From stephan at rename-it.nl Mon Aug 1 00:01:33 2016 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 1 Aug 2016 02:01:33 +0200 Subject: Sieve Script Replication Gliches (Report #2) In-Reply-To: <4ece61c7-5950-9231-7efe-cf2eb9e270b1@reub.net> References: <4ece61c7-5950-9231-7efe-cf2eb9e270b1@reub.net> Message-ID: <7bf64b2f-fb63-316c-fe92-98da90b1b8f5@rename-it.nl> Op 7/31/2016 om 4:27 AM schreef Reuben Farrelly: > Hi, > > I've observed some odd behaviour with dsync replication between two > hosts, specifically to do with sieve script replication. > > In short, I have two hosts which replicate in a master-master type > setup where almost all of the reads and writes happen to just one of > the two hosts. > > They are both running 2.2.devel (9dc6403), which is close to the > latest 2.2 -git . Pigeonhole is running master-0.4 . This is on > x86_64 Gentoo. > > Normal mail replication between Maildir's for all users works fine, > however it appears that something recently committed to the code has > broken sieve script replication between the two. I am sure this did > once work. Replication is via tcps: . > > Sieve scripts on the lesser-used host are not up to date by an order > of days/weeks with the main host and they don't seem to re-replicate - > even if the rules don't exist at all on the replica. > > The symptoms and effects look to be the same as this (unanswered) post > from December: > > http://dovecot.org/list/dovecot/2015-December/102690.html > > I am not sure how to view the transaction log files, but I am seeing > the same symptoms, ie no live replication, and on the lesser-used host > almost all the scripts were old and some had the 1970 date on them. > > Even after forcing a [dsync replication replicate '*'] the scripts are > not replicated. As it stands now there are no sieve scripts on one of > the two members and the system seems unable to replicate by itself. > > Secondly, I am also seeing some doubled up outputs if I run 'doveadm > sieve list -A': > > thunderstorm reuben # doveadm sieve list -A > reuben rules ACTIVE > liam rules ACTIVE > kaylene rules ACTIVE > reuben rules ACTIVE > liam rules ACTIVE > kaylene rules ACTIVE > ... > > Has anyone else experienced the replication problem? Are sieve > scripts actually replicating in live time for other 2.2.24/2.2.25 > users as well? For me I didn't notice this till I went looking so I > wonder if other people are experiencing this but just not aware of it > yet...? I will look at this more soon. Regards, Stephan. From reuben-dovecot at reub.net Mon Aug 1 01:37:39 2016 From: reuben-dovecot at reub.net (Reuben Farrelly) Date: Mon, 1 Aug 2016 11:37:39 +1000 Subject: Sieve Script Replication Gliches (Report #2) In-Reply-To: <7bf64b2f-fb63-316c-fe92-98da90b1b8f5@rename-it.nl> References: <4ece61c7-5950-9231-7efe-cf2eb9e270b1@reub.net> <7bf64b2f-fb63-316c-fe92-98da90b1b8f5@rename-it.nl> Message-ID: <8e809d23-d5b5-a35b-31a7-13f3c3e49250@reub.net> On 1/08/2016 10:01 AM, Stephan Bosch wrote: > Op 7/31/2016 om 4:27 AM schreef Reuben Farrelly: >> Hi, >> >> I've observed some odd behaviour with dsync replication between two >> hosts, specifically to do with sieve script replication. >> Has anyone else experienced the replication problem? Are sieve >> scripts actually replicating in live time for other 2.2.24/2.2.25 >> users as well? For me I didn't notice this till I went looking so I >> wonder if other people are experiencing this but just not aware of it >> yet...? > > I will look at this more soon. > > Regards, > > Stephan. Some further information. On the primary host: thunderstorm home # ls -al */sieve/rules.sieve -rw------- 1 user1 user1 3570 Jul 31 11:45 user1/sieve/rules.sieve -rw------- 1 user2 user2 175 Mar 15 2014 user2/sieve/rules.sieve -rw------- 1 user3 user3 725 Jul 31 09:32 user3/sieve/rules.sieve -rw------- 1 user4 user4 0 Jan 1 1970 user4/sieve/rules.sieve -rw------- 1 user5 user5 0 Jan 1 1970 user5/sieve/rules.sieve -rw-r--r-- 1 user6 user6 3719 Jul 31 11:24 user6/sieve/rules.sieve thunderstorm home # On the secondary host: lightning home # ls -al */sieve/rules.sieve -rw------- 1 user1 user1 3570 Jan 1 1970 user1/sieve/rules.sieve -rw------- 1 user2 user2 175 Mar 14 2014 user2/sieve/rules.sieve -rw------- 1 user3 user3 725 Jul 31 07:32 user3/sieve/rules.sieve -rw------- 1 user4 user4 0 Jan 1 1970 user4/sieve/rules.sieve -rw-r--r-- 1 user5 user5 0 Jan 1 1970 user5/sieve/rules.sieve -rw-r--r-- 1 user6 user6 3719 Jan 1 1970 user6/sieve/rules.sieve lightning home # In other words, the rules did eventually get propagated across, and based on the file sizes they are complete. But there is obviously something amiss with handling of dates (which in turn may relate to how the system determines that the file on each server is up to date or not, I guess). In this case the two systems are in different timezones - the primary is GMT+10 and the secondary GMT+8. Also the status of active users is not always replicated either. On one host the output of 'doveadm sieve list -A' shows my own account as ACTIVE but the other host shows all users - except for my account - as being active, and the sieve script for my account is not being replicated. The other interesting thing is the output of: dovecot sieve list -A While (as I said above) the output of this command is doubled up on the main host, it is not doubled up on the secondary host. Reuben From mfoley at ohprs.org Mon Aug 1 04:20:29 2016 From: mfoley at ohprs.org (Mark Foley) Date: Mon, 01 Aug 2016 00:20:29 -0400 Subject: IMAP flags and dovecot-keywords not working as expected In-Reply-To: <2e9ce2f2-2666-187e-896c-0dcbbb54d062@myzel.net> References: <201607300600.u6U60cCJ011737@mail.hprs.local> <2e9ce2f2-2666-187e-896c-0dcbbb54d062@myzel.net> Message-ID: <201608010420.u714KTh6005153@mail.hprs.local> I think I've partially sorted out my issues. First off, as the wiki: http://wiki2.dovecot.org/MailboxFormat/Maildir points out: "The file [dovecot-keywords] must not be directly modified ...", which is what I tried. So the dovecot-keywords file I manually created (entries 0-6): 0 Board_and_Committee 1 Completed 2 Health_Care_meetings 3 Notifications 4 OSHP-DAS 5 personal_or_To_Do 6 Retirement_exits 7 $label5 8 Junk 9 $Forwarded 10 $MDNSent 11 $label2 Was not used by Thunderbird. So, I removed that file, went into Thunderbird, and manually set a random message to tag 1 which I had renamed as "Board and Committee". And behold! a new dovecot-keyword file was created with the single entry: 0 $label1 As you (Peter) point out, Thunderbird retrieves the text for these from prefs.js. The reason, therefore, I have e.g. "11 $label2" in my original hand-edited file is that Thunderbird caused what I had designated as "Health Care Meeting" to be added to #11 since the previous slots were already used by other things which it did not recognize. Hence, they ended up with a IMAP flag of 'l'. I repeated this for a total of 4 more tags, resulting in dovecot-keyword entries: 0 $label1 1 $label2 2 $label3 3 $label4 4 $label5 Now, setting the tag in Tbird results in the correct text and color being shown for the message and the resulting IMAP tag being set correspondingly to 'a' thru 'e'. Flush with victory, I then foolish violated the "don't modify directly principle" by adding: 5 $label6 6 $label7 Which I thought would correspond to my remaining TB tags. Of course, wrong. When I then set a message to the 6th tag (keyword entry 5, $label6), it did not do it. Instead, for my last 2 tags it created 2 new entries: 7 personal_or_to_do 8 retirement_exits So, IMAP flags 'f' and 'g' are skipped and "Personal or To Do" tags get an 'h' flag and "Retirement Exits" get an 'i' flag. What was I thinking! Not worth starting over as this user had no Outlook categories set to these values, so so-what if that user's files get flagged with 'h', 'i'. Also interesting to note that the actual text of these last 2 tags is stored in the dovecot-keywords file. I supposed this means that Thunderbird has a limit of 5 (or 7?) $label's and any added beyond that get stored differently. But, I'm not finished. Of course, Thunderbird expects to set tags/IMAPflas on virgin messages in the user's mail folders. However, my need is to import Outlook categories and have Thunderbird interpret the IMAP flags correctly having never set them directly. So, I repeated the same procedure in other folders with messages having Outlook categories. The problem here is that setting a message to "Board and Committee" (Tbird tag 1) did not necessarily resulting in an IMAP flag of 'a'. In some folders it was 'b', some 'c' and some 'd'. I think my problem here was that I had manually set the IMAP flags on these message beforehand. So (I think) when Thunderbird, coordinating with Dovecot, went to set Tag 1, it saw that flag 'a' was already used and it picked the next free flag. Some folders had IMAP files with 2 and 3 flags set, hence Tag 1 getting set to 'c' or 'd' in those folders. I believe if I had not initially pre-set the IMAP flags on these files I would have seen the correct correspondance: Tag 1 = flag 'a', Tag 2 = flag 'b', etc. What I then did in these cases was first, find out what IMAP flag a Tbird tagged file would be set to (e.g. 'c'), then renamed all my *a files to e.g. *c. That worked. Suddenly, folders with 100 flags thusly set showed up with correct tags and colors in Thunderbird. To summarize, and this what I will do next time: 1. DO NOT pre-add IMAP flags to mail files. 2. For each folder in which there are Outlook categorized message, set an arbitrary message in that folder to each of the Thunderbird flags corresponding to Outlook categories to determine the correct flag letter -- which also causes Thunderbird and dovecot to save their respective settings. 3. Then, rename each mail file to have the correct IMAP flag(s). That can be quicky done using a script and the list of message having Outlook categories. I believe this procedure will work correctly and I will confirm that when I process my 2nd Outlook user (who is, btw, the organization Director and who is a super user of Outlook categories! Failure is not an option!). For anyone needing to do the same thing (migrate Outlook categories), I've included below a VB script to run in Outlook which will output a list of all messages having categories. The IMAP mail file's Message ID can be used to locate the categorized message file in the IMAP folder hierarchy and the category name (following the "~") indicates which Thunderbird tag to map it to. I'll not include the bash script to mass-append IMAP flags to these files as that script will need some revising based on my recent experimentation, but should be a rather simple bash exercise in any case. Note that the Outlook messages are also the same MAPI files, only the client used (Outlook versus Thunderbird) are different. Outlook does not set IMAP flags to designate categories. Categories are apparently stored in the user's .pst file. ------------CUT---------- Public Sub ListOutlookFolders() Dim olApp As Outlook.Application Dim olNamespace As Outlook.Namespace Dim olFolder As Outlook.MAPIFolder Set olApp = New Outlook.Application Set olNamespace = olApp.GetNamespace("MAPI") For Each olFolder In olNamespace.Folders Debug.Print olFolder.Name; ":", olFolder.Description ListFolders olFolder, 1 Next Set olFolder = Nothing Set olNamespace = Nothing Set olApp = Nothing End Sub Sub ListFolders(myFolder As Outlook.MAPIFolder, Level As Integer) Dim olFolder As Outlook.MAPIFolder ' go through each email scanFolder myFolder ' Now we'll check for subfolders For Each olFolder In myFolder.Folders ' Debug.Print ":"; String(Level * 2, "-"); olFolder.Name ' go through each email scanFolder olFolder If olFolder.Folders.Count > 0 Then ListFolders olFolder, Level + 1 End If Next End Sub Sub scanFolder(sFolder As Outlook.MAPIFolder) Dim src As Folder Dim oItem As Object Dim propertyAccessor As Outlook.propertyAccessor Set src = sFolder Dim strHeader As String For Each oItem In src.Items If TypeOf oItem Is Outlook.MailItem And oItem.Categories <> "" Then ' Debug.Print "Cat: " + oItem.Categories Set propertyAccessor = oItem.propertyAccessor header = propertyAccessor.GetProperty("http://schemas.microsoft.com/mapi/proptag/0x007D001E") Dim headerLines() As String headerLines() = Split(header, vbCrLf) Dim thisHeader As Variant For Each thisHeader In headerLines If InStr(thisHeader, "Message-ID:") > 0 Then Debug.Print thisHeader + "~" + oItem.Categories Exit For End If Next End If Next End Sub ----------CUT--------- Example of resulting output: Message-ID: <201109011105.p81B5666028910 at webserver.ohprs.org>~Red Category Hopefully someone finds this useful. THX --Mark -----Original Message----- > Subject: Re: IMAP flags and dovecot-keywords not working as expected > To: dovecot at dovecot.org > From: Peter Chiochetti > Date: Sat, 30 Jul 2016 11:26:09 +0200 > > Am 2016-07-30 um 08:00 schrieb Mark Foley: > ? > > > > However, none of the tags show up correctly in Thunderbird. If I manually set a message to > > have a tag of 0, the corresponding IMAP file gets a flag of 'm', not 'a' and the following is > > added to the dovecot-keywords files: > > > > 12 $label1 > > > > How can I fix this? Where is "$label1" text defined? Why did Thunderbird not snag the text for > > '0' from the dovecot-keywords file and give the IMAP file a tag of 'a'? > > Thunderbird flags are stored in the users prefs.js, eg: > - user_pref("mailnews.tags.$label1.tag", "Important"); > - user_pref("mailnews.tags.$label1.color", "#FF0000"); > > A kind of key->value assignment. The "$label[1-9]" keys are special, > where the number magically corresponds to the keyboard shorcut to tag > messages, 0 meaning clear all tags. > > There can be more than nine tags, but they wont have a shortcut then: > - user_pref("mailnews.tags.ten.tag", "ten"); > > 1) The server will only ever see the key. The user will only ever see > the value. > > 2) If you rename a label in TB, then only the value will change and the > server will still see the same key as before. > > 3) If you rename a key in dovecot, TB will not create a label for it and > the affected messages will no longer appear tagged, if TB does not know > about the key. > > 4) Dovecot adds to the keywords as it receives requests from clients: > Very likely there is a limit of 26 (letters of the alphabet) per > account; a-d=0-3 are already taken for internal use, so 22 remain. > > > > My current theory is that the "Default" Thunderbird Tags corresponding to IMAP flags are not > > changeable and if new tags are create in Tbird, they get new flag letters. That would, of > > course, mean that if a user changes Thunderbird tag name, they would lose all tag settings on > > existing message. That doesn't seem right and I hope my theory is wrong. > > I think you are mostly wrong: as long as you only use TB to work and as > long as you do not exceed the limit you should be save. > > Notice that tags are a scarce resource: any key you ever created counts > toward the limit - reusing old tags requires you to text-edit both > dovecot-keywords and TB prefs.js. > > -- > peter > From skdovecot at smail.inf.fh-brs.de Mon Aug 1 06:21:46 2016 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 1 Aug 2016 08:21:46 +0200 (CEST) Subject: POP3 & IMAP inbox setting for virtual In-Reply-To: <1b9a01d1e9f1$44960e90$cdc22bb0$@mefox.org> References: <02ab01d1e948$237eba80$6a7c2f80$@mefox.org> <1b9a01d1e9f1$44960e90$cdc22bb0$@mefox.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 29 Jul 2016, Michael Fox wrote: >> you can select the passwd-file by %u , e.g. see the first example of >> passdb's on http://wiki2.dovecot.org/AuthDatabase/PasswdFile > > I think you mean by %s. Correct? yes, %s = %{service} >> So, generate a passwd-file with namespace/inbox/inbox, make a script to >> strip this settings from it and dump into another file. This script is to >> run each time, the main file changes (or by cron), in order to keep both >> files in sync. >> >> Then: >> >> userdb { >> driver = passwd-file >> args = username_format=%n /etc/passwd.%s >> # default_fields = uid=vmail gid=vmail home=/home/vmail/%u >> } >> >> Then symlink /etc/passwd.POP3 to the file with and /etc/passwd.IMAP (and >> any other that generates not-found errors) to the file without the virtual >> namespace. > > Hmm. But the goal is for both POP3 and IMAP to see both namespaces. POP3 > would see both via the virtual namespace. So, following the idea of > passwd-file per %s, it seems like I should do something like: > > .../passwd.pop3: > Set the "extra fields" = userdb_namespace/virtual/inbox=yes > > .../passwd.imap: > Set the "extra fields" = userdb_namespace/inbox/inbox=yes > > Does that make sense? yes :-) - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBV57qe3z1H7kL/d9rAQKX0Qf+KN9L0mgDLJTB27yrtJc9XmOifXqyzUGS D49BALfSOv5aRXUoIW0Y7cRVYbcPPyeJPN5jdWeg93Hbljk8VryLh0kGGuU+y8YC fToNd/rIyBVyX0nv4a4mxhbnxdwt5isSRzpr5aXANjJsUtJaCNqg7rs3l5vnvd7q gWDiM9XkbKkxWVmwpVR5vXio8EMNNCdtNQWsdBxqqNvpHvnnOGu1NWyO20IHiK/b NdPBxBImML8oxEmEGbIsbDs8wRefjXNak5RTAfIMpuQyb/31zwSIeOHWkLCGU9EQ kLVQbl/lnbMxLcxVK37B3Q9TlbyFAWzCGf00FCZnyv0loGw2OVAV9w== =QrF6 -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Mon Aug 1 06:31:02 2016 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 1 Aug 2016 08:31:02 +0200 (CEST) Subject: self signed certs and dovecot imaps : howto? tlsv1 alert unknown ca In-Reply-To: <511c80d5-3f38-d051-d538-ac22c2891d3c@gmail.com> References: <511c80d5-3f38-d051-d538-ac22c2891d3c@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 30 Jul 2016, hanasaki at gmail.com wrote: > How do you setup dovecot to use a self signed cert? One server will be > connected to the internet. One will be totally internal and have no runtime > access to the internet. Getting the below error msg. Also, I think I have a > TLS 1.0 and need a 1.2 cert?... > > Thank you. > > Jul 28 20:09:27 host dovecot: imap-login:: user=<>, rip=10...., lip=10...., > TLS: SSL_read() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 > alert unknown ca: SSL alert number 48, session= have you imported the certificate into the client? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBV57spnz1H7kL/d9rAQKurgf/WFtVim8mnPSpEr8fSUpfxssLw3yOYoLm Hsc0TzoeU43BPJtIbtgNk9GcvXmpUVkYj6jDY1QcEx5UGWTn0TU3uO1LVPVCfBs7 nscBZPgEoEK6V52BGtzwTKlTPQAJKdoiJDgW8Djkzwwaum1nFBf+7l33YRQv2/yZ b0qiTH5UeXm9KggEHX5FNseHITF98mq8X/qbgn3bvpbxoItF5cZzKUppV+6xyZAb 7mvvl3tzdB6+fKSStW7UZ+Xm++2K+dLac8vshhszspKHM9mQO51/FyeiT4rj1JOI 2dJRTf3j28mLLqzBw1JB4LIi/ODHy8aanTz1+IvbNzzbwbBxEgE7GA== =8S0y -----END PGP SIGNATURE----- From news at mefox.org Mon Aug 1 08:41:47 2016 From: news at mefox.org (Michael Fox) Date: Mon, 1 Aug 2016 01:41:47 -0700 Subject: POP3 & IMAP inbox setting for virtual In-Reply-To: References: <02ab01d1e948$237eba80$6a7c2f80$@mefox.org> <1b9a01d1e9f1$44960e90$cdc22bb0$@mefox.org> Message-ID: <015201d1ebd0$8aad8e90$a008abb0$@mefox.org> Thanks Steffen. I'll give that a try. > > > > I think you mean by %s. Correct? > > yes, %s = %{service} > > >> So, generate a passwd-file with namespace/inbox/inbox, make a script to > >> strip this settings from it and dump into another file. This script is > to > >> run each time, the main file changes (or by cron), in order to keep > both > >> files in sync. > >> > >> Then: > >> > >> userdb { > >> driver = passwd-file > >> args = username_format=%n /etc/passwd.%s > >> # default_fields = uid=vmail gid=vmail home=/home/vmail/%u > >> } > >> > >> Then symlink /etc/passwd.POP3 to the file with and /etc/passwd.IMAP > (and > >> any other that generates not-found errors) to the file without the > virtual > >> namespace. > > > > Hmm. But the goal is for both POP3 and IMAP to see both namespaces. > POP3 > > would see both via the virtual namespace. So, following the idea of > > passwd-file per %s, it seems like I should do something like: > > > > .../passwd.pop3: > > Set the "extra fields" = userdb_namespace/virtual/inbox=yes > > > > .../passwd.imap: > > Set the "extra fields" = userdb_namespace/inbox/inbox=yes > > > > Does that make sense? > > yes :-) > From pch at myzel.net Mon Aug 1 10:38:52 2016 From: pch at myzel.net (Peter Chiochetti) Date: Mon, 1 Aug 2016 12:38:52 +0200 Subject: IMAP flags and dovecot-keywords not working as expected In-Reply-To: <201608010420.u714KTh6005153@mail.hprs.local> References: <201607300600.u6U60cCJ011737@mail.hprs.local> <2e9ce2f2-2666-187e-896c-0dcbbb54d062@myzel.net> <201608010420.u714KTh6005153@mail.hprs.local> Message-ID: <10387a35-7872-86da-265b-d8c9a5ddec64@myzel.net> Hello Mark, nice to read you worked it out Here a oneliner to learn the file name characters for dovecot-keywords > awk '{printf("%c: %2d %s\n", $1+97, $1, $2) }' dovecot-keywords If you want to pre-populate dovecot-keywords, you would have to add the file to all of the Maildir folders *before* you tag any message at all. Probably best, while dovecot is down. Only then the reference from keyword key to keyword number would be the same in all folders and you could rename messages in the file-system regardless of where they are. A starting keywords file might look like this: > 0 $Forwarded > 1 $MDNSent > 2 NonJunk > 3 Junk > 4 $label1 > 5 $label2 > 6 $label3 > 7 $label4 > 8 $label5 > 9 $label6 > 10 $label7 > 11 $label8 > 12 $label9 A starting prefs.js would contain lines like these: >>> - user_pref("mailnews.tags.$label1.tag", "Important"); >>> - user_pref("mailnews.tags.$label2.tag", "TODO"); >>> - ? >>> - user_pref("mailnews.tags.$label9.tag", "Special"); Happy Hacking -- peter From luckyfellow42 at gmail.com Mon Aug 1 12:45:34 2016 From: luckyfellow42 at gmail.com (Andreas Meyer) Date: Mon, 1 Aug 2016 14:45:34 +0200 Subject: New password hashing scheme as plugin In-Reply-To: <424914848.3507.1469975998263@appsuite-dev.open-xchange.com> References: <424914848.3507.1469975998263@appsuite-dev.open-xchange.com> Message-ID: 2016-07-31 16:39 GMT+02:00 : > > > On July 27, 2016 at 2:08 AM Andreas Meyer > wrote: > > > > > > Hi, > > > > > > I want to add a new password hashing scheme as plugin and provide it for > > the dovecot project, so that it will be included as optional plugin in > > future releases. > > > > Yet the plugin compiles fine and the .so file gets created. > > > > My approach is to call the functions password_scheme_register() and > > password_scheme_unregister() (src/auth/password-scheme.c) inside the > > plugin's _init() and _deinit() functions. > > > > When a client tries to login via imap the log shows an error message: > > > > Error: Couldn't load required plugin > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed: > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol: > > password_scheme_unregister > > > > That error obviously occurs, because the required lib is not linked into > > the plugin. > > > > > > Now my problem is to understand, whether this approach (via .so file) can > > be successful at all and if so, how? > > Do I need to link libs into it? Which would that be and how do I specify > > them in the Makefile.am? > > > > I assume, I don't need to link a lib, but need to use a hook to register > > the new hashing scheme, since the plugin is loaded into an already > existing > > process, which needs to get extended. If this is true, which hook would > > that be and how do I register the new scheme? > > > > Or is there no way to accomplish this via a separated .so plugin? Should > I > > extend the sources in /src/auth instead? (separat file for the hashing > > scheme with preprocessor instructions to include it only on demand) > > > > > > > > Thank you very much, > > > > Andreas > > Can you publish your code in, say, github.com and provide link to it? > New password scheme is doable as plugin but it needs to placed in different > place and it will be autoloaded. > > Aki > I created two branches. Both compile fine with the option: --with-libsodium Branch #1) https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_plugin This is my try to add libsodium support as plugin. When the plugin is loaded, it exits with the mentioned error message "undefined symbol: password_scheme_unregister" Branch #2) https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_auth This compiles fine and also works. The new hashing schemes SCRYPT and ARGON2 are available to dovecot. Libsodium support is not created as module, but only added if the --with-libsodium option was passed to configure. Regards, Andreas From aki.tuomi at dovecot.fi Mon Aug 1 13:34:44 2016 From: aki.tuomi at dovecot.fi (aki.tuomi at dovecot.fi) Date: Mon, 1 Aug 2016 16:34:44 +0300 (EEST) Subject: New password hashing scheme as plugin In-Reply-To: References: <424914848.3507.1469975998263@appsuite-dev.open-xchange.com> Message-ID: <1869870993.838.1470058484964@appsuite-dev.open-xchange.com> > On August 1, 2016 at 3:45 PM Andreas Meyer wrote: > > > 2016-07-31 16:39 GMT+02:00 : > > > > > > On July 27, 2016 at 2:08 AM Andreas Meyer > > wrote: > > > > > > > > > Hi, > > > > > > > > > I want to add a new password hashing scheme as plugin and provide it for > > > the dovecot project, so that it will be included as optional plugin in > > > future releases. > > > > > > Yet the plugin compiles fine and the .so file gets created. > > > > > > My approach is to call the functions password_scheme_register() and > > > password_scheme_unregister() (src/auth/password-scheme.c) inside the > > > plugin's _init() and _deinit() functions. > > > > > > When a client tries to login via imap the log shows an error message: > > > > > > Error: Couldn't load required plugin > > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed: > > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol: > > > password_scheme_unregister > > > > > > That error obviously occurs, because the required lib is not linked into > > > the plugin. > > > > > > > > > Now my problem is to understand, whether this approach (via .so file) can > > > be successful at all and if so, how? > > > Do I need to link libs into it? Which would that be and how do I specify > > > them in the Makefile.am? > > > > > > I assume, I don't need to link a lib, but need to use a hook to register > > > the new hashing scheme, since the plugin is loaded into an already > > existing > > > process, which needs to get extended. If this is true, which hook would > > > that be and how do I register the new scheme? > > > > > > Or is there no way to accomplish this via a separated .so plugin? Should > > I > > > extend the sources in /src/auth instead? (separat file for the hashing > > > scheme with preprocessor instructions to include it only on demand) > > > > > > > > > > > > Thank you very much, > > > > > > Andreas > > > > Can you publish your code in, say, github.com and provide link to it? > > New password scheme is doable as plugin but it needs to placed in different > > place and it will be autoloaded. > > > > Aki > > > > > > > I created two branches. Both compile fine with the option: --with-libsodium > > Branch #1) > > https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_plugin > > This is my try to add libsodium support as plugin. When the plugin is > loaded, it exits with the mentioned error message "undefined symbol: > password_scheme_unregister" > > > Branch #2) > > https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_auth > > This compiles fine and also works. The new hashing schemes SCRYPT and > ARGON2 are available to dovecot. > Libsodium support is not created as module, but only added if the > --with-libsodium option was passed to configure. > > > > Regards, > Andreas Hi! I'll take a look. It's completely doable as plugin, just needs some things done right. Aki From aki.tuomi at dovecot.fi Mon Aug 1 13:38:23 2016 From: aki.tuomi at dovecot.fi (aki.tuomi at dovecot.fi) Date: Mon, 1 Aug 2016 16:38:23 +0300 (EEST) Subject: New password hashing scheme as plugin In-Reply-To: References: <424914848.3507.1469975998263@appsuite-dev.open-xchange.com> Message-ID: <633226559.876.1470058704230@appsuite-dev.open-xchange.com> > On August 1, 2016 at 3:45 PM Andreas Meyer wrote: > > > 2016-07-31 16:39 GMT+02:00 : > > > > > > On July 27, 2016 at 2:08 AM Andreas Meyer > > wrote: > > > > > > > > > Hi, > > > > > > > > > I want to add a new password hashing scheme as plugin and provide it for > > > the dovecot project, so that it will be included as optional plugin in > > > future releases. > > > > > > Yet the plugin compiles fine and the .so file gets created. > > > > > > My approach is to call the functions password_scheme_register() and > > > password_scheme_unregister() (src/auth/password-scheme.c) inside the > > > plugin's _init() and _deinit() functions. > > > > > > When a client tries to login via imap the log shows an error message: > > > > > > Error: Couldn't load required plugin > > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed: > > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol: > > > password_scheme_unregister > > > > > > That error obviously occurs, because the required lib is not linked into > > > the plugin. > > > > > > > > > Now my problem is to understand, whether this approach (via .so file) can > > > be successful at all and if so, how? > > > Do I need to link libs into it? Which would that be and how do I specify > > > them in the Makefile.am? > > > > > > I assume, I don't need to link a lib, but need to use a hook to register > > > the new hashing scheme, since the plugin is loaded into an already > > existing > > > process, which needs to get extended. If this is true, which hook would > > > that be and how do I register the new scheme? > > > > > > Or is there no way to accomplish this via a separated .so plugin? Should > > I > > > extend the sources in /src/auth instead? (separat file for the hashing > > > scheme with preprocessor instructions to include it only on demand) > > > > > > > > > > > > Thank you very much, > > > > > > Andreas > > > > Can you publish your code in, say, github.com and provide link to it? > > New password scheme is doable as plugin but it needs to placed in different > > place and it will be autoloaded. > > > > Aki > > > > > > > I created two branches. Both compile fine with the option: --with-libsodium > > Branch #1) > > https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_plugin > > This is my try to add libsodium support as plugin. When the plugin is > loaded, it exits with the mentioned error message "undefined symbol: > password_scheme_unregister" > > > Branch #2) > > https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_auth > > This compiles fine and also works. The new hashing schemes SCRYPT and > ARGON2 are available to dovecot. > Libsodium support is not created as module, but only added if the > --with-libsodium option was passed to configure. > > > > Regards, > Andreas Hi! I had a look at your code and noticed you had tried to put it in dovecot's tree. I would recommend making completely separate plugin of it. It's not very hard, I can help you out there. It does not need to be in src/plugins, the source supports fully external plugins that you can then install separately. This would make it lot more easier to develop the plugin. I'll see if I can make you a little skeleton to help you out with this, you can then use it as basis for your auth plugin. Aki From aki.tuomi at dovecot.fi Mon Aug 1 13:58:17 2016 From: aki.tuomi at dovecot.fi (aki.tuomi at dovecot.fi) Date: Mon, 1 Aug 2016 16:58:17 +0300 (EEST) Subject: New password hashing scheme as plugin In-Reply-To: <633226559.876.1470058704230@appsuite-dev.open-xchange.com> References: <424914848.3507.1469975998263@appsuite-dev.open-xchange.com> <633226559.876.1470058704230@appsuite-dev.open-xchange.com> Message-ID: <1496422593.993.1470059897996@appsuite-dev.open-xchange.com> > On August 1, 2016 at 4:38 PM aki.tuomi at dovecot.fi wrote: > > > > > On August 1, 2016 at 3:45 PM Andreas Meyer wrote: > > > > > > 2016-07-31 16:39 GMT+02:00 : > > > > > > > > > On July 27, 2016 at 2:08 AM Andreas Meyer > > > wrote: > > > > > > > > > > > > Hi, > > > > > > > > > > > > I want to add a new password hashing scheme as plugin and provide it for > > > > the dovecot project, so that it will be included as optional plugin in > > > > future releases. > > > > > > > > Yet the plugin compiles fine and the .so file gets created. > > > > > > > > My approach is to call the functions password_scheme_register() and > > > > password_scheme_unregister() (src/auth/password-scheme.c) inside the > > > > plugin's _init() and _deinit() functions. > > > > > > > > When a client tries to login via imap the log shows an error message: > > > > > > > > Error: Couldn't load required plugin > > > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed: > > > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol: > > > > password_scheme_unregister > > > > > > > > That error obviously occurs, because the required lib is not linked into > > > > the plugin. > > > > > > > > > > > > Now my problem is to understand, whether this approach (via .so file) can > > > > be successful at all and if so, how? > > > > Do I need to link libs into it? Which would that be and how do I specify > > > > them in the Makefile.am? > > > > > > > > I assume, I don't need to link a lib, but need to use a hook to register > > > > the new hashing scheme, since the plugin is loaded into an already > > > existing > > > > process, which needs to get extended. If this is true, which hook would > > > > that be and how do I register the new scheme? > > > > > > > > Or is there no way to accomplish this via a separated .so plugin? Should > > > I > > > > extend the sources in /src/auth instead? (separat file for the hashing > > > > scheme with preprocessor instructions to include it only on demand) > > > > > > > > > > > > > > > > Thank you very much, > > > > > > > > Andreas > > > > > > Can you publish your code in, say, github.com and provide link to it? > > > New password scheme is doable as plugin but it needs to placed in different > > > place and it will be autoloaded. > > > > > > Aki > > > > > > > > > > > > > I created two branches. Both compile fine with the option: --with-libsodium > > > > Branch #1) > > > > https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_plugin > > > > This is my try to add libsodium support as plugin. When the plugin is > > loaded, it exits with the mentioned error message "undefined symbol: > > password_scheme_unregister" > > > > > > Branch #2) > > > > https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_auth > > > > This compiles fine and also works. The new hashing schemes SCRYPT and > > ARGON2 are available to dovecot. > > Libsodium support is not created as module, but only added if the > > --with-libsodium option was passed to configure. > > > > > > > > Regards, > > Andreas > > Hi! > > I had a look at your code and noticed you had tried to put it in dovecot's tree. I would recommend making completely separate plugin of it. It's not very hard, I can help you out there. It does not need to be in src/plugins, the source supports fully external plugins that you can then install separately. > > This would make it lot more easier to develop the plugin. I'll see if I can make you a little skeleton to help you out with this, you can then use it as basis for your auth plugin. > > Aki https://github.com/cmouse/dovecot-password-scheme-plugin is the plugin template you can use. please see if it helps you out. Aki From luckyfellow42 at gmail.com Mon Aug 1 21:46:53 2016 From: luckyfellow42 at gmail.com (Andreas Meyer) Date: Mon, 1 Aug 2016 23:46:53 +0200 Subject: New password hashing scheme as plugin In-Reply-To: <1496422593.993.1470059897996@appsuite-dev.open-xchange.com> References: <424914848.3507.1469975998263@appsuite-dev.open-xchange.com> <633226559.876.1470058704230@appsuite-dev.open-xchange.com> <1496422593.993.1470059897996@appsuite-dev.open-xchange.com> Message-ID: 2016-08-01 15:58 GMT+02:00 : > > > On August 1, 2016 at 4:38 PM aki.tuomi at dovecot.fi wrote: > > > > > > > > > On August 1, 2016 at 3:45 PM Andreas Meyer > wrote: > > > > > > > > > 2016-07-31 16:39 GMT+02:00 : > > > > > > > > > > > > On July 27, 2016 at 2:08 AM Andreas Meyer > > > > > wrote: > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > I want to add a new password hashing scheme as plugin and provide > it for > > > > > the dovecot project, so that it will be included as optional > plugin in > > > > > future releases. > > > > > > > > > > Yet the plugin compiles fine and the .so file gets created. > > > > > > > > > > My approach is to call the functions password_scheme_register() and > > > > > password_scheme_unregister() (src/auth/password-scheme.c) inside > the > > > > > plugin's _init() and _deinit() functions. > > > > > > > > > > When a client tries to login via imap the log shows an error > message: > > > > > > > > > > Error: Couldn't load required plugin > > > > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed: > > > > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol: > > > > > password_scheme_unregister > > > > > > > > > > That error obviously occurs, because the required lib is not > linked into > > > > > the plugin. > > > > > > > > > > > > > > > Now my problem is to understand, whether this approach (via .so > file) can > > > > > be successful at all and if so, how? > > > > > Do I need to link libs into it? Which would that be and how do I > specify > > > > > them in the Makefile.am? > > > > > > > > > > I assume, I don't need to link a lib, but need to use a hook to > register > > > > > the new hashing scheme, since the plugin is loaded into an already > > > > existing > > > > > process, which needs to get extended. If this is true, which hook > would > > > > > that be and how do I register the new scheme? > > > > > > > > > > Or is there no way to accomplish this via a separated .so plugin? > Should > > > > I > > > > > extend the sources in /src/auth instead? (separat file for the > hashing > > > > > scheme with preprocessor instructions to include it only on demand) > > > > > > > > > > > > > > > > > > > > Thank you very much, > > > > > > > > > > Andreas > > > > > > > > Can you publish your code in, say, github.com and provide link to > it? > > > > New password scheme is doable as plugin but it needs to placed in > different > > > > place and it will be autoloaded. > > > > > > > > Aki > > > > > > > > > > > > > > > > > > > I created two branches. Both compile fine with the option: > --with-libsodium > > > > > > Branch #1) > > > > > > > https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_plugin > > > > > > This is my try to add libsodium support as plugin. When the plugin is > > > loaded, it exits with the mentioned error message "undefined symbol: > > > password_scheme_unregister" > > > > > > > > > Branch #2) > > > > > > > https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_auth > > > > > > This compiles fine and also works. The new hashing schemes SCRYPT and > > > ARGON2 are available to dovecot. > > > Libsodium support is not created as module, but only added if the > > > --with-libsodium option was passed to configure. > > > > > > > > > > > > Regards, > > > Andreas > > > > Hi! > > > > I had a look at your code and noticed you had tried to put it in > dovecot's tree. I would recommend making completely separate plugin of it. > It's not very hard, I can help you out there. It does not need to be in > src/plugins, the source supports fully external plugins that you can then > install separately. > > > > This would make it lot more easier to develop the plugin. I'll see if I > can make you a little skeleton to help you out with this, you can then use > it as basis for your auth plugin. > > > > Aki > > https://github.com/cmouse/dovecot-password-scheme-plugin > > is the plugin template you can use. please see if it helps you out. > > Aki > Thank you very much for the skeleton. It really helped a lot. I created this repository and checked in my changes: https://github.com/LuckyFellow/dovecot-libsodium-plugin It compiles and installs fine. The auth module loads the plugin automatically on demand, the hashing schemes are available and they work. What do I need to do, so that you can include it as plugin? Regards, Andreas From dovecot at mx24.net Mon Aug 1 22:13:00 2016 From: dovecot at mx24.net (Vince42) Date: Tue, 2 Aug 2016 00:13:00 +0200 Subject: SSL connection reset by peer In-Reply-To: References: <8bbc2e86-7cbf-34ad-be55-17bf47f58987@mx24.net> <94489cea-5a4b-de32-3201-4e096d5762aa@mx24.net> Message-ID: <9498a19f-5838-d0e2-6406-62cfb6fcec36@mx24.net> Hi, [Steffen Kaiser] - [2016-07-26 09:05] >> Could it be that I need to offer more login processes or that I should >> raise some of my configuration values? The mail_max_userip_connections >> does not seem to solve the problem. > usually you get some warning in the logs, if such limit is reached. I changed some parameters in the imap-login service and the problem seems to be gone - at least I have not received any error message in three days. Following the examples on http://wiki.dovecot.org/LoginProcess I changed 10-master.conf to service imap-login { service_count = 0 #client_limit = $default_client_limit process_min_avail = 8 vsz_limit = 256M I think that these parameters are very generous and I would rather like to stick to "high security" than to "high performance". What would be your recommendations? Would it suffice to try to set service_count back to 1? Also I did not touch the client_limit, as I did not understand the formula "Default client_limit * process_limit = 1000*100 = 100k connections" given on the wiki page. Any suggestions are welcome and highly appreciated. -- Cheers, \\|// Vince (o o) ----------------------------ooO-(_)-Ooo------------------------- ''' (o)_(o) [ ][0][ ] ??? (=?o?=) World Domination by Copy and Paste [ ][ ][0] - (")_(") [0][0][0] () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Ooo. ---------------------------.ooO----( )------------------------- ( ) (_/ \_) From news at mefox.org Mon Aug 1 22:35:39 2016 From: news at mefox.org (Michael Fox) Date: Mon, 1 Aug 2016 15:35:39 -0700 Subject: passwd-file extra-fields: inbox=yes Message-ID: <01d901d1ec45$08604340$1920c9c0$@mefox.org> I'd like to implement the virtual plugin so that POP3 users can see emails in their own inbox and a public namespace. As I understand it, I need to set "inbox=yes" separately, depending on which service the user is using. With passwd-file flat files, this means: userdb { args = ... /path/userdb.%s } userdb.imap: set the extra fields for each user = userdb_namespace/inbox/inbox=yes userdb.pop3: set the extra fields for each user = userdb_namespace/virtual/inbox=yes But without even getting to the virtual namespace part, I'm having difficulty getting the extra fields setting to work for a regular IMAP user. Specifically: If I use the Dovecot default settings of namespace inbox, which includes inbox=yes, and do NOT include the extra_fields value shown above, then IMAP users can log in OK. But if I comment out inbox=yes within namespace inbox, and then add the extra fields to userdb.imap (as shown above), (and reload doveadm), then the IMAP user is no longer able to login. Thunderbird displays "Login to server ... failed." and I get the following in syslog (mail.err): Aug 1 13:56:13 n6mef-gw dovecot: imap(mefimp at email.n6mef.org): Error: user mefimp at email.n6mef.org: Initialization failed: namespace configuration error: Duplicate namespace prefix: "" Aug 1 13:56:13 n6mef-gw dovecot: imap(mefimp at email.n6mef.org): Error: Invalid user settings. Refer to server log for more information. I'm at a loss for what's wrong. Can someone help? Userdb.imap test entry and doveconf -n below. Thanks, Michael Userdb.imap: mefimp::::Michael E Fox - mefimp:::userdb_namespace=/namespace/inbox/inbox=yes $ doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-76-generic x86_64 Ubuntu 14.04.4 LTS auth_mechanisms = cram-md5 auth_verbose = yes mail_gid = vmail mail_location = maildir:~/Maildir mail_plugins = " quota" mail_uid = vmail namespace inbox { location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/deny-users deny = yes driver = passwd-file } passdb { args = scheme=cram-md5 username_format=%n /etc/dovecot/auth.d/%d/passdb driver = passwd-file } plugin { quota = maildir:User quota quota_grace = 10%% quota_rule = *:storage=50MB quota_rule2 = Trash:storage=+10%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_status_toolarge = 552 5.2.3 Message is too large quota_warning = storage=90%% quota-warning 90 %n %d quota_warning2 = storage=75%% quota-warning 75 %n %d } pop3_lock_session = yes protocols = pop3 imap lmtp service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3 { executable = pop3 postlogin process_limit = 25 } service postlogin { executable = script-login /etc/dovecot/postlogin.sh group = vmail user = vmail } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12340 } } service quota-warning { executable = /etc/dovecot/quota-warning.sh user = vmail } ssl = required ssl_cert = The service specific passwd-file userdb is causing quota-status and lmtp to fail. Using: userdb { args = ... /etc/dovecot/auth.d/%d/userdb.%s } I'm getting the following in /var/log/mail.err when I try to send/receive mail: Aug 1 15:46:57 n6mef-gw dovecot: auth: Error: passwd-file(mefpop at email.n6mef.org): stat(/etc/dovecot/auth.d/email.n6mef.org/userdb.quota-status) failed: Address family not supported by protocol Aug 1 15:47:08 n6mef-gw dovecot: auth: Error: passwd-file(mefpop at email.n6mef.org): stat(/etc/dovecot/auth.d/email.n6mef.org/userdb.lmtp) failed: Address family not supported by protocol I don't have a userdb.quota-status or userdb.lmtp. Is there something else that needs to be in the configuration to prevent these services from needing their own userdb? Thanks, Michael $ doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-76-generic x86_64 Ubuntu 14.04.4 LTS auth_mechanisms = cram-md5 auth_verbose = yes mail_gid = vmail mail_location = maildir:~/Maildir mail_plugins = " quota" mail_uid = vmail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/deny-users deny = yes driver = passwd-file } passdb { args = scheme=cram-md5 username_format=%n /etc/dovecot/auth.d/%d/passdb driver = passwd-file } plugin { quota = maildir:User quota quota_grace = 10%% quota_rule = *:storage=50MB quota_rule2 = Trash:storage=+10%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_status_toolarge = 552 5.2.3 Message is too large quota_warning = storage=90%% quota-warning 90 %n %d quota_warning2 = storage=75%% quota-warning 75 %n %d } pop3_lock_session = yes protocols = pop3 imap lmtp service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3 { executable = pop3 postlogin process_limit = 25 } service postlogin { executable = script-login /etc/dovecot/postlogin.sh group = vmail user = vmail } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12340 } } service quota-warning { executable = /etc/dovecot/quota-warning.sh user = vmail } ssl = required ssl_cert = Hello, this is basically a repeat of this query from last year, which unfortunately got a deafening silence for replies: --- http://dovecot.org/pipermail/dovecot/2015-August/101720.html --- I have mostly 2.1.7 (Debian Wheezy) mailbox servers and the current proxies are also of that vintage. So with "ssl=yes" and "disable_plaintext_auth=no" plaintext logins work, as per the documentation (http://wiki2.dovecot.org/SSL/DovecotConfiguration) and historically expected. Trying to use a 2.2.24 (Debian Jessie backports) dovecot proy with the same parameters fails like this: --- Aug 2 15:45:57 smtp12 dovecot: pop3-login: proxy(chibixxx at gol.com): Login failed to mbxx.xxx.gol.com:110: Plaintext authentication disallowed on non-secure (SSL/TLS) connections.: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, pid=16066 --- Changing things to "ssl=no" doesn't help and setting trusted networks only changes the last bit to have "secured" appended but still fails the same otherwise. I really need 2.2.x to behave the same way as before and documented. Any ideas and feedback would be most welcome. Regards, Christian -- Christian Balzer Network/Systems Engineer chibi at gol.com Global OnLine Japan/Rakuten Communications http://www.gol.com/ From matthias.lay at securepoint.de Tue Aug 2 12:32:48 2016 From: matthias.lay at securepoint.de (Matthias Lay) Date: Tue, 2 Aug 2016 14:32:48 +0200 Subject: [BUG] auth_bind with "()#<>"\:," in username not working In-Reply-To: <20160726130724.17f6a7b8@eugen.spdev.local> References: <20160609144856.20d7ee37@eugen.spdev.local> <20160624103351.1a683b24@eugen.spdev.local> <20160726130724.17f6a7b8@eugen.spdev.local> Message-ID: <20160802143248.002d3c3f@eugen.spdev.local> Hi once again, replying to myself I think I tracked down the problem with a local openldap server. IMO the point is, you are using a ldap search escaping for a DN Request which needs another kind of escaping. the '(' worked well with my NULL-Patch because '(' is a char that needs escaping for a search filter but not for DN. I experienced some more problems with users containing a '+', '<' for example. so I googled a bit and found this one. http://www.openldap.org/lists/openldap-software/200407/msg00722.html So you might be missing (or I didnt find it) a special DN escaping function. I added one in the following patch and all the special chars seems to work find in the bind AND search requests. diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c index 1476fa9..e9218ca 100644 --- a/src/auth/db-ldap.c +++ b/src/auth/db-ldap.c @@ -1423,6 +1422,35 @@ db_ldap_value_get_var_expand_table(struct auth_request *auth_request, return table; } + +#define IS_LDAPDN_ESCAPED_CHAR(c) \ + ((c) == '"' || (c) == '+' || (c) == ',' || (c) == '\\' || (c) == '<' || (c) == '>' || (c) == ';') + +const char *ldapdn_escape(const char *str, + const struct auth_request *auth_request ATTR_UNUSED) +{ + const char *p; + string_t *ret; + + for (p = str; *p != '\0'; p++) { + if (IS_LDAPDN_ESCAPED_CHAR(*p)) + break; + } + + if (*p == '\0') + return str; + + ret = t_str_new((size_t) (p - str) + 64); + str_append_n(ret, str, (size_t) (p - str)); + + for (; *p != '\0'; p++) { + if (IS_LDAPDN_ESCAPED_CHAR(*p)) + str_append_c(ret, '\\'); + str_append_c(ret, *p); + } + return str_c(ret); +} + #define IS_LDAP_ESCAPED_CHAR(c) \ ((c) == '*' || (c) == '(' || (c) == ')' || (c) == '\\') diff --git a/src/auth/passdb-ldap.c b/src/auth/passdb-ldap.c index c1c2544..5629d85 100644 --- a/src/auth/passdb-ldap.c +++ b/src/auth/passdb-ldap.c @@ -367,7 +374,7 @@ ldap_verify_plain_auth_bind_userdn(struct auth_request *auth_request, brequest->request.type = LDAP_REQUEST_TYPE_BIND; - vars = auth_request_get_var_expand_table(auth_request, ldap_escape); + vars = auth_request_get_var_expand_table(auth_request, ldapdn_escape); dn = t_str_new(512); var_expand(dn, conn->set.auth_bind_userdn, vars); an ldif file for testing. add them with # slapadd -l filename # cat user.ldif dn: dc=uma,dc=local dc: uma objectClass: dcObject objectClass: domain structuralObjectClass: domain entryUUID: 5cdda309-7ad5-4b03-b981-784c1b7ec27e creatorsName: cn=admin,dc=uma,dc=local createTimestamp: 20160729231019Z entryCSN: 20160729231019.057480Z#000000#000#000000 modifiersName: cn=admin,dc=uma,dc=local modifyTimestamp: 20160729231019Z dn: ou=users,dc=uma,dc=local ou: users objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: cc56753d-09aa-404a-8446-5d0bf75531a3 creatorsName: cn=admin,dc=uma,dc=local createTimestamp: 20160729231019Z entryCSN: 20160729231019.147739Z#000000#000#000000 modifiersName: cn=admin,dc=uma,dc=local modifyTimestamp: 20160729231019Z dn: uid=s\+schmidt,ou=users,dc=uma,dc=local givenName: Stefan uid: s+schmidt sn: Schmidt mail:: cy5zY2htaWR0QHR0dC1wb2ludC5sb2NhbA0= cn: Stefan Schmidt objectClass: person objectClass: inetOrgPerson userPassword:: aW5zZWN1cmU= structuralObjectClass: inetOrgPerson entryUUID: fffad6fe-d083-4ab9-b6c2-da82067d510b creatorsName: cn=admin,dc=uma,dc=local createTimestamp: 20160729231039Z entryCSN: 20160729231039.234641Z#000000#000#000000 modifiersName: cn=admin,dc=uma,dc=local modifyTimestamp: 20160729231039Z dn: uid=m\\mueller,ou=users,dc=uma,dc=local givenName: Melanie uid: m\mueller sn: Mueller mail:: bS5tdWVsbGVyQHR0dC1wb2ludC5sb2NhbA0= cn: Melanie Mueller objectClass: person objectClass: inetOrgPerson userPassword:: aW5zZWN1cmU= structuralObjectClass: inetOrgPerson entryUUID: 6e1a3a14-dd75-4766-a308-44a8437a0139 creatorsName: cn=admin,dc=uma,dc=local createTimestamp: 20160729231039Z entryCSN: 20160729231039.308360Z#000000#000#000000 modifiersName: cn=admin,dc=uma,dc=local modifyTimestamp: 20160729231039Z dn: uid=k(lammer,ou=users,dc=uma,dc=local givenName: karl uid: k(lammer sn: klammer mail:: a0BzcGRldi5sb2NhbA0= cn: karl klammer objectClass: person objectClass: inetOrgPerson userPassword:: aW5zZWN1cmU= structuralObjectClass: inetOrgPerson entryUUID: b5a26caf-62b1-4cf5-985c-3167424d90c7 creatorsName: cn=admin,dc=uma,dc=local createTimestamp: 20160729231039Z entryCSN: 20160729231039.315462Z#000000#000#000000 modifiersName: cn=admin,dc=uma,dc=local modifyTimestamp: 20160729231039Z dn: uid=g\>ross,ou=users,dc=uma,dc=local givenName: v uid: g>ross sn: n mail:: Z0BzcGRldi5sb2NhbA0= cn: v n objectClass: person objectClass: inetOrgPerson userPassword:: aW5zZWN1cmU= structuralObjectClass: inetOrgPerson entryUUID: fb7ad7cc-a028-444c-8109-cfe9dd182b0b creatorsName: cn=admin,dc=uma,dc=local createTimestamp: 20160729231039Z entryCSN: 20160729231039.364040Z#000000#000#000000 modifiersName: cn=admin,dc=uma,dc=local modifyTimestamp: 20160729231039Z dn: uid=mmeier,ou=users,dc=uma,dc=local givenName: Manfred uid: mmeier sn: Meier mail:: bS5tZWllckB0dHQtcG9pbnQubG9jYWwN cn: Manfred Meier objectClass: person objectClass: inetOrgPerson userPassword:: aW5zZWN1cmU= structuralObjectClass: inetOrgPerson entryUUID: 16ef0511-25ed-4001-a1bd-1ad72abbfc02 creatorsName: cn=admin,dc=uma,dc=local createTimestamp: 20160729231039Z entryCSN: 20160729231039.369003Z#000000#000#000000 modifiersName: cn=admin,dc=uma,dc=local modifyTimestamp: 20160729231039Z Greetz On Tue, 26 Jul 2016 13:07:24 +0200 Matthias Lay wrote: > Hi guys, > > > I had a look in the sources about this problem. > > the problem seems to be the ldap_escape function that is called from > > ldap_verify_plain_auth_bind_userdn(..) > > I dont really know if this escaping is needed at this point, but with > this change it works for me. No other problems discovered so far. > > could somebody, who is deeper in the sources give me a hint if > this will make some troubles? > > > Patch for 2.2.16: > > diff --git a/src/auth/passdb-ldap.c b/src/auth/passdb-ldap.c > index c1c2544..10bfe20 100644 > --- a/src/auth/passdb-ldap.c > +++ b/src/auth/passdb-ldap.c > @@ -367,7 +367,7 @@ ldap_verify_plain_auth_bind_userdn(struct > auth_request *auth_request, > brequest->request.type = LDAP_REQUEST_TYPE_BIND; > > - vars = auth_request_get_var_expand_table(auth_request, > ldap_escape); > + vars = auth_request_get_var_expand_table(auth_request, NULL); > dn = t_str_new(512); > var_expand(dn, conn->set.auth_bind_userdn, vars); > From matthias.lay at securepoint.de Tue Aug 2 12:37:07 2016 From: matthias.lay at securepoint.de (Matthias Lay) Date: Tue, 2 Aug 2016 14:37:07 +0200 Subject: [BUG] auth_bind with "()#<>"\:," in username not working In-Reply-To: <20160802143248.002d3c3f@eugen.spdev.local> References: <20160609144856.20d7ee37@eugen.spdev.local> <20160624103351.1a683b24@eugen.spdev.local> <20160726130724.17f6a7b8@eugen.spdev.local> <20160802143248.002d3c3f@eugen.spdev.local> Message-ID: <20160802143707.233f2f22@eugen.spdev.local> sorry forgot password for all test users is "insecure" and you?ll need the function in the header too diff --git a/src/auth/db-ldap.h b/src/auth/db-ldap.h index 8a51081..82ed1b3 100644 --- a/src/auth/db-ldap.h +++ b/src/auth/db-ldap.h @@ -197,6 +197,8 @@ void db_ldap_enable_input(struct ldap_connection *conn, bool enable); const char *ldap_escape(const char *str, const struct auth_request *auth_request); +const char *ldapdn_escape(const char *str, + const struct auth_request *auth_request); const char *ldap_get_error(struct ldap_connection *conn); struct db_ldap_result_iterate_context * On Tue, 2 Aug 2016 14:32:48 +0200 Matthias Lay wrote: > Hi once again, replying to myself > > > I think I tracked down the problem with a local openldap server. > > IMO the point is, you are using a ldap search escaping for a DN > Request which needs another kind of escaping. > the '(' worked well with my NULL-Patch because '(' is a char that > needs escaping for a search filter but not for DN. > > I experienced some more problems with users containing a '+', '<' for > example. so I googled a bit and found this one. > > http://www.openldap.org/lists/openldap-software/200407/msg00722.html > > So you might be missing (or I didnt find it) a special DN escaping > function. I added one in the following patch and all the special chars > seems to work find in the bind AND search requests. > > > > diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c > index 1476fa9..e9218ca 100644 > --- a/src/auth/db-ldap.c > +++ b/src/auth/db-ldap.c > @@ -1423,6 +1422,35 @@ db_ldap_value_get_var_expand_table(struct > auth_request *auth_request, return table; > } > > + > +#define IS_LDAPDN_ESCAPED_CHAR(c) \ > + ((c) == '"' || (c) == '+' || (c) == ',' || (c) == '\\' || (c) > == '<' || (c) == '>' || (c) == ';') + > +const char *ldapdn_escape(const char *str, > + const struct auth_request *auth_request > ATTR_UNUSED) +{ > + const char *p; > + string_t *ret; > + > + for (p = str; *p != '\0'; p++) { > + if (IS_LDAPDN_ESCAPED_CHAR(*p)) > + break; > + } > + > + if (*p == '\0') > + return str; > + > + ret = t_str_new((size_t) (p - str) + 64); > + str_append_n(ret, str, (size_t) (p - str)); > + > + for (; *p != '\0'; p++) { > + if (IS_LDAPDN_ESCAPED_CHAR(*p)) > + str_append_c(ret, '\\'); > + str_append_c(ret, *p); > + } > + return str_c(ret); > +} > + > #define IS_LDAP_ESCAPED_CHAR(c) \ > ((c) == '*' || (c) == '(' || (c) == ')' || (c) == '\\') > > > > > > diff --git a/src/auth/passdb-ldap.c b/src/auth/passdb-ldap.c > index c1c2544..5629d85 100644 > --- a/src/auth/passdb-ldap.c > +++ b/src/auth/passdb-ldap.c > @@ -367,7 +374,7 @@ ldap_verify_plain_auth_bind_userdn(struct > auth_request *auth_request, > brequest->request.type = LDAP_REQUEST_TYPE_BIND; > > - vars = auth_request_get_var_expand_table(auth_request, > ldap_escape); > + vars = auth_request_get_var_expand_table(auth_request, > ldapdn_escape); > dn = t_str_new(512); > var_expand(dn, conn->set.auth_bind_userdn, vars); > > > > > > an ldif file for testing. > add them with > # slapadd -l filename > > > # cat user.ldif > dn: dc=uma,dc=local > dc: uma > objectClass: dcObject > objectClass: domain > structuralObjectClass: domain > entryUUID: 5cdda309-7ad5-4b03-b981-784c1b7ec27e > creatorsName: cn=admin,dc=uma,dc=local > createTimestamp: 20160729231019Z > entryCSN: 20160729231019.057480Z#000000#000#000000 > modifiersName: cn=admin,dc=uma,dc=local > modifyTimestamp: 20160729231019Z > > dn: ou=users,dc=uma,dc=local > ou: users > objectClass: organizationalUnit > structuralObjectClass: organizationalUnit > entryUUID: cc56753d-09aa-404a-8446-5d0bf75531a3 > creatorsName: cn=admin,dc=uma,dc=local > createTimestamp: 20160729231019Z > entryCSN: 20160729231019.147739Z#000000#000#000000 > modifiersName: cn=admin,dc=uma,dc=local > modifyTimestamp: 20160729231019Z > > dn: uid=s\+schmidt,ou=users,dc=uma,dc=local > givenName: Stefan > uid: s+schmidt > sn: Schmidt > mail:: cy5zY2htaWR0QHR0dC1wb2ludC5sb2NhbA0= > cn: Stefan Schmidt > objectClass: person > objectClass: inetOrgPerson > userPassword:: aW5zZWN1cmU= > structuralObjectClass: inetOrgPerson > entryUUID: fffad6fe-d083-4ab9-b6c2-da82067d510b > creatorsName: cn=admin,dc=uma,dc=local > createTimestamp: 20160729231039Z > entryCSN: 20160729231039.234641Z#000000#000#000000 > modifiersName: cn=admin,dc=uma,dc=local > modifyTimestamp: 20160729231039Z > > dn: uid=m\\mueller,ou=users,dc=uma,dc=local > givenName: Melanie > uid: m\mueller > sn: Mueller > mail:: bS5tdWVsbGVyQHR0dC1wb2ludC5sb2NhbA0= > cn: Melanie Mueller > objectClass: person > objectClass: inetOrgPerson > userPassword:: aW5zZWN1cmU= > structuralObjectClass: inetOrgPerson > entryUUID: 6e1a3a14-dd75-4766-a308-44a8437a0139 > creatorsName: cn=admin,dc=uma,dc=local > createTimestamp: 20160729231039Z > entryCSN: 20160729231039.308360Z#000000#000#000000 > modifiersName: cn=admin,dc=uma,dc=local > modifyTimestamp: 20160729231039Z > > dn: uid=k(lammer,ou=users,dc=uma,dc=local > givenName: karl > uid: k(lammer > sn: klammer > mail:: a0BzcGRldi5sb2NhbA0= > cn: karl klammer > objectClass: person > objectClass: inetOrgPerson > userPassword:: aW5zZWN1cmU= > structuralObjectClass: inetOrgPerson > entryUUID: b5a26caf-62b1-4cf5-985c-3167424d90c7 > creatorsName: cn=admin,dc=uma,dc=local > createTimestamp: 20160729231039Z > entryCSN: 20160729231039.315462Z#000000#000#000000 > modifiersName: cn=admin,dc=uma,dc=local > modifyTimestamp: 20160729231039Z > > dn: uid=g\>ross,ou=users,dc=uma,dc=local > givenName: v > uid: g>ross > sn: n > mail:: Z0BzcGRldi5sb2NhbA0= > cn: v n > objectClass: person > objectClass: inetOrgPerson > userPassword:: aW5zZWN1cmU= > structuralObjectClass: inetOrgPerson > entryUUID: fb7ad7cc-a028-444c-8109-cfe9dd182b0b > creatorsName: cn=admin,dc=uma,dc=local > createTimestamp: 20160729231039Z > entryCSN: 20160729231039.364040Z#000000#000#000000 > modifiersName: cn=admin,dc=uma,dc=local > modifyTimestamp: 20160729231039Z > > dn: uid=mmeier,ou=users,dc=uma,dc=local > givenName: Manfred > uid: mmeier > sn: Meier > mail:: bS5tZWllckB0dHQtcG9pbnQubG9jYWwN > cn: Manfred Meier > objectClass: person > objectClass: inetOrgPerson > userPassword:: aW5zZWN1cmU= > structuralObjectClass: inetOrgPerson > entryUUID: 16ef0511-25ed-4001-a1bd-1ad72abbfc02 > creatorsName: cn=admin,dc=uma,dc=local > createTimestamp: 20160729231039Z > entryCSN: 20160729231039.369003Z#000000#000#000000 > modifiersName: cn=admin,dc=uma,dc=local > modifyTimestamp: 20160729231039Z > > > > > Greetz > > > > > On Tue, 26 Jul 2016 13:07:24 +0200 > Matthias Lay wrote: > > > Hi guys, > > > > > > I had a look in the sources about this problem. > > > > the problem seems to be the ldap_escape function that is called from > > > > ldap_verify_plain_auth_bind_userdn(..) > > > > I dont really know if this escaping is needed at this point, but > > with this change it works for me. No other problems discovered so > > far. > > > > could somebody, who is deeper in the sources give me a hint if > > this will make some troubles? > > > > > > Patch for 2.2.16: > > > > diff --git a/src/auth/passdb-ldap.c b/src/auth/passdb-ldap.c > > index c1c2544..10bfe20 100644 > > --- a/src/auth/passdb-ldap.c > > +++ b/src/auth/passdb-ldap.c > > @@ -367,7 +367,7 @@ ldap_verify_plain_auth_bind_userdn(struct > > auth_request *auth_request, > > brequest->request.type = LDAP_REQUEST_TYPE_BIND; > > > > - vars = auth_request_get_var_expand_table(auth_request, > > ldap_escape); > > + vars = auth_request_get_var_expand_table(auth_request, > > NULL); dn = t_str_new(512); > > var_expand(dn, conn->set.auth_bind_userdn, vars); > > > > -- Mit freundlichem Gru? / Best regards, Matthias Lay Head of UMA development Securepoint GmbH Salzstrasse 1 D-21335 L?neburg https://www.securepoint.de Tel.: +49(0)413124010 Fax: +49(0)4131240118 Gesch?ftsf?hrer: Lutz Hausmann, Claudia Hausmann Amtsgericht L?neburg HRB 1776 USt.-ID-Nr.: DE 188 528 597 From goetz.reinicke at filmakademie.de Tue Aug 2 14:26:13 2016 From: goetz.reinicke at filmakademie.de (=?UTF-8?Q?G=c3=b6tz_Reinicke_-_IT_Koordinator?=) Date: Tue, 2 Aug 2016 16:26:13 +0200 Subject: Error: Timeout (180s) while waiting for lock for transaction log file dovecot.index.log Message-ID: Hi, our maildir store is on a NFS share which was working fine for some time with the recommended setting from the dovecot wiki; suddenly today i got informed that one user has login problems to his mails and I have some messages in the logs: Error: Timeout (180s) while waiting for lock for transaction log file ....../Maildir/dovecot.index.log My current guess is a hick up in the network during a router configuration this weekend. My question: How to solve the problem? I can restart the nfs service/server later this day, as well as the mailserver ... as there is a kernel update too. Do I have to initiate some resync or deletion of index or whatsoever files? Thanks for any feedback and regards . G?tz -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5571 bytes Desc: S/MIME Cryptographic Signature URL: From news at mefox.org Tue Aug 2 18:00:05 2016 From: news at mefox.org (Michael Fox) Date: Tue, 2 Aug 2016 11:00:05 -0700 Subject: service-specific userdb affecting lmtp, quota-service In-Reply-To: <01ee01d1ec4b$0223fbb0$066bf310$@mefox.org> References: <01ee01d1ec4b$0223fbb0$066bf310$@mefox.org> Message-ID: <015001d1ece7$b3c6b640$1b5422c0$@mefox.org> Update: I was able to eliminate the /var/log/mail.err error messages (shown below) by creating a userdb.quota-status and userdb.lmtp passwd-file. However, since userdb.pop3 and userdb.imap will have different extra-fields values for namespace (different namespace/xxx/inbox=yes values) I can't simply create userdb.quota-status and userdb.lmtp as the union of userdb.pop3 and userdb.imap. At a minimum, the extra-fields namespace info has to be left out. So this creates the question: For each service, which fields does the userdb need to contain? I can't find that documented anywhere. For example, for the quota-status service, I presume the following are needed: -- username -- home directory (since mail_location = maildir:~/Maildir) -- any "quota=" overrides in the extra-fields -- nothing else Is that right? And I presume userdb.lmtp needs to return: -- username -- home directory (since mail_location = maildir:~/Maildir) -- nothing else Is that right? Thanks, Michael > -----Original Message----- > > The service specific passwd-file userdb is causing quota-status and lmtp > to > fail. > > Using: > userdb { > args = ... /etc/dovecot/auth.d/%d/userdb.%s > } > > I'm getting the following in /var/log/mail.err when I try to send/receive > mail: > > Aug 1 15:46:57 n6mef-gw dovecot: auth: Error: > passwd-file(mefpop at email.n6mef.org): > stat(/etc/dovecot/auth.d/email.n6mef.org/userdb.quota-status) failed: > Address family not supported by protocol > Aug 1 15:47:08 n6mef-gw dovecot: auth: Error: > passwd-file(mefpop at email.n6mef.org): > stat(/etc/dovecot/auth.d/email.n6mef.org/userdb.lmtp) failed: Address > family > not supported by protocol > > I don't have a userdb.quota-status or userdb.lmtp. > > Is there something else that needs to be in the configuration to prevent > these services from needing their own userdb? > > Thanks, > Michael > > > $ doveconf -n > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.16.0-76-generic x86_64 Ubuntu 14.04.4 LTS > auth_mechanisms = cram-md5 > auth_verbose = yes > mail_gid = vmail > mail_location = maildir:~/Maildir > mail_plugins = " quota" > mail_uid = vmail > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = /etc/dovecot/deny-users > deny = yes > driver = passwd-file > } > passdb { > args = scheme=cram-md5 username_format=%n /etc/dovecot/auth.d/%d/passdb > driver = passwd-file > } > plugin { > quota = maildir:User quota > quota_grace = 10%% > quota_rule = *:storage=50MB > quota_rule2 = Trash:storage=+10%% > quota_status_nouser = DUNNO > quota_status_overquota = 552 5.2.2 Mailbox is full > quota_status_success = DUNNO > quota_status_toolarge = 552 5.2.3 Message is too large > quota_warning = storage=90%% quota-warning 90 %n %d > quota_warning2 = storage=75%% quota-warning 75 %n %d > } > pop3_lock_session = yes > protocols = pop3 imap lmtp > service auth { > unix_listener /var/spool/postfix/private/dovecot-auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vmail > mode = 0600 > user = vmail > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service pop3 { > executable = pop3 postlogin > process_limit = 25 > } > service postlogin { > executable = script-login /etc/dovecot/postlogin.sh > group = vmail > user = vmail > } > service quota-status { > client_limit = 1 > executable = quota-status -p postfix > inet_listener { > port = 12340 > } > } > service quota-warning { > executable = /etc/dovecot/quota-warning.sh > user = vmail > } > ssl = required > ssl_cert = ssl_key = ssl_protocols = !SSLv2 !SSLv3 > userdb { > args = username_format=%n /etc/dovecot/auth.d/%d/userdb.