From tanstaafl at libertytrek.org Sun Jan 1 21:10:44 2017 From: tanstaafl at libertytrek.org (Charles Marcus) Date: Sun, 01 Jan 2017 16:10:44 -0500 Subject: two listeners with different "driver = " configs In-Reply-To: References: <9355de41-083c-5e1a-0292-bf09957b07c2@merit.unu.edu> Message-ID: Or. maybe it is the holidays and people actually have a life? On December 31, 2016 4:38:53 AM EST, mj wrote: >Hi, > >Does the lack of replies mean that what I'm asking is not possible? > >(or am I missing something SO obvious that nobody bothers to point it >out..?) > >MJ > >On 12/29/2016 09:23 PM, mj wrote: >> Hi, >> >> I would like to have two seperate imap listeners, with different >> authentication settings, but the mailstore and userbase etc will be >> identical. >> >> I know I can do this: >> >>> service imap-login { >>> inet_listener imap { >>> port = 143 >>> } >>> inet_listener imap2 { >>> port = 144 >>> } >>> } >> >> But I'm unsure how to configure imap/143 with "driver = ldap" and >> imap2/144 with "driver = pam" >> >> Just to explain why i would like this: >> >> I am using pam-script-saml (https://github.com/ck-ws/pam-script-saml) >to >> enable saml-based access to dovecot. I would like to have one >listener >> 144 to only serve this saml authentication listener, and the regular >143 >> listener with driver = ldap. >> >> Is that config possible? >> >> Best regards, >> MJ -- Sent from my Android device with K-9 Mail. Please excuse my brevity. From mcguire at neurotica.com Sun Jan 1 21:20:45 2017 From: mcguire at neurotica.com (Dave McGuire) Date: Sun, 1 Jan 2017 16:20:45 -0500 Subject: two listeners with different "driver = " configs In-Reply-To: References: <9355de41-083c-5e1a-0292-bf09957b07c2@merit.unu.edu> Message-ID: <7d39e386-44f7-5d1c-29d0-63d474209d5d@neurotica.com> An elderly neighbor used to say crap like that to me every now and then. On one particular occasion, I pointed out that I had conversed with more than a dozen friends in half a dozen countries before breakfast that day. He doesn't say that anymore. -Dave On 01/01/2017 04:10 PM, Charles Marcus wrote: > Or. maybe it is the holidays and people actually have a life? > > On December 31, 2016 4:38:53 AM EST, mj wrote: >> Hi, >> >> Does the lack of replies mean that what I'm asking is not possible? >> >> (or am I missing something SO obvious that nobody bothers to point it >> out..?) >> >> MJ >> >> On 12/29/2016 09:23 PM, mj wrote: >>> Hi, >>> >>> I would like to have two seperate imap listeners, with different >>> authentication settings, but the mailstore and userbase etc will be >>> identical. >>> >>> I know I can do this: >>> >>>> service imap-login { >>>> inet_listener imap { >>>> port = 143 >>>> } >>>> inet_listener imap2 { >>>> port = 144 >>>> } >>>> } >>> >>> But I'm unsure how to configure imap/143 with "driver = ldap" and >>> imap2/144 with "driver = pam" >>> >>> Just to explain why i would like this: >>> >>> I am using pam-script-saml (https://github.com/ck-ws/pam-script-saml) >> to >>> enable saml-based access to dovecot. I would like to have one >> listener >>> 144 to only serve this saml authentication listener, and the regular >> 143 >>> listener with driver = ldap. >>> >>> Is that config possible? >>> >>> Best regards, >>> MJ > -- Dave McGuire, AK4HZ New Kensington, PA From lists at merit.unu.edu Mon Jan 2 10:52:25 2017 From: lists at merit.unu.edu (mj) Date: Mon, 2 Jan 2017 11:52:25 +0100 Subject: two listeners with different "driver = " configs In-Reply-To: References: <9355de41-083c-5e1a-0292-bf09957b07c2@merit.unu.edu> Message-ID: <74e2a022-58e8-f81a-8fcc-c4a60be53900@merit.unu.edu> On 01/01/2017 10:10 PM, Charles Marcus wrote: > Or. maybe it is the holidays and people actually have a life? I was just trying to make sure (after patiently waiting two days) that I wasn't missing some config option obvious to everyone except me. And a propos holidays: Happy new year to everybody :-) (and thanks Aki Tuomi for your relies) MJ From gjn at gjn.priv.at Mon Jan 2 12:53:03 2017 From: gjn at gjn.priv.at (=?ISO-8859-1?Q?G=FCnther_J=2E?= Niederwimmer) Date: Mon, 02 Jan 2017 13:53:03 +0100 Subject: dovecot and sssd Message-ID: <1545768.bDVy3tWjEX@techz> Hello, is there a way to configure dovecot over sssd ? like driver = sss Thanks for a answer, -- mit freundlichen Gr?ssen / best regards G?nther J. Niederwimmer From aki.tuomi at dovecot.fi Mon Jan 2 13:03:50 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 2 Jan 2017 15:03:50 +0200 Subject: dovecot and sssd In-Reply-To: <1545768.bDVy3tWjEX@techz> References: <1545768.bDVy3tWjEX@techz> Message-ID: On 02.01.2017 14:53, G?nther J. Niederwimmer wrote: > Hello, > > is there a way to configure dovecot over sssd ? > > like > > driver = sss > > Thanks for a answer, There is no direct support, but you can use pam. Aki From look at my.amazin.horse Mon Jan 2 14:23:37 2017 From: look at my.amazin.horse (Vincent Breitmoser) Date: Mon, 2 Jan 2017 15:23:37 +0100 Subject: differential SETACL silently fails if no vfile exists Message-ID: <20170102142337.bnjr7gmj2mid3xap@calamity> In version 2.2.13, with `acl = vfile`, setting a differential ACL permission doesn't work if there are no permissions set yet. Example IMAP log: b1 GETACL test * ACL test valodim lrwstipekxacd b1 OK Getacl completed. b2 SETACL test valodim -l b2 OK Setacl complete. b3 GETACL test * ACL test valodim lrwstipekxacd b3 OK Getacl completed. My expectation was that the file would be created with default permissions, and the requested change then applied. However, no acl permission is set and no vfile is created for this mailbox in the process. This does work as expected (and a file is created) if I set a non-differential ACL first: b4 SETACL test valodim lrwstipekxacd b4 OK Setacl complete. b5 GETACL test * ACL test valodim akxeilprwtscd b5 OK Getacl completed. b6 SETACL test valodim -l b6 OK Setacl complete. b7 GETACL test * ACL test valodim akxeiprwtscd b7 OK Getacl completed. - V From soltys at ziu.info Mon Jan 2 15:58:11 2017 From: soltys at ziu.info (Michal Soltys) Date: Mon, 2 Jan 2017 16:58:11 +0100 Subject: multiple shared/mail format namespaces Message-ID: <153f77a7-9dcd-e080-f29e-0189059a694c@ziu.info> Hi, Are configurations (with separate formats per namespace) - such as ... namespace { type = shared list = children inbox = no separator = / subscriptions = no prefix = shared1/%%n/ location = maildir:/var/mail1/%%n/ } namespace { type = shared list = children inbox = no separator = / subscriptions = no prefix = shared2/%%n/ location = mdbox:/var/mail2/%%n/ } With separate userdbs serving part of the users with maildirs in /var/mail1/ and the other part with mdboxes in /var/mail2 ... valid in dovecot ? To be more precise: 1) Is current version dovecot expected to work with configuration as above ? E.g. if some user's mail location returned from userdb doesn't match location/format from one of the above namespaces - would it be ignored for it ? A very old version of dovecot I could check quickly (2.1.7) was segfaulting (imap processes) all the time with this kind of config. While I'll be upgrading it and the whole system to modern versions, I'm wondering if this kind of thing is formally allowed at all. An interesting variation of the above setup I tested - with the second namespace "un-variabled" and pointing to single user (with matching passwd-file returning that user) managed to work somehow - but the user itself was still created on the fly for the 1st namespace - having just a directory with empty dovecot-acl-list file. This essentially seemed to have worked like a typical public profile (shared acl db didn't seem to be used either) 2) For shared namespace with variables, would overriding shared namespace location in userdb query work ? For example if we had single namespace such as the first one (maildir) above with explicit share1 name, and then in userdb for some users: userdb_namespace/share1/location=mdbox:/var/mail2/some_user_name Would that override a shared namespace pattern on per user basis correctly ? 3) Is there perhaps a way to constraint which userdbs are considered per which shared namespace ? 4) Not strictly related to the above, but in LDAP part of documentation - namely http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb - why user_attrs = \ =home=%{ldap:homeDirectory}, \ =uid=%{ldap:uidNumber}, \ =gid=%{ldap:gidNumber} instead of user_attrs = \ homeDirectory=home, \ uidNumber=uid, \ gidNumber=gid Do both are equivalent with differet syntax (opening the way for templates for %{} based syntax), or are there some subtle differences between those ? (aside later example with 'attr=' instead of just '='). Would this kind of syntax also be correct for pass_attrs, such as: pass_attrs = \ =password=%{ldap:uid}, \ =userdb_home=%{ldap:homeDirectory} From sami.ketola at dovecot.fi Mon Jan 2 16:22:12 2017 From: sami.ketola at dovecot.fi (Sami Ketola) Date: Mon, 2 Jan 2017 18:22:12 +0200 Subject: two listeners with different "driver = " configs In-Reply-To: References: <9355de41-083c-5e1a-0292-bf09957b07c2@merit.unu.edu> Message-ID: <27318FB0-C346-4398-935D-2D8E625D4FA4@dovecot.fi> > On 31 Dec 2016, at 11.38, mj wrote: > > Hi, > > Does the lack of replies mean that what I'm asking is not possible? > > (or am I missing something SO obvious that nobody bothers to point it out..?) > It is difficult. what you might be able to do is to configure multiple inet_listeners and then use CoS setup with multiple passdb:s. something like: service imap-login { inet_listener imap { port = 143 } inet_listener imap2 { port = 144 } } and then in first passdb fetch configuration variables: passdb { driver = passwd-file args = username_format=port_%{lport} /etc/dovecot/extrasettings.passwd result_failure = continue result_internalfail = continue result_success = continue } passdb { ?. } and in second passdb {} you can use %{passdb:variables} that you set in the first passdb. Probably can?t set driver = %{passdb:driver} tough.. maybe with setup like this you can achieve what you want. Sami From aki.tuomi at dovecot.fi Mon Jan 2 18:21:09 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 2 Jan 2017 20:21:09 +0200 (EET) Subject: multiple shared/mail format namespaces In-Reply-To: <153f77a7-9dcd-e080-f29e-0189059a694c@ziu.info> References: <153f77a7-9dcd-e080-f29e-0189059a694c@ziu.info> Message-ID: <1234573593.425.1483381270633@appsuite-dev.open-xchange.com> Yeah, that's valid configuration. As long as they have unique prefix. Aki > On January 2, 2017 at 5:58 PM Michal Soltys wrote: > > > Hi, > > Are configurations (with separate formats per namespace) - such as ... > > namespace { > type = shared > list = children > inbox = no > separator = / > subscriptions = no > prefix = shared1/%%n/ > location = maildir:/var/mail1/%%n/ > } > > namespace { > type = shared > list = children > inbox = no > separator = / > subscriptions = no > prefix = shared2/%%n/ > location = mdbox:/var/mail2/%%n/ > } > > With separate userdbs serving part of the users with maildirs in /var/mail1/ > and the other part with mdboxes in /var/mail2 > > ... valid in dovecot ? > > To be more precise: > > 1) Is current version dovecot expected to work with configuration as above ? > E.g. if some user's mail location returned from userdb doesn't match > location/format from one of the above namespaces - would it be ignored for it > ? A very old version of dovecot I could check quickly (2.1.7) was segfaulting > (imap processes) all the time with this kind of config. While I'll be > upgrading it and the whole system to modern versions, I'm wondering if this > kind of thing is formally allowed at all. > > An interesting variation of the above setup I tested - with the second > namespace "un-variabled" and pointing to single user (with matching > passwd-file returning that user) managed to work somehow - but the user itself > was still created on the fly for the 1st namespace - having just a directory > with empty dovecot-acl-list file. This essentially seemed to have worked like > a typical public profile (shared acl db didn't seem to be used either) > > 2) For shared namespace with variables, would overriding shared namespace > location in userdb query work ? For example if we had single namespace such as > the first one (maildir) above with explicit share1 name, and then in userdb > for some users: > > userdb_namespace/share1/location=mdbox:/var/mail2/some_user_name > > Would that override a shared namespace pattern on per user basis correctly ? > > 3) Is there perhaps a way to constraint which userdbs are considered per which > shared namespace ? > > 4) Not strictly related to the above, but in LDAP part of documentation - > namely http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb - why > > user_attrs = \ > =home=%{ldap:homeDirectory}, \ > =uid=%{ldap:uidNumber}, \ > =gid=%{ldap:gidNumber} > > instead of > > user_attrs = \ > homeDirectory=home, \ > uidNumber=uid, \ > gidNumber=gid > > Do both are equivalent with differet syntax (opening the way for templates for > %{} based syntax), or are there some subtle differences between those ? (aside > later example with 'attr=' instead of just '='). > > Would this kind of syntax also be correct for pass_attrs, such as: > > pass_attrs = \ > =password=%{ldap:uid}, \ > =userdb_home=%{ldap:homeDirectory} From fedoraproject at cyberpear.com Tue Jan 3 07:18:39 2017 From: fedoraproject at cyberpear.com (James Cassell) Date: Tue, 03 Jan 2017 02:18:39 -0500 Subject: Fatal error with IMAP MOVE from a shared mailbox to Trash folder In-Reply-To: References: Message-ID: <1483427919.1180827.835611449.1BA8A61E@webmail.messagingengine.com> On Tue, Dec 27, 2016, at 11:35 AM, Daniele Barresi wrote: > Hello everyone. > I have a problem using Dovecot 2.2.26 with ACL plugin and deleting e-mails > from a shared mailbox. > > My user doesn't have the "expunge" permission on the shared mailbox, but it > has the "write-deleted" permission. So, when I delete a message from the > shared mailbox using a client that implements the IMAP MOVE command, it > tries to move the message to my Trash folder. Then the server closes the > connection to the client (process aborted) and I get three lines in the log > file with a backtrace and "Fatal" error. In this case the message doesn't > get copied or moved from the shared folder and the client complaints. I > found the same thing happens whenever I try to move anything between > folders of the shared mailbox itself, while logged in with my user. I can > move messages inside my own mailbox just fine. I don't know about the specific errors emitted, but I've encountered the same behavior. As it turns out, the required behavior per RFC 6851 Section 4.2 is that the message cannot be MOVE'd without the expunge permission: 4.2. RFC 4314, Access Control List (ACL) The ACL rights [RFC4314] required for MOVE and UID MOVE are the union of the ACL rights required for UID STORE, UID COPY, and UID EXPUNGE. You should be able to get the old behavior back by overriding the CAPABILITY response in the dovecot configuration to exclude "MOVE". Hope that helps. V/r, James Cassell From lists at merit.unu.edu Tue Jan 3 10:54:01 2017 From: lists at merit.unu.edu (mj) Date: Tue, 3 Jan 2017 11:54:01 +0100 Subject: two listeners with different "driver = " configs In-Reply-To: <1037720096.789.1483181420926@appsuite-dev.open-xchange.com> References: <9355de41-083c-5e1a-0292-bf09957b07c2@merit.unu.edu> <214513579.450.1483178164543@appsuite-dev.open-xchange.com> <1037720096.789.1483181420926@appsuite-dev.open-xchange.com> Message-ID: Hi Aki, list, On 12/31/2016 11:50 AM, Aki Tuomi wrote: > or maybe you can try > > local 0.0.0.0/0:144 { > passdb { > } > } > That makes dovecot complain: "Auth settings not supported inside local/remote blocks: passdb" MJ From lists at merit.unu.edu Tue Jan 3 10:57:08 2017 From: lists at merit.unu.edu (mj) Date: Tue, 3 Jan 2017 11:57:08 +0100 Subject: two listeners with different "driver = " configs In-Reply-To: <27318FB0-C346-4398-935D-2D8E625D4FA4@dovecot.fi> References: <9355de41-083c-5e1a-0292-bf09957b07c2@merit.unu.edu> <27318FB0-C346-4398-935D-2D8E625D4FA4@dovecot.fi> Message-ID: Hi Sami, > It is difficult. So it seems. :-) Thanks for your suggestions. Perhaps I just have to accept that what I would like is not possible. Thanks again for all suggestions! MJ From tobster at brain-force.ch Tue Jan 3 15:28:09 2017 From: tobster at brain-force.ch (Tobi) Date: Tue, 3 Jan 2017 16:28:09 +0100 Subject: dovecot-pigeonhole running external script ends with signal 11 Message-ID: Hi, I'm running a dovecot 2.2.26 (self compiled) on a Centos 7. I have a sieve script which should run an external script (in filter mode) that encrypts the mail using the users pub key. I configured 90-plugin.conf as follows plugin { sieve_plugins = sieve_extprograms sieve_extensions = +vnd.dovecot.filter sieve_filter_bin_dir = /etc/dovecot/sieve-filters sieve_filter_exec_timeout = 10000 } The script is named SCRIPT and is called in my sieve script require "vnd.dovecot.filter"; if blabla { filter "SCRIPT" ["me at example.com"]; } the script returns the encrypted mail. I can call this SCRIPT without any error manually on the console as dovecot user (vmail). Also sieve-test "says" that the script called sucessfully su vmail sieve-test -e -t - -Tlevel=commands -r me at example.com -l /home/vmail/example.com/me/.Maildir /home/vmail/example.com/me/.dovecot.sieve /tmp/test.mail ... 23: filter action 23: execute program `SCRIPT' 23: executed program successfully 23: changed message ... info: msgid=: stored mail into mailbox 'INBOX'. sieve-test(vmail): Info: final result: success and I get the encrpted message in my mailbox. Just when it's called upon delivery via lmtp the script ends with signal 11 Jan 3 15:59:48 mbox2 dovecot: lmtp(me at example.com): Error: program `/etc/dovecot/sieve-filters/SCRIPT' terminated abnormally, signal 11 And in ~/.dovecot.sieve.log I can find the following .dovecot: line 23: error: filter action: failed to execute to program `SCRIPT': refer to server log for more information. [2017-01-03 15:59:48]. I have no idea why the manual call runs perfect and the call from sieve file ends up in this error. Does anyone have an idea how I could narrow down the source of this error? Or even better how to fix it? :-) Thanks for any answer tobi From news at mefox.org Tue Jan 3 16:08:02 2017 From: news at mefox.org (Michael Fox) Date: Tue, 3 Jan 2017 08:08:02 -0800 Subject: expunging all mailboxes In-Reply-To: References: <013801d260aa$259e8be0$70dba3a0$@mefox.org> <0fe6e2e6-37da-f08a-a475-e8a68ce87913@vosslamber.nl> <028301d2624c$23bd70e0$6b3852a0$@mefox.org> <60797fcb-7d32-f8e2-1de8-3d6b5e7ff51f@talpey.com> <009b01d262b6$34aba600$9e02f200$@mefox.org> <06bd1a47-fde0-6691-686c-fea3195ed1e5@talpey.com> <015401d26332$8b9de0a0$a2d9a1e0$@mefox.org> Message-ID: <004301d265db$8fe999a0$afbccce0$@mefox.org> > maybe the debug option '-D' gives a clue why it failes on your site? > > doveadm -D expunge -u user at domain mailbox '*' savedbefore 2d I don't see any errors in the debug output. And if there was an error, one would expect to see an error message when running the expunge command even without debugging turned on. Thanks for trying. I've got to put this aside for a few days to meet a deadline for another project. I'll pick it up with more testing after that. Michael From aki.tuomi at dovecot.fi Tue Jan 3 19:32:04 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 3 Jan 2017 21:32:04 +0200 Subject: dovecot-pigeonhole running external script ends with signal 11 In-Reply-To: References: Message-ID: <41d3c914-1f7c-5287-5f48-989b0a70bca9@dovecot.fi> On 01/03/2017 05:28 PM, Tobi wrote: > Hi, > > I'm running a dovecot 2.2.26 (self compiled) on a Centos 7. > I have a sieve script which should run an external script (in filter > mode) that encrypts the mail using the users pub key. > > I configured 90-plugin.conf as follows > > plugin { > sieve_plugins = sieve_extprograms > sieve_extensions = +vnd.dovecot.filter > sieve_filter_bin_dir = /etc/dovecot/sieve-filters > sieve_filter_exec_timeout = 10000 > } > > The script is named SCRIPT and is called in my sieve script > > require "vnd.dovecot.filter"; > if blabla { > filter "SCRIPT" ["me at example.com"]; > } > > the script returns the encrypted mail. > > I can call this SCRIPT without any error manually on the console as > dovecot user (vmail). > Also sieve-test "says" that the script called sucessfully > > su vmail > sieve-test -e -t - -Tlevel=commands -r me at example.com -l > /home/vmail/example.com/me/.Maildir > /home/vmail/example.com/me/.dovecot.sieve /tmp/test.mail > ... > 23: filter action > 23: execute program `SCRIPT' > 23: executed program successfully > 23: changed message > ... > info: > msgid=: > stored mail into mailbox 'INBOX'. > sieve-test(vmail): Info: final result: success > > and I get the encrpted message in my mailbox. > > Just when it's called upon delivery via lmtp the script ends with signal 11 > > Jan 3 15:59:48 mbox2 dovecot: lmtp(me at example.com): Error: program > `/etc/dovecot/sieve-filters/SCRIPT' terminated abnormally, signal 11 > > And in ~/.dovecot.sieve.log I can find the following > > .dovecot: line 23: error: filter action: failed to execute to program > `SCRIPT': refer to server log for more information. [2017-01-03 15:59:48]. > > I have no idea why the manual call runs perfect and the call from sieve > file ends up in this error. > Does anyone have an idea how I could narrow down the source of this > error? Or even better how to fix it? :-) > > Thanks for any answer > > tobi This seems to be a problem with SCRIPT, it seems to sigfault. Aki From stephan at rename-it.nl Tue Jan 3 20:12:47 2017 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 3 Jan 2017 21:12:47 +0100 Subject: dovecot-pigeonhole running external script ends with signal 11 In-Reply-To: References: Message-ID: <6824f773-57b4-329a-7297-425574f5af34@rename-it.nl> Op 1/3/2017 om 4:28 PM schreef Tobi: > I have no idea why the manual call runs perfect and the call from sieve > file ends up in this error. > Does anyone have an idea how I could narrow down the source of this > error? Or even better how to fix it? :-) In the most likely scenario, there is some sort of bug in one of the programs your script invokes or even the shell running the script. Still, it is possible that Dovecot is causing this in the brief moment after the child process is forked and before actual script is executed. Since you're using LMTP, you could try to run the lmtp service from command line in GDB. In essence, this looks as follows (you will need to run this as the mail user, e.g. vmail, or you can run it as root): $ gdb --args /usr/lib/dovecot/lmtp Reading symbols from /usr/lib/dovecot/lmtp...done. (gdb) set follow-fork-mode child (gdb) r Starting program: /usr/lib/dovecot/lmtp process 63910 is executing new program: /usr/bin/doveconf process 63910 is executing new program: /usr/lib/dovecot/lmtp Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= 220 johanna.johanna.tds Dovecot ready. Info: Connect from local lhlo frop 250-johanna.johanna.tds 250-8BITMIME 250-ENHANCEDSTATUSCODES 250 PIPELINING mail from: 250 2.1.0 OK rcpt to: 250 2.1.5 OK data 354 OK . After the message is submitted, it should segfault. GDB will tell you where this happened. If it happens in Dovecot somewhere, you should obtain a back trace using `bt full`. If some other software is involved, those developers would also likely need that back trace to find the underlying problem. Regards, Stephan. From aki.tuomi at dovecot.fi Tue Jan 3 22:14:49 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 4 Jan 2017 00:14:49 +0200 Subject: Fatal error with IMAP MOVE from a shared mailbox to Trash folder In-Reply-To: References: Message-ID: <9b01b55d-e15d-2d99-449a-644cfbc3ecd2@dovecot.fi> On 12/27/2016 06:35 PM, Daniele Barresi wrote: > Hello everyone. > I have a problem using Dovecot 2.2.26 with ACL plugin and deleting e-mails > from a shared mailbox. > > My user doesn't have the "expunge" permission on the shared mailbox, but it > has the "write-deleted" permission. So, when I delete a message from the > shared mailbox using a client that implements the IMAP MOVE command, it > tries to move the message to my Trash folder. Then the server closes the > connection to the client (process aborted) and I get three lines in the log > file with a backtrace and "Fatal" error. In this case the message doesn't > get copied or moved from the shared folder and the client complaints. I > found the same thing happens whenever I try to move anything between > folders of the shared mailbox itself, while logged in with my user. I can > move messages inside my own mailbox just fine. > > If I try the same operation from a client that uses the IMAP COPY + DELETE > commands, no errors are logged and the outcome is as expected: the message > gets copied from the shared folder to my Trash and gets the flag "\Deleted" > set on the shared folder. > > My setup is as follows: > > Dovecot: 2.2.26.0 > OS: Ubuntu 16.04.1 LTS > CPU architecture: x86_64 > Filesystem: ext4 > > > The relevant lines from mail.err log: > > Dec 27 15:21:18 dovecot dovecot: imap(danielebarresi): Panic: file > mail-storage.c: line 2143 (mailbox_save_context_reset): assertion failed: > (ctx->copying_via_save) > Dec 27 15:21:18 dovecot dovecot: imap(danielebarresi): Error: Raw > backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x9438e) [0x7fbcd478538e] -> > /usr/lib/dovecot/libdovecot.so.0(+0x9447c) [0x7fbcd478547c] -> > /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fbcd471ea4e] -> > /usr/lib/dovecot/libdovecot-storage.so.0(+0x41b78) [0x7fbcd4a50b78] -> > /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_save_cancel+0x73) > [0x7fbcd4a53d73] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so(+0xe142) > [0x7fbcd3f1d142] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x4516d) > [0x7fbcd4a5416d] -> > /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_move+0x23) > [0x7fbcd4a54333] -> dovecot/imap(+0xf9c5) [0x557cf98629c5] -> > dovecot/imap(command_exec+0xa6) [0x557cf986f196] -> dovecot/imap(+0x1a4c2) > [0x557cf986d4c2] -> dovecot/imap(+0x1a550) [0x557cf986d550] -> > dovecot/imap(client_handle_input+0x195) [0x557cf986d915] -> > dovecot/imap(client_input+0x85) [0x557cf986de25] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x4c) [0x7fbcd4799bdc] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10a) > [0x7fbcd479b09a] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) [0x7fbcd4799c65] > -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fbcd4799e08] -> > /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fbcd4724f53] > -> dovecot/imap(main+0x322) [0x557cf9860ca2] -> > /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0) [0x7fbcd4348830] -> > dovecot/imap(+0xde1f) [0x557cf9860e1f] > Dec 27 15:21:18 dovecot dovecot: imap(danielebarresi): Fatal: master: > service(imap): child 6907 killed with signal 6 (core dumped) > > > Dovecot configuration (doveadm -n): > > # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.16 (fed8554) > # OS: Linux 4.4.0-57-generic x86_64 Ubuntu 16.04.1 LTS > auth_cache_negative_ttl = 10 mins > auth_cache_size = 2 M > auth_master_user_separator = * > auth_mechanisms = plain login > first_valid_uid = 12 > last_valid_uid = 12 > mail_location = maildir:~/Maildir > mail_plugins = acl quota notify mail_log stats lazy_expunge > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date index ihave > duplicate mime foreverypart extracttext > namespace casellecondivise { > list = children > location = maildir:%%h/Maildir:INDEXPVT=~/Maildir/shared/%%u > prefix = Caselle condivise/%%u/ > separator = / > subscriptions = no > type = shared > } > namespace expunged { > hidden = yes > list = no > location = maildir:/var/expunged/%n/Expunged > prefix = EXPUNGED/ > separator = / > } > namespace inbox { > inbox = yes > location = > mailbox Archive { > auto = subscribe > special_use = \Archive > } > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Junk { > auto = subscribe > special_use = \Junk > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > separator = / > type = private > } > passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > plugin { > acl = vfile:/etc/dovecot/global-acls:cache_secs=300 > acl_shared_dict = file:/etc/dovecot/shared/shared-mailboxes > lazy_expunge = EXPUNGED/ > lazy_expunge_only_last_instance = yes > mail_log_events = delete copy flag_change save undelete expunge > mail_log_fields = uid box msgid size > quota = maildir:user quota > quota_exceeded_message = (Quota exceeded) La casella di posta elettronica > del destinatario ? piena. > quota_rule = *:storage=1G > quota_rule2 = Trash:storage=+100M > quota_warning = storage=95%% quota-warning 95 %u > quota_warning2 = storage=100%% quota-warning 100 %u > sieve = file:~/sieve;active=~/.dovecot.sieve > stats_command_min_time = 1 mins > stats_domain_min_time = 12 hours > stats_ip_min_time = 12 hours > stats_memory_limit = 32 M > stats_refresh = 30 secs > stats_session_min_time = 15 mins > stats_track_cmds = yes > stats_user_min_time = 1 hours > } > protocols = " imap sieve" > service auth { > unix_listener /var/spool/postfix/private/auth { > group = mail > mode = 0666 > user = postfix > } > unix_listener auth-userdb { > group = mail > user = mail > } > } > service dict { > unix_listener dict { > group = mail > mode = 0600 > user = mail > } > } > service imap-login { > process_limit = 300 > process_min_avail = 2 > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > } > service quota-warning { > executable = script /etc/dovecot/scripts/quota-warning.sh > unix_listener quota-warning { > group = mail > user = mail > } > } > service stats { > fifo_listener stats-mail { > mode = 0600 > user = mail > } > } > ssl = required > ssl_cert = ssl_key = # hidden, use -P to show it > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > default_fields = uid=mail gid=mail home=/var/mail/%u master_user=%u > driver = sql > } > userdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > default_fields = uid=mail gid=mail home=/var/mail/%u master_user=%u > driver = ldap > } > protocol lda { > mail_plugins = acl quota notify mail_log stats lazy_expunge sieve > } > protocol imap { > mail_max_userip_connections = 25 > mail_plugins = acl quota notify mail_log stats lazy_expunge imap_quota > imap_stats > } > > I tested this with different users with the same result. > I tested and reproduced the error with Thunderbird and Roundcube. > The Apple Mail client uses IMAP COPY + DELETE, instead of IMAP MOVE, and no > errors are reported. So I think it's related to the IMAP MOVE > implementation on Dovecot server. > > > Has anyone seen the same error? > Any suggestions? Is this a Dovecot bug? > > --- > Daniele Barresi Hi! We'll open a bug on this. Thanks for reporting it. Aki From daff at pseudoterminal.org Tue Jan 3 22:28:29 2017 From: daff at pseudoterminal.org (Andreas Ntaflos) Date: Tue, 3 Jan 2017 23:28:29 +0100 Subject: dovecot.index.pvt view is inconsistent: error messages for public mailbox folder Message-ID: Hi list, running Dovecot 2.2.27 on Ubuntu 14.04. A public mailbox "Public/Spam-Learning" in a public namespace with per-user "Seen" flags is configured like this: namespace pub { hidden = no inbox = no list = children location = maildir:/var/vmail/public:INDEXPVT=~/Maildir/public prefix = Public/ separator = / subscriptions = no type = public mailbox "Spam-Learning" { auto = subscribe } } The log files are full of error messages like these (got about 15000 in the last three days): 2017-01-03T11:19:28.242386+01:00 mailserver01 dovecot: imap(foo.bar at example.org): Error: /var/vmail/example.org/foo.bar/Maildir/public/.Spam-Learning/dovecot.index.pvt reset, view is now inconsistent 2017-01-03T11:19:28.248524+01:00 mailserver01 dovecot: imap(foo.bar at example.org): Error: /var/vmail/example.org/foo.bar/Maildir/public/.Spam-Learning/dovecot.index.pvt view is inconsistent 2017-01-03T11:23:50.209732+01:00 mailserver01 dovecot: imap(baz.quux at example.org): Error: /var/vmail/example.org/baz.quux/Maildir/public/.Spam-Learning/dovecot.index.pvt reset, view is now inconsistent 2017-01-03T11:23:50.775940+01:00 mailserver01 dovecot: imap(some.user at example.org): Error: /var/vmail/example.org/some.user/Maildir/public/.Spam-Learning/dovecot.index.pvt reset, view is now inconsistent 2017-01-03T11:25:38.419536+01:00 mailserver01 dovecot: imap(other.user at example.org): Error: /var/vmail/example.org/other.user/Maildir/public/.Spam-Learning/dovecot.index.pvt reset, view is now inconsistent 2017-01-03T11:34:14.351346+01:00 mailserver01 dovecot: imap(more.user at example.org): Error: /var/vmail/example.org/more.user/Maildir/public/.Spam-Learning/dovecot.index.pvt reset, view is now inconsistent 2017-01-03T11:41:37.488916+01:00 mailserver01 dovecot: imap(support.user at example.org): Error: /var/vmail/example.org/support.user/Maildir/public/.Spam-Learning/dovecot.index.pvt reset, view is now inconsistent This problem did not seem to manifest itself in Dovecot 2.2.25, we see it only after upgrading to 2.2.27. I am not sure what the effects are. It seems that messages moved to the Public/Spam-Learning folder are deleted after a short while (not by the sa-learn cron job, which runs every morning) but I currently cannot say if this is because a user deletes them explicitly or because Dovecot does something it shouldn't. So this observation is possibly not relevant. It also doesn't seem to matter what kind of IMAP client access the Spam-Learning folder. Our users use Thunderbird, Apple Mail, Outlook, Roundcube, Horde and various mobile clients as well. I have attached the output of doveconf -n for reference. What could be the issue here? Are we doing something wrong or is this a bug in Dovecot? Thanks! Andreas -------------- next part -------------- # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.4.0-57-generic x86_64 Ubuntu 14.04.3 LTS auth_master_user_separator = * auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-master base_dir = /var/run/dovecot/ default_client_limit = 8192 default_process_limit = 1024 default_vsz_limit = 512 M lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = X-Original-To listen = * mail_access_groups = mail mail_location = maildir:~/Maildir mail_plugins = " zlib" mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags namespace backup { hidden = yes inbox = no list = no location = maildir:~/Maildir-backup prefix = Backup/ separator = / type = private } namespace inbox { hidden = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox INBOX/Spam { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / subscriptions = yes type = private } namespace pub { hidden = no inbox = no list = children location = maildir:/var/vmail/public:INDEXPVT=~/Maildir/public mailbox Spam-Learning { auto = subscribe } prefix = Public/ separator = / subscriptions = no type = public } passdb { args = /etc/dovecot/master.%s driver = passwd-file master = yes name = passwd-file } passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin { acl = vfile:/etc/dovecot/dovecot-acl recipient_delimiter = + sieve = file:~/sieve;active=~/.dovecot.sieve sieve_before = /etc/dovecot/sieve.d/before/ sieve_default = /etc/dovecot/sieve.d/default.sieve sieve_extensions = +imapflags sieve_global = /etc/dovecot/sieve.d/global/ zlib_save = bz2 zlib_save_level = 9 } protocols = imap pop3 lmtp sieve service auth-worker { user = $default_internal_user } service auth { client_limit = 10240 unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { mode = 0600 user = vmail } user = $default_internal_user } service imap-login { process_limit = 1024 process_min_avail = 8 service_count = 1 vsz_limit = 512 M } service imap { process_limit = 4096 vsz_limit = 2 G } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service pop3-login { process_limit = 1024 process_min_avail = 8 service_count = 1 vsz_limit = 512 M } ssl = required ssl_cert = References: <6824f773-57b4-329a-7297-425574f5af34@rename-it.nl> Message-ID: <1b2d6f61-f59e-20f0-0e49-7666588cc256@brain-force.ch> Hi Stephan Am 03.01.2017 um 21:12 schrieb Stephan Bosch: > Since you're using LMTP, you could try to run the lmtp service from > command line in GDB. In essence, this looks as follows (you will need to > run this as the mail user, e.g. vmail, or you can run it as root): > > $ gdb --args /usr/lib/dovecot/lmtp I did so and it seems that libc.so.6 throws the error as I get the following result (as root): [New process 14843] Program received signal SIGSEGV, Segmentation fault. [Switching to process 14843] 0x00007ffff7241b71 in __strlen_sse2 () from /lib64/libc.so.6 bt full does not give me more than this #0 0x00007ffff7241b71 in __strlen_sse2 () from /lib64/libc.so.6 No symbol table info available. Cannot access memory at address 0x7fffffffd848 Then I installed debuginfo for glibc via debuginfo-install glibc-2.17-157.el7_3.1.x86_64 and get Program received signal SIGSEGV, Segmentation fault. [Switching to process 18099] __strlen_sse2 () at ../sysdeps/x86_64/strlen.S:31 31 movdqu (%rdi), %xmm1 So this is an issue for glibc developpers? Just wonder why this error does not occur if I call the script directly on cli or if I use sieve-test program. It seems only to occur if the script called from dovecot To compare I tried gdb as well as user vmail and get more detailed information [New process 20844] Program received signal SIGSEGV, Segmentation fault. [Switching to process 20844] 0x00007ffff7203694 in _IO_vfprintf_internal (s=s at entry=0x7fffffffd710, format=, format at entry=0x555555764938 "chroot(%s) failed: Bad address", ap=ap at entry=0x7fffffffd970) at vfprintf.c:1635 1635 process_string_arg (((struct printf_spec *) NULL)); bt full does return much more in this case. I attached that output as bt_full.txt to this mail (maybe it can be of help) Thanks for your help tobi -------------- next part -------------- #0 0x00007ffff7203694 in _IO_vfprintf_internal (s=s at entry=0x7fffffffd710, format=, format at entry=0x555555764938
, ap=ap at entry=0x7fffffffd970) at vfprintf.c:1635 len = string_malloced = step0_jumps = space = is_short = use_outdigits = step1_jumps = group = prec = step2_jumps = string = left = is_long_double = width = step3a_jumps = alt = showsign = is_long = is_char = pad = step3b_jumps = step4_jumps = is_negative = number = base = the_arg = spec = _buffer = _avail = thousands_sep = grouping = done = f = lead_str_end = end_of_spec = work_buffer = workstart = 0x0 workend = ap_save = nspecs_done = save_errno = readonly_format = args_malloced = specs = specs_malloced = jump_table = #1 0x00007ffff72c78d5 in ___vsnprintf_chk (s=0x555555764855
, s at entry=, maxlen=, flags=1, slen=, format=0x555555764938
, args=0x7fffffffd970) at vsnprintf_chk.c:63 sf = ret = From aki.tuomi at dovecot.fi Wed Jan 4 07:55:18 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 4 Jan 2017 09:55:18 +0200 Subject: dovecot-pigeonhole running external script ends with signal 11 In-Reply-To: <1b2d6f61-f59e-20f0-0e49-7666588cc256@brain-force.ch> References: <6824f773-57b4-329a-7297-425574f5af34@rename-it.nl> <1b2d6f61-f59e-20f0-0e49-7666588cc256@brain-force.ch> Message-ID: <1cd6ff77-3181-e8b4-a5d5-8c6c87e40fcc@dovecot.fi> On 04.01.2017 09:49, Tobi wrote: > Hi Stephan > > Am 03.01.2017 um 21:12 schrieb Stephan Bosch: > >> Since you're using LMTP, you could try to run the lmtp service from >> command line in GDB. In essence, this looks as follows (you will need to >> run this as the mail user, e.g. vmail, or you can run it as root): >> >> $ gdb --args /usr/lib/dovecot/lmtp > I did so and it seems that libc.so.6 throws the error as I get the > following result (as root): > > [New process 14843] > Program received signal SIGSEGV, Segmentation fault. > [Switching to process 14843] > 0x00007ffff7241b71 in __strlen_sse2 () from /lib64/libc.so.6 > > bt full does not give me more than this > > #0 0x00007ffff7241b71 in __strlen_sse2 () from /lib64/libc.so.6 > No symbol table info available. > Cannot access memory at address 0x7fffffffd848 > > Then I installed debuginfo for glibc via debuginfo-install > glibc-2.17-157.el7_3.1.x86_64 and get > > Program received signal SIGSEGV, Segmentation fault. > [Switching to process 18099] > __strlen_sse2 () at ../sysdeps/x86_64/strlen.S:31 > 31 movdqu (%rdi), %xmm1 > > So this is an issue for glibc developpers? Just wonder why this error > does not occur if I call the script directly on cli or if I use > sieve-test program. It seems only to occur if the script called from dovecot > > To compare I tried gdb as well as user vmail and get more detailed > information > > [New process 20844] > Program received signal SIGSEGV, Segmentation fault. > [Switching to process 20844] > 0x00007ffff7203694 in _IO_vfprintf_internal (s=s at entry=0x7fffffffd710, > format=, > format at entry=0x555555764938 "chroot(%s) failed: Bad address", > ap=ap at entry=0x7fffffffd970) at vfprintf.c:1635 > 1635 process_string_arg (((struct printf_spec *) NULL)); > > bt full does return much more in this case. I attached that output as > bt_full.txt to this mail (maybe it can be of help) > > Thanks for your help > > tobi > Did you update both dovecot *and* pigeonhole when you last updated? Aki From tobster at brain-force.ch Wed Jan 4 08:37:10 2017 From: tobster at brain-force.ch (Tobi) Date: Wed, 4 Jan 2017 09:37:10 +0100 Subject: dovecot-pigeonhole running external script ends with signal 11 In-Reply-To: <1cd6ff77-3181-e8b4-a5d5-8c6c87e40fcc@dovecot.fi> References: <6824f773-57b4-329a-7297-425574f5af34@rename-it.nl> <1b2d6f61-f59e-20f0-0e49-7666588cc256@brain-force.ch> <1cd6ff77-3181-e8b4-a5d5-8c6c87e40fcc@dovecot.fi> Message-ID: Hi Aki yes I built dovecot and pigeonhole rpms in the same rpmbuild. pigeonhole rpm is based on 0.4.14 Do you think that the error might come from self building the rpms? Regards tobi Am 04.01.2017 um 08:55 schrieb Aki Tuomi: > On 04.01.2017 09:49, Tobi wrote: >> Hi Stephan >> >> Am 03.01.2017 um 21:12 schrieb Stephan Bosch: >> >>> Since you're using LMTP, you could try to run the lmtp service from >>> command line in GDB. In essence, this looks as follows (you will need to >>> run this as the mail user, e.g. vmail, or you can run it as root): >>> >>> $ gdb --args /usr/lib/dovecot/lmtp >> I did so and it seems that libc.so.6 throws the error as I get the >> following result (as root): >> >> [New process 14843] >> Program received signal SIGSEGV, Segmentation fault. >> [Switching to process 14843] >> 0x00007ffff7241b71 in __strlen_sse2 () from /lib64/libc.so.6 >> >> bt full does not give me more than this >> >> #0 0x00007ffff7241b71 in __strlen_sse2 () from /lib64/libc.so.6 >> No symbol table info available. >> Cannot access memory at address 0x7fffffffd848 >> >> Then I installed debuginfo for glibc via debuginfo-install >> glibc-2.17-157.el7_3.1.x86_64 and get >> >> Program received signal SIGSEGV, Segmentation fault. >> [Switching to process 18099] >> __strlen_sse2 () at ../sysdeps/x86_64/strlen.S:31 >> 31 movdqu (%rdi), %xmm1 >> >> So this is an issue for glibc developpers? Just wonder why this error >> does not occur if I call the script directly on cli or if I use >> sieve-test program. It seems only to occur if the script called from dovecot >> >> To compare I tried gdb as well as user vmail and get more detailed >> information >> >> [New process 20844] >> Program received signal SIGSEGV, Segmentation fault. >> [Switching to process 20844] >> 0x00007ffff7203694 in _IO_vfprintf_internal (s=s at entry=0x7fffffffd710, >> format=, >> format at entry=0x555555764938 "chroot(%s) failed: Bad address", >> ap=ap at entry=0x7fffffffd970) at vfprintf.c:1635 >> 1635 process_string_arg (((struct printf_spec *) NULL)); >> >> bt full does return much more in this case. I attached that output as >> bt_full.txt to this mail (maybe it can be of help) >> >> Thanks for your help >> >> tobi >> > > Did you update both dovecot *and* pigeonhole when you last updated? > > Aki > From juri+dovecot at dividebyzero.it Wed Jan 4 19:40:23 2017 From: juri+dovecot at dividebyzero.it (Juri) Date: Wed, 04 Jan 2017 19:40:23 +0000 Subject: Dovecot dsync tcps sends incomplete certificate chain Message-ID: <045859ec9c818f2ce2814821952b415c@mail.dividebyzero.it> Hi, I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and a valid Let's Encrypt certificate. I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the tcps method, but when I launch the replication it fails writing on the log (/var/log/mail.err): (Server 1 - sync "client" )| Error: sync: Disconnected from remote: Received invalid SSL certificate: unable to get local issuer certificate: /CN=mail.dividebyzero.it (Server 2 - sync "server")| Error: doveadm client disconnected before handshake: If I try to connect to the server using openssl s_client, on the port 993 (imaps) the server correctly sends the full chain: $ openssl s_client -connect server1.fqdn:993 CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = mail.dividebyzero.it verify return:1 --- Certificate chain 0 s:/CN=mail.dividebyzero.it i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 ... while on the doveadm port it fails: $ openssl s_client -connect server1.fqdn:7557 CONNECTED(00000003) depth=0 CN = mail.dividebyzero.it verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = mail.dividebyzero.it verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/CN=mail.dividebyzero.it i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 ... I run Dovecot 2.2.13 on Debian 8.6: $ dovecot -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 auth_default_realm = dividebyzero.it auth_mechanisms = plain login doveadm_password = (redacted) doveadm_port = 7557 mail_location = maildir:~/Maildir mail_plugins = " notify replication" namespace inbox { (removed) } passdb { driver = pam } passdb { args = username_format=%n /etc/vmail/%d/passwd driver = passwd-file } plugin { mail_replica = tcps:otherserver.fqdn } protocols = " imap lmtp" service aggregator { fifo_listener replication-notify-fifo { user = dovecot } unix_listener replication-notify { user = dovecot } } service auth { unix_listener auth-client { group = Debian-exim mode = 0660 } unix_listener auth-userdb { user = vmail } } service doveadm { inet_listener { port = 7557 ssl = yes } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl = required ssl_cert = References: <045859ec9c818f2ce2814821952b415c@mail.dividebyzero.it> Message-ID: On 01/04/2017 08:40 PM, Juri wrote: > Hi, > I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and > a valid Let's Encrypt certificate. > I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the tcps method, but > when I launch the replication it fails writing on the log (/var/log/mail.err): > (Server 1 - sync "client" )| Error: sync: Disconnected from remote: Received invalid SSL > certificate: unable to get local issuer certificate: /CN=mail.dividebyzero.it > (Server 2 - sync "server")| Error: doveadm client disconnected before handshake: > > If I try to connect to the server using openssl s_client, on the port 993 (imaps) the server > correctly sends the full chain: > $ openssl s_client -connect server1.fqdn:993 > CONNECTED(00000003) > depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 > verify return:1 > depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 > verify return:1 > depth=0 CN = mail.dividebyzero.it > verify return:1 > --- > Certificate chain > 0 s:/CN=mail.dividebyzero.it > i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > i:/O=Digital Signature Trust Co./CN=DST Root CA X3 > ... > > while on the doveadm port it fails: > $ openssl s_client -connect server1.fqdn:7557 > CONNECTED(00000003) > depth=0 CN = mail.dividebyzero.it > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 CN = mail.dividebyzero.it > verify error:num=21:unable to verify the first certificate > verify return:1 > --- > Certificate chain > 0 s:/CN=mail.dividebyzero.it > i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > ... > > I run Dovecot 2.2.13 on Debian 8.6: > $ dovecot -n > # 2.2.13: /etc/dovecot/dovecot.conf > # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 > auth_default_realm = dividebyzero.it > auth_mechanisms = plain login > doveadm_password = (redacted) > doveadm_port = 7557 > mail_location = maildir:~/Maildir > mail_plugins = " notify replication" > namespace inbox { (removed) } > passdb { > driver = pam > } > passdb { > args = username_format=%n /etc/vmail/%d/passwd > driver = passwd-file > } > plugin { > mail_replica = tcps:otherserver.fqdn > } > protocols = " imap lmtp" > service aggregator { > fifo_listener replication-notify-fifo { > user = dovecot > } > unix_listener replication-notify { > user = dovecot > } > } > service auth { > unix_listener auth-client { > group = Debian-exim > mode = 0660 > } > unix_listener auth-userdb { > user = vmail > } > } > service doveadm { > inet_listener { > port = 7557 > ssl = yes > } > } > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > } > service replicator { > process_min_avail = 1 > unix_listener replicator-doveadm { > mode = 0666 > } > } > ssl = required > ssl_cert = ssl_client_ca_file = /etc/letsencrypt/live/mail.dividebyzero.it/chain.pem > ssl_key = userdb { > driver = passwd > } > userdb { > args = uid=vmail gid=vmail home=/var/local/vmail/%d/%n > driver = static > } > > Is it a known problem, or has it been resolved in a subsequent version? > If it is not, can you suggest me a workaround in the meantime? > Thank you. I would do those test using the -CAfile parameter to be sure of the local certificate file being used: openssl s_client -connect server1.fqdn:993 -CAfile /etc/letsencrypt/live/mail.dividebyzero.it/chain.pem openssl s_client -connect server1.fqdn:7557 -CAfile /etc/letsencrypt/live/mail.dividebyzero.it/chain.pem You should also be able to see the problem using the verify command directly (on the cert copied from the remote server) openssl verify -CAfile /etc/letsencrypt/live/mail.dividebyzero.it/chain.pem fullchain_copied_from_remote_server.pem This error happens when the local CA file or directory that is specified does not contain the root certificate or the root certificate and intermediate ones in the case that the intermediates are not supplied by the server. My understanding is that Dovecot supplies the intermediate certificates both for replication and imap services if they are in the server certificate file. So you should be able to solve this by making the root certificate available to Dovecot (parameter ssl_client_ca_file). In the worst case you can concatenate the intermediate and root certificates. The certificate you are likely missing is the root certificate: /O=Digital Signature Trust Co./CN=DST Root CA X3 You can follow the link on this page for it: https://letsencrypt.org/certificates/ (link DST Root CA X3.) I recently set up replication following the wiki and I think you deviated from the instructions at this point: "The client must be able to verify that the SSL certificate is valid, so you need to specify the directory/file containing valid SSL CA roots: ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat" At least when I followed this for Centos using the Redhat setting it worked. The DST root certification was already in that file. You might have the same luck by following the indications for Debian: ssl_client_ca_dir = /etc/ssl/certs (and removing your ssl_client_ca_file setting). If not putting the right root or chain into the file is your alternative option. John From Benoit.Branciard at univ-paris1.fr Thu Jan 5 11:38:51 2017 From: Benoit.Branciard at univ-paris1.fr (Benoit Branciard) Date: Thu, 5 Jan 2017 12:38:51 +0100 Subject: doveadm output format changes Message-ID: <41f15f77-7605-9426-c2fd-90ec869cb06a@univ-paris1.fr> It appears that doveadm output format changes every now and then, without particular notice. For example, the following command: doveadm -f pager mailbox status 'messages recent' '*' did output something like this until v2.2.24 : mailbox: Mailbox1 messages: 58 recent: 12 ^L mailbox: Mailbox2 messages: 128 recent: 0 but switched to that in v2.2.26 : Mailbox1 messages: 58 recent: 12 ^L Mailbox2 messages: 128 recent: 0 This seems related to the following changelog entry: 2016-10-25 20:51:36 +0300 Timo Sirainen (5baa99e) doveadm: "pager" formatter supports now DOVEADM_PRINT_HEADER_FLAG_HIDE_TITLE M src/doveadm/doveadm-print-pager.c Some other format changes did also occur in the past. For example, "doveadm user" had a specific format in v2.0.19 (and ignored the "-f format" option), and obviously defaulted to the "-f tab" format (which has different rendering) somewhere in the v2.2.x or 2.1.x. Such changes render maintenance of wrapping scripts particularly tedious. Could it be possible to avoid such breaking changes in the future ? -- Benoit BRANCIARD Service InfraStructures (SIS) Direction du Syst?me d'Information et des Usages Num?riques (DSIUN) Universit? Paris 1 Panth?on-Sorbonne Centre Pierre Mend?s France 90 rue de Tolbiac - 75634 Paris cedex 13 - France Bur. B406 - T?l +33 1 44 07 89 68 - Fax +33 1 44 07 89 66 Accueil: +33 1 44 07 89 65 - Assistance-DSIUN at univ-paris1.fr http://dsi.univ-paris1.fr From tobster at brain-force.ch Thu Jan 5 18:16:23 2017 From: tobster at brain-force.ch (Tobi) Date: Thu, 5 Jan 2017 19:16:23 +0100 (GMT+01:00) Subject: dovecot-pigeonhole running external script ends with signal 11 In-Reply-To: References: <6824f773-57b4-329a-7297-425574f5af34@rename-it.nl> <1b2d6f61-f59e-20f0-0e49-7666588cc256@brain-force.ch> <1cd6ff77-3181-e8b4-a5d5-8c6c87e40fcc@dovecot.fi> Message-ID: Problem avoided by a quite ugly workaround :-) The script now is called by postfix as a transport. Works so far and the script never segfaults until now. Would still prefer the solution via dovecot sieve but for the moment the postfix solution is okay with me. Cheers tobi ----- Originale Nachricht ----- Von: Tobi Gesendet: 04.01.17 - 09:37 An: dovecot at dovecot.org Betreff: Re: dovecot-pigeonhole running external script ends with signal 11 > Hi Aki > > yes I built dovecot and pigeonhole rpms in the same rpmbuild. pigeonhole > rpm is based on 0.4.14 > Do you think that the error might come from self building the rpms? > > Regards > > tobi > > Am 04.01.2017 um 08:55 schrieb Aki Tuomi: >> On 04.01.2017 09:49, Tobi wrote: >>> Hi Stephan >>> >>> Am 03.01.2017 um 21:12 schrieb Stephan Bosch: >>> >>>> Since you're using LMTP, you could try to run the lmtp service from >>>> command line in GDB. In essence, this looks as follows (you will need to >>>> run this as the mail user, e.g. vmail, or you can run it as root): >>>> >>>> $ gdb --args /usr/lib/dovecot/lmtp >>> I did so and it seems that libc.so.6 throws the error as I get the >>> following result (as root): >>> >>> [New process 14843] >>> Program received signal SIGSEGV, Segmentation fault. >>> [Switching to process 14843] >>> 0x00007ffff7241b71 in __strlen_sse2 () from /lib64/libc.so.6 >>> >>> bt full does not give me more than this >>> >>> #0 0x00007ffff7241b71 in __strlen_sse2 () from /lib64/libc.so.6 >>> No symbol table info available. >>> Cannot access memory at address 0x7fffffffd848 >>> >>> Then I installed debuginfo for glibc via debuginfo-install >>> glibc-2.17-157.el7_3.1.x86_64 and get >>> >>> Program received signal SIGSEGV, Segmentation fault. >>> [Switching to process 18099] >>> __strlen_sse2 () at ../sysdeps/x86_64/strlen.S:31 >>> 31 movdqu (%rdi), %xmm1 >>> >>> So this is an issue for glibc developpers? Just wonder why this error >>> does not occur if I call the script directly on cli or if I use >>> sieve-test program. It seems only to occur if the script called from dovecot >>> >>> To compare I tried gdb as well as user vmail and get more detailed >>> information >>> >>> [New process 20844] >>> Program received signal SIGSEGV, Segmentation fault. >>> [Switching to process 20844] >>> 0x00007ffff7203694 in _IO_vfprintf_internal (s=s at entry=0x7fffffffd710, >>> format=, >>> format at entry=0x555555764938 "chroot(%s) failed: Bad address", >>> ap=ap at entry=0x7fffffffd970) at vfprintf.c:1635 >>> 1635 process_string_arg (((struct printf_spec *) NULL)); >>> >>> bt full does return much more in this case. I attached that output as >>> bt_full.txt to this mail (maybe it can be of help) >>> >>> Thanks for your help >>> >>> tobi >>> >> >> Did you update both dovecot *and* pigeonhole when you last updated? >> >> Aki >> From juri+dovecot at dividebyzero.it Thu Jan 5 19:55:54 2017 From: juri+dovecot at dividebyzero.it (Juri) Date: Thu, 05 Jan 2017 19:55:54 +0000 Subject: Dovecot dsync tcps sends incomplete certificate chain In-Reply-To: References: <045859ec9c818f2ce2814821952b415c@mail.dividebyzero.it> Message-ID: <7f7b00f375f041c5b906aa0ee92ec1da@mail.dividebyzero.it> 5 Gennaio 2017 01:21, "John Fawcett" wrote: > On 01/04/2017 08:40 PM, Juri wrote: > >> Hi, >> I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and >> a valid Let's Encrypt certificate. >> I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the tcps method, but >> when I launch the replication it fails writing on the log (/var/log/mail.err): >> (Server 1 - sync "client" )| Error: sync: Disconnected from remote: Received invalid SSL >> certificate: unable to get local issuer certificate: /CN=mail.dividebyzero.it >> (Server 2 - sync "server")| Error: doveadm client disconnected before handshake: >> >> If I try to connect to the server using openssl s_client, on the port 993 (imaps) the server >> correctly sends the full chain: >> $ openssl s_client -connect server1.fqdn:993 >> CONNECTED(00000003) >> depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 >> verify return:1 >> depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 >> verify return:1 >> depth=0 CN = mail.dividebyzero.it >> verify return:1 >> --- >> Certificate chain >> 0 s:/CN=mail.dividebyzero.it >> i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 >> 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 >> i:/O=Digital Signature Trust Co./CN=DST Root CA X3 >> ... >> >> while on the doveadm port it fails: >> $ openssl s_client -connect server1.fqdn:7557 >> CONNECTED(00000003) >> depth=0 CN = mail.dividebyzero.it >> verify error:num=20:unable to get local issuer certificate >> verify return:1 >> depth=0 CN = mail.dividebyzero.it >> verify error:num=21:unable to verify the first certificate >> verify return:1 >> --- >> Certificate chain >> 0 s:/CN=mail.dividebyzero.it >> i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 >> ... >> >> I run Dovecot 2.2.13 on Debian 8.6: >> $ dovecot -n >> # 2.2.13: /etc/dovecot/dovecot.conf >> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 >> auth_default_realm = dividebyzero.it >> auth_mechanisms = plain login >> doveadm_password = (redacted) >> doveadm_port = 7557 >> mail_location = maildir:~/Maildir >> mail_plugins = " notify replication" >> namespace inbox { (removed) } >> passdb { >> driver = pam >> } >> passdb { >> args = username_format=%n /etc/vmail/%d/passwd >> driver = passwd-file >> } >> plugin { >> mail_replica = tcps:otherserver.fqdn >> } >> protocols = " imap lmtp" >> service aggregator { >> fifo_listener replication-notify-fifo { >> user = dovecot >> } >> unix_listener replication-notify { >> user = dovecot >> } >> } >> service auth { >> unix_listener auth-client { >> group = Debian-exim >> mode = 0660 >> } >> unix_listener auth-userdb { >> user = vmail >> } >> } >> service doveadm { >> inet_listener { >> port = 7557 >> ssl = yes >> } >> } >> service imap-login { >> inet_listener imap { >> port = 143 >> } >> inet_listener imaps { >> port = 993 >> ssl = yes >> } >> } >> service replicator { >> process_min_avail = 1 >> unix_listener replicator-doveadm { >> mode = 0666 >> } >> } >> ssl = required >> ssl_cert = > ssl_client_ca_file = /etc/letsencrypt/live/mail.dividebyzero.it/chain.pem >> ssl_key = > userdb { >> driver = passwd >> } >> userdb { >> args = uid=vmail gid=vmail home=/var/local/vmail/%d/%n >> driver = static >> } >> >> Is it a known problem, or has it been resolved in a subsequent version? >> If it is not, can you suggest me a workaround in the meantime? >> Thank you. > > I would do those test using the -CAfile parameter to be sure of the > local certificate file being used: > > openssl s_client -connect server1.fqdn:993 -CAfile > /etc/letsencrypt/live/mail.dividebyzero.it/chain.pem > openssl s_client -connect server1.fqdn:7557 -CAfile > /etc/letsencrypt/live/mail.dividebyzero.it/chain.pem > > You should also be able to see the problem using the verify command directly (on the cert copied > from the remote server) > openssl verify -CAfile /etc/letsencrypt/live/mail.dividebyzero.it/chain.pem > fullchain_copied_from_remote_server.pem > > This error happens when the local CA file or directory that is specified > does not contain the root certificate or the root certificate and > intermediate ones in the case that the intermediates are not supplied by > the server. My understanding is that Dovecot supplies the intermediate > certificates both for replication and imap services if they are in the > server certificate file. So you should be able to solve this by making > the root certificate available to Dovecot (parameter > ssl_client_ca_file). In the worst case you can concatenate the > intermediate and root certificates. > > The certificate you are likely missing is the root certificate: > > /O=Digital Signature Trust Co./CN=DST Root CA X3 > > You can follow the link on this page for it: https://letsencrypt.org/certificates > (link DST Root CA X3.) > > I recently set up replication following the wiki and I think you > deviated from the instructions at this point: > "The client must be able to verify that the SSL certificate is valid, so > you need to specify the directory/file containing valid SSL CA roots: > > ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu > ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat" > > At least when I followed this for Centos using the Redhat setting it worked. The DST root > certification was already in that file. You might have the same luck by following the indications > for Debian: > ssl_client_ca_dir = /etc/ssl/certs (and removing your ssl_client_ca_file setting). If not putting > the right root or chain into the file is your alternative option. > > John Thank you. In fact I tried both settings, that is |ssl_client_ca_dir = /etc/ssl/certs |ssl_client_ca_file = /etc/letsencrypt/live/mail.dividebyzero.it/chain.pem but with no luck. Actually, I noticed that with the two settings I get a slightly different error message (it took me quite a bit to notice it!), that is: |Error: sync: Disconnected from remote: Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 |Error: sync: Disconnected from remote: Received invalid SSL certificate: unable to get *local* issuer certificate: /CN=mail.dividebyzero.it (emphasis mine). I suppose that in the first case - as the server is sending only the last certificate on the chain - the client is unable to find the intermediate, while in the second case it won't find the root one. I then tried, as you suggested me, to concatenate both the intermediate and the root certificate in a single file, and it finally worked. In any case the original point still stands: in the sync mode - at least on my version (2.2.13) - the server sends only the last cert, so the client has to have the rest of the chain, instead of needing to have only the root certificate. May I ask you which is the version of Dovecot bundled with CentOS, to know if this may be a bug fixed in a newer version? Juri From posturne at gmail.com Thu Jan 5 20:56:03 2017 From: posturne at gmail.com (tom) Date: Thu, 5 Jan 2017 21:56:03 +0100 Subject: IMAP proxy for Exchange - encrypted backend Communication? Message-ID: Hello, I try to setup a IMAP proxy for my old Exchange server. Running Dovecot v2.x on Centos 7. So far I follow http://wiki2.dovecot.org/HowTo/ImapcProxy and it seem to work. The only but major thing is with this setup - the communication between proxy and backend is not encrypted. :( To fix this, I changed the config and add: imapc_ssl=imaps imapc_port=993 but it doesnt work, because of verify failure of the self signed backend certificate: Jan 5 21:48:55 imap dovecot: imap(user1): Error: imapc(192.168.1.1:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Jan 5 21:48:55 imap dovecot: imap(user1): Error: imapc(192.168.1.1:993): No SSL context Jan 5 21:48:55 imap dovecot: imap(user1): Error: imapc: Command failed: Disconnected from server Jan 5 21:48:55 imap dovecot: imap(user1): Error: user tkoenig: Initialization failed: Initializing mail storage from mail_location setting failed: Mailbox list driver imapc: Failed to access imapc backend Jan 5 21:48:55 imap dovecot: imap(user1): Error: Invalid user settings. Refer to server log for more information. I didnt found anything in the documentation which tells dovcot not verify the backend certificate. Is there a know way to get it runing? Many thanks for any hint! regrds, Tom From stephan at rename-it.nl Thu Jan 5 23:04:08 2017 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 6 Jan 2017 00:04:08 +0100 Subject: dovecot-pigeonhole running external script ends with signal 11 In-Reply-To: References: <6824f773-57b4-329a-7297-425574f5af34@rename-it.nl> <1b2d6f61-f59e-20f0-0e49-7666588cc256@brain-force.ch> <1cd6ff77-3181-e8b4-a5d5-8c6c87e40fcc@dovecot.fi> Message-ID: <199dbad2-d1ba-af56-109f-180b2805211e@rename-it.nl> Op 1/4/2017 om 9:37 AM schreef Tobi: > Hi Aki > > yes I built dovecot and pigeonhole rpms in the same rpmbuild. pigeonhole > rpm is based on 0.4.14 > Do you think that the error might come from self building the rpms? But what version of Pigeonhole are you actually using? Version 0.4.16 is released for Dovecot v2.2.26. Also: - Can you find out which process is getting the segfault? GDB shows the pid and you should lookup what process that is while GDB is still active. - Isn't that GDB backtrace you provided deeper? It shows only two levels, but that makes no sense (i.e. main() is not listed). Regards, Stephan. From john at voipsupport.it Fri Jan 6 00:34:48 2017 From: john at voipsupport.it (John Fawcett) Date: Fri, 6 Jan 2017 01:34:48 +0100 Subject: Dovecot dsync tcps sends incomplete certificate chain In-Reply-To: <7f7b00f375f041c5b906aa0ee92ec1da@mail.dividebyzero.it> References: <045859ec9c818f2ce2814821952b415c@mail.dividebyzero.it> <7f7b00f375f041c5b906aa0ee92ec1da@mail.dividebyzero.it> Message-ID: On 01/05/2017 08:55 PM, Juri wrote: > 5 Gennaio 2017 01:21, "John Fawcett" wrote: > >> On 01/04/2017 08:40 PM, Juri wrote: >> >> > Thank you. > > In fact I tried both settings, that is > |ssl_client_ca_dir = /etc/ssl/certs > |ssl_client_ca_file = /etc/letsencrypt/live/mail.dividebyzero.it/chain.pem > but with no luck. > Actually, I noticed that with the two settings I get a slightly different error message (it took me > quite a bit to notice it!), that is: > |Error: sync: Disconnected from remote: Received invalid SSL certificate: unable to get issuer > certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > |Error: sync: Disconnected from remote: Received invalid SSL certificate: unable to get *local* > issuer certificate: /CN=mail.dividebyzero.it > (emphasis mine). > I suppose that in the first case - as the server is sending only the last certificate on the chain > - the client is unable to find the intermediate, while in the second case it won't find the root > one. > > I then tried, as you suggested me, to concatenate both the intermediate and the root certificate in > a single file, and it finally worked. > In any case the original point still stands: in the sync mode - at least on my version (2.2.13) - > the server sends only the last cert, so the client has to have the rest of the chain, instead of > needing to have only the root certificate. > > May I ask you which is the version of Dovecot bundled with CentOS, to know if this may be a bug > fixed in a newer version? > > Juri Hi Juri if you find validation failing when you have only the root certificate in the CA file but a chained server+intermediate in the server certificate file, then your analysis makes sense and it seems that the intermediate certificate is not being sent by the server. That ties in with the different error messages between imap and replication. It might be interesting to do a test with -showcerts parameter. |openssl s_client -showcerts -connect hostname:|7557 |openssl s_client -showcerts -connect hostname:993 The bundled version of Dovecot on Centos 7 is 2.2.10 but I am not using that version. I am on 2.2.26, where I don't have the problem you see and both services send the server and intermediate certificate. I was unable to see any specific patches to the ssl or doveadm code for this issue, though it has undergone a few changes from 2.2.13. John | From lists at lazygranch.com Fri Jan 6 02:52:41 2017 From: lists at lazygranch.com (lists at lazygranch.com) Date: Thu, 5 Jan 2017 18:52:41 -0800 Subject: OP/PSA: Net Systems Research mail port diddlers Message-ID: <20170105185241.0351c25b@linux-h57q.site> http://netsystemsresearch.com/ dovecot.log.1.bz2:Jan 05 17:28:15 pop3-login: Info: Disconnected (no auth attempts in 3 secs): user=<>, rip=169.54.233.124, lip=MYIP, TLS handshaking: Disconnected, session= Their "research" pokes your email ports. Block if you want or participate in the (cough cough) research. IP addresses and opt-out email address on webpage. From skdovecot at smail.inf.fh-brs.de Fri Jan 6 07:56:54 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 6 Jan 2017 08:56:54 +0100 (CET) Subject: dovecot-pigeonhole running external script ends with signal 11 In-Reply-To: <1b2d6f61-f59e-20f0-0e49-7666588cc256@brain-force.ch> References: <6824f773-57b4-329a-7297-425574f5af34@rename-it.nl> <1b2d6f61-f59e-20f0-0e49-7666588cc256@brain-force.ch> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 4 Jan 2017, Tobi wrote: > [New process 20844] > Program received signal SIGSEGV, Segmentation fault. > [Switching to process 20844] > 0x00007ffff7203694 in _IO_vfprintf_internal (s=s at entry=0x7fffffffd710, > format=, > format at entry=0x555555764938 "chroot(%s) failed: Bad address", > ap=ap at entry=0x7fffffffd970) at vfprintf.c:1635 > 1635 process_string_arg (((struct printf_spec *) NULL)); Does your script tries to chroot? Do you have LMTP or Dovecot configured to chroot? As Stephan asked, can you determine with process is spawned here? The format string "chroot(%s) failed: Bad address" may stem from a Dovecot library. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWG9Nxnz1H7kL/d9rAQJIrgf/Y6NvtcCa0HkOHogOJwC42a5NSpA5nqlP sdANI8onYt/JReJA9PzeIKXgCps92xj0d85LNAIVcS4HjKcnBJZLSuWCVg8ppyjy NQbW499DsPtW/sw4bjs4P/yUR5eLw8ERV5EOABwemTBQz03EuBVa4bm6vkses+sN X+C9WJ54bBtjH6fPljpTagwfijNgAnPbkr/EuthMOKzx5IS02Nr3ec0hgDdFGHPu 4slRViTuYSr1dx0MmsqdiEE6wDdZLagLuc6kpVWa5M04L7wrQIri4b6AECf5sFOZ YQaosywbBTZKGYMXGHwX09A3wa8Uei1WgXkRNh6NyVbdy+Ubp5Dahw== =ntGy -----END PGP SIGNATURE----- From aki.tuomi at dovecot.fi Fri Jan 6 08:20:45 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Fri, 6 Jan 2017 10:20:45 +0200 (EET) Subject: Dovecot dsync tcps sends incomplete certificate chain In-Reply-To: References: <045859ec9c818f2ce2814821952b415c@mail.dividebyzero.it> <7f7b00f375f041c5b906aa0ee92ec1da@mail.dividebyzero.it> Message-ID: <1377759092.2062.1483690846460@appsuite-dev.open-xchange.com> > On January 6, 2017 at 2:34 AM John Fawcett wrote: > > > On 01/05/2017 08:55 PM, Juri wrote: > > 5 Gennaio 2017 01:21, "John Fawcett" wrote: > > > >> On 01/04/2017 08:40 PM, Juri wrote: > >> > >> > > Thank you. > > > > In fact I tried both settings, that is > > |ssl_client_ca_dir = /etc/ssl/certs > > |ssl_client_ca_file = /etc/letsencrypt/live/mail.dividebyzero.it/chain.pem > > but with no luck. > > Actually, I noticed that with the two settings I get a slightly different error message (it took me > > quite a bit to notice it!), that is: > > |Error: sync: Disconnected from remote: Received invalid SSL certificate: unable to get issuer > > certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > > |Error: sync: Disconnected from remote: Received invalid SSL certificate: unable to get *local* > > issuer certificate: /CN=mail.dividebyzero.it > > (emphasis mine). > > I suppose that in the first case - as the server is sending only the last certificate on the chain > > - the client is unable to find the intermediate, while in the second case it won't find the root > > one. > > > > I then tried, as you suggested me, to concatenate both the intermediate and the root certificate in > > a single file, and it finally worked. > > In any case the original point still stands: in the sync mode - at least on my version (2.2.13) - > > the server sends only the last cert, so the client has to have the rest of the chain, instead of > > needing to have only the root certificate. > > > > May I ask you which is the version of Dovecot bundled with CentOS, to know if this may be a bug > > fixed in a newer version? > > > > Juri > > Hi Juri > > if you find validation failing when you have only the root certificate > in the CA file but a chained server+intermediate in the server > certificate file, then your analysis makes sense and it seems that the > intermediate certificate is not being sent by the server. That ties in > with the different error messages between imap and replication. > > It might be interesting to do a test with -showcerts parameter. > > |openssl s_client -showcerts -connect hostname:|7557 > > |openssl s_client -showcerts -connect hostname:993 The bundled version of > Dovecot on Centos 7 is 2.2.10 but I am not using that version. I am on > 2.2.26, where I don't have the problem you see and both services send > the server and intermediate certificate. I was unable to see any > specific patches to the ssl or doveadm code for this issue, though it > has undergone a few changes from 2.2.13. John | You might want to return from passdb following things, if I understood your scenario correctly. proxy=y host=your-backend-host ssl=any-cert port=993 https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy Aki From sami.ketola at dovecot.fi Fri Jan 6 17:04:57 2017 From: sami.ketola at dovecot.fi (Sami Ketola) Date: Fri, 6 Jan 2017 19:04:57 +0200 Subject: IMAP proxy for Exchange - encrypted backend Communication? In-Reply-To: References: Message-ID: <244EAB9F-E9F7-4EFD-8D82-567662305DB0@dovecot.fi> > On 5 Jan 2017, at 22.56, tom wrote: > > Hello, > > I try to setup a IMAP proxy for my old Exchange server. > Running Dovecot v2.x on Centos 7. > > So far I follow http://wiki2.dovecot.org/HowTo/ImapcProxy and it seem > to work. The only but major thing is with this setup - the > communication between proxy and backend is not encrypted. :( > > To fix this, I changed the config and add: > imapc_ssl=imaps > imapc_port=993 > > but it doesnt work, because of verify failure of the self signed > backend certificate: you need to set: imapc_ssl_verify = no Regards, Sami From posturne at gmail.com Fri Jan 6 17:45:04 2017 From: posturne at gmail.com (Thomas Koenig) Date: Fri, 06 Jan 2017 18:45:04 +0100 Subject: IMAP proxy for Exchange - encrypted backend Communication? In-Reply-To: <244EAB9F-E9F7-4EFD-8D82-567662305DB0@dovecot.fi> References: <244EAB9F-E9F7-4EFD-8D82-567662305DB0@dovecot.fi> Message-ID: <849040CF-FCD2-432B-A436-08FE7151CD75@gmail.com> thx, I'll try it. Currently I use stunnel as a quick and dirty work around. Tom Am 6. Januar 2017 18:04:57 MEZ schrieb Sami Ketola : > >> On 5 Jan 2017, at 22.56, tom wrote: >> >> Hello, >> >> I try to setup a IMAP proxy for my old Exchange server. >> Running Dovecot v2.x on Centos 7. >> >> So far I follow http://wiki2.dovecot.org/HowTo/ImapcProxy and it seem >> to work. The only but major thing is with this setup - the >> communication between proxy and backend is not encrypted. :( >> >> To fix this, I changed the config and add: >> imapc_ssl=imaps >> imapc_port=993 >> >> but it doesnt work, because of verify failure of the self signed >> backend certificate: > >you need to set: > >imapc_ssl_verify = no > >Regards, >Sami From juri+dovecot at dividebyzero.it Fri Jan 6 18:41:21 2017 From: juri+dovecot at dividebyzero.it (Juri) Date: Fri, 06 Jan 2017 19:41:21 +0100 Subject: Dovecot dsync tcps sends incomplete certificate chain In-Reply-To: References: <7f7b00f375f041c5b906aa0ee92ec1da@mail.dividebyzero.it> Message-ID: <1995043.i4myJGQtPs@arch-zenbook> In data venerd? 6 gennaio 2017 01:34:48 CET, John Fawcett ha scritto: > On 01/05/2017 08:55 PM, Juri wrote: > > 5 Gennaio 2017 01:21, "John Fawcett" wrote: > >> On 01/04/2017 08:40 PM, Juri wrote: > Hi Juri > > if you find validation failing when you have only the root certificate > in the CA file but a chained server+intermediate in the server > certificate file, then your analysis makes sense and it seems that the > intermediate certificate is not being sent by the server. That ties in > with the different error messages between imap and replication. > > It might be interesting to do a test with -showcerts parameter. > > |openssl s_client -showcerts -connect hostname:|7557 > | > |openssl s_client -showcerts -connect hostname:993 The bundled version of > > Dovecot on Centos 7 is 2.2.10 but I am not using that version. I am on > 2.2.26, where I don't have the problem you see and both services send > the server and intermediate certificate. I was unable to see any > specific patches to the ssl or doveadm code for this issue, though it > has undergone a few changes from 2.2.13. John | I tried what you suggested, and the result is more or less the same as what I wrote in the first message (only the last cert sent on port 7557, and both - the last and the intermediate one - on port 993). I tried to recompile the same version (2.2.13) on my Arch Linux home PC, and using the same settings and same certs as on the server, all the certificates are correctly being sent on both ports, so I suppose the bug lies in the debian patches - I'll try to report to them. In the meantime, thank you all for the help! Juri From gregc at olypensupport.com Fri Jan 6 21:03:45 2017 From: gregc at olypensupport.com (gregc at olypensupport.com) Date: Fri, 6 Jan 2017 13:03:45 -0800 Subject: Auth-policy: auth_policy_server_url and https support Message-ID: When using Auth policy server it doesn?t currently doesn?t support https. In version 2.2.27: Policy server HTTP error: 9002 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) and in version 2.3.devel Policy server HTTP error: 9002 Requested https connection, but no SSL settings given dovecot.conf does have ?ssl_client_ca_dir = /etc/ssl/certs? set. Looking around the source, http-client-settings are not given the ssl_ca_dir or ssl_ca_file setting from the config. Admittedly SSL tear up/down is little expensive per auth, but I think it maybe it should still work? From sean at seangreenslade.com Fri Jan 6 23:57:05 2017 From: sean at seangreenslade.com (Sean Greenslade) Date: Fri, 06 Jan 2017 13:57:05 -1000 Subject: OP/PSA: Net Systems Research mail port diddlers In-Reply-To: <20170105185241.0351c25b@linux-h57q.site> References: <20170105185241.0351c25b@linux-h57q.site> Message-ID: <3393413D-69F7-4305-BD3A-351208448519@seangreenslade.com> On January 5, 2017 4:52:41 PM HST, "lists at lazygranch.com" wrote: >http://netsystemsresearch.com/ > >dovecot.log.1.bz2:Jan 05 17:28:15 pop3-login: Info: Disconnected (no >auth attempts in 3 secs): user=<>, rip=169.54.233.124, lip=MYIP, TLS >handshaking: Disconnected, session= > >Their "research" pokes your email ports. Block if you want or >participate in the (cough cough) research. > >IP addresses and opt-out email address on webpage. Assuming your password policies are up to snuff and you have connection rate limiting in place, this sort of thing is basically just background noise. I'd focus my efforts on those two rather than playing the "block the port scanner whack-a-mole" game. --Sean From dovecot_ml at endberg.net Sun Jan 8 10:00:55 2017 From: dovecot_ml at endberg.net (Marcus Endberg) Date: Sun, 8 Jan 2017 11:00:55 +0100 Subject: auth: Error: BUG: Authentication client sent unknown handshake command Message-ID: Hello! I run dovecot for many years now, but today it ran into a bug I've never seen before. Searching the archives, this bug seems to occur very seldom. The current server installation & configuration is running since mid 2015, uptime of the server today is more than two months. It is a virtual machine in a data center, debian 7 / reiserfs, 'dovecot -n' output below. Just within normal operation, suddenly my users could no longer check their IMAP accounts, log shows lots of entries like this: ----------------------- /var/log/mail.log excerpt --------------------- 2017-01-08 08:15:23 dovecot: auth: Error: BUG: Authentication client sent unknown handshake command: REQUEST?3484549121?11364?1?74fa603b892f9a262605ae6c2ce1d9a1 2017-01-08 08:15:23 dovecot: imap: Error: Authentication server didn't send valid SPID as expected: MECH#011PLAIN#011plaintext 2017-01-08 08:15:23 dovecot: imap: Error: Disconnected from auth server, aborting (client-pid=11364 client-id=1) 2017-01-08 08:15:23 dovecot: imap-login: Internal login failure (pid=11364 id=1) (internal failure, 1 succesful auths): user=, method=PLAIN, rip=, lip=85.214.143.57, mpid=11368, TLS, session=<0oiwA5BFmQBQhoL1> ----------------------------------------------------------------------- Strangely, sending mails still worked fine (postfix uses dovecot SASL authentification). I could not find any hint what might have caused the error in any logfile. After restarting dovecot everything is back to normal operation. Is there any other information I can / should provide? Thanks for your efforts, Marcus ----------------------- output of 'dovecot -n' ------------------------ # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.41-042stab120.16 i686 Debian 7.11 mail_location = maildir:~/Maildir namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = " imap" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } ssl_cert = References: <6824f773-57b4-329a-7297-425574f5af34@rename-it.nl> <1b2d6f61-f59e-20f0-0e49-7666588cc256@brain-force.ch> <1cd6ff77-3181-e8b4-a5d5-8c6c87e40fcc@dovecot.fi> <199dbad2-d1ba-af56-109f-180b2805211e@rename-it.nl> <0a655b2d-b67b-71c2-e331-3fbd6a615b42@brain-force.ch> Message-ID: Op 1/8/2017 om 10:00 AM schreef Tobi: > Hi Stephan > > according to ps aux the process that segfaults is (pid 18261) > > vmail 18261 0.0 0.0 0 0 pts/0 Z 09:39 0:00 [lmtp] > > > the gdb backtrace I attached to my mail was the deepest one I got That looks like it happens in Dovecot still. > @Steffen > the script does not chroot, at least not that I'm aware of. I checked my > dovecot configs and could not find any active chroot config. All > occurences of mail_chroot are commented out and have no path values. What about the version information I asked about? Regards, Stephan. > Am 06.01.2017 um 00:04 schrieb Stephan Bosch: >> Op 1/4/2017 om 9:37 AM schreef Tobi: >>> Hi Aki >>> >>> yes I built dovecot and pigeonhole rpms in the same rpmbuild. pigeonhole >>> rpm is based on 0.4.14 >>> Do you think that the error might come from self building the rpms? >> But what version of Pigeonhole are you actually using? Version 0.4.16 is >> released for Dovecot v2.2.26. >> >> Also: >> >> - Can you find out which process is getting the segfault? GDB shows the >> pid and you should lookup what process that is while GDB is still active. >> - Isn't that GDB backtrace you provided deeper? It shows only two >> levels, but that makes no sense (i.e. main() is not listed). >> >> Regards, >> >> Stephan. >> From tobster at brain-force.ch Sun Jan 8 11:22:38 2017 From: tobster at brain-force.ch (Tobi) Date: Sun, 8 Jan 2017 12:22:38 +0100 (GMT+01:00) Subject: dovecot-pigeonhole running external script ends with signal 11 In-Reply-To: References: <6824f773-57b4-329a-7297-425574f5af34@rename-it.nl> <1b2d6f61-f59e-20f0-0e49-7666588cc256@brain-force.ch> <1cd6ff77-3181-e8b4-a5d5-8c6c87e40fcc@dovecot.fi> <199dbad2-d1ba-af56-109f-180b2805211e@rename-it.nl> <0a655b2d-b67b-71c2-e331-3fbd6a615b42@brain-force.ch> Message-ID: <2a9a20e.d891b445.1597dd0e414@brain-force.ch> Hi Stephan currently the rpm is built based on 0.4.14 Should I try with 0.4.16? I will build it again this afternoon with the version you suggested and report back with the results. Thanks for the help here tobi ----- Originale Nachricht ----- Von: Stephan Bosch Gesendet: 08.01.17 - 11:00 An: tobster at brain-force.ch@pgp.brain-force.ch, Dovecot Mailing List Betreff: Re: dovecot-pigeonhole running external script ends with signal 11 > Op 1/8/2017 om 10:00 AM schreef Tobi: >> Hi Stephan >> >> according to ps aux the process that segfaults is (pid 18261) >> >> vmail 18261 0.0 0.0 0 0 pts/0 Z 09:39 0:00 [lmtp] >> >> >> the gdb backtrace I attached to my mail was the deepest one I got > > That looks like it happens in Dovecot still. > >> @Steffen >> the script does not chroot, at least not that I'm aware of. I checked my >> dovecot configs and could not find any active chroot config. All >> occurences of mail_chroot are commented out and have no path values. > > What about the version information I asked about? > > Regards, > > Stephan. > >> Am 06.01.2017 um 00:04 schrieb Stephan Bosch: >>> Op 1/4/2017 om 9:37 AM schreef Tobi: >>>> Hi Aki >>>> >>>> yes I built dovecot and pigeonhole rpms in the same rpmbuild. pigeonhole >>>> rpm is based on 0.4.14 >>>> Do you think that the error might come from self building the rpms? >>> But what version of Pigeonhole are you actually using? Version 0.4.16 is >>> released for Dovecot v2.2.26. >>> >>> Also: >>> >>> - Can you find out which process is getting the segfault? GDB shows the >>> pid and you should lookup what process that is while GDB is still active. >>> - Isn't that GDB backtrace you provided deeper? It shows only two >>> levels, but that makes no sense (i.e. main() is not listed). >>> >>> Regards, >>> >>> Stephan. >>> > From tobster at brain-force.ch Sun Jan 8 13:33:34 2017 From: tobster at brain-force.ch (Tobi) Date: Sun, 8 Jan 2017 14:33:34 +0100 (GMT+01:00) Subject: dovecot-pigeonhole running external script ends with signal 11 In-Reply-To: <2a9a20e.d891b445.1597dd0e414@brain-force.ch> References: <6824f773-57b4-329a-7297-425574f5af34@rename-it.nl> <1b2d6f61-f59e-20f0-0e49-7666588cc256@brain-force.ch> <1cd6ff77-3181-e8b4-a5d5-8c6c87e40fcc@dovecot.fi> <199dbad2-d1ba-af56-109f-180b2805211e@rename-it.nl> <0a655b2d-b67b-71c2-e331-3fbd6a615b42@brain-force.ch> <2a9a20e.d891b445.1597dd0e414@brain-force.ch> Message-ID: Hi Stephan thanks for insisting on the pigeonhole version. That seems to be the reason. With 0.4.16 I built the rpms again and after yum install on my mailbox servers the script "terminated normally" Just one thing that does not go in my brain so far: in 1 out of maybe 20 cases the script worked with 0.4.14 without an error. But thats not important as with 0.4.16 it works in 100% of processed mails so far. Again thanks a lot for the great help here and happy mailing tobi ----- Originale Nachricht ----- Von: Tobi Gesendet: 08.01.17 - 12:22 An: Dovecot Mailing List Betreff: Re: dovecot-pigeonhole running external script ends with signal 11 > Hi Stephan > > currently the rpm is built based on 0.4.14 > Should I try with 0.4.16? I will build it again this afternoon with the version you suggested and report back with the results. > > Thanks for the help here > > tobi > > ----- Originale Nachricht ----- > Von: Stephan Bosch > Gesendet: 08.01.17 - 11:00 > An: tobster at brain-force.ch@pgp.brain-force.ch, > Dovecot Mailing List > Betreff: Re: dovecot-pigeonhole running external script ends with signal 11 > >> Op 1/8/2017 om 10:00 AM schreef Tobi: >>> Hi Stephan >>> >>> according to ps aux the process that segfaults is (pid 18261) >>> >>> vmail 18261 0.0 0.0 0 0 pts/0 Z 09:39 0:00 [lmtp] >>> >>> >>> the gdb backtrace I attached to my mail was the deepest one I got >> >> That looks like it happens in Dovecot still. >> >>> @Steffen >>> the script does not chroot, at least not that I'm aware of. I checked my >>> dovecot configs and could not find any active chroot config. All >>> occurences of mail_chroot are commented out and have no path values. >> >> What about the version information I asked about? >> >> Regards, >> >> Stephan. >> >>> Am 06.01.2017 um 00:04 schrieb Stephan Bosch: >>>> Op 1/4/2017 om 9:37 AM schreef Tobi: >>>>> Hi Aki >>>>> >>>>> yes I built dovecot and pigeonhole rpms in the same rpmbuild. pigeonhole >>>>> rpm is based on 0.4.14 >>>>> Do you think that the error might come from self building the rpms? >>>> But what version of Pigeonhole are you actually using? Version 0.4.16 is >>>> released for Dovecot v2.2.26. >>>> >>>> Also: >>>> >>>> - Can you find out which process is getting the segfault? GDB shows the >>>> pid and you should lookup what process that is while GDB is still active. >>>> - Isn't that GDB backtrace you provided deeper? It shows only two >>>> levels, but that makes no sense (i.e. main() is not listed). >>>> >>>> Regards, >>>> >>>> Stephan. >>>> >> > From aki.tuomi at dovecot.fi Sun Jan 8 16:29:03 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Sun, 8 Jan 2017 18:29:03 +0200 (EET) Subject: dovecot-pigeonhole running external script ends with signal 11 In-Reply-To: References: <6824f773-57b4-329a-7297-425574f5af34@rename-it.nl> <1b2d6f61-f59e-20f0-0e49-7666588cc256@brain-force.ch> <1cd6ff77-3181-e8b4-a5d5-8c6c87e40fcc@dovecot.fi> <199dbad2-d1ba-af56-109f-180b2805211e@rename-it.nl> <0a655b2d-b67b-71c2-e331-3fbd6a615b42@brain-force.ch> <2a9a20e.d891b445.1597dd0e414@brain-force.ch> Message-ID: <555034041.27.1483892944366@appsuite-dev.open-xchange.com> There were some non-compatible changes in 2.2.27 that makes older versions of pigeonhole incompatible, when external programs are used. We moved the program-client code from pigeonhole to dovecot core and made some changes to it to facilitate other uses for it. Aki > On January 8, 2017 at 3:33 PM Tobi wrote: > > > Hi Stephan > > thanks for insisting on the pigeonhole version. That seems to be the reason. With 0.4.16 I built the rpms again and after yum install on my mailbox servers the script "terminated normally" > > Just one thing that does not go in my brain so far: in 1 out of maybe 20 cases the script worked with 0.4.14 without an error. But thats not important as with 0.4.16 it works in 100% of processed mails so far. > > Again thanks a lot for the great help here and happy mailing > > tobi > > ----- Originale Nachricht ----- > Von: Tobi > Gesendet: 08.01.17 - 12:22 > An: Dovecot Mailing List > Betreff: Re: dovecot-pigeonhole running external script ends with signal 11 > > > Hi Stephan > > > > currently the rpm is built based on 0.4.14 > > Should I try with 0.4.16? I will build it again this afternoon with the version you suggested and report back with the results. > > > > Thanks for the help here > > > > tobi > > > > ----- Originale Nachricht ----- > > Von: Stephan Bosch > > Gesendet: 08.01.17 - 11:00 > > An: tobster at brain-force.ch@pgp.brain-force.ch, > > Dovecot Mailing List > > Betreff: Re: dovecot-pigeonhole running external script ends with signal 11 > > > >> Op 1/8/2017 om 10:00 AM schreef Tobi: > >>> Hi Stephan > >>> > >>> according to ps aux the process that segfaults is (pid 18261) > >>> > >>> vmail 18261 0.0 0.0 0 0 pts/0 Z 09:39 0:00 [lmtp] > >>> > >>> > >>> the gdb backtrace I attached to my mail was the deepest one I got > >> > >> That looks like it happens in Dovecot still. > >> > >>> @Steffen > >>> the script does not chroot, at least not that I'm aware of. I checked my > >>> dovecot configs and could not find any active chroot config. All > >>> occurences of mail_chroot are commented out and have no path values. > >> > >> What about the version information I asked about? > >> > >> Regards, > >> > >> Stephan. > >> > >>> Am 06.01.2017 um 00:04 schrieb Stephan Bosch: > >>>> Op 1/4/2017 om 9:37 AM schreef Tobi: > >>>>> Hi Aki > >>>>> > >>>>> yes I built dovecot and pigeonhole rpms in the same rpmbuild. pigeonhole > >>>>> rpm is based on 0.4.14 > >>>>> Do you think that the error might come from self building the rpms? > >>>> But what version of Pigeonhole are you actually using? Version 0.4.16 is > >>>> released for Dovecot v2.2.26. > >>>> > >>>> Also: > >>>> > >>>> - Can you find out which process is getting the segfault? GDB shows the > >>>> pid and you should lookup what process that is while GDB is still active. > >>>> - Isn't that GDB backtrace you provided deeper? It shows only two > >>>> levels, but that makes no sense (i.e. main() is not listed). > >>>> > >>>> Regards, > >>>> > >>>> Stephan. > >>>> > >> > > From jbjbay at googlemail.com Sun Jan 8 16:31:37 2017 From: jbjbay at googlemail.com (Jibeji) Date: Sun, 8 Jan 2017 17:31:37 +0100 Subject: .dovecot.sieve location issue Message-ID: Hello, I am trying to set sieve up on a Centos 7 server. It's a configuration with postfix, Maildir, MySQL and virtual domains which works fine. I have created a simple .dovecot.sieve in the user's directory: # cat /home/mail/domain.com/user/.dovecot.sieve require "fileinto"; redirect "other_address at other_domain.com"; Here are the logs: dovecot: lda(user at domain.com): Debug: sieve: Pigeonhole version 0.4.2 initializing lda(user at domain.com): Debug: sieve: include: sieve_global_dir is not set; it is currently not possible to include `:global' scripts. dovecot: lda(user at domain.com): Debug: sieve: script file /home/mail/ domain.com/.dovecot.sieve not found dovecot: lda(user at domain.com): Debug: sieve: user's script ~/.dovecot.sieve doesn't exist (trying default script location instead) lda(user at domain.com): Debug: sieve: no default script configured for user lda(user at domain.com): Debug: sieve: user has no valid location for a personal script lda(user at domain.com): Debug: sieve: no scripts to execute: reverting to default delivery. dovecot: lda(user at domain.com): msgid=<005b01d269ca$f287ebf0$d797c3d0$@fr>: saved mail to INBOX It tells that user's script ~/.dovecot.sieve doesn't exis However, on the troubleshooting guide, I can see these logs: dovecot: lda(hendrik): Debug: sieve: using sieve path for user's script: /home/hendrik/.dovecot.sieve dovecot: lda(hendrik): Debug: sieve: opening script /home/hendrik/.dovecot.sieve As you can see, it refers to "lda(hendrik)" but not "lda(user at domain.com" I am wondering whether Sieve looks for the file elsewhere than /home/mail/ domain.com/user/.dovecot.sieve Do you have any idea? From gjn at gjn.priv.at Sun Jan 8 17:04:52 2017 From: gjn at gjn.priv.at (=?ISO-8859-1?Q?G=FCnther_J=2E?= Niederwimmer) Date: Sun, 08 Jan 2017 18:04:52 +0100 Subject: Dovecot Selinux Setting Message-ID: <1752682.ohdd45KLzQ@techz> Hello, can any tell me the correct selinux Settings for the Maildir Setting ? in the Moment I have this setting Jan 8 15:04:52 2017 from 192.168.100.100 [root at mx03 ~]# ls -Z /srv/vmail drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.com drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.at drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 eu-example.at drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example1.com -rw-rw----. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 shared- mailboxes I mean this not correct, I have problems with sieve to enable the Link and with Sync ? I can't found the correct setting with goo..... Thanks for Help and a answer, -- mit freundlichen Gr?ssen / best regards G?nther J. Niederwimmer From ad+lists at uni-x.org Sun Jan 8 17:05:26 2017 From: ad+lists at uni-x.org (Alexander Dalloz) Date: Sun, 8 Jan 2017 18:05:26 +0100 Subject: .dovecot.sieve location issue In-Reply-To: References: Message-ID: <7971c4d2-075b-d18d-6a68-8adf0fe5eddb@uni-x.org> Am 08.01.2017 um 17:31 schrieb Jibeji: > Hello, > I am trying to set sieve up on a Centos 7 server. > It's a configuration with postfix, Maildir, MySQL and virtual domains which > works fine. > > I have created a simple .dovecot.sieve in the user's directory: > > # cat /home/mail/domain.com/user/.dovecot.sieve > require "fileinto"; > redirect "other_address at other_domain.com"; > > > Here are the logs: > > dovecot: lda(user at domain.com): Debug: sieve: Pigeonhole version 0.4.2 > initializing > lda(user at domain.com): Debug: sieve: include: sieve_global_dir is not set; > it is currently not possible to include `:global' scripts. > dovecot: lda(user at domain.com): Debug: sieve: script file /home/mail/ > domain.com/.dovecot.sieve not found > dovecot: lda(user at domain.com): Debug: sieve: user's script ~/.dovecot.sieve > doesn't exist (trying default script location instead) > lda(user at domain.com): Debug: sieve: no default script configured for user > lda(user at domain.com): Debug: sieve: user has no valid location for a > personal script > lda(user at domain.com): Debug: sieve: no scripts to execute: reverting to > default delivery. > dovecot: lda(user at domain.com): msgid=<005b01d269ca$f287ebf0$d797c3d0$@fr>: > saved mail to INBOX > > It tells that user's script ~/.dovecot.sieve doesn't exis > > However, on the troubleshooting guide, I can see these logs: > > dovecot: lda(hendrik): Debug: sieve: using sieve path for user's script: > /home/hendrik/.dovecot.sieve > dovecot: lda(hendrik): Debug: sieve: opening script > /home/hendrik/.dovecot.sieve > > As you can see, it refers to "lda(hendrik)" but not "lda(user at domain.com" > > I am wondering whether Sieve looks for the file elsewhere than /home/mail/ > domain.com/user/.dovecot.sieve > > Do you have any idea? You hopefully see that you have mismatching path information: > dovecot: lda(user at domain.com): Debug: sieve: script file /home/mail/ > domain.com/.dovecot.sieve not found > dovecot: lda(hendrik): Debug: sieve: using sieve path for user's script: > /home/hendrik/.dovecot.sieve So please provide your "doveconf -n" output or at least validate yourself the sieve settings. And .dovecot.sieve is a symlink to the active sieve filter. Alexander From ad+lists at uni-x.org Sun Jan 8 17:09:18 2017 From: ad+lists at uni-x.org (Alexander Dalloz) Date: Sun, 8 Jan 2017 18:09:18 +0100 Subject: Dovecot Selinux Setting In-Reply-To: <1752682.ohdd45KLzQ@techz> References: <1752682.ohdd45KLzQ@techz> Message-ID: <984b899b-3635-c58b-78fc-606487004aa1@uni-x.org> Am 08.01.2017 um 18:04 schrieb G?nther J. Niederwimmer: > Hello, > > can any tell me the correct selinux Settings for the Maildir Setting ? > > in the Moment I have this setting > Jan 8 15:04:52 2017 from 192.168.100.100 > [root at mx03 ~]# ls -Z /srv/vmail > > drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.com > drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.at > drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 eu-example.at > drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example1.com > -rw-rw----. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 shared- > mailboxes system_u:object_r:mail_spool_t:s0 for the spool (mail_location) > I mean this not correct, I have problems with sieve to enable the Link and > with Sync ? system_u:object_r:mail_home_rw_t:s0 is correct for the mail user's home > I can't found the correct setting with goo..... > > Thanks for Help and a answer, Alexander From jbjbay at googlemail.com Sun Jan 8 17:14:20 2017 From: jbjbay at googlemail.com (Jibeji) Date: Sun, 8 Jan 2017 18:14:20 +0100 Subject: .dovecot.sieve location issue In-Reply-To: <7971c4d2-075b-d18d-6a68-8adf0fe5eddb@uni-x.org> References: <7971c4d2-075b-d18d-6a68-8adf0fe5eddb@uni-x.org> Message-ID: Hello, Here it is: # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.14.32-xxxx-grs-ipv6-64 x86_64 first_valid_gid = 5000 first_valid_uid = 5000 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_access_groups = vmail mail_location = /home/mail/%d/%n mail_privileged_group = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmaster at radioamateur.org protocols = imap pop3 sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0600 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } ssl = required ssl_cert = wrote: > Am 08.01.2017 um 17:31 schrieb Jibeji: > >> Hello, >> I am trying to set sieve up on a Centos 7 server. >> It's a configuration with postfix, Maildir, MySQL and virtual domains >> which >> works fine. >> >> I have created a simple .dovecot.sieve in the user's directory: >> >> # cat /home/mail/domain.com/user/.dovecot.sieve >> require "fileinto"; >> redirect "other_address at other_domain.com"; >> >> >> Here are the logs: >> >> dovecot: lda(user at domain.com): Debug: sieve: Pigeonhole version 0.4.2 >> initializing >> lda(user at domain.com): Debug: sieve: include: sieve_global_dir is not set; >> it is currently not possible to include `:global' scripts. >> dovecot: lda(user at domain.com): Debug: sieve: script file /home/mail/ >> domain.com/.dovecot.sieve not found >> dovecot: lda(user at domain.com): Debug: sieve: user's script >> ~/.dovecot.sieve >> doesn't exist (trying default script location instead) >> lda(user at domain.com): Debug: sieve: no default script configured for user >> lda(user at domain.com): Debug: sieve: user has no valid location for a >> personal script >> lda(user at domain.com): Debug: sieve: no scripts to execute: reverting to >> default delivery. >> dovecot: lda(user at domain.com): msgid=<005b01d269ca$f287ebf0$d >> 797c3d0$@fr>: >> saved mail to INBOX >> >> It tells that user's script ~/.dovecot.sieve doesn't exis >> >> However, on the troubleshooting guide, I can see these logs: >> >> dovecot: lda(hendrik): Debug: sieve: using sieve path for user's script: >> /home/hendrik/.dovecot.sieve >> dovecot: lda(hendrik): Debug: sieve: opening script >> /home/hendrik/.dovecot.sieve >> >> As you can see, it refers to "lda(hendrik)" but not "lda(user at domain.com" >> >> I am wondering whether Sieve looks for the file elsewhere than /home/mail/ >> domain.com/user/.dovecot.sieve >> >> Do you have any idea? >> > > You hopefully see that you have mismatching path information: > > > dovecot: lda(user at domain.com): Debug: sieve: script file /home/mail/ > > domain.com/.dovecot.sieve not found > > > dovecot: lda(hendrik): Debug: sieve: using sieve path for user's script: > > /home/hendrik/.dovecot.sieve > > So please provide your "doveconf -n" output or at least validate yourself > the sieve settings. > > And .dovecot.sieve is a symlink to the active sieve filter. > > Alexander > From mihai at badici.ro Sun Jan 8 17:28:53 2017 From: mihai at badici.ro (Mihai Badici) Date: Sun, 08 Jan 2017 19:28:53 +0200 Subject: .dovecot.sieve location issue In-Reply-To: References: <7971c4d2-075b-d18d-6a68-8adf0fe5eddb@uni-x.org> Message-ID: <1515278.QQ3ksV4TH8@slackware-14> On Sunday 08 January 2017 18:14:20 Jibeji wrote: @other_domain.com"; > >> > >> > >> Here are the logs: > >> > >> dovecot: lda(user at domain.com): Debug: sieve: Pigeonhole version 0.4.2 > >> initializing > >> lda(user at domain.com): Debug: sieve: include: sieve_global_dir is not set; > >> it is currently not possible to include `:global' scripts. > >> dovecot: lda(user at domain.com): Debug: sieve: script file /home/mail/ > >> domain.com/.dovecot.sieve not found > >> dovecot: lda(user at domain.com): Debug: sieve: user's script > >> ~/.dovecot.sieve > >> doesn't exist (trying default script location instead) > >> lda(user at domain.com): Debug: sieve: no default script configured for user > >> lda(user at domain.com): Debug: sieve: user has no valid location for a > >> personal script > > And .dovecot.sieve is a symlink to the active sieve filter. > > > > Alexander There is a difference between home_directory and mail directory. http://wiki2.dovecot.org/VirtualUsers/Home As i remember sieve is located in home_directory, not in mail_directory, so you need to take care because if it is not defined it will have a specific implicit path depending on your config. From aki.tuomi at dovecot.fi Sun Jan 8 18:02:26 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Sun, 8 Jan 2017 20:02:26 +0200 (EET) Subject: Auth-policy: auth_policy_server_url and https support In-Reply-To: References: Message-ID: <1757487546.40.1483898547429@appsuite-dev.open-xchange.com> > On January 6, 2017 at 11:03 PM gregc at olypensupport.com wrote: > > > When using Auth policy server it doesn?t currently doesn?t support https. > > In version 2.2.27: > Policy server HTTP error: 9002 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) > > and in version 2.3.devel > Policy server HTTP error: 9002 Requested https connection, but no SSL settings given > > dovecot.conf does have ?ssl_client_ca_dir = /etc/ssl/certs? set. > > Looking around the source, http-client-settings are not given the ssl_ca_dir or ssl_ca_file setting from the config. > > Admittedly SSL tear up/down is little expensive per auth, but I think it maybe it should still work? I suppose so, and it should not do SSL tear up/down per auth, hopefully, since it reuses the same HTTP connections for 10 seconds. Aki From mikefroehner at gmx.de Mon Jan 9 07:55:18 2017 From: mikefroehner at gmx.de (=?UTF-8?Q?Mike_Fr=c3=b6hner?=) Date: Mon, 9 Jan 2017 08:55:18 +0100 Subject: dsync for subscription on public/shared folder In-Reply-To: References: Message-ID: <2fb98535-eaf9-a3a3-d3b5-c54510a83ceb@gmx.de> Hello, since nobody replied to this issue it might be a bug. Until bug reports are also going to this mailing list, I would like to tell this is a bug for me. I will add the dovecot -n: # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 3.10.0-327.10.1.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core) auth_cache_size = 10 M auth_cache_ttl = 6 hours auth_debug = yes auth_gssapi_hostname = $ALL auth_username_format = %Ln doveadm_password = # hidden, use -P to show it doveadm_port = 12345 first_valid_uid = 1000000 haproxy_timeout = 5 secs haproxy_trusted_networks = 10.0.0.0/8 lmtp_save_to_detail_mailbox = yes mail_access_groups = all_mailuser mail_debug = yes mail_plugins = " mail_log notify replication acl" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / } namespace public-test { location = maildir:/opt/mail/_public/test prefix = public/test/ separator = / subscriptions = no type = public } passdb { args = /etc/dovecot/dovecot-ldap.conf default_fields = userdb_home=/opt/mail/%u userdb_mail=maildir:/opt/mail/%u/Mails userdb_gid=vmail driver = ldap } plugin { acl = vfile acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes.db mail_debug = yes mail_plugins = " mail_log notify replication acl imap_acl" mail_replica = tcps:imap-1.office.gameduell.de sieve = file:~/sieve;active=~/.dovecot.sieve sieve_default = /etc/dovecot/sieve/default.sieve sieve_global = /etc/dovecot/sieve/global/ } protocols = imap lmtp sieve recipient_delimiter = - replication_dsync_parameters = -d -l 30 -U service aggregator { fifo_listener replication-notify-fifo { mode = 0666 user = vmail } unix_listener replication-notify { mode = 0666 user = vmail } } service auth-worker { process_min_avail = 1 } service auth { inet_listener { port = 12245 } process_min_avail = 1 unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } } service doveadm { inet_listener { port = 12345 ssl = yes } } service imap-login { inet_listener imaps { port = 0 ssl = yes } inet_listener imaps_haproxy { haproxy = yes port = 10993 ssl = yes } } service imap-postlogin { executable = script-login /adm/scripts/dovecot_acl_groups.sh user = $default_internal_user } service imap { executable = imap imap-postlogin } service lmtp { inet_listener lmtp { port = 24 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl = required ssl_cert = Hello, > > I already wrote regarding that, but maybe it sounded too complex. I will > write it a bit softer now. > > The replication through dsnyc works perfectly with one exception. I am > having an issue with the replication of the subscriptions file on shared > folder. > > We have a public mailbox defined: > > namespace public-test { > location = maildir:/opt/mail/_public/test > prefix = public/test/ > separator = / > subscriptions = no > type = public > } > > There 2 subfolder .Test1 and .Test2 which I would like to subscribe on > my user "ldaptestuser" which is part of the group "ldaptestgroup" > > The dovecot-acl file on /opt/mail/_public/test and > /opt/mail/_public/test/.Test{1,2} are the same and are containing: > > group=ldaptestgroup lrwstipekxa > > Now if I login through my client (Thunderbird or Roundcubemail) I can > see the following debug log: > > dovecot: imap(ldaptestuser): Debug: acl: acl username = ldaptestuser > dovecot: imap(ldaptestuser): Debug: acl: owner = 0 > dovecot: imap(ldaptestuser): Debug: acl: group added: domain users > dovecot: imap(ldaptestuser): Debug: acl: group added: ldaptestgroup > dovecot: imap(ldaptestuser): Debug: acl: group added: all_mailuser > > I created one new private folder on the mailbox of my test user and also > subscribed it. This subscription is successfully replicated. > > After that I am trying to subscribe the public folder. I can see the > folder in my client after I subscribed them. But on the 2nd dovecot > server the subscription file is not updated. > > imap-1 # cat subscription > Private1 > public/test/Test1 > > imap-2 # cat subscription > Private1 > > The debug log on both dovecot server tells me: > dovecot: doveadm(,ldaptestuser): Debug: Effective uid=834603987, > gid=991, home=/opt/mail/ldaptestuser > dovecot: doveadm(,ldaptestuser): Debug: acl: No acl_shared_dict > setting - shared mailbox listing is disabled > dovecot: doveadm(,ldaptestuser): Debug: maildir++: > root=/opt/mail/_public/test, index=, indexpvt=, control=, inbox=, alt= > dovecot: doveadm(,ldaptestuser): Debug: acl: initializing backend > with data: vfile > dovecot: doveadm(,ldaptestuser): Debug: acl: acl username = > ldaptestuser > dovecot: doveadm(,ldaptestuser): Debug: acl: owner = 0 > dovecot: doveadm(,ldaptestuser): Debug: acl vfile: Global ACLs disabled > > It looks like the doveadm() cannot find the group or is not > checking/initalizing the groups. > > Anybody any idea if I missconfigured something or is this just a bug? I > really would appreciate some help. > > kind regards, > Mike; > From abj at online.fr Mon Jan 9 09:35:29 2017 From: abj at online.fr (=?iso-8859-1?Q?Aur=E9lien?= Beaujean) Date: Mon, 9 Jan 2017 10:35:29 +0100 Subject: Virtual POP3 namespaces and quota-status In-Reply-To: <20161223135354.GA6575@dagobah.eu.org> References: <20161214114204.GP1717@dagobah.eu.org> <20161223135354.GA6575@dagobah.eu.org> Message-ID: <20170109093529.GA13346@dagobah.eu.org> Hi, again replying to myself, Le Friday 23 December 2016 ? 14:53, Aur?lien Beaujean ?crivait: > I've found a way to address my problem, using the %s (protocol) in the > configuration file, as this: I've updated dovecot to v2.2.27, and configured POP3 this way, without other changes on IMAP or LDA: protocol pop3 { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins last_login virtual # Virtual POP3 INBOX # The default namespace that is visible to IMAP clients namespace inbox { inbox = no prefix = separator = / list = yes } # Virtual namespace for the virtual INBOX. Use a global directory for dovecot-virtual files. namespace virtual { inbox = yes prefix = virtual/ separator = / #location = virtual:/etc/dovecot/virtual:INDEX=~/Maildir/virtual location = virtual:/etc/dovecot/virtual:INDEX=MEMORY list = no hidden = yes } # Copy of the inbox namespace. We'll use this in dovecot-virtual file. namespace real { prefix = RealMails/ separator = / list = no hidden = yes } } With /etc/dovecot/virtual/INBOX/dovecot-virtual containing: RealMails/INBOX RealMails/BOX1 RealMails/BOX2 all Thanks to cmouse on #dovecot who helped me to get the right config. There is at least one problem left, if there is some subdirectory created inside INBOX, dovecot will stop to list you emails inside INBOX folder while POP3'ing. They remain visible when IMAP'ing. The only way to get back INBOX emails for POP3 users is to remove the virtual POP3 config... Or I am missing something here http://wiki.dovecot.org/Plugins/Virtual or there is a bug in the virtual plugin. -- Aur? From soltys at ziu.info Mon Jan 9 15:09:04 2017 From: soltys at ziu.info (Michal Soltys) Date: Mon, 9 Jan 2017 16:09:04 +0100 Subject: multiple shared/mail format namespaces In-Reply-To: <1234573593.425.1483381270633@appsuite-dev.open-xchange.com> References: <153f77a7-9dcd-e080-f29e-0189059a694c@ziu.info> <1234573593.425.1483381270633@appsuite-dev.open-xchange.com> Message-ID: On January 2, 2017 at 5:58 PM Michal Soltys wrote: >> >> >> Hi, >> >> Are configurations (with separate formats per namespace) - such as ... >> >> namespace { >> type = shared >> list = children >> inbox = no >> separator = / >> subscriptions = no >> prefix = shared1/%%n/ >> location = maildir:/var/mail1/%%n/ >> } >> >> namespace { >> type = shared >> list = children >> inbox = no >> separator = / >> subscriptions = no >> prefix = shared2/%%n/ >> location = mdbox:/var/mail2/%%n/ >> } >> >> With separate userdbs serving part of the users with maildirs in /var/mail1/ >> and the other part with mdboxes in /var/mail2 >> >> ... valid in dovecot ? >> >> To be more precise: >> >> 1) Is current version dovecot expected to work with configuration as above ? >> E.g. if some user's mail location returned from userdb doesn't match >> location/format from one of the above namespaces - would it be ignored for it >> ? A very old version of dovecot I could check quickly (2.1.7) was segfaulting >> (imap processes) all the time with this kind of config. While I'll be >> upgrading it and the whole system to modern versions, I'm wondering if this >> kind of thing is formally allowed at all. >> >> An interesting variation of the above setup I tested - with the second >> namespace "un-variabled" and pointing to single user (with matching >> passwd-file returning that user) managed to work somehow - but the user itself >> was still created on the fly for the 1st namespace - having just a directory >> with empty dovecot-acl-list file. This essentially seemed to have worked like >> a typical public profile (shared acl db didn't seem to be used either) >> > On 2017-01-02 19:21, Aki Tuomi wrote: >> Yeah, that's valid configuration. As long as they have unique prefix. >> >> Aki >> Well, I retested it under 2.2.27 - and the behaviour is essentially the same (segfaults). Below is the simplified configuration under which it can be observed with 2 passwd-files (each with 1 user, passwords removed to save space) passwd-file local-mdbox: nmm:{SHA256}:::nmm:/var/mail2/nmm::userdb_mail=mdbox:/var/mail2/nmm userdb_home=/var/mail2/nmm passwd-file local-maildir: msl:{SHA256}:::msl:/var/mail/msl::userdb_mail=maildir:/var/mail/msl userdb_home=/var/mail/msl Both of the accounts have some mails/subfolders, nmm is sharing some of its contents to msl. doveconf -n (note thare are some leftovers from old configuration - particularly weird last/first uids and mail_uid using dovecot user - but those are not relevant to the issue): # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # OS: Linux 4.8.13-1-ARCH x86_64 ext4 auth_debug = yes auth_mechanisms = plain login disable_plaintext_auth = no first_valid_gid = 8 first_valid_uid = 105 last_valid_gid = 8 last_valid_uid = 105 listen = * log_path = /var/log/dovecot.log mail_access_groups = mail mail_debug = yes mail_gid = mail mail_location = maildir:/var/mail/%n mail_plugins = acl mail_uid = dovecot namespace { inbox = yes location = prefix = separator = / type = private } namespace share1 { inbox = no list = children location = maildir:%%h prefix = shared1/%%n/ separator = / subscriptions = no type = shared } namespace share2 { inbox = no list = children location = mdbox:%%h prefix = shared2/%%n/ separator = / subscriptions = no type = shared } passdb { args = username_format=%n /etc/dovecot/local-maildir default_fields = userdb_uid=dovecot userdb_gid=mail driver = passwd-file } passdb { args = username_format=%n /etc/dovecot/local-mdbox default_fields = userdb_uid=dovecot userdb_gid=mail driver = passwd-file } plugin { acl = vfile acl_shared_dict = file:/var/mail/shared-database/shared-mailboxes.db } protocols = imap service auth { unix_listener auth-userdb { group = mail mode = 0660 user = dovecot } user = dovecot } service imap-login { inet_listener imap { port = 0 } user = dovecot } service imap { executable = /usr/lib/dovecot/imap } userdb { driver = prefetch } userdb { args = username_format=%n /etc/dovecot/local-maildir default_fields = uid=dovecot gid=mail driver = passwd-file } userdb { args = username_format=%n /etc/dovecot/local-mdbox default_fields = uid=dovecot gid=mail driver = passwd-file } protocol imap { mail_max_userip_connections = 100 mail_plugins = acl imap_acl } With the configuration and 2 passwd-files as above, all imap processes (when logged as user msl) constantly crash with segfaults. Replacing %%h by template such as /var/mail/%%n (as in my initial report) behaves the same way. Now - IF share1 namespace is commented out or removed - everything works fine (and msl sees content shared by nmm under shared2/nmm/ ). Similarly - if only one shared namespace uses variables and the other points directly to some user - no crashes then. Any ideas ? I can get systraces/cores (though the latter without debug symbols - but I can recompile if need be). From info at vialactea.de Mon Jan 9 17:29:31 2017 From: info at vialactea.de (Malte Schmidt) Date: Mon, 9 Jan 2017 18:29:31 +0100 Subject: Deleting a mailbox recursively Message-ID: This topic was already discussed on this mailinglist: https://www.dovecot.org/list/dovecot/2011-November/079491.html I am also looking for a nice and convenient way of recursively deleting a mailbox which uses the mdbox-Format. Since then - was there any progress? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From markc at renta.net Tue Jan 10 02:45:04 2017 From: markc at renta.net (Mark Constable) Date: Tue, 10 Jan 2017 12:45:04 +1000 Subject: dovecot-pigeonhole and 2.2.27 In-Reply-To: <555034041.27.1483892944366@appsuite-dev.open-xchange.com> References: <6824f773-57b4-329a-7297-425574f5af34@rename-it.nl> <1b2d6f61-f59e-20f0-0e49-7666588cc256@brain-force.ch> <1cd6ff77-3181-e8b4-a5d5-8c6c87e40fcc@dovecot.fi> <199dbad2-d1ba-af56-109f-180b2805211e@rename-it.nl> <0a655b2d-b67b-71c2-e331-3fbd6a615b42@brain-force.ch> <2a9a20e.d891b445.1597dd0e414@brain-force.ch> <555034041.27.1483892944366@appsuite-dev.open-xchange.com> Message-ID: <7ed1fb5b-0308-d24e-2df2-27092069fa07@renta.net> On 09/01/17 02:29, Aki Tuomi wrote: > There were some non-compatible changes in 2.2.27 that makes older > versions of pigeonhole incompatible, when external programs are used. > We moved the program-client code from pigeonhole to dovecot core and > made some changes to it to facilitate other uses for it. I'm testing with ubuntu zesty and it's still at dovecot 2.2.25 so where might I find the docs for the relevant changes in 2.2.27 that will no doubt affect me in another month or three? And would anyone have an example of how to use dovecot-pigeonhole to call spamprobe as an external program in the current 2.2.25? I've only been testing postfix/dovecot for a few weeks so I'm not familiar with most of the docs or ecosystem in general. From Benoit.Branciard at univ-paris1.fr Tue Jan 10 14:10:53 2017 From: Benoit.Branciard at univ-paris1.fr (Benoit Branciard) Date: Tue, 10 Jan 2017 15:10:53 +0100 Subject: doveadm output format changes In-Reply-To: <41f15f77-7605-9426-c2fd-90ec869cb06a@univ-paris1.fr> References: <41f15f77-7605-9426-c2fd-90ec869cb06a@univ-paris1.fr> Message-ID: <12dfbda4-cf6c-44f9-de47-c212ee61e191@univ-paris1.fr> "doveadm fetch text mailbox MyBox uid UID1,UID2" also changed... "^L"s (form-feeds) disappeared... Hmmm.... :-( Le 05/01/2017 ? 12:38, Benoit Branciard a ?crit : > It appears that doveadm output format changes every now and then, > without particular notice. > > For example, the following command: > doveadm -f pager mailbox status 'messages recent' '*' > -- Benoit BRANCIARD Service InfraStructures (SIS) Direction du Syst?me d'Information et des Usages Num?riques (DSIUN) Universit? Paris 1 Panth?on-Sorbonne Centre Pierre Mend?s France 90 rue de Tolbiac - 75634 Paris cedex 13 - France Bur. B406 - T?l +33 1 44 07 89 68 - Fax +33 1 44 07 89 66 Accueil: +33 1 44 07 89 65 - Assistance-DSIUN at univ-paris1.fr http://dsi.univ-paris1.fr From mail at tomsommer.dk Tue Jan 10 18:38:56 2017 From: mail at tomsommer.dk (Tom Sommer) Date: Tue, 10 Jan 2017 19:38:56 +0100 Subject: Poolmon: Problem with index-locking Message-ID: <891fc5d89b8b7e7b9bf52de305a0588e@tomsommer.dk> I have Poolmon (https://github.com/brandond/poolmon) set up. When it does all the checks concurrently, obviously there are locking issues on each mailserver it tests: "Warning: Locking transaction log file xxxx/indexes/dovecot.list.index.log took 60 seconds (syncing)" It's just an empty mailbox. Is there any way to do a login test, without locking the index files? Hence avoiding these warnings/errors? Thanks. -- Tom From soltys at ziu.info Tue Jan 10 19:19:56 2017 From: soltys at ziu.info (Michal Soltys) Date: Tue, 10 Jan 2017 20:19:56 +0100 Subject: multiple shared/mail format namespaces (segv identified + patch) In-Reply-To: References: <153f77a7-9dcd-e080-f29e-0189059a694c@ziu.info> <1234573593.425.1483381270633@appsuite-dev.open-xchange.com> Message-ID: I think I've found the reason behind those crashes as in the configuration posted in the earlier mail. First the full backtrace: Message: Process 13965 (imap) of user 105 dumped core. Stack trace of thread 13965: #0 0x00007fbdaa15929a __strcmp_sse2_unaligned (libc.so.6) #1 0x00007fbdaa820c50 mail_storage_match_class (libdovecot-storage.so.0) #2 0x00007fbdaa820cbf mail_storage_find (libdovecot-storage.so.0) #3 0x00007fbdaa82103d mail_storage_create_full (libdovecot-storage.so.0) #4 0x00007fbdaa8212c2 mail_storage_create (libdovecot-storage.so.0) #5 0x00007fbdaa816cdc mail_namespaces_init_add (libdovecot-storage.so.0) #6 0x00007fbdaa817694 mail_namespaces_init (libdovecot-storage.so.0) #7 0x00007fbdaa82a4cd mail_storage_service_init_post (libdovecot-storage.so.0) #8 0x00007fbdaa82c266 mail_storage_service_next_real (libdovecot-storage.so.0) #9 0x00007fbdaa82c321 mail_storage_service_next (libdovecot-storage.so.0) #10 0x00007fbdaa82c49a mail_storage_service_lookup_next (libdovecot-storage.so.0) #11 0x00000000004314f0 client_create_from_input (imap) #12 0x0000000000431968 login_client_connected (imap) #13 0x00007fbdaa49b1c1 master_login_auth_finish (libdovecot.so.0) #14 0x00007fbdaa49baca master_login_auth_callback (libdovecot.so.0) #15 0x00007fbdaa49cae9 master_login_auth_input_user (libdovecot.so.0) #16 0x00007fbdaa49cfb1 master_login_auth_input (libdovecot.so.0) #17 0x00007fbdaa54a545 io_loop_call_io (libdovecot.so.0) #18 0x00007fbdaa54ce68 io_loop_handler_run_internal (libdovecot.so.0) #19 0x00007fbdaa54a726 io_loop_handler_run (libdovecot.so.0) #20 0x00007fbdaa54a649 io_loop_run (libdovecot.so.0) #21 0x00007fbdaa49ee3b master_service_run (libdovecot.so.0) #22 0x0000000000431efb main (imap) #23 0x00007fbdaa0ea291 __libc_start_main (libc.so.6) #24 0x000000000040c6da _start (imap) GNU gdb (GDB) 7.12 Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/lib/dovecot/imap...done. [New LWP 13965] Core was generated by `dovecot/imap'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007fbdaa15929a in __strcmp_sse2_unaligned () from /usr/lib/libc.so.6 (gdb) up #1 0x00007fbdaa820c50 in mail_storage_match_class (storage=0xdc5800, storage_class=0x7fbdaab715c0 , set=0x7fff217d6030) at mail-storage.c:285 285 strcmp(storage->unique_root_dir, (gdb) print storage->unique_root_dir $1 = 0x0 (gdb) So the first argument passed to strcmp() was NULL. The offending part of code is: if ((storage->class_flags & MAIL_STORAGE_CLASS_FLAG_UNIQUE_ROOT) != 0 && strcmp(storage->unique_root_dir, (set->root_dir != NULL ? set->root_dir : "")) != 0) return FALSE; The 2nd argument is sanitized explicitly, but the first is not - and apparently it can be NULL as well. Adding same check to the 1st argument stopped segfaults and both shared namespaces seemed to be working correctly - so user 'msl' could see/subscribe shared folders from user 'nnm' and vice versa (both mailboxes being of different format). While this was enough here, something else might be needed to make it fully correct (the original strcmp() invocation would suggest that the 1st argument should never be NULL). From soltys at ziu.info Tue Jan 10 19:58:03 2017 From: soltys at ziu.info (Michal Soltys) Date: Tue, 10 Jan 2017 20:58:03 +0100 Subject: [PATCH] mail-storage.c: check against NULL address in strcmp() invocation In-Reply-To: References: Message-ID: <1484078283-7108-1-git-send-email-soltys@ziu.info> Configurations with multiple shared namespaces can trigger a bug where the first argument of strcmp() invocation is NULL. This patch adds an explicit check, analogously to how the second argument is sanitized. --- src/lib-storage/mail-storage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib-storage/mail-storage.c b/src/lib-storage/mail-storage.c index 1d9b1bf..3d9f5dc 100644 --- a/src/lib-storage/mail-storage.c +++ b/src/lib-storage/mail-storage.c @@ -282,7 +282,7 @@ mail_storage_match_class(struct mail_storage *storage, return FALSE; if ((storage->class_flags & MAIL_STORAGE_CLASS_FLAG_UNIQUE_ROOT) != 0 && - strcmp(storage->unique_root_dir, + strcmp((storage->unique_root_dir != NULL ? storage->unique_root_dir : ""), (set->root_dir != NULL ? set->root_dir : "")) != 0) return FALSE; -- 2.1.3 From tss at iki.fi Tue Jan 10 20:31:44 2017 From: tss at iki.fi (Timo Sirainen) Date: Tue, 10 Jan 2017 22:31:44 +0200 Subject: [PATCH] mail-storage.c: check against NULL address in strcmp() invocation In-Reply-To: <1484078283-7108-1-git-send-email-soltys@ziu.info> References: <1484078283-7108-1-git-send-email-soltys@ziu.info> Message-ID: <700199E6-9F7C-4AEC-ABD9-FB1A49823E03@iki.fi> On 10 Jan 2017, at 21.58, Michal Soltys wrote: > > Configurations with multiple shared namespaces can trigger a bug > where the first argument of strcmp() invocation is NULL. > > This patch adds an explicit check, analogously to how the second > argument is sanitized. I think it shouldn't be NULL though.. I'd rather add some asserts and figure out why it is. I guess the attached patch assert-crashes? What's the backtrace there? -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: application/octet-stream Size: 563 bytes Desc: not available URL: -------------- next part -------------- From tjachetta at ltnglobal.com Mon Jan 9 22:11:11 2017 From: tjachetta at ltnglobal.com (Tyler Jachetta) Date: Mon, 9 Jan 2017 17:11:11 -0500 Subject: panic when doveadm sieve put between multiple hosts Message-ID: Dovecot version: 2.2.25 (7be1766) I?m looking into an issue we?re having with a new setup. We have one fronted host with two backend hosts, and we?re attempting to use doveadm to allow us to administer sieve on the frontend and have it replicated to the backend hosts. When I attempt to use doveadm sieve put on the frontend host, i get the following on the frontend host: frontend-machine $ cat /tmp/default.sieve | doveadm sieve put default doveadm(root): Error: doveadm server disconnected before handshake: Connection reset by peer doveadm(root): Error: 10.1.11.82:10993: Command sieve put failed for root: Connection reset by peer when this happens, on the backend, I see this in /var/log/maillog: Jan 9 17:00:35 was-imap1 dovecot: doveadm: Panic: epoll_ctl(add, 0) failed: Operation not permitted (fd doesn't support epoll - instead of ' /usr/lib64/dovecot/libdovecot.so.0(+0x8d60e) [0x7f7a86ba960e] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f7a86b481b6] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handle_add+0x147) [0x7f7a86bbe067] -> /usr/lib64/dovecot/libdovecot.so.0(+0xa0311) [0x7f7a86bbc311] -> /usr/lib64/dovecot/libdovecot.so.0(io_add+0xd) [0x7f7a86bbc3bd] -> dovecot/doveadm-server(doveadm_mail_get_input+0xde) [0x7f7a875c53de] -> dovecot/doveadm-server(doveadm_mail_single_user+0x73) [0x7f7a875c5633] -> dovecot/doveadm-server(+0x2874d) [0x7f7a875c574d] -> dovecot/doveadm-server(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x27d) [0x7f7a875c65fd] -> dovecot/doveadm-server(doveadm_cmd_run_ver2+0x50c) [0x7f7a875d492c] -> dovecot/doveadm-server(+0x3b223) [0x7f7a875d8223] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x4c) [0x7f7a86bbce8c] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xff) [0x7f7a86bbe2ef] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) [0x7f7a86bbcf15] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f7a86bbd0c8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f7a86b4e613] -> dovecot/doveadm-server(main+0x186) [0x7f7a875b6276] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f7a8677bb15] -> dovecot/doveadm-server(+0x19321) [0x7f7a875b6321] Jan 9 17:00:36 was-imap1 dovecot: doveadm: Fatal: master: service(doveadm): child 28542 killed with signal 6 (core dumped) Now, if I log in to either of the backend hosts, I can run the sieve put command and it all works out fine, so it?s something in the communication between the frontend and backend. dovecot -n output for both a frontend and backend below frontend-machine $ dovecot -n # 2.2.25 (7be1766): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.15 (97b3da0) # OS: Linux 3.10.0-327.18.2.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core) auth_username_format = %Ln director_mail_servers = 10.1.11.82 10.1.11.83 director_servers = 10.1.11.81 director_username_hash = %Ln doveadm_port = 10993 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = proxy=y nopassword=y ssl=any-cert driver = static } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = imap pop3 lmtp sieve service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { port = 1109 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service doveadm { inet_listener { port = 10993 } } service imap-login { executable = imap-login director } service imap { process_limit = 250 } service ipc { unix_listener ipc { user = dovecot } } service managesieve-login { executable = managesieve-login director } service pop3-login { executable = pop3-login director } ssl = required ssl_ca = From marek at grondecki.de Tue Jan 10 15:38:15 2017 From: marek at grondecki.de (Marek Grondecki) Date: Tue, 10 Jan 2017 16:38:15 +0100 Subject: Prohibit dots in folder names Message-ID: <6aba8b7257a3d49fdc40e17b4d418c7b@grondecki.de> Hello Dovecot Community, I am using Dovecot 2.2.13-12~deb8u1 (Debian Jessie). separator = / listescape plugin is NOT active LAYOUT=fs is NOT active I would like to prohibit a creation of folders with dot "." in the names - so creation of a folder "foo.bar" should NOT be possible. Currently, when I create "foo.bar" in Outlook 2013 it will be created but won't be synchronised with the mail server - Outlook shows it as "foo.bar (Only this computer)". Ideally the user should receive an error message informing that "the folder foo.bar could not be created." Thank you for your help. Regards, Marek Grondecki From gioele at svario.it Tue Jan 10 19:00:15 2017 From: gioele at svario.it (Gioele Barabucci) Date: Tue, 10 Jan 2017 20:00:15 +0100 Subject: GMail-like user labels in IMAP/dovecot, situation in 2017? Message-ID: <665215e6-5f3e-e11d-37e0-a040ba95705f@svario.it> Hello, I am in the process of updating my IMAP dovecot installation and I was wondering what is the current state of the art for GMail-like user-defined labels. Are GMail-like user-defined labels now somehow achievable with dovecot? If now, what is missing? Standardized metadata formats? Support in clients? I searched the web a bit but I could not find any activity in the relevant IETF working groups. That seems strange to me, because the user-defined labels looks like a feature many users would like to have. I suppose I haven't found the relevant discussion group. Is this kind of enhancement to IMAP being discussed somewhere? Regards, -- Gioele Barabucci From tss at iki.fi Tue Jan 10 21:34:49 2017 From: tss at iki.fi (Timo Sirainen) Date: Tue, 10 Jan 2017 23:34:49 +0200 Subject: Poolmon: Problem with index-locking In-Reply-To: <891fc5d89b8b7e7b9bf52de305a0588e@tomsommer.dk> References: <891fc5d89b8b7e7b9bf52de305a0588e@tomsommer.dk> Message-ID: <4FE4A6B5-CCA4-459E-B1D1-21A6A01CFB48@iki.fi> On 10 Jan 2017, at 20.38, Tom Sommer wrote: > > I have Poolmon (https://github.com/brandond/poolmon) set up. When it does all the checks concurrently, obviously there are locking issues on each mailserver it tests: > > "Warning: Locking transaction log file xxxx/indexes/dovecot.list.index.log took 60 seconds (syncing)" > > It's just an empty mailbox. > > Is there any way to do a login test, without locking the index files? Hence avoiding these warnings/errors? Are they accessing the same mail account on all the backend servers? I guess that could be troublesome, although I don't know why it would still take 60 seconds. Anyway better would be if it used a backend-specific mail user, but I'm not sure if poolmon supports that now. From tss at iki.fi Tue Jan 10 21:54:40 2017 From: tss at iki.fi (Timo Sirainen) Date: Tue, 10 Jan 2017 23:54:40 +0200 Subject: GMail-like user labels in IMAP/dovecot, situation in 2017? In-Reply-To: <665215e6-5f3e-e11d-37e0-a040ba95705f@svario.it> References: <665215e6-5f3e-e11d-37e0-a040ba95705f@svario.it> Message-ID: <40A5E489-D0DD-48E3-AC0E-AA80946B3481@iki.fi> On 10 Jan 2017, at 21.00, Gioele Barabucci wrote: > > Hello, > > I am in the process of updating my IMAP dovecot installation and I was > wondering what is the current state of the art for GMail-like > user-defined labels. > > Are GMail-like user-defined labels now somehow achievable with dovecot? I think the main difference between folders and labels is that with folders you have separate flags for a mail in each folder, while with labels there's just one global flags/labels status for the mail. Every other operation can be mapped 1:1 pretty nicely. So the big question is how should this be implemented in a way that allows both regular IMAP access and also label-like access. There are two choices: a) Implement a new storage format where all the mails are in a single physical folder. Treat flags as labels. When accessing with IMAP, create virtual folders based on the flags. This is how GMail works. b) Implement a way to export the current folder-based storage using labels. This could be done with a virtual "all mails" folder, which combines both message flags and folder names into labels for the mails. It also likely means that changing a label changes the flag in each physical folder where the mail exists in. This is what we were planning to do for the Dovecot GMail API support. There are some initial patches for b) that would make it efficient to implement, but they don't work right with replication or with obox format, so they didn't get merged. I think I had some thoughts on how to make them work with a different design, which I probably still have somewhere written down. In any case, priority for GMail API support has dropped pretty low. Most people didn't really care about actually having GMail compatible API, but more about having some kind of a HTTP API. So the plan right now is to add support for JMAP, which also requires support for thread IDs like GMail does, but doesn't require support for labels. > If now, what is missing? Standardized metadata formats? Support in clients? > > I searched the web a bit but I could not find any activity in the > relevant IETF working groups. That seems strange to me, because the > user-defined labels looks like a feature many users would like to have. > I suppose I haven't found the relevant discussion group. Is this kind of > enhancement to IMAP being discussed somewhere? I have a feeling you're thinking about something completely different from what I'm thinking though. You know that we have user-defined flags already, right? What exactly do you want to be different? From tss at iki.fi Tue Jan 10 21:55:59 2017 From: tss at iki.fi (Timo Sirainen) Date: Tue, 10 Jan 2017 23:55:59 +0200 Subject: Deleting a mailbox recursively In-Reply-To: References: Message-ID: On 9 Jan 2017, at 19.29, Malte Schmidt wrote: > > This topic was already discussed on this mailinglist: > > https://www.dovecot.org/list/dovecot/2011-November/079491.html > > I am also looking for a nice and convenient way of recursively deleting > a mailbox which uses the mdbox-Format. Since then - was there any progress? Looks like there's doveadm mailbox delete -r From mail at tomsommer.dk Wed Jan 11 07:01:54 2017 From: mail at tomsommer.dk (Tom Sommer) Date: Wed, 11 Jan 2017 08:01:54 +0100 Subject: Poolmon: Problem with index-locking In-Reply-To: <4FE4A6B5-CCA4-459E-B1D1-21A6A01CFB48@iki.fi> References: <891fc5d89b8b7e7b9bf52de305a0588e@tomsommer.dk> <4FE4A6B5-CCA4-459E-B1D1-21A6A01CFB48@iki.fi> Message-ID: <826a24d3c7d58f392327b6242b44474d@tomsommer.dk> On 2017-01-10 22:34, Timo Sirainen wrote: > On 10 Jan 2017, at 20.38, Tom Sommer wrote: >> >> I have Poolmon (https://github.com/brandond/poolmon) set up. When it >> does all the checks concurrently, obviously there are locking issues >> on each mailserver it tests: >> >> "Warning: Locking transaction log file >> xxxx/indexes/dovecot.list.index.log took 60 seconds (syncing)" >> >> It's just an empty mailbox. >> >> Is there any way to do a login test, without locking the index files? >> Hence avoiding these warnings/errors? > > Are they accessing the same mail account on all the backend servers? Yes. > I guess that could be troublesome, although I don't know why it would > still take 60 seconds. Well if all backends try to log in at the same time, it will naturally cause NFS locking issues? As they are all fighting for a lock. Plus, my NFS box is having a hard time atm. :) > Anyway better would be if it used a > backend-specific mail user, but I'm not sure if poolmon supports that > now. I suppose, just feels like a 'wrong' test-case. Would be better if poolmon could do send some kind of 'check' signal to doveadm on the backend to do a test? Or if you could perform a login which did not. Anyway, my log is flooded with these warnings atm. From info at vialactea.de Wed Jan 11 07:17:18 2017 From: info at vialactea.de (Malte Schmidt) Date: Wed, 11 Jan 2017 08:17:18 +0100 Subject: Deleting a mailbox recursively In-Reply-To: References: Message-ID: Hello and thanks for the answer, as of version 2.2.24 this is not working: # doveadm mailbox delete -r dove delete: invalid option -- 'r' I crawled through the changelog since 2.2.24 and could not find any change like this. Also neither the wiki nor the man-pages mention a "-r"-flag. I am a bit confused here. Am 10.01.2017 um 22:55 schrieb Timo Sirainen: > On 9 Jan 2017, at 19.29, Malte Schmidt wrote: >> This topic was already discussed on this mailinglist: >> >> https://www.dovecot.org/list/dovecot/2011-November/079491.html >> >> I am also looking for a nice and convenient way of recursively deleting >> a mailbox which uses the mdbox-Format. Since then - was there any progress? > Looks like there's doveadm mailbox delete -r From aki.tuomi at dovecot.fi Wed Jan 11 07:33:02 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 11 Jan 2017 09:33:02 +0200 Subject: Prohibit dots in folder names In-Reply-To: <6aba8b7257a3d49fdc40e17b4d418c7b@grondecki.de> References: <6aba8b7257a3d49fdc40e17b4d418c7b@grondecki.de> Message-ID: <74e2c3b9-97b0-91b9-4dcf-d4c111db4619@dovecot.fi> On 10.01.2017 17:38, Marek Grondecki wrote: > Hello Dovecot Community, > > I am using Dovecot 2.2.13-12~deb8u1 (Debian Jessie). > > separator = / > listescape plugin is NOT active > LAYOUT=fs is NOT active > > I would like to prohibit a creation of folders with dot "." in the > names - > so creation of a folder "foo.bar" should NOT be possible. > Currently, when I create "foo.bar" in Outlook 2013 it will be created > but won't be > synchronised with the mail server - Outlook shows it as "foo.bar (Only > this computer)". > Ideally the user should receive an error message informing that "the > folder foo.bar > could not be created." > > Thank you for your help. > > Regards, > Marek Grondecki Are you sure the folder is actually created in dovecot instance? Can you run doveadm mailbox status -u username foo.bar? Aki From gioele at svario.it Wed Jan 11 07:41:15 2017 From: gioele at svario.it (Gioele Barabucci) Date: Wed, 11 Jan 2017 08:41:15 +0100 Subject: GMail-like user labels in IMAP/dovecot, situation in 2017? In-Reply-To: <40A5E489-D0DD-48E3-AC0E-AA80946B3481@iki.fi> References: <665215e6-5f3e-e11d-37e0-a040ba95705f@svario.it> <40A5E489-D0DD-48E3-AC0E-AA80946B3481@iki.fi> Message-ID: On 10/01/2017 22:54, Timo Sirainen wrote: > On 10 Jan 2017, at 21.00, Gioele Barabucci wrote: >> >> I am in the process of updating my IMAP dovecot installation and I was >> wondering what is the current state of the art for GMail-like >> user-defined labels. >> >> Are GMail-like user-defined labels now somehow achievable with dovecot? > > a) Implement a new storage format where all the mails are in a single > physical folder. Treat flags as labels. When accessing with IMAP, > create virtual folders based on the flags. This is how GMail works. Hello Timo, thank you for the answers. To my uneducated eyes this solution seems the most straightforward and less error-prone. But I suppose that the devil is in the details. > b) Implement a way to export the current folder-based storage using > labels. This could be done with a virtual "all mails" folder, which > combines both message flags and folder names into labels for the > mails. It also likely means that changing a label changes the flag in > each physical folder where the mail exists in. This is what we were > planning to do for the Dovecot GMail API support. It is great to see that things are still being worked on. What about flags like \Seen or \Answered? Will they also be kept in sync or will each copy of a message have its own set of flags? > In any case, priority for GMail API support has dropped pretty low. > Most people didn't really care about actually having GMail > compatible API, but more about having some kind of a HTTP API. I do not know about how much a "GMail API" is requested, but all (_all_, not most) users I have met lament the lack of GMail-like labels and conversations in IMAP clients (desktop, mobile and web based). >> If now, what is missing? Standardized metadata formats? Support in clients? > > I have a feeling you're thinking about something completely > different from what I'm thinking though. You know that we have > user-defined flags already, right? What exactly do you want to be > different? My idea of "GMail-like user labels" is composed of two parts: 1. Tags/labels that the user can freely attach to messages/conversations. User-defined flags can be attached to messages, but there is no way to store metadata like the human-readable name of the label (e.g. "Travels in Italy") or its color. This metadata must be configured manually in each client. 2. the ability to see a tree-like structure based on these tags/labels, with the same message/conversation appearing in multiple "branches" at the same time and where deletion means "removal of tag". IIUC both point 1 and 2 are still missing from dovecot. Regards, -- Gioele Barabucci From mpeters at domblogger.net Wed Jan 11 07:45:39 2017 From: mpeters at domblogger.net (Michael A. Peters) Date: Tue, 10 Jan 2017 23:45:39 -0800 Subject: Dovecot and MariaDB/MySQL Message-ID: <6ee04b87-7ea8-60db-885e-b24a2190f15f@domblogger.net> Howdy - For most of my dovecot servers, they are small and I just use unix accounts. However I am going to be running a new server for more general users, webmail (probably roundcube but I'm hacking roundcube quite a bit, enough that I'm calling it squarepeg instead so users familiar with roundcube will know it is quite different) and it will use MariaDB for account management. I already have it working, following the instructions at https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql-on-centos-5/ - those instructions also work in CentOS 7 with the latest Dovecot - but there is something that really bothers me. It makes no provision for salting the password before the crypt function. What I would like to do is when creating a new account, use /dev/urandom to generate a random salt for the account that is stuck in the database along with the account and used when validating the password. That way in the event of a SQL injection attack that dumps the database - yes it is still bad, but 20 accounts that have the same password will have radically different hashes and thus won't be a clue that they are the same, the blackhat that gets the database dump would have to generate a rainbow table for each unique salt. I've looked at at least a dozen different Dovecot / MariaDB howto guides and none of the ones I have looked at supported any kind of individual salting of the user passwords. Can someone point me to a guide that does? I don't mind keeping the salt in the database, I just want to be able to have a different salt for each account. Thank you From aki.tuomi at dovecot.fi Wed Jan 11 07:50:33 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 11 Jan 2017 09:50:33 +0200 Subject: Dovecot and MariaDB/MySQL In-Reply-To: <6ee04b87-7ea8-60db-885e-b24a2190f15f@domblogger.net> References: <6ee04b87-7ea8-60db-885e-b24a2190f15f@domblogger.net> Message-ID: <1b22d763-d8a9-bd74-8264-f6342a289cdc@dovecot.fi> On 11.01.2017 09:45, Michael A. Peters wrote: > Howdy - > > For most of my dovecot servers, they are small and I just use unix > accounts. > > However I am going to be running a new server for more general users, > webmail (probably roundcube but I'm hacking roundcube quite a bit, > enough that I'm calling it squarepeg instead so users familiar with > roundcube will know it is quite different) and it will use MariaDB for > account management. > > I already have it working, following the instructions at > https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql-on-centos-5/ > - those instructions also work in CentOS 7 with the latest Dovecot - > but there is something that really bothers me. > > It makes no provision for salting the password before the crypt function. > > What I would like to do is when creating a new account, use > /dev/urandom to generate a random salt for the account that is stuck > in the database along with the account and used when validating the > password. > > That way in the event of a SQL injection attack that dumps the > database - yes it is still bad, but 20 accounts that have the same > password will have radically different hashes and thus won't be a clue > that they are the same, the blackhat that gets the database dump would > have to generate a rainbow table for each unique salt. > > I've looked at at least a dozen different Dovecot / MariaDB howto > guides and none of the ones I have looked at supported any kind of > individual salting of the user passwords. > > Can someone point me to a guide that does? > > I don't mind keeping the salt in the database, I just want to be able > to have a different salt for each account. > > Thank you Hi! Try using doveadm pw -S SSHA256 for generating the password. The salt is included in the password hash. Aki From mpeters at domblogger.net Wed Jan 11 07:57:28 2017 From: mpeters at domblogger.net (Michael A. Peters) Date: Tue, 10 Jan 2017 23:57:28 -0800 Subject: Dovecot and MariaDB/MySQL In-Reply-To: <1b22d763-d8a9-bd74-8264-f6342a289cdc@dovecot.fi> References: <6ee04b87-7ea8-60db-885e-b24a2190f15f@domblogger.net> <1b22d763-d8a9-bd74-8264-f6342a289cdc@dovecot.fi> Message-ID: On 01/10/2017 11:50 PM, Aki Tuomi wrote: > > Hi! > > Try using doveadm pw -S SSHA256 for generating the password. The salt is > included in the password hash. > > Aki > Thank you! Found the doveadm-pw man page, think I'm good from here. From markc at renta.net Wed Jan 11 08:00:45 2017 From: markc at renta.net (Mark Constable) Date: Wed, 11 Jan 2017 18:00:45 +1000 Subject: pigeonhole + spamprobe Message-ID: <1ea75e44-3ff5-67c2-929d-262770b15f46@renta.net> Would anyone have an example of how to use dovecot-pigeonhole to call spamprobe as an external program in the current 2.2.25? From skdovecot at smail.inf.fh-brs.de Wed Jan 11 09:35:58 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 11 Jan 2017 10:35:58 +0100 (CET) Subject: Prohibit dots in folder names In-Reply-To: <74e2c3b9-97b0-91b9-4dcf-d4c111db4619@dovecot.fi> References: <6aba8b7257a3d49fdc40e17b4d418c7b@grondecki.de> <74e2c3b9-97b0-91b9-4dcf-d4c111db4619@dovecot.fi> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 11 Jan 2017, Aki Tuomi wrote: > On 10.01.2017 17:38, Marek Grondecki wrote: >> Hello Dovecot Community, >> >> I am using Dovecot 2.2.13-12~deb8u1 (Debian Jessie). >> >> separator = / >> listescape plugin is NOT active >> LAYOUT=fs is NOT active >> >> I would like to prohibit a creation of folders with dot "." in the >> names - >> so creation of a folder "foo.bar" should NOT be possible. >> Currently, when I create "foo.bar" in Outlook 2013 it will be created >> but won't be >> synchronised with the mail server - Outlook shows it as "foo.bar (Only >> this computer)". >> Ideally the user should receive an error message informing that "the >> folder foo.bar >> could not be created." >> >> Thank you for your help. >> >> Regards, >> Marek Grondecki > > Are you sure the folder is actually created in dovecot instance? > Can you run doveadm mailbox status -u username foo.bar? Yes, they are. If you issue * create t.t.t.t.t.t.t the complete set of t's is created. (I'm using Maildir as backend.) This case is what the listescape plugin is to help. I don't use it myself, however. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWHX8fnz1H7kL/d9rAQKLTgf/aDCLrP/BjVAASw/Vd/lBXmrZ41SdDbb8 tJCHcOT1EqGCEV5T7vKBilSHc1w0pX4Mtvx48GQc0mCRbmDsNq2ZplSZRmyCsHQh V4Mkk/orj8ekRzv7DJ8MaUC5A5wyVSsTFAwPKus2l7HjgsufEumUESyBaRfbPVIE 6zI5ANw91EI+eJvxnbk8tkpGEVwjZlA4AVwPOMTC8zT4lJSWiZR3oG48TnHZ469j 4CjEw6BoFw1N+QcD5ByuS0ZhZUA3RLKDqs1kU+5D1d8wSDi2z5RtZ0NH+1g+0aR4 gq8p9tzOxfXNCjt4EU0uXE+AUpLmvQJ1OgEDrmZRKncvZ77IYek/tg== =kJA6 -----END PGP SIGNATURE----- From marek at grondecki.de Wed Jan 11 09:36:01 2017 From: marek at grondecki.de (Marek Grondecki) Date: Wed, 11 Jan 2017 10:36:01 +0100 Subject: Ban dots in folder names Message-ID: <985bb43a560a10bd990aa96367a406eb@grondecki.de> Hello Dovecot Community, I am using Dovecot 2.2.13-12~deb8u1 (Debian Jessie). separator = / listescape plugin is NOT active LAYOUT=fs is NOT active I would like to prohibit/ban the creation of folders with dot "." in the names - so creation of a folder "foo.bar" should NOT be possible. Currently, when I create "foo.bar" in Outlook 2013 it will be created but won't be synchronised with the mail server - Outlook shows it as "foo.bar (Only this computer)". Ideally the user should receive an error message informing that "the folder foo.bar could not be created." Thank you for your help. Regards, Marek Grondecki From aki.tuomi at dovecot.fi Wed Jan 11 09:46:48 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 11 Jan 2017 11:46:48 +0200 Subject: Prohibit dots in folder names In-Reply-To: References: <6aba8b7257a3d49fdc40e17b4d418c7b@grondecki.de> <74e2c3b9-97b0-91b9-4dcf-d4c111db4619@dovecot.fi> Message-ID: On 11.01.2017 11:35, Steffen Kaiser wrote: > On Wed, 11 Jan 2017, Aki Tuomi wrote: > > On 10.01.2017 17:38, Marek Grondecki wrote: > >> Hello Dovecot Community, > >> > >> I am using Dovecot 2.2.13-12~deb8u1 (Debian Jessie). > >> > >> separator = / > >> listescape plugin is NOT active > >> LAYOUT=fs is NOT active > >> > >> I would like to prohibit a creation of folders with dot "." in the > >> names - > >> so creation of a folder "foo.bar" should NOT be possible. > >> Currently, when I create "foo.bar" in Outlook 2013 it will be created > >> but won't be > >> synchronised with the mail server - Outlook shows it as "foo.bar (Only > >> this computer)". > >> Ideally the user should receive an error message informing that "the > >> folder foo.bar > >> could not be created." > >> > >> Thank you for your help. > >> > >> Regards, > >> Marek Grondecki > > > Are you sure the folder is actually created in dovecot instance? > > Can you run doveadm mailbox status -u username foo.bar? > > Yes, they are. If you issue > > * create t.t.t.t.t.t.t > > the complete set of t's is created. (I'm using Maildir as backend.) > > This case is what the listescape plugin is to help. I don't use it > myself, however. > > -- Steffen Kaiser I am sure that it is created like that, but his Outlook is saying (Only this computer), which is the reason I am asking. I am sure the command works over IMAP protocol. Aki From skdovecot at smail.inf.fh-brs.de Wed Jan 11 09:53:51 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 11 Jan 2017 10:53:51 +0100 (CET) Subject: Ban dots in folder names In-Reply-To: <985bb43a560a10bd990aa96367a406eb@grondecki.de> References: <985bb43a560a10bd990aa96367a406eb@grondecki.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 11 Jan 2017, Marek Grondecki wrote: > separator = / > listescape plugin is NOT active > LAYOUT=fs is NOT active > > I would like to prohibit/ban the creation of folders with dot "." in the > names - > so creation of a folder "foo.bar" should NOT be possible. > Currently, when I create "foo.bar" in Outlook 2013 it will be created but > won't be > synchronised with the mail server - Outlook shows it as "foo.bar (Only this > computer)". > Ideally the user should receive an error message informing that "the folder > foo.bar > could not be created." Ah, your situation is different then mine, I use separator = ., then you get subfolders in this case. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWHYAr3z1H7kL/d9rAQJdWQf/b+FKYeHba5333L/ihrIFHIvu1ua9eqwT P3MM2U1+6PgaCaXqkzglEpO1F1q5qyQZf3zq0BN9OJGZ6kZYpmoqgwAgivB9Kl2V 2gOPnwgZw3DrEjT1B1isgoEAjwsdcoUXER4ookF7UruAOdvLxeJzjIT5voUPMH2M MQSn0W3IPds7/v3uNfzzgmmYKzykVCJeMWL4C5niIGcfWJX/Zq9uda+TyFItqpr8 8lq4ZrZjjqqcNu73fZ/CY8s37SejLDc0/lRDUs7WdBoJF9sacMttTgPMzVoKh2uG mGg/+VjwKWn2WEVgrnPwJE8DlU5IqdDNU3AfBe6/B6PN0i9KiDtBQA== =P7UT -----END PGP SIGNATURE----- From soltys at ziu.info Wed Jan 11 11:28:55 2017 From: soltys at ziu.info (Michal Soltys) Date: Wed, 11 Jan 2017 12:28:55 +0100 Subject: [PATCH] mail-storage.c: check against NULL address in strcmp() invocation In-Reply-To: <700199E6-9F7C-4AEC-ABD9-FB1A49823E03@iki.fi> References: <1484078283-7108-1-git-send-email-soltys@ziu.info> <700199E6-9F7C-4AEC-ABD9-FB1A49823E03@iki.fi> Message-ID: <19a83ba5-fdbf-6019-18d8-dcbef73b48d7@ziu.info> On 01/10/2017 09:31 PM, Timo Sirainen wrote: > On 10 Jan 2017, at 21.58, Michal Soltys wrote: >> >> Configurations with multiple shared namespaces can trigger a bug >> where the first argument of strcmp() invocation is NULL. >> >> This patch adds an explicit check, analogously to how the second >> argument is sanitized. > > I think it shouldn't be NULL though.. I'd rather add some asserts and figure out why it is. I guess the attached patch assert-crashes? What's the backtrace there? > Yea, assert triggers instantly once I try to read any folder. bt full below #2 0x00007f1b92c53727 in default_fatal_finish (type=LOG_TYPE_PANIC, status=0) at failures.c:201 backtrace = 0x971fb0 "/usr/lib/dovecot/libdovecot.so.0(+0xc36d8) [0x7f1b92c536d8] -> /usr/lib/dovecot/libdovecot.so.0(+0xc4c06) [0x7f1b92c54c06] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f1b92c53a5b] -> /usr/lib/d"... #3 0x00007f1b92c54c06 in i_internal_fatal_handler (ctx=0x7ffdee3f6fe0, format=0x7f1b93043e68 "file %s: line %d (%s): assertion failed: (%s)", args=0x7ffdee3f7000) at failures.c:670 status = 0 #4 0x00007f1b92c53a5b in i_panic (format=0x7f1b93043e68 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:275 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0, timestamp_usecs = 0} args = #5 0x00007f1b92f4921e in mail_storage_create_full (ns=0x9927e0, driver=0x7f1b93042516 "shared", data=0x98f438 "mdbox:%h", flags=(unknown: 0), storage_r=0x7ffdee3f71d0, error_r=0x7ffdee3f7230) at mail-storage.c:407 storage_class = 0x7f1b932995c0 storage = 0x995800 list = 0x994ff0 list_set = {layout = 0x7f1b9304841d "shared", root_dir = 0x98ebc8 "/var/run/dovecot", index_dir = 0x0, index_pvt_dir = 0x0, control_dir = 0x0, alt_dir = 0x0, inbox_path = 0x0, subscription_fname = 0x0, maildir_name = 0x7f1b93044073 "", mailbox_dir_name = 0x7f1b93044073 "", escape_char = 0 '\000', broken_char = 0 '\000', utf8 = false, alt_dir_nocheck = false, index_control_use_maildir_name = false} list_flags = (unknown: 0) p = 0x0 __FUNCTION__ = "mail_storage_create_full" #6 0x00007f1b92f4931d in mail_storage_create (ns=0x9927e0, driver=0x7f1b93042516 "shared", flags=(unknown: 0), error_r=0x7ffdee3f7230) at mail-storage.c:420 storage = 0x9921e0 #7 0x00007f1b92f3ecdc in mail_namespaces_init_add (user=0x98e0b0, ns_set=0x98ed70, unexpanded_ns_set=0x98e5e8, ns_p=0x992080, error_r=0x7ffdee3f7378) at mail-namespace.c:195 mail_set = 0x98e9d8 ns = 0x9927e0 driver = 0x7f1b93042516 "shared" error = 0x0 ret = 0 #8 0x00007f1b92f3f694 in mail_namespaces_init (user=0x98e0b0, error_r=0x7ffdee3f7378) at mail-namespace.c:414 mail_set = 0x98e9d8 ns_set = 0x98ecc0 unexpanded_ns_set = 0x98e538 namespaces = 0x992080 ns_p = 0x992080 i = 1 count = 3 count2 = 3 __FUNCTION__ = "mail_namespaces_init" #9 0x00007f1b92f52528 in mail_storage_service_init_post (ctx=0x97b7d0, user=0x980040, priv=0x7ffdee3f7380, mail_user_r=0x7ffdee3f7498, error_r=0x7ffdee3f7378) at mail-storage-service.c:728 mail_set = 0x98e9d8 home = 0x980be9 "/var/mail1/msl" mail_user = 0x98e0b0 #10 0x00007f1b92f542c1 in mail_storage_service_next_real (ctx=0x97b7d0, user=0x980040, mail_user_r=0x7ffdee3f7498) at mail-storage-service.c:1426 priv = {uid = 105, gid = 8, uid_source = 0x7f1b930454cc "userdb lookup", gid_source = 0x7f1b930454cc "userdb lookup", home = 0x980be9 "/var/mail1/msl", chroot = 0x971838 ""} error = 0x0 len = 0 disallow_root = true temp_priv_drop = false use_chroot = true #11 0x00007f1b92f5437c in mail_storage_service_next (ctx=0x97b7d0, user=0x980040, mail_user_r=0x7ffdee3f7498) at mail-storage-service.c:1444 old_log_prefix = 0x97fe50 "imap(msl): " ret = 0 #12 0x00007f1b92f544f5 in mail_storage_service_lookup_next (ctx=0x97b7d0, input=0x7ffdee3f7520, user_r=0x7ffdee3f7490, mail_user_r=0x7ffdee3f7498, error_r=0x7ffdee3f7518) at mail-storage-service.c:1477 user = 0x980040 ret = 1 #13 0x00000000004314f0 in client_create_from_input (input=0x7ffdee3f7520, fd_in=7, fd_out=7, client_r=0x7ffdee3f7510, error_r=0x7ffdee3f7518) at main.c:228 user = 0x7ffdee3f74d0 mail_user = 0x7ffdee3f7510 ns = 0x7f1b92c9dfb3 client = 0x979370 imap_set = 0xc00000000 lda_set = 0x971100 errstr = 0x7f1b92efeac0 "\200\352\357\222\033\177" mail_error = 32539 #14 0x0000000000431968 in login_client_connected (login_client=0x97da20, username=0x971043 "msl", extra_fields=0x9710d0) at main.c:316 input = {module = 0x43db49 "imap", service = 0x43db49 "imap", username = 0x971043 "msl", session_id = 0x97daa0 "PARRLs5FeMjAqAD+", session_id_prefix = 0x0, session_create_time = 0, local_ip = {family = 2, u = {ip6 = {__in6_u = { __u6_addr8 = "\300\250\000\374", '\000' , __u6_addr16 = {43200, 64512, 0, 0, 0, 0, 0, 0}, __u6_addr32 = { 4227901632, 0, 0, 0}}}, ip4 = {s_addr = 4227901632}}}, remote_ip = {family = 2, u = {ip6 = {__in6_u = { __u6_addr8 = "\300\250\000\376", '\000' , __u6_addr16 = {43200, 65024, 0, 0, 0, 0, 0, 0}, __u6_addr32 = { 4261456064, 0, 0, 0}}}, ip4 = {s_addr = 4261456064}}}, local_port = 0, remote_port = 0, userdb_fields = 0x9710d0, flags_override_add = (unknown: 0), flags_override_remove = (unknown: 0), no_userdb_lookup = 0, debug = 0} client = 0x3000000018 flags = (MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION | unknown: 32538) error = 0x7ffdee3f75f0 "0?" __FUNCTION__ = "login_client_connected" #15 0x00007f1b92bc31c1 in master_login_auth_finish (client=0x97da20, auth_args=0x9710c8) at master-login.c:210 login = 0x97cd30 service = 0x9795e0 close_sockets = true __FUNCTION__ = "master_login_auth_finish" #16 0x00007f1b92bc3aca in master_login_auth_callback (auth_args=0x9710c8, errormsg=0x0, context=0x97da20) at master-login.c:379 client = 0x97da20 conn = 0x97d820 reply = {tag = 1, status = MASTER_AUTH_STATUS_OK, mail_pid = 20189} #17 0x00007f1b92bc4ae9 in master_login_auth_input_user (auth=0x97cdb0, args=0x97de5c "4291297281\tmsl\tuid=105\tgid=8\tmail=maildir:/var/mail1/msl\thome=/var/mail1/msl\tauth_token=18dd1092f041e803835776fae22759a100511eb8") at master-login-auth.c:244 request = 0x97cc30 list = 0x9710c0 id = 4291297281 #18 0x00007f1b92bc4fb1 in master_login_auth_input (auth=0x97cdb0) at master-login-auth.c:364 line = 0x97de57 "USER\t4291297281\tmsl\tuid=105\tgid=8\tmail=maildir:/var/mail1/msl\thome=/var/mail1/msl\tauth_token=18dd1092f041e803835776fae22759a100511eb8" ret = false #19 0x00007f1b92c72545 in io_loop_call_io (io=0x97ccb0) at ioloop.c:599 ioloop = 0x979740 t_id = 2 __FUNCTION__ = "io_loop_call_io" #20 0x00007f1b92c74e68 in io_loop_handler_run_internal (ioloop=0x979740) at ioloop-epoll.c:222 ctx = 0x97b260 events = 0x97c0d0 event = 0x97c0d0 list = 0x97cd10 io = 0x97ccb0 tv = {tv_sec = 154, tv_usec = 999457} events_count = 5 msecs = 155000 ret = 1 i = 0 j = 0 call = true __FUNCTION__ = "io_loop_handler_run_internal" #21 0x00007f1b92c72726 in io_loop_handler_run (ioloop=0x979740) at ioloop.c:648 No locals. #22 0x00007f1b92c72649 in io_loop_run (ioloop=0x979740) at ioloop.c:623 __FUNCTION__ = "io_loop_run" #23 0x00007f1b92bc6e3b in master_service_run (service=0x9795e0, callback=0x431b68 ) at master-service.c:641 No locals. #24 0x0000000000431efb in main (argc=1, argv=0x979390) at main.c:460 set_roots = {0x43ca60 , 0x648340 , 0x0} login_set = {auth_socket_path = 0x971048 "id=105", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x431883 , failure_callback = 0x431ad3 , request_auth_token = 1} service_flags = MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN storage_service_flags = (MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | MAIL_STORAGE_SERVICE_FLAG_AUTOEXPUNGE) username = 0x0 auth_socket_path = 0x43dc63 "auth-master" c = -1 From odhiambo at gmail.com Wed Jan 11 17:01:58 2017 From: odhiambo at gmail.com (Odhiambo Washington) Date: Wed, 11 Jan 2017 20:01:58 +0300 Subject: Broken OS after upgrade Message-ID: Hi, I have broken my OS (FreeBSD) after upgrade, making me unable to compile dovecot the usual way so I am seeking a 3rd eye. The config.log is at : http://bit.ly/2jE5djl Hoping someone can help me figure out what is broken. During configure, it fails with: checking for special C compiler options needed for large files... no checking for _FILE_OFFSET_BITS value needed for large files... unknown checking for _LARGE_FILES value needed for large files... unknown checking for _Bool... yes checking for uoff_t... no checking type of off_t... unknown configure: error: Unsupported off_t type -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft." From ruga at protonmail.com Wed Jan 11 19:40:54 2017 From: ruga at protonmail.com (Ruga) Date: Wed, 11 Jan 2017 14:40:54 -0500 Subject: Broken OS after upgrade In-Reply-To: References: Message-ID: http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_types.h.html#tag_13_67 On Wed, Jan 11, 2017 at 6:01 PM, Odhiambo Washington <'odhiambo at gmail.com'> wrote: Hi, I have broken my OS (FreeBSD) after upgrade, making me unable to compile dovecot the usual way so I am seeking a 3rd eye. The config.log is at : http://bit.ly/2jE5djl Hoping someone can help me figure out what is broken. During configure, it fails with: checking for special C compiler options needed for large files... no checking for _FILE_OFFSET_BITS value needed for large files... unknown checking for _LARGE_FILES value needed for large files... unknown checking for _Bool... yes checking for uoff_t... no checking type of off_t... unknown configure: error: Unsupported off_t type -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft." From odhiambo at gmail.com Wed Jan 11 19:51:11 2017 From: odhiambo at gmail.com (Odhiambo Washington) Date: Wed, 11 Jan 2017 22:51:11 +0300 Subject: Broken OS after upgrade In-Reply-To: References: Message-ID: Reinstalling gcc49 solved my problem. On 11 January 2017 at 20:01, Odhiambo Washington wrote: > Hi, > > I have broken my OS (FreeBSD) after upgrade, making me unable to compile > dovecot the usual way so I am seeking a 3rd eye. > > The config.log is at : http://bit.ly/2jE5djl > > Hoping someone can help me figure out what is broken. > > During configure, it fails with: > > checking for special C compiler options needed for large files... no > checking for _FILE_OFFSET_BITS value needed for large files... unknown > checking for _LARGE_FILES value needed for large files... unknown > checking for _Bool... yes > checking for uoff_t... no > checking type of off_t... unknown > configure: error: Unsupported off_t type > > > > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254 7 3200 0004/+254 7 2274 3223 > "Oh, the cruft." > -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft." From ellertalexandre at gmail.com Thu Jan 12 09:17:26 2017 From: ellertalexandre at gmail.com (Alexandre Ellert) Date: Thu, 12 Jan 2017 10:17:26 +0100 Subject: Unable to access apt.dovecot.fi Message-ID: Hi, I bought a Dovecot Enterprise repository acces in 2013 and since several months, I can't access it anymore. It seem that my credential are broken. When doing an apt-get update : W: Failed to fetch http://apt.dovecot.fi/3rdparty/debian/wheezy/dists/wheezy/main/binary-amd64/Packages 401 Unauthorized W: Failed to fetch http://apt.dovecot.fi/stable-2.2/debian/wheezy/dists/wheezy/main/binary-amd64/Packages 401 Unauthorized And here is my sources.list : # cat /etc/apt/sources.list.d/dovecot.list deb http://USER:PASSWORD at apt.dovecot.fi/stable-2.2/debian/wheezy wheezy main # cat /etc/apt/sources.list.d/dovecot-3rdparty.list deb http://USER:PASSWORD at apt.dovecot.fi/3rdparty/debian/wheezy wheezy main Thank you for help. Alexandre From mehrtens at decoit.de Thu Jan 12 12:17:47 2017 From: mehrtens at decoit.de (Frank Mehrtens) Date: Thu, 12 Jan 2017 13:17:47 +0100 Subject: Unable to access apt.dovecot.fi In-Reply-To: References: Message-ID: <48bffab3-3906-d501-3288-1c15e01d98b4@decoit.de> Hi Alexandre, this is a known problem (see http://dovecot.org/pipermail/dovecot/2016-November/106081.html). > Hi, > > Can you please contact us at support at dovecot.fi > to get this issue resolved. > > Sami > Frank Am 12.01.2017 um 10:17 schrieb Alexandre Ellert: > Hi, > > I bought a Dovecot Enterprise repository acces in 2013 and since > several months, I can't access it anymore. > > It seem that my credential are broken. > When doing an apt-get update : > > W: Failed to fetch > http://apt.dovecot.fi/3rdparty/debian/wheezy/dists/wheezy/main/binary-amd64/Packages > 401 Unauthorized > W: Failed to fetch > http://apt.dovecot.fi/stable-2.2/debian/wheezy/dists/wheezy/main/binary-amd64/Packages > 401 Unauthorized > > And here is my sources.list : > # cat /etc/apt/sources.list.d/dovecot.list > deb http://USER:PASSWORD at apt.dovecot.fi/stable-2.2/debian/wheezy wheezy main > # cat /etc/apt/sources.list.d/dovecot-3rdparty.list > deb http://USER:PASSWORD at apt.dovecot.fi/3rdparty/debian/wheezy wheezy main > > Thank you for help. > > Alexandre -- -------------- next part -------------- A non-text attachment was scrubbed... Name: fmehrtens.gif Type: image/gif Size: 10913 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3893 bytes Desc: S/MIME Cryptographic Signature URL: From ekorneechev at altlinux.org Thu Jan 12 14:05:05 2017 From: ekorneechev at altlinux.org (Evgeniy Korneechev) Date: Thu, 12 Jan 2017 17:05:05 +0300 (MSK) Subject: doveadm mailbox cryptokey - not found Message-ID: <757521990.15663.1484229905732.JavaMail.zimbra@remotesystems.ru> Hi, we have a problem. Command "doveadm mailbox cryptokey" does not work: # doveadm mailbox cryptokey usage: doveadm [-Dv] [-f ] mailbox [] create [-u |-A] [-S ] [-s] [-g ] [...] delete [-u |-A] [-S ] [-e] [-r] [-s] [-Z] [...] ...... What is the problem? ------------------------------------------------ Install: http://wiki2.dovecot.org/CompilingSource#Compiling_Dovecot_From_Sources : ./configure && make && sudo make install # dovecot -n # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # OS: Linux 4.4.38-std-def-alt0.M80P.1 x86_64 ALT starter kit (Hypericum) mail_location = mbox:~/mail:INBOX=/var/mail/%u mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } ssl = required ssl_cert = References: <757521990.15663.1484229905732.JavaMail.zimbra@remotesystems.ru> Message-ID: <94703063-3b8d-21c3-96df-7fdc9c9d2ac0@dovecot.fi> On 12.01.2017 16:05, Evgeniy Korneechev wrote: > Hi, we have a problem. > Command "doveadm mailbox cryptokey" does not work: > > # doveadm mailbox cryptokey > usage: doveadm [-Dv] [-f ] mailbox [] > create [-u |-A] [-S ] [-s] [-g ] [...] > delete [-u |-A] [-S ] [-e] [-r] [-s] [-Z] [...] > ...... > > What is the problem? > > ------------------------------------------------ > Install: http://wiki2.dovecot.org/CompilingSource#Compiling_Dovecot_From_Sources : > ./configure && make && sudo make install > > # dovecot -n > # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf > # OS: Linux 4.4.38-std-def-alt0.M80P.1 x86_64 ALT starter kit (Hypericum) > mail_location = mbox:~/mail:INBOX=/var/mail/%u > mbox_write_locks = fcntl > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > driver = pam > } > ssl = required > ssl_cert = ssl_key = # hidden, use -P to show it > userdb { > driver = passwd > } > > You forgot to load mail_crypt plugin. mail_plugins = $mail_plugins mail_crypt Aki From ekorneechev at altlinux.org Thu Jan 12 14:44:07 2017 From: ekorneechev at altlinux.org (Evgeniy Korneechev) Date: Thu, 12 Jan 2017 17:44:07 +0300 (MSK) Subject: doveadm mailbox cryptokey - not found Message-ID: <1295414726.16210.1484232247243.JavaMail.zimbra@remotesystems.ru> > > You forgot to load mail_crypt plugin. > > mail_plugins = $mail_plugins mail_crypt > With these settings also. # dovecot -n ..... mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_plugins = " mail_crypt" mbox_write_locks = fcntl ..... # service dovecot restart # doveadm mailbox cryptokey usage: doveadm [-Dv] [-f ......... # ls /usr/lib64/dovecot/modules/* | grep mail_crypt /usr/lib64/dovecot/modules/lib05_mail_crypt_acl_plugin.so /usr/lib64/dovecot/modules/lib10_mail_crypt_plugin.so /usr/lib64/dovecot/modules/libfs_mail_crypt.so /usr/lib64/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so -- WBR, BaseALT/ALTLinux Team From ekorneechev at altlinux.org Thu Jan 12 14:54:06 2017 From: ekorneechev at altlinux.org (Evgeniy Korneechev) Date: Thu, 12 Jan 2017 17:54:06 +0300 (MSK) Subject: doveadm mailbox cryptokey - not found In-Reply-To: <1295414726.16210.1484232247243.JavaMail.zimbra@remotesystems.ru> References: <1295414726.16210.1484232247243.JavaMail.zimbra@remotesystems.ru> Message-ID: <1664143490.16259.1484232846922.JavaMail.zimbra@remotesystems.ru> Sorry, reboot PC and OK!!! Thanks! ----- ???????? ????????? ----- > ??: "Evgeniy Korneechev" > ????: "dovecot" > ????????????: ???????, 12 ?????? 2017 ? 17:44:07 > ????: Re: doveadm mailbox cryptokey - not found >> >> You forgot to load mail_crypt plugin. >> >> mail_plugins = $mail_plugins mail_crypt >> > > With these settings also. > # dovecot -n > ..... > mail_location = mbox:~/mail:INBOX=/var/mail/%u > mail_plugins = " mail_crypt" > mbox_write_locks = fcntl > ..... > # service dovecot restart > # doveadm mailbox cryptokey > usage: doveadm [-Dv] [-f ......... > > # ls /usr/lib64/dovecot/modules/* | grep mail_crypt > /usr/lib64/dovecot/modules/lib05_mail_crypt_acl_plugin.so > /usr/lib64/dovecot/modules/lib10_mail_crypt_plugin.so > /usr/lib64/dovecot/modules/libfs_mail_crypt.so > /usr/lib64/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so > > -- > WBR, > BaseALT/ALTLinux Team -- WBR, BaseALT/ALTLinux Team From dclist at list.jmatt.net Thu Jan 12 19:55:32 2017 From: dclist at list.jmatt.net (Matt Simpson) Date: Thu, 12 Jan 2017 14:55:32 -0500 Subject: Pigeonhole External pipe script going zombie? Message-ID: I?m running dovecot 2.2.27 and pigeonhole 0.4.16 on FreeBSD 11. I?m using the pigeonhole/sieve external pipe plugin to run a Perl program to send a Pushover notification when certain messages are received. The Perl script is executed, and the notification is sent. But then the script task seems to go zombie until it is killed after a timeout. In the user?s sieve log, I get a message like error: msgid=<20170112191921.66140.qmail at v1.redhorse.me>: pipe action: failed to pipe message to program `sievepush.pl': refer to server log for more information. [2017-01-12 14:19:36]. (even though the message really was piped to the program successfully) In the dovecot server log, I see Jan 12 14:19:21 v1 dovecot: lda(matt): Debug: sieve: Executing script from `/usr/home/matt/maildoms/.dovecot.svbin' Jan 12 14:19:21 v1 dovecot: lda(matt): Debug: sieve: action pipe: running program: sievepush.pl Jan 12 14:19:21 v1 dovecot: lda(matt): Debug: Mailbox stdin: Opened mail UID=1 because: mail stream Jan 12 14:19:21 v1 dovecot: lda(matt): Debug: waiting for program `/usr/local/lib/dovecot/sieve-pipe/sievepush.pl' to finish after 0 msecs Jan 12 14:19:31 v1 dovecot: lda(matt): Debug: program `/usr/local/lib/dovecot/sieve-pipe/sievepush.pl'(66145) execution timed out after 10000 milliseconds: sending TERM signal Jan 12 14:19:36 v1 dovecot: lda(matt): Debug: program `/usr/local/lib/dovecot/sieve-pipe/sievepush.pl' (66145) did not die after 5000 milliseconds: sending KILL signal In the process list during that 10 second interval, I see matt 66142 29972 801 801 0 S - 0:00.00 bin/qmail-local -- matt /home/matt/maildoms jmn-matt - jmn-m matt 66143 66142 801 801 0 S - 0:00.00 /var/qmail/bin/preline -f /usr/local/libexec/dovecot/dovecot matt 66144 66143 801 801 0 S - 0:00.01 /usr/local/libexec/dovecot/dovecot-lda matt 66145 66144 801 801 0 Z - 0:00.65 I?m not a Unix programming ace, but from what I?ve been able to find out, this seems to mean that the lda process is forking another process to run the pipe script, and not getting the proper notification when it finishes (not issuing a wait?). So after 10 seconds, it sends a TERM to the task which is no longer running, and when that doesn?t work, it sends a KILL. Anybody know what?s happening here? doveconf -n # 2.2.27 (c0f36b0): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: FreeBSD 11.0-RELEASE-p2 amd64 auth_verbose = yes default_vsz_limit = 128 M lock_method = flock mail_debug = yes mail_location = maildir:~/Maildir mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vnd.dovecot.pipe vnd.dovecot.execute namespace inbox { inbox = yes location = prefix = } passdb { args = imap driver = pam } plugin { recipient_delimiter = - sieve = file:~/sieve;active=~/.dovecot.sieve sieve_execute_bin_dir = /usr/local/lib/dovecot/sieve-pipe sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve-pipe sieve_pipe_exec_timeout = 10s sieve_plugins = sieve_extprograms } protocols = imap service auth { unix_listener auth-master { group = qnofiles mode = 0660 user = alias } user = root } service imap-login { process_min_avail = 3 vsz_limit = 94 M } ssl_cert = References: Message-ID: <425259265.75.1484252912936@appsuite-dev.open-xchange.com> > On January 12, 2017 at 9:55 PM Matt Simpson wrote: > > > I?m running dovecot 2.2.27 and pigeonhole 0.4.16 on FreeBSD 11. > > I?m using the pigeonhole/sieve external pipe plugin to run a Perl program to send a Pushover notification when certain messages are received. > > The Perl script is executed, and the notification is sent. But then the script task seems to go zombie until it is killed after a timeout. > > In the user?s sieve log, I get a message like > > error: msgid=<20170112191921.66140.qmail at v1.redhorse.me>: pipe action: failed to pipe message to program `sievepush.pl': refer to server log for more information. [2017-01-12 14:19:36]. > > (even though the message really was piped to the program successfully) > > In the dovecot server log, I see > > Jan 12 14:19:21 v1 dovecot: lda(matt): Debug: sieve: Executing script from `/usr/home/matt/maildoms/.dovecot.svbin' > Jan 12 14:19:21 v1 dovecot: lda(matt): Debug: sieve: action pipe: running program: sievepush.pl > Jan 12 14:19:21 v1 dovecot: lda(matt): Debug: Mailbox stdin: Opened mail UID=1 because: mail stream > Jan 12 14:19:21 v1 dovecot: lda(matt): Debug: waiting for program `/usr/local/lib/dovecot/sieve-pipe/sievepush.pl' to finish after 0 msecs > Jan 12 14:19:31 v1 dovecot: lda(matt): Debug: program `/usr/local/lib/dovecot/sieve-pipe/sievepush.pl'(66145) execution timed out after 10000 milliseconds: sending TERM signal > Jan 12 14:19:36 v1 dovecot: lda(matt): Debug: program `/usr/local/lib/dovecot/sieve-pipe/sievepush.pl' (66145) did not die after 5000 milliseconds: sending KILL signal > > In the process list during that 10 second interval, I see > > matt 66142 29972 801 801 0 S - 0:00.00 bin/qmail-local -- matt /home/matt/maildoms jmn-matt - jmn-m > matt 66143 66142 801 801 0 S - 0:00.00 /var/qmail/bin/preline -f /usr/local/libexec/dovecot/dovecot > matt 66144 66143 801 801 0 S - 0:00.01 /usr/local/libexec/dovecot/dovecot-lda > matt 66145 66144 801 801 0 Z - 0:00.65 > > I?m not a Unix programming ace, but from what I?ve been able to find out, this seems to mean that the lda process is forking another process to run the pipe script, and not getting the proper notification when it finishes (not issuing a wait?). So after 10 seconds, it sends a TERM to the task which is no longer running, and when that doesn?t work, it sends a KILL. Anybody know what?s happening here? > Seems that we are not doing waitpid() on your program when it's killed. Also, I guess we should wait longer than 0 msecs. I'll try and see if I can replicate this. Aki From tlx at leuxner.net Fri Jan 13 08:15:14 2017 From: tlx at leuxner.net (Thomas Leuxner) Date: Fri, 13 Jan 2017 09:15:14 +0100 Subject: Sieve removeflag Action Message-ID: <20170113081514.GA60507@nihlus.leuxner.net> Hi, I recently noticed that some of my automatically processed mails do no longer show flags with current Dovecot builds. This used to work before, not sure what broke it or whether I used it in the wrong way. When the removeflag line is dropped *both* messages get flagged in the client, one in INBOX and one in Trash. With removeflag in place, *both* messages are unflagged, the one in INBOX and the one in Trash. This used to work differently before if memory doesn't fail me. #Test if address :is "From" "user at example.com" { addflag "\\Flagged $MailFlagBit1"; keep; removeflag "\\Flagged $MailFlagBit1"; fileinto "Trash"; } # 2.2.devel (01867a4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.devel (3c071a4) # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From skdovecot at smail.inf.fh-brs.de Fri Jan 13 09:49:13 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 13 Jan 2017 10:49:13 +0100 (CET) Subject: Sieve removeflag Action In-Reply-To: <20170113081514.GA60507@nihlus.leuxner.net> References: <20170113081514.GA60507@nihlus.leuxner.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 13 Jan 2017, Thomas Leuxner wrote: > I recently noticed that some of my automatically processed mails do no longer show flags with current Dovecot builds. This used to work before, not sure what broke it or whether I used it in the wrong way. When the removeflag line is dropped *both* messages get flagged in the client, one in INBOX and one in Trash. With removeflag in place, *both* messages are unflagged, the one in INBOX and the one in Trash. This used to work differently before if memory doesn't fail me. > > #Test > if address :is "From" "user at example.com" > { > addflag "\\Flagged $MailFlagBit1"; > keep; > removeflag "\\Flagged $MailFlagBit1"; > fileinto "Trash"; > } > from point of "logic" I would turn around both actions: removeflag "\\Flagged $MailFlagBit1"; fileinto "Trash"; addflag "\\Flagged $MailFlagBit1"; keep; Because keep is an action at the end of script processing, so the removeflag superceeds the "add". Or use fileinto "INBOX"; - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWHiimXz1H7kL/d9rAQJJWggAnF/VfdP4LYIuH4eSG7Pzvu0iwYA4WHQ2 2aJzFzVmtnCNgidJ/SvN6CJ5VLF0K+SjbDT7/VmSV9tOaMjTh1cWqGe5jbJMhgBu emeHd6sy/XrVYqIhHeLadQGmR4pzT9SQo4Z/6rI5oDzhEhyZC8kXuxOqbtOtUOmr XyHorah814gxKDHzoTbbTZXeTRa7sCjy0gon60qBWEPEuom2mzyCGIPznLAmme7q YTfZWEfgfhuN4K6ENn0AJl/BAvpYQW2jUUH+My0ZykwDzqPPkOkOvmPiI/1yG0CB p34jJrM8f+z3CErWeg+sNXtCvQbjMUVtLRoWjy50ARGs+WekqYzezQ== =3vQF -----END PGP SIGNATURE----- From tlx at leuxner.net Fri Jan 13 10:12:33 2017 From: tlx at leuxner.net (Thomas Leuxner) Date: Fri, 13 Jan 2017 11:12:33 +0100 Subject: Sieve removeflag Action In-Reply-To: References: <20170113081514.GA60507@nihlus.leuxner.net> Message-ID: <20170113101233.GA22501@nihlus.leuxner.net> * Steffen Kaiser 2017.01.13 10:49: > from point of "logic" I would turn around both actions: > > removeflag "\\Flagged $MailFlagBit1"; > fileinto "Trash"; > > addflag "\\Flagged $MailFlagBit1"; > keep; Hi Steffen, that works thanks. Not sure why it worked before. Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From ekorneechev at altlinux.org Fri Jan 13 10:21:42 2017 From: ekorneechev at altlinux.org (Evgeniy Korneechev) Date: Fri, 13 Jan 2017 13:21:42 +0300 (MSK) Subject: Plugin "mail_crypt" does not work Message-ID: <1094740409.24773.1484302902673.JavaMail.zimbra@remotesystems.ru> Hi, i have a problem. I sent test e-mail. It is in folder "Sent", but it was not delivered (folder "Inbox" is empty). /var/log/dovecot: ......... lda(mail at example.com): Error: User initialization failed: mail_crypt_plugin: mail_crypt_global_public_key: Couldn't parse public key: Unknown key format ......... Try RSA and EC: https://wiki2.dovecot.org/Plugins/MailCrypt#RSA_key https://wiki2.dovecot.org/Plugins/MailCrypt#EC_key Why "Unknown key format"? RSA pubkey: -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4hfgRDlMJtN9rcV2VGa8gOF1g xiXHwokRkKmKfr64ZbqAhXzLzP8fSLo8ZEtRzfS3f/EyLRvYL9LHxlxYuSnq2LTW lbvSj8jcg3ucpA431Pbnq/OVI8WsXhXhZdipGcBDyzWHZw5Dp3I/am+FB96VlfPW maHO/oKGphXXhXSOXwIDAQAB -----END PUBLIC KEY----- EC pubkey: -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEw96p6hvv/BJi9njHyXq05ZrKA3RR BNFOslljkgv6YUb4de1pln6hTUN69CjMBEB5P3YI7KP8hooozwM8iN/wLQ== -----END PUBLIC KEY----- ------------------------------------------------ # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.4.39-std-def-alt0.M80P.1 x86_64 ALT 8.1 Server auth_debug = yes auth_debug_passwords = yes auth_default_realm = example.com auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes auth_verbose_passwords = plain base_dir = /var/run/dovecot/ debug_log_path = /var/log/dovecot disable_plaintext_auth = no first_valid_gid = 502 first_valid_uid = 502 last_valid_gid = 502 last_valid_uid = 502 log_path = /var/log/dovecot login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_access_groups = vmail mail_debug = yes mail_gid = 502 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ mail_plugins = mail_crypt mail_privileged_group = vmail mail_uid = 502 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify mbox_write_locks = fcntl namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%u/ separator = / subscriptions = yes type = shared } namespace inbox { inbox = yes location = prefix = separator = / type = private } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { mail_crypt_curve = prime256v1 mail_crypt_global_private_key = References: <1094740409.24773.1484302902673.JavaMail.zimbra@remotesystems.ru> Message-ID: <914e418a-6b99-39fe-0c88-97963c205b04@dovecot.fi> On 13.01.2017 12:21, Evgeniy Korneechev wrote: > mail_crypt_global_public_key = References: <20170113081514.GA60507@nihlus.leuxner.net> Message-ID: Op 13-1-2017 om 9:15 schreef Thomas Leuxner: > Hi, > > I recently noticed that some of my automatically processed mails do no longer show flags with current Dovecot builds. This used to work before, not sure what broke it or whether I used it in the wrong way. When the removeflag line is dropped *both* messages get flagged in the client, one in INBOX and one in Trash. With removeflag in place, *both* messages are unflagged, the one in INBOX and the one in Trash. This used to work differently before if memory doesn't fail me. > > #Test > if address :is "From" "user at example.com" > { > addflag "\\Flagged $MailFlagBit1"; > keep; > removeflag "\\Flagged $MailFlagBit1"; > fileinto "Trash"; > } > > # 2.2.devel (01867a4): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.devel (3c071a4) > # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 That should just work. I tested this with the indicated versions using sieve-test and an empty user account: $ sieve-test -e -t - -Tlevel=matching ~/frop.sieve ~/message.eml ## Started executing script 'frop' 6: address test 6: starting `:is' match with `i;ascii-casemap' comparator: 6: extracting `From' headers from message 6: parsing address header value `User ' 6: extracting `all' part from address `user at example.com' 6: matching value `user at example.com' 6: with key `user at example.com' => 1 6: finishing match with result: matched 6: jump if result is false 6: not jumping 8: addflag command 8: add flags `\Flagged $MailFlagBit1' 9: keep action; store message in default mailbox 10: removeflag command 10: remove flags `\Flagged $MailFlagBit1' 11: fileinto action 11: store message in mailbox `Trash' ## Finished executing script 'frop' info: msgid=unspecified: stored mail into mailbox 'INBOX'. info: msgid=unspecified: stored mail into mailbox 'Trash'. sieve-test(stephan): Info: final result: success $ doveadm fetch flags mailbox "Trash" 1 flags: \Recent $ doveadm fetch flags mailbox "INBOX" 1 flags: \Flagged \Recent $MailFlagBit1 So, that performs as expected. However, when I test this with LDA, ? can reproduce your problem: $ doveadm fetch flags mailbox "Trash" 1 flags: \Recent $ doveadm fetch flags mailbox "INBOX" 1 flags: \Recent Will investigate more later today... Regards, Stephan. From tlx at leuxner.net Fri Jan 13 13:22:19 2017 From: tlx at leuxner.net (Thomas Leuxner) Date: Fri, 13 Jan 2017 14:22:19 +0100 Subject: Sieve removeflag Action In-Reply-To: References: <20170113081514.GA60507@nihlus.leuxner.net> Message-ID: <20170113132219.GA62702@nihlus.leuxner.net> * Stephan Bosch 2017.01.13 13:50: > So, that performs as expected. However, when I test this with LDA, ? can > reproduce your problem: > > $ doveadm fetch flags mailbox "Trash" 1 > flags: \Recent > $ doveadm fetch flags mailbox "INBOX" 1 > flags: \Recent > > Will investigate more later today... Thanks for confirming Stephan. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From tss at iki.fi Fri Jan 13 17:17:29 2017 From: tss at iki.fi (Timo Sirainen) Date: Fri, 13 Jan 2017 19:17:29 +0200 Subject: Dovecot source code audit Message-ID: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot Dates: October 2016 - January 2017 dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53. The team found the following problems: ? 3 Low The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations." From ek at remotesystems.ru Thu Jan 12 14:39:53 2017 From: ek at remotesystems.ru (=?utf-8?B?0JrQvtGA0L3QtdC10YfQtdCyINCV0LLQs9C10L3QuNC5?=) Date: Thu, 12 Jan 2017 17:39:53 +0300 (MSK) Subject: doveadm mailbox cryptokey - not found In-Reply-To: <94703063-3b8d-21c3-96df-7fdc9c9d2ac0@dovecot.fi> References: <757521990.15663.1484229905732.JavaMail.zimbra@remotesystems.ru> <94703063-3b8d-21c3-96df-7fdc9c9d2ac0@dovecot.fi> Message-ID: <957093853.16183.1484231993932.JavaMail.zimbra@remotesystems.ru> > > You forgot to load mail_crypt plugin. > > mail_plugins = $mail_plugins mail_crypt > With these settings also. # dovecot -n ..... mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_plugins = " mail_crypt" mbox_write_locks = fcntl ..... # service dovecot restart # doveadm mailbox cryptokey usage: doveadm [-Dv] [-f ......... # ls /usr/lib64/dovecot/modules/* | grep mail_crypt /usr/lib64/dovecot/modules/lib05_mail_crypt_acl_plugin.so /usr/lib64/dovecot/modules/lib10_mail_crypt_plugin.so /usr/lib64/dovecot/modules/libfs_mail_crypt.so /usr/lib64/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so -- ? ?????????, ????????? ???????, ??? "????????? ???????", ???: +7 (495) 989-48-28 ???: +7 (929) 589-95-26 ?-????: hotline at rem-sys.ru (??? ??????) ?-????: ek at rem-sys.ru (??????) From dovecot-user at tributh.net Fri Jan 13 19:39:33 2017 From: dovecot-user at tributh.net (Tributh) Date: Fri, 13 Jan 2017 20:39:33 +0100 Subject: TLS feature missing Message-ID: <1cS7hG-0006N1-4n@tributh.net> Hi, i was using dovecot 2.2.25 compiled with opnessl 1.0.2 I realised with a cipherscan utility that i was able to support mulitiple TLS curves. Now i upgraded to 2.2.27 with opnessl1.1.0 and was falling back to historical stages where my server only servers one TLS-curve: secp384r1 right now. One big reason to compile the new ersion with openssl1.1.0 was to bring CHACHA20-POLY1305 ciphers and X25519 curves to modern clients. The ciphers i am estimating are working fine, but X25519 and also secp521r1 ist now longer supported, like it was in dovecot 2.2.25. Is there something broken? Or a new (know missing) config feature? Or is it a bug ? Regards Torsten From news at mefox.org Fri Jan 13 20:05:47 2017 From: news at mefox.org (Michael Fox) Date: Fri, 13 Jan 2017 12:05:47 -0800 Subject: Dovecot source code audit In-Reply-To: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> References: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> Message-ID: <0b7f01d26dd8$6ee7e360$4cb7aa20$@mefox.org> Congratulations Timo and all. Michael > -----Original Message----- > From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Timo > Sirainen > Sent: Friday, January 13, 2017 9:17 AM > To: Dovecot Mailing List > Subject: Dovecot source code audit > > Mozilla sponsored source code audit for Dovecot. So thanks to them we have > our first public code audit: > https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot > > Dates: October 2016 - January 2017 > > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server > deployments worldwide. The audit was performed by Cure53. > > The team found the following problems: > > ? 3 Low > > The Cure53 team were extremely impressed with the quality of the dovecot > code. They wrote: "Despite much effort and thoroughly all-encompassing > approach, the Cure53 testers only managed to assert the excellent > security-standing of Dovecot. More specifically, only three minor security > issues have been found in the codebase, thus translating to an > exceptionally good outcome for Dovecot, and a true testament to the fact > that keeping security promises is at the core of the Dovecot development > and operations." From listeem at ksb.id.lv Fri Jan 13 20:19:24 2017 From: listeem at ksb.id.lv (KSB) Date: Fri, 13 Jan 2017 22:19:24 +0200 Subject: Dovecot source code audit In-Reply-To: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> References: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> Message-ID: <2e425ed1-82ed-ce0a-f944-480360d17acf@ksb.id.lv> On 2017.01.13. 19:17, Timo Sirainen wrote: > Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot > > Dates: October 2016 - January 2017 > > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53. > > The team found the following problems: > > ? 3 Low > > The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations." > Congratulations and thank you for good work! -- KSB From larryrtx at gmail.com Fri Jan 13 20:23:54 2017 From: larryrtx at gmail.com (Larry Rosenman) Date: Fri, 13 Jan 2017 14:23:54 -0600 Subject: Dovecot source code audit In-Reply-To: <0b7f01d26dd8$6ee7e360$4cb7aa20$@mefox.org> References: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> <0b7f01d26dd8$6ee7e360$4cb7aa20$@mefox.org> Message-ID: Great news! I read the report, and it was enlightening as well. Congrats, Timo & Dovecot folks! On Fri, Jan 13, 2017 at 2:05 PM, Michael Fox wrote: > Congratulations Timo and all. > > Michael > > > > -----Original Message----- > > From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Timo > > Sirainen > > Sent: Friday, January 13, 2017 9:17 AM > > To: Dovecot Mailing List > > Subject: Dovecot source code audit > > > > Mozilla sponsored source code audit for Dovecot. So thanks to them we > have > > our first public code audit: > > https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot > > > > Dates: October 2016 - January 2017 > > > > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server > > deployments worldwide. The audit was performed by Cure53. > > > > The team found the following problems: > > > > ? 3 Low > > > > The Cure53 team were extremely impressed with the quality of the dovecot > > code. They wrote: "Despite much effort and thoroughly all-encompassing > > approach, the Cure53 testers only managed to assert the excellent > > security-standing of Dovecot. More specifically, only three minor > security > > issues have been found in the codebase, thus translating to an > > exceptionally good outcome for Dovecot, and a true testament to the fact > > that keeping security promises is at the core of the Dovecot development > > and operations." > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281 From michael at felt.demon.nl Fri Jan 13 23:25:21 2017 From: michael at felt.demon.nl (Michael Felt) Date: Sat, 14 Jan 2017 00:25:21 +0100 Subject: Dovecot source code audit In-Reply-To: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> References: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> Message-ID: <587961E1.2060200@felt.demon.nl> Congradulations. (Reminds me that is time I got started on the AIX xlc port...) On 13-Jan-17 18:17, Timo Sirainen wrote: > Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot > > Dates: October 2016 - January 2017 > > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53. > > The team found the following problems: > > ? 3 Low > > The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations." > From stephan at rename-it.nl Sat Jan 14 11:35:46 2017 From: stephan at rename-it.nl (Stephan Bosch) Date: Sat, 14 Jan 2017 12:35:46 +0100 Subject: Sieve removeflag Action In-Reply-To: <20170113132219.GA62702@nihlus.leuxner.net> References: <20170113081514.GA60507@nihlus.leuxner.net> <20170113132219.GA62702@nihlus.leuxner.net> Message-ID: Op 1/13/2017 om 2:22 PM schreef Thomas Leuxner: > * Stephan Bosch 2017.01.13 13:50: > >> So, that performs as expected. However, when I test this with LDA, ? can >> reproduce your problem: >> >> $ doveadm fetch flags mailbox "Trash" 1 >> flags: \Recent >> $ doveadm fetch flags mailbox "INBOX" 1 >> flags: \Recent >> >> Will investigate more later today... > Thanks for confirming Stephan. Fixed: https://github.com/dovecot/pigeonhole/commit/772485538302957ebada484b6eedec57136bc737 Regards, Stephan. From tlx at leuxner.net Sat Jan 14 14:20:21 2017 From: tlx at leuxner.net (Thomas Leuxner) Date: Sat, 14 Jan 2017 15:20:21 +0100 Subject: Sieve removeflag Action In-Reply-To: References: <20170113081514.GA60507@nihlus.leuxner.net> <20170113132219.GA62702@nihlus.leuxner.net> Message-ID: <20170114142021.GA43075@nihlus.leuxner.net> * Stephan Bosch 2017.01.14 12:35: > Fixed: > > https://github.com/dovecot/pigeonhole/commit/772485538302957ebada484b6eedec57136bc737 > > Regards, > > Stephan. Confirmed effective. Thanks! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From larryrtx at gmail.com Sat Jan 14 14:50:08 2017 From: larryrtx at gmail.com (Larry Rosenman) Date: Sat, 14 Jan 2017 08:50:08 -0600 Subject: Sieve removeflag Action In-Reply-To: <20170114142021.GA43075@nihlus.leuxner.net> References: <20170113081514.GA60507@nihlus.leuxner.net> <20170113132219.GA62702@nihlus.leuxner.net> <20170114142021.GA43075@nihlus.leuxner.net> Message-ID: I guess I should pick this up for the FreeBSD port :) -- will do. On 1/14/17, Thomas Leuxner wrote: > * Stephan Bosch 2017.01.14 12:35: > >> Fixed: >> >> https://github.com/dovecot/pigeonhole/commit/772485538302957ebada484b6eedec57136bc737 >> >> Regards, >> >> Stephan. > > Confirmed effective. Thanks! > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281 From dovecot-ml at cmb.ch Sun Jan 15 08:34:08 2017 From: dovecot-ml at cmb.ch (C. Bernard) Date: Sun, 15 Jan 2017 09:34:08 +0100 Subject: Panic: file istream-zlib.c: ...assertion failed: (ret == -1) / core dump on signal 6 / zlib Message-ID: <20170115093408.Horde.pGNl4_iY_JVucYwUK76Nkbk@cmb.ch> Hello! I have several gzip'ed mbox Files in my home dir and the problem occurs when I use one of the gzip'ed files as shown mbox in the gui and want to see one mail of it. It also happens on the extended search from Horde which then such a gzip'ed file. Example file: # file In_2014.gz In_2014.gz: gzip compressed data, was "In_2014", last modified: Wed Dec 2 10:53:22 2015, from Unix This happens with any gz Files. That's why I tried to sort out any problem else before submitting this. Directly connecting to dovecot imap (circumvention imapproxy) shows the same error. This setup was in place for 4 years with another server: It did not occur with dovecot 2.2.25 an up-imapproxy1.2.7 (Horde 5.2.12/imp5.2.16) on FreeBsd9.3-p55 (my old server). (I did not update to 2.2.27 on the last server as the maintainer just removed the ssl option from config I...and I knew I would update anyway soon,so I have no test of 2.2.27 with the old setup) The actual setup as follows: System is 10.3-RELEASE-p15 on amd64 Horde ist 5.2.13 / imp 6.2.17 / php-horde_lz4-1.0.7_1 (which is I guess unused here) Lz4 is liblz4-131 FS is UFS connection: Horde webmail -> 1143:imapproxyd:143 -> dovceot imap (or directly -> same) Jan 15 08:40:58 server dovecot: imap(xxx): Panic: file istream-zlib.c: line 416 (i_stream_zlib_seek): assertion failed: (ret == -1) Jan 15 08:40:59 server kernel: pid 73887 (imap), uid 1000: exited on signal 6 (core dumped) Jan 15 08:40:59 server dovecot: imap(xxx): Fatal: master: service(imap): child 73887 killed with signal 6 (core dumped) Jan 15 08:40:59 server HORDE: [imp] [fetch] IMAP error reported by server. [pid 69574 on line 730 of "/usr/local/www/htdocs/m/imp/lib/Imap.php"] Jan 15 08:40:59 server HORDE: [imp] [status] IMAP error reported by server. [pid 69574 on line 730 of "/usr/local/www/htdocs/m/imp/lib/Imap.php"] and Jan 15 08:40:56 server in.imapproxyd[912]: LOGOUT: 'xxx' from server sd [12] Jan 15 08:40:58 server in.imapproxyd[912]: LOGIN: 'xxx' (127.0.0.1:33269) on existing sd [12] Jan 15 08:40:59 server in.imapproxyd[912]: Get_Server_conn(): Unable to reuse server sd [12] for user 'xxx' (127.0.0.1:50504). Connection closed by server. # dovecot -n # 2.2.27 (c0f36b0): /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.3-RELEASE-p11 amd64 auth_mechanisms = plain login disable_plaintext_auth = no first_valid_gid = 100 first_valid_uid = 1000 mail_location = mbox:~/:INBOX=/var/mail/%u mail_plugins = " zlib" mail_privileged_group = mail passdb { args = session=yes dovecot driver = pam } protocols = imap pop3 service auth { unix_listener auth-client { mode = 0660 } unix_listener auth-master { mode = 0600 } user = root } service imap { drop_priv_before_exec = yes } ssl = no userdb { args = blocking=yes driver = passwd } verbose_proctitle = yes protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv } protocol lda { sendmail_path = /usr/sbin/sendmail } (gdb) bt full #0 0x000000001115c39a in thr_kill () from /lib/libc.so.7 #1 0x000000001115c386 in raise () from /lib/libc.so.7 #2 0x000000001115c309 in abort () from /lib/libc.so.7 #3 0x0000000010e1c9b4 in default_fatal_handler () from /usr/local/lib/dovecot/libdovecot.so.0 #4 0x0000000010e1d6e1 in i_set_failure_internal () from /usr/local/lib/dovecot/libdovecot.so.0 #5 0x0000000010e1cc59 in i_panic () from /usr/local/lib/dovecot/libdovecot.so.0 #6 0x000000001144ffae in i_stream_create_deflate () from /usr/local/lib/dovecot/lib20_zlib_plugin.so #7 0x0000000010e28051 in i_stream_seek_mark () from /usr/local/lib/dovecot/libdovecot.so.0 #8 0x0000000010ad7f15 in istream_raw_mbox_seek () from /usr/local/lib/dovecot/libdovecot-storage.so.0 #9 0x0000000010ad864d in mbox_file_seek () from /usr/local/lib/dovecot/libdovecot-storage.so.0 #10 0x0000000010ada7ad in mbox_dotlock_touch () from /usr/local/lib/dovecot/libdovecot-storage.so.0 #11 0x0000000010ada367 in mbox_dotlock_touch () from /usr/local/lib/dovecot/libdovecot-storage.so.0 #12 0x0000000010a9d365 in mail_get_hdr_stream_because () from /usr/local/lib/dovecot/libdovecot-storage.so.0 #13 0x0000000010b0cbe5 in index_mail_parse_headers () from /usr/local/lib/dovecot/libdovecot-storage.so.0 #14 0x0000000010b0f9d9 in index_mail_get_special () from /usr/local/lib/dovecot/libdovecot-storage.so.0 #15 0x0000000010b0f7b9 in index_mail_get_special () from /usr/local/lib/dovecot/libdovecot-storage.so.0 #16 0x0000000010a9d49f in mail_get_special () from /usr/local/lib/dovecot/libdovecot-storage.so.0 #17 0x000000000041cf1d in imap_fetch_handlers_deinit () #18 0x000000000041c561 in imap_fetch_more () #19 0x000000000041c1f8 in imap_fetch_more () #20 0x000000000040ff4e in cmd_fetch () #21 0x000000000041a4e6 in command_exec () #22 0x0000000000419573 in clients_destroy_all () #23 0x000000000041974f in clients_destroy_all () #24 0x0000000000418d9e in client_handle_input () #25 0x000000000041786c in client_input () #26 0x0000000010e31619 in io_loop_call_io () from /usr/local/lib/dovecot/libdovecot.so.0 #27 0x0000000010e3338d in io_loop_handler_run_internal () from /usr/local/lib/dovecot/libdovecot.so.0 #28 0x0000000010e31b33 in io_loop_handler_run () from /usr/local/lib/dovecot/libdovecot.so.0 #29 0x0000000010e31908 in io_loop_run () from /usr/local/lib/dovecot/libdovecot.so.0 #30 0x0000000010dbca08 in master_service_run () from /usr/local/lib/dovecot/libdovecot.so.0 #31 0x00000000004253f4 in main () Thanks C. From mwd at md5i.com Mon Jan 16 05:06:24 2017 From: mwd at md5i.com (Michael Welsh Duggan) Date: Mon, 16 Jan 2017 00:06:24 -0500 Subject: fts-solr: Returning 400 on searches; unescaped braces References: <87d1gorb13.fsf@md5i.com> Message-ID: <87wpdvlhkf.fsf@md5i.com> Should I try to get more information on this? Michael Welsh Duggan writes: > Using Debian, dovecot-solr 1:2.2.26.0-4, and solr-tomcat 3.6.2+dfsg-9, I > am getting 400 errors when doing searches. Here is an example search > query from dovecot that failed (captured with wireshark): > > Frame 23: 338 bytes on wire (2704 bits), 338 bytes captured (2704 bits) on interface 0 > Linux cooked capture > Internet Protocol Version 6, Src: ::1, Dst: ::1 > Transmission Control Protocol, Src Port: 56860, Dst Port: 8080, Seq: 1, Ack: 1, Len: 250 > Hypertext Transfer Protocol > GET /solr/select?fl=uid,score&rows=2664&sort=uid+asc&q={!lucene+q.op%3dAND}(hdr:test+OR+body:test)&fq=%2Bbox:6d5de009f991854df726000012cf7b9c+%2Buser:md5i HTTP/1.1\r\n > Host: localhost:8080\r\n > Date: Mon, 19 Dec 2016 00:25:56 GMT\r\n > Connection: Keep-Alive\r\n > \r\n > [Full request URI: http://localhost:8080/solr/select?fl=uid,score&rows=2664&sort=uid+asc&q={!lucene+q.op%3dAND}(hdr:test+OR+body:test)&fq=%2Bbox:6d5de009f991854df726000012cf7b9c+%2Buser:md5i] > [HTTP request 1/1] > [Response in frame: 25] > > Here is the same query from firefox, which succeeds: > > Frame 66: 646 bytes on wire (5168 bits), 646 bytes captured (5168 bits) on interface 0 > Linux cooked capture > Internet Protocol Version 6, Src: ::1, Dst: ::1 > Transmission Control Protocol, Src Port: 56862, Dst Port: 8080, Seq: 1, Ack: 1, Len: 558 > Hypertext Transfer Protocol > GET /solr/select?fl=uid,score&rows=2664&sort=uid+asc&q=%7B!lucene+q.op%3DAND%7D(hdr:test+OR+body:test)&fq=%2Bbox:6d5de009f991854df726000012cf7b9c+%2Buser:md5i HTTP/1.1\r\n > Host: localhost:8080\r\n > Connection: keep-alive\r\n > Cache-Control: max-age=0\r\n > Upgrade-Insecure-Requests: 1\r\n > User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36\r\n > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n > DNT: 1\r\n > Accept-Encoding: gzip, deflate, sdch, br\r\n > Accept-Language: en-US,en;q=0.8\r\n > \r\n > [Full request URI: http://localhost:8080/solr/select?fl=uid,score&rows=2664&sort=uid+asc&q=%7B!lucene+q.op%3DAND%7D(hdr:test+OR+body:test)&fq=%2Bbox:6d5de009f991854df726000012cf7b9c+%2Buser:md5i] > [HTTP request 1/1] > [Response in frame: 86] > > > The salient difference seems to be the encoding of the braces. Indeed > in the tomcat 8 logs, I find the following which seems to corroborate > my hypothesis: > > java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986 > at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:467) > at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:667) > at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789) > at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1437) > at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:745) > > Indeed the braces are listed in fts-backend-solr.c as part of > solr_escape_chars, so don't know how the braces are making it through > unencoded. -- Michael Welsh Duggan (md5i at md5i.com) From skdovecot at smail.inf.fh-brs.de Mon Jan 16 07:52:47 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 16 Jan 2017 08:52:47 +0100 (CET) Subject: Dovecot source code audit In-Reply-To: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> References: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 13 Jan 2017, Timo Sirainen wrote: > Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot > > Dates: October 2016 - January 2017 > > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53. > > The team found the following problems: > > ? 3 Low Congratulations. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWHx7z3z1H7kL/d9rAQIunAf+PTs0C03TD5Fa9R82DdZt370eluds0qTL M2N32QkDrmaTi6VkWg9I8v9YoV2jjg7zSy6lSskfqY8Pu2woKL9CplQaGTwwy7ki bs1uyjI2ZStBwgUkrhtFO/Tbxm6IqmMRm9NNfBmXnnwd8qFtYDlFPKxY9ah2A/bB qROhXftt+qM1l0LD1kv846AehZNJkMrrBmbkgWm83IndwpbiJ1BWd4nIv7cELSlA D5bKlD9y/qUIxUn0A2x4jrUwnfb+Tp99e3kuYcTlj3Tfh8k9e1+3BrPNjGEWL6pd s/fMXgddkqkXxzjqsl42QRrhs9EmblkUhrao55OFkSr0T+xttOwZ9g== =0/Te -----END PGP SIGNATURE----- From kremels at kreme.com Mon Jan 16 14:03:49 2017 From: kremels at kreme.com (@lbutlr) Date: Mon, 16 Jan 2017 07:03:49 -0700 Subject: Remove empty milder folders Message-ID: Not sure if anyone will find this useful, but this is how I deleted a bunch (several hundred) of empty mail folders from a user account: # doveadm mailbox status -u ?user at example.com" messages "*" ALL | grep "=0" | awk -F= '{print $1}' | awk '{print "rm -rf ."$1}' > list then I looked over list just to be sure it wasn?t mucked up and in the users root maildir: # sh < list and done. I probably could do some research on how to combine those two awk pipes but this worked, and it was fast. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures. From heiken at luis.uni-hannover.de Mon Jan 16 14:19:16 2017 From: heiken at luis.uni-hannover.de (Karsten Heiken) Date: Mon, 16 Jan 2017 15:19:16 +0100 Subject: Replication: Can't unsubscribe from shared mailbox In-Reply-To: <3c9532cf-9fc3-d7cd-ab83-96f9d26dc87f@luis.uni-hannover.de> References: <3c9532cf-9fc3-d7cd-ab83-96f9d26dc87f@luis.uni-hannover.de> Message-ID: <62065ec0-6bf6-efdb-03c7-76751a112bf1@luis.uni-hannover.de> Hi all, I hope it's okay to bump this once after four months. In the meantime we updated to 2.2.26.0 and our problem still persists: After unsubscribing from a shared mailbox, the subscription instantly re-appears. A pcap was attached to my original mail, in case it has something to do with dsync: http://dovecot.org/pipermail/dovecot/2016-September/105419.html Is anyone on this mailing list using replication in combination with shared folders? Does this problem exist for anyone else? I would love to hear from people who got this working or if anyone else is affected by this. My original post is at the end of this email; the current doveconf is also attached. Thank you very much, Karsten # doveconf -n # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 auth_cache_size = 10 M auth_cache_ttl = 2 hours default_vsz_limit = 1 G dict { acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } lmtp_rcpt_check_quota = yes login_trusted_networks = xxx mail_attribute_dict = file:%h/dovecot-attributes mail_gid = 7777 mail_location = mdbox:%h/mdbox mail_plugins = " zlib quota acl notify replication" mail_server_admin = mailto:postmaster at xxx mail_server_comment = xxx mail_shared_explicit_inbox = yes mail_uid = 7777 mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify mdbox_rotate_size = 10 M namespace { hidden = no ignore_on_failure = no inbox = no list = children location = mdbox:%%h/mdbox:INDEXPVT=%h/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { hidden = no inbox = yes list = yes location = mailbox 30dTrash { auto = subscribe autoexpunge = 30 days special_use = \Junk } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile acl_shared_dict = proxy::acl mail_replica = tcp:xxx:24245 quota = dict:User quota::noenforcing:file:%h/dovecot-quota quota_grace = 2%% quota_rule = *:storage=8G quota_status_nouser = DUNNO quota_status_overquota = DUNNO quota_status_success = DUNNO sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_max_actions = 250 sieve_max_redirects = 200 zlib_save = gz zlib_save_level = 6 } postmaster_address = postmaster at xxx protocols = " imap lmtp sieve pop3 sieve" replication_dsync_parameters = -d -l 30 -U -N replication_max_conns = 5 service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service auth { unix_listener auth-userdb { group = vmail user = vmail } } service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service doveadm { inet_listener { port = 24245 } } service imap-login { process_min_avail = 16 service_count = 0 } service imap { executable = imap postlogin process_limit = 30000 } service lmtp { inet_listener lmtp { port = 24 } vsz_limit = 1 G } service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { process_limit = 1024 } service pop3-login { process_min_avail = 4 service_count = 0 } service pop3 { process_limit = 2500 } service postlogin { executable = script-login -d rawlog /usr/local/bin/dovecot-postlogin.sh } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12340 } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 user = vmail } } shutdown_clients = no ssl_cert = Hi, > > I am running two dovecot servers active/active. > Everything runs pretty great, except for the replication of subscriptions in a shared namespace. > > When I unsubscribe from a folder the subscription instantly re-appears. The timestamp on the subscriptions file is updated, but the entry is still in there. > If the other node is shut down, everything works as expected, which leads me to believe that the subscription is re-applied upon a replicator-run. > > I attached a tcpdump of a dsync run. > The only action that was executed was to unsubscribe from the folder shared/weinrot at luis.uni-hannover.de/INBOX. > > Is there any other way I might help debugging this? > > > Thanks, > Karsten > > > # 2.2.24 (a82c823): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.13 (7b14904) > # OS: Linux 2.6.32-44-pve x86_64 Debian 8.5 > default_vsz_limit = 512 M > dict { > acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext > } > imap_max_line_length = 2 M > lmtp_rcpt_check_quota = yes > mail_attribute_dict = file:%h/Maildir/dovecot-attributes > mail_gid = 7777 > mail_location = maildir:%h/Maildir:LAYOUT=fs:DIRNAME=maiLdir > mail_plugins = " zlib quota acl notify replication " > mail_shared_explicit_inbox = yes > mail_uid = 7777 > mailbox_list_index = yes > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify > namespace { > hidden = no > ignore_on_failure = no > inbox = no > list = children > location = maildir:%%h/Maildir:INDEXPVT=%h/shared/%%u:LAYOUT=fs:DIRNAME=maiLdir > prefix = shared/%%u/ > separator = / > subscriptions = yes > type = shared > } > namespace inbox { > hidden = no > inbox = yes > list = yes > location = > mailbox 30dTrash { > auto = subscribe > autoexpunge = 30 days > special_use = \Junk > } > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > separator = / > subscriptions = yes > type = private > } > passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > plugin { > acl = vfile > acl_shared_dict = proxy::acl > mail_replica = tcp:10.6.1.10:24245 > quota = maildir:Postfach-Limit > quota_grace = 2%% > quota_rule = *:storage=8G > quota_status_nouser = DUNNO > quota_status_overquota = 552 5.2.2 Mailbox is full > quota_status_success = DUNNO > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > sieve_extensions = +notify +imapflags > sieve_max_actions = 250 > sieve_max_redirects = 200 > zlib_save = gz > zlib_save_level = 6 > } > protocols = " imap lmtp sieve pop3 sieve" > replication_dsync_parameters = -d -l 300 -U -N > service aggregator { > fifo_listener replication-notify-fifo { > user = vmail > } > unix_listener replication-notify { > user = vmail > } > } > service auth { > unix_listener auth-userdb { > group = vmail > user = vmail > } > } > service dict { > unix_listener dict { > group = vmail > mode = 0660 > user = vmail > } > } > service doveadm { > inet_listener { > port = 24245 > } > } > service imap-login { > process_min_avail = 16 > service_count = 0 > } > service imap { > executable = imap postlogin > process_limit = 30000 > } > service lmtp { > inet_listener lmtp { > port = 24 > } > vsz_limit = 1 G > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > } > service managesieve { > process_limit = 1024 > } > service pop3-login { > process_min_avail = 4 > service_count = 0 > } > service pop3 { > process_limit = 2500 > } > service postlogin { > executable = script-login -d rawlog /usr/local/bin/dovecot-postlogin.sh > } > service quota-status { > client_limit = 1 > executable = quota-status -p postfix > inet_listener { > port = 12340 > } > } > service replicator { > process_min_avail = 1 > unix_listener replicator-doveadm { > mode = 0600 > user = vmail > } > } > shutdown_clients = no > ssl_cert = ssl_key = syslog_facility = local6 > userdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > default_fields = home=/var/vmail/%Ld/%Ln quota_rule=*:bytes=8589934592 > driver = ldap > } > verbose_proctitle = yes > protocol lmtp { > mail_plugins = " zlib quota acl notify replication sieve quota" > } > protocol lda { > mail_plugins = " zlib quota acl notify replication sieve" > } > protocol imap { > imap_metadata = yes > mail_max_userip_connections = 100 > mail_plugins = " zlib quota acl notify replication imap_quota imap_acl" > } > protocol pop3 { > mail_max_userip_connections = 10 > mail_plugins = " zlib quota acl notify replication" > } > From mikefroehner at gmx.de Mon Jan 16 14:34:20 2017 From: mikefroehner at gmx.de (=?UTF-8?Q?Mike_Fr=c3=b6hner?=) Date: Mon, 16 Jan 2017 15:34:20 +0100 Subject: Replication: Can't unsubscribe from shared mailbox In-Reply-To: <62065ec0-6bf6-efdb-03c7-76751a112bf1@luis.uni-hannover.de> References: <3c9532cf-9fc3-d7cd-ab83-96f9d26dc87f@luis.uni-hannover.de> <62065ec0-6bf6-efdb-03c7-76751a112bf1@luis.uni-hannover.de> Message-ID: Hi Karsten, I have a similar issue with current 2.2.27 version on CentOS with public folder/namespaces on a active/active replication. I am able to subscribe the public folder on one dovecot, but it is not replicated to the 2nd dovecot throught dsync. Everything else is fine with dsync, also the replication of the subscription of private/personal folder. Currently I am trying to debug this at the source code, but my C is quite dusty. Mike; On 01/16/2017 03:19 PM, Karsten Heiken wrote: > Hi all, > > I hope it's okay to bump this once after four months. > > In the meantime we updated to 2.2.26.0 and our problem still persists: > After unsubscribing from a shared mailbox, the subscription instantly > re-appears. > A pcap was attached to my original mail, in case it has something to do > with dsync: > http://dovecot.org/pipermail/dovecot/2016-September/105419.html > > Is anyone on this mailing list using replication in combination with > shared folders? > Does this problem exist for anyone else? I would love to hear from > people who got this working or if anyone else is affected by this. > > My original post is at the end of this email; the current doveconf is > also attached. > > > Thank you very much, > > Karsten > > # doveconf -n > # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.16 (fed8554) > # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 > auth_cache_size = 10 M > auth_cache_ttl = 2 hours > default_vsz_limit = 1 G > dict { > acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext > } > lmtp_rcpt_check_quota = yes > login_trusted_networks = xxx > mail_attribute_dict = file:%h/dovecot-attributes > mail_gid = 7777 > mail_location = mdbox:%h/mdbox > mail_plugins = " zlib quota acl notify replication" > mail_server_admin = mailto:postmaster at xxx > mail_server_comment = xxx > mail_shared_explicit_inbox = yes > mail_uid = 7777 > mailbox_list_index = yes > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date index ihave duplicate mime foreverypart > extracttext imapflags notify > mdbox_rotate_size = 10 M > namespace { > hidden = no > ignore_on_failure = no > inbox = no > list = children > location = mdbox:%%h/mdbox:INDEXPVT=%h/shared/%%u > prefix = shared/%%u/ > separator = / > subscriptions = no > type = shared > } > namespace inbox { > hidden = no > inbox = yes > list = yes > location = > mailbox 30dTrash { > auto = subscribe > autoexpunge = 30 days > special_use = \Junk > } > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > separator = / > subscriptions = yes > type = private > } > passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > plugin { > acl = vfile > acl_shared_dict = proxy::acl > mail_replica = tcp:xxx:24245 > quota = dict:User quota::noenforcing:file:%h/dovecot-quota > quota_grace = 2%% > quota_rule = *:storage=8G > quota_status_nouser = DUNNO > quota_status_overquota = DUNNO > quota_status_success = DUNNO > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > sieve_extensions = +notify +imapflags > sieve_max_actions = 250 > sieve_max_redirects = 200 > zlib_save = gz > zlib_save_level = 6 > } > postmaster_address = postmaster at xxx > protocols = " imap lmtp sieve pop3 sieve" > replication_dsync_parameters = -d -l 30 -U -N > replication_max_conns = 5 > service aggregator { > fifo_listener replication-notify-fifo { > user = vmail > } > unix_listener replication-notify { > user = vmail > } > } > service auth { > unix_listener auth-userdb { > group = vmail > user = vmail > } > } > service dict { > unix_listener dict { > group = vmail > mode = 0660 > user = vmail > } > } > service doveadm { > inet_listener { > port = 24245 > } > } > service imap-login { > process_min_avail = 16 > service_count = 0 > } > service imap { > executable = imap postlogin > process_limit = 30000 > } > service lmtp { > inet_listener lmtp { > port = 24 > } > vsz_limit = 1 G > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > } > service managesieve { > process_limit = 1024 > } > service pop3-login { > process_min_avail = 4 > service_count = 0 > } > service pop3 { > process_limit = 2500 > } > service postlogin { > executable = script-login -d rawlog /usr/local/bin/dovecot-postlogin.sh > } > service quota-status { > client_limit = 1 > executable = quota-status -p postfix > inet_listener { > port = 12340 > } > } > service replicator { > process_min_avail = 1 > unix_listener replicator-doveadm { > mode = 0600 > user = vmail > } > } > shutdown_clients = no > ssl_cert = ssl_key = # hidden, use -P to show it > syslog_facility = local6 > userdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > default_fields = home=/var/vmail/%Ld/%Ln quota_rule=*:bytes=8589934592 > driver = ldap > } > verbose_proctitle = yes > protocol lmtp { > mail_plugins = " zlib quota acl notify replication sieve quota" > } > protocol lda { > mail_plugins = " zlib quota acl notify replication sieve" > } > protocol imap { > imap_metadata = yes > mail_max_userip_connections = 100 > mail_plugins = " zlib quota acl notify replication imap_quota imap_acl" > } > protocol pop3 { > mail_max_userip_connections = 10 > mail_plugins = " zlib quota acl notify replication" > } > > > Am 13.09.2016 um 13:43 schrieb Karsten Heiken: >> Hi, >> >> I am running two dovecot servers active/active. >> Everything runs pretty great, except for the replication of >> subscriptions in a shared namespace. >> >> When I unsubscribe from a folder the subscription instantly >> re-appears. The timestamp on the subscriptions file is updated, but >> the entry is still in there. >> If the other node is shut down, everything works as expected, which >> leads me to believe that the subscription is re-applied upon a >> replicator-run. >> >> I attached a tcpdump of a dsync run. >> The only action that was executed was to unsubscribe from the folder >> shared/weinrot at luis.uni-hannover.de/INBOX. >> >> Is there any other way I might help debugging this? >> >> >> Thanks, >> Karsten >> >> >> # 2.2.24 (a82c823): /etc/dovecot/dovecot.conf >> # Pigeonhole version 0.4.13 (7b14904) >> # OS: Linux 2.6.32-44-pve x86_64 Debian 8.5 >> default_vsz_limit = 512 M >> dict { >> acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext >> } >> imap_max_line_length = 2 M >> lmtp_rcpt_check_quota = yes >> mail_attribute_dict = file:%h/Maildir/dovecot-attributes >> mail_gid = 7777 >> mail_location = maildir:%h/Maildir:LAYOUT=fs:DIRNAME=maiLdir >> mail_plugins = " zlib quota acl notify replication " >> mail_shared_explicit_inbox = yes >> mail_uid = 7777 >> mailbox_list_index = yes >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope >> encoded-character vacation subaddress comparator-i;ascii-numeric >> relational regex imap4flags copy include variables body enotify >> environment mailbox date index ihave duplicate mime foreverypart >> extracttext imapflags notify >> namespace { >> hidden = no >> ignore_on_failure = no >> inbox = no >> list = children >> location = >> maildir:%%h/Maildir:INDEXPVT=%h/shared/%%u:LAYOUT=fs:DIRNAME=maiLdir >> prefix = shared/%%u/ >> separator = / >> subscriptions = yes >> type = shared >> } >> namespace inbox { >> hidden = no >> inbox = yes >> list = yes >> location = >> mailbox 30dTrash { >> auto = subscribe >> autoexpunge = 30 days >> special_use = \Junk >> } >> mailbox Drafts { >> auto = subscribe >> special_use = \Drafts >> } >> mailbox Sent { >> auto = subscribe >> special_use = \Sent >> } >> mailbox Trash { >> auto = subscribe >> special_use = \Trash >> } >> prefix = >> separator = / >> subscriptions = yes >> type = private >> } >> passdb { >> args = /etc/dovecot/dovecot-ldap.conf.ext >> driver = ldap >> } >> plugin { >> acl = vfile >> acl_shared_dict = proxy::acl >> mail_replica = tcp:10.6.1.10:24245 >> quota = maildir:Postfach-Limit >> quota_grace = 2%% >> quota_rule = *:storage=8G >> quota_status_nouser = DUNNO >> quota_status_overquota = 552 5.2.2 Mailbox is full >> quota_status_success = DUNNO >> sieve = ~/.dovecot.sieve >> sieve_dir = ~/sieve >> sieve_extensions = +notify +imapflags >> sieve_max_actions = 250 >> sieve_max_redirects = 200 >> zlib_save = gz >> zlib_save_level = 6 >> } >> protocols = " imap lmtp sieve pop3 sieve" >> replication_dsync_parameters = -d -l 300 -U -N >> service aggregator { >> fifo_listener replication-notify-fifo { >> user = vmail >> } >> unix_listener replication-notify { >> user = vmail >> } >> } >> service auth { >> unix_listener auth-userdb { >> group = vmail >> user = vmail >> } >> } >> service dict { >> unix_listener dict { >> group = vmail >> mode = 0660 >> user = vmail >> } >> } >> service doveadm { >> inet_listener { >> port = 24245 >> } >> } >> service imap-login { >> process_min_avail = 16 >> service_count = 0 >> } >> service imap { >> executable = imap postlogin >> process_limit = 30000 >> } >> service lmtp { >> inet_listener lmtp { >> port = 24 >> } >> vsz_limit = 1 G >> } >> service managesieve-login { >> inet_listener sieve { >> port = 4190 >> } >> } >> service managesieve { >> process_limit = 1024 >> } >> service pop3-login { >> process_min_avail = 4 >> service_count = 0 >> } >> service pop3 { >> process_limit = 2500 >> } >> service postlogin { >> executable = script-login -d rawlog >> /usr/local/bin/dovecot-postlogin.sh >> } >> service quota-status { >> client_limit = 1 >> executable = quota-status -p postfix >> inet_listener { >> port = 12340 >> } >> } >> service replicator { >> process_min_avail = 1 >> unix_listener replicator-doveadm { >> mode = 0600 >> user = vmail >> } >> } >> shutdown_clients = no >> ssl_cert = > ssl_key = > syslog_facility = local6 >> userdb { >> args = /etc/dovecot/dovecot-ldap.conf.ext >> default_fields = home=/var/vmail/%Ld/%Ln quota_rule=*:bytes=8589934592 >> driver = ldap >> } >> verbose_proctitle = yes >> protocol lmtp { >> mail_plugins = " zlib quota acl notify replication sieve quota" >> } >> protocol lda { >> mail_plugins = " zlib quota acl notify replication sieve" >> } >> protocol imap { >> imap_metadata = yes >> mail_max_userip_connections = 100 >> mail_plugins = " zlib quota acl notify replication imap_quota >> imap_acl" >> } >> protocol pop3 { >> mail_max_userip_connections = 10 >> mail_plugins = " zlib quota acl notify replication" >> } >> > From ekorneechev at altlinux.org Mon Jan 16 15:17:44 2017 From: ekorneechev at altlinux.org (Evgeniy Korneechev) Date: Mon, 16 Jan 2017 18:17:44 +0300 (MSK) Subject: Plugin "mail_crypt" does not work In-Reply-To: <914e418a-6b99-39fe-0c88-97963c205b04@dovecot.fi> References: <1094740409.24773.1484302902673.JavaMail.zimbra@remotesystems.ru> <914e418a-6b99-39fe-0c88-97963c205b04@dovecot.fi> Message-ID: <271027769.41400.1484579864891.JavaMail.zimbra@remotesystems.ru> We tried these rights: [root at mail44 dovecot]# ls -la ????? 80 drwxr-xr-x 8 root root 4096 ??? 13 13:17 . drwxr-xr-x 98 root root 12288 ??? 11 11:47 .. drwxrwxrwx 2 root root 4096 ??? 10 15:58 eckey drwxr-xr-x 2 root root 4096 ??? 13 12:42 eckey2 drwxr-xr-x 2 vmail vmail 4096 ??? 11 09:14 RSAkey [root at mail44 dovecot]# cd eckey2 [root at mail44 eckey2]# ls -la ????? 16 drwxr-xr-x 2 root root 4096 ??? 13 12:42 . drwxr-xr-x 8 root root 4096 ??? 13 13:17 .. -rw-r--r-- 1 root root 316 ??? 13 12:41 ecprivkey.pem -rw-r--r-- 1 root root 232 ??? 13 12:42 ecpubkey.pem ----- ???????? ????????? ----- > ??: "Aki Tuomi" > ????: "dovecot" > ????????????: ???????, 13 ?????? 2017 ? 14:18:55 > ????: Re: Plugin "mail_crypt" does not work > On 13.01.2017 12:21, Evgeniy Korneechev wrote: >> mail_crypt_global_public_key = > Is this world-wide readable file? Is LDA able to access this? > > Aki -- WBR, BaseALT/ALTLinux Team From mailinglist at darac.org.uk Mon Jan 16 15:48:02 2017 From: mailinglist at darac.org.uk (Darac Marjal) Date: Mon, 16 Jan 2017 15:48:02 +0000 Subject: Remove empty milder folders In-Reply-To: References: Message-ID: <20170116154802.vak5vig5uec3tqb2@darac.org.uk> On Mon, Jan 16, 2017 at 07:03:49AM -0700, @lbutlr wrote: >Not sure if anyone will find this useful, but this is how I deleted a bunch (several hundred) of empty mail folders from a user account: > ># doveadm mailbox status -u ?user at example.com" messages "*" ALL | grep "=0" | awk -F= '{print $1}' | awk '{print "rm -rf ."$1}' > list > >then I looked over list just to be sure it wasn?t mucked up and in the users root maildir: > ># sh < list > >and done. > >I probably could do some research on how to combine those two awk pipes but this worked, and it was fast. You may also want to *consider* removing those mailboxes from your subscriptions, too. I ran into this recently and IMAP considers the list of folders that exist and the list of folders that are subscribed to be separate entities. The RFCs specifically say that deleting a folder should not invalidate the subscription (presumably because you might want to remain subscribed to it if it comes back). If you don't unsubscribe, then some MUAs will show your folders as "greyed out". So, depending on what you're trying to do, you might want to "doveadm mailbox unsubscribe -u "user at example.com" $MAILBOX". > >-- >Apple broke AppleScripting signatures in Mail.app, so no random signatures. -- For more information, please reread. From prakash.autade at gmail.com Mon Jan 16 16:31:36 2017 From: prakash.autade at gmail.com (Prakash Autade) Date: Mon, 16 Jan 2017 22:01:36 +0530 Subject: Dovecot source code audit In-Reply-To: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> References: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> Message-ID: Congratulations. On 13 January 2017 at 22:47, Timo Sirainen wrote: > Mozilla sponsored source code audit for Dovecot. So thanks to them we have > our first public code audit: https://wiki.mozilla.org/MOSS/ > Secure_Open_Source/Completed#dovecot > > Dates: October 2016 - January 2017 > > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server > deployments worldwide. The audit was performed by Cure53. > > The team found the following problems: > > ? 3 Low > > The Cure53 team were extremely impressed with the quality of the dovecot > code. They wrote: "Despite much effort and thoroughly all-encompassing > approach, the Cure53 testers only managed to assert the excellent > security-standing of Dovecot. More specifically, only three minor security > issues have been found in the codebase, thus translating to an > exceptionally good outcome for Dovecot, and a true testament to the fact > that keeping security promises is at the core of the Dovecot development > and operations." > -- Sincerely, Prakash P. Autade. From odhiambo at gmail.com Mon Jan 16 17:27:37 2017 From: odhiambo at gmail.com (Odhiambo Washington) Date: Mon, 16 Jan 2017 20:27:37 +0300 Subject: Dovecot source code audit In-Reply-To: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> References: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> Message-ID: On 13 January 2017 at 20:17, Timo Sirainen wrote: > Mozilla sponsored source code audit for Dovecot. So thanks to them we have > our first public code audit: https://wiki.mozilla.org/MOSS/ > Secure_Open_Source/Completed#dovecot > > Dates: October 2016 - January 2017 > > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server > deployments worldwide. The audit was performed by Cure53. > > The team found the following problems: > > ? 3 Low > > The Cure53 team were extremely impressed with the quality of the dovecot > code. They wrote: "Despite much effort and thoroughly all-encompassing > approach, the Cure53 testers only managed to assert the excellent > security-standing of Dovecot. More specifically, only three minor security > issues have been found in the codebase, thus translating to an > exceptionally good outcome for Dovecot, and a true testament to the fact > that keeping security promises is at the core of the Dovecot development > and operations." > Congratulations! ".. used in 68% of IMAP server deployments worldwide." - congratulations to that too! -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft." From mfoley at ohprs.org Mon Jan 16 18:21:31 2017 From: mfoley at ohprs.org (Mark Foley) Date: Mon, 16 Jan 2017 13:21:31 -0500 Subject: Apparent Maildir permission issue Message-ID: <201701161821.v0GILV8o005133@mail.hprs.local> I've just upgraded from Slackware 14.1 to 14.2. I've not done anything with dovecot -- it's the same version that was running before the upgrade. However, now I'm getting a permission error: /var/log/maillog: Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) Jan 16 13:09:44 mail last message repeated 4 times Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/.Trash) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/tmp) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) Jan 16 13:09:45 mail last message repeated 11 times Permission on that folder are: $ ls -ld /home/HPRS/mark/Maildir drwx------ 17 HPRS\mark domusers 4096 Dec 7 23:07 /home/HPRS/mark/Maildir/ Permissions are unchanged since before the backup. What do I do to fix this? THX --Mark From dovecot at avv.solutions Mon Jan 16 18:25:17 2017 From: dovecot at avv.solutions (dovecot at avv.solutions) Date: Mon, 16 Jan 2017 19:25:17 +0100 Subject: Sieve: fileinto :create issue with Public Folder Message-ID: Hello Community, I face the following issue: - using a sieve script to file into a existing private folder: ok - using a sieve script to file into new private folder using ":create": ok - using a sieve script to file into a existing public folder: ok - using a sieve script to file into new public folder using ":create": NOK ! The returned message is: "Permission denied" and the message correctly falls back to inbox. HOWEVER, if I run "doveadm mailbox create -u myuser at mydomain Public/TheNewFolder", the folder is created, and the delete command works as well. Any tip? Running dovecot 2.2.13 on a pi/debian jessie Thanks From mwd at md5i.com Mon Jan 16 19:52:24 2017 From: mwd at md5i.com (Michael Welsh Duggan) Date: Mon, 16 Jan 2017 14:52:24 -0500 Subject: fts-solr: Returning 400 on searches; unescaped braces References: <87d1gorb13.fsf@md5i.com> Message-ID: <871sw2lr47.fsf@md5i.com> Michael Welsh Duggan writes: > Using Debian, dovecot-solr 1:2.2.26.0-4, and solr-tomcat 3.6.2+dfsg-9, I > am getting 400 errors when doing searches. Here is an example search > query from dovecot that failed (captured with wireshark): > > Frame 23: 338 bytes on wire (2704 bits), 338 bytes captured (2704 bits) on interface 0 > Linux cooked capture > Internet Protocol Version 6, Src: ::1, Dst: ::1 > Transmission Control Protocol, Src Port: 56860, Dst Port: 8080, Seq: 1, Ack: 1, Len: 250 > Hypertext Transfer Protocol > GET /solr/select?fl=uid,score&rows=2664&sort=uid+asc&q={!lucene+q.op%3dAND}(hdr:test+OR+body:test)&fq=%2Bbox:6d5de009f991854df726000012cf7b9c+%2Buser:md5i HTTP/1.1\r\n > Host: localhost:8080\r\n > Date: Mon, 19 Dec 2016 00:25:56 GMT\r\n > Connection: Keep-Alive\r\n > \r\n > [Full request URI: http://localhost:8080/solr/select?fl=uid,score&rows=2664&sort=uid+asc&q={!lucene+q.op%3dAND}(hdr:test+OR+body:test)&fq=%2Bbox:6d5de009f991854df726000012cf7b9c+%2Buser:md5i] > [HTTP request 1/1] > [Response in frame: 25] > > Here is the same query from firefox, which succeeds: > > Frame 66: 646 bytes on wire (5168 bits), 646 bytes captured (5168 bits) on interface 0 > Linux cooked capture > Internet Protocol Version 6, Src: ::1, Dst: ::1 > Transmission Control Protocol, Src Port: 56862, Dst Port: 8080, Seq: 1, Ack: 1, Len: 558 > Hypertext Transfer Protocol > GET /solr/select?fl=uid,score&rows=2664&sort=uid+asc&q=%7B!lucene+q.op%3DAND%7D(hdr:test+OR+body:test)&fq=%2Bbox:6d5de009f991854df726000012cf7b9c+%2Buser:md5i HTTP/1.1\r\n > Host: localhost:8080\r\n > Connection: keep-alive\r\n > Cache-Control: max-age=0\r\n > Upgrade-Insecure-Requests: 1\r\n > User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36\r\n > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n > DNT: 1\r\n > Accept-Encoding: gzip, deflate, sdch, br\r\n > Accept-Language: en-US,en;q=0.8\r\n > \r\n > [Full request URI: http://localhost:8080/solr/select?fl=uid,score&rows=2664&sort=uid+asc&q=%7B!lucene+q.op%3DAND%7D(hdr:test+OR+body:test)&fq=%2Bbox:6d5de009f991854df726000012cf7b9c+%2Buser:md5i] > [HTTP request 1/1] > [Response in frame: 86] > > > The salient difference seems to be the encoding of the braces. Indeed > in the tomcat 8 logs, I find the following which seems to corroborate > my hypothesis: > > java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986 > at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:467) > at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:667) > at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789) > at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1437) > at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:745) > > Indeed the braces are listed in fts-backend-solr.c as part of > solr_escape_chars, so don't know how the braces are making it through > unencoded. I have attached a patch which solves this problem. I initially tried changing http_url_escape_param() to include braces, but this did not solve the problem. I have to guess that the {!lucene+q.op=AND} bit does not travel through this function. So I just changed the braces in the lines where they were introduced into their encoded values. Since the equals-sign was already encoded this way there, it seemed to make sense. -------------- next part -------------- A non-text attachment was scrubbed... Name: escape-braces.patch Type: text/x-diff Size: 831 bytes Desc: not available URL: -------------- next part -------------- -- Michael Welsh Duggan (md5i at md5i.com) From mfoley at ohprs.org Mon Jan 16 21:09:46 2017 From: mfoley at ohprs.org (Mark Foley) Date: Mon, 16 Jan 2017 16:09:46 -0500 Subject: Apparent Maildir permission issue In-Reply-To: <201701161821.v0GILV8o005133@mail.hprs.local> References: <201701161821.v0GILV8o005133@mail.hprs.local> Message-ID: <201701162109.v0GL9ktO013417@mail.hprs.local> More info ... This is the only user having this permission problem. All other Thunderbird/dovecot users are getting mail file. They all have the same permissions set on their Maildir folder. --Mark -----Original Message----- From: Mark Foley Date: Mon, 16 Jan 2017 13:21:31 -0500 Organization: Ohio Highway Patrol Retirement System To: dovecot at dovecot.org Subject: Apparent Maildir permission issue I've just upgraded from Slackware 14.1 to 14.2. I've not done anything with dovecot -- it's the same version that was running before the upgrade. However, now I'm getting a permission error: /var/log/maillog: Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) Jan 16 13:09:44 mail last message repeated 4 times Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/.Trash) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/tmp) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) Jan 16 13:09:45 mail last message repeated 11 times Permission on that folder are: $ ls -ld /home/HPRS/mark/Maildir drwx------ 17 HPRS\mark domusers 4096 Dec 7 23:07 /home/HPRS/mark/Maildir/ Permissions are unchanged since before the backup. What do I do to fix this? THX --Mark From tss at iki.fi Mon Jan 16 21:53:14 2017 From: tss at iki.fi (Timo Sirainen) Date: Mon, 16 Jan 2017 23:53:14 +0200 Subject: Sieve: fileinto :create issue with Public Folder In-Reply-To: References: Message-ID: <5EEDFE86-554C-4166-97DB-2CD3590D4482@iki.fi> On 16 Jan 2017, at 20.25, dovecot at avv.solutions wrote: > > Hello Community, > > I face the following issue: > - using a sieve script to file into a existing private folder: ok > - using a sieve script to file into new private folder using ":create": ok > - using a sieve script to file into a existing public folder: ok > - using a sieve script to file into new public folder using ":create": NOK ! > > The returned message is: "Permission denied" and the message correctly falls back to inbox. > > HOWEVER, if I run "doveadm mailbox create -u myuser at mydomain Public/TheNewFolder", the folder is created, and the delete command works as well. > > Any tip? Can you create the folder via IMAP as the same user? : a create Public/TheNewFolder doveadm sometimes has some special permissions. From jtam.home at gmail.com Mon Jan 16 22:15:50 2017 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 16 Jan 2017 14:15:50 -0800 (PST) Subject: Remove empty milder folders In-Reply-To: References: Message-ID: @lbutlr writes: > Not sure if anyone will find this useful, but this is how I deleted a > bunch (several hundred) of empty mail folders from a user account: > > # doveadm mailbox status -u ?user at example.com" messages "*" ALL | grep "=0" | awk -F= '{print $1}' | awk '{print "rm -rf ."$1}' > list > ... > I probably could do some research on how to combine those two awk pipes > but this worked, and it was fast. You can collapse all 3 downstream processes doveadm ... | awk '/messages=0$/{print "rm -rf ./" substr($1,9}' >list Needs shell escaping/sanitizing if you don't want to be the victim of mischief (e.g. maildir='X;cd ..;rm -rf *'). Joseph Tam From bill at KnoxvilleChristian.org Mon Jan 16 22:51:48 2017 From: bill at KnoxvilleChristian.org (Bill Shirley) Date: Mon, 16 Jan 2017 17:51:48 -0500 Subject: Apparent Maildir permission issue In-Reply-To: <201701162109.v0GL9ktO013417@mail.hprs.local> References: <201701161821.v0GILV8o005133@mail.hprs.local> <201701162109.v0GL9ktO013417@mail.hprs.local> Message-ID: <9ba241f5-b186-504d-3d56-d193b7de9fd7@KnoxvilleChristian.org> I've gotten errors like this when it was actually a selinux denial. If you're running selinux, check those logs too. Bill On 1/16/2017 4:09 PM, Mark Foley wrote: > More info ... > > This is the only user having this permission problem. All other Thunderbird/dovecot users are > getting mail file. They all have the same permissions set on their Maildir folder. > > --Mark > > -----Original Message----- > From: Mark Foley > Date: Mon, 16 Jan 2017 13:21:31 -0500 > Organization: Ohio Highway Patrol Retirement System > To: dovecot at dovecot.org > Subject: Apparent Maildir permission issue > > I've just upgraded from Slackware 14.1 to 14.2. I've not done anything with dovecot -- it's the > same version that was running before the upgrade. However, now I'm getting a permission error: > > /var/log/maillog: > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > Jan 16 13:09:44 mail last message repeated 4 times > Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/.Trash) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/tmp) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > Jan 16 13:09:45 mail last message repeated 11 times > > Permission on that folder are: > > $ ls -ld /home/HPRS/mark/Maildir > drwx------ 17 HPRS\mark domusers 4096 Dec 7 23:07 /home/HPRS/mark/Maildir/ > > Permissions are unchanged since before the backup. > > What do I do to fix this? > > THX --Mark From ruga at protonmail.com Tue Jan 17 07:59:44 2017 From: ruga at protonmail.com (Ruga) Date: Tue, 17 Jan 2017 02:59:44 -0500 Subject: Dovecot source code audit In-Reply-To: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> References: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> Message-ID: Congratulations. On Fri, Jan 13, 2017 at 6:17 PM, Timo Sirainen <'tss at iki.fi'> wrote: Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot Dates: October 2016 - January 2017 dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53. The team found the following problems: ? 3 Low The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations." From ruga at protonmail.com Tue Jan 17 08:11:44 2017 From: ruga at protonmail.com (Ruga) Date: Tue, 17 Jan 2017 03:11:44 -0500 Subject: Dovecot source code audit In-Reply-To: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> References: <17069BC7-8E3F-4619-B0B4-612FE6A285E8@iki.fi> Message-ID: <0dvniH5cAIgdyKfSvjhjKVqUoxHEhHunpsIaD2bU6-sLb3lQYf1hGiQmu7Dr4I6cP4gtBPfjqXkwcNwB3gZJgdo5DLgvdY8bDzye9ie7R2o=@protonmail.com> "used in 68% of IMAP server deployments worldwide"... ... this means that hackers have a new target to prove themselves, and to prove Cure53 is less than we think they are. We ought to brace for the storm ahead. On Fri, Jan 13, 2017 at 6:17 PM, Timo Sirainen <'tss at iki.fi'> wrote: Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot Dates: October 2016 - January 2017 dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53. The team found the following problems: ? 3 Low The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations." From thorsten.hater at gmail.com Tue Jan 17 08:40:20 2017 From: thorsten.hater at gmail.com (Thorsten Hater) Date: Tue, 17 Jan 2017 09:40:20 +0100 Subject: Dynamic autoexpunge for IMAP folders Message-ID: Dear all, is there a way to allow users to set up something like autoexpunge on an individual IMAP folder basis? The idea I implemented does not seem to work, namely returning namespace/inbox/mailbox/Bla/autoexpunge=6h from a userdb, which results in Debug: Unknown userdb setting: plugin/namespace/inbox/mailbox/Bla/autoexpunge=6h >From older questions on the mailing list I gather that the mailbox Bla needs to be set up in the config before I can override its fields. If there is a way around this, I would gladly use this. Another solution that comes to mind would be to use a table-driven cron job, but I would prefer the cleanup to be triggered at delivering and/or moving mail. Best regards, Thorsten From tlx at leuxner.net Tue Jan 17 09:16:45 2017 From: tlx at leuxner.net (Thomas Leuxner) Date: Tue, 17 Jan 2017 10:16:45 +0100 Subject: Dynamic autoexpunge for IMAP folders In-Reply-To: References: Message-ID: <20170117091644.GA5212@nihlus.leuxner.net> * Thorsten Hater 2017.01.17 09:40: > namespace/inbox/mailbox/Bla/autoexpunge=6h > > from a userdb, which results in > > Debug: Unknown userdb setting: > plugin/namespace/inbox/mailbox/Bla/autoexpunge=6h userdb_namespace/inbox/mailbox/Bla/autoexpunge=6h Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From fredrik at roubert.name Tue Jan 17 09:31:47 2017 From: fredrik at roubert.name (Fredrik Roubert) Date: Tue, 17 Jan 2017 11:31:47 +0200 Subject: Reappearing emails In-Reply-To: <56D99DC1.4020106@Cleven.com> References: <56D99DC1.4020106@Cleven.com> Message-ID: <20170117093147.GA5946@sork.roubert.net> On Fri 04 Mar 2016 at 08:37 -0600, Ron Cleven wrote: > Recently we received a report from an Android IMAP user that emails that > he deleted without reading would often reappear in his INBOX. I have encountered this problem too. Did you ever solve it? Cheers // Fredrik Roubert -- Forsterstrasse 64 | +41 78 8170377 CH-8044 Z?rich | https://roubert.name/fredrik/ From stephan at rename-it.nl Tue Jan 17 09:50:02 2017 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 17 Jan 2017 10:50:02 +0100 Subject: fts-solr: Returning 400 on searches; unescaped braces In-Reply-To: <871sw2lr47.fsf@md5i.com> References: <87d1gorb13.fsf@md5i.com> <871sw2lr47.fsf@md5i.com> Message-ID: <00944a36-e42f-c3fe-6de5-32391c98261e@rename-it.nl> Op 16-1-2017 om 20:52 schreef Michael Welsh Duggan: > Michael Welsh Duggan writes: > >> Indeed the braces are listed in fts-backend-solr.c as part of >> solr_escape_chars, so don't know how the braces are making it through >> unencoded. > I have attached a patch which solves this problem. I initially tried > changing http_url_escape_param() to include braces, but this did not > solve the problem. I have to guess that the {!lucene+q.op=AND} bit does > not travel through this function. So I just changed the braces in the > lines where they were introduced into their encoded values. Since the > equals-sign was already encoded this way there, it seemed to make sense. Applied: https://github.com/dovecot/core/commit/c32d111cf4d8be4ffdc582b440b5348d87461066 Regards, Stephan. From thorsten.hater at gmail.com Tue Jan 17 09:57:23 2017 From: thorsten.hater at gmail.com (Thorsten Hater) Date: Tue, 17 Jan 2017 10:57:23 +0100 Subject: Dynamic autoexpunge for IMAP folders In-Reply-To: <20170117091644.GA5212@nihlus.leuxner.net> References: <20170117091644.GA5212@nihlus.leuxner.net> Message-ID: Unfortunately, this yields the same problem Debug: Unknown userdb setting: plugin/userdb_namespace/inbox/mailbox/Bla/autoexpunge=6h Thorsten On Tue, Jan 17, 2017 at 10:16 AM, Thomas Leuxner wrote: > * Thorsten Hater 2017.01.17 09:40: > > > namespace/inbox/mailbox/Bla/autoexpunge=6h > > > > from a userdb, which results in > > > > Debug: Unknown userdb setting: > > plugin/namespace/inbox/mailbox/Bla/autoexpunge=6h > > userdb_namespace/inbox/mailbox/Bla/autoexpunge=6h > > Regards > Thomas > From tlx at leuxner.net Tue Jan 17 10:03:35 2017 From: tlx at leuxner.net (Thomas Leuxner) Date: Tue, 17 Jan 2017 11:03:35 +0100 Subject: Dynamic autoexpunge for IMAP folders In-Reply-To: References: <20170117091644.GA5212@nihlus.leuxner.net> Message-ID: <20170117100335.GA14487@nihlus.leuxner.net> * Thorsten Hater 2017.01.17 10:57: > Unfortunately, this yields the same problem > > Debug: Unknown userdb > setting: plugin/userdb_namespace/inbox/mailbox/Bla/autoexpunge=6h > > userdb_namespace/inbox/mailbox/Bla/autoexpunge=6h 'plugin' is not part of the userdb override. It is literally as above. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From aki.tuomi at dovecot.fi Tue Jan 17 10:25:27 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 17 Jan 2017 12:25:27 +0200 Subject: Apparent Maildir permission issue In-Reply-To: <201701162109.v0GL9ktO013417@mail.hprs.local> References: <201701161821.v0GILV8o005133@mail.hprs.local> <201701162109.v0GL9ktO013417@mail.hprs.local> Message-ID: <66b64c75-f4d6-133b-249e-ca985269668a@dovecot.fi> Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) Just wanted to point out that you have at different UID for the folder than your EUID (gotten from userdb/passdb). Aki On 16.01.2017 23:09, Mark Foley wrote: > More info ... > > This is the only user having this permission problem. All other Thunderbird/dovecot users are > getting mail file. They all have the same permissions set on their Maildir folder. > > --Mark > > -----Original Message----- > From: Mark Foley > Date: Mon, 16 Jan 2017 13:21:31 -0500 > Organization: Ohio Highway Patrol Retirement System > To: dovecot at dovecot.org > Subject: Apparent Maildir permission issue > > I've just upgraded from Slackware 14.1 to 14.2. I've not done anything with dovecot -- it's the > same version that was running before the upgrade. However, now I'm getting a permission error: > > /var/log/maillog: > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > Jan 16 13:09:44 mail last message repeated 4 times > Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/.Trash) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/tmp) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > Jan 16 13:09:45 mail last message repeated 11 times > > Permission on that folder are: > > $ ls -ld /home/HPRS/mark/Maildir > drwx------ 17 HPRS\mark domusers 4096 Dec 7 23:07 /home/HPRS/mark/Maildir/ > > Permissions are unchanged since before the backup. > > What do I do to fix this? > > THX --Mark From thorsten.hater at gmail.com Tue Jan 17 11:04:16 2017 From: thorsten.hater at gmail.com (Thorsten Hater) Date: Tue, 17 Jan 2017 12:04:16 +0100 Subject: Dynamic autoexpunge for IMAP folders In-Reply-To: <20170117100335.GA14487@nihlus.leuxner.net> References: <20170117091644.GA5212@nihlus.leuxner.net> <20170117100335.GA14487@nihlus.leuxner.net> Message-ID: I know, but it is not present in the string returned by the userdb, which is set up for testing userdb { driver = static args = namespace/inbox/mailbox/Bla/autoexpunge=6h } On Tue, Jan 17, 2017 at 11:03 AM, Thomas Leuxner wrote: > * Thorsten Hater 2017.01.17 10:57: > > > Unfortunately, this yields the same problem > > > > Debug: Unknown userdb > > setting: plugin/userdb_namespace/inbox/mailbox/Bla/autoexpunge=6h > > > > userdb_namespace/inbox/mailbox/Bla/autoexpunge=6h > > 'plugin' is not part of the userdb override. It is literally as above. > From tlx at leuxner.net Tue Jan 17 11:14:57 2017 From: tlx at leuxner.net (Thomas Leuxner) Date: Tue, 17 Jan 2017 12:14:57 +0100 Subject: Dynamic autoexpunge for IMAP folders In-Reply-To: References: <20170117091644.GA5212@nihlus.leuxner.net> <20170117100335.GA14487@nihlus.leuxner.net> Message-ID: <20170117111457.GA28411@nihlus.leuxner.net> * Thorsten Hater 2017.01.17 12:04: > userdb { > driver = static > args = namespace/inbox/mailbox/Bla/autoexpunge=6h > } I'm almost sure that 'driver = static' contradicts the concept of userdb overrides: http://wiki.dovecot.org/UserDatabase/ExtraFields If you can't go with 'passwd-file' style settings, you may able to achieve this globaly with: protocol imap { namespace inbox { location = mailbox Blah { autoexpunge = 6h } prefix = } } In any case this is then a global setting rather than one being returned on a per-user basis. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From thorsten.hater at gmail.com Tue Jan 17 11:36:37 2017 From: thorsten.hater at gmail.com (Thorsten Hater) Date: Tue, 17 Jan 2017 12:36:37 +0100 Subject: Dynamic autoexpunge for IMAP folders In-Reply-To: <20170117111457.GA28411@nihlus.leuxner.net> References: <20170117091644.GA5212@nihlus.leuxner.net> <20170117100335.GA14487@nihlus.leuxner.net> <20170117111457.GA28411@nihlus.leuxner.net> Message-ID: So, returning from the LDAP userdb does not change situation. As I said, I would to set folder names dynamicaly, without setting up a mailbox in advance. Here the problem is discussed http://www.dovecot.org/list/dovecot/2013-August/092023.html but no solution is found apart from defining the namespace in the static config, see here http://www.dovecot.org/list/dovecot/2013-August/092053.html As I do not know what folders the user might to configure for autoexpunge, I cannot put the folders into the config. Thorsten On Tue, Jan 17, 2017 at 12:14 PM, Thomas Leuxner wrote: > * Thorsten Hater 2017.01.17 12:04: > > > userdb { > > driver = static > > args = namespace/inbox/mailbox/Bla/autoexpunge=6h > > } > > I'm almost sure that 'driver = static' contradicts the concept of userdb > overrides: > > http://wiki.dovecot.org/UserDatabase/ExtraFields > > If you can't go with 'passwd-file' style settings, you may able to achieve > this globaly with: > > protocol imap { > namespace inbox { > location = > mailbox Blah { > autoexpunge = 6h > } > prefix = > } > } > > In any case this is then a global setting rather than one being returned > on a per-user basis. > From jerry at seibercom.net Tue Jan 17 12:55:15 2017 From: jerry at seibercom.net (Jerry) Date: Tue, 17 Jan 2017 07:55:15 -0500 Subject: Correct settings for ssl protocols" and "ssl ciphers" Message-ID: <20170117075515.00000868@seibercom.net> I have the following two settings in my "10-ssl.conf" file # SSL protocols to use ssl_protocols = !SSLv2 # SSL ciphers to use ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL I have seen different configurations while Googling. I am wondering what the consensus is for the best settings for these two items. What do the developers recommend? Thanks! -- Jerry From arekm at maven.pl Tue Jan 17 13:07:14 2017 From: arekm at maven.pl (Arkadiusz =?utf-8?q?Mi=C5=9Bkiewicz?=) Date: Tue, 17 Jan 2017 14:07:14 +0100 Subject: Correct settings for ssl protocols" and "ssl ciphers" In-Reply-To: <20170117075515.00000868@seibercom.net> References: <20170117075515.00000868@seibercom.net> Message-ID: <201701171407.14151.arekm@maven.pl> On Tuesday 17 of January 2017, Jerry wrote: > I have the following two settings in my "10-ssl.conf" file > > # SSL protocols to use > ssl_protocols = !SSLv2 > > # SSL ciphers to use > ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL > > I have seen different configurations while Googling. I am wondering > what the consensus is for the best settings for these two items. What > do the developers recommend? Likely the same or similar to what browsers recommend. See https://wiki.mozilla.org/Security/Server_Side_TLS https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 Currently using: ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES1 28-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:EC DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128- GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3- SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ssl_protocols = !SSLv2 !SSLv3 > > Thanks! -- Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org ) From mailinglist at darac.org.uk Tue Jan 17 13:13:33 2017 From: mailinglist at darac.org.uk (Darac Marjal) Date: Tue, 17 Jan 2017 13:13:33 +0000 Subject: Correct settings for ssl protocols" and "ssl ciphers" In-Reply-To: <20170117075515.00000868@seibercom.net> References: <20170117075515.00000868@seibercom.net> Message-ID: <20170117131333.ptwua6kxtg3l3hwc@darac.org.uk> On Tue, Jan 17, 2017 at 07:55:15AM -0500, Jerry wrote: >I have the following two settings in my "10-ssl.conf" file > ># SSL protocols to use >ssl_protocols = !SSLv2 > ># SSL ciphers to use >ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL > >I have seen different configurations while Googling. I am wondering >what the consensus is for the best settings for these two items. What >do the developers recommend? Not a developer, but I use the settings from https://cipherli.st, namely: ssl = yes ssl_cert = Dovecot 2.2.6 ssl_dh_parameters_length = 4096 # >Dovecot 2.2 > >Thanks! > >-- >Jerry -- For more information, please reread. From manu at netbsd.org Tue Jan 17 13:28:41 2017 From: manu at netbsd.org (Emmanuel Dreyfus) Date: Tue, 17 Jan 2017 13:28:41 +0000 Subject: Correct settings for ssl protocols" and "ssl ciphers" In-Reply-To: <20170117075515.00000868@seibercom.net> References: <20170117075515.00000868@seibercom.net> Message-ID: <20170117132841.GU6968@homeworld.netbsd.org> On Tue, Jan 17, 2017 at 07:55:15AM -0500, Jerry wrote: > I have seen different configurations while Googling. I am wondering > what the consensus is for the best settings for these two items. What > do the developers recommend? According to my own reference https://arxiv.org/abs/1407.2168 I use: ssl_dh_parameters_length = 4096 ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list = ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL You may want to disable 3DES nowadays. -- Emmanuel Dreyfus manu at netbsd.org From ekorneechev at altlinux.org Tue Jan 17 14:32:38 2017 From: ekorneechev at altlinux.org (Evgeniy Korneechev) Date: Tue, 17 Jan 2017 17:32:38 +0300 (MSK) Subject: Plugin "mail_crypt" does not work In-Reply-To: <271027769.41400.1484579864891.JavaMail.zimbra@remotesystems.ru> References: <1094740409.24773.1484302902673.JavaMail.zimbra@remotesystems.ru> <914e418a-6b99-39fe-0c88-97963c205b04@dovecot.fi> <271027769.41400.1484579864891.JavaMail.zimbra@remotesystems.ru> Message-ID: <1101271794.52487.1484663558427.JavaMail.zimbra@remotesystems.ru> Hi, guys. Also, currently a problem (with http://wiki2.dovecot.org/Plugins/MailCrypt#EC_key): # dovecot mailbox cryptokey generate -u name at example.com -UR doveadm(name at example.com): Error: mail_crypt_user_get_public_key(name at example.com) failed: mailbox_attribute_get(INBOX, /shared/vendor/vendor.dovecot/pvt/server/vendor/vendor.dovecot/pvt/crypt/active) failed: Mailbox attributes not enabled Something is wrong in the settings? Or bug? The same error in log when sending emails (with http://wiki2.dovecot.org/Plugins/MailCrypt#Base64_encoded_keys): Error: sieve: msgid=<57720a813eb7817c80ff67b21718ae42 at example.com>: failed to store into mailbox 'INBOX': get_public_key(INBOX) failed: mailbox_attribute_get(INBOX, /shared/vendor/vendor.dovecot/pvt/crypt/active) failed: Mailbox attributes not enabled Any ideas? ----- ???????? ????????? ----- > ??: "Evgeniy Korneechev" > ????: "dovecot" > ????????????: ???????????, 16 ?????? 2017 ? 18:17:44 > ????: Re: Plugin "mail_crypt" does not work > We tried these rights: > > [root at mail44 dovecot]# ls -la > ????? 80 > drwxr-xr-x 8 root root 4096 ??? 13 13:17 . > drwxr-xr-x 98 root root 12288 ??? 11 11:47 .. > drwxrwxrwx 2 root root 4096 ??? 10 15:58 eckey > drwxr-xr-x 2 root root 4096 ??? 13 12:42 eckey2 > drwxr-xr-x 2 vmail vmail 4096 ??? 11 09:14 RSAkey > > [root at mail44 dovecot]# cd eckey2 > [root at mail44 eckey2]# ls -la > ????? 16 > drwxr-xr-x 2 root root 4096 ??? 13 12:42 . > drwxr-xr-x 8 root root 4096 ??? 13 13:17 .. > -rw-r--r-- 1 root root 316 ??? 13 12:41 ecprivkey.pem > -rw-r--r-- 1 root root 232 ??? 13 12:42 ecpubkey.pem > > ----- ???????? ????????? ----- >> ??: "Aki Tuomi" >> ????: "dovecot" >> ????????????: ???????, 13 ?????? 2017 ? 14:18:55 >> ????: Re: Plugin "mail_crypt" does not work > >> On 13.01.2017 12:21, Evgeniy Korneechev wrote: >>> mail_crypt_global_public_key = > >> Is this world-wide readable file? Is LDA able to access this? >> >> Aki > > -- > WBR, > BaseALT/ALTLinux Team -- WBR, BaseALT/ALTLinux Team From joakim at medialabs.no Tue Jan 17 14:35:54 2017 From: joakim at medialabs.no (Joakim Magnussen - MediaLabs AS) Date: Tue, 17 Jan 2017 15:35:54 +0100 Subject: Mail rescue from Dovecot Server Message-ID: <8437c9ea-9065-29aa-28cb-4af4a062d482@medialabs.no> Hi all, I have a mail folder from Dovecot server. Screenshot: https://i.stack.imgur.com/11NHs.jpg Is there any way to import to Outlook, or otherwise convert to readable format? I could setup Dovecot on my own server if there is any point. From ekorneechev at altlinux.org Tue Jan 17 14:40:22 2017 From: ekorneechev at altlinux.org (Evgeniy Korneechev) Date: Tue, 17 Jan 2017 17:40:22 +0300 (MSK) Subject: Plugin "mail_crypt" does not work In-Reply-To: <1101271794.52487.1484663558427.JavaMail.zimbra@remotesystems.ru> References: <1094740409.24773.1484302902673.JavaMail.zimbra@remotesystems.ru> <914e418a-6b99-39fe-0c88-97963c205b04@dovecot.fi> <271027769.41400.1484579864891.JavaMail.zimbra@remotesystems.ru> <1101271794.52487.1484663558427.JavaMail.zimbra@remotesystems.ru> Message-ID: <142997697.52683.1484664022713.JavaMail.zimbra@remotesystems.ru> mail_attribute_dict = file:%h/Maildir/dovecot-attributes > dovecot.conf Apparently so?)) ----- ???????? ????????? ----- > ??: "Evgeniy Korneechev" > ????: "dovecot" > ????????????: ???????, 17 ?????? 2017 ? 17:32:38 > ????: Re: Plugin "mail_crypt" does not work > Hi, guys. Also, currently a problem (with > http://wiki2.dovecot.org/Plugins/MailCrypt#EC_key): > > # dovecot mailbox cryptokey generate -u name at example.com -UR > doveadm(name at example.com): Error: > mail_crypt_user_get_public_key(name at example.com) failed: > mailbox_attribute_get(INBOX, > /shared/vendor/vendor.dovecot/pvt/server/vendor/vendor.dovecot/pvt/crypt/active) > failed: Mailbox attributes not enabled > > Something is wrong in the settings? Or bug? > > > The same error in log when sending emails (with > http://wiki2.dovecot.org/Plugins/MailCrypt#Base64_encoded_keys): > > Error: sieve: msgid=<57720a813eb7817c80ff67b21718ae42 at example.com>: failed to > store into mailbox 'INBOX': > get_public_key(INBOX) failed: mailbox_attribute_get(INBOX, > /shared/vendor/vendor.dovecot/pvt/crypt/active) failed: > Mailbox attributes not enabled > > Any ideas? > > > ----- ???????? ????????? ----- >> ??: "Evgeniy Korneechev" >> ????: "dovecot" >> ????????????: ???????????, 16 ?????? 2017 ? 18:17:44 >> ????: Re: Plugin "mail_crypt" does not work > >> We tried these rights: >> >> [root at mail44 dovecot]# ls -la >> ????? 80 >> drwxr-xr-x 8 root root 4096 ??? 13 13:17 . >> drwxr-xr-x 98 root root 12288 ??? 11 11:47 .. >> drwxrwxrwx 2 root root 4096 ??? 10 15:58 eckey >> drwxr-xr-x 2 root root 4096 ??? 13 12:42 eckey2 >> drwxr-xr-x 2 vmail vmail 4096 ??? 11 09:14 RSAkey >> >> [root at mail44 dovecot]# cd eckey2 >> [root at mail44 eckey2]# ls -la >> ????? 16 >> drwxr-xr-x 2 root root 4096 ??? 13 12:42 . >> drwxr-xr-x 8 root root 4096 ??? 13 13:17 .. >> -rw-r--r-- 1 root root 316 ??? 13 12:41 ecprivkey.pem >> -rw-r--r-- 1 root root 232 ??? 13 12:42 ecpubkey.pem >> >> ----- ???????? ????????? ----- >>> ??: "Aki Tuomi" >>> ????: "dovecot" >>> ????????????: ???????, 13 ?????? 2017 ? 14:18:55 >>> ????: Re: Plugin "mail_crypt" does not work >> >>> On 13.01.2017 12:21, Evgeniy Korneechev wrote: >>>> mail_crypt_global_public_key = >> >>> Is this world-wide readable file? Is LDA able to access this? >>> >>> Aki >> >> -- >> WBR, >> BaseALT/ALTLinux Team > > -- > WBR, > BaseALT/ALTLinux Team -- WBR, BaseALT/ALTLinux Team From aki.tuomi at dovecot.fi Tue Jan 17 15:15:08 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 17 Jan 2017 17:15:08 +0200 (EET) Subject: Plugin "mail_crypt" does not work In-Reply-To: <142997697.52683.1484664022713.JavaMail.zimbra@remotesystems.ru> References: <1094740409.24773.1484302902673.JavaMail.zimbra@remotesystems.ru> <914e418a-6b99-39fe-0c88-97963c205b04@dovecot.fi> <271027769.41400.1484579864891.JavaMail.zimbra@remotesystems.ru> <1101271794.52487.1484663558427.JavaMail.zimbra@remotesystems.ru> <142997697.52683.1484664022713.JavaMail.zimbra@remotesystems.ru> Message-ID: <842259325.3221.1484666110081@appsuite-dev.open-xchange.com> Hi! Some replies: 1. the problem with mail_crypt_global_public_key, there is a bug that we are fixing where file inputs under plugin { } section do not get aboard. workaround 1: You can base64 encode the PEM key (yes, again), and put it in one line such as plugin { mail_crypt_global_public_key = LS0tLS1C..... } workaround 2: Return the key from userdb, you can use same format. 3. The mail_attribute_dict thing requires that setting you discovered, but be advised that in this mode it will create a keypair for each user, and keypair per folder. For security and performance reasons, we recommend using ECDSA keys instead of RSA keys. --- Aki Tuomi Dovecot oy > On January 17, 2017 at 4:40 PM Evgeniy Korneechev wrote: > > > mail_attribute_dict = file:%h/Maildir/dovecot-attributes > dovecot.conf > > Apparently so?)) > > ----- ???????? ????????? ----- > > ??: "Evgeniy Korneechev" > > ????: "dovecot" > > ????????????: ???????, 17 ?????? 2017 ? 17:32:38 > > ????: Re: Plugin "mail_crypt" does not work > > > Hi, guys. Also, currently a problem (with > > http://wiki2.dovecot.org/Plugins/MailCrypt#EC_key): > > > > # dovecot mailbox cryptokey generate -u name at example.com -UR > > doveadm(name at example.com): Error: > > mail_crypt_user_get_public_key(name at example.com) failed: > > mailbox_attribute_get(INBOX, > > /shared/vendor/vendor.dovecot/pvt/server/vendor/vendor.dovecot/pvt/crypt/active) > > failed: Mailbox attributes not enabled > > > > Something is wrong in the settings? Or bug? > > > > > > The same error in log when sending emails (with > > http://wiki2.dovecot.org/Plugins/MailCrypt#Base64_encoded_keys): > > > > Error: sieve: msgid=<57720a813eb7817c80ff67b21718ae42 at example.com>: failed to > > store into mailbox 'INBOX': > > get_public_key(INBOX) failed: mailbox_attribute_get(INBOX, > > /shared/vendor/vendor.dovecot/pvt/crypt/active) failed: > > Mailbox attributes not enabled > > > > Any ideas? > > > > > > ----- ???????? ????????? ----- > >> ??: "Evgeniy Korneechev" > >> ????: "dovecot" > >> ????????????: ???????????, 16 ?????? 2017 ? 18:17:44 > >> ????: Re: Plugin "mail_crypt" does not work > > > >> We tried these rights: > >> > >> [root at mail44 dovecot]# ls -la > >> ????? 80 > >> drwxr-xr-x 8 root root 4096 ??? 13 13:17 . > >> drwxr-xr-x 98 root root 12288 ??? 11 11:47 .. > >> drwxrwxrwx 2 root root 4096 ??? 10 15:58 eckey > >> drwxr-xr-x 2 root root 4096 ??? 13 12:42 eckey2 > >> drwxr-xr-x 2 vmail vmail 4096 ??? 11 09:14 RSAkey > >> > >> [root at mail44 dovecot]# cd eckey2 > >> [root at mail44 eckey2]# ls -la > >> ????? 16 > >> drwxr-xr-x 2 root root 4096 ??? 13 12:42 . > >> drwxr-xr-x 8 root root 4096 ??? 13 13:17 .. > >> -rw-r--r-- 1 root root 316 ??? 13 12:41 ecprivkey.pem > >> -rw-r--r-- 1 root root 232 ??? 13 12:42 ecpubkey.pem > >> > >> ----- ???????? ????????? ----- > >>> ??: "Aki Tuomi" > >>> ????: "dovecot" > >>> ????????????: ???????, 13 ?????? 2017 ? 14:18:55 > >>> ????: Re: Plugin "mail_crypt" does not work > >> > >>> On 13.01.2017 12:21, Evgeniy Korneechev wrote: > >>>> mail_crypt_global_public_key = >>> > >>> Is this world-wide readable file? Is LDA able to access this? > >>> > >>> Aki > >> > >> -- > >> WBR, > >> BaseALT/ALTLinux Team > > > > -- > > WBR, > > BaseALT/ALTLinux Team > > -- > WBR, > BaseALT/ALTLinux Team From Ron at Cleven.com Tue Jan 17 15:15:39 2017 From: Ron at Cleven.com (Ron Cleven) Date: Tue, 17 Jan 2017 09:15:39 -0600 (CST) Subject: Reappearing emails In-Reply-To: <20170117093147.GA5946@sork.roubert.net> References: <56D99DC1.4020106@Cleven.com> <20170117093147.GA5946@sork.roubert.net> Message-ID: <345f7e57-08ba-3996-a25f-221b359ca3f0@Cleven.com> The dovecot version (2.2.10) we were running had a timing window problem in the context of replication (we use maildir on CentOS 7). After doing elaborate tests to isolate the problem, we wound up upgrading to 2.2.23. That fixed it, and that version has been very reliable. >> Recently we received a report from an Android IMAP user that emails that >> he deleted without reading would often reappear in his INBOX. > I have encountered this problem too. Did you ever solve it? > > Cheers // Fredrik Roubert > From skdovecot at smail.inf.fh-brs.de Tue Jan 17 15:21:05 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 17 Jan 2017 16:21:05 +0100 (CET) Subject: Mail rescue from Dovecot Server In-Reply-To: <8437c9ea-9065-29aa-28cb-4af4a062d482@medialabs.no> References: <8437c9ea-9065-29aa-28cb-4af4a062d482@medialabs.no> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 17 Jan 2017, Joakim Magnussen - MediaLabs AS wrote: > I have a mail folder from Dovecot server. Screenshot: > https://i.stack.imgur.com/11NHs.jpg looks like Maildir > > Is there any way to import to Outlook, or otherwise convert to readable > format? "readable" is kind of stretchy. Each file in the cur and new subdirs represents one raw message. > I could setup Dovecot on my own server if there is any point. That's one way. There are some Maildir-aware clients, such as mutt. Convert Maildir to mbox, which can be used with Thunderbird: https://wiki2.dovecot.org/Migration/MailFormat There are some converters mbox -> pst . - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWH42YXz1H7kL/d9rAQJIFgf/dN1Esx9GaMEbWuwEYQmtX7lmsN0v+4EV FxqZxfcWm/uizpkM+v85KO+JY/BcDParo9Z68js3OrkEqn+WgMliHo0fI1FT4TS2 G71gfHcRKmZI0bOlnXjXgzG4uPYHH4nYwOZ3H9orROcr2NCpCAZ2QFNevwPM5Y0G 9OoAUCkWySIEDCbgV2exZjwrSdby1r9ryiEp/0406uV9OSv8cSPFjbtw2QfCHgHc 53+ySoFW1cUGXAfiGUjfwIPTbGuE4yG87t6779H0QwC2TAr19+HirFUBD6+YK5mN 7BRe5M2M6kfiuilq4yfJmaRki6yonlU5VR/mIarkuZIzAnPERhZ42Q== =R/Qj -----END PGP SIGNATURE----- From gilles.chauvin at univ-rouen.fr Tue Jan 17 16:26:14 2017 From: gilles.chauvin at univ-rouen.fr (Gilles Chauvin) Date: Tue, 17 Jan 2017 17:26:14 +0100 Subject: Reappearing emails In-Reply-To: <345f7e57-08ba-3996-a25f-221b359ca3f0@Cleven.com> References: <56D99DC1.4020106@Cleven.com> <20170117093147.GA5946@sork.roubert.net> <345f7e57-08ba-3996-a25f-221b359ca3f0@Cleven.com> Message-ID: <47d4c89a-12c5-f22f-cabe-1d6a6dd9ce4b@univ-rouen.fr> On 17/01/2017 16:15, Ron Cleven wrote: > The dovecot version (2.2.10) we were running had a timing window problem > in the context of replication (we use maildir on CentOS 7). After doing > elaborate tests to isolate the problem, we wound up upgrading to > 2.2.23. That fixed it, and that version has been very reliable. > Hi, We are running Dovecot v2.2.27 here on CentOS 7 (replication and sdbox on both sides) and I have at least one user that reported me a similar issue. This seems to happen randomly. Looking at the mail logs, it looks like the mail is reappearing from nowhere although the mail was copied from INBOX to another mailbox and was expunged by her MUA (Thunderbird) right after. She is not using SIEVE filtering and prefer having local filters. Each time this issue pops in, her MUA is running. The pattern is the following: 1) lmtp delivers a new mail to her INBOX 2) Thunderbird, almost instantly, copies and expunges this mail 3) The email is reappearing (with a new UID) in her INBOX 4) GOTO 2 and repeat several times (she received one mail duplicated 6 times today) Looks like a bug but I wasn't able to reproduce it by myself. Regards, Gilles -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3639 bytes Desc: S/MIME Cryptographic Signature URL: From tss at iki.fi Wed Jan 18 01:01:56 2017 From: tss at iki.fi (Timo Sirainen) Date: Wed, 18 Jan 2017 03:01:56 +0200 Subject: Dynamic autoexpunge for IMAP folders In-Reply-To: References: <20170117091644.GA5212@nihlus.leuxner.net> <20170117100335.GA14487@nihlus.leuxner.net> <20170117111457.GA28411@nihlus.leuxner.net> Message-ID: On 17 Jan 2017, at 13.36, Thorsten Hater wrote: > > So, returning from the LDAP userdb does not change situation. > As I said, I would to set folder names dynamicaly, without setting > up a mailbox in advance. > Here the problem is discussed > > http://www.dovecot.org/list/dovecot/2013-August/092023.html > > but no solution is found apart from defining the namespace in the > static config, see here > > http://www.dovecot.org/list/dovecot/2013-August/092053.html > > As I do not know what folders the user might to configure for > autoexpunge, I cannot put the folders into the config. You need to list what mailboxes exist: namespace/inbox/mailbox=foo bar namespace/inbox/mailbox/foo/autoexpunge=6h namespace/inbox/mailbox/bar/autoexpunge=6h If there are spaces, they need escaping. I think for spaces it was: namespace/inbox/mailbox=Sent\_Messages > > Thorsten > > On Tue, Jan 17, 2017 at 12:14 PM, Thomas Leuxner wrote: > >> * Thorsten Hater 2017.01.17 12:04: >> >>> userdb { >>> driver = static >>> args = namespace/inbox/mailbox/Bla/autoexpunge=6h >>> } >> >> I'm almost sure that 'driver = static' contradicts the concept of userdb >> overrides: >> >> http://wiki.dovecot.org/UserDatabase/ExtraFields >> >> If you can't go with 'passwd-file' style settings, you may able to achieve >> this globaly with: >> >> protocol imap { >> namespace inbox { >> location = >> mailbox Blah { >> autoexpunge = 6h >> } >> prefix = >> } >> } >> >> In any case this is then a global setting rather than one being returned >> on a per-user basis. >> From ekorneechev at altlinux.org Wed Jan 18 08:24:53 2017 From: ekorneechev at altlinux.org (Evgeniy Korneechev) Date: Wed, 18 Jan 2017 11:24:53 +0300 (MSK) Subject: Plugin "mail_crypt" does not work In-Reply-To: <842259325.3221.1484666110081@appsuite-dev.open-xchange.com> References: <1094740409.24773.1484302902673.JavaMail.zimbra@remotesystems.ru> <914e418a-6b99-39fe-0c88-97963c205b04@dovecot.fi> <271027769.41400.1484579864891.JavaMail.zimbra@remotesystems.ru> <1101271794.52487.1484663558427.JavaMail.zimbra@remotesystems.ru> <142997697.52683.1484664022713.JavaMail.zimbra@remotesystems.ru> <842259325.3221.1484666110081@appsuite-dev.open-xchange.com> Message-ID: <1475553187.58041.1484727893198.JavaMail.zimbra@remotesystems.ru> Hi, Aki! > 1. the problem with mail_crypt_global_public_key, there is a bug that we are > fixing where file inputs under plugin { } section do not get aboard. > > workaround 1: > You can base64 encode the PEM key (yes, again), and put it in one line such as > > plugin { > mail_crypt_global_public_key = LS0tLS1C..... Its work!!! Thank you! > 3. The mail_attribute_dict thing requires that setting you discovered, but be > advised that in this mode it will create a keypair for each user, and keypair > per folder. Its work, too! (with "$mail_attribute_dict" -> dovecot.conf) PS > there is a bug that we are fixing Already there is a patch? Or waiting for new release? -- WBR, BaseALT/ALTLinux Team From thorsten.hater at gmail.com Wed Jan 18 12:00:26 2017 From: thorsten.hater at gmail.com (Thorsten Hater) Date: Wed, 18 Jan 2017 13:00:26 +0100 Subject: Dynamic autoexpunge for IMAP folders In-Reply-To: References: <20170117091644.GA5212@nihlus.leuxner.net> <20170117100335.GA14487@nihlus.leuxner.net> <20170117111457.GA28411@nihlus.leuxner.net> Message-ID: Excellent, that works for me. Actually, I add one more setting to be on the safe side regarding IMAP capitalisation rules (or non-rules). namespace/inbox/mailbox=bla namespace/inbox/mailbox/bla/name=Bla namespace/inbox/mailbox/bla/autoexpunge=6h Thanks a lot. On Wed, Jan 18, 2017 at 2:01 AM, Timo Sirainen wrote: > On 17 Jan 2017, at 13.36, Thorsten Hater wrote: > > > > So, returning from the LDAP userdb does not change situation. > > As I said, I would to set folder names dynamicaly, without setting > > up a mailbox in advance. > > Here the problem is discussed > > > > http://www.dovecot.org/list/dovecot/2013-August/092023.html > > > > but no solution is found apart from defining the namespace in the > > static config, see here > > > > http://www.dovecot.org/list/dovecot/2013-August/092053.html > > > > As I do not know what folders the user might to configure for > > autoexpunge, I cannot put the folders into the config. > > You need to list what mailboxes exist: > > namespace/inbox/mailbox=foo bar > namespace/inbox/mailbox/foo/autoexpunge=6h > namespace/inbox/mailbox/bar/autoexpunge=6h > > If there are spaces, they need escaping. I think for spaces it was: > > namespace/inbox/mailbox=Sent\_Messages > > > > > Thorsten > > > > On Tue, Jan 17, 2017 at 12:14 PM, Thomas Leuxner > wrote: > > > >> * Thorsten Hater 2017.01.17 12:04: > >> > >>> userdb { > >>> driver = static > >>> args = namespace/inbox/mailbox/Bla/autoexpunge=6h > >>> } > >> > >> I'm almost sure that 'driver = static' contradicts the concept of userdb > >> overrides: > >> > >> http://wiki.dovecot.org/UserDatabase/ExtraFields > >> > >> If you can't go with 'passwd-file' style settings, you may able to > achieve > >> this globaly with: > >> > >> protocol imap { > >> namespace inbox { > >> location = > >> mailbox Blah { > >> autoexpunge = 6h > >> } > >> prefix = > >> } > >> } > >> > >> In any case this is then a global setting rather than one being returned > >> on a per-user basis. > >> > > From mkliewe at gmx.de Wed Jan 18 14:27:19 2017 From: mkliewe at gmx.de (mkliewe at gmx.de) Date: Wed, 18 Jan 2017 15:27:19 +0100 Subject: Quota count does not work with lock_method=dotlock Message-ID: <53782c78-e7cd-779a-0dd6-6552ad1276ba@gmx.de> Hello, dovecot crashes when I switch the quota tracking from dict to count. The following is working since years: quota = dict:User quota::proxy::quota I'm using a mysql quota dictionary. Now I want to switch to the new "quota count" + "quota clone" combination. I'm loading the "quota_clone" plugin, and: #quota = dict:User quota::proxy::quota quota = count:User quota quota_vsizes = yes quota_clone_dict = proxy::quota It works on a maschine where I'm using NFS with lock_method=fcntl. It's crashing on another maschine where I'm using NFS with lock_method=dotlock. See below. Sadly I have to use dotlock, because of the NFS server. It looks like quota count does not (yet) work with dotlock? Michael Jan 17 18:46:04 XXXX dovecot: imap-login: Login: user=, method=PLAIN, rip=10.0.XX.XX, lip=10.0.XX.XX, mpid=19123, secured, session= Jan 17 18:46:04 XXXX dovecot: imap(XXXX): Panic: file file-lock.c: line 285: unreached Jan 17 18:46:04 XXXX dovecot: imap(XXXX): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x93ea2) [0x7f33f7812ea2] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x93f8d) [0x7f33f7812f8d] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f33f77ac7c1] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x98810) [0x7f33f7817810] -> /usr/local/lib/dovecot/libdovecot.so.0(file_wait_lock_error+0x26) [0x7f33f7817be6] -> /usr/local/lib/dovecot/libdovecot.so.0(file_try_lock_error+0x11) [0x7f33f7817c61] -> /usr/local/lib/dovecot/libdovecot.so.0(file_create_locked+0x17d) [0x7f33f7814d1d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xb25f3) [0x7f33f7b4d5f3] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_mailbox_get_virtual_size+0x4c) [0x7f33f7b4d91c] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_mailbox_get_metadata+0x1ab) [0x7f33f7b5510b] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x5e357) [0x7f33f7af9357] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xa15ac) [0x7f33f7b3c5ac] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_get_metadata+0x60) [0x7f33f7ae0d80] -> /usr/local/lib/dovecot/lib10_quota_plugin.so(quota_count+0xfe) [0x7f33f6fa6bce] -> /usr/local/lib/dovecot/lib10_quota_plugin.so(+0x7d3e) [0x7f33f6fa6d3e] -> /usr/local/lib/dovecot/lib10_quota_plugin.so(quota_get_resource+0x78) [0x7f33f6fa5578] -> /usr/local/lib/dovecot/lib10_quota_plugin.so(+0x68b4) [0x7f33f6fa58b4] -> /usr/local/lib/dovecot/lib10_quota_plugin.so(quota_over_flag_check_startup+0x78) [0x7f33f6fa63f8] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(hook_mail_namespaces_created+0x5e) [0x7f33f7ae21ae] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_namespaces_init_finish+0x46f) [0x7f33f7ad745f] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_namespaces_init+0x104) [0x7f33f7ad7674] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_storage_service_next+0x6c5) [0x7f33f7ae5275] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_storage_service_lookup_next+0x4c) [0x7f33f7ae55dc] -> dovecot/imap(client_create_from_input+0x46) [0x425476] -> dovecot/imap() [0x42567f] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x316d3) [0x7f33f77b06d3] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x319bd) [0x7f33f77b09bd] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x3235a) [0x7f33f77b135a] Jan 17 18:46:04 zzz-dovecot01 dovecot: imap(XXXX): Fatal: master: service(imap): child 19123 killed with signal 6 (core dumped) From kremels at kreme.com Wed Jan 18 19:41:08 2017 From: kremels at kreme.com (@lbutlr) Date: Wed, 18 Jan 2017 12:41:08 -0700 Subject: Remove empty milder folders In-Reply-To: <20170116154802.vak5vig5uec3tqb2@darac.org.uk> References: <20170116154802.vak5vig5uec3tqb2@darac.org.uk> Message-ID: <3CA8043D-5F31-47D2-89F9-F50A333DB9E2@kreme.com> On 2017-01-16 (08:48 MST), Darac Marjal wrote: > > On Mon, Jan 16, 2017 at 07:03:49AM -0700, @lbutlr wrote: >> Not sure if anyone will find this useful, but this is how I deleted a bunch (several hundred) of empty mail folders from a user account: >> >> # doveadm mailbox status -u ?user at example.com" messages "*" ALL | grep "=0" | awk -F= '{print $1}' | awk '{print "rm -rf ."$1}' > list >> >> then I looked over list just to be sure it wasn?t mucked up and in the users root maildir: >> >> # sh < list >> >> and done. >> >> I probably could do some research on how to combine those two awk pipes but this worked, and it was fast. > > You may also want to *consider* removing those mailboxes from your subscriptions, too. I ran into this recently and IMAP considers the list of folders that exist and the list of folders that are subscribed to be separate entities. Good point. I didn?t look at this for two reasons. 1) My mail client doesn?t;t support subscriptions 2) I was removing empty folders from a account that was acting as a backup for all the emails from a domain. That said, it?s a good idea. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures. From james at pharaoh.uk Thu Jan 19 08:49:44 2017 From: james at pharaoh.uk (James Pharaoh) Date: Thu, 19 Jan 2017 09:49:44 +0100 Subject: Doveadm backup doesn't interpret placeholders Message-ID: Hi, Dovecot version: 2.2.27 I'm using replication between two servers for high availability, but I also want to backup all users. I have a setting for the replication to work like this: plugin { mail_replica = tcp:other-dovecot } This is fine, but then I also want to do a backup to a different directory for all users, since I am having trouble with an apparent bug running dovecot on btrfs. For this reason, I am storing my emails on ext4, but want to sync them to the BTRFS filesystem I use for my server before doing a snapshot. My mails are stored in /var/mail/mailboxes, and the backup is in /var/mail/mailboxes-backup, the former being the ext4 mount and the latter being part of the btrfs filesystem which belongs to the container where all this runs. The problem is that dovecot seems to only have a single concept of the mail backup location, which is either a remote, as above, or a filesystem location. The logical answer seems to be to provide the backup location when performing the local copy for a snapshot, so I run: doveadm backup -A mdbox:/var/mail/mailboxes-backup/%d/accounts/%u However, this is not picking up the %d and %u placeholders and replacing them with the values, as it would if configured with the option above. The only workaround I can find is to run doveadm backup individually for every user, with the full expanded path for each one. Am I missing something, or would it make sense for doveadm backup to simply recognise and respect these placeholders when passed on the command line? I've tried all sorts of other things, including -o mail_replica, and putting stuff in the userdb, but I can't find any other way to do this. Thanks in advance, James From tlx at leuxner.net Thu Jan 19 09:07:06 2017 From: tlx at leuxner.net (Thomas Leuxner) Date: Thu, 19 Jan 2017 10:07:06 +0100 Subject: Sieve removeflag Action In-Reply-To: References: <20170113081514.GA60507@nihlus.leuxner.net> <20170113132219.GA62702@nihlus.leuxner.net> Message-ID: <20170119090706.GA24845@nihlus.leuxner.net> * Stephan Bosch 2017.01.14 12:35: > Fixed: > > https://github.com/dovecot/pigeonhole/commit/772485538302957ebada484b6eedec57136bc737 Hi Stephan, I recently noticed that the 'flags' still cause issues when using an _include_ script like: require ["include","copy","fileinto","imap4flags","vacation"]; include :global "global"; In this case the file options work fine, but the flags are not set. Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From james at pharaoh.uk Thu Jan 19 09:13:04 2017 From: james at pharaoh.uk (James Pharaoh) Date: Thu, 19 Jan 2017 10:13:04 +0100 Subject: Replication between three servers Message-ID: <3fc5b5e2-70fc-7f23-e3d4-2fa5fdcc4750@pharaoh.uk> Hi, Dovecot version: 2.2.27 I'm a little unsure if I have set up my replication correctly, and also how to set up replication on three servers, if this is possible. My replication works, with exactly the same configuration on both servers, except that the mail_replica contains the other server name in each case, of course. This seems to work fine. As I understand it, both need to be set up as a client and a server, since I have mail arriving on both. Is this a correct and supported configuration? I believe then I should be able to get three-way replication working, by pointing the three servers at each other in a circle. I am hoping this will cause a mail arriving at server 1 to be sent to server 2, which will then send it to server 3. Server 3 will attempt to send it back to server 1 which will already have it, and so this will terminate the loop. This is obviously going to create a bit of extra load, but I don't want to try it without some advice, and I'm not sure if the replication will be triggered properly by an email which is itself arriving via replication. Reading the description of the components, I think it should, since the aggregator service shouldn't care how an email has arrived, since it is simply reading the log, right? If a server fails, or needs to be taken out manually, I'll obviously need to reconfigure the loop, essentially taking it back to a standard two-server configuration. Similarly, I should be able to add a fourth server, and so on, if I wanted. I'm planning to distribute incoming emails over all servers, so that these will arrive and be stored on a working server during an outage without any reconfiguration, and to use something like nginx as a proxy to send each user to a specific server, to distribute the client load. Thanks in advance, James From stephan at rename-it.nl Thu Jan 19 09:32:19 2017 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 19 Jan 2017 10:32:19 +0100 Subject: Sieve removeflag Action In-Reply-To: <20170119090706.GA24845@nihlus.leuxner.net> References: <20170113081514.GA60507@nihlus.leuxner.net> <20170113132219.GA62702@nihlus.leuxner.net> <20170119090706.GA24845@nihlus.leuxner.net> Message-ID: <0fa34b34-986f-7023-572d-202986ec7dc4@rename-it.nl> Op 1/19/2017 om 10:07 AM schreef Thomas Leuxner: > * Stephan Bosch 2017.01.14 12:35: > >> Fixed: >> >> https://github.com/dovecot/pigeonhole/commit/772485538302957ebada484b6eedec57136bc737 > Hi Stephan, > > I recently noticed that the 'flags' still cause issues when using an _include_ script like: > > require ["include","copy","fileinto","imap4flags","vacation"]; > include :global "global"; > > In this case the file options work fine, but the flags are not set. Could you provide a more detailed example? Regards, Stephan. From tlx at leuxner.net Thu Jan 19 09:43:15 2017 From: tlx at leuxner.net (Thomas Leuxner) Date: Thu, 19 Jan 2017 10:43:15 +0100 Subject: Sieve removeflag Action In-Reply-To: <0fa34b34-986f-7023-572d-202986ec7dc4@rename-it.nl> References: <20170113081514.GA60507@nihlus.leuxner.net> <20170113132219.GA62702@nihlus.leuxner.net> <20170119090706.GA24845@nihlus.leuxner.net> <0fa34b34-986f-7023-572d-202986ec7dc4@rename-it.nl> Message-ID: <20170119094251.GA32291@nihlus.leuxner.net> * Stephan Bosch 2017.01.19 10:32: > Could you provide a more detailed example? Sure. Personal script v /var/vmail/domains/leuxner.net/tlx/.dovecot.sieve: require ["include","copy","fileinto","imap4flags","vacation"]; include :global "global"; -- Global script referenced v /var/vmail/conf.d/leuxner.net/sieve/global.sieve: require ["fileinto","imap4flags","duplicate"]; #Newsletters if header :contains "List-Id" "debian-security-announce.lists.debian.org" { removeflag "\\Flagged $MailFlagBit1"; fileinto ":public/Newsletters/Debian/Security"; addflag "\\Flagged $MailFlagBit1"; keep; } -- Basically it is reproducible with the same stanza we used before by putting this in the included script: #Test if address :is "From" "user at example.com" { removeflag "\\Flagged $MailFlagBit1"; fileinto "Trash"; addflag "\\Flagged $MailFlagBit1"; keep; } Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From thorsten.hater at gmail.com Thu Jan 19 12:05:06 2017 From: thorsten.hater at gmail.com (Thorsten Hater) Date: Thu, 19 Jan 2017 13:05:06 +0100 Subject: Segfault on LIST Command Message-ID: Dear all, I experience SegFaults in the imap binary on a LIST "" "" command, as sent by Claws mail. Using LIST "" "INBOX" or similar is fine. Here is an example telnet session $ telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 01 LOGIN **** **** 01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE QUOTA] Logged in 02 LIST "" "" Connection closed by foreign host. In the log file dovecot[8375]: imap(***): Fatal: master: service(imap): child 15803 killed with signal 11 (core dumps disabled) Please find the config below. Best regards, Thorsten $ doveconf -n # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (1dc4c73) # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 auth_debug = yes auth_debug_passwords = yes auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes base_dir = /var/run/dovecot/ default_internal_user = pop first_valid_uid = 48 import_environment = TZ DEBUG=1 last_valid_uid = 48 login_trusted_networks = **** mail_debug = yes mail_gid = pop mail_plugins = " mail_log notify zlib quota" mail_uid = pop managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes list = children location = mailbox Drafts { auto = no special_use = \Drafts } mailbox Sent { auto = no special_use = \Sent } mailbox Trash { auto = no autoexpunge = 30 days special_use = \Trash } mailbox drafts { auto = no special_use = \Drafts } mailbox sent { auto = no special_use = \Sent } mailbox spamverdacht { auto = no autoexpunge = 30 days special_use = \Junk } mailbox trash { auto = no autoexpunge = 30 days special_use = \Trash } mailbox virenverdacht { auto = no autoexpunge = 30 days special_use = \Junk } prefix = INBOX. separator = . subscriptions = yes type = private } passdb { args = nopassword=y driver = static } plugin { last_login_dict = file:~/lastlogin mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = maildir:User quota quota_warning = storage=80%% 80 %u %{userdb:quota_bytes} quota_warning2 = storage=90%% 90 %u %{userdb:quota_bytes} quota_warning3 = storage=95%% 95 %u %{userdb:quota_bytes} sieve = ldap:/etc/dovecot/pigeonhole-ldap.conf sieve_dir = ~/sieve sieve_plugins = sieve_storage_ldap zlib_save = gz zlib_save_level = 6 } service imap { executable = imap postlogin } service pop3 { executable = pop3 postlogin } service postlogin { executable = script-login -d rawlog } service quota-warning { executable = script /bin/quota-warning.sh } ssl = no userdb { args = /etc/dovecot/userdb-ldap.conf driver = ldap result_failure = return-fail result_internalfail = return-fail result_success = continue-ok } userdb { default_fields = quota_bytes=42M driver = bdb_quota override_fields = quota_rule=*:bytes=%{userdb:quota_bytes} result_failure = return-fail result_internalfail = return-fail result_success = continue-ok } verbose_proctitle = yes protocol lda { auth_socket_path = /var/run/dovecot/auth-userdb mail_plugin_dir = /lib/dovecot/modules mail_plugins = " mail_log notify zlib quota sieve" } protocol imap { mail_plugins = " mail_log notify zlib quota imap_xauth last_login imap_quota" } protocol pop3 { mail_plugins = " mail_log notify zlib quota last_login" } From thorsten.hater at gmail.com Thu Jan 19 13:56:27 2017 From: thorsten.hater at gmail.com (Thorsten Hater) Date: Thu, 19 Jan 2017 14:56:27 +0100 Subject: Segfault on LIST Command In-Reply-To: References: Message-ID: The Problem arises due to a NULL deref in mail_namespaces.c line 601. Backtrace below x LIST "" "" Program received signal SIGSEGV, Segmentation fault. mail_namespaces_get_root_sep (namespaces=0x0) at mail-namespace.c:601 601 while ((namespaces->flags & NAMESPACE_FLAG_LIST_PREFIX) == 0) (gdb) bt #0 mail_namespaces_get_root_sep (namespaces=0x0) at mail-namespace.c:601 #1 0x000000000041164c in cmd_list_ref_root (ref=0x65b060 "", client=0x65a590) at cmd-list.c:324 #2 cmd_list_full (cmd=0x65aee0, lsub=) at cmd-list.c:461 #3 0x0000000000419825 in command_exec (cmd=cmd at entry=0x65aee0) at imap-commands.c:181 #4 0x0000000000417de2 in client_command_input (cmd=cmd at entry=0x65aee0) at imap-client.c:988 #5 0x0000000000417e70 in client_command_input (cmd=0x65aee0) at imap-client.c:1048 #6 0x00000000004181e5 in client_handle_next_command (remove_io_r=, client=0x65a590) at imap-client.c:1090 #7 client_handle_input (client=0x65a590) at imap-client.c:1102 #8 0x0000000000418692 in client_input (client=0x65a590) at imap-client.c:1149 #9 0x00007ffff76297ac in io_loop_call_io (io=0x652aa0) at ioloop.c:589 #10 0x00007ffff762ab4a in io_loop_handler_run_internal (ioloop=ioloop at entry=0x63e7f0) at ioloop-epoll.c:222 #11 0x00007ffff7629835 in io_loop_handler_run (ioloop=ioloop at entry=0x63e7f0) at ioloop.c:637 #12 0x00007ffff76299d8 in io_loop_run (ioloop=0x63e7f0) at ioloop.c:613 #13 0x00007ffff75b9823 in master_service_run (service=0x63e690, callback=callback at entry=0x423d40 ) at master-service.c:641 #14 0x000000000040c567 in main (argc=3, argv=0x63e390) at main.c:460 On Thu, Jan 19, 2017 at 1:05 PM, Thorsten Hater wrote: > Dear all, > > I experience SegFaults in the imap binary on a LIST "" "" command, > as sent by Claws mail. Using LIST "" "INBOX" or similar is fine. > Here is an example telnet session > > $ telnet 127.0.0.1 143 > Trying 127.0.0.1... > Connected to 127.0.0.1. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > AUTH=PLAIN] Dovecot ready. > 01 LOGIN **** **** > 01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT > MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS > LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN > CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE QUOTA] Logged in > 02 LIST "" "" > Connection closed by foreign host. > > In the log file > > dovecot[8375]: imap(***): Fatal: master: service(imap): child 15803 killed > with signal 11 (core dumps disabled) > > Please find the config below. > > Best regards, > Thorsten > > $ doveconf -n > # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.16 (1dc4c73) > # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 > auth_debug = yes > auth_debug_passwords = yes > auth_socket_path = /var/run/dovecot/auth-userdb > auth_verbose = yes > base_dir = /var/run/dovecot/ > default_internal_user = pop > first_valid_uid = 48 > import_environment = TZ DEBUG=1 > last_valid_uid = 48 > login_trusted_networks = **** > mail_debug = yes > mail_gid = pop > mail_plugins = " mail_log notify zlib quota" > mail_uid = pop > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date index ihave > duplicate mime foreverypart extracttext > namespace inbox { > inbox = yes > list = children > location = > mailbox Drafts { > auto = no > special_use = \Drafts > } > mailbox Sent { > auto = no > special_use = \Sent > } > mailbox Trash { > auto = no > autoexpunge = 30 days > special_use = \Trash > } > mailbox drafts { > auto = no > special_use = \Drafts > } > mailbox sent { > auto = no > special_use = \Sent > } > mailbox spamverdacht { > auto = no > autoexpunge = 30 days > special_use = \Junk > } > mailbox trash { > auto = no > autoexpunge = 30 days > special_use = \Trash > } > mailbox virenverdacht { > auto = no > autoexpunge = 30 days > special_use = \Junk > } > prefix = INBOX. > separator = . > subscriptions = yes > type = private > } > passdb { > args = nopassword=y > driver = static > } > plugin { > last_login_dict = file:~/lastlogin > mail_log_events = delete undelete expunge copy mailbox_delete > mailbox_rename > mail_log_fields = uid box msgid size > quota = maildir:User quota > quota_warning = storage=80%% 80 %u %{userdb:quota_bytes} > quota_warning2 = storage=90%% 90 %u %{userdb:quota_bytes} > quota_warning3 = storage=95%% 95 %u %{userdb:quota_bytes} > sieve = ldap:/etc/dovecot/pigeonhole-ldap.conf > sieve_dir = ~/sieve > sieve_plugins = sieve_storage_ldap > zlib_save = gz > zlib_save_level = 6 > } > service imap { > executable = imap postlogin > } > service pop3 { > executable = pop3 postlogin > } > service postlogin { > executable = script-login -d rawlog > } > service quota-warning { > executable = script /bin/quota-warning.sh > } > ssl = no > userdb { > args = /etc/dovecot/userdb-ldap.conf > driver = ldap > result_failure = return-fail > result_internalfail = return-fail > result_success = continue-ok > } > userdb { > default_fields = quota_bytes=42M > driver = bdb_quota > override_fields = quota_rule=*:bytes=%{userdb:quota_bytes} > result_failure = return-fail > result_internalfail = return-fail > result_success = continue-ok > } > verbose_proctitle = yes > protocol lda { > auth_socket_path = /var/run/dovecot/auth-userdb > mail_plugin_dir = /lib/dovecot/modules > mail_plugins = " mail_log notify zlib quota sieve" > } > protocol imap { > mail_plugins = " mail_log notify zlib quota imap_xauth last_login > imap_quota" > } > protocol pop3 { > mail_plugins = " mail_log notify zlib quota last_login" > } > From info at vialactea.de Fri Jan 20 06:40:36 2017 From: info at vialactea.de (Malte Schmidt) Date: Fri, 20 Jan 2017 07:40:36 +0100 Subject: Deleting a mailbox recursively In-Reply-To: References: Message-ID: <233a7915-3b2f-693f-9f63-7dc51c0e1d2a@vialactea.de> Hello, is there any update on this topic? Am 11.01.2017 um 08:17 schrieb Malte Schmidt: > Hello and thanks for the answer, > > as of version 2.2.24 this is not working: > > # doveadm mailbox delete -r dove > delete: invalid option -- 'r' > > I crawled through the changelog since 2.2.24 and could not find any > change like this. > Also neither the wiki nor the man-pages mention a "-r"-flag. I am a bit > confused here. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From aki.tuomi at dovecot.fi Fri Jan 20 07:42:39 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Fri, 20 Jan 2017 09:42:39 +0200 (EET) Subject: Deleting a mailbox recursively In-Reply-To: <233a7915-3b2f-693f-9f63-7dc51c0e1d2a@vialactea.de> References: <233a7915-3b2f-693f-9f63-7dc51c0e1d2a@vialactea.de> Message-ID: <913585394.2474.1484898160597@appsuite.open-xchange.com> Hi! It's fixed in v2.2.25. Aki > On January 20, 2017 at 8:40 AM Malte Schmidt wrote: > > > Hello, is there any update on this topic? > > > Am 11.01.2017 um 08:17 schrieb Malte Schmidt: > > Hello and thanks for the answer, > > > > as of version 2.2.24 this is not working: > > > > # doveadm mailbox delete -r dove > > delete: invalid option -- 'r' > > > > I crawled through the changelog since 2.2.24 and could not find any > > change like this. > > Also neither the wiki nor the man-pages mention a "-r"-flag. I am a bit > > confused here. > > From John at WatchetWebDesign.co.uk Thu Jan 19 19:47:35 2017 From: John at WatchetWebDesign.co.uk (John Richards) Date: Thu, 19 Jan 2017 19:47:35 +0000 Subject: Mailbox problem on centos O/S after some "fiddling" Message-ID: <588117D7.9050202@WatchetWebDesign.co.uk> Good day from Somerset, England Version 2.2.10 Problem after a huge centos update Data:- Server has 8 mailboxes under /var/mail/"user name" history:- After update, mail to ONE user was going into mqueue as undeliverable Had to delete and recreate the user. somewhere along the line (ME!) /var/mail/;imap var/mail/new were deleted After new user and reboot server no one could access mailboxes with password error except ONE user randomly....This created the /var/mail/.mbox folder and sub folders but with the owner as the user name. Then any mail for other users was put in the /var/new folder and just sat there. only the "owner" of this folder could get mail, everyone else was prohibited with password error. chown the folder (owner:group) to root did nothing BUT When .mbox was give PUBLIC execute permissions (771) suddenly everything works fine! I do not understand why dovecot creates this folder as we ONLY ever use pop3 (currently with plain text auth but going to secure when this sorted) for mail and also why when it writes the blank folder it "owns" it with the user accessing it (also the /var/mail/new folder takes the same owner) I have trolled everywhere and spent a whole day on this so any clues would be very gratefully accepted as do not like to leave this folder as 771 (note the folder INBOX within it is only 770 and the log file in that is 660) Is this INBOX needed at all for pop3 ? rgds John Richards UK ================= dovecot -n # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-514.2.2.el7.x86_64 x86_64 CentOS Linux release 7.3.1611 (Core ) ext4 auth_mechanisms = plain login disable_plaintext_auth = no mail_location = mbox:/var/mail/:INBOX=/var/mail/%u mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = shadow } protocols = pop3 service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } ssl_cert = References: Message-ID: > I do not understand why dovecot creates this folder as we ONLY ever use pop3 > (currently with plain text auth but going to secure when this sorted) > for mail and also why when it writes the blank folder it "owns" it with the > user accessing it (also the /var/mail/new folder takes the same owner) I think maybe those mailboxes were created because you've mapped all user home directories to the same folder (/var/mail), and thus, the first user to log in created files that subsequent users could not access. > mail_location = mbox:/var/mail/:INBOX=/var/mail/%u See this for the POP3 scenario you want: http://wiki.dovecot.org/MailLocation/mbox (Section: Only /var/mail mboxes) Don't need these > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > } Joseph Tam From thocar at free.fr Sat Jan 21 18:12:55 2017 From: thocar at free.fr (Thomas =?UTF-8?B?Q2FycmnDqQ==?=) Date: Sat, 21 Jan 2017 19:12:55 +0100 Subject: Is it possible to use sieve when delivering via pipe to the dovecot deliver command ? Message-ID: <20170121191255.2490b883@tango> Hello, I am using Exim with this delivery configuration: virtual_delivery: driver = pipe command = /usr/lib/dovecot/deliver -d $local_part@$domain -f ... I have enabled manage-sieve and uploaded a simple sieve script that I can see on the server. man page of /usr/lib/dovecot/deliver says it supports sieve. Mail debug is enabled: $ dovecot -n | grep debug mail_debug = yes Delivering a mail shows only this line in dovecot log: Jan 21 17:38:51 myserver dovecot: lda(joe at something.com): msgid=<20170121183537.7313f219 at homenetwork>: saved mail to INBOX According to page http://wiki2.dovecot.org/Pigeonhole/Sieve/Troubleshooting#Sieve_Scripts_are_not_Executed I should have a log saying that the sieve plugin is loaded Here is the sieve relevant parts of dovecot -n: # 2.2.13: /etc/dovecot/dovecot.conf ... plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } ... protocols = " imap sieve pop3 sieve" ... protocol lda { mail_plugins = " sieve" } Is there a requirement to use delivery via service (unix socket) so that sieve is enabled? Or is there a configuration thing I forgot ? Thank you for your help Thomas From odhiambo at gmail.com Sat Jan 21 21:11:13 2017 From: odhiambo at gmail.com (Odhiambo Washington) Date: Sun, 22 Jan 2017 00:11:13 +0300 Subject: mail-trends+Dovecot Message-ID: Hi, Out of curiosity, has anyone managed to use mail-trends[0] to analyse their e-mails. I thought about trying it out, but got stuck midstream. The mail-trends scripts work very well with gmail, but because they say it is supposed to work with _any_ IMAP server, I thought I could get it running with Dovecot too. I know this is NOT a mail-trends support group though, but I believe there is something minor that I am missing, which Dovecot admins could figure out. My idea was to see what comes out of my e-mails stored either in Maildir or mdbox. In my test env, I have mail_location = maildir:/var/spool/virtual/%d/%n/Maildir:INDEX=MEMORY I am testing with a virtual account, whose e-mails are in Maildir/ - some 30,000 mails. The gotcha is that I cannot figure out exactly what to specify in mail.py (for mail-trends [0]) for this situation. There is another modified version of mail-trends[1] which is supposed to be a lot easier than the original one, but this too doesn't seem to work in my setup: 1. My doveconf output -> http://bit.ly/2k11iKb 2. Accounts are virtual, so I have a user - johndoe at dom.ain who MUST login as johndoe at dom.ain with a password. 3. His mailbox is in /var/spool/virtual/dom.ain/johndoe/Maildir/ So I try this - using the mail-trends code from [1] root at gw:/scripts/mail-trends # ./main.py --server=localhost --username=johndoe at dom.ain --password=1234 --use_ssl [2017-01-21 22:24:08,552] Initializing {'username': 'johndoe at dom.ain', 'use_ssl': '', 'password': '1234', 'server': 'localhost'} [2017-01-21 22:24:08,552] Connecting [2017-01-21 22:24:08,747] Logging in [2017-01-21 22:24:08,752] Getting mailboxes *[2017-01-21 22:24:08,753] Found INBOX.spam *<-- Where it is getting this from beats me! *[2017-01-21 22:24:08,753] Found INBOX* Traceback (most recent call last): File "./main.py", line 304, in message_infos = GetMessageInfos(opts) File "./main.py", line 104, in GetMessageInfos for mailbox in m.GetMailboxes(): File "/scripts/mail-trends/mail.py", line 61, in GetMailboxes mailboxes.remove('[Gmail]') ValueError: list.remove(x): x not in list root at gw:/scripts/mail-trends # root at gw:/scripts/mail-trends # *ls -al /var/spool/virtual/dom.ain/johndoe/Maildir/* total 3256 drwx------ 5 mailnull mailnull 512 Jan 22 00:04 . drwx------ 3 mailnull mailnull 512 Jan 21 18:48 .. drwx------ 2 mailnull mailnull 1084416 Jan 22 00:04 cur -rw------- 1 mailnull mailnull 1074769 Jan 21 18:52 dovecot-uidlist -rw------- 1 mailnull mailnull 8 Jan 21 18:32 dovecot-uidvalidity -r--r--r-- 1 mailnull mailnull 0 Jan 21 18:32 dovecot-uidvalidity.58837ef3 drwx------ 2 mailnull mailnull 1084416 Jan 21 18:47 new -rw-r--r-- 1 mailnull mailnull 0 Jan 21 18:30 subscriptions drwx------ 2 mailnull mailnull 512 Jan 21 17:44 tmp If anyone is able to hack this with Dovecot, please share the details. [0] http://code.google.com/p/mail-trends/ [1] https://github.com/jpbarraca/mail-trends -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft." From sven at svenhartge.de Sat Jan 21 22:02:28 2017 From: sven at svenhartge.de (Sven Hartge) Date: Sat, 21 Jan 2017 23:02:28 +0100 Subject: mail-trends+Dovecot References: Message-ID: <9d73ahgarkdv8@mids.svenhartge.de> Odhiambo Washington wrote: > Traceback (most recent call last): > File "./main.py", line 304, in > message_infos = GetMessageInfos(opts) > File "./main.py", line 104, in GetMessageInfos > for mailbox in m.GetMailboxes(): > File "/scripts/mail-trends/mail.py", line 61, in GetMailboxes > mailboxes.remove('[Gmail]') > ValueError: list.remove(x): x not in list Remove line 61 from ./scripts/mail-trends/mail.py and everything is fine. That code unconditionally removes the folder and sub-folder named "[Gmail]" from the list of mailboxes to avoid duplicate messages. The error happens because you don't have such a folder in your account. Gr??e, Sven. -- Sigmentation fault. Core dumped. From rogerklorese at gmail.com Sun Jan 22 01:33:42 2017 From: rogerklorese at gmail.com (Roger Klorese) Date: Sat, 21 Jan 2017 17:33:42 -0800 Subject: Relative home path not allowed - but how is this relative? Message-ID: I just set up my server with MySQL support for authentication/authorization compatible with Postfix Admin. Initially, I was getting the "Relative home directory paths not supported" message, and it's easy to see why - Postfix Admin stores the maildir as "$domain/$userpart@$domain". But the directories in 10-mail.conf are set as mail_location = maildir:/home/mailboxes/%d/%u mail_home = maildir:/home/mailboxes/%d/%u ...and the user_query has been revised to: user_query = SELECT concat('/home/mailboxes/', maildir) as full_maildir FROM mailbox WHERE username = '%u'; ...so how are any of these relative paths? From rogerklorese at gmail.com Sun Jan 22 01:45:22 2017 From: rogerklorese at gmail.com (Roger Klorese) Date: Sat, 21 Jan 2017 17:45:22 -0800 Subject: Relative home path not allowed - but how is this relative? In-Reply-To: References: Message-ID: Never mind - query was a little screwed up...! Got it now. Thanks. On Sat, Jan 21, 2017 at 5:33 PM, Roger Klorese wrote: > I just set up my server with MySQL support for > authentication/authorization compatible with Postfix Admin. > > Initially, I was getting the "Relative home directory paths not supported" > message, and it's easy to see why - Postfix Admin stores the maildir as > "$domain/$userpart@$domain". > > But the directories in 10-mail.conf are set as > > mail_location = maildir:/home/mailboxes/%d/%u > mail_home = maildir:/home/mailboxes/%d/%u > > ...and the user_query has been revised to: > > user_query = SELECT concat('/home/mailboxes/', maildir) as full_maildir > FROM mailbox WHERE username = '%u'; > > ...so how are any of these relative paths? > From odhiambo at gmail.com Sun Jan 22 06:18:04 2017 From: odhiambo at gmail.com (Odhiambo Washington) Date: Sun, 22 Jan 2017 09:18:04 +0300 Subject: mail-trends+Dovecot In-Reply-To: <9d73ahgarkdv8@mids.svenhartge.de> References: <9d73ahgarkdv8@mids.svenhartge.de> Message-ID: On 22 January 2017 at 01:02, Sven Hartge wrote: > Odhiambo Washington wrote: > > > Traceback (most recent call last): > > File "./main.py", line 304, in > > message_infos = GetMessageInfos(opts) > > File "./main.py", line 104, in GetMessageInfos > > for mailbox in m.GetMailboxes(): > > File "/scripts/mail-trends/mail.py", line 61, in GetMailboxes > > mailboxes.remove('[Gmail]') > > ValueError: list.remove(x): x not in list > > Remove line 61 from ./scripts/mail-trends/mail.py and everything is > fine. That code unconditionally removes the folder and sub-folder named > "[Gmail]" from the list of mailboxes to avoid duplicate messages. > > The error happens because you don't have such a folder in your account. > > Gr??e, > Sven. > > -- > Sigmentation fault. Core dumped. You nailed it. Thank you very much. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft." From mail at jan-von.de Sun Jan 22 09:01:59 2017 From: mail at jan-von.de (Jan Vonde) Date: Sun, 22 Jan 2017 10:01:59 +0100 Subject: fts_solr and connection via https:// Message-ID: <3e405043-9e5b-39a5-6ff1-0c462a7bb8cb@jan-von.de> Hi, I am trying to get fts_solr working and my index server is available via HTTPS only. Dovecot is running on a Debian Jessie system and the Solr server has a letsencrypt certificate. My dovecot version is: 2.2.devel (a9ed8ae) The current setup is: 10-mail.conf: mail_plugins = fts fts_solr 90-fts.conf: plugin { fts = solr fts_autoindex = yes fts_solr = url=https://foo.example.com/solr/dovecot/ } When I try to index the mailboxes I am getting error messages like this: doveadm(user at host): Error: fts_solr: Lookup failed: 9002 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) doveadm(user at host): Error: Mailbox INBOX: Status lookup failed: Internal error occurred. Refer to server log for more information. [2017-01-22 09:52:38] Segmentation fault Contacting the index server via curl on the command line on the same host works, it returns HTTP 200: user at host ~ $ curl -s -o /dev/null -w "%{http_code}" https://foo.example.com/solr/ 200 user at host ~ $ Currently I have the following ssl related settings: user at host ~ $ doveconf -n -P | grep -i ssl ssl_cert = References: <3e405043-9e5b-39a5-6ff1-0c462a7bb8cb@jan-von.de> Message-ID: Op 1/22/2017 om 10:01 AM schreef Jan Vonde: > I tried adding the following settings but that didn't help: > ssl_ca = < /etc/ssl/certs/ca-certificates.crt > ssl_client_ca_dir = /etc/ssl/certs > > Can you give me a hint how I can get the ssl certificate accepted? That should normally have done the trick. However, the sources tell me that no ssl_client settings are propagated to the http_client used by fts-solr, so SSL is not currently supported it seems. I'll check how easy it is to add that. Regards, Stephan. From james at jmwhite.co.uk Sun Jan 22 19:00:59 2017 From: james at jmwhite.co.uk (James White) Date: Sun, 22 Jan 2017 19:00:59 +0000 Subject: Mailbox alias plugin and INBOX. folders Message-ID: <74072cbc-fbda-5c58-dcc4-6f605fd6f011@jmwhite.co.uk> Hi, I'm trying to workaround the lack of IMAP folder mapping settings on Windows 10 Mobile in regards to controlling the Sent, Trash etc folder my device uses. Currently, my device creates its own "Sent Items" folder "Deleted Items" folder along with others, this is pain when using clients like Thunderbird which places such them in the correct places, because it can be configured this way. While this is a Microsoft issue, its looking very unlikely they will add IMAP mapping control, as its been like this since Windows Phone 7. So I was looking for performing a workaround at the server level. I came across the Dovecot Mailbox alias plugin, which sounds like a decent workaround, to at least allow sent email messages from my Windows 10 mobile device to show up in the right place, I'm aware of the potential for double cache etc, but I have enough storage for it. http://wiki2.dovecot.org/Plugins/MailboxAlias What I'm having difficulty with, is expressing the mailbox_alias to an existing INBOX. folder. My email server uses the INBOX prefix setup, so my configured folders are: INBOX\INBOX.Sent INBOX\INBOX.Drafts INBOX\INBOX.Trash INBOX\INBOX.Spam Most examples seem to indicate doing at the root folder level i.e. Sent Items -> Sent not Sent Items -> INBOX\INBOX.Sent. Is it possible to use the alias plugin in this way? If so how would I express this using mailbox_alias_old, I tried INBOX/Sent, but this seems to send all items to a blackhole, as they can no longer be found in any folder. It does appear to work at the root folder level, but as my setup is using the older INBOX prefix, I don't want to do that. Any hints/tips would be appreciated! Thanks, James -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From aki.tuomi at dovecot.fi Mon Jan 23 08:33:53 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 23 Jan 2017 10:33:53 +0200 Subject: Mailbox alias plugin and INBOX. folders In-Reply-To: <74072cbc-fbda-5c58-dcc4-6f605fd6f011@jmwhite.co.uk> References: <74072cbc-fbda-5c58-dcc4-6f605fd6f011@jmwhite.co.uk> Message-ID: <2e836c01-df1a-43b1-e529-dc40f78616d8@dovecot.fi> On 22.01.2017 21:00, James White wrote: > Hi, > > I'm trying to workaround the lack of IMAP folder mapping settings on > Windows 10 Mobile in regards to controlling the Sent, Trash etc folder > my device uses. Currently, my device creates its own "Sent Items" folder > "Deleted Items" folder along with others, this is pain when using > clients like Thunderbird which places such them in the correct places, > because it can be configured this way. > > While this is a Microsoft issue, its looking very unlikely they will add > IMAP mapping control, as its been like this since Windows Phone 7. So I > was looking for performing a workaround at the server level. > > I came across the Dovecot Mailbox alias plugin, which sounds like a > decent workaround, to at least allow sent email messages from my Windows > 10 mobile device to show up in the right place, I'm aware of the > potential for double cache etc, but I have enough storage for it. > > http://wiki2.dovecot.org/Plugins/MailboxAlias > > What I'm having difficulty with, is expressing the mailbox_alias to an > existing INBOX. folder. My email server uses the INBOX prefix setup, so > my configured folders are: > > INBOX\INBOX.Sent > INBOX\INBOX.Drafts > INBOX\INBOX.Trash > INBOX\INBOX.Spam > > Most examples seem to indicate doing at the root folder level i.e. Sent > Items -> Sent not Sent Items -> INBOX\INBOX.Sent. > > Is it possible to use the alias plugin in this way? If so how would I > express this using mailbox_alias_old, I tried INBOX/Sent, but this seems > to send all items to a blackhole, as they can no longer be found in any > folder. > > It does appear to work at the root folder level, but as my setup is > using the older INBOX prefix, I don't want to do that. > > Any hints/tips would be appreciated! > > Thanks, > > James > There are special use flags \Trash, \Sent, \Spam etc, have you tried settings there? Aki From Raymond.Sellars at orionhealth.com Mon Jan 23 08:37:06 2017 From: Raymond.Sellars at orionhealth.com (Raymond Sellars) Date: Mon, 23 Jan 2017 08:37:06 +0000 Subject: Ox Dovecot - dovecot.fi - dovecot-ee repo access Message-ID: Hi My question is a little off topic but hoping the community has some insight or advise. Has anyone had success in contacting OX dovecot. We previous purchased Dovecot Pro and had access to the dovecot-ee (https://yum.dovecot.fi) repository. Credentials are no longer valid and all attempts (over the months) to reach Ox gain no response. Wondering if others are having Pro access issues or have managed to reach their info/sales team (info at dovecot.fi?). Any recommendations on alternatives for commercial support? Primarily active security patching/advisement rather than polling the open source release stream. Thanks Raymond From aki.tuomi at dovecot.fi Mon Jan 23 08:37:10 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 23 Jan 2017 10:37:10 +0200 Subject: Segfault on LIST Command In-Reply-To: References: Message-ID: <80affa00-c33f-e800-7eaa-4d96f1f10605@dovecot.fi> On 19.01.2017 15:56, Thorsten Hater wrote: > The Problem arises due to a NULL deref in mail_namespaces.c line 601. > Backtrace below > > x LIST "" "" > > Program received signal SIGSEGV, Segmentation fault. > mail_namespaces_get_root_sep (namespaces=0x0) at mail-namespace.c:601 > 601 while ((namespaces->flags & NAMESPACE_FLAG_LIST_PREFIX) == 0) > (gdb) bt > #0 mail_namespaces_get_root_sep (namespaces=0x0) at mail-namespace.c:601 > #1 0x000000000041164c in cmd_list_ref_root (ref=0x65b060 "", > client=0x65a590) at cmd-list.c:324 > #2 cmd_list_full (cmd=0x65aee0, lsub=) at cmd-list.c:461 > #3 0x0000000000419825 in command_exec (cmd=cmd at entry=0x65aee0) at > imap-commands.c:181 > #4 0x0000000000417de2 in client_command_input (cmd=cmd at entry=0x65aee0) at > imap-client.c:988 > #5 0x0000000000417e70 in client_command_input (cmd=0x65aee0) at > imap-client.c:1048 > #6 0x00000000004181e5 in client_handle_next_command > (remove_io_r=, client=0x65a590) at imap-client.c:1090 > #7 client_handle_input (client=0x65a590) at imap-client.c:1102 > #8 0x0000000000418692 in client_input (client=0x65a590) at > imap-client.c:1149 > #9 0x00007ffff76297ac in io_loop_call_io (io=0x652aa0) at ioloop.c:589 > #10 0x00007ffff762ab4a in io_loop_handler_run_internal > (ioloop=ioloop at entry=0x63e7f0) > at ioloop-epoll.c:222 > #11 0x00007ffff7629835 in io_loop_handler_run (ioloop=ioloop at entry=0x63e7f0) > at ioloop.c:637 > #12 0x00007ffff76299d8 in io_loop_run (ioloop=0x63e7f0) at ioloop.c:613 > #13 0x00007ffff75b9823 in master_service_run (service=0x63e690, > callback=callback at entry=0x423d40 ) at master-service.c:641 > #14 0x000000000040c567 in main (argc=3, argv=0x63e390) at main.c:460 > > On Thu, Jan 19, 2017 at 1:05 PM, Thorsten Hater > wrote: > >> Dear all, >> >> I experience SegFaults in the imap binary on a LIST "" "" command, >> as sent by Claws mail. Using LIST "" "INBOX" or similar is fine. >> Here is an example telnet session >> >> $ telnet 127.0.0.1 143 >> Trying 127.0.0.1... >> Connected to 127.0.0.1. >> Escape character is '^]'. >> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE >> AUTH=PLAIN] Dovecot ready. >> 01 LOGIN **** **** >> 01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT >> MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS >> LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN >> CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE QUOTA] Logged in >> 02 LIST "" "" >> Connection closed by foreign host. >> >> In the log file >> >> dovecot[8375]: imap(***): Fatal: master: service(imap): child 15803 killed >> with signal 11 (core dumps disabled) >> >> Please find the config below. >> >> Best regards, >> Thorsten >> >> $ doveconf -n >> # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf >> # Pigeonhole version 0.4.16 (1dc4c73) >> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 >> auth_debug = yes >> auth_debug_passwords = yes >> auth_socket_path = /var/run/dovecot/auth-userdb >> auth_verbose = yes >> base_dir = /var/run/dovecot/ >> default_internal_user = pop >> first_valid_uid = 48 >> import_environment = TZ DEBUG=1 >> last_valid_uid = 48 >> login_trusted_networks = **** >> mail_debug = yes >> mail_gid = pop >> mail_plugins = " mail_log notify zlib quota" >> mail_uid = pop >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope encoded-character >> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags >> copy include variables body enotify environment mailbox date index ihave >> duplicate mime foreverypart extracttext >> namespace inbox { >> inbox = yes >> list = children >> location = >> mailbox Drafts { >> auto = no >> special_use = \Drafts >> } >> mailbox Sent { >> auto = no >> special_use = \Sent >> } >> mailbox Trash { >> auto = no >> autoexpunge = 30 days >> special_use = \Trash >> } >> mailbox drafts { >> auto = no >> special_use = \Drafts >> } >> mailbox sent { >> auto = no >> special_use = \Sent >> } >> mailbox spamverdacht { >> auto = no >> autoexpunge = 30 days >> special_use = \Junk >> } >> mailbox trash { >> auto = no >> autoexpunge = 30 days >> special_use = \Trash >> } >> mailbox virenverdacht { >> auto = no >> autoexpunge = 30 days >> special_use = \Junk >> } >> prefix = INBOX. >> separator = . >> subscriptions = yes >> type = private >> } >> passdb { >> args = nopassword=y >> driver = static >> } >> plugin { >> last_login_dict = file:~/lastlogin >> mail_log_events = delete undelete expunge copy mailbox_delete >> mailbox_rename >> mail_log_fields = uid box msgid size >> quota = maildir:User quota >> quota_warning = storage=80%% 80 %u %{userdb:quota_bytes} >> quota_warning2 = storage=90%% 90 %u %{userdb:quota_bytes} >> quota_warning3 = storage=95%% 95 %u %{userdb:quota_bytes} >> sieve = ldap:/etc/dovecot/pigeonhole-ldap.conf >> sieve_dir = ~/sieve >> sieve_plugins = sieve_storage_ldap >> zlib_save = gz >> zlib_save_level = 6 >> } >> service imap { >> executable = imap postlogin >> } >> service pop3 { >> executable = pop3 postlogin >> } >> service postlogin { >> executable = script-login -d rawlog >> } >> service quota-warning { >> executable = script /bin/quota-warning.sh >> } >> ssl = no >> userdb { >> args = /etc/dovecot/userdb-ldap.conf >> driver = ldap >> result_failure = return-fail >> result_internalfail = return-fail >> result_success = continue-ok >> } >> userdb { >> default_fields = quota_bytes=42M >> driver = bdb_quota >> override_fields = quota_rule=*:bytes=%{userdb:quota_bytes} >> result_failure = return-fail >> result_internalfail = return-fail >> result_success = continue-ok >> } >> verbose_proctitle = yes >> protocol lda { >> auth_socket_path = /var/run/dovecot/auth-userdb >> mail_plugin_dir = /lib/dovecot/modules >> mail_plugins = " mail_log notify zlib quota sieve" >> } >> protocol imap { >> mail_plugins = " mail_log notify zlib quota imap_xauth last_login >> imap_quota" >> } >> protocol pop3 { >> mail_plugins = " mail_log notify zlib quota last_login" >> } >> Hi! We are looking into this crash. Are you intentionally setting inbox namespace location to empty? Aki From aki.tuomi at dovecot.fi Mon Jan 23 08:37:53 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 23 Jan 2017 10:37:53 +0200 Subject: Ox Dovecot - dovecot.fi - dovecot-ee repo access In-Reply-To: References: Message-ID: <413c6c14-e841-2741-f0cb-9e2815b56f60@dovecot.fi> On 23.01.2017 10:37, Raymond Sellars wrote: > Hi > > My question is a little off topic but hoping the community has some insight or advise. > > Has anyone had success in contacting OX dovecot. We previous purchased Dovecot Pro and had access to the dovecot-ee (https://yum.dovecot.fi) repository. Credentials are no longer valid and all attempts (over the months) to reach Ox gain no response. > > Wondering if others are having Pro access issues or have managed to reach their info/sales team (info at dovecot.fi?). > > Any recommendations on alternatives for commercial support? Primarily active security patching/advisement rather than polling the open source release stream. > > Thanks > Raymond Hi! I'll pass your message along and someone will be in touch. Aki Tuomi Dovecot oy From james at jmwhite.co.uk Mon Jan 23 08:42:04 2017 From: james at jmwhite.co.uk (James White) Date: Mon, 23 Jan 2017 08:42:04 +0000 Subject: Mailbox alias plugin and INBOX. folders In-Reply-To: <2e836c01-df1a-43b1-e529-dc40f78616d8@dovecot.fi> References: <74072cbc-fbda-5c58-dcc4-6f605fd6f011@jmwhite.co.uk> <2e836c01-df1a-43b1-e529-dc40f78616d8@dovecot.fi> Message-ID: <2ABE627B-20E0-452A-955B-45DFFEBD786B@jmwhite.co.uk> I have found a bit of a cruder workaround, essentially create the symlink within the email account mailbox manually on the FS. I?ve let my phone create the "Sent Items" and "Deleted Items? folder, then deleted them within my Maildir and then did ln -s .INBOX.Sent ?.Sent Items?and ran chown -h to the correct permissions. This seems to have worked, the contents of INBOX.Sent now appears in the Sent Items folder on my phone likewise for Deleted Items, repeating the same process with the different folder names. I believe this still creates the ?double cache? issue, but I can live with that. The whole point of having IMAP is that your sent items and such go to the same place on all clients, but try telling Microsoft that! James > On 23 Jan 2017, at 08:33, Aki Tuomi wrote: > > > > On 22.01.2017 21:00, James White wrote: >> Hi, >> >> I'm trying to workaround the lack of IMAP folder mapping settings on >> Windows 10 Mobile in regards to controlling the Sent, Trash etc folder >> my device uses. Currently, my device creates its own "Sent Items" folder >> "Deleted Items" folder along with others, this is pain when using >> clients like Thunderbird which places such them in the correct places, >> because it can be configured this way. >> >> While this is a Microsoft issue, its looking very unlikely they will add >> IMAP mapping control, as its been like this since Windows Phone 7. So I >> was looking for performing a workaround at the server level. >> >> I came across the Dovecot Mailbox alias plugin, which sounds like a >> decent workaround, to at least allow sent email messages from my Windows >> 10 mobile device to show up in the right place, I'm aware of the >> potential for double cache etc, but I have enough storage for it. >> >> http://wiki2.dovecot.org/Plugins/MailboxAlias >> >> What I'm having difficulty with, is expressing the mailbox_alias to an >> existing INBOX. folder. My email server uses the INBOX prefix setup, so >> my configured folders are: >> >> INBOX\INBOX.Sent >> INBOX\INBOX.Drafts >> INBOX\INBOX.Trash >> INBOX\INBOX.Spam >> >> Most examples seem to indicate doing at the root folder level i.e. Sent >> Items -> Sent not Sent Items -> INBOX\INBOX.Sent. >> >> Is it possible to use the alias plugin in this way? If so how would I >> express this using mailbox_alias_old, I tried INBOX/Sent, but this seems >> to send all items to a blackhole, as they can no longer be found in any >> folder. >> >> It does appear to work at the root folder level, but as my setup is >> using the older INBOX prefix, I don't want to do that. >> >> Any hints/tips would be appreciated! >> >> Thanks, >> >> James >> > > There are special use flags \Trash, \Sent, \Spam etc, > have you tried settings there? > > Aki -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 873 bytes Desc: Message signed with OpenPGP URL: From aki.tuomi at dovecot.fi Mon Jan 23 08:53:59 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 23 Jan 2017 10:53:59 +0200 Subject: Doveadm backup doesn't interpret placeholders In-Reply-To: References: Message-ID: On 19.01.2017 10:49, James Pharaoh wrote: > Hi, > > Dovecot version: 2.2.27 > > I'm using replication between two servers for high availability, but I > also want to backup all users. I have a setting for the replication to > work like this: > > plugin { > mail_replica = tcp:other-dovecot > } > > This is fine, but then I also want to do a backup to a different > directory for all users, since I am having trouble with an apparent > bug running dovecot on btrfs. For this reason, I am storing my emails > on ext4, but want to sync them to the BTRFS filesystem I use for my > server before doing a snapshot. > > My mails are stored in /var/mail/mailboxes, and the backup is in > /var/mail/mailboxes-backup, the former being the ext4 mount and the > latter being part of the btrfs filesystem which belongs to the > container where all this runs. > > The problem is that dovecot seems to only have a single concept of the > mail backup location, which is either a remote, as above, or a > filesystem location. > > The logical answer seems to be to provide the backup location when > performing the local copy for a snapshot, so I run: > > doveadm backup -A mdbox:/var/mail/mailboxes-backup/%d/accounts/%u Try doveadm -o mail_home=/var/mail/mailboxes-backup/%d/accounts/%u backup -A mdbox:~/ Aki From james at pharaoh.uk Mon Jan 23 09:35:44 2017 From: james at pharaoh.uk (James Pharaoh) Date: Mon, 23 Jan 2017 10:35:44 +0100 Subject: Doveadm backup doesn't interpret placeholders In-Reply-To: References: Message-ID: <2fc579ed-0441-d7d6-dba7-472184f8851d@pharaoh.uk> On 23/01/17 09:53, Aki Tuomi wrote: > > On 19.01.2017 10:49, James Pharaoh wrote: >> >> Dovecot version: 2.2.27 >> >> The logical answer seems to be to provide the backup location when >> performing the local copy for a snapshot, so I run: >> >> doveadm backup -A mdbox:/var/mail/mailboxes-backup/%d/accounts/%u > > Try doveadm -o mail_home=/var/mail/mailboxes-backup/%d/accounts/%u > backup -A mdbox:~/ This won't work, surely, because I use a similar pattern for the source, basically without the "-backup" bit. If you can confirm this is not supported I'm happy to create a patch for it myself, it doesn't seem like it will be very difficult. James From aki.tuomi at dovecot.fi Mon Jan 23 09:37:49 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 23 Jan 2017 11:37:49 +0200 Subject: Doveadm backup doesn't interpret placeholders In-Reply-To: <2fc579ed-0441-d7d6-dba7-472184f8851d@pharaoh.uk> References: <2fc579ed-0441-d7d6-dba7-472184f8851d@pharaoh.uk> Message-ID: <281a1049-bca5-a70a-da9b-202b17d98c23@dovecot.fi> On 23.01.2017 11:35, James Pharaoh wrote: > On 23/01/17 09:53, Aki Tuomi wrote: >> >> On 19.01.2017 10:49, James Pharaoh wrote: >>> >>> Dovecot version: 2.2.27 >>> >>> The logical answer seems to be to provide the backup location when >>> performing the local copy for a snapshot, so I run: >>> >>> doveadm backup -A mdbox:/var/mail/mailboxes-backup/%d/accounts/%u >> >> Try doveadm -o mail_home=/var/mail/mailboxes-backup/%d/accounts/%u >> backup -A mdbox:~/ > > This won't work, surely, because I use a similar pattern for the > source, basically without the "-backup" bit. > > If you can confirm this is not supported I'm happy to create a patch > for it myself, it doesn't seem like it will be very difficult. > > James Oh, then it won't work. The reason this interpolation does not occur is that we consider % a valid path name. We have been considering how to solve this, and possibly it requires some config flag to permit interpolation in mailbox location when given from command line. A patch is welcome, of course, but please keep this is mind. =) Aki From thorsten.hater at gmail.com Mon Jan 23 09:45:41 2017 From: thorsten.hater at gmail.com (Thorsten Hater) Date: Mon, 23 Jan 2017 10:45:41 +0100 Subject: Segfault on LIST Command In-Reply-To: References: <80affa00-c33f-e800-7eaa-4d96f1f10605@dovecot.fi> Message-ID: Hi, I did added the default location and stripped down my config to a very basic level, dropping all plugins and database queries, see below. The segfault still appears in the same location. As I have build from source, I wonder whether you can reproduce the problem? Thorsten $ doveconf -n # 2.2.26.0 (23d1de6): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (1dc4c73) # OS: Linux 3.18.16-intel-vm-64bit x86_64 Debian 8.6 auth_debug = yes auth_debug_passwords = yes auth_socket_path = /usr/local/var/run/dovecot/auth-userdb auth_verbose = yes base_dir = /usr/local/var/run/dovecot/ default_internal_user = pop first_valid_uid = 48 import_environment = TZ DEBUG=1 last_valid_uid = 48 login_greeting = Dovecot ready. login_trusted_networks = **** mail_debug = yes mail_gid = pop mail_location = maildir:~/Maildir mail_plugin_dir = /usr/local/lib/dovecot/ mail_uid = pop managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes list = children location = maildir:~/Maildir prefix = INBOX. separator = . subscriptions = yes type = private } passdb { args = nopassword=yes driver = static } protocols = imap pop3 lmtp imap pop3 ssl = no userdb { args = home=**** uid=pop gid=pop quota_rule=*:bytes=1000M driver = static } verbose_proctitle = yes protocol lda { auth_socket_path = /usr/local/var/run/dovecot/auth-userdb } On Mon, Jan 23, 2017 at 10:01 AM, Thorsten Hater wrote: > Hi, > > thanks for picking this up. The location is pulled from the database, but > is uniform > for all users, so I could set it to maildir:~/Maildir globally. Assuming > ~ is expanded > later on with userdb data. So, no, there is no special intention behind > this. > > Thorsten > > On Mon, Jan 23, 2017 at 9:37 AM, Aki Tuomi wrote: > >> >> >> On 19.01.2017 15:56, Thorsten Hater wrote: >> > The Problem arises due to a NULL deref in mail_namespaces.c line 601. >> > Backtrace below >> > >> > x LIST "" "" >> > >> > Program received signal SIGSEGV, Segmentation fault. >> > mail_namespaces_get_root_sep (namespaces=0x0) at mail-namespace.c:601 >> > 601 while ((namespaces->flags & NAMESPACE_FLAG_LIST_PREFIX) == 0) >> > (gdb) bt >> > #0 mail_namespaces_get_root_sep (namespaces=0x0) at >> mail-namespace.c:601 >> > #1 0x000000000041164c in cmd_list_ref_root (ref=0x65b060 "", >> > client=0x65a590) at cmd-list.c:324 >> > #2 cmd_list_full (cmd=0x65aee0, lsub=) at cmd-list.c:461 >> > #3 0x0000000000419825 in command_exec (cmd=cmd at entry=0x65aee0) at >> > imap-commands.c:181 >> > #4 0x0000000000417de2 in client_command_input (cmd=cmd at entry=0x65aee0) >> at >> > imap-client.c:988 >> > #5 0x0000000000417e70 in client_command_input (cmd=0x65aee0) at >> > imap-client.c:1048 >> > #6 0x00000000004181e5 in client_handle_next_command >> > (remove_io_r=, client=0x65a590) at imap-client.c:1090 >> > #7 client_handle_input (client=0x65a590) at imap-client.c:1102 >> > #8 0x0000000000418692 in client_input (client=0x65a590) at >> > imap-client.c:1149 >> > #9 0x00007ffff76297ac in io_loop_call_io (io=0x652aa0) at ioloop.c:589 >> > #10 0x00007ffff762ab4a in io_loop_handler_run_internal >> > (ioloop=ioloop at entry=0x63e7f0) >> > at ioloop-epoll.c:222 >> > #11 0x00007ffff7629835 in io_loop_handler_run (ioloop=ioloop at entry >> =0x63e7f0) >> > at ioloop.c:637 >> > #12 0x00007ffff76299d8 in io_loop_run (ioloop=0x63e7f0) at ioloop.c:613 >> > #13 0x00007ffff75b9823 in master_service_run (service=0x63e690, >> > callback=callback at entry=0x423d40 ) at >> master-service.c:641 >> > #14 0x000000000040c567 in main (argc=3, argv=0x63e390) at main.c:460 >> > >> > On Thu, Jan 19, 2017 at 1:05 PM, Thorsten Hater < >> thorsten.hater at gmail.com> >> > wrote: >> > >> >> Dear all, >> >> >> >> I experience SegFaults in the imap binary on a LIST "" "" command, >> >> as sent by Claws mail. Using LIST "" "INBOX" or similar is fine. >> >> Here is an example telnet session >> >> >> >> $ telnet 127.0.0.1 143 >> >> Trying 127.0.0.1... >> >> Connected to 127.0.0.1. >> >> Escape character is '^]'. >> >> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >> IDLE >> >> AUTH=PLAIN] Dovecot ready. >> >> 01 LOGIN **** **** >> >> 01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >> >> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS >> THREAD=ORDEREDSUBJECT >> >> MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS >> >> LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES >> WITHIN >> >> CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE QUOTA] Logged in >> >> 02 LIST "" "" >> >> Connection closed by foreign host. >> >> >> >> In the log file >> >> >> >> dovecot[8375]: imap(***): Fatal: master: service(imap): child 15803 >> killed >> >> with signal 11 (core dumps disabled) >> >> >> >> Please find the config below. >> >> >> >> Best regards, >> >> Thorsten >> >> >> >> $ doveconf -n >> >> # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf >> >> # Pigeonhole version 0.4.16 (1dc4c73) >> >> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 >> >> auth_debug = yes >> >> auth_debug_passwords = yes >> >> auth_socket_path = /var/run/dovecot/auth-userdb >> >> auth_verbose = yes >> >> base_dir = /var/run/dovecot/ >> >> default_internal_user = pop >> >> first_valid_uid = 48 >> >> import_environment = TZ DEBUG=1 >> >> last_valid_uid = 48 >> >> login_trusted_networks = **** >> >> mail_debug = yes >> >> mail_gid = pop >> >> mail_plugins = " mail_log notify zlib quota" >> >> mail_uid = pop >> >> managesieve_notify_capability = mailto >> >> managesieve_sieve_capability = fileinto reject envelope >> encoded-character >> >> vacation subaddress comparator-i;ascii-numeric relational regex >> imap4flags >> >> copy include variables body enotify environment mailbox date index >> ihave >> >> duplicate mime foreverypart extracttext >> >> namespace inbox { >> >> inbox = yes >> >> list = children >> >> location = >> >> mailbox Drafts { >> >> auto = no >> >> special_use = \Drafts >> >> } >> >> mailbox Sent { >> >> auto = no >> >> special_use = \Sent >> >> } >> >> mailbox Trash { >> >> auto = no >> >> autoexpunge = 30 days >> >> special_use = \Trash >> >> } >> >> mailbox drafts { >> >> auto = no >> >> special_use = \Drafts >> >> } >> >> mailbox sent { >> >> auto = no >> >> special_use = \Sent >> >> } >> >> mailbox spamverdacht { >> >> auto = no >> >> autoexpunge = 30 days >> >> special_use = \Junk >> >> } >> >> mailbox trash { >> >> auto = no >> >> autoexpunge = 30 days >> >> special_use = \Trash >> >> } >> >> mailbox virenverdacht { >> >> auto = no >> >> autoexpunge = 30 days >> >> special_use = \Junk >> >> } >> >> prefix = INBOX. >> >> separator = . >> >> subscriptions = yes >> >> type = private >> >> } >> >> passdb { >> >> args = nopassword=y >> >> driver = static >> >> } >> >> plugin { >> >> last_login_dict = file:~/lastlogin >> >> mail_log_events = delete undelete expunge copy mailbox_delete >> >> mailbox_rename >> >> mail_log_fields = uid box msgid size >> >> quota = maildir:User quota >> >> quota_warning = storage=80%% 80 %u %{userdb:quota_bytes} >> >> quota_warning2 = storage=90%% 90 %u %{userdb:quota_bytes} >> >> quota_warning3 = storage=95%% 95 %u %{userdb:quota_bytes} >> >> sieve = ldap:/etc/dovecot/pigeonhole-ldap.conf >> >> sieve_dir = ~/sieve >> >> sieve_plugins = sieve_storage_ldap >> >> zlib_save = gz >> >> zlib_save_level = 6 >> >> } >> >> service imap { >> >> executable = imap postlogin >> >> } >> >> service pop3 { >> >> executable = pop3 postlogin >> >> } >> >> service postlogin { >> >> executable = script-login -d rawlog >> >> } >> >> service quota-warning { >> >> executable = script /bin/quota-warning.sh >> >> } >> >> ssl = no >> >> userdb { >> >> args = /etc/dovecot/userdb-ldap.conf >> >> driver = ldap >> >> result_failure = return-fail >> >> result_internalfail = return-fail >> >> result_success = continue-ok >> >> } >> >> userdb { >> >> default_fields = quota_bytes=42M >> >> driver = bdb_quota >> >> override_fields = quota_rule=*:bytes=%{userdb:quota_bytes} >> >> result_failure = return-fail >> >> result_internalfail = return-fail >> >> result_success = continue-ok >> >> } >> >> verbose_proctitle = yes >> >> protocol lda { >> >> auth_socket_path = /var/run/dovecot/auth-userdb >> >> mail_plugin_dir = /lib/dovecot/modules >> >> mail_plugins = " mail_log notify zlib quota sieve" >> >> } >> >> protocol imap { >> >> mail_plugins = " mail_log notify zlib quota imap_xauth last_login >> >> imap_quota" >> >> } >> >> protocol pop3 { >> >> mail_plugins = " mail_log notify zlib quota last_login" >> >> } >> >> >> >> Hi! >> >> We are looking into this crash. >> >> Are you intentionally setting inbox namespace location to empty? >> >> Aki >> > > From aki.tuomi at dovecot.fi Mon Jan 23 09:46:56 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 23 Jan 2017 11:46:56 +0200 Subject: Segfault on LIST Command In-Reply-To: References: <80affa00-c33f-e800-7eaa-4d96f1f10605@dovecot.fi> Message-ID: <3472ec15-2f97-bb9c-9ca3-f66646b5e715@dovecot.fi> I'll try reproduce this issue, but can you, in the mean time, run this with mail_debug=yes and provide logs? Aki On 23.01.2017 11:45, Thorsten Hater wrote: > Hi, > > I did added the default location and stripped down my config to a very > basic > level, dropping all plugins and database queries, see below. The segfault > still > appears in the same location. > As I have build from source, I wonder whether you can reproduce the problem? > > Thorsten > > $ doveconf -n > # 2.2.26.0 (23d1de6): /usr/local/etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.16 (1dc4c73) > # OS: Linux 3.18.16-intel-vm-64bit x86_64 Debian 8.6 > auth_debug = yes > auth_debug_passwords = yes > auth_socket_path = /usr/local/var/run/dovecot/auth-userdb > auth_verbose = yes > base_dir = /usr/local/var/run/dovecot/ > default_internal_user = pop > first_valid_uid = 48 > import_environment = TZ DEBUG=1 > last_valid_uid = 48 > login_greeting = Dovecot ready. > login_trusted_networks = **** > mail_debug = yes > mail_gid = pop > mail_location = maildir:~/Maildir > mail_plugin_dir = /usr/local/lib/dovecot/ > mail_uid = pop > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date index ihave > duplicate mime foreverypart extracttext > namespace inbox { > inbox = yes > list = children > location = maildir:~/Maildir > prefix = INBOX. > separator = . > subscriptions = yes > type = private > } > passdb { > args = nopassword=yes > driver = static > } > protocols = imap pop3 lmtp imap pop3 > ssl = no > userdb { > args = home=**** uid=pop gid=pop quota_rule=*:bytes=1000M > driver = static > } > verbose_proctitle = yes > protocol lda { > auth_socket_path = /usr/local/var/run/dovecot/auth-userdb > } > > > On Mon, Jan 23, 2017 at 10:01 AM, Thorsten Hater > wrote: > >> Hi, >> >> thanks for picking this up. The location is pulled from the database, but >> is uniform >> for all users, so I could set it to maildir:~/Maildir globally. Assuming >> ~ is expanded >> later on with userdb data. So, no, there is no special intention behind >> this. >> >> Thorsten >> >> On Mon, Jan 23, 2017 at 9:37 AM, Aki Tuomi wrote: >> >>> >>> On 19.01.2017 15:56, Thorsten Hater wrote: >>>> The Problem arises due to a NULL deref in mail_namespaces.c line 601. >>>> Backtrace below >>>> >>>> x LIST "" "" >>>> >>>> Program received signal SIGSEGV, Segmentation fault. >>>> mail_namespaces_get_root_sep (namespaces=0x0) at mail-namespace.c:601 >>>> 601 while ((namespaces->flags & NAMESPACE_FLAG_LIST_PREFIX) == 0) >>>> (gdb) bt >>>> #0 mail_namespaces_get_root_sep (namespaces=0x0) at >>> mail-namespace.c:601 >>>> #1 0x000000000041164c in cmd_list_ref_root (ref=0x65b060 "", >>>> client=0x65a590) at cmd-list.c:324 >>>> #2 cmd_list_full (cmd=0x65aee0, lsub=) at cmd-list.c:461 >>>> #3 0x0000000000419825 in command_exec (cmd=cmd at entry=0x65aee0) at >>>> imap-commands.c:181 >>>> #4 0x0000000000417de2 in client_command_input (cmd=cmd at entry=0x65aee0) >>> at >>>> imap-client.c:988 >>>> #5 0x0000000000417e70 in client_command_input (cmd=0x65aee0) at >>>> imap-client.c:1048 >>>> #6 0x00000000004181e5 in client_handle_next_command >>>> (remove_io_r=, client=0x65a590) at imap-client.c:1090 >>>> #7 client_handle_input (client=0x65a590) at imap-client.c:1102 >>>> #8 0x0000000000418692 in client_input (client=0x65a590) at >>>> imap-client.c:1149 >>>> #9 0x00007ffff76297ac in io_loop_call_io (io=0x652aa0) at ioloop.c:589 >>>> #10 0x00007ffff762ab4a in io_loop_handler_run_internal >>>> (ioloop=ioloop at entry=0x63e7f0) >>>> at ioloop-epoll.c:222 >>>> #11 0x00007ffff7629835 in io_loop_handler_run (ioloop=ioloop at entry >>> =0x63e7f0) >>>> at ioloop.c:637 >>>> #12 0x00007ffff76299d8 in io_loop_run (ioloop=0x63e7f0) at ioloop.c:613 >>>> #13 0x00007ffff75b9823 in master_service_run (service=0x63e690, >>>> callback=callback at entry=0x423d40 ) at >>> master-service.c:641 >>>> #14 0x000000000040c567 in main (argc=3, argv=0x63e390) at main.c:460 >>>> >>>> On Thu, Jan 19, 2017 at 1:05 PM, Thorsten Hater < >>> thorsten.hater at gmail.com> >>>> wrote: >>>> >>>>> Dear all, >>>>> >>>>> I experience SegFaults in the imap binary on a LIST "" "" command, >>>>> as sent by Claws mail. Using LIST "" "INBOX" or similar is fine. >>>>> Here is an example telnet session >>>>> >>>>> $ telnet 127.0.0.1 143 >>>>> Trying 127.0.0.1... >>>>> Connected to 127.0.0.1. >>>>> Escape character is '^]'. >>>>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >>> IDLE >>>>> AUTH=PLAIN] Dovecot ready. >>>>> 01 LOGIN **** **** >>>>> 01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >>>>> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS >>> THREAD=ORDEREDSUBJECT >>>>> MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS >>>>> LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES >>> WITHIN >>>>> CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE QUOTA] Logged in >>>>> 02 LIST "" "" >>>>> Connection closed by foreign host. >>>>> >>>>> In the log file >>>>> >>>>> dovecot[8375]: imap(***): Fatal: master: service(imap): child 15803 >>> killed >>>>> with signal 11 (core dumps disabled) >>>>> >>>>> Please find the config below. >>>>> >>>>> Best regards, >>>>> Thorsten >>>>> >>>>> $ doveconf -n >>>>> # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf >>>>> # Pigeonhole version 0.4.16 (1dc4c73) >>>>> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 >>>>> auth_debug = yes >>>>> auth_debug_passwords = yes >>>>> auth_socket_path = /var/run/dovecot/auth-userdb >>>>> auth_verbose = yes >>>>> base_dir = /var/run/dovecot/ >>>>> default_internal_user = pop >>>>> first_valid_uid = 48 >>>>> import_environment = TZ DEBUG=1 >>>>> last_valid_uid = 48 >>>>> login_trusted_networks = **** >>>>> mail_debug = yes >>>>> mail_gid = pop >>>>> mail_plugins = " mail_log notify zlib quota" >>>>> mail_uid = pop >>>>> managesieve_notify_capability = mailto >>>>> managesieve_sieve_capability = fileinto reject envelope >>> encoded-character >>>>> vacation subaddress comparator-i;ascii-numeric relational regex >>> imap4flags >>>>> copy include variables body enotify environment mailbox date index >>> ihave >>>>> duplicate mime foreverypart extracttext >>>>> namespace inbox { >>>>> inbox = yes >>>>> list = children >>>>> location = >>>>> mailbox Drafts { >>>>> auto = no >>>>> special_use = \Drafts >>>>> } >>>>> mailbox Sent { >>>>> auto = no >>>>> special_use = \Sent >>>>> } >>>>> mailbox Trash { >>>>> auto = no >>>>> autoexpunge = 30 days >>>>> special_use = \Trash >>>>> } >>>>> mailbox drafts { >>>>> auto = no >>>>> special_use = \Drafts >>>>> } >>>>> mailbox sent { >>>>> auto = no >>>>> special_use = \Sent >>>>> } >>>>> mailbox spamverdacht { >>>>> auto = no >>>>> autoexpunge = 30 days >>>>> special_use = \Junk >>>>> } >>>>> mailbox trash { >>>>> auto = no >>>>> autoexpunge = 30 days >>>>> special_use = \Trash >>>>> } >>>>> mailbox virenverdacht { >>>>> auto = no >>>>> autoexpunge = 30 days >>>>> special_use = \Junk >>>>> } >>>>> prefix = INBOX. >>>>> separator = . >>>>> subscriptions = yes >>>>> type = private >>>>> } >>>>> passdb { >>>>> args = nopassword=y >>>>> driver = static >>>>> } >>>>> plugin { >>>>> last_login_dict = file:~/lastlogin >>>>> mail_log_events = delete undelete expunge copy mailbox_delete >>>>> mailbox_rename >>>>> mail_log_fields = uid box msgid size >>>>> quota = maildir:User quota >>>>> quota_warning = storage=80%% 80 %u %{userdb:quota_bytes} >>>>> quota_warning2 = storage=90%% 90 %u %{userdb:quota_bytes} >>>>> quota_warning3 = storage=95%% 95 %u %{userdb:quota_bytes} >>>>> sieve = ldap:/etc/dovecot/pigeonhole-ldap.conf >>>>> sieve_dir = ~/sieve >>>>> sieve_plugins = sieve_storage_ldap >>>>> zlib_save = gz >>>>> zlib_save_level = 6 >>>>> } >>>>> service imap { >>>>> executable = imap postlogin >>>>> } >>>>> service pop3 { >>>>> executable = pop3 postlogin >>>>> } >>>>> service postlogin { >>>>> executable = script-login -d rawlog >>>>> } >>>>> service quota-warning { >>>>> executable = script /bin/quota-warning.sh >>>>> } >>>>> ssl = no >>>>> userdb { >>>>> args = /etc/dovecot/userdb-ldap.conf >>>>> driver = ldap >>>>> result_failure = return-fail >>>>> result_internalfail = return-fail >>>>> result_success = continue-ok >>>>> } >>>>> userdb { >>>>> default_fields = quota_bytes=42M >>>>> driver = bdb_quota >>>>> override_fields = quota_rule=*:bytes=%{userdb:quota_bytes} >>>>> result_failure = return-fail >>>>> result_internalfail = return-fail >>>>> result_success = continue-ok >>>>> } >>>>> verbose_proctitle = yes >>>>> protocol lda { >>>>> auth_socket_path = /var/run/dovecot/auth-userdb >>>>> mail_plugin_dir = /lib/dovecot/modules >>>>> mail_plugins = " mail_log notify zlib quota sieve" >>>>> } >>>>> protocol imap { >>>>> mail_plugins = " mail_log notify zlib quota imap_xauth last_login >>>>> imap_quota" >>>>> } >>>>> protocol pop3 { >>>>> mail_plugins = " mail_log notify zlib quota last_login" >>>>> } >>>>> >>> Hi! >>> >>> We are looking into this crash. >>> >>> Are you intentionally setting inbox namespace location to empty? >>> >>> Aki >>> >> From aki.tuomi at dovecot.fi Mon Jan 23 09:52:53 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 23 Jan 2017 11:52:53 +0200 Subject: Segfault on LIST Command In-Reply-To: References: <80affa00-c33f-e800-7eaa-4d96f1f10605@dovecot.fi> Message-ID: <9c1c785d-288c-a9b6-dc93-e8348648a3b3@dovecot.fi> After trying this locally, Jan 23 11:50:41 imap: Error: namespace configuration error: list=yes namespace missing So I'm guessing you could see if changing list=children to list=yes fixes your issue. Aki On 23.01.2017 11:45, Thorsten Hater wrote: > Hi, > > I did added the default location and stripped down my config to a very > basic > level, dropping all plugins and database queries, see below. The segfault > still > appears in the same location. > As I have build from source, I wonder whether you can reproduce the problem? > > Thorsten > > $ doveconf -n > # 2.2.26.0 (23d1de6): /usr/local/etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.16 (1dc4c73) > # OS: Linux 3.18.16-intel-vm-64bit x86_64 Debian 8.6 > auth_debug = yes > auth_debug_passwords = yes > auth_socket_path = /usr/local/var/run/dovecot/auth-userdb > auth_verbose = yes > base_dir = /usr/local/var/run/dovecot/ > default_internal_user = pop > first_valid_uid = 48 > import_environment = TZ DEBUG=1 > last_valid_uid = 48 > login_greeting = Dovecot ready. > login_trusted_networks = **** > mail_debug = yes > mail_gid = pop > mail_location = maildir:~/Maildir > mail_plugin_dir = /usr/local/lib/dovecot/ > mail_uid = pop > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date index ihave > duplicate mime foreverypart extracttext > namespace inbox { > inbox = yes > list = children > location = maildir:~/Maildir > prefix = INBOX. > separator = . > subscriptions = yes > type = private > } > passdb { > args = nopassword=yes > driver = static > } > protocols = imap pop3 lmtp imap pop3 > ssl = no > userdb { > args = home=**** uid=pop gid=pop quota_rule=*:bytes=1000M > driver = static > } > verbose_proctitle = yes > protocol lda { > auth_socket_path = /usr/local/var/run/dovecot/auth-userdb > } > > > On Mon, Jan 23, 2017 at 10:01 AM, Thorsten Hater > wrote: > >> Hi, >> >> thanks for picking this up. The location is pulled from the database, but >> is uniform >> for all users, so I could set it to maildir:~/Maildir globally. Assuming >> ~ is expanded >> later on with userdb data. So, no, there is no special intention behind >> this. >> >> Thorsten >> >> On Mon, Jan 23, 2017 at 9:37 AM, Aki Tuomi wrote: >> >>> >>> On 19.01.2017 15:56, Thorsten Hater wrote: >>>> The Problem arises due to a NULL deref in mail_namespaces.c line 601. >>>> Backtrace below >>>> >>>> x LIST "" "" >>>> >>>> Program received signal SIGSEGV, Segmentation fault. >>>> mail_namespaces_get_root_sep (namespaces=0x0) at mail-namespace.c:601 >>>> 601 while ((namespaces->flags & NAMESPACE_FLAG_LIST_PREFIX) == 0) >>>> (gdb) bt >>>> #0 mail_namespaces_get_root_sep (namespaces=0x0) at >>> mail-namespace.c:601 >>>> #1 0x000000000041164c in cmd_list_ref_root (ref=0x65b060 "", >>>> client=0x65a590) at cmd-list.c:324 >>>> #2 cmd_list_full (cmd=0x65aee0, lsub=) at cmd-list.c:461 >>>> #3 0x0000000000419825 in command_exec (cmd=cmd at entry=0x65aee0) at >>>> imap-commands.c:181 >>>> #4 0x0000000000417de2 in client_command_input (cmd=cmd at entry=0x65aee0) >>> at >>>> imap-client.c:988 >>>> #5 0x0000000000417e70 in client_command_input (cmd=0x65aee0) at >>>> imap-client.c:1048 >>>> #6 0x00000000004181e5 in client_handle_next_command >>>> (remove_io_r=, client=0x65a590) at imap-client.c:1090 >>>> #7 client_handle_input (client=0x65a590) at imap-client.c:1102 >>>> #8 0x0000000000418692 in client_input (client=0x65a590) at >>>> imap-client.c:1149 >>>> #9 0x00007ffff76297ac in io_loop_call_io (io=0x652aa0) at ioloop.c:589 >>>> #10 0x00007ffff762ab4a in io_loop_handler_run_internal >>>> (ioloop=ioloop at entry=0x63e7f0) >>>> at ioloop-epoll.c:222 >>>> #11 0x00007ffff7629835 in io_loop_handler_run (ioloop=ioloop at entry >>> =0x63e7f0) >>>> at ioloop.c:637 >>>> #12 0x00007ffff76299d8 in io_loop_run (ioloop=0x63e7f0) at ioloop.c:613 >>>> #13 0x00007ffff75b9823 in master_service_run (service=0x63e690, >>>> callback=callback at entry=0x423d40 ) at >>> master-service.c:641 >>>> #14 0x000000000040c567 in main (argc=3, argv=0x63e390) at main.c:460 >>>> >>>> On Thu, Jan 19, 2017 at 1:05 PM, Thorsten Hater < >>> thorsten.hater at gmail.com> >>>> wrote: >>>> >>>>> Dear all, >>>>> >>>>> I experience SegFaults in the imap binary on a LIST "" "" command, >>>>> as sent by Claws mail. Using LIST "" "INBOX" or similar is fine. >>>>> Here is an example telnet session >>>>> >>>>> $ telnet 127.0.0.1 143 >>>>> Trying 127.0.0.1... >>>>> Connected to 127.0.0.1. >>>>> Escape character is '^]'. >>>>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >>> IDLE >>>>> AUTH=PLAIN] Dovecot ready. >>>>> 01 LOGIN **** **** >>>>> 01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >>>>> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS >>> THREAD=ORDEREDSUBJECT >>>>> MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS >>>>> LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES >>> WITHIN >>>>> CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE QUOTA] Logged in >>>>> 02 LIST "" "" >>>>> Connection closed by foreign host. >>>>> >>>>> In the log file >>>>> >>>>> dovecot[8375]: imap(***): Fatal: master: service(imap): child 15803 >>> killed >>>>> with signal 11 (core dumps disabled) >>>>> >>>>> Please find the config below. >>>>> >>>>> Best regards, >>>>> Thorsten >>>>> >>>>> $ doveconf -n >>>>> # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf >>>>> # Pigeonhole version 0.4.16 (1dc4c73) >>>>> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 >>>>> auth_debug = yes >>>>> auth_debug_passwords = yes >>>>> auth_socket_path = /var/run/dovecot/auth-userdb >>>>> auth_verbose = yes >>>>> base_dir = /var/run/dovecot/ >>>>> default_internal_user = pop >>>>> first_valid_uid = 48 >>>>> import_environment = TZ DEBUG=1 >>>>> last_valid_uid = 48 >>>>> login_trusted_networks = **** >>>>> mail_debug = yes >>>>> mail_gid = pop >>>>> mail_plugins = " mail_log notify zlib quota" >>>>> mail_uid = pop >>>>> managesieve_notify_capability = mailto >>>>> managesieve_sieve_capability = fileinto reject envelope >>> encoded-character >>>>> vacation subaddress comparator-i;ascii-numeric relational regex >>> imap4flags >>>>> copy include variables body enotify environment mailbox date index >>> ihave >>>>> duplicate mime foreverypart extracttext >>>>> namespace inbox { >>>>> inbox = yes >>>>> list = children >>>>> location = >>>>> mailbox Drafts { >>>>> auto = no >>>>> special_use = \Drafts >>>>> } >>>>> mailbox Sent { >>>>> auto = no >>>>> special_use = \Sent >>>>> } >>>>> mailbox Trash { >>>>> auto = no >>>>> autoexpunge = 30 days >>>>> special_use = \Trash >>>>> } >>>>> mailbox drafts { >>>>> auto = no >>>>> special_use = \Drafts >>>>> } >>>>> mailbox sent { >>>>> auto = no >>>>> special_use = \Sent >>>>> } >>>>> mailbox spamverdacht { >>>>> auto = no >>>>> autoexpunge = 30 days >>>>> special_use = \Junk >>>>> } >>>>> mailbox trash { >>>>> auto = no >>>>> autoexpunge = 30 days >>>>> special_use = \Trash >>>>> } >>>>> mailbox virenverdacht { >>>>> auto = no >>>>> autoexpunge = 30 days >>>>> special_use = \Junk >>>>> } >>>>> prefix = INBOX. >>>>> separator = . >>>>> subscriptions = yes >>>>> type = private >>>>> } >>>>> passdb { >>>>> args = nopassword=y >>>>> driver = static >>>>> } >>>>> plugin { >>>>> last_login_dict = file:~/lastlogin >>>>> mail_log_events = delete undelete expunge copy mailbox_delete >>>>> mailbox_rename >>>>> mail_log_fields = uid box msgid size >>>>> quota = maildir:User quota >>>>> quota_warning = storage=80%% 80 %u %{userdb:quota_bytes} >>>>> quota_warning2 = storage=90%% 90 %u %{userdb:quota_bytes} >>>>> quota_warning3 = storage=95%% 95 %u %{userdb:quota_bytes} >>>>> sieve = ldap:/etc/dovecot/pigeonhole-ldap.conf >>>>> sieve_dir = ~/sieve >>>>> sieve_plugins = sieve_storage_ldap >>>>> zlib_save = gz >>>>> zlib_save_level = 6 >>>>> } >>>>> service imap { >>>>> executable = imap postlogin >>>>> } >>>>> service pop3 { >>>>> executable = pop3 postlogin >>>>> } >>>>> service postlogin { >>>>> executable = script-login -d rawlog >>>>> } >>>>> service quota-warning { >>>>> executable = script /bin/quota-warning.sh >>>>> } >>>>> ssl = no >>>>> userdb { >>>>> args = /etc/dovecot/userdb-ldap.conf >>>>> driver = ldap >>>>> result_failure = return-fail >>>>> result_internalfail = return-fail >>>>> result_success = continue-ok >>>>> } >>>>> userdb { >>>>> default_fields = quota_bytes=42M >>>>> driver = bdb_quota >>>>> override_fields = quota_rule=*:bytes=%{userdb:quota_bytes} >>>>> result_failure = return-fail >>>>> result_internalfail = return-fail >>>>> result_success = continue-ok >>>>> } >>>>> verbose_proctitle = yes >>>>> protocol lda { >>>>> auth_socket_path = /var/run/dovecot/auth-userdb >>>>> mail_plugin_dir = /lib/dovecot/modules >>>>> mail_plugins = " mail_log notify zlib quota sieve" >>>>> } >>>>> protocol imap { >>>>> mail_plugins = " mail_log notify zlib quota imap_xauth last_login >>>>> imap_quota" >>>>> } >>>>> protocol pop3 { >>>>> mail_plugins = " mail_log notify zlib quota last_login" >>>>> } >>>>> >>> Hi! >>> >>> We are looking into this crash. >>> >>> Are you intentionally setting inbox namespace location to empty? >>> >>> Aki >>> >> From thorsten.hater at gmail.com Mon Jan 23 09:56:52 2017 From: thorsten.hater at gmail.com (Thorsten Hater) Date: Mon, 23 Jan 2017 10:56:52 +0100 Subject: Segfault on LIST Command In-Reply-To: <3472ec15-2f97-bb9c-9ca3-f66646b5e715@dovecot.fi> References: <80affa00-c33f-e800-7eaa-4d96f1f10605@dovecot.fi> <3472ec15-2f97-bb9c-9ca3-f66646b5e715@dovecot.fi> Message-ID: OK, I found the problem in my config. If I use an default namespace with an empty name, instead of "inbox" it works as expected. Here the log for this case Starting program: /usr/local/libexec/dovecot/imap -u **** imap(****): Debug: auth input: **** home=**** uid=48 gid=48 quota_rule=*:bytes=1000M imap(****): Debug: Added userdb setting: plugin/quota_rule=*:bytes=1000M Debug: Effective uid=48, gid=48, home=**** Debug: Namespace : type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=children, subscriptions=yes location=maildir:~/Maildir Debug: maildir++: root=****/Maildir, index=, indexpvt=, control=, inbox=****/Maildir, alt= Debug: Namespace inbox: type=private, prefix=, sep=, inbox=no, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Debug: maildir++: root=****/Maildir, index=, indexpvt=, control=, inbox=, alt= * PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE] Logged in as **** x LIST "" "" * LIST (\Noselect) "." "" x OK List completed (0.000 + 0.000 secs). On Mon, Jan 23, 2017 at 10:46 AM, Aki Tuomi wrote: > I'll try reproduce this issue, but can you, in the mean time, run this > with mail_debug=yes and provide logs? > > Aki > > On 23.01.2017 11:45, Thorsten Hater wrote: > > Hi, > > > > I did added the default location and stripped down my config to a very > > basic > > level, dropping all plugins and database queries, see below. The segfault > > still > > appears in the same location. > > As I have build from source, I wonder whether you can reproduce the > problem? > > > > Thorsten > > > > $ doveconf -n > > # 2.2.26.0 (23d1de6): /usr/local/etc/dovecot/dovecot.conf > > # Pigeonhole version 0.4.16 (1dc4c73) > > # OS: Linux 3.18.16-intel-vm-64bit x86_64 Debian 8.6 > > auth_debug = yes > > auth_debug_passwords = yes > > auth_socket_path = /usr/local/var/run/dovecot/auth-userdb > > auth_verbose = yes > > base_dir = /usr/local/var/run/dovecot/ > > default_internal_user = pop > > first_valid_uid = 48 > > import_environment = TZ DEBUG=1 > > last_valid_uid = 48 > > login_greeting = Dovecot ready. > > login_trusted_networks = **** > > mail_debug = yes > > mail_gid = pop > > mail_location = maildir:~/Maildir > > mail_plugin_dir = /usr/local/lib/dovecot/ > > mail_uid = pop > > managesieve_notify_capability = mailto > > managesieve_sieve_capability = fileinto reject envelope encoded-character > > vacation subaddress comparator-i;ascii-numeric relational regex > imap4flags > > copy include variables body enotify environment mailbox date index ihave > > duplicate mime foreverypart extracttext > > namespace inbox { > > inbox = yes > > list = children > > location = maildir:~/Maildir > > prefix = INBOX. > > separator = . > > subscriptions = yes > > type = private > > } > > passdb { > > args = nopassword=yes > > driver = static > > } > > protocols = imap pop3 lmtp imap pop3 > > ssl = no > > userdb { > > args = home=**** uid=pop gid=pop quota_rule=*:bytes=1000M > > driver = static > > } > > verbose_proctitle = yes > > protocol lda { > > auth_socket_path = /usr/local/var/run/dovecot/auth-userdb > > } > > > > > > On Mon, Jan 23, 2017 at 10:01 AM, Thorsten Hater < > thorsten.hater at gmail.com> > > wrote: > > > >> Hi, > >> > >> thanks for picking this up. The location is pulled from the database, > but > >> is uniform > >> for all users, so I could set it to maildir:~/Maildir globally. Assuming > >> ~ is expanded > >> later on with userdb data. So, no, there is no special intention behind > >> this. > >> > >> Thorsten > >> > >> On Mon, Jan 23, 2017 at 9:37 AM, Aki Tuomi > wrote: > >> > >>> > >>> On 19.01.2017 15:56, Thorsten Hater wrote: > >>>> The Problem arises due to a NULL deref in mail_namespaces.c line 601. > >>>> Backtrace below > >>>> > >>>> x LIST "" "" > >>>> > >>>> Program received signal SIGSEGV, Segmentation fault. > >>>> mail_namespaces_get_root_sep (namespaces=0x0) at mail-namespace.c:601 > >>>> 601 while ((namespaces->flags & NAMESPACE_FLAG_LIST_PREFIX) == 0) > >>>> (gdb) bt > >>>> #0 mail_namespaces_get_root_sep (namespaces=0x0) at > >>> mail-namespace.c:601 > >>>> #1 0x000000000041164c in cmd_list_ref_root (ref=0x65b060 "", > >>>> client=0x65a590) at cmd-list.c:324 > >>>> #2 cmd_list_full (cmd=0x65aee0, lsub=) at > cmd-list.c:461 > >>>> #3 0x0000000000419825 in command_exec (cmd=cmd at entry=0x65aee0) at > >>>> imap-commands.c:181 > >>>> #4 0x0000000000417de2 in client_command_input (cmd=cmd at entry > =0x65aee0) > >>> at > >>>> imap-client.c:988 > >>>> #5 0x0000000000417e70 in client_command_input (cmd=0x65aee0) at > >>>> imap-client.c:1048 > >>>> #6 0x00000000004181e5 in client_handle_next_command > >>>> (remove_io_r=, client=0x65a590) at > imap-client.c:1090 > >>>> #7 client_handle_input (client=0x65a590) at imap-client.c:1102 > >>>> #8 0x0000000000418692 in client_input (client=0x65a590) at > >>>> imap-client.c:1149 > >>>> #9 0x00007ffff76297ac in io_loop_call_io (io=0x652aa0) at > ioloop.c:589 > >>>> #10 0x00007ffff762ab4a in io_loop_handler_run_internal > >>>> (ioloop=ioloop at entry=0x63e7f0) > >>>> at ioloop-epoll.c:222 > >>>> #11 0x00007ffff7629835 in io_loop_handler_run (ioloop=ioloop at entry > >>> =0x63e7f0) > >>>> at ioloop.c:637 > >>>> #12 0x00007ffff76299d8 in io_loop_run (ioloop=0x63e7f0) at > ioloop.c:613 > >>>> #13 0x00007ffff75b9823 in master_service_run (service=0x63e690, > >>>> callback=callback at entry=0x423d40 ) at > >>> master-service.c:641 > >>>> #14 0x000000000040c567 in main (argc=3, argv=0x63e390) at main.c:460 > >>>> > >>>> On Thu, Jan 19, 2017 at 1:05 PM, Thorsten Hater < > >>> thorsten.hater at gmail.com> > >>>> wrote: > >>>> > >>>>> Dear all, > >>>>> > >>>>> I experience SegFaults in the imap binary on a LIST "" "" command, > >>>>> as sent by Claws mail. Using LIST "" "INBOX" or similar is fine. > >>>>> Here is an example telnet session > >>>>> > >>>>> $ telnet 127.0.0.1 143 > >>>>> Trying 127.0.0.1... > >>>>> Connected to 127.0.0.1. > >>>>> Escape character is '^]'. > >>>>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > >>> IDLE > >>>>> AUTH=PLAIN] Dovecot ready. > >>>>> 01 LOGIN **** **** > >>>>> 01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID > ENABLE > >>>>> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS > >>> THREAD=ORDEREDSUBJECT > >>>>> MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS > >>>>> LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES > >>> WITHIN > >>>>> CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE QUOTA] Logged in > >>>>> 02 LIST "" "" > >>>>> Connection closed by foreign host. > >>>>> > >>>>> In the log file > >>>>> > >>>>> dovecot[8375]: imap(***): Fatal: master: service(imap): child 15803 > >>> killed > >>>>> with signal 11 (core dumps disabled) > >>>>> > >>>>> Please find the config below. > >>>>> > >>>>> Best regards, > >>>>> Thorsten > >>>>> > >>>>> $ doveconf -n > >>>>> # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf > >>>>> # Pigeonhole version 0.4.16 (1dc4c73) > >>>>> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 > >>>>> auth_debug = yes > >>>>> auth_debug_passwords = yes > >>>>> auth_socket_path = /var/run/dovecot/auth-userdb > >>>>> auth_verbose = yes > >>>>> base_dir = /var/run/dovecot/ > >>>>> default_internal_user = pop > >>>>> first_valid_uid = 48 > >>>>> import_environment = TZ DEBUG=1 > >>>>> last_valid_uid = 48 > >>>>> login_trusted_networks = **** > >>>>> mail_debug = yes > >>>>> mail_gid = pop > >>>>> mail_plugins = " mail_log notify zlib quota" > >>>>> mail_uid = pop > >>>>> managesieve_notify_capability = mailto > >>>>> managesieve_sieve_capability = fileinto reject envelope > >>> encoded-character > >>>>> vacation subaddress comparator-i;ascii-numeric relational regex > >>> imap4flags > >>>>> copy include variables body enotify environment mailbox date index > >>> ihave > >>>>> duplicate mime foreverypart extracttext > >>>>> namespace inbox { > >>>>> inbox = yes > >>>>> list = children > >>>>> location = > >>>>> mailbox Drafts { > >>>>> auto = no > >>>>> special_use = \Drafts > >>>>> } > >>>>> mailbox Sent { > >>>>> auto = no > >>>>> special_use = \Sent > >>>>> } > >>>>> mailbox Trash { > >>>>> auto = no > >>>>> autoexpunge = 30 days > >>>>> special_use = \Trash > >>>>> } > >>>>> mailbox drafts { > >>>>> auto = no > >>>>> special_use = \Drafts > >>>>> } > >>>>> mailbox sent { > >>>>> auto = no > >>>>> special_use = \Sent > >>>>> } > >>>>> mailbox spamverdacht { > >>>>> auto = no > >>>>> autoexpunge = 30 days > >>>>> special_use = \Junk > >>>>> } > >>>>> mailbox trash { > >>>>> auto = no > >>>>> autoexpunge = 30 days > >>>>> special_use = \Trash > >>>>> } > >>>>> mailbox virenverdacht { > >>>>> auto = no > >>>>> autoexpunge = 30 days > >>>>> special_use = \Junk > >>>>> } > >>>>> prefix = INBOX. > >>>>> separator = . > >>>>> subscriptions = yes > >>>>> type = private > >>>>> } > >>>>> passdb { > >>>>> args = nopassword=y > >>>>> driver = static > >>>>> } > >>>>> plugin { > >>>>> last_login_dict = file:~/lastlogin > >>>>> mail_log_events = delete undelete expunge copy mailbox_delete > >>>>> mailbox_rename > >>>>> mail_log_fields = uid box msgid size > >>>>> quota = maildir:User quota > >>>>> quota_warning = storage=80%% 80 %u %{userdb:quota_bytes} > >>>>> quota_warning2 = storage=90%% 90 %u %{userdb:quota_bytes} > >>>>> quota_warning3 = storage=95%% 95 %u %{userdb:quota_bytes} > >>>>> sieve = ldap:/etc/dovecot/pigeonhole-ldap.conf > >>>>> sieve_dir = ~/sieve > >>>>> sieve_plugins = sieve_storage_ldap > >>>>> zlib_save = gz > >>>>> zlib_save_level = 6 > >>>>> } > >>>>> service imap { > >>>>> executable = imap postlogin > >>>>> } > >>>>> service pop3 { > >>>>> executable = pop3 postlogin > >>>>> } > >>>>> service postlogin { > >>>>> executable = script-login -d rawlog > >>>>> } > >>>>> service quota-warning { > >>>>> executable = script /bin/quota-warning.sh > >>>>> } > >>>>> ssl = no > >>>>> userdb { > >>>>> args = /etc/dovecot/userdb-ldap.conf > >>>>> driver = ldap > >>>>> result_failure = return-fail > >>>>> result_internalfail = return-fail > >>>>> result_success = continue-ok > >>>>> } > >>>>> userdb { > >>>>> default_fields = quota_bytes=42M > >>>>> driver = bdb_quota > >>>>> override_fields = quota_rule=*:bytes=%{userdb:quota_bytes} > >>>>> result_failure = return-fail > >>>>> result_internalfail = return-fail > >>>>> result_success = continue-ok > >>>>> } > >>>>> verbose_proctitle = yes > >>>>> protocol lda { > >>>>> auth_socket_path = /var/run/dovecot/auth-userdb > >>>>> mail_plugin_dir = /lib/dovecot/modules > >>>>> mail_plugins = " mail_log notify zlib quota sieve" > >>>>> } > >>>>> protocol imap { > >>>>> mail_plugins = " mail_log notify zlib quota imap_xauth last_login > >>>>> imap_quota" > >>>>> } > >>>>> protocol pop3 { > >>>>> mail_plugins = " mail_log notify zlib quota last_login" > >>>>> } > >>>>> > >>> Hi! > >>> > >>> We are looking into this crash. > >>> > >>> Are you intentionally setting inbox namespace location to empty? > >>> > >>> Aki > >>> > >> > From aki.tuomi at dovecot.fi Mon Jan 23 10:00:50 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 23 Jan 2017 12:00:50 +0200 Subject: Segfault on LIST Command In-Reply-To: References: <80affa00-c33f-e800-7eaa-4d96f1f10605@dovecot.fi> <3472ec15-2f97-bb9c-9ca3-f66646b5e715@dovecot.fi> Message-ID: <7e9ccfb6-075e-b133-8115-a5abecab7a0d@dovecot.fi> Thank you for your report. Aki On 23.01.2017 11:56, Thorsten Hater wrote: > OK, I found the problem in my config. If I use an default namespace with an > empty > name, instead of "inbox" it works as expected. Here the log for this case > > Starting program: /usr/local/libexec/dovecot/imap -u **** > imap(****): Debug: auth input: **** home=**** uid=48 gid=48 > quota_rule=*:bytes=1000M > imap(****): Debug: Added userdb setting: plugin/quota_rule=*:bytes=1000M > Debug: Effective uid=48, gid=48, home=**** > Debug: Namespace : type=private, prefix=INBOX., sep=., inbox=yes, > hidden=no, list=children, subscriptions=yes location=maildir:~/Maildir > Debug: maildir++: root=****/Maildir, index=, indexpvt=, control=, > inbox=****/Maildir, alt= > Debug: Namespace inbox: type=private, prefix=, sep=, inbox=no, hidden=no, > list=yes, subscriptions=yes location=maildir:~/Maildir > Debug: maildir++: root=****/Maildir, index=, indexpvt=, control=, inbox=, > alt= > * PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT > MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS > LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN > CONTEXT=SEARCH LIST-STATUS BINARY MOVE] Logged in as **** > x LIST "" "" > * LIST (\Noselect) "." "" > x OK List completed (0.000 + 0.000 secs). > > > > On Mon, Jan 23, 2017 at 10:46 AM, Aki Tuomi wrote: > >> I'll try reproduce this issue, but can you, in the mean time, run this >> with mail_debug=yes and provide logs? >> >> Aki >> >> On 23.01.2017 11:45, Thorsten Hater wrote: >>> Hi, >>> >>> I did added the default location and stripped down my config to a very >>> basic >>> level, dropping all plugins and database queries, see below. The segfault >>> still >>> appears in the same location. >>> As I have build from source, I wonder whether you can reproduce the >> problem? >>> Thorsten >>> >>> $ doveconf -n >>> # 2.2.26.0 (23d1de6): /usr/local/etc/dovecot/dovecot.conf >>> # Pigeonhole version 0.4.16 (1dc4c73) >>> # OS: Linux 3.18.16-intel-vm-64bit x86_64 Debian 8.6 >>> auth_debug = yes >>> auth_debug_passwords = yes >>> auth_socket_path = /usr/local/var/run/dovecot/auth-userdb >>> auth_verbose = yes >>> base_dir = /usr/local/var/run/dovecot/ >>> default_internal_user = pop >>> first_valid_uid = 48 >>> import_environment = TZ DEBUG=1 >>> last_valid_uid = 48 >>> login_greeting = Dovecot ready. >>> login_trusted_networks = **** >>> mail_debug = yes >>> mail_gid = pop >>> mail_location = maildir:~/Maildir >>> mail_plugin_dir = /usr/local/lib/dovecot/ >>> mail_uid = pop >>> managesieve_notify_capability = mailto >>> managesieve_sieve_capability = fileinto reject envelope encoded-character >>> vacation subaddress comparator-i;ascii-numeric relational regex >> imap4flags >>> copy include variables body enotify environment mailbox date index ihave >>> duplicate mime foreverypart extracttext >>> namespace inbox { >>> inbox = yes >>> list = children >>> location = maildir:~/Maildir >>> prefix = INBOX. >>> separator = . >>> subscriptions = yes >>> type = private >>> } >>> passdb { >>> args = nopassword=yes >>> driver = static >>> } >>> protocols = imap pop3 lmtp imap pop3 >>> ssl = no >>> userdb { >>> args = home=**** uid=pop gid=pop quota_rule=*:bytes=1000M >>> driver = static >>> } >>> verbose_proctitle = yes >>> protocol lda { >>> auth_socket_path = /usr/local/var/run/dovecot/auth-userdb >>> } >>> >>> >>> On Mon, Jan 23, 2017 at 10:01 AM, Thorsten Hater < >> thorsten.hater at gmail.com> >>> wrote: >>> >>>> Hi, >>>> >>>> thanks for picking this up. The location is pulled from the database, >> but >>>> is uniform >>>> for all users, so I could set it to maildir:~/Maildir globally. Assuming >>>> ~ is expanded >>>> later on with userdb data. So, no, there is no special intention behind >>>> this. >>>> >>>> Thorsten >>>> >>>> On Mon, Jan 23, 2017 at 9:37 AM, Aki Tuomi >> wrote: >>>>> On 19.01.2017 15:56, Thorsten Hater wrote: >>>>>> The Problem arises due to a NULL deref in mail_namespaces.c line 601. >>>>>> Backtrace below >>>>>> >>>>>> x LIST "" "" >>>>>> >>>>>> Program received signal SIGSEGV, Segmentation fault. >>>>>> mail_namespaces_get_root_sep (namespaces=0x0) at mail-namespace.c:601 >>>>>> 601 while ((namespaces->flags & NAMESPACE_FLAG_LIST_PREFIX) == 0) >>>>>> (gdb) bt >>>>>> #0 mail_namespaces_get_root_sep (namespaces=0x0) at >>>>> mail-namespace.c:601 >>>>>> #1 0x000000000041164c in cmd_list_ref_root (ref=0x65b060 "", >>>>>> client=0x65a590) at cmd-list.c:324 >>>>>> #2 cmd_list_full (cmd=0x65aee0, lsub=) at >> cmd-list.c:461 >>>>>> #3 0x0000000000419825 in command_exec (cmd=cmd at entry=0x65aee0) at >>>>>> imap-commands.c:181 >>>>>> #4 0x0000000000417de2 in client_command_input (cmd=cmd at entry >> =0x65aee0) >>>>> at >>>>>> imap-client.c:988 >>>>>> #5 0x0000000000417e70 in client_command_input (cmd=0x65aee0) at >>>>>> imap-client.c:1048 >>>>>> #6 0x00000000004181e5 in client_handle_next_command >>>>>> (remove_io_r=, client=0x65a590) at >> imap-client.c:1090 >>>>>> #7 client_handle_input (client=0x65a590) at imap-client.c:1102 >>>>>> #8 0x0000000000418692 in client_input (client=0x65a590) at >>>>>> imap-client.c:1149 >>>>>> #9 0x00007ffff76297ac in io_loop_call_io (io=0x652aa0) at >> ioloop.c:589 >>>>>> #10 0x00007ffff762ab4a in io_loop_handler_run_internal >>>>>> (ioloop=ioloop at entry=0x63e7f0) >>>>>> at ioloop-epoll.c:222 >>>>>> #11 0x00007ffff7629835 in io_loop_handler_run (ioloop=ioloop at entry >>>>> =0x63e7f0) >>>>>> at ioloop.c:637 >>>>>> #12 0x00007ffff76299d8 in io_loop_run (ioloop=0x63e7f0) at >> ioloop.c:613 >>>>>> #13 0x00007ffff75b9823 in master_service_run (service=0x63e690, >>>>>> callback=callback at entry=0x423d40 ) at >>>>> master-service.c:641 >>>>>> #14 0x000000000040c567 in main (argc=3, argv=0x63e390) at main.c:460 >>>>>> >>>>>> On Thu, Jan 19, 2017 at 1:05 PM, Thorsten Hater < >>>>> thorsten.hater at gmail.com> >>>>>> wrote: >>>>>> >>>>>>> Dear all, >>>>>>> >>>>>>> I experience SegFaults in the imap binary on a LIST "" "" command, >>>>>>> as sent by Claws mail. Using LIST "" "INBOX" or similar is fine. >>>>>>> Here is an example telnet session >>>>>>> >>>>>>> $ telnet 127.0.0.1 143 >>>>>>> Trying 127.0.0.1... >>>>>>> Connected to 127.0.0.1. >>>>>>> Escape character is '^]'. >>>>>>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >>>>> IDLE >>>>>>> AUTH=PLAIN] Dovecot ready. >>>>>>> 01 LOGIN **** **** >>>>>>> 01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID >> ENABLE >>>>>>> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS >>>>> THREAD=ORDEREDSUBJECT >>>>>>> MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS >>>>>>> LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES >>>>> WITHIN >>>>>>> CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE QUOTA] Logged in >>>>>>> 02 LIST "" "" >>>>>>> Connection closed by foreign host. >>>>>>> >>>>>>> In the log file >>>>>>> >>>>>>> dovecot[8375]: imap(***): Fatal: master: service(imap): child 15803 >>>>> killed >>>>>>> with signal 11 (core dumps disabled) >>>>>>> >>>>>>> Please find the config below. >>>>>>> >>>>>>> Best regards, >>>>>>> Thorsten >>>>>>> >>>>>>> $ doveconf -n >>>>>>> # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf >>>>>>> # Pigeonhole version 0.4.16 (1dc4c73) >>>>>>> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 >>>>>>> auth_debug = yes >>>>>>> auth_debug_passwords = yes >>>>>>> auth_socket_path = /var/run/dovecot/auth-userdb >>>>>>> auth_verbose = yes >>>>>>> base_dir = /var/run/dovecot/ >>>>>>> default_internal_user = pop >>>>>>> first_valid_uid = 48 >>>>>>> import_environment = TZ DEBUG=1 >>>>>>> last_valid_uid = 48 >>>>>>> login_trusted_networks = **** >>>>>>> mail_debug = yes >>>>>>> mail_gid = pop >>>>>>> mail_plugins = " mail_log notify zlib quota" >>>>>>> mail_uid = pop >>>>>>> managesieve_notify_capability = mailto >>>>>>> managesieve_sieve_capability = fileinto reject envelope >>>>> encoded-character >>>>>>> vacation subaddress comparator-i;ascii-numeric relational regex >>>>> imap4flags >>>>>>> copy include variables body enotify environment mailbox date index >>>>> ihave >>>>>>> duplicate mime foreverypart extracttext >>>>>>> namespace inbox { >>>>>>> inbox = yes >>>>>>> list = children >>>>>>> location = >>>>>>> mailbox Drafts { >>>>>>> auto = no >>>>>>> special_use = \Drafts >>>>>>> } >>>>>>> mailbox Sent { >>>>>>> auto = no >>>>>>> special_use = \Sent >>>>>>> } >>>>>>> mailbox Trash { >>>>>>> auto = no >>>>>>> autoexpunge = 30 days >>>>>>> special_use = \Trash >>>>>>> } >>>>>>> mailbox drafts { >>>>>>> auto = no >>>>>>> special_use = \Drafts >>>>>>> } >>>>>>> mailbox sent { >>>>>>> auto = no >>>>>>> special_use = \Sent >>>>>>> } >>>>>>> mailbox spamverdacht { >>>>>>> auto = no >>>>>>> autoexpunge = 30 days >>>>>>> special_use = \Junk >>>>>>> } >>>>>>> mailbox trash { >>>>>>> auto = no >>>>>>> autoexpunge = 30 days >>>>>>> special_use = \Trash >>>>>>> } >>>>>>> mailbox virenverdacht { >>>>>>> auto = no >>>>>>> autoexpunge = 30 days >>>>>>> special_use = \Junk >>>>>>> } >>>>>>> prefix = INBOX. >>>>>>> separator = . >>>>>>> subscriptions = yes >>>>>>> type = private >>>>>>> } >>>>>>> passdb { >>>>>>> args = nopassword=y >>>>>>> driver = static >>>>>>> } >>>>>>> plugin { >>>>>>> last_login_dict = file:~/lastlogin >>>>>>> mail_log_events = delete undelete expunge copy mailbox_delete >>>>>>> mailbox_rename >>>>>>> mail_log_fields = uid box msgid size >>>>>>> quota = maildir:User quota >>>>>>> quota_warning = storage=80%% 80 %u %{userdb:quota_bytes} >>>>>>> quota_warning2 = storage=90%% 90 %u %{userdb:quota_bytes} >>>>>>> quota_warning3 = storage=95%% 95 %u %{userdb:quota_bytes} >>>>>>> sieve = ldap:/etc/dovecot/pigeonhole-ldap.conf >>>>>>> sieve_dir = ~/sieve >>>>>>> sieve_plugins = sieve_storage_ldap >>>>>>> zlib_save = gz >>>>>>> zlib_save_level = 6 >>>>>>> } >>>>>>> service imap { >>>>>>> executable = imap postlogin >>>>>>> } >>>>>>> service pop3 { >>>>>>> executable = pop3 postlogin >>>>>>> } >>>>>>> service postlogin { >>>>>>> executable = script-login -d rawlog >>>>>>> } >>>>>>> service quota-warning { >>>>>>> executable = script /bin/quota-warning.sh >>>>>>> } >>>>>>> ssl = no >>>>>>> userdb { >>>>>>> args = /etc/dovecot/userdb-ldap.conf >>>>>>> driver = ldap >>>>>>> result_failure = return-fail >>>>>>> result_internalfail = return-fail >>>>>>> result_success = continue-ok >>>>>>> } >>>>>>> userdb { >>>>>>> default_fields = quota_bytes=42M >>>>>>> driver = bdb_quota >>>>>>> override_fields = quota_rule=*:bytes=%{userdb:quota_bytes} >>>>>>> result_failure = return-fail >>>>>>> result_internalfail = return-fail >>>>>>> result_success = continue-ok >>>>>>> } >>>>>>> verbose_proctitle = yes >>>>>>> protocol lda { >>>>>>> auth_socket_path = /var/run/dovecot/auth-userdb >>>>>>> mail_plugin_dir = /lib/dovecot/modules >>>>>>> mail_plugins = " mail_log notify zlib quota sieve" >>>>>>> } >>>>>>> protocol imap { >>>>>>> mail_plugins = " mail_log notify zlib quota imap_xauth last_login >>>>>>> imap_quota" >>>>>>> } >>>>>>> protocol pop3 { >>>>>>> mail_plugins = " mail_log notify zlib quota last_login" >>>>>>> } >>>>>>> >>>>> Hi! >>>>> >>>>> We are looking into this crash. >>>>> >>>>> Are you intentionally setting inbox namespace location to empty? >>>>> >>>>> Aki >>>>> From aki.tuomi at dovecot.fi Mon Jan 23 10:05:03 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 23 Jan 2017 12:05:03 +0200 Subject: Segfault on LIST Command In-Reply-To: <7e9ccfb6-075e-b133-8115-a5abecab7a0d@dovecot.fi> References: <80affa00-c33f-e800-7eaa-4d96f1f10605@dovecot.fi> <3472ec15-2f97-bb9c-9ca3-f66646b5e715@dovecot.fi> <7e9ccfb6-075e-b133-8115-a5abecab7a0d@dovecot.fi> Message-ID: <6edcfd5b-f53f-da31-c510-1d6cd5e8d7f6@dovecot.fi> This is fixed in 2.2.27 with ddc96f7 lib-storage: Fixed error handling in list=children checking Aki On 23.01.2017 12:00, Aki Tuomi wrote: > Thank you for your report. > > Aki > > On 23.01.2017 11:56, Thorsten Hater wrote: >> OK, I found the problem in my config. If I use an default namespace with an >> empty >> name, instead of "inbox" it works as expected. Here the log for this case >> >> Starting program: /usr/local/libexec/dovecot/imap -u **** >> imap(****): Debug: auth input: **** home=**** uid=48 gid=48 >> quota_rule=*:bytes=1000M >> imap(****): Debug: Added userdb setting: plugin/quota_rule=*:bytes=1000M >> Debug: Effective uid=48, gid=48, home=**** >> Debug: Namespace : type=private, prefix=INBOX., sep=., inbox=yes, >> hidden=no, list=children, subscriptions=yes location=maildir:~/Maildir >> Debug: maildir++: root=****/Maildir, index=, indexpvt=, control=, >> inbox=****/Maildir, alt= >> Debug: Namespace inbox: type=private, prefix=, sep=, inbox=no, hidden=no, >> list=yes, subscriptions=yes location=maildir:~/Maildir >> Debug: maildir++: root=****/Maildir, index=, indexpvt=, control=, inbox=, >> alt= >> * PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT >> MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS >> LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN >> CONTEXT=SEARCH LIST-STATUS BINARY MOVE] Logged in as **** >> x LIST "" "" >> * LIST (\Noselect) "." "" >> x OK List completed (0.000 + 0.000 secs). >> >> >> >> On Mon, Jan 23, 2017 at 10:46 AM, Aki Tuomi wrote: >> >>> I'll try reproduce this issue, but can you, in the mean time, run this >>> with mail_debug=yes and provide logs? >>> >>> Aki >>> >>> On 23.01.2017 11:45, Thorsten Hater wrote: >>>> Hi, >>>> >>>> I did added the default location and stripped down my config to a very >>>> basic >>>> level, dropping all plugins and database queries, see below. The segfault >>>> still >>>> appears in the same location. >>>> As I have build from source, I wonder whether you can reproduce the >>> problem? >>>> Thorsten >>>> >>>> $ doveconf -n >>>> # 2.2.26.0 (23d1de6): /usr/local/etc/dovecot/dovecot.conf >>>> # Pigeonhole version 0.4.16 (1dc4c73) >>>> # OS: Linux 3.18.16-intel-vm-64bit x86_64 Debian 8.6 >>>> auth_debug = yes >>>> auth_debug_passwords = yes >>>> auth_socket_path = /usr/local/var/run/dovecot/auth-userdb >>>> auth_verbose = yes >>>> base_dir = /usr/local/var/run/dovecot/ >>>> default_internal_user = pop >>>> first_valid_uid = 48 >>>> import_environment = TZ DEBUG=1 >>>> last_valid_uid = 48 >>>> login_greeting = Dovecot ready. >>>> login_trusted_networks = **** >>>> mail_debug = yes >>>> mail_gid = pop >>>> mail_location = maildir:~/Maildir >>>> mail_plugin_dir = /usr/local/lib/dovecot/ >>>> mail_uid = pop >>>> managesieve_notify_capability = mailto >>>> managesieve_sieve_capability = fileinto reject envelope encoded-character >>>> vacation subaddress comparator-i;ascii-numeric relational regex >>> imap4flags >>>> copy include variables body enotify environment mailbox date index ihave >>>> duplicate mime foreverypart extracttext >>>> namespace inbox { >>>> inbox = yes >>>> list = children >>>> location = maildir:~/Maildir >>>> prefix = INBOX. >>>> separator = . >>>> subscriptions = yes >>>> type = private >>>> } >>>> passdb { >>>> args = nopassword=yes >>>> driver = static >>>> } >>>> protocols = imap pop3 lmtp imap pop3 >>>> ssl = no >>>> userdb { >>>> args = home=**** uid=pop gid=pop quota_rule=*:bytes=1000M >>>> driver = static >>>> } >>>> verbose_proctitle = yes >>>> protocol lda { >>>> auth_socket_path = /usr/local/var/run/dovecot/auth-userdb >>>> } >>>> >>>> >>>> On Mon, Jan 23, 2017 at 10:01 AM, Thorsten Hater < >>> thorsten.hater at gmail.com> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> thanks for picking this up. The location is pulled from the database, >>> but >>>>> is uniform >>>>> for all users, so I could set it to maildir:~/Maildir globally. Assuming >>>>> ~ is expanded >>>>> later on with userdb data. So, no, there is no special intention behind >>>>> this. >>>>> >>>>> Thorsten >>>>> >>>>> On Mon, Jan 23, 2017 at 9:37 AM, Aki Tuomi >>> wrote: >>>>>> On 19.01.2017 15:56, Thorsten Hater wrote: >>>>>>> The Problem arises due to a NULL deref in mail_namespaces.c line 601. >>>>>>> Backtrace below >>>>>>> >>>>>>> x LIST "" "" >>>>>>> >>>>>>> Program received signal SIGSEGV, Segmentation fault. >>>>>>> mail_namespaces_get_root_sep (namespaces=0x0) at mail-namespace.c:601 >>>>>>> 601 while ((namespaces->flags & NAMESPACE_FLAG_LIST_PREFIX) == 0) >>>>>>> (gdb) bt >>>>>>> #0 mail_namespaces_get_root_sep (namespaces=0x0) at >>>>>> mail-namespace.c:601 >>>>>>> #1 0x000000000041164c in cmd_list_ref_root (ref=0x65b060 "", >>>>>>> client=0x65a590) at cmd-list.c:324 >>>>>>> #2 cmd_list_full (cmd=0x65aee0, lsub=) at >>> cmd-list.c:461 >>>>>>> #3 0x0000000000419825 in command_exec (cmd=cmd at entry=0x65aee0) at >>>>>>> imap-commands.c:181 >>>>>>> #4 0x0000000000417de2 in client_command_input (cmd=cmd at entry >>> =0x65aee0) >>>>>> at >>>>>>> imap-client.c:988 >>>>>>> #5 0x0000000000417e70 in client_command_input (cmd=0x65aee0) at >>>>>>> imap-client.c:1048 >>>>>>> #6 0x00000000004181e5 in client_handle_next_command >>>>>>> (remove_io_r=, client=0x65a590) at >>> imap-client.c:1090 >>>>>>> #7 client_handle_input (client=0x65a590) at imap-client.c:1102 >>>>>>> #8 0x0000000000418692 in client_input (client=0x65a590) at >>>>>>> imap-client.c:1149 >>>>>>> #9 0x00007ffff76297ac in io_loop_call_io (io=0x652aa0) at >>> ioloop.c:589 >>>>>>> #10 0x00007ffff762ab4a in io_loop_handler_run_internal >>>>>>> (ioloop=ioloop at entry=0x63e7f0) >>>>>>> at ioloop-epoll.c:222 >>>>>>> #11 0x00007ffff7629835 in io_loop_handler_run (ioloop=ioloop at entry >>>>>> =0x63e7f0) >>>>>>> at ioloop.c:637 >>>>>>> #12 0x00007ffff76299d8 in io_loop_run (ioloop=0x63e7f0) at >>> ioloop.c:613 >>>>>>> #13 0x00007ffff75b9823 in master_service_run (service=0x63e690, >>>>>>> callback=callback at entry=0x423d40 ) at >>>>>> master-service.c:641 >>>>>>> #14 0x000000000040c567 in main (argc=3, argv=0x63e390) at main.c:460 >>>>>>> >>>>>>> On Thu, Jan 19, 2017 at 1:05 PM, Thorsten Hater < >>>>>> thorsten.hater at gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Dear all, >>>>>>>> >>>>>>>> I experience SegFaults in the imap binary on a LIST "" "" command, >>>>>>>> as sent by Claws mail. Using LIST "" "INBOX" or similar is fine. >>>>>>>> Here is an example telnet session >>>>>>>> >>>>>>>> $ telnet 127.0.0.1 143 >>>>>>>> Trying 127.0.0.1... >>>>>>>> Connected to 127.0.0.1. >>>>>>>> Escape character is '^]'. >>>>>>>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >>>>>> IDLE >>>>>>>> AUTH=PLAIN] Dovecot ready. >>>>>>>> 01 LOGIN **** **** >>>>>>>> 01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID >>> ENABLE >>>>>>>> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS >>>>>> THREAD=ORDEREDSUBJECT >>>>>>>> MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS >>>>>>>> LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES >>>>>> WITHIN >>>>>>>> CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE QUOTA] Logged in >>>>>>>> 02 LIST "" "" >>>>>>>> Connection closed by foreign host. >>>>>>>> >>>>>>>> In the log file >>>>>>>> >>>>>>>> dovecot[8375]: imap(***): Fatal: master: service(imap): child 15803 >>>>>> killed >>>>>>>> with signal 11 (core dumps disabled) >>>>>>>> >>>>>>>> Please find the config below. >>>>>>>> >>>>>>>> Best regards, >>>>>>>> Thorsten >>>>>>>> >>>>>>>> $ doveconf -n >>>>>>>> # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf >>>>>>>> # Pigeonhole version 0.4.16 (1dc4c73) >>>>>>>> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 >>>>>>>> auth_debug = yes >>>>>>>> auth_debug_passwords = yes >>>>>>>> auth_socket_path = /var/run/dovecot/auth-userdb >>>>>>>> auth_verbose = yes >>>>>>>> base_dir = /var/run/dovecot/ >>>>>>>> default_internal_user = pop >>>>>>>> first_valid_uid = 48 >>>>>>>> import_environment = TZ DEBUG=1 >>>>>>>> last_valid_uid = 48 >>>>>>>> login_trusted_networks = **** >>>>>>>> mail_debug = yes >>>>>>>> mail_gid = pop >>>>>>>> mail_plugins = " mail_log notify zlib quota" >>>>>>>> mail_uid = pop >>>>>>>> managesieve_notify_capability = mailto >>>>>>>> managesieve_sieve_capability = fileinto reject envelope >>>>>> encoded-character >>>>>>>> vacation subaddress comparator-i;ascii-numeric relational regex >>>>>> imap4flags >>>>>>>> copy include variables body enotify environment mailbox date index >>>>>> ihave >>>>>>>> duplicate mime foreverypart extracttext >>>>>>>> namespace inbox { >>>>>>>> inbox = yes >>>>>>>> list = children >>>>>>>> location = >>>>>>>> mailbox Drafts { >>>>>>>> auto = no >>>>>>>> special_use = \Drafts >>>>>>>> } >>>>>>>> mailbox Sent { >>>>>>>> auto = no >>>>>>>> special_use = \Sent >>>>>>>> } >>>>>>>> mailbox Trash { >>>>>>>> auto = no >>>>>>>> autoexpunge = 30 days >>>>>>>> special_use = \Trash >>>>>>>> } >>>>>>>> mailbox drafts { >>>>>>>> auto = no >>>>>>>> special_use = \Drafts >>>>>>>> } >>>>>>>> mailbox sent { >>>>>>>> auto = no >>>>>>>> special_use = \Sent >>>>>>>> } >>>>>>>> mailbox spamverdacht { >>>>>>>> auto = no >>>>>>>> autoexpunge = 30 days >>>>>>>> special_use = \Junk >>>>>>>> } >>>>>>>> mailbox trash { >>>>>>>> auto = no >>>>>>>> autoexpunge = 30 days >>>>>>>> special_use = \Trash >>>>>>>> } >>>>>>>> mailbox virenverdacht { >>>>>>>> auto = no >>>>>>>> autoexpunge = 30 days >>>>>>>> special_use = \Junk >>>>>>>> } >>>>>>>> prefix = INBOX. >>>>>>>> separator = . >>>>>>>> subscriptions = yes >>>>>>>> type = private >>>>>>>> } >>>>>>>> passdb { >>>>>>>> args = nopassword=y >>>>>>>> driver = static >>>>>>>> } >>>>>>>> plugin { >>>>>>>> last_login_dict = file:~/lastlogin >>>>>>>> mail_log_events = delete undelete expunge copy mailbox_delete >>>>>>>> mailbox_rename >>>>>>>> mail_log_fields = uid box msgid size >>>>>>>> quota = maildir:User quota >>>>>>>> quota_warning = storage=80%% 80 %u %{userdb:quota_bytes} >>>>>>>> quota_warning2 = storage=90%% 90 %u %{userdb:quota_bytes} >>>>>>>> quota_warning3 = storage=95%% 95 %u %{userdb:quota_bytes} >>>>>>>> sieve = ldap:/etc/dovecot/pigeonhole-ldap.conf >>>>>>>> sieve_dir = ~/sieve >>>>>>>> sieve_plugins = sieve_storage_ldap >>>>>>>> zlib_save = gz >>>>>>>> zlib_save_level = 6 >>>>>>>> } >>>>>>>> service imap { >>>>>>>> executable = imap postlogin >>>>>>>> } >>>>>>>> service pop3 { >>>>>>>> executable = pop3 postlogin >>>>>>>> } >>>>>>>> service postlogin { >>>>>>>> executable = script-login -d rawlog >>>>>>>> } >>>>>>>> service quota-warning { >>>>>>>> executable = script /bin/quota-warning.sh >>>>>>>> } >>>>>>>> ssl = no >>>>>>>> userdb { >>>>>>>> args = /etc/dovecot/userdb-ldap.conf >>>>>>>> driver = ldap >>>>>>>> result_failure = return-fail >>>>>>>> result_internalfail = return-fail >>>>>>>> result_success = continue-ok >>>>>>>> } >>>>>>>> userdb { >>>>>>>> default_fields = quota_bytes=42M >>>>>>>> driver = bdb_quota >>>>>>>> override_fields = quota_rule=*:bytes=%{userdb:quota_bytes} >>>>>>>> result_failure = return-fail >>>>>>>> result_internalfail = return-fail >>>>>>>> result_success = continue-ok >>>>>>>> } >>>>>>>> verbose_proctitle = yes >>>>>>>> protocol lda { >>>>>>>> auth_socket_path = /var/run/dovecot/auth-userdb >>>>>>>> mail_plugin_dir = /lib/dovecot/modules >>>>>>>> mail_plugins = " mail_log notify zlib quota sieve" >>>>>>>> } >>>>>>>> protocol imap { >>>>>>>> mail_plugins = " mail_log notify zlib quota imap_xauth last_login >>>>>>>> imap_quota" >>>>>>>> } >>>>>>>> protocol pop3 { >>>>>>>> mail_plugins = " mail_log notify zlib quota last_login" >>>>>>>> } >>>>>>>> >>>>>> Hi! >>>>>> >>>>>> We are looking into this crash. >>>>>> >>>>>> Are you intentionally setting inbox namespace location to empty? >>>>>> >>>>>> Aki >>>>>> From aki.tuomi at dovecot.fi Mon Jan 23 10:05:48 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 23 Jan 2017 12:05:48 +0200 Subject: Segfault on LIST Command In-Reply-To: <6edcfd5b-f53f-da31-c510-1d6cd5e8d7f6@dovecot.fi> References: <80affa00-c33f-e800-7eaa-4d96f1f10605@dovecot.fi> <3472ec15-2f97-bb9c-9ca3-f66646b5e715@dovecot.fi> <7e9ccfb6-075e-b133-8115-a5abecab7a0d@dovecot.fi> <6edcfd5b-f53f-da31-c510-1d6cd5e8d7f6@dovecot.fi> Message-ID: <99b0458b-1627-9db6-66f6-c790a181aa47@dovecot.fi> Sorry, with 67bb90d lib-storage: Fail if no namespaces have list=yes Aki On 23.01.2017 12:05, Aki Tuomi wrote: > This is fixed in 2.2.27 with ddc96f7 lib-storage: Fixed error handling > in list=children checking > > Aki > > On 23.01.2017 12:00, Aki Tuomi wrote: >> Thank you for your report. >> >> Aki >> >> On 23.01.2017 11:56, Thorsten Hater wrote: >>> OK, I found the problem in my config. If I use an default namespace with an >>> empty >>> name, instead of "inbox" it works as expected. Here the log for this case >>> >>> Starting program: /usr/local/libexec/dovecot/imap -u **** >>> imap(****): Debug: auth input: **** home=**** uid=48 gid=48 >>> quota_rule=*:bytes=1000M >>> imap(****): Debug: Added userdb setting: plugin/quota_rule=*:bytes=1000M >>> Debug: Effective uid=48, gid=48, home=**** >>> Debug: Namespace : type=private, prefix=INBOX., sep=., inbox=yes, >>> hidden=no, list=children, subscriptions=yes location=maildir:~/Maildir >>> Debug: maildir++: root=****/Maildir, index=, indexpvt=, control=, >>> inbox=****/Maildir, alt= >>> Debug: Namespace inbox: type=private, prefix=, sep=, inbox=no, hidden=no, >>> list=yes, subscriptions=yes location=maildir:~/Maildir >>> Debug: maildir++: root=****/Maildir, index=, indexpvt=, control=, inbox=, >>> alt= >>> * PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >>> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT >>> MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS >>> LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN >>> CONTEXT=SEARCH LIST-STATUS BINARY MOVE] Logged in as **** >>> x LIST "" "" >>> * LIST (\Noselect) "." "" >>> x OK List completed (0.000 + 0.000 secs). >>> >>> >>> >>> On Mon, Jan 23, 2017 at 10:46 AM, Aki Tuomi wrote: >>> >>>> I'll try reproduce this issue, but can you, in the mean time, run this >>>> with mail_debug=yes and provide logs? >>>> >>>> Aki >>>> >>>> On 23.01.2017 11:45, Thorsten Hater wrote: >>>>> Hi, >>>>> >>>>> I did added the default location and stripped down my config to a very >>>>> basic >>>>> level, dropping all plugins and database queries, see below. The segfault >>>>> still >>>>> appears in the same location. >>>>> As I have build from source, I wonder whether you can reproduce the >>>> problem? >>>>> Thorsten >>>>> >>>>> $ doveconf -n >>>>> # 2.2.26.0 (23d1de6): /usr/local/etc/dovecot/dovecot.conf >>>>> # Pigeonhole version 0.4.16 (1dc4c73) >>>>> # OS: Linux 3.18.16-intel-vm-64bit x86_64 Debian 8.6 >>>>> auth_debug = yes >>>>> auth_debug_passwords = yes >>>>> auth_socket_path = /usr/local/var/run/dovecot/auth-userdb >>>>> auth_verbose = yes >>>>> base_dir = /usr/local/var/run/dovecot/ >>>>> default_internal_user = pop >>>>> first_valid_uid = 48 >>>>> import_environment = TZ DEBUG=1 >>>>> last_valid_uid = 48 >>>>> login_greeting = Dovecot ready. >>>>> login_trusted_networks = **** >>>>> mail_debug = yes >>>>> mail_gid = pop >>>>> mail_location = maildir:~/Maildir >>>>> mail_plugin_dir = /usr/local/lib/dovecot/ >>>>> mail_uid = pop >>>>> managesieve_notify_capability = mailto >>>>> managesieve_sieve_capability = fileinto reject envelope encoded-character >>>>> vacation subaddress comparator-i;ascii-numeric relational regex >>>> imap4flags >>>>> copy include variables body enotify environment mailbox date index ihave >>>>> duplicate mime foreverypart extracttext >>>>> namespace inbox { >>>>> inbox = yes >>>>> list = children >>>>> location = maildir:~/Maildir >>>>> prefix = INBOX. >>>>> separator = . >>>>> subscriptions = yes >>>>> type = private >>>>> } >>>>> passdb { >>>>> args = nopassword=yes >>>>> driver = static >>>>> } >>>>> protocols = imap pop3 lmtp imap pop3 >>>>> ssl = no >>>>> userdb { >>>>> args = home=**** uid=pop gid=pop quota_rule=*:bytes=1000M >>>>> driver = static >>>>> } >>>>> verbose_proctitle = yes >>>>> protocol lda { >>>>> auth_socket_path = /usr/local/var/run/dovecot/auth-userdb >>>>> } >>>>> >>>>> >>>>> On Mon, Jan 23, 2017 at 10:01 AM, Thorsten Hater < >>>> thorsten.hater at gmail.com> >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> thanks for picking this up. The location is pulled from the database, >>>> but >>>>>> is uniform >>>>>> for all users, so I could set it to maildir:~/Maildir globally. Assuming >>>>>> ~ is expanded >>>>>> later on with userdb data. So, no, there is no special intention behind >>>>>> this. >>>>>> >>>>>> Thorsten >>>>>> >>>>>> On Mon, Jan 23, 2017 at 9:37 AM, Aki Tuomi >>>> wrote: >>>>>>> On 19.01.2017 15:56, Thorsten Hater wrote: >>>>>>>> The Problem arises due to a NULL deref in mail_namespaces.c line 601. >>>>>>>> Backtrace below >>>>>>>> >>>>>>>> x LIST "" "" >>>>>>>> >>>>>>>> Program received signal SIGSEGV, Segmentation fault. >>>>>>>> mail_namespaces_get_root_sep (namespaces=0x0) at mail-namespace.c:601 >>>>>>>> 601 while ((namespaces->flags & NAMESPACE_FLAG_LIST_PREFIX) == 0) >>>>>>>> (gdb) bt >>>>>>>> #0 mail_namespaces_get_root_sep (namespaces=0x0) at >>>>>>> mail-namespace.c:601 >>>>>>>> #1 0x000000000041164c in cmd_list_ref_root (ref=0x65b060 "", >>>>>>>> client=0x65a590) at cmd-list.c:324 >>>>>>>> #2 cmd_list_full (cmd=0x65aee0, lsub=) at >>>> cmd-list.c:461 >>>>>>>> #3 0x0000000000419825 in command_exec (cmd=cmd at entry=0x65aee0) at >>>>>>>> imap-commands.c:181 >>>>>>>> #4 0x0000000000417de2 in client_command_input (cmd=cmd at entry >>>> =0x65aee0) >>>>>>> at >>>>>>>> imap-client.c:988 >>>>>>>> #5 0x0000000000417e70 in client_command_input (cmd=0x65aee0) at >>>>>>>> imap-client.c:1048 >>>>>>>> #6 0x00000000004181e5 in client_handle_next_command >>>>>>>> (remove_io_r=, client=0x65a590) at >>>> imap-client.c:1090 >>>>>>>> #7 client_handle_input (client=0x65a590) at imap-client.c:1102 >>>>>>>> #8 0x0000000000418692 in client_input (client=0x65a590) at >>>>>>>> imap-client.c:1149 >>>>>>>> #9 0x00007ffff76297ac in io_loop_call_io (io=0x652aa0) at >>>> ioloop.c:589 >>>>>>>> #10 0x00007ffff762ab4a in io_loop_handler_run_internal >>>>>>>> (ioloop=ioloop at entry=0x63e7f0) >>>>>>>> at ioloop-epoll.c:222 >>>>>>>> #11 0x00007ffff7629835 in io_loop_handler_run (ioloop=ioloop at entry >>>>>>> =0x63e7f0) >>>>>>>> at ioloop.c:637 >>>>>>>> #12 0x00007ffff76299d8 in io_loop_run (ioloop=0x63e7f0) at >>>> ioloop.c:613 >>>>>>>> #13 0x00007ffff75b9823 in master_service_run (service=0x63e690, >>>>>>>> callback=callback at entry=0x423d40 ) at >>>>>>> master-service.c:641 >>>>>>>> #14 0x000000000040c567 in main (argc=3, argv=0x63e390) at main.c:460 >>>>>>>> >>>>>>>> On Thu, Jan 19, 2017 at 1:05 PM, Thorsten Hater < >>>>>>> thorsten.hater at gmail.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Dear all, >>>>>>>>> >>>>>>>>> I experience SegFaults in the imap binary on a LIST "" "" command, >>>>>>>>> as sent by Claws mail. Using LIST "" "INBOX" or similar is fine. >>>>>>>>> Here is an example telnet session >>>>>>>>> >>>>>>>>> $ telnet 127.0.0.1 143 >>>>>>>>> Trying 127.0.0.1... >>>>>>>>> Connected to 127.0.0.1. >>>>>>>>> Escape character is '^]'. >>>>>>>>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >>>>>>> IDLE >>>>>>>>> AUTH=PLAIN] Dovecot ready. >>>>>>>>> 01 LOGIN **** **** >>>>>>>>> 01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID >>>> ENABLE >>>>>>>>> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS >>>>>>> THREAD=ORDEREDSUBJECT >>>>>>>>> MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS >>>>>>>>> LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES >>>>>>> WITHIN >>>>>>>>> CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE QUOTA] Logged in >>>>>>>>> 02 LIST "" "" >>>>>>>>> Connection closed by foreign host. >>>>>>>>> >>>>>>>>> In the log file >>>>>>>>> >>>>>>>>> dovecot[8375]: imap(***): Fatal: master: service(imap): child 15803 >>>>>>> killed >>>>>>>>> with signal 11 (core dumps disabled) >>>>>>>>> >>>>>>>>> Please find the config below. >>>>>>>>> >>>>>>>>> Best regards, >>>>>>>>> Thorsten >>>>>>>>> >>>>>>>>> $ doveconf -n >>>>>>>>> # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf >>>>>>>>> # Pigeonhole version 0.4.16 (1dc4c73) >>>>>>>>> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 >>>>>>>>> auth_debug = yes >>>>>>>>> auth_debug_passwords = yes >>>>>>>>> auth_socket_path = /var/run/dovecot/auth-userdb >>>>>>>>> auth_verbose = yes >>>>>>>>> base_dir = /var/run/dovecot/ >>>>>>>>> default_internal_user = pop >>>>>>>>> first_valid_uid = 48 >>>>>>>>> import_environment = TZ DEBUG=1 >>>>>>>>> last_valid_uid = 48 >>>>>>>>> login_trusted_networks = **** >>>>>>>>> mail_debug = yes >>>>>>>>> mail_gid = pop >>>>>>>>> mail_plugins = " mail_log notify zlib quota" >>>>>>>>> mail_uid = pop >>>>>>>>> managesieve_notify_capability = mailto >>>>>>>>> managesieve_sieve_capability = fileinto reject envelope >>>>>>> encoded-character >>>>>>>>> vacation subaddress comparator-i;ascii-numeric relational regex >>>>>>> imap4flags >>>>>>>>> copy include variables body enotify environment mailbox date index >>>>>>> ihave >>>>>>>>> duplicate mime foreverypart extracttext >>>>>>>>> namespace inbox { >>>>>>>>> inbox = yes >>>>>>>>> list = children >>>>>>>>> location = >>>>>>>>> mailbox Drafts { >>>>>>>>> auto = no >>>>>>>>> special_use = \Drafts >>>>>>>>> } >>>>>>>>> mailbox Sent { >>>>>>>>> auto = no >>>>>>>>> special_use = \Sent >>>>>>>>> } >>>>>>>>> mailbox Trash { >>>>>>>>> auto = no >>>>>>>>> autoexpunge = 30 days >>>>>>>>> special_use = \Trash >>>>>>>>> } >>>>>>>>> mailbox drafts { >>>>>>>>> auto = no >>>>>>>>> special_use = \Drafts >>>>>>>>> } >>>>>>>>> mailbox sent { >>>>>>>>> auto = no >>>>>>>>> special_use = \Sent >>>>>>>>> } >>>>>>>>> mailbox spamverdacht { >>>>>>>>> auto = no >>>>>>>>> autoexpunge = 30 days >>>>>>>>> special_use = \Junk >>>>>>>>> } >>>>>>>>> mailbox trash { >>>>>>>>> auto = no >>>>>>>>> autoexpunge = 30 days >>>>>>>>> special_use = \Trash >>>>>>>>> } >>>>>>>>> mailbox virenverdacht { >>>>>>>>> auto = no >>>>>>>>> autoexpunge = 30 days >>>>>>>>> special_use = \Junk >>>>>>>>> } >>>>>>>>> prefix = INBOX. >>>>>>>>> separator = . >>>>>>>>> subscriptions = yes >>>>>>>>> type = private >>>>>>>>> } >>>>>>>>> passdb { >>>>>>>>> args = nopassword=y >>>>>>>>> driver = static >>>>>>>>> } >>>>>>>>> plugin { >>>>>>>>> last_login_dict = file:~/lastlogin >>>>>>>>> mail_log_events = delete undelete expunge copy mailbox_delete >>>>>>>>> mailbox_rename >>>>>>>>> mail_log_fields = uid box msgid size >>>>>>>>> quota = maildir:User quota >>>>>>>>> quota_warning = storage=80%% 80 %u %{userdb:quota_bytes} >>>>>>>>> quota_warning2 = storage=90%% 90 %u %{userdb:quota_bytes} >>>>>>>>> quota_warning3 = storage=95%% 95 %u %{userdb:quota_bytes} >>>>>>>>> sieve = ldap:/etc/dovecot/pigeonhole-ldap.conf >>>>>>>>> sieve_dir = ~/sieve >>>>>>>>> sieve_plugins = sieve_storage_ldap >>>>>>>>> zlib_save = gz >>>>>>>>> zlib_save_level = 6 >>>>>>>>> } >>>>>>>>> service imap { >>>>>>>>> executable = imap postlogin >>>>>>>>> } >>>>>>>>> service pop3 { >>>>>>>>> executable = pop3 postlogin >>>>>>>>> } >>>>>>>>> service postlogin { >>>>>>>>> executable = script-login -d rawlog >>>>>>>>> } >>>>>>>>> service quota-warning { >>>>>>>>> executable = script /bin/quota-warning.sh >>>>>>>>> } >>>>>>>>> ssl = no >>>>>>>>> userdb { >>>>>>>>> args = /etc/dovecot/userdb-ldap.conf >>>>>>>>> driver = ldap >>>>>>>>> result_failure = return-fail >>>>>>>>> result_internalfail = return-fail >>>>>>>>> result_success = continue-ok >>>>>>>>> } >>>>>>>>> userdb { >>>>>>>>> default_fields = quota_bytes=42M >>>>>>>>> driver = bdb_quota >>>>>>>>> override_fields = quota_rule=*:bytes=%{userdb:quota_bytes} >>>>>>>>> result_failure = return-fail >>>>>>>>> result_internalfail = return-fail >>>>>>>>> result_success = continue-ok >>>>>>>>> } >>>>>>>>> verbose_proctitle = yes >>>>>>>>> protocol lda { >>>>>>>>> auth_socket_path = /var/run/dovecot/auth-userdb >>>>>>>>> mail_plugin_dir = /lib/dovecot/modules >>>>>>>>> mail_plugins = " mail_log notify zlib quota sieve" >>>>>>>>> } >>>>>>>>> protocol imap { >>>>>>>>> mail_plugins = " mail_log notify zlib quota imap_xauth last_login >>>>>>>>> imap_quota" >>>>>>>>> } >>>>>>>>> protocol pop3 { >>>>>>>>> mail_plugins = " mail_log notify zlib quota last_login" >>>>>>>>> } >>>>>>>>> >>>>>>> Hi! >>>>>>> >>>>>>> We are looking into this crash. >>>>>>> >>>>>>> Are you intentionally setting inbox namespace location to empty? >>>>>>> >>>>>>> Aki >>>>>>> From soumitri at iitk.ac.in Mon Jan 23 10:25:25 2017 From: soumitri at iitk.ac.in (soumitri at iitk.ac.in) Date: Mon, 23 Jan 2017 15:55:25 +0530 Subject: Ox Dovecot - dovecot.fi - dovecot-ee repo access In-Reply-To: <413c6c14-e841-2741-f0cb-9e2815b56f60@dovecot.fi> References: <413c6c14-e841-2741-f0cb-9e2815b56f60@dovecot.fi> Message-ID: I had an preliminary inquiry for EE access with OX. They redirected me to IKU Systems from Germany. From which I did not received any response since last 2 months. Soumitri Mishra. http://home.iitk.ac.in/~soumitri/ On Monday 23 January 2017 02:07 PM, Aki Tuomi wrote: > > On 23.01.2017 10:37, Raymond Sellars wrote: >> Hi >> >> My question is a little off topic but hoping the community has some insight or advise. >> >> Has anyone had success in contacting OX dovecot. We previous purchased Dovecot Pro and had access to the dovecot-ee (https://yum.dovecot.fi) repository. Credentials are no longer valid and all attempts (over the months) to reach Ox gain no response. >> >> Wondering if others are having Pro access issues or have managed to reach their info/sales team (info at dovecot.fi?). >> >> Any recommendations on alternatives for commercial support? Primarily active security patching/advisement rather than polling the open source release stream. >> >> Thanks >> Raymond > Hi! > > I'll pass your message along and someone will be in touch. > > Aki Tuomi > Dovecot oy From lenaigst at maelenn.org Mon Jan 23 16:58:09 2017 From: lenaigst at maelenn.org (Thierry) Date: Mon, 23 Jan 2017 18:58:09 +0200 Subject: dsync dovecot / Failed connection refused Message-ID: <18647088.20170123185809@maelenn.org> Dear all, I am using VMWare and I have cloned my emails server. Now I do have two identicals servers, both running the same version of dovecot (2.2.13) and imap. Let's call them: server1.domain.ltd and server2.domain.ltd. I would like to sync both server using dsync. Dovecot is working well except concerning the sync. dsync config server1.domain.ltd # Enable the replication plugin globally mail_plugins = $mail_plugins notify replication # The mail processes need to have access to the replication-notify fifo and socket. service aggregator { fifo_listener replication-notify-fifo { user = vmail mode = 0666 } unix_listener replication-notify { user = vmail mode = 0666 } } # Enable doveadm replicator commands service replicator { unix_listener replicator-doveadm { mode = 0666 } } # Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 } } # configure how many dsyncs can be run in parallel (10 by default) replication_max_conns = 10 # tell doveadm client to use this port by default doveadm_port = 4711 #Both the client and the server also need to have a shared secret doveadm_password = {SHA512-CRYPT}$6$rou.................... # use tcp:hostname as the dsync target plugin { #mail_replica = tcp:server2.domain.ltd # use doveadm_port mail_replica = tcp:server2.domain.ltd:12345 # use port 12345 explicitly } service config { unix_listener config { user = vmail } } *************************************************************************************** dsync config server2.domain.ltd # Enable the replication plugin globally mail_plugins = $mail_plugins notify replication # The mail processes need to have access to the replication-notify fifo and socket. service aggregator { fifo_listener replication-notify-fifo { user = vmail mode = 0666 } unix_listener replication-notify { user = vmail mode = 0666 } } # Enable doveadm replicator commands service replicator { unix_listener replicator-doveadm { mode = 0666 } } # Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 } } # configure how many dsyncs can be run in parallel (10 by default) replication_max_conns = 10 # tell doveadm client to use this port by default doveadm_port = 4711 #Both the client and the server also need to have a shared secret doveadm_password = {SHA512-CRYPT}$6$ro............. # use tcp:hostname as the dsync target plugin { #mail_replica = tcp:server1.domain.ltd # use doveadm_port mail_replica = tcp:server1.domain.ltd:12345 # use port 12345 explicitly } service config { unix_listener config { user = vmail } } To test both port I have open on my both servers port 12345 and 4711 : Iptables server1: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 ACCEPT tcp -- anywhere anywhere tcp dpt:12345 Iptables server2: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 ACCEPT tcp -- anywhere anywhere tcp dpt:12345 doveadm replicator status '*' username priority fast sync full sync failed user1 at domain.ltd none 00:01:21 11:25:40 y user3 at domain.ltd none 07:31:16 11:25:41 - user2 at domain.ltd none 00:01:21 11:25:40 y user4 at domain.ltd none 11:25:41 11:25:41 - user5 at domain.ltd none 02:17:03 11:25:41 - user6 at domain.ltd none 11:25:40 11:25:40 - user4 at domain.ltd none 00:00:51 11:25:40 y When doing, from server1: "doveadm sync -u user1 at domain.ltd remote:server2.domain.ltd" doveadm(user1 at domain.ltd): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Connection refused doveadm(user1 at domain.ltd): Fatal: /var/run/dovecot/auth-userdb: passdb lookup failed (to see if user is proxied, because doveadm_port is set) dsync-local(user1 at domain.ltd): Error: read(server2.domain.ltd) failed: EOF (version not received) Thx for your help. -- Cordialement, Thierry e-mail : lenaigst at maelenn.org PGP Key: 0xB7E3B9CD From rejex at yandex.com Mon Jan 23 22:06:12 2017 From: rejex at yandex.com (rej ex) Date: Mon, 23 Jan 2017 23:06:12 +0100 Subject: Log authentication attempts Message-ID: <453011485209172@web34j.yandex.ru> Hi everyone, We are running Dovecot 2.2.9 as a primary IMAP server. Also we use Dovecot SASL for SMTP authentication. Because we are building some monitoring application, we will need to record all failed and successful login attempts. We need to record remote IP, entered password in plain text, and if possible whether auth request is for SMTP or IMAP session. I checked http://wiki.dovecot.org/PostLoginScripting and noticed that post-login scripts are executed only after result_success, but not after result_failure (password mismatch). Also I read http://wiki.dovecot.org/PasswordDatabase where I saw that since version 2.2.10 it is possible to control what happens after passdb check, but allowed result values don't include executing custom script. Does anyone know a way to call external binary / script, or at least save a record in the database after login attempt without reading the log files? P.S. there is also a special case. When someone logs in from webmail, remote IP is set to webmail's server. In this case, we will log the attempt from the webmail itself, because it has the correct remote IP. Robin Wood From aki.tuomi at dovecot.fi Tue Jan 24 07:35:19 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 24 Jan 2017 09:35:19 +0200 Subject: Log authentication attempts In-Reply-To: <453011485209172@web34j.yandex.ru> References: <453011485209172@web34j.yandex.ru> Message-ID: Since 2.2.27 we've had auth policy server support which can do this properly. Aki On 24.01.2017 00:06, rej ex wrote: > Hi everyone, > > We are running Dovecot 2.2.9 as a primary IMAP server. Also we use Dovecot SASL for SMTP authentication. > > Because we are building some monitoring application, we will need to record all failed and successful login attempts. We need to record remote IP, entered password in plain text, and if possible whether auth request is for SMTP or IMAP session. > > I checked http://wiki.dovecot.org/PostLoginScripting and noticed that post-login scripts are executed only after result_success, but not after result_failure (password mismatch). > > Also I read http://wiki.dovecot.org/PasswordDatabase where I saw that since version 2.2.10 it is possible to control what happens after passdb check, but allowed result values don't include executing custom script. > > Does anyone know a way to call external binary / script, or at least save a record in the database after login attempt without reading the log files? > > P.S. there is also a special case. When someone logs in from webmail, remote IP is set to webmail's server. In this case, we will log the attempt from the webmail itself, because it has the correct remote IP. > > Robin Wood From kp at asom-net.dk Tue Jan 24 08:25:08 2017 From: kp at asom-net.dk (Kristian Pedersen) Date: Tue, 24 Jan 2017 09:25:08 +0100 Subject: quota-status returns quota_status_success when email would put user over quota Message-ID: <58870F64.2030906@asom-net.dk> Hi list, I am attempting to get quota-status service working, so I can deny email at the initial smtp dialog instead of generating bounces with lda. I can't seem to get quota-status to return quota_status_overquota, even when an email would put an account over quota. Quota in general works fine: Jan 22 06:39:23 mail dovecot: lda(xx at yy.dk): msgid=<25c5bdb20d58fc4f649f716a947613dc at zz.org>: save failed to INBOX: Quota exceeded (mailbox for user is full) Jan 22 06:39:23 mail dovecot: lda(xx at yy.dk): msgid=<25c5bdb20d58fc4f649f716a947613dc at zz.org>: rejected: Quota exceeded (mailbox for user is full) The system is a pretty standard debian 8 box running virtually on a kvm/ovirt cluster: root at mail:~# dpkg --list | grep dovec ii dovecot-core 1:2.2.13-12~deb8u1 amd64 secure POP3/IMAP server - core files ii dovecot-imapd 1:2.2.13-12~deb8u1 amd64 secure POP3/IMAP server - IMAP daemon ii dovecot-lmtpd 1:2.2.13-12~deb8u1 amd64 secure POP3/IMAP server - LMTP server ii dovecot-mysql 1:2.2.13-12~deb8u1 amd64 secure POP3/IMAP server - MySQL support ii dovecot-pop3d 1:2.2.13-12~deb8u1 amd64 secure POP3/IMAP server - POP3 daemon Mail storage is local XFS partitions as far as the dovecot server knows. Behind the scene its actually raw disk images on NFS shares from a SAN towards the kvm/ovirt cluster. I test by using nc towards the quota-status instance: root at mail:~# printf "recipient=kptest at asom-net.dk\nsize=1000000000\n\n" | nc -q1 localhost 12340 action=DUNNO User has 500MB quota: mysql> SELECT CONCAT('/data/vmail/',CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1))) AS home, 110 AS uid, 110 AS gid, CONCAT('*:storage=',mailquota,'M') AS quota_rule FROM virtual_users WHERE email='kptest at asom-net.dk'; +--------------------------------+-----+-----+----------------+ | home | uid | gid | quota_rule | +--------------------------------+-----+-----+----------------+ | /data/vmail/asom-net.dk/kptest | 110 | 110 | *:storage=500M | +--------------------------------+-----+-----+----------------+ 1 row in set (0.00 sec) maildirsize seems ok: root at mail:~# cat /data/vmail/asom-net.dk/kptest/maildirsize 524288000S 685 1 690 1 Quota-status will return unknown user if that is the case: root at mail:~# printf "recipient=kptest2 at asom-net.dk\nsize=1000000000\n\n" | nc -q1 localhost 12340 action=551 5.5.1 User not found Log file (with mail_debug = yes): Jan 12 16:52:21 mail dovecot: quota-status: Debug: auth input: kptest at asom-net.dk home=/data/vmail/asom-net.dk/kptest uid=110 gid=110 quota_rule=*:storage=500M Jan 12 16:52:21 mail dovecot: quota-status: Debug: Added userdb setting: plugin/quota_rule=*:storage=500M Jan 12 16:52:21 mail dovecot: quota-status(kptest at asom-net.dk): Debug: Effective uid=110, gid=110, home=/data/vmail/asom-net.dk/kptest Jan 12 16:52:21 mail dovecot: quota-status(kptest at asom-net.dk): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/data/vmail/asom-net.dk/kptest/ Jan 12 16:52:21 mail dovecot: quota-status(kptest at asom-net.dk): Debug: maildir++: root=/data/vmail/asom-net.dk/kptest, index=, indexpvt=, control=, inbox=/data/vmail/asom-net.dk/kptest, alt= dovecot -n: # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 ext4 auth_default_realm = vejen-net.dk auth_mechanisms = plain login auth_verbose = yes disable_plaintext_auth = no first_valid_uid = 110 log_timestamp = "%Y-%m-%d %H:%M:%S " mail_debug = yes mail_location = maildir:/data/vmail/%d/%n/ mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/local-sql.conf driver = sql } plugin { quota = maildir:User quota quota_rule = *:storage=200M quota_status_nouser = 551 5.5.1 User not found quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1024 process_limit = 256 process_min_avail = 8 service_count = 0 vsz_limit = 512 M } service imap { process_limit = 10240 } service pop3-login { client_limit = 512 process_limit = 256 process_min_avail = 8 service_count = 0 vsz_limit = 512 M } service pop3 { process_limit = 10240 } service quota-status { client_limit = 1 executable = /usr/lib/dovecot/quota-status -p postfix inet_listener { port = 12340 } } ssl_cert = ../mnt1/asom-net.dk root at mail:~# ls -ld /data/mnt1/asom-net.dk/ drwxrwx--- 45 vmail vmail 4096 Dec 15 10:54 /data/mnt1/asom-net.dk/ root at mail:~# ls -ld /data/mnt1/asom-net.dk/kptest/ drwx------ 9 vmail vmail 4096 Jan 23 08:55 /data/mnt1/asom-net.dk/kptest/ root at mail:~# ls -ld /data/mnt1/asom-net.dk/kptest/maildirsize -rw------- 1 vmail vmail 23 Jan 12 16:50 /data/mnt1/asom-net.dk/kptest/maildirsize Anyone have any idea what might be wrong here? Regards, -- Kristian Pedersen ASOM-Net Systemadministrator www.asom-net.dk Telefon: 44 400 970 From mail at tomsommer.dk Tue Jan 24 09:13:42 2017 From: mail at tomsommer.dk (Tom Sommer) Date: Tue, 24 Jan 2017 10:13:42 +0100 Subject: Quota count does not work with lock_method=dotlock In-Reply-To: <53782c78-e7cd-779a-0dd6-6552ad1276ba@gmx.de> References: <53782c78-e7cd-779a-0dd6-6552ad1276ba@gmx.de> Message-ID: On 2017-01-18 15:27, mkliewe at gmx.de wrote: > dovecot crashes when I switch the quota tracking from dict to count. I have the same problem, but I use 'dict:file' as quota backend - Maybe the error is due to quota_vsizes and not 'count'. // Tom Sommer From aki.tuomi at dovecot.fi Tue Jan 24 09:25:15 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 24 Jan 2017 11:25:15 +0200 Subject: Quota count does not work with lock_method=dotlock In-Reply-To: References: <53782c78-e7cd-779a-0dd6-6552ad1276ba@gmx.de> Message-ID: <8e3b66f9-b43a-f92a-559b-468cecc71be2@dovecot.fi> On 24.01.2017 11:13, Tom Sommer wrote: > On 2017-01-18 15:27, mkliewe at gmx.de wrote: > >> dovecot crashes when I switch the quota tracking from dict to count. > > I have the same problem, but I use 'dict:file' as quota backend - > Maybe the error is due to quota_vsizes and not 'count'. > > // Tom Sommer Hi! What version of dovecot are you both using? Aki From mail at tomsommer.dk Tue Jan 24 09:31:03 2017 From: mail at tomsommer.dk (Tom Sommer) Date: Tue, 24 Jan 2017 10:31:03 +0100 Subject: Quota count does not work with lock_method=dotlock In-Reply-To: <8e3b66f9-b43a-f92a-559b-468cecc71be2@dovecot.fi> References: <53782c78-e7cd-779a-0dd6-6552ad1276ba@gmx.de> <8e3b66f9-b43a-f92a-559b-468cecc71be2@dovecot.fi> Message-ID: On 2017-01-24 10:25, Aki Tuomi wrote: > On 24.01.2017 11:13, Tom Sommer wrote: >> On 2017-01-18 15:27, mkliewe at gmx.de wrote: >> >>> dovecot crashes when I switch the quota tracking from dict to count. >> >> I have the same problem, but I use 'dict:file' as quota backend - >> Maybe the error is due to quota_vsizes and not 'count'. >> >> // Tom Sommer > > Hi! > > What version of dovecot are you both using? 2.2.27 (c0f36b0) From aki.tuomi at dovecot.fi Tue Jan 24 09:32:30 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 24 Jan 2017 11:32:30 +0200 Subject: Quota count does not work with lock_method=dotlock In-Reply-To: References: <53782c78-e7cd-779a-0dd6-6552ad1276ba@gmx.de> <8e3b66f9-b43a-f92a-559b-468cecc71be2@dovecot.fi> Message-ID: On 24.01.2017 11:31, Tom Sommer wrote: > On 2017-01-24 10:25, Aki Tuomi wrote: >> On 24.01.2017 11:13, Tom Sommer wrote: >>> On 2017-01-18 15:27, mkliewe at gmx.de wrote: >>> >>>> dovecot crashes when I switch the quota tracking from dict to count. >>> >>> I have the same problem, but I use 'dict:file' as quota backend - >>> Maybe the error is due to quota_vsizes and not 'count'. >>> >>> // Tom Sommer >> >> Hi! >> >> What version of dovecot are you both using? > > 2.2.27 (c0f36b0) A gdb bt full would help if possible. See https://dovecot.org/bugreport.html for more details Aki Aki From mikefroehner at gmx.de Tue Jan 24 09:41:28 2017 From: mikefroehner at gmx.de (=?UTF-8?Q?Mike_Fr=c3=b6hner?=) Date: Tue, 24 Jan 2017 10:41:28 +0100 Subject: dsync dovecot / Failed connection refused In-Reply-To: <18647088.20170123185809@maelenn.org> References: <18647088.20170123185809@maelenn.org> Message-ID: Hello, I might be wrong, but the port which will be used for the replicator port is the value of 'doveadm_port' which in your case is 4711. Mike; On 01/23/2017 05:58 PM, Thierry wrote: > Dear all, > > I am using VMWare and I have cloned my emails server. > Now I do have two identicals servers, both running the same version of dovecot (2.2.13) and imap. > Let's call them: server1.domain.ltd and server2.domain.ltd. > I would like to sync both server using dsync. > > Dovecot is working well except concerning the sync. > > dsync config server1.domain.ltd > > # Enable the replication plugin globally > mail_plugins = $mail_plugins notify replication > > # The mail processes need to have access to the replication-notify fifo and socket. > service aggregator { > fifo_listener replication-notify-fifo { > user = vmail > mode = 0666 > } > unix_listener replication-notify { > user = vmail > mode = 0666 > } > } > > # Enable doveadm replicator commands > service replicator { > unix_listener replicator-doveadm { > mode = 0666 > } > } > > # Create a listener for doveadm-server > service doveadm { > user = vmail > inet_listener { > port = 12345 > } > } > > # configure how many dsyncs can be run in parallel (10 by default) > replication_max_conns = 10 > > # tell doveadm client to use this port by default > doveadm_port = 4711 > > #Both the client and the server also need to have a shared secret > doveadm_password = {SHA512-CRYPT}$6$rou.................... > # use tcp:hostname as the dsync target > plugin { > #mail_replica = tcp:server2.domain.ltd # use doveadm_port > mail_replica = tcp:server2.domain.ltd:12345 # use port 12345 explicitly > } > > service config { > unix_listener config { > user = vmail > } > } > > *************************************************************************************** > > dsync config server2.domain.ltd > > # Enable the replication plugin globally > mail_plugins = $mail_plugins notify replication > > # The mail processes need to have access to the replication-notify fifo and socket. > service aggregator { > fifo_listener replication-notify-fifo { > user = vmail > mode = 0666 > } > unix_listener replication-notify { > user = vmail > mode = 0666 > } > } > > # Enable doveadm replicator commands > service replicator { > unix_listener replicator-doveadm { > mode = 0666 > } > } > > # Create a listener for doveadm-server > service doveadm { > user = vmail > inet_listener { > port = 12345 > } > } > > # configure how many dsyncs can be run in parallel (10 by default) > replication_max_conns = 10 > > # tell doveadm client to use this port by default > doveadm_port = 4711 > > #Both the client and the server also need to have a shared secret > doveadm_password = {SHA512-CRYPT}$6$ro............. > # use tcp:hostname as the dsync target > plugin { > #mail_replica = tcp:server1.domain.ltd # use doveadm_port > mail_replica = tcp:server1.domain.ltd:12345 # use port 12345 explicitly > } > > service config { > unix_listener config { > user = vmail > } > } > > To test both port I have open on my both servers port 12345 and 4711 : > > Iptables server1: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 > ACCEPT tcp -- anywhere anywhere tcp dpt:12345 > > Iptables server2: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 > ACCEPT tcp -- anywhere anywhere tcp dpt:12345 > > > doveadm replicator status '*' > username priority fast sync full sync failed > user1 at domain.ltd none 00:01:21 11:25:40 y > user3 at domain.ltd none 07:31:16 11:25:41 - > user2 at domain.ltd none 00:01:21 11:25:40 y > user4 at domain.ltd none 11:25:41 11:25:41 - > user5 at domain.ltd none 02:17:03 11:25:41 - > user6 at domain.ltd none 11:25:40 11:25:40 - > user4 at domain.ltd none 00:00:51 11:25:40 y > > When doing, from server1: "doveadm sync -u user1 at domain.ltd remote:server2.domain.ltd" > > doveadm(user1 at domain.ltd): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Connection refused > doveadm(user1 at domain.ltd): Fatal: /var/run/dovecot/auth-userdb: passdb lookup failed (to see if user is proxied, because doveadm_port is set) > dsync-local(user1 at domain.ltd): Error: read(server2.domain.ltd) failed: EOF (version not received) > > Thx for your help. > > From lenaigst at maelenn.org Tue Jan 24 09:45:14 2017 From: lenaigst at maelenn.org (Thierry) Date: Tue, 24 Jan 2017 11:45:14 +0200 Subject: dsync dovecot / Failed connection refused In-Reply-To: References: <18647088.20170123185809@maelenn.org> Message-ID: <1089937784.20170124114514@maelenn.org> Hi Mike, Is the value of the 'doveadm_port' if I am choosing: mail_replica = tcp:server1.domain.ltd no ? I might be wrong too ;) Thx Le mardi 24 janvier 2017 ? 11:41:28, vous ?criviez : > Hello, > I might be wrong, but the port which will be used for the replicator > port is the value of 'doveadm_port' which in your case is 4711. > Mike; > On 01/23/2017 05:58 PM, Thierry wrote: >> Dear all, >> >> I am using VMWare and I have cloned my emails server. >> Now I do have two identicals servers, both running the same version of dovecot (2.2.13) and imap. >> Let's call them: server1.domain.ltd and server2.domain.ltd. >> I would like to sync both server using dsync. >> >> Dovecot is working well except concerning the sync. >> >> dsync config server1.domain.ltd >> >> # Enable the replication plugin globally >> mail_plugins = $mail_plugins notify replication >> >> # The mail processes need to have access to the replication-notify fifo and socket. >> service aggregator { >> fifo_listener replication-notify-fifo { >> user = vmail >> mode = 0666 >> } >> unix_listener replication-notify { >> user = vmail >> mode = 0666 >> } >> } >> >> # Enable doveadm replicator commands >> service replicator { >> unix_listener replicator-doveadm { >> mode = 0666 >> } >> } >> >> # Create a listener for doveadm-server >> service doveadm { >> user = vmail >> inet_listener { >> port = 12345 >> } >> } >> >> # configure how many dsyncs can be run in parallel (10 by default) >> replication_max_conns = 10 >> >> # tell doveadm client to use this port by default >> doveadm_port = 4711 >> >> #Both the client and the server also need to have a shared secret >> doveadm_password = {SHA512-CRYPT}$6$rou.................... >> # use tcp:hostname as the dsync target >> plugin { >> #mail_replica = tcp:server2.domain.ltd # use doveadm_port >> mail_replica = tcp:server2.domain.ltd:12345 # use port 12345 explicitly >> } >> >> service config { >> unix_listener config { >> user = vmail >> } >> } >> >> *************************************************************************************** >> >> dsync config server2.domain.ltd >> >> # Enable the replication plugin globally >> mail_plugins = $mail_plugins notify replication >> >> # The mail processes need to have access to the replication-notify fifo and socket. >> service aggregator { >> fifo_listener replication-notify-fifo { >> user = vmail >> mode = 0666 >> } >> unix_listener replication-notify { >> user = vmail >> mode = 0666 >> } >> } >> >> # Enable doveadm replicator commands >> service replicator { >> unix_listener replicator-doveadm { >> mode = 0666 >> } >> } >> >> # Create a listener for doveadm-server >> service doveadm { >> user = vmail >> inet_listener { >> port = 12345 >> } >> } >> >> # configure how many dsyncs can be run in parallel (10 by default) >> replication_max_conns = 10 >> >> # tell doveadm client to use this port by default >> doveadm_port = 4711 >> >> #Both the client and the server also need to have a shared secret >> doveadm_password = {SHA512-CRYPT}$6$ro............. >> # use tcp:hostname as the dsync target >> plugin { >> #mail_replica = tcp:server1.domain.ltd # use doveadm_port >> mail_replica = tcp:server1.domain.ltd:12345 # use port 12345 explicitly >> } >> >> service config { >> unix_listener config { >> user = vmail >> } >> } >> >> To test both port I have open on my both servers port 12345 and 4711 : >> >> Iptables server1: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 >> ACCEPT tcp -- anywhere anywhere tcp dpt:12345 >> >> Iptables server2: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 >> ACCEPT tcp -- anywhere anywhere tcp dpt:12345 >> >> >> doveadm replicator status '*' >> username priority fast sync full sync failed >> user1 at domain.ltd none 00:01:21 11:25:40 y >> user3 at domain.ltd none 07:31:16 11:25:41 - >> user2 at domain.ltd none 00:01:21 11:25:40 y >> user4 at domain.ltd none 11:25:41 11:25:41 - >> user5 at domain.ltd none 02:17:03 11:25:41 - >> user6 at domain.ltd none 11:25:40 11:25:40 - >> user4 at domain.ltd none 00:00:51 11:25:40 y >> >> When doing, from server1: "doveadm sync -u user1 at domain.ltd remote:server2.domain.ltd" >> >> doveadm(user1 at domain.ltd): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Connection refused >> doveadm(user1 at domain.ltd): Fatal: /var/run/dovecot/auth-userdb: passdb lookup failed (to see if user is proxied, because doveadm_port is set) >> dsync-local(user1 at domain.ltd): Error: read(server2.domain.ltd) failed: EOF (version not received) >> >> Thx for your help. >> >> -- Cordialement, Thierry e-mail : lenaigst at maelenn.org From mikefroehner at gmx.de Tue Jan 24 10:03:37 2017 From: mikefroehner at gmx.de (=?UTF-8?Q?Mike_Fr=c3=b6hner?=) Date: Tue, 24 Jan 2017 11:03:37 +0100 Subject: dsync dovecot / Failed connection refused In-Reply-To: <1089937784.20170124114514@maelenn.org> References: <18647088.20170123185809@maelenn.org> <1089937784.20170124114514@maelenn.org> Message-ID: <04c4cc73-117f-b50d-4767-a06a15635b8e@gmx.de> Sorry, you are right, I was wrong. I missed you explicit configure the port at $mail_replica. On 01/24/2017 10:45 AM, Thierry wrote: > Hi Mike, > > Is the value of the 'doveadm_port' if I am choosing: mail_replica = > tcp:server1.domain.ltd no ? > I might be wrong too ;) > > Thx > > Le mardi 24 janvier 2017 ? 11:41:28, vous ?criviez : > >> Hello, > >> I might be wrong, but the port which will be used for the replicator >> port is the value of 'doveadm_port' which in your case is 4711. > >> Mike; > >> On 01/23/2017 05:58 PM, Thierry wrote: >>> Dear all, >>> >>> I am using VMWare and I have cloned my emails server. >>> Now I do have two identicals servers, both running the same version of dovecot (2.2.13) and imap. >>> Let's call them: server1.domain.ltd and server2.domain.ltd. >>> I would like to sync both server using dsync. >>> >>> Dovecot is working well except concerning the sync. >>> >>> dsync config server1.domain.ltd >>> >>> # Enable the replication plugin globally >>> mail_plugins = $mail_plugins notify replication >>> >>> # The mail processes need to have access to the replication-notify fifo and socket. >>> service aggregator { >>> fifo_listener replication-notify-fifo { >>> user = vmail >>> mode = 0666 >>> } >>> unix_listener replication-notify { >>> user = vmail >>> mode = 0666 >>> } >>> } >>> >>> # Enable doveadm replicator commands >>> service replicator { >>> unix_listener replicator-doveadm { >>> mode = 0666 >>> } >>> } >>> >>> # Create a listener for doveadm-server >>> service doveadm { >>> user = vmail >>> inet_listener { >>> port = 12345 >>> } >>> } >>> >>> # configure how many dsyncs can be run in parallel (10 by default) >>> replication_max_conns = 10 >>> >>> # tell doveadm client to use this port by default >>> doveadm_port = 4711 >>> >>> #Both the client and the server also need to have a shared secret >>> doveadm_password = {SHA512-CRYPT}$6$rou.................... >>> # use tcp:hostname as the dsync target >>> plugin { >>> #mail_replica = tcp:server2.domain.ltd # use doveadm_port >>> mail_replica = tcp:server2.domain.ltd:12345 # use port 12345 explicitly >>> } >>> >>> service config { >>> unix_listener config { >>> user = vmail >>> } >>> } >>> >>> *************************************************************************************** >>> >>> dsync config server2.domain.ltd >>> >>> # Enable the replication plugin globally >>> mail_plugins = $mail_plugins notify replication >>> >>> # The mail processes need to have access to the replication-notify fifo and socket. >>> service aggregator { >>> fifo_listener replication-notify-fifo { >>> user = vmail >>> mode = 0666 >>> } >>> unix_listener replication-notify { >>> user = vmail >>> mode = 0666 >>> } >>> } >>> >>> # Enable doveadm replicator commands >>> service replicator { >>> unix_listener replicator-doveadm { >>> mode = 0666 >>> } >>> } >>> >>> # Create a listener for doveadm-server >>> service doveadm { >>> user = vmail >>> inet_listener { >>> port = 12345 >>> } >>> } >>> >>> # configure how many dsyncs can be run in parallel (10 by default) >>> replication_max_conns = 10 >>> >>> # tell doveadm client to use this port by default >>> doveadm_port = 4711 >>> >>> #Both the client and the server also need to have a shared secret >>> doveadm_password = {SHA512-CRYPT}$6$ro............. >>> # use tcp:hostname as the dsync target >>> plugin { >>> #mail_replica = tcp:server1.domain.ltd # use doveadm_port >>> mail_replica = tcp:server1.domain.ltd:12345 # use port 12345 explicitly >>> } >>> >>> service config { >>> unix_listener config { >>> user = vmail >>> } >>> } >>> >>> To test both port I have open on my both servers port 12345 and 4711 : >>> >>> Iptables server1: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 >>> ACCEPT tcp -- anywhere anywhere tcp dpt:12345 >>> >>> Iptables server2: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 >>> ACCEPT tcp -- anywhere anywhere tcp dpt:12345 >>> >>> >>> doveadm replicator status '*' >>> username priority fast sync full sync failed >>> user1 at domain.ltd none 00:01:21 11:25:40 y >>> user3 at domain.ltd none 07:31:16 11:25:41 - >>> user2 at domain.ltd none 00:01:21 11:25:40 y >>> user4 at domain.ltd none 11:25:41 11:25:41 - >>> user5 at domain.ltd none 02:17:03 11:25:41 - >>> user6 at domain.ltd none 11:25:40 11:25:40 - >>> user4 at domain.ltd none 00:00:51 11:25:40 y >>> >>> When doing, from server1: "doveadm sync -u user1 at domain.ltd remote:server2.domain.ltd" >>> >>> doveadm(user1 at domain.ltd): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Connection refused >>> doveadm(user1 at domain.ltd): Fatal: /var/run/dovecot/auth-userdb: passdb lookup failed (to see if user is proxied, because doveadm_port is set) >>> dsync-local(user1 at domain.ltd): Error: read(server2.domain.ltd) failed: EOF (version not received) >>> >>> Thx for your help. >>> >>> > > > From mkliewe at gmx.de Tue Jan 24 12:01:45 2017 From: mkliewe at gmx.de (mkliewe at gmx.de) Date: Tue, 24 Jan 2017 13:01:45 +0100 Subject: Quota count does not work with lock_method=dotlock In-Reply-To: References: <53782c78-e7cd-779a-0dd6-6552ad1276ba@gmx.de> <8e3b66f9-b43a-f92a-559b-468cecc71be2@dovecot.fi> Message-ID: On 24.01.2017 10:32, Aki Tuomi wrote: > On 24.01.2017 11:31, Tom Sommer wrote: >> On 2017-01-24 10:25, Aki Tuomi wrote: >>> On 24.01.2017 11:13, Tom Sommer wrote: >>>> On 2017-01-18 15:27, mkliewe at gmx.de wrote: >>>>> dovecot crashes when I switch the quota tracking from dict to count. >>>> I have the same problem, but I use 'dict:file' as quota backend - >>>> Maybe the error is due to quota_vsizes and not 'count'. >>>> >>>> // Tom Sommer >>> Hi! >>> >>> What version of dovecot are you both using? >> 2.2.27 (c0f36b0) > A gdb bt full would help if possible. Hi Aki, I'm using 2.2.26.0 (23d1de6) Below a "bt full". In this case I have a mailbox which already is using the count quota module, and I changed the lock_method from fcntl to dotlock. After a dovecot restart, every change in the mailbox (new mail, delete mail) crashes the imap process. The same happens if I have a mailbox which is using dict quota and lock_method=dotlock. As soon as I switch to the count quota (and enable quota_vsizes), it crashes directly after login, because I guess dovecot detects that the vsizes or count data is missing, and wants to calculate and store it. Then it crashes during login. #quota = dict:User quota::proxy::quota quota = count:User quota quota_vsizes = yes quota_clone_dict = proxy::quota Reading symbols from /usr/local/libexec/dovecot/imap...done. [New LWP 25953] Core was generated by `dovecot/imap'. Program terminated with signal SIGABRT, Aborted. #0 0x00007f517f0c0428 in __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. #0 0x00007f517f0c0428 in __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 resultvar = 0 pid = 25953 selftid = 25953 #1 0x00007f517f0c202a in __GI_abort () at abort.c:89 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {0, 139987996092596, 139987996095480, 139988007874990, 139988007830623, 139988007831156, 139988007887477, 33523136, 16395163946287022080, 0, 0, 139988007573664, 33526848, 140721879070388, 0, 2401}}, sa_flags = 2135830010, sa_restorer = 0x5} sigs = {__val = {32, 0 }} #2 0x00007f517f4e7e9a in default_fatal_finish (type=LOG_TYPE_PANIC, status=status at entry=0) at failures.c:201 backtrace = 0x1ff83f0 "/usr/local/lib/dovecot/libdovecot.so.0(+0x93ea2) [0x7f517f4e7ea2] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x93f8d) [0x7f517f4e7f8d] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f517f481"... #3 0x00007f517f4e7f8d in i_internal_fatal_handler (ctx=0x7ffc5d9d3850, format=, args=) at failures.c:670 status = 0 #4 0x00007f517f4817c1 in i_panic (format=format at entry=0x7f517f518714 "file %s: line %d: unreached") at failures.c:275 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0, timestamp_usecs = 0} args = #5 0x00007f517f4ec810 in file_lock_do (fd=fd at entry=19, path=path at entry=0x1ff8300 "/mnt/storage/xxx/yyy/zzz/maildir/.FOLDERNAME 05_04_2014 13:58.Sent/.vsize.lockdd843829ef7eb296", lock_type=lock_type at entry=1, lock_method=lock_method at entry=FILE_LOCK_METHOD_DOTLOCK, timeout_secs=0, error_r=error_r at entry=0x7ffc5d9d3ae8) at file-lock.c:285 lock_type_str = 0x7f517f52bc38 "write-lock" started = 1485257739 ret = __FUNCTION__ = "file_lock_do" #6 0x00007f517f4ecbe6 in file_wait_lock_error (fd=19, path=0x1ff8300 "/mnt/storage/xxx/yyy/zzz/maildir/.FOLDERNAME 05_04_2014 13:58.Sent/.vsize.lockdd843829ef7eb296", lock_type=1, lock_method=FILE_LOCK_METHOD_DOTLOCK, timeout_secs=, lock_r=0x2025020, error_r=0x7ffc5d9d3ae8) at file-lock.c:314 ret = #7 0x00007f517f4ecc61 in file_try_lock_error (fd=, path=, lock_type=lock_type at entry=1, lock_method=lock_method at entry=FILE_LOCK_METHOD_DOTLOCK, lock_r=lock_r at entry=0x2025020, error_r=error_r at entry=0x7ffc5d9d3ae8) at file-lock.c:66 No locals. #8 0x00007f517f4e9d1d in try_create_new (error_r=0x7ffc5d9d3ae8, lock_r=0x2025020, fd_r=0x7ffc5d9d3a80, set=0x7ffc5d9d3af0, path=0x2029e80 "/mnt/storage/xxx/yyy/zzz/maildir/.FOLDERNAME 05_04_2014 13:58.Sent/.vsize.lock") at file-create-locked.c:65 fd = 19 orig_errno = ret = -1 temp_path = 0x1ff82c8 mode = 2 uid = gid = #9 file_create_locked (path=0x2029e80 "/mnt/storage/xxx/yyy/zzz/maildir/.FOLDERNAME 05_04_2014 13:58.Sent/.vsize.lock", set=set at entry=0x7ffc5d9d3af0, lock_r=lock_r at entry=0x2025020, created_r=created_r at entry=0x7ffc5d9d3ae7, error_r=error_r at entry=0x7ffc5d9d3ae8) at file-create-locked.c:118 i = 0 fd = -1 ret = __FUNCTION__ = "file_create_locked" #10 0x00007f517f8225f3 in vsize_update_lock_full (update=0x2024fe0, lock_secs=lock_secs at entry=0) at index-mailbox-size.c:140 box = perm = 0x2029198 set = {lock_timeout_secs = 0, lock_method = FILE_LOCK_METHOD_DOTLOCK, mode = 432, uid = 0, gid = 4294967295, gid_origin = 0x202a760 "/mnt/storage/xxx/yyy/zzz/maildir/.FOLDERNAME 05_04_2014 13:58.Sent"} error = 0x7ffc5d9d3b30 "" created = false #11 0x00007f517f8226d7 in index_mailbox_vsize_update_try_lock (update=) at index-mailbox-size.c:157 No locals. #12 0x00007f517f822bb2 in index_mailbox_vsize_update_appends (box=) at index-mailbox-size.c:401 update = 0x2024fe0 status = {messages = 107, recent = 0, unseen = 0, uidvalidity = 1281450483, uidnext = 108, first_unseen_seq = 0, first_recent_uid = 108, last_cached_seq = 0, highest_modseq = 0, highest_pvt_modseq = 0, keywords = 0x0, permanent_flags = 0, permanent_keywords = 0, allow_new_keywords = 0, nonpermanent_modseqs = 0, no_modseq_tracking = 0, have_guids = 1, have_save_guids = 1, have_only_guid128 = 0} #13 0x00007f517f82df4c in index_mailbox_sync_deinit (_ctx=0x2030f90, status_r=0x7ffc5d9d3d00) at index-sync.c:346 ctx = 0x2030f90 sync_rec = {seq1 = 0, seq2 = 0, type = (unknown: 0)} delayed_expunges = false ret = #14 0x00007f517e8442cf in fts_sync_deinit (ctx=0x2030f90, status_r=0x7ffc5d9d3d00) at fts-storage.c:704 box = 0x2028fc0 fbox = 0x20297d0 flist = 0x201e998 optimize = ret = 0 #15 0x00007f517ec80bf3 in quota_mailbox_sync_deinit (ctx=0x2030f90, status_r=0x7ffc5d9d3d00) at quota-storage.c:436 qbox = 0x2029638 ret = #16 0x00007f517f811447 in index_list_sync_deinit (ctx=0x2030f90, status_r=0x7ffc5d9d3d00) at mailbox-list-index-status.c:749 box = 0x2028fc0 ibox = #17 0x00007f517f7b4312 in mailbox_sync_deinit (_ctx=_ctx at entry=0x7ffc5d9d3d10, status_r=status_r at entry=0x7ffc5d9d3d00) at mail-storage.c:1751 ctx = box = 0x2028fc0 errormsg = error = MAIL_ERROR_NONE ret = #18 0x00007f517f7b43e9 in mailbox_sync (box=box at entry=0x2028fc0, flags=, flags at entry=MAILBOX_SYNC_FLAG_FAST) at mail-storage.c:1777 ctx = 0x0 status = {sync_delayed_expunges = 0} #19 0x00007f517f82a2ed in index_mailbox_get_metadata (box=box at entry=0x2028fc0, items=items at entry=MAILBOX_METADATA_VIRTUAL_SIZE, metadata_r=metadata_r at entry=0x7ffc5d9d3f30) at index-status.c:326 No locals. #20 0x00007f517f7dce81 in maildir_mailbox_get_metadata (box=0x2028fc0, items=MAILBOX_METADATA_VIRTUAL_SIZE, metadata_r=0x7ffc5d9d3f30) at maildir-storage.c:548 mbox = 0x2028fc0 #21 0x00007f517f8115ac in index_list_get_metadata (box=0x2028fc0, items=MAILBOX_METADATA_VIRTUAL_SIZE, metadata_r=0x7ffc5d9d3f30) at mailbox-list-index-status.c:377 ibox = 0x202a520 #22 0x00007f517f7b5d80 in mailbox_get_metadata (box=0x2028fc0, items=MAILBOX_METADATA_VIRTUAL_SIZE, metadata_r=metadata_r at entry=0x7ffc5d9d3f30) at mail-storage.c:1700 No locals. #23 0x00007f517ec7bbce in quota_count_mailbox (root=0x2017ef0, root=0x2017ef0, ns=0x201d300, count=0x7ffc5d9d3fd0, bytes=0x7ffc5d9d3fc8, vname=0x2024870 "MAIL_DE LIVE 05_04_2014 13:58.Sent") at quota-count.c:48 rule = box = 0x2028fc0 status = {messages = 0, recent = 0, unseen = 0, uidvalidity = 0, uidnext = 1, first_unseen_seq = 0, first_recent_uid = 0, last_cached_seq = 0, highest_modseq = 0, highest_pvt_modseq = 0, keywords = 0x0, permanent_flags = 0, permanent_keywords = 0, allow_new_keywords = 0, nonpermanent_modseqs = 0, no_modseq_tracking = 0, have_guids = 1, have_save_guids = 1, have_only_guid128 = 0} errstr = ret = metadata = {guid = '\000' , virtual_size = 0, physical_size = 0, first_save_date = 0, cache_fields = 0x0, precache_fields = (unknown: 0), backend_ns_prefix = 0x0, backend_ns_type = (unknown: 0)} error = 32593 #24 quota_count (root=0x2017ef0, bytes_r=0x7ffc5d9d3fc8, count_r=0x7ffc5d9d3fd0) at quota-count.c:159 iter = 0x2023fd0 info = ret = 1 count_r = 0x7ffc5d9d3fd0 bytes_r = 0x7ffc5d9d3fc8 root = 0x2017ef0 #25 0x00007f517ec7bd3e in quota_count_cached (count_r=0x7ffc5d9d3fd0, bytes_r=0x7ffc5d9d3fc8, root=0x2017ef0) at quota-count.c:185 ret = #26 count_quota_get_resource (_root=0x2017ef0, name=0x7f517ec82a6c "STORAGE_BYTES", value_r=0x7ffc5d9d4098) at quota-count.c:234 root = 0x2017ef0 bytes = 0 count = 0 #27 0x00007f517ec7a578 in quota_get_resource (root=root at entry=0x2017ef0, mailbox_name=mailbox_name at entry=0x7f517ec8362c "", name=0x7f517ec82a6c "STORAGE_BYTES", value_r=value_r at entry=0x7ffc5d9d4098, limit_r=limit_r at entry=0x7ffc5d9d40a0) at quota.c:696 bytes_limit = 16395163946287022080 count_limit = 0 ignored = false kilobytes = true ret = #28 0x00007f517ec7a8b4 in quota_over_flag_check_root (root=0x2017ef0) at quota.c:1063 name = overquota_script = resources = 0x7f517ee86600 i = 0 value = 0 limit = 0 cur_overquota = false ret = #29 0x00007f517ec7b3f8 in quota_over_flag_check_startup (quota=) at quota.c:1105 i = count = name = #30 0x00007f517f7b71ae in hook_mail_namespaces_created (namespaces=0x201d300) at mail-storage-hooks.c:296 _data_stack_cur_id = 4 hooks__foreach_end = 0x201b530 hooks = 0x201b500 #31 0x00007f517f7ac45f in mail_namespaces_init_finish (namespaces=0x201d300, error_r=error_r at entry=0x7ffc5d9d42b0) at mail-namespace.c:357 _data_stack_cur_id = 3 ns = 0x0 prefixless_found = __FUNCTION__ = "mail_namespaces_init_finish" #32 0x00007f517f7ac674 in mail_namespaces_init (user=0x2019330, error_r=error_r at entry=0x7ffc5d9d42b0) at mail-namespace.c:405 mail_set = 0x201a218 namespaces = 0x201d300 ns_p = i = count = count2 = __FUNCTION__ = "mail_namespaces_init" #33 0x00007f517f7ba275 in mail_storage_service_init_post (ctx=0x2005030, error_r=0x7ffc5d9d42b0, mail_user_r=, priv=0x7ffc5d9d42c0, user=0x2005030) at mail-storage-service.c:730 mail_set = 0x201a218 home = 0x20061f9 "/mnt/storage/xxx/yyy/zzz" mail_user = 0x2019330 #34 mail_storage_service_next_real (mail_user_r=, user=0x2005030, ctx=0x2005030) at mail-storage-service.c:1428 len = temp_priv_drop = priv = {uid = 5000, gid = 1, uid_source = 0x7f517f85e660 "userdb lookup", gid_source = 0x7f517f85e660 "userdb lookup", home = 0x20061f9 "/mnt/storage/xxx/yyy/zzz", chroot = 0x1ff73f8 ""} error = 0x5b5b5b5b5b5b5b5b disallow_root = use_chroot = #35 mail_storage_service_next (ctx=ctx at entry=0x20007c0, user=0x2005030, mail_user_r=mail_user_r at entry=0x7ffc5d9d4390) at mail-storage-service.c:1446 old_log_prefix = 0x2004e40 "imap(test at domain.de): " #36 0x00007f517f7ba5dc in mail_storage_service_lookup_next (ctx=0x20007c0, input=input at entry=0x7ffc5d9d4400, user_r=user_r at entry=0x7ffc5d9d4388, mail_user_r=mail_user_r at entry=0x7ffc5d9d4390, error_r=error_r at entry=0x7ffc5d9d43f8) at mail-storage-service.c:1479 user = 0x2005030 ret = #37 0x0000000000425476 in client_create_from_input (input=input at entry=0x7ffc5d9d4400, fd_in=7, fd_out=7, client_r=client_r at entry=0x7ffc5d9d43f0, error_r=error_r at entry=0x7ffc5d9d43f8) at main.c:228 user = 0x7ffc5d9d44e0 mail_user = 0x2000250 ns = client = imap_set = lda_set = errstr = mail_error = MAIL_ERROR_NONE #38 0x000000000042567f in login_client_connected (login_client=0x2002a10, username=, extra_fields=) at main.c:316 input = {module = 0x42dacc "imap", service = 0x42dacc "imap", username = 0x1ff604b "test at domain.de", session_id = 0x2002a90 "wYnbg9VGoOYKAHZl", session_id_prefix = 0x0, session_create_time = 0, local_ip = {family = 2, u = {ip6 = { __in6_u = {__u6_addr8 = "\n\000v\265", '\000' , __u6_addr16 = {10, 46454, 0, 0, 0, 0, 0, 0}, __u6_addr32 = { 3044409354, 0, 0, 0}}}, ip4 = {s_addr = 3044409354}}}, remote_ip = {family = 2, u = {ip6 = {__in6_u = { __u6_addr8 = "\n\000ve", '\000' , __u6_addr16 = {10, 25974, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {1702232074, 0, 0, 0}}}, ip4 = {s_addr = 1702232074}}}, local_port = 0, remote_port = 0, userdb_fields = 0x1ff6158, flags_override_add = (unknown: 0), flags_override_remove = (unknown: 0), no_userdb_lookup = 0, debug = 0} client = 0x7ffc5d9d4400 flags = error = 0xe38752be6cbac000 __FUNCTION__ = "login_client_connected" #39 0x00007f517f48570e in master_login_auth_finish (client=0x2002a10, auth_args=auth_args at entry=0x1ff6150) at master-login.c:210 login = 0x2001d20 service = 0x1ffe5d0 close_sockets = true __FUNCTION__ = "master_login_auth_finish" #40 0x00007f517f4859bd in master_login_auth_callback (auth_args=0x1ff6150, errormsg=0x0, context=) at master-login.c:379 client = 0x2002a10 conn = 0x2002810 reply = {tag = 7, status = MASTER_AUTH_STATUS_OK, mail_pid = 25953} #41 0x00007f517f48635a in master_login_auth_input_user (args=, auth=) at master-login-auth.c:244 request = 0x2001c20 list = 0x1ff6148 id = 3972268033 #42 master_login_auth_input (auth=0x2001da0) at master-login-auth.c:364 line = #43 0x00007f517f4fc68c in io_loop_call_io (io=0x2001ca0) at ioloop.c:589 ioloop = 0x1ffe730 t_id = 2 __FUNCTION__ = "io_loop_call_io" #44 0x00007f517f4fdb79 in io_loop_handler_run_internal (ioloop=ioloop at entry=0x1ffe730) at ioloop-epoll.c:222 ctx = 0x2000250 io = tv = {tv_sec = 154, tv_usec = 999151} events_count = msecs = ret = 1 i = 0 j = call = __FUNCTION__ = "io_loop_handler_run_internal" #45 0x00007f517f4fc715 in io_loop_handler_run (ioloop=ioloop at entry=0x1ffe730) at ioloop.c:637 No locals. #46 0x00007f517f4fc8b8 in io_loop_run (ioloop=0x1ffe730) at ioloop.c:613 __FUNCTION__ = "io_loop_run" #47 0x00007f517f487ca3 in master_service_run (service=0x1ffe5d0, callback=callback at entry=0x424e10 ) at master-service.c:641 No locals. #48 0x000000000040c622 in main (argc=1, argv=0x1ffe390) at main.c:460 set_roots = {0x42db60 , 0x637180 , 0x0} login_set = {auth_socket_path = 0x1ff6058 "uid=5000", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x4255e0 , failure_callback = 0x424f20 , request_auth_token = 1} service_flags = storage_service_flags = username = 0x0 auth_socket_path = 0x42ea71 "auth-master" c = From mfoley at ohprs.org Tue Jan 24 22:15:27 2017 From: mfoley at ohprs.org (Mark Foley) Date: Tue, 24 Jan 2017 17:15:27 -0500 Subject: Apparent Maildir permission issue In-Reply-To: <9ba241f5-b186-504d-3d56-d193b7de9fd7@KnoxvilleChristian.org> References: <201701161821.v0GILV8o005133@mail.hprs.local> <201701162109.v0GL9ktO013417@mail.hprs.local> <9ba241f5-b186-504d-3d56-d193b7de9fd7@KnoxvilleChristian.org> Message-ID: <201701242215.v0OMFRSR024122@mail.hprs.local> On Mon, 16 Jan 2017 17:51:48 -0500 Bill Shirley wrote: > > I've gotten errors like this when it was actually a selinux denial. If you're running > selinux, check those logs too. > OK, this is getting serious -- mail not getting delivered. No, I am not running selinux. Here is the error I get in the maillog: Jan 24 16:42:49 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/tmp) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) Permission are: $ ls -l /home/HPRS/mark/Maildir/ total 200 drwx------ 2 HPRS\mark domusers 45056 Dec 19 08:13 cur/ -rw------- 1 HPRS\mark domusers 131 Jul 1 2016 dovecot-keywords -rw------- 1 HPRS\mark domusers 5249 Dec 7 23:06 dovecot-uidlist -rw------- 1 HPRS\mark domusers 8 Jul 7 2016 dovecot-uidvalidity -r--r--r-- 1 HPRS\mark domusers 0 Jan 16 2015 dovecot-uidvalidity.54b9def3 -rw------- 1 HPRS\mark domusers 4080 Nov 27 23:28 dovecot.index -rw------- 1 HPRS\mark domusers 88612 Dec 7 23:07 dovecot.index.cache -rw------- 1 HPRS\mark domusers 8748 Dec 7 23:07 dovecot.index.log -rw------- 1 HPRS\mark domusers 2016 Jul 7 2016 dovecot.mailbox.log drwx------ 2 HPRS\mark domusers 12288 Jan 13 12:10 new/ -rw------- 1 HPRS\mark domusers 137 Jul 7 2016 subscriptions drwx------ 2 HPRS\mark domusers 12288 Jan 13 12:10 tmp/ Permission on the Maildir folder for another user who is NOT having this problem: $ ls -l /home/HPRS/shay/Maildir/ total 88 drwx------ 2 HPRS\shay domusers 12288 Jan 24 15:50 cur/ -rw------- 1 HPRS\shay domusers 41 Sep 13 11:59 dovecot-keywords -rw------- 1 HPRS\shay users 1442 Jan 24 15:48 dovecot-uidlist -rw------- 1 HPRS\shay domusers 8 Jan 18 15:13 dovecot-uidvalidity -r--r--r-- 1 HPRS\shay domusers 0 Jul 15 2016 dovecot-uidvalidity.5789a8ca -rw------- 1 HPRS\shay users 1408 Jan 20 08:18 dovecot.index -rw------- 1 HPRS\shay users 12928 Jan 24 15:50 dovecot.index.cache -rw------- 1 HPRS\shay users 20844 Jan 24 15:51 dovecot.index.log -rw------- 1 HPRS\shay domusers 2856 Jan 18 15:13 dovecot.mailbox.log drwx------ 2 HPRS\shay domusers 4096 Jan 24 15:48 new/ -rw------- 1 HPRS\shay users 2906 Jan 18 15:13 subscriptions drwx------ 2 HPRS\shay domusers 4096 Jan 24 15:48 tmp/ You can see that the tmp/ folders for both users are set exactly the same, yet user 'mark' is getting the permission error. mark's mail is not getting delivered; shay's mail is. Why? > On 1/16/2017 4:09 PM, Mark Foley wrote: > > More info ... > > > > This is the only user having this permission problem. All other Thunderbird/dovecot users are > > getting mail file. They all have the same permissions set on their Maildir folder. > > > > --Mark > > > > -----Original Message----- > > From: Mark Foley > > Date: Mon, 16 Jan 2017 13:21:31 -0500 > > Organization: Ohio Highway Patrol Retirement System > > To: dovecot at dovecot.org > > Subject: Apparent Maildir permission issue > > > > I've just upgraded from Slackware 14.1 to 14.2. I've not done anything with dovecot -- it's the > > same version that was running before the upgrade. However, now I'm getting a permission error: > > > > /var/log/maillog: > > > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > Jan 16 13:09:44 mail last message repeated 4 times > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/.Trash) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/tmp) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > Jan 16 13:09:45 mail last message repeated 11 times > > > > Permission on that folder are: > > > > $ ls -ld /home/HPRS/mark/Maildir > > drwx------ 17 HPRS\mark domusers 4096 Dec 7 23:07 /home/HPRS/mark/Maildir/ > > > > Permissions are unchanged since before the backup. > > > > What do I do to fix this? > > > > THX --Mark > From p at sys4.de Tue Jan 24 22:22:27 2017 From: p at sys4.de (Patrick Ben Koetter) Date: Tue, 24 Jan 2017 23:22:27 +0100 Subject: Apparent Maildir permission issue In-Reply-To: <201701242215.v0OMFRSR024122@mail.hprs.local> References: <201701161821.v0GILV8o005133@mail.hprs.local> <201701162109.v0GL9ktO013417@mail.hprs.local> <9ba241f5-b186-504d-3d56-d193b7de9fd7@KnoxvilleChristian.org> <201701242215.v0OMFRSR024122@mail.hprs.local> Message-ID: <20170124222226.GA2312@sys4.de> * Mark Foley : > On Mon, 16 Jan 2017 17:51:48 -0500 Bill Shirley wrote: > > > > I've gotten errors like this when it was actually a selinux denial. If you're running > > selinux, check those logs too. > > > > OK, this is getting serious -- mail not getting delivered. > > No, I am not running selinux. Here is the error I get in the maillog: > > Jan 24 16:42:49 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/tmp) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > Permission are: > > $ ls -l /home/HPRS/mark/Maildir/ > total 200 > drwx------ 2 HPRS\mark domusers 45056 Dec 19 08:13 cur/ > -rw------- 1 HPRS\mark domusers 131 Jul 1 2016 dovecot-keywords > -rw------- 1 HPRS\mark domusers 5249 Dec 7 23:06 dovecot-uidlist > -rw------- 1 HPRS\mark domusers 8 Jul 7 2016 dovecot-uidvalidity > -r--r--r-- 1 HPRS\mark domusers 0 Jan 16 2015 dovecot-uidvalidity.54b9def3 > -rw------- 1 HPRS\mark domusers 4080 Nov 27 23:28 dovecot.index > -rw------- 1 HPRS\mark domusers 88612 Dec 7 23:07 dovecot.index.cache > -rw------- 1 HPRS\mark domusers 8748 Dec 7 23:07 dovecot.index.log > -rw------- 1 HPRS\mark domusers 2016 Jul 7 2016 dovecot.mailbox.log > drwx------ 2 HPRS\mark domusers 12288 Jan 13 12:10 new/ > -rw------- 1 HPRS\mark domusers 137 Jul 7 2016 subscriptions > drwx------ 2 HPRS\mark domusers 12288 Jan 13 12:10 tmp/ > > Permission on the Maildir folder for another user who is NOT having this problem: Move /home/HPRS/mark/ to /home/HPRS/mark_old/ Deliver mail to mark Let dovecot create the new /home/HPRS/mark/ Import mail from /home/HPRS/mark_old to /home/HPRS/mark/ p at rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schlei?heimer Stra?e 26/MG,80333 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From jtam.home at gmail.com Tue Jan 24 22:24:18 2017 From: jtam.home at gmail.com (Joseph Tam) Date: Tue, 24 Jan 2017 14:24:18 -0800 (PST) Subject: Log authentication attempts In-Reply-To: References: Message-ID: On 24.01.2017 00:06, rej ex wrote: > Because we are building some monitoring application, we will need to > record all failed and successful login attempts. We need to record > remote IP, entered password in plain text, and if possible whether auth > request is for SMTP or IMAP session. SMTP? Wouldn't that be handled by your MTA, not Dovecot? AKi Tuomi wrote: > Since 2.2.27 we've had auth policy server support which can do this > properly. As I read the docs, the auth policy server would only get the hashed password, and wouldn't be able to record the plaintext password. Maybe use the checkpassword hook? http://wiki.dovecot.org/AuthDatabase/CheckPassword Joseph Tam From kremels at kreme.com Tue Jan 24 22:29:36 2017 From: kremels at kreme.com (@lbutlr) Date: Tue, 24 Jan 2017 15:29:36 -0700 Subject: Moving to new password scheme Message-ID: <275F8426-C222-4D56-9650-58DF87028FDA@kreme.com> dovecot is setup on a system with MD5-CRYPT password scheme for all users, and I would like to update this to something that is secure, probably SSHA256-CRYPT, but I want to do this seamlessly without the users having to jump through any hoops. The users are in mySQL (managed via postfixadmin) and the mailbox record simply stores the hash in the password field. Users access their accounts though IMAP MUAs or Roundcube. How would I setup my system so that if a user logs in and still has a $1$ password (MD5-CRYPT) their password will be encoded to the new SHCEME and then the SQL row updated with the $5$ password instead? Something where they are redirected after authentication to a page that forces them to renter their password (or choose a new one) is acceptable. And, while I am here, is it worthwhile to set the -r flag to a large number (like something over 100,000 which sets takes about 0.25 seconds to do on my machine)? -- Apple broke AppleScripting signatures in Mail.app, so no random signatures. From listaccount at starionline.com Wed Jan 25 00:52:21 2017 From: listaccount at starionline.com (SH Development) Date: Tue, 24 Jan 2017 18:52:21 -0600 Subject: Clamping down on mailbox sizes... Message-ID: <8544DBAD-FFA0-44EE-9371-30641BC354CB@starionline.com> I don?t want to do this for all users?.but? I have a few users who insist that they use their mailboxes regularly and don?t want it cancelled. Fine. But they won?t clean them out either. What steps would you all recommend for setting quotas on some users but not others? Specifically starting out with identifying WHICH accounts have excessive amounts of crap in them, by age, then sending them a notice stating they are going to get limited, then deleting mail older than x number of days if they don?t do it themselves by a certain time frame... Thoughts? Jeff From rogerklorese at gmail.com Wed Jan 25 00:54:57 2017 From: rogerklorese at gmail.com (Roger Klorese) Date: Wed, 25 Jan 2017 00:54:57 +0000 Subject: Clamping down on mailbox sizes... In-Reply-To: <8544DBAD-FFA0-44EE-9371-30641BC354CB@starionline.com> References: <8544DBAD-FFA0-44EE-9371-30641BC354CB@starionline.com> Message-ID: I'd take the opposite approach and tell them no new mail will be received until they are under quota. On Tue, Jan 24, 2017 at 4:52 PM SH Development wrote: > I don?t want to do this for all users?.but? > > I have a few users who insist that they use their mailboxes regularly and > don?t want it cancelled. Fine. But they won?t clean them out either. > > What steps would you all recommend for setting quotas on some users but > not others? > > Specifically starting out with identifying WHICH accounts have excessive > amounts of crap in them, by age, then sending them a notice stating they > are going to get limited, then deleting mail older than x number of days if > they don?t do it themselves by a certain time frame... > > Thoughts? > > Jeff From listaccount at starionline.com Wed Jan 25 00:57:37 2017 From: listaccount at starionline.com (SH Development) Date: Tue, 24 Jan 2017 18:57:37 -0600 Subject: Clamping down on mailbox sizes... In-Reply-To: References: <8544DBAD-FFA0-44EE-9371-30641BC354CB@starionline.com> Message-ID: In that scenario, what actually happens? Does mail get stored? Or rejected? Or delayed? Jeff > On Jan 24, 2017, at 6:54 PM, Roger Klorese > wrote: > > I'd take the opposite approach and tell them no new mail will be received until they are under quota. > On Tue, Jan 24, 2017 at 4:52 PM SH Development > wrote: > I don?t want to do this for all users?.but? > > I have a few users who insist that they use their mailboxes regularly and don?t want it cancelled. Fine. But they won?t clean them out either. > > What steps would you all recommend for setting quotas on some users but not others? > > Specifically starting out with identifying WHICH accounts have excessive amounts of crap in them, by age, then sending them a notice stating they are going to get limited, then deleting mail older than x number of days if they don?t do it themselves by a certain time frame... > > Thoughts? > > Jeff From mfoley at ohprs.org Wed Jan 25 01:29:24 2017 From: mfoley at ohprs.org (Mark Foley) Date: Tue, 24 Jan 2017 20:29:24 -0500 Subject: Apparent Maildir permission issue In-Reply-To: <66b64c75-f4d6-133b-249e-ca985269668a@dovecot.fi> References: <201701161821.v0GILV8o005133@mail.hprs.local> <201701162109.v0GL9ktO013417@mail.hprs.local> <66b64c75-f4d6-133b-249e-ca985269668a@dovecot.fi> Message-ID: <201701250129.v0P1TOBT017298@mail.hprs.local> On Tue, 17 Jan 2017 12:25:27 +0200 Aki Tuomi wrote: > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > > Just wanted to point out that you have at different UID for the folder > than your EUID (gotten from userdb/passdb). > > Aki > Yes, very puzzling. I'm restoring some older dovecot logs now to see if that was true e.g. in 2016. Perhaps an upgrade of some other software caused a problem. On the other hand, the other user I mentioned in my Jan 24 17:15 message, shay, also shows this UID/EUID discrepancy, but that does not prevent her from getting mail and there is no permission denied error on her messages. More when I know more --Mark > On 16.01.2017 23:09, Mark Foley wrote: > > More info ... > > > > This is the only user having this permission problem. All other Thunderbird/dovecot users are > > getting mail file. They all have the same permissions set on their Maildir folder. > > > > --Mark > > > > -----Original Message----- > > From: Mark Foley > > Date: Mon, 16 Jan 2017 13:21:31 -0500 > > Organization: Ohio Highway Patrol Retirement System > > To: dovecot at dovecot.org > > Subject: Apparent Maildir permission issue > > > > I've just upgraded from Slackware 14.1 to 14.2. I've not done anything with dovecot -- it's the > > same version that was running before the upgrade. However, now I'm getting a permission error: > > > > /var/log/maillog: > > > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > Jan 16 13:09:44 mail last message repeated 4 times > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/.Trash) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/tmp) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > Jan 16 13:09:45 mail last message repeated 11 times > > > > Permission on that folder are: > > > > $ ls -ld /home/HPRS/mark/Maildir > > drwx------ 17 HPRS\mark domusers 4096 Dec 7 23:07 /home/HPRS/mark/Maildir/ > > > > Permissions are unchanged since before the backup. > > > > What do I do to fix this? > > > > THX --Mark > From aki.tuomi at dovecot.fi Wed Jan 25 05:17:09 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 25 Jan 2017 07:17:09 +0200 (EET) Subject: Log authentication attempts In-Reply-To: References: Message-ID: <372849915.1268.1485321430564@appsuite-dev.open-xchange.com> > On January 25, 2017 at 12:24 AM Joseph Tam wrote: > > > On 24.01.2017 00:06, rej ex wrote: > > > Because we are building some monitoring application, we will need to > > record all failed and successful login attempts. We need to record > > remote IP, entered password in plain text, and if possible whether auth > > request is for SMTP or IMAP session. > > SMTP? Wouldn't that be handled by your MTA, not Dovecot? > > AKi Tuomi wrote: > > > Since 2.2.27 we've had auth policy server support which can do this > > properly. > > As I read the docs, the auth policy server would only get the hashed password, and > wouldn't be able to record the plaintext password. > > Maybe use the checkpassword hook? > > http://wiki.dovecot.org/AuthDatabase/CheckPassword > > Joseph Tam So it would seem if you don't read it carefully. auth_policy_request_attributes: Request attributes specification (see attributes section below) Default: auth_policy_request_attributes = login=%{orig_username} pwhash=%{hashed_password} remote=%{real_rip} I invite you to consider what would happen if you were to replace %{hashed_password} with %{password}? Aki From aki.tuomi at dovecot.fi Wed Jan 25 05:38:56 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 25 Jan 2017 07:38:56 +0200 (EET) Subject: Clamping down on mailbox sizes... In-Reply-To: References: <8544DBAD-FFA0-44EE-9371-30641BC354CB@starionline.com> Message-ID: <993846512.1270.1485322737180@appsuite-dev.open-xchange.com> Quota rules can be provided from userdb, see examples in https://wiki2.dovecot.org/Quota/Configuration Aki > On January 25, 2017 at 2:57 AM SH Development wrote: > > > In that scenario, what actually happens? Does mail get stored? Or rejected? Or delayed? > > Jeff > > > > On Jan 24, 2017, at 6:54 PM, Roger Klorese > wrote: > > > > I'd take the opposite approach and tell them no new mail will be received until they are under quota. > > On Tue, Jan 24, 2017 at 4:52 PM SH Development > wrote: > > I don?t want to do this for all users?.but? > > > > I have a few users who insist that they use their mailboxes regularly and don?t want it cancelled. Fine. But they won?t clean them out either. > > > > What steps would you all recommend for setting quotas on some users but not others? > > > > Specifically starting out with identifying WHICH accounts have excessive amounts of crap in them, by age, then sending them a notice stating they are going to get limited, then deleting mail older than x number of days if they don?t do it themselves by a certain time frame... > > > > Thoughts? > > > > Jeff From aki.tuomi at dovecot.fi Wed Jan 25 05:41:42 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 25 Jan 2017 07:41:42 +0200 (EET) Subject: Apparent Maildir permission issue In-Reply-To: <201701250129.v0P1TOBT017298@mail.hprs.local> References: <201701161821.v0GILV8o005133@mail.hprs.local> <201701162109.v0GL9ktO013417@mail.hprs.local> <66b64c75-f4d6-133b-249e-ca985269668a@dovecot.fi> <201701250129.v0P1TOBT017298@mail.hprs.local> Message-ID: <1274097963.1273.1485322903517@appsuite-dev.open-xchange.com> I'm guessing the permissions were different for the target directory. Aki > On January 25, 2017 at 3:29 AM Mark Foley wrote: > > > On Tue, 17 Jan 2017 12:25:27 +0200 Aki Tuomi wrote: > > > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > > > > > Just wanted to point out that you have at different UID for the folder > > than your EUID (gotten from userdb/passdb). > > > > Aki > > > > Yes, very puzzling. I'm restoring some older dovecot logs now to see if that was true e.g. in 2016. > Perhaps an upgrade of some other software caused a problem. On the other hand, the other user I > mentioned in my Jan 24 17:15 message, shay, also shows this UID/EUID discrepancy, but that does > not prevent her from getting mail and there is no permission denied error on her messages. > > More when I know more > > --Mark > > > On 16.01.2017 23:09, Mark Foley wrote: > > > More info ... > > > > > > This is the only user having this permission problem. All other Thunderbird/dovecot users are > > > getting mail file. They all have the same permissions set on their Maildir folder. > > > > > > --Mark > > > > > > -----Original Message----- > > > From: Mark Foley > > > Date: Mon, 16 Jan 2017 13:21:31 -0500 > > > Organization: Ohio Highway Patrol Retirement System > > > To: dovecot at dovecot.org > > > Subject: Apparent Maildir permission issue > > > > > > I've just upgraded from Slackware 14.1 to 14.2. I've not done anything with dovecot -- it's the > > > same version that was running before the upgrade. However, now I'm getting a permission error: > > > > > > /var/log/maillog: > > > > > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > > Jan 16 13:09:44 mail last message repeated 4 times > > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/.Trash) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/tmp) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > > > Jan 16 13:09:45 mail last message repeated 11 times > > > > > > Permission on that folder are: > > > > > > $ ls -ld /home/HPRS/mark/Maildir > > > drwx------ 17 HPRS\mark domusers 4096 Dec 7 23:07 /home/HPRS/mark/Maildir/ > > > > > > Permissions are unchanged since before the backup. > > > > > > What do I do to fix this? > > > > > > THX --Mark > > From news at mefox.org Wed Jan 25 05:57:17 2017 From: news at mefox.org (Michael Fox) Date: Tue, 24 Jan 2017 21:57:17 -0800 Subject: Clamping down on mailbox sizes... In-Reply-To: <8544DBAD-FFA0-44EE-9371-30641BC354CB@starionline.com> References: <8544DBAD-FFA0-44EE-9371-30641BC354CB@starionline.com> Message-ID: <035601d276cf$e2be0ee0$a83a2ca0$@mefox.org> I'm a newbie, so take this for what it's worth. Your question was setting quotas for some but not others. There are global quota rules. You can override them with per user quota rules stored in the userdb. There are examples of both here: https://wiki2.dovecot.org/Quota/Configuration That should be what you're looking for. See also the quota service here: https://wiki2.dovecot.org/Quota This can be used by postfix to test quota status before sending to dovecot, so you can reject the message rather than accept and then bounce. When quota is exceeded, new mail is refused. When folks are approaching or have exceeded quota, I use the quota rules to send them an email at their account, plus their external/alternate email address that we require when they register. That way, they know there's a problem even if they don't check this account. It's probably best to let them deal with which messages they want to delete. Oldest is not necessarily the least important. That said, we have a unique, slow-speed radio application for emergencies where we want to make sure certain POP mailboxes are empty. This is so people don't log in at the beginning of a disaster and crowd the shared radio channel downloading old, irrelevant junk. So we do expunge based on age. And we send an email to them warning that old messages exist in their mailbox, and then also when they are expunged. Again, this goes to their dovecot account plus an external address, just in case they aren't monitoring the dovecot account closely. Michael > -----Original Message----- > From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of SH > Development > Sent: Tuesday, January 24, 2017 4:52 PM > To: dovecot at dovecot.org > Subject: Clamping down on mailbox sizes... > > I don?t want to do this for all users?.but? > > I have a few users who insist that they use their mailboxes regularly and > don?t want it cancelled. Fine. But they won?t clean them out either. > > What steps would you all recommend for setting quotas on some users but > not others? > > Specifically starting out with identifying WHICH accounts have excessive > amounts of crap in them, by age, then sending them a notice stating they > are going to get limited, then deleting mail older than x number of days > if they don?t do it themselves by a certain time frame... > > Thoughts? > > Jeff From skdovecot at smail.inf.fh-brs.de Wed Jan 25 07:01:00 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 25 Jan 2017 08:01:00 +0100 (CET) Subject: Apparent Maildir permission issue In-Reply-To: <201701161821.v0GILV8o005133@mail.hprs.local> References: <201701161821.v0GILV8o005133@mail.hprs.local> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 16 Jan 2017, Mark Foley wrote: I've added some infos from other posts as well > I've just upgraded from Slackware 14.1 to 14.2. I've not done anything with dovecot -- it's the > same version that was running before the upgrade. However, now I'm getting a permission error: > > /var/log/maillog: > > Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) > Jan 16 13:09:44 mail dovecot: imap(mark): Error: stat(/home/HPRS/mark/Maildir/.Trash) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +x perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) 1) Why does both UIDs 3000026 and 10001 translate back to HPRS\mark ? What HPRS\mark translates to? > Permission on that folder are: > > $ ls -ld /home/HPRS/mark/Maildir > drwx------ 17 HPRS\mark domusers 4096 Dec 7 23:07 /home/HPRS/mark/Maildir/ 2) I guess this HPRS\mark is 10001 ? (And not 3000026) > Permissions are unchanged since before the backup. "backup"? You've restored the Maildir's from somewhere else? What was the _numerical_ UID within the backup and what is it now? > This is the only user having this permission problem. All other > Thunderbird/dovecot users are getting mail file. They all have the same > permissions set on their Maildir folder. 3) Does all users have two numerical UIDs? Which numerical UID does the files on the filesystem belong to? to >3000000 or to 1xxxx ? > On the other hand, the other user I mentioned in my Jan 24 17:15 > message, shay, also shows this UID/EUID discrepancy, but that does > not prevent her from getting mail and there is no permission denied > error on her messages. What are those Error messages? I mean the highligted part of Error: **opendir**(/home/HPRS/mark/Maildir) failed . ==== 4) In which way do you assign the uid Dovecot is using to access the filesystem? Does your userdb return ExtraFields like, http://wiki2.dovecot.org/UserIds?highlight=%28system_user%29 ? Are they different between mark and shay? If the numerical UID is derived from the system, check out id mark id shay It looks like your users login with "mark" only? Or are they using HPRS\mark ? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWIhNLHz1H7kL/d9rAQIJnQf+Jp41MJ/2OstRTEDEzVIMIBCdq0i6qR9z Kqh+4hX0aKKopyHTvO/JkbEfqzk9ofkcMzVRh94NgTVwEug0BwjLrtcVyphqclmZ 15JDQnVogCIOT16Nv9COqmqydJQxFpP2BGWIG5mO7USWt/lobvCPKIW6mlSnIh+i ItVdkd3UN71bLCTdG8cUqnBcjjtwd6rrLvLp47294EyvN5XJEUmppw4EpP6nMKU4 G9XkplbSEQjFZxnAcZsWSYKb0JMNL5Z1/v+nbSvnGqeL4luUoH7XfXSDO912VL1G jX5oc2VdrJvIMvtIDsbGDF9CHlRs7IQdMHv0HvK9++Zm79x5Gen1qA== =O6AV -----END PGP SIGNATURE----- From alessio at skye.it Wed Jan 25 08:09:29 2017 From: alessio at skye.it (Alessio Cecchi) Date: Wed, 25 Jan 2017 09:09:29 +0100 Subject: Moving to new password scheme In-Reply-To: <275F8426-C222-4D56-9650-58DF87028FDA@kreme.com> References: <275F8426-C222-4D56-9650-58DF87028FDA@kreme.com> Message-ID: <45232a6d-9766-bf07-3c42-8383c1f9b174@skye.it> Il 24/01/2017 23:29, @lbutlr ha scritto: > dovecot is setup on a system with MD5-CRYPT password scheme for all users, and I would like to update this to something that is secure, probably SSHA256-CRYPT, but I want to do this seamlessly without the users having to jump through any hoops. > > The users are in mySQL (managed via postfixadmin) and the mailbox record simply stores the hash in the password field. Users access their accounts though IMAP MUAs or Roundcube. > > How would I setup my system so that if a user logs in and still has a $1$ password (MD5-CRYPT) their password will be encoded to the new SHCEME and then the SQL row updated with the $5$ password instead? Something where they are redirected after authentication to a page that forces them to renter their password (or choose a new one) is acceptable. > > And, while I am here, is it worthwhile to set the -r flag to a large number (like something over 100,000 which sets takes about 0.25 seconds to do on my machine)? > Hi, you can convert password scheme during the login: http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes Ciao -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice From kremels at kreme.com Wed Jan 25 08:59:52 2017 From: kremels at kreme.com (@lbutlr) Date: Wed, 25 Jan 2017 01:59:52 -0700 Subject: Moving to new password scheme In-Reply-To: <45232a6d-9766-bf07-3c42-8383c1f9b174@skye.it> References: <275F8426-C222-4D56-9650-58DF87028FDA@kreme.com> <45232a6d-9766-bf07-3c42-8383c1f9b174@skye.it> Message-ID: > On Jan 25, 2017, at 1:09 AM, Alessio Cecchi wrote: > > Il 24/01/2017 23:29, @lbutlr ha scritto: >> dovecot is setup on a system with MD5-CRYPT password scheme for all users, and I would like to update this to something that is secure, probably SSHA256-CRYPT, but I want to do this seamlessly without the users having to jump through any hoops. >> >> The users are in mySQL (managed via postfixadmin) and the mailbox record simply stores the hash in the password field. Users access their accounts though IMAP MUAs or Roundcube. >> >> How would I setup my system so that if a user logs in and still has a $1$ password (MD5-CRYPT) their password will be encoded to the new SHCEME and then the SQL row updated with the $5$ password instead? Something where they are redirected after authentication to a page that forces them to renter their password (or choose a new one) is acceptable. >> >> And, while I am here, is it worthwhile to set the -r flag to a large number (like something over 100,000 which sets takes about 0.25 seconds to do on my machine)? >> > Hi, > > you can convert password scheme during the login: > > http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes Thanks, I started to look into that and got stopped no the first step > userdb { > driver = prefetch > } If I set that and reload dovecot users cannot login. dovecot: auth: Fatal: userdb prefetch: No args are supported: /etc/dovecot/dovecot-sql.conf.ext dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs dovecot: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 4 secs): user=<>, # 2.2.27 (c0f36b0): /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.3-RELEASE-p11 i386 auth_failure_delay = 5 secs auth_mechanisms = PLAIN LOGIN default_client_limit = 4096 default_process_limit = 1024 default_vsz_limit = 768 M disable_plaintext_auth = no first_valid_uid = 89 imap_id_log = * lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes login_log_format_elements = user=<%u> %r %m %c mail_location = maildir:~/Maildir mail_max_userip_connections = 90 namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox NotJunk { auto = subscribe } mailbox Sent { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } service imap-postlogin { executable = script-login /usr/local/etc/dovecot/afterlogin.sh user = $default_internal_user } ssl_cert = References: <275F8426-C222-4D56-9650-58DF87028FDA@kreme.com> <45232a6d-9766-bf07-3c42-8383c1f9b174@skye.it> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 25 Jan 2017, @lbutlr wrote: >> On Jan 25, 2017, at 1:09 AM, Alessio Cecchi wrote: >> >> Il 24/01/2017 23:29, @lbutlr ha scritto: >>> dovecot is setup on a system with MD5-CRYPT password scheme for all users, and I would like to update this to something that is secure, probably SSHA256-CRYPT, but I want to do this seamlessly without the users having to jump through any hoops. >>> >>> The users are in mySQL (managed via postfixadmin) and the mailbox record simply stores the hash in the password field. Users access their accounts though IMAP MUAs or Roundcube. >>> >>> How would I setup my system so that if a user logs in and still has a $1$ password (MD5-CRYPT) their password will be encoded to the new SHCEME and then the SQL row updated with the $5$ password instead? Something where they are redirected after authentication to a page that forces them to renter their password (or choose a new one) is acceptable. >>> >>> And, while I am here, is it worthwhile to set the -r flag to a large number (like something over 100,000 which sets takes about 0.25 seconds to do on my machine)? >>> >> Hi, >> >> you can convert password scheme during the login: >> >> http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes > > Thanks, I started to look into that and got stopped no the first step > >> userdb { >> driver = prefetch >> } > > If I set that and reload dovecot users cannot login. > > dovecot: auth: Fatal: userdb prefetch: No args are supported: /etc/dovecot/dovecot-sql.conf.ext > dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs > dovecot: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 4 secs): user=<>, I don't see no prefetch in your config. The error may indicate that you replaced driver = sql by driver = prefetch, which is wrong. http://wiki2.dovecot.org/UserDatabase/Prefetch The idea described on the Wiki page is: During login, most often the same data is collected from the passdb as later from the userdb, therefore you can collect *all* information you would retrieve from userdb { } within passdb queries (that's why the home as userdb_home, \ uid as userdb_uid, gid as userdb_gid, '%w' as userdb_plain_pass entries; the prefix userdb_ indicates that data) and store it for later use by the prefetch database. That's why the prefetch userdb has to preceed the other ones, because if the passdb query filled in the values, the later userdb entries are ignored. You've noticed the '%w' as userdb_plain_pass ? That stores the plain password (if any) to the virtual prefetch userdb entry as field plain_pass. Those fields are available later as environment variables, that's why /usr/local/etc/popafter.sh may use: 1 #!/bin/sh 2 DOVECOTPW=$(doveadm pw -s SHA512-CRYPT -p $PLAIN_PASS) to access it. Now, you are using two passdb's. the PAM passdb won't support this method, I guess. > # 2.2.27 (c0f36b0): /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 10.3-RELEASE-p11 i386 > auth_failure_delay = 5 secs > auth_mechanisms = PLAIN LOGIN > default_client_limit = 4096 > default_process_limit = 1024 > default_vsz_limit = 768 M > disable_plaintext_auth = no > first_valid_uid = 89 > imap_id_log = * > lda_mailbox_autocreate = yes > lda_mailbox_autosubscribe = yes > login_log_format_elements = user=<%u> %r %m %c > mail_location = maildir:~/Maildir > mail_max_userip_connections = 90 > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > auto = subscribe > special_use = \Junk > } > mailbox NotJunk { > auto = subscribe > } > mailbox Sent { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > driver = pam > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocols = imap > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0666 > } > } > service imap-login { > inet_listener imaps { > port = 993 > ssl = yes > } > } > service imap-postlogin { > executable = script-login /usr/local/etc/dovecot/afterlogin.sh > user = $default_internal_user > } > ssl_cert = ssl_key = # hidden, use -P to show it > ssl_protocols = !SSLv2 !SSLv3 > > userdb { > driver = passwd > } > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > default_fields = uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u mail=maildir:/usr/local/virtual/%u > driver = sql > } > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWIhz93z1H7kL/d9rAQJUuQf/UVdPDGn0zVdyTPEG/rfiQGXONpTUArWa FI6h2amH7UwEXqfZ/Z3x3JmbFGgZ/bHavnqgsE+os19DtUIo4LYLBZvZDLA5FErt vSKlzObXzDaofKktIkpu40j3RimRJTjpgilTvh0ne+wJnaCHZTF4pD6YeR7BRHN3 CBCefg6UALG6XLZ9nTOA07l7q/GFSvCaWvqApXpjQwA4DrwwH0ZoFq+peVfblrr7 8oqIVZiWPgiqR2BRxyNpPLU5mOJIcCrWqrSBtpRxPXmqcTjXMgA7TioTs8Jm/ooE wWkKj8GBSlTZjbI1KycJlfPevSbsfxnLKdewpS7WI2Tcr4uEezWTrg== =cUh0 -----END PGP SIGNATURE----- From darix at opensu.se Wed Jan 25 10:57:16 2017 From: darix at opensu.se (Marcus =?UTF-8?B?UsO8Y2tlcnQ=?=) Date: Wed, 25 Jan 2017 11:57:16 +0100 Subject: Timing information for passdb/userdb lookups Message-ID: <20170125115716.692e6fee@barghest.suse.de> Hi, it would be nice to have an option to enable logging for timings without having to go with auth_verbose/auth_debug. If you try to track down if a slowdown for logging in comes from e.g. running out of login workers or if your auth backend is slow it would really help to get just a one line message per userdb/passdb with the timing for this lookup. something like: imap-login(): userdb ldap lookup time 0.4s imap-login(): passdb ldap lookup time 0.2s or even merging into one: imap-login(): userdb ldap lookup time 0.4s passdb ldap lookup time 0.2s darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org From kremels at kreme.com Wed Jan 25 11:47:11 2017 From: kremels at kreme.com (@lbutlr) Date: Wed, 25 Jan 2017 04:47:11 -0700 Subject: Moving to new password scheme In-Reply-To: References: <275F8426-C222-4D56-9650-58DF87028FDA@kreme.com> <45232a6d-9766-bf07-3c42-8383c1f9b174@skye.it> Message-ID: <6717F2B9-8297-49A0-B178-684F9FC37F68@kreme.com> > On Jan 25, 2017, at 2:46 AM, Steffen Kaiser wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 25 Jan 2017, @lbutlr wrote: >>> On Jan 25, 2017, at 1:09 AM, Alessio Cecchi wrote: >>> >>> Il 24/01/2017 23:29, @lbutlr ha scritto: >>>> dovecot is setup on a system with MD5-CRYPT password scheme for all users, and I would like to update this to something that is secure, probably SSHA256-CRYPT, but I want to do this seamlessly without the users having to jump through any hoops. >>>> >>>> The users are in mySQL (managed via postfixadmin) and the mailbox record simply stores the hash in the password field. Users access their accounts though IMAP MUAs or Roundcube. >>>> >>>> How would I setup my system so that if a user logs in and still has a $1$ password (MD5-CRYPT) their password will be encoded to the new SHCEME and then the SQL row updated with the $5$ password instead? Something where they are redirected after authentication to a page that forces them to renter their password (or choose a new one) is acceptable. >>>> >>>> And, while I am here, is it worthwhile to set the -r flag to a large number (like something over 100,000 which sets takes about 0.25 seconds to do on my machine)? >>>> >>> Hi, >>> >>> you can convert password scheme during the login: >>> >>> http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes >> >> Thanks, I started to look into that and got stopped no the first step >> >>> userdb { >>> driver = prefetch >>> } >> >> If I set that and reload dovecot users cannot login. >> >> dovecot: auth: Fatal: userdb prefetch: No args are supported: /etc/dovecot/dovecot-sql.conf.ext >> dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs >> dovecot: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 4 secs): user=<>, > > I don't see no prefetch in your config. No, when I changed userdb { driver = passwd } to prefetch everything failed, so I changed it back immediately so people could login. That was the firs step on the page and I couldn?t get past it. > The error may indicate that you replaced driver = sql by driver = prefetch, which is wrong. driver = sql is in the imap/sql section. The one I tried changing was the bare userdb declaration the just said driver - passwd. I guess I need to ADD another userdb declaration for the prefetch. Does the other int he file matter? I have local users stuff first and then the sql stuff later, but I?m not sure if that matters. > http://wiki2.dovecot.org/UserDatabase/Prefetch > > The idea described on the Wiki page is: > > During login, most often the same data is collected from the passdb as later from the userdb, therefore you can collect *all* information you would retrieve from userdb { } within passdb queries (that's why the home as userdb_home, \ > uid as userdb_uid, gid as userdb_gid, '%w' as userdb_plain_pass entries; the prefix userdb_ indicates that data) and store it for later use by the prefetch database. > > That's why the prefetch userdb has to preceed the other ones, because if the passdb query filled in the values, the later userdb entries are ignored. So Place it first (or at least before all the sql stuff)? > You've noticed the '%w' as userdb_plain_pass ? That stores the plain password (if any) to the virtual prefetch userdb entry as field plain_pass. OK. > Now, you are using two passdb's. the PAM passdb won't support this method, I guess. No, I?m not expecting it to. the local users are mostly my admin accounts and I can just change the passwords on those manually without an issue. I?ll keep at it. Thanks. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures. From skdovecot at smail.inf.fh-brs.de Wed Jan 25 11:57:32 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 25 Jan 2017 12:57:32 +0100 (CET) Subject: Moving to new password scheme In-Reply-To: <6717F2B9-8297-49A0-B178-684F9FC37F68@kreme.com> References: <275F8426-C222-4D56-9650-58DF87028FDA@kreme.com> <45232a6d-9766-bf07-3c42-8383c1f9b174@skye.it> <6717F2B9-8297-49A0-B178-684F9FC37F68@kreme.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 25 Jan 2017, @lbutlr wrote: >> On Jan 25, 2017, at 2:46 AM, Steffen Kaiser wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Wed, 25 Jan 2017, @lbutlr wrote: >>>> On Jan 25, 2017, at 1:09 AM, Alessio Cecchi wrote: >>>> >>>> Il 24/01/2017 23:29, @lbutlr ha scritto: >>>>> dovecot is setup on a system with MD5-CRYPT password scheme for all users, and I would like to update this to something that is secure, probably SSHA256-CRYPT, but I want to do this seamlessly without the users having to jump through any hoops. >>>>> >>>>> The users are in mySQL (managed via postfixadmin) and the mailbox record simply stores the hash in the password field. Users access their accounts though IMAP MUAs or Roundcube. >>>>> >>>>> How would I setup my system so that if a user logs in and still has a $1$ password (MD5-CRYPT) their password will be encoded to the new SHCEME and then the SQL row updated with the $5$ password instead? Something where they are redirected after authentication to a page that forces them to renter their password (or choose a new one) is acceptable. >>>>> >>>>> And, while I am here, is it worthwhile to set the -r flag to a large number (like something over 100,000 which sets takes about 0.25 seconds to do on my machine)? >>>>> >>>> Hi, >>>> >>>> you can convert password scheme during the login: >>>> >>>> http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes >>> >>> Thanks, I started to look into that and got stopped no the first step >>> >>>> userdb { >>>> driver = prefetch >>>> } >>> >>> If I set that and reload dovecot users cannot login. >>> >>> dovecot: auth: Fatal: userdb prefetch: No args are supported: /etc/dovecot/dovecot-sql.conf.ext >>> dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs >>> dovecot: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 4 secs): user=<>, >> >> I don't see no prefetch in your config. > > No, when I changed userdb { driver = passwd } to prefetch everything failed, so I changed it back immediately so people could login. That was the firs step on the page and I couldn?t get past it. > >> The error may indicate that you replaced driver = sql by driver = prefetch, which is wrong. > > driver = sql is in the imap/sql section. The one I tried changing was the bare userdb declaration the just said driver - passwd. > > I guess I need to ADD another userdb declaration for the prefetch. > > Does the other int he file matter? I have local users stuff first and then the sql stuff later, but I?m not sure if that matters. yes, userdb's are checked in the same order as they appear in the config file(s). >> http://wiki2.dovecot.org/UserDatabase/Prefetch >> >> The idea described on the Wiki page is: >> >> During login, most often the same data is collected from the passdb as later from the userdb, therefore you can collect *all* information you would retrieve from userdb { } within passdb queries (that's why the home as userdb_home, \ >> uid as userdb_uid, gid as userdb_gid, '%w' as userdb_plain_pass entries; the prefix userdb_ indicates that data) and store it for later use by the prefetch database. >> >> That's why the prefetch userdb has to preceed the other ones, because if the passdb query filled in the values, the later userdb entries are ignored. > > So Place it first (or at least before all the sql stuff)? yep. >> You've noticed the '%w' as userdb_plain_pass ? That stores the plain password (if any) to the virtual prefetch userdb entry as field plain_pass. > > OK. > >> Now, you are using two passdb's. the PAM passdb won't support this method, I guess. > > No, I?m not expecting it to. the local users are mostly my admin accounts and I can just change the passwords on those manually without an issue. > > I?ll keep at it. Thanks. > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWIiSrHz1H7kL/d9rAQJsZgf+MbLgAk7u3oUrFsVCwoU1yf013/PEUMs1 7bicH0GBotx5FNJt2KwHjjAizOzmHwdMrrIchdSVl6Fb62SOSdtwuykvmfnp2Rpu EUHBXlsyOpIytgDkyZcxnjFb4HyxbHccwoR8OWcFuknPVt/jMbwSxgAS9qjAlEnj wtvy01sn2L7ICevHRE6aaZfY3AeAEIkWPfWKoZLm5FQ6QL8ANnCj4QhKMW94It7Z EFuHx3EjvkUbyZ55fMPTYqPds8SmvW1waYVNSQD8xqZunpGhIOKSd+qIFVoStynX Nn5HG2mYnSKiBJf97UErIQJRkR4rY8DZMlS3RXncaSvl+Th9x5o0Ow== =Gpt5 -----END PGP SIGNATURE----- From Benoit.Branciard at univ-paris1.fr Wed Jan 25 14:13:31 2017 From: Benoit.Branciard at univ-paris1.fr (Benoit Branciard) Date: Wed, 25 Jan 2017 15:13:31 +0100 Subject: 2.2.26.0 : accessing "mdbox_deleted" content destroys indexes Message-ID: Accessing or listing "mdbox_deleted" contents seems to destroy MDBOX indexes. Examples of commands which triggers this problem ($home being the home directory of $user, and mail_location being mdbox:~/mdbox): doveadm -o mail="mdbox_deleted:$home/mdbox" -f table mailbox status -u "$user" 'messages vsize' INBOX doveadm -v import -s -u "$user" "mdbox_deleted:$home/mdbox" restored-mail ALL The above "doveadm mailbox status" command outputs an error: doveadm(user): Error: Log synchronization error at seq=1,offset=104908 for (in-memory index): Append with UID 1, but next_uid = 5227 doveadm(user): Warning: fscking index file (in-memory index) Subsequent "doveadm mailbox status -u $user 'messages vsize'" on the active mailbox report empty folders (null messages and vsize), whereas folders actually aren't empty. Workaround: this problem is corrected by a "doveadm search -u $user all", which obviously forces indexes to be rebuilt. Vesion: 2.2.26.0 (23d1de6) (Debian jessie-backports package) We did *not* have this problem in 2.2.24 version (previous Debian jessie-backports package). We use following mail_location with explicit DIRNAME (don't know if that matters): mail_location = mdbox:~/mdbox:DIRNAME=_@@_dbox-Mails_@@_ I tested with and without appending ":DIRNAME=_@@_dbox-Mails_@@_" to mail="mdbox_deleted:$home/mdbox" with same results. -- Benoit BRANCIARD Service InfraStructures (SIS) Direction du Syst?me d'Information et des Usages Num?riques (DSIUN) Universit? Paris 1 Panth?on-Sorbonne Centre Pierre Mend?s France 90 rue de Tolbiac - 75634 Paris cedex 13 - France Bur. B406 - T?l +33 1 44 07 89 68 - Fax +33 1 44 07 89 66 Accueil: +33 1 44 07 89 65 - Assistance-DSIUN at univ-paris1.fr http://dsi.univ-paris1.fr From mfoley at ohprs.org Wed Jan 25 15:28:06 2017 From: mfoley at ohprs.org (Mark Foley) Date: Wed, 25 Jan 2017 10:28:06 -0500 Subject: Apparent Maildir permission issue In-Reply-To: References: <201701161821.v0GILV8o005133@mail.hprs.local> Message-ID: <201701251528.v0PFS6HJ002327@mail.hprs.local> On Wed, 25 Jan 2017 08:01:00 +0100 (CET) Steffen Kaiser wrote: > 1) Why does both UIDs 3000026 and 10001 translate back to HPRS\mark ? > What HPRS\mark translates to? > > > Permission on that folder are: > > > > $ ls -ld /home/HPRS/mark/Maildir > > drwx------ 17 HPRS\mark domusers 4096 Dec 7 23:07 /home/HPRS/mark/Maildir/ > > 2) I guess this HPRS\mark is 10001 ? (And not 3000026) > > > Permissions are unchanged since before the backup. > > "backup"? You've restored the Maildir's from somewhere else? What was the > _numerical_ UID within the backup and what is it now? "backup" meaning I looked at the permissions on an older routine, backup. No, I did not restore anything. BUT ... I found the problem. I upgraded Samba4 10 days ago from version 4.2.12 to 4.4.8 and, in the course of researching this problem, I found that the A/D authentication was broken: with 4.2.12 on AD/DC: $ getent passwd mark HPRS\mark:*:10001:10000:Mark Foley:/home/HPRS/mark:/bin/false With 4.4.8 on AD/DC: $ getent passwd mark HPRS\mark:*:3000026:100:Mark Foley:/home/HPRS/mark:/bin/bash The new version of Samba is giving me this bogus UID:GID. I've no idea why. I have posted messages on the Samba List asking for help on this. Email clients authenticate with Dovecot via Kerberos/GSSAPI and Dovecot was therefore trying to use 3000026:100 to access Maildir files/directories created with owner 10001:10000. I've done a workaround by added the correct UID, GID for this user to /etc/passwd, although one is not suppose to have AD users in /etc/passwd. However, that is working for the time being. If anyone on this list has had this experience and knows what needs to be fixed, please let me know! Thanks -- Mark From micah at riseup.net Wed Jan 25 20:13:07 2017 From: micah at riseup.net (micah anderson) Date: Wed, 25 Jan 2017 15:13:07 -0500 Subject: Benchmarking auth Message-ID: <87bmuuc2zw.fsf@riseup.net> Hello, I'm attempting to use imaptest to test auths/sec on my imap server, to simulate the number I'm getting now on a new server. Based on my readings of dovecot stats outputs, my current machine is doing somewhere between 11.6 and 196 logins/sec at its busiest, and I want to make sure the new server can handle that amount. With imaptest I attempt to simulate this by just simulating login/logout speed, but I'm not sure I understand the results and where things are being blocked. For testing purposes, I set: mail_max_userip_connections = 6000 mail_max_userip_connections = 6000 auth_worker_max_count = 240 If you have some additional suggestions for what I can also tweak here to improve this, I would like to know. I then ran imaptest with: imaptest clients=196 user=test pass=testpw host=127.0.0.1 port=14300 - select=0 seed=123 secs=300 It doesn't seem like I can simulate *only* authentications/logins. I have to pair them with logouts. It makes me wonder how I can simulate the amount of load on my current live system on this system. How do I read the output? I don't really understand what is being shown here: Logi Logo 100% 100% 0 0 100/100 [51%] does this mean that it tried 100 logins and 100 logouts and 51% succeeded? What are the first two columns? 7 7 104/121 [61%] 6 6 131/139 [70%] 3 3 137/148 (84 stalled >3s) [75%] 84 stalled for more than 3 seconds, how does this relate to the other values presented? 5 5 155/163 (79 stalled >3s) [83%] 1 1 166/166 (107 stalled >3s) [84%] 2 2 168/172 (128 stalled >3s) [87%] 6 5 179/190 (140 stalled >3s) [96%] 22 22 182/196 (136 stalled >3s) 4 3 195/196 (133 stalled >3s) 5845 129 ms/cmd avg I really wonder if these first two columns are ms/cmds? It then continues: Logi Logo 100% 100% 10 11 195/196 (131 stalled >3s) 7 8 194/196 (150 stalled >3s) 3 3 194/196 (171 stalled >3s) 10 9 192/196 (166 stalled >3s) 22 22 182/196 (156 stalled >3s) 8 9 193/196 (153 stalled >3s) - 2 stalled for 16 secs in command: 1 LOGIN "test" "testpw" - 7 stalled for 16 secs in command: 1 LOGIN "test" "testpw" - 8 stalled for 16 secs in command: 1 LOGIN "test" "testpw" - 9 stalled for 16 secs in command: 1 LOGIN "test" "testpw" - 11 stalled for 16 secs in command: 1 LOGIN "test" "testpw" - 12 stalled for 16 secs in command: 1 LOGIN "test" "testpw" - 14 stalled for 16 secs in command: 1 LOGIN "test" "testpw" - 22 stalled for 16 secs in command: 1 LOGIN "test" "testpw" - 25 stalled for 16 secs in command: 1 LOGIN "test" "testpw" ... it starts to build up like this, until I hit control-c twice: - 100 stalled for 17 secs in command: 1 LOGIN "test" "testpw" ^CInfo: Received second SIGINT - stopping immediately 11347 118 ms/cmd avg Totals: Logi Logo 100% 100% 130 134 What are these totals? Thanks! micah From baskaranand_n at rediffmail.com Thu Jan 26 16:18:45 2017 From: baskaranand_n at rediffmail.com (baskar anand) Date: 26 Jan 2017 16:18:45 -0000 Subject: =?utf-8?B?Y291bGQgbm90IHJlY2VpdmUgbWFpbHMgZnJvbSBkb3ZlY290IHBvcDM=?= Message-ID: <20170126161845.6472.qmail@f4mail-235-121.rediffmail.com> Hi Greetings. I have windows server2012R2  and installed Hypervisor  I have installed Ubuntu 16.04 server edition in Virtual machine(hyper-v 2012r2)  Postfix and dovecot are running  dovecot version :2.2.22 (fe789dz)  Able to send mail is ok. mail received in /var/mail/%u  could not receive mail from client Thunderbird.  the only changed option is disable_plaintext_auth = no  Never touched any other option. Ubuntu server ip : 192.168.1.250  (firewall in inactive)client ip : 192.168.1.1 (thunderbird is running in widows server (ip:192.168.1.1)let know how to save the output of dovecot -n from Ubuntu server machineThunder bird settings are: Thankyou.Baskaranand -------------- next part -------------- A non-text attachment was scrubbed... Name: d9f86.1485447522.12.web.rediffmail.com.png Type: image/png Size: 8258 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 7f56a.1485447522.18.web.rediffmail.com.png Type: image/png Size: 8071 bytes Desc: not available URL: From lenaigst at maelenn.org Thu Jan 26 16:39:13 2017 From: lenaigst at maelenn.org (Thierry) Date: Thu, 26 Jan 2017 18:39:13 +0200 Subject: dsync dovecot / Failed connection refused In-Reply-To: <1089937784.20170124114514@maelenn.org> References: <18647088.20170123185809@maelenn.org> <1089937784.20170124114514@maelenn.org> Message-ID: <659813373.20170126183913@maelenn.org> Hi, Jan 26 17:21:40 doveadm(user7 at domain.ltd): Fatal: connect(ip_server_target:4711) failed: Connection refused Jan 26 17:23:59 doveadm(user3 at domain.ltd): Fatal: connect(ip_server_target:4711) failed: Connection refused Jan 26 17:24:44 doveadm(user5 at domain.ltd): Fatal: connect(ip_server_target:4711) failed: Connection refused Jan 26 17:24:44 doveadm(user4 at domain.ltd): Fatal: connect(ip_server_target:4711) failed: Connection refused Jan 26 17:24:44 doveadm(user2 at domain.ltd): Fatal: connect(ip_server_target:4711) failed: Connection refused Jan 26 17:24:44 doveadm(user1 at domain.ltd): Fatal: connect(ip_server_target:4711) failed: Connection refused Jan 26 17:24:44 doveadm(user6 at domain.ltd): Fatal: connect(ip_server_target:4711) failed: Connection refused The config is the same for both server. When checking the FW on both server : ACCEPT tcp -- anywhere anywhere tcp dpt:4711 Is it the FW who is really blocking this port ? Or something else ?? Any ideas ? Thx for your support. Le mardi 24 janvier 2017 ? 11:45:14, vous ?criviez : > Hi Mike, > Is the value of the 'doveadm_port' if I am choosing: mail_replica = > tcp:server1.domain.ltd no ? > I might be wrong too ;) > Thx > Le mardi 24 janvier 2017 ? 11:41:28, vous ?criviez : >> Hello, >> I might be wrong, but the port which will be used for the replicator >> port is the value of 'doveadm_port' which in your case is 4711. >> Mike; >> On 01/23/2017 05:58 PM, Thierry wrote: >>> Dear all, >>> >>> I am using VMWare and I have cloned my emails server. >>> Now I do have two identicals servers, both running the same version of dovecot (2.2.13) and imap. >>> Let's call them: server1.domain.ltd and server2.domain.ltd. >>> I would like to sync both server using dsync. >>> >>> Dovecot is working well except concerning the sync. >>> >>> dsync config server1.domain.ltd >>> >>> # Enable the replication plugin globally >>> mail_plugins = $mail_plugins notify replication >>> >>> # The mail processes need to have access to the replication-notify fifo and socket. >>> service aggregator { >>> fifo_listener replication-notify-fifo { >>> user = vmail >>> mode = 0666 >>> } >>> unix_listener replication-notify { >>> user = vmail >>> mode = 0666 >>> } >>> } >>> >>> # Enable doveadm replicator commands >>> service replicator { >>> unix_listener replicator-doveadm { >>> mode = 0666 >>> } >>> } >>> >>> # Create a listener for doveadm-server >>> service doveadm { >>> user = vmail >>> inet_listener { >>> port = 12345 >>> } >>> } >>> >>> # configure how many dsyncs can be run in parallel (10 by default) >>> replication_max_conns = 10 >>> >>> # tell doveadm client to use this port by default >>> doveadm_port = 4711 >>> >>> #Both the client and the server also need to have a shared secret >>> doveadm_password = {SHA512-CRYPT}$6$rou.................... >>> # use tcp:hostname as the dsync target >>> plugin { >>> #mail_replica = tcp:server2.domain.ltd # use doveadm_port >>> mail_replica = tcp:server2.domain.ltd:12345 # use port 12345 explicitly >>> } >>> >>> service config { >>> unix_listener config { >>> user = vmail >>> } >>> } >>> >>> *************************************************************************************** >>> >>> dsync config server2.domain.ltd >>> >>> # Enable the replication plugin globally >>> mail_plugins = $mail_plugins notify replication >>> >>> # The mail processes need to have access to the replication-notify fifo and socket. >>> service aggregator { >>> fifo_listener replication-notify-fifo { >>> user = vmail >>> mode = 0666 >>> } >>> unix_listener replication-notify { >>> user = vmail >>> mode = 0666 >>> } >>> } >>> >>> # Enable doveadm replicator commands >>> service replicator { >>> unix_listener replicator-doveadm { >>> mode = 0666 >>> } >>> } >>> >>> # Create a listener for doveadm-server >>> service doveadm { >>> user = vmail >>> inet_listener { >>> port = 12345 >>> } >>> } >>> >>> # configure how many dsyncs can be run in parallel (10 by default) >>> replication_max_conns = 10 >>> >>> # tell doveadm client to use this port by default >>> doveadm_port = 4711 >>> >>> #Both the client and the server also need to have a shared secret >>> doveadm_password = {SHA512-CRYPT}$6$ro............. >>> # use tcp:hostname as the dsync target >>> plugin { >>> #mail_replica = tcp:server1.domain.ltd # use doveadm_port >>> mail_replica = tcp:server1.domain.ltd:12345 # use port 12345 explicitly >>> } >>> >>> service config { >>> unix_listener config { >>> user = vmail >>> } >>> } >>> >>> To test both port I have open on my both servers port 12345 and 4711 : >>> >>> Iptables server1: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 >>> ACCEPT tcp -- anywhere anywhere tcp dpt:12345 >>> >>> Iptables server2: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 >>> ACCEPT tcp -- anywhere anywhere tcp dpt:12345 >>> >>> >>> doveadm replicator status '*' >>> username priority fast sync full sync failed >>> user1 at domain.ltd none 00:01:21 11:25:40 y >>> user3 at domain.ltd none 07:31:16 11:25:41 - >>> user2 at domain.ltd none 00:01:21 11:25:40 y >>> user4 at domain.ltd none 11:25:41 11:25:41 - >>> user5 at domain.ltd none 02:17:03 11:25:41 - >>> user6 at domain.ltd none 11:25:40 11:25:40 - >>> user4 at domain.ltd none 00:00:51 11:25:40 y >>> >>> When doing, from server1: "doveadm sync -u user1 at domain.ltd remote:server2.domain.ltd" >>> >>> doveadm(user1 at domain.ltd): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Connection refused >>> doveadm(user1 at domain.ltd): Fatal: /var/run/dovecot/auth-userdb: passdb lookup failed (to see if user is proxied, because doveadm_port is set) >>> dsync-local(user1 at domain.ltd): Error: read(server2.domain.ltd) failed: EOF (version not received) >>> >>> Thx for your help. >>> >>> -- Cordialement, Thierry e-mail : lenaigst at maelenn.org From mikefroehner at gmx.de Thu Jan 26 17:41:31 2017 From: mikefroehner at gmx.de (=?UTF-8?Q?Mike_Fr=c3=b6hner?=) Date: Thu, 26 Jan 2017 18:41:31 +0100 Subject: dsync dovecot / Failed connection refused In-Reply-To: <659813373.20170126183913@maelenn.org> References: <18647088.20170123185809@maelenn.org> <1089937784.20170124114514@maelenn.org> <659813373.20170126183913@maelenn.org> Message-ID: Your output looks like iptables -L -n. Can you add the -v option to check if the rule did handle packages? On 01/26/2017 05:39 PM, Thierry wrote: > ACCEPT tcp -- anywhere anywhere tcp dpt:4711 From lenaigst at maelenn.org Thu Jan 26 18:02:12 2017 From: lenaigst at maelenn.org (Thierry) Date: Thu, 26 Jan 2017 20:02:12 +0200 Subject: dsync dovecot / Failed connection refused In-Reply-To: References: <18647088.20170123185809@maelenn.org> <1089937784.20170124114514@maelenn.org> <659813373.20170126183913@maelenn.org> Message-ID: <1397099597.20170126200212@maelenn.org> Hi, Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2085 476K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 16 960 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:444 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4711 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 2146 packets, 517K bytes) pkts bytes target prot opt in out source destination Le jeudi 26 janvier 2017 ? 19:41:31, vous ?criviez : > Your output looks like iptables -L -n. Can you add the -v option to > check if the rule did handle packages? > On 01/26/2017 05:39 PM, Thierry wrote: >> ACCEPT tcp -- anywhere anywhere tcp dpt:4711 -- Cordialement, Thierry e-mail : lenaigst at maelenn.org From lenaigst at maelenn.org Thu Jan 26 19:24:20 2017 From: lenaigst at maelenn.org (Thierry) Date: Thu, 26 Jan 2017 21:24:20 +0200 Subject: dsync dovecot / Failed connection refused In-Reply-To: <156bae94-800a-22f4-fa5f-af091dc78eda@gmx.de> References: <18647088.20170123185809@maelenn.org> <1089937784.20170124114514@maelenn.org> <659813373.20170126183913@maelenn.org> <1397099597.20170126200212@maelenn.org> <156bae94-800a-22f4-fa5f-af091dc78eda@gmx.de> Message-ID: <1557479781.20170126212420@maelenn.org> Hi, Means that the Dovecot (server1) doesn't "communicate" with the Dovecot (server2) ... They both are on the same subnet ... ... Le jeudi 26 janvier 2017 ? 20:07:58, vous ?criviez : > This means for me, the rule has never touched any packages. > On 01/26/2017 07:02 PM, Thierry wrote: >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4711 -- Cordialement, Thierry e-mail : lenaigst at maelenn.org From skdovecot at smail.inf.fh-brs.de Fri Jan 27 08:41:55 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 27 Jan 2017 09:41:55 +0100 (CET) Subject: could not receive mails from dovecot pop3 In-Reply-To: <20170126161845.6472.qmail@f4mail-235-121.rediffmail.com> References: <20170126161845.6472.qmail@f4mail-235-121.rediffmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 26 Jan 2017, baskar anand wrote: > Hi Greetings. I have windows server2012R2  and installed Hypervisor  I have installed Ubuntu 16.04 server edition in Virtual machine(hyper-v 2012r2) >  Postfix and dovecot are running >  dovecot version :2.2.22 (fe789dz) >  Able to send mail is ok. mail received in /var/mail/%u >  could not receive mail from client Thunderbird. >  the only changed option is disable_plaintext_auth = no Are you sure, this option is in effect? Aka, did you've reload Dovecot and are you sure you edit the correct conf file? >  Never touched any other option. Ubuntu server ip : 192.168.1.250  (firewall in inactive)client ip : 192.168.1.1 (thunderbird is running in widows server (ip:192.168.1.1)let know how to save the output of dovecot -n from Ubuntu server machineThunder bird settings are: Thankyou.Baskaranand > > > > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWIsH03z1H7kL/d9rAQJtmgf7BpyHrO2FDOzzLMkKXDcDzDqoy+yhTjoJ UwYNBJ6chSI9Orr4okNb4/5KQCuv50IjLV4g84s9a0iQPXClG0lKuy5d1cJJkAxZ Bx8Tfdx1suU+3xlqv2kAPZ8ukenD8K3HrnWrb+zvMCWth+F0LlFeQMIyAmakLsxY Q+DYokHJ2G/OoJCG0WZecKEEHpH4oliRHHvA4tJLyUo04WIX1Yh34JZGXYtgTmw/ ahX6CFJvGBexitGjkqb765QmO4z+a/0VeB4Yub6VJEaQHJQBd942dmWabmhbn9qr +AD2RiMVhftF53C2YVzdcm+wb/XLC4Pe2OD7LskAU3btkotdExZttQ== =Qcbd -----END PGP SIGNATURE----- From ekorneechev at altlinux.org Fri Jan 27 14:58:34 2017 From: ekorneechev at altlinux.org (Evgeniy Korneechev) Date: Fri, 27 Jan 2017 17:58:34 +0300 (MSK) Subject: Plugin "mail_crypt" - using folder keys Message-ID: <406817759.137767.1485529114389.JavaMail.zimbra@remotesystems.ru> Hi, i have two questions about using "folder keys" for encryption: 1. If i use this method how can i decrypt files manually? 2. If move a letter to another folder (or remove it), it will be unreadable. Log: imap(cloud): Error: read() failed: read(/home/cloud/Maildir/.Sent.test/cur/1485528498.M838579P2267....) failed: Decryption error: no private key available (uid=5, box=Sent.test, read reason=) imap(cloud): Info: Internal error occurred. Refer to server log for more information. or: imap(cloud): Error: read() failed: read(/home/cloud/Maildir/.Trash/cur/1485528906.M150750P3081....) failed: Decryption error: no private key available How fix it? Thank you in advance. ------------------------------------------------ # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.4.39-std-def-alt0.M80P.1 x86_64 ALT 8.1 Server ..... mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt plugin { mail_crypt_curve = secp521r1 mail_crypt_save_version = 2 } ..... -- WBR, BaseALT/ALTLinux Team From mrobti at insiberia.net Sat Jan 28 07:07:05 2017 From: mrobti at insiberia.net (MRob) Date: Fri, 27 Jan 2017 23:07:05 -0800 Subject: Users with extra mailbox: namespace/mailbox in userdb lookup? Message-ID: <6c741a1e6a5863c859a2f8eb97e9a408@insiberia.net> Hello, We have a need for some users to have an additional folder created and subscribed for them. Is is possible to return an override for the default "namespace inbox" containing the needed mailbox definitions in the userdb lookup for such users? If so, how would the userdb lookup result be formatted? Presumably as just one long string, but how would the setting be named given there can't be a space in it? Can I replace the space with an underscore, e.g. userdb_namespace_inbox = '{ mailbox Drafts { auto=subscribe special_use = \Drafts } mailbox Trash { auto=subscribe special_use = \Trash } }' Or is there some other way to do this? From dovecot at avv.solutions Sat Jan 28 21:22:07 2017 From: dovecot at avv.solutions (dovecot at avv.solutions) Date: Sat, 28 Jan 2017 22:22:07 +0100 Subject: Sharing between domains? Message-ID: <2187de6e-e950-33ee-75e0-1e73c1a68921@avv.solutions> Hello Community, I am facing the following question: how is it possible to share malboxes between domains? Example: - 2 domains present on the same dovecot: domA and domB - userA at domA - userB at domB userA at domA wants to share his mailbox to userB at domB (again same server)? Thank you for your help. Greetz From rs at sys4.de Sat Jan 28 21:40:25 2017 From: rs at sys4.de (Robert Schetterer) Date: Sat, 28 Jan 2017 22:40:25 +0100 Subject: Sharing between domains? In-Reply-To: <2187de6e-e950-33ee-75e0-1e73c1a68921@avv.solutions> References: <2187de6e-e950-33ee-75e0-1e73c1a68921@avv.solutions> Message-ID: <36a9dc21-a129-823c-30f1-1ab90e0dcff4@sys4.de> Am 28.01.2017 um 22:22 schrieb dovecot at avv.solutions: > Hello Community, > > I am facing the following question: how is it possible to share malboxes > between domains? > > Example: > - 2 domains present on the same dovecot: domA and domB > - userA at domA > - userB at domB > > userA at domA wants to share his mailbox to userB at domB (again same server)? > > Thank you for your help. > > Greetz https://wiki2.dovecot.org/ACL this works also cross domain you may use https://addons.mozilla.org/de/thunderbird/addon/imap-acl-extension/ or horde webmail, roundcube webmail Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schlei?heimer Stra?e 26/MG, 80333 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From mauric at gmx.ch Sat Jan 28 23:21:47 2017 From: mauric at gmx.ch (Maurizio Caloro) Date: Sun, 29 Jan 2017 00:21:47 +0100 Subject: tlsv1 alert unknown ca: SSL alert number 48 Message-ID: Hello together Please i'am new to this list, i have already installed Postfix and Dovecot last version from Internet but i have the porblem that the mail do not arive, and with me Cert, i have read on the Dovecot site, but i don't have me found me solutions to fix this. "tlsv1 alert unknown ca: SSL alert number 48" Jan 28 22:42:44 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.1.16, lip=192.168.1.3, TLS: SSL_read() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48, session= # dovecot --version 2.2.27 (c0f36b0) i think that the settings about Cert are done, but if connecting with Thunderbird i will become this error "tlsv1 alert unknown ca: SSL alert number 48" Please you can point me to the right direction, so i can run this Mailserver on me RaspverryPi. Regards Mauri -- "10-ssl.conf" i have editing and Dovecot and Postfix reloaded without problems. # SSL/TLS support: yes, no, required. ssl = yes ssl_cert = , relay=mx01.emig.gmx.net[212.227.17.5]:25, delay=193476, delays=193476/0.03/0.17/0, dsn=4.0.0, status=deferred (host mx01.emig.gmx.net[212.227.17.5] refused to talk to me: 554-gmx.net (mxgmx109) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit http://postmaster.gmx.com/en/error-messages?ip=151.248.162.33&c=bl) Jan 28 22:55:08 raspberrypi postfix/qmgr[940]: 7740F63E0F: from=, size=575, nrcpt=1 (queue active) Jan 28 22:55:08 raspberrypi postfix/qmgr[940]: 98D5D63E0E: from=, size=578, nrcpt=1 (queue active) Jan 28 22:55:08 raspberrypi postfix/qmgr[940]: 9946863E0D: from=, size=550, nrcpt=1 (queue active) Jan 28 22:55:08 raspberrypi postfix/smtp[1926]: 7740F63E0F: host mx01.emig.gmx.net[212.227.17.5] refused to talk to me: 554-gmx.net (mxgmx113) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit http://postmaster.gmx.com/en/error-messages?ip=151.248.162.33&c=bl Jan 28 22:55:08 raspberrypi postfix/smtp[1926]: 7740F63E0F: to=, relay=mx00.emig.gmx.net[212.227.15.9]:25, delay=298205, delays=298205/0.03/0.18/0, dsn=4.0.0, status=deferred (host mx00.emig.gmx.net[212.227.15.9] refused to talk to me: 554-gmx.net (mxgmx006) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit http://postmaster.gmx.com/en/error-messages?ip=151.248.162.33&c=bl) Jan 28 22:55:38 raspberrypi postfix/smtp[1927]: connect to caloro.ch[158.181.112.49]:25: Connection timed out Jan 28 22:55:38 raspberrypi postfix/smtp[1927]: 98D5D63E0E: to=, relay=none, delay=298271, delays=298241/0.03/30/0, dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25: Connection timed out) Jan 28 22:55:38 raspberrypi postfix/smtp[1928]: connect to caloro.ch[158.181.112.49]:25: Connection timed out Jan 28 22:55:38 raspberrypi postfix/smtp[1928]: 9946863E0D: to=, relay=none, delay=298375, delays=298345/0.04/30/0, dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25: Connection timed out) Jan 28 23:00:08 raspberrypi postfix/qmgr[940]: 54EA064AF4: from=<>, size=2460, nrcpt=1 (queue active) Jan 28 23:00:08 raspberrypi postfix/qmgr[940]: 1D29F5F03D: from=<>, size=2471, nrcpt=1 (queue active) Jan 28 23:00:08 raspberrypi postfix/qmgr[940]: 86D2B63F5A: from=, size=581, nrcpt=1 (queue active) Jan 28 23:00:38 raspberrypi postfix/smtp[2011]: connect to caloro.ch[158.181.112.49]:25: Connection timed out Jan 28 23:00:38 raspberrypi postfix/smtp[2013]: connect to caloro.ch[158.181.112.49]:25: Connection timed out Jan 28 23:00:38 raspberrypi postfix/smtp[2012]: connect to caloro.ch[158.181.112.49]:25: Connection timed out Jan 28 23:00:38 raspberrypi postfix/smtp[2011]: 54EA064AF4: to=, relay=none, delay=4596, delays=4566/0.03/30/0, dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25: Connection timed out) Jan 28 23:00:38 raspberrypi postfix/smtp[2013]: 86D2B63F5A: to=, relay=none, delay=4586, delays=4556/0.04/30/0, dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25: Connection timed out) Jan 28 23:00:38 raspberrypi postfix/smtp[2012]: 1D29F5F03D: to=, relay=none, delay=350945, delays=350915/0.03/30/0, dsn=4.4.1, status=deferred (connect to caloro.ch[158.181.112.49]:25: Connection timed out) Jan 28 23:05:08 raspberrypi postfix/qmgr[940]: E3C3C5DA02: from=, size=576, nrcpt=1 (queue active) Jan 28 23:05:08 raspberrypi postfix/error[2058]: E3C3C5DA02: to=, relay=none, delay=21492, delays=21492/0.03/0/0.02, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to caloro.ch[158.181.112.49]:25: Connection timed out) Jan 28 23:10:08 raspberrypi postfix/qmgr[940]: BEB535F03F: from=<>, size=2870, nrcpt=1 (queue active) root at raspberrypi: # doveconf -N # 2.2.27 (c0f36b0): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 4.4.41-v7+ armv7l Debian 8.0 auth_mechanisms = plain disable_plaintext_auth = yes listen = *, :: mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_privileged_group = mail namespace { inbox = yes location = mailbox { special_use = \Drafts name = Drafts } mailbox { special_use = \Junk name = Junk } mailbox { special_use = \Sent name = Sent } mailbox { special_use = \Sent name = Sent Messages } mailbox { special_use = \Trash name = Trash } prefix = name = inbox } passdb { driver = pam name = } passdb { args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users driver = passwd-file name = } protocols = imap pop3 service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service { unix_listener { mode = 0666 path = /var/spool/postfix/private/auth } unix_listener { group = postfix mode = 0666 user = postfix path = auth-userdb } name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } ssl = yes ssl_ca = Hi, I'm running Dovecot with FTS and Apache Solr as backend. What is the command or the query to remove from Solr a deleted user/mailbox? Thanks -- Alessio Cecchi Postmaster AT http://www.qboxmail.it http://www.linkedin.com/in/alessice From jost+lists at dimejo.at Sun Jan 29 10:22:51 2017 From: jost+lists at dimejo.at (Alex JOST) Date: Sun, 29 Jan 2017 11:22:51 +0100 Subject: tlsv1 alert unknown ca: SSL alert number 48 In-Reply-To: References: Message-ID: Am 29.01.2017 um 00:21 schrieb Maurizio Caloro: > > Hello together > > Please i'am new to this list, i have already installed Postfix and > Dovecot last version from Internet > but i have the porblem that the mail do not arive, and with me Cert, i > have read on the Dovecot site, > but i don't have me found me solutions to fix this. "tlsv1 alert unknown > ca: SSL alert number 48" > > Jan 28 22:42:44 dovecot: imap-login: Disconnected (no auth attempts in 0 > secs): user=<>, rip=192.168.1.16, lip=192.168.1.3, TLS: SSL_read() > failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown > ca: SSL alert number 48, session= Is this a self signed cert? Did you import it into Thunderbird? Does the common name match? Enabling the Error Console in Thunderbird (Menu => Extras) might give you a better clue. -- Alex JOST From sven at cs-ware.de Sun Jan 29 10:29:23 2017 From: sven at cs-ware.de (Sven Strickroth) Date: Sun, 29 Jan 2017 11:29:23 +0100 Subject: Crash in 2.2.27 while moving a mail Message-ID: <89c5d198-1ee7-3f06-f1c2-f2710218ad34@cs-ware.de> Hi, I just noticed a crash in Dovecot (2.2.27) on Debian with the Debian version 1:2.2.27-2~bpo8+1: Jan 28 07:50:42 srv1 dovecot: imap(yyy at xxx.de): Panic: file mail-storage.c: line 2170 (mailbox_save_context_reset): assertion failed: (ctx->copying_via_save) Jan 28 07:50:42 srv1 dovecot: imap(yyy at xxx.de): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x97d8e) [0x7f3e7fab8d8e] -> /usr/lib/dovecot/libdovecot.so.0(+0x97e7c) [0x7f3e7fab8e7c] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f3e7fa4f52e] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x421b8) [0x7f3e7fd881b8] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_save_cancel+0x76) [0x7f3e7fd8b4b6] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so(+0xe1b2) [0x7f3e7f2691b2] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x45913) [0x7f3e7fd8b913] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_move+0x29) [0x7f3e7fd8bb29] -> dovecot/imap [yyy at xxx.de 8x.1xx.1x.xx8 UID MOVE](+0xf955) [0x562ff2225955] -> dovecot/imap [yyy at xxx.de 8x.1xx.1x.xx8 UID MOVE](command_exec+0xa6) [0x562ff2232296] -> dovecot/imap [yyy at xxx.de 8x.1xx.1x.xx8 UID MOVE](+0x1a602) [0x562ff2230602] -> dovecot/imap [yyy at xxx.de 8x.1xx.1x.xx8 UID MOVE](+0x1a690) [0x562ff2230690] -> dovecot/imap [yyy at xxx.de 8x.1xx.1x.xx8 UID MOVE](client_handle_input+0x195) [0x562ff2230a55] -> dovecot/imap [yyy at xxx.de 8x.1xx.1x.xx8 UID MOVE](client_input+0x85) [0x562ff2230f65] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x52) [0x7f3e7facd8f2] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10a) [0x7f3e7facef4a] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x3c) [0x7f3e7facd98c] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f3e7facdb38] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f3e7fa55a03] -> dovecot/imap [yyy at xxx.de 8x.1xx.1x.xx8 UID MOVE](main+0x322) [0x562ff2223c32] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f3e7f697b45] -> dovecot/imap [yyy at xxx.de 8x.1xx.1x.xx8 UID MOVE](+0xddaf) [0x562ff2223daf] Jan 28 07:50:42 srv1 dovecot: imap(yyy at xxx.de): Fatal: master: service(imap): child 5772 killed with signal 6 (core dumps disabled) I'm using mdbox and I assume the user wanted to move a mail from the personal mailstore to a shared mailbox (shared by another user). doveconf -n: # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.8.0-0.bpo.2-amd64 x86_64 Debian 8.7 auth_mechanisms = plain login auth_verbose = yes default_client_limit = 2100 default_process_limit = 350 default_vsz_limit = 512 M dict { acldict = mysql:/etc/dovecot/dovecot-dict-user_shares.conf quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf } first_valid_uid = 999 imap_client_workarounds = delay-newmail last_valid_uid = 999 lmtp_save_to_detail_mailbox = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_gid = 8 mail_location = mdbox:~/mdbox mail_plugins = quota zlib acl mail_privileged_group = mail mail_shared_explicit_inbox = yes mail_uid = 999 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto envelope encoded-character subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags namespace { list = children location = mdbox:%%h/mdbox prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes list = yes location = mailbox Archiv { special_use = \Archive } mailbox Archive { special_use = \Archive } mailbox Archives { special_use = \Archive } mailbox Deleted { special_use = \Trash } mailbox "Deleted Items" { special_use = \Trash } mailbox "Deleted Messages" { special_use = \Trash } mailbox Drafts { special_use = \Drafts } mailbox Entw&APw-rfe { special_use = \Drafts } mailbox Entwurf { special_use = \Drafts } mailbox Gel&APY-scht { special_use = \Trash } mailbox "Gel&APY-schte Elemente" { special_use = \Trash } mailbox "Gel&APY-schte Objekte" { special_use = \Trash } mailbox Gesendet { special_use = \Sent } mailbox "Gesendete Elemente" { special_use = \Sent } mailbox "Gesendete Objekte" { special_use = \Sent } mailbox Junk { special_use = \Junk } mailbox Papierkorb { special_use = \Trash } mailbox SPAM { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Items" { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / subscriptions = yes type = private } passdb { args = /etc/dovecot/sql.conf driver = sql } plugin { acl = vfile acl_anyone = allow acl_shared_dict = proxy::acldict quota = dict:user::proxy::quotadict quota_exceeded_message = References: <275F8426-C222-4D56-9650-58DF87028FDA@kreme.com> <45232a6d-9766-bf07-3c42-8383c1f9b174@skye.it> <6717F2B9-8297-49A0-B178-684F9FC37F68@kreme.com> Message-ID: OK, I have the dovecot.conf stuff working so that it calls the external script and I have that script spitting out the login and a SHA256-CRYPT password with hash: Thu Jan 26 06:45:54 MST 2017 USER: xander at xanmax.com {SHA512-CRYPT}$6$CfKc0NdiRkWOisjL$kHAx2oxB? SO, feeling pretty good about that. However, i want to check one more thing, before I start issuing the commands to update the sql database, I will need to update postfixadmin (I think) to use dovecot:SHA256-CRYPT instead of its default $CONF['encrypt'] = 'md5crypt'; yes? And this means that until someone logs in to their mail, they will not be able to login to postfixadmin, right? (This is not a problem, I just want to be sure) -- Apple broke AppleScripting signatures in Mail.app, so no random signatures. From dovecot at avv.solutions Sun Jan 29 23:16:06 2017 From: dovecot at avv.solutions (dovecot at avv.solutions) Date: Mon, 30 Jan 2017 00:16:06 +0100 Subject: Sharing between domains? In-Reply-To: <36a9dc21-a129-823c-30f1-1ab90e0dcff4@sys4.de> References: <2187de6e-e950-33ee-75e0-1e73c1a68921@avv.solutions> <36a9dc21-a129-823c-30f1-1ab90e0dcff4@sys4.de> Message-ID: <97c75014-9cd7-9187-4e97-8dec60db0f28@avv.solutions> Hello Robert, Thank you for your reply. It is the way I did it yes, and it works but only inside the same domain: - setting acl of userA at domA to include userC at domA works well, and appears under the "Shared" pseudo-folder - but setting acl of userA at domA to include userB at domB does not appear under the "Shared" Here is the config ------------------------------------------------- # 2.2.13: /etc/dovecot/dovecot.conf auth_mechanisms = plain login default_login_user = virmail first_valid_gid = 5501 first_valid_uid = 5501 imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags last_valid_gid = 50001 last_valid_uid = 50001 listen = * log_path = /sd/_host-1/var/log/dovecot/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " mail_access_groups = virmail mail_location = maildir:/sd/MAIL_IMAP_POP/%d/%n:LAYOUT=fs mail_plugins = quota notify acl mail_privileged_group = virmail mail_temp_dir = /sd/tmp mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave vnd.dovecot.filter namespace { hidden = no list = children location = maildir:/sd/MAIL_IMAP_POP/%d/Public:LAYOUT=fs:CONTROL=/sd/MAIL_IMAP_POP/%d/%n/__Public:INDEX=/sd/MAIL_IMAP_POP/%d/%n/__Public prefix = Public/ separator = / subscriptions = no type = public name = } namespace { list = yes location = maildir:/sd/MAIL_IMAP_POP/%%d/%%n:LAYOUT=fs:INDEX=/sd/MAIL_IMAP_POP/%d/%n/__Shared/%%u:INDEXPVT=/sd/MAIL_IMAP_POP/%d/%n/__Shared/%%u prefix = Shared/%%d/%%n/ separator = / subscriptions = yes type = shared name = } namespace { inbox = yes location = mailbox { auto = subscribe special_use = \Drafts name = Drafts } mailbox { auto = subscribe special_use = \Junk name = Junk } mailbox { special_use = \Sent name = Sent } mailbox { special_use = \Sent name = Sent Messages } mailbox { special_use = \Trash name = Trash } prefix = separator = / type = private name = inbox } passdb { driver = pam } passdb { args = scheme=CRYPT username_format=%u /sd/MAIL_IMAP_POP/%d/passwd_%d driver = passwd-file } passdb { args = scheme=SHA1 /sd/MAIL_IMAP_POP/%d/passwd_%d driver = passwd-file } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/sd/MAIL_IMAP_POP/%d/shared-mailboxes antispam_backend = pipe antispam_pipe_program = /usr/bin/spamc antispam_pipe_program_args = --username;debian-spamd antispam_pipe_program_notspam_arg = --learntype=ham antispam_pipe_program_spam_arg = --learntype=spam antispam_pipe_tmpdir = /sd/tmp antispam_signature = X-Spam-Flag antispam_signature_missing = move antispam_spam = Spam;Junk antispam_spam_pattern = spam;Spam;junk;Junk antispam_spam_pattern_ignorecase = SPAM;JUNK antispam_trash = trash;Trash;Deleted Items;Deleted Messages antispam_trash_pattern = trash;Trash;Deleted * antispam_trash_pattern_ignorecase = TRASH quota = maildir:User quota:ns= quota2 = maildir:Public quota:ns=Public/ quota2_rule = *:storage=2G quota_exceeded_message = Storage quota for this account has been exceeded, please try again later. quota_rule = *:storage=1G quota_rule2 = Trash:storage=+10%% quota_rule3 = Spam:storage=+20%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_warning = storage=90%% quota-warning 90 %u %d quota_warning2 = storage=75%% quota-warning 75 %u %d sieve = /sd/MAIL_IMAP_POP/%d/%n/__Sieve sieve_after = /sd/MAIL_IMAP_POP/%d/SieveAfter/ sieve_after2 = /sd/MAIL_IMAP_POP/SieveAfter/ sieve_before = /sd/MAIL_IMAP_POP/SieveBefore sieve_default = /sd/_host-1/var/lib/dovecot/sieve/default.sieve sieve_extensions = +vnd.dovecot.filter sieve_filter_bin_dir = /etc/dovecot/sieve-filters sieve_global_dir = /sd/_host-1/var/lib/dovecot/sieve/global/ sieve_plugins = sieve_extprograms } postmaster_address = postmaster at domA protocols = imap sieve service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { user = $default_internal_user name = auth-worker } service { unix_listener { group = postfix mode = 0660 user = postfix path = /var/spool/postfix/private/auth } user = root name = auth } service config { name = config } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service { inet_listener { port = 0 name = imap } inet_listener { port = 993 name = imaps } process_min_avail = 1 user = virmail name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service login/imap { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service { unix_listener { group = postfix mode = 0666 user = postfix path = /var/spool/postfix/private/dovecot-lmtp } name = lmtp } service log-errors { name = log } service sieve { name = managesieve-login } service login/sieve { name = managesieve } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service { executable = script /sd/MAIL_IMAP_POP/_scripts/quota-warning unix_listener { user = virmail path = quota-warning } user = virmail name = quota-warning } service replicator-doveadm { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } ssl_ca = Am 28.01.2017 um 22:22 schrieb dovecot at avv.solutions: >> Hello Community, >> >> I am facing the following question: how is it possible to share malboxes >> between domains? >> >> Example: >> - 2 domains present on the same dovecot: domA and domB >> - userA at domA >> - userB at domB >> >> userA at domA wants to share his mailbox to userB at domB (again same server)? >> >> Thank you for your help. >> >> Greetz > https://wiki2.dovecot.org/ACL > this works also cross domain > > you may use > https://addons.mozilla.org/de/thunderbird/addon/imap-acl-extension/ > > or horde webmail, roundcube webmail > > > Best Regards > MfG Robert Schetterer > From japc at co.sapo.pt Mon Jan 30 01:57:35 2017 From: japc at co.sapo.pt (Jose Celestino) Date: Mon, 30 Jan 2017 01:57:35 +0000 Subject: FTS: how to remove from Solr index deleted mailbox? In-Reply-To: <0ea322336f60ff0fc7556331f239a297@skye.it> References: <0ea322336f60ff0fc7556331f239a297@skye.it> Message-ID: <20170130015735.GA25273@co.sapo.pt> Words by Alessio Cecchi [Sun, Jan 29, 2017 at 10:55:36AM +0100]: > Hi, > > I'm running Dovecot with FTS and Apache Solr as backend. > > What is the command or the query to remove from Solr a deleted user/mailbox? > Something like curl -Li 'http://$SOLR_SERVER:8983/solr/$COLLATION/update?stream.body=user:$USER&commit=true' should do it, and can be easily included on the account deletion procedures. From baskaranand_n at rediffmail.com Mon Jan 30 06:30:07 2017 From: baskaranand_n at rediffmail.com (baskar anand) Date: 30 Jan 2017 06:30:07 -0000 Subject: =?utf-8?B?UmU6IHRsc3YxIGFsZXJ0IHVua25vd24gY2E6IFNTTCBhbGVydCBudW1iZXIgNDg=?= In-Reply-To: Message-ID: <1485645740.S.18007.24102.f4-235-223.1485757806.27780@webmail.rediffmail.com> Hi, Caloro. Greetings. configure the below setting in 10-ssl.cong (My version is dovecot2.2.222) SSL protocols to use = This will clear that error. But you may get with same error while trying to access with different security setting with Thunder Bird client. On Sun, 29 Jan 2017 04:52:20 +0530 Maurizio Caloro wrote > Hello together Please i'am new to this list, i have already installed Postfix and Dovecot last version from Internet but i have the porblem that the mail do not arive, and with me Cert, i have read on the Dovecot site, but i don't have me found me solutions to fix this. "tlsv1 alert unknown ca: SSL alert number 48" Jan 28 22:42:44 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=, rip=192.168.1.16, lip=192.168.1.3, TLS: SSL_read() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48, session= # dovecot --version 2.2.27 (c0f36b0) i think that the settings about Cert are done, but if connecting with Thunderbird i will become this error "tlsv1 alert unknown ca: SSL alert number 48" Please you can point me to the right direction, so i can run this Mailserver on me RaspverryPi. Regards Mauri -- "10-ssl.conf" i have editing and Dovecot and Postfix reloaded without problems. # SSL/TLS support: yes, no, required. ssl = yes ssl_cert = From aki.tuomi at dovecot.fi Mon Jan 30 07:15:08 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 30 Jan 2017 09:15:08 +0200 Subject: Plugin "mail_crypt" - using folder keys In-Reply-To: <406817759.137767.1485529114389.JavaMail.zimbra@remotesystems.ru> References: <406817759.137767.1485529114389.JavaMail.zimbra@remotesystems.ru> Message-ID: <16d8a273-457e-5a15-266e-4cf9bfe7eed2@dovecot.fi> Hi Evgeniy! On 27.01.2017 16:58, Evgeniy Korneechev wrote: > Hi, i have two questions about using "folder keys" for encryption: > > 1. If i use this method how can i decrypt files manually? You have to export the private key from mailbox attributes, see doveadm mailbox cryptokey export. > 2. If move a letter to another folder (or remove it), it will be unreadable. > Log: > imap(cloud): Error: read() failed: read(/home/cloud/Maildir/.Sent.test/cur/1485528498.M838579P2267....) failed: > Decryption error: no private key available (uid=5, box=Sent.test, read reason=) > imap(cloud): Info: Internal error occurred. Refer to server log for more information. > > or: > imap(cloud): Error: read() failed: read(/home/cloud/Maildir/.Trash/cur/1485528906.M150750P3081....) failed: Decryption error: no private key available > > How fix it? > > Thank you in advance. This seems to be a bug, and we are looking into it. Aki From skdovecot at smail.inf.fh-brs.de Mon Jan 30 08:35:41 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 30 Jan 2017 09:35:41 +0100 (CET) Subject: Users with extra mailbox: namespace/mailbox in userdb lookup? In-Reply-To: <6c741a1e6a5863c859a2f8eb97e9a408@insiberia.net> References: <6c741a1e6a5863c859a2f8eb97e9a408@insiberia.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 27 Jan 2017, MRob wrote: > We have a need for some users to have an additional folder created and > subscribed for them. > > Is is possible to return an override for the default "namespace inbox" > containing the needed mailbox definitions in the userdb lookup for such > users? If so, how would the userdb lookup result be formatted? Presumably as Yes, see here: http://wiki2.dovecot.org/UserDatabase/ExtraFields Each setting ist one "Extra Field" > just one long string, but how would the setting be named given there can't be > a space in it? Can I replace the space with an underscore, e.g. > > userdb_namespace_inbox = '{ mailbox Drafts { auto=subscribe special_use = > \Drafts } mailbox Trash { auto=subscribe special_use = \Trash } }' sort of: userdb_namespace/inbox/mailbox/Drafts/auto=subscribe see also: http://www.dovecot.org/list/dovecot/2016-February/103140.html - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWI763Xz1H7kL/d9rAQI+Awf/V0vZpyQMQclFUy7OYDLbR3RsyIGAVT3Z zr7vlbui7wViskBqXriNkucz3vUw9B8S0KdAlJnpFR37Hf7yJg9O/q2YAQF9OcYh HJBNUfOgo8fiCrSFp4R6iInRYXzgM3CFDObm9Rf5OiYjb9sW8taAuX2hT61ccXaW 0sX6MGHgruWGZoZlo0qxo8/5/sb2iY0dNRVEQGaopEHg3DmpeRsJOmbV7XKNaG3v lovL9kHxQkZTT3Tu26ZXCzVjkVYoSD7IgPathdAGzlGbe2M04RnN6GIM5aXGoTOo QxSGpvscIHUheSUa3kTrMb2JPdiwkfZKJckQmrtfAvLkzE1WGKIo9Q== =ZXVy -----END PGP SIGNATURE----- From mrobti at insiberia.net Mon Jan 30 20:39:13 2017 From: mrobti at insiberia.net (MRob) Date: Mon, 30 Jan 2017 12:39:13 -0800 Subject: Users with extra mailbox: namespace/mailbox in userdb lookup? In-Reply-To: References: <6c741a1e6a5863c859a2f8eb97e9a408@insiberia.net> Message-ID: <3e88c8cd624a695a944c5e1ebf717fa2@insiberia.net> Thank you so much Steffen On 2017-01-30 00:35, Steffen Kaiser wrote: From jtam.home at gmail.com Mon Jan 30 21:10:35 2017 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 30 Jan 2017 13:10:35 -0800 (PST) Subject: Moving to new password scheme In-Reply-To: References: Message-ID: Okn Mon, 30 Jan 2017, dovecot-request at dovecot.org wrote: > OK, I have the dovecot.conf stuff working so that it calls the external > script and I have that script spitting out the login and a SHA256-CRYPT > password with hash: > > Thu Jan 26 06:45:54 MST 2017 > USER: xander at xanmax.com > {SHA512-CRYPT}$6$CfKc0NdiRkWOisjL$kHAx2oxB? Did you truncate the results? This hash looks far too short to be a real SHA512 hash. Joseph Tam From listeem at ksb.id.lv Mon Jan 30 21:15:59 2017 From: listeem at ksb.id.lv (KSB) Date: Mon, 30 Jan 2017 23:15:59 +0200 Subject: Moving to new password scheme In-Reply-To: <45232a6d-9766-bf07-3c42-8383c1f9b174@skye.it> References: <275F8426-C222-4D56-9650-58DF87028FDA@kreme.com> <45232a6d-9766-bf07-3c42-8383c1f9b174@skye.it> Message-ID: <8477d5d0-1e45-3d1e-33b0-198d546c59d9@ksb.id.lv> On 2017.01.25. 10:09, Alessio Cecchi wrote: > Il 24/01/2017 23:29, @lbutlr ha scritto: >> dovecot is setup on a system with MD5-CRYPT password scheme for all >> users, and I would like to update this to something that is secure, >> probably SSHA256-CRYPT, but I want to do this seamlessly without the >> users having to jump through any hoops. >> >> The users are in mySQL (managed via postfixadmin) and the mailbox >> record simply stores the hash in the password field. Users access >> their accounts though IMAP MUAs or Roundcube. >> >> How would I setup my system so that if a user logs in and still has a >> $1$ password (MD5-CRYPT) their password will be encoded to the new >> SHCEME and then the SQL row updated with the $5$ password instead? >> Something where they are redirected after authentication to a page >> that forces them to renter their password (or choose a new one) is >> acceptable. >> >> And, while I am here, is it worthwhile to set the -r flag to a large >> number (like something over 100,000 which sets takes about 0.25 >> seconds to do on my machine)? >> > Hi, > > you can convert password scheme during the login: > > http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes > > Ciao > I've done it with nice and short pg's stored procedure. -- KSB From temnota.am at gmail.com Mon Jan 30 08:53:24 2017 From: temnota.am at gmail.com (Andrey Melnikov) Date: Mon, 30 Jan 2017 11:53:24 +0300 Subject: dovecot mdbox never fix broken indexes In-Reply-To: <397ae2b6-2544-f73b-8967-47beec854886@dovecot.fi> References: <397ae2b6-2544-f73b-8967-47beec854886@dovecot.fi> Message-ID: 2017-01-30 11:43 GMT+03:00 Aki Tuomi : > Hi! > > Please send these to dovecot at dovecot.org instead of us directly. Thank you. Ok, added to cc. > Also, did you try force-resync? Not help. # doveadm force-resync -u altek at altek.info \* doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332136) doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: rebuilding indexes doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332196) doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332212) doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: rebuilding indexes doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332272) doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332288) doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: rebuilding indexes doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332348) doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332364) doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: rebuilding indexes doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332424) doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332440) doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: rebuilding indexes doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332500) doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index in logs after force-resync Jan 30 11:49:23 mail dovecot: lmtp(21946): Connect from ::1 Jan 30 11:49:23 mail dovecot: lmtp(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332516) Jan 30 11:49:23 mail dovecot: lmtp(altek at altek.info): Error: Log synchronization error at seq=63,offset=58292 for /srv/vmail/altek.info/altek/storage/dovecot.map.index: Extension record inc drops number below zero (uid=5845, diff=-1, orig=0) Jan 30 11:49:23 mail dovecot: lmtp(altek at altek.info): Error: Log synchronization error at seq=63,offset=78516 for /srv/vmail/altek.info/altek/storage/dovecot.map.index: Extension record inc drops number below zero (uid=11497, diff=-1, orig=0) Jan 30 11:49:23 mail dovecot: lmtp(altek at altek.info): Error: Log synchronization error at seq=63,offset=201684 for /srv/vmail/altek.info/altek/storage/dovecot.map.index: Extension record inc drops number below zero (uid=14249, diff=-2, orig=0) Jan 30 11:49:23 mail dovecot: lmtp(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index Jan 30 11:49:24 mail dovecot: lmtp(altek at altek.info): 7inAKRP+jli6VQAANAhlbg: msgid=<7e59e033dac89045b4429bde28e559aa7ca6662c at 41sem-glav.ru>: saved mail to INBOX Jan 30 11:49:24 mail dovecot: lmtp(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332640) Jan 30 11:49:24 mail dovecot: lmtp(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index Jan 30 11:49:24 mail dovecot: lmtp(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: rebuilding indexes Jan 30 11:49:24 mail dovecot: lmtp(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index Jan 30 11:49:24 mail dovecot: lmtp(21946): Disconnect from ::1: Successful quit > On 30.01.2017 10:20, Andrey Melnikov wrote: >> Hello. >> >> After power crash mdbox index corrupted and dovecot never fix it. >> >> -- cut -- >> Jan 30 09:36:05 mail dovecot: lmtp(altek at altek.info): Warning: mdbox >> /srv/vmail/altek.info/altek/storage: Inconsistency in map index >> (63,31880 != 63,327528) >> Jan 30 09:36:05 mail dovecot: lmtp(altek at altek.info): Error: Log >> synchronization error at seq=63,offset=58292 for >> /srv/vmail/altek.info/altek/storage/dovecot.map.index: Extension >> record inc drops number below zero (uid=5845, diff=-1, orig=0) >> Jan 30 09:36:05 mail dovecot: lmtp(altek at altek.info): Error: Log >> synchronization error at seq=63,offset=78516 for >> /srv/vmail/altek.info/altek/storage/dovecot.map.index: Extension >> record inc drops number below zero (uid=11497, diff=-1, orig=0) >> Jan 30 09:36:05 mail dovecot: lmtp(altek at altek.info): Error: Log >> synchronization error at seq=63,offset=201684 for >> /srv/vmail/altek.info/altek/storage/dovecot.map.index: Extension >> record inc drops number below zero (uid=14249, diff=-2, orig=0) >> Jan 30 09:36:05 mail dovecot: lmtp(altek at altek.info): Warning: fscking >> index file /srv/vmail/altek.info/altek/storage/dovecot.map.index >> Jan 30 09:36:05 mail dovecot: lmtp(altek at altek.info): >> gfPAFtXejlhbOAAANAhlbg: >> msgid=: saved mail to INBOX >> Jan 30 09:36:05 mail dovecot: lmtp(altek at altek.info): Warning: mdbox >> /srv/vmail/altek.info/altek/storage: Inconsistency in map index >> (63,31880 != 63,327652) >> Jan 30 09:36:05 mail dovecot: lmtp(altek at altek.info): Warning: fscking >> index file /srv/vmail/altek.info/altek/storage/dovecot.map.index >> Jan 30 09:36:05 mail dovecot: lmtp(altek at altek.info): Warning: mdbox >> /srv/vmail/altek.info/altek/storage: rebuilding indexes >> Jan 30 09:36:05 mail dovecot: lmtp(altek at altek.info): Warning: fscking >> index file /srv/vmail/altek.info/altek/storage/dovecot.map.index >> Jan 30 09:43:32 mail dovecot: pop3-login: Login: >> user=, method=PLAIN, rip=192.168.0.28, >> lip=192.168.0.1, mpid=14619, session= >> Jan 30 09:43:35 mail dovecot: pop3(altek at altek.info): Warning: mdbox >> /srv/vmail/altek.info/altek/storage: Inconsistency in map index >> (63,31880 != 63,327728) >> Jan 30 09:43:35 mail dovecot: pop3(altek at altek.info): Warning: fscking >> index file /srv/vmail/altek.info/altek/storage/dovecot.map.index >> Jan 30 09:43:35 mail dovecot: pop3(altek at altek.info): Warning: mdbox >> /srv/vmail/altek.info/altek/storage: rebuilding indexes >> Jan 30 09:43:35 mail dovecot: pop3(altek at altek.info): Warning: fscking >> index file /srv/vmail/altek.info/altek/storage/dovecot.map.index >> Jan 30 09:43:35 mail dovecot: pop3(altek at altek.info): Disconnected: >> Logged out top=0/0, retr=4/1676349, del=0/1153, size=439478778 >> Jan 30 09:43:35 mail dovecot: pop3(altek at altek.info): Warning: mdbox >> /srv/vmail/altek.info/altek/storage: Inconsistency in map index >> (63,31880 != 63,327788) >> Jan 30 09:43:35 mail dovecot: pop3(altek at altek.info): Warning: fscking >> index file /srv/vmail/altek.info/altek/storage/dovecot.map.index >> Jan 30 09:43:35 mail dovecot: pop3(altek at altek.info): Warning: fscking >> index file /srv/vmail/altek.info/altek/storage/dovecot.map.index >> Jan 30 09:45:11 mail dovecot: lmtp(altek at altek.info): Warning: mdbox >> /srv/vmail/altek.info/altek/storage: Inconsistency in map index >> (63,31880 != 63,327804) >> Jan 30 09:45:11 mail dovecot: lmtp(altek at altek.info): Error: Log >> synchronization error at seq=63,offset=58292 for >> /srv/vmail/altek.info/altek/storage/dovecot.map.index: Extension >> record inc drops number below zero (uid=5845, diff=-1, orig=0) >> Jan 30 09:45:11 mail dovecot: lmtp(altek at altek.info): Error: Log >> synchronization error at seq=63,offset=78516 for >> /srv/vmail/altek.info/altek/storage/dovecot.map.index: Extension >> record inc drops number below zero (uid=11497, diff=-1, orig=0) >> Jan 30 09:45:11 mail dovecot: lmtp(altek at altek.info): Error: Log >> synchronization error at seq=63,offset=201684 for >> /srv/vmail/altek.info/altek/storage/dovecot.map.index: Extension >> record inc drops number below zero (uid=14249, diff=-2, orig=0) >> Jan 30 09:45:11 mail dovecot: lmtp(altek at altek.info): Warning: fscking >> index file /srv/vmail/altek.info/altek/storage/dovecot.map.index >> Jan 30 09:45:11 mail dovecot: lmtp(altek at altek.info): >> vwxyI/fgjlgyOQAANAhlbg: msgid=<003a01d27ac4$639789e0$2ac69da0$@ru>: >> saved mail to INBOX >> Jan 30 09:45:11 mail dovecot: lmtp(altek at altek.info): Warning: mdbox >> /srv/vmail/altek.info/altek/storage: Inconsistency in map index >> (63,31880 != 63,327928) >> Jan 30 09:45:11 mail dovecot: lmtp(altek at altek.info): Warning: fscking >> index file /srv/vmail/altek.info/altek/storage/dovecot.map.index >> Jan 30 09:45:11 mail dovecot: lmtp(altek at altek.info): Warning: mdbox >> /srv/vmail/altek.info/altek/storage: rebuilding indexes >> Jan 30 09:45:12 mail dovecot: lmtp(altek at altek.info): Warning: fscking >> index file /srv/vmail/altek.info/altek/storage/dovecot.map.index >> -- cut -- > From stephan at rename-it.nl Mon Jan 30 23:04:58 2017 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 31 Jan 2017 00:04:58 +0100 Subject: fts_solr and connection via https:// In-Reply-To: References: <3e405043-9e5b-39a5-6ff1-0c462a7bb8cb@jan-von.de> Message-ID: <836bf373-79be-a2cf-3012-45b238014b1d@rename-it.nl> Op 1/22/2017 om 12:01 PM schreef Stephan Bosch: > Op 1/22/2017 om 10:01 AM schreef Jan Vonde: >> I tried adding the following settings but that didn't help: >> ssl_ca = < /etc/ssl/certs/ca-certificates.crt >> ssl_client_ca_dir = /etc/ssl/certs >> >> Can you give me a hint how I can get the ssl certificate accepted? > That should normally have done the trick. However, the sources tell me > that no ssl_client settings are propagated to the http_client used by > fts-solr, so SSL is not currently supported it seems. > > I'll check how easy it is to add that. Just to keep you informed: I created a patch, but it is still being tested. Regards, Stephan. From jtam.home at gmail.com Tue Jan 31 02:15:20 2017 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 30 Jan 2017 18:15:20 -0800 (PST) Subject: tlsv1 alert unknown ca: SSL alert number 48 In-Reply-To: References: Message-ID: > Jan 28 22:42:44 dovecot: imap-login: Disconnected (no auth attempts in 0 > secs): user=<>, rip=192.168.1.16, lip=192.168.1.3, TLS: SSL_read() > failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown > ca: SSL alert number 48, session= > ... > # SSL/TLS support: yes, no, required. > ssl = yes > ssl_cert = ssl_key = ssl_ca = From mail at jan-von.de Tue Jan 31 05:33:11 2017 From: mail at jan-von.de (Jan Vonde) Date: Tue, 31 Jan 2017 06:33:11 +0100 Subject: fts_solr and connection via https:// In-Reply-To: <836bf373-79be-a2cf-3012-45b238014b1d@rename-it.nl> References: <3e405043-9e5b-39a5-6ff1-0c462a7bb8cb@jan-von.de> <836bf373-79be-a2cf-3012-45b238014b1d@rename-it.nl> Message-ID: <4c177121-f649-11e5-7f34-f91ea20ceb79@jan-von.de> Am 31.01.2017 um 00:04 schrieb Stephan Bosch: > Op 1/22/2017 om 12:01 PM schreef Stephan Bosch: >> Op 1/22/2017 om 10:01 AM schreef Jan Vonde: >>> I tried adding the following settings but that didn't help: >>> ssl_ca = < /etc/ssl/certs/ca-certificates.crt >>> ssl_client_ca_dir = /etc/ssl/certs >>> >>> Can you give me a hint how I can get the ssl certificate accepted? >> That should normally have done the trick. However, the sources tell me >> that no ssl_client settings are propagated to the http_client used by >> fts-solr, so SSL is not currently supported it seems. >> >> I'll check how easy it is to add that. > > Just to keep you informed: I created a patch, but it is still being tested. > Thanks for the update Stephan! Awesome! Looking forward to test it myself :-) \Jan -- Jan Vonde Hermann-Rein-Str. 6 37075 G?ttingen Tel: 0551 - 200 47 58 2 Mobil: 0176 - 83 110 775 http://www.vonde.eu From serwis at poliman.pl Tue Jan 31 07:06:29 2017 From: serwis at poliman.pl (Poliman - Serwis) Date: Tue, 31 Jan 2017 08:06:29 +0100 Subject: Dovecot auth-worker error after cram-md5 auth Message-ID: I set up cram-md5 using this tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in passdb code block: listen = *,[::] protocols = imap pop3 #auth_mechanisms = plain login cram-md5 auth_mechanisms = cram-md5 plain login #dodana nizej linia ssl = required disable_plaintext_auth = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail postmaster_address = postmaster at vps342401.ovh.net ssl_cert = * From aki.tuomi at dovecot.fi Tue Jan 31 07:08:29 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 31 Jan 2017 09:08:29 +0200 Subject: Dovecot auth-worker error after cram-md5 auth In-Reply-To: References: Message-ID: <079ab92e-9492-c1bf-6f1c-839f988fd13a@dovecot.fi> On 31.01.2017 09:06, Poliman - Serwis wrote: > I set up cram-md5 using this tutorial > https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in > passdb code block: > listen = *,[::] > protocols = imap pop3 > #auth_mechanisms = plain login cram-md5 > auth_mechanisms = cram-md5 plain login > #dodana nizej linia > ssl = required > disable_plaintext_auth = yes > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_privileged_group = vmail > postmaster_address = postmaster at vps342401.ovh.net > ssl_cert = ssl_key = ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > ssl_cipher_list = > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: > :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ > ssl_prefer_server_ciphers = yes > ssl_dh_parameters_length = 2048 > > > mail_max_userip_connections = 100 > passdb { > # args = /etc/dovecot/dovecot-sql.conf > # driver = sql > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > Of course I created cram-md5.pwd file. All mails go out and come nicely. > But after I want to do default settings by commented out these two lines: > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > and uncomment > # args = /etc/dovecot/dovecot-sql.conf > # driver = sql > I can't send emails - I use Thunderbird - get error "logging on server > mail.example.com not work out". Error in logs: > dovecot: auth-worker(22698): Error: Auth worker sees different > passdbs/userdbs than auth server. > dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF > > Is it possible that hashed password from cram-md5.pwd file was written to > database (if yes then where - I have ISPconfig)? I wasn't change any userdb > {} block and this second userdb block has this same lines like default > settings in passdb block. > Try auth_debug=yes auth_verbose=yes and see if it gives any more reasonable messages. Aki From serwis at poliman.pl Tue Jan 31 07:16:48 2017 From: serwis at poliman.pl (Poliman - Serwis) Date: Tue, 31 Jan 2017 08:16:48 +0100 Subject: Dovecot auth-worker error after cram-md5 auth In-Reply-To: <079ab92e-9492-c1bf-6f1c-839f988fd13a@dovecot.fi> References: <079ab92e-9492-c1bf-6f1c-839f988fd13a@dovecot.fi> Message-ID: Thank You for answer. Where could I setup these two lines? 2017-01-31 8:08 GMT+01:00 Aki Tuomi : > > > On 31.01.2017 09:06, Poliman - Serwis wrote: > > I set up cram-md5 using this tutorial > > https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in > > passdb code block: > > listen = *,[::] > > protocols = imap pop3 > > #auth_mechanisms = plain login cram-md5 > > auth_mechanisms = cram-md5 plain login > > #dodana nizej linia > > ssl = required > > disable_plaintext_auth = yes > > log_timestamp = "%Y-%m-%d %H:%M:%S " > > mail_privileged_group = vmail > > postmaster_address = postmaster at vps342401.ovh.net > > ssl_cert = > ssl_key = > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > > ssl_cipher_list = > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: > > :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ > > ssl_prefer_server_ciphers = yes > > ssl_dh_parameters_length = 2048 > > > > > > mail_max_userip_connections = 100 > > passdb { > > # args = /etc/dovecot/dovecot-sql.conf > > # driver = sql > > driver = passwd-file > > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > } > > userdb { > > driver = prefetch > > } > > userdb { > > args = /etc/dovecot/dovecot-sql.conf > > driver = sql > > } > > Of course I created cram-md5.pwd file. All mails go out and come nicely. > > But after I want to do default settings by commented out these two lines: > > driver = passwd-file > > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > and uncomment > > # args = /etc/dovecot/dovecot-sql.conf > > # driver = sql > > I can't send emails - I use Thunderbird - get error "logging on server > > mail.example.com not work out". Error in logs: > > dovecot: auth-worker(22698): Error: Auth worker sees different > > passdbs/userdbs than auth server. > > dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF > > > > Is it possible that hashed password from cram-md5.pwd file was written to > > database (if yes then where - I have ISPconfig)? I wasn't change any > userdb > > {} block and this second userdb block has this same lines like default > > settings in passdb block. > > > Try > > auth_debug=yes > auth_verbose=yes > > and see if it gives any more reasonable messages. > > Aki > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *serwis at poliman.pl * From ekorneechev at altlinux.org Tue Jan 31 07:27:18 2017 From: ekorneechev at altlinux.org (Evgeniy Korneechev) Date: Tue, 31 Jan 2017 10:27:18 +0300 (MSK) Subject: Dovecot auth-worker error after cram-md5 auth In-Reply-To: References: <079ab92e-9492-c1bf-6f1c-839f988fd13a@dovecot.fi> Message-ID: <484732067.157397.1485847638585.JavaMail.zimbra@remotesystems.ru> ----- ???????? ????????? ----- > ??: "Poliman - Serwis" > ????: "Aki Tuomi" > ?????: "dovecot" > ????????????: ???????, 31 ?????? 2017 ? 10:16:48 > ????: Re: Dovecot auth-worker error after cram-md5 auth > Thank You for answer. Where could I setup these two lines? dovecot.conf? -- WBR, BaseALT/ALTLinux Team From serwis at poliman.pl Tue Jan 31 07:47:28 2017 From: serwis at poliman.pl (Poliman - Serwis) Date: Tue, 31 Jan 2017 08:47:28 +0100 Subject: Dovecot auth-worker error after cram-md5 auth In-Reply-To: <484732067.157397.1485847638585.JavaMail.zimbra@remotesystems.ru> References: <079ab92e-9492-c1bf-6f1c-839f988fd13a@dovecot.fi> <484732067.157397.1485847638585.JavaMail.zimbra@remotesystems.ru> Message-ID: Output will be in console or in some king of log file? 2017-01-31 8:27 GMT+01:00 Evgeniy Korneechev : > ----- ???????? ????????? ----- > > ??: "Poliman - Serwis" > > ????: "Aki Tuomi" > > ?????: "dovecot" > > ????????????: ???????, 31 ?????? 2017 ? 10:16:48 > > ????: Re: Dovecot auth-worker error after cram-md5 auth > > > Thank You for answer. Where could I setup these two lines? > > dovecot.conf? > > -- > WBR, > BaseALT/ALTLinux Team > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *serwis at poliman.pl * From aki.tuomi at dovecot.fi Tue Jan 31 07:52:21 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 31 Jan 2017 09:52:21 +0200 Subject: Dovecot auth-worker error after cram-md5 auth In-Reply-To: References: <079ab92e-9492-c1bf-6f1c-839f988fd13a@dovecot.fi> <484732067.157397.1485847638585.JavaMail.zimbra@remotesystems.ru> Message-ID: On 31.01.2017 09:47, Poliman - Serwis wrote: > Output will be in console or in some king of log file? > > 2017-01-31 8:27 GMT+01:00 Evgeniy Korneechev : > >> ----- ???????? ????????? ----- >>> ??: "Poliman - Serwis" >>> ????: "Aki Tuomi" >>> ?????: "dovecot" >>> ????????????: ???????, 31 ?????? 2017 ? 10:16:48 >>> ????: Re: Dovecot auth-worker error after cram-md5 auth >>> Thank You for answer. Where could I setup these two lines? >> dovecot.conf? >> >> -- >> WBR, >> BaseALT/ALTLinux Team >> > > That depends on your logging settings, but it will emit them into whatever your debug_log_path is. Default is syslog. Aki From aki.tuomi at dovecot.fi Tue Jan 31 10:03:12 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 31 Jan 2017 12:03:12 +0200 (EET) Subject: dovecot mdbox never fix broken indexes In-Reply-To: References: <397ae2b6-2544-f73b-8967-47beec854886@dovecot.fi> Message-ID: <287671935.26.1485856993222@appsuite-dev.open-xchange.com> > On January 30, 2017 at 10:53 AM Andrey Melnikov wrote: > > > 2017-01-30 11:43 GMT+03:00 Aki Tuomi : > > Hi! > > > > Please send these to dovecot at dovecot.org instead of us directly. Thank you. > Ok, added to cc. > > > Also, did you try force-resync? > > Not help. Is Jan 30 09:36:05 mail dovecot: lmtp(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,327528) the first log entry about inconsistency? Also, if the file has indeed corrupted due to power loss, it's possible it's beyond repair, and you will have to delete the index file. This has the down side of losing flags, but it should repair this. Aki From temnota.am at gmail.com Tue Jan 31 10:39:40 2017 From: temnota.am at gmail.com (Andrey Melnikov) Date: Tue, 31 Jan 2017 13:39:40 +0300 Subject: dovecot mdbox never fix broken indexes In-Reply-To: <287671935.26.1485856993222@appsuite-dev.open-xchange.com> References: <397ae2b6-2544-f73b-8967-47beec854886@dovecot.fi> <287671935.26.1485856993222@appsuite-dev.open-xchange.com> Message-ID: 2017-01-31 13:03 GMT+03:00 Aki Tuomi : > >> On January 30, 2017 at 10:53 AM Andrey Melnikov wrote: >> >> >> 2017-01-30 11:43 GMT+03:00 Aki Tuomi : >> > Hi! >> > >> > Please send these to dovecot at dovecot.org instead of us directly. Thank you. >> Ok, added to cc. >> >> > Also, did you try force-resync? >> >> Not help. > > Is > > Jan 30 09:36:05 mail dovecot: lmtp(altek at altek.info): Warning: mdbox > /srv/vmail/altek.info/altek/storage: Inconsistency in map index > (63,31880 != 63,327528) > > the first log entry about inconsistency? Jan 13 13:17:59 mail dovecot: pop3-login: Login: user=, method=PLAIN, rip=192.168.0.28, lip=192.168.0.1, mpid=3482, session= Jan 13 13:17:59 mail dovecot: pop3(altek at altek.info): Error: Corrupted index cache file /srv/vmail/altek.info/altek/mailboxes/INBOX/dbox-Mails/dovecot.index.cache: invalid record size Jan 13 13:18:06 mail dovecot: pop3(altek at altek.info): Disconnected: Logged out top=0/0, retr=10/4412776, del=0/2634, size=749609216 Jan 13 13:27:02 mail dovecot: lmtp(3636): Connect from ::1 Jan 13 13:27:02 mail dovecot: lmtp(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,31992) Jan 13 13:27:02 mail dovecot: lmtp(altek at altek.info): UfL0G3areFg0DgAANAhlbg: msgid=: saved mail to INBOX Jan 13 13:27:02 mail dovecot: lmtp(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,32116) Jan 13 13:27:02 mail dovecot: lmtp(altek at altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index Jan 13 13:27:02 mail dovecot: lmtp(altek at altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: rebuilding indexes Jan 13 13:27:15 mail dovecot: lmtp(3636): Disconnect from ::1: Successful quit >Also, if the file has indeed corrupted due to power loss, it's possible it's beyond repair, and you will have to delete the index file. This has the down side of losing flags, but it should repair this. Why dovecot not repair it by itself? From Benoit.Branciard at univ-paris1.fr Tue Jan 31 10:46:32 2017 From: Benoit.Branciard at univ-paris1.fr (Benoit Branciard) Date: Tue, 31 Jan 2017 11:46:32 +0100 Subject: UPD: 2.2.27 : accessing "mdbox_deleted" content destroys indexes In-Reply-To: References: Message-ID: <144d0253-5a44-0d21-2a2c-bac6cc242e03@univ-paris1.fr> Just to say this bug is still present in 2.2.27 (1:2.2.27-2~bpo8+1 jessie-backports Debian package). # dovecot --version 2.2.27 (c0f36b0) mail_location = mdbox:~/mdbox:DIRNAME=_@@_dbox-Mails_@@_ Please let me know if you want me to transmit our "doveconf -n" output. Regards, Le 25/01/2017 ? 15:13, Benoit Branciard a ?crit : > Accessing or listing "mdbox_deleted" contents seems to destroy MDBOX > indexes. > > Examples of commands which triggers this problem ($home being the home > directory of $user, and mail_location being mdbox:~/mdbox): > > doveadm -o mail="mdbox_deleted:$home/mdbox" -f table mailbox status -u > "$user" 'messages vsize' INBOX > > doveadm -v import -s -u "$user" "mdbox_deleted:$home/mdbox" > restored-mail ALL > > The above "doveadm mailbox status" command outputs an error: > > doveadm(user): Error: Log synchronization error at seq=1,offset=104908 > for (in-memory index): Append with UID 1, but next_uid = 5227 > doveadm(user): Warning: fscking index file (in-memory index) > > Subsequent "doveadm mailbox status -u $user 'messages vsize'" on the > active mailbox report empty folders (null messages and vsize), whereas > folders actually aren't empty. > > Workaround: this problem is corrected by a "doveadm search -u $user > all", which obviously forces indexes to be rebuilt. > > Vesion: 2.2.26.0 (23d1de6) (Debian jessie-backports package) > > We did *not* have this problem in 2.2.24 version (previous Debian > jessie-backports package). > > We use following mail_location with explicit DIRNAME (don't know if that > matters): > > mail_location = mdbox:~/mdbox:DIRNAME=_@@_dbox-Mails_@@_ > > I tested with and without appending ":DIRNAME=_@@_dbox-Mails_@@_" to > mail="mdbox_deleted:$home/mdbox" with same results. > > -- Benoit BRANCIARD Service InfraStructures (SIS) Direction du Syst?me d'Information et des Usages Num?riques (DSIUN) Universit? Paris 1 Panth?on-Sorbonne Centre Pierre Mend?s France 90 rue de Tolbiac - 75634 Paris cedex 13 - France Bur. B406 - T?l +33 1 44 07 89 68 - Fax +33 1 44 07 89 66 Accueil: +33 1 44 07 89 65 - Assistance-DSIUN at univ-paris1.fr http://dsi.univ-paris1.fr From aki.tuomi at dovecot.fi Tue Jan 31 10:56:41 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 31 Jan 2017 12:56:41 +0200 Subject: dovecot mdbox never fix broken indexes In-Reply-To: References: <397ae2b6-2544-f73b-8967-47beec854886@dovecot.fi> <287671935.26.1485856993222@appsuite-dev.open-xchange.com> Message-ID: On 31.01.2017 12:39, Andrey Melnikov wrote: > 2017-01-31 13:03 GMT+03:00 Aki Tuomi : >>> On January 30, 2017 at 10:53 AM Andrey Melnikov wrote: >>> >>> >>> 2017-01-30 11:43 GMT+03:00 Aki Tuomi : >>>> Hi! >>>> >>>> Please send these to dovecot at dovecot.org instead of us directly. Thank you. >>> Ok, added to cc. >>> >>>> Also, did you try force-resync? >>> Not help. >> Is >> >> Jan 30 09:36:05 mail dovecot: lmtp(altek at altek.info): Warning: mdbox >> /srv/vmail/altek.info/altek/storage: Inconsistency in map index >> (63,31880 != 63,327528) >> >> the first log entry about inconsistency? > Jan 13 13:17:59 mail dovecot: pop3-login: Login: > user=, method=PLAIN, rip=192.168.0.28, > lip=192.168.0.1, mpid=3482, session= > Jan 13 13:17:59 mail dovecot: pop3(altek at altek.info): Error: Corrupted > index cache file > /srv/vmail/altek.info/altek/mailboxes/INBOX/dbox-Mails/dovecot.index.cache: > invalid record size > Jan 13 13:18:06 mail dovecot: pop3(altek at altek.info): Disconnected: > Logged out top=0/0, retr=10/4412776, del=0/2634, size=749609216 > > Jan 13 13:27:02 mail dovecot: lmtp(3636): Connect from ::1 > Jan 13 13:27:02 mail dovecot: lmtp(altek at altek.info): Warning: mdbox > /srv/vmail/altek.info/altek/storage: Inconsistency in map index > (63,31880 != 63,31992) > Jan 13 13:27:02 mail dovecot: lmtp(altek at altek.info): > UfL0G3areFg0DgAANAhlbg: > msgid=: saved mail to > INBOX > Jan 13 13:27:02 mail dovecot: lmtp(altek at altek.info): Warning: mdbox > /srv/vmail/altek.info/altek/storage: Inconsistency in map index > (63,31880 != 63,32116) > Jan 13 13:27:02 mail dovecot: lmtp(altek at altek.info): Warning: fscking > index file /srv/vmail/altek.info/altek/storage/dovecot.map.index > Jan 13 13:27:02 mail dovecot: lmtp(altek at altek.info): Warning: mdbox > /srv/vmail/altek.info/altek/storage: rebuilding indexes > Jan 13 13:27:15 mail dovecot: lmtp(3636): Disconnect from ::1: Successful quit > >> Also, if the file has indeed corrupted due to power loss, it's possible it's beyond repair, and you will have to delete the index file. This has the down side of losing flags, but it should repair this. > Why dovecot not repair it by itself? > It really should, as it's saying... Have to see why it's not successful in this. Aki From mail at tomsommer.dk Tue Jan 31 12:49:51 2017 From: mail at tomsommer.dk (Tom Sommer) Date: Tue, 31 Jan 2017 13:49:51 +0100 Subject: Auth cache does not take %real_rip into account Message-ID: I run a Director setup with a webmail in front, the webmail is in login_trusted_networks and sends IMAP-ID x-original-ip to log the client IP. If I enable auth_debug on the director, I see that the cache key contains the client IP, and not the %real_rip. This is causing problems because in my passdb SQL query, I use the %real_rip to determine if login is allowed. Should %real_rip not be added to the auth cache key? Or should it be the cache key instead of the %rip? Thanks -- Tom From jan at kivitendo-premium.de Tue Jan 31 15:26:15 2017 From: jan at kivitendo-premium.de (=?UTF-8?Q?Jan_B=c3=bcren?=) Date: Tue, 31 Jan 2017 16:26:15 +0100 Subject: dovecot 2.2.18 replication I/O Timeout Message-ID: Dear list, I am having an issue like this http://www.dovecot.org/list/dovecot-cvs/2014-September/024898.html with my current dovecot 2.2.18 Concret: doveadm -Dv replicator replicate -p high -f info throws an I/O Timeout error and the only thing I can see are some lock issues: Error: Couldn't lock /var/vmail/info/.dovecot-sync.lock: Timed out after 30 seconds Can I debug the communication one level deeper? I replicate over a somewhat slow DSL connection. I had the some problem with dovecot 2.2.9 and after upgrading to 2.2.15 everything went smoothly, just a wild guess, maybe the timeout_reset was removed again? Well, doesn't look like it: https://github.com/dovecot/core/blob/master/src/doveadm/dsync/dsync-ibc-stream.c or https://github.com/dovecot/core/blame/master/src/doveadm/dsync/dsync-ibc-stream.c Some debug hints would be nice. Thanks! Jan -- Blog http://blog.kivitendo.de/ kivitendo GmbH Jan B?ren K?lnstr. 311 53117 Bonn USt-IdNr. DE292363254 Telefon: 0228 92 98 2012 pers?nliche Durchwahl: 0228 92 97 8965 From kp at asom-net.dk Tue Jan 31 15:36:35 2017 From: kp at asom-net.dk (Kristian Pedersen) Date: Tue, 31 Jan 2017 16:36:35 +0100 Subject: quota-status returns quota_status_success when email would put user over quota In-Reply-To: <58870F64.2030906@asom-net.dk> References: <58870F64.2030906@asom-net.dk> Message-ID: <5890AF03.30308@asom-net.dk> Hi list, We still did not manage to get quota-status working. We're hoping someone can provide some feedback/ideas on how we may investigate this issue further? Is it likely to be a bug fixed in a newer version? Regards, Kristian On 2017-01-24 09:25, Kristian Pedersen wrote: > Hi list, > > I am attempting to get quota-status service working, so I can deny > email at the initial smtp dialog instead of generating bounces with lda. > > I can't seem to get quota-status to return quota_status_overquota, > even when an email would put an account over quota. > > Quota in general works fine: > Jan 22 06:39:23 mail dovecot: lda(xx at yy.dk): > msgid=<25c5bdb20d58fc4f649f716a947613dc at zz.org>: save failed to INBOX: > Quota exceeded (mailbox for user is full) > Jan 22 06:39:23 mail dovecot: lda(xx at yy.dk): > msgid=<25c5bdb20d58fc4f649f716a947613dc at zz.org>: rejected: Quota > exceeded (mailbox for user is full) > > The system is a pretty standard debian 8 box running virtually on a > kvm/ovirt cluster: > root at mail:~# dpkg --list | grep dovec > ii dovecot-core 1:2.2.13-12~deb8u1 amd64 secure > POP3/IMAP server - core files > ii dovecot-imapd 1:2.2.13-12~deb8u1 amd64 secure > POP3/IMAP server - IMAP daemon > ii dovecot-lmtpd 1:2.2.13-12~deb8u1 amd64 secure > POP3/IMAP server - LMTP server > ii dovecot-mysql 1:2.2.13-12~deb8u1 amd64 secure > POP3/IMAP server - MySQL support > ii dovecot-pop3d 1:2.2.13-12~deb8u1 amd64 secure > POP3/IMAP server - POP3 daemon > > Mail storage is local XFS partitions as far as the dovecot server > knows. Behind the scene its actually raw disk images on NFS shares > from a SAN towards the kvm/ovirt cluster. > > I test by using nc towards the quota-status instance: > root at mail:~# printf > "recipient=kptest at asom-net.dk\nsize=1000000000\n\n" | nc -q1 localhost > 12340 > action=DUNNO > > User has 500MB quota: > mysql> SELECT > CONCAT('/data/vmail/',CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1))) > AS home, 110 AS uid, 110 AS gid, CONCAT('*:storage=',mailquota,'M') AS > quota_rule FROM virtual_users WHERE email='kptest at asom-net.dk'; > +--------------------------------+-----+-----+----------------+ > | home | uid | gid | quota_rule | > +--------------------------------+-----+-----+----------------+ > | /data/vmail/asom-net.dk/kptest | 110 | 110 | *:storage=500M | > +--------------------------------+-----+-----+----------------+ > 1 row in set (0.00 sec) > > maildirsize seems ok: > root at mail:~# cat /data/vmail/asom-net.dk/kptest/maildirsize > 524288000S > 685 1 > 690 1 > > Quota-status will return unknown user if that is the case: > root at mail:~# printf > "recipient=kptest2 at asom-net.dk\nsize=1000000000\n\n" | nc -q1 > localhost 12340 > action=551 5.5.1 User not found > > > Log file (with mail_debug = yes): > Jan 12 16:52:21 mail dovecot: quota-status: Debug: auth input: > kptest at asom-net.dk home=/data/vmail/asom-net.dk/kptest uid=110 gid=110 > quota_rule=*:storage=500M > Jan 12 16:52:21 mail dovecot: quota-status: Debug: Added userdb > setting: plugin/quota_rule=*:storage=500M > Jan 12 16:52:21 mail dovecot: quota-status(kptest at asom-net.dk): Debug: > Effective uid=110, gid=110, home=/data/vmail/asom-net.dk/kptest > Jan 12 16:52:21 mail dovecot: quota-status(kptest at asom-net.dk): Debug: > Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, > list=yes, subscriptions=yes > location=maildir:/data/vmail/asom-net.dk/kptest/ > Jan 12 16:52:21 mail dovecot: quota-status(kptest at asom-net.dk): Debug: > maildir++: root=/data/vmail/asom-net.dk/kptest, index=, indexpvt=, > control=, inbox=/data/vmail/asom-net.dk/kptest, alt= > > dovecot -n: > # 2.2.13: /etc/dovecot/dovecot.conf > # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 ext4 > auth_default_realm = vejen-net.dk > auth_mechanisms = plain login > auth_verbose = yes > disable_plaintext_auth = no > first_valid_uid = 110 > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_debug = yes > mail_location = maildir:/data/vmail/%d/%n/ > mail_privileged_group = mail > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = /etc/dovecot/local-sql.conf > driver = sql > } > plugin { > quota = maildir:User quota > quota_rule = *:storage=200M > quota_status_nouser = 551 5.5.1 User not found > quota_status_overquota = 552 5.2.2 Mailbox is full > quota_status_success = DUNNO > } > protocols = imap pop3 > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-master { > mode = 0600 > user = vmail > } > user = root > } > service imap-login { > client_limit = 1024 > process_limit = 256 > process_min_avail = 8 > service_count = 0 > vsz_limit = 512 M > } > service imap { > process_limit = 10240 > } > service pop3-login { > client_limit = 512 > process_limit = 256 > process_min_avail = 8 > service_count = 0 > vsz_limit = 512 M > } > service pop3 { > process_limit = 10240 > } > service quota-status { > client_limit = 1 > executable = /usr/lib/dovecot/quota-status -p postfix > inet_listener { > port = 12340 > } > } > ssl_cert = ssl_key = ssl_prefer_server_ciphers = yes > userdb { > args = /etc/dovecot/local-sql.conf > driver = sql > } > protocol lda { > auth_socket_path = /var/run/dovecot/auth-master > mail_plugins = quota > postmaster_address = postmaster at asom-net.dk > } > protocol imap { > mail_plugins = quota imap_quota > } > protocol pop3 { > mail_plugins = quota > pop3_uidl_format = %08Xu%08Xv > } > > > local-sql.conf: > driver = mysql > connect = host=xyz dbname=xyz user=xyz password=xyz > default_pass_scheme = CRYPT > password_query = SELECT email as user, password FROM virtual_users > WHERE email='%u'; > user_query = SELECT > CONCAT('/data/vmail/',CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1))) > AS home, 110 AS uid, 110 AS gid, CONCAT('*:storage=',mailquota,'M') AS > quota_rule FROM virtual_users WHERE email='%u'; > > If I do a strace on the quota-status PID, it seems to do a stat on the > directory and then give up? Not sure Im interpreting it correct (only > including the last few lines): > ... > lseek(14, 833, SEEK_SET) = 833 > munmap(0x7f165d32a000, 833) = 0 > close(14) = 0 > geteuid() = 0 > getegid() = 110 > getgid() = 110 > getegid() = 110 > setgroups(1, [110]) = 0 > setresuid(-1, 110, -1) = 0 > prctl(PR_SET_DUMPABLE, 1) = 0 > stat("/data/vmail/asom-net.dk/kptest", {st_mode=S_IFDIR|0700, > st_size=4096, ...}) = 0 > prctl(PR_SET_DUMPABLE, 1) = 0 > setsockopt(12, SOL_TCP, TCP_CORK, [1], 4) = 0 > write(12, "action=DUNNO\n\n", 14) = 14 > setsockopt(12, SOL_TCP, TCP_CORK, [0], 4) = 0 > epoll_wait(11, {{EPOLLIN, {u32=1593554016, u64=139734059562080}}}, 5, > 59999) = 1 > read(12, "", 8146) = 0 > epoll_ctl(11, EPOLL_CTL_DEL, 12, 7fff0be817a0) = 0 > close(12) = 0 > epoll_wait(11, {}, 5, 1000) = 0 > write(5, "\35q\1\0007\10\0\0\1\0\0\0", 12) = 12 > epoll_wait(11, > ... > > It seems like sort of permission issue? > root at mail:~# su - vmail > No directory, logging in with HOME=/ > $ id -a > uid=110(vmail) gid=110(vmail) groups=110(vmail) > $ cat /data/vmail/asom-net.dk/kptest/maildirsize > 524288000S > 685 1 > 690 1 > > /data/vmail/asom-net.dk is actually a symlink, maybe that could be of > importance?: > root at mail:~# ls -ld /data/vmail/asom-net.dk > lrwxrwxrwx 1 root root 19 Jan 9 11:18 /data/vmail/asom-net.dk -> > ../mnt1/asom-net.dk > > root at mail:~# ls -ld /data/mnt1/asom-net.dk/ > drwxrwx--- 45 vmail vmail 4096 Dec 15 10:54 /data/mnt1/asom-net.dk/ > > root at mail:~# ls -ld /data/mnt1/asom-net.dk/kptest/ > drwx------ 9 vmail vmail 4096 Jan 23 08:55 /data/mnt1/asom-net.dk/kptest/ > > root at mail:~# ls -ld /data/mnt1/asom-net.dk/kptest/maildirsize > -rw------- 1 vmail vmail 23 Jan 12 16:50 > /data/mnt1/asom-net.dk/kptest/maildirsize > > Anyone have any idea what might be wrong here? > > Regards, > -- Kristian Pedersen ASOM-Net Systemadministrator www.asom-net.dk Telefon: 44 400 970 From aki.tuomi at dovecot.fi Tue Jan 31 17:01:46 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 31 Jan 2017 19:01:46 +0200 Subject: panic when doveadm sieve put between multiple hosts In-Reply-To: References: Message-ID: <550fb415-bc32-fabe-cfd2-7f3dadf397d0@dovecot.fi> This bug has been fixed in 2.2.26 with https://github.com/dovecot/core/commit/65a8a3c66787f164a94b67adf38da33b0c2aa519 and https://github.com/dovecot/core/commit/d83aa942767d377dadce82bb25a46aa96959b42b Aki On 2017-01-10 00:11, Tyler Jachetta wrote: > Dovecot version: 2.2.25 (7be1766) > > I?m looking into an issue we?re having with a new setup. We have one fronted host with two backend hosts, and we?re attempting to use doveadm to allow us to administer sieve on the frontend and have it replicated to the backend hosts. > > When I attempt to use doveadm sieve put on the frontend host, i get the following on the frontend host: > frontend-machine $ cat /tmp/default.sieve | doveadm sieve put default > doveadm(root): Error: doveadm server disconnected before handshake: Connection reset by peer > doveadm(root): Error: 10.1.11.82:10993: Command sieve put failed for root: Connection reset by peer > > when this happens, on the backend, I see this in /var/log/maillog: > > Jan 9 17:00:35 was-imap1 dovecot: doveadm: Panic: epoll_ctl(add, 0) failed: Operation not permitted (fd doesn't support epoll - instead of ' Jan 9 17:00:35 was-imap1 dovecot: doveadm: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x8d52e) [0x7f7a86ba952e] -> /usr/lib64/dovecot/libdovecot.so.0(+0x8d60e) [0x7f7a86ba960e] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f7a86b481b6] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handle_add+0x147) [0x7f7a86bbe067] -> /usr/lib64/dovecot/libdovecot.so.0(+0xa0311) [0x7f7a86bbc311] -> /usr/lib64/dovecot/libdovecot.so.0(io_add+0xd) [0x7f7a86bbc3bd] -> dovecot/doveadm-server(doveadm_mail_get_input+0xde) [0x7f7a875c53de] -> dovecot/doveadm-server(doveadm_mail_single_user+0x73) [0x7f7a875c5633] -> dovecot/doveadm-server(+0x2874d) [0x7f7a875c574d] -> dovecot/doveadm-server(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x27d) [0x7f7a875c65fd] -> dovecot/doveadm-server(doveadm_cmd_run_ver2+0x50c) [0x7f7a875d492c] -> dovecot/doveadm-server(+0x3b223) [0x7f7a875d8223] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x4c) [0x7f7a86bbce8c] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xff) [0x7f7a86bbe2ef] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) [0x7f7a86bbcf15] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f7a86bbd0c8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f7a86b4e613] -> dovecot/doveadm-server(main+0x186) [0x7f7a875b6276] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f7a8677bb15] -> dovecot/doveadm-server(+0x19321) [0x7f7a875b6321] > Jan 9 17:00:36 was-imap1 dovecot: doveadm: Fatal: master: service(doveadm): child 28542 killed with signal 6 (core dumped) > > Now, if I log in to either of the backend hosts, I can run the sieve put command and it all works out fine, so it?s something in the communication between the frontend and backend. > > dovecot -n output for both a frontend and backend below > > frontend-machine $ dovecot -n > # 2.2.25 (7be1766): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.15 (97b3da0) > # OS: Linux 3.10.0-327.18.2.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core) > auth_username_format = %Ln > director_mail_servers = 10.1.11.82 10.1.11.83 > director_servers = 10.1.11.81 > director_username_hash = %Ln > doveadm_port = 10993 > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext > mbox_write_locks = fcntl > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = proxy=y nopassword=y ssl=any-cert > driver = static > } > plugin { > sieve = file:~/sieve;active=~/.dovecot.sieve > } > protocols = imap pop3 lmtp sieve > service director { > fifo_listener login/proxy-notify { > mode = 0666 > } > inet_listener { > port = 1109 > } > unix_listener director-userdb { > mode = 0600 > } > unix_listener login/director { > mode = 0666 > } > } > service doveadm { > inet_listener { > port = 10993 > } > } > service imap-login { > executable = imap-login director > } > service imap { > process_limit = 250 > } > service ipc { > unix_listener ipc { > user = dovecot > } > } > service managesieve-login { > executable = managesieve-login director > } > service pop3-login { > executable = pop3-login director > } > ssl = required > ssl_ca = ssl_cert = ssl_client_ca_file = ssl_key = ssl_protocols = !SSLv2 !SSLv3 > ssl_require_crl = no > userdb { > driver = passwd > } > protocol doveadm { > auth_socket_path = director-userdb > } > protocol sieve { > passdb { > args = proxy=y nopassword=y starttls=any-cert > driver = static > name = > } > } > local 10.1.11.0/24 { > doveadm_password = # hidden, use -P to show it > } > > backend-machine $ dovecot -n > # 2.2.25 (7be1766): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.15 (97b3da0) > # OS: Linux 3.10.0-327.18.2.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core) > auth_username_format = %Ln > default_vsz_limit = 2 G > lda_mailbox_autocreate = yes > lda_mailbox_autosubscribe = yes > mail_location = maildir:~/Maildir > mail_plugins = " notify replication" > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext > mbox_write_locks = fcntl > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > separator = / > } > passdb { > driver = pam > } > plugin { > mail_replica = tcp:10.1.11.82:10993 > sieve = file:~/sieve;active=~/.dovecot.sieve > } > protocols = imap pop3 lmtp sieve > service aggregator { > fifo_listener replication-notify-fifo { > mode = 0666 > } > unix_listener replication-notify { > mode = 0666 > } > } > service doveadm { > inet_listener { > port = 10993 > } > } > service lmtp { > inet_listener lmtp { > port = 24 > } > } > service replicator { > process_min_avail = 1 > unix_listener replicator-doveadm { > mode = 0666 > } > } > ssl = required > ssl_ca = ssl_cert = ssl_client_ca_file = ssl_key = ssl_protocols = !SSLv2 !SSLv3 > ssl_require_crl = no > userdb { > driver = passwd > } > protocol lmtp { > auth_username_format = %Ln > info_log_path = /var/log/dovecot/lmtp.log > mail_plugins = " notify replication sieve" > postmaster_address = postmaster@***global.com > } > protocol sieve { > passdb { > args = proxy=y nopassword=y starttls=any-cert > driver = static > name = > } > } > local 10.1.11.0/24 { > doveadm_password = # hidden, use -P to show it > } From dovecot at avv.solutions Tue Jan 31 18:05:45 2017 From: dovecot at avv.solutions (dovecot at avv.solutions) Date: Tue, 31 Jan 2017 19:05:45 +0100 Subject: Sieve & Public folders issue (2nd episode) Message-ID: Hello Community, Getting back to my previous post, here a a complement: - Having enabled sieve, I can store mails and create folder under the recipient - Having enabled public folders, I can move mail into them using a client (eg Thunderbird); security is therefore ok (actually I gave full control to the user) eg Public/Newsletters/SomeCompany - *BUT* running a sieve script to store to Public/Newsletters/SomeCompany returns the following in the logs: "failed to store into mailbox 'Public/Newsletters/SomeCompany': Permission denied." Any tip? Thank you for your help. Greetz From stephan at rename-it.nl Tue Jan 31 20:26:44 2017 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 31 Jan 2017 21:26:44 +0100 Subject: Is it possible to use sieve when delivering via pipe to the dovecot deliver command ? In-Reply-To: <20170121191255.2490b883@tango> References: <20170121191255.2490b883@tango> Message-ID: Op 1/21/2017 om 7:12 PM schreef Thomas Carri?: > Hello, > > I am using Exim with this delivery configuration: > > virtual_delivery: > driver = pipe > command = /usr/lib/dovecot/deliver -d $local_part@$domain -f > ... > > I have enabled manage-sieve and uploaded a simple sieve script that I > can see on the server. > > man page of /usr/lib/dovecot/deliver says it supports sieve. > > Mail debug is enabled: > > $ dovecot -n | grep debug > mail_debug = yes > > Delivering a mail shows only this line in dovecot log: > > Jan 21 17:38:51 myserver dovecot: lda(joe at something.com): > msgid=<20170121183537.7313f219 at homenetwork>: saved mail to INBOX > > According to page > http://wiki2.dovecot.org/Pigeonhole/Sieve/Troubleshooting#Sieve_Scripts_are_not_Executed > I should have a log saying that the sieve plugin is loaded > > Here is the sieve relevant parts of dovecot -n: > > # 2.2.13: /etc/dovecot/dovecot.conf > ... > plugin { > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > ... > protocols = " imap sieve pop3 sieve" > ... > protocol lda { > mail_plugins = " sieve" > } > > Is there a requirement to use delivery via service (unix socket) so > that sieve is enabled? > > Or is there a configuration thing I forgot ? Not really. But I do notice you're executing deliver rather than dovecot-lda. Usually, one is a symlink to the other though, so it should not matter. But, still best change that to rule out problems related to that. It should at least be showing debug messages from LDA itself. It may be logging debug messages elsewhere though (`sudo doveadm log find`). You can also try to execute /usr/lib/dovecot/dovecot-lda manually: /usr/lib/dovecot/dovecot-lda -olog_path=/dev/stderr -p /path/to/test/message.eml This should print all logging to stderr. You may need to add a -d argument to select an appropriate user (an it may need to be run as root). Refer to http://wiki2.dovecot.org/LDA for reference. Regards, Stephan. From stephan at rename-it.nl Tue Jan 31 20:30:30 2017 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 31 Jan 2017 21:30:30 +0100 Subject: Sieve & Public folders issue (2nd episode) In-Reply-To: References: Message-ID: <249de7c3-c246-005e-7afb-76a84ec8eed6@rename-it.nl> Op 1/31/2017 om 7:05 PM schreef dovecot at avv.solutions: > Hello Community, > > Getting back to my previous post, here a a complement: > > - Having enabled sieve, I can store mails and create folder under the > recipient > - Having enabled public folders, I can move mail into them using a > client (eg Thunderbird); security is therefore ok (actually I gave > full control to the user) > eg Public/Newsletters/SomeCompany > - *BUT* running a sieve script to store to > Public/Newsletters/SomeCompany returns the following in the logs: > "failed to store into mailbox 'Public/Newsletters/SomeCompany': > Permission denied." > > Any tip? Please reply to the original thread. You have a question from Timo Sirainen there. He will likely not notice otherwise. Regards, Stephan. From stephan at rename-it.nl Tue Jan 31 20:31:24 2017 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 31 Jan 2017 21:31:24 +0100 Subject: Sieve removeflag Action In-Reply-To: <20170119094251.GA32291@nihlus.leuxner.net> References: <20170113081514.GA60507@nihlus.leuxner.net> <20170113132219.GA62702@nihlus.leuxner.net> <20170119090706.GA24845@nihlus.leuxner.net> <0fa34b34-986f-7023-572d-202986ec7dc4@rename-it.nl> <20170119094251.GA32291@nihlus.leuxner.net> Message-ID: Op 1/19/2017 om 10:43 AM schreef Thomas Leuxner: > * Stephan Bosch 2017.01.19 10:32: > >> Could you provide a more detailed example? > Sure. Personal script v This slipped my attention for the moment. Will look at this soon... Regards, Stephan. From stephan at rename-it.nl Tue Jan 31 20:36:16 2017 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 31 Jan 2017 21:36:16 +0100 Subject: Vacation Sending To Root In-Reply-To: References: Message-ID: <35b1a3d7-84fc-eddf-7b8f-c79bb531a34d@rename-it.nl> Op 12/16/2016 om 2:53 PM schreef Shaun Forsyth: > Dovecot Version 2.0.9 > > I am having an issue where all vacation messages are being sent to root. Is > any one able to advise. > > Dovecot Log Shows :- > Sieve: msgid=< > CAMD5TViw0sSigGm8JY5WOv0ROs1UdCJFnvb9vo-RzcNN74E92Q at mail.xxxxxx.com>: sent > vacation response to > > The emails are handed off to dovecot from sendmail using procmail > > :0 w > | $DELIVER > > The variable $DELIVER is set as > DELIVER="/usr/libexec/dovecot/deliver" > > I do have DROPPRIVS=YES in procmail, however I don't think deliver works > without this. > > Any advice would greatly help. The only advice I can give is upgrade. This version is too old. I cannot tell you which bugs if any may apply here. Regards, Stephan. From stephan at rename-it.nl Tue Jan 31 20:40:28 2017 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 31 Jan 2017 21:40:28 +0100 Subject: mail_location in userdb inconsistent with imap and pigeonhole In-Reply-To: References: Message-ID: <38952d18-2b5d-4ddc-94b6-813c027f91b9@rename-it.nl> Op 12/10/2016 om 7:11 PM schreef Ladislav Laska: > Hi! > > I'm still fighting with lost mails and what I think is a locking > problem. > > As I've lost some pretty important mails already, I decided to mitigate > my troubles by moving to maildir format, which should not be susceptible > to these problems. > > I read the docs and wanted to test on my account, before I mess with all > the others and possibly break something. The way to do it seems to be to > do an override via userdb. I already have a passwd-file authdb, so I > uncommented those few lines in configuration, and added this to > my passwd-file: > > krakonos:{SHA256}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=:1000:100::/home/krakonos:/bin/bash:userdb_mail=maildir:/home/krakonos/Mail > > Now, I'm not really sure why it has to be prefixed with userdb_, but the > example in docs has it, and it seems to work. > > I've attached the relevant part of a logfile, with some debugging > enabled, but in short: > > Dec 10 18:39:22 ibex dovecot: imap(krakonos): Debug: Added userdb > setting: mail=maildir:/home/krakonos/Mail > [...] > Dec 10 18:39:22 ibex dovecot: imap(krakonos): Debug: maildir++: > root=/home/krakonos/Mail, index=, indexpvt=, control=, > inbox=/home/krakonos/Mail, alt= > [...] > Dec 10 18:39:52 ibex dovecot: lda(krakonos): Debug: mbox: INBOX > defaulted to /home/krakonos/.mbox/inbox > > > I'm confused why the last line chooses my old mbox over the new > location. LDA does not perform a userdb lookup by default. That is probably what is going on here: http://wiki2.dovecot.org/LDA#Virtual_users Regards, Stephan. From mrforsythexeter at googlemail.com Tue Jan 31 20:44:52 2017 From: mrforsythexeter at googlemail.com (Shaun Forsyth) Date: Tue, 31 Jan 2017 20:44:52 +0000 Subject: Vacation Sending To Root In-Reply-To: <35b1a3d7-84fc-eddf-7b8f-c79bb531a34d@rename-it.nl> References: <35b1a3d7-84fc-eddf-7b8f-c79bb531a34d@rename-it.nl> Message-ID: Thanks for the response, I did manage to resolve this, however I ended up using a custom procmail recipe which handles (creates) the vacation responses. This was included (INCLUDERC) before the call to $DELIVER. On 31 January 2017 at 20:36, Stephan Bosch wrote: > Op 12/16/2016 om 2:53 PM schreef Shaun Forsyth: > > Dovecot Version 2.0.9 > > > > I am having an issue where all vacation messages are being sent to root. > Is > > any one able to advise. > > > > Dovecot Log Shows :- > > Sieve: msgid=< > > CAMD5TViw0sSigGm8JY5WOv0ROs1UdCJFnvb9vo-RzcNN74E92Q at mail.xxxxxx.com>: > sent > > vacation response to > > > > The emails are handed off to dovecot from sendmail using procmail > > > > :0 w > > | $DELIVER > > > > The variable $DELIVER is set as > > DELIVER="/usr/libexec/dovecot/deliver" > > > > I do have DROPPRIVS=YES in procmail, however I don't think deliver works > > without this. > > > > Any advice would greatly help. > > The only advice I can give is upgrade. This version is too old. I cannot > tell you which bugs if any may apply here. > > Regards, > > Stephan. > From carlosr at jovenclub.cu Tue Jan 31 22:03:04 2017 From: carlosr at jovenclub.cu (Carlos R Laguna) Date: Tue, 31 Jan 2017 17:03:04 -0500 Subject: dovecot 2.2.27 welcome plugins script Message-ID: <81ed9d1b-5fb9-0a24-b621-78c8372467de@jovenclub.cu> Hello everyone, I am trying to send a mail to newly autocreated users, using the welcome plugins, however, i am get unable to pipe user information correctly to the script, acording to the wiki the scripts are called just as the quota warnig scripts. Also, every time that a try something new i have created a new user...... is a pain. what can i do to test this without to create a new user after any little change? # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.4.0-59-generic x86_64 Ubuntu 14.04.5 LTS nfs auth_mechanisms = plain login mail_debug = yes mail_gid = vmail mail_location = maildir:/var/nfsvmail/%d/%Ln/ mail_plugins = " quota welcome" mail_uid = vmail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { quota = maildir:User quota quota_grace = 10%% quota_rule = *:storage=2M quota_rule2 = Trash:storage=+1M quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 El buz?n esta lleno quota_status_success = DUNNO quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u welcome_script = welcome %u welcome_wait = yes } postmaster_address = postmaster at cubava.cu protocols = " imap lmtp pop3" inet_listener pop3s { port = 0 } } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12340 } } service welcome { executable = script /usr/local/bin/welcome.sh unix_listener welcome { user = vmail } user = dovecot } ssl_cert = References: <58870F64.2030906@asom-net.dk> <5890AF03.30308@asom-net.dk> Message-ID: <26E5C771-BFF5-4982-BB79-69998F19FC80@valo.at> Am 31. J?nner 2017 16:36:35 MEZ schrieb Kristian Pedersen : >Hi list, > >We still did not manage to get quota-status working. >We're hoping someone can provide some feedback/ideas on how we may >investigate this issue further? >Is it likely to be a bug fixed in a newer version? > >Regards, > >Kristian > > [...] >> >> Quota-status will return unknown user if that is the case: >> root at mail:~# printf >> "recipient=kptest2 at asom-net.dk\nsize=1000000000\n\n" | nc -q1 >> localhost 12340 >> action=551 5.5.1 User not found >> Tried this and works here. Doveconf -n output with regards to quota settings is very similar, i use a quota dict, not maildir, spotted one difference i commented in your doveconf -n and i'm using version 2.2.27 from source ... >> >> dovecot -n: >> # 2.2.13: /etc/dovecot/dovecot.conf >> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 ext4 >> auth_default_realm = vejen-net.dk >> auth_mechanisms = plain login >> auth_verbose = yes >> disable_plaintext_auth = no >> first_valid_uid = 110 >> log_timestamp = "%Y-%m-%d %H:%M:%S " >> mail_debug = yes >> mail_location = maildir:/data/vmail/%d/%n/ The one line i'm missing here from your doveconf -n output is mail_plugins = " quota" set in conf.d/10-mail.conf Have you added quota to the global mail plugins setting? http://wiki2.dovecot.org/Quota >> mail_privileged_group = mail >> namespace inbox { >> inbox = yes >> location = >> mailbox Drafts { >> special_use = \Drafts >> } >> mailbox Junk { >> special_use = \Junk >> } >> mailbox Sent { >> special_use = \Sent >> } >> mailbox "Sent Messages" { >> special_use = \Sent >> } >> mailbox Trash { >> special_use = \Trash >> } >> prefix = >> } >> passdb { >> args = /etc/dovecot/local-sql.conf >> driver = sql >> } >> plugin { >> quota = maildir:User quota >> quota_rule = *:storage=200M >> quota_status_nouser = 551 5.5.1 User not found >> quota_status_overquota = 552 5.2.2 Mailbox is full >> quota_status_success = DUNNO >> } >> protocols = imap pop3 >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> unix_listener auth-master { >> mode = 0600 >> user = vmail >> } >> user = root >> } >> service imap-login { >> client_limit = 1024 >> process_limit = 256 >> process_min_avail = 8 >> service_count = 0 >> vsz_limit = 512 M >> } >> service imap { >> process_limit = 10240 >> } >> service pop3-login { >> client_limit = 512 >> process_limit = 256 >> process_min_avail = 8 >> service_count = 0 >> vsz_limit = 512 M >> } >> service pop3 { >> process_limit = 10240 >> } >> service quota-status { >> client_limit = 1 >> executable = /usr/lib/dovecot/quota-status -p postfix >> inet_listener { >> port = 12340 >> } >> } >> ssl_cert = > ssl_key = > ssl_prefer_server_ciphers = yes >> userdb { >> args = /etc/dovecot/local-sql.conf >> driver = sql >> } >> protocol lda { >> auth_socket_path = /var/run/dovecot/auth-master >> mail_plugins = quota >> postmaster_address = postmaster at asom-net.dk >> } >> protocol imap { >> mail_plugins = quota imap_quota >> } >> protocol pop3 { >> mail_plugins = quota >> pop3_uidl_format = %08Xu%08Xv >> } >> >> >> local-sql.conf: >> driver = mysql >> connect = host=xyz dbname=xyz user=xyz password=xyz >> default_pass_scheme = CRYPT >> password_query = SELECT email as user, password FROM virtual_users >> WHERE email='%u'; >> user_query = SELECT >> >CONCAT('/data/vmail/',CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1))) > >> AS home, 110 AS uid, 110 AS gid, CONCAT('*:storage=',mailquota,'M') >AS >> quota_rule FROM virtual_users WHERE email='%u'; >> >> If I do a strace on the quota-status PID, it seems to do a stat on >the >> directory and then give up? Not sure Im interpreting it correct (only > >> including the last few lines): >> ... >> lseek(14, 833, SEEK_SET) = 833 >> munmap(0x7f165d32a000, 833) = 0 >> close(14) = 0 >> geteuid() = 0 >> getegid() = 110 >> getgid() = 110 >> getegid() = 110 >> setgroups(1, [110]) = 0 >> setresuid(-1, 110, -1) = 0 >> prctl(PR_SET_DUMPABLE, 1) = 0 >> stat("/data/vmail/asom-net.dk/kptest", {st_mode=S_IFDIR|0700, >> st_size=4096, ...}) = 0 >> prctl(PR_SET_DUMPABLE, 1) = 0 >> setsockopt(12, SOL_TCP, TCP_CORK, [1], 4) = 0 >> write(12, "action=DUNNO\n\n", 14) = 14 >> setsockopt(12, SOL_TCP, TCP_CORK, [0], 4) = 0 >> epoll_wait(11, {{EPOLLIN, {u32=1593554016, u64=139734059562080}}}, 5, > >> 59999) = 1 >> read(12, "", 8146) = 0 >> epoll_ctl(11, EPOLL_CTL_DEL, 12, 7fff0be817a0) = 0 >> close(12) = 0 >> epoll_wait(11, {}, 5, 1000) = 0 >> write(5, "\35q\1\0007\10\0\0\1\0\0\0", 12) = 12 >> epoll_wait(11, >> ... >> >> It seems like sort of permission issue? >> root at mail:~# su - vmail >> No directory, logging in with HOME=/ >> $ id -a >> uid=110(vmail) gid=110(vmail) groups=110(vmail) >> $ cat /data/vmail/asom-net.dk/kptest/maildirsize >> 524288000S >> 685 1 >> 690 1 >> >> /data/vmail/asom-net.dk is actually a symlink, maybe that could be of > >> importance?: >> root at mail:~# ls -ld /data/vmail/asom-net.dk >> lrwxrwxrwx 1 root root 19 Jan 9 11:18 /data/vmail/asom-net.dk -> >> ../mnt1/asom-net.dk >> >> root at mail:~# ls -ld /data/mnt1/asom-net.dk/ >> drwxrwx--- 45 vmail vmail 4096 Dec 15 10:54 /data/mnt1/asom-net.dk/ >> >> root at mail:~# ls -ld /data/mnt1/asom-net.dk/kptest/ >> drwx------ 9 vmail vmail 4096 Jan 23 08:55 >/data/mnt1/asom-net.dk/kptest/ >> >> root at mail:~# ls -ld /data/mnt1/asom-net.dk/kptest/maildirsize >> -rw------- 1 vmail vmail 23 Jan 12 16:50 >> /data/mnt1/asom-net.dk/kptest/maildirsize >> >> Anyone have any idea what might be wrong here? >> >> Regards, >> -- Christian Kivalo