail_log. So -it seems- the message is stored with those flags already applied... From dar at darklajid.de Thu Apr 3 13:59:23 2014 From: dar at darklajid.de (Benjamin Podszun) Date: Thu, 03 Apr 2014 15:59:23 +0200 Subject: [Dovecot] =?iso-8859-1?q?dovecot_2=2E2=2E10_=26_fts=5Flucene=3A_F?= =?iso-8859-1?q?ailed_to_initialize_backend?= In-Reply-To: References: <24ad279a-c558-4c35-b0bb-6e19097c9f95@darklajid.de> <533D29B1.4030704@myzel.net> Message-ID: On Thursday, April 3, 2014 12:13:49 PM CEST, Benjamin Podszun wrote: > On Thursday, April 3, 2014 11:28:17 AM CEST, Peter Chiochetti wrote: >> Am 2014-04-03 11:18, schrieb Benjamin Podszun: > ... Sorry for replying to myself, but I'm truely stuck and maybe this makes more sense to one of you guys? Running truss (think, 'strace' if you will) on doveadm fts rescan -u dar at darklajid.de I get the trace at the end of this mail. Take away for me: The .so file is actually used/loaded. The only error that I don't understand is ioctl(9,TIOCGETA,0xffffd3c0) ERR#25 'Inappropriate ioctl for device' Should I take this to the FreeBSD issue tracker instead? Thanks, Ben mmap(0x0,32768,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366509056 (0x800675000) issetugid(0x800874f30,0x7fffffffefc9,0x40,0x0,0xffff800800875f67,0x0) = 0 (0x0) lstat("/etc",{ mode=drwxr-xr-x ,inode=4895616,size=2048,blksize=32768 }) = 0 (0x0) lstat("/etc/libmap.conf",{ mode=-rw-r--r-- ,inode=4895697,size=112,blksize=32768 }) = 0 (0x0) open("/etc/libmap.conf",O_CLOEXEC,01760) = 3 (0x3) fstat(3,{ mode=-rw-r--r-- ,inode=4895697,size=112,blksize=32768 }) = 0 (0x0) mmap(0x0,112,PROT_READ,MAP_PRIVATE,3,0x0) = 34366541824 (0x80067d000) close(3) = 0 (0x0) lstat("/usr",{ mode=drwxr-xr-x ,inode=6902016,size=512,blksize=32768 }) = 0 (0x0) lstat("/usr/local",{ mode=drwxr-xr-x ,inode=6902027,size=512,blksize=32768 }) = 0 (0x0) lstat("/usr/local/etc",{ mode=drwxr-xr-x ,inode=250090,size=512,blksize=32768 }) = 0 (0x0) lstat("/usr/local/etc/libmap.d",0x7fffffffb798) ERR#2 'No such file or directory' munmap(0x80067d000,112) = 0 (0x0) access("/usr/local/lib/dovecot/libz.so.6",0) ERR#2 'No such file or directory' open("/var/run/ld-elf.so.hints",O_CLOEXEC,031713770) = 3 (0x3) read(3,"Ehnt\^A\0\0\0\M^@\0\0\0Z\0\0\0\0\0\0\0Y\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0",128) = 128 (0x80) lseek(3,0x80,SEEK_SET) = 128 (0x80) read(3,"/lib:/usr/lib:/usr/lib/compat:/usr/local/lib:/usr/local/lib/dovecot:/usr/local/lib/event2\0",90) = 90 (0x5a) close(3) = 0 (0x0) access("/lib/libz.so.6",0) = 0 (0x0) open("/lib/libz.so.6",O_CLOEXEC,031713770) = 3 (0x3) fstat(3,{ mode=-r--r--r-- ,inode=4574633,size=85424,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366541824 (0x80067d000) mmap(0x0,2183168,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34368610304 (0x800876000) mmap(0x800876000,81920,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34368610304 (0x800876000) mmap(0x800a8a000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x14000) = 34370789376 (0x800a8a000) munmap(0x80067d000,4096) = 0 (0x0) close(3) = 0 (0x0) access("/usr/local/lib/dovecot/libcrypt.so.5",0) ERR#2 'No such file or directory' access("/lib/libcrypt.so.5",0) = 0 (0x0) open("/lib/libcrypt.so.5",O_CLOEXEC,031713770) = 3 (0x3) fstat(3,{ mode=-r--r--r-- ,inode=4574617,size=61992,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366541824 (0x80067d000) mmap(0x0,2228224,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34370793472 (0x800a8b000) mmap(0x800a8b000,57344,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34370793472 (0x800a8b000) mmap(0x800c99000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0xe000) = 34372947968 (0x800c99000) mmap(0x800c9a000,69632,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34372952064 (0x800c9a000) munmap(0x80067d000,4096) = 0 (0x0) close(3) = 0 (0x0) access("/usr/local/lib/dovecot/libdovecot-storage.so.0",0) = 0 (0x0) open("/usr/local/lib/dovecot/libdovecot-storage.so.0",O_CLOEXEC,031713770) = 3 (0x3) fstat(3,{ mode=-rwxr-xr-x ,inode=329626,size=1243496,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366541824 (0x80067d000) mmap(0x0,3186688,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34373021696 (0x800cab000) mmap(0x800cab000,1048576,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34373021696 (0x800cab000) mmap(0x800faa000,45056,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0xff000) = 34376163328 (0x800faa000) munmap(0x80067d000,4096) = 0 (0x0) close(3) = 0 (0x0) access("/usr/local/lib/dovecot/libdovecot.so.0",0) = 0 (0x0) open("/usr/local/lib/dovecot/libdovecot.so.0",O_CLOEXEC,031713770) = 3 (0x3) fstat(3,{ mode=-rwxr-xr-x ,inode=329630,size=934523,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366541824 (0x80067d000) mmap(0x0,2920448,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34376208384 (0x800fb5000) mmap(0x800fb5000,802816,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34376208384 (0x800fb5000) mmap(0x801278000,16384,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0xc3000) = 34379104256 (0x801278000) mmap(0x80127c000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34379120640 (0x80127c000) munmap(0x80067d000,4096) = 0 (0x0) close(3) = 0 (0x0) access("/usr/local/lib/dovecot/libc.so.7",0) ERR#2 'No such file or directory' access("/lib/libc.so.7",0) = 0 (0x0) open("/lib/libc.so.7",O_CLOEXEC,031713770) = 3 (0x3) fstat(3,{ mode=-r--r--r-- ,inode=4574605,size=1567216,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366541824 (0x80067d000) mmap(0x0,3772416,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34379128832 (0x80127e000) mmap(0x80127e000,1458176,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34379128832 (0x80127e000) mmap(0x8015e2000,49152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x164000) = 34382684160 (0x8015e2000) mmap(0x8015ee000,167936,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34382733312 (0x8015ee000) munmap(0x80067d000,4096) = 0 (0x0) close(3) = 0 (0x0) mmap(0x0,53248,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366541824 (0x80067d000) munmap(0x800683000,28672) = 0 (0x0) mmap(0x0,69632,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366566400 (0x800683000) munmap(0x80068d000,28672) = 0 (0x0) mmap(0x0,102400,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366607360 (0x80068d000) sysarch(0x81,0x7fffffffd188,0x4,0x0,0xffffffffff0bd080,0xf0000000) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) readlink("/etc/malloc.conf",0x7fffffffc8b0,1024) ERR#2 'No such file or directory' issetugid(0x8013b993e,0x7fffffffc8b0,0xffffffffffffffff,0x0,0x39,0xffffffff0fffffff) = 0 (0x0) mmap(0x0,4194304,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34382901248 (0x801617000) munmap(0x801617000,4194304) = 0 (0x0) mmap(0x0,8384512,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34382901248 (0x801617000) munmap(0x801617000,2002944) = 0 (0x0) munmap(0x801c00000,2187264) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) gettimeofday({1396533174.297941 },0x0) = 0 (0x0) getpid() = 31345 (0x7a71) mmap(0x0,4194304,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34389098496 (0x801c00000) __sysctl(0x7fffffffd8a8,0x2,0x7fffffffd8d0,0x7fffffffd8b0,0x0,0x0) = 0 (0x0) getpid() = 31345 (0x7a71) sigaction(SIGPIPE,{ SIG_IGN SA_RESTART ss_t },0x0) = 0 (0x0) sigaction(SIGALRM,{ 0x80102ff50 SA_SIGINFO ss_t },0x0) = 0 (0x0) gettimeofday({1396533174.299003 },0x0) = 0 (0x0) socket(PF_LOCAL,SOCK_STREAM,0) = 3 (0x3) fcntl(3,F_GETFL,) = 2 (0x2) fcntl(3,F_SETFL,O_NONBLOCK|0x2) = 0 (0x0) connect(3,{ AF_UNIX "/var/run/dovecot/config" },106) = 0 (0x0) fcntl(3,F_GETFL,) = 6 (0x6) fcntl(3,F_SETFL,0x2) = 0 (0x0) write(3,"VERSION\tconfig\t2\t0\nREQ\tmodule=doveadm\n",38) = 38 (0x26) fstat(3,{ mode=srw-rw-rw- ,inode=5640,size=1392,blksize=8192 }) = 0 (0x0) clock_gettime(13,{1396533174.000000000 }) = 0 (0x0) setitimer(0,{0.000000, 10.000000 },{0.000000, 0.000000 }) = 0 (0x0) read(3,"service=lmtp\tservice=imap\t\nmail_plugins=fts\nplugin=\nplugin/antispam_backend=dspam\nplugin/antispam_spam=Spam;Junk\nplugin/antispam_trash=trash;Trash\nplugin/antispam_signature=X-DSPAM-Signature\nplugin/antispam_signature_missing=error\nplugin/antispam_dspam_binary=/usr/local/bin/dspamc\nplugin/antispam_dspam_args=--user;%Lu;--source=error;--signature=%%s\nplugin/antispam_dspam_spam=--class=spam\nplugin/antispam_dspam_notspam=--class=innocent\nplugin/antispam_dspam_result_header=X-DSPAM-Result\nplugin/s"...,8192) = 1392 (0x570) setitimer(0,{0.000000, 0.000000 },{0.000000, 9.998808 }) = 0 (0x0) open("/usr/local/lib/dovecot",O_NONBLOCK|O_DIRECTORY|O_CLOEXEC,010) = 4 (0x4) fstatfs(0x4,0x7fffffffd6f8,0x4,0x80069f108,0x801c20010,0x2) = 0 (0x0) getdirentries(0x4,0x801c4c000,0x1000,0x801c20108,0x0,0x801615b10) = 3424 (0xd60) getdirentries(0x4,0x801c4c000,0x1000,0x801c20108,0xd60,0x8080808080808080) = 0 (0x0) close(4) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) open("/usr/local/lib/dovecot/lib20_fts_plugin.so",O_CLOEXEC,053) = 4 (0x4) fstat(4,{ mode=-rwxr-xr-x ,inode=329573,size=85122,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,4,0x0) = 34366709760 (0x8006a6000) mmap(0x0,2166784,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34393292800 (0x802000000) mmap(0x802000000,65536,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,4,0x0) = 34393292800 (0x802000000) mmap(0x80220f000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,4,0xf000) = 34395451392 (0x80220f000) munmap(0x8006a6000,4096) = 0 (0x0) close(4) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) open("/usr/local/lib/dovecot/doveadm",O_NONBLOCK|O_DIRECTORY|O_CLOEXEC,03) = 4 (0x4) fstatfs(0x4,0x7fffffffd708,0x60,0x80069f108,0x801c20010,0x2) = 0 (0x0) getdirentries(0x4,0x801c4c000,0x1000,0x801c20108,0x0,0x801615b10) = 732 (0x2dc) getdirentries(0x4,0x801c4c000,0x1000,0x801c20108,0x2dc,0x8080808080808080) = 0 (0x0) close(4) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) open("/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so",O_CLOEXEC,073) = 4 (0x4) fstat(4,{ mode=-rwxr-xr-x ,inode=329524,size=22234,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,4,0x0) = 34366709760 (0x8006a6000) mmap(0x0,2113536,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34395459584 (0x802211000) mmap(0x802211000,16384,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,4,0x0) = 34395459584 (0x802211000) mmap(0x802414000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,4,0x3000) = 34397569024 (0x802414000) munmap(0x8006a6000,4096) = 0 (0x0) close(4) = 0 (0x0) munmap(0x802211000,2113536) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) open("/usr/local/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so",O_CLOEXEC,076) = 4 (0x4) fstat(4,{ mode=-rwxr-xr-x ,inode=329527,size=16158,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,4,0x0) = 34366709760 (0x8006a6000) mmap(0x0,2109440,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34395459584 (0x802211000) mmap(0x802211000,12288,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,4,0x0) = 34395459584 (0x802211000) mmap(0x802413000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,4,0x2000) = 34397564928 (0x802413000) munmap(0x8006a6000,4096) = 0 (0x0) close(4) = 0 (0x0) munmap(0x802211000,2109440) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) open("/usr/local/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so",O_CLOEXEC,075) = 4 (0x4) fstat(4,{ mode=-rwxr-xr-x ,inode=329530,size=9468,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,4,0x0) = 34366709760 (0x8006a6000) mmap(0x0,2105344,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34395459584 (0x802211000) mmap(0x802211000,8192,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,4,0x0) = 34395459584 (0x802211000) mmap(0x802412000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,4,0x1000) = 34397560832 (0x802412000) munmap(0x8006a6000,4096) = 0 (0x0) close(4) = 0 (0x0) munmap(0x802211000,2105344) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) open("/usr/local/lib/dovecot/doveadm/lib10_doveadm_sieve_plugin.so",O_CLOEXEC,075) = 4 (0x4) fstat(4,{ mode=-rwxr-xr-x ,inode=329735,size=55261,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,4,0x0) = 34366709760 (0x8006a6000) mmap(0x0,2142208,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34395459584 (0x802211000) mmap(0x802211000,40960,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,4,0x0) = 34395459584 (0x802211000) mmap(0x80241b000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,4,0xa000) = 34397597696 (0x80241b000) munmap(0x8006a6000,4096) = 0 (0x0) close(4) = 0 (0x0) access("/usr/local/lib/dovecot-2.2-pigeonhole/libdovecot-sieve.so.0",0) = 0 (0x0) open("/usr/local/lib/dovecot-2.2-pigeonhole/libdovecot-sieve.so.0",O_CLOEXEC,031713770) = 4 (0x4) fstat(4,{ mode=-rwxr-xr-x ,inode=329732,size=622114,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,4,0x0) = 34366709760 (0x8006a6000) mmap(0x0,2621440,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34397601792 (0x80241c000) mmap(0x80241c000,495616,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,4,0x0) = 34397601792 (0x80241c000) mmap(0x802694000,32768,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,4,0x78000) = 34400190464 (0x802694000) munmap(0x8006a6000,4096) = 0 (0x0) close(4) = 0 (0x0) access("/usr/local/lib/dovecot/libdovecot-lda.so.0",0) = 0 (0x0) open("/usr/local/lib/dovecot/libdovecot-lda.so.0",O_CLOEXEC,031713770) = 4 (0x4) fstat(4,{ mode=-rwxr-xr-x ,inode=329614,size=62503,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,4,0x0) = 34366709760 (0x8006a6000) mmap(0x0,2146304,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34400223232 (0x80269c000) mmap(0x80269c000,45056,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,4,0x0) = 34400223232 (0x80269c000) mmap(0x8028a7000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,4,0xb000) = 34402365440 (0x8028a7000) munmap(0x8006a6000,4096) = 0 (0x0) close(4) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) open("/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so",O_CLOEXEC,0102) = 4 (0x4) fstat(4,{ mode=-rwxr-xr-x ,inode=329533,size=9305,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,4,0x0) = 34366709760 (0x8006a6000) mmap(0x0,2105344,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34402369536 (0x8028a8000) mmap(0x8028a8000,4096,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,4,0x0) = 34402369536 (0x8028a8000) mmap(0x802aa9000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,4,0x1000) = 34404470784 (0x802aa9000) munmap(0x8006a6000,4096) = 0 (0x0) close(4) = 0 (0x0) munmap(0x8028a8000,2105344) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) open("/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so",O_CLOEXEC,073) = 4 (0x4) fstat(4,{ mode=-rwxr-xr-x ,inode=329536,size=13244,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,4,0x0) = 34366709760 (0x8006a6000) mmap(0x0,2105344,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34402369536 (0x8028a8000) mmap(0x8028a8000,8192,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,4,0x0) = 34402369536 (0x8028a8000) mmap(0x802aa9000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,4,0x1000) = 34404470784 (0x802aa9000) munmap(0x8006a6000,4096) = 0 (0x0) close(4) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigaction(SIGINT,{ 0x8010301e0 SA_SIGINFO ss_t },0x0) = 0 (0x0) pipe(0x80127bc30) = 0 (0x0) fcntl(4,F_GETFL,) = 2 (0x2) fcntl(4,F_SETFL,O_NONBLOCK|0x2) = 0 (0x0) fcntl(5,F_GETFL,) = 2 (0x2) fcntl(5,F_SETFL,O_NONBLOCK|0x2) = 0 (0x0) fcntl(4,F_GETFD,) = 0 (0x0) fcntl(4,F_SETFD,FD_CLOEXEC) = 0 (0x0) fcntl(5,F_GETFD,) = 0 (0x0) fcntl(5,F_SETFD,FD_CLOEXEC) = 0 (0x0) kqueue(0x801c220c0,0x0,0x20,0x80069f108,0x20,0x2) = 6 (0x6) fcntl(6,F_GETFD,) = 0 (0x0) fcntl(6,F_SETFD,FD_CLOEXEC) = 0 (0x0) kevent(6,{0x4,EVFILT_READ,EV_ADD,0,0x0,0x801c23300},1,0x0,0,0x0) = 0 (0x0) sigaction(SIGTERM,{ 0x8010301e0 SA_SIGINFO ss_t },0x0) = 0 (0x0) open("/dev/null",O_WRONLY|O_APPEND|O_CREAT,0600) = 7 (0x7) fcntl(7,F_GETFD,) = 0 (0x0) fcntl(7,F_SETFD,FD_CLOEXEC) = 0 (0x0) umask(0x3f,0x800d89214,0x0,0x2,0x400,0x1) = 18 (0x12) write(3,"VERSION\tconfig\t2\t0\nREQ\tservice=doveadm\tuser=dar at darklajid.de\n",61) = 61 (0x3d) fstat(3,{ mode=srw-rw-rw- ,inode=5640,size=8174,blksize=8192 }) = 0 (0x0) clock_gettime(13,{1396533174.000000000 }) = 0 (0x0) setitimer(0,{0.000000, 10.000000 },{0.000000, 0.000000 }) = 0 (0x0) read(3,"\nlogin_log_format_elements=user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k\ndisable_plaintext_auth=yes\nmanagesieve_sieve_capability=fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave\nmanagesieve_notify_capability=mailto\nssl=required\nssl_cert=-----BEGIN CERTIFICATE-----\^CMIIGojCCBYqgAwIBAgIDD2wnMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ\^CTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLj"...,8192) = 8174 (0x1fee) read(3,"service/stats/idle",18) = 18 (0x12) read(3,"_kill=4294967295 secs\nservice/stats/unix_listener=stats\nservice/stats/unix_listener/stats/path=stats\nservice/stats/fifo_listener=stats-mail\nservice/stats/fifo_listener/stats-mail/path=stats-mail\nservice/ssl-params/name=ssl-params\nservice/ssl-params/type=startup\nservice/ssl-params/executable=ssl-params\nservice/ssl-params/unix_listener=ssl-params login\\sssl-params\nservice/ssl-params/unix_listener/ssl-params/path=ssl-params\nservice/ssl-params/unix_listener/ssl-params/mode=0666\nservice/ssl-params/un"...,8174) = 8174 (0x1fee) read(3,"onfig/type=config\nservice/config/executable=config\nservice/config/unix_listener=config\nservice/config/unix_listener/config/path=config\nservice/auth/name=auth\nservice/auth/executable=auth\nservice/auth/user=dovecot\nservice/auth/process_limit=1\nservice/auth/unix_listener=login\\slogin token-login\\stokenlogin auth-login auth-client auth-userdb auth-master \\svar\\sspool\\spostfix\\sprivate\\sauth \\svar\\sprosody\\sprivate\\sauth\nservice/auth/unix_listener/login\\slogin/path=login/login\nservice/auth/"...,8183) = 4294 (0x10c6) setitimer(0,{0.000000, 0.000000 },{0.000000, 9.997125 }) = 0 (0x0) gettimeofday({1396533174.322761 },0x0) = 0 (0x0) socket(PF_LOCAL,SOCK_STREAM,0) = 8 (0x8) fcntl(8,F_GETFL,) = 2 (0x2) fcntl(8,F_SETFL,O_NONBLOCK|0x2) = 0 (0x0) connect(8,{ AF_UNIX "/var/run/dovecot/auth-userdb" },106) = 0 (0x0) gettimeofday({1396533174.323334 },0x0) = 0 (0x0) fstat(8,{ mode=srw-rw-rw- ,inode=5642,size=23,blksize=8192 }) = 0 (0x0) lseek(8,0x0,SEEK_CUR) ERR#29 'Illegal seek' getsockname(8,{ AF_UNIX "" },0x7fffffffd5ec) = 0 (0x0) kqueue(0x801c22180,0x0,0x20,0x80069f108,0x20,0x2) = 9 (0x9) fcntl(9,F_GETFD,) = 0 (0x0) fcntl(9,F_SETFD,FD_CLOEXEC) = 0 (0x0) kevent(9,{0x8,EVFILT_READ,EV_ADD,0,0x0,0x801c235c0},1,0x0,0,0x0) = 0 (0x0) kevent(6,{0x4,EVFILT_READ,EV_DELETE,0,0x0,0x0},1,0x0,0,0x0) = 0 (0x0) kevent(9,{0x4,EVFILT_READ,EV_ADD,0,0x0,0x801c23300},1,0x0,0,0x0) = 0 (0x0) write(8,"VERSION\t1\t0\nUSER\t1\tdar at darklajid.de\tservice=doveadm\n",52) = 52 (0x34) gettimeofday({1396533174.325459 },0x0) = 0 (0x0) kevent(9,0x0,0,{0x8,EVFILT_READ,0x0,0,0xb1,0x801c235c0},2,{154.997541000 }) = 1 (0x1) gettimeofday({1396533174.325675 },0x0) = 0 (0x0) read(8,"VERSION\t1\t1\nSPID\t23194\nUSER\t1\tdar at darklajid.de\tuid=1003\tgid=1003\thome=/var/vmail/darklajid.de/dar/\tmail=maildir:/var/vmail/darklajid.de/dar/Maildir\tquota_rule=*:bytes=104857600\n",8192) = 177 (0xb1) kevent(9,{0x4,EVFILT_READ,EV_DELETE,0,0x0,0x0},1,0x0,0,0x0) = 0 (0x0) kevent(6,{0x4,EVFILT_READ,EV_ADD,0,0x0,0x801c23300},1,0x0,0,0x0) = 0 (0x0) kevent(9,{0x8,EVFILT_READ,EV_DELETE,0,0x0,0x0},1,0x0,0,0x0) = 0 (0x0) close(9) = 0 (0x0) geteuid() = 0 (0x0) stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=4895656,size=324,blksize=32768 }) = 0 (0x0) open("/etc/nsswitch.conf",O_CLOEXEC,0666) = 9 (0x9) ioctl(9,TIOCGETA,0xffffd3f0) ERR#25 'Inappropriate ioctl for device' fstat(9,{ mode=-rw-r--r-- ,inode=4895656,size=324,blksize=32768 }) = 0 (0x0) read(9,"#\n# nsswitch.conf(5) - name service switch configuration file\n# $FreeBSD: release/10.0.0/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z dougb $\n#\ngroup: compat\ngroup_compat: nis\nhosts: files dns\nnetworks: files\npasswd: compat\npasswd_compat: nis\nshells: files\nservices: compat\nservices_compat: nis\nprotocols: files\nrpc: files\n",32768) = 324 (0x144) read(9,0x801ca5000,32768) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) access("/usr/local/lib/dovecot/nss_compat.so.1",0) ERR#2 'No such file or directory' access("/lib/nss_compat.so.1",0) ERR#2 'No such file or directory' access("/usr/lib/nss_compat.so.1",0) ERR#2 'No such file or directory' access("/usr/lib/compat/nss_compat.so.1",0) ERR#2 'No such file or directory' access("/usr/local/lib/nss_compat.so.1",0) ERR#2 'No such file or directory' access("/usr/local/lib/dovecot/nss_compat.so.1",0) ERR#2 'No such file or directory' access("/usr/local/lib/event2/nss_compat.so.1",0) ERR#2 'No such file or directory' access("/lib/nss_compat.so.1",0) ERR#2 'No such file or directory' access("/usr/lib/nss_compat.so.1",0) ERR#2 'No such file or directory' sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) access("/usr/local/lib/dovecot/nss_nis.so.1",0) ERR#2 'No such file or directory' access("/lib/nss_nis.so.1",0) ERR#2 'No such file or directory' access("/usr/lib/nss_nis.so.1",0) ERR#2 'No such file or directory' access("/usr/lib/compat/nss_nis.so.1",0) ERR#2 'No such file or directory' access("/usr/local/lib/nss_nis.so.1",0) ERR#2 'No such file or directory' access("/usr/local/lib/dovecot/nss_nis.so.1",0) ERR#2 'No such file or directory' access("/usr/local/lib/event2/nss_nis.so.1",0) ERR#2 'No such file or directory' access("/lib/nss_nis.so.1",0) ERR#2 'No such file or directory' access("/usr/lib/nss_nis.so.1",0) ERR#2 'No such file or directory' sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) access("/usr/local/lib/dovecot/nss_files.so.1",0) ERR#2 'No such file or directory' access("/lib/nss_files.so.1",0) ERR#2 'No such file or directory' access("/usr/lib/nss_files.so.1",0) ERR#2 'No such file or directory' access("/usr/lib/compat/nss_files.so.1",0) ERR#2 'No such file or directory' access("/usr/local/lib/nss_files.so.1",0) ERR#2 'No such file or directory' access("/usr/local/lib/dovecot/nss_files.so.1",0) ERR#2 'No such file or directory' access("/usr/local/lib/event2/nss_files.so.1",0) ERR#2 'No such file or directory' access("/lib/nss_files.so.1",0) ERR#2 'No such file or directory' access("/usr/lib/nss_files.so.1",0) ERR#2 'No such file or directory' sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) access("/usr/local/lib/dovecot/nss_dns.so.1",0) ERR#2 'No such file or directory' access("/lib/nss_dns.so.1",0) ERR#2 'No such file or directory' access("/usr/lib/nss_dns.so.1",0) ERR#2 'No such file or directory' access("/usr/lib/compat/nss_dns.so.1",0) ERR#2 'No such file or directory' access("/usr/local/lib/nss_dns.so.1",0) ERR#2 'No such file or directory' access("/usr/local/lib/dovecot/nss_dns.so.1",0) ERR#2 'No such file or directory' access("/usr/local/lib/event2/nss_dns.so.1",0) ERR#2 'No such file or directory' access("/lib/nss_dns.so.1",0) ERR#2 'No such file or directory' access("/usr/lib/nss_dns.so.1",0) ERR#2 'No such file or directory' sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) ioctl(9,TIOCGETA,0xffffd3c0) ERR#25 'Inappropriate ioctl for device' close(9) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) open("/etc/group",O_CLOEXEC,0666) = 9 (0x9) fstat(9,{ mode=-rw-r--r-- ,inode=4895990,size=595,blksize=32768 }) = 0 (0x0) lseek(9,0x0,SEEK_CUR) = 0 (0x0) lseek(9,0x0,SEEK_SET) = 0 (0x0) read(9,"# $FreeBSD: release/10.0.0/etc/group 256366 2013-10-12 06:08:18Z rpaulo $\n#\nwheel:*:0:root,dar\ndaemon:*:1:\nkmem:*:2:\nsys:*:3:\ntty:*:4:\noperator:*:5:root\nmail:*:6:postfix\nbin:*:7:\nnews:*:8:\nman:*:9:\ngames:*:13:\nftp:*:14:\nstaff:*:20:\nsshd:*:22:\nsmmsp:*:25:\nmailnull:*:26:\nguest:*:31:\nbind:*:53:\nunbound:*:59:\nproxy:*:62:\nauthpf:*:63:\n_pflogd:*:64:\n_dhcp:*:65:\nuucp:*:66:\ndialer:*:68:\nnetwork:*:69:\naudit:*:77:\nwww:*:80:\nhast:*:845:\nnogroup:*:65533:\nnobody:*:65534:\ndar:*:1001:\npgs"...,32768) = 595 (0x253) close(9) = 0 (0x0) geteuid() = 0 (0x0) getegid() = 0 (0x0) process exit, rval = 68 From skdovecot at smail.inf.fh-brs.de Thu Apr 3 14:08:50 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 3 Apr 2014 16:08:50 +0200 (CEST) Subject: [Dovecot] Sieve (randomly?) flagging messages as \\Seen \\Deleted In-Reply-To: <533D6077.7040500@bofhland.org> References: <533D45E4.50703@bofhland.org> <533D6077.7040500@bofhland.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 3 Apr 2014, Emanuele Balla (aka Skull) wrote: > On 03/04/14 14:23, Steffen Kaiser wrote: >> On Thu, 3 Apr 2014, Emanuele Balla (aka Skull) wrote: >> >>> I'm trying to debug (without great results, so far) a very weird >>> behaviour in my environment. >> >> Did you tried with enabled mail_log plugin? >> > > I didn't but I tried it now: as far as I see/understand, that plugin > tracks only status changes taking place on the IMAP side of things, as I > don't see anything related with the LMTP session. > > It confirmed, however, what I already found out through other means: I > see messages marked as \Seen,\Deleted in my folder, without any > flag_change being logged by mail_log. > > So -it seems- the message is stored with those flags already applied... Honestly, I hoped otherwise and suggested the plugin. :) - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUz1rc3D1/YhP6VMHAQLbswf/WHIoWot2IZHWWmdqmdar0OxeDCoaa45d WX7Gu3hE2TPqDNVFq6TNSR6zxRU1/aO8Sl1wjPTtAzmLsgL6jXG5lpp8IDM9rEgr R+Jb05WlB2S/hxjd8DuuPZYP0kyHpkTZIjLQ38ESGKeYd6hWLisCn8qFNp7zKUk4 SQc6G3GP+sflYtAU3KRuk3eUoKPFS1hJ3TIUI0feDnyeXG9D2F3Sinejs/Uhjy5J jxS3jg5k5mjgcfoQGlCykHrwcTmbsflHrrSfAN7DIm1Qk4KmlEVezj4EGH/7HqGq Sad3ppMcJbvEPK3tOz8Uev2nAhIeT385YZCu1/OeeIdwxQm0wYkaAg== =6uHd -----END PGP SIGNATURE----- From t.b.mailinglists at igeno-fat.de Thu Apr 3 14:28:01 2014 From: t.b.mailinglists at igeno-fat.de (T.B.) Date: Thu, 03 Apr 2014 16:28:01 +0200 Subject: [Dovecot] xz compression Message-ID: <533D6FF1.3020108@igeno-fat.de> Hello Timo, I've successfully setup xz compression for my Dovecot installation using the version 2.2.12 from Debian unstable. Together with the activation of the "Single Instance Attachment Storage", this reduced the mail storage utilization for 20 mail accounts by 74%. *My question:* (For this test just one user was logged in. OS = Debian Wheezy, AMD64) After conversion of my mail storage, IMAP read by Thunderbird worked perfectly. But IMAP write and LMTP write was not possible.* *xz compression seems to need a higher vsz_limit than its default value of 256M without compression. Before the conversion, 256M was enough with the plugins "**acl fts fts_solr" and " imap_zlib". 512M was still not enough for xz compression, 1024M works OK but I'm not sure since this is a relative large increase. My new setting: /etc/dovecot/conf.d/10-master.conf: service imap { vsz_limit=1024M } The absolute minimum to successfully send an empty mail is 710MB (700MB still produces out of memory)! _*Is this normal behaviour? What is a recommended value for "service imap {vsz_limit = }"?*_ I recommend to add this "_vsz_limit"_-increase to the wiki (http://wiki2.dovecot.org/Plugins/Zlib) to make others life easier. Error log below. * **My config & how I converted:* /etc/dovecot/conf.d/10-mail.conf: mail_plugins = *zlib *acl fts fts_solr /etc/dovecot/conf.d/90-plugin.conf: # Enable these only if you want compression while saving: zlib_save_level = 9 # 1..9 zlib_save = xz For "Single Instance Attachment Storage": /etc/dovecot/conf.d/10-mail.conf: # Directory root where to store mail attachments. Disabled, if empty. mail_attachment_dir = /srv/vmail/mail_attachments For compressed IMAP access ( to reduce the bandwidth usage of IMAP ) (has nothing to do with storage space): /etc/dovecot/conf.d/20-imap.conf: protocol imap { mail_plugins = $mail_plugins *imap_zlib* } Previous storage format was standard mdbox Format. To convert a single user, I used dsync from the command line: dsync -u user at domain.de mirror mdbox:/srv/converted_vmail/user at domain.de/ After conversion (~2 hours per account), I moved the original mail folder of the user to a backup location and replaced it by the converted folders from "/srv/converted_vmail/user at domain.de/". (Pay attention that the directory structure matches!, I had to adjust ist.) *My Problem:* *After conversion IMAP read by Thunderbird worked perfectly**. But IMAP write and **LMTP write was not possible**.** **/var/log/dovecot.log showed that vsz_limit**was to restrictive:* Log: Apr 03 14:13:14 imap(user at domain.de): Fatal: lzma: Out of memory Apr 03 14:13:14 imap(user at domain.de): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x674f0) [0x7f8538fd54f0] -> /usr/lib/dovecot/libdovecot.so.0(+0x675ce) [0x7f8538fd55ce] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f8538f90678] -> /usr/lib/dovecot/modules/lib20_zlib_plugin.so(o_stream_create_lzma+0xeb) [0x7f8538393ecb] -> /usr/lib/dovecot/modules/lib20_zlib_plugin.so(+0x2c14) [0x7f8538390c14] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_save_begin+0x43) [0x7f85392bdc23] -> dovecot/imap [user at domain.de 192.168.1.42 append](+0xd824) [0x7f8539788824] -> dovecot/imap [user at domain.de 192.168.1.42 append](cmd_append+0x10e) [0x7f8539788a6e] -> dovecot/imap [user at domain.de 192.168.1.42 append](command_exec+0x3c) [0x7f853979390c] -> dovecot/imap [user at domain.de 192.168.1.42 append](+0x178ff) [0x7f85397928ff] -> dovecot/imap [user at domain.de 192.168.1.42 append](+0x179b5) [0x7f85397929b5] -> dovecot/imap [user at domain.de 192.168.1.42 append](client_handle_input+0x125) [0x7f8539792cd5] -> dovecot/imap [user at domain.de 192.168.1.42 append](client_input+0x75) [0x7f8539793065] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27) [0x7f8538fe55c7] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7) [0x7f8538fe6357] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f8538fe5168] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f8538f95723] -> dovecot/imap [user at domain.de 192.168.1.42 append](main+0x2c4) [0x7f8539787324] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f8538be6b45] -> dovecot/imap [user at domain.de 192.168.1.42 append](+0xc490) [0x7f8539787490] Apr 03 14:13:14 imap-login: Debug: SSL alert: close notify [192.168.1.42] Apr 03 14:13:14 imap(user at domain.de): Fatal: master: service(imap): child 23995 returned error 83 (Out of memory (service imap { vsz_limit=256 MB }, you may need to increase it) - set CORE_OUTOFMEM=1 environment to get core dump) ============================================== From jtam.home at gmail.com Thu Apr 3 22:13:38 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Thu, 3 Apr 2014 15:13:38 -0700 (PDT) Subject: [Dovecot] Disable maildir indexing and dovecot-uidlist on LMTP/LDA delivery In-Reply-To: References: Message-ID: On Thu, 3 Apr 2014, Jouko Nikula wrote: > I now used: > > mail_location = maildir:~/mail:INDEX=MEMORY:CONTROL=/var/mail/%d/ctrl/%u > > and for sieve: > > plugin { > sieve = /var/mail/%d/ctrl/%u/dovecot.sieve > sieve_dir = /var/mail/%d/ctrl/%u/ > } > > I also have two dovecot instances. One is responsible for imap/pop3 and other > is responsible for sasl and and lmtp. The latter uses configuration above and > the former differs on the mail location so that it does not have the > INDEX=MEMORY setting: > > mail_location = maildir:~/mail:CONTROL=/var/mail/%d/ctrl/%u > > Do you see problems in this setup? No, but I don't use sieve (nor INDEX=MEMORY for that matter), so my knowledge is limited here. > My understanding is that now I'm wasting little bit CPU on creating > indices for new mail, but I nevertheless have working and stored > indices on the dovecot's imap instance. I/O is more precious than CPU, and that's what indices tries to conserve. I don't know how much performance degradation append operations (i.e. new mail) has on index updates, but it's probably proportional to mailbox size. If your mailboxes are small, it's probably negligible. >> However, I would look at the cause of the "insufficient privileges": >> it is a symptom of something that could lead to other problems. > > The cause is that I have not given lmtp read access to mail/home dir. > :-) So this is intentional. That is bizarre -- I can't think of how you can profit from denying read access to indices, but allow write access, and also allow read access to the mailboxes. Joseph Tam From javierdemiguel-ext at us.es Fri Apr 4 00:03:10 2014 From: javierdemiguel-ext at us.es (=?ISO-8859-15?Q?Javier_Miguel_Rodr=EDguez?=) Date: Fri, 04 Apr 2014 02:03:10 +0200 Subject: [Dovecot] xz compression In-Reply-To: <533D6FF1.3020108@igeno-fat.de> References: <533D6FF1.3020108@igeno-fat.de> Message-ID: <533DF6BE.3030002@us.es> El 03/04/2014 16:28, T.B. escribi?: > Hello Timo, > > I've successfully setup xz compression for my Dovecot installation > using the version 2.2.12 from Debian unstable. Read the man page of xz(1) . With -9 compression level 674 MiB of ram are needed. If you use dovecot+xz, you really need to increse vsz_limit. Personally, I would not use xz (-9) for main storage in a busy site. If you get +20 messages/second you need a lot of ram only for compression. I would use xz (-9) for alternate storage, tough. Regards Javier -- Apoyo a la Docencia e Investigaci?n Servicio de Inform?tica y Comunicaciones Gesti?n de Incidencias: https://sicremedy.us.es/arsys From jouko.nikula at iki.fi Fri Apr 4 06:45:02 2014 From: jouko.nikula at iki.fi (Jouko Nikula) Date: Fri, 4 Apr 2014 09:45:02 +0300 Subject: [Dovecot] Disable maildir indexing and dovecot-uidlist on LMTP/LDA delivery In-Reply-To: References: Message-ID: >>> However, I would look at the cause of the "insufficient privileges": >>> it is a symptom of something that could lead to other problems. >> >> >> The cause is that I have not given lmtp read access to mail/home dir. >> :-) So this is intentional. > > > That is bizarre -- I can't think of how you can profit from denying read > access to indices, but allow write access, and also allow read access > to the mailboxes. > > Joseph Tam Now in my configuration LMTP does not have read access to the mailboxes. So it can only read the CONTROL files and write all files. In my opinion this means added security. And thanks a lot to everyone for your help! From dar at darklajid.de Fri Apr 4 07:52:25 2014 From: dar at darklajid.de (Benjamin Podszun) Date: Fri, 04 Apr 2014 09:52:25 +0200 Subject: [Dovecot] =?iso-8859-1?q?dsync_deleted_my_mailbox_-_what_did_I_do?= =?iso-8859-1?q?_wrong=3F?= Message-ID: <9d0749cb-7387-427b-b3f6-6a2c5fb70eb3@darklajid.de> Hi. Mostly annoying: I migrated from one machine to another, made sure the target host worked as expected, updated mx records and - after a couple of days - signed it off as good. This is just my private machine, no big deal if something goes wrong.. Everything's fine? Good, let's migrate my inbox from the old machine. There's no direct connectivity between those servers, so what I did was: (old server) sudo -u vmail dsync -u dar at darklajid.de backup maildir:/tmp/mail_backup/ Works fine, got my maildir. Tar'd it up, moved it to the new server. Now how do I import those mails? Ah, let's use the same command, with -R? (new server) sudo -u vmail dsync -u dar at darklajid.de -R backup maildir:/tmp/mail_backup Error: Mailbox INBOX sync: mailbox_delete failed: INBOX can't be deleted. Wait. What? Sure enough, the last couple of days are gone, the target mailbox is completely empty. I read the man page over and over again, but failed to see the problem. I even thought for a moment that _maybe_ dsync backup is one-way only (even if that failed as well) and tried the same command with mirror. Exactly the same output, same result, empty target mailbox. In the end I succeeded to import the mails with doveadm import, completely lost a number of days of mails. My fault, sloppy not to back the up again, but I still don't think that this should happen. Ever. My question now is: - where did I fail (ignoring the backups, please. That's .. something I know) - Can I use dsync ... for backups? I don't think that this is a good idea after yesterday night? - Should dsync EVER try to delete mailboxes? Even 'special' mailboxes? Should it warn about that, asking for a --force switch or something? Any insights would be appreciated. At this point the damage is done, but I'd like to learn how to do better. Ben From axel.luttgens at skynet.be Fri Apr 4 08:18:20 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Fri, 4 Apr 2014 10:18:20 +0200 Subject: [Dovecot] Crash in pop3 with version 2.2.12 In-Reply-To: <53359F89.6080400@enas.net> References: <53352CF0.5000404@enas.net> <5335813E.6030501@dovecot.fi> <53359F89.6080400@enas.net> Message-ID: <8517C0BE-EC0D-46F8-8905-E687373C02EE@skynet.be> Le 28 mars 2014 ? 17:12, Urban Loesch a ?crit : > Hi, > > thanks for your fast help. > Now pop3 works again without error. > > Thanks > Urban > > > Am 28.03.2014 15:03, schrieb Teemu Huovila: >> Thats my bad. This commit should fix it http://hg.dovecot.org/dovecot-2.2/rev/b0359910ec96. Thanks for reporting it. >> >> Teemu Huovila Hello, I'm still wondering... under which circumstances could the crash occur? Trying here to reproduce it with an unpatched 2.2.12, without "success": LIST and UIDL always return consistent results, without crashes, and behave that way on several mailboxes. I'm asking, because the problem could thus be tied to some configurations/settings only (as Urban wrote: "I saw some people on the list [...]"); but the correction brought by b0359910ec96 is an unconditional one. On the other hand, the problem might be raised because of some particular combination of circumstances, which I can't reproduce now, but which I could face one day or another... Hence the question: to patch or not to patch? Many thanks in advance, Axel From nmilas at noa.gr Fri Apr 4 08:35:47 2014 From: nmilas at noa.gr (Nikolaos Milas) Date: Fri, 04 Apr 2014 11:35:47 +0300 Subject: [Dovecot] Crash in pop3 with version 2.2.12 In-Reply-To: <8517C0BE-EC0D-46F8-8905-E687373C02EE@skynet.be> References: <53352CF0.5000404@enas.net> <5335813E.6030501@dovecot.fi> <53359F89.6080400@enas.net> <8517C0BE-EC0D-46F8-8905-E687373C02EE@skynet.be> Message-ID: <533E6EE3.8020204@noa.gr> On 4/4/2014 11:18 ??, Axel Luttgens wrote: > I'm still wondering... under which circumstances could the crash occur? I was wondering the same thing. We are now running 2.2.12 in production for two weeks (unpatched) and we have not seen such an error (despite extensive use of POP3). Regards, Nick From teemu.huovila at dovecot.fi Fri Apr 4 08:37:54 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Fri, 04 Apr 2014 11:37:54 +0300 Subject: [Dovecot] Crash in pop3 with version 2.2.12 In-Reply-To: <8517C0BE-EC0D-46F8-8905-E687373C02EE@skynet.be> References: <53352CF0.5000404@enas.net> <5335813E.6030501@dovecot.fi> <53359F89.6080400@enas.net> <8517C0BE-EC0D-46F8-8905-E687373C02EE@skynet.be> Message-ID: <533E6F62.1080809@dovecot.fi> Hello On 04/04/2014 11:18 AM, Axel Luttgens wrote: > I'm still wondering... under which circumstances could the crash occur? This issue occurs whenever the function src/pop3/pop3-commands.c:client_uidls_save() is called. The function is called when: The pop3 internal structure client->message_uidls_save is 1. This in turn happens when any of these is true: 1. pop3 logoutformat has %u 2. config setting pop3_uidl_duplicates is not the default "allow" 3. config setting pop3_save_uidl=yes The problem manifests in two different ways. 1) When the zlib plugin is active the executable crashed due to a segmentation fault. 2) If there is no zlib, the data returned by the UIDL command is "off-by-one" and the last data item is null. Without zlib the error might look something like this: C:uidl S:+OK S:1 00000002533553b6 S:2 00000003533553b6 S:3 00000004533553b6 S:4 00000005533553b6 S:5 00000006533553b6 S:6 (null) S:. > Hence the question: to patch or not to patch? Patch, if your setup will need to meet any of the three criteria triggering the issue, before 2.2.13 is released. br, Teemu Huovila From egbert at vandenbussche.nl Fri Apr 4 09:07:29 2014 From: egbert at vandenbussche.nl (Egbert) Date: Fri, 04 Apr 2014 11:07:29 +0200 Subject: [Dovecot] imap / IPv6 problems? Message-ID: <533E7651.8030007@vandenbussche.nl> Hi, I have this intermittant problem. When sending an email it *sometimes* takes ages before the process finishes. The process seems to hang in moving the message to the sent items" folder". When I disable the IPv6 stack in the network config (this is MS Windows 7), the hanging process immedialetely completes! This makens me think that is has to do with the IP stacks. Another observed effect is a long "rotating wheel" when just klicking on an imap folder before the listing in the right pane updates. Here the same trick solves the problem. I use Thunderbird on W7 as client and have my mail (3 accounts) on a remote mailserver. I have full control over that server which can become handy... Th emailserver is Ubuntu 12.04 LTS with postfix and Dovecot (2.0.19) from the standard repo's. My IPv6 connections is a native IPv6 from my ISP (xs4all.nl). I have no reason to think that the IPv 6 connecition itself is the problem. Any advise to investigate this problem is welcome. Egbert Jan, NL From axel.luttgens at skynet.be Fri Apr 4 09:09:06 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Fri, 4 Apr 2014 11:09:06 +0200 Subject: [Dovecot] Crash in pop3 with version 2.2.12 In-Reply-To: <533E6F62.1080809@dovecot.fi> References: <53352CF0.5000404@enas.net> <5335813E.6030501@dovecot.fi> <53359F89.6080400@enas.net> <8517C0BE-EC0D-46F8-8905-E687373C02EE@skynet.be> <533E6F62.1080809@dovecot.fi> Message-ID: <545D8379-6743-478F-8A2E-B5185838118E@skynet.be> Le 4 avr. 2014 ? 10:37, Teemu Huovila a ?crit : > Hello > > On 04/04/2014 11:18 AM, Axel Luttgens wrote: >> I'm still wondering... under which circumstances could the crash occur? > This issue occurs whenever the function src/pop3/pop3-commands.c:client_uidls_save() is called. > The function is called when: > > The pop3 internal structure client->message_uidls_save is 1. This in turn happens when any of these is true: > 1. pop3 logoutformat has %u > 2. config setting pop3_uidl_duplicates is not the default "allow" > 3. config setting pop3_save_uidl=yes > > The problem manifests in two different ways. > 1) When the zlib plugin is active the executable crashed due to a segmentation fault. > 2) If there is no zlib, the data returned by the UIDL command is "off-by-one" and the last data item is null. > > Without zlib the error might look something like this: > C:uidl > S:+OK > S:1 00000002533553b6 > S:2 00000003533553b6 > S:3 00000004533553b6 > S:4 00000005533553b6 > S:5 00000006533553b6 > S:6 (null) > S:. > >> Hence the question: to patch or not to patch? > Patch, if your setup will need to meet any of the three criteria triggering the issue, before 2.2.13 is released. Hello Teemu, Thank you very much for your kind and very detailed explanation. None of 1. to 3. apply here, so I guess I've just been lucky. On the other hand, I didn't notice that the patch applies to a very precise context (the client_uidls_save function); it should thus be safe to apply it in all cases (even if un-needed with some *current* configuration). Sincerely, Axel From axel.luttgens at skynet.be Fri Apr 4 09:22:37 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Fri, 4 Apr 2014 11:22:37 +0200 Subject: [Dovecot] mdbox with mail_attachment_dir per user in 2.2.12 In-Reply-To: <20140403151221.725c125d@ass> References: <20140403151221.725c125d@ass> Message-ID: Le 3 avr. 2014 ? 15:12, Pavel Stano a ?crit : > Hello, > > we have 2 netapp arrays with 2 volumes and we need to store our mail > data in one or other volume for every user. > We want keep data for one user in one volume only. > > So we would like to have 2 separate mail_attachment_dir, one on every > volume. > But in latest version 2.2.12 it look like it is only possible to set > one global mail_attachment_dir. > > I have an idea with 2 separate dovecot instances per machine with > different mail_attachment_dir. Or it is possible to somehow specify it > per user ? Hello Pavel, I don't know whether that setting may be customized or if must have a single constant value. Anyway, have you tried to make use of variables for setting its value? Or, if more relevant in your case, by overriding it from your user database (see section "Overriding settings" at http://wiki2.dovecot.org/UserDatabase/ExtraFields). Axel From nmilas at noa.gr Fri Apr 4 09:42:02 2014 From: nmilas at noa.gr (Nikolaos Milas) Date: Fri, 04 Apr 2014 12:42:02 +0300 Subject: [Dovecot] dsync replication questions In-Reply-To: <1396256632.19039.33.camel@ubu101751> References: <533547BE.8080003@noa.gr> <1396256632.19039.33.camel@ubu101751> Message-ID: <533E7E6A.9050809@noa.gr> On 31/3/2014 12:03 ??, Simon Fraser wrote: > On Fri, 2014-03-28 at 11:58 +0200, Nikolaos Milas wrote: > >> >Question 2a: What do options "-d -N -l 30 -U" signify in >> >"replication_dsync_parameters = -d -N -l 30 -U"? > I'd also be interested to know the answer to this part. I found mention > of the '-f' option, and adding '-f' to that list appears to have fixed a > replication race condition I was having, but I can't find out a note of > what it does. There is no one who knows that? Or no documentation whatsoever? Anyone please? How can we determine whether we need to configure "replication_dsync_parameters = -d -N -l 30 -U" as indicated on the wiki2 (or some variation thereof) or not? Thanks, Nick From alanm at sics.se Fri Apr 4 10:03:04 2014 From: alanm at sics.se (Alan McGinlay) Date: Fri, 04 Apr 2014 12:03:04 +0200 Subject: [Dovecot] xz compression In-Reply-To: <533D6FF1.3020108@igeno-fat.de> References: <533D6FF1.3020108@igeno-fat.de> Message-ID: <4fe1a3c92b06ad087f18396da35f3d63@sics.se> > Hello Timo, > Why send a mail to the mailing list if you are addressing a single person? From alanm at sics.se Fri Apr 4 10:17:47 2014 From: alanm at sics.se (Alan McGinlay) Date: Fri, 04 Apr 2014 12:17:47 +0200 Subject: [Dovecot] dsync replication questions In-Reply-To: <533E7E6A.9050809@noa.gr> References: <533547BE.8080003@noa.gr> <1396256632.19039.33.camel@ubu101751> <533E7E6A.9050809@noa.gr> Message-ID: On 2014-04-04 11:42, Nikolaos Milas wrote: > On 31/3/2014 12:03 ??, Simon Fraser wrote: > > On Fri, 2014-03-28 at 11:58 +0200, Nikolaos Milas wrote: > > >Question 2a: What do options "-d -N -l 30 -U" signify in > >"replication_dsync_parameters = -d -N -l 30 -U"? > I'd also be interested to know the answer to this part. I found > mention > of the '-f' option, and adding '-f' to that list appears to have fixed > a > replication race condition I was having, but I can't find out a note > of > what it does. > > There is no one who knows that? Or no documentation whatsoever? > > Anyone please? > > How can we determine whether we need to configure > "replication_dsync_parameters = -d -N -l 30 -U" as indicated on the > wiki2 (or some variation thereof) or not? It does appear to be completely undocumented, I tried looking in the source code but just ended up going in circles (i'm not familiar with it at all). "doveadm sync" has no documentation that I can find at all. I would happily write it if I could find the options in the code lol /A From nmilas at noa.gr Fri Apr 4 10:58:34 2014 From: nmilas at noa.gr (Nikolaos Milas) Date: Fri, 04 Apr 2014 13:58:34 +0300 Subject: [Dovecot] dsync replication questions In-Reply-To: References: <533547BE.8080003@noa.gr> <1396256632.19039.33.camel@ubu101751> <533E7E6A.9050809@noa.gr> Message-ID: <533E905A.4050303@noa.gr> On 4/4/2014 1:17 ??, Alan McGinlay wrote: > It does appear to be completely undocumented, We would appreciate if Timo can kindly provide us with -at least- some details! > I tried looking in the source code but just ended up going in circles > (i'm not familiar with it at all). I faced the same difficulties... :-( Nick From nmilas at noa.gr Fri Apr 4 11:16:43 2014 From: nmilas at noa.gr (Nikolaos Milas) Date: Fri, 04 Apr 2014 14:16:43 +0300 Subject: [Dovecot] imap / IPv6 problems? In-Reply-To: <533E7651.8030007@vandenbussche.nl> References: <533E7651.8030007@vandenbussche.nl> Message-ID: <533E949B.40503@noa.gr> On 4/4/2014 12:07 ??, Egbert wrote: > When sending an email it*sometimes* takes ages before the process > finishes. The process seems to hang in moving the message to the sent > items" folder". When I disable the IPv6 stack in the network config > (this is MS Windows 7), the hanging process immedialetely completes! > This makens me think that is has to do with the IP stacks. Another > observed effect is a long "rotating wheel" when just klicking on an imap > folder before the listing in the right pane updates. Here the same trick > solves the problem. Something must be incomplete in your local IPv6 configuration. Have you configured IPv6 DNS servers? Are they working? Troubleshoot your IPv6 network connectivity (check configuration, firewalls, etc.). The behaviour you are describing is typical on systems which are struggling to use the IPv6 protocol (because it has higher priority) and they cannot due to some problem; when IPv6 connectivity attempts timeout, IPv4 is used. We are using Dovecot for years with IPv6 with various clients and we have no problems at all. Nick From stano at websupport.sk Fri Apr 4 12:23:13 2014 From: stano at websupport.sk (Pavel Stano) Date: Fri, 4 Apr 2014 14:23:13 +0200 Subject: [Dovecot] mdbox with mail_attachment_dir per user in 2.2.12 In-Reply-To: References: <20140403151221.725c125d@ass> Message-ID: <20140404142313.58fa4965@ass> Hello Alex, overriding it from user database works perfectly. Thanks On Fri, 4 Apr 2014 11:22:37 +0200 Axel Luttgens wrote: > Le 3 avr. 2014 ? 15:12, Pavel Stano a ?crit : > > > Hello, > > > > we have 2 netapp arrays with 2 volumes and we need to store our mail > > data in one or other volume for every user. > > We want keep data for one user in one volume only. > > > > So we would like to have 2 separate mail_attachment_dir, one on > > every volume. > > But in latest version 2.2.12 it look like it is only possible to set > > one global mail_attachment_dir. > > > > I have an idea with 2 separate dovecot instances per machine with > > different mail_attachment_dir. Or it is possible to somehow specify > > it per user ? > > Hello Pavel, > > I don't know whether that setting may be customized or if must have a > single constant value. > > Anyway, have you tried to make use of variables for setting its value? > Or, if more relevant in your case, by overriding it from your user > database (see section "Overriding settings" at > http://wiki2.dovecot.org/UserDatabase/ExtraFields). > > Axel -- [ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ] Pavel Stano | Troubleshooter http://WebSupport.sk *** BERTE A VYCHUTNAVAJTE *** -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From teemu.huovila at dovecot.fi Fri Apr 4 12:34:35 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Fri, 04 Apr 2014 15:34:35 +0300 Subject: [Dovecot] dsync replication questions In-Reply-To: <533E7E6A.9050809@noa.gr> References: <533547BE.8080003@noa.gr> <1396256632.19039.33.camel@ubu101751> <533E7E6A.9050809@noa.gr> Message-ID: <533EA6DB.7040105@dovecot.fi> On 04/04/2014 12:42 PM, Nikolaos Milas wrote: > Anyone please? > > How can we determine whether we need to configure "replication_dsync_parameters = -d -N -l 30 -U" as indicated on the wiki2 (or > some variation thereof) or not? I am definitely not Timo, but I will try a short answer based on my limited familiarity with the dsync replication functionality and code. -d Use a default location for the replica. As far as I can tell this is obtained from userdb variable mail_replica. -N Sync all (visible?) namespaces (only makes sense when syncing with a remote host, with potentially different namespaces) (instead of either -n or -x ) -l Use a dsync lock file when syncing and the timeout for locking. -U Update replicator server on the status of the replication For replicating in a multiple server configuration, they sound like a good idea to me. Hope this helps a little, Teemu Huovila From srf at sanger.ac.uk Fri Apr 4 12:38:38 2014 From: srf at sanger.ac.uk (Simon Fraser) Date: Fri, 04 Apr 2014 13:38:38 +0100 Subject: [Dovecot] dsync replication questions In-Reply-To: <533EA6DB.7040105@dovecot.fi> References: <533547BE.8080003@noa.gr> <1396256632.19039.33.camel@ubu101751> <533E7E6A.9050809@noa.gr> <533EA6DB.7040105@dovecot.fi> Message-ID: <1396615118.19039.101.camel@ubu101751> On Fri, 2014-04-04 at 15:34 +0300, Teemu Huovila wrote: > -d Use a default location for the replica. As far as I can tell this is obtained from userdb variable mail_replica. > -N Sync all (visible?) namespaces (only makes sense when syncing with a remote host, with potentially different namespaces) > (instead of either -n or -x ) > -l Use a dsync lock file when syncing and the timeout for locking. > -U Update replicator server on the status of the replication > > For replicating in a multiple server configuration, they sound like a good idea to me. > > Hope this helps a little, It does help, thank you. Do you also know what the '-f' option does? Simon. -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From teemu.huovila at dovecot.fi Fri Apr 4 12:41:07 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Fri, 04 Apr 2014 15:41:07 +0300 Subject: [Dovecot] dsync replication questions In-Reply-To: <1396615118.19039.101.camel@ubu101751> References: <533547BE.8080003@noa.gr> <1396256632.19039.33.camel@ubu101751> <533E7E6A.9050809@noa.gr> <533EA6DB.7040105@dovecot.fi> <1396615118.19039.101.camel@ubu101751> Message-ID: <533EA863.3060204@dovecot.fi> Hi On 04/04/2014 03:38 PM, Simon Fraser wrote: > It does help, thank you. Do you also know what the '-f' option does? According to the dsync-man page it: Makes dsync run in "full sync" mode rather than "fast sync" mode. In fast sync mode dsync might skip syncing a mailbox, if both locations had modified it equally many times (i.e. highest-modseqs were equal), but with different changes. br, Teemu Huovila From Quentin.VALLIN at cnrs.fr Fri Apr 4 06:47:52 2014 From: Quentin.VALLIN at cnrs.fr (VALLIN Quentin) Date: Fri, 4 Apr 2014 06:47:52 +0000 Subject: [Dovecot] Use 1 userdb and LDAP passdb for mailbox without allow_all_users Message-ID: <72EA1ECD84B9CB4082E6CEF23850C46B8D87379B@cnmb01wvp.core-res.rootcore.local> Hello everybody, I have a little pb with dovecot. I have been read on archive of dovecot mailing list that it's possible to have 1 static userdb with LDAP passdb (http://www.dovecot.org/list/dovecot/2010-November/055193.html) but when I try it I have an error message and my message is on the queue with "temporary failure" auth: Debug: master in: USER#0111#011quentinv#011service=lda auth: Debug: password(quentinv): passdb doesn't support credential lookups auth: Error: static(quentinv): passdb doesn't support lookups, can't verify user's existence auth: Debug: userdb out: FAIL#0111 lda: Error: user quentinv: Auth USER lookup failed lda: Fatal: Internal error occurred. Refer to server log for more information. auth: Debug: master in: USER#0111#011quentinv#011service=lda auth: Debug: password(quentinv): passdb doesn't support credential lookups auth: Error: static(quentinv): passdb doesn't support lookups, can't verify user's existence auth: Debug: userdb out: FAIL#0111 lda: Error: user quentinv: Auth USER lookup failed lda: Fatal: Internal error occurred. Refer to server log for more information. My imap connexion havn't any pb but LDA yes. Here is my dovecot.conf # 2.2.10: /usr/local/dovecot/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-686 i686 Debian 7.4 ext3 auth_debug = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_gid = 8 first_valid_uid = 15 listen = * login_greeting = Bienvenue sur courriel login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c mail_fsync = never mail_gid = 8 mail_location = maildir:/var/mail/%n:CONTROL=/var/mail/%n/control:INDEX=/var/mail/%n/index mail_log_prefix = "%Us(%u): " mail_privileged_group = mail mail_uid = 15 passdb { args = /usr/local/dovecot/etc/dovecot-ldap.conf driver = ldap } plugin { quota = maildir quota_rule = *:storage=3145728 quota_rule2 = Trash:storage=+102400 quota_warning = storage=90%% /usr/local/dovecot/bin/quota-warning.sh 90 } protocols = imap service auth { executable = /usr/local/dovecot/libexec/dovecot/auth } service imap-login { chroot = login executable = /usr/local/dovecot/libexec/dovecot/imap-login process_limit = 400 process_min_avail = 3 service_count = 1 user = dovecot vsz_limit = 32 M } service imap { drop_priv_before_exec = no executable = /usr/local/dovecot/libexec/dovecot/imap process_limit = 512 } service pop3-login { chroot = login process_limit = 256 process_min_avail = 3 service_count = 1 user = dovecot vsz_limit = 32 M } service pop3 { drop_priv_before_exec = no process_limit = 512 } ssl_cert = ssl_cipher_list = ssl_key = rejection_reason = Your message to <%t> was automatically rejected : %n%r rejection_subject = Automatically rejected mail sendmail_path = /usr/lib/sendmail } And my dovecot-ldap.conf tls = no uris = ldap://x.x.x.x:389 ldap_version = 3 auth_bind = yes dn = userdn dnpass = pass base = ou=Users,dc=quentin,dc=local scope = subtree deref = never pass_filter = (&(SamAccountName=%n)(objectClass=person)(!(userAccountControl=514))) pass_attrs =uid=user, userPassword=password default_pass_scheme = CRYPT Sincerly, Quentin. [signature] -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 14295 bytes Desc: image001.png URL: From patrik.karisch at gmail.com Fri Apr 4 14:10:36 2014 From: patrik.karisch at gmail.com (Patrik Karisch) Date: Fri, 04 Apr 2014 16:10:36 +0200 Subject: [Dovecot] Unknown setting: plugin after fresh install Message-ID: <533EBD5C.10004@gmail.com> Hi guys, I've installed dovecot 2.1.7 on a Debian Wheezy, tweaked some parameters little bit, but I can't restart it (dovecot -n also fails) and get this error: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/90-acl.conf line 11: Unknown setting: plugin doveconf: Error: managesieve-login: dump-capability process returned 89 Wether I uncomment this plugin line, I get the error on another file (example 90-quote.conf). Seems a little bit weird. What have I done false? Thanks Patrik -- PRIVACY IS NOT A CRIME! So please encrypt your emails using PGP/GnuPG. My PGP Key-ID: 0x42D6DEA0 / 0x28B8F6E242D6DEA0 PGP Fingerprint: 4C1F ED51 047A D0E2 6C20 F3F7 28B8 F6E2 42D6 DEA0 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1031 bytes Desc: OpenPGP digital signature URL: From bourek at thinline.cz Fri Apr 4 14:48:48 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Fri, 04 Apr 2014 16:48:48 +0200 Subject: [Dovecot] dsync deleted my mailbox - what did I do wrong? In-Reply-To: <9d0749cb-7387-427b-b3f6-6a2c5fb70eb3@darklajid.de> References: <9d0749cb-7387-427b-b3f6-6a2c5fb70eb3@darklajid.de> Message-ID: <533EC650.8080602@thinline.cz> Hi > > - where did I fail (ignoring the backups, please. That's .. something I > know) From the man page: "backup - Backup mails from default mail location to location2 (or vice versa, if -R parameter is given). No changes are ever done to the source location. Any changes done in destination are discarded." The last sentence describes what happened to you: all new mail on the new machine is a "change" and was discarded (by deleting new mail.) If I'm not mistaken, this is correct behaviour for backup mode - you get exact copy of the source side (maildir:/tmp/mail_backup) on destination side (dar at darklajid.de) > > - Can I use dsync ... for backups? I don't think that this is a good > idea after yesterday night? AFAIK you can safely use it to make the backup. I'm not sure if it can be reliably used to restore data (don't think so but I'm not an expert.) I'd use doveadm import for that. From philipp at devh.de Fri Apr 4 15:34:13 2014 From: philipp at devh.de (Philipp Resch) Date: Fri, 04 Apr 2014 17:34:13 +0200 Subject: [Dovecot] Unknown setting: plugin after fresh install In-Reply-To: <533EBD5C.10004@gmail.com> References: <533EBD5C.10004@gmail.com> Message-ID: <533ED0F5.9020304@devh.de> Hi, without having any further information, it sounds as if for example a brace ( {} ) is not closed correctly. You may want to check that any block is complete. Cheers, Philipp Am 04.04.2014 16:10, schrieb Patrik Karisch: > Hi guys, > > I've installed dovecot 2.1.7 on a Debian Wheezy, tweaked some parameters > little bit, but I can't restart it (dovecot -n also fails) and get this > error: > > doveconf: Fatal: Error in configuration file > /etc/dovecot/conf.d/90-acl.conf line 11: Unknown setting: plugin > doveconf: Error: managesieve-login: dump-capability process returned 89 > > Wether I uncomment this plugin line, I get the error on another file > (example 90-quote.conf). Seems a little bit weird. What have I done false? > > Thanks Patrik From patrik.karisch at gmail.com Fri Apr 4 16:00:59 2014 From: patrik.karisch at gmail.com (Patrik Karisch) Date: Fri, 04 Apr 2014 18:00:59 +0200 Subject: [Dovecot] Unknown setting: plugin after fresh install In-Reply-To: <533ED0F5.9020304@devh.de> References: <533EBD5C.10004@gmail.com> <533ED0F5.9020304@devh.de> Message-ID: <533ED73B.5020800@gmail.com> Hi, Am 2014-04-04 17:34, schrieb Philipp Resch: > Hi, > > without having any further information, it sounds as if for example a > brace ( {} ) is > not closed correctly. You may want to check that any block is complete. you are right, forgot to uncomment a closing } in 20-managesieve.conf Nice caught. Thanks, Patrik -- PRIVACY IS NOT A CRIME! So please encrypt your emails using PGP/GnuPG. My PGP Key-ID: 0x42D6DEA0 / 0x28B8F6E242D6DEA0 PGP Fingerprint: 4C1F ED51 047A D0E2 6C20 F3F7 28B8 F6E2 42D6 DEA0 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1031 bytes Desc: OpenPGP digital signature URL: From stephan at rename-it.nl Fri Apr 4 16:31:39 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 04 Apr 2014 18:31:39 +0200 Subject: [Dovecot] Sieve (randomly?) flagging messages as \\Seen \\Deleted In-Reply-To: <533D45E4.50703@bofhland.org> References: <533D45E4.50703@bofhland.org> Message-ID: <533EDE6B.1010202@rename-it.nl> On 4/3/2014 1:28 PM, Emanuele Balla (aka Skull) wrote: [...] > The problem in short: > > Messages I expected to find in certain folders were simply not there, > although sieve logs reported them as delivered in those same folders. > By manually inspecting the maildir, I actually found the messages, but > they were all flagged as \\Seen + \\Deleted and therefore not displayed > by the MUA (ThunderBird in my case). [...] > In order to try restricting what may be causing the issue, I added... > > removeflag "\\Deleted"; > removeflag "\\Seen"; > > ...to the rule sending messages to the dedicated folder cited above for > my mailbox. > The problem apparently disappeared for me as long as I kept those in place. > > This should mean (I suppose) that the decision of flagging messages that > way is taken before the users' sieve scripts are applied (sort of > "hidden sieve_before"). [...] > So, a question for people knowing pigeonhole's internals: does it ever > choose to mark messages as described above for any reason? If yes, I may > be triggering this behavior with something I recently added/modified, > and at least I'll have something to focus my investigation on. :-| Sieve doesn't add flags unless it is explicitly told to do so. The behavior you describe is therefore quite bizarre, especially since using removeflag seems to provide a workaround. What does your full Sieve script look like? What is your full configuration? Do you perhaps return a sieve_before setting from userdb? Regards, Stephan. From skull at bofhland.org Fri Apr 4 18:20:06 2014 From: skull at bofhland.org (Emanuele Balla (aka Skull)) Date: Fri, 04 Apr 2014 20:20:06 +0200 Subject: [Dovecot] Sieve (randomly?) flagging messages as \\Seen \\Deleted In-Reply-To: <533EDE6B.1010202@rename-it.nl> References: <533D45E4.50703@bofhland.org> <533EDE6B.1010202@rename-it.nl> Message-ID: <533EF7D6.5030105@bofhland.org> On 04/04/14 18:31, Stephan Bosch wrote: > Sieve doesn't add flags unless it is explicitly told to do so. The > behavior you describe is therefore quite bizarre, especially since using > removeflag seems to provide a workaround. I know, or I wouldn't be so puzzled... > What does your full Sieve script look like? Mine is relatively long, although quite straightforward: just foldering stuff in several places based on List-Id and applying Thunderbird tags/labels based on a few conditions. But the other user's one is way shorter: require ["regex","fileinto"]; # rule:[rule0] if anyof (header :contains "To" "XXX", header :contains "From" "xxx", header :regex "Subject" "xxx", [...]) { fileinto "folder1"; stop; } # rule:[rule1] if anyof (header :contains "To" "YYY", header :contains "From" "YYY", header :contains "Received" "YYY") { fileinto "folder1"; stop; } > What is your full configuration? Not much longer than what I already provided... # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.4 auth_mechanisms = plain login default_vsz_limit = 512 M first_valid_gid = 8 first_valid_uid = 201 last_valid_gid = 8 last_valid_uid = 201 mail_plugins = mail_log notify managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave vacation-seconds editheader passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { mail_debug = yes mail_log_events = flag_change save mail_log_fields = uid box msgid flags subject sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +vacation-seconds +editheader sieve_vacation_default_period = 2d sieve_vacation_dont_check_recipient = yes sieve_vacation_max_period = 30d sieve_vacation_min_period = 2s sieve_vacation_use_original_recipient = no } postmaster_address = postmaster at bofhland.org protocols = " imap lmtp sieve pop3" service auth { unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix } } service imap-login { inet_listener imap { address = 127.0.0.1 port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 0 } service imap { idle_kill = 30 mins process_limit = 1024 vsz_limit = 1 G } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { address = 127.0.0.1 port = 4190 } } service pop3-login { inet_listener pop3s { port = 995 ssl = yes } } ssl_cert = Do you perhaps return a sieve_before setting from userdb? Nope. Also, if there was one defined somehow/somewhere, I'd see something in sieve's debug (when trying to open it, compiling, etc), but there's nothing. I can tell more: searching for a global workaround, in the meanwhile I added a sieve_before script (not shown in the config above) doing only this: require ["imap4flags"]; removeflag "\\Deleted"; removeflag "\\Seen"; As a result, the problem disappeared for all users... :-| (and yeah, the execution of this sieve_before appears in my debug logs, now) From arup281 at gmail.com Mon Apr 7 05:27:11 2014 From: arup281 at gmail.com (Arup) Date: Mon, 7 Apr 2014 11:27:11 +0600 Subject: [Dovecot] Dovecot IMAP Authentication issue with Vpopmail Message-ID: Hello All, i've configured a qmail server (for office) under Ubuntu 12.04 server following this guide- http://www.connor.net.au/tutorials/qmail/qmaillite/ everything working just fine except dovecot IMAP. i've followed this section for dovecot- http://www.connor.net.au/tutorials/q...te/dovecot.php but when i go to telnet 143 and try to login with username/password, it failed and showing error: ** BYE Internal error occurred. Refer to server log for more information.Connection closed by foreign host.* i think there may be some authentication issue with vpopmail and dovecot. POP and SMTP both working. but why not IMAP? i can't also use webmail (i.e. squirrelmail) as it don't working with IMAP. it's showing- *connection dropped by IMAP server *error while trying to login. i'm looking forward to a solution here. any qmail+vpopmail expert here? plz help. Thanks in advance. B/R From pj.netfilter at gmail.com Mon Apr 7 05:44:35 2014 From: pj.netfilter at gmail.com (Joy) Date: Mon, 7 Apr 2014 11:14:35 +0530 Subject: [Dovecot] Regarding SSHA512 Password Scheme Message-ID: Dear Expert, I am having issue with using SSHA512 Password Schemes with my openldap server. I have used doveadm utility to create password and able to verify the same but trying to login to IMAP is failing tried debug the auth part but no success so far. I am using the latest version of dovecot. Please share your views .. Thanks From d.parthey at metaways.de Mon Apr 7 07:45:03 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Mon, 07 Apr 2014 09:45:03 +0200 Subject: [Dovecot] Regarding SSHA512 Password Scheme In-Reply-To: References: Message-ID: <527ce10c-0f68-4627-b5ec-b651a8170827@email.android.com> Hi Joy, Please show doveconf -n LDAP Entry (full hash) of a test user Dovecot ErrorLogs Regards Daniel From dar at darklajid.de Mon Apr 7 09:11:11 2014 From: dar at darklajid.de (Benjamin Podszun) Date: Mon, 07 Apr 2014 11:11:11 +0200 Subject: [Dovecot] =?iso-8859-1?q?dsync_deleted_my_mailbox_-_what_did_I_do?= =?iso-8859-1?q?_wrong=3F?