%s > default_fields = home=/var/vmail/%d/%n > driver = passwd-file > } > verbose_ssl = yes > protocol lmtp { > postmaster_address = xxxxxxxxxxxxxxxxx > } > protocol imap { > mail_max_userip_connections = 10 > } > protocol pop3 { > mail_max_userip_connections = 1 > } > remote 192.168.7.0/24/24 { > ssl = yes > } > remote 192.168.7.0/27/27 { > ssl = no > } > $ From Olaf.Hopp at kit.edu Tue Aug 2 21:45:10 2016 From: Olaf.Hopp at kit.edu (Olaf Hopp) Date: Tue, 2 Aug 2016 23:45:10 +0200 Subject: SSL connection reset by peer In-Reply-To: <74ad7ea7-573e-81b1-f536-e6df63d31d69@mx24.net> References: <8bbc2e86-7cbf-34ad-be55-17bf47f58987@mx24.net> <94489cea-5a4b-de32-3201-4e096d5762aa@mx24.net> <74ad7ea7-573e-81b1-f536-e6df63d31d69@mx24.net> Message-ID: On 07/27/2016 11:55 PM, Vince42 wrote: > Hi, > > [Steffen Kaiser] - [2016-07-26 09:05] >>>>> I am running a dovecot server and have set up an external >>>>> monitoring, where every five minutes a login with SSL on port >>>>> 993 is done. I usually get once a day an error "connection >>>>> reset by peer - SSL connect", which goes away until the next >>>>> monitor is executed. > >>>> that looks like a basic networking issue to me. Do you have logs >>>> how many users try to connect at this time? Is it always the same >>>> time range? Is the server load very high? > >>> My server has nice specs (in fact a 30 times lower scaled server >>> never had this kind of problems), I also don't host many domains >>> and users, therefore I doubt that some kind of limit might be >>> touched. I also suspected some internal system load, but >>> unfortunately the error occurs arbitrarily, which makes me think >>> that no scheduled process is responsible for this. I also ran 'top' >>> during such an event without any obvious load tasks. The system >>> statistics also show no weird peaks. I read about the "running out >>> of random" phenomenon, but during such an event there were still >>> enough resources random-wise. > >> what about the network itself? Does the monitor crosses a firewall? > > I do not know all the details about my provider's data center, but the > monitor is an internal one running on one of their machines in their > infrastructure. I therefore doubt that this error could be related to > some network issue. The monitor just makes a normal IMAP login and fails > with the SSL error - and a few minutes later everything is fine again. > >>> Could it be that I need to offer more login processes or that I >>> should raise some of my configuration values? The >>> mail_max_userip_connections does not seem to solve the problem. > >> usually you get some warning in the logs, if such limit is reached. > > I desperately searched all kinds of logs - but nothing indicates a > problem that would explain these arbitrary logon errors. I always > thought that I should be more generous with login processes or other > system resources in order to overcome this - but it seems that I am on > the wrong track, if my doveconf -n does not show any oddities. > > I fear I will have to accept this error as being "normal" - which is > really odd as my former server ran for years with the same config > without any warning at all. Maybe the next will do it again ... :))) > Hi Vince, just a shot into the dark: if you are running out of entropy, you might get SSL errors. If this is a virtual machine, there are not many entropy sources. Consider installing alternative entropy sources like haveged(*), available in many distro repos. Regards, Olaf (*) http://www.issihosts.com/haveged/ -- Karlsruher Institut f?r Technologie (KIT) ATIS - Abt. Technische Infrastruktur, Fakult?t f?r Informatik Dipl.-Geophys. Olaf Hopp - Leitung IT-Dienste - Am Fasanengarten 5, Geb?ude 50.34, Raum 009 76131 Karlsruhe Telefon: +49 721 608-43973 Fax: +49 721 608-46699 E-Mail: Olaf.Hopp at kit.edu www.atis.informatik.kit.edu www.kit.edu KIT - Die Forschungsuniversit?t in der Helmholtz-Gemeinschaft Das KIT ist seit 2010 als familiengerechte Hochschule zertifiziert. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5304 bytes Desc: S/MIME Cryptographic Signature URL: From chibi at gol.com Wed Aug 3 04:02:03 2016 From: chibi at gol.com (Christian Balzer) Date: Wed, 3 Aug 2016 13:02:03 +0900 Subject: "Plaintext authentication disallowed on non-secure (SSL/TLS) connections" despite correct configuration to allow this In-Reply-To: <20160802160234.641d9366@batzmaru.gol.ad.jp> References: <20160802160234.641d9366@batzmaru.gol.ad.jp> Message-ID: <20160803130203.25aa1d07@batzmaru.gol.ad.jp> Hello, talking to oneself seems to be all the rage on this ML, so I shall join that trend. As it turns out this was a case of slightly muddled/unclear error messages, the client sees: --- -ERR Plaintext authentication disallowed on non-secure (SSL/TLS) connections. --- But the actual issue was that the newly added "login_source_ips" (the main reason for this upgrade, as we're running out of ports) was not not in the "trusted_networks" of the target mailbox server. So the failure was between proxy and mailbox server, not client and proxy. After adding that network all is working now as expected. Christian On Tue, 2 Aug 2016 16:02:34 +0900 Christian Balzer wrote: > > Hello, > > this is basically a repeat of this query from last year, which > unfortunately got a deafening silence for replies: > --- > http://dovecot.org/pipermail/dovecot/2015-August/101720.html > --- > > I have mostly 2.1.7 (Debian Wheezy) mailbox servers and the current proxies > are also of that vintage. > > So with "ssl=yes" and "disable_plaintext_auth=no" plaintext logins work, > as per the documentation > (http://wiki2.dovecot.org/SSL/DovecotConfiguration) > and historically expected. > > Trying to use a 2.2.24 (Debian Jessie backports) dovecot proy with the > same parameters fails like this: > --- > Aug 2 15:45:57 smtp12 dovecot: pop3-login: proxy(chibixxx at gol.com): Login failed to mbxx.xxx.gol.com:110: Plaintext authentication disallowed on non-secure (SSL/TLS) connections.: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, pid=16066 > --- > > Changing things to "ssl=no" doesn't help and setting trusted networks only > changes the last bit to have "secured" appended but still fails the same > otherwise. > > I really need 2.2.x to behave the same way as before and documented. > > Any ideas and feedback would be most welcome. > > Regards, > > Christian -- Christian Balzer Network/Systems Engineer chibi at gol.com Global OnLine Japan/Rakuten Communications http://www.gol.com/ From skdovecot at smail.inf.fh-brs.de Wed Aug 3 04:44:42 2016 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 3 Aug 2016 06:44:42 +0200 (CEST) Subject: service-specific userdb affecting lmtp, quota-service In-Reply-To: <015001d1ece7$b3c6b640$1b5422c0$@mefox.org> References: <01ee01d1ec4b$0223fbb0$066bf310$@mefox.org> <015001d1ece7$b3c6b640$1b5422c0$@mefox.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 2 Aug 2016, Michael Fox wrote: > Update: > > I was able to eliminate the /var/log/mail.err error messages (shown below) > by creating a userdb.quota-status and userdb.lmtp passwd-file. However, > since userdb.pop3 and userdb.imap will have different extra-fields values > for namespace (different namespace/xxx/inbox=yes values) I can't simply > create userdb.quota-status and userdb.lmtp as the union of userdb.pop3 and > userdb.imap. At a minimum, the extra-fields namespace info has to be left > out. do LMTP and Quota-status fail, if you symlink them to the imap version? > So this creates the question: For each service, which fields does the > userdb need to contain? I can't find that documented anywhere. > > For example, for the quota-status service, I presume the following are > needed: > -- username > -- home directory (since mail_location = maildir:~/Maildir) > -- any "quota=" overrides in the extra-fields > -- nothing else > > Is that right? > > > And I presume userdb.lmtp needs to return: > -- username > -- home directory (since mail_location = maildir:~/Maildir) > -- nothing else > > Is that right? > > Thanks, > Michael > > >> -----Original Message----- >> >> The service specific passwd-file userdb is causing quota-status and lmtp >> to >> fail. >> >> Using: >> userdb { >> args = ... /etc/dovecot/auth.d/%d/userdb.%s >> } >> >> I'm getting the following in /var/log/mail.err when I try to send/receive >> mail: >> >> Aug 1 15:46:57 n6mef-gw dovecot: auth: Error: >> passwd-file(mefpop at email.n6mef.org): >> stat(/etc/dovecot/auth.d/email.n6mef.org/userdb.quota-status) failed: >> Address family not supported by protocol >> Aug 1 15:47:08 n6mef-gw dovecot: auth: Error: >> passwd-file(mefpop at email.n6mef.org): >> stat(/etc/dovecot/auth.d/email.n6mef.org/userdb.lmtp) failed: Address >> family >> not supported by protocol >> >> I don't have a userdb.quota-status or userdb.lmtp. >> >> Is there something else that needs to be in the configuration to prevent >> these services from needing their own userdb? >> >> Thanks, >> Michael >> >> >> $ doveconf -n >> # 2.2.9: /etc/dovecot/dovecot.conf >> # OS: Linux 3.16.0-76-generic x86_64 Ubuntu 14.04.4 LTS >> auth_mechanisms = cram-md5 >> auth_verbose = yes >> mail_gid = vmail >> mail_location = maildir:~/Maildir >> mail_plugins = " quota" >> mail_uid = vmail >> namespace inbox { >> inbox = yes >> location = >> mailbox Drafts { >> special_use = \Drafts >> } >> mailbox Junk { >> special_use = \Junk >> } >> mailbox Sent { >> special_use = \Sent >> } >> mailbox "Sent Messages" { >> special_use = \Sent >> } >> mailbox Trash { >> special_use = \Trash >> } >> prefix = >> } >> passdb { >> args = /etc/dovecot/deny-users >> deny = yes >> driver = passwd-file >> } >> passdb { >> args = scheme=cram-md5 username_format=%n /etc/dovecot/auth.d/%d/passdb >> driver = passwd-file >> } >> plugin { >> quota = maildir:User quota >> quota_grace = 10%% >> quota_rule = *:storage=50MB >> quota_rule2 = Trash:storage=+10%% >> quota_status_nouser = DUNNO >> quota_status_overquota = 552 5.2.2 Mailbox is full >> quota_status_success = DUNNO >> quota_status_toolarge = 552 5.2.3 Message is too large >> quota_warning = storage=90%% quota-warning 90 %n %d >> quota_warning2 = storage=75%% quota-warning 75 %n %d >> } >> pop3_lock_session = yes >> protocols = pop3 imap lmtp >> service auth { >> unix_listener /var/spool/postfix/private/dovecot-auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> unix_listener auth-userdb { >> group = vmail >> mode = 0600 >> user = vmail >> } >> } >> service lmtp { >> unix_listener /var/spool/postfix/private/dovecot-lmtp { >> group = postfix >> mode = 0600 >> user = postfix >> } >> } >> service pop3 { >> executable = pop3 postlogin >> process_limit = 25 >> } >> service postlogin { >> executable = script-login /etc/dovecot/postlogin.sh >> group = vmail >> user = vmail >> } >> service quota-status { >> client_limit = 1 >> executable = quota-status -p postfix >> inet_listener { >> port = 12340 >> } >> } >> service quota-warning { >> executable = /etc/dovecot/quota-warning.sh >> user = vmail >> } >> ssl = required >> ssl_cert = > ssl_key = > ssl_protocols = !SSLv2 !SSLv3 >> userdb { >> args = username_format=%n /etc/dovecot/auth.d/%d/userdb.%s >> default_fields = home=/var/vmail/%d/%n >> driver = passwd-file >> } >> verbose_ssl = yes >> protocol lmtp { >> postmaster_address = xxxxxxxxxxxxxxxxx >> } >> protocol imap { >> mail_max_userip_connections = 10 >> } >> protocol pop3 { >> mail_max_userip_connections = 1 >> } >> remote 192.168.7.0/24/24 { >> ssl = yes >> } >> remote 192.168.7.0/27/27 { >> ssl = no >> } >> $ > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBV6F2unz1H7kL/d9rAQKP0AgArfFBzFeioX/90YBHWJlyOAJT8D+daQWl TRBg8OJo15haoKn6JkzJbtuZHOkV0/YPW09sWKF8e8/6LgIU512HZibE2QkD2cPl 6v5Xt4hxRtDeY7YpdzxegJ1HjoLkGsCiFIc9EXBSxlDIcvnyz74h4FdYIldhwjoY WErisoF3bKzz5vzf609JoB4veu6nK24MMdo7OxvyUlswizAN2AGSbevCLaTVkvsy iXbK4jXgvHyTK26EqNeZ6rCTx1htT4Jk/tsx3Hicg+rbX4JuaUUNRJXkVWLc4haO yJSSleqXjddEiH+UwH9LvNS2fZg99sv8tj/Ad+UHpmWedPMZFOvNGg== =tC1k -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Wed Aug 3 05:10:38 2016 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 3 Aug 2016 07:10:38 +0200 (CEST) Subject: service-specific userdb affecting lmtp, quota-service In-Reply-To: References: <01ee01d1ec4b$0223fbb0$066bf310$@mefox.org> <015001d1ece7$b3c6b640$1b5422c0$@mefox.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 3 Aug 2016, Steffen Kaiser wrote: >> Update: >> >> I was able to eliminate the /var/log/mail.err error messages (shown below) >> by creating a userdb.quota-status and userdb.lmtp passwd-file. However, >> since userdb.pop3 and userdb.imap will have different extra-fields values >> for namespace (different namespace/xxx/inbox=yes values) I can't simply >> create userdb.quota-status and userdb.lmtp as the union of userdb.pop3 and >> userdb.imap. At a minimum, the extra-fields namespace info has to be left >> out. > > do LMTP and Quota-status fail, if you symlink them to the imap version? BTW: your posted conf does not contain the virtual plugin and its namespace. >> So this creates the question: For each service, which fields does the >> userdb need to contain? I can't find that documented anywhere. >> >> For example, for the quota-status service, I presume the following are >> needed: >> -- username >> -- home directory (since mail_location = maildir:~/Maildir) >> -- any "quota=" overrides in the extra-fields >> -- nothing else >> >> Is that right? >> >> >> And I presume userdb.lmtp needs to return: >> -- username >> -- home directory (since mail_location = maildir:~/Maildir) >> -- nothing else >> >> Is that right? >> >> Thanks, >> Michael >> >> >>> -----Original Message----- >>> >>> The service specific passwd-file userdb is causing quota-status and lmtp >>> to >>> fail. >>> >>> Using: >>> userdb { >>> args = ... /etc/dovecot/auth.d/%d/userdb.%s >>> } >>> >>> I'm getting the following in /var/log/mail.err when I try to send/receive >>> mail: >>> >>> Aug 1 15:46:57 n6mef-gw dovecot: auth: Error: >>> passwd-file(mefpop at email.n6mef.org): >>> stat(/etc/dovecot/auth.d/email.n6mef.org/userdb.quota-status) failed: >>> Address family not supported by protocol >>> Aug 1 15:47:08 n6mef-gw dovecot: auth: Error: >>> passwd-file(mefpop at email.n6mef.org): >>> stat(/etc/dovecot/auth.d/email.n6mef.org/userdb.lmtp) failed: Address >>> family >>> not supported by protocol >>> >>> I don't have a userdb.quota-status or userdb.lmtp. >>> >>> Is there something else that needs to be in the configuration to prevent >>> these services from needing their own userdb? >>> >>> Thanks, >>> Michael >>> >>> >>> $ doveconf -n >>> # 2.2.9: /etc/dovecot/dovecot.conf >>> # OS: Linux 3.16.0-76-generic x86_64 Ubuntu 14.04.4 LTS >>> auth_mechanisms = cram-md5 >>> auth_verbose = yes >>> mail_gid = vmail >>> mail_location = maildir:~/Maildir >>> mail_plugins = " quota" >>> mail_uid = vmail >>> namespace inbox { >>> inbox = yes >>> location = >>> mailbox Drafts { >>> special_use = \Drafts >>> } >>> mailbox Junk { >>> special_use = \Junk >>> } >>> mailbox Sent { >>> special_use = \Sent >>> } >>> mailbox "Sent Messages" { >>> special_use = \Sent >>> } >>> mailbox Trash { >>> special_use = \Trash >>> } >>> prefix = >>> } >>> passdb { >>> args = /etc/dovecot/deny-users >>> deny = yes >>> driver = passwd-file >>> } >>> passdb { >>> args = scheme=cram-md5 username_format=%n /etc/dovecot/auth.d/%d/passdb >>> driver = passwd-file >>> } >>> plugin { >>> quota = maildir:User quota >>> quota_grace = 10%% >>> quota_rule = *:storage=50MB >>> quota_rule2 = Trash:storage=+10%% >>> quota_status_nouser = DUNNO >>> quota_status_overquota = 552 5.2.2 Mailbox is full >>> quota_status_success = DUNNO >>> quota_status_toolarge = 552 5.2.3 Message is too large >>> quota_warning = storage=90%% quota-warning 90 %n %d >>> quota_warning2 = storage=75%% quota-warning 75 %n %d >>> } >>> pop3_lock_session = yes >>> protocols = pop3 imap lmtp >>> service auth { >>> unix_listener /var/spool/postfix/private/dovecot-auth { >>> group = postfix >>> mode = 0660 >>> user = postfix >>> } >>> unix_listener auth-userdb { >>> group = vmail >>> mode = 0600 >>> user = vmail >>> } >>> } >>> service lmtp { >>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>> group = postfix >>> mode = 0600 >>> user = postfix >>> } >>> } >>> service pop3 { >>> executable = pop3 postlogin >>> process_limit = 25 >>> } >>> service postlogin { >>> executable = script-login /etc/dovecot/postlogin.sh >>> group = vmail >>> user = vmail >>> } >>> service quota-status { >>> client_limit = 1 >>> executable = quota-status -p postfix >>> inet_listener { >>> port = 12340 >>> } >>> } >>> service quota-warning { >>> executable = /etc/dovecot/quota-warning.sh >>> user = vmail >>> } >>> ssl = required >>> ssl_cert = >> ssl_key = >> ssl_protocols = !SSLv2 !SSLv3 >>> userdb { >>> args = username_format=%n /etc/dovecot/auth.d/%d/userdb.%s >>> default_fields = home=/var/vmail/%d/%n >>> driver = passwd-file >>> } >>> verbose_ssl = yes >>> protocol lmtp { >>> postmaster_address = xxxxxxxxxxxxxxxxx >>> } >>> protocol imap { >>> mail_max_userip_connections = 10 >>> } >>> protocol pop3 { >>> mail_max_userip_connections = 1 >>> } >>> remote 192.168.7.0/24/24 { >>> ssl = yes >>> } >>> remote 192.168.7.0/27/27 { >>> ssl = no >>> } >>> $ >> - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBV6F8znz1H7kL/d9rAQKltAf/bl5r175/Iokd+XxoBnsbT8LUfsCM20/p 0tPsnfz9E75nnFgOTTYYKPhc7zJvA61ZMz+yZ9SIYxce7mfA86AGvg7cpD8/KIfO RnhDuLEmFZbaRqnmrDuJvtbLzg2VargYj65Y0hykeRisdNE/3nh//iPxs/5BQs2z ZRTeJer3UkYae4AxI8E3P+S5fKWbirIJ5mapM28IVw3+uabRED/2TGO5rEuCToLU UMgI3tQKDIp04dqPfZGbsYefzv6azUtQQ/JL7BeSd/YdiJibGxI/yb7Z6zNPwUvJ sn7i6FBKdwT0sirEBfHIk4E+gAZZ0fQMkWq1z8q9C7ImoEgtqsObBg== =0g6C -----END PGP SIGNATURE----- From news at mefox.org Wed Aug 3 06:30:10 2016 From: news at mefox.org (Michael Fox) Date: Tue, 2 Aug 2016 23:30:10 -0700 Subject: service-specific userdb affecting lmtp, quota-service In-Reply-To: References: <01ee01d1ec4b$0223fbb0$066bf310$@mefox.org> <015001d1ece7$b3c6b640$1b5422c0$@mefox.org> Message-ID: <009001d1ed50$7c47ec70$74d7c550$@mefox.org> > On Wed, 3 Aug 2016, Steffen Kaiser wrote: > > >> Update: > >> > >> I was able to eliminate the /var/log/mail.err error messages (shown > below) > >> by creating a userdb.quota-status and userdb.lmtp passwd-file. > However, > >> since userdb.pop3 and userdb.imap will have different extra-fields > values > >> for namespace (different namespace/xxx/inbox=yes values) I can't simply > >> create userdb.quota-status and userdb.lmtp as the union of userdb.pop3 > and > >> userdb.imap. At a minimum, the extra-fields namespace info has to be > left > >> out. > > > > do LMTP and Quota-status fail, if you symlink them to the imap version? I didn't try a symlink because I intend to have separate users in userdb.pop3 and userdb.imap so I can control who has imap access. To allow the two user lists to be independent, I made a unique union of the pop3 and imap userdbs and used that for quota-status and lmtp. > BTW: your posted conf does not contain the virtual plugin and its > namespace. Correct. As I put in the previous email, I didn't get to that point. First, I just commented out the "inbox=yes" declaration from "namespace inbox {}" and then added it to the userdb.imap extra-fields but got an error. How embarrassing. I just discovered a syntax error. I was using: userdb_namespace=/namespace/inbox/inbox=yes Instead of: userdb_namespace/inbox/inbox=yes Now that's working. BTW, it turns out that both quota-status and lmtp need to see the value of inbox=. So I guess all of the userdb.%s files will include userdb_namespace/inbox/inbox=yes, except for userdb.pop3 which will use userdb_namespace/virtual/inbox=yes. Next step is to configure the extra namespaces. Thanks for your help so far Steffen. Michael From mpeters at domblogger.net Thu Aug 4 13:11:56 2016 From: mpeters at domblogger.net (Michael A. Peters) Date: Thu, 4 Aug 2016 06:11:56 -0700 Subject: Dovecot 2.2.25 test failure Message-ID: <83b1e708-8489-2010-2ec8-33a567ff10eb@domblogger.net> Operating system - 64 bit CentOS 7 gcc-4.8.5-4.el7.x86_64 Building against LibreSSL which has been fine for other releases, but it is a crypto test that is fails. Tried with LibreSSL 2.4.2 and 2.3.6 - both the build completes but fails the make check Dovecot 2.2.24 passes make check on both. This is where it fails: Making check in lib-dcrypt make[2]: Entering directory `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' for bin in test-crypto test-stream; do \ if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ done ../../run-test.sh: line 21: 22369 Segmentation fault (core dumped) valgrind -q --trace-children=yes --leak-check=full --suppressions="$supp_path" --log-file=test.out.$$ $* ==22369== Invalid read of size 8 ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) ==22369== by 0x119FC0: test_run (test-common.c:404) ==22369== by 0x113461: main (test-crypto.c:554) ==22369== Address 0x8 is not stack'd, malloc'd or (recently) free'd ==22369== ==22369== ==22369== Process terminating with default action of signal 11 (SIGSEGV) ==22369== Access not within mapped region at address 0x8 ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) ==22369== by 0x119FC0: test_run (test-common.c:404) ==22369== by 0x113461: main (test-crypto.c:554) ==22369== If you believe this happened as a result of a stack ==22369== overflow in your program's main thread (unlikely but ==22369== possible), you can try to increase the size of the ==22369== main thread stack using the --main-stacksize= flag. ==22369== The main thread stack size used in this run was 8388608. Failed to run: ./test-crypto make[2]: *** [check-test] Error 1 make[2]: Leaving directory `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src' make: *** [check-recursive] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.Il5fdU (%check) Thanks for suggestions. From aki.tuomi at dovecot.fi Thu Aug 4 13:13:58 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Thu, 4 Aug 2016 16:13:58 +0300 Subject: Dovecot 2.2.25 test failure In-Reply-To: <83b1e708-8489-2010-2ec8-33a567ff10eb@domblogger.net> References: <83b1e708-8489-2010-2ec8-33a567ff10eb@domblogger.net> Message-ID: On 04.08.2016 16:11, Michael A. Peters wrote: > Operating system - 64 bit CentOS 7 > gcc-4.8.5-4.el7.x86_64 > > Building against LibreSSL which has been fine for other releases, but > it is a crypto test that is fails. > > Tried with LibreSSL 2.4.2 and 2.3.6 - both the build completes but > fails the make check > > Dovecot 2.2.24 passes make check on both. > > This is where it fails: > > Making check in lib-dcrypt > make[2]: Entering directory > `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' > for bin in test-crypto test-stream; do \ > if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ > done > ../../run-test.sh: line 21: 22369 Segmentation fault (core > dumped) valgrind -q --trace-children=yes --leak-check=full > --suppressions="$supp_path" --log-file=test.out.$$ $* > ==22369== Invalid read of size 8 > ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) > ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) > ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) > ==22369== by 0x119FC0: test_run (test-common.c:404) > ==22369== by 0x113461: main (test-crypto.c:554) > ==22369== Address 0x8 is not stack'd, malloc'd or (recently) free'd > ==22369== > ==22369== > ==22369== Process terminating with default action of signal 11 (SIGSEGV) > ==22369== Access not within mapped region at address 0x8 > ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) > ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) > ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) > ==22369== by 0x119FC0: test_run (test-common.c:404) > ==22369== by 0x113461: main (test-crypto.c:554) > ==22369== If you believe this happened as a result of a stack > ==22369== overflow in your program's main thread (unlikely but > ==22369== possible), you can try to increase the size of the > ==22369== main thread stack using the --main-stacksize= flag. > ==22369== The main thread stack size used in this run was 8388608. > Failed to run: ./test-crypto > make[2]: *** [check-test] Error 1 > make[2]: Leaving directory > `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' > make[1]: *** [check-recursive] Error 1 > make[1]: Leaving directory > `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src' > make: *** [check-recursive] Error 1 > error: Bad exit status from /var/tmp/rpm-tmp.Il5fdU (%check) > > Thanks for suggestions. Hi! can you please provide stack trace with gdb? gdb ./test-crypto r bt full Aki From mpeters at domblogger.net Thu Aug 4 13:19:13 2016 From: mpeters at domblogger.net (Michael A. Peters) Date: Thu, 4 Aug 2016 06:19:13 -0700 Subject: Dovecot 2.2.25 test failure In-Reply-To: References: <83b1e708-8489-2010-2ec8-33a567ff10eb@domblogger.net> Message-ID: <5394da06-9cff-97a7-3859-6cb14411bfa1@domblogger.net> On 08/04/2016 06:13 AM, Aki Tuomi wrote: > > > On 04.08.2016 16:11, Michael A. Peters wrote: >> Operating system - 64 bit CentOS 7 >> gcc-4.8.5-4.el7.x86_64 >> >> Building against LibreSSL which has been fine for other releases, but >> it is a crypto test that is fails. >> >> Tried with LibreSSL 2.4.2 and 2.3.6 - both the build completes but >> fails the make check >> >> Dovecot 2.2.24 passes make check on both. >> >> This is where it fails: >> >> Making check in lib-dcrypt >> make[2]: Entering directory >> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' >> for bin in test-crypto test-stream; do \ >> if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ >> done >> ../../run-test.sh: line 21: 22369 Segmentation fault (core >> dumped) valgrind -q --trace-children=yes --leak-check=full >> --suppressions="$supp_path" --log-file=test.out.$$ $* >> ==22369== Invalid read of size 8 >> ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) >> ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) >> ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) >> ==22369== by 0x119FC0: test_run (test-common.c:404) >> ==22369== by 0x113461: main (test-crypto.c:554) >> ==22369== Address 0x8 is not stack'd, malloc'd or (recently) free'd >> ==22369== >> ==22369== >> ==22369== Process terminating with default action of signal 11 (SIGSEGV) >> ==22369== Access not within mapped region at address 0x8 >> ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) >> ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) >> ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) >> ==22369== by 0x119FC0: test_run (test-common.c:404) >> ==22369== by 0x113461: main (test-crypto.c:554) >> ==22369== If you believe this happened as a result of a stack >> ==22369== overflow in your program's main thread (unlikely but >> ==22369== possible), you can try to increase the size of the >> ==22369== main thread stack using the --main-stacksize= flag. >> ==22369== The main thread stack size used in this run was 8388608. >> Failed to run: ./test-crypto >> make[2]: *** [check-test] Error 1 >> make[2]: Leaving directory >> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' >> make[1]: *** [check-recursive] Error 1 >> make[1]: Leaving directory >> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src' >> make: *** [check-recursive] Error 1 >> error: Bad exit status from /var/tmp/rpm-tmp.Il5fdU (%check) >> >> Thanks for suggestions. > > Hi! > > can you please provide stack trace with gdb? > > gdb ./test-crypto > r > bt full > > Aki > [alice at pern lib-dcrypt]$ gdb ./test-crypto GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-80.el7 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt/test-crypto...done. (gdb) r Starting program: /home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt/./test-crypto Program received signal SIGSEGV, Segmentation fault. 0x000055555555fa47 in dcrypt_ctx_sym_create (algorithm=0x55555557c12e "AES-128-CBC", mode=DCRYPT_MODE_ENCRYPT, ctx_r=0x7fffffffdf30, error_r=0x0) at dcrypt.c:61 61 return dcrypt_vfs->ctx_sym_create(algorithm, mode, ctx_r, error_r); Missing separate debuginfos, use: debuginfo-install glibc-2.17-106.el7_2.6.x86_64 (gdb) bt full #0 0x000055555555fa47 in dcrypt_ctx_sym_create (algorithm=0x55555557c12e "AES-128-CBC", mode=DCRYPT_MODE_ENCRYPT, ctx_r=0x7fffffffdf30, error_r=0x0) at dcrypt.c:61 No locals. #1 0x0000555555565195 in test_cipher_test_vectors () at test-crypto.c:60 ctx = 0x57a6911f i = 0 vectors = {{key = 0x55555557dd48 "2b7e151628aed2a6abf7158809cf4f3c", iv = 0x55555557dd70 "000102030405060708090a0b0c0d0e0f", pt = 0x55555557dd98 "6bc1bee22e409f96e93d7e117393172a", ct = 0x55555557ddc0 "7649abac8119b246cee98e9b12e9197d"}, {key = 0x55555557dd48 "2b7e151628aed2a6abf7158809cf4f3c", iv = 0x55555557dde8 "7649ABAC8119B246CEE98E9B12E9197D", pt = 0x55555557de10 "ae2d8a571e03ac9c9eb76fac45af8e51", ct = 0x55555557de38 "5086cb9b507219ee95db113a917678b2"}} key = 0x55555578e0f0 iv = 0x55555578e158 pt = 0x55555578e1c0 ct = 0x55555578e228 res_enc = 0x55555578e290 res_dec = 0x55555578e308 #2 0x00005555555656f1 in test_run_funcs (test_functions=test_functions at entry=0x55555578b020 ) at test-common.c:354 _data_stack_cur_id = 2 i = 0 #3 0x0000555555565fc1 in test_run (test_functions=0x55555578b020 ) at test-common.c:404 No locals. #4 0x000055555555f462 in main () at test-crypto.c:554 test_functions = {0x555555565050 , 0x555555564b90 , 0x555555564970 , 0x555555563990 , 0x555555564660 , 0x5555555643b0 , 0x555555563f90 , 0x555555563840 , 0x555555563670 , 0x555555563280 , 0x0} ret = (gdb) From aki.tuomi at dovecot.fi Thu Aug 4 13:50:57 2016 From: aki.tuomi at dovecot.fi (aki.tuomi at dovecot.fi) Date: Thu, 4 Aug 2016 16:50:57 +0300 (EEST) Subject: Dovecot 2.2.25 test failure In-Reply-To: <5394da06-9cff-97a7-3859-6cb14411bfa1@domblogger.net> References: <83b1e708-8489-2010-2ec8-33a567ff10eb@domblogger.net> <5394da06-9cff-97a7-3859-6cb14411bfa1@domblogger.net> Message-ID: <1791498613.5182.1470318657773@appsuite-dev.open-xchange.com> > On August 4, 2016 at 4:19 PM "Michael A. Peters" wrote: > > > On 08/04/2016 06:13 AM, Aki Tuomi wrote: > > > > > > On 04.08.2016 16:11, Michael A. Peters wrote: > >> Operating system - 64 bit CentOS 7 > >> gcc-4.8.5-4.el7.x86_64 > >> > >> Building against LibreSSL which has been fine for other releases, but > >> it is a crypto test that is fails. > >> > >> Tried with LibreSSL 2.4.2 and 2.3.6 - both the build completes but > >> fails the make check > >> > >> Dovecot 2.2.24 passes make check on both. > >> > >> This is where it fails: > >> > >> Making check in lib-dcrypt > >> make[2]: Entering directory > >> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' > >> for bin in test-crypto test-stream; do \ > >> if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ > >> done > >> ../../run-test.sh: line 21: 22369 Segmentation fault (core > >> dumped) valgrind -q --trace-children=yes --leak-check=full > >> --suppressions="$supp_path" --log-file=test.out.$$ $* > >> ==22369== Invalid read of size 8 > >> ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) > >> ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) > >> ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) > >> ==22369== by 0x119FC0: test_run (test-common.c:404) > >> ==22369== by 0x113461: main (test-crypto.c:554) > >> ==22369== Address 0x8 is not stack'd, malloc'd or (recently) free'd > >> ==22369== > >> ==22369== > >> ==22369== Process terminating with default action of signal 11 (SIGSEGV) > >> ==22369== Access not within mapped region at address 0x8 > >> ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) > >> ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) > >> ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) > >> ==22369== by 0x119FC0: test_run (test-common.c:404) > >> ==22369== by 0x113461: main (test-crypto.c:554) > >> ==22369== If you believe this happened as a result of a stack > >> ==22369== overflow in your program's main thread (unlikely but > >> ==22369== possible), you can try to increase the size of the > >> ==22369== main thread stack using the --main-stacksize= flag. > >> ==22369== The main thread stack size used in this run was 8388608. > >> Failed to run: ./test-crypto > >> make[2]: *** [check-test] Error 1 > >> make[2]: Leaving directory > >> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' > >> make[1]: *** [check-recursive] Error 1 > >> make[1]: Leaving directory > >> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src' > >> make: *** [check-recursive] Error 1 > >> error: Bad exit status from /var/tmp/rpm-tmp.Il5fdU (%check) > >> > >> Thanks for suggestions. > > > > Hi! > > > > can you please provide stack trace with gdb? > > > > gdb ./test-crypto > > r > > bt full > > > > Aki > > > > [alice at pern lib-dcrypt]$ gdb ./test-crypto > GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-80.el7 > Copyright (C) 2013 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-redhat-linux-gnu". > For bug reporting instructions, please see: > ... > Reading symbols from > /home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt/test-crypto...done. > (gdb) r > Starting program: > /home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt/./test-crypto > > Program received signal SIGSEGV, Segmentation fault. > 0x000055555555fa47 in dcrypt_ctx_sym_create (algorithm=0x55555557c12e > "AES-128-CBC", mode=DCRYPT_MODE_ENCRYPT, ctx_r=0x7fffffffdf30, > error_r=0x0) at dcrypt.c:61 > 61 return dcrypt_vfs->ctx_sym_create(algorithm, mode, ctx_r, error_r); > Missing separate debuginfos, use: debuginfo-install > glibc-2.17-106.el7_2.6.x86_64 > (gdb) bt full > #0 0x000055555555fa47 in dcrypt_ctx_sym_create > (algorithm=0x55555557c12e "AES-128-CBC", mode=DCRYPT_MODE_ENCRYPT, > ctx_r=0x7fffffffdf30, error_r=0x0) at dcrypt.c:61 > No locals. Can you p dcrypt_vfs? Aki From mpeters at domblogger.net Thu Aug 4 13:53:15 2016 From: mpeters at domblogger.net (Michael A. Peters) Date: Thu, 4 Aug 2016 06:53:15 -0700 Subject: Dovecot 2.2.25 test failure In-Reply-To: <1791498613.5182.1470318657773@appsuite-dev.open-xchange.com> References: <83b1e708-8489-2010-2ec8-33a567ff10eb@domblogger.net> <5394da06-9cff-97a7-3859-6cb14411bfa1@domblogger.net> <1791498613.5182.1470318657773@appsuite-dev.open-xchange.com> Message-ID: <1d28610b-3c09-85a0-fdc2-237cbad90915@domblogger.net> On 08/04/2016 06:50 AM, aki.tuomi at dovecot.fi wrote: > >> On August 4, 2016 at 4:19 PM "Michael A. Peters" wrote: >> >> >> On 08/04/2016 06:13 AM, Aki Tuomi wrote: >>> >>> >>> On 04.08.2016 16:11, Michael A. Peters wrote: >>>> Operating system - 64 bit CentOS 7 >>>> gcc-4.8.5-4.el7.x86_64 >>>> >>>> Building against LibreSSL which has been fine for other releases, but >>>> it is a crypto test that is fails. >>>> >>>> Tried with LibreSSL 2.4.2 and 2.3.6 - both the build completes but >>>> fails the make check >>>> >>>> Dovecot 2.2.24 passes make check on both. >>>> >>>> This is where it fails: >>>> >>>> Making check in lib-dcrypt >>>> make[2]: Entering directory >>>> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' >>>> for bin in test-crypto test-stream; do \ >>>> if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ >>>> done >>>> ../../run-test.sh: line 21: 22369 Segmentation fault (core >>>> dumped) valgrind -q --trace-children=yes --leak-check=full >>>> --suppressions="$supp_path" --log-file=test.out.$$ $* >>>> ==22369== Invalid read of size 8 >>>> ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) >>>> ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) >>>> ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) >>>> ==22369== by 0x119FC0: test_run (test-common.c:404) >>>> ==22369== by 0x113461: main (test-crypto.c:554) >>>> ==22369== Address 0x8 is not stack'd, malloc'd or (recently) free'd >>>> ==22369== >>>> ==22369== >>>> ==22369== Process terminating with default action of signal 11 (SIGSEGV) >>>> ==22369== Access not within mapped region at address 0x8 >>>> ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) >>>> ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) >>>> ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) >>>> ==22369== by 0x119FC0: test_run (test-common.c:404) >>>> ==22369== by 0x113461: main (test-crypto.c:554) >>>> ==22369== If you believe this happened as a result of a stack >>>> ==22369== overflow in your program's main thread (unlikely but >>>> ==22369== possible), you can try to increase the size of the >>>> ==22369== main thread stack using the --main-stacksize= flag. >>>> ==22369== The main thread stack size used in this run was 8388608. >>>> Failed to run: ./test-crypto >>>> make[2]: *** [check-test] Error 1 >>>> make[2]: Leaving directory >>>> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' >>>> make[1]: *** [check-recursive] Error 1 >>>> make[1]: Leaving directory >>>> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src' >>>> make: *** [check-recursive] Error 1 >>>> error: Bad exit status from /var/tmp/rpm-tmp.Il5fdU (%check) >>>> >>>> Thanks for suggestions. >>> >>> Hi! >>> >>> can you please provide stack trace with gdb? >>> >>> gdb ./test-crypto >>> r >>> bt full >>> >>> Aki >>> >> >> [alice at pern lib-dcrypt]$ gdb ./test-crypto >> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-80.el7 >> Copyright (C) 2013 Free Software Foundation, Inc. >> License GPLv3+: GNU GPL version 3 or later >> >> This is free software: you are free to change and redistribute it. >> There is NO WARRANTY, to the extent permitted by law. Type "show copying" >> and "show warranty" for details. >> This GDB was configured as "x86_64-redhat-linux-gnu". >> For bug reporting instructions, please see: >> ... >> Reading symbols from >> /home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt/test-crypto...done. >> (gdb) r >> Starting program: >> /home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt/./test-crypto >> >> Program received signal SIGSEGV, Segmentation fault. >> 0x000055555555fa47 in dcrypt_ctx_sym_create (algorithm=0x55555557c12e >> "AES-128-CBC", mode=DCRYPT_MODE_ENCRYPT, ctx_r=0x7fffffffdf30, >> error_r=0x0) at dcrypt.c:61 >> 61 return dcrypt_vfs->ctx_sym_create(algorithm, mode, ctx_r, error_r); >> Missing separate debuginfos, use: debuginfo-install >> glibc-2.17-106.el7_2.6.x86_64 >> (gdb) bt full >> #0 0x000055555555fa47 in dcrypt_ctx_sym_create >> (algorithm=0x55555557c12e "AES-128-CBC", mode=DCRYPT_MODE_ENCRYPT, >> ctx_r=0x7fffffffdf30, error_r=0x0) at dcrypt.c:61 >> No locals. > > Can you p dcrypt_vfs? > > Aki > (gdb) p dcrypt_vfs $1 = (struct dcrypt_vfs *) 0x0 (gdb) From daniel.colchete at gmail.com Thu Aug 4 14:03:18 2016 From: daniel.colchete at gmail.com (Daniel van Ham Colchete) Date: Thu, 4 Aug 2016 11:03:18 -0300 Subject: Attachment Storage problems Message-ID: Guys, I started using single instance attachment storage a while ago but I had too many problems with it. My logs are filled with errors like: Aug 03 18:41:38 imap(user at domain): Error: read(attachments-connector(zlib(/srv/dovecot/mdbox/domain/user/storage/m.2))) failed: read(/srv/dovecot/attach/domain/5f/03/5f03f1d7da846fe9268473cae5219ae31019fd540dc67f58596d8390be4a0f2256158b1e9ba327841c513a6d927dbe9b767b7ad94f8ae5772674cccb3124b69d-7be2ef0e97036457c52000009331bd36[base64:19 b/l]) failed: open(/srv/dovecot/attach/domain/5f/03/5f03f1d7da846fe9268473cae5219ae31019fd540dc67f58596d8390be4a0f2256158b1e9ba327841c513a6d927dbe9b767b7ad94f8ae5772674cccb3124b69d-7be2ef0e97036457c52000009331bd36) failed: No such file or directory (uid=23484, box=INBOX) The funny thing is that the directory /srv/dovecot/attach/domain/5f/03/ doesn't even exist! So, I would like to stop using it and my question is: how? First we would need to stop writting things there while still reading it. How can I tell dovecot to stop using it on new e-mail? Second would be a dsync-like migration reinserting the attachments on the messages back. How can I do that? Most importantly, what do I do with the messages that lost attachments? Thank you very much. Best, Daniel Colchete From dovecot at paz.bz Thu Aug 4 15:05:37 2016 From: dovecot at paz.bz (Jim Pazarena) Date: Thu, 4 Aug 2016 08:05:37 -0700 Subject: file/folder perms permissions Message-ID: <69c2a4e6-ee15-6dfe-b875-9f3d7a5517fd@paz.bz> Forgive me if I am blind, but I cannot find default folder permissions. For the home directories, with the sub of mail: and deeper, I see some files with 660, some with 600, some folders with 770 some with 660 I am a bit confused. I manually messed with some files, and my MUA complained about permissions. So I got that mess fixed, and in doing so I noticed the seemingly contradictory permissions. Thanks! From aki.tuomi at dovecot.fi Thu Aug 4 16:38:53 2016 From: aki.tuomi at dovecot.fi (aki.tuomi at dovecot.fi) Date: Thu, 4 Aug 2016 19:38:53 +0300 (EEST) Subject: Dovecot 2.2.25 test failure In-Reply-To: <1d28610b-3c09-85a0-fdc2-237cbad90915@domblogger.net> References: <83b1e708-8489-2010-2ec8-33a567ff10eb@domblogger.net> <5394da06-9cff-97a7-3859-6cb14411bfa1@domblogger.net> <1791498613.5182.1470318657773@appsuite-dev.open-xchange.com> <1d28610b-3c09-85a0-fdc2-237cbad90915@domblogger.net> Message-ID: <1897226546.5293.1470328733782@appsuite-dev.open-xchange.com> > On August 4, 2016 at 4:53 PM "Michael A. Peters" wrote: > > > On 08/04/2016 06:50 AM, aki.tuomi at dovecot.fi wrote: > > > >> On August 4, 2016 at 4:19 PM "Michael A. Peters" wrote: > >> > >> > >> On 08/04/2016 06:13 AM, Aki Tuomi wrote: > >>> > >>> > >>> On 04.08.2016 16:11, Michael A. Peters wrote: > >>>> Operating system - 64 bit CentOS 7 > >>>> gcc-4.8.5-4.el7.x86_64 > >>>> > >>>> Building against LibreSSL which has been fine for other releases, but > >>>> it is a crypto test that is fails. > >>>> > >>>> Tried with LibreSSL 2.4.2 and 2.3.6 - both the build completes but > >>>> fails the make check > >>>> > >>>> Dovecot 2.2.24 passes make check on both. > >>>> > >>>> This is where it fails: > >>>> > >>>> Making check in lib-dcrypt > >>>> make[2]: Entering directory > >>>> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' > >>>> for bin in test-crypto test-stream; do \ > >>>> if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ > >>>> done > >>>> ../../run-test.sh: line 21: 22369 Segmentation fault (core > >>>> dumped) valgrind -q --trace-children=yes --leak-check=full > >>>> --suppressions="$supp_path" --log-file=test.out.$$ $* > >>>> ==22369== Invalid read of size 8 > >>>> ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) > >>>> ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) > >>>> ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) > >>>> ==22369== by 0x119FC0: test_run (test-common.c:404) > >>>> ==22369== by 0x113461: main (test-crypto.c:554) > >>>> ==22369== Address 0x8 is not stack'd, malloc'd or (recently) free'd > >>>> ==22369== > >>>> ==22369== > >>>> ==22369== Process terminating with default action of signal 11 (SIGSEGV) > >>>> ==22369== Access not within mapped region at address 0x8 > >>>> ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) > >>>> ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) > >>>> ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) > >>>> ==22369== by 0x119FC0: test_run (test-common.c:404) > >>>> ==22369== by 0x113461: main (test-crypto.c:554) > >>>> ==22369== If you believe this happened as a result of a stack > >>>> ==22369== overflow in your program's main thread (unlikely but > >>>> ==22369== possible), you can try to increase the size of the > >>>> ==22369== main thread stack using the --main-stacksize= flag. > >>>> ==22369== The main thread stack size used in this run was 8388608. > >>>> Failed to run: ./test-crypto > >>>> make[2]: *** [check-test] Error 1 > >>>> make[2]: Leaving directory > >>>> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' > >>>> make[1]: *** [check-recursive] Error 1 > >>>> make[1]: Leaving directory > >>>> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src' > >>>> make: *** [check-recursive] Error 1 > >>>> error: Bad exit status from /var/tmp/rpm-tmp.Il5fdU (%check) > >>>> > >>>> Thanks for suggestions. > >>> > >>> Hi! > >>> > >>> can you please provide stack trace with gdb? > >>> > >>> gdb ./test-crypto > >>> r > >>> bt full > >>> > >>> Aki > >>> > >> > >> [alice at pern lib-dcrypt]$ gdb ./test-crypto > >> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-80.el7 > >> Copyright (C) 2013 Free Software Foundation, Inc. > >> License GPLv3+: GNU GPL version 3 or later > >> > >> This is free software: you are free to change and redistribute it. > >> There is NO WARRANTY, to the extent permitted by law. Type "show copying" > >> and "show warranty" for details. > >> This GDB was configured as "x86_64-redhat-linux-gnu". > >> For bug reporting instructions, please see: > >> ... > >> Reading symbols from > >> /home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt/test-crypto...done. > >> (gdb) r > >> Starting program: > >> /home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt/./test-crypto > >> > >> Program received signal SIGSEGV, Segmentation fault. > >> 0x000055555555fa47 in dcrypt_ctx_sym_create (algorithm=0x55555557c12e > >> "AES-128-CBC", mode=DCRYPT_MODE_ENCRYPT, ctx_r=0x7fffffffdf30, > >> error_r=0x0) at dcrypt.c:61 > >> 61 return dcrypt_vfs->ctx_sym_create(algorithm, mode, ctx_r, error_r); > >> Missing separate debuginfos, use: debuginfo-install > >> glibc-2.17-106.el7_2.6.x86_64 > >> (gdb) bt full > >> #0 0x000055555555fa47 in dcrypt_ctx_sym_create > >> (algorithm=0x55555557c12e "AES-128-CBC", mode=DCRYPT_MODE_ENCRYPT, > >> ctx_r=0x7fffffffdf30, error_r=0x0) at dcrypt.c:61 > >> No locals. > > > > Can you p dcrypt_vfs? > > > > Aki > > > > (gdb) p dcrypt_vfs > $1 = (struct dcrypt_vfs *) 0x0 > (gdb) Af. This problem is because there is no openssl backend built with dcrypt, as we don't have libressl support officially. I'll add code that checks that if dcrypt initialization fails, the tests are skipped. Aki From aki.tuomi at dovecot.fi Thu Aug 4 17:31:07 2016 From: aki.tuomi at dovecot.fi (aki.tuomi at dovecot.fi) Date: Thu, 4 Aug 2016 20:31:07 +0300 (EEST) Subject: Dovecot 2.2.25 test failure In-Reply-To: <1897226546.5293.1470328733782@appsuite-dev.open-xchange.com> References: <83b1e708-8489-2010-2ec8-33a567ff10eb@domblogger.net> <5394da06-9cff-97a7-3859-6cb14411bfa1@domblogger.net> <1791498613.5182.1470318657773@appsuite-dev.open-xchange.com> <1d28610b-3c09-85a0-fdc2-237cbad90915@domblogger.net> <1897226546.5293.1470328733782@appsuite-dev.open-xchange.com> Message-ID: <566690910.5314.1470331868043@appsuite-dev.open-xchange.com> > On August 4, 2016 at 7:38 PM aki.tuomi at dovecot.fi wrote: > > > > > On August 4, 2016 at 4:53 PM "Michael A. Peters" wrote: > > > > > > On 08/04/2016 06:50 AM, aki.tuomi at dovecot.fi wrote: > > > > > >> On August 4, 2016 at 4:19 PM "Michael A. Peters" wrote: > > >> > > >> > > >> On 08/04/2016 06:13 AM, Aki Tuomi wrote: > > >>> > > >>> > > >>> On 04.08.2016 16:11, Michael A. Peters wrote: > > >>>> Operating system - 64 bit CentOS 7 > > >>>> gcc-4.8.5-4.el7.x86_64 > > >>>> > > >>>> Building against LibreSSL which has been fine for other releases, but > > >>>> it is a crypto test that is fails. > > >>>> > > >>>> Tried with LibreSSL 2.4.2 and 2.3.6 - both the build completes but > > >>>> fails the make check > > >>>> > > >>>> Dovecot 2.2.24 passes make check on both. > > >>>> > > >>>> This is where it fails: > > >>>> > > >>>> Making check in lib-dcrypt > > >>>> make[2]: Entering directory > > >>>> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' > > >>>> for bin in test-crypto test-stream; do \ > > >>>> if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ > > >>>> done > > >>>> ../../run-test.sh: line 21: 22369 Segmentation fault (core > > >>>> dumped) valgrind -q --trace-children=yes --leak-check=full > > >>>> --suppressions="$supp_path" --log-file=test.out.$$ $* > > >>>> ==22369== Invalid read of size 8 > > >>>> ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) > > >>>> ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) > > >>>> ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) > > >>>> ==22369== by 0x119FC0: test_run (test-common.c:404) > > >>>> ==22369== by 0x113461: main (test-crypto.c:554) > > >>>> ==22369== Address 0x8 is not stack'd, malloc'd or (recently) free'd > > >>>> ==22369== > > >>>> ==22369== > > >>>> ==22369== Process terminating with default action of signal 11 (SIGSEGV) > > >>>> ==22369== Access not within mapped region at address 0x8 > > >>>> ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) > > >>>> ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) > > >>>> ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) > > >>>> ==22369== by 0x119FC0: test_run (test-common.c:404) > > >>>> ==22369== by 0x113461: main (test-crypto.c:554) > > >>>> ==22369== If you believe this happened as a result of a stack > > >>>> ==22369== overflow in your program's main thread (unlikely but > > >>>> ==22369== possible), you can try to increase the size of the > > >>>> ==22369== main thread stack using the --main-stacksize= flag. > > >>>> ==22369== The main thread stack size used in this run was 8388608. > > >>>> Failed to run: ./test-crypto > > >>>> make[2]: *** [check-test] Error 1 > > >>>> make[2]: Leaving directory > > >>>> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' > > >>>> make[1]: *** [check-recursive] Error 1 > > >>>> make[1]: Leaving directory > > >>>> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src' > > >>>> make: *** [check-recursive] Error 1 > > >>>> error: Bad exit status from /var/tmp/rpm-tmp.Il5fdU (%check) > > >>>> > > >>>> Thanks for suggestions. > > >>> > > >>> Hi! > > >>> > > >>> can you please provide stack trace with gdb? > > >>> > > >>> gdb ./test-crypto > > >>> r > > >>> bt full > > >>> > > >>> Aki > > >>> > > >> > > >> [alice at pern lib-dcrypt]$ gdb ./test-crypto > > >> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-80.el7 > > >> Copyright (C) 2013 Free Software Foundation, Inc. > > >> License GPLv3+: GNU GPL version 3 or later > > >> > > >> This is free software: you are free to change and redistribute it. > > >> There is NO WARRANTY, to the extent permitted by law. Type "show copying" > > >> and "show warranty" for details. > > >> This GDB was configured as "x86_64-redhat-linux-gnu". > > >> For bug reporting instructions, please see: > > >> ... > > >> Reading symbols from > > >> /home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt/test-crypto...done. > > >> (gdb) r > > >> Starting program: > > >> /home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt/./test-crypto > > >> > > >> Program received signal SIGSEGV, Segmentation fault. > > >> 0x000055555555fa47 in dcrypt_ctx_sym_create (algorithm=0x55555557c12e > > >> "AES-128-CBC", mode=DCRYPT_MODE_ENCRYPT, ctx_r=0x7fffffffdf30, > > >> error_r=0x0) at dcrypt.c:61 > > >> 61 return dcrypt_vfs->ctx_sym_create(algorithm, mode, ctx_r, error_r); > > >> Missing separate debuginfos, use: debuginfo-install > > >> glibc-2.17-106.el7_2.6.x86_64 > > >> (gdb) bt full > > >> #0 0x000055555555fa47 in dcrypt_ctx_sym_create > > >> (algorithm=0x55555557c12e "AES-128-CBC", mode=DCRYPT_MODE_ENCRYPT, > > >> ctx_r=0x7fffffffdf30, error_r=0x0) at dcrypt.c:61 > > >> No locals. > > > > > > Can you p dcrypt_vfs? > > > > > > Aki > > > > > > > (gdb) p dcrypt_vfs > > $1 = (struct dcrypt_vfs *) 0x0 > > (gdb) > > Af. This problem is because there is no openssl backend built with dcrypt, as we don't have libressl support officially. I'll add code that checks that if dcrypt initialization fails, the tests are skipped. > > Aki Fixed in https://github.com/dovecot/core/commit/b91d91633bf40f5fc8f962cc72faea8b867a181a Aki From mpeters at domblogger.net Thu Aug 4 17:39:54 2016 From: mpeters at domblogger.net (Michael A. Peters) Date: Thu, 4 Aug 2016 10:39:54 -0700 Subject: Dovecot 2.2.25 test failure In-Reply-To: <566690910.5314.1470331868043@appsuite-dev.open-xchange.com> References: <83b1e708-8489-2010-2ec8-33a567ff10eb@domblogger.net> <5394da06-9cff-97a7-3859-6cb14411bfa1@domblogger.net> <1791498613.5182.1470318657773@appsuite-dev.open-xchange.com> <1d28610b-3c09-85a0-fdc2-237cbad90915@domblogger.net> <1897226546.5293.1470328733782@appsuite-dev.open-xchange.com> <566690910.5314.1470331868043@appsuite-dev.open-xchange.com> Message-ID: On 08/04/2016 10:31 AM, aki.tuomi at dovecot.fi wrote: > >> On August 4, 2016 at 7:38 PM aki.tuomi at dovecot.fi wrote: >> >> >> >>> On August 4, 2016 at 4:53 PM "Michael A. Peters" wrote: >>> >>> >>> On 08/04/2016 06:50 AM, aki.tuomi at dovecot.fi wrote: >>>> >>>>> On August 4, 2016 at 4:19 PM "Michael A. Peters" wrote: >>>>> >>>>> >>>>> On 08/04/2016 06:13 AM, Aki Tuomi wrote: >>>>>> >>>>>> >>>>>> On 04.08.2016 16:11, Michael A. Peters wrote: >>>>>>> Operating system - 64 bit CentOS 7 >>>>>>> gcc-4.8.5-4.el7.x86_64 >>>>>>> >>>>>>> Building against LibreSSL which has been fine for other releases, but >>>>>>> it is a crypto test that is fails. >>>>>>> >>>>>>> Tried with LibreSSL 2.4.2 and 2.3.6 - both the build completes but >>>>>>> fails the make check >>>>>>> >>>>>>> Dovecot 2.2.24 passes make check on both. >>>>>>> >>>>>>> This is where it fails: >>>>>>> >>>>>>> Making check in lib-dcrypt >>>>>>> make[2]: Entering directory >>>>>>> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' >>>>>>> for bin in test-crypto test-stream; do \ >>>>>>> if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ >>>>>>> done >>>>>>> ../../run-test.sh: line 21: 22369 Segmentation fault (core >>>>>>> dumped) valgrind -q --trace-children=yes --leak-check=full >>>>>>> --suppressions="$supp_path" --log-file=test.out.$$ $* >>>>>>> ==22369== Invalid read of size 8 >>>>>>> ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) >>>>>>> ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) >>>>>>> ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) >>>>>>> ==22369== by 0x119FC0: test_run (test-common.c:404) >>>>>>> ==22369== by 0x113461: main (test-crypto.c:554) >>>>>>> ==22369== Address 0x8 is not stack'd, malloc'd or (recently) free'd >>>>>>> ==22369== >>>>>>> ==22369== >>>>>>> ==22369== Process terminating with default action of signal 11 (SIGSEGV) >>>>>>> ==22369== Access not within mapped region at address 0x8 >>>>>>> ==22369== at 0x113A47: dcrypt_ctx_sym_create (dcrypt.c:61) >>>>>>> ==22369== by 0x119194: test_cipher_test_vectors (test-crypto.c:60) >>>>>>> ==22369== by 0x1196F0: test_run_funcs (test-common.c:354) >>>>>>> ==22369== by 0x119FC0: test_run (test-common.c:404) >>>>>>> ==22369== by 0x113461: main (test-crypto.c:554) >>>>>>> ==22369== If you believe this happened as a result of a stack >>>>>>> ==22369== overflow in your program's main thread (unlikely but >>>>>>> ==22369== possible), you can try to increase the size of the >>>>>>> ==22369== main thread stack using the --main-stacksize= flag. >>>>>>> ==22369== The main thread stack size used in this run was 8388608. >>>>>>> Failed to run: ./test-crypto >>>>>>> make[2]: *** [check-test] Error 1 >>>>>>> make[2]: Leaving directory >>>>>>> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' >>>>>>> make[1]: *** [check-recursive] Error 1 >>>>>>> make[1]: Leaving directory >>>>>>> `/home/alice/rpmbuild/BUILD/dovecot-2.2.25/src' >>>>>>> make: *** [check-recursive] Error 1 >>>>>>> error: Bad exit status from /var/tmp/rpm-tmp.Il5fdU (%check) >>>>>>> >>>>>>> Thanks for suggestions. >>>>>> >>>>>> Hi! >>>>>> >>>>>> can you please provide stack trace with gdb? >>>>>> >>>>>> gdb ./test-crypto >>>>>> r >>>>>> bt full >>>>>> >>>>>> Aki >>>>>> >>>>> >>>>> [alice at pern lib-dcrypt]$ gdb ./test-crypto >>>>> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-80.el7 >>>>> Copyright (C) 2013 Free Software Foundation, Inc. >>>>> License GPLv3+: GNU GPL version 3 or later >>>>> >>>>> This is free software: you are free to change and redistribute it. >>>>> There is NO WARRANTY, to the extent permitted by law. Type "show copying" >>>>> and "show warranty" for details. >>>>> This GDB was configured as "x86_64-redhat-linux-gnu". >>>>> For bug reporting instructions, please see: >>>>> ... >>>>> Reading symbols from >>>>> /home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt/test-crypto...done. >>>>> (gdb) r >>>>> Starting program: >>>>> /home/alice/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt/./test-crypto >>>>> >>>>> Program received signal SIGSEGV, Segmentation fault. >>>>> 0x000055555555fa47 in dcrypt_ctx_sym_create (algorithm=0x55555557c12e >>>>> "AES-128-CBC", mode=DCRYPT_MODE_ENCRYPT, ctx_r=0x7fffffffdf30, >>>>> error_r=0x0) at dcrypt.c:61 >>>>> 61 return dcrypt_vfs->ctx_sym_create(algorithm, mode, ctx_r, error_r); >>>>> Missing separate debuginfos, use: debuginfo-install >>>>> glibc-2.17-106.el7_2.6.x86_64 >>>>> (gdb) bt full >>>>> #0 0x000055555555fa47 in dcrypt_ctx_sym_create >>>>> (algorithm=0x55555557c12e "AES-128-CBC", mode=DCRYPT_MODE_ENCRYPT, >>>>> ctx_r=0x7fffffffdf30, error_r=0x0) at dcrypt.c:61 >>>>> No locals. >>>> >>>> Can you p dcrypt_vfs? >>>> >>>> Aki >>>> >>> >>> (gdb) p dcrypt_vfs >>> $1 = (struct dcrypt_vfs *) 0x0 >>> (gdb) >> >> Af. This problem is because there is no openssl backend built with dcrypt, as we don't have libressl support officially. I'll add code that checks that if dcrypt initialization fails, the tests are skipped. >> >> Aki > > Fixed in https://github.com/dovecot/core/commit/b91d91633bf40f5fc8f962cc72faea8b867a181a > > Aki > Thank you. I'll test it today. I understand the limited resource issue and the large number of TLS implementations that exist. For what its worth, I've been running Dovecot built against LibreSSL for almost a year now without any issues. Thank you. From dovecot at cloudzeeland.nl Thu Aug 4 17:47:15 2016 From: dovecot at cloudzeeland.nl (Jos Chrispijn) Date: Thu, 4 Aug 2016 19:47:15 +0200 Subject: file/folder perms permissions In-Reply-To: <69c2a4e6-ee15-6dfe-b875-9f3d7a5517fd@paz.bz> References: <69c2a4e6-ee15-6dfe-b875-9f3d7a5517fd@paz.bz> Message-ID: In een bericht van 4-8-2016 17:05: > I am a bit confused. I manually messed with some files, and my MUA > complained about permissions. So I got that mess fixed, and in doing so > I noticed the seemingly contradictory permissions. I can imagine the confusion. It all is depending on who/what installed the software. You have root/system permissions, user related and group related permissions. Do not change permissions unless you know what you are doing! /Jos From dovecot at mx24.net Thu Aug 4 18:55:34 2016 From: dovecot at mx24.net (Vince42) Date: Thu, 4 Aug 2016 20:55:34 +0200 Subject: SSL connection reset by peer In-Reply-To: References: <8bbc2e86-7cbf-34ad-be55-17bf47f58987@mx24.net> <94489cea-5a4b-de32-3201-4e096d5762aa@mx24.net> <74ad7ea7-573e-81b1-f536-e6df63d31d69@mx24.net> Message-ID: Hi, [Olaf Hopp] - [2016-08-02 23:45] > just a shot into the dark: if you are running out of entropy, you > might get SSL errors. If this is a virtual machine, there are not > many entropy sources. Consider installing alternative entropy sources > like haveged(*), available in many distro repos. Thank you for your hint. I followed the entropy idea when I first encountered this strange behaviour, but there was no shortage. Tweaking the parameters for the imap_login service seemed to fix the problems, now I need to try to set them to reasonable values in order to have the best compromise between "secure" and "high performance" as described in the Dovecot wiki. -- Cheers, \\|// Vince (o o) ----------------------------ooO-(_)-Ooo------------------------- ''' (o)_(o) [ ][0][ ] ??? (=?o?=) World Domination by Copy and Paste [ ][ ][0] - (")_(") [0][0][0] () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Ooo. ---------------------------.ooO----( )------------------------- ( ) (_/ \_) From skdovecot at smail.inf.fh-brs.de Fri Aug 5 06:10:13 2016 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 5 Aug 2016 08:10:13 +0200 (CEST) Subject: file/folder perms permissions In-Reply-To: <69c2a4e6-ee15-6dfe-b875-9f3d7a5517fd@paz.bz> References: <69c2a4e6-ee15-6dfe-b875-9f3d7a5517fd@paz.bz> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 4 Aug 2016, Jim Pazarena wrote: > Forgive me if I am blind, but I cannot find default folder permissions. there are no "default"s, because it depends on your installation heavily. > For the home directories, with the sub of mail: and deeper, I see some files > with 660, some with 600, some folders with 770 some with 660 If you have folders with permission 660, they are wrong, because they miss access perm for all, even the owner. > I am a bit confused. I manually messed with some files, and my MUA complained > about permissions. So I got that mess fixed, and in doing so I noticed the > seemingly contradictory permissions. The user must be able to access the files, so: user/owner: + if you use system users, Dovecot uses the user's system id to access the files, + if you use virtual users, Dovecot uses the mail_uid specified in the conf file or userdb, group (usually): + for some operations additional permissions might be necessary, those are *usually* given via group "mail", e.g. sharing of mailboxes with system users, direct deliviering of messages without Dovecot LDA or LMTP, ... ==== usually you get very descriptive hints, what permissions are required, by reading the logs. Dovecot 2 even walks up directories, if an access perm is missing. Very convient! ==== If you have trouble with mailboxes (rather than the complete mail store of an user), create a new mailbox within an account, that has no problems and use the permissions given there for problematic mailboxes. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBV6QtxXz1H7kL/d9rAQLB1Qf/ezS2Go1khR9D69IeAKSQ+V1Vd/7pQb2G 8HJFB8QgnLBMpmwN3vrz3+t0kWqNhW+TKusYIl70kkDYzUCC+oBeNHHVb94d20s+ sN6Up1kdLbuPJ926QiW0Sb8n6pOAyXels4L4RrKqpX4PafhtumsltOiPI82pfUpY Mel69RRh23TAepV2CnEyeWxfQ+ffJrumsVu00FR0EAd8pFw3LsKStBfQr4qA/f/+ G2aXNHPDQK2fzmP0SFK3uxk/AXgl5cbUqxEvf7n7STxaCZpcSH3DVrK7Nt0aQEBa dHm6dc+TgcY0GhJRmtKyLhnRQhZyiPW1vIBs3YS8uMcBQKG+cY9Bsw== =BIxI -----END PGP SIGNATURE----- From filip.loncar at federation-servers.com Tue Aug 2 08:25:47 2016 From: filip.loncar at federation-servers.com (Filip Loncar [WarpMax | FederationServers]) Date: Tue, 02 Aug 2016 10:25:47 +0200 Subject: Problem with sieve configuration on dovecot+debian_jessie+ISPC3 Message-ID: <57A0590B.2030306@federation-servers.com> I'm new-ish to dovecot and sieve (haven't used it extensively till now) and I'm not sure that I configured everything propperly. The problem is that we're trying to get the following sieve code to run: require ["fileinto", "regex", "date", "relational", "vacation", "duplicate"]; require "duplicate"; if duplicate :header "message-id" { discard; } else { redirect ""; redirect ""; redirect ""; redirect ""; redirect ""; redirect ""; keep; } keep; But we're constantly getting the following error: sieve: info: started log at Aug 02 08:13:21. main script: line 5: error: require command: unknown Sieve capability `duplicate'. main script: line 6: error: unknown test 'duplicate' (only reported once at first occurence). main script: error: validation failed. Both me and my collegue can't find what's wrong with the system. I would appreciate any kind of help on this matter. Below's my configuration. # dovecot --version 2.2.13 # dovecot -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-45-pve x86_64 Debian 8.5 auth_mechanisms = plain login disable_plaintext_auth = no listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave vnd.dovecot.duplicate passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_duplicate_default_period = 14d sieve_extensions = +vnd.dovecot.duplicate sieve_max_redirects = 6 sieve_plugins = sieve_extprograms } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 500 } ssl_cert = From aki.tuomi at dovecot.fi Fri Aug 5 08:59:25 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Fri, 5 Aug 2016 11:59:25 +0300 Subject: New password hashing scheme as plugin In-Reply-To: References: <424914848.3507.1469975998263@appsuite-dev.open-xchange.com> <633226559.876.1470058704230@appsuite-dev.open-xchange.com> <1496422593.993.1470059897996@appsuite-dev.open-xchange.com> Message-ID: <6798a1a9-5a27-cb00-3269-3cf08aac40f6@dovecot.fi> On 02.08.2016 00:46, Andreas Meyer wrote: > 2016-08-01 15:58 GMT+02:00 : > >>> On August 1, 2016 at 4:38 PM aki.tuomi at dovecot.fi wrote: >>> >>> >>> >>>> On August 1, 2016 at 3:45 PM Andreas Meyer >> wrote: >>>> >>>> 2016-07-31 16:39 GMT+02:00 : >>>> >>>>>> On July 27, 2016 at 2:08 AM Andreas Meyer >>>> wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>> I want to add a new password hashing scheme as plugin and provide >> it for >>>>>> the dovecot project, so that it will be included as optional >> plugin in >>>>>> future releases. >>>>>> >>>>>> Yet the plugin compiles fine and the .so file gets created. >>>>>> >>>>>> My approach is to call the functions password_scheme_register() and >>>>>> password_scheme_unregister() (src/auth/password-scheme.c) inside >> the >>>>>> plugin's _init() and _deinit() functions. >>>>>> >>>>>> When a client tries to login via imap the log shows an error >> message: >>>>>> Error: Couldn't load required plugin >>>>>> /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed: >>>>>> /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol: >>>>>> password_scheme_unregister >>>>>> >>>>>> That error obviously occurs, because the required lib is not >> linked into >>>>>> the plugin. >>>>>> >>>>>> >>>>>> Now my problem is to understand, whether this approach (via .so >> file) can >>>>>> be successful at all and if so, how? >>>>>> Do I need to link libs into it? Which would that be and how do I >> specify >>>>>> them in the Makefile.am? >>>>>> >>>>>> I assume, I don't need to link a lib, but need to use a hook to >> register >>>>>> the new hashing scheme, since the plugin is loaded into an already >>>>> existing >>>>>> process, which needs to get extended. If this is true, which hook >> would >>>>>> that be and how do I register the new scheme? >>>>>> >>>>>> Or is there no way to accomplish this via a separated .so plugin? >> Should >>>>> I >>>>>> extend the sources in /src/auth instead? (separat file for the >> hashing >>>>>> scheme with preprocessor instructions to include it only on demand) >>>>>> >>>>>> >>>>>> >>>>>> Thank you very much, >>>>>> >>>>>> Andreas >>>>> Can you publish your code in, say, github.com and provide link to >> it? >>>>> New password scheme is doable as plugin but it needs to placed in >> different >>>>> place and it will be autoloaded. >>>>> >>>>> Aki >>>>> >>>> >>>> >>>> >>>> I created two branches. Both compile fine with the option: >> --with-libsodium >>>> Branch #1) >>>> >>>> >> https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_plugin >>>> This is my try to add libsodium support as plugin. When the plugin is >>>> loaded, it exits with the mentioned error message "undefined symbol: >>>> password_scheme_unregister" >>>> >>>> >>>> Branch #2) >>>> >>>> >> https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_auth >>>> This compiles fine and also works. The new hashing schemes SCRYPT and >>>> ARGON2 are available to dovecot. >>>> Libsodium support is not created as module, but only added if the >>>> --with-libsodium option was passed to configure. >>>> >>>> >>>> >>>> Regards, >>>> Andreas >>> Hi! >>> >>> I had a look at your code and noticed you had tried to put it in >> dovecot's tree. I would recommend making completely separate plugin of it. >> It's not very hard, I can help you out there. It does not need to be in >> src/plugins, the source supports fully external plugins that you can then >> install separately. >>> This would make it lot more easier to develop the plugin. I'll see if I >> can make you a little skeleton to help you out with this, you can then use >> it as basis for your auth plugin. >>> Aki >> https://github.com/cmouse/dovecot-password-scheme-plugin >> >> is the plugin template you can use. please see if it helps you out. >> >> Aki >> > > > Thank you very much for the skeleton. It really helped a lot. > > I created this repository and checked in my changes: > https://github.com/LuckyFellow/dovecot-libsodium-plugin > It compiles and installs fine. The auth module loads the plugin > automatically on demand, the hashing schemes are available and they work. > > What do I need to do, so that you can include it as plugin? > > > Regards, > Andreas We don't need to include it ourselves, you can tell people it exists there, and they can compile it with their dovecot installation. We can add wiki page for the plugin to guide people to your page. It will be automatically included after make install, you can try it out with doveadm pw -s Aki From me at junc.eu Fri Aug 5 09:05:57 2016 From: me at junc.eu (Benny Pedersen) Date: Fri, 05 Aug 2016 11:05:57 +0200 Subject: Problem with sieve configuration on dovecot+debian_jessie+ISPC3 In-Reply-To: <57A0590B.2030306@federation-servers.com> References: <57A0590B.2030306@federation-servers.com> Message-ID: <172ca6fe5b4794127ed0b65754c6c03b@junc.eu> On 2016-08-02 10:25, Filip Loncar [WarpMax | FederationServers] wrote: > require "duplicate"; > if duplicate :header "message-id" { > discard; > } this sieve rule will discard your own postings on maillists when you get them back bummer > This e-mail, including all attached files, if any, is confidential and this is a public maillist, no need to make a policy on that please cut it down or remove it when you post to maillists From luckyfellow42 at gmail.com Fri Aug 5 09:09:45 2016 From: luckyfellow42 at gmail.com (Andreas Meyer) Date: Fri, 5 Aug 2016 11:09:45 +0200 Subject: New password hashing scheme as plugin In-Reply-To: <6798a1a9-5a27-cb00-3269-3cf08aac40f6@dovecot.fi> References: <424914848.3507.1469975998263@appsuite-dev.open-xchange.com> <633226559.876.1470058704230@appsuite-dev.open-xchange.com> <1496422593.993.1470059897996@appsuite-dev.open-xchange.com> <6798a1a9-5a27-cb00-3269-3cf08aac40f6@dovecot.fi> Message-ID: 2016-08-05 10:59 GMT+02:00 Aki Tuomi : > > > On 02.08.2016 00:46, Andreas Meyer wrote: > > 2016-08-01 15:58 GMT+02:00 : > > > >>> On August 1, 2016 at 4:38 PM aki.tuomi at dovecot.fi wrote: > >>> > >>> > >>> > >>>> On August 1, 2016 at 3:45 PM Andreas Meyer > >> wrote: > >>>> > >>>> 2016-07-31 16:39 GMT+02:00 : > >>>> > >>>>>> On July 27, 2016 at 2:08 AM Andreas Meyer >>>>> wrote: > >>>>>> > >>>>>> Hi, > >>>>>> > >>>>>> > >>>>>> I want to add a new password hashing scheme as plugin and provide > >> it for > >>>>>> the dovecot project, so that it will be included as optional > >> plugin in > >>>>>> future releases. > >>>>>> > >>>>>> Yet the plugin compiles fine and the .so file gets created. > >>>>>> > >>>>>> My approach is to call the functions password_scheme_register() and > >>>>>> password_scheme_unregister() (src/auth/password-scheme.c) inside > >> the > >>>>>> plugin's _init() and _deinit() functions. > >>>>>> > >>>>>> When a client tries to login via imap the log shows an error > >> message: > >>>>>> Error: Couldn't load required plugin > >>>>>> /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed: > >>>>>> /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol: > >>>>>> password_scheme_unregister > >>>>>> > >>>>>> That error obviously occurs, because the required lib is not > >> linked into > >>>>>> the plugin. > >>>>>> > >>>>>> > >>>>>> Now my problem is to understand, whether this approach (via .so > >> file) can > >>>>>> be successful at all and if so, how? > >>>>>> Do I need to link libs into it? Which would that be and how do I > >> specify > >>>>>> them in the Makefile.am? > >>>>>> > >>>>>> I assume, I don't need to link a lib, but need to use a hook to > >> register > >>>>>> the new hashing scheme, since the plugin is loaded into an already > >>>>> existing > >>>>>> process, which needs to get extended. If this is true, which hook > >> would > >>>>>> that be and how do I register the new scheme? > >>>>>> > >>>>>> Or is there no way to accomplish this via a separated .so plugin? > >> Should > >>>>> I > >>>>>> extend the sources in /src/auth instead? (separat file for the > >> hashing > >>>>>> scheme with preprocessor instructions to include it only on demand) > >>>>>> > >>>>>> > >>>>>> > >>>>>> Thank you very much, > >>>>>> > >>>>>> Andreas > >>>>> Can you publish your code in, say, github.com and provide link to > >> it? > >>>>> New password scheme is doable as plugin but it needs to placed in > >> different > >>>>> place and it will be autoloaded. > >>>>> > >>>>> Aki > >>>>> > >>>> > >>>> > >>>> > >>>> I created two branches. Both compile fine with the option: > >> --with-libsodium > >>>> Branch #1) > >>>> > >>>> > >> https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_ > libsodium_plugin > >>>> This is my try to add libsodium support as plugin. When the plugin is > >>>> loaded, it exits with the mentioned error message "undefined symbol: > >>>> password_scheme_unregister" > >>>> > >>>> > >>>> Branch #2) > >>>> > >>>> > >> https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_ > libsodium_auth > >>>> This compiles fine and also works. The new hashing schemes SCRYPT and > >>>> ARGON2 are available to dovecot. > >>>> Libsodium support is not created as module, but only added if the > >>>> --with-libsodium option was passed to configure. > >>>> > >>>> > >>>> > >>>> Regards, > >>>> Andreas > >>> Hi! > >>> > >>> I had a look at your code and noticed you had tried to put it in > >> dovecot's tree. I would recommend making completely separate plugin of > it. > >> It's not very hard, I can help you out there. It does not need to be in > >> src/plugins, the source supports fully external plugins that you can > then > >> install separately. > >>> This would make it lot more easier to develop the plugin. I'll see if I > >> can make you a little skeleton to help you out with this, you can then > use > >> it as basis for your auth plugin. > >>> Aki > >> https://github.com/cmouse/dovecot-password-scheme-plugin > >> > >> is the plugin template you can use. please see if it helps you out. > >> > >> Aki > >> > > > > > > Thank you very much for the skeleton. It really helped a lot. > > > > I created this repository and checked in my changes: > > https://github.com/LuckyFellow/dovecot-libsodium-plugin > > It compiles and installs fine. The auth module loads the plugin > > automatically on demand, the hashing schemes are available and they work. > > > > What do I need to do, so that you can include it as plugin? > > > > > > Regards, > > Andreas > We don't need to include it ourselves, you can tell people it exists > there, and they can compile it with their dovecot installation. We can > add wiki page for the plugin to guide people to your page. > > It will be automatically included after make install, you can try it out > with > > doveadm pw -s > > Aki > Alright. It would be awesome if you add a hint to the plugin to the dovecot wiki. Thank you very much for your help. Andreas From filip.loncar at federation-servers.com Fri Aug 5 09:29:09 2016 From: filip.loncar at federation-servers.com (=?UTF-8?Q?Filip_Lon=C4=8Dar?