From jtam.home at gmail.com Sat Oct 1 01:29:05 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 30 Sep 2011 15:29:05 -0700 (PDT) Subject: [Dovecot] Error message in log In-Reply-To: References: Message-ID: On Fri, 30 Sep 2011, Knute Johnson wrote: > I'm getting the following message in my log; > > dovecot: IMAP(knute): > fchown(/home/knute/mail/.imap/INBOX/dovecot.index.tmp, -1, 8(mail)) > failed: Operation not permitted (egid=1000(knute), group based on > /var/mail/knute): 4 Time(s) > > I got these once before on the /var/mail/user files and changed the > permissions to 600. /home/knute/mail/.imap/INBOX is 770 and the index > files are 600. Is this a problem with the directory privilege? Probably. This was discussed a few times before. Check the mailing list archives. Dovecot tries to retain the same file access for the indices as the mailbox/message file it indexes; if the permissions allow access to the group, but the owner is not part of that group, then the dovecot process (which sets UID to the owner) cannot recreate the same permissions, hence the error. Either change the group ownership of "/var/mail/knute", put user "knute" in group "mail", or chmod it to 0600. The last one is probably the best solution. And fix the problem that created these permissions in the first place. Check your other users (if you have any) for the same situation. Joseph Tam From ejs at shubes.net Sat Oct 1 02:24:56 2011 From: ejs at shubes.net (Eric Shubert) Date: Fri, 30 Sep 2011 16:24:56 -0700 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: References: Message-ID: On 09/30/2011 12:59 PM, Eric Shubert wrote: > On 09/30/2011 09:07 AM, Eric Shubert wrote: >> >> CRAM-MD5 works sometimes: >> Sep 30 08:15:43 imap-login: Info: Login: user=, >> method=CRAM-MD5, rip=192.168.252.8, lip=192.168.252.14, mpid=20301 >> >> but (seemingly more frequently) the authentication fails: >> Sep 30 08:16:41 imap-login: Info: Aborted login (auth failed, 1 >> attempts): user=, method=CRAM-MD5, rip=192.168.252.8, >> lip=192.168.252.14 >> >> I restarted dovecot, and that apparently cleared the problem for one >> user, but not others. >> >> Is this perhaps a bug in dovecot, or would the problem lie with vpopmail? >> >> TIA for any pointers. >> > > FWIW, I tried digest-md5, and experience the same problem. > > Is it possible that passwords are being cached in such a way that > different login mechanisms cannot be used by different client programs > with the same user account? > My problem was indeed with the password caching. I changed cache_key=%u to cache_key=%u%r and that cleared things up. I expect that this is only a problem when different client programs use different login mechanisms, which was the case with this particular group of users. I didn't anticipate this behavior, but can live with it. A note about this in the documentation would be nice. I tried to create an account on the wiki for myself to update it, but that doesn't seem to be working presently. -- -Eric 'shubes' From tss at iki.fi Sat Oct 1 18:16:32 2011 From: tss at iki.fi (Timo Sirainen) Date: Sat, 01 Oct 2011 18:16:32 +0300 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: References: Message-ID: <1317482192.21919.47.camel@hurina> On Fri, 2011-09-30 at 16:24 -0700, Eric Shubert wrote: > >> CRAM-MD5 works sometimes: > >> Sep 30 08:15:43 imap-login: Info: Login: user=, > >> method=CRAM-MD5, rip=192.168.252.8, lip=192.168.252.14, mpid=20301 > >> > >> but (seemingly more frequently) the authentication fails: > >> Sep 30 08:16:41 imap-login: Info: Aborted login (auth failed, 1 > >> attempts): user=, method=CRAM-MD5, rip=192.168.252.8, > >> lip=192.168.252.14 > >> > My problem was indeed with the password caching. I changed > cache_key=%u > to > cache_key=%u%r > and that cleared things up. > > I expect that this is only a problem when different client programs use > different login mechanisms, which was the case with this particular > group of users. Auth mechanism shouldn't affect caching or vice versa. Maybe the %r just happens to work around the real problem, which might still be there but just less frequent.. Logs with auth_debug=yes could have been helpful in figuring this out. From tss at iki.fi Sat Oct 1 18:19:00 2011 From: tss at iki.fi (Timo Sirainen) Date: Sat, 01 Oct 2011 18:19:00 +0300 Subject: [Dovecot] FTS and compound searches In-Reply-To: <91489B71-0154-4DE8-9DD4-CA5354B9D8E8@net24.co.nz> References: <91489B71-0154-4DE8-9DD4-CA5354B9D8E8@net24.co.nz> Message-ID: <1317482340.21919.48.camel@hurina> On Thu, 2011-09-29 at 15:40 +1300, Nikolai Schupbach wrote: > >> New subscriber here. I noticed that the FTS index is not used in compound searches. > >> Is this expected? Tested in 2.0.0 and 2.0.8: > > > >Yep. It's been in TODO for a while. > > I know this thread is quite old, but we have the same issue with v2.0.14 and squat. Would this issue also affect the Solr FTS backend? It's fixed in v2.1 for all backends. From ejs at shubes.net Sun Oct 2 18:53:19 2011 From: ejs at shubes.net (Eric Shubert) Date: Sun, 02 Oct 2011 08:53:19 -0700 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: <1317482192.21919.47.camel@hurina> References: <1317482192.21919.47.camel@hurina> Message-ID: On 10/01/2011 08:16 AM, Timo Sirainen wrote: > On Fri, 2011-09-30 at 16:24 -0700, Eric Shubert wrote: >>>> CRAM-MD5 works sometimes: >>>> Sep 30 08:15:43 imap-login: Info: Login: user=, >>>> method=CRAM-MD5, rip=192.168.252.8, lip=192.168.252.14, mpid=20301 >>>> >>>> but (seemingly more frequently) the authentication fails: >>>> Sep 30 08:16:41 imap-login: Info: Aborted login (auth failed, 1 >>>> attempts): user=, method=CRAM-MD5, rip=192.168.252.8, >>>> lip=192.168.252.14 >>>> >> My problem was indeed with the password caching. I changed >> cache_key=%u >> to >> cache_key=%u%r >> and that cleared things up. >> >> I expect that this is only a problem when different client programs use >> different login mechanisms, which was the case with this particular >> group of users. > > Auth mechanism shouldn't affect caching or vice versa. Maybe the %r just > happens to work around the real problem, which might still be there but > just less frequent.. Logs with auth_debug=yes could have been helpful in > figuring this out. Ask and ye shall receive: Oct 02 08:21:03 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=192.168.6.14 rip=208.54.4.133 lport=143 rport=43401 resp= Oct 02 08:21:03 auth: Debug: cache(gary at domain.com,208.54.4.133): hit: user=gary at domain.com Oct 02 08:21:03 auth: Debug: client out: OK 1 user=gary at domain.com Oct 02 08:21:03 auth: Debug: master in: REQUEST 546963457 11596 1 9d5ae9a5778c4e1da32bfe9de1027163 Oct 02 08:21:03 auth: Debug: userdb-cache(gary at domain.com,208.54.4.133): hit: gary at domain.com uid=89 gid=89 home=/home/vpopmail/domains/domain.com/gary Oct 02 08:21:03 auth: Debug: master out: USER 546963457 gary at domain.com uid=89 gid=89 home=/home/vpopmail/domains/domain.com/gary Oct 02 08:21:03 imap-login: Info: Login: user=, method=PLAIN, rip=208.54.4.133, lip=192.168.6.14, mpid=11607, TLS Oct 02 08:21:05 auth: Debug: auth client connected (pid=11609) Oct 02 08:21:05 auth: Debug: client in: AUTH 1 CRAM-MD5 service=imap secured lip=192.168.6.14 rip=174.17.50.127 lport=993 rport=50696 Oct 02 08:21:05 auth: Debug: client out: CONT 1 PDU5NjE3NTM4NTk4OTA0MTIuMTMxNzU2ODg2NUB3b25nLnIzaW52ZXN0aWdhdGlvbnMuY29tPg== Oct 02 08:21:06 auth: Debug: client in: CONT Oct 02 08:21:06 auth: Debug: cache(teacher at domain2.com,174.17.50.127): miss Oct 02 08:21:06 auth: Debug: vpopmail(teacher at domain2.com,174.17.50.127): lookup user=teacher domain=domain2.com Oct 02 08:21:06 auth: Debug: client out: OK 1 user=teacher at domain2.com Oct 02 08:21:06 auth: Debug: master in: REQUEST 3916169217 11609 1 42c98a70d61d08e4b1440028faf5324a Oct 02 08:21:06 auth: Debug: userdb-cache(teacher at domain2.com,174.17.50.127): miss Oct 02 08:21:06 auth: Debug: vpopmail(teacher at domain2.com,174.17.50.127): lookup user=teacher domain=domain2.com Oct 02 08:21:06 auth: Debug: master out: USER 3916169217 teacher at domain2.com uid=89 gid=89 home=/home/vpopmail/domains/domain2.com/teacher Oct 02 08:21:06 imap-login: Info: Login: user=, method=CRAM-MD5, rip=174.17.50.127, lip=192.168.6.14, mpid=11612, TLS Oct 02 08:21:35 imap(gary at domain.com): Info: Disconnected: Logged out bytes=361/1161 Oct 02 08:21:40 auth: Debug: auth client connected (pid=11627) Oct 02 08:21:40 auth: Debug: client in: AUTH 1 DIGEST-MD5 service=imap lip=192.168.252.14 rip=192.168.252.8 lport=143 rport=41155 Oct 02 08:21:40 auth: Debug: client out: CONT 1 cmVhbG09IiIsbm9uY2U9InpkR3VZcFd0T25iUWpQM3hHOVloemc9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI= Oct 02 08:21:40 auth: Debug: client in: CONT Oct 02 08:21:40 auth: Debug: cache(gary at domain.com,192.168.252.8): hit: user=gary at domain.com Oct 02 08:21:40 auth: Info: password(gary at domain.com,192.168.252.8): Requested DIGEST-MD5 scheme, but we have only SHA1 Oct 02 08:21:42 auth: Debug: client out: FAIL 1 user=gary at domain.com Oct 02 08:21:42 imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=DIGEST-MD5, rip=192.168.252.8, lip=192.168.252.14 Oct 02 08:21:55 auth: Debug: auth client connected (pid=11629) Oct 02 08:21:55 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=192.168.6.14 rip=192.168.5.196 lport=993 rport=4605 resp= Oct 02 08:21:55 auth: Debug: cache(gary at domain.com,192.168.5.196): hit: user=gary at domain.com Oct 02 08:21:55 auth: Debug: client out: OK 1 user=gary at domain.com Oct 02 08:21:55 auth: Debug: master in: REQUEST 875167745 11629 1 126eea78f45a1270bea10f8f939545fa Oct 02 08:21:55 auth: Debug: userdb-cache(gary at domain.com,192.168.5.196): hit: gary at domain.com uid=89 gid=89 home=/home/vpopmail/domains/domain.com/gary Oct 02 08:21:55 auth: Debug: master out: USER 875167745 gary at domain.com uid=89 gid=89 home=/home/vpopmail/domains/domain.com/gary Oct 02 08:21:55 imap-login: Info: Login: user=, method=PLAIN, rip=192.168.5.196, lip=192.168.6.14, mpid=11630, TLS The user gary first connects using TMobile phone (208.54.4.133), then a subsequent attempt via Squirrelmail/webmail (192.168.252.8) fails. Outlook (192.168.5.196) is also in there. Outlook and TMobile both use PLAIN with TLS, and they get along fine. Squirrelmail doesn't presently support TLS, so needs to use cram-md5 or digest-md5, which fails with the cached entry from one of the other clients. Thank you so much for your terrific work with Dovecot, Timo. It is truly a premier piece of work. -- -Eric 'shubes' From tss at iki.fi Sun Oct 2 20:28:04 2011 From: tss at iki.fi (Timo Sirainen) Date: Sun, 02 Oct 2011 20:28:04 +0300 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: References: <1317482192.21919.47.camel@hurina> Message-ID: <1317576487.21919.50.camel@hurina> On Sun, 2011-10-02 at 08:53 -0700, Eric Shubert wrote: > > > Oct 02 08:21:40 auth: Info: password(gary at domain.com,192.168.252.8): > Requested DIGEST-MD5 scheme, but we have only SHA1 Oh. This was vpopmail specific problem. See if this fixes: http://hg.dovecot.org/dovecot-2.0/rev/dbd5f9ec38af From dlie76 at yahoo.com.au Mon Oct 3 05:15:01 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Sun, 2 Oct 2011 19:15:01 -0700 (PDT) Subject: [Dovecot] problem with getting outlook to work with IMAP server Message-ID: <1317608101.37488.YahooMailNeo@web113406.mail.gq1.yahoo.com> Hi, I am having difficulty in getting the outlook 2010 to connect to my server running on Ubuntu Server 10.04. I can login to Squirrelmail webmail, and am able to send & receive emails through squirrelmail with no problem whatsoever. However, this morning, I was trying to add a new account for the same user on Outlook 2010 and I got the following error from outlook as follows Send test e-mail message: Your outgoing (SMTP) e-mail server has reported an internal error. The server responded: 554 5.7.7 No Spoofing Allowed. I then, went to check /var/log/mail.log and I found the following Oct? 3 12:19:27 mymailServer dovecot: auth(default): ldap(sbernett,50.4.39.163): pass search: base=ou=accounts,dc=example,dc=com scope=subtree filter=(&(objectClass=posixAccount)(uid=sbernett)) fields=uid,userPassword,homeDirectory,uidNumber,gidNumber Oct? 3 12:19:27 mymailServer dovecot: auth(default): ldap(sbernett,50.4.39.163): result: uid(user)=sbernett uidNumber(userdb_uid)=106 gidNumber(userdb_gid)=106 userPassword(password)={CRYPT}xGHI86Ktls homeDirectory(userdb_home)=/home/vmail/sbernett Oct? 3 12:19:27 mymailServer dovecot: auth(default): client out: OK#0111#011user=sbernett Oct? 3 12:19:27 mymailServer dovecot: auth(default): master in: REQUEST#0114#0112686#0111 Oct? 3 12:19:27 mymailServer dovecot: auth(default): passwd(sbernett,50.4.39.163): lookup Oct? 3 12:19:27 mymailServer dovecot: auth(default): passwd(sbernett,50.4.39.163): unknown user Oct? 3 12:19:27 mymailServer dovecot: auth(default): master out: USER#0114#011sbernett#011uid=106#011gid=106#011home=/home/vmail/sbernett Oct? 3 12:19:27 mymailServer dovecot: imap-login: Login: user=, method=PLAIN, rip=50.4.39.163, lip=50.4.39.164 Oct? 3 12:19:27 mymailServer dovecot: IMAP(sbernett): Disconnected in IDLE bytes=9/292 Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: warning: No server certs available. TLS won't be enabled Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: connect from localhost[127.0.0.1] Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: 182292400AE: client=localhost[127.0.0.1] Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: lost connection after DATA (0 bytes) from localhost[127.0.0.1] Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: disconnect from localhost[127.0.0.1] Next, I tried to see if there are any the difference in the mail.log when logging into the squirrelmail (which is working for me) Oct? 3 12:31:32 mymailServer dovecot: auth(default): ldap(sbernett,127.0.0.1): pass search: base=ou=accounts,dc=example,dc=com scope=subtree filter=(&(objectClass=posixAccount)(uid=sbernett)) fields=uid,userPassword,homeDirectory,uidNumber,gidNumber Oct? 3 12:31:32 mymailServer dovecot: auth(default): ldap(sbernett,127.0.0.1): result: uid(user)=sbernett uidNumber(userdb_uid)=106 gidNumber(userdb_gid)=106 userPassword(password)={CRYPT}xGHI86Ktls homeDirectory(userdb_home)=/home/vmail/sbernett Oct? 3 12:31:32 mymailServer dovecot: auth(default): client out: OK#0111#011user=sbernett Oct? 3 12:31:32 mymailServer dovecot: auth(default): master in: REQUEST#0114#0112485#0111 Oct? 3 12:31:32 mymailServer dovecot: auth(default): passwd(sbernett,127.0.0.1): lookup Oct? 3 12:31:32 mymailServer dovecot: auth(default): passwd(sbernett,127.0.0.1): unknown user Oct? 3 12:31:32 mymailServer dovecot: auth(default): master out: USER#0114#011sbernett#011uid=1004#011gid=1004#011home=/home/vmail/sbernett Oct? 3 12:31:32 mymailServer dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured The only thing I noticed different between the two is the IP addresses in rip and lip. Is there a way to tell the IMAP server to allow the remote IP addresses to connect. Here is my dovecot.conf # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-34-generic-pae i686 Ubuntu 10.04.3 LTS ext4 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap listen: *:143 ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login verbose_proctitle: yes first_valid_uid: 106 last_valid_uid: 1000 mail_privileged_group: mail mail_location: maildir:/home/vmail/%u/Maildir mbox_write_locks: fcntl dotlock mail_plugins: quota imap_quota imap_client_workarounds: delay-newmail outlook-idle netscape-eoh lda: ? postmaster_address: postmaster at mailtest.dyndns-free.com ? mail_plugins: quota ? sendmail_path: /usr/lib/sendmail ? rejection_reason: Your message to <%t> was automatically rejected:%n%r ? auth_socket_path: /var/run/dovecot-auth-master auth default: ? mechanisms: plain login ? username_format: %Lu ? verbose: yes ? debug: yes ? debug_passwords: yes ? passdb: ??? driver: pam ? passdb: ??? driver: ldap ??? args: /etc/dovecot/dovecot-ldap.conf ? userdb: ??? driver: passwd ? userdb: ??? driver: static ??? args: uid=106 gid=106 home=/home/vmail/%u allow_all_users=yes ? socket: ??? type: listen ??? client: ????? path: /var/spool/postfix/private/auth ????? mode: 432 ????? user: postfix ????? group: mail ??? master: ????? path: /var/run/dovecot-auth-master ????? mode: 432 ????? user: vmail ????? group: vmail plugin: ? quota: maildir ? quota_rule: *:storage=3GB ? quota_rule2: Trash:storage=20%% ? quota_rule3: Spam:storage=10%% ? quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95 ? quota_warning2: storage=80%% /usr/local/bin/quota-warning.sh 80 Here is my postfix.cf myhostname = mymailserver mydomain = example.com mydestination = localhost.$mydomain,localhost,$mydomain,$myhostname local_recipient_maps = ldap:/etc/postfix/ldap-user-auth.cf virtual_transport = dovecot virtual_mailbox_domains = vexample.com virtual_mailbox_base = /home/vmail virtual_mailbox_maps = hash:/etc/postfix/virtual_mailboxes virtual_minimum_uid = 100 virtual_uid_maps = static:106 virtual_gid_maps = static:106 relayhost = mynetworks = 127.0.0.0/8, 192.168.1.0/24, 50.4.39.163, 50.4.39.164 mynetworks_style = subnet mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = ipv4 mail_spool_directory = /var/spool/mail smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanomymous smtpd_tls_auth_only = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_sender_login_mismatch smtpd_sasl_local_domain = vexample.com dovecot_destination_recipient_limit = 1 Any help would be greatly appreciated. Thank you From ffiore at babel.it Mon Oct 3 11:53:03 2011 From: ffiore at babel.it (Francesco Fiore) Date: Mon, 03 Oct 2011 10:53:03 +0200 Subject: [Dovecot] Timeout leak in get quota In-Reply-To: <4E846D31.6010900@gmail.com> References: <4E846D31.6010900@gmail.com> Message-ID: <4E8977EF.80107@babel.it> Hi! I've the same problem. I use the same input string inside a Java standalone application. The request would appear correct and I receive always a correct response but Dovecot print the same warning into the log... My Dovecot version is 2.0.13. Thanks in advance for any help! Francesco On 29/09/11 15:05, Danilo wrote: > Hello! > I wrote perl script for read current quota usage, it works but when I run the > program I receive a warning in Dovecot log: > > 2011-09-29 14:45:30 doveadm(guest at testmail.com): Warning: Timeout leak: > 0x7f14800ad970 > > This is the script: > =============================== > #!/usr/bin/perl > > use strict; > use Socket; > use IO::Handle; > > socket(TSOCK, PF_UNIX, SOCK_STREAM,0); > connect(TSOCK, sockaddr_un("/var/run/dovecot/doveadm-server")) or print("ERROR!"); > > print "VERSION\tdoveadm-server\t1\t0\n"; > print "\tguest\@testmail.com\tquota get\n"; > print "=" x 20 . "\n"; > > if (defined(my $messg = )) { > > print $messg; > > print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; > TSOCK->flush; > > print TSOCK "\tguest\@testmail.com\tquota get\n"; > TSOCK->flush; > > $messg = ; > print $messg; > > $messg = ; > print $messg; > > close TSOCK; > } > ============================= > I hope someone could help me to fix the warning. > Thanks in advance, > Dany -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 554 bytes Desc: OpenPGP digital signature URL: From andrew.hearn at aa.net.uk Mon Oct 3 13:35:51 2011 From: andrew.hearn at aa.net.uk (Andrew Hearn) Date: Mon, 03 Oct 2011 11:35:51 +0100 Subject: [Dovecot] 1.2.17 Program terminated with signal 11, Segmentation fault. Message-ID: <4E899007.7080603@aa.net.uk> Hello, We've had seg faults a couple of times a day on our servers, we upgraded to 1.2.17 and still have them. running a coredump through dbg says: Reading symbols from /usr/local/libexec/dovecot/imap-login...done. [New Thread 27962] Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff083f4000 Core was generated by `imap-login -D'. Program terminated with signal 11, Segmentation fault. #0 0x000000000041388b in io_file_unlink (_io=, closed=true) at ioloop.c:70 70 if (io->next != NULL) dovecot -n is at http://pastebin.ca/SQjrseJD (pass timo) Linux 2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:13:52 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux We use NFS for mail store, and ramdisk for dovecot indexes. We do run the mail_log plugin. Let me know if you need any more info though. -- Andrew Hearn. AAISP Technical Support Team Leader Tel: 03333 400999 From f.bonnet at esiee.fr Mon Oct 3 14:52:07 2011 From: f.bonnet at esiee.fr (Frank Bonnet) Date: Mon, 03 Oct 2011 13:52:07 +0200 Subject: [Dovecot] clarifications on shared mailboxes Message-ID: <4E89A1E7.8090301@esiee.fr> Hello I need some clarifications on shared mailboxes. Actually we use MBOX format with "real" unix users , but I've been asked to create some shared mailboxes for some users who need to have some for their working groups. What would be the best way to create those shared mailboxes ? Would it be possible to create some "shared space" on the server in maildir format to get advantage of the last seen flag ? If yes some config examples would be a great help. See attach the doveconf -n output ( certificates names have been obscured ;-) ) Thank you. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: doveconf.txt URL: From rventura at h-st.com Mon Oct 3 17:29:39 2011 From: rventura at h-st.com (Romer Ventura) Date: Mon, 3 Oct 2011 09:29:39 -0500 Subject: [Dovecot] Multiple LDAP authentication servers Message-ID: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> Hello, We are performing a Domain migration and I was wondering if there was any way to get Dovecot to authenticate to more than 1 LDAP server? Currently dovecot is configure to query the "mail" attribute from Active Directory and when found it binds with the credentials the user provided. This works fine, but when migrating user accounts, they get disabled in the source domain so that the user can no longer log on to it. But disabling the account in the source domain, causes the user to be unable to use his email account. Is there any way to get dovecot to try a second LDAP server if the first one fails to authenticate..? ~# dovecot -n # 1.2.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.29-xs5.5.0.15 i686 Debian 5.0.4 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps imap ssl_cert_file: /etc/ssl/certs/smtpd.crt ssl_key_file: /etc/ssl/private/smtpd.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_user: postfix mail_privileged_group: mail mail_uid: vmail mail_gid: vmail mail_location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir mbox_write_locks: fcntl dotlock imap_client_workarounds: delay-newmail outlook-idle netscape-eoh lda: postmaster_address: postmaster at h-st.com auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver-info.log auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth-client mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail Thanks -------- Romer Ventura From joseba.torre at ehu.es Mon Oct 3 18:22:11 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 3 Oct 2011 17:22:11 +0200 Subject: [Dovecot] Multiple LDAP authentication servers In-Reply-To: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> References: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> Message-ID: <201110031722.11749.joseba.torre@ehu.es> On Lunes 03 Octubre 2011 16:29:39 Romer Ventura escribi?: > Is there any way to get dovecot to try a second LDAP server if the first > one fails to authenticate..? Sure; just add a second passdb (maybe you also need a second userdb) pointing to the other server. Something like passdb ldap { args = /usr/local/etc/AD.conf } passdb ldap { args = /usr/local/etc/second.conf } HTH -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From rventura at h-st.com Mon Oct 3 18:27:44 2011 From: rventura at h-st.com (Romer Ventura) Date: Mon, 3 Oct 2011 10:27:44 -0500 Subject: [Dovecot] Multiple LDAP authentication servers In-Reply-To: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> References: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> Message-ID: <0e3001cc81e0$ff7ad840$fe7088c0$@h-st.com> -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Romer Ventura Sent: Monday, October 03, 2011 9:30 AM To: dovecot at dovecot.org Subject: [Dovecot] Multiple LDAP authentication servers Hello, We are performing a Domain migration and I was wondering if there was any way to get Dovecot to authenticate to more than 1 LDAP server? Currently dovecot is configure to query the "mail" attribute from Active Directory and when found it binds with the credentials the user provided. This works fine, but when migrating user accounts, they get disabled in the source domain so that the user can no longer log on to it. But disabling the account in the source domain, causes the user to be unable to use his email account. Is there any way to get dovecot to try a second LDAP server if the first one fails to authenticate..? ~# dovecot -n # 1.2.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.29-xs5.5.0.15 i686 Debian 5.0.4 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps imap ssl_cert_file: /etc/ssl/certs/smtpd.crt ssl_key_file: /etc/ssl/private/smtpd.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_user: postfix mail_privileged_group: mail mail_uid: vmail mail_gid: vmail mail_location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir mbox_write_locks: fcntl dotlock imap_client_workarounds: delay-newmail outlook-idle netscape-eoh lda: postmaster_address: postmaster at h-st.com auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver-info.log auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth-client mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail ************************************************** Also I forgot to mention that these are different domains, we are not authenticating to DOMAIN-AAA.COM and we would like to authenticate to DOMAIN-BBB.LAN while still allowing authentication to DOMAIN-AAA.COM. The Base DNs and domains are different. Possible? Thanks From rventura at h-st.com Mon Oct 3 18:34:47 2011 From: rventura at h-st.com (Romer Ventura) Date: Mon, 3 Oct 2011 10:34:47 -0500 Subject: [Dovecot] Multiple LDAP authentication servers In-Reply-To: <201110031722.11749.joseba.torre@ehu.es> References: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> <201110031722.11749.joseba.torre@ehu.es> Message-ID: <0e3201cc81e1$fb9ee120$f2dca360$@h-st.com> So you are saying I can define multiple passdb and userdb, each pointing to a different ldap config file? Thanks -------- Romer Ventura -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Joseba Torre Sent: Monday, October 03, 2011 10:22 AM To: dovecot at dovecot.org Subject: Re: [Dovecot] Multiple LDAP authentication servers On Lunes 03 Octubre 2011 16:29:39 Romer Ventura escribi?: > Is there any way to get dovecot to try a second LDAP server if the > first one fails to authenticate..? Sure; just add a second passdb (maybe you also need a second userdb) pointing to the other server. Something like passdb ldap { args = /usr/local/etc/AD.conf } passdb ldap { args = /usr/local/etc/second.conf } HTH -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From joseba.torre at ehu.es Mon Oct 3 18:50:36 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 3 Oct 2011 17:50:36 +0200 Subject: [Dovecot] Multiple LDAP authentication servers In-Reply-To: <0e3201cc81e1$fb9ee120$f2dca360$@h-st.com> References: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> <201110031722.11749.joseba.torre@ehu.es> <0e3201cc81e1$fb9ee120$f2dca360$@h-st.com> Message-ID: <201110031750.36470.joseba.torre@ehu.es> On Lunes 03 Octubre 2011 17:34:47 Romer Ventura escribi?: > So you are saying I can define multiple passdb and userdb, each pointing to > a different ldap config file? That's it. You may define as many as you need, and each one is independent. If the 1st one fails dovecot will try the 2nd one, then the 3rd one and so on. -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From ejs at shubes.net Mon Oct 3 19:55:40 2011 From: ejs at shubes.net (Eric Shubert) Date: Mon, 03 Oct 2011 09:55:40 -0700 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: <1317576487.21919.50.camel@hurina> References: <1317482192.21919.47.camel@hurina> <1317576487.21919.50.camel@hurina> Message-ID: On 10/02/2011 10:28 AM, Timo Sirainen wrote: > On Sun, 2011-10-02 at 08:53 -0700, Eric Shubert wrote: >> >> >> Oct 02 08:21:40 auth: Info: password(gary at domain.com,192.168.252.8): >> Requested DIGEST-MD5 scheme, but we have only SHA1 > > Oh. This was vpopmail specific problem. See if this fixes: > http://hg.dovecot.org/dovecot-2.0/rev/dbd5f9ec38af > > > Thanks Timo. Two things. First, I don't think this is a comprehensive fix covering all situations, though I could be wrong. One problem with it is that if the password is changed and the plaintext client isn't active, one would need to wait for the cached plaintext record to expire before being able to log in with an encoded password. Another problem might be if there are two separate clients, one using digest-md5 and another using cram-md5, I think the second one used would still fail. No? I'm not sure how best to handle any combination of clients and authentication mechanisms, so I'll leave the solution to your design. Second and perhaps more importantly, it occurred to me that simply using %u as the cache key might be a significant security hole. If passwords are cached using only the user account, what's to prevent someone else, using another client with the same authentication mechanism at a different IP address, from gaining access to an account that's cached? Perhaps I'm not understanding this right, but I think that using %u%r as the cache key closes this hole, and should probably be recommended in the documentation. I could (as always) be totally off base on this, so please explain if I'm misunderstanding something. Thanks again, Timo. Great work on dovecot. -- -Eric 'shubes' From jtam.home at gmail.com Tue Oct 4 03:05:32 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 3 Oct 2011 17:05:32 -0700 (PDT) Subject: [Dovecot] SSL only for external connections In-Reply-To: References: Message-ID: On Sun, 2 Oct 2011, Simon Brereton writes: > I don't have that file. Part of the problem is that I'm confused > between protocols and wrappers and interfaces :) Dick and Michael have > persuaded me that it's just easier to for Horde not to ask for TLS on > port 143 - because that's in fact what I was doing - and it's > pointless. > > Nonetheless, I think it would be nice to tell Dovecot listen on the > local interface for IMAP. Listen on the external interface for IMAP, > IMAPS, POP and POP3S. But if there's not simple way to do that I don't > have a valid use-case for doing it right now. I got into this thread rather late so maybe I missed something here. If you have different policies for your interface, you can run two different instances of dovecot (with 2 different base directories and sets of configuration files). I haven't tried it, but maybe it's also possible have interface specific CAPA strings and remove STARTTLS. Dovecot will support unencrypted sessions over the localhost interface, but your webmail seems to opportunistcally use it when offered, so don't offer it. Joseph Tam From terryjames9461 at mm.st Tue Oct 4 08:24:54 2011 From: terryjames9461 at mm.st (terryjames9461 at mm.st) Date: Mon, 03 Oct 2011 22:24:54 -0700 Subject: [Dovecot] What best decision to make for flatfiles or SQL when I use Dovecot2 + Postfix together? In-Reply-To: References: <1317138678.29156.140258148311993@webmail.messagingengine.com><4E8207F5.2070105@whyscream.net><1317160829.10644.140258148445373@webmail.messagingengine.com><20110927180632.Horde.jPUpZZLnE6FOgkjoSa5RRHA@kishi.patrickdk.com><1317161652.13631.140258148451673@webmail.messagingengine.com> Message-ID: <1317705894.27535.140258150723349@webmail.messagingengine.com> Thanks to all for the instructions. I am working on the flatfile approach and making good progress. I also set up some test MySQL options and they work too. So I have the future plans already in my hand! TJ From jeetendra.p at directi.com Tue Oct 4 10:39:37 2011 From: jeetendra.p at directi.com (Jeetu) Date: Tue, 04 Oct 2011 13:09:37 +0530 Subject: [Dovecot] Missing man page for doveadm move In-Reply-To: <4E8227FA.8030608@localhost.localdomain.org> References: <4E7B5389.7050907@directi.com> <4E8227FA.8030608@localhost.localdomain.org> Message-ID: <4E8AB839.4060109@directi.com> Thanks pascal. On 28/09/11 1:16 AM, Pascal Volk wrote: > On 09/22/2011 05:26 PM Jeetu wrote: >> Hi, >> >> i cant see man pages for doveadm-move, though the command "doveadm move >> ..." works on new version of dovecot. > There is the manual page: > http://hg.dovecot.org/dovecot-2.0/rev/c194c76b98ff also available in the > wiki: http://wiki2.dovecot.org/Tools/Doveadm/Move > > > Regards, > Pascal -- -Jeetu ------------------ Powered by BigRock From linuxmail at 4lin.net Tue Oct 4 10:41:49 2011 From: linuxmail at 4lin.net (Denny Schierz) Date: Tue, 04 Oct 2011 09:41:49 +0200 Subject: [Dovecot] sieve vacation reply In-Reply-To: <4E383E9F.5020503@zero-spam.fr> References: <4DD29C5D.4070405@cimr.cam.ac.uk> <4E37CF9D.2010209@zero-spam.fr> <4E37D891.1010103@rename-it.nl> <4E37F106.2050500@zero-spam.fr> <4E3804C7.1030503@rename-it.nl> <4E381F8C.5010702@rename-it.nl> <4E383E9F.5020503@zero-spam.fr> Message-ID: <1317714109.29009.51.camel@pcdenny> Am Dienstag, den 02.08.2011, 20:14 +0200 schrieb St?phane Wartel: > Hi Stephan, > > Yep, after some tests you 're right, it's not possible. > So, I use :addresses in sieve script and will try -a or -r arguments in > LDA command from postfix with the next release. did you get it working with -a or -r ? cu denny -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: From urushkin at telros.ru Tue Oct 4 12:01:36 2011 From: urushkin at telros.ru (Sergey Urushkin) Date: Tue, 04 Oct 2011 13:01:36 +0400 Subject: [Dovecot] GSSAPI and deny=yes passdb Message-ID: <4E8ACB70.7060004@telros.ru> Hi. Is it possible to use GSSAPI authentication and deny passdb together? Seems it doesn't work as I expect: GSSAPI doesn't check deny passdb, so I'm not able to restrict access to GSSAPI-users. I can see these in logs when user tries to connect with PLAIN authentication (via pam_krb5): Oct 4 11:14:31 vm03 auth: Debug: passwd-file(testuser,172.17.0.123): lookup: user=testuser file=/etc/dovecot/auth.d/.passwd-deny Oct 4 11:14:31 vm03 dovecot: auth: passdb(tesetuser,172.17.0.123): User found from deny passdb But that's what I see if user logs in with GSSAPI: ... Oct 4 11:21:38 vm03 dovecot: auth: Debug: gssapi(testuser at REALM.LAN,172.17.0.123): Negotiated security layer Oct 4 11:21:38 vm03 dovecot: auth: Debug: client out: CONT#0111#011BQQF/wAMAAAAAAAAKSUwaQH///+3JRmZMw01WMX+CHM= Oct 4 11:21:38 vm03 dovecot: auth: Debug: client in: CONT Oct 4 11:21:38 vm03 dovecot: auth: Debug: client out: OK#0111#011user=testuser Oct 4 11:21:38 vm03 dovecot: auth: Debug: passwd-file(testuser,172.17.0.123): lookup: user=testuser file=/etc/dovecot/auth.d/.passwd-ldap Oct 4 11:21:38 vm03 dovecot: auth: Debug: master out: USER#0111632763905#011testuser#011home=/var/mail/realm.lan/testuser Oct 4 11:21:38 vm03 dovecot: imap-login: Login: user=, method=GSSAPI, rip=172.17.0.123, lip=172.25.0.35, mpid=1085 Here is my auth configuration: auth_mechanisms = plain login apop gssapi # Kerberos auth_realms = REALM.LAN auth_gssapi_hostname = vm03.realm.lan auth_krb5_keytab = /etc/dovecot/dovecot.keytab ###### # PASSDB # Denied users passdb { driver = passwd-file deny = yes args = username_format=%n /etc/dovecot/auth.d/%d.passwd-deny } # Internal manual passwd-file passdb { driver = passwd-file args = scheme=CRAM-MD5 username_format=%n /etc/dovecot/auth.d/%d.passwd # override_fields = allow_nets=127.0.0.0/8,172.16.0.0/12 } # External passwd-file passdb { driver = passwd-file args = scheme=CRAM-MD5 username_format=%n /etc/dovecot/auth.d/%d.passwd-ext } # Internal kerberos pam passdb { driver = pam args = max_requests=100 cache_key=%u%r dovecot # override_fields = allow_nets=127.0.0.0/8,172.16.0.0/12 } ###### #USERDB # Manual passwd-file userdb { driver = passwd-file args = username_format=%n /etc/dovecot/auth.d/%d.passwd # default_fields = home=/var/mail/%d/%n } # External passwd-file userdb { driver = passwd-file args = username_format=%n /etc/dovecot/auth.d/%d.passwd-ext # default_fields = home=/var/mail/%d/%n } # Automatic passwd-file, imported from LDAP. UserDB only userdb { driver = passwd-file args = username_format=%n /etc/dovecot/auth.d/%d.passwd-ldap # default_fields = home=/var/mail/%d/%n } ### END #### /etc/dovecot/auth.d/realm.lan.passwd-ldap: testuser:::::/var/mail/realm.lan/testuser:: testuser2:::::/var/mail/realm.lan/testuser:: ... /etc/dovecot/auth.d/realm.lan.passwd-deny: testuser /etc/dovecot/auth.d/realm.lan.passwd* are symlinked to /etc/dovecot/auth.d/.passwd* to allow users without domain part (auth_default_realm doesnt work with pam) I know that in my case I can just exclude denied users from .passwd-ldap file, and even use .passwd-deny as filter file:) But problem exists and should be solved, I think. Thanks. -- Best regards, Sergey Urushkin From jtl+dovecot at uvm.edu Tue Oct 4 20:31:44 2011 From: jtl+dovecot at uvm.edu (Jim Lawson) Date: Tue, 04 Oct 2011 13:31:44 -0400 Subject: [Dovecot] trouble setting up director, "invalid argument" for connect() call Message-ID: <4E8B4300.4060004@uvm.edu> Hi Timo & everyone, I'm trying out a 2-node director setup, but I keep getting the following error: Oct 3 16:11:29 imapdir1 dovecot: master: Dovecot v2.0.15 starting up (core dumps disabled) Oct 3 16:11:34 imapdir1 dovecot: director: Error: connect(132.198.100.150:9090) failed: Invalid argument Oct 3 16:11:41 imapdir1 last message repeated 3 times Both nodes report this error. The director on each node is listening on port 9090 just fine: > [root at imapdir1 ~]# nc imapdir2 9090 > VERSION director 1 0 > ME 127.0.0.1 9090 > [root at imapdir2 ~]# nc imapdir1 9090 > VERSION director 1 0 > ME 127.0.0.1 9090 "doveadm director ring status" always reports failure of the peer: > [root at imapdir1 ~]# doveadm director ring status > director ip port type last > failed > 127.0.0.1 9090 self > never > 132.198.100.150 9090 2011-10-04 > 13:28:55 > [root at imapdir2 ~]# doveadm director ring status > director ip port type last > failed > 127.0.0.1 9090 self > never > 132.198.100.149 9090 2011-10-04 > 13:24:08 Has anyone else seen this? FWIW, a single-node director works fine, proxying IMAP, LMTP and POP. I'm guessing I have a broken config, but if I do I can't figure it out. Hope I'm not missing something *too* obvious... Here's doveconf -n from imapdir1: # 2.0.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-274.3.1.el5 x86_64 Red Hat Enterprise Linux Server release 5.7 (Tikanga) base_dir = /var/run/dovecot/ director_mail_servers = penguina.uvm.edu penguinb.uvm.edu penguinc.uvm.edu director_servers = imapdir1.uvm.edu imapdir2.uvm.edu lmtp_proxy = yes login_trusted_networks = 132.198.101.211,132.198.101.212,132.198.101.213,132.198.101.214,132.198.101.215,132.198.101.216,132.198.100.45,132.198.100.46,132.198.100.47 passdb { args = proxy=y nopassword=y protocol=smtp driver = static } service auth { unix_listener auth-userdb { group = mail mode = 0660 user = dovecot } } service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { port = 9090 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director } service lmtp { client_limit = 1 inet_listener lmtp { port = 24 } unix_listener /var/lib/dovecot/lmtp-socket { group = root mode = 0600 user = root } } Best, Jim From listas.correo at yahoo.es Wed Oct 5 18:49:03 2011 From: listas.correo at yahoo.es (mailing lists) Date: Wed, 5 Oct 2011 16:49:03 +0100 (BST) Subject: [Dovecot] doveadm(user001): Fatal: passdb lookup failed Message-ID: <1317829743.39291.YahooMailNeo@web29105.mail.ird.yahoo.com> Hello all, why I can run whis command: imap1:~ # doveadm user user001 userdb: user001 ? mail????? : maildir:/var/maildir/vol04/4/46/user001 ? home????? : /var/mailfilter/vol04/4/46/user001 ? quota_rule: *:bytes=100000000 but not this one: imap1:~ # doveadm quota get -u user001 doveadm(user001): Error: user user001: Auth PASS lookup failed doveadm(user001): Fatal: passdb lookup failed what I'm missing ? ??? /-------------------/ imap1:/etc/dovecot # grep ^[^#] dovecot-ldap.conf.ext uris = ldap://ldap.example.com dn = cn=admin,dc=example,dc=com dnpass = secret sasl_bind = no tls = no auth_bind = yes ldap_version = 3 base = dc=example,dc=com deref = never scope = subtree user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home,mailQuota=quota_rule=*:bytes=%$ user_filter = (&(objectClass=CourierMailAccount)(uid=%n)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=CourierMailAccount)(uid=%n)) iterate_filter = (objectClass=CourierMailAccount) imap1:/etc/dovecot # dovecot -n # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.34.7-0.7-xen x86_64 openSUSE 11.3 (x86_64) auth_debug = yes auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no doveadm_proxy_port = 24244 doveadm_socket_path = localhost:24244 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_debug = yes mail_fsync = always mail_gid = 5000 mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = acl quota notify quota = maildir:User Quota quota_exceeded_message = Quota exceded quota_rule2 = Trash:storage=+50M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=90%% quota-warning 90 %u mail_uid = 5000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mmap_disable = yes namespace { ? inbox = yes ? list = yes ? location = ? prefix = ? separator = . ? subscriptions = yes } namespace { ? hidden = yes ? inbox = no ? list = no ? location = ? prefix = INBOX. ? separator = . ? subscriptions = no } namespace { ? list = children ? location = maildir:/var/virtual-maildir/%%n:INDEX=~/shared.%%n ? prefix = shared.%%n. ? separator = . ? subscriptions = no ? type = shared } passdb { ? args = /etc/dovecot/dovecot-ldap.conf.ext ? driver = ldap } plugin { ? acl = vfile ? acl_shared_dict = file:/var/maildir/shared-mailboxes ? mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append ? mail_log_fields = uid box msgid from subject size vsize flags ? mail_plugins = " mail_log notify" ? sieve = ~/.dovecot.sieve ? sieve_dir = ~/sieve } postmaster_address = nonresponse at example.com service auth { ? unix_listener auth-userdb { ??? group = vmail ??? mode = 0600 ??? user = vmail ? } } service dict { ? unix_listener dict { ??? group = vmail ??? mode = 0600 ??? user = vmail ? } } service doveadm { ? inet_listener { ??? port = 24244 ? } } service imap { ? process_limit = 1024 } service lmtp { ? inet_listener lmtp { ??? port = 24 ? } ? unix_listener lmtp { ??? group = vmail ??? mode = 0666 ??? user = vmail ? } } service pop3-login { ? inet_listener pop3 { ??? port = 110 ? } } service pop3 { ? process_limit = 1024 } service quota-warning { ? executable = script /etc/dovecot/quota-warning.sh ? user = vmail } ssl = no userdb { ? args = /etc/dovecot/dovecot-ldap.conf.ext ? driver = ldap } verbose_proctitle = yes protocol lmtp { ? mail_plugins = acl quota notify sieve } protocol lda { ? mail_plugins = acl quota notify sieve } protocol imap { ? mail_max_userip_connections = 100 ? mail_plugins = acl quota notify imap_acl autocreate imap_quota } protocol pop3 { ? pop3_uidl_format = %v-%u } local 100.1.245.101/28/28 { ? doveadm_password = secret } From pbrechler at mac.com Wed Oct 5 19:11:25 2011 From: pbrechler at mac.com (Philip Brechler) Date: Wed, 05 Oct 2011 18:11:25 +0200 Subject: [Dovecot] Dovecot + managesieve + ldap not working Message-ID: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> Hi, I want to use managesieve in my dovecot server which uses virtual users and a ldap for the users. This is in my dovecot.conf: # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 3.0.0-x86_64-jb1 x86_64 Debian 6.0.1 ext3 log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot-info.log log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps managesieve listen(default): * listen(imap): * listen(managesieve): *:2000 disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_uid: 5000 mail_gid: 5000 mail_location: maildir:/var/mail/%u/Maildir mail_debug: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve lda: postmaster_address: pbrechler at piratenfraktion-berlin.de mail_plugins: sieve mail_plugin_dir: /usr/lib/dovecot/modules/lda auth default: mechanisms: plain login verbose: yes debug: yes passdb: driver: pam passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: sieve_dir: /var/mail/sievescript/%u_scripts/ sieve_extensions: +imapflags And my ldap conf: hosts = ldap.piratenfraktion-berlin.de auth_bind = yes auth_bind_userdn = uid=%u,ou=people,dc=domain,dc=de ldap_version = 3 base = dc=domaindc=de deref = never scope = subtree user_attrs = uid=mail=maildir:/var/mail/%$/Maildir/ user_filter = (|(&(objectClass=organizationalPerson)(uid=%Ln))(&(objectClass=organizationalPerson)(mail=%Lu))) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=organizationalPerson)(uid=%u)) If I try to talk to managesieve with telnet this happens: Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "dovecot" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator- i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags" "SASL" "PLAIN LOGIN" "STARTTLS" "NOTIFY" "mailto" "VERSION" "1.0" OK "Dovecot ready." # ca. 2 Seconds pause AUTHENTICATE "PLAIN" "xxxxxxxxxxxxx" BYE "Internal error occured. Refer to server log for more information. [2011-10-02 00:48:09]" Connection closed by foreign host. Dies is a log reading 2011-10-02 00:48:09 MANAGESIEVE(user): Fatal: Failed to create sieve storage with data: /var/mail/sievescript/user_scripts But the permissions are 775 dovecot:dovecot and the system tells me that dovecot was the last user who had access to the directory. Can someone help me? Thanks! kind regards Philip Brechler -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4755 bytes Desc: not available URL: From stephan at rename-it.nl Wed Oct 5 22:04:31 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 05 Oct 2011 21:04:31 +0200 Subject: [Dovecot] Dovecot + managesieve + ldap not working In-Reply-To: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> References: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> Message-ID: <4E8CAA3F.6010405@rename-it.nl> On 10/5/2011 6:11 PM, Philip Brechler wrote: > I want to use managesieve in my dovecot server which uses virtual users and a ldap for the users. This is in my dovecot.conf: > > # 1.2.15: /etc/dovecot/dovecot.conf [...] > mail_location: maildir:/var/mail/%u/Maildir > mail_debug: yes [...] > plugin: > sieve_dir: /var/mail/sievescript/%u_scripts/ [...] > If I try to talk to managesieve with telnet this happens: > > BYE "Internal error occured. Refer to server log for more information. [2011-10-02 00:48:09]" > Connection closed by foreign host. > > Dies is a log reading > > 2011-10-02 00:48:09 MANAGESIEVE(user): Fatal: Failed to create sieve storage with data: /var/mail/sievescript/user_scripts > > But the permissions are 775 dovecot:dovecot and the system tells me that dovecot was the last user who had access to the directory. I'd expect to see more errors and debug messages preceding the log line above. Looking at your config, I suspect your problem has something to do with the fact that you provide no 'home' directory for your users. The default location of the active sieve script (as configured with sieve=) is ~/.dovecot.sieve. You don't override this, so this is what you are now using. Since no home directory is defined, ~/ cannot be substituted, causing this failure (there must be an error about this in your logs somewhere). You can do something analogous to your sieve_dir setting and use % variable substitution in your sieve= setting. Still, having no home directory for your users is a bad idea. Read the wiki for more information: http://wiki2.dovecot.org/VirtualUsers/Home Also read this carefully: http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Configuration Regards, Stephan. From pbrechler at mac.com Wed Oct 5 22:20:41 2011 From: pbrechler at mac.com (Philip Brechler) Date: Wed, 05 Oct 2011 21:20:41 +0200 Subject: [Dovecot] Dovecot + managesieve + ldap not working In-Reply-To: <4E8CAA3F.6010405@rename-it.nl> References: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> <4E8CAA3F.6010405@rename-it.nl> Message-ID: <1F1F4640-2532-40EF-A06C-B3D881F9C3A5@mac.com> Am 05.10.2011 um 21:04 schrieb Stephan Bosch: > On 10/5/2011 6:11 PM, Philip Brechler wrote: > > I'd expect to see more errors and debug messages preceding the log line above. > > Looking at your config, I suspect your problem has something to do with the fact that you provide no 'home' directory for your users. The default location of the active sieve script (as configured with sieve=) is ~/.dovecot.sieve. You don't override this, so this is what you are now using. Since no home directory is defined, ~/ cannot be substituted, causing this failure (there must be an error about this in your logs somewhere). You can do something analogous to your sieve_dir setting and use % variable substitution in your sieve= setting. Still, having no home directory for your users is a bad idea. Read the wiki for more information: > > http://wiki2.dovecot.org/VirtualUsers/Home > > Also read this carefully: > > http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Configuration > Hi, thanks for your fast response I added a sieve= Option and now I get this log reading until it fails with the same error massage in telnet Info: client out: OK 1 user=user 2011-10-05 21:15:53 auth(default): Info: master in: REQUEST 3 12101 1 2011-10-05 21:15:53 auth(default): Info: ldap(user,127.0.0.1): user search: base=dc=piratenfraktion-berlin,dc=de scope=subtree filter=(|(&(objectClass=organizationalPerson)(uid=user))(&(objectClass=organizationalPerson)(mail=user))) fields=uid 2011-10-05 21:15:53 auth(default): Info: ldap(user,127.0.0.1): result: uid(mail=maildir:/var/mail/%$/Maildir/)=maildir:/var/mail/user/Maildir/ 2011-10-05 21:15:53 auth(default): Info: master out: USER 3 user mail=maildir:/var/mail/user/Maildir/ 2011-10-05 21:15:53 managesieve-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured 2011-10-05 21:15:53 MANAGESIEVE(user): Info: Effective uid=5000, gid=5000, home=(none) 2011-10-05 21:15:53 MANAGESIEVE(user): Info: sieve-storage: using active sieve script path: /var/var/mail/sievescript/user_scripts/.dovecot.sieve 2011-10-05 21:15:53 MANAGESIEVE(user): Info: sieve-storage: using sieve script storage directory: /var/mail/sievescript/user_scripts/ That's it no more errors or anything. thanks. Philip -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4755 bytes Desc: not available URL: From stephan at rename-it.nl Wed Oct 5 22:46:37 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 05 Oct 2011 21:46:37 +0200 Subject: [Dovecot] Dovecot + managesieve + ldap not working In-Reply-To: <1F1F4640-2532-40EF-A06C-B3D881F9C3A5@mac.com> References: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> <4E8CAA3F.6010405@rename-it.nl> <1F1F4640-2532-40EF-A06C-B3D881F9C3A5@mac.com> Message-ID: <4E8CB41D.5010007@rename-it.nl> On 10/5/2011 9:20 PM, Philip Brechler wrote: > Am 05.10.2011 um 21:04 schrieb Stephan Bosch: > >> On 10/5/2011 6:11 PM, Philip Brechler wrote: >> >> I'd expect to see more errors and debug messages preceding the log line above. >> >> Looking at your config, I suspect your problem has something to do with the fact that you provide no 'home' directory for your users. The default location of the active sieve script (as configured with sieve=) is ~/.dovecot.sieve. You don't override this, so this is what you are now using. Since no home directory is defined, ~/ cannot be substituted, causing this failure (there must be an error about this in your logs somewhere). You can do something analogous to your sieve_dir setting and use % variable substitution in your sieve= setting. Still, having no home directory for your users is a bad idea. Read the wiki for more information: >> >> http://wiki2.dovecot.org/VirtualUsers/Home >> >> Also read this carefully: >> >> http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Configuration >> > Hi, > thanks for your fast response I added a sieve= Option and now I get this log reading until it fails with the same error massage in telnet > > Info: client out: OK 1 user=user > 2011-10-05 21:15:53 auth(default): Info: master in: REQUEST 3 12101 1 > 2011-10-05 21:15:53 auth(default): Info: ldap(user,127.0.0.1): user search: base=dc=piratenfraktion-berlin,dc=de scope=subtree filter=(|(&(objectClass=organizationalPerson)(uid=user))(&(objectClass=organizationalPerson)(mail=user))) fields=uid > 2011-10-05 21:15:53 auth(default): Info: ldap(user,127.0.0.1): result: uid(mail=maildir:/var/mail/%$/Maildir/)=maildir:/var/mail/user/Maildir/ > 2011-10-05 21:15:53 auth(default): Info: master out: USER 3 user mail=maildir:/var/mail/user/Maildir/ > 2011-10-05 21:15:53 managesieve-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured > 2011-10-05 21:15:53 MANAGESIEVE(user): Info: Effective uid=5000, gid=5000, home=(none) > 2011-10-05 21:15:53 MANAGESIEVE(user): Info: sieve-storage: using active sieve script path: /var/var/mail/sievescript/user_scripts/.dovecot.sieve > 2011-10-05 21:15:53 MANAGESIEVE(user): Info: sieve-storage: using sieve script storage directory: /var/mail/sievescript/user_scripts/ > > That's it no more errors or anything. In fact, I see no errors at all. That is not possible if you get that same critical error in telnet. I would also expect the following additional debug message: MANAGESIEVE(user): Info: sieve-storage: relative path to sieve storage in active link: ... Or an error aboutsieve_storage_verify_dir() failing. I'm not sure what is going on at your end. Make sure you are checking the correct log file: the BYE error in telnet has a time stamp that matches the line in your log file. Two additional things I notice: - You still don't return a home directory from your userdb. - You placed the active sieve script link (.dovecot.sieve) inside your sieve_dir directory (/var/mail/sievescript/user_scripts/). That is not recommended. I would recommend something like the following: sieve_dir=/var/mail/sievescript/%u/scripts/ sieve=/var/mail/sievescript/%u/.dovecot.sieve Regards, Stephan. From jtl+dovecot at uvm.edu Wed Oct 5 23:31:15 2011 From: jtl+dovecot at uvm.edu (Jim Lawson) Date: Wed, 05 Oct 2011 16:31:15 -0400 Subject: [Dovecot] trouble setting up director, "invalid argument" for connect() call [SOLVED] In-Reply-To: <4E8B4300.4060004@uvm.edu> References: <4E8B4300.4060004@uvm.edu> Message-ID: <4E8CBE93.4030603@uvm.edu> On 10/4/11 13:31 , Jim Lawson wrote: > Hi Timo & everyone, > > I'm trying out a 2-node director setup, but I keep getting the following > error: > > Oct 3 16:11:29 imapdir1 dovecot: master: Dovecot v2.0.15 starting up > (core dumps disabled) > Oct 3 16:11:34 imapdir1 dovecot: director: Error: > connect(132.198.100.150:9090) failed: Invalid argument > Oct 3 16:11:41 imapdir1 last message repeated 3 times I was specifying DNS names in director_servers (imapdir1.uvm.edu, imapdir2.uvm.edu). /etc/hosts listed 127.0.0.1 as the address for the local host name (in addition to "localhost"). This can happen on some RHEL installs that begin their life as DHCP clients. So when the director tried to figure out its self_ip, it always picked 127.0.0.1. Calling connect() using a localhost socket with a non-local address as destination just doesn't work so well, I guess. Seeing 127.0.0.1 as "self" in "doveadm director ring status" should have been a clue, but I hadn't seen the output before to have anything to compare it to. 2 easy fixes: specify real IP addresses in the director_servers config, or don't list 127.0.0.1 as your local hostname in /etc/hosts. Jim From mephistopheles at operamail.com Thu Oct 6 00:49:59 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Wed, 05 Oct 2011 14:49:59 -0700 Subject: [Dovecot] Only using LMTP-delivery, where should domain & user aliases be configured, Dovecot or MTA conf? Message-ID: <1317851399.18827.140258151483397@webmail.messagingengine.com> I have my MTA (Postfix) check Dovecot2 LMTP for existing users. No other delivery is done; this is a virtual/LMTP-only setup. I define known users in a Dovecot passwd-file, specified in conf.d/10-auth.conf passdb { args = ... username_format=%n /stor01/vmail/auth.d/%d/passwd e.g., vi /stor01/vmail/auth.d/mx1.domain1.com/passwd myuser:{scheme}####:... mail to: myuser at mx1.domain1.com is correctly auth'd and stored. I want two things to happen: (1) all mail to existing-users "@domain1.com" gets re-routed to "@mx1.domain1.com", i.e., map: myuser at domain1.com -> myuser at mx1.domain1.com and is accepted/not-rejected ONLY if 'myuser' is defined as a user in mx1.domain1.com/passwd and, (2) specific 'user' aliasing/remapping within a given domain, i.e. map: whatever at mx1.domain1.com -> myuser at mx1.domain1.com as long as 'myuser' is a defined user in mx1.domain1.com In these cases, where should I assign domain & mail aliases, Dovecot or the MTA's conf ? From charleschat at hotmail.com Thu Oct 6 02:11:31 2011 From: charleschat at hotmail.com (Ed Hochman) Date: Wed, 5 Oct 2011 19:11:31 -0400 Subject: [Dovecot] I'm the ONLY user that can get mail Message-ID: Hi, I'm stumped. I can access the postfix server to read my mail. BUT I'm the only user that can. Everyone else get rejected. Here's the syslog entry for another user: ...dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=192.168.0.51, lip=192.168.0.189 And here's an entry for me: ...dovecot: pop3-login: Login: user=, method=PLAIN, rip=192.168.0.51, lip=192.168.0.189 So ONLY I am able to get my mail. And this is consistent. The other users and passwords are valid. I've re-set them just to be sure. I suspect it's a rights issue but I've checked the rights for all /var/mail files and they're all the same except the owner of the file is the actual owner. I also checked all the rights for the files in /etc/dovecot. They all look OK and they all have root/root for the owner and user. Since I installed the system and did all the editing of the configuration files it's possible, but unlikely, that I'm the owner or group of some key file. I've looked for that but found nothing suspicious. Is it possible I may have given myself root access? I don't see how. My UID is 1000. Does the fact I'm the first user (per my UID) make a difference? I would think not. So I'm stumped. I don't have a clue as to where to look or what to do next. Any thoughts will be greatly appreciated. This is Dovecot 1.2.15 on Ubuntu 11.04. A new/clean install. Plaintext passwords are allowed. Here's dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 protocols: pop3 disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/pop3-login mail_privileged_group: mail mbox_write_locks: fcntl dotlock mail_executable: /usr/lib/dovecot/pop3 mail_plugin_dir: /usr/lib/dovecot/modules/pop3 auth default: passdb: driver: passwd passdb: driver: passwd-file args: /etc/passwd.dovecot userdb: driver: passwd Thanks From mimo at gn.apc.org Thu Oct 6 14:42:48 2011 From: mimo at gn.apc.org (Michael Moritz) Date: Thu, 6 Oct 2011 12:42:48 +0100 Subject: [Dovecot] too many open files and v1.2 Message-ID: <201110061242.48615.mimo@gn.apc.org> Hi I've found an older thread http://www.dovecot.org/list/dovecot/2010-March/047886.html which mentions that this is a bug in version 1. I'm on Debian squeeze (1:1.2.15-7) and got errors like these recently Oct 5 11:29:29 mail dovecot: dovecot: pipe() failed: Too many open files Oct 5 11:29:32 mail dovecot: dovecot: pipe() failed: Too many open files Oct 5 11:29:32 mail dovecot: dovecot: Temporary failure in creating login processes, slowing down for now As a work around I've increased login_max_processes_count from 256 to 512 and it seems to have helped (as I suspected stale opened files). My colleague thinks it's hitting the kernel open file limit ulimit -n (currently at 1024) but I don't see how that could happen if the number of process is nowhere near that. Any ideas? Thanks, Michael From dmiller at amfes.com Thu Oct 6 18:38:21 2011 From: dmiller at amfes.com (Daniel L. Miller) Date: Thu, 06 Oct 2011 08:38:21 -0700 Subject: [Dovecot] Group ACL Message-ID: Using Dovecot 2.0, LDAP userdb & passdb, with prefetch: hosts = myhost.mydomain dn = cn=x,cn=y dnpass = xyz123 auth_bind = yes auth_bind_userdn = uid=%n,ou=users,dc=x ldap_version = 3 base = ou=Users, dc=x user_attrs = =home=/var/mail/%d/%n, \ =mail=mdbox:/var/mail/%d/%n/mdbox, \ =uid=vmail, \ =gid=mail user_filter = (&(objectClass=inetOrgPerson)(mail=%u)) pass_attrs = mail=user, \ userPassword=password, \ =userdb_home=/var/mail/%d/%n, \ =userdb_mail=mdbox:/var/mail/%d/%n/mdbox, \ =userdb_uid=vmail, \ =userdb_gid=mail, \ =userdb_acl_groups='allshared' pass_filter = (&(objectClass=inetOrgPerson)(mail=%u)) iterate_attrs = mail=user iterate_filter = (&(objectClass=inetOrgPerson)(mail=*)) default_pass_scheme = plain I have added permissions for "$allshared" to a mailbox's Inbox. It does not appear in the shared folders list. Other mailboxes, with explicit permission for a given username, work fine. What am I doing wrong? -- Daniel From micah at riseup.net Thu Oct 6 20:22:29 2011 From: micah at riseup.net (Micah Anderson) Date: Thu, 06 Oct 2011 13:22:29 -0400 Subject: [Dovecot] dsync with quotas References: <8762kozbzo.fsf@algae.riseup.net> Message-ID: <87mxderq5m.fsf@algae.riseup.net> Micah Anderson writes: > I have been working on converting people from courier maildir -> dovecot > mdbox and during some of the dsync runs I'm seeing the > quota_exceeded_message be printed as an Error: > > dsync(): Error: Can't save message to mailbox INBOX: You are over quota. To avoid losing mail, immediately empty your Trash and Sent folders and \ > delete emails with large attachments. > dsync(): Info: INBOX: Couldn't keep all uids^M > > Its possible the user was over quota on the originating courier side, > but I would still like to migrate their mail proprely to mdbox, but it > seems like being over quota is inhibiting that. Are the quota > calculations including both the maildir files as well as the converted > mdbox files, resulting in a double counting? > > I'm not entirely sure if the messages above indicate that the migration > failed for that user or not, so I've been manually increasing their > quota, then redoing the dsync mirror until it works properly. > > I wonder if it would be better if I turned off quota entirely during > migration so I don't run into this problem? Sorry to 'bump' this subject, but I'm still confused about this issue and nobody replied, perhaps nobody has any ideas? :) micah From micah at riseup.net Fri Oct 7 00:23:50 2011 From: micah at riseup.net (Micah Anderson) Date: Thu, 06 Oct 2011 17:23:50 -0400 Subject: [Dovecot] doveadm mailbox subscribe wildcard Message-ID: <87aa9dstjt.fsf@algae.riseup.net> Hi, I noticed that wildcards work like the following, as described in the man page: # doveadm mailbox list -s -u bob dovecot* dovecot dovecot/pigeonhole dovecot/pigeonhole/2.0 however, wildcard subscriptions don't work: # doveadm mailbox subscribe -u bob dovecot* # doveadm mailbox list -s -u bob dovecot* dovecot dovecot* dovecot/pigeonhole dovecot/pigeonhole/2.0 It seems I subscribed the non-existant mailbox called 'dovecot*' -- is there a better way to handle this? thanks! micah -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From user+dovecot at localhost.localdomain.org Fri Oct 7 01:02:35 2011 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Fri, 07 Oct 2011 00:02:35 +0200 Subject: [Dovecot] doveadm mailbox subscribe wildcard In-Reply-To: <87aa9dstjt.fsf@algae.riseup.net> References: <87aa9dstjt.fsf@algae.riseup.net> Message-ID: <4E8E257B.7000303@localhost.localdomain.org> On 10/06/2011 11:23 PM Micah Anderson wrote: > > Hi, > > I noticed that wildcards work like the following, as described in the > man page: > > # doveadm mailbox list -s -u bob dovecot* > dovecot > dovecot/pigeonhole > dovecot/pigeonhole/2.0 > > however, wildcard subscriptions don't work: Why should it work? Where is 'wildcard subscribing' documented? > # doveadm mailbox subscribe -u bob dovecot* > > # doveadm mailbox list -s -u bob dovecot* > dovecot > dovecot* > dovecot/pigeonhole > dovecot/pigeonhole/2.0 > > It seems I subscribed the non-existant mailbox called 'dovecot*' -- is > there a better way to handle this? for box in `doveadm mailbox list dovecot\*` do doveadm mailbox subscribe $box done Regards, Pascal -- The trapper recommends today: defaced.1127923 at localdomain.org From tgoguen at ilap.com Fri Oct 7 04:14:54 2011 From: tgoguen at ilap.com (Tristan Goguen) Date: Thu, 6 Oct 2011 21:14:54 -0400 Subject: [Dovecot] Using dsync to synchronize pop3 mailbox <-> pop3 mailbox Message-ID: Hi All, We're trying to get dsync to synchronize pop3 mailboxes on multiple servers. Is this possible? Any hints are appreciated. Thanks, Tristan Tristan Goguen CEO, ILAP? T: 416-250-5600 ext. 205 F: 416-250-6755 tgoguen at ilap.com www.ilap.com From alec at alec.pl Fri Oct 7 10:02:52 2011 From: alec at alec.pl (A.L.E.C) Date: Fri, 07 Oct 2011 09:02:52 +0200 Subject: [Dovecot] doveadm mailbox subscribe wildcard In-Reply-To: <87aa9dstjt.fsf@algae.riseup.net> References: <87aa9dstjt.fsf@algae.riseup.net> Message-ID: <4E8EA41C.8020908@alec.pl> On 2011-10-06 23:23, Micah Anderson wrote: > # doveadm mailbox list -s -u bob dovecot* # doveadm mailbox > subscribe -u bob dovecot* RFC3501. Wildcards are allowed only in LIST/LSUB commands. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl From mdunlap at mail.breakawaysystems.com Thu Oct 6 22:52:22 2011 From: mdunlap at mail.breakawaysystems.com (mdunlap) Date: Thu, 06 Oct 2011 14:52:22 -0500 Subject: [Dovecot] I'm the ONLY user that can get mail In-Reply-To: References: Message-ID: <854c1fcf23fc6676c7eb8f23574f328d@mail.breakawaysystems.com> So youre sure the mail isn't being delivered to the users maildir? but you just can't access it with IMAP. You can test authentication if using saslauthd by typing 'sudo testsaslauthd -u username -p password -s smtp'. Just some thoughts. On Wed, 5 Oct 2011 19:11:31 -0400, Ed Hochman wrote: > Hi, > > > > I'm stumped. I can access the postfix server to read my mail. > > > > BUT I'm the only user that can. > > > > Everyone else get rejected. > > > > Here's the syslog entry for another user: > > ...dovecot: pop3-login: Disconnected (auth failed, 1 attempts): > user=, method=PLAIN, rip=192.168.0.51, lip=192.168.0.189 > > > > And here's an entry for me: > > ...dovecot: pop3-login: Login: user=, method=PLAIN, > rip=192.168.0.51, lip=192.168.0.189 > > > > So ONLY I am able to get my mail. And this is consistent. > > > > The other users and passwords are valid. I've re-set them just to be > sure. > > > > I suspect it's a rights issue but I've checked the rights for all > /var/mail files and they're all the same except the owner of the file > is > the actual owner. > > > > I also checked all the rights for the files in /etc/dovecot. They > all > look OK and they all have root/root for the owner and user. > > > > Since I installed the system and did all the editing of the > configuration files it's possible, but unlikely, that I'm the owner > or > group of some key file. I've looked for that but found nothing > suspicious. > > > > Is it possible I may have given myself root access? I don't see how. > My UID is 1000. Does the fact I'm the first user (per my UID) make a > difference? I would think not. > > > > So I'm stumped. I don't have a clue as to where to look or what to > do next. > > > > Any thoughts will be greatly appreciated. > > > > This is Dovecot 1.2.15 on Ubuntu 11.04. A new/clean install. > > Plaintext passwords are allowed. > > Here's dovecot -n > # 1.2.15: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 > protocols: pop3 > disable_plaintext_auth: no > login_dir: /var/run/dovecot/login > login_executable: /usr/lib/dovecot/pop3-login > mail_privileged_group: mail > mbox_write_locks: fcntl dotlock > mail_executable: /usr/lib/dovecot/pop3 > mail_plugin_dir: /usr/lib/dovecot/modules/pop3 > auth default: > passdb: > driver: passwd > passdb: > driver: passwd-file > args: /etc/passwd.dovecot > userdb: > driver: passwd > > > > > > Thanks From micah at riseup.net Fri Oct 7 18:09:21 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 07 Oct 2011 11:09:21 -0400 Subject: [Dovecot] Safely restoring backups Message-ID: <87sjn4rg7y.fsf@algae.riseup.net> I'm trying to determine what the best way to restore mail with mdbox is. Restoring using maildir was trivial, I just used rsync --ignore-existing which wrote any mails that were removed and didn't touch things that already existed[1]. With mdbox things have become more complicated, and I haven't found a way to restore mail that doesn't result in many message duplicates. My backup setup is simple, I'm doing daily rsync backups of user's mailstores, as well as weekly backups, so I end up having on my backup server daily.1, daily.2, daily.3, daily.4, weekly.1, weekly.2... each containing the entire contents of the user's mdbox. The different restore methods I've tried are: 1. I tried rsyncing the different backup directories back to the mail storage host, and then doing: 'dsync -R backup -u $user mdbox:/path/to/to/daily.1/mdbox'[2] 'dsync -R backup -u $user mdbox:/path/to/to/daily.2/mdbox' This works ok, but it gives duplicates of every mail that already exists for every daily/weekly I dsync. This is what the rsync --ignore-existing avoided. This is particularly annoying if I restore the weekly, and multiple daily directories, because then you get a copy for every one you restore. I had thought that the individual message's GIDs would keep them from being duplicated? 2. I also tried to use 'doveadm import' in two different ways. The first way I created a 'restored_from_backups' folder and then import each of the daily.#, weekly.# mdboxes into their own subfolder within that folder, for example: 'doveadm import -u $username mdbox:/path/to/daily.1/mdbox restored_from_backups/daily1 all' 'doveadm import -u $username mdbox:/path/to/daily.2/mdbox restored_from_backups/daily2 all' ... etc. I then go through and subscribe the new folders[3] and the user ends up with a folder structure like this: restored_from_backups/ daily.1/ INBOX Trash folder1 folder2 daily.2 INBOX Trash folder1 folder2 etc. This works fine, except that it results in the user having a entire duplicate copies of their mailbox for each daily/weekly that I restore. That will quickly bring people over quota. 3. I also tried to use 'doveadm import' to import all the different directories all into the same restored_from_backups directory, so there are no subdirectories for each daily/weekly under restored_from_backups, like so: 'doveadm mailbox create -u $user -s restored_from_backups' 'doveadm -v -D import -u $user mdbox:/path/to/daily.1/mdbox restored_from_backups all' I then go through and subscribe the folders[3]. Using this method, the 'restored_from_backups' mailbox is created, and populated with the folders. The only problem with this method is the same as method #1: for every backup I restore, mails are duplicated. Is there a way I can restore things from backup and avoid duplicates? Is there another method I should try? thanks for any ideas, pointers, suggestions for improvement, etc. micah 1. this would of course bring back mails that were deleted, but that was fine as the user could deal with that. 2. yes, I know I could setup dsync on the backup server, and use dsync directly to pull the mails from there, but this is complicated in my situation due to how the backupserver works. 3. why doesn't doveadm import have a -s option to subscribe? -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From micah at riseup.net Fri Oct 7 18:30:05 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 07 Oct 2011 11:30:05 -0400 Subject: [Dovecot] doveadm mailbox subscribe wildcard References: <87aa9dstjt.fsf@algae.riseup.net> <4E8EA41C.8020908@alec.pl> Message-ID: <87obxsrf9e.fsf@algae.riseup.net> "A.L.E.C" writes: > On 2011-10-06 23:23, Micah Anderson wrote: >> # doveadm mailbox list -s -u bob dovecot* # doveadm mailbox >> subscribe -u bob dovecot* > > RFC3501. Wildcards are allowed only in LIST/LSUB commands. Aha, thanks! I'll use the for loop method to achieve what I want. micah -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From micah at riseup.net Fri Oct 7 18:34:03 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 07 Oct 2011 11:34:03 -0400 Subject: [Dovecot] doveadm mailbox list shows file system directories as mailboxes References: <20110922115223.73054v8up83ej0wg@webmail.hrz.uni-giessen.de> Message-ID: <87hb3krf2s.fsf@algae.riseup.net> J?rgen Obermann writes: > Hello. > In our dovecvot we use mbox format with the default filesystem layout. > Therefore it is not possible to have mailboxes which are subfolders of other > mailboxes containing messages. > The command "doveadm mailbox list" includes the file system directories, that > contain only subfolders, as normal mailboxes in the output: > > archiv > archiv/daemon > archiv/dovecot Did you perhaps do a 'doveadm mailbox subscribe' with a wildcard and the shell expanded it? micah From micah at riseup.net Fri Oct 7 19:43:15 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 07 Oct 2011 12:43:15 -0400 Subject: [Dovecot] lazy expunge namespaces Message-ID: <87d3e8rbvg.fsf@algae.riseup.net> I turned on lazy_expunge and configured a namespace following the wiki[0] instructions for mdbox configuration: namespace { inbox = yes location = prefix = separator = . } namespace { hidden = yes inbox = no list = no location = prefix = INBOX. separator = . } namespace { location = mdbox:~/mdbox:MAILBOXDIR=expunged prefix = EXPUNGED. separator = . } This created an EXPUNGED mailbox in my client (thunderbird), which was greyed out. When I deleted things, they got put in the EXPUNGED mailbox, as expected, but I could not access them to try and "restore" them. The server would say that the mailbox did not exist. micah 0. http://wiki2.dovecot.org/Plugins/Lazyexpunge -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From mephistopheles at operamail.com Fri Oct 7 21:43:26 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Fri, 07 Oct 2011 11:43:26 -0700 Subject: [Dovecot] Syntax to specify sdbox: mail_location path? Message-ID: <1318013006.28193.140258152251553@webmail.messagingengine.com> I'm implementing sdbox. In conf.d/10-mail.conf, with "maildir:" mail_location = maildir:/my_mailbox_path/%d/%n mail gets stored in /my_mailbox_path/%d/%n/new/ With "sdbox:" mail_location = sdbox:/my_mailbox_path/%d/%n mail gets stored in /my_mailbox_path/%d/%n/mailboxes/INBOX/dbox-Mails. How do I get rid of the '/mailboxes/' and '/dbox-Mails/' path components so sdbox stores in: /my_mailbox_path/%d/%n/INBOX @ wiki2.dovecot.org/MailboxFormat/dbox#Alternate_storage points out that 'ALT=' can change the *lookup* location, and messages can be *moved* to ALT storage using 'doveadm altmove'. Unclear what TAGS are available/used for 'sdbox'. From dmiller at amfes.com Sat Oct 8 09:08:34 2011 From: dmiller at amfes.com (Daniel L. Miller) Date: Fri, 07 Oct 2011 23:08:34 -0700 Subject: [Dovecot] Group ACL In-Reply-To: <4E8DCB6D.5060404@amfes.com> References: <4E8DCB6D.5060404@amfes.com> Message-ID: On 10/6/2011 8:38 AM, Daniel L. Miller wrote: > Using Dovecot 2.0, LDAP userdb & passdb, with prefetch: > > [..] > > I have added permissions for "$allshared" to a mailbox's Inbox. It > does not appear in the shared folders list. Other mailboxes, with > explicit permission for a given username, work fine. What am I doing > wrong? > Am I, as usual, doing something wrong? -- Daniel From koshikov at gmail.com Sat Oct 8 16:09:38 2011 From: koshikov at gmail.com (Nikita Koshikov) Date: Sat, 8 Oct 2011 16:09:38 +0300 Subject: [Dovecot] Timeout leak in get quota In-Reply-To: <4E846D31.6010900@gmail.com> References: <4E846D31.6010900@gmail.com> Message-ID: <20111008160938.3dcd2aaa@jimbo> On Thu, 29 Sep 2011 15:05:53 +0200 Danilo wrote: > Hello! > I wrote perl script for read current quota usage, it works but when I run the > program I receive a warning in Dovecot log: > > 2011-09-29 14:45:30 doveadm(guest at testmail.com): Warning: Timeout leak: > 0x7f14800ad970 > > This is the script: > =============================== > #!/usr/bin/perl > > use strict; > use Socket; > use IO::Handle; > > socket(TSOCK, PF_UNIX, SOCK_STREAM,0); > connect(TSOCK, sockaddr_un("/var/run/dovecot/doveadm-server")) or print("ERROR!"); > > print "VERSION\tdoveadm-server\t1\t0\n"; > print "\tguest\@testmail.com\tquota get\n"; > print "=" x 20 . "\n"; > > if (defined(my $messg = )) { > > print $messg; > > print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; > TSOCK->flush; > > print TSOCK "\tguest\@testmail.com\tquota get\n"; > TSOCK->flush; > > $messg = ; > print $messg; > > $messg = ; > print $messg; > > close TSOCK; > } > ============================= > I hope someone could help me to fix the warning. > Thanks in advance, > Dany I'm using doveadm socket too for getting quota values. No warning. The main difference from yours script that I'm also using auth: print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; print TSOCK "PLAIN\tbase64_encoded_pass_here\n"; print TSOCK "\t$local_part\@$domain\tquota get\n"; TSOCK->flush; Dovecot version 2.0.15 From m.fresel at hi-competence.eu Sun Oct 9 17:21:41 2011 From: m.fresel at hi-competence.eu (Fresel Michal - hi competence e.U.) Date: Sun, 9 Oct 2011 16:21:41 +0200 Subject: [Dovecot] using ecc-certificates (ellyptic curve) will not establish connection Message-ID: <392E878E-4AF2-4E8F-8CF5-CAC5F1A5B4BF@hi-competence.eu> hi I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :( I tried to test using following scenario: machine: debian 6 (x64) dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing) creating keys+cert for ecc (i.e. curves prime192v1, secp521r1) # openssl ecparam -name prime192v1 -genkey -out prime192v1.key # openssl req -new -key prime192v1.key -out prime192v1.csr # openssl req -x509 -in prime192v1.csr -key prime192v1.key -out prime192v1.crt testing these in 2 windows # openssl s_server -cert prime192v1.crt -key prime192v1.key -www # openssl s_client note: when using the default openssl version 0.9.8o-4squeeze3 you need to append -cipher ECCdraft output (cut) ... New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES256-SHA Server public key is 192 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : SSLv3 Cipher : ECDHE-ECDSA-AES256-SHA Session-ID: xxxxx Session-ID-ctx: Master-Key: xxxxx Key-Arg : None PSK identity: None PSK identity hint: None Compression: 1 (zlib compression) Start Time: xxxxx Timeout : 7200 (sec) Verify return code: 18 (self signed certificate) looks promising - also for the secp521r1 curve but when changing dovecot.conf to use these keys and certificates it won't use them and return errors # openssl s_client -port 993 CONNECTED(00000003) 140543456835240:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1195:SSL alert number 40 140543456835240:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:591: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None Start Time: xxxxx Timeout : 7200 (sec) Verify return code: 0 (ok) --- and the log gives (using verbose_ssl = yes in dovecot.conf) ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] from doveconf -a: ssl = required ssl_ca = ssl_cert = Reading the wiki page for dovecot2 and LDA/Postfix, the system users section (all mail delivery goes to system users)... It shows you can simply use postfix mailbox_command. There is this additional comment: "This command doesn't do a userdb lookup. If you want that (e.g. for per-user quota lookups) you need to add -d "$USER" parameter." So, i added that. Once adding it, I find I get an error: dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied Using mailbox_command in Postfix means that dovecot-lda is running as the system user getting the mail. Which means it can't access the socket file. Of course, one can simply use mode 666 on it, but, then people can use it to find out information according to the doc, which I do not want. So, I am not sure why the doc says to add -d for per user quotas, without also mentioning the problem with doing that. I don't see how it can work? Assuming I need per user quotas, and I don't want to use LMTP, is there a good way around this without the security issue? ? Steve From compconsultant at yahoo.com Sun Oct 9 22:28:06 2011 From: compconsultant at yahoo.com (Steve Fatula) Date: Sun, 9 Oct 2011 12:28:06 -0700 (PDT) Subject: [Dovecot] Filesystem quotas Message-ID: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> I am wondering if I really need to use dovecot quota functions or not. Assume for the moment, that, each system user has a quota defined using Linux quotas, and that the Maildir is within their quota limited directory. So, any mail (or files created by the user etc) that would exceed the quota obviously can't be created.? In such an environment, is there any advantage to implementing the same quota already defined in the filesystem via dovecot? Or, can I just make things simpler and ignore dovecot quotas? Assuming I keep the index and control files out of the quota limited directories. I presume if exceeding filesystem quota, the mail will not be delivered of course. If using lmtp, I presume it stays in the queue to retry later for some period of time. ? Steve From ecasarero at gmail.com Sun Oct 9 22:37:33 2011 From: ecasarero at gmail.com (Eduardo Casarero) Date: Sun, 9 Oct 2011 16:37:33 -0300 Subject: [Dovecot] Filesystem quotas In-Reply-To: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> References: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> Message-ID: 2011/10/9 Steve Fatula > I am wondering if I really need to use dovecot quota functions or not. > Assume for the moment, that, each system user has a quota defined using > Linux quotas, and that the Maildir is within their quota limited directory. > So, any mail (or files created by the user etc) that would exceed the quota > obviously can't be created. > > In such an environment, is there any advantage to implementing the same > quota already defined in the filesystem via dovecot? Or, can I just make > things simpler and ignore dovecot quotas? Assuming I keep the index and > control files out of the quota limited directories. > > I presume if exceeding filesystem quota, the mail will not be delivered of > course. If using lmtp, I presume it stays in the queue to retry later for > some period of time. > > Steve > But if you dont use quotas how do you know if the user is out of space? Or does the user gets a notification that it's running out of space, before you start rejecting emails? Eduardo. From compconsultant at yahoo.com Mon Oct 10 01:44:34 2011 From: compconsultant at yahoo.com (Steve Fatula) Date: Sun, 9 Oct 2011 15:44:34 -0700 (PDT) Subject: [Dovecot] Filesystem quotas In-Reply-To: References: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> Message-ID: <1318200274.80363.YahooMailNeo@web39421.mail.mud.yahoo.com> >From:Eduardo Casarero >To:Steve Fatula >Cc:Dovecot List >Sent:Sunday, October 9, 2011 2:37 PM >Subject:Re: [Dovecot] Filesystem quotas > > >But if you dont use quotas how do you know if the user is out of space? Or does the user gets a notification that it's running out of space, before you start rejecting emails? How do I know, or, how does the user know? I couldn't care less, so, not an issue for me. The user gets notification when their used space is above a certain percent. These are system users, so, email is just one part of their quota space. They might have 1 email, and build a massive file, they'd still be out of space.? So, what do I get by using the Dovecot Quota/FS plugin? Is it just a matter of it counting used space? Something else? Better handling of out of space? From a.chapellon at horoa.net Mon Oct 10 02:18:13 2011 From: a.chapellon at horoa.net (Alexandre Chapellon) Date: Mon, 10 Oct 2011 01:18:13 +0200 Subject: [Dovecot] Filesystem quotas In-Reply-To: <1318200274.80363.YahooMailNeo@web39421.mail.mud.yahoo.com> References: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> <1318200274.80363.YahooMailNeo@web39421.mail.mud.yahoo.com> Message-ID: <4E922BB5.6070500@horoa.net> I think by using dovecot quota you can exclude some directories from the quota (e.g: spam or Trahs or whatever you like). More specificly it is better using dovecot quota as it will allow LDA to report quota exceeded in NDR . If using filesystem quota, I guess you'll send ugly messages reporting IO error or enability too write file, which is really not serious. regards. Le 10/10/2011 00:44, Steve Fatula a ?crit : >> From:Eduardo Casarero >> To:Steve Fatula >> Cc:Dovecot List >> Sent:Sunday, October 9, 2011 2:37 PM >> Subject:Re: [Dovecot] Filesystem quotas >> >> >> But if you dont use quotas how do you know if the user is out of space? Or does the user gets a notification that it's running out of space, before you start rejecting emails? > How do I know, or, how does the user know? I couldn't care less, so, not an issue for me. The user gets notification when their used space is above a certain percent. These are system users, so, email is just one part of their quota space. They might have 1 email, and build a massive file, they'd still be out of space. > > So, what do I get by using the Dovecot Quota/FS plugin? Is it just a matter of it counting used space? Something else? Better handling of out of space? -- Alexandre Chapellon Ing?nierie des syst?mes open sources et r?seaux. Follow me on twitter: @alxgomz From tss at iki.fi Mon Oct 10 02:34:04 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 10 Oct 2011 02:34:04 +0300 Subject: [Dovecot] Filesystem quotas In-Reply-To: <4E922BB5.6070500@horoa.net> References: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> <1318200274.80363.YahooMailNeo@web39421.mail.mud.yahoo.com> <4E922BB5.6070500@horoa.net> Message-ID: On 10.10.2011, at 2.18, Alexandre Chapellon wrote: > I think by using dovecot quota you can exclude some directories from the quota (e.g: spam or Trahs or whatever you like). No, it's filesystem quota so Dovecot can't override it. > More specificly it is better using dovecot quota as it will allow LDA to report quota exceeded in NDR . If using filesystem quota, I guess you'll send ugly messages reporting IO error or enability too write file, which is really not serious. The error message is only slightly different: "Not enough disk space" (instead of "Quota exceeded") >> So, what do I get by using the Dovecot Quota/FS plugin? Is it just a matter of it counting used space? Something else? Better handling of out of space? With imap_quota plugin it allows IMAP client to see how much quota is used/left. You could also enable quota warnings. And configure the quota exceeded error message. From dmiller at amfes.com Mon Oct 10 07:51:42 2011 From: dmiller at amfes.com (Daniel L. Miller) Date: Sun, 09 Oct 2011 21:51:42 -0700 Subject: [Dovecot] Group ACL In-Reply-To: <4E8FE8E2.4060400@amfes.com> References: <4E8DCB6D.5060404@amfes.com> <4E8FE8E2.4060400@amfes.com> Message-ID: On 10/7/2011 11:08 PM, Daniel L. Miller wrote: > On 10/6/2011 8:38 AM, Daniel L. Miller wrote: >> Using Dovecot 2.0, LDAP userdb & passdb, with prefetch: >> >> [..] >> >> I have added permissions for "$allshared" to a mailbox's Inbox. It >> does not appear in the shared folders list. Other mailboxes, with >> explicit permission for a given username, work fine. What am I doing >> wrong? >> > Am I, as usual, doing something wrong? > Is there anything else I should supply to help diagnose the issue? -- Daniel From jtam.home at gmail.com Mon Oct 10 11:40:21 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 10 Oct 2011 01:40:21 -0700 (PDT) Subject: [Dovecot] Filesystem quotas In-Reply-To: References: Message-ID: Timo Sirainen writes in response to Steve Fatula's query: > With imap_quota plugin it allows IMAP client to see how much quota is > used/left. You could also enable quota warnings. And configure the > quota exceeded error message. It could also prevent the catch-22 situation I wrote about earlier whereby a filesystem out-of-space condition will result in a user not being able get themselves out of that situation, since a mailbox operation (like a delete and expunge) will not be able to create a lockfile. Having quotas handled by the IMAP/LDA will allow extra room to handle this impasse. Disabling dotlock or using dotlock_try locking method are some other workarounds. Joseph Tam From danilo.abbasciano at gmail.com Mon Oct 10 11:59:23 2011 From: danilo.abbasciano at gmail.com (Danilo) Date: Mon, 10 Oct 2011 10:59:23 +0200 Subject: [Dovecot] Timeout leak in get quota In-Reply-To: <20111008160938.3dcd2aaa@jimbo> References: <4E846D31.6010900@gmail.com> <20111008160938.3dcd2aaa@jimbo> Message-ID: <4E92B3EB.9050408@gmail.com> On 08/10/2011 15:09, Nikita Koshikov wrote: > On Thu, 29 Sep 2011 15:05:53 +0200 > Danilo wrote: > >> Hello! >> I wrote perl script for read current quota usage, it works but when I run the >> program I receive a warning in Dovecot log: >> >> 2011-09-29 14:45:30 doveadm(guest at testmail.com): Warning: Timeout leak: >> 0x7f14800ad970 >> >> This is the script: >> =============================== >> #!/usr/bin/perl >> >> use strict; >> use Socket; >> use IO::Handle; >> >> socket(TSOCK, PF_UNIX, SOCK_STREAM,0); >> connect(TSOCK, sockaddr_un("/var/run/dovecot/doveadm-server")) or print("ERROR!"); >> >> print "VERSION\tdoveadm-server\t1\t0\n"; >> print "\tguest\@testmail.com\tquota get\n"; >> print "=" x 20 . "\n"; >> >> if (defined(my $messg = )) { >> >> print $messg; >> >> print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; >> TSOCK->flush; >> >> print TSOCK "\tguest\@testmail.com\tquota get\n"; >> TSOCK->flush; >> >> $messg = ; >> print $messg; >> >> $messg = ; >> print $messg; >> >> close TSOCK; >> } >> ============================= >> I hope someone could help me to fix the warning. >> Thanks in advance, >> Dany > > I'm using doveadm socket too for getting quota values. No warning. The main difference from yours script that I'm also using auth: > > print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; > print TSOCK "PLAIN\tbase64_encoded_pass_here\n"; > print TSOCK "\t$local_part\@$domain\tquota get\n"; > TSOCK->flush; > > Dovecot version 2.0.15 Thanks, I had update dovecot to 2.0.15 version, now works without warning. Dany From beber at meleeweb.net Mon Oct 10 15:10:13 2011 From: beber at meleeweb.net (Bertrand Jacquin) Date: Mon, 10 Oct 2011 14:10:13 +0200 Subject: [Dovecot] Convert-tool maildir > mbox Message-ID: Timo, Is seems that this commit broke convertion from Maildir to Mbox using dovecot 1.2 convert-tool binary : 2009-07-09 Timo Sirainen * src/plugins/convert/convert-storage.c: convert plugin: Fixed changing hierarchy separators in mailbox names when alt_hierarchy_char isn't set. [a9f719f9a509] Since, I get the following : $ convert-tool user1 /var/mail/example.com/user1 Maildir:/var/mail/example.com/user1 mbox:/var/mail/example.com/user1-mbox alt_hierarchy_char=_ Error: Mailbox conversion: Couldn't create mailbox Sent/test: Mailbox doesn't allow inferior mailboxes Error: Internal failure Strace give show me a failure after : access("/var/mail/example.com/user1/.Sent.test/cur", W_OK) = 0 stat("/var/mail/example.com/user1-mbox/Sent/test", 0x7fff843e73b0) = -1 ENOTDIR (Not a directory) write(2, "Error: Mailbox conversion: Couldn"..., 103Error: Mailbox conversion: Couldn't create mailbox Sent/test: Mailbox doesn't allow inferior mailboxes ) = 103 lstat("/var/mail/example.com/user1/.dovecot.convert.lock", {st_mode=S_IFREG|0644, st_size=12, ...}) = 0 unlink("/var/mail/example.com/user1/.dovecot.convert.lock") = 0 Is that somethinh known ? Didn't find anything interesting in archives. Maybe that kind of conversion have evolved since 2.0 ? Thanks, Beber From compconsultant at yahoo.com Mon Oct 10 19:49:16 2011 From: compconsultant at yahoo.com (Steve Fatula) Date: Mon, 10 Oct 2011 09:49:16 -0700 (PDT) Subject: [Dovecot] Filesystem quotas In-Reply-To: References: Message-ID: <1318265356.66400.YahooMailNeo@web39407.mail.mud.yahoo.com> From: Joseph Tam >To: dovecot at dovecot.org >Sent: Monday, October 10, 2011 3:40 AM >Subject: Re: [Dovecot] Filesystem quotas > >Timo Sirainen writes in response to Steve Fatula's query: > >> With imap_quota plugin it allows IMAP client to see how much quota is >> used/left.? You could also enable quota warnings.? And configure the >> quota exceeded error message. > >It could also prevent the catch-22 situation I wrote about earlier whereby >a filesystem out-of-space condition will result in a user not being >able get themselves out of that situation, since a mailbox operation >(like a delete and expunge) will not be able to create a lockfile. > >Having quotas handled by the IMAP/LDA will allow extra room to handle >this impasse.? Disabling dotlock or using dotlock_try locking method >are some other workarounds. > > >Don't forget these are SYSTEM users, they can get in and delete things should they need to, and can easily consume all available space completely outside of email. We already send email outside of dovecot when they approach their limit, with our custom message. It sounds like there really isn't any benefit to using the dovecot fs quota plugin in our situation. Thanks for the ideas.? From ebroch at whitehorsetc.com Mon Oct 10 22:04:44 2011 From: ebroch at whitehorsetc.com (Eric Broch) Date: Mon, 10 Oct 2011 13:04:44 -0600 Subject: [Dovecot] inbox issue Message-ID: <4E9341CC.60105@whitehorsetc.com> I have dovecot 2.0.11 installed on a CentOS 5.7 email server. Two of the server email clients, one using Outlook and the other Thunderbird, have had all the contents of their inbox disappear only to reappear at a later time. One client's inbox email reappeared upon receiving a test email (to check if it would show up in the inbox) from another user. Has anyone heard of such a thing? Here's a dump of my dovecot configuration. # 2.0.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-238.19.1.el5 i686 CentOS release 5.7 (Final) auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 32 M auth_cache_ttl = 1 hours auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_first_valid_uid = 500 auth_gssapi_hostname = auth_krb5_keytab = auth_last_valid_uid = 0 auth_master_user_separator = auth_mechanisms = plain login digest-md5 cram-md5 auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Lu auth_username_translation = auth_verbose = no auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot config_cache_size = 1 M debug_log_path = default_client_limit = 1000 default_idle_kill = 60 default_internal_user = dovecot default_login_user = dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins disable_plaintext_auth = no dotlock_use_excl = yes doveadm_socket_path = doveadm-server doveadm_worker_count = 0 first_valid_gid = 1 first_valid_uid = 89 hostname = imap_capability = imap_client_workarounds = imap_id_log = imap_id_send = imap_idle_notify_interval = 2 mins imap_logout_format = bytes=%i/%o imap_max_line_length = 64 k import_environment = TZ info_log_path = last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/libexec/dovecot listen = *, :: lmtp_proxy = no lmtp_save_to_detail_mailbox = no lock_method = fcntl log_path = /var/log/dovecot.log log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Dovecot toaster ready. login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c login_trusted_networks = mail_access_groups = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = no mail_fsync = optimized mail_full_filesystem_access = no mail_gid = mail_home = mail_location = mail_log_prefix = "%s(%u): " mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /usr/lib/dovecot mail_plugins = mail_privileged_group = mail_save_crlf = no mail_temp_dir = /tmp mail_uid = mailbox_idle_check_interval = 30 secs mailbox_list_index_disable = no maildir_copy_with_hardlinks = yes maildir_stat_dirs = no maildir_very_dirty_syncs = no master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = dotlock fcntl mdbox_preallocate_space = no mdbox_rotate_interval = 0 mdbox_rotate_size = 2 M mmap_disable = no namespace { hidden = no inbox = yes list = yes location = prefix = INBOX. separator = . subscriptions = yes type = private } namespace { hidden = no inbox = no list = yes location = maildir:/home/vpopmail/domains/acemt.com/shared/projects prefix = projects. separator = . subscriptions = yes type = public } passdb { args = cache_key=%u webmail=127.0.0.1 deny = no driver = vpopmail master = no pass = no } plugin/quota = maildir pop3_client_workarounds = pop3_enable_last = no pop3_fast_size_lookups = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_no_flag_updates = no pop3_reuse_xuidl = no pop3_save_uidl = no pop3_uidl_format = %08Xu%08Xv postmaster_address = protocols = imap quota_full_tempfail = no recipient_delimiter = + rejection_reason = Your message to <%t> was automatically rejected:%n%r rejection_subject = Rejected: %s sendmail_path = /usr/sbin/sendmail service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service auth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = auth -w extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 4096 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener auth-client { group = mode = 0600 user = } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0600 user = } unix_listener login/login { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service config { chroot = client_limit = 0 drop_priv_before_exec = no executable = config extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = config unix_listener config { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service dict { chroot = client_limit = 1 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service director { chroot = client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dns_client { chroot = client_limit = 1 drop_priv_before_exec = no executable = dns-client extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dns-client { group = mode = 0666 user = } unix_listener login/dns-client { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service doveadm { chroot = client_limit = 1 drop_priv_before_exec = no executable = doveadm-server extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener doveadm-server { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service imap-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = imap-login extra_groups = group = idle_kill = 0 inet_listener imap { address = port = 143 ssl = no } inet_listener imaps { address = port = 993 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 1 type = login user = $default_login_user vsz_limit = 64 M } service imap { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener login/imap { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service lmtp { chroot = client_limit = 0 drop_priv_before_exec = no executable = lmtp extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = unix_listener lmtp { group = mode = 0666 user = } user = vsz_limit = 0 } service log { chroot = client_limit = 0 drop_priv_before_exec = no executable = log extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = log user = vsz_limit = 18446744073709551615 B } service pop3-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = port = 110 ssl = no } inet_listener pop3s { address = port = 995 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = pop3 service_count = 1 type = login user = $default_login_user vsz_limit = 64 M } service pop3 { chroot = client_limit = 1 drop_priv_before_exec = no executable = pop3 extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = pop3 service_count = 1 type = unix_listener login/pop3 { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service ssl-params { chroot = client_limit = 0 drop_priv_before_exec = no executable = ssl-params extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = startup unix_listener login/ssl-params { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = yes ssl_ca = ssl_cert = References: <4E9341CC.60105@whitehorsetc.com> Message-ID: <20111010141431.Horde.Wu90OqPBW7JOk0QXKmBF-BA@beta.vfemail.net> Quoting Eric Broch : > I have dovecot 2.0.11 installed on a CentOS 5.7 email server. Two of the > server email clients, one using Outlook and the other Thunderbird, have > had all the contents of their inbox disappear only to reappear at a > later time. One client's inbox email reappeared upon receiving a test > email (to check if it would show up in the inbox) from another user. Has > anyone heard of such a thing? After a recent upgrade - I've had an issue with an older version of Horde not displaying the INBOX. I've gotten it to restore by removing custom Sorting options. I upgraded Dovecot, the backend server, and PHP all relatively recently, but having only seen it with my older Horde install I figured it was a PHP issue. Just for giggles you could ask those users to use a different Sort method.. Rick From tompru at jla.rutgers.edu Mon Oct 10 22:27:30 2011 From: tompru at jla.rutgers.edu (Tom Pawlowski) Date: Mon, 10 Oct 2011 15:27:30 -0400 Subject: [Dovecot] inbox issue In-Reply-To: <4E9341CC.60105@whitehorsetc.com> References: <4E9341CC.60105@whitehorsetc.com> Message-ID: <20111010192729.GF6257@hawkeye.rutgers.edu> What you're describing has been a symptom of a corrupted index/uidlist our experience. Now *what's* corrupting it, depends on your setup. Just to clarify, you're using a single dovecot IMAP/POP3 mail server and not multiple servers, correct? And equally important, are you using a NFS backend for the Maildirs? If so, read these: http://wiki.dovecot.org/NFS http://dovecot.org/list/dovecot/2010-May/049031.html And look into this: http://wiki2.dovecot.org/Director If not, check the log files, are you getting corrupted index errors for the users in question? Check their quotas, are they all under? If they're at quota, then dovecot can't update the index or uidlist for that user. One solution: http://www.mailinglistarchive.com/html/dovecot at dovecot.org/2010-08/msg01028.html That's what first comes to mind for me. * Eric Broch [2011-10-10 13:04:44 -0600]: > I have dovecot 2.0.11 installed on a CentOS 5.7 email server. Two of the > server email clients, one using Outlook and the other Thunderbird, have > had all the contents of their inbox disappear only to reappear at a > later time. One client's inbox email reappeared upon receiving a test > email (to check if it would show up in the inbox) from another user. Has > anyone heard of such a thing? > > Here's a dump of my dovecot configuration. > -- Tom Pawlowski OIT-CSS System Administrator office: Hill 147 email: tompru at jla.rutgers.edu phone: (732) 445-2634 From compconsultant at yahoo.com Mon Oct 10 23:53:23 2011 From: compconsultant at yahoo.com (Steve Fatula) Date: Mon, 10 Oct 2011 13:53:23 -0700 (PDT) Subject: [Dovecot] 2.1 Plans Message-ID: <1318280003.91961.YahooMailNeo@web39424.mail.mud.yahoo.com> Back in early 2010, Timo posted about a potential 2.1 feature to in essence reduce the number of imap/pop3 processes using various techniques since the code already supports multiple connections. It even went as far as moving all idle connections.? I don't see this on the 2.1 roadmap. Is it still planned perhaps for 2.1? Thousands of imap processes going away is a great thing for me! So, just curious. Reference:?http://dovecot.org/list/dovecot/2010-January/046148.html ? Steve From jake0534 at airpost.net Tue Oct 11 01:17:17 2011 From: jake0534 at airpost.net (jake0534 at airpost.net) Date: Mon, 10 Oct 2011 15:17:17 -0700 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? Message-ID: <1318285037.2740.140258153259705@webmail.messagingengine.com> Hey all I've been running a Dovecot 1X server for awhile. Most of the config was pretty simple using flat files. I'm switching to Dovecot 2X now, and want to switch to using SQL for lookups so I can share info with the Postfix front end. For starters I setup two SIMPLE SQL tables -- a 'users' table and a 'aliases' table, where each user can have many aliases. I want to have Postfix check Dovecot's SASL/LMTP passdb to see if a @ exists. If yes, deliver through LMTP. If NO, reject it. Here are the table definitions so far, CREATE TABLE user ( userid TINYINT, user VARCHAR(64), domain VARCHAR(128), password VARCHAR(64), PRIMARY KEY (userid), UNIQUE (user,domain) ); CREATE TABLE alias ( aliasid TINYINT, alias VARCHAR(64), user VARCHAR(64), domain VARCHAR(128), PRIMARY KEY (aliasid), UNIQUE (domain,user,alias), CONSTRAINT fk_alias1 FOREIGN KEY (user) REFERENCES user (user) ON DELETE NO ACTION ON UPDATE NO ACTION, CONSTRAINT fk_alias2 FOREIGN KEY (domain) REFERENCES user (domain) ON DELETE NO ACTION ON UPDATE NO ACTION ); With flat file and just one table, 'users', I get how to setup LMTP. I can get Postfix delivering/rejecting over LMTP depending on if the user exists in the Dovecot passdb or not. I don't get how to do the SQL query in Dovecot if I have the TWO tables. An inbound @ needs to be auth'd as valid if it exists in EITHER 'user' OR 'alias' table. Do I need to use a single lookup for passdb with some sort of "IF EXISTS IN TABLE 'user' OR TABLE 'alias'" query? Or do I need to have TWO lookups, the main one for 'user' and a fallback one for 'alias' (like talked about here http://wiki2.dovecot.org/Authentication/MultipleDatabases)? Cheers! Jake From patrickdk at patrickdk.com Tue Oct 11 02:46:41 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Mon, 10 Oct 2011 19:46:41 -0400 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <1318285037.2740.140258153259705@webmail.messagingengine.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com> Message-ID: <20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com> I always keep it seperate, the user table is used by dovecot only, and the alias table is used by postfix. And then for users, you just alias them to themselfs. Then everything exists in the alias table, and postfix knows all valid users, cause they all exist in the alias table. I just think of it as, user accounts, and email addresses that map to the user accounts. Quoting jake0534 at airpost.net: > Hey all > > I've been running a Dovecot 1X server for awhile. Most of the config > was pretty simple using flat files. > > I'm switching to Dovecot 2X now, and want to switch to using SQL for > lookups so I can share info with the Postfix front end. > > For starters I setup two SIMPLE SQL tables -- a 'users' table and a > 'aliases' table, where each user can have many aliases. > > I want to have Postfix check Dovecot's SASL/LMTP passdb to see if a > @ exists. If yes, deliver through LMTP. If NO, reject > it. > > Here are the table definitions so far, > > CREATE TABLE user ( > userid TINYINT, > user VARCHAR(64), > domain VARCHAR(128), > password VARCHAR(64), > PRIMARY KEY (userid), > UNIQUE (user,domain) > ); > > CREATE TABLE alias ( > aliasid TINYINT, > alias VARCHAR(64), > user VARCHAR(64), > domain VARCHAR(128), > PRIMARY KEY (aliasid), > UNIQUE (domain,user,alias), > CONSTRAINT fk_alias1 FOREIGN KEY (user) REFERENCES user (user) ON > DELETE NO ACTION ON UPDATE NO ACTION, > CONSTRAINT fk_alias2 FOREIGN KEY (domain) REFERENCES user (domain) ON > DELETE NO ACTION ON UPDATE NO ACTION > ); > > With flat file and just one table, 'users', I get how to setup LMTP. I > can get Postfix delivering/rejecting over LMTP depending on if the user > exists in the Dovecot passdb or not. > > I don't get how to do the SQL query in Dovecot if I have the TWO tables. > An inbound @ needs to be auth'd as valid if it exists in > EITHER 'user' OR 'alias' table. > > Do I need to use a single lookup for passdb with some sort of "IF EXISTS > IN TABLE 'user' OR TABLE 'alias'" query? > > Or do I need to have TWO lookups, the main one for 'user' and a fallback > one for 'alias' (like talked about here > http://wiki2.dovecot.org/Authentication/MultipleDatabases)? > > Cheers! > > Jake From jake0534 at airpost.net Tue Oct 11 04:52:50 2011 From: jake0534 at airpost.net (jake0534 at airpost.net) Date: Mon, 10 Oct 2011 18:52:50 -0700 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com> <20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com> Message-ID: <1318297970.25687.140258153322933@webmail.messagingengine.com> Hey, On Monday, October 10, 2011 7:46 PM, "Patrick Domack" wrote: > I always keep it seperate, the user table is used by dovecot only, and > the alias table is used by postfix. > > And then for users, you just alias them to themselfs. Then everything > exists in the alias table, and postfix knows all valid users, cause > they all exist in the alias table. > > I just think of it as, user accounts, and email addresses that map to > the user accounts. So you're not using LMTP authentication to verify that Postfix is trying to deliver to a valid user? I though that's what it was for. In your setup, 'who' does Postfix try to deliver to, then? The 'real' user, after figuring out and remapping any aliases to it? Or to the alias, and then Dovecot does the remapping? Jake From patrickdk at patrickdk.com Tue Oct 11 15:37:26 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Tue, 11 Oct 2011 08:37:26 -0400 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <1318297970.25687.140258153322933@webmail.messagingengine.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com> <20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com> <1318297970.25687.140258153322933@webmail.messagingengine.com> Message-ID: <20111011083726.Horde.VQlFZpLnE6FOlDiGg1eR6hA@kishi.patrickdk.com> postfix delivers to the user, and I don't do lmtp authentication, I just submit the email from postfix to lmtp. I'm not even sure how you can use lmtp authentication to verify a delivery address, normally when postfix uses lmtp the email was accepted, and therefor would generate a bounce. I can't find anything that wouldn't bounce using lmtp, in postfix or dovecot documentation. Quoting jake0534 at airpost.net: > Hey, > > On Monday, October 10, 2011 7:46 PM, "Patrick Domack" > wrote: >> I always keep it seperate, the user table is used by dovecot only, and >> the alias table is used by postfix. >> >> And then for users, you just alias them to themselfs. Then everything >> exists in the alias table, and postfix knows all valid users, cause >> they all exist in the alias table. >> >> I just think of it as, user accounts, and email addresses that map to >> the user accounts. > > So you're not using LMTP authentication to verify that Postfix is trying > to deliver to a valid user? I though that's what it was for. > > In your setup, 'who' does Postfix try to deliver to, then? The 'real' > user, after figuring out and remapping any aliases to it? Or to the > alias, and then Dovecot does the remapping? > > Jake From jake0534 at airpost.net Tue Oct 11 18:57:49 2011 From: jake0534 at airpost.net (jake0534 at airpost.net) Date: Tue, 11 Oct 2011 08:57:49 -0700 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <20111011083726.Horde.VQlFZpLnE6FOlDiGg1eR6hA@kishi.patrickdk.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com><20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com><1318297970.25687.140258153322933@webmail.messagingengine.com> <20111011083726.Horde.VQlFZpLnE6FOlDiGg1eR6hA@kishi.patrickdk.com> Message-ID: <1318348669.14547.140258153570049@webmail.messagingengine.com> On Tuesday, October 11, 2011 8:37 AM, "Patrick Domack" wrote: > postfix delivers to the user, and I don't do lmtp authentication, I > just submit the email from postfix to lmtp. Ok, then we have different approaches. So you are using *only* Postfix to check if a received user is valid, right? > I'm not even sure how you can use lmtp authentication to verify a > delivery address, normally when postfix uses lmtp the email was > accepted, and therefor would generate a bounce. > > I can't find anything that wouldn't bounce using lmtp, in postfix or > dovecot documentation. If you follow this, http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP it works OK. There is no bounce when Postfix submit mail to LMTP for delivery and the user is authenticated as valid. Jake From m.fresel at hi-competence.eu Tue Oct 11 20:02:16 2011 From: m.fresel at hi-competence.eu (Fresel Michal - hi competence e.U.) Date: Tue, 11 Oct 2011 19:02:16 +0200 Subject: [Dovecot] using ecc-certificates (ellyptic curve) will not establish connection In-Reply-To: <392E878E-4AF2-4E8F-8CF5-CAC5F1A5B4BF@hi-competence.eu> References: <392E878E-4AF2-4E8F-8CF5-CAC5F1A5B4BF@hi-competence.eu> Message-ID: <7C992DAE-0077-4AF2-A47A-BFD87DACC0E4@hi-competence.eu> hi building 2.0.15 (f6a2c0e8bc03) against the 10.0e ssl-libs _WORKS_ (on some parts ;) Note: be careful on the client-side as many clients won't understand these types of certificates check the version of openssl if you have problems ... a client on OS X 10.6 (OpenSSL 0.9.8r 8 Feb 2011) gives the folowing error # openssl s_client -host remoteserver -port 993 CONNECTED(00000003) 8346:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-35.1/src/ssl/s23_clnt.c:602: ==> /var/log/mail.log <== dovecot: imap-login: Disconnected (no auth attempts): rip=xxxx, lip=xxxx, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher well - THIS would work (for debuging :) # openssl s_client -host remoteserver -port 993 -cipher ECCdraft Greetings Mike Am 09.10.2011 um 16:21 schrieb Fresel Michal - hi competence e.U.: > hi > > I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :( > > I tried to test using following scenario: > > > machine: > debian 6 (x64) > dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian > openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing) > > > > creating keys+cert for ecc (i.e. curves prime192v1, secp521r1) > # openssl ecparam -name prime192v1 -genkey -out prime192v1.key > # openssl req -new -key prime192v1.key -out prime192v1.csr > # openssl req -x509 -in prime192v1.csr -key prime192v1.key -out prime192v1.crt > > testing these in 2 windows > # openssl s_server -cert prime192v1.crt -key prime192v1.key -www > # openssl s_client > note: when using the default openssl version 0.9.8o-4squeeze3 you need to append -cipher ECCdraft > > > output (cut) > ... > New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES256-SHA > Server public key is 192 bit > Secure Renegotiation IS supported > Compression: zlib compression > Expansion: zlib compression > SSL-Session: > Protocol : SSLv3 > Cipher : ECDHE-ECDSA-AES256-SHA > Session-ID: xxxxx > Session-ID-ctx: > Master-Key: xxxxx > Key-Arg : None > PSK identity: None > PSK identity hint: None > Compression: 1 (zlib compression) > Start Time: xxxxx > Timeout : 7200 (sec) > Verify return code: 18 (self signed certificate) > > > looks promising - also for the secp521r1 curve > > > but when changing dovecot.conf to use these keys and certificates it won't use them and return errors > > # openssl s_client -port 993 > CONNECTED(00000003) > 140543456835240:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1195:SSL alert number 40 > 140543456835240:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:591: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 7 bytes and written 0 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : SSLv3 > Cipher : 0000 > Session-ID: > Session-ID-ctx: > Master-Key: > Key-Arg : None > PSK identity: None > PSK identity hint: None > Start Time: xxxxx > Timeout : 7200 (sec) > Verify return code: 0 (ok) > --- > > and the log gives (using verbose_ssl = yes in dovecot.conf) > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > > from doveconf -a: > ssl = required > ssl_ca = > ssl_cert = ssl_cert_username_field = commonName > ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL > ssl_key = ssl_key_password = > ssl_parameters_regenerate = 168 > ssl_verify_client_cert = no > > > Has anybody already tested this and made it working? > Or do i have just to recompile everything to make it work? > > > Greetings > > Mike From mephistopheles at operamail.com Wed Oct 12 05:43:42 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Tue, 11 Oct 2011 19:43:42 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? Message-ID: <1318387422.21937.140258153786649@webmail.messagingengine.com> I have Dovecot2 auth setup to run as user = doveauth group = dovecot configured in, vi conf.d/10-master.conf ... service auth { unix_listener /var/spool/postfix/private/auth { user = postfix group = postfix mode = 0660 } user = doveauth group = dovecot } service auth-worker { user = doveauth group = dovecot } ... When I start Dovecot, ls -al /var/run/dovecot/auth-* /bin/ls: No match. service dovecot-custom start Starting Dovecot ... done Dovect's auth-process sockets are created with different ownership than what I specified, ls -al /var/run/dovecot/auth-* srw------- 1 root root 0 Oct 11 19:30 /var/run/dovecot/auth-client srw------- 1 dovecot root 0 Oct 11 19:30 /var/run/dovecot/auth-login srw------- 1 root root 0 Oct 11 19:30 /var/run/dovecot/auth-master srw------- 1 root root 0 Oct 11 19:30 /var/run/dovecot/auth-userdb srw------- 1 dovecot root 0 Oct 11 19:30 /var/run/dovecot/auth-worker Which causes problems when I test AUTH, telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. a login "xxx at domain.loc" "testpass" a NO [UNAVAILABLE] Temporary authentication failure. * OK Waiting for authentication process to respond.. In logs, ==> /var/log/dovecot/dovecot-debug.log <== Oct 11 19:32:11 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/modules/auth Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libauthdb_ldap.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_mysql.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_pgsql.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_sqlite.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libmech_gssapi.so Oct 11 19:32:11 auth: Debug: auth client connected (pid=2397) Oct 11 19:32:17 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=127.0.0.1 rip=127.0.0.1lport=143 rport=47016 resp= ==> /var/log/dovecot/dovecot.log <== Oct 11 19:32:17 auth: Fatal: net_connect_unix(auth-worker) in directory /var/run/dovecot failed: Permission denied (euid=1101(doveauth) egid=305(dovecot) missing +r perm: /var/run/dovecot/auth-worker, dir owned by 305:305 mode=0755) What needs to change to get those sockets created with correct/assigned ownership & perms? From henson at acm.org Wed Oct 12 05:53:33 2011 From: henson at acm.org (Paul B. Henson) Date: Tue, 11 Oct 2011 19:53:33 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <1318387422.21937.140258153786649@webmail.messagingengine.com> References: <1318387422.21937.140258153786649@webmail.messagingengine.com> Message-ID: <20111012025332.GR8748@bender.csupomona.edu> On Tue, Oct 11, 2011 at 07:43:42PM -0700, mephistopheles at operamail.com wrote: > service auth-worker { > user = doveauth > group = dovecot > } You need an extra piece here: service auth-worker { user = $default_internal_user unix_listener auth-worker { user = postfix } } It was *not* easy to figure that out; none of the postfix/dovecot how-to's have been updated for dovecot 2. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768 From patrickdk at patrickdk.com Wed Oct 12 06:05:23 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Tue, 11 Oct 2011 23:05:23 -0400 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <1318348669.14547.140258153570049@webmail.messagingengine.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com><20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com><1318297970.25687.140258153322933@webmail.messagingengine.com> <20111011083726.Horde.VQlFZpLnE6FOlDiGg1eR6hA@kishi.patrickdk.com> <1318348669.14547.140258153570049@webmail.messagingengine.com> Message-ID: <20111011230523.Horde.EA9lSZLnE6FOlQPzJfXzWgA@kishi.patrickdk.com> I'm totally confused by your authenticated as valid part, lmtp doesn't authenticate anything. How do you let postfix know about valid recipients, I don't really care about authenticated ones, just valid ones, and if you do that at lmtp time, postfix has already received the email, and therefor it would bounce if lmtp says it's not a valid recipient. Quoting jake0534 at airpost.net: > On Tuesday, October 11, 2011 8:37 AM, "Patrick Domack" > wrote: >> postfix delivers to the user, and I don't do lmtp authentication, I >> just submit the email from postfix to lmtp. > > Ok, then we have different approaches. > > So you are using *only* Postfix to check if a received user is valid, > right? > >> I'm not even sure how you can use lmtp authentication to verify a >> delivery address, normally when postfix uses lmtp the email was >> accepted, and therefor would generate a bounce. >> >> I can't find anything that wouldn't bounce using lmtp, in postfix or >> dovecot documentation. > > If you follow this, > > http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP > > it works OK. There is no bounce when Postfix submit mail to LMTP for > delivery and the user is authenticated as valid. > > Jake From mephistopheles at operamail.com Wed Oct 12 06:20:13 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Tue, 11 Oct 2011 20:20:13 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <20111012025332.GR8748@bender.csupomona.edu> References: <1318387422.21937.140258153786649@webmail.messagingengine.com> <20111012025332.GR8748@bender.csupomona.edu> Message-ID: <1318389613.30386.140258153796681@webmail.messagingengine.com> On Tuesday, October 11, 2011 7:53 PM, "Paul B. Henson" wrote: > You need an extra piece here: > > service auth-worker { > user = $default_internal_user > > unix_listener auth-worker { > user = postfix > } > } Maybe being too literal, or misunderstanding your 'extra', I changed to, ... service auth-worker { # user = doveauth # group = dovecot user = $default_internal_user unix_listener auth-worker { user = postfix } } ... At telnet 127.0.0.1 143 etc I get the same FAIL as above. But, if first I chown doveauth:dovecot /var/run/dovecot/auth-worker then telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a login "xxx at domain.loc" "testpass" a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA ACL RIGHTS=texk] Logged in ... succeeds. From mephistopheles at operamail.com Wed Oct 12 06:38:22 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Tue, 11 Oct 2011 20:38:22 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <20111012025332.GR8748@bender.csupomona.edu> References: <1318387422.21937.140258153786649@webmail.messagingengine.com> <20111012025332.GR8748@bender.csupomona.edu> Message-ID: <1318390702.2165.140258153801701@webmail.messagingengine.com> > It was *not* easy to figure that out; none of the postfix/dovecot > how-to's have been updated for dovecot 2. Fwiw, this looks useful Authentication process user http://wiki2.dovecot.org/UserIds Trying to get those $default_... redefined. No luck yet. From henson at acm.org Wed Oct 12 06:47:59 2011 From: henson at acm.org (Paul B. Henson) Date: Tue, 11 Oct 2011 20:47:59 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <1318389613.30386.140258153796681@webmail.messagingengine.com> References: <1318387422.21937.140258153786649@webmail.messagingengine.com> <20111012025332.GR8748@bender.csupomona.edu> <1318389613.30386.140258153796681@webmail.messagingengine.com> Message-ID: <20111012034759.GV8748@bender.csupomona.edu> On Tue, Oct 11, 2011 at 08:20:13PM -0700, mephistopheles at operamail.com wrote: > Maybe being too literal, or misunderstanding your 'extra', I changed to, Hmm, I just cut-and-pasted my config :), the missing piece was the unix_listener subconfig user, the user/group part in the service config didn't need to match mine exactly, although I think $default_internal_user is dovecot anyway. > chown doveauth:dovecot /var/run/dovecot/auth-worker Hmm, perhaps I misunderstood you? I thought you were trying to get SASL auth working with postfix? But you're demonstrating an imap connection. Ah, yes, I see in your original email you showed an imap connection too. I just saw the /var/spool/postfix/private/auth and user/group postfix parts of the config and made an assumption. My config was for using Dovecot *just* to provide SASL authentication services to postfix for smtp auth, I'm not using any of its other features/services. Sorry for any confusion. I'm curious though, why are you setting the auth stuff up to be owned by postfix if you'd trying to authenticate dovecot imap processes? It seems you're mixing two different configs. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768 From mephistopheles at operamail.com Wed Oct 12 07:06:52 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Tue, 11 Oct 2011 21:06:52 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <20111012034759.GV8748@bender.csupomona.edu> References: <1318387422.21937.140258153786649@webmail.messagingengine.com><20111012025332.GR8748@bender.csupomona.edu><1318389613.30386.140258153796681@webmail.messagingengine.com> <20111012034759.GV8748@bender.csupomona.edu> Message-ID: <1318392412.30494.140258153805849@webmail.messagingengine.com> > Sorry for any confusion. np. issue solved. for my config, ... service auth-worker { user = doveauth unix_listener auth-worker { user = doveauth } } ... then service dovecot-custom restart ls -al /var/run/dovecot/auth-worker srw------- 1 doveauth root 0 Oct 11 20:56 /var/run/dovecot/auth-worker better. and, telnet 127.0.0.1 4143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. a login "xxx at domain.loc" "testpass" a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA ACL RIGHTS=texk] Logged in > I'm curious though, why are you setting the auth stuff up to be owned by > postfix if you'd trying to authenticate dovecot imap processes? It seems > you're mixing two different configs. I'm converting to SQL from flatfiles (http://wiki2.dovecot.org/HowTo/VirtualUserFlatFilesPostfix). Just haven't gotten to making all the changes yet. Single-stepping through testing, got to IMAP and found this issue. Thanks for the help! From simon.brereton at buongiorno.com Wed Oct 12 17:24:28 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 12 Oct 2011 10:24:28 -0400 Subject: [Dovecot] Auth Worker failures Message-ID: <069801cc88ea$a7c7dd80$f7579880$@brereton@buongiorno.com> Hi I have a script that checks the logs each day and mails me invalid user attempts and authentication failures for the previous day. (I use fail2ban to ban multiple attempts in a short space of time). For some reason, this appears every day: Oct 11 06:25:12 mail dovecot: auth-worker(default): sql(simon at mydomain.net,127.0.0.1): Password mismatch Oct 11 06:25:19 mail dovecot: auth-worker(default): sql(simon at mydomain.net,127.0.0.1): Password mismatch Oct 11 06:25:31 mail dovecot: auth-worker(default): sql(simon at mydomain.net,127.0.0.1): Password mismatch Oct 11 06:25:48 mail dovecot: auth-worker(default): sql(simon at mydomain.net,127.0.0.1): Password mismatch Oct 11 06:26:10 mail dovecot: imap-login: Aborted login (auth failed, 4 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Of all the accounts on the box, it's only mine that throws this up. Since its LIP is localhost, it could really only be for webmail - but I don't always leave the webmail open, so I'm curious to know how this gets there and what it is. Any suggestions? I find it difficult to believe I have an IMAP process in a script somewhere (especially with my user account - the postmaster account, I could believe, but not with my personal one).. The log time is UTC, so watching the process list at 2.24 is less than appealing! Simon From aperezaranda at yaco.es Thu Oct 13 11:31:29 2011 From: aperezaranda at yaco.es (Antonio Perez-Aranda) Date: Thu, 13 Oct 2011 10:31:29 +0200 Subject: [Dovecot] Rare error with concurrent users searching with fts-solr Message-ID: Hi all, If I start two o more connections with diferent users that make a search text to solr I get this message many times: Error: fts_solr: Query didn't return uid If I repeat the test about 2000 times, with only one user concurrent, with 60 diferent users, without concurrent, I get between 0. If I repeat the test about 2000 times, with 2 users concurrent, I get between 3 or 10 errors. If I repeat the test about 2000 times, with 4 users concurrent, I get between 10-20 errors. After see this error, I set a tcpdump to try to watch the SOLR XML and GET, I can watch that Solr send a xml like this: with 200 as http status When the normal response is like this 0 1 uid,score uid asc BLABLABLA +user:"ANYUSER" +uidv:1208469916 +box:"ANYFOLDER" -ns:[* TO *] 1 At first, I think that the problems it's in Solr, but after get all GET from tcpdump, I make a python script with urllib2 and send it all to Solr with the same concurrency and I can't get any error or "empty response" Have someone made a intensive concurrency tests over Dovecot + Solr ? -- Antonio P?rez-Aranda Alcaide aperezaranda at yaco.es Yaco Sistemas S.L. http://www.yaco.es/ C/ Rioja 5, 41001 Sevilla Tel?fono +34 954 50 00 57 Fax ? ? ?+34 954 50 09 29 From nanovox at gmail.com Thu Oct 13 16:00:49 2011 From: nanovox at gmail.com (Steven Kiehl) Date: Thu, 13 Oct 2011 09:00:49 -0400 Subject: [Dovecot] Dovecot not processing through Sieve Message-ID: Hello everyone, I'm fairly new to Dovecot, but I've gotten the majority of things working except for Sieve. I'm running Dovecot 1.2.9 coupled with Postfix and SpamAssassin all with a virtual domains setup. I am receiving mail and it is being processed by all the plugins that operate through Postfix. The quota configured in Dovecot appears to be working because my mail client shows the configured quota. But the Sieve rules are not processing. I created a rule as follows to filter spam: require ["fileinto"]; # rule:[global-spam] if anyof (header :contains "Subject" "[SPAM]", header :contains "X-Spam-Flag" "YES") { fileinto "Junk"; } If I mail myself a message with [SPAM] in the title, it goes into my inbox regardless. I've run 'sieve-test' with the same email and it says it will file it into Junk. The Junk folder exists. I even tried adding :create and the "mailbox" plugin, but that didn't do anything either. Here is the relevant majority of my dovecot configuration: login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:/home/dovecot/mail/domains/%d/%n/Maildir mail_debug: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail tb-extra-mailbox-sep imap_client_workarounds(imap): outlook-idle delay-newmail tb-extra-mailbox-sep imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): namespace: type: private separator: / inbox: yes list: yes subscriptions: yes lda: *mail_plugins: quota sieve* quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: cram-md5 plain login passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen master: path: /var/run/dovecot/auth-master mode: 384 user: dovemail group: dovemail socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: convert_mail: maildir:/home/dovecot/mail/domains/%d/%u/Maildir * sieve: /etc/dovecot/sieve/domains/%d/%n.sieve* * sieve_global_dir: /etc/dovecot/sieve/global/* quota: maildir:User quota_rule: INBOX:storage=500M quota_rule2: INBOX.Trash:storage=100M The sieve plugin exists in /usr/lib/dovecot/modules/lda/lib90_sieve_plugin.so, so I would assume I'd have to use *mail_plugin: sieve* as my configuration setting. Like I said, I am receiving emails to my domains without any problem, but sieve rules are not being processed. I can see the rules set up by using the Roundcube plugin, and I can create and edit rules through Roundcube, but nothing different happens when I send myself an email. It all just delivers to the inbox. Thanks for your help, Steve K. From stephan at rename-it.nl Thu Oct 13 16:21:46 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 13 Oct 2011 15:21:46 +0200 Subject: [Dovecot] Dovecot not processing through Sieve In-Reply-To: References: Message-ID: <4E96E5EA.1000903@rename-it.nl> On 10/13/2011 3:00 PM, Steven Kiehl wrote: > I'm fairly new to Dovecot, but I've gotten the majority of things working > except for Sieve. I'm running Dovecot 1.2.9 coupled with Postfix and > SpamAssassin all with a virtual domains setup. I am receiving mail and it > is being processed by all the plugins that operate through Postfix. The > quota configured in Dovecot appears to be working because my mail client > shows the configured quota. But the Sieve rules are not processing. I > created a rule as follows to filter spam: [...] > Like I said, I am receiving emails to my domains without any problem, but > sieve rules are not being processed. I can see the rules set up by using > the Roundcube plugin, and I can create and edit rules through Roundcube, but > nothing different happens when I send myself an email. It all just delivers > to the inbox. Are you sure you are using the Dovecot LDA (deliver)? Did you follow these instructions in the wiki? http://wiki1.dovecot.org/LDA http://wiki1.dovecot.org/LDA/Postfix From the looks of things, your Postfix currently still does its own mail delivery instead of using the Dovecot LDA. You should see entries in your log relating to LDA/deliver and Sieve, especially since you enabled mail_debug. To test whether Sieve is configured correctly (and to see what the Dovecot LDA normally logs), you can also manually execute /usr/lib/dovecot/deliver and feed it a message. Regards, Stephan From stephan at rename-it.nl Thu Oct 13 16:32:38 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 13 Oct 2011 15:32:38 +0200 Subject: [Dovecot] Sieve and UserDB/SQL support In-Reply-To: <270879f071d71e54745e1373c34ad61a@benweblife.fr> References: <270879f071d71e54745e1373c34ad61a@benweblife.fr> Message-ID: <4E96E876.6090505@rename-it.nl> On 8/25/2011 10:01 AM, ben at benweblife.fr wrote: Better late than never :) > I would like to know if plugins of sieve support UserDB/SQL backend. > For example, for the vacation plugin, is it possible to retrieve a > field like "sieve_vacation_days", "sieve_vacation_reason", and so on.. > on user_query? Not really, especially not in the Sieve standard. There is a experimental plugin for something like that. It can use Dovecot dictionaries to retrieve external data. It is documented here: http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extdata Regards, Stephan. From stephan at rename-it.nl Thu Oct 13 18:07:47 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 13 Oct 2011 17:07:47 +0200 Subject: [Dovecot] Dovecot not processing through Sieve In-Reply-To: References: <4E96E5EA.1000903@rename-it.nl> Message-ID: <4E96FEC3.9090802@rename-it.nl> Please reply to the list as well. On 10/13/2011 3:28 PM, Steven Kiehl wrote: > > On Thu, Oct 13, 2011 at 9:21 AM, Stephan Bosch > wrote: > > Are you sure you are using the Dovecot LDA (deliver)? Did you > follow these instructions in the wiki? > > http://wiki1.dovecot.org/LDA > http://wiki1.dovecot.org/LDA/Postfix > > From the looks of things, your Postfix currently still does its > own mail delivery instead of using the Dovecot LDA. You should see > entries in your log relating to LDA/deliver and Sieve, especially > since you enabled mail_debug. To test whether Sieve is configured > correctly (and to see what the Dovecot LDA normally logs), you can > also manually execute /usr/lib/dovecot/deliver and feed it a message. > > I am using Dovecot deliver to perform mail delivery. I'm absolutely > certain of this because I get spam scores and it is SpamAssassin that > actually hands the mail over to deliver. Here is my postfix master.cf > entry for spamc/deliver: > > dovespam unix n n n - - pipe > flags=DRhu user=dovemail:dovemail argv=/usr/bin/spamc -f -e > /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -f ${sender} -d > ${user}@${nexthop} -n -m ${extension} Ok, then what do your logs say about delivery? Even when things are filed in INBOX, the logs should show that deliver and sieve are being executed and putting the mail there. http://wiki1.dovecot.org/Logging Regards, Stephan From james.page at ubuntu.com Thu Oct 13 18:13:17 2011 From: james.page at ubuntu.com (James Page) Date: Thu, 13 Oct 2011 16:13:17 +0100 Subject: [Dovecot] Restarting dovecot periodically fails with "Socket already exists: /var/run/dovecot/anvil" Message-ID: <4E97000D.7030908@ubuntu.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello restarting dovecot regularly fails with version 2.0.13 on Ubuntu 11.10 due to a running child process exiting after the main dovecot process. Oct 13 15:04:58 ubuntu dovecot: master: Error: service(anvil): Socket already exists: /var/run/dovecot/anvil Oct 13 15:04:58 ubuntu dovecot: master: Error: service(anvil): Socket already exists: /var/run/dovecot/anvil-auth-penalty Oct 13 15:04:58 ubuntu dovecot: master: Fatal: Failed to start listeners Oct 13 15:04:58 ubuntu kernel: [11132.825253] init: dovecot main process (8668) terminated with status 89 The dovecot/anvil process appears to be the cause of the problem (snapshot of running dovecot processes just after main dovecot process stops): root 8418 8080 0 15:02 pts/0 00:00:00 stop dovecot root 8419 1 0 15:02 ? 00:00:00 dovecot/anvil root 8422 8420 0 15:02 ? 00:00:00 grep dovecot This is an Ubuntu specific issue as we use upstart to manage dovecot which monitors the status of the main dovecot process; the Debian init script appears to make provision for this happening. I can work around this in the upstart configuration but it does look like a potential bug in the sub-process handling in dovecot. Any help much appreciated - please feel free to comment on https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/873390 as well. Regards - -- James Page Ubuntu Core Developer - ----------------------------------- dovecot -n # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 3.0.0-12-generic-pae i686 Ubuntu 11.10 mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 sieve ssl_cert = was automatically rejected:%n%r } -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJOlwAJAAoJEL/srsug59jD1e4QAIB0/OhBhgr7HYqJNh3d1f69 8vGl6LSb2jjJb6bI+GX8QRHDDHXs6g3RadpHTEnDngJPLRPJxnnmr/mqcG+sAeYa 92shRyWnZQFEHJkl9hE1t1OS7skpLezWgSl6nOtzkRxm3yB0+w81PyQZVH2QArKf dATww3t0hMd3ybPEJnZwSlIQ/82i79qd8RZd1orERdIKN1wIyhb2uOi1XXBvGHZo hZKhO1sv3vz1RLpJXeWIVUNK8RQHJcvAOdqvTeT7kzx1gdxy3ycr7WOTUFY3Nc83 SYFyV9/miSNc45n+eDnsoknwggn0JWMkMA1jzRQz9OGCWFkJVFIuOE9jwJcFP6HY +8OnWwgdu5qNQ6nrn4+M1dB1MrFV5aFQmSuXsuAFXkCYywajdVhNyTkC8wERUBf1 NMv4PQRP0tA/UOOy9qNnNf9y3kQ1ItJ5ZhBTOO5WctnowYHDTWtnoxD7m0aEM1rA NH1TFolUgeiT6B9xFcreq42qEVYItKV60o2gv8fMDXwtkSjfDfJ2/88/45dcTOuK t+qUZnpI+AgCak7AfYShj1SjYN80BbpPpQ0WtG6MObXBZZl84paNpAUibUfN0tPy cEscYqUhkkptbfenJe3ldz0S2AhlrDTFk3cWGKwwlKY+29vBsoZtbgIamgrOKLX9 AbdvqFx8gnYe5af1k3eL =6Mfk -----END PGP SIGNATURE----- From nanovox at gmail.com Thu Oct 13 18:39:23 2011 From: nanovox at gmail.com (Steven Kiehl) Date: Thu, 13 Oct 2011 11:39:23 -0400 Subject: [Dovecot] Dovecot not processing through Sieve In-Reply-To: <4E96FEC3.9090802@rename-it.nl> References: <4E96E5EA.1000903@rename-it.nl> <4E96FEC3.9090802@rename-it.nl> Message-ID: Problem solved. It appears that my configuration contained two plugin {} blocks. One in an include (which is what I was editing) and one in the main dovecot.conf. While neither plugin {} block contained anything that would override the other, it appears that deliver doesn't listen to the second block. when I run "dovecot -n" the settings from both blocks are consolidated and output, but as soon as I removed the duplicate block, deliver started processing Sieve rules as expected. It wasn't until I tried hand-delivering a message on the command line that the issue became obvious. I'm not sure if deliver is actually paying any attention to the include options, so I may consolidate my config and forget about multiple configuration files. Thanks for your help Stephan! - Steve K. On Thu, Oct 13, 2011 at 11:07 AM, Stephan Bosch wrote: > Please reply to the list as well. > > > On 10/13/2011 3:28 PM, Steven Kiehl wrote: > > > On Thu, Oct 13, 2011 at 9:21 AM, Stephan Bosch wrote: > >> Are you sure you are using the Dovecot LDA (deliver)? Did you follow these >> instructions in the wiki? >> >> http://wiki1.dovecot.org/LDA >> http://wiki1.dovecot.org/LDA/Postfix >> >> From the looks of things, your Postfix currently still does its own mail >> delivery instead of using the Dovecot LDA. You should see entries in your >> log relating to LDA/deliver and Sieve, especially since you enabled >> mail_debug. To test whether Sieve is configured correctly (and to see what >> the Dovecot LDA normally logs), you can also manually execute >> /usr/lib/dovecot/deliver and feed it a message. >> >> I am using Dovecot deliver to perform mail delivery. I'm absolutely > certain of this because I get spam scores and it is SpamAssassin that > actually hands the mail over to deliver. Here is my postfix master.cfentry for spamc/deliver: > > dovespam unix n n n - - pipe > flags=DRhu user=dovemail:dovemail argv=/usr/bin/spamc -f -e > /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -f ${sender} -d > ${user}@${nexthop} -n -m ${extension} > > > Ok, then what do your logs say about delivery? Even when things are filed > in INBOX, the logs should show that deliver and sieve are being executed and > putting the mail there. > > http://wiki1.dovecot.org/Logging > > Regards, > > Stephan > > From crrodriguez at opensuse.org Thu Oct 13 22:23:31 2011 From: crrodriguez at opensuse.org (=?iso-8859-1?q?Cristian_Rodr=EDguez?=) Date: Thu, 13 Oct 2011 16:23:31 -0300 Subject: [Dovecot] [PATCH] Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low Message-ID: # HG changeset patch # User Cristian Rodr?guez # Date 1318533592 10800 # Node ID c15d6befe20082009cb40926afa208ab4b684818 # Parent 962df5d9413a4a0fcc68aacc1df0dca7a44a0240 Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low. diff -r 962df5d9413a -r c15d6befe200 src/login-common/ssl-proxy-openssl.c --- a/src/login-common/ssl-proxy-openssl.c Wed Oct 12 17:16:10 2011 +0300 +++ b/src/login-common/ssl-proxy-openssl.c Thu Oct 13 16:19:52 2011 -0300 @@ -925,6 +925,9 @@ STACK_OF(X509_NAME) *xnames = NULL; SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); +#endif if (*set->ssl_ca != '\0') { /* set trusted CA certs */ store = SSL_CTX_get_cert_store(ssl_ctx); From Chris at VandenBerghe.org Fri Oct 14 09:42:27 2011 From: Chris at VandenBerghe.org (Chris Vanden Berghe) Date: Fri, 14 Oct 2011 14:42:27 +0800 Subject: [Dovecot] Issue after upgrading to Ubuntu Server 11.10 Message-ID: Hi all, After upgrading to Ubuntu Server 11.10 my mail setup stopped working. The error message I get is: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) Does anybody have an idea how to solve this? Thanks, Chris. --- # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 3.0.0-12-generic x86_64 Ubuntu 11.10 ext3 auth_verbose = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/var/vmail/%u mail_privileged_group = mail maildir_stat_dirs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { fts = squat fts_squat = partial=4 full=10 } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth-client { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0600 user = vmail } } service imap-login { inet_listener imap { address = localhost port = 143 } inet_listener imaps { address = * port = 993 } } ssl_cert = References: Message-ID: I added unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } to the configuration which seems to solve the issue. Is this the right solution? Regards, Chris. --- On Fri, Oct 14, 2011 at 2:42 PM, Chris Vanden Berghe wrote: > Hi all, > > After upgrading to Ubuntu Server 11.10 my mail setup stopped working. > The error message I get is: > > lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) > failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing > +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) > > Does anybody have an idea how to solve this? > > Thanks, > Chris. > > --- > # 2.0.13: /etc/dovecot/dovecot.conf > # OS: Linux 3.0.0-12-generic x86_64 Ubuntu 11.10 ext3 > auth_verbose = yes > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_location = maildir:/var/vmail/%u > mail_privileged_group = mail > maildir_stat_dirs = yes > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date > passdb { > ?args = /etc/dovecot/dovecot-sql.conf > ?driver = sql > } > plugin { > ?fts = squat > ?fts_squat = partial=4 full=10 > } > protocols = imap > service auth { > ?unix_listener /var/spool/postfix/private/auth-client { > ? ?group = postfix > ? ?mode = 0660 > ? ?user = postfix > ?} > ?unix_listener auth-master { > ? ?group = vmail > ? ?mode = 0600 > ? ?user = vmail > ?} > } > service imap-login { > ?inet_listener imap { > ? ?address = localhost > ? ?port = 143 > ?} > ?inet_listener imaps { > ? ?address = * > ? ?port = 993 > ?} > } > ssl_cert = ssl_key = userdb { > ?args = uid=5000 gid=5000 home=/var/vmail/%u > ?driver = static > } > protocol imap { > ?mail_max_userip_connections = 50 > ?mail_plugins = fts fts_squat > } > protocol lda { > ?mail_plugins = sieve > } > From maria_arrea at gmx.com Sun Oct 16 01:11:23 2011 From: maria_arrea at gmx.com (Maria Arrea) Date: Sun, 16 Oct 2011 00:11:23 +0200 Subject: [Dovecot] Question about ionice & dovecot-deliver Message-ID: <20111015221123.67190@gmx.com> Hello We are running dovecot 2.0.13 with mdbox on RHEL 5.7 x64, ext4 filesystem. Sometimes we have a big load increase because a mailing list server send 16.000 32k messages in less than 3 minutes. We want to "slow down" delivery, we prefer slow delivery instead of logging out webmail users. I have the following line en /etc/postfix/master.cf: flags=DRhu user=userid argv=/usr/libexec/dovecot/deliver -d ${user} And in /etc/postfix/main.cf mailbox_command = /usr/libexec/dovecot/deliver I would like to add ionice to the equation, prefixing /usr/bin/ionice -c2 -n6 before the deliver lines in postfix config. Is there any other way of slowing down delivery speed vs imap access? Regards Maria From patrickdk at patrickdk.com Sun Oct 16 02:46:21 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Sat, 15 Oct 2011 19:46:21 -0400 Subject: [Dovecot] Question about ionice & dovecot-deliver In-Reply-To: <20111015221123.67190@gmx.com> References: <20111015221123.67190@gmx.com> Message-ID: <20111015194621.Horde.aHNCVpLnE6FOmhtNpYsFooA@kishi.patrickdk.com> This sounds like a postfix issue more than dovecot. Its easy to make a slow deliever transport for postfix, many people do so when sending emails to hotmail/yahoo. Sounds like that solution would work for you, just applied to the dovecot transport instead. Quoting Maria Arrea : > Hello > > We are running dovecot 2.0.13 with mdbox on RHEL 5.7 x64, ext4 > filesystem. Sometimes we have a big load increase because a mailing > list server send 16.000 32k messages in less than 3 minutes. We want > to "slow down" delivery, we prefer slow delivery instead of logging > out webmail users. > > I have the following line en /etc/postfix/master.cf: > > flags=DRhu user=userid argv=/usr/libexec/dovecot/deliver -d ${user} > > And in /etc/postfix/main.cf > > mailbox_command = /usr/libexec/dovecot/deliver > > I would like to add ionice to the equation, prefixing > /usr/bin/ionice -c2 -n6 before the deliver lines in postfix config. > Is there any other way of slowing down delivery speed vs imap access? > > Regards > > Maria From stan at hardwarefreak.com Sun Oct 16 04:17:04 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Sat, 15 Oct 2011 20:17:04 -0500 Subject: [Dovecot] Question about ionice & dovecot-deliver In-Reply-To: <20111015221123.67190@gmx.com> References: <20111015221123.67190@gmx.com> Message-ID: <4E9A3090.80100@hardwarefreak.com> On 10/15/2011 5:11 PM, Maria Arrea wrote: <...> > Is there any other way of slowing down delivery speed vs imap access? The proper way to slow down inbound mail is with your MTA, not your LDA, and certainly not using kernel level tweaks to the IO subsystem. There are many ways to accomplish this with Postfix. Please post your question on the Postfix mailing list. Conversely, if you or your organization control that list server, simply tweak the mailing list manager software, or the MTA, lowering the delivery rate. -- Stan From lists at wilkesley.net Mon Oct 17 09:17:17 2011 From: lists at wilkesley.net (Ian Barton) Date: Mon, 17 Oct 2011 07:17:17 +0100 Subject: [Dovecot] Problems Configuring Pigeonhole/Seve Message-ID: <4E9BC86D.4080303@wilkesley.net> I am moving my email server from Ubuntu Lucid to Arch. The Arch server is running Dovecot V2.0.15. Email is working fine, but I can't get Pigeonhiole/sieve to work. My dovecot.conf is: protocols = imap sieve ssl = yes ssl_cert = References: <4E9BC86D.4080303@wilkesley.net> Message-ID: <4E9BCD19.5060002@rename-it.nl> On 10/17/2011 8:17 AM, Ian Barton wrote: > I am moving my email server from Ubuntu Lucid to Arch. The Arch server > is running Dovecot V2.0.15. Email is working fine, but I can't get > Pigeonhiole/sieve to work. [...] > I have created the sieve dir in the virtual users folder. However > sieve doesn't appear to be working. > I have tried logging in manually to see if sieve is running, 'Logging into Sieve' means that you are checking whether the ManageSieve protocol is active. Using this technique, you'll only be able to verify that it is possible to remotely upload Sieve scripts. This has nothing to do with whether Sieve scripts are being executed at delivery or not. Still, connecting to that protocol should work: > but get the following error: > ian:~/ $ gnutls-cli --starttls -p 143 mail2.wilkesley.net > [8:32:22] > Resolving 'mail2.wilkesley.net'... > Connecting to '127.0.0.1:143'... > - Simple Client Mode: > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE STARTTLS AUTH=PLAIN] Dovecot ready. > STARTTLS > STARTTLS BAD Error in IMAP command received by server. > According to the Dovecot wiki this should reply with the capabilities > of my server, Note the server sends and receives mail OK using starttls. > > So what am I doing wrong? I'm getting the feeling that the wiki is not clear enough on this point. You are connecting to IMAP (port 143), which makes no sense. You should connect to the port configured for the Sieve protocol, which is 4190 by default and 2000 for older setups. If your Sieve scripts are not being executed, you should check the following first: http://wiki2.dovecot.org/Pigeonhole/Sieve/Troubleshooting Regards, Stephan. From Yann.Dupont at univ-nantes.fr Mon Oct 17 10:19:32 2011 From: Yann.Dupont at univ-nantes.fr (Yann Dupont) Date: Mon, 17 Oct 2011 09:19:32 +0200 Subject: [Dovecot] Attachements with SIS : shauld all the same files share the same inode ? Message-ID: <4E9BD704.9080801@univ-nantes.fr> Hello. I configured SIS , and all seems to work well, but I noticed something strange : For exemple, this attachement : 6e/2d# ls -al 6e2df299* | sort -n 104 instance of -rw------- 104 vmail vmail 346584 16 oct. 17:47 6e2df299fa96daec9b4735d07c494046429be4d6-ffd0d1xxxx The files are hardlinked, so it seems ok, but I also see 9 others files in the same directory : -rw------- 1 vmail vmail 346584 16 oct. 17:47 6e2df299fa96daec9b4735d07c494046429be4d6-0519df2a94fc9a4e1f4100008a6b99b6 -rw------- 1 vmail vmail 346584 16 oct. 17:47 6e2df299fa96daec9b4735d07c494046429be4d6-1790b92994fc9a4e1a4100008a6b99b6 as you can see, same prefix, If I compare them with diff, they are all the same files. ls -i show that 104 have the same inode, as expected, and the 9 remaining files have different inodes. I expected all the files share the same inodes. Is there something wrong here ? My setup is debian squeeze + auto packages from http://xi.rename-it.nl/debian/ dovecot is 2:2.0.15-0~auto+21 thanks, -- Yann Dupont - Service IRTS, DSI Universit? de Nantes Tel : 02.53.48.49.20 - Mail/Jabber : Yann.Dupont at univ-nantes.fr From juancarlos.sanchez at upm.es Mon Oct 17 11:06:19 2011 From: juancarlos.sanchez at upm.es (Juan Carlos Sanchez) Date: Mon, 17 Oct 2011 10:06:19 +0200 Subject: [Dovecot] lmtp performance Message-ID: <4E9BE1FB.6040902@upm.es> Hello: In the process of migration from version 1.2 to 2.0 have tried to use lmtp instead of lda as delivery agent. But unfortunately througput we get is poor with lmtp compared to lda. In peak times with lda we are able to deliver over 1800 messages/minute (high I/O but not affecting service) but if we switch to lmtp cannot deliver more than 300 mess/minute (very low I/O). This is enough for normal work but low under heavy load (distribution lists messages sometimes stay queued for 4 hours before deliver). We have arround 50000 boxes and use postfix as MTA How to increase lmtp performance? dovecot config for lda and lmtp: protocol lda { auth_socket_path = /usr/local/var/run/dovecot/auth-master info_log_path = /var/log/mail/dovecot_deliver.log log_path = /var/log/mail/dovecot_deliver.log mail_plugins = quota sieve zlib postmaster_address = postmaster at upm.es sendmail_path = /usr/lib/sendmail } protocol lmtp { info_log_path = /var/log/mail/dovecot_deliver.log log_path = /var/log/mail/dovecot_deliver.log mail_plugins = quota sieve zlib postmaster_address = postmaster at upm.es sendmail_path = /usr/lib/sendmail } In postfix I have: mailbox_transport = lmtp:unix:private/dovecot-lmtp Thanks in advance. -- ------------------------------------------------------ Juan Carlos Sanchez Hernandez Universidad Politecnica de Madrid ------------------------------------------------------ From joseba.torre at ehu.es Mon Oct 17 13:12:58 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 17 Oct 2011 12:12:58 +0200 Subject: [Dovecot] mail_location in LDAP and variables Message-ID: <201110171212.58602.joseba.torre@ehu.es> Hi, Is it posible to use variables in mail_location when taken from ldap? How? I've tried mdbox:/buzones2/'%n'/mdbox mdbox:/buzones2/"%n"/mdbox mdbox:/buzones2/%n/mdbox but %n is never replaced by its value. Thanks! -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From philipp.haselwarter at gmx.de Mon Oct 17 13:43:41 2011 From: philipp.haselwarter at gmx.de (Philipp Haselwarter) Date: Mon, 17 Oct 2011 12:43:41 +0200 Subject: [Dovecot] =?utf-8?q?dovecot-antispam_=E2=80=93_Debian_package?= Message-ID: <878vojsxsy.fsf@nzebook.haselwarter.org> Dovecot2 has been around for a bit now but Eugene Paskevich's antispam plugin unfortunately still doesn't seem to have a tagged release. Has anyone by any chance rolled a .deb for the plugin that works on current Debian sid? -- Philipp Haselwarter From juancarlos.sanchez at upm.es Mon Oct 17 17:31:01 2011 From: juancarlos.sanchez at upm.es (Juan Carlos Sanchez) Date: Mon, 17 Oct 2011 16:31:01 +0200 Subject: [Dovecot] lmtp performance In-Reply-To: References: <4E9BE1FB.6040902@upm.es> Message-ID: <4E9C3C25.7070802@upm.es> A particular reply (not to the list) has told me to try: " Add to service lmtp: process_min_avail = 20 " And yes, it works (unless for me), so I want to share it with everybody. Have not exactly measured performance but this morning have seen over 1400 messages/minute with lmtp under heavy load. What the "process_min_avail = 20" in service lmtp (or anywhere else) exactly imply? cannot find a reference in wiki2 . I suppose it means than 20 lmtp processes are always open waiting for new connections and so reducing startup latency, isn't it? Thank you. > > On Mon, Oct 17, 2011 at 6:06 AM, Juan Carlos Sanchez > > wrote: > > Hello: > > In the process of migration from version 1.2 to 2.0 have tried to > use lmtp instead of lda as delivery agent. > > But unfortunately througput we get is poor with lmtp compared to lda. > In peak times with lda we are able to deliver over 1800 > messages/minute (high I/O but not affecting service) but if we > switch to lmtp cannot deliver more than 300 mess/minute (very low > I/O). > > This is enough for normal work but low under heavy load > (distribution lists messages sometimes stay queued for 4 hours > before deliver). > > We have arround 50000 boxes and use postfix as MTA > > How to increase lmtp performance? > > > dovecot config for lda and lmtp: > > protocol lda { > auth_socket_path = /usr/local/var/run/dovecot/auth-master > info_log_path = /var/log/mail/dovecot_deliver.log > log_path = /var/log/mail/dovecot_deliver.log > mail_plugins = quota sieve zlib > postmaster_address = postmaster at upm.es > sendmail_path = /usr/lib/sendmail > } > > protocol lmtp { > info_log_path = /var/log/mail/dovecot_deliver.log > log_path = /var/log/mail/dovecot_deliver.log > mail_plugins = quota sieve zlib > postmaster_address = postmaster at upm.es > sendmail_path = /usr/lib/sendmail > } > > In postfix I have: > > mailbox_transport = lmtp:unix:private/dovecot-lmtp > > > > Thanks in advance. > > -- > > ------------------------------------------------------ > Juan Carlos Sanchez Hernandez > Universidad Politecnica de Madrid > ------------------------------------------------------ > > > -- ------------------------------------------------------ Juan Carlos Sanchez Hernandez Universidad Politecnica de Madrid ------------------------------------------------------ From joseba.torre at ehu.es Mon Oct 17 17:42:45 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 17 Oct 2011 16:42:45 +0200 Subject: [Dovecot] lmtp performance In-Reply-To: <4E9C3C25.7070802@upm.es> References: <4E9BE1FB.6040902@upm.es> <4E9C3C25.7070802@upm.es> Message-ID: <201110171642.45954.joseba.torre@ehu.es> On Lunes 17 Octubre 2011 16:31:01 Juan Carlos Sanchez escribi?: > A particular reply (not to the list) has told me to try: > > " > Add to service lmtp: > process_min_avail = 20 > " > > And yes, it works (unless for me), so I want to share it with everybody. > > Have not exactly measured performance but this morning have seen over > 1400 messages/minute with lmtp under heavy load. > > > What the "process_min_avail = 20" in service lmtp (or anywhere else) > exactly imply? cannot find a reference in wiki2 . I suppose it means > than 20 lmtp processes are always open waiting for new connections and > so reducing startup latency, isn't it? I had a similar problem, and found the same solution. In my setup, only 1 lmtp process was available and a 2nd one never was created, so the process was really busy. With this parameter (I setup it to 10) I have diferent process and all of them are used. -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From simon.brereton at buongiorno.com Mon Oct 17 18:16:46 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 17 Oct 2011 11:16:46 -0400 Subject: [Dovecot] Spammers attempting SASL Auth Message-ID: <01f601cc8cdf$ca1d3850$5e57a8f0$@brereton@buongiorno.com> Hi This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known Simon From robert at schetterer.org Mon Oct 17 18:31:08 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 17 Oct 2011 17:31:08 +0200 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <01f601cc8cdf$ca1d3850$5e57a8f0$@brereton@buongiorno.com> References: <01f601cc8cdf$ca1d3850$5e57a8f0$@brereton@buongiorno.com> Message-ID: <4E9C4A3C.5060800@schetterer.org> Am 17.10.2011 17:16, schrieb Simon Brereton: > Hi > > This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. > > Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] > Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars > Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 > Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known > > > Simon > this maybe a brute force attack,or more easy someone missconfigured his client , you may use fail2ban etc to block it not directly related to dovecot -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From simon.brereton at buongiorno.com Mon Oct 17 18:51:15 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 17 Oct 2011 11:51:15 -0400 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <4E9C4A3C.5060800@schetterer.org> References: <4E9C4A3C.5060800@schetterer.org> Message-ID: <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> On 17 October 2011 11:31, Robert Schetterer wrote: > Am 17.10.2011 17:16, schrieb Simon Brereton: >> Hi >> >> This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. >> >> Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] >> Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars >> Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 >> Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known >> >> >> Simon >> > > this maybe a brute force attack,or more easy someone missconfigured his > client , you may use fail2ban etc to block it > not directly related to dovecot 17 queries in 30 seconds is not a misconfigured client :) And I'm already using Fail2Ban - but as someone on this list pointed out recently, that doesn't apply if they try X attempts on the same connection. Although, I don't think that was case here - maybe I should update my dovecot jail with that illegal chars line. But, be that as it may - all these attempts failed because the user didn't exist. What if the user exists though? Does this illegal chars make a hole for them to enter through? Simon From robert at schetterer.org Mon Oct 17 18:53:33 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 17 Oct 2011 17:53:33 +0200 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> References: <4E9C4A3C.5060800@schetterer.org> <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> Message-ID: <4E9C4F7D.4090301@schetterer.org> Am 17.10.2011 17:51, schrieb Simon Brereton: > On 17 October 2011 11:31, Robert Schetterer wrote: >> Am 17.10.2011 17:16, schrieb Simon Brereton: >>> Hi >>> >>> This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. >>> >>> Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] >>> Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars >>> Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 >>> Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known >>> >>> >>> Simon >>> >> >> this maybe a brute force attack,or more easy someone missconfigured his >> client , you may use fail2ban etc to block it >> not directly related to dovecot > > 17 queries in 30 seconds is not a misconfigured client :) > > And I'm already using Fail2Ban - but as someone on this list pointed > out recently, that doesn't apply if they try X attempts on the same > connection. Although, I don't think that was case here - maybe I > should update my dovecot jail with that illegal chars line. But, be > that as it may - all these attempts failed because the user didn't > exist. What if the user exists though? Does this illegal chars make > a hole for them to enter through? > > Simon > as i posted you offlist, this is a smtp attack, look at your i.e fail2ban postfix rules, fail2ban dovecot ruel is for banning pop3/imap brute force -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From tompru at jla.rutgers.edu Mon Oct 17 19:10:38 2011 From: tompru at jla.rutgers.edu (Tom Pawlowski) Date: Mon, 17 Oct 2011 12:10:38 -0400 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> References: <4E9C4A3C.5060800@schetterer.org> <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> Message-ID: <20111017161038.GC16920@hawkeye.rutgers.edu> Take a look at: http://hg.dovecot.org/dovecot-2.0/file/962df5d9413a/src/auth/auth-request.c on line 536. That's the auth service catching illegal characters and rejecting the attempt. It'll happen with or without a valid user. So, working as it should. As for spammers trying to brute force valid logins, yep, pretty common. Higher rate of success if they can mail from a known good server and account. * Simon Brereton [2011-10-17 11:51:15 -0400]: > On 17 October 2011 11:31, Robert Schetterer wrote: > > Am 17.10.2011 17:16, schrieb Simon Brereton: > >> Hi > >> > >> This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. > >> > >> Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] > >> Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars > >> Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 > >> Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known > >> > >> > >> Simon > >> > > > > this maybe a brute force attack,or more easy someone missconfigured his > > client , you may use fail2ban etc to block it > > not directly related to dovecot > > 17 queries in 30 seconds is not a misconfigured client :) > > And I'm already using Fail2Ban - but as someone on this list pointed > out recently, that doesn't apply if they try X attempts on the same > connection. Although, I don't think that was case here - maybe I > should update my dovecot jail with that illegal chars line. But, be > that as it may - all these attempts failed because the user didn't > exist. What if the user exists though? Does this illegal chars make > a hole for them to enter through? > > Simon > -- Tom Pawlowski OIT-CSS System Administrator office: Hill 147 email: tompru at jla.rutgers.edu phone: (732) 445-2634 From simon.brereton at buongiorno.com Mon Oct 17 19:21:10 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 17 Oct 2011 12:21:10 -0400 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <20111017161038.GC16920@hawkeye.rutgers.edu> References: <4E9C4A3C.5060800@schetterer.org> <20111017161038.GC16920@hawkeye.rutgers.edu> Message-ID: On 17 October 2011 12:10, Tom Pawlowski wrote: > Take a look at: > > http://hg.dovecot.org/dovecot-2.0/file/962df5d9413a/src/auth/auth-request.c > > on line 536. That's the auth service catching illegal characters and > rejecting the attempt. It'll happen with or without a valid user. So, > working as it should. > > As for spammers trying to brute force valid logins, yep, pretty common. > Higher rate of success if they can mail from a known good server and > account. Okay, thanks for that. That's the info/reassurance I was after. In the meantime I've update fail2ban to take care of it. You're right about the higher rate of success, I've just never seen a spammer try it before - usually their resources are better spend just sending the mail. But it's good to know that dovecot will trap and block the illegal Chars :) Thanks. Simon From tss at iki.fi Tue Oct 18 17:31:35 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:31:35 +0300 Subject: [Dovecot] doveadm mailbox list shows file system directories as mailboxes In-Reply-To: <20110922115223.73054v8up83ej0wg@webmail.hrz.uni-giessen.de> References: <20110922115223.73054v8up83ej0wg@webmail.hrz.uni-giessen.de> Message-ID: <1318948295.21919.100.camel@hurina> On Thu, 2011-09-22 at 11:52 +0200, J?rgen Obermann wrote: > Hello. > In our dovecvot we use mbox format with the default filesystem layout. > Therefore it is not possible to have mailboxes which are subfolders of > other mailboxes containing messages. > The command "doveadm mailbox list" includes the file system > directories, that contain only subfolders, as normal mailboxes in the > output: > > archiv > archiv/daemon > archiv/dovecot > > Did I miss something in the dovecot configuration or is there a bug in > the command "doveadm mailbox list"? It's more like a feature.. For example if there exists "archiv" directory without children, I don't think it should be invisible in the list. Maybe there could be a new parameter to hide \Noselect mailboxes. From tss at iki.fi Tue Oct 18 17:32:44 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:32:44 +0300 Subject: [Dovecot] Convert-tool maildir > mbox In-Reply-To: References: Message-ID: <1318948364.21919.101.camel@hurina> On Mon, 2011-10-10 at 14:10 +0200, Bertrand Jacquin wrote: > > Maybe that kind of conversion have evolved since 2.0 ? convert-tool wasn't very good. Use something else, like maybe dsync from v2.0 (even if you don't use v2.0 for anything else). From tss at iki.fi Tue Oct 18 17:34:33 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:34:33 +0300 Subject: [Dovecot] 2.1 Plans In-Reply-To: <1318280003.91961.YahooMailNeo@web39424.mail.mud.yahoo.com> References: <1318280003.91961.YahooMailNeo@web39424.mail.mud.yahoo.com> Message-ID: <1318948473.21919.102.camel@hurina> On Mon, 2011-10-10 at 13:53 -0700, Steve Fatula wrote: > Back in early 2010, Timo posted about a potential 2.1 feature to in > essence reduce the number of imap/pop3 processes using various > techniques since the code already supports multiple connections. It > even went as far as moving all idle connections. > > I don't see this on the 2.1 roadmap. Is it still planned perhaps for > 2.1? Thousands of imap processes going away is a great thing for me! > So, just curious. It's slowly getting there, but won't be ready for v2.1. From tss at iki.fi Tue Oct 18 17:37:20 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:37:20 +0300 Subject: [Dovecot] Auth Worker failures In-Reply-To: <069801cc88ea$a7c7dd80$f7579880$@brereton@buongiorno.com> References: <069801cc88ea$a7c7dd80$f7579880$@brereton@buongiorno.com> Message-ID: <1318948640.21919.103.camel@hurina> On Wed, 2011-10-12 at 10:24 -0400, Simon Brereton wrote: > > > Of all the accounts on the box, it's only mine that throws this up. > Since its LIP is localhost, it could really only be for webmail - but > I don't always leave the webmail open, so I'm curious to know how this > gets there and what it is. > > Any suggestions? I find it difficult to believe I have an IMAP > process in a script somewhere (especially with my user account - the > postmaster account, I could believe, but not with my personal one).. > You could enable auth_debug_passwords=yes and see what password it tries. From tss at iki.fi Tue Oct 18 17:40:26 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:40:26 +0300 Subject: [Dovecot] Rare error with concurrent users searching with fts-solr In-Reply-To: References: Message-ID: <1318948826.21919.105.camel@hurina> On Thu, 2011-10-13 at 10:31 +0200, Antonio Perez-Aranda wrote: > After see this error, I set a tcpdump to try to watch the SOLR XML and > GET, I can watch that Solr send a xml like this: > > > > with 200 as http status > > When the normal response is like this > > > .. Check what kind of commands Dovecot sends. Is this maybe a reply to a somewhat different (broken?) command than others? > At first, I think that the problems it's in Solr, but after get all > GET from tcpdump, I make a python script with urllib2 and send it all > to Solr with the same concurrency and I can't get any error or "empty > response" You mean send the exact same commands as Dovecot sent when this failed? It's anyway difficult for me to guess how this could be Dovecot's fault, if the command that gives the broken response normally works. From tss at iki.fi Tue Oct 18 17:46:28 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:46:28 +0300 Subject: [Dovecot] mail_location in LDAP and variables In-Reply-To: <201110171212.58602.joseba.torre@ehu.es> References: <201110171212.58602.joseba.torre@ehu.es> Message-ID: <1318949188.21919.106.camel@hurina> On Mon, 2011-10-17 at 12:12 +0200, Joseba Torre wrote: > Hi, > > Is it posible to use variables in mail_location when taken from ldap? How? > I've tried > > mdbox:/buzones2/'%n'/mdbox > mdbox:/buzones2/"%n"/mdbox > mdbox:/buzones2/%n/mdbox > > but %n is never replaced by its value. Where exactly are you trying to use this? It should get expanded. From tss at iki.fi Tue Oct 18 17:49:22 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:49:22 +0300 Subject: [Dovecot] Syntax to specify sdbox: mail_location path? In-Reply-To: <1318013006.28193.140258152251553@webmail.messagingengine.com> References: <1318013006.28193.140258152251553@webmail.messagingengine.com> Message-ID: <1318949363.21919.108.camel@hurina> On Fri, 2011-10-07 at 11:43 -0700, mephistopheles at operamail.com wrote: > With "sdbox:" > > mail_location = sdbox:/my_mailbox_path/%d/%n > > mail gets stored in /my_mailbox_path/%d/%n/mailboxes/INBOX/dbox-Mails. > > How do I get rid of the '/mailboxes/' and '/dbox-Mails/' path components > so sdbox stores in: > > /my_mailbox_path/%d/%n/INBOX Well, there are a few settings so you could make it work that way, but why do you want to do that? There's a reason why those extra directory components were added, you shouldn't remove them. From tss at iki.fi Tue Oct 18 17:52:35 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:52:35 +0300 Subject: [Dovecot] LDA/Postfix with quotas and without LMTP In-Reply-To: <1318185118.42006.YahooMailNeo@web39423.mail.mud.yahoo.com> References: <1318185118.42006.YahooMailNeo@web39423.mail.mud.yahoo.com> Message-ID: <1318949556.21919.111.camel@hurina> On Sun, 2011-10-09 at 11:31 -0700, Steve Fatula wrote: > dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied > > > Using mailbox_command in Postfix means that dovecot-lda is running as the system user getting the mail. Which means it can't access the socket file. Of course, one can simply use mode 666 on it, but, then people can use it to find out information according to the doc, which I do not want. > > So, I am not sure why the doc says to add -d for per user quotas, without also mentioning the problem with doing that. I don't see how it can work? > > Assuming I need per user quotas, and I don't want to use LMTP, is there a good way around this without the security issue? The possibilities are: a) Start dovecot-lda so that the process belongs to extra group (e.g. dovecot) and make the socket rw for that group. I don't know if Postfix can do this for system users.. b) Use filesystem setgid bit for dovecot-lda c) Run via sudo The b) and c) are explained in wiki in the "multiple UIDs" section (although for setuid-root rather than setgid-dovecot). From tss at iki.fi Tue Oct 18 17:53:35 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:53:35 +0300 Subject: [Dovecot] LDA/Postfix with quotas and without LMTP In-Reply-To: <1318949556.21919.111.camel@hurina> References: <1318185118.42006.YahooMailNeo@web39423.mail.mud.yahoo.com> <1318949556.21919.111.camel@hurina> Message-ID: <1318949615.21919.112.camel@hurina> On Tue, 2011-10-18 at 17:52 +0300, Timo Sirainen wrote: > On Sun, 2011-10-09 at 11:31 -0700, Steve Fatula wrote: > > dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied > > > The possibilities are: > > a) Start dovecot-lda so that the process belongs to extra group (e.g. > dovecot) and make the socket rw for that group. I don't know if Postfix > can do this for system users.. > > b) Use filesystem setgid bit for dovecot-lda > > c) Run via sudo > > The b) and c) are explained in wiki in the "multiple UIDs" section > (although for setuid-root rather than setgid-dovecot). Oh, and d) With v2.1 this works automatically From tss at iki.fi Tue Oct 18 17:57:23 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:57:23 +0300 Subject: [Dovecot] too many open files and v1.2 In-Reply-To: <201110061242.48615.mimo@gn.apc.org> References: <201110061242.48615.mimo@gn.apc.org> Message-ID: <1318949843.21919.114.camel@hurina> On Thu, 2011-10-06 at 12:42 +0100, Michael Moritz wrote: > Hi > > I've found an older thread http://www.dovecot.org/list/dovecot/2010-March/047886.html which mentions that this is a bug in version 1. I'm on Debian squeeze (1:1.2.15-7) and got errors like these recently > > Oct 5 11:29:29 mail dovecot: dovecot: pipe() failed: Too many open files > Oct 5 11:29:32 mail dovecot: dovecot: pipe() failed: Too many open files > Oct 5 11:29:32 mail dovecot: dovecot: Temporary failure in creating login processes, slowing down for now These errors come from the dovecot master process. Each child process uses up a few fds for pipes. > As a work around I've increased login_max_processes_count from 256 to 512 and it seems to have helped (as I suspected stale opened files). That only makes it easier to reach, since now there can be more child processes eating up more fds. > My colleague thinks it's hitting the kernel open file limit ulimit -n (currently at 1024) but I don't see how that could happen if the number of process is nowhere near that. I don't remember how many fds each process takes in v1.x, probably between 1 and 3. So if you for a while had hundreds of imap or pop3 processes, you could run into that limit. v2.x doesn't use as many fds. From joseba.torre at ehu.es Tue Oct 18 18:11:19 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Tue, 18 Oct 2011 17:11:19 +0200 Subject: [Dovecot] mail_location in LDAP and variables In-Reply-To: <1318949188.21919.106.camel@hurina> References: <201110171212.58602.joseba.torre@ehu.es> <1318949188.21919.106.camel@hurina> Message-ID: <201110181711.20074.joseba.torre@ehu.es> On Martes 18 Octubre 2011 16:46:28 Timo Sirainen escribi?: > On Mon, 2011-10-17 at 12:12 +0200, Joseba Torre wrote: > > Hi, > > > > Is it posible to use variables in mail_location when taken from ldap? > > How? I've tried > > > > mdbox:/buzones2/'%n'/mdbox > > mdbox:/buzones2/"%n"/mdbox > > mdbox:/buzones2/%n/mdbox > > > > but %n is never replaced by its value. > > Where exactly are you trying to use this? It should get expanded. As usual, it was me trying to be a lot more complicated than needed :) I was thinking about storing the mail_location in an standard way in ldap, so that everybody in LDAP has something like irisMailbox= mdbox:/buzones/%256Hn/%n/mdbox This doesn't work, but doesn't make much sense either. (It does if used in the generic mail_location, but not in a per user value) Now when I create a new account I calculate the mail_location and store that value in LDAP. So far so good. -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From dovecot-user at spambox.dk Tue Oct 18 18:32:19 2011 From: dovecot-user at spambox.dk (Henrik Larsson) Date: Tue, 18 Oct 2011 17:32:19 +0200 Subject: [Dovecot] "doveadm log reopen" don't reopen separate lmtp log Message-ID: <93f29aa4636f6565b3dbb264e789c1ef@larsson.as> I still see the issue below. Is there anyone running separate LMTP logging that could check if they experience the same issue? Best regards Henrik Larsson -------- Original Message -------- Subject: "doveadm log reopen" don't reopen separate lmtp log Date: Sun, 25 Sep 2011 00:23:49 +0200 From: Henrik Larsson To: dovecot at dovecot.org Dear all I have setup separate pop3/imap log "/var/log/dovecot" and lmtp delivery log "/var/log/dovecot-deliver". After rotating logfiles, i run "doveadm log reopen". I see that my pop3/imap log "/var/log/dovecot" is used straight away, but my lmpt log "/var/log/dovecot-deliver" isn't used at first. After some time, usually a few minutes, logs are being written to this file anyway. But if I compare this to my maillog, it misses some deliveries just after the log rotation. Is there any problems with this configuration that should be corrected? --cut-- # doveconf -n # 2.0.15: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.2-STABLE amd64 auth_mechanisms = plain login digest-md5 cram-md5 first_valid_uid = 125 hostname = mail.larsson.it listen = * log_path = /var/log/dovecot mail_plugins = fts fts_squat zlib mail_privileged_group = postfix mail_temp_dir = /var/db/dovecot managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date namespace { inbox = yes location = prefix = separator = . type = private } namespace { hidden = yes inbox = no list = no location = prefix = INBOX. separator = . type = private } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { fts = squat fts_squat = partial=4 full=10 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 lmtp sieve service auth-worker { user = $default_internal_user } service auth { unix_listener /home/mail/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service lmtp { executable = lmtp -L unix_listener /home/mail/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } ssl_cert = References: <93f29aa4636f6565b3dbb264e789c1ef@larsson.as> Message-ID: <74304A59-DA80-4B96-BEEB-3FCD88BF1C8B@iki.fi> The problem isn't lmtp itself, it's that you're using -L parameter, which causes LMTP processes to open the log files directly. The only way to reopen the log files is to restart those LMTP processes. "doveadm reload" should do it. On 18.10.2011, at 18.32, Henrik Larsson wrote: > I still see the issue below. Is there anyone running separate LMTP logging that could check if they experience the same issue? > > Best regards > Henrik Larsson > > > -------- Original Message -------- > Subject: "doveadm log reopen" don't reopen separate lmtp log > Date: Sun, 25 Sep 2011 00:23:49 +0200 > From: Henrik Larsson > To: dovecot at dovecot.org > > Dear all > > I have setup separate pop3/imap log "/var/log/dovecot" and lmtp delivery log "/var/log/dovecot-deliver". > > After rotating logfiles, i run "doveadm log reopen". I see that my pop3/imap log "/var/log/dovecot" is used straight away, but my lmpt log "/var/log/dovecot-deliver" isn't used at first. After some time, usually a few minutes, logs are being written to this file anyway. But if I compare this to my maillog, it misses some deliveries just after the log rotation. > > Is there any problems with this configuration that should be corrected? > > --cut-- > # doveconf -n > # 2.0.15: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 8.2-STABLE amd64 > auth_mechanisms = plain login digest-md5 cram-md5 > first_valid_uid = 125 > hostname = mail.larsson.it > listen = * > log_path = /var/log/dovecot > mail_plugins = fts fts_squat zlib > mail_privileged_group = postfix > mail_temp_dir = /var/db/dovecot > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date > namespace { > inbox = yes > location = > prefix = > separator = . > type = private > } > namespace { > hidden = yes > inbox = no > list = no > location = > prefix = INBOX. > separator = . > type = private > } > passdb { > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > fts = squat > fts_squat = partial=4 full=10 > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > protocols = imap pop3 lmtp sieve > service auth-worker { > user = $default_internal_user > } > service auth { > unix_listener /home/mail/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > } > service lmtp { > executable = lmtp -L > unix_listener /home/mail/postfix/private/dovecot-lmtp { > group = postfix > mode = 0660 > user = postfix > } > } > ssl_cert = ssl_key = userdb { > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocol lmtp { > log_path = /var/log/dovecot-deliver > mail_plugins = fts fts_squat zlib sieve > } > protocol lda { > mail_plugins = fts fts_squat zlib sieve > } > protocol imap { > mail_plugins = fts fts_squat zlib imap_zlib > } > --cut-- > > > Best regards > Henrik Larsson > From dovecot-user at spambox.dk Tue Oct 18 20:53:10 2011 From: dovecot-user at spambox.dk (Henrik Larsson) Date: Tue, 18 Oct 2011 19:53:10 +0200 Subject: [Dovecot] "doveadm log reopen" don't reopen separate lmtp log In-Reply-To: <74304A59-DA80-4B96-BEEB-3FCD88BF1C8B@iki.fi> References: <93f29aa4636f6565b3dbb264e789c1ef@larsson.as> <74304A59-DA80-4B96-BEEB-3FCD88BF1C8B@iki.fi> Message-ID: <4E9DBD06.6010408@spambox.dk> > The problem isn't lmtp itself, it's that you're using -L parameter, which causes LMTP processes to open the log files directly. Just to be sure, isn't this the only way to have a separate LMTP log files? > The only way to reopen the log files is to restart those LMTP processes. "doveadm reload" should do it. Thanks, I will try this. Best regards Henrik Larsson From tss at iki.fi Tue Oct 18 20:57:25 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 20:57:25 +0300 Subject: [Dovecot] "doveadm log reopen" don't reopen separate lmtp log In-Reply-To: <4E9DBD06.6010408@spambox.dk> References: <93f29aa4636f6565b3dbb264e789c1ef@larsson.as> <74304A59-DA80-4B96-BEEB-3FCD88BF1C8B@iki.fi> <4E9DBD06.6010408@spambox.dk> Message-ID: <80337D83-6707-41AF-8CBF-8869690BEA79@iki.fi> On 18.10.2011, at 20.53, Henrik Larsson wrote: > >> The problem isn't lmtp itself, it's that you're using -L parameter, which causes LMTP processes to open the log files directly. > Just to be sure, isn't this the only way to have a separate LMTP log files? Yes. But this isn't LMTP-specific in any way. It's the same as if you wanted separate IMAP or POP3 or whatever log files. The only special cases are programs that are executed directly instead of via dovecot master process (dovecot-lda, doveadm basically), because they always open the log files directly (and die once they're finished, so they don't have the rotation problem). Hmm. Actually you could probably set service_count=1 for lmtp service and it would get rotated soon enough, because the process would die after handling one LMTP connection. From pgnet.dev+rich-dovecot at gmail.com Wed Oct 19 05:17:02 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Tue, 18 Oct 2011 19:17:02 -0700 Subject: [Dovecot] 'doveadm quota get' dictionary SQL query ignores specified '@domain' part of username. bad config or bug? Message-ID: Hi, I'm setting up SQL quota usage in Dovecot2. I've created a MAILBOX parameter table, 'PARAMS', that contains unique @ pairs, with quota data. mysql> select * from PARAMS; +----+------------------------+------------+-------------+------------+ | ai | MAILBOX_user_domain | quota | quota_bytes | quota_msgs | +----+------------------------+------------+-------------+------------+ | 1 | myuser at domain1.com | 1073741824 | 0 | 0 | | 2 | myuser at domain2.com | 1000000000 | 0 | 0 | +----+------------------------+------------+-------------+------------+ 2 rows in set (0.00 sec) I've specified dict usage for quota, /etc/dovecot/dovecot.conf !include conf.d/*.conf protocols = imap lmtp dict { quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } created the maps, /etc/dovecot/dovecot-dict-sql.conf.ext connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user password=my_pass map { pattern = priv/quota/storage table = PARAMS username_field = MAILBOX_user_domain value_field = quota_bytes } map { pattern = priv/quota/messages table = PARAMS username_field = MAILBOX_user_domain value_field = quota_msgs } assigned the global values and backend, /etc/dovecot/conf.d/90-quota.conf plugin { quota = dict:User Quota::proxy::quota quota_rule = *:storage=1GB:messages=10000 quota_rule2 = Trash:storage=+10%% } and specified the user iteration query /etc/dovecot/sql/virtmail-userdb-sql.cf driver = mysql connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user password=my_pass user_query = CALL UserDBQuery('%n','%d'); iterate_query = SELECT `MAILBOX_user_domain` AS user FROM `PARAMS`; Verifying operation with with `doveadm`, I get a result from a !error query, doveadm quota get -u myuser at domain1.com Quota name Type Value Limit % User quota STORAGE 0 1048576 0 User quota MESSAGE 0 10000 0 doveadm quota get -u myuser at domain2.com Quota name Type Value Limit % User quota STORAGE 0 1048576 0 User quota MESSAGE 0 10000 0 But notice that there's no specificity by *domain*. Despite being provided the full @, matched to the map, username_field = MAILBOX_user_domain the Dovecot dict query seems to ignore the part, and simply matches on the first of the tow identical parts. Specifying "-A" doesn't help, doveadm quota get -A Username Quota name Type Value Limit % myuser at domain1.com User quota STORAGE 0 1048576 0 myuser at domain1.com User quota MESSAGE 0 10000 0 myuser at domain2.com User quota STORAGE 0 1048576 0 myuser at domain2.com User quota MESSAGE 0 10000 0 What needs to be done to get domain-specificity in the 'doveadm quota get' query? Is my configuration off, or incomplete, or is this a bug? Thanks, Rich From jk at jkart.de Wed Oct 19 17:12:17 2011 From: jk at jkart.de (Jim Knuth) Date: Wed, 19 Oct 2011 16:12:17 +0200 Subject: [Dovecot] xi.rename-it.nl down? Message-ID: <4E9EDAC1.4000602@jkart.de> Hello, is http://xi.rename-it.nl down? Apticron shows me permanently errors. -- Mit freundlichen Gr??en, with kind regards, Jim Knuth --------- Wenn ein wirklich gro?er Geist in der Welt erscheint, kann man ihn untr?glich daran erkennen, da? sich alle Dummk?pfe gegen ihn verb?nden. (Jonathan Swift) From pgnet.dev+rich-dovecot at gmail.com Wed Oct 19 17:41:35 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Wed, 19 Oct 2011 07:41:35 -0700 Subject: [Dovecot] 'doveadm quota get' dictionary SQL query ignores specified '@domain' part of username. bad config or bug? In-Reply-To: References: Message-ID: I've made some progress, but quota 'Limit' is still not fully functioning for me. A couple of changes have helped: Specifying a "%u% as username format, /etc/dovecot/conf.d/90-quota.conf plugin { - quota = dict:User Quota::proxy::quota + quota = dict:User Quota:%u:proxy::quota quota_rule = *:bytes=1073741824:messages=10000 quota_rule2 = Trash:storage=+10%% } using 'username' rather than 'user' in the user iteration query /etc/dovecot/sql/virtmail-userdb-sql.cf driver = mysql connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user password=my_pass user_query = CALL UserDBQuery('%n','%d'); - iterate_query = SELECT `MAILBOX_user_domain` AS user FROM `PARAMS`; + iterate_query = SELECT `MAILBOX_user_domain` AS username FROM `PARAMS`; and adding to my user_query, CREATE PROCEDURE `UserDBQuery`( ... SELECT ... concat('*:bytes=', quota_bytes, ':messages=10000') AS quota_rule, ... Now, at init, doveadm quota get -A Username Quota name Type Value Limit % myuser at domain1.com User quota STORAGE 0 0 0 myuser at domain1.com User quota MESSAGE 0 10000 0 myuser at domain2.com User quota STORAGE 0 0 0 myuser at domain2.com User quota MESSAGE 0 10000 0 mysql> select * from PARAMS; +----+------------------------+------------+-------------+ | ai | MAILBOX_user_domain | quota_bytes | quota_msgs | +----+------------------------+-------------+------------+ | 1 | myuser at domain1.com | 0 | 0 | | 2 | myuser at domain2.com | 0 | 0 | +----+------------------------+------------+-------------+ 2 rows in set (0.00 sec) and, after sending a single message to 'myuser at domain1.com', I do see that Dovecot now recognizes/calculates a quota change, and only for one domain, doveadm quota get -A Username Quota name Type Value Limit % myuser at domain1.com User quota STORAGE 3 3 100 myuser at domain1.com User quota MESSAGE 1 10000 0 myuser at domain2.com User quota STORAGE 0 0 0 myuser at domain2.com User quota MESSAGE 0 10000 0 mysql> select * from PARAMS; +----+------------------------+------------+-------------+ | ai | MAILBOX_user_domain | quota_bytes | quota_msgs | +----+------------------------+-------------+------------+ | 1 | myuser at domain1.com | 3269 | 1 | | 2 | myuser at domain2.com | 0 | 0 | +----+------------------------+------------+-------------+ 2 rows in set (0.00 sec) But, the Limit's wrong. It's not picking up the global Limit from /etc/dovecot/conf.d/90-quota.conf ... --> quota_rule = *:bytes=1073741824:messages=10000 ... and once a message quota Value is calculated, the Limit is set == Value, resulting in an incorrrect quota %-age of 100%. Is Limit supposed to be specified per-user? Rich From stephan at rename-it.nl Wed Oct 19 18:30:26 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 19 Oct 2011 17:30:26 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4E9EDAC1.4000602@jkart.de> References: <4E9EDAC1.4000602@jkart.de> Message-ID: <4E9EED12.8040409@rename-it.nl> Op 19-10-2011 16:12, Jim Knuth schreef: > Hello, > > is http://xi.rename-it.nl down? Apticron > shows me permanently errors. Yes. I noticed this yesterday. This is a recurring problem for some reason, probably some Xen-related issue. Every few months it just 'goes away' without any apparent reason. Unfortunately, I cannot restart the Xi myself at the moment and the person who can is currently involved in solving another IT calamity of a different magnitude. I think it can take up to a day for this system to come back online. Regards, Stephan. From pgnet.dev+rich-dovecot at gmail.com Wed Oct 19 18:54:33 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Wed, 19 Oct 2011 08:54:33 -0700 Subject: [Dovecot] Is '*:bytes=" quota specification the quota 'Value', or 'Limit'? Message-ID: Docs for quota configuration http://wiki2.dovecot.org/Quota/Configuration#Limit_configuration state that the 'bytes=' specification defines the quota **LIMIT** "bytes: Quota limit in bytes, 0 means unlimited" as used in plugin { ... quota_rule = *:bytes=10000000 ... BUT, documentation for quota dict http://wiki2.dovecot.org/Quota/Dict states "MySQL uses the following queries to update the quota" and provides an SQL example of Dovecot decrementing the 'bytes' value, "UPDATE table SET bytes=bytes-14433,messages=messages-2 ..." I'm working on a current problem (http://dovecot.org/list/dovecot/2011-October/061538.html) with 'doveadm' reporting mixing up quote Value & Limit. Question: Is 'bytes' supposed to contain the Value, or the Limit? Rich From ghandidrivesahumvee at rocketfish.com Wed Oct 19 22:40:46 2011 From: ghandidrivesahumvee at rocketfish.com (ghandidrivesahumvee at rocketfish.com) Date: Wed, 19 Oct 2011 12:40:46 -0700 (GMT+7) Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 Message-ID: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> Hi list, I just recently installed Dovecot 2.0.15. Unfortunately, doveadm segfaults when I attempt to connect to the local dovecot instance. When this occurs, my logs show: 2011-10-19T12:31:23-07:00 mail02 dovecot: doveadm: Error: doveadm client not compatible with this server (mixed old and new binaries?) I am using the settings listed on the wiki page http://wiki2.dovecot.org/Director [root at mail02 ~]# /opt/dovecot/bin/doveadm who -a 10.10.5.220:544 Segmentation fault (core dumped) doveconf and gdb output are below. If there is any more information I can provide please let me know. Thanks! [root at mail02 ~]# /opt/dovecot/bin/doveconf -n # 2.0.15: /opt/dovecot-2.0.15/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-194.17.4.el5 x86_64 CentOS release 5.5 (Final) auth_mechanisms = plain login auth_verbose = yes auth_worker_max_count = 60 default_client_limit = 2048 disable_plaintext_auth = no doveadm_proxy_port = 544 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = 10.10.5.220, 127.0.0.1 lmtp_save_to_detail_mailbox = yes mail_fsync = always mail_log_prefix = "%r mpid=%p %s(%u): " mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = " notify mail_log" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mmap_disable = yes passdb { args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { mail_log_events = delete expunge mailbox_delete mail_log_fields = msgid box from mail_log_group_events = yes sieve = ~/MainSieve sieve_before = /storage03/sieve/before/ sieve_dir = ~/sieve sieve_max_actions = 32 sieve_max_redirects = 4 sieve_max_script_size = 2M } quota_full_tempfail = yes service anvil { client_limit = 2000 } service auth { client_limit = 7000 unix_listener /var/spool/postfix/private/auth { mode = 0600 user = postfix } unix_listener auth-userdb { group = mailowner mode = 0600 user = mailowner } } service doveadm { inet_listener { port = 544 } } service imap-login { inet_listener imap { port = 143 } process_min_avail = 4 service_count = 0 vsz_limit = 128 M } service imap {%0 From CMarcus at Media-Brokers.com Wed Oct 19 22:45:46 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 19 Oct 2011 15:45:46 -0400 Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> Message-ID: <4E9F28EA.8090200@Media-Brokers.com> On 2011-10-19 3:40 PM, ghandidrivesahumvee at rocketfish.com wrote: > I just recently installed Dovecot 2.0.15. Unfortunately, doveadm segfaults > when I attempt to connect to the local dovecot instance. When this occurs, > my logs show: > > 2011-10-19T12:31:23-07:00 mail02 dovecot: doveadm: Error: doveadm client > not compatible with this server (mixed old and new binaries?) I think the error message is pretty clear... You obviously still have an older version installed... How did you install 2.0.15? -- Best regards, Charles From stsiol at yahoo.co.uk Wed Oct 19 23:06:49 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Wed, 19 Oct 2011 21:06:49 +0100 (BST) Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> Message-ID: <1319054809.66277.YahooMailNeo@web27206.mail.ukl.yahoo.com> ----- Original Message ----- From: "ghandidrivesahumvee at rocketfish.com" To: dovecot at dovecot.org Cc: Sent: Wednesday, 19 October 2011, 22:40 Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 Hi list, I just recently installed Dovecot 2.0.15. Unfortunately, doveadm segfaults when I attempt to connect to the local dovecot instance. When this occurs, my logs show: 2011-10-19T12:31:23-07:00 mail02 dovecot: doveadm: Error: doveadm client not compatible with this server (mixed old and new binaries?) I am using the settings listed on the wiki page http://wiki2.dovecot.org/Director [root at mail02 ~]# /opt/dovecot/bin/doveadm who -a 10.10.5.220:544 Segmentation fault (core dumped) doveconf and gdb output are below. If there is any more information I can provide please let me know. Thanks! Which OS version ? Have you considered the possibility you had a previous version of dovecot installed from the distro, then installed v2.0.15 ? Just saying, s. ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From ghandidrivesahumvee at rocketfish.com Wed Oct 19 23:33:41 2011 From: ghandidrivesahumvee at rocketfish.com (ghandidrivesahumvee at rocketfish.com) Date: Wed, 19 Oct 2011 13:33:41 -0700 (GMT+7) Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: <4E9F28EA.8090200@Media-Brokers.com> References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> <4E9F28EA.8090200@Media-Brokers.com> Message-ID: > I think the error message is pretty clear... It is clear, but it is wrong. ./configure --prefix=/opt/dovecot-2.0.15 ; make ; make install in /opt dovecot is a symlink to dovecot-2.0.15 The binary in the source directory crashes too. [root at mail02 ~]# /usr/local/src/dovecot-2.0.15/src/doveadm/doveadm who -a 10.10.5.220:544 Segmentation fault (core dumped) > Which OS version ? CentOS 5.5 x86_64 > Have you considered the possibility you had a previous version of dovecot > installed from the distro, then installed v2.0.15 ? There is no install of dovecot from the distro. > On 2011-10-19 3:40 PM, ghandidrivesahumvee at rocketfish.com > wrote: >> I just recently installed Dovecot 2.0.15. Unfortunately, doveadm >> segfaults >> when I attempt to connect to the local dovecot instance. When this >> occurs, >> my logs show: >> >> 2011-10-19T12:31:23-07:00 mail02 dovecot: doveadm: Error: doveadm client >> not compatible with this server (mixed old and new binaries?) > > I think the error message is pretty clear... > > You obviously still have an older version installed... > > How did you install 2.0.15? > > -- > > Best regards, > > Charles > From user+dovecot at localhost.localdomain.org Wed Oct 19 23:41:57 2011 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Wed, 19 Oct 2011 22:41:57 +0200 Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> <4E9F28EA.8090200@Media-Brokers.com> Message-ID: <4E9F3615.10401@localhost.localdomain.org> On 10/19/2011 10:33 PM ghandidrivesahumvee at rocketfish.com wrote: > Segmentation fault (core dumped) Please use gdb to generate a backtrace from the dumped core file. (http://dovecot.org/bugreport.html) Regards, Pascal -- The trapper recommends today: defaced.1129222 at localdomain.org From ghandidrivesahumvee at rocketfish.com Wed Oct 19 23:49:55 2011 From: ghandidrivesahumvee at rocketfish.com (ghandidrivesahumvee at rocketfish.com) Date: Wed, 19 Oct 2011 13:49:55 -0700 (GMT+7) Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: <4E9F3615.10401@localhost.localdomain.org> References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> <4E9F28EA.8090200@Media-Brokers.com> <4E9F3615.10401@localhost.localdomain.org> Message-ID: <729faff30062e73d6274b1d5070e50e3.squirrel@webmail.islandemail.com> Looks like my mail client cut the original message short. Here is doveconf and gdb output [root at mail02 ~]# /opt/dovecot/bin/doveconf -n # 2.0.15: /opt/dovecot-2.0.15/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-194.17.4.el5 x86_64 CentOS release 5.5 (Final) auth_mechanisms = plain login auth_verbose = yes auth_worker_max_count = 60 default_client_limit = 2048 disable_plaintext_auth = no doveadm_proxy_port = 544 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = 10.10.5.220, 127.0.0.1 lmtp_save_to_detail_mailbox = yes mail_fsync = always mail_log_prefix = "%r mpid=%p %s(%u): " mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = " notify mail_log" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mmap_disable = yes passdb { args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { mail_log_events = delete expunge mailbox_delete mail_log_fields = msgid box from mail_log_group_events = yes sieve = ~/MainSieve sieve_before = /storage03/sieve/before/ sieve_dir = ~/sieve sieve_max_actions = 32 sieve_max_redirects = 4 sieve_max_script_size = 2M } quota_full_tempfail = yes service anvil { client_limit = 2000 } service auth { client_limit = 7000 unix_listener /var/spool/postfix/private/auth { mode = 0600 user = postfix } unix_listener auth-userdb { group = mailowner mode = 0600 user = mailowner } } service doveadm { inet_listener { port = 544 } } service imap-login { inet_listener imap { port = 143 } process_min_avail = 4 service_count = 0 vsz_limit = 128 M } service imap { process_limit = 3072 } service lmtp { inet_listener lmtp { port = 24 } vsz_limit = 2 G } service pop3-login { inet_listener pop3 { port = 110 } } service pop3 { process_limit = 3072 } syslog_facility = local3 userdb { args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } protocol imap { mail_max_userip_connections = 2000 } protocol lmtp { lmtp_save_to_detail_mailbox = yes mail_plugins = sieve } protocol pop3 { pop3_uidl_format = %08Xu%08Xv } [root at mail02 ~]# gdb /opt/dovecot/bin/doveadm ./core.14731 GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-23.el5_5.2) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /opt/dovecot-2.0.15/bin/doveadm...done. Reading symbols from /opt/dovecot-2.0.15/lib/dovecot/libdovecot-storage.so.0...done. Loaded symbols for /opt/dovecot-2.0.15/lib/dovecot/libdovecot-storage.so.0 Reading symbols from /lib64/libpam.so.0...(no debugging symbols found)...done. Loaded symbols for /lib64/libpam.so.0 Reading symbols from /usr/lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libgssapi_krb5.so.2 Reading symbols from /usr/lib64/libkrb5.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libkrb5.so.3 Reading symbols from /usr/lib64/libk5crypto.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libk5crypto.so.3 Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libcom_err.so.2 Reading symbols from /usr/lib64/mysql/libmysqlclient.so.15...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/mysql/libmysqlclient.so.15 Reading symbols from /usr/lib64/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libz.so.1 Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypt.so.1 Reading symbols from /lib64/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libnsl.so.1 Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libm.so.6 Reading symbols from /lib64/libssl.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libssl.so.6 Reading symbols from /lib64/libcrypto.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypto.so.6 Reading symbols from /opt/dovecot-2.0.15/lib/dovecot/libdovecot.so.0...done. Loaded symbols for /opt/dovecot-2.0.15/lib/dovecot/libdovecot.so.0 Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/librt.so.1 Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/libaudit.so.0...(no debugging symbols found)...done. Loaded symbols for /lib64/libaudit.so.0 Reading symbols from /usr/lib64/libkrb5support.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libkrb5support.so.0 Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libkeyutils.so.1 Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libresolv.so.2 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. Loaded symbols for /lib64/libpthread.so.0 Reading symbols from /lib64/libselinux.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libselinux.so.1 Reading symbols from /lib64/libsepol.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libsepol.so.1 Reading symbols from /opt/dovecot-2.0.15/lib/dovecot/lib15_notify_plugin.so...done. Loaded symbols for /opt/dovecot-2.0.15/lib/dovecot/lib15_notify_plugin.so Reading symbols from /opt/dovecot-2.0.15/lib/dovecot/lib20_mail_log_plugin.so...done. Loaded symbols for /opt/dovecot-2.0.15/lib/dovecot/lib20_mail_log_plugin.so Core was generated by `/opt/dovecot/bin/doveadm who -a 172.16.5.234:544'. Program terminated with signal 11, Segmentation fault. #0 0x0000003a6be349fa in ____strtoull_l_internal () from /lib64/libc.so.6 (gdb) bt full #0 0x0000003a6be349fa in ____strtoull_l_internal () from /lib64/libc.so.6 No symbol table info available. #1 0x00000000004170f9 in who_parse_line (ctx=0x7fff05cb2990, callback=0x4175e0 ) at /usr/include/stdlib.h:342 ident = 0x14149980 "-" p = 0x1