= In-Reply-To: <533EC650.8080602@thinline.cz> References: <9d0749cb-7387-427b-b3f6-6a2c5fb70eb3@darklajid.de> <533EC650.8080602@thinline.cz> Message-ID: <926333b7-67ea-41c5-9bd1-082b8756aa31@darklajid.de> Hey Jiri. Thanks for getting back. On Friday, April 4, 2014 4:48:48 PM CEST, Jiri Bourek wrote: >> - where did I fail (ignoring the backups, please. That's .. something I >> know) > > From the man page: "backup - Backup mails from default mail > location to location2 (or vice versa, if -R parameter is given). > No changes are ever done to the source location. Any changes > done in destination are discarded." Yeah, maybe. That's what I thought _after_ the fact (i.e. that was what I hinted at with 'one way sync'). But see below. > The last sentence describes what happened to you: all new mail > on the new machine is a "change" and was discarded (by deleting > new mail.) If I'm not mistaken, this is correct behaviour for > backup mode - you get exact copy of the source side > (maildir:/tmp/mail_backup) on destination side > (dar at darklajid.de) That would be sort of okay. Except that isn't what happened: - The target mailbox was killed completely - Nothing was restored If what you're suggesting here is true I'd expect a clean copy of my source - even if it destroys all other changes. That did NOT happen though. It nuked the target and didn't restore a thing. Plus, dsync mirror did exactly the same: Nuked the (live) mailbox once more, same error message, not a single message restored (but also no modification to the source). >> >> - Can I use dsync ... for backups? I don't think that this is a good >> idea after yesterday night? > > AFAIK you can safely use it to make the backup. I'm not sure if > it can be reliably used to restore data (don't think so but I'm > not an expert.) I'd use doveadm import for that. That'd be my experience at this point as well, of course. :-) The bigger question is if this is well-known / correct and if this should be documented in a better fashion. Was I really that naive to expect that to work (in that case: ignore the documentation request) or could that happen again? Ben From srf at sanger.ac.uk Mon Apr 7 09:22:14 2014 From: srf at sanger.ac.uk (Simon Fraser) Date: Mon, 07 Apr 2014 10:22:14 +0100 Subject: [Dovecot] dsync replication questions In-Reply-To: <533EA863.3060204@dovecot.fi> References: <533547BE.8080003@noa.gr> <1396256632.19039.33.camel@ubu101751> <533E7E6A.9050809@noa.gr> <533EA6DB.7040105@dovecot.fi> <1396615118.19039.101.camel@ubu101751> <533EA863.3060204@dovecot.fi> Message-ID: <1396862534.19039.112.camel@ubu101751> On Fri, 2014-04-04 at 15:41 +0300, Teemu Huovila wrote: > Hi > > On 04/04/2014 03:38 PM, Simon Fraser wrote: > > It does help, thank you. Do you also know what the '-f' option does? > According to the dsync-man page it: > > Makes dsync run in "full sync" mode rather than "fast sync" mode. In fast sync mode dsync might skip syncing a mailbox, if both > locations had modified it equally many times (i.e. highest-modseqs were equal), but with different changes. Thank you. Is it still only the changes that are synced each way, or the entire mailbox? I'm trying to gauge the performance hit for enabling this on larger mailboxes. (I could, of course, run some tests, but someone may already have done that) Simon. -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From teemu.huovila at dovecot.fi Mon Apr 7 11:15:13 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Mon, 07 Apr 2014 14:15:13 +0300 Subject: [Dovecot] dsync replication questions In-Reply-To: <1396862534.19039.112.camel@ubu101751> References: <533547BE.8080003@noa.gr> <1396256632.19039.33.camel@ubu101751> <533E7E6A.9050809@noa.gr> <533EA6DB.7040105@dovecot.fi> <1396615118.19039.101.camel@ubu101751> <533EA863.3060204@dovecot.fi> <1396862534.19039.112.camel@ubu101751> Message-ID: <534288C1.3050804@dovecot.fi> On 04/07/2014 12:22 PM, Simon Fraser wrote: > Thank you. Is it still only the changes that are synced each way, or > the entire mailbox? I'm trying to gauge the performance hit for enabling > this on larger mailboxes. (I could, of course, run some tests, but > someone may already have done that) Cant say anything certain on this one. I do know that not all the messages are sent to the other side. There are optimizations in place, using the Dovecot transaction logs and some pretty complicated application login, but a lot of data still needs to be processed by the dsync "brains". I think testing with your particular setup and data would give the most accurate results. br, Teemu Huovila From bourek at thinline.cz Mon Apr 7 13:01:07 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Mon, 07 Apr 2014 15:01:07 +0200 Subject: [Dovecot] dsync deleted my mailbox - what did I do wrong? In-Reply-To: <926333b7-67ea-41c5-9bd1-082b8756aa31@darklajid.de> References: <9d0749cb-7387-427b-b3f6-6a2c5fb70eb3@darklajid.de> <533EC650.8080602@thinline.cz> <926333b7-67ea-41c5-9bd1-082b8756aa31@darklajid.de> Message-ID: <5342A193.604@thinline.cz> >> The last sentence describes what happened to you: all new mail on the >> new machine is a "change" and was discarded (by deleting new mail.) If >> I'm not mistaken, this is correct behaviour for backup mode - you get >> exact copy of the source side (maildir:/tmp/mail_backup) on >> destination side (dar at darklajid.de) > > That would be sort of okay. Except that isn't what happened: > > - The target mailbox was killed completely > - Nothing was restored > > If what you're suggesting here is true I'd expect a clean copy of my > source - even if it destroys all other changes. That did NOT happen > though. It nuked the target and didn't restore a thing. True - if we move from "problem is dsync deleted new mail" to "problem is dsync was unable to restore the backup", the described behaviour looks like a bug to me too. It may have something to do with the maildir format, I recall some discussion regarding folder INBOX, which needs special handling (because it's physically stored in maildir root, whereas every other folder is stored in folder-named subdirectory) That said, I tried something along what you did and it failed for me too. So I deleted the mailbox completely, recreated it, tried again and this time the restore succeeded. It seems the easiest possible way to reproduce the faulty behaviour is: 1. create mailbox for testing, here test at example.com 2. create IMAP folder under INBOX ( namespace inbox { separator = / } ) # doveadm mailbox create -u test at example.com INBOX/test 3. attempt to restore from backup # doveadm backup -u test at example.com -R maildir:/mnt/mail-backups/test/ which yields (on Dovecot 2.2.12) dsync(test at example.com): Error: Mailbox INBOX sync: mailbox_delete failed: INBOX can't be deleted. Another try shows that IMAP folder created somewhere else (not under INBOX) isn't a problem: # doveadm mailbox create -u test at example.com testtest # doveadm backup -u test at example.com -R maildir:/mnt/mail-backups/test/ This yields no output, folder testtest is deleted (as expected), INBOX is populated from backup. Another try, this time I used mbox instead of maildir by specifying -o mail_location=mbox:/path/test/mail to doveadm. Worked without error even with INBOX/test folder (which got deleted during restore) No idea if this can be considered as a bug, or the test does something that is not supposed to be done in the first place (Although different results with different storage format suggests a bug to me.) > > Plus, dsync mirror did exactly the same: Nuked the (live) mailbox once > more, same error message, not a single message restored (but also no > modification to the source). > I was doing some trial and error testing with doveadm sync (should be the same as dsync mirror.) If used on a mailbox which has seen some changes, this sync's behaviour is just strange. Or - to be more precise - it seems strange on first sight, but when you think about it, it does what is supposed to do. The sync mode is (AFAIK) designed to keep single mailbox synchronized on two hosts. If you created new mailbox on the new host, then had some mail delivered to it and after some time decided to add mail from old host, then you don't have single mailbox - you have two mailboxes with the same name. In other words this scenario is probably something dsync wasn't designed to be used for and there's no surprise mirror mode can't handle it. And again - I'm no expert, so it's entirely possible everything I wrote here is complete and utter nonsense Let's hope someone more knowledgeable corrects me if that is the case. From nmilas at noa.gr Mon Apr 7 15:27:02 2014 From: nmilas at noa.gr (Nikolaos Milas) Date: Mon, 07 Apr 2014 18:27:02 +0300 Subject: [Dovecot] dsync deleted my mailbox - what did I do wrong? In-Reply-To: <5342A193.604@thinline.cz> References: <9d0749cb-7387-427b-b3f6-6a2c5fb70eb3@darklajid.de> <533EC650.8080602@thinline.cz> <926333b7-67ea-41c5-9bd1-082b8756aa31@darklajid.de> <5342A193.604@thinline.cz> Message-ID: <5342C3C6.70300@noa.gr> On 7/4/2014 4:01 ??, Jiri Bourek wrote: > I was doing some trial and error testing with doveadm sync (should be > the same as dsync mirror.) If used on a mailbox which has seen some > changes, this sync's behaviour is just strange. I can confirm (on 2.2.12) that the behavior is the same using replication (mirroring). Creating a folder on either end, e.g. as a subfolder of Inbox, does not create an identical new folder on the other end. I would expect that the folder is replicated! Manual dsync from the CLI will not replicate folders as well. I will agree with Jiri that is a strange (wrong?) behavior in dsync. Folders should be replicated, whether new or not. If not, how message moves between older and newer folders can be replicated on the fly? Please advise on how to handle this situation because if folders are created/deleted/moved by users, dsync may lead to a chaos! Nick From support at deeztek.com Mon Apr 7 17:46:20 2014 From: support at deeztek.com (Deeztek Support) Date: Mon, 7 Apr 2014 13:46:20 -0400 Subject: [Dovecot] Dovecot LDAP issue Message-ID: <5342E46C.4030507@deeztek.com> Dovecot version: 2.0.19 ------------------------------------------------------- grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-ldap.conf hosts = server.domain.tld:389 ldap_version = 3 auth_bind = yes dn = vmail at domain.tld dnpass = somepassword base = ou=testou,dc=domain,dc=tld scope = subtree deref = never user_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) pass_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) pass_attrs = userPassword=password default_pass_scheme = CRYPT user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir ----------------------------------------------------- I'm authenticating users through AD and it seems to work with no problems. Unfortunately, when I try to send e-mail from a user who's not in the testou container I get the following error: Sender address rejected: User unknown in virtual mailbox table> #SMTP#. I'm assuming this happens because dovecot is not able to to lookup up that user since that user is outside the testou container. A lot of the AD users are in different places inside the AD structure and I need to be able to configure dovecot to look from the root of the AD structure down. I changed the base to this: base = dc=domain,dc=tld but it simply fails to lookup any users at that point. How would I go about getting dovecot to start at the top of the domain and look at every nested OU within AD? thanks a lot D From delrio at mie.utoronto.ca Mon Apr 7 18:08:12 2014 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Mon, 07 Apr 2014 14:08:12 -0400 Subject: [Dovecot] Dovecot LDAP issue In-Reply-To: <5342E46C.4030507@deeztek.com> References: <5342E46C.4030507@deeztek.com> Message-ID: <5342E98C.5060101@mie.utoronto.ca> On 04/ 7/14 01:46 PM, Deeztek Support wrote: > > I'm authenticating users through AD and it seems to work with no > problems. Unfortunately, when I try to send e-mail from a user who's > not in the testou container I get the following error: > > Sender address rejected: User unknown in virtual mailbox table> #SMTP#. > Looks like a Postfix error, not Dovecot. From support at deeztek.com Mon Apr 7 18:43:12 2014 From: support at deeztek.com (Deeztek Support) Date: Mon, 7 Apr 2014 14:43:12 -0400 Subject: [Dovecot] Dovecot LDAP issue In-Reply-To: <5342E98C.5060101@mie.utoronto.ca> References: <5342E46C.4030507@deeztek.com> <5342E98C.5060101@mie.utoronto.ca> Message-ID: <5342F1C0.2060805@deeztek.com> On 4/7/2014 2:08 PM, Oscar del Rio wrote: > > On 04/ 7/14 01:46 PM, Deeztek Support wrote: >> >> I'm authenticating users through AD and it seems to work with no >> problems. Unfortunately, when I try to send e-mail from a user who's >> not in the testou container I get the following error: >> >> Sender address rejected: User unknown in virtual mailbox table> #SMTP#. >> > > Looks like a Postfix error, not Dovecot. I don't think so. Postfix already looks from the root of the AD down and it has no problems. Dovecot does not authenticate at all if I simply put the AD root in the ldap configuration file. From Christian.Schmidt at chemie.uni-hamburg.de Mon Apr 7 20:42:26 2014 From: Christian.Schmidt at chemie.uni-hamburg.de (Christian Schmidt) Date: Mon, 07 Apr 2014 22:42:26 +0200 Subject: [Dovecot] Dovecot LDAP issue In-Reply-To: <5342F1C0.2060805@deeztek.com> References: <5342E46C.4030507@deeztek.com> <5342E98C.5060101@mie.utoronto.ca> <5342F1C0.2060805@deeztek.com> Message-ID: <53430DB2.1040509@chemie.uni-hamburg.de> 7.04.2014 20:43, Deeztek Support: > On 4/7/2014 2:08 PM, Oscar del Rio wrote: >> >> On 04/ 7/14 01:46 PM, Deeztek Support wrote: >>> >>> I'm authenticating users through AD and it seems to work with no >>> problems. Unfortunately, when I try to send e-mail from a user who's >>> not in the testou container I get the following error: >>> >>> Sender address rejected: User unknown in virtual mailbox table> #SMTP#. >>> >> >> Looks like a Postfix error, not Dovecot. > > I don't think so. Postfix already looks from the root of the AD down and > it has no problems. Dovecot does not authenticate at all if I simply put > the AD root in the ldap configuration file. "User unknown in virtual mailbox table" is what *postfix* tells you. Dovecot does not do SMTP (yet). Thus, I suppose that dovecot doesn't get involved at all (although this depends on your configuration). I recommend to check the restrictions you defined in your postfix configuration. Mit freundlichen Gr??en Christian Schmidt -- No signature available. From support at deeztek.com Mon Apr 7 21:47:09 2014 From: support at deeztek.com (Deeztek Support) Date: Mon, 7 Apr 2014 17:47:09 -0400 Subject: [Dovecot] Dovecot LDAP issue In-Reply-To: <53430DB2.1040509@chemie.uni-hamburg.de> References: <5342E46C.4030507@deeztek.com> <5342E98C.5060101@mie.utoronto.ca> <5342F1C0.2060805@deeztek.com> <53430DB2.1040509@chemie.uni-hamburg.de> Message-ID: <53431CDD.1050003@deeztek.com> On 4/7/2014 4:42 PM, Christian Schmidt wrote: > 7.04.2014 20:43, Deeztek Support: >> On 4/7/2014 2:08 PM, Oscar del Rio wrote: >>> >>> On 04/ 7/14 01:46 PM, Deeztek Support wrote: >>>> >>>> I'm authenticating users through AD and it seems to work with no >>>> problems. Unfortunately, when I try to send e-mail from a user who's >>>> not in the testou container I get the following error: >>>> >>>> Sender address rejected: User unknown in virtual mailbox table> #SMTP#. >>>> >>> >>> Looks like a Postfix error, not Dovecot. >> >> I don't think so. Postfix already looks from the root of the AD down and >> it has no problems. Dovecot does not authenticate at all if I simply put >> the AD root in the ldap configuration file. > > "User unknown in virtual mailbox table" is what *postfix* tells you. > Dovecot does not do SMTP (yet). Thus, I suppose that dovecot doesn't get > involved at all (although this depends on your configuration). > > I recommend to check the restrictions you defined in your postfix > configuration. > > Mit freundlichen Gr??en > Christian Schmidt > The reason I think it's Dovecot generating the error is because when the IP address of the sending server is not in the mynetworks directive of postfix I get the following error: Sender address rejected: not logged in> #SMTP# When I do add the address of the sending server in mynetworks in postfix, the email gets delivered. However, when that person tries to reply to that email, they get the following error: user unknown. Command output: doveconf: I realize that's a different error from my original message, I don't remember exactly what I did so I can duplicate the previous error, but the problem still persists. Dovecot is not able to lookup the recipient from AD because the recipient is in a different container. I simply need to find out how to get Dovecot to do LDAP lookups from the domain root. When I set the domain root in base = dovecot stops doing ldap lookups and it doesn't work at all. From greminn at gmail.com Mon Apr 7 21:53:38 2014 From: greminn at gmail.com (Simon) Date: Tue, 8 Apr 2014 09:53:38 +1200 Subject: [Dovecot] Connection refused userdb lookup ..dovecot/auth-userdb In-Reply-To: <533a94f9.a755c20a.45b2.2e52SMTPIN_ADDED_BROKEN@mx.google.com> References: <831C5383-75E3-46C6-8689-0118BD26D680@gmail.com> <53216498.41af0e0a.6c31.ffff86d1SMTPIN_ADDED_BROKEN@mx.google.com> <532FE88B.1020302@whyscream.net> <53308EE6.4050904@Media-Brokers.com> <53316562.6020709@Media-Brokers.com> <5332B398.2060400@Media-Brokers.com> <5333A626.8020700@whyscream.net> <53390cee.8566cc0a.72ad.ffffdba4SMTPIN_ADDED_BROKEN@mx.google.com> <533a94f9.a755c20a.45b2.2e52SMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: On Tue, Apr 1, 2014 at 11:29 PM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote: > >>>>>>>>> >>>>>>>>> > What's the output of: >>> >>> lsof -c dovecot|grep auth-userdb >>> >>> [root at vmail1 ~]# lsof -c dovecot|grep auth-userdb >> dovecot 3147 root 38u unix 0xffff88004fce0680 0t0 24739 >> /var/run/dovecot/auth-userdb >> > > Dovecot is configured to use /var/run/dovecot/auth-userdb whereas your LDA > uses /usr/local/dovecot/var/run/dovecot/auth-userdb . You do not have > symlinks to merge both locations, do you? > > Check, why the Dovecot LDA is using another config file. Found it!!!!!!! Thank youm thank you, thank you... this was delivery config in postfix that was using /usr/local/dovecot/var/run/dovecot/auth-userdb. DUH! Simon From h.reindl at thelounge.net Mon Apr 7 22:13:07 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 08 Apr 2014 00:13:07 +0200 Subject: [Dovecot] Dovecot LDAP issue In-Reply-To: <53431CDD.1050003@deeztek.com> References: <5342E46C.4030507@deeztek.com> <5342E98C.5060101@mie.utoronto.ca> <5342F1C0.2060805@deeztek.com> <53430DB2.1040509@chemie.uni-hamburg.de> <53431CDD.1050003@deeztek.com> Message-ID: <534322F3.7070601@thelounge.net> Am 07.04.2014 23:47, schrieb Deeztek Support: > On 4/7/2014 4:42 PM, Christian Schmidt wrote: >> 7.04.2014 20:43, Deeztek Support: >>> On 4/7/2014 2:08 PM, Oscar del Rio wrote: >>>> >>>> On 04/ 7/14 01:46 PM, Deeztek Support wrote: >>>>> >>>>> I'm authenticating users through AD and it seems to work with no >>>>> problems. Unfortunately, when I try to send e-mail from a user who's >>>>> not in the testou container I get the following error: >>>>> >>>>> Sender address rejected: User unknown in virtual mailbox table> #SMTP#. >>>>> >>>> >>>> Looks like a Postfix error, not Dovecot. >>> >>> I don't think so. Postfix already looks from the root of the AD down and >>> it has no problems. Dovecot does not authenticate at all if I simply put >>> the AD root in the ldap configuration file. >> >> "User unknown in virtual mailbox table" is what *postfix* tells you. >> Dovecot does not do SMTP (yet). Thus, I suppose that dovecot doesn't get >> involved at all (although this depends on your configuration). >> >> I recommend to check the restrictions you defined in your postfix >> configuration. >> > The reason I think it's Dovecot generating the error is because when the IP address of the sending server is not in > the mynetworks directive of postfix I get the following error why in the world do you strip logs syslog contains even the process who generates a entry and so there is not much to guess if you *really* look at the log -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From support at deeztek.com Mon Apr 7 22:25:37 2014 From: support at deeztek.com (Deeztek Support) Date: Mon, 7 Apr 2014 18:25:37 -0400 Subject: [Dovecot] Dovecot LDAP issue In-Reply-To: <534322F3.7070601@thelounge.net> References: <5342E46C.4030507@deeztek.com> <5342E98C.5060101@mie.utoronto.ca> <5342F1C0.2060805@deeztek.com> <53430DB2.1040509@chemie.uni-hamburg.de> <53431CDD.1050003@deeztek.com> <534322F3.7070601@thelounge.net> Message-ID: <534325E1.20300@deeztek.com> On 4/7/2014 6:13 PM, Reindl Harald wrote: > > > Am 07.04.2014 23:47, schrieb Deeztek Support: >> On 4/7/2014 4:42 PM, Christian Schmidt wrote: >>> 7.04.2014 20:43, Deeztek Support: >>>> On 4/7/2014 2:08 PM, Oscar del Rio wrote: >>>>> >>>>> On 04/ 7/14 01:46 PM, Deeztek Support wrote: >>>>>> >>>>>> I'm authenticating users through AD and it seems to work with no >>>>>> problems. Unfortunately, when I try to send e-mail from a user who's >>>>>> not in the testou container I get the following error: >>>>>> >>>>>> Sender address rejected: User unknown in virtual mailbox table> #SMTP#. >>>>>> >>>>> >>>>> Looks like a Postfix error, not Dovecot. >>>> >>>> I don't think so. Postfix already looks from the root of the AD down and >>>> it has no problems. Dovecot does not authenticate at all if I simply put >>>> the AD root in the ldap configuration file. >>> >>> "User unknown in virtual mailbox table" is what *postfix* tells you. >>> Dovecot does not do SMTP (yet). Thus, I suppose that dovecot doesn't get >>> involved at all (although this depends on your configuration). >>> >>> I recommend to check the restrictions you defined in your postfix >>> configuration. >>> >> The reason I think it's Dovecot generating the error is because when the IP address of the sending server is not in >> the mynetworks directive of postfix I get the following error > > why in the world do you strip logs > > syslog contains even the process who generates a entry and > so there is not much to guess if you *really* look at the log > > I'm not stripping any logs. The error I put is from the bounce message. The syslog says the following: Apr 7 17:39:39 ewa postfix/pipe[7134]: E35AE860B26: to=, relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=5.1.1, status=bounced (user unknown. Command output: So mystery solved, it really is dovecot generating the error. Question remains, can someone please tell me how to get Dovecot do LDAP looks from the AD root? From skdovecot at smail.inf.fh-brs.de Tue Apr 8 06:18:36 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 8 Apr 2014 08:18:36 +0200 (CEST) Subject: [Dovecot] Dovecot LDAP issue In-Reply-To: <534325E1.20300@deeztek.com> References: <5342E46C.4030507@deeztek.com> <5342E98C.5060101@mie.utoronto.ca> <5342F1C0.2060805@deeztek.com> <53430DB2.1040509@chemie.uni-hamburg.de> <53431CDD.1050003@deeztek.com> <534322F3.7070601@thelounge.net> <534325E1.20300@deeztek.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 7 Apr 2014, Deeztek Support wrote: > On 4/7/2014 6:13 PM, Reindl Harald wrote: >> >> >> Am 07.04.2014 23:47, schrieb Deeztek Support: >>> On 4/7/2014 4:42 PM, Christian Schmidt wrote: >>>> 7.04.2014 20:43, Deeztek Support: >>>>> On 4/7/2014 2:08 PM, Oscar del Rio wrote: >>>>>> >>>>>> On 04/ 7/14 01:46 PM, Deeztek Support wrote: >>>>>>> >>>>>>> I'm authenticating users through AD and it seems to work with no >>>>>>> problems. Unfortunately, when I try to send e-mail from a user who's >>>>>>> not in the testou container I get the following error: >>>>>>> >>>>>>> Sender address rejected: User unknown in virtual mailbox table> >>>>>>> #SMTP#. >>>>>>> >>>>>> >>>>>> Looks like a Postfix error, not Dovecot. >>>>> >>>>> I don't think so. Postfix already looks from the root of the AD down and >>>>> it has no problems. Dovecot does not authenticate at all if I simply put >>>>> the AD root in the ldap configuration file. >>>> >>>> "User unknown in virtual mailbox table" is what *postfix* tells you. >>>> Dovecot does not do SMTP (yet). Thus, I suppose that dovecot doesn't get >>>> involved at all (although this depends on your configuration). >>>> >>>> I recommend to check the restrictions you defined in your postfix >>>> configuration. >>>> >>> The reason I think it's Dovecot generating the error is because when the >>> IP address of the sending server is not in >>> the mynetworks directive of postfix I get the following error >> >> why in the world do you strip logs >> >> syslog contains even the process who generates a entry and >> so there is not much to guess if you *really* look at the log >> >> > > I'm not stripping any logs. The error I put is from the bounce message. The > syslog says the following: > > Apr 7 17:39:39 ewa postfix/pipe[7134]: E35AE860B26: to=, > relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=5.1.1, status=bounced (user > unknown. Command output: > > So mystery solved, it really is dovecot generating the error. > > Question remains, can someone please tell me how to get Dovecot do LDAP looks > from the AD root? The primary question is: Does ldapsearch -H ldap://server.domain.tld:389 \ -b dc=domain,dc=tld -D ... -W \ '(&(userPrincipalName=<>)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))' return the user? How many domain controllers to you have in the AD? Which of them holds which domains? See http://technet.microsoft.com/en-us/library/cc978012.aspx - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU0OUvXD1/YhP6VMHAQIF9AgAu2wxEpYXMoHwS1uA7fxKbMPY1tGXU2SE Ub0GVd6CZ6tUWsYW4YE7rYsyy2LFdLDlTFkeOttP30XeoLdYbvnh8QqOR+iURJx2 u2Y/x91SfTIqhRIjDLckq6pmcgugyaLngWKMBCWvkpra03GTqCUmY7Wndh9FoXRm /S1F3u/q0vID1JDEZWeoEInrpKh7KCxX4WPDiUTLUho1CwnzYiMpDlLYJMHNn7P/ K8P2ESPapFwr16tShUewXi7l2hGVGt8Eaqb/z2OqnkWEdSNILejnv5TkZif6GT6H sh8/AxPsotpmV2kEh/IjMG4mjihHCnzvxngpMu96xkTufsBcgt4RyQ== =dM6R -----END PGP SIGNATURE----- From mihai at badici.ro Tue Apr 8 06:34:45 2014 From: mihai at badici.ro (Mihai Badici) Date: Tue, 08 Apr 2014 09:34:45 +0300 Subject: [Dovecot] Dovecot LDAP issue In-Reply-To: <5342E46C.4030507@deeztek.com> References: <5342E46C.4030507@deeztek.com> Message-ID: <1712935.85tG1718Md@arhivio> On Monday 07 April 2014 13:46:20 Deeztek Support wrote: > Dovecot version: 2.0.19 > ------------------------------------------------------- > grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-ldap.conf > > hosts = server.domain.tld:389 > ldap_version = 3 > auth_bind = yes > dn = vmail at domain.tld > dnpass = somepassword > base = ou=testou,dc=domain,dc=tld > scope = subtree > deref = never > user_filter = > (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.11 > 3556.1.4.803:=2))) pass_filter = > (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.11 > 3556.1.4.803:=2))) pass_attrs = userPassword=password > default_pass_scheme = CRYPT > user_attrs = > =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld > /%Ln/Maildir ----------------------------------------------------- Your %u need to be matched by the string postfix send to dovecot ( check your master.cf) As I say in a previous post, this filter is invoked from two parts, with (possible) different parameters : from authentication, with the username of the client, and from delivery, with usually the e-mail address or whatewer you set in postfix. IMHO is a bad design, but it works as is. From bind at enas.net Tue Apr 8 07:16:31 2014 From: bind at enas.net (Urban Loesch) Date: Tue, 08 Apr 2014 09:16:31 +0200 Subject: [Dovecot] Panic: file mail-index-map.c: line 547 (mail_index_map_lookup_seq_range): assertion failed: (first_uid > 0) In-Reply-To: <531F6B46.3090407@gmx.de> References: <531F6B46.3090407@gmx.de> Message-ID: <5343A24F.4040807@enas.net> Hi, today I had the same problem with 2.2.12 on debian squeeze. Here comes the log: ... Apr 8 08:40:45 mailstoreul dovecot: imap(user at domain.net pid:3618 session:<9cAjIG724wDD/uGI>): Panic: file mail-index-map.c: line 547 (mail_index_map_lookup_seq_range): assertion failed: (first_uid > 0) Apr 8 08:40:45 mailstoreul dovecot: imap(user at domain.net pid:3618 session:<9cAjIG724wDD/uGI>): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x6b85a) [0x7fb17b16b85a] -> /usr/lib/dovecot/libdovecot.so.0(+0x6b8d6) [0x7fb17b16b8d6] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7fb17b124b9f] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0xbe7b4) [0x7fb17b48d7b4] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_lookup_seq+0x12) [0x7fb17b49f232] -> /usr/lib/dovecot/modules/lib20_virtual_plugin.so(+0x9cbd) [0x7fb17993dcbd] -> /usr/lib/dovecot/modules/lib20_virtual_plugin.so(+0xa5eb) [0x7fb17993e5eb] -> /usr/lib/dovecot/modules/lib20_virtual_plugin.so(virtual_storage_sync_init+0x5f5) [0x7fb17993f4d5] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x31) [0x7fb17b450461] -> dovecot/imap(imap_sync_init+0x7a) [0x42038a] -> dovecot/imap(cmd_sync_delayed+0x1db) [0x42068b] -> dovecot/imap(client_handle_input+0x1ed) [0x4176ad] -> dovecot/imap(client_input+0x6f) [0x41795f] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7fb17b17b3e6] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xaf) [0x7fb17b17c46f] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fb17b17b358] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fb17b129953] -> dovecot/imap(main+0x2a7) [0x420e67] -> /lib/libc.so.6(__libc_start_main+0xfd) [0x7fb17adbcc8d] -> dovecot/imap() [0x40bcc9] Apr 8 08:40:45 mailstoreul dovecot: imap(user at domain.net pid:3618 session:<9cAjIG724wDD/uGI>): Fatal: master: service(imap): child 3618 killed with signal 6 (core dumps disabled) ... Now I enabled core dumps. If it happens again I will send it. My Client is Thunderbird 24.2.0. I have no idea which operation triggerd the error. I moved some mails to different multiple subfolders under the INBOX. Many thanks Urban Am 11.03.2014 21:00, schrieb Hardy Flor: > Version: 2.2.12 > OS: Debian wheezy x86_64 > > 2014 Mar 11 20:06:53 ptb-test imap(flor_hardy): Panic: file mail-index-map.c: line 547 (mail_index_map_lookup_seq_range): assertion failed: (first_uid >> 0) > 2014 Mar 11 20:06:53 ptb-test imap(flor_hardy): Fatal: master: service(imap): child 2760 killed with signal 6 (core dumped) > > GNU gdb (GDB) 7.4.1-debian > Copyright (C) 2012 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-linux-gnu". > For bug reporting instructions, please see: > ... > Reading symbols from /usr/lib/dovecot/imap...Reading symbols from /usr/lib/debug/usr/lib/dovecot/imap...done. > done. > [New LWP 2760] > > warning: Can't read pathname for load map: Eingabe-/Ausgabefehler. > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". > Core was generated by `dovecot/imap'. > Program terminated with signal 6, Aborted. > #0 0x00007f32d28b4475 in raise () from /lib/x86_64-linux-gnu/libc.so.6 > (gdb) bt full > #0 0x00007f32d28b4475 in raise () from /lib/x86_64-linux-gnu/libc.so.6 > No symbol table info available. > #1 0x00007f32d28b76f0 in abort () from /lib/x86_64-linux-gnu/libc.so.6 > No symbol table info available. > #2 0x00007f32d2c78345 in default_fatal_finish (type=, status=status at entry=0) at failures.c:193 > backtrace = 0x186d768 "/usr/lib/dovecot/libdovecot.so.0(+0x6b34f) [0x7f32d2c7834f] -> /usr/lib/dovecot/libdovecot.so.0(+0x6b3ae) > [0x7f32d2c783ae] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f32d2c31e8e] -> /usr/lib/d"... > #3 0x00007f32d2c783ae in i_internal_fatal_handler (ctx=0x7fff8d12aa30, format=, args=) at failures.c:657 > status = 0 > #4 0x00007f32d2c31e8e in i_panic (format=format at entry=0x7f32d2fbc098 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:267 > ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} > args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff8d12ab20, reg_save_area = 0x7fff8d12aa60}} > #5 0x00007f32d2fa03b2 in mail_index_map_lookup_seq_range (map=, first_uid=0, last_uid=, > first_seq_r=, last_seq_r=) at mail-index-map.c:549 > __FUNCTION__ = "mail_index_map_lookup_seq_range" > #6 0x00007f32d2fa856d in tview_lookup_seq_range (view=0x18a6850, first_uid=0, last_uid=0, first_seq_r=0x18a79e0, last_seq_r=0x18a79e0) > at mail-index-transaction-view.c:178 > tview = 0x18a6850 > rec = > seq = > __FUNCTION__ = "tview_lookup_seq_range" > #7 0x00007f32d2fb17c2 in mail_index_lookup_seq (view=, uid=, seq_r=seq_r at entry=0x18a79e0) > at mail-index-view.c:522 > No locals. > #8 0x00007f32d2f809b4 in index_mail_get_pvt (_mail=_mail at entry=0x18a78a0) at index-mail.c:158 > No locals. > #9 0x00007f32d2f81082 in index_mail_get_pvt (_mail=0x18a78a0) at index-mail.c:152 > mail = 0x18a78a0 > #10 index_mail_get_flags (_mail=0x18a78a0) at index-mail.c:177 > mail = 0x18a78a0 > rec = > flags = MAIL_ANSWERED > pvt_flags_mask = > #11 0x00007f32d18371a4 in mail_log_append_mail_message_real (desc=0x7f32d1837504 "save", event=MAIL_LOG_EVENT_SAVE, mail=0x18a78a0, > ctx=0x18c62f0) at mail-log-plugin.c:297 > muser = > msg = 0x18c6308 > text = 0x186d310 > size = 224891 > #12 mail_log_append_mail_message (desc=0x7f32d1837504 "save", event=MAIL_LOG_EVENT_SAVE, mail=0x18a78a0, ctx=0x18c62f0) > at mail-log-plugin.c:335 > _data_stack_cur_id = 3 > #13 mail_log_append_mail_message (ctx=0x18c62f0, mail=0x18a78a0, event=MAIL_LOG_EVENT_SAVE, desc=0x7f32d1837504 "save") > at mail-log-plugin.c:320 > muser = > #14 0x00007f32d1c3c51b in notify_contexts_mail_save (mail=mail at entry=0x18a78a0) at notify-plugin.c:63 > ctx = 0x1886fc0 > mail_txn = > #15 0x00007f32d1c3d4b0 in notify_save_finish (ctx=) at notify-storage.c:145 > lbox = > dest_mail = 0x18a78a0 > #16 0x00007f32d2f64582 in mailbox_save_finish (_ctx=_ctx at entry=0x189a280) at mail-storage.c:2073 > ctx = 0x18a9590 > t = 0x18ab220 > keywords = 0x0 > pvt_flags = MAIL_SEEN > copying_via_save = false > ret = > __FUNCTION__ = "mailbox_save_finish" > #17 0x000000000040cef1 in cmd_append_continue_message (cmd=0x189a120) at cmd-append.c:858 > lit_offset = 228081 > client = 0x1899540 > ctx = 0x189a228 > ret = > #18 0x00000000004183cc in command_exec (cmd=0x189a120) at imap-commands.c:158 > hook = 0x18760f0 > ret = > #19 0x000000000040c9a3 in client_input_append (cmd=0xac8) at cmd-append.c:116 > ctx = 0x189a228 > client = 0x1899540 > reason = > finished = > lit_offset = > __FUNCTION__ = "client_input_append" > #20 0x00007f32d2c88ab6 in io_loop_call_io (io=0x18ab150) at ioloop.c:388 > ioloop = 0x1875740 > t_id = 2 > #21 0x00007f32d2c89957 in io_loop_handler_run (ioloop=ioloop at entry=0x1875740) at ioloop-epoll.c:220 > ctx = 0x18763d0 > events = 0x0 > event = 0x1877230 > list = 0x1877e00 > io = > tv = {tv_sec = 5, tv_usec = 398615} > events_count = > msecs = > ret = 1 > i = > call = > __FUNCTION__ = "io_loop_handler_run" > #22 0x00007f32d2c885c8 in io_loop_run (ioloop=0x1875740) at ioloop.c:412 > __FUNCTION__ = "io_loop_run" > #23 0x00007f32d2c37233 in master_service_run (service=0x18755d0, callback=callback at entry=0x420c50 ) at master-service.c:566 > No locals. > #24 0x000000000040c128 in main (argc=1, argv=0x1875390) at main.c:400 > set_roots = {0x4287c0, 0x0} > login_set = {auth_socket_path = 0x186d048 "\001", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, > callback = 0x420ae0 , failure_callback = 0x4207f0 , request_auth_token = 1} > service_flags = > storage_service_flags = > username = 0x0 > c = > > > ******************************************************** > > In the "Projekte" folder several subfolderswere created. > Now, when a user wants to save more e-mails in this subfolder does this Stop message. > The e-mails are all but saved. > > From support at deeztek.com Tue Apr 8 09:36:51 2014 From: support at deeztek.com (Deeztek Support) Date: Tue, 8 Apr 2014 05:36:51 -0400 Subject: [Dovecot] Dovecot LDAP issue In-Reply-To: References: <5342E46C.4030507@deeztek.com> <5342E98C.5060101@mie.utoronto.ca> <5342F1C0.2060805@deeztek.com> <53430DB2.1040509@chemie.uni-hamburg.de> <53431CDD.1050003@deeztek.com> <534322F3.7070601@thelounge.net> <534325E1.20300@deeztek.com> Message-ID: <5343C333.5030608@deeztek.com> On 4/8/2014 2:18 AM, Steffen Kaiser wrote: > The primary question is: Does > > ldapsearch -H ldap://server.domain.tld:389 \ > -b dc=domain,dc=tld -D ... -W \ > '(&(userPrincipalName=<>)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))' > > return the user? yes it does. The authentication with AD works as it should as long as dovecot is pointing to the right OU. > > How many domain controllers to you have in the AD? Which of them holds > which domains? See http://technet.microsoft.com/en-us/library/cc978012.aspx > I have on domain controller and there is only one domain. I think we are getting off track here. There is no problem with authentication. Maybe I need to be more clear. Dovecot is able to authenticate with active directory as long as the "base = " parameter in "/etc/dovecot/dovecot-ldap.conf" is pointing to the OU that the dovecot users are. However, I have another OU where my Exchange users are. So, when I try to send email from a dovecot user to an Exchange user, dovecot throws the error "user unknown" because it's not able to find the Exchange user since it's in a different OU. When I set the "base =" parameter in "/etc/dovecot/dovecot-ldap.conf" to domain root i.e. instead of having it say: base = ou=testou,dc=domain,dc=tld I set it to: base = dc=domain,dc=tld so it can lookup all users in the entire domain then dovecot stops authenticating with AD altogether From teemu.huovila at dovecot.fi Tue Apr 8 09:38:31 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Tue, 08 Apr 2014 12:38:31 +0300 Subject: [Dovecot] dsync deleted my mailbox - what did I do wrong? In-Reply-To: <5342C3C6.70300@noa.gr> References: <9d0749cb-7387-427b-b3f6-6a2c5fb70eb3@darklajid.de> <533EC650.8080602@thinline.cz> <926333b7-67ea-41c5-9bd1-082b8756aa31@darklajid.de> <5342A193.604@thinline.cz> <5342C3C6.70300@noa.gr> Message-ID: <5343C397.2020706@dovecot.fi> Hello Many different dsync issues have come up in this thread. Ill try to answer them as best as I can. 1) dsync backup -R The conclusion reached in the thread was correct. Instead of the backup option, doveadm import would be better suited for merging old mails into an existing mailbox. 2) Maildir + INBOX + backup/sync/replicate In the test scenarios where the INBOX on one side was to be completely removed, e.g. doveadm backup -R the dsync failed and nothing was synced to the target. This is because before moving the source mails to the mailbox, dsync cleans out the old ones ( -R preserves nothing) and in Maildir the INBOX can not be removed. This is a feature/not easily solvable, because in Maildir INBOX is different from other folders. 3) dsync replication / doveadm sync not working as expected. These came in pretty late in the thread and I did not get a full picture of what kind of setups and parameters were used. I suspect these might be a configuration issue. I think trying with different configurations and going through the documentation, such as it is, once more, is your best bet. Use -D and -v to make dsync more verbose, so you do not miss any error messages. br, Teemu Huovila From mihai at badici.ro Tue Apr 8 10:12:34 2014 From: mihai at badici.ro (Mihai Badici) Date: Tue, 08 Apr 2014 13:12:34 +0300 Subject: [Dovecot] Dovecot LDAP issue In-Reply-To: <5343C333.5030608@deeztek.com> References: <5342E46C.4030507@deeztek.com> <5343C333.5030608@deeztek.com> Message-ID: <199592476.vzmWo7v3n7@arhivio> On Tuesday 08 April 2014 05:36:51 Deeztek Support wrote: > On 4/8/2014 2:18 AM, Steffen Kaiser wrote: > > The primary question is: Does > > > > ldapsearch -H ldap://server.domain.tld:389 \ > > > > -b dc=domain,dc=tld -D ... -W \ > > '(&(userPrincipalName=<>)(objectClass=person)(!(userAccountControl > > :1.2.840.113556.1.4.803:=2)))'> > > return the user? > > yes it does. The authentication with AD works as it should as long as > dovecot is pointing to the right OU. > > > How many domain controllers to you have in the AD? Which of them holds > > which domains? See > > http://technet.microsoft.com/en-us/library/cc978012.aspx > > I have on domain controller and there is only one domain. I think we are > getting off track here. There is no problem with authentication. Maybe I > need to be more clear. > > Dovecot is able to authenticate with active directory as long as the > "base = " parameter in "/etc/dovecot/dovecot-ldap.conf" is pointing to > the OU that the dovecot users are. However, I have another OU where my > Exchange users are. So, when I try to send email from a dovecot user to > an Exchange user, dovecot throws the error "user unknown" because it's > not able to find the Exchange user since it's in a different OU. When I > set the "base =" parameter in "/etc/dovecot/dovecot-ldap.conf" to domain > root i.e. instead of having it say: > > base = ou=testou,dc=domain,dc=tld > > I set it to: > > base = dc=domain,dc=tld > > so it can lookup all users in the entire domain > > then dovecot stops authenticating with AD altogether As I already said, authentication is one thing and delivery is other thing. This filter receive probably different variable as %u when deliver ( posibly the mail address or the user part from it, depending on your master.cf . You can use an | in the ldap filter to accomodate that , it's ugly but it works. -- Mihai B?dici http://mihai.badici.ro From andy at gently.org.uk Tue Apr 8 10:47:40 2014 From: andy at gently.org.uk (Andy Hawkins) Date: Tue, 8 Apr 2014 10:47:40 +0000 (UTC) Subject: [Dovecot] Debugging doveadm expunge Message-ID: Hi, I'm a recent convert to dovecot, and in general it is all working fine. However, I have a number of cron jobs set up to purge old messages from mailboxes. These don't seem to be doing what I would expect. Is there any way of debugging this process? Some way of seeing what messages it's checking, and why each one matches or fails to match? For example, I'm running this: doveadm expunge -u andy mailbox "News Reports" savedbefore 90d from the crontab of user 'andy'. I'd expect the specified folder to only contain 90 messages (I get one 'News Report' per day) but in actual fact there are 1428 in there! Any advice would be appreciated. Thanks Andy From alessio at skye.it Tue Apr 8 11:47:01 2014 From: alessio at skye.it (Alessio Cecchi) Date: Tue, 08 Apr 2014 13:47:01 +0200 Subject: [Dovecot] Debugging doveadm expunge In-Reply-To: References: Message-ID: <5343E1B5.1070300@skye.it> Il 08/04/2014 12:47, Andy Hawkins ha scritto: > Hi, > > I'm a recent convert to dovecot, and in general it is all working fine. > > However, I have a number of cron jobs set up to purge old messages from > mailboxes. These don't seem to be doing what I would expect. > > Is there any way of debugging this process? Some way of seeing what messages > it's checking, and why each one matches or fails to match? > > For example, I'm running this: > > doveadm expunge -u andy mailbox "News Reports" savedbefore 90d > Try with: doveadm search -u andy mailbox "News Reports" before 90d there is a difference between savedbefore and before, with "search" instead of "expunge" you can see the result witout delete you email. Ciao -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz Cloud Email Hosting -> http://www.qboxmail.com @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From nmilas at noa.gr Tue Apr 8 12:00:02 2014 From: nmilas at noa.gr (Nikolaos Milas) Date: Tue, 08 Apr 2014 15:00:02 +0300 Subject: [Dovecot] dsync deleted my mailbox - what did I do wrong? In-Reply-To: <5343C397.2020706@dovecot.fi> References: <9d0749cb-7387-427b-b3f6-6a2c5fb70eb3@darklajid.de> <533EC650.8080602@thinline.cz> <926333b7-67ea-41c5-9bd1-082b8756aa31@darklajid.de> <5342A193.604@thinline.cz> <5342C3C6.70300@noa.gr> <5343C397.2020706@dovecot.fi> Message-ID: <5343E4C2.1040205@noa.gr> On 8/4/2014 12:38 ??, Teemu Huovila wrote: > 3) dsync replication / doveadm sync not working as expected. > These came in pretty late in the thread and I did not get a full picture of what kind of setups and parameters were used. I > suspect these might be a configuration issue. I think trying with different configurations and going through the documentation, > such as it is, once more, is your best bet. Use -D and -v to make dsync more verbose, so you do not miss any error messages. Thank you for the reply; I am focusing on the 3rd part, since this is the one I can provide feedback about. My current configuration is exactly as suggested on the wiki2 and I list it below for your reference. Neither using replication nor using dsync from CLI leads to subfolders getting replicated, as I have explained. As an example, if a user creates subfolder "boxtest" e.g. under Inbox on either side, it never gets created on the other side. Running dsync with -Dv does not reveal any errors. For example, here is the output of command: # dsync -fDv -u imaptester mirror ssh -l root vmail1.example.com dsync -u imaptester Mailbox "boxtest" under Inbox (on vmail server) -containing one message- should get replicated (created) on vmail1 server, but it does not. If you can spot anything that can help on tracing the problem, please help. Otherwise, I can't see what is causing the erratic replication. Thanks, Nick ***************************************************************************** ... dsync-local(imaptester): Debug: brain M: in box 'INBOX.boxtest' recv_state=mailbox send_state=mailbox dsync-local(imaptester): Debug: brain M: out box 'INBOX.boxtest' recv_state=mailbox send_state=mailbox changed=0 dsync-local(imaptester): Debug: brain M: out state=sync_mails changed=0 dsync-local(imaptester): Debug: brain M: in state=sync_mails dsync-local(imaptester): Debug: brain M: in box 'INBOX.boxtest' recv_state=mailbox send_state=mailbox dsync-local(imaptester): Debug: brain M: out box 'INBOX.boxtest' recv_state=attributes send_state=changes changed=1 dsync-local(imaptester): Debug: brain M: out state=sync_mails changed=1 dsync-local(imaptester): Debug: brain M: in state=sync_mails dsync-local(imaptester): Debug: brain M: in box 'INBOX.boxtest' recv_state=attributes send_state=changes dsync-local(imaptester): Debug: brain M: out box 'INBOX.boxtest' recv_state=changes send_state=mail_requests changed=1 dsync-local(imaptester): Debug: brain M: out state=sync_mails changed=1 dsync-local(imaptester): Debug: brain M: in state=sync_mails dsync-local(imaptester): Debug: brain M: in box 'INBOX.boxtest' recv_state=changes send_state=mail_requests dsync-local(imaptester): Debug: brain M: Import INBOX.boxtest: Import change GUID=1396119018.M550517P3113.vmail.example.com,S=1169,W=1194 UID=1 hdr_hash= dsync-local(imaptester): Debug: brain M: out box 'INBOX.boxtest' recv_state=changes send_state=mail_requests changed=1 dsync-local(imaptester): Debug: brain M: out state=sync_mails changed=1 dsync-local(imaptester): Debug: brain M: in state=sync_mails dsync-local(imaptester): Debug: brain M: in box 'INBOX.boxtest' recv_state=changes send_state=mail_requests dsync-local(imaptester): Debug: brain M: Import INBOX.boxtest: Last common UID=1 dsync-local(imaptester): Debug: brain M: out box 'INBOX.boxtest' recv_state=mail_requests send_state=mails changed=1 dsync-local(imaptester): Debug: brain M: out state=sync_mails changed=1 dsync-local(imaptester): Debug: brain M: in state=sync_mails dsync-local(imaptester): Debug: brain M: in box 'INBOX.boxtest' recv_state=mail_requests send_state=mails dsync-local(imaptester): Debug: brain M: out box 'INBOX.boxtest' recv_state=mail_requests send_state=mails changed=0 dsync-local(imaptester): Debug: brain M: out state=sync_mails changed=0 dsync-local(imaptester): Debug: brain M: in state=sync_mails dsync-local(imaptester): Debug: brain M: in box 'INBOX.boxtest' recv_state=mail_requests send_state=mails dsync-local(imaptester): Debug: brain M: out box 'INBOX.boxtest' recv_state=mails send_state=done changed=1 dsync-local(imaptester): Debug: brain M: out state=sync_mails changed=1 dsync-local(imaptester): Debug: brain M: in state=sync_mails dsync-local(imaptester): Debug: brain M: in box 'INBOX.boxtest' recv_state=mails send_state=done dsync-local(imaptester): Debug: brain M: Import INBOX.boxtest: Saved UIDs: dsync-local(imaptester): Debug: brain M: Import INBOX.boxtest: Finish update: min_next_uid=2 min_first_recent_uid=2 min_highest_modseq=2 min_highest_pvt_modseq=0 dsync-local(imaptester): Debug: brain M: out box 'INBOX.boxtest' recv_state=recv_last_common send_state=done changed=1 dsync-local(imaptester): Debug: brain M: out state=sync_mails changed=1 dsync-local(imaptester): Debug: brain M: in state=sync_mails dsync-local(imaptester): Debug: brain M: in box 'INBOX.boxtest' recv_state=recv_last_common send_state=done dsync-local(imaptester): Debug: brain M: out box 'INBOX.boxtest' recv_state=recv_last_common send_state=done changed=0 dsync-local(imaptester): Debug: brain M: out state=sync_mails changed=0 dsync-local(imaptester): Debug: brain M: in state=sync_mails dsync-local(imaptester): Debug: brain M: in box 'INBOX.boxtest' recv_state=recv_last_common send_state=done dsync-local(imaptester): Debug: brain M: out box '' recv_state=recv_last_common send_state=done changed=1 dsync-local(imaptester): Debug: brain M: out state=master_send_mailbox changed=1 dsync-local(imaptester): Debug: brain M: in state=master_send_mailbox dsync-local(imaptester): Debug: brain M: out state=sync_mails changed=1 dsync-local(imaptester): Debug: brain M: in state=sync_mails ... ***************************************************************************** ============================ Configuration file ============================ # cat /etc/dovecot/dovecot.conf # 2.2.12: dovecot.conf protocols = imap pop3 login_greeting = EXAMPLE.COM POP/IMAP Srv XAPITI XPICTOY mail_location = maildir:~/Maildir/ mail_gid = 500 mail_uid = 500 auth_mechanisms = plain login auth_username_format = %Lu auth_verbose = yes auth_debug = no disable_plaintext_auth = no mail_plugins = quota notify replication protocol imap { imap_client_workarounds = "delay-newmail" mail_plugins = quota imap_quota notify replication } protocol pop3 { mail_max_userip_connections = 3 mail_plugins = quota notify replication pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv } protocol lda { auth_socket_path = /var/run/dovecot/auth-master info_log_path = log_path = mail_plugins = quota notify replication postmaster_address = sysadmin at example.com sendmail_path = /usr/lib/sendmail } userdb { args = /etc/dovecot/dovecot-usrdb-ldap.conf driver = ldap } passdb { args = /etc/dovecot/dovecot-passdb-ldap.conf driver = ldap } dsync_remote_cmd = ssh -l root vmail1.example.com doveadm dsync-server -u%u replication_dsync_parameters = -d -N -l 30 -U plugin { mail_replica = remote:vmail at vmail1.example.com } plugin { quota = maildir:User quota quota_rule = *:storage=4G quota_rule2 = Trash:storage=+3%% quota_warning = storage=75%% quota-warning 75 %u quota_warning2 = storage=90%% quota-warning 90 %u } service quota-warning { executable = script /opt/mail1.sh user = vmail unix_listener quota-warning { user = vmail } } service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service replicator { unix_listener replicator-doveadm { mode = 0600 } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } user = root } service imap-login { service_count = 1 vsz_limit = 64 M } service pop3-login { service_count = 1 vsz_limit = 64 M } service replicator { process_min_avail = 1 } ssl_ca = References: <5342E46C.4030507@deeztek.com> <5343C333.5030608@deeztek.com> <199592476.vzmWo7v3n7@arhivio> Message-ID: <5343E532.6050508@deeztek.com> On 4/8/2014 6:12 AM, Mihai Badici wrote: > As I already said, authentication is one thing and delivery is other thing. > This filter receive probably different variable as %u when deliver ( posibly the > mail address or the user part from it, depending on your master.cf . > You can use an | in the ldap filter to accomodate that , it's ugly but it > works. In this particular setup the "%u" variable will encompass the username as well as the email address as they are the same. Unless I'm not understanding what you mean. From renaud at allard.it Tue Apr 8 12:44:40 2014 From: renaud at allard.it (Renaud Allard) Date: Tue, 08 Apr 2014 14:44:40 +0200 Subject: [Dovecot] Rebuilding message guid in sdbox Message-ID: <5343EF38.4030509@allard.it> Hello, I am running dovecot 2.2.12 Current mail storage is sdbox and I am trying to compress all emails, which works fine, except for a few old mailboxes. If I run the following dsync command "dsync -u flea -o "mail_plugins=zlib" mirror maildir:~/ndbox" It fails with: dsync(flea): Error: Exporting mailbox INBOX failed: Backend doesn't support GUIDs, sync with header hashes instead Doing "doveadm dump flea/dbox/mailboxes/INBOX/dbox-Mails/dovecot.index" reveals that there are very old mails (about 5 years ago) without any guid like that one: RECORD: seq=1, uid=1560, flags=0x00 - ext 1 modseq : 16043 (ab3e000000000000) - ext 3 cache : 396 (8c010000) - cache offset=396 size=20, prev_offset = 0 - guid: So, my question is: is there a way to force dovecot to assign a guid to those messages? Best Regards -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4303 bytes Desc: S/MIME Cryptographic Signature URL: From andy at gently.org.uk Tue Apr 8 12:56:52 2014 From: andy at gently.org.uk (Andy Hawkins) Date: Tue, 8 Apr 2014 12:56:52 +0000 (UTC) Subject: [Dovecot] Debugging doveadm expunge References: <5343E1B5.1070300@skye.it> Message-ID: Hi, In article <5343E1B5.1070300 at skye.it>, Alessio Cecchi wrote: > Try with: > > doveadm search -u andy mailbox "News Reports" before 90d > > there is a difference between savedbefore and before, with "search" > instead of "expunge" you can see the result witout delete you email. Thanks, that seems to be it. I've changed all the cron jobs to use 'before' to see if that has the desired effect. Thanks Andy From teemu.huovila at dovecot.fi Tue Apr 8 13:47:24 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Tue, 08 Apr 2014 16:47:24 +0300 Subject: [Dovecot] dsync deleted my mailbox - what did I do wrong? In-Reply-To: <5343E4C2.1040205@noa.gr> References: <9d0749cb-7387-427b-b3f6-6a2c5fb70eb3@darklajid.de> <533EC650.8080602@thinline.cz> <926333b7-67ea-41c5-9bd1-082b8756aa31@darklajid.de> <5342A193.604@thinline.cz> <5342C3C6.70300@noa.gr> <5343C397.2020706@dovecot.fi> <5343E4C2.1040205@noa.gr> Message-ID: <5343FDEC.8080007@dovecot.fi> On 04/08/2014 03:00 PM, Nikolaos Milas wrote: > Neither using replication nor using dsync from CLI leads to subfolders getting replicated, as I have explained. As an example, > if a user creates subfolder "boxtest" e.g. under Inbox on either side, it never gets created on the other side. I cant find any errors, but I might be missing something obvious. I only have a few suggestions for things to check. 1) You listed the config for one host (vmail i assume). Is the configuration similar on the vmail1 side? Especially, can the command dsync -u find the correct location for the users mails? 2) For the replicator plugin scenario, does doveadm have access to auth, i.e. does doveadm user '*' work on both sides? 3) Are the dovecot instances running on different hosts (dovecot --hostdomain is different)? 4) Instead of "dsync mirror", try using the v2.2 syntax "doveadm sync". Also, i _think_ you need to execute dsync-server on the other side, so your full command becomes: doveadm sync -u imaptester ssh -l root vmail1.example.com doveadm dsync-server -u imaptester Sadly, there is no man-page for doveadm sync yet. br, Teemu Huovila From d.parthey at metaways.de Tue Apr 8 13:54:16 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Tue, 08 Apr 2014 15:54:16 +0200 Subject: [Dovecot] Dovecot Director and MasterUsers Message-ID: <5343FF88.6010507@metaways.de> Hi, the Dovecot Director determines the backend host in some way by hashing the username: http://wiki2.dovecot.org/Director For normal logins username at example.org, the director always gets the same hash for the same username and ensures that the login is always proxied to the same backend. But what about MasterUsers in combination with Dovecot Director? http://wiki2.dovecot.org/Authentication/MasterUsers Which configuration directives should be used to make sure that logins username at example.org*masteruser1 at example.org username at example.org*masteruser2 at example.org username at example.org*masteruser3 at example.org go to the same mailbox backend, in order to avoid NFS caching conflicts for mailbox username at example.org which should always reside on the same NFS client? Is the master user cut off from behind the master_user_separator? How is the director hash exactly calculated? Can the director hashing algorithm be configured in some way? Regards Daniel From nmilas at noa.gr Tue Apr 8 14:20:38 2014 From: nmilas at noa.gr (Nikolaos Milas) Date: Tue, 08 Apr 2014 17:20:38 +0300 Subject: [Dovecot] dsync deleted my mailbox - what did I do wrong? In-Reply-To: <5343FDEC.8080007@dovecot.fi> References: <9d0749cb-7387-427b-b3f6-6a2c5fb70eb3@darklajid.de> <533EC650.8080602@thinline.cz> <926333b7-67ea-41c5-9bd1-082b8756aa31@darklajid.de> <5342A193.604@thinline.cz> <5342C3C6.70300@noa.gr> <5343C397.2020706@dovecot.fi> <5343E4C2.1040205@noa.gr> <5343FDEC.8080007@dovecot.fi> Message-ID: <534405B6.4090601@noa.gr> On 8/4/2014 4:47 ??, Teemu Huovila wrote: > I cant find any errors, but I might be missing something obvious. I only have a few suggestions for things to check. > > 1) You listed the config for one host (vmail i assume). Is the configuration similar on the vmail1 side? Especially, can the > command dsync -u find the correct location for the users mails? Yes, mail is replicated in existing folders, but new subfolders don't get replicated. The config I listed was on the vmail (master) side, indeed. Config on the vmail1 (replicated) side is identical except the replication parts. I list it at the end of this mail for your reference. > 2) For the replicator plugin scenario, does doveadm have access to auth, i.e. does doveadm user '*' work on both sides? Yes. Everything is fine: 317 identical accounts on each side (read from replicated LDAP). > 3) Are the dovecot instances running on different hosts (dovecot --hostdomain is different)? Yes: vmail.example.com vs vmail1.example.com > 4) Instead of "dsync mirror", try using the v2.2 syntax "doveadm sync". Also, i_think_ you need to execute dsync-server on the > other side, so your full command becomes: > doveadm sync -u imaptester ssh -l root vmail1.example.com doveadm dsync-server -u imaptester > Sadly, there is no man-page for doveadm sync yet. OK, I ran the command: doveadm -Dv sync -u imaptester ssh -l root vmail1.example.com doveadm dsync-server -u imaptester The output is similar. Still no subfolder sync (but individual messages on existing subfolders get sync'ed): ... dsync-local(imaptester): Debug: brain M: in box 'INBOX.boxtest' recv_state=mailbox send_state=mailbox dsync-local(imaptester): Debug: brain M: out box 'INBOX.boxtest' recv_state=mailbox send_state=mailbox changed=0 dsync-local(imaptester): Debug: brain M: out state=sync_mails changed=0 dsync-local(imaptester): Debug: brain M: in state=sync_mails dsync-local(imaptester): Debug: brain M: in box 'INBOX.boxtest' recv_state=mailbox send_state=mailbox dsync-local(imaptester): Debug: brain M: out box '' recv_state=mailbox send_state=mailbox changed=1 dsync-local(imaptester): Debug: brain M: out state=master_send_mailbox changed=1 dsync-local(imaptester): Debug: brain M: in state=master_send_mailbox dsync-local(imaptester): Debug: brain M: out state=sync_mails changed=1 dsync-local(imaptester): Debug: brain M: in state=sync_mails ... Please suggest any other ideas! Thanks, Nick ================================== vmail1 Config file ============================== # cat /etc/dovecot/dovecot.conf # 2.2.12: dovecot.conf protocols = imap pop3 login_greeting = VMAIL1 POP/IMAP Srv XAPITI XPICTOY mail_location = maildir:~/Maildir/ mail_gid = 5000 mail_uid = 5000 auth_mechanisms = plain login auth_username_format = %Lu auth_verbose = yes disable_plaintext_auth = no mail_plugins = quota protocol imap { imap_client_workarounds = "delay-newmail " mail_plugins = quota imap_quota } protocol pop3 { mail_max_userip_connections = 3 mail_plugins = quota pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv } protocol lda { auth_socket_path = /var/run/dovecot/auth-master info_log_path = log_path = mail_plugins = quota postmaster_address = sysadmin at example.com sendmail_path = /usr/lib/sendmail } userdb { args = /etc/dovecot/dovecot-usrdb-ldap.conf driver = ldap } passdb { args = /etc/dovecot/dovecot-passdb-ldap.conf driver = ldap } plugin { quota = maildir:User quota quota_rule = *:storage=4G quota_rule2 = Trash:storage=+3%% quota_warning = storage=75%% quota-warning 75 %u quota_warning2 = storage=90%% quota-warning 90 %u } service quota-warning { executable = script /opt/mail1.sh user = vmail unix_listener quota-warning { user = vmail } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } user = root } service imap-login { service_count = 1 vsz_limit = 64 M } service pop3-login { service_count = 1 vsz_limit = 64 M } ssl_ca = References: <5342E46C.4030507@deeztek.com> <5342E98C.5060101@mie.utoronto.ca> <5342F1C0.2060805@deeztek.com> <53430DB2.1040509@chemie.uni-hamburg.de> <53431CDD.1050003@deeztek.com> <534322F3.7070601@thelounge.net> <534325E1.20300@deeztek.com> <5343C333.5030608@deeztek.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 8 Apr 2014, Deeztek Support wrote: > Date: Tue, 8 Apr 2014 05:36:51 -0400 > From: Deeztek Support > Reply-To: Dovecot Mailing List > To: dovecot at dovecot.org > Subject: Re: [Dovecot] Dovecot LDAP issue > > On 4/8/2014 2:18 AM, Steffen Kaiser wrote: >> The primary question is: Does >> >> ldapsearch -H ldap://server.domain.tld:389 \ >> -b dc=domain,dc=tld -D ... -W \ >> '(&(userPrincipalName=<>)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))' >> >> return the user? > > yes it does. The authentication with AD works as it should as long as dovecot > is pointing to the right OU. You misunderstood the vivid points of this command: a) the base DN is the one you want, but is not working with Dovecot b) you perform a LDAP search in the local DC, not in Global Catalog c) that you've authentificated correctedly is just a side effect to know >> How many domain controllers to you have in the AD? Which of them holds >> which domains? See http://technet.microsoft.com/en-us/library/cc978012.aspx >> > > I have on domain controller and there is only one domain. I think we are > getting off track here. There is no problem with authentication. Maybe I need > to be more clear. > Dovecot is able to authenticate with active directory as long as the "base = > " parameter in "/etc/dovecot/dovecot-ldap.conf" is pointing to the OU that > the dovecot users are. However, I have another OU where my Exchange users > are. So, when I try to send email from a dovecot user to an Exchange user, > dovecot throws the error "user unknown" because it's not able to find the > Exchange user since it's in a different OU. When I set the "base =" parameter > in "/etc/dovecot/dovecot-ldap.conf" to domain root i.e. instead of having it > say: > > base = ou=testou,dc=domain,dc=tld > > I set it to: > > base = dc=domain,dc=tld > > so it can lookup all users in the entire domain > > then dovecot stops authenticating with AD altogether as the page points points out, there are differences between LDAP and GC search in the sense of what results are found. See: http://wiki2.dovecot.org/AuthDatabase/LDAP "Active Directory When connecting to AD, you may need to use port 3268. Then again, not all LDAP fields are available in port 3268. Use whatever works. http://technet.microsoft.com/en-us/library/cc978012.aspx " The ldapsearch is to verify that your AD searches more than one OU at all. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU0QHXXD1/YhP6VMHAQKsSQgAl/22Zo1KUJfKOML5Gb7P3xUv/Wl9heub ZskcKOIdH+QTkaiSaTeDfnPlugvJKKg5kXvhjfjVn5NrezUxiwa9gLvWypwDwYRM CT2Ba10c0Fokl/JRTfmVwaaOt5VDIaValg7gw/xfQRTFEQ5Ls6QefWyVJhkZrnuo pgB8Y3vLekyeg0gXfB0nj4lk5bU6GdacPMJJdcbTHsWOIQRpsxErF3oijJwWInea DBFHcJsQJLnoP6LqpaLGAkalrbYdLY3zqzheIE978olDTBk75dqeiqEO88Fs3kpX cgtO+vpeIQVRXVrtnGYAkIhCegTJ2IWLpsU0pgOjJtvEFUgUCBSLug== =mWc0 -----END PGP SIGNATURE----- From J.M.Rowe at exeter.ac.uk Tue Apr 8 17:00:10 2014 From: J.M.Rowe at exeter.ac.uk (John Rowe) Date: Tue, 08 Apr 2014 18:00:10 +0100 Subject: [Dovecot] Heartbleed openssl vulnerability? Message-ID: <1396976410.24483.59.camel@amp.ex.ac.uk> Do we know if dovecot is vulnerable to the heartbleed SSL problem? I'm running dovecot-2.0.9 and openssl-1.01, the latter being intrinsically vulnerable. An on-line tool says that my machine is not affected on port 993 but it would be nice to know for sure if we were vulnerable for a while. (Naturally I've blocked it anyway!). Thanks John From p at sys4.de Tue Apr 8 17:21:05 2014 From: p at sys4.de (Patrick Ben Koetter) Date: Tue, 8 Apr 2014 19:21:05 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <1396976410.24483.59.camel@amp.ex.ac.uk> References: <1396976410.24483.59.camel@amp.ex.ac.uk> Message-ID: <20140408172104.GB4908@sys4.de> * John Rowe : > Do we know if dovecot is vulnerable to the heartbleed SSL problem? ANY application using the affected OpenSSL versions is vulnerable. That includes dovecot. > I'm running dovecot-2.0.9 and openssl-1.01, the latter being > intrinsically vulnerable. An on-line tool says that my machine is not > affected on port 993 but it would be nice to know for sure if we were > vulnerable for a while. (Naturally I've blocked it anyway!). > > Thanks > > John -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From jc at info-systems.de Tue Apr 8 19:05:49 2014 From: jc at info-systems.de (Jakob Curdes) Date: Tue, 08 Apr 2014 21:05:49 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <1396976410.24483.59.camel@amp.ex.ac.uk> References: <1396976410.24483.59.camel@amp.ex.ac.uk> Message-ID: <5344488D.5090909@info-systems.de> Am 08.04.2014 19:00, schrieb John Rowe: > Do we know if dovecot is vulnerable to the heartbleed SSL problem? > > I'm running dovecot-2.0.9 and openssl-1.01, the latter being > intrinsically vulnerable. An on-line tool says that my machine is not > affected on port 993 but it would be nice to know for sure if we were > vulnerable for a while. (Naturally I've blocked it anyway!). > Usually all programs are linked dynamically to the library, so the vulnerability depends on the library only. If you updated the library today and restarted the service (!!) then it is very likely that your mail installation is not vulnerable any more. Otherwise it is very likely to be vulnerable, regardless what tests say. JC From lst_hoe02 at kwsoft.de Tue Apr 8 19:38:01 2014 From: lst_hoe02 at kwsoft.de (lst_hoe02 at kwsoft.de) Date: Tue, 08 Apr 2014 21:38:01 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <5344488D.5090909@info-systems.de> References: <1396976410.24483.59.camel@amp.ex.ac.uk> <5344488D.5090909@info-systems.de> Message-ID: <20140408213801.Horde.NuXsLk337VhEUD-0Fq52fg4@webmail.kwsoft.de> Zitat von Jakob Curdes : > Am 08.04.2014 19:00, schrieb John Rowe: >> Do we know if dovecot is vulnerable to the heartbleed SSL problem? >> >> I'm running dovecot-2.0.9 and openssl-1.01, the latter being >> intrinsically vulnerable. An on-line tool says that my machine is not >> affected on port 993 but it would be nice to know for sure if we were >> vulnerable for a while. (Naturally I've blocked it anyway!). >> > Usually all programs are linked dynamically to the library, so the > vulnerability depends on the library only. If you updated the > library today and restarted the service (!!) then it is very likely > that your mail installation is not vulnerable any more. Otherwise it > is very likely to be vulnerable, regardless what tests say. > JC Be aware that your private key might already have leaked without any notice. So your best bet is to withdraw your certificates and renew all keys/certificates on the affected machines. Regards Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5958 bytes Desc: S/MIME Cryptographic Signature URL: From h.reindl at thelounge.net Tue Apr 8 19:42:20 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 08 Apr 2014 21:42:20 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <20140408213801.Horde.NuXsLk337VhEUD-0Fq52fg4@webmail.kwsoft.de> References: <1396976410.24483.59.camel@amp.ex.ac.uk> <5344488D.5090909@info-systems.de> <20140408213801.Horde.NuXsLk337VhEUD-0Fq52fg4@webmail.kwsoft.de> Message-ID: <5344511C.7080608@thelounge.net> Am 08.04.2014 21:38, schrieb lst_hoe02 at kwsoft.de: > Zitat von Jakob Curdes : > >> Am 08.04.2014 19:00, schrieb John Rowe: >>> Do we know if dovecot is vulnerable to the heartbleed SSL problem? >>> >>> I'm running dovecot-2.0.9 and openssl-1.01, the latter being >>> intrinsically vulnerable. An on-line tool says that my machine is not >>> affected on port 993 but it would be nice to know for sure if we were >>> vulnerable for a while. (Naturally I've blocked it anyway!). >>> >> Usually all programs are linked dynamically to the library, so the vulnerability depends on the library only. If >> you updated the library today and restarted the service (!!) then it is very likely that your mail installation >> is not vulnerable any more. Otherwise it is very likely to be vulnerable, regardless what tests say. >> JC > > Be aware that your private key might already have leaked without any notice. So your best bet is to withdraw your > certificates and renew all keys/certificates on the affected machines. correct, that was my whole-day job from 10:00 AM to 16:00 PM for 10 certificates followed by openvpn-keys, better safe than sorry luckily some wildcard certs in the meantime instead a ton single ones -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From jc at info-systems.de Tue Apr 8 19:44:50 2014 From: jc at info-systems.de (Jakob Curdes) Date: Tue, 08 Apr 2014 21:44:50 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <20140408213801.Horde.NuXsLk337VhEUD-0Fq52fg4@webmail.kwsoft.de> References: <1396976410.24483.59.camel@amp.ex.ac.uk> <5344488D.5090909@info-systems.de> <20140408213801.Horde.NuXsLk337VhEUD-0Fq52fg4@webmail.kwsoft.de> Message-ID: <534451B2.8040704@info-systems.de> > Be aware that your private key might already have leaked without any > notice. So your best bet is to withdraw your certificates and renew > all keys/certificates on the affected machines. Yes, I suppose by now everybody has read the general hints on heartbleed.com ; it might even be that previous traffic can be decrypted. You need to change private keys, certificates, etc, all that is used by openssl to identify the communication partner. JC From doctor at doctor.nl2k.ab.ca Tue Apr 8 21:38:03 2014 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Tue, 8 Apr 2014 15:38:03 -0600 Subject: [Dovecot] POP3 sessions Message-ID: <20140408213803.GA19518@doctor.nl2k.ab.ca> Is their a way in the config file to not lock POP3 sessions in dovecot for only 1 user? -- Member - Liberal International This is doctor at nl2k.ab.ca Ici doctor at nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism C'est temps pour le Quebec de voter aujourd'hui. From gedalya at gedalya.net Tue Apr 8 23:31:35 2014 From: gedalya at gedalya.net (Gedalya) Date: Tue, 08 Apr 2014 19:31:35 -0400 Subject: [Dovecot] POP3 sessions In-Reply-To: <20140408213803.GA19518@doctor.nl2k.ab.ca> References: <20140408213803.GA19518@doctor.nl2k.ab.ca> Message-ID: <534486D7.9090809@gedalya.net> On 04/08/2014 05:38 PM, The Doctor wrote: > Is their a way in the config file to not lock > POP3 sessions in dovecot for only 1 user? > See the "Overriding settings" section: http://wiki2.dovecot.org/UserDatabase/ExtraFields From tss at iki.fi Wed Apr 9 09:45:01 2014 From: tss at iki.fi (Timo Sirainen) Date: Wed, 9 Apr 2014 12:45:01 +0300 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <1396976410.24483.59.camel@amp.ex.ac.uk> References: <1396976410.24483.59.camel@amp.ex.ac.uk> Message-ID: <96F39CD6-6A21-43DF-9F84-BB4D020F523C@iki.fi> On 8.4.2014, at 20.00, John Rowe wrote: > Do we know if dovecot is vulnerable to the heartbleed SSL problem? It may be possible that the attacker was able to get the SSL private key(s), although this depends on the OS and its memory allocation patterns. If you use only a single SSL cert I think it might be possible that it doesn't leak with Dovecot, but it's definitely not a good idea to trust that. I haven't anyway looked closely enough into this to verify, I'm just guessing based on the information in http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html By default Dovecot's login processes run in the "high security mode" where each IMAP/POP3 connection runs in its own process. This was done especially to avoid security bugs in OpenSSL from leaking users' passwords. So unless you have switched to the "high performance mode", users' passwords or other sensitive data couldn't have been leaked. http://wiki2.dovecot.org/LoginProcess Would be nice if it was possible to hide the SSL private keys to separate processes as well, but that would probably require changes to OpenSSL itself. (BTW. I've been too busy recently to even have time to read any mails in Dovecot list. I'll try to go through at least most of it before making the next Dovecot release. And hopefully by summer I've more time again.) From kadafax at gmail.com Wed Apr 9 10:57:13 2014 From: kadafax at gmail.com (kadafax at gmail.com) Date: Wed, 09 Apr 2014 12:57:13 +0200 Subject: [Dovecot] Migration to Dovecot 2.2.12 - How to trigger full site indexing Message-ID: <53452789.5030805@gmail.com> Hi list, We are in the process of migrating our old (dovecot 1.2.4 based) mail system to the new one: - Centos 6 x86_64 - Dovecot 2.2.12 - Users in an openldap directory - clucene FTS I'm trying to trigger a full indexing for all the user and all their mailboxes (avoiding them to individually trigger it using a search within their MUA). I'm trying to use the "doveadm index" command. First question, is there some sort of 'wildcard' option for the name of the mailbox to index, as I dont know all the mailboxes's names the users have created (beside the regular Sent Inbox Trash and Drafts ? Second question I've tried: # doveadm -D index -A Sent which gave me: doveadm(root): Error: User listing returned failure doveadm: Error: Failed to iterate through some users Can the '-A' option work with ldap backend ? Thanks a lot and have a nice day, kfx --------------------------------------------- # 2.2.12: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.11.2.el6.x86_64 x86_64 CentOS release 6.5 (Final) ext4 auth_cache_size = 10 M auth_debug = yes auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes auth_verbose_passwords = sha1 base_dir = /var/run/dovecot/ debug_log_path = /var/log/dovecot-debug.log default_vsz_limit = 2 G hostname = mydomain.com info_log_path = /var/log/dovecot.log lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = * log_path = /var/log/dovecot-error.log login_greeting = Welcome login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_gid = vmail mail_location = maildir:/var/vmail/%Ln mail_plugins = fts fts_lucene quota stats mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = maildir:/var/vmail/%Ln mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = type = private } passdb { args = /usr/local/etc/dovecot/deny-users deny = yes driver = passwd-file } passdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { fts = lucene fts_autoindex = yes fts_autoindex_max_recent = 1000 fts_lucene = whitespace_chars=@ quota = maildir:User quota quota_rule = *:storage=20GB quota_rule2 = Trash:storage=+200M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = /var/sieve-scripts/%Ln.sieve sieve_dir = /var/vmail/%Ln/home/sieve stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 16 M stats_refresh = 30 secs stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours } postmaster_address = postmaster at mydomain.com protocols = imap pop3 sieve sieve service auth-worker { user = root } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0777 user = vmail } } service imap-login { inet_listener imaps { port = 993 ssl = yes } process_min_avail = 5 } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3-login { inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh user = nobody } service stats { fifo_listener stats-mail { mode = 0600 user = vmail } } ssl_cert = References: <53452789.5030805@gmail.com> Message-ID: <7d0e1398-0c21-4351-a422-75dcddb9707b@darklajid.de> On Wednesday, April 9, 2014 12:57:13 PM CEST, kadafax at gmail.com wrote: > Hi list, > > We are in the process of migrating our old (dovecot 1.2.4 > based) mail system to the new one: > > - Centos 6 x86_64 > - Dovecot 2.2.12 > - Users in an openldap directory > - clucene FTS > > I'm trying to trigger a full indexing for all the user and all > their mailboxes (avoiding them to individually trigger it using > a search within their MUA). I'm trying to use the "doveadm > index" command. > > First question, is there some sort of 'wildcard' option for the > name of the mailbox to index, as I dont know all the mailboxes's > names the users have created (beside the regular Sent Inbox > Trash and Drafts ? I'm using a totally different set of things, but at least dovecot and clucene are agreeable.. ;-) You should have a fts plugin to doveadm that should solve this issue: doveadm fts rescan doveadm fts optimize That's what I use to trigger rebuilds. > Second question I've tried: > # doveadm -D index -A Sent > which gave me: > doveadm(root): Error: User listing returned failure > doveadm: Error: Failed to iterate through some users > > Can the '-A' option work with ldap backend ? http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb # For using doveadm -A: iterate_attrs = uid=user iterate_filter = (objectClass=posixAccount) Are you defining iterate_* for your userdb? Regards, Ben From adarsh.s at directi.com Wed Apr 9 13:12:58 2014 From: adarsh.s at directi.com (adarshvs) Date: Wed, 9 Apr 2014 06:12:58 -0700 (PDT) Subject: [Dovecot] Prevent sieve redirects to external domains Message-ID: <1397049178114-47471.post@n4.nabble.com> Hi, Is there any way to disable sieve forwards to all domains except one. Users should be able to forward their mails to only one specific domain. If not then any idea on how this feature can be implemented ??. -- View this message in context: http://dovecot.2317879.n4.nabble.com/Prevent-sieve-redirects-to-external-domains-tp47471.html Sent from the Dovecot mailing list archive at Nabble.com. From kadafax at gmail.com Wed Apr 9 13:27:03 2014 From: kadafax at gmail.com (kadafax at gmail.com) Date: Wed, 09 Apr 2014 15:27:03 +0200 Subject: [Dovecot] Migration to Dovecot 2.2.12 - How to trigger full site indexing In-Reply-To: <7d0e1398-0c21-4351-a422-75dcddb9707b@darklajid.de> References: <53452789.5030805@gmail.com> <7d0e1398-0c21-4351-a422-75dcddb9707b@darklajid.de> Message-ID: <53454AA7.2030708@gmail.com> Le 09/04/2014 13:04, Benjamin Podszun a ?crit : > On Wednesday, April 9, 2014 12:57:13 PM CEST, kadafax at gmail.com wrote: >> Hi list, >> >> We are in the process of migrating our old (dovecot 1.2.4 based) mail >> system to the new one: >> >> - Centos 6 x86_64 >> - Dovecot 2.2.12 >> - Users in an openldap directory >> - clucene FTS >> >> I'm trying to trigger a full indexing for all the user and all their >> mailboxes (avoiding them to individually trigger it using a search >> within their MUA). I'm trying to use the "doveadm index" command. >> >> First question, is there some sort of 'wildcard' option for the name >> of the mailbox to index, as I dont know all the mailboxes's names the >> users have created (beside the regular Sent Inbox Trash and Drafts ? > > I'm using a totally different set of things, but at least dovecot and > clucene are agreeable.. ;-) > > You should have a fts plugin to doveadm that should solve this issue: > > doveadm fts rescan > doveadm fts optimize > > That's what I use to trigger rebuilds. Yes it works but not (at least for me) on the initial lucene index creation (when the user don't even have a 'lucene-indexes' folder). For now I use in some bash script: doveadm -v index -u $user Trash doveadm -v index -u $user Drafts doveadm -v index -u $user Sent doveadm -v index -u $user Inbox but that will not index other mailboxes the user has created. Is there a way to make doveadm to iterate through all user's mailboxes ? > >> Second question I've tried: >> # doveadm -D index -A Sent >> which gave me: >> doveadm(root): Error: User listing returned failure >> doveadm: Error: Failed to iterate through some users >> >> Can the '-A' option work with ldap backend ? > > http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb > > # For using doveadm -A: > iterate_attrs = uid=user > iterate_filter = (objectClass=posixAccount) > > Are you defining iterate_* for your userdb? > Yes I am and it's not working (see debug output below [1]) :( Maybe it's because I'm using a static userdb ? ###### dovecot-ldap.conf.ext AND dovecot-ldap-userdb.conf.ext (symlinked) ###### uris = ldaps://ldap.mydomain.com ldaps://ldap2.mydomain.com tls = no tls_ca_cert_file = /etc/pki/tls/certs/ca.crt tls_require_cert = never debug_level = 0 auth_bind = yes auth_bind_userdn = uid=%u,ou=people,dc=mydomain,dc=com ldap_version = 3 base = ou=people,dc=mydomain,dc=com pass_filter = (&(accountStatus=active)(uid=%n)) iterate_attrs = uid=user iterate_filter = (accountStatus=active) ###### auth-ldap.conf.ext ###### passdb { driver = ldap args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext } userdb { driver = static args = uid=11111 gid=11111 home=/var/vmail/%Ln/home allow_all_users=yes } Subsidiary question: dovecot offers to index attachments using decode2text.sh which in turn make use of xmlunzip. No rpm for Centos/RHEL propose this tool. Is this is the one I should use: https://raw.githubusercontent.com/GNOME/gnumeric/master/tools/xmlunzip [1]: # doveadm -D index -A INBOX doveadm(root): Debug: Loading modules from directory: /usr/local/lib/dovecot doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/lib10_quota_plugin.so doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/lib20_fts_plugin.so doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/lib21_fts_lucene_plugin.so doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/lib90_stats_plugin.so doveadm(root): Debug: Loading modules from directory: /usr/local/lib/dovecot/doveadm doveadm(root): Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_lookup (this is usually intentional, so just ignore this message) doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib10_doveadm_sieve_plugin.so doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so doveadm(root): Error: User listing returned failure doveadm: Error: Failed to iterate through some users From CMarcus at Media-Brokers.com Wed Apr 9 16:42:54 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 09 Apr 2014 12:42:54 -0400 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <96F39CD6-6A21-43DF-9F84-BB4D020F523C@iki.fi> References: <1396976410.24483.59.camel@amp.ex.ac.uk> <96F39CD6-6A21-43DF-9F84-BB4D020F523C@iki.fi> Message-ID: <5345788E.9000707@Media-Brokers.com> On 4/9/2014 5:45 AM, Timo Sirainen wrote: > By default Dovecot's login processes run in the "high security mode" where each IMAP/POP3 connection runs in its own process. This was done especially to avoid security bugs in OpenSSL from leaking users' passwords. So unless you have switched to the "high performance mode", users' passwords or other sensitive data couldn't have been leaked.http://wiki2.dovecot.org/LoginProcess Hi Timo, Hmmm... ours is set to high performance mode, but, I didn't set it up, you did... Now I'm wondering why you did this... ? What are the ramifications of changing this on a production server? Any possible problems/gotchas? user impact? Thanks, -- Best regards, Charles From rs at sys4.de Wed Apr 9 17:03:39 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 09 Apr 2014 19:03:39 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <5345788E.9000707@Media-Brokers.com> References: <1396976410.24483.59.camel@amp.ex.ac.uk> <96F39CD6-6A21-43DF-9F84-BB4D020F523C@iki.fi> <5345788E.9000707@Media-Brokers.com> Message-ID: <53457D6B.7000608@sys4.de> Am 09.04.2014 18:42, schrieb Charles Marcus: > What are the ramifications of changing this on a production server? Any > possible problems/gotchas? user impact? in my understanding change ssl key and crts , do all needed ssl updates keep performance mode, if unsure change all passwords too Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From h.reindl at thelounge.net Wed Apr 9 17:10:28 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 09 Apr 2014 19:10:28 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <53457D6B.7000608@sys4.de> References: <1396976410.24483.59.camel@amp.ex.ac.uk> <96F39CD6-6A21-43DF-9F84-BB4D020F523C@iki.fi> <5345788E.9000707@Media-Brokers.com> <53457D6B.7000608@sys4.de> Message-ID: <53457F04.30100@thelounge.net> Am 09.04.2014 19:03, schrieb Robert Schetterer: > Am 09.04.2014 18:42, schrieb Charles Marcus: >> What are the ramifications of changing this on a production server? Any >> possible problems/gotchas? user impact? > > in my understanding change ssl key and crts , do all needed ssl updates > keep performance mode, if unsure change all passwords too passwords too, in security mode only keys would have been affected and since this is a attack which no single indication that it ever happened on a machine there is no likely or unlikely -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From rs at sys4.de Wed Apr 9 17:18:45 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 09 Apr 2014 19:18:45 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <53457F04.30100@thelounge.net> References: <1396976410.24483.59.camel@amp.ex.ac.uk> <96F39CD6-6A21-43DF-9F84-BB4D020F523C@iki.fi> <5345788E.9000707@Media-Brokers.com> <53457D6B.7000608@sys4.de> <53457F04.30100@thelounge.net> Message-ID: <534580F5.3000305@sys4.de> Am 09.04.2014 19:10, schrieb Reindl Harald: > > Am 09.04.2014 19:03, schrieb Robert Schetterer: >> Am 09.04.2014 18:42, schrieb Charles Marcus: >>> What are the ramifications of changing this on a production server? Any >>> possible problems/gotchas? user impact? >> >> in my understanding change ssl key and crts , do all needed ssl updates >> keep performance mode, if unsure change all passwords too > > passwords too, in security mode only keys would have been > affected and since this is a attack which no single > indication that it ever happened on a machine there > is no likely or unlikely there should no issue if you havent used vulnerable openssl version i.e ubuntu lucid has 0.9.x which is not reported vulnerable anyway ,change passwords from time to time is always clever > > > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From h.reindl at thelounge.net Wed Apr 9 17:27:08 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 09 Apr 2014 19:27:08 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <534580F5.3000305@sys4.de> References: <1396976410.24483.59.camel@amp.ex.ac.uk> <96F39CD6-6A21-43DF-9F84-BB4D020F523C@iki.fi> <5345788E.9000707@Media-Brokers.com> <53457D6B.7000608@sys4.de> <53457F04.30100@thelounge.net> <534580F5.3000305@sys4.de> Message-ID: <534582EC.6070808@thelounge.net> Am 09.04.2014 19:18, schrieb Robert Schetterer: > Am 09.04.2014 19:10, schrieb Reindl Harald: >> >> Am 09.04.2014 19:03, schrieb Robert Schetterer: >>> Am 09.04.2014 18:42, schrieb Charles Marcus: >>>> What are the ramifications of changing this on a production server? Any >>>> possible problems/gotchas? user impact? >>> >>> in my understanding change ssl key and crts , do all needed ssl updates >>> keep performance mode, if unsure change all passwords too >> >> passwords too, in security mode only keys would have been >> affected and since this is a attack which no single >> indication that it ever happened on a machine there >> is no likely or unlikely > > there should no issue if you havent used vulnerable openssl version > i.e ubuntu lucid has 0.9.x which is not reported vulnerable > anyway ,change passwords from time to time is always clever if you you don't have used a vulnerable openssl you are not affected at all - if you used than private keys and certs are not your only problem, there are enough articles in the meantime explaining why "change passwords from time to time is always clever" is a strawmans argument with no context to the issue, forcing people to change their passwords all the time for no good reasons leads mostly to completly insecured passwords to remember them easier or have them on a sticky on the screen or under the keyboard the word "counterproductive" describes that policies perfectly -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From rs at sys4.de Wed Apr 9 17:31:41 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 09 Apr 2014 19:31:41 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <534582EC.6070808@thelounge.net> References: <1396976410.24483.59.camel@amp.ex.ac.uk> <96F39CD6-6A21-43DF-9F84-BB4D020F523C@iki.fi> <5345788E.9000707@Media-Brokers.com> <53457D6B.7000608@sys4.de> <53457F04.30100@thelounge.net> <534580F5.3000305@sys4.de> <534582EC.6070808@thelounge.net> Message-ID: <534583FD.4080206@sys4.de> Am 09.04.2014 19:27, schrieb Reindl Harald: > the word "counterproductive" describes that policies perfectly this is simply nonsense, go have a beer Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From milan.cvetkovic at mpathix.com Wed Apr 9 17:46:11 2014 From: milan.cvetkovic at mpathix.com (Milan Cvetkovic) Date: Wed, 09 Apr 2014 13:46:11 -0400 Subject: [Dovecot] sieve pigeonhole vacation filter responding when recipient is not explicitly listed Message-ID: <53458763.3060606@mpathix.com> Hi dovecot.org, When I set up vacation filter for a mailbox, the vacation response is generated even though none of the addresses in the email are same as the mailbox address itself. I have example email sent to "aliastouser at mpathix.com" which gets delivered to "user at my.domain.com" by dovecot-lda. The invocation command is: # /usr/lib/dovecot/dovecot-lda \ -d user \ -f john.doe at somewhere.com \ -a aliastouser at mpathix.com \ -p /tmp/test.email # cat /tmp/test.email Message-ID: From: John Doe To: aliastouser at mpathix.com Subject: test3 vacation response as aliastouser This is the only line in test.email. Here is the vacation filter: if true { vacation :days 1 :addresses ["user at my.domain.com"] text: Please ignore this message, I am only testing vacation filter . ; } /var/log/mail.log shows that sieve vacation sends vacation, (and after succeeding attempts, discards due to already sent address) Apr 9 13:37:21 mx01 dovecot: lda(user): sieve: : sent vacation response to Apr 9 13:37:21 mx01 dovecot: lda(user): sieve: msgid=: stored mail into mailbox 'INBOX' ... Apr 9 13:40:15 mx01 dovecot: lda(user): sieve: msgid=: discarded duplicate vacation response to Apr 9 13:40:15 mx01 dovecot: lda(user): sieve: msgid=: stored mail into mailbox 'INBOX' Attached is the doveconf -n output. Any help is appreciated. Milan. -------------- next part -------------- # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.4 auth_mechanisms = plain login mail_location = maildir:~/Maildir mail_plugins = " notify replication" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { mail_replica = remote:vmail@ sieve = ~/.dovecot.sieve sieve_before = /etc/dovecot/mpathix.sieve sieve_dir = ~/sieve } protocols = " imap sieve pop3" replication_full_sync_interval = 1 hours service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service auth { unix_listener auth-client { mode = 0660 user = Debian-exim } } service doveadm { user = vmail } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { group = vmail mode = 0660 } } ssl_cert = References: <1396976410.24483.59.camel@amp.ex.ac.uk> <96F39CD6-6A21-43DF-9F84-BB4D020F523C@iki.fi> <5345788E.9000707@Media-Brokers.com> <53457D6B.7000608@sys4.de> <53457F04.30100@thelounge.net> <534580F5.3000305@sys4.de> <534582EC.6070808@thelounge.net> <534583FD.4080206@sys4.de> Message-ID: <5345894C.9000107@thelounge.net> Am 09.04.2014 19:31, schrieb Robert Schetterer: > Am 09.04.2014 19:27, schrieb Reindl Harald: >> the word "counterproductive" describes that policies perfectly > > this is simply nonsense, go have a beer don't strip quotes i have faced users in real life with where punsihed by change their passwords each month and the result was that not a single of them was secure or not stored somewhere while the same person would have choosed something like below otherwise !mH*IM*c! derived from "my home is my castle" the first and last char lowercase, the others uppercase ! at the begin and end * after each char between easy to remember, not in rainbow tables *that* is real security because you don't need to note it while it is built with chars nobody else can guess and the user easily rememeber anything else is nonsense cooked only with a technical point of view -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From jakealley26 at yahoo.com Wed Apr 9 17:55:25 2014 From: jakealley26 at yahoo.com (Jake Alley) Date: Wed, 9 Apr 2014 10:55:25 -0700 (PDT) Subject: [Dovecot] Heartbleed openssl vulnerability? Message-ID: <1397066125.18136.YahooMailNeo@web141404.mail.bf1.yahoo.com> It's an interesting issue.? In my experience "stale" passwords are rarely used to compromise systems.? However, passwords tend to end up on sticky notes and even worse, in email databases regardless.? As far as compromised email passwords, they seem to mostly come from infected clients and insecure public logins as far as I can tell.? A server can control the later, but not the former. I know of a major accounting software that forces Admin users to change their passwords every few months under certain circumstances.? Those passwords always end up in emails to fellow users, so in that case forcing people to change seems to be definitely counterproductive. IMV the moral of the story is that you can't crypt your way into a 100% secure world.? You need other forms of checks & reconciliations that are disjoint from purely cryptographic infrastructure.? For instance ask Mt. Gox and Bitcoin if they agree in hindsight, and Heartbleed is a very good example of this concept. Thanks, Jake On 4/9/2014 10:27 AM, Reindl Harald wrote: "change passwords from time to time is always clever" is a strawmans argument with no context to the issue, forcing people to change their passwords all the time for no good reasons leads mostly to completly insecured passwords to remember them easier or have them on a sticky on the screen or under the keyboard the word "counterproductive" describes that policies perfectly From CMarcus at Media-Brokers.com Wed Apr 9 18:13:44 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 09 Apr 2014 14:13:44 -0400 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <53457D6B.7000608@sys4.de> References: <1396976410.24483.59.camel@amp.ex.ac.uk> <96F39CD6-6A21-43DF-9F84-BB4D020F523C@iki.fi> <5345788E.9000707@Media-Brokers.com> <53457D6B.7000608@sys4.de> Message-ID: <53458DD8.8040105@Media-Brokers.com> On 4/9/2014 1:03 PM, Robert Schetterer wrote: > Am 09.04.2014 18:42, schrieb Charles Marcus: >> >What are the ramifications of changing this on a production server? Any >> >possible problems/gotchas? user impact? > in my understanding change ssl key and crts , do all needed ssl updates > keep performance mode, if unsure change all passwords too ??? I was asking about the ramifications of switching from high performance mode to high security mode. Not the ramifications of the security compromise. -- Best regards, Charles From stephan at rename-it.nl Wed Apr 9 18:48:32 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 09 Apr 2014 20:48:32 +0200 Subject: [Dovecot] sieve pigeonhole vacation filter responding when recipient is not explicitly listed In-Reply-To: <53458763.3060606@mpathix.com> References: <53458763.3060606@mpathix.com> Message-ID: <53459600.3060501@rename-it.nl> On 4/9/2014 7:46 PM, Milan Cvetkovic wrote: > Hi dovecot.org, > > When I set up vacation filter for a mailbox, the vacation response is > generated even though none of the addresses in the email are same as > the mailbox address itself. > > I have example email sent to "aliastouser at mpathix.com" which gets > delivered to "user at my.domain.com" by dovecot-lda. > > The invocation command is: > > # /usr/lib/dovecot/dovecot-lda \ > -d user \ > -f john.doe at somewhere.com \ > -a aliastouser at mpathix.com \ > -p /tmp/test.email > > # cat /tmp/test.email > Message-ID: > From: John Doe > To: aliastouser at mpathix.com > Subject: test3 vacation response as aliastouser > > This is the only line in test.email. Well, you specify -a aliastouser at mpathix.com and no -r argument. This means that Sieve sees aliastouser at mpathix.com as envelope recipient. Obviously, that is listed in the 'To' header of the message, making a vacation response valid. http://wiki2.dovecot.org/LDA Regards, Stephan. From stephan at rename-it.nl Wed Apr 9 18:51:35 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 09 Apr 2014 20:51:35 +0200 Subject: [Dovecot] Prevent sieve redirects to external domains In-Reply-To: <1397049178114-47471.post@n4.nabble.com> References: <1397049178114-47471.post@n4.nabble.com> Message-ID: <534596B7.806@rename-it.nl> On 4/9/2014 3:12 PM, adarshvs wrote: > Hi, > > Is there any way to disable sieve forwards to all domains except one. Users > should be able to forward their mails to only one specific domain. If not > then any idea on how this feature can be implemented ??. Not using Dovecot directly. Maybe you can conjure something with your MTA, e.g. by making Dovecot submit outgoing messages to a special SMTP port (use submission_host setting). But that would also affect bounce messages, Sieve notify and Sieve reject. I must say I have no experience with that. Regards, Stephan. From milan.cvetkovic at mpathix.com Wed Apr 9 19:19:03 2014 From: milan.cvetkovic at mpathix.com (Milan Cvetkovic) Date: Wed, 09 Apr 2014 15:19:03 -0400 Subject: [Dovecot] sieve pigeonhole vacation filter responding when recipient is not explicitly listed In-Reply-To: <53459600.3060501@rename-it.nl> References: <53458763.3060606@mpathix.com> <53459600.3060501@rename-it.nl> Message-ID: <53459D27.7030602@mpathix.com> Thanks, that helped, although I am still somewhat puzzled: # /usr/lib/dovecot/dovecot-lda \ -d user \ -f john.doe at somewhere.com \ -a aliastouser at mpathix.com \ -r user at mpathix.com \ -p /tmp/test.email does not send vacation with my posted 'devecot -n' configuration But from: I was under the impression that I should also use plugin { ... sieve_vacation_use_original_recipient = yes } However, vacation is not sent only when this option is set to 'no' (or defaulted to 'no') Am I misunderstanding 'sieve_vacation_use_original_recipient' option: "This specifies whether the original envelope recipient should be used in the check for implicit delivery. The vacation command checks headers of the incoming message, such as To: and Cc: for the address of the recipient, to verify that the message is explicitly addressed at the recipient. If the recipient address is not found, the vacation action will not trigger a response to prevent sending a reply when it is not appropriate. Normally only the final recipient address is used in this check. This setting allows including the original recipient specified in the SMTP session if available. This is useful to handle mail accounts with aliases. Use this option with caution: if you are using aliases that point to more than a single account, senders can get multiple vacation responses for a single message. Use the LDA -a option or the LMTP/LDA lda_original_recipient_header setting to make the original SMTP recipient available to Sieve. " Thanks, Milan Stephan Bosch wrote: > On 4/9/2014 7:46 PM, Milan Cvetkovic wrote: >> Hi dovecot.org, >> >> When I set up vacation filter for a mailbox, the vacation response is >> generated even though none of the addresses in the email are same as >> the mailbox address itself. >> >> I have example email sent to "aliastouser at mpathix.com" which gets >> delivered to "user at my.domain.com" by dovecot-lda. >> >> The invocation command is: >> >> # /usr/lib/dovecot/dovecot-lda \ >> -d user \ >> -f john.doe at somewhere.com \ >> -a aliastouser at mpathix.com \ >> -p /tmp/test.email >> >> # cat /tmp/test.email >> Message-ID: >> From: John Doe >> To: aliastouser at mpathix.com >> Subject: test3 vacation response as aliastouser >> >> This is the only line in test.email. > > Well, you specify -a aliastouser at mpathix.com and no -r argument. This > means that Sieve sees aliastouser at mpathix.com as envelope recipient. > Obviously, that is listed in the 'To' header of the message, making a > vacation response valid. > > http://wiki2.dovecot.org/LDA > > Regards, > > Stephan. > From stephan at rename-it.nl Wed Apr 9 19:40:07 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 09 Apr 2014 21:40:07 +0200 Subject: [Dovecot] Sieve (randomly?) flagging messages as \\Seen \\Deleted In-Reply-To: <533EF7D6.5030105@bofhland.org> References: <533D45E4.50703@bofhland.org> <533EDE6B.1010202@rename-it.nl> <533EF7D6.5030105@bofhland.org> Message-ID: <5345A217.3090702@rename-it.nl> On 4/4/2014 8:20 PM, Emanuele Balla (aka Skull) wrote: > On 04/04/14 18:31, Stephan Bosch wrote: > Also, if there was one defined somehow/somewhere, I'd see something in > sieve's debug (when trying to open it, compiling, etc), but there's nothing. > > I can tell more: searching for a global workaround, in the meanwhile I > added a sieve_before script (not shown in the config above) doing only this: > > require ["imap4flags"]; > removeflag "\\Deleted"; > removeflag "\\Seen"; > > > As a result, the problem disappeared for all users... :-| > (and yeah, the execution of this sieve_before appears in my debug logs, now) I have no idea what may be going on here. Upgrading may help. If you can, you should try that first. If it persists, I'd have to add some more debug logging to get an idea where these flags (or rather this message state) is generated. Regards, Stephan. From CMarcus at Media-Brokers.com Wed Apr 9 19:57:51 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 09 Apr 2014 15:57:51 -0400 Subject: [Dovecot] Override maildir for just a few users Message-ID: <5345A63F.6070500@Media-Brokers.com> Hi all, Currently, I have mail_location = maildir:~/Maildir set and all passdb and userdb lookups are SQL based (doveconf -n pasted below). However, I want to override the users maildir location - and *only* the maildir location - for just a few users. I was thinking the easiest way would be to add a simple flat file based userdb that is checked before the SQL based one, where I can define a different maildir for these users. So, basically, dovecot checks the flat file first, and if the user isn't found, falls back to SQL. I still want all AUTH to go through SQL... It seems like this should be fairly simple, but after reading the wiki for a few days, I'm just not sure... This is on a production box, so I have to be careful (note to self - MUST set up testing box for things like this)... Is anyone else doing anything like this, and if so would you be willing to share sanitized configs? Thx, -- Best regards, Charles From gedalya at gedalya.net Wed Apr 9 20:03:14 2014 From: gedalya at gedalya.net (Gedalya) Date: Wed, 09 Apr 2014 16:03:14 -0400 Subject: [Dovecot] Override maildir for just a few users In-Reply-To: <5345A63F.6070500@Media-Brokers.com> References: <5345A63F.6070500@Media-Brokers.com> Message-ID: <5345A782.8030103@gedalya.net> On 04/09/2014 03:57 PM, Charles Marcus wrote: > Hi all, > > Currently, I have mail_location = maildir:~/Maildir set and all passdb > and userdb lookups are SQL based (doveconf -n pasted below). > > However, I want to override the users maildir location - and *only* > the maildir location - for just a few users. > > I was thinking the easiest way would be to add a simple flat file > based userdb that is checked before the SQL based one, where I can > define a different maildir for these users. > > So, basically, dovecot checks the flat file first, and if the user > isn't found, falls back to SQL. > > I still want all AUTH to go through SQL... > > It seems like this should be fairly simple, but after reading the > wiki for a few days, I'm just not sure... > > This is on a production box, so I have to be careful (note to self - > MUST set up testing box for things like this)... > > Is anyone else doing anything like this, and if so would you be > willing to share sanitized configs? > > Thx, > Why would you want a text file for overrides, as opposed to just doing everything in SQL? From rs at sys4.de Wed Apr 9 20:06:24 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 09 Apr 2014 22:06:24 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <5345894C.9000107@thelounge.net> References: <1396976410.24483.59.camel@amp.ex.ac.uk> <96F39CD6-6A21-43DF-9F84-BB4D020F523C@iki.fi> <5345788E.9000707@Media-Brokers.com> <53457D6B.7000608@sys4.de> <53457F04.30100@thelounge.net> <534580F5.3000305@sys4.de> <534582EC.6070808@thelounge.net> <534583FD.4080206@sys4.de> <5345894C.9000107@thelounge.net> Message-ID: <5345A840.8060406@sys4.de> Am 09.04.2014 19:54, schrieb Reindl Harald: > > i have faced users in real life with where punsihed by > change their passwords each month and the result was > that not a single of them was secure or not stored > somewhere while the same person would have choosed > something like below otherwise yes its common and old security practice to force password changes at some terms in many software products, looks like many coders agreed that this is a good idea, but for sure they had not your universal jedi power Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Wed Apr 9 20:36:35 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 09 Apr 2014 22:36:35 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <53458DD8.8040105@Media-Brokers.com> References: <1396976410.24483.59.camel@amp.ex.ac.uk> <96F39CD6-6A21-43DF-9F84-BB4D020F523C@iki.fi> <5345788E.9000707@Media-Brokers.com> <53457D6B.7000608@sys4.de> <53458DD8.8040105@Media-Brokers.com> Message-ID: <5345AF53.5000105@sys4.de> Am 09.04.2014 20:13, schrieb Charles Marcus: > On 4/9/2014 1:03 PM, Robert Schetterer wrote: >> Am 09.04.2014 18:42, schrieb Charles Marcus: >>> >What are the ramifications of changing this on a production server? Any >>> >possible problems/gotchas? user impact? >> in my understanding change ssl key and crts , do all needed ssl updates >> keep performance mode, if unsure change all passwords too > > ??? > > I was asking about the ramifications of switching from high performance > mode to high security mode. > > Not the ramifications of the security compromise. > i switched to performance mode when pop3 logins rised up to more then 1000 per minute, i did not see any significant rise or low of ram switching between modes, but i have no data for massive imap logins, dovecot in general is not very memory hungry, for exact compare data you might wait for Timo to answer, or do some measure by yourself Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From h.reindl at thelounge.net Wed Apr 9 20:38:05 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 09 Apr 2014 22:38:05 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <5345A840.8060406@sys4.de> References: <1396976410.24483.59.camel@amp.ex.ac.uk> <96F39CD6-6A21-43DF-9F84-BB4D020F523C@iki.fi> <5345788E.9000707@Media-Brokers.com> <53457D6B.7000608@sys4.de> <53457F04.30100@thelounge.net> <534580F5.3000305@sys4.de> <534582EC.6070808@thelounge.net> <534583FD.4080206@sys4.de> <5345894C.9000107@thelounge.net> <5345A840.8060406@sys4.de> Message-ID: <5345AFAD.3070906@thelounge.net> Am 09.04.2014 22:06, schrieb Robert Schetterer: > Am 09.04.2014 19:54, schrieb Reindl Harald: >> i have faced users in real life with where punsihed by >> change their passwords each month and the result was >> that not a single of them was secure or not stored >> somewhere while the same person would have choosed >> something like below otherwise > > yes its common and old security practice to force password changes at > some terms in many software products, looks like many coders agreed that > this is a good idea, but for sure they had not your universal jedi power that's polemic it is not a matter of "jedi power", it's a matter of how likely it is that your password maybe get stolen and how many really secure passwords a human kan keep in his mind compared with change them again and again forcing to store the password on a place where it is more likely to get compromised if the password i am using for critical infrastructure leaves my hands it would be a nightmare - a braindump is unliekly, get whatever store containing it compromised is more likely the same for the class of not that critical passwords, generated with random algorithms and because that stored in password safes which *may* be compromised but better than "shitpwd-year-moth-123" so stop this polemic, there is no asbolute right solution in case of credentials and before a user chosses "fuckingadmin123" i prefer passwords like "!Y*c*k*m*b*S!*" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From kcmohan at gmail.com Tue Apr 8 14:26:39 2014 From: kcmohan at gmail.com (K. C. Mohan - Personal) Date: Tue, 8 Apr 2014 10:26:39 -0400 Subject: [Dovecot] integration of old mails into new dovecot Maildir Message-ID: <00f301cf5336$8ed24cc0$ac76e640$@gmail.com> I just installed dovecot 2.2.9 on to a new server and want to transfer all the old mails into the email accounts I imported from the previous server into MySQL database. I am not able to view the subfolders and or old mails that I copied into their respective maildir folders. I was very much appreciate if anyone could let me know how to import old mails into the new server. All I see, is the new mails that have come into the account since I started dovecot service in the new server. --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com From bourek at thinline.cz Wed Apr 9 21:58:54 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Wed, 09 Apr 2014 23:58:54 +0200 Subject: [Dovecot] Override maildir for just a few users In-Reply-To: <5345A63F.6070500@Media-Brokers.com> References: <5345A63F.6070500@Media-Brokers.com> Message-ID: <5345C29E.7080106@thinline.cz> Charles Marcus wrote: > Hi all, > > Currently, I have mail_location = maildir:~/Maildir set and all passdb > and userdb lookups are SQL based (doveconf -n pasted below). > > However, I want to override the users maildir location - and *only* the > maildir location - for just a few users. > > I was thinking the easiest way would be to add a simple flat file based > userdb that is checked before the SQL based one, where I can define a > different maildir for these users. > > So, basically, dovecot checks the flat file first, and if the user isn't > found, falls back to SQL. > > I still want all AUTH to go through SQL... > > It seems like this should be fairly simple, but after reading the wiki > for a few days, I'm just not sure... I'd start here: http://wiki2.dovecot.org/UserDatabase/ExtraFields You can try to add userdb_import column into your users table, return it in userdb lookup. Leave the column empty (NULL) for most users, put mail_location=xxxxx for those you want to override. At least that's how I understand the wiki page, never actually tested this myself. And I'm not completely sure on the mail_location=xxxxx syntax > > This is on a production box, so I have to be careful (note to self - > MUST set up testing box for things like this)... I *think* adding a column with NULL values and returning it in userdb lookup shouldn't change anything until you actually put something non-NULL into the column for some user. Again, never tested this myself, but if I'm right, you can change the table schema and SQL query without any impact on existing users. After that you can create new user for experiments. Test this on your own risk (and get the testing box ;-)) > > Is anyone else doing anything like this, and if so would you be willing > to share sanitized configs? > > Thx, > From aleangelico at hotmail.com Wed Apr 9 23:07:35 2014 From: aleangelico at hotmail.com (Alejandro Angelico) Date: Wed, 9 Apr 2014 18:07:35 -0500 Subject: [Dovecot] Error: broken sync positions in index file Message-ID: Hi everybody, I'm runing dovecot 2.2.12 and a user mailbox got the "broken sync positions in index file" error twice in the last 20 days. this is an extract from the maillog maillog First Error -------------------- Mar 23 16:13:25 andromeda dovecot: pop3-login: Login: user=, method=PLAIN, rip=187.237.107.24, lip=207.7.90.83, mpid=3983, session=<5KSEbU310wC77WsY> Mar 23 16:13:27 andromeda dovecot: pop3(myuser at mydomain.com): Error: broken sync positions in index file /home/myuser/mail/mydomain.com/myuser/dovecot.index Mar 23 16:13:27 andromeda dovecot: pop3(myuser at mydomain.com): Warning: fscking index file /home/myuser/mail/mydomain.com/myuser/dovecot.index Mar 23 16:13:27 andromeda dovecot: pop3(myuser at mydomain.com): Error: Fixed index file /home/myuser/mail/mydomain.com/myuser/dovecot.index: log_file_tail_offset 164 -> 144 Mar 23 16:13:27 andromeda dovecot: pop3(myuser at mydomain.com): Panic: file mail-transaction-log.c: line 350 (mail_transaction_log_set_mailbox_sync_pos): assertion failed: (file_offset >= log->head->saved_tail_offset) Mar 23 16:13:27 andromeda dovecot: pop3(myuser at mydomain.com): Fatal: master: service(pop3): child 3983 killed with signal 6 (core dumps disabled) Mar 23 16:13:27 andromeda dovecot: pop3: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0 [0xb7e59350] -> /usr/lib/dovecot/libdovecot.so.0 [0xb7e593cd] -> /usr/lib/dovecot/libdovecot.so.0 [0xb7e58c64] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_transaction_log_set_mailbox_sync_pos+0x9a) [0xb7f8c1aa] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_sync_commit+0x9c) [0xb7f82a5c] -> /usr/lib/dovecot/libdovecot-storage.so.0 [0xb7f00f2b] -> /usr/lib/dovecot/libdovecot-storage.so.0 [0xb7f0034a] -> /usr/lib/dovecot/libdovecot-storage.so.0 [0xb7f006ba] -> /usr/lib/dovecot/libdovecot-storage.so.0(maildir_storage_sync_init+0xc1) [0xb7f00851] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x39) [0xb7f33b79] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x3d) [0xb7f365ad] -> dovecot/pop3(client_create+0x2e2) [0x804c5e2] -> dovecot/pop3 [0x804afec] -> dovecot/pop3 [0x804b607] -> /usr/lib/dovecot/libdovecot.so.0 [0xb7e1033a] -> /usr/lib/dovecot/libdovecot.so.0 [0xb7e10622] -> /usr/li maillog Second Error -------------------- Apr 9 17:22:00 andromeda dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=29811, secured, session= Apr 9 17:22:00 andromeda dovecot: imap(myuser at mydomain.com): Error: Transaction log file /home/myuser/mail/mydomain.com/myuser/dovecot.index.log seq 4: log_file_tail_offset update shrank it (284 vs 420 sync_offset=268) Apr 9 17:22:00 andromeda dovecot: imap(myuser at mydomain.com): Error: broken sync positions in index file /home/myuser/mail/mydomain.com/myuser/dovecot.index Apr 9 17:22:00 andromeda dovecot: imap(myuser at mydomain.com): Warning: fscking index file /home/myuser/mail/mydomain.com/myuser/dovecot.index Apr 9 17:22:00 andromeda dovecot: imap(myuser at mydomain.com): Error: Fixed index file /home/myuser/mail/mydomain.com/myuser/dovecot.index: log_file_tail_offset 420 -> 284 Apr 9 17:22:00 andromeda dovecot: imap(myuser at mydomain.com): Panic: file mail-transaction-log.c: line 350 (mail_transaction_log_set_mailbox_sync_pos): assertion failed: (file_offset >= log->head->saved_tail_offset) Apr 9 17:22:00 andromeda dovecot: imap(myuser at mydomain.com): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0 [0xb7d9ae4f] -> /usr/lib/dovecot/libdovecot.so.0 [0xb7d9aecd] -> /usr/lib/dovecot/libdovecot.so.0 [0xb7d9a744] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_transaction_log_set_mailbox_sync_pos+0x9a) [0xb7ecf60a] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_sync_commit+0x9c) [0xb7ec5e5c] -> /usr/lib/dovecot/libdovecot-storage.so.0 [0xb7e43f8b] -> /usr/lib/dovecot/libdovecot-storage.so.0 [0xb7e433aa] -> /usr/lib/dovecot/libdovecot-storage.so.0 [0xb7e4371a] -> /usr/lib/dovecot/libdovecot-storage.so.0(maildir_storage_sync_init+0xc1) [0xb7e438b1] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x39) [0xb7e76d19] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x3d) [0xb7e7974d] -> dovecot/imap(cmd_select_full+0x23e) [0x805721e] -> dovecot/imap(cmd_select+0x19) [0x8057bf9] -> dovecot/imap(command_exec+0x33) [0x805c9a3] -> dovecot/imap [0x805b6df] -> dove Apr 9 17:22:00 andromeda dovecot: imap(myuser at mydomain.com): Fatal: master: service(imap): child 29811 killed with signal 6 (core dumps disabled) Deleting dovecot.index.* files solved the problem both times, but I'm wondering if something is wrong because it's always the same mailbox. Before deleting dovecot.index I run doveadm with this oputput: root at myserver [/home/myuser/mail/.myuser at mydomain_com]# doveadm index -u myuser INBOX doveadm(myuser): Fatal: User doesn't exist root at myserver [/home/myuser/mail/.myuser at mydomain_com]# doveadm index -u myuser at mydomain.com INBOX doveadm(myuser at mydomain.com): Error: Transaction log file /home/myuser/mail/mydomain.com/myuser/dovecot.index.log seq 4: log_file_tail_offset update shrank it (284 vs 420 sync_offset=268) doveadm(myuser at mydomain.com): Error: broken sync positions in index file /home/myuser/mail/mydomain.com/myuser/dovecot.index doveadm(myuser at mydomain.com): Warning: fscking index file /home/myuser/mail/mydomain.com/myuser/dovecot.index doveadm(myuser at mydomain.com): Error: Fixed index file /home/myuser/mail/mydomain.com/myuser/dovecot.index: log_file_tail_offset 420 -> 284 doveadm(myuser at mydomain.com): Panic: file mail-transaction-log.c: line 350 (mail_transaction_log_set_mailbox_sync_pos): assertion failed: (file_offset >= log->head->saved_tail_offset) doveadm(myuser at mydomain.com): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0 [0xb7d35e4f] -> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x43) [0xb7d35f63] -> /usr/lib/dovecot/libdovecot.so.0 [0xb7d35744] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_transaction_log_set_mailbox_sync_pos+0x9a) [0xb7e6a60a] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_sync_commit+0x9c) [0xb7e60e5c] -> /usr/lib/dovecot/libdovecot-storage.so.0 [0xb7ddef8b] -> /usr/lib/dovecot/libdovecot-storage.so.0 [0xb7dde3aa] -> /usr/lib/dovecot/libdovecot-storage.so.0 [0xb7dde71a] -> /usr/lib/dovecot/libdovecot-storage.so.0(maildir_storage_sync_init+0xc1) [0xb7dde8b1] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x39) [0xb7e11d19] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x3d) [0xb7e1474d] -> doveadm [0x80595db] -> doveadm [0x80558de] -> doveadm(doveadm_mail_try_run+0x293) [0x8055d03] -> doveadm(main+0x3bd) [0x805eb5d] -> /lib/libc.so.6(__libc_start_main+0xdc) [0xb7b89ebc] -> doveadm [0x8055061] Aborted Is there anything else I should try? or just wait to see if this happens again? the mailbox is not very big, around 38Mb in 84 mails. Thanks! Alex From jtam.home at gmail.com Wed Apr 9 23:54:24 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Wed, 9 Apr 2014 16:54:24 -0700 (PDT) Subject: [Dovecot] POP3 sessions In-Reply-To: References: Message-ID: writes: > Is their a way in the config file to not lock > POP3 sessions in dovecot for only 1 user? That ought to be the default: http://wiki2.dovecot.org/POP3Server (Section Session locking) Did you set pop3_lock_session=yes somewhere? Locking is good if the client connection is stable: if you disable locking, you could end up with a scrambled mailbox as two or more users access it at the same time. Joseph Tam From tim at timgws.com.au Thu Apr 10 00:28:36 2014 From: tim at timgws.com.au (Tim Groeneveld) Date: Wed, 9 Apr 2014 20:28:36 -0400 (EDT) Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <5345AFAD.3070906@thelounge.net> Message-ID: <31582962.54935.1397089716114.JavaMail.root@timgws.com.au> ----- Original Message ----- > > the same for the class of not that critical passwords, generated > with random algorithms and because that stored in password safes > which *may* be compromised but better than "shitpwd-year-moth-123" > > so stop this polemic, there is no asbolute right solution in case > of credentials and before a user chosses "fuckingadmin123" i prefer > passwords like "!Y*c*k*m*b*S!*" > I think now is a good time to point you to http://xkcd.com/936/ I would prefer "SuitableChooseNewspaper57" over "!Y*c*k*m*b*S!*" because I know that the first is definitely less likely to be stored on the back of a keyboard, or in a Word document named "Passwords.doc". Plus, Suitable Choose Newspaper 57? Easy to say over the phone if someone ever needs my password. From mtrainer at westnet.com.au Thu Apr 10 01:06:17 2014 From: mtrainer at westnet.com.au (Murray Trainer) Date: Thu, 10 Apr 2014 09:06:17 +0800 Subject: [Dovecot] Director NFS backups Message-ID: <3d5a3ac43037d39319a76ec07ddb2b5a171a5fd8@webmail.westnet.com.au> Hi All, What is the recommended method of taking backups of user mailboxes when using the Director setup with NFS backend mail storage???? Is there any way to avoid the likely NFS locking issues by backing up the filesystem directly or do I have to do some sort of dsync method.? If I have to use dsync can I dsync the mailboxes to compressed copies of the mailboxes without requiring another dovecot server to do the dsync.?? Thanks for you responses. Murray From rs at sys4.de Thu Apr 10 02:02:32 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 10 Apr 2014 04:02:32 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <5345AFAD.3070906@thelounge.net> References: <1396976410.24483.59.camel@amp.ex.ac.uk> <96F39CD6-6A21-43DF-9F84-BB4D020F523C@iki.fi> <5345788E.9000707@Media-Brokers.com> <53457D6B.7000608@sys4.de> <53457F04.30100@thelounge.net> <534580F5.3000305@sys4.de> <534582EC.6070808@thelounge.net> <534583FD.4080206@sys4.de> <5345894C.9000107@thelounge.net> <5345A840.8060406@sys4.de> <5345AFAD.3070906@thelounge.net> Message-ID: <5345FBB8.70308@sys4.de> Am 09.04.2014 22:38, schrieb Reindl Harald: > it is not a matter of "jedi power", it's a matter of how likely > it is that your password maybe get stolen and how many really > secure passwords a human kan keep in his mind compared with > change them again and again forcing to store the password on > a place where it is more likely to get compromised agreed you never will fix the problem sitting behind the keyboard with code Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From h.reindl at thelounge.net Thu Apr 10 03:35:22 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 10 Apr 2014 05:35:22 +0200 Subject: [Dovecot] Heartbleed openssl vulnerability? In-Reply-To: <31582962.54935.1397089716114.JavaMail.root@timgws.com.au> References: <31582962.54935.1397089716114.JavaMail.root@timgws.com.au> Message-ID: <5346117A.2010906@thelounge.net> Am 10.04.2014 02:28, schrieb Tim Groeneveld: > ----- Original Message ----- >> >> the same for the class of not that critical passwords, generated >> with random algorithms and because that stored in password safes >> which *may* be compromised but better than "shitpwd-year-moth-123" >> >> so stop this polemic, there is no asbolute right solution in case >> of credentials and before a user chosses "fuckingadmin123" i prefer >> passwords like "!Y*c*k*m*b*S!*" >> > > I think now is a good time to point you to http://xkcd.com/936/ > > I would prefer "SuitableChooseNewspaper57" over "!Y*c*k*m*b*S!*" > because I know that the first is definitely less likely to be > stored on the back of a keyboard, or in a Word document > named "Passwords.doc". > > Plus, Suitable Choose Newspaper 57? Easy to say over the phone > if someone ever needs my password you missed that bit: >>> 09.04.2014 19:54, schrieb Reindl Harald: >>>> i have faced users in real life with where punsihed by >>>> change their passwords each month maybe *now* that you can't use "SuitableChooseNewspaper57" as well as "SuitableChooseNewspaper58" the next month where such policies are applied or anything else you remember you understand what i mean and the next time read the whole thread before you reply to pieces out of context -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From adarsh.s at directi.com Thu Apr 10 06:58:34 2014 From: adarsh.s at directi.com (adarshvs) Date: Wed, 9 Apr 2014 23:58:34 -0700 (PDT) Subject: [Dovecot] IMAP, POP, LMTP response time Message-ID: <1397113114736-47500.post@n4.nabble.com> Hi, How do I retrieve the /response time/ metrics for imap, pop, lmtp and smtp. Any suggestions will be very helpful. Thank you. -- View this message in context: http://dovecot.2317879.n4.nabble.com/IMAP-POP-LMTP-response-time-tp47500.html Sent from the Dovecot mailing list archive at Nabble.com. From rs at sys4.de Thu Apr 10 07:38:55 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 10 Apr 2014 09:38:55 +0200 Subject: [Dovecot] IMAP, POP, LMTP response time In-Reply-To: <1397113114736-47500.post@n4.nabble.com> References: <1397113114736-47500.post@n4.nabble.com> Message-ID: <53464A8F.8070009@sys4.de> Am 10.04.2014 08:58, schrieb adarshvs: > Hi, > > How do I retrieve the /response time/ metrics for imap, pop, lmtp and smtp. > Any suggestions will be very helpful. > > Thank you. not sure if this is what you looking for, perhaps read http://wiki2.dovecot.org/Statistics > > > > -- > View this message in context: http://dovecot.2317879.n4.nabble.com/IMAP-POP-LMTP-response-time-tp47500.html > Sent from the Dovecot mailing list archive at Nabble.com. > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From skdovecot at smail.inf.fh-brs.de Thu Apr 10 10:14:20 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 10 Apr 2014 12:14:20 +0200 (CEST) Subject: [Dovecot] integration of old mails into new dovecot Maildir In-Reply-To: <00f301cf5336$8ed24cc0$ac76e640$@gmail.com> References: <00f301cf5336$8ed24cc0$ac76e640$@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 8 Apr 2014, K. C. Mohan - Personal wrote: > I just installed dovecot 2.2.9 on to a new server and want to transfer all > the old mails into the email accounts I imported from the previous server > into MySQL database. I am not able to view the subfolders and or old mails > that I copied into their respective maildir folders. I was very much > appreciate if anyone could let me know how to import old mails into the new > server. All I see, is the new mails that have come into the account since I > started dovecot service in the new server. Check out http://wiki2.dovecot.org/Migration . Read esp. about "preserving messages' UIDs". If the old server uses Maildir, too, and you don't care about the UIDs, copy the files over and you are done. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU0Zu/3D1/YhP6VMHAQKO0QgA7v5CowgoagbvEC3S0XI3k3QUHlsUczLE 38MedNzPw8cc69OHwzWxfxDiuCU2g2Q+Bv1vKMp+7aY2e9nCwUKcT0tOZGf7Nxrw IDG5dJbRtQSwTSOOvHSj1/SLY/tbYB71NkAPZl3XunFKcbkGl2BYKDfj+BuZ+WMZ pDj6B9S8GuV7BJNWlP4fRaHyrGDwfYuUmj1bTEoNuAFFPW11HfAwxRUQgnOKU9GJ zxERX2Tg7+Xj/RM49InQd8qqczYjsNte6M58a+6dwStGkPK4y0XD8nwsH8r4skvN utKKG+dRln+94oVnSG8WNNKpVmZt8K9oNHWq1CxVRIoqu2tUmppr0g== =qQnO -----END PGP SIGNATURE----- From volker at schwaberow.de Thu Apr 10 10:38:25 2014 From: volker at schwaberow.de (Volker Schwaberow) Date: Thu, 10 Apr 2014 12:38:25 +0200 Subject: [Dovecot] Dovecot XAPPLEPUSHSERVICE Apple Message-ID: Hello list. Anybody having experience with the Apple Extensions for Dovecot at http://www.opensource.apple.com/source/dovecot/dovecot-239.8/dovecot/src/imap/cmd-x-apple-push-service.c ? Is it possible to patch the Dovecot source with them and get them to work on a Non-Apple System? Cheers, Volker ?? Volker Schwaberow Email: volker at schwaberow.de -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From stano at websupport.sk Thu Apr 10 11:38:27 2014 From: stano at websupport.sk (Pavel Stano) Date: Thu, 10 Apr 2014 13:38:27 +0200 Subject: [Dovecot] replication + attachment sis + zlib bug ? (HEAD version from xi.rename-it.nl) Message-ID: <20140410133827.26b10e68@ass> Hi, i have setup with mail_attachment single instance store + replication + zlib and got this bug when i try to replicate one test mailbox: On master1 in mail.log: Apr 10 13:25:22 master1 dovecot: dsync-local(zzz at blabla666.sk): Error: read(/nfsmnt/mailnfs1/attachments1/6b/57/6b57ad34cf6c414662233d833a7801fde4e1cdcb-92b5052558774653a728000013e2b982[base64:18 b/l]) failed: Stream is larger than expected (97824 > 97823, eof=1) Apr 10 13:25:22 master1 dovecot: dsync-local(zzz at blabla666.sk): Error: dsync(master2): read(attachments-connector(zlib(/nfsmnt/mailnfs1/b/l/blabla666.sk/zzz at blabla666.sk/mdbox/storage/m.9))) failed: read(/nfsmnt/mailnfs1/attachments1/6b/57/6b57ad34cf6c414662233d833a7801fde4e1cdcb-92b5052558774653a728000013e2b982[base64:18 b/l]) failed: Stream is larger than expected (97824 > 97823, eof=1) This is on master2 in mail.log Apr 10 13:32:21 master2 dovecot: dsync-server(zzz at blabla666.sk): Error: dsync(master1): read() failed: read(10.10.30.2) failed: dot-input stream ends without '.' line I tried to rm -Rf mailbox on master2 and run on master1 doveadm replicator remove zzz at blabla666.sk doveadm replicator replicate zzz at blabla666.sk but same problem happen. Thanks -- [ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ] Pavel Stano | Troubleshooter http://WebSupport.sk *** BERTE A VYCHUTNAVAJTE *** -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From gilles.chauvin at univ-rouen.fr Thu Apr 10 12:26:25 2014 From: gilles.chauvin at univ-rouen.fr (Gilles Chauvin) Date: Thu, 10 Apr 2014 14:26:25 +0200 Subject: [Dovecot] replication + attachment sis + zlib bug ? (HEAD version from xi.rename-it.nl) In-Reply-To: <20140410133827.26b10e68@ass> References: <20140410133827.26b10e68@ass> Message-ID: <53468DF1.2050400@univ-rouen.fr> On 10/04/2014 13:38, Pavel Stano wrote: > Hi, > > i have setup with mail_attachment single instance store + replication + > zlib and got this bug when i try to replicate one test mailbox: > > On master1 in mail.log: > Apr 10 13:25:22 master1 dovecot: > dsync-local(zzz at blabla666.sk): Error: > read(/nfsmnt/mailnfs1/attachments1/6b/57/6b57ad34cf6c414662233d833a7801fde4e1cdcb-92b5052558774653a728000013e2b982[base64:18 > b/l]) failed: Stream is larger than expected (97824 > 97823, eof=1) Apr > 10 13:25:22 master1 dovecot: dsync-local(zzz at blabla666.sk): > Error: dsync(master2): > read(attachments-connector(zlib(/nfsmnt/mailnfs1/b/l/blabla666.sk/zzz at blabla666.sk/mdbox/storage/m.9))) > failed: > read(/nfsmnt/mailnfs1/attachments1/6b/57/6b57ad34cf6c414662233d833a7801fde4e1cdcb-92b5052558774653a728000013e2b982[base64:18 > b/l]) failed: Stream is larger than expected (97824 > 97823, eof=1) > > > This is on master2 in mail.log > Apr 10 13:32:21 master2 dovecot: dsync-server(zzz at blabla666.sk): Error: > dsync(master1): read() failed: read(10.10.30.2) failed: > dot-input stream ends without '.' line > Hi, Your problem looks quite similar to the one I reported 2 months ago. ? http://markmail.org/message/tt4jpjnpsa6lmlz2 Regards, Gilles From sca at andreasschulze.de Thu Apr 10 13:04:40 2014 From: sca at andreasschulze.de (Andreas Schulze) Date: Thu, 10 Apr 2014 15:04:40 +0200 Subject: [Dovecot] dovecot: disable ssl compression Message-ID: <20140410150440.Horde.Gbn7XHx4blr0ZfiXKEbaAA1@horde.andreasschulze.de> Hello, Our "it-security" department asked me about Qualys warnings like -> SSL/TLS Compression Algorithm Information Leakage Vulnerability As far as I learned it's compression inside ssl. postfix-2.11 knows 'tls_ssl_options = no_compression' ( see http://www.postfix.org/postconf.5.html#tls_ssl_options ) is the something comparable in dovecot too? Looks like most extensions in ssl exist only to be disabled :-/ Thanks Andreas From alessio at skye.it Thu Apr 10 13:31:26 2014 From: alessio at skye.it (Alessio Cecchi) Date: Thu, 10 Apr 2014 15:31:26 +0200 Subject: [Dovecot] Dovecot XAPPLEPUSHSERVICE Apple In-Reply-To: References: Message-ID: <53469D2E.2090200@skye.it> Il 10/04/2014 12:38, Volker Schwaberow ha scritto: > Hello list. > > Anybody having experience with the Apple Extensions for Dovecot at http://www.opensource.apple.com/source/dovecot/dovecot-239.8/dovecot/src/imap/cmd-x-apple-push-service.c ? > > Is it possible to patch the Dovecot source with them and get them to work on a Non-Apple System? > > Cheers, > Volker Hi, you can read more about Apple Push Service here: http://www.dovecot.org/list/dovecot/2012-August/067682.html the only patch for dovecot is not sufficient for enable the service. -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz Cloud Email Hosting -> http://www.qboxmail.com @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From h.reindl at thelounge.net Thu Apr 10 14:41:38 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 10 Apr 2014 16:41:38 +0200 Subject: [Dovecot] dovecot: disable ssl compression In-Reply-To: <20140410150440.Horde.Gbn7XHx4blr0ZfiXKEbaAA1@horde.andreasschulze.de> References: <20140410150440.Horde.Gbn7XHx4blr0ZfiXKEbaAA1@horde.andreasschulze.de> Message-ID: <5346ADA2.7000203@thelounge.net> Am 10.04.2014 15:04, schrieb Andreas Schulze: > Our "it-security" department asked me about Qualys warnings like > -> SSL/TLS Compression Algorithm Information Leakage Vulnerability > > As far as I learned it's compression inside ssl. > postfix-2.11 knows 'tls_ssl_options = no_compression' > ( see http://www.postfix.org/postconf.5.html#tls_ssl_options ) > > is the something comparable in dovecot too? > > Looks like most extensions in ssl exist only to be disabled :-/ that attacks are not relevant for email because they rely on the way a webbrowser works which is not the case for a mail client - you can't trigger XSS and Ajax in a MUA https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls >> This year, it's CRIME, a practical attack against how TLS is >> used in browsers. In a wider sense, the same attack conceptually >> applies to any encrypted protocol where the attacker controls >> what is being communicated -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From nmilas at noa.gr Thu Apr 10 15:29:02 2014 From: nmilas at noa.gr (Nikolaos Milas) Date: Thu, 10 Apr 2014 18:29:02 +0300 Subject: [Dovecot] dsync deleted my mailbox - what did I do wrong? In-Reply-To: <534405B6.4090601@noa.gr> References: <9d0749cb-7387-427b-b3f6-6a2c5fb70eb3@darklajid.de> <533EC650.8080602@thinline.cz> <926333b7-67ea-41c5-9bd1-082b8756aa31@darklajid.de> <5342A193.604@thinline.cz> <5342C3C6.70300@noa.gr> <5343C397.2020706@dovecot.fi> <5343E4C2.1040205@noa.gr> <5343FDEC.8080007@dovecot.fi> <534405B6.4090601@noa.gr> Message-ID: <5346B8BE.105@noa.gr> On 8/4/2014 5:20 ??, Nikolaos Milas wrote: > Still no subfolder sync (but individual messages on existing > subfolders get sync'ed): Given that I can't make dsync work properly, until this thread provides info that might lead to correct operation, which I hope, I am thinking of trying syncing using lsyncd & unison (instead of dsync). Before moving on, I would like to kindly ask list members: 1. Are there any admins around who have setup dsync replication and see new subfolder replication work correctly? 