=) Date: Fri, 5 Aug 2016 11:29:09 +0200 Subject: Problem with sieve configuration on dovecot+debian_jessie+ISPC3 In-Reply-To: <172ca6fe5b4794127ed0b65754c6c03b@junc.eu> References: <57A0590B.2030306@federation-servers.com> <172ca6fe5b4794127ed0b65754c6c03b@junc.eu> Message-ID: Well that's not a problem with the mailing list. The problem is that I'm trying to do a forwarding system between 6 emails that all have to receive each other's emails but without the duplicates. So we have emails: A, B, C, D, E, and F; And whenever someone sends an email to A; B, C, D, E, and F should receive the emails. But B automatically forwards everything to A again, and to everyone else, etc. ad infinitum. So I get a loop. I'm trying to fix that all duplicates aren't forwarded to anyone else. So that people can put B, C, and E into the CC without getting duplicates. Thanks in advance. PS: Those were the experimental rules on the system, not this email. On 5 August 2016 at 11:05, Benny Pedersen wrote: > On 2016-08-02 10:25, Filip Loncar [WarpMax | FederationServers] wrote: > > require "duplicate"; >> if duplicate :header "message-id" { >> discard; >> } >> > > this sieve rule will discard your own postings on maillists when you get > them back > > bummer > > This e-mail, including all attached files, if any, is confidential and >> > > this is a public maillist, no need to make a policy on that > > please cut it down or remove it when you post to maillists > From stephan at rename-it.nl Fri Aug 5 10:27:45 2016 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 5 Aug 2016 12:27:45 +0200 Subject: Problem with sieve configuration on dovecot+debian_jessie+ISPC3 In-Reply-To: <57A0590B.2030306@federation-servers.com> References: <57A0590B.2030306@federation-servers.com> Message-ID: <5afc057c-ba61-f7c9-351a-7a7ce074446b@rename-it.nl> Thunderbird shows this message as only a picture. Had to view the source to read it. > I'm new-ish to dovecot and sieve (haven't used it extensively till now) > and I'm not sure that I configured everything propperly. > > The problem is that we're trying to get the following sieve code to run: [...] > But we're constantly getting the following error: > > sieve: info: started log at Aug 02 08:13:21. > main script: line 5: error: require command: unknown Sieve capability > `duplicate'. > main script: line 6: error: unknown test 'duplicate' (only reported once > at first occurence). > main script: error: validation failed. > > Both me and my collegue can't find what's wrong with the system. > > I would appreciate any kind of help on this matter. > Below's my configuration. > > # dovecot --version > 2.2.13 That version is very old. I am not sure which Pigeonhole version Debian used with that. The standard "duplicate" extension was introduced around that time. It could be that it is still called "vnd.dovecot.duplicate" at your end. So, try `require "vnd.dovecot.duplicate";' instead of `require "duplicate";'. Regards, Stephan. From rblayzor.bulk at inoc.net Fri Aug 5 15:41:40 2016 From: rblayzor.bulk at inoc.net (Robert Blayzor) Date: Fri, 5 Aug 2016 11:41:40 -0400 Subject: Dovecot password policy Message-ID: Is there a way to configure Dovecot to perhaps filter/enforce which passwords are accepted before authenticating? Ie: Reject immediately (without a database lookup) if password is not X characters in length? ? -- Robert inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP Key: 78BEDCE1 @ pgp.mit.edu From dmiller at amfes.com Fri Aug 5 15:43:01 2016 From: dmiller at amfes.com (Daniel Miller) Date: Fri, 5 Aug 2016 08:43:01 -0700 Subject: Dovecot and Solr 6 In-Reply-To: <6f4f29e3-9938-ee29-e5fd-e28d8e3f1cb9@ksb.id.lv> References: <347df3a7-4902-3614-3eaa-9ba06486fee5@ksb.id.lv> <6f4f29e3-9938-ee29-e5fd-e28d8e3f1cb9@ksb.id.lv> Message-ID: On 7/7/2016 2:31 PM, KSB wrote: > On 2016.07.06. 22:51, KSB wrote: >> Hi! >> Dovecot 2.2.24 >> Had set up solr and new schema collection. Copied dovecot provided >> schema. There was an error with booleans (while getting schema via >> http), which I "solved" by removing "add-unknown-fields-to-the-schema" >> from solrconfig.xml. It is correct way to solve this? >> Anyway, I run tcpdump to see network activity between dovecot and solr: >> #tcpdump -i lo port 8983 >> and see nothing while doing: >> #doveadm fts rescan -u username at domain.tld >> no output also from doveadm. >> >> Noticed that dovecot.index.log reapears in user mail root if deleted. >> >> plugin { >> fts = solr >> fts_solr = url=http://localhost:8983/solr/dovecot/ debug >> .. >> } >> >> -- >> KSB > > After some fiddling around, come in to conclusion that doveadm fts > rescan is nothing to do about real indexing. So, it is working. > Anyway, now thinking about what really differs when fts is used vs not > used. 1 argument is speed, what else? > > -- > KSB "doveadm fts rescan" resets pointers but does not itself trigger a re-index. But it makes the next actual index scan the full mailbox. The whole point of FTS is "full-text-search". So if you don't use it - you don't need it. But when large mailboxes are involved, searches involving solr indexes are extremely fast compared to non-fts searches. -- Daniel From mpeters at domblogger.net Fri Aug 5 15:47:34 2016 From: mpeters at domblogger.net (Michael A. Peters) Date: Fri, 5 Aug 2016 08:47:34 -0700 Subject: Dovecot password policy In-Reply-To: References: Message-ID: <62ed9969-59b8-5432-0f96-13cd7291fe4b@domblogger.net> On 08/05/2016 08:41 AM, Robert Blayzor wrote: > Is there a way to configure Dovecot to perhaps filter/enforce which passwords are accepted before authenticating? > > Ie: Reject immediately (without a database lookup) if password is not X characters in length? > > ? > Not sure what the benefit would be, other than helping automated bots figure out your minimum password length based upon the response time. From aki.tuomi at dovecot.fi Fri Aug 5 16:12:55 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Fri, 5 Aug 2016 19:12:55 +0300 (EEST) Subject: Dovecot password policy In-Reply-To: <62ed9969-59b8-5432-0f96-13cd7291fe4b@domblogger.net> References: <62ed9969-59b8-5432-0f96-13cd7291fe4b@domblogger.net> Message-ID: <1006362329.448.1470413575922@appsuite-dev.open-xchange.com> > On August 5, 2016 at 6:47 PM "Michael A. Peters" wrote: > > > On 08/05/2016 08:41 AM, Robert Blayzor wrote: > > Is there a way to configure Dovecot to perhaps filter/enforce which passwords are accepted before authenticating? > > > > Ie: Reject immediately (without a database lookup) if password is not X characters in length? > > > > ? > > > > Not sure what the benefit would be, other than helping automated bots > figure out your minimum password length based upon the response time. The response time will be same anyways. Anyways. It is better to enforce this kind of thing when users define the password than during login. Aki From rblayzor.bulk at inoc.net Fri Aug 5 18:10:33 2016 From: rblayzor.bulk at inoc.net (Robert Blayzor) Date: Fri, 5 Aug 2016 14:10:33 -0400 Subject: Dovecot password policy In-Reply-To: <1006362329.448.1470413575922@appsuite-dev.open-xchange.com> References: <62ed9969-59b8-5432-0f96-13cd7291fe4b@domblogger.net> <1006362329.448.1470413575922@appsuite-dev.open-xchange.com> Message-ID: <960D4258-5E52-4081-A2D6-22A50E82C9E7@inoc.net> On Aug 5, 2016, at 12:12 PM, Aki Tuomi wrote: > > The response time will be same anyways. > > Anyways. It is better to enforce this kind of thing when users define the password than during login. The idea would be to mitigate unnecessary database dips for password that don?t clearly pass said password policy. Sure you can enforce what passwords users use; but you can?t enforce what is being attempted to authenticate. A lot of ?bots? try very simple passwords say less than X characters; over and over and over again before they give up. I realize Dovecot mitigates this by slowing them down; but always nice to have another optional layer of defense to clip this kind of garbage closer to the door. At the very least have a reject empty password option. -- Robert inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP Key: 78BEDCE1 @ pgp.mit.edu From aki.tuomi at dovecot.fi Fri Aug 5 18:16:30 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Fri, 5 Aug 2016 21:16:30 +0300 (EEST) Subject: Dovecot password policy In-Reply-To: <960D4258-5E52-4081-A2D6-22A50E82C9E7@inoc.net> References: <62ed9969-59b8-5432-0f96-13cd7291fe4b@domblogger.net> <1006362329.448.1470413575922@appsuite-dev.open-xchange.com> <960D4258-5E52-4081-A2D6-22A50E82C9E7@inoc.net> Message-ID: <1226746079.486.1470420991037@appsuite-dev.open-xchange.com> > On August 5, 2016 at 9:10 PM Robert Blayzor wrote: > > > On Aug 5, 2016, at 12:12 PM, Aki Tuomi wrote: > > > > The response time will be same anyways. > > > > Anyways. It is better to enforce this kind of thing when users define the password than during login. > > > The idea would be to mitigate unnecessary database dips for password that don?t clearly pass said password policy. Sure you can enforce what passwords users use; but you can?t enforce what is being attempted to authenticate. A lot of ?bots? try very simple passwords say less than X characters; over and over and over again before they give up. > > I realize Dovecot mitigates this by slowing them down; but always nice to have another optional layer of defense to clip this kind of garbage closer to the door. > > At the very least have a reject empty password option. > > -- > Robert > inoc.net!rblayzor > XMPP: rblayzor.AT.inoc.net > PGP Key: 78BEDCE1 @ pgp.mit.edu I would like to mention the new auth policy server support. It works with weakforced. See http://wiki2.dovecot.org/Authentication/Policy And https://github.com/PowerDNS/weakforced Correct usage should help you more than your plan, I promise. Aki From jtam.home at gmail.com Fri Aug 5 18:36:00 2016 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 5 Aug 2016 11:36:00 -0700 (PDT) Subject: Dovecot password policy In-Reply-To: References: Message-ID: Robert Blayzor writes: > Is there a way to configure Dovecot to perhaps filter/enforce which > passwords are accepted before authenticating? Ie: Reject immediately > (without a database lookup) if password is not X characters in length? Yes, use the checkpassword hook. http://wiki.dovecot.org/AuthDatabase/CheckPassword I think there also some PAM module that you can stack into your system that will enforce password policies. Joseph Tam From lefty at spes.gr Fri Aug 5 19:01:15 2016 From: lefty at spes.gr (Lefteris Tsintjelis) Date: Fri, 5 Aug 2016 22:01:15 +0300 Subject: Save user passwords in clear text Message-ID: <796F15DC-0C35-4E47-AEE5-8C1DE5B23C8E@spes.gr> Is it possible to save user passwords as clear text through dovecot? I am currently using MD5 passwords and I allow only "plain and login? mechanisms but I want to switch my database to clear text as this will give me the ability to use more mechanisms such as CRAM-MD5. Is this possible? Thank you From news at mefox.org Sat Aug 6 02:34:18 2016 From: news at mefox.org (Michael Fox) Date: Fri, 5 Aug 2016 19:34:18 -0700 Subject: Dovecot password policy In-Reply-To: <960D4258-5E52-4081-A2D6-22A50E82C9E7@inoc.net> References: <62ed9969-59b8-5432-0f96-13cd7291fe4b@domblogger.net> <1006362329.448.1470413575922@appsuite-dev.open-xchange.com> <960D4258-5E52-4081-A2D6-22A50E82C9E7@inoc.net> Message-ID: <023e01d1ef8b$08a293a0$19e7bae0$@mefox.org> > A lot of ?bots? try very simple passwords say less than X > characters; over and over and over again before they give up. > > I realize Dovecot mitigates this by slowing them down; but always nice to > have another optional layer of defense to clip this kind of garbage closer > to the door. Check out fail2ban. It's very useful for that sort of repeated bot attack. Michael From news at mefox.org Sat Aug 6 02:39:41 2016 From: news at mefox.org (Michael Fox) Date: Fri, 5 Aug 2016 19:39:41 -0700 Subject: Save user passwords in clear text In-Reply-To: <796F15DC-0C35-4E47-AEE5-8C1DE5B23C8E@spes.gr> References: <796F15DC-0C35-4E47-AEE5-8C1DE5B23C8E@spes.gr> Message-ID: <026801d1ef8b$c9700770$5c501650$@mefox.org> > Is it possible to save user passwords as clear text through dovecot? I am > currently using MD5 passwords and I allow only "plain and login? > mechanisms but I want to switch my database to clear text as this will > give me the ability to use more mechanisms such as CRAM-MD5. Is this > possible? I'm not sure if this is what you mean by saving passwords "through dovecot". But here's how to save a clear-text password when the passdb scheme is not plaintext. Use the {PLAIN} prefix. Example: 10-auth.conf: passdb { driver = passwd-file args = scheme=cram-md5 username_format=%n /path/passdb } /path/passdb: username:{PLAIN}secret User "username" can log in with password "secret" Michael From p.heinlein at heinlein-support.de Sat Aug 6 06:13:40 2016 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Sat, 6 Aug 2016 08:13:40 +0200 Subject: Dovecot book available again Message-ID: Hi, after my publisher has to shut down his business at the end of last year, it took several months to organize everything. But it's done! I'm happy to announce: The Dovecot book is available again. You can order it at Createspace: https://www.createspace.com/5942312 Or Amazon: https://www.amazon.com/dp/1534895701 https://www.amazon.co.uk/dp/1534895701 https://www.amazon.de/dp/1534895701 And in some weeks in every book store by ISBN-13 978-1534895706. If you want to support the author and if you help us to make good books you should think about ordering it from Createspace instead of Amazon. There's a 10% discount for users of this mailinglist if you use the discount code VR5YF7W2 at Createspace. Valid until August, 21th. Feedback and comments by mail is appreciated, also comments and ratings at Createspace and Amazon :-) Thanks again to Timo and everybody from Dovecot Oy / Open-Xchange for their support. Peer P.S.: The German Dovecot-Book is also available at: http://www.dovecot-buch.de/online-shop/buch-bestellung/ -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From news at mefox.org Sat Aug 6 07:24:17 2016 From: news at mefox.org (Michael Fox) Date: Sat, 6 Aug 2016 00:24:17 -0700 Subject: Dovecot book available again In-Reply-To: References: Message-ID: <028501d1efb3$8b656ec0$a2304c40$@mefox.org> Thanks Peer, I discovered it on Amazon a couple of days ago. Received it today. So far, it's exactly what I was hoping for. I'm already learning new things! Michael > -----Original Message----- > > after my publisher has to shut down his business at the end of last > year, it took several months to organize everything. > > But it's done! I'm happy to announce: The Dovecot book is available again. > > You can order it at Createspace: > > https://www.createspace.com/5942312 > > Or Amazon: > > https://www.amazon.com/dp/1534895701 > https://www.amazon.co.uk/dp/1534895701 > https://www.amazon.de/dp/1534895701 > From luca at lm-net.it Sat Aug 6 08:21:11 2016 From: luca at lm-net.it (Luca Lesinigo) Date: Sat, 6 Aug 2016 10:21:11 +0200 Subject: Dovecot book available again In-Reply-To: References: Message-ID: Il giorno 06 ago 2016, alle ore 08:13, Peer Heinlein ha scritto: > And in some weeks in every book store by ISBN-13 978-1534895706. > > If you want to support the author and if you help us to make good books you should think about ordering it from Createspace instead of Amazon. Hi Peer, thanks for sharing the news and the discount code ;-) I really prefer buying digital versions of books, for ease of consumption. Is there an ebook version of the book (didn?t see it on Createspace / Amazon), and possibly on some vendor that will help support the author? (I?m asking publicly on the list because I think it could be of interest to other people too?) thanks, -- Luca Lesinigo From me at junc.eu Sat Aug 6 12:46:11 2016 From: me at junc.eu (Benny Pedersen) Date: Sat, 06 Aug 2016 14:46:11 +0200 Subject: Dovecot book available again In-Reply-To: References: Message-ID: <824b8b34354408ad6044e890b6260fbe@junc.eu> On 2016-08-06 10:21, Luca Lesinigo wrote: > (I?m asking publicly on the list because I think it could be of > interest to other people too?) i have ordered the book, if there will be a update i would like to see it as ebook aswell here have to wait to see it here to mid september From larryrtx at gmail.com Sat Aug 6 14:20:33 2016 From: larryrtx at gmail.com (Larry Rosenman) Date: Sat, 6 Aug 2016 09:20:33 -0500 Subject: Dovecot book available again In-Reply-To: <824b8b34354408ad6044e890b6260fbe@junc.eu> References: <824b8b34354408ad6044e890b6260fbe@junc.eu> Message-ID: Ordered via Amazon Smile (supporting FreeBSD). Thanks for getting it available again. On Sat, Aug 6, 2016 at 7:46 AM, Benny Pedersen wrote: > On 2016-08-06 10:21, Luca Lesinigo wrote: > > (I?m asking publicly on the list because I think it could be of >> interest to other people too?) >> > > i have ordered the book, if there will be a update i would like to see it > as ebook aswell here > > have to wait to see it here to mid september > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281 From phil at philfixit.info Mon Aug 8 00:57:53 2016 From: phil at philfixit.info (phil) Date: Mon, 8 Aug 2016 10:57:53 +1000 Subject: Dovecot book available again In-Reply-To: References: Message-ID: <70481b6d-d4b9-6396-0fb0-a0ae2d5aea98@philfixit.info> On 6/08/2016 6:21 PM, Luca Lesinigo wrote: > Il giorno 06 ago 2016, alle ore 08:13, Peer Heinlein ha scritto: >> And in some weeks in every book store by ISBN-13 978-1534895706. >> >> If you want to support the author and if you help us to make good books you should think about ordering it from Createspace instead of Amazon. > Hi Peer, thanks for sharing the news and the discount code ;-) > > I really prefer buying digital versions of books, for ease of consumption. > Is there an ebook version of the book (didn?t see it on Createspace / Amazon), and possibly on some vendor that will help support the author? > > (I?m asking publicly on the list because I think it could be of interest to other people too?) > > thanks, > -- > Luca Lesinigo > Sorry for the offlist post Luca my bad hit the wrong button . . . Personally i don't want a physical book at all :/ Regards, Phil -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 884 bytes Desc: OpenPGP digital signature URL: From radu.gheorghe at sematext.com Mon Aug 8 11:30:28 2016 From: radu.gheorghe at sematext.com (Radu Gheorghe) Date: Mon, 8 Aug 2016 14:30:28 +0300 Subject: Questions about how fts-solr works Message-ID: Hello, I'm quite a Dovecot newbie, so please be gentle :) Though I did my homework as well as I could, I still have some questions regarding the Solr plugin. Specifically: - I understand that by default, a mailbox is indexed on the first search and then deltas are indexed in subsequent searches. Are Emails indexed in batches or one by one? Looking at the code, I see a hardcoded limit of 1000, and I'm guessing if the mailbox is done and there are <1000 Emails in the buffer, it just flushes them, right? - if I set fts_autoindex=yes, does it mean that as soon as the Email is delivered by the MTA, it will be indexed in Solr? or does it have to read by the user or touched in any way? - also, with fts_autoindex=yes, are Emails indexed in batches? if yes, is there also a time limit besides the size limit? e.g. if only 100 messages were received - I have the same question about deletes: when do they happen, and are they batched? - what happens if Solr is unavailable? I know Dovecot keeps track of what indexed in dovecot.indexed files, but does it retry? if yes, what's the retry policy and can it be configured? Also, does it behave the same if Solr is actually available and throws an error? - the same question is for attachments, though I think this is general FTS - what if Tika fails to parse the attachment? Does Dovecot still index the Email metadata? As a side, I'm also wondering if I could use the Tika that comes with Solr (https://cwiki.apache.org/confluence/display/solr/Uploading+Data+with+Solr+Cell+using+Apache+Tika). Can fts-solr handle attachments at all? I'm asking because I don't see that field in the default schema.xml - can I add arbitrary URI parameters to the Solr request? I see that one could fiddle with the path, which I assume will let one have one collection per mailbox (though I'm curious how that works with batches - I'm guessing one batch/indexing thread per mailbox?). Specifically, I'm interested in using the mailbox as a routing value - if I read the code well, Dovecot does a soft commit when it's done with the specific mailbox. For indexing at search time, I see why it makes sense. If I do "autoindex", can I disable that and let Solr autoSoftCommit every N seconds? That should improve indexing throughput and reduce load. I see that one can already do this for hard commits (I'd use autoCommit there, though a hard commit is also triggered when ramBufferSizeMB gets hit) - when querying, can I sort by an arbitrary field, such as the date? I saw I can sort by score, but I can't find anything in the code that will suggest it's supported - also when querying, can I specify which fields to return? I see that the plugin asks for Email ID, so I'm guessing it fetches things like from/to from the Email itself. I'm thinking that if I want to sort by those values I need to set docValues=true on them, to save memory. In that case, I might as well retrieve the original string from docValues, which should be a whole lot faster My plan is to do all sorts of tests, but having a better background on how it works will certainly help. Any pointers, feedback, encouragement, etc is certainly welcome - thanks in advance! Best regards, Radu -- Performance Monitoring * Log Analytics * Search Analytics Solr & Elasticsearch Support * http://sematext.com/ From skdovecot at smail.inf.fh-brs.de Mon Aug 8 11:39:15 2016 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 8 Aug 2016 13:39:15 +0200 (CEST) Subject: Save user passwords in clear text In-Reply-To: <796F15DC-0C35-4E47-AEE5-8C1DE5B23C8E@spes.gr> References: <796F15DC-0C35-4E47-AEE5-8C1DE5B23C8E@spes.gr> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 5 Aug 2016, Lefteris Tsintjelis wrote: > Is it possible to save user passwords as clear text through dovecot? I > am currently using MD5 passwords and I allow only "plain and login? > mechanisms but I want to switch my database to clear text as this will > give me the ability to use more mechanisms such as CRAM-MD5. Is this > possible? Someone tried to do something like that with: http://wiki2.dovecot.org/AuthDatabase/CheckPassword Check the archive of this list. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBV6hvY3z1H7kL/d9rAQK/iAf/XNP52dpnKIoXvhounpTg58QgIoY+i1tW oka3uAfjFiwyNH/QzZaEdISaogWqpxKXmebWNZeyjvScGzM5VAoC6XMbmvuUfoaC /gwpadMez416RlTnGpfTvB9GIV+5F8UE+4wCPAnP8Vzp9zCBueKhTrq4q8Ffevfj z1ikHWIQI8wwFdTNI82Iyybw4S6F2vWGrR/ypHHWyNhRH6bluMTLc9UOBGORMFc4 eTeARYIFjDYM6RVZBPlRmoFXZ+qUy72tIV8PyqYbcFlC61lPMsYKleXgDT5KH/V6 r62h4vYCyJn8uGxCwuNmxq9uQws0fRfL2rIgdVuauGxkGmPphgizlw== =UW2U -----END PGP SIGNATURE----- From 304706283 at qq.com Mon Aug 8 12:30:38 2016 From: 304706283 at qq.com (=?gb18030?B?vuS6xc/IyfqhoyB8?=) Date: Mon, 8 Aug 2016 20:30:38 +0800 Subject: help me with sieve_pipe Message-ID: dear all I have a question about sieve_pipe use. how to open the plugin,and then specify the sieve script. the above is my dovecot configuration,and the sieve script,help me to have a look at the right ,thank you. Thanks !! Waiting.... -------------- next part -------------- A non-text attachment was scrubbed... Name: F6C9E47A at 5A220F16.6E7BA857 Type: application/octet-stream Size: 17199 bytes Desc: not available URL: From aki.tuomi at dovecot.fi Mon Aug 8 12:35:19 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 8 Aug 2016 15:35:19 +0300 Subject: Dovecot 2.2.25 fails on SSL In-Reply-To: <20160703234249.GA2315@krell.zikzak.de> References: <20160703234249.GA2315@krell.zikzak.de> Message-ID: <7d1080eb-6f47-9305-28a2-c626186615c3@dovecot.fi> On 04.07.2016 02:42, Andreas M. Kirchwitz wrote: > Dear Dovecot developers! > > This problem already existed some years ago, has been fixed, > and now it's there again in Dovecot 2.2.25 (2.2.24 was fine). > > I'm running CentOS 6 with a custom OpenSSL installation in /usr/local/ssl > Therefore, Dovecot is configured like this: > > env SSL_CFLAGS="-I/usr/local/ssl/include" SSL_LIBS="-L/usr/local/ssl/lib -Wl,-R/usr/local/ssl/lib -lcrypto -lssl" ./configure --prefix=/usr/local/Dovecot-2.2.25 --with-ssl=openssl --with-ssldir=/usr/local/Dovecot-2.2.25/etc/dovecot/certs > > With "pkg-config", the same options for SSL are provided. > > "make" and "make install" run just fine, and the daemon starts > without any errors. However, if a user connects on port 993 (IMAPS), > Dovecot logs this failure message to syslog: > > Jul 4 01:08:43 myhost dovecot: ssl-params: Fatal: Couldn't load required plugin /usr/local/Dovecot-2.2.25/lib/dovecot/libssl_iostream_openssl.so: dlopen() failed: libcrypto.so.1.0.0: cannot open shared object file: No such file or directory > Jul 4 01:08:43 myhost dovecot: ssl-params: Error: child process failed with status 22784 > > ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libssl_iostream_openssl.so > linux-gate.so.1 => (0x00e8c000) > libcrypto.so.1.0.0 => not found > libssl.so.1.0.0 => not found > librt.so.1 => /lib/librt.so.1 (0x00be4000) > libc.so.6 => /lib/libc.so.6 (0x001a6000) > libpthread.so.0 => /lib/libpthread.so.0 (0x003e4000) > /lib/ld-linux.so.2 (0x007e7000) > > ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libdcrypt_openssl.so > linux-gate.so.1 => (0x00dca000) > libcrypto.so.1.0.0 => not found > libssl.so.1.0.0 => not found > librt.so.1 => /lib/librt.so.1 (0x00a7a000) > libc.so.6 => /lib/libc.so.6 (0x00160000) > libpthread.so.0 => /lib/libpthread.so.0 (0x0072f000) > /lib/ld-linux.so.2 (0x00560000) > > When comparing to Dovecot 2.2.24: > > ldd /usr/local/Dovecot-2.2.24/lib/dovecot/libssl_iostream_openssl.so > linux-gate.so.1 => (0x0073d000) > libcrypto.so.1.0.0 => /usr/local/ssl/lib/libcrypto.so.1.0.0 (0x00b04000) > libssl.so.1.0.0 => /usr/local/ssl/lib/libssl.so.1.0.0 (0x0044a000) > librt.so.1 => /lib/librt.so.1 (0x00a60000) > libc.so.6 => /lib/libc.so.6 (0x001e5000) > libdl.so.2 => /lib/libdl.so.2 (0x003a9000) > libpthread.so.0 => /lib/libpthread.so.0 (0x009d0000) > /lib/ld-linu222222x.so.2 (0x00d77000) > > There's no libdcrypt_openssl.so in Dovecot 2.2.24, so I guess > with the newly introduced dcrypt stuff something with SSL went wrong. > > Would be great if that could be fixed so that SSL works again. > > Thanks a lot in advance ... Andreas Hi! Can you try the attached patch out? --- Aki Tuomi Dovecot oy -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-OpenSSL-link-against-OpenSSL-libs-explicitly.patch Type: text/x-patch Size: 1596 bytes Desc: not available URL: From stephan at rename-it.nl Mon Aug 8 12:43:06 2016 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 8 Aug 2016 14:43:06 +0200 Subject: help me with sieve_pipe In-Reply-To: References: Message-ID: Op 8-8-2016 om 14:30 schreef ????? |: > dear all > I have a question about sieve_pipe use. > how to open the plugin,and then specify the sieve script. > the above is my dovecot configuration,and the sieve script,help me to have a look at the right ,thank you. > Thanks !! > Waiting.... Apart from some weird application/octet-stream attachment, I see nothing that looks like a configuration in your e-mail. Keep in mind that the sieve_pipe plugin is very old. These days, that functionality is included in the sieve_extprograms plugin: http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extprograms https://raw.githubusercontent.com/dovecot/pigeonhole/master/doc/rfc/spec-bosch-sieve-extprograms.txt Regards, Stephan. From leo at strike.wu.ac.at Mon Aug 8 15:27:31 2016 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Mon, 08 Aug 2016 17:27:31 +0200 Subject: custom mail_location detection for dovecot lda Message-ID: <57A8A4E3.8000404@strike.wu.ac.at> Hi! Is it possible to do something like "post-login scripting" to detect and set a per-user custom mail location for dovecot LDA delivery? I tried to use a wrapper-script around dovecot-lda that sets the environment variables MAIL="..." and USERDB_KEYS="MAIL" just like overriding userdb fields may be done using imap postlogin scripts, but unfortunately this doesn't seem to be honored. (Also tried with dovecot-lda -k.) Woud be very useful for slow migration from one mailbox format to another. Is there any other way to supply a custom mail_location to dovecot-lda? Cheers, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria From stephan at rename-it.nl Mon Aug 8 15:34:08 2016 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 8 Aug 2016 17:34:08 +0200 Subject: custom mail_location detection for dovecot lda In-Reply-To: <57A8A4E3.8000404@strike.wu.ac.at> References: <57A8A4E3.8000404@strike.wu.ac.at> Message-ID: <7f60fa06-1057-764e-3ab6-ea17d74f951c@rename-it.nl> Op 8-8-2016 om 17:27 schreef Alexander 'Leo' Bergolth: > Hi! > > Is it possible to do something like "post-login scripting" to detect and > set a per-user custom mail location for dovecot LDA delivery? > > I tried to use a wrapper-script around dovecot-lda that sets the > environment variables MAIL="..." and USERDB_KEYS="MAIL" just like > overriding userdb fields may be done using imap postlogin scripts, but > unfortunately this doesn't seem to be honored. (Also tried with > dovecot-lda -k.) > > Woud be very useful for slow migration from one mailbox format to another. > > Is there any other way to supply a custom mail_location to dovecot-lda? You could use /usr/lib/dovecot/dovecot-lda -omail_location= There is probably a better way using a userdb though. Regards, Stephan. From leo at strike.wu.ac.at Mon Aug 8 16:05:12 2016 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Mon, 08 Aug 2016 18:05:12 +0200 Subject: custom mail_location detection for dovecot lda In-Reply-To: <7f60fa06-1057-764e-3ab6-ea17d74f951c@rename-it.nl> References: <57A8A4E3.8000404@strike.wu.ac.at> <7f60fa06-1057-764e-3ab6-ea17d74f951c@rename-it.nl> Message-ID: <57A8ADB8.7040300@strike.wu.ac.at> On 08/08/2016 05:34 PM, Stephan Bosch wrote: > Op 8-8-2016 om 17:27 schreef Alexander 'Leo' Bergolth: >> Is it possible to do something like "post-login scripting" to detect and >> set a per-user custom mail location for dovecot LDA delivery? >> > You could use /usr/lib/dovecot/dovecot-lda -omail_location= Thanks for the hint. But it seems to be ignored. :-( I tried it with a .forward of: | "/usr/libexec/dovecot/dovecot-lda -omail_location=maildir:~/Maildir:LAYOUT=fs" and postfix logs: ... status=sent (delivered to command: /usr/libexec/dovecot/dovecot-lda -omail_location=maildir:~/Maildir:LAYOUT=fs) ... but it still delivers to the default (mail_location = mbox:~/mail:INBOX=/var/mail/%u) > There is probably a better way using a userdb though. Per-user configuration with userdb is static, you have to configure the mailbox format for each user. However, if you'd like to give the user the ability to switch between mailbox formats, dynamic detection would be useful... Cheers, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria From stephan at rename-it.nl Mon Aug 8 16:27:43 2016 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 8 Aug 2016 18:27:43 +0200 Subject: custom mail_location detection for dovecot lda In-Reply-To: <57A8ADB8.7040300@strike.wu.ac.at> References: <57A8A4E3.8000404@strike.wu.ac.at> <7f60fa06-1057-764e-3ab6-ea17d74f951c@rename-it.nl> <57A8ADB8.7040300@strike.wu.ac.at> Message-ID: Op 8-8-2016 om 18:05 schreef Alexander 'Leo' Bergolth: > On 08/08/2016 05:34 PM, Stephan Bosch wrote: >> Op 8-8-2016 om 17:27 schreef Alexander 'Leo' Bergolth: >>> Is it possible to do something like "post-login scripting" to detect and >>> set a per-user custom mail location for dovecot LDA delivery? >>> >> You could use /usr/lib/dovecot/dovecot-lda -omail_location= > Thanks for the hint. > But it seems to be ignored. :-( > I tried it with a .forward of: > > | "/usr/libexec/dovecot/dovecot-lda > -omail_location=maildir:~/Maildir:LAYOUT=fs" > > and postfix logs: > ... status=sent (delivered to command: /usr/libexec/dovecot/dovecot-lda > -omail_location=maildir:~/Maildir:LAYOUT=fs) > > ... but it still delivers to the default > (mail_location = mbox:~/mail:INBOX=/var/mail/%u) Right, that is overridden. You could use "-onamespace/inbox/location=" instead. > >> There is probably a better way using a userdb though. > Per-user configuration with userdb is static, you have to configure the > mailbox format for each user. However, if you'd like to give the user > the ability to switch between mailbox formats, dynamic detection would > be useful... http://wiki.dovecot.org/MailLocation#Per-user_mail_locations Regards, Stephan. From leo at strike.wu.ac.at Tue Aug 9 10:23:36 2016 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Tue, 09 Aug 2016 12:23:36 +0200 Subject: custom mail_location detection for dovecot lda In-Reply-To: References: <57A8A4E3.8000404@strike.wu.ac.at> <7f60fa06-1057-764e-3ab6-ea17d74f951c@rename-it.nl> <57A8ADB8.7040300@strike.wu.ac.at> Message-ID: <57A9AF28.2050002@strike.wu.ac.at> On 08/08/2016 06:27 PM, Stephan Bosch wrote: > Op 8-8-2016 om 18:05 schreef Alexander 'Leo' Bergolth: >> On 08/08/2016 05:34 PM, Stephan Bosch wrote: >>> Op 8-8-2016 om 17:27 schreef Alexander 'Leo' Bergolth: >>>> Is it possible to do something like "post-login scripting" to detect >>>> and >>>> set a per-user custom mail location for dovecot LDA delivery? >>>> >>> You could use /usr/lib/dovecot/dovecot-lda -omail_location= >> Thanks for the hint. >> But it seems to be ignored. :-( >> I tried it with a .forward of: >> >> | "/usr/libexec/dovecot/dovecot-lda >> -omail_location=maildir:~/Maildir:LAYOUT=fs" >> >> and postfix logs: >> ... status=sent (delivered to command: /usr/libexec/dovecot/dovecot-lda >> -omail_location=maildir:~/Maildir:LAYOUT=fs) >> >> ... but it still delivers to the default >> (mail_location = mbox:~/mail:INBOX=/var/mail/%u) > > Right, that is overridden. You could use > "-onamespace/inbox/location=" instead. Yesss! :-) This one works great for me and is very useful for smooth migration from mbox to maildir: dovecot-lda.sh: -------------------- 8< -------------------- #!/bin/bash args=() if [ -d "$HOME/Maildir/INBOX" ]; then args+=("-onamespace/inbox/location=maildir:~/Maildir:LAYOUT=fs") fi exec /usr/libexec/dovecot/dovecot-lda "${args[@]}" "$@" -------------------- 8< -------------------- Thanks for your help! --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria From iavor at icdsoft.com Tue Aug 9 13:50:26 2016 From: iavor at icdsoft.com (Iavor Stoev) Date: Tue, 9 Aug 2016 16:50:26 +0300 Subject: POP3 strange logging behavior after upgrade from 2.2.13 to 2.2.25 Message-ID: Hello, After the upgrade from Dovecot version 2.2.13 to 2.2.25, we experience the following strange behavior with POP3 logging. When a connection is closed with reason "Connection closed" & "Disconnected for inactivity", the number of deleted mails is missing. Like del=/1166 & del=/4138 from the example bellow. With Dovecot 2.2.13: Feb 14 03:35:20 serverXYZ dovecot: pop3(user at domain.com): Connection closed top=0/0, retr=0/0, del=0/946, size=39500197 Feb 15 16:49:18 serverXYZ dovecot: pop3(user at domain.com): Disconnected for inactivity top=0/0, retr=0/0, del=0/739, size=52319632 With Dovecot 2.2.25: Jul 31 02:56:03 serverXYZ dovecot: pop3(user at domain.com): Connection closed top=1/1380, retr=0/0, del=/4138, size=284167741 Jul 31 02:34:47 serverXYZ dovecot: pop3(user at domain.com): Disconnected for inactivity top=0/0, retr=0/0, del=/1166, size=111425436 For sessions completed normally, everything works fine with both Dovecot versions: Jul 31 06:55:48 serverXYZ dovecot: pop3(user at domain.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jul 31 02:36:59 serverXYZ dovecot: pop3(user at domain.com): Disconnected: Logged out top=0/0, retr=1/18821, del=1/1, size=18803 Please advise if this behavior is normal and if yes how should we read entries like "del=/4138"? Thank you Iavor Stoev Project Manager // Head of System & Network Administration Department ICDSoft Ltd - http://icdsoft.com From rick at havokmon.com Tue Aug 9 19:13:14 2016 From: rick at havokmon.com (Rick Romero) Date: Tue, 09 Aug 2016 14:13:14 -0500 Subject: Replication issue EOF or unknown flag V Message-ID: <20160809141314.Horde._brtiCkQvdBVLxc3gAEgGg1@www.vfemail.net> Hi, I'm trying to sort out a replication error:?? It was working initially, but now it no longer works.? Dovecot 2.2.25, Maildir format Delivering via LMTP.? If I run doveadm replicator replicate rick at havokmon.com On the 'master' side I see : Aug 09 14:02:17 dsync-server(rick at havokmon.com): Error: read(172.16.1.86) failed: EOF (version not received) Aug 09 14:02:17 dsync-local(rick at havokmon.com): Error: read(172.16.1.86) failed: EOF (version not received) On the 'slave' side I see: Aug 09 14:02:10 doveadm(172.16.1.81,rick at havokmon.com): Error: doveadm client: Unknown flag: V Aug 09 14:02:17 doveadm(172.16.1.81,rick at havokmon.com): Error: doveadm client: Unknown flag: V This seems to just happen with my mailbox, so I've completely removed it on both sides, to no avail.? My mailbox was re-created on the slave side, but nothing else has occurred (no folders or new mail). #doveadm user rick at havokmon.com field?? value uid???? 89 gid???? 89 home??? /home/prime/domains/havokmon.com/rick mail??? maildir:/home/prime/domains/havokmon.com/rick/Maildir/ host??? 172.16.1.81 proxy_maybe???? Y mail_home?????? /home/prime/domains/havokmon.com/rick mail_location?? maildir:/home/prime/domains/havokmon.com/rick/Maildir/ Any thoughts? From rick at havokmon.com Wed Aug 10 21:28:24 2016 From: rick at havokmon.com (Rick Romero) Date: Wed, 10 Aug 2016 16:28:24 -0500 Subject: Replication issue EOF or unknown flag V In-Reply-To: <20160810120204.Horde.MyX2Dao_ntdQcqUgoBzLeg1@www.vfemail.net> Message-ID: <20160810162824.Horde.lXlmsbRD7iARqqDaLa8QOQ5@www.vfemail.net> Quoting Rick Romero : > Hi, I'm trying to sort out a replication error:?? It was working > initially, but now it no longer works.? Dovecot 2.2.25, Maildir format > On the 'master' side I see : Aug 09 14:02:17 dsync-server(rick at > havokmon.com[1]): Error: read(172.16.1.86) failed: EOF (version not > received) Aug 09 14:02:17 dsync-local(rick at havokmon.com[1]): Error: > read(172.16.1.86) failed: EOF (version not received) On the 'slave' > side I see: Aug 09 14:02:10 doveadm(172.16.1.81,rick at > havokmon.com[1]): Error: doveadm client: Unknown flag: V Aug 09 14:02:17 > doveadm(172.16.1.81,rick at havokmon.com[1]): Error: doveadm client: > Unknown flag: V on FreeBSD 10.2.? I changed my mailbox to be on the 'slave' server, and the error messages switched sides. # 2.2.25 (7be1766): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.15 (97b3da0) # OS: FreeBSD 10.2-RELEASE amd64 auth_master_user_separator = * auth_mechanisms = plain login auth_username_translation = %@ auth_verbose = yes debug_log_path = /var/log/dovecot-debug.log default_internal_user = vpopmail default_login_user = dovecot default_vsz_limit = 1536 M disable_plaintext_auth = no doveadm_password =? # hidden, use -P to show it doveadm_port = 12345 first_valid_gid = 89 first_valid_uid = 89 last_valid_gid = 89 last_valid_uid = 89 log_path = /dev/stderr login_greeting = Dovecot ready. login_trusted_networks = 172.16.1.0/24 mail_fsync = never mail_plugins = " quota zlib stats notify replication" mail_privileged_group = mail mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace compat { ? alias_for = ? hidden = yes ? inbox = no ? list = no ? location = ? prefix = INBOX. ? separator = . } namespace inbox { ? inbox = yes ? location = ? prefix = ? separator = . } passdb { ? args = /usr/local/etc/dovecot/dovecot-master-sql.conf ? driver = sql ? master = yes ? pass = yes } passdb { ? args = /usr/local/etc/dovecot/dovecot-sql.conf ? driver = sql } plugin { ? mail_replica = tcp:172.16.1.81 ? quota = maildir ? quota_rule = Trash:storage=+10%% ? stats_refresh = 30 secs ? stats_track_cmds = yes } replication_max_conns = 15 service aggregator { ? fifo_listener replication-notify-fifo { ??? mode = 0666 ??? user = vpopmail ? } ? unix_listener replication-notify { ??? mode = 0666 ??? user = vpopmail ? } } service anvil { ? client_limit = 4799 } service auth-worker { ? user = $default_internal_user } service auth { ? client_limit = 4996 ? unix_listener auth-master { ??? mode = 0600 ? } } service config { ? unix_listener config { ??? user = vpopmail ? } } service doveadm { ? inet_listener { ??? port = 12345 ? } ? user = vpopmail } service imap-login { ? process_limit = 2548 ? process_min_avail = 25 ? service_count = 1 } service imap-postlogin { ? executable = script-login /usr/local/etc/dovecot/lastauth-imap.sh ? user = vpopmail } service imap { ? executable = /usr/local/libexec/dovecot/imap imap-postlogin ? process_limit = 2048 } service lmtp { ? executable = lmtp -L ? inet_listener lmtp { ??? port = 24 ? } ? user = vpopmail } service pop-postlogin { ? executable = script-login /usr/local/etc/dovecot/lastauth-pop.sh ? user = vpopmail } service pop3-login { ? process_limit = 2048 ? process_min_avail = 15 ? service_count = 1 } service pop3 { ? executable = /usr/local/libexec/dovecot/pop3 pop-postlogin } service replicator { ? process_min_avail = 1 ? unix_listener replicator-doveadm { ??? mode = 0666 ? } } service stats { ? fifo_listener stats-mail { ??? mode = 0600 ??? user = vpopmail ? } } shutdown_clients = no ssl_cert = The url http://www.dovecot.org/doc/NEWS has not been updated for a while, I suggest either killing it or updating it again. Chris From mail at tomsommer.dk Thu Aug 11 12:27:18 2016 From: mail at tomsommer.dk (Tom Sommer) Date: Thu, 11 Aug 2016 14:27:18 +0200 Subject: Header's corrupted flag is set Message-ID: I have a ton of these errors in my logs: Aug 11 14:16:04 imap(xxxx at xxxxx.xxxx): Error: Corrupted index file...../dovecot.list.index: Header's corrupted flag is set Does Dovecot not automatically fix these? Or what is the correct action to take? -- Tom From marc at r4l.com Thu Aug 11 17:56:00 2016 From: marc at r4l.com (Marc Jauvin) Date: Thu, 11 Aug 2016 13:56:00 -0400 Subject: dovecot 2.2.25 & deleting emails from \Junk special-use assigned folder Message-ID: Since our cPanel installation upgraded Dovecot from 2.2.23 to 2.2.25, deleting emails located in the Junk folder (\Junk special-use), the emails end-up in the \Trash special-use folder instead of being purged as before. Is there something that changed or this some configuration I am missing? Thanks for any help regarding this. -- Marc Jauvin Register4less, Inc. 514-905-6500 x403 From davotnz at yahoo.co.nz Thu Aug 11 19:24:12 2016 From: davotnz at yahoo.co.nz (David Tildesley) Date: Thu, 11 Aug 2016 19:24:12 +0000 (UTC) Subject: receiving and associating emails to single a/c References: <1086024968.13350072.1470943452528.JavaMail.yahoo.ref@mail.yahoo.com> Message-ID: <1086024968.13350072.1470943452528.JavaMail.yahoo@mail.yahoo.com> Hi,Looking for advice.Scenario: we have a dmz mta that currently redirects received emails for a selection of email domains to specific internal ms exchange servers.?We want this mta to redirect incoming customer emails directed to a set of email addresses numbering about 30, to a dovecot server and associate these emails to a single dovecot user account so that a contact Centre platform can pull these emails on a frequent cycle.How to go about configuring this on the dovecot? I assume a postfix server needs to be installed on the dovecot server for the dmz mta to send these emails to dovecot inbox? Any advice most appreciated. David. Sent from Yahoo Mail on Android From skdovecot at smail.inf.fh-brs.de Fri Aug 12 06:50:38 2016 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 12 Aug 2016 08:50:38 +0200 (CEST) Subject: receiving and associating emails to single a/c In-Reply-To: <1086024968.13350072.1470943452528.JavaMail.yahoo@mail.yahoo.com> References: <1086024968.13350072.1470943452528.JavaMail.yahoo.ref@mail.yahoo.com> <1086024968.13350072.1470943452528.JavaMail.yahoo@mail.yahoo.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 11 Aug 2016, David Tildesley wrote: > Hi,Looking for advice.Scenario: we have a dmz mta that currently > redirects received emails for a selection of email domains to specific > internal ms exchange servers.?We want this mta to redirect incoming > customer emails directed to a set of email addresses numbering about 30, > to a dovecot server and associate these emails to a single dovecot user > account so that a contact Centre platform can pull these emails on a > frequent cycle.How to go about configuring this on the dovecot? I assume > a postfix server needs to be installed on the dovecot server for the dmz > mta to send these emails to dovecot inbox? So, you want to sent messages of 30 or so specific mail addresses to one Dovecot server. First, configure the Dovecot server so, that those addresses are mapped to the same (virtual) user account via a userdb. Second, enabled LMTP in Dovecot. Third, configure the MTA in the DMZ to drop the messages via LMTP to Dovecot. Forth, configure a passdb{} in Dovecot so that the contact people may access the same mail storage. There are many different ways for step 1 and for LMTP itself. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBV61xvnz1H7kL/d9rAQJEkggApg16h2Xxbxa0Bj1ut3EewqxsfYdtOfE3 yM1URhunMN4YIZ/hwuA9DrUo104+0spnOjNdz5GaDfi3Y3QfwLNTUQrmS24Ih9zG YGbmtsC0izfudfGeLb5zHRC+GDJV4g2j67pSEg7rwQdfnS6LTgtwPyMrcCxLtRjQ OCCya26u3TJLwgZ73BTe53HLSlfFYL739rvpk16aLhl/B6i8Ue9PYYNEa6hk2tRe FMc3QLv3iBvsfDrT38oXpwaoF7J20LH7jWNExgF2ZAeBLdpESCNK6jHNeS9qjAaI DZY9ZJ6D/oQXnq+iScYBgWLrz8cS6v1TckOxjQSvqUH8gKXJO9PShQ== =7mdJ -----END PGP SIGNATURE----- From thomas at brix.si Fri Aug 12 15:17:02 2016 From: thomas at brix.si (=?UTF-8?B?VG9tYcW+?=) Date: Fri, 12 Aug 2016 17:17:02 +0200 Subject: Dovecot Director self ip In-Reply-To: <579BB592.2060702@brix.si> References: <579BB592.2060702@brix.si> Message-ID: <57ADE86E.1070608@brix.si> Hello! Still struggling with setting this up. Is there maybe some fix around it or some other setting I can use? One idea, though not for production, is to add just one IP to the config and then add another Director with "doveadm director add ip", but this is just for development and testing. As far as I understand, the Director tries all IPs in the setting and the first it can bind, it gives it as local IP - self IP. This normally works, because default setting for net.ipv4.ip_nonlocal_bind is set to 0. So there is probably some other way to check local IP and set it as self? This "bug" is here for some years now, does anybody have any idea how would it be possible to fix this? Thank you very much for your help, Thomas On 29. 07. 2016 21:59, Toma? wrote: > Hello everybody! > I kindly ask somebody to help me with this problem. I'm trying to > configure Dovecot proxy with Director. On the same machine is > KeepAlived that needs this configured to bind non local IP: > sysctl net.ipv4.ip_nonlocal_bind=1 > > But as already mentioned in this email: > http://www.dovecot.org/list/dovecot/2012-November/087033.html > Dovecot Director needs sysctl net.ipv4.ip_nonlocal_bind=0 (if this is > set, everything works ok, but we break keepalived) because otherwise > the second server uses IP from the first server as "self". > > Is it possible to configure this some other way, so Dovecot Director > doesn't try to bind to all IPs and because of above configuration, > uses the first one that binds. > > This is the result from director status on server 1: > root at u1:~# doveadm director ring status > director ip port type last failed status > 172.16.100.191 9090 self never handshaking > 172.16.100.192 9090 never handshaking > > and server 2: > root at u2:/var/log# doveadm director ring status > director ip port type last failed status > 172.16.100.191 9090 self never handshaking > 172.16.100.192 9090 never > > My dovecot config: > http://pastebin.com/RnmHRWhY > > Thank you very much! > Thomas From davotnz at yahoo.co.nz Fri Aug 12 23:02:04 2016 From: davotnz at yahoo.co.nz (David Tildesley) Date: Sat, 13 Aug 2016 11:02:04 +1200 Subject: receiving and associating emails to single a/c In-Reply-To: References: <1086024968.13350072.1470943452528.JavaMail.yahoo.ref@mail.yahoo.com> <1086024968.13350072.1470943452528.JavaMail.yahoo@mail.yahoo.com> Message-ID: <13e02c2c-50a3-f221-7f28-ad01135214ce@yahoo.co.nz> Hi Steffen, Many thanks for your reply. I suspect I will be prevented from using LMTP as the protocol from DMZ MTA to the Dovecot and will be asked to use SMTP. In which case, I am thinking to install PostFix on the same Dovecot server and associate the email addresses/domains there and use LMTP from Postfix to Dovecot on local unix socket. Would this work? Regards, David. On 12-Aug-16 6:50 PM, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 11 Aug 2016, David Tildesley wrote: > >> Hi,Looking for advice.Scenario: we have a dmz mta that currently >> redirects received emails for a selection of email domains to >> specific internal ms exchange servers. We want this mta to redirect >> incoming customer emails directed to a set of email addresses >> numbering about 30, to a dovecot server and associate these emails to >> a single dovecot user account so that a contact Centre platform can >> pull these emails on a frequent cycle.How to go about configuring >> this on the dovecot? I assume a postfix server needs to be installed >> on the dovecot server for the dmz mta to send these emails to dovecot >> inbox? > > So, you want to sent messages of 30 or so specific mail addresses to > one Dovecot server. > > First, configure the Dovecot server so, that those addresses are > mapped to the same (virtual) user account via a userdb. > > Second, enabled LMTP in Dovecot. > > Third, configure the MTA in the DMZ to drop the messages via LMTP to > Dovecot. > > Forth, configure a passdb{} in Dovecot so that the contact people may > access the same mail storage. > > There are many different ways for step 1 and for LMTP itself. > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBV61xvnz1H7kL/d9rAQJEkggApg16h2Xxbxa0Bj1ut3EewqxsfYdtOfE3 > yM1URhunMN4YIZ/hwuA9DrUo104+0spnOjNdz5GaDfi3Y3QfwLNTUQrmS24Ih9zG > YGbmtsC0izfudfGeLb5zHRC+GDJV4g2j67pSEg7rwQdfnS6LTgtwPyMrcCxLtRjQ > OCCya26u3TJLwgZ73BTe53HLSlfFYL739rvpk16aLhl/B6i8Ue9PYYNEa6hk2tRe > FMc3QLv3iBvsfDrT38oXpwaoF7J20LH7jWNExgF2ZAeBLdpESCNK6jHNeS9qjAaI > DZY9ZJ6D/oQXnq+iScYBgWLrz8cS6v1TckOxjQSvqUH8gKXJO9PShQ== > =7mdJ > -----END PGP SIGNATURE----- From dovecot at mx24.net Fri Aug 12 23:38:05 2016 From: dovecot at mx24.net (Vince42) Date: Sat, 13 Aug 2016 01:38:05 +0200 Subject: Sieve with many criteria Message-ID: Hi, currently I am putting all my filter strings into a big array in my sieve script. I wonder whether this is the best way to store many criteria. Any suggestions? -- Cheers, \\|// Vince (o o) ----------------------------ooO-(_)-Ooo------------------------- ''' (o)_(o) [ ][0][ ] ??? (=?o?=) World Domination by Copy and Paste [ ][ ][0] - (")_(") [0][0][0] () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Ooo. ---------------------------.ooO----( )------------------------- ( ) (_/ \_) From tlx at leuxner.net Sat Aug 13 05:17:23 2016 From: tlx at leuxner.net (Thomas Leuxner) Date: Sat, 13 Aug 2016 07:17:23 +0200 Subject: Save user passwords in clear text In-Reply-To: <796F15DC-0C35-4E47-AEE5-8C1DE5B23C8E@spes.gr> References: <796F15DC-0C35-4E47-AEE5-8C1DE5B23C8E@spes.gr> Message-ID: <20160813051723.GA15993@nihlus.leuxner.net> * Lefteris Tsintjelis 2016.08.05 21:01: > Is it possible to save user passwords as clear text through dovecot? Have a look at how schemes can be converted using postlogin scripts: http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From lefty at spes.gr Sat Aug 13 09:53:11 2016 From: lefty at spes.gr (Lefteris Tsintjelis) Date: Sat, 13 Aug 2016 12:53:11 +0300 Subject: Save user passwords in clear text In-Reply-To: <20160813051723.GA15993@nihlus.leuxner.net> References: <796F15DC-0C35-4E47-AEE5-8C1DE5B23C8E@spes.gr> <20160813051723.GA15993@nihlus.leuxner.net> Message-ID: <4BBE7E86-7EE2-471B-A428-0D7CC0FCDDEF@spes.gr> > On 13 Aug 2016, at 08:17, Thomas Leuxner wrote: > > * Lefteris Tsintjelis 2016.08.05 21:01: > >> Is it possible to save user passwords as clear text through dovecot? > > Have a look at how schemes can be converted using postlogin scripts: > > http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes Thanks, but there is a problem though, last time I tried prefetch did not work with virtual From jkamp at amazon.com Mon Aug 15 08:21:42 2016 From: jkamp at amazon.com (John van) Date: Mon, 15 Aug 2016 10:21:42 +0200 Subject: Bug with shared access to mailbox In-Reply-To: <575121B5.4000006@dovecot.fi> References: <575121B5.4000006@dovecot.fi> Message-ID: On 03-06-16 08:20, aki.tuomi at dovecot.fi (Aki Tuomi) wrote: > On 30.05.2016 16:41, van der Kamp, John wrote: >> Hello, >> >> I'm testing dovecot with some setups, and one of them is with shared >> mailboxes. The test I wrote will create and delete mail using multiple >> connections to the same user and folder. Each connection makes a couple of >> mails, remembers the uid from APPENDUID, and will delete those emails again. >> At the end of the test I expect an empty folder. >> >> This is not what happens. At the end I still have several mails in the >> folder. I lack insight in the dovecot source to tell exactly what's going >> on. I've tested this with different setups: >> 1) local system user, connecting over localhost -> bug is present >> 2) local system user, connecting over internet -> bug is present, but is >> harder to reproduce >> 3) dovecot as proxy to another imap server -> bug is present >> In step 3, you can even setup a dovecot to be a proxy to another dovecot >> server. >> >> From logging in the other imap server I've seen that a client command to the >> proxy like: >> TAG UID STORE 1:3 +FLAGS (\Deleted) >> TAG UID EXPUNGE 1:3 >> will be sent to the other imap server in 3 steps, one for each message. When >> running the test with multiple threads, that logging shows that some uids >> are never sent to the other imap server, and some uids are sent over >> different connections than they original were sent to. (Thread 1 deletes >> 1:3, Thread 2 deletes 4:6, the proxy of Thread 1 might expunge messages from >> Thread 2 and vice versa). >> >> Attached is a python script which tests the behavior. The script expects a >> file named "testmail.eml" to upload to the imap server. I used an email >> which was about 75 kB. >> I tested using version: 2.2.22 (fe789d2). >> Let me know if I can help in any other way too. >> >> John >> > Hi! > > We tested with 2.2.24, and were unable to reproduce the error. Can you > try again with 2.2.24? > > Aki > Hi, Sorry for the late reply. Didn't notice when this was picked up. I've tried again with out-of-the-box Ubuntu Xenial 16.04, which ships with 2.2.24. Here the problem is still present. I patched the packages with the commits Timo mentioned in another reply. That did not fix the problem the python script tries to reproduce. I tried 2.2.25 on a Debian testing installation. This too is just out-of-the-box local users with mailbox in homedir configuration. I had to run the script a couple of times before it showed up again. So I guess things have been made better, but not flawless. John From maks.nazarenko at gmail.com Mon Aug 15 17:05:55 2016 From: maks.nazarenko at gmail.com (maks) Date: Mon, 15 Aug 2016 20:05:55 +0300 Subject: fts-solr autoindex issue in public mailbox Message-ID: <1ddc0173-e039-2a64-640c-75af4ba3bb80@gmail.com> Hello everyone, I have a public mailbox: /var/mail/example.com/public/public_mailbox with "Public/" namespace set up in config file. When i move message from user's INBOX to one of mailboxes inside Public/ (for example Public/archive), i'm getting "indexer-worker: Info: Indexed 0 messages in Public/archive" in logs and i can't find the message through the FTS search. If i move the message back from Public/archive into personal mailbox the message is indexed by indexer-worker "indexer-worker: Info: Indexed 1 messages in temp_folder" If i perform "doveadm index Public/archive" then the message is added to the index. Dovecot version: 2.2.9 FTS backend: Solr fts_autoindex = yes Searching through localhost:8983/solr/collection1 gives the same result. From laz at paravis.net Mon Aug 15 19:12:54 2016 From: laz at paravis.net (Laz C. Peterson) Date: Mon, 15 Aug 2016 12:12:54 -0700 Subject: Symbolic link for sieve script not created by dsync Message-ID: Hello Dovecot ~ I know this bug has been discussed previously for other versions of dsync, pigeonhole and dovecot ? But we still can?t get dsync to create the symbolic link for the sieve script after it is created on a replicated server. We are running Ubuntu 16.04.1 with the official Ubuntu dovecot packages (2.2.22). Sieve script itself is replicated, but not the symbolic link. Any suggestions? ~ Laz Peterson Paravis, LLC From laz at paravis.net Mon Aug 15 19:57:10 2016 From: laz at paravis.net (Laz C. Peterson) Date: Mon, 15 Aug 2016 12:57:10 -0700 Subject: Symbolic link for sieve script not created by dsync In-Reply-To: References: Message-ID: <86C41708-F066-4B16-A2E0-5227AD1BE8BA@paravis.net> Or actually, is the issue in the ?sending? side of dsync? Seems that if we do the sieve script on the side running Ubuntu 16.04.1, the Ubuntu 14.04.5 server does in fact get the symbolic link. But not vice versa. Can someone verify this to be the case? Such a drag that the Ubuntu packages for 14.04 are so far behind ? ~ Laz Peterson Paravis, LLC > On Aug 15, 2016, at 12:12 PM, Laz C. Peterson wrote: > > Hello Dovecot ~ > > I know this bug has been discussed previously for other versions of dsync, pigeonhole and dovecot ? But we still can?t get dsync to create the symbolic link for the sieve script after it is created on a replicated server. > > We are running Ubuntu 16.04.1 with the official Ubuntu dovecot packages (2.2.22). Sieve script itself is replicated, but not the symbolic link. > > Any suggestions? > > ~ Laz Peterson > Paravis, LLC From chris2014 at postbox.xyz Mon Aug 15 21:24:13 2016 From: chris2014 at postbox.xyz (Chris) Date: Mon, 15 Aug 2016 23:24:13 +0200 Subject: public namespace quota Message-ID: <31e1bb9737d20d2a418c50a38f84d844.squirrel@mail2.postbox.xyz> All, sorry, I've to ask again. I'm trying to define quotas for public namespace subfolders: ns=public/ - DepartmentA - 50G - DepartmentB - 500M - DepartmentC - 10G public/ shouldn't have a limit. public/DepartmentA is independent of B and C. Is this possible with dovecot? I've added the following rules quota = maildir:User quota quota2 = maildir:Public quota:ns=public/ quota2_rule = *:storage=10M quota2_rule2 = DepartmentA:storage=+50M but then only 10M is shown for DepartmentA in Thunderbird. I'm using Maildir++. maildirsize is only created in public/ toplevel, not in public/DepartmentA. Public-subfolders are owned by vmail system-user. Different virtual users' ACLs are set (and working). Any help is appreciated! - Chris From aki.tuomi at dovecot.fi Tue Aug 16 07:29:04 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 16 Aug 2016 10:29:04 +0300 Subject: Segfault in lib11_trash_plugin.so In-Reply-To: References: Message-ID: <753b5195-b05d-a8d6-71c4-99cbf7b9b04a@dovecot.fi> On 26.07.2016 09:51, ??????? ??????????? wrote: > After a recent update of dovecot to 2.2.devel (d81a83b) I started to get > errors like that: > > Jul 26 07:34:44 mx kernel: pop3[17311]: segfault at 1ee74b0d5 ip > 00000001ee74b0d5 sp 00007ffe593dc3c0 error 14 in lib11_trash_plugin.so[ > 7f66edce2000+3000] > Jul 26 08:11:25 mx dovecot: pop3(xxxxxxxx): Fatal: master: service(pop3): > child 17311 killed with signal 11 (core dumps disabled) > } Hi! Any possibility you could provide us with stack trace using gdb? If possible, install debuginfo packages, and run gdb /path/to/pop3 /path/to/core bt full and send it to list, please! This would make it a lot easier to debug your issue. Thank you! Aki Tuomi Dovecot Oy From olaf at os4a.de Tue Aug 16 14:47:57 2016 From: olaf at os4a.de (Olaf Schuemann (privat)) Date: Tue, 16 Aug 2016 16:47:57 +0200 Subject: imapc and THREAD In-Reply-To: <1378968842.5462.12.camel@tardis> References: <1378968842.5462.12.camel@tardis> Message-ID: Hello, at the moment i get a "strange" behavior on imapc (imap proxy mode) and thread/sorts in version 2.2.25 (I also tried 2.2.23 with the same result) In imapc mode an IMAP request like . THREAD ORDEREDSUBJECT UTF-8 SINCE 5-MAR-2000 gets as response * THREAD (1 (2)(3)(4)(5)(6)(7)(8)(9)(10)(11)(12)(13)(14)(15)(16)(17)(18)(19)(20)(22)(21)(23)(24)(25)) the same request on the origin server gets the correct response * THREAD (18)(19)(25)(24)(20)((4)(7)(12)(23))(1)(2)(3)(5)(6)(8)(9)(10)(13)(14)(15)(16)(17)(11)(22)(21) Is there a config param to "activate" thread? Missing something else? From heiken at luis.uni-hannover.de Tue Aug 16 17:03:32 2016 From: heiken at luis.uni-hannover.de (Karsten Heiken) Date: Tue, 16 Aug 2016 19:03:32 +0200 Subject: dsync: Keywords not being replicated Message-ID: <9c392d70-270d-423c-051b-a02c9e012ecc@luis.uni-hannover.de> I just noticed that some IMAP keywords are not being replicated through dsync backup/sync using Dovecot 2.2.24 from Debian backports: On the master server everything looks fine: RECORD: seq=3, uid=44731, flags=0x09 (Seen Answered) - ext 0 keywords : (0900) <-- 0900 - ext 1 modseq : 701695 (ffb40a0000000000) - ext 3 cache : 3948 (6c0f0000) - ext 4 sort-s : 0 (00000000) On Replica: RECORD: seq=3, uid=44731, flags=0x09 (Seen Answered) - ext 0 keywords : (0000) <-- 0000 - ext 1 modseq : 701695 (ffb40a0000000000) - ext 3 cache : 3948 (6c0f0000) In this case the "forwarded" keyword is gone. Thunderbird no longer displays the message as having been forwarded. The command I used was: > doveadm sync -u myuser -l 60 -N tcp:replica:24245 My config is attached. It looks like there are other users also having the same problem: http://dovecot.org/list/dovecot/2016-January/102951.html Thanks, Karsten -- Karsten Heiken Leibniz Universit?t IT Services Kommunikationssysteme E-Mail, XMPP, Kalender Schlo?wender Str. 5 D-30159 Hannover -------------- next part -------------- # 2.2.24 (a82c823): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.13 (7b14904) # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.5 default_vsz_limit = 512 M dict { acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } lmtp_rcpt_check_quota = yes mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_gid = 7777 mail_location = maildir:%h/Maildir mail_plugins = " zlib quota acl notify listescape" mail_shared_explicit_inbox = yes mail_uid = 7777 mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify namespace { hidden = no ignore_on_failure = no inbox = no list = children location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:INDEXPVT=%h/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { hidden = no inbox = yes list = yes location = mailbox 30dTrash { auto = subscribe autoexpunge = 30 days special_use = \Junk } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile acl_shared_dict = proxy::acl quota = maildir:Postfach-Limit quota_grace = 2%% quota_rule = *:storage=8G quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_max_actions = 250 sieve_max_redirects = 200 zlib_save = gz zlib_save_level = 6 } protocols = " imap lmtp sieve pop3 sieve" replication_dsync_parameters = -d -l 300 -U -n inbox service auth { unix_listener auth-userdb { group = vmail user = vmail } } service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service doveadm { inet_listener { port = 24245 } } service imap-login { process_min_avail = 16 service_count = 0 } service imap { executable = imap postlogin process_limit = 30000 } service lmtp { inet_listener lmtp { port = 24 } } service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { process_limit = 1024 } service pop3-login { process_min_avail = 4 service_count = 0 } service pop3 { process_limit = 2500 } service postlogin { executable = script-login -d rawlog /usr/local/bin/dovecot-postlogin.sh } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12340 } } shutdown_clients = no ssl_cert =

hello,everyone


          I want to use the dovecot sieve - pipe plugin, I look at the website, but the plugin is not installed.Does anyone can help me, my dovecot is 2.2.Thank you very much.

Reference:http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Pipe From me at junc.eu Tue Aug 16 18:50:21 2016 From: me at junc.eu (Benny Pedersen) Date: Tue, 16 Aug 2016 20:50:21 +0200 Subject: sieve-pipe In-Reply-To: <1320001333.21085.1471242669782.JavaMail.root@bjsd-tm-web7> References: <1320001333.21085.1471242669782.JavaMail.root@bjsd-tm-web7> Message-ID: <85fed78f4d0d2642fe9aa2178d5c03fa@junc.eu> On 2016-08-15 08:31, zhaochangpan wrote: >

hello,everyone


/>

           style="font-size:medium;"> data-aligning="#tran_0,#src_0" class="copied" style="margin: 0px; > padding: 0px; border: 0px; outline: 0px; color: rgb(102, 102, 102); > font-family: Tahoma, Arial, ??, 'Malgun Gothic'; line-height: 24px; > text-align: justify; widows: auto; background-color: rgba(255, 255, > 255, 0.8);">I want to use the dovecot sieve - pipe plugin, I look at > the website, but the plugin is not installed. data-aligning="#tran_1,#src_1" class="copied" style="margin: 0px; > padding: 0px; border: 0px; outline: 0px; color: rgb(102, 102, 102); > font-family: Tahoma, Arial, ??, 'Malgun Gothic'; line-height: 24px; > text-align: justify; widows: auto; background-color: rgba(255, 255, > 255, 0.8);">Does anyone can help me, my dovecot is 2.2.Thank > you class="copied" style="margin: 0px; padding: 0px; border: 0px; outline: > 0px; color: rgb(102, 102, 102); font-family: Tahoma, Arial, ??, > 'Malgun Gothic'; line-height: 24px; text-align: justify; widows: auto; > background-color: rgba(255, 255, 255, 0.8);"> very > much.