#2 who_lookup (ctx=0x7fff05cb2990, callback=0x4175e0 ) at doveadm-who.c:152 who_line = {username = 0x0, service = 0x0, ip = {family = 0, u = {ip6 = {in6_u = {u6_addr8 = '\000' , u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, pid = 0, refcount = 0} _data_stack_cur_id = 2 input = 0x1415efb0 line = fd = #3 0x0000000000417349 in cmd_who (argc=3, argv=0x141494d8) at doveadm-who.c:298 ctx = {anvil_path = 0x14149518 "172.16.5.234:544", filter = {username = 0x0, net_ip = {family = 0, u = {ip6 = {in6_u = {u6_addr8 = '\000' , u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, net_bits = 0}, pool = 0x1415b000, users = 0x1415d7f0} separate_connections = false c = #4 0x000000000040f9e3 in doveadm_try_run (argc=3, argv=0x141494d8) at doveadm.c:192 cmd = 0x14158e90 cmd_name_len = 3 __FUNCTION__ = "doveadm_try_run" #5 main (argc=3, argv=0x141494d8) at doveadm.c:346 cmd_name = 0x14149511 "who" quick_init = false c = (gdb) From paixaop at gmail.com Thu Oct 20 04:17:14 2011 From: paixaop at gmail.com (Pedro Paixao) Date: Wed, 19 Oct 2011 21:17:14 -0400 Subject: [Dovecot] Proxy and Virtual IMAP Folders Message-ID: Hi all I am a newbie to dovecot and I would like some help clarifying a feature to determine if I can use it in my project. Is is posible to use the virtual plugin, in a IMAP proxy configuration, in a way that the virtual plugin searches messages on the real server? Here's my scenario: [Client]----[Dovecot Proxy]-----[Real Imap Server] Client connects to Dovecot Proxy and gets all the folders that are on the Real Imap Server, plus some virtual ones (generated by Dovecot Proxy) that search for messages on the real server. In my config the Dovecot Proxy has no email messages, real folders, or local delivery. I would like to thank you in advance for ant help and support. All the best Pedro From kafriki at hotmail.com Thu Oct 20 06:31:34 2011 From: kafriki at hotmail.com (Jumping Mouse) Date: Wed, 19 Oct 2011 23:31:34 -0400 Subject: [Dovecot] imap proxy for Gmail Message-ID: Hello, b I have a situation were I want to be able to give teachers access to their Google apps for education email through Squirrelmail. The network that they are on blocks gmail. ?? I am able to get Squirrelmail to communicate with Gmail via imap.? I am looking at getting persistant imap connections to improve the user experience.? I have looked at IMAPPROXY? but this application is not compatible with the gmail?imaps (ssl-encrypted imap over port 993).?? I recall reading somewhere that Dovecot has a built in imapproxy that could be used for this.? Can someone please point me to documentation or other information on how I might achieve the above stated goal? Thanks,? Kafriki From mark.zealey at webfusion.com Thu Oct 20 12:38:42 2011 From: mark.zealey at webfusion.com (Mark Zealey) Date: Thu, 20 Oct 2011 12:38:42 +0300 Subject: [Dovecot] Port variable in LMTP userdb lookups? Message-ID: <4E9FEC22.8060105@webfusion.com> Hi all, I'm currently changing some systems to use the redirector service, which means that to get local deliveries going I need to get lmtp set up so it can be redirected as well. This is working fine, however we have a number of different ports running on our servers depending on which brand a customer is using. When the time comes to do the user look up, we use (port, user, domain) to do a unique database lookup which works fine for everything (proxied pop, imap, lmtp & straight pop, imap) but not straight lmtp - perhaps because it doesn't have a 2-stage login process unlike the pop/imap protocols. Looking at the SQL query we are issuing, the %a port variable is set to 0 even though the connection is coming in from TCP. Is there a way to change this? We are running dovecot 2.0.12 however looking through the changelogs I can't see this would be fixed in the newest version. Thanks, Mark From wgillespie+dovecot at es2eng.com Thu Oct 20 12:45:26 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Thu, 20 Oct 2011 03:45:26 -0600 Subject: [Dovecot] imap proxy for Gmail In-Reply-To: References: Message-ID: <4E9FEDB6.1070809@es2eng.com> On 10/19/2011 9:31 PM, Jumping Mouse wrote: > I have a situation were I want to be able to give teachers access to their Google apps for education email through Squirrelmail. The network that they are on blocks gmail. I am able to get Squirrelmail to communicate with Gmail via imap. I am looking at getting persistant imap connections to improve the user experience. I have looked at IMAPPROXY but this application is not compatible with the gmail imaps (ssl-encrypted imap over port 993). I recall reading somewhere that Dovecot has a built in imapproxy that could be used for this. > > Can someone please point me to documentation or other information on how I might achieve the above stated goal? You are probably thinking of the "imapc" backend for Dovecot. Not sure if it gives the persistent connections you are looking for or not since I've never used it. From mimo at gn.apc.org Thu Oct 20 16:13:33 2011 From: mimo at gn.apc.org (Michael Moritz) Date: Thu, 20 Oct 2011 14:13:33 +0100 Subject: [Dovecot] too many open files and v1.2 In-Reply-To: <1318949843.21919.114.camel@hurina> References: <201110061242.48615.mimo@gn.apc.org> <1318949843.21919.114.camel@hurina> Message-ID: <201110201413.33386.mimo@gn.apc.org> Hi Timo thanks for your reply. I understand you're basically saying "upgrade to v2" but maybe this could be of interest for you. After we lowered the login_max_processes_count again the problem reappeared so I'm not sure whether that doesn't indicate a different problem. Regards, Michael On Tuesday 18 October 2011 15:57:23 Timo Sirainen wrote: > On Thu, 2011-10-06 at 12:42 +0100, Michael Moritz wrote: > > Hi > > > > I've found an older thread http://www.dovecot.org/list/dovecot/2010-March/047886.html which mentions that this is a bug in version 1. I'm on Debian squeeze (1:1.2.15-7) and got errors like these recently > > > > Oct 5 11:29:29 mail dovecot: dovecot: pipe() failed: Too many open files > > Oct 5 11:29:32 mail dovecot: dovecot: pipe() failed: Too many open files > > Oct 5 11:29:32 mail dovecot: dovecot: Temporary failure in creating login processes, slowing down for now > > These errors come from the dovecot master process. Each child process > uses up a few fds for pipes. > > > As a work around I've increased login_max_processes_count from 256 to 512 and it seems to have helped (as I suspected stale opened files). > > That only makes it easier to reach, since now there can be more child > processes eating up more fds. > > > My colleague thinks it's hitting the kernel open file limit ulimit -n (currently at 1024) but I don't see how that could happen if the number of process is nowhere near that. > > I don't remember how many fds each process takes in v1.x, probably > between 1 and 3. So if you for a while had hundreds of imap or pop3 > processes, you could run into that limit. > > v2.x doesn't use as many fds. > > From npetronikolos at condito.gr Wed Oct 19 12:54:06 2011 From: npetronikolos at condito.gr (Nikolaos Petronikolos) Date: Wed, 19 Oct 2011 02:54:06 -0700 (PDT) Subject: [Dovecot] can not receive email upgrading from ubuntu 11.4 to 11.10 Message-ID: <32681149.post@talk.nabble.com> Dear all, I have the following error when i am sending an email to my email server postfix + dovecot. #5.3.0 x-unix; /usr/lib/dovecot/deliver: invalid option -- 'n' Usage: dovecot-lda [-c ] [-a
] [-d ] [-p ] [-f ] [-m ] [-e] [-k]> #SMTP# The problem occurred after i upgraded my server from ubuntu 11.4 to 11.10. i kindly ask you if you can help me thank you in advance for your kind attention. -- View this message in context: http://old.nabble.com/can-not-receive-email-upgrading-from-ubuntu-11.4-to-11.10-tp32681149p32681149.html Sent from the Dovecot mailing list archive at Nabble.com. From dswartz at druber.com Thu Oct 20 18:01:29 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Thu, 20 Oct 2011 11:01:29 -0400 Subject: [Dovecot] Expire plugin not executing for sieve plugin? Message-ID: <4EA037C9.3040209@druber.com> Running dovecot 1.2.12 on ubuntu 10.10. Here is the problem: I have mysql backend for expire. I am using the dovecot-postfix package which creates /etc/dovecot/conf.d/01-mail-stack-delivery.conf which looks like this: # Some general options protocols = imap imaps managesieve disable_plaintext_auth = no ssl = yes ssl_cert_file = /etc/ssl/certs/ssl-mail.pem ssl_key_file = /etc/ssl/private/ssl-mail.key ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM mail_location = maildir:~/Maildir auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ # IMAP configuration protocol imap { mail_max_userip_connections = 10 imap_client_workarounds = outlook-idle delay-newmail mail_plugins = expire } # LDA configuration protocol lda { postmaster_address = postmaster mail_plugins = sieve expire quota_full_tempfail = yes deliver_log_format = msgid=%m: %$ rejection_reason = Your message to <%t> was automatically rejected:%n%r } # Plugins configuration plugin { sieve=~/.dovecot.sieve sieve_dir=~/sieve # If the user has no personal active script (i.e. if the file # indicated in sieve= does not exist), use this one: sieve_global_path = /var/lib/dovecot/sieve/default.sieve } The sieve is: require "fileinto"; require "imap4flags"; if header :contains "X-Spam-Flag" "YES" { setflag "\\Seen"; fileinto "SPAM"; stop; } Originally, this did not have the setflag or stop - I added them hoping to fix the problem, but no luck. The problem is this: when spam assassin has flagged a message as spam, the sieve runs and the message is in fact filed into the SPAM folder, but no expire entry is added to the database. If I move such a message from the SPAM folder to the Inbox and then back to SPAM, voila, I *do* get the entry created. Here is the mysql table before and after I did the move/move: mysql> select * from expires; +----------+---------------+--------------+ | username | mailbox | expire_stamp | +----------+---------------+--------------+ | dswartz | Deleted Items | 1319720163 | | dswartz | Sent | 1319120165 | | denise | Trash | 1319139920 | | samantha | Trash | 1319136146 | | denise | Sent | 1319655872 | | danielle | Sent | 1319192230 | | samantha | Sent | 1319268855 | | dswartz | Trash | 1319725884 | | samantha | SPAM | 1321504531 | +----------+---------------+--------------+ 9 rows in set (0.00 sec) mysql> select * from expires; +----------+---------------+--------------+ | username | mailbox | expire_stamp | +----------+---------------+--------------+ | dswartz | Deleted Items | 1319720163 | | dswartz | Sent | 1319120165 | | denise | Trash | 1319139920 | | samantha | Trash | 1319136146 | | denise | Sent | 1319655872 | | danielle | Sent | 1319192230 | | samantha | Sent | 1319268855 | | dswartz | Trash | 1319725884 | | samantha | SPAM | 1321504531 | | dswartz | SPAM | 1321714666 | +----------+---------------+--------------+ 10 rows in set (0.00 sec) It's almost like the fileinto stuff is not running the plugin code at all, or am I totally on drugs? If I can't get a fix for this, I at least now can think of a hack to "fix" it. e.g. every night, run a script that adds a "now" timestamp for everyone's SPAM folder to trick the periodic expire tool code into checking that folder, but obviously I'd rather have a real fix :) If this is just 'how it works', is it better in 2.0? From james.page at ubuntu.com Thu Oct 20 18:31:28 2011 From: james.page at ubuntu.com (James Page) Date: Thu, 20 Oct 2011 16:31:28 +0100 Subject: [Dovecot] can not receive email upgrading from ubuntu 11.4 to 11.10 In-Reply-To: <32681149.post@talk.nabble.com> References: <32681149.post@talk.nabble.com> Message-ID: <4EA03ED0.4080400@ubuntu.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Nikolaos On 19/10/11 10:54, Nikolaos Petronikolos wrote: > #5.3.0 x-unix; /usr/lib/dovecot/deliver: invalid option -- 'n' > Usage: dovecot-lda [-c ] [-a
] [-d > ] [-p ] [-f ] [-m ] [-e] > [-k]> #SMTP# > > The problem occurred after i upgraded my server from ubuntu 11.4 to > 11.10. 11.10 upgrades dovecot from 1.2.x to 2.0.x; as a result the -n flag is no longer accepted by dovecot-lda; You can fix this by removing the -n flag from the postfix configuration; sudo postconf -e "mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-mail-stack-delivery.conf -m \"\${EXTENSION}\"" This is a bug in the Ubuntu packaging; it would be great if you could raise a bug in Ubuntu as well (I'll probably work on a stable release update for this one): https://bugs.launchpad.net/ubuntu/+source/dovecot/+filebug Cheers James - -- James Page Ubuntu Core Developer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJOoD7QAAoJEL/srsug59jDHUcQAJfL4jU+wNMK22kYOCKsTRkr eHBUZ0IQ1Yv2IscqRpW8WaAAg6r7tufMoodI/MY1N4w2FHfwJAAMiCfU/8gTyfHD /FxwVH5Phk+InEYDEc7YMCdgTwh936yiOKkQjz65aGO3kUIg42QSNHOBq30L4VV7 b4cnwIlwALjA/8U2HrZr6XHBwZ9YoyxoLY3m6R9MCcCNpEEUUh1tH4i2FuZYFHmJ CokbWA2XHJCli4yZ5d+1JM3D0u/Sg2w1bczT3kkIE8HhGgOpCidbYRrOKTrHrFOl 0GKvHQkxvosqfLt8rdrjJlhNlGjPdRdu22vsMy43rS80knN70ltyTH3K5kiW2q6/ skqQjwgZ4y41sqsKq8WnuYuSfeH2TSrglzSXQ2W8vOOAJArqwLLst5E3+Ift3Pig 0BhNlSyQyWhdE4TE9zbGnUPK8GLXLU82LcTegpz6d3mxAcCs7+SnNiYPnRrNxTA1 YqqBdcAfCMeS5B3w5ZQRQDvKOIZOPqyIeZPX2g5bOM4ngDnZoJfIOf6RkBX/DPVw UCgU1AjWWHtrcTby7h4s3xX+EaPUpEFj8eg30GW5exsSMM6ASuU+HtQpO3rEobDB uG9AvHahf6Y9fAuSdxjcHQg6xyWDEYNaW3MNZauaD92IvaTP2uTyQvopk3ahyOWK 7lpTV7qZ776fNbK5OYrX =W3fO -----END PGP SIGNATURE----- From dswartz at druber.com Thu Oct 20 18:32:44 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Thu, 20 Oct 2011 11:32:44 -0400 Subject: [Dovecot] Expire plugin not executing for sieve plugin? Message-ID: <4EA03F1C.5010500@druber.com> Running dovecot 1.2.12 on ubuntu 10.10. Here is the problem: I have mysql backend for expire. I am using the dovecot-postfix package which creates /etc/dovecot/conf.d/01-mail-stack-delivery.conf which looks like this: # Some general options protocols = imap imaps managesieve disable_plaintext_auth = no ssl = yes ssl_cert_file = /etc/ssl/certs/ssl-mail.pem ssl_key_file = /etc/ssl/private/ssl-mail.key ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM mail_location = maildir:~/Maildir auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ # IMAP configuration protocol imap { mail_max_userip_connections = 10 imap_client_workarounds = outlook-idle delay-newmail mail_plugins = expire } # LDA configuration protocol lda { postmaster_address = postmaster mail_plugins = sieve expire quota_full_tempfail = yes deliver_log_format = msgid=%m: %$ rejection_reason = Your message to <%t> was automatically rejected:%n%r } # Plugins configuration plugin { sieve=~/.dovecot.sieve sieve_dir=~/sieve # If the user has no personal active script (i.e. if the file # indicated in sieve= does not exist), use this one: sieve_global_path = /var/lib/dovecot/sieve/default.sieve } The sieve is: require "fileinto"; require "imap4flags"; if header :contains "X-Spam-Flag" "YES" { setflag "\\Seen"; fileinto "SPAM"; stop; } Originally, this did not have the setflag or stop - I added them hoping to fix the problem, but no luck. The problem is this: when spam assassin has flagged a message as spam, the sieve runs and the message is in fact filed into the SPAM folder, but no expire entry is added to the database. If I move such a message from the SPAM folder to the Inbox and then back to SPAM, voila, I *do* get the entry created. Here is the mysql table before and after I did the move/move: mysql> select * from expires; +----------+---------------+--------------+ | username | mailbox | expire_stamp | +----------+---------------+--------------+ | dswartz | Deleted Items | 1319720163 | | dswartz | Sent | 1319120165 | | denise | Trash | 1319139920 | | samantha | Trash | 1319136146 | | denise | Sent | 1319655872 | | danielle | Sent | 1319192230 | | samantha | Sent | 1319268855 | | dswartz | Trash | 1319725884 | | samantha | SPAM | 1321504531 | +----------+---------------+--------------+ 9 rows in set (0.00 sec) mysql> select * from expires; +----------+---------------+--------------+ | username | mailbox | expire_stamp | +----------+---------------+--------------+ | dswartz | Deleted Items | 1319720163 | | dswartz | Sent | 1319120165 | | denise | Trash | 1319139920 | | samantha | Trash | 1319136146 | | denise | Sent | 1319655872 | | danielle | Sent | 1319192230 | | samantha | Sent | 1319268855 | | dswartz | Trash | 1319725884 | | samantha | SPAM | 1321504531 | | dswartz | SPAM | 1321714666 | +----------+---------------+--------------+ 10 rows in set (0.00 sec) It's almost like the fileinto stuff is not running the plugin code at all, or am I totally on drugs? If I can't get a fix for this, I at least now can think of a hack to "fix" it. e.g. every night, run a script that adds a "now" timestamp for everyone's SPAM folder to trick the periodic expire tool code into checking that folder, but obviously I'd rather have a real fix :) If this is just 'how it works', is it better in 2.0? From simon.brereton at buongiorno.com Thu Oct 20 23:24:43 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Thu, 20 Oct 2011 16:24:43 -0400 Subject: [Dovecot] Auth Worker failures In-Reply-To: <1318948640.21919.103.camel@hurina> References: <1318948640.21919.103.camel@hurina> Message-ID: On 18 October 2011 10:37, Timo Sirainen wrote: > On Wed, 2011-10-12 at 10:24 -0400, Simon Brereton wrote: >> >> >> Of all the accounts on the box, it's only mine that throws this up. >> Since its LIP is localhost, it could really only be for webmail - but >> I don't always leave the webmail open, so I'm curious to know how this >> gets there and what it is. >> >> Any suggestions? ?I find it difficult to believe I have an IMAP >> process in a script somewhere (especially with my user account - the >> postmaster account, I could believe, but not with my personal one).. >> > You could enable auth_debug_passwords=yes and see what password it > tries. The first day I did this, I forgot to restart dovecot. Doh. This morning I had: Oct 20 06:25:14 mail dovecot: auth(default): client in: AUTH#0112#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50683#011resp=--alsoremoved--== Oct 20 06:25:14 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:25:14 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): Password mismatch Oct 20 06:25:14 mail dovecot: auth-worker(default): md5_verify(simon at example.net): Not a valid MD5-CRYPT or PLAIN-MD5 password Oct 20 06:25:14 mail dovecot: auth-worker(default): smd5_verify(simon at example.net): SMD5 password too short Oct 20 06:25:14 mail dovecot: auth-worker(default): ssha_verify(simon at example.net): SSHA password too short Oct 20 06:25:14 mail dovecot: auth-worker(default): ssha256_verify(simon at example.net): SSHA256 password too short Oct 20 06:25:14 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:14 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:14 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): CRYPT() != 'RaNDomsTRinG' Oct 20 06:25:16 mail dovecot: auth(default): client out: FAIL#0112#011user=simon at example.net Oct 20 06:25:26 mail dovecot: auth(default): client in: AUTH#0113#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50683#011resp=--truncated-- Oct 20 06:25:26 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:25:26 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): Password mismatch Oct 20 06:25:26 mail dovecot: auth-worker(default): md5_verify(simon at example.net): Not a valid MD5-CRYPT or PLAIN-MD5 password Oct 20 06:25:26 mail dovecot: auth-worker(default): smd5_verify(simon at example.net): SMD5 password too short Oct 20 06:25:26 mail dovecot: auth-worker(default): ssha_verify(simon at example.net): SSHA password too short Oct 20 06:25:26 mail dovecot: auth-worker(default): ssha256_verify(simon at example.net): SSHA256 password too short Oct 20 06:25:26 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:26 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:26 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): CRYPT() != 'RaNDomsTRinG' Oct 20 06:25:28 mail dovecot: auth(default): client out: FAIL#0113#011user=simon at example.net Oct 20 06:25:43 mail dovecot: auth(default): client in: AUTH#0114#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50683#011resp=--alsoremoved--== Oct 20 06:25:43 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:25:43 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): Password mismatch Oct 20 06:25:43 mail dovecot: auth-worker(default): md5_verify(simon at example.net): Not a valid MD5-CRYPT or PLAIN-MD5 password Oct 20 06:25:43 mail dovecot: auth-worker(default): smd5_verify(simon at example.net): SMD5 password too short Oct 20 06:25:43 mail dovecot: auth-worker(default): ssha_verify(simon at example.net): SSHA password too short Oct 20 06:25:43 mail dovecot: auth-worker(default): ssha256_verify(simon at example.net): SSHA256 password too short Oct 20 06:25:43 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:43 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:43 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): CRYPT() != 'RaNDomsTRinG' Oct 20 06:25:45 mail dovecot: auth(default): client out: FAIL#0114#011user=simon at example.net Oct 20 06:26:05 mail dovecot: imap-login: Disconnected (auth failed, 4 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Oct 20 06:26:15 mail dovecot: IMAP(simon at example.net): Disconnected: Logged out bytes=8/334 Oct 20 06:26:15 mail dovecot: IMAP(simon at example.net): Disconnected: Logged out bytes=21/393 Oct 20 06:26:16 mail dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50696#011resp=--removed--== Oct 20 06:26:16 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:26:16 mail dovecot: auth(default): client out: OK#0111#011user=simon at example.net Oct 20 06:26:16 mail dovecot: auth(default): master in: REQUEST#0111712#01119179#0111 Oct 20 06:26:16 mail dovecot: auth(default): prefetch(simon at example.net,127.0.0.1): success Oct 20 06:26:16 mail dovecot: auth(default): master out: USER#0111712#011simon at example.net#011home=/var/spool/mail/virtual/example.net/simon/#011uid=999#011gid=115 Oct 20 06:26:16 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Oct 20 06:26:16 mail dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50697#011resp=--removed--== Oct 20 06:26:16 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:26:16 mail dovecot: auth(default): client out: OK#0111#011user=simon at example.net Oct 20 06:26:16 mail dovecot: auth(default): master in: REQUEST#0111713#01119228#0111 Oct 20 06:26:16 mail dovecot: auth(default): prefetch(simon at example.net,127.0.0.1): success Oct 20 06:26:16 mail dovecot: auth(default): master out: USER#0111713#011simon at example.net#011home=/var/spool/mail/virtual/example.net/simon/#011uid=999#011gid=115 Oct 20 06:26:16 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Note, the RaNDomsTRinG is what I believe is my encrypted password. the other strings (removed, alsoremoved and truncated) were all variations on a string (which looks like an MD5 hash string to me). I'm still sure this is the webmail trying to log in though.. >From the Horde log: mail:~# grep "2011-10-20T06:" /var/log/horde/horde4.log 2011-10-20T06:25:16+00:00 ERR: HORDE4 [imp] IMAP server denied authentication. [pid 19222 on line 340 of "/usr/share/horde4/imp/lib/Imap.php"] 2011-10-20T06:25:16+00:00 INFO: HORDE4 [imp] FAILED LOGIN for simon at lydiard.net (Horde user simon at lydiard.net) [] to {localhost:143 [imap]} [pid 19222 on line 176 of "/usr/share/horde4/imp/lib/Auth.php"] But that only shows one attempt. Dovecot is complaining about 4. I'm not overly concerned, but I'm concerned that this will impact as we scale up on users. Simon From jackfredrikson at yahoo.com Fri Oct 21 01:28:31 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Thu, 20 Oct 2011 15:28:31 -0700 (PDT) Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening Message-ID: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> Hi; I'm new to Dovecot and Postfix. I'm trying to enable these with MySQL support and postfixadmin. I've got all those services up and running (finally!); however, I can't figure out if the emails are being received and/or stored. I'm pretty sure Postfix is receiving them because I dealt with certain errors and they're now gone. Here's some data: Dovecot ver. 0.91 [root at example postfix]# /sbin/service dovecot -n doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: imap_client_workarounds=outlook-idle is no longer necessary doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:21: passdb sql {} has been replaced by passdb { driver=sql } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:24: userdb sql {} has been replaced by userdb { driver=sql } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:27: userdb prefetch {} has been replaced by userdb { driver=prefetch } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:29: auth_user has been replaced by service auth { user } Usage: /etc/init.d/dovecot {start|stop|reload|restart|force-reload} tail /var/log/maillog Oct 20 10:13:59 example postfix/smtpd[28141]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30178 exit status 1 Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30179 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28458]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30180 exit status 1 Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30181 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28483]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/smtpd[28460]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30182 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28455]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30183 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28484]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30184 exit status 1 Oct 20 10:13:59 example postfix/smtpd[29917]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30185 exit status 1 Oct 20 10:13:59 example postfix/smtpd[29953]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30186 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28485]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30187 exit status 1 Oct 20 10:14:15 example postfix/smtpd[30152]: connect from unknown[66.248.165.32] Oct 20 10:14:15 example postfix/smtpd[30152]: lost connection after EHLO from unknown[66.248.165.32] Oct 20 10:14:15 example postfix/smtpd[30152]: disconnect from unknown[66.248.165.32] I also get this in there: Oct 20 10:13:15 example postfix/smtpd[30152]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Oct 20 10:13:15 example postfix/smtpd[30152]: cannot load Certificate Authority data: disabling TLS support Oct 20 10:13:15 example postfix/smtpd[30152]: warning: TLS library problem: 30152:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('/etc/pki/tls/c erts/cert.pem','r'): Oct 20 10:13:15 example postfix/smtpd[30152]: warning: TLS library problem: 30152:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125: Oct 20 10:13:15 example postfix/smtpd[30152]: warning: TLS library problem: 30152:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:279: Oct 20 10:13:15 example postfix/smtpd[30152]: connect from unknown[66.248.165.32] Oct 20 10:13:15 example postfix/smtpd[30152]: lost connection after EHLO from unknown[66.248.165.32] Oct 20 10:13:15 example postfix/smtpd[30152]: disconnect from unknown[66.248.165.32] Oct 20 10:13:57 example postfix/proxymap[28446]: warning: mysql query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version f or the right syntax to use near '??gifteatszone.com??? AND active = 1' at line 1 Oct 20 10:13:57 example postfix/trivial-rewrite[30154]: fatal: proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem Oct 20 10:13:57 example postfix/trivial-rewrite[30155]: fatal: proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem Oct 20 10:13:57 example postfix/proxymap[28444]: warning: mysql query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version f or the right syntax to use near '??awakelunch.info??? AND active = 1' at line 1 I reckon the failing of mysql inquiries just has to do with hackers trying to hack me. The TLS problem isn't mission-critical since it's just getting disabled. ?[root at example jack]# ps wax|grep dovecot 20223 ???????? Ss???? 0:00 /usr/local/sbin/dovecot 20224 ???????? S????? 0:00 dovecot/anvil 20225 ???????? S????? 0:00 dovecot/log 31832 ???????? S????? 0:00 dovecot/config 31833 ???????? S????? 0:00 dovecot/auth 31836 pts/2??? S+???? 0:00 grep dovecot [root at example jack]# ps wax|grep postfix ?4000 ???????? Ss???? 0:01 /usr/libexec/postfix/master 31839 pts/2??? S+???? 0:00 grep postfix [root at example jack]# ps wax|grep postfixadmin 31842 pts/2??? S+???? 0:00 grep postfixadmin [root at example jack]# ps wax|grep saslauthd 16337 ???????? Ss???? 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2 16338 ???????? S????? 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2 25718 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 25719 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 25720 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 25721 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 25722 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 32052 pts/2??? S+???? 0:00 grep saslauthd I also tried this: First send a test mail to yourself (as your own non-root user): echo "Hello me" | mail -s "Dovecot test" $USER Now, find where the mail went. Here's a simple script which checks the most common locations: for mbox in /var/mail/$USER /var/spool/mail/$USER ~/mbox ~/mail/* ~/*; do ? grep -q "Dovecot test" $mbox && echo "mbox: $mbox" done grep -q "Dovecot test" ~/Maildir/new/* 2>/dev/null && echo "Maildir: ~/Maildir" and the mail was not found. This from my dovecot.conf file: mail_location = maildir:/var/vmail/%d/%u #but there's nothing there. ... auth default { # Having "login" also as a mechanism make sure outlook can use the auth smtpd as well # http://wiki.dovecot.org/Authentication/Mechanisms ? mechanisms = plain login ? passdb sql { ??? args = /usr/local/etc/dovecot/sql.conf ? } ? userdb sql { ??? args = /usr/local/etc/dovecot/sql.conf ? } ? userdb prefetch { ? } ? user = nobody ? socket listen { ??? master { ????? path = /var/run/dovecot/auth-master ????? mode = 0660 ????? user = vmail ????? group = mail ??? } ??? client { ????? path = /var/spool/postfix/private/auth ????? mode = 0660 ????? user = postfix ????? group = mail ??? } ? } } Telnetting to port 25 brings up Postfix, to port 110 brings up Dovecot TIA,Jack From jos at webrz.net Fri Oct 21 01:49:41 2011 From: jos at webrz.net (Jos Chrispijn) Date: Fri, 21 Oct 2011 00:49:41 +0200 Subject: [Dovecot] Email filters Message-ID: <4EA0A585.5020202@webrz.net> Can someone tell me how I can configure Dovecot to use message filters on incoming email? When I now activate my mail account on my mobile phone and Thunderbird (or any other mail client with message filters) is not online, I get a huge pile of email in my INBOX that I have to go thru, while 90% is not that interesting to read as they belong to Spam messages, newsletters etc. Thanks in advance Jos Chrispijn From simon.brereton at buongiorno.com Fri Oct 21 02:07:57 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Thu, 20 Oct 2011 19:07:57 -0400 Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> Message-ID: On 20 October 2011 18:28, Jack Fredrikson wrote: > Hi; > > I'm new to Dovecot and Postfix. > I'm trying to enable these with MySQL support and postfixadmin. I've > got all those services up and running (finally!); however, I can't > figure out if the emails are being received and/or stored. I'm pretty > sure Postfix is receiving them because I dealt with certain errors > and they're now gone. Here's some data: > > Dovecot ver. > 0.91 First, get a newer version of Dovecot. You don't say what OS you're working on, but I'm pretty sure it will support a newer version. > [root at example postfix]# /sbin/service dovecot > -n > doveconf: Warning: NOTE: You can get a new clean config file > with: doveconf -n > dovecot-new.conf > doveconf: Warning: > Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: > imap_client_workarounds=outlook-idle is no longer necessary > doveconf: > Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: > add auth_ prefix to all settings inside auth {} and remove the auth > {} section completely > doveconf: Warning: Obsolete setting in > /usr/local/etc/dovecot/dovecot.conf:21: passdb sql {} has been > replaced by passdb { driver=sql } > doveconf: Warning: Obsolete > setting in /usr/local/etc/dovecot/dovecot.conf:24: userdb sql {} has > been replaced by userdb { driver=sql } > doveconf: Warning: Obsolete > setting in /usr/local/etc/dovecot/dovecot.conf:27: userdb prefetch {} > has been replaced by userdb { driver=prefetch } > doveconf: Warning: > Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:29: auth_user > has been replaced by service auth { user } > Usage: > /etc/init.d/dovecot {start|stop|reload|restart|force-reload} > > tail > /var/log/maillog > Oct 20 10:13:59 example postfix/smtpd[28141]: > warning: problem talking to service rewrite: Success > Oct 20 > 10:13:59 example postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30178 exit status 1 > Oct > 20 10:13:59 example postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30179 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28458]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30180 exit status 1 > Oct > 20 10:13:59 example postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30181 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28483]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/smtpd[28460]: warning: problem talking to service rewrite: > Success > Oct 20 10:13:59 example postfix/master[4000]: warning: > process /usr/libexec/postfix/trivial-rewrite pid 30182 exit status 1 > Oct 20 10:13:59 example postfix/smtpd[28455]: warning: problem > talking to service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30183 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28484]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30184 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[29917]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30185 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[29953]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30186 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28485]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30187 exit status 1 > Oct > 20 10:14:15 example postfix/smtpd[30152]: connect from > unknown[66.248.165.32] > Oct 20 10:14:15 example > postfix/smtpd[30152]: lost connection after EHLO from > unknown[66.248.165.32] > Oct 20 10:14:15 example > postfix/smtpd[30152]: disconnect from unknown[66.248.165.32] > > I > also get this in there: Were you testing from 66.248.165.32? You still have too many errors from postfix and you need to sort out your MTA (Mail Transport) before you worry about the MDA (Mail Delivery). > Oct 20 10:13:15 example > postfix/smtpd[30152]: warning: dict_nis_init: NIS domain name not set > - NIS lookups disabled > Oct 20 10:13:15 example > postfix/smtpd[30152]: cannot load Certificate Authority data: > disabling TLS support > Oct 20 10:13:15 example > postfix/smtpd[30152]: warning: TLS library problem: > 30152:error:02001002:system library:fopen:No such file or > directory:bss_file.c:122:fopen('/etc/pki/tls/c > erts/cert.pem','r'): > Oct > 20 10:13:15 example postfix/smtpd[30152]: warning: TLS library > problem: 30152:error:2006D080:BIO routines:BIO_new_file:no such > file:bss_file.c:125: > Oct 20 10:13:15 example postfix/smtpd[30152]: > warning: TLS library problem: 30152:error:0B084002:x509 certificate > routines:X509_load_cert_crl_file:system lib:by_file.c:279: > Oct 20 > 10:13:15 example postfix/smtpd[30152]: connect from > unknown[66.248.165.32] > Oct 20 10:13:15 example > postfix/smtpd[30152]: lost connection after EHLO from > unknown[66.248.165.32] > Oct 20 10:13:15 example > postfix/smtpd[30152]: disconnect from unknown[66.248.165.32] > Oct > 20 10:13:57 example postfix/proxymap[28446]: warning: mysql query > failed: You have an error in your SQL syntax; check the manual that > corresponds to your MySQL server version f > or the right syntax to > use near '??gifteatszone.com??? AND active = 1' at line 1 > Oct 20 > 10:13:57 example postfix/trivial-rewrite[30154]: fatal: > proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): > table lookup problem > Oct 20 10:13:57 example > postfix/trivial-rewrite[30155]: fatal: > proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): > table lookup problem > Oct 20 10:13:57 example > postfix/proxymap[28444]: warning: mysql query failed: You have an > error in your SQL syntax; check the manual that corresponds to your > MySQL server version f > or the right syntax to use near > '??awakelunch.info??? AND active = 1' at line 1 > > I reckon the > failing of mysql inquiries just has to do with hackers trying to hack > me. The TLS problem isn't mission-critical since it's just getting > disabled. Yes, TLS is isn't an issue - although you have it incorrectly configured. That would be the last thing you need to implement/fix. For now disable it in postfix and dovecot. http://www.howtoforge.com/forums/archive/index.php/t-10943.html > ?[root at example jack]# ps wax|grep dovecot > 20223 > ???????? Ss???? 0:00 /usr/local/sbin/dovecot > 20224 ? > S????? 0:00 dovecot/anvil > 20225 ? > S????? 0:00 dovecot/log > 31832 ? > S????? 0:00 dovecot/config > 31833 ? > S????? 0:00 dovecot/auth > 31836 pts/2 > S+???? 0:00 grep dovecot > [root at example jack]# > ps wax|grep postfix > ?4000 ? > Ss???? 0:01 /usr/libexec/postfix/master > 31839 > pts/2??? S+???? 0:00 grep > postfix > [root at example jack]# ps wax|grep postfixadmin > 31842 > pts/2??? S+???? 0:00 grep > postfixadmin > [root at example jack]# ps wax|grep saslauthd > 16337 ???????? Ss???? 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2 > 16338 ???????? S????? 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2 > 25718 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 25719 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 25720 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 25721 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 25722 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 32052 > ?pts/2??? S+???? 0:00 grep saslauthd > > > I also tried this: > > First send a test mail to yourself (as your own non-root user): > echo "Hello me" | mail -s "Dovecot test" $USER > Now, find where the mail went. Here's a simple script which checks the most common locations: > for mbox in /var/mail/$USER /var/spool/mail/$USER ~/mbox ~/mail/* ~/*; do > ? grep -q "Dovecot test" $mbox && echo "mbox: $mbox" > done > grep -q "Dovecot test" ~/Maildir/new/* 2>/dev/null && echo "Maildir: ~/Maildir" > > and the mail was not found. > > > This from my dovecot.conf file: > mail_location = maildir:/var/vmail/%d/%u > #but there's nothing there. > ... > auth default { > # Having "login" also as a mechanism make sure outlook can use the auth smtpd as well > # http://wiki.dovecot.org/Authentication/Mechanisms > ? mechanisms = plain login > ? passdb sql { > ??? args = /usr/local/etc/dovecot/sql.conf > ? } > ? userdb sql { > ??? args = /usr/local/etc/dovecot/sql.conf > ? } > ? userdb prefetch { > ? } > ? user = nobody > ? socket listen { > ??? master { > ????? path = /var/run/dovecot/auth-master > ????? mode = 0660 > ????? user = vmail > ????? group = mail > ??? } > ??? client { > ????? path = /var/spool/postfix/private/auth > ????? mode = 0660 > ????? user = postfix > ????? group = mail > ??? } > ? } > } > > > Telnetting to port 25 brings up Postfix, to port 110 brings up Dovecot At a minimum your daemons are running - congratulations! That's always a good start and I remember when I was setting up the sense of achievement that brought. But for now you need to get postfix working (their list is great). Perhaps if you give more details on your system I can point you to a better howto. And maybe more information on what you're trying to achieve? Virtual domain? Virtual domains? Multiple users? Local users? All these have an impact on what the solution is. Simon From stephan at rename-it.nl Fri Oct 21 02:11:05 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 21 Oct 2011 01:11:05 +0200 Subject: [Dovecot] Email filters In-Reply-To: <4EA0A585.5020202@webrz.net> References: <4EA0A585.5020202@webrz.net> Message-ID: <4EA0AA89.1060808@rename-it.nl> Hi Jos, On 10/21/2011 12:49 AM, Jos Chrispijn wrote: > Can someone tell me how I can configure Dovecot to use message filters > on incoming email? > When I now activate my mail account on my mobile phone and Thunderbird > (or any other mail client with message filters) is not online, I get a > huge pile of email in my INBOX that I have to go thru, while 90% is > not that interesting to read as they belong to Spam messages, > newsletters etc. http://wiki2.dovecot.org/Pigeonhole Regards, Stephan. From jackfredrikson at yahoo.com Fri Oct 21 02:45:02 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Thu, 20 Oct 2011 16:45:02 -0700 (PDT) Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> Message-ID: <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: "dovecot at dovecot.org" Sent: Thursday, October 20, 2011 7:07 PM Subject: Re: [Dovecot] Don't Know Where Emails Are Or What's Happening First, I'm subscribing to postfix as per your recc and I upgraded my dovecot. What the heck was I doing with such an old version?! lol. My OS is CentOS. > At a minimum your daemons are running - congratulations!? That's > always a good start and I remember when I was setting up the sense of > achievement that brought. Uhuh! >? But for now you need to get postfix working > (their list is great).? Perhaps if you give more details on your > system I can point you to a better howto.? And maybe more information > on what you're trying to achieve?? Virtual domain?? Virtual domains? > Multiple users?? Local users?? All these have an impact on what the > solution is. I have clients with their various domains hosted on my server to whom I need to serve email. There will only be me on a slice of one machine interfacing with dovecot/postfix. I have integrated/am integrating Amavis, ClamAV, Spamassassin, PostfixAdmin and SquirrelMail. Thanks, Jack From jos at webrz.net Fri Oct 21 09:40:29 2011 From: jos at webrz.net (Jos Chrispijn) Date: Fri, 21 Oct 2011 08:40:29 +0200 Subject: [Dovecot] Email filters In-Reply-To: <4EA0AA89.1060808@rename-it.nl> References: <4EA0A585.5020202@webrz.net> <4EA0AA89.1060808@rename-it.nl> Message-ID: <4EA113DD.4050003@webrz.net> Hi Stephan, Thanks, would love to use that one, but I follow the ports(upgrades) and currently we are on _dovecot-1.2.17_ Secure and compact IMAP and POP3 servers where the Pigeonhole port demands Dovecot 2.0? BR, Jos Stephan Bosch: > Hi Jos, > > On 10/21/2011 12:49 AM, Jos Chrispijn wrote: >> Can someone tell me how I can configure Dovecot to use message >> filters on incoming email? >> When I now activate my mail account on my mobile phone and >> Thunderbird (or any other mail client with message filters) is not >> online, I get a huge pile of email in my INBOX that I have to go >> thru, while 90% is not that interesting to read as they belong to >> Spam messages, newsletters etc. > > http://wiki2.dovecot.org/Pigeonhole > > Regards, > > Stephan. From stephan at rename-it.nl Fri Oct 21 10:20:20 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 21 Oct 2011 09:20:20 +0200 Subject: [Dovecot] Email filters In-Reply-To: <4EA113DD.4050003@webrz.net> References: <4EA0A585.5020202@webrz.net> <4EA0AA89.1060808@rename-it.nl> <4EA113DD.4050003@webrz.net> Message-ID: <4EA11D34.7040209@rename-it.nl> On 10/21/2011 8:40 AM, Jos Chrispijn wrote: > Hi Stephan, > > Thanks, would love to use that one, but I follow the ports(upgrades) > and currently we are on > > _dovecot-1.2.17_ Secure and compact IMAP and POP3 servers > > where the Pigeonhole port demands Dovecot 2.0? Well, Pigeonhole is available for v1.2 too: http://wiki.dovecot.org/LDA/Sieve/Dovecot However, back then it was still a split package; dovecot-sieve and dovecot-managesieve. I'm assuming you're using FreeBSD, in which case the ports are found here: http://www.freebsd.org/cgi/cvsweb.cgi/ports/mail/dovecot-sieve/ http://www.freebsd.org/cgi/cvsweb.cgi/ports/mail/dovecot-managesieve/ Otherwise, searching for Sieve and Dovecot should yield what you need. Regards, Stephan. From nam_10 at hotmail.com Fri Oct 21 13:43:29 2011 From: nam_10 at hotmail.com (nuno marques) Date: Fri, 21 Oct 2011 10:43:29 +0000 Subject: [Dovecot] Quota Message-ID: hi, I'm having some difficulty understanding the connection between postfix, dovecot and quota. What is the best way to set up quotas? through the file system quota and maildir? Need the dovecot lda working? The postfix needs a patch? I was thinking about setting quotas on file system, then configure Postfix to connect to dovecot-lda. Any suggestion? The system as a whole is composed of:dovecot-2.0-0.10.beta6.20100630.el6.x86_64 -> 2.0.beta6 (3156315704ef)openldap-servers-2.4.19-15.el6_0.2.x86_64postfix-2.6.6-2.1.el6_0.x86_64mailscanner-4.84.3-1.noarchspamassassin-3.3.1-2.el6.x86_64centos 6 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux From duihi77 at gmail.com Fri Oct 21 14:45:32 2011 From: duihi77 at gmail.com (Duane Hill) Date: Fri, 21 Oct 2011 06:45:32 -0500 (CDT) Subject: [Dovecot] Quota In-Reply-To: References: Message-ID: On Fri, 21 Oct 2011, nuno marques wrote: > hi, > I'm having some difficulty understanding the connection between postfix, dovecot and quota. > What is the best way to set up quotas? through the file system quota and maildir? Need the dovecot lda working? The postfix needs a patch? > > I was thinking about setting quotas on file system, then configure Postfix to connect to dovecot-lda. Any suggestion? > > The system as a whole is composed of:dovecot-2.0-0.10.beta6.20100630.el6.x86_64 -> 2.0.beta6 (3156315704ef)openldap-servers-2.4.19-15.el6_0.2.x86_64postfix-2.6.6-2.1.el6_0.x86_64mailscanner-4.84.3-1.noarchspamassassin-3.3.1-2.el6.x86_64centos 6 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux Here, I have a policy service in Postfix that checks the quota stored in MySQL and defers the message if it would put the email account over quota. If you have Dovecot deal with sending over quota messages, there is a risk. You may end up sending messages to forged email addresses within spam. That's why I do the quota checking from a policy service in Postfix and defer the message at SMTP time. From info at simonecaruso.com Fri Oct 21 15:15:31 2011 From: info at simonecaruso.com (Simone Caruso) Date: Fri, 21 Oct 2011 14:15:31 +0200 Subject: [Dovecot] Quota In-Reply-To: References: Message-ID: <4EA16263.3080806@simonecaruso.com> It's depends on the kind of quota u need: mailbox usage, messages size, message count per month /domain /user /server.. if u want to limit per user mailbox quota use dovecot's quota plugin.. -- Simone Caruso IT Consultant From CMarcus at Media-Brokers.com Fri Oct 21 15:51:44 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 21 Oct 2011 08:51:44 -0400 Subject: [Dovecot] Quota In-Reply-To: References: Message-ID: <4EA16AE0.90601@Media-Brokers.com> On 2011-10-21 6:43 AM, nuno marques wrote: > The system as a whole is composed of:dovecot-2.0-0.10.beta6.20100630.el6.x86_64 Fyi, this is really old, you should upgrade to the latest version... -- Best regards, Charles From nam_10 at hotmail.com Fri Oct 21 15:57:55 2011 From: nam_10 at hotmail.com (nuno marques) Date: Fri, 21 Oct 2011 12:57:55 +0000 Subject: [Dovecot] Quota In-Reply-To: <4EA16263.3080806@simonecaruso.com> References: , <4EA16263.3080806@simonecaruso.com> Message-ID: for mailbox usage. I have to use dovecot lda? dovecot-2.0-0.10.beta6.20100630.el6.x86_64 -> 2.0.beta6 (3156315704ef)openldap-servers-2.4.19-15.el6_0.2.x86_64postfix-2.6.6-2.1.el6_0.x86_64mailscanner-4.84.3-1.noarchspamassassin-3.3.1-2.el6.x86_64centos 6 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux > Date: Fri, 21 Oct 2011 14:15:31 +0200 > From: info at simonecaruso.com > To: dovecot at dovecot.org > Subject: Re: [Dovecot] Quota > > It's depends on the kind of quota u need: > mailbox usage, > messages size, > message count per month /domain /user /server.. > > if u want to limit per user mailbox quota use dovecot's quota plugin.. > > -- > Simone Caruso > IT Consultant From simon.brereton at buongiorno.com Fri Oct 21 17:12:48 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Fri, 21 Oct 2011 10:12:48 -0400 Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: On 20 October 2011 19:45, Jack Fredrikson wrote: > > ________________________________ > From: Simon Brereton > To: "dovecot at dovecot.org" > Sent: Thursday, October 20, 2011 7:07 PM > Subject: Re: [Dovecot] Don't Know Where Emails Are Or What's Happening > > First, I'm subscribing to postfix as per your recc and I upgraded my dovecot. What the heck was I doing with such an old version?! lol. My OS is CentOS. Well, unless the link I sent you helped you with the the table locking problem, ask over there for help on making sure that postfix is accepting and delivering mail. Or accepting at least. Did you plan on having postfix or dovecot do the delivery (using dovecot-lda)? >> At a minimum your daemons are running - congratulations!? That's >> always a good start and I remember when I was setting up the sense of >> achievement that brought. > > Uhuh! > >>? But for now you need to get postfix working >> (their list is great).? Perhaps if you give more details on your >> system I can point you to a better howto.? And maybe more information >> on what you're trying to achieve?? Virtual domain?? Virtual domains? >> Multiple users?? Local users?? All these have an impact on what the >> solution is. > > I have clients with their various domains hosted on my server to whom I need to serve email. There will only be me on a slice of one machine interfacing with dovecot/postfix. I have integrated/am integrating Amavis, ClamAV, Spamassassin, PostfixAdmin and SquirrelMail. Okay - fairly common setup. I don't use postfix-admin, but if that's what created your mysql tables that could also be a starting point to look for the table lock errors. Good luck! Simon From micah at riseup.net Fri Oct 21 17:50:50 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 21 Oct 2011 10:50:50 -0400 Subject: [Dovecot] Accessing a strange mailbox Message-ID: <8762jie6ut.fsf@algae.riseup.net> I have a user who has a mailbox called: A----->B It seemed to work in courier fine, they managed to create it, and there are mails in it. However, dovecot is not letting the user access it, the IMAP server gives an error. I tried to rename it but I would also get an error: # doveadm mailbox rename A-----\>B AtoB doveadm(root): Error: Can't rename mailbox A----->B to AtoB: Mailbox doesn't exist: A----->B # doveadm mailbox rename A----->B AtoB doveadm(root): Error: Can't rename mailbox A----- to AtoB: Mailbox doesn't exist: A----- # doveadm mailbox rename 'A----->B' AtoB doveadm(root): Error: Can't rename mailbox A----->B to AtoB: Mailbox doesn't exist: A----->B # doveadm mailbox rename "A----->B" AtoB doveadm(root): Error: Can't rename mailbox A----->B to AtoB: Mailbox doesn't exist: A----->B # How can I deal with this mailbox (using mdbox here)? Thanks! -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From jackfredrikson at yahoo.com Fri Oct 21 17:55:48 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Fri, 21 Oct 2011 07:55:48 -0700 (PDT) Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: <1319208948.73920.YahooMailNeo@web122003.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: "dovecot at dovecot.org" Sent: Friday, October 21, 2011 10:12 AM Subject: Re: [Dovecot] Don't Know Where Emails Are Or What's Happening > Well, unless the link I sent you helped you with the the table locking > problem, ask over there for help on making sure that postfix is > accepting and delivering mail.? Or accepting at least. Didn't help :( > Did you plan on having postfix or dovecot do the delivery (using dovecot-lda)? postfix as MTA, dovecot as MDA. Am I missing something here? > Okay - fairly common setup.? I don't use postfix-admin, but if that's > what created your mysql tables that could also be a starting point to > look for the table lock errors. Ok. Thanks, Jack From jackfredrikson at yahoo.com Fri Oct 21 18:00:21 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Fri, 21 Oct 2011 08:00:21 -0700 (PDT) Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: <1319209221.3750.YahooMailNeo@web122020.mail.ne1.yahoo.com> Wait a minute! PostfixAdmin has no problems with MySQL. They have a setup page that verifies the MySQL connection among other things, and everything checks out perfectly well. At any rate, Simon, am now communicating with the Postfix list as well ;) Thanks, Jack From hadmut at danisch.de Fri Oct 21 18:34:49 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Fri, 21 Oct 2011 17:34:49 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? Message-ID: <4EA19119.4020803@msgid.danisch.de> Hi, just a simple question about dovecot: The mbox file format contains the SMTP envelope sender and transmission date in a FROM ... line preceding the RFC822 mail header and body. As far as I see at the moment, the IMAP protocol does not support transmission of that SMTP envelope data in either way, but confusingly uses the term ?envelope? for a structure describing the RFC822 mail header. My question is, whether there is any way to retrieve the SMTP envelope through dovecot's IMAP anyway, maybe through some extension. regards Hadmut From simon.brereton at buongiorno.com Fri Oct 21 18:45:15 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Fri, 21 Oct 2011 11:45:15 -0400 Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: <1319208948.73920.YahooMailNeo@web122003.mail.ne1.yahoo.com> References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319208948.73920.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: On 21 October 2011 10:55, Jack Fredrikson wrote: > > > > ________________________________ > From: Simon Brereton > To: "dovecot at dovecot.org" > Sent: Friday, October 21, 2011 10:12 AM > Subject: Re: [Dovecot] Don't Know Where Emails Are Or What's Happening > >> Well, unless the link I sent you helped you with the the table locking >> problem, ask over there for help on making sure that postfix is >> accepting and delivering mail.? Or accepting at least. > > Didn't help :( > >> Did you plan on having postfix or dovecot do the delivery (using dovecot-lda)? > > postfix as MTA, dovecot as MDA. Am I missing something here? Are you using Maildir or mdbox format for the users? Postfix can write the mails into the Maildir, but so can Dovecot. So, if you're using maildir you can either have postfix put the mail there or you can hand it off to Dovecot and have Dovecot put it there.. But let's fix postfix first before you worry about that. Simon From npetronikolos at condito.gr Fri Oct 21 19:43:45 2011 From: npetronikolos at condito.gr (Nikolaos Petronikolos) Date: Fri, 21 Oct 2011 09:43:45 -0700 (PDT) Subject: [Dovecot] can not receive email upgrading from ubuntu 11.4 to 11.10 In-Reply-To: <4EA03ED0.4080400@ubuntu.com> References: <32681149.post@talk.nabble.com> <4EA03ED0.4080400@ubuntu.com> Message-ID: <32697735.post@talk.nabble.com> Thank you very much for your answer and for your time . of course it worked just fine the solution you proposed. thank you once more . Best regards Nikolaos James Page-4 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hi Nikolaos > > On 19/10/11 10:54, Nikolaos Petronikolos wrote: >> #5.3.0 x-unix; /usr/lib/dovecot/deliver: invalid option -- 'n' >> Usage: dovecot-lda [-c ] [-a
] [-d >> ] [-p ] [-f ] [-m ] [-e] >> [-k]> #SMTP# >> >> The problem occurred after i upgraded my server from ubuntu 11.4 to >> 11.10. > > 11.10 upgrades dovecot from 1.2.x to 2.0.x; as a result the -n flag is > no longer accepted by dovecot-lda; You can fix this by removing the -n > flag from the postfix configuration; > > sudo postconf -e "mailbox_command = /usr/lib/dovecot/deliver -c > /etc/dovecot/conf.d/01-mail-stack-delivery.conf -m \"\${EXTENSION}\"" > > This is a bug in the Ubuntu packaging; it would be great if you could > raise a bug in Ubuntu as well (I'll probably work on a stable release > update for this one): > > https://bugs.launchpad.net/ubuntu/+source/dovecot/+filebug > > Cheers > > James > > - -- > James Page > Ubuntu Core Developer > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQIcBAEBCAAGBQJOoD7QAAoJEL/srsug59jDHUcQAJfL4jU+wNMK22kYOCKsTRkr > eHBUZ0IQ1Yv2IscqRpW8WaAAg6r7tufMoodI/MY1N4w2FHfwJAAMiCfU/8gTyfHD > /FxwVH5Phk+InEYDEc7YMCdgTwh936yiOKkQjz65aGO3kUIg42QSNHOBq30L4VV7 > b4cnwIlwALjA/8U2HrZr6XHBwZ9YoyxoLY3m6R9MCcCNpEEUUh1tH4i2FuZYFHmJ > CokbWA2XHJCli4yZ5d+1JM3D0u/Sg2w1bczT3kkIE8HhGgOpCidbYRrOKTrHrFOl > 0GKvHQkxvosqfLt8rdrjJlhNlGjPdRdu22vsMy43rS80knN70ltyTH3K5kiW2q6/ > skqQjwgZ4y41sqsKq8WnuYuSfeH2TSrglzSXQ2W8vOOAJArqwLLst5E3+Ift3Pig > 0BhNlSyQyWhdE4TE9zbGnUPK8GLXLU82LcTegpz6d3mxAcCs7+SnNiYPnRrNxTA1 > YqqBdcAfCMeS5B3w5ZQRQDvKOIZOPqyIeZPX2g5bOM4ngDnZoJfIOf6RkBX/DPVw > UCgU1AjWWHtrcTby7h4s3xX+EaPUpEFj8eg30GW5exsSMM6ASuU+HtQpO3rEobDB > uG9AvHahf6Y9fAuSdxjcHQg6xyWDEYNaW3MNZauaD92IvaTP2uTyQvopk3ahyOWK > 7lpTV7qZ776fNbK5OYrX > =W3fO > -----END PGP SIGNATURE----- > > -- View this message in context: http://old.nabble.com/can-not-receive-email-upgrading-from-ubuntu-11.4-to-11.10-tp32681149p32697735.html Sent from the Dovecot mailing list archive at Nabble.com. From AnFi at onet.eu Fri Oct 21 20:53:11 2011 From: AnFi at onet.eu (Andrzej Adam Filip) Date: Fri, 21 Oct 2011 19:53:11 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <4EA19119.4020803@msgid.danisch.de> (Hadmut Danisch's message of "Fri, 21 Oct 2011 17:34:49 +0200") References: <4EA19119.4020803@msgid.danisch.de> Message-ID: Hadmut Danisch wrote: > just a simple question about dovecot: > > The mbox file format contains the SMTP envelope sender and transmission > date in a FROM ... line preceding the RFC822 mail header and body. > > As far as I see at the moment, the IMAP protocol does not support > transmission of that SMTP envelope data in either way, but confusingly > uses the term ?envelope? for a structure describing the RFC822 mail header. > > My question is, whether there is any way to retrieve the SMTP envelope > through dovecot's IMAP anyway, maybe through some extension. Almost all MTA copy "(SMTP) envelope sender" to Return-Path: header before delivery to the final mailbox. If you do not get Return-Path: header in messages delivered to your (dovecot) mailbox then name your MTA (exim/postfix/sendmail/.....). -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu You are absolute plate-glass. I see to the very back of your mind. -- Sherlock Holmes From dg at dguhl.org Fri Oct 21 21:02:41 2011 From: dg at dguhl.org (Dennis Guhl) Date: Fri, 21 Oct 2011 20:02:41 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <4EA19119.4020803@msgid.danisch.de> References: <4EA19119.4020803@msgid.danisch.de> Message-ID: <20111021180241.GA6924@PC211.ikt.de> On Fri, Oct 21, 2011 at 05:34:49PM +0200, Hadmut Danisch wrote: > Hi, > > just a simple question about dovecot: > > The mbox file format contains the SMTP envelope sender and transmission > date in a FROM ... line preceding the RFC822 mail header and body. The line 'From foo at bar [..]' is only a seperation for different emails in the mbox (in contrast, an RFC 822 From: is followed by a colon). > As far as I see at the moment, the IMAP protocol does not support > transmission of that SMTP envelope data in either way, but confusingly The SMTP envelope does only exist within the involved MTAs and only as long as the message is not finally delivered. And if the MTA does not reveal the value of MAIL FROM: there will only be the address from the Return-Path: or From: header fields to populate the From line. > uses the term ?envelope? for a structure describing the RFC822 mail header. > > My question is, whether there is any way to retrieve the SMTP envelope > through dovecot's IMAP anyway, maybe through some extension. Hardly. Even something like FETCH 1 (BODY[HEADER.FIELDS (FROM)]) would not reveal the mbox message seperator but the RFC 822 From: header. Dennis From peter at norrskenkonsult.com Fri Oct 21 21:27:33 2011 From: peter at norrskenkonsult.com (Peter Lindgren) Date: Fri, 21 Oct 2011 20:27:33 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4E9EED12.8040409@rename-it.nl> References: <4E9EDAC1.4000602@jkart.de> <4E9EED12.8040409@rename-it.nl> Message-ID: <4EA1B995.8040605@norrskenkonsult.com> Stephan Bosch skrev 2011-10-19 17:30: > Op 19-10-2011 16:12, Jim Knuth schreef: >> Hello, >> >> is http://xi.rename-it.nl down? Apticron >> shows me permanently errors. > > Yes. I noticed this yesterday. For cases like this, http://www.downforeveryoneorjustme.com/ is a quick and easy test. /Peter -- Peter Lindgren Norrsken konsult peter at norrskenkonsult.com 0703-393940 From hadmut at danisch.de Sat Oct 22 01:00:34 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 00:00:34 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <20111021180241.GA6924@PC211.ikt.de> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> Message-ID: <4EA1EB82.10807@msgid.danisch.de> On 21.10.2011 20:02, Dennis Guhl wrote: > The SMTP envelope does only exist within the involved MTAs and only as > long as the message is not finally delivered. The intended use is to create a backup from a mailbox through IMAP, which is as close as possible to the original mbox file, thus resembling the FROM lines as well. The envelope sender address does not drop it's meaning after delivery. It's required for debugging purposes, writing mail filters, create blacklist filters from detected spam, etc. regards From nam_10 at hotmail.com Sat Oct 22 02:09:10 2011 From: nam_10 at hotmail.com (nuno marques) Date: Fri, 21 Oct 2011 23:09:10 +0000 Subject: [Dovecot] Quota fs Message-ID: Hi, I have the following error, any help? imap(user4): Error: quotactl(Q_GETQUOTA, /dev/mapper/VolGroup-lv_root) failed: Permission denied The system as a whole is composed of: dovecot-2.0.14-1_130.el6.x86_64 openldap-servers-2.4.19-15.el6_0.2.x86_64 postfix-2.6.6-2.1.el6_0.x86_64 mailscanner-4.84.3-1.noarch spamassassin-3.3.1-2.el6.x86_64 centos 6 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) auth_username_format = %Lu disable_plaintext_auth = no mail_location = maildir:~/Maildir mail_plugins = " quota" mbox_write_locks = fcntl passdb { driver = pam } plugin { quota = fs:User quota quota_rule = *:storage=10M quota_rule2 = Trash:storage=+1M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=10%% quota-warning 10 %u } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl_cert = References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> Message-ID: <20111022081510.GA26132@laptop-dg.leere.eu> On Sat, Oct 22, 2011 at 12:00:34AM +0200, Hadmut Danisch wrote: > On 21.10.2011 20:02, Dennis Guhl wrote: > > The SMTP envelope does only exist within the involved MTAs and only as > > long as the message is not finally delivered. > > The intended use is to create a backup from a mailbox through IMAP, > which is as close as possible to the original mbox file, thus resembling > the FROM lines as well. I don't think it will be possible. The tool for this would be rsync (wich might be difficult if you only have IMAP access to the machine in question). > The envelope sender address does not drop it's meaning after delivery. This I never claimed. > It's required for debugging purposes, writing mail filters, create > blacklist filters from detected spam, etc. Disregarding end users mail filters this are all tasks for mailadmins which can tell thier MTA to write a reliable Return-Path: header and which have access to the corresponding maillog. Dennis From hadmut at danisch.de Sat Oct 22 12:09:28 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 11:09:28 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <20111022081510.GA26132@laptop-dg.leere.eu> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> Message-ID: <4EA28848.6070303@msgid.danisch.de> On 22.10.2011 10:15, Dennis Guhl wrote: >> It's required for debugging purposes, writing mail filters, create >> > blacklist filters from detected spam, etc. > Disregarding end users mail filters this are all tasks for mailadmins > which can tell thier MTA to write a reliable Return-Path: header and > which have access to the corresponding maillog. Definitely wrong. Writing mail filters like ~/.mailfilter is a user's task. Training their individual spam filters as well. And whether you're even permitted to keep the maillog that long depends on your local data protection laws. And neither the Return-Path nor the Received-Lines reveal the precise date of delivery as the From line contains. regards Hadmut From nam_10 at hotmail.com Sat Oct 22 12:18:27 2011 From: nam_10 at hotmail.com (nuno marques) Date: Sat, 22 Oct 2011 09:18:27 +0000 Subject: [Dovecot] Quota warning Message-ID: Hi, I cant run quota warning or other script. any suggestions? Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Effective uid=1002, gid=1002, home=/home/user4 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota root: name=User quota backend=maildir args= Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota rule: root=User quota mailbox=* bytes=10485760 messages=0 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota rule: root=User quota mailbox=Trash bytes=+1048576 messages=0 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota warning: bytes=9961472 (95%) messages=0 reverse=no command=script /etc/dovecot/conf.d/teste 95 user4 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota warning: bytes=8388608 (80%) messages=0 reverse=no command=script /etc/dovecot/conf.d/teste 80 user4 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota warning: bytes=7340032 (70%) messages=0 reverse=no command=script /etc/dovecot/conf.d/teste 70 user4 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: maildir++: root=/home/user4/Maildir, index=, control=, inbox=/home/user4/Maildir, alt= # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) auth_debug = yes auth_debug_passwords = yes auth_username_format = %Lu auth_verbose = yes disable_plaintext_auth = no mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = " quota" mbox_write_locks = fcntl passdb { driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid from subject size vsize flags quota = maildir:User quota quota_exceeded_message = Quota exceeded!!!!!!!!!!!!!! quota_rule = *:storage=10M quota_rule2 = Trash:storage=+1M quota_warning = storage=95%% script /etc/dovecot/conf.d/teste 95 %u quota_warning2 = storage=80%% script /etc/dovecot/conf.d/teste 80 %u quota_warning3 = storage=70%% script /etc/dovecot/conf.d/teste 70 %u } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl_cert = References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> Message-ID: <20111022111406.GA3061@laptop-dg.leere.eu> On Sat, Oct 22, 2011 at 11:09:28AM +0200, Hadmut Danisch wrote: > On 22.10.2011 10:15, Dennis Guhl wrote: > >> It's required for debugging purposes, writing mail filters, create > >> > blacklist filters from detected spam, etc. > > Disregarding end users mail filters this are all tasks for mailadmins ^^^^^^^^^^^^^^^^^^^^^^^ > > which can tell thier MTA to write a reliable Return-Path: header and > > which have access to the corresponding maillog. > > Definitely wrong. > > Writing mail filters like ~/.mailfilter is a user's task. Training their > individual spam filters as well. . o O ( at least he didn't truncate the relevant quote this time ) > And whether you're even permitted to keep the maillog that long depends > on your local data protection laws. How long do you think a responsible mailadmin need to train filter. Btw. even here in Germany, where we most likely have the most restrictive laws regarding the protection of personal data, I am allowed to keep the maillog as long as I can show that the log is needed to satisfy user requests. > And neither the Return-Path nor the Received-Lines reveal the precise > date of delivery as the From line contains. Nonsense. Every RFC conformant received line contains the full date-time as specified in RFC 5322. Nothing else is taken into account for the mbox >From line. Dennis From hadmut at danisch.de Sat Oct 22 19:36:26 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 18:36:26 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <20111022111406.GA3061@laptop-dg.leere.eu> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> Message-ID: <4EA2F10A.801@msgid.danisch.de> I don't believe it does make much sense to ask technical questions if this ends in silly discussions about whether an admin should do something this or that way or how long logfiles should be kept. This is not related to the technical question anymore and completely useless. I was looking for a simple yes or no, not for fruitless debates. I hate it if one is asking a pure technical question and in response gets lessons in what people consider as a correct behaviour. From mcbdovecot at robuust.nl Sat Oct 22 19:56:31 2011 From: mcbdovecot at robuust.nl (Maarten Bezemer) Date: Sat, 22 Oct 2011 18:56:31 +0200 (CEST) Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <4EA2F10A.801@msgid.danisch.de> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> <4EA2F10A.801@msgid.danisch.de> Message-ID: On Sat, 22 Oct 2011, Hadmut Danisch wrote: > I don't believe it does make much sense to ask technical questions if > this ends in silly discussions about whether an admin should do > something this or that way or how long logfiles should be kept. This is > not related to the technical question anymore and completely useless. > > I was looking for a simple yes or no, not for fruitless debates. > > I hate it if one is asking a pure technical question and in response > gets lessons in what people consider as a correct behaviour. This is a generic problem with technicians, always having tons of arguments to support their statements ;-) On the other hand, the question was a bit broad as a starting point. The SMTP envelope is nothing more than SMTP protocol and is not in itself part of the email format RFC. If you want to have this information saved in the email message, then it is the task of the SMTP-server to add this in the headers of the message. (Hardly parseable in Received headers, probably better when also included in things like Return-path, Delivery-date and Envelope-to.) Whether or not one should apply any filtering, or when, or where, may be related to this topic but I'd say that's the freedom of the user. Or, the arbitrary choice of some manager ;-) Just my 2 cents.. -- Maarten From hadmut at danisch.de Sat Oct 22 20:13:51 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 19:13:51 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> <4EA2F10A.801@msgid.danisch.de> Message-ID: <4EA2F9CF.4010503@msgid.danisch.de> On 22.10.2011 18:56, Maarten Bezemer wrote: > On the other hand, the question was a bit broad as a starting point. > The SMTP envelope is nothing more than SMTP protocol and is not in > itself part of the email format RFC. If you want to have this > information saved in the email message, then it is the task of the > SMTP-server to add this in the headers of the message. (Hardly > parseable in Received headers, probably better when also included in > things like Return-path, Delivery-date and Envelope-to.) > Whether or not one should apply any filtering, or when, or where, may > be related to this topic but I'd say that's the freedom of the user. > Or, the arbitrary choice of some manager ;-) Again, this discussion is nuts. If this is supposed to be some support mailing list (as the dovecot web page suggests) people should take care to focus on the question rather than taking a question as an opportunity for telling their individual opinion. The main question is whether I can draw a precise copy of a mailfolder through IMAP without any loss of data. It does not make any sense to discuss what that information could be used for, especially nobody on that list is familiar with the local requirements I have to fulfill. (BTW, I am familiar with the SMTP envelope, I was working more than two years at the IRTF and IETF about treatment of the SMTP envelope, and doing mail system administration since around 1989. I don't need any introduction or further discussion about that.) Please understand that I do not want to waste any more time in this discussion that completely misses the point and the initial question. From ms at mike2k.de Sat Oct 22 20:42:22 2011 From: ms at mike2k.de (Michael Stilkerich) Date: Sat, 22 Oct 2011 19:42:22 +0200 Subject: [Dovecot] setacl fails - does not find dovecot-acl file In-Reply-To: <4EA2C213.7030204@mike2k.de> References: <4EA2C213.7030204@mike2k.de> Message-ID: <4EA3007E.1030507@mike2k.de> Hi again, On 22.10.2011 15:16, Michael Stilkerich wrote: > When I try to create an ACL in a telnet session, the command fails with > an internal error. The log shows: > > dovecot: imap(michael): Error: > fstat(/home/dovecot/michael/.test/dovecot-acl.lock) failed: No such file > or directory > dovecot: imap(michael): Error: > file_dotlock_open(/home/dovecot/michael/.test/dovecot-acl) failed: No > such file or directory I found that the problem seems to be the try_create_lock_hardlink() function, which is used to create the lock file. I don't now why it doesn't work, but if I modify the code of dotlock_create() to always use try_create_lock_excl() instead ignoring the setting of use_excl_lock in the dotlock_settings structure, it works just fine for me. I noticed in the log that the issue not only occurs with the dovecot-acl files but with other files, too, namely the dovecot.index.log and my acl_shared_dict file. Looking at the static dotlock_settings structure in the acl-file backend, I don't see how its use_excl_lock could possible be set to 1 by the configuration (i.e., it doesn't seem that the dotlock_use_excl configuration option is considered). For the maildirlock, an environment variable "DOTLOCK_USE_EXCL" is checked instead of the config setting. I'm not sure whether it is intentional that the hardlink variant is generally used in these cases. -Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4480 bytes Desc: S/MIME Cryptographic Signature URL: From mcbdovecot at robuust.nl Sat Oct 22 20:56:14 2011 From: mcbdovecot at robuust.nl (Maarten Bezemer) Date: Sat, 22 Oct 2011 19:56:14 +0200 (CEST) Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <4EA2F9CF.4010503@msgid.danisch.de> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> <4EA2F10A.801@msgid.danisch.de> <4EA2F9CF.4010503@msgid.danisch.de> Message-ID: On Sat, 22 Oct 2011, Hadmut Danisch wrote: > Again, this discussion is nuts. If this is supposed to be some support > mailing list (as the dovecot web page suggests) people should take care > to focus on the question rather than taking a question as an opportunity > for telling their individual opinion. > > > The main question is whether I can draw a precise copy of a mailfolder > through IMAP without any loss of data. My last reply to this thread, then. The answer to your main question would be 'yes', since Dovecot's IMAP interface supports retrieving the entire email message including all its meta-data (aka headers or envelope). The mbox from-line, not to be confused with the From: header, is simply not part of the email message but used only as a separator. Heck, it need not even contain valid information, but only proper formatting to satisfy picky/"smart" MUA's. Usually, it conveniently does carry some useful information, but e.g. when the SMTP envelope-from is '<>' then the mbox from-line usually contains something like MAILER-DAEMON to stay within the formatting specification. So, instead of blaming others of derailing a discussion and/or not simply answering a question, it might be an equally good idea to think twice about how you asked the question. I'm actually happy that 'simple' questions are handled the way they are. Most people do not want an answer to the question they asked, but want a solution to their problem. Which they may have described in the question but often is left as an exercise for the reader. ;-) But then again, I'm a technician, not a shrink, so my apologies for being so unfriendly... -- Maarten From hadmut at danisch.de Sat Oct 22 21:15:01 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 20:15:01 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> <4EA2F10A.801@msgid.danisch.de> <4EA2F9CF.4010503@msgid.danisch.de> Message-ID: <4EA30825.9050106@msgid.danisch.de> > The mbox from-line, not to be confused with the From: header, is > simply not part of the email message but used only as a separator. > Heck, it need not even contain valid information, but only proper > formatting to satisfy picky/"smart" MUA's. Usually, it conveniently > does carry some useful information, but e.g. when the SMTP > envelope-from is '<>' then the mbox from-line usually contains > something like MAILER-DAEMON to stay within the formatting specification. Once again: I've never asked for an explanation about what that From-Line is. I did not ask whether it contains useful information either. I've asked whether dovecot allows to retrieve it over IMAP. Why is it impossible for you to understand the question before answering? > Most people do not want an answer to the question they asked, but want > a solution to their problem. I did not ask for a solution of a problem, either. I've asked for a precise answer exactly to the question I've asked. That's why you fail to focus on the question and to answer it. Because you want to sell your solution for what you believe the problem is - or what you like it to be. But your assumption about the problem is completely wrong. So is your answer. Stop obtruding solutions that nobody has asked for. From jackfredrikson at yahoo.com Sat Oct 22 22:13:53 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Sat, 22 Oct 2011 12:13:53 -0700 (PDT) Subject: [Dovecot] First Installation, Problems... Message-ID: <1319310833.73697.YahooMailNeo@web122011.mail.ne1.yahoo.com> Hi; [root at example jack]# /usr/local/sbin/dovecot --version 2.0.15 [root at example jack]# /usr/local/bin/doveconf -n # 2.0.15: /usr/local/etc/dovecot/dovecot.conf doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: imap_client_workarounds=outlook-idle is no longer necessary doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:21: passdb sql {} has been replaced by passdb { driver=sql } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:24: userdb sql {} has been replaced by userdb { driver=sql } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:27: userdb prefetch {} has been replaced by userdb { driver=prefetch } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:29: auth_user has been replaced by service auth { user } # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.4 (Final) vzfs auth_mechanisms = plain login mail_location = maildir:/var/vmail/%d/%u passdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } plugin { ? quota = maildir:storage=10240:messages=1000 ? trash = /usr/local/etc/dovecot/trash.conf } service auth { ? unix_listener /var/run/dovecot/auth-master { ??? group = mail ??? mode = 0660 ??? user = vmail ? } ? unix_listener /var/spool/postfix/private/auth { ??? group = mail ??? mode = 0660 ??? user = postfix ? } ? user = nobody } ssl = no userdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } userdb { ? driver = prefetch } protocol imap { ? imap_client_workarounds = delay-newmail ? mail_plugins = quota imap_quota } protocol pop3 { ? mail_plugins = quota ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { ? info_log_path = /var/log/dovecot-deliver.log ? log_path = /var/log/dovecot-deliver.log ? mail_plugins = quota ? postmaster_address = postmaster at creative.vi } It appears that I have postfix at least partially working: postfix/pipe[5280]: 9FDE0579012F: to=, relay=spamfilter, delay=6, delays=3/0.01/0/3, dsn=2.0.0, status=sent (delivered via spamfilter service) I don't know where it ended up :-} There's nothing in /var/vmail, the dovecot destination. This is true even before I set the postfix content_filter to spamassassin (when it said "delivered to Maildir" or some such). Please advise. TIA, Jack From gordon.grubert+lists at uni-greifswald.de Sat Oct 22 22:21:25 2011 From: gordon.grubert+lists at uni-greifswald.de (Gordon Grubert) Date: Sat, 22 Oct 2011 21:21:25 +0200 Subject: [Dovecot] Dovecot crashes totally Message-ID: <4EA317B5.3090209@uni-greifswald.de> Hello, our dovecot server crashes totally without any really useful log messages. The error log can be found in the attachment. The only way to get dovecot running again is a complete system restart. Dovecot version: 2:2.0.15-0~auto+5 (2.0.15 (6b7242ead6ed)) Configuration : see attachment OS : Debian Squeeze amd64 Dovecot source : http://xi.rename-it.nl/debian/ \ stable-auto/dovecot-2.0 main This problem has already occurred with the version 2.0.13 where the log says as few as the current logs :-( Best regards, Gordon -- Leiter AG Technische Infrastruktur und Basisdienste Universitaetsrechenzentrum (URZ) E.-M.-Arndt-Universitaet Greifswald Felix-Hausdorff-Str. 12 17489 Greifswald Germany Tel. +49 3834 86-1456 Fax. +49 3834 86-1401 -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: dovecot_nondefault.conf URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: mail.err URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5396 bytes Desc: S/MIME Cryptographic Signature URL: From ms at mike2k.de Sat Oct 22 16:16:03 2011 From: ms at mike2k.de (Michael Stilkerich) Date: Sat, 22 Oct 2011 15:16:03 +0200 Subject: [Dovecot] setacl fails - does not find dovecot-acl file Message-ID: <4EA2C213.7030204@mike2k.de> Hi, I'm using dovecot 2.0.13 that ships with Ubuntu 11.10. I tried setting up a shared namespace as documented in the wiki to enable the sharing of a mailbox between two users. I have a Maildir(++) directory for each user. Each user has a system account. The Maildir of each user is owned by the user's system account and group read/writable by the group mail (hence mail_access_groups=mail). Relevant parts of my config: mail_plugins = acl mail_location = maildir:/home/dovecot/%u mail_access_groups = mail namespace { type = private separator = / prefix = inbox = yes hidden = no subscriptions = yes } namespace { type = shared separator = / prefix = shared/%%u/ location = maildir:/home/dovecot/%%u:INDEX=/home/dovecot/%u/shared/%%u subscriptions = no list = children } protocol imap { mail_plugins = $mail_plugins imap_acl } plugin { acl = vfile } plugin { acl_shared_dict = file:/home/dovecot/shared-mailboxes } When I try to create an ACL in a telnet session, the command fails with an internal error. The log shows: dovecot: imap(michael): Error: fstat(/home/dovecot/michael/.test/dovecot-acl.lock) failed: No such file or directory dovecot: imap(michael): Error: file_dotlock_open(/home/dovecot/michael/.test/dovecot-acl) failed: No such file or directory The error occurs whether a (manually created) dovecot-acl file exists or not. The dovecot-acl.lock file is created by not removed afterwards. Subsequent setacl commands will timeout waiting for the lock to be released until I delete it manually. If I create the dovecot-acl file manually and provide access to another user, the getacl command will correctly show the permissions and the other user can access the folder. setacl will still fail to modify the acl file, however (same error). Another thing that irritates me is that dovecot seems to use the dotlock locking method, although I explicitly set lock_method to fcntl (also tried flock, same behavior). I'm not using chroot. I appreciate any help to get this sorted out. Thanks, Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4480 bytes Desc: S/MIME Cryptographic Signature URL: From stsiol at yahoo.co.uk Sat Oct 22 23:43:54 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Sat, 22 Oct 2011 21:43:54 +0100 (BST) Subject: [Dovecot] off topic question Message-ID: <1319316234.77044.YahooMailNeo@web27208.mail.ukl.yahoo.com> ? Hello list, Is anybody out there who knows of an MTA that can do LDAP writes ? I apologize for bringing this to the list, however, I did some googling and cannot find any answer to this. Thank you all, spyros ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From jackfredrikson at yahoo.com Sun Oct 23 03:57:25 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Sat, 22 Oct 2011 17:57:25 -0700 (PDT) Subject: [Dovecot] Temporary Failures Message-ID: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> Hi; I keep getting errors like this one: Oct 22 16:51:08 example postfix/pipe[12021]: C2F705790169: to=, relay=dovecot, delay=2.1, delays=2/0.01/0/0.08, dsn=4.3.0, status=deferred (temporary failure. Command output: doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: imap_client_workarounds=outlook-idle is no longer necessary doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:19: passdb pam {} has been replaced by passdb { driver=pam } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:21: userdb passwd {} has been replaced by userdb { driver=passwd } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:23: auth_user has been replaced by service auth { user } doveconf: Why don't they get delivered? Also, I've tried to follow the advice in the warnings and it never works. I've tried the doveconf -n > dovcot-new.conf command and the same conf file I've been using pops up. Can someone post some code that reflects how the new conf file should look? TIA, Jack From stsiol at yahoo.co.uk Sun Oct 23 11:40:18 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Sun, 23 Oct 2011 09:40:18 +0100 (BST) Subject: [Dovecot] off topic question, ammended Message-ID: <1319359218.75025.YahooMailNeo@web27202.mail.ukl.yahoo.com> Sorry chaps, I meant MUA not MTA. I am trying to find a mail reader doing LDAP writes. Regards, s. ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From simon.brereton at buongiorno.com Sun Oct 23 21:41:20 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Sun, 23 Oct 2011 14:41:20 -0400 Subject: [Dovecot] Temporary Failures In-Reply-To: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> References: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> Message-ID: On 22 October 2011 20:57, Jack Fredrikson wrote: > Hi; > I keep getting errors like this one: > > Oct 22 16:51:08 example postfix/pipe[12021]: C2F705790169: to=, relay=dovecot, delay=2.1, delays=2/0.01/0/0.08, dsn=4.3.0, status=deferred (temporary failure. Command output: doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: imap_client_workarounds=outlook-idle is no longer necessary doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:19: passdb pam {} has been replaced by passdb { driver=pam } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:21: userdb passwd {} has been replaced by userdb { driver=passwd } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:23: auth_user has > ?been replaced by service auth { user } doveconf: > > > Why don't they get delivered? Also, I've tried to follow the advice in the warnings and it never works. I've tried the doveconf -n > dovcot-new.conf command and the same conf file I've been using pops up. Can someone post some code that reflects how the new conf file should look? What version of dovecot are you currently using? Can you post this file? /usr/local/etc/dovecot/dovecot.conf Simon From jackfredrikson at yahoo.com Sun Oct 23 22:20:58 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Sun, 23 Oct 2011 12:20:58 -0700 (PDT) Subject: [Dovecot] Temporary Failures In-Reply-To: References: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> Message-ID: <1319397658.61351.YahooMailNeo@web122020.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: Jack Fredrikson Cc: "dovecot at dovecot.org" Sent: Sunday, October 23, 2011 2:41 PM Subject: Re: [Dovecot] Temporary Failures First up, apologies for double-posting. I actually posted this last one yesterday and the other one this afternoon. Someone suggested I use the dovecot-new.conf file. If you've ever opened that up, everything's commented out and it only publishes the defaults anyway! Basically worthless if you're doing anything sophisticated, which includes pretty much anything :) > What version of dovecot are you currently using?? 2.0.15 > Can you post this file? > /usr/local/etc/dovecot/dovecot.conf mail_location = maildir:/var/vmail/%d/%u maildir_copy_with_hardlinks = yes protocol imap { ? mail_plugins = quota imap_quota #? imap_client_workarounds = outlook-idle delay-newmail } protocol pop3 { ? mail_plugins = quota ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { ? postmaster_address = postmaster at creative.vi ? mail_plugins = quota ? log_path = /var/log/dovecot-deliver.log ? info_log_path = /var/log/dovecot-deliver.log } auth default { ??? mechanisms = plain login ??? passdb pam { ??? } ??? userdb passwd { ??? } ??? user = root ??? socket listen { ????? client { ??????? path = /var/spool/postfix/private/auth ??????? mode = 0660 ??????? user = postfix ??????? group = postfix ????? } ??? } } dict { } plugin { ? quota = maildir:storage=10240:messages=1000 #? acl = vfile:/usr/local/etc/dovecot/acls ? trash = /usr/local/etc/dovecot/trash.conf } protocols = imap pop3 disable_plaintext_auth = yes ssl = yes #ssl_disable = no ssl_cert = References: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> Message-ID: <1319397868.43382.YahooMailNeo@web122002.mail.ne1.yahoo.com> This is *only* a PS to my last response (e.g., please be sure to read last response). Rob0 stated I should be using dovecot-lda. After running in circles it appears that dovecot-lda is incorporated into dovecot proper any more and I've duly incorporated it into my dovecot.conf file. Jack From nam_10 at hotmail.com Sun Oct 23 22:39:33 2011 From: nam_10 at hotmail.com (nuno marques) Date: Sun, 23 Oct 2011 19:39:33 +0000 Subject: [Dovecot] execute command in quota warning Message-ID: hi, I cant run any script in "quota_warning = storage=95%% quota-warning 95 %u". Any ideia? Thanks # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) auth_debug = yes auth_debug_passwords = yes auth_username_format = %Lu auth_verbose = yes disable_plaintext_auth = no mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = " quota" mbox_write_locks = fcntl passdb { driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid from subject size vsize flags quota = maildir:User quota quota_exceeded_message = Quota exceeded, please go to http://www.example.com/over_quota_help for instructions on how to fix this. quota_rule = fs:storage=+10M quota_rule2 = Trash:ignore quota_rule3 = SPAM:ignore quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=50%% quota-warning 50 %u } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { group = root mode = 0666 user = root } user = root } ssl_cert = Hi, I'm searching, but not found nothing about using userb with NoSQL databases: http://wiki2.dovecot.org/UserDatabase Are there any plans to implement this option? Thanks From lists at wilkesley.net Mon Oct 24 13:00:59 2011 From: lists at wilkesley.net (Ian Barton) Date: Mon, 24 Oct 2011 11:00:59 +0100 Subject: [Dovecot] sieve-pipe Error Message-ID: <4EA5375B.2060101@wilkesley.net> I am using Dovecot 2.0.15 on Arch. I have cloned the hg repo and compiled the plugin using the following options: ./configure --with-dovecot=/usr/lib/dovecot --with-pigeonhole=/usr/include/dovecot/sieve/ The relevant section of my dovecot.conf looks like: plugin { sieve = ~/.dovecot.sieve sieve_global_path = /home/vmail/globalsieverc sieve_dir = ~/ sieve_plugins = sieve_pipe # This directory contains the scripts that are available. sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe } When I restart Dovecot I get the following error: ian:dovecot/ $ sudo rc.d restart dovecot [10:50:53] :: Stopping dovecot daemon [DONE] :: Starting dovecot daemon [BUSY] managesieve: Fatal: opendir(/usr/lib/dovecot/modules/sieve) failed: No such file or directory doveconf: Error: managesieve-login: dump-capability process returned 89 Ian. From stephan at rename-it.nl Mon Oct 24 13:10:38 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 24 Oct 2011 12:10:38 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4E9EED12.8040409@rename-it.nl> References: <4E9EDAC1.4000602@jkart.de> <4E9EED12.8040409@rename-it.nl> Message-ID: <4EA5399E.9070205@rename-it.nl> Op 19-10-2011 17:30, Stephan Bosch schreef: > Op 19-10-2011 16:12, Jim Knuth schreef: >> Hello, >> >> is http://xi.rename-it.nl down? Apticron >> shows me permanently errors. > > Yes. I noticed this yesterday. > > This is a recurring problem for some reason, probably some Xen-related > issue. Every few months it just 'goes away' without any apparent > reason. Unfortunately, I cannot restart the Xi myself at the moment > and the person who can is currently involved in solving another IT > calamity of a different magnitude. I think it can take up to a day for > this system to come back online. This is probably going to take more time. Administrator is having issues that prove to be harder to solve than expected. Regards, Stephan. From jk at jkart.de Mon Oct 24 13:43:06 2011 From: jk at jkart.de (Jim Knuth) Date: Mon, 24 Oct 2011 12:43:06 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4EA5399E.9070205@rename-it.nl> References: <4E9EDAC1.4000602@jkart.de> <4E9EED12.8040409@rename-it.nl> <4EA5399E.9070205@rename-it.nl> Message-ID: <4EA5413A.40400@jkart.de> am 24.10.11 12:10 schrieb Stephan Bosch : > This is probably going to take more time. Administrator is having > issues that prove to be harder to solve than expected. > > Regards, > > Stephan. thank you, but :-/ -- Mit freundlichen Gr??en, with kind regards, Jim Knuth --------- Man soll Denken lehren, nicht Gedachtes. (Unknown) From wgillespie+dovecot at es2eng.com Mon Oct 24 20:38:28 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Mon, 24 Oct 2011 11:38:28 -0600 Subject: [Dovecot] userdb with NoSQL database In-Reply-To: References: Message-ID: <4EA5A294.6050705@es2eng.com> On 10/24/2011 3:16 AM, Francisco Wagner C. Freire wrote: > Hi, > > I'm searching, but not found nothing about using userb with NoSQL databases: > http://wiki2.dovecot.org/UserDatabase > Are there any plans to implement this option? There was some talk on the list around February 8th, but that's the last I've seen mention of it. From dswartz at druber.com Mon Oct 24 20:52:33 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Mon, 24 Oct 2011 13:52:33 -0400 Subject: [Dovecot] Expire plugin not executing for sieve plugin? In-Reply-To: <4EA03F1C.5010500@druber.com> References: <4EA03F1C.5010500@druber.com> Message-ID: <4EA5A5E1.3000202@druber.com> No ideas? I googled some more and eventually turned up this posting: http://www.mailinglistarchive.com/html/dovecot at dovecot.org/2011-01/msg00716.html guy seems to be having the exact problem I am, unfortunately, no-one replied to his post either :( From pgnet.dev+rich-dovecot at gmail.com Mon Oct 24 21:14:25 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Mon, 24 Oct 2011 11:14:25 -0700 Subject: [Dovecot] [bug] Changing dovecot 'quota' Value incorrectly overwrites Limit with same value Message-ID: I'm able to consistently reproduce this problem/behavior, but not workaround or fix it, yet. Rich On Wed, Oct 19, 2011 at 7:41 AM, Rich wrote: > I've made some progress, but quota 'Limit' is still not fully > functioning for me. > > A couple of changes have helped: > > Specifying a "%u% as username format, > > ? ? ? ?/etc/dovecot/conf.d/90-quota.conf > ? ? ? ? ? ? ? ?plugin { > - ? ? ? ? ? ? ? ? ? ? ? quota = dict:User Quota::proxy::quota > + ? ? ? ? ? ? ? ? ? ? ? quota = dict:User Quota:%u:proxy::quota > ? ? ? ? ? ? ? ? ? ? ? ?quota_rule = *:bytes=1073741824:messages=10000 > ? ? ? ? ? ? ? ? ? ? ? ?quota_rule2 = Trash:storage=+10%% > ? ? ? ? ? ? ? ?} > > using 'username' rather than 'user' in the user iteration query > > ? ? ? ?/etc/dovecot/sql/virtmail-userdb-sql.cf > ? ? ? ? ? ? ? ?driver = mysql > ? ? ? ? ? ? ? ?connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user > password=my_pass > ? ? ? ? ? ? ? ?user_query = CALL UserDBQuery('%n','%d'); > - ? ? ? ? ? ? ? iterate_query = SELECT `MAILBOX_user_domain` AS user FROM `PARAMS`; > + ? ? ? ? ? ? ? iterate_query = SELECT `MAILBOX_user_domain` AS username FROM `PARAMS`; > > and adding to my user_query, > > ? ? ? ?CREATE PROCEDURE `UserDBQuery`( > ? ? ? ? ? ? ? ?... > ? ? ? ? ? ? ? ?SELECT ... > ? ? ? ? ? ? ? ? ?concat('*:bytes=', quota_bytes, ':messages=10000') AS quota_rule, > ? ? ? ? ? ? ? ? ?... > > Now, at init, > > ? ? ? ?doveadm quota get -A > ? ? ? ? ? ? ? ?Username ? ? ? ? ? ? ? ?Quota name ? ? ?Type ? ? ? ? ? ?Value ? Limit ? % > ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 > ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 > ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 > ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 > > ? ? ? ?mysql> select * from PARAMS; > ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ > ? ? ? ? ? ? ? ?| ai | MAILBOX_user_domain ? ?| quota_bytes | quota_msgs | > ? ? ? ? ? ? ? ?+----+------------------------+-------------+------------+ > ? ? ? ? ? ? ? ?| ?1 | ?myuser at domain1.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | > ? ? ? ? ? ? ? ?| ?2 | ?myuser at domain2.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | > ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ > ? ? ? ? ? ? ? ?2 rows in set (0.00 sec) > > and, after sending a single message to 'myuser at domain1.com', I do see > that Dovecot now recognizes/calculates a quota change, and only for > one domain, > > ? ? ? ?doveadm quota get -A > ? ? ? ? ? ? ? ?Username ? ? ? ? ? ? ? ?Quota name ? ? ?Type ? ? ? ? ? ?Value ? Limit ? % > ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 3 ? ? ? 3 ? ? ? 100 > ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 1 ? ? ? 10000 ? 0 > ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 > ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 > > ? ? ? ?mysql> select * from PARAMS; > ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ > ? ? ? ? ? ? ? ?| ai | MAILBOX_user_domain ? ?| quota_bytes | quota_msgs | > ? ? ? ? ? ? ? ?+----+------------------------+-------------+------------+ > ? ? ? ? ? ? ? ?| ?1 | ?myuser at domain1.com ? ?| ? ? ? ?3269 | ? ? ? ? ?1 | > ? ? ? ? ? ? ? ?| ?2 | ?myuser at domain2.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | > ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ > ? ? ? ? ? ? ? ?2 rows in set (0.00 sec) > > > But, the Limit's wrong. ?It's not picking up the global Limit from > > ? ? ? ?/etc/dovecot/conf.d/90-quota.conf > ? ? ? ? ? ? ? ?... > --> ? ? ? ? ? ? quota_rule = *:bytes=1073741824:messages=10000 > ? ? ? ? ? ? ? ?... > > and once a message quota Value is calculated, the Limit is set == > Value, resulting in an incorrrect quota %-age of 100%. > > Is Limit supposed to be specified per-user? > > Rich > From jackfredrikson at yahoo.com Mon Oct 24 22:00:54 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 12:00:54 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem Message-ID: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> Hi; This is my 6th day installing my first Postfix/Dovecot installation. The Postfix mailing list indicates I've got the MTA under control so now I'm seeking your help with the MDA. I get these errors with legitimate email addresses: Oct 24 11:47:38 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 25 seconds before retry Now I've logged in myself: mysql -u dovecot -p Enter password: xxx and succeeded. What am I doing wrong? I've noticed that every time I restart dovecot I get this error in the dovecot-deliver.log: Oct 24 11:31:11 lda: Error: userdb lookup: connect(/usr/local/var/run/dovecot/auth-userdb) failed: Permission denied (euid=512(vmail) egid=512(vmail) missing +r perm: /usr/local/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) Oct 24 11:31:11 lda: Fatal: Internal error occurred. Refer to server log for more information. Every time I go to chmod 666 on that file, restarting dovecot wipes those permissions. How fix? Even when I fix that, I still get the "temporary failure". Please advise. TIA, Jack From tom at whyscream.net Mon Oct 24 22:24:28 2011 From: tom at whyscream.net (Tom Hendrikx) Date: Mon, 24 Oct 2011 21:24:28 +0200 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> Message-ID: <4EA5BB6C.4050205@whyscream.net> On 24-10-11 21:00, Jack Fredrikson wrote: > Hi; This is my 6th day installing my first Postfix/Dovecot > installation. The Postfix mailing list indicates I've got the MTA > under control so now I'm seeking your help with the MDA. I get these > errors with legitimate email addresses: Oct 24 11:47:38 myserver > dovecot: auth-worker: Error: mysql(localhost): Connect failed to > database (postfix): Access denied for user 'dovecot'@'localhost' > (using password: YES) - waiting for 25 seconds before retry > > Now I've logged in myself: mysql -u dovecot -p Enter password: xxx > and succeeded. What am I doing wrong? > The "(using password: YES)" part of the error indicates that your connection to the server was established successfully. However, it seems that user 'dovecot' has no access to database 'postfix', which you did not test on the command line either. What happens on the commandline when you enter (after logging in: use postfix; show tables; Fix that error in the mysql user administration, then try again. > > I've noticed that every time I restart dovecot I get this error in > the dovecot-deliver.log: > > Oct 24 11:31:11 lda: Error: userdb lookup: > connect(/usr/local/var/run/dovecot/auth-userdb) failed: Permission > denied (euid=512(vmail) egid=512(vmail) missing +r perm: > /usr/local/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) > Oct 24 11:31:11 lda: Fatal: Internal error occurred. Refer to server > log for more information. > > > Every time I go to chmod 666 on that file, restarting dovecot wipes > those permissions. How fix? Even when I fix that, I still get the > "temporary failure". Please advise. You forgot to add doveconf -n output, so I'm guessing here, but in your config, there should be a part defining something like: service auth { unix_listener auth-userdb { # some commented stuff } } Uncomment as needed, and set the values a indicated by the error message (probably something like user=vmail, group=vmail mode=0660). > > TIA, Jack > From piotr-l at netexpert.pl Mon Oct 24 22:26:00 2011 From: piotr-l at netexpert.pl (Piotr NetExpert) Date: Mon, 24 Oct 2011 21:26:00 +0200 Subject: [Dovecot] iterate_query not working Message-ID: <4EA5BBC8.5090901@netexpert.pl> Hi, I have got iterate_query defined in dovecot-sql.conf.ext. However when I run a command like: doveadm search -A BEFORE 10d I receive an error message (Failed to iterate ...) There is an error message in a log file too: Error: Trying to iterate users, but userdbs don't support it The problem is that monitoring a database server shows that dovecot does not try to execute any query. What I am doing wrong? password_query lookups work fine. -- pozdrawiam Piotr Szafarczyk http://www.netexpert.pl From simon.brereton at buongiorno.com Mon Oct 24 22:38:28 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 24 Oct 2011 15:38:28 -0400 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> Message-ID: On 24 October 2011 15:00, Jack Fredrikson wrote: > Hi; > This is my 6th day installing my first Postfix/Dovecot installation. The Postfix mailing list indicates I've got the MTA under control so now I'm seeking your help with the MDA. I get these errors with legitimate email addresses: > Oct 24 11:47:38 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 25 seconds before retry > > Now I've logged in myself: > mysql -u dovecot -p > Enter password: xxx > and succeeded. What am I doing wrong? > > > I've noticed that every time I restart dovecot I get this error in the dovecot-deliver.log: > > Oct 24 11:31:11 lda: Error: userdb lookup: connect(/usr/local/var/run/dovecot/auth-userdb) failed: Permission denied (euid=512(vmail) egid=512(vmail) missing +r perm: /usr/local/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) > Oct 24 11:31:11 lda: Fatal: Internal error occurred. Refer to server log for more information. > > > Every time I go to chmod 666 on that file, restarting dovecot wipes those permissions. How fix? > Even when I fix that, I still get the "temporary failure". > Please advise. what user are you running dovecot as? Does this thread help? http://www.mail-archive.com/dovecot at dovecot.org/msg32290.html or this one? http://www.mailinglistarchive.com/html/dovecot at dovecot.org/2010-08/msg01136.html Simon From hs at schlittermann.de Mon Oct 24 23:32:25 2011 From: hs at schlittermann.de (Heiko Schlittermann) Date: Mon, 24 Oct 2011 22:32:25 +0200 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> Message-ID: <20111024203225.GP3659@jumper.schlittermann.de> Jack Fredrikson (Mon Oct 24 21:00:54 2011): > Hi; > This is my 6th day installing my first Postfix/Dovecot installation. The Postfix mailing list indicates I've got the MTA under control so now I'm seeking your help with the MDA. I get these errors with legitimate email addresses: > Oct 24 11:47:38 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 25 seconds before retry > > Now I've logged in myself: > mysql -u dovecot -p > Enter password: xxx > and succeeded. What am I doing wrong? You should test: mysql -udovecot -pxxx -hlocalhost postfix to simulate the dovecot attemts. > I've noticed that every time I restart dovecot I get this error in the dovecot-deliver.log: > > Oct 24 11:31:11 lda: Error: userdb lookup: connect(/usr/local/var/run/dovecot/auth-userdb) failed: Permission denied (euid=512(vmail) egid=512(vmail) missing +r perm: /usr/local/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) > Oct 24 11:31:11 lda: Fatal: Internal error occurred. Refer to server log for more information. > > > Every time I go to chmod 666 on that file, restarting dovecot wipes those permissions. How fix? > Even when I fix that, I still get the "temporary failure". > Please advise. This file is not a file, it is a socket and gets recreated every time you restart dovecot. There is, if I remember well, some config option "mode" near the name of the name of the socket. -- Heiko :: dresden : linux : SCHLITTERMANN.de GPG Key 48D0359B : 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From jackfredrikson at yahoo.com Mon Oct 24 23:43:33 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 13:43:33 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <4EA5BB6C.4050205@whyscream.net> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> Message-ID: <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> ________________________________ From: Tom Hendrikx To: dovecot at dovecot.org Sent: Monday, October 24, 2011 3:24 PM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem First up, thanks for the links, Simon, but they didn't help :( I still need to chmod 666 /usr/local/var/run/dovecot/auth-userdb and I'm still getting the same error: Oct 24 13:40:57 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 5 seconds before retry > The "(using password: YES)" part of the error indicates that your > connection to the server was established successfully. However, it seems > that user 'dovecot' has no access to database 'postfix', which you did > not test on the command line either. > > What happens on the commandline when you enter (after logging in: > use postfix; show tables; I can log in *just fine* as dovecot and show tables, etc. # 2.0.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.7 (Final) vzfs auth_mechanisms = plain login mail_location = maildir:/var/vmail/%d/%u passdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } plugin { ? quota = maildir:storage=10240:messages=1000 ? trash = /usr/local/etc/dovecot/trash.conf } protocols = imap pop3 service auth { ? unix_listener auth-userdb { ??? mode = 0660 ? } ? user = root } ssl_cert = References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> Message-ID: On 24 October 2011 16:43, Jack Fredrikson wrote: > > ________________________________ > From: Tom Hendrikx > To: dovecot at dovecot.org > Sent: Monday, October 24, 2011 3:24 PM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > > First up, thanks for the links, Simon, but they didn't help :( I still need to > chmod 666 /usr/local/var/run/dovecot/auth-userdb > and I'm still getting the same error: > Oct 24 13:40:57 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 5 seconds before retry > >> The "(using password: YES)" part of the error indicates that your >> connection to the server was established successfully. However, it seems >> that user 'dovecot' has no access to database 'postfix', which you did >> not test on the command line either. >> >> What happens on the commandline when you enter (after logging in: >> use postfix; show tables; > > I can log in *just fine* as dovecot and show tables, etc. > > # 2.0.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.7 (Final) vzfs > auth_mechanisms = plain login > mail_location = maildir:/var/vmail/%d/%u Who owns /var/vmail? > passdb { > ? args = /usr/local/etc/dovecot/sql.conf > ? driver = sql > } > plugin { > ? quota = maildir:storage=10240:messages=1000 > ? trash = /usr/local/etc/dovecot/trash.conf > } > protocols = imap pop3 > service auth { > ? unix_listener auth-userdb { > ??? mode = 0660 > ? } > ? user = root > } > ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2 > ssl_key = ssl_key_password = Jw93Mx2 > userdb { > ? args = /usr/local/etc/dovecot/sql.conf > ? driver = sql > } > protocol imap { > ? mail_plugins = quota imap_quota > } > protocol pop3 { > ? mail_plugins = quota > ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } > protocol lda { > ? hostname = mydomain.com > ? info_log_path = /var/log/dovecot-deliver.log > ? log_path = /var/log/dovecot-deliver.log > ? mail_plugins = quota > ? postmaster_address = postmaster at mydomain.com > ? sendmail_path = /usr/sbin/sendmail.postfix > } From jackfredrikson at yahoo.com Tue Oct 25 00:47:11 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 14:47:11 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> Message-ID: <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: dovecot at dovecot.org Sent: Monday, October 24, 2011 5:04 PM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > Who owns /var/vmail? ls -al /var/vmail/ total 8 drwxrwx---? 2 vmail mail 4096 Oct 19 18:45 . drwxr-xr-x 26 root? root 4096 Oct 23 08:35 .. /usr/sbin/usermod -a -G mail,postfix dovecot And I'm still getting the same error: dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) TIA, Jack From tom at whyscream.net Tue Oct 25 01:00:01 2011 From: tom at whyscream.net (Tom Hendrikx) Date: Tue, 25 Oct 2011 00:00:01 +0200 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> Message-ID: <4EA5DFE1.1070306@whyscream.net> On 24-10-11 23:47, Jack Fredrikson wrote: > > ________________________________ > From: Simon Brereton > To: dovecot at dovecot.org > Sent: Monday, October 24, 2011 5:04 PM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > >> Who owns /var/vmail? > > ls -al /var/vmail/ > total 8 > drwxrwx--- 2 vmail mail 4096 Oct 19 18:45 . > drwxr-xr-x 26 root root 4096 Oct 23 08:35 .. > /usr/sbin/usermod -a -G mail,postfix dovecot Adding dovecot to the postfix group would be considered a security issue by many. Don't so this unless you actually think it wil help you (it won't). > > And I'm still getting the same error: > dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) > Please see http://dev.mysql.com/doc/refman/5.5/en/connecting.html, especially the part that starts with "On Unix, MySQL programs treat the host name localhost specially," Then show proof that this command works: mysql -udovecot -pxxx -h 127.0.0.1 postfix And see what happens if you set the hostname in dovecot config also to 127.0.0.1. Note that testing as root will likely give you access to the mysql socket, but dovecot might not have the same privileges. The above will test tcp connectivity for both. -- Tom From stephan at rename-it.nl Tue Oct 25 01:25:35 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 25 Oct 2011 00:25:35 +0200 Subject: [Dovecot] Expire plugin not executing for sieve plugin? In-Reply-To: <4EA5A5E1.3000202@druber.com> References: <4EA03F1C.5010500@druber.com> <4EA5A5E1.3000202@druber.com> Message-ID: <4EA5E5DF.1050508@rename-it.nl> On 10/24/2011 7:52 PM, Dan Swartzendruber wrote: > > No ideas? I googled some more and eventually turned up this posting: > > http://www.mailinglistarchive.com/html/dovecot at dovecot.org/2011-01/msg00716.html > > > guy seems to be having the exact problem I am, unfortunately, no-one > replied to his post either :( Hmm, wonder why no one answered that one. In theory, those plugins should interact gracefully. However, if something is wrong, I cannot test this right now, since I've not installed expire so far. I'll ask Timo if he can take a look at this. Otherwise, I'll have to build a small test setup first, which may take some time. Regards, Stephan. From stephan at rename-it.nl Tue Oct 25 01:27:50 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 25 Oct 2011 00:27:50 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4EA5399E.9070205@rename-it.nl> References: <4E9EDAC1.4000602@jkart.de> <4E9EED12.8040409@rename-it.nl> <4EA5399E.9070205@rename-it.nl> Message-ID: <4EA5E666.6090007@rename-it.nl> On 10/24/2011 12:10 PM, Stephan Bosch wrote: > Op 19-10-2011 17:30, Stephan Bosch schreef: >> Op 19-10-2011 16:12, Jim Knuth schreef: >>> Hello, >>> >>> is http://xi.rename-it.nl down? Apticron >>> shows me permanently errors. >> >> Yes. I noticed this yesterday. >> >> This is a recurring problem for some reason, probably some >> Xen-related issue. Every few months it just 'goes away' without any >> apparent reason. Unfortunately, I cannot restart the Xi myself at the >> moment and the person who can is currently involved in solving >> another IT calamity of a different magnitude. I think it can take up >> to a day for this system to come back online. > > This is probably going to take more time. Administrator is having > issues that prove to be harder to solve than expected. > In case you didn't notice, it is back apparently. Plans are to move this thing to a new system soon, which should (implicitly) solve this problem definitively. Regards, Stephan. From stephan at rename-it.nl Tue Oct 25 01:33:41 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 25 Oct 2011 00:33:41 +0200 Subject: [Dovecot] sieve-pipe Error In-Reply-To: <4EA5375B.2060101@wilkesley.net> References: <4EA5375B.2060101@wilkesley.net> Message-ID: <4EA5E7C5.4080908@rename-it.nl> On 10/24/2011 12:00 PM, Ian Barton wrote: > I am using Dovecot 2.0.15 on Arch. I have cloned the hg repo and > compiled the plugin using the following options: > > ./configure --with-dovecot=/usr/lib/dovecot > --with-pigeonhole=/usr/include/dovecot/sieve/ > > The relevant section of my dovecot.conf looks like: > > plugin { > sieve = ~/.dovecot.sieve > sieve_global_path = /home/vmail/globalsieverc > sieve_dir = ~/ > > sieve_plugins = sieve_pipe > # This directory contains the scripts that are available. > sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe > } > > When I restart Dovecot I get the following error: > > ian:dovecot/ $ sudo rc.d restart dovecot > [10:50:53] > :: Stopping dovecot daemon > [DONE] > :: Starting dovecot daemon > [BUSY] managesieve: > Fatal: opendir(/usr/lib/dovecot/modules/sieve) failed: No such file or > directory > doveconf: Error: managesieve-login: dump-capability process returned 89 Apparently, the plugin is not installed in the correct location. Try supplying a --with-moduledir=/usr/lib/dovecot/modules . After make install, the /usr/lib/dovecot/modules/sieve directory should contain lib90_sieve_pipe_plugin.so. Regards, Stephan. From jackfredrikson at yahoo.com Tue Oct 25 02:17:23 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 16:17:23 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <4EA5DFE1.1070306@whyscream.net> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> Message-ID: <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> ________________________________ From: Tom Hendrikx To: dovecot at dovecot.org Sent: Monday, October 24, 2011 6:00 PM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > Adding dovecot to the postfix group would be considered a security issue > by many. Don't so this unless you actually think it wil help you (it won't). Thanks. I took it out. > Please see http://dev.mysql.com/doc/refman/5.5/en/connecting.html, > especially the part that starts with "On Unix, MySQL programs treat the > host name localhost specially," > > Then show proof that this command works: > >? ? mysql -udovecot -pxxx -h 127.0.0.1 postfix My bad. I had the wrong p/w in sql.conf :-} So now I'm connected to the database as dovecot, but I'm still getting these dad-blamed errors: BC81A57901AD: to=, relay=dovecot, delay=25695, delays=25695/0.02/0/0.28, dsn=4.3.0, status=deferred (temporary failure) # 2.0.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.7 (Final) vzfs auth_mechanisms = plain login mail_location = maildir:/var/vmail/%d/%u passdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } plugin { ? quota = maildir:storage=10240:messages=1000 ? trash = /usr/local/etc/dovecot/trash.conf } protocols = imap pop3 service auth { ? unix_listener auth-userdb { ??? group = postfix ??? mode = 0660 ??? user = postfix ? } ? user = root } ssl_cert = References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> Message-ID: <20111024192749.0d8268f4@scorpio> On Mon, 24 Oct 2011 16:17:23 -0700 (PDT) Jack Fredrikson articulated: > protocol lda { > ? hostname = 13gems.com > ? info_log_path = /var/log/dovecot-deliver.log > ? log_path = /var/log/dovecot-deliver.log > ? mail_plugins = quota > ? postmaster_address = postmaster at bar.com > ? sendmail_path = /usr/sbin/sendmail.postfix Are you sure about that "sendmail" path? It certainly isn't like that on my machine. -- Jerry ? Dovecot.user at seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From jackfredrikson at yahoo.com Tue Oct 25 03:14:13 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 17:14:13 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <20111024192749.0d8268f4@scorpio> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <20111024192749.0d8268f4@scorpio> Message-ID: <1319501653.29776.YahooMailNeo@web122012.mail.ne1.yahoo.com> ________________________________ From: Jerry To: dovecot at dovecot.org Sent: Monday, October 24, 2011 7:27 PM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem >> ? sendmail_path = /usr/sbin/sendmail.postfix > Are you sure about that "sendmail" path? It certainly isn't like that > on my machine. Well, I changed it to just "sendmail" (since I had that file, too) but with the same result. I remember creating that file earlier but I don't remember where and searching around my system I can't xargs grep it. What do you recommend? TIA, Jack From stan at hardwarefreak.com Tue Oct 25 07:22:23 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Mon, 24 Oct 2011 23:22:23 -0500 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319501653.29776.YahooMailNeo@web122012.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <20111024192749.0d8268f4@scorpio> <1319501653.29776.YahooMailNeo@web122012.mail.ne1.yahoo.com> Message-ID: <4EA6397F.6070001@hardwarefreak.com> On 10/24/2011 7:14 PM, Jack Fredrikson wrote: > > ________________________________ > From: Jerry > To: dovecot at dovecot.org > Sent: Monday, October 24, 2011 7:27 PM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > >>> sendmail_path = /usr/sbin/sendmail.postfix > >> Are you sure about that "sendmail" path? It certainly isn't like that >> on my machine. > > Well, I changed it to just "sendmail" (since I had that file, too) but with the same result. I remember creating that file earlier but I don't remember where and searching around my system I can't xargs grep it. What do you recommend? I recommend the default: sendmail_path = /usr/sbin/sendmail I also recommend you not fly by the seat of your pants when creating IT infrastructure for a client. Doing so is good for neither of you. -- Stan From simon.brereton at buongiorno.com Tue Oct 25 07:46:30 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Tue, 25 Oct 2011 00:46:30 -0400 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> Message-ID: On 24 October 2011 19:17, Jack Fredrikson wrote: > > ________________________________ > From: Tom Hendrikx > To: dovecot at dovecot.org > Sent: Monday, October 24, 2011 6:00 PM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > >> Adding dovecot to the postfix group would be considered a security issue >> by many. Don't so this unless you actually think it wil help you (it won't). > > Thanks. I took it out. > >> Please see http://dev.mysql.com/doc/refman/5.5/en/connecting.html, >> especially the part that starts with "On Unix, MySQL programs treat the >> host name localhost specially," >> >> Then show proof that this command works: >> >>? ? mysql -udovecot -pxxx -h 127.0.0.1 postfix > > My bad. I had the wrong p/w in sql.conf :-} > > So now I'm connected to the database as dovecot, but I'm still getting these dad-blamed errors: > > BC81A57901AD: to=, relay=dovecot, delay=25695, delays=25695/0.02/0/0.28, dsn=4.3.0, status=deferred (temporary failure) Turn up the logging in postfix (add -vv to the smtpd line in master.cf or google for log-level) - but I'm pretty sure that this means postfix wants to give it dovecot, but dovecot says I can't do anything with it. Either cos it doesn't know where to put it. Or doesn't have permission to put it there. You could turn up your dovecot logging too if the postfix logs aren't helpful. My directory permissions (in no way security recommended - but working) for /var/vmail/ are: drwxrwxS mailsystem mailsystem Simon > # 2.0.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.7 (Final) vzfs > auth_mechanisms = plain login > mail_location = maildir:/var/vmail/%d/%u > passdb { > ? args = /usr/local/etc/dovecot/sql.conf > ? driver = sql > } > plugin { > ? quota = maildir:storage=10240:messages=1000 > ? trash = /usr/local/etc/dovecot/trash.conf > } > protocols = imap pop3 > service auth { > ? unix_listener auth-userdb { > ??? group = postfix > ??? mode = 0660 > ??? user = postfix > ? } > ? user = root > } > ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2 > ssl_key = userdb { > ? args = /usr/local/etc/dovecot/sql.conf > ? driver = sql > } > protocol imap { > ? mail_plugins = quota imap_quota > } > protocol pop3 { > ? mail_plugins = quota > ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } > protocol lda { > ? hostname = 13gems.com > ? info_log_path = /var/log/dovecot-deliver.log > ? log_path = /var/log/dovecot-deliver.log > ? mail_plugins = quota > ? postmaster_address = postmaster at bar.com > ? sendmail_path = /usr/sbin/sendmail.postfix > } > > TIA, > Jack From stephan at rename-it.nl Tue Oct 25 11:26:19 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 25 Oct 2011 10:26:19 +0200 Subject: [Dovecot] sieve-pipe Error In-Reply-To: <4EA66648.8050308@wilkesley.net> References: <4EA5375B.2060101@wilkesley.net> <4EA5E7C5.4080908@rename-it.nl> <4EA66648.8050308@wilkesley.net> Message-ID: <4EA672AB.5070401@rename-it.nl> Op 25-10-2011 9:33, Ian Barton schreef: > On 24/10/11 23:33, Stephan Bosch wrote: >> On 10/24/2011 12:00 PM, Ian Barton wrote: >>> I am using Dovecot 2.0.15 on Arch. I have cloned the hg repo and >>> compiled the plugin using the following options: >>> >>> ./configure --with-dovecot=/usr/lib/dovecot >>> --with-pigeonhole=/usr/include/dovecot/sieve/ >>> >>> The relevant section of my dovecot.conf looks like: >>> >>> plugin { >>> sieve = ~/.dovecot.sieve >>> sieve_global_path = /home/vmail/globalsieverc >>> sieve_dir = ~/ >>> >>> sieve_plugins = sieve_pipe >>> # This directory contains the scripts that are available. >>> sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe >>> } >>> >>> When I restart Dovecot I get the following error: >>> >>> ian:dovecot/ $ sudo rc.d restart dovecot [10:50:53] >>> :: Stopping dovecot daemon [DONE] >>> :: Starting dovecot daemon [BUSY] managesieve: Fatal: >>> opendir(/usr/lib/dovecot/modules/sieve) failed: No such file or >>> directory >>> doveconf: Error: managesieve-login: dump-capability process returned 89 >> >> Apparently, the plugin is not installed in the correct location. Try >> supplying a --with-moduledir=/usr/lib/dovecot/modules . >> >> After make install, the /usr/lib/dovecot/modules/sieve directory should >> contain lib90_sieve_pipe_plugin.so. >> > > Thank you that worked. Now to test if it's working:) Please reply to the mailing list as well. Regards, Stephan. From dovecot at tlinx.org Tue Oct 25 13:14:41 2011 From: dovecot at tlinx.org (Linda Walsh) Date: Tue, 25 Oct 2011 03:14:41 -0700 Subject: [Dovecot] Thunderbird slow in talking with dovecot IMAP AND to sendmail Message-ID: <4EA68C11.5060102@tlinx.org> I'm trying to find out what's causing this slowdown -- it's INTOLERABLE.... over 1 minute and less than 1% done. (400MB file)... After trying 3 times, I gave up and logged in using X to the server and ran Tbird from there.... Mail sent out in < 1 minute, though the copy to dovecot took about 50% longer. So... I looked at the network trace. and everyfrackin' body was using 4K packet sizes (at the application level!, the window size on TCP was over 64K...but no one was using it)....especially galling with my network's MTU at 9K, BTW, because small packets are really bad on a 1Gb network. sendmail -- 4K, dovecot /ssl, 4K... wazzup .. is t-bird forcing this, or is there some ssl requirement? but it can't just be ssl -- as it's talking to sendmail on port 25 unencrypted (it's a local net anyway)... I could see the entire binary going out in text form... 1 line at a time...a "C" line in sendmail, with lens of 4096...is that some max? I don't see it in the sendmail.cf files...wanted to see if anyone knew of dovecot restrictions that might limit packets to 4k, before I lamblasted the thunderbird people for another act of mindless stupidity (the first being when they decided to cache all your IMAP store on every local client in the client's ROAMING profile...*brilliant*!!!... sides, if I wanted it on local I would have set 'store on local', but in TB3, they know better and change that for me... Something about them being too stupid to use indexing and searching on an imap server? Maybe I just imagined hearing that... From jackfredrikson at yahoo.com Tue Oct 25 13:47:26 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 03:47:26 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> Message-ID: <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: Dovecot Mailing List Sent: Tuesday, October 25, 2011 12:46 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem I think I've found the problem. How do I create this file? /usr/local/libexec/dovecot/deliver-ldaTIA, Jack From ef at math.uni-bonn.de Tue Oct 25 14:02:39 2011 From: ef at math.uni-bonn.de (Edgar =?iso-8859-1?B?RnXf?=) Date: Tue, 25 Oct 2011 13:02:39 +0200 Subject: [Dovecot] Seen flag getting lost Message-ID: <20111025110238.GB8900@gumme.math.uni-bonn.de> We have two dovecot 1.2 instances sharing Maildirs on NFS. Indexes are local to the individual servers. Occasionally (no idea how to trigger this), the Seen flag gets lost on some messages. I've verified that actually the ``S'' is missing from the filename. I suspect something like server A caching the flags, server B setting Seen, and then server A flushing its cache for another change so overwriting what B changed. Any ideas short of switching to 2.0? From sb at dod.no Tue Oct 25 14:38:07 2011 From: sb at dod.no (Steinar Bang) Date: Tue, 25 Oct 2011 13:38:07 +0200 Subject: [Dovecot] SSL renegotiation vulnerability (Was: dovecot evaluation on a 30 gb mailbox) References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> Message-ID: >>>>> Timo Sirainen : > Yes, SSL handshakes are extra. Although SSL supports some kind of > quick renegotiation too, but Dovecot doesn't support that yet. No > one's ever requested it.. Hum... this article (in Norwegian) http://www.digi.no/881186/skrekkverktoy-slaar-ut-%ABsikre%BB-servere addresses the SSL renegotiation vulnerability, and how it can be used to DOS servers using SSL from a single machine with low bandwidth. At the end the article is discussing how to configure off the SSL renegotiate in different servers, and that the author had been unable to find a setting for disabling SSL renegotiate in dovecot (and if anyone knows how, please inform him). Could the reason he hasn't found such a setting be that SSL renegotiate isn't supported at all in dovecot...? Thanks! - Steinar From CMarcus at Media-Brokers.com Tue Oct 25 14:38:22 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 25 Oct 2011 07:38:22 -0400 Subject: [Dovecot] Thunderbird slow in talking with dovecot IMAP AND to sendmail In-Reply-To: <4EA68C11.5060102@tlinx.org> References: <4EA68C11.5060102@tlinx.org> Message-ID: <4EA69FAE.1030100@Media-Brokers.com> On 2011-10-25 6:14 AM, Linda Walsh wrote: > and everyfrackin' body was using 4K packet sizes (at the application > level!, the window size on TCP was over 64K...but no one was using > it)....especially galling with my network's MTU at 9K, BTW, because > small packets are really bad on a 1Gb network. > > sendmail -- 4K, > dovecot /ssl, 4K... > > wazzup .. is t-bird forcing this, If I'm not mistaken, yes, this is (or could be) a TBird problem... I can't find the bug report where this was discussed, but I distinctly remember one of the devs commenting on this 4k packet size issue. Apparently it was an intentional change, but he couldn't figure out why. Fyi, it was discussed in one of the IMAP performance bugs... -- Best regards, Charles From jackfredrikson at yahoo.com Tue Oct 25 16:51:56 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 06:51:56 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> ________________________________ From: Jack Fredrikson To: "simon.brereton at buongiorno.com" ; Dovecot Mailing List Sent: Tuesday, October 25, 2011 6:47 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem Or, conversely, how do I create this file: /usr/local/libexec/dovecot/deliver The problem is the first_valid_uid and first_valid_gid need to be reset. What file is called to create "deliver"? Please help. TIA, Jack From simon.brereton at buongiorno.com Tue Oct 25 16:53:15 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Tue, 25 Oct 2011 09:53:15 -0400 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: On 25 October 2011 06:47, Jack Fredrikson wrote: > > ________________________________ > From: Simon Brereton > To: Dovecot Mailing List > Sent: Tuesday, October 25, 2011 12:46 AM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > > I think I've found the problem. How do I create this file? > > /usr/local/libexec/dovecot/deliver-lda I can't speak to CentOS, but I'm not sure you need to be "creating" any files - especially not in libexec. Are you sure your dovecot installation isn't hosed somehow? Simon From giles at coochey.net Tue Oct 25 17:02:15 2011 From: giles at coochey.net (Giles Coochey) Date: Tue, 25 Oct 2011 16:02:15 +0200 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> Message-ID: <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> On Tue, October 25, 2011 15:51, Jack Fredrikson wrote: > > ________________________________ > From: Jack Fredrikson > To: "simon.brereton at buongiorno.com" ; > Dovecot Mailing List > Sent: Tuesday, October 25, 2011 6:47 AM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection > Problem > > > Or, conversely, how do I create this file: > > /usr/local/libexec/dovecot/deliver > > The problem is the first_valid_uid and first_valid_gid need to be reset. > What file is called to create "deliver"? Please help. > On my Centos 5.x: [root at gate ~]# rpm -qf /usr/libexec/dovecot/deliver dovecot-2.0.15-1.0.cf.rhel5 [root at gate ~]# rpm -qf /usr/libexec/dovecot/dovecot-lda dovecot-2.0.15-1.0.cf.rhel5 [root at gate ~]# What dovecot do you have? From jackfredrikson at yahoo.com Tue Oct 25 17:05:36 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 07:05:36 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: <1319551536.95677.YahooMailNeo@web122009.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: Dovecot Mailing List Sent: Tuesday, October 25, 2011 9:53 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > I can't speak to CentOS, but I'm not sure you need to be "creating" > any files - especially? not in libexec.? Are you sure your dovecot > installation isn't hosed somehow? Of course I'm not sure and rebuilding dovecot is what I'll do if all else fails. When I discovered the problem in my dovecot logs, I searched for the offending GID and discovered it in /usr/local/libexec/dovecot/deliver which, of course, is a binary. How did it get there? Certainly not when I did my ./configure make make install dance with dovecot's src distro. How did it get there?? How do I change it??` TIA, Jack From jackfredrikson at yahoo.com Tue Oct 25 17:10:21 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 07:10:21 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> Message-ID: <1319551821.48248.YahooMailNeo@web122010.mail.ne1.yahoo.com> ________________________________ From: Giles Coochey To: Jack Fredrikson Cc: "simon.brereton at buongiorno.com" ; Dovecot Mailing List Sent: Tuesday, October 25, 2011 10:02 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > On my Centos 5.x: > > [root at gate ~]# rpm -qf /usr/libexec/dovecot/deliver > dovecot-2.0.15-1.0.cf.rhel5 > [root at gate ~]# rpm -qf /usr/libexec/dovecot/dovecot-lda > dovecot-2.0.15-1.0.cf.rhel5 > > What dovecot do you have? 2.0.15 I built mine the old way: ./configure --with-mysql make make install So how would I rebuild just this one file? From where does it get its data? I need to change the first_valid_gid. TIA, Jack From jackfredrikson at yahoo.com Tue Oct 25 18:01:31 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 08:01:31 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319551821.48248.YahooMailNeo@web122010.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> <1319551821.48248.YahooMailNeo@web122010.mail.ne1.yahoo.com> Message-ID: <1319554891.19030.YahooMailNeo@web122011.mail.ne1.yahoo.com> From: Giles Coochey To: Jack Fredrikson Cc: "simon.brereton at buongiorno.com" ; Dovecot Mailing List Sent: Tuesday, October 25, 2011 10:02 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem I just discovered this: [root at myserver postfix]# ls -al /usr/libexec/dovecot/ total 8 drwxr-xr-x 2 root root 4096 Oct 22 08:59 . drwxr-xr-x 9 root root 4096 Oct 23 08:36 .. lrwxrwxrwx 1 root root?? 34 Oct 22 08:59 deliver -> /usr/local/libexec/dovecot/deliver [root at myserver postfix]# ls -al /usr/local/libexec/dovecot/deliver* lrwxrwxrwx 1 root root 11 Oct 20 17:14 /usr/local/libexec/dovecot/deliver -> dovecot-lda Huh? So I made a softlink directly to /usr/local/libexec/dovecot/dovecot-lda (which is where it resides) But I'm still getting the same errors: Oct 25 07:58:47 lda(foo at bar.com): Fatal: setgid(12(mail) from userdb lookup) failed with euid=512(vmail), gid=512(vmail), egid=512(vmail): Operation not permitted (This binary should probably be called with process group set to 12(mail) instead of 512(vmail)) I need to change the gid because it's wrong. Now, rebuilding dovecot isn't going to do that because we don't set such things in the flags to rebuild. So where in tarnation do we??? TIA, Jack > On my Centos 5.x: > > [root at gate ~]# rpm -qf /usr/libexec/dovecot/deliver > dovecot-2.0.15-1.0.cf.rhel5 > [root at gate ~]# rpm -qf /usr/libexec/dovecot/dovecot-lda > dovecot-2.0.15-1.0.cf.rhel5 > > What dovecot do you have? 2.0.15 I built mine the old way: ./configure --with-mysql make make install So how would I rebuild just this one file? From where does it get its data? I need to change the first_valid_gid. TIA, Jack From jackfredrikson at yahoo.com Tue Oct 25 21:01:12 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 11:01:12 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319554891.19030.YahooMailNeo@web122011.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> <1319551821.48248.YahooMailNeo@web122010.mail.ne1.yahoo.com> <1319554891.19030.YahooMailNeo@web122011.mail.ne1.yahoo.com> Message-ID: <1319565672.83110.YahooMailNeo@web122007.mail.ne1.yahoo.com> ________________________________ From: Jack Fredrikson To: Jack Fredrikson ; Giles Coochey Cc: "simon.brereton at buongiorno.com" ; Dovecot Mailing List Sent: Tuesday, October 25, 2011 11:01 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem I have solved at least another part of the problem that was causing the setuig error. I changed my postfix/master.cf file from this: dovecot?? unix? -?????? n?????? n?????? -?????? -?????? pipe ? flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient} to this: dovecot?? unix? -?????? n?????? n?????? -?????? -?????? pipe ? flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} ${recipient} taking out the d flag. Now dovecot doesn't complain. *However*, I've *still* got this devil plaguing me: Oct 25 10:49:18 myserver postfix/pipe[3712]: 0423257901AB: to=, relay=dovecot, delay=109318, delays=109318/0.14/0/0.1, dsn=4.3.0, status=deferred (temporary failure Ya know, I know I'm not the sharpest tool in the shed when it comes to programming, but I have *never* worked *so hard* on an installation as this one with so little success! It took me a day to install qmail the first time around. I've been a week on this!! Please help me figure this mess out. For the record, I did rebuild dovecot but that obviously didn't help. I did change the posfix files to pump out a bunch of debugging info: adding a -D flag to every smptd service in master.cf This in main.cf: debug_peer_level = 3 debugger_command = ? PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ? xxgdb $daemon_directory/$process_name $process_id & sleep 5 debug_peer_list = 127.0.0.1 #debug_peer_list = and it doesn't give me any output like it did the first time, so I assume (perhaps incorrectly) there are no errors. TIA, Jack From tss at iki.fi Tue Oct 25 21:13:09 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 25 Oct 2011 21:13:09 +0300 Subject: [Dovecot] SSL renegotiation vulnerability (Was: dovecot evaluation on a 30 gb mailbox) In-Reply-To: References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> Message-ID: <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> On 25.10.2011, at 14.38, Steinar Bang wrote: >>>>>> Timo Sirainen : > >> Yes, SSL handshakes are extra. Although SSL supports some kind of >> quick renegotiation too, but Dovecot doesn't support that yet. No >> one's ever requested it.. Looks like it's not "renegotiation" but more like session resume/resumption/cache or something that I was thinking about. > Hum... this article (in Norwegian) > http://www.digi.no/881186/skrekkverktoy-slaar-ut-%ABsikre%BB-servere > addresses the SSL renegotiation vulnerability, and how it can be used to > DOS servers using SSL from a single machine with low bandwidth. > > At the end the article is discussing how to configure off the SSL > renegotiate in different servers, and that the author had been unable to > find a setting for disabling SSL renegotiate in dovecot (and if anyone > knows how, please inform him). > > Could the reason he hasn't found such a setting be that SSL renegotiate > isn't supported at all in dovecot...? Looking at the OpenSSL code, I don't see any way to disable it. Or possibly with some undocumented kludgy way, but I don't really know enough about OpenSSL to implement it. Anyway, I'd think fail2ban should mostly solve this problem. From jackfredrikson at yahoo.com Tue Oct 25 21:33:12 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 11:33:12 -0700 (PDT) Subject: [Dovecot] Temporary Failure that's Permanent! Message-ID: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> Hi; I continue to be plagued with this error: Oct 25 10:49:18 myserver postfix/pipe[3712]: 0423257901AB: to=, relay=dovecot, delay=109318, delays=109318/0.14/0/0.1, dsn=4.3.0, status=deferred (temporary failure It's been a week that I've been working day and night to get this fixed. I forgot to add this information: [root]# doveconf -n auth_mechanisms = plain login first_valid_gid = 12 first_valid_uid = 86 mail_location = maildir:/var/vmail/%d/%u passdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } plugin { ? quota = maildir:storage=10240:messages=1000 ? trash = /usr/local/etc/dovecot/trash.conf } protocols = imap pop3 service auth { ? unix_listener auth-userdb { ??? group = postfix ??? mode = 0660 ??? user = postfix ? } ? user = root } ssl_cert = References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> Message-ID: <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> On 25.10.2011, at 21.13, Timo Sirainen wrote: >> Could the reason he hasn't found such a setting be that SSL renegotiate >> isn't supported at all in dovecot...? > > Looking at the OpenSSL code, I don't see any way to disable it. Or possibly with some undocumented kludgy way, but I don't really know enough about OpenSSL to implement it. Actually, the attached patch works for v2.0. I'm not really sure yet if I should add a setting for it, force it always or just wait for SSL people to figure out something else. I think I'll do the last option for now. In any case, I noticed there was some memory "leaking" when doing SSL renegotiation and that definitely needs to be fixed: http://hg.dovecot.org/dovecot-2.0/rev/ad2ebc237570 -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: application/octet-stream Size: 515 bytes Desc: not available URL: From CMarcus at Media-Brokers.com Tue Oct 25 22:34:15 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 25 Oct 2011 15:34:15 -0400 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> Message-ID: <4EA70F37.3000401@Media-Brokers.com> Jack, A word of advice... you need to take a breath, and START OVER. Postfix+Dovecot works very well together... you are doing something wrong, and need to figure out what it is. You are chasing your tail, and will never figure out what you are doing wrong the way you are trying to troubleshoot this right now. Posting the same question over and over here and on the postfix list will not get you anywhere. Charles On 2011-10-25 2:33 PM, Jack Fredrikson wrote: > Hi; > > I continue to be plagued with this error: > > Oct 25 10:49:18 myserver postfix/pipe[3712]: 0423257901AB: to=, relay=dovecot, delay=109318, delays=109318/0.14/0/0.1, dsn=4.3.0, status=deferred (temporary failure > > It's been a week that I've been working day and night to get this fixed. > > I forgot to add this information: > > [root]# doveconf -n > auth_mechanisms = plain login > first_valid_gid = 12 > first_valid_uid = 86 > mail_location = maildir:/var/vmail/%d/%u > passdb { > args = /usr/local/etc/dovecot/sql.conf > driver = sql > } > plugin { > quota = maildir:storage=10240:messages=1000 > trash = /usr/local/etc/dovecot/trash.conf > } > protocols = imap pop3 > service auth { > unix_listener auth-userdb { > group = postfix > mode = 0660 > user = postfix > } > user = root > } > ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2 > ssl_key = ssl_key_password = passwd > userdb { > args = /usr/local/etc/dovecot/sql.conf > driver = sql > } > protocol imap { > mail_plugins = quota imap_quota > } > protocol pop3 { > mail_plugins = quota > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } > protocol lda { > hostname = myserver.com > info_log_path = /var/log/dovecot-deliver.log > log_path = /var/log/dovecot-deliver.log > mail_plugins = quota > postmaster_address = postmaster at creative.vi > sendmail_path = /usr/sbin/sendmail.postfix > } > > [root] # vi main.cf > queue_directory = /var/spool/postfix > myorigin = $mydomain > command_directory = /usr/sbin > daemon_directory = /usr/libexec/postfix > mail_owner = postfix > inet_interfaces = all > unknown_local_recipient_reject_code = 550 > debug_peer_list = > sendmail_path = /usr/sbin/sendmail.postfix > newaliases_path = /usr/bin/newaliases > mailq_path = /usr/bin/mailq > setgid_group = postdrop > html_directory = no > manpage_directory = /usr/local/man > sample_directory = /etc/postfix > readme_directory = no > mydomain = myserver.com > mydestination = > $mydomain, > $myhostname, > localhost.$mydomain > mail_spool_directory = /var/spool/mail > home_mailbox = Mailbox > disable_vrfy_command = yes > show_user_unknown_table_name = no > > > data_directory = /var/lib/postfix > # --------------- local settings ------------------ > myhostname = myserver.com > inet_interfaces = localhost, $myhostname > mynetworks = $config_directory/mynetworks > #mydestination = localhost.$mydomain, localhost, $myhostname > #uncomment if you need relay_domains... do not list domains in both relay and virtual > relay_domains = proxy:mysql:$config_directory/mysql_relay_domains_maps.cf > # ---------------------- VIRTUAL DOMAINS START ---------------------- > virtual_mailbox_base = /var/vmail > virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf > virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf > virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf > virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf > virtual_minimum_uid = 89 > virtual_uid_maps = static:89 > virtual_gid_maps = static:89 > virtual_transport = dovecot > dovecot_destination_recipient_limit = 1 > # ---------------------- VIRTUAL DOMAINS END ---------------------- > # ---------------------- SASL PART START ---------------------- > smtpd_sasl_auth_enable = yes > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination > smtpd_sasl_security_options = noanonymous > broken_sasl_auth_clients = yes > smtpd_sasl_type = dovecot > smtpd_sasl_path = /var/spool/postfix/private/auth > smtpd_sasl_application_name = smtpd > # ---------------------- SASL PART END ---------------------- > smtpd_soft_error_limit = 10 > smtpd_hard_error_limit = 20 > smtpd_helo_required = yes > disable_vrfy_command = yes > non_fqdn_reject_code = 504 > invalid_hostname_reject_code = 450 > maps_rbl_reject_code = 554 > alias_maps = hash:/etc/aliases > reject_unknown_client = false > reject_unknown_hostname = false > mailbox_command = /usr/local/libexec/dovecot/deliver -f "$SENDER" -a "$RECIPIENT" > > > [root] # vi master.cf > smtp inet n - n - - smtpd > submission inet n - - - - smtpd -D > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_sasl_type=dovecot > -o smtpd_sasl_path=private/auth > -o smtpd_sasl_security_options=noanonymous > -o smtpd_sasl_local_domain=$myhostname > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o smtpd_sender_login_maps=hash:/etc/postfix/virtual > -o smtpd_sender_restrictions=reject_sender_login_mismatch > -o smtpd_recipient_restrictions=reject_unknown_recipient_domain,reject_non_fqdn_recipient,permit_sasl_authenticated,reject > amavisfeed unix - - n - 2 lmtp > -o lmtp_data_done_timeout=1200 > -o lmtp_send_xforward_command=yes > -o disable_dns_lookups=yes > -o max_use=20 > 587 inet n - n - - smtpd > pickup fifo n - n 60 1 pickup > cleanup unix n - n - 0 cleanup > qmgr fifo n - n 300 1 qmgr > tlsmgr unix - - n 1000? 1 tlsmgr > rewrite unix - - n - - trivial-rewrite > bounce unix - - n - 0 bounce > defer unix - - n - 0 bounce > trace unix - - n - 0 bounce > verify unix - - n - 1 verify > flush unix n - n 1000? 0 flush > proxymap unix - - n - - proxymap > smtp unix - - n - - smtp > relay unix - - n - - smtp > -o fallback_relay= > showq unix n - n - - showq > error unix - - n - - error > discard unix - - n - - discard > local unix - n n - - local > virtual unix - n n - - virtual > lmtp unix - - n - - lmtp > anvil unix - - n - 1 anvil > scache unix - - n - 1 scache > maildrop unix - n n - - pipe > flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} > uucp unix - n n - - pipe > flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) > ifmail unix - n n - - pipe > flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) > bsmtp unix - n n - - pipe > flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient > retry unix - - n - - error > proxywrite unix - - n - 1 proxymap > dovecot unix - n n - - pipe > flags=DRhu user=dovecot argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} ${recipient} > spamfilter unix - n n - - pipe > flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter -f ${sender} -- ${recipient} > > > TIA, > Jack > -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6200 x224 | 678.514.6299 fax From tss at iki.fi Tue Oct 25 23:02:19 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 25 Oct 2011 23:02:19 +0300 Subject: [Dovecot] SSL renegotiation vulnerability (Was: dovecot evaluation on a 30 gb mailbox) In-Reply-To: <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> Message-ID: <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> On 25.10.2011, at 21.51, Timo Sirainen wrote: > On 25.10.2011, at 21.13, Timo Sirainen wrote: > >>> Could the reason he hasn't found such a setting be that SSL renegotiate >>> isn't supported at all in dovecot...? >> >> Looking at the OpenSSL code, I don't see any way to disable it. Or possibly with some undocumented kludgy way, but I don't really know enough about OpenSSL to implement it. > > Actually, the attached patch works for v2.0. I'm not really sure yet if I should add a setting for it, force it always or just wait for SSL people to figure out something else. I think I'll do the last option for now. > > In any case, I noticed there was some memory "leaking" when doing SSL renegotiation and that definitely needs to be fixed: http://hg.dovecot.org/dovecot-2.0/rev/ad2ebc237570 I don't know if I'm doing something wrong, but I can't even cause a DoS. Even while all imap-login processes are eating 100% CPU (almost 500 handshakes/second), I can successfully log in with another client. From noel.butler at ausics.net Wed Oct 26 03:05:57 2011 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 26 Oct 2011 10:05:57 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> Message-ID: <1319587557.8419.14.camel@tardis> Hi, I've been away for a while, and the previous threads I stopped reading because it makes reading War and Peace look more enticing. Have you run in debug mode? On Tue, 2011-10-25 at 11:33 -0700, Jack Fredrikson wrote: > Hi; > > I continue to be plagued with this error: > > Oct 25 10:49:18 myserver postfix/pipe[3712]: 0423257901AB: to=, relay=dovecot, delay=109318, delays=109318/0.14/0/0.1, dsn=4.3.0, status=deferred (temporary failure > So, it looks like an LDA issue > It's been a week that I've been working day and night to get this fixed. > I only have v1.2 config files to compare at present, we aborted use of 2.0 for internal reasons, I know (sadly) many things changed in the config format so I wont begin to assume you have correct components in the right blocks because I'd for sure end up being wrong. What you could try, is looking at the exceed quota examples, and try injecting a message for a user that way using dovecot's deliver and see if it stores the message correctly. Does pop3 work for the users? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From stan at hardwarefreak.com Wed Oct 26 10:33:09 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 26 Oct 2011 02:33:09 -0500 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA70F37.3000401@Media-Brokers.