2. Is lsyncd & unison expected to work correctly given the particular architecture of Dovecot? (I would think it should work.) Anyone has tried it? Thanks, Nick From stano at websupport.sk Thu Apr 10 16:08:05 2014 From: stano at websupport.sk (Pavel Stano) Date: Thu, 10 Apr 2014 18:08:05 +0200 Subject: [Dovecot] dovecot: disable ssl compression In-Reply-To: <5346ADA2.7000203@thelounge.net> References: <20140410150440.Horde.Gbn7XHx4blr0ZfiXKEbaAA1@horde.andreasschulze.de> <5346ADA2.7000203@thelounge.net> Message-ID: <20140410180805.36c5e58d@ass> Hi, yes its the same problem. I can confirm that it is caused by last line in base64 attachment which is longer than 72 chars in original message. On Thu, 10 Apr 2014 16:41:38 +0200 Reindl Harald wrote: > > > Am 10.04.2014 15:04, schrieb Andreas Schulze: > > Our "it-security" department asked me about Qualys warnings like > > -> SSL/TLS Compression Algorithm Information Leakage > > Vulnerability > > > > As far as I learned it's compression inside ssl. > > postfix-2.11 knows 'tls_ssl_options = no_compression' > > ( see http://www.postfix.org/postconf.5.html#tls_ssl_options ) > > > > is the something comparable in dovecot too? > > > > Looks like most extensions in ssl exist only to be disabled :-/ > > that attacks are not relevant for email because they > rely on the way a webbrowser works which is not the > case for a mail client - you can't trigger XSS and > Ajax in a MUA > > https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls > > >> This year, it's CRIME, a practical attack against how TLS is > >> used in browsers. In a wider sense, the same attack conceptually > >> applies to any encrypted protocol where the attacker controls > >> what is being communicated > -- [ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ] Pavel Stano | Troubleshooter http://WebSupport.sk *** BERTE A VYCHUTNAVAJTE *** -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From stano at websupport.sk Thu Apr 10 16:20:31 2014 From: stano at websupport.sk (Pavel Stano) Date: Thu, 10 Apr 2014 18:20:31 +0200 Subject: [Dovecot] dovecot: disable ssl compression In-Reply-To: <20140410180805.36c5e58d@ass> References: <20140410150440.Horde.Gbn7XHx4blr0ZfiXKEbaAA1@horde.andreasschulze.de> <5346ADA2.7000203@thelounge.net> <20140410180805.36c5e58d@ass> Message-ID: <20140410182031.635fdb60@ass> Sorry, i replied to wrong thread On Thu, 10 Apr 2014 18:08:05 +0200 Pavel Stano wrote: > Hi, > > yes its the same problem. > I can confirm that it is caused by last line in base64 > attachment which is longer than 72 chars in original message. > > On Thu, 10 Apr 2014 16:41:38 +0200 Reindl Harald > wrote: > > > > > > > Am 10.04.2014 15:04, schrieb Andreas Schulze: > > > Our "it-security" department asked me about Qualys warnings like > > > -> SSL/TLS Compression Algorithm Information Leakage > > > Vulnerability > > > > > > As far as I learned it's compression inside ssl. > > > postfix-2.11 knows 'tls_ssl_options = no_compression' > > > ( see http://www.postfix.org/postconf.5.html#tls_ssl_options ) > > > > > > is the something comparable in dovecot too? > > > > > > Looks like most extensions in ssl exist only to be disabled :-/ > > > > that attacks are not relevant for email because they > > rely on the way a webbrowser works which is not the > > case for a mail client - you can't trigger XSS and > > Ajax in a MUA > > > > https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls > > > > >> This year, it's CRIME, a practical attack against how TLS is > > >> used in browsers. In a wider sense, the same attack conceptually > > >> applies to any encrypted protocol where the attacker controls > > >> what is being communicated > > > > > -- [ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ] Pavel Stano | Troubleshooter http://WebSupport.sk *** BERTE A VYCHUTNAVAJTE *** -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From stano at websupport.sk Thu Apr 10 16:21:16 2014 From: stano at websupport.sk (Pavel Stano) Date: Thu, 10 Apr 2014 18:21:16 +0200 Subject: [Dovecot] replication + attachment sis + zlib bug ? (HEAD version from xi.rename-it.nl) In-Reply-To: <53468DF1.2050400@univ-rouen.fr> References: <20140410133827.26b10e68@ass> <53468DF1.2050400@univ-rouen.fr> Message-ID: <20140410182116.16d89d41@ass> Hi, yes its the same problem. I can confirm that it is caused by last line in base64 attachment which is longer than 72 chars in original message. On Thu, 10 Apr 2014 14:26:25 +0200 Gilles Chauvin wrote: > On 10/04/2014 13:38, Pavel Stano wrote: > > Hi, > > > > i have setup with mail_attachment single instance store + > > replication + zlib and got this bug when i try to replicate one > > test mailbox: > > > > On master1 in mail.log: > > Apr 10 13:25:22 master1 dovecot: > > dsync-local(zzz at blabla666.sk): Error: > > read(/nfsmnt/mailnfs1/attachments1/6b/57/6b57ad34cf6c414662233d833a7801fde4e1cdcb-92b5052558774653a728000013e2b982[base64:18 > > b/l]) failed: Stream is larger than expected (97824 > 97823, eof=1) > > Apr 10 13:25:22 master1 dovecot: dsync-local(zzz at blabla666.sk): > > Error: dsync(master2): > > read(attachments-connector(zlib(/nfsmnt/mailnfs1/b/l/blabla666.sk/zzz at blabla666.sk/mdbox/storage/m.9))) > > failed: > > read(/nfsmnt/mailnfs1/attachments1/6b/57/6b57ad34cf6c414662233d833a7801fde4e1cdcb-92b5052558774653a728000013e2b982[base64:18 > > b/l]) failed: Stream is larger than expected (97824 > 97823, eof=1) > > > > > > This is on master2 in mail.log > > Apr 10 13:32:21 master2 dovecot: dsync-server(zzz at blabla666.sk): > > Error: dsync(master1): read() failed: read(10.10.30.2) failed: > > dot-input stream ends without '.' line > > > > Hi, > Your problem looks quite similar to the one I reported 2 months ago. > ? http://markmail.org/message/tt4jpjnpsa6lmlz2 > > > Regards, > Gilles -- [ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ] Pavel Stano | Troubleshooter http://WebSupport.sk *** BERTE A VYCHUTNAVAJTE *** -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From wid at list.widdi.eu Thu Apr 10 16:27:41 2014 From: wid at list.widdi.eu (wid) Date: Thu, 10 Apr 2014 09:27:41 -0700 (PDT) Subject: [Dovecot] Dovecot XAPPLEPUSHSERVICE Apple In-Reply-To: <53469D2E.2090200@skye.it> References: <53469D2E.2090200@skye.it> Message-ID: <1397147261069-47510.post@n4.nabble.com> Alessio Cecchi wrote > Il 10/04/2014 12:38, Volker Schwaberow ha scritto: >> Hello list. >> >> Anybody having experience with the Apple Extensions for Dovecot at >> http://www.opensource.apple.com/source/dovecot/dovecot-239.8/dovecot/src/imap/cmd-x-apple-push-service.c >> ? >> >> Is it possible to patch the Dovecot source with them and get them to work >> on a Non-Apple System? >> >> Cheers, >> Volker > > Hi, > > you can read more about Apple Push Service here: > > http://www.dovecot.org/list/dovecot/2012-August/067682.html > > the only patch for dovecot is not sufficient for enable the service. Hi, I don't think it is possible to do this on a Non-Apple-OS since there are also close source parts of the push service (apsd) that also includes challenge-response to apple servers. There are libraries like Net::APNS or PyAPNS that use the same service (gateway.push.apple.com) but these are intended for this purpose. I tried to use these libraries with certificates extracted from OS X Server without success. -- View this message in context: http://dovecot.2317879.n4.nabble.com/Dovecot-XAPPLEPUSHSERVICE-Apple-tp47503p47510.html Sent from the Dovecot mailing list archive at Nabble.com. From lee_yiu_chung at yahoo.com Fri Apr 11 14:02:05 2014 From: lee_yiu_chung at yahoo.com (lee_yiu_chung at yahoo.com) Date: Fri, 11 Apr 2014 22:02:05 +0800 Subject: [Dovecot] FTS autoindex problem Message-ID: <5347F5DD.9020101@yahoo.com> I tried to implement a solr search server, but I found some unexpected behaviour when I turn on autoindex according to http://wiki2.dovecot.org/Plugins/FTS. I found that all autoindexed email are using "user1 at example.com" as username, as shown in maillog: indexer-worker(user1 at example.com): Indexed 1 messages in INBOX However, all manually indexed email (triggered by IMAP server search) are using "user1" as username, as shown in maillog: indexer-worker(user1): Indexed 2927 messages in INBOX. I am using "user1" as login name, so all autoindexed mails don't appear in search result. How can I use "user" as the username in autoindex? BTW, I do have a few mailboxes in the format user2 at virtualmail.example.com, which requires full email address as the login name. How can I autoindex emails that automatically distinguishes user1 at example.com (using "user1" as username) and user2 at virtualmail.example.com (using "user2 at virtualmail.example.com" as username) given that the previous question is solved? From stano at websupport.sk Fri Apr 11 14:07:29 2014 From: stano at websupport.sk (Pavel Stano) Date: Fri, 11 Apr 2014 16:07:29 +0200 Subject: [Dovecot] replication + attachment sis + zlib bug ? (HEAD version from xi.rename-it.nl) In-Reply-To: <534799F1.5070604@univ-rouen.fr> References: <20140410133827.26b10e68@ass> <53468DF1.2050400@univ-rouen.fr> <20140410182116.16d89d41@ass> <534799F1.5070604@univ-rouen.fr> Message-ID: <20140411160729.2589b389@ass> Yes, exactly. I look at the code and find out there is functionality for that. Dovecot store attachments in base64 format without decoding if there are longer lines with more base64 blocks (4chars). So these attachments get deduplicated but are not decoded. But it don't work if last line is buggy. I think i fixed it. It looks like it works, but i test only one mailbox. Patch attached On Fri, 11 Apr 2014 09:29:53 +0200 Gilles Chauvin wrote: > On 10/04/2014 18:21, Pavel Stano wrote: > > Hi, > > > > yes its the same problem. > > I can confirm that it is caused by last line in base64 > > attachment which is longer than 72 chars in original message. > > > > > > Hi, > > I don't know what is the current status for this issue since Timo > never responded to my two mails. A safe way to workaround this > problem could be Dovecot skipping deduplication when it encounters a > malformed base64 attachment ? > > > > Regards, > Gilles. -- [ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ] Pavel Stano | Troubleshooter http://WebSupport.sk *** BERTE A VYCHUTNAVAJTE *** -------------- next part -------------- A non-text attachment was scrubbed... Name: attachment_extractor_base64_last_line_fix Type: application/octet-stream Size: 1561 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From lee_yiu_chung at yahoo.com Fri Apr 11 14:21:11 2014 From: lee_yiu_chung at yahoo.com (lee_yiu_chung at yahoo.com) Date: Fri, 11 Apr 2014 22:21:11 +0800 Subject: [Dovecot] FTS autoindex username problem Message-ID: <5347FA57.1050602@yahoo.com> I tried to set up Solr search server according to http://wiki2.dovecot.org/Plugins/FTS/Solr, and turned on autoindexing according to http://wiki2.dovecot.org/Plugins/FTS, but I found a strange behaviour that cause server search missing some emails. Here is the login information of my mail server: login name: user1 email: user1 at example.com Now, when I turned on autoindexing, all autoindexed email are indexed using user1 at example.com as username key, as shown in maillog: dovecot: [ID 12345 mail.info] indexer-worker(user1 at example.com): Indexed 1 messages in INBOX But when I triggered on-demand indexing using IMAP server search, the emails are indexed using user1 as username key instead, as shown in maillog: dovecot: [ID 12345 mail.info] indexer-worker(user1): Indexed 1799 messages in INBOX Only the emails indexed using user1 can be searched, emails indexed using user1 at example.com cannot be found. How can I configure autoindex to index email using user1 as username key? --- (Below is a follow-up question) In my mail server config, there are a few virtual mailbox users are using the following login information instead (different auth/password backend): login name: user2 at virtmail.example.com email: user2 at virtmail.example.com In this case, how can I distinguish user1 at example.com and user2 at virtmail.example.com, so that emails for user1 at example.com can be indexed using user1 as username key, while user2 at virtmail.example.com can be indexed using user2 at virtmail.example.com as username key? From lee_yiu_chung at yahoo.com Fri Apr 11 14:25:47 2014 From: lee_yiu_chung at yahoo.com (lee_yiu_chung at yahoo.com) Date: Fri, 11 Apr 2014 22:25:47 +0800 Subject: [Dovecot] FTS autoindex username problem Message-ID: <5347FB6B.9060506@yahoo.com> I tried to set up Solr search server according to http://wiki2.dovecot.org/Plugins/FTS/Solr, and turned on autoindexing according to http://wiki2.dovecot.org/Plugins/FTS, but I found a strange behaviour that cause server search missing some emails. Here is the login information of my mail server: login name: user1 email: user1 at example.com Now, when I turned on autoindexing, all autoindexed email are indexed using user1 at example.com as username key, as shown in maillog: dovecot: [ID 12345 mail.info] indexer-worker(user1 at example.com): Indexed 1 messages in INBOX But when I triggered on-demand indexing using IMAP server search, the emails are indexed using user1 as username key instead, as shown in maillog: dovecot: [ID 12345 mail.info] indexer-worker(user1): Indexed 1799 messages in INBOX Only the emails indexed using user1 can be searched, emails indexed using user1 at example.com cannot be found. How can I configure autoindex to index email using user1 as username key? --- (Below is a follow-up question) In my mail server config, there are a few virtual mailbox users are using the following login information instead (different auth/password backend): login name: user2 at virtmail.example.com email: user2 at virtmail.example.com In this case, how can I distinguish user1 at example.com and user2 at virtmail.example.com, so that emails for user1 at example.com can be indexed using user1 as username key, while user2 at virtmail.example.com can be indexed using user2 at virtmail.example.com as username key? From lee_yiu_chung at yahoo.com Fri Apr 11 14:41:47 2014 From: lee_yiu_chung at yahoo.com (lee_yiu_chung at yahoo.com) Date: Fri, 11 Apr 2014 22:41:47 +0800 Subject: [Dovecot] FTS autoindex username problem Message-ID: <5347FF2B.6000005@yahoo.com> I tried to set up Solr search server according to http://wiki2.dovecot.org/Plugins/FTS/Solr, and turned on autoindexing according to http://wiki2.dovecot.org/Plugins/FTS, but I found a strange behaviour that cause server search missing some emails. Here is the login information of my mail server: version: 2.2.12 login name: user1 email: user1 at example.com Now, when I turned on autoindexing, all autoindexed email are indexed using user1 at example.com as username key, as shown in maillog: dovecot: [ID 12345 mail.info] indexer-worker(user1 at example.com): Indexed 1 messages in INBOX But when I triggered on-demand indexing using IMAP server search, the emails are indexed using user1 as username key instead, as shown in maillog: dovecot: [ID 12345 mail.info] indexer-worker(user1): Indexed 1799 messages in INBOX Only the emails indexed using user1 can be searched, emails indexed using user1 at example.com cannot be found. How can I configure autoindex to index email using user1 as username key? --- (Below is a follow-up question) In my mail server config, there are a few virtual mailbox users are using the following login information instead (different auth/password backend): login name: user2 at virtmail.example.com email: user2 at virtmail.example.com In this case, how can I distinguish user1 at example.com and user2 at virtmail.example.com, so that emails for user1 at example.com can be indexed using user1 as username key, while user2 at virtmail.example.com can be indexed using user2 at virtmail.example.com as username key? From morrisonli at 126.com Fri Apr 11 15:49:40 2014 From: morrisonli at 126.com (morrison) Date: Fri, 11 Apr 2014 23:49:40 +0800 (CST) Subject: [Dovecot] Feature Request: handle mail connections of the same user from a same IP using just one mail process Message-ID: <3c20ff7e.18629.145517ae856.Coremail.morrisonli@126.com> Hi, Dovecot Wiki states that mail process (IMAP/POP3) is able to handle multiple client connections as the same time to save CPU and memory resources (client_limit > 1). Although this approach is not recommended due to latency and probably security issues, it does help increase the overall capacity of a mail server. Is it possible (or planned) to add a feature such that mail client connections of the same user from a same IP are directed to a same mail process? In most cases, such connections come from a same mail client (e.g. in Thunderbird, each mailbox is a connection). The end user (human being) can work on one mailbox at a time, the latency will be non-obvious. And since all data being processed belong to the same user, security is a non-issue. Thanks, From h.reindl at thelounge.net Fri Apr 11 15:58:29 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 11 Apr 2014 17:58:29 +0200 Subject: [Dovecot] Feature Request: handle mail connections of the same user from a same IP using just one mail process In-Reply-To: <3c20ff7e.18629.145517ae856.Coremail.morrisonli@126.com> References: <3c20ff7e.18629.145517ae856.Coremail.morrisonli@126.com> Message-ID: <53481125.4070606@thelounge.net> Am 11.04.2014 17:49, schrieb morrison: > Dovecot Wiki states that mail process (IMAP/POP3) is able to handle multiple client connections as the same time to save CPU and memory resources (client_limit > 1). Although this approach is not recommended due to latency and probably security issues, it does help increase the overall capacity of a mail server. Is it possible (or planned) to add a feature such that mail client connections of the same user from a same IP are directed to a same mail process? In most cases, such connections come from a same mail client (e.g. in Thunderbird, each mailbox is a connection). The end user (human being) can work on one mailbox at a time, the latency will be non-obvious. And since all data being processed belong to the same user, security is a non-issue. http://wiki2.dovecot.org/LoginProcess "High-performance mode" is already there and no, forget the broken idea "but only the same user / ip" because you have no clue if it is a different user coming from the same IP until the connection does auth * if it does auth and it was not the same you are fucked * you can't handle the connection to a different process * even if you can - your login data are already sent "In most cases, such connections come from a same mail client" that made sense 10 or 15 years ago, these days *most cases* are mobile clients coming through carrier-grade NAT, networks behind a NAT or public access points shared by all sort of users so no - you have only two choices * performance * security any other conclusion base don a client IP is broken -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From ammdispose-dovecot at yahoo.com Fri Apr 11 16:20:43 2014 From: ammdispose-dovecot at yahoo.com (A M) Date: Sat, 12 Apr 2014 00:20:43 +0800 (SGT) Subject: [Dovecot] Will upgrade from from db4 to libdb break anything? Message-ID: <1397233243.98073.YahooMailNeo@web194604.mail.sg3.yahoo.com> Hello, I just have a minor question. (Using Fedora 16) My current dovecot (2.2.10) was compiled with db4 (4.8.30). I am thinking of recompiling same dovecot (2.2.10) with libdb (5.2.36). I will be trying on live server so just wanted to know if this will this break any indexing or anything else? (Recompiling for Heartbleed, so might as well switch db version) AM. From leeyc0 at gmail.com Fri Apr 11 16:20:47 2014 From: leeyc0 at gmail.com (=?UTF-8?B?5p2O6ICA5a6X?=) Date: Sat, 12 Apr 2014 00:20:47 +0800 Subject: [Dovecot] FTS autoindex username problem Message-ID: <5348165F.9020501@gmail.com> I tried to set up Solr search server according to http://wiki2.dovecot.org/Plugins/FTS/Solr, and turned on autoindexing according to http://wiki2.dovecot.org/Plugins/FTS, but I found a strange behaviour that cause server search missing some emails. Here is the login information of my mail server: login name: user1 email: user1 at example.com Now, when I turned on autoindexing, all autoindexed email are indexed using user1 at example.com as username key, as shown in maillog: dovecot: [ID 12345 mail.info] indexer-worker(user1 at example.com): Indexed 1 messages in INBOX But when I triggered on-demand indexing using IMAP server search, the emails are indexed using user1 as username key instead, as shown in maillog: dovecot: [ID 12345 mail.info] indexer-worker(user1): Indexed 1799 messages in INBOX Only the emails indexed using user1 can be searched, emails indexed using user1 at example.com cannot be found. How can I configure autoindex to index email using user1 as username key? --- (Below is a follow-up question) In my mail server config, there are a few virtual mailbox users are using the following login information instead (different auth/password backend): login name: user2 at virtmail.example.com email: user2 at virtmail.example.com In this case, how can I distinguish user1 at example.com and user2 at virtmail.example.com, so that emails for user1 at example.com can be indexed using user1 as username key, while user2 at virtmail.example.com can be indexed using user2 at virtmail.example.com as username key? . From leeyc0 at gmail.com Fri Apr 11 16:26:53 2014 From: leeyc0 at gmail.com (=?UTF-8?B?5p2O6ICA5a6X?=) Date: Sat, 12 Apr 2014 00:26:53 +0800 Subject: [Dovecot] FTS autoindex username problem In-Reply-To: <5348165F.9020501@gmail.com> References: <5348165F.9020501@gmail.com> Message-ID: <534817CD.7060401@gmail.com> ? 2014/4/12 ?? 12:20, ??? ??: > I tried to set up Solr search server according to http://wiki2.dovecot.org/Plugins/FTS/Solr, and > turned on autoindexing according to http://wiki2.dovecot.org/Plugins/FTS, but I found a strange > behaviour that cause server search missing some emails. > > Here is the login information of my mail server: > login name: user1 > email: user1 at example.com > > Now, when I turned on autoindexing, all autoindexed email are indexed using user1 at example.com as > username key, as shown in maillog: > > dovecot: [ID 12345 mail.info] indexer-worker(user1 at example.com): Indexed 1 messages in INBOX > > But when I triggered on-demand indexing using IMAP server search, the emails are indexed using user1 > as username key instead, as shown in maillog: > > dovecot: [ID 12345 mail.info] indexer-worker(user1): Indexed 1799 messages in INBOX > > Only the emails indexed using user1 can be searched, emails indexed using user1 at example.com cannot > be found. How can I configure autoindex to index email using user1 as username key? > > --- > (Below is a follow-up question) > > In my mail server config, there are a few virtual mailbox users are using the following login > information instead (different auth/password backend): > login name: user2 at virtmail.example.com > email: user2 at virtmail.example.com > > In this case, how can I distinguish user1 at example.com and user2 at virtmail.example.com, so that emails > for user1 at example.com can be indexed using user1 as username key, while user2 at virtmail.example.com > can be indexed using user2 at virtmail.example.com as username key? > . > Sorry for bothering you, apparently there was something wrong in my email setup that I thought the email cannot be sent out.... From huang at utsc.utoronto.ca Fri Apr 11 17:41:48 2014 From: huang at utsc.utoronto.ca (Wesley Huang) Date: Fri, 11 Apr 2014 13:41:48 -0400 Subject: [Dovecot] nfs flush/fsync config settings problem In-Reply-To: <533D6109.1030409@skye.it> References: <201401080923.35386.yebo@psg.sk> <533D1A53.6050109@skye.it> <533D5E44.80002@utsc.utoronto.ca> <533D6109.1030409@skye.it> Message-ID: <5348295C.2010308@utsc.utoronto.ca> Hi Alessio, After days sorting the Heartbleed mess, I managed to set up Debian Squeeze amd64 for the test and I'm seeing the same error message: Fatal: nfs flush requires mail_fsync=always # doveconf -n | egrep 'fsync|nfs' mail_fsync = always mail_nfs_index = yes mail_nfs_storage = yes Cheers, Wesley On 14-04-03 09:24 AM, Alessio Cecchi wrote: > Hi, > > I'm using Maildir on Debian 6 64bit, try to "grep" for "fsync" on all > configuration files. > > Try also to install the same dovecot+configuration on Debian 6. > > Let me know! > Ciao > > Il 03/04/2014 15:12, Wesley Huang ha scritto: >> Hi Alessio, >> >> I have 2.2.12 installed in Debian Wheezy amd64 server. mail_fsync is >> specified and detected. Are you using mbox or maildir or dbox? We're >> using mbox and seeing the error. >> >> # dovecot --version >> 2.2.12 >> >> # dovecot -n | grep -E 'sync|nfs' >> mail_fsync = always >> mail_nfs_index = yes >> mail_nfs_storage = yes >> >> >> # egrep 'nfs|fsync' 10-mail.conf | egrep -v '#' >> mail_fsync=always >> mail_nfs_storage = yes >> mail_nfs_index = yes >> >> # uname -r >> 3.2.0-4-amd64 >> >> Cheers, >> >> Wesley >> >> On 14-04-03 04:22 AM, Alessio Cecchi wrote: >>> Il 08/01/2014 09:23, Troton_admin ha scritto: >>>> Hi, >>>> >>>> I need to place a maildir storage on a NFS filesystem, so I set up >>>> the config like this: >>>> >>>> mmap_disable = yes >>>> mail_nfs_storage = yes >>>> mail_nfs_index = yes >>>> mail_fsync = always >>>> lock_method = dotlock (also tried fcntl - local lockd is running, no >>>> success, now using dotlock, to be sure while debugging) >>>> >>>> The problem is that Dovecot (2.2.9/2.2.10 - the relevant code in >>>> mail-index.c is the same) logs a fatal error and quits the session >>>> (no daemon crash/coredump). >>> >>> Hi, >>> >>> I have a similar configuration but with dovecot 2.2.12 and NFS for me >>> works fine. Have you insert the "mail_fsync = always" in the right >>> place? Is there only one "mail_fsync" setting in your config? First >>> check this: >>> >>> root at mx:/etc/dovecot# grep mail_fsync /etc/dovecot/ -R >>> conf.d/10-mail.conf:mail_fsync = always >>> >>> root at mx:/etc/dovecot# dovecot -n | grep -E 'sync|nfs' >>> mail_fsync = always >>> mail_nfs_index = yes >>> mail_nfs_storage = yes >>> maildir_very_dirty_syncs = yes >>> >>> # 2.2.12: /etc/dovecot/dovecot.conf >>> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.9 >>> >>> Let me know. >>> Ciao >> > > From campbell at cnpapers.com Fri Apr 11 19:32:10 2014 From: campbell at cnpapers.com (Steve Campbell) Date: Fri, 11 Apr 2014 15:32:10 -0400 Subject: [Dovecot] Still no messages from dovecot Message-ID: <5348433A.5040405@cnpapers.com> I'm still not seeing emails from the list. With help from others, I thought I had the IPs cleared since the change back in February, but apparently not. Can someone PM me and let me know what outgoing IP addresses the list is using please? steve campbell From dovecot-list at mohtex.net Sat Apr 12 01:00:40 2014 From: dovecot-list at mohtex.net (Tamsy) Date: Sat, 12 Apr 2014 08:00:40 +0700 Subject: [Dovecot] Still no messages from dovecot In-Reply-To: <5348433A.5040405@cnpapers.com> References: <5348433A.5040405@cnpapers.com> Message-ID: <53489038.50504@mohtex.net> Steve Campbell wrote the following on 12.04.2014 02:32: > I'm still not seeing emails from the list. With help from others, I > thought I had the IPs cleared since the change back in February, but > apparently not. > > Can someone PM me and let me know what outgoing IP addresses the list > is using please? > > steve campbell Dear Steve, Just tried twice to pm you the Headers of the last message from the list but those messages were also rejected by mailserver2.cnappers.net. Seems you have to fix some things to receive messages from the list: > : host mailserver2.cnpapers.net[216.12.119.162] > said: 550 5.7.1 Access denied (in reply to MAIL FROM command) > Apr 12 02:51:30 ns1 postfix/smtp[9177]: 5ACDA300AC262: > to=, > relay=mailserver2.cnpapers.net[216.12.119.162]:25, delay=0.76, > delays=0.07/0.01/0.57/0.11, dsn=5.7.1, status=bounced (host > mailserver2.cnpapers.net[216.12.119.162] said: 550 5.7.1 Access denied > (in reply to MAIL FROM command)) -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x5DC8E7D9.asc Type: application/pgp-keys Size: 1733 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From itgeek31 at googlemail.com Sat Apr 12 16:35:03 2014 From: itgeek31 at googlemail.com (IT geek 31) Date: Sat, 12 Apr 2014 18:35:03 +0200 Subject: [Dovecot] Quick win... command to remove all attachments from an Inbox Message-ID: Good evening all, Does anyone know of a doveadm command I can use to remove (delete) all attachments from an mdbox Inbox? I prefer to save my attachments and have a sleek Inbox... but sometimes I forget. A command I can feed into a cron job would be ideal. Many thanks, -Mark From leeyc0 at gmail.com Sun Apr 13 06:43:01 2014 From: leeyc0 at gmail.com (leeyc0) Date: Sun, 13 Apr 2014 14:43:01 +0800 Subject: [Dovecot] FTS autoindex username problem In-Reply-To: <5348165F.9020501@gmail.com> References: <5348165F.9020501@gmail.com> Message-ID: <534A31F5.7030708@gmail.com> I think I found the reason. It seems to be related to LMTP delivery, the LMTP recipient email address seems to be used as the autoindex user, if it is the reason then things would be very complicated, I will have to figure how to workaround this. Thank you for my bothering. ? 2014/4/12 ?? 12:20, ??? ??: > I tried to set up Solr search server according to http://wiki2.dovecot.org/Plugins/FTS/Solr, and > turned on autoindexing according to http://wiki2.dovecot.org/Plugins/FTS, but I found a strange > behaviour that cause server search missing some emails. > > Here is the login information of my mail server: > login name: user1 > email: user1 at example.com > > Now, when I turned on autoindexing, all autoindexed email are indexed using user1 at example.com as > username key, as shown in maillog: > > dovecot: [ID 12345 mail.info] indexer-worker(user1 at example.com): Indexed 1 messages in INBOX > > But when I triggered on-demand indexing using IMAP server search, the emails are indexed using user1 > as username key instead, as shown in maillog: > > dovecot: [ID 12345 mail.info] indexer-worker(user1): Indexed 1799 messages in INBOX > > Only the emails indexed using user1 can be searched, emails indexed using user1 at example.com cannot > be found. How can I configure autoindex to index email using user1 as username key? > > --- > (Below is a follow-up question) > > In my mail server config, there are a few virtual mailbox users are using the following login > information instead (different auth/password backend): > login name: user2 at virtmail.example.com > email: user2 at virtmail.example.com > > In this case, how can I distinguish user1 at example.com and user2 at virtmail.example.com, so that emails > for user1 at example.com can be indexed using user1 as username key, while user2 at virtmail.example.com > can be indexed using user2 at virtmail.example.com as username key? > . > > From leeyc0 at gmail.com Fri Apr 11 14:00:29 2014 From: leeyc0 at gmail.com (lee_yiu_chung@yahoo.com) Date: Fri, 11 Apr 2014 22:00:29 +0800 Subject: [Dovecot] FTS autoindex problem Message-ID: <5347F57D.7030903@yahoo.com> I tried to implement a solr search server, but I found some unexpected behaviour when I turn on autoindex according to http://wiki2.dovecot.org/Plugins/FTS. I found that all autoindexed email are using "user1 at example.com" as username, as shown in maillog: indexer-worker(user1 at example.com): Indexed 1 messages in INBOX However, all manually indexed email (triggered by IMAP server search) are using "user1" as username, as shown in maillog: indexer-worker(user1): Indexed 2927 messages in INBOX. I am using "user1" as login name, so all autoindexed mails don't appear in search result. How can I use "user" as the username in autoindex? BTW, I do have a few mailboxes in the format user2 at virtualmail.example.com, which requires full email address as the login name. How can I autoindex emails that automatically distinguishes user1 at example.com (using "user1" as username) and user2 at virtualmail.example.com (using "user2 at virtualmail.example.com" as username) given that the previous question is solved? From kcmohan at gmail.com Mon Apr 14 02:04:52 2014 From: kcmohan at gmail.com (K. C. Mohan) Date: Sun, 13 Apr 2014 22:04:52 -0400 Subject: [Dovecot] integration of old mails into new dovecot Maildir In-Reply-To: <53466ed9.06e10e0a.3924.137aSMTPIN_ADDED_BROKEN@mx.google.com> References: <00f301cf5336$8ed24cc0$ac76e640$@gmail.com> <53466ed9.06e10e0a.3924.137aSMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: <8856D0A68D31437EBC435D5725621D44@DellNB> Thank you Steffen, for addressing my problem of migrating old mails into new mail server. I went through the article you pointed to but could not succueed. I will appreciate if you could guide me to step by step process to migrate the mails. My old mail server used 2.x dovecot version. K. C. Mohan -----Original Message----- From: Steffen Kaiser Sent: Thursday, April 10, 2014 6:14 AM To: K. C. Mohan - Personal s Cc: dovecot at dovecot.org Subject: Re: [Dovecot] integration of old mails into new dovecot Maildir -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 8 Apr 2014, K. C. Mohan - Personal wrote: > I just installed dovecot 2.2.9 on to a new server and want to transfer all > the old mails into the email accounts I imported from the previous server > into MySQL database. I am not able to view the subfolders and or old mails > that I copied into their respective maildir folders. I was very much > appreciate if anyone could let me know how to import old mails into the > new > server. All I see, is the new mails that have come into the account since > I > started dovecot service in the new server. Check out http://wiki2.dovecot.org/Migration . Read esp. about "preserving messages' UIDs". If the old server uses Maildir, too, and you don't care about the UIDs, copy the files over and you are done. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU0Zu/3D1/YhP6VMHAQKO0QgA7v5CowgoagbvEC3S0XI3k3QUHlsUczLE 38MedNzPw8cc69OHwzWxfxDiuCU2g2Q+Bv1vKMp+7aY2e9nCwUKcT0tOZGf7Nxrw IDG5dJbRtQSwTSOOvHSj1/SLY/tbYB71NkAPZl3XunFKcbkGl2BYKDfj+BuZ+WMZ pDj6B9S8GuV7BJNWlP4fRaHyrGDwfYuUmj1bTEoNuAFFPW11HfAwxRUQgnOKU9GJ zxERX2Tg7+Xj/RM49InQd8qqczYjsNte6M58a+6dwStGkPK4y0XD8nwsH8r4skvN utKKG+dRln+94oVnSG8WNNKpVmZt8K9oNHWq1CxVRIoqu2tUmppr0g== =qQnO -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Mon Apr 14 06:18:23 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 14 Apr 2014 08:18:23 +0200 (CEST) Subject: [Dovecot] integration of old mails into new dovecot Maildir In-Reply-To: <8856D0A68D31437EBC435D5725621D44@DellNB> References: <00f301cf5336$8ed24cc0$ac76e640$@gmail.com> <53466ed9.06e10e0a.3924.137aSMTPIN_ADDED_BROKEN@mx.google.com> <8856D0A68D31437EBC435D5725621D44@DellNB> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 13 Apr 2014, K. C. Mohan wrote: Please, do not top post. > Thank you Steffen, for addressing my problem of migrating old mails into new > mail server. I went through the article you pointed to but could not > succueed. I will appreciate if you could guide me to step by step process to > migrate the mails. My old mail server used 2.x dovecot version. you post very little information: 1) how are the messages storred on the old server, which storage backend do you use, maybe Maildir? 2) the storage backend on the new server? 3) do you care about the message UIDs? 4) How many users do you have (approx.) and can you access the user's mailboxes via IMAP, e.g. using a master user or do you know their password or can you switch to a known password during migration of one particular user? 5) Did you've changed namespaces? - From your first post I figure that the basic mail server functionality of the new server is working, most importantly login, message delivery and retrieval. > -----Original Message----- From: Steffen Kaiser > Sent: Thursday, April 10, 2014 6:14 AM > To: K. C. Mohan - Personal s > Cc: dovecot at dovecot.org > Subject: Re: [Dovecot] integration of old mails into new dovecot Maildir > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 8 Apr 2014, K. C. Mohan - Personal wrote: > >> I just installed dovecot 2.2.9 on to a new server and want to transfer all >> the old mails into the email accounts I imported from the previous server >> into MySQL database. I am not able to view the subfolders and or old mails >> that I copied into their respective maildir folders. I was very much >> appreciate if anyone could let me know how to import old mails into the new >> server. All I see, is the new mails that have come into the account since I >> started dovecot service in the new server. > > Check out http://wiki2.dovecot.org/Migration . Read esp. about "preserving > messages' UIDs". > > If the old server uses Maildir, too, and you don't care about the UIDs, > copy the files over and you are done. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU0t9r3D1/YhP6VMHAQL21wgAx1GgDwQDWwDMPxbMQ+1vR3i7dsyUk5jm PNmRigoV8qylbn2AuZ1YMxGN2wEZfSl2zi/j2CtSEUX+d9LOf+lvI9V8zXkvSHT6 jYEHwuIQACjPUxWmh7x8XelvQvZHB9PEH56z8eJhkgyVxpae8Rbb1EHurvmxckef O0fdmCIglXJdJJ+B9WZ7JZVsB3M6PFFsllizS17+Hus6O2NeVaszLa7o7bk5XInD m+Co4e4sCVphVlssHRCIRa8Lj6nDC+D6g3RjCR+n0rVREXRbvEcSQPerEAqrZhf8 HB46x3V3n6C2fEu7RNWLB0+DzglHLBI5p9ZqAjJRMr3D9Xy9L5SKlQ== =IH25 -----END PGP SIGNATURE----- From alessio at skye.it Mon Apr 14 06:58:03 2014 From: alessio at skye.it (Alessio Cecchi) Date: Mon, 14 Apr 2014 08:58:03 +0200 Subject: [Dovecot] Feature Request: handle mail connections of the same user from a same IP using just one mail process In-Reply-To: <3c20ff7e.18629.145517ae856.Coremail.morrisonli@126.com> References: <3c20ff7e.18629.145517ae856.Coremail.morrisonli@126.com> Message-ID: <534B86FB.9040200@skye.it> Il 11/04/2014 17:49, morrison ha scritto: > Hi, > > Dovecot Wiki states that mail process (IMAP/POP3) is able to handle multiple client connections as the same time to save CPU and memory resources (client_limit > 1). Although this approach is not recommended due to latency and probably security issues, it does help increase the overall capacity of a mail server. Is it possible (or planned) to add a feature such that mail client connections of the same user from a same IP are directed to a same mail process? In most cases, such connections come from a same mail client (e.g. in Thunderbird, each mailbox is a connection). The end user (human being) can work on one mailbox at a time, the latency will be non-obvious. And since all data being processed belong to the same user, security is a non-issue. > > Thanks, > > > Hi, a features like this should be added: https://fosdem.org/2014/interviews/2014-timo-sirainen/ ===== The ability to save/restore IMAP connection state. This would allow getting rid of most of the long running memory-hungry idling IMAP processes by keeping the connections in a small number of IMAP-idle processes where they wait for something to happen. This also allows moving IMAP connections between servers. This could also improve performance of some webmail systems by having the webmail server remember the state as a string and then be able to quickly restore it with another IMAP command. ===== -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz Cloud Email Hosting -> http://www.qboxmail.com @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From bind at enas.net Mon Apr 14 09:06:29 2014 From: bind at enas.net (Urban Loesch) Date: Mon, 14 Apr 2014 11:06:29 +0200 Subject: [Dovecot] POP3: Panic: Trying to allocate 0 bytes Message-ID: <534BA515.4060001@enas.net> Hi, today I upgraded one of our dovecot servers from 2.117 to version 2.2.12 under Debian Squeeze. After the upgrade I got many of the following errors for pop3 users. My logfile shows: ... Apr 14 09:28:05 mailstore dovecot: pop3(user at domain.net pid:39688 session:): Panic: Trying to allocate 0 bytes Apr 14 09:28:05 mailstore dovecot: pop3(user at domain.net pid:39688 session:): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x6bb0a) [0x7f1ae9a18b0a] -> /usr/lib/dovecot/libdovecot. so.0(+0x6bb86) [0x7f1ae9a18b86] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f1ae99d1e8f] -> /usr/lib/dovecot/libdovecot.so.0(+0x8148b) [0x7f1ae9a2e48b] -> dovecot/pop3() [0x4077f0] -> dovecot/pop3(client_command_execute+0x9d) [0x4 07d0d] -> dovecot/pop3(client_handle_input+0x80) [0x405810] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x4e) [0x7f1ae9a28d2e] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xaf) [0x7f1ae9a29e9f] -> /usr/lib/do vecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x7f1ae9a28db9] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f1ae9a28e38] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f1ae99d6c43] -> dovecot/pop3(main+0x2 57) [0x404a67] -> /lib/libc.so.6(__libc_start_main+0xfd) [0x7f1ae9669c8d] -> dovecot/pop3() [0x4045b9] Apr 14 09:28:05 mailstore dovecot: pop3(user at domain.net pid:39688 session:): Fatal: master: service(pop3): child 39688 killed with signal 6 (core dumps disabled) .... Have you any idea what the error could be? As this is a production server I switched back to version 2.1.17. Many thanks Urban Loesch doveconf -n: # 2.2.12 (978871ca81e7): /etc/dovecot/dovecot.conf # OS: Linux 3.4.67-vs2.3.3.9-rol-em64t-efigpt x86_64 Debian 6.0.9 ext4 auth_cache_negative_ttl = 0 auth_cache_size = 40 M auth_cache_ttl = 1 weeks auth_mechanisms = plain login auth_verbose = yes deliver_log_format = msgid=%m: %$ %p %w disable_plaintext_auth = no login_trusted_networks = $INTERNAL_IPS mail_gid = mailstore mail_location = mdbox:/home/vmail/%d/%n:INDEX=/home/dovecotindex/%d/%n mail_log_prefix = "%s(%u pid:%p session:<%{session}>): " mail_plugins = " quota mail_log notify zlib" mail_uid = mailstore managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify mdbox_rotate_size = 10 M namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Items" { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-sql-account.conf driver = sql } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size from mail_log_group_events = no quota = dict:Storage used::file:%h/dovecot-quota quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_max_redirects = 10 zlib_save = gz zlib_save_level = 9 } protocols = imap pop3 lmtp sieve service auth { unix_listener auth-userdb { group = mailstore mode = 0660 user = root } } service imap-login { inet_listener imap { port = 143 } process_limit = 256 process_min_avail = 25 service_count = 1 } service imap { process_limit = 256 process_min_avail = 25 service_count = 1 } service lmtp { inet_listener lmtp { address = * port = 24 } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service pop3-login { inet_listener pop3 { port = 110 } process_limit = 256 process_min_avail = 25 service_count = 1 } service pop3 { process_limit = 256 process_min_avail = 25 service_count = 1 } service quota-warning { executable = script /usr/local/rol/dovecot/quota-warning.sh unix_listener quota-warning { user = mailstore } user = mailstore } ssl = no ssl_cert = mail_max_userip_connections = 40 mail_plugins = " quota mail_log notify zlib imap_quota imap_zlib" } protocol pop3 { mail_plugins = " quota mail_log notify zlib" pop3_logout_format = bytes_sent=%o top=%t/%p, retr=%r/%b, del=%d/%m, size=%s uidl_hash=%u session=<%{session}> pop3_reuse_xuidl = yes } From axel.luttgens at skynet.be Mon Apr 14 14:48:30 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Mon, 14 Apr 2014 16:48:30 +0200 Subject: [Dovecot] About the "nologin" extra field Message-ID: <04F2CC14-A37C-4C84-9283-5D2AF9726EFF@skynet.be> Hello, While experimenting with the "nologin" extra field, I met a possibly overlooked behavior. Let's suppose the user database has those two columns: enabled: the user may/may not login (account active/not active) nologin: NULL if the mailbox is available, '!' if it is currently suspended (for maintenance reasons) The password_query: password_query = SELECT password, nologin, 'Maintenance' || nologin AS reason, [...] FROM [...] WHERE [...] AND enabled [...] Let's then experiment with pop connections. With: enabled set to false, nologin set to '!' the right password provided, following reply is emitted after an authentication failure delay: -ERR [AUTH] Authentication failed. So, as expected, the nologin value behaves as a "don't care" one. With: enabled set to true, nologin set to '!', the right password provided, following output is immediately emitted: -ERR [AUTH] Maintenance! Again, this is the kind of behavior I was expecting. With: enabled set to true, nologin set to '!', an incorrect password provided, there's the failure delay but the output still is: -ERR [AUTH] Maintenance! Here, I'm a bit dubitative... ;-) The delay seems to make the code's intent clear: to act as in the case of an authentication failure. But, notwithstanding the somewhat misleading explanation provided to a legitimate user with such a reply, isn't one unduly disclosing information about an account existence? Is this supposed to behave that way? If yes, what's the rationale? TIA, Axel From kcmohan at gmail.com Mon Apr 14 18:23:59 2014 From: kcmohan at gmail.com (K. C. Mohan - Personal) Date: Mon, 14 Apr 2014 14:23:59 -0400 Subject: [Dovecot] integration of old mails into new dovecot Maildir In-Reply-To: <534b7d87.c4e00e0a.3108.ffffb3d0SMTPIN_ADDED_BROKEN@mx.google.com> References: <00f301cf5336$8ed24cc0$ac76e640$@gmail.com> <53466ed9.06e10e0a.3924.137aSMTPIN_ADDED_BROKEN@mx.google.com> <8856D0A68D31437EBC435D5725621D44@DellNB> <534b7d87.c4e00e0a.3108.ffffb3d0SMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: <026501cf580e$b6f1a570$24d4f050$@gmail.com> Thank you for your prompt reply and timely help. I will try to be very explanative in describing my situation. I will begin first with answering the questions you asked; 1) how are the messages storred on the old server, which storage backend do you use, maybe Maildir? Yes, Maildir. Dovecot version is 2.1.7. Virtual users are authenticated by mysql backend. Login is plain login. 2) the storage backend on the new server? Maildir. Dovecot Version 2.2.9. Mysql virtual users authentication. Plain login 3) do you care about the message UIDs? I Would like to preserve the UIDs as much as possible. However, the most important thing is for the users to have access to their old emails. 4) How many users do you have (approx.) and can you access the user's mailboxes via IMAP, e.g. using a master user or do you know their password or can you switch to a known password during migration of one particular user? I have about 50 total users. I can access their mailboxes via imap but I don't have their password handy. Mysql database with the userdata and passwords was imported into the new new server so, the users can get authenticated into the new server with the old server password. 5) Did you've changed namespaces? No. I did not change namespaces. - From your first post I figure that the basic mail server functionality of the new server is working, most importantly login, message delivery and retrieval. Yes, the new server is functional and all the users are able to log in, view delivered messages and retrieve the messages into their mail clients. However, they cannot view any old messages or retrieve any old messages. Here is the dovecot.conf of the old mail server; protocols = imap pop3 log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/var/vmail/%d/%n mail_privileged_group = mail first_valid_uid = 6060 ssl_cert= was automatically rejected:%n%r%n%nThe Subject of your message was: %s auth_socket_path = /var/run/dovecot/auth-master log_path = /var/log/dovecot-deliver.log postmaster_address = postmaster at sbm1.motherindia.com # sieve_path = /var/sieve/global.sieve } auth_mechanisms = plain login cram-md5 auth_debug = no auth_debug_passwords = yes auth_verbose = no auth_verbose_passwords = no disable_plaintext_auth = no instance_name = dovecot login_greeting = Dovecot ready. mail_debug = no passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } -----Original Message----- From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] Sent: Monday, April 14, 2014 2:18 AM To: K. C. Mohan Cc: dovecot at dovecot.org Subject: Re: [Dovecot] integration of old mails into new dovecot Maildir -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 13 Apr 2014, K. C. Mohan wrote: Please, do not top post. > Thank you Steffen, for addressing my problem of migrating old mails > into new mail server. I went through the article you pointed to but > could not succueed. I will appreciate if you could guide me to step by > step process to migrate the mails. My old mail server used 2.x dovecot version. you post very little information: 1) how are the messages storred on the old server, which storage backend do you use, maybe Maildir? 2) the storage backend on the new server? 3) do you care about the message UIDs? 4) How many users do you have (approx.) and can you access the user's mailboxes via IMAP, e.g. using a master user or do you know their password or can you switch to a known password during migration of one particular user? 5) Did you've changed namespaces? - From your first post I figure that the basic mail server functionality of the new server is working, most importantly login, message delivery and retrieval. I have attached both the old and new servers configuration files as .txt attachments. > -----Original Message----- From: Steffen Kaiser > Sent: Thursday, April 10, 2014 6:14 AM > To: K. C. Mohan - Personal s > Cc: dovecot at dovecot.org > Subject: Re: [Dovecot] integration of old mails into new dovecot > Maildir > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 8 Apr 2014, K. C. Mohan - Personal wrote: > >> I just installed dovecot 2.2.9 on to a new server and want to >> transfer all the old mails into the email accounts I imported from >> the previous server into MySQL database. I am not able to view the >> subfolders and or old mails that I copied into their respective >> maildir folders. I was very much appreciate if anyone could let me >> know how to import old mails into the new server. All I see, is the >> new mails that have come into the account since I started dovecot service in the new server. > > Check out http://wiki2.dovecot.org/Migration . Read esp. about > "preserving messages' UIDs". > > If the old server uses Maildir, too, and you don't care about the > UIDs, copy the files over and you are done. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU0t9r3D1/YhP6VMHAQL21wgAx1GgDwQDWwDMPxbMQ+1vR3i7dsyUk5jm PNmRigoV8qylbn2AuZ1YMxGN2wEZfSl2zi/j2CtSEUX+d9LOf+lvI9V8zXkvSHT6 jYEHwuIQACjPUxWmh7x8XelvQvZHB9PEH56z8eJhkgyVxpae8Rbb1EHurvmxckef O0fdmCIglXJdJJ+B9WZ7JZVsB3M6PFFsllizS17+Hus6O2NeVaszLa7o7bk5XInD m+Co4e4sCVphVlssHRCIRa8Lj6nDC+D6g3RjCR+n0rVREXRbvEcSQPerEAqrZhf8 HB46x3V3n6C2fEu7RNWLB0+DzglHLBI5p9ZqAjJRMr3D9Xy9L5SKlQ== =IH25 -----END PGP SIGNATURE----- --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: new_server_dovecot.conf.txt URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: Old_server_dovecot.conf.txt URL: From bourek at thinline.cz Mon Apr 14 21:32:34 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Mon, 14 Apr 2014 23:32:34 +0200 Subject: [Dovecot] integration of old mails into new dovecot Maildir In-Reply-To: <026501cf580e$b6f1a570$24d4f050$@gmail.com> References: <00f301cf5336$8ed24cc0$ac76e640$@gmail.com> <53466ed9.06e10e0a.3924.137aSMTPIN_ADDED_BROKEN@mx.google.com> <8856D0A68D31437EBC435D5725621D44@DellNB> <534b7d87.c4e00e0a.3108.ffffb3d0SMTPIN_ADDED_BROKEN@mx.google.com> <026501cf580e$b6f1a570$24d4f050$@gmail.com> Message-ID: <534C53F2.6010303@thinline.cz> > > Yes, the new server is functional and all the users are able to log in, view > delivered messages and retrieve the messages into their mail clients. > However, they cannot view any old messages or retrieve any old messages. > If I wanted to do this, I'd probably use something along these lines: - get IMAP access to your users' mailboxes. No need to know their passwords, you can set up master user for that, see wiki: http://wiki2.dovecot.org/Authentication/MasterUsers (this needs to be set up on the old server) - run this command on new server. (Let's say your master user is called "admin" and you set auth_master_user_separator = * ) doveadm -o plugin/sieve_dir= \ -o imapc_user=user at example.org*admin \ -o imapc_password=adminspassword \ -o imapc_host=oldbox.example.org \ -o imapc_ssl=starttls \ -o imapc_ssl_verify=yes \ -o ssl_client_ca_dir=/etc/ssl/ \ -o mail_fsync=never \ import -u user at example.org imapc: "" mailbox inbox (Rinse and repeat for every user, the only thing that changes between runs is username in imapc_user=xxx and -u xxx) This command uses Dovecot's builtin IMAP client to connect to your old server, downloads messages and stores them into specified user's mailbox on new server. New mail should be preserved in the process, so should messages' UIDs. It's pretty much the same as described here - http://wiki2.dovecot.org/Migration/Dsync - you just use import instead of dsync (from my experience dsync doesn't do what you need in this scenario.) The -o plugin/sieve_dir= line prevents Dovecot from trying to import Sieve scripts (which doesn't work for me, they're not writable in my setup and doveadm segfaults.) If you don't use sieve plugin or you can import Sieve scripts this way, you can omit that. Rest of parameters is pretty straightforward, see man doveadm-import for explanations. You can use "ALL" instead of "mailbox inbox" to import messages from all IMAP folders (add -s parameter in that case) And of course - this is pretty much untested (tried on one mailbox), so use on your own risk. From bluewind at xinu.at Mon Apr 14 17:49:07 2014 From: bluewind at xinu.at (Florian Pritz) Date: Mon, 14 Apr 2014 19:49:07 +0200 Subject: [Dovecot] imap process and indexer-worker crash while creating folders In-Reply-To: <0Lwoiq-1X6if81Ki8-016QZC@mail.gmx.com> References: <0Lwoiq-1X6if81Ki8-016QZC@mail.gmx.com> Message-ID: <534C1F93.9090702@xinu.at> Hi, I just noticed a similar crash (well same assertion at least) on my production server. No idea what the user did, but I know it's a normal client, not some kind of script. Since I don't know what the user did I can't reproduce the problem, but I figured dropping a note won't hurt. I'm running dovecot 2.2.11 on Arch Linux with ext4, config and backtraces below. PS: I'm not subscribed to the list, please make sure to CC me on replies. Thanks, Florian ### > Apr 14 09:49:29 karif dovecot: imap(user): Panic: file mail-index-transaction-export.c: line 117 (log_append_ext_intro): assertion failed: (intro->ext_id == idx || idx == (uint32_t)-1) > Apr 14 09:49:29 karif dovecot: imap(user): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x67450) [0x7f842e6c2450] -> /usr/lib/dovecot/libdovecot.so.0(+0x6752e) [0x7f842e6c252e] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f842e67d47e] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0xba112) [0x7f842e9e8112] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_transaction_export+0x200) [0x7f842e9e85e0] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0xb979f) [0x7f842e9e779f] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_transaction_commit_full+0x9d) [0x7f842e9e7bfd] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_transaction_commit+0xc) [0x7f842e9e7c9c] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x3e25a) [0x7f842e96c25a] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x3e4bc) [0x7f842e96c4bc] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x90e45) [0x7f842e9bee45] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_get_metadata+0x95) [0x7f842e9ab595] -> /us r/lib/dovecot/libdovecot-storage.so.0(mailbox_list_index_sync_name+0x2a4) [0x7f842e9bf754] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_list_index_sync+0x10a) [0x7f842e9bfd7a] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_list_index_refresh+0x9e) [0x7f842e9bac8e] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x90292) [0x7f842e9be292] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x90f9b) [0x7f842e9bef9b] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31) [0x7f842e9ab4b1] -> dovecot/imap(imap_status_get+0x67) [0x41d5d7] -> dovecot/imap(cmd_status+0x123) [0x413133] -> dovecot/imap(command_exec+0x3c) [0x4170ec] -> dovecot/imap() [0x41614f] -> dovecot/imap() [0x416205] -> dovecot/imap(client_handle_input+0x115) [0x416505] -> dovecot/imap(client_input+0x72) [0x416892] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27) [0x7f842e6d2527] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7) [0x7f842e6d32b7] -> /usr/lib/dovecot/libdovecot.so.0(io_loo p_run+0x38) [0x7f842e6d20c8] > Apr 14 09:49:29 karif dovecot: imap(user): Fatal: master: service(imap): child 20156 killed with signal 6 (core dumped) backtrace from a core dump below, sadly it doesn't contain much information since the dovecot build I'm running stripped. > #0 0x00007f842e2e8389 in raise () from /usr/lib/libc.so.6 > #1 0x00007f842e2e9788 in abort () from /usr/lib/libc.so.6 > #2 0x00007f842e6c2446 in ?? () from /usr/lib/dovecot/libdovecot.so.0 > #3 0x00007f842e6c252e in ?? () from /usr/lib/dovecot/libdovecot.so.0 > #4 0x00007f842e67d47e in i_panic () from /usr/lib/dovecot/libdovecot.so.0 > #5 0x00007f842e9e8112 in ?? () from /usr/lib/dovecot/libdovecot-storage.so.0 > #6 0x00007f842e9e85e0 in mail_index_transaction_export () from /usr/lib/dovecot/libdovecot-storage.so.0 > #7 0x00007f842e9e779f in ?? () from /usr/lib/dovecot/libdovecot-storage.so.0 > #8 0x00007f842e9e7bfd in mail_index_transaction_commit_full () from /usr/lib/dovecot/libdovecot-storage.so.0 > #9 0x00007f842e9e7c9c in mail_index_transaction_commit () from /usr/lib/dovecot/libdovecot-storage.so.0 > #10 0x00007f842e96c25a in ?? () from /usr/lib/dovecot/libdovecot-storage.so.0 > #11 0x00007f842e96c4bc in ?? () from /usr/lib/dovecot/libdovecot-storage.so.0 > #12 0x00007f842e9bee45 in ?? () from /usr/lib/dovecot/libdovecot-storage.so.0 > #13 0x00007f842e9ab595 in mailbox_get_metadata () from /usr/lib/dovecot/libdovecot-storage.so.0 > #14 0x00007f842e9bf754 in mailbox_list_index_sync_name () from /usr/lib/dovecot/libdovecot-storage.so.0 > #15 0x00007f842e9bfd7a in mailbox_list_index_sync () from /usr/lib/dovecot/libdovecot-storage.so.0 > #16 0x00007f842e9bac8e in mailbox_list_index_refresh () from /usr/lib/dovecot/libdovecot-storage.so.0 > #17 0x00007f842e9be292 in ?? () from /usr/lib/dovecot/libdovecot-storage.so.0 > #18 0x00007f842e9bef9b in ?? () from /usr/lib/dovecot/libdovecot-storage.so.0 > #19 0x00007f842e9ab4b1 in mailbox_get_status () from /usr/lib/dovecot/libdovecot-storage.so.0 > #20 0x000000000041d5d7 in imap_status_get () > #21 0x0000000000413133 in cmd_status () > #22 0x00000000004170ec in command_exec () > #23 0x000000000041614f in ?? () > #24 0x0000000000416205 in ?? () > #25 0x0000000000416505 in client_handle_input () > #26 0x0000000000416892 in client_input () > #27 0x00007f842e6d2527 in io_loop_call_io () from /usr/lib/dovecot/libdovecot.so.0 > #28 0x00007f842e6d32b7 in io_loop_handler_run () from /usr/lib/dovecot/libdovecot.so.0 > #29 0x00007f842e6d20c8 in io_loop_run () from /usr/lib/dovecot/libdovecot.so.0 > #30 0x00007f842e682683 in master_service_run () from /usr/lib/dovecot/libdovecot.so.0 > #31 0x000000000040b44f in main () config: > # 2.2.11: /etc/dovecot/dovecot.conf > # OS: Linux 3.13.8-1-ARCH x86_64 Arch Linux > auth_mechanisms = plain login > auth_username_format = %Ln > login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k > mail_location = mdbox:~/.mdbox > mail_plugins = " zlib notify mail_log" > mailbox_list_index = yes > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > namespace inbox { > hidden = no > inbox = yes > list = yes > location = > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Junk { > auto = subscribe > special_use = \Junk > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > separator = . > type = private > } > passdb { > driver = pam > } > plugin { > mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename > mail_log_fields = uid box msgid size > sieve = ~/.dovecot.sieve > sieve_dir = ~/.sieve > sieve_global_dir = /etc/dovecot/sieve/global/ > sieve_global_path = /etc/dovecot/sieve/default.sieve > zlib_save = gz > zlib_save_level = 6 > } > protocols = imap pop3 sieve lmtp > service auth { > unix_listener auth-client { > group = postfix > mode = 0660 > user = postfix > } > user = root > } > service imap-login { > process_limit = 400 > process_min_avail = 5 > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0660 > user = postfix > } > } > service managesieve-login { > inet_listener sieve-obsolete { > port = 2000 > } > } > ssl_cert = ssl_cipher_list = DHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-ECDSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES256-SHA256:DHE-ECDSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ALL:!LOW:!SSLv2:!EXP:!aNULL > ssl_key = userdb { > driver = passwd > } > protocol imap { > imap_client_workarounds = tb-extra-mailbox-sep > mail_max_userip_connections = 30 > mail_plugins = " zlib notify mail_log" > } > protocol lda { > mail_plugins = " zlib notify mail_log sieve" > postmaster_address = postmaster at server-speed.net > } > protocol lmtp { > mail_plugins = " zlib notify mail_log sieve" > postmaster_address = postmaster at server-speed.net > } > protocol sieve { > managesieve_logout_format = bytes ( in=%i : out=%o ) > } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From skdovecot at smail.inf.fh-brs.de Tue Apr 15 07:46:57 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 15 Apr 2014 09:46:57 +0200 (CEST) Subject: [Dovecot] integration of old mails into new dovecot Maildir In-Reply-To: <026501cf580e$b6f1a570$24d4f050$@gmail.com> References: <00f301cf5336$8ed24cc0$ac76e640$@gmail.com> <53466ed9.06e10e0a.3924.137aSMTPIN_ADDED_BROKEN@mx.google.com> <8856D0A68D31437EBC435D5725621D44@DellNB> <534b7d87.c4e00e0a.3108.ffffb3d0SMTPIN_ADDED_BROKEN@mx.google.com> <026501cf580e$b6f1a570$24d4f050$@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 14 Apr 2014, K. C. Mohan - Personal wrote: > 1) how are the messages storred on the old server, which storage > backend do you use, maybe Maildir? > > Yes, Maildir. Dovecot version is 2.1.7. > > 2) the storage backend on the new server? > > Maildir. Dovecot Version 2.2.9. Mysql virtual users > authentication. Plain login As both are Maildir from Dovecot, you can copy all the Maildir hierarchie 1:1 to the new server. Dovecot upgrades them automatically most of the time. I did so from Dovecot v1.x to v2.2 with almost no problem. To keep the UIDs for POP3, ensure the same: pop3_uidl_format = %08Xu%08Xv is used on the new server. If you already got new messages on the new server, you can think about: a) migration, e.g. as Jiri pointed out b) merge both Maildirs, but remove all "new" control files dovecot*, keep only the old ones. That way the new messages will be added to the old store by getting new UIDs. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU0zj8XD1/YhP6VMHAQKaXAgAqAXaBTDNvDWh3Yl56UrA5InEJ+E5UfiX l9qwWTDrjneGxN6CHNmA8+VRACcZDa9Ha2oEnbfjE4ZosHK29cGzr846bwGKHv0T Jmo2BMs/yz0psSXXf4p/46rXckQaK5HAvJTozdoRHK84OGjbTfjI2QCE/xdnrWXb vH/wsFw5W7/hi+sSAXsFBmGkzm4Opig3V+aSQFSswlKgzUAB2H3nHlz18XObNPTK GGjB2YV6OM0x8F87E/wgapxv4jHd48kArvDWabv9FygDQziVSggKFeQnrjgGuVZM wlL7m1YgC1x0fGXPnYpO0gg5o0wD9X6nCStmeKKigmGwhRTvAgWc/w== =QKGI -----END PGP SIGNATURE----- From rblists at gmail.com Tue Apr 15 11:32:19 2014 From: rblists at gmail.com (Raphael Bauduin) Date: Tue, 15 Apr 2014 13:32:19 +0200 Subject: [Dovecot] migration advice Message-ID: Hi, I am preparing a migration from courier-imap to dovecot. The maildir is in each user's home directory, and /home is mounted by NFS. All this running in a kvm virtual machine. My plan would be to create a new virtual machine (with another IP) with dovecot, mounting the same /home, and switching a couple of users to dovecot for testing purpose. If the tests go well, I would then migrate the other users and assign the IP address of the courier imap kvm to the dovecote kvm. Does that make sense? Or can it be problematic to have some users switched to dovecot while their maildir directory is still accessible to courier-imap? Looking forward to reading your feedback, thanks in advance! Raph From flokli at flokli.de Tue Apr 15 13:35:23 2014 From: flokli at flokli.de (Florian Klink) Date: Tue, 15 Apr 2014 15:35:23 +0200 Subject: [Dovecot] Segmentation fault running doveadm index (lucene) on a big mailbox Message-ID: Hi, on a server running dovecot 2.2.12 I have a user with a quite big mailbox (~37000 Mails in the INBOX). I tried to enable full text search using the fts_lucene backend (dovecot 2.2.12). However, the `doveadm -v index -u INBOX` always runs into a segmentation fault after mail number 24200: I tried to get a backtrace using gdb: doveadm(): Info: INBOX: Caching mails seq=1..37578 24200/37578 Program received signal SIGSEGV, Segmentation fault. 0x00007ffff6612151 in lucene_index_build_more () from /usr/lib64/dovecot/lib21_fts_lucene_plugin.so (gdb) bt #0 0x00007ffff6612151 in lucene_index_build_more () from /usr/lib64/dovecot/lib21_fts_lucene_plugin.so #1 0x00007ffff6610b01 in ?? () from /usr/lib64/dovecot/lib21_fts_lucene_plugin.so #2 0x00007ffff6820d5b in fts_build_mail () from /usr/lib64/dovecot/lib20_fts_plugin.so #3 0x00007ffff6825b90 in ?? () from /usr/lib64/dovecot/lib20_fts_plugin.so #4 0x000000000041650a in ?? () #5 0x00000000004123a7 in _start () `ulimit` reports "unlimited", so ulimits shouldn't be the culprit. Is there another limit in dovecot? Unfortunately, I can't "resume" the process, the indexing always starts again from the beginning. Florian doveconf -n: # 2.2.12: /etc/dovecot/dovecot.conf # OS: Linux 3.14.0-gentoo x86_64 Gentoo Base System release 2.2 ext4 auth_mechanisms = plain login cram-md5 ntlm mail_gid = 900 mail_location = maildir:/home/vmail/%u mail_plugins = acl quota fts fts_lucene mail_uid = 900 maildir_stat_dirs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { hidden = no list = children location = maildir:/home/vmail/%%u/:INDEX=/home/vmail/%%u/ prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes list = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_shared_dict = file:/home/vmail/shared-mailboxes fts = lucene fts_lucene = whitespace_chars=@. quota = maildir quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = /home/vmail/%u/.dovecot.sieve sieve_dir = /home/vmail/%u/sieve } postmaster_address = postmaster@ protocols = imap pop3 lmtp sieve sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { group = vmail mode = 0600 user = vmail } } service imap-postlogin { executable = script-login /usr/local/bin/imap-postlogin.sh user = $default_internal_user } service imap { executable = imap imap-postlogin } service managesieve-login { inet_listener sieve { port = 4190 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl = required ssl_cert = /chain.crt ssl_key = /server.key userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lda { auth_socket_path = /var/run/dovecot/auth-master mail_plugins = quota sieve acl } protocol imap { mail_plugins = acl quota quota imap_quota imap_acl } From teemu.huovila at dovecot.fi Tue Apr 15 13:45:59 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Tue, 15 Apr 2014 16:45:59 +0300 Subject: [Dovecot] Segmentation fault running doveadm index (lucene) on a big mailbox In-Reply-To: References: Message-ID: <534D3817.90808@dovecot.fi> On 04/15/2014 04:35 PM, Florian Klink wrote: > Hi, > > on a server running dovecot 2.2.12 I have a user with a quite big > mailbox (~37000 Mails in the INBOX). > > I tried to enable full text search using the fts_lucene backend (dovecot > 2.2.12). This patch (to be included in 2.2.13) addresses a different Lucene error, but might mitigate your issue as well. http://hg.dovecot.org/dovecot-2.2/rev/d63b209737be If the issue remains and if possible, install dovecot dbg packages to get symbols and run a "bt full" instead of "bt". br, Teemu Huovila From flokli at flokli.de Tue Apr 15 18:18:46 2014 From: flokli at flokli.de (Florian Klink) Date: Tue, 15 Apr 2014 20:18:46 +0200 Subject: [Dovecot] Segmentation fault running doveadm index (lucene) on a big mailbox In-Reply-To: <534D3817.90808@dovecot.fi> References: <534D3817.90808@dovecot.fi> Message-ID: Am 15.04.2014 15:45, schrieb Teemu Huovila: > On 04/15/2014 04:35 PM, Florian Klink wrote: >> Hi, >> >> on a server running dovecot 2.2.12 I have a user with a quite big >> mailbox (~37000 Mails in the INBOX). >> >> I tried to enable full text search using the fts_lucene backend (dovecot >> 2.2.12). > This patch (to be included in 2.2.13) addresses a different Lucene error, but might mitigate your issue as well. > http://hg.dovecot.org/dovecot-2.2/rev/d63b209737be > > If the issue remains and if possible, install dovecot dbg packages to get symbols and run a "bt full" instead of "bt". Unfortunately, the patch didn't fix the problem. However, I attached a full backtrace (with the applied patch, btw) including debug symbols. It is attached, but I had to wipe some urls from the output. Hope thats not a problem. I hope this helps! Florian -------------- next part -------------- Starting program: /usr/bin/doveadm -v index -u INBOX warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? Warning: couldn't activate thread debugging using libthread_db: Cannot find new threads: generic error warning: File "/lib64/libthread_db-1.0.so" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load". To enable execution of this file add add-auto-load-safe-path /lib64/libthread_db-1.0.so line to your configuration file "/root/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/root/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available. Program received signal SIGSEGV, Segmentation fault. lucene_index_build_more (index=0x68d6d0, uid=, data=data at entry=0x31975f0 " ------ ------------- ----------------- ------------- --- ---- - ---------------- ------- http://----------------/ RSS feed : http://------"..., size=size at entry=2995402, hdr_name=0x159f170 "") at lucene-wrapper.cc:539 539 lucene-wrapper.cc: Datei oder Verzeichnis nicht gefunden. #0 lucene_index_build_more (index=0x68d6d0, uid=, data=data at entry=0x31975f0 " ------ ------------- ----------------- ------------- --- ---- - ---------------- ------- http://----------------/ RSS feed : http://------"..., size=size at entry=2995402, hdr_name=0x159f170 "") at lucene-wrapper.cc:539 id = L"\xffffdb50?\024\000\024\000\xf73f3640??\000\x35975f0\000\x129e1c0\000\xf70d46c2?\024\000\xf76c79c0?\024\000\xbfa4d8" namesize = datasize = 2991112 dest = 0x7fffff4949c0 #1 0x00007ffff66107ea in fts_backend_lucene_update_build_more (_ctx=0x692100, data=0x31975f0 " ------ ------------- ----------------- ------------- --- ---- - ---------------- ------- http://----------------/ RSS feed : http://------"..., size=2995402) at fts-backend-lucene.c:407 _data_stack_cur_id = 5 ctx = 0x692100 backend = 0x68d5d0 ret = #2 0x00007ffff6820c04 in fts_build_unstructured_header (ctx=, hdr=0xbfa4d8, hdr=0xbfa4d8) at fts-build-mail.c:94 data = buf = i = #3 fts_build_mail_header (block=0x7fffffffdb70, block=0x7fffffffdb70, ctx=0x7fffffffdbb0) at fts-build-mail.c:121 hdr = 0xbfa4d8 key = {uid = 24238, type = FTS_BACKEND_BUILD_KEY_MIME_HDR, hdr_name = 0x15cd990 "", body_content_type = 0x0, body_content_disposition = 0x0} #4 fts_build_mail_real (mail=0x69c1f0, update_ctx=0x692100) at fts-build-mail.c:341 ctx = {mail = 0x69c1f0, update_ctx = 0x692100, content_type = 0x0, content_disposition = 0x0, body_parser = 0x0, word_buf = 0x8281d0} parser = 0x1ce7820 decoder = 0xbfa4c0 raw_block = {part = 0x666128, hdr = 0x129e1c0, data = 0x15555f0 "esearch:codesearch>\n html\n \n \n \n =\nhttp://----------------/----------------------/---------------------="..., size = 0} prev_part = 0x666128 skip_body = false block = {part = 0x666128, hdr = 0xbfa4d8, data = 0x1d0a7f1 "6?\367\377\177", size = 0} binary_body = ret = input = 0x1caa788 parts = 0x100005eae body_part = true body_added = true #5 fts_build_mail (update_ctx=0x692100, mail=mail at entry=0x69c1f0) at fts-build-mail.c:378 _data_stack_cur_id = 4 #6 0x00007ffff682567e in fts_mail_index (_mail=0x69c1f0) at fts-storage.c:451 ft = 0x69a7b0 flist = 0x67f688 #7 fts_mail_precache (_mail=0x69c1f0) at fts-storage.c:468 _data_stack_cur_id = 3 mail = 0x69c1f0 fmail = ft = #8 0x0000000000416621 in cmd_index_box_precache (box=) at doveadm-mail-index.c:69 ctx = 0x69e4e0 metadata = {guid = '\000' , virtual_size = 0, cache_fields = 0x0, precache_fields = (MAIL_FETCH_STREAM_HEADER | MAIL_FETCH_STREAM_BODY | MAIL_FETCH_RECEIVED_DATE | MAIL_FETCH_SAVE_DATE | MAIL_FETCH_PHYSICAL_SIZE | MAIL_FETCH_VIRTUAL_SIZE | MAIL_FETCH_UIDL_BACKEND | MAIL_FETCH_GUID), backend_ns_prefix = 0x0, backend_ns_type = (unknown: 0)} counter = 24237 max = 37594 status = {messages = 37594, recent = 0, unseen = 0, uidvalidity = 1362189120, uidnext = 38454, first_unseen_seq = 0, first_recent_uid = 38454, last_cached_seq = 0, highest_modseq = 0, highest_pvt_modseq = 0, keywords = 0x0, permanent_flags = 0, permanent_keywords = 0, allow_new_keywords = 0, nonpermanent_modseqs = 0, no_modseq_tracking = 0, have_guids = 1, have_save_guids = 1, have_only_guid128 = 0} mail = 0x69c1f0 ret = 0 trans = 0x6992a0 search_args = 0x0 seq = #9 cmd_index_box (info=, info=, ctx=0x678e80) at doveadm-mail-index.c:118 box = 0x693250 status = {messages = 6697840, recent = 0, unseen = 4151399389, uidvalidity = 32767, uidnext = 4294958416, first_unseen_seq = 32767, first_recent_uid = 6786912, last_cached_seq = 0, highest_modseq = 558362525697, highest_pvt_modseq = 0, keywords = 0x0, permanent_flags = 4151137592, permanent_keywords = 1, allow_new_keywords = 1, nonpermanent_modseqs = 1, no_modseq_tracking = 1, have_guids = 1, have_save_guids = 1, have_only_guid128 = 1} ret = 0 #10 cmd_index_run (_ctx=0x678e80, user=0x6883d0) at doveadm-mail-index.c:189 _data_stack_cur_id = 2 iter = 0x691b60 info = ret = 0 user = 0x6883d0 _ctx = 0x678e80 ctx = 0x678e80 i = #11 0x0000000000412473 in doveadm_mail_next_user (ctx=0x678e80, input=, error_r=0x7fffffffde58) at doveadm-mail.c:314 error = 0x7fffffffde58 "" ret = error_r = 0x7fffffffde58 input = ctx = 0x678e80 ip = ret = 0 #12 0x0000000000413107 in doveadm_mail_cmd (argv=0x66a3b8, argc=4, cmd=0x66ea48) at doveadm-mail.c:525 input = {module = 0x0, service = 0x44a71b "doveadm", username = 0x66a3e5 "", session_id = 0x0, local_ip = {family = 0, u = {ip6 = {__in6_u = { __u6_addr8 = '\000' , __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, remote_ip = {family = 0, u = { ip6 = {__in6_u = {__u6_addr8 = '\000' , __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, local_port = 0, remote_port = 0, userdb_fields = 0x0, flags_override_add = (unknown: 0), flags_override_remove = (unknown: 0), no_userdb_lookup = 0} ctx = 0x678e80 getopt_args = 0x662658 "qn:AS:u:" ret = c = wildcard_user = 0x0 error = 0x0 #13 doveadm_mail_try_run (cmd_name=cmd_name at entry=0x66a3dc "index", argc=argc at entry=4, argv=argv at entry=0x66a3a0) at doveadm-mail.c:617 cmd = 0x66ea48 #14 0x0000000000412068 in main (argc=4, argv=0x66a3a0) at doveadm.c:398 cmd_name = 0x66a3dc "index" i = quick_init = false c = A debugging session is active. Inferior 1 [process 23829] will be killed. Quit anyway? (y or n) From tss at iki.fi Tue Apr 15 20:30:00 2014 From: tss at iki.fi (Timo Sirainen) Date: Tue, 15 Apr 2014 22:30:00 +0200 Subject: [Dovecot] Segmentation fault running doveadm index (lucene) on a big mailbox In-Reply-To: References: <534D3817.90808@dovecot.fi> Message-ID: On 15.4.2014, at 20.18, Florian Klink wrote: >>> on a server running dovecot 2.2.12 I have a user with a quite big >>> mailbox (~37000 Mails in the INBOX). >>> >>> I tried to enable full text search using the fts_lucene backend (dovecot >>> 2.2.12). >> This patch (to be included in 2.2.13) addresses a different Lucene error, but might mitigate your issue as well. >> http://hg.dovecot.org/dovecot-2.2/rev/d63b209737be >> >> If the issue remains and if possible, install dovecot dbg packages to get symbols and run a "bt full" instead of "bt". > > Unfortunately, the patch didn't fix the problem. However, I attached a > full backtrace (with the applied patch, btw) including debug symbols. > > It is attached, but I had to wipe some urls from the output. Hope thats > not a problem. http://hg.dovecot.org/dovecot-2.2/rev/2ef62e1f44f2 should help. From flokli at flokli.de Tue Apr 15 20:39:24 2014 From: flokli at flokli.de (Florian Klink) Date: Tue, 15 Apr 2014 22:39:24 +0200 Subject: [Dovecot] Segmentation fault running doveadm index (lucene) on a big mailbox In-Reply-To: References: <534D3817.90808@dovecot.fi> Message-ID: Am 15.04.2014 22:30, schrieb Timo Sirainen: > On 15.4.2014, at 20.18, Florian Klink wrote: > >>>> on a server running dovecot 2.2.12 I have a user with a quite big >>>> mailbox (~37000 Mails in the INBOX). >>>> >>>> I tried to enable full text search using the fts_lucene backend (dovecot >>>> 2.2.12). >>> This patch (to be included in 2.2.13) addresses a different Lucene error, but might mitigate your issue as well. >>> http://hg.dovecot.org/dovecot-2.2/rev/d63b209737be >>> >>> If the issue remains and if possible, install dovecot dbg packages to get symbols and run a "bt full" instead of "bt". >> >> Unfortunately, the patch didn't fix the problem. However, I attached a >> full backtrace (with the applied patch, btw) including debug symbols. >> >> It is attached, but I had to wipe some urls from the output. Hope thats >> not a problem. > > http://hg.dovecot.org/dovecot-2.2/rev/2ef62e1f44f2 should help. > doveadm(): Info: INBOX: Caching mails seq=1..37596 *** Error in `/usr/bin/doveadm': malloc(): memory corruption: 0x000000000071c290 *** Nope ;-) From tss at iki.fi Tue Apr 15 22:14:30 2014 From: tss at iki.fi (Timo Sirainen) Date: Wed, 16 Apr 2014 00:14:30 +0200 Subject: [Dovecot] Segmentation fault running doveadm index (lucene) on a big mailbox In-Reply-To: References: <534D3817.90808@dovecot.fi> Message-ID: On 15.4.2014, at 22.39, Florian Klink wrote: >> http://hg.dovecot.org/dovecot-2.2/rev/2ef62e1f44f2 should help. >> > > doveadm(): Info: INBOX: Caching mails seq=1..37596 > *** Error in `/usr/bin/doveadm': malloc(): memory corruption: > 0x000000000071c290 *** > > Nope ;-) Uh oh. http://hg.dovecot.org/dovecot-2.2/rev/5e42a8c18b51 makes it better. From flokli at flokli.de Wed Apr 16 06:28:16 2014 From: flokli at flokli.de (Florian Klink) Date: Wed, 16 Apr 2014 08:28:16 +0200 Subject: [Dovecot] Segmentation fault running doveadm index (lucene) on a big mailbox In-Reply-To: References: <534D3817.90808@dovecot.fi> Message-ID: Am 16.04.2014 00:14, schrieb Timo Sirainen: > On 15.4.2014, at 22.39, Florian Klink wrote: > >>> http://hg.dovecot.org/dovecot-2.2/rev/2ef62e1f44f2 should help. >>> >> >> doveadm(): Info: INBOX: Caching mails seq=1..37596 >> *** Error in `/usr/bin/doveadm': malloc(): memory corruption: >> 0x000000000071c290 *** >> >> Nope ;-) > > Uh oh. http://hg.dovecot.org/dovecot-2.2/rev/5e42a8c18b51 makes it better. > Yes. This one fixed the memory corruption, allowed the indexing to complete and FTS now seems to work in this mailbox. Thank you! :-) Florian From jan.valvekens at invenit.be Wed Apr 16 07:16:51 2014 From: jan.valvekens at invenit.be (Jan Valvekens) Date: Wed, 16 Apr 2014 09:16:51 +0200 Subject: [Dovecot] Move of mail folders to other mail account on same server Message-ID: <534E2E63.8020207@invenit.be> Hi, I'd like to move mail folders from one mail account to another mail account on the same server. Moving the folders via my mail client (Thunderbird) takes a long time. Therefore I wondered whether it's not possible to simply move the files on the server itself. If I unsubscribe to the folders in my source account, then move the folder and subscribe to the folders in my target account: will that work? I run dovecot version 2.1.15 Thanks a lot, Jan From nmilas at noa.gr Wed Apr 16 07:26:56 2014 From: nmilas at noa.gr (Nikolaos Milas) Date: Wed, 16 Apr 2014 10:26:56 +0300 Subject: [Dovecot] dsync replication does not replicate new subfolders Message-ID: <534E30C0.6070909@noa.gr> Hello, Although this issue has been raised in another thread: https://www.mail-archive.com/dovecot at dovecot.org/msg57281.html I decided I should create a new one dedicated on it because that thread includes other issues as well, and the issue in question still remains unresolved although it is an important one (and I am hoping to attract Timo's attention on it, too ;-) ). The problem is that when dsync is configured between two servers (master/master), messages do get replicated, but newly created subfolders do not get replicated; as a result, when messages are moved by users from existing folders to newly created ones, replication results in chaos. Manually running a dsync command does not resolve the issue. See details of debug log on the above thread. I remind you that the configs of the two master/master installations (2.2.12) are available at: Primary Master: https://www.mail-archive.com/dovecot at dovecot.org/msg57298.html Secondary Master: https://www.mail-archive.com/dovecot at dovecot.org/msg57304.html The questions: 1. Is it an expected dsync behavior that newly created subfolders do not get replicated? 