data-aligning="#tran_3,#src_3" class="copied" style="margin: 0px; > padding: 0px; border: 0px; outline: 0px; color: rgb(102, 102, 102); > font-family: Tahoma, Arial, ??, 'Malgun Gothic'; line-height: 24px; > text-align: justify; widows: auto; background-color: rgba(255, 255, > 255, 0.8);"> style="font-size:medium;">Reference:http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Pipe what is your question ? From robert.munteanu at gmail.com Tue Aug 16 20:24:08 2016 From: robert.munteanu at gmail.com (Robert Munteanu) Date: Tue, 16 Aug 2016 23:24:08 +0300 Subject: [patch] Improved error checking for the dovecot-antispam-plugin Message-ID: Hi, Hopefully this is the right channel for such a patch. I have a minor enhancement to submit for the antispam plugin http://hg.dovecot.org/dovecot-antispam-plugin It adds minimal error checking for the sendmail_binary, otherwise the reported error in case of a missing binary or one with missing permissions is generic and not useful. Thanks, Robert -- http://robert.muntea.nu/ -------------- next part -------------- A non-text attachment was scrubbed... Name: validate_sendmail.patch Type: text/x-patch Size: 1088 bytes Desc: not available URL: From harlan at pfcs.com Tue Aug 16 23:18:00 2016 From: harlan at pfcs.com (Harlan Stenn) Date: Tue, 16 Aug 2016 16:18:00 -0700 Subject: [patch] Improved error checking for the dovecot-antispam-plugin In-Reply-To: References: Message-ID: On 8/16/16 1:24 PM, Robert Munteanu wrote: > Hi, > > Hopefully this is the right channel for such a patch. I have a minor > enhancement to submit for the antispam plugin > > http://hg.dovecot.org/dovecot-antispam-plugin > > It adds minimal error checking for the sendmail_binary, otherwise the > reported error in case of a missing binary or one with missing > permissions is generic and not useful. > > Thanks, > > Robert Robert, I like that you did this. Beyond that and without even looking at the actual code, I'm curious why you: + if (access(cfg->binary, F_OK) == -1) + { + mail_storage_set_error(storage, MAIL_ERROR_TEMP, "mail_sendmail file does not exist"); instead of finding a way to include the value of cfg->binary in the error message string. This might not be needed if it's really obvious from the config file what the path to the executable is, but if there is any doubt it might be friendlier to show the exact path with the problem. I'd also be inclined to show the decoded value of errno instead of assuming that 'mail_sendmail file does not exist'. Perhaps something along the lines of: "access(%s, F_OK) failed: %m", cfg->binary if that makes sense. H From aki.tuomi at dovecot.fi Wed Aug 17 06:02:40 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 17 Aug 2016 09:02:40 +0300 Subject: [patch] Improved error checking for the dovecot-antispam-plugin In-Reply-To: References: Message-ID: On 17.08.2016 02:18, Harlan Stenn wrote: > On 8/16/16 1:24 PM, Robert Munteanu wrote: >> Hi, >> >> Hopefully this is the right channel for such a patch. I have a minor >> enhancement to submit for the antispam plugin >> >> http://hg.dovecot.org/dovecot-antispam-plugin >> >> It adds minimal error checking for the sendmail_binary, otherwise the >> reported error in case of a missing binary or one with missing >> permissions is generic and not useful. >> >> Thanks, >> >> Robert > Robert, I like that you did this. > > Beyond that and without even looking at the actual code, I'm curious why > you: > > + if (access(cfg->binary, F_OK) == -1) > + { > + mail_storage_set_error(storage, MAIL_ERROR_TEMP, "mail_sendmail > file does not exist"); > > instead of finding a way to include the value of cfg->binary in the > error message string. > > This might not be needed if it's really obvious from the config file > what the path to the executable is, but if there is any doubt it might > be friendlier to show the exact path with the problem. I'd also be > inclined to show the decoded value of errno instead of assuming that > 'mail_sendmail file does not exist'. > > Perhaps something along the lines of: > > "access(%s, F_OK) failed: %m", cfg->binary > > if that makes sense. > > H Hi! Thank you for your patch, we'll take it under consideration! Aki From crusader at hardwarebg.com Wed Aug 17 10:21:16 2016 From: crusader at hardwarebg.com (George Dankin) Date: Wed, 17 Aug 2016 13:21:16 +0300 Subject: POP3 strange logging behavior after upgrade from 2.2.13 to 2.2.25 In-Reply-To: References: Message-ID: <6aad396a-9cff-0e14-da4a-ba3bae0443d4@hardwarebg.com> Hello, I experience exactly the same issue. Is there any progress regarding that bug report? Cheers George Dankin Forum Leader HardwareBG.com From daniel.colchete at gmail.com Wed Aug 17 20:29:29 2016 From: daniel.colchete at gmail.com (Daniel van Ham Colchete) Date: Wed, 17 Aug 2016 17:29:29 -0300 Subject: Reporting on CephFS being ready to use with Dovecot Message-ID: I would like to report that from version 10.2.3 on (next release), Ceph FS is working really well with Dovecot systems. For those that don't know, Ceph is a "distributed object store and file system designed to provide excellent performance, reliability and scalability.". We have used it here since 2013 very successfully, but never with our Dovecot setup. For more information go on http://ceph.com/. Since Ceph Jewel (the current version), Ceph FS is considered production ready by their team. With Ceph FS you have a cache-coherent POSIX-compliant [1] clustered file system, without most of the NFS shortcomings. Ceph have very nice features like online upgrades, online maintenance, constant deep scrubbing of replicated data, cache tiering (HD -> SSD -> etc), erasure coding (clustered RAID6 for really old email - I'm not using), etc. Ceph is very complex to operate but very flexible and robust. This year we moved our Dovecot servers to a Ceph based system, found one bug there (http://tracker.ceph.com/issues/15920) when Dovecot's LMTP was delivery an email, and the fix is about to be released on version 10.2.3. I have been using a fix-build here for a couple of months without issue. So, now I'm glad to share with you guys that it works really well! My setup involves two clusters, each with about 30k-40k users. Each cluster will have two HD storages (with 6TB HDs), two SSD storages (with Intel 480GB SSDs) and two frontends. In a few months will add a third server of each type. Clusters work better with 3's. Here we used mdbox as it is better performant on Ceph for maintenance tasks, since each file is an object on Ceph and maintenance costs increase with the number of objects. We created two base directories: - /srv/dovecot/mail/%d/%n - stored on HDs with the most recent files cached on SSDs, thanks to Ceph Cache Tiering. Also, the directory structure itself is stored on SSDs, so dir listings are very fast (Ceph FS Metadata). - /srv/dovecot/index/%d/%n - stored only on SSDs, thanks for Ceph FS file layout. On our setup about 17% of the IOPs are going to HDs, the rest will go to SSDs, even though SSDs are less than 5% of the space. This is a matter of tuning the cache tiering parameters, but we didn't look at that yet. That setup is working like a charm, performance is about 53% better than when we were using NFS on the same hardware. Our previous DRBD+Heartbeat setup didn't allow for online maintenance and had a few problems. Now we can do 100% online maintenance on storage without users noticing, and on frontends with just a reconnect but without any downtime. Ceph is hard to learn at first but those with bigger setups and stronger SLAs will want to take a look at that. I really recommend that the Dovecot community take at look at that setup. Good luck! Best, Daniel Colchete [1] http://docs.ceph.com/docs/hammer/dev/differences-from-posix/ From chibi at gol.com Thu Aug 18 03:12:15 2016 From: chibi at gol.com (Christian Balzer) Date: Thu, 18 Aug 2016 12:12:15 +0900 Subject: Reporting on CephFS being ready to use with Dovecot In-Reply-To: References: Message-ID: <20160818121215.6cf56266@batzmaru.gol.ad.jp> Hello Daniel, Firstly, I've been using dovecot since the very early days and Ceph for nearly 3 years and am quite happy and quite familiar with both. However I currently have no plans to change from a DRBD cluster pair setup for mailbox servers to anything based on Ceph, mostly for performance and cost reasons. I'm definitely not trying to rain on your parade, but I do have few points and issues, see in-line below. On Wed, 17 Aug 2016 17:29:29 -0300 Daniel van Ham Colchete wrote: > I would like to report that from version 10.2.3 on (next release), Ceph FS > is working really well with Dovecot systems. > > For those that don't know, Ceph is a "distributed object store and file > system designed to provide excellent performance, reliability and > scalability.". We have used it here since 2013 very successfully, but never > with our Dovecot setup. For more information go on http://ceph.com/. > > Since Ceph Jewel (the current version), Ceph FS is considered production > ready by their team. With Ceph FS you have a cache-coherent POSIX-compliant > [1] clustered file system, without most of the NFS shortcomings. > > Ceph have very nice features like online upgrades, online maintenance, > constant deep scrubbing of replicated data, cache tiering (HD -> SSD -> > etc), erasure coding (clustered RAID6 for really old email - I'm not > using), etc. Ceph is very complex to operate but very flexible and robust. > For the record, the "deep scrubbing" is neither constant (by default once a week) and with the current "filestore" storage backend finding out which is the good replica in case of a scrub error is left as an exercise for the operator. Something that is going to be addressed by "Bluestore", which is going to be stable in about 2 releases from now. Also (AFAIK) cache tiering (which is quite nice) doesn't offer more than 2 layers (so SSD pool in front of HDD pool) at this point in time. > This year we moved our Dovecot servers to a Ceph based system, found one > bug there (http://tracker.ceph.com/issues/15920) when Dovecot's LMTP was > delivery an email, and the fix is about to be released on version 10.2.3. I > have been using a fix-build here for a couple of months without issue. So, > now I'm glad to share with you guys that it works really well! > > My setup involves two clusters, each with about 30k-40k users. Two separate Ceph clusters? If so, why? A larger, shared Ceph cluster would give you more peak performance and more flexibility with your frontends. >Each cluster > will have two HD storages (with 6TB HDs), two SSD storages (with Intel > 480GB SSDs) and two frontends. In a few months will add a third server of > each type. Clusters work better with 3's. > Ceph tends to perform better with smaller and more storage devices, but of course that conflicts with keeping things dense and cost down. There are 2 things in that paragraph which set of alarms here: 1. 480GB Intel SSDs sound like DC S3510, which have an endurance of 0.3 DWPD (over 5 years), 150GB per day. Given that Ceph needs a journal, that's 75GB/day. Now this might be fine if you have many of them and/or not much write activity. But I'd religiously monitor the wearout levels of these SSDs. On a mailbox cluster with similar user numbers to yours I see about 80GB/day write activity. 2. Since you're using 2x replication, with a dual node cluster and plain HDDs, you're running the equivalent to a RAID5 when it comes to reliability and fault tolerance. Danger, Will Robinson. > Here we used mdbox as it is better performant on Ceph for maintenance > tasks, since each file is an object on Ceph and maintenance costs increase > with the number of objects. Yes, that's one of the reasons I haven't considered Ceph, I do like and prefer the transparency of maildir. >We created two base directories: > > - /srv/dovecot/mail/%d/%n - stored on HDs with the most recent files > cached on SSDs, thanks to Ceph Cache Tiering. Also, the directory structure > itself is stored on SSDs, so dir listings are very fast (Ceph FS Metadata). > - /srv/dovecot/index/%d/%n - stored only on SSDs, thanks for Ceph FS file > layout. > Yup, that's a nice feature of CephFS. > On our setup about 17% of the IOPs are going to HDs, the rest will go to > SSDs, even though SSDs are less than 5% of the space. This is a matter of > tuning the cache tiering parameters, but we didn't look at that yet. > See above about SSD endurance issues, for cache-tiering tips, pipe up on the CephML. > That setup is working like a charm, performance is about 53% better than > when we were using NFS on the same hardware. You used NFS on top of RBD if I read the tracker correctly, right? Any reason for not doing something similar to the DRBD setup you were familiar with, that is Pacemaker and mounting RBD (and FS) from it? That should have been significantly more performant. > Our previous DRBD+Heartbeat > setup didn't allow for online maintenance and had a few problems. Now we > can do 100% online maintenance on storage without users noticing, and on > frontends with just a reconnect but without any downtime. > DRBD and Pacemaker can have issues, especially with some buggy resource agents around. Failing over a node in a controlled fashion takes a few seconds at most here, also in the "not noticeable" ballpark. Given that: a) with DRBD reads are local b) considering a) Ceph will always have the disadvantage of having to go via the net for everything and the resulting latency issues. c) to get roughly the same level of performance and reliability, one needs at least 33% more HW (storage) with Ceph and that's not including the additional frontends. So again, for the time being I'm happier to stay with DRBD pairs. Especially since we have a custom, in-house made migration system in place that will move dead-ish/large/low-usage mailboxes to slower clusters and smallish/high-usage mailboxes to faster ones. > Ceph is hard to learn at first but those with bigger setups and stronger > SLAs will want to take a look at that. I really recommend that the Dovecot > community take at look at that setup. > I agree with all parts of this, particular if you're not trying to squeeze the last ounce of speed from the least amount of rack space. There's another aspect of Ceph that may be of interest with Dovecot, using the object storage interface. However that's not supporting native Ceph interfaces and by its very nature also is slowish, but has nice scalability. Regards, Christian > Good luck! > > Best, > Daniel Colchete > > [1] http://docs.ceph.com/docs/hammer/dev/differences-from-posix/ > -- Christian Balzer Network/Systems Engineer chibi at gol.com Global OnLine Japan/Rakuten Communications http://www.gol.com/ From cedric.bassaget.ml at gmail.com Thu Aug 18 08:26:37 2016 From: cedric.bassaget.ml at gmail.com (=?UTF-8?Q?C=c3=a9dric_ML?=) Date: Thu, 18 Aug 2016 10:26:37 +0200 Subject: dsync replication issue Message-ID: <504f81f4-bbf5-fd3c-2de0-26a9d5e99cc0@gmail.com> Hello, I'm facing a problem with dsync : replication between my two dovecot 2.2.10 servers (10.10.10.10 = serverA and 10.10.10.11 = serverB) is not done when a mail is received on any of the two servers. Sync is correctly working when running "doveadm [-D] sync -A tcp:10.10.10.10:12345" from serverB or "doveadm [-D] sync -A tcp:10.10.10.11:12345" from serverA Sieve vacation message replication is functional too, and triggered when a change is done on any of the two servers. I guess it's a notify problem, but I did not find how to debug it... I've enabled dovecot debug, but I don't see anything related to notify in logfile. Here's my doveconf -n (it's the same on the two servers, except IP address changes) Hope somebody will be able to help me. Regards, C?dric --------------------------------------- root at dovecot1-pa3:/etc/dovecot/conf.d# doveconf -n # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-327.28.2.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core) auth_debug = yes auth_mechanisms = plain login debug_log_path = /var/log/dovecot-deliver.log doveadm_password = tgIK16l5L26023b doveadm_port = 12345 log_path = /var/log/dovecot-deliver.log mail_debug = yes mail_plugins = " quota notify replication" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave vacation-seconds mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { mail_replica = tcp:10.10.10.10:12345 quota = maildir:User quota quota_grace = 10%% quota_rule = Trash:storage=+100M quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Boite de messagerie pleine. quota_status_success = DUNNO quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=85%% quota-warning 85 %u sieve = ~/.dovecot.sieve sieve_before = /home/vmail/%d/%n/sieve/Vacation.sieve sieve_dir = ~/sieve sieve_extensions = +vacation-seconds } protocols = imap pop3 sieve sieve service aggregator { fifo_listener replication-notify-fifo { mode = 0666 user = mailbox } unix_listener replication-notify { mode = 0666 user = mailbox } } service auth { inet_listener { port = 12346 } unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = mailbox mode = 0660 user = mailbox } } service config { unix_listener config { user = mailbox } } service doveadm { inet_listener { port = 12345 } user = mailbox } service imap-login { inet_listener imaps { port = 993 } } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 1 service_count = 1 vsz_limit = 64 M } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = mailbox } user = mailbox } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } ssl = required ssl_cert = References: <20160711111514.GF25046@charite.de> <20160712092535.GE19765@charite.de> Message-ID: <840ea7f3-1020-1e1f-6c14-ff6c0b9b769c@dovecot.fi> On 12.07.2016 12:25, Ralf Hildebrandt wrote: > * Timo Sirainen : >> On 11 Jul 2016, at 14:15, Ralf Hildebrandt wrote: >>> From the log: >>> >>> Jul 11 13:12:42 mproxy dovecot: imap-login: Login: user=, method=PLAIN, rip=141.42.206.36, lip=141.42.206.11, mpid=27254, TLS, session= >>> Jul 11 13:12:44 mproxy dovecot: imap(hildeb): Panic: file imap-client.c: line 854 (client_check_command_hangs): assertion failed: ((io_loop_find_fd_conditions(current_ioloop, client->fd_out) & IO_WRITE) != 0) >> Could you gdb the core and print some outputs: >> >> fr 5 (or whichever frame number has client_check_command_hangs) >> p *client >> p *client->command_queue >> p *client->command_queue->next >> p *client->command_queue->next->next >> (etc, until it fails) >> p *current_ioloop >> p *current_ioloop->io_files >> p *current_ioloop->io_files->next >> p *current_ioloop->io_files->next->next >> (etc, until it fails) > Hi! Fixed in https://github.com/dovecot/core/commit/e03bbb0f23631fcde5e83479f987a517c9a8b99f Aki Tuomi Dovecot Oy From aki.tuomi at dovecot.fi Thu Aug 18 12:02:28 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Thu, 18 Aug 2016 15:02:28 +0300 Subject: POP3 strange logging behavior after upgrade from 2.2.13 to 2.2.25 In-Reply-To: References: Message-ID: On 09.08.2016 16:50, Iavor Stoev wrote: > Hello, > > After the upgrade from Dovecot version 2.2.13 to 2.2.25, > we experience the following strange behavior with POP3 logging. > > When a connection is closed with reason "Connection closed" & > "Disconnected for inactivity", the number of deleted mails is missing. > Like del=/1166 & del=/4138 from the example bellow. > > With Dovecot 2.2.13: > Feb 14 03:35:20 serverXYZ dovecot: pop3(user at domain.com): Connection > closed top=0/0, retr=0/0, del=0/946, size=39500197 > Feb 15 16:49:18 serverXYZ dovecot: pop3(user at domain.com): Disconnected > for inactivity top=0/0, retr=0/0, del=0/739, size=52319632 > > With Dovecot 2.2.25: > Jul 31 02:56:03 serverXYZ dovecot: pop3(user at domain.com): Connection > closed top=1/1380, retr=0/0, del=/4138, size=284167741 > Jul 31 02:34:47 serverXYZ dovecot: pop3(user at domain.com): Disconnected > for inactivity top=0/0, retr=0/0, del=/1166, size=111425436 > > For sessions completed normally, everything works fine with both > Dovecot versions: > Jul 31 06:55:48 serverXYZ dovecot: pop3(user at domain.com): > Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 > Jul 31 02:36:59 serverXYZ dovecot: pop3(user at domain.com): > Disconnected: Logged out top=0/0, retr=1/18821, del=1/1, size=18803 > > Please advise if this behavior is normal and if yes how should we read > entries like "del=/4138"? > > Thank you > > Iavor Stoev > Project Manager // Head of System & Network Administration Department > ICDSoft Ltd - http://icdsoft.com Hi! This has been now fixed in https://github.com/dovecot/core/commit/7424d35ff1b7d17c0caf7b426c0ef3c2b8229afc Aki Tuomi Dovecot Oy From sami.ketola at dovecot.fi Thu Aug 18 12:26:45 2016 From: sami.ketola at dovecot.fi (Sami Ketola) Date: Thu, 18 Aug 2016 15:26:45 +0300 Subject: Reporting on CephFS being ready to use with Dovecot In-Reply-To: References: Message-ID: Hi, > On 17 Aug 2016, at 23:29, Daniel van Ham Colchete wrote: > My setup involves two clusters, each with about 30k-40k users. Each cluster > will have two HD storages (with 6TB HDs), two SSD storages (with Intel > 480GB SSDs) and two frontends. In a few months will add a third server of > each type. Clusters work better with 3?s. Just a question. Looking at your usercount, this setup of yours still includes just one dovecot backend system and you are not actually running clustered dovecot setup with multiple instances accessing the users mailboxes? Sami From robert.munteanu at gmail.com Thu Aug 18 13:11:28 2016 From: robert.munteanu at gmail.com (Robert Munteanu) Date: Thu, 18 Aug 2016 16:11:28 +0300 Subject: [patch] Improved error checking for the dovecot-antispam-plugin In-Reply-To: References: Message-ID: Hi Harlan, On Wed, Aug 17, 2016 at 2:18 AM, Harlan Stenn wrote: > On 8/16/16 1:24 PM, Robert Munteanu wrote: >> Hi, >> >> Hopefully this is the right channel for such a patch. I have a minor >> enhancement to submit for the antispam plugin >> >> http://hg.dovecot.org/dovecot-antispam-plugin >> >> It adds minimal error checking for the sendmail_binary, otherwise the >> reported error in case of a missing binary or one with missing >> permissions is generic and not useful. >> >> Thanks, >> >> Robert > > Robert, I like that you did this. > > Beyond that and without even looking at the actual code, I'm curious why > you: > > + if (access(cfg->binary, F_OK) == -1) > + { > + mail_storage_set_error(storage, MAIL_ERROR_TEMP, "mail_sendmail > file does not exist"); > > instead of finding a way to include the value of cfg->binary in the > error message string. > > This might not be needed if it's really obvious from the config file > what the path to the executable is, but if there is any doubt it might > be friendlier to show the exact path with the problem. I'd also be > inclined to show the decoded value of errno instead of assuming that > 'mail_sendmail file does not exist'. > > Perhaps something along the lines of: > > "access(%s, F_OK) failed: %m", cfg->binary > > if that makes sense. Thanks for the review . I was not sure that it's OK to show the path to the script in an error message which will be shown to the user. But I have no issue in resending a new version of the patch with better error reporting, will do so in the following days. Robert -- http://robert.muntea.nu/ From robert.munteanu at gmail.com Thu Aug 18 15:16:23 2016 From: robert.munteanu at gmail.com (Robert Munteanu) Date: Thu, 18 Aug 2016 18:16:23 +0300 Subject: [patch] Improved error checking for the dovecot-antispam-plugin In-Reply-To: References: Message-ID: (snip) > I have no issue in resending a new version of the patch with better > error reporting, will do so in the following days. > > Robert I've attached a second version of the patch, feel free to consider any of them for inclusion. Thanks, Robert -- http://robert.muntea.nu/ -------------- next part -------------- A non-text attachment was scrubbed... Name: validate_sendmail.patch Type: text/x-patch Size: 1150 bytes Desc: not available URL: From dovecot at avv.solutions Thu Aug 18 17:06:38 2016 From: dovecot at avv.solutions (dovecot at avv.solutions) Date: Thu, 18 Aug 2016 19:06:38 +0200 Subject: Quota issue: enforced, but reporting issue Message-ID: <4a9f0723-86cb-b9aa-eaea-a32c03bb4db2@avv.solutions> Hello everyone, I face the following challenge: - dovecot 2.2.13 - userdb: passwd-file - quota enabled: -- default 1GB -- changed for some users thru users file: user at domain:passwd::::::userdb_quota_rule=*:storage=15M - when sending a message to this user while near quota, warnings are correctly triggered => *OK* - when sending a message to this user while over quota, message is refused => *OK* - when checking quota from mail client (eg Thunderbird 45.2), reported quota is.. 1GB => *NOK* - some config: mail_plugins = quota notify acl plugin { acl_shared_dict = file:/sd/MAIL_IMAP_POP/%d/shared-mailboxes quota = maildir:User quota:ns= quota_exceeded_message = Storage quota for this account has been exceeded, please try again later. quota_rule = *:storage=1G quota_rule2 = Trash:storage=+10%% quota_rule3 = Spam:storage=+20%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_warning = storage=90%% quota-warning 90 %u %d quota_warning2 = storage=75%% quota-warning 75 %u %d } protocol imap { mail_plugins = quota notify acl imap_quota imap_acl service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service login/imap { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } } - 90-quota: passdb { driver = passwd-file args = scheme=CRYPT username_format=%u /etc/dovecot/users } userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users # Default fields that can be overridden by passwd-file #default_fields = quota_rule=*:storage=1G # Override fields from passwd-file #override_fields = home=/home/virtual/%u } Any idea? Already spent hours on this. Thank you in advance for the help. Cheers A. From ben at indietorrent.org Fri Aug 19 01:10:31 2016 From: ben at indietorrent.org (Ben Johnson) Date: Thu, 18 Aug 2016 21:10:31 -0400 Subject: What might cause messages delivered with dovecot-lda to be "invisible" to IMAP clients? Message-ID: <8cb8f8b4-60f0-a96a-dbd5-ef4992e8c279@indietorrent.org> Hello! I'm attempting to use dovecot-lda, and for whatever reason, messages that I send with it are not visible in my IMAP client. $ dovecot --version 2.2.22 (fe789d2) (Full "doveconf -n" output is at the bottom of this message!) Here's the the sequence of commands that I'm using: # su vmail $ echo 'This is a test message.' > /tmp/test.txt $ stat /tmp/test.txt File: '/tmp/test.txt' Size: 24 Blocks: 8 IO Block: 4096 regular file Device: fd01h/64769d Inode: 783925 Links: 2 Access: (0664/-rw-rw-r--) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) Access: 2016-08-18 20:49:38.419011552 -0400 Modify: 2016-08-18 20:49:07.178995015 -0400 Change: 2016-08-18 20:49:38.191011425 -0400 Birth: - $ /usr/lib/dovecot/dovecot-lda -d "test at example.com" -p "/tmp/test.txt" When I do this, the destination mailbox acts like there's a new message (I'm using Thunderbird, and the mailbox is highlighted in blue and bolded, which is the "new mail" behavior in this client). But when I "check my inbox", i.e., click on the Inbox, I don't see the new message. With regard to the filesystem, the message is present and contains the intended contents. Here's the "stat" output: $ stat /var/vmail/example.com/ben/Maildir/cur/1471567777.M685753P32257.example.com,S=24:2, File: '/var/vmail/example.com/ben/Maildir/cur/1471567777.M685753P32257.example.com,S=24:2,' Size: 24 Blocks: 8 IO Block: 4096 regular file Device: fd01h/64769d Inode: 783925 Links: 2 Access: (0664/-rw-rw-r--) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) Access: 2016-08-18 20:51:05.647059340 -0400 Modify: 2016-08-18 20:50:58.543055378 -0400 Change: 2016-08-18 20:50:58.543055378 -0400 Birth: - Might anyone know why I'm not "seeing" this message in my IMAP client? Interestingly, I tried another IMAP client (Blue Mail for Android), and I can actually see the messages there, but they appear in the Inbox as: (No subject) When I click on the messages, Blue Mail simply displays "No text", without the quotes. Surely, I'm overlooking something simple... Thank you for any help here! -Ben Full "doveconf -n" output: $ doveconf -n # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.13 (7b14904) # OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS auth_mechanisms = plain login disable_plaintext_auth = no listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { antispam_backend = pipe antispam_debug_target = syslog antispam_pipe_program = /bin/bash antispam_pipe_program_args = /usr/local/bin/sa-learn-pipe.sh antispam_pipe_program_notspam_arg = --ham antispam_pipe_program_spam_arg = --spam antispam_pipe_tmpdir = /tmp antispam_spam_pattern_ignorecase = SPAM;JUNK antispam_trash_pattern_ignorecase = trash;Deleted * antispam_verbose_debug = 1 quota = dict:user::file:/var/vmail/%d/%n/.quotausage quota_rule2 = Trash:storage=+100M quota_rule3 = Junk:ignore quota_rule4 = INBOX:storage=+100M quota_warning = storage=100%% quota-reached 100 %u %d quota_warning2 = storage=95%% quota-warning 95 %u %d quota_warning3 = storage=80%% quota-warning 80 %u %d quota_warning4 = -storage=100%% quota-below below %u %d sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster at example.com protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service quota-below { executable = script /usr/local/bin/quota-below.sh unix_listener quota-below { group = vmail mode = 0666 user = vmail } user = vmail } service quota-reached { executable = script /usr/local/bin/quota-reached.sh unix_listener quota-reached { group = vmail mode = 0666 user = vmail } user = vmail } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { group = vmail mode = 0666 user = vmail } user = vmail } ssl_cert = References: <8cb8f8b4-60f0-a96a-dbd5-ef4992e8c279@indietorrent.org> Message-ID: I'm mildly ashamed of myself. The "butchered" messages were presumably the result of not having a valid message structure with appropriate syntax. If I do this, the mail is delivered and "visible" in any client, as expected: # su vmail $ cd ~ $ wget http://spamassassin.apache.org/gtube/gtube.txt $ /usr/lib/dovecot/dovecot-lda -d "test at example.com" -p "/var/vmail/gtube.txt" That's wonderful! But it brings me back to my original question, which is why I'm unable to use dovecot-lda to feed my antispam pipe program. I'll post a separate message for that. Thanks! -Ben On 8/18/2016 9:10 PM, Ben Johnson wrote: > Hello! > > I'm attempting to use dovecot-lda, and for whatever reason, messages > that I send with it are not visible in my IMAP client. > > $ dovecot --version > 2.2.22 (fe789d2) > > (Full "doveconf -n" output is at the bottom of this message!) > > Here's the the sequence of commands that I'm using: > > # su vmail > > $ echo 'This is a test message.' > /tmp/test.txt > > $ stat /tmp/test.txt > File: '/tmp/test.txt' > Size: 24 Blocks: 8 IO Block: 4096 regular file > Device: fd01h/64769d Inode: 783925 Links: 2 > Access: (0664/-rw-rw-r--) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) > Access: 2016-08-18 20:49:38.419011552 -0400 > Modify: 2016-08-18 20:49:07.178995015 -0400 > Change: 2016-08-18 20:49:38.191011425 -0400 > Birth: - > > $ /usr/lib/dovecot/dovecot-lda -d "test at example.com" -p "/tmp/test.txt" > > When I do this, the destination mailbox acts like there's a new message > (I'm using Thunderbird, and the mailbox is highlighted in blue and > bolded, which is the "new mail" behavior in this client). > > But when I "check my inbox", i.e., click on the Inbox, I don't see the > new message. > > With regard to the filesystem, the message is present and contains the > intended contents. Here's the "stat" output: > > $ stat > /var/vmail/example.com/ben/Maildir/cur/1471567777.M685753P32257.example.com,S=24:2, > File: > '/var/vmail/example.com/ben/Maildir/cur/1471567777.M685753P32257.example.com,S=24:2,' > Size: 24 Blocks: 8 IO Block: 4096 regular file > Device: fd01h/64769d Inode: 783925 Links: 2 > Access: (0664/-rw-rw-r--) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) > Access: 2016-08-18 20:51:05.647059340 -0400 > Modify: 2016-08-18 20:50:58.543055378 -0400 > Change: 2016-08-18 20:50:58.543055378 -0400 > Birth: - > > Might anyone know why I'm not "seeing" this message in my IMAP client? > > Interestingly, I tried another IMAP client (Blue Mail for Android), and > I can actually see the messages there, but they appear in the Inbox as: > > (No subject) > > > When I click on the messages, Blue Mail simply displays "No text", > without the quotes. > > Surely, I'm overlooking something simple... > > Thank you for any help here! > > -Ben > > > > Full "doveconf -n" output: > > $ doveconf -n > # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.13 (7b14904) > # OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS > auth_mechanisms = plain login > disable_plaintext_auth = no > listen = *,[::] > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_max_userip_connections = 100 > mail_plugins = " quota" > mail_privileged_group = vmail > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > antispam_backend = pipe > antispam_debug_target = syslog > antispam_pipe_program = /bin/bash > antispam_pipe_program_args = /usr/local/bin/sa-learn-pipe.sh > antispam_pipe_program_notspam_arg = --ham > antispam_pipe_program_spam_arg = --spam > antispam_pipe_tmpdir = /tmp > antispam_spam_pattern_ignorecase = SPAM;JUNK > antispam_trash_pattern_ignorecase = trash;Deleted * > antispam_verbose_debug = 1 > quota = dict:user::file:/var/vmail/%d/%n/.quotausage > quota_rule2 = Trash:storage=+100M > quota_rule3 = Junk:ignore > quota_rule4 = INBOX:storage=+100M > quota_warning = storage=100%% quota-reached 100 %u %d > quota_warning2 = storage=95%% quota-warning 95 %u %d > quota_warning3 = storage=80%% quota-warning 80 %u %d > quota_warning4 = -storage=100%% quota-below below %u %d > sieve = /var/vmail/%d/%n/.sieve > sieve_max_redirects = 25 > } > postmaster_address = postmaster at example.com > protocols = imap pop3 > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vmail > mode = 0600 > user = vmail > } > user = root > } > service imap-login { > client_limit = 1000 > process_limit = 512 > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service quota-below { > executable = script /usr/local/bin/quota-below.sh > unix_listener quota-below { > group = vmail > mode = 0666 > user = vmail > } > user = vmail > } > service quota-reached { > executable = script /usr/local/bin/quota-reached.sh > unix_listener quota-reached { > group = vmail > mode = 0666 > user = vmail > } > user = vmail > } > service quota-warning { > executable = script /usr/local/bin/quota-warning.sh > unix_listener quota-warning { > group = vmail > mode = 0666 > user = vmail > } > user = vmail > } > ssl_cert = ssl_key = ssl_protocols = !SSLv2 !SSLv3 > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocol imap { > mail_plugins = quota imap_quota antispam > } > protocol pop3 { > mail_plugins = quota > pop3_uidl_format = %08Xu%08Xv > } > protocol lda { > mail_plugins = sieve quota > } > protocol lmtp { > mail_plugins = quota sieve > postmaster_address = webmaster at localhost > } > From ben at indietorrent.org Fri Aug 19 02:26:09 2016 From: ben at indietorrent.org (Ben Johnson) Date: Thu, 18 Aug 2016 22:26:09 -0400 Subject: antispam plugin pipe script seems not to be called when it "should be" Message-ID: Hello, (Full "doveconf -n" output is at the end of this message.) I'm attempting to recreate a "recipe" I had used successfully for quite some time (in Ubuntu 12.04 LTS), which allowed me to train SpamAssassin's Bayes database when someone dragged an email message from one sub-folder of the account to another. I later tried to re-implement it (in Ubuntu 14.04 LTS), and core-dumps resulted. I posted to this list about it several times, but nobody was ever able to help me solve the problem. I just tried the same (in Ubuntu 16.04 LTS), hoping that the source had evolved since then, and while I don't see a core-dump, the pipe script doesn't seem to be called. I've booby-trapped the pipe script with quite a bit of debugging output, which should be written to a file, but I don't see any indication that the pipe script is ever executed. When logged-in as an IMAP user, and I drag a message from the user's Inbox into the "Spam" folder, I do see the following activity in the syslog: Aug 18 22:12:15 example.com imap: antispam: mailbox_is_unsure(Junk): 0 Aug 18 22:12:15 example.com imap: antispam: mailbox_is_trash(INBOX): 0 Aug 18 22:12:15 example.com imap: antispam: mailbox_is_trash(Junk): 0 Aug 18 22:12:15 example.com imap: antispam: mail copy: from trash: 0, to trash: 0 Aug 18 22:12:15 example.com imap: antispam: mailbox_is_spam(INBOX): 0 Aug 18 22:12:15 example.com imap: antispam: mailbox_is_spam(Junk): 1 Aug 18 22:12:15 example.com imap: antispam: mailbox_is_unsure(INBOX): 0 Aug 18 22:12:15 example.com imap: antispam: mail copy: src spam: 0, dst spam: 1, src unsure: 0 Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend program /bin/bash Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend program /bin/bash Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend program parameter 1 /usr/local/bin/sa-learn-pipe.sh Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend program parameter 2 --spam But the piped message is never delivered to the target mailbox. The mail log at /var/log/mail.log does not register any activity when I move messages (and maybe that's expected). Here are the contents of the /usr/local/bin/sa-learn-pipe.sh script: http://pastebin.com/7vm74jmk The permissions and mode on the script seem appropriate: $ stat /usr/local/bin/sa-learn-pipe.sh File: '/usr/local/bin/sa-learn-pipe.sh' Size: 1765 Blocks: 8 IO Block: 4096 regular file Device: fd01h/64769d Inode: 669345 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) Access: 2016-08-18 19:09:47.307392919 -0400 Modify: 2016-08-18 19:09:31.231391749 -0400 Change: 2016-08-18 19:09:31.231391749 -0400 Birth: - What might I be doing incorrectly here? Please let me know if I can provide any other information. Thank you in advance, -Ben Full "doveconf -n" output: $ doveconf -n # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.13 (7b14904) # OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS auth_mechanisms = plain login disable_plaintext_auth = no listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { antispam_backend = pipe antispam_debug_target = syslog antispam_pipe_program = /bin/bash antispam_pipe_program_args = /usr/local/bin/sa-learn-pipe.sh antispam_pipe_program_notspam_arg = --ham antispam_pipe_program_spam_arg = --spam antispam_pipe_tmpdir = /tmp antispam_spam_pattern_ignorecase = SPAM;JUNK antispam_trash_pattern_ignorecase = trash;Deleted * antispam_verbose_debug = 1 quota = dict:user::file:/var/vmail/%d/%n/.quotausage quota_rule2 = Trash:storage=+100M quota_rule3 = Junk:ignore quota_rule4 = INBOX:storage=+100M quota_warning = storage=100%% quota-reached 100 %u %d quota_warning2 = storage=95%% quota-warning 95 %u %d quota_warning3 = storage=80%% quota-warning 80 %u %d quota_warning4 = -storage=100%% quota-below below %u %d sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster at example.com protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service quota-below { executable = script /usr/local/bin/quota-below.sh unix_listener quota-below { group = vmail mode = 0666 user = vmail } user = vmail } service quota-reached { executable = script /usr/local/bin/quota-reached.sh unix_listener quota-reached { group = vmail mode = 0666 user = vmail } user = vmail } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { group = vmail mode = 0666 user = vmail } user = vmail } ssl_cert = References: Message-ID: <3f95a9de-9d17-b40a-2f12-7ab73bf9a73f@indietorrent.org> On 8/18/2016 10:26 PM, Ben Johnson wrote: > Hello, > > (Full "doveconf -n" output is at the end of this message.) > > I'm attempting to recreate a "recipe" I had used successfully for quite > some time (in Ubuntu 12.04 LTS), which allowed me to train > SpamAssassin's Bayes database when someone dragged an email message from > one sub-folder of the account to another. > > I later tried to re-implement it (in Ubuntu 14.04 LTS), and core-dumps > resulted. I posted to this list about it several times, but nobody was > ever able to help me solve the problem. > > I just tried the same (in Ubuntu 16.04 LTS), hoping that the source had > evolved since then, and while I don't see a core-dump, the pipe script > doesn't seem to be called. > > I've booby-trapped the pipe script with quite a bit of debugging output, > which should be written to a file, but I don't see any indication that > the pipe script is ever executed. > > When logged-in as an IMAP user, and I drag a message from the user's > Inbox into the "Spam" folder, I do see the following activity in the syslog: > > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_unsure(Junk): 0 > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_trash(INBOX): 0 > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_trash(Junk): 0 > Aug 18 22:12:15 example.com imap: antispam: mail copy: from trash: 0, to > trash: 0 > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_spam(INBOX): 0 > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_spam(Junk): 1 > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_unsure(INBOX): 0 > Aug 18 22:12:15 example.com imap: antispam: mail copy: src spam: 0, dst > spam: 1, src unsure: 0 > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend > program /bin/bash > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend > program /bin/bash > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend > program parameter 1 /usr/local/bin/sa-learn-pipe.sh > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend > program parameter 2 --spam > > But the piped message is never delivered to the target mailbox. > The mail log at /var/log/mail.log does not register any activity when I > move messages (and maybe that's expected). > > Here are the contents of the /usr/local/bin/sa-learn-pipe.sh script: > > http://pastebin.com/7vm74jmk > > The permissions and mode on the script seem appropriate: > > $ stat /usr/local/bin/sa-learn-pipe.sh > File: '/usr/local/bin/sa-learn-pipe.sh' > Size: 1765 Blocks: 8 IO Block: 4096 regular file > Device: fd01h/64769d Inode: 669345 Links: 1 > Access: (0755/-rwxr-xr-x) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) > Access: 2016-08-18 19:09:47.307392919 -0400 > Modify: 2016-08-18 19:09:31.231391749 -0400 > Change: 2016-08-18 19:09:31.231391749 -0400 > Birth: - > > What might I be doing incorrectly here? > > Please let me know if I can provide any other information. > > Thank you in advance, > > -Ben > > > > Full "doveconf -n" output: > > $ doveconf -n > # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.13 (7b14904) > # OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS > auth_mechanisms = plain login > disable_plaintext_auth = no > listen = *,[::] > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_max_userip_connections = 100 > mail_plugins = " quota" > mail_privileged_group = vmail > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > antispam_backend = pipe > antispam_debug_target = syslog > antispam_pipe_program = /bin/bash > antispam_pipe_program_args = /usr/local/bin/sa-learn-pipe.sh > antispam_pipe_program_notspam_arg = --ham > antispam_pipe_program_spam_arg = --spam > antispam_pipe_tmpdir = /tmp > antispam_spam_pattern_ignorecase = SPAM;JUNK > antispam_trash_pattern_ignorecase = trash;Deleted * > antispam_verbose_debug = 1 > quota = dict:user::file:/var/vmail/%d/%n/.quotausage > quota_rule2 = Trash:storage=+100M > quota_rule3 = Junk:ignore > quota_rule4 = INBOX:storage=+100M > quota_warning = storage=100%% quota-reached 100 %u %d > quota_warning2 = storage=95%% quota-warning 95 %u %d > quota_warning3 = storage=80%% quota-warning 80 %u %d > quota_warning4 = -storage=100%% quota-below below %u %d > sieve = /var/vmail/%d/%n/.sieve > sieve_max_redirects = 25 > } > postmaster_address = postmaster at example.com > protocols = imap pop3 > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vmail > mode = 0600 > user = vmail > } > user = root > } > service imap-login { > client_limit = 1000 > process_limit = 512 > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service quota-below { > executable = script /usr/local/bin/quota-below.sh > unix_listener quota-below { > group = vmail > mode = 0666 > user = vmail > } > user = vmail > } > service quota-reached { > executable = script /usr/local/bin/quota-reached.sh > unix_listener quota-reached { > group = vmail > mode = 0666 > user = vmail > } > user = vmail > } > service quota-warning { > executable = script /usr/local/bin/quota-warning.sh > unix_listener quota-warning { > group = vmail > mode = 0666 > user = vmail > } > user = vmail > } > ssl_cert = ssl_key = ssl_protocols = !SSLv2 !SSLv3 > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocol imap { > mail_plugins = quota imap_quota antispam > } > protocol pop3 { > mail_plugins = quota > pop3_uidl_format = %08Xu%08Xv > } > protocol lda { > mail_plugins = sieve quota > } > protocol lmtp { > mail_plugins = quota sieve > postmaster_address = webmaster at localhost > } > If it's helpful, I've tried replacing the pipe script's contents with the following: ##################################################################### #!/bin/bash /usr/lib/dovecot/deliver -d "sa-training at example.com" -m "Training.$mode" -p /var/vmail/gtube.txt # Exit with "success" status code. exit 0 ##################################################################### And still, the message never arrives when I drag a message from "Inbox" to "Spam" in the IMAP client, despite the messages logged to syslog, which "all seem to be correct". Yet, if I do this using the above content for the script, the "gtube" message is delivered successfully: # su vmail $ /usr/local/bin/sa-learn-pipe-test.sh The message arrives in the Inbox, presumably because -m "Training.$mode" does not "resolve" to anything, and per the documentation, the delivery destination will default to the Inbox in such cases. What's wrong with my the custom pipe script to which I posted a link in my previous message, I wonder? Thanks again for any assistance, -Ben From edgar at pettijohn-web.com Fri Aug 19 02:58:49 2016 From: edgar at pettijohn-web.com (Edgar Pettijohn) Date: Thu, 18 Aug 2016 21:58:49 -0500 Subject: antispam plugin pipe script seems not to be called when it "should be" In-Reply-To: <3f95a9de-9d17-b40a-2f12-7ab73bf9a73f@indietorrent.org> References: <3f95a9de-9d17-b40a-2f12-7ab73bf9a73f@indietorrent.org> Message-ID: <20160819025849.GA93798@thinkpad.my.domain> On 16-08-18 22:43:32, Ben Johnson wrote: > On 8/18/2016 10:26 PM, Ben Johnson wrote: > > Hello, > > > > (Full "doveconf -n" output is at the end of this message.) > > > > I'm attempting to recreate a "recipe" I had used successfully for quite > > some time (in Ubuntu 12.04 LTS), which allowed me to train > > SpamAssassin's Bayes database when someone dragged an email message from > > one sub-folder of the account to another. > > > > I later tried to re-implement it (in Ubuntu 14.04 LTS), and core-dumps > > resulted. I posted to this list about it several times, but nobody was > > ever able to help me solve the problem. > > > > I just tried the same (in Ubuntu 16.04 LTS), hoping that the source had > > evolved since then, and while I don't see a core-dump, the pipe script > > doesn't seem to be called. > > > > I've booby-trapped the pipe script with quite a bit of debugging output, > > which should be written to a file, but I don't see any indication that > > the pipe script is ever executed. > > > > When logged-in as an IMAP user, and I drag a message from the user's > > Inbox into the "Spam" folder, I do see the following activity in the syslog: > > > > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_unsure(Junk): 0 > > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_trash(INBOX): 0 > > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_trash(Junk): 0 > > Aug 18 22:12:15 example.com imap: antispam: mail copy: from trash: 0, to > > trash: 0 > > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_spam(INBOX): 0 > > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_spam(Junk): 1 > > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_unsure(INBOX): 0 > > Aug 18 22:12:15 example.com imap: antispam: mail copy: src spam: 0, dst > > spam: 1, src unsure: 0 > > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend > > program /bin/bash > > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend > > program /bin/bash > > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend > > program parameter 1 /usr/local/bin/sa-learn-pipe.sh > > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend > > program parameter 2 --spam > > > > But the piped message is never delivered to the target mailbox. > > The mail log at /var/log/mail.log does not register any activity when I > > move messages (and maybe that's expected). > > > > Here are the contents of the /usr/local/bin/sa-learn-pipe.sh script: > > > > http://pastebin.com/7vm74jmk > > > > The permissions and mode on the script seem appropriate: > > > > $ stat /usr/local/bin/sa-learn-pipe.sh > > File: '/usr/local/bin/sa-learn-pipe.sh' > > Size: 1765 Blocks: 8 IO Block: 4096 regular file > > Device: fd01h/64769d Inode: 669345 Links: 1 > > Access: (0755/-rwxr-xr-x) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) > > Access: 2016-08-18 19:09:47.307392919 -0400 > > Modify: 2016-08-18 19:09:31.231391749 -0400 > > Change: 2016-08-18 19:09:31.231391749 -0400 > > Birth: - > > > > What might I be doing incorrectly here? > > > > Please let me know if I can provide any other information. > > > > Thank you in advance, > > > > -Ben > > > > > > > > Full "doveconf -n" output: > > > > $ doveconf -n > > # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf > > # Pigeonhole version 0.4.13 (7b14904) > > # OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS > > auth_mechanisms = plain login > > disable_plaintext_auth = no > > listen = *,[::] > > log_timestamp = "%Y-%m-%d %H:%M:%S " > > mail_max_userip_connections = 100 > > mail_plugins = " quota" > > mail_privileged_group = vmail > > passdb { > > args = /etc/dovecot/dovecot-sql.conf > > driver = sql > > } > > plugin { > > antispam_backend = pipe > > antispam_debug_target = syslog > > antispam_pipe_program = /bin/bash > > antispam_pipe_program_args = /usr/local/bin/sa-learn-pipe.sh > > antispam_pipe_program_notspam_arg = --ham > > antispam_pipe_program_spam_arg = --spam > > antispam_pipe_tmpdir = /tmp > > antispam_spam_pattern_ignorecase = SPAM;JUNK > > antispam_trash_pattern_ignorecase = trash;Deleted * > > antispam_verbose_debug = 1 > > quota = dict:user::file:/var/vmail/%d/%n/.quotausage > > quota_rule2 = Trash:storage=+100M > > quota_rule3 = Junk:ignore > > quota_rule4 = INBOX:storage=+100M > > quota_warning = storage=100%% quota-reached 100 %u %d > > quota_warning2 = storage=95%% quota-warning 95 %u %d > > quota_warning3 = storage=80%% quota-warning 80 %u %d > > quota_warning4 = -storage=100%% quota-below below %u %d > > sieve = /var/vmail/%d/%n/.sieve > > sieve_max_redirects = 25 > > } > > postmaster_address = postmaster at example.com > > protocols = imap pop3 > > service auth { > > unix_listener /var/spool/postfix/private/auth { > > group = postfix > > mode = 0660 > > user = postfix > > } > > unix_listener auth-userdb { > > group = vmail > > mode = 0600 > > user = vmail > > } > > user = root > > } > > service imap-login { > > client_limit = 1000 > > process_limit = 512 > > } > > service lmtp { > > unix_listener /var/spool/postfix/private/dovecot-lmtp { > > group = postfix > > mode = 0600 > > user = postfix > > } > > } > > service quota-below { > > executable = script /usr/local/bin/quota-below.sh > > unix_listener quota-below { > > group = vmail > > mode = 0666 > > user = vmail > > } > > user = vmail > > } > > service quota-reached { > > executable = script /usr/local/bin/quota-reached.sh > > unix_listener quota-reached { > > group = vmail > > mode = 0666 > > user = vmail > > } > > user = vmail > > } > > service quota-warning { > > executable = script /usr/local/bin/quota-warning.sh > > unix_listener quota-warning { > > group = vmail > > mode = 0666 > > user = vmail > > } > > user = vmail > > } > > ssl_cert = > ssl_key = > ssl_protocols = !SSLv2 !SSLv3 > > userdb { > > driver = prefetch > > } > > userdb { > > args = /etc/dovecot/dovecot-sql.conf > > driver = sql > > } > > protocol imap { > > mail_plugins = quota imap_quota antispam > > } > > protocol pop3 { > > mail_plugins = quota > > pop3_uidl_format = %08Xu%08Xv > > } > > protocol lda { > > mail_plugins = sieve quota > > } > > protocol lmtp { > > mail_plugins = quota sieve > > postmaster_address = webmaster at localhost > > } > > > > If it's helpful, I've tried replacing the pipe script's contents with > the following: > > ##################################################################### > #!/bin/bash > > /usr/lib/dovecot/deliver -d "sa-training at example.com" -m > "Training.$mode" -p /var/vmail/gtube.txt > > # Exit with "success" status code. > exit 0 > ##################################################################### > > And still, the message never arrives when I drag a message from "Inbox" > to "Spam" in the IMAP client, despite the messages logged to syslog, > which "all seem to be correct". > > Yet, if I do this using the above content for the script, the "gtube" > message is delivered successfully: > > # su vmail > $ /usr/local/bin/sa-learn-pipe-test.sh > > The message arrives in the Inbox, presumably because -m "Training.$mode" > does not "resolve" to anything, and per the documentation, the delivery > destination will default to the Inbox in such cases. > > What's wrong with my the custom pipe script to which I posted a link in > my previous message, I wonder? > > Thanks again for any assistance, > > -Ben I don't know how to solve your problem, but I have an alternate method. Create a Junk folder and a ham folder then add the following cron jobs: 30 5 * * * /usr/local/bin/sa-learn --spam /var/vmail/Maildir/.Junk 30 6 * * 6 /usr/local/bin/sa-learn --backup > /etc/mail/spamassassin/spam.db 30 7 * * * /usr/local/bin/sa-learn --ham /var/vmail/Maildir/.Ham -- Edgar Pettijohn From ruga at protonmail.com Fri Aug 19 11:00:50 2016 From: ruga at protonmail.com (Ruga) Date: Fri, 19 Aug 2016 07:00:50 -0400 Subject: Dovecot & Thunderbird on shared mbox Message-ID: Occasional error from TB when selecting a dovecot's shared mbox: "Unable to open the summary file for [shared]" "Perhaps there was an error on disk, or the full path is too long." The server's disk is clear, and the longest full path is [a-zA-Z\/\.]{46}. The error occurs occasionally. From aki.tuomi at dovecot.fi Fri Aug 19 11:04:41 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Fri, 19 Aug 2016 14:04:41 +0300 Subject: Dovecot & Thunderbird on shared mbox In-Reply-To: References: Message-ID: On 19.08.2016 14:00, Ruga wrote: > Occasional error from TB when selecting a dovecot's shared mbox: > > "Unable to open the summary file for [shared]" > "Perhaps there was an error on disk, or the full path is too long." > > The server's disk is clear, and the longest full path is [a-zA-Z\/\.]{46}. > > The error occurs occasionally. Hi! Is there anything in your server's logfiles? Aki From anmeyer at mailbox.org Fri Aug 19 12:11:09 2016 From: anmeyer at mailbox.org (Andreas Meyer) Date: Fri, 19 Aug 2016 14:11:09 +0200 Subject: a question about certificates from letsencrypt Message-ID: <20160819141109.4c43e4fb@workstation.bitcorner.intern> Hello! Certificates from letsencrypt are renewed every three months. Does that mean a MUA has to accept the renewed certificates manually everytime it is renewed? Sorry if this is OT! Greetings Andreas From aki.tuomi at dovecot.fi Fri Aug 19 12:12:19 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Fri, 19 Aug 2016 15:12:19 +0300 Subject: a question about certificates from letsencrypt In-Reply-To: <20160819141109.4c43e4fb@workstation.bitcorner.intern> References: <20160819141109.4c43e4fb@workstation.bitcorner.intern> Message-ID: <3019330c-d54c-bd87-e360-2eed3b8b4025@dovecot.fi> On 19.08.2016 15:11, Andreas Meyer wrote: > Hello! > > Certificates from letsencrypt are renewed every three months. > > Does that mean a MUA has to accept the renewed certificates manually > everytime it is renewed? > > Sorry if this is OT! > > Greetings > > Andreas Depends how your MUA validates the certificate. If it just checks CA, then no. Also I don't think the private key changes, so it should not cause recheck either. Other checks, maybe. Aki From adrian.minta at gmail.com Fri Aug 19 12:40:04 2016 From: adrian.minta at gmail.com (Adrian Minta) Date: Fri, 19 Aug 2016 15:40:04 +0300 Subject: a question about certificates from letsencrypt In-Reply-To: <20160819141109.4c43e4fb@workstation.bitcorner.intern> References: <20160819141109.4c43e4fb@workstation.bitcorner.intern> Message-ID: The cert doesn't work with old clients. On 08/19/2016 03:11 PM, Andreas Meyer wrote: > Hello! > > Certificates from letsencrypt are renewed every three months. > > Does that mean a MUA has to accept the renewed certificates manually > everytime it is renewed? > > Sorry if this is OT! > > Greetings > > Andreas -- Best regards, Adrian Minta From dovecot-ml at seichter.de Fri Aug 19 12:56:55 2016 From: dovecot-ml at seichter.de (Ralph Seichter) Date: Fri, 19 Aug 2016 14:56:55 +0200 Subject: a question about certificates from letsencrypt In-Reply-To: <3019330c-d54c-bd87-e360-2eed3b8b4025@dovecot.fi> References: <20160819141109.4c43e4fb@workstation.bitcorner.intern> <3019330c-d54c-bd87-e360-2eed3b8b4025@dovecot.fi> Message-ID: On 19.08.2016 14:12, Aki Tuomi wrote: > Depends how your MUA validates the certificate. > > If it just checks CA, then no. Also I don't think the private key > changes, so it should not cause recheck either. Other checks, maybe. Last time I checked, the LetsEncrypt client generated a fresh key pair whenever the user requested a certificate to be renewed, unless the user explicitly opted to use the existing keys (which required some extra configuration). That should not matter much for Dovecot or other IMAP servers, but it is very important for Mail Exchangers when using DANE. -Ralph From sven at cs-ware.de Fri Aug 19 13:30:45 2016 From: sven at cs-ware.de (Sven Strickroth) Date: Fri, 19 Aug 2016 15:30:45 +0200 Subject: a question about certificates from letsencrypt In-Reply-To: References: <20160819141109.4c43e4fb@workstation.bitcorner.intern> Message-ID: <930e1783-358c-f333-9159-00941c02f196@cs-ware.de> Hi, On 08/19/2016 03:11 PM, Andreas Meyer wrote: > Certificates from letsencrypt are renewed every three months. I'm using a Let's Encrypt certificate w/o problems for > 6 months now (three times renewed) for web, SMTP and IMAP. As I'm also using DANE I wrote my own script for also updating the TLSA records. I don't recommend to use the official CertBot client, but use a different one (I use acmetiny; see https://community.letsencrypt.org/t/list-of-client-implementations/2103?u=mrtux for a list). Am 19.08.2016 um 14:40 schrieb Adrian Minta: > The cert doesn't work with old clients. What do you understand under old? Ok, Windows XP clients might be problematic regarding SNI and used ciphers, but starting with Vista all clients which use the Windows CryptoAPI and Trust Store are working. Take Mozilla, there is it supported since Firefox 2.0 (I don't know right now which is the corresponding Thunderbird version, but I expect it to be supported since really early versions). Java clients are problematic as you need the latest version. Android works with >= 2.3.6 and iOS iOS >= 3.1. See https://community.letsencrypt.org/t/which-browsers-and-operating-systems-support-lets-encrypt/4394?u=mrtux for a fuller list and feel free to report more working or not working clients, I'll add them there. MTAs usually don't validate the certificates, so there should be no problem. -- Best regards, Sven Strickroth PGP key id F5A9D4C4 @ any key-server From iavor at icdsoft.com Fri Aug 19 13:37:18 2016 From: iavor at icdsoft.com (Iavor Stoev) Date: Fri, 19 Aug 2016 16:37:18 +0300 Subject: POP3 strange logging behavior after upgrade from 2.2.13 to 2.2.25 In-Reply-To: References: Message-ID: <95944848-01c7-5699-3c09-0a3ef542026f@icdsoft.com> Hello, I've tested the patch and can confirm that the issue is resolved. Thank you for your assistance! Iavor Stoev Project Manager // Head of System & Network Administration Department ICDSoft Ltd - http://icdsoft.com On 18.8.2016 ?. 18:14 ?., dovecot-request at dovecot.org wrote: > Hi! > > This has been now fixed in > https://github.com/dovecot/core/commit/7424d35ff1b7d17c0caf7b426c0ef3c2b8229afc > > Aki Tuomi > Dovecot Oy From ruga at protonmail.com Fri Aug 19 14:44:12 2016 From: ruga at protonmail.com (Ruga) Date: Fri, 19 Aug 2016 10:44:12 -0400 Subject: Dovecot & Thunderbird on shared mbox In-Reply-To: References: Message-ID: Dovecot's log (mail_debug=yes) is clear. The error occurs systematically on a shared mbox with subfolders: selection of subfolders is ok, selection of the root shared folder triggers the error. the root shared folder does not contain any mail, which is a wanted feature. On Fri, Aug 19, 2016 at 1:04 PM, Aki Tuomi <'aki.tuomi at dovecot.fi'> wrote: On 19.08.2016 14:00, Ruga wrote: > Occasional error from TB when selecting a dovecot's shared mbox: > > "Unable to open the summary file for [shared]" > "Perhaps there was an error on disk, or the full path is too long." > > The server's disk is clear, and the longest full path is [a-zA-Z/.]{46}. > > The error occurs occasionally. Hi! Is there anything in your server's logfiles? Aki From adrian.minta at gmail.com Fri Aug 19 15:42:17 2016 From: adrian.minta at gmail.com (Adrian Minta) Date: Fri, 19 Aug 2016 18:42:17 +0300 Subject: a question about certificates from letsencrypt In-Reply-To: <930e1783-358c-f333-9159-00941c02f196@cs-ware.de> References: <20160819141109.4c43e4fb@workstation.bitcorner.intern> <930e1783-358c-f333-9159-00941c02f196@cs-ware.de> Message-ID: <2b893996-a05b-7920-d749-acbd70fbf644@gmail.com> On 08/19/2016 04:30 PM, Sven Strickroth wrote: > Am 19.08.2016 um 14:40 schrieb Adrian Minta: >> The cert doesn't work with old clients. > What do you understand under old? > > Ok, Windows XP clients might be problematic regarding SNI and used > ciphers, but starting with Vista all clients which use the Windows > CryptoAPI and Trust Store are working. > > Take Mozilla, there is it supported since Firefox 2.0 (I don't know > right now which is the corresponding Thunderbird version, but I expect > it to be supported since really early versions). > > Java clients are problematic as you need the latest version. > > Android works with >= 2.3.6 and iOS iOS >= 3.1. > > See > https://community.letsencrypt.org/t/which-browsers-and-operating-systems-support-lets-encrypt/4394?u=mrtux > for a fuller list and feel free to report more working or not working > clients, I'll add them there. > > MTAs usually don't validate the certificates, so there should be no problem. > I did encounter some problems last year with Outlook on older Windows XP machines. The problem seems to be discussed here: https://community.letsencrypt.org/t/help-needed-windows-xp-support/8756 https://community.letsencrypt.org/t/upcoming-intermediate-changes/13106 -- Best regards, Adrian Minta From ben at indietorrent.org Fri Aug 19 16:17:24 2016 From: ben at indietorrent.org (ben at indietorrent.org) Date: Fri, 19 Aug 2016 12:17:24 -0400 Subject: antispam plugin pipe script seems not to be called when it "should be" In-Reply-To: <20160819025849.GA93798@thinkpad.my.domain> References: <3f95a9de-9d17-b40a-2f12-7ab73bf9a73f@indietorrent.org> <20160819025849.GA93798@thinkpad.my.domain> Message-ID: On 2016-08-18 22:58, Edgar Pettijohn wrote: > On 16-08-18 22:43:32, Ben Johnson wrote: >> On 8/18/2016 10:26 PM, Ben Johnson wrote: >> > Hello, >> > >> > (Full "doveconf -n" output is at the end of this message.) >> > >> > I'm attempting to recreate a "recipe" I had used successfully for quite >> > some time (in Ubuntu 12.04 LTS), which allowed me to train >> > SpamAssassin's Bayes database when someone dragged an email message from >> > one sub-folder of the account to another. >> > >> > I later tried to re-implement it (in Ubuntu 14.04 LTS), and core-dumps >> > resulted. I posted to this list about it several times, but nobody was >> > ever able to help me solve the problem. >> > >> > I just tried the same (in Ubuntu 16.04 LTS), hoping that the source had >> > evolved since then, and while I don't see a core-dump, the pipe script >> > doesn't seem to be called. >> > >> > I've booby-trapped the pipe script with quite a bit of debugging output, >> > which should be written to a file, but I don't see any indication that >> > the pipe script is ever executed. >> > >> > When logged-in as an IMAP user, and I drag a message from the user's >> > Inbox into the "Spam" folder, I do see the following activity in the syslog: >> > >> > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_unsure(Junk): 0 >> > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_trash(INBOX): 0 >> > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_trash(Junk): 0 >> > Aug 18 22:12:15 example.com imap: antispam: mail copy: from trash: 0, to >> > trash: 0 >> > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_spam(INBOX): 0 >> > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_spam(Junk): 1 >> > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_unsure(INBOX): 0 >> > Aug 18 22:12:15 example.com imap: antispam: mail copy: src spam: 0, dst >> > spam: 1, src unsure: 0 >> > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend >> > program /bin/bash >> > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend >> > program /bin/bash >> > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend >> > program parameter 1 /usr/local/bin/sa-learn-pipe.sh >> > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend >> > program parameter 2 --spam >> > >> > But the piped message is never delivered to the target mailbox. >> > The mail log at /var/log/mail.log does not register any activity when I >> > move messages (and maybe that's expected). >> > >> > Here are the contents of the /usr/local/bin/sa-learn-pipe.sh script: >> > >> > http://pastebin.com/7vm74jmk >> > >> > The permissions and mode on the script seem appropriate: >> > >> > $ stat /usr/local/bin/sa-learn-pipe.sh >> > File: '/usr/local/bin/sa-learn-pipe.sh' >> > Size: 1765 Blocks: 8 IO Block: 4096 regular file >> > Device: fd01h/64769d Inode: 669345 Links: 1 >> > Access: (0755/-rwxr-xr-x) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) >> > Access: 2016-08-18 19:09:47.307392919 -0400 >> > Modify: 2016-08-18 19:09:31.231391749 -0400 >> > Change: 2016-08-18 19:09:31.231391749 -0400 >> > Birth: - >> > >> > What might I be doing incorrectly here? >> > >> > Please let me know if I can provide any other information. >> > >> > Thank you in advance, >> > >> > -Ben >> > >> > >> > >> > Full "doveconf -n" output: >> > >> > $ doveconf -n >> > # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf >> > # Pigeonhole version 0.4.13 (7b14904) >> > # OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS >> > auth_mechanisms = plain login >> > disable_plaintext_auth = no >> > listen = *,[::] >> > log_timestamp = "%Y-%m-%d %H:%M:%S " >> > mail_max_userip_connections = 100 >> > mail_plugins = " quota" >> > mail_privileged_group = vmail >> > passdb { >> > args = /etc/dovecot/dovecot-sql.conf >> > driver = sql >> > } >> > plugin { >> > antispam_backend = pipe >> > antispam_debug_target = syslog >> > antispam_pipe_program = /bin/bash >> > antispam_pipe_program_args = /usr/local/bin/sa-learn-pipe.sh >> > antispam_pipe_program_notspam_arg = --ham >> > antispam_pipe_program_spam_arg = --spam >> > antispam_pipe_tmpdir = /tmp >> > antispam_spam_pattern_ignorecase = SPAM;JUNK >> > antispam_trash_pattern_ignorecase = trash;Deleted * >> > antispam_verbose_debug = 1 >> > quota = dict:user::file:/var/vmail/%d/%n/.quotausage >> > quota_rule2 = Trash:storage=+100M >> > quota_rule3 = Junk:ignore >> > quota_rule4 = INBOX:storage=+100M >> > quota_warning = storage=100%% quota-reached 100 %u %d >> > quota_warning2 = storage=95%% quota-warning 95 %u %d >> > quota_warning3 = storage=80%% quota-warning 80 %u %d >> > quota_warning4 = -storage=100%% quota-below below %u %d >> > sieve = /var/vmail/%d/%n/.sieve >> > sieve_max_redirects = 25 >> > } >> > postmaster_address = postmaster at example.com >> > protocols = imap pop3 >> > service auth { >> > unix_listener /var/spool/postfix/private/auth { >> > group = postfix >> > mode = 0660 >> > user = postfix >> > } >> > unix_listener auth-userdb { >> > group = vmail >> > mode = 0600 >> > user = vmail >> > } >> > user = root >> > } >> > service imap-login { >> > client_limit = 1000 >> > process_limit = 512 >> > } >> > service lmtp { >> > unix_listener /var/spool/postfix/private/dovecot-lmtp { >> > group = postfix >> > mode = 0600 >> > user = postfix >> > } >> > } >> > service quota-below { >> > executable = script /usr/local/bin/quota-below.sh >> > unix_listener quota-below { >> > group = vmail >> > mode = 0666 >> > user = vmail >> > } >> > user = vmail >> > } >> > service quota-reached { >> > executable = script /usr/local/bin/quota-reached.sh >> > unix_listener quota-reached { >> > group = vmail >> > mode = 0666 >> > user = vmail >> > } >> > user = vmail >> > } >> > service quota-warning { >> > executable = script /usr/local/bin/quota-warning.sh >> > unix_listener quota-warning { >> > group = vmail >> > mode = 0666 >> > user = vmail >> > } >> > user = vmail >> > } >> > ssl_cert = > > ssl_key = > > ssl_protocols = !SSLv2 !SSLv3 >> > userdb { >> > driver = prefetch >> > } >> > userdb { >> > args = /etc/dovecot/dovecot-sql.conf >> > driver = sql >> > } >> > protocol imap { >> > mail_plugins = quota imap_quota antispam >> > } >> > protocol pop3 { >> > mail_plugins = quota >> > pop3_uidl_format = %08Xu%08Xv >> > } >> > protocol lda { >> > mail_plugins = sieve quota >> > } >> > protocol lmtp { >> > mail_plugins = quota sieve >> > postmaster_address = webmaster at localhost >> > } >> > >> >> If it's helpful, I've tried replacing the pipe script's contents with >> the following: >> >> ##################################################################### >> #!/bin/bash >> >> /usr/lib/dovecot/deliver -d "sa-training at example.com" -m >> "Training.$mode" -p /var/vmail/gtube.txt >> >> # Exit with "success" status code. >> exit 0 >> ##################################################################### >> >> And still, the message never arrives when I drag a message from >> "Inbox" >> to "Spam" in the IMAP client, despite the messages logged to syslog, >> which "all seem to be correct". >> >> Yet, if I do this using the above content for the script, the "gtube" >> message is delivered successfully: >> >> # su vmail >> $ /usr/local/bin/sa-learn-pipe-test.sh >> >> The message arrives in the Inbox, presumably because -m >> "Training.