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> Message-ID: <4EA7B7B5.6060609@hardwarefreak.com> On 10/25/2011 2:34 PM, Charles Marcus wrote: > Jack, > > A word of advice... you need to take a breath, and START OVER. Yep. Start by ditching that old as dirt POS distro known as CentOS. And don't roll-your-own-Dovecot from source. Simply install Debian 6, or get your VPS provider to swap your image for it, and: ~$ aptitude install dovecot-imapd dovecot-common You'll get version 1.2.15, which is probably fine as you don't need the advanced features of 2.x anyway. Then the only thing to worry about now is getting dovecot.conf setup correctly, which is a lot easier than digging yourself out of your current hole. -- Stan From limperis at cti.gr Wed Oct 26 10:41:49 2011 From: limperis at cti.gr (Limperis Antonis) Date: Wed, 26 Oct 2011 07:41:49 +0000 Subject: [Dovecot] variable for gid Message-ID: Hi Is possible for a variable for gid of each user, such as %ifor uid . Thanks for your attention Antonis From noel.butler at ausics.net Wed Oct 26 10:44:57 2011 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 26 Oct 2011 17:44:57 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA7B7B5.6060609@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> Message-ID: <1319615097.32388.7.camel@tardis> *sigh* As usual Stanley, you do not contribute anything constructive, only trollish jibberish Charles' advice however would be my next step, but at this point I think it's a bit drastic. On Wed, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: > On 10/25/2011 2:34 PM, Charles Marcus wrote: > > Jack, > > > > A word of advice... you need to take a breath, and START OVER. > > Yep. Start by ditching that old as dirt POS distro known as CentOS. > And don't roll-your-own-Dovecot from source. Simply install Debian 6, > or get your VPS provider to swap your image for it, and: > > ~$ aptitude install dovecot-imapd dovecot-common > > You'll get version 1.2.15, which is probably fine as you don't need the > advanced features of 2.x anyway. Then the only thing to worry about now > is getting dovecot.conf setup correctly, which is a lot easier than > digging yourself out of your current hole. > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From noel.butler at ausics.net Wed Oct 26 11:04:58 2011 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 26 Oct 2011 18:04:58 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> Message-ID: <1319616298.32388.15.camel@tardis> On Tue, 2011-10-25 at 11:33 -0700, Jack Fredrikson wrote: > mailbox_command = /usr/local/libexec/dovecot/deliver -f "$SENDER" -a "$RECIPIENT" > get rid of this ^^^^^^^^^^^^^ in postifx main.cf > dovecot unix - n n - - pipe > flags=DRhu user=dovecot argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} ${recipient} in master, try dovecot unix - n n - - pipe flags=DRhu user=dovecot argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -e -d ${user}@${nexthop} Are you really using user dovecot? Did you build this from source, if so show us the options you used -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From sb at dod.no Wed Oct 26 11:25:18 2011 From: sb at dod.no (Steinar Bang) Date: Wed, 26 Oct 2011 10:25:18 +0200 Subject: [Dovecot] SSL renegotiation vulnerability References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> Message-ID: >>>>> Timo Sirainen : > I don't know if I'm doing something wrong, but I can't even cause a > DoS. Even while all imap-login processes are eating 100% CPU (almost > 500 handshakes/second), I can successfully log in with another client. Are you using the tool linked to in the article, to stress the server? http://www.thc.org/thc-ssl-dos/ From mcbdovecot at robuust.nl Wed Oct 26 11:36:56 2011 From: mcbdovecot at robuust.nl (Maarten Bezemer) Date: Wed, 26 Oct 2011 10:36:56 +0200 (CEST) Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319615097.32388.7.camel@tardis> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319615097.32388.7.camel@tardis> Message-ID: On Wed, 26 Oct 2011, Noel Butler wrote: > *sigh* > > As usual Stanley, you do not contribute anything constructive, only > trollish jibberish I don't know where both of you live, but can't you just grab a coffee and find out what it is that makes a mockery of any discussion between the two of you? Or why you can't seem to get along? Make sure the coffee isn't too hot so you can at least throw it at one another without getting any lawyer involved :-P How hard would it be to just not feed the trolls, if you're so convinced Stan is one. He's not even trying to get on your nerves, and yet you take it personal. I could have gone and *sigh* about Hadmuts not-so-polite last reply a few days ago, but I figured that wouldn't have helped anyone. Probably not even my ego. Back on topic: there sems to be an issue that doesn't handle temporary failures properly (i.e., it should at least record the details of the failure in some logs). This may very well be related to a locally built Dovecot, or being unfamiliar with Postfix/Dovecot configuration, or both. You could try something like 'su' or 'sudo' to break the transactions into separate parts, to see what's generating the tempfail and why. Maybe we're missing some log entries right above the quoted postfix tempfail, that shows some non-null exit code. -- Maarten From sb at dod.no Wed Oct 26 11:43:39 2011 From: sb at dod.no (Steinar Bang) Date: Wed, 26 Oct 2011 10:43:39 +0200 Subject: [Dovecot] SSL renegotiation vulnerability References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> Message-ID: >>>>> Steinar Bang : >>>>> Timo Sirainen : >> I don't know if I'm doing something wrong, but I can't even cause a >> DoS. Even while all imap-login processes are eating 100% CPU (almost >> 500 handshakes/second), I can successfully log in with another client. > Are you using the tool linked to in the article, to stress the server? > http://www.thc.org/thc-ssl-dos/ Here's what the article says about stressing dovecot: "Alle servertjenester benytter SSL kan i utgangspunktet v?re ber?rt. Digi.no har testet verkt?yet mot en eldre, intern server som kj?rer Linux. Angrepet mot Apache/HTTPD var mislykket, fordi SSL Renegotiation var deaktivert som standard. Men en angrep mot en POP3S-basert (kryptert e-post) tjeneste levert av serverprogramvaren Dovecot, kj?rte CPU-lasten i taket med over tusen ?handshakes? i sekundet. Angrepet f?rte ikke til at hele maskinen ble utilgjengelig, men POP3S-tjenesten ble i praksis ubrukelig s? lenge angrepet varte." A quick translate: All services using SSL can be affected. Digi.no has tested the tool against an old, internal server running Linux. The attach against Apache httpd failed, because SSL Renegotiation was deactivated by default. But an attach against a POP3S (encrypted email) service delivered by the server program Dovecot, ran the CPU-load into the roof with over a thousand "Handshakes" per second. The attack didn't cause the computer to be inaccessible, but the POP3S-service was unusable for the duration of the attack. So it looks like they didn't test IMAPS access, only POP3S. From robert at schetterer.org Wed Oct 26 12:01:51 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 26 Oct 2011 11:01:51 +0200 Subject: [Dovecot] SSL renegotiation vulnerability In-Reply-To: References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> Message-ID: <4EA7CC7F.6090107@schetterer.org> Am 26.10.2011 10:43, schrieb Steinar Bang: >>>>>> Steinar Bang : >>>>>> Timo Sirainen : > >>> I don't know if I'm doing something wrong, but I can't even cause a >>> DoS. Even while all imap-login processes are eating 100% CPU (almost >>> 500 handshakes/second), I can successfully log in with another client. > >> Are you using the tool linked to in the article, to stress the server? >> http://www.thc.org/thc-ssl-dos/ > > Here's what the article says about stressing dovecot: > "Alle servertjenester benytter SSL kan i utgangspunktet v?re > ber?rt. Digi.no har testet verkt?yet mot en eldre, intern server som > kj?rer Linux. Angrepet mot Apache/HTTPD var mislykket, fordi SSL > Renegotiation var deaktivert som standard. Men en angrep mot en > POP3S-basert (kryptert e-post) tjeneste levert av serverprogramvaren > Dovecot, kj?rte CPU-lasten i taket med over tusen ?handshakes? i > sekundet. Angrepet f?rte ikke til at hele maskinen ble utilgjengelig, > men POP3S-tjenesten ble i praksis ubrukelig s? lenge angrepet varte." > > A quick translate: > All services using SSL can be affected. Digi.no has tested the tool > against an old, internal server running Linux. The attach against > Apache httpd failed, because SSL Renegotiation was deactivated by > default. But an attach against a POP3S (encrypted email) service > delivered by the server program Dovecot, ran the CPU-load into the > roof with over a thousand "Handshakes" per second. The attack didn't > cause the computer to be inaccessible, but the POP3S-service was > unusable for the duration of the attack. > > So it looks like they didn't test IMAPS access, only POP3S. > however wasnt it possible ever to stress any service via ddos ? this tool may only very effective in doing that the most problem is see , not everybody can use fail2ban on his servers by keeping out dummy auth users over nat ( I have such case ) anyway ,firewalls should slow down ddos attacks, which might cause other problems then *g, but for sure not from one ip just a few thoughts..,for sure ,best way would be, getting it fixed -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From dg at dguhl.org Wed Oct 26 12:43:41 2011 From: dg at dguhl.org (Dennis Guhl) Date: Wed, 26 Oct 2011 11:43:41 +0200 Subject: [Dovecot] variable for gid In-Reply-To: References: Message-ID: <20111026094341.GA10257@laptop-dg.leere.eu> On Wed, Oct 26, 2011 at 07:41:49AM +0000, Limperis Antonis wrote: > Hi > > Is possible for a variable for gid of each user, such as %ifor uid . I don't know what your question exactly is, but I tink the answer will be no, there is no variable for GIDs. http://wiki2.dovecot.org/Variables shows all valid variables for Dovecot 2 (s/2/1/ works for old Dovecot). HTH Dennis From stan at hardwarefreak.com Wed Oct 26 13:39:53 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 26 Oct 2011 05:39:53 -0500 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319615097.32388.7.camel@tardis> Message-ID: <4EA7E379.1010906@hardwarefreak.com> On 10/26/2011 3:36 AM, Maarten Bezemer wrote: > and find out what it is that makes a mockery of any discussion between > the two of you? Discussion?? I *thoroughly* blocked Noel Butler about a year ago. Should I define *thoroughly*? That means direct to MX, list mail, smoke signals, and yodels from a mountain top. You're unfairly associating me with this nitwit. I extricated myself from his mud pit long ago. -- Stan From dg at dguhl.org Wed Oct 26 16:14:20 2011 From: dg at dguhl.org (Dennis Guhl) Date: Wed, 26 Oct 2011 15:14:20 +0200 Subject: [Dovecot] OT: Re: Temporary Failure that's Permanent! In-Reply-To: <4EA7E379.1010906@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319615097.32388.7.camel@tardis> <4EA7E379.1010906@hardwarefreak.com> Message-ID: <20111026131418.GA16891@PC211.ikt.de> On Wed, Oct 26, 2011 at 05:39:53AM -0500, Stan Hoeppner wrote: [..] Stan, we all know your 'affection' for Noel Butler, as well as we all know him. But please keep this off list. Like Maarten pointed out, it's not worth the trouble and only bothers everybody. Dennis P.S. I know this should be send off list, but you have a habit to block very savagely :) From bernd at petrovitsch.priv.at Wed Oct 26 16:48:00 2011 From: bernd at petrovitsch.priv.at (Bernd Petrovitsch) Date: Wed, 26 Oct 2011 15:48:00 +0200 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA7B7B5.6060609@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> Message-ID: <1319636880.5546.19.camel@thorin> On Mit, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: > On 10/25/2011 2:34 PM, Charles Marcus wrote: [....] > > A word of advice... you need to take a breath, and START OVER. > > Yep. Start by ditching that old as dirt POS distro known as CentOS. Dovecot works fine on my CentOS-5.* and -6. > And don't roll-your-own-Dovecot from source. [....] And I used it self-compiled (because there were at times no current packages) and nowadays an RPM from some repo. Granted with sendmail as MTA but that shouldn't make a big difference. Bernd -- Bernd Petrovitsch Email : bernd at petrovitsch.priv.at LUGA : http://www.luga.at From pw at wk-serv.de Thu Oct 27 00:13:50 2011 From: pw at wk-serv.de (Patrick Westenberg) Date: Wed, 26 Oct 2011 23:13:50 +0200 Subject: [Dovecot] Indexes to MLC-SSD Message-ID: <4EA8780E.5030808@wk-serv.de> Hi all, is anyone on this list who dares/dared to store his index files on a MLC-SSD? Regards, Patrick From stan at hardwarefreak.com Thu Oct 27 05:36:06 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 26 Oct 2011 21:36:06 -0500 Subject: [Dovecot] Indexes to MLC-SSD In-Reply-To: <4EA8780E.5030808@wk-serv.de> References: <4EA8780E.5030808@wk-serv.de> Message-ID: <4EA8C396.3040105@hardwarefreak.com> On 10/26/2011 4:13 PM, Patrick Westenberg wrote: > Hi all, > > is anyone on this list who dares/dared to store his index files on a > MLC-SSD? I have not. But I can tell you that a 32GB Corsair MLC SSD in my workstation died after 4 months of laughably light duty. It had nothing to do with cell life but low product quality. This was my first foray into SSD. The RMA replacement is still kickin after 2 months, thankfully. I'm holding my breath... Scanning the reviews on Newegg shows early MLC SSD failures across most brands, early being a year or less. Some models/sizes are worse than others. OCZ has a good reputation overall, but reviews show some of their models to be grenades. Thus, if you were to put indexes on SSD, you should strongly consider using a mirrored pair. -- Stan From stan at hardwarefreak.com Thu Oct 27 05:51:21 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 26 Oct 2011 21:51:21 -0500 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319636880.5546.19.camel@thorin> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> Message-ID: <4EA8C729.7010409@hardwarefreak.com> On 10/26/2011 8:48 AM, Bernd Petrovitsch wrote: > On Mit, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: >> On 10/25/2011 2:34 PM, Charles Marcus wrote: > [....] >>> A word of advice... you need to take a breath, and START OVER. >> >> Yep. Start by ditching that old as dirt POS distro known as CentOS. > > Dovecot works fine on my CentOS-5.* and -6. Yes, because you know what you're doing. >> And don't roll-your-own-Dovecot from source. > [....] > > And I used it self-compiled (because there were at times no current > packages) and nowadays an RPM from some repo. > Granted with sendmail as MTA but that shouldn't make a big difference. See above comment. The OP is having trouble with a roll-your-own combo Dovecot and Postfix install. He went this route because the CentOS 5.x packages are old as dirt. Now he's having severe problems getting the RYO stuff working properly. If he has the option of using a distro with far more current packages, it would be much easier for him to get up and running. Thus my suggestion to give Debian a try. Any distro he's comfortable with and has access to, that has relatively up to date Dovecot and Postfix versions, would be just as suitable. The bulk of his problems stem from issues revolving around installing from source. Moving to recent distro packages will very likely solve most of his problems. -- Stan From dswartz at druber.com Thu Oct 27 05:54:25 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Wed, 26 Oct 2011 22:54:25 -0400 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA8C729.7010409@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com><4EA70F37.3000401@Media-Brokers.com><4EA7B7B5.6060609@hardwarefreak.com><1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> Message-ID: Ubuntu has a nice dovecot-postfix combo package. From nick.z.edwards at gmail.com Thu Oct 27 08:49:35 2011 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Thu, 27 Oct 2011 15:49:35 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA8C729.7010409@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> Message-ID: Why do you troll You do not help OP in any way saying, use another distribution, this is a clear sign of TROLL Too many on this list, if you not going to help OP piss off and dont click that reply button and ignore tham, how about we tell you to use another distribution that is current like gentoo, freebsd, slackware, or even a mac everytime you have a problem. Why Timo let you get away with this so long I cant believe. and if you for one minute think debian is a current you are bigger dickhead than you come across as. do not reply to me either I killfile trolls and I cant believe I did not fuck you off a long time ago, all you do is go into 15 page gooblygook hoping to dazzle people with your _lack_ of knowledge. What do they say a little knowledge in the hands of some is .... You remind me of that ninkenpoop Karl from the ubuntu list, maybe you are him in disguise On Thu, Oct 27, 2011 at 12:51 PM, Stan Hoeppner wrote: > On 10/26/2011 8:48 AM, Bernd Petrovitsch wrote: > > On Mit, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: > >> On 10/25/2011 2:34 PM, Charles Marcus wrote: > > [....] > >>> A word of advice... you need to take a breath, and START OVER. > >> > >> Yep. Start by ditching that old as dirt POS distro known as CentOS. > > > > Dovecot works fine on my CentOS-5.* and -6. > > Yes, because you know what you're doing. > > >> And don't roll-your-own-Dovecot from source. > > [....] > > > > And I used it self-compiled (because there were at times no current > > packages) and nowadays an RPM from some repo. > > Granted with sendmail as MTA but that shouldn't make a big difference. > > See above comment. > > The OP is having trouble with a roll-your-own combo Dovecot and Postfix > install. He went this route because the CentOS 5.x packages are old as > dirt. Now he's having severe problems getting the RYO stuff working > properly. > > If he has the option of using a distro with far more current packages, > it would be much easier for him to get up and running. Thus my > suggestion to give Debian a try. Any distro he's comfortable with and > has access to, that has relatively up to date Dovecot and Postfix > versions, would be just as suitable. > > The bulk of his problems stem from issues revolving around installing > from source. Moving to recent distro packages will very likely solve > most of his problems. > > -- > Stan > From nick.z.edwards at gmail.com Thu Oct 27 08:51:24 2011 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Thu, 27 Oct 2011 15:51:24 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> Message-ID: please do not feed the troll On Thu, Oct 27, 2011 at 12:54 PM, Dan Swartzendruber wrote: > > Ubuntu has a nice dovecot-postfix combo package. > > From lists at wildgooses.com Thu Oct 27 11:25:21 2011 From: lists at wildgooses.com (Ed W) Date: Thu, 27 Oct 2011 09:25:21 +0100 Subject: [Dovecot] SSL renegotiation vulnerability In-Reply-To: <4EA7CC7F.6090107@schetterer.org> References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> <4EA7CC7F.6090107@schetterer.org> Message-ID: <4EA91571.1010800@wildgooses.com> On 26/10/2011 10:01, Robert Schetterer wrote: > the most problem is see , not everybody can use fail2ban on his servers > by keeping out dummy auth users over nat ( I have such case ) > > anyway ,firewalls should slow down ddos attacks, which might cause other > problems then *g, but for sure not from one ip ... > > just a few thoughts..,for sure ,best way would be, getting it fixed If you google (I think it was on slashdot), I saw a couple of posts with a simple iptables rule with some rate limits attached to it. Clearly you could also read the iptables instructions and figure it out for yourself, but just highlighting that even the footwork has been done if you want copy/paste I think it's generally not such a bad idea to say limit tcp connections per second from a source IPs. There are plenty of big services that might not be able to implement this as a blanket, but for many shops it could probably be just added as a default for the server... Cheers Ed W From lists at wildgooses.com Thu Oct 27 11:31:13 2011 From: lists at wildgooses.com (Ed W) Date: Thu, 27 Oct 2011 09:31:13 +0100 Subject: [Dovecot] Indexes to MLC-SSD In-Reply-To: <4EA8C396.3040105@hardwarefreak.com> References: <4EA8780E.5030808@wk-serv.de> <4EA8C396.3040105@hardwarefreak.com> Message-ID: <4EA916D1.30409@wildgooses.com> On 27/10/2011 03:36, Stan Hoeppner wrote: > On 10/26/2011 4:13 PM, Patrick Westenberg wrote: >> Hi all, >> >> is anyone on this list who dares/dared to store his index files on a >> MLC-SSD? > I have not. But I can tell you that a 32GB Corsair MLC SSD in my > workstation died after 4 months of laughably light duty. It had nothing > to do with cell life but low product quality. This was my first foray > into SSD. The RMA replacement is still kickin after 2 months, > thankfully. I'm holding my breath... > > Scanning the reviews on Newegg shows early MLC SSD failures across most > brands, early being a year or less. Some models/sizes are worse than > others. OCZ has a good reputation overall, but reviews show some of > their models to be grenades. > > Thus, if you were to put indexes on SSD, you should strongly consider > using a mirrored pair. > I don't think you are saying that the advice varies here compared with HDDs? I do agree that some SSDs are showing very early failures, but it's only a tweak to the probability parameter compared with any other storage medium. They ALL fail at some point, and generally well within the life of the rest of the server. Some kind of failure planning is necessary Caveat the potentially higher failures vs HDDs I don't see any reason why an SSD shouldn't work well? (even more so if you are using maildir where indexes can be regenerated). More interestingly: for small sizes like 32GB, has anyone played with the "compressed ram with backing store" thing in newer kernels (that I forget the name of now). I think it's been marketed for swap files, but assuming I got the theory it could be used as a ram drive with slow writeback to permanent storage? Good luck Ed W From robert at schetterer.org Thu Oct 27 12:12:58 2011 From: robert at schetterer.org (Robert Schetterer) Date: Thu, 27 Oct 2011 11:12:58 +0200 Subject: [Dovecot] SSL renegotiation vulnerability In-Reply-To: <4EA91571.1010800@wildgooses.com> References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> <4EA7CC7F.6090107@schetterer.org> <4EA91571.1010800@wildgooses.com> Message-ID: <4EA9209A.8090601@schetterer.org> Am 27.10.2011 10:25, schrieb Ed W: > On 26/10/2011 10:01, Robert Schetterer wrote: >> the most problem is see , not everybody can use fail2ban on his servers >> by keeping out dummy auth users over nat ( I have such case ) >> >> anyway ,firewalls should slow down ddos attacks, which might cause other >> problems then *g, but for sure not from one ip > ... >> >> just a few thoughts..,for sure ,best way would be, getting it fixed > > If you google (I think it was on slashdot), I saw a couple of posts with > a simple iptables rule with some rate limits attached to it. Clearly > you could also read the iptables instructions and figure it out for > yourself, but just highlighting that even the footwork has been done if > you want copy/paste i just read it, but its my understanding, that this isnt solving the real Problem, also these rules cant used everywhere by tec layout reasons however youre right, this might help where using it is possible > > I think it's generally not such a bad idea to say limit tcp connections > per second from a source IPs. There are plenty of big services that > might not be able to implement this as a blanket, but for many shops it > could probably be just added as a default for the server... we have a big firewall before all server, it does rate con, but in heavy attacks, this can take off the whole farm, cause every firewall has its limits too, also the problem may involve core routers etc every big attack has to be analysed and reacted, there is reason to do something better ever, but there never be a safe world in www *g > > Cheers > > Ed W -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From urushkin at telros.ru Thu Oct 27 15:35:24 2011 From: urushkin at telros.ru (Sergey Urushkin) Date: Thu, 27 Oct 2011 16:35:24 +0400 Subject: [Dovecot] GSSAPI and deny=yes passdb In-Reply-To: <4E8ACB70.7060004@telros.ru> References: <4E8ACB70.7060004@telros.ru> Message-ID: <4EA9500C.6000405@telros.ru> Noone has an idea? # dovecot --version 2.0.15 04.10.2011 13:01, Sergey Urushkin ?????: > Hi. Is it possible to use GSSAPI authentication and deny passdb > together? Seems it doesn't work as I expect: GSSAPI doesn't check deny > passdb, so I'm not able to restrict access to GSSAPI-users. > > > ... -- Best regards, Sergey Urushkin From bernd at petrovitsch.priv.at Thu Oct 27 15:51:54 2011 From: bernd at petrovitsch.priv.at (Bernd Petrovitsch) Date: Thu, 27 Oct 2011 14:51:54 +0200 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA8C729.7010409@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> Message-ID: <1319719915.5546.47.camel@thorin> On Mit, 2011-10-26 at 21:51 -0500, Stan Hoeppner wrote: > On 10/26/2011 8:48 AM, Bernd Petrovitsch wrote: > > On Mit, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: > >> On 10/25/2011 2:34 PM, Charles Marcus wrote: > > [....] > >>> A word of advice... you need to take a breath, and START OVER. [....] > > Dovecot works fine on my CentOS-5.* and -6. > > Yes, because you know what you're doing. Every root/sysadmin/administrator is supposed to know what s/he is doing - even if one runs Ubuntu;-) [....] > >> And don't roll-your-own-Dovecot from source. BTW compiling dovecot is the usual `configure; make; make install' IIRC. For the configuration: if it doesn't work out of the box, you have to dive into it - even with .rpm/.deb based installs. And if it works out of the box, it may have a too "open" default configuration. SCNR .... [....] > > And I used it self-compiled (because there were at times no current > > packages) and nowadays an RPM from some repo. > > Granted with sendmail as MTA but that shouldn't make a big difference. [...] > The OP is having trouble with a roll-your-own combo Dovecot and Postfix > install. He went this route because the CentOS 5.x packages are old as > dirt. Now he's having severe problems getting the RYO stuff working Yes, because CentOS-5.* is old as dirt as it is basically an extremely stable enterprise distribution. > properly. [...] > If he has the option of using a distro with far more current packages, > it would be much easier for him to get up and running. Thus my Does he has that option? Running an old-and-stable distribution may have other reasons than "too lazy to upgrade". > suggestion to give Debian a try. Any distro he's comfortable with and > has access to, that has relatively up to date Dovecot and Postfix > versions, would be just as suitable. Debian/stable is (or at least was) usually similar old as SuSE-enterprise and RHEL/CentOS. > The bulk of his problems stem from issues revolving around installing If you know that exactly where his problems are, perhaps you should help him to solve it and just tell him to start somewhere else from scratch. > from source. Moving to recent distro packages will very likely solve > most of his problems. The most simple usual RHEL/CentOS (and Debian/Stale BTW while we're at it) solution is to try rebuilt the src.rpm (or src.deb, respectively) from the current (or a newer) Fedora. That might or not work without problems (like dependencies on quite newer version of some libraries) but the try is a matter on an hour or so. Kind regards, Bernd -- Bernd Petrovitsch Email : bernd at petrovitsch.priv.at LUGA : http://www.luga.at From maillist at lightspeed.ca Thu Oct 27 22:16:26 2011 From: maillist at lightspeed.ca (Ernie Dunbar) Date: Thu, 27 Oct 2011 12:16:26 -0700 Subject: [Dovecot] POP server migration and duplicate messages. Message-ID: I'm having trouble with Dovecot where my mail client (if it matters, I'm using Evolution) collects some duplicate messages when switching between POP servers that have the same messages on them. I'm doing this as a test for server migration for all of our clients. Here's my procedure: 1. set up Dovecot and Exim on the new server so that everything works like on the old server. The old server also uses Dovecot and Exim, so very few things changed. 2. On the new server, use NFS to access the users' Maildirs on a remote NFS server. 3. Sync the Maildirs on the NFS store from the old server with SCP (and I do a quick SCP sync on my own Maildir during testing to ensure that this process is quick). 4. Check mail in Evolution on the old server. 5. Change Evolution's server settings to use the new server. 6. Check mail again. Evolution is set to keep messages on the server for one week, and about 20 of the 184 messages on the server keep getting re-downloaded. From a random sampling, the UIDL of the messages checks out between both servers, so I really don't understand what's going on here. If this is just a bug in Evolution, then that means I can just go ahead with the full migration and hope that people aren't going to be stuck with re-downloading their entire mailbox which in some cases, means hundreds or thousands of messages. From aewhale at ABS-CompTech.com Thu Oct 27 22:52:41 2011 From: aewhale at ABS-CompTech.com (Albert E. Whale) Date: Thu, 27 Oct 2011 15:52:41 -0400 Subject: [Dovecot] Configuring mbox and maildir formats - dovecot-1.2.15 Message-ID: <4EA9B689.7060500@ABS-CompTech.com> I am transitioning an existing server from using exclusively mbox, to being able to support both mbox and then fully maildir formats. I need to support the mbox format until I can get everyone switched over to maildir. What do I need to to use in the config of /etc/dovecot.conf to support the default of mbox, and then the new Maildir format (users will get upgraded individually from mbox to Maildir, and need to be upgraded). Thank you. -- Albert E. Whale, CHS CISA CISSP Senior Technology & Security Director *ABS Computer Technology, Inc. * 412-635-7488 ext 100 aewhale at ABS-CompTech.com www.ABS-CompTech.com -------------- next part -------------- A non-text attachment was scrubbed... Name: aewhale.vcf Type: text/x-vcard Size: 384 bytes Desc: not available URL: From ssilva at sgvwater.com Fri Oct 28 00:35:30 2011 From: ssilva at sgvwater.com (Scott Silva) Date: Thu, 27 Oct 2011 14:35:30 -0700 Subject: [Dovecot] Configuring mbox and maildir formats - dovecot-1.2.15 In-Reply-To: <4EA9B689.7060500@ABS-CompTech.com> References: <4EA9B689.7060500@ABS-CompTech.com> Message-ID: on 10/27/2011 12:52 PM Albert E. Whale spake the following: > I am transitioning an existing server from using exclusively mbox, to being > able to support both mbox and then fully maildir formats. > > I need to support the mbox format until I can get everyone switched over to > maildir. > > What do I need to to use in the config of /etc/dovecot.conf to support the > default of mbox, and then the new Maildir format (users will get upgraded > individually from mbox to Maildir, and need to be upgraded). > > Thank you. > > When I did it, the automatic detection seemed to work OK. The only problem I had was because I used procmail for delivery. I had to have a custom procmailrc for each user as I did their migration. For each user, when you finish their migration, you have to rename their ~/mail folder to not show dupes. In my case as soon as there was a ~/Maildir folder, dovecot started using it and made new indexes. From seandarcy2 at gmail.com Fri Oct 28 00:56:36 2011 From: seandarcy2 at gmail.com (sean darcy) Date: Thu, 27 Oct 2011 17:56:36 -0400 Subject: [Dovecot] newbie: can't login as virtual user Message-ID: dovecot -n # 2.0.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38.8-32.fc15.i686.PAE i686 Fedora release 15 (Lovelock) auth_debug_passwords = yes disable_plaintext_auth = no info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_access_groups = mail mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u mail_privileged_group = mail mbox_write_locks = fcntl passdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } ssl_cert = , method=PLAIN, rip= , lip= , mpid=27062, TLS What's wrong with my configuration? Thanks, sean From marco at carcano.ch Fri Oct 28 01:55:09 2011 From: marco at carcano.ch (Marco Carcano) Date: Fri, 28 Oct 2011 00:55:09 +0200 Subject: [Dovecot] Mail lost - maybe a bug??? Message-ID: <0A7F1BA2-87A8-4688-A69B-86EAA7D78A73@carcano.ch> Hello everybody I'm struggling against what seems a really serious trouble: sometimes mail get lost I did all the possible checks, but they seems really lost - I know is absurd, but it seems so it has been noticed by two users on my server: intially I tought that was their mistake (mail deleted, mail into spam, ecc), but it wasn't I deeply checked mail logs, and it seems that mail are delivered (the path is postfix->amavis->dovecotlda) - log files says that messages are delivered, but sometimes we lost a message. I also tried to get into the Maildir and grep the subject of the lost email: if it was addressed to more recipients I'm able to get it on some of them, but not to all (look at the example below) I hope I have clearly explained everything, otherwise let me knowmydomain now an extract from the log file: Oct 27 11:20:29 srv001 postfix/smtpd[24562]: connect from usstlz- psecap06.emerson.com[144.191.128.17] Oct 27 11:20:30 srv001 postfix/smtpd[24562]: CE0B74E4A9F: client=usstlz-psecap06.emerson.com[144.191.128.17] Oct 27 11:20:31 srv001 postfix/cleanup[25157]: CE0B74E4A9F: warning: header Subject: =?utf-8?B? RW1lcnNvbiBHbG9iYWwgVXNlcnMgRXhjaGFuZ2UgMjAxMiBpbiBEw7xzc2VsZG9yZiA6IFJlaWNoZW4gU2llIGpldHp0IElocmUgUHLDpHNlbnRhdGlvbmVuIGVpbg ==?= from usstlz-psecap06.emerson.com[144.191.128.17]; from= to= proto=ESMTP helo= Oct 27 11:20:31 srv001 postfix/cleanup[25157]: CE0B74E4A9F: message- id= Oct 27 11:20:31 srv001 postfix/qmgr[11827]: CE0B74E4A9F: from=, size=22689, nrcpt=3 (queue active) Oct 27 11:20:33 srv001 dovecot: imap(lromano): Disconnected: Logged out bytes=632/34319 Oct 27 11:20:34 srv001 postfix/smtpd[25162]: connect from localhost.localdomain[127.0.0.1] Oct 27 11:20:34 srv001 postfix/smtpd[25162]: B16284E4AA2: client=localhost.localdomain[127.0.0.1] Oct 27 11:20:34 srv001 postfix/cleanup[25157]: B16284E4AA2: message- id= Oct 27 11:20:34 srv001 postfix/qmgr[11827]: B16284E4AA2: from=, size=23094, nrcpt=3 (queue active) Oct 27 11:20:34 srv001 amavis[22923]: (22923-01) Passed CLEAN, [144.191.128.17] [155.177.20.144] -> ,,, Message-ID: , mail_id: 6rtF4927FAjt, Hits: -0.518, size: 22687, queued_as: B16284E4AA2, 3293 ms Oct 27 11:20:34 srv001 postfix/lmtp[25158]: CE0B74E4A9F: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=0.95/0.01/0.01/3.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B16284E4AA2) Oct 27 11:20:34 srv001 postfix/lmtp[25158]: CE0B74E4A9F: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=0.95/0.01/0.01/3.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B16284E4AA2) Oct 27 11:20:34 srv001 postfix/lmtp[25158]: CE0B74E4A9F: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=0.95/0.01/0.01/3.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B16284E4AA2) Oct 27 11:20:34 srv001 postfix/qmgr[11827]: CE0B74E4A9F: removed Oct 27 11:20:34 srv001 dovecot: lda(user1): msgid=: saved mail to INBOX Oct 27 11:20:34 srv001 postfix/pipe[25165]: B16284E4AA2: to=, relay=dovecot, delay=0.04, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 27 11:20:34 srv001 dovecot: lda(user2): msgid=: saved mail to INBOX Oct 27 11:20:34 srv001 postfix/pipe[25168]: B16284E4AA2: to=, relay=dovecot, delay=0.04, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 27 11:20:34 srv001 dovecot: lda(user3): msgid=: saved mail to INBOX Oct 27 11:20:34 srv001 postfix/pipe[25170]: B16284E4AA2: to=, relay=dovecot, delay=0.05, delays=0.01/0.02/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 27 11:20:34 srv001 postfix/qmgr[11827]: B16284E4AA2: removed Oct 27 11:20:36 srv001 postfix/smtpd[24562]: disconnect from usstlz- psecap06.emerson.com[144.191.128.17] as you can see there was a message for oil at mydomain.ch (I obviously changed the domain for privacy) - logs says that all the three users got the email, but the third user didn't. I do not know why and when it happens, but seldom we have this issue maybe is there some kind of bug in the maildrop version I use? by the way, I had this issue also before installing amavisd-new now some infos: CentOS 5.3 postfix-2.3.3-2.1.el5_2 amavisd-new-2.6.6-1.el5.rf dovecot-2.0.11-1_126 dovecot-managesieve-0.2.2-15 dovecot-pigeonhole-0.2.2-15 users are on a Kerberized OpenLDAP please help me because this is really driving me crazy - don't leave me alone, please Marco Carcano From stan at hardwarefreak.com Fri Oct 28 03:07:19 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 27 Oct 2011 19:07:19 -0500 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319719915.5546.47.camel@thorin> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> <1319719915.5546.47.camel@thorin> Message-ID: <4EA9F237.5010000@hardwarefreak.com> On 10/27/2011 7:51 AM, Bernd Petrovitsch wrote: > Debian/stable is (or at least was) usually similar old as > SuSE-enterprise and RHEL/CentOS. This is simply not true. Debian stable has consistently newer packages across the board compared to RHEL or CentOS. Debian Backports offers even newer packages. The Red Hat ecosystem has no equivalent back port project TTBOMK. -- Stan From jtam.home at gmail.com Fri Oct 28 03:13:56 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Thu, 27 Oct 2011 17:13:56 -0700 (PDT) Subject: [Dovecot] newbie: can't login as virtual user In-Reply-To: References: Message-ID: sean darcy writes: > Oct 22 21:45:55 auth: Debug: passwd(test1 at example.com, ): lookup > Oct 22 21:45:55 auth: Info: passwd(test1 at example.com, ): unknown user > Oct 22 21:45:55 auth: Debug: passwd-file(test1 at example.com, ): > lookup: user=test1 at example.com file=/etc/dovecot/users > Oct 22 21:45:55 auth: Debug: master out: USER 2303328257 test1 at example.com > Oct 22 21:45:55 imap-login: Info: Login: user=, > method=PLAIN, rip= , lip= , mpid=27062, TLS I think up to now it's OK (not quite sure about "master out" log entry but it looks innocuous enough). Dovecot reports to have looked in the system password file, failed, then looked in /etc/dovecot/users and found the user and logged them in. I think the problem happens later and you will have to show the subsequent log entries. Joseph Tam From nicosuhl at googlemail.com Fri Oct 28 11:42:04 2011 From: nicosuhl at googlemail.com (Nico Suhl) Date: Fri, 28 Oct 2011 10:42:04 +0200 Subject: [Dovecot] IMAP shows forwarding and vacation files Message-ID: <4EAA6ADC.5000003@gmail.com> Hello, I'm migrating our mailserver from a linux machine to solaris and got some small problems with our forwarding and vacation files, which are stored in the maildir of each user. I'm now using 2.0.15, on the old machine there was a dovecot 1. Now the problem is, that the .forward and .vacation files, which are used by exim, are shown as folders (they have a point...) in imap lists. This problem only occurs on the new solaris machine and not on the old linux system (with dovecot v1) or another testing machine with dovecot 2, which runs also under linux. userdb lookups are static with system account/group of exim. Is there any way to "hide" the .forward and .vacation files or do i have to rename or move them? Why are they shown here and not on our testsystems? regards, Nico Suhl From stephan at rename-it.nl Fri Oct 28 12:29:11 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 28 Oct 2011 11:29:11 +0200 Subject: [Dovecot] IMAP shows forwarding and vacation files In-Reply-To: <4EAA6ADC.5000003@gmail.com> References: <4EAA6ADC.5000003@gmail.com> Message-ID: <4EAA75E7.3080107@rename-it.nl> Op 28-10-2011 10:42, Nico Suhl schreef: > I'm migrating our mailserver from a linux machine to solaris and got > some small problems with our forwarding and vacation files, which are > stored in the maildir of each user. > > I'm now using 2.0.15, on the old machine there was a dovecot 1. > > Now the problem is, that the .forward and .vacation files, which are > used by exim, are shown as folders (they have a point...) in imap lists. > > This problem only occurs on the new solaris machine and not on the old > linux system (with dovecot v1) or another testing machine with dovecot > 2, which runs also under linux. > > userdb lookups are static with system account/group of exim. > > Is there any way to "hide" the .forward and .vacation files or do i have > to rename or move them? From http://wiki2.dovecot.org/MailLocation/Maildir#Optimizations : maildir_stat_dirs=no (default): Assume that all the files beginning with a dot in the maildir are maildirs. You shouldn't have any non-directory files beginning with a dot in the maildirs, but if you do you may need to set this to "yes", in which case Dovecot needs to stat() each directory entry, which degrades the performance. Some filesystems provide the directory/non-directory status for free without having to stat(). In those filesystems this setting is ignored. It is still not a good idea make the user's 'home' directory equal to the maildir. Place mail in its own sub-directory. > Why are they shown here and not on our testsystems? That I don't know. Regards, Stephan. From gdelafond+dovecot at aquaray.com Fri Oct 28 12:49:26 2011 From: gdelafond+dovecot at aquaray.com (de Lafond Guillaume) Date: Fri, 28 Oct 2011 11:49:26 +0200 Subject: [Dovecot] doveadm 'proxy list' or 'who' not working ? Message-ID: <7A7D318C-0BA3-4FDB-AB7F-F36A540C8472@aquaray.com> Hi, I switched from dovecot 1.2.* to 2.0.* for a mail proxy. I try to play with the new cool utility doveadm, but I don't manage to get results from it. # /usr/local/dovecot-2.0.15/bin/doveadm proxy list username proto src ip dest ip port # As 'proxy list' does not return anything, I tried with 'who' # /usr/local/dovecot-2.0.15/bin/doveadm who -a /var/run/dovecot-socket-auth/anvil username # proto (pids) (ips) # I think it should display something as I have many user connected : #ps axww | grep imap ... 21194 ? S 0:11 dovecot/imap-login [13 connections (8 TLS)] 21195 ? S 3:38 dovecot/imap-login [47 connections (38 TLS)] 29463 ? S 1:00 dovecot/imap-login [210 connections (183 TLS)] ... I should have something that is not well configured.. but I don't manage to find it. Does anybody have an idea where I should look to solve this ? Here is my dovecot.conf : # /usr/local/dovecot-2.0.15/bin/doveadm config # 2.0.15: /usr/local/dovecot-2.0.15/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 auth_anonymous_username = anonymous auth_cache_negative_ttl = 0 auth_cache_size = 1 k auth_cache_ttl = 15 mins auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_first_valid_uid = 500 auth_gssapi_hostname = auth_krb5_keytab = auth_last_valid_uid = 0 auth_master_user_separator = auth_mechanisms = plain login apop cram-md5 auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = auth_username_translation = auth_verbose = no auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot-proxy config_cache_size = 1 M debug_log_path = default_client_limit = 1000 default_idle_kill = 60 default_internal_user = dovecot default_login_user = dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins disable_plaintext_auth = no dotlock_use_excl = yes doveadm_allowed_commands = doveadm_password = doveadm_proxy_port = 0 doveadm_socket_path = doveadm-server doveadm_worker_count = 0 first_valid_gid = 1 first_valid_uid = 89 hostname = imap_capability = imap_client_workarounds = imap_id_log = imap_id_send = imap_idle_notify_interval = 2 mins imap_logout_format = bytes=%i/%o imap_max_line_length = 64 k import_environment = TZ info_log_path = /var/log/mail/dovecot_info-proxy.log last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/local/dovecot-2.0.15/libexec/dovecot listen = * lmtp_proxy = no lmtp_save_to_detail_mailbox = no lock_method = fcntl log_path = /var/log/mail/dovecot-proxy.log log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Proxy POP/IMAP login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c login_trusted_networks = mail_access_groups = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = no mail_fsync = optimized mail_full_filesystem_access = no mail_gid = mail_home = mail_location = mail_log_prefix = "%s(%u): " mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /usr/local/dovecot-2.0.15/lib/dovecot mail_plugins = mail_privileged_group = mail_save_crlf = no mail_temp_dir = /tmp mail_uid = mailbox_idle_check_interval = 30 secs mailbox_list_index_disable = no maildir_copy_with_hardlinks = yes maildir_stat_dirs = no maildir_very_dirty_syncs = no master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = dotlock fcntl mdbox_preallocate_space = no mdbox_rotate_interval = 0 mdbox_rotate_size = 2 M mmap_disable = yes namespace { hidden = no inbox = yes list = yes location = prefix = separator = / subscriptions = yes type = private } namespace { hidden = yes inbox = no list = no location = prefix = INBOX/ separator = / subscriptions = yes type = private } passdb { args = /usr/local/dovecot/etc/dovecot-sql-proxy.conf deny = no driver = sql master = no pass = no } plugin { quota = maildir } pop3_client_workarounds = pop3_enable_last = no pop3_fast_size_lookups = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_no_flag_updates = no pop3_reuse_xuidl = no pop3_save_uidl = no pop3_uidl_format = %08Xu%08Xv postmaster_address = protocols = imap pop3 quota_full_tempfail = no recipient_delimiter = + rejection_reason = Your message to <%t> was automatically rejected:%n%r rejection_subject = Rejected: %s sendmail_path = /usr/sbin/sendmail service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service auth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = auth -w extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 4096 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener auth-client { group = mode = 0600 user = } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0600 user = } unix_listener login/login { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service config { chroot = client_limit = 0 drop_priv_before_exec = no executable = config extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = config unix_listener config { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service dict { chroot = client_limit = 1 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service director { chroot = client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dns_client { chroot = client_limit = 1 drop_priv_before_exec = no executable = dns-client extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dns-client { group = mode = 0666 user = } unix_listener login/dns-client { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service doveadm { chroot = client_limit = 1 drop_priv_before_exec = no executable = doveadm-server extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener doveadm-server { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service imap-login { chroot = login client_limit = 256 drop_priv_before_exec = no executable = imap-login extra_groups = group = idle_kill = 0 inet_listener imap { address = * port = 143 ssl = no } inet_listener imaps { address = * port = 993 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 20 protocol = imap service_count = 0 type = login user = mail vsz_limit = 64 M } service imap { chroot = client_limit = 1 drop_priv_before_exec = yes executable = imap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener login/imap { group = mode = 0666 user = } user = vsz_limit = 256 M } service ipc { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = ipc extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener ipc { group = mode = 0600 user = } unix_listener login/ipc-proxy { group = mode = 0600 user = $default_login_user } user = $default_internal_user vsz_limit = 18446744073709551615 B } service lmtp { chroot = client_limit = 0 drop_priv_before_exec = no executable = lmtp extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = unix_listener lmtp { group = mode = 0666 user = } user = vsz_limit = 0 } service log { chroot = client_limit = 0 drop_priv_before_exec = no executable = log extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = log user = vsz_limit = 18446744073709551615 B } service pop3-login { chroot = login client_limit = 256 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = * port = 110 ssl = no } inet_listener pop3s { address = * port = 995 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 20 protocol = pop3 service_count = 0 type = login user = mail vsz_limit = 64 M } service pop3 { chroot = client_limit = 1 drop_priv_before_exec = yes executable = pop3 extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = pop3 service_count = 1 type = unix_listener login/pop3 { group = mode = 0666 user = } user = vsz_limit = 256 M } service ssl-params { chroot = client_limit = 0 drop_priv_before_exec = no executable = ssl-params extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = startup unix_listener login/ssl-params { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = yes ssl_ca = Hello all, I am testing postlogin script with dovecot 2. I works but i would like that the imap and pop session get executed even if the post-login script fail. my postlogin script is very simple: #/etc/dovecot/conf.d/10-master.conf service imap { executable = imap imap-postlogin } # service imap-postlogin { executable = script-login /usr/local/bin/postlogin.sh unix_listener imap-postlogin { } } service pop3 { executable = pop3 imap-postlogin } #/usr/local/bin/postlogin.sh echo "UPDATE mailbox SET last_login = now() WHERE username = '$USER'" | mysql -upostlogin -pXXXXXXXX postfixadmin exec "$@" Thanks in advance Osvaldo From stsiol at yahoo.co.uk Fri Oct 28 14:07:46 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Fri, 28 Oct 2011 12:07:46 +0100 (BST) Subject: [Dovecot] adding dovecot to webmin list of services Message-ID: <1319800066.96916.YahooMailNeo@web27204.mail.ukl.yahoo.com> Hello , I am playing with webmin these days and find it really fun to install and use everyday. However, on the services option, amongst other services, the dovecot service is not shown. Does anyone out there have similar experience with webmin and dovecot and know how to make it appear there ? I am using CentOS (5.5/5.6/5.7) 32-bit Dovecot was installed manually and not from yum (.rpm) Dovecot v1.2.15 TIA, s. ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From arlin at mvs.us Fri Oct 28 14:35:56 2011 From: arlin at mvs.us (Arlin) Date: Fri, 28 Oct 2011 17:05:56 +0530 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? Message-ID: <003b01cc9565$c3b86960$4b293c20$@mvs.us> Hi, How can we horizontally scale Dovecot across multiple servers? Do we require to install independent instances of Dovecot on each server? We are planning to use a NAS/SAN device using ZFS or EFS for email storage. Each logical unit will be of 10TB and similarly as the no: of user increases we are planning to add multiple 10TB units. In this case how we can manage the email storage on multiple volumes from Dovecot. The configuration of our existing system is:- Dovecot 1.0.15 / Maildirs Postfix 2.5.5 Debian 5.0.9 (Lenny) MySQL 5.0.15 Please advise. Thanks in advance. Creative Regards, Arlin From stsiol at yahoo.co.uk Fri Oct 28 14:43:37 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Fri, 28 Oct 2011 12:43:37 +0100 (BST) Subject: [Dovecot] adding dovecot to webmin list of services In-Reply-To: <1319800066.96916.YahooMailNeo@web27204.mail.ukl.yahoo.com> References: <1319800066.96916.YahooMailNeo@web27204.mail.ukl.yahoo.com> Message-ID: <1319802217.51718.YahooMailNeo@web27202.mail.ukl.yahoo.com> Duh ! It's already there and I didn't notice it. How typical of me. Sorry guys, s. ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis ----- Original Message ----- > From: Spyros Tsiolis > To: Dovecot > Cc: > Sent: Friday, 28 October 2011, 14:07 > Subject: [Dovecot] adding dovecot to webmin list of services > > Hello , > > I am playing with webmin these days and find it > really fun to install and use everyday. > > However, on the services option, amongst other > services, the dovecot service is not shown. > > Does anyone out there have similar experience > with webmin and dovecot and know how to make > it appear there ? > > I am using CentOS (5.5/5.6/5.7) 32-bit > Dovecot was installed manually and not from > yum (.rpm) > Dovecot v1.2.15 > > > TIA, > > s. > > > > > > > > ? > ---- > "I merely function as a channel that filters > music through the chaos of noise" > - Vangelis > From taeuber at bbaw.de Fri Oct 28 18:11:55 2011 From: taeuber at bbaw.de (Lars =?UTF-8?B?VMOkdWJlcg==?=) Date: Fri, 28 Oct 2011 17:11:55 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 Message-ID: <20111028171155.ba0dc761.taeuber@bbaw.de> Hi there. How can I configure dovecot not to listen for imaps connections on port 143. Thanks Lars From matthew.williams at bangor.ac.uk Fri Oct 28 18:17:51 2011 From: matthew.williams at bangor.ac.uk (Dr Matthew Williams) Date: Fri, 28 Oct 2011 16:17:51 +0100 Subject: [Dovecot] Quotas with Maildir and mdbox Message-ID: <4EAAC79F.8010805@bangor.ac.uk> Hello, We use LDAP to store our Maildir++ quota information for our Maildir mailboxes. I notice in the documentation that only SQL and flat files are supported by the dictionary quota if I want to use quota with mdbox? Are there any plans to allow LDAP to be used as the store? Regards, Matthew. -- Dr Matthew Williams MEng PhD MBCS Systems Administrator - IT Services - Bangor University Prifysgol Bangor Tel: (44) (0)1248 382414 Adeilad Deiniol Mob: (44) (0)7979 778269 Ffordd Deiniol URL: www.bangor.ac.uk Bangor, Gwynedd LL57 2UX EMail: matthew.williams at bangor.ac.uk -- Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi, gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar unwaith a dil?wch y neges. Os na fwriadwyd anfon y neges atoch chi, rhaid i chi beidio ? defnyddio, cadw neu ddatgelu unrhyw wybodaeth a gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i hanfonodd yn unig ac nid yw o anghenraid yn cynrychioli barn Prifysgol Bangor. Nid yw Prifysgol Bangor yn gwarantu bod y neges e-bost hon neu unrhyw atodiadau yn rhydd rhag firysau neu 100% yn ddiogel. Oni bai fod hyn wedi ei ddatgan yn uniongyrchol yn nhestun yr e-bost, nid bwriad y neges e-bost hon yw ffurfio contract rhwymol - mae rhestr o lofnodwyr awdurdodedig ar gael o Swyddfa Cyllid Prifysgol Bangor. www.bangor.ac.uk This email and any attachments may contain confidential material and is solely for the use of the intended recipient(s). If you have received this email in error, please notify the sender immediately and delete this email. If you are not the intended recipient(s), you must not use, retain or disclose any information contained in this email. Any views or opinions are solely those of the sender and do not necessarily represent those of the Bangor University. Bangor University does not guarantee that this email or any attachments are free from viruses or 100% secure. Unless expressly stated in the body of the text of the email, this email is not intended to form a binding contract - a list of authorised signatories is available from the Bangor University Finance Office. www.bangor.ac.uk From dswartz at druber.com Fri Oct 28 18:21:33 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Fri, 28 Oct 2011 11:21:33 -0400 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <20111028171155.ba0dc761.taeuber@bbaw.de> References: <20111028171155.ba0dc761.taeuber@bbaw.de> Message-ID: <4EAAC87D.80602@druber.com> Lars T?uber wrote: > Hi there. > > How can I configure dovecot not to listen for imaps connections on port 143. > > Thanks > Lars > You should be able to configure the dovecot.conf file to remove imaps as one of the protocols. e.g. like this line: protocols = imap imaps From simon.brereton at buongiorno.com Fri Oct 28 18:28:30 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Fri, 28 Oct 2011 11:28:30 -0400 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <4EAAC87D.80602@druber.com> References: <20111028171155.ba0dc761.taeuber@bbaw.de> <4EAAC87D.80602@druber.com> Message-ID: On 28 October 2011 11:21, Dan Swartzendruber wrote: > Lars T?uber wrote: >> >> Hi there. >> >> How can I configure dovecot not to listen for imaps connections on port >> 143. >> >> Thanks >> Lars >> > > You should be able to configure the dovecot.conf file to remove imaps as one > of the protocols. > > e.g. like this line: > > protocols = imap imaps I understood that the OP wanted to have IMAPS listen on some port other than 143.. Simon From dswartz at druber.com Fri Oct 28 18:55:50 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Fri, 28 Oct 2011 11:55:50 -0400 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <20111028171155.ba0dc761.taeuber@bbaw.de> References: <20111028171155.ba0dc761.taeuber@bbaw.de> Message-ID: <4EAAD086.7040904@druber.com> that was lame. i tried posting a snippet of the sample dovecot.conf file to show the part that the OP would want to change, and the mailer bounced it with: : permission denied. Command output: Don't post your whole dovecot.conf. Use dovecot -n instead. Fooey... From robert at schetterer.org Fri Oct 28 19:18:23 2011 From: robert at schetterer.org (Robert Schetterer) Date: Fri, 28 Oct 2011 18:18:23 +0200 Subject: [Dovecot] post login script In-Reply-To: References: Message-ID: <4EAAD5CF.90905@schetterer.org> Am 28.10.2011 12:49, schrieb Osvaldo Alvarez Pozo: > Hello all, > > I am testing postlogin script with dovecot 2. > > I works but i would like that the imap and pop session get executed > even if the post-login script fail. > > my postlogin script is very simple: > > #/etc/dovecot/conf.d/10-master.conf > > service imap { > > executable = imap imap-postlogin > > } > # > service imap-postlogin { > > executable = script-login /usr/local/bin/postlogin.sh > > unix_listener imap-postlogin { > } > } > > > service pop3 { > > executable = pop3 imap-postlogin > > } > > #/usr/local/bin/postlogin.sh > echo "UPDATE mailbox SET last_login = now() WHERE username = '$USER'" > | mysql -upostlogin -pXXXXXXXX postfixadmin > exec "$@" > > > Thanks in advance > > Osvaldo i have it like this service pop3 { executable = pop3 pop3-postlogin } service pop3-postlogin { executable = script-login /usr/local/bin/postlogin_pop3.sh user = root unix_listener pop3-postlogin { } } -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From japc at co.sapo.pt Fri Oct 28 19:45:02 2011 From: japc at co.sapo.pt (=?ISO-8859-1?Q?Jos=E9?= Celestino) Date: Fri, 28 Oct 2011 17:45:02 +0100 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: References: <20111028171155.ba0dc761.taeuber@bbaw.de> <4EAAC87D.80602@druber.com> Message-ID: <1319820302.12048.2.camel@morgoth> On Sex, 2011-10-28 at 11:28 -0400, Simon Brereton wrote: > On 28 October 2011 11:21, Dan Swartzendruber wrote: > > Lars T?uber wrote: > >> > >> Hi there. > >> > >> How can I configure dovecot not to listen for imaps connections on port > >> 143. > >> > >> Thanks > >> Lars > >> > > > > You should be able to configure the dovecot.conf file to remove imaps as one > > of the protocols. > > > > e.g. like this line: > > > > protocols = imap imaps > > I understood that the OP wanted to have IMAPS listen on some port > other than 143.. > IMAPS already listens on a port other than 143, port 993. From nmilas at noa.gr Fri Oct 28 20:15:33 2011 From: nmilas at noa.gr (Nikolaos Milas) Date: Fri, 28 Oct 2011 20:15:33 +0300 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <1319820302.12048.2.camel@morgoth> References: <20111028171155.ba0dc761.taeuber@bbaw.de> <4EAAC87D.80602@druber.com> <1319820302.12048.2.camel@morgoth> Message-ID: <4EAAE335.4060209@noa.gr> On 28/10/2011 7:45 ??, Jos? Celestino wrote: > IMAPS already listens on a port other than 143, port 993. True. If you don't want to offer TLS/SSL, I guess you can just set ssl = no. If you want to force the use of TLS/SSL (which I imagine will disable accepting connections on port 143), use ssl = required. Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5554 bytes Desc: S/MIME Cryptographic Signature URL: From sven at svenhartge.de Fri Oct 28 20:58:49 2011 From: sven at svenhartge.de (Sven Hartge) Date: Fri, 28 Oct 2011 19:58:49 +0200 Subject: [Dovecot] Quotas with Maildir and mdbox References: <4EAAC79F.8010805@bangor.ac.uk> Message-ID: <589hf9ru2v8@mids.svenhartge.de> Dr Matthew Williams wrote: > We use LDAP to store our Maildir++ quota information for our Maildir > mailboxes. I notice in the documentation that only SQL and flat files > are supported by the dictionary quota if I want to use quota with > mdbox? Are there any plans to allow LDAP to be used as the store? Do you really want to use LDAP to store the constant changing and often rewritten values for the actual used space of the mailbox? Believe me, this _will_ cause awful performance. Reading the maximum quota values from LDAP on the other hand is quite common, just storing the runtime information about the message count and the current size is a very very bad idea. Gr??e, Sven. -- Sigmentation fault. Core dumped. From seandarcy2 at gmail.com Fri Oct 28 22:34:14 2011 From: seandarcy2 at gmail.com (sean darcy) Date: Fri, 28 Oct 2011 15:34:14 -0400 Subject: [Dovecot] What owner/permissions for virtual homes? Message-ID: VirtualUsers.Home.txt: The directory layouts for home and mail directories could look like one of these (in the preferred order): 1. Mail directory under home, for example: home='/var/vmail/domain/user/' mail='/var/vmail/domain/user/mail/' Who should be the owner of these directories, with that permissions? Does it make a difference if it's /home/vmail rather than /var/vmail? Thanks, Jay From pgnet.dev+rich-dovecot at gmail.com Fri Oct 28 23:01:17 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Fri, 28 Oct 2011 13:01:17 -0700 Subject: [Dovecot] Are you successfully using using SQL queries to manage Dovecot2 Quota Values & Limits? Message-ID: On Mon, Oct 24, 2011 at 11:14 AM, Rich wrote: > I'm able to consistently reproduce this problem/behavior, but not > workaround or fix it, yet. > > Rich > > On Wed, Oct 19, 2011 at 7:41 AM, Rich wrote: >> I've made some progress, but quota 'Limit' is still not fully >> functioning for me. >> >> A couple of changes have helped: >> >> Specifying a "%u% as username format, >> >> ? ? ? ?/etc/dovecot/conf.d/90-quota.conf >> ? ? ? ? ? ? ? ?plugin { >> - ? ? ? ? ? ? ? ? ? ? ? quota = dict:User Quota::proxy::quota >> + ? ? ? ? ? ? ? ? ? ? ? quota = dict:User Quota:%u:proxy::quota >> ? ? ? ? ? ? ? ? ? ? ? ?quota_rule = *:bytes=1073741824:messages=10000 >> ? ? ? ? ? ? ? ? ? ? ? ?quota_rule2 = Trash:storage=+10%% >> ? ? ? ? ? ? ? ?} >> >> using 'username' rather than 'user' in the user iteration query >> >> ? ? ? ?/etc/dovecot/sql/virtmail-userdb-sql.cf >> ? ? ? ? ? ? ? ?driver = mysql >> ? ? ? ? ? ? ? ?connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user >> password=my_pass >> ? ? ? ? ? ? ? ?user_query = CALL UserDBQuery('%n','%d'); >> - ? ? ? ? ? ? ? iterate_query = SELECT `MAILBOX_user_domain` AS user FROM `PARAMS`; >> + ? ? ? ? ? ? ? iterate_query = SELECT `MAILBOX_user_domain` AS username FROM `PARAMS`; >> >> and adding to my user_query, >> >> ? ? ? ?CREATE PROCEDURE `UserDBQuery`( >> ? ? ? ? ? ? ? ?... >> ? ? ? ? ? ? ? ?SELECT ... >> ? ? ? ? ? ? ? ? ?concat('*:bytes=', quota_bytes, ':messages=10000') AS quota_rule, >> ? ? ? ? ? ? ? ? ?... >> >> Now, at init, >> >> ? ? ? ?doveadm quota get -A >> ? ? ? ? ? ? ? ?Username ? ? ? ? ? ? ? ?Quota name ? ? ?Type ? ? ? ? ? ?Value ? Limit ? % >> ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 >> ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 >> ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 >> ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 >> >> ? ? ? ?mysql> select * from PARAMS; >> ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ >> ? ? ? ? ? ? ? ?| ai | MAILBOX_user_domain ? ?| quota_bytes | quota_msgs | >> ? ? ? ? ? ? ? ?+----+------------------------+-------------+------------+ >> ? ? ? ? ? ? ? ?| ?1 | ?myuser at domain1.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | >> ? ? ? ? ? ? ? ?| ?2 | ?myuser at domain2.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | >> ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ >> ? ? ? ? ? ? ? ?2 rows in set (0.00 sec) >> >> and, after sending a single message to 'myuser at domain1.com', I do see >> that Dovecot now recognizes/calculates a quota change, and only for >> one domain, >> >> ? ? ? ?doveadm quota get -A >> ? ? ? ? ? ? ? ?Username ? ? ? ? ? ? ? ?Quota name ? ? ?Type ? ? ? ? ? ?Value ? Limit ? % >> ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 3 ? ? ? 3 ? ? ? 100 >> ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 1 ? ? ? 10000 ? 0 >> ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 >> ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 >> >> ? ? ? ?mysql> select * from PARAMS; >> ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ >> ? ? ? ? ? ? ? ?| ai | MAILBOX_user_domain ? ?| quota_bytes | quota_msgs | >> ? ? ? ? ? ? ? ?+----+------------------------+-------------+------------+ >> ? ? ? ? ? ? ? ?| ?1 | ?myuser at domain1.com ? ?| ? ? ? ?3269 | ? ? ? ? ?1 | >> ? ? ? ? ? ? ? ?| ?2 | ?myuser at domain2.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | >> ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ >> ? ? ? ? ? ? ? ?2 rows in set (0.00 sec) >> >> >> But, the Limit's wrong. ?It's not picking up the global Limit from >> >> ? ? ? ?/etc/dovecot/conf.d/90-quota.conf >> ? ? ? ? ? ? ? ?... >> --> ? ? ? ? ? ? quota_rule = *:bytes=1073741824:messages=10000 >> ? ? ? ? ? ? ? ?... >> >> and once a message quota Value is calculated, the Limit is set == >> Value, resulting in an incorrrect quota %-age of 100%. >> >> Is Limit supposed to be specified per-user? >> >> Rich >> > From seandarcy2 at gmail.com Fri Oct 28 23:04:30 2011 From: seandarcy2 at gmail.com (sean darcy) Date: Fri, 28 Oct 2011 16:04:30 -0400 Subject: [Dovecot] What owner/permissions for virtual homes? In-Reply-To: References: Message-ID: On 10/28/2011 03:34 PM, sean darcy wrote: > VirtualUsers.Home.txt: > > The directory layouts for home and mail directories could look like one of > these (in the preferred order): > > 1. Mail directory under home, for example: home='/var/vmail/domain/user/' > mail='/var/vmail/domain/user/mail/' > > Who should be the owner of these directories, with that permissions? > > Does it make a difference if it's /home/vmail rather than /var/vmail? > > Thanks, > sean > > Also, it suggests the following configuration: mail_home = /var/vmail/%d/%n mail_location = maildir:~/mail but where does mail_home appear? Also in 10-mail.conf? sean From dovecot-ml at makomi.de Fri Oct 28 23:13:42 2011 From: dovecot-ml at makomi.de (=?iso-8859-1?Q?Michael_K=F6hler?=) Date: Fri, 28 Oct 2011 22:13:42 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <20111028171155.ba0dc761.taeuber@bbaw.de> References: <20111028171155.ba0dc761.taeuber@bbaw.de> Message-ID: <54DE3C65-444A-463F-85F7-B01916FC3779@makomi.de> Hi Lars, Am 28.10.2011 um 17:11 schrieb Lars T?uber: > How can I configure dovecot not to listen for imaps connections on port 143. like this? service imap-login { inet_listener imaps { port = 993 } } please execute "doveconf" and have a look at all configuration - you could learn a lot :) Bye, Michael From lars.taeuber at gmx.net Fri Oct 28 23:24:37 2011 From: lars.taeuber at gmx.net (Lars =?UTF-8?B?VMOkdWJlcg==?=) Date: Fri, 28 Oct 2011 22:24:37 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 Message-ID: <20111028222437.04a3827a.lars.taeuber@gmx.net> Hi. Sorry for breaking this thread, but I just subscribed from a different address. I made a mistake. I didn't mean ?imaps? but ?imap2? How can I configure dovecot not to listen for imap connections on port 143. I want dovecot to listen only on port 993. And ssl = required is already set. So this is not the right solution. I just comemnted the whole inet_listener imap {...} section out. But this seems to be some kind of default setting. I tried to set: inet_listener { address = none } I tried to leave the address variable blank. But no succes. Good night Lars From dovecot-ml at makomi.de Fri Oct 28 23:30:18 2011 From: dovecot-ml at makomi.de (=?iso-8859-1?Q?Michael_K=F6hler?=) Date: Fri, 28 Oct 2011 22:30:18 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <20111028222437.04a3827a.lars.taeuber@gmx.net> References: <20111028222437.04a3827a.lars.taeuber@gmx.net> Message-ID: <2F4F63AF-1A7B-46A2-9445-599995BF579D@makomi.de> Hi Lars, Am 28.10.2011 um 22:24 schrieb Lars T?uber: > I didn't mean ?imaps? but ?imap2? > > How can I configure dovecot not to listen for imap connections on port 143. > > I want dovecot to listen only on port 993. > And ssl = required is already set. So this is not the right solution. > > I just comemnted the whole inet_listener imap {...} section out. But this seems to be some kind of default setting. > I tried to set: > > inet_listener { > address = none > } > > I tried to leave the address variable blank. But no succes. protocols = imap service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } Greetings, Michael From lars.taeuber at gmx.net Fri Oct 28 23:38:28 2011 From: lars.taeuber at gmx.net (Lars =?UTF-8?B?VMOkdWJlcg==?=) Date: Fri, 28 Oct 2011 22:38:28 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <2F4F63AF-1A7B-46A2-9445-599995BF579D@makomi.de> References: <20111028222437.04a3827a.lars.taeuber@gmx.net> <2F4F63AF-1A7B-46A2-9445-599995BF579D@makomi.de> Message-ID: <20111028223828.97184e8f.lars.taeuber@gmx.net> Hi Michael, On Fri, 28 Oct 2011 22:30:18 +0200 Michael K?hler wrote: > Hi Lars, > > Am 28.10.2011 um 22:24 schrieb Lars T?uber: > > I want dovecot to listen only on port 993. [...] > protocols = imap > > service imap-login { > inet_listener imap { > port = 0 > } this is it. Many thanks Lars From p.heinlein at heinlein-support.de Sat Oct 29 02:41:41 2011 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Sat, 29 Oct 2011 01:41:41 +0200 Subject: [Dovecot] dsync should sync sieve-dirs to! Message-ID: <201110290141.41963.p.heinlein@heinlein-support.de> Having dsync to make backups from existing mail-spaces, it would be nice to make dsync syncing the sieve-dirs too. -Otherweise backups aren't complete... Peer -- Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From ghandidrivesahumvee at rocketfish.com Sat Oct 29 03:34:07 2011 From: ghandidrivesahumvee at rocketfish.com (Dovecot-GDH) Date: Fri, 28 Oct 2011 17:34:07 -0700 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110290141.41963.p.heinlein@heinlein-support.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> Message-ID: <9002F134-560C-4947-8105-1BD8847407B1@rocketfish.com> Why not just add a line for your local sieve folder to the same shell/cgi script that executes dsync? On Oct 28, 2011, at 4:41 PM, Peer Heinlein wrote: > > Having dsync to make backups from existing mail-spaces, it would be nice > to make dsync syncing the sieve-dirs too. -Otherweise backups aren't > complete... > > Peer > > > -- > Heinlein Professional Linux Support GmbH > Linux: Akademie - Support - Hosting > > http://www.heinlein-support.de > Tel: 030 / 40 50 51 - 0 > Fax: 030 / 40 50 51 - 19 > > Zwangsangaben lt. ?35a GmbHG: > HRB 93818 B / Amtsgericht Berlin-Charlottenburg, > Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From ghandidrivesahumvee at rocketfish.com Sat Oct 29 04:05:17 2011 From: ghandidrivesahumvee at rocketfish.com (Dovecot-GDH) Date: Fri, 28 Oct 2011 18:05:17 -0700 Subject: [Dovecot] Seen flag getting lost In-Reply-To: <20111025110238.GB8900@gumme.math.uni-bonn.de> References: <20111025110238.GB8900@gumme.math.uni-bonn.de> Message-ID: If more than one Dovecot instance is accessing the same set of mailboxes over NFS or other network filesystem, you will need to use the directors. You may as well upgrade to 2.0. On Oct 25, 2011, at 4:02 AM, Edgar Fu? wrote: > We have two dovecot 1.2 instances sharing Maildirs on NFS. Indexes are local to the individual servers. > Occasionally (no idea how to trigger this), the Seen flag gets lost on some messages. I've verified that actually the ``S'' is missing from the filename. > I suspect something like server A caching the flags, server B setting Seen, and then server A flushing its cache for another change so overwriting what B changed. > Any ideas short of switching to 2.0? From seandarcy2 at gmail.com Sat Oct 29 05:03:41 2011 From: seandarcy2 at gmail.com (sean darcy) Date: Fri, 28 Oct 2011 22:03:41 -0400 Subject: [Dovecot] dovecot creating literal %d/%n/ folders Message-ID: I have a virtual user test1. cat /etc/dovecot/users test1@:{PLAIN}test1pass:504:504::/home/vmail/%d/%n catchall@:{PLAIN}password:504:504::/home/vmail/%d/%n @:{PLAIN}password:504:504::/home/vmail//catchall test1 at example.com:{PLAIN}test1pass:504:504::/home/vmail/%d/%n ls /home/vmail/%d/%n/mail cur dovecot.index.cache dovecot.index.log dovecot-uidlist dovecot-uidvalidity dovecot-uidvalidity.4eab20a7 new tmp and mail to test1@ goes into this %d/%n folder. In fact dovecot created the folder - at least I didn't. from dovecot-info.log Oct 28 17:43:11 auth: Debug: master in: USER 4 test1@ service=lmtp Oct 28 17:43:11 auth: Debug: passwd(test1@): lookup Oct 28 17:43:11 auth: Info: passwd(test1@): unknown user Oct 28 17:43:11 auth: Debug: passwd-file(test1@): lookup: user=test1@ file=/etc/dovecot/users Oct 28 17:43:11 auth: Debug: master out: USER 4 test1@ uid=504 gid=504 home=/home/vmail/%d/%n Oct 28 17:43:11 lmtp(4533, test1@): Info: l6DnLacgq061EQAABoXEcA: msgid=<4EAB21EC.9070905 at gmail.com>: saved mail to INBOX I would have expected dovecot to expand this to /home/vmail//test1. Or are the %u %d variables only expanded in certain files? sean From robert at schetterer.org Sat Oct 29 10:15:31 2011 From: robert at schetterer.org (Robert Schetterer) Date: Sat, 29 Oct 2011 09:15:31 +0200 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110290141.41963.p.heinlein@heinlein-support.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> Message-ID: <4EABA813.2050206@schetterer.org> Am 29.10.2011 01:41, schrieb Peer Heinlein: > > Having dsync to make backups from existing mail-spaces, it would be nice > to make dsync syncing the sieve-dirs too. -Otherweise backups aren't > complete... > > Peer > > Hi Peer meanwhile , you may use rsync additional as workaround -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From p.heinlein at heinlein-support.de Sun Oct 30 14:16:59 2011 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Sun, 30 Oct 2011 13:16:59 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EABA813.2050206@schetterer.org> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> Message-ID: <201110301316.59856.p.heinlein@heinlein-support.de> Am Samstag, 29. Oktober 2011, 09:15:31 schrieb Robert Schetterer: > Hi Peer meanwhile , you may use rsync additional as workaround Yes, I'm using rsync for 15 years for this. I'd like to STOP using rsync. It should be possible to make a *complete* backup/mirror of a user's mailbox with dsync. And a backup/mirror without sieve is incomplete. Peer -- Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From p.heinlein at heinlein-support.de Sun Oct 30 14:18:04 2011 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Sun, 30 Oct 2011 13:18:04 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <9002F134-560C-4947-8105-1BD8847407B1@rocketfish.com> References: <201110290141.41963.p.heinlein@heinlein-support.de> <9002F134-560C-4947-8105-1BD8847407B1@rocketfish.com> Message-ID: <201110301318.04585.p.heinlein@heinlein-support.de> Am Samstag, 29. Oktober 2011, 02:34:07 schrieb Dovecot-GDH: > Why not just add a line for your local sieve folder to the same > shell/cgi script that executes dsync? Why using dsync at all? Peer -- Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From robert at schetterer.org Sun Oct 30 14:24:52 2011 From: robert at schetterer.org (Robert Schetterer) Date: Sun, 30 Oct 2011 13:24:52 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110301316.59856.p.heinlein@heinlein-support.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> Message-ID: <4EAD4214.6020405@schetterer.org> Am 30.10.2011 13:16, schrieb Peer Heinlein: > Am Samstag, 29. Oktober 2011, 09:15:31 schrieb Robert Schetterer: > >> Hi Peer meanwhile , you may use rsync additional as workaround > > Yes, I'm using rsync for 15 years for this. > > I'd like to STOP using rsync. > > It should be possible to make a *complete* backup/mirror of a user's > mailbox with dsync. And a backup/mirror without sieve is incomplete. > > Peer > > > yes youre right -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From laxlaw at gmx.de Sun Oct 30 13:53:26 2011 From: laxlaw at gmx.de (=?UTF-8?Q?Lukas_Wei=C3=9F?=) Date: Sun, 30 Oct 2011 12:53:26 +0100 Subject: [Dovecot] =?utf-8?q?Bad_creation_timestamp_of_migrated_mails_=28m?= =?utf-8?q?aildir_format=29=3F?= Message-ID: <995cb6b0e895c72fa16fd7e0f0a4d8e0@weiss.homelinux.com> Hello everybody, ive just switched to dovecot imap because dbmail i used before is not developed any further and sql storage is difficult to backup. Ive done that, by setting up dovecot with maildir format and copy mails from old dbmail to new dovecot imap server with my mail client (thunderbird). Unfortunately migrating to dovecot brought me some problems with my Android K9 Mail client: Sync with IMAP-Server shows me only the oldest mails. I think the problem is, that K9 only fetches the newest mails (25) from the server (to save memory etc). Which mail is "new" is probably determined by creation timestamp of the email-files in my mailbox, which was copied newest first on migration from dbmail to dovecot. So the older mails have the newer creation timestamp on file system. Do you have any suggestions how to fix that problem? Maybe migrate to dbox mailbox format? BTW: New mails show up correctly, as the creation timestamp is new. Thanks Lukas From marcin at mejor.pl Sun Oct 30 16:35:08 2011 From: marcin at mejor.pl (=?ISO-8859-2?Q?Marcin_Miros=B3aw?=) Date: Sun, 30 Oct 2011 15:35:08 +0100 Subject: [Dovecot] [OT] Bad creation timestamp of migrated mails (maildir format)? In-Reply-To: <995cb6b0e895c72fa16fd7e0f0a4d8e0@weiss.homelinux.com> References: <995cb6b0e895c72fa16fd7e0f0a4d8e0@weiss.homelinux.com> Message-ID: <4EAD609C.3050907@mejor.pl> W dniu 2011-10-30 12:53, Lukas Wei? pisze: > > Hello everybody, > > ive just switched to dovecot imap because dbmail > i used before is not developed any further Hello! Where i can find information about this? Regards From ghandidrivesahumvee at rocketfish.com Sun Oct 30 23:06:31 2011 From: ghandidrivesahumvee at rocketfish.com (Dovecot-GDH) Date: Sun, 30 Oct 2011 14:06:31 -0700 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAD4214.6020405@schetterer.org> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <4EAD4214.6020405@schetterer.org> Message-ID: <2EBAB205-6B4E-48BA-9DFF-6959C3B9E902@rocketfish.com> >> Why using dsync at all? dsync is a tool used for synchronizing mailboxes. >> It should be possible to make a *complete* backup/mirror of a user's >> mailbox with sync The Sieve folder is not part of the mailbox. On Oct 30, 2011, at 5:24 AM, Robert Schetterer wrote: > Am 30.10.2011 13:16, schrieb Peer Heinlein: >> Am Samstag, 29. Oktober 2011, 09:15:31 schrieb Robert Schetterer: >> >>> Hi Peer meanwhile , you may use rsync additional as workaround >> >> Yes, I'm using rsync for 15 years for this. >> >> I'd like to STOP using rsync. >> >> It should be possible to make a *complete* backup/mirror of a user's >> mailbox with dsync. And a backup/mirror without sieve is incomplete. >> >> Peer >> >> >> > > yes youre right > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria From robert at schetterer.org Mon Oct 31 08:17:35 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 07:17:35 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <2EBAB205-6B4E-48BA-9DFF-6959C3B9E902@rocketfish.com> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <4EAD4214.6020405@schetterer.org> <2EBAB205-6B4E-48BA-9DFF-6959C3B9E902@rocketfish.com> Message-ID: <4EAE3D7F.5050701@schetterer.org> Am 30.10.2011 22:06, schrieb Dovecot-GDH: >>> Why using dsync at all? > > dsync is a tool used for synchronizing mailboxes. > >>> It should be possible to make a *complete* backup/mirror of a user's >>> mailbox with sync > > The Sieve folder is not part of the mailbox. thats a definiton question, anyway Peer is right it would be a nice to have, but not hardly needed no need to flame in any case > > On Oct 30, 2011, at 5:24 AM, Robert Schetterer wrote: > >> Am 30.10.2011 13:16, schrieb Peer Heinlein: >>> Am Samstag, 29. Oktober 2011, 09:15:31 schrieb Robert Schetterer: >>> >>>> Hi Peer meanwhile , you may use rsync additional as workaround >>> >>> Yes, I'm using rsync for 15 years for this. >>> >>> I'd like to STOP using rsync. >>> >>> It should be possible to make a *complete* backup/mirror of a user's >>> mailbox with dsync. And a backup/mirror without sieve is incomplete. >>> >>> Peer >>> >>> >>> >> >> yes youre right >> >> -- >> Best Regards >> >> MfG Robert Schetterer >> >> Germany/Munich/Bavaria > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From nebano at gmail.com Mon Oct 31 09:51:44 2011 From: nebano at gmail.com (Osvaldo Alvarez Pozo) Date: Mon, 31 Oct 2011 08:51:44 +0100 Subject: [Dovecot] post login script In-Reply-To: <4EAAD5CF.90905@schetterer.org> References: <4EAAD5CF.90905@schetterer.org> Message-ID: Hello, Thanks for your naswer, but there is no difference bettwen your conf & mine execpt for the name of service. Thanks again Osvaldo 2011/10/28 Robert Schetterer : > Am 28.10.2011 12:49, schrieb Osvaldo Alvarez Pozo: >> Hello all, >> >> I am testing postlogin script with dovecot 2. >> >> I works but i would like that the imap and pop session get executed >> even if the post-login script fail. >> >> my postlogin script is very simple: >> >> #/etc/dovecot/conf.d/10-master.conf >> >> service imap { >> >> executable = imap imap-postlogin >> >> } >> # >> service imap-postlogin { >> >> ? executable = script-login /usr/local/bin/postlogin.sh >> >> ? unix_listener imap-postlogin { >> ? } >> } >> >> >> service pop3 { >> >> executable = pop3 imap-postlogin >> >> } >> >> #/usr/local/bin/postlogin.sh >> echo "UPDATE mailbox SET last_login = now() WHERE username = '$USER'" >> | mysql -upostlogin -pXXXXXXXX postfixadmin >> exec "$@" >> >> >> Thanks in advance >> >> Osvaldo > > i have it like this > > > service pop3 { > > > executable = pop3 pop3-postlogin > } > > service pop3-postlogin { > ? executable = script-login /usr/local/bin/postlogin_pop3.sh > ?user = root > ?unix_listener pop3-postlogin { > ?} > ?} > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > From robert at schetterer.org Mon Oct 31 09:57:47 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 08:57:47 +0100 Subject: [Dovecot] post login script In-Reply-To: References: <4EAAD5CF.90905@schetterer.org> Message-ID: <4EAE54FB.10304@schetterer.org> Am 31.10.2011 08:51, schrieb Osvaldo Alvarez Pozo: > Hello, > > Thanks for your naswer, but there is no difference bettwen your conf & > mine execpt for the name of service. > > Thanks again are you sure ? i have 2 different ( extra ) login scripts not only one fitting for imap and pop3 but you only asked for pop3 > > Osvaldo > > 2011/10/28 Robert Schetterer : >> Am 28.10.2011 12:49, schrieb Osvaldo Alvarez Pozo: >>> Hello all, >>> >>> I am testing postlogin script with dovecot 2. >>> >>> I works but i would like that the imap and pop session get executed >>> even if the post-login script fail. >>> >>> my postlogin script is very simple: >>> >>> #/etc/dovecot/conf.d/10-master.conf >>> >>> service imap { >>> >>> executable = imap imap-postlogin >>> >>> } >>> # >>> service imap-postlogin { >>> >>> executable = script-login /usr/local/bin/postlogin.sh >>> >>> unix_listener imap-postlogin { >>> } >>> } >>> >>> >>> service pop3 { >>> >>> executable = pop3 imap-postlogin >>> >>> } >>> >>> #/usr/local/bin/postlogin.sh >>> echo "UPDATE mailbox SET last_login = now() WHERE username = '$USER'" >>> | mysql -upostlogin -pXXXXXXXX postfixadmin >>> exec "$@" >>> >>> >>> Thanks in advance >>> >>> Osvaldo >> >> i have it like this >> >> >> service pop3 { >> >> >> executable = pop3 pop3-postlogin >> } >> >> service pop3-postlogin { >> executable = script-login /usr/local/bin/postlogin_pop3.sh >> user = root >> unix_listener pop3-postlogin { >> } >> } >> >> >> -- >> Best Regards >> >> MfG Robert Schetterer >> >> Germany/Munich/Bavaria >> -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From arlin at mvs.us Mon Oct 31 10:45:40 2011 From: arlin at mvs.us (Arlin) Date: Mon, 31 Oct 2011 14:15:40 +0530 Subject: [Dovecot] Manage dovecot maildir on multiple servers Message-ID: <002b01cc97a9$79b453b0$6d1cfb10$@mvs.us> Any suggestions on how to implement dovecot maildir on multiple servers. Does this required independent installation of Dovecot on each servers, or a single instance of Dovecot with shared MailDir would serve the purpose? Thanks, Arlin From arlin at mvs.us Mon Oct 31 10:47:07 2011 From: arlin at mvs.us (Arlin) Date: Mon, 31 Oct 2011 14:17:07 +0530 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? Message-ID: <003001cc97a9$addbeb80$0993c280$@mvs.us> Could anyone please respond to this query. Thank you! From: Arlin [mailto:arlin at mvs.us] Sent: 28 October 2011 17:06 To: 'dovecot at dovecot.org' Subject: How can we horizontally scale Dovecot across multiple servers? Hi, How can we horizontally scale Dovecot across multiple servers? Do we require to install independent instances of Dovecot on each server? We are planning to use a NAS/SAN device using ZFS or EFS for email storage. Each logical unit will be of 10TB and similarly as the no: of user increases we are planning to add multiple 10TB units. In this case how we can manage the email storage on multiple volumes from Dovecot. The configuration of our existing system is:- Dovecot 1.0.15 / Maildirs Postfix 2.5.5 Debian 5.0.9 (Lenny) MySQL 5.0.15 Please advise. Thanks in advance. Creative Regards, Arlin From robert at schetterer.org Mon Oct 31 10:56:10 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 09:56:10 +0100 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <003001cc97a9$addbeb80$0993c280$@mvs.us> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> Message-ID: <4EAE62AA.6080203@schetterer.org> Am 31.10.2011 09:47, schrieb Arlin: > Could anyone please respond to this query. Thank you! you may use loadbalancers i.e (keepalived etc) and/or http://wiki2.dovecot.org/FeatLoginProxy http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy look the list for cluster setups etc reading your former post you want to use many outdated prog versions dont do that a san for storage might be a good choice some of the list use drbd with ocfs2 and other cluster filesystems > > > > From: Arlin [mailto:arlin at mvs.us] > Sent: 28 October 2011 17:06 > To: 'dovecot at dovecot.org' > Subject: How can we horizontally scale Dovecot across multiple servers? > > > > Hi, > > > > How can we horizontally scale Dovecot across multiple servers? Do we require > to install independent instances of Dovecot on each server? > > > > We are planning to use a NAS/SAN device using ZFS or EFS for email storage. > Each logical unit will be of 10TB and similarly as the no: of user increases > we are planning to add multiple 10TB units. > > In this case how we can manage the email storage on multiple volumes from > Dovecot. > > > > The configuration of our existing system is:- > > > > Dovecot 1.0.15 / Maildirs > > Postfix 2.5.5 > > Debian 5.0.9 (Lenny) > > MySQL 5.0.15 > > > > Please advise. > > > > Thanks in advance. > > > > Creative Regards, > > Arlin > > > > > > > > > > > > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From arlin at mvs.us Mon Oct 31 11:43:07 2011 From: arlin at mvs.us (Arlin) Date: Mon, 31 Oct 2011 15:13:07 +0530 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <4EAE62AA.6080203@schetterer.org> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> Message-ID: <000301cc97b1$81100ca0$833025e0$@mvs.us> Hi Robert, Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other component's to the latest version. In that case, can we use san for storage or are you recommending that drbd with ocfs2 is the best way to attain the horizontal scalability for the mail storage? Thanks, Arlin -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Robert Schetterer Sent: 31 October 2011 14:26 To: dovecot at dovecot.org Subject: Re: [Dovecot] How can we horizontally scale Dovecot across multiple servers? Am 31.10.2011 09:47, schrieb Arlin: > Could anyone please respond to this query. Thank you! you may use loadbalancers i.e (keepalived etc) and/or http://wiki2.dovecot.org/FeatLoginProxy http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy look the list for cluster setups etc reading your former post you want to use many outdated prog versions dont do that a san for storage might be a good choice some of the list use drbd with ocfs2 and other cluster filesystems > > > > From: Arlin [mailto:arlin at mvs.us] > Sent: 28 October 2011 17:06 > To: 'dovecot at dovecot.org' > Subject: How can we horizontally scale Dovecot across multiple servers? > > > > Hi, > > > > How can we horizontally scale Dovecot across multiple servers? Do we > require to install independent instances of Dovecot on each server? > > > > We are planning to use a NAS/SAN device using ZFS or EFS for email storage. > Each logical unit will be of 10TB and similarly as the no: of user > increases we are planning to add multiple 10TB units. > > In this case how we can manage the email storage on multiple volumes > from Dovecot. > > > > The configuration of our existing system is:- > > > > Dovecot 1.0.15 / Maildirs > > Postfix 2.5.5 > > Debian 5.0.9 (Lenny) > > MySQL 5.0.15 > > > > Please advise. > > > > Thanks in advance. > > > > Creative Regards, > > Arlin > > > > > > > > > > > > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From joseba.torre at ehu.es Mon Oct 31 11:54:29 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 31 Oct 2011 10:54:29 +0100 Subject: [Dovecot] dovecot creating literal %d/%n/ folders In-Reply-To: References: Message-ID: <201110311054.29755.joseba.torre@ehu.es> On S?bado 29 Octubre 2011 04:03:41 sean darcy escribi?: > I have a virtual user test1. > > cat /etc/dovecot/users > test1@:{PLAIN}test1pass:504:504::/home/vmail/%d/%n > catchall@:{PLAIN}password:504:504::/home/vmail/%d/%n > @:{PLAIN}password:504:504::/home/vmail//catchall > test1 at example.com:{PLAIN}test1pass:504:504::/home/vmail/%d/%n > > ls /home/vmail/%d/%n/mail > cur dovecot.index.cache dovecot.index.log dovecot-uidlist > dovecot-uidvalidity dovecot-uidvalidity.4eab20a7 new tmp > > and mail to test1@ goes into this %d/%n folder. In fact > dovecot created the folder - at least I didn't. > > from dovecot-info.log > > Oct 28 17:43:11 auth: Debug: master in: USER 4 test1@ > service=lmtp > Oct 28 17:43:11 auth: Debug: passwd(test1@): lookup > Oct 28 17:43:11 auth: Info: passwd(test1@): unknown user > Oct 28 17:43:11 auth: Debug: passwd-file(test1@): lookup: > user=test1@ file=/etc/dovecot/users > Oct 28 17:43:11 auth: Debug: master out: USER 4 test1@ > uid=504 gid=504 home=/home/vmail/%d/%n > Oct 28 17:43:11 lmtp(4533, test1@): Info: > l6DnLacgq061EQAABoXEcA: msgid=<4EAB21EC.9070905 at gmail.com>: saved mail > to INBOX > > I would have expected dovecot to expand this to > /home/vmail//test1. > > Or are the %u %d variables only expanded in certain files? I had this same misunderstanding few days ago (in my case using ldap, but it doesn't matter). The usage of variables makes sense when used in generic values (e.g. mail_location), but not when used in a per-user db, and so they're not expanded in that cases. So: when adding a new entry in your passdb file, you should write actual values instead of variables. Usually it's really easy. HTH -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From joseba.torre at ehu.es Mon Oct 31 11:59:50 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 31 Oct 2011 10:59:50 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110301316.59856.p.heinlein@heinlein-support.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> Message-ID: <201110311059.50921.joseba.torre@ehu.es> On Domingo 30 Octubre 2011 13:16:59 Peer Heinlein escribi?: > It should be possible to make a complete backup/mirror of a user's > mailbox with dsync. And a backup/mirror without sieve is incomplete. And procmail rules? And maildrop rules? And someones post-login script based rules? To me, mailboxes are mailboxes, and dsync works fine. And yes: having a tool to migrate rules (sieve or whatever) would be nice. -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From robert at schetterer.org Mon Oct 31 12:00:33 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 11:00:33 +0100 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <000301cc97b1$81100ca0$833025e0$@mvs.us> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> <000301cc97b1$81100ca0$833025e0$@mvs.us> Message-ID: <4EAE71C1.7060400@schetterer.org> Am 31.10.2011 10:43, schrieb Arlin: > Hi Robert, > > Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other > component's to the latest version. In that case, can we use san for storage > or are you recommending that drbd with ocfs2 is the best way to attain the > horizontal scalability for the mail storage? Hi Arlin, there is no best way, you should choose whatever fits best to your needs an haves so it depends on many stuff ( i.e at last finance, network, manpower, knowledge) etc So all i can say iam just using a loadbalanced cluster setup with drbd ocfs2 maildir dovecot postfix mysql clamav spamassassin on ubuntu lucid lts with 3000 Mailboxes without any big Problems yet but i can imagine that a professional SAN might be better in performance but there is a lot other other questions left , i.e maildir must not be the best solution for mailbox format etc cluster setups with lots of mailboxes are complex in many ways, if you planning a real big mailservice you should ask more here on this list for existing other setups and choose i.e Timo and/or others for professional and paid advice and work > > Thanks, > Arlin > > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On > Behalf Of Robert Schetterer > Sent: 31 October 2011 14:26 > To: dovecot at dovecot.org > Subject: Re: [Dovecot] How can we horizontally scale Dovecot across multiple > servers? > > Am 31.10.2011 09:47, schrieb Arlin: >> Could anyone please respond to this query. Thank you! > > you may use loadbalancers i.e (keepalived etc) and/or > > http://wiki2.dovecot.org/FeatLoginProxy > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > look the list for cluster setups etc > > reading your former post > you want to use many outdated prog versions dont do that a san for storage > might be a good choice some of the list use drbd with ocfs2 and other > cluster filesystems > >> >> >> >> From: Arlin [mailto:arlin at mvs.us] >> Sent: 28 October 2011 17:06 >> To: 'dovecot at dovecot.org' >> Subject: How can we horizontally scale Dovecot across multiple servers? >> >> >> >> Hi, >> >> >> >> How can we horizontally scale Dovecot across multiple servers? Do we >> require to install independent instances of Dovecot on each server? >> >> >> >> We are planning to use a NAS/SAN device using ZFS or EFS for email > storage. >> Each logical unit will be of 10TB and similarly as the no: of user >> increases we are planning to add multiple 10TB units. >> >> In this case how we can manage the email storage on multiple volumes >> from Dovecot. >> >> >> >> The configuration of our existing system is:- >> >> >> >> Dovecot 1.0.15 / Maildirs >> >> Postfix 2.5.5 >> >> Debian 5.0.9 (Lenny) >> >> MySQL 5.0.15 >> >> >> >> Please advise. >> >> >> >> Thanks in advance. >> >> >> >> Creative Regards, >> >> Arlin >> >> >> >> >> >> >> >> >> >> >> >> > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From Ralf.Hildebrandt at charite.de Mon Oct 31 12:03:41 2011 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Mon, 31 Oct 2011 11:03:41 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110311059.50921.joseba.torre@ehu.es> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> Message-ID: <20111031100340.GJ1132@charite.de> * Joseba Torre : > On Domingo 30 Octubre 2011 13:16:59 Peer Heinlein escribi?: > > It should be possible to make a complete backup/mirror of a user's > > mailbox with dsync. And a backup/mirror without sieve is incomplete. > > And procmail rules? They're not stored "within" dovecot's reach. procmail is not a part of dovecot. > And maildrop rules? They're not stored "within" dovecot's reach. maildrop is not a part of dovecot. > And someones post-login script based rules? Good point. But usually the admin adds those. > To me, mailboxes are mailboxes, and dsync works fine. > > And yes: having a tool to migrate rules (sieve or whatever) would be nice. Yup. Especially since it's a bit tricky to see whether a user has rules. -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From robert at schetterer.org Mon Oct 31 12:29:19 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 11:29:19 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <20111031100340.GJ1132@charite.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> <20111031100340.GJ1132@charite.de> Message-ID: <4EAE787F.1020808@schetterer.org> Am 31.10.2011 11:03, schrieb Ralf Hildebrandt: > * Joseba Torre : >> On Domingo 30 Octubre 2011 13:16:59 Peer Heinlein escribi?: >>> It should be possible to make a complete backup/mirror of a user's >>> mailbox with dsync. And a backup/mirror without sieve is incomplete. >> >> And procmail rules? > > They're not stored "within" dovecot's reach. procmail is not a part of > dovecot. > >> And maildrop rules? > > They're not stored "within" dovecot's reach. maildrop is not a part of > dovecot. > >> And someones post-login script based rules? > > Good point. But usually the admin adds those. jep an normally they are in some global backup for the dovecot conf > >> To me, mailboxes are mailboxes, and dsync works fine. >> >> And yes: having a tool to migrate rules (sieve or whatever) would be nice. > > Yup. Especially since it's a bit tricky to see whether a user has rules. > hm, idea , any chance to feed sieve rules in a database backend or ldap etc so it would be part of backing up the db/dir service guess we have to wait for the hackers to get qualified answers *g -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From fbscarel at gmail.com Mon Oct 31 13:28:51 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Mon, 31 Oct 2011 09:28:51 -0200 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <4EAE71C1.7060400@schetterer.org> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> <000301cc97b1$81100ca0$833025e0$@mvs.us> <4EAE71C1.7060400@schetterer.org> Message-ID: Quick question about the usage of DRBD: I'm thinking of a setup on my organization here (15k+ users, 4TB of email data), but I'm holding back on the clusterization due to the high volume of data. Using DRBD would implicate mirroring those 4TB of data across all cluster nodes? If yes, I might go with a SAN-based solution, though I haven't studied much about that setup yet (the other sysadm administrates the VMs and SAN, gotta ask him a few questions). On Mon, Oct 31, 2011 at 08:00, Robert Schetterer wrote: > Am 31.10.2011 10:43, schrieb Arlin: > > Hi Robert, > > > > Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other > > component's to the latest version. In that case, can we use san for > storage > > or are you recommending that drbd with ocfs2 is the best way to attain > the > > horizontal scalability for the mail storage? > > Hi Arlin, there is no best way, you should choose > whatever fits best to your needs an haves > so it depends on many stuff ( i.e at last finance, network, manpower, > knowledge) etc > > So all i can say iam just using a loadbalanced cluster setup with drbd > ocfs2 maildir dovecot postfix mysql clamav spamassassin on ubuntu lucid > lts with 3000 Mailboxes without any big Problems yet > but i can imagine that a professional SAN might be better in performance > but there is a lot other other questions left , i.e maildir must not be > the best solution for mailbox format etc > > cluster setups with lots of mailboxes are complex > in many ways, if you planning a real big mailservice > you should ask more here on this list for existing other setups and > choose i.e > Timo and/or others for professional and paid advice and work > > > > > > Thanks, > > Arlin > > > > -----Original Message----- > > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] > On > > Behalf Of Robert Schetterer > > Sent: 31 October 2011 14:26 > > To: dovecot at dovecot.org > > Subject: Re: [Dovecot] How can we horizontally scale Dovecot across > multiple > > servers? > > > > Am 31.10.2011 09:47, schrieb Arlin: > >> Could anyone please respond to this query. Thank you! > > > > you may use loadbalancers i.e (keepalived etc) and/or > > > > http://wiki2.dovecot.org/FeatLoginProxy > > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > > > look the list for cluster setups etc > > > > reading your former post > > you want to use many outdated prog versions dont do that a san for > storage > > might be a good choice some of the list use drbd with ocfs2 and other > > cluster filesystems > > > >> > >> > >> > >> From: Arlin [mailto:arlin at mvs.us] > >> Sent: 28 October 2011 17:06 > >> To: 'dovecot at dovecot.org' > >> Subject: How can we horizontally scale Dovecot across multiple servers? > >> > >> > >> > >> Hi, > >> > >> > >> > >> How can we horizontally scale Dovecot across multiple servers? Do we > >> require to install independent instances of Dovecot on each server? > >> > >> > >> > >> We are planning to use a NAS/SAN device using ZFS or EFS for email > > storage. > >> Each logical unit will be of 10TB and similarly as the no: of user > >> increases we are planning to add multiple 10TB units. > >> > >> In this case how we can manage the email storage on multiple volumes > >> from Dovecot. > >> > >> > >> > >> The configuration of our existing system is:- > >> > >> > >> > >> Dovecot 1.0.15 / Maildirs > >> > >> Postfix 2.5.5 > >> > >> Debian 5.0.9 (Lenny) > >> > >> MySQL 5.0.15 > >> > >> > >> > >> Please advise. > >> > >> > >> > >> Thanks in advance. > >> > >> > >> > >> Creative Regards, > >> > >> Arlin > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > > > > > > -- > > Best Regards > > > > MfG Robert Schetterer > > > > Germany/Munich/Bavaria > > > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > From vladsol at ukr.net Mon Oct 31 14:10:27 2011 From: vladsol at ukr.net (Vlad) Date: Mon, 31 Oct 2011 14:10:27 +0200 Subject: [Dovecot] Problems with permissions on mail_location Message-ID: <752540808.20111031141027@ukr.net> Hi, All! I have 2.0.beta6 (3156315704ef) Trying to set up Dovecot with virtual users. mail_uid=mail mail_gid=mail mail_location = maildir:/var/mail/%n /var/mail owner is mail:mail, permissions is 777 From error log: Oct 31 13:34:17 imap(test): Error: user test: Initialization failed:Initializing mail storage from mail_location setting failed: mkdir(/var/mail/test) failed: Permission denied (euid=8(mail) egid=12(mail) missing +w perm: /var/mail, euid is not dir owner) but /var/mail owner is mail:mail (same the euid, egid). In what may be the problem? (With full rights to the directory dovecot does not want to write it :-\ ) If I change /var/mail to /tmp/mail (for testing), then everything works fine, dovecot can write to this directory. But if i create /test/mail, or /mail with chmod 777 and chown mail:mail - again the same error :-( -- ? ?????????, Vlad mailto:vladsol at ukr.net From CMarcus at Media-Brokers.com Mon Oct 31 14:19:55 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 31 Oct 2011 08:19:55 -0400 Subject: [Dovecot] Problems with permissions on mail_location In-Reply-To: <752540808.20111031141027@ukr.net> References: <752540808.20111031141027@ukr.net> Message-ID: <4EAE926B.8040509@Media-Brokers.com> On 2011-10-31 8:10 AM, Vlad wrote: > I have 2.0.beta6 (3156315704ef) Upgrade, then come back with any questions... -- Best regards, Charles From vladsol at ukr.net Mon Oct 31 14:23:21 2011 From: vladsol at ukr.net (Vlad) Date: Mon, 31 Oct 2011 14:23:21 +0200 Subject: [Dovecot] Problems with permissions on mail_location In-Reply-To: <4EAE926B.8040509@Media-Brokers.com> References: <752540808.20111031141027@ukr.net> <4EAE926B.8040509@Media-Brokers.com> Message-ID: <271322296.20111031142321@ukr.net> I installed dovecot from the "official" CentOS 6 repository . I think in this case, the problem is not in the version ..: - \ I'll try to update .. > On 2011-10-31 8:10 AM, Vlad wrote: >> I have 2.0.beta6 (3156315704ef) > Upgrade, then come back with any questions... -- ? ?????????, Vlad mailto:vladsol at ukr.net From robert at schetterer.org Mon Oct 31 14:33:22 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 13:33:22 +0100 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> <000301cc97b1$81100ca0$833025e0$@mvs.us> <4EAE71C1.7060400@schetterer.org> Message-ID: <4EAE9592.8010209@schetterer.org> Am 31.10.2011 12:28, schrieb Felipe Scarel: > Quick question about the usage of DRBD: I'm thinking of a setup on my > organization here (15k+ users, 4TB of email data), but I'm holding back > on the clusterization due to the high volume of data. > > Using DRBD would implicate mirroring those 4TB of data across all > cluster nodes? If yes, I might go with a SAN-based solution, though I > haven't studied much about that setup yet (the other sysadm > administrates the VMs and SAN, gotta ask him a few questions). i wouldnt do that with drbd as such big setup , there should be enough money using better choices > > On Mon, Oct 31, 2011 at 08:00, Robert Schetterer > wrote: > > Am 31.10.2011 10:43, schrieb Arlin: > > Hi Robert, > > > > Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other > > component's to the latest version. In that case, can we use san > for storage > > or are you recommending that drbd with ocfs2 is the best way to > attain the > > horizontal scalability for the mail storage? > > Hi Arlin, there is no best way, you should choose > whatever fits best to your needs an haves > so it depends on many stuff ( i.e at last finance, network, manpower, > knowledge) etc > > So all i can say iam just using a loadbalanced cluster setup with drbd > ocfs2 maildir dovecot postfix mysql clamav spamassassin on ubuntu lucid > lts with 3000 Mailboxes without any big Problems yet > but i can imagine that a professional SAN might be better in performance > but there is a lot other other questions left , i.e maildir must not be > the best solution for mailbox format etc > > cluster setups with lots of mailboxes are complex > in many ways, if you planning a real big mailservice > you should ask more here on this list for existing other setups and > choose i.e > Timo and/or others for professional and paid advice and work > > > > > > Thanks, > > Arlin > > > > -----Original Message----- > > From: dovecot-bounces at dovecot.org > > [mailto:dovecot-bounces at dovecot.org > ] On > > Behalf Of Robert Schetterer > > Sent: 31 October 2011 14:26 > > To: dovecot at dovecot.org > > Subject: Re: [Dovecot] How can we horizontally scale Dovecot > across multiple > > servers? > > > > Am 31.10.2011 09:47, schrieb Arlin: > >> Could anyone please respond to this query. Thank you! > > > > you may use loadbalancers i.e (keepalived etc) and/or > > > > http://wiki2.dovecot.org/FeatLoginProxy > > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > > > look the list for cluster setups etc > > > > reading your former post > > you want to use many outdated prog versions dont do that a san for > storage > > might be a good choice some of the list use drbd with ocfs2 and other > > cluster filesystems > > > >> > >> > >> > >> From: Arlin [mailto:arlin at mvs.us ] > >> Sent: 28 October 2011 17:06 > >> To: 'dovecot at dovecot.org ' > >> Subject: How can we horizontally scale Dovecot across multiple > servers? > >> > >> > >> > >> Hi, > >> > >> > >> > >> How can we horizontally scale Dovecot across multiple servers? Do we > >> require to install independent instances of Dovecot on each server? > >> > >> > >> > >> We are planning to use a NAS/SAN device using ZFS or EFS for email > > storage. > >> Each logical unit will be of 10TB and similarly as the no: of user > >> increases we are planning to add multiple 10TB units. > >> > >> In this case how we can manage the email storage on multiple volumes > >> from Dovecot. > >> > >> > >> > >> The configuration of our existing system is:- > >> > >> > >> > >> Dovecot 1.0.15 / Maildirs > >> > >> Postfix 2.5.5 > >> > >> Debian 5.0.9 (Lenny) > >> > >> MySQL 5.0.15 > >> > >> > >> > >> Please advise. > >> > >> > >> > >> Thanks in advance. > >> > >> > >> > >> Creative Regards, > >> > >> Arlin > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > > > > > > -- > > Best Regards > > > > MfG Robert Schetterer > > > > Germany/Munich/Bavaria > > > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From fbscarel at gmail.com Mon Oct 31 15:13:07 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Mon, 31 Oct 2011 11:13:07 -0200 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <4EAE9592.8010209@schetterer.org> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> <000301cc97b1$81100ca0$833025e0$@mvs.us> <4EAE71C1.7060400@schetterer.org> <4EAE9592.8010209@schetterer.org> Message-ID: There is, though not readily available unfortunately. Thanks for the input, always helpful. On Mon, Oct 31, 2011 at 10:33, Robert Schetterer wrote: > Am 31.10.2011 12:28, schrieb Felipe Scarel: > > Quick question about the usage of DRBD: I'm thinking of a setup on my > > organization here (15k+ users, 4TB of email data), but I'm holding back > > on the clusterization due to the high volume of data. > > > > Using DRBD would implicate mirroring those 4TB of data across all > > cluster nodes? If yes, I might go with a SAN-based solution, though I > > haven't studied much about that setup yet (the other sysadm > > administrates the VMs and SAN, gotta ask him a few questions). > > i wouldnt do that with drbd > as such big setup , there should be enough money using better choices > > > > On Mon, Oct 31, 2011 at 08:00, Robert Schetterer > > wrote: > > > > Am 31.10.2011 10:43, schrieb Arlin: > > > Hi Robert, > > > > > > Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other > > > component's to the latest version. In that case, can we use san > > for storage > > > or are you recommending that drbd with ocfs2 is the best way to > > attain the > > > horizontal scalability for the mail storage? > > > > Hi Arlin, there is no best way, you should choose > > whatever fits best to your needs an haves > > so it depends on many stuff ( i.e at last finance, network, manpower, > > knowledge) etc > > > > So all i can say iam just using a loadbalanced cluster setup with > drbd > > ocfs2 maildir dovecot postfix mysql clamav spamassassin on ubuntu > lucid > > lts with 3000 Mailboxes without any big Problems yet > > but i can imagine that a professional SAN might be better in > performance > > but there is a lot other other questions left , i.e maildir must not > be > > the best solution for mailbox format etc > > > > cluster setups with lots of mailboxes are complex > > in many ways, if you planning a real big mailservice > > you should ask more here on this list for existing other setups and > > choose i.e > > Timo and/or others for professional and paid advice and work > > > > > > > > > > Thanks, > > > Arlin > > > > > > -----Original Message----- > > > From: dovecot-bounces at dovecot.org > > > > [mailto:dovecot-bounces at dovecot.org > > ] On > > > Behalf Of Robert Schetterer > > > Sent: 31 October 2011 14:26 > > > To: dovecot at dovecot.org > > > Subject: Re: [Dovecot] How can we horizontally scale Dovecot > > across multiple > > > servers? > > > > > > Am 31.10.2011 09:47, schrieb Arlin: > > >> Could anyone please respond to this query. Thank you! > > > > > > you may use loadbalancers i.e (keepalived etc) and/or > > > > > > http://wiki2.dovecot.org/FeatLoginProxy > > > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > > > > > look the list for cluster setups etc > > > > > > reading your former post > > > you want to use many outdated prog versions dont do that a san for > > storage > > > might be a good choice some of the list use drbd with ocfs2 and > other > > > cluster filesystems > > > > > >> > > >> > > >> > > >> From: Arlin [mailto:arlin at mvs.us ] > > >> Sent: 28 October 2011 17:06 > > >> To: 'dovecot at dovecot.org ' > > >> Subject: How can we horizontally scale Dovecot across multiple > > servers? > > >> > > >> > > >> > > >> Hi, > > >> > > >> > > >> > > >> How can we horizontally scale Dovecot across multiple servers? Do > we > > >> require to install independent instances of Dovecot on each > server? > > >> > > >> > > >> > > >> We are planning to use a NAS/SAN device using ZFS or EFS for email > > > storage. > > >> Each logical unit will be of 10TB and similarly as the no: of user > > >> increases we are planning to add multiple 10TB units. > > >> > > >> In this case how we can manage the email storage on multiple > volumes > > >> from Dovecot. > > >> > > >> > > >> > > >> The configuration of our existing system is:- > > >> > > >> > > >> > > >> Dovecot 1.0.15 / Maildirs > > >> > > >> Postfix 2.5.5 > > >> > > >> Debian 5.0.9 (Lenny) > > >> > > >> MySQL 5.0.15 > > >> > > >> > > >> > > >> Please advise. > > >> > > >> > > >> > > >> Thanks in advance. > > >> > > >> > > >> > > >> Creative Regards, > > >> > > >> Arlin > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > > > > > > > > -- > > > Best Regards > > > > > > MfG Robert Schetterer > > > > > > Germany/Munich/Bavaria > > > > > > > > > -- > > Best Regards > > > > MfG Robert Schetterer > > > > Germany/Munich/Bavaria > > > > > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > From alexwbaule at gmail.com Mon Oct 31 17:25:42 2011 From: alexwbaule at gmail.com (Alex Baule) Date: Mon, 31 Oct 2011 13:25:42 -0200 Subject: [Dovecot] Rewrite the ostream output method, to save messages in another directory. Message-ID: Hi Timo, I Trying to integrate my antispam with dovecot, using the imap folder to do certain actions. I Do almost every thing, but i have some problems saving the message. Explaining this function, i try to use a imap folder like a "collector folder", the user append a message from outside (ie another imap or pop message) to this folder, and i don't want to copy this message, i need to redirect it to another folder outside from user's maildir. Well, i try to base it in zlib plugin, with was the o_stream_create_gz(). Inside the o_stream_create_gz has the Output, it's a copy from the original output. I Try to replace this output, with another one, that i try to create to another location, without sucessfull. struct ostream * o_stream_create_X_list(struct ostream *output, struct istream *input, const char *type) { struct emexis_ostream *X_stream; struct ostream *new_output; int fd; fd = open("/tmp/email",O_WRONLY); new_output = o_stream_create_fd_file(fd, 0, TRUE); o_stream_cork(new_output); emexis_stream = i_new(struct emexis_ostream, 1); emexis_stream->ostream.sendv = o_stream_X_sendv; emexis_stream->ostream.flush = o_stream_X_flush; emexis_stream->ostream.iostream.close = o_stream_X_close; emexis_stream->output = new_output; emexis_stream->input = input; o_stream_ref(new_output); return o_stream_create(&X_stream->ostream); } With this new o_stream, i got this error. Oct 27 15:14:24 brc dovecot: imap(alex at exemplo.com.br): Error: o_stream_send_istream(/storage/gss/emexis/messages/ exemplo.com.br/alex/Maildir/.Emexis.Ext-Blacklist/tmp/1319735664.M568409P30815.brc) failed: Bad file descriptor Oct 27 15:14:24 brc dovecot: imap(alex at exemplo.com.br): Error: o_stream_flush(/storage/gss/emexis/messages/ exemplo.com.br/alex/Maildir/.Emexis.Ext-Blacklist/tmp/1319735664.M568409P30815.brc) failed: Bad file descriptor Oct 27 15:14:24 brc dovecot: imap(alex at exemplo.com.br): Error: write(/storage/gss/emexis/messages/ exemplo.com.br/alex/Maildir/.Emexis.Ext-Blacklist/tmp/1319735664.M568409P30815.brc) failed: Bad file descriptor There is something wrong Timo ? Like missing something or i need to rewrite another funcion ? Tks !!! From stephan at rename-it.nl Mon Oct 31 17:58:29 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 31 Oct 2011 16:58:29 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAE787F.1020808@schetterer.org> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> <20111031100340.GJ1132@charite.de> <4EAE787F.1020808@schetterer.org> Message-ID: <4EAEC5A5.9000807@rename-it.nl> On 31-10-2011 11:29, Robert Schetterer wrote: > hm, idea , any chance to feed sieve rules in a database backend or ldap etc > so it would be part of backing up the db/dir service That is on the TODO list. However, this is not high-priority. Regards, Stephan. From stephan at rename-it.nl Mon Oct 31 18:00:53 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 31 Oct 2011 17:00:53 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAE3D7F.5050701@schetterer.org> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <4EAD4214.6020405@schetterer.org> <2EBAB205-6B4E-48BA-9DFF-6959C3B9E902@rocketfish.com> <4EAE3D7F.5050701@schetterer.org> Message-ID: <4EAEC635.3090406@rename-it.nl> Op 31-10-2011 7:17, Robert Schetterer schreef: > Am 30.10.2011 22:06, schrieb Dovecot-GDH: >> The Sieve folder is not part of the mailbox. > thats a definiton question, anyway Peer is right > it would be a nice to have, but not hardly needed > no need to flame in any case I wonder how extensible dsync is in this respect. It doesn't sound too difficult to implement, but so far I haven't looked at its sources. Regards, Stephan. From leo at strike.wu.ac.at Mon Oct 31 19:00:52 2011 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Mon, 31 Oct 2011 18:00:52 +0100 Subject: [Dovecot] setting namespaces using script-login environment in 2.0 Message-ID: <4EAED444.70608@strike.wu.ac.at> Hi! With dovecot 1.x, I was using a post-login script to dynamically add shared mailboxes using NAMESPACE_X.. environment variables, based on filesystem permissions: After login, the post-login script was executed with user permissions (mail_drop_priv_before_exec=yes). It added all subdirectories of "/var/spool/mail/Shared" as namespaces for which the user had write permissions. E.g.: NAMESPACE_2='maildir:/var/mail/Shared/spamrep:INDEX=~/Maildir/index/Shared/spamrep' NAMESPACE_2_PREFIX=Shared/spamrep/ NAMESPACE_2_SEP=/ NAMESPACE_2_TYPE=public NAMESPACE_2_LIST=yes See the attached post-pogin-script for details. After switching to 2.0.14 (using executable script-login -d...), the script actually gets executed but the namespace settings do not seem to be honored. Besides, I don't see any pre-set NAMESPACE_ environment variables anymore. Have environment based namespace settings been abandoned in 2.0? Does Dovecot 2.0 maybe provide a better way to only display those folders, for which the user has at least read permissions? (Unix-permission based) Thanks in advance, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria From e-frog at gmx.de Mon Oct 31 19:41:49 2011 From: e-frog at gmx.de (e-frog) Date: Mon, 31 Oct 2011 18:41:49 +0100 Subject: [Dovecot] setting namespaces using script-login environment in 2.0 In-Reply-To: <4EAED444.70608@strike.wu.ac.at> References: <4EAED444.70608@strike.wu.ac.at> Message-ID: <4EAEDDDD.40206@gmx.de> On 31.10.2011 18:00, wrote Alexander 'Leo' Bergolth: > > Have environment based namespace settings been abandoned in 2.0? > I think you need to add them to USERDB_KEYS now... http://wiki2.dovecot.org/PostLoginScripting#Running_environment /e-frog From p at state-of-mind.de Mon Oct 31 19:45:49 2011 From: p at state-of-mind.de (Patrick Ben Koetter) Date: Mon, 31 Oct 2011 18:45:49 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAEC5A5.9000807@rename-it.nl> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> <20111031100340.GJ1132@charite.de> <4EAE787F.1020808@schetterer.org> <4EAEC5A5.9000807@rename-it.nl> Message-ID: <20111031174549.GB2252@state-of-mind.de> * Stephan Bosch : > On 31-10-2011 11:29, Robert Schetterer wrote: > >hm, idea , any chance to feed sieve rules in a database backend or ldap etc > >so it would be part of backing up the db/dir service > > That is on the TODO list. However, this is not high-priority. You might want to find out how SOGo stores sieve rules in SQL. p at rick -- state of mind () http://www.state-of-mind.de Franziskanerstra?e 15 Telefon +49 89 3090 4664 81669 M?nchen Telefax +49 89 3090 4666 Amtsgericht M?nchen Partnerschaftsregister PR 563 From dovecot at tlinx.org Mon Oct 31 22:17:16 2011 From: dovecot at tlinx.org (Linda Walsh) Date: Mon, 31 Oct 2011 13:17:16 -0700 Subject: [Dovecot] Thunderbird slow in talking with dovecot IMAP AND to sendmail In-Reply-To: <4EA69FAE.1030100@Media-Brokers.com> References: <4EA68C11.5060102@tlinx.org> <4EA69FAE.1030100@Media-Brokers.com> Message-ID: <4EAF024C.6040506@tlinx.org> Charles Marcus wrote: > On 2011-10-25 6:14 AM, Linda Walsh wrote: >> and everyfrackin' body was using 4K packet sizes (at the application >> level!, the window size on TCP was over 64K...but no one was using >> it)....especially galling with my network's MTU at 9K, BTW, because >> small packets are really bad on a 1Gb network. >> >> sendmail -- 4K, >> dovecot /ssl, 4K... >> >> wazzup .. is t-bird forcing this, > > If I'm not mistaken, yes, this is (or could be) a TBird problem... I > can't find the bug report where this was discussed, but I distinctly > remember one of the devs commenting on this 4k packet size issue. > Apparently it was an intentional change, but he couldn't figure out why. > > Fyi, it was discussed in one of the IMAP performance bugs... --- Thanks for the lead...will check it out. The problem with the Tbird (and FF) is that design for home users with dialup connections, so if you have a home network and run IMAP @home, all their tuning goes out the window -- and they don't make it configurable. I had to go to a 9K packet size on 1Gb ethernet to get close to full bandwitch usage (and then it is a large effort with a windows client)...and that's down at layer 2? FF IMAP is at layer 5? ... the latency is insane at that point. Alot of companies aren't real bright when it comes to storing files locally -- instead of 'local' they almost always use the 'roaming' profile...Cuprits: TB at 4G, Adobe at 2.5G, XBMC ~1-2G. Adobe's great -- most of that 2.5G are the product helpfiles which you don't get when you install -- they are d/led later and thus stored in your roaming profile. Each user gets their own copy of the help material... Of course good thing they got rid of customer input for product design and got rid of 'usability studies'... those things always caused problems. Like MS removing the start bar in Win8 cause users don't want it? Huh? or Cocacola switching to 'newCoke, then having to revert due to outcry...because Coke drinkers didn't want another pepsi knockoff. Baka! From robert at schetterer.org Mon Oct 31 22:19:15 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 21:19:15 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAEC5A5.9000807@rename-it.nl> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> <20111031100340.GJ1132@charite.de> <4EAE787F.1020808@schetterer.org> <4EAEC5A5.9000807@rename-it.nl> Message-ID: <4EAF02C3.2030002@schetterer.org> Am 31.10.2011 16:58, schrieb Stephan Bosch: > On 31-10-2011 11:29, Robert Schetterer wrote: >> hm, idea , any chance to feed sieve rules in a database backend or >> ldap etc >> so it would be part of backing up the db/dir service > > That is on the TODO list. However, this is not high-priority. sounds nice to me, thx > > Regards, > > Stephan. > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From jtam.home at gmail.com Sat Oct 1 01:29:05 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 30 Sep 2011 15:29:05 -0700 (PDT) Subject: [Dovecot] Error message in log In-Reply-To: References: Message-ID: On Fri, 30 Sep 2011, Knute Johnson wrote: > I'm getting the following message in my log; > > dovecot: IMAP(knute): > fchown(/home/knute/mail/.imap/INBOX/dovecot.index.tmp, -1, 8(mail)) > failed: Operation not permitted (egid=1000(knute), group based on > /var/mail/knute): 4 Time(s) > > I got these once before on the /var/mail/user files and changed the > permissions to 600. /home/knute/mail/.imap/INBOX is 770 and the index > files are 600. Is this a problem with the directory privilege? Probably. This was discussed a few times before. Check the mailing list archives. Dovecot tries to retain the same file access for the indices as the mailbox/message file it indexes; if the permissions allow access to the group, but the owner is not part of that group, then the dovecot process (which sets UID to the owner) cannot recreate the same permissions, hence the error. Either change the group ownership of "/var/mail/knute", put user "knute" in group "mail", or chmod it to 0600. The last one is probably the best solution. And fix the problem that created these permissions in the first place. Check your other users (if you have any) for the same situation. Joseph Tam From ejs at shubes.net Sat Oct 1 02:24:56 2011 From: ejs at shubes.net (Eric Shubert) Date: Fri, 30 Sep 2011 16:24:56 -0700 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: References: Message-ID: On 09/30/2011 12:59 PM, Eric Shubert wrote: > On 09/30/2011 09:07 AM, Eric Shubert wrote: >> >> CRAM-MD5 works sometimes: >> Sep 30 08:15:43 imap-login: Info: Login: user=, >> method=CRAM-MD5, rip=192.168.252.8, lip=192.168.252.14, mpid=20301 >> >> but (seemingly more frequently) the authentication fails: >> Sep 30 08:16:41 imap-login: Info: Aborted login (auth failed, 1 >> attempts): user=, method=CRAM-MD5, rip=192.168.252.8, >> lip=192.168.252.14 >> >> I restarted dovecot, and that apparently cleared the problem for one >> user, but not others. >> >> Is this perhaps a bug in dovecot, or would the problem lie with vpopmail? >> >> TIA for any pointers. >> > > FWIW, I tried digest-md5, and experience the same problem. > > Is it possible that passwords are being cached in such a way that > different login mechanisms cannot be used by different client programs > with the same user account? > My problem was indeed with the password caching. I changed cache_key=%u to cache_key=%u%r and that cleared things up. I expect that this is only a problem when different client programs use different login mechanisms, which was the case with this particular group of users. I didn't anticipate this behavior, but can live with it. A note about this in the documentation would be nice. I tried to create an account on the wiki for myself to update it, but that doesn't seem to be working presently. -- -Eric 'shubes' From tss at iki.fi Sat Oct 1 18:16:32 2011 From: tss at iki.fi (Timo Sirainen) Date: Sat, 01 Oct 2011 18:16:32 +0300 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: References: Message-ID: <1317482192.21919.47.camel@hurina> On Fri, 2011-09-30 at 16:24 -0700, Eric Shubert wrote: > >> CRAM-MD5 works sometimes: > >> Sep 30 08:15:43 imap-login: Info: Login: user=, > >> method=CRAM-MD5, rip=192.168.252.8, lip=192.168.252.14, mpid=20301 > >> > >> but (seemingly more frequently) the authentication fails: > >> Sep 30 08:16:41 imap-login: Info: Aborted login (auth failed, 1 > >> attempts): user=, method=CRAM-MD5, rip=192.168.252.8, > >> lip=192.168.252.14 > >> > My problem was indeed with the password caching. I changed > cache_key=%u > to > cache_key=%u%r > and that cleared things up. > > I expect that this is only a problem when different client programs use > different login mechanisms, which was the case with this particular > group of users. Auth mechanism shouldn't affect caching or vice versa. Maybe the %r just happens to work around the real problem, which might still be there but just less frequent.. Logs with auth_debug=yes could have been helpful in figuring this out. From tss at iki.fi Sat Oct 1 18:19:00 2011 From: tss at iki.fi (Timo Sirainen) Date: Sat, 01 Oct 2011 18:19:00 +0300 Subject: [Dovecot] FTS and compound searches In-Reply-To: <91489B71-0154-4DE8-9DD4-CA5354B9D8E8@net24.co.nz> References: <91489B71-0154-4DE8-9DD4-CA5354B9D8E8@net24.co.nz> Message-ID: <1317482340.21919.48.camel@hurina> On Thu, 2011-09-29 at 15:40 +1300, Nikolai Schupbach wrote: > >> New subscriber here. I noticed that the FTS index is not used in compound searches. > >> Is this expected? Tested in 2.0.0 and 2.0.8: > > > >Yep. It's been in TODO for a while. > > I know this thread is quite old, but we have the same issue with v2.0.14 and squat. Would this issue also affect the Solr FTS backend? It's fixed in v2.1 for all backends. From ejs at shubes.net Sun Oct 2 18:53:19 2011 From: ejs at shubes.net (Eric Shubert) Date: Sun, 02 Oct 2011 08:53:19 -0700 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: <1317482192.21919.47.camel@hurina> References: <1317482192.21919.47.camel@hurina> Message-ID: On 10/01/2011 08:16 AM, Timo Sirainen wrote: > On Fri, 2011-09-30 at 16:24 -0700, Eric Shubert wrote: >>>> CRAM-MD5 works sometimes: >>>> Sep 30 08:15:43 imap-login: Info: Login: user=, >>>> method=CRAM-MD5, rip=192.168.252.8, lip=192.168.252.14, mpid=20301 >>>> >>>> but (seemingly more frequently) the authentication fails: >>>> Sep 30 08:16:41 imap-login: Info: Aborted login (auth failed, 1 >>>> attempts): user=, method=CRAM-MD5, rip=192.168.252.8, >>>> lip=192.168.252.14 >>>> >> My problem was indeed with the password caching. I changed >> cache_key=%u >> to >> cache_key=%u%r >> and that cleared things up. >> >> I expect that this is only a problem when different client programs use >> different login mechanisms, which was the case with this particular >> group of users. > > Auth mechanism shouldn't affect caching or vice versa. Maybe the %r just > happens to work around the real problem, which might still be there but > just less frequent.. Logs with auth_debug=yes could have been helpful in > figuring this out. Ask and ye shall receive: Oct 02 08:21:03 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=192.168.6.14 rip=208.54.4.133 lport=143 rport=43401 resp= Oct 02 08:21:03 auth: Debug: cache(gary at domain.com,208.54.4.133): hit: user=gary at domain.com Oct 02 08:21:03 auth: Debug: client out: OK 1 user=gary at domain.com Oct 02 08:21:03 auth: Debug: master in: REQUEST 546963457 11596 1 9d5ae9a5778c4e1da32bfe9de1027163 Oct 02 08:21:03 auth: Debug: userdb-cache(gary at domain.com,208.54.4.133): hit: gary at domain.com uid=89 gid=89 home=/home/vpopmail/domains/domain.com/gary Oct 02 08:21:03 auth: Debug: master out: USER 546963457 gary at domain.com uid=89 gid=89 home=/home/vpopmail/domains/domain.com/gary Oct 02 08:21:03 imap-login: Info: Login: user=, method=PLAIN, rip=208.54.4.133, lip=192.168.6.14, mpid=11607, TLS Oct 02 08:21:05 auth: Debug: auth client connected (pid=11609) Oct 02 08:21:05 auth: Debug: client in: AUTH 1 CRAM-MD5 service=imap secured lip=192.168.6.14 rip=174.17.50.127 lport=993 rport=50696 Oct 02 08:21:05 auth: Debug: client out: CONT 1 PDU5NjE3NTM4NTk4OTA0MTIuMTMxNzU2ODg2NUB3b25nLnIzaW52ZXN0aWdhdGlvbnMuY29tPg== Oct 02 08:21:06 auth: Debug: client in: CONT Oct 02 08:21:06 auth: Debug: cache(teacher at domain2.com,174.17.50.127): miss Oct 02 08:21:06 auth: Debug: vpopmail(teacher at domain2.com,174.17.50.127): lookup user=teacher domain=domain2.com Oct 02 08:21:06 auth: Debug: client out: OK 1 user=teacher at domain2.com Oct 02 08:21:06 auth: Debug: master in: REQUEST 3916169217 11609 1 42c98a70d61d08e4b1440028faf5324a Oct 02 08:21:06 auth: Debug: userdb-cache(teacher at domain2.com,174.17.50.127): miss Oct 02 08:21:06 auth: Debug: vpopmail(teacher at domain2.com,174.17.50.127): lookup user=teacher domain=domain2.com Oct 02 08:21:06 auth: Debug: master out: USER 3916169217 teacher at domain2.com uid=89 gid=89 home=/home/vpopmail/domains/domain2.com/teacher Oct 02 08:21:06 imap-login: Info: Login: user=, method=CRAM-MD5, rip=174.17.50.127, lip=192.168.6.14, mpid=11612, TLS Oct 02 08:21:35 imap(gary at domain.com): Info: Disconnected: Logged out bytes=361/1161 Oct 02 08:21:40 auth: Debug: auth client connected (pid=11627) Oct 02 08:21:40 auth: Debug: client in: AUTH 1 DIGEST-MD5 service=imap lip=192.168.252.14 rip=192.168.252.8 lport=143 rport=41155 Oct 02 08:21:40 auth: Debug: client out: CONT 1 cmVhbG09IiIsbm9uY2U9InpkR3VZcFd0T25iUWpQM3hHOVloemc9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI= Oct 02 08:21:40 auth: Debug: client in: CONT Oct 02 08:21:40 auth: Debug: cache(gary at domain.com,192.168.252.8): hit: user=gary at domain.com Oct 02 08:21:40 auth: Info: password(gary at domain.com,192.168.252.8): Requested DIGEST-MD5 scheme, but we have only SHA1 Oct 02 08:21:42 auth: Debug: client out: FAIL 1 user=gary at domain.com Oct 02 08:21:42 imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=DIGEST-MD5, rip=192.168.252.8, lip=192.168.252.14 Oct 02 08:21:55 auth: Debug: auth client connected (pid=11629) Oct 02 08:21:55 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=192.168.6.14 rip=192.168.5.196 lport=993 rport=4605 resp= Oct 02 08:21:55 auth: Debug: cache(gary at domain.com,192.168.5.196): hit: user=gary at domain.com Oct 02 08:21:55 auth: Debug: client out: OK 1 user=gary at domain.com Oct 02 08:21:55 auth: Debug: master in: REQUEST 875167745 11629 1 126eea78f45a1270bea10f8f939545fa Oct 02 08:21:55 auth: Debug: userdb-cache(gary at domain.com,192.168.5.196): hit: gary at domain.com uid=89 gid=89 home=/home/vpopmail/domains/domain.com/gary Oct 02 08:21:55 auth: Debug: master out: USER 875167745 gary at domain.com uid=89 gid=89 home=/home/vpopmail/domains/domain.com/gary Oct 02 08:21:55 imap-login: Info: Login: user=, method=PLAIN, rip=192.168.5.196, lip=192.168.6.14, mpid=11630, TLS The user gary first connects using TMobile phone (208.54.4.133), then a subsequent attempt via Squirrelmail/webmail (192.168.252.8) fails. Outlook (192.168.5.196) is also in there. Outlook and TMobile both use PLAIN with TLS, and they get along fine. Squirrelmail doesn't presently support TLS, so needs to use cram-md5 or digest-md5, which fails with the cached entry from one of the other clients. Thank you so much for your terrific work with Dovecot, Timo. It is truly a premier piece of work. -- -Eric 'shubes' From tss at iki.fi Sun Oct 2 20:28:04 2011 From: tss at iki.fi (Timo Sirainen) Date: Sun, 02 Oct 2011 20:28:04 +0300 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: References: <1317482192.21919.47.camel@hurina> Message-ID: <1317576487.21919.50.camel@hurina> On Sun, 2011-10-02 at 08:53 -0700, Eric Shubert wrote: > > > Oct 02 08:21:40 auth: Info: password(gary at domain.com,192.168.252.8): > Requested DIGEST-MD5 scheme, but we have only SHA1 Oh. This was vpopmail specific problem. See if this fixes: http://hg.dovecot.org/dovecot-2.0/rev/dbd5f9ec38af From dlie76 at yahoo.com.au Mon Oct 3 05:15:01 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Sun, 2 Oct 2011 19:15:01 -0700 (PDT) Subject: [Dovecot] problem with getting outlook to work with IMAP server Message-ID: <1317608101.37488.YahooMailNeo@web113406.mail.gq1.yahoo.com> Hi, I am having difficulty in getting the outlook 2010 to connect to my server running on Ubuntu Server 10.04. I can login to Squirrelmail webmail, and am able to send & receive emails through squirrelmail with no problem whatsoever. However, this morning, I was trying to add a new account for the same user on Outlook 2010 and I got the following error from outlook as follows Send test e-mail message: Your outgoing (SMTP) e-mail server has reported an internal error. The server responded: 554 5.7.7 No Spoofing Allowed. I then, went to check /var/log/mail.log and I found the following Oct? 3 12:19:27 mymailServer dovecot: auth(default): ldap(sbernett,50.4.39.163): pass search: base=ou=accounts,dc=example,dc=com scope=subtree filter=(&(objectClass=posixAccount)(uid=sbernett)) fields=uid,userPassword,homeDirectory,uidNumber,gidNumber Oct? 3 12:19:27 mymailServer dovecot: auth(default): ldap(sbernett,50.4.39.163): result: uid(user)=sbernett uidNumber(userdb_uid)=106 gidNumber(userdb_gid)=106 userPassword(password)={CRYPT}xGHI86Ktls homeDirectory(userdb_home)=/home/vmail/sbernett Oct? 3 12:19:27 mymailServer dovecot: auth(default): client out: OK#0111#011user=sbernett Oct? 3 12:19:27 mymailServer dovecot: auth(default): master in: REQUEST#0114#0112686#0111 Oct? 3 12:19:27 mymailServer dovecot: auth(default): passwd(sbernett,50.4.39.163): lookup Oct? 3 12:19:27 mymailServer dovecot: auth(default): passwd(sbernett,50.4.39.163): unknown user Oct? 3 12:19:27 mymailServer dovecot: auth(default): master out: USER#0114#011sbernett#011uid=106#011gid=106#011home=/home/vmail/sbernett Oct? 3 12:19:27 mymailServer dovecot: imap-login: Login: user=, method=PLAIN, rip=50.4.39.163, lip=50.4.39.164 Oct? 3 12:19:27 mymailServer dovecot: IMAP(sbernett): Disconnected in IDLE bytes=9/292 Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: warning: No server certs available. TLS won't be enabled Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: connect from localhost[127.0.0.1] Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: 182292400AE: client=localhost[127.0.0.1] Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: lost connection after DATA (0 bytes) from localhost[127.0.0.1] Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: disconnect from localhost[127.0.0.1] Next, I tried to see if there are any the difference in the mail.log when logging into the squirrelmail (which is working for me) Oct? 3 12:31:32 mymailServer dovecot: auth(default): ldap(sbernett,127.0.0.1): pass search: base=ou=accounts,dc=example,dc=com scope=subtree filter=(&(objectClass=posixAccount)(uid=sbernett)) fields=uid,userPassword,homeDirectory,uidNumber,gidNumber Oct? 3 12:31:32 mymailServer dovecot: auth(default): ldap(sbernett,127.0.0.1): result: uid(user)=sbernett uidNumber(userdb_uid)=106 gidNumber(userdb_gid)=106 userPassword(password)={CRYPT}xGHI86Ktls homeDirectory(userdb_home)=/home/vmail/sbernett Oct? 3 12:31:32 mymailServer dovecot: auth(default): client out: OK#0111#011user=sbernett Oct? 3 12:31:32 mymailServer dovecot: auth(default): master in: REQUEST#0114#0112485#0111 Oct? 3 12:31:32 mymailServer dovecot: auth(default): passwd(sbernett,127.0.0.1): lookup Oct? 3 12:31:32 mymailServer dovecot: auth(default): passwd(sbernett,127.0.0.1): unknown user Oct? 3 12:31:32 mymailServer dovecot: auth(default): master out: USER#0114#011sbernett#011uid=1004#011gid=1004#011home=/home/vmail/sbernett Oct? 3 12:31:32 mymailServer dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured The only thing I noticed different between the two is the IP addresses in rip and lip. Is there a way to tell the IMAP server to allow the remote IP addresses to connect. Here is my dovecot.conf # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-34-generic-pae i686 Ubuntu 10.04.3 LTS ext4 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap listen: *:143 ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login verbose_proctitle: yes first_valid_uid: 106 last_valid_uid: 1000 mail_privileged_group: mail mail_location: maildir:/home/vmail/%u/Maildir mbox_write_locks: fcntl dotlock mail_plugins: quota imap_quota imap_client_workarounds: delay-newmail outlook-idle netscape-eoh lda: ? postmaster_address: postmaster at mailtest.dyndns-free.com ? mail_plugins: quota ? sendmail_path: /usr/lib/sendmail ? rejection_reason: Your message to <%t> was automatically rejected:%n%r ? auth_socket_path: /var/run/dovecot-auth-master auth default: ? mechanisms: plain login ? username_format: %Lu ? verbose: yes ? debug: yes ? debug_passwords: yes ? passdb: ??? driver: pam ? passdb: ??? driver: ldap ??? args: /etc/dovecot/dovecot-ldap.conf ? userdb: ??? driver: passwd ? userdb: ??? driver: static ??? args: uid=106 gid=106 home=/home/vmail/%u allow_all_users=yes ? socket: ??? type: listen ??? client: ????? path: /var/spool/postfix/private/auth ????? mode: 432 ????? user: postfix ????? group: mail ??? master: ????? path: /var/run/dovecot-auth-master ????? mode: 432 ????? user: vmail ????? group: vmail plugin: ? quota: maildir ? quota_rule: *:storage=3GB ? quota_rule2: Trash:storage=20%% ? quota_rule3: Spam:storage=10%% ? quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95 ? quota_warning2: storage=80%% /usr/local/bin/quota-warning.sh 80 Here is my postfix.cf myhostname = mymailserver mydomain = example.com mydestination = localhost.$mydomain,localhost,$mydomain,$myhostname local_recipient_maps = ldap:/etc/postfix/ldap-user-auth.cf virtual_transport = dovecot virtual_mailbox_domains = vexample.com virtual_mailbox_base = /home/vmail virtual_mailbox_maps = hash:/etc/postfix/virtual_mailboxes virtual_minimum_uid = 100 virtual_uid_maps = static:106 virtual_gid_maps = static:106 relayhost = mynetworks = 127.0.0.0/8, 192.168.1.0/24, 50.4.39.163, 50.4.39.164 mynetworks_style = subnet mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = ipv4 mail_spool_directory = /var/spool/mail smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanomymous smtpd_tls_auth_only = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_sender_login_mismatch smtpd_sasl_local_domain = vexample.com dovecot_destination_recipient_limit = 1 Any help would be greatly appreciated. Thank you From ffiore at babel.it Mon Oct 3 11:53:03 2011 From: ffiore at babel.it (Francesco Fiore) Date: Mon, 03 Oct 2011 10:53:03 +0200 Subject: [Dovecot] Timeout leak in get quota In-Reply-To: <4E846D31.6010900@gmail.com> References: <4E846D31.6010900@gmail.com> Message-ID: <4E8977EF.80107@babel.it> Hi! I've the same problem. I use the same input string inside a Java standalone application. The request would appear correct and I receive always a correct response but Dovecot print the same warning into the log... My Dovecot version is 2.0.13. Thanks in advance for any help! Francesco On 29/09/11 15:05, Danilo wrote: > Hello! > I wrote perl script for read current quota usage, it works but when I run the > program I receive a warning in Dovecot log: > > 2011-09-29 14:45:30 doveadm(guest at testmail.com): Warning: Timeout leak: > 0x7f14800ad970 > > This is the script: > =============================== > #!/usr/bin/perl > > use strict; > use Socket; > use IO::Handle; > > socket(TSOCK, PF_UNIX, SOCK_STREAM,0); > connect(TSOCK, sockaddr_un("/var/run/dovecot/doveadm-server")) or print("ERROR!"); > > print "VERSION\tdoveadm-server\t1\t0\n"; > print "\tguest\@testmail.com\tquota get\n"; > print "=" x 20 . "\n"; > > if (defined(my $messg = )) { > > print $messg; > > print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; > TSOCK->flush; > > print TSOCK "\tguest\@testmail.com\tquota get\n"; > TSOCK->flush; > > $messg = ; > print $messg; > > $messg = ; > print $messg; > > close TSOCK; > } > ============================= > I hope someone could help me to fix the warning. > Thanks in advance, > Dany -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 554 bytes Desc: OpenPGP digital signature URL: From andrew.hearn at aa.net.uk Mon Oct 3 13:35:51 2011 From: andrew.hearn at aa.net.uk (Andrew Hearn) Date: Mon, 03 Oct 2011 11:35:51 +0100 Subject: [Dovecot] 1.2.17 Program terminated with signal 11, Segmentation fault. Message-ID: <4E899007.7080603@aa.net.uk> Hello, We've had seg faults a couple of times a day on our servers, we upgraded to 1.2.17 and still have them. running a coredump through dbg says: Reading symbols from /usr/local/libexec/dovecot/imap-login...done. [New Thread 27962] Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff083f4000 Core was generated by `imap-login -D'. Program terminated with signal 11, Segmentation fault. #0 0x000000000041388b in io_file_unlink (_io=, closed=true) at ioloop.c:70 70 if (io->next != NULL) dovecot -n is at http://pastebin.ca/SQjrseJD (pass timo) Linux 2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:13:52 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux We use NFS for mail store, and ramdisk for dovecot indexes. We do run the mail_log plugin. Let me know if you need any more info though. -- Andrew Hearn. AAISP Technical Support Team Leader Tel: 03333 400999 From f.bonnet at esiee.fr Mon Oct 3 14:52:07 2011 From: f.bonnet at esiee.fr (Frank Bonnet) Date: Mon, 03 Oct 2011 13:52:07 +0200 Subject: [Dovecot] clarifications on shared mailboxes Message-ID: <4E89A1E7.8090301@esiee.fr> Hello I need some clarifications on shared mailboxes. Actually we use MBOX format with "real" unix users , but I've been asked to create some shared mailboxes for some users who need to have some for their working groups. What would be the best way to create those shared mailboxes ? Would it be possible to create some "shared space" on the server in maildir format to get advantage of the last seen flag ? If yes some config examples would be a great help. See attach the doveconf -n output ( certificates names have been obscured ;-) ) Thank you. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: doveconf.txt URL: From rventura at h-st.com Mon Oct 3 17:29:39 2011 From: rventura at h-st.com (Romer Ventura) Date: Mon, 3 Oct 2011 09:29:39 -0500 Subject: [Dovecot] Multiple LDAP authentication servers Message-ID: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> Hello, We are performing a Domain migration and I was wondering if there was any way to get Dovecot to authenticate to more than 1 LDAP server? Currently dovecot is configure to query the "mail" attribute from Active Directory and when found it binds with the credentials the user provided. This works fine, but when migrating user accounts, they get disabled in the source domain so that the user can no longer log on to it. But disabling the account in the source domain, causes the user to be unable to use his email account. Is there any way to get dovecot to try a second LDAP server if the first one fails to authenticate..? ~# dovecot -n # 1.2.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.29-xs5.5.0.15 i686 Debian 5.0.4 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps imap ssl_cert_file: /etc/ssl/certs/smtpd.crt ssl_key_file: /etc/ssl/private/smtpd.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_user: postfix mail_privileged_group: mail mail_uid: vmail mail_gid: vmail mail_location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir mbox_write_locks: fcntl dotlock imap_client_workarounds: delay-newmail outlook-idle netscape-eoh lda: postmaster_address: postmaster at h-st.com auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver-info.log auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth-client mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail Thanks -------- Romer Ventura From joseba.torre at ehu.es Mon Oct 3 18:22:11 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 3 Oct 2011 17:22:11 +0200 Subject: [Dovecot] Multiple LDAP authentication servers In-Reply-To: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> References: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> Message-ID: <201110031722.11749.joseba.torre@ehu.es> On Lunes 03 Octubre 2011 16:29:39 Romer Ventura escribi?: > Is there any way to get dovecot to try a second LDAP server if the first > one fails to authenticate..? Sure; just add a second passdb (maybe you also need a second userdb) pointing to the other server. Something like passdb ldap { args = /usr/local/etc/AD.conf } passdb ldap { args = /usr/local/etc/second.conf } HTH -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From rventura at h-st.com Mon Oct 3 18:27:44 2011 From: rventura at h-st.com (Romer Ventura) Date: Mon, 3 Oct 2011 10:27:44 -0500 Subject: [Dovecot] Multiple LDAP authentication servers In-Reply-To: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> References: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> Message-ID: <0e3001cc81e0$ff7ad840$fe7088c0$@h-st.com> -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Romer Ventura Sent: Monday, October 03, 2011 9:30 AM To: dovecot at dovecot.org Subject: [Dovecot] Multiple LDAP authentication servers Hello, We are performing a Domain migration and I was wondering if there was any way to get Dovecot to authenticate to more than 1 LDAP server? Currently dovecot is configure to query the "mail" attribute from Active Directory and when found it binds with the credentials the user provided. This works fine, but when migrating user accounts, they get disabled in the source domain so that the user can no longer log on to it. But disabling the account in the source domain, causes the user to be unable to use his email account. Is there any way to get dovecot to try a second LDAP server if the first one fails to authenticate..? ~# dovecot -n # 1.2.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.29-xs5.5.0.15 i686 Debian 5.0.4 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps imap ssl_cert_file: /etc/ssl/certs/smtpd.crt ssl_key_file: /etc/ssl/private/smtpd.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_user: postfix mail_privileged_group: mail mail_uid: vmail mail_gid: vmail mail_location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir mbox_write_locks: fcntl dotlock imap_client_workarounds: delay-newmail outlook-idle netscape-eoh lda: postmaster_address: postmaster at h-st.com auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver-info.log auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth-client mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail ************************************************** Also I forgot to mention that these are different domains, we are not authenticating to DOMAIN-AAA.COM and we would like to authenticate to DOMAIN-BBB.LAN while still allowing authentication to DOMAIN-AAA.COM. The Base DNs and domains are different. Possible? Thanks From rventura at h-st.com Mon Oct 3 18:34:47 2011 From: rventura at h-st.com (Romer Ventura) Date: Mon, 3 Oct 2011 10:34:47 -0500 Subject: [Dovecot] Multiple LDAP authentication servers In-Reply-To: <201110031722.11749.joseba.torre@ehu.es> References: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> <201110031722.11749.joseba.torre@ehu.es> Message-ID: <0e3201cc81e1$fb9ee120$f2dca360$@h-st.com> So you are saying I can define multiple passdb and userdb, each pointing to a different ldap config file? Thanks -------- Romer Ventura -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Joseba Torre Sent: Monday, October 03, 2011 10:22 AM To: dovecot at dovecot.org Subject: Re: [Dovecot] Multiple LDAP authentication servers On Lunes 03 Octubre 2011 16:29:39 Romer Ventura escribi?: > Is there any way to get dovecot to try a second LDAP server if the > first one fails to authenticate..? Sure; just add a second passdb (maybe you also need a second userdb) pointing to the other server. Something like passdb ldap { args = /usr/local/etc/AD.conf } passdb ldap { args = /usr/local/etc/second.conf } HTH -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From joseba.torre at ehu.es Mon Oct 3 18:50:36 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 3 Oct 2011 17:50:36 +0200 Subject: [Dovecot] Multiple LDAP authentication servers In-Reply-To: <0e3201cc81e1$fb9ee120$f2dca360$@h-st.com> References: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> <201110031722.11749.joseba.torre@ehu.es> <0e3201cc81e1$fb9ee120$f2dca360$@h-st.com> Message-ID: <201110031750.36470.joseba.torre@ehu.es> On Lunes 03 Octubre 2011 17:34:47 Romer Ventura escribi?: > So you are saying I can define multiple passdb and userdb, each pointing to > a different ldap config file? That's it. You may define as many as you need, and each one is independent. If the 1st one fails dovecot will try the 2nd one, then the 3rd one and so on. -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From ejs at shubes.net Mon Oct 3 19:55:40 2011 From: ejs at shubes.net (Eric Shubert) Date: Mon, 03 Oct 2011 09:55:40 -0700 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: <1317576487.21919.50.camel@hurina> References: <1317482192.21919.47.camel@hurina> <1317576487.21919.50.camel@hurina> Message-ID: On 10/02/2011 10:28 AM, Timo Sirainen wrote: > On Sun, 2011-10-02 at 08:53 -0700, Eric Shubert wrote: >> >> >> Oct 02 08:21:40 auth: Info: password(gary at domain.com,192.168.252.8): >> Requested DIGEST-MD5 scheme, but we have only SHA1 > > Oh. This was vpopmail specific problem. See if this fixes: > http://hg.dovecot.org/dovecot-2.0/rev/dbd5f9ec38af > > > Thanks Timo. Two things. First, I don't think this is a comprehensive fix covering all situations, though I could be wrong. One problem with it is that if the password is changed and the plaintext client isn't active, one would need to wait for the cached plaintext record to expire before being able to log in with an encoded password. Another problem might be if there are two separate clients, one using digest-md5 and another using cram-md5, I think the second one used would still fail. No? I'm not sure how best to handle any combination of clients and authentication mechanisms, so I'll leave the solution to your design. Second and perhaps more importantly, it occurred to me that simply using %u as the cache key might be a significant security hole. If passwords are cached using only the user account, what's to prevent someone else, using another client with the same authentication mechanism at a different IP address, from gaining access to an account that's cached? Perhaps I'm not understanding this right, but I think that using %u%r as the cache key closes this hole, and should probably be recommended in the documentation. I could (as always) be totally off base on this, so please explain if I'm misunderstanding something. Thanks again, Timo. Great work on dovecot. -- -Eric 'shubes' From jtam.home at gmail.com Tue Oct 4 03:05:32 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 3 Oct 2011 17:05:32 -0700 (PDT) Subject: [Dovecot] SSL only for external connections In-Reply-To: References: Message-ID: On Sun, 2 Oct 2011, Simon Brereton writes: > I don't have that file. Part of the problem is that I'm confused > between protocols and wrappers and interfaces :) Dick and Michael have > persuaded me that it's just easier to for Horde not to ask for TLS on > port 143 - because that's in fact what I was doing - and it's > pointless. > > Nonetheless, I think it would be nice to tell Dovecot listen on the > local interface for IMAP. Listen on the external interface for IMAP, > IMAPS, POP and POP3S. But if there's not simple way to do that I don't > have a valid use-case for doing it right now. I got into this thread rather late so maybe I missed something here. If you have different policies for your interface, you can run two different instances of dovecot (with 2 different base directories and sets of configuration files). I haven't tried it, but maybe it's also possible have interface specific CAPA strings and remove STARTTLS. Dovecot will support unencrypted sessions over the localhost interface, but your webmail seems to opportunistcally use it when offered, so don't offer it. Joseph Tam From terryjames9461 at mm.st Tue Oct 4 08:24:54 2011 From: terryjames9461 at mm.st (terryjames9461 at mm.st) Date: Mon, 03 Oct 2011 22:24:54 -0700 Subject: [Dovecot] What best decision to make for flatfiles or SQL when I use Dovecot2 + Postfix together? In-Reply-To: References: <1317138678.29156.140258148311993@webmail.messagingengine.com><4E8207F5.2070105@whyscream.net><1317160829.10644.140258148445373@webmail.messagingengine.com><20110927180632.Horde.jPUpZZLnE6FOgkjoSa5RRHA@kishi.patrickdk.com><1317161652.13631.140258148451673@webmail.messagingengine.com> Message-ID: <1317705894.27535.140258150723349@webmail.messagingengine.com> Thanks to all for the instructions. I am working on the flatfile approach and making good progress. I also set up some test MySQL options and they work too. So I have the future plans already in my hand! TJ From jeetendra.p at directi.com Tue Oct 4 10:39:37 2011 From: jeetendra.p at directi.com (Jeetu) Date: Tue, 04 Oct 2011 13:09:37 +0530 Subject: [Dovecot] Missing man page for doveadm move In-Reply-To: <4E8227FA.8030608@localhost.localdomain.org> References: <4E7B5389.7050907@directi.com> <4E8227FA.8030608@localhost.localdomain.org> Message-ID: <4E8AB839.4060109@directi.com> Thanks pascal. On 28/09/11 1:16 AM, Pascal Volk wrote: > On 09/22/2011 05:26 PM Jeetu wrote: >> Hi, >> >> i cant see man pages for doveadm-move, though the command "doveadm move >> ..." works on new version of dovecot. > There is the manual page: > http://hg.dovecot.org/dovecot-2.0/rev/c194c76b98ff also available in the > wiki: http://wiki2.dovecot.org/Tools/Doveadm/Move > > > Regards, > Pascal -- -Jeetu ------------------ Powered by BigRock From linuxmail at 4lin.net Tue Oct 4 10:41:49 2011 From: linuxmail at 4lin.net (Denny Schierz) Date: Tue, 04 Oct 2011 09:41:49 +0200 Subject: [Dovecot] sieve vacation reply In-Reply-To: <4E383E9F.5020503@zero-spam.fr> References: <4DD29C5D.4070405@cimr.cam.ac.uk> <4E37CF9D.2010209@zero-spam.fr> <4E37D891.1010103@rename-it.nl> <4E37F106.2050500@zero-spam.fr> <4E3804C7.1030503@rename-it.nl> <4E381F8C.5010702@rename-it.nl> <4E383E9F.5020503@zero-spam.fr> Message-ID: <1317714109.29009.51.camel@pcdenny> Am Dienstag, den 02.08.2011, 20:14 +0200 schrieb St?phane Wartel: > Hi Stephan, > > Yep, after some tests you 're right, it's not possible. > So, I use :addresses in sieve script and will try -a or -r arguments in > LDA command from postfix with the next release. did you get it working with -a or -r ? cu denny -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: From urushkin at telros.ru Tue Oct 4 12:01:36 2011 From: urushkin at telros.ru (Sergey Urushkin) Date: Tue, 04 Oct 2011 13:01:36 +0400 Subject: [Dovecot] GSSAPI and deny=yes passdb Message-ID: <4E8ACB70.7060004@telros.ru> Hi. Is it possible to use GSSAPI authentication and deny passdb together? Seems it doesn't work as I expect: GSSAPI doesn't check deny passdb, so I'm not able to restrict access to GSSAPI-users. I can see these in logs when user tries to connect with PLAIN authentication (via pam_krb5): Oct 4 11:14:31 vm03 auth: Debug: passwd-file(testuser,172.17.0.123): lookup: user=testuser file=/etc/dovecot/auth.d/.passwd-deny Oct 4 11:14:31 vm03 dovecot: auth: passdb(tesetuser,172.17.0.123): User found from deny passdb But that's what I see if user logs in with GSSAPI: ... Oct 4 11:21:38 vm03 dovecot: auth: Debug: gssapi(testuser at REALM.LAN,172.17.0.123): Negotiated security layer Oct 4 11:21:38 vm03 dovecot: auth: Debug: client out: CONT#0111#011BQQF/wAMAAAAAAAAKSUwaQH///+3JRmZMw01WMX+CHM= Oct 4 11:21:38 vm03 dovecot: auth: Debug: client in: CONT Oct 4 11:21:38 vm03 dovecot: auth: Debug: client out: OK#0111#011user=testuser Oct 4 11:21:38 vm03 dovecot: auth: Debug: passwd-file(testuser,172.17.0.123): lookup: user=testuser file=/etc/dovecot/auth.d/.passwd-ldap Oct 4 11:21:38 vm03 dovecot: auth: Debug: master out: USER#0111632763905#011testuser#011home=/var/mail/realm.lan/testuser Oct 4 11:21:38 vm03 dovecot: imap-login: Login: user=, method=GSSAPI, rip=172.17.0.123, lip=172.25.0.35, mpid=1085 Here is my auth configuration: auth_mechanisms = plain login apop gssapi # Kerberos auth_realms = REALM.LAN auth_gssapi_hostname = vm03.realm.lan auth_krb5_keytab = /etc/dovecot/dovecot.keytab ###### # PASSDB # Denied users passdb { driver = passwd-file deny = yes args = username_format=%n /etc/dovecot/auth.d/%d.passwd-deny } # Internal manual passwd-file passdb { driver = passwd-file args = scheme=CRAM-MD5 username_format=%n /etc/dovecot/auth.d/%d.passwd # override_fields = allow_nets=127.0.0.0/8,172.16.0.0/12 } # External passwd-file passdb { driver = passwd-file args = scheme=CRAM-MD5 username_format=%n /etc/dovecot/auth.d/%d.passwd-ext } # Internal kerberos pam passdb { driver = pam args = max_requests=100 cache_key=%u%r dovecot # override_fields = allow_nets=127.0.0.0/8,172.16.0.0/12 } ###### #USERDB # Manual passwd-file userdb { driver = passwd-file args = username_format=%n /etc/dovecot/auth.d/%d.passwd # default_fields = home=/var/mail/%d/%n } # External passwd-file userdb { driver = passwd-file args = username_format=%n /etc/dovecot/auth.d/%d.passwd-ext # default_fields = home=/var/mail/%d/%n } # Automatic passwd-file, imported from LDAP. UserDB only userdb { driver = passwd-file args = username_format=%n /etc/dovecot/auth.d/%d.passwd-ldap # default_fields = home=/var/mail/%d/%n } ### END #### /etc/dovecot/auth.d/realm.lan.passwd-ldap: testuser:::::/var/mail/realm.lan/testuser:: testuser2:::::/var/mail/realm.lan/testuser:: ... /etc/dovecot/auth.d/realm.lan.passwd-deny: testuser /etc/dovecot/auth.d/realm.lan.passwd* are symlinked to /etc/dovecot/auth.d/.passwd* to allow users without domain part (auth_default_realm doesnt work with pam) I know that in my case I can just exclude denied users from .passwd-ldap file, and even use .passwd-deny as filter file:) But problem exists and should be solved, I think. Thanks. -- Best regards, Sergey Urushkin From jtl+dovecot at uvm.edu Tue Oct 4 20:31:44 2011 From: jtl+dovecot at uvm.edu (Jim Lawson) Date: Tue, 04 Oct 2011 13:31:44 -0400 Subject: [Dovecot] trouble setting up director, "invalid argument" for connect() call Message-ID: <4E8B4300.4060004@uvm.edu> Hi Timo & everyone, I'm trying out a 2-node director setup, but I keep getting the following error: Oct 3 16:11:29 imapdir1 dovecot: master: Dovecot v2.0.15 starting up (core dumps disabled) Oct 3 16:11:34 imapdir1 dovecot: director: Error: connect(132.198.100.150:9090) failed: Invalid argument Oct 3 16:11:41 imapdir1 last message repeated 3 times Both nodes report this error. The director on each node is listening on port 9090 just fine: > [root at imapdir1 ~]# nc imapdir2 9090 > VERSION director 1 0 > ME 127.0.0.1 9090 > [root at imapdir2 ~]# nc imapdir1 9090 > VERSION director 1 0 > ME 127.0.0.1 9090 "doveadm director ring status" always reports failure of the peer: > [root at imapdir1 ~]# doveadm director ring status > director ip port type last > failed > 127.0.0.1 9090 self > never > 132.198.100.150 9090 2011-10-04 > 13:28:55 > [root at imapdir2 ~]# doveadm director ring status > director ip port type last > failed > 127.0.0.1 9090 self > never > 132.198.100.149 9090 2011-10-04 > 13:24:08 Has anyone else seen this? FWIW, a single-node director works fine, proxying IMAP, LMTP and POP. I'm guessing I have a broken config, but if I do I can't figure it out. Hope I'm not missing something *too* obvious... Here's doveconf -n from imapdir1: # 2.0.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-274.3.1.el5 x86_64 Red Hat Enterprise Linux Server release 5.7 (Tikanga) base_dir = /var/run/dovecot/ director_mail_servers = penguina.uvm.edu penguinb.uvm.edu penguinc.uvm.edu director_servers = imapdir1.uvm.edu imapdir2.uvm.edu lmtp_proxy = yes login_trusted_networks = 132.198.101.211,132.198.101.212,132.198.101.213,132.198.101.214,132.198.101.215,132.198.101.216,132.198.100.45,132.198.100.46,132.198.100.47 passdb { args = proxy=y nopassword=y protocol=smtp driver = static } service auth { unix_listener auth-userdb { group = mail mode = 0660 user = dovecot } } service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { port = 9090 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director } service lmtp { client_limit = 1 inet_listener lmtp { port = 24 } unix_listener /var/lib/dovecot/lmtp-socket { group = root mode = 0600 user = root } } Best, Jim From listas.correo at yahoo.es Wed Oct 5 18:49:03 2011 From: listas.correo at yahoo.es (mailing lists) Date: Wed, 5 Oct 2011 16:49:03 +0100 (BST) Subject: [Dovecot] doveadm(user001): Fatal: passdb lookup failed Message-ID: <1317829743.39291.YahooMailNeo@web29105.mail.ird.yahoo.com> Hello all, why I can run whis command: imap1:~ # doveadm user user001 userdb: user001 ? mail????? : maildir:/var/maildir/vol04/4/46/user001 ? home????? : /var/mailfilter/vol04/4/46/user001 ? quota_rule: *:bytes=100000000 but not this one: imap1:~ # doveadm quota get -u user001 doveadm(user001): Error: user user001: Auth PASS lookup failed doveadm(user001): Fatal: passdb lookup failed what I'm missing ? ??? /-------------------/ imap1:/etc/dovecot # grep ^[^#] dovecot-ldap.conf.ext uris = ldap://ldap.example.com dn = cn=admin,dc=example,dc=com dnpass = secret sasl_bind = no tls = no auth_bind = yes ldap_version = 3 base = dc=example,dc=com deref = never scope = subtree user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home,mailQuota=quota_rule=*:bytes=%$ user_filter = (&(objectClass=CourierMailAccount)(uid=%n)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=CourierMailAccount)(uid=%n)) iterate_filter = (objectClass=CourierMailAccount) imap1:/etc/dovecot # dovecot -n # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.34.7-0.7-xen x86_64 openSUSE 11.3 (x86_64) auth_debug = yes auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no doveadm_proxy_port = 24244 doveadm_socket_path = localhost:24244 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_debug = yes mail_fsync = always mail_gid = 5000 mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = acl quota notify quota = maildir:User Quota quota_exceeded_message = Quota exceded quota_rule2 = Trash:storage=+50M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=90%% quota-warning 90 %u mail_uid = 5000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mmap_disable = yes namespace { ? inbox = yes ? list = yes ? location = ? prefix = ? separator = . ? subscriptions = yes } namespace { ? hidden = yes ? inbox = no ? list = no ? location = ? prefix = INBOX. ? separator = . ? subscriptions = no } namespace { ? list = children ? location = maildir:/var/virtual-maildir/%%n:INDEX=~/shared.%%n ? prefix = shared.%%n. ? separator = . ? subscriptions = no ? type = shared } passdb { ? args = /etc/dovecot/dovecot-ldap.conf.ext ? driver = ldap } plugin { ? acl = vfile ? acl_shared_dict = file:/var/maildir/shared-mailboxes ? mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append ? mail_log_fields = uid box msgid from subject size vsize flags ? mail_plugins = " mail_log notify" ? sieve = ~/.dovecot.sieve ? sieve_dir = ~/sieve } postmaster_address = nonresponse at example.com service auth { ? unix_listener auth-userdb { ??? group = vmail ??? mode = 0600 ??? user = vmail ? } } service dict { ? unix_listener dict { ??? group = vmail ??? mode = 0600 ??? user = vmail ? } } service doveadm { ? inet_listener { ??? port = 24244 ? } } service imap { ? process_limit = 1024 } service lmtp { ? inet_listener lmtp { ??? port = 24 ? } ? unix_listener lmtp { ??? group = vmail ??? mode = 0666 ??? user = vmail ? } } service pop3-login { ? inet_listener pop3 { ??? port = 110 ? } } service pop3 { ? process_limit = 1024 } service quota-warning { ? executable = script /etc/dovecot/quota-warning.sh ? user = vmail } ssl = no userdb { ? args = /etc/dovecot/dovecot-ldap.conf.ext ? driver = ldap } verbose_proctitle = yes protocol lmtp { ? mail_plugins = acl quota notify sieve } protocol lda { ? mail_plugins = acl quota notify sieve } protocol imap { ? mail_max_userip_connections = 100 ? mail_plugins = acl quota notify imap_acl autocreate imap_quota } protocol pop3 { ? pop3_uidl_format = %v-%u } local 100.1.245.101/28/28 { ? doveadm_password = secret } From pbrechler at mac.com Wed Oct 5 19:11:25 2011 From: pbrechler at mac.com (Philip Brechler) Date: Wed, 05 Oct 2011 18:11:25 +0200 Subject: [Dovecot] Dovecot + managesieve + ldap not working Message-ID: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> Hi, I want to use managesieve in my dovecot server which uses virtual users and a ldap for the users. This is in my dovecot.conf: # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 3.0.0-x86_64-jb1 x86_64 Debian 6.0.1 ext3 log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot-info.log log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps managesieve listen(default): * listen(imap): * listen(managesieve): *:2000 disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_uid: 5000 mail_gid: 5000 mail_location: maildir:/var/mail/%u/Maildir mail_debug: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve lda: postmaster_address: pbrechler at piratenfraktion-berlin.de mail_plugins: sieve mail_plugin_dir: /usr/lib/dovecot/modules/lda auth default: mechanisms: plain login verbose: yes debug: yes passdb: driver: pam passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: sieve_dir: /var/mail/sievescript/%u_scripts/ sieve_extensions: +imapflags And my ldap conf: hosts = ldap.piratenfraktion-berlin.de auth_bind = yes auth_bind_userdn = uid=%u,ou=people,dc=domain,dc=de ldap_version = 3 base = dc=domaindc=de deref = never scope = subtree user_attrs = uid=mail=maildir:/var/mail/%$/Maildir/ user_filter = (|(&(objectClass=organizationalPerson)(uid=%Ln))(&(objectClass=organizationalPerson)(mail=%Lu))) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=organizationalPerson)(uid=%u)) If I try to talk to managesieve with telnet this happens: Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "dovecot" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator- i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags" "SASL" "PLAIN LOGIN" "STARTTLS" "NOTIFY" "mailto" "VERSION" "1.0" OK "Dovecot ready." # ca. 2 Seconds pause AUTHENTICATE "PLAIN" "xxxxxxxxxxxxx" BYE "Internal error occured. Refer to server log for more information. [2011-10-02 00:48:09]" Connection closed by foreign host. Dies is a log reading 2011-10-02 00:48:09 MANAGESIEVE(user): Fatal: Failed to create sieve storage with data: /var/mail/sievescript/user_scripts But the permissions are 775 dovecot:dovecot and the system tells me that dovecot was the last user who had access to the directory. Can someone help me? Thanks! kind regards Philip Brechler -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4755 bytes Desc: not available URL: From stephan at rename-it.nl Wed Oct 5 22:04:31 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 05 Oct 2011 21:04:31 +0200 Subject: [Dovecot] Dovecot + managesieve + ldap not working In-Reply-To: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> References: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> Message-ID: <4E8CAA3F.6010405@rename-it.nl> On 10/5/2011 6:11 PM, Philip Brechler wrote: > I want to use managesieve in my dovecot server which uses virtual users and a ldap for the users. This is in my dovecot.conf: > > # 1.2.15: /etc/dovecot/dovecot.conf [...] > mail_location: maildir:/var/mail/%u/Maildir > mail_debug: yes [...] > plugin: > sieve_dir: /var/mail/sievescript/%u_scripts/ [...] > If I try to talk to managesieve with telnet this happens: > > BYE "Internal error occured. Refer to server log for more information. [2011-10-02 00:48:09]" > Connection closed by foreign host. > > Dies is a log reading > > 2011-10-02 00:48:09 MANAGESIEVE(user): Fatal: Failed to create sieve storage with data: /var/mail/sievescript/user_scripts > > But the permissions are 775 dovecot:dovecot and the system tells me that dovecot was the last user who had access to the directory. I'd expect to see more errors and debug messages preceding the log line above. Looking at your config, I suspect your problem has something to do with the fact that you provide no 'home' directory for your users. The default location of the active sieve script (as configured with sieve=) is ~/.dovecot.sieve. You don't override this, so this is what you are now using. Since no home directory is defined, ~/ cannot be substituted, causing this failure (there must be an error about this in your logs somewhere). You can do something analogous to your sieve_dir setting and use % variable substitution in your sieve= setting. Still, having no home directory for your users is a bad idea. Read the wiki for more information: http://wiki2.dovecot.org/VirtualUsers/Home Also read this carefully: http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Configuration Regards, Stephan. From pbrechler at mac.com Wed Oct 5 22:20:41 2011 From: pbrechler at mac.com (Philip Brechler) Date: Wed, 05 Oct 2011 21:20:41 +0200 Subject: [Dovecot] Dovecot + managesieve + ldap not working In-Reply-To: <4E8CAA3F.6010405@rename-it.nl> References: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> <4E8CAA3F.6010405@rename-it.nl> Message-ID: <1F1F4640-2532-40EF-A06C-B3D881F9C3A5@mac.com> Am 05.10.2011 um 21:04 schrieb Stephan Bosch: > On 10/5/2011 6:11 PM, Philip Brechler wrote: > > I'd expect to see more errors and debug messages preceding the log line above. > > Looking at your config, I suspect your problem has something to do with the fact that you provide no 'home' directory for your users. The default location of the active sieve script (as configured with sieve=) is ~/.dovecot.sieve. You don't override this, so this is what you are now using. Since no home directory is defined, ~/ cannot be substituted, causing this failure (there must be an error about this in your logs somewhere). You can do something analogous to your sieve_dir setting and use % variable substitution in your sieve= setting. Still, having no home directory for your users is a bad idea. Read the wiki for more information: > > http://wiki2.dovecot.org/VirtualUsers/Home > > Also read this carefully: > > http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Configuration > Hi, thanks for your fast response I added a sieve= Option and now I get this log reading until it fails with the same error massage in telnet Info: client out: OK 1 user=user 2011-10-05 21:15:53 auth(default): Info: master in: REQUEST 3 12101 1 2011-10-05 21:15:53 auth(default): Info: ldap(user,127.0.0.1): user search: base=dc=piratenfraktion-berlin,dc=de scope=subtree filter=(|(&(objectClass=organizationalPerson)(uid=user))(&(objectClass=organizationalPerson)(mail=user))) fields=uid 2011-10-05 21:15:53 auth(default): Info: ldap(user,127.0.0.1): result: uid(mail=maildir:/var/mail/%$/Maildir/)=maildir:/var/mail/user/Maildir/ 2011-10-05 21:15:53 auth(default): Info: master out: USER 3 user mail=maildir:/var/mail/user/Maildir/ 2011-10-05 21:15:53 managesieve-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured 2011-10-05 21:15:53 MANAGESIEVE(user): Info: Effective uid=5000, gid=5000, home=(none) 2011-10-05 21:15:53 MANAGESIEVE(user): Info: sieve-storage: using active sieve script path: /var/var/mail/sievescript/user_scripts/.dovecot.sieve 2011-10-05 21:15:53 MANAGESIEVE(user): Info: sieve-storage: using sieve script storage directory: /var/mail/sievescript/user_scripts/ That's it no more errors or anything. thanks. Philip -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4755 bytes Desc: not available URL: From stephan at rename-it.nl Wed Oct 5 22:46:37 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 05 Oct 2011 21:46:37 +0200 Subject: [Dovecot] Dovecot + managesieve + ldap not working In-Reply-To: <1F1F4640-2532-40EF-A06C-B3D881F9C3A5@mac.com> References: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> <4E8CAA3F.6010405@rename-it.nl> <1F1F4640-2532-40EF-A06C-B3D881F9C3A5@mac.com> Message-ID: <4E8CB41D.5010007@rename-it.nl> On 10/5/2011 9:20 PM, Philip Brechler wrote: > Am 05.10.2011 um 21:04 schrieb Stephan Bosch: > >> On 10/5/2011 6:11 PM, Philip Brechler wrote: >> >> I'd expect to see more errors and debug messages preceding the log line above. >> >> Looking at your config, I suspect your problem has something to do with the fact that you provide no 'home' directory for your users. The default location of the active sieve script (as configured with sieve=) is ~/.dovecot.sieve. You don't override this, so this is what you are now using. Since no home directory is defined, ~/ cannot be substituted, causing this failure (there must be an error about this in your logs somewhere). You can do something analogous to your sieve_dir setting and use % variable substitution in your sieve= setting. Still, having no home directory for your users is a bad idea. Read the wiki for more information: >> >> http://wiki2.dovecot.org/VirtualUsers/Home >> >> Also read this carefully: >> >> http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Configuration >> > Hi, > thanks for your fast response I added a sieve= Option and now I get this log reading until it fails with the same error massage in telnet > > Info: client out: OK 1 user=user > 2011-10-05 21:15:53 auth(default): Info: master in: REQUEST 3 12101 1 > 2011-10-05 21:15:53 auth(default): Info: ldap(user,127.0.0.1): user search: base=dc=piratenfraktion-berlin,dc=de scope=subtree filter=(|(&(objectClass=organizationalPerson)(uid=user))(&(objectClass=organizationalPerson)(mail=user))) fields=uid > 2011-10-05 21:15:53 auth(default): Info: ldap(user,127.0.0.1): result: uid(mail=maildir:/var/mail/%$/Maildir/)=maildir:/var/mail/user/Maildir/ > 2011-10-05 21:15:53 auth(default): Info: master out: USER 3 user mail=maildir:/var/mail/user/Maildir/ > 2011-10-05 21:15:53 managesieve-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured > 2011-10-05 21:15:53 MANAGESIEVE(user): Info: Effective uid=5000, gid=5000, home=(none) > 2011-10-05 21:15:53 MANAGESIEVE(user): Info: sieve-storage: using active sieve script path: /var/var/mail/sievescript/user_scripts/.dovecot.sieve > 2011-10-05 21:15:53 MANAGESIEVE(user): Info: sieve-storage: using sieve script storage directory: /var/mail/sievescript/user_scripts/ > > That's it no more errors or anything. In fact, I see no errors at all. That is not possible if you get that same critical error in telnet. I would also expect the following additional debug message: MANAGESIEVE(user): Info: sieve-storage: relative path to sieve storage in active link: ... Or an error aboutsieve_storage_verify_dir() failing. I'm not sure what is going on at your end. Make sure you are checking the correct log file: the BYE error in telnet has a time stamp that matches the line in your log file. Two additional things I notice: - You still don't return a home directory from your userdb. - You placed the active sieve script link (.dovecot.sieve) inside your sieve_dir directory (/var/mail/sievescript/user_scripts/). That is not recommended. I would recommend something like the following: sieve_dir=/var/mail/sievescript/%u/scripts/ sieve=/var/mail/sievescript/%u/.dovecot.sieve Regards, Stephan. From jtl+dovecot at uvm.edu Wed Oct 5 23:31:15 2011 From: jtl+dovecot at uvm.edu (Jim Lawson) Date: Wed, 05 Oct 2011 16:31:15 -0400 Subject: [Dovecot] trouble setting up director, "invalid argument" for connect() call [SOLVED] In-Reply-To: <4E8B4300.4060004@uvm.edu> References: <4E8B4300.4060004@uvm.edu> Message-ID: <4E8CBE93.4030603@uvm.edu> On 10/4/11 13:31 , Jim Lawson wrote: > Hi Timo & everyone, > > I'm trying out a 2-node director setup, but I keep getting the following > error: > > Oct 3 16:11:29 imapdir1 dovecot: master: Dovecot v2.0.15 starting up > (core dumps disabled) > Oct 3 16:11:34 imapdir1 dovecot: director: Error: > connect(132.198.100.150:9090) failed: Invalid argument > Oct 3 16:11:41 imapdir1 last message repeated 3 times I was specifying DNS names in director_servers (imapdir1.uvm.edu, imapdir2.uvm.edu). /etc/hosts listed 127.0.0.1 as the address for the local host name (in addition to "localhost"). This can happen on some RHEL installs that begin their life as DHCP clients. So when the director tried to figure out its self_ip, it always picked 127.0.0.1. Calling connect() using a localhost socket with a non-local address as destination just doesn't work so well, I guess. Seeing 127.0.0.1 as "self" in "doveadm director ring status" should have been a clue, but I hadn't seen the output before to have anything to compare it to. 2 easy fixes: specify real IP addresses in the director_servers config, or don't list 127.0.0.1 as your local hostname in /etc/hosts. Jim From mephistopheles at operamail.com Thu Oct 6 00:49:59 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Wed, 05 Oct 2011 14:49:59 -0700 Subject: [Dovecot] Only using LMTP-delivery, where should domain & user aliases be configured, Dovecot or MTA conf? Message-ID: <1317851399.18827.140258151483397@webmail.messagingengine.com> I have my MTA (Postfix) check Dovecot2 LMTP for existing users. No other delivery is done; this is a virtual/LMTP-only setup. I define known users in a Dovecot passwd-file, specified in conf.d/10-auth.conf passdb { args = ... username_format=%n /stor01/vmail/auth.d/%d/passwd e.g., vi /stor01/vmail/auth.d/mx1.domain1.com/passwd myuser:{scheme}####:... mail to: myuser at mx1.domain1.com is correctly auth'd and stored. I want two things to happen: (1) all mail to existing-users "@domain1.com" gets re-routed to "@mx1.domain1.com", i.e., map: myuser at domain1.com -> myuser at mx1.domain1.com and is accepted/not-rejected ONLY if 'myuser' is defined as a user in mx1.domain1.com/passwd and, (2) specific 'user' aliasing/remapping within a given domain, i.e. map: whatever at mx1.domain1.com -> myuser at mx1.domain1.com as long as 'myuser' is a defined user in mx1.domain1.com In these cases, where should I assign domain & mail aliases, Dovecot or the MTA's conf ? From charleschat at hotmail.com Thu Oct 6 02:11:31 2011 From: charleschat at hotmail.com (Ed Hochman) Date: Wed, 5 Oct 2011 19:11:31 -0400 Subject: [Dovecot] I'm the ONLY user that can get mail Message-ID: Hi, I'm stumped. I can access the postfix server to read my mail. BUT I'm the only user that can. Everyone else get rejected. Here's the syslog entry for another user: ...dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=192.168.0.51, lip=192.168.0.189 And here's an entry for me: ...dovecot: pop3-login: Login: user=, method=PLAIN, rip=192.168.0.51, lip=192.168.0.189 So ONLY I am able to get my mail. And this is consistent. The other users and passwords are valid. I've re-set them just to be sure. I suspect it's a rights issue but I've checked the rights for all /var/mail files and they're all the same except the owner of the file is the actual owner. I also checked all the rights for the files in /etc/dovecot. They all look OK and they all have root/root for the owner and user. Since I installed the system and did all the editing of the configuration files it's possible, but unlikely, that I'm the owner or group of some key file. I've looked for that but found nothing suspicious. Is it possible I may have given myself root access? I don't see how. My UID is 1000. Does the fact I'm the first user (per my UID) make a difference? I would think not. So I'm stumped. I don't have a clue as to where to look or what to do next. Any thoughts will be greatly appreciated. This is Dovecot 1.2.15 on Ubuntu 11.04. A new/clean install. Plaintext passwords are allowed. Here's dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 protocols: pop3 disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/pop3-login mail_privileged_group: mail mbox_write_locks: fcntl dotlock mail_executable: /usr/lib/dovecot/pop3 mail_plugin_dir: /usr/lib/dovecot/modules/pop3 auth default: passdb: driver: passwd passdb: driver: passwd-file args: /etc/passwd.dovecot userdb: driver: passwd Thanks From mimo at gn.apc.org Thu Oct 6 14:42:48 2011 From: mimo at gn.apc.org (Michael Moritz) Date: Thu, 6 Oct 2011 12:42:48 +0100 Subject: [Dovecot] too many open files and v1.2 Message-ID: <201110061242.48615.mimo@gn.apc.org> Hi I've found an older thread http://www.dovecot.org/list/dovecot/2010-March/047886.html which mentions that this is a bug in version 1. I'm on Debian squeeze (1:1.2.15-7) and got errors like these recently Oct 5 11:29:29 mail dovecot: dovecot: pipe() failed: Too many open files Oct 5 11:29:32 mail dovecot: dovecot: pipe() failed: Too many open files Oct 5 11:29:32 mail dovecot: dovecot: Temporary failure in creating login processes, slowing down for now As a work around I've increased login_max_processes_count from 256 to 512 and it seems to have helped (as I suspected stale opened files). My colleague thinks it's hitting the kernel open file limit ulimit -n (currently at 1024) but I don't see how that could happen if the number of process is nowhere near that. Any ideas? Thanks, Michael From dmiller at amfes.com Thu Oct 6 18:38:21 2011 From: dmiller at amfes.com (Daniel L. Miller) Date: Thu, 06 Oct 2011 08:38:21 -0700 Subject: [Dovecot] Group ACL Message-ID: Using Dovecot 2.0, LDAP userdb & passdb, with prefetch: hosts = myhost.mydomain dn = cn=x,cn=y dnpass = xyz123 auth_bind = yes auth_bind_userdn = uid=%n,ou=users,dc=x ldap_version = 3 base = ou=Users, dc=x user_attrs = =home=/var/mail/%d/%n, \ =mail=mdbox:/var/mail/%d/%n/mdbox, \ =uid=vmail, \ =gid=mail user_filter = (&(objectClass=inetOrgPerson)(mail=%u)) pass_attrs = mail=user, \ userPassword=password, \ =userdb_home=/var/mail/%d/%n, \ =userdb_mail=mdbox:/var/mail/%d/%n/mdbox, \ =userdb_uid=vmail, \ =userdb_gid=mail, \ =userdb_acl_groups='allshared' pass_filter = (&(objectClass=inetOrgPerson)(mail=%u)) iterate_attrs = mail=user iterate_filter = (&(objectClass=inetOrgPerson)(mail=*)) default_pass_scheme = plain I have added permissions for "$allshared" to a mailbox's Inbox. It does not appear in the shared folders list. Other mailboxes, with explicit permission for a given username, work fine. What am I doing wrong? -- Daniel From micah at riseup.net Thu Oct 6 20:22:29 2011 From: micah at riseup.net (Micah Anderson) Date: Thu, 06 Oct 2011 13:22:29 -0400 Subject: [Dovecot] dsync with quotas References: <8762kozbzo.fsf@algae.riseup.net> Message-ID: <87mxderq5m.fsf@algae.riseup.net> Micah Anderson writes: > I have been working on converting people from courier maildir -> dovecot > mdbox and during some of the dsync runs I'm seeing the > quota_exceeded_message be printed as an Error: > > dsync(): Error: Can't save message to mailbox INBOX: You are over quota. To avoid losing mail, immediately empty your Trash and Sent folders and \ > delete emails with large attachments. > dsync(): Info: INBOX: Couldn't keep all uids^M > > Its possible the user was over quota on the originating courier side, > but I would still like to migrate their mail proprely to mdbox, but it > seems like being over quota is inhibiting that. Are the quota > calculations including both the maildir files as well as the converted > mdbox files, resulting in a double counting? > > I'm not entirely sure if the messages above indicate that the migration > failed for that user or not, so I've been manually increasing their > quota, then redoing the dsync mirror until it works properly. > > I wonder if it would be better if I turned off quota entirely during > migration so I don't run into this problem? Sorry to 'bump' this subject, but I'm still confused about this issue and nobody replied, perhaps nobody has any ideas? :) micah From micah at riseup.net Fri Oct 7 00:23:50 2011 From: micah at riseup.net (Micah Anderson) Date: Thu, 06 Oct 2011 17:23:50 -0400 Subject: [Dovecot] doveadm mailbox subscribe wildcard Message-ID: <87aa9dstjt.fsf@algae.riseup.net> Hi, I noticed that wildcards work like the following, as described in the man page: # doveadm mailbox list -s -u bob dovecot* dovecot dovecot/pigeonhole dovecot/pigeonhole/2.0 however, wildcard subscriptions don't work: # doveadm mailbox subscribe -u bob dovecot* # doveadm mailbox list -s -u bob dovecot* dovecot dovecot* dovecot/pigeonhole dovecot/pigeonhole/2.0 It seems I subscribed the non-existant mailbox called 'dovecot*' -- is there a better way to handle this? thanks! micah -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From user+dovecot at localhost.localdomain.org Fri Oct 7 01:02:35 2011 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Fri, 07 Oct 2011 00:02:35 +0200 Subject: [Dovecot] doveadm mailbox subscribe wildcard In-Reply-To: <87aa9dstjt.fsf@algae.riseup.net> References: <87aa9dstjt.fsf@algae.riseup.net> Message-ID: <4E8E257B.7000303@localhost.localdomain.org> On 10/06/2011 11:23 PM Micah Anderson wrote: > > Hi, > > I noticed that wildcards work like the following, as described in the > man page: > > # doveadm mailbox list -s -u bob dovecot* > dovecot > dovecot/pigeonhole > dovecot/pigeonhole/2.0 > > however, wildcard subscriptions don't work: Why should it work? Where is 'wildcard subscribing' documented? > # doveadm mailbox subscribe -u bob dovecot* > > # doveadm mailbox list -s -u bob dovecot* > dovecot > dovecot* > dovecot/pigeonhole > dovecot/pigeonhole/2.0 > > It seems I subscribed the non-existant mailbox called 'dovecot*' -- is > there a better way to handle this? for box in `doveadm mailbox list dovecot\*` do doveadm mailbox subscribe $box done Regards, Pascal -- The trapper recommends today: defaced.1127923 at localdomain.org From tgoguen at ilap.com Fri Oct 7 04:14:54 2011 From: tgoguen at ilap.com (Tristan Goguen) Date: Thu, 6 Oct 2011 21:14:54 -0400 Subject: [Dovecot] Using dsync to synchronize pop3 mailbox <-> pop3 mailbox Message-ID: Hi All, We're trying to get dsync to synchronize pop3 mailboxes on multiple servers. Is this possible? Any hints are appreciated. Thanks, Tristan Tristan Goguen CEO, ILAP? T: 416-250-5600 ext. 205 F: 416-250-6755 tgoguen at ilap.com www.ilap.com From alec at alec.pl Fri Oct 7 10:02:52 2011 From: alec at alec.pl (A.L.E.C) Date: Fri, 07 Oct 2011 09:02:52 +0200 Subject: [Dovecot] doveadm mailbox subscribe wildcard In-Reply-To: <87aa9dstjt.fsf@algae.riseup.net> References: <87aa9dstjt.fsf@algae.riseup.net> Message-ID: <4E8EA41C.8020908@alec.pl> On 2011-10-06 23:23, Micah Anderson wrote: > # doveadm mailbox list -s -u bob dovecot* # doveadm mailbox > subscribe -u bob dovecot* RFC3501. Wildcards are allowed only in LIST/LSUB commands. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl From mdunlap at mail.breakawaysystems.com Thu Oct 6 22:52:22 2011 From: mdunlap at mail.breakawaysystems.com (mdunlap) Date: Thu, 06 Oct 2011 14:52:22 -0500 Subject: [Dovecot] I'm the ONLY user that can get mail In-Reply-To: References: Message-ID: <854c1fcf23fc6676c7eb8f23574f328d@mail.breakawaysystems.com> So youre sure the mail isn't being delivered to the users maildir? but you just can't access it with IMAP. You can test authentication if using saslauthd by typing 'sudo testsaslauthd -u username -p password -s smtp'. Just some thoughts. On Wed, 5 Oct 2011 19:11:31 -0400, Ed Hochman wrote: > Hi, > > > > I'm stumped. I can access the postfix server to read my mail. > > > > BUT I'm the only user that can. > > > > Everyone else get rejected. > > > > Here's the syslog entry for another user: > > ...dovecot: pop3-login: Disconnected (auth failed, 1 attempts): > user=, method=PLAIN, rip=192.168.0.51, lip=192.168.0.189 > > > > And here's an entry for me: > > ...dovecot: pop3-login: Login: user=, method=PLAIN, > rip=192.168.0.51, lip=192.168.0.189 > > > > So ONLY I am able to get my mail. And this is consistent. > > > > The other users and passwords are valid. I've re-set them just to be > sure. > > > > I suspect it's a rights issue but I've checked the rights for all > /var/mail files and they're all the same except the owner of the file > is > the actual owner. > > > > I also checked all the rights for the files in /etc/dovecot. They > all > look OK and they all have root/root for the owner and user. > > > > Since I installed the system and did all the editing of the > configuration files it's possible, but unlikely, that I'm the owner > or > group of some key file. I've looked for that but found nothing > suspicious. > > > > Is it possible I may have given myself root access? I don't see how. > My UID is 1000. Does the fact I'm the first user (per my UID) make a > difference? I would think not. > > > > So I'm stumped. I don't have a clue as to where to look or what to > do next. > > > > Any thoughts will be greatly appreciated. > > > > This is Dovecot 1.2.15 on Ubuntu 11.04. A new/clean install. > > Plaintext passwords are allowed. > > Here's dovecot -n > # 1.2.15: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 > protocols: pop3 > disable_plaintext_auth: no > login_dir: /var/run/dovecot/login > login_executable: /usr/lib/dovecot/pop3-login > mail_privileged_group: mail > mbox_write_locks: fcntl dotlock > mail_executable: /usr/lib/dovecot/pop3 > mail_plugin_dir: /usr/lib/dovecot/modules/pop3 > auth default: > passdb: > driver: passwd > passdb: > driver: passwd-file > args: /etc/passwd.dovecot > userdb: > driver: passwd > > > > > > Thanks From micah at riseup.net Fri Oct 7 18:09:21 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 07 Oct 2011 11:09:21 -0400 Subject: [Dovecot] Safely restoring backups Message-ID: <87sjn4rg7y.fsf@algae.riseup.net> I'm trying to determine what the best way to restore mail with mdbox is. Restoring using maildir was trivial, I just used rsync --ignore-existing which wrote any mails that were removed and didn't touch things that already existed[1]. With mdbox things have become more complicated, and I haven't found a way to restore mail that doesn't result in many message duplicates. My backup setup is simple, I'm doing daily rsync backups of user's mailstores, as well as weekly backups, so I end up having on my backup server daily.1, daily.2, daily.3, daily.4, weekly.1, weekly.2... each containing the entire contents of the user's mdbox. The different restore methods I've tried are: 1. I tried rsyncing the different backup directories back to the mail storage host, and then doing: 'dsync -R backup -u $user mdbox:/path/to/to/daily.1/mdbox'[2] 'dsync -R backup -u $user mdbox:/path/to/to/daily.2/mdbox' This works ok, but it gives duplicates of every mail that already exists for every daily/weekly I dsync. This is what the rsync --ignore-existing avoided. This is particularly annoying if I restore the weekly, and multiple daily directories, because then you get a copy for every one you restore. I had thought that the individual message's GIDs would keep them from being duplicated? 2. I also tried to use 'doveadm import' in two different ways. The first way I created a 'restored_from_backups' folder and then import each of the daily.#, weekly.# mdboxes into their own subfolder within that folder, for example: 'doveadm import -u $username mdbox:/path/to/daily.1/mdbox restored_from_backups/daily1 all' 'doveadm import -u $username mdbox:/path/to/daily.2/mdbox restored_from_backups/daily2 all' ... etc. I then go through and subscribe the new folders[3] and the user ends up with a folder structure like this: restored_from_backups/ daily.1/ INBOX Trash folder1 folder2 daily.2 INBOX Trash folder1 folder2 etc. This works fine, except that it results in the user having a entire duplicate copies of their mailbox for each daily/weekly that I restore. That will quickly bring people over quota. 3. I also tried to use 'doveadm import' to import all the different directories all into the same restored_from_backups directory, so there are no subdirectories for each daily/weekly under restored_from_backups, like so: 'doveadm mailbox create -u $user -s restored_from_backups' 'doveadm -v -D import -u $user mdbox:/path/to/daily.1/mdbox restored_from_backups all' I then go through and subscribe the folders[3]. Using this method, the 'restored_from_backups' mailbox is created, and populated with the folders. The only problem with this method is the same as method #1: for every backup I restore, mails are duplicated. Is there a way I can restore things from backup and avoid duplicates? Is there another method I should try? thanks for any ideas, pointers, suggestions for improvement, etc. micah 1. this would of course bring back mails that were deleted, but that was fine as the user could deal with that. 2. yes, I know I could setup dsync on the backup server, and use dsync directly to pull the mails from there, but this is complicated in my situation due to how the backupserver works. 3. why doesn't doveadm import have a -s option to subscribe? -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From micah at riseup.net Fri Oct 7 18:30:05 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 07 Oct 2011 11:30:05 -0400 Subject: [Dovecot] doveadm mailbox subscribe wildcard References: <87aa9dstjt.fsf@algae.riseup.net> <4E8EA41C.8020908@alec.pl> Message-ID: <87obxsrf9e.fsf@algae.riseup.net> "A.L.E.C" writes: > On 2011-10-06 23:23, Micah Anderson wrote: >> # doveadm mailbox list -s -u bob dovecot* # doveadm mailbox >> subscribe -u bob dovecot* > > RFC3501. Wildcards are allowed only in LIST/LSUB commands. Aha, thanks! I'll use the for loop method to achieve what I want. micah -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From micah at riseup.net Fri Oct 7 18:34:03 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 07 Oct 2011 11:34:03 -0400 Subject: [Dovecot] doveadm mailbox list shows file system directories as mailboxes References: <20110922115223.73054v8up83ej0wg@webmail.hrz.uni-giessen.de> Message-ID: <87hb3krf2s.fsf@algae.riseup.net> J?rgen Obermann writes: > Hello. > In our dovecvot we use mbox format with the default filesystem layout. > Therefore it is not possible to have mailboxes which are subfolders of other > mailboxes containing messages. > The command "doveadm mailbox list" includes the file system directories, that > contain only subfolders, as normal mailboxes in the output: > > archiv > archiv/daemon > archiv/dovecot Did you perhaps do a 'doveadm mailbox subscribe' with a wildcard and the shell expanded it? micah From micah at riseup.net Fri Oct 7 19:43:15 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 07 Oct 2011 12:43:15 -0400 Subject: [Dovecot] lazy expunge namespaces Message-ID: <87d3e8rbvg.fsf@algae.riseup.net> I turned on lazy_expunge and configured a namespace following the wiki[0] instructions for mdbox configuration: namespace { inbox = yes location = prefix = separator = . } namespace { hidden = yes inbox = no list = no location = prefix = INBOX. separator = . } namespace { location = mdbox:~/mdbox:MAILBOXDIR=expunged prefix = EXPUNGED. separator = . } This created an EXPUNGED mailbox in my client (thunderbird), which was greyed out. When I deleted things, they got put in the EXPUNGED mailbox, as expected, but I could not access them to try and "restore" them. The server would say that the mailbox did not exist. micah 0. http://wiki2.dovecot.org/Plugins/Lazyexpunge -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From mephistopheles at operamail.com Fri Oct 7 21:43:26 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Fri, 07 Oct 2011 11:43:26 -0700 Subject: [Dovecot] Syntax to specify sdbox: mail_location path? Message-ID: <1318013006.28193.140258152251553@webmail.messagingengine.com> I'm implementing sdbox. In conf.d/10-mail.conf, with "maildir:" mail_location = maildir:/my_mailbox_path/%d/%n mail gets stored in /my_mailbox_path/%d/%n/new/ With "sdbox:" mail_location = sdbox:/my_mailbox_path/%d/%n mail gets stored in /my_mailbox_path/%d/%n/mailboxes/INBOX/dbox-Mails. How do I get rid of the '/mailboxes/' and '/dbox-Mails/' path components so sdbox stores in: /my_mailbox_path/%d/%n/INBOX @ wiki2.dovecot.org/MailboxFormat/dbox#Alternate_storage points out that 'ALT=' can change the *lookup* location, and messages can be *moved* to ALT storage using 'doveadm altmove'. Unclear what TAGS are available/used for 'sdbox'. From dmiller at amfes.com Sat Oct 8 09:08:34 2011 From: dmiller at amfes.com (Daniel L. Miller) Date: Fri, 07 Oct 2011 23:08:34 -0700 Subject: [Dovecot] Group ACL In-Reply-To: <4E8DCB6D.5060404@amfes.com> References: <4E8DCB6D.5060404@amfes.com> Message-ID: On 10/6/2011 8:38 AM, Daniel L. Miller wrote: > Using Dovecot 2.0, LDAP userdb & passdb, with prefetch: > > [..] > > I have added permissions for "$allshared" to a mailbox's Inbox. It > does not appear in the shared folders list. Other mailboxes, with > explicit permission for a given username, work fine. What am I doing > wrong? > Am I, as usual, doing something wrong? -- Daniel From koshikov at gmail.com Sat Oct 8 16:09:38 2011 From: koshikov at gmail.com (Nikita Koshikov) Date: Sat, 8 Oct 2011 16:09:38 +0300 Subject: [Dovecot] Timeout leak in get quota In-Reply-To: <4E846D31.6010900@gmail.com> References: <4E846D31.6010900@gmail.com> Message-ID: <20111008160938.3dcd2aaa@jimbo> On Thu, 29 Sep 2011 15:05:53 +0200 Danilo wrote: > Hello! > I wrote perl script for read current quota usage, it works but when I run the > program I receive a warning in Dovecot log: > > 2011-09-29 14:45:30 doveadm(guest at testmail.com): Warning: Timeout leak: > 0x7f14800ad970 > > This is the script: > =============================== > #!/usr/bin/perl > > use strict; > use Socket; > use IO::Handle; > > socket(TSOCK, PF_UNIX, SOCK_STREAM,0); > connect(TSOCK, sockaddr_un("/var/run/dovecot/doveadm-server")) or print("ERROR!"); > > print "VERSION\tdoveadm-server\t1\t0\n"; > print "\tguest\@testmail.com\tquota get\n"; > print "=" x 20 . "\n"; > > if (defined(my $messg = )) { > > print $messg; > > print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; > TSOCK->flush; > > print TSOCK "\tguest\@testmail.com\tquota get\n"; > TSOCK->flush; > > $messg = ; > print $messg; > > $messg = ; > print $messg; > > close TSOCK; > } > ============================= > I hope someone could help me to fix the warning. > Thanks in advance, > Dany I'm using doveadm socket too for getting quota values. No warning. The main difference from yours script that I'm also using auth: print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; print TSOCK "PLAIN\tbase64_encoded_pass_here\n"; print TSOCK "\t$local_part\@$domain\tquota get\n"; TSOCK->flush; Dovecot version 2.0.15 From m.fresel at hi-competence.eu Sun Oct 9 17:21:41 2011 From: m.fresel at hi-competence.eu (Fresel Michal - hi competence e.U.) Date: Sun, 9 Oct 2011 16:21:41 +0200 Subject: [Dovecot] using ecc-certificates (ellyptic curve) will not establish connection Message-ID: <392E878E-4AF2-4E8F-8CF5-CAC5F1A5B4BF@hi-competence.eu> hi I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :( I tried to test using following scenario: machine: debian 6 (x64) dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing) creating keys+cert for ecc (i.e. curves prime192v1, secp521r1) # openssl ecparam -name prime192v1 -genkey -out prime192v1.key # openssl req -new -key prime192v1.key -out prime192v1.csr # openssl req -x509 -in prime192v1.csr -key prime192v1.key -out prime192v1.crt testing these in 2 windows # openssl s_server -cert prime192v1.crt -key prime192v1.key -www # openssl s_client note: when using the default openssl version 0.9.8o-4squeeze3 you need to append -cipher ECCdraft output (cut) ... New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES256-SHA Server public key is 192 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : SSLv3 Cipher : ECDHE-ECDSA-AES256-SHA Session-ID: xxxxx Session-ID-ctx: Master-Key: xxxxx Key-Arg : None PSK identity: None PSK identity hint: None Compression: 1 (zlib compression) Start Time: xxxxx Timeout : 7200 (sec) Verify return code: 18 (self signed certificate) looks promising - also for the secp521r1 curve but when changing dovecot.conf to use these keys and certificates it won't use them and return errors # openssl s_client -port 993 CONNECTED(00000003) 140543456835240:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1195:SSL alert number 40 140543456835240:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:591: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None Start Time: xxxxx Timeout : 7200 (sec) Verify return code: 0 (ok) --- and the log gives (using verbose_ssl = yes in dovecot.conf) ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] from doveconf -a: ssl = required ssl_ca = ssl_cert = Reading the wiki page for dovecot2 and LDA/Postfix, the system users section (all mail delivery goes to system users)... It shows you can simply use postfix mailbox_command. There is this additional comment: "This command doesn't do a userdb lookup. If you want that (e.g. for per-user quota lookups) you need to add -d "$USER" parameter." So, i added that. Once adding it, I find I get an error: dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied Using mailbox_command in Postfix means that dovecot-lda is running as the system user getting the mail. Which means it can't access the socket file. Of course, one can simply use mode 666 on it, but, then people can use it to find out information according to the doc, which I do not want. So, I am not sure why the doc says to add -d for per user quotas, without also mentioning the problem with doing that. I don't see how it can work? Assuming I need per user quotas, and I don't want to use LMTP, is there a good way around this without the security issue? ? Steve From compconsultant at yahoo.com Sun Oct 9 22:28:06 2011 From: compconsultant at yahoo.com (Steve Fatula) Date: Sun, 9 Oct 2011 12:28:06 -0700 (PDT) Subject: [Dovecot] Filesystem quotas Message-ID: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> I am wondering if I really need to use dovecot quota functions or not. Assume for the moment, that, each system user has a quota defined using Linux quotas, and that the Maildir is within their quota limited directory. So, any mail (or files created by the user etc) that would exceed the quota obviously can't be created.? In such an environment, is there any advantage to implementing the same quota already defined in the filesystem via dovecot? Or, can I just make things simpler and ignore dovecot quotas? Assuming I keep the index and control files out of the quota limited directories. I presume if exceeding filesystem quota, the mail will not be delivered of course. If using lmtp, I presume it stays in the queue to retry later for some period of time. ? Steve From ecasarero at gmail.com Sun Oct 9 22:37:33 2011 From: ecasarero at gmail.com (Eduardo Casarero) Date: Sun, 9 Oct 2011 16:37:33 -0300 Subject: [Dovecot] Filesystem quotas In-Reply-To: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> References: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> Message-ID: 2011/10/9 Steve Fatula > I am wondering if I really need to use dovecot quota functions or not. > Assume for the moment, that, each system user has a quota defined using > Linux quotas, and that the Maildir is within their quota limited directory. > So, any mail (or files created by the user etc) that would exceed the quota > obviously can't be created. > > In such an environment, is there any advantage to implementing the same > quota already defined in the filesystem via dovecot? Or, can I just make > things simpler and ignore dovecot quotas? Assuming I keep the index and > control files out of the quota limited directories. > > I presume if exceeding filesystem quota, the mail will not be delivered of > course. If using lmtp, I presume it stays in the queue to retry later for > some period of time. > > Steve > But if you dont use quotas how do you know if the user is out of space? Or does the user gets a notification that it's running out of space, before you start rejecting emails? Eduardo. From compconsultant at yahoo.com Mon Oct 10 01:44:34 2011 From: compconsultant at yahoo.com (Steve Fatula) Date: Sun, 9 Oct 2011 15:44:34 -0700 (PDT) Subject: [Dovecot] Filesystem quotas In-Reply-To: References: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> Message-ID: <1318200274.80363.YahooMailNeo@web39421.mail.mud.yahoo.com> >From:Eduardo Casarero >To:Steve Fatula >Cc:Dovecot List >Sent:Sunday, October 9, 2011 2:37 PM >Subject:Re: [Dovecot] Filesystem quotas > > >But if you dont use quotas how do you know if the user is out of space? Or does the user gets a notification that it's running out of space, before you start rejecting emails? How do I know, or, how does the user know? I couldn't care less, so, not an issue for me. The user gets notification when their used space is above a certain percent. These are system users, so, email is just one part of their quota space. They might have 1 email, and build a massive file, they'd still be out of space.? So, what do I get by using the Dovecot Quota/FS plugin? Is it just a matter of it counting used space? Something else? Better handling of out of space? From a.chapellon at horoa.net Mon Oct 10 02:18:13 2011 From: a.chapellon at horoa.net (Alexandre Chapellon) Date: Mon, 10 Oct 2011 01:18:13 +0200 Subject: [Dovecot] Filesystem quotas In-Reply-To: <1318200274.80363.YahooMailNeo@web39421.mail.mud.yahoo.com> References: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> <1318200274.80363.YahooMailNeo@web39421.mail.mud.yahoo.com> Message-ID: <4E922BB5.6070500@horoa.net> I think by using dovecot quota you can exclude some directories from the quota (e.g: spam or Trahs or whatever you like). More specificly it is better using dovecot quota as it will allow LDA to report quota exceeded in NDR . If using filesystem quota, I guess you'll send ugly messages reporting IO error or enability too write file, which is really not serious. regards. Le 10/10/2011 00:44, Steve Fatula a ?crit : >> From:Eduardo Casarero >> To:Steve Fatula >> Cc:Dovecot List >> Sent:Sunday, October 9, 2011 2:37 PM >> Subject:Re: [Dovecot] Filesystem quotas >> >> >> But if you dont use quotas how do you know if the user is out of space? Or does the user gets a notification that it's running out of space, before you start rejecting emails? > How do I know, or, how does the user know? I couldn't care less, so, not an issue for me. The user gets notification when their used space is above a certain percent. These are system users, so, email is just one part of their quota space. They might have 1 email, and build a massive file, they'd still be out of space. > > So, what do I get by using the Dovecot Quota/FS plugin? Is it just a matter of it counting used space? Something else? Better handling of out of space? -- Alexandre Chapellon Ing?nierie des syst?mes open sources et r?seaux. Follow me on twitter: @alxgomz From tss at iki.fi Mon Oct 10 02:34:04 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 10 Oct 2011 02:34:04 +0300 Subject: [Dovecot] Filesystem quotas In-Reply-To: <4E922BB5.6070500@horoa.net> References: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> <1318200274.80363.YahooMailNeo@web39421.mail.mud.yahoo.com> <4E922BB5.6070500@horoa.net> Message-ID: On 10.10.2011, at 2.18, Alexandre Chapellon wrote: > I think by using dovecot quota you can exclude some directories from the quota (e.g: spam or Trahs or whatever you like). No, it's filesystem quota so Dovecot can't override it. > More specificly it is better using dovecot quota as it will allow LDA to report quota exceeded in NDR . If using filesystem quota, I guess you'll send ugly messages reporting IO error or enability too write file, which is really not serious. The error message is only slightly different: "Not enough disk space" (instead of "Quota exceeded") >> So, what do I get by using the Dovecot Quota/FS plugin? Is it just a matter of it counting used space? Something else? Better handling of out of space? With imap_quota plugin it allows IMAP client to see how much quota is used/left. You could also enable quota warnings. And configure the quota exceeded error message. From dmiller at amfes.com Mon Oct 10 07:51:42 2011 From: dmiller at amfes.com (Daniel L. Miller) Date: Sun, 09 Oct 2011 21:51:42 -0700 Subject: [Dovecot] Group ACL In-Reply-To: <4E8FE8E2.4060400@amfes.com> References: <4E8DCB6D.5060404@amfes.com> <4E8FE8E2.4060400@amfes.com> Message-ID: On 10/7/2011 11:08 PM, Daniel L. Miller wrote: > On 10/6/2011 8:38 AM, Daniel L. Miller wrote: >> Using Dovecot 2.0, LDAP userdb & passdb, with prefetch: >> >> [..] >> >> I have added permissions for "$allshared" to a mailbox's Inbox. It >> does not appear in the shared folders list. Other mailboxes, with >> explicit permission for a given username, work fine. What am I doing >> wrong? >> > Am I, as usual, doing something wrong? > Is there anything else I should supply to help diagnose the issue? -- Daniel From jtam.home at gmail.com Mon Oct 10 11:40:21 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 10 Oct 2011 01:40:21 -0700 (PDT) Subject: [Dovecot] Filesystem quotas In-Reply-To: References: Message-ID: Timo Sirainen writes in response to Steve Fatula's query: > With imap_quota plugin it allows IMAP client to see how much quota is > used/left. You could also enable quota warnings. And configure the > quota exceeded error message. It could also prevent the catch-22 situation I wrote about earlier whereby a filesystem out-of-space condition will result in a user not being able get themselves out of that situation, since a mailbox operation (like a delete and expunge) will not be able to create a lockfile. Having quotas handled by the IMAP/LDA will allow extra room to handle this impasse. Disabling dotlock or using dotlock_try locking method are some other workarounds. Joseph Tam From danilo.abbasciano at gmail.com Mon Oct 10 11:59:23 2011 From: danilo.abbasciano at gmail.com (Danilo) Date: Mon, 10 Oct 2011 10:59:23 +0200 Subject: [Dovecot] Timeout leak in get quota In-Reply-To: <20111008160938.3dcd2aaa@jimbo> References: <4E846D31.6010900@gmail.com> <20111008160938.3dcd2aaa@jimbo> Message-ID: <4E92B3EB.9050408@gmail.com> On 08/10/2011 15:09, Nikita Koshikov wrote: > On Thu, 29 Sep 2011 15:05:53 +0200 > Danilo wrote: > >> Hello! >> I wrote perl script for read current quota usage, it works but when I run the >> program I receive a warning in Dovecot log: >> >> 2011-09-29 14:45:30 doveadm(guest at testmail.com): Warning: Timeout leak: >> 0x7f14800ad970 >> >> This is the script: >> =============================== >> #!/usr/bin/perl >> >> use strict; >> use Socket; >> use IO::Handle; >> >> socket(TSOCK, PF_UNIX, SOCK_STREAM,0); >> connect(TSOCK, sockaddr_un("/var/run/dovecot/doveadm-server")) or print("ERROR!"); >> >> print "VERSION\tdoveadm-server\t1\t0\n"; >> print "\tguest\@testmail.com\tquota get\n"; >> print "=" x 20 . "\n"; >> >> if (defined(my $messg = )) { >> >> print $messg; >> >> print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; >> TSOCK->flush; >> >> print TSOCK "\tguest\@testmail.com\tquota get\n"; >> TSOCK->flush; >> >> $messg = ; >> print $messg; >> >> $messg = ; >> print $messg; >> >> close TSOCK; >> } >> ============================= >> I hope someone could help me to fix the warning. >> Thanks in advance, >> Dany > > I'm using doveadm socket too for getting quota values. No warning. The main difference from yours script that I'm also using auth: > > print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; > print TSOCK "PLAIN\tbase64_encoded_pass_here\n"; > print TSOCK "\t$local_part\@$domain\tquota get\n"; > TSOCK->flush; > > Dovecot version 2.0.15 Thanks, I had update dovecot to 2.0.15 version, now works without warning. Dany From beber at meleeweb.net Mon Oct 10 15:10:13 2011 From: beber at meleeweb.net (Bertrand Jacquin) Date: Mon, 10 Oct 2011 14:10:13 +0200 Subject: [Dovecot] Convert-tool maildir > mbox Message-ID: Timo, Is seems that this commit broke convertion from Maildir to Mbox using dovecot 1.2 convert-tool binary : 2009-07-09 Timo Sirainen * src/plugins/convert/convert-storage.c: convert plugin: Fixed changing hierarchy separators in mailbox names when alt_hierarchy_char isn't set. [a9f719f9a509] Since, I get the following : $ convert-tool user1 /var/mail/example.com/user1 Maildir:/var/mail/example.com/user1 mbox:/var/mail/example.com/user1-mbox alt_hierarchy_char=_ Error: Mailbox conversion: Couldn't create mailbox Sent/test: Mailbox doesn't allow inferior mailboxes Error: Internal failure Strace give show me a failure after : access("/var/mail/example.com/user1/.Sent.test/cur", W_OK) = 0 stat("/var/mail/example.com/user1-mbox/Sent/test", 0x7fff843e73b0) = -1 ENOTDIR (Not a directory) write(2, "Error: Mailbox conversion: Couldn"..., 103Error: Mailbox conversion: Couldn't create mailbox Sent/test: Mailbox doesn't allow inferior mailboxes ) = 103 lstat("/var/mail/example.com/user1/.dovecot.convert.lock", {st_mode=S_IFREG|0644, st_size=12, ...}) = 0 unlink("/var/mail/example.com/user1/.dovecot.convert.lock") = 0 Is that somethinh known ? Didn't find anything interesting in archives. Maybe that kind of conversion have evolved since 2.0 ? Thanks, Beber From compconsultant at yahoo.com Mon Oct 10 19:49:16 2011 From: compconsultant at yahoo.com (Steve Fatula) Date: Mon, 10 Oct 2011 09:49:16 -0700 (PDT) Subject: [Dovecot] Filesystem quotas In-Reply-To: References: Message-ID: <1318265356.66400.YahooMailNeo@web39407.mail.mud.yahoo.com> From: Joseph Tam >To: dovecot at dovecot.org >Sent: Monday, October 10, 2011 3:40 AM >Subject: Re: [Dovecot] Filesystem quotas > >Timo Sirainen writes in response to Steve Fatula's query: > >> With imap_quota plugin it allows IMAP client to see how much quota is >> used/left.? You could also enable quota warnings.? And configure the >> quota exceeded error message. > >It could also prevent the catch-22 situation I wrote about earlier whereby >a filesystem out-of-space condition will result in a user not being >able get themselves out of that situation, since a mailbox operation >(like a delete and expunge) will not be able to create a lockfile. > >Having quotas handled by the IMAP/LDA will allow extra room to handle >this impasse.? Disabling dotlock or using dotlock_try locking method >are some other workarounds. > > >Don't forget these are SYSTEM users, they can get in and delete things should they need to, and can easily consume all available space completely outside of email. We already send email outside of dovecot when they approach their limit, with our custom message. It sounds like there really isn't any benefit to using the dovecot fs quota plugin in our situation. Thanks for the ideas.? From ebroch at whitehorsetc.com Mon Oct 10 22:04:44 2011 From: ebroch at whitehorsetc.com (Eric Broch) Date: Mon, 10 Oct 2011 13:04:44 -0600 Subject: [Dovecot] inbox issue Message-ID: <4E9341CC.60105@whitehorsetc.com> I have dovecot 2.0.11 installed on a CentOS 5.7 email server. Two of the server email clients, one using Outlook and the other Thunderbird, have had all the contents of their inbox disappear only to reappear at a later time. One client's inbox email reappeared upon receiving a test email (to check if it would show up in the inbox) from another user. Has anyone heard of such a thing? Here's a dump of my dovecot configuration. # 2.0.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-238.19.1.el5 i686 CentOS release 5.7 (Final) auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 32 M auth_cache_ttl = 1 hours auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_first_valid_uid = 500 auth_gssapi_hostname = auth_krb5_keytab = auth_last_valid_uid = 0 auth_master_user_separator = auth_mechanisms = plain login digest-md5 cram-md5 auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Lu auth_username_translation = auth_verbose = no auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot config_cache_size = 1 M debug_log_path = default_client_limit = 1000 default_idle_kill = 60 default_internal_user = dovecot default_login_user = dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins disable_plaintext_auth = no dotlock_use_excl = yes doveadm_socket_path = doveadm-server doveadm_worker_count = 0 first_valid_gid = 1 first_valid_uid = 89 hostname = imap_capability = imap_client_workarounds = imap_id_log = imap_id_send = imap_idle_notify_interval = 2 mins imap_logout_format = bytes=%i/%o imap_max_line_length = 64 k import_environment = TZ info_log_path = last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/libexec/dovecot listen = *, :: lmtp_proxy = no lmtp_save_to_detail_mailbox = no lock_method = fcntl log_path = /var/log/dovecot.log log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Dovecot toaster ready. login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c login_trusted_networks = mail_access_groups = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = no mail_fsync = optimized mail_full_filesystem_access = no mail_gid = mail_home = mail_location = mail_log_prefix = "%s(%u): " mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /usr/lib/dovecot mail_plugins = mail_privileged_group = mail_save_crlf = no mail_temp_dir = /tmp mail_uid = mailbox_idle_check_interval = 30 secs mailbox_list_index_disable = no maildir_copy_with_hardlinks = yes maildir_stat_dirs = no maildir_very_dirty_syncs = no master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = dotlock fcntl mdbox_preallocate_space = no mdbox_rotate_interval = 0 mdbox_rotate_size = 2 M mmap_disable = no namespace { hidden = no inbox = yes list = yes location = prefix = INBOX. separator = . subscriptions = yes type = private } namespace { hidden = no inbox = no list = yes location = maildir:/home/vpopmail/domains/acemt.com/shared/projects prefix = projects. separator = . subscriptions = yes type = public } passdb { args = cache_key=%u webmail=127.0.0.1 deny = no driver = vpopmail master = no pass = no } plugin/quota = maildir pop3_client_workarounds = pop3_enable_last = no pop3_fast_size_lookups = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_no_flag_updates = no pop3_reuse_xuidl = no pop3_save_uidl = no pop3_uidl_format = %08Xu%08Xv postmaster_address = protocols = imap quota_full_tempfail = no recipient_delimiter = + rejection_reason = Your message to <%t> was automatically rejected:%n%r rejection_subject = Rejected: %s sendmail_path = /usr/sbin/sendmail service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service auth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = auth -w extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 4096 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener auth-client { group = mode = 0600 user = } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0600 user = } unix_listener login/login { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service config { chroot = client_limit = 0 drop_priv_before_exec = no executable = config extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = config unix_listener config { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service dict { chroot = client_limit = 1 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service director { chroot = client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dns_client { chroot = client_limit = 1 drop_priv_before_exec = no executable = dns-client extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dns-client { group = mode = 0666 user = } unix_listener login/dns-client { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service doveadm { chroot = client_limit = 1 drop_priv_before_exec = no executable = doveadm-server extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener doveadm-server { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service imap-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = imap-login extra_groups = group = idle_kill = 0 inet_listener imap { address = port = 143 ssl = no } inet_listener imaps { address = port = 993 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 1 type = login user = $default_login_user vsz_limit = 64 M } service imap { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener login/imap { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service lmtp { chroot = client_limit = 0 drop_priv_before_exec = no executable = lmtp extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = unix_listener lmtp { group = mode = 0666 user = } user = vsz_limit = 0 } service log { chroot = client_limit = 0 drop_priv_before_exec = no executable = log extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = log user = vsz_limit = 18446744073709551615 B } service pop3-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = port = 110 ssl = no } inet_listener pop3s { address = port = 995 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = pop3 service_count = 1 type = login user = $default_login_user vsz_limit = 64 M } service pop3 { chroot = client_limit = 1 drop_priv_before_exec = no executable = pop3 extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = pop3 service_count = 1 type = unix_listener login/pop3 { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service ssl-params { chroot = client_limit = 0 drop_priv_before_exec = no executable = ssl-params extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = startup unix_listener login/ssl-params { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = yes ssl_ca = ssl_cert = References: <4E9341CC.60105@whitehorsetc.com> Message-ID: <20111010141431.Horde.Wu90OqPBW7JOk0QXKmBF-BA@beta.vfemail.net> Quoting Eric Broch : > I have dovecot 2.0.11 installed on a CentOS 5.7 email server. Two of the > server email clients, one using Outlook and the other Thunderbird, have > had all the contents of their inbox disappear only to reappear at a > later time. One client's inbox email reappeared upon receiving a test > email (to check if it would show up in the inbox) from another user. Has > anyone heard of such a thing? After a recent upgrade - I've had an issue with an older version of Horde not displaying the INBOX. I've gotten it to restore by removing custom Sorting options. I upgraded Dovecot, the backend server, and PHP all relatively recently, but having only seen it with my older Horde install I figured it was a PHP issue. Just for giggles you could ask those users to use a different Sort method.. Rick From tompru at jla.rutgers.edu Mon Oct 10 22:27:30 2011 From: tompru at jla.rutgers.edu (Tom Pawlowski) Date: Mon, 10 Oct 2011 15:27:30 -0400 Subject: [Dovecot] inbox issue In-Reply-To: <4E9341CC.60105@whitehorsetc.com> References: <4E9341CC.60105@whitehorsetc.com> Message-ID: <20111010192729.GF6257@hawkeye.rutgers.edu> What you're describing has been a symptom of a corrupted index/uidlist our experience. Now *what's* corrupting it, depends on your setup. Just to clarify, you're using a single dovecot IMAP/POP3 mail server and not multiple servers, correct? And equally important, are you using a NFS backend for the Maildirs? If so, read these: http://wiki.dovecot.org/NFS http://dovecot.org/list/dovecot/2010-May/049031.html And look into this: http://wiki2.dovecot.org/Director If not, check the log files, are you getting corrupted index errors for the users in question? Check their quotas, are they all under? If they're at quota, then dovecot can't update the index or uidlist for that user. One solution: http://www.mailinglistarchive.com/html/dovecot at dovecot.org/2010-08/msg01028.html That's what first comes to mind for me. * Eric Broch [2011-10-10 13:04:44 -0600]: > I have dovecot 2.0.11 installed on a CentOS 5.7 email server. Two of the > server email clients, one using Outlook and the other Thunderbird, have > had all the contents of their inbox disappear only to reappear at a > later time. One client's inbox email reappeared upon receiving a test > email (to check if it would show up in the inbox) from another user. Has > anyone heard of such a thing? > > Here's a dump of my dovecot configuration. > -- Tom Pawlowski OIT-CSS System Administrator office: Hill 147 email: tompru at jla.rutgers.edu phone: (732) 445-2634 From compconsultant at yahoo.com Mon Oct 10 23:53:23 2011 From: compconsultant at yahoo.com (Steve Fatula) Date: Mon, 10 Oct 2011 13:53:23 -0700 (PDT) Subject: [Dovecot] 2.1 Plans Message-ID: <1318280003.91961.YahooMailNeo@web39424.mail.mud.yahoo.com> Back in early 2010, Timo posted about a potential 2.1 feature to in essence reduce the number of imap/pop3 processes using various techniques since the code already supports multiple connections. It even went as far as moving all idle connections.? I don't see this on the 2.1 roadmap. Is it still planned perhaps for 2.1? Thousands of imap processes going away is a great thing for me! So, just curious. Reference:?http://dovecot.org/list/dovecot/2010-January/046148.html ? Steve From jake0534 at airpost.net Tue Oct 11 01:17:17 2011 From: jake0534 at airpost.net (jake0534 at airpost.net) Date: Mon, 10 Oct 2011 15:17:17 -0700 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? Message-ID: <1318285037.2740.140258153259705@webmail.messagingengine.com> Hey all I've been running a Dovecot 1X server for awhile. Most of the config was pretty simple using flat files. I'm switching to Dovecot 2X now, and want to switch to using SQL for lookups so I can share info with the Postfix front end. For starters I setup two SIMPLE SQL tables -- a 'users' table and a 'aliases' table, where each user can have many aliases. I want to have Postfix check Dovecot's SASL/LMTP passdb to see if a @ exists. If yes, deliver through LMTP. If NO, reject it. Here are the table definitions so far, CREATE TABLE user ( userid TINYINT, user VARCHAR(64), domain VARCHAR(128), password VARCHAR(64), PRIMARY KEY (userid), UNIQUE (user,domain) ); CREATE TABLE alias ( aliasid TINYINT, alias VARCHAR(64), user VARCHAR(64), domain VARCHAR(128), PRIMARY KEY (aliasid), UNIQUE (domain,user,alias), CONSTRAINT fk_alias1 FOREIGN KEY (user) REFERENCES user (user) ON DELETE NO ACTION ON UPDATE NO ACTION, CONSTRAINT fk_alias2 FOREIGN KEY (domain) REFERENCES user (domain) ON DELETE NO ACTION ON UPDATE NO ACTION ); With flat file and just one table, 'users', I get how to setup LMTP. I can get Postfix delivering/rejecting over LMTP depending on if the user exists in the Dovecot passdb or not. I don't get how to do the SQL query in Dovecot if I have the TWO tables. An inbound @ needs to be auth'd as valid if it exists in EITHER 'user' OR 'alias' table. Do I need to use a single lookup for passdb with some sort of "IF EXISTS IN TABLE 'user' OR TABLE 'alias'" query? Or do I need to have TWO lookups, the main one for 'user' and a fallback one for 'alias' (like talked about here http://wiki2.dovecot.org/Authentication/MultipleDatabases)? Cheers! Jake From patrickdk at patrickdk.com Tue Oct 11 02:46:41 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Mon, 10 Oct 2011 19:46:41 -0400 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <1318285037.2740.140258153259705@webmail.messagingengine.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com> Message-ID: <20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com> I always keep it seperate, the user table is used by dovecot only, and the alias table is used by postfix. And then for users, you just alias them to themselfs. Then everything exists in the alias table, and postfix knows all valid users, cause they all exist in the alias table. I just think of it as, user accounts, and email addresses that map to the user accounts. Quoting jake0534 at airpost.net: > Hey all > > I've been running a Dovecot 1X server for awhile. Most of the config > was pretty simple using flat files. > > I'm switching to Dovecot 2X now, and want to switch to using SQL for > lookups so I can share info with the Postfix front end. > > For starters I setup two SIMPLE SQL tables -- a 'users' table and a > 'aliases' table, where each user can have many aliases. > > I want to have Postfix check Dovecot's SASL/LMTP passdb to see if a > @ exists. If yes, deliver through LMTP. If NO, reject > it. > > Here are the table definitions so far, > > CREATE TABLE user ( > userid TINYINT, > user VARCHAR(64), > domain VARCHAR(128), > password VARCHAR(64), > PRIMARY KEY (userid), > UNIQUE (user,domain) > ); > > CREATE TABLE alias ( > aliasid TINYINT, > alias VARCHAR(64), > user VARCHAR(64), > domain VARCHAR(128), > PRIMARY KEY (aliasid), > UNIQUE (domain,user,alias), > CONSTRAINT fk_alias1 FOREIGN KEY (user) REFERENCES user (user) ON > DELETE NO ACTION ON UPDATE NO ACTION, > CONSTRAINT fk_alias2 FOREIGN KEY (domain) REFERENCES user (domain) ON > DELETE NO ACTION ON UPDATE NO ACTION > ); > > With flat file and just one table, 'users', I get how to setup LMTP. I > can get Postfix delivering/rejecting over LMTP depending on if the user > exists in the Dovecot passdb or not. > > I don't get how to do the SQL query in Dovecot if I have the TWO tables. > An inbound @ needs to be auth'd as valid if it exists in > EITHER 'user' OR 'alias' table. > > Do I need to use a single lookup for passdb with some sort of "IF EXISTS > IN TABLE 'user' OR TABLE 'alias'" query? > > Or do I need to have TWO lookups, the main one for 'user' and a fallback > one for 'alias' (like talked about here > http://wiki2.dovecot.org/Authentication/MultipleDatabases)? > > Cheers! > > Jake From jake0534 at airpost.net Tue Oct 11 04:52:50 2011 From: jake0534 at airpost.net (jake0534 at airpost.net) Date: Mon, 10 Oct 2011 18:52:50 -0700 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com> <20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com> Message-ID: <1318297970.25687.140258153322933@webmail.messagingengine.com> Hey, On Monday, October 10, 2011 7:46 PM, "Patrick Domack" wrote: > I always keep it seperate, the user table is used by dovecot only, and > the alias table is used by postfix. > > And then for users, you just alias them to themselfs. Then everything > exists in the alias table, and postfix knows all valid users, cause > they all exist in the alias table. > > I just think of it as, user accounts, and email addresses that map to > the user accounts. So you're not using LMTP authentication to verify that Postfix is trying to deliver to a valid user? I though that's what it was for. In your setup, 'who' does Postfix try to deliver to, then? The 'real' user, after figuring out and remapping any aliases to it? Or to the alias, and then Dovecot does the remapping? Jake From patrickdk at patrickdk.com Tue Oct 11 15:37:26 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Tue, 11 Oct 2011 08:37:26 -0400 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <1318297970.25687.140258153322933@webmail.messagingengine.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com> <20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com> <1318297970.25687.140258153322933@webmail.messagingengine.com> Message-ID: <20111011083726.Horde.VQlFZpLnE6FOlDiGg1eR6hA@kishi.patrickdk.com> postfix delivers to the user, and I don't do lmtp authentication, I just submit the email from postfix to lmtp. I'm not even sure how you can use lmtp authentication to verify a delivery address, normally when postfix uses lmtp the email was accepted, and therefor would generate a bounce. I can't find anything that wouldn't bounce using lmtp, in postfix or dovecot documentation. Quoting jake0534 at airpost.net: > Hey, > > On Monday, October 10, 2011 7:46 PM, "Patrick Domack" > wrote: >> I always keep it seperate, the user table is used by dovecot only, and >> the alias table is used by postfix. >> >> And then for users, you just alias them to themselfs. Then everything >> exists in the alias table, and postfix knows all valid users, cause >> they all exist in the alias table. >> >> I just think of it as, user accounts, and email addresses that map to >> the user accounts. > > So you're not using LMTP authentication to verify that Postfix is trying > to deliver to a valid user? I though that's what it was for. > > In your setup, 'who' does Postfix try to deliver to, then? The 'real' > user, after figuring out and remapping any aliases to it? Or to the > alias, and then Dovecot does the remapping? > > Jake From jake0534 at airpost.net Tue Oct 11 18:57:49 2011 From: jake0534 at airpost.net (jake0534 at airpost.net) Date: Tue, 11 Oct 2011 08:57:49 -0700 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <20111011083726.Horde.VQlFZpLnE6FOlDiGg1eR6hA@kishi.patrickdk.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com><20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com><1318297970.25687.140258153322933@webmail.messagingengine.com> <20111011083726.Horde.VQlFZpLnE6FOlDiGg1eR6hA@kishi.patrickdk.com> Message-ID: <1318348669.14547.140258153570049@webmail.messagingengine.com> On Tuesday, October 11, 2011 8:37 AM, "Patrick Domack" wrote: > postfix delivers to the user, and I don't do lmtp authentication, I > just submit the email from postfix to lmtp. Ok, then we have different approaches. So you are using *only* Postfix to check if a received user is valid, right? > I'm not even sure how you can use lmtp authentication to verify a > delivery address, normally when postfix uses lmtp the email was > accepted, and therefor would generate a bounce. > > I can't find anything that wouldn't bounce using lmtp, in postfix or > dovecot documentation. If you follow this, http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP it works OK. There is no bounce when Postfix submit mail to LMTP for delivery and the user is authenticated as valid. Jake From m.fresel at hi-competence.eu Tue Oct 11 20:02:16 2011 From: m.fresel at hi-competence.eu (Fresel Michal - hi competence e.U.) Date: Tue, 11 Oct 2011 19:02:16 +0200 Subject: [Dovecot] using ecc-certificates (ellyptic curve) will not establish connection In-Reply-To: <392E878E-4AF2-4E8F-8CF5-CAC5F1A5B4BF@hi-competence.eu> References: <392E878E-4AF2-4E8F-8CF5-CAC5F1A5B4BF@hi-competence.eu> Message-ID: <7C992DAE-0077-4AF2-A47A-BFD87DACC0E4@hi-competence.eu> hi building 2.0.15 (f6a2c0e8bc03) against the 10.0e ssl-libs _WORKS_ (on some parts ;) Note: be careful on the client-side as many clients won't understand these types of certificates check the version of openssl if you have problems ... a client on OS X 10.6 (OpenSSL 0.9.8r 8 Feb 2011) gives the folowing error # openssl s_client -host remoteserver -port 993 CONNECTED(00000003) 8346:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-35.1/src/ssl/s23_clnt.c:602: ==> /var/log/mail.log <== dovecot: imap-login: Disconnected (no auth attempts): rip=xxxx, lip=xxxx, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher well - THIS would work (for debuging :) # openssl s_client -host remoteserver -port 993 -cipher ECCdraft Greetings Mike Am 09.10.2011 um 16:21 schrieb Fresel Michal - hi competence e.U.: > hi > > I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :( > > I tried to test using following scenario: > > > machine: > debian 6 (x64) > dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian > openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing) > > > > creating keys+cert for ecc (i.e. curves prime192v1, secp521r1) > # openssl ecparam -name prime192v1 -genkey -out prime192v1.key > # openssl req -new -key prime192v1.key -out prime192v1.csr > # openssl req -x509 -in prime192v1.csr -key prime192v1.key -out prime192v1.crt > > testing these in 2 windows > # openssl s_server -cert prime192v1.crt -key prime192v1.key -www > # openssl s_client > note: when using the default openssl version 0.9.8o-4squeeze3 you need to append -cipher ECCdraft > > > output (cut) > ... > New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES256-SHA > Server public key is 192 bit > Secure Renegotiation IS supported > Compression: zlib compression > Expansion: zlib compression > SSL-Session: > Protocol : SSLv3 > Cipher : ECDHE-ECDSA-AES256-SHA > Session-ID: xxxxx > Session-ID-ctx: > Master-Key: xxxxx > Key-Arg : None > PSK identity: None > PSK identity hint: None > Compression: 1 (zlib compression) > Start Time: xxxxx > Timeout : 7200 (sec) > Verify return code: 18 (self signed certificate) > > > looks promising - also for the secp521r1 curve > > > but when changing dovecot.conf to use these keys and certificates it won't use them and return errors > > # openssl s_client -port 993 > CONNECTED(00000003) > 140543456835240:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1195:SSL alert number 40 > 140543456835240:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:591: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 7 bytes and written 0 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : SSLv3 > Cipher : 0000 > Session-ID: > Session-ID-ctx: > Master-Key: > Key-Arg : None > PSK identity: None > PSK identity hint: None > Start Time: xxxxx > Timeout : 7200 (sec) > Verify return code: 0 (ok) > --- > > and the log gives (using verbose_ssl = yes in dovecot.conf) > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > > from doveconf -a: > ssl = required > ssl_ca = > ssl_cert = ssl_cert_username_field = commonName > ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL > ssl_key = ssl_key_password = > ssl_parameters_regenerate = 168 > ssl_verify_client_cert = no > > > Has anybody already tested this and made it working? > Or do i have just to recompile everything to make it work? > > > Greetings > > Mike From mephistopheles at operamail.com Wed Oct 12 05:43:42 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Tue, 11 Oct 2011 19:43:42 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? Message-ID: <1318387422.21937.140258153786649@webmail.messagingengine.com> I have Dovecot2 auth setup to run as user = doveauth group = dovecot configured in, vi conf.d/10-master.conf ... service auth { unix_listener /var/spool/postfix/private/auth { user = postfix group = postfix mode = 0660 } user = doveauth group = dovecot } service auth-worker { user = doveauth group = dovecot } ... When I start Dovecot, ls -al /var/run/dovecot/auth-* /bin/ls: No match. service dovecot-custom start Starting Dovecot ... done Dovect's auth-process sockets are created with different ownership than what I specified, ls -al /var/run/dovecot/auth-* srw------- 1 root root 0 Oct 11 19:30 /var/run/dovecot/auth-client srw------- 1 dovecot root 0 Oct 11 19:30 /var/run/dovecot/auth-login srw------- 1 root root 0 Oct 11 19:30 /var/run/dovecot/auth-master srw------- 1 root root 0 Oct 11 19:30 /var/run/dovecot/auth-userdb srw------- 1 dovecot root 0 Oct 11 19:30 /var/run/dovecot/auth-worker Which causes problems when I test AUTH, telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. a login "xxx at domain.loc" "testpass" a NO [UNAVAILABLE] Temporary authentication failure. * OK Waiting for authentication process to respond.. In logs, ==> /var/log/dovecot/dovecot-debug.log <== Oct 11 19:32:11 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/modules/auth Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libauthdb_ldap.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_mysql.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_pgsql.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_sqlite.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libmech_gssapi.so Oct 11 19:32:11 auth: Debug: auth client connected (pid=2397) Oct 11 19:32:17 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=127.0.0.1 rip=127.0.0.1lport=143 rport=47016 resp= ==> /var/log/dovecot/dovecot.log <== Oct 11 19:32:17 auth: Fatal: net_connect_unix(auth-worker) in directory /var/run/dovecot failed: Permission denied (euid=1101(doveauth) egid=305(dovecot) missing +r perm: /var/run/dovecot/auth-worker, dir owned by 305:305 mode=0755) What needs to change to get those sockets created with correct/assigned ownership & perms? From henson at acm.org Wed Oct 12 05:53:33 2011 From: henson at acm.org (Paul B. Henson) Date: Tue, 11 Oct 2011 19:53:33 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <1318387422.21937.140258153786649@webmail.messagingengine.com> References: <1318387422.21937.140258153786649@webmail.messagingengine.com> Message-ID: <20111012025332.GR8748@bender.csupomona.edu> On Tue, Oct 11, 2011 at 07:43:42PM -0700, mephistopheles at operamail.com wrote: > service auth-worker { > user = doveauth > group = dovecot > } You need an extra piece here: service auth-worker { user = $default_internal_user unix_listener auth-worker { user = postfix } } It was *not* easy to figure that out; none of the postfix/dovecot how-to's have been updated for dovecot 2. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768 From patrickdk at patrickdk.com Wed Oct 12 06:05:23 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Tue, 11 Oct 2011 23:05:23 -0400 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <1318348669.14547.140258153570049@webmail.messagingengine.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com><20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com><1318297970.25687.140258153322933@webmail.messagingengine.com> <20111011083726.Horde.VQlFZpLnE6FOlDiGg1eR6hA@kishi.patrickdk.com> <1318348669.14547.140258153570049@webmail.messagingengine.com> Message-ID: <20111011230523.Horde.EA9lSZLnE6FOlQPzJfXzWgA@kishi.patrickdk.com> I'm totally confused by your authenticated as valid part, lmtp doesn't authenticate anything. How do you let postfix know about valid recipients, I don't really care about authenticated ones, just valid ones, and if you do that at lmtp time, postfix has already received the email, and therefor it would bounce if lmtp says it's not a valid recipient. Quoting jake0534 at airpost.net: > On Tuesday, October 11, 2011 8:37 AM, "Patrick Domack" > wrote: >> postfix delivers to the user, and I don't do lmtp authentication, I >> just submit the email from postfix to lmtp. > > Ok, then we have different approaches. > > So you are using *only* Postfix to check if a received user is valid, > right? > >> I'm not even sure how you can use lmtp authentication to verify a >> delivery address, normally when postfix uses lmtp the email was >> accepted, and therefor would generate a bounce. >> >> I can't find anything that wouldn't bounce using lmtp, in postfix or >> dovecot documentation. > > If you follow this, > > http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP > > it works OK. There is no bounce when Postfix submit mail to LMTP for > delivery and the user is authenticated as valid. > > Jake From mephistopheles at operamail.com Wed Oct 12 06:20:13 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Tue, 11 Oct 2011 20:20:13 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <20111012025332.GR8748@bender.csupomona.edu> References: <1318387422.21937.140258153786649@webmail.messagingengine.com> <20111012025332.GR8748@bender.csupomona.edu> Message-ID: <1318389613.30386.140258153796681@webmail.messagingengine.com> On Tuesday, October 11, 2011 7:53 PM, "Paul B. Henson" wrote: > You need an extra piece here: > > service auth-worker { > user = $default_internal_user > > unix_listener auth-worker { > user = postfix > } > } Maybe being too literal, or misunderstanding your 'extra', I changed to, ... service auth-worker { # user = doveauth # group = dovecot user = $default_internal_user unix_listener auth-worker { user = postfix } } ... At telnet 127.0.0.1 143 etc I get the same FAIL as above. But, if first I chown doveauth:dovecot /var/run/dovecot/auth-worker then telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a login "xxx at domain.loc" "testpass" a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA ACL RIGHTS=texk] Logged in ... succeeds. From mephistopheles at operamail.com Wed Oct 12 06:38:22 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Tue, 11 Oct 2011 20:38:22 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <20111012025332.GR8748@bender.csupomona.edu> References: <1318387422.21937.140258153786649@webmail.messagingengine.com> <20111012025332.GR8748@bender.csupomona.edu> Message-ID: <1318390702.2165.140258153801701@webmail.messagingengine.com> > It was *not* easy to figure that out; none of the postfix/dovecot > how-to's have been updated for dovecot 2. Fwiw, this looks useful Authentication process user http://wiki2.dovecot.org/UserIds Trying to get those $default_... redefined. No luck yet. From henson at acm.org Wed Oct 12 06:47:59 2011 From: henson at acm.org (Paul B. Henson) Date: Tue, 11 Oct 2011 20:47:59 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <1318389613.30386.140258153796681@webmail.messagingengine.com> References: <1318387422.21937.140258153786649@webmail.messagingengine.com> <20111012025332.GR8748@bender.csupomona.edu> <1318389613.30386.140258153796681@webmail.messagingengine.com> Message-ID: <20111012034759.GV8748@bender.csupomona.edu> On Tue, Oct 11, 2011 at 08:20:13PM -0700, mephistopheles at operamail.com wrote: > Maybe being too literal, or misunderstanding your 'extra', I changed to, Hmm, I just cut-and-pasted my config :), the missing piece was the unix_listener subconfig user, the user/group part in the service config didn't need to match mine exactly, although I think $default_internal_user is dovecot anyway. > chown doveauth:dovecot /var/run/dovecot/auth-worker Hmm, perhaps I misunderstood you? I thought you were trying to get SASL auth working with postfix? But you're demonstrating an imap connection. Ah, yes, I see in your original email you showed an imap connection too. I just saw the /var/spool/postfix/private/auth and user/group postfix parts of the config and made an assumption. My config was for using Dovecot *just* to provide SASL authentication services to postfix for smtp auth, I'm not using any of its other features/services. Sorry for any confusion. I'm curious though, why are you setting the auth stuff up to be owned by postfix if you'd trying to authenticate dovecot imap processes? It seems you're mixing two different configs. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768 From mephistopheles at operamail.com Wed Oct 12 07:06:52 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Tue, 11 Oct 2011 21:06:52 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <20111012034759.GV8748@bender.csupomona.edu> References: <1318387422.21937.140258153786649@webmail.messagingengine.com><20111012025332.GR8748@bender.csupomona.edu><1318389613.30386.140258153796681@webmail.messagingengine.com> <20111012034759.GV8748@bender.csupomona.edu> Message-ID: <1318392412.30494.140258153805849@webmail.messagingengine.com> > Sorry for any confusion. np. issue solved. for my config, ... service auth-worker { user = doveauth unix_listener auth-worker { user = doveauth } } ... then service dovecot-custom restart ls -al /var/run/dovecot/auth-worker srw------- 1 doveauth root 0 Oct 11 20:56 /var/run/dovecot/auth-worker better. and, telnet 127.0.0.1 4143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. a login "xxx at domain.loc" "testpass" a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA ACL RIGHTS=texk] Logged in > I'm curious though, why are you setting the auth stuff up to be owned by > postfix if you'd trying to authenticate dovecot imap processes? It seems > you're mixing two different configs. I'm converting to SQL from flatfiles (http://wiki2.dovecot.org/HowTo/VirtualUserFlatFilesPostfix). Just haven't gotten to making all the changes yet. Single-stepping through testing, got to IMAP and found this issue. Thanks for the help! From simon.brereton at buongiorno.com Wed Oct 12 17:24:28 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 12 Oct 2011 10:24:28 -0400 Subject: [Dovecot] Auth Worker failures Message-ID: <069801cc88ea$a7c7dd80$f7579880$@brereton@buongiorno.com> Hi I have a script that checks the logs each day and mails me invalid user attempts and authentication failures for the previous day. (I use fail2ban to ban multiple attempts in a short space of time). For some reason, this appears every day: Oct 11 06:25:12 mail dovecot: auth-worker(default): sql(simon at mydomain.net,127.0.0.1): Password mismatch Oct 11 06:25:19 mail dovecot: auth-worker(default): sql(simon at mydomain.net,127.0.0.1): Password mismatch Oct 11 06:25:31 mail dovecot: auth-worker(default): sql(simon at mydomain.net,127.0.0.1): Password mismatch Oct 11 06:25:48 mail dovecot: auth-worker(default): sql(simon at mydomain.net,127.0.0.1): Password mismatch Oct 11 06:26:10 mail dovecot: imap-login: Aborted login (auth failed, 4 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Of all the accounts on the box, it's only mine that throws this up. Since its LIP is localhost, it could really only be for webmail - but I don't always leave the webmail open, so I'm curious to know how this gets there and what it is. Any suggestions? I find it difficult to believe I have an IMAP process in a script somewhere (especially with my user account - the postmaster account, I could believe, but not with my personal one).. The log time is UTC, so watching the process list at 2.24 is less than appealing! Simon From aperezaranda at yaco.es Thu Oct 13 11:31:29 2011 From: aperezaranda at yaco.es (Antonio Perez-Aranda) Date: Thu, 13 Oct 2011 10:31:29 +0200 Subject: [Dovecot] Rare error with concurrent users searching with fts-solr Message-ID: Hi all, If I start two o more connections with diferent users that make a search text to solr I get this message many times: Error: fts_solr: Query didn't return uid If I repeat the test about 2000 times, with only one user concurrent, with 60 diferent users, without concurrent, I get between 0. If I repeat the test about 2000 times, with 2 users concurrent, I get between 3 or 10 errors. If I repeat the test about 2000 times, with 4 users concurrent, I get between 10-20 errors. After see this error, I set a tcpdump to try to watch the SOLR XML and GET, I can watch that Solr send a xml like this: with 200 as http status When the normal response is like this 0 1 uid,score uid asc BLABLABLA +user:"ANYUSER" +uidv:1208469916 +box:"ANYFOLDER" -ns:[* TO *] 1 At first, I think that the problems it's in Solr, but after get all GET from tcpdump, I make a python script with urllib2 and send it all to Solr with the same concurrency and I can't get any error or "empty response" Have someone made a intensive concurrency tests over Dovecot + Solr ? -- Antonio P?rez-Aranda Alcaide aperezaranda at yaco.es Yaco Sistemas S.L. http://www.yaco.es/ C/ Rioja 5, 41001 Sevilla Tel?fono +34 954 50 00 57 Fax ? ? ?+34 954 50 09 29 From nanovox at gmail.com Thu Oct 13 16:00:49 2011 From: nanovox at gmail.com (Steven Kiehl) Date: Thu, 13 Oct 2011 09:00:49 -0400 Subject: [Dovecot] Dovecot not processing through Sieve Message-ID: Hello everyone, I'm fairly new to Dovecot, but I've gotten the majority of things working except for Sieve. I'm running Dovecot 1.2.9 coupled with Postfix and SpamAssassin all with a virtual domains setup. I am receiving mail and it is being processed by all the plugins that operate through Postfix. The quota configured in Dovecot appears to be working because my mail client shows the configured quota. But the Sieve rules are not processing. I created a rule as follows to filter spam: require ["fileinto"]; # rule:[global-spam] if anyof (header :contains "Subject" "[SPAM]", header :contains "X-Spam-Flag" "YES") { fileinto "Junk"; } If I mail myself a message with [SPAM] in the title, it goes into my inbox regardless. I've run 'sieve-test' with the same email and it says it will file it into Junk. The Junk folder exists. I even tried adding :create and the "mailbox" plugin, but that didn't do anything either. Here is the relevant majority of my dovecot configuration: login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:/home/dovecot/mail/domains/%d/%n/Maildir mail_debug: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail tb-extra-mailbox-sep imap_client_workarounds(imap): outlook-idle delay-newmail tb-extra-mailbox-sep imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): namespace: type: private separator: / inbox: yes list: yes subscriptions: yes lda: *mail_plugins: quota sieve* quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: cram-md5 plain login passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen master: path: /var/run/dovecot/auth-master mode: 384 user: dovemail group: dovemail socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: convert_mail: maildir:/home/dovecot/mail/domains/%d/%u/Maildir * sieve: /etc/dovecot/sieve/domains/%d/%n.sieve* * sieve_global_dir: /etc/dovecot/sieve/global/* quota: maildir:User quota_rule: INBOX:storage=500M quota_rule2: INBOX.Trash:storage=100M The sieve plugin exists in /usr/lib/dovecot/modules/lda/lib90_sieve_plugin.so, so I would assume I'd have to use *mail_plugin: sieve* as my configuration setting. Like I said, I am receiving emails to my domains without any problem, but sieve rules are not being processed. I can see the rules set up by using the Roundcube plugin, and I can create and edit rules through Roundcube, but nothing different happens when I send myself an email. It all just delivers to the inbox. Thanks for your help, Steve K. From stephan at rename-it.nl Thu Oct 13 16:21:46 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 13 Oct 2011 15:21:46 +0200 Subject: [Dovecot] Dovecot not processing through Sieve In-Reply-To: References: Message-ID: <4E96E5EA.1000903@rename-it.nl> On 10/13/2011 3:00 PM, Steven Kiehl wrote: > I'm fairly new to Dovecot, but I've gotten the majority of things working > except for Sieve. I'm running Dovecot 1.2.9 coupled with Postfix and > SpamAssassin all with a virtual domains setup. I am receiving mail and it > is being processed by all the plugins that operate through Postfix. The > quota configured in Dovecot appears to be working because my mail client > shows the configured quota. But the Sieve rules are not processing. I > created a rule as follows to filter spam: [...] > Like I said, I am receiving emails to my domains without any problem, but > sieve rules are not being processed. I can see the rules set up by using > the Roundcube plugin, and I can create and edit rules through Roundcube, but > nothing different happens when I send myself an email. It all just delivers > to the inbox. Are you sure you are using the Dovecot LDA (deliver)? Did you follow these instructions in the wiki? http://wiki1.dovecot.org/LDA http://wiki1.dovecot.org/LDA/Postfix From the looks of things, your Postfix currently still does its own mail delivery instead of using the Dovecot LDA. You should see entries in your log relating to LDA/deliver and Sieve, especially since you enabled mail_debug. To test whether Sieve is configured correctly (and to see what the Dovecot LDA normally logs), you can also manually execute /usr/lib/dovecot/deliver and feed it a message. Regards, Stephan From stephan at rename-it.nl Thu Oct 13 16:32:38 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 13 Oct 2011 15:32:38 +0200 Subject: [Dovecot] Sieve and UserDB/SQL support In-Reply-To: <270879f071d71e54745e1373c34ad61a@benweblife.fr> References: <270879f071d71e54745e1373c34ad61a@benweblife.fr> Message-ID: <4E96E876.6090505@rename-it.nl> On 8/25/2011 10:01 AM, ben at benweblife.fr wrote: Better late than never :) > I would like to know if plugins of sieve support UserDB/SQL backend. > For example, for the vacation plugin, is it possible to retrieve a > field like "sieve_vacation_days", "sieve_vacation_reason", and so on.. > on user_query? Not really, especially not in the Sieve standard. There is a experimental plugin for something like that. It can use Dovecot dictionaries to retrieve external data. It is documented here: http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extdata Regards, Stephan. From stephan at rename-it.nl Thu Oct 13 18:07:47 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 13 Oct 2011 17:07:47 +0200 Subject: [Dovecot] Dovecot not processing through Sieve In-Reply-To: References: <4E96E5EA.1000903@rename-it.nl> Message-ID: <4E96FEC3.9090802@rename-it.nl> Please reply to the list as well. On 10/13/2011 3:28 PM, Steven Kiehl wrote: > > On Thu, Oct 13, 2011 at 9:21 AM, Stephan Bosch > wrote: > > Are you sure you are using the Dovecot LDA (deliver)? Did you > follow these instructions in the wiki? > > http://wiki1.dovecot.org/LDA > http://wiki1.dovecot.org/LDA/Postfix > > From the looks of things, your Postfix currently still does its > own mail delivery instead of using the Dovecot LDA. You should see > entries in your log relating to LDA/deliver and Sieve, especially > since you enabled mail_debug. To test whether Sieve is configured > correctly (and to see what the Dovecot LDA normally logs), you can > also manually execute /usr/lib/dovecot/deliver and feed it a message. > > I am using Dovecot deliver to perform mail delivery. I'm absolutely > certain of this because I get spam scores and it is SpamAssassin that > actually hands the mail over to deliver. Here is my postfix master.cf > entry for spamc/deliver: > > dovespam unix n n n - - pipe > flags=DRhu user=dovemail:dovemail argv=/usr/bin/spamc -f -e > /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -f ${sender} -d > ${user}@${nexthop} -n -m ${extension} Ok, then what do your logs say about delivery? Even when things are filed in INBOX, the logs should show that deliver and sieve are being executed and putting the mail there. http://wiki1.dovecot.org/Logging Regards, Stephan From james.page at ubuntu.com Thu Oct 13 18:13:17 2011 From: james.page at ubuntu.com (James Page) Date: Thu, 13 Oct 2011 16:13:17 +0100 Subject: [Dovecot] Restarting dovecot periodically fails with "Socket already exists: /var/run/dovecot/anvil" Message-ID: <4E97000D.7030908@ubuntu.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello restarting dovecot regularly fails with version 2.0.13 on Ubuntu 11.10 due to a running child process exiting after the main dovecot process. Oct 13 15:04:58 ubuntu dovecot: master: Error: service(anvil): Socket already exists: /var/run/dovecot/anvil Oct 13 15:04:58 ubuntu dovecot: master: Error: service(anvil): Socket already exists: /var/run/dovecot/anvil-auth-penalty Oct 13 15:04:58 ubuntu dovecot: master: Fatal: Failed to start listeners Oct 13 15:04:58 ubuntu kernel: [11132.825253] init: dovecot main process (8668) terminated with status 89 The dovecot/anvil process appears to be the cause of the problem (snapshot of running dovecot processes just after main dovecot process stops): root 8418 8080 0 15:02 pts/0 00:00:00 stop dovecot root 8419 1 0 15:02 ? 00:00:00 dovecot/anvil root 8422 8420 0 15:02 ? 00:00:00 grep dovecot This is an Ubuntu specific issue as we use upstart to manage dovecot which monitors the status of the main dovecot process; the Debian init script appears to make provision for this happening. I can work around this in the upstart configuration but it does look like a potential bug in the sub-process handling in dovecot. Any help much appreciated - please feel free to comment on https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/873390 as well. Regards - -- James Page Ubuntu Core Developer - ----------------------------------- dovecot -n # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 3.0.0-12-generic-pae i686 Ubuntu 11.10 mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 sieve ssl_cert = was automatically rejected:%n%r } -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJOlwAJAAoJEL/srsug59jD1e4QAIB0/OhBhgr7HYqJNh3d1f69 8vGl6LSb2jjJb6bI+GX8QRHDDHXs6g3RadpHTEnDngJPLRPJxnnmr/mqcG+sAeYa 92shRyWnZQFEHJkl9hE1t1OS7skpLezWgSl6nOtzkRxm3yB0+w81PyQZVH2QArKf dATww3t0hMd3ybPEJnZwSlIQ/82i79qd8RZd1orERdIKN1wIyhb2uOi1XXBvGHZo hZKhO1sv3vz1RLpJXeWIVUNK8RQHJcvAOdqvTeT7kzx1gdxy3ycr7WOTUFY3Nc83 SYFyV9/miSNc45n+eDnsoknwggn0JWMkMA1jzRQz9OGCWFkJVFIuOE9jwJcFP6HY +8OnWwgdu5qNQ6nrn4+M1dB1MrFV5aFQmSuXsuAFXkCYywajdVhNyTkC8wERUBf1 NMv4PQRP0tA/UOOy9qNnNf9y3kQ1ItJ5ZhBTOO5WctnowYHDTWtnoxD7m0aEM1rA NH1TFolUgeiT6B9xFcreq42qEVYItKV60o2gv8fMDXwtkSjfDfJ2/88/45dcTOuK t+qUZnpI+AgCak7AfYShj1SjYN80BbpPpQ0WtG6MObXBZZl84paNpAUibUfN0tPy cEscYqUhkkptbfenJe3ldz0S2AhlrDTFk3cWGKwwlKY+29vBsoZtbgIamgrOKLX9 AbdvqFx8gnYe5af1k3eL =6Mfk -----END PGP SIGNATURE----- From nanovox at gmail.com Thu Oct 13 18:39:23 2011 From: nanovox at gmail.com (Steven Kiehl) Date: Thu, 13 Oct 2011 11:39:23 -0400 Subject: [Dovecot] Dovecot not processing through Sieve In-Reply-To: <4E96FEC3.9090802@rename-it.nl> References: <4E96E5EA.1000903@rename-it.nl> <4E96FEC3.9090802@rename-it.nl> Message-ID: Problem solved. It appears that my configuration contained two plugin {} blocks. One in an include (which is what I was editing) and one in the main dovecot.conf. While neither plugin {} block contained anything that would override the other, it appears that deliver doesn't listen to the second block. when I run "dovecot -n" the settings from both blocks are consolidated and output, but as soon as I removed the duplicate block, deliver started processing Sieve rules as expected. It wasn't until I tried hand-delivering a message on the command line that the issue became obvious. I'm not sure if deliver is actually paying any attention to the include options, so I may consolidate my config and forget about multiple configuration files. Thanks for your help Stephan! - Steve K. On Thu, Oct 13, 2011 at 11:07 AM, Stephan Bosch wrote: > Please reply to the list as well. > > > On 10/13/2011 3:28 PM, Steven Kiehl wrote: > > > On Thu, Oct 13, 2011 at 9:21 AM, Stephan Bosch wrote: > >> Are you sure you are using the Dovecot LDA (deliver)? Did you follow these >> instructions in the wiki? >> >> http://wiki1.dovecot.org/LDA >> http://wiki1.dovecot.org/LDA/Postfix >> >> From the looks of things, your Postfix currently still does its own mail >> delivery instead of using the Dovecot LDA. You should see entries in your >> log relating to LDA/deliver and Sieve, especially since you enabled >> mail_debug. To test whether Sieve is configured correctly (and to see what >> the Dovecot LDA normally logs), you can also manually execute >> /usr/lib/dovecot/deliver and feed it a message. >> >> I am using Dovecot deliver to perform mail delivery. I'm absolutely > certain of this because I get spam scores and it is SpamAssassin that > actually hands the mail over to deliver. Here is my postfix master.cfentry for spamc/deliver: > > dovespam unix n n n - - pipe > flags=DRhu user=dovemail:dovemail argv=/usr/bin/spamc -f -e > /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -f ${sender} -d > ${user}@${nexthop} -n -m ${extension} > > > Ok, then what do your logs say about delivery? Even when things are filed > in INBOX, the logs should show that deliver and sieve are being executed and > putting the mail there. > > http://wiki1.dovecot.org/Logging > > Regards, > > Stephan > > From crrodriguez at opensuse.org Thu Oct 13 22:23:31 2011 From: crrodriguez at opensuse.org (=?iso-8859-1?q?Cristian_Rodr=EDguez?=) Date: Thu, 13 Oct 2011 16:23:31 -0300 Subject: [Dovecot] [PATCH] Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low Message-ID: # HG changeset patch # User Cristian Rodr?guez # Date 1318533592 10800 # Node ID c15d6befe20082009cb40926afa208ab4b684818 # Parent 962df5d9413a4a0fcc68aacc1df0dca7a44a0240 Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low. diff -r 962df5d9413a -r c15d6befe200 src/login-common/ssl-proxy-openssl.c --- a/src/login-common/ssl-proxy-openssl.c Wed Oct 12 17:16:10 2011 +0300 +++ b/src/login-common/ssl-proxy-openssl.c Thu Oct 13 16:19:52 2011 -0300 @@ -925,6 +925,9 @@ STACK_OF(X509_NAME) *xnames = NULL; SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); +#endif if (*set->ssl_ca != '\0') { /* set trusted CA certs */ store = SSL_CTX_get_cert_store(ssl_ctx); From Chris at VandenBerghe.org Fri Oct 14 09:42:27 2011 From: Chris at VandenBerghe.org (Chris Vanden Berghe) Date: Fri, 14 Oct 2011 14:42:27 +0800 Subject: [Dovecot] Issue after upgrading to Ubuntu Server 11.10 Message-ID: Hi all, After upgrading to Ubuntu Server 11.10 my mail setup stopped working. The error message I get is: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) Does anybody have an idea how to solve this? Thanks, Chris. --- # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 3.0.0-12-generic x86_64 Ubuntu 11.10 ext3 auth_verbose = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/var/vmail/%u mail_privileged_group = mail maildir_stat_dirs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { fts = squat fts_squat = partial=4 full=10 } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth-client { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0600 user = vmail } } service imap-login { inet_listener imap { address = localhost port = 143 } inet_listener imaps { address = * port = 993 } } ssl_cert = References: Message-ID: I added unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } to the configuration which seems to solve the issue. Is this the right solution? Regards, Chris. --- On Fri, Oct 14, 2011 at 2:42 PM, Chris Vanden Berghe wrote: > Hi all, > > After upgrading to Ubuntu Server 11.10 my mail setup stopped working. > The error message I get is: > > lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) > failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing > +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) > > Does anybody have an idea how to solve this? > > Thanks, > Chris. > > --- > # 2.0.13: /etc/dovecot/dovecot.conf > # OS: Linux 3.0.0-12-generic x86_64 Ubuntu 11.10 ext3 > auth_verbose = yes > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_location = maildir:/var/vmail/%u > mail_privileged_group = mail > maildir_stat_dirs = yes > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date > passdb { > ?args = /etc/dovecot/dovecot-sql.conf > ?driver = sql > } > plugin { > ?fts = squat > ?fts_squat = partial=4 full=10 > } > protocols = imap > service auth { > ?unix_listener /var/spool/postfix/private/auth-client { > ? ?group = postfix > ? ?mode = 0660 > ? ?user = postfix > ?} > ?unix_listener auth-master { > ? ?group = vmail > ? ?mode = 0600 > ? ?user = vmail > ?} > } > service imap-login { > ?inet_listener imap { > ? ?address = localhost > ? ?port = 143 > ?} > ?inet_listener imaps { > ? ?address = * > ? ?port = 993 > ?} > } > ssl_cert = ssl_key = userdb { > ?args = uid=5000 gid=5000 home=/var/vmail/%u > ?driver = static > } > protocol imap { > ?mail_max_userip_connections = 50 > ?mail_plugins = fts fts_squat > } > protocol lda { > ?mail_plugins = sieve > } > From maria_arrea at gmx.com Sun Oct 16 01:11:23 2011 From: maria_arrea at gmx.com (Maria Arrea) Date: Sun, 16 Oct 2011 00:11:23 +0200 Subject: [Dovecot] Question about ionice & dovecot-deliver Message-ID: <20111015221123.67190@gmx.com> Hello We are running dovecot 2.0.13 with mdbox on RHEL 5.7 x64, ext4 filesystem. Sometimes we have a big load increase because a mailing list server send 16.000 32k messages in less than 3 minutes. We want to "slow down" delivery, we prefer slow delivery instead of logging out webmail users. I have the following line en /etc/postfix/master.cf: flags=DRhu user=userid argv=/usr/libexec/dovecot/deliver -d ${user} And in /etc/postfix/main.cf mailbox_command = /usr/libexec/dovecot/deliver I would like to add ionice to the equation, prefixing /usr/bin/ionice -c2 -n6 before the deliver lines in postfix config. Is there any other way of slowing down delivery speed vs imap access? Regards Maria From patrickdk at patrickdk.com Sun Oct 16 02:46:21 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Sat, 15 Oct 2011 19:46:21 -0400 Subject: [Dovecot] Question about ionice & dovecot-deliver In-Reply-To: <20111015221123.67190@gmx.com> References: <20111015221123.67190@gmx.com> Message-ID: <20111015194621.Horde.aHNCVpLnE6FOmhtNpYsFooA@kishi.patrickdk.com> This sounds like a postfix issue more than dovecot. Its easy to make a slow deliever transport for postfix, many people do so when sending emails to hotmail/yahoo. Sounds like that solution would work for you, just applied to the dovecot transport instead. Quoting Maria Arrea : > Hello > > We are running dovecot 2.0.13 with mdbox on RHEL 5.7 x64, ext4 > filesystem. Sometimes we have a big load increase because a mailing > list server send 16.000 32k messages in less than 3 minutes. We want > to "slow down" delivery, we prefer slow delivery instead of logging > out webmail users. > > I have the following line en /etc/postfix/master.cf: > > flags=DRhu user=userid argv=/usr/libexec/dovecot/deliver -d ${user} > > And in /etc/postfix/main.cf > > mailbox_command = /usr/libexec/dovecot/deliver > > I would like to add ionice to the equation, prefixing > /usr/bin/ionice -c2 -n6 before the deliver lines in postfix config. > Is there any other way of slowing down delivery speed vs imap access? > > Regards > > Maria From stan at hardwarefreak.com Sun Oct 16 04:17:04 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Sat, 15 Oct 2011 20:17:04 -0500 Subject: [Dovecot] Question about ionice & dovecot-deliver In-Reply-To: <20111015221123.67190@gmx.com> References: <20111015221123.67190@gmx.com> Message-ID: <4E9A3090.80100@hardwarefreak.com> On 10/15/2011 5:11 PM, Maria Arrea wrote: <...> > Is there any other way of slowing down delivery speed vs imap access? The proper way to slow down inbound mail is with your MTA, not your LDA, and certainly not using kernel level tweaks to the IO subsystem. There are many ways to accomplish this with Postfix. Please post your question on the Postfix mailing list. Conversely, if you or your organization control that list server, simply tweak the mailing list manager software, or the MTA, lowering the delivery rate. -- Stan From lists at wilkesley.net Mon Oct 17 09:17:17 2011 From: lists at wilkesley.net (Ian Barton) Date: Mon, 17 Oct 2011 07:17:17 +0100 Subject: [Dovecot] Problems Configuring Pigeonhole/Seve Message-ID: <4E9BC86D.4080303@wilkesley.net> I am moving my email server from Ubuntu Lucid to Arch. The Arch server is running Dovecot V2.0.15. Email is working fine, but I can't get Pigeonhiole/sieve to work. My dovecot.conf is: protocols = imap sieve ssl = yes ssl_cert = References: <4E9BC86D.4080303@wilkesley.net> Message-ID: <4E9BCD19.5060002@rename-it.nl> On 10/17/2011 8:17 AM, Ian Barton wrote: > I am moving my email server from Ubuntu Lucid to Arch. The Arch server > is running Dovecot V2.0.15. Email is working fine, but I can't get > Pigeonhiole/sieve to work. [...] > I have created the sieve dir in the virtual users folder. However > sieve doesn't appear to be working. > I have tried logging in manually to see if sieve is running, 'Logging into Sieve' means that you are checking whether the ManageSieve protocol is active. Using this technique, you'll only be able to verify that it is possible to remotely upload Sieve scripts. This has nothing to do with whether Sieve scripts are being executed at delivery or not. Still, connecting to that protocol should work: > but get the following error: > ian:~/ $ gnutls-cli --starttls -p 143 mail2.wilkesley.net > [8:32:22] > Resolving 'mail2.wilkesley.net'... > Connecting to '127.0.0.1:143'... > - Simple Client Mode: > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE STARTTLS AUTH=PLAIN] Dovecot ready. > STARTTLS > STARTTLS BAD Error in IMAP command received by server. > According to the Dovecot wiki this should reply with the capabilities > of my server, Note the server sends and receives mail OK using starttls. > > So what am I doing wrong? I'm getting the feeling that the wiki is not clear enough on this point. You are connecting to IMAP (port 143), which makes no sense. You should connect to the port configured for the Sieve protocol, which is 4190 by default and 2000 for older setups. If your Sieve scripts are not being executed, you should check the following first: http://wiki2.dovecot.org/Pigeonhole/Sieve/Troubleshooting Regards, Stephan. From Yann.Dupont at univ-nantes.fr Mon Oct 17 10:19:32 2011 From: Yann.Dupont at univ-nantes.fr (Yann Dupont) Date: Mon, 17 Oct 2011 09:19:32 +0200 Subject: [Dovecot] Attachements with SIS : shauld all the same files share the same inode ? Message-ID: <4E9BD704.9080801@univ-nantes.fr> Hello. I configured SIS , and all seems to work well, but I noticed something strange : For exemple, this attachement : 6e/2d# ls -al 6e2df299* | sort -n 104 instance of -rw------- 104 vmail vmail 346584 16 oct. 17:47 6e2df299fa96daec9b4735d07c494046429be4d6-ffd0d1xxxx The files are hardlinked, so it seems ok, but I also see 9 others files in the same directory : -rw------- 1 vmail vmail 346584 16 oct. 17:47 6e2df299fa96daec9b4735d07c494046429be4d6-0519df2a94fc9a4e1f4100008a6b99b6 -rw------- 1 vmail vmail 346584 16 oct. 17:47 6e2df299fa96daec9b4735d07c494046429be4d6-1790b92994fc9a4e1a4100008a6b99b6 as you can see, same prefix, If I compare them with diff, they are all the same files. ls -i show that 104 have the same inode, as expected, and the 9 remaining files have different inodes. I expected all the files share the same inodes. Is there something wrong here ? My setup is debian squeeze + auto packages from http://xi.rename-it.nl/debian/ dovecot is 2:2.0.15-0~auto+21 thanks, -- Yann Dupont - Service IRTS, DSI Universit? de Nantes Tel : 02.53.48.49.20 - Mail/Jabber : Yann.Dupont at univ-nantes.fr From juancarlos.sanchez at upm.es Mon Oct 17 11:06:19 2011 From: juancarlos.sanchez at upm.es (Juan Carlos Sanchez) Date: Mon, 17 Oct 2011 10:06:19 +0200 Subject: [Dovecot] lmtp performance Message-ID: <4E9BE1FB.6040902@upm.es> Hello: In the process of migration from version 1.2 to 2.0 have tried to use lmtp instead of lda as delivery agent. But unfortunately througput we get is poor with lmtp compared to lda. In peak times with lda we are able to deliver over 1800 messages/minute (high I/O but not affecting service) but if we switch to lmtp cannot deliver more than 300 mess/minute (very low I/O). This is enough for normal work but low under heavy load (distribution lists messages sometimes stay queued for 4 hours before deliver). We have arround 50000 boxes and use postfix as MTA How to increase lmtp performance? dovecot config for lda and lmtp: protocol lda { auth_socket_path = /usr/local/var/run/dovecot/auth-master info_log_path = /var/log/mail/dovecot_deliver.log log_path = /var/log/mail/dovecot_deliver.log mail_plugins = quota sieve zlib postmaster_address = postmaster at upm.es sendmail_path = /usr/lib/sendmail } protocol lmtp { info_log_path = /var/log/mail/dovecot_deliver.log log_path = /var/log/mail/dovecot_deliver.log mail_plugins = quota sieve zlib postmaster_address = postmaster at upm.es sendmail_path = /usr/lib/sendmail } In postfix I have: mailbox_transport = lmtp:unix:private/dovecot-lmtp Thanks in advance. -- ------------------------------------------------------ Juan Carlos Sanchez Hernandez Universidad Politecnica de Madrid ------------------------------------------------------ From joseba.torre at ehu.es Mon Oct 17 13:12:58 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 17 Oct 2011 12:12:58 +0200 Subject: [Dovecot] mail_location in LDAP and variables Message-ID: <201110171212.58602.joseba.torre@ehu.es> Hi, Is it posible to use variables in mail_location when taken from ldap? How? I've tried mdbox:/buzones2/'%n'/mdbox mdbox:/buzones2/"%n"/mdbox mdbox:/buzones2/%n/mdbox but %n is never replaced by its value. Thanks! -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From philipp.haselwarter at gmx.de Mon Oct 17 13:43:41 2011 From: philipp.haselwarter at gmx.de (Philipp Haselwarter) Date: Mon, 17 Oct 2011 12:43:41 +0200 Subject: [Dovecot] =?utf-8?q?dovecot-antispam_=E2=80=93_Debian_package?= Message-ID: <878vojsxsy.fsf@nzebook.haselwarter.org> Dovecot2 has been around for a bit now but Eugene Paskevich's antispam plugin unfortunately still doesn't seem to have a tagged release. Has anyone by any chance rolled a .deb for the plugin that works on current Debian sid? -- Philipp Haselwarter From juancarlos.sanchez at upm.es Mon Oct 17 17:31:01 2011 From: juancarlos.sanchez at upm.es (Juan Carlos Sanchez) Date: Mon, 17 Oct 2011 16:31:01 +0200 Subject: [Dovecot] lmtp performance In-Reply-To: References: <4E9BE1FB.6040902@upm.es> Message-ID: <4E9C3C25.7070802@upm.es> A particular reply (not to the list) has told me to try: " Add to service lmtp: process_min_avail = 20 " And yes, it works (unless for me), so I want to share it with everybody. Have not exactly measured performance but this morning have seen over 1400 messages/minute with lmtp under heavy load. What the "process_min_avail = 20" in service lmtp (or anywhere else) exactly imply? cannot find a reference in wiki2 . I suppose it means than 20 lmtp processes are always open waiting for new connections and so reducing startup latency, isn't it? Thank you. > > On Mon, Oct 17, 2011 at 6:06 AM, Juan Carlos Sanchez > > wrote: > > Hello: > > In the process of migration from version 1.2 to 2.0 have tried to > use lmtp instead of lda as delivery agent. > > But unfortunately througput we get is poor with lmtp compared to lda. > In peak times with lda we are able to deliver over 1800 > messages/minute (high I/O but not affecting service) but if we > switch to lmtp cannot deliver more than 300 mess/minute (very low > I/O). > > This is enough for normal work but low under heavy load > (distribution lists messages sometimes stay queued for 4 hours > before deliver). > > We have arround 50000 boxes and use postfix as MTA > > How to increase lmtp performance? > > > dovecot config for lda and lmtp: > > protocol lda { > auth_socket_path = /usr/local/var/run/dovecot/auth-master > info_log_path = /var/log/mail/dovecot_deliver.log > log_path = /var/log/mail/dovecot_deliver.log > mail_plugins = quota sieve zlib > postmaster_address = postmaster at upm.es > sendmail_path = /usr/lib/sendmail > } > > protocol lmtp { > info_log_path = /var/log/mail/dovecot_deliver.log > log_path = /var/log/mail/dovecot_deliver.log > mail_plugins = quota sieve zlib > postmaster_address = postmaster at upm.es > sendmail_path = /usr/lib/sendmail > } > > In postfix I have: > > mailbox_transport = lmtp:unix:private/dovecot-lmtp > > > > Thanks in advance. > > -- > > ------------------------------------------------------ > Juan Carlos Sanchez Hernandez > Universidad Politecnica de Madrid > ------------------------------------------------------ > > > -- ------------------------------------------------------ Juan Carlos Sanchez Hernandez Universidad Politecnica de Madrid ------------------------------------------------------ From joseba.torre at ehu.es Mon Oct 17 17:42:45 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 17 Oct 2011 16:42:45 +0200 Subject: [Dovecot] lmtp performance In-Reply-To: <4E9C3C25.7070802@upm.es> References: <4E9BE1FB.6040902@upm.es> <4E9C3C25.7070802@upm.es> Message-ID: <201110171642.45954.joseba.torre@ehu.es> On Lunes 17 Octubre 2011 16:31:01 Juan Carlos Sanchez escribi?: > A particular reply (not to the list) has told me to try: > > " > Add to service lmtp: > process_min_avail = 20 > " > > And yes, it works (unless for me), so I want to share it with everybody. > > Have not exactly measured performance but this morning have seen over > 1400 messages/minute with lmtp under heavy load. > > > What the "process_min_avail = 20" in service lmtp (or anywhere else) > exactly imply? cannot find a reference in wiki2 . I suppose it means > than 20 lmtp processes are always open waiting for new connections and > so reducing startup latency, isn't it? I had a similar problem, and found the same solution. In my setup, only 1 lmtp process was available and a 2nd one never was created, so the process was really busy. With this parameter (I setup it to 10) I have diferent process and all of them are used. -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From simon.brereton at buongiorno.com Mon Oct 17 18:16:46 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 17 Oct 2011 11:16:46 -0400 Subject: [Dovecot] Spammers attempting SASL Auth Message-ID: <01f601cc8cdf$ca1d3850$5e57a8f0$@brereton@buongiorno.com> Hi This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known Simon From robert at schetterer.org Mon Oct 17 18:31:08 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 17 Oct 2011 17:31:08 +0200 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <01f601cc8cdf$ca1d3850$5e57a8f0$@brereton@buongiorno.com> References: <01f601cc8cdf$ca1d3850$5e57a8f0$@brereton@buongiorno.com> Message-ID: <4E9C4A3C.5060800@schetterer.org> Am 17.10.2011 17:16, schrieb Simon Brereton: > Hi > > This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. > > Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] > Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars > Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 > Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known > > > Simon > this maybe a brute force attack,or more easy someone missconfigured his client , you may use fail2ban etc to block it not directly related to dovecot -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From simon.brereton at buongiorno.com Mon Oct 17 18:51:15 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 17 Oct 2011 11:51:15 -0400 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <4E9C4A3C.5060800@schetterer.org> References: <4E9C4A3C.5060800@schetterer.org> Message-ID: <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> On 17 October 2011 11:31, Robert Schetterer wrote: > Am 17.10.2011 17:16, schrieb Simon Brereton: >> Hi >> >> This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. >> >> Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] >> Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars >> Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 >> Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known >> >> >> Simon >> > > this maybe a brute force attack,or more easy someone missconfigured his > client , you may use fail2ban etc to block it > not directly related to dovecot 17 queries in 30 seconds is not a misconfigured client :) And I'm already using Fail2Ban - but as someone on this list pointed out recently, that doesn't apply if they try X attempts on the same connection. Although, I don't think that was case here - maybe I should update my dovecot jail with that illegal chars line. But, be that as it may - all these attempts failed because the user didn't exist. What if the user exists though? Does this illegal chars make a hole for them to enter through? Simon From robert at schetterer.org Mon Oct 17 18:53:33 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 17 Oct 2011 17:53:33 +0200 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> References: <4E9C4A3C.5060800@schetterer.org> <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> Message-ID: <4E9C4F7D.4090301@schetterer.org> Am 17.10.2011 17:51, schrieb Simon Brereton: > On 17 October 2011 11:31, Robert Schetterer wrote: >> Am 17.10.2011 17:16, schrieb Simon Brereton: >>> Hi >>> >>> This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. >>> >>> Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] >>> Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars >>> Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 >>> Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known >>> >>> >>> Simon >>> >> >> this maybe a brute force attack,or more easy someone missconfigured his >> client , you may use fail2ban etc to block it >> not directly related to dovecot > > 17 queries in 30 seconds is not a misconfigured client :) > > And I'm already using Fail2Ban - but as someone on this list pointed > out recently, that doesn't apply if they try X attempts on the same > connection. Although, I don't think that was case here - maybe I > should update my dovecot jail with that illegal chars line. But, be > that as it may - all these attempts failed because the user didn't > exist. What if the user exists though? Does this illegal chars make > a hole for them to enter through? > > Simon > as i posted you offlist, this is a smtp attack, look at your i.e fail2ban postfix rules, fail2ban dovecot ruel is for banning pop3/imap brute force -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From tompru at jla.rutgers.edu Mon Oct 17 19:10:38 2011 From: tompru at jla.rutgers.edu (Tom Pawlowski) Date: Mon, 17 Oct 2011 12:10:38 -0400 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> References: <4E9C4A3C.5060800@schetterer.org> <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> Message-ID: <20111017161038.GC16920@hawkeye.rutgers.edu> Take a look at: http://hg.dovecot.org/dovecot-2.0/file/962df5d9413a/src/auth/auth-request.c on line 536. That's the auth service catching illegal characters and rejecting the attempt. It'll happen with or without a valid user. So, working as it should. As for spammers trying to brute force valid logins, yep, pretty common. Higher rate of success if they can mail from a known good server and account. * Simon Brereton [2011-10-17 11:51:15 -0400]: > On 17 October 2011 11:31, Robert Schetterer wrote: > > Am 17.10.2011 17:16, schrieb Simon Brereton: > >> Hi > >> > >> This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. > >> > >> Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] > >> Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars > >> Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 > >> Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known > >> > >> > >> Simon > >> > > > > this maybe a brute force attack,or more easy someone missconfigured his > > client , you may use fail2ban etc to block it > > not directly related to dovecot > > 17 queries in 30 seconds is not a misconfigured client :) > > And I'm already using Fail2Ban - but as someone on this list pointed > out recently, that doesn't apply if they try X attempts on the same > connection. Although, I don't think that was case here - maybe I > should update my dovecot jail with that illegal chars line. But, be > that as it may - all these attempts failed because the user didn't > exist. What if the user exists though? Does this illegal chars make > a hole for them to enter through? > > Simon > -- Tom Pawlowski OIT-CSS System Administrator office: Hill 147 email: tompru at jla.rutgers.edu phone: (732) 445-2634 From simon.brereton at buongiorno.com Mon Oct 17 19:21:10 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 17 Oct 2011 12:21:10 -0400 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <20111017161038.GC16920@hawkeye.rutgers.edu> References: <4E9C4A3C.5060800@schetterer.org> <20111017161038.GC16920@hawkeye.rutgers.edu> Message-ID: On 17 October 2011 12:10, Tom Pawlowski wrote: > Take a look at: > > http://hg.dovecot.org/dovecot-2.0/file/962df5d9413a/src/auth/auth-request.c > > on line 536. That's the auth service catching illegal characters and > rejecting the attempt. It'll happen with or without a valid user. So, > working as it should. > > As for spammers trying to brute force valid logins, yep, pretty common. > Higher rate of success if they can mail from a known good server and > account. Okay, thanks for that. That's the info/reassurance I was after. In the meantime I've update fail2ban to take care of it. You're right about the higher rate of success, I've just never seen a spammer try it before - usually their resources are better spend just sending the mail. But it's good to know that dovecot will trap and block the illegal Chars :) Thanks. Simon From tss at iki.fi Tue Oct 18 17:31:35 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:31:35 +0300 Subject: [Dovecot] doveadm mailbox list shows file system directories as mailboxes In-Reply-To: <20110922115223.73054v8up83ej0wg@webmail.hrz.uni-giessen.de> References: <20110922115223.73054v8up83ej0wg@webmail.hrz.uni-giessen.de> Message-ID: <1318948295.21919.100.camel@hurina> On Thu, 2011-09-22 at 11:52 +0200, J?rgen Obermann wrote: > Hello. > In our dovecvot we use mbox format with the default filesystem layout. > Therefore it is not possible to have mailboxes which are subfolders of > other mailboxes containing messages. > The command "doveadm mailbox list" includes the file system > directories, that contain only subfolders, as normal mailboxes in the > output: > > archiv > archiv/daemon > archiv/dovecot > > Did I miss something in the dovecot configuration or is there a bug in > the command "doveadm mailbox list"? It's more like a feature.. For example if there exists "archiv" directory without children, I don't think it should be invisible in the list. Maybe there could be a new parameter to hide \Noselect mailboxes. From tss at iki.fi Tue Oct 18 17:32:44 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:32:44 +0300 Subject: [Dovecot] Convert-tool maildir > mbox In-Reply-To: References: Message-ID: <1318948364.21919.101.camel@hurina> On Mon, 2011-10-10 at 14:10 +0200, Bertrand Jacquin wrote: > > Maybe that kind of conversion have evolved since 2.0 ? convert-tool wasn't very good. Use something else, like maybe dsync from v2.0 (even if you don't use v2.0 for anything else). From tss at iki.fi Tue Oct 18 17:34:33 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:34:33 +0300 Subject: [Dovecot] 2.1 Plans In-Reply-To: <1318280003.91961.YahooMailNeo@web39424.mail.mud.yahoo.com> References: <1318280003.91961.YahooMailNeo@web39424.mail.mud.yahoo.com> Message-ID: <1318948473.21919.102.camel@hurina> On Mon, 2011-10-10 at 13:53 -0700, Steve Fatula wrote: > Back in early 2010, Timo posted about a potential 2.1 feature to in > essence reduce the number of imap/pop3 processes using various > techniques since the code already supports multiple connections. It > even went as far as moving all idle connections. > > I don't see this on the 2.1 roadmap. Is it still planned perhaps for > 2.1? Thousands of imap processes going away is a great thing for me! > So, just curious. It's slowly getting there, but won't be ready for v2.1. From tss at iki.fi Tue Oct 18 17:37:20 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:37:20 +0300 Subject: [Dovecot] Auth Worker failures In-Reply-To: <069801cc88ea$a7c7dd80$f7579880$@brereton@buongiorno.com> References: <069801cc88ea$a7c7dd80$f7579880$@brereton@buongiorno.com> Message-ID: <1318948640.21919.103.camel@hurina> On Wed, 2011-10-12 at 10:24 -0400, Simon Brereton wrote: > > > Of all the accounts on the box, it's only mine that throws this up. > Since its LIP is localhost, it could really only be for webmail - but > I don't always leave the webmail open, so I'm curious to know how this > gets there and what it is. > > Any suggestions? I find it difficult to believe I have an IMAP > process in a script somewhere (especially with my user account - the > postmaster account, I could believe, but not with my personal one).. > You could enable auth_debug_passwords=yes and see what password it tries. From tss at iki.fi Tue Oct 18 17:40:26 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:40:26 +0300 Subject: [Dovecot] Rare error with concurrent users searching with fts-solr In-Reply-To: References: Message-ID: <1318948826.21919.105.camel@hurina> On Thu, 2011-10-13 at 10:31 +0200, Antonio Perez-Aranda wrote: > After see this error, I set a tcpdump to try to watch the SOLR XML and > GET, I can watch that Solr send a xml like this: > > > > with 200 as http status > > When the normal response is like this > > > .. Check what kind of commands Dovecot sends. Is this maybe a reply to a somewhat different (broken?) command than others? > At first, I think that the problems it's in Solr, but after get all > GET from tcpdump, I make a python script with urllib2 and send it all > to Solr with the same concurrency and I can't get any error or "empty > response" You mean send the exact same commands as Dovecot sent when this failed? It's anyway difficult for me to guess how this could be Dovecot's fault, if the command that gives the broken response normally works. From tss at iki.fi Tue Oct 18 17:46:28 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:46:28 +0300 Subject: [Dovecot] mail_location in LDAP and variables In-Reply-To: <201110171212.58602.joseba.torre@ehu.es> References: <201110171212.58602.joseba.torre@ehu.es> Message-ID: <1318949188.21919.106.camel@hurina> On Mon, 2011-10-17 at 12:12 +0200, Joseba Torre wrote: > Hi, > > Is it posible to use variables in mail_location when taken from ldap? How? > I've tried > > mdbox:/buzones2/'%n'/mdbox > mdbox:/buzones2/"%n"/mdbox > mdbox:/buzones2/%n/mdbox > > but %n is never replaced by its value. Where exactly are you trying to use this? It should get expanded. From tss at iki.fi Tue Oct 18 17:49:22 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:49:22 +0300 Subject: [Dovecot] Syntax to specify sdbox: mail_location path? In-Reply-To: <1318013006.28193.140258152251553@webmail.messagingengine.com> References: <1318013006.28193.140258152251553@webmail.messagingengine.com> Message-ID: <1318949363.21919.108.camel@hurina> On Fri, 2011-10-07 at 11:43 -0700, mephistopheles at operamail.com wrote: > With "sdbox:" > > mail_location = sdbox:/my_mailbox_path/%d/%n > > mail gets stored in /my_mailbox_path/%d/%n/mailboxes/INBOX/dbox-Mails. > > How do I get rid of the '/mailboxes/' and '/dbox-Mails/' path components > so sdbox stores in: > > /my_mailbox_path/%d/%n/INBOX Well, there are a few settings so you could make it work that way, but why do you want to do that? There's a reason why those extra directory components were added, you shouldn't remove them. From tss at iki.fi Tue Oct 18 17:52:35 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:52:35 +0300 Subject: [Dovecot] LDA/Postfix with quotas and without LMTP In-Reply-To: <1318185118.42006.YahooMailNeo@web39423.mail.mud.yahoo.com> References: <1318185118.42006.YahooMailNeo@web39423.mail.mud.yahoo.com> Message-ID: <1318949556.21919.111.camel@hurina> On Sun, 2011-10-09 at 11:31 -0700, Steve Fatula wrote: > dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied > > > Using mailbox_command in Postfix means that dovecot-lda is running as the system user getting the mail. Which means it can't access the socket file. Of course, one can simply use mode 666 on it, but, then people can use it to find out information according to the doc, which I do not want. > > So, I am not sure why the doc says to add -d for per user quotas, without also mentioning the problem with doing that. I don't see how it can work? > > Assuming I need per user quotas, and I don't want to use LMTP, is there a good way around this without the security issue? The possibilities are: a) Start dovecot-lda so that the process belongs to extra group (e.g. dovecot) and make the socket rw for that group. I don't know if Postfix can do this for system users.. b) Use filesystem setgid bit for dovecot-lda c) Run via sudo The b) and c) are explained in wiki in the "multiple UIDs" section (although for setuid-root rather than setgid-dovecot). From tss at iki.fi Tue Oct 18 17:53:35 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:53:35 +0300 Subject: [Dovecot] LDA/Postfix with quotas and without LMTP In-Reply-To: <1318949556.21919.111.camel@hurina> References: <1318185118.42006.YahooMailNeo@web39423.mail.mud.yahoo.com> <1318949556.21919.111.camel@hurina> Message-ID: <1318949615.21919.112.camel@hurina> On Tue, 2011-10-18 at 17:52 +0300, Timo Sirainen wrote: > On Sun, 2011-10-09 at 11:31 -0700, Steve Fatula wrote: > > dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied > > > The possibilities are: > > a) Start dovecot-lda so that the process belongs to extra group (e.g. > dovecot) and make the socket rw for that group. I don't know if Postfix > can do this for system users.. > > b) Use filesystem setgid bit for dovecot-lda > > c) Run via sudo > > The b) and c) are explained in wiki in the "multiple UIDs" section > (although for setuid-root rather than setgid-dovecot). Oh, and d) With v2.1 this works automatically From tss at iki.fi Tue Oct 18 17:57:23 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:57:23 +0300 Subject: [Dovecot] too many open files and v1.2 In-Reply-To: <201110061242.48615.mimo@gn.apc.org> References: <201110061242.48615.mimo@gn.apc.org> Message-ID: <1318949843.21919.114.camel@hurina> On Thu, 2011-10-06 at 12:42 +0100, Michael Moritz wrote: > Hi > > I've found an older thread http://www.dovecot.org/list/dovecot/2010-March/047886.html which mentions that this is a bug in version 1. I'm on Debian squeeze (1:1.2.15-7) and got errors like these recently > > Oct 5 11:29:29 mail dovecot: dovecot: pipe() failed: Too many open files > Oct 5 11:29:32 mail dovecot: dovecot: pipe() failed: Too many open files > Oct 5 11:29:32 mail dovecot: dovecot: Temporary failure in creating login processes, slowing down for now These errors come from the dovecot master process. Each child process uses up a few fds for pipes. > As a work around I've increased login_max_processes_count from 256 to 512 and it seems to have helped (as I suspected stale opened files). That only makes it easier to reach, since now there can be more child processes eating up more fds. > My colleague thinks it's hitting the kernel open file limit ulimit -n (currently at 1024) but I don't see how that could happen if the number of process is nowhere near that. I don't remember how many fds each process takes in v1.x, probably between 1 and 3. So if you for a while had hundreds of imap or pop3 processes, you could run into that limit. v2.x doesn't use as many fds. From joseba.torre at ehu.es Tue Oct 18 18:11:19 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Tue, 18 Oct 2011 17:11:19 +0200 Subject: [Dovecot] mail_location in LDAP and variables In-Reply-To: <1318949188.21919.106.camel@hurina> References: <201110171212.58602.joseba.torre@ehu.es> <1318949188.21919.106.camel@hurina> Message-ID: <201110181711.20074.joseba.torre@ehu.es> On Martes 18 Octubre 2011 16:46:28 Timo Sirainen escribi?: > On Mon, 2011-10-17 at 12:12 +0200, Joseba Torre wrote: > > Hi, > > > > Is it posible to use variables in mail_location when taken from ldap? > > How? I've tried > > > > mdbox:/buzones2/'%n'/mdbox > > mdbox:/buzones2/"%n"/mdbox > > mdbox:/buzones2/%n/mdbox > > > > but %n is never replaced by its value. > > Where exactly are you trying to use this? It should get expanded. As usual, it was me trying to be a lot more complicated than needed :) I was thinking about storing the mail_location in an standard way in ldap, so that everybody in LDAP has something like irisMailbox= mdbox:/buzones/%256Hn/%n/mdbox This doesn't work, but doesn't make much sense either. (It does if used in the generic mail_location, but not in a per user value) Now when I create a new account I calculate the mail_location and store that value in LDAP. So far so good. -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From dovecot-user at spambox.dk Tue Oct 18 18:32:19 2011 From: dovecot-user at spambox.dk (Henrik Larsson) Date: Tue, 18 Oct 2011 17:32:19 +0200 Subject: [Dovecot] "doveadm log reopen" don't reopen separate lmtp log Message-ID: <93f29aa4636f6565b3dbb264e789c1ef@larsson.as> I still see the issue below. Is there anyone running separate LMTP logging that could check if they experience the same issue? Best regards Henrik Larsson -------- Original Message -------- Subject: "doveadm log reopen" don't reopen separate lmtp log Date: Sun, 25 Sep 2011 00:23:49 +0200 From: Henrik Larsson To: dovecot at dovecot.org Dear all I have setup separate pop3/imap log "/var/log/dovecot" and lmtp delivery log "/var/log/dovecot-deliver". After rotating logfiles, i run "doveadm log reopen". I see that my pop3/imap log "/var/log/dovecot" is used straight away, but my lmpt log "/var/log/dovecot-deliver" isn't used at first. After some time, usually a few minutes, logs are being written to this file anyway. But if I compare this to my maillog, it misses some deliveries just after the log rotation. Is there any problems with this configuration that should be corrected? --cut-- # doveconf -n # 2.0.15: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.2-STABLE amd64 auth_mechanisms = plain login digest-md5 cram-md5 first_valid_uid = 125 hostname = mail.larsson.it listen = * log_path = /var/log/dovecot mail_plugins = fts fts_squat zlib mail_privileged_group = postfix mail_temp_dir = /var/db/dovecot managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date namespace { inbox = yes location = prefix = separator = . type = private } namespace { hidden = yes inbox = no list = no location = prefix = INBOX. separator = . type = private } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { fts = squat fts_squat = partial=4 full=10 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 lmtp sieve service auth-worker { user = $default_internal_user } service auth { unix_listener /home/mail/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service lmtp { executable = lmtp -L unix_listener /home/mail/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } ssl_cert = References: <93f29aa4636f6565b3dbb264e789c1ef@larsson.as> Message-ID: <74304A59-DA80-4B96-BEEB-3FCD88BF1C8B@iki.fi> The problem isn't lmtp itself, it's that you're using -L parameter, which causes LMTP processes to open the log files directly. The only way to reopen the log files is to restart those LMTP processes. "doveadm reload" should do it. On 18.10.2011, at 18.32, Henrik Larsson wrote: > I still see the issue below. Is there anyone running separate LMTP logging that could check if they experience the same issue? > > Best regards > Henrik Larsson > > > -------- Original Message -------- > Subject: "doveadm log reopen" don't reopen separate lmtp log > Date: Sun, 25 Sep 2011 00:23:49 +0200 > From: Henrik Larsson > To: dovecot at dovecot.org > > Dear all > > I have setup separate pop3/imap log "/var/log/dovecot" and lmtp delivery log "/var/log/dovecot-deliver". > > After rotating logfiles, i run "doveadm log reopen". I see that my pop3/imap log "/var/log/dovecot" is used straight away, but my lmpt log "/var/log/dovecot-deliver" isn't used at first. After some time, usually a few minutes, logs are being written to this file anyway. But if I compare this to my maillog, it misses some deliveries just after the log rotation. > > Is there any problems with this configuration that should be corrected? > > --cut-- > # doveconf -n > # 2.0.15: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 8.2-STABLE amd64 > auth_mechanisms = plain login digest-md5 cram-md5 > first_valid_uid = 125 > hostname = mail.larsson.it > listen = * > log_path = /var/log/dovecot > mail_plugins = fts fts_squat zlib > mail_privileged_group = postfix > mail_temp_dir = /var/db/dovecot > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date > namespace { > inbox = yes > location = > prefix = > separator = . > type = private > } > namespace { > hidden = yes > inbox = no > list = no > location = > prefix = INBOX. > separator = . > type = private > } > passdb { > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > fts = squat > fts_squat = partial=4 full=10 > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > protocols = imap pop3 lmtp sieve > service auth-worker { > user = $default_internal_user > } > service auth { > unix_listener /home/mail/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > } > service lmtp { > executable = lmtp -L > unix_listener /home/mail/postfix/private/dovecot-lmtp { > group = postfix > mode = 0660 > user = postfix > } > } > ssl_cert = ssl_key = userdb { > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocol lmtp { > log_path = /var/log/dovecot-deliver > mail_plugins = fts fts_squat zlib sieve > } > protocol lda { > mail_plugins = fts fts_squat zlib sieve > } > protocol imap { > mail_plugins = fts fts_squat zlib imap_zlib > } > --cut-- > > > Best regards > Henrik Larsson > From dovecot-user at spambox.dk Tue Oct 18 20:53:10 2011 From: dovecot-user at spambox.dk (Henrik Larsson) Date: Tue, 18 Oct 2011 19:53:10 +0200 Subject: [Dovecot] "doveadm log reopen" don't reopen separate lmtp log In-Reply-To: <74304A59-DA80-4B96-BEEB-3FCD88BF1C8B@iki.fi> References: <93f29aa4636f6565b3dbb264e789c1ef@larsson.as> <74304A59-DA80-4B96-BEEB-3FCD88BF1C8B@iki.fi> Message-ID: <4E9DBD06.6010408@spambox.dk> > The problem isn't lmtp itself, it's that you're using -L parameter, which causes LMTP processes to open the log files directly. Just to be sure, isn't this the only way to have a separate LMTP log files? > The only way to reopen the log files is to restart those LMTP processes. "doveadm reload" should do it. Thanks, I will try this. Best regards Henrik Larsson From tss at iki.fi Tue Oct 18 20:57:25 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 20:57:25 +0300 Subject: [Dovecot] "doveadm log reopen" don't reopen separate lmtp log In-Reply-To: <4E9DBD06.6010408@spambox.dk> References: <93f29aa4636f6565b3dbb264e789c1ef@larsson.as> <74304A59-DA80-4B96-BEEB-3FCD88BF1C8B@iki.fi> <4E9DBD06.6010408@spambox.dk> Message-ID: <80337D83-6707-41AF-8CBF-8869690BEA79@iki.fi> On 18.10.2011, at 20.53, Henrik Larsson wrote: > >> The problem isn't lmtp itself, it's that you're using -L parameter, which causes LMTP processes to open the log files directly. > Just to be sure, isn't this the only way to have a separate LMTP log files? Yes. But this isn't LMTP-specific in any way. It's the same as if you wanted separate IMAP or POP3 or whatever log files. The only special cases are programs that are executed directly instead of via dovecot master process (dovecot-lda, doveadm basically), because they always open the log files directly (and die once they're finished, so they don't have the rotation problem). Hmm. Actually you could probably set service_count=1 for lmtp service and it would get rotated soon enough, because the process would die after handling one LMTP connection. From pgnet.dev+rich-dovecot at gmail.com Wed Oct 19 05:17:02 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Tue, 18 Oct 2011 19:17:02 -0700 Subject: [Dovecot] 'doveadm quota get' dictionary SQL query ignores specified '@domain' part of username. bad config or bug? Message-ID: Hi, I'm setting up SQL quota usage in Dovecot2. I've created a MAILBOX parameter table, 'PARAMS', that contains unique @ pairs, with quota data. mysql> select * from PARAMS; +----+------------------------+------------+-------------+------------+ | ai | MAILBOX_user_domain | quota | quota_bytes | quota_msgs | +----+------------------------+------------+-------------+------------+ | 1 | myuser at domain1.com | 1073741824 | 0 | 0 | | 2 | myuser at domain2.com | 1000000000 | 0 | 0 | +----+------------------------+------------+-------------+------------+ 2 rows in set (0.00 sec) I've specified dict usage for quota, /etc/dovecot/dovecot.conf !include conf.d/*.conf protocols = imap lmtp dict { quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } created the maps, /etc/dovecot/dovecot-dict-sql.conf.ext connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user password=my_pass map { pattern = priv/quota/storage table = PARAMS username_field = MAILBOX_user_domain value_field = quota_bytes } map { pattern = priv/quota/messages table = PARAMS username_field = MAILBOX_user_domain value_field = quota_msgs } assigned the global values and backend, /etc/dovecot/conf.d/90-quota.conf plugin { quota = dict:User Quota::proxy::quota quota_rule = *:storage=1GB:messages=10000 quota_rule2 = Trash:storage=+10%% } and specified the user iteration query /etc/dovecot/sql/virtmail-userdb-sql.cf driver = mysql connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user password=my_pass user_query = CALL UserDBQuery('%n','%d'); iterate_query = SELECT `MAILBOX_user_domain` AS user FROM `PARAMS`; Verifying operation with with `doveadm`, I get a result from a !error query, doveadm quota get -u myuser at domain1.com Quota name Type Value Limit % User quota STORAGE 0 1048576 0 User quota MESSAGE 0 10000 0 doveadm quota get -u myuser at domain2.com Quota name Type Value Limit % User quota STORAGE 0 1048576 0 User quota MESSAGE 0 10000 0 But notice that there's no specificity by *domain*. Despite being provided the full @, matched to the map, username_field = MAILBOX_user_domain the Dovecot dict query seems to ignore the part, and simply matches on the first of the tow identical parts. Specifying "-A" doesn't help, doveadm quota get -A Username Quota name Type Value Limit % myuser at domain1.com User quota STORAGE 0 1048576 0 myuser at domain1.com User quota MESSAGE 0 10000 0 myuser at domain2.com User quota STORAGE 0 1048576 0 myuser at domain2.com User quota MESSAGE 0 10000 0 What needs to be done to get domain-specificity in the 'doveadm quota get' query? Is my configuration off, or incomplete, or is this a bug? Thanks, Rich From jk at jkart.de Wed Oct 19 17:12:17 2011 From: jk at jkart.de (Jim Knuth) Date: Wed, 19 Oct 2011 16:12:17 +0200 Subject: [Dovecot] xi.rename-it.nl down? Message-ID: <4E9EDAC1.4000602@jkart.de> Hello, is http://xi.rename-it.nl down? Apticron shows me permanently errors. -- Mit freundlichen Gr??en, with kind regards, Jim Knuth --------- Wenn ein wirklich gro?er Geist in der Welt erscheint, kann man ihn untr?glich daran erkennen, da? sich alle Dummk?pfe gegen ihn verb?nden. (Jonathan Swift) From pgnet.dev+rich-dovecot at gmail.com Wed Oct 19 17:41:35 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Wed, 19 Oct 2011 07:41:35 -0700 Subject: [Dovecot] 'doveadm quota get' dictionary SQL query ignores specified '@domain' part of username. bad config or bug? In-Reply-To: References: Message-ID: I've made some progress, but quota 'Limit' is still not fully functioning for me. A couple of changes have helped: Specifying a "%u% as username format, /etc/dovecot/conf.d/90-quota.conf plugin { - quota = dict:User Quota::proxy::quota + quota = dict:User Quota:%u:proxy::quota quota_rule = *:bytes=1073741824:messages=10000 quota_rule2 = Trash:storage=+10%% } using 'username' rather than 'user' in the user iteration query /etc/dovecot/sql/virtmail-userdb-sql.cf driver = mysql connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user password=my_pass user_query = CALL UserDBQuery('%n','%d'); - iterate_query = SELECT `MAILBOX_user_domain` AS user FROM `PARAMS`; + iterate_query = SELECT `MAILBOX_user_domain` AS username FROM `PARAMS`; and adding to my user_query, CREATE PROCEDURE `UserDBQuery`( ... SELECT ... concat('*:bytes=', quota_bytes, ':messages=10000') AS quota_rule, ... Now, at init, doveadm quota get -A Username Quota name Type Value Limit % myuser at domain1.com User quota STORAGE 0 0 0 myuser at domain1.com User quota MESSAGE 0 10000 0 myuser at domain2.com User quota STORAGE 0 0 0 myuser at domain2.com User quota MESSAGE 0 10000 0 mysql> select * from PARAMS; +----+------------------------+------------+-------------+ | ai | MAILBOX_user_domain | quota_bytes | quota_msgs | +----+------------------------+-------------+------------+ | 1 | myuser at domain1.com | 0 | 0 | | 2 | myuser at domain2.com | 0 | 0 | +----+------------------------+------------+-------------+ 2 rows in set (0.00 sec) and, after sending a single message to 'myuser at domain1.com', I do see that Dovecot now recognizes/calculates a quota change, and only for one domain, doveadm quota get -A Username Quota name Type Value Limit % myuser at domain1.com User quota STORAGE 3 3 100 myuser at domain1.com User quota MESSAGE 1 10000 0 myuser at domain2.com User quota STORAGE 0 0 0 myuser at domain2.com User quota MESSAGE 0 10000 0 mysql> select * from PARAMS; +----+------------------------+------------+-------------+ | ai | MAILBOX_user_domain | quota_bytes | quota_msgs | +----+------------------------+-------------+------------+ | 1 | myuser at domain1.com | 3269 | 1 | | 2 | myuser at domain2.com | 0 | 0 | +----+------------------------+------------+-------------+ 2 rows in set (0.00 sec) But, the Limit's wrong. It's not picking up the global Limit from /etc/dovecot/conf.d/90-quota.conf ... --> quota_rule = *:bytes=1073741824:messages=10000 ... and once a message quota Value is calculated, the Limit is set == Value, resulting in an incorrrect quota %-age of 100%. Is Limit supposed to be specified per-user? Rich From stephan at rename-it.nl Wed Oct 19 18:30:26 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 19 Oct 2011 17:30:26 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4E9EDAC1.4000602@jkart.de> References: <4E9EDAC1.4000602@jkart.de> Message-ID: <4E9EED12.8040409@rename-it.nl> Op 19-10-2011 16:12, Jim Knuth schreef: > Hello, > > is http://xi.rename-it.nl down? Apticron > shows me permanently errors. Yes. I noticed this yesterday. This is a recurring problem for some reason, probably some Xen-related issue. Every few months it just 'goes away' without any apparent reason. Unfortunately, I cannot restart the Xi myself at the moment and the person who can is currently involved in solving another IT calamity of a different magnitude. I think it can take up to a day for this system to come back online. Regards, Stephan. From pgnet.dev+rich-dovecot at gmail.com Wed Oct 19 18:54:33 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Wed, 19 Oct 2011 08:54:33 -0700 Subject: [Dovecot] Is '*:bytes=" quota specification the quota 'Value', or 'Limit'? Message-ID: Docs for quota configuration http://wiki2.dovecot.org/Quota/Configuration#Limit_configuration state that the 'bytes=' specification defines the quota **LIMIT** "bytes: Quota limit in bytes, 0 means unlimited" as used in plugin { ... quota_rule = *:bytes=10000000 ... BUT, documentation for quota dict http://wiki2.dovecot.org/Quota/Dict states "MySQL uses the following queries to update the quota" and provides an SQL example of Dovecot decrementing the 'bytes' value, "UPDATE table SET bytes=bytes-14433,messages=messages-2 ..." I'm working on a current problem (http://dovecot.org/list/dovecot/2011-October/061538.html) with 'doveadm' reporting mixing up quote Value & Limit. Question: Is 'bytes' supposed to contain the Value, or the Limit? Rich From ghandidrivesahumvee at rocketfish.com Wed Oct 19 22:40:46 2011 From: ghandidrivesahumvee at rocketfish.com (ghandidrivesahumvee at rocketfish.com) Date: Wed, 19 Oct 2011 12:40:46 -0700 (GMT+7) Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 Message-ID: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> Hi list, I just recently installed Dovecot 2.0.15. Unfortunately, doveadm segfaults when I attempt to connect to the local dovecot instance. When this occurs, my logs show: 2011-10-19T12:31:23-07:00 mail02 dovecot: doveadm: Error: doveadm client not compatible with this server (mixed old and new binaries?) I am using the settings listed on the wiki page http://wiki2.dovecot.org/Director [root at mail02 ~]# /opt/dovecot/bin/doveadm who -a 10.10.5.220:544 Segmentation fault (core dumped) doveconf and gdb output are below. If there is any more information I can provide please let me know. Thanks! [root at mail02 ~]# /opt/dovecot/bin/doveconf -n # 2.0.15: /opt/dovecot-2.0.15/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-194.17.4.el5 x86_64 CentOS release 5.5 (Final) auth_mechanisms = plain login auth_verbose = yes auth_worker_max_count = 60 default_client_limit = 2048 disable_plaintext_auth = no doveadm_proxy_port = 544 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = 10.10.5.220, 127.0.0.1 lmtp_save_to_detail_mailbox = yes mail_fsync = always mail_log_prefix = "%r mpid=%p %s(%u): " mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = " notify mail_log" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mmap_disable = yes passdb { args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { mail_log_events = delete expunge mailbox_delete mail_log_fields = msgid box from mail_log_group_events = yes sieve = ~/MainSieve sieve_before = /storage03/sieve/before/ sieve_dir = ~/sieve sieve_max_actions = 32 sieve_max_redirects = 4 sieve_max_script_size = 2M } quota_full_tempfail = yes service anvil { client_limit = 2000 } service auth { client_limit = 7000 unix_listener /var/spool/postfix/private/auth { mode = 0600 user = postfix } unix_listener auth-userdb { group = mailowner mode = 0600 user = mailowner } } service doveadm { inet_listener { port = 544 } } service imap-login { inet_listener imap { port = 143 } process_min_avail = 4 service_count = 0 vsz_limit = 128 M } service imap {%0 From CMarcus at Media-Brokers.com Wed Oct 19 22:45:46 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 19 Oct 2011 15:45:46 -0400 Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> Message-ID: <4E9F28EA.8090200@Media-Brokers.com> On 2011-10-19 3:40 PM, ghandidrivesahumvee at rocketfish.com wrote: > I just recently installed Dovecot 2.0.15. Unfortunately, doveadm segfaults > when I attempt to connect to the local dovecot instance. When this occurs, > my logs show: > > 2011-10-19T12:31:23-07:00 mail02 dovecot: doveadm: Error: doveadm client > not compatible with this server (mixed old and new binaries?) I think the error message is pretty clear... You obviously still have an older version installed... How did you install 2.0.15? -- Best regards, Charles From stsiol at yahoo.co.uk Wed Oct 19 23:06:49 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Wed, 19 Oct 2011 21:06:49 +0100 (BST) Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> Message-ID: <1319054809.66277.YahooMailNeo@web27206.mail.ukl.yahoo.com> ----- Original Message ----- From: "ghandidrivesahumvee at rocketfish.com" To: dovecot at dovecot.org Cc: Sent: Wednesday, 19 October 2011, 22:40 Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 Hi list, I just recently installed Dovecot 2.0.15. Unfortunately, doveadm segfaults when I attempt to connect to the local dovecot instance. When this occurs, my logs show: 2011-10-19T12:31:23-07:00 mail02 dovecot: doveadm: Error: doveadm client not compatible with this server (mixed old and new binaries?) I am using the settings listed on the wiki page http://wiki2.dovecot.org/Director [root at mail02 ~]# /opt/dovecot/bin/doveadm who -a 10.10.5.220:544 Segmentation fault (core dumped) doveconf and gdb output are below. If there is any more information I can provide please let me know. Thanks! Which OS version ? Have you considered the possibility you had a previous version of dovecot installed from the distro, then installed v2.0.15 ? Just saying, s. ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From ghandidrivesahumvee at rocketfish.com Wed Oct 19 23:33:41 2011 From: ghandidrivesahumvee at rocketfish.com (ghandidrivesahumvee at rocketfish.com) Date: Wed, 19 Oct 2011 13:33:41 -0700 (GMT+7) Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: <4E9F28EA.8090200@Media-Brokers.com> References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> <4E9F28EA.8090200@Media-Brokers.com> Message-ID: > I think the error message is pretty clear... It is clear, but it is wrong. ./configure --prefix=/opt/dovecot-2.0.15 ; make ; make install in /opt dovecot is a symlink to dovecot-2.0.15 The binary in the source directory crashes too. [root at mail02 ~]# /usr/local/src/dovecot-2.0.15/src/doveadm/doveadm who -a 10.10.5.220:544 Segmentation fault (core dumped) > Which OS version ? CentOS 5.5 x86_64 > Have you considered the possibility you had a previous version of dovecot > installed from the distro, then installed v2.0.15 ? There is no install of dovecot from the distro. > On 2011-10-19 3:40 PM, ghandidrivesahumvee at rocketfish.com > wrote: >> I just recently installed Dovecot 2.0.15. Unfortunately, doveadm >> segfaults >> when I attempt to connect to the local dovecot instance. When this >> occurs, >> my logs show: >> >> 2011-10-19T12:31:23-07:00 mail02 dovecot: doveadm: Error: doveadm client >> not compatible with this server (mixed old and new binaries?) > > I think the error message is pretty clear... > > You obviously still have an older version installed... > > How did you install 2.0.15? > > -- > > Best regards, > > Charles > From user+dovecot at localhost.localdomain.org Wed Oct 19 23:41:57 2011 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Wed, 19 Oct 2011 22:41:57 +0200 Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> <4E9F28EA.8090200@Media-Brokers.com> Message-ID: <4E9F3615.10401@localhost.localdomain.org> On 10/19/2011 10:33 PM ghandidrivesahumvee at rocketfish.com wrote: > Segmentation fault (core dumped) Please use gdb to generate a backtrace from the dumped core file. (http://dovecot.org/bugreport.html) Regards, Pascal -- The trapper recommends today: defaced.1129222 at localdomain.org From ghandidrivesahumvee at rocketfish.com Wed Oct 19 23:49:55 2011 From: ghandidrivesahumvee at rocketfish.com (ghandidrivesahumvee at rocketfish.com) Date: Wed, 19 Oct 2011 13:49:55 -0700 (GMT+7) Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: <4E9F3615.10401@localhost.localdomain.org> References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> <4E9F28EA.8090200@Media-Brokers.com> <4E9F3615.10401@localhost.localdomain.org> Message-ID: <729faff30062e73d6274b1d5070e50e3.squirrel@webmail.islandemail.com> Looks like my mail client cut the original message short. Here is doveconf and gdb output [root at mail02 ~]# /opt/dovecot/bin/doveconf -n # 2.0.15: /opt/dovecot-2.0.15/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-194.17.4.el5 x86_64 CentOS release 5.5 (Final) auth_mechanisms = plain login auth_verbose = yes auth_worker_max_count = 60 default_client_limit = 2048 disable_plaintext_auth = no doveadm_proxy_port = 544 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = 10.10.5.220, 127.0.0.1 lmtp_save_to_detail_mailbox = yes mail_fsync = always mail_log_prefix = "%r mpid=%p %s(%u): " mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = " notify mail_log" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mmap_disable = yes passdb { args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { mail_log_events = delete expunge mailbox_delete mail_log_fields = msgid box from mail_log_group_events = yes sieve = ~/MainSieve sieve_before = /storage03/sieve/before/ sieve_dir = ~/sieve sieve_max_actions = 32 sieve_max_redirects = 4 sieve_max_script_size = 2M } quota_full_tempfail = yes service anvil { client_limit = 2000 } service auth { client_limit = 7000 unix_listener /var/spool/postfix/private/auth { mode = 0600 user = postfix } unix_listener auth-userdb { group = mailowner mode = 0600 user = mailowner } } service doveadm { inet_listener { port = 544 } } service imap-login { inet_listener imap { port = 143 } process_min_avail = 4 service_count = 0 vsz_limit = 128 M } service imap { process_limit = 3072 } service lmtp { inet_listener lmtp { port = 24 } vsz_limit = 2 G } service pop3-login { inet_listener pop3 { port = 110 } } service pop3 { process_limit = 3072 } syslog_facility = local3 userdb { args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } protocol imap { mail_max_userip_connections = 2000 } protocol lmtp { lmtp_save_to_detail_mailbox = yes mail_plugins = sieve } protocol pop3 { pop3_uidl_format = %08Xu%08Xv } [root at mail02 ~]# gdb /opt/dovecot/bin/doveadm ./core.14731 GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-23.el5_5.2) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /opt/dovecot-2.0.15/bin/doveadm...done. Reading symbols from /opt/dovecot-2.0.15/lib/dovecot/libdovecot-storage.so.0...done. Loaded symbols for /opt/dovecot-2.0.15/lib/dovecot/libdovecot-storage.so.0 Reading symbols from /lib64/libpam.so.0...(no debugging symbols found)...done. Loaded symbols for /lib64/libpam.so.0 Reading symbols from /usr/lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libgssapi_krb5.so.2 Reading symbols from /usr/lib64/libkrb5.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libkrb5.so.3 Reading symbols from /usr/lib64/libk5crypto.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libk5crypto.so.3 Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libcom_err.so.2 Reading symbols from /usr/lib64/mysql/libmysqlclient.so.15...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/mysql/libmysqlclient.so.15 Reading symbols from /usr/lib64/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libz.so.1 Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypt.so.1 Reading symbols from /lib64/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libnsl.so.1 Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libm.so.6 Reading symbols from /lib64/libssl.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libssl.so.6 Reading symbols from /lib64/libcrypto.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypto.so.6 Reading symbols from /opt/dovecot-2.0.15/lib/dovecot/libdovecot.so.0...done. Loaded symbols for /opt/dovecot-2.0.15/lib/dovecot/libdovecot.so.0 Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/librt.so.1 Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/libaudit.so.0...(no debugging symbols found)...done. Loaded symbols for /lib64/libaudit.so.0 Reading symbols from /usr/lib64/libkrb5support.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libkrb5support.so.0 Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libkeyutils.so.1 Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libresolv.so.2 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. Loaded symbols for /lib64/libpthread.so.0 Reading symbols from /lib64/libselinux.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libselinux.so.1 Reading symbols from /lib64/libsepol.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libsepol.so.1 Reading symbols from /opt/dovecot-2.0.15/lib/dovecot/lib15_notify_plugin.so...done. Loaded symbols for /opt/dovecot-2.0.15/lib/dovecot/lib15_notify_plugin.so Reading symbols from /opt/dovecot-2.0.15/lib/dovecot/lib20_mail_log_plugin.so...done. Loaded symbols for /opt/dovecot-2.0.15/lib/dovecot/lib20_mail_log_plugin.so Core was generated by `/opt/dovecot/bin/doveadm who -a 172.16.5.234:544'. Program terminated with signal 11, Segmentation fault. #0 0x0000003a6be349fa in ____strtoull_l_internal () from /lib64/libc.so.6 (gdb) bt full #0 0x0000003a6be349fa in ____strtoull_l_internal () from /lib64/libc.so.6 No symbol table info available. #1 0x00000000004170f9 in who_parse_line (ctx=0x7fff05cb2990, callback=0x4175e0 ) at /usr/include/stdlib.h:342 ident = 0x14149980 "-" p = 0x1
#2 who_lookup (ctx=0x7fff05cb2990, callback=0x4175e0 ) at doveadm-who.c:152 who_line = {username = 0x0, service = 0x0, ip = {family = 0, u = {ip6 = {in6_u = {u6_addr8 = '\000' , u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, pid = 0, refcount = 0} _data_stack_cur_id = 2 input = 0x1415efb0 line = fd = #3 0x0000000000417349 in cmd_who (argc=3, argv=0x141494d8) at doveadm-who.c:298 ctx = {anvil_path = 0x14149518 "172.16.5.234:544", filter = {username = 0x0, net_ip = {family = 0, u = {ip6 = {in6_u = {u6_addr8 = '\000' , u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, net_bits = 0}, pool = 0x1415b000, users = 0x1415d7f0} separate_connections = false c = #4 0x000000000040f9e3 in doveadm_try_run (argc=3, argv=0x141494d8) at doveadm.c:192 cmd = 0x14158e90 cmd_name_len = 3 __FUNCTION__ = "doveadm_try_run" #5 main (argc=3, argv=0x141494d8) at doveadm.c:346 cmd_name = 0x14149511 "who" quick_init = false c = (gdb) From paixaop at gmail.com Thu Oct 20 04:17:14 2011 From: paixaop at gmail.com (Pedro Paixao) Date: Wed, 19 Oct 2011 21:17:14 -0400 Subject: [Dovecot] Proxy and Virtual IMAP Folders Message-ID: Hi all I am a newbie to dovecot and I would like some help clarifying a feature to determine if I can use it in my project. Is is posible to use the virtual plugin, in a IMAP proxy configuration, in a way that the virtual plugin searches messages on the real server? Here's my scenario: [Client]----[Dovecot Proxy]-----[Real Imap Server] Client connects to Dovecot Proxy and gets all the folders that are on the Real Imap Server, plus some virtual ones (generated by Dovecot Proxy) that search for messages on the real server. In my config the Dovecot Proxy has no email messages, real folders, or local delivery. I would like to thank you in advance for ant help and support. All the best Pedro From kafriki at hotmail.com Thu Oct 20 06:31:34 2011 From: kafriki at hotmail.com (Jumping Mouse) Date: Wed, 19 Oct 2011 23:31:34 -0400 Subject: [Dovecot] imap proxy for Gmail Message-ID: Hello, b I have a situation were I want to be able to give teachers access to their Google apps for education email through Squirrelmail. The network that they are on blocks gmail. ?? I am able to get Squirrelmail to communicate with Gmail via imap.? I am looking at getting persistant imap connections to improve the user experience.? I have looked at IMAPPROXY? but this application is not compatible with the gmail?imaps (ssl-encrypted imap over port 993).?? I recall reading somewhere that Dovecot has a built in imapproxy that could be used for this.? Can someone please point me to documentation or other information on how I might achieve the above stated goal? Thanks,? Kafriki From mark.zealey at webfusion.com Thu Oct 20 12:38:42 2011 From: mark.zealey at webfusion.com (Mark Zealey) Date: Thu, 20 Oct 2011 12:38:42 +0300 Subject: [Dovecot] Port variable in LMTP userdb lookups? Message-ID: <4E9FEC22.8060105@webfusion.com> Hi all, I'm currently changing some systems to use the redirector service, which means that to get local deliveries going I need to get lmtp set up so it can be redirected as well. This is working fine, however we have a number of different ports running on our servers depending on which brand a customer is using. When the time comes to do the user look up, we use (port, user, domain) to do a unique database lookup which works fine for everything (proxied pop, imap, lmtp & straight pop, imap) but not straight lmtp - perhaps because it doesn't have a 2-stage login process unlike the pop/imap protocols. Looking at the SQL query we are issuing, the %a port variable is set to 0 even though the connection is coming in from TCP. Is there a way to change this? We are running dovecot 2.0.12 however looking through the changelogs I can't see this would be fixed in the newest version. Thanks, Mark From wgillespie+dovecot at es2eng.com Thu Oct 20 12:45:26 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Thu, 20 Oct 2011 03:45:26 -0600 Subject: [Dovecot] imap proxy for Gmail In-Reply-To: References: Message-ID: <4E9FEDB6.1070809@es2eng.com> On 10/19/2011 9:31 PM, Jumping Mouse wrote: > I have a situation were I want to be able to give teachers access to their Google apps for education email through Squirrelmail. The network that they are on blocks gmail. I am able to get Squirrelmail to communicate with Gmail via imap. I am looking at getting persistant imap connections to improve the user experience. I have looked at IMAPPROXY but this application is not compatible with the gmail imaps (ssl-encrypted imap over port 993). I recall reading somewhere that Dovecot has a built in imapproxy that could be used for this. > > Can someone please point me to documentation or other information on how I might achieve the above stated goal? You are probably thinking of the "imapc" backend for Dovecot. Not sure if it gives the persistent connections you are looking for or not since I've never used it. From mimo at gn.apc.org Thu Oct 20 16:13:33 2011 From: mimo at gn.apc.org (Michael Moritz) Date: Thu, 20 Oct 2011 14:13:33 +0100 Subject: [Dovecot] too many open files and v1.2 In-Reply-To: <1318949843.21919.114.camel@hurina> References: <201110061242.48615.mimo@gn.apc.org> <1318949843.21919.114.camel@hurina> Message-ID: <201110201413.33386.mimo@gn.apc.org> Hi Timo thanks for your reply. I understand you're basically saying "upgrade to v2" but maybe this could be of interest for you. After we lowered the login_max_processes_count again the problem reappeared so I'm not sure whether that doesn't indicate a different problem. Regards, Michael On Tuesday 18 October 2011 15:57:23 Timo Sirainen wrote: > On Thu, 2011-10-06 at 12:42 +0100, Michael Moritz wrote: > > Hi > > > > I've found an older thread http://www.dovecot.org/list/dovecot/2010-March/047886.html which mentions that this is a bug in version 1. I'm on Debian squeeze (1:1.2.15-7) and got errors like these recently > > > > Oct 5 11:29:29 mail dovecot: dovecot: pipe() failed: Too many open files > > Oct 5 11:29:32 mail dovecot: dovecot: pipe() failed: Too many open files > > Oct 5 11:29:32 mail dovecot: dovecot: Temporary failure in creating login processes, slowing down for now > > These errors come from the dovecot master process. Each child process > uses up a few fds for pipes. > > > As a work around I've increased login_max_processes_count from 256 to 512 and it seems to have helped (as I suspected stale opened files). > > That only makes it easier to reach, since now there can be more child > processes eating up more fds. > > > My colleague thinks it's hitting the kernel open file limit ulimit -n (currently at 1024) but I don't see how that could happen if the number of process is nowhere near that. > > I don't remember how many fds each process takes in v1.x, probably > between 1 and 3. So if you for a while had hundreds of imap or pop3 > processes, you could run into that limit. > > v2.x doesn't use as many fds. > > From npetronikolos at condito.gr Wed Oct 19 12:54:06 2011 From: npetronikolos at condito.gr (Nikolaos Petronikolos) Date: Wed, 19 Oct 2011 02:54:06 -0700 (PDT) Subject: [Dovecot] can not receive email upgrading from ubuntu 11.4 to 11.10 Message-ID: <32681149.post@talk.nabble.com> Dear all, I have the following error when i am sending an email to my email server postfix + dovecot. #5.3.0 x-unix; /usr/lib/dovecot/deliver: invalid option -- 'n' Usage: dovecot-lda [-c ] [-a
] [-d ] [-p ] [-f ] [-m ] [-e] [-k]> #SMTP# The problem occurred after i upgraded my server from ubuntu 11.4 to 11.10. i kindly ask you if you can help me thank you in advance for your kind attention. -- View this message in context: http://old.nabble.com/can-not-receive-email-upgrading-from-ubuntu-11.4-to-11.10-tp32681149p32681149.html Sent from the Dovecot mailing list archive at Nabble.com. From dswartz at druber.com Thu Oct 20 18:01:29 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Thu, 20 Oct 2011 11:01:29 -0400 Subject: [Dovecot] Expire plugin not executing for sieve plugin? Message-ID: <4EA037C9.3040209@druber.com> Running dovecot 1.2.12 on ubuntu 10.10. Here is the problem: I have mysql backend for expire. I am using the dovecot-postfix package which creates /etc/dovecot/conf.d/01-mail-stack-delivery.conf which looks like this: # Some general options protocols = imap imaps managesieve disable_plaintext_auth = no ssl = yes ssl_cert_file = /etc/ssl/certs/ssl-mail.pem ssl_key_file = /etc/ssl/private/ssl-mail.key ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM mail_location = maildir:~/Maildir auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ # IMAP configuration protocol imap { mail_max_userip_connections = 10 imap_client_workarounds = outlook-idle delay-newmail mail_plugins = expire } # LDA configuration protocol lda { postmaster_address = postmaster mail_plugins = sieve expire quota_full_tempfail = yes deliver_log_format = msgid=%m: %$ rejection_reason = Your message to <%t> was automatically rejected:%n%r } # Plugins configuration plugin { sieve=~/.dovecot.sieve sieve_dir=~/sieve # If the user has no personal active script (i.e. if the file # indicated in sieve= does not exist), use this one: sieve_global_path = /var/lib/dovecot/sieve/default.sieve } The sieve is: require "fileinto"; require "imap4flags"; if header :contains "X-Spam-Flag" "YES" { setflag "\\Seen"; fileinto "SPAM"; stop; } Originally, this did not have the setflag or stop - I added them hoping to fix the problem, but no luck. The problem is this: when spam assassin has flagged a message as spam, the sieve runs and the message is in fact filed into the SPAM folder, but no expire entry is added to the database. If I move such a message from the SPAM folder to the Inbox and then back to SPAM, voila, I *do* get the entry created. Here is the mysql table before and after I did the move/move: mysql> select * from expires; +----------+---------------+--------------+ | username | mailbox | expire_stamp | +----------+---------------+--------------+ | dswartz | Deleted Items | 1319720163 | | dswartz | Sent | 1319120165 | | denise | Trash | 1319139920 | | samantha | Trash | 1319136146 | | denise | Sent | 1319655872 | | danielle | Sent | 1319192230 | | samantha | Sent | 1319268855 | | dswartz | Trash | 1319725884 | | samantha | SPAM | 1321504531 | +----------+---------------+--------------+ 9 rows in set (0.00 sec) mysql> select * from expires; +----------+---------------+--------------+ | username | mailbox | expire_stamp | +----------+---------------+--------------+ | dswartz | Deleted Items | 1319720163 | | dswartz | Sent | 1319120165 | | denise | Trash | 1319139920 | | samantha | Trash | 1319136146 | | denise | Sent | 1319655872 | | danielle | Sent | 1319192230 | | samantha | Sent | 1319268855 | | dswartz | Trash | 1319725884 | | samantha | SPAM | 1321504531 | | dswartz | SPAM | 1321714666 | +----------+---------------+--------------+ 10 rows in set (0.00 sec) It's almost like the fileinto stuff is not running the plugin code at all, or am I totally on drugs? If I can't get a fix for this, I at least now can think of a hack to "fix" it. e.g. every night, run a script that adds a "now" timestamp for everyone's SPAM folder to trick the periodic expire tool code into checking that folder, but obviously I'd rather have a real fix :) If this is just 'how it works', is it better in 2.0? From james.page at ubuntu.com Thu Oct 20 18:31:28 2011 From: james.page at ubuntu.com (James Page) Date: Thu, 20 Oct 2011 16:31:28 +0100 Subject: [Dovecot] can not receive email upgrading from ubuntu 11.4 to 11.10 In-Reply-To: <32681149.post@talk.nabble.com> References: <32681149.post@talk.nabble.com> Message-ID: <4EA03ED0.4080400@ubuntu.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Nikolaos On 19/10/11 10:54, Nikolaos Petronikolos wrote: > #5.3.0 x-unix; /usr/lib/dovecot/deliver: invalid option -- 'n' > Usage: dovecot-lda [-c ] [-a
] [-d > ] [-p ] [-f ] [-m ] [-e] > [-k]> #SMTP# > > The problem occurred after i upgraded my server from ubuntu 11.4 to > 11.10. 11.10 upgrades dovecot from 1.2.x to 2.0.x; as a result the -n flag is no longer accepted by dovecot-lda; You can fix this by removing the -n flag from the postfix configuration; sudo postconf -e "mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-mail-stack-delivery.conf -m \"\${EXTENSION}\"" This is a bug in the Ubuntu packaging; it would be great if you could raise a bug in Ubuntu as well (I'll probably work on a stable release update for this one): https://bugs.launchpad.net/ubuntu/+source/dovecot/+filebug Cheers James - -- James Page Ubuntu Core Developer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJOoD7QAAoJEL/srsug59jDHUcQAJfL4jU+wNMK22kYOCKsTRkr eHBUZ0IQ1Yv2IscqRpW8WaAAg6r7tufMoodI/MY1N4w2FHfwJAAMiCfU/8gTyfHD /FxwVH5Phk+InEYDEc7YMCdgTwh936yiOKkQjz65aGO3kUIg42QSNHOBq30L4VV7 b4cnwIlwALjA/8U2HrZr6XHBwZ9YoyxoLY3m6R9MCcCNpEEUUh1tH4i2FuZYFHmJ CokbWA2XHJCli4yZ5d+1JM3D0u/Sg2w1bczT3kkIE8HhGgOpCidbYRrOKTrHrFOl 0GKvHQkxvosqfLt8rdrjJlhNlGjPdRdu22vsMy43rS80knN70ltyTH3K5kiW2q6/ skqQjwgZ4y41sqsKq8WnuYuSfeH2TSrglzSXQ2W8vOOAJArqwLLst5E3+Ift3Pig 0BhNlSyQyWhdE4TE9zbGnUPK8GLXLU82LcTegpz6d3mxAcCs7+SnNiYPnRrNxTA1 YqqBdcAfCMeS5B3w5ZQRQDvKOIZOPqyIeZPX2g5bOM4ngDnZoJfIOf6RkBX/DPVw UCgU1AjWWHtrcTby7h4s3xX+EaPUpEFj8eg30GW5exsSMM6ASuU+HtQpO3rEobDB uG9AvHahf6Y9fAuSdxjcHQg6xyWDEYNaW3MNZauaD92IvaTP2uTyQvopk3ahyOWK 7lpTV7qZ776fNbK5OYrX =W3fO -----END PGP SIGNATURE----- From dswartz at druber.com Thu Oct 20 18:32:44 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Thu, 20 Oct 2011 11:32:44 -0400 Subject: [Dovecot] Expire plugin not executing for sieve plugin? Message-ID: <4EA03F1C.5010500@druber.com> Running dovecot 1.2.12 on ubuntu 10.10. Here is the problem: I have mysql backend for expire. I am using the dovecot-postfix package which creates /etc/dovecot/conf.d/01-mail-stack-delivery.conf which looks like this: # Some general options protocols = imap imaps managesieve disable_plaintext_auth = no ssl = yes ssl_cert_file = /etc/ssl/certs/ssl-mail.pem ssl_key_file = /etc/ssl/private/ssl-mail.key ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM mail_location = maildir:~/Maildir auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ # IMAP configuration protocol imap { mail_max_userip_connections = 10 imap_client_workarounds = outlook-idle delay-newmail mail_plugins = expire } # LDA configuration protocol lda { postmaster_address = postmaster mail_plugins = sieve expire quota_full_tempfail = yes deliver_log_format = msgid=%m: %$ rejection_reason = Your message to <%t> was automatically rejected:%n%r } # Plugins configuration plugin { sieve=~/.dovecot.sieve sieve_dir=~/sieve # If the user has no personal active script (i.e. if the file # indicated in sieve= does not exist), use this one: sieve_global_path = /var/lib/dovecot/sieve/default.sieve } The sieve is: require "fileinto"; require "imap4flags"; if header :contains "X-Spam-Flag" "YES" { setflag "\\Seen"; fileinto "SPAM"; stop; } Originally, this did not have the setflag or stop - I added them hoping to fix the problem, but no luck. The problem is this: when spam assassin has flagged a message as spam, the sieve runs and the message is in fact filed into the SPAM folder, but no expire entry is added to the database. If I move such a message from the SPAM folder to the Inbox and then back to SPAM, voila, I *do* get the entry created. Here is the mysql table before and after I did the move/move: mysql> select * from expires; +----------+---------------+--------------+ | username | mailbox | expire_stamp | +----------+---------------+--------------+ | dswartz | Deleted Items | 1319720163 | | dswartz | Sent | 1319120165 | | denise | Trash | 1319139920 | | samantha | Trash | 1319136146 | | denise | Sent | 1319655872 | | danielle | Sent | 1319192230 | | samantha | Sent | 1319268855 | | dswartz | Trash | 1319725884 | | samantha | SPAM | 1321504531 | +----------+---------------+--------------+ 9 rows in set (0.00 sec) mysql> select * from expires; +----------+---------------+--------------+ | username | mailbox | expire_stamp | +----------+---------------+--------------+ | dswartz | Deleted Items | 1319720163 | | dswartz | Sent | 1319120165 | | denise | Trash | 1319139920 | | samantha | Trash | 1319136146 | | denise | Sent | 1319655872 | | danielle | Sent | 1319192230 | | samantha | Sent | 1319268855 | | dswartz | Trash | 1319725884 | | samantha | SPAM | 1321504531 | | dswartz | SPAM | 1321714666 | +----------+---------------+--------------+ 10 rows in set (0.00 sec) It's almost like the fileinto stuff is not running the plugin code at all, or am I totally on drugs? If I can't get a fix for this, I at least now can think of a hack to "fix" it. e.g. every night, run a script that adds a "now" timestamp for everyone's SPAM folder to trick the periodic expire tool code into checking that folder, but obviously I'd rather have a real fix :) If this is just 'how it works', is it better in 2.0? From simon.brereton at buongiorno.com Thu Oct 20 23:24:43 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Thu, 20 Oct 2011 16:24:43 -0400 Subject: [Dovecot] Auth Worker failures In-Reply-To: <1318948640.21919.103.camel@hurina> References: <1318948640.21919.103.camel@hurina> Message-ID: On 18 October 2011 10:37, Timo Sirainen wrote: > On Wed, 2011-10-12 at 10:24 -0400, Simon Brereton wrote: >> >> >> Of all the accounts on the box, it's only mine that throws this up. >> Since its LIP is localhost, it could really only be for webmail - but >> I don't always leave the webmail open, so I'm curious to know how this >> gets there and what it is. >> >> Any suggestions? ?I find it difficult to believe I have an IMAP >> process in a script somewhere (especially with my user account - the >> postmaster account, I could believe, but not with my personal one).. >> > You could enable auth_debug_passwords=yes and see what password it > tries. The first day I did this, I forgot to restart dovecot. Doh. This morning I had: Oct 20 06:25:14 mail dovecot: auth(default): client in: AUTH#0112#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50683#011resp=--alsoremoved--== Oct 20 06:25:14 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:25:14 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): Password mismatch Oct 20 06:25:14 mail dovecot: auth-worker(default): md5_verify(simon at example.net): Not a valid MD5-CRYPT or PLAIN-MD5 password Oct 20 06:25:14 mail dovecot: auth-worker(default): smd5_verify(simon at example.net): SMD5 password too short Oct 20 06:25:14 mail dovecot: auth-worker(default): ssha_verify(simon at example.net): SSHA password too short Oct 20 06:25:14 mail dovecot: auth-worker(default): ssha256_verify(simon at example.net): SSHA256 password too short Oct 20 06:25:14 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:14 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:14 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): CRYPT() != 'RaNDomsTRinG' Oct 20 06:25:16 mail dovecot: auth(default): client out: FAIL#0112#011user=simon at example.net Oct 20 06:25:26 mail dovecot: auth(default): client in: AUTH#0113#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50683#011resp=--truncated-- Oct 20 06:25:26 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:25:26 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): Password mismatch Oct 20 06:25:26 mail dovecot: auth-worker(default): md5_verify(simon at example.net): Not a valid MD5-CRYPT or PLAIN-MD5 password Oct 20 06:25:26 mail dovecot: auth-worker(default): smd5_verify(simon at example.net): SMD5 password too short Oct 20 06:25:26 mail dovecot: auth-worker(default): ssha_verify(simon at example.net): SSHA password too short Oct 20 06:25:26 mail dovecot: auth-worker(default): ssha256_verify(simon at example.net): SSHA256 password too short Oct 20 06:25:26 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:26 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:26 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): CRYPT() != 'RaNDomsTRinG' Oct 20 06:25:28 mail dovecot: auth(default): client out: FAIL#0113#011user=simon at example.net Oct 20 06:25:43 mail dovecot: auth(default): client in: AUTH#0114#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50683#011resp=--alsoremoved--== Oct 20 06:25:43 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:25:43 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): Password mismatch Oct 20 06:25:43 mail dovecot: auth-worker(default): md5_verify(simon at example.net): Not a valid MD5-CRYPT or PLAIN-MD5 password Oct 20 06:25:43 mail dovecot: auth-worker(default): smd5_verify(simon at example.net): SMD5 password too short Oct 20 06:25:43 mail dovecot: auth-worker(default): ssha_verify(simon at example.net): SSHA password too short Oct 20 06:25:43 mail dovecot: auth-worker(default): ssha256_verify(simon at example.net): SSHA256 password too short Oct 20 06:25:43 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:43 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:43 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): CRYPT() != 'RaNDomsTRinG' Oct 20 06:25:45 mail dovecot: auth(default): client out: FAIL#0114#011user=simon at example.net Oct 20 06:26:05 mail dovecot: imap-login: Disconnected (auth failed, 4 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Oct 20 06:26:15 mail dovecot: IMAP(simon at example.net): Disconnected: Logged out bytes=8/334 Oct 20 06:26:15 mail dovecot: IMAP(simon at example.net): Disconnected: Logged out bytes=21/393 Oct 20 06:26:16 mail dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50696#011resp=--removed--== Oct 20 06:26:16 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:26:16 mail dovecot: auth(default): client out: OK#0111#011user=simon at example.net Oct 20 06:26:16 mail dovecot: auth(default): master in: REQUEST#0111712#01119179#0111 Oct 20 06:26:16 mail dovecot: auth(default): prefetch(simon at example.net,127.0.0.1): success Oct 20 06:26:16 mail dovecot: auth(default): master out: USER#0111712#011simon at example.net#011home=/var/spool/mail/virtual/example.net/simon/#011uid=999#011gid=115 Oct 20 06:26:16 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Oct 20 06:26:16 mail dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50697#011resp=--removed--== Oct 20 06:26:16 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:26:16 mail dovecot: auth(default): client out: OK#0111#011user=simon at example.net Oct 20 06:26:16 mail dovecot: auth(default): master in: REQUEST#0111713#01119228#0111 Oct 20 06:26:16 mail dovecot: auth(default): prefetch(simon at example.net,127.0.0.1): success Oct 20 06:26:16 mail dovecot: auth(default): master out: USER#0111713#011simon at example.net#011home=/var/spool/mail/virtual/example.net/simon/#011uid=999#011gid=115 Oct 20 06:26:16 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Note, the RaNDomsTRinG is what I believe is my encrypted password. the other strings (removed, alsoremoved and truncated) were all variations on a string (which looks like an MD5 hash string to me). I'm still sure this is the webmail trying to log in though.. >From the Horde log: mail:~# grep "2011-10-20T06:" /var/log/horde/horde4.log 2011-10-20T06:25:16+00:00 ERR: HORDE4 [imp] IMAP server denied authentication. [pid 19222 on line 340 of "/usr/share/horde4/imp/lib/Imap.php"] 2011-10-20T06:25:16+00:00 INFO: HORDE4 [imp] FAILED LOGIN for simon at lydiard.net (Horde user simon at lydiard.net) [] to {localhost:143 [imap]} [pid 19222 on line 176 of "/usr/share/horde4/imp/lib/Auth.php"] But that only shows one attempt. Dovecot is complaining about 4. I'm not overly concerned, but I'm concerned that this will impact as we scale up on users. Simon From jackfredrikson at yahoo.com Fri Oct 21 01:28:31 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Thu, 20 Oct 2011 15:28:31 -0700 (PDT) Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening Message-ID: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> Hi; I'm new to Dovecot and Postfix. I'm trying to enable these with MySQL support and postfixadmin. I've got all those services up and running (finally!); however, I can't figure out if the emails are being received and/or stored. I'm pretty sure Postfix is receiving them because I dealt with certain errors and they're now gone. Here's some data: Dovecot ver. 0.91 [root at example postfix]# /sbin/service dovecot -n doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: imap_client_workarounds=outlook-idle is no longer necessary doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:21: passdb sql {} has been replaced by passdb { driver=sql } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:24: userdb sql {} has been replaced by userdb { driver=sql } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:27: userdb prefetch {} has been replaced by userdb { driver=prefetch } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:29: auth_user has been replaced by service auth { user } Usage: /etc/init.d/dovecot {start|stop|reload|restart|force-reload} tail /var/log/maillog Oct 20 10:13:59 example postfix/smtpd[28141]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30178 exit status 1 Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30179 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28458]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30180 exit status 1 Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30181 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28483]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/smtpd[28460]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30182 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28455]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30183 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28484]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30184 exit status 1 Oct 20 10:13:59 example postfix/smtpd[29917]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30185 exit status 1 Oct 20 10:13:59 example postfix/smtpd[29953]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30186 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28485]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30187 exit status 1 Oct 20 10:14:15 example postfix/smtpd[30152]: connect from unknown[66.248.165.32] Oct 20 10:14:15 example postfix/smtpd[30152]: lost connection after EHLO from unknown[66.248.165.32] Oct 20 10:14:15 example postfix/smtpd[30152]: disconnect from unknown[66.248.165.32] I also get this in there: Oct 20 10:13:15 example postfix/smtpd[30152]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Oct 20 10:13:15 example postfix/smtpd[30152]: cannot load Certificate Authority data: disabling TLS support Oct 20 10:13:15 example postfix/smtpd[30152]: warning: TLS library problem: 30152:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('/etc/pki/tls/c erts/cert.pem','r'): Oct 20 10:13:15 example postfix/smtpd[30152]: warning: TLS library problem: 30152:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125: Oct 20 10:13:15 example postfix/smtpd[30152]: warning: TLS library problem: 30152:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:279: Oct 20 10:13:15 example postfix/smtpd[30152]: connect from unknown[66.248.165.32] Oct 20 10:13:15 example postfix/smtpd[30152]: lost connection after EHLO from unknown[66.248.165.32] Oct 20 10:13:15 example postfix/smtpd[30152]: disconnect from unknown[66.248.165.32] Oct 20 10:13:57 example postfix/proxymap[28446]: warning: mysql query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version f or the right syntax to use near '??gifteatszone.com??? AND active = 1' at line 1 Oct 20 10:13:57 example postfix/trivial-rewrite[30154]: fatal: proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem Oct 20 10:13:57 example postfix/trivial-rewrite[30155]: fatal: proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem Oct 20 10:13:57 example postfix/proxymap[28444]: warning: mysql query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version f or the right syntax to use near '??awakelunch.info??? AND active = 1' at line 1 I reckon the failing of mysql inquiries just has to do with hackers trying to hack me. The TLS problem isn't mission-critical since it's just getting disabled. ?[root at example jack]# ps wax|grep dovecot 20223 ???????? Ss???? 0:00 /usr/local/sbin/dovecot 20224 ???????? S????? 0:00 dovecot/anvil 20225 ???????? S????? 0:00 dovecot/log 31832 ???????? S????? 0:00 dovecot/config 31833 ???????? S????? 0:00 dovecot/auth 31836 pts/2??? S+???? 0:00 grep dovecot [root at example jack]# ps wax|grep postfix ?4000 ???????? Ss???? 0:01 /usr/libexec/postfix/master 31839 pts/2??? S+???? 0:00 grep postfix [root at example jack]# ps wax|grep postfixadmin 31842 pts/2??? S+???? 0:00 grep postfixadmin [root at example jack]# ps wax|grep saslauthd 16337 ???????? Ss???? 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2 16338 ???????? S????? 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2 25718 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 25719 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 25720 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 25721 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 25722 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 32052 pts/2??? S+???? 0:00 grep saslauthd I also tried this: First send a test mail to yourself (as your own non-root user): echo "Hello me" | mail -s "Dovecot test" $USER Now, find where the mail went. Here's a simple script which checks the most common locations: for mbox in /var/mail/$USER /var/spool/mail/$USER ~/mbox ~/mail/* ~/*; do ? grep -q "Dovecot test" $mbox && echo "mbox: $mbox" done grep -q "Dovecot test" ~/Maildir/new/* 2>/dev/null && echo "Maildir: ~/Maildir" and the mail was not found. This from my dovecot.conf file: mail_location = maildir:/var/vmail/%d/%u #but there's nothing there. ... auth default { # Having "login" also as a mechanism make sure outlook can use the auth smtpd as well # http://wiki.dovecot.org/Authentication/Mechanisms ? mechanisms = plain login ? passdb sql { ??? args = /usr/local/etc/dovecot/sql.conf ? } ? userdb sql { ??? args = /usr/local/etc/dovecot/sql.conf ? } ? userdb prefetch { ? } ? user = nobody ? socket listen { ??? master { ????? path = /var/run/dovecot/auth-master ????? mode = 0660 ????? user = vmail ????? group = mail ??? } ??? client { ????? path = /var/spool/postfix/private/auth ????? mode = 0660 ????? user = postfix ????? group = mail ??? } ? } } Telnetting to port 25 brings up Postfix, to port 110 brings up Dovecot TIA,Jack From jos at webrz.net Fri Oct 21 01:49:41 2011 From: jos at webrz.net (Jos Chrispijn) Date: Fri, 21 Oct 2011 00:49:41 +0200 Subject: [Dovecot] Email filters Message-ID: <4EA0A585.5020202@webrz.net> Can someone tell me how I can configure Dovecot to use message filters on incoming email? When I now activate my mail account on my mobile phone and Thunderbird (or any other mail client with message filters) is not online, I get a huge pile of email in my INBOX that I have to go thru, while 90% is not that interesting to read as they belong to Spam messages, newsletters etc. Thanks in advance Jos Chrispijn From simon.brereton at buongiorno.com Fri Oct 21 02:07:57 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Thu, 20 Oct 2011 19:07:57 -0400 Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> Message-ID: On 20 October 2011 18:28, Jack Fredrikson wrote: > Hi; > > I'm new to Dovecot and Postfix. > I'm trying to enable these with MySQL support and postfixadmin. I've > got all those services up and running (finally!); however, I can't > figure out if the emails are being received and/or stored. I'm pretty > sure Postfix is receiving them because I dealt with certain errors > and they're now gone. Here's some data: > > Dovecot ver. > 0.91 First, get a newer version of Dovecot. You don't say what OS you're working on, but I'm pretty sure it will support a newer version. > [root at example postfix]# /sbin/service dovecot > -n > doveconf: Warning: NOTE: You can get a new clean config file > with: doveconf -n > dovecot-new.conf > doveconf: Warning: > Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: > imap_client_workarounds=outlook-idle is no longer necessary > doveconf: > Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: > add auth_ prefix to all settings inside auth {} and remove the auth > {} section completely > doveconf: Warning: Obsolete setting in > /usr/local/etc/dovecot/dovecot.conf:21: passdb sql {} has been > replaced by passdb { driver=sql } > doveconf: Warning: Obsolete > setting in /usr/local/etc/dovecot/dovecot.conf:24: userdb sql {} has > been replaced by userdb { driver=sql } > doveconf: Warning: Obsolete > setting in /usr/local/etc/dovecot/dovecot.conf:27: userdb prefetch {} > has been replaced by userdb { driver=prefetch } > doveconf: Warning: > Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:29: auth_user > has been replaced by service auth { user } > Usage: > /etc/init.d/dovecot {start|stop|reload|restart|force-reload} > > tail > /var/log/maillog > Oct 20 10:13:59 example postfix/smtpd[28141]: > warning: problem talking to service rewrite: Success > Oct 20 > 10:13:59 example postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30178 exit status 1 > Oct > 20 10:13:59 example postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30179 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28458]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30180 exit status 1 > Oct > 20 10:13:59 example postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30181 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28483]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/smtpd[28460]: warning: problem talking to service rewrite: > Success > Oct 20 10:13:59 example postfix/master[4000]: warning: > process /usr/libexec/postfix/trivial-rewrite pid 30182 exit status 1 > Oct 20 10:13:59 example postfix/smtpd[28455]: warning: problem > talking to service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30183 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28484]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30184 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[29917]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30185 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[29953]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30186 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28485]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30187 exit status 1 > Oct > 20 10:14:15 example postfix/smtpd[30152]: connect from > unknown[66.248.165.32] > Oct 20 10:14:15 example > postfix/smtpd[30152]: lost connection after EHLO from > unknown[66.248.165.32] > Oct 20 10:14:15 example > postfix/smtpd[30152]: disconnect from unknown[66.248.165.32] > > I > also get this in there: Were you testing from 66.248.165.32? You still have too many errors from postfix and you need to sort out your MTA (Mail Transport) before you worry about the MDA (Mail Delivery). > Oct 20 10:13:15 example > postfix/smtpd[30152]: warning: dict_nis_init: NIS domain name not set > - NIS lookups disabled > Oct 20 10:13:15 example > postfix/smtpd[30152]: cannot load Certificate Authority data: > disabling TLS support > Oct 20 10:13:15 example > postfix/smtpd[30152]: warning: TLS library problem: > 30152:error:02001002:system library:fopen:No such file or > directory:bss_file.c:122:fopen('/etc/pki/tls/c > erts/cert.pem','r'): > Oct > 20 10:13:15 example postfix/smtpd[30152]: warning: TLS library > problem: 30152:error:2006D080:BIO routines:BIO_new_file:no such > file:bss_file.c:125: > Oct 20 10:13:15 example postfix/smtpd[30152]: > warning: TLS library problem: 30152:error:0B084002:x509 certificate > routines:X509_load_cert_crl_file:system lib:by_file.c:279: > Oct 20 > 10:13:15 example postfix/smtpd[30152]: connect from > unknown[66.248.165.32] > Oct 20 10:13:15 example > postfix/smtpd[30152]: lost connection after EHLO from > unknown[66.248.165.32] > Oct 20 10:13:15 example > postfix/smtpd[30152]: disconnect from unknown[66.248.165.32] > Oct > 20 10:13:57 example postfix/proxymap[28446]: warning: mysql query > failed: You have an error in your SQL syntax; check the manual that > corresponds to your MySQL server version f > or the right syntax to > use near '??gifteatszone.com??? AND active = 1' at line 1 > Oct 20 > 10:13:57 example postfix/trivial-rewrite[30154]: fatal: > proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): > table lookup problem > Oct 20 10:13:57 example > postfix/trivial-rewrite[30155]: fatal: > proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): > table lookup problem > Oct 20 10:13:57 example > postfix/proxymap[28444]: warning: mysql query failed: You have an > error in your SQL syntax; check the manual that corresponds to your > MySQL server version f > or the right syntax to use near > '??awakelunch.info??? AND active = 1' at line 1 > > I reckon the > failing of mysql inquiries just has to do with hackers trying to hack > me. The TLS problem isn't mission-critical since it's just getting > disabled. Yes, TLS is isn't an issue - although you have it incorrectly configured. That would be the last thing you need to implement/fix. For now disable it in postfix and dovecot. http://www.howtoforge.com/forums/archive/index.php/t-10943.html > ?[root at example jack]# ps wax|grep dovecot > 20223 > ???????? Ss???? 0:00 /usr/local/sbin/dovecot > 20224 ? > S????? 0:00 dovecot/anvil > 20225 ? > S????? 0:00 dovecot/log > 31832 ? > S????? 0:00 dovecot/config > 31833 ? > S????? 0:00 dovecot/auth > 31836 pts/2 > S+???? 0:00 grep dovecot > [root at example jack]# > ps wax|grep postfix > ?4000 ? > Ss???? 0:01 /usr/libexec/postfix/master > 31839 > pts/2??? S+???? 0:00 grep > postfix > [root at example jack]# ps wax|grep postfixadmin > 31842 > pts/2??? S+???? 0:00 grep > postfixadmin > [root at example jack]# ps wax|grep saslauthd > 16337 ???????? Ss???? 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2 > 16338 ???????? S????? 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2 > 25718 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 25719 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 25720 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 25721 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 25722 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 32052 > ?pts/2??? S+???? 0:00 grep saslauthd > > > I also tried this: > > First send a test mail to yourself (as your own non-root user): > echo "Hello me" | mail -s "Dovecot test" $USER > Now, find where the mail went. Here's a simple script which checks the most common locations: > for mbox in /var/mail/$USER /var/spool/mail/$USER ~/mbox ~/mail/* ~/*; do > ? grep -q "Dovecot test" $mbox && echo "mbox: $mbox" > done > grep -q "Dovecot test" ~/Maildir/new/* 2>/dev/null && echo "Maildir: ~/Maildir" > > and the mail was not found. > > > This from my dovecot.conf file: > mail_location = maildir:/var/vmail/%d/%u > #but there's nothing there. > ... > auth default { > # Having "login" also as a mechanism make sure outlook can use the auth smtpd as well > # http://wiki.dovecot.org/Authentication/Mechanisms > ? mechanisms = plain login > ? passdb sql { > ??? args = /usr/local/etc/dovecot/sql.conf > ? } > ? userdb sql { > ??? args = /usr/local/etc/dovecot/sql.conf > ? } > ? userdb prefetch { > ? } > ? user = nobody > ? socket listen { > ??? master { > ????? path = /var/run/dovecot/auth-master > ????? mode = 0660 > ????? user = vmail > ????? group = mail > ??? } > ??? client { > ????? path = /var/spool/postfix/private/auth > ????? mode = 0660 > ????? user = postfix > ????? group = mail > ??? } > ? } > } > > > Telnetting to port 25 brings up Postfix, to port 110 brings up Dovecot At a minimum your daemons are running - congratulations! That's always a good start and I remember when I was setting up the sense of achievement that brought. But for now you need to get postfix working (their list is great). Perhaps if you give more details on your system I can point you to a better howto. And maybe more information on what you're trying to achieve? Virtual domain? Virtual domains? Multiple users? Local users? All these have an impact on what the solution is. Simon From stephan at rename-it.nl Fri Oct 21 02:11:05 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 21 Oct 2011 01:11:05 +0200 Subject: [Dovecot] Email filters In-Reply-To: <4EA0A585.5020202@webrz.net> References: <4EA0A585.5020202@webrz.net> Message-ID: <4EA0AA89.1060808@rename-it.nl> Hi Jos, On 10/21/2011 12:49 AM, Jos Chrispijn wrote: > Can someone tell me how I can configure Dovecot to use message filters > on incoming email? > When I now activate my mail account on my mobile phone and Thunderbird > (or any other mail client with message filters) is not online, I get a > huge pile of email in my INBOX that I have to go thru, while 90% is > not that interesting to read as they belong to Spam messages, > newsletters etc. http://wiki2.dovecot.org/Pigeonhole Regards, Stephan. From jackfredrikson at yahoo.com Fri Oct 21 02:45:02 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Thu, 20 Oct 2011 16:45:02 -0700 (PDT) Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> Message-ID: <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: "dovecot at dovecot.org" Sent: Thursday, October 20, 2011 7:07 PM Subject: Re: [Dovecot] Don't Know Where Emails Are Or What's Happening First, I'm subscribing to postfix as per your recc and I upgraded my dovecot. What the heck was I doing with such an old version?! lol. My OS is CentOS. > At a minimum your daemons are running - congratulations!? That's > always a good start and I remember when I was setting up the sense of > achievement that brought. Uhuh! >? But for now you need to get postfix working > (their list is great).? Perhaps if you give more details on your > system I can point you to a better howto.? And maybe more information > on what you're trying to achieve?? Virtual domain?? Virtual domains? > Multiple users?? Local users?? All these have an impact on what the > solution is. I have clients with their various domains hosted on my server to whom I need to serve email. There will only be me on a slice of one machine interfacing with dovecot/postfix. I have integrated/am integrating Amavis, ClamAV, Spamassassin, PostfixAdmin and SquirrelMail. Thanks, Jack From jos at webrz.net Fri Oct 21 09:40:29 2011 From: jos at webrz.net (Jos Chrispijn) Date: Fri, 21 Oct 2011 08:40:29 +0200 Subject: [Dovecot] Email filters In-Reply-To: <4EA0AA89.1060808@rename-it.nl> References: <4EA0A585.5020202@webrz.net> <4EA0AA89.1060808@rename-it.nl> Message-ID: <4EA113DD.4050003@webrz.net> Hi Stephan, Thanks, would love to use that one, but I follow the ports(upgrades) and currently we are on _dovecot-1.2.17_ Secure and compact IMAP and POP3 servers where the Pigeonhole port demands Dovecot 2.0? BR, Jos Stephan Bosch: > Hi Jos, > > On 10/21/2011 12:49 AM, Jos Chrispijn wrote: >> Can someone tell me how I can configure Dovecot to use message >> filters on incoming email? >> When I now activate my mail account on my mobile phone and >> Thunderbird (or any other mail client with message filters) is not >> online, I get a huge pile of email in my INBOX that I have to go >> thru, while 90% is not that interesting to read as they belong to >> Spam messages, newsletters etc. > > http://wiki2.dovecot.org/Pigeonhole > > Regards, > > Stephan. From stephan at rename-it.nl Fri Oct 21 10:20:20 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 21 Oct 2011 09:20:20 +0200 Subject: [Dovecot] Email filters In-Reply-To: <4EA113DD.4050003@webrz.net> References: <4EA0A585.5020202@webrz.net> <4EA0AA89.1060808@rename-it.nl> <4EA113DD.4050003@webrz.net> Message-ID: <4EA11D34.7040209@rename-it.nl> On 10/21/2011 8:40 AM, Jos Chrispijn wrote: > Hi Stephan, > > Thanks, would love to use that one, but I follow the ports(upgrades) > and currently we are on > > _dovecot-1.2.17_ Secure and compact IMAP and POP3 servers > > where the Pigeonhole port demands Dovecot 2.0? Well, Pigeonhole is available for v1.2 too: http://wiki.dovecot.org/LDA/Sieve/Dovecot However, back then it was still a split package; dovecot-sieve and dovecot-managesieve. I'm assuming you're using FreeBSD, in which case the ports are found here: http://www.freebsd.org/cgi/cvsweb.cgi/ports/mail/dovecot-sieve/ http://www.freebsd.org/cgi/cvsweb.cgi/ports/mail/dovecot-managesieve/ Otherwise, searching for Sieve and Dovecot should yield what you need. Regards, Stephan. From nam_10 at hotmail.com Fri Oct 21 13:43:29 2011 From: nam_10 at hotmail.com (nuno marques) Date: Fri, 21 Oct 2011 10:43:29 +0000 Subject: [Dovecot] Quota Message-ID: hi, I'm having some difficulty understanding the connection between postfix, dovecot and quota. What is the best way to set up quotas? through the file system quota and maildir? Need the dovecot lda working? The postfix needs a patch? I was thinking about setting quotas on file system, then configure Postfix to connect to dovecot-lda. Any suggestion? The system as a whole is composed of:dovecot-2.0-0.10.beta6.20100630.el6.x86_64 -> 2.0.beta6 (3156315704ef)openldap-servers-2.4.19-15.el6_0.2.x86_64postfix-2.6.6-2.1.el6_0.x86_64mailscanner-4.84.3-1.noarchspamassassin-3.3.1-2.el6.x86_64centos 6 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux From duihi77 at gmail.com Fri Oct 21 14:45:32 2011 From: duihi77 at gmail.com (Duane Hill) Date: Fri, 21 Oct 2011 06:45:32 -0500 (CDT) Subject: [Dovecot] Quota In-Reply-To: References: Message-ID: On Fri, 21 Oct 2011, nuno marques wrote: > hi, > I'm having some difficulty understanding the connection between postfix, dovecot and quota. > What is the best way to set up quotas? through the file system quota and maildir? Need the dovecot lda working? The postfix needs a patch? > > I was thinking about setting quotas on file system, then configure Postfix to connect to dovecot-lda. Any suggestion? > > The system as a whole is composed of:dovecot-2.0-0.10.beta6.20100630.el6.x86_64 -> 2.0.beta6 (3156315704ef)openldap-servers-2.4.19-15.el6_0.2.x86_64postfix-2.6.6-2.1.el6_0.x86_64mailscanner-4.84.3-1.noarchspamassassin-3.3.1-2.el6.x86_64centos 6 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux Here, I have a policy service in Postfix that checks the quota stored in MySQL and defers the message if it would put the email account over quota. If you have Dovecot deal with sending over quota messages, there is a risk. You may end up sending messages to forged email addresses within spam. That's why I do the quota checking from a policy service in Postfix and defer the message at SMTP time. From info at simonecaruso.com Fri Oct 21 15:15:31 2011 From: info at simonecaruso.com (Simone Caruso) Date: Fri, 21 Oct 2011 14:15:31 +0200 Subject: [Dovecot] Quota In-Reply-To: References: Message-ID: <4EA16263.3080806@simonecaruso.com> It's depends on the kind of quota u need: mailbox usage, messages size, message count per month /domain /user /server.. if u want to limit per user mailbox quota use dovecot's quota plugin.. -- Simone Caruso IT Consultant From CMarcus at Media-Brokers.com Fri Oct 21 15:51:44 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 21 Oct 2011 08:51:44 -0400 Subject: [Dovecot] Quota In-Reply-To: References: Message-ID: <4EA16AE0.90601@Media-Brokers.com> On 2011-10-21 6:43 AM, nuno marques wrote: > The system as a whole is composed of:dovecot-2.0-0.10.beta6.20100630.el6.x86_64 Fyi, this is really old, you should upgrade to the latest version... -- Best regards, Charles From nam_10 at hotmail.com Fri Oct 21 15:57:55 2011 From: nam_10 at hotmail.com (nuno marques) Date: Fri, 21 Oct 2011 12:57:55 +0000 Subject: [Dovecot] Quota In-Reply-To: <4EA16263.3080806@simonecaruso.com> References: , <4EA16263.3080806@simonecaruso.com> Message-ID: for mailbox usage. I have to use dovecot lda? dovecot-2.0-0.10.beta6.20100630.el6.x86_64 -> 2.0.beta6 (3156315704ef)openldap-servers-2.4.19-15.el6_0.2.x86_64postfix-2.6.6-2.1.el6_0.x86_64mailscanner-4.84.3-1.noarchspamassassin-3.3.1-2.el6.x86_64centos 6 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux > Date: Fri, 21 Oct 2011 14:15:31 +0200 > From: info at simonecaruso.com > To: dovecot at dovecot.org > Subject: Re: [Dovecot] Quota > > It's depends on the kind of quota u need: > mailbox usage, > messages size, > message count per month /domain /user /server.. > > if u want to limit per user mailbox quota use dovecot's quota plugin.. > > -- > Simone Caruso > IT Consultant From simon.brereton at buongiorno.com Fri Oct 21 17:12:48 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Fri, 21 Oct 2011 10:12:48 -0400 Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: On 20 October 2011 19:45, Jack Fredrikson wrote: > > ________________________________ > From: Simon Brereton > To: "dovecot at dovecot.org" > Sent: Thursday, October 20, 2011 7:07 PM > Subject: Re: [Dovecot] Don't Know Where Emails Are Or What's Happening > > First, I'm subscribing to postfix as per your recc and I upgraded my dovecot. What the heck was I doing with such an old version?! lol. My OS is CentOS. Well, unless the link I sent you helped you with the the table locking problem, ask over there for help on making sure that postfix is accepting and delivering mail. Or accepting at least. Did you plan on having postfix or dovecot do the delivery (using dovecot-lda)? >> At a minimum your daemons are running - congratulations!? That's >> always a good start and I remember when I was setting up the sense of >> achievement that brought. > > Uhuh! > >>? But for now you need to get postfix working >> (their list is great).? Perhaps if you give more details on your >> system I can point you to a better howto.? And maybe more information >> on what you're trying to achieve?? Virtual domain?? Virtual domains? >> Multiple users?? Local users?? All these have an impact on what the >> solution is. > > I have clients with their various domains hosted on my server to whom I need to serve email. There will only be me on a slice of one machine interfacing with dovecot/postfix. I have integrated/am integrating Amavis, ClamAV, Spamassassin, PostfixAdmin and SquirrelMail. Okay - fairly common setup. I don't use postfix-admin, but if that's what created your mysql tables that could also be a starting point to look for the table lock errors. Good luck! Simon From micah at riseup.net Fri Oct 21 17:50:50 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 21 Oct 2011 10:50:50 -0400 Subject: [Dovecot] Accessing a strange mailbox Message-ID: <8762jie6ut.fsf@algae.riseup.net> I have a user who has a mailbox called: A----->B It seemed to work in courier fine, they managed to create it, and there are mails in it. However, dovecot is not letting the user access it, the IMAP server gives an error. I tried to rename it but I would also get an error: # doveadm mailbox rename A-----\>B AtoB doveadm(root): Error: Can't rename mailbox A----->B to AtoB: Mailbox doesn't exist: A----->B # doveadm mailbox rename A----->B AtoB doveadm(root): Error: Can't rename mailbox A----- to AtoB: Mailbox doesn't exist: A----- # doveadm mailbox rename 'A----->B' AtoB doveadm(root): Error: Can't rename mailbox A----->B to AtoB: Mailbox doesn't exist: A----->B # doveadm mailbox rename "A----->B" AtoB doveadm(root): Error: Can't rename mailbox A----->B to AtoB: Mailbox doesn't exist: A----->B # How can I deal with this mailbox (using mdbox here)? Thanks! -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From jackfredrikson at yahoo.com Fri Oct 21 17:55:48 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Fri, 21 Oct 2011 07:55:48 -0700 (PDT) Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: <1319208948.73920.YahooMailNeo@web122003.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: "dovecot at dovecot.org" Sent: Friday, October 21, 2011 10:12 AM Subject: Re: [Dovecot] Don't Know Where Emails Are Or What's Happening > Well, unless the link I sent you helped you with the the table locking > problem, ask over there for help on making sure that postfix is > accepting and delivering mail.? Or accepting at least. Didn't help :( > Did you plan on having postfix or dovecot do the delivery (using dovecot-lda)? postfix as MTA, dovecot as MDA. Am I missing something here? > Okay - fairly common setup.? I don't use postfix-admin, but if that's > what created your mysql tables that could also be a starting point to > look for the table lock errors. Ok. Thanks, Jack From jackfredrikson at yahoo.com Fri Oct 21 18:00:21 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Fri, 21 Oct 2011 08:00:21 -0700 (PDT) Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: <1319209221.3750.YahooMailNeo@web122020.mail.ne1.yahoo.com> Wait a minute! PostfixAdmin has no problems with MySQL. They have a setup page that verifies the MySQL connection among other things, and everything checks out perfectly well. At any rate, Simon, am now communicating with the Postfix list as well ;) Thanks, Jack From hadmut at danisch.de Fri Oct 21 18:34:49 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Fri, 21 Oct 2011 17:34:49 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? Message-ID: <4EA19119.4020803@msgid.danisch.de> Hi, just a simple question about dovecot: The mbox file format contains the SMTP envelope sender and transmission date in a FROM ... line preceding the RFC822 mail header and body. As far as I see at the moment, the IMAP protocol does not support transmission of that SMTP envelope data in either way, but confusingly uses the term ?envelope? for a structure describing the RFC822 mail header. My question is, whether there is any way to retrieve the SMTP envelope through dovecot's IMAP anyway, maybe through some extension. regards Hadmut From simon.brereton at buongiorno.com Fri Oct 21 18:45:15 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Fri, 21 Oct 2011 11:45:15 -0400 Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: <1319208948.73920.YahooMailNeo@web122003.mail.ne1.yahoo.com> References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319208948.73920.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: On 21 October 2011 10:55, Jack Fredrikson wrote: > > > > ________________________________ > From: Simon Brereton > To: "dovecot at dovecot.org" > Sent: Friday, October 21, 2011 10:12 AM > Subject: Re: [Dovecot] Don't Know Where Emails Are Or What's Happening > >> Well, unless the link I sent you helped you with the the table locking >> problem, ask over there for help on making sure that postfix is >> accepting and delivering mail.? Or accepting at least. > > Didn't help :( > >> Did you plan on having postfix or dovecot do the delivery (using dovecot-lda)? > > postfix as MTA, dovecot as MDA. Am I missing something here? Are you using Maildir or mdbox format for the users? Postfix can write the mails into the Maildir, but so can Dovecot. So, if you're using maildir you can either have postfix put the mail there or you can hand it off to Dovecot and have Dovecot put it there.. But let's fix postfix first before you worry about that. Simon From npetronikolos at condito.gr Fri Oct 21 19:43:45 2011 From: npetronikolos at condito.gr (Nikolaos Petronikolos) Date: Fri, 21 Oct 2011 09:43:45 -0700 (PDT) Subject: [Dovecot] can not receive email upgrading from ubuntu 11.4 to 11.10 In-Reply-To: <4EA03ED0.4080400@ubuntu.com> References: <32681149.post@talk.nabble.com> <4EA03ED0.4080400@ubuntu.com> Message-ID: <32697735.post@talk.nabble.com> Thank you very much for your answer and for your time . of course it worked just fine the solution you proposed. thank you once more . Best regards Nikolaos James Page-4 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hi Nikolaos > > On 19/10/11 10:54, Nikolaos Petronikolos wrote: >> #5.3.0 x-unix; /usr/lib/dovecot/deliver: invalid option -- 'n' >> Usage: dovecot-lda [-c ] [-a