2. If yes, how can we replicate those? 3. If not, what is going wrong in the replication process? Does our configuration need a fix (which?) or does Dovecot needs one? Please advise! Sincerely, Nick From bourek at thinline.cz Wed Apr 16 07:49:36 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Wed, 16 Apr 2014 09:49:36 +0200 Subject: [Dovecot] Move of mail folders to other mail account on same server In-Reply-To: <534E2E63.8020207@invenit.be> References: <534E2E63.8020207@invenit.be> Message-ID: <534E3610.9070002@thinline.cz> Jan Valvekens wrote: > Hi, > > I'd like to move mail folders from one mail account to another mail > account on the same server. Moving the folders via my mail client > (Thunderbird) takes a long time. Therefore I wondered whether it's not > possible to simply move the files on the server itself. If I unsubscribe > to the folders in my source account, then move the folder and subscribe > to the folders in my target account: will that work? > AFAIK it should work, at least with Maildir format - if you have enough storage space on the server, you can test it by copying the files (directories) instead of moving them. Or you can try using doveadm - doveadm mailbox create to create the folders in destination mailbox and then doveadm move to move messages from source to destination account (provided your mail accounts share the same UID and GID on the server.) See wiki http://wiki2.dovecot.org/Tools/Doveadm/Mailbox http://wiki2.dovecot.org/Tools/Doveadm/Move From jym at baaz.fr Wed Apr 16 14:48:40 2014 From: jym at baaz.fr (Jean-Yves Moulin) Date: Wed, 16 Apr 2014 16:48:40 +0200 Subject: [Dovecot] BUG: Authentication client sent unknown handshake command Message-ID: <18393786-9A73-4DF5-B9DE-9ADD8109EBC4@baaz.fr> Hi everybody, I'm using dovecot-2.2.11 on NetBSD. After a kernel upgrade, while using the same dovecot binaries (they were working perfectly until today), I'm experiencing this error (more log at the end of my email): BUG: Authentication client sent unknown handshake command: REQUEST?227672066?18807?2?c717631d60216b2e9ec57a2fa69674b8?session_pid=16343?... I tried to build a newer version of dovecot (2.2.12) but same issue. I know this should come from my system and not dovecot, but how can I debug this kind of problem ? I already enabled various debug (auth_verbose, auth_debug, mail_debug) but I need more information. This issue have already been discussed on dovecot mailing list without solution :-) Thank you very much. Best, jym Log: Apr 16 16:29:16 dodo dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [::1] Apr 16 16:29:17 dodo dovecot: auth: Debug: client in: AUTH 2 PLAIN service=imap secured session=cE/PvSn3qgAAAAAAAAAAAAAAAAAAAAAB lip=::1 rip=::1 lport=993 rport=65450 resp= Apr 16 16:29:17 dodo dovecot: auth: Debug: cache(mylogin at myhost.org,::1,): hit: Apr 16 16:29:17 dodo dovecot: auth: Debug: client passdb out: OK 2 user=mylogin at myhost.org Apr 16 16:29:17 dodo dovecot: auth: Error: BUG: Authentication client sent unknown handshake command: REQUEST?227672066?18807?2?c717631d60216b2e9ec57a2fa69674b8?session_pid=16343?... Apr 16 16:29:17 dodo dovecot: imap: Error: Authentication server didn't send valid SPID as expected: MECH PLAIN plaintext Apr 16 16:29:17 dodo dovecot: imap: Error: Disconnected from auth server, aborting (client-pid=18807 client-id=2) Apr 16 16:29:17 dodo dovecot: imap-login: Internal login failure (pid=18807 id=2) (internal failure, 1 successful auths): user=, method=PLAIN, rip=::1, lip=::1, mpid=16343, TLS, session= Apr 16 16:29:17 dodo dovecot: imap-login: Debug: SSL alert: close notify [::1] From toml at engr.orst.edu Thu Apr 17 00:05:37 2014 From: toml at engr.orst.edu (Tom Lieuallen) Date: Wed, 16 Apr 2014 17:05:37 -0700 Subject: [Dovecot] segfault with shared namespace version > 2.1.16 Message-ID: <534F1AD1.3030906@engr.orst.edu> We're currently running 2.1.16. I've been wanting to update to a 2.2.X version, but have been running into problems, even with the latest (2.2.12). I'm not sure at what version this issue appeared, but I believe I've tried 2.2.10, 2.2.11, and now 2.2.12. We have a shared maildir setup. With that configuration in place and with a user in the dovecot-acl file, I can do the following to make it segfault every time. Note if I comment out the shared namespace config, it does not segfault. /private/dovecot/libexec/dovecot/imap -u tom2 * PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE] Logged in as tom2 l list "" * Segmentation fault (core dumped) The /a1 and /a2 mentioned here for shared folders and indexes are both local ext4 file systems. =========== Here is the output of dovecot -n: # 2.2.12: /private/dovecot/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.el6.x86_64 x86_64 CentOS release 6.5 (Final) first_valid_uid = 100 listen = * mail_location = mbox:~/mail:INBOX=/var/mail/%u:INDEX=/a2/imap-index/%u mail_plugins = quota acl namespace { hidden = yes inbox = no list = children location = maildir:/a1/dove-shared:INDEX=/a2/imap-index/dove-shared/%u prefix = sharedimap/ separator = / type = shared } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { args = /private/dovecot/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } passdb { args = scheme=CRYPT username_format=%u /private/dovecot/etc/passwd driver = passwd-file } plugin { acl = vfile quota = fs:INBOX:mount=/a1 quota2 = fs:Home quota:mount=%h } protocols = imap lmtp service imap-login { process_limit = 500 process_min_avail = 16 service_count = 1 } service imap { process_limit = 2048 } ssl_cert = ns = #1 0x00007f1cb0323fd0 in mailbox_list_get_storage (list=0x7fff73b39088, vname=, storage_r=0x7fff73b39080) at mailbox-list.c:821 set = #2 0x00007f1cb03164a7 in mail_namespace_find_shared ( namespaces=, mailbox=0x670800 "sharedimap/support-reports") at mail-namespace.c:651 list = 0x68ea30 storage = 0x0 #3 mail_namespace_find (namespaces=, mailbox=0x670800 "sharedimap/support-reports") at mail-namespace.c:669 ns = 0x68ad70 __FUNCTION__ = "mail_namespace_find" .... .... thank you Tom Lieuallen Oregon State University From nmilas at noa.gr Thu Apr 17 12:05:08 2014 From: nmilas at noa.gr (Nikolaos Milas) Date: Thu, 17 Apr 2014 15:05:08 +0300 Subject: [Dovecot] Dovecot Replication setup In-Reply-To: <53394037.3050209@noa.gr> References: <5332BA61.3040800@noa.gr> <5334A378.3030800@noa.gr> <53394037.3050209@noa.gr> Message-ID: <534FC374.4040507@noa.gr> On 31/3/2014 1:15 ??, Nikolaos Milas wrote: > >> >>> I am trying to setup a master/master replication with dsync >>> (according to the first part of: http://wiki2.dovecot.org/Replication). >>> >>> ...I would like to ask/confirm whether the indicated setup is >>> required on *both*servers participating in the master/master >>> replication. >> > > Answering my own question (after our test deployment), I can tell now > that it is enough to set up the main server with the replication > configuration. > > I don't know if setting up the second master (the mirrored one) with > replication config as well would cause conflicts/loops/issues. > > > After further testing, I can now say that I was wrong; Both masters must be configured for replication to have proper two way sync. I wish someone -with earlier experience- would answer these questions, to help us avoid all this fuss.... Nick From teemu.huovila at dovecot.fi Thu Apr 17 12:31:23 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Thu, 17 Apr 2014 15:31:23 +0300 Subject: [Dovecot] Dovecot Replication setup In-Reply-To: <534FC374.4040507@noa.gr> References: <5332BA61.3040800@noa.gr> <5334A378.3030800@noa.gr> <53394037.3050209@noa.gr> <534FC374.4040507@noa.gr> Message-ID: <534FC99B.9080404@dovecot.fi> On 04/17/2014 03:05 PM, Nikolaos Milas wrote: > After further testing, I can now say that I was wrong; Both masters must be configured for replication to have proper two way sync. > > I wish someone -with earlier experience- would answer these questions, to help us avoid all this fuss.... I regret that I did not spot the error in your configuration and Im sorry nobody else was able to answer you either. The dsync feature (as it is used since v2.2) is one where perhaps not so many have a lot of production environment experience. I hope you will have an easier time from now on. br, Teemu Huovila From huang at utsc.utoronto.ca Thu Apr 17 15:37:06 2014 From: huang at utsc.utoronto.ca (Wesley Huang) Date: Thu, 17 Apr 2014 11:37:06 -0400 Subject: [Dovecot] nfs flush/fsync config settings problem In-Reply-To: <5348295C.2010308@utsc.utoronto.ca> References: <201401080923.35386.yebo@psg.sk> <533D1A53.6050109@skye.it> <533D5E44.80002@utsc.utoronto.ca> <533D6109.1030409@skye.it> <5348295C.2010308@utsc.utoronto.ca> Message-ID: <534FF522.8000505@utsc.utoronto.ca> Hi All, I was able to find some time and investigate further. The culprit has been found: "mailbox_list_index=yes". We'd like to use the IMAP NOTIFY extension and this option is a must. But turning on mailbox_list_index with index stored on NFS mounts caused the the error I reported. Is it a designed/known behaviour or it is a bug? Hopefully my email will be caught maintainers' eyes. Cheers, Wesley On 14-04-11 01:41 PM, Wesley Huang wrote: > Hi Alessio, > > After days sorting the Heartbleed mess, I managed to set up Debian > Squeeze amd64 for the test and I'm seeing the same error message: > > Fatal: nfs flush requires mail_fsync=always > > # doveconf -n | egrep 'fsync|nfs' > mail_fsync = always > mail_nfs_index = yes > mail_nfs_storage = yes > > Cheers, > > Wesley > > On 14-04-03 09:24 AM, Alessio Cecchi wrote: >> Hi, >> >> I'm using Maildir on Debian 6 64bit, try to "grep" for "fsync" on all >> configuration files. >> >> Try also to install the same dovecot+configuration on Debian 6. >> >> Let me know! >> Ciao >> >> Il 03/04/2014 15:12, Wesley Huang ha scritto: >>> Hi Alessio, >>> >>> I have 2.2.12 installed in Debian Wheezy amd64 server. mail_fsync is >>> specified and detected. Are you using mbox or maildir or dbox? We're >>> using mbox and seeing the error. >>> >>> # dovecot --version >>> 2.2.12 >>> >>> # dovecot -n | grep -E 'sync|nfs' >>> mail_fsync = always >>> mail_nfs_index = yes >>> mail_nfs_storage = yes >>> >>> >>> # egrep 'nfs|fsync' 10-mail.conf | egrep -v '#' >>> mail_fsync=always >>> mail_nfs_storage = yes >>> mail_nfs_index = yes >>> >>> # uname -r >>> 3.2.0-4-amd64 >>> >>> Cheers, >>> >>> Wesley >>> >>> On 14-04-03 04:22 AM, Alessio Cecchi wrote: >>>> Il 08/01/2014 09:23, Troton_admin ha scritto: >>>>> Hi, >>>>> >>>>> I need to place a maildir storage on a NFS filesystem, so I set up >>>>> the config like this: >>>>> >>>>> mmap_disable = yes >>>>> mail_nfs_storage = yes >>>>> mail_nfs_index = yes >>>>> mail_fsync = always >>>>> lock_method = dotlock (also tried fcntl - local lockd is running, no >>>>> success, now using dotlock, to be sure while debugging) >>>>> >>>>> The problem is that Dovecot (2.2.9/2.2.10 - the relevant code in >>>>> mail-index.c is the same) logs a fatal error and quits the session >>>>> (no daemon crash/coredump). >>>> >>>> Hi, >>>> >>>> I have a similar configuration but with dovecot 2.2.12 and NFS for me >>>> works fine. Have you insert the "mail_fsync = always" in the right >>>> place? Is there only one "mail_fsync" setting in your config? First >>>> check this: >>>> >>>> root at mx:/etc/dovecot# grep mail_fsync /etc/dovecot/ -R >>>> conf.d/10-mail.conf:mail_fsync = always >>>> >>>> root at mx:/etc/dovecot# dovecot -n | grep -E 'sync|nfs' >>>> mail_fsync = always >>>> mail_nfs_index = yes >>>> mail_nfs_storage = yes >>>> maildir_very_dirty_syncs = yes >>>> >>>> # 2.2.12: /etc/dovecot/dovecot.conf >>>> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.9 >>>> >>>> Let me know. >>>> Ciao >>> >> >> From huang at utsc.utoronto.ca Thu Apr 17 18:35:38 2014 From: huang at utsc.utoronto.ca (Wesley Huang) Date: Thu, 17 Apr 2014 14:35:38 -0400 Subject: [Dovecot] How to disable Director service? Message-ID: <53501EFA.7030005@utsc.utoronto.ca> Hi All, Does anyone know how to disable the Director service. In our current running Dovecot 2.2.4, if the director configuration is commented out and Dovecot has no errors nor warnings. But the version 2.2.12 I'm testing with gives out fatal errors. We have dedicated Dovecot Director servers that serve the public frontend and separate dedicated imap/pop3 servers on the backend internal network. With the new version, Dovecot is always trying to start Director service and I couldn't find a way to stop Dovecot from giving out errors. 1. When the entire Director configuration block is commented out, there errors: dovecot: director: Fatal: No inet_listeners defined for director service (for standalone keep director_servers empty) dovecot: master: Error: service(director): command startup failed, throttling for 2 secs 2. When the director_servers line is configured as "*director_servers = *", there errors: dovecot: director: Error: Empty server list dovecot: director: Fatal: Invalid value for director_mail_servers setting master: Error: service(director): command startup failed, throttling for 2 secs 3. If the director_servers and direcotr_mail_servers are configured the same as our Director servers, there errors: dovecot: director: Fatal: director_servers doesn't list ourself dovecot: master: Error: service(director): command startup failed, throttling for 2 secs Does any one know how to disable this director service? We don't need the director service on the backend. Cheers, Wesley From h.reindl at thelounge.net Thu Apr 17 18:41:57 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 17 Apr 2014 20:41:57 +0200 Subject: [Dovecot] How to disable Director service? In-Reply-To: <53501EFA.7030005@utsc.utoronto.ca> References: <53501EFA.7030005@utsc.utoronto.ca> Message-ID: <53502075.4000105@thelounge.net> Am 17.04.2014 20:35, schrieb Wesley Huang: > Does anyone know how to disable the Director service. In our current running Dovecot 2.2.4, if the director > configuration is commented out and Dovecot has no errors nor warnings. But the version 2.2.12 I'm testing with > gives out fatal errors. We have dedicated Dovecot Director servers that serve the public frontend and separate > dedicated imap/pop3 servers on the backend internal network. With the new version, Dovecot is always trying to > start Director service and I couldn't find a way to stop Dovecot from giving out errors. > > 1. When the entire Director configuration block is commented out, there errors: > > dovecot: director: Fatal: No inet_listeners defined for director service (for standalone keep director_servers empty) > dovecot: master: Error: service(director): command startup failed, throttling for 2 secs you must have done something wrong, that below is a production "dobecont.conf" with no config-includes and such crap running as imap/pop3-proxy as well as postfix-auth-service and there is no single bit for director, that config runs at least 4 years unchanged, saw 2.2.12 also as it runs currently on 2.2.13 while the last real config cahnge was 1.x to 2.x so what about post output of "dovecont -n" to help people helping you even do yourself a "dovecot -n | grep director" _________________________________________________________ # provided services protocols = imap pop3 # configure ssl ssl = yes ssl_cert = From huang at utsc.utoronto.ca Thu Apr 17 18:55:39 2014 From: huang at utsc.utoronto.ca (Wesley Huang) Date: Thu, 17 Apr 2014 14:55:39 -0400 Subject: [Dovecot] How to disable Director service? In-Reply-To: <53502075.4000105@thelounge.net> References: <53501EFA.7030005@utsc.utoronto.ca> <53502075.4000105@thelounge.net> Message-ID: <535023AB.90308@utsc.utoronto.ca> Hi Reindl, There was no configuration on director side. ======================================== # doveconf -n | grep director # # doveconf -a ........................... director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins director_username_hash = %Lu ........................... service director { chroot = . client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } ........................... # tail -n 20 /var/log/mail.log | grep -i 'director\:' dovecot: director: Error: Empty server list dovecot: director: Fatal: Invalid value for director_mail_servers setting dovecot: director: Error: Empty server list dovecot: director: Fatal: Invalid value for director_mail_servers setting dovecot: director: Error: Empty server list dovecot: director: Fatal: Invalid value for director_mail_servers setting dovecot: director: Error: Empty server list dovecot: director: Fatal: Invalid value for director_mail_servers setting ======================================== That said, I think I've found a configuration combination that works: configure the "director_mail_servers = " on the backend server with all other director config commented out. But this is more a hacking way. Cheers, Wesley On 14-04-17 02:41 PM, Reindl Harald wrote: > > Am 17.04.2014 20:35, schrieb Wesley Huang: >> Does anyone know how to disable the Director service. In our current running Dovecot 2.2.4, if the director >> configuration is commented out and Dovecot has no errors nor warnings. But the version 2.2.12 I'm testing with >> gives out fatal errors. We have dedicated Dovecot Director servers that serve the public frontend and separate >> dedicated imap/pop3 servers on the backend internal network. With the new version, Dovecot is always trying to >> start Director service and I couldn't find a way to stop Dovecot from giving out errors. >> >> 1. When the entire Director configuration block is commented out, there errors: >> >> dovecot: director: Fatal: No inet_listeners defined for director service (for standalone keep director_servers empty) >> dovecot: master: Error: service(director): command startup failed, throttling for 2 secs > you must have done something wrong, that below is a production "dobecont.conf" > with no config-includes and such crap running as imap/pop3-proxy as well as > postfix-auth-service and there is no single bit for director, that config runs > at least 4 years unchanged, saw 2.2.12 also as it runs currently on 2.2.13 > while the last real config cahnge was 1.x to 2.x > > so what about post output of "dovecont -n" to help people helping you > even do yourself a "dovecot -n | grep director" > _________________________________________________________ > > # provided services > protocols = imap pop3 > > # configure ssl > ssl = yes > ssl_cert = ssl_key = ssl_cipher_list = > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2 > ssl_prefer_server_ciphers = yes > ssl_parameters_regenerate = 0 > > # configure imap-proxy > service imap-login { > inet_listener imap { > address = **.**.**.** > port = 143 > } > inet_listener imaps { > address = **.**.**.** > port = 993 > } > vsz_limit = 64M > service_count = 1 > process_min_avail = 0 > process_limit = 100 > } > > # configure pop3-proxy > service pop3-login { > inet_listener pop3 { > address = **.**.**.** > port = 110 > } > inet_listener pop3s { > address = **.**.**.** > port = 995 > } > vsz_limit = 64M > service_count = 1 > process_min_avail = 0 > process_limit = 100 > } > > # default settings > imap_capability = IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE CHILDREN SORT QUOTA > THREAD=ORDEREDSUBJECT UNSELECT IDLE > login_greeting = > login_log_format_elements = %u %r %m %k > mail_max_userip_connections = 100 > auth_mechanisms = CRAM-MD5 DIGEST-MD5 SCRAM-SHA-1 APOP LOGIN PLAIN > disable_plaintext_auth = no > shutdown_clients = no > version_ignore = yes > > # Logging > syslog_facility = mail > > # authentication process > auth_worker_max_count = 50 > auth_cache_size = 1024 > auth_cache_ttl = 600 > auth_cache_negative_ttl = 600 > auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% > auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz > > # debug options > auth_debug = no > auth_debug_passwords = no > auth_verbose = no > mail_debug = no > verbose_ssl = no > > # configure proxy-database > passdb { > driver = sql > args = /etc/dovecot/sql.conf > } > > # we are not using local users > userdb { > driver = static > args = static uid=10000 gid=10000 home=/dev/null > } > > # configure backend for postfix sasl-auth > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0660 > user = postfix > group = postfix > } > } > > From itgeek31 at googlemail.com Thu Apr 17 21:44:05 2014 From: itgeek31 at googlemail.com (IT geek 31) Date: Thu, 17 Apr 2014 23:44:05 +0200 Subject: [Dovecot] Dovecot Replication setup In-Reply-To: <534FC99B.9080404@dovecot.fi> References: <5332BA61.3040800@noa.gr> <5334A378.3030800@noa.gr> <53394037.3050209@noa.gr> <534FC374.4040507@noa.gr> <534FC99B.9080404@dovecot.fi> Message-ID: On 17 April 2014 14:31, Teemu Huovila wrote: > I wish someone -with earlier experience- would answer these questions, to > help us avoid all this fuss.... > I regret that I did not spot the error in your configuration and Im sorry > nobody else was able to answer you either. The dsync > feature (as it is used since v2.2) is one where perhaps not so many have a > lot of production environment experience. I hope you > will have an easier time from now on. > I struggled getting any information together on getting replication set up. It took a while, but finally I got there. I have to say, once set up it has been very robust and reliable. To know that our production mails are replicated to an offsite system over a VPN is very comforting. Why more people aren't using this I don't know... it has been brilliant. Thanks as always to Timo for putting together a brilliant product. -Mark From alessio at skye.it Fri Apr 18 06:27:16 2014 From: alessio at skye.it (Alessio Cecchi) Date: Fri, 18 Apr 2014 08:27:16 +0200 Subject: [Dovecot] nfs flush/fsync config settings problem In-Reply-To: <534FF522.8000505@utsc.utoronto.ca> References: <201401080923.35386.yebo@psg.sk> <533D1A53.6050109@skye.it> <533D5E44.80002@utsc.utoronto.ca> <533D6109.1030409@skye.it> <5348295C.2010308@utsc.utoronto.ca> <534FF522.8000505@utsc.utoronto.ca> Message-ID: <5350C5C4.80008@skye.it> Hi Wesley, thanks for this information! Ciao Il 17/04/2014 17:37, Wesley Huang ha scritto: > Hi All, > > I was able to find some time and investigate further. The culprit has > been found: "mailbox_list_index=yes". We'd like to use the IMAP NOTIFY > extension and this option is a must. But turning on mailbox_list_index > with index stored on NFS mounts caused the the error I reported. > > Is it a designed/known behaviour or it is a bug? Hopefully my email > will be caught maintainers' eyes. > > > Cheers, > > Wesley > > > On 14-04-11 01:41 PM, Wesley Huang wrote: >> Hi Alessio, >> >> After days sorting the Heartbleed mess, I managed to set up Debian >> Squeeze amd64 for the test and I'm seeing the same error message: >> >> Fatal: nfs flush requires mail_fsync=always >> >> # doveconf -n | egrep 'fsync|nfs' >> mail_fsync = always >> mail_nfs_index = yes >> mail_nfs_storage = yes >> >> Cheers, >> >> Wesley >> >> On 14-04-03 09:24 AM, Alessio Cecchi wrote: >>> Hi, >>> >>> I'm using Maildir on Debian 6 64bit, try to "grep" for "fsync" on all >>> configuration files. >>> >>> Try also to install the same dovecot+configuration on Debian 6. >>> >>> Let me know! >>> Ciao >>> >>> Il 03/04/2014 15:12, Wesley Huang ha scritto: >>>> Hi Alessio, >>>> >>>> I have 2.2.12 installed in Debian Wheezy amd64 server. mail_fsync is >>>> specified and detected. Are you using mbox or maildir or dbox? We're >>>> using mbox and seeing the error. >>>> >>>> # dovecot --version >>>> 2.2.12 >>>> >>>> # dovecot -n | grep -E 'sync|nfs' >>>> mail_fsync = always >>>> mail_nfs_index = yes >>>> mail_nfs_storage = yes >>>> >>>> >>>> # egrep 'nfs|fsync' 10-mail.conf | egrep -v '#' >>>> mail_fsync=always >>>> mail_nfs_storage = yes >>>> mail_nfs_index = yes >>>> >>>> # uname -r >>>> 3.2.0-4-amd64 >>>> >>>> Cheers, >>>> >>>> Wesley >>>> >>>> On 14-04-03 04:22 AM, Alessio Cecchi wrote: >>>>> Il 08/01/2014 09:23, Troton_admin ha scritto: >>>>>> Hi, >>>>>> >>>>>> I need to place a maildir storage on a NFS filesystem, so I set up >>>>>> the config like this: >>>>>> >>>>>> mmap_disable = yes >>>>>> mail_nfs_storage = yes >>>>>> mail_nfs_index = yes >>>>>> mail_fsync = always >>>>>> lock_method = dotlock (also tried fcntl - local lockd is running, no >>>>>> success, now using dotlock, to be sure while debugging) >>>>>> >>>>>> The problem is that Dovecot (2.2.9/2.2.10 - the relevant code in >>>>>> mail-index.c is the same) logs a fatal error and quits the session >>>>>> (no daemon crash/coredump). >>>>> >>>>> Hi, >>>>> >>>>> I have a similar configuration but with dovecot 2.2.12 and NFS for me >>>>> works fine. Have you insert the "mail_fsync = always" in the right >>>>> place? Is there only one "mail_fsync" setting in your config? First >>>>> check this: >>>>> >>>>> root at mx:/etc/dovecot# grep mail_fsync /etc/dovecot/ -R >>>>> conf.d/10-mail.conf:mail_fsync = always >>>>> >>>>> root at mx:/etc/dovecot# dovecot -n | grep -E 'sync|nfs' >>>>> mail_fsync = always >>>>> mail_nfs_index = yes >>>>> mail_nfs_storage = yes >>>>> maildir_very_dirty_syncs = yes >>>>> >>>>> # 2.2.12: /etc/dovecot/dovecot.conf >>>>> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.9 >>>>> >>>>> Let me know. >>>>> Ciao >>>> >>> >>> > -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz Cloud Email Hosting -> http://www.qboxmail.com @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From axel.luttgens at skynet.be Fri Apr 18 07:54:01 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Fri, 18 Apr 2014 09:54:01 +0200 Subject: [Dovecot] doveadm auth and the "nologin" extra field Message-ID: <592C9BCA-7063-4441-B523-A15BE011967F@skynet.be> Hello, Still busy with details... Considering, as in my previous example, a password_query returning '!' or NULL for the "nologin" column, depending on an account's status (suspended or not). Let's consider a suspended user "some.user". In the case of a successful authentication, one has: sh-3.2# doveadm auth test some.user goodpassword; echo $? passdb: some.user auth succeeded extra fields: user=some.user nologin 0 On the other hand, in the case of an authentication failure: sh-3.2# doveadm auth test some.user badpassword; echo $? passdb: some.user auth failed extra fields: user=some.user nologin=! 77 So, this is similar to what happens in a connection (pop3, imap...): when present, the nologin info is always taken into account, even in the case of an authentication failure. Again, this may raise some concerns about the consistency of such a behavior. Is this guaranteed to always behave that way, because of some rationale I'm currently missing, or does it go about some overlooked combination, liable to be inadvertently "corrected" in the future? I haven't been able to find a definitive answer in the wiki or in the code about such matters. This is particularly important in the case of doveadm, since its output requires parsing for extracting such informations (the exit code alone isn't sufficient); should above behavior be changed without notice, and a script could suddenly take the worst decisions... BTW, why: nologin in the first output, and: nologin=! in the second output? TIA, Axel From CMarcus at Media-Brokers.com Fri Apr 18 17:57:47 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 18 Apr 2014 13:57:47 -0400 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL Message-ID: <5351679B.1010800@Media-Brokers.com> Hi all, Ok, been wanting to do this for a while, and I after the Heartbleed fiasco, the boss finally agreed to let me buy some real certs... Until now, we've been using self-signed certs with the following dovecot config: ssl = required ssl_cert = References: <5351679B.1010800@Media-Brokers.com> Message-ID: <53517CD7.6050606@mie.utoronto.ca> On 18/04/2014 1:57 PM, Charles Marcus wrote: > > > But my current config doesn't have the _file for the variable names, > and the wiki doesn't use them, so I'm planning on setting these to: > > ssl = required > ssl_cert = /etc/ssl/ourNewCerts/mail.ourdomain.com.crt > ssl_key = /etc/ssl/ourNewCerts/mail.ourdomain.com.key > ssl_ca = /etc/ssl/ourNewCerts/RapidSSL_Intermediate.crt > http://wiki2.dovecot.org/SSL/DovecotConfiguration Note "Chained SSL certificates" section From dovecot at list-post.mks-mail.de Fri Apr 18 19:29:26 2014 From: dovecot at list-post.mks-mail.de (=?UTF-8?B?TWFya3VzIFNjaMO2bmhhYmVy?=) Date: Fri, 18 Apr 2014 21:29:26 +0200 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <5351679B.1010800@Media-Brokers.com> References: <5351679B.1010800@Media-Brokers.com> Message-ID: <53517D16.9060603@list-post.mks-mail.de> 18.04.2014 19:57, Charles Marcus: > Ok, been wanting to do this for a while, and I after the Heartbleed > fiasco, the boss finally agreed to let me buy some real certs... > > Until now, we've been using self-signed certs with the following dovecot > config: > > ssl = required > ssl_cert = ssl_key = > Now, I've created new keys/certs and the CSR, got the new certs from > RapidSSL (and also downloaded their Intermediate bundle), saved > everything per their instructions, which say to reference them as follows: > > ssl = required > ssl_cert_file = /etc/ssl/ourNewCerts/mail.ourdomain.com.crt > ssl_key_file = /etc/ssl/ourNewCerts/mail.ourdomain.com.key > ssl_ca_file = /etc/ssl/ourNewCerts/RapidSSL_Intermediate.crt > > But my current config doesn't have the _file for the variable names, and > the wiki doesn't use them, so I'm planning on setting these to: > > ssl = required > ssl_cert = /etc/ssl/ourNewCerts/mail.ourdomain.com.crt > ssl_key = /etc/ssl/ourNewCerts/mail.ourdomain.com.key > ssl_ca = /etc/ssl/ourNewCerts/RapidSSL_Intermediate.crt > > Anyone else ever used RapidSSL certs? Does this look correct? Yes. No. Aside from the missing indirection (use ... = References: <5351679B.1010800@Media-Brokers.com> Message-ID: Il 18/04/2014 19:57, Charles Marcus ha scritto: > Hi all, > > Ok, been wanting to do this for a while, and I after the Heartbleed > fiasco, the boss finally agreed to let me buy some real certs... > > Until now, we've been using self-signed certs with the following dovecot > config: > > ssl = required > ssl_cert = ssl_key = > Now, I've created new keys/certs and the CSR, got the new certs from > RapidSSL (and also downloaded their Intermediate bundle), saved > everything per their instructions, which say to reference them as follows: > > ssl = required > ssl_cert_file = /etc/ssl/ourNewCerts/mail.ourdomain.com.crt > ssl_key_file = /etc/ssl/ourNewCerts/mail.ourdomain.com.key > ssl_ca_file = /etc/ssl/ourNewCerts/RapidSSL_Intermediate.crt > > But my current config doesn't have the _file for the variable names, and > the wiki doesn't use them, so I'm planning on setting these to: > > ssl = required > ssl_cert = /etc/ssl/ourNewCerts/mail.ourdomain.com.crt > ssl_key = /etc/ssl/ourNewCerts/mail.ourdomain.com.key > ssl_ca = /etc/ssl/ourNewCerts/RapidSSL_Intermediate.crt > > Anyone else ever used RapidSSL certs? Does this look correct? Hi Charles, the RapidSSL documentation is wrong: 1) as you noted, you should use "ssl_cert" instead of "ssl_cert_file", and so on; 2) the file paths should be prefixed by "<", otherwise Dovecot will not read the files; 3) the "ssl_ca" setting is *not* used to make Dovecot reference intermediate certificates in the trust chain - it is used to specify trusted CAs in case you want to perform TLS client certificate authentication, which I suppose you do not want to do. You should: 1) make a backup copy of /etc/ssl/ourNewCerts/mail.ourdomain.com.crt; 2) open /etc/ssl/ourNewCerts/mail.ourdomain.com.crt and, at the end of the file, paste the contents of /etc/ssl/ourNewCerts /RapidSSL_Intermediate.crt; in the end, /etc/ssl/ourNewCerts /mail.ourdomain.com.crt should contain the certificate for mail.ourdomain.com and the intermediate RapidSSL certificate (in that order); 3) use the following settings: ssl = required ssl_cert = References: <5351679B.1010800@Media-Brokers.com> <53517D16.9060603@list-post.mks-mail.de> Message-ID: <53518399.9000902@Media-Brokers.com> Thanks Markus and Oscar... On 4/18/2014 3:29 PM, Markus Sch?nhaber wrote: > Aside from the missing indirection (use ... = before) the documentation indicates that ssl_ca is only used for > client certificate verification and has nothing to do with the > certificate chain of your server certificate. Yeah, the < was in the config, dunno how it got stripped from my post - or maybe I manually typed those - yeah, I think I did... > Instead, cat your new server certificate together with the CA > certificates into one file and point ssl_cert to this file (see > "Chained SSL certificates" in > http://wiki2.dovecot.org/SSL/DovecotConfiguration ). Ok, did that and made the config change and restarted dovecot. Everything seems to be working, BUT... I'm now seeing some of these errors, that were not showing up in the logs before: 2014-04-18T15:42:24-04:00 dinkumthinkum dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42, rip=24.126.163.180, lport=143 2014-04-18T15:42:34-04:00 dinkumthinkum dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42, rip=98.66.176.115, lport=143 !2 total in the last 25 minutes since flipping the switch. and there have been two of these: 2014-04-18T15:54:07-04:00 dinkumthinkum dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42, rip=99.14.24.224, lport=143 Not a huge number, but enough to be concerning... Could this just be from cached junk from some clients, and they will resolve themselves over time? -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6224 | 678.514.6299 fax From CMarcus at Media-Brokers.com Fri Apr 18 20:08:12 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 18 Apr 2014 16:08:12 -0400 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: References: <5351679B.1010800@Media-Brokers.com> Message-ID: <5351862C.4020400@Media-Brokers.com> On 4/18/2014 3:32 PM, Alessandro Menti wrote: > 2) open /etc/ssl/ourNewCerts/mail.ourdomain.com.crt and, at the end of > the file, paste the contents of /etc/ssl/ourNewCerts > /RapidSSL_Intermediate.crt; in the end, /etc/ssl/ourNewCerts > /mail.ourdomain.com.crt should contain the certificate for > mail.ourdomain.com and the intermediate RapidSSL certificate (in > that order); The Intermediate file already contained 2 certs... so, after I added it to mine, it now contains 3 certs... Is that right? Thanks, I appreciate the help... From CMarcus at Media-Brokers.com Fri Apr 18 20:12:05 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 18 Apr 2014 16:12:05 -0400 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <53518399.9000902@Media-Brokers.com> References: <5351679B.1010800@Media-Brokers.com> <53517D16.9060603@list-post.mks-mail.de> <53518399.9000902@Media-Brokers.com> Message-ID: <53518715.9030606@Media-Brokers.com> On 4/18/2014 3:57 PM, Charles Marcus wrote: > Everything seems to be working, BUT... I'm now seeing some of these > errors, that were not showing up in the logs before: > > 2014-04-18T15:42:24-04:00 dinkumthinkum dovecot: imap-login: > Disconnected (no auth attempts in 0 secs): user=<>, TLS: SSL_read() > failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad > certificate: SSL alert number 42, rip=24.126.163.180, lport=143 > 2014-04-18T15:42:34-04:00 dinkumthinkum dovecot: imap-login: > Disconnected (no auth attempts in 0 secs): user=<>, TLS: SSL_read() > failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad > certificate: SSL alert number 42, rip=98.66.176.115, lport=143 > > !2 total in the last 25 minutes since flipping the switch. > > and there have been two of these: > > 2014-04-18T15:54:07-04:00 dinkumthinkum dovecot: imap-login: > Disconnected (no auth attempts in 0 secs): user=<>, TLS handshaking: > SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 > alert bad certificate: SSL alert number 42, rip=99.14.24.224, lport=143 > > Not a huge number, but enough to be concerning... Ahh... I'm sure we have some older clients that are still configured to use a different hostname... So, if the new certs are for mail.example.com, and a client tries to connect using a different hostname, like imap.example.com, would that result in these kinds of errors? From alessandro.menti at hotmail.it Fri Apr 18 20:27:02 2014 From: alessandro.menti at hotmail.it (Alessandro Menti) Date: Fri, 18 Apr 2014 22:27:02 +0200 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <5351862C.4020400@Media-Brokers.com> References: <5351679B.1010800@Media-Brokers.com> <5351862C.4020400@Media-Brokers.com> Message-ID: Il 18/04/2014 22:08, Charles Marcus ha scritto: > On 4/18/2014 3:32 PM, Alessandro Menti wrote: >> 2) open /etc/ssl/ourNewCerts/mail.ourdomain.com.crt and, at the end of >> the file, paste the contents of /etc/ssl/ourNewCerts >> /RapidSSL_Intermediate.crt; in the end, /etc/ssl/ourNewCerts >> /mail.ourdomain.com.crt should contain the certificate for >> mail.ourdomain.com and the intermediate RapidSSL certificate (in >> that order); > > The Intermediate file already contained 2 certs... so, after I added it > to mine, it now contains 3 certs... > > Is that right? That's right. Regards, Alessandro Menti From dovecot at list-post.mks-mail.de Fri Apr 18 20:41:25 2014 From: dovecot at list-post.mks-mail.de (=?UTF-8?B?TWFya3VzIFNjaMO2bmhhYmVy?=) Date: Fri, 18 Apr 2014 22:41:25 +0200 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <53518715.9030606@Media-Brokers.com> References: <5351679B.1010800@Media-Brokers.com> <53517D16.9060603@list-post.mks-mail.de> <53518399.9000902@Media-Brokers.com> <53518715.9030606@Media-Brokers.com> Message-ID: <53518DF5.7070602@list-post.mks-mail.de> 18.04.2014 22:12, Charles Marcus: > On 4/18/2014 3:57 PM, Charles Marcus wrote: >> Everything seems to be working, BUT... I'm now seeing some of these >> errors, that were not showing up in the logs before: >> >> 2014-04-18T15:42:24-04:00 dinkumthinkum dovecot: imap-login: >> Disconnected (no auth attempts in 0 secs): user=<>, TLS: SSL_read() >> failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad >> certificate: SSL alert number 42, rip=24.126.163.180, lport=143 >> 2014-04-18T15:42:34-04:00 dinkumthinkum dovecot: imap-login: >> Disconnected (no auth attempts in 0 secs): user=<>, TLS: SSL_read() >> failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad >> certificate: SSL alert number 42, rip=98.66.176.115, lport=143 >> >> !2 total in the last 25 minutes since flipping the switch. >> >> and there have been two of these: >> >> 2014-04-18T15:54:07-04:00 dinkumthinkum dovecot: imap-login: >> Disconnected (no auth attempts in 0 secs): user=<>, TLS handshaking: >> SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 >> alert bad certificate: SSL alert number 42, rip=99.14.24.224, lport=143 >> >> Not a huge number, but enough to be concerning... > > Ahh... I'm sure we have some older clients that are still configured to > use a different hostname... > > So, if the new certs are for mail.example.com, and a client tries to > connect using a different hostname, like imap.example.com, would that > result in these kinds of errors? The errors indicate that a client didn't like your certificate for some reason. One of the possible reasons surely is a CN in the certificate that doesn't match the name of the server the client thinks he's connecting to. So the answer to your question is very likely "yes". -- Regards mks From CMarcus at Media-Brokers.com Fri Apr 18 20:45:40 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 18 Apr 2014 16:45:40 -0400 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <53518DF5.7070602@list-post.mks-mail.de> References: <5351679B.1010800@Media-Brokers.com> <53517D16.9060603@list-post.mks-mail.de> <53518399.9000902@Media-Brokers.com> <53518715.9030606@Media-Brokers.com> <53518DF5.7070602@list-post.mks-mail.de> Message-ID: <53518EF4.7090600@Media-Brokers.com> On 4/18/2014 4:41 PM, Markus Sch?nhaber wrote: > The errors indicate that a client didn't like your certificate for > some reason. One of the possible reasons surely is a CN in the > certificate that doesn't match the name of the server the client > thinks he's connecting to. So the answer to your question is very > likely "yes". Thanks for the confirmation... I'm think I'm going to simply remove that DNS entry and deal with a few support phone calls... -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6224 | 678.514.6299 fax From a.krischer at akbyte.com Fri Apr 18 22:29:55 2014 From: a.krischer at akbyte.com (Andreas Krischer - AKbyte) Date: Sat, 19 Apr 2014 00:29:55 +0200 Subject: [Dovecot] Hash Verification with doveadm Message-ID: Hello! I have a problem with the doveadm tool. I?m trying to verify a hash from my MySQL-Db with the following command: doveadm pw -p '123' -t '{SHA512-CRYPT}$6$e3TLkiahfHFv29/J$8etBEtmbh06B72kc1TpetT/k8aHkQrJAPQVpTGDYuzyHZX4MwU2PeL2cIupNEoUUGt6SLB0N7xNqbbqp/5OZo.' I'm expecting that it says verified or not, but it prompts for a password, so the ?-p? parameter does not work. I need this, because I want to use the verification in a shell script and for that it have to work without a prompt. I hope you guess what my problem is :) My configuration: # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.41-042stab078.27 i686 Debian 7.4 reiserfs auth_mechanisms = plain login mail_location = maildir:/var/vmail/%d/%n/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap sieve pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } ssl_cert = new.crt" http://wiki2.dovecot.org/SSL/DovecotConfiguration Chained SSL certificates Put all the certificates in the ssl_cert file. For example when using a certificate signed by TDC the correct order is: Dovecot's public certificate TDC SSL Server CA TDC Internet Root CA Globalsign Partners CA -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From skraw at ithnet.com Sat Apr 19 07:14:51 2014 From: skraw at ithnet.com (Stephan von Krawczynski) Date: Sat, 19 Apr 2014 09:14:51 +0200 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <5351679B.1010800@Media-Brokers.com> References: <5351679B.1010800@Media-Brokers.com> Message-ID: <20140419091451.ac576850.skraw@ithnet.com> On Fri, 18 Apr 2014 13:57:47 -0400 Charles Marcus wrote: > Hi all, > > Ok, been wanting to do this for a while, and I after the Heartbleed > fiasco, the boss finally agreed to let me buy some real certs... Well, I guess one has to tell you that: 1) No certs no matter if self-signed or not would have saved you from heartbleed. 2) "real certs" issued from cert-dealers are no more safe than your self-signed was. In fact they add the risk of your cert-dealter being hacked and you don't know. _This has happened_ already for at least one cert-dealer. So there is no proof at all that it will not happen again and this time probably nobody will be informed, because the company is dead afterwards (just like diginotar). In fact the whole cert business is a big fake currently. 3) The whole SSL stuff can only be made secure by implementing methods to authorize self-signed certs yourself and the clients using it being able to check that. Every checking by external "authorities" is just an uncontrollable security hole. -- Regards, Stephan From h.reindl at thelounge.net Sat Apr 19 07:22:07 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 19 Apr 2014 09:22:07 +0200 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <20140419091451.ac576850.skraw@ithnet.com> References: <5351679B.1010800@Media-Brokers.com> <20140419091451.ac576850.skraw@ithnet.com> Message-ID: <5352241F.8040301@thelounge.net> Am 19.04.2014 09:14, schrieb Stephan von Krawczynski: > On Fri, 18 Apr 2014 13:57:47 -0400 > Charles Marcus wrote: > >> Hi all, >> >> Ok, been wanting to do this for a while, and I after the Heartbleed >> fiasco, the boss finally agreed to let me buy some real certs... > > Well, I guess one has to tell you that: > 1) No certs no matter if self-signed or not would have saved you from > heartbleed yes, but you seem not to understand hat "Heartbleed" is the moment which you can use to say "now let us take SSL serious" in general as well as other security topics because *now* you can point somewehere and say "look manager, things happening in real" > 2) "real certs" issued from cert-dealers are no more safe than your > self-signed was. In fact they add the risk of your cert-dealter being hacked > and you don't know. _This has happened_ already for at least one cert-dealer. > So there is no proof at all that it will not happen again and this time > probably nobody will be informed, because the company is dead afterwards (just > like diginotar). In fact the whole cert business is a big fake currently yes but you can't change that nor can i > 3) The whole SSL stuff can only be made secure by implementing methods to > authorize self-signed certs yourself and the clients using it being able to > check that. Every checking by external "authorities" is just an uncontrollable > security hole. bulls**t because you can't do that if your mailusers are ordianary customers and even if you get managed that they import your self signed cert that *does not* change the fact that they get no alert in case of a MITM attack presenting whatever certificate signed from a CA all clients are trusting without certificate pinning you are lost in any case and with certificate pinning you can avoid the inital warning nobody of the ordinary users understands - so until you come with a solution for certificate pinning on and endusers MUA better don't explain things anybody knows -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From skraw at ithnet.com Sat Apr 19 07:30:42 2014 From: skraw at ithnet.com (Stephan von Krawczynski) Date: Sat, 19 Apr 2014 09:30:42 +0200 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <5352241F.8040301@thelounge.net> References: <5351679B.1010800@Media-Brokers.com> <20140419091451.ac576850.skraw@ithnet.com> <5352241F.8040301@thelounge.net> Message-ID: <20140419093042.b9497aaf.skraw@ithnet.com> On Sat, 19 Apr 2014 09:22:07 +0200 Reindl Harald wrote: > > > Am 19.04.2014 09:14, schrieb Stephan von Krawczynski: > > On Fri, 18 Apr 2014 13:57:47 -0400 > > Charles Marcus wrote: > > > >> Hi all, > >> > >> Ok, been wanting to do this for a while, and I after the Heartbleed > >> fiasco, the boss finally agreed to let me buy some real certs... > > > > Well, I guess one has to tell you that: > > 1) No certs no matter if self-signed or not would have saved you from > > heartbleed > > yes, but you seem not to understand hat "Heartbleed" is the moment > which you can use to say "now let us take SSL serious" in general > as well as other security topics because *now* you can point > somewehere and say "look manager, things happening in real" Yes, but all he has to do is ask you if this problem would have arised if he had a "real cert" to know that your spending money would not have helped. > > 2) "real certs" issued from cert-dealers are no more safe than your > > self-signed was. In fact they add the risk of your cert-dealter being hacked > > and you don't know. _This has happened_ already for at least one cert-dealer. > > So there is no proof at all that it will not happen again and this time > > probably nobody will be informed, because the company is dead afterwards (just > > like diginotar). In fact the whole cert business is a big fake currently > > yes but you can't change that nor can i So you say: "better fake security than no security" ? > > 3) The whole SSL stuff can only be made secure by implementing methods to > > authorize self-signed certs yourself and the clients using it being able to > > check that. Every checking by external "authorities" is just an uncontrollable > > security hole. > > bulls**t because you can't do that if your mailusers are ordianary > customers and even if you get managed that they import your self > signed cert that *does not* change the fact that they get no alert > in case of a MITM attack presenting whatever certificate signed > from a CA all clients are trusting > > without certificate pinning you are lost in any case and with > certificate pinning you can avoid the inital warning nobody > of the ordinary users understands - so until you come with > a solution for certificate pinning on and endusers MUA better > don't explain things anybody knows It does not matter if you can do something _now_ or not. The only way to improve a not working situation is to tell that it is not working (my way) and not to ignore it (your way). -- Regards, Stephan From h.reindl at thelounge.net Sat Apr 19 07:40:07 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 19 Apr 2014 09:40:07 +0200 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <20140419093042.b9497aaf.skraw@ithnet.com> References: <5351679B.1010800@Media-Brokers.com> <20140419091451.ac576850.skraw@ithnet.com> <5352241F.8040301@thelounge.net> <20140419093042.b9497aaf.skraw@ithnet.com> Message-ID: <53522857.4020205@thelounge.net> Am 19.04.2014 09:30, schrieb Stephan von Krawczynski: > On Sat, 19 Apr 2014 09:22:07 +0200 > Reindl Harald wrote: >> yes, but you seem not to understand hat "Heartbleed" is the moment >> which you can use to say "now let us take SSL serious" in general >> as well as other security topics because *now* you can point >> somewehere and say "look manager, things happening in real" > > Yes, but all he has to do is ask you if this problem would have arised if he > had a "real cert" to know that your spending money would not have helped. and then i would explain him: no but we don't waste additional time because every customer makes a support call after we change the self signed certificate and all mail-clients out there alerting >>> 2) "real certs" issued from cert-dealers are no more safe than your >>> self-signed was. In fact they add the risk of your cert-dealter being hacked >>> and you don't know. _This has happened_ already for at least one cert-dealer. >>> So there is no proof at all that it will not happen again and this time >>> probably nobody will be informed, because the company is dead afterwards (just >>> like diginotar). In fact the whole cert business is a big fake currently >> >> yes but you can't change that nor can i > > So you say: "better fake security than no security"? no - you need to understand that SSL has *two* goals * encyrption * authentication encryption works independent of authentication authentication is fucked up in general and broken by design and because that it's not worth to waste time explain users over and over how to accept the self-signed one while you do a big harm with that: train monkeys to ignore warnings but that does not change the main-goal: encryption >>> 3) The whole SSL stuff can only be made secure by implementing methods to >>> authorize self-signed certs yourself and the clients using it being able to >>> check that. Every checking by external "authorities" is just an uncontrollable >>> security hole. >> >> bulls**t because you can't do that if your mailusers are ordianary >> customers and even if you get managed that they import your self >> signed cert that *does not* change the fact that they get no alert >> in case of a MITM attack presenting whatever certificate signed >> from a CA all clients are trusting >> >> without certificate pinning you are lost in any case and with >> certificate pinning you can avoid the inital warning nobody >> of the ordinary users understands - so until you come with >> a solution for certificate pinning on and endusers MUA better >> don't explain things anybody knows > > It does not matter if you can do something _now_ or not. The only way to > improve a not working situation is to tell that it is not working (my way) and > not to ignore it (your way) it is working, it is working as good as it can and if you compare the costs of 130 ? for 3 years with support calls because self signed certificates and do a *real harm* by train ordinary users to ignore warnings just guess which way works honestly if i connect to a server owned by a company coming with a self-signed certificate without got told so before i get alarmed that they may not be trustworthy because if they save the little money for the cert i may assume they save money on other important things too -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From skraw at ithnet.com Sat Apr 19 07:58:56 2014 From: skraw at ithnet.com (Stephan von Krawczynski) Date: Sat, 19 Apr 2014 09:58:56 +0200 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <53522857.4020205@thelounge.net> References: <5351679B.1010800@Media-Brokers.com> <20140419091451.ac576850.skraw@ithnet.com> <5352241F.8040301@thelounge.net> <20140419093042.b9497aaf.skraw@ithnet.com> <53522857.4020205@thelounge.net> Message-ID: <20140419095856.dcbea3df.skraw@ithnet.com> On Sat, 19 Apr 2014 09:40:07 +0200 Reindl Harald wrote: > it is working, it is working as good as it can and if you compare the > costs of 130 ? for 3 years with support calls because self signed > certificates and do a *real harm* by train ordinary users to ignore > warnings just guess which way works > > honestly if i connect to a server owned by a company coming > with a self-signed certificate without got told so before > i get alarmed that they may not be trustworthy because if they > save the little money for the cert i may assume they save money > on other important things too Honestly, with your awareness of "as good as it can" wouldn't it be fair to tell people that they spend millions all over the planet for something that is not working? How can you expect the situation to get any better if you cover the problem by buying certs only for the reason to avoid warnings that are useless anyways? You know things go wrong and still do support it. I think one should have learned in the after-Snowden-era where this leads to. -- Regards, Stephan From h.reindl at thelounge.net Sat Apr 19 08:20:39 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 19 Apr 2014 10:20:39 +0200 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <20140419095856.dcbea3df.skraw@ithnet.com> References: <5351679B.1010800@Media-Brokers.com> <20140419091451.ac576850.skraw@ithnet.com> <5352241F.8040301@thelounge.net> <20140419093042.b9497aaf.skraw@ithnet.com> <53522857.4020205@thelounge.net> <20140419095856.dcbea3df.skraw@ithnet.com> Message-ID: <535231D7.5000306@thelounge.net> Am 19.04.2014 09:58, schrieb Stephan von Krawczynski: > On Sat, 19 Apr 2014 09:40:07 +0200 > Reindl Harald wrote: > >> it is working, it is working as good as it can and if you compare the >> costs of 130 ? for 3 years with support calls because self signed >> certificates and do a *real harm* by train ordinary users to ignore >> warnings just guess which way works >> >> honestly if i connect to a server owned by a company coming >> with a self-signed certificate without got told so before >> i get alarmed that they may not be trustworthy because if they >> save the little money for the cert i may assume they save money >> on other important things too > > Honestly, with your awareness of "as good as it can" wouldn't it be fair to > tell people that they spend millions all over the planet for something that is > not working? How can you expect the situation to get any better if you cover > the problem by buying certs only for the reason to avoid warnings that are > useless anyways? how can you expect it get's better by self signed certificates and train users to "ignore warnings because they are useless" you can do that for your pet's homepage where you know any visitor in person but not for the world what you achieve is they ignore all other warnings too because guys like you told them "warnings are useless" > You know things go wrong and still do support it. I think one should have > learned in the after-Snowden-era where this leads to and where does it lead to trigger warnings all over the planet and train people to ignore them? in case of a mailserver that's not a real big problem because they amount of users is limited on a public website it is insane to present a browser warning as welcome message if there is a working replacement, widely supported by client-software and useable or the ordinary enduser - fine - let us adopt it - until that does not exist you are talking bullshit well, i have an offer for you: you pay the support calls caused by certificate warnings, you pay also the harm of other ignored warnings as result of train monkeys, you go out and make *every* enduser to a tech person understand certificates and SSL before and after that we all start to drop CA certificates deal? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From skraw at ithnet.com Sat Apr 19 08:44:59 2014 From: skraw at ithnet.com (Stephan von Krawczynski) Date: Sat, 19 Apr 2014 10:44:59 +0200 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <535231D7.5000306@thelounge.net> References: <5351679B.1010800@Media-Brokers.com> <20140419091451.ac576850.skraw@ithnet.com> <5352241F.8040301@thelounge.net> <20140419093042.b9497aaf.skraw@ithnet.com> <53522857.4020205@thelounge.net> <20140419095856.dcbea3df.skraw@ithnet.com> <535231D7.5000306@thelounge.net> Message-ID: <20140419104459.388f676a.skraw@ithnet.com> On Sat, 19 Apr 2014 10:20:39 +0200 Reindl Harald wrote: > and where does it lead to trigger warnings all over the planet and train > people to ignore them? in case of a mailserver that's not a real big > problem because they amount of users is limited > > on a public website it is insane to present a browser warning as welcome message > > if there is a working replacement, widely supported by client-software > and useable or the ordinary enduser - fine - let us adopt it - until > that does not exist you are talking bullshit > > well, i have an offer for you: > you pay the support calls caused by certificate warnings, you pay also the > harm of other ignored warnings as result of train monkeys, you go out and > make *every* enduser to a tech person understand certificates and SSL before > and after that we all start to drop CA certificates > > deal? So you like market behaviour. Don't you think that the market of client software will react faster if everybody is aware of the currently unsolved problems? My word is: make them aware. Your word is: safe money and give a damn. Lets stop it here, it is obvious we disagree and I guess people on the list have heard enough to take their own decisions. -- Regards, Stephan From h.reindl at thelounge.net Sat Apr 19 08:58:39 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 19 Apr 2014 10:58:39 +0200 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <20140419104459.388f676a.skraw@ithnet.com> References: <5351679B.1010800@Media-Brokers.com> <20140419091451.ac576850.skraw@ithnet.com> <5352241F.8040301@thelounge.net> <20140419093042.b9497aaf.skraw@ithnet.com> <53522857.4020205@thelounge.net> <20140419095856.dcbea3df.skraw@ithnet.com> <535231D7.5000306@thelounge.net> <20140419104459.388f676a.skraw@ithnet.com> Message-ID: <53523ABF.5000508@thelounge.net> Am 19.04.2014 10:44, schrieb Stephan von Krawczynski: > On Sat, 19 Apr 2014 10:20:39 +0200 > Reindl Harald wrote: > >> and where does it lead to trigger warnings all over the planet and train >> people to ignore them? in case of a mailserver that's not a real big >> problem because they amount of users is limited >> >> on a public website it is insane to present a browser warning as welcome message >> >> if there is a working replacement, widely supported by client-software >> and useable or the ordinary enduser - fine - let us adopt it - until >> that does not exist you are talking bullshit >> >> well, i have an offer for you: >> you pay the support calls caused by certificate warnings, you pay also the >> harm of other ignored warnings as result of train monkeys, you go out and >> make *every* enduser to a tech person understand certificates and SSL before >> and after that we all start to drop CA certificates >> >> deal? > > So you like market behaviour no, but after more than 11 years working in the IT as software developer and sysadmin building any admin backends, automation tools and cms-systems at my own while dealing with the endusers and their software i have learned which fights i can't win and better spend my time to work on things gaining a result > Don't you think that the market of client software will react > faster if everybody is aware of the currently unsolved > problems? only in a perfect world in the world i sadly live i had to turn SSL3 on again after a complaint of big customer that one of his customers can't use his shop with MSIE6 and is not willing to enable TLS in the settings which is one click i did 13 years ago in times using Windows, well now after Heartbleed and EOL of WiNXP now i had the arguments to disable it forever -> done in the world i sadly live i had recently a customer using a 10 years old Eudora mail-client on MacOSX which don't work with SHA256 certificates - the reply to "please update your OS and your mail-client, this one is unsupported and higly insecure" was "but i was happy with it until *you* changed something" > My word is: make them aware mine too, but make aware and try to force end-users to understand things are different worlds - you can't win the fight against users ignorance, careless and their outdated software > Your word is: safe money and give a damn my word is safe time where it is wasted and use it to improve things in areas where i can win a fight - fighting a lost battle leads to nowehere and eats the time to improve other things i spent hundrets of hours in security the last few years looking at a big picture of all sort of network services and operating systems to work as secure as possible with each other if i would have wasted that time with lost battles i would have gained nothing > Lets stop it here, it is obvious we disagree and I guess people on the > list have heard enough to take their own decisions agreed -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From CMarcus at Media-Brokers.com Sat Apr 19 11:26:22 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sat, 19 Apr 2014 07:26:22 -0400 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <20140419091451.ac576850.skraw@ithnet.com> References: <5351679B.1010800@Media-Brokers.com> <20140419091451.ac576850.skraw@ithnet.com> Message-ID: <53525D5E.7010805@Media-Brokers.com> Please Reply-To-List, don't send to me directly, I'm on the list. On 4/19/2014 3:14 AM, Stephan von Krawczynski wrote: > On Fri, 18 Apr 2014 13:57:47 -0400 > Charles Marcus wrote: > >> Hi all, >> >> Ok, been wanting to do this for a while, and I after the Heartbleed >> fiasco, the boss finally agreed to let me buy some real certs... > Well, I guess one has to tell you that: > 1) No certs no matter if self-signed or not would have saved you from > heartbleed. I know that. I simply leveraged the noise to convince the boss to buy some real certs. And NO, I did not suggest that having real certs would have made us immune (in fact I told him it wouldn't), but the fiasco was a good time to bring the subject up again (I've been trying for years to get him to let me buy real certs to avoid the scary warnings). > 2) "real certs" issued from cert-dealers are no more safe than your > self-signed was. I know this. I want 'real' certs so our users no longer the stupid big ugly scary warnings about untrusted certs when setting up mail clients. > In fact they add the risk of your cert-dealter being hacked > and you don't know. _This has happened_ already for at least one cert-dealer. > So there is no proof at all that it will not happen again and this time > probably nobody will be informed, because the company is dead afterwards (just > like diginotar). All true, but there is risk in everything. > In fact the whole cert business is a big fake currently. In theory I agree, but the reality is different from theory. > 3) The whole SSL stuff can only be made secure by implementing methods to > authorize self-signed certs yourself and the clients using it being able to > check that. Every checking by external "authorities" is just an uncontrollable > security hole. True, but running my own CA, and requiring users to follow complicated (for them) instructions oon how to install our own CA into all of their clients is simply not a viable option (for us). -- Best regards, Charles From CMarcus at Media-Brokers.com Sat Apr 19 11:26:26 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sat, 19 Apr 2014 07:26:26 -0400 Subject: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL In-Reply-To: <20140419093042.b9497aaf.skraw@ithnet.com> References: <5351679B.1010800@Media-Brokers.com> <20140419091451.ac576850.skraw@ithnet.com> <5352241F.8040301@thelounge.net> <20140419093042.b9497aaf.skraw@ithnet.com> Message-ID: <53525D62.3030509@Media-Brokers.com> On 4/19/2014 3:30 AM, Stephan von Krawczynski wrote: > On Sat, 19 Apr 2014 09:22:07 +0200 Reindl Harald wrote: >> Am 19.04.2014 09:14, schrieb Stephan von Krawczynski: >>> 2) "real certs" issued from cert-dealers are no more safe than your >>> self-signed was. >> yes but you can't change that nor can i > So you say: "better fake security than no security" ? Don't be silly. It isn't 'fake security'. It obviously involves risks, but the security is real, as long as the chain isn't compromised. The risk lies in the potential for the chain to be compromised. -- Best regards, Charles From me at junc.eu Sat Apr 19 12:38:16 2014 From: me at junc.eu (Benny Pedersen) Date: Sat, 19 Apr 2014 14:38:16 +0200 Subject: [Dovecot] dkim test Message-ID: just testing, if it tempfails on dovecot mail me private from the admins of dovecot maillist only From itgeek31 at googlemail.com Sat Apr 19 15:48:21 2014 From: itgeek31 at googlemail.com (IT geek 31) Date: Sat, 19 Apr 2014 17:48:21 +0200 Subject: [Dovecot] Quick win... command to remove all attachments from an Inbox In-Reply-To: References: Message-ID: On 12 April 2014 18:35, IT geek 31 wrote: > Does anyone know of a doveadm command I can use to remove (delete) all > attachments from an mdbox Inbox? > > I prefer to save my attachments and have a sleek Inbox... but sometimes I > forget. A command I can feed into a cron job would be ideal. > Any takers? I've had a scout around the Wiki and can't see an obvious way. If someone knows it's not possible then please shout :-) Many thanks, -Mark From d.parthey at metaways.de Sat Apr 19 16:06:06 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Sat, 19 Apr 2014 18:06:06 +0200 Subject: [Dovecot] Quick win... command to remove all attachments from an Inbox In-Reply-To: References: Message-ID: Hi, Dovecot doesn't modify email body. This should be done via IMAP. There might be tools or IMAP libraries for your favourite scripting language which are able to handle attachments. Regards Daniel From itgeek31 at googlemail.com Sat Apr 19 17:07:30 2014 From: itgeek31 at googlemail.com (IT geek 31) Date: Sat, 19 Apr 2014 19:07:30 +0200 Subject: [Dovecot] Quick win... command to remove all attachments from an Inbox In-Reply-To: References: Message-ID: On 19 April 2014 18:06, Daniel Parthey wrote: > This should be done via IMAP. There might be tools or IMAP libraries for > your favourite scripting language which are able to handle attachments. > Thanks Daniel. I shall look at another way. -Mark From rs at sys4.de Sat Apr 19 17:32:31 2014 From: rs at sys4.de (Robert Schetterer) Date: Sat, 19 Apr 2014 19:32:31 +0200 Subject: [Dovecot] Quick win... command to remove all attachments from an Inbox In-Reply-To: References: Message-ID: <5352B32F.1080302@sys4.de> Am 19.04.2014 17:48, schrieb IT geek 31: > On 12 April 2014 18:35, IT geek 31 wrote: > >> Does anyone know of a doveadm command I can use to remove (delete) all >> attachments from an mdbox Inbox? >> >> I prefer to save my attachments and have a sleek Inbox... but sometimes I >> forget. A command I can feed into a cron job would be ideal. >> > > Any takers? I've had a scout around the Wiki and can't see an obvious way. > If someone knows it's not possible then please shout :-) > > Many thanks, > > > -Mark > perhaps see http://www.athensfbc.com/imap_tools/details.html try i.e filter by size, should be fine with mails having big attachments, might be possible with sieve too or try something like https://addons.mozilla.org/de/thunderbird/addon/attachmentextractor Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From skraw at ithnet.com Mon Apr 21 07:33:52 2014 From: skraw at ithnet.com (Stephan von Krawczynski) Date: Mon, 21 Apr 2014 09:33:52 +0200 Subject: [Dovecot] How to bring dovecot to using a slightly modified passwd file Message-ID: <20140421093352.932892d4.skraw@ithnet.com> Hello all, I am trying to use a setup where domains have separate passwd files with a slightly different layout. Is there a way to tell dovecot that a passwd file contains everything it looks for but on different positions inside the passwd file line? Standard passwd: USERNAME:PASSWD:UID:GID:HOME:extras different layout: USERNAME:PASSWD:extras:UID:GID:HOME Or do I have to patch the source, and where if necessary? Thanks for your help. -- Regards, Stephan From me at junc.eu Mon Apr 21 11:38:59 2014 From: me at junc.eu (Benny Pedersen) Date: Mon, 21 Apr 2014 13:38:59 +0200 Subject: [Dovecot] How to bring dovecot to using a slightly modified passwd file In-Reply-To: <20140421093352.932892d4.skraw@ithnet.com> References: <20140421093352.932892d4.skraw@ithnet.com> Message-ID: <22ddb607bbca43158896886e3b68a09a@junc.eu> Stephan von Krawczynski skrev den 2014-04-21 09:33: > Or do I have to patch the source, and where if necessary? dovecot does not need passwd files, you can eg use any db that dovecot support, lets say sqlite, then you can make layout free of charge make a php wrapper that import flat filedb to sqlite, and another one to export sqlite to fliledb that would be heaven imho :) and at the same time a nice backup From skraw at ithnet.com Mon Apr 21 12:25:52 2014 From: skraw at ithnet.com (Stephan von Krawczynski) Date: Mon, 21 Apr 2014 14:25:52 +0200 Subject: [Dovecot] How to bring dovecot to using a slightly modified passwd file In-Reply-To: <22ddb607bbca43158896886e3b68a09a@junc.eu> References: <20140421093352.932892d4.skraw@ithnet.com> <22ddb607bbca43158896886e3b68a09a@junc.eu> Message-ID: <20140421142552.ed6ce166.skraw@ithnet.com> On Mon, 21 Apr 2014 13:38:59 +0200 Benny Pedersen wrote: > Stephan von Krawczynski skrev den 2014-04-21 09:33: > > > Or do I have to patch the source, and where if necessary? > > dovecot does not need passwd files, you can eg use any db that dovecot > support, lets say sqlite, then you can make layout free of charge > > make a php wrapper that import flat filedb to sqlite, and another one to > export sqlite to fliledb > > that would be heaven imho :) > > and at the same time a nice backup Hello Benny, there are good reasons why this is _not_ possible. The setup is complex and lots of other software parts depend on the passwd file. Since they should all be interacting it is no good idea to spread the same data over several "databases". Furthermore we are not talking about _one_ passwd-like file but thousands (one for every domain). Believe me, I thought about it before asking exactly this question and not for some solution. If there is no chance to convince Timo for something like a passwd-scheme parameter useful for more people than just me I will probably rewrite the stuff myself. Nevertheless if someone kindly points me to the right piece of code I could save some hours searching for it myself... -- Regards, Stephan From sca at andreasschulze.de Mon Apr 21 15:26:13 2014 From: sca at andreasschulze.de (Andreas Schulze) Date: Mon, 21 Apr 2014 17:26:13 +0200 Subject: [Dovecot] How to bring dovecot to using a slightly modified passwd file In-Reply-To: <20140421142552.ed6ce166.skraw@ithnet.com> References: <20140421093352.932892d4.skraw@ithnet.com> <22ddb607bbca43158896886e3b68a09a@junc.eu> <20140421142552.ed6ce166.skraw@ithnet.com> Message-ID: <20140421152613.GA16384@solar.andreasschulze.de> Stephan von Krawczynski: > If there is no chance to convince Timo for something like a passwd-scheme > parameter useful for more people than just me I will probably rewrite the > stuff myself. Nevertheless if someone kindly points me to the right piece of > code I could save some hours searching for it myself... Stephan, I'm not aware on any function you need to specify the passwd layout. So a short solution would be a patch to dovecot. A more general solution could be a separate scheme beside the existing auth backends http://wiki2.dovecot.org/PasswordDatabase or a mechanism to specify passwd fields as you suggested. Andreas From skraw at ithnet.com Mon Apr 21 16:02:27 2014 From: skraw at ithnet.com (Stephan von Krawczynski) Date: Mon, 21 Apr 2014 18:02:27 +0200 Subject: [Dovecot] How to bring dovecot to using a slightly modified passwd file In-Reply-To: <20140421152613.GA16384@solar.andreasschulze.de> References: <20140421093352.932892d4.skraw@ithnet.com> <22ddb607bbca43158896886e3b68a09a@junc.eu> <20140421142552.ed6ce166.skraw@ithnet.com> <20140421152613.GA16384@solar.andreasschulze.de> Message-ID: <20140421180227.7d4a365a.skraw@ithnet.com> On Mon, 21 Apr 2014 17:26:13 +0200 Andreas Schulze wrote: > Stephan von Krawczynski: > > If there is no chance to convince Timo for something like a passwd-scheme > > parameter useful for more people than just me I will probably rewrite the > > stuff myself. Nevertheless if someone kindly points me to the right piece of > > code I could save some hours searching for it myself... > Stephan, > > I'm not aware on any function you need to specify the passwd layout. > So a short solution would be a patch to dovecot. > > A more general solution could be a separate scheme beside > the existing auth backends http://wiki2.dovecot.org/PasswordDatabase > or a mechanism to specify passwd fields as you suggested. > > Andreas Hello Andreas, I am well aware of the several possibilities around passwd and userdb. The thing is I want to avoid using scripts or an external binary (which would be possible) for performance reasons. I think the internal passwd file handling from dovecot would be best. It should be pretty easy to do a patched version where only the fields are replaced by the ones my passwd files use. -- Regards, Stephan From ron at vnetworx.net Tue Apr 22 00:27:52 2014 From: ron at vnetworx.net (Ron Guerin) Date: Mon, 21 Apr 2014 20:27:52 -0400 Subject: [Dovecot] Sieve extprograms problem (broken pipe) Message-ID: <5355B788.40602@vnetworx.net> I've been trying to pipe a message to an external script, and simplifying it as much as possible, I still get a broken pipe error. Can anyone point me in the right direction? X-Sieve: Pigeonhole Sieve 0.3.1 Using this script for debugging: -------------------------------- #!