$mode" >> does not "resolve" to anything, and per the documentation, the >> delivery >> destination will default to the Inbox in such cases. >> >> What's wrong with my the custom pipe script to which I posted a link >> in >> my previous message, I wonder? >> >> Thanks again for any assistance, >> >> -Ben > > I don't know how to solve your problem, but I have an alternate method. > > Create a Junk folder and a ham folder then add the following cron jobs: > > 30 5 * * * /usr/local/bin/sa-learn --spam > /var/vmail/Maildir/.Junk > 30 6 * * 6 /usr/local/bin/sa-learn > --backup > /etc/mail/spamassassin/spam.db > 30 7 * * * /usr/local/bin/sa-learn --ham > /var/vmail/Maildir/.Ham Thank you for taking a look, Edgar! I already have the very setup that you describe. The challenge at hand, however, is with regard to *how* messages end-up in the "ham" and "spam" folders in the first place. This is a multi-user system and each user must be able to contribute to ham/spam training. To make this as easy as possible, and transparent to the end-users, I need for the simple act of dragging a message from Inbox -> Spam (or vice versa) to submit the sample on the user's behalf, automatically. This has all worked swimmingly in the past. In any case, I've made some progress on this go-around. I tested my backend pipe script by doing this, as root, and it works: # /bin/bash /usr/local/bin/sa-learn-pipe.sh --spam < /var/vmail/gtube.txt The message is delivered to the appropriate mailbox and all is well in the world. Of course, in practice, Dovecot does not run as root. So, let's try the same as the vmail user: # su vmail $ /bin/bash /usr/local/bin/sa-learn-pipe.sh --spam < /var/vmail/gtube.txt /usr/local/bin/sa-learn-pipe.sh: line 8: /tmp/sa-learn-pipe.log: Permission denied /usr/local/bin/sa-learn-pipe.sh: line 10: /tmp/sa-learn-pipe.log: Permission denied /usr/local/bin/sa-learn-pipe.sh: line 12: /tmp/sa-learn-pipe.log: Permission denied /usr/local/bin/sa-learn-pipe.sh: line 16: /tmp/sendmail-parms.txt: Permission denied /usr/local/bin/sa-learn-pipe.sh: line 22: /tmp/sa-learn-pipe.log: Permission denied /usr/local/bin/sa-learn-pipe.sh: line 37: /tmp/sa-learn-pipe.log: Permission denied /usr/local/bin/sa-learn-pipe.sh: line 40: /tmp/sa-learn-pipe.log: Permission denied /usr/local/bin/sa-learn-pipe.sh: line 43: /tmp/strace.txt: Permission denied /usr/local/bin/sa-learn-pipe.sh: line 47: /tmp/sa-learn-pipe.log: Permission denied /usr/local/bin/sa-learn-pipe.sh: line 54: /tmp/sa-learn-pipe.log: Permission denied Aha! Clearly, the vmail user cannot read from nor write to /tmp. (Why that is, I have no idea, as the /tmp directory's permissions certainly allow for both; maybe Dovecot implements this as a security measure.) This prompted me to change all references to /tmp in the pipe script to ~/tmp, and create this directory: $ whoami vmail $ mkdir ~/tmp && chmod 770 ~/tmp $ /bin/bash /usr/local/bin/sa-learn-pipe.sh --ham < /var/vmail/gtube.txt No errors this time (at least not on the console). But I do get this in /var/log/mail.err: Aug 19 12:04:24 example.com dovecot: lda(sa-training at example.com): Fatal: Can't open delivery mail as raw: Permission denied I'm not sure how to interpret this message. Where is permission being denied? More importantly, what's the fix? Thanks for any hints! -Ben From edgar at pettijohn-web.com Fri Aug 19 16:27:56 2016 From: edgar at pettijohn-web.com (Edgar Pettijohn) Date: Fri, 19 Aug 2016 11:27:56 -0500 Subject: antispam plugin pipe script seems not to be called when it "should be" In-Reply-To: References: <3f95a9de-9d17-b40a-2f12-7ab73bf9a73f@indietorrent.org> <20160819025849.GA93798@thinkpad.my.domain> Message-ID: <5BB192EE-E752-4B9B-9F42-14DE8407145F@pettijohn-web.com> Sent from my iPhone > On Aug 19, 2016, at 11:17 AM, ben at indietorrent.org wrote: > >> On 2016-08-18 22:58, Edgar Pettijohn wrote: >>> On 16-08-18 22:43:32, Ben Johnson wrote: >>> On 8/18/2016 10:26 PM, Ben Johnson wrote: >>> > Hello, >>> > >>> > (Full "doveconf -n" output is at the end of this message.) >>> > >>> > I'm attempting to recreate a "recipe" I had used successfully for quite >>> > some time (in Ubuntu 12.04 LTS), which allowed me to train >>> > SpamAssassin's Bayes database when someone dragged an email message from >>> > one sub-folder of the account to another. >>> > >>> > I later tried to re-implement it (in Ubuntu 14.04 LTS), and core-dumps >>> > resulted. I posted to this list about it several times, but nobody was >>> > ever able to help me solve the problem. >>> > >>> > I just tried the same (in Ubuntu 16.04 LTS), hoping that the source had >>> > evolved since then, and while I don't see a core-dump, the pipe script >>> > doesn't seem to be called. >>> > >>> > I've booby-trapped the pipe script with quite a bit of debugging output, >>> > which should be written to a file, but I don't see any indication that >>> > the pipe script is ever executed. >>> > >>> > When logged-in as an IMAP user, and I drag a message from the user's >>> > Inbox into the "Spam" folder, I do see the following activity in the syslog: >>> > >>> > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_unsure(Junk): 0 >>> > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_trash(INBOX): 0 >>> > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_trash(Junk): 0 >>> > Aug 18 22:12:15 example.com imap: antispam: mail copy: from trash: 0, to >>> > trash: 0 >>> > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_spam(INBOX): 0 >>> > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_spam(Junk): 1 >>> > Aug 18 22:12:15 example.com imap: antispam: mailbox_is_unsure(INBOX): 0 >>> > Aug 18 22:12:15 example.com imap: antispam: mail copy: src spam: 0, dst >>> > spam: 1, src unsure: 0 >>> > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend >>> > program /bin/bash >>> > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend >>> > program /bin/bash >>> > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend >>> > program parameter 1 /usr/local/bin/sa-learn-pipe.sh >>> > Aug 18 22:12:15 example.com imap: antispam: running mailtrain backend >>> > program parameter 2 --spam >>> > >>> > But the piped message is never delivered to the target mailbox. >>> > The mail log at /var/log/mail.log does not register any activity when I >>> > move messages (and maybe that's expected). >>> > >>> > Here are the contents of the /usr/local/bin/sa-learn-pipe.sh script: >>> > >>> > http://pastebin.com/7vm74jmk >>> > >>> > The permissions and mode on the script seem appropriate: >>> > >>> > $ stat /usr/local/bin/sa-learn-pipe.sh >>> > File: '/usr/local/bin/sa-learn-pipe.sh' >>> > Size: 1765 Blocks: 8 IO Block: 4096 regular file >>> > Device: fd01h/64769d Inode: 669345 Links: 1 >>> > Access: (0755/-rwxr-xr-x) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) >>> > Access: 2016-08-18 19:09:47.307392919 -0400 >>> > Modify: 2016-08-18 19:09:31.231391749 -0400 >>> > Change: 2016-08-18 19:09:31.231391749 -0400 >>> > Birth: - >>> > >>> > What might I be doing incorrectly here? >>> > >>> > Please let me know if I can provide any other information. >>> > >>> > Thank you in advance, >>> > >>> > -Ben >>> > >>> > >>> > >>> > Full "doveconf -n" output: >>> > >>> > $ doveconf -n >>> > # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf >>> > # Pigeonhole version 0.4.13 (7b14904) >>> > # OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS >>> > auth_mechanisms = plain login >>> > disable_plaintext_auth = no >>> > listen = *,[::] >>> > log_timestamp = "%Y-%m-%d %H:%M:%S " >>> > mail_max_userip_connections = 100 >>> > mail_plugins = " quota" >>> > mail_privileged_group = vmail >>> > passdb { >>> > args = /etc/dovecot/dovecot-sql.conf >>> > driver = sql >>> > } >>> > plugin { >>> > antispam_backend = pipe >>> > antispam_debug_target = syslog >>> > antispam_pipe_program = /bin/bash >>> > antispam_pipe_program_args = /usr/local/bin/sa-learn-pipe.sh >>> > antispam_pipe_program_notspam_arg = --ham >>> > antispam_pipe_program_spam_arg = --spam >>> > antispam_pipe_tmpdir = /tmp >>> > antispam_spam_pattern_ignorecase = SPAM;JUNK >>> > antispam_trash_pattern_ignorecase = trash;Deleted * >>> > antispam_verbose_debug = 1 >>> > quota = dict:user::file:/var/vmail/%d/%n/.quotausage >>> > quota_rule2 = Trash:storage=+100M >>> > quota_rule3 = Junk:ignore >>> > quota_rule4 = INBOX:storage=+100M >>> > quota_warning = storage=100%% quota-reached 100 %u %d >>> > quota_warning2 = storage=95%% quota-warning 95 %u %d >>> > quota_warning3 = storage=80%% quota-warning 80 %u %d >>> > quota_warning4 = -storage=100%% quota-below below %u %d >>> > sieve = /var/vmail/%d/%n/.sieve >>> > sieve_max_redirects = 25 >>> > } >>> > postmaster_address = postmaster at example.com >>> > protocols = imap pop3 >>> > service auth { >>> > unix_listener /var/spool/postfix/private/auth { >>> > group = postfix >>> > mode = 0660 >>> > user = postfix >>> > } >>> > unix_listener auth-userdb { >>> > group = vmail >>> > mode = 0600 >>> > user = vmail >>> > } >>> > user = root >>> > } >>> > service imap-login { >>> > client_limit = 1000 >>> > process_limit = 512 >>> > } >>> > service lmtp { >>> > unix_listener /var/spool/postfix/private/dovecot-lmtp { >>> > group = postfix >>> > mode = 0600 >>> > user = postfix >>> > } >>> > } >>> > service quota-below { >>> > executable = script /usr/local/bin/quota-below.sh >>> > unix_listener quota-below { >>> > group = vmail >>> > mode = 0666 >>> > user = vmail >>> > } >>> > user = vmail >>> > } >>> > service quota-reached { >>> > executable = script /usr/local/bin/quota-reached.sh >>> > unix_listener quota-reached { >>> > group = vmail >>> > mode = 0666 >>> > user = vmail >>> > } >>> > user = vmail >>> > } >>> > service quota-warning { >>> > executable = script /usr/local/bin/quota-warning.sh >>> > unix_listener quota-warning { >>> > group = vmail >>> > mode = 0666 >>> > user = vmail >>> > } >>> > user = vmail >>> > } >>> > ssl_cert = >> > ssl_key = >> > ssl_protocols = !SSLv2 !SSLv3 >>> > userdb { >>> > driver = prefetch >>> > } >>> > userdb { >>> > args = /etc/dovecot/dovecot-sql.conf >>> > driver = sql >>> > } >>> > protocol imap { >>> > mail_plugins = quota imap_quota antispam >>> > } >>> > protocol pop3 { >>> > mail_plugins = quota >>> > pop3_uidl_format = %08Xu%08Xv >>> > } >>> > protocol lda { >>> > mail_plugins = sieve quota >>> > } >>> > protocol lmtp { >>> > mail_plugins = quota sieve >>> > postmaster_address = webmaster at localhost >>> > } >>> > >>> If it's helpful, I've tried replacing the pipe script's contents with >>> the following: >>> ##################################################################### >>> #!/bin/bash >>> /usr/lib/dovecot/deliver -d "sa-training at example.com" -m >>> "Training.$mode" -p /var/vmail/gtube.txt >>> # Exit with "success" status code. >>> exit 0 >>> ##################################################################### >>> And still, the message never arrives when I drag a message from "Inbox" >>> to "Spam" in the IMAP client, despite the messages logged to syslog, >>> which "all seem to be correct". >>> Yet, if I do this using the above content for the script, the "gtube" >>> message is delivered successfully: >>> # su vmail >>> $ /usr/local/bin/sa-learn-pipe-test.sh >>> The message arrives in the Inbox, presumably because -m "Training.$mode" >>> does not "resolve" to anything, and per the documentation, the delivery >>> destination will default to the Inbox in such cases. >>> What's wrong with my the custom pipe script to which I posted a link in >>> my previous message, I wonder? >>> Thanks again for any assistance, >>> -Ben >> I don't know how to solve your problem, but I have an alternate method. >> Create a Junk folder and a ham folder then add the following cron jobs: >> 30 5 * * * /usr/local/bin/sa-learn --spam >> /var/vmail/Maildir/.Junk >> 30 6 * * 6 /usr/local/bin/sa-learn >> --backup > /etc/mail/spamassassin/spam.db >> 30 7 * * * /usr/local/bin/sa-learn --ham >> /var/vmail/Maildir/.Ham > > Thank you for taking a look, Edgar! > > I already have the very setup that you describe. > > The challenge at hand, however, is with regard to *how* messages end-up in the "ham" and "spam" folders in the first place. > > This is a multi-user system and each user must be able to contribute to ham/spam training. To make this as easy as possible, and transparent to the end-users, I need for the simple act of dragging a message from Inbox -> Spam (or vice versa) to submit the sample on the user's behalf, automatically. This has all worked swimmingly in the past. > > In any case, I've made some progress on this go-around. > > I tested my backend pipe script by doing this, as root, and it works: > > # /bin/bash /usr/local/bin/sa-learn-pipe.sh --spam < /var/vmail/gtube.txt > > The message is delivered to the appropriate mailbox and all is well in the world. > > Of course, in practice, Dovecot does not run as root. So, let's try the same as the vmail user: > > # su vmail > $ /bin/bash /usr/local/bin/sa-learn-pipe.sh --spam < /var/vmail/gtube.txt > /usr/local/bin/sa-learn-pipe.sh: line 8: /tmp/sa-learn-pipe.log: Permission denied > /usr/local/bin/sa-learn-pipe.sh: line 10: /tmp/sa-learn-pipe.log: Permission denied > /usr/local/bin/sa-learn-pipe.sh: line 12: /tmp/sa-learn-pipe.log: Permission denied > /usr/local/bin/sa-learn-pipe.sh: line 16: /tmp/sendmail-parms.txt: Permission denied > /usr/local/bin/sa-learn-pipe.sh: line 22: /tmp/sa-learn-pipe.log: Permission denied > /usr/local/bin/sa-learn-pipe.sh: line 37: /tmp/sa-learn-pipe.log: Permission denied > /usr/local/bin/sa-learn-pipe.sh: line 40: /tmp/sa-learn-pipe.log: Permission denied > /usr/local/bin/sa-learn-pipe.sh: line 43: /tmp/strace.txt: Permission denied > /usr/local/bin/sa-learn-pipe.sh: line 47: /tmp/sa-learn-pipe.log: Permission denied > /usr/local/bin/sa-learn-pipe.sh: line 54: /tmp/sa-learn-pipe.log: Permission denied > > Aha! Clearly, the vmail user cannot read from nor write to /tmp. (Why that is, I have no idea, as the /tmp directory's permissions certainly allow for both; maybe Dovecot implements this as a security measure.) > If in a chroot /tmp may not exist. That's all I can think of there. > This prompted me to change all references to /tmp in the pipe script to ~/tmp, and create this directory: > > $ whoami > vmail > $ mkdir ~/tmp && chmod 770 ~/tmp > $ /bin/bash /usr/local/bin/sa-learn-pipe.sh --ham < /var/vmail/gtube.txt > > No errors this time (at least not on the console). > > But I do get this in /var/log/mail.err: > > Aug 19 12:04:24 example.com dovecot: lda(sa-training at example.com): Fatal: Can't open delivery mail as raw: Permission denied > That's a new one for me. > I'm not sure how to interpret this message. Where is permission being denied? More importantly, what's the fix? > > Thanks for any hints! > > -Ben From ben at indietorrent.org Fri Aug 19 16:35:28 2016 From: ben at indietorrent.org (ben at indietorrent.org) Date: Fri, 19 Aug 2016 12:35:28 -0400 Subject: dovecot-lda core-dumps when antispam pipe script calls it In-Reply-To: References: <3f95a9de-9d17-b40a-2f12-7ab73bf9a73f@indietorrent.org> <20160819025849.GA93798@thinkpad.my.domain> Message-ID: <121af0846522467a88f9bf240fc20e89@indietorrent.org> On 2016-08-19 12:17, ben at indietorrent.org wrote: > Aha! Clearly, the vmail user cannot read from nor write to /tmp. (Why > that is, I have no idea, as the /tmp directory's permissions certainly > allow for both; maybe Dovecot implements this as a security measure.) > > This prompted me to change all references to /tmp in the pipe script > to ~/tmp, and create this directory: > > $ whoami > vmail > $ mkdir ~/tmp && chmod 770 ~/tmp > $ /bin/bash /usr/local/bin/sa-learn-pipe.sh --ham < > /var/vmail/gtube.txt > > No errors this time (at least not on the console). > > But I do get this in /var/log/mail.err: > > Aug 19 12:04:24 example.com dovecot: lda(sa-training at example.com): > Fatal: Can't open delivery mail as raw: Permission denied > > I'm not sure how to interpret this message. Where is permission being > denied? More importantly, what's the fix? > > Thanks for any hints! > > -Ben Apologies for the rapid-fire replies here. The strace output that I'm capturing in the pipe script pinpointed the problem: open("/root/~/tmp/sendmail-msg-26272.txt", O_RDONLY) = -1 EACCES (Permission denied) There seems to be some expansion occurring that assumes the root user, despite executing the pipe script as the vmail user, so I changed all references to ~/tmp in the pipe script to /var/vmail/tmp and permission is no longer denied. But, now dovecot-lda is core-dumping. Here is the strace output: http://pastebin.com/RrKmFhzC So, I'm back to where I was with this problem two years ago. At that time, I gave-up, because I couldn't invest the time required to compile the latest versions of Dovecot and all plugins from scratch in an effort to prove that the bug exists in the latest source. "Dovecot always logs a detailed error message if something goes wrong. If it doesn't, it's considered a bug and will be fixed." - http://wiki2.dovecot.org/Logging I'm happy to help identify the root-cause, but I need some guidance here. Thank you, -Ben From scottwsx96 at gmail.com Fri Aug 19 18:43:14 2016 From: scottwsx96 at gmail.com (Scott W. Sander) Date: Fri, 19 Aug 2016 18:43:14 +0000 Subject: Change dovecot hostname Message-ID: I have noticed that the name of my private server running dovecot appears in email headers rather than the public-friendly name of my server. Is there a method to specify an alternate server name for the dovecot server to use for itself in the dovecot configuration files? I performed a few Google searches and was not able to find the answer to my question. ------- user at server1:~$ dovecot --version 2.2.9 user at server1:~$ dovecot -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-77-generic x86_64 Ubuntu 14.04.4 LTS ext4 auth_mechanisms = plain login info_log_path = /var/log/dovecot.log log_path = /var/log/dovecot.log mail_location = maildir:/var/mail/vhosts/%d/%n namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users driver = passwd-file } protocols = " imap lmtp pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3s { port = 995 ssl = yes } } ssl = required ssl_cert = Hi! I'm currently experiencing a crash of dovecot 2.2.25 on Gentoo, upon opening mailbox. The crash only triggers on opening inbox, other mailboxes seem to work fine. It happens every time, and can be reproduced on request. I also briefly tried 2.2.19, and it behaves the same. The bug seems to be triggered by some mail, as I encountered it previously and fixed by removing some spam. I guess it might be malformed header of some kind. I can open the mailbox locally using mutt, but fail to do so remotely (using mutt or K-9 mail on android). Unforunately, I haven't been able to isolate the specific mail, as when I create a new mailbox, dovecot refuses to open it: [CANNOT] Mailbox isn't a valid mbox file (0.000 + 0.000 secs). I'm not really sure what's going on and will investigate further once I find some time to do so. I also experienced a similar problem on opening a specific mail, but it's much harder to reproduce and I currently don't have an example. The crash looks very similar, and only happens on first attempt to open a specific mail, it always works later on. I'm attaching a stack trace and dovecot -n. I'm also willing to send the binary and core dump, but not publicly, as I'm not eager to share whatever's inside with the whole world. Other than what I mentioned, I'm running pretty standard setup, with postfix on Gentoo x86_64, ext4 fs, quota and disk space is plentiful. The delivery agent is dovecot itself, in postfix/main.cf I have: mailbox_command = /usr/libexec/dovecot/deliver I'm using sieve script to file my mail, but the problem manifested even before when I was still using procmail to deliver my mail (I migrated because I had doubts about procmail and dovecot lock cooperation) I'll keep my mailbox corrupted for a few more days, and access the mail only locally, hoping to test a potential fix. Let me know if you need any more info/experimentation. Also, if you know a good way to find the mail that causes the trouble out of the core, let me know, I'd be glad to forward it for testing. Thanks and I hope we can find (and fix) the problem! -- S pozdravem Ladislav L?ska Katedra Aplikovan? Matematiky, MFF UK tel.: +420 739 464 167 -------------- next part -------------- # 2.2.25 (7be1766): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.15 (97b3da0) # OS: Linux 4.0.4-gentoo x86_64 Gentoo Base System release 2.2 auth_username_format = %n hostname = ibex.krakonos.org login_greeting = Dovecot at krakonos.org ready. mail_debug = yes mail_location = mbox:~/.mbox namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = * driver = pam } passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute sieve_execute_socket_dir = sieve-execute sieve_extensions = +vnd.dovecot.filter +editheader sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter sieve_filter_socket_dir = sieve-filter sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe sieve_pipe_socket_dir = sieve-pipe sieve_plugins = sieve_extprograms } postmaster_address = postmaster at krakonos.org protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } ssl_cert = , status=status at entry=0) at failures.c:201 backtrace = 0x7a48a0 "/usr/lib64/dovecot/libdovecot.so.0(+0x8d91e) [0x7f328d31791e] -> /usr/lib64/dovecot/libdovecot.so.0(+0x8da0a) [0x7f328d317a0a] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f328d2b5fce] -> /usr"... #3 0x00007f328d317a0a in i_internal_fatal_handler (ctx=0x7ffc6c9df360, format=, args=) at failures.c:670 status = 0 #4 0x00007f328d2b5fce in i_panic (format=format at entry=0x7f328d655ce8 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:275 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0, timestamp_usecs = 0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7ffc6c9df460, reg_save_area = 0x7ffc6c9df3a0}} #5 0x00007f328d617e56 in array_idx_i (idx=, array=) at ../../../src/lib/array.h:219 No locals. #6 index_mail_get_parsed_header (field_idx=, mail=) at index-mail-headers.c:585 value = 0x7f328d331616 "H\205\300t\025[\303\017\037" lines_count = value_start = value_end = i = first_line_idx = #7 index_mail_get_raw_headers (mail=mail at entry=0x7d7e80, field=field at entry=0x7f328d663446 "Message-Id", value_r=value_r at entry=0x7ffc6c9df540) at index-mail-headers.c:656 _mail = headers = {0x7e41f0 "0B~", 0x7f328d88b2d8 ""} value = 0x1001 headers_ctx = 0x7f328d59a380 data = field_idx = 20 dest = i = len = 8212720 ret = __FUNCTION__ = "index_mail_get_raw_headers" #8 0x00007f328d6182a6 in index_mail_get_first_header (_mail=0x7d7e80, field=0x7f328d663446 "Message-Id", decode_to_utf8=false, value_r=0x7ffc6c9df5e0) at index-mail-headers.c:818 mail = 0x7d7e80 list = 0xffffffff009df940 retry = true ret = #9 0x00007f328d5cb93d in mail_get_first_header (mail=mail at entry=0x7d7e80, field=field at entry=0x7f328d663446 "Message-Id", value_r=value_r at entry=0x7ffc6c9df5e0) at mail.c:187 _data_stack_cur_id = 5 p = 0x7d7e80 ret = #10 0x00007f328d62be70 in i_stream_mail_get_cached_mail_id (mstream=0x7d5230) at istream-mail.c:50 orig_lookup_abort = MAIL_LOOKUP_ABORT_NEVER value = 0x7d52a0 ";\024" ret = 0x7f328d65cc7e "" i = mail = 0x7d7e80 headers = {0x7f328d663446 "Message-Id", 0x7f328d6564d5 "Date", 0x7f328d656afc "Subject"} #11 i_stream_mail_set_size_corrupted (mstream=mstream at entry=0x7d5230, size=size at entry=2887) at istream-mail.c:74 cur_size = 8066 str = 0x7f328d663427 "smaller" mail_id = #12 0x00007f328d62c062 in i_stream_mail_read (stream=0x7d5230) at istream-mail.c:109 mstream = 0x7d5230 size = 2887 ret = #13 0x00007f328d321e03 in i_stream_read (stream=stream at entry=0x7d52a0) at istream.c:174 _stream = 0x7d5230 old_size = 1 ret = __FUNCTION__ = "i_stream_read" #14 0x00007f328d32283d in i_stream_read_data (stream=0x7d52a0, data_r=data_r at entry=0x7ffc6c9df6d8, size_r=size_r at entry=0x7ffc6c9df6e0, threshold=threshold at entry=1) at istream.c:563 ret = read_more = false __FUNCTION__ = "i_stream_read_data" #15 0x00007f328d303042 in message_parse_header_next (ctx=0x7e2ee0, hdr_r=hdr_r at entry=0x7ffc6c9df780) at message-header-parser.c:84 line = 0x7e2ee0 msg = 0x7dd2f2 "XQgc2UgbWFwb3ZhdCBha3R1YWxuaSBwb2tyeXRpIHNpZ25hbHUgbmVtYSBzbXlzbCwg\namVkbmFrIHNlIHN0YWxlIG1lbmkgYQpwb3RyZWJuYSBkYXRhIG8gbmFzdGF2ZW5pIHZ5a29udSBh\nIHNtZXJvdmFuaSBhbnRlbiB6bmEgamVub20gb3BlcmF0b3IuCgpDbyB"... i = size = 1 startpos = 0 colon_pos = 4294967295 parse_size = skip = 0 ret = continued = false continues = false last_no_newline = last_crlf = no_newline = false crlf_newline = false __FUNCTION__ = "message_parse_header_next" #16 0x00007f328d2fd6c1 in read_header (mstream=0x7df5a0) at istream-header-filter.c:194 max_buffer_size = ret = hdr = 0x0 highwater_offset = ret2 = hdr_ret = #17 i_stream_header_filter_read (stream=0x7df5a0) at istream-header-filter.c:425 mstream = 0x7df5a0 #18 0x00007f328d321e03 in i_stream_read (stream=stream at entry=0x7df610) at istream.c:174 _stream = 0x7df5a0 old_size = 43 ret = __FUNCTION__ = "i_stream_read" #19 0x00007f328d32283d in i_stream_read_data (stream=0x7df610, data_r=data_r at entry=0x7ffc6c9df858, size_r=size_r at entry=0x7ffc6c9df860, threshold=threshold at entry=43) at istream.c:563 ret = read_more = false __FUNCTION__ = "i_stream_read_data" #20 0x00007f328d303042 in message_parse_header_next (ctx=0x7e1a20, hdr_r=hdr_r at entry=0x7ffc6c9df900) at message-header-parser.c:84 line = 0x7e1a20 msg = 0x7df974 "Content-Type: text/plain; charset=\"utf-8\"\r\netmap.org>\r\n)\r\nt>\r\n95 at amd>\r\n\r\n" i = size = 43 startpos = 42 colon_pos = 12 parse_size = skip = 0 ret = continued = false continues = false last_no_newline = last_crlf = no_newline = false crlf_newline = false __FUNCTION__ = "message_parse_header_next" #21 0x00007f328d2fd6c1 in read_header (mstream=0x7e07e0) at istream-header-filter.c:194 max_buffer_size = ret = hdr = 0x0 highwater_offset = ret2 = hdr_ret = #22 i_stream_header_filter_read (stream=0x7e07e0) at istream-header-filter.c:425 mstream = 0x7e07e0 #23 0x00007f328d321e03 in i_stream_read (stream=stream at entry=0x7e0850) at istream.c:174 _stream = 0x7e07e0 old_size = 2 ret = __FUNCTION__ = "i_stream_read" #24 0x00007f328d32283d in i_stream_read_data (stream=stream at entry=0x7e0850, data_r=data_r at entry=0x7ffc6c9df9d8, size_r=size_r at entry=0x7ffc6c9df9e0, threshold=threshold at entry=2) at istream.c:563 ret = read_more = false __FUNCTION__ = "i_stream_read_data" #25 0x00007f328d306d64 in message_get_header_size (input=0x7e0850, hdr=hdr at entry=0x7ffc6c9dfad0, has_nuls_r=has_nuls_r at entry=0x7ffc6c9dfa4f) at message-size.c:19 msg = 0x7e0bb4 "\r\n>\r\n" i = size = 2 startpos = 2 missing_cr_count = 0 ret = __FUNCTION__ = "message_get_header_size" #26 0x00007f328d654ff7 in imap_msgpart_get_partial_header (mail=, msgpart=, msgpart=, result_r=0x7ffc6c9dfb40, have_crlfs_r=, virtual_size_r=0x7ffc6c9dfa58, mail_input=0x7df610) at imap-msgpart.c:395 hdr_fields = 0x7cdc38 hdr_size = {physical_size = 1069, virtual_size = 0, lines = 19} hdr_count = input = 0x7e0850 has_nuls = false #27 imap_msgpart_open_normal (result_r=0x7ffc6c9dfb40, have_crlfs_r=, virtual_size_r=0x7ffc6c9dfa58, part=, msgpart=0x7cdad0, mail=0x7d7e80) at imap-msgpart.c:630 hdr_size = {physical_size = 0, virtual_size = 0, lines = 0} part_size = {physical_size = 0, virtual_size = 0, lines = 0} unknown_crlfs = body_size = {physical_size = 0, virtual_size = 0, lines = 0} input = 0x7df610 #28 imap_msgpart_open (mail=0x7d7e80, msgpart=0x7cdad0, result_r=result_r at entry=0x7ffc6c9dfb40) at imap-msgpart.c:699 part = 0x0 virtual_size = 6789327327946376192 include_hdr = binary = false use_partial_cache = have_crlfs = #29 0x000000000041d4ae in fetch_body_msgpart (ctx=0x7c6708, mail=, body=0x7d0eb0) at imap-fetch-body.c:185 result = {input = 0x0, size = 0, size_field = (unknown: 0), binary_decoded_input_has_nuls = false} str = 0x7c67a0 #30 0x000000000041b9fc in imap_fetch_more_int (ctx=ctx at entry=0x7c6708, cancel=false) at imap-fetch.c:505 h = _data_stack_cur_id = 4 state = 0x7c6758 client = 0x7c5680 count = ret = __FUNCTION__ = "imap_fetch_more_int" #31 0x000000000041ca0a in imap_fetch_more (ctx=0x7c6708, cmd=cmd at entry=0x7c6260) at imap-fetch.c:557 ret = __FUNCTION__ = "imap_fetch_more" #32 0x000000000040f57c in cmd_fetch (cmd=0x7c6260) at cmd-fetch.c:297 client = 0x7c5680 ctx = 0x7c6708 args = 0x7b08f8 next_arg = list_arg = 0x1 search_args = 0x0 qresync_args = {qresync_sample_seqset = 0x7a45c0, qresync_sample_uidset = 0xa} messageset = 0x7ce2d0 "147131,147130,147129,147128,147127,147126,147125,147124,147123,147122,147121,147120,147119,147118,147117,147116,147115,147114,147112,147111,147110,147109,147108,147107,147106,147105,147104,147103,1471"... send_vanished = ret = #33 0x000000000041a29c in command_exec (cmd=cmd at entry=0x7c6260) at imap-commands.c:180 hook = 0x7ad0f0 finished = cmd_start_timeval = {tv_sec = 1471632720, tv_usec = 52660} cmd_start_bytes_in = 68 cmd_start_bytes_out = 1509 __FUNCTION__ = "command_exec" #34 0x0000000000418772 in client_command_input (cmd=cmd at entry=0x7c6260) at imap-client.c:969 client = 0x7c5680 command = __FUNCTION__ = "client_command_input" #35 0x0000000000418800 in client_command_input (cmd=0x7c6260) at imap-client.c:1029 client = 0x7c5680 command = __FUNCTION__ = "client_command_input" #36 0x0000000000418b95 in client_handle_next_command (remove_io_r=, client=0x7c5680) at imap-client.c:1069 No locals. #37 client_handle_input (client=0x7c5680) at imap-client.c:1081 _data_stack_cur_id = 3 remove_io = false handled_commands = false client = 0x7c5680 #38 0x0000000000419042 in client_input (client=0x7c5680) at imap-client.c:1128 cmd = 0xcd8d output = 0x7c60a0 bytes = 875 __FUNCTION__ = "client_input" #39 0x00007f328d32b7dc in io_loop_call_io (io=0x7c6170) at ioloop.c:564 ioloop = 0x7ac730 t_id = 2 __FUNCTION__ = "io_loop_call_io" #40 0x00007f328d32cc41 in io_loop_handler_run_internal (ioloop=ioloop at entry=0x7ac730) at ioloop-epoll.c:220 ctx = 0x7ae240 io = tv = {tv_sec = 1799, tv_usec = 999818} events_count = msecs = ret = 1 i = 0 j = call = __FUNCTION__ = "io_loop_handler_run_internal" #41 0x00007f328d32b865 in io_loop_handler_run (ioloop=ioloop at entry=0x7ac730) at ioloop.c:612 No locals. #42 0x00007f328d32ba08 in io_loop_run (ioloop=0x7ac730) at ioloop.c:588 __FUNCTION__ = "io_loop_run" #43 0x00007f328d2bc3e3 in master_service_run (service=0x7ac5d0, callback=callback at entry=0x424f30 ) at master-service.c:640 No locals. #44 0x000000000040c912 in main (argc=1, argv=0x7ac390) at main.c:460 set_roots = {0x42dc40 , 0x6371c0 , 0x0} login_set = {auth_socket_path = 0x7a4048 "\001", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x425700 , failure_callback = 0x425040 , request_auth_token = 1} service_flags = storage_service_flags = username = 0x0 auth_socket_path = 0x42ebee "auth-master" c = From harlan at pfcs.com Fri Aug 19 21:18:38 2016 From: harlan at pfcs.com (Harlan Stenn) Date: Fri, 19 Aug 2016 14:18:38 -0700 Subject: [patch] Improved error checking for the dovecot-antispam-plugin In-Reply-To: References: Message-ID: Robert, First, thanks! Second, I'm not a committer on the dovecot project. But I've written a lot of software where if an end user has a problem and either they want to know why or if they report it and ask for help, I've found it is MUCH better to have enough info in the message given to the user/logged somewhere. Something like: "subroutine: open(%s) failed: %m" It reduces our support load and gives us the information we need to quickly resolve issues. Sent from my iPhone - please excuse brevity and typos > On Aug 18, 2016, at 8:16 AM, Robert Munteanu wrote: > > (snip) > >> I have no issue in resending a new version of the patch with better >> error reporting, will do so in the following days. >> >> Robert > > I've attached a second version of the patch, feel free to consider any > of them for inclusion. > > Thanks, > > Robert > > > -- > http://robert.muntea.nu/ > From aki.tuomi at dovecot.fi Fri Aug 19 22:25:01 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Sat, 20 Aug 2016 01:25:01 +0300 (EEST) Subject: Crash on opening mailbox In-Reply-To: References: Message-ID: <555988293.781.1471645502235@appsuite-dev.open-xchange.com> > On August 19, 2016 at 10:00 PM Ladislav Laska wrote: > > > Hi! > > I'm currently experiencing a crash of dovecot 2.2.25 on Gentoo, upon opening > mailbox. The crash only triggers on opening inbox, other mailboxes seem to work > fine. It happens every time, and can be reproduced on request. I also briefly > tried 2.2.19, and it behaves the same. > > The bug seems to be triggered by some mail, as I encountered it previously and > fixed by removing some spam. I guess it might be malformed header of some kind. > I can open the mailbox locally using mutt, but fail to do so remotely (using > mutt or K-9 mail on android). Unforunately, I haven't been able to isolate the > specific mail, as when I create a new mailbox, dovecot refuses to open it: > > [CANNOT] Mailbox isn't a valid mbox file (0.000 + 0.000 secs). > > I'm not really sure what's going on and will investigate further once I find > some time to do so. > > I also experienced a similar problem on opening a specific mail, but it's much > harder to reproduce and I currently don't have an example. The crash looks very > similar, and only happens on first attempt to open a specific mail, it always > works later on. > > I'm attaching a stack trace and dovecot -n. I'm also willing to send the binary > and core dump, but not publicly, as I'm not eager to share whatever's inside > with the whole world. > > Other than what I mentioned, I'm running pretty standard setup, with postfix on > Gentoo x86_64, ext4 fs, quota and disk space is plentiful. The delivery agent is > dovecot itself, in postfix/main.cf I have: > > mailbox_command = /usr/libexec/dovecot/deliver > > I'm using sieve script to file my mail, but the problem manifested even before > when I was still using procmail to deliver my mail (I migrated because I had > doubts about procmail and dovecot lock cooperation) > > I'll keep my mailbox corrupted for a few more days, and access the mail only > locally, hoping to test a potential fix. Let me know if you need any more > info/experimentation. Also, if you know a good way to find the mail that causes > the trouble out of the core, let me know, I'd be glad to forward it for testing. > > Thanks and I hope we can find (and fix) the problem! > > -- > S pozdravem Ladislav L?ska > Katedra Aplikovan? Matematiky, MFF UK tel.: +420 739 464 167 Hi! Please provide doveconf -n relevant log files (or at least anything you care to share) gdb /path/to/binary /path/to/core bt full --- Aki Tuomi Dovecot Oy From jtam.home at gmail.com Fri Aug 19 23:11:28 2016 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 19 Aug 2016 16:11:28 -0700 (PDT) Subject: Change dovecot hostname In-Reply-To: References: Message-ID: "Scott W. Sander" writes: > I have noticed that the name of my private server running dovecot appears > in email headers rather than the public-friendly name of my server. Which headers are you taking about? If you're talking about Received: headers, that's usually inserted by your MTA, not dovecot. Joseph Tam From laska at kam.mff.cuni.cz Sun Aug 21 10:59:40 2016 From: laska at kam.mff.cuni.cz (Ladislav Laska) Date: Sun, 21 Aug 2016 12:59:40 +0200 Subject: Crash on opening mailbox In-Reply-To: <555988293.781.1471645502235@appsuite-dev.open-xchange.com> References: <555988293.781.1471645502235@appsuite-dev.open-xchange.com> Message-ID: Hi! dovecot -n and backtrace are both attached in my original email, due to their size. Did the attachments not arrive? The relevant log does not contain much more than the trace, but here it is: Aug 21 12:58:28 ibex dovecot: imap-login: Login: user=, method=PLAIN, rip=77.48.73.189, lip=78.108.107.19, mpid=17785, TLS, session= Aug 21 12:58:28 ibex dovecot: imap(krakonos): Debug: Effective uid=1000, gid=100, home=/home/krakonos Aug 21 12:58:28 ibex dovecot: imap(krakonos): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mbox:~/.mbox Aug 21 12:58:28 ibex dovecot: imap(krakonos): Debug: mbox: INBOX defaulted to /home/krakonos/.mbox/inbox Aug 21 12:58:28 ibex dovecot: imap(krakonos): Debug: fs: root=/home/krakonos/.mbox, index=, indexpvt=, control=, inbox=/home/krakonos/.mbox/inbox, alt= Aug 21 12:58:29 ibex dovecot: imap(krakonos): Panic: file ../../../src/lib/array.h: line 219 (array_idx_i): assertion failed: (idx * array->element_size < array->buffer->used) Aug 21 12:58:29 ibex dovecot: imap(krakonos): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x8d91e) [0x7fa68fb6a91e] -> /usr/lib64/dovecot/libdovecot.so.0(+0x8da0a) [0x7fa68fb6aa0a] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7fa68fb08fce] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x79e56) [0x7fa68fe6ae56] -> /usr/lib64/dovecot/libdovecot-storage.so.0(index_mail_get_first_header+0xd6) [0x7fa68fe6b2a6] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_get_first_header+0x3d) [0x7fa68fe1e93d] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x8de70) [0x7fa68fe7ee70] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x8e062) [0x7fa68fe7f062] -> /usr/lib64/dovecot/libdovecot.so.0(i_stream_read+0x53) [0x7fa68fb74e03] -> /usr/lib64/dovecot/libdovecot.so.0(i_stream_read_data+0x3d) [0x7fa68fb7583d] -> /usr/lib64/dovecot/libdovecot.so.0(message_parse_header_next+0x72) [0x7fa68fb56042] -> /usr/lib64/dovecot/libdovecot.so.0(+0x736c1) [0x7fa68fb506c1] -> /usr/lib64/dovecot/libdovecot.so.0(i_stream_read+0x53) [0x7fa68fb74e03] -> /usr/lib64/dovecot/libdovecot.so.0(i_stream_read_data+0x3d) [0x7fa68fb7583d] -> /usr/lib64/dovecot/libdovecot.so.0(message_parse_header_next+0x72) [0x7fa68fb56042] -> /usr/lib64/dovecot/libdovecot.so.0(+0x736c1) [0x7fa68fb506c1] -> /usr/lib64/dovecot/libdovecot.so.0(i_stream_read+0x53) [0x7fa68fb74e03] -> /usr/lib64/dovecot/libdovecot.so.0(i_stream_read_data+0x3d) [0x7fa68fb7583d] -> /usr/lib64/dovecot/libdovecot.so.0(message_get_header_size+0x74) [0x7fa68fb59d64] -> /usr/lib64/dovecot/libdovecot-storage.so.0(imap_msgpart_open+0x317) [0x7fa68fea7ff7] -> dovecot/imap() [0x41d4ae] -> dovecot/imap() [0x41b9fc] -> dovecot/imap(imap_fetch_more+0x3a) [0x41ca0a] -> dovecot/imap(cmd_fetch+0x32c) [0x40f57c] -> dovecot/imap(command_exec+0x9c) [0x41a29c] -> dovecot/imap() [0x418772] -> dovecot/imap() [0x418800] -> dovecot/imap(client_handle_input+0x175) [0x418b95] Aug 21 12:58:29 ibex dovecot: imap(krakonos): Fatal: master: service(imap): child 17785 killed with signal 6 (core dumped) On Sat, Aug 20, 2016 at 01:25:01AM +0300, Aki Tuomi wrote: > > > On August 19, 2016 at 10:00 PM Ladislav Laska wrote: > > > > > > Hi! > > > > I'm currently experiencing a crash of dovecot 2.2.25 on Gentoo, upon opening > > mailbox. The crash only triggers on opening inbox, other mailboxes seem to > > work fine. It happens every time, and can be reproduced on request. I also > > briefly tried 2.2.19, and it behaves the same. > > > > The bug seems to be triggered by some mail, as I encountered it previously > > and fixed by removing some spam. I guess it might be malformed header of > > some kind. I can open the mailbox locally using mutt, but fail to do so > > remotely (using mutt or K-9 mail on android). Unforunately, I haven't been > > able to isolate the specific mail, as when I create a new mailbox, dovecot > > refuses to open it: > > > > [CANNOT] Mailbox isn't a valid mbox file (0.000 + 0.000 secs). > > > > I'm not really sure what's going on and will investigate further once I find > > some time to do so. > > > > I also experienced a similar problem on opening a specific mail, but it's > > much harder to reproduce and I currently don't have an example. The crash > > looks very similar, and only happens on first attempt to open a specific > > mail, it always works later on. > > > > I'm attaching a stack trace and dovecot -n. I'm also willing to send the > > binary and core dump, but not publicly, as I'm not eager to share whatever's > > inside with the whole world. > > > > Other than what I mentioned, I'm running pretty standard setup, with postfix > > on Gentoo x86_64, ext4 fs, quota and disk space is plentiful. The delivery > > agent is dovecot itself, in postfix/main.cf I have: > > > > mailbox_command = /usr/libexec/dovecot/deliver > > > > I'm using sieve script to file my mail, but the problem manifested even > > before when I was still using procmail to deliver my mail (I migrated > > because I had doubts about procmail and dovecot lock cooperation) > > > > I'll keep my mailbox corrupted for a few more days, and access the mail only > > locally, hoping to test a potential fix. Let me know if you need any more > > info/experimentation. Also, if you know a good way to find the mail that > > causes the trouble out of the core, let me know, I'd be glad to forward it > > for testing. > > > > Thanks and I hope we can find (and fix) the problem! > > > > -- S pozdravem Ladislav L?ska > > > > Katedra Aplikovan? Matematiky, MFF UK tel.: +420 739 464 167 > > Hi! > > Please provide > > doveconf -n > > relevant log files (or at least anything you care to share) > > gdb /path/to/binary /path/to/core > bt full > > --- > Aki Tuomi > Dovecot Oy -- S pozdravem Ladislav L?ska Katedra Aplikovan? Matematiky, MFF UK tel.: +420 739 464 167 From aki.tuomi at dovecot.fi Sun Aug 21 11:30:06 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Sun, 21 Aug 2016 14:30:06 +0300 Subject: Crash on opening mailbox Message-ID: <61yga2r2cvij60a6f62u1lgi.1471779006853@email.android.com> So it seems. Sorry must've missed them. ---Aki TuomiDovecot oy -------- Original message --------From: Ladislav Laska Date: 21/08/2016 13:59 (GMT+02:00) To: Aki Tuomi Cc: dovecot at dovecot.org Subject: Re: Crash on opening mailbox Hi! dovecot -n and backtrace are both attached in my original email, due to their size. Did the attachments not arrive? The relevant log does not contain much more than the trace, but here it is: Aug 21 12:58:28 ibex dovecot: imap-login: Login: user=, method=PLAIN, rip=77.48.73.189, lip=78.108.107.19, mpid=17785, TLS, session= Aug 21 12:58:28 ibex dovecot: imap(krakonos): Debug: Effective uid=1000, gid=100, home=/home/krakonos Aug 21 12:58:28 ibex dovecot: imap(krakonos): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mbox:~/.mbox Aug 21 12:58:28 ibex dovecot: imap(krakonos): Debug: mbox: INBOX defaulted to /home/krakonos/.mbox/inbox Aug 21 12:58:28 ibex dovecot: imap(krakonos): Debug: fs: root=/home/krakonos/.mbox, index=, indexpvt=, control=, inbox=/home/krakonos/.mbox/inbox, alt= Aug 21 12:58:29 ibex dovecot: imap(krakonos): Panic: file ../../../src/lib/array.h: line 219 (array_idx_i): assertion failed: (idx * array->element_size < array->buffer->used) Aug 21 12:58:29 ibex dovecot: imap(krakonos): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x8d91e) [0x7fa68fb6a91e] -> /usr/lib64/dovecot/libdovecot.so.0(+0x8da0a) [0x7fa68fb6aa0a] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7fa68fb08fce] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x79e56) [0x7fa68fe6ae56] -> /usr/lib64/dovecot/libdovecot-storage.so.0(index_mail_get_first_header+0xd6) [0x7fa68fe6b2a6] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_get_first_header+0x3d) [0x7fa68fe1e93d] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x8de70) [0x7fa68fe7ee70] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x8e062) [0x7fa68fe7f062] -> /usr/lib64/dovecot/libdovecot.so.0(i_stream_read+0x53) [0x7fa68fb74e03] -> /usr/lib64/dovecot/libdovecot.so.0(i_stream_read_data+0x3d) [0x7fa68fb7583d] -> /usr/lib64/dovecot/libdovecot.so.0(message_parse_header_next+0x72) [0x7fa68fb56042] -> /usr/lib64/dovecot/libdovecot.so.0(+0x736c1) [0x7fa68fb506c1] -> /usr/lib64/dovecot/libdovecot.so.0(i_stream_read+0x53) [0x7fa68fb74e03] -> /usr/lib64/dovecot/libdovecot.so.0(i_stream_read_data+0x3d) [0x7fa68fb7583d] -> /usr/lib64/dovecot/libdovecot.so.0(message_parse_header_next+0x72) [0x7fa68fb56042] -> /usr/lib64/dovecot/libdovecot.so.0(+0x736c1) [0x7fa68fb506c1] -> /usr/lib64/dovecot/libdovecot.so.0(i_stream_read+0x53) [0x7fa68fb74e03] -> /usr/lib64/dovecot/libdovecot.so.0(i_stream_read_data+0x3d) [0x7fa68fb7583d] -> /usr/lib64/dovecot/libdovecot.so.0(message_get_header_size+0x74) [0x7fa68fb59d64] -> /usr/lib64/dovecot/libdovecot-storage.so.0(imap_msgpart_open+0x317) [0x7fa68fea7ff7] -> dovecot/imap() [0x41d4ae] -> dovecot/imap() [0x41b9fc] -> dovecot/imap(imap_fetch_more+0x3a) [0x41ca0a] -> dovecot/imap(cmd_fetch+0x32c) [0x40f57c] -> dovecot/imap(command_exec+0x9c) [0x41a29c] -> dovecot/imap() [0x418772] -> dovecot/imap() [0x418800] -> dovecot/imap(client_handle_input+0x175) [0x418b95] Aug 21 12:58:29 ibex dovecot: imap(krakonos): Fatal: master: service(imap): child 17785 killed with signal 6 (core dumped) On Sat, Aug 20, 2016 at 01:25:01AM +0300, Aki Tuomi wrote: > > > On August 19, 2016 at 10:00 PM Ladislav Laska wrote: > > > > > > Hi! > > > > I'm currently experiencing a crash of dovecot 2.2.25 on Gentoo, upon opening > > mailbox. The crash only triggers on opening inbox, other mailboxes seem to > > work fine. It happens every time, and can be reproduced on request. I also > > briefly tried 2.2.19, and it behaves the same. > > > > The bug seems to be triggered by some mail, as I encountered it previously > > and fixed by removing some spam. I guess it might be malformed header of > > some kind.? I can open the mailbox locally using mutt, but fail to do so > > remotely (using mutt or K-9 mail on android). Unforunately, I haven't been > > able to isolate the specific mail, as when I create a new mailbox, dovecot > > refuses to open it: > > > > [CANNOT] Mailbox isn't a valid mbox file (0.000 + 0.000 secs). > > > > I'm not really sure what's going on and will investigate further once I find > > some time to do so. > > > > I also experienced a similar problem on opening a specific mail, but it's > > much harder to reproduce and I currently don't have an example. The crash > > looks very similar, and only happens on first attempt to open a specific > > mail, it always works later on. > > > > I'm attaching a stack trace and dovecot -n. I'm also willing to send the > > binary and core dump, but not publicly, as I'm not eager to share whatever's > > inside with the whole world. > > > > Other than what I mentioned, I'm running pretty standard setup, with postfix > > on Gentoo x86_64, ext4 fs, quota and disk space is plentiful. The delivery > > agent is dovecot itself, in postfix/main.cf I have: > > > > mailbox_command = /usr/libexec/dovecot/deliver > > > > I'm using sieve script to file my mail, but the problem manifested even > > before when I was still using procmail to deliver my mail (I migrated > > because I had doubts about procmail and dovecot lock cooperation) > > > > I'll keep my mailbox corrupted for a few more days, and access the mail only > > locally, hoping to test a potential fix. Let me know if you need any more > > info/experimentation. Also, if you know a good way to find the mail that > > causes the trouble out of the core, let me know, I'd be glad to forward it > > for testing. > > > > Thanks and I hope we can find (and fix) the problem! > > > > -- S pozdravem Ladislav L?ska????????????????????????? > > > > Katedra Aplikovan? Matematiky, MFF UK?????????????? tel.: +420 739 464 167 > > Hi! > > Please provide > > doveconf -n > > relevant log files (or at least anything you care to share) > > gdb /path/to/binary /path/to/core > bt full > > --- > Aki Tuomi > Dovecot Oy -- S pozdravem Ladislav L?ska????????????????????????? Katedra Aplikovan? Matematiky, MFF UK?????????????? tel.: +420 739 464 167 From contact at ukuniversalsupport.com Sun Aug 21 16:19:12 2016 From: contact at ukuniversalsupport.com (UK Universal Support Limited) Date: Sun, 21 Aug 2016 17:19:12 +0100 Subject: Port 143 is no SSL; no client auth; plain password auth. But port 993 is SSL; client cert auth. Message-ID: I am experiencing the error "Error: BUG: Authentication client sent unknown handshake command:" My goal is Port 143: no SSL; no client auth; plain password auth. Port 993: SSL; client cert auth. I found the archive http://www.dovecot.org/list/dovecot/2016-February/103067.html and followed it, but does not work, I see the following log in /var/log/maillog Aug 21 15:36:42 vps0 dovecot: master: Dovecot v2.2.25 (7be1766) starting up for imap (core dumps disabled) Aug 21 15:37:51 vps0 dovecot: auth: Error: BUG: Authentication client sent unknown handshake command: REQUEST?1997012993?3734?1?e067999d43eebcecf0c9d44a1c108d75?session_pid=3741?r... Aug 21 15:37:51 vps0 dovecot: imap: Error: Authentication server didn't send valid SPID as expected: MECH#011PLAIN#011plaintext Aug 21 15:37:51 vps0 dovecot: imap: Error: Disconnected from auth server, aborting (client-pid=3734 client-id=1) Aug 21 15:37:51 vps0 dovecot: imap-login: Internal login failure (pid=3734 id=1) (internal failure, 1 successful auths): user=, method=PLAIN, rip=212.104.147.161, lip=46.30.14.36, mpid=3741, TLS, session= Aug 21 15:37:51 vps0 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=212.104.147.161, lip=46.30.14.36, TLS handshaking: SSL_accept() failed: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized, session= Can anyone advice any solution? Dovecot version: 2.2.25 (7be1766) Operating system:CentOS 7, 64bit, selinux is off. CPU architecture: Intel x86 64bit. Filesystem: xfs # /usr/local/bin/doveconf -n # 2.2.25 (7be1766): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.10.0-327.28.2.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core) auth_mechanisms = plain login auth_ssl_username_from_cert = yes disable_plaintext_auth = no mail_location = maildir:~/Maildir namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap service auth-ssl { executable = auth -o auth_ssl_require_client_cert=yes unix_listener auth-master-ssl { mode = 0666 } unix_listener login/login-ssl { mode = 0666 } } service imap-login-ssl { chroot = login executable = imap-login -l imap-ssl login-ssl inet_listener imaps { port = 993 ssl = yes } user = $default_login_user } service imap-login { inet_listener imaps { port = 0 } } service imap-ssl { executable = imap -a auth-master-ssl unix_listener login/imap-ssl { user = $default_login_user } } ssl_ca = Hidy-ho, I'm having a difficult time getting catch-all working when using Dovecot LMTP. I would like *@example.com (everything) to go to virtual at example.com, where virtual is a valid virtual user. It seems that things are getting as far as LMTP, but then the mail gets bounced. To wit: Aug 21 08:02:50 hostname postfix/lmtp[4914]: 8DF8E9AFE6: to=, relay=mail.example.com[private/dovecot-lmtp], delay=0.07, delays=0.04/0.01/0.01/0.01, dsn=5.1.1, status=bounced (host mail.example.com[private/dovecot-lmtp] said: 550 5.1.1 User doesn't exist: test at example.com (in reply to RCPT TO command)) In the previous log example, test at example.com should have been forwarded (aliased) to the virtual mail user. Some config details: [root at hostname postfix]# cat /etc/postfix/virtual ######################################### #### Postmap this file after editing #### ######################################### # Person who should get root's mail. Don't receive mail as root! #root you # Basic system aliases -- these MUST be present MAILER-DAEMON postmaster postmaster root # General redirections for pseudo accounts bin root daemon root named root nobody root uucp root www root ftp-bugs root postfix root # Put your local aliases here. @example.com virtual at example.com # Well-known aliases manager root dumper root operator root abuse postmaster # trap decode to catch security attacks decode root [root at hostname postfix]# cat /etc/postfix/virtual_mailbox_domains ################################################ #### Do NOT postmap this file after editing #### ################################################ example.com [root at hostname postfix]# cat /etc/postfix/virtual_mailbox_maps ######################################### #### Postmap this file after editing #### ######################################### # From: http://wiki.dovecot.org/LDA/Postfix # Info: if you use the Dovecot LDA or LMTP it doesn't matter what you use behind the recipient address. Use "OK", the full name of the user or else. # I am using the Dovecot LMTP @example.com OK [root at hostname postfix]# dovecot --version 2.2.10 [root at hostname postfix]# dovecot -n # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-327.22.2.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core) auth_verbose = yes login_greeting = What's crackalackin? mail_debug = yes mail_home = /var/mail/%d/%n mail_location = maildir:~/mail maildir_very_dirty_syncs = yes mbox_write_locks = fcntl namespace inbox { hidden = no inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { args = scheme=SSHA512 /etc/dovecot/passdb driver = passwd-file } protocols = imap lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl_cert = References: <4c63c8cb-67bc-e089-011e-1c430bf4b46a@michaelstarks.com> Message-ID: <1183617125.2307.1471847349519@appsuite-dev.open-xchange.com> > On August 22, 2016 at 6:32 AM Michael Starks wrote: > > > > Hidy-ho, > > I'm having a difficult time getting catch-all working when using Dovecot > LMTP. I would like *@example.com (everything) to go to > virtual at example.com, where virtual is a valid virtual user. It seems > that things are getting as far as LMTP, but then the mail gets bounced. > Thank you in advance for your assistance. It seems your postfix is misbehaving. Did you forget to run postmap? Aki Tuomi Dovecot oy From skdovecot at smail.inf.fh-brs.de Mon Aug 22 07:19:19 2016 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 22 Aug 2016 09:19:19 +0200 (CEST) Subject: dovecot-lda core-dumps when antispam pipe script calls it In-Reply-To: <121af0846522467a88f9bf240fc20e89@indietorrent.org> References: <3f95a9de-9d17-b40a-2f12-7ab73bf9a73f@indietorrent.org> <20160819025849.GA93798@thinkpad.my.domain> <121af0846522467a88f9bf240fc20e89@indietorrent.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 19 Aug 2016, ben at indietorrent.org wrote: > On 2016-08-19 12:17, ben at indietorrent.org wrote: >> Aha! Clearly, the vmail user cannot read from nor write to /tmp. (Why >> that is, I have no idea, as the /tmp directory's permissions certainly Do you have SELinux active? See almost at the end of http://wiki2.dovecot.org/WhyDoesItNotWork?highlight=%28selinux%29 >> allow for both; maybe Dovecot implements this as a security measure.) No. Dovecot does not implement anything like that. Do you chroot ? >> This prompted me to change all references to /tmp in the pipe script >> to ~/tmp, and create this directory: >> >> $ whoami >> vmail >> $ mkdir ~/tmp && chmod 770 ~/tmp >> $ /bin/bash /usr/local/bin/sa-learn-pipe.sh --ham < /var/vmail/gtube.txt >> >> No errors this time (at least not on the console). >> >> But I do get this in /var/log/mail.err: >> >> Aug 19 12:04:24 example.com dovecot: lda(sa-training at example.com): >> Fatal: Can't open delivery mail as raw: Permission denied >> >> I'm not sure how to interpret this message. Where is permission being >> denied? More importantly, what's the fix? >> >> Thanks for any hints! >> >> -Ben > > Apologies for the rapid-fire replies here. > > The strace output that I'm capturing in the pipe script pinpointed the > problem: > > open("/root/~/tmp/sendmail-msg-26272.txt", O_RDONLY) = -1 EACCES (Permission > denied) Er, '/root/~/tmp/' ?? > There seems to be some expansion occurring that assumes the root user, > despite executing the pipe script as the vmail user, so I changed all > references to ~/tmp in the pipe script to /var/vmail/tmp and permission is > no longer denied. > > But, now dovecot-lda is core-dumping. Here is the strace output: > > http://pastebin.com/RrKmFhzC > > So, I'm back to where I was with this problem two years ago. > > At that time, I gave-up, because I couldn't invest the time required to > compile the latest versions of Dovecot and all plugins from scratch in an > effort to prove that the bug exists in the latest source. > > "Dovecot always logs a detailed error message if something goes wrong. If it > doesn't, it's considered a bug and will be fixed." - > http://wiki2.dovecot.org/Logging > > I'm happy to help identify the root-cause, but I need some guidance here. First: check the SELinux thing. Second: Do you run in a chrooted environment? Third: Enclose all your script with logging, e.g.: #!/bin/bash ( date echo "$@" id id -a echo environment env set # check for chroot echo stat / stat / echo /proc/1/mountinfo awk '$5=="/" {print}' > /var/tmp/antispam.$$.log 2>&1 Make sure /var/tmp/antispam.$$.log is writeable, maybe create a new directory with owner vmail. Make sure you have 2>&1 at the end. Your log misses all the error messages. Also, you will now have a log file for each run of the script. To check for chroot: stat / should print inode 2, but any mountpoint has inode 2. /proc/$$/mountinfo displays the physical information of a mount, if both differ, the current process is chrooted. "1" should be the init process. In your script: for opt; do if [[ "$*" =~ .*ham.* ]] This makes no sense, either use for loop and test "$opt" here, or do not use for, but use "$*"; .*ham.* should be quoted anyway. cat<&0 >> /tmp/sendmail-msg-$$.txt Well, if for any reason this file exists, .. cat - >/tmp/sendmail-msg-$$.txt /usr/lib/dovecot/deliver -d "sa-training at example.com" -m "Training.$mode" You've already scraped the message from stdin into a file, so add: < /tmp/sendmail-msg-$$.txt About the '-p' switch present in the strace-variant: Please scan the mailing list for the status of it, IMHO, there had been lots of trouble in certain cases. The strace variant should use -oLogfile.strace.$$.log in order to separate the output of the command and strace logging. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBV7qnd3z1H7kL/d9rAQJXWQf9E/ucaEXMy10IE5f7JY3tbZVlROGrz+wk 5rA0/Xe/aFwgNvCzyTX+MV7BblHH//aDwlNs3L4P+bZatCjAVCmoDdQ/WDZ7wr51 mBq/vOjcullnzz8NHv2+gQgRCKhGGd8M+mVjGUlyK6jXEFjwAaivEnRA86AudZi4 ybK0CZKw+Pg+VzDcfGjvO4PHZWAxvbqktqVOUhQwEL/+A/CZ7FNSsBuuZug42TGK tmghQmAKuwY96djSV/vFax8J8WyVnGKBVLpONP9iMllGkZ7MHGacpfm0MSgsIgPv DTTdjdk1P6FIQ615rp6BRg0JKaTn7COC6YxMnuaNtlXJ2t/M5zoCNA== =/xgA -----END PGP SIGNATURE----- From apm at one.com Mon Aug 22 10:06:05 2016 From: apm at one.com (Peter Mogensen) Date: Mon, 22 Aug 2016 12:06:05 +0200 Subject: LMTP doing passdb queries ? Message-ID: <3e9883b3-27f0-fd57-0c47-9997b6855be4@one.com> Hi, I can see dovecot is doing a passdb query when handling the LMTP RCPT command. That's kinda unexpected for me. I would have thought it only did a userdb lookup. I have disabled lmtp_proxy to be sure it didn't do a passdb lookup to check the proxy field. Is this expected? Doesn't the LDA only do userdb lookups? /Peter From apm at one.com Mon Aug 22 11:21:55 2016 From: apm at one.com (Peter Mogensen) Date: Mon, 22 Aug 2016 13:21:55 +0200 Subject: LDA doing passdb queries ? In-Reply-To: <3e9883b3-27f0-fd57-0c47-9997b6855be4@one.com> References: <3e9883b3-27f0-fd57-0c47-9997b6855be4@one.com> Message-ID: Sorry... I meant LDA - not LMTP. More specifically ... the delivery happening during an LMTP session. I'm trying something like this: =================================================================== protocol !lda { passdb { driver = passwd-file args = /etc/dovecot/accounts } userdb { driver = static args = uid=vmail gid=vmail home=/srv/vmail/%u mail=maildir:~ } } protocol lda { # passdb { # driver = static # } userdb { args = /etc/dovecot/dovecot-dict-auth.conf.ext driver = dict result_success = continue-ok result_failure = return-fail } userdb { driver = static args = uid=vmail gid=vmail home=/srv/vmail/%u mail=maildir:~ } } ================================================================== The point being that delivery is done to an address which needs an external userdb to rewrite the "user" value. All other access (IMAP...) uses the defined accounts. The above config won't do, since dovecot complains about a missing passdb database (and that PLAIN needs one) ... even if there's no actual authentication done during delivery. It doesn't seem to work, since trying to do delivery via LMTP still consults /etc/dovecot/accounts /Peter From aki.tuomi at dovecot.fi Mon Aug 22 11:43:01 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 22 Aug 2016 14:43:01 +0300 Subject: Crash on opening mailbox In-Reply-To: References: <555988293.781.1471645502235@appsuite-dev.open-xchange.com> Message-ID: <44c807e2-8d88-462b-49b8-f3fcdbf2be29@dovecot.fi> On 21.08.2016 13:59, Ladislav Laska wrote: > Hi! > > dovecot -n and backtrace are both attached in my original email, due to their > size. Did the attachments not arrive? > > The relevant log does not contain much more than the trace, but here it is: > Any chance to get the offending email somehow? Aki From laska at kam.mff.cuni.cz Mon Aug 22 12:10:09 2016 From: laska at kam.mff.cuni.cz (Ladislav Laska) Date: Mon, 22 Aug 2016 14:10:09 +0200 Subject: Crash on opening mailbox In-Reply-To: <44c807e2-8d88-462b-49b8-f3fcdbf2be29@dovecot.fi> References: <555988293.781.1471645502235@appsuite-dev.open-xchange.com> <44c807e2-8d88-462b-49b8-f3fcdbf2be29@dovecot.fi> Message-ID: Not really. I tried copying the inbox and wanted to delete half the messages to filter out the problematic one, but opening the copy works fine. What could be the culprit? Does dovecot keep some index that might be corrupted? On Mon, Aug 22, 2016 at 02:43:01PM +0300, Aki Tuomi wrote: > On 21.08.2016 13:59, Ladislav Laska wrote: > > Hi! > > > > dovecot -n and backtrace are both attached in my original email, due to their > > size. Did the attachments not arrive? > > > > The relevant log does not contain much more than the trace, but here it is: > > > > Any chance to get the offending email somehow? > > Aki -- S pozdravem Ladislav "Krakono?" L?ska http://www.krakonos.org/ From guilhem at fripost.org Mon Aug 22 12:29:33 2016 From: guilhem at fripost.org (Guilhem Moulin) Date: Mon, 22 Aug 2016 14:29:33 +0200 Subject: RFC 3501 violation in FETCH BODY responses Message-ID: <20160822122932.t5d5iuzwdulfdfbv@localhost.localdomain> Hi there, Quoting RFC 3501 sec. 7.4.2 ?FETCH Response? (data item BODYSTRUCTURE): ?A body type of type MESSAGE and subtype RFC822 contains, immediately after the basic fields, the envelope structure, body structure, and size in text lines of the encapsulated message.? According the ABNF (RFC 3501 sec. 9) the envelope structure is that of the ENVELOPE FETCH data item, and the env-{from,sender,reply-to,to,cc, bcc} fields are non-space-separated address lists: body-type-msg = media-message SP body-fields SP envelope SP body SP body-fld-lines envelope = "(" env-from SP ? SP env-to SP ? ")" env-from = "(" 1*address ")" / nil env-to = "(" 1*address ")" / nil While this is indeed the case for ?FETCH ? (ENVELOPE)?, for ?FETCH ? (BODY)? dovecot 2.2.25 adds a space between addresses of an address list of the envelope structure of an encapsulated MESSAGE/RFC822 message. See the attached patch to ?src/lib-imap/test-imap-bodystructure.c?, which currently (2.2.25) fails as follows test-imap-bodystructure.c:122: Assert failed: strcmp(str_c(str), testmsg_body) == 0 test-imap-bodystructure.c:129: Assert failed: strcmp(str_c(str), testmsg_bodystructure) == 0 imap bodystructure parser ............................................ : FAILED because the ?env-to? field of the envelope structure of the encapsulated MESSAGE/RFC822 message is printed as ((NIL NIL "sub-to1" "domain.org") (NIL NIL "sub-to2" "domain.org")) while it should be ((NIL NIL "sub-to1" "domain.org")(NIL NIL "sub-to2" "domain.org")) After a quick look at the source, this seems to be due to src/lib-imap/imap-bodystructure.c:imap_write_list, which always separates list items with spaces. In the case of an envelope, only the top-level list should be space-separated. Indeed, not adding a space between items of type IMAP_ARG_LIST in the recursive call makes the test pass again. Cheers, -- Guilhem. -------------- next part -------------- A non-text attachment was scrubbed... Name: test-imap-bodystructure.diff Type: text/x-diff Size: 3361 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: not available URL: From scottwsx96 at gmail.com Mon Aug 22 13:14:39 2016 From: scottwsx96 at gmail.com (Scott W. Sander) Date: Mon, 22 Aug 2016 13:14:39 +0000 Subject: Change dovecot hostname In-Reply-To: References: Message-ID: Here are some example headers from an email sent from an internal Exchange account to an account on Dovecot (user at domain.test): ------- Received: from mail.domain.test by appserver4.domain.com (Dovecot) with LMTP id z7RGLzH4uldlPAAAxdv4Dw for ; Mon, 22 Aug 2016 09:03:45 -0400 Received: from mail.domain.com (exchangefe1.domain.com [10.1.0.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.domain.test (Postfix) with ESMTPS id BEB1B200C4 for ; Mon, 22 Aug 2016 09:03:45 -0400 (EDT) Received: from exchangebe2.domain.com ([fe80::31cb:366e:5ce0:a40c]) by exchangefe1.domain.com ([::1]) with mapi id 14.03.0294.000; Mon, 22 Aug 2016 09:03:46 -0400 ------- I want the part that says "by appserver4.domain.com (Dovecot)" to say "by mail.domain.test (Dovecot)". I don't want it to say the FQDN of the actual host server that is running Dovecot. The server currently referenced as "mail.domain.test" in the headers is postfix running on the same machine. Thanks in advance! On Fri, Aug 19, 2016 at 7:11 PM Joseph Tam wrote: > "Scott W. Sander" writes: > > > I have noticed that the name of my private server running dovecot appears > > in email headers rather than the public-friendly name of my server. > > Which headers are you taking about? > > If you're talking about Received: headers, that's usually inserted by > your MTA, not dovecot. > > Joseph Tam > From aki.tuomi at dovecot.fi Mon Aug 22 13:18:58 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 22 Aug 2016 16:18:58 +0300 Subject: Crash on opening mailbox In-Reply-To: References: <555988293.781.1471645502235@appsuite-dev.open-xchange.com> <44c807e2-8d88-462b-49b8-f3fcdbf2be29@dovecot.fi> Message-ID: On 22.08.2016 15:10, Ladislav Laska wrote: > Not really. I tried copying the inbox and wanted to delete half the > messages to filter out the problematic one, but opening the copy works > fine. > > What could be the culprit? Does dovecot keep some index that might be > corrupted? > > On Mon, Aug 22, 2016 at 02:43:01PM +0300, Aki Tuomi wrote: >> On 21.08.2016 13:59, Ladislav Laska wrote: >>> Hi! >>> >>> dovecot -n and backtrace are both attached in my original email, due to their >>> size. Did the attachments not arrive? >>> >>> The relevant log does not contain much more than the trace, but here it is: >>> >> Any chance to get the offending email somehow? >> >> Aki It is possible. Can you try backing up your current index and running doveadm index -u yourusername? Aki From ihsan at dogan.ch Mon Aug 22 13:21:03 2016 From: ihsan at dogan.ch (=?UTF-8?B?xLBoc2FuwqBEb8SfYW4=?=) Date: Mon, 22 Aug 2016 15:21:03 +0200 Subject: specifying elliptic curve Message-ID: Hi, I've noticed that Dovecot is using per default the elliptic curve sect571r1. Because not all clients might support sect571r1, I would like to set the elliptic curve manually. Is that possible? -Ihsan -- ihsan at dogan.ch http://blog.dogan.ch/ From apm at one.com Mon Aug 22 13:47:03 2016 From: apm at one.com (Peter Mogensen) Date: Mon, 22 Aug 2016 15:47:03 +0200 Subject: LDA doing passdb queries ? In-Reply-To: References: <3e9883b3-27f0-fd57-0c47-9997b6855be4@one.com> Message-ID: <94e84a39-63fb-6b0e-60ff-3d800fa14da2@one.com> On 2016-08-22 13:21, Peter Mogensen wrote: > =================================================================== .... > protocol lda { > # passdb { > # driver = static > # } > > userdb { > args = /etc/dovecot/dovecot-dict-auth.conf.ext > driver = dict > result_success = continue-ok > result_failure = return-fail > } > userdb { > driver = static > args = uid=vmail gid=vmail home=/srv/vmail/%u mail=maildir:~ > } > } > ================================================================== I realized that the passdb is needed when using the static driver to find out which users actually exist. And that you have to use args=allow_all_users=yes. But it seems the logic to detect that a passdb is needed doesn't discover that I have a dict userdb before the static one ?!?! Anyway ... I think I got what I wanted by not trying to change the user in a userdb, but doing it in a passdb: ====================================================================== protocol !lmtp { passdb { driver = passwd-file args = /etc/dovecot/accounts } } protocol lmtp { passdb { args = /etc/dovecot/dovecot-dict-auth.conf.ext driver = dict } } userdb { driver = static args = uid=vmail gid=vmail home=/srv/imip/vmail mail=maildir:~ } ====================================================================== Where the dict passdb returns something like: O{"nopassword":"yes", "user": "static-user"} This leaves me with 1 question though: Shouldn't you be able to do this with a userdb rewriting "user" on delivery (LMTP RCPT) and no passdb? /Peter From laska at kam.mff.cuni.cz Mon Aug 22 13:50:39 2016 From: laska at kam.mff.cuni.cz (Ladislav Laska) Date: Mon, 22 Aug 2016 15:50:39 +0200 Subject: Crash on opening mailbox In-Reply-To: References: <555988293.781.1471645502235@appsuite-dev.open-xchange.com> <44c807e2-8d88-462b-49b8-f3fcdbf2be29@dovecot.fi> Message-ID: <20160822135039.GA4297@muskox.loc> Well, good news and bad news. I backed up the indexes (presumably the ~/.mbox/.imap/*) and started tinkering: dovecotadm -u username INBOX did nothing, it didn't event produce a message in the log, and the indexes were not updated. I deleted the indexes, and let dovecot rebuild them. This fixed my inbox (good news), unfortunately, even after copying the backed-up files back I can no longer reproduce the problem. I looked around but didn't find any other files that dovecot could be modifying, or did I miss something? Anyway, I think the problem will get back soon, as it did many times before. On Mon, Aug 22, 2016 at 04:18:58PM +0300, Aki Tuomi wrote: > > > On 22.08.2016 15:10, Ladislav Laska wrote: > > Not really. I tried copying the inbox and wanted to delete half the > > messages to filter out the problematic one, but opening the copy works > > fine. > > > > What could be the culprit? Does dovecot keep some index that might be > > corrupted? > > > > On Mon, Aug 22, 2016 at 02:43:01PM +0300, Aki Tuomi wrote: > >> On 21.08.2016 13:59, Ladislav Laska wrote: > >>> Hi! > >>> > >>> dovecot -n and backtrace are both attached in my original email, due to their > >>> size. Did the attachments not arrive? > >>> > >>> The relevant log does not contain much more than the trace, but here it is: > >>> > >> Any chance to get the offending email somehow? > >> > >> Aki > It is possible. Can you try backing up your current index and running > doveadm index -u yourusername? > > Aki -- S pozdravem Ladislav "Krakono?" L?ska http://www.krakonos.org/ From mail at tomsommer.dk Mon Aug 22 14:11:06 2016 From: mail at tomsommer.dk (Tom Sommer) Date: Mon, 22 Aug 2016 16:11:06 +0200 Subject: Change dovecot hostname In-Reply-To: References: Message-ID: Removing the headers entirely was discussed: http://dovecot.markmail.org/search/?q=received#query:received+page:1+mid:t4utsjcionjcfwce+state:results Don't know if it was forgotten for 2.3, but hope not :) --- Tom On 2016-08-22 15:14, Scott W. Sander wrote: > Here are some example headers from an email sent from an internal > Exchange > account to an account on Dovecot (user at domain.test): > > ------- > > Received: from mail.domain.test > by appserver4.domain.com (Dovecot) with LMTP id > z7RGLzH4uldlPAAAxdv4Dw > for ; Mon, 22 Aug 2016 09:03:45 -0400 > Received: from mail.domain.com (exchangefe1.domain.com [10.1.0.225]) > (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) > (No client certificate requested) > by mail.domain.test (Postfix) with ESMTPS id BEB1B200C4 > for ; Mon, 22 Aug 2016 09:03:45 -0400 (EDT) > Received: from exchangebe2.domain.com > ([fe80::31cb:366e:5ce0:a40c]) by exchangefe1.domain.com ([::1]) > with mapi id 14.03.0294.000; Mon, 22 Aug 2016 09:03:46 -0400 > > ------- > > I want the part that says "by appserver4.domain.com (Dovecot)" to say > "by > mail.domain.test (Dovecot)". I don't want it to say the FQDN of the > actual > host server that is running Dovecot. > > The server currently referenced as "mail.domain.test" in the headers is > postfix running on the same machine. > > Thanks in advance! > > On Fri, Aug 19, 2016 at 7:11 PM Joseph Tam wrote: > >> "Scott W. Sander" writes: >> >> > I have noticed that the name of my private server running dovecot appears >> > in email headers rather than the public-friendly name of my server. >> >> Which headers are you taking about? >> >> If you're talking about Received: headers, that's usually inserted by >> your MTA, not dovecot. >> >> Joseph Tam >> From karol at augustin.pl Mon Aug 22 15:13:13 2016 From: karol at augustin.pl (Karol Augustin) Date: Mon, 22 Aug 2016 16:13:13 +0100 Subject: dovecot-lda core-dumps when antispam pipe script calls it In-Reply-To: <121af0846522467a88f9bf240fc20e89@indietorrent.org> References: <3f95a9de-9d17-b40a-2f12-7ab73bf9a73f@indietorrent.org> <20160819025849.GA93798@thinkpad.my.domain> <121af0846522467a88f9bf240fc20e89@indietorrent.org> Message-ID: On 19/08/16 17:35, ben at indietorrent.org wrote: > So, I'm back to where I was with this problem two years ago. Maybe this will help you. I've been using antispam plugin in the same way you intend to do it for years now. (script modification date Feb 2014). All the Maildirs on my system are under /var/vmail/%d/%u/ and chmod'ed as vmail:vmail user. This is the script that is working for sure. You can test it by changinf the output path, but anyway it has been with me since dovecot 1.x as far as I remember, no problems at all! #!/bin/bash T=`date +%s%N` cat<&0 >> /var/vmail/learn/$1/$T-$$.txt exit 0 Good luck! Karol -- Karol Augustin karol at augustin.pl http://karolaugustin.pl/ +353 85 775 5312 From aki.tuomi at dovecot.fi Mon Aug 22 16:59:05 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 22 Aug 2016 19:59:05 +0300 Subject: specifying elliptic curve In-Reply-To: References: Message-ID: <4034b29e-a6f1-f7ec-b3ef-0225a3255823@dovecot.fi> On 22.08.2016 16:21, ?hsan Do?an wrote: > Hi, > > I've noticed that Dovecot is using per default the elliptic curve > sect571r1. Because not all clients might support sect571r1, I would like > to set the elliptic curve manually. Is that possible? > > > > -Ihsan > Hi! If your openssl does not support automatic curve selection (>=1.0.2), we fall back to using what your private EC key uses, or NIST-P384 as last resort. Aki Tuomi Dovecot oy From aki.tuomi at dovecot.fi Mon Aug 22 17:03:04 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 22 Aug 2016 20:03:04 +0300 Subject: Crash on opening mailbox In-Reply-To: <20160822135039.GA4297@muskox.loc> References: <555988293.781.1471645502235@appsuite-dev.open-xchange.com> <44c807e2-8d88-462b-49b8-f3fcdbf2be29@dovecot.fi> <20160822135039.GA4297@muskox.loc> Message-ID: On 22.08.2016 16:50, Ladislav Laska wrote: > Well, good news and bad news. > > I backed up the indexes (presumably the ~/.mbox/.imap/*) and started > tinkering: > > dovecotadm -u username INBOX > > did nothing, it didn't event produce a message in the log, and the > indexes were not updated. I deleted the indexes, and let dovecot rebuild > them. This fixed my inbox (good news), unfortunately, even after copying > the backed-up files back I can no longer reproduce the problem. > > I looked around but didn't find any other files that dovecot could be > modifying, or did I miss something? Anyway, I think the problem will get > back soon, as it did many times before. > > On Mon, Aug 22, 2016 at 04:18:58PM +0300, Aki Tuomi wrote: >> >> On 22.08.2016 15:10, Ladislav Laska wrote: >>> Not really. I tried copying the inbox and wanted to delete half the >>> messages to filter out the problematic one, but opening the copy works >>> fine. >>> >>> What could be the culprit? Does dovecot keep some index that might be >>> corrupted? >>> >>> On Mon, Aug 22, 2016 at 02:43:01PM +0300, Aki Tuomi wrote: >>>> On 21.08.2016 13:59, Ladislav Laska wrote: >>>>> Hi! >>>>> >>>>> dovecot -n and backtrace are both attached in my original email, due to their >>>>> size. Did the attachments not arrive? >>>>> >>>>> The relevant log does not contain much more than the trace, but here it is: >>>>> >>>> Any chance to get the offending email somehow? >>>> >>>> Aki >> It is possible. Can you try backing up your current index and running >> doveadm index -u yourusername? >> >> Aki I noticed you are using mbox format. Maybe the mbox file itself is corrupted. The command you were supposed to run, by the way, was doveadm index -u username INBOX If the problem does reoccur please let us know. We will see if we can figure out your problem in the mean time. Aki From laska at kam.mff.cuni.cz Mon Aug 22 17:16:15 2016 From: laska at kam.mff.cuni.cz (Ladislav Laska) Date: Mon, 22 Aug 2016 19:16:15 +0200 Subject: Crash on opening mailbox In-Reply-To: References: <555988293.781.1471645502235@appsuite-dev.open-xchange.com> <44c807e2-8d88-462b-49b8-f3fcdbf2be29@dovecot.fi> <20160822135039.GA4297@muskox.loc> Message-ID: > I noticed you are using mbox format. Maybe the mbox file itself is > corrupted. The command you were supposed to run, by the way, was Possibly. Though I guess that should bring the bug along to the copy of a mbox? > doveadm index -u username INBOX Yes, that's what I was running, I just mistyped it into the email. > If the problem does reoccur please let us know. We will see if we can > figure out your problem in the mean time. I will, thanks! -- S pozdravem Ladislav "Krakono?" L?ska http://www.krakonos.org/ From andrew.mcglashan at affinityvision.com.au Mon Aug 22 17:42:39 2016 From: andrew.mcglashan at affinityvision.com.au (Andrew McGlashan) Date: Tue, 23 Aug 2016 03:42:39 +1000 Subject: a question about certificates from letsencrypt In-Reply-To: <20160819141109.4c43e4fb@workstation.bitcorner.intern> References: <20160819141109.4c43e4fb@workstation.bitcorner.intern> Message-ID: <9b30d596-2c31-30df-008d-31a6d83a4c63@affinityvision.com.au> Hi Andreas, On 19/08/2016 10:11 PM, Andreas Meyer wrote: > Hello! > > Certificates from letsencrypt are renewed every three months. > > Does that mean a MUA has to accept the renewed certificates manually > everytime it is renewed? No, if the certificate is not a self-signed one, and if the MUA can follow the normal CA path, then there is no need to "accept" certs (same as in the browser). Cheers AndrewM -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: From aki.tuomi at dovecot.fi Mon Aug 22 19:00:02 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 22 Aug 2016 22:00:02 +0300 Subject: Catch-all with LMTP and Postfix In-Reply-To: References: <4c63c8cb-67bc-e089-011e-1c430bf4b46a@michaelstarks.com> <1183617125.2307.1471847349519@appsuite-dev.open-xchange.com> Message-ID: <84f6ec73-1974-e410-19aa-4908a4bf8e11@dovecot.fi> On 22.08.2016 21:53, Michael Starks wrote: > On 08/22/2016 01:29 AM, Aki Tuomi wrote: >> It seems your postfix is misbehaving. Did you forget to run postmap? >> >> Aki Tuomi >> Dovecot oy > > Thanks for the response, Aki. I dug a little deeper and found this: > > lrwxrwxrwx. 1 root root 20 Jul 24 01:37 virtual_alias_maps -> > /etc/postfix/virtual > > I had been postmapping virtual_alias_maps, but not virtual. I guess > postmap doesn't follow links. When I postmapped virtual and did a > 'postfix reload' it started to work. Seems you accidentically replied to me only. Postfix uses the filename you provide as name for the db file, so running it against symlinks does follow the symlink, but it uses the symlink name as what it uses to create the .db file. You can test this by creating file and doing symlink for it and running postmap against the symlink. You'll see that it will create symlink-name.db file instead of file.db. Aki Tuomi Dovecot oy From ruga at protonmail.com Mon Aug 22 21:57:28 2016 From: ruga at protonmail.com (Ruga) Date: Mon, 22 Aug 2016 17:57:28 -0400 Subject: specifying elliptic curve In-Reply-To: <4034b29e-a6f1-f7ec-b3ef-0225a3255823@dovecot.fi> References: <4034b29e-a6f1-f7ec-b3ef-0225a3255823@dovecot.fi> Message-ID: +1 I opened a ticket (a while ago) to add manual selection of the curves. On Mon, Aug 22, 2016 at 6:59 PM, Aki Tuomi <'aki.tuomi at dovecot.fi'> wrote: On 22.08.2016 16:21, ?hsan Do?an wrote: > Hi, > > I've noticed that Dovecot is using per default the elliptic curve > sect571r1. Because not all clients might support sect571r1, I would like > to set the elliptic curve manually. Is that possible? > > > > -Ihsan > Hi! If your openssl does not support automatic curve selection (>=1.0.2), we fall back to using what your private EC key uses, or NIST-P384 as last resort. Aki Tuomi Dovecot oy From jtam.home at gmail.com Mon Aug 22 22:36:40 2016 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 22 Aug 2016 15:36:40 -0700 (PDT) Subject: Change dovecot hostname In-Reply-To: References: Message-ID: "Scott W. Sander" writes: > Received: from mail.domain.test > by appserver4.domain.com (Dovecot) with LMTP id z7RGLzH4uldlPAAAxdv4Dw > for ; Mon, 22 Aug 2016 09:03:45 -0400 > ------- > > I want the part that says "by appserver4.domain.com (Dovecot)" to say "by > mail.domain.test (Dovecot)". I don't want it to say the FQDN of the actual > host server that is running Dovecot. > > The server currently referenced as "mail.domain.test" in the headers is > postfix running on the same machine. Oh yeah, right, LMTP. I don't run LMTP myself, but I suspect the hostname is mapped from the IP of the LMTP listening interface (using /etc/hosts or DNS). Maybe you can change the IP of your listening interface to match mail.domain.test and firewall it off if that IP is public facing. >From reading the code, I can't quite grok how LMTP derives the host label, but as a last resort, you can patch at src/lmtp/commands.c in client_get_added_headers(). Joseph Tam From dovecot at michaelstarks.com Tue Aug 23 01:36:49 2016 From: dovecot at michaelstarks.com (Michael Starks) Date: Mon, 22 Aug 2016 20:36:49 -0500 Subject: Catch-all with LMTP and Postfix In-Reply-To: <84f6ec73-1974-e410-19aa-4908a4bf8e11@dovecot.fi> References: <4c63c8cb-67bc-e089-011e-1c430bf4b46a@michaelstarks.com> <1183617125.2307.1471847349519@appsuite-dev.open-xchange.com> <84f6ec73-1974-e410-19aa-4908a4bf8e11@dovecot.fi> Message-ID: On 08/22/2016 02:00 PM, Aki Tuomi wrote: > Seems you accidentically replied to me only. Yup, whoops. > Postfix uses the filename you provide as name for the db file, so > running it against symlinks does follow the symlink, but it uses the > symlink name as what it uses to create the .db file. > > You can test this by creating file and doing symlink for it and running > postmap against the symlink. You'll see that it will create > symlink-name.db file instead of file.db. Also good to know, although it seems like odd behavior. I would think that if Postfix followed the link then the corresponding .db would also be of the followed filename. No matter, I removed the link to simplify things. From nuquaquaraqua at gmail.com Sun Aug 21 21:45:40 2016 From: nuquaquaraqua at gmail.com (=?UTF-8?Q?Quaquaraqu=c3=a0?=) Date: Sun, 21 Aug 2016 22:45:40 +0100 Subject: Field Return-Path contains twice the domain Message-ID: <6f9a1cb7-471c-0889-db2c-5ba47352f5c3@gmail.com> Dear exim & dovecot users, posting on both mailing lists as I am not sure who has the ultimate responsability for this field. I am trying to set up a mail server for multiple domains in my VPS. So I managed to set up the authentication through a dovecot authenticator, which relies to a sqlite database. I would like that, from the database perspective, a query has, as input parameters, both the username and the domain to check the password. For this purpose, I am requesting that the SMTP account is in the full form username at domain.com. When forwarded to the dovecot authenticator, I can extract the user with %n and %d. This works, but it has a utter drawback: emails are sent repeating twice the domain in the Return-Path field, e.g. : Return-Path: <"user at domain.net"@domain.net> Subject: Re: Hello To: nuquaquaraqua at gmail.com From: user How do I properly fix the field Return-Path now? dovecot --version: 2.2.25 (7be1766) Exim version 4.87 #1 built 28-Jul-2016 18:38:04 Kind regards, Quaquaraqua -------------- next part -------------- # 2.2.25 (7be1766): /etc/dovecot/dovecot.conf # OS: Linux 4.7.1-1-ARCH x86_64 ext4 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = yes auth_worker_max_count = 5 base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_uid = 8 last_valid_uid = 8 log_path = /var/log/dovecot.log login_greeting = What's the craic? mail_debug = yes mail_gid = 12 mail_location = mbox:/var/mail/users/%n:INBOX=/var/mail/inbox/%n:INDEX=/var/mail/indexes/%n mail_privileged_group = mail mail_uid = 8 mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap lmtp service auth { unix_listener auth-client { group = mail mode = 0660 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } ssl_cert = -------------- next part -------------- ###################################################################### # Runtime configuration file for Exim # ###################################################################### # This is a default configuration file which will operate correctly in # uncomplicated installations. Please see the manual for a complete list # of all the runtime configuration options that can be included in a # configuration file. There are many more than are mentioned here. The # manual is in the file doc/spec.txt in the Exim distribution as a plain # ASCII file. Other formats (PostScript, Texinfo, HTML, PDF) are available # from the Exim ftp sites. The manual is also online at the Exim web sites. # This file is divided into several parts, all but the first of which are # headed by a line starting with the word "begin". Only those parts that # are required need to be present. Blank lines, and lines starting with # # are ignored. ########### IMPORTANT ########## IMPORTANT ########### IMPORTANT ########### # # # Whenever you change Exim's configuration file, you *must* remember to # # HUP the Exim daemon, because it will not pick up the new configuration # # until you do. However, any other Exim processes that are started, for # # example, a process started by an MUA in order to send a message, will # # see the new configuration as soon as it is in place. # # # # You do not need to HUP the daemon for changes in auxiliary files that # # are referenced from this file. They are read every time they are used. # # # # It is usually a good idea to test a new configuration for syntactic # # correctness before installing it (for example, by running the command # # "exim -C /config/file.new -bV"). # # # ########### IMPORTANT ########## IMPORTANT ########### IMPORTANT ########### ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### # # Specify your host's canonical name here. This should normally be the fully # qualified "official" name of your host. If this option is not set, the # uname() function is called to obtain the name. In many cases this does # the right thing and you need not set anything explicitly. primary_hostname = domain.net # The next three settings create two lists of domains and one list of hosts. # These lists are referred to later in this configuration using the syntax # +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They # are all colon-separated lists: domainlist local_domains = @ : domain.net domainlist relay_to_domains = hostlist relay_from_hosts = localhost # (We rely upon hostname resolution working for localhost, because the default # uncommented configuration needs to work in IPv4-only environments.) # Most straightforward access control requirements can be obtained by # appropriate settings of the above options. In more complicated situations, # you may need to modify the Access Control Lists (ACLs) which appear later in # this file. # The first setting specifies your local domains, for example: # # domainlist local_domains = my.first.domain : my.second.domain # # You can use "@" to mean "the name of the local host", as in the default # setting above. This is the name that is specified by primary_hostname, # as specified above (or defaulted). If you do not want to do any local # deliveries, remove the "@" from the setting above. If you want to accept mail # addressed to your host's literal IP address, for example, mail addressed to # "user@[192.168.23.44]", you can add "@[]" as an item in the local domains # list. You also need to uncomment "allow_domain_literals" below. This is not # recommended for today's Internet. # The second setting specifies domains for which your host is an incoming relay. # If you are not doing any relaying, you should leave the list empty. However, # if your host is an MX backup or gateway of some kind for some domains, you # must set relay_to_domains to match those domains. For example: # # domainlist relay_to_domains = *.myco.com : my.friend.org # # This will allow any host to relay through your host to those domains. # See the section of the manual entitled "Control of relaying" for more # information. # The third setting specifies hosts that can use your host as an outgoing relay # to any other host on the Internet. Such a setting commonly refers to a # complete local network as well as the localhost. For example: # # hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; 192.168.0.0/16 # # The "/16" is a bit mask (CIDR notation), not a number of hosts. Note that you # have to include 127.0.0.1 if you want to allow processes on your host to send # SMTP mail by using the loopback address. A number of MUAs use this method of # sending mail. Often, connections are made to "localhost", which might be ::1 # on IPv6-enabled hosts. Do not forget CIDR for your IPv6 networks. # All three of these lists may contain many different kinds of item, including # wildcarded names, regular expressions, and file lookups. See the reference # manual for details. The lists above are used in the access control lists for # checking incoming messages. The names of these ACLs are defined here: acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data # You should not change those settings until you understand how ACLs work. # If you are running a version of Exim that was compiled with the content- # scanning extension, you can cause incoming messages to be automatically # scanned for viruses. You have to modify the configuration in two places to # set this up. The first of them is here, where you define the interface to # your scanner. This example is typical for ClamAV; see the manual for details # of what to set for other virus scanners. The second modification is in the # acl_check_data access control list (see below). # av_scanner = clamd:/tmp/clamd # For spam scanning, there is a similar option that defines the interface to # SpamAssassin. You do not need to set this if you are using the default, which # is shown in this commented example. As for virus scanning, you must also # modify the acl_check_data access control list to enable spam scanning. # spamd_address = 127.0.0.1 783 # If Exim is compiled with support for TLS, you may want to enable the # following options so that Exim allows clients to make encrypted # connections. In the authenticators section below, there are template # configurations for plaintext username/password authentication. This kind # of authentication is only safe when used within a TLS connection, so the # authenticators will only work if the following TLS settings are turned on # as well. # Allow any client to use TLS. tls_advertise_hosts = * # Specify the location of the Exim server's TLS certificate and private key. # The private key must not be encrypted (password protected). You can put # the certificate and private key in the same file, in which case you only # need the first setting, or in separate files, in which case you need both # options. tls_certificate = /etc/mail/ssl_certificate.pem tls_privatekey = /etc/mail/ssl_private.key # In order to support roaming users who wish to send email from anywhere, # you may want to make Exim listen on other ports as well as port 25, in # case these users need to send email from a network that blocks port 25. # The standard port for this purpose is port 587, the "message submission" # port. See RFC 4409 for details. Microsoft MUAs cannot be configured to # talk the message submission protocol correctly, so if you need to support # them you should also allow TLS-on-connect on the traditional but # non-standard port 465. daemon_smtp_ports = 25 : 465 : 587 tls_on_connect_ports = 465 # Specify the domain you want to be added to all unqualified addresses # here. An unqualified address is one that does not contain an "@" character # followed by a domain. For example, "caesar at rome.example" is a fully qualified # address, but the string "caesar" (i.e. just a login name) is an unqualified # email address. Unqualified addresses are accepted only from local callers by # default. See the recipient_unqualified_hosts option if you want to permit # unqualified addresses from remote sources. If this option is not set, the # primary_hostname value is used for qualification. # qualify_domain = # If you want unqualified recipient addresses to be qualified with a different # domain to unqualified sender addresses, specify the recipient domain here. # If this option is not set, the qualify_domain value is used. # qualify_recipient = # The following line must be uncommented if you want Exim to recognize # addresses of the form "user@[10.11.12.13]" that is, with a "domain literal" # (an IP address) instead of a named domain. The RFCs still require this form, # but it makes little sense to permit mail to be sent to specific hosts by # their IP address in the modern Internet. This ancient format has been used # by those seeking to abuse hosts by using them for unwanted relaying. If you # really do want to support domain literals, uncomment the following line, and # see also the "domain_literal" router below. # allow_domain_literals # No deliveries will ever be run under the uids of users specified by # never_users (a colon-separated list). An attempt to do so causes a panic # error to be logged, and the delivery to be deferred. This is a paranoic # safety catch. There is an even stronger safety catch in the form of the # FIXED_NEVER_USERS setting in the configuration for building Exim. The list of # users that it specifies is built into the binary, and cannot be changed. The # option below just adds additional users to the list. The default for # FIXED_NEVER_USERS is "root", but just to be absolutely sure, the default here # is also "root". # Note that the default setting means you cannot deliver mail addressed to root # as if it were a normal user. This isn't usually a problem, as most sites have # an alias for root that redirects such mail to a human administrator. never_users = root # The setting below causes Exim to do a reverse DNS lookup on all incoming # IP calls, in order to get the true host name. If you feel this is too # expensive, you can specify the networks for which a lookup is done, or # remove the setting entirely. host_lookup = * # The settings below cause Exim to make RFC 1413 (ident) callbacks # for all incoming SMTP calls. You can limit the hosts to which these # calls are made, and/or change the timeout that is used. If you set # the timeout to zero, all RFC 1413 calls are disabled. RFC 1413 calls # are cheap and can provide useful information for tracing problem # messages, but some hosts and firewalls have problems with them. # This can result in a timeout instead of an immediate refused # connection, leading to delays on starting up SMTP sessions. # (The default was reduced from 30s to 5s for release 4.61. and to # disabled for release 4.86) # #rfc1413_hosts = * #rfc1413_query_timeout = 5s # Enable an efficiency feature. We advertise the feature; clients # may request to use it. For multi-recipient mails we then can # reject or accept per-user after the message is received. # prdr_enable = true # By default, Exim expects all envelope addresses to be fully qualified, that # is, they must contain both a local part and a domain. If you want to accept # unqualified addresses (just a local part) from certain hosts, you can specify # these hosts by setting one or both of # # sender_unqualified_hosts = # recipient_unqualified_hosts = # # to control sender and recipient addresses, respectively. When this is done, # unqualified addresses are qualified using the settings of qualify_domain # and/or qualify_recipient (see above). # Unless you run a high-volume site you probably want more logging # detail than the default. Adjust to suit. log_selector = +smtp_protocol_error +smtp_syntax_error \ +tls_certificate_verified # If you want Exim to support the "percent hack" for certain domains, # uncomment the following line and provide a list of domains. The "percent # hack" is the feature by which mail addressed to x%y at z (where z is one of # the domains listed) is locally rerouted to x at y and sent on. If z is not one # of the "percent hack" domains, x%y is treated as an ordinary local part. This # hack is rarely needed nowadays; you should not enable it unless you are sure # that you really need it. # # percent_hack_domains = # # As well as setting this option you will also need to remove the test # for local parts containing % in the ACL definition below. # When Exim can neither deliver a message nor return it to sender, it "freezes" # the delivery error message (aka "bounce message"). There are also other # circumstances in which messages get frozen. They will stay on the queue for # ever unless one of the following options is set. # This option unfreezes frozen bounce messages after two days, tries # once more to deliver them, and ignores any delivery failures. ignore_bounce_errors_after = 2d # This option cancels (removes) frozen messages that are older than a week. timeout_frozen_after = 7d # By default, messages that are waiting on Exim's queue are all held in a # single directory called "input" which it itself within Exim's spool # directory. (The default spool directory is specified when Exim is built, and # is often /var/spool/exim/.) Exim works best when its queue is kept short, but # there are circumstances where this is not always possible. If you uncomment # the setting below, messages on the queue are held in 62 subdirectories of # "input" instead of all in the same directory. The subdirectories are called # 0, 1, ... A, B, ... a, b, ... z. This has two benefits: (1) If your file # system degrades with many files in one directory, this is less likely to # happen; (2) Exim can process the queue one subdirectory at a time instead of # all at once, which can give better performance with large queues. # split_spool_directory = true # If you're in a part of the world where ASCII is not sufficient for most # text, then you're probably familiar with RFC2047 message header extensions. # By default, Exim adheres to the specification, including a limit of 76 # characters to a line, with encoded words fitting within a line. # If you wish to use decoded headers in message filters in such a way # that successful decoding of malformed messages matters, you may wish to # configure Exim to be more lenient. # # check_rfc2047_length = false # # In particular, the Exim maintainers have had multiple reports of problems # from Russian administrators of issues until they disable this check, # because of some popular, yet buggy, mail composition software. # If you wish to be strictly RFC compliant, or if you know you'll be # exchanging email with systems that are not 8-bit clean, then you may # wish to disable advertising 8BITMIME. Uncomment this option to do so. # accept_8bitmime = false # Exim does not make use of environment variables itself. However, # libraries that Exim uses (e.g. LDAP) depend on specific environment settings. # There are two lists: keep_environment for the variables we trust, and # add_environment for variables we want to set to a specific value. # Note that TZ is handled separateley by the timezone runtime option # and TIMEZONE_DEFAULT buildtime option. # keep_environment = ^LDAP # add_environment = PATH=/usr/bin::/bin ###################################################################### # ACL CONFIGURATION # # Specifies access control lists for incoming SMTP mail # ###################################################################### begin acl # This access control list is used for every RCPT command in an incoming # SMTP message. The tests are run in order until the address is either # accepted or denied. acl_check_rcpt: # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by # testing for an empty sending host field. accept hosts = : control = dkim_disable_verify ############################################################################# # The following section of the ACL is concerned with local parts that contain # @ or % or ! or / or | or dots in unusual places. # # The characters other than dots are rarely found in genuine local parts, but # are often tried by people looking to circumvent relaying restrictions. # Therefore, although they are valid in local parts, these rules lock them # out, as a precaution. # # Empty components (two dots in a row) are not valid in RFC 2822, but Exim # allows them because they have been encountered. (Consider local parts # constructed as "firstinitial.secondinitial.familyname" when applied to # someone like me, who has no second initial.) However, a local part starting # with a dot or containing /../ can cause trouble if it is used as part of a # file name (e.g. for a mailing list). This is also true for local parts that # contain slashes. A pipe symbol can also be troublesome if the local part is # incorporated unthinkingly into a shell command line. # # Two different rules are used. The first one is stricter, and is applied to # messages that are addressed to one of the local domains handled by this # host. The line "domains = +local_domains" restricts it to domains that are # defined by the "domainlist local_domains" setting above. The rule blocks # local parts that begin with a dot or contain @ % ! / or |. If you have # local accounts that include these characters, you will have to modify this # rule. deny message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] # The second rule applies to all other domains, and is less strict. The line # "domains = !+local_domains" restricts it to domains that are NOT defined by # the "domainlist local_domains" setting above. The exclamation mark is a # negating operator. This rule allows your own users to send outgoing # messages to sites that use slashes and vertical bars in their local parts. # It blocks local parts that begin with a dot, slash, or vertical bar, but # allows these characters within the local part. However, the sequence /../ # is barred. The use of @ % and ! is blocked, as before. The motivation here # is to prevent your users (or your users' viruses) from mounting certain # kinds of attack on remote sites. deny message = Restricted characters in address domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ ############################################################################# # Accept mail to postmaster in any local domain, regardless of the source, # and without verifying the sender. accept local_parts = postmaster domains = +local_domains # Deny unless the sender address can be verified. require verify = sender # Accept if the message comes from one of the hosts for which we are an # outgoing relay. It is assumed that such hosts are most likely to be MUAs, # so we set control=submission to make Exim treat the message as a # submission. It will fix up various errors in the message, for example, the # lack of a Date: header line. If you are actually relaying out out from # MTAs, you may want to disable this. If you are handling both relaying from # MTAs and submissions from MUAs you should probably split them into two # lists, and handle them differently. # Recipient verification is omitted here, because in many cases the clients # are dumb MUAs that don't cope well with SMTP error responses. If you are # actually relaying out from MTAs, you should probably add recipient # verification here. # Note that, by putting this test before any DNS black list checks, you will # always accept from these hosts, even if they end up on a black list. The # assumption is that they are your friends, and if they get onto a black # list, it is a mistake. accept hosts = +relay_from_hosts control = submission control = dkim_disable_verify # Accept if the message arrived over an authenticated connection, from # any host. Again, these messages are usually from MUAs, so recipient # verification is omitted, and submission mode is set. And again, we do this # check before any black list tests. accept authenticated = * control = submission control = dkim_disable_verify # Insist that a HELO/EHLO was accepted. require message = nice hosts say HELO first condition = ${if def:sender_helo_name} # Insist that any other recipient address that we accept is either in one of # our local domains, or is in a domain for which we explicitly allow # relaying. Any other domain is rejected as being unacceptable for relaying. require message = relay not permitted domains = +local_domains : +relay_to_domains # We also require all accepted addresses to be verifiable. This check will # do local part verification for local domains, but only check the domain # for remote domains. The only way to check local parts for the remote # relay domains is to use a callout (add /callout), but please read the # documentation about callouts before doing this. require verify = recipient ############################################################################# # There are no default checks on DNS black lists because the domains that # contain these lists are changing all the time. However, here are two # examples of how you can get Exim to perform a DNS black list lookup at this # point. The first one denies, whereas the second just warns. # # deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text # dnslists = black.list.example # # warn dnslists = black.list.example # add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain # log_message = found in $dnslist_domain ############################################################################# ############################################################################# # This check is commented out because it is recognized that not every # sysadmin will want to do it. If you enable it, the check performs # Client SMTP Authorization (csa) checks on the sending host. These checks # do DNS lookups for SRV records. The CSA proposal is currently (May 2005) # an Internet draft. You can, of course, add additional conditions to this # ACL statement to restrict the CSA checks to certain hosts only. # # require verify = csa ############################################################################# # At this point, the address has passed all the checks that have been # configured, so we accept it unconditionally. accept # This ACL is used after the contents of a message have been received. This # is the ACL in which you can test a message's headers or body, and in # particular, this is where you can invoke external virus or spam scanners. # Some suggested ways of configuring these tests are shown below, commented # out. Without any tests, this ACL accepts all messages. If you want to use # such tests, you must ensure that Exim is compiled with the content-scanning # extension (WITH_CONTENT_SCAN=yes in Local/Makefile). acl_check_data: # Deny if the message contains an overlong line. Per the standards # we should never receive one such via SMTP. # deny condition = ${if > {$max_received_linelength}{998}} # Deny if the message contains a virus. Before enabling this check, you # must install a virus scanner and set the av_scanner option above. # # deny malware = * # message = This message contains a virus ($malware_name). # Add headers to a message if it is judged to be spam. Before enabling this, # you must install SpamAssassin. You may also need to set the spamd_address # option above. # # warn spam = nobody # add_header = X-Spam_score: $spam_score\n\ # X-Spam_score_int: $spam_score_int\n\ # X-Spam_bar: $spam_bar\n\ # X-Spam_report: $spam_report # Accept the message. accept ###################################################################### # ROUTERS CONFIGURATION # # Specifies how addresses are handled # ###################################################################### # THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! # # An address is passed to each router in turn until it is accepted. # ###################################################################### begin routers # This router routes to remote hosts over SMTP by explicit IP address, # when an email address is given in "domain literal" form, for example, # . The RFCs require this facility. However, it is # little-known these days, and has been exploited by evil people seeking # to abuse SMTP relays. Consequently it is commented out in the default # configuration. If you uncomment this router, you also need to uncomment # allow_domain_literals above, so that Exim can recognize the syntax of # domain literal addresses. # domain_literal: # driver = ipliteral # domains = ! +local_domains # transport = remote_smtp # This router routes addresses that are not in local domains by doing a DNS # lookup on the domain name. The exclamation mark that appears in "domains = ! # +local_domains" is a negating operator, that is, it can be read as "not". The # recipient's domain must not be one of those defined by "domainlist # local_domains" above for this router to be used. # # If the router is used, any domain that resolves to 0.0.0.0 or to a loopback # interface address (127.0.0.0/8) is treated as if it had no DNS entry. Note # that 0.0.0.0 is the same as 0.0.0.0/32, which is commonly treated as the # local host inside the network stack. It is not 0.0.0.0/0, the default route. # If the DNS lookup fails, no further routers are tried because of the no_more # setting, and consequently the address is unrouteable. dnslookup: driver = dnslookup domains = ! +local_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 # if ipv6-enabled then instead use: # ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1 no_more # This alternative router can be used when you want to send all mail to a # server which handles DNS lookups for you; an ISP will typically run such # a server for their customers. If you uncomment "smarthost" then you # should comment out "dnslookup" above. Setting a real hostname in route_data # wouldn't hurt either. # smarthost: # driver = manualroute # domains = ! +local_domains # transport = remote_smtp # route_data = MAIL.HOSTNAME.FOR.CENTRAL.SERVER.EXAMPLE # ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1 # no_more # The remaining routers handle addresses in the local domain(s), that is those # domains that are defined by "domainlist local_domains" above. # This router handles aliasing using a linearly searched alias file with the # name /etc/mail/aliases. When this configuration is installed automatically, # the name gets inserted into this file from whatever is set in Exim's # build-time configuration. The default path is the traditional /etc/mail/aliases. # If you install this configuration by hand, you need to specify the correct # path in the "data" setting below. # ##### NB You must ensure that the alias file exists. It used to be the case ##### NB that every Unix had that file, because it was the Sendmail default. ##### NB These days, there are systems that don't have it. Your aliases ##### NB file should at least contain an alias for "postmaster". # # If any of your aliases expand to pipes or files, you will need to set # up a user and a group for these deliveries to run under. You can do # this by uncommenting the "user" option below (changing the user name # as appropriate) and adding a "group" option if necessary. Alternatively, you # can specify "user" on the transports that are used. Note that the transports # listed below are the same as are used for .forward files; you might want # to set up different ones for pipe and file deliveries from aliases. system_aliases: driver = redirect allow_fail allow_defer data = ${lookup{$local_part}lsearch{/etc/mail/aliases}} # user = exim file_transport = address_file pipe_transport = address_pipe # Dovecot local_users: debug_print = "R: local_user for $local_part@$domain" driver = accept domains = +local_domains transport = dovecot_lmtp cannot_route_message = Unknown user ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### # A transport is used only when referenced from a router that successfully # handles an address. begin transports # This transport is used for delivering messages over SMTP connections. # Refuse to send any message with over-long lines, which could have # been received other than via SMTP. The use of message_size_limit to # enforce this is a red herring. remote_smtp: driver = smtp message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}} # This transport is used for local delivery to user mailboxes in traditional # BSD mailbox format. By default it will be run under the uid and gid of the # local user, and requires the sticky bit to be set on the /var/mail directory. # Some systems use the alternative approach of running mail deliveries under a # particular group instead of using the sticky bit. The commented options below # show how this can be done. local_delivery: driver = appendfile file = /var/mail/$local_part delivery_date_add envelope_to_add return_path_add # group = mail # mode = 0660 # This transport is used for handling pipe deliveries generated by alias or # .forward files. If the pipe generates any standard output, it is returned # to the sender of the message as a delivery error. Set return_fail_output # instead of return_output if you want this to happen only when the pipe fails # to complete normally. You can set different transports for aliases and # forwards if you want to - see the references to address_pipe in the routers # section above. address_pipe: driver = pipe return_output # This transport is used for handling deliveries directly to files that are # generated by aliasing or forwarding. address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add # This transport is used for handling autoreplies generated by the filtering # option of the userforward router. address_reply: driver = autoreply # Dean: http://wiki2.dovecot.org/LMTP/Exim dovecot_lmtp: driver = lmtp socket = /var/run/dovecot/lmtp ###################################################################### # RETRY CONFIGURATION # ###################################################################### begin retry # This single retry rule applies to all domains and all errors. It specifies # retries every 15 minutes for 2 hours, then increasing retry intervals, # starting at 1 hour and increasing each time by a factor of 1.5, up to 16 # hours, then retries every 6 hours until 4 days have passed since the first # failed delivery. # WARNING: If you do not have any retry rules at all (this section of the # configuration is non-existent or empty), Exim will not do any retries of # messages that fail to get delivered at the first attempt. The effect will # be to treat temporary errors as permanent. Therefore, DO NOT remove this # retry rule unless you really don't want any retries. # Address or Domain Error Retries # ----------------- ----- ------- #* * F,2h,15m; G,16h,1h,1.5; F,4d,6h ###################################################################### # REWRITE CONFIGURATION # ###################################################################### # There are no rewriting specifications in this default configuration file. begin rewrite ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### begin authenticators dovecot_login: driver = dovecot public_name = LOGIN server_socket = /var/run/dovecot/auth-client server_set_id = $auth1 server_advertise_condition = 1 dovecot_plain: driver = dovecot public_name = PLAIN server_socket = /var/run/dovecot/auth-client server_set_id = $auth1 From jeff.sipek at dovecot.fi Tue Aug 23 08:08:56 2016 From: jeff.sipek at dovecot.fi (Josef 'Jeff' Sipek) Date: Tue, 23 Aug 2016 04:08:56 -0400 Subject: Director/Doveadm: Trying to iterate users, but userdbs don't support it In-Reply-To: References: Message-ID: <20160823080855.GB3952@meili> On Wed, Jul 06, 2016 at 16:21:59 +0200, Tom Sommer wrote: > On the director (which is set to proxy doveadm commands): > > # doveadm force-resync -A "*" > Error: User listing returned failure > doveadm: Error: Failed to iterate through some users I'm trying to reproduce this, but I can iterate users just fine (I'm iterating them through `doveadm user -u "*"`). Can you share your config (`dovecot -n` output)? Thanks, Jeff. > --- > Tom > > On 2016-07-06 16:20, Tom Sommer wrote: > > Hi > > > > I'm doing: doveadm force-resync -S director1:1234 -A "*" > > > > The director gives this error: > > > > Jul 06 16:17:29 auth: Error: Trying to iterate users, but userdbs > > don't support it > > Jul 06 16:17:29 doveadm: Error: User listing returned failure > > Jul 06 16:17:29 doveadm: Error: Failed to iterate through some users > > > > The director has "iterate_query" set -- Hegh QaQ law' quvHa'ghach QaQ puS From sami.ketola at dovecot.fi Tue Aug 23 08:57:34 2016 From: sami.ketola at dovecot.fi (Sami Ketola) Date: Tue, 23 Aug 2016 11:57:34 +0300 Subject: Change dovecot hostname In-Reply-To: References: Message-ID: <148D76FB-4247-4BA9-AE43-9A3FB021726B@dovecot.fi> Hi, Looking at the source code it seems that the fqdn used in the lmtp received headers is fetched from environment variable DOVECOT_HOSTDOMAIN and if that is not defined gethostbyname() is used. You can try setting that prior launching dovecot. Sami > On 19 Aug 2016, at 21:43, Scott W. Sander wrote: > > I have noticed that the name of my private server running dovecot appears > in email headers rather than the public-friendly name of my server. > > Is there a method to specify an alternate server name for the dovecot > server to use for itself in the dovecot configuration files? I performed a > few Google searches and was not able to find the answer to my question. > > ------- > > user at server1:~$ dovecot --version > 2.2.9 > user at server1:~$ dovecot -n > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.16.0-77-generic x86_64 Ubuntu 14.04.4 LTS ext4 > auth_mechanisms = plain login > info_log_path = /var/log/dovecot.log > log_path = /var/log/dovecot.log > mail_location = maildir:/var/mail/vhosts/%d/%n > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users > driver = passwd-file > } > protocols = " imap lmtp pop3" > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > } > service imap-login { > inet_listener imaps { > port = 993 > ssl = yes > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service pop3-login { > inet_listener pop3s { > port = 995 > ssl = yes > } > } > ssl = required > ssl_cert = ssl_key = userdb { > args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n > driver = static > } From cleber-listas at inetweb.com.br Tue Aug 23 12:08:26 2016 From: cleber-listas at inetweb.com.br (cleber-listas at inetweb.com.br) Date: Tue, 23 Aug 2016 09:08:26 -0300 Subject: Possible IMAP IDLE bug in Dovecot 2.2.18 and 2.2.25 In-Reply-To: References: Message-ID: <8342cb2ec3f04318b0da8c4d73b0bdef@inetweb.com.br> Hello Guys, I guess that I found a bug in Dovecot 2.2.18 and 2.2.25 versions. The problem it's when I try to connect in a Dovecot used a proxy to another e-mail server (in our case it's a Smartermail Server) the DoveCot send a lot of IDLE commands to the destination server. With that, the LOG files grow and grow and grow :( I make a test with 1 connection only and if you see the log file in the same second the dovecot send 25, 40 IDLE commands. But, when I disconnect the client (outlook 2013) the dovecot continue to send the IDLE command for some seconds. If I try to connect directly to Smartermail with Outlook this don't occurrs. Bellow the LOG FILE: 16:08:08 [192.168.202.11][21425199] connected at 22/08/2016 16:08:08 16:08:08 [192.168.202.11][21425199] command: C CAPABILITY 16:08:09 [192.168.202.11][21425199] command: L LOGIN "cleber at testdomain.com.br" XXXX 16:08:09 [192.168.202.11][21425199] cleber at testdomain.com.br logged in 16:08:09 [192.168.202.11][21425199] command: 36mc IDLE 16:08:09 [192.168.202.11][21425199] command: 2x04 ID ("name" "Microsoft Outlook" "version" "15.0.4849.1000") 16:08:09 [192.168.202.11][21425199] response: 2x04 BAD Command does not exist or is not implemented 16:08:09 [192.168.202.11][21425199] command: g4zp LSUB "" "*" 16:08:09 [192.168.202.11][21425199] command: pv81 IDLE 16:08:09 [192.168.202.11][21425199] command: 2it1 SELECT "INBOX" 16:08:09 [192.168.202.11][21425199] response: * 912 EXISTS 16:08:09 [192.168.202.11][21425199] response: * 0 RECENT 16:08:09 [192.168.202.11][21425199] response: * OK [UNSEEN 904] Message 904 is first unseen 16:08:09 [192.168.202.11][21425199] response: * OK [UIDVALIDITY 1] UIDs valid 16:08:09 [192.168.202.11][21425199] response: * OK [UIDNEXT 26830] Predicted next UID 16:08:09 [192.168.202.11][21425199] response: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) 16:08:09 [192.168.202.11][21425199] response: * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft)] 16:08:09 [192.168.202.11][21425199] response: 2it1 OK [READ-WRITE] SELECT completed 16:08:09 [192.168.202.11][21425199] command: a6tj IDLE 16:08:09 [192.168.202.11][21425199] command: bn09 FETCH 912 (UID) 16:08:09 [192.168.202.11][21425199] command: 78b6 IDLE 16:08:09 [192.168.202.11][21425199] command: q13w UID FETCH 1:26829 (UID FLAGS) 16:08:09 [192.168.202.11][21425199] command: p02s IDLE 16:08:09 [192.168.202.11][21425199] command: 9de9 IDLE 16:08:09 [192.168.202.11][21425199] command: xjyf IDLE 16:08:09 [192.168.202.11][21425199] command: holb IDLE 16:08:09 [192.168.202.11][21425199] command: sfbq IDLE 16:08:09 [192.168.202.11][21425199] command: tuvb IDLE 16:08:09 [192.168.202.11][21425199] command: hv13 IDLE 16:08:09 [192.168.202.11][21425199] command: ctgw IDLE 16:08:09 [192.168.202.11][21425199] command: s00g IDLE 16:08:09 [192.168.202.11][21425199] command: 9zx1 IDLE 16:08:09 [192.168.202.11][21425199] command: dtu2 IDLE 16:08:09 [192.168.202.11][21425199] command: 1brp IDLE 16:08:09 [192.168.202.11][21425199] command: vhds IDLE 16:08:09 [192.168.202.11][21425199] command: cp9s IDLE 16:08:09 [192.168.202.11][21425199] command: hx1b IDLE 16:08:09 [192.168.202.11][21425199] command: 6thy IDLE 16:08:09 [192.168.202.11][21425199] command: 4ert IDLE 16:08:09 [192.168.202.11][21425199] command: cy32 IDLE 16:08:09 [192.168.202.11][21425199] command: z7ku IDLE 16:08:09 [192.168.202.11][21425199] command: xeqd IDLE 16:08:09 [192.168.202.11][21425199] command: gqis IDLE 16:08:09 [192.168.202.11][21425199] command: bdz2 IDLE 16:08:09 [192.168.202.11][21425199] command: zzyq IDLE 16:08:09 [192.168.202.11][21425199] command: 41do IDLE 16:08:09 [192.168.202.11][21425199] command: 7k73 IDLE 16:08:10 [192.168.202.11][21425199] command: 5989 IDLE 16:08:10 [192.168.202.11][21425199] command: lyt4 IDLE 16:08:10 [192.168.202.11][21425199] command: 8ji4 IDLE 16:08:10 [192.168.202.11][21425199] command: pt5b IDLE 16:08:10 [192.168.202.11][21425199] command: ha2s IDLE 16:08:10 [192.168.202.11][21425199] command: ay0x IDLE 16:08:10 [192.168.202.11][21425199] command: t66x IDLE 16:08:10 [192.168.202.11][21425199] command: pf4j IDLE 16:08:10 [192.168.202.11][21425199] command: 2q5x IDLE 16:08:10 [192.168.202.11][21425199] command: wdup IDLE 16:08:10 [192.168.202.11][21425199] command: ii7b IDLE 16:08:10 [192.168.202.11][21425199] command: 2g4k IDLE 16:08:10 [192.168.202.11][21425199] command: lxxg IDLE 16:08:10 [192.168.202.11][21425199] command: vilu IDLE 16:08:10 [192.168.202.11][21425199] command: ms05 IDLE 16:08:10 [192.168.202.11][21425199] command: 8ugb IDLE 16:08:10 [192.168.202.11][21425199] command: 1vfo IDLE 16:08:10 [192.168.202.11][21425199] command: s78s IDLE 16:08:10 [192.168.202.11][21425199] command: 7h2k IDLE 16:08:10 [192.168.202.11][21425199] command: 0het IDLE 16:08:10 [192.168.202.11][21425199] command: rgj7 IDLE 16:08:10 [192.168.202.11][21425199] command: myx3 IDLE 16:08:10 [192.168.202.11][21425199] command: oi5h IDLE 16:08:10 [192.168.202.11][21425199] command: p4mr IDLE 16:08:10 [192.168.202.11][21425199] command: z0dn IDLE 16:08:10 [192.168.202.11][21425199] command: ivj4 IDLE 16:08:10 [192.168.202.11][21425199] command: vxt4 IDLE 16:08:10 [192.168.202.11][21425199] command: mj9c IDLE 16:08:10 [192.168.202.11][21425199] command: 0cf3 IDLE 16:08:10 [192.168.202.11][21425199] command: u215 IDLE 16:08:10 [192.168.202.11][21425199] command: czw6 IDLE 16:08:10 [192.168.202.11][21425199] command: t3nw IDLE 16:08:10 [192.168.202.11][21425199] command: ixmt IDLE 16:08:10 [192.168.202.11][21425199] command: o3qi IDLE 16:08:10 [192.168.202.11][21425199] command: ca1l IDLE 16:08:10 [192.168.202.11][21425199] command: 3r67 IDLE 16:08:10 [192.168.202.11][21425199] command: 8rmq IDLE 16:08:10 [192.168.202.11][21425199] command: yi76 IDLE 16:08:10 [192.168.202.11][21425199] command: 7doe IDLE 16:08:10 [192.168.202.11][21425199] command: 1xzf IDLE 16:08:10 [192.168.202.11][21425199] command: y78i IDLE 16:08:10 [192.168.202.11][21425199] command: 7g2f IDLE 16:08:10 [192.168.202.11][21425199] command: vmvn IDLE 16:08:10 [192.168.202.11][21425199] command: m9z5 IDLE 16:08:10 [192.168.202.11][21425199] command: cq7q IDLE 16:08:11 [192.168.202.11][21425199] command: 3c54 IDLE 16:08:11 [192.168.202.11][21425199] command: otih IDLE 16:08:11 [192.168.202.11][21425199] command: uuhy IDLE 16:08:11 [192.168.202.11][21425199] command: 7dya IDLE 16:08:11 [192.168.202.11][21425199] command: i2rb IDLE 16:08:11 [192.168.202.11][21425199] command: 13kl IDLE 16:08:11 [192.168.202.11][21425199] command: mbxe IDLE 16:08:11 [192.168.202.11][21425199] command: 0oz5 IDLE 16:08:11 [192.168.202.11][21425199] command: ymn7 IDLE 16:08:11 [192.168.202.11][21425199] command: vavf IDLE 16:08:11 [192.168.202.11][21425199] command: 3vdh IDLE 16:08:11 [192.168.202.11][21425199] command: rnci IDLE 16:08:11 [192.168.202.11][21425199] command: n3gu IDLE 16:08:11 [192.168.202.11][21425199] command: gu0f IDLE 16:08:11 [192.168.202.11][21425199] command: gewp IDLE 16:08:11 [192.168.202.11][21425199] command: vu84 IDLE 16:08:11 [192.168.202.11][21425199] command: d1rz IDLE 16:08:11 [192.168.202.11][21425199] command: 7nz9 IDLE 16:08:11 [192.168.202.11][21425199] command: trs9 IDLE 16:08:11 [192.168.202.11][21425199] command: yqlo IDLE 16:08:11 [192.168.202.11][21425199] command: 2jtj IDLE 16:08:11 [192.168.202.11][21425199] command: 085e IDLE 16:08:11 [192.168.202.11][21425199] command: 2jyw IDLE 16:08:11 [192.168.202.11][21425199] command: ycwo IDLE 16:08:11 [192.168.202.11][21425199] command: iemo IDLE 16:08:11 [192.168.202.11][21425199] command: eien IDLE 16:08:11 [192.168.202.11][21425199] command: lxi2 IDLE 16:08:11 [192.168.202.11][21425199] command: uhug IDLE 16:08:11 [192.168.202.11][21425199] command: jabp IDLE 16:08:11 [192.168.202.11][21425199] command: v1hf IDLE 16:08:11 [192.168.202.11][21425199] command: s0pp IDLE 16:08:11 [192.168.202.11][21425199] command: i4qi IDLE 16:08:11 [192.168.202.11][21425199] command: bc7b IDLE 16:08:11 [192.168.202.11][21425199] command: 6kxh IDLE 16:08:11 [192.168.202.11][21425199] command: bd0a IDLE 16:08:11 [192.168.202.11][21425199] command: i578 IDLE 16:08:11 [192.168.202.11][21425199] command: 4fb8 IDLE 16:08:11 [192.168.202.11][21425199] command: y259 IDLE 16:08:11 [192.168.202.11][21425199] command: tftj IDLE 16:08:11 [192.168.202.11][21425199] command: vm65 IDLE 16:08:11 [192.168.202.11][21425199] command: 2seb IDLE 16:08:11 [192.168.202.11][21425199] command: 2tu4 IDLE 16:08:11 [192.168.202.11][21425199] command: 7fq3 IDLE 16:08:11 [192.168.202.11][21425199] command: nydu IDLE 16:08:11 [192.168.202.11][21425199] command: 5na0 IDLE My dovecot -n config: # 2.2.25 (7be1766): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-642.1.1.el6.x86_64 x86_64 CentOS release 6.8 (Final) auth_cache_negative_ttl = 0 auth_cache_ttl = 0 auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain base_dir = /var/run/dovecot/ debug_log_path = /var/log/dovecot/debug.log disable_plaintext_auth = no info_log_path = /var/log/dovecot/info.log log_path = /var/log/dovecot/dovecot.log passdb { args = /usr/local/etc/dovecot/conf.d/10-mysql.conf driver = sql } protocols = pop3 imap service imap-login { service_count = 0 vsz_limit = 512 M } service pop3-login { process_min_avail = 1 service_count = 0 } ssl_ca = Hello, Sometime when we receive a spam or virus that is detected as it, mailer daemon send a reply to the sender to inform that the message is a spam or content viruses. The problem is that the sender of the spam as something like voicemail at ourdomain.fr ( the user voicemail doesn't exist in our database ) And sometimes dovecot create the directory and store the reply 's mail... Aug 23 16:07:31 mail3 postfix/cleanup[15687]: C7EEB406FFFD: message-id=<20160823140731.C7EEB406FFFD at mail3.ourdomain.fr> Aug 23 16:07:31 mail3 postfix/qmgr[12987]: C7EEB406FFFD: from=<>, size=14280, nrcpt=1 (queue active) Aug 23 16:07:31 mail3 postfix/bounce[15800]: 824D7406FFFC: sender non-delivery notification: C7EEB406FFFD Aug 23 16:07:31 mail3 postfix/qmgr[12987]: 824D7406FFFC: removed Aug 23 16:07:31 mail3 dovecot: auth: Debug: master in: USER#0111#011voicemail#011service=lda Aug 23 16:07:31 mail3 dovecot: auth: Debug: userdb out: USER#0111#011voicemail#011uid=1001#011gid=1001#011home=/home/vmail/voicemail Aug 23 16:07:31 mail3 dovecot: lda(voicemail): msgid=<20160823140731.C7EEB406FFFD at mail3.ourdomain.fr>: saved mail to INBOX Aug 23 16:07:31 mail3 postfix/pipe[15791]: C7EEB406FFFD: to=, relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service) Aug 23 16:07:31 mail3 postfix/qmgr[12987]: C7EEB406FFFD: removed here is the stored mail : Return-Path: Delivered-To: voicemail at ourdomain.fr Received: by mail3.ourdomain.fr (Postfix) id C7EEB406FFFD; Tue, 23 Aug 2016 16:07:31 +0200 (CEST) Date: Tue, 23 Aug 2016 16:07:31 +0200 (CEST) From: MAILER-DAEMON at ourdomain.fr (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: voicemail at ourdomain.fr Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="824D7406FFFC.1471961251/mail3.ourdomain.fr" Message-Id: <20160823140731.C7EEB406FFFD at mail3.ourdomain.fr> This is a MIME-encapsulated message. --824D7406FFFC.1471961251/mail3.ourdomain.fr Content-Description: Notification Content-Type: text/plain; charset=us-ascii This is the mail system at host mail3.ourdomain.fr. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system (expanded from ): host mails.collaboration-sfr.com[86.64.240.34] said: 552 5.2.0 reject for policy reason : spam detected in your mail (in reply to end of DATA command) --824D7406FFFC.1471961251/mail3.ourdomain.fr Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; mail3.ourdomain.fr X-Postfix-Queue-ID: 824D7406FFFC X-Postfix-Sender: rfc822; voicemail at ourdomain.fr Arrival-Date: Tue, 23 Aug 2016 16:07:29 +0200 (CEST) Final-Recipient: rfc822; existing.user at ourdomain.com Original-Recipient: rfc822;existing.user at ourdomain.fr Action: failed Status: 5.2.0 Remote-MTA: dns; mails.collaboration-sfr.com Diagnostic-Code: smtp; 552 5.2.0 reject for policy reason : spam detected in your mail --824D7406FFFC.1471961251/mail3.ourdomain.fr Content-Description: Undelivered Message Content-Type: message/rfc822 Return-Path: Received: from 177.222.108.254.dynamic.on.com.br (unknown [177.222.108.254]) by mail3.ourdomain.fr (Postfix) with ESMTP id 824D7406FFFC for ; Tue, 23 Aug 2016 16:07:29 +0200 (CEST) From:voicemail at ourdomain.fr To:existing.user at ourdomain.fr Subject: [Vigor2820 Series] New voice mail message from 01425939048 on 2016/08/23 11:07:28 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="5A1b791c537d41f1" --5A1b791c537d41f1 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Dear existing.user : There is a message for you from 01425939048, on 2016/08/23 11:07:28 . You might want to check it when you get a chance.Thanks! --5A1b791c537d41f1 Content-Type: audio/x-wav; name="Message_from_01425939048.wav.zip" Content-Transfer-Encoding: BASE64 Content-Description: Voicemail sound attachment. Content-Disposition: attachment; filename="Message_from_01425939048.wav.zip" UEsDBBQAAAAIAGZiF0n9ycl98x4AAE54AAAQAAAAODU5MjE2MjE1MDA4LndzZuxbW2/jWHJ+ dgP9H9hCMJbaHrWuljW2e2FJlCz1iLJk3T39QJG0SIkXNS/WpcdAZgYJctmXBNgE+7jAArkB uTzkKUD+jLFJ9l+kDnl4Ubd4KM/0dIBgG6ZskfVV1amqU6fqHPb5L1aK/IvXz5+dL1huzk4F 9OdMm1ASf3HYuCq9YZqHr891SzUlBT17/ozC/855weB0aWFKmvo6cPvV9n3nyfkrl8W585CS WXVqgTyQcmPfATEvbsuVy+7lLULdmLqkTpMLXTM1c70QkhPBMDVZ40SVFQW9X+85P6ZpavCP ... I don't understand why I don't have the same behavior that when I send a mail to a non existant address ( : Recipient address rejected: User unknown in virtual mailbox table ) How can I fix it? Thanks a lot! Samuel From aki.tuomi at dovecot.fi Tue Aug 23 16:08:50 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 23 Aug 2016 19:08:50 +0300 (EEST) Subject: virtual users, mailer daemon send mails to non existant recipient and dovecot store it In-Reply-To: References: Message-ID: <2050143555.2950.1471968531042@appsuite-dev.open-xchange.com> > On August 23, 2016 at 6:57 PM Sam wrote: > > > Hello, > > Sometime when we receive a spam or virus that is detected as it, mailer > daemon send a reply to the sender to inform that the message is a spam > or content viruses. > > The problem is that the sender of the spam as something like > voicemail at ourdomain.fr ( the user voicemail doesn't exist in our database ) > > And sometimes dovecot create the directory and store the reply 's mail... > > > > I don't understand why I don't have the same behavior that when I send a > mail to a non existant address ( : Recipient > address rejected: User unknown in virtual mailbox table ) > > How can I fix it? > > Thanks a lot! > > Samuel Please provide doveconf -n output. Aki From aki.tuomi at dovecot.fi Tue Aug 23 16:15:07 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 23 Aug 2016 19:15:07 +0300 Subject: Possible IMAP IDLE bug in Dovecot 2.2.18 and 2.2.25 In-Reply-To: <8342cb2ec3f04318b0da8c4d73b0bdef@inetweb.com.br> References: <8342cb2ec3f04318b0da8c4d73b0bdef@inetweb.com.br> Message-ID: <4baf627e-c7af-8202-5955-0ea274ed3910@dovecot.fi> On 23.08.2016 15:08, cleber-listas at inetweb.com.br wrote: > Hello Guys, > I guess that I found a bug in Dovecot 2.2.18 and 2.2.25 versions. The > problem it's when I try to connect in a Dovecot used a proxy to another > e-mail server (in our case it's a Smartermail Server) the DoveCot send a > lot of IDLE commands to the destination server. With that, the LOG files > grow and grow and grow :( > > I make a test with 1 connection only and if you see the log file in the > same second the dovecot send 25, 40 IDLE commands. But, when I disconnect > the client (outlook 2013) the dovecot continue to send the IDLE command for > some seconds. > > If I try to connect directly to Smartermail with Outlook this don't > occurrs. > > Just to be sure, the behaviour you are expecting is that IDLE is not used, right? Aki From aki.tuomi at dovecot.fi Tue Aug 23 16:24:52 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 23 Aug 2016 19:24:52 +0300 Subject: Possible IMAP IDLE bug in Dovecot 2.2.18 and 2.2.25 In-Reply-To: <4baf627e-c7af-8202-5955-0ea274ed3910@dovecot.fi> References: <8342cb2ec3f04318b0da8c4d73b0bdef@inetweb.com.br> <4baf627e-c7af-8202-5955-0ea274ed3910@dovecot.fi> Message-ID: <47fc8045-b609-039c-a446-8c3810d8c67a@dovecot.fi> On 23.08.2016 19:15, Aki Tuomi wrote: > > > On 23.08.2016 15:08, cleber-listas at inetweb.com.br wrote: >> Hello Guys, >> I guess that I found a bug in Dovecot 2.2.18 and 2.2.25 versions. The >> problem it's when I try to connect in a Dovecot used a proxy to another >> e-mail server (in our case it's a Smartermail Server) the DoveCot send a >> lot of IDLE commands to the destination server. With that, the LOG files >> grow and grow and grow :( >> I make a test with 1 connection only and if you see the log file >> in the >> same second the dovecot send 25, 40 IDLE commands. But, when I >> disconnect >> the client (outlook 2013) the dovecot continue to send the IDLE >> command for >> some seconds. >> If I try to connect directly to Smartermail with Outlook this don't >> occurrs. >> > > Just to be sure, the behaviour you are expecting is that IDLE is not > used, right? > > Aki Also, looking at the code, IDLE is only used if your server claims to understand it, so could you do following: telnet backend-host backend-port a CAPABILITY a LOGIN username password a CAPABILITY a LOGOUT and provide the output. Aki From sean at seangreenslade.com Tue Aug 23 18:07:45 2016 From: sean at seangreenslade.com (Sean Greenslade) Date: Tue, 23 Aug 2016 14:07:45 -0400 Subject: virtual users, mailer daemon send mails to non existant recipient and dovecot store it In-Reply-To: References: Message-ID: <20160823180745.GB20482@coach.home> On Tue, Aug 23, 2016 at 05:57:37PM +0200, Sam wrote: > Hello, > > Sometime when we receive a spam or virus that is detected as it, mailer > daemon send a reply to the sender to inform that the message is a spam or > content viruses. You probably shouldn't do this. The vast majority of spam / virus emails are sent from compromised machines / botnets, use fake return paths, and either don't monitor replies, or just use replies to verify that the email address is valid and send more spam to it. Or worse, it can turn your server into a spamming machine if the return addresses are set to other people's email addresses. There are several valid ways of handling spam, depending on how your mail architecture works. One is to reject incoming spam messages at the receiving mailserver. The downside is that this leaks information to the spammers about what spam methods actually get through or not. Another method is to accept all incoming messages, then sort / quarantine / blackhole any spam. The downside is that this makes your server seem more accepting, which may attract more spam. I personally take the second approach, though which is better will definitely depend on how your specific system works. If you're really dead set on having some sort of auto reply, at the very least make it only reply to senders that have historically sent good messages (e.g. some sort of whitelist). --Sean From ben at indietorrent.org Tue Aug 23 18:20:04 2016 From: ben at indietorrent.org (Ben Johnson) Date: Tue, 23 Aug 2016 14:20:04 -0400 Subject: dovecot-lda core-dumps when antispam pipe script calls it In-Reply-To: References: <3f95a9de-9d17-b40a-2f12-7ab73bf9a73f@indietorrent.org> <20160819025849.GA93798@thinkpad.my.domain> <121af0846522467a88f9bf240fc20e89@indietorrent.org> Message-ID: <05ebcc47e4f90e93bb3196b04c1c17e1@indietorrent.org> On 2016-08-22 03:19, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 19 Aug 2016, ben at indietorrent.org wrote: >> On 2016-08-19 12:17, ben at indietorrent.org wrote: >>> Aha! Clearly, the vmail user cannot read from nor write to /tmp. (Why >>> that is, I have no idea, as the /tmp directory's permissions >>> certainly Thank you very much for taking the time to investigate my use-case and help me work through this, Steffen. I really appreciate it. > > Do you have SELinux active? > See almost at the end of > http://wiki2.dovecot.org/WhyDoesItNotWork?highlight=%28selinux%29 > No. # apparmor_status The program 'apparmor_status' is currently not installed. You can install it by typing: apt install apparmor # sestatus The program 'sestatus' is currently not installed. You can install it by typing: apt install policycoreutils >>> allow for both; maybe Dovecot implements this as a security measure.) > > No. Dovecot does not implement anything like that. > Do you chroot ? > No. Certainly not intentionally, anyway. >> The strace output that I'm capturing in the pipe script pinpointed the >> problem: >> >> open("/root/~/tmp/sendmail-msg-26272.txt", O_RDONLY) = -1 EACCES >> (Permission denied) > > Er, '/root/~/tmp/' ?? > I know. It's weird. Presumably, Bash is responsible for this "unusual" expansion. The raw script source has ~/tmp, so why would Bash prepend it with "/root/", especially when the script is executed as the "vmail" user? Perhaps it's academic at this point, because I've changed all paths to be absolute and they are now resolved correctly. > > First: check the SELinux thing. > Second: Do you run in a chrooted environment? > Third: Enclose all your script with logging, e.g.: > > #!/bin/bash > ( > date > echo "$@" > id > id -a > echo environment > env > set > # check for chroot > echo stat / > stat / > echo /proc/1/mountinfo > awk '$5=="/" {print}' echo /proc/$$/mountinfo > awk '$5=="/" {print}' # enable bash tracing > set -vx > > ... # old script > ) >> /var/tmp/antispam.$$.log 2>&1 > > Make sure /var/tmp/antispam.