] [-d >> ] [-p ] [-f ] [-m ] [-e] >> [-k]> #SMTP# >> >> The problem occurred after i upgraded my server from ubuntu 11.4 to >> 11.10. > > 11.10 upgrades dovecot from 1.2.x to 2.0.x; as a result the -n flag is > no longer accepted by dovecot-lda; You can fix this by removing the -n > flag from the postfix configuration; > > sudo postconf -e "mailbox_command = /usr/lib/dovecot/deliver -c > /etc/dovecot/conf.d/01-mail-stack-delivery.conf -m \"\${EXTENSION}\"" > > This is a bug in the Ubuntu packaging; it would be great if you could > raise a bug in Ubuntu as well (I'll probably work on a stable release > update for this one): > > https://bugs.launchpad.net/ubuntu/+source/dovecot/+filebug > > Cheers > > James > > - -- > James Page > Ubuntu Core Developer > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQIcBAEBCAAGBQJOoD7QAAoJEL/srsug59jDHUcQAJfL4jU+wNMK22kYOCKsTRkr > eHBUZ0IQ1Yv2IscqRpW8WaAAg6r7tufMoodI/MY1N4w2FHfwJAAMiCfU/8gTyfHD > /FxwVH5Phk+InEYDEc7YMCdgTwh936yiOKkQjz65aGO3kUIg42QSNHOBq30L4VV7 > b4cnwIlwALjA/8U2HrZr6XHBwZ9YoyxoLY3m6R9MCcCNpEEUUh1tH4i2FuZYFHmJ > CokbWA2XHJCli4yZ5d+1JM3D0u/Sg2w1bczT3kkIE8HhGgOpCidbYRrOKTrHrFOl > 0GKvHQkxvosqfLt8rdrjJlhNlGjPdRdu22vsMy43rS80knN70ltyTH3K5kiW2q6/ > skqQjwgZ4y41sqsKq8WnuYuSfeH2TSrglzSXQ2W8vOOAJArqwLLst5E3+Ift3Pig > 0BhNlSyQyWhdE4TE9zbGnUPK8GLXLU82LcTegpz6d3mxAcCs7+SnNiYPnRrNxTA1 > YqqBdcAfCMeS5B3w5ZQRQDvKOIZOPqyIeZPX2g5bOM4ngDnZoJfIOf6RkBX/DPVw > UCgU1AjWWHtrcTby7h4s3xX+EaPUpEFj8eg30GW5exsSMM6ASuU+HtQpO3rEobDB > uG9AvHahf6Y9fAuSdxjcHQg6xyWDEYNaW3MNZauaD92IvaTP2uTyQvopk3ahyOWK > 7lpTV7qZ776fNbK5OYrX > =W3fO > -----END PGP SIGNATURE----- > > -- View this message in context: http://old.nabble.com/can-not-receive-email-upgrading-from-ubuntu-11.4-to-11.10-tp32681149p32697735.html Sent from the Dovecot mailing list archive at Nabble.com. From AnFi at onet.eu Fri Oct 21 20:53:11 2011 From: AnFi at onet.eu (Andrzej Adam Filip) Date: Fri, 21 Oct 2011 19:53:11 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <4EA19119.4020803@msgid.danisch.de> (Hadmut Danisch's message of "Fri, 21 Oct 2011 17:34:49 +0200") References: <4EA19119.4020803@msgid.danisch.de> Message-ID: Hadmut Danisch wrote: > just a simple question about dovecot: > > The mbox file format contains the SMTP envelope sender and transmission > date in a FROM ... line preceding the RFC822 mail header and body. > > As far as I see at the moment, the IMAP protocol does not support > transmission of that SMTP envelope data in either way, but confusingly > uses the term ?envelope? for a structure describing the RFC822 mail header. > > My question is, whether there is any way to retrieve the SMTP envelope > through dovecot's IMAP anyway, maybe through some extension. Almost all MTA copy "(SMTP) envelope sender" to Return-Path: header before delivery to the final mailbox. If you do not get Return-Path: header in messages delivered to your (dovecot) mailbox then name your MTA (exim/postfix/sendmail/.....). -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu You are absolute plate-glass. I see to the very back of your mind. -- Sherlock Holmes From dg at dguhl.org Fri Oct 21 21:02:41 2011 From: dg at dguhl.org (Dennis Guhl) Date: Fri, 21 Oct 2011 20:02:41 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <4EA19119.4020803@msgid.danisch.de> References: <4EA19119.4020803@msgid.danisch.de> Message-ID: <20111021180241.GA6924@PC211.ikt.de> On Fri, Oct 21, 2011 at 05:34:49PM +0200, Hadmut Danisch wrote: > Hi, > > just a simple question about dovecot: > > The mbox file format contains the SMTP envelope sender and transmission > date in a FROM ... line preceding the RFC822 mail header and body. The line 'From foo at bar [..]' is only a seperation for different emails in the mbox (in contrast, an RFC 822 From: is followed by a colon). > As far as I see at the moment, the IMAP protocol does not support > transmission of that SMTP envelope data in either way, but confusingly The SMTP envelope does only exist within the involved MTAs and only as long as the message is not finally delivered. And if the MTA does not reveal the value of MAIL FROM: there will only be the address from the Return-Path: or From: header fields to populate the From line. > uses the term ?envelope? for a structure describing the RFC822 mail header. > > My question is, whether there is any way to retrieve the SMTP envelope > through dovecot's IMAP anyway, maybe through some extension. Hardly. Even something like FETCH 1 (BODY[HEADER.FIELDS (FROM)]) would not reveal the mbox message seperator but the RFC 822 From: header. Dennis From peter at norrskenkonsult.com Fri Oct 21 21:27:33 2011 From: peter at norrskenkonsult.com (Peter Lindgren) Date: Fri, 21 Oct 2011 20:27:33 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4E9EED12.8040409@rename-it.nl> References: <4E9EDAC1.4000602@jkart.de> <4E9EED12.8040409@rename-it.nl> Message-ID: <4EA1B995.8040605@norrskenkonsult.com> Stephan Bosch skrev 2011-10-19 17:30: > Op 19-10-2011 16:12, Jim Knuth schreef: >> Hello, >> >> is http://xi.rename-it.nl down? Apticron >> shows me permanently errors. > > Yes. I noticed this yesterday. For cases like this, http://www.downforeveryoneorjustme.com/ is a quick and easy test. /Peter -- Peter Lindgren Norrsken konsult peter at norrskenkonsult.com 0703-393940 From hadmut at danisch.de Sat Oct 22 01:00:34 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 00:00:34 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <20111021180241.GA6924@PC211.ikt.de> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> Message-ID: <4EA1EB82.10807@msgid.danisch.de> On 21.10.2011 20:02, Dennis Guhl wrote: > The SMTP envelope does only exist within the involved MTAs and only as > long as the message is not finally delivered. The intended use is to create a backup from a mailbox through IMAP, which is as close as possible to the original mbox file, thus resembling the FROM lines as well. The envelope sender address does not drop it's meaning after delivery. It's required for debugging purposes, writing mail filters, create blacklist filters from detected spam, etc. regards From nam_10 at hotmail.com Sat Oct 22 02:09:10 2011 From: nam_10 at hotmail.com (nuno marques) Date: Fri, 21 Oct 2011 23:09:10 +0000 Subject: [Dovecot] Quota fs Message-ID: Hi, I have the following error, any help? imap(user4): Error: quotactl(Q_GETQUOTA, /dev/mapper/VolGroup-lv_root) failed: Permission denied The system as a whole is composed of: dovecot-2.0.14-1_130.el6.x86_64 openldap-servers-2.4.19-15.el6_0.2.x86_64 postfix-2.6.6-2.1.el6_0.x86_64 mailscanner-4.84.3-1.noarch spamassassin-3.3.1-2.el6.x86_64 centos 6 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) auth_username_format = %Lu disable_plaintext_auth = no mail_location = maildir:~/Maildir mail_plugins = " quota" mbox_write_locks = fcntl passdb { driver = pam } plugin { quota = fs:User quota quota_rule = *:storage=10M quota_rule2 = Trash:storage=+1M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=10%% quota-warning 10 %u } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl_cert = References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> Message-ID: <20111022081510.GA26132@laptop-dg.leere.eu> On Sat, Oct 22, 2011 at 12:00:34AM +0200, Hadmut Danisch wrote: > On 21.10.2011 20:02, Dennis Guhl wrote: > > The SMTP envelope does only exist within the involved MTAs and only as > > long as the message is not finally delivered. > > The intended use is to create a backup from a mailbox through IMAP, > which is as close as possible to the original mbox file, thus resembling > the FROM lines as well. I don't think it will be possible. The tool for this would be rsync (wich might be difficult if you only have IMAP access to the machine in question). > The envelope sender address does not drop it's meaning after delivery. This I never claimed. > It's required for debugging purposes, writing mail filters, create > blacklist filters from detected spam, etc. Disregarding end users mail filters this are all tasks for mailadmins which can tell thier MTA to write a reliable Return-Path: header and which have access to the corresponding maillog. Dennis From hadmut at danisch.de Sat Oct 22 12:09:28 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 11:09:28 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <20111022081510.GA26132@laptop-dg.leere.eu> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> Message-ID: <4EA28848.6070303@msgid.danisch.de> On 22.10.2011 10:15, Dennis Guhl wrote: >> It's required for debugging purposes, writing mail filters, create >> > blacklist filters from detected spam, etc. > Disregarding end users mail filters this are all tasks for mailadmins > which can tell thier MTA to write a reliable Return-Path: header and > which have access to the corresponding maillog. Definitely wrong. Writing mail filters like ~/.mailfilter is a user's task. Training their individual spam filters as well. And whether you're even permitted to keep the maillog that long depends on your local data protection laws. And neither the Return-Path nor the Received-Lines reveal the precise date of delivery as the From line contains. regards Hadmut From nam_10 at hotmail.com Sat Oct 22 12:18:27 2011 From: nam_10 at hotmail.com (nuno marques) Date: Sat, 22 Oct 2011 09:18:27 +0000 Subject: [Dovecot] Quota warning Message-ID: Hi, I cant run quota warning or other script. any suggestions? Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Effective uid=1002, gid=1002, home=/home/user4 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota root: name=User quota backend=maildir args= Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota rule: root=User quota mailbox=* bytes=10485760 messages=0 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota rule: root=User quota mailbox=Trash bytes=+1048576 messages=0 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota warning: bytes=9961472 (95%) messages=0 reverse=no command=script /etc/dovecot/conf.d/teste 95 user4 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota warning: bytes=8388608 (80%) messages=0 reverse=no command=script /etc/dovecot/conf.d/teste 80 user4 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota warning: bytes=7340032 (70%) messages=0 reverse=no command=script /etc/dovecot/conf.d/teste 70 user4 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: maildir++: root=/home/user4/Maildir, index=, control=, inbox=/home/user4/Maildir, alt= # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) auth_debug = yes auth_debug_passwords = yes auth_username_format = %Lu auth_verbose = yes disable_plaintext_auth = no mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = " quota" mbox_write_locks = fcntl passdb { driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid from subject size vsize flags quota = maildir:User quota quota_exceeded_message = Quota exceeded!!!!!!!!!!!!!! quota_rule = *:storage=10M quota_rule2 = Trash:storage=+1M quota_warning = storage=95%% script /etc/dovecot/conf.d/teste 95 %u quota_warning2 = storage=80%% script /etc/dovecot/conf.d/teste 80 %u quota_warning3 = storage=70%% script /etc/dovecot/conf.d/teste 70 %u } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl_cert = References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> Message-ID: <20111022111406.GA3061@laptop-dg.leere.eu> On Sat, Oct 22, 2011 at 11:09:28AM +0200, Hadmut Danisch wrote: > On 22.10.2011 10:15, Dennis Guhl wrote: > >> It's required for debugging purposes, writing mail filters, create > >> > blacklist filters from detected spam, etc. > > Disregarding end users mail filters this are all tasks for mailadmins ^^^^^^^^^^^^^^^^^^^^^^^ > > which can tell thier MTA to write a reliable Return-Path: header and > > which have access to the corresponding maillog. > > Definitely wrong. > > Writing mail filters like ~/.mailfilter is a user's task. Training their > individual spam filters as well. . o O ( at least he didn't truncate the relevant quote this time ) > And whether you're even permitted to keep the maillog that long depends > on your local data protection laws. How long do you think a responsible mailadmin need to train filter. Btw. even here in Germany, where we most likely have the most restrictive laws regarding the protection of personal data, I am allowed to keep the maillog as long as I can show that the log is needed to satisfy user requests. > And neither the Return-Path nor the Received-Lines reveal the precise > date of delivery as the From line contains. Nonsense. Every RFC conformant received line contains the full date-time as specified in RFC 5322. Nothing else is taken into account for the mbox >From line. Dennis From hadmut at danisch.de Sat Oct 22 19:36:26 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 18:36:26 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <20111022111406.GA3061@laptop-dg.leere.eu> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> Message-ID: <4EA2F10A.801@msgid.danisch.de> I don't believe it does make much sense to ask technical questions if this ends in silly discussions about whether an admin should do something this or that way or how long logfiles should be kept. This is not related to the technical question anymore and completely useless. I was looking for a simple yes or no, not for fruitless debates. I hate it if one is asking a pure technical question and in response gets lessons in what people consider as a correct behaviour. From mcbdovecot at robuust.nl Sat Oct 22 19:56:31 2011 From: mcbdovecot at robuust.nl (Maarten Bezemer) Date: Sat, 22 Oct 2011 18:56:31 +0200 (CEST) Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <4EA2F10A.801@msgid.danisch.de> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> <4EA2F10A.801@msgid.danisch.de> Message-ID: On Sat, 22 Oct 2011, Hadmut Danisch wrote: > I don't believe it does make much sense to ask technical questions if > this ends in silly discussions about whether an admin should do > something this or that way or how long logfiles should be kept. This is > not related to the technical question anymore and completely useless. > > I was looking for a simple yes or no, not for fruitless debates. > > I hate it if one is asking a pure technical question and in response > gets lessons in what people consider as a correct behaviour. This is a generic problem with technicians, always having tons of arguments to support their statements ;-) On the other hand, the question was a bit broad as a starting point. The SMTP envelope is nothing more than SMTP protocol and is not in itself part of the email format RFC. If you want to have this information saved in the email message, then it is the task of the SMTP-server to add this in the headers of the message. (Hardly parseable in Received headers, probably better when also included in things like Return-path, Delivery-date and Envelope-to.) Whether or not one should apply any filtering, or when, or where, may be related to this topic but I'd say that's the freedom of the user. Or, the arbitrary choice of some manager ;-) Just my 2 cents.. -- Maarten From hadmut at danisch.de Sat Oct 22 20:13:51 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 19:13:51 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> <4EA2F10A.801@msgid.danisch.de> Message-ID: <4EA2F9CF.4010503@msgid.danisch.de> On 22.10.2011 18:56, Maarten Bezemer wrote: > On the other hand, the question was a bit broad as a starting point. > The SMTP envelope is nothing more than SMTP protocol and is not in > itself part of the email format RFC. If you want to have this > information saved in the email message, then it is the task of the > SMTP-server to add this in the headers of the message. (Hardly > parseable in Received headers, probably better when also included in > things like Return-path, Delivery-date and Envelope-to.) > Whether or not one should apply any filtering, or when, or where, may > be related to this topic but I'd say that's the freedom of the user. > Or, the arbitrary choice of some manager ;-) Again, this discussion is nuts. If this is supposed to be some support mailing list (as the dovecot web page suggests) people should take care to focus on the question rather than taking a question as an opportunity for telling their individual opinion. The main question is whether I can draw a precise copy of a mailfolder through IMAP without any loss of data. It does not make any sense to discuss what that information could be used for, especially nobody on that list is familiar with the local requirements I have to fulfill. (BTW, I am familiar with the SMTP envelope, I was working more than two years at the IRTF and IETF about treatment of the SMTP envelope, and doing mail system administration since around 1989. I don't need any introduction or further discussion about that.) Please understand that I do not want to waste any more time in this discussion that completely misses the point and the initial question. From ms at mike2k.de Sat Oct 22 20:42:22 2011 From: ms at mike2k.de (Michael Stilkerich) Date: Sat, 22 Oct 2011 19:42:22 +0200 Subject: [Dovecot] setacl fails - does not find dovecot-acl file In-Reply-To: <4EA2C213.7030204@mike2k.de> References: <4EA2C213.7030204@mike2k.de> Message-ID: <4EA3007E.1030507@mike2k.de> Hi again, On 22.10.2011 15:16, Michael Stilkerich wrote: > When I try to create an ACL in a telnet session, the command fails with > an internal error. The log shows: > > dovecot: imap(michael): Error: > fstat(/home/dovecot/michael/.test/dovecot-acl.lock) failed: No such file > or directory > dovecot: imap(michael): Error: > file_dotlock_open(/home/dovecot/michael/.test/dovecot-acl) failed: No > such file or directory I found that the problem seems to be the try_create_lock_hardlink() function, which is used to create the lock file. I don't now why it doesn't work, but if I modify the code of dotlock_create() to always use try_create_lock_excl() instead ignoring the setting of use_excl_lock in the dotlock_settings structure, it works just fine for me. I noticed in the log that the issue not only occurs with the dovecot-acl files but with other files, too, namely the dovecot.index.log and my acl_shared_dict file. Looking at the static dotlock_settings structure in the acl-file backend, I don't see how its use_excl_lock could possible be set to 1 by the configuration (i.e., it doesn't seem that the dotlock_use_excl configuration option is considered). For the maildirlock, an environment variable "DOTLOCK_USE_EXCL" is checked instead of the config setting. I'm not sure whether it is intentional that the hardlink variant is generally used in these cases. -Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4480 bytes Desc: S/MIME Cryptographic Signature URL: From mcbdovecot at robuust.nl Sat Oct 22 20:56:14 2011 From: mcbdovecot at robuust.nl (Maarten Bezemer) Date: Sat, 22 Oct 2011 19:56:14 +0200 (CEST) Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <4EA2F9CF.4010503@msgid.danisch.de> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> <4EA2F10A.801@msgid.danisch.de> <4EA2F9CF.4010503@msgid.danisch.de> Message-ID: On Sat, 22 Oct 2011, Hadmut Danisch wrote: > Again, this discussion is nuts. If this is supposed to be some support > mailing list (as the dovecot web page suggests) people should take care > to focus on the question rather than taking a question as an opportunity > for telling their individual opinion. > > > The main question is whether I can draw a precise copy of a mailfolder > through IMAP without any loss of data. My last reply to this thread, then. The answer to your main question would be 'yes', since Dovecot's IMAP interface supports retrieving the entire email message including all its meta-data (aka headers or envelope). The mbox from-line, not to be confused with the From: header, is simply not part of the email message but used only as a separator. Heck, it need not even contain valid information, but only proper formatting to satisfy picky/"smart" MUA's. Usually, it conveniently does carry some useful information, but e.g. when the SMTP envelope-from is '<>' then the mbox from-line usually contains something like MAILER-DAEMON to stay within the formatting specification. So, instead of blaming others of derailing a discussion and/or not simply answering a question, it might be an equally good idea to think twice about how you asked the question. I'm actually happy that 'simple' questions are handled the way they are. Most people do not want an answer to the question they asked, but want a solution to their problem. Which they may have described in the question but often is left as an exercise for the reader. ;-) But then again, I'm a technician, not a shrink, so my apologies for being so unfriendly... -- Maarten From hadmut at danisch.de Sat Oct 22 21:15:01 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 20:15:01 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> <4EA2F10A.801@msgid.danisch.de> <4EA2F9CF.4010503@msgid.danisch.de> Message-ID: <4EA30825.9050106@msgid.danisch.de> > The mbox from-line, not to be confused with the From: header, is > simply not part of the email message but used only as a separator. > Heck, it need not even contain valid information, but only proper > formatting to satisfy picky/"smart" MUA's. Usually, it conveniently > does carry some useful information, but e.g. when the SMTP > envelope-from is '<>' then the mbox from-line usually contains > something like MAILER-DAEMON to stay within the formatting specification. Once again: I've never asked for an explanation about what that From-Line is. I did not ask whether it contains useful information either. I've asked whether dovecot allows to retrieve it over IMAP. Why is it impossible for you to understand the question before answering? > Most people do not want an answer to the question they asked, but want > a solution to their problem. I did not ask for a solution of a problem, either. I've asked for a precise answer exactly to the question I've asked. That's why you fail to focus on the question and to answer it. Because you want to sell your solution for what you believe the problem is - or what you like it to be. But your assumption about the problem is completely wrong. So is your answer. Stop obtruding solutions that nobody has asked for. From jackfredrikson at yahoo.com Sat Oct 22 22:13:53 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Sat, 22 Oct 2011 12:13:53 -0700 (PDT) Subject: [Dovecot] First Installation, Problems... Message-ID: <1319310833.73697.YahooMailNeo@web122011.mail.ne1.yahoo.com> Hi; [root at example jack]# /usr/local/sbin/dovecot --version 2.0.15 [root at example jack]# /usr/local/bin/doveconf -n # 2.0.15: /usr/local/etc/dovecot/dovecot.conf doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: imap_client_workarounds=outlook-idle is no longer necessary doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:21: passdb sql {} has been replaced by passdb { driver=sql } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:24: userdb sql {} has been replaced by userdb { driver=sql } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:27: userdb prefetch {} has been replaced by userdb { driver=prefetch } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:29: auth_user has been replaced by service auth { user } # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.4 (Final) vzfs auth_mechanisms = plain login mail_location = maildir:/var/vmail/%d/%u passdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } plugin { ? quota = maildir:storage=10240:messages=1000 ? trash = /usr/local/etc/dovecot/trash.conf } service auth { ? unix_listener /var/run/dovecot/auth-master { ??? group = mail ??? mode = 0660 ??? user = vmail ? } ? unix_listener /var/spool/postfix/private/auth { ??? group = mail ??? mode = 0660 ??? user = postfix ? } ? user = nobody } ssl = no userdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } userdb { ? driver = prefetch } protocol imap { ? imap_client_workarounds = delay-newmail ? mail_plugins = quota imap_quota } protocol pop3 { ? mail_plugins = quota ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { ? info_log_path = /var/log/dovecot-deliver.log ? log_path = /var/log/dovecot-deliver.log ? mail_plugins = quota ? postmaster_address = postmaster at creative.vi } It appears that I have postfix at least partially working: postfix/pipe[5280]: 9FDE0579012F: to=, relay=spamfilter, delay=6, delays=3/0.01/0/3, dsn=2.0.0, status=sent (delivered via spamfilter service) I don't know where it ended up :-} There's nothing in /var/vmail, the dovecot destination. This is true even before I set the postfix content_filter to spamassassin (when it said "delivered to Maildir" or some such). Please advise. TIA, Jack From gordon.grubert+lists at uni-greifswald.de Sat Oct 22 22:21:25 2011 From: gordon.grubert+lists at uni-greifswald.de (Gordon Grubert) Date: Sat, 22 Oct 2011 21:21:25 +0200 Subject: [Dovecot] Dovecot crashes totally Message-ID: <4EA317B5.3090209@uni-greifswald.de> Hello, our dovecot server crashes totally without any really useful log messages. The error log can be found in the attachment. The only way to get dovecot running again is a complete system restart. Dovecot version: 2:2.0.15-0~auto+5 (2.0.15 (6b7242ead6ed)) Configuration : see attachment OS : Debian Squeeze amd64 Dovecot source : http://xi.rename-it.nl/debian/ \ stable-auto/dovecot-2.0 main This problem has already occurred with the version 2.0.13 where the log says as few as the current logs :-( Best regards, Gordon -- Leiter AG Technische Infrastruktur und Basisdienste Universitaetsrechenzentrum (URZ) E.-M.-Arndt-Universitaet Greifswald Felix-Hausdorff-Str. 12 17489 Greifswald Germany Tel. +49 3834 86-1456 Fax. +49 3834 86-1401 -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: dovecot_nondefault.conf URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: mail.err URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5396 bytes Desc: S/MIME Cryptographic Signature URL: From ms at mike2k.de Sat Oct 22 16:16:03 2011 From: ms at mike2k.de (Michael Stilkerich) Date: Sat, 22 Oct 2011 15:16:03 +0200 Subject: [Dovecot] setacl fails - does not find dovecot-acl file Message-ID: <4EA2C213.7030204@mike2k.de> Hi, I'm using dovecot 2.0.13 that ships with Ubuntu 11.10. I tried setting up a shared namespace as documented in the wiki to enable the sharing of a mailbox between two users. I have a Maildir(++) directory for each user. Each user has a system account. The Maildir of each user is owned by the user's system account and group read/writable by the group mail (hence mail_access_groups=mail). Relevant parts of my config: mail_plugins = acl mail_location = maildir:/home/dovecot/%u mail_access_groups = mail namespace { type = private separator = / prefix = inbox = yes hidden = no subscriptions = yes } namespace { type = shared separator = / prefix = shared/%%u/ location = maildir:/home/dovecot/%%u:INDEX=/home/dovecot/%u/shared/%%u subscriptions = no list = children } protocol imap { mail_plugins = $mail_plugins imap_acl } plugin { acl = vfile } plugin { acl_shared_dict = file:/home/dovecot/shared-mailboxes } When I try to create an ACL in a telnet session, the command fails with an internal error. The log shows: dovecot: imap(michael): Error: fstat(/home/dovecot/michael/.test/dovecot-acl.lock) failed: No such file or directory dovecot: imap(michael): Error: file_dotlock_open(/home/dovecot/michael/.test/dovecot-acl) failed: No such file or directory The error occurs whether a (manually created) dovecot-acl file exists or not. The dovecot-acl.lock file is created by not removed afterwards. Subsequent setacl commands will timeout waiting for the lock to be released until I delete it manually. If I create the dovecot-acl file manually and provide access to another user, the getacl command will correctly show the permissions and the other user can access the folder. setacl will still fail to modify the acl file, however (same error). Another thing that irritates me is that dovecot seems to use the dotlock locking method, although I explicitly set lock_method to fcntl (also tried flock, same behavior). I'm not using chroot. I appreciate any help to get this sorted out. Thanks, Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4480 bytes Desc: S/MIME Cryptographic Signature URL: From stsiol at yahoo.co.uk Sat Oct 22 23:43:54 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Sat, 22 Oct 2011 21:43:54 +0100 (BST) Subject: [Dovecot] off topic question Message-ID: <1319316234.77044.YahooMailNeo@web27208.mail.ukl.yahoo.com> ? Hello list, Is anybody out there who knows of an MTA that can do LDAP writes ? I apologize for bringing this to the list, however, I did some googling and cannot find any answer to this. Thank you all, spyros ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From jackfredrikson at yahoo.com Sun Oct 23 03:57:25 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Sat, 22 Oct 2011 17:57:25 -0700 (PDT) Subject: [Dovecot] Temporary Failures Message-ID: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> Hi; I keep getting errors like this one: Oct 22 16:51:08 example postfix/pipe[12021]: C2F705790169: to=, relay=dovecot, delay=2.1, delays=2/0.01/0/0.08, dsn=4.3.0, status=deferred (temporary failure. Command output: doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: imap_client_workarounds=outlook-idle is no longer necessary doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:19: passdb pam {} has been replaced by passdb { driver=pam } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:21: userdb passwd {} has been replaced by userdb { driver=passwd } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:23: auth_user has been replaced by service auth { user } doveconf: Why don't they get delivered? Also, I've tried to follow the advice in the warnings and it never works. I've tried the doveconf -n > dovcot-new.conf command and the same conf file I've been using pops up. Can someone post some code that reflects how the new conf file should look? TIA, Jack From stsiol at yahoo.co.uk Sun Oct 23 11:40:18 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Sun, 23 Oct 2011 09:40:18 +0100 (BST) Subject: [Dovecot] off topic question, ammended Message-ID: <1319359218.75025.YahooMailNeo@web27202.mail.ukl.yahoo.com> Sorry chaps, I meant MUA not MTA. I am trying to find a mail reader doing LDAP writes. Regards, s. ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From simon.brereton at buongiorno.com Sun Oct 23 21:41:20 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Sun, 23 Oct 2011 14:41:20 -0400 Subject: [Dovecot] Temporary Failures In-Reply-To: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> References: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> Message-ID: On 22 October 2011 20:57, Jack Fredrikson wrote: > Hi; > I keep getting errors like this one: > > Oct 22 16:51:08 example postfix/pipe[12021]: C2F705790169: to=, relay=dovecot, delay=2.1, delays=2/0.01/0/0.08, dsn=4.3.0, status=deferred (temporary failure. Command output: doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: imap_client_workarounds=outlook-idle is no longer necessary doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:19: passdb pam {} has been replaced by passdb { driver=pam } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:21: userdb passwd {} has been replaced by userdb { driver=passwd } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:23: auth_user has > ?been replaced by service auth { user } doveconf: > > > Why don't they get delivered? Also, I've tried to follow the advice in the warnings and it never works. I've tried the doveconf -n > dovcot-new.conf command and the same conf file I've been using pops up. Can someone post some code that reflects how the new conf file should look? What version of dovecot are you currently using? Can you post this file? /usr/local/etc/dovecot/dovecot.conf Simon From jackfredrikson at yahoo.com Sun Oct 23 22:20:58 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Sun, 23 Oct 2011 12:20:58 -0700 (PDT) Subject: [Dovecot] Temporary Failures In-Reply-To: References: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> Message-ID: <1319397658.61351.YahooMailNeo@web122020.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: Jack Fredrikson Cc: "dovecot at dovecot.org" Sent: Sunday, October 23, 2011 2:41 PM Subject: Re: [Dovecot] Temporary Failures First up, apologies for double-posting. I actually posted this last one yesterday and the other one this afternoon. Someone suggested I use the dovecot-new.conf file. If you've ever opened that up, everything's commented out and it only publishes the defaults anyway! Basically worthless if you're doing anything sophisticated, which includes pretty much anything :) > What version of dovecot are you currently using?? 2.0.15 > Can you post this file? > /usr/local/etc/dovecot/dovecot.conf mail_location = maildir:/var/vmail/%d/%u maildir_copy_with_hardlinks = yes protocol imap { ? mail_plugins = quota imap_quota #? imap_client_workarounds = outlook-idle delay-newmail } protocol pop3 { ? mail_plugins = quota ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { ? postmaster_address = postmaster at creative.vi ? mail_plugins = quota ? log_path = /var/log/dovecot-deliver.log ? info_log_path = /var/log/dovecot-deliver.log } auth default { ??? mechanisms = plain login ??? passdb pam { ??? } ??? userdb passwd { ??? } ??? user = root ??? socket listen { ????? client { ??????? path = /var/spool/postfix/private/auth ??????? mode = 0660 ??????? user = postfix ??????? group = postfix ????? } ??? } } dict { } plugin { ? quota = maildir:storage=10240:messages=1000 #? acl = vfile:/usr/local/etc/dovecot/acls ? trash = /usr/local/etc/dovecot/trash.conf } protocols = imap pop3 disable_plaintext_auth = yes ssl = yes #ssl_disable = no ssl_cert = References: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> Message-ID: <1319397868.43382.YahooMailNeo@web122002.mail.ne1.yahoo.com> This is *only* a PS to my last response (e.g., please be sure to read last response). Rob0 stated I should be using dovecot-lda. After running in circles it appears that dovecot-lda is incorporated into dovecot proper any more and I've duly incorporated it into my dovecot.conf file. Jack From nam_10 at hotmail.com Sun Oct 23 22:39:33 2011 From: nam_10 at hotmail.com (nuno marques) Date: Sun, 23 Oct 2011 19:39:33 +0000 Subject: [Dovecot] execute command in quota warning Message-ID: hi, I cant run any script in "quota_warning = storage=95%% quota-warning 95 %u". Any ideia? Thanks # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) auth_debug = yes auth_debug_passwords = yes auth_username_format = %Lu auth_verbose = yes disable_plaintext_auth = no mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = " quota" mbox_write_locks = fcntl passdb { driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid from subject size vsize flags quota = maildir:User quota quota_exceeded_message = Quota exceeded, please go to http://www.example.com/over_quota_help for instructions on how to fix this. quota_rule = fs:storage=+10M quota_rule2 = Trash:ignore quota_rule3 = SPAM:ignore quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=50%% quota-warning 50 %u } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { group = root mode = 0666 user = root } user = root } ssl_cert = Hi, I'm searching, but not found nothing about using userb with NoSQL databases: http://wiki2.dovecot.org/UserDatabase Are there any plans to implement this option? Thanks From lists at wilkesley.net Mon Oct 24 13:00:59 2011 From: lists at wilkesley.net (Ian Barton) Date: Mon, 24 Oct 2011 11:00:59 +0100 Subject: [Dovecot] sieve-pipe Error Message-ID: <4EA5375B.2060101@wilkesley.net> I am using Dovecot 2.0.15 on Arch. I have cloned the hg repo and compiled the plugin using the following options: ./configure --with-dovecot=/usr/lib/dovecot --with-pigeonhole=/usr/include/dovecot/sieve/ The relevant section of my dovecot.conf looks like: plugin { sieve = ~/.dovecot.sieve sieve_global_path = /home/vmail/globalsieverc sieve_dir = ~/ sieve_plugins = sieve_pipe # This directory contains the scripts that are available. sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe } When I restart Dovecot I get the following error: ian:dovecot/ $ sudo rc.d restart dovecot [10:50:53] :: Stopping dovecot daemon [DONE] :: Starting dovecot daemon [BUSY] managesieve: Fatal: opendir(/usr/lib/dovecot/modules/sieve) failed: No such file or directory doveconf: Error: managesieve-login: dump-capability process returned 89 Ian. From stephan at rename-it.nl Mon Oct 24 13:10:38 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 24 Oct 2011 12:10:38 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4E9EED12.8040409@rename-it.nl> References: <4E9EDAC1.4000602@jkart.de> <4E9EED12.8040409@rename-it.nl> Message-ID: <4EA5399E.9070205@rename-it.nl> Op 19-10-2011 17:30, Stephan Bosch schreef: > Op 19-10-2011 16:12, Jim Knuth schreef: >> Hello, >> >> is http://xi.rename-it.nl down? Apticron >> shows me permanently errors. > > Yes. I noticed this yesterday. > > This is a recurring problem for some reason, probably some Xen-related > issue. Every few months it just 'goes away' without any apparent > reason. Unfortunately, I cannot restart the Xi myself at the moment > and the person who can is currently involved in solving another IT > calamity of a different magnitude. I think it can take up to a day for > this system to come back online. This is probably going to take more time. Administrator is having issues that prove to be harder to solve than expected. Regards, Stephan. From jk at jkart.de Mon Oct 24 13:43:06 2011 From: jk at jkart.de (Jim Knuth) Date: Mon, 24 Oct 2011 12:43:06 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4EA5399E.9070205@rename-it.nl> References: <4E9EDAC1.4000602@jkart.de> <4E9EED12.8040409@rename-it.nl> <4EA5399E.9070205@rename-it.nl> Message-ID: <4EA5413A.40400@jkart.de> am 24.10.11 12:10 schrieb Stephan Bosch : > This is probably going to take more time. Administrator is having > issues that prove to be harder to solve than expected. > > Regards, > > Stephan. thank you, but :-/ -- Mit freundlichen Gr??en, with kind regards, Jim Knuth --------- Man soll Denken lehren, nicht Gedachtes. (Unknown) From wgillespie+dovecot at es2eng.com Mon Oct 24 20:38:28 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Mon, 24 Oct 2011 11:38:28 -0600 Subject: [Dovecot] userdb with NoSQL database In-Reply-To: References: Message-ID: <4EA5A294.6050705@es2eng.com> On 10/24/2011 3:16 AM, Francisco Wagner C. Freire wrote: > Hi, > > I'm searching, but not found nothing about using userb with NoSQL databases: > http://wiki2.dovecot.org/UserDatabase > Are there any plans to implement this option? There was some talk on the list around February 8th, but that's the last I've seen mention of it. From dswartz at druber.com Mon Oct 24 20:52:33 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Mon, 24 Oct 2011 13:52:33 -0400 Subject: [Dovecot] Expire plugin not executing for sieve plugin? In-Reply-To: <4EA03F1C.5010500@druber.com> References: <4EA03F1C.5010500@druber.com> Message-ID: <4EA5A5E1.3000202@druber.com> No ideas? I googled some more and eventually turned up this posting: http://www.mailinglistarchive.com/html/dovecot at dovecot.org/2011-01/msg00716.html guy seems to be having the exact problem I am, unfortunately, no-one replied to his post either :( From pgnet.dev+rich-dovecot at gmail.com Mon Oct 24 21:14:25 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Mon, 24 Oct 2011 11:14:25 -0700 Subject: [Dovecot] [bug] Changing dovecot 'quota' Value incorrectly overwrites Limit with same value Message-ID: I'm able to consistently reproduce this problem/behavior, but not workaround or fix it, yet. Rich On Wed, Oct 19, 2011 at 7:41 AM, Rich wrote: > I've made some progress, but quota 'Limit' is still not fully > functioning for me. > > A couple of changes have helped: > > Specifying a "%u% as username format, > > ? ? ? ?/etc/dovecot/conf.d/90-quota.conf > ? ? ? ? ? ? ? ?plugin { > - ? ? ? ? ? ? ? ? ? ? ? quota = dict:User Quota::proxy::quota > + ? ? ? ? ? ? ? ? ? ? ? quota = dict:User Quota:%u:proxy::quota > ? ? ? ? ? ? ? ? ? ? ? ?quota_rule = *:bytes=1073741824:messages=10000 > ? ? ? ? ? ? ? ? ? ? ? ?quota_rule2 = Trash:storage=+10%% > ? ? ? ? ? ? ? ?} > > using 'username' rather than 'user' in the user iteration query > > ? ? ? ?/etc/dovecot/sql/virtmail-userdb-sql.cf > ? ? ? ? ? ? ? ?driver = mysql > ? ? ? ? ? ? ? ?connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user > password=my_pass > ? ? ? ? ? ? ? ?user_query = CALL UserDBQuery('%n','%d'); > - ? ? ? ? ? ? ? iterate_query = SELECT `MAILBOX_user_domain` AS user FROM `PARAMS`; > + ? ? ? ? ? ? ? iterate_query = SELECT `MAILBOX_user_domain` AS username FROM `PARAMS`; > > and adding to my user_query, > > ? ? ? ?CREATE PROCEDURE `UserDBQuery`( > ? ? ? ? ? ? ? ?... > ? ? ? ? ? ? ? ?SELECT ... > ? ? ? ? ? ? ? ? ?concat('*:bytes=', quota_bytes, ':messages=10000') AS quota_rule, > ? ? ? ? ? ? ? ? ?... > > Now, at init, > > ? ? ? ?doveadm quota get -A > ? ? ? ? ? ? ? ?Username ? ? ? ? ? ? ? ?Quota name ? ? ?Type ? ? ? ? ? ?Value ? Limit ? % > ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 > ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 > ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 > ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 > > ? ? ? ?mysql> select * from PARAMS; > ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ > ? ? ? ? ? ? ? ?| ai | MAILBOX_user_domain ? ?| quota_bytes | quota_msgs | > ? ? ? ? ? ? ? ?+----+------------------------+-------------+------------+ > ? ? ? ? ? ? ? ?| ?1 | ?myuser at domain1.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | > ? ? ? ? ? ? ? ?| ?2 | ?myuser at domain2.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | > ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ > ? ? ? ? ? ? ? ?2 rows in set (0.00 sec) > > and, after sending a single message to 'myuser at domain1.com', I do see > that Dovecot now recognizes/calculates a quota change, and only for > one domain, > > ? ? ? ?doveadm quota get -A > ? ? ? ? ? ? ? ?Username ? ? ? ? ? ? ? ?Quota name ? ? ?Type ? ? ? ? ? ?Value ? Limit ? % > ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 3 ? ? ? 3 ? ? ? 100 > ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 1 ? ? ? 10000 ? 0 > ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 > ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 > > ? ? ? ?mysql> select * from PARAMS; > ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ > ? ? ? ? ? ? ? ?| ai | MAILBOX_user_domain ? ?| quota_bytes | quota_msgs | > ? ? ? ? ? ? ? ?+----+------------------------+-------------+------------+ > ? ? ? ? ? ? ? ?| ?1 | ?myuser at domain1.com ? ?| ? ? ? ?3269 | ? ? ? ? ?1 | > ? ? ? ? ? ? ? ?| ?2 | ?myuser at domain2.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | > ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ > ? ? ? ? ? ? ? ?2 rows in set (0.00 sec) > > > But, the Limit's wrong. ?It's not picking up the global Limit from > > ? ? ? ?/etc/dovecot/conf.d/90-quota.conf > ? ? ? ? ? ? ? ?... > --> ? ? ? ? ? ? quota_rule = *:bytes=1073741824:messages=10000 > ? ? ? ? ? ? ? ?... > > and once a message quota Value is calculated, the Limit is set == > Value, resulting in an incorrrect quota %-age of 100%. > > Is Limit supposed to be specified per-user? > > Rich > From jackfredrikson at yahoo.com Mon Oct 24 22:00:54 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 12:00:54 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem Message-ID: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> Hi; This is my 6th day installing my first Postfix/Dovecot installation. The Postfix mailing list indicates I've got the MTA under control so now I'm seeking your help with the MDA. I get these errors with legitimate email addresses: Oct 24 11:47:38 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 25 seconds before retry Now I've logged in myself: mysql -u dovecot -p Enter password: xxx and succeeded. What am I doing wrong? I've noticed that every time I restart dovecot I get this error in the dovecot-deliver.log: Oct 24 11:31:11 lda: Error: userdb lookup: connect(/usr/local/var/run/dovecot/auth-userdb) failed: Permission denied (euid=512(vmail) egid=512(vmail) missing +r perm: /usr/local/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) Oct 24 11:31:11 lda: Fatal: Internal error occurred. Refer to server log for more information. Every time I go to chmod 666 on that file, restarting dovecot wipes those permissions. How fix? Even when I fix that, I still get the "temporary failure". Please advise. TIA, Jack From tom at whyscream.net Mon Oct 24 22:24:28 2011 From: tom at whyscream.net (Tom Hendrikx) Date: Mon, 24 Oct 2011 21:24:28 +0200 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> Message-ID: <4EA5BB6C.4050205@whyscream.net> On 24-10-11 21:00, Jack Fredrikson wrote: > Hi; This is my 6th day installing my first Postfix/Dovecot > installation. The Postfix mailing list indicates I've got the MTA > under control so now I'm seeking your help with the MDA. I get these > errors with legitimate email addresses: Oct 24 11:47:38 myserver > dovecot: auth-worker: Error: mysql(localhost): Connect failed to > database (postfix): Access denied for user 'dovecot'@'localhost' > (using password: YES) - waiting for 25 seconds before retry > > Now I've logged in myself: mysql -u dovecot -p Enter password: xxx > and succeeded. What am I doing wrong? > The "(using password: YES)" part of the error indicates that your connection to the server was established successfully. However, it seems that user 'dovecot' has no access to database 'postfix', which you did not test on the command line either. What happens on the commandline when you enter (after logging in: use postfix; show tables; Fix that error in the mysql user administration, then try again. > > I've noticed that every time I restart dovecot I get this error in > the dovecot-deliver.log: > > Oct 24 11:31:11 lda: Error: userdb lookup: > connect(/usr/local/var/run/dovecot/auth-userdb) failed: Permission > denied (euid=512(vmail) egid=512(vmail) missing +r perm: > /usr/local/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) > Oct 24 11:31:11 lda: Fatal: Internal error occurred. Refer to server > log for more information. > > > Every time I go to chmod 666 on that file, restarting dovecot wipes > those permissions. How fix? Even when I fix that, I still get the > "temporary failure". Please advise. You forgot to add doveconf -n output, so I'm guessing here, but in your config, there should be a part defining something like: service auth { unix_listener auth-userdb { # some commented stuff } } Uncomment as needed, and set the values a indicated by the error message (probably something like user=vmail, group=vmail mode=0660). > > TIA, Jack > From piotr-l at netexpert.pl Mon Oct 24 22:26:00 2011 From: piotr-l at netexpert.pl (Piotr NetExpert) Date: Mon, 24 Oct 2011 21:26:00 +0200 Subject: [Dovecot] iterate_query not working Message-ID: <4EA5BBC8.5090901@netexpert.pl> Hi, I have got iterate_query defined in dovecot-sql.conf.ext. However when I run a command like: doveadm search -A BEFORE 10d I receive an error message (Failed to iterate ...) There is an error message in a log file too: Error: Trying to iterate users, but userdbs don't support it The problem is that monitoring a database server shows that dovecot does not try to execute any query. What I am doing wrong? password_query lookups work fine. -- pozdrawiam Piotr Szafarczyk http://www.netexpert.pl From simon.brereton at buongiorno.com Mon Oct 24 22:38:28 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 24 Oct 2011 15:38:28 -0400 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> Message-ID: On 24 October 2011 15:00, Jack Fredrikson wrote: > Hi; > This is my 6th day installing my first Postfix/Dovecot installation. The Postfix mailing list indicates I've got the MTA under control so now I'm seeking your help with the MDA. I get these errors with legitimate email addresses: > Oct 24 11:47:38 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 25 seconds before retry > > Now I've logged in myself: > mysql -u dovecot -p > Enter password: xxx > and succeeded. What am I doing wrong? > > > I've noticed that every time I restart dovecot I get this error in the dovecot-deliver.log: > > Oct 24 11:31:11 lda: Error: userdb lookup: connect(/usr/local/var/run/dovecot/auth-userdb) failed: Permission denied (euid=512(vmail) egid=512(vmail) missing +r perm: /usr/local/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) > Oct 24 11:31:11 lda: Fatal: Internal error occurred. Refer to server log for more information. > > > Every time I go to chmod 666 on that file, restarting dovecot wipes those permissions. How fix? > Even when I fix that, I still get the "temporary failure". > Please advise. what user are you running dovecot as? Does this thread help? http://www.mail-archive.com/dovecot at dovecot.org/msg32290.html or this one? http://www.mailinglistarchive.com/html/dovecot at dovecot.org/2010-08/msg01136.html Simon From hs at schlittermann.de Mon Oct 24 23:32:25 2011 From: hs at schlittermann.de (Heiko Schlittermann) Date: Mon, 24 Oct 2011 22:32:25 +0200 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> Message-ID: <20111024203225.GP3659@jumper.schlittermann.de> Jack Fredrikson (Mon Oct 24 21:00:54 2011): > Hi; > This is my 6th day installing my first Postfix/Dovecot installation. The Postfix mailing list indicates I've got the MTA under control so now I'm seeking your help with the MDA. I get these errors with legitimate email addresses: > Oct 24 11:47:38 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 25 seconds before retry > > Now I've logged in myself: > mysql -u dovecot -p > Enter password: xxx > and succeeded. What am I doing wrong? You should test: mysql -udovecot -pxxx -hlocalhost postfix to simulate the dovecot attemts. > I've noticed that every time I restart dovecot I get this error in the dovecot-deliver.log: > > Oct 24 11:31:11 lda: Error: userdb lookup: connect(/usr/local/var/run/dovecot/auth-userdb) failed: Permission denied (euid=512(vmail) egid=512(vmail) missing +r perm: /usr/local/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) > Oct 24 11:31:11 lda: Fatal: Internal error occurred. Refer to server log for more information. > > > Every time I go to chmod 666 on that file, restarting dovecot wipes those permissions. How fix? > Even when I fix that, I still get the "temporary failure". > Please advise. This file is not a file, it is a socket and gets recreated every time you restart dovecot. There is, if I remember well, some config option "mode" near the name of the name of the socket. -- Heiko :: dresden : linux : SCHLITTERMANN.de GPG Key 48D0359B : 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From jackfredrikson at yahoo.com Mon Oct 24 23:43:33 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 13:43:33 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <4EA5BB6C.4050205@whyscream.net> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> Message-ID: <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> ________________________________ From: Tom Hendrikx To: dovecot at dovecot.org Sent: Monday, October 24, 2011 3:24 PM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem First up, thanks for the links, Simon, but they didn't help :( I still need to chmod 666 /usr/local/var/run/dovecot/auth-userdb and I'm still getting the same error: Oct 24 13:40:57 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 5 seconds before retry > The "(using password: YES)" part of the error indicates that your > connection to the server was established successfully. However, it seems > that user 'dovecot' has no access to database 'postfix', which you did > not test on the command line either. > > What happens on the commandline when you enter (after logging in: > use postfix; show tables; I can log in *just fine* as dovecot and show tables, etc. # 2.0.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.7 (Final) vzfs auth_mechanisms = plain login mail_location = maildir:/var/vmail/%d/%u passdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } plugin { ? quota = maildir:storage=10240:messages=1000 ? trash = /usr/local/etc/dovecot/trash.conf } protocols = imap pop3 service auth { ? unix_listener auth-userdb { ??? mode = 0660 ? } ? user = root } ssl_cert = References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> Message-ID: On 24 October 2011 16:43, Jack Fredrikson wrote: > > ________________________________ > From: Tom Hendrikx > To: dovecot at dovecot.org > Sent: Monday, October 24, 2011 3:24 PM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > > First up, thanks for the links, Simon, but they didn't help :( I still need to > chmod 666 /usr/local/var/run/dovecot/auth-userdb > and I'm still getting the same error: > Oct 24 13:40:57 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 5 seconds before retry > >> The "(using password: YES)" part of the error indicates that your >> connection to the server was established successfully. However, it seems >> that user 'dovecot' has no access to database 'postfix', which you did >> not test on the command line either. >> >> What happens on the commandline when you enter (after logging in: >> use postfix; show tables; > > I can log in *just fine* as dovecot and show tables, etc. > > # 2.0.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.7 (Final) vzfs > auth_mechanisms = plain login > mail_location = maildir:/var/vmail/%d/%u Who owns /var/vmail? > passdb { > ? args = /usr/local/etc/dovecot/sql.conf > ? driver = sql > } > plugin { > ? quota = maildir:storage=10240:messages=1000 > ? trash = /usr/local/etc/dovecot/trash.conf > } > protocols = imap pop3 > service auth { > ? unix_listener auth-userdb { > ??? mode = 0660 > ? } > ? user = root > } > ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2 > ssl_key = ssl_key_password = Jw93Mx2 > userdb { > ? args = /usr/local/etc/dovecot/sql.conf > ? driver = sql > } > protocol imap { > ? mail_plugins = quota imap_quota > } > protocol pop3 { > ? mail_plugins = quota > ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } > protocol lda { > ? hostname = mydomain.com > ? info_log_path = /var/log/dovecot-deliver.log > ? log_path = /var/log/dovecot-deliver.log > ? mail_plugins = quota > ? postmaster_address = postmaster at mydomain.com > ? sendmail_path = /usr/sbin/sendmail.postfix > } From jackfredrikson at yahoo.com Tue Oct 25 00:47:11 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 14:47:11 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> Message-ID: <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: dovecot at dovecot.org Sent: Monday, October 24, 2011 5:04 PM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > Who owns /var/vmail? ls -al /var/vmail/ total 8 drwxrwx---? 2 vmail mail 4096 Oct 19 18:45 . drwxr-xr-x 26 root? root 4096 Oct 23 08:35 .. /usr/sbin/usermod -a -G mail,postfix dovecot And I'm still getting the same error: dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) TIA, Jack From tom at whyscream.net Tue Oct 25 01:00:01 2011 From: tom at whyscream.net (Tom Hendrikx) Date: Tue, 25 Oct 2011 00:00:01 +0200 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> Message-ID: <4EA5DFE1.1070306@whyscream.net> On 24-10-11 23:47, Jack Fredrikson wrote: > > ________________________________ > From: Simon Brereton > To: dovecot at dovecot.org > Sent: Monday, October 24, 2011 5:04 PM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > >> Who owns /var/vmail? > > ls -al /var/vmail/ > total 8 > drwxrwx--- 2 vmail mail 4096 Oct 19 18:45 . > drwxr-xr-x 26 root root 4096 Oct 23 08:35 .. > /usr/sbin/usermod -a -G mail,postfix dovecot Adding dovecot to the postfix group would be considered a security issue by many. Don't so this unless you actually think it wil help you (it won't). > > And I'm still getting the same error: > dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) > Please see http://dev.mysql.com/doc/refman/5.5/en/connecting.html, especially the part that starts with "On Unix, MySQL programs treat the host name localhost specially," Then show proof that this command works: mysql -udovecot -pxxx -h 127.0.0.1 postfix And see what happens if you set the hostname in dovecot config also to 127.0.0.1. Note that testing as root will likely give you access to the mysql socket, but dovecot might not have the same privileges. The above will test tcp connectivity for both. -- Tom From stephan at rename-it.nl Tue Oct 25 01:25:35 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 25 Oct 2011 00:25:35 +0200 Subject: [Dovecot] Expire plugin not executing for sieve plugin? In-Reply-To: <4EA5A5E1.3000202@druber.com> References: <4EA03F1C.5010500@druber.com> <4EA5A5E1.3000202@druber.com> Message-ID: <4EA5E5DF.1050508@rename-it.nl> On 10/24/2011 7:52 PM, Dan Swartzendruber wrote: > > No ideas? I googled some more and eventually turned up this posting: > > http://www.mailinglistarchive.com/html/dovecot at dovecot.org/2011-01/msg00716.html > > > guy seems to be having the exact problem I am, unfortunately, no-one > replied to his post either :( Hmm, wonder why no one answered that one. In theory, those plugins should interact gracefully. However, if something is wrong, I cannot test this right now, since I've not installed expire so far. I'll ask Timo if he can take a look at this. Otherwise, I'll have to build a small test setup first, which may take some time. Regards, Stephan. From stephan at rename-it.nl Tue Oct 25 01:27:50 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 25 Oct 2011 00:27:50 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4EA5399E.9070205@rename-it.nl> References: <4E9EDAC1.4000602@jkart.de> <4E9EED12.8040409@rename-it.nl> <4EA5399E.9070205@rename-it.nl> Message-ID: <4EA5E666.6090007@rename-it.nl> On 10/24/2011 12:10 PM, Stephan Bosch wrote: > Op 19-10-2011 17:30, Stephan Bosch schreef: >> Op 19-10-2011 16:12, Jim Knuth schreef: >>> Hello, >>> >>> is http://xi.rename-it.nl down? Apticron >>> shows me permanently errors. >> >> Yes. I noticed this yesterday. >> >> This is a recurring problem for some reason, probably some >> Xen-related issue. Every few months it just 'goes away' without any >> apparent reason. Unfortunately, I cannot restart the Xi myself at the >> moment and the person who can is currently involved in solving >> another IT calamity of a different magnitude. I think it can take up >> to a day for this system to come back online. > > This is probably going to take more time. Administrator is having > issues that prove to be harder to solve than expected. > In case you didn't notice, it is back apparently. Plans are to move this thing to a new system soon, which should (implicitly) solve this problem definitively. Regards, Stephan. From stephan at rename-it.nl Tue Oct 25 01:33:41 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 25 Oct 2011 00:33:41 +0200 Subject: [Dovecot] sieve-pipe Error In-Reply-To: <4EA5375B.2060101@wilkesley.net> References: <4EA5375B.2060101@wilkesley.net> Message-ID: <4EA5E7C5.4080908@rename-it.nl> On 10/24/2011 12:00 PM, Ian Barton wrote: > I am using Dovecot 2.0.15 on Arch. I have cloned the hg repo and > compiled the plugin using the following options: > > ./configure --with-dovecot=/usr/lib/dovecot > --with-pigeonhole=/usr/include/dovecot/sieve/ > > The relevant section of my dovecot.conf looks like: > > plugin { > sieve = ~/.dovecot.sieve > sieve_global_path = /home/vmail/globalsieverc > sieve_dir = ~/ > > sieve_plugins = sieve_pipe > # This directory contains the scripts that are available. > sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe > } > > When I restart Dovecot I get the following error: > > ian:dovecot/ $ sudo rc.d restart dovecot > [10:50:53] > :: Stopping dovecot daemon > [DONE] > :: Starting dovecot daemon > [BUSY] managesieve: > Fatal: opendir(/usr/lib/dovecot/modules/sieve) failed: No such file or > directory > doveconf: Error: managesieve-login: dump-capability process returned 89 Apparently, the plugin is not installed in the correct location. Try supplying a --with-moduledir=/usr/lib/dovecot/modules . After make install, the /usr/lib/dovecot/modules/sieve directory should contain lib90_sieve_pipe_plugin.so. Regards, Stephan. From jackfredrikson at yahoo.com Tue Oct 25 02:17:23 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 16:17:23 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <4EA5DFE1.1070306@whyscream.net> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> Message-ID: <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> ________________________________ From: Tom Hendrikx To: dovecot at dovecot.org Sent: Monday, October 24, 2011 6:00 PM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > Adding dovecot to the postfix group would be considered a security issue > by many. Don't so this unless you actually think it wil help you (it won't). Thanks. I took it out. > Please see http://dev.mysql.com/doc/refman/5.5/en/connecting.html, > especially the part that starts with "On Unix, MySQL programs treat the > host name localhost specially," > > Then show proof that this command works: > >? ? mysql -udovecot -pxxx -h 127.0.0.1 postfix My bad. I had the wrong p/w in sql.conf :-} So now I'm connected to the database as dovecot, but I'm still getting these dad-blamed errors: BC81A57901AD: to=, relay=dovecot, delay=25695, delays=25695/0.02/0/0.28, dsn=4.3.0, status=deferred (temporary failure) # 2.0.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.7 (Final) vzfs auth_mechanisms = plain login mail_location = maildir:/var/vmail/%d/%u passdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } plugin { ? quota = maildir:storage=10240:messages=1000 ? trash = /usr/local/etc/dovecot/trash.conf } protocols = imap pop3 service auth { ? unix_listener auth-userdb { ??? group = postfix ??? mode = 0660 ??? user = postfix ? } ? user = root } ssl_cert = References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> Message-ID: <20111024192749.0d8268f4@scorpio> On Mon, 24 Oct 2011 16:17:23 -0700 (PDT) Jack Fredrikson articulated: > protocol lda { > ? hostname = 13gems.com > ? info_log_path = /var/log/dovecot-deliver.log > ? log_path = /var/log/dovecot-deliver.log > ? mail_plugins = quota > ? postmaster_address = postmaster at bar.com > ? sendmail_path = /usr/sbin/sendmail.postfix Are you sure about that "sendmail" path? It certainly isn't like that on my machine. -- Jerry ? Dovecot.user at seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From jackfredrikson at yahoo.com Tue Oct 25 03:14:13 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 17:14:13 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <20111024192749.0d8268f4@scorpio> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <20111024192749.0d8268f4@scorpio> Message-ID: <1319501653.29776.YahooMailNeo@web122012.mail.ne1.yahoo.com> ________________________________ From: Jerry To: dovecot at dovecot.org Sent: Monday, October 24, 2011 7:27 PM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem >> ? sendmail_path = /usr/sbin/sendmail.postfix > Are you sure about that "sendmail" path? It certainly isn't like that > on my machine. Well, I changed it to just "sendmail" (since I had that file, too) but with the same result. I remember creating that file earlier but I don't remember where and searching around my system I can't xargs grep it. What do you recommend? TIA, Jack From stan at hardwarefreak.com Tue Oct 25 07:22:23 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Mon, 24 Oct 2011 23:22:23 -0500 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319501653.29776.YahooMailNeo@web122012.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <20111024192749.0d8268f4@scorpio> <1319501653.29776.YahooMailNeo@web122012.mail.ne1.yahoo.com> Message-ID: <4EA6397F.6070001@hardwarefreak.com> On 10/24/2011 7:14 PM, Jack Fredrikson wrote: > > ________________________________ > From: Jerry > To: dovecot at dovecot.org > Sent: Monday, October 24, 2011 7:27 PM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > >>> sendmail_path = /usr/sbin/sendmail.postfix > >> Are you sure about that "sendmail" path? It certainly isn't like that >> on my machine. > > Well, I changed it to just "sendmail" (since I had that file, too) but with the same result. I remember creating that file earlier but I don't remember where and searching around my system I can't xargs grep it. What do you recommend? I recommend the default: sendmail_path = /usr/sbin/sendmail I also recommend you not fly by the seat of your pants when creating IT infrastructure for a client. Doing so is good for neither of you. -- Stan From simon.brereton at buongiorno.com Tue Oct 25 07:46:30 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Tue, 25 Oct 2011 00:46:30 -0400 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> Message-ID: On 24 October 2011 19:17, Jack Fredrikson wrote: > > ________________________________ > From: Tom Hendrikx > To: dovecot at dovecot.org > Sent: Monday, October 24, 2011 6:00 PM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > >> Adding dovecot to the postfix group would be considered a security issue >> by many. Don't so this unless you actually think it wil help you (it won't). > > Thanks. I took it out. > >> Please see http://dev.mysql.com/doc/refman/5.5/en/connecting.html, >> especially the part that starts with "On Unix, MySQL programs treat the >> host name localhost specially," >> >> Then show proof that this command works: >> >>? ? mysql -udovecot -pxxx -h 127.0.0.1 postfix > > My bad. I had the wrong p/w in sql.conf :-} > > So now I'm connected to the database as dovecot, but I'm still getting these dad-blamed errors: > > BC81A57901AD: to=, relay=dovecot, delay=25695, delays=25695/0.02/0/0.28, dsn=4.3.0, status=deferred (temporary failure) Turn up the logging in postfix (add -vv to the smtpd line in master.cf or google for log-level) - but I'm pretty sure that this means postfix wants to give it dovecot, but dovecot says I can't do anything with it. Either cos it doesn't know where to put it. Or doesn't have permission to put it there. You could turn up your dovecot logging too if the postfix logs aren't helpful. My directory permissions (in no way security recommended - but working) for /var/vmail/ are: drwxrwxS mailsystem mailsystem Simon > # 2.0.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.7 (Final) vzfs > auth_mechanisms = plain login > mail_location = maildir:/var/vmail/%d/%u > passdb { > ? args = /usr/local/etc/dovecot/sql.conf > ? driver = sql > } > plugin { > ? quota = maildir:storage=10240:messages=1000 > ? trash = /usr/local/etc/dovecot/trash.conf > } > protocols = imap pop3 > service auth { > ? unix_listener auth-userdb { > ??? group = postfix > ??? mode = 0660 > ??? user = postfix > ? } > ? user = root > } > ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2 > ssl_key = userdb { > ? args = /usr/local/etc/dovecot/sql.conf > ? driver = sql > } > protocol imap { > ? mail_plugins = quota imap_quota > } > protocol pop3 { > ? mail_plugins = quota > ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } > protocol lda { > ? hostname = 13gems.com > ? info_log_path = /var/log/dovecot-deliver.log > ? log_path = /var/log/dovecot-deliver.log > ? mail_plugins = quota > ? postmaster_address = postmaster at bar.com > ? sendmail_path = /usr/sbin/sendmail.postfix > } > > TIA, > Jack From stephan at rename-it.nl Tue Oct 25 11:26:19 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 25 Oct 2011 10:26:19 +0200 Subject: [Dovecot] sieve-pipe Error In-Reply-To: <4EA66648.8050308@wilkesley.net> References: <4EA5375B.2060101@wilkesley.net> <4EA5E7C5.4080908@rename-it.nl> <4EA66648.8050308@wilkesley.net> Message-ID: <4EA672AB.5070401@rename-it.nl> Op 25-10-2011 9:33, Ian Barton schreef: > On 24/10/11 23:33, Stephan Bosch wrote: >> On 10/24/2011 12:00 PM, Ian Barton wrote: >>> I am using Dovecot 2.0.15 on Arch. I have cloned the hg repo and >>> compiled the plugin using the following options: >>> >>> ./configure --with-dovecot=/usr/lib/dovecot >>> --with-pigeonhole=/usr/include/dovecot/sieve/ >>> >>> The relevant section of my dovecot.conf looks like: >>> >>> plugin { >>> sieve = ~/.dovecot.sieve >>> sieve_global_path = /home/vmail/globalsieverc >>> sieve_dir = ~/ >>> >>> sieve_plugins = sieve_pipe >>> # This directory contains the scripts that are available. >>> sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe >>> } >>> >>> When I restart Dovecot I get the following error: >>> >>> ian:dovecot/ $ sudo rc.d restart dovecot [10:50:53] >>> :: Stopping dovecot daemon [DONE] >>> :: Starting dovecot daemon [BUSY] managesieve: Fatal: >>> opendir(/usr/lib/dovecot/modules/sieve) failed: No such file or >>> directory >>> doveconf: Error: managesieve-login: dump-capability process returned 89 >> >> Apparently, the plugin is not installed in the correct location. Try >> supplying a --with-moduledir=/usr/lib/dovecot/modules . >> >> After make install, the /usr/lib/dovecot/modules/sieve directory should >> contain lib90_sieve_pipe_plugin.so. >> > > Thank you that worked. Now to test if it's working:) Please reply to the mailing list as well. Regards, Stephan. From dovecot at tlinx.org Tue Oct 25 13:14:41 2011 From: dovecot at tlinx.org (Linda Walsh) Date: Tue, 25 Oct 2011 03:14:41 -0700 Subject: [Dovecot] Thunderbird slow in talking with dovecot IMAP AND to sendmail Message-ID: <4EA68C11.5060102@tlinx.org> I'm trying to find out what's causing this slowdown -- it's INTOLERABLE.... over 1 minute and less than 1% done. (400MB file)... After trying 3 times, I gave up and logged in using X to the server and ran Tbird from there.... Mail sent out in < 1 minute, though the copy to dovecot took about 50% longer. So... I looked at the network trace. and everyfrackin' body was using 4K packet sizes (at the application level!, the window size on TCP was over 64K...but no one was using it)....especially galling with my network's MTU at 9K, BTW, because small packets are really bad on a 1Gb network. sendmail -- 4K, dovecot /ssl, 4K... wazzup .. is t-bird forcing this, or is there some ssl requirement? but it can't just be ssl -- as it's talking to sendmail on port 25 unencrypted (it's a local net anyway)... I could see the entire binary going out in text form... 1 line at a time...a "C" line in sendmail, with lens of 4096...is that some max? I don't see it in the sendmail.cf files...wanted to see if anyone knew of dovecot restrictions that might limit packets to 4k, before I lamblasted the thunderbird people for another act of mindless stupidity (the first being when they decided to cache all your IMAP store on every local client in the client's ROAMING profile...*brilliant*!!!... sides, if I wanted it on local I would have set 'store on local', but in TB3, they know better and change that for me... Something about them being too stupid to use indexing and searching on an imap server? Maybe I just imagined hearing that... From jackfredrikson at yahoo.com Tue Oct 25 13:47:26 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 03:47:26 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> Message-ID: <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: Dovecot Mailing List Sent: Tuesday, October 25, 2011 12:46 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem I think I've found the problem. How do I create this file? /usr/local/libexec/dovecot/deliver-ldaTIA, Jack From ef at math.uni-bonn.de Tue Oct 25 14:02:39 2011 From: ef at math.uni-bonn.de (Edgar =?iso-8859-1?B?RnXf?=) Date: Tue, 25 Oct 2011 13:02:39 +0200 Subject: [Dovecot] Seen flag getting lost Message-ID: <20111025110238.GB8900@gumme.math.uni-bonn.de> We have two dovecot 1.2 instances sharing Maildirs on NFS. Indexes are local to the individual servers. Occasionally (no idea how to trigger this), the Seen flag gets lost on some messages. I've verified that actually the ``S'' is missing from the filename. I suspect something like server A caching the flags, server B setting Seen, and then server A flushing its cache for another change so overwriting what B changed. Any ideas short of switching to 2.0? From sb at dod.no Tue Oct 25 14:38:07 2011 From: sb at dod.no (Steinar Bang) Date: Tue, 25 Oct 2011 13:38:07 +0200 Subject: [Dovecot] SSL renegotiation vulnerability (Was: dovecot evaluation on a 30 gb mailbox) References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> Message-ID: >>>>> Timo Sirainen : > Yes, SSL handshakes are extra. Although SSL supports some kind of > quick renegotiation too, but Dovecot doesn't support that yet. No > one's ever requested it.. Hum... this article (in Norwegian) http://www.digi.no/881186/skrekkverktoy-slaar-ut-%ABsikre%BB-servere addresses the SSL renegotiation vulnerability, and how it can be used to DOS servers using SSL from a single machine with low bandwidth. At the end the article is discussing how to configure off the SSL renegotiate in different servers, and that the author had been unable to find a setting for disabling SSL renegotiate in dovecot (and if anyone knows how, please inform him). Could the reason he hasn't found such a setting be that SSL renegotiate isn't supported at all in dovecot...? Thanks! - Steinar From CMarcus at Media-Brokers.com Tue Oct 25 14:38:22 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 25 Oct 2011 07:38:22 -0400 Subject: [Dovecot] Thunderbird slow in talking with dovecot IMAP AND to sendmail In-Reply-To: <4EA68C11.5060102@tlinx.org> References: <4EA68C11.5060102@tlinx.org> Message-ID: <4EA69FAE.1030100@Media-Brokers.com> On 2011-10-25 6:14 AM, Linda Walsh wrote: > and everyfrackin' body was using 4K packet sizes (at the application > level!, the window size on TCP was over 64K...but no one was using > it)....especially galling with my network's MTU at 9K, BTW, because > small packets are really bad on a 1Gb network. > > sendmail -- 4K, > dovecot /ssl, 4K... > > wazzup .. is t-bird forcing this, If I'm not mistaken, yes, this is (or could be) a TBird problem... I can't find the bug report where this was discussed, but I distinctly remember one of the devs commenting on this 4k packet size issue. Apparently it was an intentional change, but he couldn't figure out why. Fyi, it was discussed in one of the IMAP performance bugs... -- Best regards, Charles From jackfredrikson at yahoo.com Tue Oct 25 16:51:56 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 06:51:56 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> ________________________________ From: Jack Fredrikson To: "simon.brereton at buongiorno.com" ; Dovecot Mailing List Sent: Tuesday, October 25, 2011 6:47 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem Or, conversely, how do I create this file: /usr/local/libexec/dovecot/deliver The problem is the first_valid_uid and first_valid_gid need to be reset. What file is called to create "deliver"? Please help. TIA, Jack From simon.brereton at buongiorno.com Tue Oct 25 16:53:15 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Tue, 25 Oct 2011 09:53:15 -0400 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: On 25 October 2011 06:47, Jack Fredrikson wrote: > > ________________________________ > From: Simon Brereton > To: Dovecot Mailing List > Sent: Tuesday, October 25, 2011 12:46 AM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > > I think I've found the problem. How do I create this file? > > /usr/local/libexec/dovecot/deliver-lda I can't speak to CentOS, but I'm not sure you need to be "creating" any files - especially not in libexec. Are you sure your dovecot installation isn't hosed somehow? Simon From giles at coochey.net Tue Oct 25 17:02:15 2011 From: giles at coochey.net (Giles Coochey) Date: Tue, 25 Oct 2011 16:02:15 +0200 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> Message-ID: <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> On Tue, October 25, 2011 15:51, Jack Fredrikson wrote: > > ________________________________ > From: Jack Fredrikson > To: "simon.brereton at buongiorno.com" ; > Dovecot Mailing List > Sent: Tuesday, October 25, 2011 6:47 AM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection > Problem > > > Or, conversely, how do I create this file: > > /usr/local/libexec/dovecot/deliver > > The problem is the first_valid_uid and first_valid_gid need to be reset. > What file is called to create "deliver"? Please help. > On my Centos 5.x: [root at gate ~]# rpm -qf /usr/libexec/dovecot/deliver dovecot-2.0.15-1.0.cf.rhel5 [root at gate ~]# rpm -qf /usr/libexec/dovecot/dovecot-lda dovecot-2.0.15-1.0.cf.rhel5 [root at gate ~]# What dovecot do you have? From jackfredrikson at yahoo.com Tue Oct 25 17:05:36 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 07:05:36 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: <1319551536.95677.YahooMailNeo@web122009.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: Dovecot Mailing List Sent: Tuesday, October 25, 2011 9:53 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > I can't speak to CentOS, but I'm not sure you need to be "creating" > any files - especially? not in libexec.? Are you sure your dovecot > installation isn't hosed somehow? Of course I'm not sure and rebuilding dovecot is what I'll do if all else fails. When I discovered the problem in my dovecot logs, I searched for the offending GID and discovered it in /usr/local/libexec/dovecot/deliver which, of course, is a binary. How did it get there? Certainly not when I did my ./configure make make install dance with dovecot's src distro. How did it get there?? How do I change it??` TIA, Jack From jackfredrikson at yahoo.com Tue Oct 25 17:10:21 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 07:10:21 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> Message-ID: <1319551821.48248.YahooMailNeo@web122010.mail.ne1.yahoo.com> ________________________________ From: Giles Coochey To: Jack Fredrikson Cc: "simon.brereton at buongiorno.com" ; Dovecot Mailing List Sent: Tuesday, October 25, 2011 10:02 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > On my Centos 5.x: > > [root at gate ~]# rpm -qf /usr/libexec/dovecot/deliver > dovecot-2.0.15-1.0.cf.rhel5 > [root at gate ~]# rpm -qf /usr/libexec/dovecot/dovecot-lda > dovecot-2.0.15-1.0.cf.rhel5 > > What dovecot do you have? 2.0.15 I built mine the old way: ./configure --with-mysql make make install So how would I rebuild just this one file? From where does it get its data? I need to change the first_valid_gid. TIA, Jack From jackfredrikson at yahoo.com Tue Oct 25 18:01:31 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 08:01:31 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319551821.48248.YahooMailNeo@web122010.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> <1319551821.48248.YahooMailNeo@web122010.mail.ne1.yahoo.com> Message-ID: <1319554891.19030.YahooMailNeo@web122011.mail.ne1.yahoo.com> From: Giles Coochey To: Jack Fredrikson Cc: "simon.brereton at buongiorno.com" ; Dovecot Mailing List Sent: Tuesday, October 25, 2011 10:02 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem I just discovered this: [root at myserver postfix]# ls -al /usr/libexec/dovecot/ total 8 drwxr-xr-x 2 root root 4096 Oct 22 08:59 . drwxr-xr-x 9 root root 4096 Oct 23 08:36 .. lrwxrwxrwx 1 root root?? 34 Oct 22 08:59 deliver -> /usr/local/libexec/dovecot/deliver [root at myserver postfix]# ls -al /usr/local/libexec/dovecot/deliver* lrwxrwxrwx 1 root root 11 Oct 20 17:14 /usr/local/libexec/dovecot/deliver -> dovecot-lda Huh? So I made a softlink directly to /usr/local/libexec/dovecot/dovecot-lda (which is where it resides) But I'm still getting the same errors: Oct 25 07:58:47 lda(foo at bar.com): Fatal: setgid(12(mail) from userdb lookup) failed with euid=512(vmail), gid=512(vmail), egid=512(vmail): Operation not permitted (This binary should probably be called with process group set to 12(mail) instead of 512(vmail)) I need to change the gid because it's wrong. Now, rebuilding dovecot isn't going to do that because we don't set such things in the flags to rebuild. So where in tarnation do we??? TIA, Jack > On my Centos 5.x: > > [root at gate ~]# rpm -qf /usr/libexec/dovecot/deliver > dovecot-2.0.15-1.0.cf.rhel5 > [root at gate ~]# rpm -qf /usr/libexec/dovecot/dovecot-lda > dovecot-2.0.15-1.0.cf.rhel5 > > What dovecot do you have? 2.0.15 I built mine the old way: ./configure --with-mysql make make install So how would I rebuild just this one file? From where does it get its data? I need to change the first_valid_gid. TIA, Jack From jackfredrikson at yahoo.com Tue Oct 25 21:01:12 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 11:01:12 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319554891.19030.YahooMailNeo@web122011.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> <1319551821.48248.YahooMailNeo@web122010.mail.ne1.yahoo.com> <1319554891.19030.YahooMailNeo@web122011.mail.ne1.yahoo.com> Message-ID: <1319565672.83110.YahooMailNeo@web122007.mail.ne1.yahoo.com> ________________________________ From: Jack Fredrikson To: Jack Fredrikson ; Giles Coochey Cc: "simon.brereton at buongiorno.com" ; Dovecot Mailing List Sent: Tuesday, October 25, 2011 11:01 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem I have solved at least another part of the problem that was causing the setuig error. I changed my postfix/master.cf file from this: dovecot?? unix? -?????? n?????? n?????? -?????? -?????? pipe ? flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient} to this: dovecot?? unix? -?????? n?????? n?????? -?????? -?????? pipe ? flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} ${recipient} taking out the d flag. Now dovecot doesn't complain. *However*, I've *still* got this devil plaguing me: Oct 25 10:49:18 myserver postfix/pipe[3712]: 0423257901AB: to=, relay=dovecot, delay=109318, delays=109318/0.14/0/0.1, dsn=4.3.0, status=deferred (temporary failure Ya know, I know I'm not the sharpest tool in the shed when it comes to programming, but I have *never* worked *so hard* on an installation as this one with so little success! It took me a day to install qmail the first time around. I've been a week on this!! Please help me figure this mess out. For the record, I did rebuild dovecot but that obviously didn't help. I did change the posfix files to pump out a bunch of debugging info: adding a -D flag to every smptd service in master.cf This in main.cf: debug_peer_level = 3 debugger_command = ? PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ? xxgdb $daemon_directory/$process_name $process_id & sleep 5 debug_peer_list = 127.0.0.1 #debug_peer_list = and it doesn't give me any output like it did the first time, so I assume (perhaps incorrectly) there are no errors. TIA, Jack From tss at iki.fi Tue Oct 25 21:13:09 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 25 Oct 2011 21:13:09 +0300 Subject: [Dovecot] SSL renegotiation vulnerability (Was: dovecot evaluation on a 30 gb mailbox) In-Reply-To: References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> Message-ID: <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> On 25.10.2011, at 14.38, Steinar Bang wrote: >>>>>> Timo Sirainen : > >> Yes, SSL handshakes are extra. Although SSL supports some kind of >> quick renegotiation too, but Dovecot doesn't support that yet. No >> one's ever requested it.. Looks like it's not "renegotiation" but more like session resume/resumption/cache or something that I was thinking about. > Hum... this article (in Norwegian) > http://www.digi.no/881186/skrekkverktoy-slaar-ut-%ABsikre%BB-servere > addresses the SSL renegotiation vulnerability, and how it can be used to > DOS servers using SSL from a single machine with low bandwidth. > > At the end the article is discussing how to configure off the SSL > renegotiate in different servers, and that the author had been unable to > find a setting for disabling SSL renegotiate in dovecot (and if anyone > knows how, please inform him). > > Could the reason he hasn't found such a setting be that SSL renegotiate > isn't supported at all in dovecot...? Looking at the OpenSSL code, I don't see any way to disable it. Or possibly with some undocumented kludgy way, but I don't really know enough about OpenSSL to implement it. Anyway, I'd think fail2ban should mostly solve this problem. From jackfredrikson at yahoo.com Tue Oct 25 21:33:12 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 11:33:12 -0700 (PDT) Subject: [Dovecot] Temporary Failure that's Permanent! Message-ID: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> Hi; I continue to be plagued with this error: Oct 25 10:49:18 myserver postfix/pipe[3712]: 0423257901AB: to=, relay=dovecot, delay=109318, delays=109318/0.14/0/0.1, dsn=4.3.0, status=deferred (temporary failure It's been a week that I've been working day and night to get this fixed. I forgot to add this information: [root]# doveconf -n auth_mechanisms = plain login first_valid_gid = 12 first_valid_uid = 86 mail_location = maildir:/var/vmail/%d/%u passdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } plugin { ? quota = maildir:storage=10240:messages=1000 ? trash = /usr/local/etc/dovecot/trash.conf } protocols = imap pop3 service auth { ? unix_listener auth-userdb { ??? group = postfix ??? mode = 0660 ??? user = postfix ? } ? user = root } ssl_cert = References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> Message-ID: <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> On 25.10.2011, at 21.13, Timo Sirainen wrote: >> Could the reason he hasn't found such a setting be that SSL renegotiate >> isn't supported at all in dovecot...? > > Looking at the OpenSSL code, I don't see any way to disable it. Or possibly with some undocumented kludgy way, but I don't really know enough about OpenSSL to implement it. Actually, the attached patch works for v2.0. I'm not really sure yet if I should add a setting for it, force it always or just wait for SSL people to figure out something else. I think I'll do the last option for now. In any case, I noticed there was some memory "leaking" when doing SSL renegotiation and that definitely needs to be fixed: http://hg.dovecot.org/dovecot-2.0/rev/ad2ebc237570 -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: application/octet-stream Size: 515 bytes Desc: not available URL: From CMarcus at Media-Brokers.com Tue Oct 25 22:34:15 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 25 Oct 2011 15:34:15 -0400 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> Message-ID: <4EA70F37.3000401@Media-Brokers.com> Jack, A word of advice... you need to take a breath, and START OVER. Postfix+Dovecot works very well together... you are doing something wrong, and need to figure out what it is. You are chasing your tail, and will never figure out what you are doing wrong the way you are trying to troubleshoot this right now. Posting the same question over and over here and on the postfix list will not get you anywhere. Charles On 2011-10-25 2:33 PM, Jack Fredrikson wrote: > Hi; > > I continue to be plagued with this error: > > Oct 25 10:49:18 myserver postfix/pipe[3712]: 0423257901AB: to=, relay=dovecot, delay=109318, delays=109318/0.14/0/0.1, dsn=4.3.0, status=deferred (temporary failure > > It's been a week that I've been working day and night to get this fixed. > > I forgot to add this information: > > [root]# doveconf -n > auth_mechanisms = plain login > first_valid_gid = 12 > first_valid_uid = 86 > mail_location = maildir:/var/vmail/%d/%u > passdb { > args = /usr/local/etc/dovecot/sql.conf > driver = sql > } > plugin { > quota = maildir:storage=10240:messages=1000 > trash = /usr/local/etc/dovecot/trash.conf > } > protocols = imap pop3 > service auth { > unix_listener auth-userdb { > group = postfix > mode = 0660 > user = postfix > } > user = root > } > ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2 > ssl_key = ssl_key_password = passwd > userdb { > args = /usr/local/etc/dovecot/sql.conf > driver = sql > } > protocol imap { > mail_plugins = quota imap_quota > } > protocol pop3 { > mail_plugins = quota > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } > protocol lda { > hostname = myserver.com > info_log_path = /var/log/dovecot-deliver.log > log_path = /var/log/dovecot-deliver.log > mail_plugins = quota > postmaster_address = postmaster at creative.vi > sendmail_path = /usr/sbin/sendmail.postfix > } > > [root] # vi main.cf > queue_directory = /var/spool/postfix > myorigin = $mydomain > command_directory = /usr/sbin > daemon_directory = /usr/libexec/postfix > mail_owner = postfix > inet_interfaces = all > unknown_local_recipient_reject_code = 550 > debug_peer_list = > sendmail_path = /usr/sbin/sendmail.postfix > newaliases_path = /usr/bin/newaliases > mailq_path = /usr/bin/mailq > setgid_group = postdrop > html_directory = no > manpage_directory = /usr/local/man > sample_directory = /etc/postfix > readme_directory = no > mydomain = myserver.com > mydestination = > $mydomain, > $myhostname, > localhost.$mydomain > mail_spool_directory = /var/spool/mail > home_mailbox = Mailbox > disable_vrfy_command = yes > show_user_unknown_table_name = no > > > data_directory = /var/lib/postfix > # --------------- local settings ------------------ > myhostname = myserver.com > inet_interfaces = localhost, $myhostname > mynetworks = $config_directory/mynetworks > #mydestination = localhost.$mydomain, localhost, $myhostname > #uncomment if you need relay_domains... do not list domains in both relay and virtual > relay_domains = proxy:mysql:$config_directory/mysql_relay_domains_maps.cf > # ---------------------- VIRTUAL DOMAINS START ---------------------- > virtual_mailbox_base = /var/vmail > virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf > virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf > virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf > virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf > virtual_minimum_uid = 89 > virtual_uid_maps = static:89 > virtual_gid_maps = static:89 > virtual_transport = dovecot > dovecot_destination_recipient_limit = 1 > # ---------------------- VIRTUAL DOMAINS END ---------------------- > # ---------------------- SASL PART START ---------------------- > smtpd_sasl_auth_enable = yes > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination > smtpd_sasl_security_options = noanonymous > broken_sasl_auth_clients = yes > smtpd_sasl_type = dovecot > smtpd_sasl_path = /var/spool/postfix/private/auth > smtpd_sasl_application_name = smtpd > # ---------------------- SASL PART END ---------------------- > smtpd_soft_error_limit = 10 > smtpd_hard_error_limit = 20 > smtpd_helo_required = yes > disable_vrfy_command = yes > non_fqdn_reject_code = 504 > invalid_hostname_reject_code = 450 > maps_rbl_reject_code = 554 > alias_maps = hash:/etc/aliases > reject_unknown_client = false > reject_unknown_hostname = false > mailbox_command = /usr/local/libexec/dovecot/deliver -f "$SENDER" -a "$RECIPIENT" > > > [root] # vi master.cf > smtp inet n - n - - smtpd > submission inet n - - - - smtpd -D > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_sasl_type=dovecot > -o smtpd_sasl_path=private/auth > -o smtpd_sasl_security_options=noanonymous > -o smtpd_sasl_local_domain=$myhostname > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o smtpd_sender_login_maps=hash:/etc/postfix/virtual > -o smtpd_sender_restrictions=reject_sender_login_mismatch > -o smtpd_recipient_restrictions=reject_unknown_recipient_domain,reject_non_fqdn_recipient,permit_sasl_authenticated,reject > amavisfeed unix - - n - 2 lmtp > -o lmtp_data_done_timeout=1200 > -o lmtp_send_xforward_command=yes > -o disable_dns_lookups=yes > -o max_use=20 > 587 inet n - n - - smtpd > pickup fifo n - n 60 1 pickup > cleanup unix n - n - 0 cleanup > qmgr fifo n - n 300 1 qmgr > tlsmgr unix - - n 1000? 1 tlsmgr > rewrite unix - - n - - trivial-rewrite > bounce unix - - n - 0 bounce > defer unix - - n - 0 bounce > trace unix - - n - 0 bounce > verify unix - - n - 1 verify > flush unix n - n 1000? 0 flush > proxymap unix - - n - - proxymap > smtp unix - - n - - smtp > relay unix - - n - - smtp > -o fallback_relay= > showq unix n - n - - showq > error unix - - n - - error > discard unix - - n - - discard > local unix - n n - - local > virtual unix - n n - - virtual > lmtp unix - - n - - lmtp > anvil unix - - n - 1 anvil > scache unix - - n - 1 scache > maildrop unix - n n - - pipe > flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} > uucp unix - n n - - pipe > flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) > ifmail unix - n n - - pipe > flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) > bsmtp unix - n n - - pipe > flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient > retry unix - - n - - error > proxywrite unix - - n - 1 proxymap > dovecot unix - n n - - pipe > flags=DRhu user=dovecot argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} ${recipient} > spamfilter unix - n n - - pipe > flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter -f ${sender} -- ${recipient} > > > TIA, > Jack > -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6200 x224 | 678.514.6299 fax From tss at iki.fi Tue Oct 25 23:02:19 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 25 Oct 2011 23:02:19 +0300 Subject: [Dovecot] SSL renegotiation vulnerability (Was: dovecot evaluation on a 30 gb mailbox) In-Reply-To: <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> Message-ID: <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> On 25.10.2011, at 21.51, Timo Sirainen wrote: > On 25.10.2011, at 21.13, Timo Sirainen wrote: > >>> Could the reason he hasn't found such a setting be that SSL renegotiate >>> isn't supported at all in dovecot...? >> >> Looking at the OpenSSL code, I don't see any way to disable it. Or possibly with some undocumented kludgy way, but I don't really know enough about OpenSSL to implement it. > > Actually, the attached patch works for v2.0. I'm not really sure yet if I should add a setting for it, force it always or just wait for SSL people to figure out something else. I think I'll do the last option for now. > > In any case, I noticed there was some memory "leaking" when doing SSL renegotiation and that definitely needs to be fixed: http://hg.dovecot.org/dovecot-2.0/rev/ad2ebc237570 I don't know if I'm doing something wrong, but I can't even cause a DoS. Even while all imap-login processes are eating 100% CPU (almost 500 handshakes/second), I can successfully log in with another client. From noel.butler at ausics.net Wed Oct 26 03:05:57 2011 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 26 Oct 2011 10:05:57 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> Message-ID: <1319587557.8419.14.camel@tardis> Hi, I've been away for a while, and the previous threads I stopped reading because it makes reading War and Peace look more enticing. Have you run in debug mode? On Tue, 2011-10-25 at 11:33 -0700, Jack Fredrikson wrote: > Hi; > > I continue to be plagued with this error: > > Oct 25 10:49:18 myserver postfix/pipe[3712]: 0423257901AB: to=, relay=dovecot, delay=109318, delays=109318/0.14/0/0.1, dsn=4.3.0, status=deferred (temporary failure > So, it looks like an LDA issue > It's been a week that I've been working day and night to get this fixed. > I only have v1.2 config files to compare at present, we aborted use of 2.0 for internal reasons, I know (sadly) many things changed in the config format so I wont begin to assume you have correct components in the right blocks because I'd for sure end up being wrong. What you could try, is looking at the exceed quota examples, and try injecting a message for a user that way using dovecot's deliver and see if it stores the message correctly. Does pop3 work for the users? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From stan at hardwarefreak.com Wed Oct 26 10:33:09 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 26 Oct 2011 02:33:09 -0500 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA70F37.3000401@Media-Brokers.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> Message-ID: <4EA7B7B5.6060609@hardwarefreak.com> On 10/25/2011 2:34 PM, Charles Marcus wrote: > Jack, > > A word of advice... you need to take a breath, and START OVER. Yep. Start by ditching that old as dirt POS distro known as CentOS. And don't roll-your-own-Dovecot from source. Simply install Debian 6, or get your VPS provider to swap your image for it, and: ~$ aptitude install dovecot-imapd dovecot-common You'll get version 1.2.15, which is probably fine as you don't need the advanced features of 2.x anyway. Then the only thing to worry about now is getting dovecot.conf setup correctly, which is a lot easier than digging yourself out of your current hole. -- Stan From limperis at cti.gr Wed Oct 26 10:41:49 2011 From: limperis at cti.gr (Limperis Antonis) Date: Wed, 26 Oct 2011 07:41:49 +0000 Subject: [Dovecot] variable for gid Message-ID: Hi Is possible for a variable for gid of each user, such as %ifor uid . Thanks for your attention Antonis From noel.butler at ausics.net Wed Oct 26 10:44:57 2011 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 26 Oct 2011 17:44:57 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA7B7B5.6060609@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> Message-ID: <1319615097.32388.7.camel@tardis> *sigh* As usual Stanley, you do not contribute anything constructive, only trollish jibberish Charles' advice however would be my next step, but at this point I think it's a bit drastic. On Wed, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: > On 10/25/2011 2:34 PM, Charles Marcus wrote: > > Jack, > > > > A word of advice... you need to take a breath, and START OVER. > > Yep. Start by ditching that old as dirt POS distro known as CentOS. > And don't roll-your-own-Dovecot from source. Simply install Debian 6, > or get your VPS provider to swap your image for it, and: > > ~$ aptitude install dovecot-imapd dovecot-common > > You'll get version 1.2.15, which is probably fine as you don't need the > advanced features of 2.x anyway. Then the only thing to worry about now > is getting dovecot.conf setup correctly, which is a lot easier than > digging yourself out of your current hole. > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From noel.butler at ausics.net Wed Oct 26 11:04:58 2011 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 26 Oct 2011 18:04:58 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> Message-ID: <1319616298.32388.15.camel@tardis> On Tue, 2011-10-25 at 11:33 -0700, Jack Fredrikson wrote: > mailbox_command = /usr/local/libexec/dovecot/deliver -f "$SENDER" -a "$RECIPIENT" > get rid of this ^^^^^^^^^^^^^ in postifx main.cf > dovecot unix - n n - - pipe > flags=DRhu user=dovecot argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} ${recipient} in master, try dovecot unix - n n - - pipe flags=DRhu user=dovecot argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -e -d ${user}@${nexthop} Are you really using user dovecot? Did you build this from source, if so show us the options you used -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From sb at dod.no Wed Oct 26 11:25:18 2011 From: sb at dod.no (Steinar Bang) Date: Wed, 26 Oct 2011 10:25:18 +0200 Subject: [Dovecot] SSL renegotiation vulnerability References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> Message-ID: >>>>> Timo Sirainen : > I don't know if I'm doing something wrong, but I can't even cause a > DoS. Even while all imap-login processes are eating 100% CPU (almost > 500 handshakes/second), I can successfully log in with another client. Are you using the tool linked to in the article, to stress the server? http://www.thc.org/thc-ssl-dos/ From mcbdovecot at robuust.nl Wed Oct 26 11:36:56 2011 From: mcbdovecot at robuust.nl (Maarten Bezemer) Date: Wed, 26 Oct 2011 10:36:56 +0200 (CEST) Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319615097.32388.7.camel@tardis> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319615097.32388.7.camel@tardis> Message-ID: On Wed, 26 Oct 2011, Noel Butler wrote: > *sigh* > > As usual Stanley, you do not contribute anything constructive, only > trollish jibberish I don't know where both of you live, but can't you just grab a coffee and find out what it is that makes a mockery of any discussion between the two of you? Or why you can't seem to get along? Make sure the coffee isn't too hot so you can at least throw it at one another without getting any lawyer involved :-P How hard would it be to just not feed the trolls, if you're so convinced Stan is one. He's not even trying to get on your nerves, and yet you take it personal. I could have gone and *sigh* about Hadmuts not-so-polite last reply a few days ago, but I figured that wouldn't have helped anyone. Probably not even my ego. Back on topic: there sems to be an issue that doesn't handle temporary failures properly (i.e., it should at least record the details of the failure in some logs). This may very well be related to a locally built Dovecot, or being unfamiliar with Postfix/Dovecot configuration, or both. You could try something like 'su' or 'sudo' to break the transactions into separate parts, to see what's generating the tempfail and why. Maybe we're missing some log entries right above the quoted postfix tempfail, that shows some non-null exit code. -- Maarten From sb at dod.no Wed Oct 26 11:43:39 2011 From: sb at dod.no (Steinar Bang) Date: Wed, 26 Oct 2011 10:43:39 +0200 Subject: [Dovecot] SSL renegotiation vulnerability References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> Message-ID: >>>>> Steinar Bang : >>>>> Timo Sirainen : >> I don't know if I'm doing something wrong, but I can't even cause a >> DoS. Even while all imap-login processes are eating 100% CPU (almost >> 500 handshakes/second), I can successfully log in with another client. > Are you using the tool linked to in the article, to stress the server? > http://www.thc.org/thc-ssl-dos/ Here's what the article says about stressing dovecot: "Alle servertjenester benytter SSL kan i utgangspunktet v?re ber?rt. Digi.no har testet verkt?yet mot en eldre, intern server som kj?rer Linux. Angrepet mot Apache/HTTPD var mislykket, fordi SSL Renegotiation var deaktivert som standard. Men en angrep mot en POP3S-basert (kryptert e-post) tjeneste levert av serverprogramvaren Dovecot, kj?rte CPU-lasten i taket med over tusen ?handshakes? i sekundet. Angrepet f?rte ikke til at hele maskinen ble utilgjengelig, men POP3S-tjenesten ble i praksis ubrukelig s? lenge angrepet varte." A quick translate: All services using SSL can be affected. Digi.no has tested the tool against an old, internal server running Linux. The attach against Apache httpd failed, because SSL Renegotiation was deactivated by default. But an attach against a POP3S (encrypted email) service delivered by the server program Dovecot, ran the CPU-load into the roof with over a thousand "Handshakes" per second. The attack didn't cause the computer to be inaccessible, but the POP3S-service was unusable for the duration of the attack. So it looks like they didn't test IMAPS access, only POP3S. From robert at schetterer.org Wed Oct 26 12:01:51 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 26 Oct 2011 11:01:51 +0200 Subject: [Dovecot] SSL renegotiation vulnerability In-Reply-To: References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> Message-ID: <4EA7CC7F.6090107@schetterer.org> Am 26.10.2011 10:43, schrieb Steinar Bang: >>>>>> Steinar Bang : >>>>>> Timo Sirainen : > >>> I don't know if I'm doing something wrong, but I can't even cause a >>> DoS. Even while all imap-login processes are eating 100% CPU (almost >>> 500 handshakes/second), I can successfully log in with another client. > >> Are you using the tool linked to in the article, to stress the server? >> http://www.thc.org/thc-ssl-dos/ > > Here's what the article says about stressing dovecot: > "Alle servertjenester benytter SSL kan i utgangspunktet v?re > ber?rt. Digi.no har testet verkt?yet mot en eldre, intern server som > kj?rer Linux. Angrepet mot Apache/HTTPD var mislykket, fordi SSL > Renegotiation var deaktivert som standard. Men en angrep mot en > POP3S-basert (kryptert e-post) tjeneste levert av serverprogramvaren > Dovecot, kj?rte CPU-lasten i taket med over tusen ?handshakes? i > sekundet. Angrepet f?rte ikke til at hele maskinen ble utilgjengelig, > men POP3S-tjenesten ble i praksis ubrukelig s? lenge angrepet varte." > > A quick translate: > All services using SSL can be affected. Digi.no has tested the tool > against an old, internal server running Linux. The attach against > Apache httpd failed, because SSL Renegotiation was deactivated by > default. But an attach against a POP3S (encrypted email) service > delivered by the server program Dovecot, ran the CPU-load into the > roof with over a thousand "Handshakes" per second. The attack didn't > cause the computer to be inaccessible, but the POP3S-service was > unusable for the duration of the attack. > > So it looks like they didn't test IMAPS access, only POP3S. > however wasnt it possible ever to stress any service via ddos ? this tool may only very effective in doing that the most problem is see , not everybody can use fail2ban on his servers by keeping out dummy auth users over nat ( I have such case ) anyway ,firewalls should slow down ddos attacks, which might cause other problems then *g, but for sure not from one ip just a few thoughts..,for sure ,best way would be, getting it fixed -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From dg at dguhl.org Wed Oct 26 12:43:41 2011 From: dg at dguhl.org (Dennis Guhl) Date: Wed, 26 Oct 2011 11:43:41 +0200 Subject: [Dovecot] variable for gid In-Reply-To: References: Message-ID: <20111026094341.GA10257@laptop-dg.leere.eu> On Wed, Oct 26, 2011 at 07:41:49AM +0000, Limperis Antonis wrote: > Hi > > Is possible for a variable for gid of each user, such as %ifor uid . I don't know what your question exactly is, but I tink the answer will be no, there is no variable for GIDs. http://wiki2.dovecot.org/Variables shows all valid variables for Dovecot 2 (s/2/1/ works for old Dovecot). HTH Dennis From stan at hardwarefreak.com Wed Oct 26 13:39:53 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 26 Oct 2011 05:39:53 -0500 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319615097.32388.7.camel@tardis> Message-ID: <4EA7E379.1010906@hardwarefreak.com> On 10/26/2011 3:36 AM, Maarten Bezemer wrote: > and find out what it is that makes a mockery of any discussion between > the two of you? Discussion?? I *thoroughly* blocked Noel Butler about a year ago. Should I define *thoroughly*? That means direct to MX, list mail, smoke signals, and yodels from a mountain top. You're unfairly associating me with this nitwit. I extricated myself from his mud pit long ago. -- Stan From dg at dguhl.org Wed Oct 26 16:14:20 2011 From: dg at dguhl.org (Dennis Guhl) Date: Wed, 26 Oct 2011 15:14:20 +0200 Subject: [Dovecot] OT: Re: Temporary Failure that's Permanent! In-Reply-To: <4EA7E379.1010906@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319615097.32388.7.camel@tardis> <4EA7E379.1010906@hardwarefreak.com> Message-ID: <20111026131418.GA16891@PC211.ikt.de> On Wed, Oct 26, 2011 at 05:39:53AM -0500, Stan Hoeppner wrote: [..] Stan, we all know your 'affection' for Noel Butler, as well as we all know him. But please keep this off list. Like Maarten pointed out, it's not worth the trouble and only bothers everybody. Dennis P.S. I know this should be send off list, but you have a habit to block very savagely :) From bernd at petrovitsch.priv.at Wed Oct 26 16:48:00 2011 From: bernd at petrovitsch.priv.at (Bernd Petrovitsch) Date: Wed, 26 Oct 2011 15:48:00 +0200 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA7B7B5.6060609@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> Message-ID: <1319636880.5546.19.camel@thorin> On Mit, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: > On 10/25/2011 2:34 PM, Charles Marcus wrote: [....] > > A word of advice... you need to take a breath, and START OVER. > > Yep. Start by ditching that old as dirt POS distro known as CentOS. Dovecot works fine on my CentOS-5.* and -6. > And don't roll-your-own-Dovecot from source. [....] And I used it self-compiled (because there were at times no current packages) and nowadays an RPM from some repo. Granted with sendmail as MTA but that shouldn't make a big difference. Bernd -- Bernd Petrovitsch Email : bernd at petrovitsch.priv.at LUGA : http://www.luga.at From pw at wk-serv.de Thu Oct 27 00:13:50 2011 From: pw at wk-serv.de (Patrick Westenberg) Date: Wed, 26 Oct 2011 23:13:50 +0200 Subject: [Dovecot] Indexes to MLC-SSD Message-ID: <4EA8780E.5030808@wk-serv.de> Hi all, is anyone on this list who dares/dared to store his index files on a MLC-SSD? Regards, Patrick From stan at hardwarefreak.com Thu Oct 27 05:36:06 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 26 Oct 2011 21:36:06 -0500 Subject: [Dovecot] Indexes to MLC-SSD In-Reply-To: <4EA8780E.5030808@wk-serv.de> References: <4EA8780E.5030808@wk-serv.de> Message-ID: <4EA8C396.3040105@hardwarefreak.com> On 10/26/2011 4:13 PM, Patrick Westenberg wrote: > Hi all, > > is anyone on this list who dares/dared to store his index files on a > MLC-SSD? I have not. But I can tell you that a 32GB Corsair MLC SSD in my workstation died after 4 months of laughably light duty. It had nothing to do with cell life but low product quality. This was my first foray into SSD. The RMA replacement is still kickin after 2 months, thankfully. I'm holding my breath... Scanning the reviews on Newegg shows early MLC SSD failures across most brands, early being a year or less. Some models/sizes are worse than others. OCZ has a good reputation overall, but reviews show some of their models to be grenades. Thus, if you were to put indexes on SSD, you should strongly consider using a mirrored pair. -- Stan From stan at hardwarefreak.com Thu Oct 27 05:51:21 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 26 Oct 2011 21:51:21 -0500 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319636880.5546.19.camel@thorin> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> Message-ID: <4EA8C729.7010409@hardwarefreak.com> On 10/26/2011 8:48 AM, Bernd Petrovitsch wrote: > On Mit, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: >> On 10/25/2011 2:34 PM, Charles Marcus wrote: > [....] >>> A word of advice... you need to take a breath, and START OVER. >> >> Yep. Start by ditching that old as dirt POS distro known as CentOS. > > Dovecot works fine on my CentOS-5.* and -6. Yes, because you know what you're doing. >> And don't roll-your-own-Dovecot from source. > [....] > > And I used it self-compiled (because there were at times no current > packages) and nowadays an RPM from some repo. > Granted with sendmail as MTA but that shouldn't make a big difference. See above comment. The OP is having trouble with a roll-your-own combo Dovecot and Postfix install. He went this route because the CentOS 5.x packages are old as dirt. Now he's having severe problems getting the RYO stuff working properly. If he has the option of using a distro with far more current packages, it would be much easier for him to get up and running. Thus my suggestion to give Debian a try. Any distro he's comfortable with and has access to, that has relatively up to date Dovecot and Postfix versions, would be just as suitable. The bulk of his problems stem from issues revolving around installing from source. Moving to recent distro packages will very likely solve most of his problems. -- Stan From dswartz at druber.com Thu Oct 27 05:54:25 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Wed, 26 Oct 2011 22:54:25 -0400 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA8C729.7010409@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com><4EA70F37.3000401@Media-Brokers.com><4EA7B7B5.6060609@hardwarefreak.com><1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> Message-ID: Ubuntu has a nice dovecot-postfix combo package. From nick.z.edwards at gmail.com Thu Oct 27 08:49:35 2011 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Thu, 27 Oct 2011 15:49:35 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA8C729.7010409@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> Message-ID: Why do you troll You do not help OP in any way saying, use another distribution, this is a clear sign of TROLL Too many on this list, if you not going to help OP piss off and dont click that reply button and ignore tham, how about we tell you to use another distribution that is current like gentoo, freebsd, slackware, or even a mac everytime you have a problem. Why Timo let you get away with this so long I cant believe. and if you for one minute think debian is a current you are bigger dickhead than you come across as. do not reply to me either I killfile trolls and I cant believe I did not fuck you off a long time ago, all you do is go into 15 page gooblygook hoping to dazzle people with your _lack_ of knowledge. What do they say a little knowledge in the hands of some is .... You remind me of that ninkenpoop Karl from the ubuntu list, maybe you are him in disguise On Thu, Oct 27, 2011 at 12:51 PM, Stan Hoeppner wrote: > On 10/26/2011 8:48 AM, Bernd Petrovitsch wrote: > > On Mit, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: > >> On 10/25/2011 2:34 PM, Charles Marcus wrote: > > [....] > >>> A word of advice... you need to take a breath, and START OVER. > >> > >> Yep. Start by ditching that old as dirt POS distro known as CentOS. > > > > Dovecot works fine on my CentOS-5.* and -6. > > Yes, because you know what you're doing. > > >> And don't roll-your-own-Dovecot from source. > > [....] > > > > And I used it self-compiled (because there were at times no current > > packages) and nowadays an RPM from some repo. > > Granted with sendmail as MTA but that shouldn't make a big difference. > > See above comment. > > The OP is having trouble with a roll-your-own combo Dovecot and Postfix > install. He went this route because the CentOS 5.x packages are old as > dirt. Now he's having severe problems getting the RYO stuff working > properly. > > If he has the option of using a distro with far more current packages, > it would be much easier for him to get up and running. Thus my > suggestion to give Debian a try. Any distro he's comfortable with and > has access to, that has relatively up to date Dovecot and Postfix > versions, would be just as suitable. > > The bulk of his problems stem from issues revolving around installing > from source. Moving to recent distro packages will very likely solve > most of his problems. > > -- > Stan > From nick.z.edwards at gmail.com Thu Oct 27 08:51:24 2011 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Thu, 27 Oct 2011 15:51:24 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> Message-ID: please do not feed the troll On Thu, Oct 27, 2011 at 12:54 PM, Dan Swartzendruber wrote: > > Ubuntu has a nice dovecot-postfix combo package. > > From lists at wildgooses.com Thu Oct 27 11:25:21 2011 From: lists at wildgooses.com (Ed W) Date: Thu, 27 Oct 2011 09:25:21 +0100 Subject: [Dovecot] SSL renegotiation vulnerability In-Reply-To: <4EA7CC7F.6090107@schetterer.org> References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> <4EA7CC7F.6090107@schetterer.org> Message-ID: <4EA91571.1010800@wildgooses.com> On 26/10/2011 10:01, Robert Schetterer wrote: > the most problem is see , not everybody can use fail2ban on his servers > by keeping out dummy auth users over nat ( I have such case ) > > anyway ,firewalls should slow down ddos attacks, which might cause other > problems then *g, but for sure not from one ip ... > > just a few thoughts..,for sure ,best way would be, getting it fixed If you google (I think it was on slashdot), I saw a couple of posts with a simple iptables rule with some rate limits attached to it. Clearly you could also read the iptables instructions and figure it out for yourself, but just highlighting that even the footwork has been done if you want copy/paste I think it's generally not such a bad idea to say limit tcp connections per second from a source IPs. There are plenty of big services that might not be able to implement this as a blanket, but for many shops it could probably be just added as a default for the server... Cheers Ed W From lists at wildgooses.com Thu Oct 27 11:31:13 2011 From: lists at wildgooses.com (Ed W) Date: Thu, 27 Oct 2011 09:31:13 +0100 Subject: [Dovecot] Indexes to MLC-SSD In-Reply-To: <4EA8C396.3040105@hardwarefreak.com> References: <4EA8780E.5030808@wk-serv.de> <4EA8C396.3040105@hardwarefreak.com> Message-ID: <4EA916D1.30409@wildgooses.com> On 27/10/2011 03:36, Stan Hoeppner wrote: > On 10/26/2011 4:13 PM, Patrick Westenberg wrote: >> Hi all, >> >> is anyone on this list who dares/dared to store his index files on a >> MLC-SSD? > I have not. But I can tell you that a 32GB Corsair MLC SSD in my > workstation died after 4 months of laughably light duty. It had nothing > to do with cell life but low product quality. This was my first foray > into SSD. The RMA replacement is still kickin after 2 months, > thankfully. I'm holding my breath... > > Scanning the reviews on Newegg shows early MLC SSD failures across most > brands, early being a year or less. Some models/sizes are worse than > others. OCZ has a good reputation overall, but reviews show some of > their models to be grenades. > > Thus, if you were to put indexes on SSD, you should strongly consider > using a mirrored pair. > I don't think you are saying that the advice varies here compared with HDDs? I do agree that some SSDs are showing very early failures, but it's only a tweak to the probability parameter compared with any other storage medium. They ALL fail at some point, and generally well within the life of the rest of the server. Some kind of failure planning is necessary Caveat the potentially higher failures vs HDDs I don't see any reason why an SSD shouldn't work well? (even more so if you are using maildir where indexes can be regenerated). More interestingly: for small sizes like 32GB, has anyone played with the "compressed ram with backing store" thing in newer kernels (that I forget the name of now). I think it's been marketed for swap files, but assuming I got the theory it could be used as a ram drive with slow writeback to permanent storage? Good luck Ed W From robert at schetterer.org Thu Oct 27 12:12:58 2011 From: robert at schetterer.org (Robert Schetterer) Date: Thu, 27 Oct 2011 11:12:58 +0200 Subject: [Dovecot] SSL renegotiation vulnerability In-Reply-To: <4EA91571.1010800@wildgooses.com> References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> <4EA7CC7F.6090107@schetterer.org> <4EA91571.1010800@wildgooses.com> Message-ID: <4EA9209A.8090601@schetterer.org> Am 27.10.2011 10:25, schrieb Ed W: > On 26/10/2011 10:01, Robert Schetterer wrote: >> the most problem is see , not everybody can use fail2ban on his servers >> by keeping out dummy auth users over nat ( I have such case ) >> >> anyway ,firewalls should slow down ddos attacks, which might cause other >> problems then *g, but for sure not from one ip > ... >> >> just a few thoughts..,for sure ,best way would be, getting it fixed > > If you google (I think it was on slashdot), I saw a couple of posts with > a simple iptables rule with some rate limits attached to it. Clearly > you could also read the iptables instructions and figure it out for > yourself, but just highlighting that even the footwork has been done if > you want copy/paste i just read it, but its my understanding, that this isnt solving the real Problem, also these rules cant used everywhere by tec layout reasons however youre right, this might help where using it is possible > > I think it's generally not such a bad idea to say limit tcp connections > per second from a source IPs. There are plenty of big services that > might not be able to implement this as a blanket, but for many shops it > could probably be just added as a default for the server... we have a big firewall before all server, it does rate con, but in heavy attacks, this can take off the whole farm, cause every firewall has its limits too, also the problem may involve core routers etc every big attack has to be analysed and reacted, there is reason to do something better ever, but there never be a safe world in www *g > > Cheers > > Ed W -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From urushkin at telros.ru Thu Oct 27 15:35:24 2011 From: urushkin at telros.ru (Sergey Urushkin) Date: Thu, 27 Oct 2011 16:35:24 +0400 Subject: [Dovecot] GSSAPI and deny=yes passdb In-Reply-To: <4E8ACB70.7060004@telros.ru> References: <4E8ACB70.7060004@telros.ru> Message-ID: <4EA9500C.6000405@telros.ru> Noone has an idea? # dovecot --version 2.0.15 04.10.2011 13:01, Sergey Urushkin ?????: > Hi. Is it possible to use GSSAPI authentication and deny passdb > together? Seems it doesn't work as I expect: GSSAPI doesn't check deny > passdb, so I'm not able to restrict access to GSSAPI-users. > > > ... -- Best regards, Sergey Urushkin From bernd at petrovitsch.priv.at Thu Oct 27 15:51:54 2011 From: bernd at petrovitsch.priv.at (Bernd Petrovitsch) Date: Thu, 27 Oct 2011 14:51:54 +0200 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA8C729.7010409@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> Message-ID: <1319719915.5546.47.camel@thorin> On Mit, 2011-10-26 at 21:51 -0500, Stan Hoeppner wrote: > On 10/26/2011 8:48 AM, Bernd Petrovitsch wrote: > > On Mit, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: > >> On 10/25/2011 2:34 PM, Charles Marcus wrote: > > [....] > >>> A word of advice... you need to take a breath, and START OVER. [....] > > Dovecot works fine on my CentOS-5.* and -6. > > Yes, because you know what you're doing. Every root/sysadmin/administrator is supposed to know what s/he is doing - even if one runs Ubuntu;-) [....] > >> And don't roll-your-own-Dovecot from source. BTW compiling dovecot is the usual `configure; make; make install' IIRC. For the configuration: if it doesn't work out of the box, you have to dive into it - even with .rpm/.deb based installs. And if it works out of the box, it may have a too "open" default configuration. SCNR .... [....] > > And I used it self-compiled (because there were at times no current > > packages) and nowadays an RPM from some repo. > > Granted with sendmail as MTA but that shouldn't make a big difference. [...] > The OP is having trouble with a roll-your-own combo Dovecot and Postfix > install. He went this route because the CentOS 5.x packages are old as > dirt. Now he's having severe problems getting the RYO stuff working Yes, because CentOS-5.* is old as dirt as it is basically an extremely stable enterprise distribution. > properly. [...] > If he has the option of using a distro with far more current packages, > it would be much easier for him to get up and running. Thus my Does he has that option? Running an old-and-stable distribution may have other reasons than "too lazy to upgrade". > suggestion to give Debian a try. Any distro he's comfortable with and > has access to, that has relatively up to date Dovecot and Postfix > versions, would be just as suitable. Debian/stable is (or at least was) usually similar old as SuSE-enterprise and RHEL/CentOS. > The bulk of his problems stem from issues revolving around installing If you know that exactly where his problems are, perhaps you should help him to solve it and just tell him to start somewhere else from scratch. > from source. Moving to recent distro packages will very likely solve > most of his problems. The most simple usual RHEL/CentOS (and Debian/Stale BTW while we're at it) solution is to try rebuilt the src.rpm (or src.deb, respectively) from the current (or a newer) Fedora. That might or not work without problems (like dependencies on quite newer version of some libraries) but the try is a matter on an hour or so. Kind regards, Bernd -- Bernd Petrovitsch Email : bernd at petrovitsch.priv.at LUGA : http://www.luga.at From maillist at lightspeed.ca Thu Oct 27 22:16:26 2011 From: maillist at lightspeed.ca (Ernie Dunbar) Date: Thu, 27 Oct 2011 12:16:26 -0700 Subject: [Dovecot] POP server migration and duplicate messages. Message-ID: I'm having trouble with Dovecot where my mail client (if it matters, I'm using Evolution) collects some duplicate messages when switching between POP servers that have the same messages on them. I'm doing this as a test for server migration for all of our clients. Here's my procedure: 1. set up Dovecot and Exim on the new server so that everything works like on the old server. The old server also uses Dovecot and Exim, so very few things changed. 2. On the new server, use NFS to access the users' Maildirs on a remote NFS server. 3. Sync the Maildirs on the NFS store from the old server with SCP (and I do a quick SCP sync on my own Maildir during testing to ensure that this process is quick). 4. Check mail in Evolution on the old server. 5. Change Evolution's server settings to use the new server. 6. Check mail again. Evolution is set to keep messages on the server for one week, and about 20 of the 184 messages on the server keep getting re-downloaded. From a random sampling, the UIDL of the messages checks out between both servers, so I really don't understand what's going on here. If this is just a bug in Evolution, then that means I can just go ahead with the full migration and hope that people aren't going to be stuck with re-downloading their entire mailbox which in some cases, means hundreds or thousands of messages. From aewhale at ABS-CompTech.com Thu Oct 27 22:52:41 2011 From: aewhale at ABS-CompTech.com (Albert E. Whale) Date: Thu, 27 Oct 2011 15:52:41 -0400 Subject: [Dovecot] Configuring mbox and maildir formats - dovecot-1.2.15 Message-ID: <4EA9B689.7060500@ABS-CompTech.com> I am transitioning an existing server from using exclusively mbox, to being able to support both mbox and then fully maildir formats. I need to support the mbox format until I can get everyone switched over to maildir. What do I need to to use in the config of /etc/dovecot.conf to support the default of mbox, and then the new Maildir format (users will get upgraded individually from mbox to Maildir, and need to be upgraded). Thank you. -- Albert E. Whale, CHS CISA CISSP Senior Technology & Security Director *ABS Computer Technology, Inc. * 412-635-7488 ext 100 aewhale at ABS-CompTech.com www.ABS-CompTech.com -------------- next part -------------- A non-text attachment was scrubbed... Name: aewhale.vcf Type: text/x-vcard Size: 384 bytes Desc: not available URL: From ssilva at sgvwater.com Fri Oct 28 00:35:30 2011 From: ssilva at sgvwater.com (Scott Silva) Date: Thu, 27 Oct 2011 14:35:30 -0700 Subject: [Dovecot] Configuring mbox and maildir formats - dovecot-1.2.15 In-Reply-To: <4EA9B689.7060500@ABS-CompTech.com> References: <4EA9B689.7060500@ABS-CompTech.com> Message-ID: on 10/27/2011 12:52 PM Albert E. Whale spake the following: > I am transitioning an existing server from using exclusively mbox, to being > able to support both mbox and then fully maildir formats. > > I need to support the mbox format until I can get everyone switched over to > maildir. > > What do I need to to use in the config of /etc/dovecot.conf to support the > default of mbox, and then the new Maildir format (users will get upgraded > individually from mbox to Maildir, and need to be upgraded). > > Thank you. > > When I did it, the automatic detection seemed to work OK. The only problem I had was because I used procmail for delivery. I had to have a custom procmailrc for each user as I did their migration. For each user, when you finish their migration, you have to rename their ~/mail folder to not show dupes. In my case as soon as there was a ~/Maildir folder, dovecot started using it and made new indexes. From seandarcy2 at gmail.com Fri Oct 28 00:56:36 2011 From: seandarcy2 at gmail.com (sean darcy) Date: Thu, 27 Oct 2011 17:56:36 -0400 Subject: [Dovecot] newbie: can't login as virtual user Message-ID: dovecot -n # 2.0.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38.8-32.fc15.i686.PAE i686 Fedora release 15 (Lovelock) auth_debug_passwords = yes disable_plaintext_auth = no info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_access_groups = mail mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u mail_privileged_group = mail mbox_write_locks = fcntl passdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } ssl_cert = , method=PLAIN, rip= , lip= , mpid=27062, TLS What's wrong with my configuration? Thanks, sean From marco at carcano.ch Fri Oct 28 01:55:09 2011 From: marco at carcano.ch (Marco Carcano) Date: Fri, 28 Oct 2011 00:55:09 +0200 Subject: [Dovecot] Mail lost - maybe a bug??? Message-ID: <0A7F1BA2-87A8-4688-A69B-86EAA7D78A73@carcano.ch> Hello everybody I'm struggling against what seems a really serious trouble: sometimes mail get lost I did all the possible checks, but they seems really lost - I know is absurd, but it seems so it has been noticed by two users on my server: intially I tought that was their mistake (mail deleted, mail into spam, ecc), but it wasn't I deeply checked mail logs, and it seems that mail are delivered (the path is postfix->amavis->dovecotlda) - log files says that messages are delivered, but sometimes we lost a message. I also tried to get into the Maildir and grep the subject of the lost email: if it was addressed to more recipients I'm able to get it on some of them, but not to all (look at the example below) I hope I have clearly explained everything, otherwise let me knowmydomain now an extract from the log file: Oct 27 11:20:29 srv001 postfix/smtpd[24562]: connect from usstlz- psecap06.emerson.com[144.191.128.17] Oct 27 11:20:30 srv001 postfix/smtpd[24562]: CE0B74E4A9F: client=usstlz-psecap06.emerson.com[144.191.128.17] Oct 27 11:20:31 srv001 postfix/cleanup[25157]: CE0B74E4A9F: warning: header Subject: =?utf-8?B? RW1lcnNvbiBHbG9iYWwgVXNlcnMgRXhjaGFuZ2UgMjAxMiBpbiBEw7xzc2VsZG9yZiA6IFJlaWNoZW4gU2llIGpldHp0IElocmUgUHLDpHNlbnRhdGlvbmVuIGVpbg ==?= from usstlz-psecap06.emerson.com[144.191.128.17]; from= to= proto=ESMTP helo= Oct 27 11:20:31 srv001 postfix/cleanup[25157]: CE0B74E4A9F: message- id= Oct 27 11:20:31 srv001 postfix/qmgr[11827]: CE0B74E4A9F: from=, size=22689, nrcpt=3 (queue active) Oct 27 11:20:33 srv001 dovecot: imap(lromano): Disconnected: Logged out bytes=632/34319 Oct 27 11:20:34 srv001 postfix/smtpd[25162]: connect from localhost.localdomain[127.0.0.1] Oct 27 11:20:34 srv001 postfix/smtpd[25162]: B16284E4AA2: client=localhost.localdomain[127.0.0.1] Oct 27 11:20:34 srv001 postfix/cleanup[25157]: B16284E4AA2: message- id= Oct 27 11:20:34 srv001 postfix/qmgr[11827]: B16284E4AA2: from=, size=23094, nrcpt=3 (queue active) Oct 27 11:20:34 srv001 amavis[22923]: (22923-01) Passed CLEAN, [144.191.128.17] [155.177.20.144] -> ,,, Message-ID: , mail_id: 6rtF4927FAjt, Hits: -0.518, size: 22687, queued_as: B16284E4AA2, 3293 ms Oct 27 11:20:34 srv001 postfix/lmtp[25158]: CE0B74E4A9F: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=0.95/0.01/0.01/3.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B16284E4AA2) Oct 27 11:20:34 srv001 postfix/lmtp[25158]: CE0B74E4A9F: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=0.95/0.01/0.01/3.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B16284E4AA2) Oct 27 11:20:34 srv001 postfix/lmtp[25158]: CE0B74E4A9F: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=0.95/0.01/0.01/3.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B16284E4AA2) Oct 27 11:20:34 srv001 postfix/qmgr[11827]: CE0B74E4A9F: removed Oct 27 11:20:34 srv001 dovecot: lda(user1): msgid=: saved mail to INBOX Oct 27 11:20:34 srv001 postfix/pipe[25165]: B16284E4AA2: to=, relay=dovecot, delay=0.04, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 27 11:20:34 srv001 dovecot: lda(user2): msgid=: saved mail to INBOX Oct 27 11:20:34 srv001 postfix/pipe[25168]: B16284E4AA2: to=, relay=dovecot, delay=0.04, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 27 11:20:34 srv001 dovecot: lda(user3): msgid=: saved mail to INBOX Oct 27 11:20:34 srv001 postfix/pipe[25170]: B16284E4AA2: to=, relay=dovecot, delay=0.05, delays=0.01/0.02/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 27 11:20:34 srv001 postfix/qmgr[11827]: B16284E4AA2: removed Oct 27 11:20:36 srv001 postfix/smtpd[24562]: disconnect from usstlz- psecap06.emerson.com[144.191.128.17] as you can see there was a message for oil at mydomain.ch (I obviously changed the domain for privacy) - logs says that all the three users got the email, but the third user didn't. I do not know why and when it happens, but seldom we have this issue maybe is there some kind of bug in the maildrop version I use? by the way, I had this issue also before installing amavisd-new now some infos: CentOS 5.3 postfix-2.3.3-2.1.el5_2 amavisd-new-2.6.6-1.el5.rf dovecot-2.0.11-1_126 dovecot-managesieve-0.2.2-15 dovecot-pigeonhole-0.2.2-15 users are on a Kerberized OpenLDAP please help me because this is really driving me crazy - don't leave me alone, please Marco Carcano From stan at hardwarefreak.com Fri Oct 28 03:07:19 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 27 Oct 2011 19:07:19 -0500 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319719915.5546.47.camel@thorin> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> <1319719915.5546.47.camel@thorin> Message-ID: <4EA9F237.5010000@hardwarefreak.com> On 10/27/2011 7:51 AM, Bernd Petrovitsch wrote: > Debian/stable is (or at least was) usually similar old as > SuSE-enterprise and RHEL/CentOS. This is simply not true. Debian stable has consistently newer packages across the board compared to RHEL or CentOS. Debian Backports offers even newer packages. The Red Hat ecosystem has no equivalent back port project TTBOMK. -- Stan From jtam.home at gmail.com Fri Oct 28 03:13:56 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Thu, 27 Oct 2011 17:13:56 -0700 (PDT) Subject: [Dovecot] newbie: can't login as virtual user In-Reply-To: References: Message-ID: sean darcy writes: > Oct 22 21:45:55 auth: Debug: passwd(test1 at example.com, ): lookup > Oct 22 21:45:55 auth: Info: passwd(test1 at example.com, ): unknown user > Oct 22 21:45:55 auth: Debug: passwd-file(test1 at example.com, ): > lookup: user=test1 at example.com file=/etc/dovecot/users > Oct 22 21:45:55 auth: Debug: master out: USER 2303328257 test1 at example.com > Oct 22 21:45:55 imap-login: Info: Login: user=, > method=PLAIN, rip= , lip= , mpid=27062, TLS I think up to now it's OK (not quite sure about "master out" log entry but it looks innocuous enough). Dovecot reports to have looked in the system password file, failed, then looked in /etc/dovecot/users and found the user and logged them in. I think the problem happens later and you will have to show the subsequent log entries. Joseph Tam From nicosuhl at googlemail.com Fri Oct 28 11:42:04 2011 From: nicosuhl at googlemail.com (Nico Suhl) Date: Fri, 28 Oct 2011 10:42:04 +0200 Subject: [Dovecot] IMAP shows forwarding and vacation files Message-ID: <4EAA6ADC.5000003@gmail.com> Hello, I'm migrating our mailserver from a linux machine to solaris and got some small problems with our forwarding and vacation files, which are stored in the maildir of each user. I'm now using 2.0.15, on the old machine there was a dovecot 1. Now the problem is, that the .forward and .vacation files, which are used by exim, are shown as folders (they have a point...) in imap lists. This problem only occurs on the new solaris machine and not on the old linux system (with dovecot v1) or another testing machine with dovecot 2, which runs also under linux. userdb lookups are static with system account/group of exim. Is there any way to "hide" the .forward and .vacation files or do i have to rename or move them? Why are they shown here and not on our testsystems? regards, Nico Suhl From stephan at rename-it.nl Fri Oct 28 12:29:11 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 28 Oct 2011 11:29:11 +0200 Subject: [Dovecot] IMAP shows forwarding and vacation files In-Reply-To: <4EAA6ADC.5000003@gmail.com> References: <4EAA6ADC.5000003@gmail.com> Message-ID: <4EAA75E7.3080107@rename-it.nl> Op 28-10-2011 10:42, Nico Suhl schreef: > I'm migrating our mailserver from a linux machine to solaris and got > some small problems with our forwarding and vacation files, which are > stored in the maildir of each user. > > I'm now using 2.0.15, on the old machine there was a dovecot 1. > > Now the problem is, that the .forward and .vacation files, which are > used by exim, are shown as folders (they have a point...) in imap lists. > > This problem only occurs on the new solaris machine and not on the old > linux system (with dovecot v1) or another testing machine with dovecot > 2, which runs also under linux. > > userdb lookups are static with system account/group of exim. > > Is there any way to "hide" the .forward and .vacation files or do i have > to rename or move them? From http://wiki2.dovecot.org/MailLocation/Maildir#Optimizations : maildir_stat_dirs=no (default): Assume that all the files beginning with a dot in the maildir are maildirs. You shouldn't have any non-directory files beginning with a dot in the maildirs, but if you do you may need to set this to "yes", in which case Dovecot needs to stat() each directory entry, which degrades the performance. Some filesystems provide the directory/non-directory status for free without having to stat(). In those filesystems this setting is ignored. It is still not a good idea make the user's 'home' directory equal to the maildir. Place mail in its own sub-directory. > Why are they shown here and not on our testsystems? That I don't know. Regards, Stephan. From gdelafond+dovecot at aquaray.com Fri Oct 28 12:49:26 2011 From: gdelafond+dovecot at aquaray.com (de Lafond Guillaume) Date: Fri, 28 Oct 2011 11:49:26 +0200 Subject: [Dovecot] doveadm 'proxy list' or 'who' not working ? Message-ID: <7A7D318C-0BA3-4FDB-AB7F-F36A540C8472@aquaray.com> Hi, I switched from dovecot 1.2.* to 2.0.* for a mail proxy. I try to play with the new cool utility doveadm, but I don't manage to get results from it. # /usr/local/dovecot-2.0.15/bin/doveadm proxy list username proto src ip dest ip port # As 'proxy list' does not return anything, I tried with 'who' # /usr/local/dovecot-2.0.15/bin/doveadm who -a /var/run/dovecot-socket-auth/anvil username # proto (pids) (ips) # I think it should display something as I have many user connected : #ps axww | grep imap ... 21194 ? S 0:11 dovecot/imap-login [13 connections (8 TLS)] 21195 ? S 3:38 dovecot/imap-login [47 connections (38 TLS)] 29463 ? S 1:00 dovecot/imap-login [210 connections (183 TLS)] ... I should have something that is not well configured.. but I don't manage to find it. Does anybody have an idea where I should look to solve this ? Here is my dovecot.conf : # /usr/local/dovecot-2.0.15/bin/doveadm config # 2.0.15: /usr/local/dovecot-2.0.15/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 auth_anonymous_username = anonymous auth_cache_negative_ttl = 0 auth_cache_size = 1 k auth_cache_ttl = 15 mins auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_first_valid_uid = 500 auth_gssapi_hostname = auth_krb5_keytab = auth_last_valid_uid = 0 auth_master_user_separator = auth_mechanisms = plain login apop cram-md5 auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = auth_username_translation = auth_verbose = no auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot-proxy config_cache_size = 1 M debug_log_path = default_client_limit = 1000 default_idle_kill = 60 default_internal_user = dovecot default_login_user = dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins disable_plaintext_auth = no dotlock_use_excl = yes doveadm_allowed_commands = doveadm_password = doveadm_proxy_port = 0 doveadm_socket_path = doveadm-server doveadm_worker_count = 0 first_valid_gid = 1 first_valid_uid = 89 hostname = imap_capability = imap_client_workarounds = imap_id_log = imap_id_send = imap_idle_notify_interval = 2 mins imap_logout_format = bytes=%i/%o imap_max_line_length = 64 k import_environment = TZ info_log_path = /var/log/mail/dovecot_info-proxy.log last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/local/dovecot-2.0.15/libexec/dovecot listen = * lmtp_proxy = no lmtp_save_to_detail_mailbox = no lock_method = fcntl log_path = /var/log/mail/dovecot-proxy.log log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Proxy POP/IMAP login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c login_trusted_networks = mail_access_groups = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = no mail_fsync = optimized mail_full_filesystem_access = no mail_gid = mail_home = mail_location = mail_log_prefix = "%s(%u): " mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /usr/local/dovecot-2.0.15/lib/dovecot mail_plugins = mail_privileged_group = mail_save_crlf = no mail_temp_dir = /tmp mail_uid = mailbox_idle_check_interval = 30 secs mailbox_list_index_disable = no maildir_copy_with_hardlinks = yes maildir_stat_dirs = no maildir_very_dirty_syncs = no master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = dotlock fcntl mdbox_preallocate_space = no mdbox_rotate_interval = 0 mdbox_rotate_size = 2 M mmap_disable = yes namespace { hidden = no inbox = yes list = yes location = prefix = separator = / subscriptions = yes type = private } namespace { hidden = yes inbox = no list = no location = prefix = INBOX/ separator = / subscriptions = yes type = private } passdb { args = /usr/local/dovecot/etc/dovecot-sql-proxy.conf deny = no driver = sql master = no pass = no } plugin { quota = maildir } pop3_client_workarounds = pop3_enable_last = no pop3_fast_size_lookups = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_no_flag_updates = no pop3_reuse_xuidl = no pop3_save_uidl = no pop3_uidl_format = %08Xu%08Xv postmaster_address = protocols = imap pop3 quota_full_tempfail = no recipient_delimiter = + rejection_reason = Your message to <%t> was automatically rejected:%n%r rejection_subject = Rejected: %s sendmail_path = /usr/sbin/sendmail service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service auth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = auth -w extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 4096 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener auth-client { group = mode = 0600 user = } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0600 user = } unix_listener login/login { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service config { chroot = client_limit = 0 drop_priv_before_exec = no executable = config extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = config unix_listener config { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service dict { chroot = client_limit = 1 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service director { chroot = client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dns_client { chroot = client_limit = 1 drop_priv_before_exec = no executable = dns-client extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dns-client { group = mode = 0666 user = } unix_listener login/dns-client { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service doveadm { chroot = client_limit = 1 drop_priv_before_exec = no executable = doveadm-server extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener doveadm-server { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service imap-login { chroot = login client_limit = 256 drop_priv_before_exec = no executable = imap-login extra_groups = group = idle_kill = 0 inet_listener imap { address = * port = 143 ssl = no } inet_listener imaps { address = * port = 993 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 20 protocol = imap service_count = 0 type = login user = mail vsz_limit = 64 M } service imap { chroot = client_limit = 1 drop_priv_before_exec = yes executable = imap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener login/imap { group = mode = 0666 user = } user = vsz_limit = 256 M } service ipc { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = ipc extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener ipc { group = mode = 0600 user = } unix_listener login/ipc-proxy { group = mode = 0600 user = $default_login_user } user = $default_internal_user vsz_limit = 18446744073709551615 B } service lmtp { chroot = client_limit = 0 drop_priv_before_exec = no executable = lmtp extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = unix_listener lmtp { group = mode = 0666 user = } user = vsz_limit = 0 } service log { chroot = client_limit = 0 drop_priv_before_exec = no executable = log extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = log user = vsz_limit = 18446744073709551615 B } service pop3-login { chroot = login client_limit = 256 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = * port = 110 ssl = no } inet_listener pop3s { address = * port = 995 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 20 protocol = pop3 service_count = 0 type = login user = mail vsz_limit = 64 M } service pop3 { chroot = client_limit = 1 drop_priv_before_exec = yes executable = pop3 extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = pop3 service_count = 1 type = unix_listener login/pop3 { group = mode = 0666 user = } user = vsz_limit = 256 M } service ssl-params { chroot = client_limit = 0 drop_priv_before_exec = no executable = ssl-params extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = startup unix_listener login/ssl-params { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = yes ssl_ca = Hello all, I am testing postlogin script with dovecot 2. I works but i would like that the imap and pop session get executed even if the post-login script fail. my postlogin script is very simple: #/etc/dovecot/conf.d/10-master.conf service imap { executable = imap imap-postlogin } # service imap-postlogin { executable = script-login /usr/local/bin/postlogin.sh unix_listener imap-postlogin { } } service pop3 { executable = pop3 imap-postlogin } #/usr/local/bin/postlogin.sh echo "UPDATE mailbox SET last_login = now() WHERE username = '$USER'" | mysql -upostlogin -pXXXXXXXX postfixadmin exec "$@" Thanks in advance Osvaldo From stsiol at yahoo.co.uk Fri Oct 28 14:07:46 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Fri, 28 Oct 2011 12:07:46 +0100 (BST) Subject: [Dovecot] adding dovecot to webmin list of services Message-ID: <1319800066.96916.YahooMailNeo@web27204.mail.ukl.yahoo.com> Hello , I am playing with webmin these days and find it really fun to install and use everyday. However, on the services option, amongst other services, the dovecot service is not shown. Does anyone out there have similar experience with webmin and dovecot and know how to make it appear there ? I am using CentOS (5.5/5.6/5.7) 32-bit Dovecot was installed manually and not from yum (.rpm) Dovecot v1.2.15 TIA, s. ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From arlin at mvs.us Fri Oct 28 14:35:56 2011 From: arlin at mvs.us (Arlin) Date: Fri, 28 Oct 2011 17:05:56 +0530 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? Message-ID: <003b01cc9565$c3b86960$4b293c20$@mvs.us> Hi, How can we horizontally scale Dovecot across multiple servers? Do we require to install independent instances of Dovecot on each server? We are planning to use a NAS/SAN device using ZFS or EFS for email storage. Each logical unit will be of 10TB and similarly as the no: of user increases we are planning to add multiple 10TB units. In this case how we can manage the email storage on multiple volumes from Dovecot. The configuration of our existing system is:- Dovecot 1.0.15 / Maildirs Postfix 2.5.5 Debian 5.0.9 (Lenny) MySQL 5.0.15 Please advise. Thanks in advance. Creative Regards, Arlin From stsiol at yahoo.co.uk Fri Oct 28 14:43:37 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Fri, 28 Oct 2011 12:43:37 +0100 (BST) Subject: [Dovecot] adding dovecot to webmin list of services In-Reply-To: <1319800066.96916.YahooMailNeo@web27204.mail.ukl.yahoo.com> References: <1319800066.96916.YahooMailNeo@web27204.mail.ukl.yahoo.com> Message-ID: <1319802217.51718.YahooMailNeo@web27202.mail.ukl.yahoo.com> Duh ! It's already there and I didn't notice it. How typical of me. Sorry guys, s. ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis ----- Original Message ----- > From: Spyros Tsiolis > To: Dovecot > Cc: > Sent: Friday, 28 October 2011, 14:07 > Subject: [Dovecot] adding dovecot to webmin list of services > > Hello , > > I am playing with webmin these days and find it > really fun to install and use everyday. > > However, on the services option, amongst other > services, the dovecot service is not shown. > > Does anyone out there have similar experience > with webmin and dovecot and know how to make > it appear there ? > > I am using CentOS (5.5/5.6/5.7) 32-bit > Dovecot was installed manually and not from > yum (.rpm) > Dovecot v1.2.15 > > > TIA, > > s. > > > > > > > > ? > ---- > "I merely function as a channel that filters > music through the chaos of noise" > - Vangelis > From taeuber at bbaw.de Fri Oct 28 18:11:55 2011 From: taeuber at bbaw.de (Lars =?UTF-8?B?VMOkdWJlcg==?=) Date: Fri, 28 Oct 2011 17:11:55 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 Message-ID: <20111028171155.ba0dc761.taeuber@bbaw.de> Hi there. How can I configure dovecot not to listen for imaps connections on port 143. Thanks Lars From matthew.williams at bangor.ac.uk Fri Oct 28 18:17:51 2011 From: matthew.williams at bangor.ac.uk (Dr Matthew Williams) Date: Fri, 28 Oct 2011 16:17:51 +0100 Subject: [Dovecot] Quotas with Maildir and mdbox Message-ID: <4EAAC79F.8010805@bangor.ac.uk> Hello, We use LDAP to store our Maildir++ quota information for our Maildir mailboxes. I notice in the documentation that only SQL and flat files are supported by the dictionary quota if I want to use quota with mdbox? Are there any plans to allow LDAP to be used as the store? Regards, Matthew. -- Dr Matthew Williams MEng PhD MBCS Systems Administrator - IT Services - Bangor University Prifysgol Bangor Tel: (44) (0)1248 382414 Adeilad Deiniol Mob: (44) (0)7979 778269 Ffordd Deiniol URL: www.bangor.ac.uk Bangor, Gwynedd LL57 2UX EMail: matthew.williams at bangor.ac.uk -- Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi, gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar unwaith a dil?wch y neges. Os na fwriadwyd anfon y neges atoch chi, rhaid i chi beidio ? defnyddio, cadw neu ddatgelu unrhyw wybodaeth a gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i hanfonodd yn unig ac nid yw o anghenraid yn cynrychioli barn Prifysgol Bangor. Nid yw Prifysgol Bangor yn gwarantu bod y neges e-bost hon neu unrhyw atodiadau yn rhydd rhag firysau neu 100% yn ddiogel. Oni bai fod hyn wedi ei ddatgan yn uniongyrchol yn nhestun yr e-bost, nid bwriad y neges e-bost hon yw ffurfio contract rhwymol - mae rhestr o lofnodwyr awdurdodedig ar gael o Swyddfa Cyllid Prifysgol Bangor. www.bangor.ac.uk This email and any attachments may contain confidential material and is solely for the use of the intended recipient(s). If you have received this email in error, please notify the sender immediately and delete this email. If you are not the intended recipient(s), you must not use, retain or disclose any information contained in this email. Any views or opinions are solely those of the sender and do not necessarily represent those of the Bangor University. Bangor University does not guarantee that this email or any attachments are free from viruses or 100% secure. Unless expressly stated in the body of the text of the email, this email is not intended to form a binding contract - a list of authorised signatories is available from the Bangor University Finance Office. www.bangor.ac.uk From dswartz at druber.com Fri Oct 28 18:21:33 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Fri, 28 Oct 2011 11:21:33 -0400 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <20111028171155.ba0dc761.taeuber@bbaw.de> References: <20111028171155.ba0dc761.taeuber@bbaw.de> Message-ID: <4EAAC87D.80602@druber.com> Lars T?uber wrote: > Hi there. > > How can I configure dovecot not to listen for imaps connections on port 143. > > Thanks > Lars > You should be able to configure the dovecot.conf file to remove imaps as one of the protocols. e.g. like this line: protocols = imap imaps From simon.brereton at buongiorno.com Fri Oct 28 18:28:30 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Fri, 28 Oct 2011 11:28:30 -0400 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <4EAAC87D.80602@druber.com> References: <20111028171155.ba0dc761.taeuber@bbaw.de> <4EAAC87D.80602@druber.com> Message-ID: On 28 October 2011 11:21, Dan Swartzendruber wrote: > Lars T?uber wrote: >> >> Hi there. >> >> How can I configure dovecot not to listen for imaps connections on port >> 143. >> >> Thanks >> Lars >> > > You should be able to configure the dovecot.conf file to remove imaps as one > of the protocols. > > e.g. like this line: > > protocols = imap imaps I understood that the OP wanted to have IMAPS listen on some port other than 143.. Simon From dswartz at druber.com Fri Oct 28 18:55:50 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Fri, 28 Oct 2011 11:55:50 -0400 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <20111028171155.ba0dc761.taeuber@bbaw.de> References: <20111028171155.ba0dc761.taeuber@bbaw.de> Message-ID: <4EAAD086.7040904@druber.com> that was lame. i tried posting a snippet of the sample dovecot.conf file to show the part that the OP would want to change, and the mailer bounced it with: : permission denied. Command output: Don't post your whole dovecot.conf. Use dovecot -n instead. Fooey... From robert at schetterer.org Fri Oct 28 19:18:23 2011 From: robert at schetterer.org (Robert Schetterer) Date: Fri, 28 Oct 2011 18:18:23 +0200 Subject: [Dovecot] post login script In-Reply-To: References: Message-ID: <4EAAD5CF.90905@schetterer.org> Am 28.10.2011 12:49, schrieb Osvaldo Alvarez Pozo: > Hello all, > > I am testing postlogin script with dovecot 2. > > I works but i would like that the imap and pop session get executed > even if the post-login script fail. > > my postlogin script is very simple: > > #/etc/dovecot/conf.d/10-master.conf > > service imap { > > executable = imap imap-postlogin > > } > # > service imap-postlogin { > > executable = script-login /usr/local/bin/postlogin.sh > > unix_listener imap-postlogin { > } > } > > > service pop3 { > > executable = pop3 imap-postlogin > > } > > #/usr/local/bin/postlogin.sh > echo "UPDATE mailbox SET last_login = now() WHERE username = '$USER'" > | mysql -upostlogin -pXXXXXXXX postfixadmin > exec "$@" > > > Thanks in advance > > Osvaldo i have it like this service pop3 { executable = pop3 pop3-postlogin } service pop3-postlogin { executable = script-login /usr/local/bin/postlogin_pop3.sh user = root unix_listener pop3-postlogin { } } -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From japc at co.sapo.pt Fri Oct 28 19:45:02 2011 From: japc at co.sapo.pt (=?ISO-8859-1?Q?Jos=E9?= Celestino) Date: Fri, 28 Oct 2011 17:45:02 +0100 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: References: <20111028171155.ba0dc761.taeuber@bbaw.de> <4EAAC87D.80602@druber.com> Message-ID: <1319820302.12048.2.camel@morgoth> On Sex, 2011-10-28 at 11:28 -0400, Simon Brereton wrote: > On 28 October 2011 11:21, Dan Swartzendruber wrote: > > Lars T?uber wrote: > >> > >> Hi there. > >> > >> How can I configure dovecot not to listen for imaps connections on port > >> 143. > >> > >> Thanks > >> Lars > >> > > > > You should be able to configure the dovecot.conf file to remove imaps as one > > of the protocols. > > > > e.g. like this line: > > > > protocols = imap imaps > > I understood that the OP wanted to have IMAPS listen on some port > other than 143.. > IMAPS already listens on a port other than 143, port 993. From nmilas at noa.gr Fri Oct 28 20:15:33 2011 From: nmilas at noa.gr (Nikolaos Milas) Date: Fri, 28 Oct 2011 20:15:33 +0300 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <1319820302.12048.2.camel@morgoth> References: <20111028171155.ba0dc761.taeuber@bbaw.de> <4EAAC87D.80602@druber.com> <1319820302.12048.2.camel@morgoth> Message-ID: <4EAAE335.4060209@noa.gr> On 28/10/2011 7:45 ??, Jos? Celestino wrote: > IMAPS already listens on a port other than 143, port 993. True. If you don't want to offer TLS/SSL, I guess you can just set ssl = no. If you want to force the use of TLS/SSL (which I imagine will disable accepting connections on port 143), use ssl = required. Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5554 bytes Desc: S/MIME Cryptographic Signature URL: From sven at svenhartge.de Fri Oct 28 20:58:49 2011 From: sven at svenhartge.de (Sven Hartge) Date: Fri, 28 Oct 2011 19:58:49 +0200 Subject: [Dovecot] Quotas with Maildir and mdbox References: <4EAAC79F.8010805@bangor.ac.uk> Message-ID: <589hf9ru2v8@mids.svenhartge.de> Dr Matthew Williams wrote: > We use LDAP to store our Maildir++ quota information for our Maildir > mailboxes. I notice in the documentation that only SQL and flat files > are supported by the dictionary quota if I want to use quota with > mdbox? Are there any plans to allow LDAP to be used as the store? Do you really want to use LDAP to store the constant changing and often rewritten values for the actual used space of the mailbox? Believe me, this _will_ cause awful performance. Reading the maximum quota values from LDAP on the other hand is quite common, just storing the runtime information about the message count and the current size is a very very bad idea. Gr??e, Sven. -- Sigmentation fault. Core dumped. From seandarcy2 at gmail.com Fri Oct 28 22:34:14 2011 From: seandarcy2 at gmail.com (sean darcy) Date: Fri, 28 Oct 2011 15:34:14 -0400 Subject: [Dovecot] What owner/permissions for virtual homes? Message-ID: VirtualUsers.Home.txt: The directory layouts for home and mail directories could look like one of these (in the preferred order): 1. Mail directory under home, for example: home='/var/vmail/domain/user/' mail='/var/vmail/domain/user/mail/' Who should be the owner of these directories, with that permissions? Does it make a difference if it's /home/vmail rather than /var/vmail? Thanks, Jay From pgnet.dev+rich-dovecot at gmail.com Fri Oct 28 23:01:17 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Fri, 28 Oct 2011 13:01:17 -0700 Subject: [Dovecot] Are you successfully using using SQL queries to manage Dovecot2 Quota Values & Limits? Message-ID: On Mon, Oct 24, 2011 at 11:14 AM, Rich wrote: > I'm able to consistently reproduce this problem/behavior, but not > workaround or fix it, yet. > > Rich > > On Wed, Oct 19, 2011 at 7:41 AM, Rich wrote: >> I've made some progress, but quota 'Limit' is still not fully >> functioning for me. >> >> A couple of changes have helped: >> >> Specifying a "%u% as username format, >> >> ? ? ? ?/etc/dovecot/conf.d/90-quota.conf >> ? ? ? ? ? ? ? ?plugin { >> - ? ? ? ? ? ? ? ? ? ? ? quota = dict:User Quota::proxy::quota >> + ? ? ? ? ? ? ? ? ? ? ? quota = dict:User Quota:%u:proxy::quota >> ? ? ? ? ? ? ? ? ? ? ? ?quota_rule = *:bytes=1073741824:messages=10000 >> ? ? ? ? ? ? ? ? ? ? ? ?quota_rule2 = Trash:storage=+10%% >> ? ? ? ? ? ? ? ?} >> >> using 'username' rather than 'user' in the user iteration query >> >> ? ? ? ?/etc/dovecot/sql/virtmail-userdb-sql.cf >> ? ? ? ? ? ? ? ?driver = mysql >> ? ? ? ? ? ? ? ?connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user >> password=my_pass >> ? ? ? ? ? ? ? ?user_query = CALL UserDBQuery('%n','%d'); >> - ? ? ? ? ? ? ? iterate_query = SELECT `MAILBOX_user_domain` AS user FROM `PARAMS`; >> + ? ? ? ? ? ? ? iterate_query = SELECT `MAILBOX_user_domain` AS username FROM `PARAMS`; >> >> and adding to my user_query, >> >> ? ? ? ?CREATE PROCEDURE `UserDBQuery`( >> ? ? ? ? ? ? ? ?... >> ? ? ? ? ? ? ? ?SELECT ... >> ? ? ? ? ? ? ? ? ?concat('*:bytes=', quota_bytes, ':messages=10000') AS quota_rule, >> ? ? ? ? ? ? ? ? ?... >> >> Now, at init, >> >> ? ? ? ?doveadm quota get -A >> ? ? ? ? ? ? ? ?Username ? ? ? ? ? ? ? ?Quota name ? ? ?Type ? ? ? ? ? ?Value ? Limit ? % >> ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 >> ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 >> ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 >> ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 >> >> ? ? ? ?mysql> select * from PARAMS; >> ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ >> ? ? ? ? ? ? ? ?| ai | MAILBOX_user_domain ? ?| quota_bytes | quota_msgs | >> ? ? ? ? ? ? ? ?+----+------------------------+-------------+------------+ >> ? ? ? ? ? ? ? ?| ?1 | ?myuser at domain1.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | >> ? ? ? ? ? ? ? ?| ?2 | ?myuser at domain2.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | >> ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ >> ? ? ? ? ? ? ? ?2 rows in set (0.00 sec) >> >> and, after sending a single message to 'myuser at domain1.com', I do see >> that Dovecot now recognizes/calculates a quota change, and only for >> one domain, >> >> ? ? ? ?doveadm quota get -A >> ? ? ? ? ? ? ? ?Username ? ? ? ? ? ? ? ?Quota name ? ? ?Type ? ? ? ? ? ?Value ? Limit ? % >> ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 3 ? ? ? 3 ? ? ? 100 >> ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 1 ? ? ? 10000 ? 0 >> ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 >> ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 >> >> ? ? ? ?mysql> select * from PARAMS; >> ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ >> ? ? ? ? ? ? ? ?| ai | MAILBOX_user_domain ? ?| quota_bytes | quota_msgs | >> ? ? ? ? ? ? ? ?+----+------------------------+-------------+------------+ >> ? ? ? ? ? ? ? ?| ?1 | ?myuser at domain1.com ? ?| ? ? ? ?3269 | ? ? ? ? ?1 | >> ? ? ? ? ? ? ? ?| ?2 | ?myuser at domain2.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | >> ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ >> ? ? ? ? ? ? ? ?2 rows in set (0.00 sec) >> >> >> But, the Limit's wrong. ?It's not picking up the global Limit from >> >> ? ? ? ?