/bin/bash cat > /dev/null exit 0 server log contains: -------------------- Apr 21 19:45:18 generator dovecot: script: Error: write(response) failed: Broken pipe Apr 21 19:45:18 generator dovecot: lda(support at example.com): Error: sieve: execution of script /vmail/example.com/support//.dovecot. sieve failed, but implicit keep was successful (user logfile /vmail/example.com/support//.dovecot.sieve.log may reveal additional details) The logfile contains: --------------------- sieve: info: started log at Apr 21 20:13:50. error: msgid=<20140422001349.EA94C2A0CFD2 at generator.vnetworx.net>: pipe action: failed to pipe message to program `sieve-pipe-supportticket': refer to server log for more information. [2014-04-21 20:13:50]. - Ron From axel.luttgens at skynet.be Tue Apr 22 06:37:21 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Tue, 22 Apr 2014 08:37:21 +0200 Subject: [Dovecot] "Reapplying" sieve rules Message-ID: <6382AD8A-9388-429B-9801-5B376F11D79A@skynet.be> I did a mistake (shame on me). While migrating accounts on a new server, I didn't pay attention to a detail: sieve_max_actions, that I set to a low value for my testings, but then forgot to raise before the migration. As a result, several redirect-only accounts have now their inbox filled with messages that should have been redirected to "real people", then discarded. Would there be a nice way to "reapply" the sieve scripts, so that the messages of those mailboxes are redirected to their final recipients, the way they should have been upon arrival? Many thanks in advance, Axel From stephan at rename-it.nl Tue Apr 22 08:25:14 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 22 Apr 2014 10:25:14 +0200 Subject: [Dovecot] "Reapplying" sieve rules In-Reply-To: <6382AD8A-9388-429B-9801-5B376F11D79A@skynet.be> References: <6382AD8A-9388-429B-9801-5B376F11D79A@skynet.be> Message-ID: <5356276A.1050103@rename-it.nl> Axel Luttgens schreef op 22-4-2014 8:37: > I did a mistake (shame on me). > > While migrating accounts on a new server, I didn't pay attention to a detail: sieve_max_actions, that I set to a low value for my testings, but then forgot to raise before the migration. > > As a result, several redirect-only accounts have now their inbox filled with messages that should have been redirected to "real people", then discarded. > > Would there be a nice way to "reapply" the sieve scripts, so that the messages of those mailboxes are redirected to their final recipients, the way they should have been upon arrival? Normally, I would say: use the sieve-filter tool. But, unfortunately, it doesn't currently allow sending e-mail anywhere to prevent serious mishaps. So, currently, with Sieve the answer is no. :/ Perhaps you can hack something with doveadm... Regards, Stephan. From rs at sys4.de Tue Apr 22 08:39:26 2014 From: rs at sys4.de (Robert Schetterer) Date: Tue, 22 Apr 2014 10:39:26 +0200 Subject: [Dovecot] "Reapplying" sieve rules In-Reply-To: <6382AD8A-9388-429B-9801-5B376F11D79A@skynet.be> References: <6382AD8A-9388-429B-9801-5B376F11D79A@skynet.be> Message-ID: <53562ABE.9060201@sys4.de> Am 22.04.2014 08:37, schrieb Axel Luttgens: > I did a mistake (shame on me). > > While migrating accounts on a new server, I didn't pay attention to a detail: sieve_max_actions, that I set to a low value for my testings, but then forgot to raise before the migration. > > As a result, several redirect-only accounts have now their inbox filled with messages that should have been redirected to "real people", then discarded. > > Would there be a nice way to "reapply" the sieve scripts, so that the messages of those mailboxes are redirected to their final recipients, the way they should have been upon arrival? > > > Many thanks in advance, > Axel > perhaps use ideas from http://wiki2.dovecot.org/HowTo/RefilterMail Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From pollock at theorem.ca Tue Apr 22 09:33:15 2014 From: pollock at theorem.ca (Dan Pollock) Date: Tue, 22 Apr 2014 02:33:15 -0700 Subject: [Dovecot] Allowing non-SSL connections only for certain Password Databases Message-ID: I'm trying to set up my system (using Dovecot 2.0.9) so that certain Password Databases are available over pop3 and imap and others are available over pop3s and imaps. In particular, I would like users to be able to connect without SSL to accounts set up in vpopmail, but to require SSL for system accounts. Is there a way to set "disable_plaintext_auth" to different values for different Password Databases? Is there another way to do it? Thank you, Dan From kadafax at gmail.com Tue Apr 22 12:15:39 2014 From: kadafax at gmail.com (kfx) Date: Tue, 22 Apr 2014 14:15:39 +0200 Subject: [Dovecot] FTS Lucene: Fatal: master: service(indexer-worker): child * killed with signal 6 Message-ID: <53565D6B.9040306@gmail.com> Hi List, Since we migrated from dovecot 1.2.4 to 2.2.12 with lucene as FTS engine, I have this in my error log: Apr 22 14:01:14 indexer-worker(username): Error: lucene index /var/vmail/username/lucene-indexes: IndexWriter() failed (#1): Lock obtain timed out Apr 22 14:01:14 indexer-worker: Error: indexer-worker [username at mydomain.com MailBox-1 - 20800/22707]: /home/anotherusername/newnew/clucene/src/core/CLucene/index/DocumentsWriter.cpp:210: std::string lucene::index::DocumentsWriter::closeDocStore(): Assertion `numDocsInStore*8 == directory->fileLength( (docStoreSegment + "." + IndexFileNames::FIELDS_INDEX_EXTENSION).c_str() )' failed. Apr 22 14:01:14 indexer: Error: Indexer worker disconnected, discarding 1 requests for username at mydomain.com Apr 22 14:01:14 indexer-worker(username at mydomain.com): Fatal: master: service(indexer-worker): child 31158 killed with signal 6 (core not dumped) Apr 22 14:01:16 imap(username): Error: indexer failed to index mailbox MailBox-2 Does that sound familiar to someone ? Thanks. # 2.2.12: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.11.2.el6.x86_64 x86_64 CentOS release 6.5 (Final) ext4 auth_cache_size = 10 M auth_debug = yes auth_master_user_separator = * auth_socket_path = /var/run/dovecot/auth-userdb auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@* auth_verbose = yes auth_verbose_passwords = sha1 base_dir = /var/run/dovecot/ debug_log_path = /var/log/dovecot-debug.log default_client_limit = 2128 default_process_limit = 512 default_vsz_limit = 2 G hostname = mydomain.com info_log_path = /var/log/dovecot.log lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = * log_path = /var/log/dovecot-error.log login_greeting = Welcome login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_gid = vmail mail_location = maildir:/var/vmail/%Ln mail_plugins = fts fts_lucene quota stats mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = maildir:/var/vmail/%Ln mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = type = private } passdb { args = /usr/local/etc/dovecot/deny-users deny = yes driver = passwd-file } passdb { args = /usr/local/etc/dovecot/master-users driver = passwd-file master = yes } passdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { fts = lucene fts_autoindex = yes fts_autoindex_max_recent = 1000 fts_lucene = whitespace_chars=@ quota = maildir:User quota quota_rule = *:storage=20GB quota_rule2 = Trash:storage=+200M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = /var/sieve-scripts/%Ln.sieve sieve_dir = /var/vmail/%Ln/home/sieve stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 16 M stats_refresh = 30 secs stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours } postmaster_address = postmaster at mydomain.com protocols = imap pop3 sieve sieve service auth-worker { user = root } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0777 user = vmail } } service decode2text { executable = script /usr/local/libexec/dovecot/decode2text.sh unix_listener decode2text { mode = 0666 } user = dovecot } service imap-login { inet_listener imaps { port = 993 ssl = yes } process_min_avail = 5 } service imap { process_limit = 1024 } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3-login { inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh user = nobody } service stats { fifo_listener stats-mail { mode = 0600 user = vmail } } ssl_cert = Latest HG reproducibly crashes when accessing a virtual namespace: Apr 22 14:49:38 spectre dovecot: master: Dovecot v2.2.12 (09c114091c88) starting up for imap, lmtp [?] Apr 22 14:50:05 spectre dovecot: imap(tlx at leuxner.net): Panic: file mail-storage.c: line 1735 (mailbox_notify_changes): assertion failed: (box->opened) Apr 22 14:50:05 spectre dovecot: imap(tlx at leuxner.net): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x6bbaf) [0x7f7dad859baf] -> /usr/lib/dovecot/libdovecot.so.0(+0x6bc0e) [0x7f7dad859c0e] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f7dad81328e] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x81fda) [0x7f7dadb45fda] -> /usr/lib/dovecot/modules/lib20_virtual_plugin.so(+0x8ca3) [0x7f7dabffbca3] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 IDLE](cmd_idle+0x45) [0x410495] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 IDLE](command_exec+0x3c) [0x41839c] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 IDLE]() [0x417400] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 IDLE]() [0x4174ba] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 IDLE](client_handle_input+0x115) [0x417775] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 IDLE](client_input+0x72) [0x417b22] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x4e) [0x7f7dad86a91e] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd7) [0x7f7dad86b917] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x7f7dad86a9a9] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f7dad86aa28] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f7dad818633] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 IDLE](main+0x298) [0x40c128] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7f7dad481ead] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 IDLE]() [0x40c28d] Apr 22 14:50:05 spectre dovecot: imap(tlx at leuxner.net): Fatal: master: service(imap): child 25774 killed with signal 6 (core not dumped) I'm not sure how to generate a core in this scenario, but commenting out the namespace configuration seems to prevent crashes for now. This appears to have been introduced in the last 5 days mercurial updates according to logs. Previously working namespace: namespace { prefix = Virtual/ separator = / location = virtual:~/mdbox/virtual } Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From axel.luttgens at skynet.be Tue Apr 22 13:23:31 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Tue, 22 Apr 2014 15:23:31 +0200 Subject: [Dovecot] "Reapplying" sieve rules In-Reply-To: <5356276A.1050103@rename-it.nl> References: <6382AD8A-9388-429B-9801-5B376F11D79A@skynet.be> <5356276A.1050103@rename-it.nl> Message-ID: Le 22 avr. 2014 ? 10:25, Stephan Bosch a ?crit : > [...] > Normally, I would say: use the sieve-filter tool. But, unfortunately, it doesn't currently allow sending e-mail anywhere to prevent serious mishaps. > > So, currently, with Sieve the answer is no. :/ > > Perhaps you can hack something with doveadm... > > [...] Le 22 avr. 2014 ? 10:39, Robert Schetterer a ?crit : > [...] > perhaps use ideas from > > http://wiki2.dovecot.org/HowTo/RefilterMail > > [...] Hello, Many thanks to both of you. Fortunately, my problem has been far less widespread than initially feared. As a result, the good old manual way, yet with quite a bunch of patience and care, did the trick. But it is always nice to have some alternatives at hand; they are in my tool bag now. ;-) Regards, Axel From bind at enas.net Tue Apr 22 13:31:47 2014 From: bind at enas.net (Urban Loesch) Date: Tue, 22 Apr 2014 15:31:47 +0200 Subject: [Dovecot] Allowing non-SSL connections only for certain Password Databases In-Reply-To: References: Message-ID: <53566F43.5010903@enas.net> Hi, > > Is there a way to set "disable_plaintext_auth" to different values for different Password Databases? Is there another way to do it? > Why do you not force SSL for all users? I have no idea how this could be made with different databases. I have only build a solution for all users stored in mysql. I'm able to force SSL for imap and pop3 on a per user basis with e.g.: ... password_query = SELECT password FROM users WHERE userid = '%u' AND allow_login = 'y' AND ( force_ssl = 'y' OR '%c' = 'secured'); ... Query adopted from: http://wiki2.dovecot.org/Authentication/RestrictAccess For available variables see: http://wiki2.dovecot.org/Variables As I just said, this works for me, but only for users stored in mysql. Regards Urban From bind at enas.net Tue Apr 22 13:38:16 2014 From: bind at enas.net (Urban Loesch) Date: Tue, 22 Apr 2014 15:38:16 +0200 Subject: [Dovecot] Allowing non-SSL connections only for certain Password Databases In-Reply-To: <53566F43.5010903@enas.net> References: <53566F43.5010903@enas.net> Message-ID: <535670C8.6090406@enas.net> Sorry,theres a typo in sql query. It should be "( force_ssl = 'n' ....", not 'y'. My fault. Best Urban Am 22.04.2014 15:31, schrieb Urban Loesch: > Hi, > >> >> Is there a way to set "disable_plaintext_auth" to different values for >> different Password Databases? Is there another way to do it? >> > > Why do you not force SSL for all users? > > I have no idea how this could be made with different databases. I have > only build a solution for all users stored in mysql. > > I'm able to force SSL for imap and pop3 on a per user basis with e.g.: > > ... > password_query = SELECT password FROM users WHERE userid = '%u' AND > allow_login = 'y' AND ( force_ssl = 'y' OR '%c' = 'secured'); > ... > > Query adopted from: > http://wiki2.dovecot.org/Authentication/RestrictAccess > > For available variables see: > http://wiki2.dovecot.org/Variables > > As I just said, this works for me, but only for users stored in mysql. > > Regards > Urban From ammdispose-dovecot at yahoo.com Tue Apr 22 13:49:14 2014 From: ammdispose-dovecot at yahoo.com (A M) Date: Tue, 22 Apr 2014 21:49:14 +0800 (SGT) Subject: [Dovecot] dovecot-openssl.cnf - switch to 2048 bits? Message-ID: <1398174554.62065.YahooMailNeo@web194603.mail.sg3.yahoo.com> Hello, Just had a query, from security point of view. Shouldn't dovecot-openssl.conf defaults now be 2048 bits? i.e. default_bits = 1024 I have read that 1024 bit certificates are now deprecated, since Dec 31, 2013. So may be we should have default as 2048 and can be changed manually if someone specifically wants 1024 or lower. Regards, A M From h.reindl at thelounge.net Tue Apr 22 13:54:09 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 22 Apr 2014 15:54:09 +0200 Subject: [Dovecot] dovecot-openssl.cnf - switch to 2048 bits? In-Reply-To: <1398174554.62065.YahooMailNeo@web194603.mail.sg3.yahoo.com> References: <1398174554.62065.YahooMailNeo@web194603.mail.sg3.yahoo.com> Message-ID: <53567481.2000008@thelounge.net> Am 22.04.2014 15:49, schrieb A M: > Just had a query, from security point of view. > > Shouldn't dovecot-openssl.conf defaults now be 2048 bits? > > i.e. default_bits = 1024 > > I have read that 1024 bit certificates are now deprecated, > since Dec 31, 2013 if you really care you have to use 3072 and not 2048 and much more important get rid of SHA1 certs 3072 RSA matches AES128, for ECC 256 ________________________________________ here you go: http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report http://www.nsa.gov/business/programs/elliptic_curve.shtml -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From stano at websupport.sk Tue Apr 22 20:35:42 2014 From: stano at websupport.sk (Pavel Stano) Date: Tue, 22 Apr 2014 22:35:42 +0200 Subject: [Dovecot] one way replication Message-ID: <20140422223542.775fc0ce@ass> Hi, anyone using one way (or master/slave) replication instead of master/master ? There is no info in documentation but in sources (src/doveadm/dsync/doveadm-dsync.c) i found some flags which looks like for setting up master/slave switch (c) { case '1': ctx->oneway = TRUE; ctx->backup = TRUE; break; case 'R': ctx->reverse_backup = TRUE; break; So on master i add -1 : replication_dsync_parameters = -1 -d -n INBOX -l 30 -U and on slave -1 -R: replication_dsync_parameters = -1 -R -d -n INBOX -l 30 -U It looks it works, if i but question is if it is production ready. -- [ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ] Pavel Stano | Troubleshooter http://WebSupport.sk *** BERTE A VYCHUTNAVAJTE *** -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From konference at frantovo.cz Tue Apr 22 21:08:04 2014 From: konference at frantovo.cz (Frantisek Kucera) Date: Tue, 22 Apr 2014 23:08:04 +0200 Subject: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL Message-ID: <3446289.nD0moCODaY@osma> Hello, I have Dovecot configured for multiple domains (usernames are user at domain.tld) and I wanted to enable shared mailboxes. But there is some problem - if I share a folder, other user can't see it. In the log I foud: > Apr 22 19:21:02 veverka dovecot: imap(user at veverka.tld): Error: Couldn't create namespace 'shared.' for user petr: userdb didn't return a home directory, but location used it (%h): maildir:%h/Maildir:INDEX=~/Maildir/shared/%%u > Apr 22 19:21:02 veverka dovecot: imap(user at veverka.tld): Error: Couldn't create namespace 'shared.' for user emclient at veverka: userdb didn't return a home directory, but location used it (%h): maildir:%h/Maildir:INDEX=~/Maildir/shared/%%u Which is weird because the user name is "petr.surname" not only "petr" and the domain is "veverka.tld" not only "veverka". So I turned on SQL logging on my PostgreSQL and saw that Dovecot executes these queries: > 2014-04-22 19:21:02 CEST LOG: statement: SELECT * FROM dovecot_uzivatel WHERE login = 'petr' AND domena = '' > 2014-04-22 19:21:02 CEST LOG: statement: SELECT * FROM dovecot_uzivatel WHERE login = 'emclient' AND domena = 'veverka' The first username was "petr.surname at veverka.tld" and the second one was "emclient at veverka.tld" so it seems that it was truncated right after first "." dot and I afraid that this is a bug. Then it is obvious that Dovecot can't find the home directory and complains in log (as mentioned above). I found workaround ? I had "." configured as namespace separator so I reconfigured it to "/" slash and now mailbox sharing works! But I think that it should work also with "." dot separator and the values should not be truncated in SQL queries. I tried also using '%u' in my SQL and its value was also truncated. Values in "dovecot-acl" a "shared-mailboxes" files seem to be ok. BTW: I have also another server with only one domain and simple user names (no dots) and there the mailbox sharing works ? but now it seems that it works only accidentally. This might lead to hardly debuggable problems if someone has usernames with and without dots ? mailbox sharing will work for some users but for some not. My old configuration: > password_query = SELECT * FROM dovecot_heslo WHERE login = '%n' AND domena = '%d' > user_query = SELECT * FROM dovecot_uzivatel WHERE login = '%n' AND domena = '%d' > iterate_query = SELECT login AS username, domena AS domain FROM dovecot_uzivatel > namespace { > type = shared > separator = . > prefix = shared.%%u. > location = maildir:%h/Maildir:INDEX=~/Maildir/shared/%%u > subscriptions = yes > list = children > } Had to be reconfigured to: > separator = / > prefix = shared/%%u/ Used version: > # dovecot --version > 2.1.7 > # uname -a > Linux veverka 3.11.0-19-generic #33-Ubuntu SMP Tue Mar 11 18:48:34 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Regards, Franta P.S. If you have similar problem and have to switch from "." to "/" separators, don't forget to update your Sieve scripts (with fileinto). And sometimes also reconfiguration of the client is needed (e.g. NGImap4ConnectionStringSeparator in SOGo; and Kontact/KMail stopped working and I had to recreate the account in this client). From chriskot at quietwind.net Tue Apr 22 22:52:31 2014 From: chriskot at quietwind.net (Chris Kottaridis) Date: Tue, 22 Apr 2014 17:52:31 -0500 Subject: [Dovecot] Can't find sieve files Message-ID: <5356F2AF.1000501@quietwind.net> I have been running dovecot on a Fedora 14 host for years and am moving up to Fedora 19. I have things setup to run as a generic user vmail and have all users mailboxes in /var/vmail which is owned by the vmail user. Each user has a Maildir directory and a sieve directory. I also changed sendmail's procmail to run dovecot so it delivers into /var/vmail//Maildir instead of /var/spool/mail. I just copied the /var/vmail directory from the old machine to the new machine and made all the files there owned by vmail that had the same uid. I then compared the /etc/dovecot/conf.d files and made changes to ty and match the previous configuration as much as possible. I can send mail to a local user and se it show up in the users INBOX. However, when I watch /var/log/maillog when I send the mail I see errors like this: --------------------- script /var/vmail//ckottari/sieve/Active.sieve;name=main script (view user logfile /var/vmail//ckottari/sieve/Active.sieve.log for more information) Apr 22 17:05:46 ckottari-dhcp1 dovecot: lda(ckottari): msgid=<201404222205.s3MM5jJs003128 at ckottari-dhcp1.wrs.com>: saved mail to INBOX --------------------- When I look at Active.sieve.log: --------------------------------------------------- sieve: info: started log at Apr 22 17:05:46. main script: line 8: error: included personal script 'My RRs.sieve' does not exist. main script: line 9: error: included personal script 'RCPL.sieve' does not exist. main script: line 10: error: included personal script 'New_Incomplete Messages.sieve' does not exist. --------------------------------------------------- Basically, I get an error message for all my scripts that get included by the Active.sieve. The Active.sieve file and all the scripts exist in the /var/vmail//sieve directory and sieve_dir is set to ~/sieve. So, I am not sure why it can't find them if it can find Active.sieve. Below is my configuration output. This has been working for years in my Fedora 14 host without errors. But, there are some configuration differences that I just kind of guessed at. Any ideas on how to get sieve working would be appreciated. $ dovecot -n # 2.2.12: /etc/dovecot/dovecot.conf # OS: Linux 3.13.5-101.fc19.x86_64 x86_64 Fedora release 19 (Schr?dinger?s Cat) login_trusted_networks = 172.25.33.32/5 mail_location = maildir:~/Maildir:LAYOUT=fs managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = dovecot driver = pam } plugin { sieve = ~/sieve/Active.sieve sieve_dir = ~/sieve } protocols = imap sieve ssl = required ssl_cert = References: <5356F2AF.1000501@quietwind.net> Message-ID: <535704D9.1070704@rename-it.nl> On 4/23/2014 12:52 AM, Chris Kottaridis wrote: > Basically, I get an error message for all my scripts that get included > by the Active.sieve. The Active.sieve file and all the scripts exist in > the /var/vmail//sieve directory and sieve_dir is set to ~/sieve. > So, I am not sure why it can't find them if it can find Active.sieve. Enable mail_debug=yes. This way, Dovecot should log where it is looking for the Sieve files. > plugin { > sieve = ~/sieve/Active.sieve > sieve_dir = ~/sieve > } This is not a good idea. Don't put the active script link (sieve=) inside the script storage (sieve_dir=). There is special magic to prevent the Active script from showing up in ManageSieve as an additional script, but it is best to avoid this situation altogether. Regards, Stephan. From stephan at rename-it.nl Wed Apr 23 00:19:18 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 23 Apr 2014 02:19:18 +0200 Subject: [Dovecot] Sieve extprograms problem (broken pipe) In-Reply-To: <5355B788.40602@vnetworx.net> References: <5355B788.40602@vnetworx.net> Message-ID: <53570706.3010008@rename-it.nl> On 4/22/2014 2:27 AM, Ron Guerin wrote: > I've been trying to pipe a message to an external script, and > simplifying it as much as possible, I still get a broken pipe error. > > Can anyone point me in the right direction? > > X-Sieve: Pigeonhole Sieve 0.3.1 This is a very old version. Back then the extprograms plugin was still distributed separately. Since v0.4.x, the plugin was included in the main Pigeonhole tree and quite a few bugs were fixed in the process. This looks like a candidate: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/d4e9ca7fddcf Regards, Stephan. From pollock at theorem.ca Wed Apr 23 03:22:59 2014 From: pollock at theorem.ca (Dan Pollock) Date: Tue, 22 Apr 2014 20:22:59 -0700 Subject: [Dovecot] Allowing non-SSL connections only for certain Password Databases Message-ID: On Apr 22, 2014, Urban Loesch wrote: > > > > Is there a way to set "disable_plaintext_auth" to different values for different Password Databases? Is there another way to do it? > > > > Why do you not force SSL for all users? I have some users whose mail clients don't properly support SSL. For users using system accounts, it's important that passwords are protected (as they can use that password to log in to things other than email). It's not as critical to keep virtual mailboxes on vpopmail encrypted, as those accounts only have access to email. Dan From chriskot at quietwind.net Wed Apr 23 04:23:59 2014 From: chriskot at quietwind.net (Chris Kottaridis) Date: Tue, 22 Apr 2014 23:23:59 -0500 Subject: [Dovecot] Can't find sieve files In-Reply-To: <535704D9.1070704@rename-it.nl> References: <5356F2AF.1000501@quietwind.net> <535704D9.1070704@rename-it.nl> Message-ID: <5357405F.4080303@quietwind.net> On 04/22/2014 07:10 PM, Stephan Bosch wrote: > On 4/23/2014 12:52 AM, Chris Kottaridis wrote: >> Basically, I get an error message for all my scripts that get included >> by the Active.sieve. The Active.sieve file and all the scripts exist in >> the /var/vmail//sieve directory and sieve_dir is set to ~/sieve. >> So, I am not sure why it can't find them if it can find Active.sieve. > Enable mail_debug=yes. This way, Dovecot should log where it is looking > for the Sieve files. Well indeed that was helpful in the log file I see: Apr 22 22:51:48 ckottari-dhcp1 dovecot: lda(ckottari): Debug: sieve: script file /var/vmail/ckottari/sieve/My RRs.sieve.sieve not found Apr 22 22:51:48 ckottari-dhcp1 dovecot: lda(ckottari): Debug: sieve: script file /var/vmail/ckottari/sieve/RCPL.sieve.sieve not found Seems in this version it assumes the files will end in .sieve and I guess that previously they had to have the whole filename in the include statement. So, I removed the .sieve in the include statements: include :personal "My RRs.sieve"; include :personal "RCPL.sieve"; to include :personal "My RRs"; include :personal "RCPL"; Seems to do it since I get a successful compile now: Apr 22 23:01:12 ckottari-dhcp1 dovecot: lda(ckottari): Debug: sieve: binary open: binary /var/vmail/ckottari/sieve/Active.svbin stored with different binary version 0.3 (!= 1.0; automatically fixed when re-compiled) Apr 22 23:01:12 ckottari-dhcp1 dovecot: lda(ckottari): Debug: sieve: script `main script' from /var/vmail/ckottari/sieve/Active.sieve;name=main script successfully compiled >> plugin { >> sieve = ~/sieve/Active.sieve >> sieve_dir = ~/sieve >> } > This is not a good idea. Don't put the active script link (sieve=) > inside the script storage (sieve_dir=). There is special magic to > prevent the Active script from showing up in ManageSieve as an > additional script, but it is best to avoid this situation altogether. OK, I moved Active.sieve out of the sieve_dir directory and relinked to the Main.sieve that is in the sieve directory. The only other issue is the following Warning I get that doesn't seem to prevent anything, but probably means I don't have something correct: Apr 22 23:21:30 ckottari-dhcp1 dovecot: auth: Warning: userdb passwd: Move templates args to override_fields setting Apr 22 23:21:30 ckottari-dhcp1 dovecot: auth-worker(5089): Warning: userdb passwd: Move templates args to override_fields setting Not exactly sure what these warning messages are trying to tell me. Thanks Chris Kottaridis > > Regards, > > Stephan. From konference at frantovo.cz Wed Apr 23 06:50:22 2014 From: konference at frantovo.cz (Frantisek Kucera) Date: Wed, 23 Apr 2014 08:50:22 +0200 Subject: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL In-Reply-To: <3446289.nD0moCODaY@osma> References: <3446289.nD0moCODaY@osma> Message-ID: <6337764.MS3xjuKfjQ@osma> P.P.S. Iwas thinking about this again and it is probably not possible to support this combination: dot separator + shared mailboxes + usernames with dots (including the domain part). So I suggest update in the wiki: > n.b. If you have dots "." in your usernames (like `name.surname` or `name at example.com`) it is not possible to use dot as a [[Namespaces|namespace separator]]. Don't forget to use `separator = /` in such cases. on http://master.wiki2.dovecot.org/SharedMailboxes/Shared From rs at sys4.de Wed Apr 23 07:10:32 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 23 Apr 2014 09:10:32 +0200 Subject: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL In-Reply-To: <6337764.MS3xjuKfjQ@osma> References: <3446289.nD0moCODaY@osma> <6337764.MS3xjuKfjQ@osma> Message-ID: <53576768.8000905@sys4.de> Am 23.04.2014 08:50, schrieb Frantisek Kucera: > P.P.S. Iwas thinking about this again and it is probably not possible to support this combination: dot separator + shared mailboxes + usernames with dots (including the domain part). > > So I suggest update in the wiki: > >> n.b. If you have dots "." in your usernames (like `name.surname` or `name at example.com`) it is not possible to use dot as a [[Namespaces|namespace separator]]. Don't forget to use `separator = /` in such cases. > > on http://master.wiki2.dovecot.org/SharedMailboxes/Shared > i am not sure here ,what you try to goal i have users with dots ( like test.example at example.com ) in shared namespace, setting acls on their imap subfolders works fine, just tested Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From konference at frantovo.cz Wed Apr 23 07:23:51 2014 From: konference at frantovo.cz (Frantisek Kucera) Date: Wed, 23 Apr 2014 09:23:51 +0200 Subject: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL In-Reply-To: <53576768.8000905@sys4.de> References: <3446289.nD0moCODaY@osma> <6337764.MS3xjuKfjQ@osma> <53576768.8000905@sys4.de> Message-ID: <13327456.07JBT3ZYZo@osma> Dne St 23. dubna 2014 09:10:32, Robert Schetterer napsal(a): > Am 23.04.2014 08:50, schrieb Frantisek Kucera: > > So I suggest update in the wiki: > >> n.b. If you have dots "." in your usernames (like `name.surname` or > >> `name at example.com`) it is not possible to use dot as a > >> [[Namespaces|namespace separator]]. Don't forget to use `separator = /` > >> in such cases.> > > i am not sure here ,what you try to goal > i have users with dots ( like test.example at example.com ) in shared > namespace, setting acls on their imap subfolders works fine, just tested And you have "separator = ." ? I am afraid that this can't work, because if e-mail client requests folder e.g. "shared.name at example.com.some.folder" Dovecot is not able to guess where the username ends and where starts folder name. But if separator is "/" and the client requests "shared/name at example.com/some/folder" it is no problem to extract username from it and look it up in the database. (setting ACLs also worked on my server, but users were not able to see shared mailboxes of other users) Franta From rs at sys4.de Wed Apr 23 07:53:18 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 23 Apr 2014 09:53:18 +0200 Subject: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL In-Reply-To: <13327456.07JBT3ZYZo@osma> References: <3446289.nD0moCODaY@osma> <6337764.MS3xjuKfjQ@osma> <53576768.8000905@sys4.de> <13327456.07JBT3ZYZo@osma> Message-ID: <5357716E.70601@sys4.de> Am 23.04.2014 09:23, schrieb Frantisek Kucera: > Dne St 23. dubna 2014 09:10:32, Robert Schetterer napsal(a): >> Am 23.04.2014 08:50, schrieb Frantisek Kucera: >>> So I suggest update in the wiki: >>>> n.b. If you have dots "." in your usernames (like `name.surname` or >>>> `name at example.com`) it is not possible to use dot as a >>>> [[Namespaces|namespace separator]]. Don't forget to use `separator = /` >>>> in such cases.> >> >> i am not sure here ,what you try to goal >> i have users with dots ( like test.example at example.com ) in shared >> namespace, setting acls on their imap subfolders works fine, just tested > > And you have "separator = ." ? I am afraid that this can't work, because if e-mail client requests folder e.g. "shared.name at example.com.some.folder" Dovecot is not able to guess where the username ends and where starts folder name. But if separator is "/" and the client requests "shared/name at example.com/some/folder" it is no problem to extract username from it and look it up in the database. > > (setting ACLs also worked on my server, but users were not able to see shared mailboxes of other users) > > Franta > i have separator = / why you wanna use different ? Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From konference at frantovo.cz Wed Apr 23 08:17:15 2014 From: konference at frantovo.cz (Frantisek Kucera) Date: Wed, 23 Apr 2014 10:17:15 +0200 Subject: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL In-Reply-To: <5357716E.70601@sys4.de> References: <3446289.nD0moCODaY@osma> <13327456.07JBT3ZYZo@osma> <5357716E.70601@sys4.de> Message-ID: <4222475.c1VGchumme@osma> Dne St 23. dubna 2014 09:53:18, Robert Schetterer napsal(a): > i have > separator = / > why you wanna use different ? I don't insist on the dot :-) And I also see "/" as better and more meaningful separator. But the dot was default on my systems (Debian, Ubuntu) so I stayed with it until I hit on this issue. Franta From rs at sys4.de Wed Apr 23 08:19:18 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 23 Apr 2014 10:19:18 +0200 Subject: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL In-Reply-To: <4222475.c1VGchumme@osma> References: <3446289.nD0moCODaY@osma> <13327456.07JBT3ZYZo@osma> <5357716E.70601@sys4.de> <4222475.c1VGchumme@osma> Message-ID: <53577786.1070609@sys4.de> Am 23.04.2014 10:17, schrieb Frantisek Kucera: > Dne St 23. dubna 2014 09:53:18, Robert Schetterer napsal(a): >> i have >> separator = / >> why you wanna use different ? > > I don't insist on the dot :-) And I also see "/" as better and more meaningful > separator. But the dot was default on my systems (Debian, Ubuntu) so I stayed > with it until I hit on this issue. > > Franta > Ok, i understand Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From h.reindl at thelounge.net Wed Apr 23 08:30:10 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 23 Apr 2014 10:30:10 +0200 Subject: [Dovecot] Allowing non-SSL connections only for certain Password Databases In-Reply-To: References: Message-ID: <53577A12.60400@thelounge.net> Am 23.04.2014 05:22, schrieb Dan Pollock: > On Apr 22, 2014, Urban Loesch wrote: >>> Is there a way to set "disable_plaintext_auth" to different values for different Password Databases? Is there another way to do it? >>> >> >> Why do you not force SSL for all users? > > I have some users whose mail clients don't properly support SSL. which ones in 2014? > For users using system accounts, it's important that passwords are protected > (as they can use that password to log in to things other than email). > > It's not as critical to keep virtual mailboxes on vpopmail encrypted, > as those accounts only have access to email only have access to email? are you serious? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From dar at darklajid.de Wed Apr 23 08:38:37 2014 From: dar at darklajid.de (Benjamin Podszun) Date: Wed, 23 Apr 2014 10:38:37 +0200 Subject: [Dovecot] =?iso-8859-1?q?Allowing_non-SSL_connections_only_for_ce?= =?iso-8859-1?q?rtain_Password_Databases?= In-Reply-To: <53566F43.5010903@enas.net> References: <53566F43.5010903@enas.net> Message-ID: On Tuesday, April 22, 2014 3:31:47 PM CEST, Urban Loesch wrote: > Hi, > >> >> Is there a way to set "disable_plaintext_auth" to different >> values for different Password Databases? Is there another way >> to do it? >> > > Why do you not force SSL for all users? > > I have no idea how this could be made with different databases. > I have only build a solution for all users stored in mysql. > > I'm able to force SSL for imap and pop3 on a per user basis with e.g.: > > ... > password_query = SELECT password FROM users WHERE userid = '%u' > AND allow_login = 'y' AND ( force_ssl = 'y' OR '%c' = > 'secured'); Waitasecond. I might be totally off here, but the way I read that query you accept plaintext credentials, unsecured and then check the DB. After which you might say "You're not allowed to log in". If that is correct every user might send their credentials over unsecured connections? In my opinion this doesn't help. Clients cannot know in advance that they shouldn't try to login. I guess I'd either - drop the requirement (best option, hit the users that don't support TLS or offer them help to upgrade/fix their setup) - live with the possibility that the system users are potentially disclosing their credentials. Take a step back: A random client connects to dovecot. It didn't log in yet. How would you change the capabilities to reflect 'login without starttls is allowed or not', depending on a username that you cannot know at this point? My take, ignoring the "There shouldn't be a need for that" quip, is that this is next to impossible. And not worth the challenge. Ben From pollock at theorem.ca Wed Apr 23 08:50:37 2014 From: pollock at theorem.ca (Dan Pollock) Date: Wed, 23 Apr 2014 01:50:37 -0700 Subject: [Dovecot] Allowing non-SSL connections only for certain Password Databases In-Reply-To: References: <53566F43.5010903@enas.net> Message-ID: <377DF121-874D-4B5C-801E-0A394629D75A@theorem.ca> On Apr 23, 2014, at 1:38 AM, Benjamin Podszun wrote: > On Tuesday, April 22, 2014 3:31:47 PM CEST, Urban Loesch wrote: >> Hi, >> >>> Is there a way to set "disable_plaintext_auth" to different values for different Password Databases? Is there another way to do it? >> >> Why do you not force SSL for all users? >> >> I have no idea how this could be made with different databases. I have only build a solution for all users stored in mysql. >> >> I'm able to force SSL for imap and pop3 on a per user basis with e.g.: >> >> ... >> password_query = SELECT password FROM users WHERE userid = '%u' AND allow_login = 'y' AND ( force_ssl = 'y' OR '%c' = 'secured'); > > Waitasecond. I might be totally off here, but the way I read that query you accept plaintext credentials, unsecured and then check the DB. After which you might say "You're not allowed to log in". > > If that is correct every user might send their credentials over unsecured connections? > > In my opinion this doesn't help. Clients cannot know in advance that they shouldn't try to login. > > I guess I'd either > > - drop the requirement (best option, hit the users that don't support TLS or offer them help to upgrade/fix their setup) > > - live with the possibility that the system users are potentially disclosing their credentials. > > > Take a step back: A random client connects to dovecot. It didn't log in yet. How would you change the capabilities to reflect 'login without starttls is allowed or not', depending on a username that you cannot know at this point? > > My take, ignoring the "There shouldn't be a need for that" quip, is that this is next to impossible. And not worth the challenge. > > Ben I would like to move everyone onto more modern mail programs, but at the moment I have a couple of them that are stuck using very old software installed for them on work computers. The rest of my clients can connect on ports 993 and 995 without it being a problem. It's far from a perfect setup. This is quite easy to set up on Courier-imap, but for a number of reasons I would much rather be using Dovecot. (In courier-imap, you can configure different password databases independently for each of pop3, imap, pop3-ssl and imap-ssl.) Given that Dovecot features seem to be a superset of those from Courier-imap so far, I was hoping this configuration option would exist there as well. Dan From bind at enas.net Wed Apr 23 08:57:23 2014 From: bind at enas.net (Urban Loesch) Date: Wed, 23 Apr 2014 10:57:23 +0200 Subject: [Dovecot] Allowing non-SSL connections only for certain Password Databases In-Reply-To: References: <53566F43.5010903@enas.net> Message-ID: <53578073.6010204@enas.net> Am 23.04.2014 10:38, schrieb Benjamin Podszun: > On Tuesday, April 22, 2014 3:31:47 PM CEST, Urban Loesch wrote: >> Hi, >> >>> >>> Is there a way to set "disable_plaintext_auth" to different values >>> for different Password Databases? Is there another way to do it? >>> >> >> Why do you not force SSL for all users? >> >> I have no idea how this could be made with different databases. I have >> only build a solution for all users stored in mysql. >> >> I'm able to force SSL for imap and pop3 on a per user basis with e.g.: >> >> ... >> password_query = SELECT password FROM users WHERE userid = '%u' AND >> allow_login = 'y' AND ( force_ssl = 'y' OR '%c' = 'secured'); > > Waitasecond. I might be totally off here, but the way I read that query > you accept plaintext credentials, unsecured and then check the DB. After > which you might say "You're not allowed to log in". Yes that is correct and I knew that when I configured the setup. But I can't manipulate the clients. > > If that is correct every user might send their credentials over > unsecured connections? Yes, that is a disadvantage. As I just said, I can't change that. > > In my opinion this doesn't help. Clients cannot know in advance that > they shouldn't try to login. > > I guess I'd either > > - drop the requirement (best option, hit the users that don't support > TLS or offer them help to upgrade/fix their setup) Can you help me to upgrade/fix 40k users, which have no idea how to change the settings of a mail client? Send me your phonenumber and I will redirect all requests of that to you :-) You will see very quickly that it's not practicable to force all users to use SSL at the same time. With this setup I can bring users step by step to use SSL. > > - live with the possibility that the system users are potentially > disclosing their credentials. I have no system users. > > > Take a step back: A random client connects to dovecot. It didn't log in > yet. How would you change the capabilities to reflect 'login without > starttls is allowed or not', depending on a username that you cannot > know at this point? I know all usernames as I activate them. So I can control which user must use SSL and which not. I also for example can control which user is forced to use port 587 for sending their email and which not. > > My take, ignoring the "There shouldn't be a need for that" quip, is that > this is next to impossible. And not worth the challenge. > > Ben From dar at darklajid.de Wed Apr 23 08:58:05 2014 From: dar at darklajid.de (Benjamin Podszun) Date: Wed, 23 Apr 2014 10:58:05 +0200 Subject: [Dovecot] =?iso-8859-1?q?Allowing_non-SSL_connections_only_for_ce?= =?iso-8859-1?q?rtain_Password_Databases?= In-Reply-To: <377DF121-874D-4B5C-801E-0A394629D75A@theorem.ca> References: <53566F43.5010903@enas.net> <377DF121-874D-4B5C-801E-0A394629D75A@theorem.ca> Message-ID: On Wednesday, April 23, 2014 10:50:37 AM CEST, Dan Pollock wrote: > On Apr 23, 2014, at 1:38 AM, Benjamin Podszun wrote: > >> On Tuesday, April 22, 2014 3:31:47 PM CEST, Urban Loesch wrote: > ... > > > I would like to move everyone onto more modern mail programs, > but at the moment I have a couple of them that are stuck using > very old software installed for them on work computers. The rest > of my clients can connect on ports 993 and 995 without it being > a problem. What's wrong with starttls? How are the ports relevant? Do you happen to know what the problem is? Total lack of TLS support (I .. cannot quite believe that) or is it a problem with key sizes/ciphers or whatever, i.e. with your configuration vs. the legacy apps? > It's far from a perfect setup. > > This is quite easy to set up on Courier-imap, but for a number > of reasons I would much rather be using Dovecot. (In > courier-imap, you can configure different password databases > independently for each of pop3, imap, pop3-ssl and imap-ssl.) Which is really not that helpful, I think. Joe random system user can still set up his mailclient to point to mail.yourdomain.tld and try to login unencrypted. You'll only deny him afterwards (even with a different password DB), after the password was transmitted over unencrypted wifi in his local StarBucks? or equivalent. Or what am I missing here? All system users are too clever for that? In that case they can already use the ports listed above (or set their mail client to require starttls on 143/110). If they're not that security conscious, what protects them from the scenario above? > Given that Dovecot features seem to be a superset of those from > Courier-imap so far, I was hoping this configuration option > would exist there as well. See above: What would you gain? Would that actually help you? In the end it's your setup and I don't want to come across and say "You're doing it wrong" here, but so far it's hard to see what you're trying to archive with that .. feature? Regards, Ben From bind at enas.net Wed Apr 23 08:58:20 2014 From: bind at enas.net (Urban Loesch) Date: Wed, 23 Apr 2014 10:58:20 +0200 Subject: [Dovecot] Allowing non-SSL connections only for certain Password Databases In-Reply-To: <53577A12.60400@thelounge.net> References: <53577A12.60400@thelounge.net> Message-ID: <535780AC.5070606@enas.net> Am 23.04.2014 10:30, schrieb Reindl Harald: > > > Am 23.04.2014 05:22, schrieb Dan Pollock: >> On Apr 22, 2014, Urban Loesch wrote: >>>> Is there a way to set "disable_plaintext_auth" to different values for different Password Databases? Is there another way to do it? >>>> >>> >>> Why do you not force SSL for all users? >> >> I have some users whose mail clients don't properly support SSL. > > which ones in 2014? You will laugh, but we have some customers which are still using windows 3.11. Not many but there are.. From dar at darklajid.de Wed Apr 23 09:02:45 2014 From: dar at darklajid.de (Benjamin Podszun) Date: Wed, 23 Apr 2014 11:02:45 +0200 Subject: [Dovecot] =?iso-8859-1?q?Allowing_non-SSL_connections_only_for_ce?= =?iso-8859-1?q?rtain_Password_Databases?= In-Reply-To: <53578073.6010204@enas.net> References: <53566F43.5010903@enas.net> <53578073.6010204@enas.net> Message-ID: <9ce5dc94-bec5-4e18-9e4e-97777f1737c2@darklajid.de> On Wednesday, April 23, 2014 10:57:23 AM CEST, Urban Loesch wrote: > > Am 23.04.2014 10:38, schrieb Benjamin Podszun: >> On Tuesday, April 22, 2014 3:31:47 PM CEST, Urban Loesch wrote: > ... > > Yes that is correct and I knew that when I configured the > setup. But I can't manipulate the clients. > >> >> If that is correct every user might send their credentials over >> unsecured connections? > > Yes, that is a disadvantage. As I just said, I can't change that. > >> >> In my opinion this doesn't help. Clients cannot know in advance that >> they shouldn't try to login. >> >> I guess I'd either >> >> - drop the requirement (best option, hit the users that don't support >> TLS or offer them help to upgrade/fix their setup) > > Can you help me to upgrade/fix 40k users, which have no idea > how to change the settings of a mail client? Send me your > phonenumber and I will redirect all requests of that to you :-) > > You will see very quickly that it's not practicable to force > all users to use SSL at the same time. With this setup I can > bring users step by step to use SSL. I haven't defined an hourly rate so far, but I could think about something here.. ;-) Really, my 'you' in most of the reply was about Dan's requirement/targeting the thread: He has system users, probably with shell access(?) and wants to protect those 'more' than virtual users, as far as I understood. I claim that his requirement is hard to implement/next to impossible. You on the other hand .. have other issues. ;) Takeaway from my response to you, Urban, should've been: "I don't think your workaround helps with the original author's requirement", not "Fix your own setup!". Ben From kadafax at gmail.com Wed Apr 23 10:09:52 2014 From: kadafax at gmail.com (kadafax at gmail.com) Date: Wed, 23 Apr 2014 12:09:52 +0200 Subject: [Dovecot] stats: Error: Mail server input error: UPDATE-SESSION username imap: stats shrank: mrbytes 26961885 < 28237323 Message-ID: <53579170.3070406@gmail.com> Hi List, If anyone is still reading this list, I have another problem beside the FTS's one. From time to time I have this showing up in dovecot-error.log (for several users, not always the same one): stats: Error: Mail server input error: UPDATE-SESSION username imap: stats shrank: mrbytes 26961885 < 28237323 A search in google tell me that it should have been corrected in 2.1.13 but I am using 2.2.12. Is there a human here that can direct me to a solution ? Thanks # 2.2.12: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.11.2.el6.x86_64 x86_64 CentOS release 6.5 (Final) ext4 auth_cache_size = 10 M auth_debug = yes auth_master_user_separator = * auth_socket_path = /var/run/dovecot/auth-userdb auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@* auth_verbose = yes auth_verbose_passwords = sha1 base_dir = /var/run/dovecot/ debug_log_path = /var/log/dovecot-debug.log default_client_limit = 2128 default_process_limit = 512 default_vsz_limit = 2 G hostname = mydomain.com info_log_path = /var/log/dovecot.log lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = * log_path = /var/log/dovecot-error.log login_greeting = Welcome login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_gid = vmail mail_location = maildir:/var/vmail/%Ln mail_plugins = fts fts_lucene quota stats mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = maildir:/var/vmail/%Ln mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = type = private } passdb { args = /usr/local/etc/dovecot/deny-users deny = yes driver = passwd-file } passdb { args = /usr/local/etc/dovecot/master-users driver = passwd-file master = yes } passdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { fts = lucene fts_autoindex = yes fts_autoindex_max_recent = 1000 fts_lucene = whitespace_chars=@ quota = maildir:User quota quota_rule = *:storage=20GB quota_rule2 = Trash:storage=+200M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = /var/sieve-scripts/%Ln.sieve sieve_dir = /var/vmail/%Ln/home/sieve stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 16 M stats_refresh = 30 secs stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours } postmaster_address = postmaster at mydomain.com protocols = imap pop3 sieve sieve service auth-worker { user = root } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0777 user = vmail } } service decode2text { executable = script /usr/local/libexec/dovecot/decode2text.sh unix_listener decode2text { mode = 0666 } user = dovecot } service imap-login { inet_listener imaps { port = 993 ssl = yes } process_min_avail = 5 } service imap { process_limit = 1024 } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3-login { inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh user = nobody } service stats { fifo_listener stats-mail { mode = 0600 user = vmail } } ssl_cert = References: <20140421093352.932892d4.skraw@ithnet.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 21 Apr 2014, Stephan von Krawczynski wrote: > I am trying to use a setup where domains have separate passwd files with a > slightly different layout. Is there a way to tell dovecot that a passwd file > contains everything it looks for but on different positions inside the passwd > file line? > > Standard passwd: > > USERNAME:PASSWD:UID:GID:HOME:extras > > different layout: > > USERNAME:PASSWD:extras:UID:GID:HOME > > Or do I have to patch the source, and where if necessary? Check out src/auth/db-passwd-file.c src/auth/passdb-passwd-file.c BTW: To shift "extras" before uid/gid requires a way to quote ":", too. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1eSmXz1H7kL/d9rAQKVcAf9G+fQd2FT3JeHgQz+GSXlOK4WxItQJTK9 qBEJt4FAlsxVM2jRmuC+v4ZrOTYqz5IY/d8rDcc1H5NmM8V61S0gctalWF8A5m0t yKFSi76oAFRtq6XKd1u00gFavvvMZw6FO/rj6PnCx+lsA31ABJvphFjgS/HxWexK hNSBFXq9+bFvJSlDEtmtwwW1mZF91EW/Tm+/lb36GZhfFj2JNshrICqc5PLL6MPy DX0Aq9hkRdzl8+oxwupIODhc1NhTypTtq/bO7JGKMZNUHBnynbdw8SZvfqxjtvqY QawzrZr2Fyjfqipw/+CyNREVwCpvgomf+eA9yO7LD1p8/EgCFKi4Kg== =hcCY -----END PGP SIGNATURE----- From d.parthey at metaways.de Wed Apr 23 11:42:18 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Wed, 23 Apr 2014 13:42:18 +0200 Subject: [Dovecot] stats: Error: Mail server input error: UPDATE-SESSION username imap: stats shrank: mrbytes 26961885 < 28237323 In-Reply-To: <53579170.3070406@gmail.com> References: <53579170.3070406@gmail.com> Message-ID: <5357A71A.6050700@metaways.de> Am 23.04.2014 12:09, schrieb kadafax at gmail.com: > Hi List, > > If anyone is still reading this list, I have another problem beside the FTS's one. > From time to time I have this showing up in dovecot-error.log (for several users, not always the same one): > stats: Error: Mail server input error: UPDATE-SESSION username imap: stats shrank: mrbytes 26961885 < 28237323 > > A search in google tell me that it should have been corrected in 2.1.13 but I am using 2.2.12. Hi, I can only tell that the problem is still not fixed in 2.1.16. The only solution is to disable the stats plugin which produces these errors. Regards Daniel From tavo.coelho at accip.com.br Wed Apr 23 12:15:13 2014 From: tavo.coelho at accip.com.br (Gustavo Coelho) Date: Wed, 23 Apr 2014 09:15:13 -0300 Subject: [Dovecot] dovecot qmail-ldap Message-ID: <20140423121513.GA6965@scallop.geekisp.com> Hi folks, i am trying to get dovecot to work in my qmail-ldap instalation but no success so far. I respectfuly request your help. Here is my /etc/dovecot/dovecot.conf : auth_debug = yes auth_verbose = yes base_dir=/var/dovecot default_process_limit=100 disable_plaintext_auth=no listen=200.235.128.97 log_path=/var/log/dovecot.log login_greeting = Etosha Messaging Suite IMAP ready mail_uid=vmail mail_gid=vmail mail_location = maildir:/var/pop/%u/Inbox mail_max_userip_connections = 100 passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid from subject mail_log_group_events = mechanisms = plain login quota = maildir quota_rule = ?:storage=0 quota_rule2 = Trash:storage=+1024000 quota_rule3 = SPAM:ignore trash = /etc/dovecot/dovecot-trash.conf } protocols = imap service imap-login { inet_listener imaps { port = 993 ssl = yes } process_min_avail = 1 } service imap { executable = imap } protocol imap { mail_plugins = quota mail_log notify imap_quota } ssl_cert = References: <20140422130239.GA25844@nihlus.leuxner.net> Message-ID: <7B2EFBE2-0448-42DA-BFA8-4B3171545DE6@iki.fi> On 22.4.2014, at 16.02, Thomas Leuxner wrote: > Latest HG reproducibly crashes when accessing a virtual namespace: > > Apr 22 14:49:38 spectre dovecot: master: Dovecot v2.2.12 (09c114091c88) starting up for imap, lmtp > [?] > Apr 22 14:50:05 spectre dovecot: imap(tlx at leuxner.net): Panic: file mail-storage.c: line 1735 (mailbox_notify_changes): assertion failed: (box->opened) http://hg.dovecot.org/dovecot-2.2/rev/79bfc730a8b0 fixes this and http://hg.dovecot.org/dovecot-2.2/rev/0aa159d6ef30 fixes a related bug. From tlx at leuxner.net Wed Apr 23 14:56:40 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Wed, 23 Apr 2014 16:56:40 +0200 Subject: [Dovecot] Latest HG 09c114091c88 2.2.12 Assertion Failure In-Reply-To: <7B2EFBE2-0448-42DA-BFA8-4B3171545DE6@iki.fi> References: <20140422130239.GA25844@nihlus.leuxner.net> <7B2EFBE2-0448-42DA-BFA8-4B3171545DE6@iki.fi> Message-ID: <20140423145640.GA16410@nihlus.leuxner.net> * Timo Sirainen 2014.04.23 15:48: > http://hg.dovecot.org/dovecot-2.2/rev/79bfc730a8b0 fixes this and > http://hg.dovecot.org/dovecot-2.2/rev/0aa159d6ef30 fixes a related bug. Looks good now. Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From huang at utsc.utoronto.ca Wed Apr 23 18:43:58 2014 From: huang at utsc.utoronto.ca (Wesley Huang) Date: Wed, 23 Apr 2014 14:43:58 -0400 Subject: [Dovecot] core dump in mail_cache_header_fields_read() Message-ID: <535809EE.4040607@utsc.utoronto.ca> We're seeing a core dump for a user connecting from IPHONE. The user mail are in NFS mount. # dovecot --version 2.2.12 # doveconf -n # 2.2.12: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.4 auth_cache_negative_ttl = 0 auth_cache_size = 20 M auth_verbose = yes default_client_limit = 4000 default_process_limit = 1000 default_vsz_limit = 2 G director_mail_servers = disable_plaintext_auth = no first_valid_uid = 100 imap_client_workarounds = tb-extra-mailbox-sep delay-newmail tb-lsub-flags log_timestamp = "%Y-%m-%d %H:%M:%S " mail_fsync = always mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = " quota" mbox_dotlock_change_timeout = 1 mins mbox_lock_timeout = 1 mins mmap_disable = yes namespace inbox { hidden = no inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { quota = fs:Disk quota } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh protocols = " imap pop3" service auth-worker { user = root } service auth { user = $default_internal_user } service imap-login { client_limit = 2000 process_min_avail = 4 service_count = 1 } service imap-postlogin { executable = script-login /usr/local/dovecot-scripts/imap.sh user = root } service imap { executable = imap imap-postlogin process_limit = 4096 } service pop3-login { client_limit = 2000 service_count = 1 } service pop3-postlogin { executable = script-login /usr/local/dovecot-scripts/ipop3.sh user = root } service pop3 { executable = pop3 pop3-postlogin process_limit = 2048 } ssl_ca = This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /usr/lib/dovecot/imap...Reading symbols from /usr/lib/debug/usr/lib/dovecot/imap...done. done. [New LWP 5040] warning: Can't read pathname for load map: Input/output error. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `dovecot/imap imap-postlogin'. Program terminated with signal 11, Segmentation fault. #0 0x00007fca22f0ca85 in mail_cache_header_fields_read (cache=cache at entry=0x7fca24a04f70) at mail-cache-fields.c:369 369 for (p = names; p != end && *p != '\0'; p++) ; (gdb) bt full #0 0x00007fca22f0ca85 in mail_cache_header_fields_read (cache=cache at entry=0x7fca24a04f70) at mail-cache-fields.c:369 field_hdr = 0x7fca21d37010 field = {name = 0x0, idx = 0, type = MAIL_CACHE_FIELD_FIXED_SIZE, field_size = 0, decision = MAIL_CACHE_DECISION_NO, last_used = 0} last_used = 0x7fca21d3701c sizes = 0x7fca79d3701c types = 0x7fcad1d3701c
decisions = 0x7fcae7d3701c
p = 0x7fcafdd3701c
names = 0x7fcafdd3701c
end = 0x7fcb1dd47010
orig_key = 0x48800