$$.log is writeable, maybe create a new > directory with owner vmail. > Make sure you have 2>&1 at the end. Your log misses all the error > messages. > Also, you will now have a log file for each run of the script. > > To check for chroot: > stat / should print inode 2, but any mountpoint has inode 2. > /proc/$$/mountinfo displays the physical information of a mount, if > both differ, the current process is chrooted. "1" should be the init > process. > > In your script: > > for opt; do > if [[ "$*" =~ .*ham.* ]] > > This makes no sense, either use for loop and test "$opt" here, or do > not use for, but use "$*"; .*ham.* should be quoted anyway. Nice catch. I am by no means a Bash wizard, and I cobbled this together 3-4 years ago. I have no idea what I was thinking at the time. I removed the "for" loop, leaving only the regex check, and it seems to work as intended. (FWIW, if I add quotes around the test expression, e.g., ".*ham.*", a match is never found and the check fails.) > cat<&0 >> /tmp/sendmail-msg-$$.txt > Well, if for any reason this file exists, .. > cat - >/tmp/sendmail-msg-$$.txt > > > /usr/lib/dovecot/deliver -d "sa-training at example.com" -m > "Training.$mode" > You've already scraped the message from stdin into a file, so add: > < /tmp/sendmail-msg-$$.txt Yes, but I uncomment that line only for debugging purposes. Normally, I do not take the interim step of saving the message contents to disk, in which case I want dovecot-lda to read from stdin. > About the '-p' switch present in the strace-variant: > Please scan the mailing list for the status of it, IMHO, there had > been lots of trouble in certain cases. > > The strace variant should use -oLogfile.strace.$$.log in order to > separate the output of the command and strace logging. > > - -- Steffen Kaiser Good to know; I have made that adjustment, too. Bash issues aside, I've taken a step back and attempted to make the reproducible test-case as simple as possible, whittling-down the script to only the following, and dovecot-lda still segfaults: http://pastebin.com/zXzBDcvG I've added a couple of things to Dovecot's configuration, but they don't make any difference: # Required for "vmail" user to be able to call dovecot-lda/deliver. # See: http://wiki.dovecot.org/LDA ("Logging" section) service config { unix_listener config { mode = 0600 user = vmail group = vmail } } protocol lda { # Enable logging for dovecot-lda. info_log_path = /var/log/dovecot-lda.log log_path = /var/log/dovecot-lda-errors.log mail_plugins = sieve quota } Yet, nothing is logged to either of these files when the pipe script is called. The permissions on these files look reasonable to me: -rw-rw---- 1 vmail vmail 0 Aug 23 12:02 dovecot-lda-errors.log -rw-rw---- 1 vmail vmail 0 Aug 23 12:01 dovecot-lda.log Here is my current "doveconf -n" output: http://pastebin.com/hCgpA009 At this point, this seems obvious, but the problem is definitely with using dovecot-lda to send the mail. If I simply write the contents of the spam/ham message to disk in the pipe script, it works fine. But that approach feels "hackish" to me, as it doesn't account for sieve, quota, etc. And I want the delivery to be logged. Again, this works fine: # su vmail $ /usr/lib/dovecot/deliver -d "sa-training at example.org" -m "Training.HAM" -p /var/vmail/gtube.txt Here's the output from the logging that we added: http://pastebin.com/rz2f4S4G Does anything jump-out? Thanks again for all your help with this! --Ben > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBV7qnd3z1H7kL/d9rAQJXWQf9E/ucaEXMy10IE5f7JY3tbZVlROGrz+wk > 5rA0/Xe/aFwgNvCzyTX+MV7BblHH//aDwlNs3L4P+bZatCjAVCmoDdQ/WDZ7wr51 > mBq/vOjcullnzz8NHv2+gQgRCKhGGd8M+mVjGUlyK6jXEFjwAaivEnRA86AudZi4 > ybK0CZKw+Pg+VzDcfGjvO4PHZWAxvbqktqVOUhQwEL/+A/CZ7FNSsBuuZug42TGK > tmghQmAKuwY96djSV/vFax8J8WyVnGKBVLpONP9iMllGkZ7MHGacpfm0MSgsIgPv > DTTdjdk1P6FIQ615rp6BRg0JKaTn7COC6YxMnuaNtlXJ2t/M5zoCNA== > =/xgA > -----END PGP SIGNATURE----- From dominik at dominikbreu.de Tue Aug 23 18:39:45 2016 From: dominik at dominikbreu.de (Dominik Breu) Date: Tue, 23 Aug 2016 20:39:45 +0200 Subject: virtual users, mailer daemon send mails to non existant recipient and dovecot store it In-Reply-To: References: Message-ID: <7985A137-DAA7-476C-8860-1EE7AD396BAB@dominikbreu.de> Hey Sam, My view on this is that your Postfix actually send this reply to your system because the bounce is inbound traffic and when you send it from outside is is outbound traffic therefore the virtual file is checked and successfuly blocked this kind of request. Greetings dominik Am 23. August 2016 17:57:37 MESZ, schrieb Sam : >Hello, > >Sometime when we receive a spam or virus that is detected as it, mailer > >daemon send a reply to the sender to inform that the message is a spam >or content viruses. > >The problem is that the sender of the spam as something like >voicemail at ourdomain.fr ( the user voicemail doesn't exist in our >database ) > >And sometimes dovecot create the directory and store the reply 's >mail... > > >Aug 23 16:07:31 mail3 postfix/cleanup[15687]: C7EEB406FFFD: >message-id=<20160823140731.C7EEB406FFFD at mail3.ourdomain.fr> >Aug 23 16:07:31 mail3 postfix/qmgr[12987]: C7EEB406FFFD: from=<>, >size=14280, nrcpt=1 (queue active) >Aug 23 16:07:31 mail3 postfix/bounce[15800]: 824D7406FFFC: sender >non-delivery notification: C7EEB406FFFD >Aug 23 16:07:31 mail3 postfix/qmgr[12987]: 824D7406FFFC: removed >Aug 23 16:07:31 mail3 dovecot: auth: Debug: master in: >USER#0111#011voicemail#011service=lda >Aug 23 16:07:31 mail3 dovecot: auth: Debug: userdb out: >USER#0111#011voicemail#011uid=1001#011gid=1001#011home=/home/vmail/voicemail >Aug 23 16:07:31 mail3 dovecot: lda(voicemail): >msgid=<20160823140731.C7EEB406FFFD at mail3.ourdomain.fr>: saved mail to >INBOX >Aug 23 16:07:31 mail3 postfix/pipe[15791]: C7EEB406FFFD: >to=, relay=dovecot, delay=0.02, >delays=0/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot >service) >Aug 23 16:07:31 mail3 postfix/qmgr[12987]: C7EEB406FFFD: removed > >here is the stored mail : > >Return-Path: >Delivered-To: voicemail at ourdomain.fr >Received: by mail3.ourdomain.fr (Postfix) > id C7EEB406FFFD; Tue, 23 Aug 2016 16:07:31 +0200 (CEST) >Date: Tue, 23 Aug 2016 16:07:31 +0200 (CEST) >From: MAILER-DAEMON at ourdomain.fr (Mail Delivery System) >Subject: Undelivered Mail Returned to Sender >To: voicemail at ourdomain.fr >Auto-Submitted: auto-replied >MIME-Version: 1.0 >Content-Type: multipart/report; report-type=delivery-status; > boundary="824D7406FFFC.1471961251/mail3.ourdomain.fr" >Message-Id: <20160823140731.C7EEB406FFFD at mail3.ourdomain.fr> > >This is a MIME-encapsulated message. > >--824D7406FFFC.1471961251/mail3.ourdomain.fr >Content-Description: Notification >Content-Type: text/plain; charset=us-ascii > >This is the mail system at host mail3.ourdomain.fr. > >I'm sorry to have to inform you that your message could not >be delivered to one or more recipients. It's attached below. > >For further assistance, please send mail to postmaster. > >If you do so, please include this problem report. You can >delete your own text from the attached returned message. > > The mail system > > (expanded from > ): host > mails.collaboration-sfr.com[86.64.240.34] said: 552 5.2.0 > reject for policy reason : spam detected >in your > mail (in reply to end of DATA command) > >--824D7406FFFC.1471961251/mail3.ourdomain.fr >Content-Description: Delivery report >Content-Type: message/delivery-status > >Reporting-MTA: dns; mail3.ourdomain.fr >X-Postfix-Queue-ID: 824D7406FFFC >X-Postfix-Sender: rfc822; voicemail at ourdomain.fr >Arrival-Date: Tue, 23 Aug 2016 16:07:29 +0200 (CEST) > >Final-Recipient: rfc822; existing.user at ourdomain.com >Original-Recipient: rfc822;existing.user at ourdomain.fr >Action: failed >Status: 5.2.0 >Remote-MTA: dns; mails.collaboration-sfr.com >Diagnostic-Code: smtp; 552 5.2.0 reject for >policy > reason : spam detected in your mail > >--824D7406FFFC.1471961251/mail3.ourdomain.fr >Content-Description: Undelivered Message >Content-Type: message/rfc822 > >Return-Path: >Received: from 177.222.108.254.dynamic.on.com.br (unknown >[177.222.108.254]) > by mail3.ourdomain.fr (Postfix) with ESMTP id 824D7406FFFC > for ; Tue, 23 Aug 2016 16:07:29 >+0200 (CEST) >From:voicemail at ourdomain.fr >To:existing.user at ourdomain.fr >Subject: [Vigor2820 Series] New voice mail message from 01425939048 on >2016/08/23 11:07:28 >MIME-Version: 1.0 >Content-Type: multipart/mixed; boundary="5A1b791c537d41f1" > > >--5A1b791c537d41f1 >Content-Type: text/plain; charset=utf-8 >Content-Disposition: inline > >Dear existing.user : > There is a message for you from 01425939048, on 2016/08/23 >11:07:28 . > You might want to check it when you get a chance.Thanks! > > > >--5A1b791c537d41f1 >Content-Type: audio/x-wav; name="Message_from_01425939048.wav.zip" >Content-Transfer-Encoding: BASE64 >Content-Description: Voicemail sound attachment. >Content-Disposition: attachment; >filename="Message_from_01425939048.wav.zip" > >UEsDBBQAAAAIAGZiF0n9ycl98x4AAE54AAAQAAAAODU5MjE2MjE1MDA4LndzZuxbW2/jWHJ+ >dgP9H9hCMJbaHrWuljW2e2FJlCz1iLJk3T39QJG0SIkXNS/WpcdAZgYJctmXBNgE+7jAArkB >uTzkKUD+jLFJ9l+kDnl4Ubd4KM/0dIBgG6ZskfVV1amqU6fqHPb5L1aK/IvXz5+dL1huzk4F >9OdMm1ASf3HYuCq9YZqHr891SzUlBT17/ozC/855weB0aWFKmvo6cPvV9n3nyfkrl8W585CS >WXVqgTyQcmPfATEvbsuVy+7lLULdmLqkTpMLXTM1c70QkhPBMDVZ40SVFQW9X+85P6ZpavCP >... > >I don't understand why I don't have the same behavior that when I send >a >mail to a non existant address ( : Recipient >address rejected: User unknown in virtual mailbox table ) > >How can I fix it? > >Thanks a lot! > >Samuel -- Diese Nachricht wurde von meinem Android-Ger?t mit K-9 Mail gesendet. From ron at cleven.com Tue Aug 23 19:14:27 2016 From: ron at cleven.com (Ron Cleven) Date: Tue, 23 Aug 2016 14:14:27 -0500 (CDT) Subject: dovecot Digest, Vol 160, Issue 25 In-Reply-To: References: Message-ID: <038b885f-6d05-c19f-5ce2-dadc76447ba6@cleven.com> >> >On August 23, 2016 at 6:57 PM Sam wrote: >> > >> > >> >Hello, >> > >> >Sometime when we receive a spam or virus that is detected as it, mailer >> >daemon send a reply to the sender to inform that the message is a spam >> >or content viruses. >> > >> >The problem is that the sender of the spam as something like >> >voicemail at ourdomain.fr ( the user voicemail doesn't exist in our database ) >> > >> >And sometimes dovecot create the directory and store the reply 's mail... >> > >> > If I understand your question correctly, you are sometimes sending an after-the-fact bounce message based upon the return-path in at least some situations where you detect a spam or virus (as opposed to responding with an error code response during the SMTP session)? If my understanding is correct, you should never ever ever ever ever ever ever send those sort of NDR's. Please google "backscatter". From scottwsx96 at gmail.com Tue Aug 23 19:18:03 2016 From: scottwsx96 at gmail.com (Scott W. Sander) Date: Tue, 23 Aug 2016 19:18:03 +0000 Subject: Change dovecot hostname In-Reply-To: <148D76FB-4247-4BA9-AE43-9A3FB021726B@dovecot.fi> References: <148D76FB-4247-4BA9-AE43-9A3FB021726B@dovecot.fi> Message-ID: I'll check out the environment variable method, but I also ran "doveconf | grep hostname" and it returned "hostname = ". This leads me to believe it might be possible to specify a hostname directive in one of Dovecot's configuration files. The problem is 1) I'm not sure that it is truly possible to specify the Dovecot hostname in a configuration file and 2) I'm not sure which configuration file and section it should be placed in. On Tue, Aug 23, 2016 at 4:58 AM Sami Ketola wrote: > Hi, > > Looking at the source code it seems that the fqdn used in the lmtp > received headers is > fetched from environment variable DOVECOT_HOSTDOMAIN and if that is not > defined > gethostbyname() is used. > > You can try setting that prior launching dovecot. > > Sami > > > > On 19 Aug 2016, at 21:43, Scott W. Sander wrote: > > > > I have noticed that the name of my private server running dovecot appears > > in email headers rather than the public-friendly name of my server. > > > > Is there a method to specify an alternate server name for the dovecot > > server to use for itself in the dovecot configuration files? I > performed a > > few Google searches and was not able to find the answer to my question. > > > > ------- > > > > user at server1:~$ dovecot --version > > 2.2.9 > > user at server1:~$ dovecot -n > > # 2.2.9: /etc/dovecot/dovecot.conf > > # OS: Linux 3.16.0-77-generic x86_64 Ubuntu 14.04.4 LTS ext4 > > auth_mechanisms = plain login > > info_log_path = /var/log/dovecot.log > > log_path = /var/log/dovecot.log > > mail_location = maildir:/var/mail/vhosts/%d/%n > > namespace inbox { > > inbox = yes > > location = > > mailbox Drafts { > > special_use = \Drafts > > } > > mailbox Junk { > > special_use = \Junk > > } > > mailbox Sent { > > special_use = \Sent > > } > > mailbox "Sent Messages" { > > special_use = \Sent > > } > > mailbox Trash { > > special_use = \Trash > > } > > prefix = > > } > > passdb { > > args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users > > driver = passwd-file > > } > > protocols = " imap lmtp pop3" > > service auth { > > unix_listener /var/spool/postfix/private/auth { > > group = postfix > > mode = 0666 > > user = postfix > > } > > } > > service imap-login { > > inet_listener imaps { > > port = 993 > > ssl = yes > > } > > } > > service lmtp { > > unix_listener /var/spool/postfix/private/dovecot-lmtp { > > group = postfix > > mode = 0600 > > user = postfix > > } > > } > > service pop3-login { > > inet_listener pop3s { > > port = 995 > > ssl = yes > > } > > } > > ssl = required > > ssl_cert = > ssl_key = > userdb { > > args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n > > driver = static > > } > From kurt+dove at va1der.ca Tue Aug 23 20:42:12 2016 From: kurt+dove at va1der.ca (Kurt Fitzner) Date: Tue, 23 Aug 2016 17:42:12 -0300 Subject: Sub addressing delimiters Message-ID: <5e6fe5d039da2e423a351f69a71e4ce1@va1der.ca> Hello, There is a disconnect between the way Postfix handles recipient_delimiter and the way Dovecot handles it. For Postfix, it is a set of delimiters that can each individually be used to separate the address from the . In Dovecot, having multiple characters in recipient_delimiters simply makes it a multi-character single delimiter. For my purposes, the Postfix method is much more versatile. Extra delimiters can be added without breaking the way users currently have delimiters. I am wondering what the odds are of reconciling the two approaches, hopefully in favour of the Postfix one. Failing a switch to the other behaviour, is it possible to add the Postfix method as an option? Would a patch for either of these be accepted? Thanks, Kurt Fitzner From kamil.madac at gmail.com Tue Aug 23 21:02:56 2016 From: kamil.madac at gmail.com (Kamil Madac) Date: Tue, 23 Aug 2016 23:02:56 +0200 Subject: maildirsize not correct Message-ID: Hi, One of my email accounts has 1,5gb of emails in INBOX, but maildirsize shows only 528mb. 'du' also shows 1,5gb and there are 3809 files in cur directory. When I use mailbox status a can see correct values: doveadm -f table mailbox status -u user at domain.sk "messages vsize" INBOX* messages vsize INBOX 3809 1521049349 but when I check the quotas with doveadm: doveadm quota get -u user at domain.sk Quota name Type Value Limit % User quota STORAGE 541391 2048000 26 User quota MESSAGE 886 - 0 I tried to delete maildirsize, but it was recalculated again incorrectly. 2097152000S 554384829 886 Dovecot version is 2.2.9 installed from packages on Ubuntu 14.04 I have other accounts on server which are have no problems with maildirsize and quotas. Does anyone have same experience? Kamil From bill-dovecot at carpenter.org Tue Aug 23 22:02:43 2016 From: bill-dovecot at carpenter.org (WJCarpenter) Date: Tue, 23 Aug 2016 15:02:43 -0700 Subject: maildirsize not correct In-Reply-To: References: Message-ID: <57BCC803.7040709@carpenter.org> A long shot, but here's how I experienced similar symptoms: http://www.dovecot.org/list/dovecot/2016-April/104091.html Kamil Madac wrote on 08/23/2016 02:02 PM: > Hi, > > One of my email accounts has 1,5gb of emails in INBOX, but maildirsize > shows only 528mb. 'du' also shows 1,5gb and there are 3809 files in cur > directory. > > When I use mailbox status a can see correct values: > > doveadm -f table mailbox status -u user at domain.sk "messages vsize" INBOX* > messages > vsize > > INBOX 3809 1521049349 > > but when I check the quotas with doveadm: > > doveadm quota get -u user at domain.sk > Quota name Type Value > Limit > % > User quota STORAGE 541391 > 2048000 > 26 > User quota MESSAGE 886 > - > 0 > > I tried to delete maildirsize, but it was recalculated again incorrectly. > > 2097152000S > 554384829 886 > > Dovecot version is 2.2.9 installed from packages on Ubuntu 14.04 > I have other accounts on server which are have no problems with maildirsize > and quotas. Does anyone have same experience? > > Kamil From scottwsx96 at gmail.com Tue Aug 23 23:03:22 2016 From: scottwsx96 at gmail.com (Scott W. Sander) Date: Tue, 23 Aug 2016 23:03:22 +0000 Subject: Change dovecot hostname In-Reply-To: <148D76FB-4247-4BA9-AE43-9A3FB021726B@dovecot.fi> References: <148D76FB-4247-4BA9-AE43-9A3FB021726B@dovecot.fi> Message-ID: Well, I tried setting the following in /etc/environment and restarting the server: DOVECOT_HOSTDOMAIN="mail.domain.test" After doing so, I verified that the command "dovecot --hostdomain" returned "mail.domain.test" and not "appserver4.domain.com"; however, the email received header still shows: Received: from mail.domain.test by appserver4.domain.com (Dovecot) with LMTP id .... I also tried adding the following line to /etc/dovecot/conf.d/10-master.conf and restarting the dovecot service: hostname = mail.domain.test doveconf shows that "hostname = mail.domain.test", and now the received headers show: Received: from mail.domain.test by mail.domain.test (Dovecot) with LMTP id .... So it seems that "hostname" is a valid, respected Dovecot directive. --- Scott On Tue, Aug 23, 2016 at 4:58 AM Sami Ketola wrote: > Hi, > > Looking at the source code it seems that the fqdn used in the lmtp > received headers is > fetched from environment variable DOVECOT_HOSTDOMAIN and if that is not > defined > gethostbyname() is used. > > You can try setting that prior launching dovecot. > > Sami > > > > On 19 Aug 2016, at 21:43, Scott W. Sander wrote: > > > > I have noticed that the name of my private server running dovecot appears > > in email headers rather than the public-friendly name of my server. > > > > Is there a method to specify an alternate server name for the dovecot > > server to use for itself in the dovecot configuration files? I > performed a > > few Google searches and was not able to find the answer to my question. > > > > ------- > > > > user at server1:~$ dovecot --version > > 2.2.9 > > user at server1:~$ dovecot -n > > # 2.2.9: /etc/dovecot/dovecot.conf > > # OS: Linux 3.16.0-77-generic x86_64 Ubuntu 14.04.4 LTS ext4 > > auth_mechanisms = plain login > > info_log_path = /var/log/dovecot.log > > log_path = /var/log/dovecot.log > > mail_location = maildir:/var/mail/vhosts/%d/%n > > namespace inbox { > > inbox = yes > > location = > > mailbox Drafts { > > special_use = \Drafts > > } > > mailbox Junk { > > special_use = \Junk > > } > > mailbox Sent { > > special_use = \Sent > > } > > mailbox "Sent Messages" { > > special_use = \Sent > > } > > mailbox Trash { > > special_use = \Trash > > } > > prefix = > > } > > passdb { > > args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users > > driver = passwd-file > > } > > protocols = " imap lmtp pop3" > > service auth { > > unix_listener /var/spool/postfix/private/auth { > > group = postfix > > mode = 0666 > > user = postfix > > } > > } > > service imap-login { > > inet_listener imaps { > > port = 993 > > ssl = yes > > } > > } > > service lmtp { > > unix_listener /var/spool/postfix/private/dovecot-lmtp { > > group = postfix > > mode = 0600 > > user = postfix > > } > > } > > service pop3-login { > > inet_listener pop3s { > > port = 995 > > ssl = yes > > } > > } > > ssl = required > > ssl_cert = > ssl_key = > userdb { > > args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n > > driver = static > > } > From edgar at pettijohn-web.com Tue Aug 23 23:34:28 2016 From: edgar at pettijohn-web.com (Edgar Pettijohn) Date: Tue, 23 Aug 2016 18:34:28 -0500 Subject: Change dovecot hostname In-Reply-To: References: <148D76FB-4247-4BA9-AE43-9A3FB021726B@dovecot.fi> Message-ID: I'm chiming in kind of late, but what's in /etc/hostname? Sent from my iPhone > On Aug 23, 2016, at 6:03 PM, Scott W. Sander wrote: > > Well, I tried setting the following in /etc/environment and restarting the > server: > > DOVECOT_HOSTDOMAIN="mail.domain.test" > > After doing so, I verified that the command "dovecot --hostdomain" returned > "mail.domain.test" and not "appserver4.domain.com"; however, the email > received header still shows: > > Received: from mail.domain.test by appserver4.domain.com (Dovecot) with > LMTP id .... > > I also tried adding the following line to > /etc/dovecot/conf.d/10-master.conf and restarting the dovecot service: > > hostname = mail.domain.test > > doveconf shows that "hostname = mail.domain.test", and now the received > headers show: > > Received: from mail.domain.test by mail.domain.test (Dovecot) with LMTP id > .... > > So it seems that "hostname" is a valid, respected Dovecot directive. > > --- > Scott > > > >> On Tue, Aug 23, 2016 at 4:58 AM Sami Ketola wrote: >> >> Hi, >> >> Looking at the source code it seems that the fqdn used in the lmtp >> received headers is >> fetched from environment variable DOVECOT_HOSTDOMAIN and if that is not >> defined >> gethostbyname() is used. >> >> You can try setting that prior launching dovecot. >> >> Sami >> >> >>> On 19 Aug 2016, at 21:43, Scott W. Sander wrote: >>> >>> I have noticed that the name of my private server running dovecot appears >>> in email headers rather than the public-friendly name of my server. >>> >>> Is there a method to specify an alternate server name for the dovecot >>> server to use for itself in the dovecot configuration files? I >> performed a >>> few Google searches and was not able to find the answer to my question. >>> >>> ------- >>> >>> user at server1:~$ dovecot --version >>> 2.2.9 >>> user at server1:~$ dovecot -n >>> # 2.2.9: /etc/dovecot/dovecot.conf >>> # OS: Linux 3.16.0-77-generic x86_64 Ubuntu 14.04.4 LTS ext4 >>> auth_mechanisms = plain login >>> info_log_path = /var/log/dovecot.log >>> log_path = /var/log/dovecot.log >>> mail_location = maildir:/var/mail/vhosts/%d/%n >>> namespace inbox { >>> inbox = yes >>> location = >>> mailbox Drafts { >>> special_use = \Drafts >>> } >>> mailbox Junk { >>> special_use = \Junk >>> } >>> mailbox Sent { >>> special_use = \Sent >>> } >>> mailbox "Sent Messages" { >>> special_use = \Sent >>> } >>> mailbox Trash { >>> special_use = \Trash >>> } >>> prefix = >>> } >>> passdb { >>> args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users >>> driver = passwd-file >>> } >>> protocols = " imap lmtp pop3" >>> service auth { >>> unix_listener /var/spool/postfix/private/auth { >>> group = postfix >>> mode = 0666 >>> user = postfix >>> } >>> } >>> service imap-login { >>> inet_listener imaps { >>> port = 993 >>> ssl = yes >>> } >>> } >>> service lmtp { >>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>> group = postfix >>> mode = 0600 >>> user = postfix >>> } >>> } >>> service pop3-login { >>> inet_listener pop3s { >>> port = 995 >>> ssl = yes >>> } >>> } >>> ssl = required >>> ssl_cert = >> ssl_key = >> userdb { >>> args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n >>> driver = static >>> } >> From stephan at rename-it.nl Wed Aug 24 00:58:59 2016 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 24 Aug 2016 02:58:59 +0200 Subject: Sieve Script Replication Gliches (Report #2) In-Reply-To: <8e809d23-d5b5-a35b-31a7-13f3c3e49250@reub.net> References: <4ece61c7-5950-9231-7efe-cf2eb9e270b1@reub.net> <7bf64b2f-fb63-316c-fe92-98da90b1b8f5@rename-it.nl> <8e809d23-d5b5-a35b-31a7-13f3c3e49250@reub.net> Message-ID: <76071c04-b7af-be38-a7e6-6d167814f021@rename-it.nl> Op 8/1/2016 om 3:37 AM schreef Reuben Farrelly: > > > On 1/08/2016 10:01 AM, Stephan Bosch wrote: >> Op 7/31/2016 om 4:27 AM schreef Reuben Farrelly: >>> Hi, >>> >>> I've observed some odd behaviour with dsync replication between two >>> hosts, specifically to do with sieve script replication. > >>> Has anyone else experienced the replication problem? Are sieve >>> scripts actually replicating in live time for other 2.2.24/2.2.25 >>> users as well? For me I didn't notice this till I went looking so I >>> wonder if other people are experiencing this but just not aware of it >>> yet...? >> >> I will look at this more soon. >> >> Regards, >> >> Stephan. > > Some further information. > > On the primary host: > > thunderstorm home # ls -al */sieve/rules.sieve > -rw------- 1 user1 user1 3570 Jul 31 11:45 user1/sieve/rules.sieve > -rw------- 1 user2 user2 175 Mar 15 2014 user2/sieve/rules.sieve > -rw------- 1 user3 user3 725 Jul 31 09:32 user3/sieve/rules.sieve > -rw------- 1 user4 user4 0 Jan 1 1970 user4/sieve/rules.sieve > -rw------- 1 user5 user5 0 Jan 1 1970 user5/sieve/rules.sieve > -rw-r--r-- 1 user6 user6 3719 Jul 31 11:24 user6/sieve/rules.sieve > thunderstorm home # > > On the secondary host: > > lightning home # ls -al */sieve/rules.sieve > -rw------- 1 user1 user1 3570 Jan 1 1970 user1/sieve/rules.sieve > -rw------- 1 user2 user2 175 Mar 14 2014 user2/sieve/rules.sieve > -rw------- 1 user3 user3 725 Jul 31 07:32 user3/sieve/rules.sieve > -rw------- 1 user4 user4 0 Jan 1 1970 user4/sieve/rules.sieve > -rw-r--r-- 1 user5 user5 0 Jan 1 1970 user5/sieve/rules.sieve > -rw-r--r-- 1 user6 user6 3719 Jan 1 1970 user6/sieve/rules.sieve > lightning home # > > In other words, the rules did eventually get propagated across, and > based on the file sizes they are complete. > > But there is obviously something amiss with handling of dates (which > in turn may relate to how the system determines that the file on each > server is up to date or not, I guess). In this case the two systems > are in different timezones - the primary is GMT+10 and the secondary > GMT+8. > > Also the status of active users is not always replicated either. On > one host the output of 'doveadm sieve list -A' shows my own account as > ACTIVE but the other host shows all users - except for my account - as > being active, and the sieve script for my account is not being > replicated. This should fix the file timestamps getting set at unix time_t 0: https://github.com/dovecot/pigeonhole/commit/af91dd3f2d78da752292dce27f9e76d2c936868c I haven't been able to replicate the situation where this occurs though, since my current replication setup is very simple. I need to extend my replication setup to test this more thoroughly. So, please test this at your end first. Regards, Stephan. From bunkertor at tiscali.it Wed Aug 24 04:30:20 2016 From: bunkertor at tiscali.it (bunkertor) Date: Wed, 24 Aug 2016 07:30:20 +0300 Subject: =?utf-8?B?anVzdGUgcG91ciB2b3Vz?= Message-ID: <0000adc76f62$a8c93b64$308dc0e1$@tiscali.it> Salut, Regardez ce qu'ils ont pour vous, je suppose que cela vaut la peine de lire, plus d'infos ici bunkertor From sr42354 at gmail.com Wed Aug 24 06:43:38 2016 From: sr42354 at gmail.com (Sam) Date: Wed, 24 Aug 2016 08:43:38 +0200 Subject: virtual users, mailer daemon send mails to non existant recipient and dovecot store it In-Reply-To: <2050143555.2950.1471968531042@appsuite-dev.open-xchange.com> References: <2050143555.2950.1471968531042@appsuite-dev.open-xchange.com> Message-ID: <2d061c59-9caa-ee14-726d-26dcade22b4e@gmail.com> Hello Aki, here is the output: # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-327.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core) auth_debug = yes auth_master_user_separator = * auth_mechanisms = plain login mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/sieve.creds driver = passwd-file master = yes } plugin { quota = maildir quota_grace = 10%% quota_rule2 = Trash:storage=+100M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl = required ssl_cert = doveconf -n output From aki.tuomi at dovecot.fi Wed Aug 24 06:45:25 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 24 Aug 2016 09:45:25 +0300 Subject: virtual users, mailer daemon send mails to non existant recipient and dovecot store it In-Reply-To: <2d061c59-9caa-ee14-726d-26dcade22b4e@gmail.com> References: <2050143555.2950.1471968531042@appsuite-dev.open-xchange.com> <2d061c59-9caa-ee14-726d-26dcade22b4e@gmail.com> Message-ID: <67d6fd7d-5c34-0737-c59c-4f564ff41045@dovecot.fi> On 24.08.2016 09:43, Sam wrote: > Hello Aki, > here is the output: > > userdb { > args = uid=1001 gid=1001 home=/home/vmail/%Lu allow_all_users=yes > driver = static > } You basically accept all users here, this is why things get delivered. If you don't like this, change this to some other userdb, preferably same you are using for auth db. Aki From sr42354 at gmail.com Wed Aug 24 07:18:20 2016 From: sr42354 at gmail.com (Sam) Date: Wed, 24 Aug 2016 09:18:20 +0200 Subject: virtual users, mailer daemon send mails to non existant recipient and dovecot store it In-Reply-To: <67d6fd7d-5c34-0737-c59c-4f564ff41045@dovecot.fi> References: <2050143555.2950.1471968531042@appsuite-dev.open-xchange.com> <2d061c59-9caa-ee14-726d-26dcade22b4e@gmail.com> <67d6fd7d-5c34-0737-c59c-4f564ff41045@dovecot.fi> Message-ID: Does it works with pam? Can I set it like this : userdb { driver = pam args = uid=1001 gid=1001 home=/home/vmail/%Lu allow_all_users=no } Thanks Aki Le 24/08/2016 ? 08:45, Aki Tuomi a ?crit : > > On 24.08.2016 09:43, Sam wrote: >> Hello Aki, >> here is the output: >> >> userdb { >> args = uid=1001 gid=1001 home=/home/vmail/%Lu allow_all_users=yes >> driver = static >> } > You basically accept all users here, this is why things get delivered. > If you don't like this, change this to some other userdb, preferably > same you are using for auth db. > > Aki From aki.tuomi at dovecot.fi Wed Aug 24 07:29:34 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 24 Aug 2016 10:29:34 +0300 Subject: virtual users, mailer daemon send mails to non existant recipient and dovecot store it In-Reply-To: References: <2050143555.2950.1471968531042@appsuite-dev.open-xchange.com> <2d061c59-9caa-ee14-726d-26dcade22b4e@gmail.com> <67d6fd7d-5c34-0737-c59c-4f564ff41045@dovecot.fi> Message-ID: <86edd784-fc33-d38a-d3d5-66c550ebf5e7@dovecot.fi> You can just remove the allow_all_users setting. Aki On 24.08.2016 10:18, Sam wrote: > Does it works with pam? Can I set it like this : > > userdb { > driver = pam > args = uid=1001 gid=1001 home=/home/vmail/%Lu allow_all_users=no > } > > Thanks Aki > > Le 24/08/2016 ? 08:45, Aki Tuomi a ?crit : >> >> On 24.08.2016 09:43, Sam wrote: >>> Hello Aki, >>> here is the output: >>> >>> userdb { >>> args = uid=1001 gid=1001 home=/home/vmail/%Lu allow_all_users=yes >>> driver = static >>> } >> You basically accept all users here, this is why things get delivered. >> If you don't like this, change this to some other userdb, preferably >> same you are using for auth db. >> >> Aki From sr42354 at gmail.com Wed Aug 24 07:33:07 2016 From: sr42354 at gmail.com (Sam) Date: Wed, 24 Aug 2016 09:33:07 +0200 Subject: virtual users, mailer daemon send mails to non existant recipient and dovecot store it In-Reply-To: <20160823180745.GB20482@coach.home> References: <20160823180745.GB20482@coach.home> Message-ID: <057355cb-6129-6a7f-3b98-3ac778cb61f8@gmail.com> Hello Sean, You're right, I going to switch off the return message too. Thanks! Samuel Le 23/08/2016 ? 20:07, Sean Greenslade a ?crit : > On Tue, Aug 23, 2016 at 05:57:37PM +0200, Sam wrote: >> Hello, >> >> Sometime when we receive a spam or virus that is detected as it, mailer >> daemon send a reply to the sender to inform that the message is a spam or >> content viruses. > You probably shouldn't do this. The vast majority of spam / virus emails > are sent from compromised machines / botnets, use fake return paths, and > either don't monitor replies, or just use replies to verify that the > email address is valid and send more spam to it. Or worse, it can turn > your server into a spamming machine if the return addresses are set to > other people's email addresses. > > There are several valid ways of handling spam, depending on how your > mail architecture works. One is to reject incoming spam messages at the > receiving mailserver. The downside is that this leaks information to the > spammers about what spam methods actually get through or not. > > Another method is to accept all incoming messages, then sort / > quarantine / blackhole any spam. The downside is that this makes your > server seem more accepting, which may attract more spam. > > I personally take the second approach, though which is better will > definitely depend on how your specific system works. > > If you're really dead set on having some sort of auto reply, at the very > least make it only reply to senders that have historically sent good > messages (e.g. some sort of whitelist). > > --Sean > From aki.tuomi at dovecot.fi Wed Aug 24 07:33:47 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 24 Aug 2016 10:33:47 +0300 Subject: virtual users, mailer daemon send mails to non existant recipient and dovecot store it In-Reply-To: <86edd784-fc33-d38a-d3d5-66c550ebf5e7@dovecot.fi> References: <2050143555.2950.1471968531042@appsuite-dev.open-xchange.com> <2d061c59-9caa-ee14-726d-26dcade22b4e@gmail.com> <67d6fd7d-5c34-0737-c59c-4f564ff41045@dovecot.fi> <86edd784-fc33-d38a-d3d5-66c550ebf5e7@dovecot.fi> Message-ID: <93f8155c-8dc3-c45f-aec4-39a396ee2dcd@dovecot.fi> You can remove the setting even when using static userdb, this will cause dovecot to perform passdb lookup to verify user. Aki On 24.08.2016 10:29, Aki Tuomi wrote: > You can just remove the allow_all_users setting. > > Aki > > > On 24.08.2016 10:18, Sam wrote: >> Does it works with pam? Can I set it like this : >> >> userdb { >> driver = pam >> args = uid=1001 gid=1001 home=/home/vmail/%Lu allow_all_users=no >> } >> >> Thanks Aki >> >> Le 24/08/2016 ? 08:45, Aki Tuomi a ?crit : >>> On 24.08.2016 09:43, Sam wrote: >>>> Hello Aki, >>>> here is the output: >>>> >>>> userdb { >>>> args = uid=1001 gid=1001 home=/home/vmail/%Lu allow_all_users=yes >>>> driver = static >>>> } >>> You basically accept all users here, this is why things get delivered. >>> If you don't like this, change this to some other userdb, preferably >>> same you are using for auth db. >>> >>> Aki From cleber-listas at inetweb.com.br Tue Aug 23 12:00:59 2016 From: cleber-listas at inetweb.com.br (cleber-listas at inetweb.com.br) Date: Tue, 23 Aug 2016 09:00:59 -0300 Subject: Possible IMAP IDLE bug in Dovecot 2.2.18 and 2.2.25 Message-ID: Hello Guys, I guess that I found a bug in Dovecot 2.2.18 and 2.2.25 versions. The problem it's when I try to connect in a Dovecot used a proxy to another e-mail server (in our case it's a Smartermail Server) the DoveCot send a lot of IDLE commands to the destination server. With that, the LOG files grow and grow and grow :( I make a test with 1 connection only and if you see the log file in the same second the dovecot send 25, 40 IDLE commands. But, when I disconnect the client (outlook 2013) the dovecot continue to send the IDLE command for some seconds. If I try to connect directly to Smartermail with Outlook this don't occurrs. Bellow the LOG FILE: 16:08:08 [192.168.202.11][21425199] connected at 22/08/2016 16:08:08 16:08:08 [192.168.202.11][21425199] command: C CAPABILITY 16:08:09 [192.168.202.11][21425199] command: L LOGIN "cleber at testdomain.com.br" XXXX 16:08:09 [192.168.202.11][21425199] cleber at testdomain.com.br logged in 16:08:09 [192.168.202.11][21425199] command: 36mc IDLE 16:08:09 [192.168.202.11][21425199] command: 2x04 ID ("name" "Microsoft Outlook" "version" "15.0.4849.1000") 16:08:09 [192.168.202.11][21425199] response: 2x04 BAD Command does not exist or is not implemented 16:08:09 [192.168.202.11][21425199] command: g4zp LSUB "" "*" 16:08:09 [192.168.202.11][21425199] command: pv81 IDLE 16:08:09 [192.168.202.11][21425199] command: 2it1 SELECT "INBOX" 16:08:09 [192.168.202.11][21425199] response: * 912 EXISTS 16:08:09 [192.168.202.11][21425199] response: * 0 RECENT 16:08:09 [192.168.202.11][21425199] response: * OK [UNSEEN 904] Message 904 is first unseen 16:08:09 [192.168.202.11][21425199] response: * OK [UIDVALIDITY 1] UIDs valid 16:08:09 [192.168.202.11][21425199] response: * OK [UIDNEXT 26830] Predicted next UID 16:08:09 [192.168.202.11][21425199] response: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) 16:08:09 [192.168.202.11][21425199] response: * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft)] 16:08:09 [192.168.202.11][21425199] response: 2it1 OK [READ-WRITE] SELECT completed 16:08:09 [192.168.202.11][21425199] command: a6tj IDLE 16:08:09 [192.168.202.11][21425199] command: bn09 FETCH 912 (UID) 16:08:09 [192.168.202.11][21425199] command: 78b6 IDLE 16:08:09 [192.168.202.11][21425199] command: q13w UID FETCH 1:26829 (UID FLAGS) 16:08:09 [192.168.202.11][21425199] command: p02s IDLE 16:08:09 [192.168.202.11][21425199] command: 9de9 IDLE 16:08:09 [192.168.202.11][21425199] command: xjyf IDLE 16:08:09 [192.168.202.11][21425199] command: holb IDLE 16:08:09 [192.168.202.11][21425199] command: sfbq IDLE 16:08:09 [192.168.202.11][21425199] command: tuvb IDLE 16:08:09 [192.168.202.11][21425199] command: hv13 IDLE 16:08:09 [192.168.202.11][21425199] command: ctgw IDLE 16:08:09 [192.168.202.11][21425199] command: s00g IDLE 16:08:09 [192.168.202.11][21425199] command: 9zx1 IDLE 16:08:09 [192.168.202.11][21425199] command: dtu2 IDLE 16:08:09 [192.168.202.11][21425199] command: 1brp IDLE 16:08:09 [192.168.202.11][21425199] command: vhds IDLE 16:08:09 [192.168.202.11][21425199] command: cp9s IDLE 16:08:09 [192.168.202.11][21425199] command: hx1b IDLE 16:08:09 [192.168.202.11][21425199] command: 6thy IDLE 16:08:09 [192.168.202.11][21425199] command: 4ert IDLE 16:08:09 [192.168.202.11][21425199] command: cy32 IDLE 16:08:09 [192.168.202.11][21425199] command: z7ku IDLE 16:08:09 [192.168.202.11][21425199] command: xeqd IDLE 16:08:09 [192.168.202.11][21425199] command: gqis IDLE 16:08:09 [192.168.202.11][21425199] command: bdz2 IDLE 16:08:09 [192.168.202.11][21425199] command: zzyq IDLE 16:08:09 [192.168.202.11][21425199] command: 41do IDLE 16:08:09 [192.168.202.11][21425199] command: 7k73 IDLE 16:08:10 [192.168.202.11][21425199] command: 5989 IDLE 16:08:10 [192.168.202.11][21425199] command: lyt4 IDLE 16:08:10 [192.168.202.11][21425199] command: 8ji4 IDLE 16:08:10 [192.168.202.11][21425199] command: pt5b IDLE 16:08:10 [192.168.202.11][21425199] command: ha2s IDLE 16:08:10 [192.168.202.11][21425199] command: ay0x IDLE 16:08:10 [192.168.202.11][21425199] command: t66x IDLE 16:08:10 [192.168.202.11][21425199] command: pf4j IDLE 16:08:10 [192.168.202.11][21425199] command: 2q5x IDLE 16:08:10 [192.168.202.11][21425199] command: wdup IDLE 16:08:10 [192.168.202.11][21425199] command: ii7b IDLE 16:08:10 [192.168.202.11][21425199] command: 2g4k IDLE 16:08:10 [192.168.202.11][21425199] command: lxxg IDLE 16:08:10 [192.168.202.11][21425199] command: vilu IDLE 16:08:10 [192.168.202.11][21425199] command: ms05 IDLE 16:08:10 [192.168.202.11][21425199] command: 8ugb IDLE 16:08:10 [192.168.202.11][21425199] command: 1vfo IDLE 16:08:10 [192.168.202.11][21425199] command: s78s IDLE 16:08:10 [192.168.202.11][21425199] command: 7h2k IDLE 16:08:10 [192.168.202.11][21425199] command: 0het IDLE 16:08:10 [192.168.202.11][21425199] command: rgj7 IDLE 16:08:10 [192.168.202.11][21425199] command: myx3 IDLE 16:08:10 [192.168.202.11][21425199] command: oi5h IDLE 16:08:10 [192.168.202.11][21425199] command: p4mr IDLE 16:08:10 [192.168.202.11][21425199] command: z0dn IDLE 16:08:10 [192.168.202.11][21425199] command: ivj4 IDLE 16:08:10 [192.168.202.11][21425199] command: vxt4 IDLE 16:08:10 [192.168.202.11][21425199] command: mj9c IDLE 16:08:10 [192.168.202.11][21425199] command: 0cf3 IDLE 16:08:10 [192.168.202.11][21425199] command: u215 IDLE 16:08:10 [192.168.202.11][21425199] command: czw6 IDLE 16:08:10 [192.168.202.11][21425199] command: t3nw IDLE 16:08:10 [192.168.202.11][21425199] command: ixmt IDLE 16:08:10 [192.168.202.11][21425199] command: o3qi IDLE 16:08:10 [192.168.202.11][21425199] command: ca1l IDLE 16:08:10 [192.168.202.11][21425199] command: 3r67 IDLE 16:08:10 [192.168.202.11][21425199] command: 8rmq IDLE 16:08:10 [192.168.202.11][21425199] command: yi76 IDLE 16:08:10 [192.168.202.11][21425199] command: 7doe IDLE 16:08:10 [192.168.202.11][21425199] command: 1xzf IDLE 16:08:10 [192.168.202.11][21425199] command: y78i IDLE 16:08:10 [192.168.202.11][21425199] command: 7g2f IDLE 16:08:10 [192.168.202.11][21425199] command: vmvn IDLE 16:08:10 [192.168.202.11][21425199] command: m9z5 IDLE 16:08:10 [192.168.202.11][21425199] command: cq7q IDLE 16:08:11 [192.168.202.11][21425199] command: 3c54 IDLE 16:08:11 [192.168.202.11][21425199] command: otih IDLE 16:08:11 [192.168.202.11][21425199] command: uuhy IDLE 16:08:11 [192.168.202.11][21425199] command: 7dya IDLE 16:08:11 [192.168.202.11][21425199] command: i2rb IDLE 16:08:11 [192.168.202.11][21425199] command: 13kl IDLE 16:08:11 [192.168.202.11][21425199] command: mbxe IDLE 16:08:11 [192.168.202.11][21425199] command: 0oz5 IDLE 16:08:11 [192.168.202.11][21425199] command: ymn7 IDLE 16:08:11 [192.168.202.11][21425199] command: vavf IDLE 16:08:11 [192.168.202.11][21425199] command: 3vdh IDLE 16:08:11 [192.168.202.11][21425199] command: rnci IDLE 16:08:11 [192.168.202.11][21425199] command: n3gu IDLE 16:08:11 [192.168.202.11][21425199] command: gu0f IDLE 16:08:11 [192.168.202.11][21425199] command: gewp IDLE 16:08:11 [192.168.202.11][21425199] command: vu84 IDLE 16:08:11 [192.168.202.11][21425199] command: d1rz IDLE 16:08:11 [192.168.202.11][21425199] command: 7nz9 IDLE 16:08:11 [192.168.202.11][21425199] command: trs9 IDLE 16:08:11 [192.168.202.11][21425199] command: yqlo IDLE 16:08:11 [192.168.202.11][21425199] command: 2jtj IDLE 16:08:11 [192.168.202.11][21425199] command: 085e IDLE 16:08:11 [192.168.202.11][21425199] command: 2jyw IDLE 16:08:11 [192.168.202.11][21425199] command: ycwo IDLE 16:08:11 [192.168.202.11][21425199] command: iemo IDLE 16:08:11 [192.168.202.11][21425199] command: eien IDLE 16:08:11 [192.168.202.11][21425199] command: lxi2 IDLE 16:08:11 [192.168.202.11][21425199] command: uhug IDLE 16:08:11 [192.168.202.11][21425199] command: jabp IDLE 16:08:11 [192.168.202.11][21425199] command: v1hf IDLE 16:08:11 [192.168.202.11][21425199] command: s0pp IDLE 16:08:11 [192.168.202.11][21425199] command: i4qi IDLE 16:08:11 [192.168.202.11][21425199] command: bc7b IDLE 16:08:11 [192.168.202.11][21425199] command: 6kxh IDLE 16:08:11 [192.168.202.11][21425199] command: bd0a IDLE 16:08:11 [192.168.202.11][21425199] command: i578 IDLE 16:08:11 [192.168.202.11][21425199] command: 4fb8 IDLE 16:08:11 [192.168.202.11][21425199] command: y259 IDLE 16:08:11 [192.168.202.11][21425199] command: tftj IDLE 16:08:11 [192.168.202.11][21425199] command: vm65 IDLE 16:08:11 [192.168.202.11][21425199] command: 2seb IDLE 16:08:11 [192.168.202.11][21425199] command: 2tu4 IDLE 16:08:11 [192.168.202.11][21425199] command: 7fq3 IDLE 16:08:11 [192.168.202.11][21425199] command: nydu IDLE 16:08:11 [192.168.202.11][21425199] command: 5na0 IDLE 16:08:12 [192.168.202.11][21425199] command: yqr4 IDLE 16:08:12 [192.168.202.11][21425199] command: lmd5 IDLE 16:08:12 [192.168.202.11][21425199] command: d4ir IDLE 16:08:12 [192.168.202.11][21425199] command: prma IDLE 16:08:12 [192.168.202.11][21425199] command: g53z IDLE 16:08:12 [192.168.202.11][21425199] command: 8isn IDLE 16:08:12 [192.168.202.11][21425199] command: x5l9 IDLE 16:08:12 [192.168.202.11][21425199] command: mb99 IDLE 16:08:12 [192.168.202.11][21425199] command: 3az0 IDLE 16:08:12 [192.168.202.11][21425199] command: nfpf IDLE 16:08:12 [192.168.202.11][21425199] command: 4roj IDLE 16:08:12 [192.168.202.11][21425199] command: fzcr IDLE 16:08:12 [192.168.202.11][21425199] command: nzgu IDLE 16:08:12 [192.168.202.11][21425199] command: ta6y IDLE 16:08:12 [192.168.202.11][21425199] command: 3ig2 IDLE 16:08:12 [192.168.202.11][21425199] command: 7kgp IDLE 16:08:12 [192.168.202.11][21425199] command: lri1 IDLE 16:08:12 [192.168.202.11][21425199] command: 2isc IDLE 16:08:12 [192.168.202.11][21425199] command: l5mz IDLE 16:08:12 [192.168.202.11][21425199] command: 37j4 IDLE 16:08:12 [192.168.202.11][21425199] command: k4cq IDLE 16:08:12 [192.168.202.11][21425199] command: ye7w IDLE 16:08:12 [192.168.202.11][21425199] command: 0uck IDLE 16:08:12 [192.168.202.11][21425199] command: 0oyd IDLE 16:08:12 [192.168.202.11][21425199] command: 2cbj IDLE 16:08:12 [192.168.202.11][21425199] command: 1pj6 IDLE 16:08:12 [192.168.202.11][21425199] command: nkji IDLE 16:08:12 [192.168.202.11][21425199] command: 1c2o IDLE 16:08:12 [192.168.202.11][21425199] command: b0k8 IDLE 16:08:12 [192.168.202.11][21425199] command: qaeh IDLE 16:08:12 [192.168.202.11][21425199] command: diex IDLE 16:08:12 [192.168.202.11][21425199] command: f6nh IDLE 16:08:12 [192.168.202.11][21425199] command: 6lkk IDLE 16:08:12 [192.168.202.11][21425199] command: 3jep IDLE 16:08:12 [192.168.202.11][21425199] command: vsev IDLE 16:08:12 [192.168.202.11][21425199] command: r79z IDLE 16:08:12 [192.168.202.11][21425199] command: 0bhv IDLE 16:08:12 [192.168.202.11][21425199] command: ow86 IDLE 16:08:12 [192.168.202.11][21425199] command: qnwo IDLE 16:08:12 [192.168.202.11][21425199] command: egss IDLE 16:08:12 [192.168.202.11][21425199] command: t36m IDLE 16:08:12 [192.168.202.11][21425199] command: cj9l IDLE 16:08:12 [192.168.202.11][21425199] command: abfg IDLE 16:08:12 [192.168.202.11][21425199] command: unln IDLE 16:08:12 [192.168.202.11][21425199] command: x217 IDLE 16:08:12 [192.168.202.11][21425199] command: l9br IDLE 16:08:12 [192.168.202.11][21425199] command: 5moj IDLE 16:08:12 [192.168.202.11][21425199] command: e6al IDLE 16:08:12 [192.168.202.11][21425199] command: r7n7 IDLE 16:08:13 [192.168.202.11][21425199] command: tn7m IDLE 16:08:13 [192.168.202.11][21425199] command: 6ljm IDLE 16:08:13 [192.168.202.11][21425199] command: g6ub IDLE 16:08:13 [192.168.202.11][21425199] command: xers IDLE 16:08:13 [192.168.202.11][21425199] command: 2vjl IDLE 16:08:13 [192.168.202.11][21425199] command: wn21 IDLE 16:08:13 [192.168.202.11][21425199] command: lvpe IDLE 16:08:13 [192.168.202.11][21425199] command: nx7v IDLE 16:08:13 [192.168.202.11][21425199] command: an9d IDLE 16:08:13 [192.168.202.11][21425199] command: bno6 IDLE 16:08:13 [192.168.202.11][21425199] command: y1ui IDLE 16:08:13 [192.168.202.11][21425199] command: i3pw IDLE 16:08:13 [192.168.202.11][21425199] command: ixg4 IDLE 16:08:13 [192.168.202.11][21425199] command: phsg IDLE 16:08:13 [192.168.202.11][21425199] command: g8nn IDLE 16:08:13 [192.168.202.11][21425199] command: 3rn6 IDLE 16:08:13 [192.168.202.11][21425199] command: 85iv IDLE 16:08:13 [192.168.202.11][21425199] command: o8cu IDLE 16:08:13 [192.168.202.11][21425199] command: x3uh IDLE 16:08:13 [192.168.202.11][21425199] command: jlsf IDLE 16:08:13 [192.168.202.11][21425199] command: 4brr IDLE 16:08:13 [192.168.202.11][21425199] command: tsyx IDLE 16:08:13 [192.168.202.11][21425199] command: p71l IDLE 16:08:13 [192.168.202.11][21425199] command: lk79 IDLE 16:08:13 [192.168.202.11][21425199] command: f97g IDLE 16:08:13 [192.168.202.11][21425199] command: 8svd IDLE 16:08:13 [192.168.202.11][21425199] command: 08d3 IDLE 16:08:13 [192.168.202.11][21425199] command: i1ba IDLE 16:08:13 [192.168.202.11][21425199] command: dari IDLE 16:08:13 [192.168.202.11][21425199] command: l9uj IDLE 16:08:13 [192.168.202.11][21425199] command: 4ei0 IDLE 16:08:13 [192.168.202.11][21425199] command: nrgl IDLE 16:08:13 [192.168.202.11][21425199] command: oel6 IDLE 16:08:13 [192.168.202.11][21425199] command: 5xvd IDLE 16:08:13 [192.168.202.11][21425199] command: 2lx9 IDLE 16:08:13 [192.168.202.11][21425199] command: swiv IDLE 16:08:13 [192.168.202.11][21425199] command: p7jj IDLE 16:08:13 [192.168.202.11][21425199] command: tgpw IDLE 16:08:13 [192.168.202.11][21425199] command: trsd IDLE 16:08:13 [192.168.202.11][21425199] command: pccw IDLE 16:08:14 [192.168.202.11][21425199] command: rdhw IDLE 16:08:14 [192.168.202.11][21425199] command: 2rig IDLE 16:08:14 [192.168.202.11][21425199] command: vit6 IDLE 16:08:14 [192.168.202.11][21425199] command: yv2g IDLE 16:08:14 [192.168.202.11][21425199] command: oxe1 IDLE 16:08:14 [192.168.202.11][21425199] command: q5ty IDLE 16:08:14 [192.168.202.11][21425199] command: 0jmr IDLE 16:08:14 [192.168.202.11][21425199] command: 95qq IDLE 16:08:14 [192.168.202.11][21425199] command: h5vd IDLE 16:08:14 [192.168.202.11][21425199] command: n24j IDLE 16:08:14 [192.168.202.11][21425199] command: dapo IDLE 16:08:14 [192.168.202.11][21425199] command: 6fm1 IDLE 16:08:14 [192.168.202.11][21425199] command: 5901 IDLE 16:08:14 [192.168.202.11][21425199] command: i6mt IDLE 16:08:14 [192.168.202.11][21425199] command: 5ch4 IDLE 16:08:14 [192.168.202.11][21425199] command: y8ke IDLE 16:08:14 [192.168.202.11][21425199] command: gef5 IDLE 16:08:14 [192.168.202.11][21425199] command: va4d IDLE 16:08:14 [192.168.202.11][21425199] command: k7me IDLE 16:08:14 [192.168.202.11][21425199] command: btre IDLE 16:08:14 [192.168.202.11][21425199] command: ajdc IDLE 16:08:14 [192.168.202.11][21425199] command: avxy IDLE 16:08:14 [192.168.202.11][21425199] command: 60n3 IDLE 16:08:14 [192.168.202.11][21425199] command: m4ym IDLE 16:08:14 [192.168.202.11][21425199] command: f764 IDLE 16:08:14 [192.168.202.11][21425199] command: 00ag IDLE 16:08:14 [192.168.202.11][21425199] command: mv6y IDLE 16:08:14 [192.168.202.11][21425199] command: nf39 IDLE 16:08:14 [192.168.202.11][21425199] command: o0pk IDLE 16:08:14 [192.168.202.11][21425199] command: tw5i IDLE 16:08:14 [192.168.202.11][21425199] command: vdkq IDLE 16:08:14 [192.168.202.11][21425199] command: i3af IDLE 16:08:14 [192.168.202.11][21425199] command: qsmq IDLE 16:08:14 [192.168.202.11][21425199] command: l7gs IDLE 16:08:14 [192.168.202.11][21425199] command: wlyv IDLE 16:08:14 [192.168.202.11][21425199] command: hrl6 IDLE 16:08:14 [192.168.202.11][21425199] command: 6o3m IDLE 16:08:14 [192.168.202.11][21425199] command: d62f IDLE 16:08:14 [192.168.202.11][21425199] command: ztx1 IDLE 16:08:14 [192.168.202.11][21425199] command: ejoq IDLE 16:08:14 [192.168.202.11][21425199] command: jo8n IDLE 16:08:15 [192.168.202.11][21425199] command: 898c IDLE 16:08:15 [192.168.202.11][21425199] command: uo5n IDLE 16:08:15 [192.168.202.11][21425199] command: ljkw IDLE 16:08:15 [192.168.202.11][21425199] command: fqwe IDLE 16:08:15 [192.168.202.11][21425199] command: z2r4 IDLE 16:08:15 [192.168.202.11][21425199] command: v1k3 IDLE 16:08:15 [192.168.202.11][21425199] command: 9ruc IDLE 16:08:15 [192.168.202.11][21425199] command: humj IDLE 16:08:15 [192.168.202.11][21425199] command: wmy6 IDLE 16:08:15 [192.168.202.11][21425199] command: 2r60 IDLE 16:08:15 [192.168.202.11][21425199] command: a66w IDLE 16:08:15 [192.168.202.11][21425199] command: 3sn5 IDLE 16:08:15 [192.168.202.11][21425199] command: o4j4 IDLE 16:08:15 [192.168.202.11][21425199] command: 4j68 IDLE 16:08:15 [192.168.202.11][21425199] command: 7e0z IDLE 16:08:15 [192.168.202.11][21425199] command: ts0o IDLE 16:08:15 [192.168.202.11][21425199] command: k62v IDLE 16:08:15 [192.168.202.11][21425199] command: 9u3v IDLE 16:08:15 [192.168.202.11][21425199] command: 1vo5 IDLE 16:08:15 [192.168.202.11][21425199] command: un6t IDLE 16:08:15 [192.168.202.11][21425199] command: v74a IDLE 16:08:15 [192.168.202.11][21425199] command: zqk5 IDLE 16:08:15 [192.168.202.11][21425199] command: 7v00 IDLE 16:08:15 [192.168.202.11][21425199] command: d6yk IDLE 16:08:15 [192.168.202.11][21425199] command: mtc3 IDLE 16:08:15 [192.168.202.11][21425199] command: fu9l IDLE 16:08:15 [192.168.202.11][21425199] command: bbzw IDLE 16:08:15 [192.168.202.11][21425199] command: zwms IDLE 16:08:15 [192.168.202.11][21425199] command: vw1a IDLE 16:08:15 [192.168.202.11][21425199] command: buw0 IDLE 16:08:15 [192.168.202.11][21425199] command: ogzd IDLE 16:08:15 [192.168.202.11][21425199] command: 4481 IDLE 16:08:15 [192.168.202.11][21425199] command: pvdz IDLE 16:08:15 [192.168.202.11][21425199] command: 112d IDLE 16:08:15 [192.168.202.11][21425199] command: ah3f IDLE 16:08:15 [192.168.202.11][21425199] command: pmj9 IDLE 16:08:15 [192.168.202.11][21425199] command: ljzk IDLE 16:08:15 [192.168.202.11][21425199] command: dbuv IDLE 16:08:15 [192.168.202.11][21425199] command: gb84 IDLE 16:08:15 [192.168.202.11][21425199] command: sb7b IDLE 16:08:15 [192.168.202.11][21425199] command: iml4 IDLE 16:08:15 [192.168.202.11][21425199] command: wek0 IDLE 16:08:15 [192.168.202.11][21425199] command: ovhh IDLE 16:08:15 [192.168.202.11][21425199] command: 39bq IDLE 16:08:15 [192.168.202.11][21425199] command: tu31 IDLE 16:08:15 [192.168.202.11][21425199] command: wok3 IDLE 16:08:15 [192.168.202.11][21425199] command: p2ez IDLE 16:08:15 [192.168.202.11][21425199] command: argr IDLE 16:08:15 [192.168.202.11][21425199] command: q9dq IDLE 16:08:15 [192.168.202.11][21425199] command: ea8l IDLE 16:08:15 [192.168.202.11][21425199] command: nfnd IDLE 16:08:15 [192.168.202.11][21425199] command: sc4z IDLE 16:08:15 [192.168.202.11][21425199] command: 5bpf IDLE 16:08:15 [192.168.202.11][21425199] command: j8k8 IDLE 16:08:15 [192.168.202.11][21425199] command: brs0 IDLE 16:08:15 [192.168.202.11][21425199] command: rjvj IDLE 16:08:16 [192.168.202.11][21425199] command: nmj0 IDLE 16:08:16 [192.168.202.11][21425199] command: x7uv IDLE 16:08:16 [192.168.202.11][21425199] command: s0cq IDLE 16:08:16 [192.168.202.11][21425199] command: xi5v IDLE 16:08:16 [192.168.202.11][21425199] command: j3vg IDLE 16:08:16 [192.168.202.11][21425199] command: xxtr IDLE 16:08:16 [192.168.202.11][21425199] command: czhg IDLE 16:08:16 [192.168.202.11][21425199] command: qhu0 IDLE 16:08:16 [192.168.202.11][21425199] command: 4kue IDLE 16:08:16 [192.168.202.11][21425199] command: yydo IDLE 16:08:16 [192.168.202.11][21425199] command: jt93 IDLE 16:08:16 [192.168.202.11][21425199] command: sibh IDLE 16:08:16 [192.168.202.11][21425199] command: u7n7 IDLE 16:08:16 [192.168.202.11][21425199] command: 58wp IDLE 16:08:16 [192.168.202.11][21425199] command: 4s1d IDLE 16:08:16 [192.168.202.11][21425199] command: 87a4 IDLE 16:08:16 [192.168.202.11][21425199] command: lol8 IDLE 16:08:16 [192.168.202.11][21425199] command: 5h58 IDLE 16:08:16 [192.168.202.11][21425199] command: v7dy IDLE 16:08:16 [192.168.202.11][21425199] command: nsh7 IDLE 16:08:16 [192.168.202.11][21425199] command: dzp1 IDLE 16:08:16 [192.168.202.11][21425199] command: xj4s IDLE 16:08:16 [192.168.202.11][21425199] command: 0ws3 IDLE 16:08:16 [192.168.202.11][21425199] command: t6n2 IDLE 16:08:16 [192.168.202.11][21425199] command: o3ol IDLE 16:08:16 [192.168.202.11][21425199] command: t4rw IDLE 16:08:16 [192.168.202.11][21425199] command: mgvo IDLE 16:08:16 [192.168.202.11][21425199] command: 5rse IDLE 16:08:16 [192.168.202.11][21425199] command: 7fdj IDLE 16:08:16 [192.168.202.11][21425199] command: 7s6h IDLE 16:08:16 [192.168.202.11][21425199] command: mlfb IDLE 16:08:16 [192.168.202.11][21425199] command: 06hh IDLE 16:08:16 [192.168.202.11][21425199] command: 32ni IDLE 16:08:16 [192.168.202.11][21425199] command: cslk IDLE 16:08:16 [192.168.202.11][21425199] command: aml4 IDLE 16:08:16 [192.168.202.11][21425199] command: rle9 IDLE 16:08:16 [192.168.202.11][21425199] command: dg6a IDLE 16:08:16 [192.168.202.11][21425199] command: 20hl IDLE 16:08:16 [192.168.202.11][21425199] command: f3pc IDLE 16:08:16 [192.168.202.11][21425199] command: 8f6a IDLE 16:08:17 [192.168.202.11][21425199] command: reav IDLE 16:08:17 [192.168.202.11][21425199] command: 3qpc IDLE 16:08:17 [192.168.202.11][21425199] command: 5utk IDLE 16:08:17 [192.168.202.11][21425199] command: ldjq IDLE 16:08:17 [192.168.202.11][21425199] command: sbhb IDLE 16:08:17 [192.168.202.11][21425199] command: ire7 IDLE 16:08:17 [192.168.202.11][21425199] command: o2n7 IDLE 16:08:17 [192.168.202.11][21425199] command: t9n7 IDLE 16:08:17 [192.168.202.11][21425199] command: cags IDLE 16:08:17 [192.168.202.11][21425199] command: tx43 IDLE 16:08:17 [192.168.202.11][21425199] command: 87o5 IDLE 16:08:17 [192.168.202.11][21425199] command: zjfx IDLE 16:08:17 [192.168.202.11][21425199] command: 7url IDLE 16:08:17 [192.168.202.11][21425199] command: 58ky IDLE 16:08:17 [192.168.202.11][21425199] command: zgr9 IDLE 16:08:17 [192.168.202.11][21425199] command: 6nif IDLE 16:08:17 [192.168.202.11][21425199] command: 07jo IDLE 16:08:17 [192.168.202.11][21425199] command: 3scq IDLE 16:08:17 [192.168.202.11][21425199] command: 1j7j IDLE 16:08:17 [192.168.202.11][21425199] command: l0b2 IDLE 16:08:17 [192.168.202.11][21425199] command: p7qy IDLE 16:08:17 [192.168.202.11][21425199] command: qms1 IDLE 16:08:17 [192.168.202.11][21425199] command: sln8 IDLE 16:08:17 [192.168.202.11][21425199] command: x07c IDLE 16:08:17 [192.168.202.11][21425199] command: jand IDLE 16:08:17 [192.168.202.11][21425199] command: iicp IDLE 16:08:17 [192.168.202.11][21425199] command: 264r IDLE 16:08:17 [192.168.202.11][21425199] command: nqoj IDLE 16:08:17 [192.168.202.11][21425199] command: p516 IDLE 16:08:17 [192.168.202.11][21425199] command: 00dj IDLE 16:08:17 [192.168.202.11][21425199] command: 0oo8 IDLE 16:08:17 [192.168.202.11][21425199] command: 7yc3 IDLE 16:08:17 [192.168.202.11][21425199] command: ex3e IDLE 16:08:17 [192.168.202.11][21425199] command: dyw0 IDLE 16:08:17 [192.168.202.11][21425199] command: qy06 IDLE 16:08:17 [192.168.202.11][21425199] command: 6opb IDLE 16:08:17 [192.168.202.11][21425199] command: oxnm IDLE 16:08:17 [192.168.202.11][21425199] command: wiqm IDLE 16:08:17 [192.168.202.11][21425199] command: 74jg IDLE 16:08:17 [192.168.202.11][21425199] command: r750 IDLE My dovecot -n config: # 2.2.25 (7be1766): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-642.1.1.el6.x86_64 x86_64 CentOS release 6.8 (Final) auth_cache_negative_ttl = 0 auth_cache_ttl = 0 auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain base_dir = /var/run/dovecot/ debug_log_path = /var/log/dovecot/debug.log disable_plaintext_auth = no info_log_path = /var/log/dovecot/info.log log_path = /var/log/dovecot/dovecot.log passdb { args = /usr/local/etc/dovecot/conf.d/10-mysql.conf driver = sql } protocols = pop3 imap service imap-login { service_count = 0 vsz_limit = 512 M } service pop3-login { process_min_avail = 1 service_count = 0 } ssl_ca = References: <8342cb2ec3f04318b0da8c4d73b0bdef@inetweb.com.br> Message-ID: On 23 Aug 2016, at 15:08, cleber-listas at inetweb.com.br wrote: > > Hello Guys, > I guess that I found a bug in Dovecot 2.2.18 and 2.2.25 versions. The > problem it's when I try to connect in a Dovecot used a proxy to another > e-mail server (in our case it's a Smartermail Server) the DoveCot send a > lot of IDLE commands to the destination server. With that, the LOG files > grow and grow and grow :( > > I make a test with 1 connection only and if you see the log file in the > same second the dovecot send 25, 40 IDLE commands. But, when I disconnect > the client (outlook 2013) the dovecot continue to send the IDLE command for > some seconds. After login Dovecot proxy no longer understands anything about the traffic. It simply keeps proxying the IMAP traffic between the client and server. So Dovecot isn't the one generating the IDLE commands, it's Outlook. > If I try to connect directly to Smartermail with Outlook this don't > occurrs. That is stranger then. Maybe it has something to do with having a different CAPABILITY response. You could try setting imap_capability setting to same as what Smartermail announces. Other than that I can't really think of anything specific that you could do or we could fix on Dovecot code. From tanstaafl at libertytrek.org Wed Aug 24 12:08:59 2016 From: tanstaafl at libertytrek.org (Tanstaafl) Date: Wed, 24 Aug 2016 08:08:59 -0400 Subject: virtual users, mailer daemon send mails to non existant recipient and dovecot store it In-Reply-To: References: Message-ID: <52065dfe-b710-c685-0f18-f55baf44220b@libertytrek.org> On 8/23/2016 11:57 AM, Sam wrote: > The problem is that the sender of the spam as something like > voicemail at ourdomain.fr ( the user voicemail doesn't exist in our database ) > > And sometimes dovecot create the directory and store the reply 's mail... 1. Don't accept mail for non-existent (invalid) users 2. Don't accept mail from domains that you control that don't originate from your smtp server(s) Problem solved. From tanstaafl at libertytrek.org Wed Aug 24 12:20:24 2016 From: tanstaafl at libertytrek.org (Tanstaafl) Date: Wed, 24 Aug 2016 08:20:24 -0400 Subject: Sub addressing delimiters In-Reply-To: <5e6fe5d039da2e423a351f69a71e4ce1@va1der.ca> References: <5e6fe5d039da2e423a351f69a71e4ce1@va1der.ca> Message-ID: <157b1344-cf72-c60e-62ff-f7a31a491867@libertytrek.org> On 8/23/2016 4:42 PM, Kurt Fitzner wrote: > There is a disconnect between the way Postfix handles > recipient_delimiter and the way Dovecot handles it. For Postfix, it is > a set of delimiters that can each individually be used to separate the > address from the . In Dovecot, having multiple characters in > recipient_delimiters simply makes it a multi-character single delimiter. > > For my purposes, the Postfix method is much more versatile. Extra > delimiters can be added without breaking the way users currently have > delimiters. Objection: assumes facts not in evidence. This is the way it is supposed to work now in dovecot, so, either it is now broken, was always broken (I haven't had an opportunity to test it since I was forced to migrate our email server to Office365 last year), or you are not doing it right. But we'd need to see your config to make that determination... From tanstaafl at libertytrek.org Wed Aug 24 12:26:40 2016 From: tanstaafl at libertytrek.org (Tanstaafl) Date: Wed, 24 Aug 2016 08:26:40 -0400 Subject: virtual users, mailer daemon send mails to non existant recipient and dovecot store it In-Reply-To: <52065dfe-b710-c685-0f18-f55baf44220b@libertytrek.org> References: <52065dfe-b710-c685-0f18-f55baf44220b@libertytrek.org> Message-ID: On 8/24/2016 8:08 AM, Tanstaafl wrote: > 2. Don't accept mail from domains that you control that don't originate > from your smtp server(s) > > Problem solved. Oops, that should of course read: 2. Don't accept mail that is both TO & FROM a (the same) domain that you control that doesn't originate from your SMTP server(s) From cleber-listas at inetweb.com.br Wed Aug 24 14:30:50 2016 From: cleber-listas at inetweb.com.br (Cleber @ Listas) Date: Wed, 24 Aug 2016 11:30:50 -0300 Subject: RES: Possible IMAP IDLE bug in Dovecot 2.2.18 and 2.2.25 In-Reply-To: <47fc8045-b609-039c-a446-8c3810d8c67a@dovecot.fi> References: <8342cb2ec3f04318b0da8c4d73b0bdef@inetweb.com.br> <4baf627e-c7af-8202-5955-0ea274ed3910@dovecot.fi> <47fc8045-b609-039c-a446-8c3810d8c67a@dovecot.fi> Message-ID: <000101d1fe14$1cecd860$56c68920$@inetweb.com.br> Hello Aki, The Smartermail don't support IDLE command at CAPABILITY: Dovecot: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. Smartermail: * CAPABILITY IMAP4rev1 AUTH=CRAM-MD5 UIDPLUS QUOTA XLIST CHILDREN In this case, would not the because Dovecot send the IDLE command to SmarterMail. -----Mensagem original----- De: dovecot [mailto:dovecot-bounces at dovecot.org] Em nome de Aki Tuomi Enviada em: ter?a-feira, 23 de agosto de 2016 13:25 Para: dovecot at dovecot.org Assunto: Re: Possible IMAP IDLE bug in Dovecot 2.2.18 and 2.2.25 On 23.08.2016 19:15, Aki Tuomi wrote: > > > On 23.08.2016 15:08, cleber-listas at inetweb.com.br wrote: >> Hello Guys, >> I guess that I found a bug in Dovecot 2.2.18 and 2.2.25 versions. >> The problem it's when I try to connect in a Dovecot used a proxy to >> another e-mail server (in our case it's a Smartermail Server) the >> DoveCot send a lot of IDLE commands to the destination server. With >> that, the LOG files grow and grow and grow :( >> I make a test with 1 connection only and if you see the log file >> in the same second the dovecot send 25, 40 IDLE commands. But, when I >> disconnect the client (outlook 2013) the dovecot continue to send the >> IDLE command for some seconds. >> If I try to connect directly to Smartermail with Outlook this >> don't occurrs. >> > > Just to be sure, the behaviour you are expecting is that IDLE is not > used, right? > > Aki Also, looking at the code, IDLE is only used if your server claims to understand it, so could you do following: telnet backend-host backend-port a CAPABILITY a LOGIN username password a CAPABILITY a LOGOUT and provide the output. Aki From cleber-listas at inetweb.com.br Wed Aug 24 14:43:16 2016 From: cleber-listas at inetweb.com.br (Cleber @ Listas) Date: Wed, 24 Aug 2016 11:43:16 -0300 Subject: RES: Possible IMAP IDLE bug in Dovecot 2.2.18 and 2.2.25 In-Reply-To: References: <8342cb2ec3f04318b0da8c4d73b0bdef@inetweb.com.br> Message-ID: <000201d1fe15$d92e6600$8b8b3200$@inetweb.com.br> Hello Timo, The capability result from dovecot and Smartermail: Dovecot: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. Smartermail: * CAPABILITY IMAP4rev1 AUTH=CRAM-MD5 UIDPLUS QUOTA XLIST CHILDREN If I connect directly to Smartermail the Outlook don't send the IDLE command (only NOOP, because the Smartermail don't send the IDLE in CAPABILITY). But, it's with time interval better than from Dovecot (a lot in same second) 10:25:11 [201.74.248.186][57965505] connected at 24/08/2016 10:25:11 10:25:11 [201.74.248.186][57965505] command: 1ope CAPABILITY 10:25:11 [201.74.248.186][57965505] command: 9mv2 LOGIN "myaccount at mydomain" XXXX 10:25:11 [201.74.248.186][57965505] myaccount at mydomain logged in 10:25:11 [201.74.248.186][57965505] command: rvzd LSUB "" "*" 10:25:11 [201.74.248.186][57965505] command: rh9g SELECT "INBOX" 10:25:11 [201.74.248.186][57965505] response: * 919 EXISTS 10:25:11 [201.74.248.186][57965505] response: * 0 RECENT 10:25:11 [201.74.248.186][57965505] response: * OK [UNSEEN 904] Message 904 is first unseen 10:25:11 [201.74.248.186][57965505] response: * OK [UIDVALIDITY 1] UIDs valid 10:25:11 [201.74.248.186][57965505] response: * OK [UIDNEXT 26849] Predicted next UID 10:25:11 [201.74.248.186][57965505] response: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) 10:25:11 [201.74.248.186][57965505] response: * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft)] 10:25:11 [201.74.248.186][57965505] response: rh9g OK [READ-WRITE] SELECT completed 10:25:11 [201.74.248.186][57965505] command: ve5e FETCH 919 (UID) 10:25:11 [201.74.248.186][57965505] command: 8ixa UID FETCH 1:26848 (UID FLAGS) 10:25:14 [201.74.248.186][57965505] command: t874 UID STORE 26846 +FLAGS.SILENT (\Seen) 10:26:32 [201.74.248.186][57965505] command: rmcb NOOP 10:26:32 [201.74.248.186][57965505] response: rmcb OK NOOP completed 10:28:39 [201.74.248.186][57965505] command: qs5n NOOP 10:28:39 [201.74.248.186][57965505] response: qs5n OK NOOP Completed 10:31:01 [201.74.248.186][57965505] command: k9v0 NOOP 10:31:01 [201.74.248.186][57965505] response: k9v0 OK NOOP completed 10:33:01 [201.74.248.186][57965505] command: vw8w NOOP 10:33:01 [201.74.248.186][57965505] response: vw8w OK NOOP completed 10:35:01 [201.74.248.186][57965505] command: qhag NOOP 10:35:01 [201.74.248.186][57965505] response: qhag OK NOOP completed 10:37:01 [201.74.248.186][57965505] command: so7b NOOP 10:37:01 [201.74.248.186][57965505] response: so7b OK NOOP completed 10:39:01 [201.74.248.186][57965505] command: wclw NOOP 10:39:01 [201.74.248.186][57965505] response: wclw OK NOOP completed 10:39:36 [201.74.248.186][13534103] disconnected at 24/08/2016 10:39:36 -----Mensagem original----- De: dovecot [mailto:dovecot-bounces at dovecot.org] Em nome de Timo Sirainen Enviada em: quarta-feira, 24 de agosto de 2016 06:49 Para: cleber-listas at inetweb.com.br Cc: dovecot at dovecot.org Assunto: Re: Possible IMAP IDLE bug in Dovecot 2.2.18 and 2.2.25 On 23 Aug 2016, at 15:08, cleber-listas at inetweb.com.br wrote: > > Hello Guys, > I guess that I found a bug in Dovecot 2.2.18 and 2.2.25 versions. The > problem it's when I try to connect in a Dovecot used a proxy to > another e-mail server (in our case it's a Smartermail Server) the > DoveCot send a lot of IDLE commands to the destination server. With > that, the LOG files grow and grow and grow :( > > I make a test with 1 connection only and if you see the log file in > the same second the dovecot send 25, 40 IDLE commands. But, when I > disconnect the client (outlook 2013) the dovecot continue to send the > IDLE command for some seconds. After login Dovecot proxy no longer understands anything about the traffic. It simply keeps proxying the IMAP traffic between the client and server. So Dovecot isn't the one generating the IDLE commands, it's Outlook. > If I try to connect directly to Smartermail with Outlook this don't > occurrs. That is stranger then. Maybe it has something to do with having a different CAPABILITY response. You could try setting imap_capability setting to same as what Smartermail announces. Other than that I can't really think of anything specific that you could do or we could fix on Dovecot code. From aki.tuomi at dovecot.fi Wed Aug 24 14:51:08 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 24 Aug 2016 17:51:08 +0300 (EEST) Subject: RES: Possible IMAP IDLE bug in Dovecot 2.2.18 and 2.2.25 In-Reply-To: <000201d1fe15$d92e6600$8b8b3200$@inetweb.com.br> References: <8342cb2ec3f04318b0da8c4d73b0bdef@inetweb.com.br> <000201d1fe15$d92e6600$8b8b3200$@inetweb.com.br> Message-ID: <521906438.574.1472050268994@appsuite-dev.open-xchange.com> You should probably update your proxy to provide the same capability list to your clients as your SmarterMail backend (with few extra things). That is imap_capability = IMAP4rev1 STARTTLS UIDPLUS QUOTA XLIST CHILDREN AUTH=PLAIN AUTH=LOGIN Aki > On August 24, 2016 at 5:43 PM "Cleber @ Listas" wrote: > > > Hello Timo, > > The capability result from dovecot and Smartermail: > > Dovecot: > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. > > Smartermail: > * CAPABILITY IMAP4rev1 AUTH=CRAM-MD5 UIDPLUS QUOTA XLIST CHILDREN > > If I connect directly to Smartermail the Outlook don't send the IDLE command > (only NOOP, because the Smartermail don't send the IDLE in CAPABILITY). > But, it's with time interval better than from Dovecot (a lot in same second) > > 10:25:11 [201.74.248.186][57965505] connected at 24/08/2016 10:25:11 > 10:25:11 [201.74.248.186][57965505] command: 1ope CAPABILITY > 10:25:11 [201.74.248.186][57965505] command: 9mv2 LOGIN "myaccount at mydomain" > XXXX > 10:25:11 [201.74.248.186][57965505] myaccount at mydomain logged in > 10:25:11 [201.74.248.186][57965505] command: rvzd LSUB "" "*" > 10:25:11 [201.74.248.186][57965505] command: rh9g SELECT "INBOX" > 10:25:11 [201.74.248.186][57965505] response: * 919 EXISTS > 10:25:11 [201.74.248.186][57965505] response: * 0 RECENT > 10:25:11 [201.74.248.186][57965505] response: * OK [UNSEEN 904] Message 904 > is first unseen > 10:25:11 [201.74.248.186][57965505] response: * OK [UIDVALIDITY 1] UIDs > valid > 10:25:11 [201.74.248.186][57965505] response: * OK [UIDNEXT 26849] Predicted > next UID > 10:25:11 [201.74.248.186][57965505] response: * FLAGS (\Answered \Flagged > \Deleted \Seen \Draft) > 10:25:11 [201.74.248.186][57965505] response: * OK [PERMANENTFLAGS > (\Answered \Flagged \Deleted \Seen \Draft)] > 10:25:11 [201.74.248.186][57965505] response: rh9g OK [READ-WRITE] SELECT > completed > 10:25:11 [201.74.248.186][57965505] command: ve5e FETCH 919 (UID) > 10:25:11 [201.74.248.186][57965505] command: 8ixa UID FETCH 1:26848 (UID > FLAGS) > 10:25:14 [201.74.248.186][57965505] command: t874 UID STORE 26846 > +FLAGS.SILENT (\Seen) > 10:26:32 [201.74.248.186][57965505] command: rmcb NOOP > 10:26:32 [201.74.248.186][57965505] response: rmcb OK NOOP completed > 10:28:39 [201.74.248.186][57965505] command: qs5n NOOP > 10:28:39 [201.74.248.186][57965505] response: qs5n OK NOOP Completed > 10:31:01 [201.74.248.186][57965505] command: k9v0 NOOP > 10:31:01 [201.74.248.186][57965505] response: k9v0 OK NOOP completed > 10:33:01 [201.74.248.186][57965505] command: vw8w NOOP > 10:33:01 [201.74.248.186][57965505] response: vw8w OK NOOP completed > 10:35:01 [201.74.248.186][57965505] command: qhag NOOP > 10:35:01 [201.74.248.186][57965505] response: qhag OK NOOP completed > 10:37:01 [201.74.248.186][57965505] command: so7b NOOP > 10:37:01 [201.74.248.186][57965505] response: so7b OK NOOP completed > 10:39:01 [201.74.248.186][57965505] command: wclw NOOP > 10:39:01 [201.74.248.186][57965505] response: wclw OK NOOP completed > 10:39:36 [201.74.248.186][13534103] disconnected at 24/08/2016 10:39:36 > > > > > > -----Mensagem original----- > De: dovecot [mailto:dovecot-bounces at dovecot.org] Em nome de Timo Sirainen > Enviada em: quarta-feira, 24 de agosto de 2016 06:49 > Para: cleber-listas at inetweb.com.br > Cc: dovecot at dovecot.org > Assunto: Re: Possible IMAP IDLE bug in Dovecot 2.2.18 and 2.2.25 > > On 23 Aug 2016, at 15:08, cleber-listas at inetweb.com.br wrote: > > > > Hello Guys, > > I guess that I found a bug in Dovecot 2.2.18 and 2.2.25 versions. The > > problem it's when I try to connect in a Dovecot used a proxy to > > another e-mail server (in our case it's a Smartermail Server) the > > DoveCot send a lot of IDLE commands to the destination server. With > > that, the LOG files grow and grow and grow :( > > > > I make a test with 1 connection only and if you see the log file in > > the same second the dovecot send 25, 40 IDLE commands. But, when I > > disconnect the client (outlook 2013) the dovecot continue to send the > > IDLE command for some seconds. > > After login Dovecot proxy no longer understands anything about the traffic. > It simply keeps proxying the IMAP traffic between the client and server. So > Dovecot isn't the one generating the IDLE commands, it's Outlook. > > > If I try to connect directly to Smartermail with Outlook this don't > > occurrs. > > That is stranger then. Maybe it has something to do with having a different > CAPABILITY response. You could try setting imap_capability setting to same > as what Smartermail announces. Other than that I can't really think of > anything specific that you could do or we could fix on Dovecot code. From cleber-listas at inetweb.com.br Wed Aug 24 15:16:47 2016 From: cleber-listas at inetweb.com.br (Cleber @ Listas) Date: Wed, 24 Aug 2016 12:16:47 -0300 Subject: RES: RES: Possible IMAP IDLE bug in Dovecot 2.2.18 and 2.2.25 In-Reply-To: <521906438.574.1472050268994@appsuite-dev.open-xchange.com> References: <8342cb2ec3f04318b0da8c4d73b0bdef@inetweb.com.br> <000201d1fe15$d92e6600$8b8b3200$@inetweb.com.br> <521906438.574.1472050268994@appsuite-dev.open-xchange.com> Message-ID: <000901d1fe1a$87e52040$97af60c0$@inetweb.com.br> Hello Aki and Timo, I disable the IDLE at CAPABILITY in Dovecot and solved my problem: imap_capability = LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE -----Mensagem original----- De: Aki Tuomi [mailto:aki.tuomi at dovecot.fi] Enviada em: quarta-feira, 24 de agosto de 2016 11:51 Para: Dovecot Mailing List ; Cleber @ Listas Assunto: Re: RES: Possible IMAP IDLE bug in Dovecot 2.2.18 and 2.2.25 You should probably update your proxy to provide the same capability list to your clients as your SmarterMail backend (with few extra things). That is imap_capability = IMAP4rev1 STARTTLS UIDPLUS QUOTA XLIST CHILDREN AUTH=PLAIN AUTH=LOGIN Aki > On August 24, 2016 at 5:43 PM "Cleber @ Listas" wrote: > > > Hello Timo, > > The capability result from dovecot and Smartermail: > > Dovecot: > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. > > Smartermail: > * CAPABILITY IMAP4rev1 AUTH=CRAM-MD5 UIDPLUS QUOTA XLIST CHILDREN > > If I connect directly to Smartermail the Outlook don't send the IDLE > command (only NOOP, because the Smartermail don't send the IDLE in CAPABILITY). > But, it's with time interval better than from Dovecot (a lot in same > second) > > 10:25:11 [201.74.248.186][57965505] connected at 24/08/2016 10:25:11 > 10:25:11 [201.74.248.186][57965505] command: 1ope CAPABILITY > 10:25:11 [201.74.248.186][57965505] command: 9mv2 LOGIN "myaccount at mydomain" > XXXX > 10:25:11 [201.74.248.186][57965505] myaccount at mydomain logged in > 10:25:11 [201.74.248.186][57965505] command: rvzd LSUB "" "*" > 10:25:11 [201.74.248.186][57965505] command: rh9g SELECT "INBOX" > 10:25:11 [201.74.248.186][57965505] response: * 919 EXISTS > 10:25:11 [201.74.248.186][57965505] response: * 0 RECENT > 10:25:11 [201.74.248.186][57965505] response: * OK [UNSEEN 904] > Message 904 is first unseen > 10:25:11 [201.74.248.186][57965505] response: * OK [UIDVALIDITY 1] > UIDs valid > 10:25:11 [201.74.248.186][57965505] response: * OK [UIDNEXT 26849] > Predicted next UID > 10:25:11 [201.74.248.186][57965505] response: * FLAGS (\Answered > \Flagged \Deleted \Seen \Draft) > 10:25:11 [201.74.248.186][57965505] response: * OK [PERMANENTFLAGS > (\Answered \Flagged \Deleted \Seen \Draft)] > 10:25:11 [201.74.248.186][57965505] response: rh9g OK [READ-WRITE] > SELECT completed > 10:25:11 [201.74.248.186][57965505] command: ve5e FETCH 919 (UID) > 10:25:11 [201.74.248.186][57965505] command: 8ixa UID FETCH 1:26848 > (UID > FLAGS) > 10:25:14 [201.74.248.186][57965505] command: t874 UID STORE 26846 > +FLAGS.SILENT (\Seen) > 10:26:32 [201.74.248.186][57965505] command: rmcb NOOP > 10:26:32 [201.74.248.186][57965505] response: rmcb OK NOOP completed > 10:28:39 [201.74.248.186][57965505] command: qs5n NOOP > 10:28:39 [201.74.248.186][57965505] response: qs5n OK NOOP Completed > 10:31:01 [201.74.248.186][57965505] command: k9v0 NOOP > 10:31:01 [201.74.248.186][57965505] response: k9v0 OK NOOP completed > 10:33:01 [201.74.248.186][57965505] command: vw8w NOOP > 10:33:01 [201.74.248.186][57965505] response: vw8w OK NOOP completed > 10:35:01 [201.74.248.186][57965505] command: qhag NOOP > 10:35:01 [201.74.248.186][57965505] response: qhag OK NOOP completed > 10:37:01 [201.74.248.186][57965505] command: so7b NOOP > 10:37:01 [201.74.248.186][57965505] response: so7b OK NOOP completed > 10:39:01 [201.74.248.186][57965505] command: wclw NOOP > 10:39:01 [201.74.248.186][57965505] response: wclw OK NOOP completed > 10:39:36 [201.74.248.186][13534103] disconnected at 24/08/2016 > 10:39:36 > > > > > > -----Mensagem original----- > De: dovecot [mailto:dovecot-bounces at dovecot.org] Em nome de Timo > Sirainen Enviada em: quarta-feira, 24 de agosto de 2016 06:49 > Para: cleber-listas at inetweb.com.br > Cc: dovecot at dovecot.org > Assunto: Re: Possible IMAP IDLE bug in Dovecot 2.2.18 and 2.2.25 > > On 23 Aug 2016, at 15:08, cleber-listas at inetweb.com.br wrote: > > > > Hello Guys, > > I guess that I found a bug in Dovecot 2.2.18 and 2.2.25 versions. > > The problem it's when I try to connect in a Dovecot used a proxy to > > another e-mail server (in our case it's a Smartermail Server) the > > DoveCot send a lot of IDLE commands to the destination server. With > > that, the LOG files grow and grow and grow :( > > > > I make a test with 1 connection only and if you see the log file in > > the same second the dovecot send 25, 40 IDLE commands. But, when I > > disconnect the client (outlook 2013) the dovecot continue to send > > the IDLE command for some seconds. > > After login Dovecot proxy no longer understands anything about the traffic. > It simply keeps proxying the IMAP traffic between the client and > server. So Dovecot isn't the one generating the IDLE commands, it's Outlook. > > > If I try to connect directly to Smartermail with Outlook this don't > > occurrs. > > That is stranger then. Maybe it has something to do with having a > different CAPABILITY response. You could try setting imap_capability > setting to same as what Smartermail announces. Other than that I can't > really think of anything specific that you could do or we could fix on Dovecot code. From doctor at doctor.nl2k.ab.ca Wed Aug 24 16:40:20 2016 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Wed, 24 Aug 2016 10:40:20 -0600 Subject: Possible IMAP IDLE bug in Dovecot 2.2.18 and 2.2.25 In-Reply-To: References: <8342cb2ec3f04318b0da8c4d73b0bdef@inetweb.com.br> Message-ID: <20160824164020.hx4jqxejiuvdxje4@doctor.nl2k.ab.ca> On Wed, Aug 24, 2016 at 12:49:02PM +0300, Timo Sirainen wrote: > On 23 Aug 2016, at 15:08, cleber-listas at inetweb.com.br wrote: > > > > Hello Guys, > > I guess that I found a bug in Dovecot 2.2.18 and 2.2.25 versions. The > > problem it's when I try to connect in a Dovecot used a proxy to another > > e-mail server (in our case it's a Smartermail Server) the DoveCot send a > > lot of IDLE commands to the destination server. With that, the LOG files > > grow and grow and grow :( > > > > I make a test with 1 connection only and if you see the log file in the > > same second the dovecot send 25, 40 IDLE commands. But, when I disconnect > > the client (outlook 2013) the dovecot continue to send the IDLE command for > > some seconds. > > After login Dovecot proxy no longer understands anything about the traffic. It simply keeps proxying the IMAP traffic between the client and server. So Dovecot isn't the one generating the IDLE commands, it's Outlook. > > > If I try to connect directly to Smartermail with Outlook this don't > > occurrs. > > That is stranger then. Maybe it has something to do with having a different CAPABILITY response. You could try setting imap_capability setting to same as what Smartermail announces. Other than that I can't really think of anything specific that you could do or we could fix on Dovecot code. Older Outlook client software is simply just not keeping up to standard. Unless M$ cares to remove SSL2 and SSL3 support from their software, it is easier just to update your client e-mail software which is more current and compliant to recent 2015+ standarnds. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Time for the USA to hold a referendum on its republic and vote to dissolve!! From kamil.madac at gmail.com Wed Aug 24 18:39:57 2016 From: kamil.madac at gmail.com (Kamil Madac) Date: Wed, 24 Aug 2016 20:39:57 +0200 Subject: maildirsize not correct In-Reply-To: <57BCC803.7040709@carpenter.org> References: <57BCC803.7040709@carpenter.org> Message-ID: Thanks, but this is most probably different issue. My maildirsize is computed incorrectly even if I delete it completely and let dovead recompute it so expunging is not in the game. Is there any way how to track/debug the recomputation algorithm in dovecot? On Wed, Aug 24, 2016 at 12:02 AM, WJCarpenter wrote: > A long shot, but here's how I experienced similar symptoms: > http://www.dovecot.org/list/dovecot/2016-April/104091.html > > > > Kamil Madac wrote on 08/23/2016 02:02 PM: > >> Hi, >> >> One of my email accounts has 1,5gb of emails in INBOX, but maildirsize >> shows only 528mb. 'du' also shows 1,5gb and there are 3809 files in cur >> directory. >> >> When I use mailbox status a can see correct values: >> >> doveadm -f table mailbox status -u user at domain.sk "messages vsize" INBOX* >> messages >> vsize >> >> INBOX 3809 1521049349 >> >> but when I check the quotas with doveadm: >> >> doveadm quota get -u user at domain.sk >> Quota name Type Value >> Limit >> % >> User quota STORAGE 541391 >> 2048000 >> 26 >> User quota MESSAGE 886 >> - >> 0 >> >> I tried to delete maildirsize, but it was recalculated again incorrectly. >> >> 2097152000S >> 554384829 886 >> >> Dovecot version is 2.2.9 installed from packages on Ubuntu 14.04 >> I have other accounts on server which are have no problems with >> maildirsize >> and quotas. Does anyone have same experience? >> >> Kamil >> > -- Kamil Madac From aki.tuomi at dovecot.fi Thu Aug 25 05:32:04 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Thu, 25 Aug 2016 08:32:04 +0300 Subject: maildirsize not correct In-Reply-To: References: <57BCC803.7040709@carpenter.org> Message-ID: <0fc1e457-a767-4127-4761-a201810ae8ba@dovecot.fi> Are you using quota_vsizes=yes? Aki On 24.08.2016 21:39, Kamil Madac wrote: > Thanks, but this is most probably different issue. My maildirsize is > computed incorrectly even if I delete it completely and let dovead > recompute it so expunging is not in the game. > > Is there any way how to track/debug the recomputation algorithm in dovecot? > > On Wed, Aug 24, 2016 at 12:02 AM, WJCarpenter > wrote: > >> A long shot, but here's how I experienced similar symptoms: >> http://www.dovecot.org/list/dovecot/2016-April/104091.html >> >> >> >> Kamil Madac wrote on 08/23/2016 02:02 PM: >> >>> Hi, >>> >>> One of my email accounts has 1,5gb of emails in INBOX, but maildirsize >>> shows only 528mb. 'du' also shows 1,5gb and there are 3809 files in cur >>> directory. >>> >>> When I use mailbox status a can see correct values: >>> >>> doveadm -f table mailbox status -u user at domain.sk "messages vsize" INBOX* >>> messages >>> vsize >>> >>> INBOX 3809 1521049349 >>> >>> but when I check the quotas with doveadm: >>> >>> doveadm quota get -u user at domain.sk >>> Quota name Type Value >>> Limit >>> % >>> User quota STORAGE 541391 >>> 2048000 >>> 26 >>> User quota MESSAGE 886 >>> - >>> 0 >>> >>> I tried to delete maildirsize, but it was recalculated again incorrectly. >>> >>> 2097152000S >>> 554384829 886 >>> >>> Dovecot version is 2.2.9 installed from packages on Ubuntu 14.04 >>> I have other accounts on server which are have no problems with >>> maildirsize >>> and quotas. Does anyone have same experience? >>> >>> Kamil >>> > From aki.tuomi at dovecot.fi Thu Aug 25 07:29:58 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Thu, 25 Aug 2016 10:29:58 +0300 Subject: Panic: file mail-transaction-log-file.c: line 104 (mail_transaction_log_file_free): assertion failed: (!file->locked) In-Reply-To: <201607140956.35987.arekm@maven.pl> References: <201607140956.35987.arekm@maven.pl> Message-ID: On 14.07.2016 10:56, Arkadiusz Mi?kiewicz wrote: > 2.2.25 (also happens on 2.2.24). Happens every time I try to make deliver > and only for this user: > > Jul 14 09:52:02 mbox dovecot: lmtp(25601): Connect from local > Jul 14 09:52:02 mbox dovecot: lmtp(powiadomienia): session=, Error: Index /var/mail/powiadomienia/dovecot.index: Lost log for seq=1009 offset=40: Missing middle file seq=1009 (between > 1009..4294967295) > Jul 14 09:52:02 mbox dovecot: lmtp(powiadomienia): session=, Warning: fscking index file /var/mail/powiadomienia/dovecot.index > Jul 14 09:52:02 mbox dovecot: lmtp(powiadomienia): session=, Error: Fixed index file /var/mail/powiadomienia/dovecot.index: log_file_seq 1009 -> 1011 > Jul 14 09:52:02 mbox dovecot: lmtp(powiadomienia): session=, Panic: file mail-transaction-log-file.c: line 104 (mail_transaction_log_file_free): assertion failed: (!file->locked) > Jul 14 09:52:02 mbox dovecot: lmtp(powiadomienia): session=, Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x8d7d2) [0x7feb89fc97d2] -> /usr/lib64/dovecot/libdovecot.so.0(+0x8d8bd) > [0x7feb89fc98bd] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7feb89f67e31] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_transaction_log_file_free+0x160) [0x7feb8a331fa0] -> /usr/lib64/dovecot/libdovecot- > storage.so.0(mail_transaction_logs_clean+0x4d) [0x7feb8a3360ed] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_transaction_log_close+0x30) [0x7feb8a336230] -> /usr/lib64/dovecot/libdovecot- > storage.so.0(mail_transaction_log_move_to_memory+0xd5) [0x7feb8a3363e5] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_index_move_to_memory+0xa0) [0x7feb8a330440] -> /usr/lib64/dovecot/libdovecot- > storage.so.0(mail_index_write+0x183) [0x7feb8a32e9d3] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_index_fsck+0xc1f) [0x7feb8a3186ff] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_index_sync_map+0x49b) > [0x7feb8a322eab] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_index_map+0x71) [0x7feb8a31a231] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0xe0fed) [0x7feb8a32ffed] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0xe15f3) > [0x7feb8a3305f3] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_index_open+0x78) [0x7feb8a3306d8] -> /usr/lib64/dovecot/libdovecot-storage.so.0(index_storage_mailbox_open+0x92) [0x7feb8a309202] -> > /usr/lib64/dovecot/libdovecot-storage.so.0(+0x6c0e2) [0x7feb8a2bb0e2] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x6c1c8) [0x7feb8a2bb1c8] -> /usr/lib64/dovecot/plugins/lib20_zlib_plugin.so(+0x2fdc) [0x7feb85697fdc] -> > /usr/lib64/dovecot/libdovecot-storage.so.0(+0x450c6) [0x7feb8a2940c6] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_open+0x20) [0x7feb8a294240] -> /usr/lib64/dovecot/libdovecot-lda.so.0(mail_deliver_save_open+0xad) > [0x7feb8a58d1ad] -> /usr/lib64/dovecot/libdovecot-lda.so.0(mail_deliver_save+0xbb) [0x7feb8a58d48b] -> /usr/lib64/dovecot/libdovecot-lda.so.0(mail_deliver+0x123) [0x7feb8a58d9e3] -> dovecot/lmtp [DATA powiadomienia]() [0x406bc8] > -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x4c) [0x7feb89fdd67c] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x101) [0x7feb89fdeb01] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) > [0x7feb89fdd705] > Jul 14 09:52:02 mbox dovecot: lmtp(powiadomienia): session=, Fatal: master: service(lmtp): child 25601 killed with signal 6 (core dumps disabled) > > Hi! Are you still able to reproduce this? Any hope for backtrace with gdb? gdb /path/to/binary /path/to/core bt full Aki From scottwsx96 at gmail.com Thu Aug 25 18:54:07 2016 From: scottwsx96 at gmail.com (Scott W. Sander) Date: Thu, 25 Aug 2016 18:54:07 +0000 Subject: Change dovecot hostname In-Reply-To: References: <148D76FB-4247-4BA9-AE43-9A3FB021726B@dovecot.fi> Message-ID: Edgar, /etc/hostname has "appserver4". I'm using this server for more than just a postfix+Dovecot server, so don't want to name it "mail.domain.test". In any case, I already solved the issue I was having by adding "hostname = mail.domain.test" to /etc/dovecot/10-master.conf and reloading the configuration. Easy-peasy, just doesn't appear to be well documented. --- Scott On Tue, Aug 23, 2016 at 7:35 PM Edgar Pettijohn wrote: > I'm chiming in kind of late, but what's in /etc/hostname? > > Sent from my iPhone > > > On Aug 23, 2016, at 6:03 PM, Scott W. Sander > wrote: > > > > Well, I tried setting the following in /etc/environment and restarting > the > > server: > > > > DOVECOT_HOSTDOMAIN="mail.domain.test" > > > > After doing so, I verified that the command "dovecot --hostdomain" > returned > > "mail.domain.test" and not "appserver4.domain.com"; however, the email > > received header still shows: > > > > Received: from mail.domain.test by appserver4.domain.com (Dovecot) with > > LMTP id .... > > > > I also tried adding the following line to > > /etc/dovecot/conf.d/10-master.conf and restarting the dovecot service: > > > > hostname = mail.domain.test > > > > doveconf shows that "hostname = mail.domain.test", and now the received > > headers show: > > > > Received: from mail.domain.test by mail.domain.test (Dovecot) with LMTP > id > > .... > > > > So it seems that "hostname" is a valid, respected Dovecot directive. > > > > --- > > Scott > > > > > > > >> On Tue, Aug 23, 2016 at 4:58 AM Sami Ketola > wrote: > >> > >> Hi, > >> > >> Looking at the source code it seems that the fqdn used in the lmtp > >> received headers is > >> fetched from environment variable DOVECOT_HOSTDOMAIN and if that is not > >> defined > >> gethostbyname() is used. > >> > >> You can try setting that prior launching dovecot. > >> > >> Sami > >> > >> > >>> On 19 Aug 2016, at 21:43, Scott W. Sander > wrote: > >>> > >>> I have noticed that the name of my private server running dovecot > appears > >>> in email headers rather than the public-friendly name of my server. > >>> > >>> Is there a method to specify an alternate server name for the dovecot > >>> server to use for itself in the dovecot configuration files? I > >> performed a > >>> few Google searches and was not able to find the answer to my question. > >>> > >>> ------- > >>> > >>> user at server1:~$ dovecot --version > >>> 2.2.9 > >>> user at server1:~$ dovecot -n > >>> # 2.2.9: /etc/dovecot/dovecot.conf > >>> # OS: Linux 3.16.0-77-generic x86_64 Ubuntu 14.04.4 LTS ext4 > >>> auth_mechanisms = plain login > >>> info_log_path = /var/log/dovecot.log > >>> log_path = /var/log/dovecot.log > >>> mail_location = maildir:/var/mail/vhosts/%d/%n > >>> namespace inbox { > >>> inbox = yes > >>> location = > >>> mailbox Drafts { > >>> special_use = \Drafts > >>> } > >>> mailbox Junk { > >>> special_use = \Junk > >>> } > >>> mailbox Sent { > >>> special_use = \Sent > >>> } > >>> mailbox "Sent Messages" { > >>> special_use = \Sent > >>> } > >>> mailbox Trash { > >>> special_use = \Trash > >>> } > >>> prefix = > >>> } > >>> passdb { > >>> args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users > >>> driver = passwd-file > >>> } > >>> protocols = " imap lmtp pop3" > >>> service auth { > >>> unix_listener /var/spool/postfix/private/auth { > >>> group = postfix > >>> mode = 0666 > >>> user = postfix > >>> } > >>> } > >>> service imap-login { > >>> inet_listener imaps { > >>> port = 993 > >>> ssl = yes > >>> } > >>> } > >>> service lmtp { > >>> unix_listener /var/spool/postfix/private/dovecot-lmtp { > >>> group = postfix > >>> mode = 0600 > >>> user = postfix > >>> } > >>> } > >>> service pop3-login { > >>> inet_listener pop3s { > >>> port = 995 > >>> ssl = yes > >>> } > >>> } > >>> ssl = required > >>> ssl_cert = >>> ssl_key = >>> userdb { > >>> args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n > >>> driver = static > >>> } > >> > From spiro at siriush.com Thu Aug 25 21:00:53 2016 From: spiro at siriush.com (Spiro Angeli) Date: Thu, 25 Aug 2016 23:00:53 +0200 Subject: Help setting up IMAP account in Outlook 2016 Message-ID: <001d01d1ff13$c4f1fdb0$4ed5f910$@siriush.com> Hi, I need help setting up properly mail clients for my email accounts running on dovecot ver 2.2.18 on CentOS release 6.8 (Final) in italian. I posted a forum thread where you can get all detail info: this for better reading. Forum thread subject: Help setting up IMAP account in Outlook 2016 Forum link: http://www.emailquestions.com/threads/help-setting-up-imap-account-in-outloo k-2016.13439 I was advised to " ask dovecot list for help with the IMAP server. " Thank you, Spiro From ruga at protonmail.com Thu Aug 25 22:43:45 2016 From: ruga at protonmail.com (Ruga) Date: Thu, 25 Aug 2016 18:43:45 -0400 Subject: Allow selection of safe curves in dovecot Message-ID: http://safecurves.cr.yp.to From me at junc.eu Thu Aug 25 23:13:37 2016 From: me at junc.eu (Benny Pedersen) Date: Fri, 26 Aug 2016 01:13:37 +0200 Subject: Allow selection of safe curves in dovecot In-Reply-To: References: Message-ID: <96c307c7a2cbf8ebbf1cafd52ded93fe@junc.eu> On 2016-08-26 00:43, Ruga wrote: > http://safecurves.cr.yp.to question ? Authentication-Results: linode.junc.eu; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=protonmail.com header.i=@protonmail.com header.b=Hb4SEXJP; dkim-atps=neutral did this millist here break dkim ? dnssec fails, and dkim fails From per at computer.org Fri Aug 26 07:35:22 2016 From: per at computer.org (Per Jessen) Date: Fri, 26 Aug 2016 09:35:22 +0200 Subject: Help setting up IMAP account in Outlook 2016 References: <001d01d1ff13$c4f1fdb0$4ed5f910$@siriush.com> Message-ID: Spiro Angeli wrote: > Hi, > I need help setting up properly mail clients for my email accounts > running on dovecot ver 2.2.18 on CentOS release 6.8 (Final) in > italian. I posted a forum thread where you can get all detail info: > this for better reading. > > Forum thread subject: Help setting up IMAP account in Outlook 2016 > Forum link: > http://www.emailquestions.com/threads/help-setting-up-imap-account-in-outloo > k-2016.13439 > > I was advised to " ask dovecot list for help with the IMAP server. " > Hi Spiro IIRC, for a client accessing the same account in multiple languages (English on the iPhone, Italian from Outlook etc), you need to map the language-specific folder names to a single one. E.g. "Posta inviata" to "Sent mail". Look at /etc/dovecot/conf.d/15-mailboxes.conf HTH Per -- Per Jessen, Z?rich (21.8?C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. From hendrik at luecke-tieke.de Thu Aug 25 14:01:48 2016 From: hendrik at luecke-tieke.de (hendrik at luecke-tieke.de) Date: Thu, 25 Aug 2016 16:01:48 +0200 Subject: sieve-filter with duplicate-extension Message-ID: <900a4ac7ff138ee46a91daf7d9550495@luecke-tieke.de> Hi, i have imported a mailbox twice (accentially). Now i thought, it might be a valid approach to simply use a custom sieve rule to mark duplicates using the attached ruleset I ran sieve-filter like this: ~# sieve-filter -e -W -v -C -u userxyz at example.com /var/vmail/example.com/userxyz/sieve/duplicates.sieve 'INBOX' But sieve-filter complains like this: info: msgid=<1231321313212312312312 at p3enginer2.emv2.com>: left message in mailbox 'INBOX'. info: message kept in source mailbox. info: filtering: [Sun, 1 May 2011 16:41:46 +0100; 101297 bytes] `Cipo & Baxx, Nike Golf, Strenesse, al...'. roundcube2: line 3: warning: duplicate test: duplicate checking not available in this context. info: msgid=<1123123123123123 at p3enginer3.emv2.com>: left message in mailbox 'INBOX'. info: message kept in source mailbox. info: filtering: [Sun, 28 Oct 2012 11:32:56 +0100; 1416 bytes] `DenyHosts Report for example.com'. roundcube2: line 3: warning: duplicate test: duplicate checking not available in this context. Is there a way, to refilter an existing mailbox and applying the duplicate extension? Many thanks and best regards, Hendrik -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: mark_dupes.sieve URL: From arne at fish.in-berlin.de Fri Aug 26 12:25:32 2016 From: arne at fish.in-berlin.de (Arne Hoffmann) Date: Fri, 26 Aug 2016 14:25:32 +0200 Subject: lazy_expunge and public folder Message-ID: <20160826122532.GA24983@fish.in-berlin.de> Hi all, I stumbled upon the lazy_expunge plugin and thought that it might be useful in some cases. It works fine if I delete mails from my inbox. But it doesn't do anything if I deleted mails from a public folder (and for the server I am currently working on the public folder is _the_ _main_ _feature_). Does lazy_expunge not work with public folders? Or am I using it wrong? root at imap01 [~]# doveconf -n # 2.2.24 (a82c823): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.13 (7b14904) # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.5 ext4 auth_debug = yes auth_debug_passwords = yes debug_log_path = /var/log/mail.debug disable_plaintext_auth = no doveadm_password = # hidden, use -P to show it doveadm_port = 22001 mail_debug = yes mail_location = maildir:/var/mail/vmail/%d/%n/Maildir:INBOX=/var/mail/vmail/%d/%n/Maildir mail_plugins = " listescape lazy_expunge notify replication" mail_privileged_group = vmail namespace { location = maildir:/var/mail/vmail/?ffentliche Ordner:INDEXPVT=~/Maildir/?ffentliche Ordner mailbox "Gel?schte Elemente" { auto = subscribe special_use = \Trash } mailbox MirrorServer-Projekt { auto = subscribe } prefix = ?ffentliche Ordner/ separator = / subscriptions = no type = public } namespace { hidden = yes list = no location = maildir:~/Maildir/expunged prefix = .EXPUNGED/ separator = / } namespace inbox { inbox = yes location = prefix = separator = / type = private } passdb { args = /etc/dovecot/mysql.conf driver = sql } plugin { lazy_expunge = .EXPUNGED/ mail_replica = tcps:imap02.example.com } protocols = imap service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service doveadm { inet_listener { port = 22001 ssl = yes } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { group = vmail mode = 0660 } } ssl = required ssl_ca = Message-ID: Per Jessen wrote: > Spiro Angeli wrote: > >> Hi, >> I need help setting up properly mail clients for my email accounts >> running on dovecot ver 2.2.18 on CentOS release 6.8 (Final) in >> italian. I posted a forum thread where you can get all detail info: >> this for better reading. >> >> Forum thread subject: Help setting up IMAP account in Outlook 2016 >> Forum link: >> > http://www.emailquestions.com/threads/help-setting-up-imap-account-in-outloo >> k-2016.13439 >> >> I was advised to " ask dovecot list for help with the IMAP server. " >> > > Hi Spiro > > > IIRC, for a client accessing the same account in multiple languages > (English on the iPhone, Italian from Outlook etc), you need to map the > language-specific folder names to a single one. E.g. "Posta inviata" > to "Sent mail". Look at /etc/dovecot/conf.d/15-mailboxes.conf This is my 15-mailboxes.conf namespace inbox { inbox = yes mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Trash { special_use = \Trash } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } } -- Per Jessen, Z?rich (31.1?C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. From kamil.madac at gmail.com Fri Aug 26 17:51:59 2016 From: kamil.madac at gmail.com (Kamil Madac) Date: Fri, 26 Aug 2016 19:51:59 +0200 Subject: maildirsize not correct In-Reply-To: <0fc1e457-a767-4127-4761-a201810ae8ba@dovecot.fi> References: <57BCC803.7040709@carpenter.org> <0fc1e457-a767-4127-4761-a201810ae8ba@dovecot.fi> Message-ID: Hi Aki, No I do not use it. On Thu, Aug 25, 2016 at 7:32 AM, Aki Tuomi wrote: > Are you using quota_vsizes=yes? > > Aki > > On 24.08.2016 21:39, Kamil Madac wrote: > > Thanks, but this is most probably different issue. My maildirsize is > > computed incorrectly even if I delete it completely and let dovead > > recompute it so expunging is not in the game. > > > > Is there any way how to track/debug the recomputation algorithm in > dovecot? > > > > On Wed, Aug 24, 2016 at 12:02 AM, WJCarpenter < > bill-dovecot at carpenter.org> > > wrote: > > > >> A long shot, but here's how I experienced similar symptoms: > >> http://www.dovecot.org/list/dovecot/2016-April/104091.html > >> > >> > >> > >> Kamil Madac wrote on 08/23/2016 02:02 PM: > >> > >>> Hi, > >>> > >>> One of my email accounts has 1,5gb of emails in INBOX, but maildirsize > >>> shows only 528mb. 'du' also shows 1,5gb and there are 3809 files in cur > >>> directory. > >>> > >>> When I use mailbox status a can see correct values: > >>> > >>> doveadm -f table mailbox status -u user at domain.sk "messages vsize" > INBOX* > >>> messages > >>> vsize > >>> > >>> INBOX 3809 1521049349 > >>> > >>> but when I check the quotas with doveadm: > >>> > >>> doveadm quota get -u user at domain.sk > >>> Quota name Type Value > >>> Limit > >>> % > >>> User quota STORAGE 541391 > >>> 2048000 > >>> 26 > >>> User quota MESSAGE 886 > >>> - > >>> 0 > >>> > >>> I tried to delete maildirsize, but it was recalculated again > incorrectly. > >>> > >>> 2097152000S > >>> 554384829 886 > >>> > >>> Dovecot version is 2.2.9 installed from packages on Ubuntu 14.04 > >>> I have other accounts on server which are have no problems with > >>> maildirsize > >>> and quotas. Does anyone have same experience? > >>> > >>> Kamil > >>> > > > -- Kamil Madac From aki.tuomi at dovecot.fi Fri Aug 26 18:12:02 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Fri, 26 Aug 2016 21:12:02 +0300 Subject: maildirsize not correct Message-ID: Does it work if you do? ---Aki TuomiDovecot oy -------- Original message --------From: Kamil Madac Date: 26/08/2016 20:51 (GMT+02:00) To: Aki Tuomi Cc: dovecot at dovecot.org Subject: Re: maildirsize not correct Hi Aki, No I do not use it. On Thu, Aug 25, 2016 at 7:32 AM, Aki Tuomi wrote: Are you using quota_vsizes=yes? Aki On 24.08.2016 21:39, Kamil Madac wrote: > Thanks, but this is most probably different issue. My maildirsize is > computed incorrectly even if I delete it completely and let dovead > recompute it so expunging is not in the game. > > Is there any way how to track/debug the recomputation algorithm in dovecot? > > On Wed, Aug 24, 2016 at 12:02 AM, WJCarpenter > wrote: > >> A long shot, but here's how I experienced similar symptoms: >> http://www.dovecot.org/list/dovecot/2016-April/104091.html >> >> >> >> Kamil Madac wrote on 08/23/2016 02:02 PM: >> >>> Hi, >>> >>> One of my email accounts has 1,5gb of emails in INBOX, but maildirsize >>> shows only 528mb. 'du' also shows 1,5gb and there are 3809 files in cur >>> directory. >>> >>> When I use? mailbox status a can see correct values: >>> >>> doveadm -f table mailbox status -u user at domain.sk "messages vsize" INBOX* >>>? ?messages >>> vsize >>> >>> INBOX? ?3809? ? ?1521049349 >>> >>> but when I check the quotas with doveadm: >>> >>> doveadm quota get -u user at domain.sk >>> Quota name Type? ? ?Value >>> Limit >>> % >>> User quota STORAGE 541391 >>> 2048000 >>> 26 >>> User quota MESSAGE? ? 886 >>> - >>> 0 >>> >>> I tried to delete maildirsize, but it was recalculated again incorrectly. >>> >>> 2097152000S >>> 554384829 886 >>> >>> Dovecot version is 2.2.9 installed from packages on Ubuntu 14.04 >>> I have other accounts on server which are have no problems with >>> maildirsize >>> and quotas. Does anyone have same experience? >>> >>> Kamil >>> > -- Kamil Madac From stephan at rename-it.nl Fri Aug 26 19:38:09 2016 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 26 Aug 2016 21:38:09 +0200 Subject: sieve-filter with duplicate-extension In-Reply-To: <900a4ac7ff138ee46a91daf7d9550495@luecke-tieke.de> References: <900a4ac7ff138ee46a91daf7d9550495@luecke-tieke.de> Message-ID: <11519362-b651-9fe4-b0bd-8fe25fbe7a54@rename-it.nl> Op 8/25/2016 om 4:01 PM schreef hendrik at luecke-tieke.de: > Hi, > > i have imported a mailbox twice (accentially). Now i thought, it might > be a valid approach to simply use a custom sieve rule to mark > duplicates using the attached ruleset > > I ran sieve-filter like this: > > ~# sieve-filter -e -W -v -C -u userxyz at example.com > /var/vmail/example.com/userxyz/sieve/duplicates.sieve 'INBOX' > > > But sieve-filter complains like this: > > info: msgid=<1231321313212312312312 at p3enginer2.emv2.com>: left message > in mailbox 'INBOX'. > info: message kept in source mailbox. > info: filtering: [Sun, 1 May 2011 16:41:46 +0100; 101297 bytes] `Cipo > & Baxx, Nike Golf, Strenesse, al...'. > roundcube2: line 3: warning: duplicate test: duplicate checking not > available in this context. > info: msgid=<1123123123123123 at p3enginer3.emv2.com>: left message in > mailbox 'INBOX'. > info: message kept in source mailbox. > info: filtering: [Sun, 28 Oct 2012 11:32:56 +0100; 1416 bytes] > `DenyHosts Report for example.com'. > roundcube2: line 3: warning: duplicate test: duplicate checking not > available in this context. > > > Is there a way, to refilter an existing mailbox and applying the > duplicate extension? Not with the sieve-filter tool at this time. I guess you could use this hack: http://wiki2.dovecot.org/HowTo/RefilterMail Regards, Steph From kurt+dove at va1der.ca Sun Aug 28 02:33:52 2016 From: kurt+dove at va1der.ca (Kurt Fitzner) Date: Sat, 27 Aug 2016 23:33:52 -0300 Subject: Sub addressing delimiters In-Reply-To: <157b1344-cf72-c60e-62ff-f7a31a491867@libertytrek.org> References: <5e6fe5d039da2e423a351f69a71e4ce1@va1der.ca> <157b1344-cf72-c60e-62ff-f7a31a491867@libertytrek.org> Message-ID: On 2016-08-24 09:20, Tanstaafl wrote: > Objection: assumes facts not in evidence. > > This is the way it is supposed to work now in dovecot, so, either it is > now broken, was always broken ... or you are not doing it right. > > But we'd need to see your config to make that determination... How about source tree? I now present my case to the court. :) 1) The changelog: 2009-11-10 * src/lib-lda/lda-settings.c, src/lmtp/commands.c: recipient_delimiter: Allow multi-character delimiters. [0d659ac4656d] (taken from the change log in 2.2.13 since this entry is no longer visible in the change log in 2.2.13. There are no other relevant entries referencing recipient_delimiter in 2.2.25. This isn't a sure indication, but it seems to me to imply what the intention was. 2) rcpt_address_parse() in lmtp/commands.c domain = strchr(address, '@'); p = strstr(address, client->unexpanded_lda_set->recipient_delimiter); This function is looking for the domain separation with strchr(), but looking for the username and detail separation with strstr(). To treat recipient_delimiter as a list of single-character delimiters you can pick from, then you'd need to loop through recipient_delimiter and use strchr() for each character. 3) Right now I have recipient_delimiter set to + and it works. When I tried to set it to +_ to use either a plus or underscore, then sent test email to name_detail at domain.org it caused an error, but name+_detail at domain.org was delivered correctly. Reversing the order in dovecot's recipient_delimiter setting to _+ caused only name_+detail at domain.org to work in test emails. Switching to the behaviour where recipient_delimiter is treated as a list of usable delimiters might not be totally trivial. If you look in address_add_detail() in lmtp/commands.c you'll see why. This function is trying to recreate a complete email address from the recipient, the detail, and domain but since the delimiter that was used when the username/detail was split isn't saved, it simply uses the multi-character recipient_delimiter setting in its entirety. Kurt From dovecot at jl.wasmer.ca Sun Aug 28 21:43:48 2016 From: dovecot at jl.wasmer.ca (Jean-Luc Wasmer) Date: 28 Aug 2016 17:43:48 -0400 Subject: Dsync config help Message-ID: <7B55E762-6089-4269-B3DC-8FACB61F70FA@jl.wasmer.ca> Hi, I?m having a hard time with the?http://wiki2.dovecot.org/Replication ?page. - for a master-master setup, does the configuration need to be mirrored on both masters? - after aggregating unrelated sections of the wiki page, there seems to be 3 different values for ?mail_replica": - "remote?: for SSH - ?remoteprefix": for SSH wrapper - ?tcp?: for?TCP connection using the?Doveadm protocol Is this correct? - what?s the purpose of the?replicator VS?aggregator VS?doveadm services? Who talks to who? Where can I find documentation about their configuration (i.e. not examples) - most examples are for a single vmail user setup? what should be done when using system accounts? Thanks, Jean-Luc From kamil.madac at gmail.com Mon Aug 29 11:06:22 2016 From: kamil.madac at gmail.com (Kamil Madac) Date: Mon, 29 Aug 2016 13:06:22 +0200 Subject: maildirsize not correct In-Reply-To: References: Message-ID: I tried enable quota_vsizes, but again same wrong result. I then tried to install Ubuntu 16.04 on VM, where dovecot 2.2.22 (fe789d2) is in repositories. I rsynced user data to VMs. I deleted maildirsize, let doveadm recalc quota and finally and I have correct results: doveadm quota get -u user at domain.sk Quota name Type Value Limit % User quota STORAGE 2009709 2048000 98 User quota MESSAGE 4720 - 0 So it seems that quota recalculation is buggy in dovecot 2.2.9 On Fri, Aug 26, 2016 at 8:12 PM, Aki Tuomi wrote: > Does it work if you do? > > > > --- > Aki Tuomi > Dovecot oy > > -------- Original message -------- > From: Kamil Madac > Date: 26/08/2016 20:51 (GMT+02:00) > To: Aki Tuomi > Cc: dovecot at dovecot.org > Subject: Re: maildirsize not correct > > Hi Aki, > > No I do not use it. > > On Thu, Aug 25, 2016 at 7:32 AM, Aki Tuomi wrote: > >> Are you using quota_vsizes=yes? >> >> Aki >> >> On 24.08.2016 21:39, Kamil Madac wrote: >> > Thanks, but this is most probably different issue. My maildirsize is >> > computed incorrectly even if I delete it completely and let dovead >> > recompute it so expunging is not in the game. >> > >> > Is there any way how to track/debug the recomputation algorithm in >> dovecot? >> > >> > On Wed, Aug 24, 2016 at 12:02 AM, WJCarpenter < >> bill-dovecot at carpenter.org> >> > wrote: >> > >> >> A long shot, but here's how I experienced similar symptoms: >> >> http://www.dovecot.org/list/dovecot/2016-April/104091.html >> >> >> >> >> >> >> >> Kamil Madac wrote on 08/23/2016 02:02 PM: >> >> >> >>> Hi, >> >>> >> >>> One of my email accounts has 1,5gb of emails in INBOX, but maildirsize >> >>> shows only 528mb. 'du' also shows 1,5gb and there are 3809 files in >> cur >> >>> directory. >> >>> >> >>> When I use mailbox status a can see correct values: >> >>> >> >>> doveadm -f table mailbox status -u user at domain.sk "messages vsize" >> INBOX* >> >>> messages >> >>> vsize >> >>> >> >>> INBOX 3809 1521049349 >> >>> >> >>> but when I check the quotas with doveadm: >> >>> >> >>> doveadm quota get -u user at domain.sk >> >>> Quota name Type Value >> >>> Limit >> >>> % >> >>> User quota STORAGE 541391 >> >>> 2048000 >> >>> 26 >> >>> User quota MESSAGE 886 >> >>> - >> >>> 0 >> >>> >> >>> I tried to delete maildirsize, but it was recalculated again >> incorrectly. >> >>> >> >>> 2097152000S >> >>> 554384829 886 >> >>> >> >>> Dovecot version is 2.2.9 installed from packages on Ubuntu 14.04 >> >>> I have other accounts on server which are have no problems with >> >>> maildirsize >> >>> and quotas. Does anyone have same experience? >> >>> >> >>> Kamil >> >>> >> > >> > > > > -- > Kamil Madac > -- Kamil Madac From piper at hrz.uni-marburg.de Mon Aug 29 12:00:24 2016 From: piper at hrz.uni-marburg.de (Piper Andreas) Date: Mon, 29 Aug 2016 14:00:24 +0200 Subject: 2.2.25 dumps core with "Panic: file imap-client.c: line 837 (client_check_command_hangs): assertion failed: (client->io != NULL)" Message-ID: Hello, Dovecot 2.2.25 OS: Solaris 11 (SunOS 5.11 11.3 i86pc i386 i86pc) Virtualization: VMware Filesystem: ZFS active users: ~4000 About once a day Dovecot crashes with "Panic: file imap-client.c: line 837 (client_check_command_hangs): assertion failed: (client->io != NULL)" The log shows in each case: Aug 29 12:59:00 surz113 dovecot: [ID 583609 mail.crit] imap(username): Panic: file imap-client.c: line 837 (client_check_command_hangs): assertion failed: (client->io != NULL) Aug 29 12:59:00 surz113 dovecot: [ID 583609 mail.error] imap(username): Error: Raw backtrace: 0xffff80ffb6f3d88d -> 0xffff80ffb6f6ae82 -> 0x41eba0 -> 0x41ecf3 -> 0xffff80ffb6f5d248 -> 0xffff80ffb6f50d2f -> 0xffff80ffb6f519e0 -> 0xffff80ffb6f50dce -> 0xffff80ffb6f50f90 -> 0xffff80ffb6ee3ebb -> 0x42f169 -> 0x41292c Aug 29 12:59:00 surz113 dovecot: [ID 583609 mail.crit] imap(username): Fatal: master: service(imap): child 1461 killed with signal 6 (core not dumped - set service imap { drop_priv_before_exec=yes }) It happens with different users, all with mailbox-sizes of 9 to 17 GByte. The server stops completely for all users with this Panic and is then restarted automatically from Solaris Service Management. Find attached the output of 'doveconf -n'. Please let me know, if you need any more infos. Thanks for any help on this issue, Andreas, postmaster at uni-marburg.de -------------- next part -------------- # 2.2.25 (f5ac02c): /etc/opt/csw/dovecot/dovecot.conf # OS: SunOS 5.11 i86pc auth_cache_negative_ttl = 0 auth_cache_size = 10 M auth_master_user_separator = * auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_ auth_username_format = %u auth_worker_max_count = 1024 base_dir = /var/run/dovecot/ default_vsz_limit = 2 G first_valid_gid = 30000 first_valid_uid = 30000 mail_location = maildir:%h/.maildir mail_plugins = " mail_log notify" mail_privileged_group = mail namespace { hidden = no inbox = yes list = yes location = maildir:%h/.maildir prefix = separator = / subscriptions = yes type = private } namespace inbox { hidden = yes inbox = no list = no location = maildir:%h/.maildir prefix = mail/ separator = / subscriptions = no type = private } passdb { args = /etc/dovecot.deny deny = yes driver = passwd-file } passdb { args = driver = passwd-file master = yes } passdb { args = blocking=yes cache_key=%u%s * driver = pam } pop3_uidl_format = %08Xv%08Xu postmaster_address = postmaster at staff.uni-marburg.de protocols = imap pop3 service auth-worker { user = $default_internal_user } service auth { client_limit = 6000 } service imap-login { process_min_avail = 64 service_count = 0 } service imap { process_limit = 6000 } ssl_cert = From aki.tuomi at dovecot.fi Mon Aug 29 12:50:41 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 29 Aug 2016 15:50:41 +0300 Subject: 2.2.25 dumps core with "Panic: file imap-client.c: line 837 (client_check_command_hangs): assertion failed: (client->io != NULL)" In-Reply-To: References: Message-ID: <08957f10-b7b2-c336-4fe2-f4c720d856ba@dovecot.fi> On 29.08.2016 15:00, Piper Andreas wrote: > Hello, > > Dovecot 2.2.25 > OS: Solaris 11 (SunOS 5.11 11.3 i86pc i386 i86pc) > Virtualization: VMware > Filesystem: ZFS > active users: ~4000 > > About once a day Dovecot crashes with > "Panic: file imap-client.c: line 837 (client_check_command_hangs): > assertion failed: (client->io != NULL)" > > The log shows in each case: > > Aug 29 12:59:00 surz113 dovecot: [ID 583609 mail.crit] imap(username): > Panic: file imap-client.c: line 837 (client_check_command_hangs): > assertion failed: (client->io != NULL) > Aug 29 12:59:00 surz113 dovecot: [ID 583609 mail.error] imap(username): > Error: Raw backtrace: 0xffff80ffb6f3d88d -> 0xffff80ffb6f6ae82 -> > 0x41eba0 -> 0x41ecf3 -> 0xffff80ffb6f5d248 -> 0xffff80ffb6f50d2f -> > 0xffff80ffb6f519e0 -> 0xffff80ffb6f50dce -> 0xffff80ffb6f50f90 -> > 0xffff80ffb6ee3ebb -> 0x42f169 -> 0x41292c > Aug 29 12:59:00 surz113 dovecot: [ID 583609 mail.crit] imap(username): > Fatal: master: service(imap): child 1461 killed with signal 6 (core not > dumped - set service imap { drop_priv_before_exec=yes }) > > It happens with different users, all with mailbox-sizes of 9 to 17 > GByte. The server stops completely for all users with this Panic and is > then restarted automatically from Solaris Service Management. > > Find attached the output of 'doveconf -n'. > > Please let me know, if you need any more infos. > > Thanks for any help on this issue, > Andreas, postmaster at uni-marburg.de Hi! Thank you for your report, we are looking into this. Aki Tuomi Dovecot oy From scottwsx96 at gmail.com Mon Aug 29 19:40:41 2016 From: scottwsx96 at gmail.com (Scott W. Sander) Date: Mon, 29 Aug 2016 19:40:41 +0000 Subject: Automatic purging of old email in all mailboxes Message-ID: I am using a postfix + Dovecot server as a test mail server for which some applications in our test environment use as a target to deliver email so that our real endusers don't receive messages from our test servers. A few of the mailboxes in Dovecot receive hundreds of emails per day. I'd like to automatically remove all emails in all mailboxes and mailbox folders that were received more than 90 days prior to the received date. As I'm a novice Dovecot administrator, I'm not exactly sure what the best way to accomplish this is, but I've started looking at the "doveadm expunge" command. I figure I could create a cron job that calls this command with the -A switch and that has a search query that finds all emails older than 90 days. I'm aware that I can test my query by using the "doveadm search" command. The problem is that when I do any sort of search query with that command (e.g. "doveadm search -A NEW"), I receive the following error messages: Error: User listing returned failure doveadm: Error: Failed to iterate through some users I've searched for help with this error, but most of the guidance I'm seeing refers to making sure that dovecot-sql is configured correctly; however, I'm using "passwd-file" for the passdb and not a true database. Here is doveconf -n: ------- # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.13 (7b14904) # OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS ext4 auth_mechanisms = plain login hostname = mail.domain.test info_log_path = /var/log/dovecot.log log_path = /var/log/dovecot.log mail_location = maildir:/var/mail/vhosts/%d/%n namespace inbox { inbox = yes location = mailbox "Deleted Items" { special_use = \Trash } mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox "Junk E-Mail" { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Items" { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users driver = passwd-file } protocols = " imap lmtp pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3s { port = 995 ssl = yes } } ssl = required ssl_cert = References: Message-ID: <20160829194737.GA22097@coach.home> On Mon, Aug 29, 2016 at 07:40:41PM +0000, Scott W. Sander wrote: > I am using a postfix + Dovecot server as a test mail server for which some > applications in our test environment use as a target to deliver email so > that our real endusers don't receive messages from our test servers. > > A few of the mailboxes in Dovecot receive hundreds of emails per day. I'd > like to automatically remove all emails in all mailboxes and mailbox > folders that were received more than 90 days prior to the received date. > As I'm a novice Dovecot administrator, I'm not exactly sure what the best > way to accomplish this is, but I've started looking at the "doveadm > expunge" command. I figure I could create a cron job that calls this > command with the -A switch and that has a search query that finds all > emails older than 90 days. > > I'm aware that I can test my query by using the "doveadm search" command. > The problem is that when I do any sort of search query with that command > (e.g. "doveadm search -A NEW"), I receive the following error messages: > > Error: User listing returned failure > doveadm: Error: Failed to iterate through some users > > I've searched for help with this error, but most of the guidance I'm seeing > refers to making sure that dovecot-sql is configured correctly; however, > I'm using "passwd-file" for the passdb and not a true database. Since you're using maildirs as the storage backend, it might be easier to just write a small script in the language of your preference (bash, python, perl, etc.) that walks the directory tree and deletes files based on their mtime. I personally use a python script to delete messages that have been in my trash folder for more than 30 days, and it works very well. --Sean From edgar at pettijohn-web.com Mon Aug 29 19:51:04 2016 From: edgar at pettijohn-web.com (Edgar Pettijohn) Date: Mon, 29 Aug 2016 14:51:04 -0500 Subject: Automatic purging of old email in all mailboxes In-Reply-To: References: Message-ID: <4896C8E8-07D7-4CFD-88EF-9CA05EF8A423@pettijohn-web.com> http://wiki.dovecot.org/MailboxSettings I just started using auto expunge so can't tell you how well it works, but it's worth a look. Sent from my iPhone > On Aug 29, 2016, at 2:40 PM, Scott W. Sander wrote: > > I am using a postfix + Dovecot server as a test mail server for which some > applications in our test environment use as a target to deliver email so > that our real endusers don't receive messages from our test servers. > > A few of the mailboxes in Dovecot receive hundreds of emails per day. I'd > like to automatically remove all emails in all mailboxes and mailbox > folders that were received more than 90 days prior to the received date. > As I'm a novice Dovecot administrator, I'm not exactly sure what the best > way to accomplish this is, but I've started looking at the "doveadm > expunge" command. I figure I could create a cron job that calls this > command with the -A switch and that has a search query that finds all > emails older than 90 days. > > I'm aware that I can test my query by using the "doveadm search" command. > The problem is that when I do any sort of search query with that command > (e.g. "doveadm search -A NEW"), I receive the following error messages: > > Error: User listing returned failure > doveadm: Error: Failed to iterate through some users > > I've searched for help with this error, but most of the guidance I'm seeing > refers to making sure that dovecot-sql is configured correctly; however, > I'm using "passwd-file" for the passdb and not a true database. > > Here is doveconf -n: > > ------- > > # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.13 (7b14904) > # OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS ext4 > auth_mechanisms = plain login > hostname = mail.domain.test > info_log_path = /var/log/dovecot.log > log_path = /var/log/dovecot.log > mail_location = maildir:/var/mail/vhosts/%d/%n > namespace inbox { > inbox = yes > location = > mailbox "Deleted Items" { > special_use = \Trash > } > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox "Junk E-Mail" { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Items" { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users > driver = passwd-file > } > protocols = " imap lmtp pop3" > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > } > service imap-login { > inet_listener imaps { > port = 993 > ssl = yes > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service pop3-login { > inet_listener pop3s { > port = 995 > ssl = yes > } > } > ssl = required > ssl_cert = ssl_key = userdb { > args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n > driver = static > } > > ------- > > Thank you in advance! From ml+dovecot at valo.at Mon Aug 29 20:12:53 2016 From: ml+dovecot at valo.at (Christian Kivalo) Date: Mon, 29 Aug 2016 22:12:53 +0200 Subject: Automatic purging of old email in all mailboxes In-Reply-To: References: Message-ID: <3274aa54478089c43ab551f57e4c6c5d@valo.at> On 2016-08-29 21:40, Scott W. Sander wrote: > I am using a postfix + Dovecot server as a test mail server for which > some > applications in our test environment use as a target to deliver email > so > that our real endusers don't receive messages from our test servers. > > A few of the mailboxes in Dovecot receive hundreds of emails per day. > I'd > like to automatically remove all emails in all mailboxes and mailbox > folders that were received more than 90 days prior to the received > date. > As I'm a novice Dovecot administrator, I'm not exactly sure what the > best > way to accomplish this is, but I've started looking at the "doveadm > expunge" command. I figure I could create a cron job that calls this > command with the -A switch and that has a search query that finds all > emails older than 90 days. > > I'm aware that I can test my query by using the "doveadm search" > command. > The problem is that when I do any sort of search query with that > command > (e.g. "doveadm search -A NEW"), I receive the following error messages: > > Error: User listing returned failure > doveadm: Error: Failed to iterate through some users > You have to switch your userdb to something else than static, passwd-file for example http://wiki2.dovecot.org/AuthDatabase/PasswdFile > I've searched for help with this error, but most of the guidance I'm > seeing > refers to making sure that dovecot-sql is configured correctly; > however, > I'm using "passwd-file" for the passdb and not a true database. > there is the expire plugin http://wiki2.dovecot.org/Plugins/Expire > Here is doveconf -n: > > ------- > > # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.13 (7b14904) > # OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS ext4 > auth_mechanisms = plain login > hostname = mail.domain.test > info_log_path = /var/log/dovecot.log > log_path = /var/log/dovecot.log > mail_location = maildir:/var/mail/vhosts/%d/%n > namespace inbox { > inbox = yes > location = > mailbox "Deleted Items" { > special_use = \Trash > } > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox "Junk E-Mail" { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Items" { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users > driver = passwd-file > } > protocols = " imap lmtp pop3" > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > } > service imap-login { > inet_listener imaps { > port = 993 > ssl = yes > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service pop3-login { > inet_listener pop3s { > port = 995 > ssl = yes > } > } > ssl = required > ssl_cert = ssl_key = userdb { > args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n > driver = static > } > > ------- > > Thank you in advance! -- Christian Kivalo From jtam.home at gmail.com Mon Aug 29 20:13:18 2016 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 29 Aug 2016 13:13:18 -0700 (PDT) Subject: Automatic purging of old email in all mailboxes In-Reply-To: References: Message-ID: "Scott W. Sander" writes: > A few of the mailboxes in Dovecot receive hundreds of emails per day. I'd > like to automatically remove all emails in all mailboxes and mailbox > folders that were received more than 90 days prior to the received date. > As I'm a novice Dovecot administrator, I'm not exactly sure what the best > way to accomplish this is, but I've started looking at the "doveadm > expunge" command. I figure I could create a cron job that calls this > command with the -A switch and that has a search query that finds all > emails older than 90 days. That more of less what I do. doveadm expunge -A mailbox INBOX savedbefore 7d > Error: User listing returned failure > doveadm: Error: Failed to iterate through some users I think this may be avoided (or made into warnings) if you bracket all user UID ranges with first_valid_uid = {first user uid} last_valid_uid = {last user uid} Sean Greenslade then writes: > Since you're using maildirs as the storage backend, it might be easier > to just write a small script in the language of your preference (bash, > python, perl, etc.) that walks the directory tree and deletes files > based on their mtime. The downside is that the Dovecot caches will be out of date. Perhaps follow this up with a "doveadm index ..." operation. Joseph Tam From scottwsx96 at gmail.com Mon Aug 29 20:29:01 2016 From: scottwsx96 at gmail.com (Scott W. Sander) Date: Mon, 29 Aug 2016 20:29:01 +0000 Subject: Automatic purging of old email in all mailboxes In-Reply-To: References: Message-ID: I used this guide as the starting point for this postfix + Dovecot server: http://www.binarytides.com/install-postfix-dovecot-debian/. My /etc/dovecot/dovecot-users passwd-file only has username:password (as mentioned in that article) and my userdb driver is static as laid out in the article as well. Therefore I do not have uid's. As far as changing the userdb driver from static to passwd-file, I'm not sure what the consequence of that would be for my existing mailboxes or my Dovecot implementation in general. Everything I needed thus far is working, I just want to add clearing out old email automatically. On Mon, Aug 29, 2016 at 4:13 PM Joseph Tam wrote: > "Scott W. Sander" writes: > > > A few of the mailboxes in Dovecot receive hundreds of emails per day. > I'd > > like to automatically remove all emails in all mailboxes and mailbox > > folders that were received more than 90 days prior to the received date. > > As I'm a novice Dovecot administrator, I'm not exactly sure what the best > > way to accomplish this is, but I've started looking at the "doveadm > > expunge" command. I figure I could create a cron job that calls this > > command with the -A switch and that has a search query that finds all > > emails older than 90 days. > > That more of less what I do. > > doveadm expunge -A mailbox INBOX savedbefore 7d > > > Error: User listing returned failure > > doveadm: Error: Failed to iterate through some users > > I think this may be avoided (or made into warnings) if you bracket all > user UID ranges with > > first_valid_uid = {first user uid} > last_valid_uid = {last user uid} > > Sean Greenslade then writes: > > > Since you're using maildirs as the storage backend, it might be easier > > to just write a small script in the language of your preference (bash, > > python, perl, etc.) that walks the directory tree and deletes files > > based on their mtime. > > The downside is that the Dovecot caches will be out of date. Perhaps > follow this up with a "doveadm index ..." operation. > > Joseph Tam > From edgar at pettijohn-web.com Mon Aug 29 22:18:58 2016 From: edgar at pettijohn-web.com (Edgar Pettijohn) Date: Mon, 29 Aug 2016 17:18:58 -0500 Subject: Automatic purging of old email in all mailboxes In-Reply-To: References: Message-ID: Sent from my iPhone > On Aug 29, 2016, at 3:29 PM, Scott W. Sander wrote: > > I used this guide as the starting point for this postfix + Dovecot server: > http://www.binarytides.com/install-postfix-dovecot-debian/. > > My /etc/dovecot/dovecot-users passwd-file only has username:password (as > mentioned in that article) and my userdb driver is static as laid out in > the article as well. Therefore I do not have uid's. > > As far as changing the userdb driver from static to passwd-file, I'm not > sure what the consequence of that would be for my existing mailboxes or my > Dovecot implementation in general. Everything I needed thus far is > working, I just want to add clearing out old email automatically. > > >> On Mon, Aug 29, 2016 at 4:13 PM Joseph Tam wrote: >> >> "Scott W. Sander" writes: >> >>> A few of the mailboxes in Dovecot receive hundreds of emails per day. >> I'd >>> like to automatically remove all emails in all mailboxes and mailbox >>> folders that were received more than 90 days prior to the received date. >>> As I'm a novice Dovecot administrator, I'm not exactly sure what the best >>> way to accomplish this is, but I've started looking at the "doveadm >>> expunge" command. I figure I could create a cron job that calls this >>> command with the -A switch and that has a search query that finds all >>> emails older than 90 days. >> >> That more of less what I do. >> >> doveadm expunge -A mailbox INBOX savedbefore 7d Cron >> >>> Error: User listing returned failure >>> doveadm: Error: Failed to iterate through some users >> >> I think this may be avoided (or made into warnings) if you bracket all >> user UID ranges with >> >> first_valid_uid = {first user uid} >> last_valid_uid = {last user uid} >> >> Sean Greenslade then writes: >> >>> Since you're using maildirs as the storage backend, it might be easier >>> to just write a small script in the language of your preference (bash, >>> python, perl, etc.) that walks the directory tree and deletes files >>> based on their mtime. >> >> The downside is that the Dovecot caches will be out of date. Perhaps >> follow this up with a "doveadm index ..." operation. >> >> Joseph Tam >> From robmbrooks at gmail.com Fri Aug 26 18:45:08 2016 From: robmbrooks at gmail.com (Robert Brooks) Date: Fri, 26 Aug 2016 11:45:08 -0700 Subject: quota-status service rejecting plus addressed recipients Message-ID: Hi, I have "recipient_delimiter = +" set in my Dovecot config, however the Dovecot quota-status service is rejecting with "Unknown user" plus addressed recipients. Talking to the policy server we have... # telnet localhost 12340 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > recipient=user at example.com > > action=OK > > recipient=user+foo at example.com > > action=REJECT Unknown user > I can mask the issue with "quota_status_nouser = DUNNO", but then over quota messages are not rejected when plus addressed. quota-status service config is... service quota-status { > executable = quota-status -p postfix > inet_listener { > address = localhost > port = 12340 > # You can choose any port you want > } > client_limit = 1 > } > Regards, Rob From tss at iki.fi Tue Aug 30 01:52:20 2016 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2016 15:52:20 -1000 Subject: Sub addressing delimiters In-Reply-To: <5e6fe5d039da2e423a351f69a71e4ce1@va1der.ca> References: <5e6fe5d039da2e423a351f69a71e4ce1@va1der.ca> Message-ID: <0129F039-1BD4-4605-B328-A6F6716E65C7@iki.fi> On 23 Aug 2016, at 10:42, Kurt Fitzner wrote: > > Hello, > > There is a disconnect between the way Postfix handles recipient_delimiter and the way Dovecot handles it. For Postfix, it is a set of delimiters that can each individually be used to separate the address from the . In Dovecot, having multiple characters in recipient_delimiters simply makes it a multi-character single delimiter. > > For my purposes, the Postfix method is much more versatile. Extra delimiters can be added without breaking the way users currently have delimiters. > > I am wondering what the odds are of reconciling the two approaches, hopefully in favour of the Postfix one. Failing a switch to the other behaviour, is it possible to add the Postfix method as an option? Would a patch for either of these be accepted? For v2.3 (maybe early next year): https://git.dovecot.net/dovecot/core/commit/972c9172e9e6a0fc6053efb3d2ee9d354b67727f From tss at iki.fi Tue Aug 30 01:58:16 2016 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2016 15:58:16 -1000 Subject: 2.2.25 dumps core with "Panic: file imap-client.c: line 837 (client_check_command_hangs): assertion failed: (client->io != NULL)" In-Reply-To: References: Message-ID: <4B7FEE71-3EEB-4110-8EA3-01549750512D@iki.fi> On 29 Aug 2016, at 02:00, Piper Andreas wrote: > > Hello, > > Dovecot 2.2.25 .. > About once a day Dovecot crashes with > "Panic: file imap-client.c: line 837 (client_check_command_hangs): > assertion failed: (client->io != NULL)" I fixed one such crash in git master branch, but it was never in 2.2.25.. > Find attached the output of 'doveconf -n'. .. > # 2.2.25 (f5ac02c): /etc/opt/csw/dovecot/dovecot.conf What is this version? 2.2.25 release had 7be1766. I can't find any such commit hash from git. From tamas at numex.hu Tue Aug 30 05:06:45 2016 From: tamas at numex.hu (=?ISO-8859-1?Q?Stef=E1n_Tam=E1s?=) Date: Tue, 30 Aug 2016 07:06:45 +0200 Subject: Automatic purging of old email in all mailboxes In-Reply-To: References: Message-ID: <1472533605.3135.4.camel@orion> 2016. 08. 29, h?tf? keltez?ssel 19.40-kor Scott W. Sander ezt ?rta: > userdb { > args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n > driver = static > } Use passwd-file driver to get iteration working. The static driver is can not be used for iteration. -- ?dv?zlettel Stef?n Tam?s --------------------------------- domain > email > web >>> siker Numex Informatika Kft. Mobil: +36 20 956 0233, Tel: +36 1 205 3915, Fax: +36 1 203 6037 http://numex.hu From piper at hrz.uni-marburg.de Tue Aug 30 06:32:32 2016 From: piper at hrz.uni-marburg.de (Piper Andreas) Date: Tue, 30 Aug 2016 08:32:32 +0200 Subject: 2.2.25 dumps core with "Panic: file imap-client.c: line 837 (client_check_command_hangs): assertion failed: (client->io != NULL)" In-Reply-To: <4B7FEE71-3EEB-4110-8EA3-01549750512D@iki.fi> References: <4B7FEE71-3EEB-4110-8EA3-01549750512D@iki.fi> Message-ID: <9a0f256f-5232-2267-288a-a6c16ca0965c@hrz.uni-marburg.de> Hello Timo, > >> Find attached the output of 'doveconf -n'. > .. >> # 2.2.25 (f5ac02c): /etc/opt/csw/dovecot/dovecot.conf > > What is this version? 2.2.25 release had 7be1766. I can't find any such commit hash from git. > This is the dovecot-package from OpenCSW: https://www.opencsw.org/packages/CSWdovecot/ I have no idea, if these guys apply any changes to the code, but I'll ask the maintainer. Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5176 bytes Desc: S/MIME Cryptographic Signature URL: From gandalf.corvotempesta at gmail.com Tue Aug 30 07:44:45 2016 From: gandalf.corvotempesta at gmail.com (Gandalf Corvotempesta) Date: Tue, 30 Aug 2016 09:44:45 +0200 Subject: Move dovecot between servers Message-ID: Hi to all I have a very old dovecot server (1.2.15) with about 195GB used and 1081 email accounts. I have to move this server to another one with contextual dovecot upgrade. Anyone did this before? Any advice? Obviously, existing emails *must not* be downloaded twice by existing clients (outlook, thunderbird, ...) I have no access to customer's clients, only to my server. From aki.tuomi at dovecot.fi Tue Aug 30 08:49:33 2016 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 30 Aug 2016 11:49:33 +0300 Subject: Move dovecot between servers In-Reply-To: References: Message-ID: On 30.08.2016 10:44, Gandalf Corvotempesta wrote: > Hi to all > I have a very old dovecot server (1.2.15) with about 195GB used and > 1081 email accounts. > I have to move this server to another one with contextual dovecot upgrade. > > Anyone did this before? Any advice? Obviously, existing emails *must > not* be downloaded twice by existing clients (outlook, thunderbird, > ...) > > I have no access to customer's clients, only to my server. Hi! See http://wiki2.dovecot.org/Upgrading Aki Tuomi Dovecot oy From gandalf.corvotempesta at gmail.com Tue Aug 30 09:53:43 2016 From: gandalf.corvotempesta at gmail.com (Gandalf Corvotempesta) Date: Tue, 30 Aug 2016 11:53:43 +0200 Subject: Move dovecot between servers In-Reply-To: References: Message-ID: 2016-08-30 10:49 GMT+02:00 Aki Tuomi : > Hi! > > See http://wiki2.dovecot.org/Upgrading I know this guide but last time i had to upgrade between 1.2 to 2.0 it was totally a mess, as doveconf -n -c /etc/dovecot/dovecot.conf > dovecot-2.conf didn't output anything. additionally, this is for upgrading, but what about mailbox migration (via rsync)? Dovecout would preserve the UID and anything else to avoid a new download on clients? From adrian.minta at gmail.com Tue Aug 30 11:59:05 2016 From: adrian.minta at gmail.com (Adrian M) Date: Tue, 30 Aug 2016 14:59:05 +0300 Subject: Last Login Plugin with mysql Message-ID: Hello, is it possible to use Last Login Plugin with mysql instead of redis ? http://wiki2.dovecot.org/Plugins/LastLogin .-- Best regards, Adrian Minta From bytesplit at gmail.com Tue Aug 30 12:14:30 2016 From: bytesplit at gmail.com (Philon) Date: Tue, 30 Aug 2016 14:14:30 +0200 Subject: Last Login Plugin with mysql In-Reply-To: References: Message-ID: Hi Adrian it seems likely that what?s documented on the page you refer to just works? in the configured >>dictionary<< Am 30.08.2016 um 13:59 schrieb Adrian M : > > Hello, > is it possible to use Last Login Plugin with mysql instead of redis ? > http://wiki2.dovecot.org/Plugins/LastLogin > > .-- > Best regards, > Adrian Minta From news at mefox.org Tue Aug 30 12:41:15 2016 From: news at mefox.org (Michael Fox) Date: Tue, 30 Aug 2016 05:41:15 -0700 Subject: autoexpunge clarification Message-ID: <005a01d202bb$cc722be0$655683a0$@mefox.org> I'm trying to understand autoexpunge, but the documentation is just not clear. Hopefully, someone can clear up a few questions. http://wiki.dovecot.org/MailboxSettings says the following: autoexpunge=