/etc/dovecot/conf.d/90-quota.conf >> ? ? ? ? ? ? ? ?... >> --> ? ? ? ? ? ? quota_rule = *:bytes=1073741824:messages=10000 >> ? ? ? ? ? ? ? ?... >> >> and once a message quota Value is calculated, the Limit is set == >> Value, resulting in an incorrrect quota %-age of 100%. >> >> Is Limit supposed to be specified per-user? >> >> Rich >> > From seandarcy2 at gmail.com Fri Oct 28 23:04:30 2011 From: seandarcy2 at gmail.com (sean darcy) Date: Fri, 28 Oct 2011 16:04:30 -0400 Subject: [Dovecot] What owner/permissions for virtual homes? In-Reply-To: References: Message-ID: On 10/28/2011 03:34 PM, sean darcy wrote: > VirtualUsers.Home.txt: > > The directory layouts for home and mail directories could look like one of > these (in the preferred order): > > 1. Mail directory under home, for example: home='/var/vmail/domain/user/' > mail='/var/vmail/domain/user/mail/' > > Who should be the owner of these directories, with that permissions? > > Does it make a difference if it's /home/vmail rather than /var/vmail? > > Thanks, > sean > > Also, it suggests the following configuration: mail_home = /var/vmail/%d/%n mail_location = maildir:~/mail but where does mail_home appear? Also in 10-mail.conf? sean From dovecot-ml at makomi.de Fri Oct 28 23:13:42 2011 From: dovecot-ml at makomi.de (=?iso-8859-1?Q?Michael_K=F6hler?=) Date: Fri, 28 Oct 2011 22:13:42 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <20111028171155.ba0dc761.taeuber@bbaw.de> References: <20111028171155.ba0dc761.taeuber@bbaw.de> Message-ID: <54DE3C65-444A-463F-85F7-B01916FC3779@makomi.de> Hi Lars, Am 28.10.2011 um 17:11 schrieb Lars T?uber: > How can I configure dovecot not to listen for imaps connections on port 143. like this? service imap-login { inet_listener imaps { port = 993 } } please execute "doveconf" and have a look at all configuration - you could learn a lot :) Bye, Michael From lars.taeuber at gmx.net Fri Oct 28 23:24:37 2011 From: lars.taeuber at gmx.net (Lars =?UTF-8?B?VMOkdWJlcg==?=) Date: Fri, 28 Oct 2011 22:24:37 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 Message-ID: <20111028222437.04a3827a.lars.taeuber@gmx.net> Hi. Sorry for breaking this thread, but I just subscribed from a different address. I made a mistake. I didn't mean ?imaps? but ?imap2? How can I configure dovecot not to listen for imap connections on port 143. I want dovecot to listen only on port 993. And ssl = required is already set. So this is not the right solution. I just comemnted the whole inet_listener imap {...} section out. But this seems to be some kind of default setting. I tried to set: inet_listener { address = none } I tried to leave the address variable blank. But no succes. Good night Lars From dovecot-ml at makomi.de Fri Oct 28 23:30:18 2011 From: dovecot-ml at makomi.de (=?iso-8859-1?Q?Michael_K=F6hler?=) Date: Fri, 28 Oct 2011 22:30:18 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <20111028222437.04a3827a.lars.taeuber@gmx.net> References: <20111028222437.04a3827a.lars.taeuber@gmx.net> Message-ID: <2F4F63AF-1A7B-46A2-9445-599995BF579D@makomi.de> Hi Lars, Am 28.10.2011 um 22:24 schrieb Lars T?uber: > I didn't mean ?imaps? but ?imap2? > > How can I configure dovecot not to listen for imap connections on port 143. > > I want dovecot to listen only on port 993. > And ssl = required is already set. So this is not the right solution. > > I just comemnted the whole inet_listener imap {...} section out. But this seems to be some kind of default setting. > I tried to set: > > inet_listener { > address = none > } > > I tried to leave the address variable blank. But no succes. protocols = imap service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } Greetings, Michael From lars.taeuber at gmx.net Fri Oct 28 23:38:28 2011 From: lars.taeuber at gmx.net (Lars =?UTF-8?B?VMOkdWJlcg==?=) Date: Fri, 28 Oct 2011 22:38:28 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <2F4F63AF-1A7B-46A2-9445-599995BF579D@makomi.de> References: <20111028222437.04a3827a.lars.taeuber@gmx.net> <2F4F63AF-1A7B-46A2-9445-599995BF579D@makomi.de> Message-ID: <20111028223828.97184e8f.lars.taeuber@gmx.net> Hi Michael, On Fri, 28 Oct 2011 22:30:18 +0200 Michael K?hler wrote: > Hi Lars, > > Am 28.10.2011 um 22:24 schrieb Lars T?uber: > > I want dovecot to listen only on port 993. [...] > protocols = imap > > service imap-login { > inet_listener imap { > port = 0 > } this is it. Many thanks Lars From p.heinlein at heinlein-support.de Sat Oct 29 02:41:41 2011 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Sat, 29 Oct 2011 01:41:41 +0200 Subject: [Dovecot] dsync should sync sieve-dirs to! Message-ID: <201110290141.41963.p.heinlein@heinlein-support.de> Having dsync to make backups from existing mail-spaces, it would be nice to make dsync syncing the sieve-dirs too. -Otherweise backups aren't complete... Peer -- Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From ghandidrivesahumvee at rocketfish.com Sat Oct 29 03:34:07 2011 From: ghandidrivesahumvee at rocketfish.com (Dovecot-GDH) Date: Fri, 28 Oct 2011 17:34:07 -0700 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110290141.41963.p.heinlein@heinlein-support.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> Message-ID: <9002F134-560C-4947-8105-1BD8847407B1@rocketfish.com> Why not just add a line for your local sieve folder to the same shell/cgi script that executes dsync? On Oct 28, 2011, at 4:41 PM, Peer Heinlein wrote: > > Having dsync to make backups from existing mail-spaces, it would be nice > to make dsync syncing the sieve-dirs too. -Otherweise backups aren't > complete... > > Peer > > > -- > Heinlein Professional Linux Support GmbH > Linux: Akademie - Support - Hosting > > http://www.heinlein-support.de > Tel: 030 / 40 50 51 - 0 > Fax: 030 / 40 50 51 - 19 > > Zwangsangaben lt. ?35a GmbHG: > HRB 93818 B / Amtsgericht Berlin-Charlottenburg, > Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From ghandidrivesahumvee at rocketfish.com Sat Oct 29 04:05:17 2011 From: ghandidrivesahumvee at rocketfish.com (Dovecot-GDH) Date: Fri, 28 Oct 2011 18:05:17 -0700 Subject: [Dovecot] Seen flag getting lost In-Reply-To: <20111025110238.GB8900@gumme.math.uni-bonn.de> References: <20111025110238.GB8900@gumme.math.uni-bonn.de> Message-ID: If more than one Dovecot instance is accessing the same set of mailboxes over NFS or other network filesystem, you will need to use the directors. You may as well upgrade to 2.0. On Oct 25, 2011, at 4:02 AM, Edgar Fu? wrote: > We have two dovecot 1.2 instances sharing Maildirs on NFS. Indexes are local to the individual servers. > Occasionally (no idea how to trigger this), the Seen flag gets lost on some messages. I've verified that actually the ``S'' is missing from the filename. > I suspect something like server A caching the flags, server B setting Seen, and then server A flushing its cache for another change so overwriting what B changed. > Any ideas short of switching to 2.0? From seandarcy2 at gmail.com Sat Oct 29 05:03:41 2011 From: seandarcy2 at gmail.com (sean darcy) Date: Fri, 28 Oct 2011 22:03:41 -0400 Subject: [Dovecot] dovecot creating literal %d/%n/ folders Message-ID: I have a virtual user test1. cat /etc/dovecot/users test1@:{PLAIN}test1pass:504:504::/home/vmail/%d/%n catchall@:{PLAIN}password:504:504::/home/vmail/%d/%n @:{PLAIN}password:504:504::/home/vmail//catchall test1 at example.com:{PLAIN}test1pass:504:504::/home/vmail/%d/%n ls /home/vmail/%d/%n/mail cur dovecot.index.cache dovecot.index.log dovecot-uidlist dovecot-uidvalidity dovecot-uidvalidity.4eab20a7 new tmp and mail to test1@ goes into this %d/%n folder. In fact dovecot created the folder - at least I didn't. from dovecot-info.log Oct 28 17:43:11 auth: Debug: master in: USER 4 test1@ service=lmtp Oct 28 17:43:11 auth: Debug: passwd(test1@): lookup Oct 28 17:43:11 auth: Info: passwd(test1@): unknown user Oct 28 17:43:11 auth: Debug: passwd-file(test1@): lookup: user=test1@ file=/etc/dovecot/users Oct 28 17:43:11 auth: Debug: master out: USER 4 test1@ uid=504 gid=504 home=/home/vmail/%d/%n Oct 28 17:43:11 lmtp(4533, test1@): Info: l6DnLacgq061EQAABoXEcA: msgid=<4EAB21EC.9070905 at gmail.com>: saved mail to INBOX I would have expected dovecot to expand this to /home/vmail//test1. Or are the %u %d variables only expanded in certain files? sean From robert at schetterer.org Sat Oct 29 10:15:31 2011 From: robert at schetterer.org (Robert Schetterer) Date: Sat, 29 Oct 2011 09:15:31 +0200 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110290141.41963.p.heinlein@heinlein-support.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> Message-ID: <4EABA813.2050206@schetterer.org> Am 29.10.2011 01:41, schrieb Peer Heinlein: > > Having dsync to make backups from existing mail-spaces, it would be nice > to make dsync syncing the sieve-dirs too. -Otherweise backups aren't > complete... > > Peer > > Hi Peer meanwhile , you may use rsync additional as workaround -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From p.heinlein at heinlein-support.de Sun Oct 30 14:16:59 2011 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Sun, 30 Oct 2011 13:16:59 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EABA813.2050206@schetterer.org> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> Message-ID: <201110301316.59856.p.heinlein@heinlein-support.de> Am Samstag, 29. Oktober 2011, 09:15:31 schrieb Robert Schetterer: > Hi Peer meanwhile , you may use rsync additional as workaround Yes, I'm using rsync for 15 years for this. I'd like to STOP using rsync. It should be possible to make a *complete* backup/mirror of a user's mailbox with dsync. And a backup/mirror without sieve is incomplete. Peer -- Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From p.heinlein at heinlein-support.de Sun Oct 30 14:18:04 2011 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Sun, 30 Oct 2011 13:18:04 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <9002F134-560C-4947-8105-1BD8847407B1@rocketfish.com> References: <201110290141.41963.p.heinlein@heinlein-support.de> <9002F134-560C-4947-8105-1BD8847407B1@rocketfish.com> Message-ID: <201110301318.04585.p.heinlein@heinlein-support.de> Am Samstag, 29. Oktober 2011, 02:34:07 schrieb Dovecot-GDH: > Why not just add a line for your local sieve folder to the same > shell/cgi script that executes dsync? Why using dsync at all? Peer -- Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From robert at schetterer.org Sun Oct 30 14:24:52 2011 From: robert at schetterer.org (Robert Schetterer) Date: Sun, 30 Oct 2011 13:24:52 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110301316.59856.p.heinlein@heinlein-support.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> Message-ID: <4EAD4214.6020405@schetterer.org> Am 30.10.2011 13:16, schrieb Peer Heinlein: > Am Samstag, 29. Oktober 2011, 09:15:31 schrieb Robert Schetterer: > >> Hi Peer meanwhile , you may use rsync additional as workaround > > Yes, I'm using rsync for 15 years for this. > > I'd like to STOP using rsync. > > It should be possible to make a *complete* backup/mirror of a user's > mailbox with dsync. And a backup/mirror without sieve is incomplete. > > Peer > > > yes youre right -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From laxlaw at gmx.de Sun Oct 30 13:53:26 2011 From: laxlaw at gmx.de (=?UTF-8?Q?Lukas_Wei=C3=9F?=) Date: Sun, 30 Oct 2011 12:53:26 +0100 Subject: [Dovecot] =?utf-8?q?Bad_creation_timestamp_of_migrated_mails_=28m?= =?utf-8?q?aildir_format=29=3F?= Message-ID: <995cb6b0e895c72fa16fd7e0f0a4d8e0@weiss.homelinux.com> Hello everybody, ive just switched to dovecot imap because dbmail i used before is not developed any further and sql storage is difficult to backup. Ive done that, by setting up dovecot with maildir format and copy mails from old dbmail to new dovecot imap server with my mail client (thunderbird). Unfortunately migrating to dovecot brought me some problems with my Android K9 Mail client: Sync with IMAP-Server shows me only the oldest mails. I think the problem is, that K9 only fetches the newest mails (25) from the server (to save memory etc). Which mail is "new" is probably determined by creation timestamp of the email-files in my mailbox, which was copied newest first on migration from dbmail to dovecot. So the older mails have the newer creation timestamp on file system. Do you have any suggestions how to fix that problem? Maybe migrate to dbox mailbox format? BTW: New mails show up correctly, as the creation timestamp is new. Thanks Lukas From marcin at mejor.pl Sun Oct 30 16:35:08 2011 From: marcin at mejor.pl (=?ISO-8859-2?Q?Marcin_Miros=B3aw?=) Date: Sun, 30 Oct 2011 15:35:08 +0100 Subject: [Dovecot] [OT] Bad creation timestamp of migrated mails (maildir format)? In-Reply-To: <995cb6b0e895c72fa16fd7e0f0a4d8e0@weiss.homelinux.com> References: <995cb6b0e895c72fa16fd7e0f0a4d8e0@weiss.homelinux.com> Message-ID: <4EAD609C.3050907@mejor.pl> W dniu 2011-10-30 12:53, Lukas Wei? pisze: > > Hello everybody, > > ive just switched to dovecot imap because dbmail > i used before is not developed any further Hello! Where i can find information about this? Regards From ghandidrivesahumvee at rocketfish.com Sun Oct 30 23:06:31 2011 From: ghandidrivesahumvee at rocketfish.com (Dovecot-GDH) Date: Sun, 30 Oct 2011 14:06:31 -0700 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAD4214.6020405@schetterer.org> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <4EAD4214.6020405@schetterer.org> Message-ID: <2EBAB205-6B4E-48BA-9DFF-6959C3B9E902@rocketfish.com> >> Why using dsync at all? dsync is a tool used for synchronizing mailboxes. >> It should be possible to make a *complete* backup/mirror of a user's >> mailbox with sync The Sieve folder is not part of the mailbox. On Oct 30, 2011, at 5:24 AM, Robert Schetterer wrote: > Am 30.10.2011 13:16, schrieb Peer Heinlein: >> Am Samstag, 29. Oktober 2011, 09:15:31 schrieb Robert Schetterer: >> >>> Hi Peer meanwhile , you may use rsync additional as workaround >> >> Yes, I'm using rsync for 15 years for this. >> >> I'd like to STOP using rsync. >> >> It should be possible to make a *complete* backup/mirror of a user's >> mailbox with dsync. And a backup/mirror without sieve is incomplete. >> >> Peer >> >> >> > > yes youre right > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria From robert at schetterer.org Mon Oct 31 08:17:35 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 07:17:35 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <2EBAB205-6B4E-48BA-9DFF-6959C3B9E902@rocketfish.com> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <4EAD4214.6020405@schetterer.org> <2EBAB205-6B4E-48BA-9DFF-6959C3B9E902@rocketfish.com> Message-ID: <4EAE3D7F.5050701@schetterer.org> Am 30.10.2011 22:06, schrieb Dovecot-GDH: >>> Why using dsync at all? > > dsync is a tool used for synchronizing mailboxes. > >>> It should be possible to make a *complete* backup/mirror of a user's >>> mailbox with sync > > The Sieve folder is not part of the mailbox. thats a definiton question, anyway Peer is right it would be a nice to have, but not hardly needed no need to flame in any case > > On Oct 30, 2011, at 5:24 AM, Robert Schetterer wrote: > >> Am 30.10.2011 13:16, schrieb Peer Heinlein: >>> Am Samstag, 29. Oktober 2011, 09:15:31 schrieb Robert Schetterer: >>> >>>> Hi Peer meanwhile , you may use rsync additional as workaround >>> >>> Yes, I'm using rsync for 15 years for this. >>> >>> I'd like to STOP using rsync. >>> >>> It should be possible to make a *complete* backup/mirror of a user's >>> mailbox with dsync. And a backup/mirror without sieve is incomplete. >>> >>> Peer >>> >>> >>> >> >> yes youre right >> >> -- >> Best Regards >> >> MfG Robert Schetterer >> >> Germany/Munich/Bavaria > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From nebano at gmail.com Mon Oct 31 09:51:44 2011 From: nebano at gmail.com (Osvaldo Alvarez Pozo) Date: Mon, 31 Oct 2011 08:51:44 +0100 Subject: [Dovecot] post login script In-Reply-To: <4EAAD5CF.90905@schetterer.org> References: <4EAAD5CF.90905@schetterer.org> Message-ID: Hello, Thanks for your naswer, but there is no difference bettwen your conf & mine execpt for the name of service. Thanks again Osvaldo 2011/10/28 Robert Schetterer : > Am 28.10.2011 12:49, schrieb Osvaldo Alvarez Pozo: >> Hello all, >> >> I am testing postlogin script with dovecot 2. >> >> I works but i would like that the imap and pop session get executed >> even if the post-login script fail. >> >> my postlogin script is very simple: >> >> #/etc/dovecot/conf.d/10-master.conf >> >> service imap { >> >> executable = imap imap-postlogin >> >> } >> # >> service imap-postlogin { >> >> ? executable = script-login /usr/local/bin/postlogin.sh >> >> ? unix_listener imap-postlogin { >> ? } >> } >> >> >> service pop3 { >> >> executable = pop3 imap-postlogin >> >> } >> >> #/usr/local/bin/postlogin.sh >> echo "UPDATE mailbox SET last_login = now() WHERE username = '$USER'" >> | mysql -upostlogin -pXXXXXXXX postfixadmin >> exec "$@" >> >> >> Thanks in advance >> >> Osvaldo > > i have it like this > > > service pop3 { > > > executable = pop3 pop3-postlogin > } > > service pop3-postlogin { > ? executable = script-login /usr/local/bin/postlogin_pop3.sh > ?user = root > ?unix_listener pop3-postlogin { > ?} > ?} > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > From robert at schetterer.org Mon Oct 31 09:57:47 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 08:57:47 +0100 Subject: [Dovecot] post login script In-Reply-To: References: <4EAAD5CF.90905@schetterer.org> Message-ID: <4EAE54FB.10304@schetterer.org> Am 31.10.2011 08:51, schrieb Osvaldo Alvarez Pozo: > Hello, > > Thanks for your naswer, but there is no difference bettwen your conf & > mine execpt for the name of service. > > Thanks again are you sure ? i have 2 different ( extra ) login scripts not only one fitting for imap and pop3 but you only asked for pop3 > > Osvaldo > > 2011/10/28 Robert Schetterer : >> Am 28.10.2011 12:49, schrieb Osvaldo Alvarez Pozo: >>> Hello all, >>> >>> I am testing postlogin script with dovecot 2. >>> >>> I works but i would like that the imap and pop session get executed >>> even if the post-login script fail. >>> >>> my postlogin script is very simple: >>> >>> #/etc/dovecot/conf.d/10-master.conf >>> >>> service imap { >>> >>> executable = imap imap-postlogin >>> >>> } >>> # >>> service imap-postlogin { >>> >>> executable = script-login /usr/local/bin/postlogin.sh >>> >>> unix_listener imap-postlogin { >>> } >>> } >>> >>> >>> service pop3 { >>> >>> executable = pop3 imap-postlogin >>> >>> } >>> >>> #/usr/local/bin/postlogin.sh >>> echo "UPDATE mailbox SET last_login = now() WHERE username = '$USER'" >>> | mysql -upostlogin -pXXXXXXXX postfixadmin >>> exec "$@" >>> >>> >>> Thanks in advance >>> >>> Osvaldo >> >> i have it like this >> >> >> service pop3 { >> >> >> executable = pop3 pop3-postlogin >> } >> >> service pop3-postlogin { >> executable = script-login /usr/local/bin/postlogin_pop3.sh >> user = root >> unix_listener pop3-postlogin { >> } >> } >> >> >> -- >> Best Regards >> >> MfG Robert Schetterer >> >> Germany/Munich/Bavaria >> -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From arlin at mvs.us Mon Oct 31 10:45:40 2011 From: arlin at mvs.us (Arlin) Date: Mon, 31 Oct 2011 14:15:40 +0530 Subject: [Dovecot] Manage dovecot maildir on multiple servers Message-ID: <002b01cc97a9$79b453b0$6d1cfb10$@mvs.us> Any suggestions on how to implement dovecot maildir on multiple servers. Does this required independent installation of Dovecot on each servers, or a single instance of Dovecot with shared MailDir would serve the purpose? Thanks, Arlin From arlin at mvs.us Mon Oct 31 10:47:07 2011 From: arlin at mvs.us (Arlin) Date: Mon, 31 Oct 2011 14:17:07 +0530 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? Message-ID: <003001cc97a9$addbeb80$0993c280$@mvs.us> Could anyone please respond to this query. Thank you! From: Arlin [mailto:arlin at mvs.us] Sent: 28 October 2011 17:06 To: 'dovecot at dovecot.org' Subject: How can we horizontally scale Dovecot across multiple servers? Hi, How can we horizontally scale Dovecot across multiple servers? Do we require to install independent instances of Dovecot on each server? We are planning to use a NAS/SAN device using ZFS or EFS for email storage. Each logical unit will be of 10TB and similarly as the no: of user increases we are planning to add multiple 10TB units. In this case how we can manage the email storage on multiple volumes from Dovecot. The configuration of our existing system is:- Dovecot 1.0.15 / Maildirs Postfix 2.5.5 Debian 5.0.9 (Lenny) MySQL 5.0.15 Please advise. Thanks in advance. Creative Regards, Arlin From robert at schetterer.org Mon Oct 31 10:56:10 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 09:56:10 +0100 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <003001cc97a9$addbeb80$0993c280$@mvs.us> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> Message-ID: <4EAE62AA.6080203@schetterer.org> Am 31.10.2011 09:47, schrieb Arlin: > Could anyone please respond to this query. Thank you! you may use loadbalancers i.e (keepalived etc) and/or http://wiki2.dovecot.org/FeatLoginProxy http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy look the list for cluster setups etc reading your former post you want to use many outdated prog versions dont do that a san for storage might be a good choice some of the list use drbd with ocfs2 and other cluster filesystems > > > > From: Arlin [mailto:arlin at mvs.us] > Sent: 28 October 2011 17:06 > To: 'dovecot at dovecot.org' > Subject: How can we horizontally scale Dovecot across multiple servers? > > > > Hi, > > > > How can we horizontally scale Dovecot across multiple servers? Do we require > to install independent instances of Dovecot on each server? > > > > We are planning to use a NAS/SAN device using ZFS or EFS for email storage. > Each logical unit will be of 10TB and similarly as the no: of user increases > we are planning to add multiple 10TB units. > > In this case how we can manage the email storage on multiple volumes from > Dovecot. > > > > The configuration of our existing system is:- > > > > Dovecot 1.0.15 / Maildirs > > Postfix 2.5.5 > > Debian 5.0.9 (Lenny) > > MySQL 5.0.15 > > > > Please advise. > > > > Thanks in advance. > > > > Creative Regards, > > Arlin > > > > > > > > > > > > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From arlin at mvs.us Mon Oct 31 11:43:07 2011 From: arlin at mvs.us (Arlin) Date: Mon, 31 Oct 2011 15:13:07 +0530 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <4EAE62AA.6080203@schetterer.org> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> Message-ID: <000301cc97b1$81100ca0$833025e0$@mvs.us> Hi Robert, Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other component's to the latest version. In that case, can we use san for storage or are you recommending that drbd with ocfs2 is the best way to attain the horizontal scalability for the mail storage? Thanks, Arlin -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Robert Schetterer Sent: 31 October 2011 14:26 To: dovecot at dovecot.org Subject: Re: [Dovecot] How can we horizontally scale Dovecot across multiple servers? Am 31.10.2011 09:47, schrieb Arlin: > Could anyone please respond to this query. Thank you! you may use loadbalancers i.e (keepalived etc) and/or http://wiki2.dovecot.org/FeatLoginProxy http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy look the list for cluster setups etc reading your former post you want to use many outdated prog versions dont do that a san for storage might be a good choice some of the list use drbd with ocfs2 and other cluster filesystems > > > > From: Arlin [mailto:arlin at mvs.us] > Sent: 28 October 2011 17:06 > To: 'dovecot at dovecot.org' > Subject: How can we horizontally scale Dovecot across multiple servers? > > > > Hi, > > > > How can we horizontally scale Dovecot across multiple servers? Do we > require to install independent instances of Dovecot on each server? > > > > We are planning to use a NAS/SAN device using ZFS or EFS for email storage. > Each logical unit will be of 10TB and similarly as the no: of user > increases we are planning to add multiple 10TB units. > > In this case how we can manage the email storage on multiple volumes > from Dovecot. > > > > The configuration of our existing system is:- > > > > Dovecot 1.0.15 / Maildirs > > Postfix 2.5.5 > > Debian 5.0.9 (Lenny) > > MySQL 5.0.15 > > > > Please advise. > > > > Thanks in advance. > > > > Creative Regards, > > Arlin > > > > > > > > > > > > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From joseba.torre at ehu.es Mon Oct 31 11:54:29 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 31 Oct 2011 10:54:29 +0100 Subject: [Dovecot] dovecot creating literal %d/%n/ folders In-Reply-To: References: Message-ID: <201110311054.29755.joseba.torre@ehu.es> On S?bado 29 Octubre 2011 04:03:41 sean darcy escribi?: > I have a virtual user test1. > > cat /etc/dovecot/users > test1@:{PLAIN}test1pass:504:504::/home/vmail/%d/%n > catchall@:{PLAIN}password:504:504::/home/vmail/%d/%n > @:{PLAIN}password:504:504::/home/vmail//catchall > test1 at example.com:{PLAIN}test1pass:504:504::/home/vmail/%d/%n > > ls /home/vmail/%d/%n/mail > cur dovecot.index.cache dovecot.index.log dovecot-uidlist > dovecot-uidvalidity dovecot-uidvalidity.4eab20a7 new tmp > > and mail to test1@ goes into this %d/%n folder. In fact > dovecot created the folder - at least I didn't. > > from dovecot-info.log > > Oct 28 17:43:11 auth: Debug: master in: USER 4 test1@ > service=lmtp > Oct 28 17:43:11 auth: Debug: passwd(test1@): lookup > Oct 28 17:43:11 auth: Info: passwd(test1@): unknown user > Oct 28 17:43:11 auth: Debug: passwd-file(test1@): lookup: > user=test1@ file=/etc/dovecot/users > Oct 28 17:43:11 auth: Debug: master out: USER 4 test1@ > uid=504 gid=504 home=/home/vmail/%d/%n > Oct 28 17:43:11 lmtp(4533, test1@): Info: > l6DnLacgq061EQAABoXEcA: msgid=<4EAB21EC.9070905 at gmail.com>: saved mail > to INBOX > > I would have expected dovecot to expand this to > /home/vmail//test1. > > Or are the %u %d variables only expanded in certain files? I had this same misunderstanding few days ago (in my case using ldap, but it doesn't matter). The usage of variables makes sense when used in generic values (e.g. mail_location), but not when used in a per-user db, and so they're not expanded in that cases. So: when adding a new entry in your passdb file, you should write actual values instead of variables. Usually it's really easy. HTH -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From joseba.torre at ehu.es Mon Oct 31 11:59:50 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 31 Oct 2011 10:59:50 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110301316.59856.p.heinlein@heinlein-support.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> Message-ID: <201110311059.50921.joseba.torre@ehu.es> On Domingo 30 Octubre 2011 13:16:59 Peer Heinlein escribi?: > It should be possible to make a complete backup/mirror of a user's > mailbox with dsync. And a backup/mirror without sieve is incomplete. And procmail rules? And maildrop rules? And someones post-login script based rules? To me, mailboxes are mailboxes, and dsync works fine. And yes: having a tool to migrate rules (sieve or whatever) would be nice. -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From robert at schetterer.org Mon Oct 31 12:00:33 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 11:00:33 +0100 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <000301cc97b1$81100ca0$833025e0$@mvs.us> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> <000301cc97b1$81100ca0$833025e0$@mvs.us> Message-ID: <4EAE71C1.7060400@schetterer.org> Am 31.10.2011 10:43, schrieb Arlin: > Hi Robert, > > Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other > component's to the latest version. In that case, can we use san for storage > or are you recommending that drbd with ocfs2 is the best way to attain the > horizontal scalability for the mail storage? Hi Arlin, there is no best way, you should choose whatever fits best to your needs an haves so it depends on many stuff ( i.e at last finance, network, manpower, knowledge) etc So all i can say iam just using a loadbalanced cluster setup with drbd ocfs2 maildir dovecot postfix mysql clamav spamassassin on ubuntu lucid lts with 3000 Mailboxes without any big Problems yet but i can imagine that a professional SAN might be better in performance but there is a lot other other questions left , i.e maildir must not be the best solution for mailbox format etc cluster setups with lots of mailboxes are complex in many ways, if you planning a real big mailservice you should ask more here on this list for existing other setups and choose i.e Timo and/or others for professional and paid advice and work > > Thanks, > Arlin > > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On > Behalf Of Robert Schetterer > Sent: 31 October 2011 14:26 > To: dovecot at dovecot.org > Subject: Re: [Dovecot] How can we horizontally scale Dovecot across multiple > servers? > > Am 31.10.2011 09:47, schrieb Arlin: >> Could anyone please respond to this query. Thank you! > > you may use loadbalancers i.e (keepalived etc) and/or > > http://wiki2.dovecot.org/FeatLoginProxy > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > look the list for cluster setups etc > > reading your former post > you want to use many outdated prog versions dont do that a san for storage > might be a good choice some of the list use drbd with ocfs2 and other > cluster filesystems > >> >> >> >> From: Arlin [mailto:arlin at mvs.us] >> Sent: 28 October 2011 17:06 >> To: 'dovecot at dovecot.org' >> Subject: How can we horizontally scale Dovecot across multiple servers? >> >> >> >> Hi, >> >> >> >> How can we horizontally scale Dovecot across multiple servers? Do we >> require to install independent instances of Dovecot on each server? >> >> >> >> We are planning to use a NAS/SAN device using ZFS or EFS for email > storage. >> Each logical unit will be of 10TB and similarly as the no: of user >> increases we are planning to add multiple 10TB units. >> >> In this case how we can manage the email storage on multiple volumes >> from Dovecot. >> >> >> >> The configuration of our existing system is:- >> >> >> >> Dovecot 1.0.15 / Maildirs >> >> Postfix 2.5.5 >> >> Debian 5.0.9 (Lenny) >> >> MySQL 5.0.15 >> >> >> >> Please advise. >> >> >> >> Thanks in advance. >> >> >> >> Creative Regards, >> >> Arlin >> >> >> >> >> >> >> >> >> >> >> >> > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From Ralf.Hildebrandt at charite.de Mon Oct 31 12:03:41 2011 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Mon, 31 Oct 2011 11:03:41 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110311059.50921.joseba.torre@ehu.es> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> Message-ID: <20111031100340.GJ1132@charite.de> * Joseba Torre : > On Domingo 30 Octubre 2011 13:16:59 Peer Heinlein escribi?: > > It should be possible to make a complete backup/mirror of a user's > > mailbox with dsync. And a backup/mirror without sieve is incomplete. > > And procmail rules? They're not stored "within" dovecot's reach. procmail is not a part of dovecot. > And maildrop rules? They're not stored "within" dovecot's reach. maildrop is not a part of dovecot. > And someones post-login script based rules? Good point. But usually the admin adds those. > To me, mailboxes are mailboxes, and dsync works fine. > > And yes: having a tool to migrate rules (sieve or whatever) would be nice. Yup. Especially since it's a bit tricky to see whether a user has rules. -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From robert at schetterer.org Mon Oct 31 12:29:19 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 11:29:19 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <20111031100340.GJ1132@charite.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> <20111031100340.GJ1132@charite.de> Message-ID: <4EAE787F.1020808@schetterer.org> Am 31.10.2011 11:03, schrieb Ralf Hildebrandt: > * Joseba Torre : >> On Domingo 30 Octubre 2011 13:16:59 Peer Heinlein escribi?: >>> It should be possible to make a complete backup/mirror of a user's >>> mailbox with dsync. And a backup/mirror without sieve is incomplete. >> >> And procmail rules? > > They're not stored "within" dovecot's reach. procmail is not a part of > dovecot. > >> And maildrop rules? > > They're not stored "within" dovecot's reach. maildrop is not a part of > dovecot. > >> And someones post-login script based rules? > > Good point. But usually the admin adds those. jep an normally they are in some global backup for the dovecot conf > >> To me, mailboxes are mailboxes, and dsync works fine. >> >> And yes: having a tool to migrate rules (sieve or whatever) would be nice. > > Yup. Especially since it's a bit tricky to see whether a user has rules. > hm, idea , any chance to feed sieve rules in a database backend or ldap etc so it would be part of backing up the db/dir service guess we have to wait for the hackers to get qualified answers *g -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From fbscarel at gmail.com Mon Oct 31 13:28:51 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Mon, 31 Oct 2011 09:28:51 -0200 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <4EAE71C1.7060400@schetterer.org> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> <000301cc97b1$81100ca0$833025e0$@mvs.us> <4EAE71C1.7060400@schetterer.org> Message-ID: Quick question about the usage of DRBD: I'm thinking of a setup on my organization here (15k+ users, 4TB of email data), but I'm holding back on the clusterization due to the high volume of data. Using DRBD would implicate mirroring those 4TB of data across all cluster nodes? If yes, I might go with a SAN-based solution, though I haven't studied much about that setup yet (the other sysadm administrates the VMs and SAN, gotta ask him a few questions). On Mon, Oct 31, 2011 at 08:00, Robert Schetterer wrote: > Am 31.10.2011 10:43, schrieb Arlin: > > Hi Robert, > > > > Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other > > component's to the latest version. In that case, can we use san for > storage > > or are you recommending that drbd with ocfs2 is the best way to attain > the > > horizontal scalability for the mail storage? > > Hi Arlin, there is no best way, you should choose > whatever fits best to your needs an haves > so it depends on many stuff ( i.e at last finance, network, manpower, > knowledge) etc > > So all i can say iam just using a loadbalanced cluster setup with drbd > ocfs2 maildir dovecot postfix mysql clamav spamassassin on ubuntu lucid > lts with 3000 Mailboxes without any big Problems yet > but i can imagine that a professional SAN might be better in performance > but there is a lot other other questions left , i.e maildir must not be > the best solution for mailbox format etc > > cluster setups with lots of mailboxes are complex > in many ways, if you planning a real big mailservice > you should ask more here on this list for existing other setups and > choose i.e > Timo and/or others for professional and paid advice and work > > > > > > Thanks, > > Arlin > > > > -----Original Message----- > > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] > On > > Behalf Of Robert Schetterer > > Sent: 31 October 2011 14:26 > > To: dovecot at dovecot.org > > Subject: Re: [Dovecot] How can we horizontally scale Dovecot across > multiple > > servers? > > > > Am 31.10.2011 09:47, schrieb Arlin: > >> Could anyone please respond to this query. Thank you! > > > > you may use loadbalancers i.e (keepalived etc) and/or > > > > http://wiki2.dovecot.org/FeatLoginProxy > > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > > > look the list for cluster setups etc > > > > reading your former post > > you want to use many outdated prog versions dont do that a san for > storage > > might be a good choice some of the list use drbd with ocfs2 and other > > cluster filesystems > > > >> > >> > >> > >> From: Arlin [mailto:arlin at mvs.us] > >> Sent: 28 October 2011 17:06 > >> To: 'dovecot at dovecot.org' > >> Subject: How can we horizontally scale Dovecot across multiple servers? > >> > >> > >> > >> Hi, > >> > >> > >> > >> How can we horizontally scale Dovecot across multiple servers? Do we > >> require to install independent instances of Dovecot on each server? > >> > >> > >> > >> We are planning to use a NAS/SAN device using ZFS or EFS for email > > storage. > >> Each logical unit will be of 10TB and similarly as the no: of user > >> increases we are planning to add multiple 10TB units. > >> > >> In this case how we can manage the email storage on multiple volumes > >> from Dovecot. > >> > >> > >> > >> The configuration of our existing system is:- > >> > >> > >> > >> Dovecot 1.0.15 / Maildirs > >> > >> Postfix 2.5.5 > >> > >> Debian 5.0.9 (Lenny) > >> > >> MySQL 5.0.15 > >> > >> > >> > >> Please advise. > >> > >> > >> > >> Thanks in advance. > >> > >> > >> > >> Creative Regards, > >> > >> Arlin > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > > > > > > -- > > Best Regards > > > > MfG Robert Schetterer > > > > Germany/Munich/Bavaria > > > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > From vladsol at ukr.net Mon Oct 31 14:10:27 2011 From: vladsol at ukr.net (Vlad) Date: Mon, 31 Oct 2011 14:10:27 +0200 Subject: [Dovecot] Problems with permissions on mail_location Message-ID: <752540808.20111031141027@ukr.net> Hi, All! I have 2.0.beta6 (3156315704ef) Trying to set up Dovecot with virtual users. mail_uid=mail mail_gid=mail mail_location = maildir:/var/mail/%n /var/mail owner is mail:mail, permissions is 777 From error log: Oct 31 13:34:17 imap(test): Error: user test: Initialization failed:Initializing mail storage from mail_location setting failed: mkdir(/var/mail/test) failed: Permission denied (euid=8(mail) egid=12(mail) missing +w perm: /var/mail, euid is not dir owner) but /var/mail owner is mail:mail (same the euid, egid). In what may be the problem? (With full rights to the directory dovecot does not want to write it :-\ ) If I change /var/mail to /tmp/mail (for testing), then everything works fine, dovecot can write to this directory. But if i create /test/mail, or /mail with chmod 777 and chown mail:mail - again the same error :-( -- ? ?????????, Vlad mailto:vladsol at ukr.net From CMarcus at Media-Brokers.com Mon Oct 31 14:19:55 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 31 Oct 2011 08:19:55 -0400 Subject: [Dovecot] Problems with permissions on mail_location In-Reply-To: <752540808.20111031141027@ukr.net> References: <752540808.20111031141027@ukr.net> Message-ID: <4EAE926B.8040509@Media-Brokers.com> On 2011-10-31 8:10 AM, Vlad wrote: > I have 2.0.beta6 (3156315704ef) Upgrade, then come back with any questions... -- Best regards, Charles From vladsol at ukr.net Mon Oct 31 14:23:21 2011 From: vladsol at ukr.net (Vlad) Date: Mon, 31 Oct 2011 14:23:21 +0200 Subject: [Dovecot] Problems with permissions on mail_location In-Reply-To: <4EAE926B.8040509@Media-Brokers.com> References: <752540808.20111031141027@ukr.net> <4EAE926B.8040509@Media-Brokers.com> Message-ID: <271322296.20111031142321@ukr.net> I installed dovecot from the "official" CentOS 6 repository . I think in this case, the problem is not in the version ..: - \ I'll try to update .. > On 2011-10-31 8:10 AM, Vlad wrote: >> I have 2.0.beta6 (3156315704ef) > Upgrade, then come back with any questions... -- ? ?????????, Vlad mailto:vladsol at ukr.net From robert at schetterer.org Mon Oct 31 14:33:22 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 13:33:22 +0100 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> <000301cc97b1$81100ca0$833025e0$@mvs.us> <4EAE71C1.7060400@schetterer.org> Message-ID: <4EAE9592.8010209@schetterer.org> Am 31.10.2011 12:28, schrieb Felipe Scarel: > Quick question about the usage of DRBD: I'm thinking of a setup on my > organization here (15k+ users, 4TB of email data), but I'm holding back > on the clusterization due to the high volume of data. > > Using DRBD would implicate mirroring those 4TB of data across all > cluster nodes? If yes, I might go with a SAN-based solution, though I > haven't studied much about that setup yet (the other sysadm > administrates the VMs and SAN, gotta ask him a few questions). i wouldnt do that with drbd as such big setup , there should be enough money using better choices > > On Mon, Oct 31, 2011 at 08:00, Robert Schetterer > wrote: > > Am 31.10.2011 10:43, schrieb Arlin: > > Hi Robert, > > > > Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other > > component's to the latest version. In that case, can we use san > for storage > > or are you recommending that drbd with ocfs2 is the best way to > attain the > > horizontal scalability for the mail storage? > > Hi Arlin, there is no best way, you should choose > whatever fits best to your needs an haves > so it depends on many stuff ( i.e at last finance, network, manpower, > knowledge) etc > > So all i can say iam just using a loadbalanced cluster setup with drbd > ocfs2 maildir dovecot postfix mysql clamav spamassassin on ubuntu lucid > lts with 3000 Mailboxes without any big Problems yet > but i can imagine that a professional SAN might be better in performance > but there is a lot other other questions left , i.e maildir must not be > the best solution for mailbox format etc > > cluster setups with lots of mailboxes are complex > in many ways, if you planning a real big mailservice > you should ask more here on this list for existing other setups and > choose i.e > Timo and/or others for professional and paid advice and work > > > > > > Thanks, > > Arlin > > > > -----Original Message----- > > From: dovecot-bounces at dovecot.org > > [mailto:dovecot-bounces at dovecot.org > ] On > > Behalf Of Robert Schetterer > > Sent: 31 October 2011 14:26 > > To: dovecot at dovecot.org > > Subject: Re: [Dovecot] How can we horizontally scale Dovecot > across multiple > > servers? > > > > Am 31.10.2011 09:47, schrieb Arlin: > >> Could anyone please respond to this query. Thank you! > > > > you may use loadbalancers i.e (keepalived etc) and/or > > > > http://wiki2.dovecot.org/FeatLoginProxy > > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > > > look the list for cluster setups etc > > > > reading your former post > > you want to use many outdated prog versions dont do that a san for > storage > > might be a good choice some of the list use drbd with ocfs2 and other > > cluster filesystems > > > >> > >> > >> > >> From: Arlin [mailto:arlin at mvs.us ] > >> Sent: 28 October 2011 17:06 > >> To: 'dovecot at dovecot.org ' > >> Subject: How can we horizontally scale Dovecot across multiple > servers? > >> > >> > >> > >> Hi, > >> > >> > >> > >> How can we horizontally scale Dovecot across multiple servers? Do we > >> require to install independent instances of Dovecot on each server? > >> > >> > >> > >> We are planning to use a NAS/SAN device using ZFS or EFS for email > > storage. > >> Each logical unit will be of 10TB and similarly as the no: of user > >> increases we are planning to add multiple 10TB units. > >> > >> In this case how we can manage the email storage on multiple volumes > >> from Dovecot. > >> > >> > >> > >> The configuration of our existing system is:- > >> > >> > >> > >> Dovecot 1.0.15 / Maildirs > >> > >> Postfix 2.5.5 > >> > >> Debian 5.0.9 (Lenny) > >> > >> MySQL 5.0.15 > >> > >> > >> > >> Please advise. > >> > >> > >> > >> Thanks in advance. > >> > >> > >> > >> Creative Regards, > >> > >> Arlin > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > > > > > > -- > > Best Regards > > > > MfG Robert Schetterer > > > > Germany/Munich/Bavaria > > > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From fbscarel at gmail.com Mon Oct 31 15:13:07 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Mon, 31 Oct 2011 11:13:07 -0200 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <4EAE9592.8010209@schetterer.org> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> <000301cc97b1$81100ca0$833025e0$@mvs.us> <4EAE71C1.7060400@schetterer.org> <4EAE9592.8010209@schetterer.org> Message-ID: There is, though not readily available unfortunately. Thanks for the input, always helpful. On Mon, Oct 31, 2011 at 10:33, Robert Schetterer wrote: > Am 31.10.2011 12:28, schrieb Felipe Scarel: > > Quick question about the usage of DRBD: I'm thinking of a setup on my > > organization here (15k+ users, 4TB of email data), but I'm holding back > > on the clusterization due to the high volume of data. > > > > Using DRBD would implicate mirroring those 4TB of data across all > > cluster nodes? If yes, I might go with a SAN-based solution, though I > > haven't studied much about that setup yet (the other sysadm > > administrates the VMs and SAN, gotta ask him a few questions). > > i wouldnt do that with drbd > as such big setup , there should be enough money using better choices > > > > On Mon, Oct 31, 2011 at 08:00, Robert Schetterer > > wrote: > > > > Am 31.10.2011 10:43, schrieb Arlin: > > > Hi Robert, > > > > > > Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other > > > component's to the latest version. In that case, can we use san > > for storage > > > or are you recommending that drbd with ocfs2 is the best way to > > attain the > > > horizontal scalability for the mail storage? > > > > Hi Arlin, there is no best way, you should choose > > whatever fits best to your needs an haves > > so it depends on many stuff ( i.e at last finance, network, manpower, > > knowledge) etc > > > > So all i can say iam just using a loadbalanced cluster setup with > drbd > > ocfs2 maildir dovecot postfix mysql clamav spamassassin on ubuntu > lucid > > lts with 3000 Mailboxes without any big Problems yet > > but i can imagine that a professional SAN might be better in > performance > > but there is a lot other other questions left , i.e maildir must not > be > > the best solution for mailbox format etc > > > > cluster setups with lots of mailboxes are complex > > in many ways, if you planning a real big mailservice > > you should ask more here on this list for existing other setups and > > choose i.e > > Timo and/or others for professional and paid advice and work > > > > > > > > > > Thanks, > > > Arlin > > > > > > -----Original Message----- > > > From: dovecot-bounces at dovecot.org > > > > [mailto:dovecot-bounces at dovecot.org > > ] On > > > Behalf Of Robert Schetterer > > > Sent: 31 October 2011 14:26 > > > To: dovecot at dovecot.org > > > Subject: Re: [Dovecot] How can we horizontally scale Dovecot > > across multiple > > > servers? > > > > > > Am 31.10.2011 09:47, schrieb Arlin: > > >> Could anyone please respond to this query. Thank you! > > > > > > you may use loadbalancers i.e (keepalived etc) and/or > > > > > > http://wiki2.dovecot.org/FeatLoginProxy > > > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > > > > > look the list for cluster setups etc > > > > > > reading your former post > > > you want to use many outdated prog versions dont do that a san for > > storage > > > might be a good choice some of the list use drbd with ocfs2 and > other > > > cluster filesystems > > > > > >> > > >> > > >> > > >> From: Arlin [mailto:arlin at mvs.us ] > > >> Sent: 28 October 2011 17:06 > > >> To: 'dovecot at dovecot.org ' > > >> Subject: How can we horizontally scale Dovecot across multiple > > servers? > > >> > > >> > > >> > > >> Hi, > > >> > > >> > > >> > > >> How can we horizontally scale Dovecot across multiple servers? Do > we > > >> require to install independent instances of Dovecot on each > server? > > >> > > >> > > >> > > >> We are planning to use a NAS/SAN device using ZFS or EFS for email > > > storage. > > >> Each logical unit will be of 10TB and similarly as the no: of user > > >> increases we are planning to add multiple 10TB units. > > >> > > >> In this case how we can manage the email storage on multiple > volumes > > >> from Dovecot. > > >> > > >> > > >> > > >> The configuration of our existing system is:- > > >> > > >> > > >> > > >> Dovecot 1.0.15 / Maildirs > > >> > > >> Postfix 2.5.5 > > >> > > >> Debian 5.0.9 (Lenny) > > >> > > >> MySQL 5.0.15 > > >> > > >> > > >> > > >> Please advise. > > >> > > >> > > >> > > >> Thanks in advance. > > >> > > >> > > >> > > >> Creative Regards, > > >> > > >> Arlin > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > > > > > > > > -- > > > Best Regards > > > > > > MfG Robert Schetterer > > > > > > Germany/Munich/Bavaria > > > > > > > > > -- > > Best Regards > > > > MfG Robert Schetterer > > > > Germany/Munich/Bavaria > > > > > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > From alexwbaule at gmail.com Mon Oct 31 17:25:42 2011 From: alexwbaule at gmail.com (Alex Baule) Date: Mon, 31 Oct 2011 13:25:42 -0200 Subject: [Dovecot] Rewrite the ostream output method, to save messages in another directory. Message-ID: Hi Timo, I Trying to integrate my antispam with dovecot, using the imap folder to do certain actions. I Do almost every thing, but i have some problems saving the message. Explaining this function, i try to use a imap folder like a "collector folder", the user append a message from outside (ie another imap or pop message) to this folder, and i don't want to copy this message, i need to redirect it to another folder outside from user's maildir. Well, i try to base it in zlib plugin, with was the o_stream_create_gz(). Inside the o_stream_create_gz has the Output, it's a copy from the original output. I Try to replace this output, with another one, that i try to create to another location, without sucessfull. struct ostream * o_stream_create_X_list(struct ostream *output, struct istream *input, const char *type) { struct emexis_ostream *X_stream; struct ostream *new_output; int fd; fd = open("/tmp/email",O_WRONLY); new_output = o_stream_create_fd_file(fd, 0, TRUE); o_stream_cork(new_output); emexis_stream = i_new(struct emexis_ostream, 1); emexis_stream->ostream.sendv = o_stream_X_sendv; emexis_stream->ostream.flush = o_stream_X_flush; emexis_stream->ostream.iostream.close = o_stream_X_close; emexis_stream->output = new_output; emexis_stream->input = input; o_stream_ref(new_output); return o_stream_create(&X_stream->ostream); } With this new o_stream, i got this error. Oct 27 15:14:24 brc dovecot: imap(alex at exemplo.com.br): Error: o_stream_send_istream(/storage/gss/emexis/messages/ exemplo.com.br/alex/Maildir/.Emexis.Ext-Blacklist/tmp/1319735664.M568409P30815.brc) failed: Bad file descriptor Oct 27 15:14:24 brc dovecot: imap(alex at exemplo.com.br): Error: o_stream_flush(/storage/gss/emexis/messages/ exemplo.com.br/alex/Maildir/.Emexis.Ext-Blacklist/tmp/1319735664.M568409P30815.brc) failed: Bad file descriptor Oct 27 15:14:24 brc dovecot: imap(alex at exemplo.com.br): Error: write(/storage/gss/emexis/messages/ exemplo.com.br/alex/Maildir/.Emexis.Ext-Blacklist/tmp/1319735664.M568409P30815.brc) failed: Bad file descriptor There is something wrong Timo ? Like missing something or i need to rewrite another funcion ? Tks !!! From stephan at rename-it.nl Mon Oct 31 17:58:29 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 31 Oct 2011 16:58:29 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAE787F.1020808@schetterer.org> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> <20111031100340.GJ1132@charite.de> <4EAE787F.1020808@schetterer.org> Message-ID: <4EAEC5A5.9000807@rename-it.nl> On 31-10-2011 11:29, Robert Schetterer wrote: > hm, idea , any chance to feed sieve rules in a database backend or ldap etc > so it would be part of backing up the db/dir service That is on the TODO list. However, this is not high-priority. Regards, Stephan. From stephan at rename-it.nl Mon Oct 31 18:00:53 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 31 Oct 2011 17:00:53 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAE3D7F.5050701@schetterer.org> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <4EAD4214.6020405@schetterer.org> <2EBAB205-6B4E-48BA-9DFF-6959C3B9E902@rocketfish.com> <4EAE3D7F.5050701@schetterer.org> Message-ID: <4EAEC635.3090406@rename-it.nl> Op 31-10-2011 7:17, Robert Schetterer schreef: > Am 30.10.2011 22:06, schrieb Dovecot-GDH: >> The Sieve folder is not part of the mailbox. > thats a definiton question, anyway Peer is right > it would be a nice to have, but not hardly needed > no need to flame in any case I wonder how extensible dsync is in this respect. It doesn't sound too difficult to implement, but so far I haven't looked at its sources. Regards, Stephan. From leo at strike.wu.ac.at Mon Oct 31 19:00:52 2011 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Mon, 31 Oct 2011 18:00:52 +0100 Subject: [Dovecot] setting namespaces using script-login environment in 2.0 Message-ID: <4EAED444.70608@strike.wu.ac.at> Hi! With dovecot 1.x, I was using a post-login script to dynamically add shared mailboxes using NAMESPACE_X.. environment variables, based on filesystem permissions: After login, the post-login script was executed with user permissions (mail_drop_priv_before_exec=yes). It added all subdirectories of "/var/spool/mail/Shared" as namespaces for which the user had write permissions. E.g.: NAMESPACE_2='maildir:/var/mail/Shared/spamrep:INDEX=~/Maildir/index/Shared/spamrep' NAMESPACE_2_PREFIX=Shared/spamrep/ NAMESPACE_2_SEP=/ NAMESPACE_2_TYPE=public NAMESPACE_2_LIST=yes See the attached post-pogin-script for details. After switching to 2.0.14 (using executable script-login -d...), the script actually gets executed but the namespace settings do not seem to be honored. Besides, I don't see any pre-set NAMESPACE_ environment variables anymore. Have environment based namespace settings been abandoned in 2.0? Does Dovecot 2.0 maybe provide a better way to only display those folders, for which the user has at least read permissions? (Unix-permission based) Thanks in advance, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria From e-frog at gmx.de Mon Oct 31 19:41:49 2011 From: e-frog at gmx.de (e-frog) Date: Mon, 31 Oct 2011 18:41:49 +0100 Subject: [Dovecot] setting namespaces using script-login environment in 2.0 In-Reply-To: <4EAED444.70608@strike.wu.ac.at> References: <4EAED444.70608@strike.wu.ac.at> Message-ID: <4EAEDDDD.40206@gmx.de> On 31.10.2011 18:00, wrote Alexander 'Leo' Bergolth: > > Have environment based namespace settings been abandoned in 2.0? > I think you need to add them to USERDB_KEYS now... http://wiki2.dovecot.org/PostLoginScripting#Running_environment /e-frog From p at state-of-mind.de Mon Oct 31 19:45:49 2011 From: p at state-of-mind.de (Patrick Ben Koetter) Date: Mon, 31 Oct 2011 18:45:49 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAEC5A5.9000807@rename-it.nl> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> <20111031100340.GJ1132@charite.de> <4EAE787F.1020808@schetterer.org> <4EAEC5A5.9000807@rename-it.nl> Message-ID: <20111031174549.GB2252@state-of-mind.de> * Stephan Bosch : > On 31-10-2011 11:29, Robert Schetterer wrote: > >hm, idea , any chance to feed sieve rules in a database backend or ldap etc > >so it would be part of backing up the db/dir service > > That is on the TODO list. However, this is not high-priority. You might want to find out how SOGo stores sieve rules in SQL. p at rick -- state of mind () http://www.state-of-mind.de Franziskanerstra?e 15 Telefon +49 89 3090 4664 81669 M?nchen Telefax +49 89 3090 4666 Amtsgericht M?nchen Partnerschaftsregister PR 563 From dovecot at tlinx.org Mon Oct 31 22:17:16 2011 From: dovecot at tlinx.org (Linda Walsh) Date: Mon, 31 Oct 2011 13:17:16 -0700 Subject: [Dovecot] Thunderbird slow in talking with dovecot IMAP AND to sendmail In-Reply-To: <4EA69FAE.1030100@Media-Brokers.com> References: <4EA68C11.5060102@tlinx.org> <4EA69FAE.1030100@Media-Brokers.com> Message-ID: <4EAF024C.6040506@tlinx.org> Charles Marcus wrote: > On 2011-10-25 6:14 AM, Linda Walsh wrote: >> and everyfrackin' body was using 4K packet sizes (at the application >> level!, the window size on TCP was over 64K...but no one was using >> it)....especially galling with my network's MTU at 9K, BTW, because >> small packets are really bad on a 1Gb network. >> >> sendmail -- 4K, >> dovecot /ssl, 4K... >> >> wazzup .. is t-bird forcing this, > > If I'm not mistaken, yes, this is (or could be) a TBird problem... I > can't find the bug report where this was discussed, but I distinctly > remember one of the devs commenting on this 4k packet size issue. > Apparently it was an intentional change, but he couldn't figure out why. > > Fyi, it was discussed in one of the IMAP performance bugs... --- Thanks for the lead...will check it out. The problem with the Tbird (and FF) is that design for home users with dialup connections, so if you have a home network and run IMAP @home, all their tuning goes out the window -- and they don't make it configurable. I had to go to a 9K packet size on 1Gb ethernet to get close to full bandwitch usage (and then it is a large effort with a windows client)...and that's down at layer 2? FF IMAP is at layer 5? ... the latency is insane at that point. Alot of companies aren't real bright when it comes to storing files locally -- instead of 'local' they almost always use the 'roaming' profile...Cuprits: TB at 4G, Adobe at 2.5G, XBMC ~1-2G. Adobe's great -- most of that 2.5G are the product helpfiles which you don't get when you install -- they are d/led later and thus stored in your roaming profile. Each user gets their own copy of the help material... Of course good thing they got rid of customer input for product design and got rid of 'usability studies'... those things always caused problems. Like MS removing the start bar in Win8 cause users don't want it? Huh? or Cocacola switching to 'newCoke, then having to revert due to outcry...because Coke drinkers didn't want another pepsi knockoff. Baka! From robert at schetterer.org Mon Oct 31 22:19:15 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 21:19:15 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAEC5A5.9000807@rename-it.nl> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> <20111031100340.GJ1132@charite.de> <4EAE787F.1020808@schetterer.org> <4EAEC5A5.9000807@rename-it.nl> Message-ID: <4EAF02C3.2030002@schetterer.org> Am 31.10.2011 16:58, schrieb Stephan Bosch: > On 31-10-2011 11:29, Robert Schetterer wrote: >> hm, idea , any chance to feed sieve rules in a database backend or >> ldap etc >> so it would be part of backing up the db/dir service > > That is on the TODO list. However, this is not high-priority. sounds nice to me, thx > > Regards, > > Stephan. > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From jtam.home at gmail.com Sat Oct 1 01:29:05 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 30 Sep 2011 15:29:05 -0700 (PDT) Subject: [Dovecot] Error message in log In-Reply-To: References: Message-ID: On Fri, 30 Sep 2011, Knute Johnson wrote: > I'm getting the following message in my log; > > dovecot: IMAP(knute): > fchown(/home/knute/mail/.imap/INBOX/dovecot.index.tmp, -1, 8(mail)) > failed: Operation not permitted (egid=1000(knute), group based on > /var/mail/knute): 4 Time(s) > > I got these once before on the /var/mail/user files and changed the > permissions to 600. /home/knute/mail/.imap/INBOX is 770 and the index > files are 600. Is this a problem with the directory privilege? Probably. This was discussed a few times before. Check the mailing list archives. Dovecot tries to retain the same file access for the indices as the mailbox/message file it indexes; if the permissions allow access to the group, but the owner is not part of that group, then the dovecot process (which sets UID to the owner) cannot recreate the same permissions, hence the error. Either change the group ownership of "/var/mail/knute", put user "knute" in group "mail", or chmod it to 0600. The last one is probably the best solution. And fix the problem that created these permissions in the first place. Check your other users (if you have any) for the same situation. Joseph Tam From ejs at shubes.net Sat Oct 1 02:24:56 2011 From: ejs at shubes.net (Eric Shubert) Date: Fri, 30 Sep 2011 16:24:56 -0700 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: References: Message-ID: On 09/30/2011 12:59 PM, Eric Shubert wrote: > On 09/30/2011 09:07 AM, Eric Shubert wrote: >> >> CRAM-MD5 works sometimes: >> Sep 30 08:15:43 imap-login: Info: Login: user=, >> method=CRAM-MD5, rip=192.168.252.8, lip=192.168.252.14, mpid=20301 >> >> but (seemingly more frequently) the authentication fails: >> Sep 30 08:16:41 imap-login: Info: Aborted login (auth failed, 1 >> attempts): user=, method=CRAM-MD5, rip=192.168.252.8, >> lip=192.168.252.14 >> >> I restarted dovecot, and that apparently cleared the problem for one >> user, but not others. >> >> Is this perhaps a bug in dovecot, or would the problem lie with vpopmail? >> >> TIA for any pointers. >> > > FWIW, I tried digest-md5, and experience the same problem. > > Is it possible that passwords are being cached in such a way that > different login mechanisms cannot be used by different client programs > with the same user account? > My problem was indeed with the password caching. I changed cache_key=%u to cache_key=%u%r and that cleared things up. I expect that this is only a problem when different client programs use different login mechanisms, which was the case with this particular group of users. I didn't anticipate this behavior, but can live with it. A note about this in the documentation would be nice. I tried to create an account on the wiki for myself to update it, but that doesn't seem to be working presently. -- -Eric 'shubes' From tss at iki.fi Sat Oct 1 18:16:32 2011 From: tss at iki.fi (Timo Sirainen) Date: Sat, 01 Oct 2011 18:16:32 +0300 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: References: Message-ID: <1317482192.21919.47.camel@hurina> On Fri, 2011-09-30 at 16:24 -0700, Eric Shubert wrote: > >> CRAM-MD5 works sometimes: > >> Sep 30 08:15:43 imap-login: Info: Login: user=, > >> method=CRAM-MD5, rip=192.168.252.8, lip=192.168.252.14, mpid=20301 > >> > >> but (seemingly more frequently) the authentication fails: > >> Sep 30 08:16:41 imap-login: Info: Aborted login (auth failed, 1 > >> attempts): user=, method=CRAM-MD5, rip=192.168.252.8, > >> lip=192.168.252.14 > >> > My problem was indeed with the password caching. I changed > cache_key=%u > to > cache_key=%u%r > and that cleared things up. > > I expect that this is only a problem when different client programs use > different login mechanisms, which was the case with this particular > group of users. Auth mechanism shouldn't affect caching or vice versa. Maybe the %r just happens to work around the real problem, which might still be there but just less frequent.. Logs with auth_debug=yes could have been helpful in figuring this out. From tss at iki.fi Sat Oct 1 18:19:00 2011 From: tss at iki.fi (Timo Sirainen) Date: Sat, 01 Oct 2011 18:19:00 +0300 Subject: [Dovecot] FTS and compound searches In-Reply-To: <91489B71-0154-4DE8-9DD4-CA5354B9D8E8@net24.co.nz> References: <91489B71-0154-4DE8-9DD4-CA5354B9D8E8@net24.co.nz> Message-ID: <1317482340.21919.48.camel@hurina> On Thu, 2011-09-29 at 15:40 +1300, Nikolai Schupbach wrote: > >> New subscriber here. I noticed that the FTS index is not used in compound searches. > >> Is this expected? Tested in 2.0.0 and 2.0.8: > > > >Yep. It's been in TODO for a while. > > I know this thread is quite old, but we have the same issue with v2.0.14 and squat. Would this issue also affect the Solr FTS backend? It's fixed in v2.1 for all backends. From ejs at shubes.net Sun Oct 2 18:53:19 2011 From: ejs at shubes.net (Eric Shubert) Date: Sun, 02 Oct 2011 08:53:19 -0700 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: <1317482192.21919.47.camel@hurina> References: <1317482192.21919.47.camel@hurina> Message-ID: On 10/01/2011 08:16 AM, Timo Sirainen wrote: > On Fri, 2011-09-30 at 16:24 -0700, Eric Shubert wrote: >>>> CRAM-MD5 works sometimes: >>>> Sep 30 08:15:43 imap-login: Info: Login: user=, >>>> method=CRAM-MD5, rip=192.168.252.8, lip=192.168.252.14, mpid=20301 >>>> >>>> but (seemingly more frequently) the authentication fails: >>>> Sep 30 08:16:41 imap-login: Info: Aborted login (auth failed, 1 >>>> attempts): user=, method=CRAM-MD5, rip=192.168.252.8, >>>> lip=192.168.252.14 >>>> >> My problem was indeed with the password caching. I changed >> cache_key=%u >> to >> cache_key=%u%r >> and that cleared things up. >> >> I expect that this is only a problem when different client programs use >> different login mechanisms, which was the case with this particular >> group of users. > > Auth mechanism shouldn't affect caching or vice versa. Maybe the %r just > happens to work around the real problem, which might still be there but > just less frequent.. Logs with auth_debug=yes could have been helpful in > figuring this out. Ask and ye shall receive: Oct 02 08:21:03 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=192.168.6.14 rip=208.54.4.133 lport=143 rport=43401 resp= Oct 02 08:21:03 auth: Debug: cache(gary at domain.com,208.54.4.133): hit: user=gary at domain.com Oct 02 08:21:03 auth: Debug: client out: OK 1 user=gary at domain.com Oct 02 08:21:03 auth: Debug: master in: REQUEST 546963457 11596 1 9d5ae9a5778c4e1da32bfe9de1027163 Oct 02 08:21:03 auth: Debug: userdb-cache(gary at domain.com,208.54.4.133): hit: gary at domain.com uid=89 gid=89 home=/home/vpopmail/domains/domain.com/gary Oct 02 08:21:03 auth: Debug: master out: USER 546963457 gary at domain.com uid=89 gid=89 home=/home/vpopmail/domains/domain.com/gary Oct 02 08:21:03 imap-login: Info: Login: user=, method=PLAIN, rip=208.54.4.133, lip=192.168.6.14, mpid=11607, TLS Oct 02 08:21:05 auth: Debug: auth client connected (pid=11609) Oct 02 08:21:05 auth: Debug: client in: AUTH 1 CRAM-MD5 service=imap secured lip=192.168.6.14 rip=174.17.50.127 lport=993 rport=50696 Oct 02 08:21:05 auth: Debug: client out: CONT 1 PDU5NjE3NTM4NTk4OTA0MTIuMTMxNzU2ODg2NUB3b25nLnIzaW52ZXN0aWdhdGlvbnMuY29tPg== Oct 02 08:21:06 auth: Debug: client in: CONT Oct 02 08:21:06 auth: Debug: cache(teacher at domain2.com,174.17.50.127): miss Oct 02 08:21:06 auth: Debug: vpopmail(teacher at domain2.com,174.17.50.127): lookup user=teacher domain=domain2.com Oct 02 08:21:06 auth: Debug: client out: OK 1 user=teacher at domain2.com Oct 02 08:21:06 auth: Debug: master in: REQUEST 3916169217 11609 1 42c98a70d61d08e4b1440028faf5324a Oct 02 08:21:06 auth: Debug: userdb-cache(teacher at domain2.com,174.17.50.127): miss Oct 02 08:21:06 auth: Debug: vpopmail(teacher at domain2.com,174.17.50.127): lookup user=teacher domain=domain2.com Oct 02 08:21:06 auth: Debug: master out: USER 3916169217 teacher at domain2.com uid=89 gid=89 home=/home/vpopmail/domains/domain2.com/teacher Oct 02 08:21:06 imap-login: Info: Login: user=, method=CRAM-MD5, rip=174.17.50.127, lip=192.168.6.14, mpid=11612, TLS Oct 02 08:21:35 imap(gary at domain.com): Info: Disconnected: Logged out bytes=361/1161 Oct 02 08:21:40 auth: Debug: auth client connected (pid=11627) Oct 02 08:21:40 auth: Debug: client in: AUTH 1 DIGEST-MD5 service=imap lip=192.168.252.14 rip=192.168.252.8 lport=143 rport=41155 Oct 02 08:21:40 auth: Debug: client out: CONT 1 cmVhbG09IiIsbm9uY2U9InpkR3VZcFd0T25iUWpQM3hHOVloemc9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI= Oct 02 08:21:40 auth: Debug: client in: CONT Oct 02 08:21:40 auth: Debug: cache(gary at domain.com,192.168.252.8): hit: user=gary at domain.com Oct 02 08:21:40 auth: Info: password(gary at domain.com,192.168.252.8): Requested DIGEST-MD5 scheme, but we have only SHA1 Oct 02 08:21:42 auth: Debug: client out: FAIL 1 user=gary at domain.com Oct 02 08:21:42 imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=DIGEST-MD5, rip=192.168.252.8, lip=192.168.252.14 Oct 02 08:21:55 auth: Debug: auth client connected (pid=11629) Oct 02 08:21:55 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=192.168.6.14 rip=192.168.5.196 lport=993 rport=4605 resp= Oct 02 08:21:55 auth: Debug: cache(gary at domain.com,192.168.5.196): hit: user=gary at domain.com Oct 02 08:21:55 auth: Debug: client out: OK 1 user=gary at domain.com Oct 02 08:21:55 auth: Debug: master in: REQUEST 875167745 11629 1 126eea78f45a1270bea10f8f939545fa Oct 02 08:21:55 auth: Debug: userdb-cache(gary at domain.com,192.168.5.196): hit: gary at domain.com uid=89 gid=89 home=/home/vpopmail/domains/domain.com/gary Oct 02 08:21:55 auth: Debug: master out: USER 875167745 gary at domain.com uid=89 gid=89 home=/home/vpopmail/domains/domain.com/gary Oct 02 08:21:55 imap-login: Info: Login: user=, method=PLAIN, rip=192.168.5.196, lip=192.168.6.14, mpid=11630, TLS The user gary first connects using TMobile phone (208.54.4.133), then a subsequent attempt via Squirrelmail/webmail (192.168.252.8) fails. Outlook (192.168.5.196) is also in there. Outlook and TMobile both use PLAIN with TLS, and they get along fine. Squirrelmail doesn't presently support TLS, so needs to use cram-md5 or digest-md5, which fails with the cached entry from one of the other clients. Thank you so much for your terrific work with Dovecot, Timo. It is truly a premier piece of work. -- -Eric 'shubes' From tss at iki.fi Sun Oct 2 20:28:04 2011 From: tss at iki.fi (Timo Sirainen) Date: Sun, 02 Oct 2011 20:28:04 +0300 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: References: <1317482192.21919.47.camel@hurina> Message-ID: <1317576487.21919.50.camel@hurina> On Sun, 2011-10-02 at 08:53 -0700, Eric Shubert wrote: > > > Oct 02 08:21:40 auth: Info: password(gary at domain.com,192.168.252.8): > Requested DIGEST-MD5 scheme, but we have only SHA1 Oh. This was vpopmail specific problem. See if this fixes: http://hg.dovecot.org/dovecot-2.0/rev/dbd5f9ec38af From dlie76 at yahoo.com.au Mon Oct 3 05:15:01 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Sun, 2 Oct 2011 19:15:01 -0700 (PDT) Subject: [Dovecot] problem with getting outlook to work with IMAP server Message-ID: <1317608101.37488.YahooMailNeo@web113406.mail.gq1.yahoo.com> Hi, I am having difficulty in getting the outlook 2010 to connect to my server running on Ubuntu Server 10.04. I can login to Squirrelmail webmail, and am able to send & receive emails through squirrelmail with no problem whatsoever. However, this morning, I was trying to add a new account for the same user on Outlook 2010 and I got the following error from outlook as follows Send test e-mail message: Your outgoing (SMTP) e-mail server has reported an internal error. The server responded: 554 5.7.7 No Spoofing Allowed. I then, went to check /var/log/mail.log and I found the following Oct? 3 12:19:27 mymailServer dovecot: auth(default): ldap(sbernett,50.4.39.163): pass search: base=ou=accounts,dc=example,dc=com scope=subtree filter=(&(objectClass=posixAccount)(uid=sbernett)) fields=uid,userPassword,homeDirectory,uidNumber,gidNumber Oct? 3 12:19:27 mymailServer dovecot: auth(default): ldap(sbernett,50.4.39.163): result: uid(user)=sbernett uidNumber(userdb_uid)=106 gidNumber(userdb_gid)=106 userPassword(password)={CRYPT}xGHI86Ktls homeDirectory(userdb_home)=/home/vmail/sbernett Oct? 3 12:19:27 mymailServer dovecot: auth(default): client out: OK#0111#011user=sbernett Oct? 3 12:19:27 mymailServer dovecot: auth(default): master in: REQUEST#0114#0112686#0111 Oct? 3 12:19:27 mymailServer dovecot: auth(default): passwd(sbernett,50.4.39.163): lookup Oct? 3 12:19:27 mymailServer dovecot: auth(default): passwd(sbernett,50.4.39.163): unknown user Oct? 3 12:19:27 mymailServer dovecot: auth(default): master out: USER#0114#011sbernett#011uid=106#011gid=106#011home=/home/vmail/sbernett Oct? 3 12:19:27 mymailServer dovecot: imap-login: Login: user=, method=PLAIN, rip=50.4.39.163, lip=50.4.39.164 Oct? 3 12:19:27 mymailServer dovecot: IMAP(sbernett): Disconnected in IDLE bytes=9/292 Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: warning: No server certs available. TLS won't be enabled Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: connect from localhost[127.0.0.1] Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: 182292400AE: client=localhost[127.0.0.1] Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: lost connection after DATA (0 bytes) from localhost[127.0.0.1] Oct? 3 12:19:27 mymailServer postfix/smtpd[2766]: disconnect from localhost[127.0.0.1] Next, I tried to see if there are any the difference in the mail.log when logging into the squirrelmail (which is working for me) Oct? 3 12:31:32 mymailServer dovecot: auth(default): ldap(sbernett,127.0.0.1): pass search: base=ou=accounts,dc=example,dc=com scope=subtree filter=(&(objectClass=posixAccount)(uid=sbernett)) fields=uid,userPassword,homeDirectory,uidNumber,gidNumber Oct? 3 12:31:32 mymailServer dovecot: auth(default): ldap(sbernett,127.0.0.1): result: uid(user)=sbernett uidNumber(userdb_uid)=106 gidNumber(userdb_gid)=106 userPassword(password)={CRYPT}xGHI86Ktls homeDirectory(userdb_home)=/home/vmail/sbernett Oct? 3 12:31:32 mymailServer dovecot: auth(default): client out: OK#0111#011user=sbernett Oct? 3 12:31:32 mymailServer dovecot: auth(default): master in: REQUEST#0114#0112485#0111 Oct? 3 12:31:32 mymailServer dovecot: auth(default): passwd(sbernett,127.0.0.1): lookup Oct? 3 12:31:32 mymailServer dovecot: auth(default): passwd(sbernett,127.0.0.1): unknown user Oct? 3 12:31:32 mymailServer dovecot: auth(default): master out: USER#0114#011sbernett#011uid=1004#011gid=1004#011home=/home/vmail/sbernett Oct? 3 12:31:32 mymailServer dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured The only thing I noticed different between the two is the IP addresses in rip and lip. Is there a way to tell the IMAP server to allow the remote IP addresses to connect. Here is my dovecot.conf # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-34-generic-pae i686 Ubuntu 10.04.3 LTS ext4 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap listen: *:143 ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login verbose_proctitle: yes first_valid_uid: 106 last_valid_uid: 1000 mail_privileged_group: mail mail_location: maildir:/home/vmail/%u/Maildir mbox_write_locks: fcntl dotlock mail_plugins: quota imap_quota imap_client_workarounds: delay-newmail outlook-idle netscape-eoh lda: ? postmaster_address: postmaster at mailtest.dyndns-free.com ? mail_plugins: quota ? sendmail_path: /usr/lib/sendmail ? rejection_reason: Your message to <%t> was automatically rejected:%n%r ? auth_socket_path: /var/run/dovecot-auth-master auth default: ? mechanisms: plain login ? username_format: %Lu ? verbose: yes ? debug: yes ? debug_passwords: yes ? passdb: ??? driver: pam ? passdb: ??? driver: ldap ??? args: /etc/dovecot/dovecot-ldap.conf ? userdb: ??? driver: passwd ? userdb: ??? driver: static ??? args: uid=106 gid=106 home=/home/vmail/%u allow_all_users=yes ? socket: ??? type: listen ??? client: ????? path: /var/spool/postfix/private/auth ????? mode: 432 ????? user: postfix ????? group: mail ??? master: ????? path: /var/run/dovecot-auth-master ????? mode: 432 ????? user: vmail ????? group: vmail plugin: ? quota: maildir ? quota_rule: *:storage=3GB ? quota_rule2: Trash:storage=20%% ? quota_rule3: Spam:storage=10%% ? quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95 ? quota_warning2: storage=80%% /usr/local/bin/quota-warning.sh 80 Here is my postfix.cf myhostname = mymailserver mydomain = example.com mydestination = localhost.$mydomain,localhost,$mydomain,$myhostname local_recipient_maps = ldap:/etc/postfix/ldap-user-auth.cf virtual_transport = dovecot virtual_mailbox_domains = vexample.com virtual_mailbox_base = /home/vmail virtual_mailbox_maps = hash:/etc/postfix/virtual_mailboxes virtual_minimum_uid = 100 virtual_uid_maps = static:106 virtual_gid_maps = static:106 relayhost = mynetworks = 127.0.0.0/8, 192.168.1.0/24, 50.4.39.163, 50.4.39.164 mynetworks_style = subnet mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = ipv4 mail_spool_directory = /var/spool/mail smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanomymous smtpd_tls_auth_only = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_sender_login_mismatch smtpd_sasl_local_domain = vexample.com dovecot_destination_recipient_limit = 1 Any help would be greatly appreciated. Thank you From ffiore at babel.it Mon Oct 3 11:53:03 2011 From: ffiore at babel.it (Francesco Fiore) Date: Mon, 03 Oct 2011 10:53:03 +0200 Subject: [Dovecot] Timeout leak in get quota In-Reply-To: <4E846D31.6010900@gmail.com> References: <4E846D31.6010900@gmail.com> Message-ID: <4E8977EF.80107@babel.it> Hi! I've the same problem. I use the same input string inside a Java standalone application. The request would appear correct and I receive always a correct response but Dovecot print the same warning into the log... My Dovecot version is 2.0.13. Thanks in advance for any help! Francesco On 29/09/11 15:05, Danilo wrote: > Hello! > I wrote perl script for read current quota usage, it works but when I run the > program I receive a warning in Dovecot log: > > 2011-09-29 14:45:30 doveadm(guest at testmail.com): Warning: Timeout leak: > 0x7f14800ad970 > > This is the script: > =============================== > #!/usr/bin/perl > > use strict; > use Socket; > use IO::Handle; > > socket(TSOCK, PF_UNIX, SOCK_STREAM,0); > connect(TSOCK, sockaddr_un("/var/run/dovecot/doveadm-server")) or print("ERROR!"); > > print "VERSION\tdoveadm-server\t1\t0\n"; > print "\tguest\@testmail.com\tquota get\n"; > print "=" x 20 . "\n"; > > if (defined(my $messg = )) { > > print $messg; > > print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; > TSOCK->flush; > > print TSOCK "\tguest\@testmail.com\tquota get\n"; > TSOCK->flush; > > $messg = ; > print $messg; > > $messg = ; > print $messg; > > close TSOCK; > } > ============================= > I hope someone could help me to fix the warning. > Thanks in advance, > Dany -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 554 bytes Desc: OpenPGP digital signature URL: From andrew.hearn at aa.net.uk Mon Oct 3 13:35:51 2011 From: andrew.hearn at aa.net.uk (Andrew Hearn) Date: Mon, 03 Oct 2011 11:35:51 +0100 Subject: [Dovecot] 1.2.17 Program terminated with signal 11, Segmentation fault. Message-ID: <4E899007.7080603@aa.net.uk> Hello, We've had seg faults a couple of times a day on our servers, we upgraded to 1.2.17 and still have them. running a coredump through dbg says: Reading symbols from /usr/local/libexec/dovecot/imap-login...done. [New Thread 27962] Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff083f4000 Core was generated by `imap-login -D'. Program terminated with signal 11, Segmentation fault. #0 0x000000000041388b in io_file_unlink (_io=, closed=true) at ioloop.c:70 70 if (io->next != NULL) dovecot -n is at http://pastebin.ca/SQjrseJD (pass timo) Linux 2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:13:52 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux We use NFS for mail store, and ramdisk for dovecot indexes. We do run the mail_log plugin. Let me know if you need any more info though. -- Andrew Hearn. AAISP Technical Support Team Leader Tel: 03333 400999 From f.bonnet at esiee.fr Mon Oct 3 14:52:07 2011 From: f.bonnet at esiee.fr (Frank Bonnet) Date: Mon, 03 Oct 2011 13:52:07 +0200 Subject: [Dovecot] clarifications on shared mailboxes Message-ID: <4E89A1E7.8090301@esiee.fr> Hello I need some clarifications on shared mailboxes. Actually we use MBOX format with "real" unix users , but I've been asked to create some shared mailboxes for some users who need to have some for their working groups. What would be the best way to create those shared mailboxes ? Would it be possible to create some "shared space" on the server in maildir format to get advantage of the last seen flag ? If yes some config examples would be a great help. See attach the doveconf -n output ( certificates names have been obscured ;-) ) Thank you. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: doveconf.txt URL: From rventura at h-st.com Mon Oct 3 17:29:39 2011 From: rventura at h-st.com (Romer Ventura) Date: Mon, 3 Oct 2011 09:29:39 -0500 Subject: [Dovecot] Multiple LDAP authentication servers Message-ID: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> Hello, We are performing a Domain migration and I was wondering if there was any way to get Dovecot to authenticate to more than 1 LDAP server? Currently dovecot is configure to query the "mail" attribute from Active Directory and when found it binds with the credentials the user provided. This works fine, but when migrating user accounts, they get disabled in the source domain so that the user can no longer log on to it. But disabling the account in the source domain, causes the user to be unable to use his email account. Is there any way to get dovecot to try a second LDAP server if the first one fails to authenticate..? ~# dovecot -n # 1.2.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.29-xs5.5.0.15 i686 Debian 5.0.4 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps imap ssl_cert_file: /etc/ssl/certs/smtpd.crt ssl_key_file: /etc/ssl/private/smtpd.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_user: postfix mail_privileged_group: mail mail_uid: vmail mail_gid: vmail mail_location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir mbox_write_locks: fcntl dotlock imap_client_workarounds: delay-newmail outlook-idle netscape-eoh lda: postmaster_address: postmaster at h-st.com auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver-info.log auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth-client mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail Thanks -------- Romer Ventura From joseba.torre at ehu.es Mon Oct 3 18:22:11 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 3 Oct 2011 17:22:11 +0200 Subject: [Dovecot] Multiple LDAP authentication servers In-Reply-To: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> References: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> Message-ID: <201110031722.11749.joseba.torre@ehu.es> On Lunes 03 Octubre 2011 16:29:39 Romer Ventura escribi?: > Is there any way to get dovecot to try a second LDAP server if the first > one fails to authenticate..? Sure; just add a second passdb (maybe you also need a second userdb) pointing to the other server. Something like passdb ldap { args = /usr/local/etc/AD.conf } passdb ldap { args = /usr/local/etc/second.conf } HTH -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From rventura at h-st.com Mon Oct 3 18:27:44 2011 From: rventura at h-st.com (Romer Ventura) Date: Mon, 3 Oct 2011 10:27:44 -0500 Subject: [Dovecot] Multiple LDAP authentication servers In-Reply-To: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> References: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> Message-ID: <0e3001cc81e0$ff7ad840$fe7088c0$@h-st.com> -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Romer Ventura Sent: Monday, October 03, 2011 9:30 AM To: dovecot at dovecot.org Subject: [Dovecot] Multiple LDAP authentication servers Hello, We are performing a Domain migration and I was wondering if there was any way to get Dovecot to authenticate to more than 1 LDAP server? Currently dovecot is configure to query the "mail" attribute from Active Directory and when found it binds with the credentials the user provided. This works fine, but when migrating user accounts, they get disabled in the source domain so that the user can no longer log on to it. But disabling the account in the source domain, causes the user to be unable to use his email account. Is there any way to get dovecot to try a second LDAP server if the first one fails to authenticate..? ~# dovecot -n # 1.2.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.29-xs5.5.0.15 i686 Debian 5.0.4 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps imap ssl_cert_file: /etc/ssl/certs/smtpd.crt ssl_key_file: /etc/ssl/private/smtpd.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_user: postfix mail_privileged_group: mail mail_uid: vmail mail_gid: vmail mail_location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir mbox_write_locks: fcntl dotlock imap_client_workarounds: delay-newmail outlook-idle netscape-eoh lda: postmaster_address: postmaster at h-st.com auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver-info.log auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth-client mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail ************************************************** Also I forgot to mention that these are different domains, we are not authenticating to DOMAIN-AAA.COM and we would like to authenticate to DOMAIN-BBB.LAN while still allowing authentication to DOMAIN-AAA.COM. The Base DNs and domains are different. Possible? Thanks From rventura at h-st.com Mon Oct 3 18:34:47 2011 From: rventura at h-st.com (Romer Ventura) Date: Mon, 3 Oct 2011 10:34:47 -0500 Subject: [Dovecot] Multiple LDAP authentication servers In-Reply-To: <201110031722.11749.joseba.torre@ehu.es> References: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> <201110031722.11749.joseba.torre@ehu.es> Message-ID: <0e3201cc81e1$fb9ee120$f2dca360$@h-st.com> So you are saying I can define multiple passdb and userdb, each pointing to a different ldap config file? Thanks -------- Romer Ventura -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Joseba Torre Sent: Monday, October 03, 2011 10:22 AM To: dovecot at dovecot.org Subject: Re: [Dovecot] Multiple LDAP authentication servers On Lunes 03 Octubre 2011 16:29:39 Romer Ventura escribi?: > Is there any way to get dovecot to try a second LDAP server if the > first one fails to authenticate..? Sure; just add a second passdb (maybe you also need a second userdb) pointing to the other server. Something like passdb ldap { args = /usr/local/etc/AD.conf } passdb ldap { args = /usr/local/etc/second.conf } HTH -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From joseba.torre at ehu.es Mon Oct 3 18:50:36 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 3 Oct 2011 17:50:36 +0200 Subject: [Dovecot] Multiple LDAP authentication servers In-Reply-To: <0e3201cc81e1$fb9ee120$f2dca360$@h-st.com> References: <0e0501cc81d8$e28640b0$a792c210$@h-st.com> <201110031722.11749.joseba.torre@ehu.es> <0e3201cc81e1$fb9ee120$f2dca360$@h-st.com> Message-ID: <201110031750.36470.joseba.torre@ehu.es> On Lunes 03 Octubre 2011 17:34:47 Romer Ventura escribi?: > So you are saying I can define multiple passdb and userdb, each pointing to > a different ldap config file? That's it. You may define as many as you need, and each one is independent. If the 1st one fails dovecot will try the 2nd one, then the 3rd one and so on. -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From ejs at shubes.net Mon Oct 3 19:55:40 2011 From: ejs at shubes.net (Eric Shubert) Date: Mon, 03 Oct 2011 09:55:40 -0700 Subject: [Dovecot] SOLVED Intermittent authentication failures In-Reply-To: <1317576487.21919.50.camel@hurina> References: <1317482192.21919.47.camel@hurina> <1317576487.21919.50.camel@hurina> Message-ID: On 10/02/2011 10:28 AM, Timo Sirainen wrote: > On Sun, 2011-10-02 at 08:53 -0700, Eric Shubert wrote: >> >> >> Oct 02 08:21:40 auth: Info: password(gary at domain.com,192.168.252.8): >> Requested DIGEST-MD5 scheme, but we have only SHA1 > > Oh. This was vpopmail specific problem. See if this fixes: > http://hg.dovecot.org/dovecot-2.0/rev/dbd5f9ec38af > > > Thanks Timo. Two things. First, I don't think this is a comprehensive fix covering all situations, though I could be wrong. One problem with it is that if the password is changed and the plaintext client isn't active, one would need to wait for the cached plaintext record to expire before being able to log in with an encoded password. Another problem might be if there are two separate clients, one using digest-md5 and another using cram-md5, I think the second one used would still fail. No? I'm not sure how best to handle any combination of clients and authentication mechanisms, so I'll leave the solution to your design. Second and perhaps more importantly, it occurred to me that simply using %u as the cache key might be a significant security hole. If passwords are cached using only the user account, what's to prevent someone else, using another client with the same authentication mechanism at a different IP address, from gaining access to an account that's cached? Perhaps I'm not understanding this right, but I think that using %u%r as the cache key closes this hole, and should probably be recommended in the documentation. I could (as always) be totally off base on this, so please explain if I'm misunderstanding something. Thanks again, Timo. Great work on dovecot. -- -Eric 'shubes' From jtam.home at gmail.com Tue Oct 4 03:05:32 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 3 Oct 2011 17:05:32 -0700 (PDT) Subject: [Dovecot] SSL only for external connections In-Reply-To: References: Message-ID: On Sun, 2 Oct 2011, Simon Brereton writes: > I don't have that file. Part of the problem is that I'm confused > between protocols and wrappers and interfaces :) Dick and Michael have > persuaded me that it's just easier to for Horde not to ask for TLS on > port 143 - because that's in fact what I was doing - and it's > pointless. > > Nonetheless, I think it would be nice to tell Dovecot listen on the > local interface for IMAP. Listen on the external interface for IMAP, > IMAPS, POP and POP3S. But if there's not simple way to do that I don't > have a valid use-case for doing it right now. I got into this thread rather late so maybe I missed something here. If you have different policies for your interface, you can run two different instances of dovecot (with 2 different base directories and sets of configuration files). I haven't tried it, but maybe it's also possible have interface specific CAPA strings and remove STARTTLS. Dovecot will support unencrypted sessions over the localhost interface, but your webmail seems to opportunistcally use it when offered, so don't offer it. Joseph Tam From terryjames9461 at mm.st Tue Oct 4 08:24:54 2011 From: terryjames9461 at mm.st (terryjames9461 at mm.st) Date: Mon, 03 Oct 2011 22:24:54 -0700 Subject: [Dovecot] What best decision to make for flatfiles or SQL when I use Dovecot2 + Postfix together? In-Reply-To: References: <1317138678.29156.140258148311993@webmail.messagingengine.com><4E8207F5.2070105@whyscream.net><1317160829.10644.140258148445373@webmail.messagingengine.com><20110927180632.Horde.jPUpZZLnE6FOgkjoSa5RRHA@kishi.patrickdk.com><1317161652.13631.140258148451673@webmail.messagingengine.com> Message-ID: <1317705894.27535.140258150723349@webmail.messagingengine.com> Thanks to all for the instructions. I am working on the flatfile approach and making good progress. I also set up some test MySQL options and they work too. So I have the future plans already in my hand! TJ From jeetendra.p at directi.com Tue Oct 4 10:39:37 2011 From: jeetendra.p at directi.com (Jeetu) Date: Tue, 04 Oct 2011 13:09:37 +0530 Subject: [Dovecot] Missing man page for doveadm move In-Reply-To: <4E8227FA.8030608@localhost.localdomain.org> References: <4E7B5389.7050907@directi.com> <4E8227FA.8030608@localhost.localdomain.org> Message-ID: <4E8AB839.4060109@directi.com> Thanks pascal. On 28/09/11 1:16 AM, Pascal Volk wrote: > On 09/22/2011 05:26 PM Jeetu wrote: >> Hi, >> >> i cant see man pages for doveadm-move, though the command "doveadm move >> ..." works on new version of dovecot. > There is the manual page: > http://hg.dovecot.org/dovecot-2.0/rev/c194c76b98ff also available in the > wiki: http://wiki2.dovecot.org/Tools/Doveadm/Move > > > Regards, > Pascal -- -Jeetu ------------------ Powered by BigRock From linuxmail at 4lin.net Tue Oct 4 10:41:49 2011 From: linuxmail at 4lin.net (Denny Schierz) Date: Tue, 04 Oct 2011 09:41:49 +0200 Subject: [Dovecot] sieve vacation reply In-Reply-To: <4E383E9F.5020503@zero-spam.fr> References: <4DD29C5D.4070405@cimr.cam.ac.uk> <4E37CF9D.2010209@zero-spam.fr> <4E37D891.1010103@rename-it.nl> <4E37F106.2050500@zero-spam.fr> <4E3804C7.1030503@rename-it.nl> <4E381F8C.5010702@rename-it.nl> <4E383E9F.5020503@zero-spam.fr> Message-ID: <1317714109.29009.51.camel@pcdenny> Am Dienstag, den 02.08.2011, 20:14 +0200 schrieb St?phane Wartel: > Hi Stephan, > > Yep, after some tests you 're right, it's not possible. > So, I use :addresses in sieve script and will try -a or -r arguments in > LDA command from postfix with the next release. did you get it working with -a or -r ? cu denny -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: From urushkin at telros.ru Tue Oct 4 12:01:36 2011 From: urushkin at telros.ru (Sergey Urushkin) Date: Tue, 04 Oct 2011 13:01:36 +0400 Subject: [Dovecot] GSSAPI and deny=yes passdb Message-ID: <4E8ACB70.7060004@telros.ru> Hi. Is it possible to use GSSAPI authentication and deny passdb together? Seems it doesn't work as I expect: GSSAPI doesn't check deny passdb, so I'm not able to restrict access to GSSAPI-users. I can see these in logs when user tries to connect with PLAIN authentication (via pam_krb5): Oct 4 11:14:31 vm03 auth: Debug: passwd-file(testuser,172.17.0.123): lookup: user=testuser file=/etc/dovecot/auth.d/.passwd-deny Oct 4 11:14:31 vm03 dovecot: auth: passdb(tesetuser,172.17.0.123): User found from deny passdb But that's what I see if user logs in with GSSAPI: ... Oct 4 11:21:38 vm03 dovecot: auth: Debug: gssapi(testuser at REALM.LAN,172.17.0.123): Negotiated security layer Oct 4 11:21:38 vm03 dovecot: auth: Debug: client out: CONT#0111#011BQQF/wAMAAAAAAAAKSUwaQH///+3JRmZMw01WMX+CHM= Oct 4 11:21:38 vm03 dovecot: auth: Debug: client in: CONT Oct 4 11:21:38 vm03 dovecot: auth: Debug: client out: OK#0111#011user=testuser Oct 4 11:21:38 vm03 dovecot: auth: Debug: passwd-file(testuser,172.17.0.123): lookup: user=testuser file=/etc/dovecot/auth.d/.passwd-ldap Oct 4 11:21:38 vm03 dovecot: auth: Debug: master out: USER#0111632763905#011testuser#011home=/var/mail/realm.lan/testuser Oct 4 11:21:38 vm03 dovecot: imap-login: Login: user=, method=GSSAPI, rip=172.17.0.123, lip=172.25.0.35, mpid=1085 Here is my auth configuration: auth_mechanisms = plain login apop gssapi # Kerberos auth_realms = REALM.LAN auth_gssapi_hostname = vm03.realm.lan auth_krb5_keytab = /etc/dovecot/dovecot.keytab ###### # PASSDB # Denied users passdb { driver = passwd-file deny = yes args = username_format=%n /etc/dovecot/auth.d/%d.passwd-deny } # Internal manual passwd-file passdb { driver = passwd-file args = scheme=CRAM-MD5 username_format=%n /etc/dovecot/auth.d/%d.passwd # override_fields = allow_nets=127.0.0.0/8,172.16.0.0/12 } # External passwd-file passdb { driver = passwd-file args = scheme=CRAM-MD5 username_format=%n /etc/dovecot/auth.d/%d.passwd-ext } # Internal kerberos pam passdb { driver = pam args = max_requests=100 cache_key=%u%r dovecot # override_fields = allow_nets=127.0.0.0/8,172.16.0.0/12 } ###### #USERDB # Manual passwd-file userdb { driver = passwd-file args = username_format=%n /etc/dovecot/auth.d/%d.passwd # default_fields = home=/var/mail/%d/%n } # External passwd-file userdb { driver = passwd-file args = username_format=%n /etc/dovecot/auth.d/%d.passwd-ext # default_fields = home=/var/mail/%d/%n } # Automatic passwd-file, imported from LDAP. UserDB only userdb { driver = passwd-file args = username_format=%n /etc/dovecot/auth.d/%d.passwd-ldap # default_fields = home=/var/mail/%d/%n } ### END #### /etc/dovecot/auth.d/realm.lan.passwd-ldap: testuser:::::/var/mail/realm.lan/testuser:: testuser2:::::/var/mail/realm.lan/testuser:: ... /etc/dovecot/auth.d/realm.lan.passwd-deny: testuser /etc/dovecot/auth.d/realm.lan.passwd* are symlinked to /etc/dovecot/auth.d/.passwd* to allow users without domain part (auth_default_realm doesnt work with pam) I know that in my case I can just exclude denied users from .passwd-ldap file, and even use .passwd-deny as filter file:) But problem exists and should be solved, I think. Thanks. -- Best regards, Sergey Urushkin From jtl+dovecot at uvm.edu Tue Oct 4 20:31:44 2011 From: jtl+dovecot at uvm.edu (Jim Lawson) Date: Tue, 04 Oct 2011 13:31:44 -0400 Subject: [Dovecot] trouble setting up director, "invalid argument" for connect() call Message-ID: <4E8B4300.4060004@uvm.edu> Hi Timo & everyone, I'm trying out a 2-node director setup, but I keep getting the following error: Oct 3 16:11:29 imapdir1 dovecot: master: Dovecot v2.0.15 starting up (core dumps disabled) Oct 3 16:11:34 imapdir1 dovecot: director: Error: connect(132.198.100.150:9090) failed: Invalid argument Oct 3 16:11:41 imapdir1 last message repeated 3 times Both nodes report this error. The director on each node is listening on port 9090 just fine: > [root at imapdir1 ~]# nc imapdir2 9090 > VERSION director 1 0 > ME 127.0.0.1 9090 > [root at imapdir2 ~]# nc imapdir1 9090 > VERSION director 1 0 > ME 127.0.0.1 9090 "doveadm director ring status" always reports failure of the peer: > [root at imapdir1 ~]# doveadm director ring status > director ip port type last > failed > 127.0.0.1 9090 self > never > 132.198.100.150 9090 2011-10-04 > 13:28:55 > [root at imapdir2 ~]# doveadm director ring status > director ip port type last > failed > 127.0.0.1 9090 self > never > 132.198.100.149 9090 2011-10-04 > 13:24:08 Has anyone else seen this? FWIW, a single-node director works fine, proxying IMAP, LMTP and POP. I'm guessing I have a broken config, but if I do I can't figure it out. Hope I'm not missing something *too* obvious... Here's doveconf -n from imapdir1: # 2.0.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-274.3.1.el5 x86_64 Red Hat Enterprise Linux Server release 5.7 (Tikanga) base_dir = /var/run/dovecot/ director_mail_servers = penguina.uvm.edu penguinb.uvm.edu penguinc.uvm.edu director_servers = imapdir1.uvm.edu imapdir2.uvm.edu lmtp_proxy = yes login_trusted_networks = 132.198.101.211,132.198.101.212,132.198.101.213,132.198.101.214,132.198.101.215,132.198.101.216,132.198.100.45,132.198.100.46,132.198.100.47 passdb { args = proxy=y nopassword=y protocol=smtp driver = static } service auth { unix_listener auth-userdb { group = mail mode = 0660 user = dovecot } } service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { port = 9090 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director } service lmtp { client_limit = 1 inet_listener lmtp { port = 24 } unix_listener /var/lib/dovecot/lmtp-socket { group = root mode = 0600 user = root } } Best, Jim From listas.correo at yahoo.es Wed Oct 5 18:49:03 2011 From: listas.correo at yahoo.es (mailing lists) Date: Wed, 5 Oct 2011 16:49:03 +0100 (BST) Subject: [Dovecot] doveadm(user001): Fatal: passdb lookup failed Message-ID: <1317829743.39291.YahooMailNeo@web29105.mail.ird.yahoo.com> Hello all, why I can run whis command: imap1:~ # doveadm user user001 userdb: user001 ? mail????? : maildir:/var/maildir/vol04/4/46/user001 ? home????? : /var/mailfilter/vol04/4/46/user001 ? quota_rule: *:bytes=100000000 but not this one: imap1:~ # doveadm quota get -u user001 doveadm(user001): Error: user user001: Auth PASS lookup failed doveadm(user001): Fatal: passdb lookup failed what I'm missing ? ??? /-------------------/ imap1:/etc/dovecot # grep ^[^#] dovecot-ldap.conf.ext uris = ldap://ldap.example.com dn = cn=admin,dc=example,dc=com dnpass = secret sasl_bind = no tls = no auth_bind = yes ldap_version = 3 base = dc=example,dc=com deref = never scope = subtree user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home,mailQuota=quota_rule=*:bytes=%$ user_filter = (&(objectClass=CourierMailAccount)(uid=%n)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=CourierMailAccount)(uid=%n)) iterate_filter = (objectClass=CourierMailAccount) imap1:/etc/dovecot # dovecot -n # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.34.7-0.7-xen x86_64 openSUSE 11.3 (x86_64) auth_debug = yes auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no doveadm_proxy_port = 24244 doveadm_socket_path = localhost:24244 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_debug = yes mail_fsync = always mail_gid = 5000 mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = acl quota notify quota = maildir:User Quota quota_exceeded_message = Quota exceded quota_rule2 = Trash:storage=+50M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=90%% quota-warning 90 %u mail_uid = 5000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mmap_disable = yes namespace { ? inbox = yes ? list = yes ? location = ? prefix = ? separator = . ? subscriptions = yes } namespace { ? hidden = yes ? inbox = no ? list = no ? location = ? prefix = INBOX. ? separator = . ? subscriptions = no } namespace { ? list = children ? location = maildir:/var/virtual-maildir/%%n:INDEX=~/shared.%%n ? prefix = shared.%%n. ? separator = . ? subscriptions = no ? type = shared } passdb { ? args = /etc/dovecot/dovecot-ldap.conf.ext ? driver = ldap } plugin { ? acl = vfile ? acl_shared_dict = file:/var/maildir/shared-mailboxes ? mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append ? mail_log_fields = uid box msgid from subject size vsize flags ? mail_plugins = " mail_log notify" ? sieve = ~/.dovecot.sieve ? sieve_dir = ~/sieve } postmaster_address = nonresponse at example.com service auth { ? unix_listener auth-userdb { ??? group = vmail ??? mode = 0600 ??? user = vmail ? } } service dict { ? unix_listener dict { ??? group = vmail ??? mode = 0600 ??? user = vmail ? } } service doveadm { ? inet_listener { ??? port = 24244 ? } } service imap { ? process_limit = 1024 } service lmtp { ? inet_listener lmtp { ??? port = 24 ? } ? unix_listener lmtp { ??? group = vmail ??? mode = 0666 ??? user = vmail ? } } service pop3-login { ? inet_listener pop3 { ??? port = 110 ? } } service pop3 { ? process_limit = 1024 } service quota-warning { ? executable = script /etc/dovecot/quota-warning.sh ? user = vmail } ssl = no userdb { ? args = /etc/dovecot/dovecot-ldap.conf.ext ? driver = ldap } verbose_proctitle = yes protocol lmtp { ? mail_plugins = acl quota notify sieve } protocol lda { ? mail_plugins = acl quota notify sieve } protocol imap { ? mail_max_userip_connections = 100 ? mail_plugins = acl quota notify imap_acl autocreate imap_quota } protocol pop3 { ? pop3_uidl_format = %v-%u } local 100.1.245.101/28/28 { ? doveadm_password = secret } From pbrechler at mac.com Wed Oct 5 19:11:25 2011 From: pbrechler at mac.com (Philip Brechler) Date: Wed, 05 Oct 2011 18:11:25 +0200 Subject: [Dovecot] Dovecot + managesieve + ldap not working Message-ID: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> Hi, I want to use managesieve in my dovecot server which uses virtual users and a ldap for the users. This is in my dovecot.conf: # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 3.0.0-x86_64-jb1 x86_64 Debian 6.0.1 ext3 log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot-info.log log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps managesieve listen(default): * listen(imap): * listen(managesieve): *:2000 disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_uid: 5000 mail_gid: 5000 mail_location: maildir:/var/mail/%u/Maildir mail_debug: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve lda: postmaster_address: pbrechler at piratenfraktion-berlin.de mail_plugins: sieve mail_plugin_dir: /usr/lib/dovecot/modules/lda auth default: mechanisms: plain login verbose: yes debug: yes passdb: driver: pam passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: sieve_dir: /var/mail/sievescript/%u_scripts/ sieve_extensions: +imapflags And my ldap conf: hosts = ldap.piratenfraktion-berlin.de auth_bind = yes auth_bind_userdn = uid=%u,ou=people,dc=domain,dc=de ldap_version = 3 base = dc=domaindc=de deref = never scope = subtree user_attrs = uid=mail=maildir:/var/mail/%$/Maildir/ user_filter = (|(&(objectClass=organizationalPerson)(uid=%Ln))(&(objectClass=organizationalPerson)(mail=%Lu))) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=organizationalPerson)(uid=%u)) If I try to talk to managesieve with telnet this happens: Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "dovecot" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator- i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags" "SASL" "PLAIN LOGIN" "STARTTLS" "NOTIFY" "mailto" "VERSION" "1.0" OK "Dovecot ready." # ca. 2 Seconds pause AUTHENTICATE "PLAIN" "xxxxxxxxxxxxx" BYE "Internal error occured. Refer to server log for more information. [2011-10-02 00:48:09]" Connection closed by foreign host. Dies is a log reading 2011-10-02 00:48:09 MANAGESIEVE(user): Fatal: Failed to create sieve storage with data: /var/mail/sievescript/user_scripts But the permissions are 775 dovecot:dovecot and the system tells me that dovecot was the last user who had access to the directory. Can someone help me? Thanks! kind regards Philip Brechler -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4755 bytes Desc: not available URL: From stephan at rename-it.nl Wed Oct 5 22:04:31 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 05 Oct 2011 21:04:31 +0200 Subject: [Dovecot] Dovecot + managesieve + ldap not working In-Reply-To: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> References: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> Message-ID: <4E8CAA3F.6010405@rename-it.nl> On 10/5/2011 6:11 PM, Philip Brechler wrote: > I want to use managesieve in my dovecot server which uses virtual users and a ldap for the users. This is in my dovecot.conf: > > # 1.2.15: /etc/dovecot/dovecot.conf [...] > mail_location: maildir:/var/mail/%u/Maildir > mail_debug: yes [...] > plugin: > sieve_dir: /var/mail/sievescript/%u_scripts/ [...] > If I try to talk to managesieve with telnet this happens: > > BYE "Internal error occured. Refer to server log for more information. [2011-10-02 00:48:09]" > Connection closed by foreign host. > > Dies is a log reading > > 2011-10-02 00:48:09 MANAGESIEVE(user): Fatal: Failed to create sieve storage with data: /var/mail/sievescript/user_scripts > > But the permissions are 775 dovecot:dovecot and the system tells me that dovecot was the last user who had access to the directory. I'd expect to see more errors and debug messages preceding the log line above. Looking at your config, I suspect your problem has something to do with the fact that you provide no 'home' directory for your users. The default location of the active sieve script (as configured with sieve=) is ~/.dovecot.sieve. You don't override this, so this is what you are now using. Since no home directory is defined, ~/ cannot be substituted, causing this failure (there must be an error about this in your logs somewhere). You can do something analogous to your sieve_dir setting and use % variable substitution in your sieve= setting. Still, having no home directory for your users is a bad idea. Read the wiki for more information: http://wiki2.dovecot.org/VirtualUsers/Home Also read this carefully: http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Configuration Regards, Stephan. From pbrechler at mac.com Wed Oct 5 22:20:41 2011 From: pbrechler at mac.com (Philip Brechler) Date: Wed, 05 Oct 2011 21:20:41 +0200 Subject: [Dovecot] Dovecot + managesieve + ldap not working In-Reply-To: <4E8CAA3F.6010405@rename-it.nl> References: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> <4E8CAA3F.6010405@rename-it.nl> Message-ID: <1F1F4640-2532-40EF-A06C-B3D881F9C3A5@mac.com> Am 05.10.2011 um 21:04 schrieb Stephan Bosch: > On 10/5/2011 6:11 PM, Philip Brechler wrote: > > I'd expect to see more errors and debug messages preceding the log line above. > > Looking at your config, I suspect your problem has something to do with the fact that you provide no 'home' directory for your users. The default location of the active sieve script (as configured with sieve=) is ~/.dovecot.sieve. You don't override this, so this is what you are now using. Since no home directory is defined, ~/ cannot be substituted, causing this failure (there must be an error about this in your logs somewhere). You can do something analogous to your sieve_dir setting and use % variable substitution in your sieve= setting. Still, having no home directory for your users is a bad idea. Read the wiki for more information: > > http://wiki2.dovecot.org/VirtualUsers/Home > > Also read this carefully: > > http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Configuration > Hi, thanks for your fast response I added a sieve= Option and now I get this log reading until it fails with the same error massage in telnet Info: client out: OK 1 user=user 2011-10-05 21:15:53 auth(default): Info: master in: REQUEST 3 12101 1 2011-10-05 21:15:53 auth(default): Info: ldap(user,127.0.0.1): user search: base=dc=piratenfraktion-berlin,dc=de scope=subtree filter=(|(&(objectClass=organizationalPerson)(uid=user))(&(objectClass=organizationalPerson)(mail=user))) fields=uid 2011-10-05 21:15:53 auth(default): Info: ldap(user,127.0.0.1): result: uid(mail=maildir:/var/mail/%$/Maildir/)=maildir:/var/mail/user/Maildir/ 2011-10-05 21:15:53 auth(default): Info: master out: USER 3 user mail=maildir:/var/mail/user/Maildir/ 2011-10-05 21:15:53 managesieve-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured 2011-10-05 21:15:53 MANAGESIEVE(user): Info: Effective uid=5000, gid=5000, home=(none) 2011-10-05 21:15:53 MANAGESIEVE(user): Info: sieve-storage: using active sieve script path: /var/var/mail/sievescript/user_scripts/.dovecot.sieve 2011-10-05 21:15:53 MANAGESIEVE(user): Info: sieve-storage: using sieve script storage directory: /var/mail/sievescript/user_scripts/ That's it no more errors or anything. thanks. Philip -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4755 bytes Desc: not available URL: From stephan at rename-it.nl Wed Oct 5 22:46:37 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 05 Oct 2011 21:46:37 +0200 Subject: [Dovecot] Dovecot + managesieve + ldap not working In-Reply-To: <1F1F4640-2532-40EF-A06C-B3D881F9C3A5@mac.com> References: <808F9C6C-CF5D-4F21-B70D-4AF0769DCC71@mac.com> <4E8CAA3F.6010405@rename-it.nl> <1F1F4640-2532-40EF-A06C-B3D881F9C3A5@mac.com> Message-ID: <4E8CB41D.5010007@rename-it.nl> On 10/5/2011 9:20 PM, Philip Brechler wrote: > Am 05.10.2011 um 21:04 schrieb Stephan Bosch: > >> On 10/5/2011 6:11 PM, Philip Brechler wrote: >> >> I'd expect to see more errors and debug messages preceding the log line above. >> >> Looking at your config, I suspect your problem has something to do with the fact that you provide no 'home' directory for your users. The default location of the active sieve script (as configured with sieve=) is ~/.dovecot.sieve. You don't override this, so this is what you are now using. Since no home directory is defined, ~/ cannot be substituted, causing this failure (there must be an error about this in your logs somewhere). You can do something analogous to your sieve_dir setting and use % variable substitution in your sieve= setting. Still, having no home directory for your users is a bad idea. Read the wiki for more information: >> >> http://wiki2.dovecot.org/VirtualUsers/Home >> >> Also read this carefully: >> >> http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Configuration >> > Hi, > thanks for your fast response I added a sieve= Option and now I get this log reading until it fails with the same error massage in telnet > > Info: client out: OK 1 user=user > 2011-10-05 21:15:53 auth(default): Info: master in: REQUEST 3 12101 1 > 2011-10-05 21:15:53 auth(default): Info: ldap(user,127.0.0.1): user search: base=dc=piratenfraktion-berlin,dc=de scope=subtree filter=(|(&(objectClass=organizationalPerson)(uid=user))(&(objectClass=organizationalPerson)(mail=user))) fields=uid > 2011-10-05 21:15:53 auth(default): Info: ldap(user,127.0.0.1): result: uid(mail=maildir:/var/mail/%$/Maildir/)=maildir:/var/mail/user/Maildir/ > 2011-10-05 21:15:53 auth(default): Info: master out: USER 3 user mail=maildir:/var/mail/user/Maildir/ > 2011-10-05 21:15:53 managesieve-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured > 2011-10-05 21:15:53 MANAGESIEVE(user): Info: Effective uid=5000, gid=5000, home=(none) > 2011-10-05 21:15:53 MANAGESIEVE(user): Info: sieve-storage: using active sieve script path: /var/var/mail/sievescript/user_scripts/.dovecot.sieve > 2011-10-05 21:15:53 MANAGESIEVE(user): Info: sieve-storage: using sieve script storage directory: /var/mail/sievescript/user_scripts/ > > That's it no more errors or anything. In fact, I see no errors at all. That is not possible if you get that same critical error in telnet. I would also expect the following additional debug message: MANAGESIEVE(user): Info: sieve-storage: relative path to sieve storage in active link: ... Or an error aboutsieve_storage_verify_dir() failing. I'm not sure what is going on at your end. Make sure you are checking the correct log file: the BYE error in telnet has a time stamp that matches the line in your log file. Two additional things I notice: - You still don't return a home directory from your userdb. - You placed the active sieve script link (.dovecot.sieve) inside your sieve_dir directory (/var/mail/sievescript/user_scripts/). That is not recommended. I would recommend something like the following: sieve_dir=/var/mail/sievescript/%u/scripts/ sieve=/var/mail/sievescript/%u/.dovecot.sieve Regards, Stephan. From jtl+dovecot at uvm.edu Wed Oct 5 23:31:15 2011 From: jtl+dovecot at uvm.edu (Jim Lawson) Date: Wed, 05 Oct 2011 16:31:15 -0400 Subject: [Dovecot] trouble setting up director, "invalid argument" for connect() call [SOLVED] In-Reply-To: <4E8B4300.4060004@uvm.edu> References: <4E8B4300.4060004@uvm.edu> Message-ID: <4E8CBE93.4030603@uvm.edu> On 10/4/11 13:31 , Jim Lawson wrote: > Hi Timo & everyone, > > I'm trying out a 2-node director setup, but I keep getting the following > error: > > Oct 3 16:11:29 imapdir1 dovecot: master: Dovecot v2.0.15 starting up > (core dumps disabled) > Oct 3 16:11:34 imapdir1 dovecot: director: Error: > connect(132.198.100.150:9090) failed: Invalid argument > Oct 3 16:11:41 imapdir1 last message repeated 3 times I was specifying DNS names in director_servers (imapdir1.uvm.edu, imapdir2.uvm.edu). /etc/hosts listed 127.0.0.1 as the address for the local host name (in addition to "localhost"). This can happen on some RHEL installs that begin their life as DHCP clients. So when the director tried to figure out its self_ip, it always picked 127.0.0.1. Calling connect() using a localhost socket with a non-local address as destination just doesn't work so well, I guess. Seeing 127.0.0.1 as "self" in "doveadm director ring status" should have been a clue, but I hadn't seen the output before to have anything to compare it to. 2 easy fixes: specify real IP addresses in the director_servers config, or don't list 127.0.0.1 as your local hostname in /etc/hosts. Jim From mephistopheles at operamail.com Thu Oct 6 00:49:59 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Wed, 05 Oct 2011 14:49:59 -0700 Subject: [Dovecot] Only using LMTP-delivery, where should domain & user aliases be configured, Dovecot or MTA conf? Message-ID: <1317851399.18827.140258151483397@webmail.messagingengine.com> I have my MTA (Postfix) check Dovecot2 LMTP for existing users. No other delivery is done; this is a virtual/LMTP-only setup. I define known users in a Dovecot passwd-file, specified in conf.d/10-auth.conf passdb { args = ... username_format=%n /stor01/vmail/auth.d/%d/passwd e.g., vi /stor01/vmail/auth.d/mx1.domain1.com/passwd myuser:{scheme}####:... mail to: myuser at mx1.domain1.com is correctly auth'd and stored. I want two things to happen: (1) all mail to existing-users "@domain1.com" gets re-routed to "@mx1.domain1.com", i.e., map: myuser at domain1.com -> myuser at mx1.domain1.com and is accepted/not-rejected ONLY if 'myuser' is defined as a user in mx1.domain1.com/passwd and, (2) specific 'user' aliasing/remapping within a given domain, i.e. map: whatever at mx1.domain1.com -> myuser at mx1.domain1.com as long as 'myuser' is a defined user in mx1.domain1.com In these cases, where should I assign domain & mail aliases, Dovecot or the MTA's conf ? From charleschat at hotmail.com Thu Oct 6 02:11:31 2011 From: charleschat at hotmail.com (Ed Hochman) Date: Wed, 5 Oct 2011 19:11:31 -0400 Subject: [Dovecot] I'm the ONLY user that can get mail Message-ID: Hi, I'm stumped. I can access the postfix server to read my mail. BUT I'm the only user that can. Everyone else get rejected. Here's the syslog entry for another user: ...dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=192.168.0.51, lip=192.168.0.189 And here's an entry for me: ...dovecot: pop3-login: Login: user=, method=PLAIN, rip=192.168.0.51, lip=192.168.0.189 So ONLY I am able to get my mail. And this is consistent. The other users and passwords are valid. I've re-set them just to be sure. I suspect it's a rights issue but I've checked the rights for all /var/mail files and they're all the same except the owner of the file is the actual owner. I also checked all the rights for the files in /etc/dovecot. They all look OK and they all have root/root for the owner and user. Since I installed the system and did all the editing of the configuration files it's possible, but unlikely, that I'm the owner or group of some key file. I've looked for that but found nothing suspicious. Is it possible I may have given myself root access? I don't see how. My UID is 1000. Does the fact I'm the first user (per my UID) make a difference? I would think not. So I'm stumped. I don't have a clue as to where to look or what to do next. Any thoughts will be greatly appreciated. This is Dovecot 1.2.15 on Ubuntu 11.04. A new/clean install. Plaintext passwords are allowed. Here's dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 protocols: pop3 disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/pop3-login mail_privileged_group: mail mbox_write_locks: fcntl dotlock mail_executable: /usr/lib/dovecot/pop3 mail_plugin_dir: /usr/lib/dovecot/modules/pop3 auth default: passdb: driver: passwd passdb: driver: passwd-file args: /etc/passwd.dovecot userdb: driver: passwd Thanks From mimo at gn.apc.org Thu Oct 6 14:42:48 2011 From: mimo at gn.apc.org (Michael Moritz) Date: Thu, 6 Oct 2011 12:42:48 +0100 Subject: [Dovecot] too many open files and v1.2 Message-ID: <201110061242.48615.mimo@gn.apc.org> Hi I've found an older thread http://www.dovecot.org/list/dovecot/2010-March/047886.html which mentions that this is a bug in version 1. I'm on Debian squeeze (1:1.2.15-7) and got errors like these recently Oct 5 11:29:29 mail dovecot: dovecot: pipe() failed: Too many open files Oct 5 11:29:32 mail dovecot: dovecot: pipe() failed: Too many open files Oct 5 11:29:32 mail dovecot: dovecot: Temporary failure in creating login processes, slowing down for now As a work around I've increased login_max_processes_count from 256 to 512 and it seems to have helped (as I suspected stale opened files). My colleague thinks it's hitting the kernel open file limit ulimit -n (currently at 1024) but I don't see how that could happen if the number of process is nowhere near that. Any ideas? Thanks, Michael From dmiller at amfes.com Thu Oct 6 18:38:21 2011 From: dmiller at amfes.com (Daniel L. Miller) Date: Thu, 06 Oct 2011 08:38:21 -0700 Subject: [Dovecot] Group ACL Message-ID: Using Dovecot 2.0, LDAP userdb & passdb, with prefetch: hosts = myhost.mydomain dn = cn=x,cn=y dnpass = xyz123 auth_bind = yes auth_bind_userdn = uid=%n,ou=users,dc=x ldap_version = 3 base = ou=Users, dc=x user_attrs = =home=/var/mail/%d/%n, \ =mail=mdbox:/var/mail/%d/%n/mdbox, \ =uid=vmail, \ =gid=mail user_filter = (&(objectClass=inetOrgPerson)(mail=%u)) pass_attrs = mail=user, \ userPassword=password, \ =userdb_home=/var/mail/%d/%n, \ =userdb_mail=mdbox:/var/mail/%d/%n/mdbox, \ =userdb_uid=vmail, \ =userdb_gid=mail, \ =userdb_acl_groups='allshared' pass_filter = (&(objectClass=inetOrgPerson)(mail=%u)) iterate_attrs = mail=user iterate_filter = (&(objectClass=inetOrgPerson)(mail=*)) default_pass_scheme = plain I have added permissions for "$allshared" to a mailbox's Inbox. It does not appear in the shared folders list. Other mailboxes, with explicit permission for a given username, work fine. What am I doing wrong? -- Daniel From micah at riseup.net Thu Oct 6 20:22:29 2011 From: micah at riseup.net (Micah Anderson) Date: Thu, 06 Oct 2011 13:22:29 -0400 Subject: [Dovecot] dsync with quotas References: <8762kozbzo.fsf@algae.riseup.net> Message-ID: <87mxderq5m.fsf@algae.riseup.net> Micah Anderson writes: > I have been working on converting people from courier maildir -> dovecot > mdbox and during some of the dsync runs I'm seeing the > quota_exceeded_message be printed as an Error: > > dsync(): Error: Can't save message to mailbox INBOX: You are over quota. To avoid losing mail, immediately empty your Trash and Sent folders and \ > delete emails with large attachments. > dsync(): Info: INBOX: Couldn't keep all uids^M > > Its possible the user was over quota on the originating courier side, > but I would still like to migrate their mail proprely to mdbox, but it > seems like being over quota is inhibiting that. Are the quota > calculations including both the maildir files as well as the converted > mdbox files, resulting in a double counting? > > I'm not entirely sure if the messages above indicate that the migration > failed for that user or not, so I've been manually increasing their > quota, then redoing the dsync mirror until it works properly. > > I wonder if it would be better if I turned off quota entirely during > migration so I don't run into this problem? Sorry to 'bump' this subject, but I'm still confused about this issue and nobody replied, perhaps nobody has any ideas? :) micah From micah at riseup.net Fri Oct 7 00:23:50 2011 From: micah at riseup.net (Micah Anderson) Date: Thu, 06 Oct 2011 17:23:50 -0400 Subject: [Dovecot] doveadm mailbox subscribe wildcard Message-ID: <87aa9dstjt.fsf@algae.riseup.net> Hi, I noticed that wildcards work like the following, as described in the man page: # doveadm mailbox list -s -u bob dovecot* dovecot dovecot/pigeonhole dovecot/pigeonhole/2.0 however, wildcard subscriptions don't work: # doveadm mailbox subscribe -u bob dovecot* # doveadm mailbox list -s -u bob dovecot* dovecot dovecot* dovecot/pigeonhole dovecot/pigeonhole/2.0 It seems I subscribed the non-existant mailbox called 'dovecot*' -- is there a better way to handle this? thanks! micah -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From user+dovecot at localhost.localdomain.org Fri Oct 7 01:02:35 2011 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Fri, 07 Oct 2011 00:02:35 +0200 Subject: [Dovecot] doveadm mailbox subscribe wildcard In-Reply-To: <87aa9dstjt.fsf@algae.riseup.net> References: <87aa9dstjt.fsf@algae.riseup.net> Message-ID: <4E8E257B.7000303@localhost.localdomain.org> On 10/06/2011 11:23 PM Micah Anderson wrote: > > Hi, > > I noticed that wildcards work like the following, as described in the > man page: > > # doveadm mailbox list -s -u bob dovecot* > dovecot > dovecot/pigeonhole > dovecot/pigeonhole/2.0 > > however, wildcard subscriptions don't work: Why should it work? Where is 'wildcard subscribing' documented? > # doveadm mailbox subscribe -u bob dovecot* > > # doveadm mailbox list -s -u bob dovecot* > dovecot > dovecot* > dovecot/pigeonhole > dovecot/pigeonhole/2.0 > > It seems I subscribed the non-existant mailbox called 'dovecot*' -- is > there a better way to handle this? for box in `doveadm mailbox list dovecot\*` do doveadm mailbox subscribe $box done Regards, Pascal -- The trapper recommends today: defaced.1127923 at localdomain.org From tgoguen at ilap.com Fri Oct 7 04:14:54 2011 From: tgoguen at ilap.com (Tristan Goguen) Date: Thu, 6 Oct 2011 21:14:54 -0400 Subject: [Dovecot] Using dsync to synchronize pop3 mailbox <-> pop3 mailbox Message-ID: Hi All, We're trying to get dsync to synchronize pop3 mailboxes on multiple servers. Is this possible? Any hints are appreciated. Thanks, Tristan Tristan Goguen CEO, ILAP? T: 416-250-5600 ext. 205 F: 416-250-6755 tgoguen at ilap.com www.ilap.com From alec at alec.pl Fri Oct 7 10:02:52 2011 From: alec at alec.pl (A.L.E.C) Date: Fri, 07 Oct 2011 09:02:52 +0200 Subject: [Dovecot] doveadm mailbox subscribe wildcard In-Reply-To: <87aa9dstjt.fsf@algae.riseup.net> References: <87aa9dstjt.fsf@algae.riseup.net> Message-ID: <4E8EA41C.8020908@alec.pl> On 2011-10-06 23:23, Micah Anderson wrote: > # doveadm mailbox list -s -u bob dovecot* # doveadm mailbox > subscribe -u bob dovecot* RFC3501. Wildcards are allowed only in LIST/LSUB commands. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl From mdunlap at mail.breakawaysystems.com Thu Oct 6 22:52:22 2011 From: mdunlap at mail.breakawaysystems.com (mdunlap) Date: Thu, 06 Oct 2011 14:52:22 -0500 Subject: [Dovecot] I'm the ONLY user that can get mail In-Reply-To: References: Message-ID: <854c1fcf23fc6676c7eb8f23574f328d@mail.breakawaysystems.com> So youre sure the mail isn't being delivered to the users maildir? but you just can't access it with IMAP. You can test authentication if using saslauthd by typing 'sudo testsaslauthd -u username -p password -s smtp'. Just some thoughts. On Wed, 5 Oct 2011 19:11:31 -0400, Ed Hochman wrote: > Hi, > > > > I'm stumped. I can access the postfix server to read my mail. > > > > BUT I'm the only user that can. > > > > Everyone else get rejected. > > > > Here's the syslog entry for another user: > > ...dovecot: pop3-login: Disconnected (auth failed, 1 attempts): > user=, method=PLAIN, rip=192.168.0.51, lip=192.168.0.189 > > > > And here's an entry for me: > > ...dovecot: pop3-login: Login: user=, method=PLAIN, > rip=192.168.0.51, lip=192.168.0.189 > > > > So ONLY I am able to get my mail. And this is consistent. > > > > The other users and passwords are valid. I've re-set them just to be > sure. > > > > I suspect it's a rights issue but I've checked the rights for all > /var/mail files and they're all the same except the owner of the file > is > the actual owner. > > > > I also checked all the rights for the files in /etc/dovecot. They > all > look OK and they all have root/root for the owner and user. > > > > Since I installed the system and did all the editing of the > configuration files it's possible, but unlikely, that I'm the owner > or > group of some key file. I've looked for that but found nothing > suspicious. > > > > Is it possible I may have given myself root access? I don't see how. > My UID is 1000. Does the fact I'm the first user (per my UID) make a > difference? I would think not. > > > > So I'm stumped. I don't have a clue as to where to look or what to > do next. > > > > Any thoughts will be greatly appreciated. > > > > This is Dovecot 1.2.15 on Ubuntu 11.04. A new/clean install. > > Plaintext passwords are allowed. > > Here's dovecot -n > # 1.2.15: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 > protocols: pop3 > disable_plaintext_auth: no > login_dir: /var/run/dovecot/login > login_executable: /usr/lib/dovecot/pop3-login > mail_privileged_group: mail > mbox_write_locks: fcntl dotlock > mail_executable: /usr/lib/dovecot/pop3 > mail_plugin_dir: /usr/lib/dovecot/modules/pop3 > auth default: > passdb: > driver: passwd > passdb: > driver: passwd-file > args: /etc/passwd.dovecot > userdb: > driver: passwd > > > > > > Thanks From micah at riseup.net Fri Oct 7 18:09:21 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 07 Oct 2011 11:09:21 -0400 Subject: [Dovecot] Safely restoring backups Message-ID: <87sjn4rg7y.fsf@algae.riseup.net> I'm trying to determine what the best way to restore mail with mdbox is. Restoring using maildir was trivial, I just used rsync --ignore-existing which wrote any mails that were removed and didn't touch things that already existed[1]. With mdbox things have become more complicated, and I haven't found a way to restore mail that doesn't result in many message duplicates. My backup setup is simple, I'm doing daily rsync backups of user's mailstores, as well as weekly backups, so I end up having on my backup server daily.1, daily.2, daily.3, daily.4, weekly.1, weekly.2... each containing the entire contents of the user's mdbox. The different restore methods I've tried are: 1. I tried rsyncing the different backup directories back to the mail storage host, and then doing: 'dsync -R backup -u $user mdbox:/path/to/to/daily.1/mdbox'[2] 'dsync -R backup -u $user mdbox:/path/to/to/daily.2/mdbox' This works ok, but it gives duplicates of every mail that already exists for every daily/weekly I dsync. This is what the rsync --ignore-existing avoided. This is particularly annoying if I restore the weekly, and multiple daily directories, because then you get a copy for every one you restore. I had thought that the individual message's GIDs would keep them from being duplicated? 2. I also tried to use 'doveadm import' in two different ways. The first way I created a 'restored_from_backups' folder and then import each of the daily.#, weekly.# mdboxes into their own subfolder within that folder, for example: 'doveadm import -u $username mdbox:/path/to/daily.1/mdbox restored_from_backups/daily1 all' 'doveadm import -u $username mdbox:/path/to/daily.2/mdbox restored_from_backups/daily2 all' ... etc. I then go through and subscribe the new folders[3] and the user ends up with a folder structure like this: restored_from_backups/ daily.1/ INBOX Trash folder1 folder2 daily.2 INBOX Trash folder1 folder2 etc. This works fine, except that it results in the user having a entire duplicate copies of their mailbox for each daily/weekly that I restore. That will quickly bring people over quota. 3. I also tried to use 'doveadm import' to import all the different directories all into the same restored_from_backups directory, so there are no subdirectories for each daily/weekly under restored_from_backups, like so: 'doveadm mailbox create -u $user -s restored_from_backups' 'doveadm -v -D import -u $user mdbox:/path/to/daily.1/mdbox restored_from_backups all' I then go through and subscribe the folders[3]. Using this method, the 'restored_from_backups' mailbox is created, and populated with the folders. The only problem with this method is the same as method #1: for every backup I restore, mails are duplicated. Is there a way I can restore things from backup and avoid duplicates? Is there another method I should try? thanks for any ideas, pointers, suggestions for improvement, etc. micah 1. this would of course bring back mails that were deleted, but that was fine as the user could deal with that. 2. yes, I know I could setup dsync on the backup server, and use dsync directly to pull the mails from there, but this is complicated in my situation due to how the backupserver works. 3. why doesn't doveadm import have a -s option to subscribe? -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From micah at riseup.net Fri Oct 7 18:30:05 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 07 Oct 2011 11:30:05 -0400 Subject: [Dovecot] doveadm mailbox subscribe wildcard References: <87aa9dstjt.fsf@algae.riseup.net> <4E8EA41C.8020908@alec.pl> Message-ID: <87obxsrf9e.fsf@algae.riseup.net> "A.L.E.C" writes: > On 2011-10-06 23:23, Micah Anderson wrote: >> # doveadm mailbox list -s -u bob dovecot* # doveadm mailbox >> subscribe -u bob dovecot* > > RFC3501. Wildcards are allowed only in LIST/LSUB commands. Aha, thanks! I'll use the for loop method to achieve what I want. micah -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From micah at riseup.net Fri Oct 7 18:34:03 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 07 Oct 2011 11:34:03 -0400 Subject: [Dovecot] doveadm mailbox list shows file system directories as mailboxes References: <20110922115223.73054v8up83ej0wg@webmail.hrz.uni-giessen.de> Message-ID: <87hb3krf2s.fsf@algae.riseup.net> J?rgen Obermann writes: > Hello. > In our dovecvot we use mbox format with the default filesystem layout. > Therefore it is not possible to have mailboxes which are subfolders of other > mailboxes containing messages. > The command "doveadm mailbox list" includes the file system directories, that > contain only subfolders, as normal mailboxes in the output: > > archiv > archiv/daemon > archiv/dovecot Did you perhaps do a 'doveadm mailbox subscribe' with a wildcard and the shell expanded it? micah From micah at riseup.net Fri Oct 7 19:43:15 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 07 Oct 2011 12:43:15 -0400 Subject: [Dovecot] lazy expunge namespaces Message-ID: <87d3e8rbvg.fsf@algae.riseup.net> I turned on lazy_expunge and configured a namespace following the wiki[0] instructions for mdbox configuration: namespace { inbox = yes location = prefix = separator = . } namespace { hidden = yes inbox = no list = no location = prefix = INBOX. separator = . } namespace { location = mdbox:~/mdbox:MAILBOXDIR=expunged prefix = EXPUNGED. separator = . } This created an EXPUNGED mailbox in my client (thunderbird), which was greyed out. When I deleted things, they got put in the EXPUNGED mailbox, as expected, but I could not access them to try and "restore" them. The server would say that the mailbox did not exist. micah 0. http://wiki2.dovecot.org/Plugins/Lazyexpunge -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From mephistopheles at operamail.com Fri Oct 7 21:43:26 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Fri, 07 Oct 2011 11:43:26 -0700 Subject: [Dovecot] Syntax to specify sdbox: mail_location path? Message-ID: <1318013006.28193.140258152251553@webmail.messagingengine.com> I'm implementing sdbox. In conf.d/10-mail.conf, with "maildir:" mail_location = maildir:/my_mailbox_path/%d/%n mail gets stored in /my_mailbox_path/%d/%n/new/ With "sdbox:" mail_location = sdbox:/my_mailbox_path/%d/%n mail gets stored in /my_mailbox_path/%d/%n/mailboxes/INBOX/dbox-Mails. How do I get rid of the '/mailboxes/' and '/dbox-Mails/' path components so sdbox stores in: /my_mailbox_path/%d/%n/INBOX @ wiki2.dovecot.org/MailboxFormat/dbox#Alternate_storage points out that 'ALT=' can change the *lookup* location, and messages can be *moved* to ALT storage using 'doveadm altmove'. Unclear what TAGS are available/used for 'sdbox'. From dmiller at amfes.com Sat Oct 8 09:08:34 2011 From: dmiller at amfes.com (Daniel L. Miller) Date: Fri, 07 Oct 2011 23:08:34 -0700 Subject: [Dovecot] Group ACL In-Reply-To: <4E8DCB6D.5060404@amfes.com> References: <4E8DCB6D.5060404@amfes.com> Message-ID: On 10/6/2011 8:38 AM, Daniel L. Miller wrote: > Using Dovecot 2.0, LDAP userdb & passdb, with prefetch: > > [..] > > I have added permissions for "$allshared" to a mailbox's Inbox. It > does not appear in the shared folders list. Other mailboxes, with > explicit permission for a given username, work fine. What am I doing > wrong? > Am I, as usual, doing something wrong? -- Daniel From koshikov at gmail.com Sat Oct 8 16:09:38 2011 From: koshikov at gmail.com (Nikita Koshikov) Date: Sat, 8 Oct 2011 16:09:38 +0300 Subject: [Dovecot] Timeout leak in get quota In-Reply-To: <4E846D31.6010900@gmail.com> References: <4E846D31.6010900@gmail.com> Message-ID: <20111008160938.3dcd2aaa@jimbo> On Thu, 29 Sep 2011 15:05:53 +0200 Danilo wrote: > Hello! > I wrote perl script for read current quota usage, it works but when I run the > program I receive a warning in Dovecot log: > > 2011-09-29 14:45:30 doveadm(guest at testmail.com): Warning: Timeout leak: > 0x7f14800ad970 > > This is the script: > =============================== > #!/usr/bin/perl > > use strict; > use Socket; > use IO::Handle; > > socket(TSOCK, PF_UNIX, SOCK_STREAM,0); > connect(TSOCK, sockaddr_un("/var/run/dovecot/doveadm-server")) or print("ERROR!"); > > print "VERSION\tdoveadm-server\t1\t0\n"; > print "\tguest\@testmail.com\tquota get\n"; > print "=" x 20 . "\n"; > > if (defined(my $messg = )) { > > print $messg; > > print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; > TSOCK->flush; > > print TSOCK "\tguest\@testmail.com\tquota get\n"; > TSOCK->flush; > > $messg = ; > print $messg; > > $messg = ; > print $messg; > > close TSOCK; > } > ============================= > I hope someone could help me to fix the warning. > Thanks in advance, > Dany I'm using doveadm socket too for getting quota values. No warning. The main difference from yours script that I'm also using auth: print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; print TSOCK "PLAIN\tbase64_encoded_pass_here\n"; print TSOCK "\t$local_part\@$domain\tquota get\n"; TSOCK->flush; Dovecot version 2.0.15 From m.fresel at hi-competence.eu Sun Oct 9 17:21:41 2011 From: m.fresel at hi-competence.eu (Fresel Michal - hi competence e.U.) Date: Sun, 9 Oct 2011 16:21:41 +0200 Subject: [Dovecot] using ecc-certificates (ellyptic curve) will not establish connection Message-ID: <392E878E-4AF2-4E8F-8CF5-CAC5F1A5B4BF@hi-competence.eu> hi I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :( I tried to test using following scenario: machine: debian 6 (x64) dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing) creating keys+cert for ecc (i.e. curves prime192v1, secp521r1) # openssl ecparam -name prime192v1 -genkey -out prime192v1.key # openssl req -new -key prime192v1.key -out prime192v1.csr # openssl req -x509 -in prime192v1.csr -key prime192v1.key -out prime192v1.crt testing these in 2 windows # openssl s_server -cert prime192v1.crt -key prime192v1.key -www # openssl s_client note: when using the default openssl version 0.9.8o-4squeeze3 you need to append -cipher ECCdraft output (cut) ... New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES256-SHA Server public key is 192 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : SSLv3 Cipher : ECDHE-ECDSA-AES256-SHA Session-ID: xxxxx Session-ID-ctx: Master-Key: xxxxx Key-Arg : None PSK identity: None PSK identity hint: None Compression: 1 (zlib compression) Start Time: xxxxx Timeout : 7200 (sec) Verify return code: 18 (self signed certificate) looks promising - also for the secp521r1 curve but when changing dovecot.conf to use these keys and certificates it won't use them and return errors # openssl s_client -port 993 CONNECTED(00000003) 140543456835240:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1195:SSL alert number 40 140543456835240:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:591: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None Start Time: xxxxx Timeout : 7200 (sec) Verify return code: 0 (ok) --- and the log gives (using verbose_ssl = yes in dovecot.conf) ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] ==> /var/log/mail.log <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher ==> /var/log/mail.info <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher ==> /var/log/mail.warn <== dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] from doveconf -a: ssl = required ssl_ca = ssl_cert = Reading the wiki page for dovecot2 and LDA/Postfix, the system users section (all mail delivery goes to system users)... It shows you can simply use postfix mailbox_command. There is this additional comment: "This command doesn't do a userdb lookup. If you want that (e.g. for per-user quota lookups) you need to add -d "$USER" parameter." So, i added that. Once adding it, I find I get an error: dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied Using mailbox_command in Postfix means that dovecot-lda is running as the system user getting the mail. Which means it can't access the socket file. Of course, one can simply use mode 666 on it, but, then people can use it to find out information according to the doc, which I do not want. So, I am not sure why the doc says to add -d for per user quotas, without also mentioning the problem with doing that. I don't see how it can work? Assuming I need per user quotas, and I don't want to use LMTP, is there a good way around this without the security issue? ? Steve From compconsultant at yahoo.com Sun Oct 9 22:28:06 2011 From: compconsultant at yahoo.com (Steve Fatula) Date: Sun, 9 Oct 2011 12:28:06 -0700 (PDT) Subject: [Dovecot] Filesystem quotas Message-ID: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> I am wondering if I really need to use dovecot quota functions or not. Assume for the moment, that, each system user has a quota defined using Linux quotas, and that the Maildir is within their quota limited directory. So, any mail (or files created by the user etc) that would exceed the quota obviously can't be created.? In such an environment, is there any advantage to implementing the same quota already defined in the filesystem via dovecot? Or, can I just make things simpler and ignore dovecot quotas? Assuming I keep the index and control files out of the quota limited directories. I presume if exceeding filesystem quota, the mail will not be delivered of course. If using lmtp, I presume it stays in the queue to retry later for some period of time. ? Steve From ecasarero at gmail.com Sun Oct 9 22:37:33 2011 From: ecasarero at gmail.com (Eduardo Casarero) Date: Sun, 9 Oct 2011 16:37:33 -0300 Subject: [Dovecot] Filesystem quotas In-Reply-To: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> References: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> Message-ID: 2011/10/9 Steve Fatula > I am wondering if I really need to use dovecot quota functions or not. > Assume for the moment, that, each system user has a quota defined using > Linux quotas, and that the Maildir is within their quota limited directory. > So, any mail (or files created by the user etc) that would exceed the quota > obviously can't be created. > > In such an environment, is there any advantage to implementing the same > quota already defined in the filesystem via dovecot? Or, can I just make > things simpler and ignore dovecot quotas? Assuming I keep the index and > control files out of the quota limited directories. > > I presume if exceeding filesystem quota, the mail will not be delivered of > course. If using lmtp, I presume it stays in the queue to retry later for > some period of time. > > Steve > But if you dont use quotas how do you know if the user is out of space? Or does the user gets a notification that it's running out of space, before you start rejecting emails? Eduardo. From compconsultant at yahoo.com Mon Oct 10 01:44:34 2011 From: compconsultant at yahoo.com (Steve Fatula) Date: Sun, 9 Oct 2011 15:44:34 -0700 (PDT) Subject: [Dovecot] Filesystem quotas In-Reply-To: References: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> Message-ID: <1318200274.80363.YahooMailNeo@web39421.mail.mud.yahoo.com> >From:Eduardo Casarero >To:Steve Fatula >Cc:Dovecot List >Sent:Sunday, October 9, 2011 2:37 PM >Subject:Re: [Dovecot] Filesystem quotas > > >But if you dont use quotas how do you know if the user is out of space? Or does the user gets a notification that it's running out of space, before you start rejecting emails? How do I know, or, how does the user know? I couldn't care less, so, not an issue for me. The user gets notification when their used space is above a certain percent. These are system users, so, email is just one part of their quota space. They might have 1 email, and build a massive file, they'd still be out of space.? So, what do I get by using the Dovecot Quota/FS plugin? Is it just a matter of it counting used space? Something else? Better handling of out of space? From a.chapellon at horoa.net Mon Oct 10 02:18:13 2011 From: a.chapellon at horoa.net (Alexandre Chapellon) Date: Mon, 10 Oct 2011 01:18:13 +0200 Subject: [Dovecot] Filesystem quotas In-Reply-To: <1318200274.80363.YahooMailNeo@web39421.mail.mud.yahoo.com> References: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> <1318200274.80363.YahooMailNeo@web39421.mail.mud.yahoo.com> Message-ID: <4E922BB5.6070500@horoa.net> I think by using dovecot quota you can exclude some directories from the quota (e.g: spam or Trahs or whatever you like). More specificly it is better using dovecot quota as it will allow LDA to report quota exceeded in NDR . If using filesystem quota, I guess you'll send ugly messages reporting IO error or enability too write file, which is really not serious. regards. Le 10/10/2011 00:44, Steve Fatula a ?crit : >> From:Eduardo Casarero >> To:Steve Fatula >> Cc:Dovecot List >> Sent:Sunday, October 9, 2011 2:37 PM >> Subject:Re: [Dovecot] Filesystem quotas >> >> >> But if you dont use quotas how do you know if the user is out of space? Or does the user gets a notification that it's running out of space, before you start rejecting emails? > How do I know, or, how does the user know? I couldn't care less, so, not an issue for me. The user gets notification when their used space is above a certain percent. These are system users, so, email is just one part of their quota space. They might have 1 email, and build a massive file, they'd still be out of space. > > So, what do I get by using the Dovecot Quota/FS plugin? Is it just a matter of it counting used space? Something else? Better handling of out of space? -- Alexandre Chapellon Ing?nierie des syst?mes open sources et r?seaux. Follow me on twitter: @alxgomz From tss at iki.fi Mon Oct 10 02:34:04 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 10 Oct 2011 02:34:04 +0300 Subject: [Dovecot] Filesystem quotas In-Reply-To: <4E922BB5.6070500@horoa.net> References: <1318188486.61779.YahooMailNeo@web39421.mail.mud.yahoo.com> <1318200274.80363.YahooMailNeo@web39421.mail.mud.yahoo.com> <4E922BB5.6070500@horoa.net> Message-ID: On 10.10.2011, at 2.18, Alexandre Chapellon wrote: > I think by using dovecot quota you can exclude some directories from the quota (e.g: spam or Trahs or whatever you like). No, it's filesystem quota so Dovecot can't override it. > More specificly it is better using dovecot quota as it will allow LDA to report quota exceeded in NDR . If using filesystem quota, I guess you'll send ugly messages reporting IO error or enability too write file, which is really not serious. The error message is only slightly different: "Not enough disk space" (instead of "Quota exceeded") >> So, what do I get by using the Dovecot Quota/FS plugin? Is it just a matter of it counting used space? Something else? Better handling of out of space? With imap_quota plugin it allows IMAP client to see how much quota is used/left. You could also enable quota warnings. And configure the quota exceeded error message. From dmiller at amfes.com Mon Oct 10 07:51:42 2011 From: dmiller at amfes.com (Daniel L. Miller) Date: Sun, 09 Oct 2011 21:51:42 -0700 Subject: [Dovecot] Group ACL In-Reply-To: <4E8FE8E2.4060400@amfes.com> References: <4E8DCB6D.5060404@amfes.com> <4E8FE8E2.4060400@amfes.com> Message-ID: On 10/7/2011 11:08 PM, Daniel L. Miller wrote: > On 10/6/2011 8:38 AM, Daniel L. Miller wrote: >> Using Dovecot 2.0, LDAP userdb & passdb, with prefetch: >> >> [..] >> >> I have added permissions for "$allshared" to a mailbox's Inbox. It >> does not appear in the shared folders list. Other mailboxes, with >> explicit permission for a given username, work fine. What am I doing >> wrong? >> > Am I, as usual, doing something wrong? > Is there anything else I should supply to help diagnose the issue? -- Daniel From jtam.home at gmail.com Mon Oct 10 11:40:21 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 10 Oct 2011 01:40:21 -0700 (PDT) Subject: [Dovecot] Filesystem quotas In-Reply-To: References: Message-ID: Timo Sirainen writes in response to Steve Fatula's query: > With imap_quota plugin it allows IMAP client to see how much quota is > used/left. You could also enable quota warnings. And configure the > quota exceeded error message. It could also prevent the catch-22 situation I wrote about earlier whereby a filesystem out-of-space condition will result in a user not being able get themselves out of that situation, since a mailbox operation (like a delete and expunge) will not be able to create a lockfile. Having quotas handled by the IMAP/LDA will allow extra room to handle this impasse. Disabling dotlock or using dotlock_try locking method are some other workarounds. Joseph Tam From danilo.abbasciano at gmail.com Mon Oct 10 11:59:23 2011 From: danilo.abbasciano at gmail.com (Danilo) Date: Mon, 10 Oct 2011 10:59:23 +0200 Subject: [Dovecot] Timeout leak in get quota In-Reply-To: <20111008160938.3dcd2aaa@jimbo> References: <4E846D31.6010900@gmail.com> <20111008160938.3dcd2aaa@jimbo> Message-ID: <4E92B3EB.9050408@gmail.com> On 08/10/2011 15:09, Nikita Koshikov wrote: > On Thu, 29 Sep 2011 15:05:53 +0200 > Danilo wrote: > >> Hello! >> I wrote perl script for read current quota usage, it works but when I run the >> program I receive a warning in Dovecot log: >> >> 2011-09-29 14:45:30 doveadm(guest at testmail.com): Warning: Timeout leak: >> 0x7f14800ad970 >> >> This is the script: >> =============================== >> #!/usr/bin/perl >> >> use strict; >> use Socket; >> use IO::Handle; >> >> socket(TSOCK, PF_UNIX, SOCK_STREAM,0); >> connect(TSOCK, sockaddr_un("/var/run/dovecot/doveadm-server")) or print("ERROR!"); >> >> print "VERSION\tdoveadm-server\t1\t0\n"; >> print "\tguest\@testmail.com\tquota get\n"; >> print "=" x 20 . "\n"; >> >> if (defined(my $messg = )) { >> >> print $messg; >> >> print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; >> TSOCK->flush; >> >> print TSOCK "\tguest\@testmail.com\tquota get\n"; >> TSOCK->flush; >> >> $messg = ; >> print $messg; >> >> $messg = ; >> print $messg; >> >> close TSOCK; >> } >> ============================= >> I hope someone could help me to fix the warning. >> Thanks in advance, >> Dany > > I'm using doveadm socket too for getting quota values. No warning. The main difference from yours script that I'm also using auth: > > print TSOCK "VERSION\tdoveadm-server\t1\t0\n"; > print TSOCK "PLAIN\tbase64_encoded_pass_here\n"; > print TSOCK "\t$local_part\@$domain\tquota get\n"; > TSOCK->flush; > > Dovecot version 2.0.15 Thanks, I had update dovecot to 2.0.15 version, now works without warning. Dany From beber at meleeweb.net Mon Oct 10 15:10:13 2011 From: beber at meleeweb.net (Bertrand Jacquin) Date: Mon, 10 Oct 2011 14:10:13 +0200 Subject: [Dovecot] Convert-tool maildir > mbox Message-ID: Timo, Is seems that this commit broke convertion from Maildir to Mbox using dovecot 1.2 convert-tool binary : 2009-07-09 Timo Sirainen * src/plugins/convert/convert-storage.c: convert plugin: Fixed changing hierarchy separators in mailbox names when alt_hierarchy_char isn't set. [a9f719f9a509] Since, I get the following : $ convert-tool user1 /var/mail/example.com/user1 Maildir:/var/mail/example.com/user1 mbox:/var/mail/example.com/user1-mbox alt_hierarchy_char=_ Error: Mailbox conversion: Couldn't create mailbox Sent/test: Mailbox doesn't allow inferior mailboxes Error: Internal failure Strace give show me a failure after : access("/var/mail/example.com/user1/.Sent.test/cur", W_OK) = 0 stat("/var/mail/example.com/user1-mbox/Sent/test", 0x7fff843e73b0) = -1 ENOTDIR (Not a directory) write(2, "Error: Mailbox conversion: Couldn"..., 103Error: Mailbox conversion: Couldn't create mailbox Sent/test: Mailbox doesn't allow inferior mailboxes ) = 103 lstat("/var/mail/example.com/user1/.dovecot.convert.lock", {st_mode=S_IFREG|0644, st_size=12, ...}) = 0 unlink("/var/mail/example.com/user1/.dovecot.convert.lock") = 0 Is that somethinh known ? Didn't find anything interesting in archives. Maybe that kind of conversion have evolved since 2.0 ? Thanks, Beber From compconsultant at yahoo.com Mon Oct 10 19:49:16 2011 From: compconsultant at yahoo.com (Steve Fatula) Date: Mon, 10 Oct 2011 09:49:16 -0700 (PDT) Subject: [Dovecot] Filesystem quotas In-Reply-To: References: Message-ID: <1318265356.66400.YahooMailNeo@web39407.mail.mud.yahoo.com> From: Joseph Tam >To: dovecot at dovecot.org >Sent: Monday, October 10, 2011 3:40 AM >Subject: Re: [Dovecot] Filesystem quotas > >Timo Sirainen writes in response to Steve Fatula's query: > >> With imap_quota plugin it allows IMAP client to see how much quota is >> used/left.? You could also enable quota warnings.? And configure the >> quota exceeded error message. > >It could also prevent the catch-22 situation I wrote about earlier whereby >a filesystem out-of-space condition will result in a user not being >able get themselves out of that situation, since a mailbox operation >(like a delete and expunge) will not be able to create a lockfile. > >Having quotas handled by the IMAP/LDA will allow extra room to handle >this impasse.? Disabling dotlock or using dotlock_try locking method >are some other workarounds. > > >Don't forget these are SYSTEM users, they can get in and delete things should they need to, and can easily consume all available space completely outside of email. We already send email outside of dovecot when they approach their limit, with our custom message. It sounds like there really isn't any benefit to using the dovecot fs quota plugin in our situation. Thanks for the ideas.? From ebroch at whitehorsetc.com Mon Oct 10 22:04:44 2011 From: ebroch at whitehorsetc.com (Eric Broch) Date: Mon, 10 Oct 2011 13:04:44 -0600 Subject: [Dovecot] inbox issue Message-ID: <4E9341CC.60105@whitehorsetc.com> I have dovecot 2.0.11 installed on a CentOS 5.7 email server. Two of the server email clients, one using Outlook and the other Thunderbird, have had all the contents of their inbox disappear only to reappear at a later time. One client's inbox email reappeared upon receiving a test email (to check if it would show up in the inbox) from another user. Has anyone heard of such a thing? Here's a dump of my dovecot configuration. # 2.0.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-238.19.1.el5 i686 CentOS release 5.7 (Final) auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 32 M auth_cache_ttl = 1 hours auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_first_valid_uid = 500 auth_gssapi_hostname = auth_krb5_keytab = auth_last_valid_uid = 0 auth_master_user_separator = auth_mechanisms = plain login digest-md5 cram-md5 auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Lu auth_username_translation = auth_verbose = no auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot config_cache_size = 1 M debug_log_path = default_client_limit = 1000 default_idle_kill = 60 default_internal_user = dovecot default_login_user = dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins disable_plaintext_auth = no dotlock_use_excl = yes doveadm_socket_path = doveadm-server doveadm_worker_count = 0 first_valid_gid = 1 first_valid_uid = 89 hostname = imap_capability = imap_client_workarounds = imap_id_log = imap_id_send = imap_idle_notify_interval = 2 mins imap_logout_format = bytes=%i/%o imap_max_line_length = 64 k import_environment = TZ info_log_path = last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/libexec/dovecot listen = *, :: lmtp_proxy = no lmtp_save_to_detail_mailbox = no lock_method = fcntl log_path = /var/log/dovecot.log log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Dovecot toaster ready. login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c login_trusted_networks = mail_access_groups = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = no mail_fsync = optimized mail_full_filesystem_access = no mail_gid = mail_home = mail_location = mail_log_prefix = "%s(%u): " mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /usr/lib/dovecot mail_plugins = mail_privileged_group = mail_save_crlf = no mail_temp_dir = /tmp mail_uid = mailbox_idle_check_interval = 30 secs mailbox_list_index_disable = no maildir_copy_with_hardlinks = yes maildir_stat_dirs = no maildir_very_dirty_syncs = no master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = dotlock fcntl mdbox_preallocate_space = no mdbox_rotate_interval = 0 mdbox_rotate_size = 2 M mmap_disable = no namespace { hidden = no inbox = yes list = yes location = prefix = INBOX. separator = . subscriptions = yes type = private } namespace { hidden = no inbox = no list = yes location = maildir:/home/vpopmail/domains/acemt.com/shared/projects prefix = projects. separator = . subscriptions = yes type = public } passdb { args = cache_key=%u webmail=127.0.0.1 deny = no driver = vpopmail master = no pass = no } plugin/quota = maildir pop3_client_workarounds = pop3_enable_last = no pop3_fast_size_lookups = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_no_flag_updates = no pop3_reuse_xuidl = no pop3_save_uidl = no pop3_uidl_format = %08Xu%08Xv postmaster_address = protocols = imap quota_full_tempfail = no recipient_delimiter = + rejection_reason = Your message to <%t> was automatically rejected:%n%r rejection_subject = Rejected: %s sendmail_path = /usr/sbin/sendmail service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service auth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = auth -w extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 4096 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener auth-client { group = mode = 0600 user = } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0600 user = } unix_listener login/login { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service config { chroot = client_limit = 0 drop_priv_before_exec = no executable = config extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = config unix_listener config { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service dict { chroot = client_limit = 1 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service director { chroot = client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dns_client { chroot = client_limit = 1 drop_priv_before_exec = no executable = dns-client extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dns-client { group = mode = 0666 user = } unix_listener login/dns-client { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service doveadm { chroot = client_limit = 1 drop_priv_before_exec = no executable = doveadm-server extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener doveadm-server { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service imap-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = imap-login extra_groups = group = idle_kill = 0 inet_listener imap { address = port = 143 ssl = no } inet_listener imaps { address = port = 993 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 1 type = login user = $default_login_user vsz_limit = 64 M } service imap { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener login/imap { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service lmtp { chroot = client_limit = 0 drop_priv_before_exec = no executable = lmtp extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = unix_listener lmtp { group = mode = 0666 user = } user = vsz_limit = 0 } service log { chroot = client_limit = 0 drop_priv_before_exec = no executable = log extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = log user = vsz_limit = 18446744073709551615 B } service pop3-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = port = 110 ssl = no } inet_listener pop3s { address = port = 995 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = pop3 service_count = 1 type = login user = $default_login_user vsz_limit = 64 M } service pop3 { chroot = client_limit = 1 drop_priv_before_exec = no executable = pop3 extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = pop3 service_count = 1 type = unix_listener login/pop3 { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service ssl-params { chroot = client_limit = 0 drop_priv_before_exec = no executable = ssl-params extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = startup unix_listener login/ssl-params { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = yes ssl_ca = ssl_cert = References: <4E9341CC.60105@whitehorsetc.com> Message-ID: <20111010141431.Horde.Wu90OqPBW7JOk0QXKmBF-BA@beta.vfemail.net> Quoting Eric Broch : > I have dovecot 2.0.11 installed on a CentOS 5.7 email server. Two of the > server email clients, one using Outlook and the other Thunderbird, have > had all the contents of their inbox disappear only to reappear at a > later time. One client's inbox email reappeared upon receiving a test > email (to check if it would show up in the inbox) from another user. Has > anyone heard of such a thing? After a recent upgrade - I've had an issue with an older version of Horde not displaying the INBOX. I've gotten it to restore by removing custom Sorting options. I upgraded Dovecot, the backend server, and PHP all relatively recently, but having only seen it with my older Horde install I figured it was a PHP issue. Just for giggles you could ask those users to use a different Sort method.. Rick From tompru at jla.rutgers.edu Mon Oct 10 22:27:30 2011 From: tompru at jla.rutgers.edu (Tom Pawlowski) Date: Mon, 10 Oct 2011 15:27:30 -0400 Subject: [Dovecot] inbox issue In-Reply-To: <4E9341CC.60105@whitehorsetc.com> References: <4E9341CC.60105@whitehorsetc.com> Message-ID: <20111010192729.GF6257@hawkeye.rutgers.edu> What you're describing has been a symptom of a corrupted index/uidlist our experience. Now *what's* corrupting it, depends on your setup. Just to clarify, you're using a single dovecot IMAP/POP3 mail server and not multiple servers, correct? And equally important, are you using a NFS backend for the Maildirs? If so, read these: http://wiki.dovecot.org/NFS http://dovecot.org/list/dovecot/2010-May/049031.html And look into this: http://wiki2.dovecot.org/Director If not, check the log files, are you getting corrupted index errors for the users in question? Check their quotas, are they all under? If they're at quota, then dovecot can't update the index or uidlist for that user. One solution: http://www.mailinglistarchive.com/html/dovecot at dovecot.org/2010-08/msg01028.html That's what first comes to mind for me. * Eric Broch [2011-10-10 13:04:44 -0600]: > I have dovecot 2.0.11 installed on a CentOS 5.7 email server. Two of the > server email clients, one using Outlook and the other Thunderbird, have > had all the contents of their inbox disappear only to reappear at a > later time. One client's inbox email reappeared upon receiving a test > email (to check if it would show up in the inbox) from another user. Has > anyone heard of such a thing? > > Here's a dump of my dovecot configuration. > -- Tom Pawlowski OIT-CSS System Administrator office: Hill 147 email: tompru at jla.rutgers.edu phone: (732) 445-2634 From compconsultant at yahoo.com Mon Oct 10 23:53:23 2011 From: compconsultant at yahoo.com (Steve Fatula) Date: Mon, 10 Oct 2011 13:53:23 -0700 (PDT) Subject: [Dovecot] 2.1 Plans Message-ID: <1318280003.91961.YahooMailNeo@web39424.mail.mud.yahoo.com> Back in early 2010, Timo posted about a potential 2.1 feature to in essence reduce the number of imap/pop3 processes using various techniques since the code already supports multiple connections. It even went as far as moving all idle connections.? I don't see this on the 2.1 roadmap. Is it still planned perhaps for 2.1? Thousands of imap processes going away is a great thing for me! So, just curious. Reference:?http://dovecot.org/list/dovecot/2010-January/046148.html ? Steve From jake0534 at airpost.net Tue Oct 11 01:17:17 2011 From: jake0534 at airpost.net (jake0534 at airpost.net) Date: Mon, 10 Oct 2011 15:17:17 -0700 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? Message-ID: <1318285037.2740.140258153259705@webmail.messagingengine.com> Hey all I've been running a Dovecot 1X server for awhile. Most of the config was pretty simple using flat files. I'm switching to Dovecot 2X now, and want to switch to using SQL for lookups so I can share info with the Postfix front end. For starters I setup two SIMPLE SQL tables -- a 'users' table and a 'aliases' table, where each user can have many aliases. I want to have Postfix check Dovecot's SASL/LMTP passdb to see if a @ exists. If yes, deliver through LMTP. If NO, reject it. Here are the table definitions so far, CREATE TABLE user ( userid TINYINT, user VARCHAR(64), domain VARCHAR(128), password VARCHAR(64), PRIMARY KEY (userid), UNIQUE (user,domain) ); CREATE TABLE alias ( aliasid TINYINT, alias VARCHAR(64), user VARCHAR(64), domain VARCHAR(128), PRIMARY KEY (aliasid), UNIQUE (domain,user,alias), CONSTRAINT fk_alias1 FOREIGN KEY (user) REFERENCES user (user) ON DELETE NO ACTION ON UPDATE NO ACTION, CONSTRAINT fk_alias2 FOREIGN KEY (domain) REFERENCES user (domain) ON DELETE NO ACTION ON UPDATE NO ACTION ); With flat file and just one table, 'users', I get how to setup LMTP. I can get Postfix delivering/rejecting over LMTP depending on if the user exists in the Dovecot passdb or not. I don't get how to do the SQL query in Dovecot if I have the TWO tables. An inbound @ needs to be auth'd as valid if it exists in EITHER 'user' OR 'alias' table. Do I need to use a single lookup for passdb with some sort of "IF EXISTS IN TABLE 'user' OR TABLE 'alias'" query? Or do I need to have TWO lookups, the main one for 'user' and a fallback one for 'alias' (like talked about here http://wiki2.dovecot.org/Authentication/MultipleDatabases)? Cheers! Jake From patrickdk at patrickdk.com Tue Oct 11 02:46:41 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Mon, 10 Oct 2011 19:46:41 -0400 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <1318285037.2740.140258153259705@webmail.messagingengine.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com> Message-ID: <20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com> I always keep it seperate, the user table is used by dovecot only, and the alias table is used by postfix. And then for users, you just alias them to themselfs. Then everything exists in the alias table, and postfix knows all valid users, cause they all exist in the alias table. I just think of it as, user accounts, and email addresses that map to the user accounts. Quoting jake0534 at airpost.net: > Hey all > > I've been running a Dovecot 1X server for awhile. Most of the config > was pretty simple using flat files. > > I'm switching to Dovecot 2X now, and want to switch to using SQL for > lookups so I can share info with the Postfix front end. > > For starters I setup two SIMPLE SQL tables -- a 'users' table and a > 'aliases' table, where each user can have many aliases. > > I want to have Postfix check Dovecot's SASL/LMTP passdb to see if a > @ exists. If yes, deliver through LMTP. If NO, reject > it. > > Here are the table definitions so far, > > CREATE TABLE user ( > userid TINYINT, > user VARCHAR(64), > domain VARCHAR(128), > password VARCHAR(64), > PRIMARY KEY (userid), > UNIQUE (user,domain) > ); > > CREATE TABLE alias ( > aliasid TINYINT, > alias VARCHAR(64), > user VARCHAR(64), > domain VARCHAR(128), > PRIMARY KEY (aliasid), > UNIQUE (domain,user,alias), > CONSTRAINT fk_alias1 FOREIGN KEY (user) REFERENCES user (user) ON > DELETE NO ACTION ON UPDATE NO ACTION, > CONSTRAINT fk_alias2 FOREIGN KEY (domain) REFERENCES user (domain) ON > DELETE NO ACTION ON UPDATE NO ACTION > ); > > With flat file and just one table, 'users', I get how to setup LMTP. I > can get Postfix delivering/rejecting over LMTP depending on if the user > exists in the Dovecot passdb or not. > > I don't get how to do the SQL query in Dovecot if I have the TWO tables. > An inbound @ needs to be auth'd as valid if it exists in > EITHER 'user' OR 'alias' table. > > Do I need to use a single lookup for passdb with some sort of "IF EXISTS > IN TABLE 'user' OR TABLE 'alias'" query? > > Or do I need to have TWO lookups, the main one for 'user' and a fallback > one for 'alias' (like talked about here > http://wiki2.dovecot.org/Authentication/MultipleDatabases)? > > Cheers! > > Jake From jake0534 at airpost.net Tue Oct 11 04:52:50 2011 From: jake0534 at airpost.net (jake0534 at airpost.net) Date: Mon, 10 Oct 2011 18:52:50 -0700 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com> <20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com> Message-ID: <1318297970.25687.140258153322933@webmail.messagingengine.com> Hey, On Monday, October 10, 2011 7:46 PM, "Patrick Domack" wrote: > I always keep it seperate, the user table is used by dovecot only, and > the alias table is used by postfix. > > And then for users, you just alias them to themselfs. Then everything > exists in the alias table, and postfix knows all valid users, cause > they all exist in the alias table. > > I just think of it as, user accounts, and email addresses that map to > the user accounts. So you're not using LMTP authentication to verify that Postfix is trying to deliver to a valid user? I though that's what it was for. In your setup, 'who' does Postfix try to deliver to, then? The 'real' user, after figuring out and remapping any aliases to it? Or to the alias, and then Dovecot does the remapping? Jake From patrickdk at patrickdk.com Tue Oct 11 15:37:26 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Tue, 11 Oct 2011 08:37:26 -0400 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <1318297970.25687.140258153322933@webmail.messagingengine.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com> <20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com> <1318297970.25687.140258153322933@webmail.messagingengine.com> Message-ID: <20111011083726.Horde.VQlFZpLnE6FOlDiGg1eR6hA@kishi.patrickdk.com> postfix delivers to the user, and I don't do lmtp authentication, I just submit the email from postfix to lmtp. I'm not even sure how you can use lmtp authentication to verify a delivery address, normally when postfix uses lmtp the email was accepted, and therefor would generate a bounce. I can't find anything that wouldn't bounce using lmtp, in postfix or dovecot documentation. Quoting jake0534 at airpost.net: > Hey, > > On Monday, October 10, 2011 7:46 PM, "Patrick Domack" > wrote: >> I always keep it seperate, the user table is used by dovecot only, and >> the alias table is used by postfix. >> >> And then for users, you just alias them to themselfs. Then everything >> exists in the alias table, and postfix knows all valid users, cause >> they all exist in the alias table. >> >> I just think of it as, user accounts, and email addresses that map to >> the user accounts. > > So you're not using LMTP authentication to verify that Postfix is trying > to deliver to a valid user? I though that's what it was for. > > In your setup, 'who' does Postfix try to deliver to, then? The 'real' > user, after figuring out and remapping any aliases to it? Or to the > alias, and then Dovecot does the remapping? > > Jake From jake0534 at airpost.net Tue Oct 11 18:57:49 2011 From: jake0534 at airpost.net (jake0534 at airpost.net) Date: Tue, 11 Oct 2011 08:57:49 -0700 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <20111011083726.Horde.VQlFZpLnE6FOlDiGg1eR6hA@kishi.patrickdk.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com><20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com><1318297970.25687.140258153322933@webmail.messagingengine.com> <20111011083726.Horde.VQlFZpLnE6FOlDiGg1eR6hA@kishi.patrickdk.com> Message-ID: <1318348669.14547.140258153570049@webmail.messagingengine.com> On Tuesday, October 11, 2011 8:37 AM, "Patrick Domack" wrote: > postfix delivers to the user, and I don't do lmtp authentication, I > just submit the email from postfix to lmtp. Ok, then we have different approaches. So you are using *only* Postfix to check if a received user is valid, right? > I'm not even sure how you can use lmtp authentication to verify a > delivery address, normally when postfix uses lmtp the email was > accepted, and therefor would generate a bounce. > > I can't find anything that wouldn't bounce using lmtp, in postfix or > dovecot documentation. If you follow this, http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP it works OK. There is no bounce when Postfix submit mail to LMTP for delivery and the user is authenticated as valid. Jake From m.fresel at hi-competence.eu Tue Oct 11 20:02:16 2011 From: m.fresel at hi-competence.eu (Fresel Michal - hi competence e.U.) Date: Tue, 11 Oct 2011 19:02:16 +0200 Subject: [Dovecot] using ecc-certificates (ellyptic curve) will not establish connection In-Reply-To: <392E878E-4AF2-4E8F-8CF5-CAC5F1A5B4BF@hi-competence.eu> References: <392E878E-4AF2-4E8F-8CF5-CAC5F1A5B4BF@hi-competence.eu> Message-ID: <7C992DAE-0077-4AF2-A47A-BFD87DACC0E4@hi-competence.eu> hi building 2.0.15 (f6a2c0e8bc03) against the 10.0e ssl-libs _WORKS_ (on some parts ;) Note: be careful on the client-side as many clients won't understand these types of certificates check the version of openssl if you have problems ... a client on OS X 10.6 (OpenSSL 0.9.8r 8 Feb 2011) gives the folowing error # openssl s_client -host remoteserver -port 993 CONNECTED(00000003) 8346:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-35.1/src/ssl/s23_clnt.c:602: ==> /var/log/mail.log <== dovecot: imap-login: Disconnected (no auth attempts): rip=xxxx, lip=xxxx, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher well - THIS would work (for debuging :) # openssl s_client -host remoteserver -port 993 -cipher ECCdraft Greetings Mike Am 09.10.2011 um 16:21 schrieb Fresel Michal - hi competence e.U.: > hi > > I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :( > > I tried to test using following scenario: > > > machine: > debian 6 (x64) > dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian > openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing) > > > > creating keys+cert for ecc (i.e. curves prime192v1, secp521r1) > # openssl ecparam -name prime192v1 -genkey -out prime192v1.key > # openssl req -new -key prime192v1.key -out prime192v1.csr > # openssl req -x509 -in prime192v1.csr -key prime192v1.key -out prime192v1.crt > > testing these in 2 windows > # openssl s_server -cert prime192v1.crt -key prime192v1.key -www > # openssl s_client > note: when using the default openssl version 0.9.8o-4squeeze3 you need to append -cipher ECCdraft > > > output (cut) > ... > New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES256-SHA > Server public key is 192 bit > Secure Renegotiation IS supported > Compression: zlib compression > Expansion: zlib compression > SSL-Session: > Protocol : SSLv3 > Cipher : ECDHE-ECDSA-AES256-SHA > Session-ID: xxxxx > Session-ID-ctx: > Master-Key: xxxxx > Key-Arg : None > PSK identity: None > PSK identity hint: None > Compression: 1 (zlib compression) > Start Time: xxxxx > Timeout : 7200 (sec) > Verify return code: 18 (self signed certificate) > > > looks promising - also for the secp521r1 curve > > > but when changing dovecot.conf to use these keys and certificates it won't use them and return errors > > # openssl s_client -port 993 > CONNECTED(00000003) > 140543456835240:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1195:SSL alert number 40 > 140543456835240:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:591: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 7 bytes and written 0 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : SSLv3 > Cipher : 0000 > Session-ID: > Session-ID-ctx: > Master-Key: > Key-Arg : None > PSK identity: None > PSK identity hint: None > Start Time: xxxxx > Timeout : 7200 (sec) > Verify return code: 0 (ok) > --- > > and the log gives (using verbose_ssl = yes in dovecot.conf) > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [127.0.0.1] > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > > ==> /var/log/mail.log <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > ==> /var/log/mail.info <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > ==> /var/log/mail.warn <== > dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [127.0.0.1] > > from doveconf -a: > ssl = required > ssl_ca = > ssl_cert = ssl_cert_username_field = commonName > ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL > ssl_key = ssl_key_password = > ssl_parameters_regenerate = 168 > ssl_verify_client_cert = no > > > Has anybody already tested this and made it working? > Or do i have just to recompile everything to make it work? > > > Greetings > > Mike From mephistopheles at operamail.com Wed Oct 12 05:43:42 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Tue, 11 Oct 2011 19:43:42 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? Message-ID: <1318387422.21937.140258153786649@webmail.messagingengine.com> I have Dovecot2 auth setup to run as user = doveauth group = dovecot configured in, vi conf.d/10-master.conf ... service auth { unix_listener /var/spool/postfix/private/auth { user = postfix group = postfix mode = 0660 } user = doveauth group = dovecot } service auth-worker { user = doveauth group = dovecot } ... When I start Dovecot, ls -al /var/run/dovecot/auth-* /bin/ls: No match. service dovecot-custom start Starting Dovecot ... done Dovect's auth-process sockets are created with different ownership than what I specified, ls -al /var/run/dovecot/auth-* srw------- 1 root root 0 Oct 11 19:30 /var/run/dovecot/auth-client srw------- 1 dovecot root 0 Oct 11 19:30 /var/run/dovecot/auth-login srw------- 1 root root 0 Oct 11 19:30 /var/run/dovecot/auth-master srw------- 1 root root 0 Oct 11 19:30 /var/run/dovecot/auth-userdb srw------- 1 dovecot root 0 Oct 11 19:30 /var/run/dovecot/auth-worker Which causes problems when I test AUTH, telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. a login "xxx at domain.loc" "testpass" a NO [UNAVAILABLE] Temporary authentication failure. * OK Waiting for authentication process to respond.. In logs, ==> /var/log/dovecot/dovecot-debug.log <== Oct 11 19:32:11 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/modules/auth Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libauthdb_ldap.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_mysql.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_pgsql.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_sqlite.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libmech_gssapi.so Oct 11 19:32:11 auth: Debug: auth client connected (pid=2397) Oct 11 19:32:17 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=127.0.0.1 rip=127.0.0.1lport=143 rport=47016 resp= ==> /var/log/dovecot/dovecot.log <== Oct 11 19:32:17 auth: Fatal: net_connect_unix(auth-worker) in directory /var/run/dovecot failed: Permission denied (euid=1101(doveauth) egid=305(dovecot) missing +r perm: /var/run/dovecot/auth-worker, dir owned by 305:305 mode=0755) What needs to change to get those sockets created with correct/assigned ownership & perms? From henson at acm.org Wed Oct 12 05:53:33 2011 From: henson at acm.org (Paul B. Henson) Date: Tue, 11 Oct 2011 19:53:33 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <1318387422.21937.140258153786649@webmail.messagingengine.com> References: <1318387422.21937.140258153786649@webmail.messagingengine.com> Message-ID: <20111012025332.GR8748@bender.csupomona.edu> On Tue, Oct 11, 2011 at 07:43:42PM -0700, mephistopheles at operamail.com wrote: > service auth-worker { > user = doveauth > group = dovecot > } You need an extra piece here: service auth-worker { user = $default_internal_user unix_listener auth-worker { user = postfix } } It was *not* easy to figure that out; none of the postfix/dovecot how-to's have been updated for dovecot 2. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768 From patrickdk at patrickdk.com Wed Oct 12 06:05:23 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Tue, 11 Oct 2011 23:05:23 -0400 Subject: [Dovecot] To query two SQL tables for user verification over LMTP, should I use (a) two separate lookups? or (b) just one lookup with a boolean query? In-Reply-To: <1318348669.14547.140258153570049@webmail.messagingengine.com> References: <1318285037.2740.140258153259705@webmail.messagingengine.com><20111010194641.Horde.cIXpDZLnE6FOk4PhXPuAjJA@kishi.patrickdk.com><1318297970.25687.140258153322933@webmail.messagingengine.com> <20111011083726.Horde.VQlFZpLnE6FOlDiGg1eR6hA@kishi.patrickdk.com> <1318348669.14547.140258153570049@webmail.messagingengine.com> Message-ID: <20111011230523.Horde.EA9lSZLnE6FOlQPzJfXzWgA@kishi.patrickdk.com> I'm totally confused by your authenticated as valid part, lmtp doesn't authenticate anything. How do you let postfix know about valid recipients, I don't really care about authenticated ones, just valid ones, and if you do that at lmtp time, postfix has already received the email, and therefor it would bounce if lmtp says it's not a valid recipient. Quoting jake0534 at airpost.net: > On Tuesday, October 11, 2011 8:37 AM, "Patrick Domack" > wrote: >> postfix delivers to the user, and I don't do lmtp authentication, I >> just submit the email from postfix to lmtp. > > Ok, then we have different approaches. > > So you are using *only* Postfix to check if a received user is valid, > right? > >> I'm not even sure how you can use lmtp authentication to verify a >> delivery address, normally when postfix uses lmtp the email was >> accepted, and therefor would generate a bounce. >> >> I can't find anything that wouldn't bounce using lmtp, in postfix or >> dovecot documentation. > > If you follow this, > > http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP > > it works OK. There is no bounce when Postfix submit mail to LMTP for > delivery and the user is authenticated as valid. > > Jake From mephistopheles at operamail.com Wed Oct 12 06:20:13 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Tue, 11 Oct 2011 20:20:13 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <20111012025332.GR8748@bender.csupomona.edu> References: <1318387422.21937.140258153786649@webmail.messagingengine.com> <20111012025332.GR8748@bender.csupomona.edu> Message-ID: <1318389613.30386.140258153796681@webmail.messagingengine.com> On Tuesday, October 11, 2011 7:53 PM, "Paul B. Henson" wrote: > You need an extra piece here: > > service auth-worker { > user = $default_internal_user > > unix_listener auth-worker { > user = postfix > } > } Maybe being too literal, or misunderstanding your 'extra', I changed to, ... service auth-worker { # user = doveauth # group = dovecot user = $default_internal_user unix_listener auth-worker { user = postfix } } ... At telnet 127.0.0.1 143 etc I get the same FAIL as above. But, if first I chown doveauth:dovecot /var/run/dovecot/auth-worker then telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a login "xxx at domain.loc" "testpass" a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA ACL RIGHTS=texk] Logged in ... succeeds. From mephistopheles at operamail.com Wed Oct 12 06:38:22 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Tue, 11 Oct 2011 20:38:22 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <20111012025332.GR8748@bender.csupomona.edu> References: <1318387422.21937.140258153786649@webmail.messagingengine.com> <20111012025332.GR8748@bender.csupomona.edu> Message-ID: <1318390702.2165.140258153801701@webmail.messagingengine.com> > It was *not* easy to figure that out; none of the postfix/dovecot > how-to's have been updated for dovecot 2. Fwiw, this looks useful Authentication process user http://wiki2.dovecot.org/UserIds Trying to get those $default_... redefined. No luck yet. From henson at acm.org Wed Oct 12 06:47:59 2011 From: henson at acm.org (Paul B. Henson) Date: Tue, 11 Oct 2011 20:47:59 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <1318389613.30386.140258153796681@webmail.messagingengine.com> References: <1318387422.21937.140258153786649@webmail.messagingengine.com> <20111012025332.GR8748@bender.csupomona.edu> <1318389613.30386.140258153796681@webmail.messagingengine.com> Message-ID: <20111012034759.GV8748@bender.csupomona.edu> On Tue, Oct 11, 2011 at 08:20:13PM -0700, mephistopheles at operamail.com wrote: > Maybe being too literal, or misunderstanding your 'extra', I changed to, Hmm, I just cut-and-pasted my config :), the missing piece was the unix_listener subconfig user, the user/group part in the service config didn't need to match mine exactly, although I think $default_internal_user is dovecot anyway. > chown doveauth:dovecot /var/run/dovecot/auth-worker Hmm, perhaps I misunderstood you? I thought you were trying to get SASL auth working with postfix? But you're demonstrating an imap connection. Ah, yes, I see in your original email you showed an imap connection too. I just saw the /var/spool/postfix/private/auth and user/group postfix parts of the config and made an assumption. My config was for using Dovecot *just* to provide SASL authentication services to postfix for smtp auth, I'm not using any of its other features/services. Sorry for any confusion. I'm curious though, why are you setting the auth stuff up to be owned by postfix if you'd trying to authenticate dovecot imap processes? It seems you're mixing two different configs. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768 From mephistopheles at operamail.com Wed Oct 12 07:06:52 2011 From: mephistopheles at operamail.com (mephistopheles at operamail.com) Date: Tue, 11 Oct 2011 21:06:52 -0700 Subject: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf? In-Reply-To: <20111012034759.GV8748@bender.csupomona.edu> References: <1318387422.21937.140258153786649@webmail.messagingengine.com><20111012025332.GR8748@bender.csupomona.edu><1318389613.30386.140258153796681@webmail.messagingengine.com> <20111012034759.GV8748@bender.csupomona.edu> Message-ID: <1318392412.30494.140258153805849@webmail.messagingengine.com> > Sorry for any confusion. np. issue solved. for my config, ... service auth-worker { user = doveauth unix_listener auth-worker { user = doveauth } } ... then service dovecot-custom restart ls -al /var/run/dovecot/auth-worker srw------- 1 doveauth root 0 Oct 11 20:56 /var/run/dovecot/auth-worker better. and, telnet 127.0.0.1 4143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. a login "xxx at domain.loc" "testpass" a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA ACL RIGHTS=texk] Logged in > I'm curious though, why are you setting the auth stuff up to be owned by > postfix if you'd trying to authenticate dovecot imap processes? It seems > you're mixing two different configs. I'm converting to SQL from flatfiles (http://wiki2.dovecot.org/HowTo/VirtualUserFlatFilesPostfix). Just haven't gotten to making all the changes yet. Single-stepping through testing, got to IMAP and found this issue. Thanks for the help! From simon.brereton at buongiorno.com Wed Oct 12 17:24:28 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 12 Oct 2011 10:24:28 -0400 Subject: [Dovecot] Auth Worker failures Message-ID: <069801cc88ea$a7c7dd80$f7579880$@brereton@buongiorno.com> Hi I have a script that checks the logs each day and mails me invalid user attempts and authentication failures for the previous day. (I use fail2ban to ban multiple attempts in a short space of time). For some reason, this appears every day: Oct 11 06:25:12 mail dovecot: auth-worker(default): sql(simon at mydomain.net,127.0.0.1): Password mismatch Oct 11 06:25:19 mail dovecot: auth-worker(default): sql(simon at mydomain.net,127.0.0.1): Password mismatch Oct 11 06:25:31 mail dovecot: auth-worker(default): sql(simon at mydomain.net,127.0.0.1): Password mismatch Oct 11 06:25:48 mail dovecot: auth-worker(default): sql(simon at mydomain.net,127.0.0.1): Password mismatch Oct 11 06:26:10 mail dovecot: imap-login: Aborted login (auth failed, 4 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Of all the accounts on the box, it's only mine that throws this up. Since its LIP is localhost, it could really only be for webmail - but I don't always leave the webmail open, so I'm curious to know how this gets there and what it is. Any suggestions? I find it difficult to believe I have an IMAP process in a script somewhere (especially with my user account - the postmaster account, I could believe, but not with my personal one).. The log time is UTC, so watching the process list at 2.24 is less than appealing! Simon From aperezaranda at yaco.es Thu Oct 13 11:31:29 2011 From: aperezaranda at yaco.es (Antonio Perez-Aranda) Date: Thu, 13 Oct 2011 10:31:29 +0200 Subject: [Dovecot] Rare error with concurrent users searching with fts-solr Message-ID: Hi all, If I start two o more connections with diferent users that make a search text to solr I get this message many times: Error: fts_solr: Query didn't return uid If I repeat the test about 2000 times, with only one user concurrent, with 60 diferent users, without concurrent, I get between 0. If I repeat the test about 2000 times, with 2 users concurrent, I get between 3 or 10 errors. If I repeat the test about 2000 times, with 4 users concurrent, I get between 10-20 errors. After see this error, I set a tcpdump to try to watch the SOLR XML and GET, I can watch that Solr send a xml like this: with 200 as http status When the normal response is like this 0 1 uid,score uid asc BLABLABLA +user:"ANYUSER" +uidv:1208469916 +box:"ANYFOLDER" -ns:[* TO *] 1 At first, I think that the problems it's in Solr, but after get all GET from tcpdump, I make a python script with urllib2 and send it all to Solr with the same concurrency and I can't get any error or "empty response" Have someone made a intensive concurrency tests over Dovecot + Solr ? -- Antonio P?rez-Aranda Alcaide aperezaranda at yaco.es Yaco Sistemas S.L. http://www.yaco.es/ C/ Rioja 5, 41001 Sevilla Tel?fono +34 954 50 00 57 Fax ? ? ?+34 954 50 09 29 From nanovox at gmail.com Thu Oct 13 16:00:49 2011 From: nanovox at gmail.com (Steven Kiehl) Date: Thu, 13 Oct 2011 09:00:49 -0400 Subject: [Dovecot] Dovecot not processing through Sieve Message-ID: Hello everyone, I'm fairly new to Dovecot, but I've gotten the majority of things working except for Sieve. I'm running Dovecot 1.2.9 coupled with Postfix and SpamAssassin all with a virtual domains setup. I am receiving mail and it is being processed by all the plugins that operate through Postfix. The quota configured in Dovecot appears to be working because my mail client shows the configured quota. But the Sieve rules are not processing. I created a rule as follows to filter spam: require ["fileinto"]; # rule:[global-spam] if anyof (header :contains "Subject" "[SPAM]", header :contains "X-Spam-Flag" "YES") { fileinto "Junk"; } If I mail myself a message with [SPAM] in the title, it goes into my inbox regardless. I've run 'sieve-test' with the same email and it says it will file it into Junk. The Junk folder exists. I even tried adding :create and the "mailbox" plugin, but that didn't do anything either. Here is the relevant majority of my dovecot configuration: login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:/home/dovecot/mail/domains/%d/%n/Maildir mail_debug: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail tb-extra-mailbox-sep imap_client_workarounds(imap): outlook-idle delay-newmail tb-extra-mailbox-sep imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): namespace: type: private separator: / inbox: yes list: yes subscriptions: yes lda: *mail_plugins: quota sieve* quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: cram-md5 plain login passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen master: path: /var/run/dovecot/auth-master mode: 384 user: dovemail group: dovemail socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: convert_mail: maildir:/home/dovecot/mail/domains/%d/%u/Maildir * sieve: /etc/dovecot/sieve/domains/%d/%n.sieve* * sieve_global_dir: /etc/dovecot/sieve/global/* quota: maildir:User quota_rule: INBOX:storage=500M quota_rule2: INBOX.Trash:storage=100M The sieve plugin exists in /usr/lib/dovecot/modules/lda/lib90_sieve_plugin.so, so I would assume I'd have to use *mail_plugin: sieve* as my configuration setting. Like I said, I am receiving emails to my domains without any problem, but sieve rules are not being processed. I can see the rules set up by using the Roundcube plugin, and I can create and edit rules through Roundcube, but nothing different happens when I send myself an email. It all just delivers to the inbox. Thanks for your help, Steve K. From stephan at rename-it.nl Thu Oct 13 16:21:46 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 13 Oct 2011 15:21:46 +0200 Subject: [Dovecot] Dovecot not processing through Sieve In-Reply-To: References: Message-ID: <4E96E5EA.1000903@rename-it.nl> On 10/13/2011 3:00 PM, Steven Kiehl wrote: > I'm fairly new to Dovecot, but I've gotten the majority of things working > except for Sieve. I'm running Dovecot 1.2.9 coupled with Postfix and > SpamAssassin all with a virtual domains setup. I am receiving mail and it > is being processed by all the plugins that operate through Postfix. The > quota configured in Dovecot appears to be working because my mail client > shows the configured quota. But the Sieve rules are not processing. I > created a rule as follows to filter spam: [...] > Like I said, I am receiving emails to my domains without any problem, but > sieve rules are not being processed. I can see the rules set up by using > the Roundcube plugin, and I can create and edit rules through Roundcube, but > nothing different happens when I send myself an email. It all just delivers > to the inbox. Are you sure you are using the Dovecot LDA (deliver)? Did you follow these instructions in the wiki? http://wiki1.dovecot.org/LDA http://wiki1.dovecot.org/LDA/Postfix From the looks of things, your Postfix currently still does its own mail delivery instead of using the Dovecot LDA. You should see entries in your log relating to LDA/deliver and Sieve, especially since you enabled mail_debug. To test whether Sieve is configured correctly (and to see what the Dovecot LDA normally logs), you can also manually execute /usr/lib/dovecot/deliver and feed it a message. Regards, Stephan From stephan at rename-it.nl Thu Oct 13 16:32:38 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 13 Oct 2011 15:32:38 +0200 Subject: [Dovecot] Sieve and UserDB/SQL support In-Reply-To: <270879f071d71e54745e1373c34ad61a@benweblife.fr> References: <270879f071d71e54745e1373c34ad61a@benweblife.fr> Message-ID: <4E96E876.6090505@rename-it.nl> On 8/25/2011 10:01 AM, ben at benweblife.fr wrote: Better late than never :) > I would like to know if plugins of sieve support UserDB/SQL backend. > For example, for the vacation plugin, is it possible to retrieve a > field like "sieve_vacation_days", "sieve_vacation_reason", and so on.. > on user_query? Not really, especially not in the Sieve standard. There is a experimental plugin for something like that. It can use Dovecot dictionaries to retrieve external data. It is documented here: http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extdata Regards, Stephan. From stephan at rename-it.nl Thu Oct 13 18:07:47 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 13 Oct 2011 17:07:47 +0200 Subject: [Dovecot] Dovecot not processing through Sieve In-Reply-To: References: <4E96E5EA.1000903@rename-it.nl> Message-ID: <4E96FEC3.9090802@rename-it.nl> Please reply to the list as well. On 10/13/2011 3:28 PM, Steven Kiehl wrote: > > On Thu, Oct 13, 2011 at 9:21 AM, Stephan Bosch > wrote: > > Are you sure you are using the Dovecot LDA (deliver)? Did you > follow these instructions in the wiki? > > http://wiki1.dovecot.org/LDA > http://wiki1.dovecot.org/LDA/Postfix > > From the looks of things, your Postfix currently still does its > own mail delivery instead of using the Dovecot LDA. You should see > entries in your log relating to LDA/deliver and Sieve, especially > since you enabled mail_debug. To test whether Sieve is configured > correctly (and to see what the Dovecot LDA normally logs), you can > also manually execute /usr/lib/dovecot/deliver and feed it a message. > > I am using Dovecot deliver to perform mail delivery. I'm absolutely > certain of this because I get spam scores and it is SpamAssassin that > actually hands the mail over to deliver. Here is my postfix master.cf > entry for spamc/deliver: > > dovespam unix n n n - - pipe > flags=DRhu user=dovemail:dovemail argv=/usr/bin/spamc -f -e > /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -f ${sender} -d > ${user}@${nexthop} -n -m ${extension} Ok, then what do your logs say about delivery? Even when things are filed in INBOX, the logs should show that deliver and sieve are being executed and putting the mail there. http://wiki1.dovecot.org/Logging Regards, Stephan From james.page at ubuntu.com Thu Oct 13 18:13:17 2011 From: james.page at ubuntu.com (James Page) Date: Thu, 13 Oct 2011 16:13:17 +0100 Subject: [Dovecot] Restarting dovecot periodically fails with "Socket already exists: /var/run/dovecot/anvil" Message-ID: <4E97000D.7030908@ubuntu.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello restarting dovecot regularly fails with version 2.0.13 on Ubuntu 11.10 due to a running child process exiting after the main dovecot process. Oct 13 15:04:58 ubuntu dovecot: master: Error: service(anvil): Socket already exists: /var/run/dovecot/anvil Oct 13 15:04:58 ubuntu dovecot: master: Error: service(anvil): Socket already exists: /var/run/dovecot/anvil-auth-penalty Oct 13 15:04:58 ubuntu dovecot: master: Fatal: Failed to start listeners Oct 13 15:04:58 ubuntu kernel: [11132.825253] init: dovecot main process (8668) terminated with status 89 The dovecot/anvil process appears to be the cause of the problem (snapshot of running dovecot processes just after main dovecot process stops): root 8418 8080 0 15:02 pts/0 00:00:00 stop dovecot root 8419 1 0 15:02 ? 00:00:00 dovecot/anvil root 8422 8420 0 15:02 ? 00:00:00 grep dovecot This is an Ubuntu specific issue as we use upstart to manage dovecot which monitors the status of the main dovecot process; the Debian init script appears to make provision for this happening. I can work around this in the upstart configuration but it does look like a potential bug in the sub-process handling in dovecot. Any help much appreciated - please feel free to comment on https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/873390 as well. Regards - -- James Page Ubuntu Core Developer - ----------------------------------- dovecot -n # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 3.0.0-12-generic-pae i686 Ubuntu 11.10 mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 sieve ssl_cert = was automatically rejected:%n%r } -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJOlwAJAAoJEL/srsug59jD1e4QAIB0/OhBhgr7HYqJNh3d1f69 8vGl6LSb2jjJb6bI+GX8QRHDDHXs6g3RadpHTEnDngJPLRPJxnnmr/mqcG+sAeYa 92shRyWnZQFEHJkl9hE1t1OS7skpLezWgSl6nOtzkRxm3yB0+w81PyQZVH2QArKf dATww3t0hMd3ybPEJnZwSlIQ/82i79qd8RZd1orERdIKN1wIyhb2uOi1XXBvGHZo hZKhO1sv3vz1RLpJXeWIVUNK8RQHJcvAOdqvTeT7kzx1gdxy3ycr7WOTUFY3Nc83 SYFyV9/miSNc45n+eDnsoknwggn0JWMkMA1jzRQz9OGCWFkJVFIuOE9jwJcFP6HY +8OnWwgdu5qNQ6nrn4+M1dB1MrFV5aFQmSuXsuAFXkCYywajdVhNyTkC8wERUBf1 NMv4PQRP0tA/UOOy9qNnNf9y3kQ1ItJ5ZhBTOO5WctnowYHDTWtnoxD7m0aEM1rA NH1TFolUgeiT6B9xFcreq42qEVYItKV60o2gv8fMDXwtkSjfDfJ2/88/45dcTOuK t+qUZnpI+AgCak7AfYShj1SjYN80BbpPpQ0WtG6MObXBZZl84paNpAUibUfN0tPy cEscYqUhkkptbfenJe3ldz0S2AhlrDTFk3cWGKwwlKY+29vBsoZtbgIamgrOKLX9 AbdvqFx8gnYe5af1k3eL =6Mfk -----END PGP SIGNATURE----- From nanovox at gmail.com Thu Oct 13 18:39:23 2011 From: nanovox at gmail.com (Steven Kiehl) Date: Thu, 13 Oct 2011 11:39:23 -0400 Subject: [Dovecot] Dovecot not processing through Sieve In-Reply-To: <4E96FEC3.9090802@rename-it.nl> References: <4E96E5EA.1000903@rename-it.nl> <4E96FEC3.9090802@rename-it.nl> Message-ID: Problem solved. It appears that my configuration contained two plugin {} blocks. One in an include (which is what I was editing) and one in the main dovecot.conf. While neither plugin {} block contained anything that would override the other, it appears that deliver doesn't listen to the second block. when I run "dovecot -n" the settings from both blocks are consolidated and output, but as soon as I removed the duplicate block, deliver started processing Sieve rules as expected. It wasn't until I tried hand-delivering a message on the command line that the issue became obvious. I'm not sure if deliver is actually paying any attention to the include options, so I may consolidate my config and forget about multiple configuration files. Thanks for your help Stephan! - Steve K. On Thu, Oct 13, 2011 at 11:07 AM, Stephan Bosch wrote: > Please reply to the list as well. > > > On 10/13/2011 3:28 PM, Steven Kiehl wrote: > > > On Thu, Oct 13, 2011 at 9:21 AM, Stephan Bosch wrote: > >> Are you sure you are using the Dovecot LDA (deliver)? Did you follow these >> instructions in the wiki? >> >> http://wiki1.dovecot.org/LDA >> http://wiki1.dovecot.org/LDA/Postfix >> >> From the looks of things, your Postfix currently still does its own mail >> delivery instead of using the Dovecot LDA. You should see entries in your >> log relating to LDA/deliver and Sieve, especially since you enabled >> mail_debug. To test whether Sieve is configured correctly (and to see what >> the Dovecot LDA normally logs), you can also manually execute >> /usr/lib/dovecot/deliver and feed it a message. >> >> I am using Dovecot deliver to perform mail delivery. I'm absolutely > certain of this because I get spam scores and it is SpamAssassin that > actually hands the mail over to deliver. Here is my postfix master.cfentry for spamc/deliver: > > dovespam unix n n n - - pipe > flags=DRhu user=dovemail:dovemail argv=/usr/bin/spamc -f -e > /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -f ${sender} -d > ${user}@${nexthop} -n -m ${extension} > > > Ok, then what do your logs say about delivery? Even when things are filed > in INBOX, the logs should show that deliver and sieve are being executed and > putting the mail there. > > http://wiki1.dovecot.org/Logging > > Regards, > > Stephan > > From crrodriguez at opensuse.org Thu Oct 13 22:23:31 2011 From: crrodriguez at opensuse.org (=?iso-8859-1?q?Cristian_Rodr=EDguez?=) Date: Thu, 13 Oct 2011 16:23:31 -0300 Subject: [Dovecot] [PATCH] Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low Message-ID: # HG changeset patch # User Cristian Rodr?guez # Date 1318533592 10800 # Node ID c15d6befe20082009cb40926afa208ab4b684818 # Parent 962df5d9413a4a0fcc68aacc1df0dca7a44a0240 Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low. diff -r 962df5d9413a -r c15d6befe200 src/login-common/ssl-proxy-openssl.c --- a/src/login-common/ssl-proxy-openssl.c Wed Oct 12 17:16:10 2011 +0300 +++ b/src/login-common/ssl-proxy-openssl.c Thu Oct 13 16:19:52 2011 -0300 @@ -925,6 +925,9 @@ STACK_OF(X509_NAME) *xnames = NULL; SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); +#endif if (*set->ssl_ca != '\0') { /* set trusted CA certs */ store = SSL_CTX_get_cert_store(ssl_ctx); From Chris at VandenBerghe.org Fri Oct 14 09:42:27 2011 From: Chris at VandenBerghe.org (Chris Vanden Berghe) Date: Fri, 14 Oct 2011 14:42:27 +0800 Subject: [Dovecot] Issue after upgrading to Ubuntu Server 11.10 Message-ID: Hi all, After upgrading to Ubuntu Server 11.10 my mail setup stopped working. The error message I get is: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) Does anybody have an idea how to solve this? Thanks, Chris. --- # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 3.0.0-12-generic x86_64 Ubuntu 11.10 ext3 auth_verbose = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/var/vmail/%u mail_privileged_group = mail maildir_stat_dirs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { fts = squat fts_squat = partial=4 full=10 } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth-client { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0600 user = vmail } } service imap-login { inet_listener imap { address = localhost port = 143 } inet_listener imaps { address = * port = 993 } } ssl_cert = References: Message-ID: I added unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } to the configuration which seems to solve the issue. Is this the right solution? Regards, Chris. --- On Fri, Oct 14, 2011 at 2:42 PM, Chris Vanden Berghe wrote: > Hi all, > > After upgrading to Ubuntu Server 11.10 my mail setup stopped working. > The error message I get is: > > lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) > failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing > +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) > > Does anybody have an idea how to solve this? > > Thanks, > Chris. > > --- > # 2.0.13: /etc/dovecot/dovecot.conf > # OS: Linux 3.0.0-12-generic x86_64 Ubuntu 11.10 ext3 > auth_verbose = yes > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_location = maildir:/var/vmail/%u > mail_privileged_group = mail > maildir_stat_dirs = yes > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date > passdb { > ?args = /etc/dovecot/dovecot-sql.conf > ?driver = sql > } > plugin { > ?fts = squat > ?fts_squat = partial=4 full=10 > } > protocols = imap > service auth { > ?unix_listener /var/spool/postfix/private/auth-client { > ? ?group = postfix > ? ?mode = 0660 > ? ?user = postfix > ?} > ?unix_listener auth-master { > ? ?group = vmail > ? ?mode = 0600 > ? ?user = vmail > ?} > } > service imap-login { > ?inet_listener imap { > ? ?address = localhost > ? ?port = 143 > ?} > ?inet_listener imaps { > ? ?address = * > ? ?port = 993 > ?} > } > ssl_cert = ssl_key = userdb { > ?args = uid=5000 gid=5000 home=/var/vmail/%u > ?driver = static > } > protocol imap { > ?mail_max_userip_connections = 50 > ?mail_plugins = fts fts_squat > } > protocol lda { > ?mail_plugins = sieve > } > From maria_arrea at gmx.com Sun Oct 16 01:11:23 2011 From: maria_arrea at gmx.com (Maria Arrea) Date: Sun, 16 Oct 2011 00:11:23 +0200 Subject: [Dovecot] Question about ionice & dovecot-deliver Message-ID: <20111015221123.67190@gmx.com> Hello We are running dovecot 2.0.13 with mdbox on RHEL 5.7 x64, ext4 filesystem. Sometimes we have a big load increase because a mailing list server send 16.000 32k messages in less than 3 minutes. We want to "slow down" delivery, we prefer slow delivery instead of logging out webmail users. I have the following line en /etc/postfix/master.cf: flags=DRhu user=userid argv=/usr/libexec/dovecot/deliver -d ${user} And in /etc/postfix/main.cf mailbox_command = /usr/libexec/dovecot/deliver I would like to add ionice to the equation, prefixing /usr/bin/ionice -c2 -n6 before the deliver lines in postfix config. Is there any other way of slowing down delivery speed vs imap access? Regards Maria From patrickdk at patrickdk.com Sun Oct 16 02:46:21 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Sat, 15 Oct 2011 19:46:21 -0400 Subject: [Dovecot] Question about ionice & dovecot-deliver In-Reply-To: <20111015221123.67190@gmx.com> References: <20111015221123.67190@gmx.com> Message-ID: <20111015194621.Horde.aHNCVpLnE6FOmhtNpYsFooA@kishi.patrickdk.com> This sounds like a postfix issue more than dovecot. Its easy to make a slow deliever transport for postfix, many people do so when sending emails to hotmail/yahoo. Sounds like that solution would work for you, just applied to the dovecot transport instead. Quoting Maria Arrea : > Hello > > We are running dovecot 2.0.13 with mdbox on RHEL 5.7 x64, ext4 > filesystem. Sometimes we have a big load increase because a mailing > list server send 16.000 32k messages in less than 3 minutes. We want > to "slow down" delivery, we prefer slow delivery instead of logging > out webmail users. > > I have the following line en /etc/postfix/master.cf: > > flags=DRhu user=userid argv=/usr/libexec/dovecot/deliver -d ${user} > > And in /etc/postfix/main.cf > > mailbox_command = /usr/libexec/dovecot/deliver > > I would like to add ionice to the equation, prefixing > /usr/bin/ionice -c2 -n6 before the deliver lines in postfix config. > Is there any other way of slowing down delivery speed vs imap access? > > Regards > > Maria From stan at hardwarefreak.com Sun Oct 16 04:17:04 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Sat, 15 Oct 2011 20:17:04 -0500 Subject: [Dovecot] Question about ionice & dovecot-deliver In-Reply-To: <20111015221123.67190@gmx.com> References: <20111015221123.67190@gmx.com> Message-ID: <4E9A3090.80100@hardwarefreak.com> On 10/15/2011 5:11 PM, Maria Arrea wrote: <...> > Is there any other way of slowing down delivery speed vs imap access? The proper way to slow down inbound mail is with your MTA, not your LDA, and certainly not using kernel level tweaks to the IO subsystem. There are many ways to accomplish this with Postfix. Please post your question on the Postfix mailing list. Conversely, if you or your organization control that list server, simply tweak the mailing list manager software, or the MTA, lowering the delivery rate. -- Stan From lists at wilkesley.net Mon Oct 17 09:17:17 2011 From: lists at wilkesley.net (Ian Barton) Date: Mon, 17 Oct 2011 07:17:17 +0100 Subject: [Dovecot] Problems Configuring Pigeonhole/Seve Message-ID: <4E9BC86D.4080303@wilkesley.net> I am moving my email server from Ubuntu Lucid to Arch. The Arch server is running Dovecot V2.0.15. Email is working fine, but I can't get Pigeonhiole/sieve to work. My dovecot.conf is: protocols = imap sieve ssl = yes ssl_cert = References: <4E9BC86D.4080303@wilkesley.net> Message-ID: <4E9BCD19.5060002@rename-it.nl> On 10/17/2011 8:17 AM, Ian Barton wrote: > I am moving my email server from Ubuntu Lucid to Arch. The Arch server > is running Dovecot V2.0.15. Email is working fine, but I can't get > Pigeonhiole/sieve to work. [...] > I have created the sieve dir in the virtual users folder. However > sieve doesn't appear to be working. > I have tried logging in manually to see if sieve is running, 'Logging into Sieve' means that you are checking whether the ManageSieve protocol is active. Using this technique, you'll only be able to verify that it is possible to remotely upload Sieve scripts. This has nothing to do with whether Sieve scripts are being executed at delivery or not. Still, connecting to that protocol should work: > but get the following error: > ian:~/ $ gnutls-cli --starttls -p 143 mail2.wilkesley.net > [8:32:22] > Resolving 'mail2.wilkesley.net'... > Connecting to '127.0.0.1:143'... > - Simple Client Mode: > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE STARTTLS AUTH=PLAIN] Dovecot ready. > STARTTLS > STARTTLS BAD Error in IMAP command received by server. > According to the Dovecot wiki this should reply with the capabilities > of my server, Note the server sends and receives mail OK using starttls. > > So what am I doing wrong? I'm getting the feeling that the wiki is not clear enough on this point. You are connecting to IMAP (port 143), which makes no sense. You should connect to the port configured for the Sieve protocol, which is 4190 by default and 2000 for older setups. If your Sieve scripts are not being executed, you should check the following first: http://wiki2.dovecot.org/Pigeonhole/Sieve/Troubleshooting Regards, Stephan. From Yann.Dupont at univ-nantes.fr Mon Oct 17 10:19:32 2011 From: Yann.Dupont at univ-nantes.fr (Yann Dupont) Date: Mon, 17 Oct 2011 09:19:32 +0200 Subject: [Dovecot] Attachements with SIS : shauld all the same files share the same inode ? Message-ID: <4E9BD704.9080801@univ-nantes.fr> Hello. I configured SIS , and all seems to work well, but I noticed something strange : For exemple, this attachement : 6e/2d# ls -al 6e2df299* | sort -n 104 instance of -rw------- 104 vmail vmail 346584 16 oct. 17:47 6e2df299fa96daec9b4735d07c494046429be4d6-ffd0d1xxxx The files are hardlinked, so it seems ok, but I also see 9 others files in the same directory : -rw------- 1 vmail vmail 346584 16 oct. 17:47 6e2df299fa96daec9b4735d07c494046429be4d6-0519df2a94fc9a4e1f4100008a6b99b6 -rw------- 1 vmail vmail 346584 16 oct. 17:47 6e2df299fa96daec9b4735d07c494046429be4d6-1790b92994fc9a4e1a4100008a6b99b6 as you can see, same prefix, If I compare them with diff, they are all the same files. ls -i show that 104 have the same inode, as expected, and the 9 remaining files have different inodes. I expected all the files share the same inodes. Is there something wrong here ? My setup is debian squeeze + auto packages from http://xi.rename-it.nl/debian/ dovecot is 2:2.0.15-0~auto+21 thanks, -- Yann Dupont - Service IRTS, DSI Universit? de Nantes Tel : 02.53.48.49.20 - Mail/Jabber : Yann.Dupont at univ-nantes.fr From juancarlos.sanchez at upm.es Mon Oct 17 11:06:19 2011 From: juancarlos.sanchez at upm.es (Juan Carlos Sanchez) Date: Mon, 17 Oct 2011 10:06:19 +0200 Subject: [Dovecot] lmtp performance Message-ID: <4E9BE1FB.6040902@upm.es> Hello: In the process of migration from version 1.2 to 2.0 have tried to use lmtp instead of lda as delivery agent. But unfortunately througput we get is poor with lmtp compared to lda. In peak times with lda we are able to deliver over 1800 messages/minute (high I/O but not affecting service) but if we switch to lmtp cannot deliver more than 300 mess/minute (very low I/O). This is enough for normal work but low under heavy load (distribution lists messages sometimes stay queued for 4 hours before deliver). We have arround 50000 boxes and use postfix as MTA How to increase lmtp performance? dovecot config for lda and lmtp: protocol lda { auth_socket_path = /usr/local/var/run/dovecot/auth-master info_log_path = /var/log/mail/dovecot_deliver.log log_path = /var/log/mail/dovecot_deliver.log mail_plugins = quota sieve zlib postmaster_address = postmaster at upm.es sendmail_path = /usr/lib/sendmail } protocol lmtp { info_log_path = /var/log/mail/dovecot_deliver.log log_path = /var/log/mail/dovecot_deliver.log mail_plugins = quota sieve zlib postmaster_address = postmaster at upm.es sendmail_path = /usr/lib/sendmail } In postfix I have: mailbox_transport = lmtp:unix:private/dovecot-lmtp Thanks in advance. -- ------------------------------------------------------ Juan Carlos Sanchez Hernandez Universidad Politecnica de Madrid ------------------------------------------------------ From joseba.torre at ehu.es Mon Oct 17 13:12:58 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 17 Oct 2011 12:12:58 +0200 Subject: [Dovecot] mail_location in LDAP and variables Message-ID: <201110171212.58602.joseba.torre@ehu.es> Hi, Is it posible to use variables in mail_location when taken from ldap? How? I've tried mdbox:/buzones2/'%n'/mdbox mdbox:/buzones2/"%n"/mdbox mdbox:/buzones2/%n/mdbox but %n is never replaced by its value. Thanks! -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From philipp.haselwarter at gmx.de Mon Oct 17 13:43:41 2011 From: philipp.haselwarter at gmx.de (Philipp Haselwarter) Date: Mon, 17 Oct 2011 12:43:41 +0200 Subject: [Dovecot] =?utf-8?q?dovecot-antispam_=E2=80=93_Debian_package?= Message-ID: <878vojsxsy.fsf@nzebook.haselwarter.org> Dovecot2 has been around for a bit now but Eugene Paskevich's antispam plugin unfortunately still doesn't seem to have a tagged release. Has anyone by any chance rolled a .deb for the plugin that works on current Debian sid? -- Philipp Haselwarter From juancarlos.sanchez at upm.es Mon Oct 17 17:31:01 2011 From: juancarlos.sanchez at upm.es (Juan Carlos Sanchez) Date: Mon, 17 Oct 2011 16:31:01 +0200 Subject: [Dovecot] lmtp performance In-Reply-To: References: <4E9BE1FB.6040902@upm.es> Message-ID: <4E9C3C25.7070802@upm.es> A particular reply (not to the list) has told me to try: " Add to service lmtp: process_min_avail = 20 " And yes, it works (unless for me), so I want to share it with everybody. Have not exactly measured performance but this morning have seen over 1400 messages/minute with lmtp under heavy load. What the "process_min_avail = 20" in service lmtp (or anywhere else) exactly imply? cannot find a reference in wiki2 . I suppose it means than 20 lmtp processes are always open waiting for new connections and so reducing startup latency, isn't it? Thank you. > > On Mon, Oct 17, 2011 at 6:06 AM, Juan Carlos Sanchez > > wrote: > > Hello: > > In the process of migration from version 1.2 to 2.0 have tried to > use lmtp instead of lda as delivery agent. > > But unfortunately througput we get is poor with lmtp compared to lda. > In peak times with lda we are able to deliver over 1800 > messages/minute (high I/O but not affecting service) but if we > switch to lmtp cannot deliver more than 300 mess/minute (very low > I/O). > > This is enough for normal work but low under heavy load > (distribution lists messages sometimes stay queued for 4 hours > before deliver). > > We have arround 50000 boxes and use postfix as MTA > > How to increase lmtp performance? > > > dovecot config for lda and lmtp: > > protocol lda { > auth_socket_path = /usr/local/var/run/dovecot/auth-master > info_log_path = /var/log/mail/dovecot_deliver.log > log_path = /var/log/mail/dovecot_deliver.log > mail_plugins = quota sieve zlib > postmaster_address = postmaster at upm.es > sendmail_path = /usr/lib/sendmail > } > > protocol lmtp { > info_log_path = /var/log/mail/dovecot_deliver.log > log_path = /var/log/mail/dovecot_deliver.log > mail_plugins = quota sieve zlib > postmaster_address = postmaster at upm.es > sendmail_path = /usr/lib/sendmail > } > > In postfix I have: > > mailbox_transport = lmtp:unix:private/dovecot-lmtp > > > > Thanks in advance. > > -- > > ------------------------------------------------------ > Juan Carlos Sanchez Hernandez > Universidad Politecnica de Madrid > ------------------------------------------------------ > > > -- ------------------------------------------------------ Juan Carlos Sanchez Hernandez Universidad Politecnica de Madrid ------------------------------------------------------ From joseba.torre at ehu.es Mon Oct 17 17:42:45 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 17 Oct 2011 16:42:45 +0200 Subject: [Dovecot] lmtp performance In-Reply-To: <4E9C3C25.7070802@upm.es> References: <4E9BE1FB.6040902@upm.es> <4E9C3C25.7070802@upm.es> Message-ID: <201110171642.45954.joseba.torre@ehu.es> On Lunes 17 Octubre 2011 16:31:01 Juan Carlos Sanchez escribi?: > A particular reply (not to the list) has told me to try: > > " > Add to service lmtp: > process_min_avail = 20 > " > > And yes, it works (unless for me), so I want to share it with everybody. > > Have not exactly measured performance but this morning have seen over > 1400 messages/minute with lmtp under heavy load. > > > What the "process_min_avail = 20" in service lmtp (or anywhere else) > exactly imply? cannot find a reference in wiki2 . I suppose it means > than 20 lmtp processes are always open waiting for new connections and > so reducing startup latency, isn't it? I had a similar problem, and found the same solution. In my setup, only 1 lmtp process was available and a 2nd one never was created, so the process was really busy. With this parameter (I setup it to 10) I have diferent process and all of them are used. -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From simon.brereton at buongiorno.com Mon Oct 17 18:16:46 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 17 Oct 2011 11:16:46 -0400 Subject: [Dovecot] Spammers attempting SASL Auth Message-ID: <01f601cc8cdf$ca1d3850$5e57a8f0$@brereton@buongiorno.com> Hi This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known Simon From robert at schetterer.org Mon Oct 17 18:31:08 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 17 Oct 2011 17:31:08 +0200 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <01f601cc8cdf$ca1d3850$5e57a8f0$@brereton@buongiorno.com> References: <01f601cc8cdf$ca1d3850$5e57a8f0$@brereton@buongiorno.com> Message-ID: <4E9C4A3C.5060800@schetterer.org> Am 17.10.2011 17:16, schrieb Simon Brereton: > Hi > > This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. > > Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] > Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars > Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 > Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known > > > Simon > this maybe a brute force attack,or more easy someone missconfigured his client , you may use fail2ban etc to block it not directly related to dovecot -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From simon.brereton at buongiorno.com Mon Oct 17 18:51:15 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 17 Oct 2011 11:51:15 -0400 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <4E9C4A3C.5060800@schetterer.org> References: <4E9C4A3C.5060800@schetterer.org> Message-ID: <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> On 17 October 2011 11:31, Robert Schetterer wrote: > Am 17.10.2011 17:16, schrieb Simon Brereton: >> Hi >> >> This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. >> >> Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] >> Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars >> Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 >> Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known >> >> >> Simon >> > > this maybe a brute force attack,or more easy someone missconfigured his > client , you may use fail2ban etc to block it > not directly related to dovecot 17 queries in 30 seconds is not a misconfigured client :) And I'm already using Fail2Ban - but as someone on this list pointed out recently, that doesn't apply if they try X attempts on the same connection. Although, I don't think that was case here - maybe I should update my dovecot jail with that illegal chars line. But, be that as it may - all these attempts failed because the user didn't exist. What if the user exists though? Does this illegal chars make a hole for them to enter through? Simon From robert at schetterer.org Mon Oct 17 18:53:33 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 17 Oct 2011 17:53:33 +0200 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> References: <4E9C4A3C.5060800@schetterer.org> <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> Message-ID: <4E9C4F7D.4090301@schetterer.org> Am 17.10.2011 17:51, schrieb Simon Brereton: > On 17 October 2011 11:31, Robert Schetterer wrote: >> Am 17.10.2011 17:16, schrieb Simon Brereton: >>> Hi >>> >>> This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. >>> >>> Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] >>> Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars >>> Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 >>> Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known >>> >>> >>> Simon >>> >> >> this maybe a brute force attack,or more easy someone missconfigured his >> client , you may use fail2ban etc to block it >> not directly related to dovecot > > 17 queries in 30 seconds is not a misconfigured client :) > > And I'm already using Fail2Ban - but as someone on this list pointed > out recently, that doesn't apply if they try X attempts on the same > connection. Although, I don't think that was case here - maybe I > should update my dovecot jail with that illegal chars line. But, be > that as it may - all these attempts failed because the user didn't > exist. What if the user exists though? Does this illegal chars make > a hole for them to enter through? > > Simon > as i posted you offlist, this is a smtp attack, look at your i.e fail2ban postfix rules, fail2ban dovecot ruel is for banning pop3/imap brute force -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From tompru at jla.rutgers.edu Mon Oct 17 19:10:38 2011 From: tompru at jla.rutgers.edu (Tom Pawlowski) Date: Mon, 17 Oct 2011 12:10:38 -0400 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> References: <4E9C4A3C.5060800@schetterer.org> <020301cc8ce4$9aca19b0$d05e4d10$@brereton@buongiorno.com> Message-ID: <20111017161038.GC16920@hawkeye.rutgers.edu> Take a look at: http://hg.dovecot.org/dovecot-2.0/file/962df5d9413a/src/auth/auth-request.c on line 536. That's the auth service catching illegal characters and rejecting the attempt. It'll happen with or without a valid user. So, working as it should. As for spammers trying to brute force valid logins, yep, pretty common. Higher rate of success if they can mail from a known good server and account. * Simon Brereton [2011-10-17 11:51:15 -0400]: > On 17 October 2011 11:31, Robert Schetterer wrote: > > Am 17.10.2011 17:16, schrieb Simon Brereton: > >> Hi > >> > >> This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. > >> > >> Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] > >> Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars > >> Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 > >> Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known > >> > >> > >> Simon > >> > > > > this maybe a brute force attack,or more easy someone missconfigured his > > client , you may use fail2ban etc to block it > > not directly related to dovecot > > 17 queries in 30 seconds is not a misconfigured client :) > > And I'm already using Fail2Ban - but as someone on this list pointed > out recently, that doesn't apply if they try X attempts on the same > connection. Although, I don't think that was case here - maybe I > should update my dovecot jail with that illegal chars line. But, be > that as it may - all these attempts failed because the user didn't > exist. What if the user exists though? Does this illegal chars make > a hole for them to enter through? > > Simon > -- Tom Pawlowski OIT-CSS System Administrator office: Hill 147 email: tompru at jla.rutgers.edu phone: (732) 445-2634 From simon.brereton at buongiorno.com Mon Oct 17 19:21:10 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 17 Oct 2011 12:21:10 -0400 Subject: [Dovecot] Spammers attempting SASL Auth In-Reply-To: <20111017161038.GC16920@hawkeye.rutgers.edu> References: <4E9C4A3C.5060800@schetterer.org> <20111017161038.GC16920@hawkeye.rutgers.edu> Message-ID: On 17 October 2011 12:10, Tom Pawlowski wrote: > Take a look at: > > http://hg.dovecot.org/dovecot-2.0/file/962df5d9413a/src/auth/auth-request.c > > on line 536. That's the auth service catching illegal characters and > rejecting the attempt. It'll happen with or without a valid user. So, > working as it should. > > As for spammers trying to brute force valid logins, yep, pretty common. > Higher rate of success if they can mail from a known good server and > account. Okay, thanks for that. That's the info/reassurance I was after. In the meantime I've update fail2ban to take care of it. You're right about the higher rate of success, I've just never seen a spammer try it before - usually their resources are better spend just sending the mail. But it's good to know that dovecot will trap and block the illegal Chars :) Thanks. Simon From tss at iki.fi Tue Oct 18 17:31:35 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:31:35 +0300 Subject: [Dovecot] doveadm mailbox list shows file system directories as mailboxes In-Reply-To: <20110922115223.73054v8up83ej0wg@webmail.hrz.uni-giessen.de> References: <20110922115223.73054v8up83ej0wg@webmail.hrz.uni-giessen.de> Message-ID: <1318948295.21919.100.camel@hurina> On Thu, 2011-09-22 at 11:52 +0200, J?rgen Obermann wrote: > Hello. > In our dovecvot we use mbox format with the default filesystem layout. > Therefore it is not possible to have mailboxes which are subfolders of > other mailboxes containing messages. > The command "doveadm mailbox list" includes the file system > directories, that contain only subfolders, as normal mailboxes in the > output: > > archiv > archiv/daemon > archiv/dovecot > > Did I miss something in the dovecot configuration or is there a bug in > the command "doveadm mailbox list"? It's more like a feature.. For example if there exists "archiv" directory without children, I don't think it should be invisible in the list. Maybe there could be a new parameter to hide \Noselect mailboxes. From tss at iki.fi Tue Oct 18 17:32:44 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:32:44 +0300 Subject: [Dovecot] Convert-tool maildir > mbox In-Reply-To: References: Message-ID: <1318948364.21919.101.camel@hurina> On Mon, 2011-10-10 at 14:10 +0200, Bertrand Jacquin wrote: > > Maybe that kind of conversion have evolved since 2.0 ? convert-tool wasn't very good. Use something else, like maybe dsync from v2.0 (even if you don't use v2.0 for anything else). From tss at iki.fi Tue Oct 18 17:34:33 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:34:33 +0300 Subject: [Dovecot] 2.1 Plans In-Reply-To: <1318280003.91961.YahooMailNeo@web39424.mail.mud.yahoo.com> References: <1318280003.91961.YahooMailNeo@web39424.mail.mud.yahoo.com> Message-ID: <1318948473.21919.102.camel@hurina> On Mon, 2011-10-10 at 13:53 -0700, Steve Fatula wrote: > Back in early 2010, Timo posted about a potential 2.1 feature to in > essence reduce the number of imap/pop3 processes using various > techniques since the code already supports multiple connections. It > even went as far as moving all idle connections. > > I don't see this on the 2.1 roadmap. Is it still planned perhaps for > 2.1? Thousands of imap processes going away is a great thing for me! > So, just curious. It's slowly getting there, but won't be ready for v2.1. From tss at iki.fi Tue Oct 18 17:37:20 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:37:20 +0300 Subject: [Dovecot] Auth Worker failures In-Reply-To: <069801cc88ea$a7c7dd80$f7579880$@brereton@buongiorno.com> References: <069801cc88ea$a7c7dd80$f7579880$@brereton@buongiorno.com> Message-ID: <1318948640.21919.103.camel@hurina> On Wed, 2011-10-12 at 10:24 -0400, Simon Brereton wrote: > > > Of all the accounts on the box, it's only mine that throws this up. > Since its LIP is localhost, it could really only be for webmail - but > I don't always leave the webmail open, so I'm curious to know how this > gets there and what it is. > > Any suggestions? I find it difficult to believe I have an IMAP > process in a script somewhere (especially with my user account - the > postmaster account, I could believe, but not with my personal one).. > You could enable auth_debug_passwords=yes and see what password it tries. From tss at iki.fi Tue Oct 18 17:40:26 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:40:26 +0300 Subject: [Dovecot] Rare error with concurrent users searching with fts-solr In-Reply-To: References: Message-ID: <1318948826.21919.105.camel@hurina> On Thu, 2011-10-13 at 10:31 +0200, Antonio Perez-Aranda wrote: > After see this error, I set a tcpdump to try to watch the SOLR XML and > GET, I can watch that Solr send a xml like this: > > > > with 200 as http status > > When the normal response is like this > > > .. Check what kind of commands Dovecot sends. Is this maybe a reply to a somewhat different (broken?) command than others? > At first, I think that the problems it's in Solr, but after get all > GET from tcpdump, I make a python script with urllib2 and send it all > to Solr with the same concurrency and I can't get any error or "empty > response" You mean send the exact same commands as Dovecot sent when this failed? It's anyway difficult for me to guess how this could be Dovecot's fault, if the command that gives the broken response normally works. From tss at iki.fi Tue Oct 18 17:46:28 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:46:28 +0300 Subject: [Dovecot] mail_location in LDAP and variables In-Reply-To: <201110171212.58602.joseba.torre@ehu.es> References: <201110171212.58602.joseba.torre@ehu.es> Message-ID: <1318949188.21919.106.camel@hurina> On Mon, 2011-10-17 at 12:12 +0200, Joseba Torre wrote: > Hi, > > Is it posible to use variables in mail_location when taken from ldap? How? > I've tried > > mdbox:/buzones2/'%n'/mdbox > mdbox:/buzones2/"%n"/mdbox > mdbox:/buzones2/%n/mdbox > > but %n is never replaced by its value. Where exactly are you trying to use this? It should get expanded. From tss at iki.fi Tue Oct 18 17:49:22 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:49:22 +0300 Subject: [Dovecot] Syntax to specify sdbox: mail_location path? In-Reply-To: <1318013006.28193.140258152251553@webmail.messagingengine.com> References: <1318013006.28193.140258152251553@webmail.messagingengine.com> Message-ID: <1318949363.21919.108.camel@hurina> On Fri, 2011-10-07 at 11:43 -0700, mephistopheles at operamail.com wrote: > With "sdbox:" > > mail_location = sdbox:/my_mailbox_path/%d/%n > > mail gets stored in /my_mailbox_path/%d/%n/mailboxes/INBOX/dbox-Mails. > > How do I get rid of the '/mailboxes/' and '/dbox-Mails/' path components > so sdbox stores in: > > /my_mailbox_path/%d/%n/INBOX Well, there are a few settings so you could make it work that way, but why do you want to do that? There's a reason why those extra directory components were added, you shouldn't remove them. From tss at iki.fi Tue Oct 18 17:52:35 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:52:35 +0300 Subject: [Dovecot] LDA/Postfix with quotas and without LMTP In-Reply-To: <1318185118.42006.YahooMailNeo@web39423.mail.mud.yahoo.com> References: <1318185118.42006.YahooMailNeo@web39423.mail.mud.yahoo.com> Message-ID: <1318949556.21919.111.camel@hurina> On Sun, 2011-10-09 at 11:31 -0700, Steve Fatula wrote: > dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied > > > Using mailbox_command in Postfix means that dovecot-lda is running as the system user getting the mail. Which means it can't access the socket file. Of course, one can simply use mode 666 on it, but, then people can use it to find out information according to the doc, which I do not want. > > So, I am not sure why the doc says to add -d for per user quotas, without also mentioning the problem with doing that. I don't see how it can work? > > Assuming I need per user quotas, and I don't want to use LMTP, is there a good way around this without the security issue? The possibilities are: a) Start dovecot-lda so that the process belongs to extra group (e.g. dovecot) and make the socket rw for that group. I don't know if Postfix can do this for system users.. b) Use filesystem setgid bit for dovecot-lda c) Run via sudo The b) and c) are explained in wiki in the "multiple UIDs" section (although for setuid-root rather than setgid-dovecot). From tss at iki.fi Tue Oct 18 17:53:35 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:53:35 +0300 Subject: [Dovecot] LDA/Postfix with quotas and without LMTP In-Reply-To: <1318949556.21919.111.camel@hurina> References: <1318185118.42006.YahooMailNeo@web39423.mail.mud.yahoo.com> <1318949556.21919.111.camel@hurina> Message-ID: <1318949615.21919.112.camel@hurina> On Tue, 2011-10-18 at 17:52 +0300, Timo Sirainen wrote: > On Sun, 2011-10-09 at 11:31 -0700, Steve Fatula wrote: > > dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied > > > The possibilities are: > > a) Start dovecot-lda so that the process belongs to extra group (e.g. > dovecot) and make the socket rw for that group. I don't know if Postfix > can do this for system users.. > > b) Use filesystem setgid bit for dovecot-lda > > c) Run via sudo > > The b) and c) are explained in wiki in the "multiple UIDs" section > (although for setuid-root rather than setgid-dovecot). Oh, and d) With v2.1 this works automatically From tss at iki.fi Tue Oct 18 17:57:23 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 17:57:23 +0300 Subject: [Dovecot] too many open files and v1.2 In-Reply-To: <201110061242.48615.mimo@gn.apc.org> References: <201110061242.48615.mimo@gn.apc.org> Message-ID: <1318949843.21919.114.camel@hurina> On Thu, 2011-10-06 at 12:42 +0100, Michael Moritz wrote: > Hi > > I've found an older thread http://www.dovecot.org/list/dovecot/2010-March/047886.html which mentions that this is a bug in version 1. I'm on Debian squeeze (1:1.2.15-7) and got errors like these recently > > Oct 5 11:29:29 mail dovecot: dovecot: pipe() failed: Too many open files > Oct 5 11:29:32 mail dovecot: dovecot: pipe() failed: Too many open files > Oct 5 11:29:32 mail dovecot: dovecot: Temporary failure in creating login processes, slowing down for now These errors come from the dovecot master process. Each child process uses up a few fds for pipes. > As a work around I've increased login_max_processes_count from 256 to 512 and it seems to have helped (as I suspected stale opened files). That only makes it easier to reach, since now there can be more child processes eating up more fds. > My colleague thinks it's hitting the kernel open file limit ulimit -n (currently at 1024) but I don't see how that could happen if the number of process is nowhere near that. I don't remember how many fds each process takes in v1.x, probably between 1 and 3. So if you for a while had hundreds of imap or pop3 processes, you could run into that limit. v2.x doesn't use as many fds. From joseba.torre at ehu.es Tue Oct 18 18:11:19 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Tue, 18 Oct 2011 17:11:19 +0200 Subject: [Dovecot] mail_location in LDAP and variables In-Reply-To: <1318949188.21919.106.camel@hurina> References: <201110171212.58602.joseba.torre@ehu.es> <1318949188.21919.106.camel@hurina> Message-ID: <201110181711.20074.joseba.torre@ehu.es> On Martes 18 Octubre 2011 16:46:28 Timo Sirainen escribi?: > On Mon, 2011-10-17 at 12:12 +0200, Joseba Torre wrote: > > Hi, > > > > Is it posible to use variables in mail_location when taken from ldap? > > How? I've tried > > > > mdbox:/buzones2/'%n'/mdbox > > mdbox:/buzones2/"%n"/mdbox > > mdbox:/buzones2/%n/mdbox > > > > but %n is never replaced by its value. > > Where exactly are you trying to use this? It should get expanded. As usual, it was me trying to be a lot more complicated than needed :) I was thinking about storing the mail_location in an standard way in ldap, so that everybody in LDAP has something like irisMailbox= mdbox:/buzones/%256Hn/%n/mdbox This doesn't work, but doesn't make much sense either. (It does if used in the generic mail_location, but not in a per user value) Now when I create a new account I calculate the mail_location and store that value in LDAP. So far so good. -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From dovecot-user at spambox.dk Tue Oct 18 18:32:19 2011 From: dovecot-user at spambox.dk (Henrik Larsson) Date: Tue, 18 Oct 2011 17:32:19 +0200 Subject: [Dovecot] "doveadm log reopen" don't reopen separate lmtp log Message-ID: <93f29aa4636f6565b3dbb264e789c1ef@larsson.as> I still see the issue below. Is there anyone running separate LMTP logging that could check if they experience the same issue? Best regards Henrik Larsson -------- Original Message -------- Subject: "doveadm log reopen" don't reopen separate lmtp log Date: Sun, 25 Sep 2011 00:23:49 +0200 From: Henrik Larsson To: dovecot at dovecot.org Dear all I have setup separate pop3/imap log "/var/log/dovecot" and lmtp delivery log "/var/log/dovecot-deliver". After rotating logfiles, i run "doveadm log reopen". I see that my pop3/imap log "/var/log/dovecot" is used straight away, but my lmpt log "/var/log/dovecot-deliver" isn't used at first. After some time, usually a few minutes, logs are being written to this file anyway. But if I compare this to my maillog, it misses some deliveries just after the log rotation. Is there any problems with this configuration that should be corrected? --cut-- # doveconf -n # 2.0.15: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.2-STABLE amd64 auth_mechanisms = plain login digest-md5 cram-md5 first_valid_uid = 125 hostname = mail.larsson.it listen = * log_path = /var/log/dovecot mail_plugins = fts fts_squat zlib mail_privileged_group = postfix mail_temp_dir = /var/db/dovecot managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date namespace { inbox = yes location = prefix = separator = . type = private } namespace { hidden = yes inbox = no list = no location = prefix = INBOX. separator = . type = private } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { fts = squat fts_squat = partial=4 full=10 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 lmtp sieve service auth-worker { user = $default_internal_user } service auth { unix_listener /home/mail/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service lmtp { executable = lmtp -L unix_listener /home/mail/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } ssl_cert = References: <93f29aa4636f6565b3dbb264e789c1ef@larsson.as> Message-ID: <74304A59-DA80-4B96-BEEB-3FCD88BF1C8B@iki.fi> The problem isn't lmtp itself, it's that you're using -L parameter, which causes LMTP processes to open the log files directly. The only way to reopen the log files is to restart those LMTP processes. "doveadm reload" should do it. On 18.10.2011, at 18.32, Henrik Larsson wrote: > I still see the issue below. Is there anyone running separate LMTP logging that could check if they experience the same issue? > > Best regards > Henrik Larsson > > > -------- Original Message -------- > Subject: "doveadm log reopen" don't reopen separate lmtp log > Date: Sun, 25 Sep 2011 00:23:49 +0200 > From: Henrik Larsson > To: dovecot at dovecot.org > > Dear all > > I have setup separate pop3/imap log "/var/log/dovecot" and lmtp delivery log "/var/log/dovecot-deliver". > > After rotating logfiles, i run "doveadm log reopen". I see that my pop3/imap log "/var/log/dovecot" is used straight away, but my lmpt log "/var/log/dovecot-deliver" isn't used at first. After some time, usually a few minutes, logs are being written to this file anyway. But if I compare this to my maillog, it misses some deliveries just after the log rotation. > > Is there any problems with this configuration that should be corrected? > > --cut-- > # doveconf -n > # 2.0.15: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 8.2-STABLE amd64 > auth_mechanisms = plain login digest-md5 cram-md5 > first_valid_uid = 125 > hostname = mail.larsson.it > listen = * > log_path = /var/log/dovecot > mail_plugins = fts fts_squat zlib > mail_privileged_group = postfix > mail_temp_dir = /var/db/dovecot > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date > namespace { > inbox = yes > location = > prefix = > separator = . > type = private > } > namespace { > hidden = yes > inbox = no > list = no > location = > prefix = INBOX. > separator = . > type = private > } > passdb { > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > fts = squat > fts_squat = partial=4 full=10 > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > protocols = imap pop3 lmtp sieve > service auth-worker { > user = $default_internal_user > } > service auth { > unix_listener /home/mail/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > } > service lmtp { > executable = lmtp -L > unix_listener /home/mail/postfix/private/dovecot-lmtp { > group = postfix > mode = 0660 > user = postfix > } > } > ssl_cert = ssl_key = userdb { > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocol lmtp { > log_path = /var/log/dovecot-deliver > mail_plugins = fts fts_squat zlib sieve > } > protocol lda { > mail_plugins = fts fts_squat zlib sieve > } > protocol imap { > mail_plugins = fts fts_squat zlib imap_zlib > } > --cut-- > > > Best regards > Henrik Larsson > From dovecot-user at spambox.dk Tue Oct 18 20:53:10 2011 From: dovecot-user at spambox.dk (Henrik Larsson) Date: Tue, 18 Oct 2011 19:53:10 +0200 Subject: [Dovecot] "doveadm log reopen" don't reopen separate lmtp log In-Reply-To: <74304A59-DA80-4B96-BEEB-3FCD88BF1C8B@iki.fi> References: <93f29aa4636f6565b3dbb264e789c1ef@larsson.as> <74304A59-DA80-4B96-BEEB-3FCD88BF1C8B@iki.fi> Message-ID: <4E9DBD06.6010408@spambox.dk> > The problem isn't lmtp itself, it's that you're using -L parameter, which causes LMTP processes to open the log files directly. Just to be sure, isn't this the only way to have a separate LMTP log files? > The only way to reopen the log files is to restart those LMTP processes. "doveadm reload" should do it. Thanks, I will try this. Best regards Henrik Larsson From tss at iki.fi Tue Oct 18 20:57:25 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Oct 2011 20:57:25 +0300 Subject: [Dovecot] "doveadm log reopen" don't reopen separate lmtp log In-Reply-To: <4E9DBD06.6010408@spambox.dk> References: <93f29aa4636f6565b3dbb264e789c1ef@larsson.as> <74304A59-DA80-4B96-BEEB-3FCD88BF1C8B@iki.fi> <4E9DBD06.6010408@spambox.dk> Message-ID: <80337D83-6707-41AF-8CBF-8869690BEA79@iki.fi> On 18.10.2011, at 20.53, Henrik Larsson wrote: > >> The problem isn't lmtp itself, it's that you're using -L parameter, which causes LMTP processes to open the log files directly. > Just to be sure, isn't this the only way to have a separate LMTP log files? Yes. But this isn't LMTP-specific in any way. It's the same as if you wanted separate IMAP or POP3 or whatever log files. The only special cases are programs that are executed directly instead of via dovecot master process (dovecot-lda, doveadm basically), because they always open the log files directly (and die once they're finished, so they don't have the rotation problem). Hmm. Actually you could probably set service_count=1 for lmtp service and it would get rotated soon enough, because the process would die after handling one LMTP connection. From pgnet.dev+rich-dovecot at gmail.com Wed Oct 19 05:17:02 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Tue, 18 Oct 2011 19:17:02 -0700 Subject: [Dovecot] 'doveadm quota get' dictionary SQL query ignores specified '@domain' part of username. bad config or bug? Message-ID: Hi, I'm setting up SQL quota usage in Dovecot2. I've created a MAILBOX parameter table, 'PARAMS', that contains unique @ pairs, with quota data. mysql> select * from PARAMS; +----+------------------------+------------+-------------+------------+ | ai | MAILBOX_user_domain | quota | quota_bytes | quota_msgs | +----+------------------------+------------+-------------+------------+ | 1 | myuser at domain1.com | 1073741824 | 0 | 0 | | 2 | myuser at domain2.com | 1000000000 | 0 | 0 | +----+------------------------+------------+-------------+------------+ 2 rows in set (0.00 sec) I've specified dict usage for quota, /etc/dovecot/dovecot.conf !include conf.d/*.conf protocols = imap lmtp dict { quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } created the maps, /etc/dovecot/dovecot-dict-sql.conf.ext connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user password=my_pass map { pattern = priv/quota/storage table = PARAMS username_field = MAILBOX_user_domain value_field = quota_bytes } map { pattern = priv/quota/messages table = PARAMS username_field = MAILBOX_user_domain value_field = quota_msgs } assigned the global values and backend, /etc/dovecot/conf.d/90-quota.conf plugin { quota = dict:User Quota::proxy::quota quota_rule = *:storage=1GB:messages=10000 quota_rule2 = Trash:storage=+10%% } and specified the user iteration query /etc/dovecot/sql/virtmail-userdb-sql.cf driver = mysql connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user password=my_pass user_query = CALL UserDBQuery('%n','%d'); iterate_query = SELECT `MAILBOX_user_domain` AS user FROM `PARAMS`; Verifying operation with with `doveadm`, I get a result from a !error query, doveadm quota get -u myuser at domain1.com Quota name Type Value Limit % User quota STORAGE 0 1048576 0 User quota MESSAGE 0 10000 0 doveadm quota get -u myuser at domain2.com Quota name Type Value Limit % User quota STORAGE 0 1048576 0 User quota MESSAGE 0 10000 0 But notice that there's no specificity by *domain*. Despite being provided the full @, matched to the map, username_field = MAILBOX_user_domain the Dovecot dict query seems to ignore the part, and simply matches on the first of the tow identical parts. Specifying "-A" doesn't help, doveadm quota get -A Username Quota name Type Value Limit % myuser at domain1.com User quota STORAGE 0 1048576 0 myuser at domain1.com User quota MESSAGE 0 10000 0 myuser at domain2.com User quota STORAGE 0 1048576 0 myuser at domain2.com User quota MESSAGE 0 10000 0 What needs to be done to get domain-specificity in the 'doveadm quota get' query? Is my configuration off, or incomplete, or is this a bug? Thanks, Rich From jk at jkart.de Wed Oct 19 17:12:17 2011 From: jk at jkart.de (Jim Knuth) Date: Wed, 19 Oct 2011 16:12:17 +0200 Subject: [Dovecot] xi.rename-it.nl down? Message-ID: <4E9EDAC1.4000602@jkart.de> Hello, is http://xi.rename-it.nl down? Apticron shows me permanently errors. -- Mit freundlichen Gr??en, with kind regards, Jim Knuth --------- Wenn ein wirklich gro?er Geist in der Welt erscheint, kann man ihn untr?glich daran erkennen, da? sich alle Dummk?pfe gegen ihn verb?nden. (Jonathan Swift) From pgnet.dev+rich-dovecot at gmail.com Wed Oct 19 17:41:35 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Wed, 19 Oct 2011 07:41:35 -0700 Subject: [Dovecot] 'doveadm quota get' dictionary SQL query ignores specified '@domain' part of username. bad config or bug? In-Reply-To: References: Message-ID: I've made some progress, but quota 'Limit' is still not fully functioning for me. A couple of changes have helped: Specifying a "%u% as username format, /etc/dovecot/conf.d/90-quota.conf plugin { - quota = dict:User Quota::proxy::quota + quota = dict:User Quota:%u:proxy::quota quota_rule = *:bytes=1073741824:messages=10000 quota_rule2 = Trash:storage=+10%% } using 'username' rather than 'user' in the user iteration query /etc/dovecot/sql/virtmail-userdb-sql.cf driver = mysql connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user password=my_pass user_query = CALL UserDBQuery('%n','%d'); - iterate_query = SELECT `MAILBOX_user_domain` AS user FROM `PARAMS`; + iterate_query = SELECT `MAILBOX_user_domain` AS username FROM `PARAMS`; and adding to my user_query, CREATE PROCEDURE `UserDBQuery`( ... SELECT ... concat('*:bytes=', quota_bytes, ':messages=10000') AS quota_rule, ... Now, at init, doveadm quota get -A Username Quota name Type Value Limit % myuser at domain1.com User quota STORAGE 0 0 0 myuser at domain1.com User quota MESSAGE 0 10000 0 myuser at domain2.com User quota STORAGE 0 0 0 myuser at domain2.com User quota MESSAGE 0 10000 0 mysql> select * from PARAMS; +----+------------------------+------------+-------------+ | ai | MAILBOX_user_domain | quota_bytes | quota_msgs | +----+------------------------+-------------+------------+ | 1 | myuser at domain1.com | 0 | 0 | | 2 | myuser at domain2.com | 0 | 0 | +----+------------------------+------------+-------------+ 2 rows in set (0.00 sec) and, after sending a single message to 'myuser at domain1.com', I do see that Dovecot now recognizes/calculates a quota change, and only for one domain, doveadm quota get -A Username Quota name Type Value Limit % myuser at domain1.com User quota STORAGE 3 3 100 myuser at domain1.com User quota MESSAGE 1 10000 0 myuser at domain2.com User quota STORAGE 0 0 0 myuser at domain2.com User quota MESSAGE 0 10000 0 mysql> select * from PARAMS; +----+------------------------+------------+-------------+ | ai | MAILBOX_user_domain | quota_bytes | quota_msgs | +----+------------------------+-------------+------------+ | 1 | myuser at domain1.com | 3269 | 1 | | 2 | myuser at domain2.com | 0 | 0 | +----+------------------------+------------+-------------+ 2 rows in set (0.00 sec) But, the Limit's wrong. It's not picking up the global Limit from /etc/dovecot/conf.d/90-quota.conf ... --> quota_rule = *:bytes=1073741824:messages=10000 ... and once a message quota Value is calculated, the Limit is set == Value, resulting in an incorrrect quota %-age of 100%. Is Limit supposed to be specified per-user? Rich From stephan at rename-it.nl Wed Oct 19 18:30:26 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 19 Oct 2011 17:30:26 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4E9EDAC1.4000602@jkart.de> References: <4E9EDAC1.4000602@jkart.de> Message-ID: <4E9EED12.8040409@rename-it.nl> Op 19-10-2011 16:12, Jim Knuth schreef: > Hello, > > is http://xi.rename-it.nl down? Apticron > shows me permanently errors. Yes. I noticed this yesterday. This is a recurring problem for some reason, probably some Xen-related issue. Every few months it just 'goes away' without any apparent reason. Unfortunately, I cannot restart the Xi myself at the moment and the person who can is currently involved in solving another IT calamity of a different magnitude. I think it can take up to a day for this system to come back online. Regards, Stephan. From pgnet.dev+rich-dovecot at gmail.com Wed Oct 19 18:54:33 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Wed, 19 Oct 2011 08:54:33 -0700 Subject: [Dovecot] Is '*:bytes=" quota specification the quota 'Value', or 'Limit'? Message-ID: Docs for quota configuration http://wiki2.dovecot.org/Quota/Configuration#Limit_configuration state that the 'bytes=' specification defines the quota **LIMIT** "bytes: Quota limit in bytes, 0 means unlimited" as used in plugin { ... quota_rule = *:bytes=10000000 ... BUT, documentation for quota dict http://wiki2.dovecot.org/Quota/Dict states "MySQL uses the following queries to update the quota" and provides an SQL example of Dovecot decrementing the 'bytes' value, "UPDATE table SET bytes=bytes-14433,messages=messages-2 ..." I'm working on a current problem (http://dovecot.org/list/dovecot/2011-October/061538.html) with 'doveadm' reporting mixing up quote Value & Limit. Question: Is 'bytes' supposed to contain the Value, or the Limit? Rich From ghandidrivesahumvee at rocketfish.com Wed Oct 19 22:40:46 2011 From: ghandidrivesahumvee at rocketfish.com (ghandidrivesahumvee at rocketfish.com) Date: Wed, 19 Oct 2011 12:40:46 -0700 (GMT+7) Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 Message-ID: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> Hi list, I just recently installed Dovecot 2.0.15. Unfortunately, doveadm segfaults when I attempt to connect to the local dovecot instance. When this occurs, my logs show: 2011-10-19T12:31:23-07:00 mail02 dovecot: doveadm: Error: doveadm client not compatible with this server (mixed old and new binaries?) I am using the settings listed on the wiki page http://wiki2.dovecot.org/Director [root at mail02 ~]# /opt/dovecot/bin/doveadm who -a 10.10.5.220:544 Segmentation fault (core dumped) doveconf and gdb output are below. If there is any more information I can provide please let me know. Thanks! [root at mail02 ~]# /opt/dovecot/bin/doveconf -n # 2.0.15: /opt/dovecot-2.0.15/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-194.17.4.el5 x86_64 CentOS release 5.5 (Final) auth_mechanisms = plain login auth_verbose = yes auth_worker_max_count = 60 default_client_limit = 2048 disable_plaintext_auth = no doveadm_proxy_port = 544 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = 10.10.5.220, 127.0.0.1 lmtp_save_to_detail_mailbox = yes mail_fsync = always mail_log_prefix = "%r mpid=%p %s(%u): " mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = " notify mail_log" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mmap_disable = yes passdb { args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { mail_log_events = delete expunge mailbox_delete mail_log_fields = msgid box from mail_log_group_events = yes sieve = ~/MainSieve sieve_before = /storage03/sieve/before/ sieve_dir = ~/sieve sieve_max_actions = 32 sieve_max_redirects = 4 sieve_max_script_size = 2M } quota_full_tempfail = yes service anvil { client_limit = 2000 } service auth { client_limit = 7000 unix_listener /var/spool/postfix/private/auth { mode = 0600 user = postfix } unix_listener auth-userdb { group = mailowner mode = 0600 user = mailowner } } service doveadm { inet_listener { port = 544 } } service imap-login { inet_listener imap { port = 143 } process_min_avail = 4 service_count = 0 vsz_limit = 128 M } service imap {%0 From CMarcus at Media-Brokers.com Wed Oct 19 22:45:46 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 19 Oct 2011 15:45:46 -0400 Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> Message-ID: <4E9F28EA.8090200@Media-Brokers.com> On 2011-10-19 3:40 PM, ghandidrivesahumvee at rocketfish.com wrote: > I just recently installed Dovecot 2.0.15. Unfortunately, doveadm segfaults > when I attempt to connect to the local dovecot instance. When this occurs, > my logs show: > > 2011-10-19T12:31:23-07:00 mail02 dovecot: doveadm: Error: doveadm client > not compatible with this server (mixed old and new binaries?) I think the error message is pretty clear... You obviously still have an older version installed... How did you install 2.0.15? -- Best regards, Charles From stsiol at yahoo.co.uk Wed Oct 19 23:06:49 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Wed, 19 Oct 2011 21:06:49 +0100 (BST) Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> Message-ID: <1319054809.66277.YahooMailNeo@web27206.mail.ukl.yahoo.com> ----- Original Message ----- From: "ghandidrivesahumvee at rocketfish.com" To: dovecot at dovecot.org Cc: Sent: Wednesday, 19 October 2011, 22:40 Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 Hi list, I just recently installed Dovecot 2.0.15. Unfortunately, doveadm segfaults when I attempt to connect to the local dovecot instance. When this occurs, my logs show: 2011-10-19T12:31:23-07:00 mail02 dovecot: doveadm: Error: doveadm client not compatible with this server (mixed old and new binaries?) I am using the settings listed on the wiki page http://wiki2.dovecot.org/Director [root at mail02 ~]# /opt/dovecot/bin/doveadm who -a 10.10.5.220:544 Segmentation fault (core dumped) doveconf and gdb output are below. If there is any more information I can provide please let me know. Thanks! Which OS version ? Have you considered the possibility you had a previous version of dovecot installed from the distro, then installed v2.0.15 ? Just saying, s. ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From ghandidrivesahumvee at rocketfish.com Wed Oct 19 23:33:41 2011 From: ghandidrivesahumvee at rocketfish.com (ghandidrivesahumvee at rocketfish.com) Date: Wed, 19 Oct 2011 13:33:41 -0700 (GMT+7) Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: <4E9F28EA.8090200@Media-Brokers.com> References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> <4E9F28EA.8090200@Media-Brokers.com> Message-ID: > I think the error message is pretty clear... It is clear, but it is wrong. ./configure --prefix=/opt/dovecot-2.0.15 ; make ; make install in /opt dovecot is a symlink to dovecot-2.0.15 The binary in the source directory crashes too. [root at mail02 ~]# /usr/local/src/dovecot-2.0.15/src/doveadm/doveadm who -a 10.10.5.220:544 Segmentation fault (core dumped) > Which OS version ? CentOS 5.5 x86_64 > Have you considered the possibility you had a previous version of dovecot > installed from the distro, then installed v2.0.15 ? There is no install of dovecot from the distro. > On 2011-10-19 3:40 PM, ghandidrivesahumvee at rocketfish.com > wrote: >> I just recently installed Dovecot 2.0.15. Unfortunately, doveadm >> segfaults >> when I attempt to connect to the local dovecot instance. When this >> occurs, >> my logs show: >> >> 2011-10-19T12:31:23-07:00 mail02 dovecot: doveadm: Error: doveadm client >> not compatible with this server (mixed old and new binaries?) > > I think the error message is pretty clear... > > You obviously still have an older version installed... > > How did you install 2.0.15? > > -- > > Best regards, > > Charles > From user+dovecot at localhost.localdomain.org Wed Oct 19 23:41:57 2011 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Wed, 19 Oct 2011 22:41:57 +0200 Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> <4E9F28EA.8090200@Media-Brokers.com> Message-ID: <4E9F3615.10401@localhost.localdomain.org> On 10/19/2011 10:33 PM ghandidrivesahumvee at rocketfish.com wrote: > Segmentation fault (core dumped) Please use gdb to generate a backtrace from the dumped core file. (http://dovecot.org/bugreport.html) Regards, Pascal -- The trapper recommends today: defaced.1129222 at localdomain.org From ghandidrivesahumvee at rocketfish.com Wed Oct 19 23:49:55 2011 From: ghandidrivesahumvee at rocketfish.com (ghandidrivesahumvee at rocketfish.com) Date: Wed, 19 Oct 2011 13:49:55 -0700 (GMT+7) Subject: [Dovecot] doveadm segfaults on TCP connect - version 2.0.15 In-Reply-To: <4E9F3615.10401@localhost.localdomain.org> References: <3316c960405142bf1d81f1db2b350739.squirrel@webmail.islandemail.com> <4E9F28EA.8090200@Media-Brokers.com> <4E9F3615.10401@localhost.localdomain.org> Message-ID: <729faff30062e73d6274b1d5070e50e3.squirrel@webmail.islandemail.com> Looks like my mail client cut the original message short. Here is doveconf and gdb output [root at mail02 ~]# /opt/dovecot/bin/doveconf -n # 2.0.15: /opt/dovecot-2.0.15/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-194.17.4.el5 x86_64 CentOS release 5.5 (Final) auth_mechanisms = plain login auth_verbose = yes auth_worker_max_count = 60 default_client_limit = 2048 disable_plaintext_auth = no doveadm_proxy_port = 544 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = 10.10.5.220, 127.0.0.1 lmtp_save_to_detail_mailbox = yes mail_fsync = always mail_log_prefix = "%r mpid=%p %s(%u): " mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = " notify mail_log" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mmap_disable = yes passdb { args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { mail_log_events = delete expunge mailbox_delete mail_log_fields = msgid box from mail_log_group_events = yes sieve = ~/MainSieve sieve_before = /storage03/sieve/before/ sieve_dir = ~/sieve sieve_max_actions = 32 sieve_max_redirects = 4 sieve_max_script_size = 2M } quota_full_tempfail = yes service anvil { client_limit = 2000 } service auth { client_limit = 7000 unix_listener /var/spool/postfix/private/auth { mode = 0600 user = postfix } unix_listener auth-userdb { group = mailowner mode = 0600 user = mailowner } } service doveadm { inet_listener { port = 544 } } service imap-login { inet_listener imap { port = 143 } process_min_avail = 4 service_count = 0 vsz_limit = 128 M } service imap { process_limit = 3072 } service lmtp { inet_listener lmtp { port = 24 } vsz_limit = 2 G } service pop3-login { inet_listener pop3 { port = 110 } } service pop3 { process_limit = 3072 } syslog_facility = local3 userdb { args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } protocol imap { mail_max_userip_connections = 2000 } protocol lmtp { lmtp_save_to_detail_mailbox = yes mail_plugins = sieve } protocol pop3 { pop3_uidl_format = %08Xu%08Xv } [root at mail02 ~]# gdb /opt/dovecot/bin/doveadm ./core.14731 GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-23.el5_5.2) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /opt/dovecot-2.0.15/bin/doveadm...done. Reading symbols from /opt/dovecot-2.0.15/lib/dovecot/libdovecot-storage.so.0...done. Loaded symbols for /opt/dovecot-2.0.15/lib/dovecot/libdovecot-storage.so.0 Reading symbols from /lib64/libpam.so.0...(no debugging symbols found)...done. Loaded symbols for /lib64/libpam.so.0 Reading symbols from /usr/lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libgssapi_krb5.so.2 Reading symbols from /usr/lib64/libkrb5.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libkrb5.so.3 Reading symbols from /usr/lib64/libk5crypto.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libk5crypto.so.3 Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libcom_err.so.2 Reading symbols from /usr/lib64/mysql/libmysqlclient.so.15...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/mysql/libmysqlclient.so.15 Reading symbols from /usr/lib64/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libz.so.1 Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypt.so.1 Reading symbols from /lib64/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libnsl.so.1 Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libm.so.6 Reading symbols from /lib64/libssl.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libssl.so.6 Reading symbols from /lib64/libcrypto.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypto.so.6 Reading symbols from /opt/dovecot-2.0.15/lib/dovecot/libdovecot.so.0...done. Loaded symbols for /opt/dovecot-2.0.15/lib/dovecot/libdovecot.so.0 Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/librt.so.1 Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/libaudit.so.0...(no debugging symbols found)...done. Loaded symbols for /lib64/libaudit.so.0 Reading symbols from /usr/lib64/libkrb5support.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libkrb5support.so.0 Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libkeyutils.so.1 Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libresolv.so.2 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. Loaded symbols for /lib64/libpthread.so.0 Reading symbols from /lib64/libselinux.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libselinux.so.1 Reading symbols from /lib64/libsepol.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libsepol.so.1 Reading symbols from /opt/dovecot-2.0.15/lib/dovecot/lib15_notify_plugin.so...done. Loaded symbols for /opt/dovecot-2.0.15/lib/dovecot/lib15_notify_plugin.so Reading symbols from /opt/dovecot-2.0.15/lib/dovecot/lib20_mail_log_plugin.so...done. Loaded symbols for /opt/dovecot-2.0.15/lib/dovecot/lib20_mail_log_plugin.so Core was generated by `/opt/dovecot/bin/doveadm who -a 172.16.5.234:544'. Program terminated with signal 11, Segmentation fault. #0 0x0000003a6be349fa in ____strtoull_l_internal () from /lib64/libc.so.6 (gdb) bt full #0 0x0000003a6be349fa in ____strtoull_l_internal () from /lib64/libc.so.6 No symbol table info available. #1 0x00000000004170f9 in who_parse_line (ctx=0x7fff05cb2990, callback=0x4175e0 ) at /usr/include/stdlib.h:342 ident = 0x14149980 "-" p = 0x1
#2 who_lookup (ctx=0x7fff05cb2990, callback=0x4175e0 ) at doveadm-who.c:152 who_line = {username = 0x0, service = 0x0, ip = {family = 0, u = {ip6 = {in6_u = {u6_addr8 = '\000' , u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, pid = 0, refcount = 0} _data_stack_cur_id = 2 input = 0x1415efb0 line = fd = #3 0x0000000000417349 in cmd_who (argc=3, argv=0x141494d8) at doveadm-who.c:298 ctx = {anvil_path = 0x14149518 "172.16.5.234:544", filter = {username = 0x0, net_ip = {family = 0, u = {ip6 = {in6_u = {u6_addr8 = '\000' , u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, net_bits = 0}, pool = 0x1415b000, users = 0x1415d7f0} separate_connections = false c = #4 0x000000000040f9e3 in doveadm_try_run (argc=3, argv=0x141494d8) at doveadm.c:192 cmd = 0x14158e90 cmd_name_len = 3 __FUNCTION__ = "doveadm_try_run" #5 main (argc=3, argv=0x141494d8) at doveadm.c:346 cmd_name = 0x14149511 "who" quick_init = false c = (gdb) From paixaop at gmail.com Thu Oct 20 04:17:14 2011 From: paixaop at gmail.com (Pedro Paixao) Date: Wed, 19 Oct 2011 21:17:14 -0400 Subject: [Dovecot] Proxy and Virtual IMAP Folders Message-ID: Hi all I am a newbie to dovecot and I would like some help clarifying a feature to determine if I can use it in my project. Is is posible to use the virtual plugin, in a IMAP proxy configuration, in a way that the virtual plugin searches messages on the real server? Here's my scenario: [Client]----[Dovecot Proxy]-----[Real Imap Server] Client connects to Dovecot Proxy and gets all the folders that are on the Real Imap Server, plus some virtual ones (generated by Dovecot Proxy) that search for messages on the real server. In my config the Dovecot Proxy has no email messages, real folders, or local delivery. I would like to thank you in advance for ant help and support. All the best Pedro From kafriki at hotmail.com Thu Oct 20 06:31:34 2011 From: kafriki at hotmail.com (Jumping Mouse) Date: Wed, 19 Oct 2011 23:31:34 -0400 Subject: [Dovecot] imap proxy for Gmail Message-ID: Hello, b I have a situation were I want to be able to give teachers access to their Google apps for education email through Squirrelmail. The network that they are on blocks gmail. ?? I am able to get Squirrelmail to communicate with Gmail via imap.? I am looking at getting persistant imap connections to improve the user experience.? I have looked at IMAPPROXY? but this application is not compatible with the gmail?imaps (ssl-encrypted imap over port 993).?? I recall reading somewhere that Dovecot has a built in imapproxy that could be used for this.? Can someone please point me to documentation or other information on how I might achieve the above stated goal? Thanks,? Kafriki From mark.zealey at webfusion.com Thu Oct 20 12:38:42 2011 From: mark.zealey at webfusion.com (Mark Zealey) Date: Thu, 20 Oct 2011 12:38:42 +0300 Subject: [Dovecot] Port variable in LMTP userdb lookups? Message-ID: <4E9FEC22.8060105@webfusion.com> Hi all, I'm currently changing some systems to use the redirector service, which means that to get local deliveries going I need to get lmtp set up so it can be redirected as well. This is working fine, however we have a number of different ports running on our servers depending on which brand a customer is using. When the time comes to do the user look up, we use (port, user, domain) to do a unique database lookup which works fine for everything (proxied pop, imap, lmtp & straight pop, imap) but not straight lmtp - perhaps because it doesn't have a 2-stage login process unlike the pop/imap protocols. Looking at the SQL query we are issuing, the %a port variable is set to 0 even though the connection is coming in from TCP. Is there a way to change this? We are running dovecot 2.0.12 however looking through the changelogs I can't see this would be fixed in the newest version. Thanks, Mark From wgillespie+dovecot at es2eng.com Thu Oct 20 12:45:26 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Thu, 20 Oct 2011 03:45:26 -0600 Subject: [Dovecot] imap proxy for Gmail In-Reply-To: References: Message-ID: <4E9FEDB6.1070809@es2eng.com> On 10/19/2011 9:31 PM, Jumping Mouse wrote: > I have a situation were I want to be able to give teachers access to their Google apps for education email through Squirrelmail. The network that they are on blocks gmail. I am able to get Squirrelmail to communicate with Gmail via imap. I am looking at getting persistant imap connections to improve the user experience. I have looked at IMAPPROXY but this application is not compatible with the gmail imaps (ssl-encrypted imap over port 993). I recall reading somewhere that Dovecot has a built in imapproxy that could be used for this. > > Can someone please point me to documentation or other information on how I might achieve the above stated goal? You are probably thinking of the "imapc" backend for Dovecot. Not sure if it gives the persistent connections you are looking for or not since I've never used it. From mimo at gn.apc.org Thu Oct 20 16:13:33 2011 From: mimo at gn.apc.org (Michael Moritz) Date: Thu, 20 Oct 2011 14:13:33 +0100 Subject: [Dovecot] too many open files and v1.2 In-Reply-To: <1318949843.21919.114.camel@hurina> References: <201110061242.48615.mimo@gn.apc.org> <1318949843.21919.114.camel@hurina> Message-ID: <201110201413.33386.mimo@gn.apc.org> Hi Timo thanks for your reply. I understand you're basically saying "upgrade to v2" but maybe this could be of interest for you. After we lowered the login_max_processes_count again the problem reappeared so I'm not sure whether that doesn't indicate a different problem. Regards, Michael On Tuesday 18 October 2011 15:57:23 Timo Sirainen wrote: > On Thu, 2011-10-06 at 12:42 +0100, Michael Moritz wrote: > > Hi > > > > I've found an older thread http://www.dovecot.org/list/dovecot/2010-March/047886.html which mentions that this is a bug in version 1. I'm on Debian squeeze (1:1.2.15-7) and got errors like these recently > > > > Oct 5 11:29:29 mail dovecot: dovecot: pipe() failed: Too many open files > > Oct 5 11:29:32 mail dovecot: dovecot: pipe() failed: Too many open files > > Oct 5 11:29:32 mail dovecot: dovecot: Temporary failure in creating login processes, slowing down for now > > These errors come from the dovecot master process. Each child process > uses up a few fds for pipes. > > > As a work around I've increased login_max_processes_count from 256 to 512 and it seems to have helped (as I suspected stale opened files). > > That only makes it easier to reach, since now there can be more child > processes eating up more fds. > > > My colleague thinks it's hitting the kernel open file limit ulimit -n (currently at 1024) but I don't see how that could happen if the number of process is nowhere near that. > > I don't remember how many fds each process takes in v1.x, probably > between 1 and 3. So if you for a while had hundreds of imap or pop3 > processes, you could run into that limit. > > v2.x doesn't use as many fds. > > From npetronikolos at condito.gr Wed Oct 19 12:54:06 2011 From: npetronikolos at condito.gr (Nikolaos Petronikolos) Date: Wed, 19 Oct 2011 02:54:06 -0700 (PDT) Subject: [Dovecot] can not receive email upgrading from ubuntu 11.4 to 11.10 Message-ID: <32681149.post@talk.nabble.com> Dear all, I have the following error when i am sending an email to my email server postfix + dovecot. #5.3.0 x-unix; /usr/lib/dovecot/deliver: invalid option -- 'n' Usage: dovecot-lda [-c ] [-a
] [-d ] [-p ] [-f ] [-m ] [-e] [-k]> #SMTP# The problem occurred after i upgraded my server from ubuntu 11.4 to 11.10. i kindly ask you if you can help me thank you in advance for your kind attention. -- View this message in context: http://old.nabble.com/can-not-receive-email-upgrading-from-ubuntu-11.4-to-11.10-tp32681149p32681149.html Sent from the Dovecot mailing list archive at Nabble.com. From dswartz at druber.com Thu Oct 20 18:01:29 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Thu, 20 Oct 2011 11:01:29 -0400 Subject: [Dovecot] Expire plugin not executing for sieve plugin? Message-ID: <4EA037C9.3040209@druber.com> Running dovecot 1.2.12 on ubuntu 10.10. Here is the problem: I have mysql backend for expire. I am using the dovecot-postfix package which creates /etc/dovecot/conf.d/01-mail-stack-delivery.conf which looks like this: # Some general options protocols = imap imaps managesieve disable_plaintext_auth = no ssl = yes ssl_cert_file = /etc/ssl/certs/ssl-mail.pem ssl_key_file = /etc/ssl/private/ssl-mail.key ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM mail_location = maildir:~/Maildir auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ # IMAP configuration protocol imap { mail_max_userip_connections = 10 imap_client_workarounds = outlook-idle delay-newmail mail_plugins = expire } # LDA configuration protocol lda { postmaster_address = postmaster mail_plugins = sieve expire quota_full_tempfail = yes deliver_log_format = msgid=%m: %$ rejection_reason = Your message to <%t> was automatically rejected:%n%r } # Plugins configuration plugin { sieve=~/.dovecot.sieve sieve_dir=~/sieve # If the user has no personal active script (i.e. if the file # indicated in sieve= does not exist), use this one: sieve_global_path = /var/lib/dovecot/sieve/default.sieve } The sieve is: require "fileinto"; require "imap4flags"; if header :contains "X-Spam-Flag" "YES" { setflag "\\Seen"; fileinto "SPAM"; stop; } Originally, this did not have the setflag or stop - I added them hoping to fix the problem, but no luck. The problem is this: when spam assassin has flagged a message as spam, the sieve runs and the message is in fact filed into the SPAM folder, but no expire entry is added to the database. If I move such a message from the SPAM folder to the Inbox and then back to SPAM, voila, I *do* get the entry created. Here is the mysql table before and after I did the move/move: mysql> select * from expires; +----------+---------------+--------------+ | username | mailbox | expire_stamp | +----------+---------------+--------------+ | dswartz | Deleted Items | 1319720163 | | dswartz | Sent | 1319120165 | | denise | Trash | 1319139920 | | samantha | Trash | 1319136146 | | denise | Sent | 1319655872 | | danielle | Sent | 1319192230 | | samantha | Sent | 1319268855 | | dswartz | Trash | 1319725884 | | samantha | SPAM | 1321504531 | +----------+---------------+--------------+ 9 rows in set (0.00 sec) mysql> select * from expires; +----------+---------------+--------------+ | username | mailbox | expire_stamp | +----------+---------------+--------------+ | dswartz | Deleted Items | 1319720163 | | dswartz | Sent | 1319120165 | | denise | Trash | 1319139920 | | samantha | Trash | 1319136146 | | denise | Sent | 1319655872 | | danielle | Sent | 1319192230 | | samantha | Sent | 1319268855 | | dswartz | Trash | 1319725884 | | samantha | SPAM | 1321504531 | | dswartz | SPAM | 1321714666 | +----------+---------------+--------------+ 10 rows in set (0.00 sec) It's almost like the fileinto stuff is not running the plugin code at all, or am I totally on drugs? If I can't get a fix for this, I at least now can think of a hack to "fix" it. e.g. every night, run a script that adds a "now" timestamp for everyone's SPAM folder to trick the periodic expire tool code into checking that folder, but obviously I'd rather have a real fix :) If this is just 'how it works', is it better in 2.0? From james.page at ubuntu.com Thu Oct 20 18:31:28 2011 From: james.page at ubuntu.com (James Page) Date: Thu, 20 Oct 2011 16:31:28 +0100 Subject: [Dovecot] can not receive email upgrading from ubuntu 11.4 to 11.10 In-Reply-To: <32681149.post@talk.nabble.com> References: <32681149.post@talk.nabble.com> Message-ID: <4EA03ED0.4080400@ubuntu.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Nikolaos On 19/10/11 10:54, Nikolaos Petronikolos wrote: > #5.3.0 x-unix; /usr/lib/dovecot/deliver: invalid option -- 'n' > Usage: dovecot-lda [-c ] [-a
] [-d > ] [-p ] [-f ] [-m ] [-e] > [-k]> #SMTP# > > The problem occurred after i upgraded my server from ubuntu 11.4 to > 11.10. 11.10 upgrades dovecot from 1.2.x to 2.0.x; as a result the -n flag is no longer accepted by dovecot-lda; You can fix this by removing the -n flag from the postfix configuration; sudo postconf -e "mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-mail-stack-delivery.conf -m \"\${EXTENSION}\"" This is a bug in the Ubuntu packaging; it would be great if you could raise a bug in Ubuntu as well (I'll probably work on a stable release update for this one): https://bugs.launchpad.net/ubuntu/+source/dovecot/+filebug Cheers James - -- James Page Ubuntu Core Developer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJOoD7QAAoJEL/srsug59jDHUcQAJfL4jU+wNMK22kYOCKsTRkr eHBUZ0IQ1Yv2IscqRpW8WaAAg6r7tufMoodI/MY1N4w2FHfwJAAMiCfU/8gTyfHD /FxwVH5Phk+InEYDEc7YMCdgTwh936yiOKkQjz65aGO3kUIg42QSNHOBq30L4VV7 b4cnwIlwALjA/8U2HrZr6XHBwZ9YoyxoLY3m6R9MCcCNpEEUUh1tH4i2FuZYFHmJ CokbWA2XHJCli4yZ5d+1JM3D0u/Sg2w1bczT3kkIE8HhGgOpCidbYRrOKTrHrFOl 0GKvHQkxvosqfLt8rdrjJlhNlGjPdRdu22vsMy43rS80knN70ltyTH3K5kiW2q6/ skqQjwgZ4y41sqsKq8WnuYuSfeH2TSrglzSXQ2W8vOOAJArqwLLst5E3+Ift3Pig 0BhNlSyQyWhdE4TE9zbGnUPK8GLXLU82LcTegpz6d3mxAcCs7+SnNiYPnRrNxTA1 YqqBdcAfCMeS5B3w5ZQRQDvKOIZOPqyIeZPX2g5bOM4ngDnZoJfIOf6RkBX/DPVw UCgU1AjWWHtrcTby7h4s3xX+EaPUpEFj8eg30GW5exsSMM6ASuU+HtQpO3rEobDB uG9AvHahf6Y9fAuSdxjcHQg6xyWDEYNaW3MNZauaD92IvaTP2uTyQvopk3ahyOWK 7lpTV7qZ776fNbK5OYrX =W3fO -----END PGP SIGNATURE----- From dswartz at druber.com Thu Oct 20 18:32:44 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Thu, 20 Oct 2011 11:32:44 -0400 Subject: [Dovecot] Expire plugin not executing for sieve plugin? Message-ID: <4EA03F1C.5010500@druber.com> Running dovecot 1.2.12 on ubuntu 10.10. Here is the problem: I have mysql backend for expire. I am using the dovecot-postfix package which creates /etc/dovecot/conf.d/01-mail-stack-delivery.conf which looks like this: # Some general options protocols = imap imaps managesieve disable_plaintext_auth = no ssl = yes ssl_cert_file = /etc/ssl/certs/ssl-mail.pem ssl_key_file = /etc/ssl/private/ssl-mail.key ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM mail_location = maildir:~/Maildir auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ # IMAP configuration protocol imap { mail_max_userip_connections = 10 imap_client_workarounds = outlook-idle delay-newmail mail_plugins = expire } # LDA configuration protocol lda { postmaster_address = postmaster mail_plugins = sieve expire quota_full_tempfail = yes deliver_log_format = msgid=%m: %$ rejection_reason = Your message to <%t> was automatically rejected:%n%r } # Plugins configuration plugin { sieve=~/.dovecot.sieve sieve_dir=~/sieve # If the user has no personal active script (i.e. if the file # indicated in sieve= does not exist), use this one: sieve_global_path = /var/lib/dovecot/sieve/default.sieve } The sieve is: require "fileinto"; require "imap4flags"; if header :contains "X-Spam-Flag" "YES" { setflag "\\Seen"; fileinto "SPAM"; stop; } Originally, this did not have the setflag or stop - I added them hoping to fix the problem, but no luck. The problem is this: when spam assassin has flagged a message as spam, the sieve runs and the message is in fact filed into the SPAM folder, but no expire entry is added to the database. If I move such a message from the SPAM folder to the Inbox and then back to SPAM, voila, I *do* get the entry created. Here is the mysql table before and after I did the move/move: mysql> select * from expires; +----------+---------------+--------------+ | username | mailbox | expire_stamp | +----------+---------------+--------------+ | dswartz | Deleted Items | 1319720163 | | dswartz | Sent | 1319120165 | | denise | Trash | 1319139920 | | samantha | Trash | 1319136146 | | denise | Sent | 1319655872 | | danielle | Sent | 1319192230 | | samantha | Sent | 1319268855 | | dswartz | Trash | 1319725884 | | samantha | SPAM | 1321504531 | +----------+---------------+--------------+ 9 rows in set (0.00 sec) mysql> select * from expires; +----------+---------------+--------------+ | username | mailbox | expire_stamp | +----------+---------------+--------------+ | dswartz | Deleted Items | 1319720163 | | dswartz | Sent | 1319120165 | | denise | Trash | 1319139920 | | samantha | Trash | 1319136146 | | denise | Sent | 1319655872 | | danielle | Sent | 1319192230 | | samantha | Sent | 1319268855 | | dswartz | Trash | 1319725884 | | samantha | SPAM | 1321504531 | | dswartz | SPAM | 1321714666 | +----------+---------------+--------------+ 10 rows in set (0.00 sec) It's almost like the fileinto stuff is not running the plugin code at all, or am I totally on drugs? If I can't get a fix for this, I at least now can think of a hack to "fix" it. e.g. every night, run a script that adds a "now" timestamp for everyone's SPAM folder to trick the periodic expire tool code into checking that folder, but obviously I'd rather have a real fix :) If this is just 'how it works', is it better in 2.0? From simon.brereton at buongiorno.com Thu Oct 20 23:24:43 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Thu, 20 Oct 2011 16:24:43 -0400 Subject: [Dovecot] Auth Worker failures In-Reply-To: <1318948640.21919.103.camel@hurina> References: <1318948640.21919.103.camel@hurina> Message-ID: On 18 October 2011 10:37, Timo Sirainen wrote: > On Wed, 2011-10-12 at 10:24 -0400, Simon Brereton wrote: >> >> >> Of all the accounts on the box, it's only mine that throws this up. >> Since its LIP is localhost, it could really only be for webmail - but >> I don't always leave the webmail open, so I'm curious to know how this >> gets there and what it is. >> >> Any suggestions? ?I find it difficult to believe I have an IMAP >> process in a script somewhere (especially with my user account - the >> postmaster account, I could believe, but not with my personal one).. >> > You could enable auth_debug_passwords=yes and see what password it > tries. The first day I did this, I forgot to restart dovecot. Doh. This morning I had: Oct 20 06:25:14 mail dovecot: auth(default): client in: AUTH#0112#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50683#011resp=--alsoremoved--== Oct 20 06:25:14 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:25:14 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): Password mismatch Oct 20 06:25:14 mail dovecot: auth-worker(default): md5_verify(simon at example.net): Not a valid MD5-CRYPT or PLAIN-MD5 password Oct 20 06:25:14 mail dovecot: auth-worker(default): smd5_verify(simon at example.net): SMD5 password too short Oct 20 06:25:14 mail dovecot: auth-worker(default): ssha_verify(simon at example.net): SSHA password too short Oct 20 06:25:14 mail dovecot: auth-worker(default): ssha256_verify(simon at example.net): SSHA256 password too short Oct 20 06:25:14 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:14 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:14 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): CRYPT() != 'RaNDomsTRinG' Oct 20 06:25:16 mail dovecot: auth(default): client out: FAIL#0112#011user=simon at example.net Oct 20 06:25:26 mail dovecot: auth(default): client in: AUTH#0113#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50683#011resp=--truncated-- Oct 20 06:25:26 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:25:26 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): Password mismatch Oct 20 06:25:26 mail dovecot: auth-worker(default): md5_verify(simon at example.net): Not a valid MD5-CRYPT or PLAIN-MD5 password Oct 20 06:25:26 mail dovecot: auth-worker(default): smd5_verify(simon at example.net): SMD5 password too short Oct 20 06:25:26 mail dovecot: auth-worker(default): ssha_verify(simon at example.net): SSHA password too short Oct 20 06:25:26 mail dovecot: auth-worker(default): ssha256_verify(simon at example.net): SSHA256 password too short Oct 20 06:25:26 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:26 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:26 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): CRYPT() != 'RaNDomsTRinG' Oct 20 06:25:28 mail dovecot: auth(default): client out: FAIL#0113#011user=simon at example.net Oct 20 06:25:43 mail dovecot: auth(default): client in: AUTH#0114#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50683#011resp=--alsoremoved--== Oct 20 06:25:43 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:25:43 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): Password mismatch Oct 20 06:25:43 mail dovecot: auth-worker(default): md5_verify(simon at example.net): Not a valid MD5-CRYPT or PLAIN-MD5 password Oct 20 06:25:43 mail dovecot: auth-worker(default): smd5_verify(simon at example.net): SMD5 password too short Oct 20 06:25:43 mail dovecot: auth-worker(default): ssha_verify(simon at example.net): SSHA password too short Oct 20 06:25:43 mail dovecot: auth-worker(default): ssha256_verify(simon at example.net): SSHA256 password too short Oct 20 06:25:43 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:43 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:43 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): CRYPT() != 'RaNDomsTRinG' Oct 20 06:25:45 mail dovecot: auth(default): client out: FAIL#0114#011user=simon at example.net Oct 20 06:26:05 mail dovecot: imap-login: Disconnected (auth failed, 4 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Oct 20 06:26:15 mail dovecot: IMAP(simon at example.net): Disconnected: Logged out bytes=8/334 Oct 20 06:26:15 mail dovecot: IMAP(simon at example.net): Disconnected: Logged out bytes=21/393 Oct 20 06:26:16 mail dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50696#011resp=--removed--== Oct 20 06:26:16 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:26:16 mail dovecot: auth(default): client out: OK#0111#011user=simon at example.net Oct 20 06:26:16 mail dovecot: auth(default): master in: REQUEST#0111712#01119179#0111 Oct 20 06:26:16 mail dovecot: auth(default): prefetch(simon at example.net,127.0.0.1): success Oct 20 06:26:16 mail dovecot: auth(default): master out: USER#0111712#011simon at example.net#011home=/var/spool/mail/virtual/example.net/simon/#011uid=999#011gid=115 Oct 20 06:26:16 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Oct 20 06:26:16 mail dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50697#011resp=--removed--== Oct 20 06:26:16 mail dovecot: auth-worker(default): sql(simon at example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='simon at example.net' AND active = '1'; Oct 20 06:26:16 mail dovecot: auth(default): client out: OK#0111#011user=simon at example.net Oct 20 06:26:16 mail dovecot: auth(default): master in: REQUEST#0111713#01119228#0111 Oct 20 06:26:16 mail dovecot: auth(default): prefetch(simon at example.net,127.0.0.1): success Oct 20 06:26:16 mail dovecot: auth(default): master out: USER#0111713#011simon at example.net#011home=/var/spool/mail/virtual/example.net/simon/#011uid=999#011gid=115 Oct 20 06:26:16 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Note, the RaNDomsTRinG is what I believe is my encrypted password. the other strings (removed, alsoremoved and truncated) were all variations on a string (which looks like an MD5 hash string to me). I'm still sure this is the webmail trying to log in though.. >From the Horde log: mail:~# grep "2011-10-20T06:" /var/log/horde/horde4.log 2011-10-20T06:25:16+00:00 ERR: HORDE4 [imp] IMAP server denied authentication. [pid 19222 on line 340 of "/usr/share/horde4/imp/lib/Imap.php"] 2011-10-20T06:25:16+00:00 INFO: HORDE4 [imp] FAILED LOGIN for simon at lydiard.net (Horde user simon at lydiard.net) [] to {localhost:143 [imap]} [pid 19222 on line 176 of "/usr/share/horde4/imp/lib/Auth.php"] But that only shows one attempt. Dovecot is complaining about 4. I'm not overly concerned, but I'm concerned that this will impact as we scale up on users. Simon From jackfredrikson at yahoo.com Fri Oct 21 01:28:31 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Thu, 20 Oct 2011 15:28:31 -0700 (PDT) Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening Message-ID: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> Hi; I'm new to Dovecot and Postfix. I'm trying to enable these with MySQL support and postfixadmin. I've got all those services up and running (finally!); however, I can't figure out if the emails are being received and/or stored. I'm pretty sure Postfix is receiving them because I dealt with certain errors and they're now gone. Here's some data: Dovecot ver. 0.91 [root at example postfix]# /sbin/service dovecot -n doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: imap_client_workarounds=outlook-idle is no longer necessary doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:21: passdb sql {} has been replaced by passdb { driver=sql } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:24: userdb sql {} has been replaced by userdb { driver=sql } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:27: userdb prefetch {} has been replaced by userdb { driver=prefetch } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:29: auth_user has been replaced by service auth { user } Usage: /etc/init.d/dovecot {start|stop|reload|restart|force-reload} tail /var/log/maillog Oct 20 10:13:59 example postfix/smtpd[28141]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30178 exit status 1 Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30179 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28458]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30180 exit status 1 Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30181 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28483]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/smtpd[28460]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30182 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28455]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30183 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28484]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30184 exit status 1 Oct 20 10:13:59 example postfix/smtpd[29917]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30185 exit status 1 Oct 20 10:13:59 example postfix/smtpd[29953]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30186 exit status 1 Oct 20 10:13:59 example postfix/smtpd[28485]: warning: problem talking to service rewrite: Success Oct 20 10:13:59 example postfix/master[4000]: warning: process /usr/libexec/postfix/trivial-rewrite pid 30187 exit status 1 Oct 20 10:14:15 example postfix/smtpd[30152]: connect from unknown[66.248.165.32] Oct 20 10:14:15 example postfix/smtpd[30152]: lost connection after EHLO from unknown[66.248.165.32] Oct 20 10:14:15 example postfix/smtpd[30152]: disconnect from unknown[66.248.165.32] I also get this in there: Oct 20 10:13:15 example postfix/smtpd[30152]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Oct 20 10:13:15 example postfix/smtpd[30152]: cannot load Certificate Authority data: disabling TLS support Oct 20 10:13:15 example postfix/smtpd[30152]: warning: TLS library problem: 30152:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('/etc/pki/tls/c erts/cert.pem','r'): Oct 20 10:13:15 example postfix/smtpd[30152]: warning: TLS library problem: 30152:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125: Oct 20 10:13:15 example postfix/smtpd[30152]: warning: TLS library problem: 30152:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:279: Oct 20 10:13:15 example postfix/smtpd[30152]: connect from unknown[66.248.165.32] Oct 20 10:13:15 example postfix/smtpd[30152]: lost connection after EHLO from unknown[66.248.165.32] Oct 20 10:13:15 example postfix/smtpd[30152]: disconnect from unknown[66.248.165.32] Oct 20 10:13:57 example postfix/proxymap[28446]: warning: mysql query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version f or the right syntax to use near '??gifteatszone.com??? AND active = 1' at line 1 Oct 20 10:13:57 example postfix/trivial-rewrite[30154]: fatal: proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem Oct 20 10:13:57 example postfix/trivial-rewrite[30155]: fatal: proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem Oct 20 10:13:57 example postfix/proxymap[28444]: warning: mysql query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version f or the right syntax to use near '??awakelunch.info??? AND active = 1' at line 1 I reckon the failing of mysql inquiries just has to do with hackers trying to hack me. The TLS problem isn't mission-critical since it's just getting disabled. ?[root at example jack]# ps wax|grep dovecot 20223 ???????? Ss???? 0:00 /usr/local/sbin/dovecot 20224 ???????? S????? 0:00 dovecot/anvil 20225 ???????? S????? 0:00 dovecot/log 31832 ???????? S????? 0:00 dovecot/config 31833 ???????? S????? 0:00 dovecot/auth 31836 pts/2??? S+???? 0:00 grep dovecot [root at example jack]# ps wax|grep postfix ?4000 ???????? Ss???? 0:01 /usr/libexec/postfix/master 31839 pts/2??? S+???? 0:00 grep postfix [root at example jack]# ps wax|grep postfixadmin 31842 pts/2??? S+???? 0:00 grep postfixadmin [root at example jack]# ps wax|grep saslauthd 16337 ???????? Ss???? 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2 16338 ???????? S????? 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2 25718 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 25719 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 25720 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 25721 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 25722 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam 32052 pts/2??? S+???? 0:00 grep saslauthd I also tried this: First send a test mail to yourself (as your own non-root user): echo "Hello me" | mail -s "Dovecot test" $USER Now, find where the mail went. Here's a simple script which checks the most common locations: for mbox in /var/mail/$USER /var/spool/mail/$USER ~/mbox ~/mail/* ~/*; do ? grep -q "Dovecot test" $mbox && echo "mbox: $mbox" done grep -q "Dovecot test" ~/Maildir/new/* 2>/dev/null && echo "Maildir: ~/Maildir" and the mail was not found. This from my dovecot.conf file: mail_location = maildir:/var/vmail/%d/%u #but there's nothing there. ... auth default { # Having "login" also as a mechanism make sure outlook can use the auth smtpd as well # http://wiki.dovecot.org/Authentication/Mechanisms ? mechanisms = plain login ? passdb sql { ??? args = /usr/local/etc/dovecot/sql.conf ? } ? userdb sql { ??? args = /usr/local/etc/dovecot/sql.conf ? } ? userdb prefetch { ? } ? user = nobody ? socket listen { ??? master { ????? path = /var/run/dovecot/auth-master ????? mode = 0660 ????? user = vmail ????? group = mail ??? } ??? client { ????? path = /var/spool/postfix/private/auth ????? mode = 0660 ????? user = postfix ????? group = mail ??? } ? } } Telnetting to port 25 brings up Postfix, to port 110 brings up Dovecot TIA,Jack From jos at webrz.net Fri Oct 21 01:49:41 2011 From: jos at webrz.net (Jos Chrispijn) Date: Fri, 21 Oct 2011 00:49:41 +0200 Subject: [Dovecot] Email filters Message-ID: <4EA0A585.5020202@webrz.net> Can someone tell me how I can configure Dovecot to use message filters on incoming email? When I now activate my mail account on my mobile phone and Thunderbird (or any other mail client with message filters) is not online, I get a huge pile of email in my INBOX that I have to go thru, while 90% is not that interesting to read as they belong to Spam messages, newsletters etc. Thanks in advance Jos Chrispijn From simon.brereton at buongiorno.com Fri Oct 21 02:07:57 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Thu, 20 Oct 2011 19:07:57 -0400 Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> Message-ID: On 20 October 2011 18:28, Jack Fredrikson wrote: > Hi; > > I'm new to Dovecot and Postfix. > I'm trying to enable these with MySQL support and postfixadmin. I've > got all those services up and running (finally!); however, I can't > figure out if the emails are being received and/or stored. I'm pretty > sure Postfix is receiving them because I dealt with certain errors > and they're now gone. Here's some data: > > Dovecot ver. > 0.91 First, get a newer version of Dovecot. You don't say what OS you're working on, but I'm pretty sure it will support a newer version. > [root at example postfix]# /sbin/service dovecot > -n > doveconf: Warning: NOTE: You can get a new clean config file > with: doveconf -n > dovecot-new.conf > doveconf: Warning: > Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: > imap_client_workarounds=outlook-idle is no longer necessary > doveconf: > Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: > add auth_ prefix to all settings inside auth {} and remove the auth > {} section completely > doveconf: Warning: Obsolete setting in > /usr/local/etc/dovecot/dovecot.conf:21: passdb sql {} has been > replaced by passdb { driver=sql } > doveconf: Warning: Obsolete > setting in /usr/local/etc/dovecot/dovecot.conf:24: userdb sql {} has > been replaced by userdb { driver=sql } > doveconf: Warning: Obsolete > setting in /usr/local/etc/dovecot/dovecot.conf:27: userdb prefetch {} > has been replaced by userdb { driver=prefetch } > doveconf: Warning: > Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:29: auth_user > has been replaced by service auth { user } > Usage: > /etc/init.d/dovecot {start|stop|reload|restart|force-reload} > > tail > /var/log/maillog > Oct 20 10:13:59 example postfix/smtpd[28141]: > warning: problem talking to service rewrite: Success > Oct 20 > 10:13:59 example postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30178 exit status 1 > Oct > 20 10:13:59 example postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30179 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28458]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30180 exit status 1 > Oct > 20 10:13:59 example postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30181 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28483]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/smtpd[28460]: warning: problem talking to service rewrite: > Success > Oct 20 10:13:59 example postfix/master[4000]: warning: > process /usr/libexec/postfix/trivial-rewrite pid 30182 exit status 1 > Oct 20 10:13:59 example postfix/smtpd[28455]: warning: problem > talking to service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30183 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28484]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30184 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[29917]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30185 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[29953]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30186 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28485]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30187 exit status 1 > Oct > 20 10:14:15 example postfix/smtpd[30152]: connect from > unknown[66.248.165.32] > Oct 20 10:14:15 example > postfix/smtpd[30152]: lost connection after EHLO from > unknown[66.248.165.32] > Oct 20 10:14:15 example > postfix/smtpd[30152]: disconnect from unknown[66.248.165.32] > > I > also get this in there: Were you testing from 66.248.165.32? You still have too many errors from postfix and you need to sort out your MTA (Mail Transport) before you worry about the MDA (Mail Delivery). > Oct 20 10:13:15 example > postfix/smtpd[30152]: warning: dict_nis_init: NIS domain name not set > - NIS lookups disabled > Oct 20 10:13:15 example > postfix/smtpd[30152]: cannot load Certificate Authority data: > disabling TLS support > Oct 20 10:13:15 example > postfix/smtpd[30152]: warning: TLS library problem: > 30152:error:02001002:system library:fopen:No such file or > directory:bss_file.c:122:fopen('/etc/pki/tls/c > erts/cert.pem','r'): > Oct > 20 10:13:15 example postfix/smtpd[30152]: warning: TLS library > problem: 30152:error:2006D080:BIO routines:BIO_new_file:no such > file:bss_file.c:125: > Oct 20 10:13:15 example postfix/smtpd[30152]: > warning: TLS library problem: 30152:error:0B084002:x509 certificate > routines:X509_load_cert_crl_file:system lib:by_file.c:279: > Oct 20 > 10:13:15 example postfix/smtpd[30152]: connect from > unknown[66.248.165.32] > Oct 20 10:13:15 example > postfix/smtpd[30152]: lost connection after EHLO from > unknown[66.248.165.32] > Oct 20 10:13:15 example > postfix/smtpd[30152]: disconnect from unknown[66.248.165.32] > Oct > 20 10:13:57 example postfix/proxymap[28446]: warning: mysql query > failed: You have an error in your SQL syntax; check the manual that > corresponds to your MySQL server version f > or the right syntax to > use near '??gifteatszone.com??? AND active = 1' at line 1 > Oct 20 > 10:13:57 example postfix/trivial-rewrite[30154]: fatal: > proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): > table lookup problem > Oct 20 10:13:57 example > postfix/trivial-rewrite[30155]: fatal: > proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): > table lookup problem > Oct 20 10:13:57 example > postfix/proxymap[28444]: warning: mysql query failed: You have an > error in your SQL syntax; check the manual that corresponds to your > MySQL server version f > or the right syntax to use near > '??awakelunch.info??? AND active = 1' at line 1 > > I reckon the > failing of mysql inquiries just has to do with hackers trying to hack > me. The TLS problem isn't mission-critical since it's just getting > disabled. Yes, TLS is isn't an issue - although you have it incorrectly configured. That would be the last thing you need to implement/fix. For now disable it in postfix and dovecot. http://www.howtoforge.com/forums/archive/index.php/t-10943.html > ?[root at example jack]# ps wax|grep dovecot > 20223 > ???????? Ss???? 0:00 /usr/local/sbin/dovecot > 20224 ? > S????? 0:00 dovecot/anvil > 20225 ? > S????? 0:00 dovecot/log > 31832 ? > S????? 0:00 dovecot/config > 31833 ? > S????? 0:00 dovecot/auth > 31836 pts/2 > S+???? 0:00 grep dovecot > [root at example jack]# > ps wax|grep postfix > ?4000 ? > Ss???? 0:01 /usr/libexec/postfix/master > 31839 > pts/2??? S+???? 0:00 grep > postfix > [root at example jack]# ps wax|grep postfixadmin > 31842 > pts/2??? S+???? 0:00 grep > postfixadmin > [root at example jack]# ps wax|grep saslauthd > 16337 ???????? Ss???? 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2 > 16338 ???????? S????? 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2 > 25718 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 25719 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 25720 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 25721 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 25722 ???????? S????? 0:00 /usr/sbin/saslauthd -d -a pam > 32052 > ?pts/2??? S+???? 0:00 grep saslauthd > > > I also tried this: > > First send a test mail to yourself (as your own non-root user): > echo "Hello me" | mail -s "Dovecot test" $USER > Now, find where the mail went. Here's a simple script which checks the most common locations: > for mbox in /var/mail/$USER /var/spool/mail/$USER ~/mbox ~/mail/* ~/*; do > ? grep -q "Dovecot test" $mbox && echo "mbox: $mbox" > done > grep -q "Dovecot test" ~/Maildir/new/* 2>/dev/null && echo "Maildir: ~/Maildir" > > and the mail was not found. > > > This from my dovecot.conf file: > mail_location = maildir:/var/vmail/%d/%u > #but there's nothing there. > ... > auth default { > # Having "login" also as a mechanism make sure outlook can use the auth smtpd as well > # http://wiki.dovecot.org/Authentication/Mechanisms > ? mechanisms = plain login > ? passdb sql { > ??? args = /usr/local/etc/dovecot/sql.conf > ? } > ? userdb sql { > ??? args = /usr/local/etc/dovecot/sql.conf > ? } > ? userdb prefetch { > ? } > ? user = nobody > ? socket listen { > ??? master { > ????? path = /var/run/dovecot/auth-master > ????? mode = 0660 > ????? user = vmail > ????? group = mail > ??? } > ??? client { > ????? path = /var/spool/postfix/private/auth > ????? mode = 0660 > ????? user = postfix > ????? group = mail > ??? } > ? } > } > > > Telnetting to port 25 brings up Postfix, to port 110 brings up Dovecot At a minimum your daemons are running - congratulations! That's always a good start and I remember when I was setting up the sense of achievement that brought. But for now you need to get postfix working (their list is great). Perhaps if you give more details on your system I can point you to a better howto. And maybe more information on what you're trying to achieve? Virtual domain? Virtual domains? Multiple users? Local users? All these have an impact on what the solution is. Simon From stephan at rename-it.nl Fri Oct 21 02:11:05 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 21 Oct 2011 01:11:05 +0200 Subject: [Dovecot] Email filters In-Reply-To: <4EA0A585.5020202@webrz.net> References: <4EA0A585.5020202@webrz.net> Message-ID: <4EA0AA89.1060808@rename-it.nl> Hi Jos, On 10/21/2011 12:49 AM, Jos Chrispijn wrote: > Can someone tell me how I can configure Dovecot to use message filters > on incoming email? > When I now activate my mail account on my mobile phone and Thunderbird > (or any other mail client with message filters) is not online, I get a > huge pile of email in my INBOX that I have to go thru, while 90% is > not that interesting to read as they belong to Spam messages, > newsletters etc. http://wiki2.dovecot.org/Pigeonhole Regards, Stephan. From jackfredrikson at yahoo.com Fri Oct 21 02:45:02 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Thu, 20 Oct 2011 16:45:02 -0700 (PDT) Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> Message-ID: <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: "dovecot at dovecot.org" Sent: Thursday, October 20, 2011 7:07 PM Subject: Re: [Dovecot] Don't Know Where Emails Are Or What's Happening First, I'm subscribing to postfix as per your recc and I upgraded my dovecot. What the heck was I doing with such an old version?! lol. My OS is CentOS. > At a minimum your daemons are running - congratulations!? That's > always a good start and I remember when I was setting up the sense of > achievement that brought. Uhuh! >? But for now you need to get postfix working > (their list is great).? Perhaps if you give more details on your > system I can point you to a better howto.? And maybe more information > on what you're trying to achieve?? Virtual domain?? Virtual domains? > Multiple users?? Local users?? All these have an impact on what the > solution is. I have clients with their various domains hosted on my server to whom I need to serve email. There will only be me on a slice of one machine interfacing with dovecot/postfix. I have integrated/am integrating Amavis, ClamAV, Spamassassin, PostfixAdmin and SquirrelMail. Thanks, Jack From jos at webrz.net Fri Oct 21 09:40:29 2011 From: jos at webrz.net (Jos Chrispijn) Date: Fri, 21 Oct 2011 08:40:29 +0200 Subject: [Dovecot] Email filters In-Reply-To: <4EA0AA89.1060808@rename-it.nl> References: <4EA0A585.5020202@webrz.net> <4EA0AA89.1060808@rename-it.nl> Message-ID: <4EA113DD.4050003@webrz.net> Hi Stephan, Thanks, would love to use that one, but I follow the ports(upgrades) and currently we are on _dovecot-1.2.17_ Secure and compact IMAP and POP3 servers where the Pigeonhole port demands Dovecot 2.0? BR, Jos Stephan Bosch: > Hi Jos, > > On 10/21/2011 12:49 AM, Jos Chrispijn wrote: >> Can someone tell me how I can configure Dovecot to use message >> filters on incoming email? >> When I now activate my mail account on my mobile phone and >> Thunderbird (or any other mail client with message filters) is not >> online, I get a huge pile of email in my INBOX that I have to go >> thru, while 90% is not that interesting to read as they belong to >> Spam messages, newsletters etc. > > http://wiki2.dovecot.org/Pigeonhole > > Regards, > > Stephan. From stephan at rename-it.nl Fri Oct 21 10:20:20 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 21 Oct 2011 09:20:20 +0200 Subject: [Dovecot] Email filters In-Reply-To: <4EA113DD.4050003@webrz.net> References: <4EA0A585.5020202@webrz.net> <4EA0AA89.1060808@rename-it.nl> <4EA113DD.4050003@webrz.net> Message-ID: <4EA11D34.7040209@rename-it.nl> On 10/21/2011 8:40 AM, Jos Chrispijn wrote: > Hi Stephan, > > Thanks, would love to use that one, but I follow the ports(upgrades) > and currently we are on > > _dovecot-1.2.17_ Secure and compact IMAP and POP3 servers > > where the Pigeonhole port demands Dovecot 2.0? Well, Pigeonhole is available for v1.2 too: http://wiki.dovecot.org/LDA/Sieve/Dovecot However, back then it was still a split package; dovecot-sieve and dovecot-managesieve. I'm assuming you're using FreeBSD, in which case the ports are found here: http://www.freebsd.org/cgi/cvsweb.cgi/ports/mail/dovecot-sieve/ http://www.freebsd.org/cgi/cvsweb.cgi/ports/mail/dovecot-managesieve/ Otherwise, searching for Sieve and Dovecot should yield what you need. Regards, Stephan. From nam_10 at hotmail.com Fri Oct 21 13:43:29 2011 From: nam_10 at hotmail.com (nuno marques) Date: Fri, 21 Oct 2011 10:43:29 +0000 Subject: [Dovecot] Quota Message-ID: hi, I'm having some difficulty understanding the connection between postfix, dovecot and quota. What is the best way to set up quotas? through the file system quota and maildir? Need the dovecot lda working? The postfix needs a patch? I was thinking about setting quotas on file system, then configure Postfix to connect to dovecot-lda. Any suggestion? The system as a whole is composed of:dovecot-2.0-0.10.beta6.20100630.el6.x86_64 -> 2.0.beta6 (3156315704ef)openldap-servers-2.4.19-15.el6_0.2.x86_64postfix-2.6.6-2.1.el6_0.x86_64mailscanner-4.84.3-1.noarchspamassassin-3.3.1-2.el6.x86_64centos 6 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux From duihi77 at gmail.com Fri Oct 21 14:45:32 2011 From: duihi77 at gmail.com (Duane Hill) Date: Fri, 21 Oct 2011 06:45:32 -0500 (CDT) Subject: [Dovecot] Quota In-Reply-To: References: Message-ID: On Fri, 21 Oct 2011, nuno marques wrote: > hi, > I'm having some difficulty understanding the connection between postfix, dovecot and quota. > What is the best way to set up quotas? through the file system quota and maildir? Need the dovecot lda working? The postfix needs a patch? > > I was thinking about setting quotas on file system, then configure Postfix to connect to dovecot-lda. Any suggestion? > > The system as a whole is composed of:dovecot-2.0-0.10.beta6.20100630.el6.x86_64 -> 2.0.beta6 (3156315704ef)openldap-servers-2.4.19-15.el6_0.2.x86_64postfix-2.6.6-2.1.el6_0.x86_64mailscanner-4.84.3-1.noarchspamassassin-3.3.1-2.el6.x86_64centos 6 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux Here, I have a policy service in Postfix that checks the quota stored in MySQL and defers the message if it would put the email account over quota. If you have Dovecot deal with sending over quota messages, there is a risk. You may end up sending messages to forged email addresses within spam. That's why I do the quota checking from a policy service in Postfix and defer the message at SMTP time. From info at simonecaruso.com Fri Oct 21 15:15:31 2011 From: info at simonecaruso.com (Simone Caruso) Date: Fri, 21 Oct 2011 14:15:31 +0200 Subject: [Dovecot] Quota In-Reply-To: References: Message-ID: <4EA16263.3080806@simonecaruso.com> It's depends on the kind of quota u need: mailbox usage, messages size, message count per month /domain /user /server.. if u want to limit per user mailbox quota use dovecot's quota plugin.. -- Simone Caruso IT Consultant From CMarcus at Media-Brokers.com Fri Oct 21 15:51:44 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 21 Oct 2011 08:51:44 -0400 Subject: [Dovecot] Quota In-Reply-To: References: Message-ID: <4EA16AE0.90601@Media-Brokers.com> On 2011-10-21 6:43 AM, nuno marques wrote: > The system as a whole is composed of:dovecot-2.0-0.10.beta6.20100630.el6.x86_64 Fyi, this is really old, you should upgrade to the latest version... -- Best regards, Charles From nam_10 at hotmail.com Fri Oct 21 15:57:55 2011 From: nam_10 at hotmail.com (nuno marques) Date: Fri, 21 Oct 2011 12:57:55 +0000 Subject: [Dovecot] Quota In-Reply-To: <4EA16263.3080806@simonecaruso.com> References: , <4EA16263.3080806@simonecaruso.com> Message-ID: for mailbox usage. I have to use dovecot lda? dovecot-2.0-0.10.beta6.20100630.el6.x86_64 -> 2.0.beta6 (3156315704ef)openldap-servers-2.4.19-15.el6_0.2.x86_64postfix-2.6.6-2.1.el6_0.x86_64mailscanner-4.84.3-1.noarchspamassassin-3.3.1-2.el6.x86_64centos 6 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux > Date: Fri, 21 Oct 2011 14:15:31 +0200 > From: info at simonecaruso.com > To: dovecot at dovecot.org > Subject: Re: [Dovecot] Quota > > It's depends on the kind of quota u need: > mailbox usage, > messages size, > message count per month /domain /user /server.. > > if u want to limit per user mailbox quota use dovecot's quota plugin.. > > -- > Simone Caruso > IT Consultant From simon.brereton at buongiorno.com Fri Oct 21 17:12:48 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Fri, 21 Oct 2011 10:12:48 -0400 Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: On 20 October 2011 19:45, Jack Fredrikson wrote: > > ________________________________ > From: Simon Brereton > To: "dovecot at dovecot.org" > Sent: Thursday, October 20, 2011 7:07 PM > Subject: Re: [Dovecot] Don't Know Where Emails Are Or What's Happening > > First, I'm subscribing to postfix as per your recc and I upgraded my dovecot. What the heck was I doing with such an old version?! lol. My OS is CentOS. Well, unless the link I sent you helped you with the the table locking problem, ask over there for help on making sure that postfix is accepting and delivering mail. Or accepting at least. Did you plan on having postfix or dovecot do the delivery (using dovecot-lda)? >> At a minimum your daemons are running - congratulations!? That's >> always a good start and I remember when I was setting up the sense of >> achievement that brought. > > Uhuh! > >>? But for now you need to get postfix working >> (their list is great).? Perhaps if you give more details on your >> system I can point you to a better howto.? And maybe more information >> on what you're trying to achieve?? Virtual domain?? Virtual domains? >> Multiple users?? Local users?? All these have an impact on what the >> solution is. > > I have clients with their various domains hosted on my server to whom I need to serve email. There will only be me on a slice of one machine interfacing with dovecot/postfix. I have integrated/am integrating Amavis, ClamAV, Spamassassin, PostfixAdmin and SquirrelMail. Okay - fairly common setup. I don't use postfix-admin, but if that's what created your mysql tables that could also be a starting point to look for the table lock errors. Good luck! Simon From micah at riseup.net Fri Oct 21 17:50:50 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 21 Oct 2011 10:50:50 -0400 Subject: [Dovecot] Accessing a strange mailbox Message-ID: <8762jie6ut.fsf@algae.riseup.net> I have a user who has a mailbox called: A----->B It seemed to work in courier fine, they managed to create it, and there are mails in it. However, dovecot is not letting the user access it, the IMAP server gives an error. I tried to rename it but I would also get an error: # doveadm mailbox rename A-----\>B AtoB doveadm(root): Error: Can't rename mailbox A----->B to AtoB: Mailbox doesn't exist: A----->B # doveadm mailbox rename A----->B AtoB doveadm(root): Error: Can't rename mailbox A----- to AtoB: Mailbox doesn't exist: A----- # doveadm mailbox rename 'A----->B' AtoB doveadm(root): Error: Can't rename mailbox A----->B to AtoB: Mailbox doesn't exist: A----->B # doveadm mailbox rename "A----->B" AtoB doveadm(root): Error: Can't rename mailbox A----->B to AtoB: Mailbox doesn't exist: A----->B # How can I deal with this mailbox (using mdbox here)? Thanks! -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From jackfredrikson at yahoo.com Fri Oct 21 17:55:48 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Fri, 21 Oct 2011 07:55:48 -0700 (PDT) Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: <1319208948.73920.YahooMailNeo@web122003.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: "dovecot at dovecot.org" Sent: Friday, October 21, 2011 10:12 AM Subject: Re: [Dovecot] Don't Know Where Emails Are Or What's Happening > Well, unless the link I sent you helped you with the the table locking > problem, ask over there for help on making sure that postfix is > accepting and delivering mail.? Or accepting at least. Didn't help :( > Did you plan on having postfix or dovecot do the delivery (using dovecot-lda)? postfix as MTA, dovecot as MDA. Am I missing something here? > Okay - fairly common setup.? I don't use postfix-admin, but if that's > what created your mysql tables that could also be a starting point to > look for the table lock errors. Ok. Thanks, Jack From jackfredrikson at yahoo.com Fri Oct 21 18:00:21 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Fri, 21 Oct 2011 08:00:21 -0700 (PDT) Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: <1319209221.3750.YahooMailNeo@web122020.mail.ne1.yahoo.com> Wait a minute! PostfixAdmin has no problems with MySQL. They have a setup page that verifies the MySQL connection among other things, and everything checks out perfectly well. At any rate, Simon, am now communicating with the Postfix list as well ;) Thanks, Jack From hadmut at danisch.de Fri Oct 21 18:34:49 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Fri, 21 Oct 2011 17:34:49 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? Message-ID: <4EA19119.4020803@msgid.danisch.de> Hi, just a simple question about dovecot: The mbox file format contains the SMTP envelope sender and transmission date in a FROM ... line preceding the RFC822 mail header and body. As far as I see at the moment, the IMAP protocol does not support transmission of that SMTP envelope data in either way, but confusingly uses the term ?envelope? for a structure describing the RFC822 mail header. My question is, whether there is any way to retrieve the SMTP envelope through dovecot's IMAP anyway, maybe through some extension. regards Hadmut From simon.brereton at buongiorno.com Fri Oct 21 18:45:15 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Fri, 21 Oct 2011 11:45:15 -0400 Subject: [Dovecot] Don't Know Where Emails Are Or What's Happening In-Reply-To: <1319208948.73920.YahooMailNeo@web122003.mail.ne1.yahoo.com> References: <1319149711.73499.YahooMailNeo@web122001.mail.ne1.yahoo.com> <1319154302.11334.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319208948.73920.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: On 21 October 2011 10:55, Jack Fredrikson wrote: > > > > ________________________________ > From: Simon Brereton > To: "dovecot at dovecot.org" > Sent: Friday, October 21, 2011 10:12 AM > Subject: Re: [Dovecot] Don't Know Where Emails Are Or What's Happening > >> Well, unless the link I sent you helped you with the the table locking >> problem, ask over there for help on making sure that postfix is >> accepting and delivering mail.? Or accepting at least. > > Didn't help :( > >> Did you plan on having postfix or dovecot do the delivery (using dovecot-lda)? > > postfix as MTA, dovecot as MDA. Am I missing something here? Are you using Maildir or mdbox format for the users? Postfix can write the mails into the Maildir, but so can Dovecot. So, if you're using maildir you can either have postfix put the mail there or you can hand it off to Dovecot and have Dovecot put it there.. But let's fix postfix first before you worry about that. Simon From npetronikolos at condito.gr Fri Oct 21 19:43:45 2011 From: npetronikolos at condito.gr (Nikolaos Petronikolos) Date: Fri, 21 Oct 2011 09:43:45 -0700 (PDT) Subject: [Dovecot] can not receive email upgrading from ubuntu 11.4 to 11.10 In-Reply-To: <4EA03ED0.4080400@ubuntu.com> References: <32681149.post@talk.nabble.com> <4EA03ED0.4080400@ubuntu.com> Message-ID: <32697735.post@talk.nabble.com> Thank you very much for your answer and for your time . of course it worked just fine the solution you proposed. thank you once more . Best regards Nikolaos James Page-4 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hi Nikolaos > > On 19/10/11 10:54, Nikolaos Petronikolos wrote: >> #5.3.0 x-unix; /usr/lib/dovecot/deliver: invalid option -- 'n' >> Usage: dovecot-lda [-c ] [-a
] [-d >> ] [-p ] [-f ] [-m ] [-e] >> [-k]> #SMTP# >> >> The problem occurred after i upgraded my server from ubuntu 11.4 to >> 11.10. > > 11.10 upgrades dovecot from 1.2.x to 2.0.x; as a result the -n flag is > no longer accepted by dovecot-lda; You can fix this by removing the -n > flag from the postfix configuration; > > sudo postconf -e "mailbox_command = /usr/lib/dovecot/deliver -c > /etc/dovecot/conf.d/01-mail-stack-delivery.conf -m \"\${EXTENSION}\"" > > This is a bug in the Ubuntu packaging; it would be great if you could > raise a bug in Ubuntu as well (I'll probably work on a stable release > update for this one): > > https://bugs.launchpad.net/ubuntu/+source/dovecot/+filebug > > Cheers > > James > > - -- > James Page > Ubuntu Core Developer > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQIcBAEBCAAGBQJOoD7QAAoJEL/srsug59jDHUcQAJfL4jU+wNMK22kYOCKsTRkr > eHBUZ0IQ1Yv2IscqRpW8WaAAg6r7tufMoodI/MY1N4w2FHfwJAAMiCfU/8gTyfHD > /FxwVH5Phk+InEYDEc7YMCdgTwh936yiOKkQjz65aGO3kUIg42QSNHOBq30L4VV7 > b4cnwIlwALjA/8U2HrZr6XHBwZ9YoyxoLY3m6R9MCcCNpEEUUh1tH4i2FuZYFHmJ > CokbWA2XHJCli4yZ5d+1JM3D0u/Sg2w1bczT3kkIE8HhGgOpCidbYRrOKTrHrFOl > 0GKvHQkxvosqfLt8rdrjJlhNlGjPdRdu22vsMy43rS80knN70ltyTH3K5kiW2q6/ > skqQjwgZ4y41sqsKq8WnuYuSfeH2TSrglzSXQ2W8vOOAJArqwLLst5E3+Ift3Pig > 0BhNlSyQyWhdE4TE9zbGnUPK8GLXLU82LcTegpz6d3mxAcCs7+SnNiYPnRrNxTA1 > YqqBdcAfCMeS5B3w5ZQRQDvKOIZOPqyIeZPX2g5bOM4ngDnZoJfIOf6RkBX/DPVw > UCgU1AjWWHtrcTby7h4s3xX+EaPUpEFj8eg30GW5exsSMM6ASuU+HtQpO3rEobDB > uG9AvHahf6Y9fAuSdxjcHQg6xyWDEYNaW3MNZauaD92IvaTP2uTyQvopk3ahyOWK > 7lpTV7qZ776fNbK5OYrX > =W3fO > -----END PGP SIGNATURE----- > > -- View this message in context: http://old.nabble.com/can-not-receive-email-upgrading-from-ubuntu-11.4-to-11.10-tp32681149p32697735.html Sent from the Dovecot mailing list archive at Nabble.com. From AnFi at onet.eu Fri Oct 21 20:53:11 2011 From: AnFi at onet.eu (Andrzej Adam Filip) Date: Fri, 21 Oct 2011 19:53:11 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <4EA19119.4020803@msgid.danisch.de> (Hadmut Danisch's message of "Fri, 21 Oct 2011 17:34:49 +0200") References: <4EA19119.4020803@msgid.danisch.de> Message-ID: Hadmut Danisch wrote: > just a simple question about dovecot: > > The mbox file format contains the SMTP envelope sender and transmission > date in a FROM ... line preceding the RFC822 mail header and body. > > As far as I see at the moment, the IMAP protocol does not support > transmission of that SMTP envelope data in either way, but confusingly > uses the term ?envelope? for a structure describing the RFC822 mail header. > > My question is, whether there is any way to retrieve the SMTP envelope > through dovecot's IMAP anyway, maybe through some extension. Almost all MTA copy "(SMTP) envelope sender" to Return-Path: header before delivery to the final mailbox. If you do not get Return-Path: header in messages delivered to your (dovecot) mailbox then name your MTA (exim/postfix/sendmail/.....). -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu You are absolute plate-glass. I see to the very back of your mind. -- Sherlock Holmes From dg at dguhl.org Fri Oct 21 21:02:41 2011 From: dg at dguhl.org (Dennis Guhl) Date: Fri, 21 Oct 2011 20:02:41 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <4EA19119.4020803@msgid.danisch.de> References: <4EA19119.4020803@msgid.danisch.de> Message-ID: <20111021180241.GA6924@PC211.ikt.de> On Fri, Oct 21, 2011 at 05:34:49PM +0200, Hadmut Danisch wrote: > Hi, > > just a simple question about dovecot: > > The mbox file format contains the SMTP envelope sender and transmission > date in a FROM ... line preceding the RFC822 mail header and body. The line 'From foo at bar [..]' is only a seperation for different emails in the mbox (in contrast, an RFC 822 From: is followed by a colon). > As far as I see at the moment, the IMAP protocol does not support > transmission of that SMTP envelope data in either way, but confusingly The SMTP envelope does only exist within the involved MTAs and only as long as the message is not finally delivered. And if the MTA does not reveal the value of MAIL FROM: there will only be the address from the Return-Path: or From: header fields to populate the From line. > uses the term ?envelope? for a structure describing the RFC822 mail header. > > My question is, whether there is any way to retrieve the SMTP envelope > through dovecot's IMAP anyway, maybe through some extension. Hardly. Even something like FETCH 1 (BODY[HEADER.FIELDS (FROM)]) would not reveal the mbox message seperator but the RFC 822 From: header. Dennis From peter at norrskenkonsult.com Fri Oct 21 21:27:33 2011 From: peter at norrskenkonsult.com (Peter Lindgren) Date: Fri, 21 Oct 2011 20:27:33 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4E9EED12.8040409@rename-it.nl> References: <4E9EDAC1.4000602@jkart.de> <4E9EED12.8040409@rename-it.nl> Message-ID: <4EA1B995.8040605@norrskenkonsult.com> Stephan Bosch skrev 2011-10-19 17:30: > Op 19-10-2011 16:12, Jim Knuth schreef: >> Hello, >> >> is http://xi.rename-it.nl down? Apticron >> shows me permanently errors. > > Yes. I noticed this yesterday. For cases like this, http://www.downforeveryoneorjustme.com/ is a quick and easy test. /Peter -- Peter Lindgren Norrsken konsult peter at norrskenkonsult.com 0703-393940 From hadmut at danisch.de Sat Oct 22 01:00:34 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 00:00:34 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <20111021180241.GA6924@PC211.ikt.de> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> Message-ID: <4EA1EB82.10807@msgid.danisch.de> On 21.10.2011 20:02, Dennis Guhl wrote: > The SMTP envelope does only exist within the involved MTAs and only as > long as the message is not finally delivered. The intended use is to create a backup from a mailbox through IMAP, which is as close as possible to the original mbox file, thus resembling the FROM lines as well. The envelope sender address does not drop it's meaning after delivery. It's required for debugging purposes, writing mail filters, create blacklist filters from detected spam, etc. regards From nam_10 at hotmail.com Sat Oct 22 02:09:10 2011 From: nam_10 at hotmail.com (nuno marques) Date: Fri, 21 Oct 2011 23:09:10 +0000 Subject: [Dovecot] Quota fs Message-ID: Hi, I have the following error, any help? imap(user4): Error: quotactl(Q_GETQUOTA, /dev/mapper/VolGroup-lv_root) failed: Permission denied The system as a whole is composed of: dovecot-2.0.14-1_130.el6.x86_64 openldap-servers-2.4.19-15.el6_0.2.x86_64 postfix-2.6.6-2.1.el6_0.x86_64 mailscanner-4.84.3-1.noarch spamassassin-3.3.1-2.el6.x86_64 centos 6 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) auth_username_format = %Lu disable_plaintext_auth = no mail_location = maildir:~/Maildir mail_plugins = " quota" mbox_write_locks = fcntl passdb { driver = pam } plugin { quota = fs:User quota quota_rule = *:storage=10M quota_rule2 = Trash:storage=+1M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=10%% quota-warning 10 %u } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl_cert = References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> Message-ID: <20111022081510.GA26132@laptop-dg.leere.eu> On Sat, Oct 22, 2011 at 12:00:34AM +0200, Hadmut Danisch wrote: > On 21.10.2011 20:02, Dennis Guhl wrote: > > The SMTP envelope does only exist within the involved MTAs and only as > > long as the message is not finally delivered. > > The intended use is to create a backup from a mailbox through IMAP, > which is as close as possible to the original mbox file, thus resembling > the FROM lines as well. I don't think it will be possible. The tool for this would be rsync (wich might be difficult if you only have IMAP access to the machine in question). > The envelope sender address does not drop it's meaning after delivery. This I never claimed. > It's required for debugging purposes, writing mail filters, create > blacklist filters from detected spam, etc. Disregarding end users mail filters this are all tasks for mailadmins which can tell thier MTA to write a reliable Return-Path: header and which have access to the corresponding maillog. Dennis From hadmut at danisch.de Sat Oct 22 12:09:28 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 11:09:28 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <20111022081510.GA26132@laptop-dg.leere.eu> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> Message-ID: <4EA28848.6070303@msgid.danisch.de> On 22.10.2011 10:15, Dennis Guhl wrote: >> It's required for debugging purposes, writing mail filters, create >> > blacklist filters from detected spam, etc. > Disregarding end users mail filters this are all tasks for mailadmins > which can tell thier MTA to write a reliable Return-Path: header and > which have access to the corresponding maillog. Definitely wrong. Writing mail filters like ~/.mailfilter is a user's task. Training their individual spam filters as well. And whether you're even permitted to keep the maillog that long depends on your local data protection laws. And neither the Return-Path nor the Received-Lines reveal the precise date of delivery as the From line contains. regards Hadmut From nam_10 at hotmail.com Sat Oct 22 12:18:27 2011 From: nam_10 at hotmail.com (nuno marques) Date: Sat, 22 Oct 2011 09:18:27 +0000 Subject: [Dovecot] Quota warning Message-ID: Hi, I cant run quota warning or other script. any suggestions? Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Effective uid=1002, gid=1002, home=/home/user4 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota root: name=User quota backend=maildir args= Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota rule: root=User quota mailbox=* bytes=10485760 messages=0 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota rule: root=User quota mailbox=Trash bytes=+1048576 messages=0 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota warning: bytes=9961472 (95%) messages=0 reverse=no command=script /etc/dovecot/conf.d/teste 95 user4 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota warning: bytes=8388608 (80%) messages=0 reverse=no command=script /etc/dovecot/conf.d/teste 80 user4 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: Quota warning: bytes=7340032 (70%) messages=0 reverse=no command=script /etc/dovecot/conf.d/teste 70 user4 Oct 22 10:02:52 userseuac dovecot: imap(user4): Debug: maildir++: root=/home/user4/Maildir, index=, control=, inbox=/home/user4/Maildir, alt= # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) auth_debug = yes auth_debug_passwords = yes auth_username_format = %Lu auth_verbose = yes disable_plaintext_auth = no mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = " quota" mbox_write_locks = fcntl passdb { driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid from subject size vsize flags quota = maildir:User quota quota_exceeded_message = Quota exceeded!!!!!!!!!!!!!! quota_rule = *:storage=10M quota_rule2 = Trash:storage=+1M quota_warning = storage=95%% script /etc/dovecot/conf.d/teste 95 %u quota_warning2 = storage=80%% script /etc/dovecot/conf.d/teste 80 %u quota_warning3 = storage=70%% script /etc/dovecot/conf.d/teste 70 %u } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl_cert = References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> Message-ID: <20111022111406.GA3061@laptop-dg.leere.eu> On Sat, Oct 22, 2011 at 11:09:28AM +0200, Hadmut Danisch wrote: > On 22.10.2011 10:15, Dennis Guhl wrote: > >> It's required for debugging purposes, writing mail filters, create > >> > blacklist filters from detected spam, etc. > > Disregarding end users mail filters this are all tasks for mailadmins ^^^^^^^^^^^^^^^^^^^^^^^ > > which can tell thier MTA to write a reliable Return-Path: header and > > which have access to the corresponding maillog. > > Definitely wrong. > > Writing mail filters like ~/.mailfilter is a user's task. Training their > individual spam filters as well. . o O ( at least he didn't truncate the relevant quote this time ) > And whether you're even permitted to keep the maillog that long depends > on your local data protection laws. How long do you think a responsible mailadmin need to train filter. Btw. even here in Germany, where we most likely have the most restrictive laws regarding the protection of personal data, I am allowed to keep the maillog as long as I can show that the log is needed to satisfy user requests. > And neither the Return-Path nor the Received-Lines reveal the precise > date of delivery as the From line contains. Nonsense. Every RFC conformant received line contains the full date-time as specified in RFC 5322. Nothing else is taken into account for the mbox >From line. Dennis From hadmut at danisch.de Sat Oct 22 19:36:26 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 18:36:26 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <20111022111406.GA3061@laptop-dg.leere.eu> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> Message-ID: <4EA2F10A.801@msgid.danisch.de> I don't believe it does make much sense to ask technical questions if this ends in silly discussions about whether an admin should do something this or that way or how long logfiles should be kept. This is not related to the technical question anymore and completely useless. I was looking for a simple yes or no, not for fruitless debates. I hate it if one is asking a pure technical question and in response gets lessons in what people consider as a correct behaviour. From mcbdovecot at robuust.nl Sat Oct 22 19:56:31 2011 From: mcbdovecot at robuust.nl (Maarten Bezemer) Date: Sat, 22 Oct 2011 18:56:31 +0200 (CEST) Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <4EA2F10A.801@msgid.danisch.de> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> <4EA2F10A.801@msgid.danisch.de> Message-ID: On Sat, 22 Oct 2011, Hadmut Danisch wrote: > I don't believe it does make much sense to ask technical questions if > this ends in silly discussions about whether an admin should do > something this or that way or how long logfiles should be kept. This is > not related to the technical question anymore and completely useless. > > I was looking for a simple yes or no, not for fruitless debates. > > I hate it if one is asking a pure technical question and in response > gets lessons in what people consider as a correct behaviour. This is a generic problem with technicians, always having tons of arguments to support their statements ;-) On the other hand, the question was a bit broad as a starting point. The SMTP envelope is nothing more than SMTP protocol and is not in itself part of the email format RFC. If you want to have this information saved in the email message, then it is the task of the SMTP-server to add this in the headers of the message. (Hardly parseable in Received headers, probably better when also included in things like Return-path, Delivery-date and Envelope-to.) Whether or not one should apply any filtering, or when, or where, may be related to this topic but I'd say that's the freedom of the user. Or, the arbitrary choice of some manager ;-) Just my 2 cents.. -- Maarten From hadmut at danisch.de Sat Oct 22 20:13:51 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 19:13:51 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> <4EA2F10A.801@msgid.danisch.de> Message-ID: <4EA2F9CF.4010503@msgid.danisch.de> On 22.10.2011 18:56, Maarten Bezemer wrote: > On the other hand, the question was a bit broad as a starting point. > The SMTP envelope is nothing more than SMTP protocol and is not in > itself part of the email format RFC. If you want to have this > information saved in the email message, then it is the task of the > SMTP-server to add this in the headers of the message. (Hardly > parseable in Received headers, probably better when also included in > things like Return-path, Delivery-date and Envelope-to.) > Whether or not one should apply any filtering, or when, or where, may > be related to this topic but I'd say that's the freedom of the user. > Or, the arbitrary choice of some manager ;-) Again, this discussion is nuts. If this is supposed to be some support mailing list (as the dovecot web page suggests) people should take care to focus on the question rather than taking a question as an opportunity for telling their individual opinion. The main question is whether I can draw a precise copy of a mailfolder through IMAP without any loss of data. It does not make any sense to discuss what that information could be used for, especially nobody on that list is familiar with the local requirements I have to fulfill. (BTW, I am familiar with the SMTP envelope, I was working more than two years at the IRTF and IETF about treatment of the SMTP envelope, and doing mail system administration since around 1989. I don't need any introduction or further discussion about that.) Please understand that I do not want to waste any more time in this discussion that completely misses the point and the initial question. From ms at mike2k.de Sat Oct 22 20:42:22 2011 From: ms at mike2k.de (Michael Stilkerich) Date: Sat, 22 Oct 2011 19:42:22 +0200 Subject: [Dovecot] setacl fails - does not find dovecot-acl file In-Reply-To: <4EA2C213.7030204@mike2k.de> References: <4EA2C213.7030204@mike2k.de> Message-ID: <4EA3007E.1030507@mike2k.de> Hi again, On 22.10.2011 15:16, Michael Stilkerich wrote: > When I try to create an ACL in a telnet session, the command fails with > an internal error. The log shows: > > dovecot: imap(michael): Error: > fstat(/home/dovecot/michael/.test/dovecot-acl.lock) failed: No such file > or directory > dovecot: imap(michael): Error: > file_dotlock_open(/home/dovecot/michael/.test/dovecot-acl) failed: No > such file or directory I found that the problem seems to be the try_create_lock_hardlink() function, which is used to create the lock file. I don't now why it doesn't work, but if I modify the code of dotlock_create() to always use try_create_lock_excl() instead ignoring the setting of use_excl_lock in the dotlock_settings structure, it works just fine for me. I noticed in the log that the issue not only occurs with the dovecot-acl files but with other files, too, namely the dovecot.index.log and my acl_shared_dict file. Looking at the static dotlock_settings structure in the acl-file backend, I don't see how its use_excl_lock could possible be set to 1 by the configuration (i.e., it doesn't seem that the dotlock_use_excl configuration option is considered). For the maildirlock, an environment variable "DOTLOCK_USE_EXCL" is checked instead of the config setting. I'm not sure whether it is intentional that the hardlink variant is generally used in these cases. -Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4480 bytes Desc: S/MIME Cryptographic Signature URL: From mcbdovecot at robuust.nl Sat Oct 22 20:56:14 2011 From: mcbdovecot at robuust.nl (Maarten Bezemer) Date: Sat, 22 Oct 2011 19:56:14 +0200 (CEST) Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: <4EA2F9CF.4010503@msgid.danisch.de> References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> <4EA2F10A.801@msgid.danisch.de> <4EA2F9CF.4010503@msgid.danisch.de> Message-ID: On Sat, 22 Oct 2011, Hadmut Danisch wrote: > Again, this discussion is nuts. If this is supposed to be some support > mailing list (as the dovecot web page suggests) people should take care > to focus on the question rather than taking a question as an opportunity > for telling their individual opinion. > > > The main question is whether I can draw a precise copy of a mailfolder > through IMAP without any loss of data. My last reply to this thread, then. The answer to your main question would be 'yes', since Dovecot's IMAP interface supports retrieving the entire email message including all its meta-data (aka headers or envelope). The mbox from-line, not to be confused with the From: header, is simply not part of the email message but used only as a separator. Heck, it need not even contain valid information, but only proper formatting to satisfy picky/"smart" MUA's. Usually, it conveniently does carry some useful information, but e.g. when the SMTP envelope-from is '<>' then the mbox from-line usually contains something like MAILER-DAEMON to stay within the formatting specification. So, instead of blaming others of derailing a discussion and/or not simply answering a question, it might be an equally good idea to think twice about how you asked the question. I'm actually happy that 'simple' questions are handled the way they are. Most people do not want an answer to the question they asked, but want a solution to their problem. Which they may have described in the question but often is left as an exercise for the reader. ;-) But then again, I'm a technician, not a shrink, so my apologies for being so unfriendly... -- Maarten From hadmut at danisch.de Sat Oct 22 21:15:01 2011 From: hadmut at danisch.de (Hadmut Danisch) Date: Sat, 22 Oct 2011 20:15:01 +0200 Subject: [Dovecot] Getting the SMTP envelope through IMAP? In-Reply-To: References: <4EA19119.4020803@msgid.danisch.de> <20111021180241.GA6924@PC211.ikt.de> <4EA1EB82.10807@msgid.danisch.de> <20111022081510.GA26132@laptop-dg.leere.eu> <4EA28848.6070303@msgid.danisch.de> <20111022111406.GA3061@laptop-dg.leere.eu> <4EA2F10A.801@msgid.danisch.de> <4EA2F9CF.4010503@msgid.danisch.de> Message-ID: <4EA30825.9050106@msgid.danisch.de> > The mbox from-line, not to be confused with the From: header, is > simply not part of the email message but used only as a separator. > Heck, it need not even contain valid information, but only proper > formatting to satisfy picky/"smart" MUA's. Usually, it conveniently > does carry some useful information, but e.g. when the SMTP > envelope-from is '<>' then the mbox from-line usually contains > something like MAILER-DAEMON to stay within the formatting specification. Once again: I've never asked for an explanation about what that From-Line is. I did not ask whether it contains useful information either. I've asked whether dovecot allows to retrieve it over IMAP. Why is it impossible for you to understand the question before answering? > Most people do not want an answer to the question they asked, but want > a solution to their problem. I did not ask for a solution of a problem, either. I've asked for a precise answer exactly to the question I've asked. That's why you fail to focus on the question and to answer it. Because you want to sell your solution for what you believe the problem is - or what you like it to be. But your assumption about the problem is completely wrong. So is your answer. Stop obtruding solutions that nobody has asked for. From jackfredrikson at yahoo.com Sat Oct 22 22:13:53 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Sat, 22 Oct 2011 12:13:53 -0700 (PDT) Subject: [Dovecot] First Installation, Problems... Message-ID: <1319310833.73697.YahooMailNeo@web122011.mail.ne1.yahoo.com> Hi; [root at example jack]# /usr/local/sbin/dovecot --version 2.0.15 [root at example jack]# /usr/local/bin/doveconf -n # 2.0.15: /usr/local/etc/dovecot/dovecot.conf doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: imap_client_workarounds=outlook-idle is no longer necessary doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:21: passdb sql {} has been replaced by passdb { driver=sql } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:24: userdb sql {} has been replaced by userdb { driver=sql } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:27: userdb prefetch {} has been replaced by userdb { driver=prefetch } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:29: auth_user has been replaced by service auth { user } # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.4 (Final) vzfs auth_mechanisms = plain login mail_location = maildir:/var/vmail/%d/%u passdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } plugin { ? quota = maildir:storage=10240:messages=1000 ? trash = /usr/local/etc/dovecot/trash.conf } service auth { ? unix_listener /var/run/dovecot/auth-master { ??? group = mail ??? mode = 0660 ??? user = vmail ? } ? unix_listener /var/spool/postfix/private/auth { ??? group = mail ??? mode = 0660 ??? user = postfix ? } ? user = nobody } ssl = no userdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } userdb { ? driver = prefetch } protocol imap { ? imap_client_workarounds = delay-newmail ? mail_plugins = quota imap_quota } protocol pop3 { ? mail_plugins = quota ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { ? info_log_path = /var/log/dovecot-deliver.log ? log_path = /var/log/dovecot-deliver.log ? mail_plugins = quota ? postmaster_address = postmaster at creative.vi } It appears that I have postfix at least partially working: postfix/pipe[5280]: 9FDE0579012F: to=, relay=spamfilter, delay=6, delays=3/0.01/0/3, dsn=2.0.0, status=sent (delivered via spamfilter service) I don't know where it ended up :-} There's nothing in /var/vmail, the dovecot destination. This is true even before I set the postfix content_filter to spamassassin (when it said "delivered to Maildir" or some such). Please advise. TIA, Jack From gordon.grubert+lists at uni-greifswald.de Sat Oct 22 22:21:25 2011 From: gordon.grubert+lists at uni-greifswald.de (Gordon Grubert) Date: Sat, 22 Oct 2011 21:21:25 +0200 Subject: [Dovecot] Dovecot crashes totally Message-ID: <4EA317B5.3090209@uni-greifswald.de> Hello, our dovecot server crashes totally without any really useful log messages. The error log can be found in the attachment. The only way to get dovecot running again is a complete system restart. Dovecot version: 2:2.0.15-0~auto+5 (2.0.15 (6b7242ead6ed)) Configuration : see attachment OS : Debian Squeeze amd64 Dovecot source : http://xi.rename-it.nl/debian/ \ stable-auto/dovecot-2.0 main This problem has already occurred with the version 2.0.13 where the log says as few as the current logs :-( Best regards, Gordon -- Leiter AG Technische Infrastruktur und Basisdienste Universitaetsrechenzentrum (URZ) E.-M.-Arndt-Universitaet Greifswald Felix-Hausdorff-Str. 12 17489 Greifswald Germany Tel. +49 3834 86-1456 Fax. +49 3834 86-1401 -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: dovecot_nondefault.conf URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: mail.err URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5396 bytes Desc: S/MIME Cryptographic Signature URL: From ms at mike2k.de Sat Oct 22 16:16:03 2011 From: ms at mike2k.de (Michael Stilkerich) Date: Sat, 22 Oct 2011 15:16:03 +0200 Subject: [Dovecot] setacl fails - does not find dovecot-acl file Message-ID: <4EA2C213.7030204@mike2k.de> Hi, I'm using dovecot 2.0.13 that ships with Ubuntu 11.10. I tried setting up a shared namespace as documented in the wiki to enable the sharing of a mailbox between two users. I have a Maildir(++) directory for each user. Each user has a system account. The Maildir of each user is owned by the user's system account and group read/writable by the group mail (hence mail_access_groups=mail). Relevant parts of my config: mail_plugins = acl mail_location = maildir:/home/dovecot/%u mail_access_groups = mail namespace { type = private separator = / prefix = inbox = yes hidden = no subscriptions = yes } namespace { type = shared separator = / prefix = shared/%%u/ location = maildir:/home/dovecot/%%u:INDEX=/home/dovecot/%u/shared/%%u subscriptions = no list = children } protocol imap { mail_plugins = $mail_plugins imap_acl } plugin { acl = vfile } plugin { acl_shared_dict = file:/home/dovecot/shared-mailboxes } When I try to create an ACL in a telnet session, the command fails with an internal error. The log shows: dovecot: imap(michael): Error: fstat(/home/dovecot/michael/.test/dovecot-acl.lock) failed: No such file or directory dovecot: imap(michael): Error: file_dotlock_open(/home/dovecot/michael/.test/dovecot-acl) failed: No such file or directory The error occurs whether a (manually created) dovecot-acl file exists or not. The dovecot-acl.lock file is created by not removed afterwards. Subsequent setacl commands will timeout waiting for the lock to be released until I delete it manually. If I create the dovecot-acl file manually and provide access to another user, the getacl command will correctly show the permissions and the other user can access the folder. setacl will still fail to modify the acl file, however (same error). Another thing that irritates me is that dovecot seems to use the dotlock locking method, although I explicitly set lock_method to fcntl (also tried flock, same behavior). I'm not using chroot. I appreciate any help to get this sorted out. Thanks, Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4480 bytes Desc: S/MIME Cryptographic Signature URL: From stsiol at yahoo.co.uk Sat Oct 22 23:43:54 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Sat, 22 Oct 2011 21:43:54 +0100 (BST) Subject: [Dovecot] off topic question Message-ID: <1319316234.77044.YahooMailNeo@web27208.mail.ukl.yahoo.com> ? Hello list, Is anybody out there who knows of an MTA that can do LDAP writes ? I apologize for bringing this to the list, however, I did some googling and cannot find any answer to this. Thank you all, spyros ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From jackfredrikson at yahoo.com Sun Oct 23 03:57:25 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Sat, 22 Oct 2011 17:57:25 -0700 (PDT) Subject: [Dovecot] Temporary Failures Message-ID: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> Hi; I keep getting errors like this one: Oct 22 16:51:08 example postfix/pipe[12021]: C2F705790169: to=, relay=dovecot, delay=2.1, delays=2/0.01/0/0.08, dsn=4.3.0, status=deferred (temporary failure. Command output: doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: imap_client_workarounds=outlook-idle is no longer necessary doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:19: passdb pam {} has been replaced by passdb { driver=pam } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:21: userdb passwd {} has been replaced by userdb { driver=passwd } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:23: auth_user has been replaced by service auth { user } doveconf: Why don't they get delivered? Also, I've tried to follow the advice in the warnings and it never works. I've tried the doveconf -n > dovcot-new.conf command and the same conf file I've been using pops up. Can someone post some code that reflects how the new conf file should look? TIA, Jack From stsiol at yahoo.co.uk Sun Oct 23 11:40:18 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Sun, 23 Oct 2011 09:40:18 +0100 (BST) Subject: [Dovecot] off topic question, ammended Message-ID: <1319359218.75025.YahooMailNeo@web27202.mail.ukl.yahoo.com> Sorry chaps, I meant MUA not MTA. I am trying to find a mail reader doing LDAP writes. Regards, s. ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From simon.brereton at buongiorno.com Sun Oct 23 21:41:20 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Sun, 23 Oct 2011 14:41:20 -0400 Subject: [Dovecot] Temporary Failures In-Reply-To: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> References: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> Message-ID: On 22 October 2011 20:57, Jack Fredrikson wrote: > Hi; > I keep getting errors like this one: > > Oct 22 16:51:08 example postfix/pipe[12021]: C2F705790169: to=, relay=dovecot, delay=2.1, delays=2/0.01/0/0.08, dsn=4.3.0, status=deferred (temporary failure. Command output: doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: imap_client_workarounds=outlook-idle is no longer necessary doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:19: passdb pam {} has been replaced by passdb { driver=pam } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:21: userdb passwd {} has been replaced by userdb { driver=passwd } doveconf: Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:23: auth_user has > ?been replaced by service auth { user } doveconf: > > > Why don't they get delivered? Also, I've tried to follow the advice in the warnings and it never works. I've tried the doveconf -n > dovcot-new.conf command and the same conf file I've been using pops up. Can someone post some code that reflects how the new conf file should look? What version of dovecot are you currently using? Can you post this file? /usr/local/etc/dovecot/dovecot.conf Simon From jackfredrikson at yahoo.com Sun Oct 23 22:20:58 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Sun, 23 Oct 2011 12:20:58 -0700 (PDT) Subject: [Dovecot] Temporary Failures In-Reply-To: References: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> Message-ID: <1319397658.61351.YahooMailNeo@web122020.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: Jack Fredrikson Cc: "dovecot at dovecot.org" Sent: Sunday, October 23, 2011 2:41 PM Subject: Re: [Dovecot] Temporary Failures First up, apologies for double-posting. I actually posted this last one yesterday and the other one this afternoon. Someone suggested I use the dovecot-new.conf file. If you've ever opened that up, everything's commented out and it only publishes the defaults anyway! Basically worthless if you're doing anything sophisticated, which includes pretty much anything :) > What version of dovecot are you currently using?? 2.0.15 > Can you post this file? > /usr/local/etc/dovecot/dovecot.conf mail_location = maildir:/var/vmail/%d/%u maildir_copy_with_hardlinks = yes protocol imap { ? mail_plugins = quota imap_quota #? imap_client_workarounds = outlook-idle delay-newmail } protocol pop3 { ? mail_plugins = quota ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { ? postmaster_address = postmaster at creative.vi ? mail_plugins = quota ? log_path = /var/log/dovecot-deliver.log ? info_log_path = /var/log/dovecot-deliver.log } auth default { ??? mechanisms = plain login ??? passdb pam { ??? } ??? userdb passwd { ??? } ??? user = root ??? socket listen { ????? client { ??????? path = /var/spool/postfix/private/auth ??????? mode = 0660 ??????? user = postfix ??????? group = postfix ????? } ??? } } dict { } plugin { ? quota = maildir:storage=10240:messages=1000 #? acl = vfile:/usr/local/etc/dovecot/acls ? trash = /usr/local/etc/dovecot/trash.conf } protocols = imap pop3 disable_plaintext_auth = yes ssl = yes #ssl_disable = no ssl_cert = References: <1319331445.48490.YahooMailNeo@web122008.mail.ne1.yahoo.com> Message-ID: <1319397868.43382.YahooMailNeo@web122002.mail.ne1.yahoo.com> This is *only* a PS to my last response (e.g., please be sure to read last response). Rob0 stated I should be using dovecot-lda. After running in circles it appears that dovecot-lda is incorporated into dovecot proper any more and I've duly incorporated it into my dovecot.conf file. Jack From nam_10 at hotmail.com Sun Oct 23 22:39:33 2011 From: nam_10 at hotmail.com (nuno marques) Date: Sun, 23 Oct 2011 19:39:33 +0000 Subject: [Dovecot] execute command in quota warning Message-ID: hi, I cant run any script in "quota_warning = storage=95%% quota-warning 95 %u". Any ideia? Thanks # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) auth_debug = yes auth_debug_passwords = yes auth_username_format = %Lu auth_verbose = yes disable_plaintext_auth = no mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = " quota" mbox_write_locks = fcntl passdb { driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid from subject size vsize flags quota = maildir:User quota quota_exceeded_message = Quota exceeded, please go to http://www.example.com/over_quota_help for instructions on how to fix this. quota_rule = fs:storage=+10M quota_rule2 = Trash:ignore quota_rule3 = SPAM:ignore quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=50%% quota-warning 50 %u } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { group = root mode = 0666 user = root } user = root } ssl_cert = Hi, I'm searching, but not found nothing about using userb with NoSQL databases: http://wiki2.dovecot.org/UserDatabase Are there any plans to implement this option? Thanks From lists at wilkesley.net Mon Oct 24 13:00:59 2011 From: lists at wilkesley.net (Ian Barton) Date: Mon, 24 Oct 2011 11:00:59 +0100 Subject: [Dovecot] sieve-pipe Error Message-ID: <4EA5375B.2060101@wilkesley.net> I am using Dovecot 2.0.15 on Arch. I have cloned the hg repo and compiled the plugin using the following options: ./configure --with-dovecot=/usr/lib/dovecot --with-pigeonhole=/usr/include/dovecot/sieve/ The relevant section of my dovecot.conf looks like: plugin { sieve = ~/.dovecot.sieve sieve_global_path = /home/vmail/globalsieverc sieve_dir = ~/ sieve_plugins = sieve_pipe # This directory contains the scripts that are available. sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe } When I restart Dovecot I get the following error: ian:dovecot/ $ sudo rc.d restart dovecot [10:50:53] :: Stopping dovecot daemon [DONE] :: Starting dovecot daemon [BUSY] managesieve: Fatal: opendir(/usr/lib/dovecot/modules/sieve) failed: No such file or directory doveconf: Error: managesieve-login: dump-capability process returned 89 Ian. From stephan at rename-it.nl Mon Oct 24 13:10:38 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 24 Oct 2011 12:10:38 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4E9EED12.8040409@rename-it.nl> References: <4E9EDAC1.4000602@jkart.de> <4E9EED12.8040409@rename-it.nl> Message-ID: <4EA5399E.9070205@rename-it.nl> Op 19-10-2011 17:30, Stephan Bosch schreef: > Op 19-10-2011 16:12, Jim Knuth schreef: >> Hello, >> >> is http://xi.rename-it.nl down? Apticron >> shows me permanently errors. > > Yes. I noticed this yesterday. > > This is a recurring problem for some reason, probably some Xen-related > issue. Every few months it just 'goes away' without any apparent > reason. Unfortunately, I cannot restart the Xi myself at the moment > and the person who can is currently involved in solving another IT > calamity of a different magnitude. I think it can take up to a day for > this system to come back online. This is probably going to take more time. Administrator is having issues that prove to be harder to solve than expected. Regards, Stephan. From jk at jkart.de Mon Oct 24 13:43:06 2011 From: jk at jkart.de (Jim Knuth) Date: Mon, 24 Oct 2011 12:43:06 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4EA5399E.9070205@rename-it.nl> References: <4E9EDAC1.4000602@jkart.de> <4E9EED12.8040409@rename-it.nl> <4EA5399E.9070205@rename-it.nl> Message-ID: <4EA5413A.40400@jkart.de> am 24.10.11 12:10 schrieb Stephan Bosch : > This is probably going to take more time. Administrator is having > issues that prove to be harder to solve than expected. > > Regards, > > Stephan. thank you, but :-/ -- Mit freundlichen Gr??en, with kind regards, Jim Knuth --------- Man soll Denken lehren, nicht Gedachtes. (Unknown) From wgillespie+dovecot at es2eng.com Mon Oct 24 20:38:28 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Mon, 24 Oct 2011 11:38:28 -0600 Subject: [Dovecot] userdb with NoSQL database In-Reply-To: References: Message-ID: <4EA5A294.6050705@es2eng.com> On 10/24/2011 3:16 AM, Francisco Wagner C. Freire wrote: > Hi, > > I'm searching, but not found nothing about using userb with NoSQL databases: > http://wiki2.dovecot.org/UserDatabase > Are there any plans to implement this option? There was some talk on the list around February 8th, but that's the last I've seen mention of it. From dswartz at druber.com Mon Oct 24 20:52:33 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Mon, 24 Oct 2011 13:52:33 -0400 Subject: [Dovecot] Expire plugin not executing for sieve plugin? In-Reply-To: <4EA03F1C.5010500@druber.com> References: <4EA03F1C.5010500@druber.com> Message-ID: <4EA5A5E1.3000202@druber.com> No ideas? I googled some more and eventually turned up this posting: http://www.mailinglistarchive.com/html/dovecot at dovecot.org/2011-01/msg00716.html guy seems to be having the exact problem I am, unfortunately, no-one replied to his post either :( From pgnet.dev+rich-dovecot at gmail.com Mon Oct 24 21:14:25 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Mon, 24 Oct 2011 11:14:25 -0700 Subject: [Dovecot] [bug] Changing dovecot 'quota' Value incorrectly overwrites Limit with same value Message-ID: I'm able to consistently reproduce this problem/behavior, but not workaround or fix it, yet. Rich On Wed, Oct 19, 2011 at 7:41 AM, Rich wrote: > I've made some progress, but quota 'Limit' is still not fully > functioning for me. > > A couple of changes have helped: > > Specifying a "%u% as username format, > > ? ? ? ?/etc/dovecot/conf.d/90-quota.conf > ? ? ? ? ? ? ? ?plugin { > - ? ? ? ? ? ? ? ? ? ? ? quota = dict:User Quota::proxy::quota > + ? ? ? ? ? ? ? ? ? ? ? quota = dict:User Quota:%u:proxy::quota > ? ? ? ? ? ? ? ? ? ? ? ?quota_rule = *:bytes=1073741824:messages=10000 > ? ? ? ? ? ? ? ? ? ? ? ?quota_rule2 = Trash:storage=+10%% > ? ? ? ? ? ? ? ?} > > using 'username' rather than 'user' in the user iteration query > > ? ? ? ?/etc/dovecot/sql/virtmail-userdb-sql.cf > ? ? ? ? ? ? ? ?driver = mysql > ? ? ? ? ? ? ? ?connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user > password=my_pass > ? ? ? ? ? ? ? ?user_query = CALL UserDBQuery('%n','%d'); > - ? ? ? ? ? ? ? iterate_query = SELECT `MAILBOX_user_domain` AS user FROM `PARAMS`; > + ? ? ? ? ? ? ? iterate_query = SELECT `MAILBOX_user_domain` AS username FROM `PARAMS`; > > and adding to my user_query, > > ? ? ? ?CREATE PROCEDURE `UserDBQuery`( > ? ? ? ? ? ? ? ?... > ? ? ? ? ? ? ? ?SELECT ... > ? ? ? ? ? ? ? ? ?concat('*:bytes=', quota_bytes, ':messages=10000') AS quota_rule, > ? ? ? ? ? ? ? ? ?... > > Now, at init, > > ? ? ? ?doveadm quota get -A > ? ? ? ? ? ? ? ?Username ? ? ? ? ? ? ? ?Quota name ? ? ?Type ? ? ? ? ? ?Value ? Limit ? % > ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 > ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 > ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 > ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 > > ? ? ? ?mysql> select * from PARAMS; > ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ > ? ? ? ? ? ? ? ?