orig_value = 0x8000 fidx = new_fields_count = dec = max_drop_time = 0 offset = 23204 i = #1 0x00007fca22f0a4d6 in mail_cache_open_and_verify (cache=0x7fca24a04f70) at mail-cache.c:497 ret = #2 0x00007fca22f0c905 in mail_cache_register_get_list (cache=0x7fca24a04f70, pool=0x7fca249d7480, count_r=count_r at entry=0x7fff0c4c7aec) at mail-cache-fields.c:194 list = i = #3 0x00007fca22ef93b3 in index_mail_parse_header_register_all_wanted (mail=0x7fca24a14ce0) at index-mail-headers.c:169 _mail = 0x7fca24a14ce0 all_cache_fields = i = count = #4 index_mail_parse_header_init (mail=mail at entry=0x7fca24a14ce0, headers=headers at entry=0x0) at index-mail-headers.c:230 _data_stack_cur_id = 4 data = 0x7fca24a14e50 match = 0x7fca24a05e00 "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377a" i = field_idx = match_count = __FUNCTION__ = "index_mail_parse_header_init" #5 0x00007fca22ef9d08 in index_mail_cache_parse_init (_mail=0x7fca24a14ce0, input=0x7fca24a1b178, input at entry=0x7fca24a1b738) at index-mail-headers.c:376 mail = 0x7fca24a14ce0 input2 = 0x7fca24a24ef8 __FUNCTION__ = "index_mail_cache_parse_init" #6 0x00007fca22eb4202 in mbox_save_get_input_stream (input=0x7fca24a1ab88, ctx=0x7fca24a14930) at mbox-save.c:421 filter = 0x0 ---Type to continue, or q to quit--- From marcin at mejor.pl Wed Apr 23 21:15:49 2014 From: marcin at mejor.pl (=?ISO-8859-2?Q?Marcin_Miros=B3aw?=) Date: Wed, 23 Apr 2014 23:15:49 +0200 Subject: [Dovecot] Segfault in dovecot-lda when resolver is unavailable Message-ID: <53582D85.8080000@mejor.pl> Hi list! Recently I noticed that dovecot-lda throws segfault when resolver is unavailable and with imapc configured. $ cat /etc/resolv.conf search . nameserver 127.0.0.1 backtrace: # gdb -q /usr/libexec/dovecot/dovecot-lda 'core-1398282784-8-11-!usr!libexec!dovecot!dovecot-lda-8805' [...] Core was generated by `/usr/libexec/dovecot/deliver -d marcin at mejor.pl'. Program terminated with signal 11, Segmentation fault. #0 0x000002b612afaf72 in _int_free (av=0x2b612e215c0 , p=0x1b23bfabe0, have_lock=0) at malloc.c:3903 3903 unlink(p, bck, fwd); (gdb) bt #0 0x000002b612afaf72 in _int_free (av=0x2b612e215c0 , p=0x1b23bfabe0, have_lock=0) at malloc.c:3903 #1 0x000002b612e96a4e in buffer_free (_buf=_buf at entry=0x1b23bfa948) at buffer.c:144 #2 0x000002b612ebeca8 in array_free_i (array=0x1b23bfa948) at array.h:108 #3 priorityq_deinit (_pq=_pq at entry=0x1b23bfabb0) at priorityq.c:38 #4 0x000002b612eafa57 in io_loop_destroy (_ioloop=_ioloop at entry=0x395a4da91d0) at ioloop.c:495 #5 0x000002b61306f225 in imapc_client_run_post (client=) at imapc-client.c:175 #6 imapc_client_run (client=0x1b23bda930) at imapc-client.c:181 #7 0x000002b613067158 in imapc_list_try_get_root_sep (list=0x1b23bd7b60, sep_r=sep_r at entry=0x395a4da9247 "") at imapc-list.c:297 #8 0x000002b6130671ae in imapc_list_get_hierarchy_sep (_list=) at imapc-list.c:310 #9 0x000002b613065d9f in imapc_list_get_fs_name (list=0x1b23bd7b60, name=0x0) at imapc-list.c:396 #10 0x000002b613066031 in imapc_list_get_path (_list=0x1b23bd7b60, name=0x0, type=MAILBOX_LIST_PATH_TYPE_MAILBOX, path_r=0x395a4da9338) at imapc-list.c:437 #11 0x000002b613089785 in mailbox_list_get_root_path (list=, type=type at entry=MAILBOX_LIST_PATH_TYPE_MAILBOX, path_r=path_r at entry=0x395a4da9338) at mailbox-list.c:1276 #12 0x000002b612ff8eb5 in quota_add_user_namespace (quota=0x1b23bcea80, ns=0x1b23bd7a10) at quota.c:745 #13 0x000002b61300073a in quota_mailbox_list_created (list=0x1b23bfd9c0) at quota-storage.c:590 #14 0x000002b613084581 in hook_mailbox_list_created (list=list at entry=0x1b23bfd9c0) at mail-storage-hooks.c:328 #15 0x000002b61308836f in mailbox_list_create (driver=driver at entry=0x2b6130e677b "maildir++", ns=0x1b23bd7a10, set=set at entry=0x395a4da94a0, flags=, list_r=list_r at entry=0x1b23bd7d60, error_r=error_r at entry=0x395a4da9498) at mailbox-list.c:210 #16 0x000002b613065cf6 in imapc_list_get_fs (list=list at entry=0x1b23bd7b60) at imapc-list.c:379 #17 0x000002b61306601e in imapc_list_get_path (_list=0x1b23bd7b60, name=0x0, type=MAILBOX_LIST_PATH_TYPE_MAILBOX, path_r=0x395a4da9588) at imapc-list.c:433 #18 0x000002b613089785 in mailbox_list_get_root_path (list=, type=type at entry=MAILBOX_LIST_PATH_TYPE_MAILBOX, path_r=path_r at entry=0x395a4da9588) at mailbox-list.c:1276 #19 0x000002b612ff8eb5 in quota_add_user_namespace (quota=0x1b23bcea80, ns=0x1b23bd7a10) at quota.c:745 #20 0x000002b61300073a in quota_mailbox_list_created (list=0x1b23bd7b60) at quota-storage.c:590 #21 0x000002b613084581 in hook_mailbox_list_created (list=list at entry=0x1b23bd7b60) at mail-storage-hooks.c:328 #22 0x000002b61308836f in mailbox_list_create (driver=driver at entry=0x2b6130e6d1b "imapc", ns=ns at entry=0x1b23bd7a10, set=set at entry=0x395a4da9720, flags=, list_r=list_r at entry=0x395a4da9708, error_r=error_r at entry=0x395a4da9810) at mailbox-list.c:210 #23 0x000002b61307f500 in mail_storage_create_full (ns=ns at entry=0x1b23bd7a10, driver=, driver at entry=0x0, data=, flags=flags at entry=(unknown: 0), storage_r=storage_r at entry=0x395a4da97c0, error_r=error_r at entry=0x395a4da9810) at mail-storage.c:356 #24 0x000002b61307f7cc in mail_storage_create (ns=ns at entry=0x1b23bd7a10, driver=driver at entry=0x0, flags=flags at entry=(unknown: 0), error_r=error_r at entry=0x395a4da9810) at mail-storage.c:407 #25 0x000002b613077a48 in namespace_add (user=user at entry=0x1b23bcf7e0, ns_set=0x1b23bd0db8, unexpanded_ns_set=0x1b23bcff30, mail_set=mail_set at entry=0x1b23bd07e8, ns_p=ns_p at entry=0x1b23bd3b00, error_r=error_r at entry=0x395a4da9950) at mail-namespace.c:170 #26 0x000002b613078aaf in mail_namespaces_init (user=0x1b23bcf7e0, error_r=error_r at entry=0x395a4da9950) at mail-namespace.c:344 #27 0x000002b6130901bf in mail_storage_service_init_post (error_r=0x395a4da9950, mail_user_r=0x395a4da9b18, priv=0x395a4da9960, user=0x1b23bbde50, ctx=) at mail-storage-service.c:685 #28 mail_storage_service_next (ctx=ctx at entry=0x1b23bbd4f0, user=0x1b23bbde50, mail_user_r=mail_user_r at entry=0x395a4da9b18) at mail-storage-service.c:1223 #29 0x000002b6130904b5 in mail_storage_service_lookup_next (ctx=0x1b23bbd4f0, input=input at entry=0x395a4da9b80, user_r=user_r at entry=0x395a4da9a70, mail_user_r=mail_user_r at entry=0x395a4da9b18, error_r=error_r at entry=0x395a4da9a60) at mail-storage-service.c:1258 #30 0x0000001b22341ccb in main (argc=3, argv=0x1b23bbb060) at main.c:412 # doveconf -n # 2.2.12: /etc/dovecot/dovecot.conf # OS: Linux 3.13.8-hardened x86_64 Gentoo Base System release 2.2 auth_cache_size = 1 k auth_master_user_separator = * auth_mechanisms = login digest-md5 cram-md5 plain deliver_log_format = msgid=%m: from=%f: phys=%p: virt=%w %$ dict { quota = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext } first_valid_uid = 8 last_valid_uid = 8 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_attachment_dir = /dane/domeny/zalaczniki mail_attachment_min_size = 10000 k mail_cache_min_mail_count = 20 mail_gid = mail mail_log_prefix = "%s(%u) <%{session}>: " mail_plugins = quota notify mail_log stats zlib mail_privileged_group = mail mail_uid = mail maildir_stat_dirs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy inc$ ude variables body enotify environment mailbox date ihave mdbox_preallocate_space = yes mdbox_rotate_interval = 60 days mdbox_rotate_size = 50 M namespace inbox { inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . subscriptions = yes } passdb { args = /etc/dovecot/.master.user driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { quota = dict:User quota::proxy::quota sieve = ~/.dovecot.sieve sieve_dir = ~/sieve stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 1M stats_refresh = 30 s stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours zlib_save = bz2 zlib_save_level = 2 } postmaster_address = postmaster at mejor.pl protocols = imap pop3 sieve service auth { unix_listener auth-userdb { group = mail mode = 0660 user = root } } service dict { unix_listener dict { user = mail } } service stats { fifo_listener stats-mail { mode = 0600 user = mail } } ssl_cert = I posted to the list about this a while ago but never got a response, I have a bit more information now. Dovecot 2.2.12 and other 2.2 versions are broken when using zlib and maildir. If messages are re-indexed, the INTERNALDATE of all messages is set to the time the re-index is done. The problem seems to be in src/plugins/zlib/zlib-plugin.c in the function zlib_mail_cache_open. During a reindex maildir_mail_get_received_date() does an i_stream_stat on the the i_stream_seekable stream created in zlib_mail_cache_open, but this istream does not know about the original maildir message file and always returns the current time for the file's stat times. This is also broken on initial index, but if mail is indexed when it's received (ours isn't) it coincidentally gets the right time. From jtam.home at gmail.com Wed Apr 23 21:51:44 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Wed, 23 Apr 2014 14:51:44 -0700 (PDT) Subject: [Dovecot] Allowing non-SSL connections only for certain Password Databases In-Reply-To: References: Message-ID: Dan Pollock writes: > I would like to move everyone onto more modern mail programs, but at the > moment I have a couple of them that are stuck using very old software > installed for them on work computers. The rest of my clients can connect > on ports 993 and 995 without it being a problem. You know best whether you want to take the risk of compromising passwords on your system (including compromised accounts using for spamming and blowing your mail reputation to smithereens), but I don't know whether your customers do. They may think they are only risking their Email, but it can be leveraged to also gain access to other authentication systems e.g. "Forgot password" feature. You can suggest the installation of a SSL proxy for those holdouts that won't switch mail readers (stunnel even has support down to Win98). https://www.stunnel.org/ports.html These days, cleartext passwords over the network is just begging to be compromised. Joseph Tam From sca at andreasschulze.de Wed Apr 23 21:52:19 2014 From: sca at andreasschulze.de (Andreas Schulze) Date: Wed, 23 Apr 2014 23:52:19 +0200 Subject: [Dovecot] dovecot: disable ssl compression In-Reply-To: <5346ADA2.7000203@thelounge.net> References: <20140410150440.Horde.Gbn7XHx4blr0ZfiXKEbaAA1@horde.andreasschulze.de> <5346ADA2.7000203@thelounge.net> Message-ID: <20140423235219.Horde.PR-DrnYWXvVrgZ8sQM1XxQ2@horde.andreasschulze.de> Reindl Harald: > that attacks are not relevant for email because they > rely on the way a webbrowser works which is not the > case for a mail client - you can't trigger XSS and > Ajax in a MUA sure, that may be right, but We manage numerous public available services. And every time we go through our Qualys reports I have to explain this message from Qualys as not relevant/harmless/cannot change. It takes time to describe this fact again and again to our it-security people. And there are many other people in the same situation like me... That's my main intention to ask how to disable ssl compression in dovecot. Andreas From h.reindl at thelounge.net Wed Apr 23 22:15:12 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 24 Apr 2014 00:15:12 +0200 Subject: [Dovecot] dovecot: disable ssl compression In-Reply-To: <20140423235219.Horde.PR-DrnYWXvVrgZ8sQM1XxQ2@horde.andreasschulze.de> References: <20140410150440.Horde.Gbn7XHx4blr0ZfiXKEbaAA1@horde.andreasschulze.de> <5346ADA2.7000203@thelounge.net> <20140423235219.Horde.PR-DrnYWXvVrgZ8sQM1XxQ2@horde.andreasschulze.de> Message-ID: <53583B70.5010507@thelounge.net> Am 23.04.2014 23:52, schrieb Andreas Schulze: > Reindl Harald: > >> that attacks are not relevant for email because they >> rely on the way a webbrowser works which is not the >> case for a mail client - you can't trigger XSS and >> Ajax in a MUA > > sure, that may be right, but > > We manage numerous public available services. And every time > we go through our Qualys reports https://www.ssllabs.com/ssltest/ just don't alow anything other than https and port 443 - what reports are you speaking about? > I have to explain this message from Qualys as not > relevant/harmless/cannot change so what - which fools are allowed to audit you while have no clue what they are talking about? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From sca at andreasschulze.de Thu Apr 24 04:41:27 2014 From: sca at andreasschulze.de (Andreas Schulze) Date: Thu, 24 Apr 2014 06:41:27 +0200 Subject: [Dovecot] dovecot: disable ssl compression In-Reply-To: <53583B70.5010507@thelounge.net> References: <20140410150440.Horde.Gbn7XHx4blr0ZfiXKEbaAA1@horde.andreasschulze.de> <5346ADA2.7000203@thelounge.net> <20140423235219.Horde.PR-DrnYWXvVrgZ8sQM1XxQ2@horde.andreasschulze.de> <53583B70.5010507@thelounge.net> Message-ID: <20140424064127.Horde.PmGX52ciDTWb1ia6iZDURA1@horde.andreasschulze.de> Reindl Harald: > https://www.ssllabs.com/ssltest/ just don't alow anything other than > https and port 443 - what reports are you speaking about? your free to configure pop3s/imaps/ssmtp on the "nonstandard" port 443 >> I have to explain this message from Qualys as not >> relevant/harmless/cannot change > > so what - which fools are allowed to audit you while have > no clue what they are talking about? Qualys, they have more services than ssllabs.com see andreasschulze.de/tmp/qualys-id-38599.jpg Andreas From bourek at thinline.cz Thu Apr 24 06:30:14 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Thu, 24 Apr 2014 08:30:14 +0200 Subject: [Dovecot] dovecot: disable ssl compression In-Reply-To: <20140424064127.Horde.PmGX52ciDTWb1ia6iZDURA1@horde.andreasschulze.de> References: <20140410150440.Horde.Gbn7XHx4blr0ZfiXKEbaAA1@horde.andreasschulze.de> <5346ADA2.7000203@thelounge.net> <20140423235219.Horde.PR-DrnYWXvVrgZ8sQM1XxQ2@horde.andreasschulze.de> <53583B70.5010507@thelounge.net> <20140424064127.Horde.PmGX52ciDTWb1ia6iZDURA1@horde.andreasschulze.de> Message-ID: <5358AF76.5090409@thinline.cz> Andreas Schulze wrote: > > Reindl Harald: > >> https://www.ssllabs.com/ssltest/ just don't alow anything other than >> https and port 443 - what reports are you speaking about? > your free to configure pop3s/imaps/ssmtp on the "nonstandard" port 443 > >>> I have to explain this message from Qualys as not >>> relevant/harmless/cannot change >> >> so what - which fools are allowed to audit you while have >> no clue what they are talking about? > Qualys, they have more services than ssllabs.com > > see andreasschulze.de/tmp/qualys-id-38599.jpg > > Andreas Well they seem to know what they are talking about. The description of the threat in linked screenshot says "attacker needs to have ability to submit any plain text" The more interesting question is why do you need to explain to your it-security people that compression in POP3 is not vulnerable to this attack. I mean if they're in charge of security, the really should know that. From pj.netfilter at gmail.com Thu Apr 24 10:18:48 2014 From: pj.netfilter at gmail.com (Joy) Date: Thu, 24 Apr 2014 15:48:48 +0530 Subject: [Dovecot] Regarding Quota Message-ID: Dear All, One of my user is using sieve to make a copy of incoming mail in another folder all is working file. I have seen that he is using 15GB out of 20GB space of his mailbox, while calculating the same using du command returns only 9.5 GB. I am not facing this issue with any of other user. Is there something going wrong or misconfiguration causing this. From rs at sys4.de Thu Apr 24 10:54:58 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 24 Apr 2014 12:54:58 +0200 Subject: [Dovecot] Regarding Quota In-Reply-To: References: Message-ID: <5358ED82.9000301@sys4.de> Am 24.04.2014 12:18, schrieb Joy: > Dear All, > One of my user is using sieve to make a copy of incoming > mail in another folder all is working file. I have seen that he is using > 15GB out of 20GB space of his mailbox, while calculating the same using du > command returns only 9.5 GB. I am not facing this issue with any of other > user. Is there something going wrong or misconfiguration causing this. > Hi, please study http://wiki2.dovecot.org/Tools/Doveadm/Quota i.e Example Get the current quota usage of user jane. doveadm quota get -u jane for setup issues you should post your config Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From sca at andreasschulze.de Thu Apr 24 11:04:40 2014 From: sca at andreasschulze.de (Andreas Schulze) Date: Thu, 24 Apr 2014 13:04:40 +0200 Subject: [Dovecot] dovecot: disable ssl compression In-Reply-To: <5358AF76.5090409@thinline.cz> References: <20140410150440.Horde.Gbn7XHx4blr0ZfiXKEbaAA1@horde.andreasschulze.de> <5346ADA2.7000203@thelounge.net> <20140423235219.Horde.PR-DrnYWXvVrgZ8sQM1XxQ2@horde.andreasschulze.de> <53583B70.5010507@thelounge.net> <20140424064127.Horde.PmGX52ciDTWb1ia6iZDURA1@horde.andreasschulze.de> <5358AF76.5090409@thinline.cz> Message-ID: <20140424130440.Horde.N1RMoliWLdA3E5bzQSGPnw2@horde.andreasschulze.de> Jiri Bourek: > The more interesting question is why do you need to explain to your > it-security people I'm asking that myself too :-/ From me at junc.eu Thu Apr 24 15:56:11 2014 From: me at junc.eu (Benny Pedersen) Date: Thu, 24 Apr 2014 17:56:11 +0200 Subject: [Dovecot] dovecot: disable ssl compression In-Reply-To: <20140424130440.Horde.N1RMoliWLdA3E5bzQSGPnw2@horde.andreasschulze.de> References: <20140410150440.Horde.Gbn7XHx4blr0ZfiXKEbaAA1@horde.andreasschulze.de> <5346ADA2.7000203@thelounge.net> <20140423235219.Horde.PR-DrnYWXvVrgZ8sQM1XxQ2@horde.andreasschulze.de> <53583B70.5010507@thelounge.net> <20140424064127.Horde.PmGX52ciDTWb1ia6iZDURA1@horde.andreasschulze.de> <5358AF76.5090409@thinline.cz> <20140424130440.Horde.N1RMoliWLdA3E5bzQSGPnw2@horde.andreasschulze.de> Message-ID: <96454d9608ae43e0d42345fe44679c48@junc.eu> Andreas Schulze skrev den 2014-04-24 13:04: > Jiri Bourek: > >> The more interesting question is why do you need to explain to your >> it-security people > I'm asking that myself too :-/ atleast dovecot stopped breaking dkim now :) i have ordered a flag now... From me at junc.eu Thu Apr 24 16:05:20 2014 From: me at junc.eu (Benny Pedersen) Date: Thu, 24 Apr 2014 18:05:20 +0200 Subject: [Dovecot] dovecot: disable ssl compression In-Reply-To: <96454d9608ae43e0d42345fe44679c48@junc.eu> References: <20140410150440.Horde.Gbn7XHx4blr0ZfiXKEbaAA1@horde.andreasschulze.de> <5346ADA2.7000203@thelounge.net> <20140423235219.Horde.PR-DrnYWXvVrgZ8sQM1XxQ2@horde.andreasschulze.de> <53583B70.5010507@thelounge.net> <20140424064127.Horde.PmGX52ciDTWb1ia6iZDURA1@horde.andreasschulze.de> <5358AF76.5090409@thinline.cz> <20140424130440.Horde.N1RMoliWLdA3E5bzQSGPnw2@horde.andreasschulze.de> <96454d9608ae43e0d42345fe44679c48@junc.eu> Message-ID: <9a13abcb043411912e6fdca06381b27c@junc.eu> Benny Pedersen skrev den 2014-04-24 17:56: > Andreas Schulze skrev den 2014-04-24 13:04: >> Jiri Bourek: >> >>> The more interesting question is why do you need to explain to your >>> it-security people >> I'm asking that myself too :-/ > > atleast dovecot stopped breaking dkim now :) or no: Authentication-Results: duggi.junc.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=junc.eu header.i=@junc.eu header.b=DnJ5TUMC; dkim-atps=neutral works for some just not all :( Authentication-Results: duggi.junc.org; dkim=pass (4096-bit key) header.d=andreasschulze.de header.i=@andreasschulze.de header.b=lQJpd3+d; dkim-atps=neutral both is mails on dovecot maillist recieved today From e-frog at gmx.de Thu Apr 24 17:32:27 2014 From: e-frog at gmx.de (e-frog) Date: Thu, 24 Apr 2014 19:32:27 +0200 Subject: [Dovecot] Assert crash with latest HG ddf374a36057 Message-ID: <53594AAB.1070109@gmx.de> Hello, Latest HG assert crashes with imap(user): Panic: file mail-storage.c: line 1836 (mailbox_transaction_begin): assertion failed: (box->opened) Full backtrace is attached. Thanks, e-frog -------------- next part -------------- Core was generated by `dovecot/imap'. Program terminated with signal SIGABRT, Aborted. #0 0xb775d424 in __kernel_vsyscall () (gdb) bt full #0 0xb775d424 in __kernel_vsyscall () No symbol table info available. #1 0xb73e7827 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 resultvar = resultvar = pid = -1219084288 selftid = 28355 #2 0xb73eac53 in __GI_abort () at abort.c:89 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0xb7645c38, sa_sigaction = 0xb7645c38}, sa_mask = {__val = {0, 3076355807, 3220002956, 10, 3220003060, 3076811340, 3078182889, 3078183557, 3078184545, 8, 3076437534, 3076433244, 3076433384, 0, 3106788048, 3074239107, 3076355310, 3076807736, 3074111164, 0, 3107576200, 3076355899, 3076809776, 3076582416, 3220003060, 3076506719, 3106788048, 0, 3076807736, 3076046770, 3076809776, 3076582416}}, sa_flags = -1074964236, sa_restorer = 0xb758bf81 } sigs = {__val = {32, 0 }} #3 0xb75d7ac0 in default_fatal_finish (type=, status=status at entry=0) at failures.c:193 backtrace = 0xb92dd2f0 "/usr/lib/dovecot/libdovecot.so.0(+0x5fad0) [0xb75d7ad0] -> /usr/lib/dovecot/libdovecot.so.0(+0x5fc01) [0xb75d7c01] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0xb758bee9] -> /usr/lib/dovecot/libdo"... #4 0xb75d7c01 in i_internal_fatal_handler (ctx=0xbfed5954, format=0xb7718414 "file %s: line %d (%s): assertion failed: (%s)", args=0xbfed5974 "`!r\267,\a") at failures.c:657 status = 0 #5 0xb758bee9 in i_panic (format=format at entry=0xb7718414 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:267 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = 0xbfed5974 "`!r\267,\a" #6 0xb76b7aef in mailbox_transaction_begin (box=0xb935ff38, flags=flags at entry=(unknown: 0)) at mail-storage.c:1836 trans = __FUNCTION__ = "mailbox_transaction_begin" #7 0xb7387da2 in virtual_backend_box_sync_mail_set (bbox=, bbox=) at virtual-sync.c:105 trans = #8 0xb7388b50 in virtual_backend_box_sync_mail_set (bbox=0xb9318058, bbox=0xb9318058) at virtual-sync.c:388 No locals. #9 virtual_sync_index_rec (sync_rec=0xbfed5ac8, ctx=0xb939d988) at virtual-sync.c:370 bbox = 0xb9318058 flags = vrec = 0xb93a42e8 data = 0xb93a42e8 keywords = 0xb939b958 modify_type = kw_names = {0x0, 0xb9308768 "8\211\060\271 \211\060\271\070\003\060\271\060\373/\271"} vseq = 505 seq1 = 505 virtual_ext_id = 2 seq2 = 505 #10 virtual_sync_index_changes (ctx=0xb939d988) at virtual-sync.c:419 keywords = sync_rec = {uid1 = 274359, uid2 = 274359, type = MAIL_INDEX_SYNC_TYPE_FLAGS, add_flags = 8 '\b', remove_flags = 0 '\000', keyword_idx = 0, guid_128 = "\t\304X\267\000\000\000\000\260\000\000\000|uu\267"} #11 virtual_sync (flags=(MAILBOX_SYNC_FLAG_FULL_READ | MAILBOX_SYNC_FLAG_FIX_INCONSISTENT), mbox=0xb9308768) at virtual-sync.c:1514 ctx = 0xb939d988 index_sync_flags = ret = #12 virtual_storage_sync_init (box=0xb9308768, flags=(MAILBOX_SYNC_FLAG_FULL_READ | MAILBOX_SYNC_FLAG_FIX_INCONSISTENT)) at virtual-sync.c:1536 mbox = 0xb9308768 sync_ctx = ret = 0 #13 0xb76b7625 in mailbox_sync_init (box=box at entry=0xb9308768, flags=flags at entry=(MAILBOX_SYNC_FLAG_FULL_READ | MAILBOX_SYNC_FLAG_FIX_INCONSISTENT)) at mail-storage.c:1679 _data_stack_cur_id = 4 ctx = #14 0xb76b774f in mailbox_sync (box=0xb9308768, flags=(MAILBOX_SYNC_FLAG_FULL_READ | MAILBOX_SYNC_FLAG_FIX_INCONSISTENT), flags at entry=MAILBOX_SYNC_FLAG_FULL_READ) at mail-storage.c:1727 ctx = 0x2e status = {sync_delayed_expunges = 0} #15 0xb7790730 in select_open (readonly=false, mailbox=, ctx=0xb9305bf0) at cmd-select.c:311 client = 0xb93050e8 status = {messages = 3075372849, recent = 3076807736, unseen = 3076513959, uidvalidity = 3106787565, uidnext = 3106787408, first_unseen_seq = 48, first_recent_uid = 3076348876, last_cached_seq = 3106787536, highest_modseq = 2202130043104, highest_pvt_modseq = 13343550109902518285, keywords = 0x3, permanent_flags = 3076807736, permanent_keywords = 0, allow_new_keywords = 0, nonpermanent_modseqs = 0, no_modseq_tracking = 1, have_guids = 0, have_save_guids = 1, have_only_guid128 = 0} flags = MAILBOX_FLAG_DROP_RECENT ret = #16 cmd_select_full (cmd=cmd at entry=0xb9305b50, readonly=readonly at entry=false) at cmd-select.c:435 client = 0xb93050e8 ctx = args = 0xb9308380 list_args = 0xb75d5bcc mailbox = 0xb92dd240 "virtual/Lists/Dovecot" error = 0xb74e5f25 <__memset_sse2+37> "\201\303\033\331\003" __FUNCTION__ = "cmd_select_full" #17 0xb77911a7 in cmd_select (cmd=0xb9305b50) at cmd-select.c:444 No locals. #18 0xb779682a in command_exec (cmd=0xb9305b50) at imap-commands.c:158 hook = 0xb92e5998 ret = #19 0xb77956aa in client_command_input (cmd=0xb9305b50) at imap-client.c:778 client = 0xb93050e8 command = __FUNCTION__ = "client_command_input" #20 0xb77957e9 in client_command_input (cmd=0xb9305b50) at imap-client.c:839 client = 0xb93050e8 command = __FUNCTION__ = "client_command_input" #21 0xb7795a85 in client_handle_next_command (remove_io_r=, client=0xb93050e8) at imap-client.c:877 No locals. #22 client_handle_input (client=client at entry=0xb93050e8) at imap-client.c:889 _data_stack_cur_id = 3 remove_io = false handled_commands = __FUNCTION__ = "client_handle_input" #23 0xb7795e61 in client_input (client=0xb93050e8) at imap-client.c:931 cmd = 0xb9305b08 output = 0xb9305a38 bytes = 34 __FUNCTION__ = "client_input" #24 0xb75ea4cf in io_loop_call_io (io=0xb9305ad0) at ioloop.c:441 ioloop = 0xb92e5498 t_id = 2 __FUNCTION__ = "io_loop_call_io" #25 0xb75eb61e in io_loop_handler_run_internal (ioloop=ioloop at entry=0xb92e5498) at ioloop-epoll.c:220 ctx = 0xb92e6610 list = 0xb93059e0 io = tv = {tv_sec = 1799, tv_usec = 999407} events_count = ---Type to continue, or q to quit--- msecs = ret = 1 i = 0 j = 0 call = __FUNCTION__ = "io_loop_handler_run_internal" #26 0xb75ea55c in io_loop_handler_run (ioloop=ioloop at entry=0xb92e5498) at ioloop.c:488 No locals. #27 0xb75ea5e8 in io_loop_run (ioloop=0xb92e5498) at ioloop.c:465 __FUNCTION__ = "io_loop_run" #28 0xb7591968 in master_service_run (service=0xb92e53c0, callback=0xb779fe10 ) at master-service.c:566 No locals. #29 0xb7788c08 in main (argc=, argv=) at main.c:400 set_roots = {0xb77b04c0 , 0x0} login_set = {auth_socket_path = 0xb92dd030 "P\320-\271\060", postlogin_socket_path = 0xb92dd060 "ritz.box 192.168.178.103 select]", postlogin_timeout_secs = 60, callback = 0xb77a0290 , failure_callback = 0xb779ff40 , request_auth_token = 1} service_flags = storage_service_flags = username = 0x0 c = From asai at globalchangemusic.org Thu Apr 24 17:37:20 2014 From: asai at globalchangemusic.org (Asai) Date: Thu, 24 Apr 2014 10:37:20 -0700 Subject: [Dovecot] 2.2.12 RPM Needed Message-ID: <53594BD0.7010508@globalchangemusic.org> Greetings, I'm not very experienced in building Source RPMs and we're in need of a Dovecot RPM for version 2.2.12 for CentOS 5. It seems that the ATRPMs repo maintained by Axel Thimm hasn't seen much activity lately and the task of updating a source RPM is more than I have time for as a busy developer who does systems admin on the side. Could anybody recommend another repo where there would be the latest Dovecot binaries? Or perhaps tell me of any gotchas and catches which might arise if I go ahead and build 2.2.12 from source over the RPM I currently have installed (2.2.10)? Thanks. -- --Asai From h.reindl at thelounge.net Thu Apr 24 19:23:44 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 24 Apr 2014 21:23:44 +0200 Subject: [Dovecot] 2.2.12 RPM Needed In-Reply-To: <53594BD0.7010508@globalchangemusic.org> References: <53594BD0.7010508@globalchangemusic.org> Message-ID: <535964C0.6020000@thelounge.net> Am 24.04.2014 19:37, schrieb Asai: > I'm not very experienced in building Source RPMs and we're in need of a Dovecot RPM for version 2.2.12 for CentOS > 5. It seems that the ATRPMs repo maintained by Axel Thimm hasn't seen much activity lately and the task of > updating a source RPM is more than I have time for as a busy developer who does systems admin on the side. > > Could anybody recommend another repo where there would be the latest Dovecot binaries? Or perhaps tell me of any > gotchas and catches which might arise if I go ahead and build 2.2.12 from source over the RPM I currently have > installed (2.2.10)? you only need to replace the tarball and the version in the SPEC and rebuild the package - for monir updates you don't need anything else if upstream has no broken release strategy, dovecot's is fine i am building dovecot the last two years without any SPEC change except version and changelog - but you won't be happy with my stripped down SPEC following our infrastructure (no configs etc.) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From toml at engr.orst.edu Thu Apr 24 20:14:26 2014 From: toml at engr.orst.edu (Tom Lieuallen) Date: Thu, 24 Apr 2014 13:14:26 -0700 Subject: [Dovecot] segfault with shared namespace version > 2.1.16 In-Reply-To: <534F1AD1.3030906@engr.orst.edu> References: <534F1AD1.3030906@engr.orst.edu> Message-ID: <535970A2.20805@engr.orst.edu> Nobody bit on this yet. :-) I regret my choice of subject; perhaps it's not appealing/appropriate as it mentions an older version. I did narrow down the problem a little. This configuration works up through 2.2.2. At version 2.2.3 and beyond, I get segfaults. So, something changed with 2.2.3 that our configuration is tickling. I'll continue to poke at it, but those who look at core dumps would probably get right to the issue. thank you Tom Lieuallen On 4/16/14, 5:05 PM, Tom Lieuallen wrote: > We're currently running 2.1.16. I've been wanting to update to a 2.2.X > version, but have been running into problems, even with the latest > (2.2.12). I'm not sure at what version this issue appeared, but I > believe I've tried 2.2.10, 2.2.11, and now 2.2.12. > > We have a shared maildir setup. With that configuration in place and > with a user in the dovecot-acl file, I can do the following to make it > segfault every time. Note if I comment out the shared namespace config, > it does not segfault. > > /private/dovecot/libexec/dovecot/imap -u tom2 > * PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID > ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS > THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN > NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH > ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY > MOVE] Logged in as tom2 > l list "" * > Segmentation fault (core dumped) > > The /a1 and /a2 mentioned here for shared folders and indexes are both > local ext4 file systems. > > =========== > > Here is the output of dovecot -n: > > # 2.2.12: /private/dovecot/etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-431.el6.x86_64 x86_64 CentOS release 6.5 (Final) > first_valid_uid = 100 > listen = * > mail_location = mbox:~/mail:INBOX=/var/mail/%u:INDEX=/a2/imap-index/%u > mail_plugins = quota acl > namespace { > hidden = yes > inbox = no > list = children > location = maildir:/a1/dove-shared:INDEX=/a2/imap-index/dove-shared/%u > prefix = sharedimap/ > separator = / > type = shared > } > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > separator = / > type = private > } > passdb { > args = /private/dovecot/etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > passdb { > args = scheme=CRYPT username_format=%u /private/dovecot/etc/passwd > driver = passwd-file > } > plugin { > acl = vfile > quota = fs:INBOX:mount=/a1 > quota2 = fs:Home quota:mount=%h > } > protocols = imap lmtp > service imap-login { > process_limit = 500 > process_min_avail = 16 > service_count = 1 > } > service imap { > process_limit = 2048 > } > ssl_cert = ssl_key = userdb { > args = /private/dovecot/etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > userdb { > args = username_format=%u /private/dovecot/etc/passwd > driver = passwd-file > } > > ============== > > I've got core dumps from it. I assume the gdb examples give a reverse > trace of the calls. If more is needed, I can supply. > > Core was generated by `/private/dovecot/libexec/dovecot/imap -u tom2'. > Program terminated with signal 11, Segmentation fault. > #0 mailbox_settings_find (user=0x6866c0, > vname=0x670800 "sharedimap/support-reports") at mail-storage.c:624 > 624 { > Missing separate debuginfos, use: debuginfo-install > glibc-2.12-1.132.el6.x86_64 sssd-client-1.9.2-129.el6.x86_64 > (gdb) bt full > #0 mailbox_settings_find (user=0x6866c0, > vname=0x670800 "sharedimap/support-reports") at mail-storage.c:624 > box_set = > ns = > #1 0x00007f1cb0323fd0 in mailbox_list_get_storage (list=0x7fff73b39088, > vname=, storage_r=0x7fff73b39080) > at mailbox-list.c:821 > set = > #2 0x00007f1cb03164a7 in mail_namespace_find_shared ( > namespaces=, > mailbox=0x670800 "sharedimap/support-reports") at mail-namespace.c:651 > list = 0x68ea30 > storage = 0x0 > #3 mail_namespace_find (namespaces=, > mailbox=0x670800 "sharedimap/support-reports") at mail-namespace.c:669 > ns = 0x68ad70 > __FUNCTION__ = "mail_namespace_find" > .... > .... > > > thank you > > Tom Lieuallen > Oregon State University From rplatel at tucows.com Thu Apr 24 20:54:52 2014 From: rplatel at tucows.com (Richard Platel) Date: Thu, 24 Apr 2014 16:54:52 -0400 Subject: [Dovecot] maildir compressed message fix patch Message-ID: <830C2513-C735-4E1B-9EAD-6E865571A8EA@tucows.com> When a compressed maildir message has a bad S= size in its filename it puts the user in an unrecoverable state, since maildir's do_fix_size function just does a stat() on the maildir file and saves the compressed size in the filename. This (quick, rough, barely tested) patch addresses this issue, it's inefficient, but we're already in a hopefully rare emergency situation. --- maildir-mail.c 2014-02-11 22:23:37.000000000 +0000 +++ maildir-mail.c.new 2014-04-24 20:41:25.000000000 +0000 @@ -8,6 +8,7 @@ #include "maildir-filename.h" #include "maildir-uidlist.h" #include "maildir-sync.h" +#include "compression.h" #include #include @@ -640,6 +641,10 @@ { const char *fname, *newpath, *extra, *info, *dir; struct stat st; + const struct stat * stp; + const struct compression_handler * handler; + struct istream * fstream; + struct istream * cstream; fname = strrchr(path, '/'); i_assert(fname != NULL); @@ -650,13 +655,29 @@ info = strchr(fname, MAILDIR_INFO_SEP); if (info == NULL) info = ""; + fstream = i_stream_create_file(path, 1024); + handler = compression_detect_handler(fstream); + if (handler != NULL && handler->create_istream != NULL) + { + cstream = handler->create_istream(fstream, TRUE); + if (i_stream_stat(cstream, TRUE, &stp) < 0) + { + return -1; + } + st = *stp; /* dumb copy */ + i_stream_unref(&cstream); + } + else + { if (stat(path, &st) < 0) { if (errno == ENOENT) return 0; mail_storage_set_critical(&mbox->storage->storage, "stat(%s) failed: %m", path); return -1; - } + } + } + i_stream_unref(&fstream); newpath = t_strdup_printf("%s/%s,S=%"PRIuUOFF_T"%s", dir, t_strdup_until(fname, extra), From kcmohan at gmail.com Thu Apr 24 21:03:44 2014 From: kcmohan at gmail.com (K. C. Mohan - Personal) Date: Thu, 24 Apr 2014 17:03:44 -0400 Subject: [Dovecot] integration of old mails into new dovecot Maildir In-Reply-To: <534b7d87.c4e00e0a.3108.ffffb3d0SMTPIN_ADDED_BROKEN@mx.google.com> References: <00f301cf5336$8ed24cc0$ac76e640$@gmail.com> <53466ed9.06e10e0a.3924.137aSMTPIN_ADDED_BROKEN@mx.google.com> <8856D0A68D31437EBC435D5725621D44@DellNB> <534b7d87.c4e00e0a.3108.ffffb3d0SMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: <010e01cf6000$afc7b100$0f571300$@gmail.com> Steffen, Thank you for all your help in helping me resolve my mail integration. I was able to get the old mails integrated into the new server following your suggestion of 1:1 transfer. Thanks again and have a good day. -----Original Message----- From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] Sent: Monday, April 14, 2014 2:18 AM To: K. C. Mohan Cc: dovecot at dovecot.org Subject: Re: [Dovecot] integration of old mails into new dovecot Maildir -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 13 Apr 2014, K. C. Mohan wrote: Please, do not top post. > Thank you Steffen, for addressing my problem of migrating old mails > into new mail server. I went through the article you pointed to but > could not succueed. I will appreciate if you could guide me to step by > step process to migrate the mails. My old mail server used 2.x dovecot version. you post very little information: 1) how are the messages storred on the old server, which storage backend do you use, maybe Maildir? 2) the storage backend on the new server? 3) do you care about the message UIDs? 4) How many users do you have (approx.) and can you access the user's mailboxes via IMAP, e.g. using a master user or do you know their password or can you switch to a known password during migration of one particular user? 5) Did you've changed namespaces? - From your first post I figure that the basic mail server functionality of the new server is working, most importantly login, message delivery and retrieval. > -----Original Message----- From: Steffen Kaiser > Sent: Thursday, April 10, 2014 6:14 AM > To: K. C. Mohan - Personal s > Cc: dovecot at dovecot.org > Subject: Re: [Dovecot] integration of old mails into new dovecot > Maildir > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 8 Apr 2014, K. C. Mohan - Personal wrote: > >> I just installed dovecot 2.2.9 on to a new server and want to >> transfer all the old mails into the email accounts I imported from >> the previous server into MySQL database. I am not able to view the >> subfolders and or old mails that I copied into their respective >> maildir folders. I was very much appreciate if anyone could let me >> know how to import old mails into the new server. All I see, is the >> new mails that have come into the account since I started dovecot service in the new server. > > Check out http://wiki2.dovecot.org/Migration . Read esp. about > "preserving messages' UIDs". > > If the old server uses Maildir, too, and you don't care about the > UIDs, copy the files over and you are done. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU0t9r3D1/YhP6VMHAQL21wgAx1GgDwQDWwDMPxbMQ+1vR3i7dsyUk5jm PNmRigoV8qylbn2AuZ1YMxGN2wEZfSl2zi/j2CtSEUX+d9LOf+lvI9V8zXkvSHT6 jYEHwuIQACjPUxWmh7x8XelvQvZHB9PEH56z8eJhkgyVxpae8Rbb1EHurvmxckef O0fdmCIglXJdJJ+B9WZ7JZVsB3M6PFFsllizS17+Hus6O2NeVaszLa7o7bk5XInD m+Co4e4sCVphVlssHRCIRa8Lj6nDC+D6g3RjCR+n0rVREXRbvEcSQPerEAqrZhf8 HB46x3V3n6C2fEu7RNWLB0+DzglHLBI5p9ZqAjJRMr3D9Xy9L5SKlQ== =IH25 -----END PGP SIGNATURE----- --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com From jason at score.com.hk Fri Apr 25 02:29:34 2014 From: jason at score.com.hk (Jason) Date: Fri, 25 Apr 2014 10:29:34 +0800 Subject: [Dovecot] dovecot temporary suspension all of pop3 login about 5 minutes Message-ID: Dear All? When the user login P0P3 more than 10 times in 1 minute that the dovecot temporary suspension all of pop3 login about 5 minutes. How to disable the setting for dovecot. Mail Log: Apr 24 16:11:14 mww dovecot: pop3-login: Login: user=, method=PLAIN, rip=192.168.16.84, lip=192.168.16.159, mpid=8767, session=<5USPZMX3/QDAqBBU> Apr 24 16:11:14 mww dovecot: pop3(scan): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Apr 24 16:11:15 mww dovecot: auth-worker: Error: no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory Apr 24 16:11:15 mww dovecot: pop3-login: Login: user=, method=PLAIN, rip=192.168.16.84, lip=192.168.16.159, mpid=8769, session= Apr 24 16:11:15 mww dovecot: pop3(scan): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Apr 24 16:11:16 mww dovecot: auth-worker: Error: no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory Apr 24 16:11:16 mww dovecot: pop3-login: Login: user=, method=PLAIN, rip=192.168.16.84, lip=192.168.16.159, mpid=8771, session= Apr 24 16:11:16 mww dovecot: pop3(scan): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Apr 24 16:11:17 mww dovecot: auth-worker: Error: no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory Apr 24 16:11:17 mww dovecot: pop3-login: Login: user=, method=PLAIN, rip=192.168.16.84, lip=192.168.16.159, mpid=8773, session= Apr 24 16:11:17 mww dovecot: pop3(scan): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Apr 24 16:11:18 mww dovecot: auth-worker: Error: no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory Apr 24 16:11:18 mww dovecot: pop3-login: Login: user=, method=PLAIN, rip=192.168.16.84, lip=192.168.16.159, mpid=8775, session= Apr 24 16:11:18 mww dovecot: pop3(scan): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Apr 24 16:11:23 mww dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 4 secs): user=, method=PLAIN, rip=192.168.16.84, lip=192.168.16.159, session= Apr 24 16:12:04 mww dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 4 secs): user=, method=PLAIN, rip=192.168.16.59, lip=192.168.16.159, session= Dovecot v2.2.9 # 2.2.9: /etc/dovecot/dovecot.conf doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:99: ssl_disable has been renamed to ssl # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS disable_plaintext_auth = no mail_location = mbox:~/mail:INBOX=/var/mail/%u namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap pop3" ssl = no ssl_cert = References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 25 Apr 2014, Jason wrote: > When the user login P0P3 more than 10 times in 1 minute that the dovecot temporary suspension all of pop3 login about 5 minutes. > > How to disable the setting for dovecot. > Apr 24 16:11:14 mww dovecot: pop3-login: Login: user=, method=PLAIN, rip=192.168.16.84, lip=192.168.16.159, mpid=8767, session=<5USPZMX3/QDAqBBU> > Apr 24 16:11:14 mww dovecot: pop3(scan): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 > Apr 24 16:11:15 mww dovecot: auth-worker: Error: no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory > # 2.2.9: /etc/dovecot/dovecot.conf > doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:99: > ssl_disable has been renamed to ssl ... > ssl = no Check out last log line, it's a bug. First try update your config, then upgrade to v2.2.13, then let us know if your bug is fixed. BTW: I do not find no loadparm.c in v2.2.12. http://ubuntuforums.org/showthread.php?t=2214042 http://osdir.com/ml/ubuntu-bugs/2014-04/msg16458.html http://ubuntuforums.org/showthread.php?t=2218612 Looks like an Ubuntu bug with authentifications. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1oLSnz1H7kL/d9rAQKprwf/euB02Q0afRd4KrRshgNhdwjoDPQKNFW7 2tuWTBEoSvYujqLKVKQOONkkZOQZpy+M49AS7tJh5+0ZhsmKZKZsLLWW7pJE+fBH 6M6sZ0h2qH1HP0g9ONx0jr1aDPzNRhPtEIzZyvIgRjvg5Own2wtNLSJvncasoVLM Wh4G5K67cH6CUkufnnoG6fm7unDKZm+JxXks0GuLZ62nqW9ID/KZelfqZHH8LWLN iM0uTbW58wcF024aAs8Asa+fVGIr4NXC/OhFM0gl9B7K0opkzr58N30kE+KDAM3a GU1H+ndTn+pokTAhB7t6a3FJoXfHB2cc9hK22e6OwirtL4HmobzuPg== =GNDN -----END PGP SIGNATURE----- From jason at score.com.hk Fri Apr 25 07:23:39 2014 From: jason at score.com.hk (Jason) Date: Fri, 25 Apr 2014 15:23:39 +0800 Subject: [Dovecot] dovecot temporary suspension all of pop3 login about 5 minutes In-Reply-To: References: Message-ID: Dear Steffen Kaiser, Thank you very much! Best regards, Jason -----Original Message----- From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] Sent: Friday, April 25, 2014 3:14 PM To: Jason Cc: dovecot at dovecot.org Subject: Re: [Dovecot] dovecot temporary suspension all of pop3 login about 5 minutes -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 25 Apr 2014, Jason wrote: > When the user login P0P3 more than 10 times in 1 minute that the dovecot temporary suspension all of pop3 login about 5 minutes. > > How to disable the setting for dovecot. > Apr 24 16:11:14 mww dovecot: pop3-login: Login: user=, > method=PLAIN, rip=192.168.16.84, lip=192.168.16.159, mpid=8767, > session=<5USPZMX3/QDAqBBU> Apr 24 16:11:14 mww dovecot: pop3(scan): > Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Apr 24 > 16:11:15 mww dovecot: auth-worker: Error: no talloc stackframe at > ../source3/param/loadparm.c:4864, leaking memory > # 2.2.9: /etc/dovecot/dovecot.conf > doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:99: > ssl_disable has been renamed to ssl ... > ssl = no Check out last log line, it's a bug. First try update your config, then upgrade to v2.2.13, then let us know if your bug is fixed. BTW: I do not find no loadparm.c in v2.2.12. http://ubuntuforums.org/showthread.php?t=2214042 http://osdir.com/ml/ubuntu-bugs/2014-04/msg16458.html http://ubuntuforums.org/showthread.php?t=2218612 Looks like an Ubuntu bug with authentifications. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1oLSnz1H7kL/d9rAQKprwf/euB02Q0afRd4KrRshgNhdwjoDPQKNFW7 2tuWTBEoSvYujqLKVKQOONkkZOQZpy+M49AS7tJh5+0ZhsmKZKZsLLWW7pJE+fBH 6M6sZ0h2qH1HP0g9ONx0jr1aDPzNRhPtEIzZyvIgRjvg5Own2wtNLSJvncasoVLM Wh4G5K67cH6CUkufnnoG6fm7unDKZm+JxXks0GuLZ62nqW9ID/KZelfqZHH8LWLN iM0uTbW58wcF024aAs8Asa+fVGIr4NXC/OhFM0gl9B7K0opkzr58N30kE+KDAM3a GU1H+ndTn+pokTAhB7t6a3FJoXfHB2cc9hK22e6OwirtL4HmobzuPg== =GNDN -----END PGP SIGNATURE----- From pug at felsing.net Fri Apr 25 09:45:21 2014 From: pug at felsing.net (Christian Felsing) Date: Fri, 25 Apr 2014 11:45:21 +0200 Subject: [Dovecot] Multiple Instances Of Dovecot On One Messagebase Message-ID: <535A2EB1.3010208@felsing.net> Hello, I would like to run multiple instances of Dovecot with same message base (maildir format) Will this set up work or would that destroy message base? Intention is to offer different authentication methods to users, username/password and client certificates. Those instances should run on different IP addresses which is supported by Dovecot. Unfortunately Dovecot does not allow different auth configs in "local {}" sections. best regards Christian From hanno at hboeck.de Fri Apr 25 11:30:31 2014 From: hanno at hboeck.de (Hanno =?UTF-8?B?QsO2Y2s=?=) Date: Fri, 25 Apr 2014 13:30:31 +0200 Subject: [Dovecot] separating logs by port Message-ID: <20140425133031.3158e02e@hboeck.de> Hi, I wanted to ask if there's an easy way to log the port in dovecot. The background is that, as everyone's probably aware, pop3/imap usually listen on two ports (110/995 for pop3, 143/993 for imap). One port is the "classic" port that allows unencrypted and STARTTLS connections, the other is the legacy SSL port that allows TLS only connections. The legacy SSL ports are considered deprecated and I'd like to know if I can deprecate them on my severs. Therefore I'd like to know how many users use them, but at the moment I can't see which port my users use. I haven't found an easy way to detect that. The easiest thing would be if there'd be a way to add the port number to the pop3-login/imap-login lines in the log files. Any way to do that? cu, -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From skdovecot at smail.inf.fh-brs.de Fri Apr 25 11:38:13 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 25 Apr 2014 13:38:13 +0200 (CEST) Subject: [Dovecot] separating logs by port In-Reply-To: <20140425133031.3158e02e@hboeck.de> References: <20140425133031.3158e02e@hboeck.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 25 Apr 2014, Hanno B?ck wrote: > I wanted to ask if there's an easy way to log the port in dovecot. http://wiki2.dovecot.org/Variables "These variables work only in Dovecot-auth and login_log_format_elements setting: %a %b " - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1pJJnz1H7kL/d9rAQL73Qf+MgDj14eTh59u5DaS+ogv6tdJMFKBSg/v 6KRe0NB+eUBgcTctl+f9qjdAtzA9L0fMDlGMA9XCAY7wjjhIj/u6oq21omcJ90HP fVqor7KQshyHeulyG4QjVXcbCjgPgooqJ0z2zEMVmxSmZ9Kb0I8PyUJZjLa1mWjx 7KpicFcaW5JL23vYKbJ0Cxq6m/wLUgM1GC43Hn0sUXHt0llyyRXZgOCOlZ+JWBB+ EaAgGAqKYkqqpbHrq6Zde3sNcv3bkaJcVkUm32gTca+em+iMtBpj4hcrdgYOraQb VRE8xmOATt6tWV7PApMmv/NFhaKuVro2TI58WCOPTqjRvLADXNRi6w== =GtcU -----END PGP SIGNATURE----- From ml-dovecot at zu-con.org Fri Apr 25 12:24:51 2014 From: ml-dovecot at zu-con.org (Matthias Rieber) Date: Fri, 25 Apr 2014 14:24:51 +0200 Subject: [Dovecot] crash while fts searching a virtual folder Message-ID: <9c91cfb839aa254c4d5096ab843f2f0a@ssl.scheff32.de> Hi, searching a virtual folder crashes dovecot quite often. I'm using dovecot 2.2.12. Here's the backtrace: [New LWP 28245] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `dovecot/imap'. Program terminated with signal 6, Aborted. #0 0x00007fc1d73f4425 in raise () from /lib/x86_64-linux-gnu/libc.so.6 #0 0x00007fc1d73f4425 in raise () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #1 0x00007fc1d73f7b8b in abort () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #2 0x00007fc1d77e6d45 in default_fatal_finish (type=, status=0) at failures.c:193 backtrace = 0x1cdc318 "/usr/local/lib/dovecot/libdovecot.so.0(+0x68d4f) [0x7fc1d77e6d4f] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x68dae) [0x7fc1d77e6dae] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fc1d77a0"... #3 0x00007fc1d77e6dae in i_internal_fatal_handler (ctx=0x7fff86d4b2d0, format=, args=) at failures.c:657 status = 0 #4 0x00007fc1d77a03b9 in i_panic (format=) at failures.c:267 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff86d4b3a0, reg_save_area = 0x7fff86d4b2e0}} #5 0x00007fc1d6774ed9 in level_scores_add_vuids (br=0x2413ab8, level=0x1c0c2e0, vbox=0x170c950) at fts-search.c:81 i = count = 234 backend_uids = {arr = {buffer = 0x1cdbe90, element_size = 8}, v = 0x1cdbe90, v_modifiable = 0x1cdbe90} vuids_arr = {arr = {buffer = 0x1cdba98, element_size = 4}, v = 0x1cdba98, v_modifiable = 0x1cdba98} vuids = 0xea scores = 0x23c8f50 score = 0xea #6 multi_add_lookup_result (args=0x1bbb220, level=0x1c0c2e0, fctx=0x18c2240, result=) at fts-search.c:146 br = 0x2413ab8 vbox = 0x170c950 vuids = {arr = {buffer = 0x16dbe70, element_size = 8}, v = 0x16dbe70, v_modifiable = 0x16dbe70} orig_size = i = #7 fts_search_lookup_level_multi (and_args=true, args=0x1bbb220, fctx=0x18c2240) at fts-search.c:194 mailboxes_arr = {arr = {buffer = 0x1e0a580, element_size = 8}, v = 0x1e0a580, v_modifiable = 0x1e0a580} backend = j = 60 vbox = mailboxes = 0x1e0a5b8 level = 0x1c0c2e0 result = {pool = 0x1e0a560, box_results = 0x2413838} i = mailbox_count = 60 #8 fts_search_lookup_level (fctx=0x18c2240, args=0x1bbb220, and_args=true) at fts-search.c:208 _data_stack_cur_id = 4 ret = #9 0x00007fc1d6774f86 in fts_search_lookup (fctx=) at fts-search.c:354 last_uid = 32653 seq1 = 0 seq2 = 0 __FUNCTION__ = "fts_search_lookup" #10 0x00007fc1d6776388 in fts_mailbox_search_init (t=, args=0x1bbb160, sort_program=, wanted_fields=0, wanted_headers=0x0) at fts-storage.c:207 ft = 0x1d4be20 fbox = flist = 0x1706610 ctx = 0x192f540 fctx = 0x18c2240 #11 0x000000000041caa0 in imap_search_start (ctx=0x170a238, sargs=0x1bbb160, sort_program=0x0) at imap-search.c:576 cmd = 0x170a130 __FUNCTION__ = "imap_search_start" #12 0x00000000004117b6 in cmd_search (cmd=0x170a130) at cmd-search.c:48 ctx = 0x170a238 sargs = 0x1bbb160 args = 0x16e2a38 charset = 0x424d0b "UTF-8" ret = #13 0x000000000041734d in command_exec (cmd=0x170a130) at imap-commands.c:158 hook = 0x16e00f0 ret = #14 0x00000000004163e0 in client_command_input (cmd=0x170a130) at imap-client.c:780 client = 0x17095e0 command = __FUNCTION__ = "client_command_input" #15 0x00000000004164c5 in client_command_input (cmd=0x170a130) at imap-client.c:841 client = 0x17095e0 command = __FUNCTION__ = "client_command_input" #16 0x000000000041676d in client_handle_next_command (remove_io_r=, client=0x17095e0) at imap-client.c:879 No locals. #17 client_handle_input (client=0x17095e0) at imap-client.c:891 _data_stack_cur_id = 3 ret = 48 remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" #18 0x0000000000416ae2 in client_input (client=0x17095e0) at imap-client.c:933 cmd = output = 0x1709ff0 bytes = 26 __FUNCTION__ = "client_input" #19 0x00007fc1d77f7616 in io_loop_call_io (io=0x17071a0) at ioloop.c:388 ioloop = 0x16df730 t_id = 2 #20 0x00007fc1d77f84cf in io_loop_handler_run (ioloop=) at ioloop-epoll.c:220 ctx = 0x16e03d0 events = 0x0 event = 0x16e1230 list = 0x16e1e00 io = tv = {tv_sec = 2, tv_usec = 425339} events_count = msecs = ret = 1 i = call = __FUNCTION__ = "io_loop_handler_run" #21 0x00007fc1d77f7128 in io_loop_run (ioloop=0x16df730) at ioloop.c:412 __FUNCTION__ = "io_loop_run" #22 0x00007fc1d77a57d3 in master_service_run (service=0x16df5c0, callback=) at master-service.c:566 No locals. #23 0x000000000040af58 in main (argc=1, argv=0x16df390) at main.c:400 set_roots = {0x427840, 0x0} login_set = {auth_socket_path = 0x16d7058 "", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x41fb00 , failure_callback = 0x41f810 , request_auth_token = 1} service_flags = storage_service_flags = username = c = Rebuilding the fts index and erasing all dovecot.index.* files didn't help. Regards, Matthias From pug at felsing.net Fri Apr 25 12:56:13 2014 From: pug at felsing.net (Christian Felsing) Date: Fri, 25 Apr 2014 14:56:13 +0200 Subject: [Dovecot] Incompatibility Thunderbirds Auth Mech TLS-Certificate <-> Dovecot Message-ID: <535A5B6D.2000904@felsing.net> Hello, it seems there there is an issue regarding "TLS-Certtificate" authentication in Thunderbird and Dovecot. Obviously client certificate is recognized by Dovecot: Apr 25 14:29:01 dovecot dovecot: imap-login: Valid certificate: /emailAddress=christian.felsing at example.net/CN=Christian Felsing (Test)/OU=CF Certificates/O=example.net/C=DE AFAIK Dovecot always requires IMAP login, even in "static" passdb config. Static means arbitrary password is ok, but not "no login" I hope, I am wrong, following log entry gave a hint, what Thunderbird does or more precisely - not do: Apr 25 14:29:01 dovecot dovecot: imap-login: Disconnected (no auth attempts in 5 secs): user=<>, rip=192.168.1.99, lip=192.168.42.1, TLS, session=<3+1THN33NQBtWq5D> Dovecot wants an IMAP login, but Thunderbird does not so. I am not sure if that is a bug (or feature) of Dovecot or Thunderbird. Thunderbird does several strange things on client certificates: 1st) If Dovecot is configured to request a client certificate and Thunderbird is configured to use plain text auth, Thunderbird offers a client certificate and login succeeds as configured in Dovecot. Unfortunately Thunderbird uses same certificate for all configured accounts to that host. Very bad if Dovecot reads username from certificate attributes. 2nd) If Dovecot is configured to request a client certificate and Thunderbird is configured to use TLS-Certificate, Thunderbird also offers a client certificate, but Dovecot requests login from Thunderbird. That fails, because Thunderbird assumes TLS-Certificate is enough for successful log. If it is true that Dovecot is not compatible to Thunderbirds way of TLS-Certificate Authentication, I consider to set up a proxy, which supports that way. May be Nginx would be a solution, it supports IMAP and LUA module plus some LUA code will fake the authentication. This is an ugly hack so I would like to avoid that, if anybody has a better solution. Thunderbird is a very widespread IMAP client so it should not be ignored. best regards Christian ---Dovecot config--- # /opt/dovecot/bin/doveconf -n # 2.2.12: /opt/dovecot/etc/dovecot-cert/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.4 auth_debug = yes auth_debug_passwords = yes auth_master_user_separator = * auth_ssl_require_client_cert = yes auth_ssl_username_from_cert = yes auth_username_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#" auth_username_translation = "@#" base_dir = /var/run/dovecot-cert first_valid_uid = 124 last_valid_uid = 124 listen = 192.168.42.1 log_timestamp = %Y-%m-%d %H:%M:%S login_greeting = example.net imap4/pop3 (cert only) ready. mail_gid = 124 mail_location = maildir:~/Maildir mail_privileged_group = vmail mail_uid = 124 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes list = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { args = password=test driver = static } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes autocreate = Trash autocreate2 = Drafts autosubscribe = Trash autosubscribe2 = Drafts quota = maildir:User quota quota_rule = *:storage=500M quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u recipient_delimiter = + sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags } protocols = imap pop3 lmtp sieve service anvil { client_limit = 4000 } service auth-worker { group = vmail } service auth { client_limit = 8000 unix_listener auth-master { group = vmail mode = 0660 user = vmail } unix_listener auth-userdb { group = vmail mode = 0660 user = dovecot } user = root } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_limit = 1024 } service imap-postlogin { executable = script-login /opt/cfbin/lastlogin.sh } service imap { executable = imap imap-postlogin } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } process_limit = 1024 } service pop3-postlogin { executable = script-login /opt/cfbin/lastlogin.sh } service pop3 { executable = pop3 pop3-postlogin } service quota-warning { executable = script /opt/cfbin/quota-warning.sh user = vmail } ssl_ca = Dovecot In-Reply-To: <535A5B6D.2000904@felsing.net> References: <535A5B6D.2000904@felsing.net> Message-ID: <535A5CD6.8080300@thelounge.net> Am 25.04.2014 14:56, schrieb Christian Felsing: > Apr 25 14:29:01 dovecot dovecot: imap-login: Disconnected (no auth > attempts in 5 secs): user=<>, rip=192.168.1.99, lip=192.168.42.1, TLS, > session=<3+1THN33NQBtWq5D> > > Dovecot wants an IMAP login, but Thunderbird does not so. I am not sure > if that is a bug (or feature) of Dovecot or Thunderbird. Thunderbird > does several strange things on client certificates: that is the normal behavior if you force a auth-mech on the client which the server don't announce - auth-mech and TLS certificicate are completly different worlds just configure thunderbird to use plain instead encrypted auth which means CRAM-MD5 at the end of the day, by default dovecot only offers PLAIN which is fine inside a TLS connection you can only support CRAM-MD5 with passwords stored as plain-text [root at testserver:~]$ doveconf -n | grep -i mech auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN [root at testserver:~]$ doveconf -d | grep -i mech auth_mechanisms = plain -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From frysco at icloud.com Mon Apr 21 16:52:13 2014 From: frysco at icloud.com (Jeremy Doran) Date: Mon, 21 Apr 2014 09:52:13 -0700 Subject: [Dovecot] Trying to get DSpam+Dovecot working with Postfix and local/virtual domains Message-ID: <53554CBD.2010905@icloud.com> Hi, I'm hoping that someone might be able to help, as I've been going in circles with trying to get the right configuration done here. I'm also not sure whether this is more of a Dovecot or DSpam question, so I'm posting the same to both mailing lists. My goal is to have a mail setup that is as follows: [Incoming email] --> [Postfix] --> [Amavis] --> [DSpam] --> [Dovecot LDA] -+---(local domain)---> /var/mail/${user} | +---(virtual)---> /home/vmail/${domain}/${user}@{domain} As of right now, I have Postfix successfully feeding into Amavis, re-injecting into Postfix with a final delivery for the local domain via procmail, and final delivery for virtual domains via the virtual transport into maildir (but /home/vmail/${user}@${domain}) Virtual domains are being managed by PostfixAdmin. Dovecot is running as the IMAP server. Everything (Postfix, PostfixAdmin, Dovecot) is using a Postgres database as backend for the dynamic maps/authentication. The problem I've been stumbling over is trying to get DSpam to work nicely with both a local domain and virtual domains/mailboxes, and the same for Dovecot, as I would rather like to make use of the Sieve functionality going forward instead of Procmail. I did have DSpam working, but was unable to get the Dovecot antispam plugin working to re-train based on moving mails into/out of a defined 'SPAM' folder, due to permissions relating to how the antispam plugin was calling DSpam. I'm really not wanting to make the local domain into a virtual mailbox domain, because there are users on the system (for that local domain) that already use the password in /etc/passwd for accessing the server for other uses. While there are also people who do that who have virtual mailbox domains, it's a far lower number. Here's what I have so far. Postfix 2.11.0 main.cf (via 'postconf -nf'): alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 html_directory = /usr/local/share/doc/postfix inet_interfaces = all inet_protocols = ipv4 ipv6 local_recipient_maps = $transport_maps unix:passwd.byname $alias_maps mail_owner = postfix mailbox_command = /usr/local/bin/procmail -a "$EXTENSION" mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man mydestination = $myhostname, localhost.$mydomain, $mydomain mydomain = critter.net myhostname = cornix.critter.net mynetworks = 127.0.0.0/8, 46.4.24.15/32, [::1]/128, [2a01:4f8:131:4263::]/64, 184.73.168.110/32, [2001:470:7:12ba::]/64 mynetworks_style = host myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix receive_override_options = no_address_mappings recipient_delimiter = - relay_domains = pgsql:$config_directory/Maps/pgsql_relay_domains_maps.cf sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_tls_CAfile = /etc/ssl/certs/Critter.Net_Certificate_Authority.pem smtp_tls_cert_file = /etc/ssl/certs/smtp.critter.net.pem smtp_tls_key_file = /etc/ssl/private/smtp.critter.net.pem smtp_tls_session_cache_database = /var/db/postfix/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client zen.spamhaus.org, check_policy_service inet:127.0.0.1:10023 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/ssl/certs/Critter.Net_Certificate_Authority.pem smtpd_tls_ask_ccert = yes smtpd_tls_cert_file = /etc/ssl/certs/smtp.critter.net.pem smtpd_tls_key_file = /etc/ssl/private/smtp.critter.net.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_scache smtpd_use_tls = yes soft_bounce = yes tls_random_source = dev:/dev/urandom transport_maps = pgsql:$config_directory/Maps/pgsql_transport_maps.cf unknown_local_recipient_reject_code = 450 virtual_alias_maps = pgsql:$config_directory/Maps/pgsql_virtual_alias_maps.cf virtual_gid_maps = static:400 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = pgsql:$config_directory/Maps/pgsql_virtual_domain_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = pgsql:$config_directory/Maps/pgsql_virtual_mailbox_maps.cf virtual_minimum_uid = 400 virtual_transport = virtual virtual_uid_maps = static:400 master.cf (via 'postconf -Mf'): smtp inet n - n - - smtpd 24 inet n - n - - smtpd submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject -o milter_macro_daemon_name=ORIGINATING pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache amavisfeed unix - - - - 2 smtp -o syslog_name=postfix/amavisfeed -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - n - - smtpd -o syslog_name=postfix/amavis-reinject -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8,[::1]/128 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= -o smtpd_milters= -o local_recipient_maps= -o relay_recipient_maps= dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} Dovecot 2.2.10 config (via 'dovecot -n'): # 2.2.10: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-RELEASE-p1 amd64 auth_debug = yes auth_verbose = yes debug_log_path = /var/log/dovecot-debug.log first_valid_uid = 400 mail_location = mbox:~/Mail:INBOX=/var/mail/%u mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { driver = pam } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl_cert = default:teft Preference "spamAction=quarantine" # { quarantine | tag | deliver } -> default:quarantine Preference "spamSubject=[SPAM]" # { string } -> default:[SPAM] Preference "statisticalSedation=5" # { 0 - 10 } -> default:0 Preference "enableBNR=on" # { on | off } -> default:off Preference "enableWhitelist=on" # { on | off } -> default:on Preference "signatureLocation=message" # { message | headers } -> default:message Preference "tagSpam=off" # { on | off } Preference "tagNonspam=off" # { on | off } Preference "showFactors=off" # { on | off } -> default:off Preference "optIn=off" # { on | off } Preference "optOut=off" # { on | off } Preference "whitelistThreshold=10" # { Integer } -> default:10 Preference "makeCorpus=off" # { on | off } -> default:off Preference "storeFragments=off" # { on | off } -> default:off Preference "localStore=" # { on | off } -> default:username Preference "processorBias=on" # { on | off } -> default:on Preference "fallbackDomain=off" # { on | off } -> default:off Preference "trainPristine=off" # { on | off } -> default:off Preference "optOutClamAV=off" # { on | off } -> default:off Preference "ignoreRBLLookups=off" # { on | off } -> default:off Preference "RBLInoculate=off" # { on | off } -> default:off AllowOverride enableBNR AllowOverride enableWhitelist AllowOverride fallbackDomain AllowOverride ignoreGroups AllowOverride ignoreRBLLookups AllowOverride localStore AllowOverride makeCorpus AllowOverride optIn AllowOverride optOut AllowOverride optOutClamAV AllowOverride processorBias AllowOverride RBLInoculate AllowOverride showFactors AllowOverride signatureLocation AllowOverride spamAction AllowOverride spamSubject AllowOverride statisticalSedation AllowOverride storeFragments AllowOverride tagNonspam AllowOverride tagSpam AllowOverride trainPristine AllowOverride trainingMode AllowOverride whitelistThreshold AllowOverride dailyQuarantineSummary MySQLUIDInSignature on PgSQLServer /tmp/ PgSQLUser dspam PgSQLPass xxxxxx PgSQLDb dspam HashRecMax 98317 HashAutoExtend on HashMaxExtents 0 HashExtentSize 49157 HashPctIncrease 10 HashMaxSeek 10 HashConnectionCache 10 Notifications off PurgeSignatures 14 # Stale signatures PurgeNeutral 90 # Tokens with neutralish probabilities PurgeUnused 90 # Unused tokens PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes) PurgeHits1S 15 # Tokens with only 1 spam hit PurgeHits1I 15 # Tokens with only 1 innocent hit LocalMX 127.0.0.1 SystemLog on UserLog on Opt out ParseToHeaders on ServerPID /var/run/dspam.pid ServerDomainSocketPath "/var/run/dspam.sock" ClientHost /var/run/dspam.sock ProcessorURLContext on ProcessorBias on StripRcptDomain off All of this is running on a FreeBSD 10-p1 server. I hope that someone has successfully implemented a similar setup to what I'm aiming for, and might be able to help. Thanks. From Brad_Hein at cable.comcast.com Wed Apr 23 19:57:59 2014 From: Brad_Hein at cable.comcast.com (Hein, Brad) Date: Wed, 23 Apr 2014 19:57:59 +0000 Subject: [Dovecot] ImapTest utility not compiling In-Reply-To: References: Message-ID: * Found my error. I moved the dovecot source code after compiling it. Didn?t realize there were embedded/absolute URLS within the dovecot source tree. All I needed to do was make clean && make dovecot, then imaptest compiled no problem. [Brad Hein] From: , Local Administrator > Date: Wednesday, April 23, 2014 at 2:00 PM To: "dovecot at dovecot.org" > Subject: ImapTest utility not compiling Following the wiki instructions here: http://www.imapwiki.org/ImapTest/Installation I?ve run into a wall trying to compile the imapTest utility (dovecot compiled without any problems). I think there?s a problem in the imapTest utility? Copy/pasted compile output and attached. The gist of the problem seems to be that imaptest can?t find the dovecot headers and libraries (configure script was executed like this: ./configure --with-dovecot=/usr/src/dovecot-20140420 checkpoint.c:3:17: error: lib.h: No such file or directory checkpoint.c:4:17: error: str.h: No such file or directory Based on these errors I believe there?s a compatibility problem between the current imapTest utility and dovecot. The configure script said to report errors to this email address. [Brad Hein] From lee at trager.us Thu Apr 24 06:50:49 2014 From: lee at trager.us (lee at trager.us) Date: Thu, 24 Apr 2014 06:50:49 +0000 Subject: [Dovecot] Help implementing username_format in auth PAM driver Message-ID: <20140424065049.GA2897@trager.us> While configuring my server with dovecot I noticed that the PAM authentication driver does not support the username_format option as does the password file driver. This didn't seem too hard to implement so I through together a patch. As you can see in the attached patch I only modify the username sent to PAM. Despit doing this I run into the domain lost issue(http://wiki2.dovecot.org/DomainLost). This prevents me from using the domain name in my mail_location config string. What I don't understand is why does changing the username string sent to PAM for authentication trigger this issue? Shouldn't dovecot continue to use the client supplied username as I am *not* changing it anywhere in my config? Thanks, Lee -------------- next part -------------- diff --git a/src/auth/passdb-pam.c b/src/auth/passdb-pam.c index cf0b3c9..5f42a5a 100644 --- a/src/auth/passdb-pam.c +++ b/src/auth/passdb-pam.c @@ -37,6 +37,7 @@ typedef pam_const void *pam_item_t; #define PASSDB_PAM_DEFAULT_MAX_REQUESTS 100 +#define PASSDB_PAM_DEFAULT_USERNAME_FORMAT "%u" struct pam_passdb_module { struct passdb_module module; @@ -47,6 +48,7 @@ struct pam_passdb_module { unsigned int pam_setcred:1; unsigned int pam_session:1; unsigned int failure_show_msg:1; + const char *username_format; }; struct pam_conv_context { @@ -55,6 +57,17 @@ struct pam_conv_context { const char *failure_msg; }; +inline const char* +pam_username_lookup(struct auth_request *request) +{ + struct passdb_module *_module = request->passdb->passdb; + struct pam_passdb_module *module = (struct pam_passdb_module *)_module; + string_t *username = t_str_new(256); + var_expand(username, module->username_format, + auth_request_get_var_expand_table(request, auth_request_str_escape)); + return str_c(username); +} + static int pam_userpass_conv(int num_msg, pam_const struct pam_message **msg, struct pam_response **resp_r, void *appdata_ptr) @@ -82,7 +95,7 @@ pam_userpass_conv(int num_msg, pam_const struct pam_message **msg, case PAM_PROMPT_ECHO_ON: /* Assume we're asking for user. We might not ever get here because PAM already knows the user. */ - string = strdup(ctx->request->user); + string = strdup(pam_username_lookup(ctx->request)); if (string == NULL) i_fatal_status(FATAL_OUTOFMEM, "Out of memory"); break; @@ -240,7 +253,7 @@ static void set_pam_items(struct auth_request *request, pam_handle_t *pamh) host = net_ip2addr(&request->remote_ip); if (host != NULL) (void)pam_set_item(pamh, PAM_RHOST, host); - (void)pam_set_item(pamh, PAM_RUSER, request->user); + (void)pam_set_item(pamh, PAM_RUSER, pam_username_lookup(request)); /* TTY is needed by eg. pam_access module */ (void)pam_set_item(pamh, PAM_TTY, "dovecot"); } @@ -262,7 +275,7 @@ pam_verify_plain_call(struct auth_request *request, const char *service, ctx.request = request; ctx.pass = password; - status = pam_start(service, request->user, &conv, &pamh); + status = pam_start(service, pam_username_lookup(request), &conv, &pamh); if (status != PAM_SUCCESS) { auth_request_log_error(request, "pam", "pam_start() failed: %s", pam_strerror(pamh, status)); @@ -331,6 +344,7 @@ pam_preinit(pool_t pool, const char *args) { struct pam_passdb_module *module; const char *const *t_args; + const char *format = PASSDB_PAM_DEFAULT_USERNAME_FORMAT; int i; module = p_new(pool, struct pam_passdb_module, 1); @@ -367,9 +381,14 @@ pam_preinit(pool_t pool, const char *args) } } else if (t_args[i+1] == NULL) { module->service_name = p_strdup(pool, t_args[i]); + } else if (strncmp(t_args[i], "username_format=", 16) == 0) { + format = auth_cache_parse_key(pool, t_args[i] + 16); } else { i_fatal("pam: Unknown setting: %s", t_args[i]); } } + + module->username_format = format; + return &module->module; } From mailinglist at darac.org.uk Fri Apr 25 14:53:34 2014 From: mailinglist at darac.org.uk (Darac Marjal) Date: Fri, 25 Apr 2014 15:53:34 +0100 Subject: [Dovecot] Segfault in auth (when talked to by postfix lda) Message-ID: <20140425145334.GA11807@darac.org.uk> Afternoon all. I'm seeing a segfault in dovecot 2.2.12 (debian package 1:2.2.12-2). I can log into dovecot fine with mutt, but the segfaults seem to occur when postfix (2.11.0, debian package 2.11.0-1+b1) tries to deliver a message. This was working fine under 2.2.9 (I can downgrade to that and delivery works). Can anyone help? Doveconf -n, and backtrace follow. ------------------------------ --8<-- doveconf -n ---------- # 2.2.12: /etc/dovecot/dovecot.conf # OS: Linux 3.12-1-686-pae i686 Debian jessie/sid xfs auth_debug = yes auth_mechanisms = digest-md5 cram-md5 plain info_log_path = /var/log/dovecot.info lda_mailbox_autosubscribe = yes log_path = /var/log/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " login_log_format_elements = service=%s user=<%u> session=%{session} method=%m rip=%r lip=%l mpid=%e %c %k mail_access_groups = mail users mail_location = mdbox:/var/mail/%u/Mail mail_max_userip_connections = 50 mail_plugins = " zlib stats" mail_privileged_group = mail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/passwd driver = passwd-file } plugin { antispam_backend = dspam antispam_crm_binary = /bin/false antispam_debug_target = syslog antispam_dspam_args = --client;--mode=teft;--deliver;--user;%u antispam_dspam_binary = /usr/bin/dspam antispam_pipe_program = /usr/sbin/sendmail antispam_pipe_tmpdir = /tmp antispam_signature = X-DSPAM-Signature antispam_signature_missing = move antispam_spam_pattern_ignorecase = SPAM antispam_trash_pattern_ignorecase = trash;Deleted * sieve = ~/.dovecot.sieve sieve_dir = ~/sieve stats_refresh = 30 secs stats_track_cmds = yes } postmaster_address = postmaster at darac.org.uk protocols = " imap lmtp sieve" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0666 } } service lmtp { inet_listener lmtp { address = 192.168.123.254 port = 20024 } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service stats { fifo_listener stats-mail { mode = 0600 user = vmail } } ssl_cert = count = #1 0xb77bed33 in auth_fields_add (fields=0x0, key=key at entry=0xb84ae448 "uid", value=value at entry=0xb84a6312 "1120", flags=flags at entry=(unknown: 0)) at auth-fields.c:68 field = idx = 3091882770 __FUNCTION__ = "auth_fields_add" #2 0xb77bb03b in auth_request_set_userdb_field (request=request at entry=0xb84b9218, name=0xb84ae448 "uid", value=0xb84a6312 "1120") at auth-request.c:1605 uid = gid = #3 0xb77d2fb5 in userdb_template_export (tmpl=0xb84ae410, auth_request=auth_request at entry=0xb84b9218) at userdb-template.c:83 table = 0xb84a6110 str = 0xb84a5ff0 value = i = 0 count = 6 __FUNCTION__ = "userdb_template_export" #4 0xb77d230a in static_lookup_real (auth_request=auth_request at entry=0xb84b9218, callback=0xb77ba9b0 ) at userdb-static.c:32 _module = module = #5 0xb77d23ae in static_credentials_callback (result=PASSDB_RESULT_OK, credentials=0xb84b5bb7 "Mananozu", size=8, auth_request=0xb84b9218) at userdb-static.c:52 ctx = 0xb84bb860 #6 0xb77bc039 in auth_request_lookup_credentials_finish (result=PASSDB_RESULT_OK, credentials=credentials at entry=0xb84b5bb7 "Mananozu", size=size at entry=8, request=request at entry=0xb84b9218) at auth-request.c:820 No locals. #7 0xb77bc136 in auth_request_lookup_credentials_callback (result=PASSDB_RESULT_OK, credentials=0xb84b5bb7 "Mananozu", size=8, request=0xb84b9218) at auth-request.c:858 passdb = 0xb84ae248 cache_cred = 0x0 cache_scheme = 0xb77f1abc "\234\211\004" __FUNCTION__ = "auth_request_lookup_credentials_callback" #8 0xb77cc66e in passdb_handle_credentials (result=result at entry=PASSDB_RESULT_OK, password=0xb84b5bb7 "Mananozu", scheme=0xb84a5cb8 "PLAIN", callback=callback at entry=0xb77bc0c0 , auth_request=auth_request at entry=0xb84b9218) at passdb.c:165 credentials = 0xb84b5bb7 "Mananozu" size = 8 #9 0xb77ce62c in passwd_file_lookup_credentials (request=0xb84b9218, callback=0xb77bc0c0 ) at passdb-passwd-file.c:106 _module = module = pu = crypted_pass = 0xb84b5bb7 "Mananozu" scheme = 0xb84a5cb8 "PLAIN" #10 0xb77bc317 in auth_request_lookup_credentials (request=request at entry=0xb84b9218, scheme=0xb84b9450 "", callback=0xb77d2320 ) at auth-request.c:907 passdb = 0xb84ae248 cache_key = cache_cred = 0x0 cache_scheme = 0xb77f1abc "\234\211\004" result = -1216406852 __FUNCTION__ = "auth_request_lookup_credentials" #11 0xb77bc0b4 in auth_request_lookup_credentials_finish ( result=PASSDB_RESULT_SCHEME_NOT_AVAILABLE, credentials=credentials at entry=0xb774f693 "", size=size at entry=0, request=request at entry=0xb84b9218) at auth-request.c:802 No locals. #12 0xb77bc136 in auth_request_lookup_credentials_callback ( result=result at entry=PASSDB_RESULT_SCHEME_NOT_AVAILABLE, credentials=0xb774f693 "", size=size at entry=0, request=request at entry=0xb84b9218) at auth-request.c:858 passdb = 0xb84ae180 cache_cred = 0xb84b93b8 "\001" cache_scheme = 0x0 __FUNCTION__ = "auth_request_lookup_credentials_callback" #13 0xb77bc396 in auth_request_lookup_credentials (request=request at entry=0xb84b9218, scheme=scheme at entry=0xb77dd7bd "", callback=callback at entry=0xb77d2320 ) at auth-request.c:900 passdb = 0xb84ae180 cache_key = cache_cred = 0x1
cache_scheme = 0xb7780e78 "x\r\r" result = -1217270382 __FUNCTION__ = "auth_request_lookup_credentials" #14 0xb77d253c in static_lookup (auth_request=0xb84b9218, callback=0xb77ba9b0 ) at userdb-static.c:100 ctx = 0xb84bb860 callback = 0xb77ba9b0 auth_request = 0xb84b9218 _module = module = #15 0xb77bae3b in auth_request_lookup_user (request=request at entry=0xb84b9218, callback=0xb77b5c80 ) at auth-request.c:1141 userdb = 0xb84ae3e8 cache_key = #16 0xb77bac6d in auth_request_userdb_callback (result=, result at entry=USERDB_RESULT_USER_UNKNOWN, request=) at auth-request.c:1062 userdb = next_userdb = 0xb84ae3c8 result_rule = userdb_continue = #17 0xb77d091c in user_callback (reply=, context=0xb84b9218) at userdb-blocking.c:46 request = 0xb84b9218 result = USERDB_RESULT_USER_UNKNOWN args = 0xb84b9863 "" #18 0xb77c1caf in auth_worker_request_handle (request=0xb84b93b8, request=0xb84b93b8, line=0xb84b985a "NOTFOUND\t", conn=) at auth-worker-server.c:281 No locals. #19 worker_input (conn=0xb84b9600) at auth-worker-server.c:376 line = 0xb84b9859 "\tNOTFOUND\t" id_str = id = 1 #20 0xb7726928 in io_loop_call_io (io=0xb84b97f0) at ioloop.c:388 ioloop = 0xb84ad4d0 t_id = 2 #21 0xb77278be in io_loop_handler_run (ioloop=ioloop at entry=0xb84ad4d0) at ioloop-epoll.c:220 ctx = 0xb84b2538 list = 0xb84b9820 io = tv = {tv_sec = 0, tv_usec = 996120} events_count = msecs = ret = 1 i = 0 j = 0 call = __FUNCTION__ = "io_loop_handler_run" #22 0xb7726458 in io_loop_run (ioloop=0xb84ad4d0) at ioloop.c:412 __FUNCTION__ = "io_loop_run" #23 0xb76ce8c8 in master_service_run (service=0xb84ad400, callback=0xb77c6010 ) at master-service.c:566 No locals. #24 0xb77b2fae in main (argc=1, argv=0xb84ad1d8) at main.c:393 c = -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From tlx at leuxner.net Sat Apr 26 05:50:22 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Sat, 26 Apr 2014 07:50:22 +0200 Subject: [Dovecot] Assert Crash with HG 49e9d9743f6e Message-ID: <20140426055022.GA31422@nihlus.leuxner.net> New crash most likely related to Virtual plugin again: Apr 26 07:40:40 spectre dovecot: imap(tlx at leuxner.net): Panic: file mail-storage.c: line 1836 (mailbox_transaction_begin): assertion failed: (box->opened) Apr 26 07:40:40 spectre dovecot: imap(tlx at leuxner.net): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x6bc0f) [0x7fdfce48ac0f] -> /usr/lib/dovecot/libdovecot.so.0(+0x6bc6e) [0x7fdfce48ac6e] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fdfce4442ce] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x82299) [0x7fdfce777299] -> /usr/lib/dovecot/modules/lib20_virtual_plugin.so(+0x9f1b) [0x7fdfccc2df1b] -> /usr/lib/dovecot/modules/lib20_virtual_plugin.so(virtual_storage_sync_init+0x564) [0x7fdfccc2eb84] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x33) [0x7fdfce776e53] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x27) [0x7fdfce776f77] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 EXAMINE](cmd_select_full+0x173) [0x412c13] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 EXAMINE](command_exec+0x3c) [0x41839c] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 EXAMINE]() [0x417400] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 EXAMINE]() [0x4174ba] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 EXAMINE](client_handle_input+0x115) [0x417775] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 EXAMINE](client_input+0x72) [0x417b22] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x4e) [0x7fdfce49b9fe] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd7) [0x7fdfce49c9f7] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x7fdfce49ba89] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fdfce49bb08] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fdfce449673] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 EXAMINE](main+0x298) [0x40c128] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7fdfce0b2ead] -> dovecot/imap [tlx at leuxner.net 95.223.79.50 EXAMINE]() [0x40c28d] Apr 26 07:40:40 spectre dovecot: imap(tlx at leuxner.net): Fatal: master: service(imap): child 31334 killed with signal 6 (core not dumped) Disabling virtual prevents Dovecot from crashing. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From chrisvaas at gmail.com Sat Apr 26 16:06:00 2014 From: chrisvaas at gmail.com (Chris Vaas) Date: Sat, 26 Apr 2014 18:06:00 +0200 Subject: [Dovecot] Dovecot cannot connect to PostgreSQL server Message-ID: I am currently facing the following log output: Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost): Connect failed to database mail: could not connect to server: Permission denied Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011Is the server running on host "localhost" (::1) and accepting Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP connections on port 5432? I have double checked the database. It is listening correctly and I can connect to it via psql -U mailreader mail I provided all necessary information to dovecot via this configuration snippet: driver = pgsql connect = host=localhost dbname=mail user=mailreader password=secret default_pass_scheme = SHA512 password_query = SELECT email as user, password, 'maildir:/home/mail'||maildir as userdb_mail FROM users WHERE email = '%u' How can I debug this situation? Cheers Chris From me at junc.eu Sat Apr 26 16:14:08 2014 From: me at junc.eu (Benny Pedersen) Date: Sat, 26 Apr 2014 18:14:08 +0200 Subject: [Dovecot] Dovecot cannot connect to PostgreSQL server In-Reply-To: References: Message-ID: <07fa7588d004731be00c7e136e4d015b@junc.eu> Chris Vaas skrev den 2014-04-26 18:06: > I am currently facing the following log output: > > Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost): > Connect > failed to database mail: could not connect to server: Permission denied > Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011Is the server > running on > host "localhost" (::1) and accepting > Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP connections > on > port 5432? > > I have double checked the database. It is listening correctly and I can > connect to it via > > psql -U mailreader mail > > I provided all necessary information to dovecot via this configuration > snippet: > > driver = pgsql > connect = host=localhost dbname=mail user=mailreader password=secret > default_pass_scheme = SHA512 > password_query = SELECT email as user, password, > 'maildir:/home/mail'||maildir as userdb_mail FROM users WHERE email = > '%u' > > How can I debug this situation? check /etc/gai.conf if localhost should prefer ipv4 last or first are postgresql listning on both ipv4 ipv6 ? is dovecot using the incorrect if no ? From h.reindl at thelounge.net Sat Apr 26 16:16:38 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 26 Apr 2014 18:16:38 +0200 Subject: [Dovecot] Dovecot cannot connect to PostgreSQL server In-Reply-To: References: Message-ID: <535BDBE6.7070909@thelounge.net> Am 26.04.2014 18:06, schrieb Chris Vaas: > I am currently facing the following log output: > > Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost): Connect > failed to database mail: could not connect to server: Permission denied > Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011Is the server running on > host "localhost" (::1) and accepting > Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP connections on > port 5432? > > I have double checked the database. It is listening correctly and I can > connect to it via > > psql -U mailreader mail > > I provided all necessary information to dovecot via this configuration > snippet: > > driver = pgsql > connect = host=localhost dbname=mail user=mailreader password=secret > default_pass_scheme = SHA512 > password_query = SELECT email as user, password, > 'maildir:/home/mail'||maildir as userdb_mail FROM users WHERE email = '%u' > > How can I debug this situation? try "host=/path/to/your/unix/socket" instead just only "localhost" or switch to TCP with using 127.0.0.1 instead localhost in case of mysqld this would be "host=/var/lib/mysql/mysql.sock" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From ChristianVaas at auspex.eu Sat Apr 26 16:25:41 2014 From: ChristianVaas at auspex.eu (Christian Vaas) Date: Sat, 26 Apr 2014 18:25:41 +0200 Subject: [Dovecot] Dovecot cannot connect to PostgreSQL server In-Reply-To: <07fa7588d004731be00c7e136e4d015b@junc.eu> References: <07fa7588d004731be00c7e136e4d015b@junc.eu> Message-ID: Both versions are enabled on all participants. On Apr 26, 2014 6:14 PM, "Benny Pedersen" wrote: > Chris Vaas skrev den 2014-04-26 18:06: > >> I am currently facing the following log output: >> >> Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost): Connect >> failed to database mail: could not connect to server: Permission denied >> Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011Is the server running >> on >> host "localhost" (::1) and accepting >> Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP connections on >> port 5432? >> >> I have double checked the database. It is listening correctly and I can >> connect to it via >> >> psql -U mailreader mail >> >> I provided all necessary information to dovecot via this configuration >> snippet: >> >> driver = pgsql >> connect = host=localhost dbname=mail user=mailreader password=secret >> default_pass_scheme = SHA512 >> password_query = SELECT email as user, password, >> 'maildir:/home/mail'||maildir as userdb_mail FROM users WHERE email = '%u' >> >> How can I debug this situation? >> > > check /etc/gai.conf if localhost should prefer ipv4 last or first > > are postgresql listning on both ipv4 ipv6 ? > > is dovecot using the incorrect if no ? > From h.reindl at thelounge.net Sat Apr 26 16:33:00 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 26 Apr 2014 18:33:00 +0200 Subject: [Dovecot] Dovecot cannot connect to PostgreSQL server In-Reply-To: References: <535BDBE6.7070909@thelounge.net> Message-ID: <535BDFBC.50707@thelounge.net> first: don't reply off-list and don't top-post Am 26.04.2014 18:26, schrieb Christian Vaas: > How do I determine my postgresql socket location? > > On Apr 26, 2014 6:17 PM, "Reindl Harald" > wrote: > > Am 26.04.2014 18 :06, schrieb Chris Vaas: > > I am currently facing the following log output: > > > > Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost): Connect > > failed to database mail: could not connect to server: Permission denied > > Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011Is the server running on > > host "localhost" (::1) and accepting > > Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP connections on > > port 5432? > > > > I have double checked the database. It is listening correctly and I can > > connect to it via > > > > psql -U mailreader mail > > > > I provided all necessary information to dovecot via this configuration > > snippet: > > > > driver = pgsql > > connect = host=localhost dbname=mail user=mailreader password=secret > > default_pass_scheme = SHA512 > > password_query = SELECT email as user, password, > > 'maildir:/home/mail'||maildir as userdb_mail FROM users WHERE email = '%u' > > > > How can I debug this situation? > > try "host=/path/to/your/unix/socket" instead just only "localhost" > or switch to TCP with using 127.0.0.1 instead localhost > > in case of mysqld this would be "host=/var/lib/mysql/mysql.sock" why don't you know that? it's your machine and i don't use PostgreSQL at all "updatedb; locate post | grep socket" may be a good start just read the man page of your distribtion or use google google: "name-of-your-distribution postgresql unix socket" or simply try 127.0.0.1 which is as explained different to localhost localhost is typically unix-socket and 127.0.0.1 TCP/IP, in any case you have to make sure that the user is allowed in case of mysql i can set different permissions for "user1 at localhost" and "user1 at 127.0.0.1", most likely PostgeSQL supports that too -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From me at junc.eu Sat Apr 26 16:46:02 2014 From: me at junc.eu (Benny Pedersen) Date: Sat, 26 Apr 2014 18:46:02 +0200 Subject: [Dovecot] Dovecot cannot connect to PostgreSQL server In-Reply-To: References: <07fa7588d004731be00c7e136e4d015b@junc.eu> Message-ID: <8e49eedd8f4f9c24fda8d02d24668d4e@junc.eu> Christian Vaas skrev den 2014-04-26 18:25: > Both versions are enabled on all participants. then its in postgresql it self failing SHA512 auth >>> driver = pgsql >>> connect = host=localhost dbname=mail user=mailreader password=secret >>> default_pass_scheme = SHA512 >>> password_query = SELECT email as user, password, >>> 'maildir:/home/mail'||maildir as userdb_mail FROM users WHERE email = >>> '%u' From dmitry at rutelecom.company Sun Apr 27 05:26:20 2014 From: dmitry at rutelecom.company (Dmitry Podkovyrkin) Date: Sun, 27 Apr 2014 11:26:20 +0600 Subject: [Dovecot] All Mail folder as in Gmail Message-ID: <535C94FC.2050204@rutelecom.company> Hello How to make a folder "All Mail" so that it got a letter from the Inbox and Sent? Mail client makes a copy of emails sent to the folder Sent. -- Regards Dmitry Podkovyrkin email: dmirty at rutelecom.company From bind at enas.net Sun Apr 27 06:40:57 2014 From: bind at enas.net (Urban Loesch) Date: Sun, 27 Apr 2014 08:40:57 +0200 Subject: [Dovecot] All Mail folder as in Gmail In-Reply-To: <535C94FC.2050204@rutelecom.company> References: <535C94FC.2050204@rutelecom.company> Message-ID: <535CA679.3040900@enas.net> You should start here: http://wiki2.dovecot.org/Plugins/Virtual Am 27.04.2014 07:26, schrieb Dmitry Podkovyrkin: > Hello > How to make a folder "All Mail" so that it got a letter from the Inbox > and Sent? > Mail client makes a copy of emails sent to the folder Sent. > From dmitry at rutelecom.company Sun Apr 27 07:23:41 2014 From: dmitry at rutelecom.company (Dmitry Podkovyrkin) Date: Sun, 27 Apr 2014 13:23:41 +0600 Subject: [Dovecot] All Mail folder as in Gmail In-Reply-To: <535CA679.3040900@enas.net> References: <535C94FC.2050204@rutelecom.company> <535CA679.3040900@enas.net> Message-ID: <535CB07D.5080605@rutelecom.company> Thanks! That's what I need! 27.04.2014 12:40, Urban Loesch ?????: > You should start here: > http://wiki2.dovecot.org/Plugins/Virtual > > > Am 27.04.2014 07:26, schrieb Dmitry Podkovyrkin: >> Hello >> How to make a folder "All Mail" so that it got a letter from the Inbox >> and Sent? >> Mail client makes a copy of emails sent to the folder Sent. >> > > -- > Regards > Dmitry Podkovyrkin > email: dmirty at rutelecom.company From chrisvaas at gmail.com Sun Apr 27 15:17:59 2014 From: chrisvaas at gmail.com (Chris Vaas) Date: Sun, 27 Apr 2014 17:17:59 +0200 Subject: [Dovecot] Fwd: Dovecot cannot connect to PostgreSQL server In-Reply-To: References: <535C27A1.3090909@smail.inf.fh-brs.de> Message-ID: I set the host to 127.0.0.1 now. And my pg_hba.conf looks like that: # TYPE DATABASE USER ADDRESS METHOD # Mail stuff host mail mailreader 127.0.0.1/32 md5 host mail mailreader ::1/128 md5 local all all md5 host all all 127.0.0.1/32 ident host all all ::1/128 ident The folder /var/run/postgresql is not existing on my machine. The problem is still present. :( On Sat, Apr 26, 2014 at 11:39 PM, Steffen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Chris Vaas wrote: > > I am currently facing the following log output: > > > > Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost): > > Connect failed to database mail: could not connect to server: > > Permission denied Apr 26 16:40:28 h2290750 dovecot: auth: Error: > > #011Is the server running on host "localhost" (::1) and accepting > > Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP > > connections on port 5432? > > > > I have double checked the database. It is listening correctly and I > > can connect to it via > > > > psql -U mailreader mail > > > > I provided all necessary information to dovecot via this > > configuration snippet: > > > > driver = pgsql connect = host=localhost dbname=mail user=mailreader > > password=secret default_pass_scheme = SHA512 > > does Postgres allow connections on "host ::1" for user mailreader ? > Actually I wonder, because I thought the Postgres lib defaults to > "local" (socket) by default on localhost -> does Postgres allow > connections on "local" for mailreader? Permissions are configured in > pg_hba.conf, but -> Does Postgres logs something? It should if PG > denies the connection. > > Do you have SELinux or something like that running? > > I remember that I had a server that had wrong permissions on: > > ls -al /var/run/postgresql > > drwxrwsr-x 2 postgres postgres 4096 Feb 10 07:32 ./ > srwxrwxrwx 1 postgres postgres 0 Apr 26 23:15 .s.PGSQL.5432= > > the .s.PGSQL. socket is the local socket usually used for localhost > connections and automatically found by libpg. > > - -- > Steffen > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (Darwin) > Comment: Using GnuPG with undefined - http://www.enigmail.net/ > > iQEVAwUBU1wnoXD1/YhP6VMHAQJh8gf/fyThDqYhNiMXk6YNtwgiAT8MLyCblXOR > 1/4scQAFQUTbHgOODBfoJkoTdtsmhBu0UmxNe9Y/1Y+j2pAcVU2GrJAGLEED1Is0 > OmPPptnrdGaqjsIaybIDpmuJM7vqmOYhPMvAOGVXdgXdKa5QQZU3hgo/fH1xdIrj > j45LEfLE8Cu9QedOolXz4adFLk2XuRylMJWhQWrsT3yutr38Nv6wqhRDl7Rxwo4p > 2y1b2GiBTZkVHXzUs0a2UKxOsYsgQVgCcN6wCyio0ogCTAKwHWeQ00rUpNmn9COw > xKf5nhFPR8RYlCKukk7Djb2aklIfvko6S9+QoCKZEufjNi/moA4pcg== > =1sd0 > -----END PGP SIGNATURE----- > From al-dovecot at none.at Sun Apr 27 22:33:10 2014 From: al-dovecot at none.at (Aleksandar Lazic) Date: Mon, 28 Apr 2014 00:33:10 +0200 Subject: [Dovecot] Fwd: Dovecot cannot connect to PostgreSQL server In-Reply-To: References: <535C27A1.3090909@smail.inf.fh-brs.de> Message-ID: Dear Chris. Am 27-04-2014 17:17, schrieb Chris Vaas: > I set the host to 127.0.0.1 now. And my pg_hba.conf looks like that: [snipp] > The folder /var/run/postgresql is not existing on my machine. > > The problem is still present. :( What's the output of root # lsof -np $( pgrep -fl bin/postgres|awk '{print $1}' ) root # netstat -tlnp|egrep postgres BR Aleks > On Sat, Apr 26, 2014 at 11:39 PM, Steffen > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Chris Vaas wrote: >> > I am currently facing the following log output: >> > >> > Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost): >> > Connect failed to database mail: could not connect to server: >> > Permission denied Apr 26 16:40:28 h2290750 dovecot: auth: Error: >> > #011Is the server running on host "localhost" (::1) and accepting >> > Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP >> > connections on port 5432? >> > >> > I have double checked the database. It is listening correctly and I >> > can connect to it via >> > >> > psql -U mailreader mail >> > >> > I provided all necessary information to dovecot via this >> > configuration snippet: >> > >> > driver = pgsql connect = host=localhost dbname=mail user=mailreader >> > password=secret default_pass_scheme = SHA512 >> >> does Postgres allow connections on "host ::1" for user mailreader ? >> Actually I wonder, because I thought the Postgres lib defaults to >> "local" (socket) by default on localhost -> does Postgres allow >> connections on "local" for mailreader? Permissions are configured in >> pg_hba.conf, but -> Does Postgres logs something? It should if PG >> denies the connection. >> >> Do you have SELinux or something like that running? >> >> I remember that I had a server that had wrong permissions on: >> >> ls -al /var/run/postgresql >> >> drwxrwsr-x 2 postgres postgres 4096 Feb 10 07:32 ./ >> srwxrwxrwx 1 postgres postgres 0 Apr 26 23:15 .s.PGSQL.5432= >> >> the .s.PGSQL. socket is the local socket usually used for localhost >> connections and automatically found by libpg. >> >> - -- >> Steffen >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.9 (Darwin) >> Comment: Using GnuPG with undefined - http://www.enigmail.net/ >> >> iQEVAwUBU1wnoXD1/YhP6VMHAQJh8gf/fyThDqYhNiMXk6YNtwgiAT8MLyCblXOR >> 1/4scQAFQUTbHgOODBfoJkoTdtsmhBu0UmxNe9Y/1Y+j2pAcVU2GrJAGLEED1Is0 >> OmPPptnrdGaqjsIaybIDpmuJM7vqmOYhPMvAOGVXdgXdKa5QQZU3hgo/fH1xdIrj >> j45LEfLE8Cu9QedOolXz4adFLk2XuRylMJWhQWrsT3yutr38Nv6wqhRDl7Rxwo4p >> 2y1b2GiBTZkVHXzUs0a2UKxOsYsgQVgCcN6wCyio0ogCTAKwHWeQ00rUpNmn9COw >> xKf5nhFPR8RYlCKukk7Djb2aklIfvko6S9+QoCKZEufjNi/moA4pcg== >> =1sd0 >> -----END PGP SIGNATURE----- >> From jtam.home at gmail.com Sun Apr 27 23:07:29 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Sun, 27 Apr 2014 16:07:29 -0700 (PDT) Subject: [Dovecot] Dovecot cannot connect to PostgreSQL server In-Reply-To: References: Message-ID: Chris Vaas writes: >> psql -U mailreader mail >> >> I provided all necessary information to dovecot via this configuration >> snippet: >> >> driver = pgsql >> connect = host=localhost dbname=mail user=mailreader password=secret >> default_pass_scheme = SHA512 ... > I set the host to 127.0.0.1 now. And my pg_hba.conf looks like that: > > # TYPE DATABASE USER ADDRESS METHOD > # Mail stuff > host mail mailreader 127.0.0.1/32 md5 Shouldn't the last column here match your "default_pass_scheme" above? Maybe change "default_pass_scheme" to "md5-crypt" or "md5"? Joseph Tam From bourek at thinline.cz Mon Apr 28 06:41:36 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Mon, 28 Apr 2014 08:41:36 +0200 Subject: [Dovecot] Dovecot cannot connect to PostgreSQL server In-Reply-To: References: Message-ID: <535DF820.4000906@thinline.cz> >> I set the host to 127.0.0.1 now. And my pg_hba.conf looks like that: >> >> # TYPE DATABASE USER ADDRESS METHOD >> # Mail stuff >> host mail mailreader 127.0.0.1/32 md5 > > Shouldn't the last column here match your "default_pass_scheme" above? > Maybe change "default_pass_scheme" to "md5-crypt" or "md5"? > > Joseph Tam Should not. These are two different things. From skdovecot at smail.inf.fh-brs.de Mon Apr 28 06:43:50 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 28 Apr 2014 08:43:50 +0200 (CEST) Subject: [Dovecot] Fwd: Dovecot cannot connect to PostgreSQL server In-Reply-To: References: <535C27A1.3090909@smail.inf.fh-brs.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 27 Apr 2014, Chris Vaas wrote: [fixed ugly top posting] > On Sat, Apr 26, 2014 at 11:39 PM, Steffen wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Chris Vaas wrote: >>> I am currently facing the following log output: >>> >>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost): >>> Connect failed to database mail: could not connect to server: >>> Permission denied Apr 26 16:40:28 h2290750 dovecot: auth: Error: >>> #011Is the server running on host "localhost" (::1) and accepting >>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP >>> connections on port 5432? >>> >>> I have double checked the database. It is listening correctly and I >>> can connect to it via >>> >>> psql -U mailreader mail >>> >>> I provided all necessary information to dovecot via this >>> configuration snippet: >>> >>> driver = pgsql connect = host=localhost dbname=mail user=mailreader >>> password=secret default_pass_scheme = SHA512 >> >> does Postgres allow connections on "host ::1" for user mailreader ? >> Actually I wonder, because I thought the Postgres lib defaults to >> "local" (socket) by default on localhost -> does Postgres allow >> connections on "local" for mailreader? Permissions are configured in >> pg_hba.conf, but -> Does Postgres logs something? It should if PG >> denies the connection. > I set the host to 127.0.0.1 now. And my pg_hba.conf looks like that: > > # TYPE DATABASE USER ADDRESS METHOD > # Mail stuff > host mail mailreader 127.0.0.1/32 md5 > host mail mailreader ::1/128 md5 > local all all md5 > host all all 127.0.0.1/32 ident > host all all ::1/128 ident What about the "Does Postgres logs something?" >> Do you have SELinux or something like that running? What about this question? >> I remember that I had a server that had wrong permissions on: >> >> ls -al /var/run/postgresql >> >> drwxrwsr-x 2 postgres postgres 4096 Feb 10 07:32 ./ >> srwxrwxrwx 1 postgres postgres 0 Apr 26 23:15 .s.PGSQL.5432= >> >> the .s.PGSQL. socket is the local socket usually used for localhost >> connections and automatically found by libpg. > The folder /var/run/postgresql is not existing on my machine. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU134pnz1H7kL/d9rAQK/8wf/QAQmoptFYhONUirtD6rNy6WUYykF+ojV ZKkN6zCkXtIpp/oNj/KkvOMY0WgzgU7IalPtA0AIRzpc13fbWf+p5Gymhie4DbdK DiTKgZR6Nmc4qVqZ7ChC7bcRTbKppO+LmIkcMgyIk3PbWhcJKd/gLHyTpgstijC0 BJWK3lf5z+RnsFmvjsonveCRat7gjElirgapwbNkU3VyvmQVOxJbE/u/NdqcprR8 xyzIXZZ1hRADh05QNdpaayW7hsCbf525jWZAA9bsZ8JfGs05OrDqJtbNYgf5V3jR TV6dVIr0tBuihBsIS2KdlCiQkUI/KYnv1ye+Ei2bJ4JDt/VLmKM8OQ== =z78b -----END PGP SIGNATURE----- From chrisvaas at gmail.com Mon Apr 28 06:51:23 2014 From: chrisvaas at gmail.com (Chris Vaas) Date: Mon, 28 Apr 2014 08:51:23 +0200 Subject: [Dovecot] Fwd: Dovecot cannot connect to PostgreSQL server In-Reply-To: <535df88b.c2af0e0a.1889.740aSMTPIN_ADDED_BROKEN@mx.google.com> References: <535C27A1.3090909@smail.inf.fh-brs.de> <535df88b.c2af0e0a.1889.740aSMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: On Mon, Apr 28, 2014 at 8:43 AM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sun, 27 Apr 2014, Chris Vaas wrote: > > [fixed ugly top posting] > > On Sat, Apr 26, 2014 at 11:39 PM, Steffen > >wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Chris Vaas wrote: >>> >>>> I am currently facing the following log output: >>>> >>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost): >>>> Connect failed to database mail: could not connect to server: >>>> Permission denied Apr 26 16:40:28 h2290750 dovecot: auth: Error: >>>> #011Is the server running on host "localhost" (::1) and accepting >>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP >>>> connections on port 5432? >>>> >>>> I have double checked the database. It is listening correctly and I >>>> can connect to it via >>>> >>>> psql -U mailreader mail >>>> >>>> I provided all necessary information to dovecot via this >>>> configuration snippet: >>>> >>>> driver = pgsql connect = host=localhost dbname=mail user=mailreader >>>> password=secret default_pass_scheme = SHA512 >>>> >>> >>> does Postgres allow connections on "host ::1" for user mailreader ? >>> Actually I wonder, because I thought the Postgres lib defaults to >>> "local" (socket) by default on localhost -> does Postgres allow >>> connections on "local" for mailreader? Permissions are configured in >>> pg_hba.conf, but -> Does Postgres logs something? It should if PG >>> denies the connection. >>> >> > I set the host to 127.0.0.1 now. And my pg_hba.conf looks like that: >> >> # TYPE DATABASE USER ADDRESS METHOD >> # Mail stuff >> host mail mailreader 127.0.0.1/32 md5 >> host mail mailreader ::1/128 md5 >> local all all md5 >> host all all 127.0.0.1/32 ident >> host all all ::1/128 ident >> > > What about the "Does Postgres logs something?" > The log under /var/logs/pgsql is completely empty. > > Do you have SELinux or something like that running? >>> >> > What about this question? > I do have a SELinux up and running, yeah. > > > I remember that I had a server that had wrong permissions on: >>> >>> ls -al /var/run/postgresql >>> >>> drwxrwsr-x 2 postgres postgres 4096 Feb 10 07:32 ./ >>> srwxrwxrwx 1 postgres postgres 0 Apr 26 23:15 .s.PGSQL.5432= >>> >>> the .s.PGSQL. socket is the local socket usually used for localhost >>> connections and automatically found by libpg. >>> >> > The folder /var/run/postgresql is not existing on my machine. >> > > - -- Steffen Kaiser - Chris From chrisvaas at gmail.com Mon Apr 28 07:08:05 2014 From: chrisvaas at gmail.com (Chris Vaas) Date: Mon, 28 Apr 2014 09:08:05 +0200 Subject: [Dovecot] Fwd: Dovecot cannot connect to PostgreSQL server In-Reply-To: References: <535C27A1.3090909@smail.inf.fh-brs.de> <535df88b.c2af0e0a.1889.740aSMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: On Mon, Apr 28, 2014 at 8:51 AM, Chris Vaas wrote: > On Mon, Apr 28, 2014 at 8:43 AM, Steffen Kaiser < > skdovecot at smail.inf.fh-brs.de> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Sun, 27 Apr 2014, Chris Vaas wrote: >> >> [fixed ugly top posting] >> >> On Sat, Apr 26, 2014 at 11:39 PM, Steffen >> >wrote: >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Chris Vaas wrote: >>>> >>>>> I am currently facing the following log output: >>>>> >>>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost): >>>>> Connect failed to database mail: could not connect to server: >>>>> Permission denied Apr 26 16:40:28 h2290750 dovecot: auth: Error: >>>>> #011Is the server running on host "localhost" (::1) and accepting >>>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP >>>>> connections on port 5432? >>>>> >>>>> I have double checked the database. It is listening correctly and I >>>>> can connect to it via >>>>> >>>>> psql -U mailreader mail >>>>> >>>>> I provided all necessary information to dovecot via this >>>>> configuration snippet: >>>>> >>>>> driver = pgsql connect = host=localhost dbname=mail user=mailreader >>>>> password=secret default_pass_scheme = SHA512 >>>>> >>>> >>>> does Postgres allow connections on "host ::1" for user mailreader ? >>>> Actually I wonder, because I thought the Postgres lib defaults to >>>> "local" (socket) by default on localhost -> does Postgres allow >>>> connections on "local" for mailreader? Permissions are configured in >>>> pg_hba.conf, but -> Does Postgres logs something? It should if PG >>>> denies the connection. >>>> >>> >> I set the host to 127.0.0.1 now. And my pg_hba.conf looks like that: >>> >>> # TYPE DATABASE USER ADDRESS METHOD >>> # Mail stuff >>> host mail mailreader 127.0.0.1/32 md5 >>> host mail mailreader ::1/128 md5 >>> local all all md5 >>> host all all 127.0.0.1/32 ident >>> host all all ::1/128 ident >>> >> >> What about the "Does Postgres logs something?" >> > > The log under /var/logs/pgsql is completely empty. > >> >> Do you have SELinux or something like that running? >>>> >>> >> What about this question? >> > > I do have a SELinux up and running, yeah. > >> >> > >> I remember that I had a server that had wrong permissions on: >>>> >>>> ls -al /var/run/postgresql >>>> >>>> drwxrwsr-x 2 postgres postgres 4096 Feb 10 07:32 ./ >>>> srwxrwxrwx 1 postgres postgres 0 Apr 26 23:15 .s.PGSQL.5432= >>>> >>>> the .s.PGSQL. socket is the local socket usually used for localhost >>>> connections and automatically found by libpg. >>>> >>> >> The folder /var/run/postgresql is not existing on my machine. >>> >> >> - -- Steffen Kaiser > > > - Chris > > I just looked into my SELinux audit log and found the following denial. type=AVC msg=audit(1398609990.493:280): avc: denied { name_connect } for pid=5964 comm="auth" dest=5432 scontext=unconfined_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket There seems to be a good chance, that this is my problem, doesn't it? But how can I allow the connection? Cheers Chris From skdovecot at smail.inf.fh-brs.de Mon Apr 28 07:11:17 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 28 Apr 2014 09:11:17 +0200 (CEST) Subject: [Dovecot] Fwd: Dovecot cannot connect to PostgreSQL server In-Reply-To: References: <535C27A1.3090909@smail.inf.fh-brs.de> <535df88b.c2af0e0a.1889.740aSMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 28 Apr 2014, Chris Vaas wrote: > On Mon, Apr 28, 2014 at 8:43 AM, Steffen Kaiser < > skdovecot at smail.inf.fh-brs.de> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Sun, 27 Apr 2014, Chris Vaas wrote: >> >> [fixed ugly top posting] >> >> On Sat, Apr 26, 2014 at 11:39 PM, Steffen >>> wrote: >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Chris Vaas wrote: >>>> >>>>> I am currently facing the following log output: >>>>> >>>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost): >>>>> Connect failed to database mail: could not connect to server: >>>>> Permission denied Apr 26 16:40:28 h2290750 dovecot: auth: Error: >>>>> #011Is the server running on host "localhost" (::1) and accepting >>>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP >>>>> connections on port 5432? >>>>> >>>>> I have double checked the database. It is listening correctly and I >>>>> can connect to it via >>>>> >>>>> psql -U mailreader mail >>>>> >>>>> I provided all necessary information to dovecot via this >>>>> configuration snippet: >>>>> >>>>> driver = pgsql connect = host=localhost dbname=mail user=mailreader >>>>> password=secret default_pass_scheme = SHA512 >>>>> >>>> >>>> does Postgres allow connections on "host ::1" for user mailreader ? >>>> Actually I wonder, because I thought the Postgres lib defaults to >>>> "local" (socket) by default on localhost -> does Postgres allow >>>> connections on "local" for mailreader? Permissions are configured in >>>> pg_hba.conf, but -> Does Postgres logs something? It should if PG >>>> denies the connection. >>>> >>> >> I set the host to 127.0.0.1 now. And my pg_hba.conf looks like that: >>> >>> # TYPE DATABASE USER ADDRESS METHOD >>> # Mail stuff >>> host mail mailreader 127.0.0.1/32 md5 >>> host mail mailreader ::1/128 md5 >>> local all all md5 >>> host all all 127.0.0.1/32 ident >>> host all all ::1/128 ident >>> >> >> What about the "Does Postgres logs something?" >> > > The log under /var/logs/pgsql is completely empty. In addition to Aleksandar's question: Does Postgres runs at all? >> >> Do you have SELinux or something like that running? >> What about this question? > > I do have a SELinux up and running, yeah. Did you've checked its logs, e.g. (pretty old): http://linux.derkeiler.com/Mailing-Lists/Fedora/2006-03/msg05342.html - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU13/FXz1H7kL/d9rAQLjbQf+IQV/jSAj+fvxCaIgxgzktUuJenONp5Za LrxYEQ79YelD5ljH1Ms1cYyegp5+8ecHsp0Fc850ZBeEYsplfZjfvAoPP4lO+cdH GOPt3+zniEdeEVMVFfOokyTGjSPWbRrlb5r/wWYj6pU35pkw1pK3M6hPxF2Y6grm poLMdHvaktwIr9STtqu1JTOxRffLgW5qh1AcQwJ+BoNs+h0MKs7ddqgnfeV9bKZx rmyOuAU36QnNcv+LJQJSiJMFw1pejS+OBvI23xYsj/04dAAiTzNHGe3doz/sF1PX P2zroewTEEb+lkvjUkOmukLuTlLnCAVgdHyWZF37c5vML9HD7Xyqrg== =e13N -----END PGP SIGNATURE----- From chrisvaas at gmail.com Mon Apr 28 07:15:48 2014 From: chrisvaas at gmail.com (Chris Vaas) Date: Mon, 28 Apr 2014 09:15:48 +0200 Subject: [Dovecot] Fwd: Dovecot cannot connect to PostgreSQL server In-Reply-To: <535dfefa.c5030e0a.43bd.651fSMTPIN_ADDED_BROKEN@mx.google.com> References: <535C27A1.3090909@smail.inf.fh-brs.de> <535df88b.c2af0e0a.1889.740aSMTPIN_ADDED_BROKEN@mx.google.com> <535dfefa.c5030e0a.43bd.651fSMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: On Mon, Apr 28, 2014 at 9:11 AM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, 28 Apr 2014, Chris Vaas wrote: > > On Mon, Apr 28, 2014 at 8:43 AM, Steffen Kaiser < >> skdovecot at smail.inf.fh-brs.de> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On Sun, 27 Apr 2014, Chris Vaas wrote: >>> >>> [fixed ugly top posting] >>> >>> On Sat, Apr 26, 2014 at 11:39 PM, Steffen < >>> skdovecot at smail.inf.fh-brs.de >>> >>>> wrote: >>>>> >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> >>>>> Hash: SHA1 >>>>> >>>>> Chris Vaas wrote: >>>>> >>>>> I am currently facing the following log output: >>>>>> >>>>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost): >>>>>> Connect failed to database mail: could not connect to server: >>>>>> Permission denied Apr 26 16:40:28 h2290750 dovecot: auth: Error: >>>>>> #011Is the server running on host "localhost" (::1) and accepting >>>>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP >>>>>> connections on port 5432? >>>>>> >>>>>> I have double checked the database. It is listening correctly and I >>>>>> can connect to it via >>>>>> >>>>>> psql -U mailreader mail >>>>>> >>>>>> I provided all necessary information to dovecot via this >>>>>> configuration snippet: >>>>>> >>>>>> driver = pgsql connect = host=localhost dbname=mail user=mailreader >>>>>> password=secret default_pass_scheme = SHA512 >>>>>> >>>>>> >>>>> does Postgres allow connections on "host ::1" for user mailreader ? >>>>> Actually I wonder, because I thought the Postgres lib defaults to >>>>> "local" (socket) by default on localhost -> does Postgres allow >>>>> connections on "local" for mailreader? Permissions are configured in >>>>> pg_hba.conf, but -> Does Postgres logs something? It should if PG >>>>> denies the connection. >>>>> >>>>> >>>> I set the host to 127.0.0.1 now. And my pg_hba.conf looks like that: >>> >>>> >>>> # TYPE DATABASE USER ADDRESS METHOD >>>> # Mail stuff >>>> host mail mailreader 127.0.0.1/32 md5 >>>> host mail mailreader ::1/128 md5 >>>> local all all md5 >>>> host all all 127.0.0.1/32 ident >>>> host all all ::1/128 ident >>>> >>>> >>> What about the "Does Postgres logs something?" >>> >>> >> The log under /var/logs/pgsql is completely empty. >> > > In addition to Aleksandar's question: Does Postgres runs at all? > > >>> Do you have SELinux or something like that running? >>> What about this question? >>> >> >> I do have a SELinux up and running, yeah. >> > > Did you've checked its logs, e.g. (pretty old): > http://linux.derkeiler.com/Mailing-Lists/Fedora/2006-03/msg05342.html > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBU13/FXz1H7kL/d9rAQLjbQf+IQV/jSAj+fvxCaIgxgzktUuJenONp5Za > LrxYEQ79YelD5ljH1Ms1cYyegp5+8ecHsp0Fc850ZBeEYsplfZjfvAoPP4lO+cdH > GOPt3+zniEdeEVMVFfOokyTGjSPWbRrlb5r/wWYj6pU35pkw1pK3M6hPxF2Y6grm > poLMdHvaktwIr9STtqu1JTOxRffLgW5qh1AcQwJ+BoNs+h0MKs7ddqgnfeV9bKZx > rmyOuAU36QnNcv+LJQJSiJMFw1pejS+OBvI23xYsj/04dAAiTzNHGe3doz/sF1PX > P2zroewTEEb+lkvjUkOmukLuTlLnCAVgdHyWZF37c5vML9HD7Xyqrg== > =e13N > -----END PGP SIGNATURE----- > It is running, yes. I can connect from my local machine to the server without a flaw. About SELinux: I just looked into my SELinux audit log and found the following denial. type=AVC msg=audit(1398609990.493:280): avc: denied { name_connect } for pid=5964 comm="auth" dest=5432 scontext=unconfined_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket There seems to be a good chance, that this is my problem, doesn't it? But how can I allow the connection? Cheers Chris From skdovecot at smail.inf.fh-brs.de Mon Apr 28 07:30:23 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 28 Apr 2014 09:30:23 +0200 (CEST) Subject: [Dovecot] Fwd: Dovecot cannot connect to PostgreSQL server In-Reply-To: References: <535C27A1.3090909@smail.inf.fh-brs.de> <535df88b.c2af0e0a.1889.740aSMTPIN_ADDED_BROKEN@mx.google.com> <535dfefa.c5030e0a.43bd.651fSMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 28 Apr 2014, Chris Vaas wrote: > I just looked into my SELinux audit log and found the following denial. > > type=AVC msg=audit(1398609990.493:280): avc: denied { name_connect } for > pid=5964 comm="auth" dest=5432 > scontext=unconfined_u:system_r:dovecot_auth_t:s0 > tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket > > There seems to be a good chance, that this is my problem, doesn't it? But > how can I allow the connection? I don't run SELinux, checkout a SELinux HowTo, e.g. http://wiki.centos.org/HowTos/SELinux, audit2allow looks promising. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU14Dj3z1H7kL/d9rAQKtdwf/d4mIe45sOFRkOc+BGfhD/PSYOKK9Akk9 xRofzDZszgj/I9w1T5AWrND3Xn3RfXmCA3MuvEG4L3JAIznuPJWAATkV1XMw56v5 pe4Z6SRB9aH6QZFvmDBfO5pEVrsGoXYeDCY78rZhSERXXgutCDuWHhQUK6pnnXTY m2lumWt6w1mHpvLZZ5gxd2MjZiDZqYJYhhDbMGxb6lcVN42WJgfD5Lm1J000F6Pq pbwCR+2lz2W9tBTCChJqTwIMebUhxesUQxcmFrh9/0/tR7b5hKkEY2o9OtDxRGt6 A6qE/9H82peC64AtV7Cn6rbEJ76HVSCWMP9lLOhmiflpP3cwF+d7VA== =aI5S -----END PGP SIGNATURE----- From chrisvaas at gmail.com Mon Apr 28 07:47:26 2014 From: chrisvaas at gmail.com (Chris Vaas) Date: Mon, 28 Apr 2014 09:47:26 +0200 Subject: [Dovecot] Fwd: Dovecot cannot connect to PostgreSQL server In-Reply-To: <535e0375.c4e00e0a.1d90.ffff921eSMTPIN_ADDED_BROKEN@mx.google.com> References: <535C27A1.3090909@smail.inf.fh-brs.de> <535df88b.c2af0e0a.1889.740aSMTPIN_ADDED_BROKEN@mx.google.com> <535dfefa.c5030e0a.43bd.651fSMTPIN_ADDED_BROKEN@mx.google.com> <535e0375.c4e00e0a.1d90.ffff921eSMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: On Mon, Apr 28, 2014 at 9:30 AM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, 28 Apr 2014, Chris Vaas wrote: > > I just looked into my SELinux audit log and found the following denial. >> >> type=AVC msg=audit(1398609990.493:280): avc: denied { name_connect } for >> pid=5964 comm="auth" dest=5432 >> scontext=unconfined_u:system_r:dovecot_auth_t:s0 >> tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket >> >> There seems to be a good chance, that this is my problem, doesn't it? But >> how can I allow the connection? >> > > I don't run SELinux, checkout a SELinux HowTo, e.g. > http://wiki.centos.org/HowTos/SELinux, audit2allow looks promising. > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBU14Dj3z1H7kL/d9rAQKtdwf/d4mIe45sOFRkOc+BGfhD/PSYOKK9Akk9 > xRofzDZszgj/I9w1T5AWrND3Xn3RfXmCA3MuvEG4L3JAIznuPJWAATkV1XMw56v5 > pe4Z6SRB9aH6QZFvmDBfO5pEVrsGoXYeDCY78rZhSERXXgutCDuWHhQUK6pnnXTY > m2lumWt6w1mHpvLZZ5gxd2MjZiDZqYJYhhDbMGxb6lcVN42WJgfD5Lm1J000F6Pq > pbwCR+2lz2W9tBTCChJqTwIMebUhxesUQxcmFrh9/0/tR7b5hKkEY2o9OtDxRGt6 > A6qE/9H82peC64AtV7Cn6rbEJ76HVSCWMP9lLOhmiflpP3cwF+d7VA== > =aI5S > -----END PGP SIGNATURE----- > Bam. Works! Thank you very much, everyone! Cheers Chris From jason at score.com.hk Mon Apr 28 09:07:12 2014 From: jason at score.com.hk (Jason) Date: Mon, 28 Apr 2014 17:07:12 +0800 Subject: [Dovecot] dovecot temporary suspension all of pop3 login about 5 minutes In-Reply-To: References: Message-ID: Dear Steffen Kaiser, I had fixed the problem after upgrade to v2.2.12 . Best regards, Jason -----Original Message----- From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Steffen Kaiser Sent: Friday, April 25, 2014 3:14 PM To: Jason Cc: dovecot at dovecot.org Subject: Re: [Dovecot] dovecot temporary suspension all of pop3 login about 5 minutes -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 25 Apr 2014, Jason wrote: > When the user login P0P3 more than 10 times in 1 minute that the dovecot temporary suspension all of pop3 login about 5 minutes. > > How to disable the setting for dovecot. > Apr 24 16:11:14 mww dovecot: pop3-login: Login: user=, > method=PLAIN, rip=192.168.16.84, lip=192.168.16.159, mpid=8767, > session=<5USPZMX3/QDAqBBU> Apr 24 16:11:14 mww dovecot: pop3(scan): > Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Apr 24 > 16:11:15 mww dovecot: auth-worker: Error: no talloc stackframe at > ../source3/param/loadparm.c:4864, leaking memory > # 2.2.9: /etc/dovecot/dovecot.conf > doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:99: > ssl_disable has been renamed to ssl ... > ssl = no Check out last log line, it's a bug. First try update your config, then upgrade to v2.2.13, then let us know if your bug is fixed. BTW: I do not find no loadparm.c in v2.2.12. http://ubuntuforums.org/showthread.php?t=2214042 http://osdir.com/ml/ubuntu-bugs/2014-04/msg16458.html http://ubuntuforums.org/showthread.php?t=2218612 Looks like an Ubuntu bug with authentifications. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1oLSnz1H7kL/d9rAQKprwf/euB02Q0afRd4KrRshgNhdwjoDPQKNFW7 2tuWTBEoSvYujqLKVKQOONkkZOQZpy+M49AS7tJh5+0ZhsmKZKZsLLWW7pJE+fBH 6M6sZ0h2qH1HP0g9ONx0jr1aDPzNRhPtEIzZyvIgRjvg5Own2wtNLSJvncasoVLM Wh4G5K67cH6CUkufnnoG6fm7unDKZm+JxXks0GuLZ62nqW9ID/KZelfqZHH8LWLN iM0uTbW58wcF024aAs8Asa+fVGIr4NXC/OhFM0gl9B7K0opkzr58N30kE+KDAM3a GU1H+ndTn+pokTAhB7t6a3FJoXfHB2cc9hK22e6OwirtL4HmobzuPg== =GNDN -----END PGP SIGNATURE----- From Bill.public at Eccles.net Mon Apr 28 12:15:21 2014 From: Bill.public at Eccles.net (Bill Eccles) Date: Mon, 28 Apr 2014 08:15:21 -0400 Subject: [Dovecot] Why does it appear that dovecot is deleting messages after migration? Message-ID: <83BD963F-D3AC-41D6-A822-8421856E117E@Eccles.net> Hi, y'all, long-time Mac OS X Server user Bill here with a thorny question for the mailing list since nobody at discussions.apple.com can quite put their finger on the answer. While well-aquainted with other aspects of Server, Dovecot is a bit of a mystery still to me. So here it goes: Background I'm struggling to migrate from MacOS X 10.6 to 10.9. I tried twice using the "live server in target disk mode" method, but after things went horribly awry (meaning I was left with no working services on the new server), I gave up on that and have been working to slowly bring services over, one at a time. I've got both Dovecot and PostFix accepting connections from my test machine, and I am able to connect with IMAP to the new server. What I Do... First, I turn both mail servers off. Then I tar up the /var/spool/imap/dovecot/mail directory on the old server, move it to the new server, untar it in /Library/Server/Mail/Data/ (where it belongs), and change ownership to _dovecot:mail, all per many other suggestions found in the Apple forums. (All files appear to be in maildir format, that I can tell.) I then turn the mail service back on on the new server. What Dovecot Does... (or appears to do) If I quickly connect to the new server with my IMAP client (MacOS X Mail.app) and create a "fresh user" in Mail.app, message folders appear correctly. But it's only a matter of time before Dovecot, or something, runs "doveadm index -u (usernames) (mailboxes)" on all of the mailboxes. As it does, it deletes thousands of messages, leaving, for example, the same 17 in INBOX and 3695 in "Deleted Items Archive". And 0 in others, and other seemingly-random numbers of messages in still yet others. I can watch it marching through the mailboxes, one at a time, if I "ps -ax" enough times. What I've Done to Counteract This... Nothing I've done so far has been able to do anything about it. Re-untar the archive, and it just does it all again. Try using dsync, and it just deletes the messages from the un-tar'd archive. In other words, there are thousands of messages in the archive which don't seem to meet Dovecot's requirement for being in that particular folder, so it deletes them. The "cur" directory in a mailbox directory may start out with >21000 messages in it, but when it's done, it'll have deleted the same messages from "cur" every time, leaving me with a fraction of what I started out with. I even used the 65-migrate_mailboxes.pl script (supplied as part of OS X 10.9 Server), and the same thing happens. (The migrate script does a lot more than just what I've noted above, but most of what it does is responsible for settings and configuration migration. Very little of the script is responsible for moving the data, and that part of the script ends up being a bunch of "cp" followed by a "chown"--essentially what I'm doing.) The Questions What is going on? Failing a fix, am I trying to migrate the wrong way? Is there a better way? Random Thoughts and Observations I've changed hostnames. The old one was shr-xs.mydomain.net, and the new one is shr-mini.mydomain.net. Is it unhappy with that for some reason? In one of the directories where messages are deleted, there were a zillion files named like this: 1396718896.M324523P43630.shr-xs.mydomain.net,S=1209,W=1238:2,Sac There were also a bunch of files named like this: 1211416234.cyrus.457,S=893:2,Sac When it's all said and done, and Dovecot has done its thing, care to guess which ones are left? Only these: 1211416234.cyrus.457,S=893:2,Sac Just to see if I could influence which files get deleted, I deleted all of the dovecot* files in the mailbox directory. And Dovecot recreated them faithfully, but still deleted all but the ones which said "cyrus" in the filenames. I changed the hostname to match shr-xs.mydomain.net, and that doesn't seem to have affected things a bit, though I don't have enough data to support that I really succeeded in changing the hostname for all services (specifically for Dovecot). Is Dovecot really filtering out messages that just don't seem to "belong" in the folder? Thanks, y'all. I've puzzled on this one for about eight hours and it now hurts my brain. I hope somebody else has an answer sans brain hurts. From skdovecot at smail.inf.fh-brs.de Mon Apr 28 12:40:40 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 28 Apr 2014 14:40:40 +0200 (CEST) Subject: [Dovecot] Why does it appear that dovecot is deleting messages after migration? In-Reply-To: <83BD963F-D3AC-41D6-A822-8421856E117E@Eccles.net> References: <83BD963F-D3AC-41D6-A822-8421856E117E@Eccles.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 28 Apr 2014, Bill Eccles wrote: > correctly. But it's only a matter of time before Dovecot, or something, > runs "doveadm index -u (usernames) (mailboxes)" on all of the mailboxes. > As it does, it deletes thousands of messages, leaving, for example, the > same 17 in INBOX and 3695 in "Deleted Items Archive". And 0 in others, after you untar the files and before the automagic kicks in, can you run doveadm index -u (usernames) (mailboxes) via dtruss to make sure that command is deleting the messages? Did you've enabled: + mail_debug=yes enables all kinds of mail related debug logging, such as showing where Dovecot is looking for mails. + http://wiki2.dovecot.org/Plugins/MailLog Maybe your client does that? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU15MSHz1H7kL/d9rAQIt2Af/QABYgpGglUhKT2iSuOk+JkBDgkuPZgd3 uYgUxR3psNZz6Kel8RuuyTp3B1G0UhJuku2d1E9Q2yBQQ4sOUgbI1+mUKNeSraiS mWDBbqx0/2T8J/o0UMzdsVcNwav7ul//MuoefZlZD/hRI45VYK91WbJJcp8Fv9Jb x9IJmRKA5x2MMbSyLLSy2VrM5Cq4hdLRj5atanWDj20uA0iw9xb5A4gaVwsByKC1 itwjvUkUn+cLjQ4gBQYOha9hyi6TfThHk/OWqajJqcgjBU+5p0BQUYfjOcZhVjfD sDwik+dC+2WikotzhnIEpBSGrVlHE8R/avpCiJGPioRTe+MpJjSI9A== =Hpxw -----END PGP SIGNATURE----- From Bill.public at Eccles.net Mon Apr 28 13:23:20 2014 From: Bill.public at Eccles.net (Bill Eccles) Date: Mon, 28 Apr 2014 09:23:20 -0400 Subject: [Dovecot] Why does it appear that dovecot is deleting messages after migration? In-Reply-To: References: <83BD963F-D3AC-41D6-A822-8421856E117E@Eccles.net> Message-ID: <2E222381-90E8-4815-AC09-9A060F3DCF4C@Eccles.net> On Apr 28, 2014, at 8:40 AM, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, 28 Apr 2014, Bill Eccles wrote: > >> correctly. But it's only a matter of time before Dovecot, or something, runs "doveadm index -u (usernames) (mailboxes)" on all of the mailboxes. As it does, it deletes thousands of messages, leaving, for example, the same 17 in INBOX and 3695 in "Deleted Items Archive". And 0 in others, > > after you untar the files and before the automagic kicks in, can you run doveadm index -u (usernames) (mailboxes) > via dtruss to make sure that command is deleting the messages? > > Did you've enabled: > > + mail_debug=yes enables all kinds of mail related debug logging, such as showing where Dovecot is looking for mails. > > + http://wiki2.dovecot.org/Plugins/MailLog > Maybe your client does that? > > - -- Steffen Kaiser Steffen-- Dtruss showed nothing unusual, and I'll bet you expected that. But this morning, as I was untarring the tarball, I noticed these two processes show up in the ps -ax list: 28445 ?? 0:14.98 find . -name *.shr-xs.mydomain.net* -print0 28446 ?? 0:00.00 xargs -0 rm Since the mail services were off, hence Dovecot has no processes listed in ps -ax, I'm sure that I'm blaming Dovecot for something it ain't doing. (dig dig dig... um...) Ah... well, don't I feel foolish. It's my own sa-learn script at fault! My script attempts to clean out the spam/ham folders like this: cd /var/spool/imap/dovecot/mail/public/.Learn\ as\ Spam\ \(Bad\ E-mail\)/cur/ find . -name '*.shr-xs.mydomain.net*' -print0 | xargs -0 rm and given that these two directories don't exist, it ends up running these commands from /. which cleans the entire hard drive of all items matching the pattern above. Is there a better way to clean these directories out using native Dovecot commands (so I don't do this again!)? Thanks for your help! Bill From kremels at kreme.com Mon Apr 28 14:01:40 2014 From: kremels at kreme.com (LuKreme) Date: Mon, 28 Apr 2014 08:01:40 -0600 Subject: [Dovecot] Why does it appear that dovecot is deleting messages after migration? In-Reply-To: <2E222381-90E8-4815-AC09-9A060F3DCF4C@Eccles.net> References: <83BD963F-D3AC-41D6-A822-8421856E117E@Eccles.net> <2E222381-90E8-4815-AC09-9A060F3DCF4C@Eccles.net> Message-ID: <97911E3A-31B8-4C1B-A8AE-73562C7201D9@kreme.com> On 28 Apr 2014, at 07:23 , Bill Eccles wrote: > Ah... well, don't I feel foolish. It's my own sa-learn script at fault! Don't feel bad. I accidentally delete 6TB of data off a machine when I edited a script to take out the testing harness and make it live. I introduced a space. Whoops. I would do (assuming bash is your shell): DIRMAIL="/var/spool/imap/dovecot/mail/public/.Learn as Spam (Bad E-mail)/cur/" HOST="shr-xs.mydomain.net" if [ -d ${DIRMAIL} ]; then cd $DIRMAIL find . name '*.${HOST}*' -delete fi -- There is a road, no simple highway, between the dawn and the dark of night From r.tagliaferri at tosnet.it Mon Apr 28 15:56:25 2014 From: r.tagliaferri at tosnet.it (Roberto Tagliaferri - Tosnet srl) Date: Mon, 28 Apr 2014 17:56:25 +0200 Subject: [Dovecot] log auth in a dn Message-ID: <535E7A29.6000502@tosnet.it> A non-text attachment was scrubbed... Name: logo-firma.jpg Type: image/jpeg Size: 4725 bytes Desc: not available URL: From r.tagliaferri at tosnet.it Tue Apr 29 07:05:27 2014 From: r.tagliaferri at tosnet.it (Roberto Tagliaferri - Tosnet srl) Date: Tue, 29 Apr 2014 09:05:27 +0200 Subject: [Dovecot] [repost] log sasl auth Message-ID: <535F4F37.7060302@tosnet.it> Excuse for the previous post. Hi, i've in use dovecot for pop3, imap and for sasl authenticator (for postfix). Can i log all sasl auth in a sql db (or in a flat file, or to a pipe)? -- Roberto Tagliaferri Tosnet srl From adje at bezoekerscentrumsonsbeek.nl Tue Apr 29 08:49:18 2014 From: adje at bezoekerscentrumsonsbeek.nl (Administrator BCS) Date: Tue, 29 Apr 2014 08:49:18 +0000 Subject: [Dovecot] doveadm import : Error creating new mailbox Message-ID: <20140429084918.Horde.Pn3M_6o3BXgHZbzQra2sIw7@192.168.4.2> Hello, I'm new to dovecot. I managed to set up a system running dovecot/mysql/postfix/postfixadmin with a virtual maildir setup on Ubuntu 12.04 I can add and remove users, send and receive mail, create folders, move mail between them etc so all ok. Now trying to manually import some mbox files from the old server into dovecot. Copied a mbox file to the new system, converted it to Maildir with mb2md resulting in a directory containing the new, cur en tmp. Looks ok, old email messages are all there. When importing this folder using doveadm import it fails with the message: Error: Couldn't create mailbox maildir:/home/vmail/bezoekerscentrumsonsbeek.nl/techniek/.INBOX: Invalid mailbox name What am I doing wrong? Martin output from doveadm -D import: > ??(adje at BCS:pts/0)??????????????????????????????????????????????????????????????????????????????????????????????????????(~)?? > ??(89:10:33:%)?? sudo doveadm -D import -u > techniek at bezoekerscentrumsonsbeek.nl > maildir:/mnt/multimedia/mailoudeserver/testmap/techniek > maildir:/home/vmail/bezoekerscentrumsonsbeek.nl/techniek/ all > doveadm(root): Debug: Loading modules from directory: > /usr/lib/dovecot/modules/doveadm > doveadm(root): Debug: Skipping module doveadm_acl_plugin, because > dlopen() failed: > /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined > symbol: acl_user_module (this is usually intentional, so just ignore > this message) > doveadm(root): Debug: Skipping module doveadm_expire_plugin, because > dlopen() failed: > /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: > undefined symbol: expire_set_deinit (this is usually intentional, so > just ignore this message) > doveadm(root): Debug: Skipping module doveadm_quota_plugin, because > dlopen() failed: > /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: > undefined symbol: quota_user_module (this is usually intentional, so > just ignore this message) > doveadm(root): Debug: Skipping module doveadm_zlib_plugin, because > dlopen() failed: > /usr/lib/dovecot/modules/doveadm/lib10_doveadm_zlib_plugin.so: undefined > symbol: i_stream_create_deflate (this is usually intentional, so just > ignore this message) > doveadm(root): Debug: Effective uid=0, gid=0, home=/home/adje > doveadm(root): Debug: maildir++: > root=/mnt/multimedia/mailoudeserver/testmap/techniek, index=, control=, > inbox=/mnt/multimedia/mailoudeserver/testmap/techniek, alt= > doveadm(techniek at bezoekerscentrumsonsbeek.nl): Debug: Added userdb > setting: mail=maildir:/home/vmail/bezoekerscentrumsonsbeek.nl/techniek > doveadm(techniek at bezoekerscentrumsonsbeek.nl): Debug: Added userdb > setting: plugin/quota=dirsize:storage=0 > doveadm(techniek at bezoekerscentrumsonsbeek.nl): Debug: Effective uid=150, > gid=8, home=/home/vmail/bezoekerscentrumsonsbeek.nl/techniek > doveadm(techniek at bezoekerscentrumsonsbeek.nl): Debug: maildir++: > root=/home/vmail/bezoekerscentrumsonsbeek.nl/techniek, index=, control=, > inbox=/home/vmail/bezoekerscentrumsonsbeek.nl/techniek, alt= > doveadm(techniek at bezoekerscentrumsonsbeek.nl): Debug: Namespace : > /home/vmail/bezoekerscentrumsonsbeek.nl/techniek/.maildir:/home/vmail/bezoekerscentrumsonsbeek.nl/techniek/.INBOX doesn't exist yet, using default > permissions > doveadm(techniek at bezoekerscentrumsonsbeek.nl): Debug: Namespace : Using > permissions from /home/vmail/bezoekerscentrumsonsbeek.nl/techniek: > mode=0700 gid=-1 > doveadm(techniek at bezoekerscentrumsonsbeek.nl): Debug: Namespace : > /home/vmail/bezoekerscentrumsonsbeek.nl/techniek/.maildir:/home/vmail/bezoekerscentrumsonsbeek.nl/techniek/.INBOX doesn't exist yet, using default > permissions > doveadm(techniek at bezoekerscentrumsonsbeek.nl): Debug: Namespace : Using > permissions from /home/vmail/bezoekerscentrumsonsbeek.nl/techniek: > mode=0700 gid=-1 > doveadm(techniek at bezoekerscentrumsonsbeek.nl): Error: Couldn't create > mailbox maildir:/home/vmail/bezoekerscentrumsonsbeek.nl/techniek/.INBOX: > Invalid mailbox name Output of dovecot -n > # 2.0.19: /etc/dovecot/dovecot.conf > # OS: Linux 3.11.0-20-generic x86_64 Ubuntu 12.04.4 LTS ext4 > auth_mechanisms = plain login > first_valid_uid = 150 > last_valid_uid = 150 > mail_gid = mail > mail_location = maildir:/home/vmail/%d/%n > mail_uid = vmail > passdb { > ? args = /etc/dovecot/dovecot-sql.conf.ext > ? driver = sql > } > postmaster_address = adje at bezoekerscentrumsonsbeek.nl > protocols = " imap pop3" > service auth { > ? unix_listener /var/spool/postfix/private/auth { > ? ? group = postfix > ? ? mode = 0660 > ? ? user = postfix > ? } > ? unix_listener auth-userdb { > ? ? group = mail > ? ? mode = 0600 > ? ? user = vmail > ? } > } > ssl_cert = ssl_key = userdb { > ? args = /etc/dovecot/dovecot-sql.conf.ext > ? driver = sql > } -- Systeembeheer Bezoekerscentrum Sonsbeek From bourek at thinline.cz Tue Apr 29 09:01:26 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Tue, 29 Apr 2014 11:01:26 +0200 Subject: [Dovecot] Status of sieve-extdata? Message-ID: <535F6A66.7010504@thinline.cz> Hi, I'd like to ask about status of extdata plugin for sieve. The wiki page (http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extdata) mentions versions for PigeonHole 0.2 and 0.3, but there seems to be no version for 0.4 and Dovecot 2.2. Is the plugin dead or is it planned to make version for Dovecot 2.2 (when time allows I guess)? Regards J. From skdovecot at smail.inf.fh-brs.de Tue Apr 29 10:25:23 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 29 Apr 2014 12:25:23 +0200 (CEST) Subject: [Dovecot] doveadm import : Error creating new mailbox In-Reply-To: <20140429084918.Horde.Pn3M_6o3BXgHZbzQra2sIw7@192.168.4.2> References: <20140429084918.Horde.Pn3M_6o3BXgHZbzQra2sIw7@192.168.4.2> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 29 Apr 2014, Administrator BCS wrote: > Now trying to manually import some mbox files from the old server into > dovecot. Copied a mbox file to the new system, converted it to Maildir with > mb2md resulting in a directory containing the new, cur en tmp. Looks ok, old > email messages are all there. > > When importing this folder using doveadm import it fails with the message: Copy/move the files in cur and new into the new place, no need for doveadm import. If there is no target mailbox of that name, copy the whole .mailbox.sub.sub folder. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU19+FHz1H7kL/d9rAQIc9Af7B1ecvA/GLNKF6luQSDjcenR1S9OYjVcn pAAgZTaWEjwp50pg8qdRGe3K5/lPmi9+ltGeQeoNzqfRi/4T902AopZ4JqFrbBUy oxZTvaKAKjTB9m0xor8S/fpWF4ZqEiEomuPRIS96/zCoJsJBDycEhSEn4/wU8U/a 1+D76Krd+RC33P12VsXvXFSiJ2ZuThH2Z82vtp8FCqmYZ8ZSxMyWXkRMy5qsLPoz 9QoGqSk2nOoSF9CXuLNmeLvqyEnBri18eLP0bIwYS7+a/V0uAJTYnSuG3tFbv2no e5P9dA6Vi2YtCNRYy3wbyuhZFWF7m47vwOXZIO52PjHQ4nbM4Z4F9w== =ngDh -----END PGP SIGNATURE----- From adje at bezoekerscentrumsonsbeek.nl Tue Apr 29 11:09:51 2014 From: adje at bezoekerscentrumsonsbeek.nl (Administrator BCS) Date: Tue, 29 Apr 2014 11:09:51 +0000 Subject: [Dovecot] doveadm import : Error creating new mailbox In-Reply-To: References: <20140429084918.Horde.Pn3M_6o3BXgHZbzQra2sIw7@192.168.4.2> Message-ID: <20140429110951.Horde.hs2gt7V2b5vbEFYe1SumBQ2@192.168.4.2> Citeren Steffen Kaiser : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 29 Apr 2014, Administrator BCS wrote: > >> Now trying to manually import some mbox files from the old server >> into dovecot. Copied a mbox file to the new system, converted it to >> Maildir with mb2md resulting in a directory containing the new, cur >> en tmp. Looks ok, old email messages are all there. >> >> When importing this folder using doveadm import it fails with the message: > > Copy/move the files in cur and new into the new place, no need for > doveadm import. If there is no target mailbox of that name, copy the > whole .mailbox.sub.sub folder. > well the example I gave was maybe a bit confusing. Moving/copying the contents of folders works but only for already existing folders. When I want to import folders that do not yet exist and create them by copying a .mailbox folder to the users vmail folder it does not show up in my front end (Horde). From what I learned so far this is because I have to use the dovecot import tool in order to make dovecot recognize them. > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBU19+FHz1H7kL/d9rAQIc9Af7B1ecvA/GLNKF6luQSDjcenR1S9OYjVcn > pAAgZTaWEjwp50pg8qdRGe3K5/lPmi9+ltGeQeoNzqfRi/4T902AopZ4JqFrbBUy > oxZTvaKAKjTB9m0xor8S/fpWF4ZqEiEomuPRIS96/zCoJsJBDycEhSEn4/wU8U/a > 1+D76Krd+RC33P12VsXvXFSiJ2ZuThH2Z82vtp8FCqmYZ8ZSxMyWXkRMy5qsLPoz > 9QoGqSk2nOoSF9CXuLNmeLvqyEnBri18eLP0bIwYS7+a/V0uAJTYnSuG3tFbv2no > e5P9dA6Vi2YtCNRYy3wbyuhZFWF7m47vwOXZIO52PjHQ4nbM4Z4F9w== > =ngDh > -----END PGP SIGNATURE----- -- Systeembeheer Bezoekerscentrum Sonsbeek From skdovecot at smail.inf.fh-brs.de Tue Apr 29 11:57:25 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 29 Apr 2014 13:57:25 +0200 (CEST) Subject: [Dovecot] doveadm import : Error creating new mailbox In-Reply-To: <20140429110951.Horde.hs2gt7V2b5vbEFYe1SumBQ2@192.168.4.2> References: <20140429084918.Horde.Pn3M_6o3BXgHZbzQra2sIw7@192.168.4.2> <20140429110951.Horde.hs2gt7V2b5vbEFYe1SumBQ2@192.168.4.2> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 29 Apr 2014, Administrator BCS wrote: >> On Tue, 29 Apr 2014, Administrator BCS wrote: >> >>> Now trying to manually import some mbox files from the old server into >>> dovecot. Copied a mbox file to the new system, converted it to Maildir >>> with mb2md resulting in a directory containing the new, cur en tmp. Looks >>> ok, old email messages are all there. >>> >>> When importing this folder using doveadm import it fails with the message: >> >> Copy/move the files in cur and new into the new place, no need for doveadm >> import. If there is no target mailbox of that name, copy the whole >> .mailbox.sub.sub folder. >> > > well the example I gave was maybe a bit confusing. Moving/copying the > contents of folders works but only for already existing folders. > When I want to import folders that do not yet exist and create them by > copying a .mailbox folder to the users vmail folder it does not show up in my > front end (Horde). From what I learned so far this is because I have to use > the dovecot import tool in order to make dovecot recognize them. say mb2md creates: .folder.sub.sub/{cur,new,tmp} ..... move .folder.sub.sub to /home/vmail/bezoekerscentrumsonsbeek.nl/techniek/.folder.sub.sub If they does not show up, probably because they are not subscribed, add them to Maildir/subscriptions . Sometimes clients cache the folders. logoff/on again. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1+Tpnz1H7kL/d9rAQIc1ggAtMYCafYQyr317y7ixNvkXuXfnWBssDQC kMFGdKSOO1Efpdj1PMvwS3yZNdd93P02uSHRuoARKWQMwn46pPtkIgiesC3B1IcO DZiN0bg35iw3eenj3k0ZGol9HDZF2B8cE/6I8rqP2a6XANqLXBk4TB1HfmxcRGgp Uuu4nhv8ZPqee1J1oP8U1RqQ0gdeS0zlhXT8At6l+iqzRkcfmijxK+GJ2QVxceDT k+Hs3/QD/KNWpoWx6o/ClDIFVt6ALGw2hz622WL3tEv7Ytvy50E7FoVxbv6ET7Hr g5zacot+jjOxiwBSTxBzkpsg4yvZ1D6QEph+gnXSR6ishKEu/Aeddw== =xImh -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Tue Apr 29 13:14:38 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 29 Apr 2014 15:14:38 +0200 (CEST) Subject: [Dovecot] doveadm import : Error creating new mailbox In-Reply-To: <20140429084918.Horde.Pn3M_6o3BXgHZbzQra2sIw7@192.168.4.2> References: <20140429084918.Horde.Pn3M_6o3BXgHZbzQra2sIw7@192.168.4.2> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 29 Apr 2014, Administrator BCS wrote: >> mail_location = maildir:/home/vmail/%d/%n >> userdb { >> ? args = /etc/dovecot/dovecot-sql.conf.ext >> ? driver = sql >> } BTW: What home directory are you using? It is not recommended to run with mail (dir) == home (dir). Insofar, it might be better to add the pseudo standard Maildir to mail_location. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1+lv3z1H7kL/d9rAQJjYQf7BWeKttb2XQmc+2v6ZkdyiQ19JIFwsp2D iLZI9OVbNEh3+0Vv7EBGEzVGmuq2+o/7BzeSaHYzBOYJhC/5pIwAcfHet3uvbBGF /GdXMjfIuEM790H3mSamaNmmoz+HYlXtuqsEy0nFt2kRmvq+HveLpA62Z7fEOEn/ 8rPUxzR+44gNZrB24Xuigv5mfoqglm7HlpATnpWQlRJf+hbkjfZdZ/5qvyDEXI2x xmR3K9wJ43h5mqlMOi9QYZc6wLCLRl6v+rxtQcSajlZi6iAfzjCLeTYlqTQOz2AF XoEhTuQPWDpAEZpgb850pGZN43/wJfbumozF0TsMU3YJUR6snwXFxw== =/KAC -----END PGP SIGNATURE----- From adje at bezoekerscentrumsonsbeek.nl Tue Apr 29 14:57:29 2014 From: adje at bezoekerscentrumsonsbeek.nl (Administrator BCS) Date: Tue, 29 Apr 2014 14:57:29 +0000 Subject: [Dovecot] doveadm import : Error creating new mailbox In-Reply-To: References: <20140429084918.Horde.Pn3M_6o3BXgHZbzQra2sIw7@192.168.4.2> Message-ID: <20140429145729.Horde.vMjY3mVLD0ibeVoIDUF6WA1@192.168.4.2> Citeren Steffen Kaiser : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 29 Apr 2014, Administrator BCS wrote: > >>> mail_location = maildir:/home/vmail/%d/%n > >>> userdb { >>> ? args = /etc/dovecot/dovecot-sql.conf.ext >>> ? driver = sql >>> } > > BTW: What home directory are you using? It is not recommended to run > with mail (dir) == home (dir). Insofar, it might be better to add the > pseudo standard Maildir to mail_location. I don't know if I fully understand your question. I am trying to import mail from an old system running mbox (inbox in /var/mail/username and the rest in /home/username/mail/), to a new system running Postfix/Dovecot with virtual mailboxes for separate domains. So the mail users on the new system do not have a linux account anymore and therefore no homedir either. Their mail is stored by the virtual mail handler in /home/vmail/domain.nl/username/. Worth mentioning maybe that initially it used /var/vmail/ but I moved it from /var to /home for reasons of file system space and edited the postfix- and dovecot configs accordingly. As a test I copied some individual mbox files from the old system to a temporary folder on the new one and tried to import those files to the corresponding maildirs of the users on the new system using doveadm import, which failed. Maybe it simply does not work that way and should I go for the direct full mbox>maildir conversion from the old server to the new one. As you suggested earlier, copying to maildir converted box manually to the vmail folders and editing the subscriptions file is a way to get it to work but it is very labour intensive. -- Systeembeheer Bezoekerscentrum Sonsbeek From skdovecot at smail.inf.fh-brs.de Tue Apr 29 18:34:47 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen) Date: Tue, 29 Apr 2014 20:34:47 +0200 Subject: [Dovecot] doveadm import : Error creating new mailbox In-Reply-To: <20140429145729.Horde.vMjY3mVLD0ibeVoIDUF6WA1@192.168.4.2> References: <20140429084918.Horde.Pn3M_6o3BXgHZbzQra2sIw7@192.168.4.2> <20140429145729.Horde.vMjY3mVLD0ibeVoIDUF6WA1@192.168.4.2> Message-ID: <535FF0C7.8000308@smail.inf.fh-brs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Administrator BCS wrote: > Citeren Steffen Kaiser : > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On Tue, 29 Apr 2014, Administrator BCS wrote: >> >>>> mail_location = maildir:/home/vmail/%d/%n >> >>>> userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = >>>> sql } >> >> BTW: What home directory are you using? It is not recommended to >> run with mail (dir) == home (dir). Insofar, it might be better to >> add the pseudo standard Maildir to mail_location. > > I don't know if I fully understand your question. I am trying to > import mail from an old system running mbox (inbox in > /var/mail/username and the rest in /home/username/mail/), to a new > system running Postfix/Dovecot with virtual mailboxes for separate > domains. I'd suggested to _not_ import, but migrate the messages. However, doveadm import -u user maildir:... "" all works for me, but my target user already has ~/Maildir/{new,cur,tmp}. > So the mail users on the new system do not have a linux account > anymore and therefore no homedir either. Well, maybe you could call the "homedirectory" in the sense of Dovecot as "directory where to put files relatively to by default', see http://wiki2.dovecot.org/MailLocation sec. "homeless useres". > As you suggested earlier, copying to maildir converted box manually > to the vmail folders and editing the subscriptions file is a way to > get it to work but it is very labour intensive. I though mb2md supports "-d destdir", and to patch subscribe : cd <> echo INBOX >subscribe ls -d .??* |grep '^\.' | sed -e 's/^\.//' >>subscribe - -- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBU1/wx3D1/YhP6VMHAQKUbQgA7f8Ro3K6Z8BzWW5uOnAaWDOYPbacqWDF CRcHB0sqgSqWoOYnsB/ymL2fWqrK5dHmcDStU4PfiEimHM2eMhgJkGreSRbbT8Yw YYIwyRUjzewfFeZJU/BSzklhppctKUK+e2VghoiSgYDE1HsDr4SciBHzG82wKn/4 d30k4nCsWnUJ7P5bLUxtJFI1Qtdczi2Orcuhfc9jTEKaGv8rukvcl2b/BxJQKOSK XAQpHn9p4GhjJ7/jpHB8Nmz7JztKg0B0XdVjGRde2M10dzxL7R9isCJ3pcBn3b2y GKi/Axzo+jpHRrIVqsWs+YK3pX16rs/j7dCxuc6NaBqiE90wmDXRmQ== =ep+o -----END PGP SIGNATURE----- From slusarz at curecanti.org Tue Apr 29 21:27:59 2014 From: slusarz at curecanti.org (Michael M Slusarz) Date: Tue, 29 Apr 2014 15:27:59 -0600 Subject: [Dovecot] BINARY FETCH conversion issue Message-ID: <20140429152759.Horde.VyzmEbbxP7BDaMNPnBzXww2@bigworm.curecanti.org> Given this test message, with admittedly incorrect QP encoding: ---- From: Test Subject: Test Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain To: Test Date: Tue, 29 Apr 2014 00:54:10 +0000 Message-Id: <1 at example.com> https://example.com/?from=bsu&url=http%3A//www.example.com/ ---- Dovecot 2.2 returns this: C: 5 UID FETCH 4464 (BINARY.PEEK[1]) S: * 1 FETCH (UID 4464 BINARY[1] NIL) S: 5 OK Fetch completed. Contrast with, e.g., Cyrus 2.4: C: 6 UID FETCH 1 (BINARY.PEEK[1]) S: * 1 FETCH (UID 1 BINARY[1] {57} S: [LITERAL DATA: 57 bytes] S: ) S: 6 OK Completed (0.000 sec) (Cyrus FETCH output strips out the spurious non-encoding '=', IIRC). Not sure if this is an example of Cyrus' QP decoder being more robust (or lenient) than Dovecot's. Or whether this is intentional to return NIL for this kind of bad data. Although if intentional, output should probably be a NO response with UNKNOWN-CTE response code, since this appears to be an instance of "the server does not know how to decode the section's CTE". (RFC 3516 [4.3]). michael From farokh at mcfsoftware.com Wed Apr 30 15:41:56 2014 From: farokh at mcfsoftware.com (Farokh Irani) Date: Wed, 30 Apr 2014 11:41:56 -0400 Subject: [Dovecot] Dovecot 2.0.16 question... Message-ID: <536119C4.1060403@mcfsoftware.com> I'm running Dovecot 2.0.16 on OS X Server 10.7.5 and I've got a problem with IMAP searches. There are a couple of accounts that are unable to search using an IMAP search, but I can't seem to find anything wrong. Any pointers on what I can do? Is there a search index file that I can delete to force a rebuild, or a script or app that will do that? I tried to use update-fts-index.pl, but to no avail. Thanks! Farokh ---------------------------------------------------------------------------- MCF Software...simply dependably engineered For all your computer and networking needs including hosting solutions for every need. Phone: 845-735-0210 Cell: 914-262-1594 From asai at globalchangemusic.org Wed Apr 30 20:08:33 2014 From: asai at globalchangemusic.org (Asai) Date: Wed, 30 Apr 2014 13:08:33 -0700 Subject: [Dovecot] 2.2.12 RPM Needed In-Reply-To: <535964C0.6020000@thelounge.net> References: <53594BD0.7010508@globalchangemusic.org> <535964C0.6020000@thelounge.net> Message-ID: <53615841.7070302@globalchangemusic.org> I found that there's a commercial Dovecot repo, which we're more than happy to pay for access to. Thanks, Timo! --Asai On 4/24/14 12:23 PM, Reindl Harald wrote: > > Am 24.04.2014 19:37, schrieb Asai: >> I'm not very experienced in building Source RPMs and we're in need of a Dovecot RPM for version 2.2.12 for CentOS >> 5. It seems that the ATRPMs repo maintained by Axel Thimm hasn't seen much activity lately and the task of >> updating a source RPM is more than I have time for as a busy developer who does systems admin on the side. >> >> Could anybody recommend another repo where there would be the latest Dovecot binaries? Or perhaps tell me of any >> gotchas and catches which might arise if I go ahead and build 2.2.12 from source over the RPM I currently have >> installed (2.2.10)? > you only need to replace the tarball and the version in the SPEC > and rebuild the package - for monir updates you don't need anything > else if upstream has no broken release strategy, dovecot's is fine > > i am building dovecot the last two years without any SPEC change > except version and changelog - but you won't be happy with my > stripped down SPEC following our infrastructure (no configs etc.) >