| ai | MAILBOX_user_domain ? ?| quota_bytes | quota_msgs | > ? ? ? ? ? ? ? ?+----+------------------------+-------------+------------+ > ? ? ? ? ? ? ? ?| ?1 | ?myuser at domain1.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | > ? ? ? ? ? ? ? ?| ?2 | ?myuser at domain2.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | > ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ > ? ? ? ? ? ? ? ?2 rows in set (0.00 sec) > > and, after sending a single message to 'myuser at domain1.com', I do see > that Dovecot now recognizes/calculates a quota change, and only for > one domain, > > ? ? ? ?doveadm quota get -A > ? ? ? ? ? ? ? ?Username ? ? ? ? ? ? ? ?Quota name ? ? ?Type ? ? ? ? ? ?Value ? Limit ? % > ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 3 ? ? ? 3 ? ? ? 100 > ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 1 ? ? ? 10000 ? 0 > ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 > ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 > > ? ? ? ?mysql> select * from PARAMS; > ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ > ? ? ? ? ? ? ? ?| ai | MAILBOX_user_domain ? ?| quota_bytes | quota_msgs | > ? ? ? ? ? ? ? ?+----+------------------------+-------------+------------+ > ? ? ? ? ? ? ? ?| ?1 | ?myuser at domain1.com ? ?| ? ? ? ?3269 | ? ? ? ? ?1 | > ? ? ? ? ? ? ? ?| ?2 | ?myuser at domain2.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | > ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ > ? ? ? ? ? ? ? ?2 rows in set (0.00 sec) > > > But, the Limit's wrong. ?It's not picking up the global Limit from > > ? ? ? ?/etc/dovecot/conf.d/90-quota.conf > ? ? ? ? ? ? ? ?... > --> ? ? ? ? ? ? quota_rule = *:bytes=1073741824:messages=10000 > ? ? ? ? ? ? ? ?... > > and once a message quota Value is calculated, the Limit is set == > Value, resulting in an incorrrect quota %-age of 100%. > > Is Limit supposed to be specified per-user? > > Rich > From jackfredrikson at yahoo.com Mon Oct 24 22:00:54 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 12:00:54 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem Message-ID: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> Hi; This is my 6th day installing my first Postfix/Dovecot installation. The Postfix mailing list indicates I've got the MTA under control so now I'm seeking your help with the MDA. I get these errors with legitimate email addresses: Oct 24 11:47:38 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 25 seconds before retry Now I've logged in myself: mysql -u dovecot -p Enter password: xxx and succeeded. What am I doing wrong? I've noticed that every time I restart dovecot I get this error in the dovecot-deliver.log: Oct 24 11:31:11 lda: Error: userdb lookup: connect(/usr/local/var/run/dovecot/auth-userdb) failed: Permission denied (euid=512(vmail) egid=512(vmail) missing +r perm: /usr/local/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) Oct 24 11:31:11 lda: Fatal: Internal error occurred. Refer to server log for more information. Every time I go to chmod 666 on that file, restarting dovecot wipes those permissions. How fix? Even when I fix that, I still get the "temporary failure". Please advise. TIA, Jack From tom at whyscream.net Mon Oct 24 22:24:28 2011 From: tom at whyscream.net (Tom Hendrikx) Date: Mon, 24 Oct 2011 21:24:28 +0200 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> Message-ID: <4EA5BB6C.4050205@whyscream.net> On 24-10-11 21:00, Jack Fredrikson wrote: > Hi; This is my 6th day installing my first Postfix/Dovecot > installation. The Postfix mailing list indicates I've got the MTA > under control so now I'm seeking your help with the MDA. I get these > errors with legitimate email addresses: Oct 24 11:47:38 myserver > dovecot: auth-worker: Error: mysql(localhost): Connect failed to > database (postfix): Access denied for user 'dovecot'@'localhost' > (using password: YES) - waiting for 25 seconds before retry > > Now I've logged in myself: mysql -u dovecot -p Enter password: xxx > and succeeded. What am I doing wrong? > The "(using password: YES)" part of the error indicates that your connection to the server was established successfully. However, it seems that user 'dovecot' has no access to database 'postfix', which you did not test on the command line either. What happens on the commandline when you enter (after logging in: use postfix; show tables; Fix that error in the mysql user administration, then try again. > > I've noticed that every time I restart dovecot I get this error in > the dovecot-deliver.log: > > Oct 24 11:31:11 lda: Error: userdb lookup: > connect(/usr/local/var/run/dovecot/auth-userdb) failed: Permission > denied (euid=512(vmail) egid=512(vmail) missing +r perm: > /usr/local/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) > Oct 24 11:31:11 lda: Fatal: Internal error occurred. Refer to server > log for more information. > > > Every time I go to chmod 666 on that file, restarting dovecot wipes > those permissions. How fix? Even when I fix that, I still get the > "temporary failure". Please advise. You forgot to add doveconf -n output, so I'm guessing here, but in your config, there should be a part defining something like: service auth { unix_listener auth-userdb { # some commented stuff } } Uncomment as needed, and set the values a indicated by the error message (probably something like user=vmail, group=vmail mode=0660). > > TIA, Jack > From piotr-l at netexpert.pl Mon Oct 24 22:26:00 2011 From: piotr-l at netexpert.pl (Piotr NetExpert) Date: Mon, 24 Oct 2011 21:26:00 +0200 Subject: [Dovecot] iterate_query not working Message-ID: <4EA5BBC8.5090901@netexpert.pl> Hi, I have got iterate_query defined in dovecot-sql.conf.ext. However when I run a command like: doveadm search -A BEFORE 10d I receive an error message (Failed to iterate ...) There is an error message in a log file too: Error: Trying to iterate users, but userdbs don't support it The problem is that monitoring a database server shows that dovecot does not try to execute any query. What I am doing wrong? password_query lookups work fine. -- pozdrawiam Piotr Szafarczyk http://www.netexpert.pl From simon.brereton at buongiorno.com Mon Oct 24 22:38:28 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 24 Oct 2011 15:38:28 -0400 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> Message-ID: On 24 October 2011 15:00, Jack Fredrikson wrote: > Hi; > This is my 6th day installing my first Postfix/Dovecot installation. The Postfix mailing list indicates I've got the MTA under control so now I'm seeking your help with the MDA. I get these errors with legitimate email addresses: > Oct 24 11:47:38 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 25 seconds before retry > > Now I've logged in myself: > mysql -u dovecot -p > Enter password: xxx > and succeeded. What am I doing wrong? > > > I've noticed that every time I restart dovecot I get this error in the dovecot-deliver.log: > > Oct 24 11:31:11 lda: Error: userdb lookup: connect(/usr/local/var/run/dovecot/auth-userdb) failed: Permission denied (euid=512(vmail) egid=512(vmail) missing +r perm: /usr/local/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) > Oct 24 11:31:11 lda: Fatal: Internal error occurred. Refer to server log for more information. > > > Every time I go to chmod 666 on that file, restarting dovecot wipes those permissions. How fix? > Even when I fix that, I still get the "temporary failure". > Please advise. what user are you running dovecot as? Does this thread help? http://www.mail-archive.com/dovecot at dovecot.org/msg32290.html or this one? http://www.mailinglistarchive.com/html/dovecot at dovecot.org/2010-08/msg01136.html Simon From hs at schlittermann.de Mon Oct 24 23:32:25 2011 From: hs at schlittermann.de (Heiko Schlittermann) Date: Mon, 24 Oct 2011 22:32:25 +0200 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> Message-ID: <20111024203225.GP3659@jumper.schlittermann.de> Jack Fredrikson (Mon Oct 24 21:00:54 2011): > Hi; > This is my 6th day installing my first Postfix/Dovecot installation. The Postfix mailing list indicates I've got the MTA under control so now I'm seeking your help with the MDA. I get these errors with legitimate email addresses: > Oct 24 11:47:38 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 25 seconds before retry > > Now I've logged in myself: > mysql -u dovecot -p > Enter password: xxx > and succeeded. What am I doing wrong? You should test: mysql -udovecot -pxxx -hlocalhost postfix to simulate the dovecot attemts. > I've noticed that every time I restart dovecot I get this error in the dovecot-deliver.log: > > Oct 24 11:31:11 lda: Error: userdb lookup: connect(/usr/local/var/run/dovecot/auth-userdb) failed: Permission denied (euid=512(vmail) egid=512(vmail) missing +r perm: /usr/local/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) > Oct 24 11:31:11 lda: Fatal: Internal error occurred. Refer to server log for more information. > > > Every time I go to chmod 666 on that file, restarting dovecot wipes those permissions. How fix? > Even when I fix that, I still get the "temporary failure". > Please advise. This file is not a file, it is a socket and gets recreated every time you restart dovecot. There is, if I remember well, some config option "mode" near the name of the name of the socket. -- Heiko :: dresden : linux : SCHLITTERMANN.de GPG Key 48D0359B : 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From jackfredrikson at yahoo.com Mon Oct 24 23:43:33 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 13:43:33 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <4EA5BB6C.4050205@whyscream.net> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> Message-ID: <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> ________________________________ From: Tom Hendrikx To: dovecot at dovecot.org Sent: Monday, October 24, 2011 3:24 PM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem First up, thanks for the links, Simon, but they didn't help :( I still need to chmod 666 /usr/local/var/run/dovecot/auth-userdb and I'm still getting the same error: Oct 24 13:40:57 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 5 seconds before retry > The "(using password: YES)" part of the error indicates that your > connection to the server was established successfully. However, it seems > that user 'dovecot' has no access to database 'postfix', which you did > not test on the command line either. > > What happens on the commandline when you enter (after logging in: > use postfix; show tables; I can log in *just fine* as dovecot and show tables, etc. # 2.0.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.7 (Final) vzfs auth_mechanisms = plain login mail_location = maildir:/var/vmail/%d/%u passdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } plugin { ? quota = maildir:storage=10240:messages=1000 ? trash = /usr/local/etc/dovecot/trash.conf } protocols = imap pop3 service auth { ? unix_listener auth-userdb { ??? mode = 0660 ? } ? user = root } ssl_cert = References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> Message-ID: On 24 October 2011 16:43, Jack Fredrikson wrote: > > ________________________________ > From: Tom Hendrikx > To: dovecot at dovecot.org > Sent: Monday, October 24, 2011 3:24 PM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > > First up, thanks for the links, Simon, but they didn't help :( I still need to > chmod 666 /usr/local/var/run/dovecot/auth-userdb > and I'm still getting the same error: > Oct 24 13:40:57 myserver dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) - waiting for 5 seconds before retry > >> The "(using password: YES)" part of the error indicates that your >> connection to the server was established successfully. However, it seems >> that user 'dovecot' has no access to database 'postfix', which you did >> not test on the command line either. >> >> What happens on the commandline when you enter (after logging in: >> use postfix; show tables; > > I can log in *just fine* as dovecot and show tables, etc. > > # 2.0.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.7 (Final) vzfs > auth_mechanisms = plain login > mail_location = maildir:/var/vmail/%d/%u Who owns /var/vmail? > passdb { > ? args = /usr/local/etc/dovecot/sql.conf > ? driver = sql > } > plugin { > ? quota = maildir:storage=10240:messages=1000 > ? trash = /usr/local/etc/dovecot/trash.conf > } > protocols = imap pop3 > service auth { > ? unix_listener auth-userdb { > ??? mode = 0660 > ? } > ? user = root > } > ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2 > ssl_key = ssl_key_password = Jw93Mx2 > userdb { > ? args = /usr/local/etc/dovecot/sql.conf > ? driver = sql > } > protocol imap { > ? mail_plugins = quota imap_quota > } > protocol pop3 { > ? mail_plugins = quota > ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } > protocol lda { > ? hostname = mydomain.com > ? info_log_path = /var/log/dovecot-deliver.log > ? log_path = /var/log/dovecot-deliver.log > ? mail_plugins = quota > ? postmaster_address = postmaster at mydomain.com > ? sendmail_path = /usr/sbin/sendmail.postfix > } From jackfredrikson at yahoo.com Tue Oct 25 00:47:11 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 14:47:11 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> Message-ID: <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: dovecot at dovecot.org Sent: Monday, October 24, 2011 5:04 PM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > Who owns /var/vmail? ls -al /var/vmail/ total 8 drwxrwx---? 2 vmail mail 4096 Oct 19 18:45 . drwxr-xr-x 26 root? root 4096 Oct 23 08:35 .. /usr/sbin/usermod -a -G mail,postfix dovecot And I'm still getting the same error: dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) TIA, Jack From tom at whyscream.net Tue Oct 25 01:00:01 2011 From: tom at whyscream.net (Tom Hendrikx) Date: Tue, 25 Oct 2011 00:00:01 +0200 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> Message-ID: <4EA5DFE1.1070306@whyscream.net> On 24-10-11 23:47, Jack Fredrikson wrote: > > ________________________________ > From: Simon Brereton > To: dovecot at dovecot.org > Sent: Monday, October 24, 2011 5:04 PM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > >> Who owns /var/vmail? > > ls -al /var/vmail/ > total 8 > drwxrwx--- 2 vmail mail 4096 Oct 19 18:45 . > drwxr-xr-x 26 root root 4096 Oct 23 08:35 .. > /usr/sbin/usermod -a -G mail,postfix dovecot Adding dovecot to the postfix group would be considered a security issue by many. Don't so this unless you actually think it wil help you (it won't). > > And I'm still getting the same error: > dovecot: auth-worker: Error: mysql(localhost): Connect failed to database (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES) > Please see http://dev.mysql.com/doc/refman/5.5/en/connecting.html, especially the part that starts with "On Unix, MySQL programs treat the host name localhost specially," Then show proof that this command works: mysql -udovecot -pxxx -h 127.0.0.1 postfix And see what happens if you set the hostname in dovecot config also to 127.0.0.1. Note that testing as root will likely give you access to the mysql socket, but dovecot might not have the same privileges. The above will test tcp connectivity for both. -- Tom From stephan at rename-it.nl Tue Oct 25 01:25:35 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 25 Oct 2011 00:25:35 +0200 Subject: [Dovecot] Expire plugin not executing for sieve plugin? In-Reply-To: <4EA5A5E1.3000202@druber.com> References: <4EA03F1C.5010500@druber.com> <4EA5A5E1.3000202@druber.com> Message-ID: <4EA5E5DF.1050508@rename-it.nl> On 10/24/2011 7:52 PM, Dan Swartzendruber wrote: > > No ideas? I googled some more and eventually turned up this posting: > > http://www.mailinglistarchive.com/html/dovecot at dovecot.org/2011-01/msg00716.html > > > guy seems to be having the exact problem I am, unfortunately, no-one > replied to his post either :( Hmm, wonder why no one answered that one. In theory, those plugins should interact gracefully. However, if something is wrong, I cannot test this right now, since I've not installed expire so far. I'll ask Timo if he can take a look at this. Otherwise, I'll have to build a small test setup first, which may take some time. Regards, Stephan. From stephan at rename-it.nl Tue Oct 25 01:27:50 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 25 Oct 2011 00:27:50 +0200 Subject: [Dovecot] xi.rename-it.nl down? In-Reply-To: <4EA5399E.9070205@rename-it.nl> References: <4E9EDAC1.4000602@jkart.de> <4E9EED12.8040409@rename-it.nl> <4EA5399E.9070205@rename-it.nl> Message-ID: <4EA5E666.6090007@rename-it.nl> On 10/24/2011 12:10 PM, Stephan Bosch wrote: > Op 19-10-2011 17:30, Stephan Bosch schreef: >> Op 19-10-2011 16:12, Jim Knuth schreef: >>> Hello, >>> >>> is http://xi.rename-it.nl down? Apticron >>> shows me permanently errors. >> >> Yes. I noticed this yesterday. >> >> This is a recurring problem for some reason, probably some >> Xen-related issue. Every few months it just 'goes away' without any >> apparent reason. Unfortunately, I cannot restart the Xi myself at the >> moment and the person who can is currently involved in solving >> another IT calamity of a different magnitude. I think it can take up >> to a day for this system to come back online. > > This is probably going to take more time. Administrator is having > issues that prove to be harder to solve than expected. > In case you didn't notice, it is back apparently. Plans are to move this thing to a new system soon, which should (implicitly) solve this problem definitively. Regards, Stephan. From stephan at rename-it.nl Tue Oct 25 01:33:41 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 25 Oct 2011 00:33:41 +0200 Subject: [Dovecot] sieve-pipe Error In-Reply-To: <4EA5375B.2060101@wilkesley.net> References: <4EA5375B.2060101@wilkesley.net> Message-ID: <4EA5E7C5.4080908@rename-it.nl> On 10/24/2011 12:00 PM, Ian Barton wrote: > I am using Dovecot 2.0.15 on Arch. I have cloned the hg repo and > compiled the plugin using the following options: > > ./configure --with-dovecot=/usr/lib/dovecot > --with-pigeonhole=/usr/include/dovecot/sieve/ > > The relevant section of my dovecot.conf looks like: > > plugin { > sieve = ~/.dovecot.sieve > sieve_global_path = /home/vmail/globalsieverc > sieve_dir = ~/ > > sieve_plugins = sieve_pipe > # This directory contains the scripts that are available. > sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe > } > > When I restart Dovecot I get the following error: > > ian:dovecot/ $ sudo rc.d restart dovecot > [10:50:53] > :: Stopping dovecot daemon > [DONE] > :: Starting dovecot daemon > [BUSY] managesieve: > Fatal: opendir(/usr/lib/dovecot/modules/sieve) failed: No such file or > directory > doveconf: Error: managesieve-login: dump-capability process returned 89 Apparently, the plugin is not installed in the correct location. Try supplying a --with-moduledir=/usr/lib/dovecot/modules . After make install, the /usr/lib/dovecot/modules/sieve directory should contain lib90_sieve_pipe_plugin.so. Regards, Stephan. From jackfredrikson at yahoo.com Tue Oct 25 02:17:23 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 16:17:23 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <4EA5DFE1.1070306@whyscream.net> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> Message-ID: <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> ________________________________ From: Tom Hendrikx To: dovecot at dovecot.org Sent: Monday, October 24, 2011 6:00 PM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > Adding dovecot to the postfix group would be considered a security issue > by many. Don't so this unless you actually think it wil help you (it won't). Thanks. I took it out. > Please see http://dev.mysql.com/doc/refman/5.5/en/connecting.html, > especially the part that starts with "On Unix, MySQL programs treat the > host name localhost specially," > > Then show proof that this command works: > >? ? mysql -udovecot -pxxx -h 127.0.0.1 postfix My bad. I had the wrong p/w in sql.conf :-} So now I'm connected to the database as dovecot, but I'm still getting these dad-blamed errors: BC81A57901AD: to=, relay=dovecot, delay=25695, delays=25695/0.02/0/0.28, dsn=4.3.0, status=deferred (temporary failure) # 2.0.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.7 (Final) vzfs auth_mechanisms = plain login mail_location = maildir:/var/vmail/%d/%u passdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } plugin { ? quota = maildir:storage=10240:messages=1000 ? trash = /usr/local/etc/dovecot/trash.conf } protocols = imap pop3 service auth { ? unix_listener auth-userdb { ??? group = postfix ??? mode = 0660 ??? user = postfix ? } ? user = root } ssl_cert = References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> Message-ID: <20111024192749.0d8268f4@scorpio> On Mon, 24 Oct 2011 16:17:23 -0700 (PDT) Jack Fredrikson articulated: > protocol lda { > ? hostname = 13gems.com > ? info_log_path = /var/log/dovecot-deliver.log > ? log_path = /var/log/dovecot-deliver.log > ? mail_plugins = quota > ? postmaster_address = postmaster at bar.com > ? sendmail_path = /usr/sbin/sendmail.postfix Are you sure about that "sendmail" path? It certainly isn't like that on my machine. -- Jerry ? Dovecot.user at seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From jackfredrikson at yahoo.com Tue Oct 25 03:14:13 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Mon, 24 Oct 2011 17:14:13 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <20111024192749.0d8268f4@scorpio> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <20111024192749.0d8268f4@scorpio> Message-ID: <1319501653.29776.YahooMailNeo@web122012.mail.ne1.yahoo.com> ________________________________ From: Jerry To: dovecot at dovecot.org Sent: Monday, October 24, 2011 7:27 PM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem >> ? sendmail_path = /usr/sbin/sendmail.postfix > Are you sure about that "sendmail" path? It certainly isn't like that > on my machine. Well, I changed it to just "sendmail" (since I had that file, too) but with the same result. I remember creating that file earlier but I don't remember where and searching around my system I can't xargs grep it. What do you recommend? TIA, Jack From stan at hardwarefreak.com Tue Oct 25 07:22:23 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Mon, 24 Oct 2011 23:22:23 -0500 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319501653.29776.YahooMailNeo@web122012.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <20111024192749.0d8268f4@scorpio> <1319501653.29776.YahooMailNeo@web122012.mail.ne1.yahoo.com> Message-ID: <4EA6397F.6070001@hardwarefreak.com> On 10/24/2011 7:14 PM, Jack Fredrikson wrote: > > ________________________________ > From: Jerry > To: dovecot at dovecot.org > Sent: Monday, October 24, 2011 7:27 PM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > >>> sendmail_path = /usr/sbin/sendmail.postfix > >> Are you sure about that "sendmail" path? It certainly isn't like that >> on my machine. > > Well, I changed it to just "sendmail" (since I had that file, too) but with the same result. I remember creating that file earlier but I don't remember where and searching around my system I can't xargs grep it. What do you recommend? I recommend the default: sendmail_path = /usr/sbin/sendmail I also recommend you not fly by the seat of your pants when creating IT infrastructure for a client. Doing so is good for neither of you. -- Stan From simon.brereton at buongiorno.com Tue Oct 25 07:46:30 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Tue, 25 Oct 2011 00:46:30 -0400 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> Message-ID: On 24 October 2011 19:17, Jack Fredrikson wrote: > > ________________________________ > From: Tom Hendrikx > To: dovecot at dovecot.org > Sent: Monday, October 24, 2011 6:00 PM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > >> Adding dovecot to the postfix group would be considered a security issue >> by many. Don't so this unless you actually think it wil help you (it won't). > > Thanks. I took it out. > >> Please see http://dev.mysql.com/doc/refman/5.5/en/connecting.html, >> especially the part that starts with "On Unix, MySQL programs treat the >> host name localhost specially," >> >> Then show proof that this command works: >> >>? ? mysql -udovecot -pxxx -h 127.0.0.1 postfix > > My bad. I had the wrong p/w in sql.conf :-} > > So now I'm connected to the database as dovecot, but I'm still getting these dad-blamed errors: > > BC81A57901AD: to=, relay=dovecot, delay=25695, delays=25695/0.02/0/0.28, dsn=4.3.0, status=deferred (temporary failure) Turn up the logging in postfix (add -vv to the smtpd line in master.cf or google for log-level) - but I'm pretty sure that this means postfix wants to give it dovecot, but dovecot says I can't do anything with it. Either cos it doesn't know where to put it. Or doesn't have permission to put it there. You could turn up your dovecot logging too if the postfix logs aren't helpful. My directory permissions (in no way security recommended - but working) for /var/vmail/ are: drwxrwxS mailsystem mailsystem Simon > # 2.0.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.7 (Final) vzfs > auth_mechanisms = plain login > mail_location = maildir:/var/vmail/%d/%u > passdb { > ? args = /usr/local/etc/dovecot/sql.conf > ? driver = sql > } > plugin { > ? quota = maildir:storage=10240:messages=1000 > ? trash = /usr/local/etc/dovecot/trash.conf > } > protocols = imap pop3 > service auth { > ? unix_listener auth-userdb { > ??? group = postfix > ??? mode = 0660 > ??? user = postfix > ? } > ? user = root > } > ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2 > ssl_key = userdb { > ? args = /usr/local/etc/dovecot/sql.conf > ? driver = sql > } > protocol imap { > ? mail_plugins = quota imap_quota > } > protocol pop3 { > ? mail_plugins = quota > ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } > protocol lda { > ? hostname = 13gems.com > ? info_log_path = /var/log/dovecot-deliver.log > ? log_path = /var/log/dovecot-deliver.log > ? mail_plugins = quota > ? postmaster_address = postmaster at bar.com > ? sendmail_path = /usr/sbin/sendmail.postfix > } > > TIA, > Jack From stephan at rename-it.nl Tue Oct 25 11:26:19 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 25 Oct 2011 10:26:19 +0200 Subject: [Dovecot] sieve-pipe Error In-Reply-To: <4EA66648.8050308@wilkesley.net> References: <4EA5375B.2060101@wilkesley.net> <4EA5E7C5.4080908@rename-it.nl> <4EA66648.8050308@wilkesley.net> Message-ID: <4EA672AB.5070401@rename-it.nl> Op 25-10-2011 9:33, Ian Barton schreef: > On 24/10/11 23:33, Stephan Bosch wrote: >> On 10/24/2011 12:00 PM, Ian Barton wrote: >>> I am using Dovecot 2.0.15 on Arch. I have cloned the hg repo and >>> compiled the plugin using the following options: >>> >>> ./configure --with-dovecot=/usr/lib/dovecot >>> --with-pigeonhole=/usr/include/dovecot/sieve/ >>> >>> The relevant section of my dovecot.conf looks like: >>> >>> plugin { >>> sieve = ~/.dovecot.sieve >>> sieve_global_path = /home/vmail/globalsieverc >>> sieve_dir = ~/ >>> >>> sieve_plugins = sieve_pipe >>> # This directory contains the scripts that are available. >>> sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe >>> } >>> >>> When I restart Dovecot I get the following error: >>> >>> ian:dovecot/ $ sudo rc.d restart dovecot [10:50:53] >>> :: Stopping dovecot daemon [DONE] >>> :: Starting dovecot daemon [BUSY] managesieve: Fatal: >>> opendir(/usr/lib/dovecot/modules/sieve) failed: No such file or >>> directory >>> doveconf: Error: managesieve-login: dump-capability process returned 89 >> >> Apparently, the plugin is not installed in the correct location. Try >> supplying a --with-moduledir=/usr/lib/dovecot/modules . >> >> After make install, the /usr/lib/dovecot/modules/sieve directory should >> contain lib90_sieve_pipe_plugin.so. >> > > Thank you that worked. Now to test if it's working:) Please reply to the mailing list as well. Regards, Stephan. From dovecot at tlinx.org Tue Oct 25 13:14:41 2011 From: dovecot at tlinx.org (Linda Walsh) Date: Tue, 25 Oct 2011 03:14:41 -0700 Subject: [Dovecot] Thunderbird slow in talking with dovecot IMAP AND to sendmail Message-ID: <4EA68C11.5060102@tlinx.org> I'm trying to find out what's causing this slowdown -- it's INTOLERABLE.... over 1 minute and less than 1% done. (400MB file)... After trying 3 times, I gave up and logged in using X to the server and ran Tbird from there.... Mail sent out in < 1 minute, though the copy to dovecot took about 50% longer. So... I looked at the network trace. and everyfrackin' body was using 4K packet sizes (at the application level!, the window size on TCP was over 64K...but no one was using it)....especially galling with my network's MTU at 9K, BTW, because small packets are really bad on a 1Gb network. sendmail -- 4K, dovecot /ssl, 4K... wazzup .. is t-bird forcing this, or is there some ssl requirement? but it can't just be ssl -- as it's talking to sendmail on port 25 unencrypted (it's a local net anyway)... I could see the entire binary going out in text form... 1 line at a time...a "C" line in sendmail, with lens of 4096...is that some max? I don't see it in the sendmail.cf files...wanted to see if anyone knew of dovecot restrictions that might limit packets to 4k, before I lamblasted the thunderbird people for another act of mindless stupidity (the first being when they decided to cache all your IMAP store on every local client in the client's ROAMING profile...*brilliant*!!!... sides, if I wanted it on local I would have set 'store on local', but in TB3, they know better and change that for me... Something about them being too stupid to use indexing and searching on an imap server? Maybe I just imagined hearing that... From jackfredrikson at yahoo.com Tue Oct 25 13:47:26 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 03:47:26 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> Message-ID: <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: Dovecot Mailing List Sent: Tuesday, October 25, 2011 12:46 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem I think I've found the problem. How do I create this file? /usr/local/libexec/dovecot/deliver-ldaTIA, Jack From ef at math.uni-bonn.de Tue Oct 25 14:02:39 2011 From: ef at math.uni-bonn.de (Edgar =?iso-8859-1?B?RnXf?=) Date: Tue, 25 Oct 2011 13:02:39 +0200 Subject: [Dovecot] Seen flag getting lost Message-ID: <20111025110238.GB8900@gumme.math.uni-bonn.de> We have two dovecot 1.2 instances sharing Maildirs on NFS. Indexes are local to the individual servers. Occasionally (no idea how to trigger this), the Seen flag gets lost on some messages. I've verified that actually the ``S'' is missing from the filename. I suspect something like server A caching the flags, server B setting Seen, and then server A flushing its cache for another change so overwriting what B changed. Any ideas short of switching to 2.0? From sb at dod.no Tue Oct 25 14:38:07 2011 From: sb at dod.no (Steinar Bang) Date: Tue, 25 Oct 2011 13:38:07 +0200 Subject: [Dovecot] SSL renegotiation vulnerability (Was: dovecot evaluation on a 30 gb mailbox) References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> Message-ID: >>>>> Timo Sirainen : > Yes, SSL handshakes are extra. Although SSL supports some kind of > quick renegotiation too, but Dovecot doesn't support that yet. No > one's ever requested it.. Hum... this article (in Norwegian) http://www.digi.no/881186/skrekkverktoy-slaar-ut-%ABsikre%BB-servere addresses the SSL renegotiation vulnerability, and how it can be used to DOS servers using SSL from a single machine with low bandwidth. At the end the article is discussing how to configure off the SSL renegotiate in different servers, and that the author had been unable to find a setting for disabling SSL renegotiate in dovecot (and if anyone knows how, please inform him). Could the reason he hasn't found such a setting be that SSL renegotiate isn't supported at all in dovecot...? Thanks! - Steinar From CMarcus at Media-Brokers.com Tue Oct 25 14:38:22 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 25 Oct 2011 07:38:22 -0400 Subject: [Dovecot] Thunderbird slow in talking with dovecot IMAP AND to sendmail In-Reply-To: <4EA68C11.5060102@tlinx.org> References: <4EA68C11.5060102@tlinx.org> Message-ID: <4EA69FAE.1030100@Media-Brokers.com> On 2011-10-25 6:14 AM, Linda Walsh wrote: > and everyfrackin' body was using 4K packet sizes (at the application > level!, the window size on TCP was over 64K...but no one was using > it)....especially galling with my network's MTU at 9K, BTW, because > small packets are really bad on a 1Gb network. > > sendmail -- 4K, > dovecot /ssl, 4K... > > wazzup .. is t-bird forcing this, If I'm not mistaken, yes, this is (or could be) a TBird problem... I can't find the bug report where this was discussed, but I distinctly remember one of the devs commenting on this 4k packet size issue. Apparently it was an intentional change, but he couldn't figure out why. Fyi, it was discussed in one of the IMAP performance bugs... -- Best regards, Charles From jackfredrikson at yahoo.com Tue Oct 25 16:51:56 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 06:51:56 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> ________________________________ From: Jack Fredrikson To: "simon.brereton at buongiorno.com" ; Dovecot Mailing List Sent: Tuesday, October 25, 2011 6:47 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem Or, conversely, how do I create this file: /usr/local/libexec/dovecot/deliver The problem is the first_valid_uid and first_valid_gid need to be reset. What file is called to create "deliver"? Please help. TIA, Jack From simon.brereton at buongiorno.com Tue Oct 25 16:53:15 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Tue, 25 Oct 2011 09:53:15 -0400 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: On 25 October 2011 06:47, Jack Fredrikson wrote: > > ________________________________ > From: Simon Brereton > To: Dovecot Mailing List > Sent: Tuesday, October 25, 2011 12:46 AM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > > I think I've found the problem. How do I create this file? > > /usr/local/libexec/dovecot/deliver-lda I can't speak to CentOS, but I'm not sure you need to be "creating" any files - especially not in libexec. Are you sure your dovecot installation isn't hosed somehow? Simon From giles at coochey.net Tue Oct 25 17:02:15 2011 From: giles at coochey.net (Giles Coochey) Date: Tue, 25 Oct 2011 16:02:15 +0200 Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> Message-ID: <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> On Tue, October 25, 2011 15:51, Jack Fredrikson wrote: > > ________________________________ > From: Jack Fredrikson > To: "simon.brereton at buongiorno.com" ; > Dovecot Mailing List > Sent: Tuesday, October 25, 2011 6:47 AM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection > Problem > > > Or, conversely, how do I create this file: > > /usr/local/libexec/dovecot/deliver > > The problem is the first_valid_uid and first_valid_gid need to be reset. > What file is called to create "deliver"? Please help. > On my Centos 5.x: [root at gate ~]# rpm -qf /usr/libexec/dovecot/deliver dovecot-2.0.15-1.0.cf.rhel5 [root at gate ~]# rpm -qf /usr/libexec/dovecot/dovecot-lda dovecot-2.0.15-1.0.cf.rhel5 [root at gate ~]# What dovecot do you have? From jackfredrikson at yahoo.com Tue Oct 25 17:05:36 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 07:05:36 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> Message-ID: <1319551536.95677.YahooMailNeo@web122009.mail.ne1.yahoo.com> ________________________________ From: Simon Brereton To: Dovecot Mailing List Sent: Tuesday, October 25, 2011 9:53 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > I can't speak to CentOS, but I'm not sure you need to be "creating" > any files - especially? not in libexec.? Are you sure your dovecot > installation isn't hosed somehow? Of course I'm not sure and rebuilding dovecot is what I'll do if all else fails. When I discovered the problem in my dovecot logs, I searched for the offending GID and discovered it in /usr/local/libexec/dovecot/deliver which, of course, is a binary. How did it get there? Certainly not when I did my ./configure make make install dance with dovecot's src distro. How did it get there?? How do I change it??` TIA, Jack From jackfredrikson at yahoo.com Tue Oct 25 17:10:21 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 07:10:21 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> Message-ID: <1319551821.48248.YahooMailNeo@web122010.mail.ne1.yahoo.com> ________________________________ From: Giles Coochey To: Jack Fredrikson Cc: "simon.brereton at buongiorno.com" ; Dovecot Mailing List Sent: Tuesday, October 25, 2011 10:02 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem > On my Centos 5.x: > > [root at gate ~]# rpm -qf /usr/libexec/dovecot/deliver > dovecot-2.0.15-1.0.cf.rhel5 > [root at gate ~]# rpm -qf /usr/libexec/dovecot/dovecot-lda > dovecot-2.0.15-1.0.cf.rhel5 > > What dovecot do you have? 2.0.15 I built mine the old way: ./configure --with-mysql make make install So how would I rebuild just this one file? From where does it get its data? I need to change the first_valid_gid. TIA, Jack From jackfredrikson at yahoo.com Tue Oct 25 18:01:31 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 08:01:31 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319551821.48248.YahooMailNeo@web122010.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> <1319551821.48248.YahooMailNeo@web122010.mail.ne1.yahoo.com> Message-ID: <1319554891.19030.YahooMailNeo@web122011.mail.ne1.yahoo.com> From: Giles Coochey To: Jack Fredrikson Cc: "simon.brereton at buongiorno.com" ; Dovecot Mailing List Sent: Tuesday, October 25, 2011 10:02 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem I just discovered this: [root at myserver postfix]# ls -al /usr/libexec/dovecot/ total 8 drwxr-xr-x 2 root root 4096 Oct 22 08:59 . drwxr-xr-x 9 root root 4096 Oct 23 08:36 .. lrwxrwxrwx 1 root root?? 34 Oct 22 08:59 deliver -> /usr/local/libexec/dovecot/deliver [root at myserver postfix]# ls -al /usr/local/libexec/dovecot/deliver* lrwxrwxrwx 1 root root 11 Oct 20 17:14 /usr/local/libexec/dovecot/deliver -> dovecot-lda Huh? So I made a softlink directly to /usr/local/libexec/dovecot/dovecot-lda (which is where it resides) But I'm still getting the same errors: Oct 25 07:58:47 lda(foo at bar.com): Fatal: setgid(12(mail) from userdb lookup) failed with euid=512(vmail), gid=512(vmail), egid=512(vmail): Operation not permitted (This binary should probably be called with process group set to 12(mail) instead of 512(vmail)) I need to change the gid because it's wrong. Now, rebuilding dovecot isn't going to do that because we don't set such things in the flags to rebuild. So where in tarnation do we??? TIA, Jack > On my Centos 5.x: > > [root at gate ~]# rpm -qf /usr/libexec/dovecot/deliver > dovecot-2.0.15-1.0.cf.rhel5 > [root at gate ~]# rpm -qf /usr/libexec/dovecot/dovecot-lda > dovecot-2.0.15-1.0.cf.rhel5 > > What dovecot do you have? 2.0.15 I built mine the old way: ./configure --with-mysql make make install So how would I rebuild just this one file? From where does it get its data? I need to change the first_valid_gid. TIA, Jack From jackfredrikson at yahoo.com Tue Oct 25 21:01:12 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 11:01:12 -0700 (PDT) Subject: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem In-Reply-To: <1319554891.19030.YahooMailNeo@web122011.mail.ne1.yahoo.com> References: <1319482854.61041.YahooMailNeo@web122015.mail.ne1.yahoo.com> <4EA5BB6C.4050205@whyscream.net> <1319489013.528.YahooMailNeo@web122004.mail.ne1.yahoo.com> <1319492831.53135.YahooMailNeo@web122017.mail.ne1.yahoo.com> <4EA5DFE1.1070306@whyscream.net> <1319498243.74621.YahooMailNeo@web122002.mail.ne1.yahoo.com> <1319539646.17110.YahooMailNeo@web122003.mail.ne1.yahoo.com> <1319550716.14093.YahooMailNeo@web122013.mail.ne1.yahoo.com> <1b935e05cf0ab878216aeb7f14ddcf9d.squirrel@www.coochey.net> <1319551821.48248.YahooMailNeo@web122010.mail.ne1.yahoo.com> <1319554891.19030.YahooMailNeo@web122011.mail.ne1.yahoo.com> Message-ID: <1319565672.83110.YahooMailNeo@web122007.mail.ne1.yahoo.com> ________________________________ From: Jack Fredrikson To: Jack Fredrikson ; Giles Coochey Cc: "simon.brereton at buongiorno.com" ; Dovecot Mailing List Sent: Tuesday, October 25, 2011 11:01 AM Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem I have solved at least another part of the problem that was causing the setuig error. I changed my postfix/master.cf file from this: dovecot?? unix? -?????? n?????? n?????? -?????? -?????? pipe ? flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient} to this: dovecot?? unix? -?????? n?????? n?????? -?????? -?????? pipe ? flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} ${recipient} taking out the d flag. Now dovecot doesn't complain. *However*, I've *still* got this devil plaguing me: Oct 25 10:49:18 myserver postfix/pipe[3712]: 0423257901AB: to=, relay=dovecot, delay=109318, delays=109318/0.14/0/0.1, dsn=4.3.0, status=deferred (temporary failure Ya know, I know I'm not the sharpest tool in the shed when it comes to programming, but I have *never* worked *so hard* on an installation as this one with so little success! It took me a day to install qmail the first time around. I've been a week on this!! Please help me figure this mess out. For the record, I did rebuild dovecot but that obviously didn't help. I did change the posfix files to pump out a bunch of debugging info: adding a -D flag to every smptd service in master.cf This in main.cf: debug_peer_level = 3 debugger_command = ? PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ? xxgdb $daemon_directory/$process_name $process_id & sleep 5 debug_peer_list = 127.0.0.1 #debug_peer_list = and it doesn't give me any output like it did the first time, so I assume (perhaps incorrectly) there are no errors. TIA, Jack From tss at iki.fi Tue Oct 25 21:13:09 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 25 Oct 2011 21:13:09 +0300 Subject: [Dovecot] SSL renegotiation vulnerability (Was: dovecot evaluation on a 30 gb mailbox) In-Reply-To: References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> Message-ID: <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> On 25.10.2011, at 14.38, Steinar Bang wrote: >>>>>> Timo Sirainen : > >> Yes, SSL handshakes are extra. Although SSL supports some kind of >> quick renegotiation too, but Dovecot doesn't support that yet. No >> one's ever requested it.. Looks like it's not "renegotiation" but more like session resume/resumption/cache or something that I was thinking about. > Hum... this article (in Norwegian) > http://www.digi.no/881186/skrekkverktoy-slaar-ut-%ABsikre%BB-servere > addresses the SSL renegotiation vulnerability, and how it can be used to > DOS servers using SSL from a single machine with low bandwidth. > > At the end the article is discussing how to configure off the SSL > renegotiate in different servers, and that the author had been unable to > find a setting for disabling SSL renegotiate in dovecot (and if anyone > knows how, please inform him). > > Could the reason he hasn't found such a setting be that SSL renegotiate > isn't supported at all in dovecot...? Looking at the OpenSSL code, I don't see any way to disable it. Or possibly with some undocumented kludgy way, but I don't really know enough about OpenSSL to implement it. Anyway, I'd think fail2ban should mostly solve this problem. From jackfredrikson at yahoo.com Tue Oct 25 21:33:12 2011 From: jackfredrikson at yahoo.com (Jack Fredrikson) Date: Tue, 25 Oct 2011 11:33:12 -0700 (PDT) Subject: [Dovecot] Temporary Failure that's Permanent! Message-ID: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> Hi; I continue to be plagued with this error: Oct 25 10:49:18 myserver postfix/pipe[3712]: 0423257901AB: to=, relay=dovecot, delay=109318, delays=109318/0.14/0/0.1, dsn=4.3.0, status=deferred (temporary failure It's been a week that I've been working day and night to get this fixed. I forgot to add this information: [root]# doveconf -n auth_mechanisms = plain login first_valid_gid = 12 first_valid_uid = 86 mail_location = maildir:/var/vmail/%d/%u passdb { ? args = /usr/local/etc/dovecot/sql.conf ? driver = sql } plugin { ? quota = maildir:storage=10240:messages=1000 ? trash = /usr/local/etc/dovecot/trash.conf } protocols = imap pop3 service auth { ? unix_listener auth-userdb { ??? group = postfix ??? mode = 0660 ??? user = postfix ? } ? user = root } ssl_cert = References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> Message-ID: <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> On 25.10.2011, at 21.13, Timo Sirainen wrote: >> Could the reason he hasn't found such a setting be that SSL renegotiate >> isn't supported at all in dovecot...? > > Looking at the OpenSSL code, I don't see any way to disable it. Or possibly with some undocumented kludgy way, but I don't really know enough about OpenSSL to implement it. Actually, the attached patch works for v2.0. I'm not really sure yet if I should add a setting for it, force it always or just wait for SSL people to figure out something else. I think I'll do the last option for now. In any case, I noticed there was some memory "leaking" when doing SSL renegotiation and that definitely needs to be fixed: http://hg.dovecot.org/dovecot-2.0/rev/ad2ebc237570 -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: application/octet-stream Size: 515 bytes Desc: not available URL: From CMarcus at Media-Brokers.com Tue Oct 25 22:34:15 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 25 Oct 2011 15:34:15 -0400 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> Message-ID: <4EA70F37.3000401@Media-Brokers.com> Jack, A word of advice... you need to take a breath, and START OVER. Postfix+Dovecot works very well together... you are doing something wrong, and need to figure out what it is. You are chasing your tail, and will never figure out what you are doing wrong the way you are trying to troubleshoot this right now. Posting the same question over and over here and on the postfix list will not get you anywhere. Charles On 2011-10-25 2:33 PM, Jack Fredrikson wrote: > Hi; > > I continue to be plagued with this error: > > Oct 25 10:49:18 myserver postfix/pipe[3712]: 0423257901AB: to=, relay=dovecot, delay=109318, delays=109318/0.14/0/0.1, dsn=4.3.0, status=deferred (temporary failure > > It's been a week that I've been working day and night to get this fixed. > > I forgot to add this information: > > [root]# doveconf -n > auth_mechanisms = plain login > first_valid_gid = 12 > first_valid_uid = 86 > mail_location = maildir:/var/vmail/%d/%u > passdb { > args = /usr/local/etc/dovecot/sql.conf > driver = sql > } > plugin { > quota = maildir:storage=10240:messages=1000 > trash = /usr/local/etc/dovecot/trash.conf > } > protocols = imap pop3 > service auth { > unix_listener auth-userdb { > group = postfix > mode = 0660 > user = postfix > } > user = root > } > ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2 > ssl_key = ssl_key_password = passwd > userdb { > args = /usr/local/etc/dovecot/sql.conf > driver = sql > } > protocol imap { > mail_plugins = quota imap_quota > } > protocol pop3 { > mail_plugins = quota > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } > protocol lda { > hostname = myserver.com > info_log_path = /var/log/dovecot-deliver.log > log_path = /var/log/dovecot-deliver.log > mail_plugins = quota > postmaster_address = postmaster at creative.vi > sendmail_path = /usr/sbin/sendmail.postfix > } > > [root] # vi main.cf > queue_directory = /var/spool/postfix > myorigin = $mydomain > command_directory = /usr/sbin > daemon_directory = /usr/libexec/postfix > mail_owner = postfix > inet_interfaces = all > unknown_local_recipient_reject_code = 550 > debug_peer_list = > sendmail_path = /usr/sbin/sendmail.postfix > newaliases_path = /usr/bin/newaliases > mailq_path = /usr/bin/mailq > setgid_group = postdrop > html_directory = no > manpage_directory = /usr/local/man > sample_directory = /etc/postfix > readme_directory = no > mydomain = myserver.com > mydestination = > $mydomain, > $myhostname, > localhost.$mydomain > mail_spool_directory = /var/spool/mail > home_mailbox = Mailbox > disable_vrfy_command = yes > show_user_unknown_table_name = no > > > data_directory = /var/lib/postfix > # --------------- local settings ------------------ > myhostname = myserver.com > inet_interfaces = localhost, $myhostname > mynetworks = $config_directory/mynetworks > #mydestination = localhost.$mydomain, localhost, $myhostname > #uncomment if you need relay_domains... do not list domains in both relay and virtual > relay_domains = proxy:mysql:$config_directory/mysql_relay_domains_maps.cf > # ---------------------- VIRTUAL DOMAINS START ---------------------- > virtual_mailbox_base = /var/vmail > virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf > virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf > virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf > virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf > virtual_minimum_uid = 89 > virtual_uid_maps = static:89 > virtual_gid_maps = static:89 > virtual_transport = dovecot > dovecot_destination_recipient_limit = 1 > # ---------------------- VIRTUAL DOMAINS END ---------------------- > # ---------------------- SASL PART START ---------------------- > smtpd_sasl_auth_enable = yes > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination > smtpd_sasl_security_options = noanonymous > broken_sasl_auth_clients = yes > smtpd_sasl_type = dovecot > smtpd_sasl_path = /var/spool/postfix/private/auth > smtpd_sasl_application_name = smtpd > # ---------------------- SASL PART END ---------------------- > smtpd_soft_error_limit = 10 > smtpd_hard_error_limit = 20 > smtpd_helo_required = yes > disable_vrfy_command = yes > non_fqdn_reject_code = 504 > invalid_hostname_reject_code = 450 > maps_rbl_reject_code = 554 > alias_maps = hash:/etc/aliases > reject_unknown_client = false > reject_unknown_hostname = false > mailbox_command = /usr/local/libexec/dovecot/deliver -f "$SENDER" -a "$RECIPIENT" > > > [root] # vi master.cf > smtp inet n - n - - smtpd > submission inet n - - - - smtpd -D > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_sasl_type=dovecot > -o smtpd_sasl_path=private/auth > -o smtpd_sasl_security_options=noanonymous > -o smtpd_sasl_local_domain=$myhostname > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o smtpd_sender_login_maps=hash:/etc/postfix/virtual > -o smtpd_sender_restrictions=reject_sender_login_mismatch > -o smtpd_recipient_restrictions=reject_unknown_recipient_domain,reject_non_fqdn_recipient,permit_sasl_authenticated,reject > amavisfeed unix - - n - 2 lmtp > -o lmtp_data_done_timeout=1200 > -o lmtp_send_xforward_command=yes > -o disable_dns_lookups=yes > -o max_use=20 > 587 inet n - n - - smtpd > pickup fifo n - n 60 1 pickup > cleanup unix n - n - 0 cleanup > qmgr fifo n - n 300 1 qmgr > tlsmgr unix - - n 1000? 1 tlsmgr > rewrite unix - - n - - trivial-rewrite > bounce unix - - n - 0 bounce > defer unix - - n - 0 bounce > trace unix - - n - 0 bounce > verify unix - - n - 1 verify > flush unix n - n 1000? 0 flush > proxymap unix - - n - - proxymap > smtp unix - - n - - smtp > relay unix - - n - - smtp > -o fallback_relay= > showq unix n - n - - showq > error unix - - n - - error > discard unix - - n - - discard > local unix - n n - - local > virtual unix - n n - - virtual > lmtp unix - - n - - lmtp > anvil unix - - n - 1 anvil > scache unix - - n - 1 scache > maildrop unix - n n - - pipe > flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} > uucp unix - n n - - pipe > flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) > ifmail unix - n n - - pipe > flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) > bsmtp unix - n n - - pipe > flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient > retry unix - - n - - error > proxywrite unix - - n - 1 proxymap > dovecot unix - n n - - pipe > flags=DRhu user=dovecot argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} ${recipient} > spamfilter unix - n n - - pipe > flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter -f ${sender} -- ${recipient} > > > TIA, > Jack > -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6200 x224 | 678.514.6299 fax From tss at iki.fi Tue Oct 25 23:02:19 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 25 Oct 2011 23:02:19 +0300 Subject: [Dovecot] SSL renegotiation vulnerability (Was: dovecot evaluation on a 30 gb mailbox) In-Reply-To: <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> Message-ID: <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> On 25.10.2011, at 21.51, Timo Sirainen wrote: > On 25.10.2011, at 21.13, Timo Sirainen wrote: > >>> Could the reason he hasn't found such a setting be that SSL renegotiate >>> isn't supported at all in dovecot...? >> >> Looking at the OpenSSL code, I don't see any way to disable it. Or possibly with some undocumented kludgy way, but I don't really know enough about OpenSSL to implement it. > > Actually, the attached patch works for v2.0. I'm not really sure yet if I should add a setting for it, force it always or just wait for SSL people to figure out something else. I think I'll do the last option for now. > > In any case, I noticed there was some memory "leaking" when doing SSL renegotiation and that definitely needs to be fixed: http://hg.dovecot.org/dovecot-2.0/rev/ad2ebc237570 I don't know if I'm doing something wrong, but I can't even cause a DoS. Even while all imap-login processes are eating 100% CPU (almost 500 handshakes/second), I can successfully log in with another client. From noel.butler at ausics.net Wed Oct 26 03:05:57 2011 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 26 Oct 2011 10:05:57 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> Message-ID: <1319587557.8419.14.camel@tardis> Hi, I've been away for a while, and the previous threads I stopped reading because it makes reading War and Peace look more enticing. Have you run in debug mode? On Tue, 2011-10-25 at 11:33 -0700, Jack Fredrikson wrote: > Hi; > > I continue to be plagued with this error: > > Oct 25 10:49:18 myserver postfix/pipe[3712]: 0423257901AB: to=, relay=dovecot, delay=109318, delays=109318/0.14/0/0.1, dsn=4.3.0, status=deferred (temporary failure > So, it looks like an LDA issue > It's been a week that I've been working day and night to get this fixed. > I only have v1.2 config files to compare at present, we aborted use of 2.0 for internal reasons, I know (sadly) many things changed in the config format so I wont begin to assume you have correct components in the right blocks because I'd for sure end up being wrong. What you could try, is looking at the exceed quota examples, and try injecting a message for a user that way using dovecot's deliver and see if it stores the message correctly. Does pop3 work for the users? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From stan at hardwarefreak.com Wed Oct 26 10:33:09 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 26 Oct 2011 02:33:09 -0500 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA70F37.3000401@Media-Brokers.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> Message-ID: <4EA7B7B5.6060609@hardwarefreak.com> On 10/25/2011 2:34 PM, Charles Marcus wrote: > Jack, > > A word of advice... you need to take a breath, and START OVER. Yep. Start by ditching that old as dirt POS distro known as CentOS. And don't roll-your-own-Dovecot from source. Simply install Debian 6, or get your VPS provider to swap your image for it, and: ~$ aptitude install dovecot-imapd dovecot-common You'll get version 1.2.15, which is probably fine as you don't need the advanced features of 2.x anyway. Then the only thing to worry about now is getting dovecot.conf setup correctly, which is a lot easier than digging yourself out of your current hole. -- Stan From limperis at cti.gr Wed Oct 26 10:41:49 2011 From: limperis at cti.gr (Limperis Antonis) Date: Wed, 26 Oct 2011 07:41:49 +0000 Subject: [Dovecot] variable for gid Message-ID: Hi Is possible for a variable for gid of each user, such as %ifor uid . Thanks for your attention Antonis From noel.butler at ausics.net Wed Oct 26 10:44:57 2011 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 26 Oct 2011 17:44:57 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA7B7B5.6060609@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> Message-ID: <1319615097.32388.7.camel@tardis> *sigh* As usual Stanley, you do not contribute anything constructive, only trollish jibberish Charles' advice however would be my next step, but at this point I think it's a bit drastic. On Wed, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: > On 10/25/2011 2:34 PM, Charles Marcus wrote: > > Jack, > > > > A word of advice... you need to take a breath, and START OVER. > > Yep. Start by ditching that old as dirt POS distro known as CentOS. > And don't roll-your-own-Dovecot from source. Simply install Debian 6, > or get your VPS provider to swap your image for it, and: > > ~$ aptitude install dovecot-imapd dovecot-common > > You'll get version 1.2.15, which is probably fine as you don't need the > advanced features of 2.x anyway. Then the only thing to worry about now > is getting dovecot.conf setup correctly, which is a lot easier than > digging yourself out of your current hole. > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From noel.butler at ausics.net Wed Oct 26 11:04:58 2011 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 26 Oct 2011 18:04:58 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> Message-ID: <1319616298.32388.15.camel@tardis> On Tue, 2011-10-25 at 11:33 -0700, Jack Fredrikson wrote: > mailbox_command = /usr/local/libexec/dovecot/deliver -f "$SENDER" -a "$RECIPIENT" > get rid of this ^^^^^^^^^^^^^ in postifx main.cf > dovecot unix - n n - - pipe > flags=DRhu user=dovecot argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} ${recipient} in master, try dovecot unix - n n - - pipe flags=DRhu user=dovecot argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -e -d ${user}@${nexthop} Are you really using user dovecot? Did you build this from source, if so show us the options you used -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From sb at dod.no Wed Oct 26 11:25:18 2011 From: sb at dod.no (Steinar Bang) Date: Wed, 26 Oct 2011 10:25:18 +0200 Subject: [Dovecot] SSL renegotiation vulnerability References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> Message-ID: >>>>> Timo Sirainen : > I don't know if I'm doing something wrong, but I can't even cause a > DoS. Even while all imap-login processes are eating 100% CPU (almost > 500 handshakes/second), I can successfully log in with another client. Are you using the tool linked to in the article, to stress the server? http://www.thc.org/thc-ssl-dos/ From mcbdovecot at robuust.nl Wed Oct 26 11:36:56 2011 From: mcbdovecot at robuust.nl (Maarten Bezemer) Date: Wed, 26 Oct 2011 10:36:56 +0200 (CEST) Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319615097.32388.7.camel@tardis> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319615097.32388.7.camel@tardis> Message-ID: On Wed, 26 Oct 2011, Noel Butler wrote: > *sigh* > > As usual Stanley, you do not contribute anything constructive, only > trollish jibberish I don't know where both of you live, but can't you just grab a coffee and find out what it is that makes a mockery of any discussion between the two of you? Or why you can't seem to get along? Make sure the coffee isn't too hot so you can at least throw it at one another without getting any lawyer involved :-P How hard would it be to just not feed the trolls, if you're so convinced Stan is one. He's not even trying to get on your nerves, and yet you take it personal. I could have gone and *sigh* about Hadmuts not-so-polite last reply a few days ago, but I figured that wouldn't have helped anyone. Probably not even my ego. Back on topic: there sems to be an issue that doesn't handle temporary failures properly (i.e., it should at least record the details of the failure in some logs). This may very well be related to a locally built Dovecot, or being unfamiliar with Postfix/Dovecot configuration, or both. You could try something like 'su' or 'sudo' to break the transactions into separate parts, to see what's generating the tempfail and why. Maybe we're missing some log entries right above the quoted postfix tempfail, that shows some non-null exit code. -- Maarten From sb at dod.no Wed Oct 26 11:43:39 2011 From: sb at dod.no (Steinar Bang) Date: Wed, 26 Oct 2011 10:43:39 +0200 Subject: [Dovecot] SSL renegotiation vulnerability References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> Message-ID: >>>>> Steinar Bang : >>>>> Timo Sirainen : >> I don't know if I'm doing something wrong, but I can't even cause a >> DoS. Even while all imap-login processes are eating 100% CPU (almost >> 500 handshakes/second), I can successfully log in with another client. > Are you using the tool linked to in the article, to stress the server? > http://www.thc.org/thc-ssl-dos/ Here's what the article says about stressing dovecot: "Alle servertjenester benytter SSL kan i utgangspunktet v?re ber?rt. Digi.no har testet verkt?yet mot en eldre, intern server som kj?rer Linux. Angrepet mot Apache/HTTPD var mislykket, fordi SSL Renegotiation var deaktivert som standard. Men en angrep mot en POP3S-basert (kryptert e-post) tjeneste levert av serverprogramvaren Dovecot, kj?rte CPU-lasten i taket med over tusen ?handshakes? i sekundet. Angrepet f?rte ikke til at hele maskinen ble utilgjengelig, men POP3S-tjenesten ble i praksis ubrukelig s? lenge angrepet varte." A quick translate: All services using SSL can be affected. Digi.no has tested the tool against an old, internal server running Linux. The attach against Apache httpd failed, because SSL Renegotiation was deactivated by default. But an attach against a POP3S (encrypted email) service delivered by the server program Dovecot, ran the CPU-load into the roof with over a thousand "Handshakes" per second. The attack didn't cause the computer to be inaccessible, but the POP3S-service was unusable for the duration of the attack. So it looks like they didn't test IMAPS access, only POP3S. From robert at schetterer.org Wed Oct 26 12:01:51 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 26 Oct 2011 11:01:51 +0200 Subject: [Dovecot] SSL renegotiation vulnerability In-Reply-To: References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> Message-ID: <4EA7CC7F.6090107@schetterer.org> Am 26.10.2011 10:43, schrieb Steinar Bang: >>>>>> Steinar Bang : >>>>>> Timo Sirainen : > >>> I don't know if I'm doing something wrong, but I can't even cause a >>> DoS. Even while all imap-login processes are eating 100% CPU (almost >>> 500 handshakes/second), I can successfully log in with another client. > >> Are you using the tool linked to in the article, to stress the server? >> http://www.thc.org/thc-ssl-dos/ > > Here's what the article says about stressing dovecot: > "Alle servertjenester benytter SSL kan i utgangspunktet v?re > ber?rt. Digi.no har testet verkt?yet mot en eldre, intern server som > kj?rer Linux. Angrepet mot Apache/HTTPD var mislykket, fordi SSL > Renegotiation var deaktivert som standard. Men en angrep mot en > POP3S-basert (kryptert e-post) tjeneste levert av serverprogramvaren > Dovecot, kj?rte CPU-lasten i taket med over tusen ?handshakes? i > sekundet. Angrepet f?rte ikke til at hele maskinen ble utilgjengelig, > men POP3S-tjenesten ble i praksis ubrukelig s? lenge angrepet varte." > > A quick translate: > All services using SSL can be affected. Digi.no has tested the tool > against an old, internal server running Linux. The attach against > Apache httpd failed, because SSL Renegotiation was deactivated by > default. But an attach against a POP3S (encrypted email) service > delivered by the server program Dovecot, ran the CPU-load into the > roof with over a thousand "Handshakes" per second. The attack didn't > cause the computer to be inaccessible, but the POP3S-service was > unusable for the duration of the attack. > > So it looks like they didn't test IMAPS access, only POP3S. > however wasnt it possible ever to stress any service via ddos ? this tool may only very effective in doing that the most problem is see , not everybody can use fail2ban on his servers by keeping out dummy auth users over nat ( I have such case ) anyway ,firewalls should slow down ddos attacks, which might cause other problems then *g, but for sure not from one ip just a few thoughts..,for sure ,best way would be, getting it fixed -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From dg at dguhl.org Wed Oct 26 12:43:41 2011 From: dg at dguhl.org (Dennis Guhl) Date: Wed, 26 Oct 2011 11:43:41 +0200 Subject: [Dovecot] variable for gid In-Reply-To: References: Message-ID: <20111026094341.GA10257@laptop-dg.leere.eu> On Wed, Oct 26, 2011 at 07:41:49AM +0000, Limperis Antonis wrote: > Hi > > Is possible for a variable for gid of each user, such as %ifor uid . I don't know what your question exactly is, but I tink the answer will be no, there is no variable for GIDs. http://wiki2.dovecot.org/Variables shows all valid variables for Dovecot 2 (s/2/1/ works for old Dovecot). HTH Dennis From stan at hardwarefreak.com Wed Oct 26 13:39:53 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 26 Oct 2011 05:39:53 -0500 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319615097.32388.7.camel@tardis> Message-ID: <4EA7E379.1010906@hardwarefreak.com> On 10/26/2011 3:36 AM, Maarten Bezemer wrote: > and find out what it is that makes a mockery of any discussion between > the two of you? Discussion?? I *thoroughly* blocked Noel Butler about a year ago. Should I define *thoroughly*? That means direct to MX, list mail, smoke signals, and yodels from a mountain top. You're unfairly associating me with this nitwit. I extricated myself from his mud pit long ago. -- Stan From dg at dguhl.org Wed Oct 26 16:14:20 2011 From: dg at dguhl.org (Dennis Guhl) Date: Wed, 26 Oct 2011 15:14:20 +0200 Subject: [Dovecot] OT: Re: Temporary Failure that's Permanent! In-Reply-To: <4EA7E379.1010906@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319615097.32388.7.camel@tardis> <4EA7E379.1010906@hardwarefreak.com> Message-ID: <20111026131418.GA16891@PC211.ikt.de> On Wed, Oct 26, 2011 at 05:39:53AM -0500, Stan Hoeppner wrote: [..] Stan, we all know your 'affection' for Noel Butler, as well as we all know him. But please keep this off list. Like Maarten pointed out, it's not worth the trouble and only bothers everybody. Dennis P.S. I know this should be send off list, but you have a habit to block very savagely :) From bernd at petrovitsch.priv.at Wed Oct 26 16:48:00 2011 From: bernd at petrovitsch.priv.at (Bernd Petrovitsch) Date: Wed, 26 Oct 2011 15:48:00 +0200 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA7B7B5.6060609@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> Message-ID: <1319636880.5546.19.camel@thorin> On Mit, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: > On 10/25/2011 2:34 PM, Charles Marcus wrote: [....] > > A word of advice... you need to take a breath, and START OVER. > > Yep. Start by ditching that old as dirt POS distro known as CentOS. Dovecot works fine on my CentOS-5.* and -6. > And don't roll-your-own-Dovecot from source. [....] And I used it self-compiled (because there were at times no current packages) and nowadays an RPM from some repo. Granted with sendmail as MTA but that shouldn't make a big difference. Bernd -- Bernd Petrovitsch Email : bernd at petrovitsch.priv.at LUGA : http://www.luga.at From pw at wk-serv.de Thu Oct 27 00:13:50 2011 From: pw at wk-serv.de (Patrick Westenberg) Date: Wed, 26 Oct 2011 23:13:50 +0200 Subject: [Dovecot] Indexes to MLC-SSD Message-ID: <4EA8780E.5030808@wk-serv.de> Hi all, is anyone on this list who dares/dared to store his index files on a MLC-SSD? Regards, Patrick From stan at hardwarefreak.com Thu Oct 27 05:36:06 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 26 Oct 2011 21:36:06 -0500 Subject: [Dovecot] Indexes to MLC-SSD In-Reply-To: <4EA8780E.5030808@wk-serv.de> References: <4EA8780E.5030808@wk-serv.de> Message-ID: <4EA8C396.3040105@hardwarefreak.com> On 10/26/2011 4:13 PM, Patrick Westenberg wrote: > Hi all, > > is anyone on this list who dares/dared to store his index files on a > MLC-SSD? I have not. But I can tell you that a 32GB Corsair MLC SSD in my workstation died after 4 months of laughably light duty. It had nothing to do with cell life but low product quality. This was my first foray into SSD. The RMA replacement is still kickin after 2 months, thankfully. I'm holding my breath... Scanning the reviews on Newegg shows early MLC SSD failures across most brands, early being a year or less. Some models/sizes are worse than others. OCZ has a good reputation overall, but reviews show some of their models to be grenades. Thus, if you were to put indexes on SSD, you should strongly consider using a mirrored pair. -- Stan From stan at hardwarefreak.com Thu Oct 27 05:51:21 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 26 Oct 2011 21:51:21 -0500 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319636880.5546.19.camel@thorin> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> Message-ID: <4EA8C729.7010409@hardwarefreak.com> On 10/26/2011 8:48 AM, Bernd Petrovitsch wrote: > On Mit, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: >> On 10/25/2011 2:34 PM, Charles Marcus wrote: > [....] >>> A word of advice... you need to take a breath, and START OVER. >> >> Yep. Start by ditching that old as dirt POS distro known as CentOS. > > Dovecot works fine on my CentOS-5.* and -6. Yes, because you know what you're doing. >> And don't roll-your-own-Dovecot from source. > [....] > > And I used it self-compiled (because there were at times no current > packages) and nowadays an RPM from some repo. > Granted with sendmail as MTA but that shouldn't make a big difference. See above comment. The OP is having trouble with a roll-your-own combo Dovecot and Postfix install. He went this route because the CentOS 5.x packages are old as dirt. Now he's having severe problems getting the RYO stuff working properly. If he has the option of using a distro with far more current packages, it would be much easier for him to get up and running. Thus my suggestion to give Debian a try. Any distro he's comfortable with and has access to, that has relatively up to date Dovecot and Postfix versions, would be just as suitable. The bulk of his problems stem from issues revolving around installing from source. Moving to recent distro packages will very likely solve most of his problems. -- Stan From dswartz at druber.com Thu Oct 27 05:54:25 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Wed, 26 Oct 2011 22:54:25 -0400 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA8C729.7010409@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com><4EA70F37.3000401@Media-Brokers.com><4EA7B7B5.6060609@hardwarefreak.com><1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> Message-ID: Ubuntu has a nice dovecot-postfix combo package. From nick.z.edwards at gmail.com Thu Oct 27 08:49:35 2011 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Thu, 27 Oct 2011 15:49:35 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA8C729.7010409@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> Message-ID: Why do you troll You do not help OP in any way saying, use another distribution, this is a clear sign of TROLL Too many on this list, if you not going to help OP piss off and dont click that reply button and ignore tham, how about we tell you to use another distribution that is current like gentoo, freebsd, slackware, or even a mac everytime you have a problem. Why Timo let you get away with this so long I cant believe. and if you for one minute think debian is a current you are bigger dickhead than you come across as. do not reply to me either I killfile trolls and I cant believe I did not fuck you off a long time ago, all you do is go into 15 page gooblygook hoping to dazzle people with your _lack_ of knowledge. What do they say a little knowledge in the hands of some is .... You remind me of that ninkenpoop Karl from the ubuntu list, maybe you are him in disguise On Thu, Oct 27, 2011 at 12:51 PM, Stan Hoeppner wrote: > On 10/26/2011 8:48 AM, Bernd Petrovitsch wrote: > > On Mit, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: > >> On 10/25/2011 2:34 PM, Charles Marcus wrote: > > [....] > >>> A word of advice... you need to take a breath, and START OVER. > >> > >> Yep. Start by ditching that old as dirt POS distro known as CentOS. > > > > Dovecot works fine on my CentOS-5.* and -6. > > Yes, because you know what you're doing. > > >> And don't roll-your-own-Dovecot from source. > > [....] > > > > And I used it self-compiled (because there were at times no current > > packages) and nowadays an RPM from some repo. > > Granted with sendmail as MTA but that shouldn't make a big difference. > > See above comment. > > The OP is having trouble with a roll-your-own combo Dovecot and Postfix > install. He went this route because the CentOS 5.x packages are old as > dirt. Now he's having severe problems getting the RYO stuff working > properly. > > If he has the option of using a distro with far more current packages, > it would be much easier for him to get up and running. Thus my > suggestion to give Debian a try. Any distro he's comfortable with and > has access to, that has relatively up to date Dovecot and Postfix > versions, would be just as suitable. > > The bulk of his problems stem from issues revolving around installing > from source. Moving to recent distro packages will very likely solve > most of his problems. > > -- > Stan > From nick.z.edwards at gmail.com Thu Oct 27 08:51:24 2011 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Thu, 27 Oct 2011 15:51:24 +1000 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> Message-ID: please do not feed the troll On Thu, Oct 27, 2011 at 12:54 PM, Dan Swartzendruber wrote: > > Ubuntu has a nice dovecot-postfix combo package. > > From lists at wildgooses.com Thu Oct 27 11:25:21 2011 From: lists at wildgooses.com (Ed W) Date: Thu, 27 Oct 2011 09:25:21 +0100 Subject: [Dovecot] SSL renegotiation vulnerability In-Reply-To: <4EA7CC7F.6090107@schetterer.org> References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> <4EA7CC7F.6090107@schetterer.org> Message-ID: <4EA91571.1010800@wildgooses.com> On 26/10/2011 10:01, Robert Schetterer wrote: > the most problem is see , not everybody can use fail2ban on his servers > by keeping out dummy auth users over nat ( I have such case ) > > anyway ,firewalls should slow down ddos attacks, which might cause other > problems then *g, but for sure not from one ip ... > > just a few thoughts..,for sure ,best way would be, getting it fixed If you google (I think it was on slashdot), I saw a couple of posts with a simple iptables rule with some rate limits attached to it. Clearly you could also read the iptables instructions and figure it out for yourself, but just highlighting that even the footwork has been done if you want copy/paste I think it's generally not such a bad idea to say limit tcp connections per second from a source IPs. There are plenty of big services that might not be able to implement this as a blanket, but for many shops it could probably be just added as a default for the server... Cheers Ed W From lists at wildgooses.com Thu Oct 27 11:31:13 2011 From: lists at wildgooses.com (Ed W) Date: Thu, 27 Oct 2011 09:31:13 +0100 Subject: [Dovecot] Indexes to MLC-SSD In-Reply-To: <4EA8C396.3040105@hardwarefreak.com> References: <4EA8780E.5030808@wk-serv.de> <4EA8C396.3040105@hardwarefreak.com> Message-ID: <4EA916D1.30409@wildgooses.com> On 27/10/2011 03:36, Stan Hoeppner wrote: > On 10/26/2011 4:13 PM, Patrick Westenberg wrote: >> Hi all, >> >> is anyone on this list who dares/dared to store his index files on a >> MLC-SSD? > I have not. But I can tell you that a 32GB Corsair MLC SSD in my > workstation died after 4 months of laughably light duty. It had nothing > to do with cell life but low product quality. This was my first foray > into SSD. The RMA replacement is still kickin after 2 months, > thankfully. I'm holding my breath... > > Scanning the reviews on Newegg shows early MLC SSD failures across most > brands, early being a year or less. Some models/sizes are worse than > others. OCZ has a good reputation overall, but reviews show some of > their models to be grenades. > > Thus, if you were to put indexes on SSD, you should strongly consider > using a mirrored pair. > I don't think you are saying that the advice varies here compared with HDDs? I do agree that some SSDs are showing very early failures, but it's only a tweak to the probability parameter compared with any other storage medium. They ALL fail at some point, and generally well within the life of the rest of the server. Some kind of failure planning is necessary Caveat the potentially higher failures vs HDDs I don't see any reason why an SSD shouldn't work well? (even more so if you are using maildir where indexes can be regenerated). More interestingly: for small sizes like 32GB, has anyone played with the "compressed ram with backing store" thing in newer kernels (that I forget the name of now). I think it's been marketed for swap files, but assuming I got the theory it could be used as a ram drive with slow writeback to permanent storage? Good luck Ed W From robert at schetterer.org Thu Oct 27 12:12:58 2011 From: robert at schetterer.org (Robert Schetterer) Date: Thu, 27 Oct 2011 11:12:58 +0200 Subject: [Dovecot] SSL renegotiation vulnerability In-Reply-To: <4EA91571.1010800@wildgooses.com> References: <23D958A8-91DE-42EA-BDC5-B0E2050EEC9F@iki.fi> <90232072-D5CF-42E7-8B5A-3DFBF75C6B3E@iki.fi> <7CAD9FBB-73BF-4D68-939B-1055AFED4C79@iki.fi> <3E17898B-B716-413F-9582-619B472D7C2B@iki.fi> <4EA7CC7F.6090107@schetterer.org> <4EA91571.1010800@wildgooses.com> Message-ID: <4EA9209A.8090601@schetterer.org> Am 27.10.2011 10:25, schrieb Ed W: > On 26/10/2011 10:01, Robert Schetterer wrote: >> the most problem is see , not everybody can use fail2ban on his servers >> by keeping out dummy auth users over nat ( I have such case ) >> >> anyway ,firewalls should slow down ddos attacks, which might cause other >> problems then *g, but for sure not from one ip > ... >> >> just a few thoughts..,for sure ,best way would be, getting it fixed > > If you google (I think it was on slashdot), I saw a couple of posts with > a simple iptables rule with some rate limits attached to it. Clearly > you could also read the iptables instructions and figure it out for > yourself, but just highlighting that even the footwork has been done if > you want copy/paste i just read it, but its my understanding, that this isnt solving the real Problem, also these rules cant used everywhere by tec layout reasons however youre right, this might help where using it is possible > > I think it's generally not such a bad idea to say limit tcp connections > per second from a source IPs. There are plenty of big services that > might not be able to implement this as a blanket, but for many shops it > could probably be just added as a default for the server... we have a big firewall before all server, it does rate con, but in heavy attacks, this can take off the whole farm, cause every firewall has its limits too, also the problem may involve core routers etc every big attack has to be analysed and reacted, there is reason to do something better ever, but there never be a safe world in www *g > > Cheers > > Ed W -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From urushkin at telros.ru Thu Oct 27 15:35:24 2011 From: urushkin at telros.ru (Sergey Urushkin) Date: Thu, 27 Oct 2011 16:35:24 +0400 Subject: [Dovecot] GSSAPI and deny=yes passdb In-Reply-To: <4E8ACB70.7060004@telros.ru> References: <4E8ACB70.7060004@telros.ru> Message-ID: <4EA9500C.6000405@telros.ru> Noone has an idea? # dovecot --version 2.0.15 04.10.2011 13:01, Sergey Urushkin ?????: > Hi. Is it possible to use GSSAPI authentication and deny passdb > together? Seems it doesn't work as I expect: GSSAPI doesn't check deny > passdb, so I'm not able to restrict access to GSSAPI-users. > > > ... -- Best regards, Sergey Urushkin From bernd at petrovitsch.priv.at Thu Oct 27 15:51:54 2011 From: bernd at petrovitsch.priv.at (Bernd Petrovitsch) Date: Thu, 27 Oct 2011 14:51:54 +0200 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <4EA8C729.7010409@hardwarefreak.com> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> Message-ID: <1319719915.5546.47.camel@thorin> On Mit, 2011-10-26 at 21:51 -0500, Stan Hoeppner wrote: > On 10/26/2011 8:48 AM, Bernd Petrovitsch wrote: > > On Mit, 2011-10-26 at 02:33 -0500, Stan Hoeppner wrote: > >> On 10/25/2011 2:34 PM, Charles Marcus wrote: > > [....] > >>> A word of advice... you need to take a breath, and START OVER. [....] > > Dovecot works fine on my CentOS-5.* and -6. > > Yes, because you know what you're doing. Every root/sysadmin/administrator is supposed to know what s/he is doing - even if one runs Ubuntu;-) [....] > >> And don't roll-your-own-Dovecot from source. BTW compiling dovecot is the usual `configure; make; make install' IIRC. For the configuration: if it doesn't work out of the box, you have to dive into it - even with .rpm/.deb based installs. And if it works out of the box, it may have a too "open" default configuration. SCNR .... [....] > > And I used it self-compiled (because there were at times no current > > packages) and nowadays an RPM from some repo. > > Granted with sendmail as MTA but that shouldn't make a big difference. [...] > The OP is having trouble with a roll-your-own combo Dovecot and Postfix > install. He went this route because the CentOS 5.x packages are old as > dirt. Now he's having severe problems getting the RYO stuff working Yes, because CentOS-5.* is old as dirt as it is basically an extremely stable enterprise distribution. > properly. [...] > If he has the option of using a distro with far more current packages, > it would be much easier for him to get up and running. Thus my Does he has that option? Running an old-and-stable distribution may have other reasons than "too lazy to upgrade". > suggestion to give Debian a try. Any distro he's comfortable with and > has access to, that has relatively up to date Dovecot and Postfix > versions, would be just as suitable. Debian/stable is (or at least was) usually similar old as SuSE-enterprise and RHEL/CentOS. > The bulk of his problems stem from issues revolving around installing If you know that exactly where his problems are, perhaps you should help him to solve it and just tell him to start somewhere else from scratch. > from source. Moving to recent distro packages will very likely solve > most of his problems. The most simple usual RHEL/CentOS (and Debian/Stale BTW while we're at it) solution is to try rebuilt the src.rpm (or src.deb, respectively) from the current (or a newer) Fedora. That might or not work without problems (like dependencies on quite newer version of some libraries) but the try is a matter on an hour or so. Kind regards, Bernd -- Bernd Petrovitsch Email : bernd at petrovitsch.priv.at LUGA : http://www.luga.at From maillist at lightspeed.ca Thu Oct 27 22:16:26 2011 From: maillist at lightspeed.ca (Ernie Dunbar) Date: Thu, 27 Oct 2011 12:16:26 -0700 Subject: [Dovecot] POP server migration and duplicate messages. Message-ID: I'm having trouble with Dovecot where my mail client (if it matters, I'm using Evolution) collects some duplicate messages when switching between POP servers that have the same messages on them. I'm doing this as a test for server migration for all of our clients. Here's my procedure: 1. set up Dovecot and Exim on the new server so that everything works like on the old server. The old server also uses Dovecot and Exim, so very few things changed. 2. On the new server, use NFS to access the users' Maildirs on a remote NFS server. 3. Sync the Maildirs on the NFS store from the old server with SCP (and I do a quick SCP sync on my own Maildir during testing to ensure that this process is quick). 4. Check mail in Evolution on the old server. 5. Change Evolution's server settings to use the new server. 6. Check mail again. Evolution is set to keep messages on the server for one week, and about 20 of the 184 messages on the server keep getting re-downloaded. From a random sampling, the UIDL of the messages checks out between both servers, so I really don't understand what's going on here. If this is just a bug in Evolution, then that means I can just go ahead with the full migration and hope that people aren't going to be stuck with re-downloading their entire mailbox which in some cases, means hundreds or thousands of messages. From aewhale at ABS-CompTech.com Thu Oct 27 22:52:41 2011 From: aewhale at ABS-CompTech.com (Albert E. Whale) Date: Thu, 27 Oct 2011 15:52:41 -0400 Subject: [Dovecot] Configuring mbox and maildir formats - dovecot-1.2.15 Message-ID: <4EA9B689.7060500@ABS-CompTech.com> I am transitioning an existing server from using exclusively mbox, to being able to support both mbox and then fully maildir formats. I need to support the mbox format until I can get everyone switched over to maildir. What do I need to to use in the config of /etc/dovecot.conf to support the default of mbox, and then the new Maildir format (users will get upgraded individually from mbox to Maildir, and need to be upgraded). Thank you. -- Albert E. Whale, CHS CISA CISSP Senior Technology & Security Director *ABS Computer Technology, Inc. * 412-635-7488 ext 100 aewhale at ABS-CompTech.com www.ABS-CompTech.com -------------- next part -------------- A non-text attachment was scrubbed... Name: aewhale.vcf Type: text/x-vcard Size: 384 bytes Desc: not available URL: From ssilva at sgvwater.com Fri Oct 28 00:35:30 2011 From: ssilva at sgvwater.com (Scott Silva) Date: Thu, 27 Oct 2011 14:35:30 -0700 Subject: [Dovecot] Configuring mbox and maildir formats - dovecot-1.2.15 In-Reply-To: <4EA9B689.7060500@ABS-CompTech.com> References: <4EA9B689.7060500@ABS-CompTech.com> Message-ID: on 10/27/2011 12:52 PM Albert E. Whale spake the following: > I am transitioning an existing server from using exclusively mbox, to being > able to support both mbox and then fully maildir formats. > > I need to support the mbox format until I can get everyone switched over to > maildir. > > What do I need to to use in the config of /etc/dovecot.conf to support the > default of mbox, and then the new Maildir format (users will get upgraded > individually from mbox to Maildir, and need to be upgraded). > > Thank you. > > When I did it, the automatic detection seemed to work OK. The only problem I had was because I used procmail for delivery. I had to have a custom procmailrc for each user as I did their migration. For each user, when you finish their migration, you have to rename their ~/mail folder to not show dupes. In my case as soon as there was a ~/Maildir folder, dovecot started using it and made new indexes. From seandarcy2 at gmail.com Fri Oct 28 00:56:36 2011 From: seandarcy2 at gmail.com (sean darcy) Date: Thu, 27 Oct 2011 17:56:36 -0400 Subject: [Dovecot] newbie: can't login as virtual user Message-ID: dovecot -n # 2.0.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38.8-32.fc15.i686.PAE i686 Fedora release 15 (Lovelock) auth_debug_passwords = yes disable_plaintext_auth = no info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_access_groups = mail mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u mail_privileged_group = mail mbox_write_locks = fcntl passdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } ssl_cert = , method=PLAIN, rip= , lip= , mpid=27062, TLS What's wrong with my configuration? Thanks, sean From marco at carcano.ch Fri Oct 28 01:55:09 2011 From: marco at carcano.ch (Marco Carcano) Date: Fri, 28 Oct 2011 00:55:09 +0200 Subject: [Dovecot] Mail lost - maybe a bug??? Message-ID: <0A7F1BA2-87A8-4688-A69B-86EAA7D78A73@carcano.ch> Hello everybody I'm struggling against what seems a really serious trouble: sometimes mail get lost I did all the possible checks, but they seems really lost - I know is absurd, but it seems so it has been noticed by two users on my server: intially I tought that was their mistake (mail deleted, mail into spam, ecc), but it wasn't I deeply checked mail logs, and it seems that mail are delivered (the path is postfix->amavis->dovecotlda) - log files says that messages are delivered, but sometimes we lost a message. I also tried to get into the Maildir and grep the subject of the lost email: if it was addressed to more recipients I'm able to get it on some of them, but not to all (look at the example below) I hope I have clearly explained everything, otherwise let me knowmydomain now an extract from the log file: Oct 27 11:20:29 srv001 postfix/smtpd[24562]: connect from usstlz- psecap06.emerson.com[144.191.128.17] Oct 27 11:20:30 srv001 postfix/smtpd[24562]: CE0B74E4A9F: client=usstlz-psecap06.emerson.com[144.191.128.17] Oct 27 11:20:31 srv001 postfix/cleanup[25157]: CE0B74E4A9F: warning: header Subject: =?utf-8?B? RW1lcnNvbiBHbG9iYWwgVXNlcnMgRXhjaGFuZ2UgMjAxMiBpbiBEw7xzc2VsZG9yZiA6IFJlaWNoZW4gU2llIGpldHp0IElocmUgUHLDpHNlbnRhdGlvbmVuIGVpbg ==?= from usstlz-psecap06.emerson.com[144.191.128.17]; from= to= proto=ESMTP helo= Oct 27 11:20:31 srv001 postfix/cleanup[25157]: CE0B74E4A9F: message- id= Oct 27 11:20:31 srv001 postfix/qmgr[11827]: CE0B74E4A9F: from=, size=22689, nrcpt=3 (queue active) Oct 27 11:20:33 srv001 dovecot: imap(lromano): Disconnected: Logged out bytes=632/34319 Oct 27 11:20:34 srv001 postfix/smtpd[25162]: connect from localhost.localdomain[127.0.0.1] Oct 27 11:20:34 srv001 postfix/smtpd[25162]: B16284E4AA2: client=localhost.localdomain[127.0.0.1] Oct 27 11:20:34 srv001 postfix/cleanup[25157]: B16284E4AA2: message- id= Oct 27 11:20:34 srv001 postfix/qmgr[11827]: B16284E4AA2: from=, size=23094, nrcpt=3 (queue active) Oct 27 11:20:34 srv001 amavis[22923]: (22923-01) Passed CLEAN, [144.191.128.17] [155.177.20.144] -> ,,, Message-ID: , mail_id: 6rtF4927FAjt, Hits: -0.518, size: 22687, queued_as: B16284E4AA2, 3293 ms Oct 27 11:20:34 srv001 postfix/lmtp[25158]: CE0B74E4A9F: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=0.95/0.01/0.01/3.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B16284E4AA2) Oct 27 11:20:34 srv001 postfix/lmtp[25158]: CE0B74E4A9F: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=0.95/0.01/0.01/3.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B16284E4AA2) Oct 27 11:20:34 srv001 postfix/lmtp[25158]: CE0B74E4A9F: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=0.95/0.01/0.01/3.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B16284E4AA2) Oct 27 11:20:34 srv001 postfix/qmgr[11827]: CE0B74E4A9F: removed Oct 27 11:20:34 srv001 dovecot: lda(user1): msgid=: saved mail to INBOX Oct 27 11:20:34 srv001 postfix/pipe[25165]: B16284E4AA2: to=, relay=dovecot, delay=0.04, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 27 11:20:34 srv001 dovecot: lda(user2): msgid=: saved mail to INBOX Oct 27 11:20:34 srv001 postfix/pipe[25168]: B16284E4AA2: to=, relay=dovecot, delay=0.04, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 27 11:20:34 srv001 dovecot: lda(user3): msgid=: saved mail to INBOX Oct 27 11:20:34 srv001 postfix/pipe[25170]: B16284E4AA2: to=, relay=dovecot, delay=0.05, delays=0.01/0.02/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 27 11:20:34 srv001 postfix/qmgr[11827]: B16284E4AA2: removed Oct 27 11:20:36 srv001 postfix/smtpd[24562]: disconnect from usstlz- psecap06.emerson.com[144.191.128.17] as you can see there was a message for oil at mydomain.ch (I obviously changed the domain for privacy) - logs says that all the three users got the email, but the third user didn't. I do not know why and when it happens, but seldom we have this issue maybe is there some kind of bug in the maildrop version I use? by the way, I had this issue also before installing amavisd-new now some infos: CentOS 5.3 postfix-2.3.3-2.1.el5_2 amavisd-new-2.6.6-1.el5.rf dovecot-2.0.11-1_126 dovecot-managesieve-0.2.2-15 dovecot-pigeonhole-0.2.2-15 users are on a Kerberized OpenLDAP please help me because this is really driving me crazy - don't leave me alone, please Marco Carcano From stan at hardwarefreak.com Fri Oct 28 03:07:19 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 27 Oct 2011 19:07:19 -0500 Subject: [Dovecot] Temporary Failure that's Permanent! In-Reply-To: <1319719915.5546.47.camel@thorin> References: <1319567592.87839.YahooMailNeo@web122010.mail.ne1.yahoo.com> <4EA70F37.3000401@Media-Brokers.com> <4EA7B7B5.6060609@hardwarefreak.com> <1319636880.5546.19.camel@thorin> <4EA8C729.7010409@hardwarefreak.com> <1319719915.5546.47.camel@thorin> Message-ID: <4EA9F237.5010000@hardwarefreak.com> On 10/27/2011 7:51 AM, Bernd Petrovitsch wrote: > Debian/stable is (or at least was) usually similar old as > SuSE-enterprise and RHEL/CentOS. This is simply not true. Debian stable has consistently newer packages across the board compared to RHEL or CentOS. Debian Backports offers even newer packages. The Red Hat ecosystem has no equivalent back port project TTBOMK. -- Stan From jtam.home at gmail.com Fri Oct 28 03:13:56 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Thu, 27 Oct 2011 17:13:56 -0700 (PDT) Subject: [Dovecot] newbie: can't login as virtual user In-Reply-To: References: Message-ID: sean darcy writes: > Oct 22 21:45:55 auth: Debug: passwd(test1 at example.com, ): lookup > Oct 22 21:45:55 auth: Info: passwd(test1 at example.com, ): unknown user > Oct 22 21:45:55 auth: Debug: passwd-file(test1 at example.com, ): > lookup: user=test1 at example.com file=/etc/dovecot/users > Oct 22 21:45:55 auth: Debug: master out: USER 2303328257 test1 at example.com > Oct 22 21:45:55 imap-login: Info: Login: user=, > method=PLAIN, rip= , lip= , mpid=27062, TLS I think up to now it's OK (not quite sure about "master out" log entry but it looks innocuous enough). Dovecot reports to have looked in the system password file, failed, then looked in /etc/dovecot/users and found the user and logged them in. I think the problem happens later and you will have to show the subsequent log entries. Joseph Tam From nicosuhl at googlemail.com Fri Oct 28 11:42:04 2011 From: nicosuhl at googlemail.com (Nico Suhl) Date: Fri, 28 Oct 2011 10:42:04 +0200 Subject: [Dovecot] IMAP shows forwarding and vacation files Message-ID: <4EAA6ADC.5000003@gmail.com> Hello, I'm migrating our mailserver from a linux machine to solaris and got some small problems with our forwarding and vacation files, which are stored in the maildir of each user. I'm now using 2.0.15, on the old machine there was a dovecot 1. Now the problem is, that the .forward and .vacation files, which are used by exim, are shown as folders (they have a point...) in imap lists. This problem only occurs on the new solaris machine and not on the old linux system (with dovecot v1) or another testing machine with dovecot 2, which runs also under linux. userdb lookups are static with system account/group of exim. Is there any way to "hide" the .forward and .vacation files or do i have to rename or move them? Why are they shown here and not on our testsystems? regards, Nico Suhl From stephan at rename-it.nl Fri Oct 28 12:29:11 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 28 Oct 2011 11:29:11 +0200 Subject: [Dovecot] IMAP shows forwarding and vacation files In-Reply-To: <4EAA6ADC.5000003@gmail.com> References: <4EAA6ADC.5000003@gmail.com> Message-ID: <4EAA75E7.3080107@rename-it.nl> Op 28-10-2011 10:42, Nico Suhl schreef: > I'm migrating our mailserver from a linux machine to solaris and got > some small problems with our forwarding and vacation files, which are > stored in the maildir of each user. > > I'm now using 2.0.15, on the old machine there was a dovecot 1. > > Now the problem is, that the .forward and .vacation files, which are > used by exim, are shown as folders (they have a point...) in imap lists. > > This problem only occurs on the new solaris machine and not on the old > linux system (with dovecot v1) or another testing machine with dovecot > 2, which runs also under linux. > > userdb lookups are static with system account/group of exim. > > Is there any way to "hide" the .forward and .vacation files or do i have > to rename or move them? From http://wiki2.dovecot.org/MailLocation/Maildir#Optimizations : maildir_stat_dirs=no (default): Assume that all the files beginning with a dot in the maildir are maildirs. You shouldn't have any non-directory files beginning with a dot in the maildirs, but if you do you may need to set this to "yes", in which case Dovecot needs to stat() each directory entry, which degrades the performance. Some filesystems provide the directory/non-directory status for free without having to stat(). In those filesystems this setting is ignored. It is still not a good idea make the user's 'home' directory equal to the maildir. Place mail in its own sub-directory. > Why are they shown here and not on our testsystems? That I don't know. Regards, Stephan. From gdelafond+dovecot at aquaray.com Fri Oct 28 12:49:26 2011 From: gdelafond+dovecot at aquaray.com (de Lafond Guillaume) Date: Fri, 28 Oct 2011 11:49:26 +0200 Subject: [Dovecot] doveadm 'proxy list' or 'who' not working ? Message-ID: <7A7D318C-0BA3-4FDB-AB7F-F36A540C8472@aquaray.com> Hi, I switched from dovecot 1.2.* to 2.0.* for a mail proxy. I try to play with the new cool utility doveadm, but I don't manage to get results from it. # /usr/local/dovecot-2.0.15/bin/doveadm proxy list username proto src ip dest ip port # As 'proxy list' does not return anything, I tried with 'who' # /usr/local/dovecot-2.0.15/bin/doveadm who -a /var/run/dovecot-socket-auth/anvil username # proto (pids) (ips) # I think it should display something as I have many user connected : #ps axww | grep imap ... 21194 ? S 0:11 dovecot/imap-login [13 connections (8 TLS)] 21195 ? S 3:38 dovecot/imap-login [47 connections (38 TLS)] 29463 ? S 1:00 dovecot/imap-login [210 connections (183 TLS)] ... I should have something that is not well configured.. but I don't manage to find it. Does anybody have an idea where I should look to solve this ? Here is my dovecot.conf : # /usr/local/dovecot-2.0.15/bin/doveadm config # 2.0.15: /usr/local/dovecot-2.0.15/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 auth_anonymous_username = anonymous auth_cache_negative_ttl = 0 auth_cache_size = 1 k auth_cache_ttl = 15 mins auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_first_valid_uid = 500 auth_gssapi_hostname = auth_krb5_keytab = auth_last_valid_uid = 0 auth_master_user_separator = auth_mechanisms = plain login apop cram-md5 auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = auth_username_translation = auth_verbose = no auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot-proxy config_cache_size = 1 M debug_log_path = default_client_limit = 1000 default_idle_kill = 60 default_internal_user = dovecot default_login_user = dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins disable_plaintext_auth = no dotlock_use_excl = yes doveadm_allowed_commands = doveadm_password = doveadm_proxy_port = 0 doveadm_socket_path = doveadm-server doveadm_worker_count = 0 first_valid_gid = 1 first_valid_uid = 89 hostname = imap_capability = imap_client_workarounds = imap_id_log = imap_id_send = imap_idle_notify_interval = 2 mins imap_logout_format = bytes=%i/%o imap_max_line_length = 64 k import_environment = TZ info_log_path = /var/log/mail/dovecot_info-proxy.log last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/local/dovecot-2.0.15/libexec/dovecot listen = * lmtp_proxy = no lmtp_save_to_detail_mailbox = no lock_method = fcntl log_path = /var/log/mail/dovecot-proxy.log log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Proxy POP/IMAP login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c login_trusted_networks = mail_access_groups = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = no mail_fsync = optimized mail_full_filesystem_access = no mail_gid = mail_home = mail_location = mail_log_prefix = "%s(%u): " mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /usr/local/dovecot-2.0.15/lib/dovecot mail_plugins = mail_privileged_group = mail_save_crlf = no mail_temp_dir = /tmp mail_uid = mailbox_idle_check_interval = 30 secs mailbox_list_index_disable = no maildir_copy_with_hardlinks = yes maildir_stat_dirs = no maildir_very_dirty_syncs = no master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = dotlock fcntl mdbox_preallocate_space = no mdbox_rotate_interval = 0 mdbox_rotate_size = 2 M mmap_disable = yes namespace { hidden = no inbox = yes list = yes location = prefix = separator = / subscriptions = yes type = private } namespace { hidden = yes inbox = no list = no location = prefix = INBOX/ separator = / subscriptions = yes type = private } passdb { args = /usr/local/dovecot/etc/dovecot-sql-proxy.conf deny = no driver = sql master = no pass = no } plugin { quota = maildir } pop3_client_workarounds = pop3_enable_last = no pop3_fast_size_lookups = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_no_flag_updates = no pop3_reuse_xuidl = no pop3_save_uidl = no pop3_uidl_format = %08Xu%08Xv postmaster_address = protocols = imap pop3 quota_full_tempfail = no recipient_delimiter = + rejection_reason = Your message to <%t> was automatically rejected:%n%r rejection_subject = Rejected: %s sendmail_path = /usr/sbin/sendmail service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service auth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = auth -w extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 4096 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener auth-client { group = mode = 0600 user = } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0600 user = } unix_listener login/login { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service config { chroot = client_limit = 0 drop_priv_before_exec = no executable = config extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = config unix_listener config { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service dict { chroot = client_limit = 1 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service director { chroot = client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dns_client { chroot = client_limit = 1 drop_priv_before_exec = no executable = dns-client extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dns-client { group = mode = 0666 user = } unix_listener login/dns-client { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service doveadm { chroot = client_limit = 1 drop_priv_before_exec = no executable = doveadm-server extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener doveadm-server { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service imap-login { chroot = login client_limit = 256 drop_priv_before_exec = no executable = imap-login extra_groups = group = idle_kill = 0 inet_listener imap { address = * port = 143 ssl = no } inet_listener imaps { address = * port = 993 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 20 protocol = imap service_count = 0 type = login user = mail vsz_limit = 64 M } service imap { chroot = client_limit = 1 drop_priv_before_exec = yes executable = imap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener login/imap { group = mode = 0666 user = } user = vsz_limit = 256 M } service ipc { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = ipc extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener ipc { group = mode = 0600 user = } unix_listener login/ipc-proxy { group = mode = 0600 user = $default_login_user } user = $default_internal_user vsz_limit = 18446744073709551615 B } service lmtp { chroot = client_limit = 0 drop_priv_before_exec = no executable = lmtp extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = unix_listener lmtp { group = mode = 0666 user = } user = vsz_limit = 0 } service log { chroot = client_limit = 0 drop_priv_before_exec = no executable = log extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = log user = vsz_limit = 18446744073709551615 B } service pop3-login { chroot = login client_limit = 256 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = * port = 110 ssl = no } inet_listener pop3s { address = * port = 995 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 20 protocol = pop3 service_count = 0 type = login user = mail vsz_limit = 64 M } service pop3 { chroot = client_limit = 1 drop_priv_before_exec = yes executable = pop3 extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = pop3 service_count = 1 type = unix_listener login/pop3 { group = mode = 0666 user = } user = vsz_limit = 256 M } service ssl-params { chroot = client_limit = 0 drop_priv_before_exec = no executable = ssl-params extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = startup unix_listener login/ssl-params { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = yes ssl_ca = Hello all, I am testing postlogin script with dovecot 2. I works but i would like that the imap and pop session get executed even if the post-login script fail. my postlogin script is very simple: #/etc/dovecot/conf.d/10-master.conf service imap { executable = imap imap-postlogin } # service imap-postlogin { executable = script-login /usr/local/bin/postlogin.sh unix_listener imap-postlogin { } } service pop3 { executable = pop3 imap-postlogin } #/usr/local/bin/postlogin.sh echo "UPDATE mailbox SET last_login = now() WHERE username = '$USER'" | mysql -upostlogin -pXXXXXXXX postfixadmin exec "$@" Thanks in advance Osvaldo From stsiol at yahoo.co.uk Fri Oct 28 14:07:46 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Fri, 28 Oct 2011 12:07:46 +0100 (BST) Subject: [Dovecot] adding dovecot to webmin list of services Message-ID: <1319800066.96916.YahooMailNeo@web27204.mail.ukl.yahoo.com> Hello , I am playing with webmin these days and find it really fun to install and use everyday. However, on the services option, amongst other services, the dovecot service is not shown. Does anyone out there have similar experience with webmin and dovecot and know how to make it appear there ? I am using CentOS (5.5/5.6/5.7) 32-bit Dovecot was installed manually and not from yum (.rpm) Dovecot v1.2.15 TIA, s. ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From arlin at mvs.us Fri Oct 28 14:35:56 2011 From: arlin at mvs.us (Arlin) Date: Fri, 28 Oct 2011 17:05:56 +0530 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? Message-ID: <003b01cc9565$c3b86960$4b293c20$@mvs.us> Hi, How can we horizontally scale Dovecot across multiple servers? Do we require to install independent instances of Dovecot on each server? We are planning to use a NAS/SAN device using ZFS or EFS for email storage. Each logical unit will be of 10TB and similarly as the no: of user increases we are planning to add multiple 10TB units. In this case how we can manage the email storage on multiple volumes from Dovecot. The configuration of our existing system is:- Dovecot 1.0.15 / Maildirs Postfix 2.5.5 Debian 5.0.9 (Lenny) MySQL 5.0.15 Please advise. Thanks in advance. Creative Regards, Arlin From stsiol at yahoo.co.uk Fri Oct 28 14:43:37 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Fri, 28 Oct 2011 12:43:37 +0100 (BST) Subject: [Dovecot] adding dovecot to webmin list of services In-Reply-To: <1319800066.96916.YahooMailNeo@web27204.mail.ukl.yahoo.com> References: <1319800066.96916.YahooMailNeo@web27204.mail.ukl.yahoo.com> Message-ID: <1319802217.51718.YahooMailNeo@web27202.mail.ukl.yahoo.com> Duh ! It's already there and I didn't notice it. How typical of me. Sorry guys, s. ? ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis ----- Original Message ----- > From: Spyros Tsiolis > To: Dovecot > Cc: > Sent: Friday, 28 October 2011, 14:07 > Subject: [Dovecot] adding dovecot to webmin list of services > > Hello , > > I am playing with webmin these days and find it > really fun to install and use everyday. > > However, on the services option, amongst other > services, the dovecot service is not shown. > > Does anyone out there have similar experience > with webmin and dovecot and know how to make > it appear there ? > > I am using CentOS (5.5/5.6/5.7) 32-bit > Dovecot was installed manually and not from > yum (.rpm) > Dovecot v1.2.15 > > > TIA, > > s. > > > > > > > > ? > ---- > "I merely function as a channel that filters > music through the chaos of noise" > - Vangelis > From taeuber at bbaw.de Fri Oct 28 18:11:55 2011 From: taeuber at bbaw.de (Lars =?UTF-8?B?VMOkdWJlcg==?=) Date: Fri, 28 Oct 2011 17:11:55 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 Message-ID: <20111028171155.ba0dc761.taeuber@bbaw.de> Hi there. How can I configure dovecot not to listen for imaps connections on port 143. Thanks Lars From matthew.williams at bangor.ac.uk Fri Oct 28 18:17:51 2011 From: matthew.williams at bangor.ac.uk (Dr Matthew Williams) Date: Fri, 28 Oct 2011 16:17:51 +0100 Subject: [Dovecot] Quotas with Maildir and mdbox Message-ID: <4EAAC79F.8010805@bangor.ac.uk> Hello, We use LDAP to store our Maildir++ quota information for our Maildir mailboxes. I notice in the documentation that only SQL and flat files are supported by the dictionary quota if I want to use quota with mdbox? Are there any plans to allow LDAP to be used as the store? Regards, Matthew. -- Dr Matthew Williams MEng PhD MBCS Systems Administrator - IT Services - Bangor University Prifysgol Bangor Tel: (44) (0)1248 382414 Adeilad Deiniol Mob: (44) (0)7979 778269 Ffordd Deiniol URL: www.bangor.ac.uk Bangor, Gwynedd LL57 2UX EMail: matthew.williams at bangor.ac.uk -- Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi, gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar unwaith a dil?wch y neges. Os na fwriadwyd anfon y neges atoch chi, rhaid i chi beidio ? defnyddio, cadw neu ddatgelu unrhyw wybodaeth a gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i hanfonodd yn unig ac nid yw o anghenraid yn cynrychioli barn Prifysgol Bangor. Nid yw Prifysgol Bangor yn gwarantu bod y neges e-bost hon neu unrhyw atodiadau yn rhydd rhag firysau neu 100% yn ddiogel. Oni bai fod hyn wedi ei ddatgan yn uniongyrchol yn nhestun yr e-bost, nid bwriad y neges e-bost hon yw ffurfio contract rhwymol - mae rhestr o lofnodwyr awdurdodedig ar gael o Swyddfa Cyllid Prifysgol Bangor. www.bangor.ac.uk This email and any attachments may contain confidential material and is solely for the use of the intended recipient(s). If you have received this email in error, please notify the sender immediately and delete this email. If you are not the intended recipient(s), you must not use, retain or disclose any information contained in this email. Any views or opinions are solely those of the sender and do not necessarily represent those of the Bangor University. Bangor University does not guarantee that this email or any attachments are free from viruses or 100% secure. Unless expressly stated in the body of the text of the email, this email is not intended to form a binding contract - a list of authorised signatories is available from the Bangor University Finance Office. www.bangor.ac.uk From dswartz at druber.com Fri Oct 28 18:21:33 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Fri, 28 Oct 2011 11:21:33 -0400 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <20111028171155.ba0dc761.taeuber@bbaw.de> References: <20111028171155.ba0dc761.taeuber@bbaw.de> Message-ID: <4EAAC87D.80602@druber.com> Lars T?uber wrote: > Hi there. > > How can I configure dovecot not to listen for imaps connections on port 143. > > Thanks > Lars > You should be able to configure the dovecot.conf file to remove imaps as one of the protocols. e.g. like this line: protocols = imap imaps From simon.brereton at buongiorno.com Fri Oct 28 18:28:30 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Fri, 28 Oct 2011 11:28:30 -0400 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <4EAAC87D.80602@druber.com> References: <20111028171155.ba0dc761.taeuber@bbaw.de> <4EAAC87D.80602@druber.com> Message-ID: On 28 October 2011 11:21, Dan Swartzendruber wrote: > Lars T?uber wrote: >> >> Hi there. >> >> How can I configure dovecot not to listen for imaps connections on port >> 143. >> >> Thanks >> Lars >> > > You should be able to configure the dovecot.conf file to remove imaps as one > of the protocols. > > e.g. like this line: > > protocols = imap imaps I understood that the OP wanted to have IMAPS listen on some port other than 143.. Simon From dswartz at druber.com Fri Oct 28 18:55:50 2011 From: dswartz at druber.com (Dan Swartzendruber) Date: Fri, 28 Oct 2011 11:55:50 -0400 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <20111028171155.ba0dc761.taeuber@bbaw.de> References: <20111028171155.ba0dc761.taeuber@bbaw.de> Message-ID: <4EAAD086.7040904@druber.com> that was lame. i tried posting a snippet of the sample dovecot.conf file to show the part that the OP would want to change, and the mailer bounced it with: : permission denied. Command output: Don't post your whole dovecot.conf. Use dovecot -n instead. Fooey... From robert at schetterer.org Fri Oct 28 19:18:23 2011 From: robert at schetterer.org (Robert Schetterer) Date: Fri, 28 Oct 2011 18:18:23 +0200 Subject: [Dovecot] post login script In-Reply-To: References: Message-ID: <4EAAD5CF.90905@schetterer.org> Am 28.10.2011 12:49, schrieb Osvaldo Alvarez Pozo: > Hello all, > > I am testing postlogin script with dovecot 2. > > I works but i would like that the imap and pop session get executed > even if the post-login script fail. > > my postlogin script is very simple: > > #/etc/dovecot/conf.d/10-master.conf > > service imap { > > executable = imap imap-postlogin > > } > # > service imap-postlogin { > > executable = script-login /usr/local/bin/postlogin.sh > > unix_listener imap-postlogin { > } > } > > > service pop3 { > > executable = pop3 imap-postlogin > > } > > #/usr/local/bin/postlogin.sh > echo "UPDATE mailbox SET last_login = now() WHERE username = '$USER'" > | mysql -upostlogin -pXXXXXXXX postfixadmin > exec "$@" > > > Thanks in advance > > Osvaldo i have it like this service pop3 { executable = pop3 pop3-postlogin } service pop3-postlogin { executable = script-login /usr/local/bin/postlogin_pop3.sh user = root unix_listener pop3-postlogin { } } -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From japc at co.sapo.pt Fri Oct 28 19:45:02 2011 From: japc at co.sapo.pt (=?ISO-8859-1?Q?Jos=E9?= Celestino) Date: Fri, 28 Oct 2011 17:45:02 +0100 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: References: <20111028171155.ba0dc761.taeuber@bbaw.de> <4EAAC87D.80602@druber.com> Message-ID: <1319820302.12048.2.camel@morgoth> On Sex, 2011-10-28 at 11:28 -0400, Simon Brereton wrote: > On 28 October 2011 11:21, Dan Swartzendruber wrote: > > Lars T?uber wrote: > >> > >> Hi there. > >> > >> How can I configure dovecot not to listen for imaps connections on port > >> 143. > >> > >> Thanks > >> Lars > >> > > > > You should be able to configure the dovecot.conf file to remove imaps as one > > of the protocols. > > > > e.g. like this line: > > > > protocols = imap imaps > > I understood that the OP wanted to have IMAPS listen on some port > other than 143.. > IMAPS already listens on a port other than 143, port 993. From nmilas at noa.gr Fri Oct 28 20:15:33 2011 From: nmilas at noa.gr (Nikolaos Milas) Date: Fri, 28 Oct 2011 20:15:33 +0300 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <1319820302.12048.2.camel@morgoth> References: <20111028171155.ba0dc761.taeuber@bbaw.de> <4EAAC87D.80602@druber.com> <1319820302.12048.2.camel@morgoth> Message-ID: <4EAAE335.4060209@noa.gr> On 28/10/2011 7:45 ??, Jos? Celestino wrote: > IMAPS already listens on a port other than 143, port 993. True. If you don't want to offer TLS/SSL, I guess you can just set ssl = no. If you want to force the use of TLS/SSL (which I imagine will disable accepting connections on port 143), use ssl = required. Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5554 bytes Desc: S/MIME Cryptographic Signature URL: From sven at svenhartge.de Fri Oct 28 20:58:49 2011 From: sven at svenhartge.de (Sven Hartge) Date: Fri, 28 Oct 2011 19:58:49 +0200 Subject: [Dovecot] Quotas with Maildir and mdbox References: <4EAAC79F.8010805@bangor.ac.uk> Message-ID: <589hf9ru2v8@mids.svenhartge.de> Dr Matthew Williams wrote: > We use LDAP to store our Maildir++ quota information for our Maildir > mailboxes. I notice in the documentation that only SQL and flat files > are supported by the dictionary quota if I want to use quota with > mdbox? Are there any plans to allow LDAP to be used as the store? Do you really want to use LDAP to store the constant changing and often rewritten values for the actual used space of the mailbox? Believe me, this _will_ cause awful performance. Reading the maximum quota values from LDAP on the other hand is quite common, just storing the runtime information about the message count and the current size is a very very bad idea. Gr??e, Sven. -- Sigmentation fault. Core dumped. From seandarcy2 at gmail.com Fri Oct 28 22:34:14 2011 From: seandarcy2 at gmail.com (sean darcy) Date: Fri, 28 Oct 2011 15:34:14 -0400 Subject: [Dovecot] What owner/permissions for virtual homes? Message-ID: VirtualUsers.Home.txt: The directory layouts for home and mail directories could look like one of these (in the preferred order): 1. Mail directory under home, for example: home='/var/vmail/domain/user/' mail='/var/vmail/domain/user/mail/' Who should be the owner of these directories, with that permissions? Does it make a difference if it's /home/vmail rather than /var/vmail? Thanks, Jay From pgnet.dev+rich-dovecot at gmail.com Fri Oct 28 23:01:17 2011 From: pgnet.dev+rich-dovecot at gmail.com (Rich) Date: Fri, 28 Oct 2011 13:01:17 -0700 Subject: [Dovecot] Are you successfully using using SQL queries to manage Dovecot2 Quota Values & Limits? Message-ID: On Mon, Oct 24, 2011 at 11:14 AM, Rich wrote: > I'm able to consistently reproduce this problem/behavior, but not > workaround or fix it, yet. > > Rich > > On Wed, Oct 19, 2011 at 7:41 AM, Rich wrote: >> I've made some progress, but quota 'Limit' is still not fully >> functioning for me. >> >> A couple of changes have helped: >> >> Specifying a "%u% as username format, >> >> ? ? ? ?/etc/dovecot/conf.d/90-quota.conf >> ? ? ? ? ? ? ? ?plugin { >> - ? ? ? ? ? ? ? ? ? ? ? quota = dict:User Quota::proxy::quota >> + ? ? ? ? ? ? ? ? ? ? ? quota = dict:User Quota:%u:proxy::quota >> ? ? ? ? ? ? ? ? ? ? ? ?quota_rule = *:bytes=1073741824:messages=10000 >> ? ? ? ? ? ? ? ? ? ? ? ?quota_rule2 = Trash:storage=+10%% >> ? ? ? ? ? ? ? ?} >> >> using 'username' rather than 'user' in the user iteration query >> >> ? ? ? ?/etc/dovecot/sql/virtmail-userdb-sql.cf >> ? ? ? ? ? ? ? ?driver = mysql >> ? ? ? ? ? ? ? ?connect = host=/var/run/mysql/mysql.sock dbname=my_db user=my_user >> password=my_pass >> ? ? ? ? ? ? ? ?user_query = CALL UserDBQuery('%n','%d'); >> - ? ? ? ? ? ? ? iterate_query = SELECT `MAILBOX_user_domain` AS user FROM `PARAMS`; >> + ? ? ? ? ? ? ? iterate_query = SELECT `MAILBOX_user_domain` AS username FROM `PARAMS`; >> >> and adding to my user_query, >> >> ? ? ? ?CREATE PROCEDURE `UserDBQuery`( >> ? ? ? ? ? ? ? ?... >> ? ? ? ? ? ? ? ?SELECT ... >> ? ? ? ? ? ? ? ? ?concat('*:bytes=', quota_bytes, ':messages=10000') AS quota_rule, >> ? ? ? ? ? ? ? ? ?... >> >> Now, at init, >> >> ? ? ? ?doveadm quota get -A >> ? ? ? ? ? ? ? ?Username ? ? ? ? ? ? ? ?Quota name ? ? ?Type ? ? ? ? ? ?Value ? Limit ? % >> ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 >> ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 >> ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 >> ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 >> >> ? ? ? ?mysql> select * from PARAMS; >> ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ >> ? ? ? ? ? ? ? ?| ai | MAILBOX_user_domain ? ?| quota_bytes | quota_msgs | >> ? ? ? ? ? ? ? ?+----+------------------------+-------------+------------+ >> ? ? ? ? ? ? ? ?| ?1 | ?myuser at domain1.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | >> ? ? ? ? ? ? ? ?| ?2 | ?myuser at domain2.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | >> ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ >> ? ? ? ? ? ? ? ?2 rows in set (0.00 sec) >> >> and, after sending a single message to 'myuser at domain1.com', I do see >> that Dovecot now recognizes/calculates a quota change, and only for >> one domain, >> >> ? ? ? ?doveadm quota get -A >> ? ? ? ? ? ? ? ?Username ? ? ? ? ? ? ? ?Quota name ? ? ?Type ? ? ? ? ? ?Value ? Limit ? % >> ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 3 ? ? ? 3 ? ? ? 100 >> ? ? ? ? ? ? ? ?myuser at domain1.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 1 ? ? ? 10000 ? 0 >> ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?STORAGE ? ? ? ? 0 ? ? ? 0 ? ? ? 0 >> ? ? ? ? ? ? ? ?myuser at domain2.com ? ? ?User quota ? ? ?MESSAGE ? ? ? ? 0 ? ? ? 10000 ? 0 >> >> ? ? ? ?mysql> select * from PARAMS; >> ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ >> ? ? ? ? ? ? ? ?| ai | MAILBOX_user_domain ? ?| quota_bytes | quota_msgs | >> ? ? ? ? ? ? ? ?+----+------------------------+-------------+------------+ >> ? ? ? ? ? ? ? ?| ?1 | ?myuser at domain1.com ? ?| ? ? ? ?3269 | ? ? ? ? ?1 | >> ? ? ? ? ? ? ? ?| ?2 | ?myuser at domain2.com ? ?| ? ? ? ? ? 0 | ? ? ? ? ?0 | >> ? ? ? ? ? ? ? ?+----+------------------------+------------+-------------+ >> ? ? ? ? ? ? ? ?2 rows in set (0.00 sec) >> >> >> But, the Limit's wrong. ?It's not picking up the global Limit from >> >> ? ? ? ?/etc/dovecot/conf.d/90-quota.conf >> ? ? ? ? ? ? ? ?... >> --> ? ? ? ? ? ? quota_rule = *:bytes=1073741824:messages=10000 >> ? ? ? ? ? ? ? ?... >> >> and once a message quota Value is calculated, the Limit is set == >> Value, resulting in an incorrrect quota %-age of 100%. >> >> Is Limit supposed to be specified per-user? >> >> Rich >> > From seandarcy2 at gmail.com Fri Oct 28 23:04:30 2011 From: seandarcy2 at gmail.com (sean darcy) Date: Fri, 28 Oct 2011 16:04:30 -0400 Subject: [Dovecot] What owner/permissions for virtual homes? In-Reply-To: References: Message-ID: On 10/28/2011 03:34 PM, sean darcy wrote: > VirtualUsers.Home.txt: > > The directory layouts for home and mail directories could look like one of > these (in the preferred order): > > 1. Mail directory under home, for example: home='/var/vmail/domain/user/' > mail='/var/vmail/domain/user/mail/' > > Who should be the owner of these directories, with that permissions? > > Does it make a difference if it's /home/vmail rather than /var/vmail? > > Thanks, > sean > > Also, it suggests the following configuration: mail_home = /var/vmail/%d/%n mail_location = maildir:~/mail but where does mail_home appear? Also in 10-mail.conf? sean From dovecot-ml at makomi.de Fri Oct 28 23:13:42 2011 From: dovecot-ml at makomi.de (=?iso-8859-1?Q?Michael_K=F6hler?=) Date: Fri, 28 Oct 2011 22:13:42 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <20111028171155.ba0dc761.taeuber@bbaw.de> References: <20111028171155.ba0dc761.taeuber@bbaw.de> Message-ID: <54DE3C65-444A-463F-85F7-B01916FC3779@makomi.de> Hi Lars, Am 28.10.2011 um 17:11 schrieb Lars T?uber: > How can I configure dovecot not to listen for imaps connections on port 143. like this? service imap-login { inet_listener imaps { port = 993 } } please execute "doveconf" and have a look at all configuration - you could learn a lot :) Bye, Michael From lars.taeuber at gmx.net Fri Oct 28 23:24:37 2011 From: lars.taeuber at gmx.net (Lars =?UTF-8?B?VMOkdWJlcg==?=) Date: Fri, 28 Oct 2011 22:24:37 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 Message-ID: <20111028222437.04a3827a.lars.taeuber@gmx.net> Hi. Sorry for breaking this thread, but I just subscribed from a different address. I made a mistake. I didn't mean ?imaps? but ?imap2? How can I configure dovecot not to listen for imap connections on port 143. I want dovecot to listen only on port 993. And ssl = required is already set. So this is not the right solution. I just comemnted the whole inet_listener imap {...} section out. But this seems to be some kind of default setting. I tried to set: inet_listener { address = none } I tried to leave the address variable blank. But no succes. Good night Lars From dovecot-ml at makomi.de Fri Oct 28 23:30:18 2011 From: dovecot-ml at makomi.de (=?iso-8859-1?Q?Michael_K=F6hler?=) Date: Fri, 28 Oct 2011 22:30:18 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <20111028222437.04a3827a.lars.taeuber@gmx.net> References: <20111028222437.04a3827a.lars.taeuber@gmx.net> Message-ID: <2F4F63AF-1A7B-46A2-9445-599995BF579D@makomi.de> Hi Lars, Am 28.10.2011 um 22:24 schrieb Lars T?uber: > I didn't mean ?imaps? but ?imap2? > > How can I configure dovecot not to listen for imap connections on port 143. > > I want dovecot to listen only on port 993. > And ssl = required is already set. So this is not the right solution. > > I just comemnted the whole inet_listener imap {...} section out. But this seems to be some kind of default setting. > I tried to set: > > inet_listener { > address = none > } > > I tried to leave the address variable blank. But no succes. protocols = imap service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } Greetings, Michael From lars.taeuber at gmx.net Fri Oct 28 23:38:28 2011 From: lars.taeuber at gmx.net (Lars =?UTF-8?B?VMOkdWJlcg==?=) Date: Fri, 28 Oct 2011 22:38:28 +0200 Subject: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143 In-Reply-To: <2F4F63AF-1A7B-46A2-9445-599995BF579D@makomi.de> References: <20111028222437.04a3827a.lars.taeuber@gmx.net> <2F4F63AF-1A7B-46A2-9445-599995BF579D@makomi.de> Message-ID: <20111028223828.97184e8f.lars.taeuber@gmx.net> Hi Michael, On Fri, 28 Oct 2011 22:30:18 +0200 Michael K?hler wrote: > Hi Lars, > > Am 28.10.2011 um 22:24 schrieb Lars T?uber: > > I want dovecot to listen only on port 993. [...] > protocols = imap > > service imap-login { > inet_listener imap { > port = 0 > } this is it. Many thanks Lars From p.heinlein at heinlein-support.de Sat Oct 29 02:41:41 2011 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Sat, 29 Oct 2011 01:41:41 +0200 Subject: [Dovecot] dsync should sync sieve-dirs to! Message-ID: <201110290141.41963.p.heinlein@heinlein-support.de> Having dsync to make backups from existing mail-spaces, it would be nice to make dsync syncing the sieve-dirs too. -Otherweise backups aren't complete... Peer -- Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From ghandidrivesahumvee at rocketfish.com Sat Oct 29 03:34:07 2011 From: ghandidrivesahumvee at rocketfish.com (Dovecot-GDH) Date: Fri, 28 Oct 2011 17:34:07 -0700 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110290141.41963.p.heinlein@heinlein-support.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> Message-ID: <9002F134-560C-4947-8105-1BD8847407B1@rocketfish.com> Why not just add a line for your local sieve folder to the same shell/cgi script that executes dsync? On Oct 28, 2011, at 4:41 PM, Peer Heinlein wrote: > > Having dsync to make backups from existing mail-spaces, it would be nice > to make dsync syncing the sieve-dirs too. -Otherweise backups aren't > complete... > > Peer > > > -- > Heinlein Professional Linux Support GmbH > Linux: Akademie - Support - Hosting > > http://www.heinlein-support.de > Tel: 030 / 40 50 51 - 0 > Fax: 030 / 40 50 51 - 19 > > Zwangsangaben lt. ?35a GmbHG: > HRB 93818 B / Amtsgericht Berlin-Charlottenburg, > Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From ghandidrivesahumvee at rocketfish.com Sat Oct 29 04:05:17 2011 From: ghandidrivesahumvee at rocketfish.com (Dovecot-GDH) Date: Fri, 28 Oct 2011 18:05:17 -0700 Subject: [Dovecot] Seen flag getting lost In-Reply-To: <20111025110238.GB8900@gumme.math.uni-bonn.de> References: <20111025110238.GB8900@gumme.math.uni-bonn.de> Message-ID: If more than one Dovecot instance is accessing the same set of mailboxes over NFS or other network filesystem, you will need to use the directors. You may as well upgrade to 2.0. On Oct 25, 2011, at 4:02 AM, Edgar Fu? wrote: > We have two dovecot 1.2 instances sharing Maildirs on NFS. Indexes are local to the individual servers. > Occasionally (no idea how to trigger this), the Seen flag gets lost on some messages. I've verified that actually the ``S'' is missing from the filename. > I suspect something like server A caching the flags, server B setting Seen, and then server A flushing its cache for another change so overwriting what B changed. > Any ideas short of switching to 2.0? From seandarcy2 at gmail.com Sat Oct 29 05:03:41 2011 From: seandarcy2 at gmail.com (sean darcy) Date: Fri, 28 Oct 2011 22:03:41 -0400 Subject: [Dovecot] dovecot creating literal %d/%n/ folders Message-ID: I have a virtual user test1. cat /etc/dovecot/users test1@:{PLAIN}test1pass:504:504::/home/vmail/%d/%n catchall@:{PLAIN}password:504:504::/home/vmail/%d/%n @:{PLAIN}password:504:504::/home/vmail//catchall test1 at example.com:{PLAIN}test1pass:504:504::/home/vmail/%d/%n ls /home/vmail/%d/%n/mail cur dovecot.index.cache dovecot.index.log dovecot-uidlist dovecot-uidvalidity dovecot-uidvalidity.4eab20a7 new tmp and mail to test1@ goes into this %d/%n folder. In fact dovecot created the folder - at least I didn't. from dovecot-info.log Oct 28 17:43:11 auth: Debug: master in: USER 4 test1@ service=lmtp Oct 28 17:43:11 auth: Debug: passwd(test1@): lookup Oct 28 17:43:11 auth: Info: passwd(test1@): unknown user Oct 28 17:43:11 auth: Debug: passwd-file(test1@): lookup: user=test1@ file=/etc/dovecot/users Oct 28 17:43:11 auth: Debug: master out: USER 4 test1@ uid=504 gid=504 home=/home/vmail/%d/%n Oct 28 17:43:11 lmtp(4533, test1@): Info: l6DnLacgq061EQAABoXEcA: msgid=<4EAB21EC.9070905 at gmail.com>: saved mail to INBOX I would have expected dovecot to expand this to /home/vmail//test1. Or are the %u %d variables only expanded in certain files? sean From robert at schetterer.org Sat Oct 29 10:15:31 2011 From: robert at schetterer.org (Robert Schetterer) Date: Sat, 29 Oct 2011 09:15:31 +0200 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110290141.41963.p.heinlein@heinlein-support.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> Message-ID: <4EABA813.2050206@schetterer.org> Am 29.10.2011 01:41, schrieb Peer Heinlein: > > Having dsync to make backups from existing mail-spaces, it would be nice > to make dsync syncing the sieve-dirs too. -Otherweise backups aren't > complete... > > Peer > > Hi Peer meanwhile , you may use rsync additional as workaround -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From p.heinlein at heinlein-support.de Sun Oct 30 14:16:59 2011 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Sun, 30 Oct 2011 13:16:59 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EABA813.2050206@schetterer.org> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> Message-ID: <201110301316.59856.p.heinlein@heinlein-support.de> Am Samstag, 29. Oktober 2011, 09:15:31 schrieb Robert Schetterer: > Hi Peer meanwhile , you may use rsync additional as workaround Yes, I'm using rsync for 15 years for this. I'd like to STOP using rsync. It should be possible to make a *complete* backup/mirror of a user's mailbox with dsync. And a backup/mirror without sieve is incomplete. Peer -- Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From p.heinlein at heinlein-support.de Sun Oct 30 14:18:04 2011 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Sun, 30 Oct 2011 13:18:04 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <9002F134-560C-4947-8105-1BD8847407B1@rocketfish.com> References: <201110290141.41963.p.heinlein@heinlein-support.de> <9002F134-560C-4947-8105-1BD8847407B1@rocketfish.com> Message-ID: <201110301318.04585.p.heinlein@heinlein-support.de> Am Samstag, 29. Oktober 2011, 02:34:07 schrieb Dovecot-GDH: > Why not just add a line for your local sieve folder to the same > shell/cgi script that executes dsync? Why using dsync at all? Peer -- Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From robert at schetterer.org Sun Oct 30 14:24:52 2011 From: robert at schetterer.org (Robert Schetterer) Date: Sun, 30 Oct 2011 13:24:52 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110301316.59856.p.heinlein@heinlein-support.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> Message-ID: <4EAD4214.6020405@schetterer.org> Am 30.10.2011 13:16, schrieb Peer Heinlein: > Am Samstag, 29. Oktober 2011, 09:15:31 schrieb Robert Schetterer: > >> Hi Peer meanwhile , you may use rsync additional as workaround > > Yes, I'm using rsync for 15 years for this. > > I'd like to STOP using rsync. > > It should be possible to make a *complete* backup/mirror of a user's > mailbox with dsync. And a backup/mirror without sieve is incomplete. > > Peer > > > yes youre right -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From laxlaw at gmx.de Sun Oct 30 13:53:26 2011 From: laxlaw at gmx.de (=?UTF-8?Q?Lukas_Wei=C3=9F?=) Date: Sun, 30 Oct 2011 12:53:26 +0100 Subject: [Dovecot] =?utf-8?q?Bad_creation_timestamp_of_migrated_mails_=28m?= =?utf-8?q?aildir_format=29=3F?= Message-ID: <995cb6b0e895c72fa16fd7e0f0a4d8e0@weiss.homelinux.com> Hello everybody, ive just switched to dovecot imap because dbmail i used before is not developed any further and sql storage is difficult to backup. Ive done that, by setting up dovecot with maildir format and copy mails from old dbmail to new dovecot imap server with my mail client (thunderbird). Unfortunately migrating to dovecot brought me some problems with my Android K9 Mail client: Sync with IMAP-Server shows me only the oldest mails. I think the problem is, that K9 only fetches the newest mails (25) from the server (to save memory etc). Which mail is "new" is probably determined by creation timestamp of the email-files in my mailbox, which was copied newest first on migration from dbmail to dovecot. So the older mails have the newer creation timestamp on file system. Do you have any suggestions how to fix that problem? Maybe migrate to dbox mailbox format? BTW: New mails show up correctly, as the creation timestamp is new. Thanks Lukas From marcin at mejor.pl Sun Oct 30 16:35:08 2011 From: marcin at mejor.pl (=?ISO-8859-2?Q?Marcin_Miros=B3aw?=) Date: Sun, 30 Oct 2011 15:35:08 +0100 Subject: [Dovecot] [OT] Bad creation timestamp of migrated mails (maildir format)? In-Reply-To: <995cb6b0e895c72fa16fd7e0f0a4d8e0@weiss.homelinux.com> References: <995cb6b0e895c72fa16fd7e0f0a4d8e0@weiss.homelinux.com> Message-ID: <4EAD609C.3050907@mejor.pl> W dniu 2011-10-30 12:53, Lukas Wei? pisze: > > Hello everybody, > > ive just switched to dovecot imap because dbmail > i used before is not developed any further Hello! Where i can find information about this? Regards From ghandidrivesahumvee at rocketfish.com Sun Oct 30 23:06:31 2011 From: ghandidrivesahumvee at rocketfish.com (Dovecot-GDH) Date: Sun, 30 Oct 2011 14:06:31 -0700 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAD4214.6020405@schetterer.org> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <4EAD4214.6020405@schetterer.org> Message-ID: <2EBAB205-6B4E-48BA-9DFF-6959C3B9E902@rocketfish.com> >> Why using dsync at all? dsync is a tool used for synchronizing mailboxes. >> It should be possible to make a *complete* backup/mirror of a user's >> mailbox with sync The Sieve folder is not part of the mailbox. On Oct 30, 2011, at 5:24 AM, Robert Schetterer wrote: > Am 30.10.2011 13:16, schrieb Peer Heinlein: >> Am Samstag, 29. Oktober 2011, 09:15:31 schrieb Robert Schetterer: >> >>> Hi Peer meanwhile , you may use rsync additional as workaround >> >> Yes, I'm using rsync for 15 years for this. >> >> I'd like to STOP using rsync. >> >> It should be possible to make a *complete* backup/mirror of a user's >> mailbox with dsync. And a backup/mirror without sieve is incomplete. >> >> Peer >> >> >> > > yes youre right > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria From robert at schetterer.org Mon Oct 31 08:17:35 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 07:17:35 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <2EBAB205-6B4E-48BA-9DFF-6959C3B9E902@rocketfish.com> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <4EAD4214.6020405@schetterer.org> <2EBAB205-6B4E-48BA-9DFF-6959C3B9E902@rocketfish.com> Message-ID: <4EAE3D7F.5050701@schetterer.org> Am 30.10.2011 22:06, schrieb Dovecot-GDH: >>> Why using dsync at all? > > dsync is a tool used for synchronizing mailboxes. > >>> It should be possible to make a *complete* backup/mirror of a user's >>> mailbox with sync > > The Sieve folder is not part of the mailbox. thats a definiton question, anyway Peer is right it would be a nice to have, but not hardly needed no need to flame in any case > > On Oct 30, 2011, at 5:24 AM, Robert Schetterer wrote: > >> Am 30.10.2011 13:16, schrieb Peer Heinlein: >>> Am Samstag, 29. Oktober 2011, 09:15:31 schrieb Robert Schetterer: >>> >>>> Hi Peer meanwhile , you may use rsync additional as workaround >>> >>> Yes, I'm using rsync for 15 years for this. >>> >>> I'd like to STOP using rsync. >>> >>> It should be possible to make a *complete* backup/mirror of a user's >>> mailbox with dsync. And a backup/mirror without sieve is incomplete. >>> >>> Peer >>> >>> >>> >> >> yes youre right >> >> -- >> Best Regards >> >> MfG Robert Schetterer >> >> Germany/Munich/Bavaria > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From nebano at gmail.com Mon Oct 31 09:51:44 2011 From: nebano at gmail.com (Osvaldo Alvarez Pozo) Date: Mon, 31 Oct 2011 08:51:44 +0100 Subject: [Dovecot] post login script In-Reply-To: <4EAAD5CF.90905@schetterer.org> References: <4EAAD5CF.90905@schetterer.org> Message-ID: Hello, Thanks for your naswer, but there is no difference bettwen your conf & mine execpt for the name of service. Thanks again Osvaldo 2011/10/28 Robert Schetterer : > Am 28.10.2011 12:49, schrieb Osvaldo Alvarez Pozo: >> Hello all, >> >> I am testing postlogin script with dovecot 2. >> >> I works but i would like that the imap and pop session get executed >> even if the post-login script fail. >> >> my postlogin script is very simple: >> >> #/etc/dovecot/conf.d/10-master.conf >> >> service imap { >> >> executable = imap imap-postlogin >> >> } >> # >> service imap-postlogin { >> >> ? executable = script-login /usr/local/bin/postlogin.sh >> >> ? unix_listener imap-postlogin { >> ? } >> } >> >> >> service pop3 { >> >> executable = pop3 imap-postlogin >> >> } >> >> #/usr/local/bin/postlogin.sh >> echo "UPDATE mailbox SET last_login = now() WHERE username = '$USER'" >> | mysql -upostlogin -pXXXXXXXX postfixadmin >> exec "$@" >> >> >> Thanks in advance >> >> Osvaldo > > i have it like this > > > service pop3 { > > > executable = pop3 pop3-postlogin > } > > service pop3-postlogin { > ? executable = script-login /usr/local/bin/postlogin_pop3.sh > ?user = root > ?unix_listener pop3-postlogin { > ?} > ?} > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > From robert at schetterer.org Mon Oct 31 09:57:47 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 08:57:47 +0100 Subject: [Dovecot] post login script In-Reply-To: References: <4EAAD5CF.90905@schetterer.org> Message-ID: <4EAE54FB.10304@schetterer.org> Am 31.10.2011 08:51, schrieb Osvaldo Alvarez Pozo: > Hello, > > Thanks for your naswer, but there is no difference bettwen your conf & > mine execpt for the name of service. > > Thanks again are you sure ? i have 2 different ( extra ) login scripts not only one fitting for imap and pop3 but you only asked for pop3 > > Osvaldo > > 2011/10/28 Robert Schetterer : >> Am 28.10.2011 12:49, schrieb Osvaldo Alvarez Pozo: >>> Hello all, >>> >>> I am testing postlogin script with dovecot 2. >>> >>> I works but i would like that the imap and pop session get executed >>> even if the post-login script fail. >>> >>> my postlogin script is very simple: >>> >>> #/etc/dovecot/conf.d/10-master.conf >>> >>> service imap { >>> >>> executable = imap imap-postlogin >>> >>> } >>> # >>> service imap-postlogin { >>> >>> executable = script-login /usr/local/bin/postlogin.sh >>> >>> unix_listener imap-postlogin { >>> } >>> } >>> >>> >>> service pop3 { >>> >>> executable = pop3 imap-postlogin >>> >>> } >>> >>> #/usr/local/bin/postlogin.sh >>> echo "UPDATE mailbox SET last_login = now() WHERE username = '$USER'" >>> | mysql -upostlogin -pXXXXXXXX postfixadmin >>> exec "$@" >>> >>> >>> Thanks in advance >>> >>> Osvaldo >> >> i have it like this >> >> >> service pop3 { >> >> >> executable = pop3 pop3-postlogin >> } >> >> service pop3-postlogin { >> executable = script-login /usr/local/bin/postlogin_pop3.sh >> user = root >> unix_listener pop3-postlogin { >> } >> } >> >> >> -- >> Best Regards >> >> MfG Robert Schetterer >> >> Germany/Munich/Bavaria >> -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From arlin at mvs.us Mon Oct 31 10:45:40 2011 From: arlin at mvs.us (Arlin) Date: Mon, 31 Oct 2011 14:15:40 +0530 Subject: [Dovecot] Manage dovecot maildir on multiple servers Message-ID: <002b01cc97a9$79b453b0$6d1cfb10$@mvs.us> Any suggestions on how to implement dovecot maildir on multiple servers. Does this required independent installation of Dovecot on each servers, or a single instance of Dovecot with shared MailDir would serve the purpose? Thanks, Arlin From arlin at mvs.us Mon Oct 31 10:47:07 2011 From: arlin at mvs.us (Arlin) Date: Mon, 31 Oct 2011 14:17:07 +0530 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? Message-ID: <003001cc97a9$addbeb80$0993c280$@mvs.us> Could anyone please respond to this query. Thank you! From: Arlin [mailto:arlin at mvs.us] Sent: 28 October 2011 17:06 To: 'dovecot at dovecot.org' Subject: How can we horizontally scale Dovecot across multiple servers? Hi, How can we horizontally scale Dovecot across multiple servers? Do we require to install independent instances of Dovecot on each server? We are planning to use a NAS/SAN device using ZFS or EFS for email storage. Each logical unit will be of 10TB and similarly as the no: of user increases we are planning to add multiple 10TB units. In this case how we can manage the email storage on multiple volumes from Dovecot. The configuration of our existing system is:- Dovecot 1.0.15 / Maildirs Postfix 2.5.5 Debian 5.0.9 (Lenny) MySQL 5.0.15 Please advise. Thanks in advance. Creative Regards, Arlin From robert at schetterer.org Mon Oct 31 10:56:10 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 09:56:10 +0100 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <003001cc97a9$addbeb80$0993c280$@mvs.us> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> Message-ID: <4EAE62AA.6080203@schetterer.org> Am 31.10.2011 09:47, schrieb Arlin: > Could anyone please respond to this query. Thank you! you may use loadbalancers i.e (keepalived etc) and/or http://wiki2.dovecot.org/FeatLoginProxy http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy look the list for cluster setups etc reading your former post you want to use many outdated prog versions dont do that a san for storage might be a good choice some of the list use drbd with ocfs2 and other cluster filesystems > > > > From: Arlin [mailto:arlin at mvs.us] > Sent: 28 October 2011 17:06 > To: 'dovecot at dovecot.org' > Subject: How can we horizontally scale Dovecot across multiple servers? > > > > Hi, > > > > How can we horizontally scale Dovecot across multiple servers? Do we require > to install independent instances of Dovecot on each server? > > > > We are planning to use a NAS/SAN device using ZFS or EFS for email storage. > Each logical unit will be of 10TB and similarly as the no: of user increases > we are planning to add multiple 10TB units. > > In this case how we can manage the email storage on multiple volumes from > Dovecot. > > > > The configuration of our existing system is:- > > > > Dovecot 1.0.15 / Maildirs > > Postfix 2.5.5 > > Debian 5.0.9 (Lenny) > > MySQL 5.0.15 > > > > Please advise. > > > > Thanks in advance. > > > > Creative Regards, > > Arlin > > > > > > > > > > > > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From arlin at mvs.us Mon Oct 31 11:43:07 2011 From: arlin at mvs.us (Arlin) Date: Mon, 31 Oct 2011 15:13:07 +0530 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <4EAE62AA.6080203@schetterer.org> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> Message-ID: <000301cc97b1$81100ca0$833025e0$@mvs.us> Hi Robert, Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other component's to the latest version. In that case, can we use san for storage or are you recommending that drbd with ocfs2 is the best way to attain the horizontal scalability for the mail storage? Thanks, Arlin -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Robert Schetterer Sent: 31 October 2011 14:26 To: dovecot at dovecot.org Subject: Re: [Dovecot] How can we horizontally scale Dovecot across multiple servers? Am 31.10.2011 09:47, schrieb Arlin: > Could anyone please respond to this query. Thank you! you may use loadbalancers i.e (keepalived etc) and/or http://wiki2.dovecot.org/FeatLoginProxy http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy look the list for cluster setups etc reading your former post you want to use many outdated prog versions dont do that a san for storage might be a good choice some of the list use drbd with ocfs2 and other cluster filesystems > > > > From: Arlin [mailto:arlin at mvs.us] > Sent: 28 October 2011 17:06 > To: 'dovecot at dovecot.org' > Subject: How can we horizontally scale Dovecot across multiple servers? > > > > Hi, > > > > How can we horizontally scale Dovecot across multiple servers? Do we > require to install independent instances of Dovecot on each server? > > > > We are planning to use a NAS/SAN device using ZFS or EFS for email storage. > Each logical unit will be of 10TB and similarly as the no: of user > increases we are planning to add multiple 10TB units. > > In this case how we can manage the email storage on multiple volumes > from Dovecot. > > > > The configuration of our existing system is:- > > > > Dovecot 1.0.15 / Maildirs > > Postfix 2.5.5 > > Debian 5.0.9 (Lenny) > > MySQL 5.0.15 > > > > Please advise. > > > > Thanks in advance. > > > > Creative Regards, > > Arlin > > > > > > > > > > > > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From joseba.torre at ehu.es Mon Oct 31 11:54:29 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 31 Oct 2011 10:54:29 +0100 Subject: [Dovecot] dovecot creating literal %d/%n/ folders In-Reply-To: References: Message-ID: <201110311054.29755.joseba.torre@ehu.es> On S?bado 29 Octubre 2011 04:03:41 sean darcy escribi?: > I have a virtual user test1. > > cat /etc/dovecot/users > test1@:{PLAIN}test1pass:504:504::/home/vmail/%d/%n > catchall@:{PLAIN}password:504:504::/home/vmail/%d/%n > @:{PLAIN}password:504:504::/home/vmail//catchall > test1 at example.com:{PLAIN}test1pass:504:504::/home/vmail/%d/%n > > ls /home/vmail/%d/%n/mail > cur dovecot.index.cache dovecot.index.log dovecot-uidlist > dovecot-uidvalidity dovecot-uidvalidity.4eab20a7 new tmp > > and mail to test1@ goes into this %d/%n folder. In fact > dovecot created the folder - at least I didn't. > > from dovecot-info.log > > Oct 28 17:43:11 auth: Debug: master in: USER 4 test1@ > service=lmtp > Oct 28 17:43:11 auth: Debug: passwd(test1@): lookup > Oct 28 17:43:11 auth: Info: passwd(test1@): unknown user > Oct 28 17:43:11 auth: Debug: passwd-file(test1@): lookup: > user=test1@ file=/etc/dovecot/users > Oct 28 17:43:11 auth: Debug: master out: USER 4 test1@ > uid=504 gid=504 home=/home/vmail/%d/%n > Oct 28 17:43:11 lmtp(4533, test1@): Info: > l6DnLacgq061EQAABoXEcA: msgid=<4EAB21EC.9070905 at gmail.com>: saved mail > to INBOX > > I would have expected dovecot to expand this to > /home/vmail//test1. > > Or are the %u %d variables only expanded in certain files? I had this same misunderstanding few days ago (in my case using ldap, but it doesn't matter). The usage of variables makes sense when used in generic values (e.g. mail_location), but not when used in a per-user db, and so they're not expanded in that cases. So: when adding a new entry in your passdb file, you should write actual values instead of variables. Usually it's really easy. HTH -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From joseba.torre at ehu.es Mon Oct 31 11:59:50 2011 From: joseba.torre at ehu.es (Joseba Torre) Date: Mon, 31 Oct 2011 10:59:50 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110301316.59856.p.heinlein@heinlein-support.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> Message-ID: <201110311059.50921.joseba.torre@ehu.es> On Domingo 30 Octubre 2011 13:16:59 Peer Heinlein escribi?: > It should be possible to make a complete backup/mirror of a user's > mailbox with dsync. And a backup/mirror without sieve is incomplete. And procmail rules? And maildrop rules? And someones post-login script based rules? To me, mailboxes are mailboxes, and dsync works fine. And yes: having a tool to migrate rules (sieve or whatever) would be nice. -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n From robert at schetterer.org Mon Oct 31 12:00:33 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 11:00:33 +0100 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <000301cc97b1$81100ca0$833025e0$@mvs.us> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> <000301cc97b1$81100ca0$833025e0$@mvs.us> Message-ID: <4EAE71C1.7060400@schetterer.org> Am 31.10.2011 10:43, schrieb Arlin: > Hi Robert, > > Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other > component's to the latest version. In that case, can we use san for storage > or are you recommending that drbd with ocfs2 is the best way to attain the > horizontal scalability for the mail storage? Hi Arlin, there is no best way, you should choose whatever fits best to your needs an haves so it depends on many stuff ( i.e at last finance, network, manpower, knowledge) etc So all i can say iam just using a loadbalanced cluster setup with drbd ocfs2 maildir dovecot postfix mysql clamav spamassassin on ubuntu lucid lts with 3000 Mailboxes without any big Problems yet but i can imagine that a professional SAN might be better in performance but there is a lot other other questions left , i.e maildir must not be the best solution for mailbox format etc cluster setups with lots of mailboxes are complex in many ways, if you planning a real big mailservice you should ask more here on this list for existing other setups and choose i.e Timo and/or others for professional and paid advice and work > > Thanks, > Arlin > > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On > Behalf Of Robert Schetterer > Sent: 31 October 2011 14:26 > To: dovecot at dovecot.org > Subject: Re: [Dovecot] How can we horizontally scale Dovecot across multiple > servers? > > Am 31.10.2011 09:47, schrieb Arlin: >> Could anyone please respond to this query. Thank you! > > you may use loadbalancers i.e (keepalived etc) and/or > > http://wiki2.dovecot.org/FeatLoginProxy > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > look the list for cluster setups etc > > reading your former post > you want to use many outdated prog versions dont do that a san for storage > might be a good choice some of the list use drbd with ocfs2 and other > cluster filesystems > >> >> >> >> From: Arlin [mailto:arlin at mvs.us] >> Sent: 28 October 2011 17:06 >> To: 'dovecot at dovecot.org' >> Subject: How can we horizontally scale Dovecot across multiple servers? >> >> >> >> Hi, >> >> >> >> How can we horizontally scale Dovecot across multiple servers? Do we >> require to install independent instances of Dovecot on each server? >> >> >> >> We are planning to use a NAS/SAN device using ZFS or EFS for email > storage. >> Each logical unit will be of 10TB and similarly as the no: of user >> increases we are planning to add multiple 10TB units. >> >> In this case how we can manage the email storage on multiple volumes >> from Dovecot. >> >> >> >> The configuration of our existing system is:- >> >> >> >> Dovecot 1.0.15 / Maildirs >> >> Postfix 2.5.5 >> >> Debian 5.0.9 (Lenny) >> >> MySQL 5.0.15 >> >> >> >> Please advise. >> >> >> >> Thanks in advance. >> >> >> >> Creative Regards, >> >> Arlin >> >> >> >> >> >> >> >> >> >> >> >> > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From Ralf.Hildebrandt at charite.de Mon Oct 31 12:03:41 2011 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Mon, 31 Oct 2011 11:03:41 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <201110311059.50921.joseba.torre@ehu.es> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> Message-ID: <20111031100340.GJ1132@charite.de> * Joseba Torre : > On Domingo 30 Octubre 2011 13:16:59 Peer Heinlein escribi?: > > It should be possible to make a complete backup/mirror of a user's > > mailbox with dsync. And a backup/mirror without sieve is incomplete. > > And procmail rules? They're not stored "within" dovecot's reach. procmail is not a part of dovecot. > And maildrop rules? They're not stored "within" dovecot's reach. maildrop is not a part of dovecot. > And someones post-login script based rules? Good point. But usually the admin adds those. > To me, mailboxes are mailboxes, and dsync works fine. > > And yes: having a tool to migrate rules (sieve or whatever) would be nice. Yup. Especially since it's a bit tricky to see whether a user has rules. -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From robert at schetterer.org Mon Oct 31 12:29:19 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 11:29:19 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <20111031100340.GJ1132@charite.de> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> <20111031100340.GJ1132@charite.de> Message-ID: <4EAE787F.1020808@schetterer.org> Am 31.10.2011 11:03, schrieb Ralf Hildebrandt: > * Joseba Torre : >> On Domingo 30 Octubre 2011 13:16:59 Peer Heinlein escribi?: >>> It should be possible to make a complete backup/mirror of a user's >>> mailbox with dsync. And a backup/mirror without sieve is incomplete. >> >> And procmail rules? > > They're not stored "within" dovecot's reach. procmail is not a part of > dovecot. > >> And maildrop rules? > > They're not stored "within" dovecot's reach. maildrop is not a part of > dovecot. > >> And someones post-login script based rules? > > Good point. But usually the admin adds those. jep an normally they are in some global backup for the dovecot conf > >> To me, mailboxes are mailboxes, and dsync works fine. >> >> And yes: having a tool to migrate rules (sieve or whatever) would be nice. > > Yup. Especially since it's a bit tricky to see whether a user has rules. > hm, idea , any chance to feed sieve rules in a database backend or ldap etc so it would be part of backing up the db/dir service guess we have to wait for the hackers to get qualified answers *g -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From fbscarel at gmail.com Mon Oct 31 13:28:51 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Mon, 31 Oct 2011 09:28:51 -0200 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <4EAE71C1.7060400@schetterer.org> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> <000301cc97b1$81100ca0$833025e0$@mvs.us> <4EAE71C1.7060400@schetterer.org> Message-ID: Quick question about the usage of DRBD: I'm thinking of a setup on my organization here (15k+ users, 4TB of email data), but I'm holding back on the clusterization due to the high volume of data. Using DRBD would implicate mirroring those 4TB of data across all cluster nodes? If yes, I might go with a SAN-based solution, though I haven't studied much about that setup yet (the other sysadm administrates the VMs and SAN, gotta ask him a few questions). On Mon, Oct 31, 2011 at 08:00, Robert Schetterer wrote: > Am 31.10.2011 10:43, schrieb Arlin: > > Hi Robert, > > > > Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other > > component's to the latest version. In that case, can we use san for > storage > > or are you recommending that drbd with ocfs2 is the best way to attain > the > > horizontal scalability for the mail storage? > > Hi Arlin, there is no best way, you should choose > whatever fits best to your needs an haves > so it depends on many stuff ( i.e at last finance, network, manpower, > knowledge) etc > > So all i can say iam just using a loadbalanced cluster setup with drbd > ocfs2 maildir dovecot postfix mysql clamav spamassassin on ubuntu lucid > lts with 3000 Mailboxes without any big Problems yet > but i can imagine that a professional SAN might be better in performance > but there is a lot other other questions left , i.e maildir must not be > the best solution for mailbox format etc > > cluster setups with lots of mailboxes are complex > in many ways, if you planning a real big mailservice > you should ask more here on this list for existing other setups and > choose i.e > Timo and/or others for professional and paid advice and work > > > > > > Thanks, > > Arlin > > > > -----Original Message----- > > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] > On > > Behalf Of Robert Schetterer > > Sent: 31 October 2011 14:26 > > To: dovecot at dovecot.org > > Subject: Re: [Dovecot] How can we horizontally scale Dovecot across > multiple > > servers? > > > > Am 31.10.2011 09:47, schrieb Arlin: > >> Could anyone please respond to this query. Thank you! > > > > you may use loadbalancers i.e (keepalived etc) and/or > > > > http://wiki2.dovecot.org/FeatLoginProxy > > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > > > look the list for cluster setups etc > > > > reading your former post > > you want to use many outdated prog versions dont do that a san for > storage > > might be a good choice some of the list use drbd with ocfs2 and other > > cluster filesystems > > > >> > >> > >> > >> From: Arlin [mailto:arlin at mvs.us] > >> Sent: 28 October 2011 17:06 > >> To: 'dovecot at dovecot.org' > >> Subject: How can we horizontally scale Dovecot across multiple servers? > >> > >> > >> > >> Hi, > >> > >> > >> > >> How can we horizontally scale Dovecot across multiple servers? Do we > >> require to install independent instances of Dovecot on each server? > >> > >> > >> > >> We are planning to use a NAS/SAN device using ZFS or EFS for email > > storage. > >> Each logical unit will be of 10TB and similarly as the no: of user > >> increases we are planning to add multiple 10TB units. > >> > >> In this case how we can manage the email storage on multiple volumes > >> from Dovecot. > >> > >> > >> > >> The configuration of our existing system is:- > >> > >> > >> > >> Dovecot 1.0.15 / Maildirs > >> > >> Postfix 2.5.5 > >> > >> Debian 5.0.9 (Lenny) > >> > >> MySQL 5.0.15 > >> > >> > >> > >> Please advise. > >> > >> > >> > >> Thanks in advance. > >> > >> > >> > >> Creative Regards, > >> > >> Arlin > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > > > > > > -- > > Best Regards > > > > MfG Robert Schetterer > > > > Germany/Munich/Bavaria > > > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > From vladsol at ukr.net Mon Oct 31 14:10:27 2011 From: vladsol at ukr.net (Vlad) Date: Mon, 31 Oct 2011 14:10:27 +0200 Subject: [Dovecot] Problems with permissions on mail_location Message-ID: <752540808.20111031141027@ukr.net> Hi, All! I have 2.0.beta6 (3156315704ef) Trying to set up Dovecot with virtual users. mail_uid=mail mail_gid=mail mail_location = maildir:/var/mail/%n /var/mail owner is mail:mail, permissions is 777 From error log: Oct 31 13:34:17 imap(test): Error: user test: Initialization failed:Initializing mail storage from mail_location setting failed: mkdir(/var/mail/test) failed: Permission denied (euid=8(mail) egid=12(mail) missing +w perm: /var/mail, euid is not dir owner) but /var/mail owner is mail:mail (same the euid, egid). In what may be the problem? (With full rights to the directory dovecot does not want to write it :-\ ) If I change /var/mail to /tmp/mail (for testing), then everything works fine, dovecot can write to this directory. But if i create /test/mail, or /mail with chmod 777 and chown mail:mail - again the same error :-( -- ? ?????????, Vlad mailto:vladsol at ukr.net From CMarcus at Media-Brokers.com Mon Oct 31 14:19:55 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 31 Oct 2011 08:19:55 -0400 Subject: [Dovecot] Problems with permissions on mail_location In-Reply-To: <752540808.20111031141027@ukr.net> References: <752540808.20111031141027@ukr.net> Message-ID: <4EAE926B.8040509@Media-Brokers.com> On 2011-10-31 8:10 AM, Vlad wrote: > I have 2.0.beta6 (3156315704ef) Upgrade, then come back with any questions... -- Best regards, Charles From vladsol at ukr.net Mon Oct 31 14:23:21 2011 From: vladsol at ukr.net (Vlad) Date: Mon, 31 Oct 2011 14:23:21 +0200 Subject: [Dovecot] Problems with permissions on mail_location In-Reply-To: <4EAE926B.8040509@Media-Brokers.com> References: <752540808.20111031141027@ukr.net> <4EAE926B.8040509@Media-Brokers.com> Message-ID: <271322296.20111031142321@ukr.net> I installed dovecot from the "official" CentOS 6 repository . I think in this case, the problem is not in the version ..: - \ I'll try to update .. > On 2011-10-31 8:10 AM, Vlad wrote: >> I have 2.0.beta6 (3156315704ef) > Upgrade, then come back with any questions... -- ? ?????????, Vlad mailto:vladsol at ukr.net From robert at schetterer.org Mon Oct 31 14:33:22 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 13:33:22 +0100 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> <000301cc97b1$81100ca0$833025e0$@mvs.us> <4EAE71C1.7060400@schetterer.org> Message-ID: <4EAE9592.8010209@schetterer.org> Am 31.10.2011 12:28, schrieb Felipe Scarel: > Quick question about the usage of DRBD: I'm thinking of a setup on my > organization here (15k+ users, 4TB of email data), but I'm holding back > on the clusterization due to the high volume of data. > > Using DRBD would implicate mirroring those 4TB of data across all > cluster nodes? If yes, I might go with a SAN-based solution, though I > haven't studied much about that setup yet (the other sysadm > administrates the VMs and SAN, gotta ask him a few questions). i wouldnt do that with drbd as such big setup , there should be enough money using better choices > > On Mon, Oct 31, 2011 at 08:00, Robert Schetterer > wrote: > > Am 31.10.2011 10:43, schrieb Arlin: > > Hi Robert, > > > > Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other > > component's to the latest version. In that case, can we use san > for storage > > or are you recommending that drbd with ocfs2 is the best way to > attain the > > horizontal scalability for the mail storage? > > Hi Arlin, there is no best way, you should choose > whatever fits best to your needs an haves > so it depends on many stuff ( i.e at last finance, network, manpower, > knowledge) etc > > So all i can say iam just using a loadbalanced cluster setup with drbd > ocfs2 maildir dovecot postfix mysql clamav spamassassin on ubuntu lucid > lts with 3000 Mailboxes without any big Problems yet > but i can imagine that a professional SAN might be better in performance > but there is a lot other other questions left , i.e maildir must not be > the best solution for mailbox format etc > > cluster setups with lots of mailboxes are complex > in many ways, if you planning a real big mailservice > you should ask more here on this list for existing other setups and > choose i.e > Timo and/or others for professional and paid advice and work > > > > > > Thanks, > > Arlin > > > > -----Original Message----- > > From: dovecot-bounces at dovecot.org > > [mailto:dovecot-bounces at dovecot.org > ] On > > Behalf Of Robert Schetterer > > Sent: 31 October 2011 14:26 > > To: dovecot at dovecot.org > > Subject: Re: [Dovecot] How can we horizontally scale Dovecot > across multiple > > servers? > > > > Am 31.10.2011 09:47, schrieb Arlin: > >> Could anyone please respond to this query. Thank you! > > > > you may use loadbalancers i.e (keepalived etc) and/or > > > > http://wiki2.dovecot.org/FeatLoginProxy > > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > > > look the list for cluster setups etc > > > > reading your former post > > you want to use many outdated prog versions dont do that a san for > storage > > might be a good choice some of the list use drbd with ocfs2 and other > > cluster filesystems > > > >> > >> > >> > >> From: Arlin [mailto:arlin at mvs.us ] > >> Sent: 28 October 2011 17:06 > >> To: 'dovecot at dovecot.org ' > >> Subject: How can we horizontally scale Dovecot across multiple > servers? > >> > >> > >> > >> Hi, > >> > >> > >> > >> How can we horizontally scale Dovecot across multiple servers? Do we > >> require to install independent instances of Dovecot on each server? > >> > >> > >> > >> We are planning to use a NAS/SAN device using ZFS or EFS for email > > storage. > >> Each logical unit will be of 10TB and similarly as the no: of user > >> increases we are planning to add multiple 10TB units. > >> > >> In this case how we can manage the email storage on multiple volumes > >> from Dovecot. > >> > >> > >> > >> The configuration of our existing system is:- > >> > >> > >> > >> Dovecot 1.0.15 / Maildirs > >> > >> Postfix 2.5.5 > >> > >> Debian 5.0.9 (Lenny) > >> > >> MySQL 5.0.15 > >> > >> > >> > >> Please advise. > >> > >> > >> > >> Thanks in advance. > >> > >> > >> > >> Creative Regards, > >> > >> Arlin > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > > > > > > -- > > Best Regards > > > > MfG Robert Schetterer > > > > Germany/Munich/Bavaria > > > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From fbscarel at gmail.com Mon Oct 31 15:13:07 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Mon, 31 Oct 2011 11:13:07 -0200 Subject: [Dovecot] How can we horizontally scale Dovecot across multiple servers? In-Reply-To: <4EAE9592.8010209@schetterer.org> References: <003001cc97a9$addbeb80$0993c280$@mvs.us> <4EAE62AA.6080203@schetterer.org> <000301cc97b1$81100ca0$833025e0$@mvs.us> <4EAE71C1.7060400@schetterer.org> <4EAE9592.8010209@schetterer.org> Message-ID: There is, though not readily available unfortunately. Thanks for the input, always helpful. On Mon, Oct 31, 2011 at 10:33, Robert Schetterer wrote: > Am 31.10.2011 12:28, schrieb Felipe Scarel: > > Quick question about the usage of DRBD: I'm thinking of a setup on my > > organization here (15k+ users, 4TB of email data), but I'm holding back > > on the clusterization due to the high volume of data. > > > > Using DRBD would implicate mirroring those 4TB of data across all > > cluster nodes? If yes, I might go with a SAN-based solution, though I > > haven't studied much about that setup yet (the other sysadm > > administrates the VMs and SAN, gotta ask him a few questions). > > i wouldnt do that with drbd > as such big setup , there should be enough money using better choices > > > > On Mon, Oct 31, 2011 at 08:00, Robert Schetterer > > wrote: > > > > Am 31.10.2011 10:43, schrieb Arlin: > > > Hi Robert, > > > > > > Thanks for the reply. We are upgrading Dovecot to v2.0.15 and other > > > component's to the latest version. In that case, can we use san > > for storage > > > or are you recommending that drbd with ocfs2 is the best way to > > attain the > > > horizontal scalability for the mail storage? > > > > Hi Arlin, there is no best way, you should choose > > whatever fits best to your needs an haves > > so it depends on many stuff ( i.e at last finance, network, manpower, > > knowledge) etc > > > > So all i can say iam just using a loadbalanced cluster setup with > drbd > > ocfs2 maildir dovecot postfix mysql clamav spamassassin on ubuntu > lucid > > lts with 3000 Mailboxes without any big Problems yet > > but i can imagine that a professional SAN might be better in > performance > > but there is a lot other other questions left , i.e maildir must not > be > > the best solution for mailbox format etc > > > > cluster setups with lots of mailboxes are complex > > in many ways, if you planning a real big mailservice > > you should ask more here on this list for existing other setups and > > choose i.e > > Timo and/or others for professional and paid advice and work > > > > > > > > > > Thanks, > > > Arlin > > > > > > -----Original Message----- > > > From: dovecot-bounces at dovecot.org > > > > [mailto:dovecot-bounces at dovecot.org > > ] On > > > Behalf Of Robert Schetterer > > > Sent: 31 October 2011 14:26 > > > To: dovecot at dovecot.org > > > Subject: Re: [Dovecot] How can we horizontally scale Dovecot > > across multiple > > > servers? > > > > > > Am 31.10.2011 09:47, schrieb Arlin: > > >> Could anyone please respond to this query. Thank you! > > > > > > you may use loadbalancers i.e (keepalived etc) and/or > > > > > > http://wiki2.dovecot.org/FeatLoginProxy > > > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > > > > > look the list for cluster setups etc > > > > > > reading your former post > > > you want to use many outdated prog versions dont do that a san for > > storage > > > might be a good choice some of the list use drbd with ocfs2 and > other > > > cluster filesystems > > > > > >> > > >> > > >> > > >> From: Arlin [mailto:arlin at mvs.us ] > > >> Sent: 28 October 2011 17:06 > > >> To: 'dovecot at dovecot.org ' > > >> Subject: How can we horizontally scale Dovecot across multiple > > servers? > > >> > > >> > > >> > > >> Hi, > > >> > > >> > > >> > > >> How can we horizontally scale Dovecot across multiple servers? Do > we > > >> require to install independent instances of Dovecot on each > server? > > >> > > >> > > >> > > >> We are planning to use a NAS/SAN device using ZFS or EFS for email > > > storage. > > >> Each logical unit will be of 10TB and similarly as the no: of user > > >> increases we are planning to add multiple 10TB units. > > >> > > >> In this case how we can manage the email storage on multiple > volumes > > >> from Dovecot. > > >> > > >> > > >> > > >> The configuration of our existing system is:- > > >> > > >> > > >> > > >> Dovecot 1.0.15 / Maildirs > > >> > > >> Postfix 2.5.5 > > >> > > >> Debian 5.0.9 (Lenny) > > >> > > >> MySQL 5.0.15 > > >> > > >> > > >> > > >> Please advise. > > >> > > >> > > >> > > >> Thanks in advance. > > >> > > >> > > >> > > >> Creative Regards, > > >> > > >> Arlin > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > > > > > > > > -- > > > Best Regards > > > > > > MfG Robert Schetterer > > > > > > Germany/Munich/Bavaria > > > > > > > > > -- > > Best Regards > > > > MfG Robert Schetterer > > > > Germany/Munich/Bavaria > > > > > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > From alexwbaule at gmail.com Mon Oct 31 17:25:42 2011 From: alexwbaule at gmail.com (Alex Baule) Date: Mon, 31 Oct 2011 13:25:42 -0200 Subject: [Dovecot] Rewrite the ostream output method, to save messages in another directory. Message-ID: Hi Timo, I Trying to integrate my antispam with dovecot, using the imap folder to do certain actions. I Do almost every thing, but i have some problems saving the message. Explaining this function, i try to use a imap folder like a "collector folder", the user append a message from outside (ie another imap or pop message) to this folder, and i don't want to copy this message, i need to redirect it to another folder outside from user's maildir. Well, i try to base it in zlib plugin, with was the o_stream_create_gz(). Inside the o_stream_create_gz has the Output, it's a copy from the original output. I Try to replace this output, with another one, that i try to create to another location, without sucessfull. struct ostream * o_stream_create_X_list(struct ostream *output, struct istream *input, const char *type) { struct emexis_ostream *X_stream; struct ostream *new_output; int fd; fd = open("/tmp/email",O_WRONLY); new_output = o_stream_create_fd_file(fd, 0, TRUE); o_stream_cork(new_output); emexis_stream = i_new(struct emexis_ostream, 1); emexis_stream->ostream.sendv = o_stream_X_sendv; emexis_stream->ostream.flush = o_stream_X_flush; emexis_stream->ostream.iostream.close = o_stream_X_close; emexis_stream->output = new_output; emexis_stream->input = input; o_stream_ref(new_output); return o_stream_create(&X_stream->ostream); } With this new o_stream, i got this error. Oct 27 15:14:24 brc dovecot: imap(alex at exemplo.com.br): Error: o_stream_send_istream(/storage/gss/emexis/messages/ exemplo.com.br/alex/Maildir/.Emexis.Ext-Blacklist/tmp/1319735664.M568409P30815.brc) failed: Bad file descriptor Oct 27 15:14:24 brc dovecot: imap(alex at exemplo.com.br): Error: o_stream_flush(/storage/gss/emexis/messages/ exemplo.com.br/alex/Maildir/.Emexis.Ext-Blacklist/tmp/1319735664.M568409P30815.brc) failed: Bad file descriptor Oct 27 15:14:24 brc dovecot: imap(alex at exemplo.com.br): Error: write(/storage/gss/emexis/messages/ exemplo.com.br/alex/Maildir/.Emexis.Ext-Blacklist/tmp/1319735664.M568409P30815.brc) failed: Bad file descriptor There is something wrong Timo ? Like missing something or i need to rewrite another funcion ? Tks !!! From stephan at rename-it.nl Mon Oct 31 17:58:29 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 31 Oct 2011 16:58:29 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAE787F.1020808@schetterer.org> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> <20111031100340.GJ1132@charite.de> <4EAE787F.1020808@schetterer.org> Message-ID: <4EAEC5A5.9000807@rename-it.nl> On 31-10-2011 11:29, Robert Schetterer wrote: > hm, idea , any chance to feed sieve rules in a database backend or ldap etc > so it would be part of backing up the db/dir service That is on the TODO list. However, this is not high-priority. Regards, Stephan. From stephan at rename-it.nl Mon Oct 31 18:00:53 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 31 Oct 2011 17:00:53 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAE3D7F.5050701@schetterer.org> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <4EAD4214.6020405@schetterer.org> <2EBAB205-6B4E-48BA-9DFF-6959C3B9E902@rocketfish.com> <4EAE3D7F.5050701@schetterer.org> Message-ID: <4EAEC635.3090406@rename-it.nl> Op 31-10-2011 7:17, Robert Schetterer schreef: > Am 30.10.2011 22:06, schrieb Dovecot-GDH: >> The Sieve folder is not part of the mailbox. > thats a definiton question, anyway Peer is right > it would be a nice to have, but not hardly needed > no need to flame in any case I wonder how extensible dsync is in this respect. It doesn't sound too difficult to implement, but so far I haven't looked at its sources. Regards, Stephan. From leo at strike.wu.ac.at Mon Oct 31 19:00:52 2011 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Mon, 31 Oct 2011 18:00:52 +0100 Subject: [Dovecot] setting namespaces using script-login environment in 2.0 Message-ID: <4EAED444.70608@strike.wu.ac.at> Hi! With dovecot 1.x, I was using a post-login script to dynamically add shared mailboxes using NAMESPACE_X.. environment variables, based on filesystem permissions: After login, the post-login script was executed with user permissions (mail_drop_priv_before_exec=yes). It added all subdirectories of "/var/spool/mail/Shared" as namespaces for which the user had write permissions. E.g.: NAMESPACE_2='maildir:/var/mail/Shared/spamrep:INDEX=~/Maildir/index/Shared/spamrep' NAMESPACE_2_PREFIX=Shared/spamrep/ NAMESPACE_2_SEP=/ NAMESPACE_2_TYPE=public NAMESPACE_2_LIST=yes See the attached post-pogin-script for details. After switching to 2.0.14 (using executable script-login -d...), the script actually gets executed but the namespace settings do not seem to be honored. Besides, I don't see any pre-set NAMESPACE_ environment variables anymore. Have environment based namespace settings been abandoned in 2.0? Does Dovecot 2.0 maybe provide a better way to only display those folders, for which the user has at least read permissions? (Unix-permission based) Thanks in advance, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria From e-frog at gmx.de Mon Oct 31 19:41:49 2011 From: e-frog at gmx.de (e-frog) Date: Mon, 31 Oct 2011 18:41:49 +0100 Subject: [Dovecot] setting namespaces using script-login environment in 2.0 In-Reply-To: <4EAED444.70608@strike.wu.ac.at> References: <4EAED444.70608@strike.wu.ac.at> Message-ID: <4EAEDDDD.40206@gmx.de> On 31.10.2011 18:00, wrote Alexander 'Leo' Bergolth: > > Have environment based namespace settings been abandoned in 2.0? > I think you need to add them to USERDB_KEYS now... http://wiki2.dovecot.org/PostLoginScripting#Running_environment /e-frog From p at state-of-mind.de Mon Oct 31 19:45:49 2011 From: p at state-of-mind.de (Patrick Ben Koetter) Date: Mon, 31 Oct 2011 18:45:49 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAEC5A5.9000807@rename-it.nl> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> <20111031100340.GJ1132@charite.de> <4EAE787F.1020808@schetterer.org> <4EAEC5A5.9000807@rename-it.nl> Message-ID: <20111031174549.GB2252@state-of-mind.de> * Stephan Bosch : > On 31-10-2011 11:29, Robert Schetterer wrote: > >hm, idea , any chance to feed sieve rules in a database backend or ldap etc > >so it would be part of backing up the db/dir service > > That is on the TODO list. However, this is not high-priority. You might want to find out how SOGo stores sieve rules in SQL. p at rick -- state of mind () http://www.state-of-mind.de Franziskanerstra?e 15 Telefon +49 89 3090 4664 81669 M?nchen Telefax +49 89 3090 4666 Amtsgericht M?nchen Partnerschaftsregister PR 563 From dovecot at tlinx.org Mon Oct 31 22:17:16 2011 From: dovecot at tlinx.org (Linda Walsh) Date: Mon, 31 Oct 2011 13:17:16 -0700 Subject: [Dovecot] Thunderbird slow in talking with dovecot IMAP AND to sendmail In-Reply-To: <4EA69FAE.1030100@Media-Brokers.com> References: <4EA68C11.5060102@tlinx.org> <4EA69FAE.1030100@Media-Brokers.com> Message-ID: <4EAF024C.6040506@tlinx.org> Charles Marcus wrote: > On 2011-10-25 6:14 AM, Linda Walsh wrote: >> and everyfrackin' body was using 4K packet sizes (at the application >> level!, the window size on TCP was over 64K...but no one was using >> it)....especially galling with my network's MTU at 9K, BTW, because >> small packets are really bad on a 1Gb network. >> >> sendmail -- 4K, >> dovecot /ssl, 4K... >> >> wazzup .. is t-bird forcing this, > > If I'm not mistaken, yes, this is (or could be) a TBird problem... I > can't find the bug report where this was discussed, but I distinctly > remember one of the devs commenting on this 4k packet size issue. > Apparently it was an intentional change, but he couldn't figure out why. > > Fyi, it was discussed in one of the IMAP performance bugs... --- Thanks for the lead...will check it out. The problem with the Tbird (and FF) is that design for home users with dialup connections, so if you have a home network and run IMAP @home, all their tuning goes out the window -- and they don't make it configurable. I had to go to a 9K packet size on 1Gb ethernet to get close to full bandwitch usage (and then it is a large effort with a windows client)...and that's down at layer 2? FF IMAP is at layer 5? ... the latency is insane at that point. Alot of companies aren't real bright when it comes to storing files locally -- instead of 'local' they almost always use the 'roaming' profile...Cuprits: TB at 4G, Adobe at 2.5G, XBMC ~1-2G. Adobe's great -- most of that 2.5G are the product helpfiles which you don't get when you install -- they are d/led later and thus stored in your roaming profile. Each user gets their own copy of the help material... Of course good thing they got rid of customer input for product design and got rid of 'usability studies'... those things always caused problems. Like MS removing the start bar in Win8 cause users don't want it? Huh? or Cocacola switching to 'newCoke, then having to revert due to outcry...because Coke drinkers didn't want another pepsi knockoff. Baka! From robert at schetterer.org Mon Oct 31 22:19:15 2011 From: robert at schetterer.org (Robert Schetterer) Date: Mon, 31 Oct 2011 21:19:15 +0100 Subject: [Dovecot] dsync should sync sieve-dirs to! In-Reply-To: <4EAEC5A5.9000807@rename-it.nl> References: <201110290141.41963.p.heinlein@heinlein-support.de> <4EABA813.2050206@schetterer.org> <201110301316.59856.p.heinlein@heinlein-support.de> <201110311059.50921.joseba.torre@ehu.es> <20111031100340.GJ1132@charite.de> <4EAE787F.1020808@schetterer.org> <4EAEC5A5.9000807@rename-it.nl> Message-ID: <4EAF02C3.2030002@schetterer.org> Am 31.10.2011 16:58, schrieb Stephan Bosch: > On 31-10-2011 11:29, Robert Schetterer wrote: >> hm, idea , any chance to feed sieve rules in a database backend or >> ldap etc >> so it would be part of backing up the db/dir service > > That is on the TODO list. However, this is not high-priority. sounds nice to me, thx > > Regards, > > Stephan. > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria