From tom at whyscream.net Wed May 1 00:09:59 2013 From: tom at whyscream.net (Tom Hendrikx) Date: Tue, 30 Apr 2013 23:09:59 +0200 Subject: [Dovecot] dovecot antispam plugin is not woking In-Reply-To: References: <1367314604.74732.YahooMailNeo@web194001.mail.sg3.yahoo.com> <1367326579.27068.YahooMailNeo@web194002.mail.sg3.yahoo.com> Message-ID: <51803327.2090201@whyscream.net> On 30-04-13 17:14, Eugene Paskevich wrote: > On Tue, 30 Apr 2013 15:56:19 +0300, Ravi Kanchan > wrote: > >> thank you for your valuable response >> >> >> I have changed the configuration as per your suggestion. > > Try putting it this way: > > plugin { > antispam_spam = Spam > antispam_allow_append_to_spam = YES > antispam_backend = dspam > antispam_dspam_args = > --client;--user;vmail;--source=error;--signature=%%s > antispam_dspam_result_header = X-DSPAM-Result > antispam_signature = X-DSPAM-Signature > } > I run dovecot, dspam and antispam plugin on dovecot 2.1.16 with: plugin { antispam_backend = dspam antispam_dspam_args = --user;mail;--deliver=;--source=error;--signature=%%s antispam_dspam_binary = /usr/bin/dspamc antispam_dspam_notspam = --class=innocent antispam_dspam_spam = --class=spam antispam_signature = X-DSPAM-Signature antispam_signature_missing = move antispam_spam_pattern_ignorecase = Junk;Junk.* antispam_trash_pattern_ignorecase = Trash;Deleted Items;Deleted Messages } And it works great :) -- Tom From tim at timgws.com.au Wed May 1 03:00:42 2013 From: tim at timgws.com.au (Tim Groeneveld) Date: Tue, 30 Apr 2013 20:00:42 -0400 (EDT) Subject: [Dovecot] Mail deduplication In-Reply-To: <517FCC96.3050105@Media-Brokers.com> Message-ID: <362642.886.1367366442592.JavaMail.root@timgws.com.au> ----- Original Message ----- > This only dedupes attachments - which, in my opinion, is the only > part of deduplicating email that is really worth it. > > [snip] > > I am expecting at least a 40-60% reduction in our storage when I > implement this on my new server soon. Thanks guys for all of your messages. Maybe I was getting too excited about saving storage everywhere possible. After thinking about it a little bit more, I have determined that just recombining the messages to send them to the client will be too intensive, and will cause extra latencies when retrieving emails. Regards, Tim From ravi_kanchan2004 at yahoo.com Wed May 1 09:57:06 2013 From: ravi_kanchan2004 at yahoo.com (Ravi Kanchan) Date: Wed, 1 May 2013 14:57:06 +0800 (SGT) Subject: [Dovecot] Dovecot vs MBox In-Reply-To: <51672429.20130430080425@sloop.net> References: <51672429.20130430080425@sloop.net> Message-ID: <1367391426.46021.YahooMailNeo@web194001.mail.sg3.yahoo.com> Hi? Gregory Sloop, check your mailbox/maildir? setting in dovecot configuration. ? Regard's Ravi Kanchan Sharma Sr. System Administrator Infinite Computer Solutions (I) Ltd. Bglr. Mo. 9997154666 ? ________________________________ From: Gregory Sloop To: dovecot at dovecot.org Sent: Tuesday, 30 April 2013 8:34 PM Subject: [Dovecot] Dovecot vs MBox I'm still in the "what's wrong" stage of figuring out what's going on. But I've got a mail user who isn't getting new messages. Postfix accepts it and drops it in the users mbox. [This is verified. If I tail the Mbox, I can see the new messages.] "Mail" will see the messages too. But dovecot doesn't seem to know they exist. I don't think the MBox is corrupt, as I've tossed the first few messages in hopes that it would then read the rest, but no luck. Any ideas where to look next, what I might do to force dovecot to forget message ID's etc - that might force it to read the whole mailbox file again? [Or a pointer as to where it might be most productive to poke next?] TIA -Greg -- Gregory Sloop, Principal: Sloop Network & Computer Consulting 503.251.0452 x121 Voice | 503.251.0452 Fax www.sloop.net mailto:gregs at sloop.net From ravi_kanchan2004 at yahoo.com Wed May 1 09:57:06 2013 From: ravi_kanchan2004 at yahoo.com (Ravi Kanchan) Date: Wed, 1 May 2013 14:57:06 +0800 (SGT) Subject: [Dovecot] Dovecot vs MBox In-Reply-To: <51672429.20130430080425@sloop.net> References: <51672429.20130430080425@sloop.net> Message-ID: <1367391426.46021.YahooMailNeo@web194001.mail.sg3.yahoo.com> Hi? Gregory Sloop, check your mailbox/maildir? setting in dovecot configuration. ? Regard's Ravi Kanchan Sharma Sr. System Administrator Infinite Computer Solutions (I) Ltd. Bglr. Mo. 9997154666 ? ________________________________ From: Gregory Sloop To: dovecot at dovecot.org Sent: Tuesday, 30 April 2013 8:34 PM Subject: [Dovecot] Dovecot vs MBox I'm still in the "what's wrong" stage of figuring out what's going on. But I've got a mail user who isn't getting new messages. Postfix accepts it and drops it in the users mbox. [This is verified. If I tail the Mbox, I can see the new messages.] "Mail" will see the messages too. But dovecot doesn't seem to know they exist. I don't think the MBox is corrupt, as I've tossed the first few messages in hopes that it would then read the rest, but no luck. Any ideas where to look next, what I might do to force dovecot to forget message ID's etc - that might force it to read the whole mailbox file again? [Or a pointer as to where it might be most productive to poke next?] TIA -Greg -- Gregory Sloop, Principal: Sloop Network & Computer Consulting 503.251.0452 x121 Voice | 503.251.0452 Fax www.sloop.net mailto:gregs at sloop.net From ravi_kanchan2004 at yahoo.com Wed May 1 10:11:31 2013 From: ravi_kanchan2004 at yahoo.com (Ravi Kanchan) Date: Wed, 1 May 2013 15:11:31 +0800 (SGT) Subject: [Dovecot] dovecot antispam plugin is not woking In-Reply-To: <51803327.2090201@whyscream.net> References: <1367314604.74732.YahooMailNeo@web194001.mail.sg3.yahoo.com> <1367326579.27068.YahooMailNeo@web194002.mail.sg3.yahoo.com> <51803327.2090201@whyscream.net> Message-ID: <1367392291.42093.YahooMailNeo@web194003.mail.sg3.yahoo.com> Dear Tom, I have upgrade dovecot to 2.1.15 and change configuration as per your guidance. but the problem is still remain. can you share your dspam.conf? file. ? ? Regard's Ravi Kanchan Sharma Sr. System Administrator Infinite Computer Solutions (I) Ltd. Bglr. Mo. 9997154666 ? ________________________________ From: Tom Hendrikx To: dovecot at dovecot.org Sent: Wednesday, 1 May 2013 2:39 AM Subject: Re: [Dovecot] dovecot antispam plugin is not woking On 30-04-13 17:14, Eugene Paskevich wrote: > On Tue, 30 Apr 2013 15:56:19 +0300, Ravi Kanchan > wrote: > >> thank you for your valuable response >> >> >> I have changed the configuration as per your suggestion. > > Try putting it this way: > > plugin { >? antispam_spam = Spam >? antispam_allow_append_to_spam = YES >? antispam_backend = dspam >? antispam_dspam_args = > --client;--user;vmail;--source=error;--signature=%%s >? antispam_dspam_result_header = X-DSPAM-Result >? antispam_signature = X-DSPAM-Signature > } > I run dovecot, dspam and antispam plugin on dovecot 2.1.16 with: plugin { ? antispam_backend = dspam ? antispam_dspam_args = --user;mail;--deliver=;--source=error;--signature=%%s ? antispam_dspam_binary = /usr/bin/dspamc ? antispam_dspam_notspam = --class=innocent ? antispam_dspam_spam = --class=spam ? antispam_signature = X-DSPAM-Signature ? antispam_signature_missing = move ? antispam_spam_pattern_ignorecase = Junk;Junk.* ? antispam_trash_pattern_ignorecase = Trash;Deleted Items;Deleted Messages } And it works great :) -- Tom From CMarcus at Media-Brokers.com Wed May 1 14:35:16 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 01 May 2013 07:35:16 -0400 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: <51744358.209@rename-it.nl> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> Message-ID: <5180FDF4.7040806@Media-Brokers.com> On 2013-04-21 3:51 PM, Stephan Bosch wrote: > On 4/19/2013 7:53 AM, Eray Aslan wrote: >> On Fri, Apr 19, 2013 at 12:41:26AM +0300, Timo Sirainen wrote: >>> http://dovecot.org/releases/2.2/dovecot-2.2.1.tar.gz >>> http://dovecot.org/releases/2.2/dovecot-2.2.1.tar.gz.sig >> Thanks. Any idea about when pigeonhole (v0.4.0?) for dovecot-2.2 will >> be released? > > There is one issue with the doveadm-sieve plugin that I need to solve > before releasing it. That should happen some time in the coming week. Hi Stephan, Any update on when to expect this? The gentoo ebuild maintainer is waiting for the pigeonhole release before updating the ebuild, and I'd like to get this installed on both my old and new server prior to migrating the old one to the new one (so they'll both be using the new dsync for migrating my 350+GB of mail), and am hoping to do this in the next week or two... Thanks very much for your thankless efforts at keeping up with Timo's fast paced releases! -- Best regards, Charles From CMarcus at Media-Brokers.com Wed May 1 14:37:02 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 01 May 2013 07:37:02 -0400 Subject: [Dovecot] NTLM authentication with Outlook 2010 In-Reply-To: References: Message-ID: <5180FE5E.2040701@Media-Brokers.com> On 2013-04-30 12:06 PM, Kevin Bridges wrote: > All, I have a Ubuntu 12.04.2 box running Dovecot 2.0.19. I have it > configured for our active directory. WBinfo and ntlm_auth work great. I > am trying to get sso to work with ntlm. Gssapi with thunderbird works like > it should. I just cant get ntlm with outlook 2010 to work for sso. I get > prompted for my password each time I open outlook. I have attached my > config for dovecot. Any help would be much appreciated. > > # 2.0.19: /etc/dovecot/dovecot.conf You'd be doing yourself a favor by first updating at least to the latest 2.1 (2.0 is no longer supported much)... You may find your problem is already fixed, but if not, you'll get much better response in trying to figure out the problem... -- Best regards, Charles From CMarcus at Media-Brokers.com Wed May 1 14:39:07 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 01 May 2013 07:39:07 -0400 Subject: [Dovecot] Dovecot vs MBox In-Reply-To: <51672429.20130430080425@sloop.net> References: <51672429.20130430080425@sloop.net> Message-ID: <5180FEDB.1000708@Media-Brokers.com> On 2013-04-30 11:04 AM, Gregory Sloop wrote: > I'm still in the "what's wrong" stage of figuring out what's going on. > > But I've got a mail user who isn't getting new messages. > > Postfix accepts it and drops it in the users mbox. [This is verified. > If I tail the Mbox, I can see the new messages.] Basic troubleshooting etiquette requires some minimal info from you, like: doveconf -n output postconf -n output and most importantly, logs from a transaction exhibiting the problem. It is not enough for you to just say what you saw in the logs, or how your system is configured, you must provide proof/evidence. -- Best regards, Charles From dgp-dove at corefiling.co.uk Wed May 1 16:18:21 2013 From: dgp-dove at corefiling.co.uk (Daniel Piddock) Date: Wed, 01 May 2013 14:18:21 +0100 Subject: [Dovecot] sieve: deleteheader sometimes fails [bug] Message-ID: <5181161D.1020404@corefiling.co.uk> Hi, We're using Dovecot 2.1.16 with Pigeonhole 0.3.4. Mail is delivered by exim4 to the dovecot LDA. Sometimes users are unable to delete headers. I've narrowed the problem down to preceding the deleteheader command with a query against the body. A simple example: """ require ["body", "editheader", "fileinto"]; if body :contains "!TEST!" { fileinto "INBOX.Trash"; stop; } deleteheader "Subject"; addheader "Subject" "Testing"; """ Putting the "deleteheader" above the "if body" causes it to be deleted correctly. Although I've used Subject in this example it happens for other headers. Cheers, Dan From stephan at rename-it.nl Wed May 1 16:51:43 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 01 May 2013 15:51:43 +0200 Subject: [Dovecot] sieve: deleteheader sometimes fails [bug] In-Reply-To: <5181161D.1020404@corefiling.co.uk> References: <5181161D.1020404@corefiling.co.uk> Message-ID: <51811DEF.8020900@rename-it.nl> Op 5/1/2013 3:18 PM, Daniel Piddock schreef: > Hi, > > We're using Dovecot 2.1.16 with Pigeonhole 0.3.4. Mail is delivered by > exim4 to the dovecot LDA. > > Sometimes users are unable to delete headers. I've narrowed the problem > down to preceding the deleteheader command with a query against the body. > > A simple example: > """ > require ["body", "editheader", "fileinto"]; > if body :contains "!TEST!" { > fileinto "INBOX.Trash"; > stop; > } > deleteheader "Subject"; > addheader "Subject" "Testing"; > """ > > Putting the "deleteheader" above the "if body" causes it to be deleted > correctly. Although I've used Subject in this example it happens for > other headers. Are you sure the fileinto; stop; part is not being executed? In that case this behavior whould be correct. Regards, Stephan. From dgp-dove at corefiling.co.uk Wed May 1 17:58:27 2013 From: dgp-dove at corefiling.co.uk (Daniel Piddock) Date: Wed, 01 May 2013 15:58:27 +0100 Subject: [Dovecot] sieve: deleteheader sometimes fails [bug] In-Reply-To: <51811DEF.8020900@rename-it.nl> References: <5181161D.1020404@corefiling.co.uk> <51811DEF.8020900@rename-it.nl> Message-ID: <51812D93.1060904@corefiling.co.uk> On 01/05/13 14:51, Stephan Bosch wrote: > Op 5/1/2013 3:18 PM, Daniel Piddock schreef: >> Hi, >> >> We're using Dovecot 2.1.16 with Pigeonhole 0.3.4. Mail is delivered by >> exim4 to the dovecot LDA. >> >> Sometimes users are unable to delete headers. I've narrowed the problem >> down to preceding the deleteheader command with a query against the >> body. >> >> A simple example: >> """ >> require ["body", "editheader", "fileinto"]; >> if body :contains "!TEST!" { >> fileinto "INBOX.Trash"; >> stop; >> } >> deleteheader "Subject"; >> addheader "Subject" "Testing"; >> """ >> >> Putting the "deleteheader" above the "if body" causes it to be deleted >> correctly. Although I've used Subject in this example it happens for >> other headers. > > Are you sure the fileinto; stop; part is not being executed? In that > case this behavior whould be correct. Hi Stephen, I'm totally sure. The mails end up with two Subject headers so the addheader line is executing correctly. The bug doesn't even need the fileinto and stop lines, I'm not sure why I included them. Cheers, Dan From gregs at sloop.net Wed May 1 18:00:58 2013 From: gregs at sloop.net (Gregory Sloop) Date: Wed, 1 May 2013 08:00:58 -0700 Subject: [Dovecot] Dovecot vs MBox In-Reply-To: <5180FEDB.1000708@Media-Brokers.com> References: <51672429.20130430080425@sloop.net> <5180FEDB.1000708@Media-Brokers.com> Message-ID: <1519299482.20130501080058@sloop.net> CM> On 2013-04-30 11:04 AM, Gregory Sloop wrote: >> I'm still in the "what's wrong" stage of figuring out what's going on. >> >> But I've got a mail user who isn't getting new messages. >> >> Postfix accepts it and drops it in the users mbox. [This is verified. >> If I tail the Mbox, I can see the new messages.] CM> Basic troubleshooting etiquette requires some minimal info from you, like: CM> doveconf -n output CM> postconf -n output CM> and most importantly, logs from a transaction exhibiting the problem. CM> It is not enough for you to just say what you saw in the logs, or how CM> your system is configured, you must provide proof/evidence. Charles - I do understand providing logs and more data generally helps in diagnosis - but frankly we're not there yet. I'm still trying to figure out the most productive place to focus my efforts on...that way I don't have to shotgun a million lines of logs and other irrelevant data for people here to troll through. Also, if you don't trust me that the new messages are there from doing a tail on the mbox file, then you certainly shouldn't trust me to actually fix anything either, logs/proof or no. So this request of "proof" is a bit over the top. Do I have to get them notarized too? --- As for the other suggestions, thanks. This really does appear to be localized to a single user. Hopefully today I can get farther into figuring out what's going wrong in this particular case. -Greg From timberline97 at gmail.com Wed May 1 18:09:41 2013 From: timberline97 at gmail.com (Kevin Bridges) Date: Wed, 1 May 2013 10:09:41 -0500 Subject: [Dovecot] NTLM authentication with Outlook 2010 In-Reply-To: <5180FE5E.2040701@Media-Brokers.com> References: <5180FE5E.2040701@Media-Brokers.com> Message-ID: Ok, I have upgraded to 2.2. I get the same thing. when using outlook, I get prompted for a password. On Wed, May 1, 2013 at 6:37 AM, Charles Marcus wrote: > On 2013-04-30 12:06 PM, Kevin Bridges wrote: > >> All, I have a Ubuntu 12.04.2 box running Dovecot 2.0.19. I have it >> configured for our active directory. WBinfo and ntlm_auth work great. I >> am trying to get sso to work with ntlm. Gssapi with thunderbird works >> like >> it should. I just cant get ntlm with outlook 2010 to work for sso. I >> get >> prompted for my password each time I open outlook. I have attached my >> config for dovecot. Any help would be much appreciated. >> >> # 2.0.19: /etc/dovecot/dovecot.conf >> > > You'd be doing yourself a favor by first updating at least to the latest > 2.1 (2.0 is no longer supported much)... > > You may find your problem is already fixed, but if not, you'll get much > better response in trying to figure out the problem... > > -- > > Best regards, > > Charles > > > From stephan at rename-it.nl Wed May 1 22:23:19 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 01 May 2013 21:23:19 +0200 Subject: [Dovecot] sieve: deleteheader sometimes fails [bug] In-Reply-To: <51812D93.1060904@corefiling.co.uk> References: <5181161D.1020404@corefiling.co.uk> <51811DEF.8020900@rename-it.nl> <51812D93.1060904@corefiling.co.uk> Message-ID: <51816BA7.5070203@rename-it.nl> On 5/1/2013 4:58 PM, Daniel Piddock wrote: > On 01/05/13 14:51, Stephan Bosch wrote: > > Hi Stephan, > > I'm totally sure. The mails end up with two Subject headers so the > addheader line is executing correctly. The bug doesn't even need the > fileinto and stop lines, I'm not sure why I included them. Hmm, bizarre. I cannot reproduce the problem at this end. Could you send me the following: - dovecot -n output - an example message that triggers this behavior Could you try to reproduce this with the sieve-test tool? Regards, Stephan. From mapp.paul at gmail.com Thu May 2 01:16:16 2013 From: mapp.paul at gmail.com (PaulM47) Date: Wed, 1 May 2013 15:16:16 -0700 (PDT) Subject: [Dovecot] Accessing mail files not owned by imap login user Message-ID: <1367446576752-41890.post@n4.nabble.com> Hi, I have managed to set up a 'maildir' based mail system using fetchmail and procmail that delivers sorted mail to folders /var/spool/mail/user1, ../user2 etc. 'user1', 'user2' etc. are real users but the mail system is run under logged in user 'mailserver'. The mail folders are owned by 'user1', 'user2' etc. but mail files, when delivered, are owned by 'mailserver'. I've been unable to find a way to change this behaviour :-( Dovecot is configured by adding the single line 'mail_location = maildir:/var/spool/mail/%u' to 'dovecot.conf', everything else is as installed. When I make an imap connection as 'user1' the logon is successful, the mail files are moved from ../new/ to ../cur/ but are invisible to the imap client. If I 'chown' the mail files to 'user1' they instantly become visible to the imap client. I gather from googling info on dovecot I can configure dovecot to allow 'user1', when logged in, to access the mail files owned by 'mailserver'. Is this simple to do, and if so how do I do it please ? Thanks PaulM -- View this message in context: http://dovecot.2317879.n4.nabble.com/Accessing-mail-files-not-owned-by-imap-login-user-tp41890.html Sent from the Dovecot mailing list archive at Nabble.com. From stan at hardwarefreak.com Thu May 2 08:13:01 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 02 May 2013 00:13:01 -0500 Subject: [Dovecot] Dovecot vs MBox In-Reply-To: <20130430180726.GC8773@queeg.we-be-smart.org> References: <51672429.20130430080425@sloop.net> <20130430180726.GC8773@queeg.we-be-smart.org> Message-ID: <5181F5DD.8030406@hardwarefreak.com> On 4/30/2013 1:07 PM, Kyle Wheeler wrote: > On Tuesday, April 30 at 08:04 AM, quoth Gregory Sloop: >> Any ideas where to look next, what I might do to force dovecot to >> forget message ID's etc - that might force it to read the whole >> mailbox file again? > > Find the dovecot.index files for that mbox and delete them. They will be > re-generated from the contents of the mbox. > > ~Kyle Apparently Gregory discarded your advice Kyle. Gregory, this is the first step in fixing such a problem with mbox storage. I've had your same issue and similar occur multiple times, and this normally fixes the problem. Make sure the user in question in logged off and delete the index files as Kyle suggested. When the user logs back in everything should work. If it doesn't delete any cache or sync files on the client MUA (which should have actually been your first step). I've seen this problem with Thunderbird a number of times, though not in a couple of years, since switching to LDA. While you chided Charles for stating the obvious, you'd have done well to have provided what he suggested. Why? Because this problem does not exist, at least in my experience, when using Dovecot LDA or LMTP for the delivery into the mbox file, as the indexes are updated during delivery. The mbox problem(s) only seem to exist when the MTA appends the files directly, with Dovecot updating indexes on the next MUA read access. The cause is often, but not limited to, incompatible, misconfigured, or broken locking between the MTA and Dovecot, which results in a corrupt Dovecot index file. -- Stan From amateo at um.es Thu May 2 09:18:12 2013 From: amateo at um.es (Angel L. Mateo) Date: Thu, 02 May 2013 08:18:12 +0200 Subject: [Dovecot] Mail deduplication In-Reply-To: References: <971614.566.1367285312578.JavaMail.root@timgws.com.au> <517F5F12.9070505@um.es> <517F6D13.9000207@univ-nantes.fr> Message-ID: <51820524.5080807@um.es> El 30/04/13 11:22, Jan-Frode Myklebust escribi?: > Wasn't there also some issue with cleanup of attachments ? Not being able > to delete the last copy, or something. I did some testing of using SIS on a In tests I have done (with dovecot 2.1.16) cleanup is done well. When the last copy of the message is deleted, attachment is deleted. But you have to get in mind that when using mdbox, to really delete the message is have to be purged. > backup dsync destination a year (or two) ago, and got quite confused.. > Don't quite remember the problems I had, but I did lose confidence in it > and decided having the attachement together with the messages felt safest. > > I would also love to hear from admins using it on large scale (100K+ active > users). Maybe we should reconsider using it.. > I'm planning to use it in a server with 60-70K users, but it is not in production yet. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 868888337 From skdovecot at smail.inf.fh-brs.de Thu May 2 11:17:16 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 2 May 2013 10:17:16 +0200 (CEST) Subject: [Dovecot] Dovecot has no understandable configuration any more In-Reply-To: References: <70805cb6bdf07e7dcaae649b7ad0c594@decotrain.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 30 Apr 2013, forum wrote: > Now i have found the solution. > It seems to help to ask you. ;) > > The solution was to change from > listen = [::] > to > listen = *, [::] > > There is no explanation for it - just try and error ... Hmm, [::] -> in6addr_any (any in IPv6 protocol), therefore you had no listener (er, Dovecot listener process) on IPv4, but IPv6 only. Maybe Dovecot v1 handled [::] differently and added *. > I lost many hours just to find out that i have to define e.g. > service imap-login { > Before there was no error, dovecot running and no ports listening. http://wiki2.dovecot.org/Tools/Doveconf has the example: " doveconf can be also used to convert v1.x configuration files into v2.x format. doveconf -n -c /oldpath/dovecot.conf > /etc/dovecot/dovecot.conf.new " >>> Has someone an idea how to migrate the emails from charset ISO8859-1 to >>> UTF-8? >> >> The mailbody? recode Latin1..utf8 < in > out, but IMAP defines, that >> you cannot change messages inplace. The client need to redownload >> them. > > The client should left the message on the server with no local copy. No, I mean: IMAP defines that messages are immutable, you must not change a message file on the server. Therefore you cannot recode a message file on the server and hope that the clients pick up the change. You need to cause that the MUAs think that the modified message is new. E.g. with Maildir backend you rename each message file: 1367436834.P516Q0M961879.server:2,Sa -> 1367436834.P516Q0M961879.server.a:2,Sa see change before ":". Then each MUA thinks that it had not seen the message, because Dovecot assigns a new UID to it. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUYIhDF3r2wJMiz2NAQLrJQf/QqXAMdy++l9a9agj7uW6T2QQ3OGkixLd TdWOAQw+0XX7uudeHkJ0QMi1U6BS44eDdaxE8EuShCLRTHwZgLmQOUjQgBWJoaoe ha8LGpY1HjtUIeGxPEGsZux8gnbk9dfLKqAm4R1R8bIYeexFJQYfGTszRkPpsGpf pH1Jai4R6E+Fr4d65xBfqp/x7tZc5Qhk2Xft4mJK2BqMXN28fTbtB0FF++pjd8lf sn0hcODIH+/AI4lCZXqkh2oMRzHpTrum4YisEcPP+mpSGR3T7ZDZ4HPzzOrMofYt DsJPUI+t7v0qAVx7ycjcIkG0jVsMqBqUv0g3xQDA6e2WdH1h3x9kuQ== =3bKR -----END PGP SIGNATURE----- From forum at dct.mine.nu Thu May 2 11:43:51 2013 From: forum at dct.mine.nu (Forum) Date: Thu, 02 May 2013 10:43:51 +0200 Subject: [Dovecot] Dovecot has no understandable configuration any more In-Reply-To: References: <70805cb6bdf07e7dcaae649b7ad0c594@decotrain.de> Message-ID: <51822747.3060604@dct.mine.nu> Hello Steffen, Am 02.05.2013 10:17, schrieb Steffen Kaiser: > On Tue, 30 Apr 2013, forum wrote: > >> Now i have found the solution. >> It seems to help to ask you. ;) >> >> The solution was to change from >> listen = [::] >> to >> listen = *, [::] >> >> There is no explanation for it - just try and error ... > > Hmm, [::] -> in6addr_any (any in IPv6 protocol), therefore you had no listener (er, Dovecot listener process) on IPv4, > but IPv6 only. Maybe Dovecot v1 handled [::] differently and added *. I can only say that it was working afterwards. > >> I lost many hours just to find out that i have to define e.g. >> service imap-login { >> Before there was no error, dovecot running and no ports listening. > > http://wiki2.dovecot.org/Tools/Doveconf > has the example: > > " > doveconf can be also used to convert v1.x configuration files into v2.x format. > > doveconf -n -c /oldpath/dovecot.conf > /etc/dovecot/dovecot.conf.new > " Good to know - but to late for me. The utilites are a good idea! I think there are (to many) details handled slightly different. Of course this is no problem - but not easy to find out. I had some problems like this upgrading from exim 4.6 to 4.8 - but not so hard. Dovecot steps into the same problems as exim. It becomes so mighty that everything is possible - but it is hard to understand how to master it. The wiki is a good solution, but i miss a description of the dependencies that are not clear. You only understand it when you have mastered it. >>>> Has someone an idea how to migrate the emails from charset ISO8859-1 to UTF-8? >>> >>> The mailbody? recode Latin1..utf8 < in > out, but IMAP defines, that >>> you cannot change messages inplace. The client need to redownload >>> them. >> >> The client should left the message on the server with no local copy. > > No, I mean: IMAP defines that messages are immutable, you must not change a message file on the server. Therefore you > cannot recode a message file on the server and hope that the clients pick up the change. You need to cause that the MUAs > think that the modified message is new. E.g. with Maildir backend you rename each message file: Yes - i understand. The encoding is defined in the email - so this should be no problem. I had the problem that Thunderbird deletes some Emails because he thought they should be deleted. Is this marked somewhere? > > 1367436834.P516Q0M961879.server:2,Sa > -> 1367436834.P516Q0M961879.server.a:2,Sa Ahh - good to know. > > see change before ":". Then each MUA thinks that it had not seen the message, because Dovecot assigns a new UID to it. At least i deleted all the index files and stepped with the client through the directories. Now everything is working fine. Thanks for your help and tips! Cheers Karsten From CMarcus at Media-Brokers.com Thu May 2 14:16:28 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 02 May 2013 07:16:28 -0400 Subject: [Dovecot] XFS vs EXT4 for mail storage Message-ID: <51824B0C.9010609@Media-Brokers.com> Hello, I'm in the process of finalizing the spec for my new dovecot VM, and this is the last question I need to address... I've read until I'm just about decided on XFS, but I have no experience with it (been using reiserfs on my old box (@ 8 yrs old now), and never had a problem (knock on wood), but considering its current situation (little to no development support for reasons everyone is aware of), I've decided now is the time to switch. It came down to XFS or EXT4, and I like what I've read about XFS, but am unsure how to tune it (or even if I should). I've decided to use mdbox for storage (been using maildir), and will enable SIS for attachments. So, anyone (Stan?) have any suggestions? Should I go with EXT4? Or XFS with just the defaults? Or XFS with one or more tuned parameters? Appreciate any suggestions (including links to docs dealing with tuning XFS for my mail storage conditions that are written more at the layman level) or comments from anyone experienced using both... Thanks, -- Best regards, Charles From CMarcus at Media-Brokers.com Thu May 2 14:50:27 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 02 May 2013 07:50:27 -0400 Subject: [Dovecot] Mail deduplication In-Reply-To: <362642.886.1367366442592.JavaMail.root@timgws.com.au> References: <362642.886.1367366442592.JavaMail.root@timgws.com.au> Message-ID: <51825303.8000002@Media-Brokers.com> On 2013-04-30 8:00 PM, Tim Groeneveld wrote: > After thinking about it a little bit more, I have determined > that just recombining the messages to send them to the client > will be too intensive, and will cause extra latencies when > retrieving emails. Scratching my head trying to figure out what you mean here... ? What do you mean by 'recombining the messages'? Again - SIS would not be doing any 'recombining' of anything at any time, and certainly would *never* cause any latency when users retrieve mail. Also - 'retrieve mail'? Are you talking about POP here? SIS is much more useful in an IMAP environment - if yours is mixed, ok, but can't really see how it would be of much help in a POP only environment. -- Best regards, Charles From lists at luigirosa.com Thu May 2 14:54:10 2013 From: lists at luigirosa.com (Luigi Rosa) Date: Thu, 02 May 2013 13:54:10 +0200 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51824B0C.9010609@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> Message-ID: <518253E2.4000802@luigirosa.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Charles Marcus said the following on 02/05/2013 13:16: > So, anyone (Stan?) have any suggestions? Should I go with EXT4? Or XFS with > just the defaults? Or XFS with one or more tuned parameters? Expecially when you are working in virtual environments, keep in mind the concept of "I/O cascading" The bottleneck of virtual environment are often IOPS (I/O per second), so a VM that has a light footprint of IOPS will have a better performance. The I/O cascading is in essence the muptiplying factor of each disk write at application level. Consider a SQL UPDATE statement: you have date written on database and trasaction log. Each file will have its mtime updated. If the underlying file system is transactional you will have double writes for actual file and transaction log... And so on. The first and obvious advice (quite a default nowdays with SSD storage) is to mount the FS with noatime. But I think that is obvius as "do backups". Ciao, luigi - -- / +--[Luigi Rosa]-- \ If one morning I walked on top of the water across the Potomac River, the headline that afternoon would read "President Can't Swim". --Lyndon B. Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlGCU+IACgkQ3kWu7Tfl6ZSLjwCgt2MJu5wqXOj4Mt3UdsvmaFc1 cO0AnAmxKtsJ0evmrVXUlnY6e06WtLIL =Rf7R -----END PGP SIGNATURE----- From alessio at skye.it Thu May 2 15:04:00 2013 From: alessio at skye.it (Alessio Cecchi) Date: Thu, 02 May 2013 14:04:00 +0200 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51824B0C.9010609@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> Message-ID: <51825630.5030909@skye.it> Il 02/05/2013 13:16, Charles Marcus ha scritto: > Hello, > > I'm in the process of finalizing the spec for my new dovecot VM, and > this is the last question I need to address... > > I've read until I'm just about decided on XFS, but I have no experience > with it (been using reiserfs on my old box (@ 8 yrs old now), and never > had a problem (knock on wood), but considering its current situation > (little to no development support for reasons everyone is aware of), > I've decided now is the time to switch. It came down to XFS or EXT4, and > I like what I've read about XFS, but am unsure how to tune it (or even > if I should). > > I've decided to use mdbox for storage (been using maildir), and will > enable SIS for attachments. > > So, anyone (Stan?) have any suggestions? Should I go with EXT4? Or XFS > with just the defaults? Or XFS with one or more tuned parameters? > > Appreciate any suggestions (including links to docs dealing with tuning > XFS for my mail storage conditions that are written more at the layman > level) or comments from anyone experienced using both... > > Thanks, > Hi, I'm using XFS for mail storage (Maildir type) and it works fine and better than ext4 (especially if you storage is very large). My mount options are: "rw,noatime,attr2,delaylog,nobarrier,inode64,noquota" and I'm running it on RHEL 6.4 For more information you can read the RHEL documentation: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/xfsmain.html https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Performance_Tuning_Guide/main-fs.html Ciao -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/ @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From CMarcus at Media-Brokers.com Thu May 2 15:04:24 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 02 May 2013 08:04:24 -0400 Subject: [Dovecot] Dovecot vs MBox In-Reply-To: <1519299482.20130501080058@sloop.net> References: <51672429.20130430080425@sloop.net> <5180FEDB.1000708@Media-Brokers.com> <1519299482.20130501080058@sloop.net> Message-ID: <51825648.4090305@Media-Brokers.com> First - I'm subscribed to the list, please don't reply all and send people two copies of your email. On 2013-05-01 11:00 AM, Gregory Sloop wrote: > I don't have to shotgun a million lines of logs and other irrelevant > data for people here to troll through. Why would anyone need to troll through a million or more lines of logs? I said that you needed to provide logs of a problem *transaction* - this inherently means providing *only* the relevant lines of the actual problem transaction. You don't know how to use grep/egrep? > Also, if you don't trust me that the new messages are there from doing > a tail on the mbox file, then you certainly shouldn't trust me to > actually fix anything either, logs/proof or no. > > So this request of "proof" is a bit over the top. > Do I have to get them notarized too? Don't be silly, it isn't a personal attack on you, and it isn't about 'trust' in you as an individual, it is about not wasting other people's valuable time chasing wild geese. Note: don't go on the postfix list asking for help without providing the information I suggested, as they will not be nearly as gentle/kind as I was pointing out the need for it. It is actually a requirement outlined in the welcome message you get when joining their support list (and in my opinion it would be very helpful on this list if the welcome message had a similar requirement): TO REPORT A PROBLEM see: http://www.postfix.org/DEBUG_README.html#mail -- Best regards, Charles From lst_hoe02 at kwsoft.de Thu May 2 16:12:36 2013 From: lst_hoe02 at kwsoft.de (lst_hoe02 at kwsoft.de) Date: Thu, 02 May 2013 15:12:36 +0200 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51824B0C.9010609@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> Message-ID: <20130502151236.Horde.FQxw0YAgO4PRMhlWnDZahQ2@webmail.kwsoft.de> Zitat von Charles Marcus : > Hello, > > I'm in the process of finalizing the spec for my new dovecot VM, and > this is the last question I need to address... > > I've read until I'm just about decided on XFS, but I have no > experience with it (been using reiserfs on my old box (@ 8 yrs old > now), and never had a problem (knock on wood), but considering its > current situation (little to no development support for reasons > everyone is aware of), I've decided now is the time to switch. It > came down to XFS or EXT4, and I like what I've read about XFS, but > am unsure how to tune it (or even if I should). > > I've decided to use mdbox for storage (been using maildir), and will > enable SIS for attachments. > > So, anyone (Stan?) have any suggestions? Should I go with EXT4? Or > XFS with just the defaults? Or XFS with one or more tuned parameters? > > Appreciate any suggestions (including links to docs dealing with > tuning XFS for my mail storage conditions that are written more at > the layman level) or comments from anyone experienced using both... IMHO if you say "VM" than the filesystem inside the guest doesn't matter that much. The difference of ext4/xfs are mostly the knowledge and adjustability for special (high-end) hardware and the like. With a Hypervisor providing some standard I/O channel and hiding/handling the hardware details itself, most of the differences are gone. With this in mind your question should maybe more of "what filesystem is more Hypervisor friendly". For this i would suspect the simpler the better, so i would choose ext4. Regards Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6144 bytes Desc: S/MIME Cryptographic Signature URL: From CMarcus at Media-Brokers.com Thu May 2 16:17:09 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 02 May 2013 09:17:09 -0400 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <518253E2.4000802@luigirosa.com> References: <51824B0C.9010609@Media-Brokers.com> <518253E2.4000802@luigirosa.com> Message-ID: <51826755.9010000@Media-Brokers.com> Thanks for the replies... On 2013-05-02 7:54 AM, Luigi Rosa wrote: > The I/O cascading is in essence the muptiplying factor of each disk write at > application level. Consider a SQL UPDATE statement: you have date written on > database and trasaction log. Each file will have its mtime updated. If the > underlying file system is transactional you will have double writes for actual > file and transaction log... And so on. Well, this is purely for a mailstore. The only thing I use SQL for is my userdb, so 99.999% of that is just reads for user validation and user auth. Writes are only very occasional, and tiny when they happen, so basically no impact on the system. On 2013-05-02 8:04 AM, Alessio Cecchi wrote: > My mount options are: > > "rw,noatime,attr2,delaylog,nobarrier,inode64,noquota" Hmmm... some questions... man mount doesn't show delaylog, nobarrier or noquota as valid mount options... ? But, assuming they are, since rw is the default for all fs types, and attr2 is default for xfs, I could accomplish the same with: defaults,noatime,delaylog,nobarrier,inode64,noquota I'm not using quotas, and understand what inode64 does and am fine with that, but what I'm still unsure of for a VM environment is the delaylog and nobarrier options. Are these recommended/optimal for a VM? Running on ESXi (does it matter what hypervisor ie being used)? -- Best regards, Charles From h.reindl at thelounge.net Thu May 2 16:21:14 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 02 May 2013 15:21:14 +0200 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51826755.9010000@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> <518253E2.4000802@luigirosa.com> <51826755.9010000@Media-Brokers.com> Message-ID: <5182684A.4010603@thelounge.net> Am 02.05.2013 15:17, schrieb Charles Marcus: > but what I'm still unsure of for a VM > environment is the delaylog and nobarrier options. > > Are these recommended/optimal for a VM? Running on ESXi (does it matter what hypervisor ie being used)? barriers does not help you much or are implicit because you have no physical disk under the FS and the underlying storage should have battery backed buffers and doe snot need to confirm the physical write to the disk to have the data safe /dev/sdd1 on /storage type ext4 (rw,noexec,noatime,nodiratime,commit=45,inode_readahead_blks=64) Default mount options: journal_data_writeback nobarrier -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From alessio at skye.it Thu May 2 16:51:05 2013 From: alessio at skye.it (Alessio Cecchi) Date: Thu, 02 May 2013 15:51:05 +0200 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51826755.9010000@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> <518253E2.4000802@luigirosa.com> <51826755.9010000@Media-Brokers.com> Message-ID: <51826F49.9090801@skye.it> Il 02/05/2013 15:17, Charles Marcus ha scritto: > > man mount doesn't show delaylog, nobarrier or noquota as valid mount > options... ? Yes, they are available on RHEL 6.x. "since 2.6.35, xfs had a new mount option '-o delaylog', which improved a lot metadata operations. From 2.6.39 this option is on by default" Ciao -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/ @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From CMarcus at Media-Brokers.com Thu May 2 17:02:12 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 02 May 2013 10:02:12 -0400 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <20130502151236.Horde.FQxw0YAgO4PRMhlWnDZahQ2@webmail.kwsoft.de> References: <51824B0C.9010609@Media-Brokers.com> <20130502151236.Horde.FQxw0YAgO4PRMhlWnDZahQ2@webmail.kwsoft.de> Message-ID: <518271E4.7020600@Media-Brokers.com> On 2013-05-02 9:12 AM, lst_hoe02 at kwsoft.de wrote: > IMHO if you say "VM" than the filesystem inside the guest doesn't > matter that much. Well... my understanding is that things can break rather badly if you use reiserfs for the host, and then use reiserfs for one of the guests... So, if doing that can break things badly, I imagine you may not be totally correct that it 'doesn't matter'... > The difference of ext4/xfs are mostly the knowledge and adjustability > for special (high-end) hardware and the like. With a Hypervisor > providing some standard I/O channel and hiding/handling the hardware > details itself, most of the differences are gone. With this in mind > your question should maybe more of "what filesystem is more Hypervisor > friendly". For this i would suspect the simpler the better, so i would > choose ext4. Possibly a valid argument overall... would like to see what Stan has to say about it though before I make a final decision... Thanks to all for the replies so far. -- Best regards, Charles From CMarcus at Media-Brokers.com Thu May 2 17:21:07 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 02 May 2013 10:21:07 -0400 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51826F49.9090801@skye.it> References: <51824B0C.9010609@Media-Brokers.com> <518253E2.4000802@luigirosa.com> <51826755.9010000@Media-Brokers.com> <51826F49.9090801@skye.it> Message-ID: <51827653.8040706@Media-Brokers.com> On 2013-05-02 9:51 AM, Alessio Cecchi wrote: > Il 02/05/2013 15:17, Charles Marcus ha scritto: >> >> man mount doesn't show delaylog, nobarrier or noquota as valid mount >> options... ? > > Yes, they are available on RHEL 6.x. > > "since 2.6.35, xfs had a new mount option '-o delaylog', which > improved a lot metadata operations. From 2.6.39 this option is on by > default" Is this a redhat specific feature? Again, man mount says nothing about those options. -- Best regards, Charles From tss at iki.fi Thu May 2 18:13:09 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 2 May 2013 18:13:09 +0300 Subject: [Dovecot] CATENATE doesn't support literal+ url In-Reply-To: References: <1824A6D3-F4EE-42D5-A623-1471E54221A4@apple.com> Message-ID: <55FA32BD-F7FE-43EC-AF31-7EC1337AF1BC@iki.fi> On 30.4.2013, at 0.06, Timo Sirainen wrote: > On 29.4.2013, at 23.43, Mike Abbott wrote: > >>> Dovecot-2.2.1 does not appear to support URLs specified via non-synchronizing literals >> >> Or synchronizing literals either: >> >> b2 append inbox catenate (url {8} >> b2 BAD Error in IMAP command APPEND: Invalid arguments. >> >> Although the consequences of this are less severe since clients should send no more data for that command after receiving the tagged response. > > Looks like the code should be calling imap_parser_read_last_literal() after reading URL with literal parameter.. I'll get that fixed. http://hg.dovecot.org/dovecot-2.2/rev/8e5ff6809d75 should fix this, at least in the tests that I did. Annoyingly it's not currently possible to test this with imaptest tests. From tss at iki.fi Thu May 2 18:19:09 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 2 May 2013 18:19:09 +0300 Subject: [Dovecot] CATENATE allows zero parts In-Reply-To: <8FDB0BF3-3481-4E74-89A7-108F9E86FE5C@apple.com> References: <8FDB0BF3-3481-4E74-89A7-108F9E86FE5C@apple.com> Message-ID: On 29.4.2013, at 21.37, Mike Abbott wrote: > I'm pleased to see that dovecot-2.2 includes support for RFCs 4467 and 4469 (URLAUTH and CATENATE). I have begun testing these features (in dovecot-2.2.1) and comparing their functionality against Apple's implementation. So far I have discovered a few inconsistencies. I will report each of these, and any more that I may find, in separate threads. > > The first issue is that using CATENATE with no message parts works but, IMO, shouldn't: > a2 append inbox catenate () > a2 OK [APPENDUID 1366726248 9] Append completed. > > For comparison this is how Apple's enhanced dovecot in OS X Server handles this request: > a2 append inbox catenate () > a2 BAD Invalid arguments. Changed: http://hg.dovecot.org/dovecot-2.2/rev/5e2fa592c268 From tss at iki.fi Thu May 2 18:22:36 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 2 May 2013 18:22:36 +0300 Subject: [Dovecot] CATENATE allows empty messages In-Reply-To: References: Message-ID: <03ED2643-17F7-4632-9E19-E7978D640EF3@iki.fi> On 30.4.2013, at 0.12, Timo Sirainen wrote: > On 29.4.2013, at 21.40, Mike Abbott wrote: > >> Dovecot-2.2.1 allows empty messages to be APPENDed when using CATENATE: >> b1 append inbox catenate (text {0+} >> ) >> b1 OK [APPENDUID 1366726248 12] Append completed. >> >> Contrast this with regular APPEND: >> b2 append inbox {0+} >> b2 NO Can't save a zero byte message. >> >> Note that zero-size literals are OK but zero-size messages are not. So while "b1" above should fail like "b2", this should continue to succeed: >> b3 append inbox catenate (text {0+} >> text {8+} >> foobar >> ) >> b3 OK [APPENDUID 1366726248 13] Append completed. > > This could be changed I guess, but I don't think it's a bug. I don't see anything in RFC 3501 prohibiting saving empty messages. Only the MULTIAPPEND RFC says: > > A zero-length message literal argument is an error, and MUST > return a NO. This can be used to cancel the append. > > But that doesn't prohibit zero-length CATENATE parameters. Also another way to generate empty message is to give URL to an empty MIME part. Should such APPENDs also fail? I think if there's no good reason to disallow empty messages I'll just keep the code as it is and allow them. From tss at iki.fi Thu May 2 18:33:46 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 2 May 2013 18:33:46 +0300 Subject: [Dovecot] imap crash during URLFETCH In-Reply-To: References: Message-ID: <0B8409CD-AC44-4504-BB6D-C4A81522918F@iki.fi> On 30.4.2013, at 4.07, Mike Abbott wrote: > Dovecot-2.2.1's imap processes crash reliably when they use an IMAP URL with an invalid access specifier. A backtrace and some debug output follows. The crash is likely caused by imap_urlauth_fetch_parsed() returning 0 without having set *mpurl_r to NULL, and then imap_urlauth_fetch_local() freeing an uninitialized pointer. Right, fixed: http://hg.dovecot.org/dovecot-2.2/rev/24aa10efe132 I also noticed another crash: http://hg.dovecot.org/dovecot-2.2/rev/2a3134b0c25d From h.reindl at thelounge.net Thu May 2 18:42:14 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 02 May 2013 17:42:14 +0200 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <518286EA.7070503@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> <518253E2.4000802@luigirosa.com> <51826755.9010000@Media-Brokers.com> <51826F49.9090801@skye.it> <51827653.8040706@Media-Brokers.com> <51827BF1.40507@thelounge.net> <518286EA.7070503@Media-Brokers.com> Message-ID: <51828956.5000202@thelounge.net> Am 02.05.2013 17:31, schrieb Charles Marcus: > On 2013-05-02 10:45 AM, Reindl Harald wrote: >> "man mount" is very generic and doe snot cover any option >> there is also no "man mount.ntfs" while "mount.ntfs" command exists > > ? > > man mount, at least mine, shows first the FILESYSTEM INDEPENDENT MOUNT OPTIONS, then as you scroll down, you'll get > to all of the additional filesystem specific options, ie, for xfs... > > So, not sure what you mean by 'does not cover any option'... typo - meant "does not cover ALL options" someone has to write the manpages, there are millions of options all over the software-world which did it not make into manpages google for "xfs delaylog" leads to http://xfs.org/index.php/XFS_FAQ http://xfs.org/index.php/XFS_FAQ#Q:_I_want_to_tune_my_XFS_filesystems_for_.3Csomething.3E For mount options, the only thing that will change metadata performance considerably are the logbsize and delaylog mount options so how can it be redhat-specific if it is mentioned upstream? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From tss at iki.fi Thu May 2 18:46:32 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 2 May 2013 18:46:32 +0300 Subject: [Dovecot] Slow DNS warnings (proxy/auth) In-Reply-To: <20130426175710.064e6296@batzmaru.gol.ad.jp> References: <20130426175710.064e6296@batzmaru.gol.ad.jp> Message-ID: <0E99957D-27FF-4D75-A74D-2ABF62409E2A@iki.fi> On 26.4.2013, at 11.57, Christian Balzer wrote: > Apr 25 17:19:09 pp11 dovecot: auth: Warning: proxy(redacted at gol.com,xx.xx.xx.xx,<26hUEivbfQBlMrMS>): DNS lookup for mb04.dentaku.gol.com took 5.002 s > --- > > Now this machine at that time was handling a load of about 2 logins per > second, about 20% of what it previously handled with perdition w/o a > hiccup. > It also runs a local caching nameserver and the A record for the mailbox > server in question was most definitely cached at the time (verified via > TTL). > The machine in question was very bored and certainly capable of handling > hundreds if not thousands of DNS queries per second at that moment. > > In short, I can't see any reason how the lookup could have taken so long, so my guess is there are some issues with the dns-helper (locking, stepping on each others feet, not being spawned fast enough) causing this. No idea. > Some general remarks, dovecot as proxy feels "heavier" than perdition. > > In the CPU area that's probably a more subjective impression, because all > the little helper processes make it clear what's going on where. > Though the "config" process being rather active is something that perdition > definitely doesn't do, it reads the config once at start time and that's > it. > All the IPC and central processes of course also make dovecot rather > file handle hungry. > > Memory wise it's about 35% bigger than perdition and that's not subjective > at all. ^o^ > About one MB per proxy process/connection for dovecot in my case. > Caveat emptor. ^o^ You could also switch to high-performance mode: http://wiki2.dovecot.org/LoginProcess From tss at iki.fi Thu May 2 18:53:33 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 2 May 2013 18:53:33 +0300 Subject: [Dovecot] search and UTF-8 normalization forms (NFD) In-Reply-To: References: Message-ID: <730F760C-FC67-42C0-8405-770114D27063@iki.fi> On 25.4.2013, at 16.39, Lutz Pre?ler wrote: > on a system with dovecot 2.2 I've got a mailbox containing multiple mails > from a person called Kr?ger, but From: header encoded differently. > Some are encoded in UTF-8 normalization form decomposed (as used by Mac OSX), > that is u and umlaut accent as sperate combined codepoints > instead of one ?: > > From: =?utf-8?Q?replaced_Kru=CC=88ger?= > > Searching within roundcube webmail for "kr?ger" as sender > missis this mails. > > Roundcube sends (dovecot rawlog): > A0003 UID THREAD REFS UTF-8 ALL HEADER FROM {7+}kr?ger > > Is this supposed to work? Haven't done any more debugging > (other search variants) or read RFCs. As a user I would expect > Unicode equivalence rules be applied (see > http://en.wikipedia.org/wiki/Unicode_equivalence) IMAP requires using i;unicode-casemap by default, as specified by RFC 5051. Then again, others could be supported as well, and it's not really a requirement that the search can't handle more flexible searches.. Anyway, that's what Dovecot currently has implemented, and I guess it doesn't do what you want it to do. But there is a partial solution for this: http://dovecot.org/patches/2.1/icu-1.2.tar.gz It probably does what you want, but it only works with fts-lucene. From slusarz at curecanti.org Thu May 2 19:02:12 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Thu, 02 May 2013 10:02:12 -0600 Subject: [Dovecot] CATENATE allows empty messages In-Reply-To: <03ED2643-17F7-4632-9E19-E7978D640EF3@iki.fi> References: <03ED2643-17F7-4632-9E19-E7978D640EF3@iki.fi> Message-ID: <20130502100212.Horde.Az3VYcam1Nsbkg4ZLEJiXA9@bigworm.curecanti.org> Quoting Timo Sirainen : > On 30.4.2013, at 0.12, Timo Sirainen wrote: > >> This could be changed I guess, but I don't think it's a bug. I >> don't see anything in RFC 3501 prohibiting saving empty messages. >> Only the MULTIAPPEND RFC says: >> >> A zero-length message literal argument is an error, and MUST >> return a NO. This can be used to cancel the append. >> >> But that doesn't prohibit zero-length CATENATE parameters. > > Also another way to generate empty message is to give URL to an > empty MIME part. Should such APPENDs also fail? I think if there's > no good reason to disallow empty messages I'll just keep the code as > it is and allow them. Some clients treat IMAP as a pseudo-filesystem (e.g. Kolab), so I would agree that limiting what can be stored is a bad idea. michael From michael.abbott at apple.com Thu May 2 19:14:19 2013 From: michael.abbott at apple.com (Mike Abbott) Date: Thu, 02 May 2013 11:14:19 -0500 Subject: [Dovecot] CATENATE allows empty messages In-Reply-To: <20130502100212.Horde.Az3VYcam1Nsbkg4ZLEJiXA9@bigworm.curecanti.org> References: <03ED2643-17F7-4632-9E19-E7978D640EF3@iki.fi> <20130502100212.Horde.Az3VYcam1Nsbkg4ZLEJiXA9@bigworm.curecanti.org> Message-ID: It's the inconsistency that bothers me. Plain old APPEND doesn't allow empty messages but CATENATE does? From slusarz at curecanti.org Thu May 2 19:24:50 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Thu, 02 May 2013 10:24:50 -0600 Subject: [Dovecot] CATENATE allows empty messages In-Reply-To: References: <03ED2643-17F7-4632-9E19-E7978D640EF3@iki.fi> <20130502100212.Horde.Az3VYcam1Nsbkg4ZLEJiXA9@bigworm.curecanti.org> Message-ID: <20130502102450.Horde.TsRwLRbXUr9cdQF33bO0zg1@bigworm.curecanti.org> Quoting Mike Abbott : > It's the inconsistency that bothers me. Plain old APPEND doesn't > allow empty messages but CATENATE does? I don't recall/see anything in RFC 3501 that prevents a zero-length message: append = "APPEND" SP mailbox [SP flag-list] [SP date-time] SP literal [...] literal = "{" number "}" CRLF *CHAR8 ; Number represents the number of CHAR8s [...] number = 1*DIGIT ; Unsigned 32-bit integer ; (0 <= n < 4,294,967,296) So this is legal under the ABNF: APPEND mailboxname {0}CRLF[0 length *CHAR8]CRLF Timo mentioned that MULTIAPPEND doesn't allow zero-length messages. But looks like that was done solely as a way to provide a mechanism to cancel a MULTIAPPEND rather than a statement that zero-length messages are not ever intended to be processed by any kind of APPEND action (i.e. a vanilla RFC 3501 non-MULTIAPPEND action). michael From rafaelvolpeti at gmail.com Thu May 2 20:00:56 2013 From: rafaelvolpeti at gmail.com (Rafael VOlpe TI) Date: Thu, 2 May 2013 14:00:56 -0300 Subject: [Dovecot] Tuning! Message-ID: Hi Buddies, I have 2 servers running dovecot + postfix for pop/imap users. The users mailbox are in a Nfs storage. The load of server is ranging at 3.0 to 15.0. I really dont know what happened.. I read a lot about tuning of dovecot, and the changes are applied, how you can see. The Hardware of server is really good! The host have 8GB of mem and 2 sockets with 2 cores anyone. The server receives 900-1000 user connections in pop and imap. How i can aprimmorate this processes? Some errors are displayed on the console randomly when the load rises. Example: May 02 13:57:42 pop3(user at domain.com): Error: Timeout (180s) while waiting for lock for transaction log file //var/vmail/ domain.com/user//dovecot.index.log May 02 13:57:42 pop3(user at domain.com): Error: Couldn't init INBOX: Internal error occurred. Refer to server log for more information. [2013-05-02 13:54:40] May 02 13:57:42 pop3(user at domain.com): Info: Mailbox init failed top=0/0, retr=0/0, del=0/0, size=0 I really appreciate any suggestion! Thanks and Regards, Rafael Volpe Dovecot conf: # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-40-generic x86_64 Ubuntu 12.04.2 LTS auth_mechanisms = plain login auth_verbose = yes debug_log_path = /var/log/dovecot-debug.log disable_plaintext_auth = no dotlock_use_excl = no first_valid_gid = 125 first_valid_uid = 125 last_valid_gid = 125 last_valid_uid = 125 log_path = /var/log/dovecot.log mail_debug = yes mail_fsync = always mail_location = maildir:/%Lh/:INDEX=/%Lh/ mail_nfs_index = yes mail_nfs_storage = yes mmap_disable = yes passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocols = " imap pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_cert = References: <51672429.20130430080425@sloop.net> <20130430180726.GC8773@queeg.we-be-smart.org> <5181F5DD.8030406@hardwarefreak.com> Message-ID: <727629375.20130502103955@sloop.net> SH> On 4/30/2013 1:07 PM, Kyle Wheeler wrote: >> On Tuesday, April 30 at 08:04 AM, quoth Gregory Sloop: >>> Any ideas where to look next, what I might do to force dovecot to >>> forget message ID's etc - that might force it to read the whole >>> mailbox file again? >> >> Find the dovecot.index files for that mbox and delete them. They will be >> re-generated from the contents of the mbox. >> >> ~Kyle SH> Apparently Gregory discarded your advice Kyle. [And you surmise this from what?] SH> Gregory, this is the first step in fixing such a problem with mbox SH> storage. I've had your same issue and similar occur multiple times, and SH> this normally fixes the problem. Make sure the user in question in SH> logged off and delete the index files as Kyle suggested. When the user SH> logs back in everything should work. If it doesn't delete any cache or SH> sync files on the client MUA (which should have actually been your first SH> step). I've seen this problem with Thunderbird a number of times, SH> though not in a couple of years, since switching to LDA. This is helpful, and I've already, even before Kyle prompted it, deleted the dovecot indexes. SH> While you chided Charles for stating the obvious, you'd have done well SH> to have provided what he suggested. I was looking for general pointers as to where one might productively start. I wasn't berating Charles for not providing an adequate solution. I wasn't asking for specific answers. Charles, wrote what was, IMO, far too abrasive and demanding, and in a condescending tone that - I *must* *prove* the truth of what I claimed was happening. Perhaps he didn't mean it the way he said it - I even suspect he didn't. But *prove* is a really strong term. It implies that the user is either being dishonest about something, or is too stupid to know better. If one doesn't want the questioner to "push-back" against such tone, then it's probably better to use less strident language and suggest things more mildly. [And I see he's doubled-down by attempting to insult me that I don't know how to use grep etc and threatening me of even worse abuse if I post on the postfix list, complaining of my use of reply-all etc.] If I were to pose such follow-up, I'd say something like... "It's hard to help you without more information. Could you please provide us with X, Y and Z." Problem solved. -- As for more detail - postfix IS putting the messages directly into this mbox. I'm checking the mbox with squirrel-mail which uses Dovecot's IMAP - and I am not aware if SM uses indexes itself or not. [So I'm not sure if it's a SM problem or a Dovecot problem. It's probably not an mbox problem since mail sees the messages fine and simply looking at the mobx doesn't seem to show any obvious corruption - unless there's some corruption in the mbox that's handled badly by dovecot/SM that is handled fine by "mail" - which is certainly possible.] The mailbox is a test mailbox I use on the system, and since I have [and had] some other more pressing issues to attend to, I've yet had time to go much beyond what I'd done before asking for pointers as where to look. As I get more time in the next day or two, I'll go back and see what more I can gather to determine what the problem is. -Greg From gedalya at gedalya.net Thu May 2 20:47:11 2013 From: gedalya at gedalya.net (Gedalya) Date: Thu, 02 May 2013 13:47:11 -0400 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51827653.8040706@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> <518253E2.4000802@luigirosa.com> <51826755.9010000@Media-Brokers.com> <51826F49.9090801@skye.it> <51827653.8040706@Media-Brokers.com> Message-ID: <5182A69F.50600@gedalya.net> On 05/02/2013 10:21 AM, Charles Marcus wrote: > On 2013-05-02 9:51 AM, Alessio Cecchi wrote: >> Il 02/05/2013 15:17, Charles Marcus ha scritto: >>> >>> man mount doesn't show delaylog, nobarrier or noquota as valid mount >>> options... ? >> >> Yes, they are available on RHEL 6.x. >> >> "since 2.6.35, xfs had a new mount option '-o delaylog', which >> improved a lot metadata operations. From 2.6.39 this option is on by >> default" > > Is this a redhat specific feature? Again, man mount says nothing about > those options. > You're right that it doesn't seem to be properly listed in the list of options, but it's discussed https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/Documentation/filesystems/xfs-delayed-logging-design.txt Other XFS options: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/Documentation/filesystems/xfs.txt From gedalya at gedalya.net Thu May 2 20:54:29 2013 From: gedalya at gedalya.net (Gedalya) Date: Thu, 02 May 2013 13:54:29 -0400 Subject: [Dovecot] Tuning! In-Reply-To: References: Message-ID: <5182A855.6040406@gedalya.net> Dovecot is probably waiting for your storage to respond, you should probably take a more detailed look at your NFS link and at the conditions on the NFS server side. On 05/02/2013 01:00 PM, Rafael VOlpe TI wrote: > Hi Buddies, > > I have 2 servers running dovecot + postfix for pop/imap users. > The users mailbox are in a Nfs storage. > The load of server is ranging at 3.0 to 15.0. > I really dont know what happened.. I read a lot about tuning of dovecot, > and the changes are applied, how you can see. > The Hardware of server is really good! > The host have 8GB of mem and 2 sockets with 2 cores anyone. > The server receives 900-1000 user connections in pop and imap. > How i can aprimmorate this processes? > > Some errors are displayed on the console randomly when the load rises. > Example: > > May 02 13:57:42 pop3(user at domain.com): Error: Timeout (180s) while waiting > for lock for transaction log file //var/vmail/ > domain.com/user//dovecot.index.log > May 02 13:57:42 pop3(user at domain.com): Error: Couldn't init INBOX: Internal > error occurred. Refer to server log for more information. [2013-05-02 > 13:54:40] > May 02 13:57:42 pop3(user at domain.com): Info: Mailbox init failed top=0/0, > retr=0/0, del=0/0, size=0 > > I really appreciate any suggestion! > > Thanks and Regards, > > Rafael Volpe > > > Dovecot conf: > > # 2.0.19: /etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-40-generic x86_64 Ubuntu 12.04.2 LTS > auth_mechanisms = plain login > auth_verbose = yes > debug_log_path = /var/log/dovecot-debug.log > disable_plaintext_auth = no > dotlock_use_excl = no > first_valid_gid = 125 > first_valid_uid = 125 > last_valid_gid = 125 > last_valid_uid = 125 > log_path = /var/log/dovecot.log > mail_debug = yes > mail_fsync = always > mail_location = maildir:/%Lh/:INDEX=/%Lh/ > mail_nfs_index = yes > mail_nfs_storage = yes > mmap_disable = yes > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocols = " imap pop3" > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > } > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > service_count = 0 > } > service pop3-login { > inet_listener pop3 { > port = 110 > } > inet_listener pop3s { > port = 995 > ssl = yes > } > } > ssl_cert = ssl_key = userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > verbose_proctitle = yes > protocol imap { > imap_idle_notify_interval = 2 mins > mail_max_userip_connections = 150 > } > protocol pop3 { > pop3_lock_session = no > pop3_uidl_format = %08Xu%08Xv > } > > > Postfix conf: > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > append_dot_mydomain = no > biff = no > bounce_queue_lifetime = 1d > broken_sasl_auth_clients = yes > config_directory = /etc/postfix > content_filter = smtp-amavis:[127.0.0.1]:10024 > inet_interfaces = all > mailbox_size_limit = 0 > maximal_queue_lifetime = 1d > message_size_limit = 20240000 > myhostname = myname.mydomain.com > mynetworks = 127.0.0.0/8 > myorigin = /etc/mailname > policy-spf_time_limit = 3600s > readme_directory = no > recipient_bcc_maps = mysql:/etc/postfix/mysql_bcc.cf > recipient_delimiter = + > relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf > relayhost = > sender_bcc_maps = mysql:/etc/postfix/mysql_bcc.cf > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > smtpd_banner = Welcome to $myhostname > smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, > check_client_access mysql:/etc/postfix/mysql_access.cf, > reject_unknown_client, reject_unknown_client_hostname, > reject_unauth_pipelining, reject_rbl_client bl.spamcop.net, > reject_rbl_client zen.spamhaus.org, reject_rbl_client b.barracudacentral.org > smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, > reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, > reject_invalid_hostname > smtpd_recipient_restrictions = reject_unknown_sender_domain, > reject_unknown_recipient_domain, reject_non_fqdn_sender, > reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service > inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, > reject_unauth_destination, check_policy_service unix:private/policy-spf > smtpd_reject_unlisted_sender = yes > smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = $mydomain > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, > reject_unauth_pipelining, reject_unauth_destination > smtpd_timeout = 30 > smtpd_tls_cert_file = /etc/postfix/ssl/wildcard.domain.com.crt > smtpd_tls_key_file = /etc/postfix/ssl/wildcard.domain.com.key > smtpd_tls_security_level = may > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > transport_maps = mysql:/etc/postfix/mysql_transport.cf > vacation_destination_recipient_limit = 1 > virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf > virtual_gid_maps = static:125 > virtual_mailbox_base = /var/vmail > virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf > virtual_mailbox_limit = 51200000 > virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf > virtual_minimum_uid = 125 > virtual_transport = virtual > virtual_uid_maps = static:125 > From rs at sys4.de Thu May 2 21:08:51 2013 From: rs at sys4.de (Robert Schetterer) Date: Thu, 02 May 2013 20:08:51 +0200 Subject: [Dovecot] Tuning! In-Reply-To: <5182A855.6040406@gedalya.net> References: <5182A855.6040406@gedalya.net> Message-ID: <5182ABB3.50907@sys4.de> Am 02.05.2013 19:54, schrieb Gedalya: > Dovecot is probably waiting for your storage to respond, you should > probably take a more detailed look at your NFS link and at the > conditions on the NFS server side. > > > On 05/02/2013 01:00 PM, Rafael VOlpe TI wrote: >> Hi Buddies, >> >> I have 2 servers running dovecot + postfix for pop/imap users. >> The users mailbox are in a Nfs storage. >> The load of server is ranging at 3.0 to 15.0. >> I really dont know what happened.. I read a lot about tuning of dovecot, >> and the changes are applied, how you can see. >> The Hardware of server is really good! >> The host have 8GB of mem and 2 sockets with 2 cores anyone. >> The server receives 900-1000 user connections in pop and imap. >> How i can aprimmorate this processes? >> >> Some errors are displayed on the console randomly when the load rises. >> Example: >> >> May 02 13:57:42 pop3(user at domain.com): Error: Timeout (180s) while >> waiting >> for lock for transaction log file //var/vmail/ >> domain.com/user//dovecot.index.log >> May 02 13:57:42 pop3(user at domain.com): Error: Couldn't init INBOX: >> Internal >> error occurred. Refer to server log for more information. [2013-05-02 >> 13:54:40] >> May 02 13:57:42 pop3(user at domain.com): Info: Mailbox init failed top=0/0, >> retr=0/0, del=0/0, size=0 >> >> I really appreciate any suggestion! >> >> Thanks and Regards, >> >> Rafael Volpe >> >> >> Dovecot conf: >> >> # 2.0.19: /etc/dovecot/dovecot.conf >> # OS: Linux 3.2.0-40-generic x86_64 Ubuntu 12.04.2 LTS >> auth_mechanisms = plain login >> auth_verbose = yes >> debug_log_path = /var/log/dovecot-debug.log >> disable_plaintext_auth = no >> dotlock_use_excl = no >> first_valid_gid = 125 >> first_valid_uid = 125 >> last_valid_gid = 125 >> last_valid_uid = 125 >> log_path = /var/log/dovecot.log >> mail_debug = yes >> mail_fsync = always >> mail_location = maildir:/%Lh/:INDEX=/%Lh/ >> mail_nfs_index = yes >> mail_nfs_storage = yes >> mmap_disable = yes >> passdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> protocols = " imap pop3" >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> } >> service imap-login { >> inet_listener imap { >> port = 143 >> } >> inet_listener imaps { >> port = 993 >> ssl = yes >> } >> service_count = 0 >> } >> service pop3-login { >> inet_listener pop3 { >> port = 110 >> } >> inet_listener pop3s { >> port = 995 >> ssl = yes >> } >> } >> ssl_cert = > ssl_key = > userdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> verbose_proctitle = yes >> protocol imap { >> imap_idle_notify_interval = 2 mins >> mail_max_userip_connections = 150 >> } >> protocol pop3 { >> pop3_lock_session = no >> pop3_uidl_format = %08Xu%08Xv >> } >> >> >> Postfix conf: >> >> alias_database = hash:/etc/aliases >> alias_maps = hash:/etc/aliases >> append_dot_mydomain = no >> biff = no >> bounce_queue_lifetime = 1d >> broken_sasl_auth_clients = yes >> config_directory = /etc/postfix >> content_filter = smtp-amavis:[127.0.0.1]:10024 >> inet_interfaces = all >> mailbox_size_limit = 0 >> maximal_queue_lifetime = 1d >> message_size_limit = 20240000 >> myhostname = myname.mydomain.com >> mynetworks = 127.0.0.0/8 >> myorigin = /etc/mailname >> policy-spf_time_limit = 3600s >> readme_directory = no >> recipient_bcc_maps = mysql:/etc/postfix/mysql_bcc.cf >> recipient_delimiter = + >> relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf >> relayhost = >> sender_bcc_maps = mysql:/etc/postfix/mysql_bcc.cf >> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache >> smtpd_banner = Welcome to $myhostname >> smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, >> check_client_access mysql:/etc/postfix/mysql_access.cf, >> reject_unknown_client, reject_unknown_client_hostname, >> reject_unauth_pipelining, reject_rbl_client bl.spamcop.net, >> reject_rbl_client zen.spamhaus.org, reject_rbl_client >> b.barracudacentral.org >> smtpd_end_of_data_restrictions = check_policy_service >> inet:127.0.0.1:10031 >> smtpd_helo_required = yes >> smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, >> reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, >> reject_invalid_hostname >> smtpd_recipient_restrictions = reject_unknown_sender_domain, >> reject_unknown_recipient_domain, reject_non_fqdn_sender, >> reject_non_fqdn_recipient, reject_unlisted_recipient, >> check_policy_service >> inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, >> reject_unauth_destination, check_policy_service unix:private/policy-spf >> smtpd_reject_unlisted_sender = yes >> smtpd_sasl_auth_enable = yes >> smtpd_sasl_local_domain = $mydomain >> smtpd_sasl_path = private/auth >> smtpd_sasl_security_options = noanonymous >> smtpd_sasl_type = dovecot >> smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, >> reject_unauth_pipelining, reject_unauth_destination >> smtpd_timeout = 30 >> smtpd_tls_cert_file = /etc/postfix/ssl/wildcard.domain.com.crt >> smtpd_tls_key_file = /etc/postfix/ssl/wildcard.domain.com.key >> smtpd_tls_security_level = may >> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache >> transport_maps = mysql:/etc/postfix/mysql_transport.cf >> vacation_destination_recipient_limit = 1 >> virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf >> virtual_gid_maps = static:125 >> virtual_mailbox_base = /var/vmail >> virtual_mailbox_domains = >> mysql:/etc/postfix/mysql_virtual_domains_maps.cf >> virtual_mailbox_limit = 51200000 >> virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf >> virtual_minimum_uid = 125 >> virtual_transport = virtual >> virtual_uid_maps = static:125 >> > did you notice http://wiki2.dovecot.org/NFS ... NFS is commonly used in one of these ways: Dovecot is run in a single computer. Dovecot is run in multiple computers, users are redirected more or less randomly to different computers. Dovecot is run in multiple computers, each user is assigned a specific computer which is used whenever possible. The only way to reliably implement the 2nd setup is with the director service ... so you might read and setup http://wiki2.dovecot.org/Director Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From stephan at rename-it.nl Thu May 2 22:48:08 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 02 May 2013 21:48:08 +0200 Subject: [Dovecot] sieve: deleteheader sometimes fails [bug] In-Reply-To: <51816BA7.5070203@rename-it.nl> References: <5181161D.1020404@corefiling.co.uk> <51811DEF.8020900@rename-it.nl> <51812D93.1060904@corefiling.co.uk> <51816BA7.5070203@rename-it.nl> Message-ID: <5182C2F8.3010606@rename-it.nl> On 5/1/2013 9:23 PM, Stephan Bosch wrote: > On 5/1/2013 4:58 PM, Daniel Piddock wrote: >> On 01/05/13 14:51, Stephan Bosch wrote: >> >> Hi Stephan, >> >> I'm totally sure. The mails end up with two Subject headers so the >> addheader line is executing correctly. The bug doesn't even need the >> fileinto and stop lines, I'm not sure why I included them. > > Hmm, bizarre. I cannot reproduce the problem at this end. Could you > send me the following: > > - dovecot -n output > - an example message that triggers this behavior > > Could you try to reproduce this with the sieve-test tool? Ok, this should fix it: http://hg.rename-it.nl/dovecot-2.1-pigeonhole/rev/0163c45094a3 Regards, Stephan. From lst_hoe02 at kwsoft.de Thu May 2 23:18:06 2013 From: lst_hoe02 at kwsoft.de (lst_hoe02 at kwsoft.de) Date: Thu, 02 May 2013 22:18:06 +0200 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <518271E4.7020600@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> <20130502151236.Horde.FQxw0YAgO4PRMhlWnDZahQ2@webmail.kwsoft.de> <518271E4.7020600@Media-Brokers.com> Message-ID: <20130502221806.Horde.fVstC78cCZA79JbmhD5zUA1@webmail.kwsoft.de> Zitat von Charles Marcus : > On 2013-05-02 9:12 AM, lst_hoe02 at kwsoft.de wrote: >> IMHO if you say "VM" than the filesystem inside the guest doesn't >> matter that much. > > Well... my understanding is that things can break rather badly if > you use reiserfs for the host, and then use reiserfs for one of the > guests... From my understanding this was because of the "repair" capabilities of reiserfs checkdisk which was able to mix up your host and guest fs. This was also only the case for VM Player and old Server eg. the Linux add-on Hypervisors. > So, if doing that can break things badly, I imagine you may not be > totally correct that it 'doesn't matter'... For ESXi with its own filesystem (vmfs) it still shouldn't matter that much. As said the basic task of the Hypervisor is to abstract the hardware used, so no chance for the guest OS to really optimize for the hardware used. Maybe its time for a generic Hypervisor guest fs... Regards Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6144 bytes Desc: S/MIME Cryptographic Signature URL: From CMarcus at Media-Brokers.com Thu May 2 23:36:48 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 02 May 2013 16:36:48 -0400 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <20130502221806.Horde.fVstC78cCZA79JbmhD5zUA1@webmail.kwsoft.de> References: <51824B0C.9010609@Media-Brokers.com> <20130502151236.Horde.FQxw0YAgO4PRMhlWnDZahQ2@webmail.kwsoft.de> <518271E4.7020600@Media-Brokers.com> <20130502221806.Horde.fVstC78cCZA79JbmhD5zUA1@webmail.kwsoft.de> Message-ID: <5182CE60.2030608@Media-Brokers.com> On 2013-05-02 4:18 PM, lst_hoe02 at kwsoft.de wrote: > For ESXi with its own filesystem (vmfs) it still shouldn't matter that > much. As said the basic task of the Hypervisor is to abstract the > hardware used, so no chance for the guest OS to really optimize for > the hardware used. Maybe its time for a generic Hypervisor guest fs... Interesting idea, but way over my head as far as whether or not it is accurate... ;) One thing I'm still unsure of is the whole issue of things being sync'd to disk, and which options for xfs (or ext4) are 'safest' for the virtualized environment... -- Best regards, Charles From michael.abbott at apple.com Fri May 3 03:34:25 2013 From: michael.abbott at apple.com (Mike Abbott) Date: Thu, 02 May 2013 19:34:25 -0500 Subject: [Dovecot] URLAUTH assertion failures in 2.2.1 Message-ID: Testing URLAUTH in dovecot-2.2.1 plus Timo's recent CATENATE and URLAUTH fixes eventually trips some assertions. No simple sequence of commands always hits these; they appear to be timing-dependent. The first one is: May 02 17:47:17 imap(pid 50490 user submit): Panic: file imap-client.c: line 643 (client_command_free): assertion failed: (client->output_cmd_lock == NULL) The line number doesn't match dovecot-2.2.1 due to Apple's unrelated modifications. 0 libsystem_kernel.dylib 0x00007fff8a9f7d4a __pthread_kill + 10 1 libsystem_pthread.dylib 0x00007fff8f728705 pthread_kill + 92 2 libsystem_c.dylib 0x00007fff8f48b17b abort + 125 3 libdovecot.0.dylib 0x000000010db8d2bb default_fatal_finish + 68 4 libdovecot.0.dylib 0x000000010db8df66 i_internal_error_handler + 0 5 libdovecot.0.dylib 0x000000010db8d53d i_panic + 158 6 imap 0x000000010da468fe client_command_free + 446 7 imap 0x000000010da47a33 client_output_cmd + 37 8 imap 0x000000010da46497 client_output + 143 9 libdovecot.0.dylib 0x000000010dba5610 stream_send_io + 53 10 libdovecot.0.dylib 0x000000010db9bc74 io_loop_call_io + 46 11 libdovecot.0.dylib 0x000000010db9cc85 io_loop_handler_run + 214 12 libdovecot.0.dylib 0x000000010db9be1f io_loop_run + 77 13 libdovecot.0.dylib 0x000000010db5b0c6 master_service_run + 24 14 imap 0x000000010da4fa66 main + 1010 15 libdyld.dylib 0x00007fff8f7887bd start + 1 The second one is: May 02 19:23:29 imap(pid 60229 user mja): Panic: file index-mail.c: line 1274 (index_mail_close_streams_full): assertion failed: (!mail->data.destroying_stream) 0 libsystem_kernel.dylib 0x00007fff8a9f7d4a __pthread_kill + 10 1 libsystem_pthread.dylib 0x00007fff8f728705 pthread_kill + 92 2 libsystem_c.dylib 0x00007fff8f48b17b abort + 125 3 libdovecot.0.dylib 0x00000001054c42bb default_fatal_finish + 68 4 libdovecot.0.dylib 0x00000001054c4f66 i_internal_error_handler + 0 5 libdovecot.0.dylib 0x00000001054c453d i_panic + 158 6 libdovecot-storage.0.dylib 0x00000001053aaebb index_mail_close_streams_full + 199 7 libdovecot-storage.0.dylib 0x00000001053aaf29 index_mail_close + 44 8 libdovecot-storage.0.dylib 0x00000001053ab6bd index_mail_free + 48 9 libdovecot-storage.0.dylib 0x000000010538a19a mail_free + 15 10 libdovecot-storage.0.dylib 0x00000001053dd3b3 imap_msgpart_url_free + 65 11 imap 0x000000010532d563 imap_urlauth_fetch_abort_local + 30 12 imap 0x000000010532cb96 imap_urlauth_fetch_abort + 38 13 imap 0x000000010532cb54 imap_urlauth_fetch_deinit + 24 14 imap 0x00000001053218bd cmd_urlfetch_finish + 45 15 imap 0x0000000105321aa3 cmd_urlfetch_continue + 167 16 imap 0x0000000105323ef8 command_exec + 55 17 imap 0x0000000105323a20 client_output_cmd + 18 18 imap 0x0000000105322497 client_output + 143 19 libdovecot.0.dylib 0x00000001054dc610 stream_send_io + 53 20 libdovecot.0.dylib 0x00000001054d2c74 io_loop_call_io + 46 21 libdovecot.0.dylib 0x00000001054d3c85 io_loop_handler_run + 214 22 libdovecot.0.dylib 0x00000001054d2e1f io_loop_run + 77 23 libdovecot.0.dylib 0x00000001054920c6 master_service_run + 24 24 imap 0x000000010532ba66 main + 1010 25 libdyld.dylib 0x00007fff8f7887bd start + 1 From michael.abbott at apple.com Fri May 3 04:00:58 2013 From: michael.abbott at apple.com (Mike Abbott) Date: Thu, 02 May 2013 20:00:58 -0500 Subject: [Dovecot] CATENATE mis-reads literal after bad URL Message-ID: <789DF7D0-674A-4759-85C9-AF67F4A99735@apple.com> Dovecot-2.2.1 plus Timo's recent CATENATE and URLAUTH fixes mishandles literals after bad URLs. (As before remember that the "foobar" text below is really "foobarCRLF" hence the length of 8. Also, last time some MTA discarded an important single leading space character in the snippet I quoted so this time I'm prefixing all the lines to avoid that. In case it's lost again, there's a space before the word "url" below.) | b append inbox catenate (text {8} | + OK | foobar | url /a-bad-url text {8} | b NO [BADURL /a-bad-url] Invalid messagepart IMAP URL. | c noop | d noop | d OK NOOP completed. | e logout | * BYE Logging out | e OK Logout completed. Note that the command with tag "c" is lost. I think it shouldn't be, because the NO was reported to the client without sending a continuation (+ OK) so the client knows not to send the literal. Plus it appears only one line is discarded regardless of the size of the literal. From michael.abbott at apple.com Fri May 3 04:06:29 2013 From: michael.abbott at apple.com (Mike Abbott) Date: Thu, 02 May 2013 20:06:29 -0500 Subject: [Dovecot] CATENATE doesn't support literal+ url In-Reply-To: <55FA32BD-F7FE-43EC-AF31-7EC1337AF1BC@iki.fi> References: <1824A6D3-F4EE-42D5-A623-1471E54221A4@apple.com> <55FA32BD-F7FE-43EC-AF31-7EC1337AF1BC@iki.fi> Message-ID: >>>> Dovecot-2.2.1 does not appear to support URLs specified via non-synchronizing literals > > http://hg.dovecot.org/dovecot-2.2/rev/8e5ff6809d75 should fix this Looks better, thanks. From michael.abbott at apple.com Fri May 3 04:07:48 2013 From: michael.abbott at apple.com (Mike Abbott) Date: Thu, 02 May 2013 20:07:48 -0500 Subject: [Dovecot] CATENATE allows zero parts In-Reply-To: References: <8FDB0BF3-3481-4E74-89A7-108F9E86FE5C@apple.com> Message-ID: <5EE6D920-1F9E-4A23-9B82-414277FB2227@apple.com> >> CATENATE with no message parts works but, IMO, shouldn't: >> > Changed: http://hg.dovecot.org/dovecot-2.2/rev/5e2fa592c268 Confirmed. Thanks. From michael.abbott at apple.com Fri May 3 04:19:43 2013 From: michael.abbott at apple.com (Mike Abbott) Date: Thu, 02 May 2013 20:19:43 -0500 Subject: [Dovecot] imap crash during URLFETCH In-Reply-To: <0B8409CD-AC44-4504-BB6D-C4A81522918F@iki.fi> References: <0B8409CD-AC44-4504-BB6D-C4A81522918F@iki.fi> Message-ID: <473099F2-2B8F-42F2-BA67-6BA465EEC64F@apple.com> >> without having set *mpurl_r to NULL > > Right, fixed: http://hg.dovecot.org/dovecot-2.2/rev/24aa10efe132 That fixes it, thanks, but I wonder if it's incomplete? I notice that these also sometimes don't set *mpurl_r: imap_msgpart_url_create() imap_msgpart_url_parse() imap_urlauth_fetch() That last one in particular is called from imap_urlauth_fetch_local() in the same way as the one you fixed. From ncjeffgus at zimage.com Fri May 3 08:04:29 2013 From: ncjeffgus at zimage.com (Jeff Gustafson) Date: Thu, 02 May 2013 22:04:29 -0700 Subject: [Dovecot] quota and dict Message-ID: <1367557469.13802.13.camel@localhost> I have a question about using dict and quotas. I want dovecot to send quota queries to a custom dict server over a socket. I'm doing this because I can't do group quotas based on domain since a customer can have each of their users associated with different domains under a single account. I need to lookup the account ID and group based on that. I'm worried putting everything in mysql will cause way too many writes and lower the performance of our mysql cluster. I have having a little trouble connecting all the dots in the config file. In the userdb example, there is an 'args' parameter that allows a file to specify a uri. I don't see how to do that for dict. I only see file, mysql, and postgresql. Shouldn't I be able to use a dictionary proxy to attach any custom program to a quota dict socket? Tell the quota plug to proxy quota which then points to a socket: plugin { quota = dict:User quota::proxy::quota } dict { quota = proxy:/tmp/test-socket } or should it be: plugin { quota = dict:User quota::proxy:/tmp/test-socket } Neither one create a socket in /tmp. It seems like this should be possible, but I don't see an obvious way to do it. ...Jeff From mw at dermichi.com Fri May 3 08:14:41 2013 From: mw at dermichi.com (Michael Weissenbacher) Date: Fri, 03 May 2013 07:14:41 +0200 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51826755.9010000@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> <518253E2.4000802@luigirosa.com> <51826755.9010000@Media-Brokers.com> Message-ID: <518347C1.40105@dermichi.com> Hi Marcus! > Should I go with EXT4? Or XFS with just the defaults? Or XFS with one or more tuned parameters? ... > I'm not using quotas, and understand what inode64 does and am fine with > that, but what I'm still unsure of for a VM environment is the delaylog > and nobarrier options. I've been using XFS for many years now and i strongly recommend it for anything besides /boot. Considering a virtual environment i would strongly suggest NOT using nobarrier (i.e. use barrier). You can run into big trouble should the system ever lose power. In fact the only time i ever managed to damage a XFS filesystem on all those years was inside a VM and with the nobarrier option on and the UPS died (and yes the server had a functioning BBS battery attached to the RAID). The delaylog option can be recommended hands-off, since it speeds up metadata operations considerably (up to 10 times faster!). And for your last quesion, stay with the defaults when doing mkfs.xfs, optimizing for stripe width and stipe size and all those other options really only make sense on a physical machine. hth and good luck, Michael From stan at hardwarefreak.com Fri May 3 08:30:51 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 03 May 2013 00:30:51 -0500 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51824B0C.9010609@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> Message-ID: <51834B8B.5080700@hardwarefreak.com> On 5/2/2013 6:16 AM, Charles Marcus wrote: ... > I've decided to use mdbox for storage (been using maildir), and will > enable SIS for attachments. > > So, anyone (Stan?) have any suggestions? Should I go with EXT4? Or XFS > with just the defaults? Or XFS with one or more tuned parameters? > > Appreciate any suggestions (including links to docs dealing with tuning > XFS for my mail storage conditions that are written more at the layman > level) or comments from anyone experienced using both... >From a filesystem perspective mdbox is little different from maildir as they both exhibit lots of small random IOs. With either one aligning the filesystem to the RAID stripe is problematic as it can create spindle hotspots and increase free space fragmentation. If you're using a vmdk stripe alignment isn't possible anyway as VMware ignores hardware device geometry WRT vmdks. Although the EXT developers have been working overtime the last few years trying to borrow/steal/duplicate the advanced performance features of XFS, they have a very long way to go. The parallel performance of EXT is far behind as well as file allocation/layout and free space management, to name a few. My recommendation is to use XFS with the defaults, but add "inode64" to the mount options in /etc/fstab. This enables the modern allocator which clusters files around their parent directory within an allocation group. It's the default allocator in very recent upstream kernels but not in most currently shipping distro kernels. It decreases seek latency between metadata and file operations, and better manages on disk space. In short, XFS will yield superior mail performance to EXT4 in a multiuser environment. There are currently no mail workload tuning docs in the world of XFS that I'm aware of. I've been intending to write such a doc for the XFS.org FAQ for some time but it hasn't happened yet. -- Stan From moshmage at gmail.com Fri May 3 10:47:38 2013 From: moshmage at gmail.com (Mosh Mage) Date: Fri, 3 May 2013 08:47:38 +0100 Subject: [Dovecot] dovecot 1.2.5 Fatal: setgid(5000(vmail)) Operation not permitted Message-ID: This is the error I'm getting (whenever i recieve and email): *deliver() : Fatal: setgid(5000(vmail)) failed with euid=5000(vmail), gid=8(mail), egid=8(mail): Operation not permitted (This binary should probably be called with process group set to 5000(vmail) instead of 8(mail)) * I am at loss. I have tried "everything" i could think of (besides purging the machine and do it all over again, which is not an option -- unless it is). Can anyone help me fix this? # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 3.2.13-grsec-xxxx-grs-ipv6-64-vps x86_64 Debian 6.0.6 ext3 log_timestamp: %Y-%m-%d %H:%M:%S disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login verbose_proctitle: yes mail_uid: vmail mail_gid: vmail mail_location: maildir:/var/zpanel/vmail/%d/%n mail_debug: yes mbox_write_locks: fcntl dotlock auth default: mechanisms: plain login verbose: yes debug: yes debug_passwords: yes passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 432 user: vmail group: vmail plugin: trash: /etc/dovecot/dovecot-trash.conf # /etc/dovecot/dovecot-sql.conf driver = mysql connect = host=localhost dbname=zpanel_postfix user=USERNAME password=AWESOMEPASSWORD default_pass_scheme = PLAIN password_query = \ SELECT name, domain, password \ FROM mailbox WHERE name = '%n' AND domain = '%d' user_query = \ SELECT maildir \ FROM mailbox WHERE name = '%n' AND active = '1' AND domain = '%d' #This is my ls -la drwxrwsrwx 5 vmail vmail 4096 May 2 18:39 vmail #and this is inside vmail/ drwx--S--- 3 vmail vmail 4096 May 2 18:39 asfaltotejo.com drwx--S--- 3 vmail vmail 4096 May 2 12:35 gestaoconteudos.pt drwx--S--- 17 vmail vmail 4096 May 2 15:34 tribanet.com #/var/run/dovecot srw-rw---- 1 vmail vmail 0 May 2 19:46 auth-master srw------- 1 root root 0 May 2 19:46 auth-worker.6564 srwxrwxrwx 1 root root 0 May 2 19:46 dict-server lrwxrwxrwx 1 root root 25 May 2 19:46 dovecot.conf -> /etc/dovecot/dovecot.conf drwxr-x--- 2 root dovecot 4096 May 2 19:46 login From stan at hardwarefreak.com Fri May 3 11:32:37 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 03 May 2013 03:32:37 -0500 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <20130502151236.Horde.FQxw0YAgO4PRMhlWnDZahQ2@webmail.kwsoft.de> References: <51824B0C.9010609@Media-Brokers.com> <20130502151236.Horde.FQxw0YAgO4PRMhlWnDZahQ2@webmail.kwsoft.de> Message-ID: <51837625.5010004@hardwarefreak.com> On 5/2/2013 8:12 AM, lst_hoe02 at kwsoft.de wrote: > IMHO if you say "VM" than the filesystem inside the guest doesn't matter > that much. Malarky. > The difference of ext4/xfs are mostly the knowledge and > adjustability for special (high-end) hardware and the like. With a XFS doesn't require "high end" hardware to demonstrate its advantages over EXT4. In his LCA 2012 presentation on XFS development, Dave Chinner showed data from IIRC a 12 disk RAID0 array, which is hardly high end. Watch the presentation and note the massive lead XFS has over EXT4 (and BTRFS) in most areas. The performance gap is quite staggering. You'll see the same performance, and differences, in a VM or on bare hardware. http://youtu.be/FegjLbCnoBw > Hypervisor providing some standard I/O channel and hiding/handling the > hardware details itself, most of the differences are gone. With this in Again, malarky. The parallel performance in XFS resides in multiple threads and memory structures, b+ trees, and how these are executed and manipulated, and via the on disk layout of AGs and how they're written to in parallel. Virtualization doesn't change nor limit any of this. The block device driver, not the filesystem, talks through the hypervisor to the hardware. No hypervisor imposes limits on XFS parallelism or performance, nor block device drivers. Some may be configured to prioritize IO amongst guests, but that's a different issue entirely. Worthy of note here is that nearly all XFS testing performed by the developers today is done within virtual machines on filesystems that reside within sparse files atop another XFS filesystem--not directly on hardware. According to you, this double layer of virtualization, OS and filesystem, would further eliminate all meaningful performance differences between XFS and EXT4. Yet this is not the case at all because EXT4 doesn't yet handle sparse files very well, so the XFS lead increases. > mind your question should maybe more of "what filesystem is more > Hypervisor friendly". For this i would suspect the simpler the better, > so i would choose ext4. Again, malarky. The hypervisor imposes no limits on filesystem performance, other than the CPU cycles, scheduling, and RAM overhead of the hypervisor itself. I.e. the same things imposed on all aspects of guest operation. -- Stan From stan at hardwarefreak.com Fri May 3 11:48:17 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 03 May 2013 03:48:17 -0500 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51825630.5030909@skye.it> References: <51824B0C.9010609@Media-Brokers.com> <51825630.5030909@skye.it> Message-ID: <518379D1.60206@hardwarefreak.com> On 5/2/2013 7:04 AM, Alessio Cecchi wrote: > "rw,noatime,attr2,delaylog,nobarrier,inode64,noquota" ... > and I'm running it on RHEL 6.4 I assume this is from /proc/mounts? All of those but for noatime, nobarrier, and inode64 are defaults. You've apparently specified these in /etc/fstab. noatime is useless as relatime is the default. Google "XFS relatime vs noatime". I assume you have a RAID controller or SAN head with [F|B]BWC and have disabled individual drive write caches of array disks, given you've disabled journal write barriers. If drive caches are in fact enabled, and/or you don't have [F|B]BWC, then journal write barriers need to be enabled. If not you're skydiving without a reserve chute. -- Stan From stan at hardwarefreak.com Fri May 3 12:12:27 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 03 May 2013 04:12:27 -0500 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <5182684A.4010603@thelounge.net> References: <51824B0C.9010609@Media-Brokers.com> <518253E2.4000802@luigirosa.com> <51826755.9010000@Media-Brokers.com> <5182684A.4010603@thelounge.net> Message-ID: <51837F7B.6090801@hardwarefreak.com> On 5/2/2013 8:21 AM, Reindl Harald wrote: > > > Am 02.05.2013 15:17, schrieb Charles Marcus: >> but what I'm still unsure of for a VM >> environment is the delaylog and nobarrier options. Delaylog is fine for VM guests. The barrier settings may all simply be useless because many hypervisors don't pass barriers down the stack from the guest. Which means things like fdatasync don't work, not just journal write barriers. See: http://xfs.org/index.php/XFS_FAQ#Q:_Which_settings_are_best_with_virtualization_like_VMware.2C_XEN.2C_qemu.3F This has negatively affected EXT4 on ESXi, not just XFS. >> Are these recommended/optimal for a VM? Running on ESXi (does it matter what hypervisor ie being used)? > > barriers does not help you much or are implicit because you > have no physical disk under the FS and the underlying storage > should have battery backed buffers and doe snot need to confirm > the physical write to the disk to have the data safe The problem isn't lack of a physical disk under the guest. The problem is lack of software support in the hypervisors. I don't have an answer as to which versions of ESXi/vSphere/etc, if any, do or do not support write barriers, fdatasync, etc. I'm not finding it in their knowledgebase, though I've not put much effort into it yet. You'll need to do some research. -- Stan From lst_hoe02 at kwsoft.de Fri May 3 12:31:46 2013 From: lst_hoe02 at kwsoft.de (lst_hoe02 at kwsoft.de) Date: Fri, 03 May 2013 11:31:46 +0200 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51837625.5010004@hardwarefreak.com> References: <51824B0C.9010609@Media-Brokers.com> <20130502151236.Horde.FQxw0YAgO4PRMhlWnDZahQ2@webmail.kwsoft.de> <51837625.5010004@hardwarefreak.com> Message-ID: <20130503113146.Horde.SGSMp9QvW5UBD9WVrmD0hQ1@webmail.kwsoft.de> Zitat von Stan Hoeppner : > On 5/2/2013 8:12 AM, lst_hoe02 at kwsoft.de wrote: > >> IMHO if you say "VM" than the filesystem inside the guest doesn't matter >> that much. > > Malarky. If you are going to insult you maybe should write it so non native speakers could find it (malarkey). > >> The difference of ext4/xfs are mostly the knowledge and >> adjustability for special (high-end) hardware and the like. With a > > XFS doesn't require "high end" hardware to demonstrate its advantages > over EXT4. In his LCA 2012 presentation on XFS development, Dave > Chinner showed data from IIRC a 12 disk RAID0 array, which is hardly > high end. Watch the presentation and note the massive lead XFS has over > EXT4 (and BTRFS) in most areas. The performance gap is quite > staggering. You'll see the same performance, and differences, in a VM > or on bare hardware. > > http://youtu.be/FegjLbCnoBw It is not stunningly that a developer of XFS come out with a setup where XFS is the fastest at all. >> Hypervisor providing some standard I/O channel and hiding/handling the >> hardware details itself, most of the differences are gone. With this in > > Again, malarky. The parallel performance in XFS resides in multiple > threads and memory structures, b+ trees, and how these are executed and > manipulated, and via the on disk layout of AGs and how they're written > to in parallel. Virtualization doesn't change nor limit any of this. > The block device driver, not the filesystem, talks through the > hypervisor to the hardware. No hypervisor imposes limits on XFS > parallelism or performance, nor block device drivers. Some may be > configured to prioritize IO amongst guests, but that's a different issue > entirely. While it might be true that XFS threading and the non-blocking/parallel design will gain some benefit, it is no longer true for all points regarding "disk" layout or estimate of i/o channels and disk spindles. > Worthy of note here is that nearly all XFS testing performed by the > developers today is done within virtual machines on filesystems that > reside within sparse files atop another XFS filesystem--not directly on > hardware. According to you, this double layer of virtualization, OS and > filesystem, would further eliminate all meaningful performance > differences between XFS and EXT4. Yet this is not the case at all > because EXT4 doesn't yet handle sparse files very well, so the XFS lead > increases. So you have confirmed may suspection that XFS developers will find a case where it matters in favour of XFS ;-) In real world VM deployments most of the time there are vmfs volumes (VMWare) underneath, or NTFS (Hyper-V) and in many cases these are even taken from some form of SAN device doing its own mapping of fs blocks to physical blocks. With this a careful choosen disk layout inside the guest doesn't matter at all, if the Hypervisor does not or can not map this useful to the hardware. >> mind your question should maybe more of "what filesystem is more >> Hypervisor friendly". For this i would suspect the simpler the better, >> so i would choose ext4. > > Again, malarky. The hypervisor imposes no limits on filesystem > performance, other than the CPU cycles, scheduling, and RAM overhead of > the hypervisor itself. I.e. the same things imposed on all aspects of > guest operation. You have forgotten that the Hypervisor also provide only a standard device "API" for the I/O channel which limits the possibility to do any hardware estimate/optimization inside the guest. So many traditional performance tweaks don't work as expected like physical block layout or alignment. The more "far away" in terms of layers you are from hardware the more difficult it get to optimize i/o speed with the traditional approaches. You can proof this by the myriand of benchmarks flying around all have another clear winner dependent on who has done the benchmark. I know your history on insisting your are right in any cases, so this is my last post on this subject. Every reader should try to understand the differences on his/her own anyway. Regards Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6144 bytes Desc: S/MIME Cryptographic Signature URL: From alessio at skye.it Fri May 3 12:34:41 2013 From: alessio at skye.it (Alessio Cecchi) Date: Fri, 03 May 2013 11:34:41 +0200 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <518379D1.60206@hardwarefreak.com> References: <51824B0C.9010609@Media-Brokers.com> <51825630.5030909@skye.it> <518379D1.60206@hardwarefreak.com> Message-ID: <518384B1.3050402@skye.it> Il 03/05/2013 10:48, Stan Hoeppner ha scritto: > On 5/2/2013 7:04 AM, Alessio Cecchi wrote: > >> "rw,noatime,attr2,delaylog,nobarrier,inode64,noquota" > ... >> and I'm running it on RHEL 6.4 > > I assume this is from /proc/mounts? All of those but for noatime, > nobarrier, and inode64 are defaults. You've apparently specified these > in /etc/fstab. noatime is useless as relatime is the default. Google > "XFS relatime vs noatime". > > I assume you have a RAID controller or SAN head with [F|B]BWC and have > disabled individual drive write caches of array disks, given you've > disabled journal write barriers. If drive caches are in fact enabled, > and/or you don't have [F|B]BWC, then journal write barriers need to be > enabled. If not you're skydiving without a reserve chute. > Thanks Stan, yes the output is from /proc/mounts. We are running XFS on RAID controller but we havent disabled individual drive write caches. So what options suggest in fstab for XFS with non high-end RAID/SAN ? Thanks -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/ @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From jh at plonk.de Fri May 3 12:34:57 2013 From: jh at plonk.de (Jakob Hirsch) Date: Fri, 03 May 2013 11:34:57 +0200 Subject: [Dovecot] dual stack issue (was: Dovecot has no understandable configuration any more) In-Reply-To: References: <70805cb6bdf07e7dcaae649b7ad0c594@decotrain.de> Message-ID: <518384C1.20505@Message-ID.plonk.de> forum, 30.04.2013 16:55: > Now i have found the solution. > It seems to help to ask you. ;) > > The solution was to change from > listen = [::] > to > listen = *, [::] > > There is no explanation for it - just try and error ... This is not dovecot's fault. See here: http://serverfault.com/a/39561 In short: In Linux, binding to :: means "bind to both ipv6 and ipv4". Setting /proc/sys/net/ipv6/bindv6only to 1 changes this behaviour, and Debian had this by default in some testing versions of squeeze, as was recently discussed on the asterisk-users list: http://lists.digium.com/pipermail/asterisk-users/2013-March/278296.html From tss at iki.fi Fri May 3 12:46:31 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 3 May 2013 12:46:31 +0300 Subject: [Dovecot] dual stack issue (was: Dovecot has no understandable configuration any more) In-Reply-To: <518384C1.20505@Message-ID.plonk.de> References: <70805cb6bdf07e7dcaae649b7ad0c594@decotrain.de> <518384C1.20505@Message-ID.plonk.de> Message-ID: On 3.5.2013, at 12.34, Jakob Hirsch wrote: > forum, 30.04.2013 16:55: > >> Now i have found the solution. >> It seems to help to ask you. ;) >> >> The solution was to change from >> listen = [::] >> to >> listen = *, [::] >> >> There is no explanation for it - just try and error ... > > This is not dovecot's fault. See here: http://serverfault.com/a/39561 > > In short: In Linux, binding to :: means "bind to both ipv6 and ipv4". > Setting /proc/sys/net/ipv6/bindv6only to 1 changes this behaviour, and > Debian had this by default in some testing versions of squeeze, as was > recently discussed on the asterisk-users list: > http://lists.digium.com/pipermail/asterisk-users/2013-March/278296.html Software can also specify if they want that functionality or not. In Dovecot v1.0 [::] may have listened also on IPv4, but since v1.1 [::] has only listened on IPv6. So I guess the complaint wasn't really about Dovecot v2.x, but about v1.1+. Hmm. So Debian stable is switching from Dovecot v1.0 -> v2.1? Maybe it would be worth mentioning this somewhere. From tss at iki.fi Fri May 3 12:50:22 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 3 May 2013 12:50:22 +0300 Subject: [Dovecot] dual stack issue (was: Dovecot has no understandable configuration any more) In-Reply-To: References: <70805cb6bdf07e7dcaae649b7ad0c594@decotrain.de> <518384C1.20505@Message-ID.plonk.de> Message-ID: <47BC7DB0-0A32-47E9-865E-21EADA3AAC71@iki.fi> On 3.5.2013, at 12.46, Timo Sirainen wrote: > Hmm. So Debian stable is switching from Dovecot v1.0 -> v2.1? Maybe it would be worth mentioning this somewhere. No, previous stable had v1.2.15, so I guess there won't be any mass moving from v1.0 to v2.x. From stan at hardwarefreak.com Fri May 3 12:54:04 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 03 May 2013 04:54:04 -0500 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51826755.9010000@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> <518253E2.4000802@luigirosa.com> <51826755.9010000@Media-Brokers.com> Message-ID: <5183893C.2080509@hardwarefreak.com> On 5/2/2013 8:17 AM, Charles Marcus wrote: > man mount doesn't show delaylog, nobarrier or noquota as valid mount > options... ? Many XFS mount options are kernel version specific. Show: ~$ uname -a Delaylog doesn't exist in recent mount(8) because it's no longer a mount option, same goes for older mount(8). Its existence as a mount option didn't exist for long, WRT distro mount(8) updates. Since 2.6.39 delaylog is the default, and as of somewhat more recently in the 3.x tree, the old journal logging code was completely removed from the source. Thus there is no longer a "delaylog" mount option. The feature is now hard coded in XFS. Barriers are crucial to XFS journal, and thus filesystem, reliability. "nobarrier" isn't listed in mount(8), though "barrier" is, which is the default mode. Making people "look for" the switch that disables barriers forces them to take a learning journey. Hopefully during this journey they become educated to the risks of disabling it, before doing so. "Better reliability through obscurity" you might say. Consider the horrible rap XFS would have today if everyone and his dog could easily learn how to disable barriers, then did so on hardware not appropriate for it. Yes, exactly, corrupted XFS filesystems littering the landscape and people screaming what a pile of dogsh|zt XFS is. WRT noquota, it is the default. You'd never specify it. There are 10 quota options at the bottom of the XFS section of mount(8) that one might want to set. It is quite irritating, yet surprisingly common, to see XFS users re-specifying the defaults in their /etc/fstab, because they didn't take the time to educate themselves properly, and simply copy/pasted from one of many online "XFS tuning guides". On the XFS list we call these "XFS mis-tuning guides", as nearly all of them contain mostly misinformation. Not intentional mind you, but because they just don't know what they're talking about, or they did but the guide is 5+ years old, and things have changed. -- Stan From stan at hardwarefreak.com Fri May 3 14:24:12 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 03 May 2013 06:24:12 -0500 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <20130503113146.Horde.SGSMp9QvW5UBD9WVrmD0hQ1@webmail.kwsoft.de> References: <51824B0C.9010609@Media-Brokers.com> <20130502151236.Horde.FQxw0YAgO4PRMhlWnDZahQ2@webmail.kwsoft.de> <51837625.5010004@hardwarefreak.com> <20130503113146.Horde.SGSMp9QvW5UBD9WVrmD0hQ1@webmail.kwsoft.de> Message-ID: <51839E5C.6070705@hardwarefreak.com> On 5/3/2013 4:31 AM, lst_hoe02 at kwsoft.de wrote: > If you are going to insult you maybe should write it so non native > speakers could find it (malarkey). Sorry Andreas. I didn't intend that as an insult, merely an expression of strong disagreement with statements not grounded in facts. > It is not stunningly that a developer of XFS come out with a setup where > XFS is the fastest at all. Dave is even handed with this stuff. Watch the video. The pre-delaylog slides show EXT4 metadata performance really trouncing old XFS by a *much* larger margin than that of XFS with delaylog over EXT4. When delaylog turns the tables the gap is much smaller. This says more about how horrible XFS metadata performance was prior to delaylog than how much better than EXT4 it is today, though it is substantially better with greater parallelism. ... > So you have confirmed may suspection that XFS developers will find a > case where it matters in favour of XFS ;-) All developers use VMs today for the obvious reason: It saves so much time and allows much more work in a given time frame. Note that for validation testing of things like barriers they must still use bare metal since the hypervisors noop disk cache flushes. ... > I know your history on insisting your are right in any cases, so this is Then you've obviously missed posts where I've acknowledged making mistakes. > my last post on this subject. Every reader should try to understand the > differences on his/her own anyway. It's never about "being right" but "getting it right". People require accurate technical information in order to make technical decisions. I provide that when I have the information. I also try to correct incomplete, missing, or inaccurate information where I believe it to be necessary. You stated that a VM environment eliminates most of the advantages of any given filesystem, and that's simply not correct. -- Stan From CMarcus at Media-Brokers.com Fri May 3 14:30:13 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 03 May 2013 07:30:13 -0400 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51834B8B.5080700@hardwarefreak.com> References: <51824B0C.9010609@Media-Brokers.com> <51834B8B.5080700@hardwarefreak.com> Message-ID: <51839FC5.3020504@Media-Brokers.com> On 2013-05-03 1:30 AM, Stan Hoeppner wrote: > From a filesystem perspective mdbox is little different from maildir as > they both exhibit lots of small random IOs. Hi Stan. Thanks, was hoping you'd chime in here... But, I'm confused as to why you'd say this. mdbox supposedly has many advantages over maildir, since it is *not* a single file for every email (like maildir or sdbox). > My recommendation is to use XFS with the defaults, but add "inode64" to > the mount options in /etc/fstab. This enables the modern allocator > which clusters files around their parent directory within an allocation > group. It's the default allocator in very recent upstream kernels but > not in most currently shipping distro kernels. It decreases seek > latency between metadata and file operations, and better manages on disk > space. In short, XFS will yield superior mail performance to EXT4 in a > multiuser environment. Thanks very much. I'd already come to a similar conclusion, but was starting to have doubts after some of the prior comments. But what you say backs up the majority of what I've been reading. It's just difficult to judge what you're reading when you aren't a software or hardware engineer, just a lowly self-taught sysadmin who still consider himself a noob even after doing this for a few years. > There are currently no mail workload tuning docs in the world of XFS > that I'm aware of. I've been intending to write such a doc for the > XFS.org FAQ for some time but it hasn't happened yet. Hope you find the time to do it some day... :) On 2013-05-03 5:54 AM, Stan Hoeppner wrote: > Many XFS mount options are kernel version specific. Show: > ~$ uname -a Linux myhost 3.7.10-gentoo-r1 #3 SMP Sat Apr 27 10:01:59 EDT 2013 x86_64 AMD Opteron(tm) Processor 4180 AuthenticAMD GNU/Linux > Delaylog doesn't exist in recent mount(8) because it's no longer a mount > option, same goes for older mount(8). Its existence as a mount option > didn't exist for long, WRT distro mount(8) updates. Since 2.6.39 > delaylog is the default, and as of somewhat more recently in the 3.x > tree, the old journal logging code was completely removed from the > source. Thus there is no longer a "delaylog" mount option. The feature > is now hard coded in XFS. Got it, thanks. > Barriers are crucial to XFS journal, and thus filesystem, reliability. > "nobarrier" isn't listed in mount(8), though "barrier" is, which is the > default mode. Making people "look for" the switch that disables > barriers forces them to take a learning journey. Hopefully during this > journey they become educated to the risks of disabling it, before doing > so. "Better reliability through obscurity" you might say. Consider the > horrible rap XFS would have today if everyone and his dog could easily > learn how to disable barriers, then did so on hardware not appropriate > for it. Yes, exactly, corrupted XFS filesystems littering the landscape > and people screaming what a pile of dogsh|zt XFS is. Got it, thanks again. > WRT noquota, it is the default. You'd never specify it. There are 10 > quota options at the bottom of the XFS section of mount(8) that one > might want to set. > > It is quite irritating, yet surprisingly common, to see XFS users > re-specifying the defaults in their /etc/fstab, because they didn't take > the time to educate themselves properly, and simply copy/pasted from one > of many online "XFS tuning guides". On the XFS list we call these "XFS > mis-tuning guides", as nearly all of them contain mostly misinformation. > Not intentional mind you, but because they just don't know what they're > talking about, or they did but the guide is 5+ years old, and things > have changed. Ok, so here's my final fstab... thanks again for all of the comments (especially yours Stan). # # # Non-LVM volumes # /dev/sda1 /boot ext4 defaults,noauto 1 2 /dev/sda3 / ext4 defaults 0 1 /dev/sda2 none swap sw 0 0 /dev/cdrom /mnt/cdrom auto noauto,ro 0 0 /dev/fd0 /mnt/floppy auto noauto 0 0 # # LVM volumes # /dev/vg/var /var xfs defaults,inode64 0 2 /dev/vg/tmp /tmp ext2 nodev,noexec,nosuid 0 2 /dev/vg/vtmp /var/tmp ext2 nodev,nosuid 0 2 /dev/vg/log /var/log ext2 defaults 0 2 /dev/vg/snaps /snaps xfs defaults,inode64 0 2 -- Best regards, Charles From CMarcus at Media-Brokers.com Fri May 3 14:36:48 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 03 May 2013 07:36:48 -0400 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <518347C1.40105@dermichi.com> References: <51824B0C.9010609@Media-Brokers.com> <518253E2.4000802@luigirosa.com> <51826755.9010000@Media-Brokers.com> <518347C1.40105@dermichi.com> Message-ID: <5183A150.3060300@Media-Brokers.com> On 2013-05-03 1:14 AM, Michael Weissenbacher wrote: > I've been using XFS for many years now and i strongly recommend it for > anything besides /boot. Considering a virtual environment i would > strongly suggest NOT using nobarrier (i.e. use barrier). You can run > into big trouble should the system ever lose power. In fact the only > time i ever managed to damage a XFS filesystem on all those years was > inside a VM and with the nobarrier option on and the UPS died (and yes > the server had a functioning BBS battery attached to the RAID). The > delaylog option can be recommended hands-off, since it speeds up > metadata operations considerably (up to 10 times faster!). And for > your last quesion, stay with the defaults when doing mkfs.xfs, > optimizing for stripe width and stipe size and all those other options > really only make sense on a physical machine. > > hth and good luck, > Michael Thanks Michael. Yes, it helped to solidify my decision to stick with xfs. I posted my final fstab just a few minutes ago, which I'm now happy with. -- Best regards, Charles From stan at hardwarefreak.com Fri May 3 14:39:16 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 03 May 2013 06:39:16 -0500 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <518384B1.3050402@skye.it> References: <51824B0C.9010609@Media-Brokers.com> <51825630.5030909@skye.it> <518379D1.60206@hardwarefreak.com> <518384B1.3050402@skye.it> Message-ID: <5183A1E4.4000902@hardwarefreak.com> On 5/3/2013 4:34 AM, Alessio Cecchi wrote: > Il 03/05/2013 10:48, Stan Hoeppner ha scritto: >> On 5/2/2013 7:04 AM, Alessio Cecchi wrote: >> >>> "rw,noatime,attr2,delaylog,nobarrier,inode64,noquota" >> ... >>> and I'm running it on RHEL 6.4 >> >> I assume this is from /proc/mounts? All of those but for noatime, >> nobarrier, and inode64 are defaults. You've apparently specified these >> in /etc/fstab. noatime is useless as relatime is the default. Google >> "XFS relatime vs noatime". >> >> I assume you have a RAID controller or SAN head with [F|B]BWC and have >> disabled individual drive write caches of array disks, given you've >> disabled journal write barriers. If drive caches are in fact enabled, >> and/or you don't have [F|B]BWC, then journal write barriers need to be >> enabled. If not you're skydiving without a reserve chute. >> > > Thanks Stan, yes the output is from /proc/mounts. > > We are running XFS on RAID controller but we havent disabled individual Which RAID controller? Does it have BBWC (battery backed write cache)? How much cache RAM? > drive write caches. So what options suggest in fstab for XFS with non > high-end RAID/SAN ? Get rid of noatime and use the default, relatime. Only specify nobarrier if you have both: 1. Working BBWC on your RAID card 2. Individual disk drive caches are disabled (and preferably a good UPS) RAID BBWC is worthless if drive caches are still enabled. This can corrupt your filesystem if power fails, or the kernel crashes, because writes to the journal may be lost. -- Stan From dgp-dove at corefiling.co.uk Fri May 3 14:41:33 2013 From: dgp-dove at corefiling.co.uk (Daniel Piddock) Date: Fri, 03 May 2013 12:41:33 +0100 Subject: [Dovecot] sieve: deleteheader sometimes fails [bug] In-Reply-To: <5182C2F8.3010606@rename-it.nl> References: <5181161D.1020404@corefiling.co.uk> <51811DEF.8020900@rename-it.nl> <51812D93.1060904@corefiling.co.uk> <51816BA7.5070203@rename-it.nl> <5182C2F8.3010606@rename-it.nl> Message-ID: <5183A26D.50203@corefiling.co.uk> On 02/05/13 20:48, Stephan Bosch wrote: > On 5/1/2013 9:23 PM, Stephan Bosch wrote: >> On 5/1/2013 4:58 PM, Daniel Piddock wrote: >>> On 01/05/13 14:51, Stephan Bosch wrote: >>> >>> Hi Stephan, >>> >>> I'm totally sure. The mails end up with two Subject headers so the >>> addheader line is executing correctly. The bug doesn't even need the >>> fileinto and stop lines, I'm not sure why I included them. >> >> Hmm, bizarre. I cannot reproduce the problem at this end. Could you >> send me the following: >> >> - dovecot -n output >> - an example message that triggers this behavior >> >> Could you try to reproduce this with the sieve-test tool? > > > > Ok, this should fix it: > > http://hg.rename-it.nl/dovecot-2.1-pigeonhole/rev/0163c45094a3 > > Regards, > > Stephan. > That appears to have fixed the issue in my testing. Thank you for the quick patch. Dan From ronleach at tesco.net Fri May 3 14:48:54 2013 From: ronleach at tesco.net (Ron Leach) Date: Fri, 03 May 2013 12:48:54 +0100 Subject: [Dovecot] Debian Stable [WAS dual stack issue] In-Reply-To: <47BC7DB0-0A32-47E9-865E-21EADA3AAC71@iki.fi> References: <70805cb6bdf07e7dcaae649b7ad0c594@decotrain.de> <518384C1.20505@Message-ID.plonk.de> <47BC7DB0-0A32-47E9-865E-21EADA3AAC71@iki.fi> Message-ID: <5183A426.4050908@tesco.net> On 03/05/2013 10:50, Timo Sirainen wrote: > On 3.5.2013, at 12.46, Timo Sirainen wrote: > >> Hmm. So Debian stable is switching from Dovecot v1.0 -> v2.1? Maybe it would be worth mentioning this somewhere. > > No, previous stable had v1.2.15, so I guess there won't be any mass moving from v1.0 to v2.x. > I've just newly put Debian Stable on a machine. Stable does have 1.2.15, as you say. I've enabled squeeeze-backports, which also allows me to install 2.1.7 (dovecot-core 2.1.7-7~bpo50+1, as I write). (I've not installed either yet, still checking how to bring the real-user maildirs across from 1.0.15 without losing the metadata, so that all the clients (meaning the human ones) don't have a shock at seeing xx,000 'new' mails. Recently discussed on the list, so plenty of advice.) regards, Ron From trever at middleearth.sapphiresunday.org Fri May 3 15:30:51 2013 From: trever at middleearth.sapphiresunday.org (Trever L. Adams) Date: Fri, 03 May 2013 06:30:51 -0600 Subject: [Dovecot] dovecot antispam plugin is not woking In-Reply-To: References: <1367314604.74732.YahooMailNeo@web194001.mail.sg3.yahoo.com> Message-ID: <5183ADFB.9080207@middleearth.sapphiresunday.org> On 04/30/2013 05:47 AM, Eugene Paskevich wrote: > On Tue, 30 Apr 2013 12:36:44 +0300, Ravi Kanchan > wrote: > >> and plugin configuration is given below: >> >> protocol imap { >> mail_plugins = " antispam autocreate" >> } >> protocol pop3 { >> mail_plugins = antispam autocreate >> } > > I'm not sure this plugin could be used with POP3. I am pretty sure that it cannot be used with POP3. It requires IMAP. Trever From stan at hardwarefreak.com Fri May 3 15:34:55 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 03 May 2013 07:34:55 -0500 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51839FC5.3020504@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> <51834B8B.5080700@hardwarefreak.com> <51839FC5.3020504@Media-Brokers.com> Message-ID: <5183AEEF.2080700@hardwarefreak.com> On 5/3/2013 6:30 AM, Charles Marcus wrote: > On 2013-05-03 1:30 AM, Stan Hoeppner wrote: >> From a filesystem perspective mdbox is little different from maildir as >> they both exhibit lots of small random IOs. > > Hi Stan. Thanks, was hoping you'd chime in here... > > But, I'm confused as to why you'd say this. mdbox supposedly has many > advantages over maildir, since it is *not* a single file for every email > (like maildir or sdbox). When I said "lots of small random IOs" I was leading into the explanation of why alignment isn't necessary, and actually detrimental to a mail workload. It's WRT filesystem alignment to the RAID stripe that maildir and mdbox are little different. > Thanks very much. I'd already come to a similar conclusion, but was > starting to have doubts after some of the prior comments. But what you > say backs up the majority of what I've been reading. It's just difficult > to judge what you're reading when you aren't a software or hardware > engineer, just a lowly self-taught sysadmin who still consider himself a > noob even after doing this for a few years. Digesting the inner workings of a filesystem, especially one as complex and tweakable as XFS, and how they relate to real world workloads, is not for the faint of heart. Ironically, today's XFS defaults work extremely well "out of the box" for many workloads, including mail. >> There are currently no mail workload tuning docs in the world of XFS >> that I'm aware of. I've been intending to write such a doc for the >> XFS.org FAQ for some time but it hasn't happened yet. > > Hope you find the time to do it some day... :) I need to get this Dovecot doc thing finished first... > On 2013-05-03 5:54 AM, Stan Hoeppner wrote: >> Many XFS mount options are kernel version specific. Show: >> ~$ uname -a > > Linux myhost 3.7.10-gentoo-r1 #3 SMP Sat Apr 27 10:01:59 EDT 2013 x86_64 > AMD Opteron(tm) Processor 4180 AuthenticAMD GNU/Linux 3.7, yeah, pretty sure delaylog is no longer an option with this recent a kernel. ... > Ok, so here's my final fstab... thanks again for all of the comments > (especially yours Stan). > > # > /dev/vg/var /var xfs defaults,inode64 0 2 ... > /dev/vg/snaps /snaps xfs defaults,inode64 0 2 I assume /var will hold user mail dirs. Do /var/ and /snaps reside on the same RAID array, physical disks? How about the other filesystems I snipped? If you have a large number of filesystems atop the same RAID, some of them being XFS, this could create a head thrashing problem under high load increasing latency and thus response times. Would you mind posting: ~$ xfs_info /dev/vg/var ~$ xfs_info /dev/vg/snaps -- Stan From stan at hardwarefreak.com Fri May 3 15:45:17 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 03 May 2013 07:45:17 -0500 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <518347C1.40105@dermichi.com> References: <51824B0C.9010609@Media-Brokers.com> <518253E2.4000802@luigirosa.com> <51826755.9010000@Media-Brokers.com> <518347C1.40105@dermichi.com> Message-ID: <5183B15D.6030403@hardwarefreak.com> On 5/3/2013 12:14 AM, Michael Weissenbacher wrote: ... > last quesion, stay with the defaults when doing mkfs.xfs, optimizing for > stripe width and stipe size and all those other options really only make > sense on a physical machine. The potential benefit of alignment is always workload dependent. If the hypervisor passes correct RAID geometry to the VM guest and the workload can benefit from alignment, then you want alignment in the VM filesystem just as much as on bare metal. -- Stan From ben at morrow.me.uk Fri May 3 17:11:37 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Fri, 3 May 2013 15:11:37 +0100 Subject: [Dovecot] Accessing mail files not owned by imap login user In-Reply-To: <1367446576752-41890.post@n4.nabble.com> References: <1367446576752-41890.post@n4.nabble.com> Message-ID: <20130503141136.GC43047@anubis.morrow.me.uk> At 3PM -0700 on 1/05/13 you (PaulM47) wrote: > > I have managed to set up a 'maildir' based mail system using fetchmail and > procmail that delivers sorted mail to folders /var/spool/mail/user1, > ../user2 etc. 'user1', 'user2' etc. are real users but the mail system is > run under logged in user 'mailserver'. The mail folders are owned by > 'user1', 'user2' etc. but mail files, when delivered, are owned by > 'mailserver'. I've been unable to find a way to change this behaviour :-( I'm not sure about the rest of your problem (I'd have to reread the documentation, since this isn't a setup I use myself, and you can do that as well as I), but this bit is straightforward. The only way for a process running as one uid (say, fetchmail running as mailserver) to create a file owned by another uid is to pass the data to some other process running either as the target uid or as root. This means, to get the uids right (which I would strongly recommend), you need a daemon; fortunately, Dovecot provides an LMTP daemon which will do just fine. If you set up the Dovecot LMTP server, fetchmail will deliver to that quite happily, and the delivered mail files will then have the correct owners. You haven't said what you're doing with procmail; if you're doing anything beyond arranging for the mail to go to the right user you will need to replace that filtering with sieve. Note that, if you really must, you can use the sieve-extprograms extension to deliver using procmail once the LMTP server has switched down to the right uid. > Dovecot is configured by adding the single line 'mail_location = > maildir:/var/spool/mail/%u' to 'dovecot.conf', everything else is as > installed. When I make an imap connection as 'user1' the logon is > successful, the mail files are moved from ../new/ to ../cur/ but are > invisible to the imap client. If I 'chown' the mail files to 'user1' they > instantly become visible to the imap client. One thing to try is to run imap in preauth mode (see the wiki) under ktrace/strace/truss/whatever (as the right user, obviously), so you can see what it's trying to do and where it's failing. Ben From CMarcus at Media-Brokers.com Fri May 3 17:21:49 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 03 May 2013 10:21:49 -0400 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <5183AEEF.2080700@hardwarefreak.com> References: <51824B0C.9010609@Media-Brokers.com> <51834B8B.5080700@hardwarefreak.com> <51839FC5.3020504@Media-Brokers.com> <5183AEEF.2080700@hardwarefreak.com> Message-ID: <5183C7FD.5040004@Media-Brokers.com> On 2013-05-03 8:34 AM, Stan Hoeppner wrote: > I assume /var will hold user mail dirs. Yes, in /var/vmail > Do /var/ and /snaps reside on the same RAID array, physical disks? Yes - vmware host is a Dell R515, with ESXi installed to mirrored internal SATA drives, with 8 drives in RAID 10 for all of the VMs. All storage is this local storage (no SAN/NAS). > How about the other filesystems I snipped? If you have a large number > of filesystems atop the same RAID, some of them being XFS, this could > create a head thrashing problem under high load increasing latency and > thus response times. Ouch... This ESXi host also hosts 2 server 2008R2 vms... > Would you mind posting: ~$ xfs_info /dev/vg/var # xfs_info /dev/vg/var meta-data=/dev/mapper/vg-var isize=256 agcount=4, agsize=45875200 blks = sectsz=512 attr=2 data = bsize=4096 blocks=183500800, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 log =internal bsize=4096 blocks=89600, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 > ~$ xfs_info /dev/vg/snaps # xfs_info /dev/vg/snaps meta-data=/dev/mapper/vg-snaps isize=256 agcount=4, agsize=262144 blks = sectsz=512 attr=2 data = bsize=4096 blocks=1048576, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 log =internal bsize=4096 blocks=2560, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 Thanks again Stan... -- Best regards, Charles From rs at sys4.de Fri May 3 18:27:43 2013 From: rs at sys4.de (Robert Schetterer) Date: Fri, 03 May 2013 17:27:43 +0200 Subject: [Dovecot] Accessing mail files not owned by imap login user In-Reply-To: <20130503141136.GC43047@anubis.morrow.me.uk> References: <1367446576752-41890.post@n4.nabble.com> <20130503141136.GC43047@anubis.morrow.me.uk> Message-ID: <5183D76F.70603@sys4.de> Am 03.05.2013 16:11, schrieb Ben Morrow: > have managed to set up a 'maildir' based mail system using fetchmail and >> procmail that delivers sorted mail to folders /var/spool/mail/user1, >> ../user2 etc. 'user1', 'user2' etc. are real users but the mail system is >> run under logged in user 'mailserver'. The mail folders are owned by >> 'user1', 'user2' etc. but mail files, when delivered, are owned by >> 'mailserver'. I've been unable to find a way to change this behaviour why using procmail, fetchmail....,go modern ways normally its mostly the best to have one extra user vmail group vmail then use getmail with additional clamdscan and spamc , if you like, at last "give" to dovecot deliver which uses sieve ,acl, quota i.e getmail.rc [options] verbose = 0 message_log = /var/log/getmail.log read_all = false delivered_to = false delete = false [retriever] type = SimplePOP3Retriever server = mail.beispiel.com username = user at beispiel.com password = ..... [filter-1] allow_root_commands = True type = Filter_classifier path = /usr/bin/clamdscan arguments = ("--stdout", "--no-summary", "-") exitcodes_drop = (1, ) [filter-2] allow_root_commands = True type = Filter_external path = /usr/bin/spamc arguments = ("-s", " 250000", "-u", "user1 at server.com") [destination] type = MDA_external path = /usr/lib/dovecot/deliver arguments = ("-d", "user1 at server.com") user = vmail group = vmail minimum in dovocot.conf something like ... passdb { driver = passwd-file args = scheme=plain-md5 username_format=%n /etc/dovecot/imap.passwd } userdb { driver = passwd-file args = username_format=%n /etc/dovecot/imap.passwd default_fields = local_port=%a } ... imap.passwd ... user1 at server.com:{plain}pass:vmail:vmail::/usr/local/virtual/user1 at server.com::userdb_mail=maildir:~/Maildir user2 at server.com:{plain}pass:vmail:vmail::/usr/localvirtual/user2 at server.com::userdb_mail=maildir:~/Maildir ... ... mkdir /usr/local/virtual/user1 at server.com mkdir /usr/local/virtual/user1 at server.com/Maildir .. chown -R vmail:vmail /usr/local/virtual/* notice this is not copy paste stuff, some things may different at your server and distro !!! some blog ( only german ) http://sys4.de/de/blog/2013/04/12/abholdienst-fur-mail/ Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From tss at iki.fi Fri May 3 19:14:19 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 3 May 2013 19:14:19 +0300 Subject: [Dovecot] Idea: POP3 deletion as a flag Message-ID: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> GMail doesn't delete mails when POP3 client issues a DELE command for it. Instead they just become invisible for future POP3 sessions, but they still exist for IMAP/webmail. The same could be implemented pretty easily for Dovecot: - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted - When DELEting a message, add this flag to the message. - When listing messages, skip all messages that have this flag. - Also hide this flag from IMAP clients(?) Thoughts? Probably 20 lines of new code. From gedalya at gedalya.net Fri May 3 19:22:14 2013 From: gedalya at gedalya.net (Gedalya) Date: Fri, 03 May 2013 12:22:14 -0400 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> Message-ID: <5183E436.2080701@gedalya.net> I can certainly see this being very useful in certain environments where asking the client to be responsible is not an option (ISP). Whether or not the flag affects IMAP clients should be configurable. On 05/03/2013 12:14 PM, Timo Sirainen wrote: > GMail doesn't delete mails when POP3 client issues a DELE command for it. Instead they just become invisible for future POP3 sessions, but they still exist for IMAP/webmail. The same could be implemented pretty easily for Dovecot: > > - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted > - When DELEting a message, add this flag to the message. > - When listing messages, skip all messages that have this flag. > - Also hide this flag from IMAP clients(?) > > Thoughts? Probably 20 lines of new code. > From stephan at rename-it.nl Fri May 3 19:39:00 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 03 May 2013 18:39:00 +0200 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> Message-ID: <5183E824.5020903@rename-it.nl> On 5/3/2013 6:14 PM, Timo Sirainen wrote: > GMail doesn't delete mails when POP3 client issues a DELE command for it. Instead they just become invisible for future POP3 sessions, but they still exist for IMAP/webmail. The same could be implemented pretty easily for Dovecot: > > - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted > - When DELEting a message, add this flag to the message. > - When listing messages, skip all messages that have this flag. Yes, very useful. > - Also hide this flag from IMAP clients(?) Hmm.. why? Also, from Sieve I can imagine it could be useful to be able to hide certain messages from POP3 by setting this flag. Regards, Stephan. From lst_hoe02 at kwsoft.de Fri May 3 19:49:34 2013 From: lst_hoe02 at kwsoft.de (lst_hoe02 at kwsoft.de) Date: Fri, 03 May 2013 18:49:34 +0200 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> Message-ID: <20130503184934.Horde.pVdLhbsJFaQzSAzBDjAnfA8@webmail.kwsoft.de> Zitat von Timo Sirainen : > GMail doesn't delete mails when POP3 client issues a DELE command > for it. Instead they just become invisible for future POP3 sessions, > but they still exist for IMAP/webmail. The same could be implemented > pretty easily for Dovecot: > > - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted > - When DELEting a message, add this flag to the message. > - When listing messages, skip all messages that have this flag. > - Also hide this flag from IMAP clients(?) > > Thoughts? Probably 20 lines of new code. Hmm, this would lead to every increasing mailboxes for POP3 only users. What about this - Use some setting to express that POP3 deleted mail should be IMAP mark-as-deleted - Skip messages marked as deleted with POP3, maybe even as default? With this on IMAP access you clearly see what is going on. Also if you delete Messages by IMAP they won't get downloaded by POP3. This would also fit with mail providers doing an "IMAP" expunge/purge on a fixed timebase. More obvious IMHO Regards Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6144 bytes Desc: S/MIME Cryptographic Signature URL: From rs at sys4.de Fri May 3 19:55:41 2013 From: rs at sys4.de (Robert Schetterer) Date: Fri, 03 May 2013 18:55:41 +0200 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> Message-ID: <5183EC0D.7000803@sys4.de> Am 03.05.2013 18:14, schrieb Timo Sirainen: > GMail doesn't delete mails when POP3 client issues a DELE command for it. Instead they just become invisible for future POP3 sessions, but they still exist for IMAP/webmail. The same could be implemented pretty easily for Dovecot: > > - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted > - When DELEting a message, add this flag to the message. > - When listing messages, skip all messages that have this flag. My vote, do it , if it doesnt break anything else, but a wiki help should be offered too. > - Also hide this flag from IMAP clients(?) wouldnt do this, that may end in user confusion > > Thoughts? Probably 20 lines of new code. > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From ramatukuma at hotmail.com Fri May 3 20:13:17 2013 From: ramatukuma at hotmail.com (Reinaldo Matukuma) Date: Fri, 3 May 2013 14:13:17 -0300 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> Message-ID: Timo. Hi. But it will be visible at what folder? Trash? Or will only be visible as a conventional message with the delete flag? I think that this is interesting if the DELE of pop don't let the user confused when doing alternate access using a client via pop sometimes/a client via imap sometimes. > From: tss at iki.fi > Date: Fri, 3 May 2013 19:14:19 +0300 > To: dovecot at dovecot.org > Subject: [Dovecot] Idea: POP3 deletion as a flag > > GMail doesn't delete mails when POP3 client issues a DELE command for it. Instead they just become invisible for future POP3 sessions, but they still exist for IMAP/webmail. The same could be implemented pretty easily for Dovecot: > > - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted > - When DELEting a message, add this flag to the message. > - When listing messages, skip all messages that have this flag. > - Also hide this flag from IMAP clients(?) > > Thoughts? Probably 20 lines of new code. > From tom at whyscream.net Fri May 3 20:30:08 2013 From: tom at whyscream.net (Tom Hendrikx) Date: Fri, 03 May 2013 19:30:08 +0200 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <20130503184934.Horde.pVdLhbsJFaQzSAzBDjAnfA8@webmail.kwsoft.de> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <20130503184934.Horde.pVdLhbsJFaQzSAzBDjAnfA8@webmail.kwsoft.de> Message-ID: <5183F420.2040908@whyscream.net> On 03-05-13 18:49, lst_hoe02 at kwsoft.de wrote: > > Zitat von Timo Sirainen : > >> GMail doesn't delete mails when POP3 client issues a DELE command for >> it. Instead they just become invisible for future POP3 sessions, but >> they still exist for IMAP/webmail. The same could be implemented >> pretty easily for Dovecot: >> >> - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted >> - When DELEting a message, add this flag to the message. >> - When listing messages, skip all messages that have this flag. >> - Also hide this flag from IMAP clients(?) >> >> Thoughts? Probably 20 lines of new code. > > Hmm, this would lead to every increasing mailboxes for POP3 only users. > What about this > > - Use some setting to express that POP3 deleted mail should be IMAP > mark-as-deleted This conflicts with (many) IMAP user agents that don't use mark-as-deleted but have some version of 'move to trash folder' instead. I do agree that it's probably the Right Way (tm) :) > - Skip messages marked as deleted with POP3, maybe even as default? > > With this on IMAP access you clearly see what is going on. Also if you > delete Messages by IMAP they won't get downloaded by POP3. This would > also fit with mail providers doing an "IMAP" expunge/purge on a fixed > timebase. Kind regards, Tom From ncjeffgus at zimage.com Fri May 3 20:46:03 2013 From: ncjeffgus at zimage.com (Jeff Gustafson) Date: Fri, 03 May 2013 10:46:03 -0700 Subject: [Dovecot] feature request: pipe for custom quota dict queries Message-ID: <1367603163.13802.17.camel@localhost> Just a followup to my previous post. I appears that a pipe for quota queries via dict is not supported right now. Because of the way we group things we need more flexibility. I'd like to propose that dovecot should support quota queries just like userdb dict queries. My expertise is not C, but I might try to poke around and see if I can make something work. ...Jeff From tss at iki.fi Fri May 3 21:34:16 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 3 May 2013 21:34:16 +0300 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <5183F420.2040908@whyscream.net> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <20130503184934.Horde.pVdLhbsJFaQzSAzBDjAnfA8@webmail.kwsoft.de> <5183F420.2040908@whyscream.net> Message-ID: <6EDEAE96-A1B7-4B4E-891E-67E39125DAC1@iki.fi> On 3.5.2013, at 20.30, Tom Hendrikx wrote: > On 03-05-13 18:49, lst_hoe02 at kwsoft.de wrote: >> >> Zitat von Timo Sirainen : >> >>> GMail doesn't delete mails when POP3 client issues a DELE command for >>> it. Instead they just become invisible for future POP3 sessions, but >>> they still exist for IMAP/webmail. The same could be implemented >>> pretty easily for Dovecot: >>> >>> - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted >>> - When DELEting a message, add this flag to the message. >>> - When listing messages, skip all messages that have this flag. >>> - Also hide this flag from IMAP clients(?) >>> >>> Thoughts? Probably 20 lines of new code. >> >> Hmm, this would lead to every increasing mailboxes for POP3 only users. >> What about this >> >> - Use some setting to express that POP3 deleted mail should be IMAP >> mark-as-deleted > > This conflicts with (many) IMAP user agents that don't use > mark-as-deleted but have some version of 'move to trash folder' instead. > I do agree that it's probably the Right Way (tm) :) Depends on what purpose this feature is going to be used for. Many POP3 users don't actually want to delete the mails, they just want to download them, and their client just happens to delete the mails as well. They might still want to use webmail occasionally to find any old mails. For that purpose \Deleted flag wouldn't be ideal. But, with this setting it would be possible as well: pop3_deleted_flag = \Deleted (although that would need a few more lines of code). >> - Skip messages marked as deleted with POP3, maybe even as default? >> >> With this on IMAP access you clearly see what is going on. Also if you >> delete Messages by IMAP they won't get downloaded by POP3. This would >> also fit with mail providers doing an "IMAP" expunge/purge on a fixed >> timebase. If mail is expunged from IMAP, it also is expunged from POP3 in any case. From tss at iki.fi Fri May 3 21:36:17 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 3 May 2013 21:36:17 +0300 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <5183EC0D.7000803@sys4.de> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5183EC0D.7000803@sys4.de> Message-ID: On 3.5.2013, at 19.55, Robert Schetterer wrote: > Am 03.05.2013 18:14, schrieb Timo Sirainen: >> GMail doesn't delete mails when POP3 client issues a DELE command for it. Instead they just become invisible for future POP3 sessions, but they still exist for IMAP/webmail. The same could be implemented pretty easily for Dovecot: >> >> - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted >> - When DELEting a message, add this flag to the message. >> - When listing messages, skip all messages that have this flag. > > My vote, do it , if it doesnt break anything else, but a wiki help > should be offered too. > >> - Also hide this flag from IMAP clients(?) > > wouldnt do this, that may end in user confusion Just about zero IMAP clients make IMAP keywords visible to users, so I'm not really sure which way to go here. I'm more thinking of it as an internal POP3 state which doesn't really need to be visible to IMAP clients, but then again I guess it wouldn't really hurt either. From CMarcus at Media-Brokers.com Fri May 3 21:44:22 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 03 May 2013 14:44:22 -0400 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <5183C7FD.5040004@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> <51834B8B.5080700@hardwarefreak.com> <51839FC5.3020504@Media-Brokers.com> <5183AEEF.2080700@hardwarefreak.com> <5183C7FD.5040004@Media-Brokers.com> Message-ID: <51840586.1050104@Media-Brokers.com> On 2013-05-03 10:21 AM, Charles Marcus wrote: >> How about the other filesystems I snipped? If you have a large number >> of filesystems atop the same RAID, some of them being XFS, this could >> create a head thrashing problem under high load increasing latency >> and thus response times. > > Ouch... > > This ESXi host also hosts 2 server 2008R2 vms... Or did you mean just the other filesystems in this linux VM? Yes, they are all on the same RAID. The only purpose of the other xfs volume - snaps- is to hold snapshots of /var for email backup purposes - so, rsnapshot will initiate an LVM snapshot, take the backup, then remove the snapshot. /snaps is not used for anything else, and it is the only other xfs filesystem. The others are either ext4 (/ and /boot) or ext2 (/tmp, /var/tmp and /var/log)... -- Best regards, Charles From mapp.paul at gmail.com Fri May 3 22:27:14 2013 From: mapp.paul at gmail.com (PaulM47) Date: Fri, 3 May 2013 12:27:14 -0700 (PDT) Subject: [Dovecot] Accessing mail files not owned by imap login user In-Reply-To: <5183D76F.70603@sys4.de> References: <1367446576752-41890.post@n4.nabble.com> <20130503141136.GC43047@anubis.morrow.me.uk> <5183D76F.70603@sys4.de> Message-ID: <1367609234346-41965.post@n4.nabble.com> Thanks for your replies, I'll need a bit of time to digest what you have suggested. -- View this message in context: http://dovecot.2317879.n4.nabble.com/Accessing-mail-files-not-owned-by-imap-login-user-tp41890p41965.html Sent from the Dovecot mailing list archive at Nabble.com. From professa at dementianati.com Fri May 3 22:40:41 2013 From: professa at dementianati.com (Professa Dementia) Date: Fri, 03 May 2013 12:40:41 -0700 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5183EC0D.7000803@sys4.de> Message-ID: <518412B9.4010605@dementianati.com> On 5/3/2013 11:36 AM, Timo Sirainen wrote: > On 3.5.2013, at 19.55, Robert Schetterer wrote: > >> Am 03.05.2013 18:14, schrieb Timo Sirainen: >>> GMail doesn't delete mails when POP3 client issues a DELE command for it. Instead they just become invisible for future POP3 sessions, but they still exist for IMAP/webmail. The same could be implemented pretty easily for Dovecot: >>> >>> - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted >>> - When DELEting a message, add this flag to the message. >>> - When listing messages, skip all messages that have this flag. >> >> My vote, do it , if it doesnt break anything else, but a wiki help >> should be offered too. >> >>> - Also hide this flag from IMAP clients(?) >> >> wouldnt do this, that may end in user confusion > > Just about zero IMAP clients make IMAP keywords visible to users, so I'm not really sure which way to go here. I'm more thinking of it as an internal POP3 state which doesn't really need to be visible to IMAP clients, but then again I guess it wouldn't really hurt either. > Be careful about adding features just for the sake of adding features. Dovecot is already a powerful, but quite complex. This would make it even more complex and non-standard. POP and IMAP clients do not expect this behavior from the server. Also, I have never heard anyone request this feature. Google has already admitted that they do not delete email, even when those emails are deleted from the Trash. Google states that emails may be archived for a minimum of 2 months past when they are deleted - emails, may, however, be saved forever. You do not know. Google has lots of storage and their business is marketing, which means selling people's personal information. Google is large enough that they are under scrutiny and have to obey EU privacy laws. However, adding this feature to Dovecot could put smaller email operators in violation of those laws. Not deleting emails when the client says to, is effectively archiving, and data that is archived is regulated by EU privacy laws. Lots of legal problems have arisen as a result of this. http://arstechnica.com/tech-policy/2011/12/patriot-act-and-privacy-laws-take-a-bite-out-of-us-cloud-business/ http://uk.news.yahoo.com/eu-judges-hear-arguments-google-test-privacy-case-102608029--finance.html http://www.afterdawn.com/news/article.cfm/2012/03/02/google_in_breach_of_eu_privacy_laws_commissioner_says The problem is already solved by the POP client. Most have a setting that allow emails to remain on the server for a period of time. The default is generally 5 days, but can be set to any value desired. Apple Mail, Thunderbird and outlook all have this feature. Most smartphones also have this feature, including the iPhone, Blackberry and Android devices, and even though the settings are generally not easily accessible, it defaults to being turned on. So in conclusion, in my experience, this feature is not one that has been requested, it makes Dovecot more complex and behave in ways not expected by the client, and it may have privacy and legal problems. I would recommend not doing it. I think it would be better to concentrate on features that people ask for. As awful as exchange is, the reason people give me why they use it over a normal email solution is for the groupware features, which standard POP and IMAP email is still lacking. Dem From tss at iki.fi Fri May 3 22:49:07 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 3 May 2013 22:49:07 +0300 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <518412B9.4010605@dementianati.com> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5183EC0D.7000803@sys4.de> <518412B9.4010605@dementianati.com> Message-ID: On 3.5.2013, at 22.40, Professa Dementia wrote: > Be careful about adding features just for the sake of adding features. Dovecot is already a powerful, but quite complex. This would make it even more complex and non-standard. POP and IMAP clients do not expect this behavior from the server. Also, I have never heard anyone request this feature. Dovecot won't do that by default. And this feature was requested by a large customer of ours, so it is needed.. I was mainly wondering about details. > Google is large enough that they are under scrutiny and have to obey EU privacy laws. However, adding this feature to Dovecot could put smaller email operators in violation of those laws. Not deleting emails when the client says to, is effectively archiving, and data that is archived is regulated by EU privacy laws. Lots of legal problems have arisen as a result of this. I'll add a comment to the setting that enabling it may violate (EU) privacy laws. From lst_hoe02 at kwsoft.de Fri May 3 23:00:47 2013 From: lst_hoe02 at kwsoft.de (lst_hoe02 at kwsoft.de) Date: Fri, 03 May 2013 22:00:47 +0200 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <6EDEAE96-A1B7-4B4E-891E-67E39125DAC1@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <20130503184934.Horde.pVdLhbsJFaQzSAzBDjAnfA8@webmail.kwsoft.de> <5183F420.2040908@whyscream.net> <6EDEAE96-A1B7-4B4E-891E-67E39125DAC1@iki.fi> Message-ID: <20130503220047.Horde.LhewsPwbQU83n6cs-zxghw6@webmail.kwsoft.de> Zitat von Timo Sirainen : > On 3.5.2013, at 20.30, Tom Hendrikx wrote: > >> On 03-05-13 18:49, lst_hoe02 at kwsoft.de wrote: >>> >>> Zitat von Timo Sirainen : >>> >>>> GMail doesn't delete mails when POP3 client issues a DELE command for >>>> it. Instead they just become invisible for future POP3 sessions, but >>>> they still exist for IMAP/webmail. The same could be implemented >>>> pretty easily for Dovecot: >>>> >>>> - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted >>>> - When DELEting a message, add this flag to the message. >>>> - When listing messages, skip all messages that have this flag. >>>> - Also hide this flag from IMAP clients(?) >>>> >>>> Thoughts? Probably 20 lines of new code. >>> >>> Hmm, this would lead to every increasing mailboxes for POP3 only users. >>> What about this >>> >>> - Use some setting to express that POP3 deleted mail should be IMAP >>> mark-as-deleted >> >> This conflicts with (many) IMAP user agents that don't use >> mark-as-deleted but have some version of 'move to trash folder' instead. >> I do agree that it's probably the Right Way (tm) :) > > Depends on what purpose this feature is going to be used for. Many > POP3 users don't actually want to delete the mails, they just want > to download them, and their client just happens to delete the mails > as well. They might still want to use webmail occasionally to find > any old mails. For that purpose \Deleted flag wouldn't be ideal. > But, with this setting it would be possible as well: > pop3_deleted_flag = \Deleted (although that would need a few more > lines of code). > But for simply leave mail on server with POP3 most MUAs have this feature anyway today, no? So at least for Thunderbird and Outlook this couldn't be the only use-case. Most requests i have seen where because of - Misguided user using POP3 on different devices with the same account --> Better use IMAP - People unable to throw away anything because they are unable to decide what is important For the second case you will end up with multi-gigabyte mailboxes on the server with mails no one need anymore. That's why i would prefer \Deleted to flag the mail as "not as important anymore" (can be delted if needed) in spirit of the waste basket on desktops. >>> - Skip messages marked as deleted with POP3, maybe even as default? >>> >>> With this on IMAP access you clearly see what is going on. Also if you >>> delete Messages by IMAP they won't get downloaded by POP3. This would >>> also fit with mail providers doing an "IMAP" expunge/purge on a fixed >>> timebase. > > If mail is expunged from IMAP, it also is expunged from POP3 in any case. Yes, that's the intention after all IMHO. You could set your IMAP client to expunge on leave or let the mails still around. If the provider have some policy to say expunge overy month you have no ever growing mailbox and give the provider a hint what can be deleted. For archive purpose you still can use IMAP folders. Regards Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6144 bytes Desc: S/MIME Cryptographic Signature URL: From aajaxx at gmail.com Fri May 3 23:30:50 2013 From: aajaxx at gmail.com (Ajax) Date: Fri, 3 May 2013 16:30:50 -0400 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5183EC0D.7000803@sys4.de> <518412B9.4010605@dementianati.com> Message-ID: On Fri, May 3, 2013 at 3:49 PM, Timo Sirainen wrote: > I'll add a comment to the setting that enabling it may violate (EU) > privacy laws. Please consider a stronger, broader statement saying that enabling it may violate user's expectations of privacy. I'm not in a position to cite chapter and voice on this now but folks curious about the practical aspects of these considerations under US law might find why many prefer POP to IMAP by looking at the recommendations by, for example, The Electronic Frontier Foundation (EFF) at < https://ssd.eff.org/>. From gedalya at gedalya.net Fri May 3 23:38:26 2013 From: gedalya at gedalya.net (Gedalya) Date: Fri, 03 May 2013 16:38:26 -0400 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <20130503220047.Horde.LhewsPwbQU83n6cs-zxghw6@webmail.kwsoft.de> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <20130503184934.Horde.pVdLhbsJFaQzSAzBDjAnfA8@webmail.kwsoft.de> <5183F420.2040908@whyscream.net> <6EDEAE96-A1B7-4B4E-891E-67E39125DAC1@iki.fi> <20130503220047.Horde.LhewsPwbQU83n6cs-zxghw6@webmail.kwsoft.de> Message-ID: <51842042.4090003@gedalya.net> On 05/03/2013 04:00 PM, lst_hoe02 at kwsoft.de wrote: > But for simply leave mail on server with POP3 most MUAs have this > feature anyway today, no? So at least for Thunderbird and Outlook this > couldn't be the only use-case. Most requests i have seen where because of > - Misguided user using POP3 on different devices with the same account > --> Better use IMAP > - People unable to throw away anything because they are unable to > decide what is important I agree. And, what are you going to do? There are times when you need to bend over backwards due to the user's uncorrectable technical incorrectness. You need to figure out the least expensive (and I don't mean money) way to make your service manageable, which doesn't involve the impossible - arguing with your users. Your users will come at you asking you to undelete the emails they deleted and when you tell them that you fulfilled their request to delete the emails, they will say that they don't know what you are talking about. And that's the truth. The user didn't delete anything. The user agent did. And somehow it all ends up being your problem. If you don't like this feature, don't enable it. But it's useful in some situations. From daniel at dlutt.de Sat May 4 00:34:20 2013 From: daniel at dlutt.de (Daniel Luttermann) Date: Fri, 3 May 2013 23:34:20 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service Message-ID: <155667055.20130503233420@dlutt.de> Hallo zusammen, ?ber den Policy Service von Dovecot zum Abfragen der User Quotas wurde ja schon diskutiert - auch gibt es eine gute Anleitung zum Einrichten, nur leider bekomme ich den Policy Server nicht korrekt konfiguriert. Folgende Fehler werden protokolliert: May 3 22:00:13 mail postfix/smtpd[17463]: warning: access table unix:private/quota-status entry has empty value May 3 22:00:42 mail dovecot: quota-status(daniel at dlutt.de): Error: user daniel at dlutt.de: Error reading configuration: net_connect_unix(/usr/var/run/dovecot/config) failed: Permission denied Es ist dabei so, dass nach einem Reload der Dienste die erste Mail noch zugestellt wird, die folgende, eingehende Mail dann jedoch abgelehnt wird. Nachfolgend die kompletten Logeintr?ge: May 3 22:00:12 mail postfix/smtpd[17463]: connect from mail-ie0-x236.google.com[2607:f8b0:4001:c03::236] May 3 22:00:13 mail postfix/smtpd[17463]: warning: access table unix:private/quota-status entry has empty value May 3 22:00:13 mail postfix/smtpd[17463]: 0EB81172391A: client=mail-ie0-x236.google.com[2607:f8b0:4001:c03::236] May 3 22:00:13 mail postfix/cleanup[17475]: 0EB81172391A: message-id= May 3 22:00:13 mail postfix/qmgr[17429]: 0EB81172391A: from=, size=5409, nrcpt=1 (queue active) May 3 22:00:13 mail postfix/smtpd[17463]: disconnect from mail-ie0-x236.google.com[2607:f8b0:4001:c03::236] May 3 22:00:13 mail klms-smtp_proxy: Message from sender at googlemail.com to daniel at dlutt.de passed May 3 22:00:14 mail postfix/smtpd[17482]: connect from localhost[127.0.0.1] May 3 22:00:14 mail postfix/smtpd[17482]: 00776172391C: client=localhost[127.0.0.1], orig_client=mail-ie0-x236.google.com[2607:f8b0:4001:c03::236] May 3 22:00:14 mail postfix/cleanup[17475]: 00776172391C: message-id= May 3 22:00:14 mail postfix/qmgr[17429]: 00776172391C: from=, size=6195, nrcpt=1 (queue active) May 3 22:00:14 mail postfix/smtpd[17482]: disconnect from localhost[127.0.0.1] May 3 22:00:14 mail postfix/smtp[17476]: 0EB81172391A: to=, relay=127.0.0.1[127.0.0.1]:10025, delay=1.2, delays=0.54/0.02/0/0.65, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 00776172391C) May 3 22:00:14 mail postfix/qmgr[17429]: 0EB81172391A: removed May 3 22:00:14 mail dovecot: lmtp(17484): Connect from local May 3 22:00:14 mail dovecot: lmtp(17484, daniel at dlutt.de): dEa8BE4XhFFMRAAAG4AjPw: sieve: msgid=: stored mail into mailbox 'INBOX' May 3 22:00:14 mail dovecot: lmtp(17484): Disconnect from local: Successful quit May 3 22:00:14 mail postfix/lmtp[17483]: 00776172391C: to=, relay=mail.dlutt.de[private/dovecot-lmtp], delay=0.11, delays=0.05/0.02/0.01/0.03, dsn=2.0.0, status=sent (250 2.0.0 dEa8BE4XhFFMRAAAG4AjPw Saved) May 3 22:00:14 mail postfix/qmgr[17429]: 00776172391C: removed May 3 22:00:36 mail postfix/postscreen[17433]: CONNECT from [2607:f8b0:4001:c03::230]:43653 to [2a00:1828:2000:206::2]:25 May 3 22:00:42 mail postfix/postscreen[17433]: PASS NEW [2607:f8b0:4001:c03::230]:43653 May 3 22:00:42 mail postfix/smtpd[17463]: connect from mail-ie0-x230.google.com[2607:f8b0:4001:c03::230] May 3 22:00:42 mail dovecot: quota-status(daniel at dlutt.de): Error: user daniel at dlutt.de: Error reading configuration: net_connect_unix(/usr/var/run/dovecot/config) failed: Permission denied May 3 22:00:42 mail postfix/smtpd[17463]: NOQUEUE: reject: RCPT from mail-ie0-x230.google.com[2607:f8b0:4001:c03::230]: 450 4.7.1 : Recipient address rejected: Internal error occurred. Refer to server log for more information.; from= to= proto=ESMTP helo= May 3 22:00:42 mail postfix/smtpd[17463]: disconnect from mail-ie0-x230.google.com[2607:f8b0:4001:c03::230] May 3 22:00:53 mail postfix/postfix-script[17560]: stopping the Postfix mail system May 3 22:00:53 mail postfix/master[17425]: terminating on signal 15 May 3 22:02:51 mail dovecot: master: Warning: Killed with signal 15 (by pid=17681 uid=0 code=kill) Das Problem tritt mit dem unix_listener, aber auch mit dem inet_listener auf - beide Male beschwert sich Dovecot ?ber den Zugriff auf den Service "config". Ich habe auch mal versucht, die Berechtigungen f?r den Service "config" auf World-Readable zu setzen, leider hat dies auch nicht geklappt, wobei ich nicht wei?, ob dieser unbedingt mit dem Problem etwas zu tun hat. Auch beim Debug-Logging sind leider nicht mehr Infos zum Fehler zu finden. Zum Einsatz kommt aktuell Postfix 2.10.0 und Dovecot 2.2.1. Die Dovecot Quota Konfiguration sieht so aus, wie bei sys4 beschrieben: service quota-status { executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0660 user = postfix } client_limit = 1 } Mittlerweile habe ich schon einige Optionen und Berechtigungen ausprobiert, aber der Fehler bleibt leider der gleiche. Hat vielleicht jemand noch einen Tip? Danke schon mal. -- Daniel From daniel at dlutt.de Sat May 4 00:39:01 2013 From: daniel at dlutt.de (Daniel Luttermann) Date: Fri, 3 May 2013 23:39:01 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <155667055.20130503233420@dlutt.de> References: <155667055.20130503233420@dlutt.de> Message-ID: <328011824.20130503233901@dlutt.de> On 2013-05-03, Daniel Luttermann wrote: > Hallo zusammen, > ?ber den Policy Service von Dovecot zum Abfragen der User Quotas wurde > ja schon diskutiert - auch gibt es eine gute Anleitung zum Einrichten, > nur leider bekomme ich den Policy Server nicht korrekt konfiguriert. sorry, this was a question for the german Dovecot mailing list. -- Daniel From simon.buongiorno at gmail.com Sat May 4 01:06:38 2013 From: simon.buongiorno at gmail.com (Simon Brereton) Date: Sat, 4 May 2013 00:06:38 +0200 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> Message-ID: On 3 May 2013 18:14, "Timo Sirainen" wrote: > > GMail doesn't delete mails when POP3 client issues a DELE command for it. Instead they just become invisible for future POP3 sessions, but they still exist for IMAP/webmail. The same could be implemented pretty easily for Dovecot: > > - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted > - When DELEting a message, add this flag to the message. > - When listing messages, skip all messages that have this flag. > - Also hide this flag from IMAP clients(?) > > Thoughts? Probably 20 lines of new code. The EU laws not withstanding, I think this is a good thing. The world didn't revolve around the EU anymore than it does the US. If enough people want it, and I can see it's use, even if 90% of my users won't need it, then put it in. Warn users to check the regulations of their jurisdiction before turning it on and off you go.. Simon From kgc at corp.sonic.net Sat May 4 01:27:48 2013 From: kgc at corp.sonic.net (Kelsey Cummings) Date: Fri, 03 May 2013 15:27:48 -0700 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> Message-ID: On 2013-05-03 09:14, Timo Sirainen wrote: > GMail doesn't delete mails when POP3 client issues a DELE command for > it. Instead they just become invisible for future POP3 sessions, but > they still exist for IMAP/webmail. The same could be implemented > pretty easily for Dovecot: How does the usage case by your large customer differ from that allowed by the lazy_expunge plugin? From tss at iki.fi Sat May 4 01:44:00 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 4 May 2013 01:44:00 +0300 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> Message-ID: <8BDD6399-C7AA-48C4-8062-1CA2C150F402@iki.fi> On 4.5.2013, at 1.27, Kelsey Cummings wrote: > On 2013-05-03 09:14, Timo Sirainen wrote: >> GMail doesn't delete mails when POP3 client issues a DELE command for >> it. Instead they just become invisible for future POP3 sessions, but >> they still exist for IMAP/webmail. The same could be implemented >> pretty easily for Dovecot: > > How does the usage case by your large customer differ from that allowed by the lazy_expunge plugin? I didn't ask what their main reason for this was, but for me it would be: "Oops, I accidentally configured my new email client as POP3 instead of IMAP, and now it deleted everything from my INBOX." With lazy_expunge the user would have to explicitly go and undelete the mails, and it would also undelete those mails that were intentionally deleted. With this feature nothing at all would go wrong on IMAP/webmail side. From kgc at corp.sonic.net Sat May 4 01:59:11 2013 From: kgc at corp.sonic.net (Kelsey Cummings) Date: Fri, 03 May 2013 15:59:11 -0700 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <8BDD6399-C7AA-48C4-8062-1CA2C150F402@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <8BDD6399-C7AA-48C4-8062-1CA2C150F402@iki.fi> Message-ID: <75065342e734af9ecb486434da206ce8@sonic.net> On 2013-05-03 15:44, Timo Sirainen wrote: > I didn't ask what their main reason for this was, but for me it would > be: "Oops, I accidentally configured my new email client as POP3 > instead of IMAP, and now it deleted everything from my INBOX." With > lazy_expunge the user would have to explicitly go and undelete the > mails, and it would also undelete those mails that were intentionally > deleted. With this feature nothing at all would go wrong on > IMAP/webmail side. Ah, that makes more sense now. We're only using lazy_expunge for POP3 but with a namespace visible to IMAP so a POP3 user can restore a message using webmail/IMAP if needed. -K From professa at dementianati.com Sat May 4 05:13:17 2013 From: professa at dementianati.com (Professa Dementia) Date: Fri, 03 May 2013 19:13:17 -0700 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <8BDD6399-C7AA-48C4-8062-1CA2C150F402@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <8BDD6399-C7AA-48C4-8062-1CA2C150F402@iki.fi> Message-ID: <51846EBD.3040706@dementianati.com> On 5/3/2013 3:44 PM, Timo Sirainen wrote: > On 4.5.2013, at 1.27, Kelsey Cummings wrote: > >> On 2013-05-03 09:14, Timo Sirainen wrote: >>> GMail doesn't delete mails when POP3 client issues a DELE command for >>> it. Instead they just become invisible for future POP3 sessions, but >>> they still exist for IMAP/webmail. The same could be implemented >>> pretty easily for Dovecot: >> >> How does the usage case by your large customer differ from that allowed by the lazy_expunge plugin? > > I didn't ask what their main reason for this was, but for me it would be: "Oops, I accidentally configured my new email client as POP3 instead of IMAP, and now it deleted everything from my INBOX." With lazy_expunge the user would have to explicitly go and undelete the mails, and it would also undelete those mails that were intentionally deleted. With this feature nothing at all would go wrong on IMAP/webmail side. I agree with AJAX. This seems to be a matter of convenience and features versus privacy rights. Do the desires of the mail handling organization outweigh the privacy needs of individuals. This is a long standing argument. I am glad that this was brought up. History is littered with inventions and creations that were designed for one purpose, but misused for another. It seems this mod was designed to deal with stupid users who are unable to set up their email correctly, and the IT departments who are too lazy to manage the situation properly. I think this attempt to make the software idiot proof will fail, however. There is a saying the goes something like "You cannot make anything idiot proof because idiots are so ingenious." If someone is worried about end users setting up POP accidentally and deleting emails, then firewall ports 110 and 995. Simple solution. Problem solved with no inadvertent introduction of privacy and legal violations. What worries me, is that as an end user, I now have no idea if this "feature" is turned on or not. When I specify that an email be deleted from the server, I expect that it is *deleted*. I feel that a feature like this is ripe for abuse. Is there any way for the end user to know that this feature is turned on? What if a hacker got access to the server and changed the value of this setting? As pointed out by AJAX, POP3 comes with an expectation of privacy. There should be some way that the end user gets notified that his deleted POP emails are not actually deleted. If Timo wants to add these features to private copies of the software for specific organizations, that is a matter between him, his client and the law. However, I do not feel it belongs in the mainstream release. Dem From noel.butler at ausics.net Sat May 4 05:38:03 2013 From: noel.butler at ausics.net (Noel Butler) Date: Sat, 04 May 2013 12:38:03 +1000 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <518412B9.4010605@dementianati.com> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5183EC0D.7000803@sys4.de> <518412B9.4010605@dementianati.com> Message-ID: <1367635083.3904.23.camel@tardis> On Fri, 2013-05-03 at 12:40 -0700, Professa Dementia wrote: > > Google has already admitted that they do not delete email, even when Google does many may many non compliant things. > those emails are deleted from the Trash. Google states that emails may > be archived for a minimum of 2 months past when they are deleted - > emails, may, however, be saved forever. You do not know. Google has It's just one of many many reasons why I don't, and wont, ever use privacy invading scum like gmail. > people's personal information. Google is large enough that they are > under scrutiny and have to obey EU privacy laws. However, adding this > feature to Dovecot could put smaller email operators in violation of > those laws. Not deleting emails when the client says to, is effectively How so, although I can not see anyone I know using such a feature in the hosting/ISP world, I could see it used in corporate sense - in Australia for instance, businesses are required to keep company correspondences (incl email) for at least five years, so if I ever moved to the private sector, I guess my opinion may change and I may enable it. Should be of no concern to the EU (and I credit the EU when it comes to privacy matters), as it would need to be manually added option by the server admin, ie: not default - your car can go to 200+ K/hr, but you don't get in and floor it every day do you. Incidentally, the last time I read the pop3 RFC, admittedly some decade or so ago (and yeah it's likely been updated since?) I can not recall there ever being a "MUST" or "SHOULD" when it comes to deleting messages (it might have been deliberately omitted) apart from the server MUST NOT delete messages that are not marked for deletion. > The problem is already solved by the POP client. Most have a setting > that allow emails to remain on the server for a period of time. The > default is generally 5 days, but can be set to any value desired. Apple > Mail, Thunderbird and outlook all have this feature. Most smartphones > also have this feature, including the iPhone, Blackberry and Android unfortunately many users are nowhere near as smart as their smartphones/clients, with BYOD becoming more prevalent (something I for privacy/security reasons do not agree with permitting), those users need set their own equipment up, and may not configure leave on server, etc, violating laws or company policies). > > So in conclusion, in my experience, this feature is not one that has > been requested, it makes Dovecot more complex and behave in ways not 20 lines of code and manually having to add a single word to pop options is complex? I'm one for KISS, as those networks rarely, if EVER, have problems, since there is nothing to go wrong, but even I have no objections to such an option, despite never intending to use it. Cheers Noel -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From gedalya at gedalya.net Sat May 4 05:42:45 2013 From: gedalya at gedalya.net (Gedalya) Date: Fri, 03 May 2013 22:42:45 -0400 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <51846EBD.3040706@dementianati.com> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <8BDD6399-C7AA-48C4-8062-1CA2C150F402@iki.fi> <51846EBD.3040706@dementianati.com> Message-ID: <518475A5.2060308@gedalya.net> On 05/03/2013 10:13 PM, Professa Dementia wrote: > On 5/3/2013 3:44 PM, Timo Sirainen wrote: >> On 4.5.2013, at 1.27, Kelsey Cummings wrote: >> >>> On 2013-05-03 09:14, Timo Sirainen wrote: >>>> GMail doesn't delete mails when POP3 client issues a DELE command for >>>> it. Instead they just become invisible for future POP3 sessions, but >>>> they still exist for IMAP/webmail. The same could be implemented >>>> pretty easily for Dovecot: >>> >>> How does the usage case by your large customer differ from that >>> allowed by the lazy_expunge plugin? >> >> I didn't ask what their main reason for this was, but for me it would >> be: "Oops, I accidentally configured my new email client as POP3 >> instead of IMAP, and now it deleted everything from my INBOX." With >> lazy_expunge the user would have to explicitly go and undelete the >> mails, and it would also undelete those mails that were intentionally >> deleted. With this feature nothing at all would go wrong on >> IMAP/webmail side. > > I agree with AJAX. This seems to be a matter of convenience and > features versus privacy rights. Do the desires of the mail handling > organization outweigh the privacy needs of individuals. This is a long > standing argument. Ajax said that a service enabling this feature should make a strong, broad and clear statement about it, and I agree. I'm all in favor of transparency. And customer service. > > I am glad that this was brought up. History is littered with > inventions and creations that were designed for one purpose, but > misused for another. > > It seems this mod was designed to deal with stupid users who are > unable to set up their email correctly, and the IT departments who are > too lazy to manage the situation properly. I think this attempt to > make the software idiot proof will fail, however. Writing extra code to provide better service is lazy? You're thinking about a corporate environment. That's not the only use case, and usually not the largest deployment size either. > > There is a saying the goes something like "You cannot make anything > idiot proof because idiots are so ingenious." We're trying to mitigate problems, not make the world perfect. > > If someone is worried about end users setting up POP accidentally and > deleting emails, then firewall ports 110 and 995. Simple solution. > Problem solved with no inadvertent introduction of privacy and legal > violations. Why firewall only ports 110 and 995? We can also just shut down the entire mail service and this way we have no problems at all. > > What worries me, is that as an end user, I now have no idea if this > "feature" is turned on or not. When I specify that an email be > deleted from the server, I expect that it is *deleted*. I feel that a > feature like this is ripe for abuse. Email is ripe for abuse. I can read every single email on the mail server. That's just wrong. The alternative is to let users manage their own private keys... yeah right. We just agreed that users are stupid, didn't we? Emails are not private from the eyes of anyone accessing the server, that's fundamentally the case, I do not need Timo's help if I want to commit identify theft, or to disobey a user's DELE command. I can mirror / archive every single email in an infinite number of ways, thanks to the beauty of the UNIX philosophy. And if what I wanted was to illegally hold on to user data, as opposed to doing what my users want me to do - which would be the case in this discussion, then the more sensible way to archive everything is at the MTA level. And if I want to do that without telling anyone, who is to stop me? Users implicitly trust me, and I ought to be nice enough and, as Ajax said, transparent. That's very important. > > Is there any way for the end user to know that this feature is turned > on? What if a hacker got access to the server and changed the value > of this setting? As pointed out by AJAX, POP3 comes with an > expectation of privacy. There should be some way that the end user > gets notified that his deleted POP emails are not actually deleted. An attacker breaking into the system becomes equal to me in his powers, see above. > > If Timo wants to add these features to private copies of the software > for specific organizations, that is a matter between him, his client > and the law. However, I do not feel it belongs in the mainstream > release. > > Dem From noel.butler at ausics.net Sat May 4 05:53:16 2013 From: noel.butler at ausics.net (Noel Butler) Date: Sat, 04 May 2013 12:53:16 +1000 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> Message-ID: <1367635996.3904.33.camel@tardis> On Sat, 2013-05-04 at 00:06 +0200, Simon Brereton wrote: > > The EU laws not withstanding, I think this is a good thing. The world > didn't revolve around the EU anymore than it does the US. Actually you may be wrong there, Australia and IIRC New Zealand, seem to follow suite with the EU. and apart form the U.S. and certain repressive/communist countries, I am not aware of any other countries with such horrid privacy laws, the U.S. lost it with knee jerk reactions bringing in the Patriot Act (we all know how thats been abused - think abortion supporters, gay rights orgs, womens lib orgs etc), and any loopholes in that, will likely be closed by CISPA (if it manages to pass). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From ravi_kanchan2004 at yahoo.com Sat May 4 08:13:44 2013 From: ravi_kanchan2004 at yahoo.com (Ravi Kanchan) Date: Sat, 4 May 2013 13:13:44 +0800 (SGT) Subject: [Dovecot] dovecot antispam plugin is not woking In-Reply-To: <5183ADFB.9080207@middleearth.sapphiresunday.org> References: <1367314604.74732.YahooMailNeo@web194001.mail.sg3.yahoo.com> <5183ADFB.9080207@middleearth.sapphiresunday.org> Message-ID: <1367644424.30130.YahooMailNeo@web194006.mail.sg3.yahoo.com> ?hi All, But it is not woking in our setup its not block or marking SPAM mail which is receiving through IMAP or POP3 services. Regard's Ravi Kanchan Sharma Sr. System Administrator Infinite Computer Solutions (I) Ltd. Bglr. Mo. 9997154666 ? ________________________________ From: Trever L. Adams To: Dovecot Mailing List Cc: Eugene Paskevich ; Ravi Kanchan Sent: Friday, 3 May 2013 6:00 PM Subject: Re: [Dovecot] dovecot antispam plugin is not woking On 04/30/2013 05:47 AM, Eugene Paskevich wrote: > On Tue, 30 Apr 2013 12:36:44 +0300, Ravi Kanchan > wrote: > >> and plugin configuration is given below: >> >> protocol imap { >>? mail_plugins = " antispam autocreate" >> } >> protocol pop3 { >>? mail_plugins = antispam autocreate >> } > > I'm not sure this plugin could be used with POP3. I am pretty sure that it cannot be used with POP3. It requires IMAP. Trever From rs at sys4.de Sat May 4 08:35:27 2013 From: rs at sys4.de (Robert Schetterer) Date: Sat, 04 May 2013 07:35:27 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <155667055.20130503233420@dlutt.de> References: <155667055.20130503233420@dlutt.de> Message-ID: <51849E1F.7010609@sys4.de> Am 03.05.2013 23:34, schrieb Daniel Luttermann: > Zum Einsatz kommt aktuell Postfix 2.10.0 und Dovecot 2.2.1. > > Die Dovecot Quota Konfiguration sieht so aus, wie bei sys4 > beschrieben: > > service quota-status { > executable = quota-status -p postfix > unix_listener /var/spool/postfix/private/quota-status { > group = postfix > mode = 0660 > user = postfix > } > client_limit = 1 > } > > Mittlerweile habe ich schon einige Optionen und Berechtigungen > ausprobiert, aber der Fehler bleibt leider der gleiche. > > Hat vielleicht jemand noch einen Tip? > > Danke schon mal. besser hier nicht in deutsch.... du solltest nur Dovecot 2.2.1 verwenden der quota code in 2.1 ist "nicht voellig vollstaendig" das setup sieht auf den ersten Blick ok aus hast du es schon mal alternativ exakt wie beschrieben in http://sys4.de/de/blog/2013/04/05/dovecot-quota-mit-postfix-abfragen/ vor allem quota_grace = 10%% quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full / Mailbox ist voll" etc nicht vergessen getestet ? alternativ versuch mal mode = 0666 fuer mich sieht es wie ein permission Problem aus, das k?nnte unterschiedlich sein je nach setup, user / group postfix muessen existieren usw verglichen mit http://hg.dovecot.org/dovecot-2.1/file/0fa68f3a8f6c/doc/example-config/conf.d/10-master.conf # Postfix smtp-auth 96 #unix_listener /var/spool/postfix/private/auth { 97 # mode = 0666 98 #} Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From stan at hardwarefreak.com Sat May 4 06:10:42 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 03 May 2013 22:10:42 -0500 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <5183C7FD.5040004@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> <51834B8B.5080700@hardwarefreak.com> <51839FC5.3020504@Media-Brokers.com> <5183AEEF.2080700@hardwarefreak.com> <5183C7FD.5040004@Media-Brokers.com> Message-ID: <51847C32.4050707@hardwarefreak.com> On 5/3/2013 9:21 AM, Charles Marcus wrote: > On 2013-05-03 8:34 AM, Stan Hoeppner wrote: >> I assume /var will hold user mail dirs. > > Yes, in /var/vmail > >> Do /var/ and /snaps reside on the same RAID array, physical disks? > > Yes - vmware host is a Dell R515, with ESXi installed to mirrored > internal SATA drives, with 8 drives in RAID 10 for all of the VMs. All > storage is this local storage (no SAN/NAS). Your RAID10 is on a PERC correct? You have four 7.2K SATA stripe spindles. Do you mind posting the RAID10 strip/chunk size? The RAID geometry can be critical, not just for mail, but your entire VM setup. Also, what's your mdbox max file size? >> How about the other filesystems I snipped? If you have a large number >> of filesystems atop the same RAID, some of them being XFS, this could >> create a head thrashing problem under high load increasing latency and >> thus response times. > > Ouch... Don't fret yet. > This ESXi host also hosts 2 server 2008R2 vms... So, what, 3 production VMs total? That shouldn't be a problem, unless... (read below) >> Would you mind posting: ~$ xfs_info /dev/vg/var > meta-data=/dev/mapper/vg-var isize=256 agcount=4, agsize=45875200 ... > meta-data=/dev/mapper/vg-snaps isize=256 agcount=4, agsize=262144 blks Ok, good, mkfs gave you 4 AGs per filesystem, 8 between the two. This shouldn't be a problem. However, ISTR you mentioning that your users transfer multi-GB files, up to 50GB, on a somewhat regular basis, to/from the file server over GbE at ~80-100MB/s. If these big copies hit the same 4 RAID10 spindles it may tend to decrease IMAP response times due to seek contention. This has nothing to do with XFS. It's the nature of shared storage. > Thanks again Stan... You bet. -- Stan From noel.butler at ausics.net Sat May 4 10:12:09 2013 From: noel.butler at ausics.net (Noel Butler) Date: Sat, 04 May 2013 17:12:09 +1000 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <51849E1F.7010609@sys4.de> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> Message-ID: <1367651529.7033.2.camel@tardis> On Sat, 2013-05-04 at 07:35 +0200, Robert Schetterer wrote: > du solltest nur Dovecot 2.2.1 verwenden > der quota code in 2.1 ist "nicht voellig vollstaendig" > das setup sieht auf den ersten Blick ok aus > The quota-grace I think was only bit not backported, is that right? Did Timo do or announce plan to do this, or not happening for 2.1 only 2.2? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From 24x7server at 24x7server.net Sat May 4 11:02:20 2013 From: 24x7server at 24x7server.net (Rajesh M) Date: Sat, 4 May 2013 13:32:20 +0530 (Asi) Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> Message-ID: <.120.61.112.66.1367654540.squirrel@24x7server.net> timo thank you very much for your wonderful work on dovecot the new feature that you are thinking about is very useful this is an excellent solution and is used by a quite a few large isps / mailing providers like rediff. And i believe blackberry also does something similar. ie if configure the blackberry today it downloads new emails only. when pop3 access emails sometimes in some email clients the emails start downloading right from the begining. this can be prevented by this solution also when there are large mailboxes more the number of emails in the inbox more the system gets loaded up in scanning the mails and deciding when the last download took place. i believe pop3 performance would be far better with this feature. a few points though if this option is implemented then there should be a way to disable it tempoarilry. This is incase the user is shifting over to a new pc and wants to donwload all old emails. also we can set the date of download ie say allow pop3 download emails upto 15 days old/ rajesh > GMail doesn't delete mails when POP3 client issues a DELE command for it. > Instead they just become invisible for future POP3 sessions, but they > still exist for IMAP/webmail. The same could be implemented pretty easily > for Dovecot: > > - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted > - When DELEting a message, add this flag to the message. > - When listing messages, skip all messages that have this flag. > - Also hide this flag from IMAP clients(?) > > Thoughts? Probably 20 lines of new code. > > From forum at decotrain.de Sat May 4 11:19:10 2013 From: forum at decotrain.de (Forum) Date: Sat, 04 May 2013 10:19:10 +0200 Subject: [Dovecot] dual stack issue In-Reply-To: <518384C1.20505@Message-ID.plonk.de> References: <70805cb6bdf07e7dcaae649b7ad0c594@decotrain.de> <518384C1.20505@Message-ID.plonk.de> Message-ID: <5184C47E.4070303@decotrain.de> Hello, Am 03.05.2013 11:34, schrieb Jakob Hirsch: > forum, 30.04.2013 16:55: > >> Now i have found the solution. >> It seems to help to ask you. ;) >> >> The solution was to change from >> listen = [::] >> to >> listen = *, [::] >> >> There is no explanation for it - just try and error ... > > This is not dovecot's fault. See here: http://serverfault.com/a/39561 I never write that something is the fault of dovecot. ;-) As i complain the configuration is not so easy as before. But what is the meaning of the addional "*," now? Listening specially to IPV4 and IPV6? > > In short: In Linux, binding to :: means "bind to both ipv6 and ipv4". > Setting /proc/sys/net/ipv6/bindv6only to 1 changes this behaviour, and > Debian had this by default in some testing versions of squeeze, as was > recently discussed on the asterisk-users list: > http://lists.digium.com/pipermail/asterisk-users/2013-March/278296.html Aha - thank you for this hint. I have an additional problem with a R8169 ethernet interface loosing IPV4 communication. But at this time the binding for IPV4 is not deactivated. root at PC# cat /proc/sys/net/ipv6/bindv6only 0 Regards Karsten From noel.butler at ausics.net Sat May 4 13:06:18 2013 From: noel.butler at ausics.net (Noel Butler) Date: Sat, 04 May 2013 20:06:18 +1000 Subject: [Dovecot] dual stack issue In-Reply-To: <5184C47E.4070303@decotrain.de> References: <70805cb6bdf07e7dcaae649b7ad0c594@decotrain.de> <518384C1.20505@Message-ID.plonk.de> <5184C47E.4070303@decotrain.de> Message-ID: <1367661978.9248.13.camel@tardis> On Sat, 2013-05-04 at 10:19 +0200, Forum wrote: > > But what is the meaning of the addional "*," now? > Listening specially to IPV4 and IPV6? > * has always meant ipv4 :: has always meant ipv6 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From AxelLuttgens at swing.be Sat May 4 13:10:18 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Sat, 4 May 2013 12:10:18 +0200 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <8BDD6399-C7AA-48C4-8062-1CA2C150F402@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <8BDD6399-C7AA-48C4-8062-1CA2C150F402@iki.fi> Message-ID: <396E78AC-0A29-40A8-9BAA-B02D7B967609@swing.be> Le 4 mai 2013 ? 00:44, Timo Sirainen a ?crit : > I didn't ask what their main reason for this was, but for me it would be: "Oops, I accidentally configured my new email client as POP3 instead of IMAP, and now it deleted everything from my INBOX." With lazy_expunge the user would have to explicitly go and undelete the mails, and it would also undelete those mails that were intentionally deleted. With this feature nothing at all would go wrong on IMAP/webmail side. Hello Timo, I'll sure appear, once again, to be a bit dumb, but I'm somewhat uncomfortable with that "POP3 deletion as a flag" option. As others already have noticed, this is liable to lead to confusion in the user's mind as well as to privacy concerns. More specifically, a POP server is supposed to remove the messages marked as deleted when entering its update state. Unless I'm wrong, beside technical problems hindering that deletion, this is a mandatory behavior. Put in other words, if configured with the "POP3 deletion as a flag" option, the POP server won't be compliant anymore and users may feel betrayed. At the very least, this should probably come with some kind of experimental capability issued by the server in its reply to a CAPA command. On the other hand: Le 3 mai 2013 ? 21:49, Timo Sirainen a ?crit : > [...] And this feature was requested by a large customer of ours, so it is needed.. I was mainly wondering about details. It is true that if an ISP wants such a feature, well... But then, the problem appears because the ISP allows both POP and IMAP access to mail stores, and POP users should thus be treated as first class citizen too. Let's suppose that I occasionally use an IMAP client that issues an EXPUNGE after I've inadvertently marked a lot of messages for deletion. Next time I've access to my usual computer with its POP client, I don't find those messages anymore. Wouldn't this need some kind of "IMAP expunge as flag" option as well? OK, probably splitting hairs... ;-) Axel From eugene at raptor.kiev.ua Sat May 4 13:29:37 2013 From: eugene at raptor.kiev.ua (Eugene Paskevich) Date: Sat, 04 May 2013 13:29:37 +0300 Subject: [Dovecot] dovecot antispam plugin is not woking In-Reply-To: <1367644424.30130.YahooMailNeo@web194006.mail.sg3.yahoo.com> References: <1367314604.74732.YahooMailNeo@web194001.mail.sg3.yahoo.com> <5183ADFB.9080207@middleearth.sapphiresunday.org> <1367644424.30130.YahooMailNeo@web194006.mail.sg3.yahoo.com> Message-ID: On Sat, 04 May 2013 08:13:44 +0300, Ravi Kanchan wrote: > But it is not woking in our setup its not block or marking SPAM mail > which is receiving through IMAP or POP3 services. Antispam plugin isn't supposed to block nor mark mails. It's only used to teach your spam system should it make an error. -- Eugene Paskevich | *==)----------- | Plug me into eugene at raptor.kiev.ua | -----------(==* | The Matrix From reuben-dovecot at reub.net Sat May 4 13:31:37 2013 From: reuben-dovecot at reub.net (Reuben Farrelly) Date: Sat, 04 May 2013 20:31:37 +1000 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <396E78AC-0A29-40A8-9BAA-B02D7B967609@swing.be> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <8BDD6399-C7AA-48C4-8062-1CA2C150F402@iki.fi> <396E78AC-0A29-40A8-9BAA-B02D7B967609@swing.be> Message-ID: <5184E389.50605@reub.net> On 4/05/2013 8:10 PM, Axel Luttgens wrote: > Le 4 mai 2013 ? 00:44, Timo Sirainen a ?crit : > >> I didn't ask what their main reason for this was, but for me it >> would be: "Oops, I accidentally configured my new email client as >> POP3 instead of IMAP, and now it deleted everything from my INBOX." >> With lazy_expunge the user would have to explicitly go and undelete >> the mails, and it would also undelete those mails that were >> intentionally deleted. With this feature nothing at all would go >> wrong on IMAP/webmail side. > > Hello Timo, > > I'll sure appear, once again, to be a bit dumb, but I'm somewhat > uncomfortable with that "POP3 deletion as a flag" option. > > As others already have noticed, this is liable to lead to confusion > in the user's mind as well as to privacy concerns. So in that case you won't turn the option on. The feature is just giving a mail administrator the option to enable it if they want to. I'd bet that most probably won't. Different story if the default would be changed and the feature would be on for unsuspecting admins. So I'd say Timo - go for it. As long as it is not defaulted to being enabled, then there's nothing to lose and everything to gain. I can't see any downsides to this? Reuben From odhiambo at gmail.com Sat May 4 13:32:07 2013 From: odhiambo at gmail.com (Odhiambo Washington) Date: Sat, 4 May 2013 13:32:07 +0300 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> Message-ID: What happens to quotas in places where it is enforced? Where does the undeleted mail go? Does it still count towards the quota? On 3 May 2013 19:14, Timo Sirainen wrote: > GMail doesn't delete mails when POP3 client issues a DELE command for it. > Instead they just become invisible for future POP3 sessions, but they still > exist for IMAP/webmail. The same could be implemented pretty easily for > Dovecot: > > - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted > - When DELEting a message, add this flag to the message. > - When listing messages, skip all messages that have this flag. > - Also hide this flag from IMAP clients(?) > > Thoughts? Probably 20 lines of new code. > > -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler." From tss at iki.fi Sat May 4 13:46:08 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 4 May 2013 13:46:08 +0300 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> Message-ID: <695D5109-C38D-4074-9921-07D90E94E631@iki.fi> On 4.5.2013, at 13.32, Odhiambo Washington wrote: > What happens to quotas in places where it is enforced? Where does the > undeleted mail go? Does it still count towards the quota? Good point. It does count towards quota. Worth mentioning also in the setting docs. The mail isn't really "deleted" from the IMAP point of view, it simply gets added that $POP3Deleted flag, so "undelete" is simply removing that flag with IMAP protocol. Also if wanted this could be combined with cronjob scripts and such to delete old mails, e.g.: doveadm expunge -A savedsince 1week keyword $POP3Deleted > On 3 May 2013 19:14, Timo Sirainen wrote: > >> GMail doesn't delete mails when POP3 client issues a DELE command for it. >> Instead they just become invisible for future POP3 sessions, but they still >> exist for IMAP/webmail. The same could be implemented pretty easily for >> Dovecot: >> >> - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted >> - When DELEting a message, add this flag to the message. >> - When listing messages, skip all messages that have this flag. >> - Also hide this flag from IMAP clients(?) >> >> Thoughts? Probably 20 lines of new code. >> >> > > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254733744121/+254722743223 > "I can't hear you -- I'm using the scrambler." From professa at dementianati.com Sat May 4 15:29:25 2013 From: professa at dementianati.com (Professa Dementia) Date: Sat, 04 May 2013 05:29:25 -0700 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <1367635083.3904.23.camel@tardis> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5183EC0D.7000803@sys4.de> <518412B9.4010605@dementianati.com> <1367635083.3904.23.camel@tardis> Message-ID: <5184FF25.1080504@dementianati.com> On 5/3/2013 7:38 PM, Noel Butler wrote: > > Incidentally, the last time I read the pop3 RFC, admittedly some decade > or so ago (and yeah it's likely been updated since?) I can not recall > there ever being a "MUST" or "SHOULD" when it comes to deleting > messages (it might have been deliberately omitted) apart from the > server MUST NOT delete messages that are not marked for deletion. FYI: In addition to the significant privacy and legal concerns, adding and enabling this option makes the server non-compliant. The section under "The UPDATE State" is clear about the behavior of the server: "The POP3 server removes all messages marked as deleted from the maildrop" Also note that I am only referring to the public version of the server. Whatever Timo wants to do for a special version for his client is up to him. It is he and his client who are legally responsible for their actions. Similarly, if some third party wants to take the source and modify it for themselves to make it non-compliant, then that is their business. They are legally responsible for their actions and have to answer for those actions if they end up violating any laws. I do not feel that an option like this should be in the public version of the server, however, even if it is off by default. Dem RFC 1939 "Post Office Protocol - Version 3" Under section 5 "The TRANSACTION State", Pages 7-8. DELE msg Arguments: a message-number (required) which may NOT refer to a message marked as deleted Restrictions: may only be given in the TRANSACTION state Discussion: The POP3 server marks the message as deleted. Any future reference to the message-number associated with the message in a POP3 command generates an error. The POP3 server does not actually delete the message until the POP3 session enters the UPDATE state. Under section 6 "The UPDATE State", Page 9. When the client issues the QUIT command from the TRANSACTION state, the POP3 session enters the UPDATE state. QUIT Arguments: none Restrictions: none Discussion: The POP3 server removes all messages marked as deleted from the maildrop and replies as to the status of this operation. From daniel at dlutt.de Sat May 4 16:06:11 2013 From: daniel at dlutt.de (Daniel Luttermann) Date: Sat, 4 May 2013 15:06:11 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <51849E1F.7010609@sys4.de> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> Message-ID: <1514081637.20130504150611@dlutt.de> On 2013-05-04, Robert Schetterer wrote: > Am 03.05.2013 23:34, schrieb Daniel Luttermann: >> Zum Einsatz kommt aktuell Postfix 2.10.0 und Dovecot 2.2.1. >> >> Die Dovecot Quota Konfiguration sieht so aus, wie bei sys4 >> beschrieben: >> >> service quota-status { >> executable = quota-status -p postfix >> unix_listener /var/spool/postfix/private/quota-status { >> group = postfix >> mode = 0660 >> user = postfix >> } >> client_limit = 1 >> } >> >> Mittlerweile habe ich schon einige Optionen und Berechtigungen >> ausprobiert, aber der Fehler bleibt leider der gleiche. >> >> Hat vielleicht jemand noch einen Tip? >> >> Danke schon mal. > besser hier nicht in deutsch.... sorry - I wanted to ask on the german Dovecot mailing list but sent this mail to the english list. > du solltest nur Dovecot 2.2.1 verwenden > der quota code in 2.1 ist "nicht voellig vollstaendig" > das setup sieht auf den ersten Blick ok aus Current I'm using Dovecot 2.2.1 and Postfix 2.10.0. > hast du es schon mal alternativ exakt wie beschrieben in > http://sys4.de/de/blog/2013/04/05/dovecot-quota-mit-postfix-abfragen/ > vor allem > quota_grace = 10%% > quota_status_success = DUNNO > quota_status_nouser = DUNNO > quota_status_overquota = "552 5.2.2 Mailbox is full / Mailbox ist voll" > etc nicht vergessen > getestet ? yes, I've tried this (see doveconf/postconf below). > alternativ versuch mal mode = 0666 > fuer mich sieht es wie ein permission Problem aus, das k?nnte > unterschiedlich sein je nach setup, user / group postfix muessen > existieren usw When I use service config { unix_listener config { group = mode = 0666 user = } } then the error "permission denied" doesn't occur anymore but the error warning: access table unix:private/quota-status entry has empty value is the same. The verbose logging shows this: ===== May 4 14:01:52 mail dovecot: quota-status(daniel at dlutt.de): Debug: acl vfile: Global ACL directory: /etc/dovecot/global-acls May 4 14:01:52 mail dovecot: quota-status(daniel at dlutt.de): Debug: Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no location=mdbox:%h/sdbox May 4 14:01:52 mail dovecot: quota-status(daniel at dlutt.de): Debug: shared: root=/usr/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= May 4 14:01:52 mail dovecot: quota-status(daniel at dlutt.de): Debug: acl: initializing backend with data: vfile:/etc/dovecot/global-acls:cache_secs=300 May 4 14:01:52 mail dovecot: quota-status(daniel at dlutt.de): Debug: acl: acl username = daniel at dlutt.de May 4 14:01:52 mail dovecot: quota-status(daniel at dlutt.de): Debug: acl: owner = 0 May 4 14:01:52 mail dovecot: quota-status(daniel at dlutt.de): Debug: acl vfile: Global ACL directory: /etc/dovecot/global-acls May 4 14:01:52 mail postfix/smtpd[26993]: private/quota-status: wanted attribute: action May 4 14:01:52 mail postfix/smtpd[26993]: input attribute name: action May 4 14:01:52 mail postfix/smtpd[26993]: input attribute value: (end) May 4 14:01:52 mail postfix/smtpd[26993]: private/quota-status: wanted attribute: (list terminator) May 4 14:01:52 mail postfix/smtpd[26993]: input attribute name: (end) May 4 14:01:52 mail postfix/smtpd[26993]: check_table_result: unix:private/quota-status policy query May 4 14:01:52 mail postfix/smtpd[26993]: warning: access table unix:private/quota-status entry has empty value May 4 14:01:52 mail postfix/smtpd[26993]: generic_checks: name=check_policy_service status=1 May 4 14:01:52 mail postfix/smtpd[26993]: >>> END Recipient address RESTRICTIONS <<< May 4 14:01:52 mail postfix/smtpd[26993]: >>> CHECKING RECIPIENT MAPS <<< May 4 14:01:52 mail postfix/smtpd[26993]: ctable_locate: move existing entry key daniel at dlutt.de .... .... May 4 14:01:53 mail dovecot: lmtp(27012): Debug: auth input: daniel at dlutt.de home=/home/vmail/dlutt.de/daniel uid=5000 gid=5000 quota_rule=*:bytes=900000000 May 4 14:01:53 mail dovecot: lmtp(27012): Debug: Added userdb setting: plugin/quota_rule=*:bytes=900000000 May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: Effective uid=5000, gid=5000, home=/home/vmail/dlutt.de/daniel May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: Quota root: name=User quota backend=dict args=:proxy::quota May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: Quota rule: root=User quota mailbox=* bytes=900000000 messages=0 May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: Quota rule: root=User quota mailbox=Trash bytes=+104857600 messages=0 May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: Quota warning: bytes=855000000 (95%) messages=0 reverse=no command=quota-warning 95 daniel at dlutt.de May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: Quota warning: bytes=720000000 (80%) messages=0 reverse=no command=quota-warning 80 daniel at dlutt.de May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: Quota grace: root=User quota bytes=90000000 (10%) May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: dict quota: user=daniel at dlutt.de, uri=proxy::quota, noenforcing=0 May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mdbox May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: fs: root=/home/vmail/dlutt.de/daniel/mdbox, index=, indexpvt=, control=, inbox=, alt= May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: acl: initializing backend with data: vfile:/etc/dovecot/global-acls:cache_secs=300 May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: acl: acl username = daniel at dlutt.de May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: acl: owner = 1 May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: acl vfile: Global ACL directory: /etc/dovecot/global-acls May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no location=mdbox:%h/sdbox May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: shared: root=/usr/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: acl: initializing backend with data: vfile:/etc/dovecot/global-acls:cache_secs=300 May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: acl: acl username = daniel at dlutt.de May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: acl: owner = 0 May 4 14:01:53 mail dovecot: lmtp(27012, daniel at dlutt.de): Debug: acl vfile: Global ACL directory: /etc/dovecot/global-acls ===== When I use the Dovecot default for the service "config" which is root:root, then I get this error (permission denied): May 4 14:46:51 mail postfix/postscreen[29225]: CONNECT from [2607:f8b0:4001:c02::229]:41474 to [2a00:1828:2000:206::2]:25 May 4 14:46:57 mail postfix/postscreen[29225]: PASS NEW [2607:f8b0:4001:c02::229]:41474 May 4 14:46:57 mail postfix/smtpd[29240]: connect from mail-ia0-x229.google.com[2607:f8b0:4001:c02::229] May 4 14:46:58 mail postfix/smtpd[29240]: NOQUEUE: reject: RCPT from mail-ia0-x229.google.com[2607:f8b0:4001:c02::229]: 450 4.7.1 : Recipient address rejected: Internal error occurred. Refer to server log for more information.; from= to= proto=ESMTP helo= May 4 14:46:58 mail dovecot: quota-status(daniel at dlutt.de): Error: user daniel at dlutt.de: Error reading configuration: net_connect_unix(/usr/var/run/dovecot/config) failed: Permission denied May 4 14:46:58 mail postfix/smtpd[29240]: disconnect from mail-ia0-x229.google.com[2607:f8b0:4001:c02::229] My Dovecot and Postfix config: doveconf -n =========== # 2.2.1: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 dict { acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext expire = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } hostname = mail.dlutt.de listen = 217.11.53.7 mail_debug = yes mail_location = mdbox:~/mdbox mail_plugins = acl quota expire mail_privileged_group = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { list = children location = mdbox:%%h/sdbox prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = proxy::acl expire = Trash expire2 = Junk expire_dict = proxy::expire mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = dict:User quota::proxy::quota quota_grace = 10%% quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Recipient mailbox is is full quota_status_success = DUNNO quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmaster at dlutt.de protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service dict { unix_listener dict { group = vmail mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { address = 127.0.0.1 port = 4190 } } service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0660 user = postfix } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } user = vmail } ssl_cert = References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5183EC0D.7000803@sys4.de> <518412B9.4010605@dementianati.com> <1367635083.3904.23.camel@tardis> <5184FF25.1080504@dementianati.com> Message-ID: <539181A6-B1DE-4EC8-A724-46AF6B7F37CE@iki.fi> On 4.5.2013, at 15.29, Professa Dementia wrote: >> Incidentally, the last time I read the pop3 RFC, admittedly some decade >> or so ago (and yeah it's likely been updated since?) I can not recall >> there ever being a "MUST" or "SHOULD" when it comes to deleting >> messages (it might have been deliberately omitted) apart from the >> server MUST NOT delete messages that are not marked for deletion. > > FYI: In addition to the significant privacy and legal concerns, adding and enabling this option makes the server non-compliant. The section under "The UPDATE State" is clear about the behavior of the server: > > "The POP3 server removes all messages marked as deleted from the maildrop" > > Also note that I am only referring to the public version of the server. Whatever Timo wants to do for a special version for his client is up to him. It is he and his client who are legally responsible for their actions. Similarly, if some third party wants to take the source and modify it for themselves to make it non-compliant, then that is their business. They are legally responsible for their actions and have to answer for those actions if they end up violating any laws. I do not feel that an option like this should be in the public version of the server, however, even if it is off by default. Kelsey already mentioned that lazy_expunge plugin has similar issues, and nobody has mentioned privacy concerns related to that.. I guess there should be something about it in the wiki. Also mdbox format doesn't physically delete the data until doveadm purge is run (if ever). So this isn't the first such feature. From anmeyer at anup.de Sat May 4 16:16:32 2013 From: anmeyer at anup.de (Andreas Meyer) Date: Sat, 4 May 2013 15:16:32 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <1514081637.20130504150611@dlutt.de> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> <1514081637.20130504150611@dlutt.de> Message-ID: <20130504151632.04f9806d@itxnew.bitcorner.intern> Daniel Luttermann wrote: > When I use > > service config { > unix_listener config { > group = > mode = 0666 > user = > } > } > > then the error "permission denied" doesn't occur anymore but the error > > warning: access table unix:private/quota-status entry has empty value I don't know if this is related to your problem but the error may be caused because of the doublespace between "entry" and "has". Timo has already recogniced this. Andreas From forum at dct.mine.nu Sat May 4 10:46:09 2013 From: forum at dct.mine.nu (Forum) Date: Sat, 04 May 2013 09:46:09 +0200 Subject: [Dovecot] dual stack issue In-Reply-To: <518384C1.20505@Message-ID.plonk.de> References: <70805cb6bdf07e7dcaae649b7ad0c594@decotrain.de> <518384C1.20505@Message-ID.plonk.de> Message-ID: <5184BCC1.10007@dct.mine.nu> Hello, Am 03.05.2013 11:34, schrieb Jakob Hirsch: > forum, 30.04.2013 16:55: > >> Now i have found the solution. >> It seems to help to ask you. ;) >> >> The solution was to change from >> listen = [::] >> to >> listen = *, [::] >> >> There is no explanation for it - just try and error ... > > This is not dovecot's fault. See here: http://serverfault.com/a/39561 I never write that something is the fault of dovecot. ;-) As i complain the configuration is not so easy as before. But what is the meaning of the addional "*," now? Listening specially to IPV4 and IPV6? > > In short: In Linux, binding to :: means "bind to both ipv6 and ipv4". > Setting /proc/sys/net/ipv6/bindv6only to 1 changes this behaviour, and > Debian had this by default in some testing versions of squeeze, as was > recently discussed on the asterisk-users list: > http://lists.digium.com/pipermail/asterisk-users/2013-March/278296.html Aha - thank you for this hint. I have an additional problem with a R8169 ethernet interface loosing IPV4 communication. But at this time the binding for IPV4 is not deactivated. root at PC# cat /proc/sys/net/ipv6/bindv6only 0 Regards Karsten From CMarcus at Media-Brokers.com Sat May 4 17:52:05 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sat, 04 May 2013 10:52:05 -0400 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51847C32.4050707@hardwarefreak.com> References: <51824B0C.9010609@Media-Brokers.com> <51834B8B.5080700@hardwarefreak.com> <51839FC5.3020504@Media-Brokers.com> <5183AEEF.2080700@hardwarefreak.com> <5183C7FD.5040004@Media-Brokers.com> <51847C32.4050707@hardwarefreak.com> Message-ID: <51852095.4040505@Media-Brokers.com> On 2013-05-03 11:10 PM, Stan Hoeppner wrote: > On 5/3/2013 9:21 AM, Charles Marcus wrote: >> On 2013-05-03 8:34 AM, Stan Hoeppner wrote: >>> I assume /var will hold user mail dirs. >> Yes, in /var/vmail >> >>> Do /var/ and /snaps reside on the same RAID array, physical disks? >> Yes - vmware host is a Dell R515, with ESXi installed to mirrored >> internal SATA drives, with 8 drives in RAID 10 for all of the VMs. All >> storage is this local storage (no SAN/NAS). > Your RAID10 is on a PERC correct? Correct... it is a PERC H700 (integrated) > You have four 7.2K SATA stripe spindles. Actually, no, I have 6 15k 450G SAS6G hard drives (Seagate Cheetah ST3450857SS) in this RAID10 array... :) > Do you mind posting the RAID10 strip/chunk size? The RAID geometry can be critical, not just for mail, but your entire VM setup. I just used the defaults when I created it (crossing fingers hoping that wasn't a huge mistake). But - I'm not sure how to provide the answer to the question (is my ignorance showing yet?)... > Also, what's your mdbox max file size? Haven't settled on that yet. I was thinking of using the defaults there too. I try to stay with defaults whenever possible, especially if I don't know enough to know why I would want to change something. >>> How about the other filesystems I snipped? If you have a large number >>> of filesystems atop the same RAID, some of them being XFS, this could >>> create a head thrashing problem under high load increasing latency and >>> thus response times. >> Ouch... > Don't fret yet. > >> This ESXi host also hosts 2 server 2008R2 vms... > So, what, 3 production VMs total? That shouldn't be a problem, > unless... (read below) > >>> Would you mind posting: ~$ xfs_info /dev/vg/var >> meta-data=/dev/mapper/vg-var isize=256 agcount=4, agsize=45875200 > ... >> meta-data=/dev/mapper/vg-snaps isize=256 agcount=4, agsize=262144 blks > Ok, good, mkfs gave you 4 AGs per filesystem, 8 between the two. This > shouldn't be a problem. Cool... > However, ISTR you mentioning that your users transfer multi-GB files, up > to 50GB, on a somewhat regular basis, to/from the file server over GbE > at ~80-100MB/s. If these big copies hit the same 4 RAID10 spindles it > may tend to decrease IMAP response times due to seek contention. This > has nothing to do with XFS. It's the nature of shared storage. I think you're confusing me/us with someone else. This is definitely not something our users do, not even close. We do deal with a lot of large email attachments though. I used to have a max size of 50MB, but reduced it to 25MB about 8 months ago (equivalent of google's max size)... So, looks like I'm fine with what I have now... Thanks again, -- Best regards, Charles From marc at perkel.com Sat May 4 18:20:10 2013 From: marc at perkel.com (Marc Perkel) Date: Sat, 04 May 2013 08:20:10 -0700 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51824B0C.9010609@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> Message-ID: <5185272A.5020402@perkel.com> On 5/2/2013 4:16 AM, Charles Marcus wrote: > Hello, > > I'm in the process of finalizing the spec for my new dovecot VM, and > this is the last question I need to address... > > I've read until I'm just about decided on XFS, but I have no > experience with it (been using reiserfs on my old box (@ 8 yrs old > now), and never had a problem (knock on wood), but considering its > current situation (little to no development support for reasons > everyone is aware of), I've decided now is the time to switch. It came > down to XFS or EXT4, and I like what I've read about XFS, but am > unsure how to tune it (or even if I should). > > I've decided to use mdbox for storage (been using maildir), and will > enable SIS for attachments. > > So, anyone (Stan?) have any suggestions? Should I go with EXT4? Or XFS > with just the defaults? Or XFS with one or more tuned parameters? > > Appreciate any suggestions (including links to docs dealing with > tuning XFS for my mail storage conditions that are written more at the > layman level) or comments from anyone experienced using both... > > Thanks, > For what it's worth if you can afford it I'd use SSD drives. My server screams since I went to SSD. From h.reindl at thelounge.net Sat May 4 18:50:47 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 04 May 2013 17:50:47 +0200 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <5185272A.5020402@perkel.com> References: <51824B0C.9010609@Media-Brokers.com> <5185272A.5020402@perkel.com> Message-ID: <51852E57.2040403@thelounge.net> Am 04.05.2013 17:20, schrieb Marc Perkel: > For what it's worth if you can afford it I'd use SSD drives. > My server screams since I went to SSD how long running? especially mailserver are write-expensive short ago where a large SSD advterised at heise which would be dead after a year with the writes of my personal home/virtualization server and the bad thing at SSD's is that the often die from one moment to the next while on rotating media you recognize usaully that a drive goes bad before it is completly gone -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From CMarcus at Media-Brokers.com Sat May 4 18:54:18 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sat, 04 May 2013 11:54:18 -0400 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <5185272A.5020402@perkel.com> References: <51824B0C.9010609@Media-Brokers.com> <5185272A.5020402@perkel.com> Message-ID: <51852F2A.1080304@Media-Brokers.com> On 2013-05-04 11:20 AM, Marc Perkel wrote: > For what it's worth if you can afford it I'd use SSD drives. My server > screams since I went to SSD. Hi Marc, You have no idea how much I would love to use SSDs for this. But the cost was simply not quite justified. The price keeps coming down on them though - even now, 10 months after buying these servers, the cost would probably be low enough that we may have actually done so, but it was going to be about double the cost of the 15k drives at the time we priced them. Next time, definitely... :) -- Best regards, Charles From rs at sys4.de Sat May 4 19:02:36 2013 From: rs at sys4.de (Robert Schetterer) Date: Sat, 04 May 2013 18:02:36 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <1367651529.7033.2.camel@tardis> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> <1367651529.7033.2.camel@tardis> Message-ID: <5185311C.2080100@sys4.de> Am 04.05.2013 09:12, schrieb Noel Butler: > The quota-grace I think was only bit not backported, is that right? > Did Timo do or announce plan to do this, or not happening for 2.1 only > 2.2? at my last knowledge it wasnt backported and it will never done, so with most setups, quota policy service in 2.1 is more or less useless in reality, cause lda or lmtp will do the bounce job, so mailboxes mostly may go never "over quota" but however Timo might have better answers Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Sat May 4 19:07:25 2013 From: rs at sys4.de (Robert Schetterer) Date: Sat, 04 May 2013 18:07:25 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <1514081637.20130504150611@dlutt.de> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> <1514081637.20130504150611@dlutt.de> Message-ID: <5185323D.2050508@sys4.de> Am 04.05.2013 15:06, schrieb Daniel Luttermann: > service quota-status { > client_limit = 1 > executable = quota-status -p postfix > unix_listener /var/spool/postfix/private/quota-status { > group = postfix > mode = 0660 > user = postfix > } try service quota-status { executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0666 user = postfix } client_limit = 1 } Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From vijayrajah at gmail.com Sat May 4 19:37:53 2013 From: vijayrajah at gmail.com (Vijay Rajah) Date: Sat, 4 May 2013 22:07:53 +0530 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: <5180FDF4.7040806@Media-Brokers.com> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> Message-ID: +1 This is holding up my migration to 2.2 Thanks to all the developer's for this amazing software.... On Wed, May 1, 2013 at 5:05 PM, Charles Marcus wrote: > On 2013-04-21 3:51 PM, Stephan Bosch wrote: > >> On 4/19/2013 7:53 AM, Eray Aslan wrote: >> >>> On Fri, Apr 19, 2013 at 12:41:26AM +0300, Timo Sirainen wrote: >>> >>>> http://dovecot.org/releases/2.**2/dovecot-2.2.1.tar.gz >>>> http://dovecot.org/releases/2.**2/dovecot-2.2.1.tar.gz.sig >>>> >>> Thanks. Any idea about when pigeonhole (v0.4.0?) for dovecot-2.2 will >>> be released? >>> >> >> There is one issue with the doveadm-sieve plugin that I need to solve >> before releasing it. That should happen some time in the coming week. >> > > Hi Stephan, > > Any update on when to expect this? > > The gentoo ebuild maintainer is waiting for the pigeonhole release before > updating the ebuild, and I'd like to get this installed on both my old and > new server prior to migrating the old one to the new one (so they'll both > be using the new dsync for migrating my 350+GB of mail), and am hoping to > do this in the next week or two... > > Thanks very much for your thankless efforts at keeping up with Timo's fast > paced releases! > > -- > > Best regards, > > Charles > > > From lists at luigirosa.com Sat May 4 19:41:25 2013 From: lists at luigirosa.com (Luigi Rosa) Date: Sat, 04 May 2013 18:41:25 +0200 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> Message-ID: <51853A35.1010502@luigirosa.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vijay Rajah said the following on 04/05/2013 18:37: > +1 This is holding up my migration to 2.2 > > Thanks to all the developer's for this amazing software.... I migrated a couple of servers with a hg clone http://hg.rename-it.nl/dovecot-2.2-pigeonhole/ It works. More info on http://pigeonhole.dovecot.org/download.html Ciao, luigi - -- / +--[Luigi Rosa]-- \ Life begins when you can spend your spare time programming instead of watching television. --Cal Keegan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlGFOjEACgkQ3kWu7Tfl6ZQJKwCgud6MDuO4ma43x5ydFXswClQz 9lEAn3c1rG7Pm23EexwqB+d2vVjUiS7O =8uQ/ -----END PGP SIGNATURE----- From Ralf.Hildebrandt at charite.de Sat May 4 20:03:21 2013 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Sat, 4 May 2013 19:03:21 +0200 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: <51853A35.1010502@luigirosa.com> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51853A35.1010502@luigirosa.com> Message-ID: <20130504170320.GJ15319@charite.de> * Luigi Rosa : > Vijay Rajah said the following on 04/05/2013 18:37: > > +1 This is holding up my migration to 2.2 > > > > Thanks to all the developer's for this amazing software.... > > I migrated a couple of servers with a > > hg clone http://hg.rename-it.nl/dovecot-2.2-pigeonhole/ > > It works. Same here. -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From ulrich-dovecot at topfen.net Sat May 4 20:25:30 2013 From: ulrich-dovecot at topfen.net (Ulrich Zehl) Date: Sat, 4 May 2013 19:25:30 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <5185311C.2080100@sys4.de> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> <1367651529.7033.2.camel@tardis> <5185311C.2080100@sys4.de> Message-ID: <20130504172530.GA25169@zwirn.topfen.net> On Sat, May 04, 2013 at 06:02:36PM +0200, Robert Schetterer wrote: > Am 04.05.2013 09:12, schrieb Noel Butler: > > The quota-grace I think was only bit not backported, is that right? > > Did Timo do or announce plan to do this, or not happening for 2.1 only > > 2.2? > > at my last knowledge it wasnt backported and it will never done, so with > most setups, quota policy service in 2.1 is more or less useless in > reality, cause lda or lmtp will do the bounce job, so mailboxes mostly > may go never "over quota" I haven't actually tried it yet, so this is just from looking at the source code: The policy service will reject (most) messages that would put a mailbox over the quota limit in both 2.1 and 2.2, won't it? That still seems very useful, compared to bouncing it later. From rs at sys4.de Sat May 4 20:34:44 2013 From: rs at sys4.de (Robert Schetterer) Date: Sat, 04 May 2013 19:34:44 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <20130504172530.GA25169@zwirn.topfen.net> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> <1367651529.7033.2.camel@tardis> <5185311C.2080100@sys4.de> <20130504172530.GA25169@zwirn.topfen.net> Message-ID: <518546B4.4020908@sys4.de> Am 04.05.2013 19:25, schrieb Ulrich Zehl: > On Sat, May 04, 2013 at 06:02:36PM +0200, Robert Schetterer wrote: >> Am 04.05.2013 09:12, schrieb Noel Butler: >>> The quota-grace I think was only bit not backported, is that right? >>> Did Timo do or announce plan to do this, or not happening for 2.1 only >>> 2.2? >> >> at my last knowledge it wasnt backported and it will never done, so with >> most setups, quota policy service in 2.1 is more or less useless in >> reality, cause lda or lmtp will do the bounce job, so mailboxes mostly >> may go never "over quota" > > I haven't actually tried it yet, so this is just from looking at the source > code: The policy service will reject (most) messages that would put a > mailbox over the quota limit in both 2.1 and 2.2, won't it? > That still seems very useful, compared to bouncing it later. > my understanding you need quota-grace to make sure mailbox get overquota for setup percent, if there ist no quota-grace ( like in 2.1.x ), most mail will be bounced by normal lda/lmtp quota rules , so policy quota always will seen some free space in the mailbox, unless the rare case that one ( last ) mail fits the mailbox quota in exact 100 percent Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From stephan at rename-it.nl Sat May 4 20:36:36 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Sat, 04 May 2013 19:36:36 +0200 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: <5180FDF4.7040806@Media-Brokers.com> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> Message-ID: <51854724.6000700@rename-it.nl> On 5/1/2013 1:35 PM, Charles Marcus wrote: > On 2013-04-21 3:51 PM, Stephan Bosch wrote: >> On 4/19/2013 7:53 AM, Eray Aslan wrote: >>> On Fri, Apr 19, 2013 at 12:41:26AM +0300, Timo Sirainen wrote: >>>> http://dovecot.org/releases/2.2/dovecot-2.2.1.tar.gz >>>> http://dovecot.org/releases/2.2/dovecot-2.2.1.tar.gz.sig >>> Thanks. Any idea about when pigeonhole (v0.4.0?) for dovecot-2.2 will >>> be released? >> >> There is one issue with the doveadm-sieve plugin that I need to solve >> before releasing it. That should happen some time in the coming week. > > Hi Stephan, > > Any update on when to expect this? Still working on issues with the doveadm-sieve plugin together with Timo. In every other respect it is ready for release. Pleas bear with us. Regards, Stephan. From CMarcus at Media-Brokers.com Sat May 4 20:53:14 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sat, 04 May 2013 13:53:14 -0400 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: <51854724.6000700@rename-it.nl> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51854724.6000700@rename-it.nl> Message-ID: <51854B0A.9010502@Media-Brokers.com> On 2013-05-04 1:36 PM, Stephan Bosch wrote: > On 5/1/2013 1:35 PM, Charles Marcus wrote: >> On 2013-04-21 3:51 PM, Stephan Bosch wrote: >>> There is one issue with the doveadm-sieve plugin that I need to >>> solve before releasing it. That should happen some time in the >>> coming week. >> Any update on when to expect this? > Still working on issues with the doveadm-sieve plugin together with > Timo. In every other respect it is ready for release. Pleas bear with us. No problem, knew you were working on it, we're just impatient for a formal release for 2.2... Thanks for your efforts, they are much appreciated! Charles From daniel at dlutt.de Sat May 4 22:11:35 2013 From: daniel at dlutt.de (Daniel Luttermann) Date: Sat, 4 May 2013 21:11:35 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <5185323D.2050508@sys4.de> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> <1514081637.20130504150611@dlutt.de> <5185323D.2050508@sys4.de> Message-ID: <1528587755.20130504211135@dlutt.de> On 2013-05-04, Robert Schetterer wrote: > Am 04.05.2013 15:06, schrieb Daniel Luttermann: >> service quota-status { >> client_limit = 1 >> executable = quota-status -p postfix >> unix_listener /var/spool/postfix/private/quota-status { >> group = postfix >> mode = 0660 >> user = postfix >> } > try > service quota-status { > executable = quota-status -p postfix > unix_listener /var/spool/postfix/private/quota-status { > group = postfix > mode = 0666 > user = postfix > } > client_limit = 1 > } OK, changed the permissions of the service as you suggested: srw-rw-rw- 1 postfix postfix 0 May 4 20:53 /var/spool/postfix/private/quota-status Log of the first incoming email: May 4 20:54:13 mail postfix/postscreen[12627]: CONNECT from [193.99.144.71]:46355 to [217.11.53.6]:25 May 4 20:54:13 mail postfix/postscreen[12627]: PASS OLD [193.99.144.71]:46355 May 4 20:54:13 mail postfix/smtpd[12631]: connect from web.heise.de[193.99.144.71] May 4 20:54:13 mail postfix/smtpd[12631]: warning: access table unix:private/quota-status entry has empty value Mail gets delivered... Second incoming email (mail.log) May 4 20:55:16 mail postfix/postscreen[12627]: CONNECT from [193.99.144.71]:33634 to [217.11.53.6]:25 May 4 20:55:16 mail postfix/postscreen[12627]: PASS OLD [193.99.144.71]:33634 May 4 20:55:16 mail postfix/smtpd[12631]: connect from web.heise.de[193.99.144.71] May 4 20:55:16 mail dovecot: quota-status(daniel at dlutt.de): Error: user daniel at dlutt.de: Error reading configuration: net_connect_unix(/usr/var/run/dovecot/config) failed: Permission denied May 4 20:55:16 mail postfix/smtpd[12631]: NOQUEUE: reject: RCPT from web.heise.de[193.99.144.71]: 450 4.7.1 : Recipient address rejected: Internal error occurred. Refer to server log for more information.; from= to= proto=ESMTP helo= May 4 20:55:16 mail postfix/smtpd[12631]: disconnect from web.heise.de[193.99.144.71] mail.warn: May 4 20:55:16 mail dovecot: quota-status(daniel at dlutt.de): Error: user daniel at dlutt.de: Error reading configuration: net_connect_unix(/usr/var/run/dovecot/config) failed: Permission denied Permissions of the Dovecot config service: srw------- 1 root root 0 May 4 20:53 /usr/var/run/dovecot/config Maybe the problem has something to do with the double space as pointed out by Andreas? "quota-status entry has empty value" -- Daniel From manu at netbsd.org Sun May 5 03:56:23 2013 From: manu at netbsd.org (Emmanuel Dreyfus) Date: Sun, 5 May 2013 02:56:23 +0200 Subject: [Dovecot] dovecot 2.2.0 corrupts mailboxes? Message-ID: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> Hi On april 17th, I upgraded from dovecot 2.1.13 to 2.2.0. Since that time, I had two different users that reported received three incident of messages that disapeared from their mailboxes. The mailbox format is mbox on local FFS filesystem (no NFS), and I use filesystem quotas (but both users are far from filling their quotas). When the message disapeared, it was always a whole rand of dates. On the last incident reported, the user also saw some message being duplicated many times. There is something interesting in the logs: May 4 20:16:30 volanges dovecot: imap(jdoe): Error: Cached message size smaller than expected (2000 < 8063) May 4 20:16:30 volanges dovecot: imap(jdoe): Error: Corrupted index cache file /mail/indexes/jdoe/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 141869 May 4 20:19:48 volanges dovecot: imap(jdoe): Error: Cached message size smaller than expected (9711 < 16248) May 4 20:19:48 volanges dovecot: imap(jdoe): Error: Corrupted index cache file /mail/indexes/jdoe/mail/.imap/Arxiv/dovecot.index.cache: Broken physical size for mail UID 4383 May 4 21:14:35 volanges dovecot: imap(jdoe): Error: Cached message size smaller than expected (1878 < 8066) May 4 21:14:35 volanges dovecot: imap(jdoe): Error: Corrupted index cache file /mail/indexes/jdoe/mail/.imap/CNRS/dovecot.index.cache: Broken physical size for mail UID 290 May 4 21:15:17 volanges dovecot: imap(jdoe): Error: Cached message size smaller than expected (17285 < 24440) May 4 21:15:17 volanges dovecot: imap(jdoe): Error: Corrupted index cache file /mail/indexes/jdoe/mail/.imap/Commandes/dovecot.index.cache: Broken physical size for mail UID 680 Does that ring a bell? I am tempted to downgrade to 2.1.13. Does it makes sense? Is it safe to do so? -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu at netbsd.org From rs at sys4.de Sun May 5 08:41:47 2013 From: rs at sys4.de (Robert Schetterer) Date: Sun, 05 May 2013 07:41:47 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <1528587755.20130504211135@dlutt.de> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> <1514081637.20130504150611@dlutt.de> <5185323D.2050508@sys4.de> <1528587755.20130504211135@dlutt.de> Message-ID: <5185F11B.3010204@sys4.de> Am 04.05.2013 21:11, schrieb Daniel Luttermann: > May 4 20:55:16 mail dovecot: quota-status(daniel at dlutt.de): Error: user daniel at dlutt.de: Error reading configuration: net_connect_unix(/usr/var/run/dovecot/config) failed: Permission denied > > Permissions of the Dovecot config service: > > srw------- 1 root root 0 May 4 20:53 /usr/var/run/dovecot/config > > Maybe the problem has something to do with the double space as pointed > out by Andreas? > > "quota-status entry has empty value" maybe, sorry i cant test it here yet, did you use latest code from http://hg.dovecot.org/dovecot-2.2/ seems like there was a patch http://hg.dovecot.org/dovecot-2.2/rev/aefdf65442cc Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From stan at hardwarefreak.com Sun May 5 13:00:57 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Sun, 05 May 2013 05:00:57 -0500 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51852095.4040505@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> <51834B8B.5080700@hardwarefreak.com> <51839FC5.3020504@Media-Brokers.com> <5183AEEF.2080700@hardwarefreak.com> <5183C7FD.5040004@Media-Brokers.com> <51847C32.4050707@hardwarefreak.com> <51852095.4040505@Media-Brokers.com> Message-ID: <51862DD9.9060409@hardwarefreak.com> On 5/4/2013 9:52 AM, Charles Marcus wrote: > On 2013-05-03 11:10 PM, Stan Hoeppner wrote: >> On 5/3/2013 9:21 AM, Charles Marcus wrote: >>> On 2013-05-03 8:34 AM, Stan Hoeppner wrote: >>>> I assume /var will hold user mail dirs. >>> Yes, in /var/vmail >>> >>>> Do /var/ and /snaps reside on the same RAID array, physical disks? >>> Yes - vmware host is a Dell R515, with ESXi installed to mirrored >>> internal SATA drives, with 8 drives in RAID 10 for all of the VMs. All >>> storage is this local storage (no SAN/NAS). >> Your RAID10 is on a PERC correct? > > Correct... it is a PERC H700 (integrated) Good. 512MB BBWC, LSI based IIRC. Should yield good performance with some margin of safety, though you're still vulnerable to guest fsync being buffered/ignored. Just make sure you disable all the individual drive caches via the H700 BIOS, Dell Linux software management utility (if there is one), Lifecycle manager, etc. I don't use Dell gear so I'm unable to give instructions. If the Dell RAID HBAs are worth their salt they'll disable drive caches automatically when you enable the BBWC. Some HBAs do this, some don't. Just keep in mind the safety net of BBWC is defeated if drive caches are enabled. >> You have four 7.2K SATA stripe spindles. > > Actually, no, I have 6 15k 450G SAS6G hard drives (Seagate Cheetah > ST3450857SS) in this RAID10 array... Directly up above you said 8 drives in RAID10. So to make sure we're all on the same page, you have 6x 450GB 15K SAS drives in RAID10, 3 stripe spindles, ~1.35TB raw. That's going to yield a non power of 2 stripe width, which I always try to avoid, though it's not a show stopper. >> Do you mind posting the RAID10 strip/chunk size? The RAID geometry can >> be critical, not just for mail, but your entire VM setup. > > I just used the defaults when I created it (crossing fingers hoping that > wasn't a huge mistake). With VMware, your workloads and user head count, it may make no visible difference. As a general rule for small random IO workloads (which covers most of what you do), smaller strips are better, 32-64KB max. If it defaulted to a 512KB or 1MB strip that's bad. Large strip sizes are really only beneficial for streaming write workloads. When you use large strips with small IO workloads you generally end up sending a disproportionate amount of writes/reads to each drive in the array, thus creating hotspots and decreasing the performance advantage of striping. I.e. you can end up making one disk work harder while the others sit idle more of the time. > But - I'm not sure how to provide the answer to > the question (is my ignorance showing yet?)... Fire up whatever tool Dell provides to manage the H700. You should be able to view all the current parameters of the controller. >> Also, what's your mdbox max file size? > > Haven't settled on that yet. I was thinking of using the defaults there > too. I try to stay with defaults whenever possible, especially if I > don't know enough to know why I would want to change something. IIRC the default is 2MB. The downside to a small value here is more metadata operations, more IOs for full text searches and longer search times, longer backup times, potentially greater filesystem fragmentation, etc. The two advantages I can think of are potentially fewer locking collisions, and a file corruption affects fewer emails. There may be others. With large mdbox sizes the negatives/positives above flip. As you increase the size the advantages become ever greater, up to a point. You obviously don't want to specify 1GB mdboxes. And if your users regularly send emails with 5MB+ PDF or TIFF attachments then 2MB is probably too small. Best advice? Take a poll of the list. You'll likely find people using between the 2MB default and 64MB. Some brave souls may be going larger. ... >> However, ISTR you mentioning that your users transfer multi-GB files, up >> to 50GB, on a somewhat regular basis, to/from the file server over GbE >> at ~80-100MB/s. If these big copies hit the same 4 RAID10 spindles it >> may tend to decrease IMAP response times due to seek contention. This >> has nothing to do with XFS. It's the nature of shared storage. > > I think you're confusing me/us with someone else. Highly possible, and I mean that sincerely. I help a lot of people across various lists. But ISTR when we were discussing your metro ethernet link the possibility of multi-GB file transfers causing contention problems with normal user traffic. Maybe that was your backup process I'm thinking of. That would make sense. > This is definitely not > something our users do, not even close. We do deal with a lot of large > email attachments though. I used to have a max size of 50MB, but reduced > it to 25MB about 8 months ago (equivalent of google's max size)... Get a good idea of what the current max email size is and size mdbox files accordingly. > So, looks like I'm fine with what I have now... You only have 3x 15K effective spindles, which seems a little lite generally, but you've got a decent RAID HBA with 512MB of BBWC which will help write latency tremendously. And you only ~70 users. Your current setup may be fine, as long as drive caches are disabled. Again, ask for other opinions on max mdbox size. -- Stan From stan at hardwarefreak.com Sun May 5 13:22:05 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Sun, 05 May 2013 05:22:05 -0500 Subject: [Dovecot] XFS vs EXT4 for mail storage In-Reply-To: <51852F2A.1080304@Media-Brokers.com> References: <51824B0C.9010609@Media-Brokers.com> <5185272A.5020402@perkel.com> <51852F2A.1080304@Media-Brokers.com> Message-ID: <518632CD.7000000@hardwarefreak.com> On 5/4/2013 10:54 AM, Charles Marcus wrote: > On 2013-05-04 11:20 AM, Marc Perkel wrote: >> For what it's worth if you can afford it I'd use SSD drives. My server >> screams since I went to SSD. > > Hi Marc, > > You have no idea how much I would love to use SSDs for this. But the > cost was simply not quite justified. > > The price keeps coming down on them though - even now, 10 months after > buying these servers, the cost would probably be low enough that we may > have actually done so, but it was going to be about double the cost of > the 15k drives at the time we priced them. > > Next time, definitely... :) The verdict is still out on use of "enterprise" SSDs. They've simply not been in use long enough en mass to know what the common failure modes are and what the real lifespan is. I personally wouldn't yet trust long term storage to them, though I have no problem using them for fast temporary storage for things like a busy mail queue. -- Stan From daniel at dlutt.de Sun May 5 13:34:22 2013 From: daniel at dlutt.de (Daniel Luttermann) Date: Sun, 5 May 2013 12:34:22 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <5185F11B.3010204@sys4.de> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> <1514081637.20130504150611@dlutt.de> <5185323D.2050508@sys4.de> <1528587755.20130504211135@dlutt.de> <5185F11B.3010204@sys4.de> Message-ID: <405502070.20130505123422@dlutt.de> On 2013-05-05, Robert Schetterer wrote: > Am 04.05.2013 21:11, schrieb Daniel Luttermann: >> May 4 20:55:16 mail dovecot: quota-status(daniel at dlutt.de): Error: user daniel at dlutt.de: Error reading configuration: net_connect_unix(/usr/var/run/dovecot/config) failed: Permission denied >> >> Permissions of the Dovecot config service: >> >> srw------- 1 root root 0 May 4 20:53 /usr/var/run/dovecot/config >> >> Maybe the problem has something to do with the double space as pointed >> out by Andreas? >> >> "quota-status entry has empty value" > maybe, sorry i cant test it here yet, > did you use latest code from > http://hg.dovecot.org/dovecot-2.2/ > seems like there was a patch > http://hg.dovecot.org/dovecot-2.2/rev/aefdf65442cc I've just compiled aefdf65442cc from source but the problem still exists, also the problem with the permissions of the Dovecot config service if I doesn't change the permission of the service. -- Daniel From r at sys4.de Sun May 5 13:47:59 2013 From: r at sys4.de (Ralf Hildebrandt) Date: Sun, 5 May 2013 12:47:59 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <51849E1F.7010609@sys4.de> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> Message-ID: <20130505104758.GD8732@sys4.de> * Robert Schetterer : > quota_grace = 10%% > quota_status_success = DUNNO > quota_status_nouser = DUNNO > quota_status_overquota = "552 5.2.2 Mailbox is full / Mailbox ist voll" The very last line "quota_status_overquota" doesn't work. No matter which kind of quoting I'm using ', "", or none at all, dovecot will always misbehave (it will accept ANY mail) -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From anmeyer at anup.de Sun May 5 13:58:26 2013 From: anmeyer at anup.de (Andreas Meyer) Date: Sun, 5 May 2013 12:58:26 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <20130505104758.GD8732@sys4.de> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> <20130505104758.GD8732@sys4.de> Message-ID: <20130505125826.3b9b3c29@itxnew.bitcorner.intern> Ralf Hildebrandt wrote: > * Robert Schetterer : > > > quota_grace = 10%% > > quota_status_success = DUNNO > > quota_status_nouser = DUNNO > > quota_status_overquota = "552 5.2.2 Mailbox is full / Mailbox ist voll" > > The very last line "quota_status_overquota" doesn't work. No matter > which kind of quoting I'm using ', "", or none at all, dovecot will > always misbehave (it will accept ANY mail) It would be desireable this feature in dovecot would work so that email would be rejected at first instance and not be bounced after they where accepted by the MDA. Nice Sunday! Andreas From deepakmdass88 at gmail.com Sat May 4 20:27:02 2013 From: deepakmdass88 at gmail.com (Deepak) Date: Sat, 4 May 2013 17:27:02 +0000 (UTC) Subject: [Dovecot] qmail-ldap LDA Delivery and sieve References: <1366232963.2414.110.camel@worklian> Message-ID: Hi I used the below filter in my dovecot-ldap-userdb.conf file, user_attrs = homeDirectory=home, uidNumber=uid, gidNumber=gid user_filter = (&(objectClass=posixAccount)(|(mail=%u)(mailAlternateAddress=%u) (uid=%u))) This above filter was working fine for me, and it's delivering fine for all the domains. seive is also working fine. The "-d" in dovecot-lda will do userdb lookup with ldap. From dirk.jahnke-zumbusch at desy.de Sun May 5 18:29:19 2013 From: dirk.jahnke-zumbusch at desy.de (dirk.jahnke-zumbusch at desy.de) Date: Sun, 5 May 2013 17:29:19 +0200 (CEST) Subject: [Dovecot] OT/about SSDs (was: XFS vs EXT4 for mail storage) In-Reply-To: <518632CD.7000000@hardwarefreak.com> References: <51824B0C.9010609@Media-Brokers.com> <5185272A.5020402@perkel.com> <51852F2A.1080304@Media-Brokers.com> <518632CD.7000000@hardwarefreak.com> Message-ID: <648026994.1120295.1367767759540.JavaMail.root@desy.de> Hi all, I found a reference about the robustness of SSDs (and rotating rust) on c0t0d0s0.org (http://www.c0t0d0s0.org/archives/7578-Switching-off-SSDs-and-the-consequences.html) pointing to this interesting paper: http://www.cse.ohio-state.edu/~zhengm/papers/2013_FAST_PowerFaultSSD.pdf Just in case you ever wondered what might happen to your SSDs if power fails. Cheers Dirk ----- Urspr?ngliche Mail ----- Von: "Stan Hoeppner" An: dovecot at dovecot.org Gesendet: Sonntag, 5. Mai 2013 12:22:05 Betreff: Re: [Dovecot] XFS vs EXT4 for mail storage On 5/4/2013 10:54 AM, Charles Marcus wrote: > On 2013-05-04 11:20 AM, Marc Perkel wrote: >> For what it's worth if you can afford it I'd use SSD drives. My server >> screams since I went to SSD. > > Hi Marc, > > You have no idea how much I would love to use SSDs for this. But the > cost was simply not quite justified. > > The price keeps coming down on them though - even now, 10 months after > buying these servers, the cost would probably be low enough that we may > have actually done so, but it was going to be about double the cost of > the 15k drives at the time we priced them. > > Next time, definitely... :) The verdict is still out on use of "enterprise" SSDs. They've simply not been in use long enough en mass to know what the common failure modes are and what the real lifespan is. I personally wouldn't yet trust long term storage to them, though I have no problem using them for fast temporary storage for things like a busy mail queue. -- Stan From rs at sys4.de Sun May 5 19:24:38 2013 From: rs at sys4.de (Robert Schetterer) Date: Sun, 05 May 2013 18:24:38 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <20130505104758.GD8732@sys4.de> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> <20130505104758.GD8732@sys4.de> Message-ID: <518687C6.7000001@sys4.de> Am 05.05.2013 12:47, schrieb Ralf Hildebrandt: > * Robert Schetterer : > >> quota_grace = 10%% >> quota_status_success = DUNNO >> quota_status_nouser = DUNNO >> quota_status_overquota = "552 5.2.2 Mailbox is full / Mailbox ist voll" > > The very last line "quota_status_overquota" doesn't work. No matter > which kind of quoting I'm using ', "", or none at all, dovecot will > always misbehave (it will accept ANY mail) > so its a bug, thx Ralf Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Sun May 5 19:28:21 2013 From: rs at sys4.de (Robert Schetterer) Date: Sun, 05 May 2013 18:28:21 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <20130505125826.3b9b3c29@itxnew.bitcorner.intern> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> <20130505104758.GD8732@sys4.de> <20130505125826.3b9b3c29@itxnew.bitcorner.intern> Message-ID: <518688A5.7030901@sys4.de> Am 05.05.2013 12:58, schrieb Andreas Meyer: > Ralf Hildebrandt wrote: > >> * Robert Schetterer : >> >>> quota_grace = 10%% >>> quota_status_success = DUNNO >>> quota_status_nouser = DUNNO >>> quota_status_overquota = "552 5.2.2 Mailbox is full / Mailbox ist voll" >> >> The very last line "quota_status_overquota" doesn't work. No matter >> which kind of quoting I'm using ', "", or none at all, dovecot will >> always misbehave (it will accept ANY mail) > > It would be desireable this feature in dovecot would work so that > email would be rejected at first instance and not be bounced after > they where accepted by the MDA. it should that work this way in 2.2.x quota_grace overides lmtp/lda quota settings in percent to make sure mailbox in fact is really over quota but looks like have a bug in recent versions with quota_status_overquota > > Nice Sunday! > > Andreas > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From h.reindl at thelounge.net Sun May 5 20:00:57 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 05 May 2013 19:00:57 +0200 Subject: [Dovecot] OT/about SSDs In-Reply-To: <648026994.1120295.1367767759540.JavaMail.root@desy.de> References: <51824B0C.9010609@Media-Brokers.com> <5185272A.5020402@perkel.com> <51852F2A.1080304@Media-Brokers.com> <518632CD.7000000@hardwarefreak.com> <648026994.1120295.1367767759540.JavaMail.root@desy.de> Message-ID: <51869049.3080309@thelounge.net> and this will hurt all the naive people which start buying large mid-range SSD storages and wake up from their dreams the hard way over the long it will take years until large storages are relieable enough for critical data if you are not a fortune company with endless money a rotating media will never die silently, a f**ing SD-card in my last phone refused to write any bit on it without any error message, i formatted it with several filesystems, let it completly oveeride with dd (/dev/zero and /dev/urandom) and after put the crap out of the card reader and insert it again the data where the same as 2 weeks ago the smartphones card-slot died BTW by overheat of the device most likely due this bahvior and did i say that dmesg or /var/log/messages did not contain a single line with a hint of a probelm due writing over hours on the card from this day on my opinion is that only a idiot stores critical data on this new shiny crap - and yes i know there are large differences between SSD and a SD-card, but that does not change the fact that such a behavior froma rotating media is impossible Am 05.05.2013 17:29, schrieb dirk.jahnke-zumbusch at desy.de: > I found a reference about the robustness of SSDs (and rotating rust) > on c0t0d0s0.org (http://www.c0t0d0s0.org/archives/7578-Switching-off-SSDs-and-the-consequences.html) > pointing to this interesting paper: > > http://www.cse.ohio-state.edu/~zhengm/papers/2013_FAST_PowerFaultSSD.pdf > > Just in case you ever wondered what might happen to your SSDs if power fails. > > ----- Urspr?ngliche Mail ----- > Von: "Stan Hoeppner" > An: dovecot at dovecot.org > Gesendet: Sonntag, 5. Mai 2013 12:22:05 > Betreff: Re: [Dovecot] XFS vs EXT4 for mail storage > > On 5/4/2013 10:54 AM, Charles Marcus wrote: >> On 2013-05-04 11:20 AM, Marc Perkel wrote: >>> For what it's worth if you can afford it I'd use SSD drives. My server >>> screams since I went to SSD. >> >> Hi Marc, >> >> You have no idea how much I would love to use SSDs for this. But the >> cost was simply not quite justified. >> >> The price keeps coming down on them though - even now, 10 months after >> buying these servers, the cost would probably be low enough that we may >> have actually done so, but it was going to be about double the cost of >> the 15k drives at the time we priced them. >> >> Next time, definitely... :) > > The verdict is still out on use of "enterprise" SSDs. They've simply > not been in use long enough en mass to know what the common failure > modes are and what the real lifespan is. I personally wouldn't yet > trust long term storage to them, though I have no problem using them for > fast temporary storage for things like a busy mail queue -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From skraw at ithnet.com Sun May 5 21:07:09 2013 From: skraw at ithnet.com (Stephan von Krawczynski) Date: Sun, 5 May 2013 20:07:09 +0200 Subject: [Dovecot] OT/about SSDs In-Reply-To: <51869049.3080309@thelounge.net> References: <51824B0C.9010609@Media-Brokers.com> <5185272A.5020402@perkel.com> <51852F2A.1080304@Media-Brokers.com> <518632CD.7000000@hardwarefreak.com> <648026994.1120295.1367767759540.JavaMail.root@desy.de> <51869049.3080309@thelounge.net> Message-ID: <20130505200709.6cb5b76c.skraw@ithnet.com> Honestly guys, most people really have no long-term experiences with flash memory, be it SSD or other forms of. I can tell you from continously using simple CF-Cards as harddisks for about 5 years that _none_ ever got corrupted. Not a single one in 5 years. Taking into account that CF is really no big hit in technology most people really only talking about fearing the black man when talking about flash disks of any kind. Please stop FUD and simply buy acceptable vendors. If you want to see real trouble then buy W* green IT 2 TB. I crashed 5 in a row within the first 3 months of usage. -- Regards, Stephan From delrio at mie.utoronto.ca Sun May 5 21:20:57 2013 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Sun, 05 May 2013 14:20:57 -0400 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> Message-ID: <5186A309.1090908@mie.utoronto.ca> On 03/05/2013 12:14 PM, Timo Sirainen wrote: > GMail doesn't delete mails when POP3 client issues a DELE command for it. Instead they just become invisible for future POP3 sessions, but they still exist for IMAP/webmail. The same could be implemented pretty easily for Dovecot: > > - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted > - When DELEting a message, add this flag to the message. > - When listing messages, skip all messages that have this flag. > - Also hide this flag from IMAP clients(?) > > Thoughts? Probably 20 lines of new code. > > Outlook live.com webmail has a special (virtual) folder called Deleted/POP and the following option: "If you use POP to download Outlook messages to another program, that program could make it so you can't read your messages on Outlook. (For example, this might happen if you use Mac Mail or Mozilla Thunderbird.) - Don't let another program delete messages from Outlook. (If your other program is set to "delete messages from the server," we'll simply move them to a special POP folder. They won't be deleted.) - Do what my other program says?if it says to delete messages, then delete them. " From professa at dementianati.com Sun May 5 22:06:39 2013 From: professa at dementianati.com (Professa Dementia) Date: Sun, 05 May 2013 12:06:39 -0700 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <5186A309.1090908@mie.utoronto.ca> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5186A309.1090908@mie.utoronto.ca> Message-ID: <5186ADBF.6000300@dementianati.com> On 5/5/2013 11:20 AM, Oscar del Rio wrote: > On 03/05/2013 12:14 PM, Timo Sirainen wrote: >> GMail doesn't delete mails when POP3 client issues a DELE command for >> it. Instead they just become invisible for future POP3 sessions, but >> they still exist for IMAP/webmail. The same could be implemented >> pretty easily for Dovecot: >> >> - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted >> - When DELEting a message, add this flag to the message. >> - When listing messages, skip all messages that have this flag. >> - Also hide this flag from IMAP clients(?) >> >> Thoughts? Probably 20 lines of new code. >> >> > > Outlook live.com webmail has a special (virtual) folder called > Deleted/POP and the following option: > > "If you use POP to download Outlook messages to another program, that > program could make it so you can't read your messages on Outlook. (For > example, this might happen if you use Mac Mail or Mozilla Thunderbird.) > - Don't let another program delete messages from Outlook. (If your other > program is set to "delete messages from the server," we'll simply move > them to a special POP folder. They won't be deleted.) > - Do what my other program says?if it says to delete messages, then > delete them. " > This is fine. The user is informed and makes a choice about the behavior of the server. The problem I have with the proposed changes by Timo is that the user is *not* informed and has no choice. The user may expect that the server behaves in a standard manner, but it may not, based on decisions of the system admin. The user has no way of knowing this behavior - only the system admin knows. Dem From tss at iki.fi Sun May 5 22:29:06 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 5 May 2013 22:29:06 +0300 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <5186ADBF.6000300@dementianati.com> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5186A309.1090908@mie.utoronto.ca> <5186ADBF.6000300@dementianati.com> Message-ID: <1CC2833D-82A2-4F63-8C1C-FA546BEA7677@iki.fi> On 5.5.2013, at 22.06, Professa Dementia wrote: > This is fine. The user is informed and makes a choice about the behavior of the server. The problem I have with the proposed changes by Timo is that the user is *not* informed and has no choice. The user may expect that the server behaves in a standard manner, but it may not, based on decisions of the system admin. The user has no way of knowing this behavior - only the system admin knows. Nothing prevents admin from creating a per-user setting in (e.g.) webmail where this behavior is enabled/disabled. From gedalya at gedalya.net Sun May 5 22:32:56 2013 From: gedalya at gedalya.net (Gedalya) Date: Sun, 05 May 2013 15:32:56 -0400 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <1CC2833D-82A2-4F63-8C1C-FA546BEA7677@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5186A309.1090908@mie.utoronto.ca> <5186ADBF.6000300@dementianati.com> <1CC2833D-82A2-4F63-8C1C-FA546BEA7677@iki.fi> Message-ID: <5186B3E8.6070701@gedalya.net> On 05/05/2013 03:29 PM, Timo Sirainen wrote: > On 5.5.2013, at 22.06, Professa Dementia wrote: > >> This is fine. The user is informed and makes a choice about the behavior of the server. The problem I have with the proposed changes by Timo is that the user is *not* informed and has no choice. The user may expect that the server behaves in a standard manner, but it may not, based on decisions of the system admin. The user has no way of knowing this behavior - only the system admin knows. > Nothing prevents admin from creating a per-user setting in (e.g.) webmail where this behavior is enabled/disabled. > I was just going to say that - dovecot is not a website or a GUI. But, how can this be applied per user? Can you elaborate? This might be a stupid question, I'm sorry :D From tss at iki.fi Sun May 5 22:40:32 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 5 May 2013 22:40:32 +0300 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <5186B3E8.6070701@gedalya.net> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5186A309.1090908@mie.utoronto.ca> <5186ADBF.6000300@dementianati.com> <1CC2833D-82A2-4F63-8C1C-FA546BEA7677@iki.fi> <5186B3E8.6070701@gedalya.net> Message-ID: On 5.5.2013, at 22.32, Gedalya wrote: > On 05/05/2013 03:29 PM, Timo Sirainen wrote: >> On 5.5.2013, at 22.06, Professa Dementia wrote: >> >>> This is fine. The user is informed and makes a choice about the behavior of the server. The problem I have with the proposed changes by Timo is that the user is *not* informed and has no choice. The user may expect that the server behaves in a standard manner, but it may not, based on decisions of the system admin. The user has no way of knowing this behavior - only the system admin knows. >> Nothing prevents admin from creating a per-user setting in (e.g.) webmail where this behavior is enabled/disabled. >> > I was just going to say that - dovecot is not a website or a GUI. But, how can this be applied per user? Can you elaborate? This might be a stupid question, I'm sorry :D http://wiki2.dovecot.org/UserDatabase/ExtraFields From gedalya at gedalya.net Sun May 5 22:43:40 2013 From: gedalya at gedalya.net (Gedalya) Date: Sun, 05 May 2013 15:43:40 -0400 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5186A309.1090908@mie.utoronto.ca> <5186ADBF.6000300@dementianati.com> <1CC2833D-82A2-4F63-8C1C-FA546BEA7677@iki.fi> <5186B3E8.6070701@gedalya.net> Message-ID: <5186B66C.90401@gedalya.net> On 05/05/2013 03:40 PM, Timo Sirainen wrote: > On 5.5.2013, at 22.32, Gedalya wrote: > >> On 05/05/2013 03:29 PM, Timo Sirainen wrote: >>> On 5.5.2013, at 22.06, Professa Dementia wrote: >>> >>>> This is fine. The user is informed and makes a choice about the behavior of the server. The problem I have with the proposed changes by Timo is that the user is *not* informed and has no choice. The user may expect that the server behaves in a standard manner, but it may not, based on decisions of the system admin. The user has no way of knowing this behavior - only the system admin knows. >>> Nothing prevents admin from creating a per-user setting in (e.g.) webmail where this behavior is enabled/disabled. >>> >> I was just going to say that - dovecot is not a website or a GUI. But, how can this be applied per user? Can you elaborate? This might be a stupid question, I'm sorry :D > http://wiki2.dovecot.org/UserDatabase/ExtraFields > Haha, I'm using extra fields actually, I guess I never properly read that page to understand what it can really do :D Thanks Timo. From noel.butler at ausics.net Mon May 6 02:59:04 2013 From: noel.butler at ausics.net (Noel Butler) Date: Mon, 06 May 2013 09:59:04 +1000 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <5184FF25.1080504@dementianati.com> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5183EC0D.7000803@sys4.de> <518412B9.4010605@dementianati.com> <1367635083.3904.23.camel@tardis> <5184FF25.1080504@dementianati.com> Message-ID: <1367798344.3919.15.camel@tardis> On Sat, 2013-05-04 at 05:29 -0700, Professa Dementia wrote: > On 5/3/2013 7:38 PM, Noel Butler wrote: > > > > > Incidentally, the last time I read the pop3 RFC, admittedly some decade > > or so ago (and yeah it's likely been updated since?) I can not recall > > there ever being a "MUST" or "SHOULD" when it comes to deleting > > messages (it might have been deliberately omitted) apart from the > > server MUST NOT delete messages that are not marked for deletion. > > FYI: In addition to the significant privacy and legal concerns, adding Hardly see it as that, I can hardly see ISP's etc using this option, especially since it still counts towards users quota, I'm sure the U.S. Govt would love this feature in there out of control power trips to spy on people, but in all honesty, it is likely to be used mostly, in the business world because your emails in work, are not yours, they are the property of your employers, and that's so in many EU jurisdictions as well. > and enabling this option makes the server non-compliant. The section > under "The UPDATE State" is clear about the behavior of the server: > > "The POP3 server removes all messages marked as deleted from the maildrop" > Did you read what I actually said? and in your quotation you have even verified it, RFC's are very clear about compliance instructions, by use of the words SHOULD, MUST, MUST NOT ... etc There is no such word in the RFC relating to deleting marked deleted messages, as you have also even quoted, therefore, Timo's proposed flags do not breach compliancy. > They are legally responsible for their actions and have to > answer for those actions if they end up violating any laws. I do not Of course, it's why it is not being a default action. > feel that an option like this should be in the public version of the > server, however, even if it is off by default. > > I can not understand why you are so outraged by this, if you feel so strongly, just don't enable the option, or is that too simple... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From me at junc.eu Mon May 6 02:59:43 2013 From: me at junc.eu (Benny Pedersen) Date: Mon, 06 May 2013 01:59:43 +0200 Subject: [Dovecot] =?utf-8?q?Pigeonhole_for_2=2E2=3F?= In-Reply-To: <20130504170320.GJ15319@charite.de> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51853A35.1010502@luigirosa.com> <20130504170320.GJ15319@charite.de> Message-ID: Ralf Hildebrandt skrev den 2013-05-04 19:03: >> hg clone http://hg.rename-it.nl/dovecot-2.2-pigeonhole/ >> It works. > Same here. and dovecot 1.x still works here, seems that dovecot 2.x still is unstable grounds for some users following this maillist i keep my problem going :) -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From h.reindl at thelounge.net Mon May 6 03:11:19 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 06 May 2013 02:11:19 +0200 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51853A35.1010502@luigirosa.com> <20130504170320.GJ15319@charite.de> Message-ID: <5186F527.7030501@thelounge.net> Am 06.05.2013 01:59, schrieb Benny Pedersen: > Ralf Hildebrandt skrev den 2013-05-04 19:03: > >>> hg clone http://hg.rename-it.nl/dovecot-2.2-pigeonhole/ >>> It works. >> Same here. > > and dovecot 1.x still works here, seems that dovecot 2.x still is unstable grounds for some users following this > maillist i keep my problem going :) and who forces you jumping to 2.2 right now? there is also 2.0 and 2.1 1.x does nobody interest since years -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From me at junc.eu Mon May 6 03:31:33 2013 From: me at junc.eu (Benny Pedersen) Date: Mon, 06 May 2013 02:31:33 +0200 Subject: [Dovecot] =?utf-8?q?Pigeonhole_for_2=2E2=3F?= In-Reply-To: <5186F527.7030501@thelounge.net> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51853A35.1010502@luigirosa.com> <20130504170320.GJ15319@charite.de> <5186F527.7030501@thelounge.net> Message-ID: <42c7e6bfcae94dd7dbe874f5391a1dcb@junc.eu> Reindl Harald skrev den 2013-05-06 02:11: > and who forces you jumping to 2.2 right now? missing good examples on maillist that it works > there is also 2.0 and 2.1 and it will be stable 2.3 ? > 1.x does nobody interest since years its removed in gentoo, funtoo, freebsd, opensuse, and properly other stupid os's, but why care ? -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From noel.butler at ausics.net Mon May 6 03:46:24 2013 From: noel.butler at ausics.net (Noel Butler) Date: Mon, 06 May 2013 10:46:24 +1000 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: <42c7e6bfcae94dd7dbe874f5391a1dcb@junc.eu> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51853A35.1010502@luigirosa.com> <20130504170320.GJ15319@charite.de> <5186F527.7030501@thelounge.net> <42c7e6bfcae94dd7dbe874f5391a1dcb@junc.eu> Message-ID: <1367801184.3919.25.camel@tardis> On Mon, 2013-05-06 at 02:31 +0200, Benny Pedersen wrote: > Reindl Harald skrev den 2013-05-06 02:11: > > > and who forces you jumping to 2.2 right now? > > missing good examples on maillist that it works > > > there is also 2.0 and 2.1 > 2.0 = abysmal 2.1 as of around 2.1.12-ish I deemed dovecot 2.anything, stable and production ready, it has yet to prove me wrong > and it will be stable 2.3 ? > The problem with dovecot is, Timo does not release rc's or beta's where this testing could show the bugs found and ironed out for a _real_ release this is why it often takes 10 or so point releases for most bugs to come to light and be fixed. I can assure you, I likely will not move production to 2.2 until 2.2.some_high_number > > 1.x does nobody interest since years > > its removed in gentoo, funtoo, freebsd, opensuse, and properly other > stupid os's, but why care ? Indeed, 1.2.x was essentially unbreakable, with only one minor irritation, but that would only occur maybe once a year and then only under certain circumstances, most 1.2.x users may never even see it. There is no reason why 1.2.16 (IIRC the latest) wont be production quality in another five or more years, unless a system crippling major mother of all exploits is found in it. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From reuben-dovecot at reub.net Mon May 6 03:56:28 2013 From: reuben-dovecot at reub.net (Reuben Farrelly) Date: Mon, 06 May 2013 10:56:28 +1000 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: <1367801184.3919.25.camel@tardis> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51853A35.1010502@luigirosa.com> <20130504170320.GJ15319@charite.de> <5186F527.7030501@thelounge.net> <42c7e6bfcae94dd7dbe874f5391a1dcb@junc.eu> <1367801184.3919.25.camel@tardis> Message-ID: <5186FFBC.7080603@reub.net> On 6/05/2013 10:46 AM, Noel Butler wrote: > The problem with dovecot is, Timo does not release rc's or beta's where > this testing could show the bugs found and ironed out for a _real_ > release this is why it often takes 10 or so point releases for most > bugs to come to light and be fixed. I can assure you, I likely will not > move production to 2.2 until 2.2.some_high_number Huh? http://www.dovecot.org/oldnews.html Shows at least two 2.2 betas and four RC's, seven RC's of 2.1, and three betas of 2.0. Reuben From noel.butler at ausics.net Mon May 6 05:02:44 2013 From: noel.butler at ausics.net (Noel Butler) Date: Mon, 06 May 2013 12:02:44 +1000 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: <5186FFBC.7080603@reub.net> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51853A35.1010502@luigirosa.com> <20130504170320.GJ15319@charite.de> <5186F527.7030501@thelounge.net> <42c7e6bfcae94dd7dbe874f5391a1dcb@junc.eu> <1367801184.3919.25.camel@tardis> <5186FFBC.7080603@reub.net> Message-ID: <1367805764.6645.5.camel@tardis> On Mon, 2013-05-06 at 10:56 +1000, Reuben Farrelly wrote: > On 6/05/2013 10:46 AM, Noel Butler wrote: > > The problem with dovecot is, Timo does not release rc's or beta's where > > this testing could show the bugs found and ironed out for a _real_ > > release this is why it often takes 10 or so point releases for most > > bugs to come to light and be fixed. I can assure you, I likely will not > > move production to 2.2 until 2.2.some_high_number > > Huh? > > http://www.dovecot.org/oldnews.html > > Shows at least two 2.2 betas and four RC's, seven RC's of 2.1, and three > betas of 2.0. > Well, things have changed, since Timo once said he wouldn't... however, unlike some apparently, I do not live on the website, I am however on announce list, and see no messages relating to beta's or rc's there (or here from memory), where one expects to be notified :) and since it's a long way from AU to FI, and very cloudy here lately, my ESP is failing me. PS I have not got it, but I see from this msg header you CC'd to me direct as well? why are you not honouring the list headers, which is set as reply-to list? Please fix your client. -------------- next part -------------- A non-text attachment was scrubbed... Name: face-smile.png Type: image/png Size: 873 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From reuben-dovecot at reub.net Mon May 6 05:20:55 2013 From: reuben-dovecot at reub.net (Reuben Farrelly) Date: Mon, 06 May 2013 12:20:55 +1000 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: <1367805764.6645.5.camel@tardis> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51853A35.1010502@luigirosa.com> <20130504170320.GJ15319@charite.de> <5186F527.7030501@thelounge.net> <42c7e6bfcae94dd7dbe874f5391a1dcb@junc.eu> <1367801184.3919.25.camel@tardis> <5186FFBC.7080603@reub.net> <1367805764.6645.5.camel@tardis> Message-ID: <51871387.90002@reub.net> On 6/05/2013 12:02 PM, Noel Butler wrote: > On Mon, 2013-05-06 at 10:56 +1000, Reuben Farrelly wrote: > >> On 6/05/2013 10:46 AM, Noel Butler wrote: >>> The problem with dovecot is, Timo does not release rc's or beta's where >>> this testing could show the bugs found and ironed out for a _real_ >>> release this is why it often takes 10 or so point releases for most >>> bugs to come to light and be fixed. I can assure you, I likely will not >>> move production to 2.2 until 2.2.some_high_number >> >> Huh? >> >> http://www.dovecot.org/oldnews.html >> >> Shows at least two 2.2 betas and four RC's, seven RC's of 2.1, and three >> betas of 2.0. >> > > > Well, things have changed, since Timo once said he wouldn't... however, > unlike some apparently, I do not live on the website, I am however on > announce list, and see no messages relating to beta's or rc's there (or > here from memory), where one expects to be notified :) and since it's a > long way from AU to FI, and very cloudy here lately, my ESP is failing > me. No need for ESP. This very mailing list you are subscribed to now got all those announcements. You don't even need to check the website. The NEWS list also received all of these: http://www.dovecot.org/list/dovecot-news/ Examples: http://www.dovecot.org/list/dovecot/2013-January/140156.html http://www.dovecot.org/list/dovecot/2012-January/062944.html http://www.dovecot.org/list/dovecot/2010-August/051544.html I'm also in Australia and have no problems seeing these messages from FI. > PS > I have not got it, but I see from this msg header you CC'd to me direct > as well? why are you not honouring the list headers, which is set as > reply-to list? Please fix your client. That's what happens when you use Reply-All. Not much chance of having Thunderbird 17 "fixed" given Mozilla are winding down support for it. My postfix logs show that your mail server accepted the mail from me at 10:56am and gave me a "250 2.0.0 OK" - which is 90 minutes ago. Perhaps you might want to arrange for someone to fix your mail server, because you also obviously aren't receiving all the mails from all the lists you claim to be subscribed to, nor the one that my server sent you directly. There are plenty of people on this list who can probably help you with these rather complex mail issues you are experiencing ;) Reuben From noel.butler at ausics.net Mon May 6 10:09:14 2013 From: noel.butler at ausics.net (Noel Butler) Date: Mon, 06 May 2013 17:09:14 +1000 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: <51871387.90002@reub.net> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51853A35.1010502@luigirosa.com> <20130504170320.GJ15319@charite.de> <5186F527.7030501@thelounge.net> <42c7e6bfcae94dd7dbe874f5391a1dcb@junc.eu> <1367801184.3919.25.camel@tardis> <5186FFBC.7080603@reub.net> <1367805764.6645.5.camel@tardis> <51871387.90002@reub.net> Message-ID: <1367824154.8412.26.camel@tardis> On Mon, 2013-05-06 at 12:20 +1000, Reuben Farrelly wrote: > Examples: > > http://www.dovecot.org/list/dovecot/2013-January/140156.html > http://www.dovecot.org/list/dovecot/2012-January/062944.html > http://www.dovecot.org/list/dovecot/2010-August/051544.html > I 've kept messages from this list since its last clean-out, in 08, those message do not appear, it seems on jan 13, dovecots mail server had no PTR entry, seems 11 messages in total missing - not my problem, no idea about earlier examples, cant be bothered getting out the tape and checking. > I'm also in Australia and have no problems seeing these messages from FI. you missed the point of my "smart arse" remark > > My postfix logs show that your mail server accepted the mail from me at > 10:56am and gave me a "250 2.0.0 OK" - which is 90 minutes ago. > > Perhaps you might want to arrange for someone to fix your mail server, > because you also obviously aren't receiving all the mails from all the Well, since you're so concerned, I'll go look .... /me back .. no problem exists, amavisd nuked it, it seems one of the clamav extras rulesets triggered, it just doesn't like you it seems. > directly. There are plenty of people on this list who can probably help > you with these rather complex mail issues you are experiencing ;) > *chuckles* I'm rather happy with the way my anti-spam does its job, although not identical to the commercial servers since there are too many dummies running mail hosting servers and vps's,and that includes idiots in govt IT units, there have been no complaints in a long time, well, since we ceased using SORBS anyway. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From h.reindl at thelounge.net Mon May 6 12:00:46 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 06 May 2013 11:00:46 +0200 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: <1367805764.6645.5.camel@tardis> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51853A35.1010502@luigirosa.com> <20130504170320.GJ15319@charite.de> <5186F527.7030501@thelounge.net> <42c7e6bfcae94dd7dbe874f5391a1dcb@junc.eu> <1367801184.3919.25.camel@tardis> <5186FFBC.7080603@reub.net> <1367805764.6645.5.camel@tardis> Message-ID: <5187713E.7080309@thelounge.net> Am 06.05.2013 04:02, schrieb Noel Butler: > On Mon, 2013-05-06 at 10:56 +1000, Reuben Farrelly wrote: > >> On 6/05/2013 10:46 AM, Noel Butler wrote: >>> The problem with dovecot is, Timo does not release rc's or beta's where >>> this testing could show the bugs found >> >> http://www.dovecot.org/oldnews.html >> >> Shows at least two 2.2 betas and four RC's, seven RC's of 2.1, and three >> betas of 2.0. > > Well, things have changed, since Timo once said he wouldn't... however, > unlike some apparently, I do not live on the website > > http://www.dovecot.org/list/dovecot/2013-January/140156.html > http://www.dovecot.org/list/dovecot/2012-January/062944.html > http://www.dovecot.org/list/dovecot/2010-August/051544.html > > I 've kept messages from this list since its last clean-out, in 08, > those message do not appear, it seems on jan 13, dovecots mail server > had no PTR entry, seems 11 messages in total missing - not my problem stop this bullshit! http://www.dovecot.org/list/dovecot/2013-January/140156.html Received: from dovecot.org (dovecot.org [193.210.130.67]) -------- Original-Nachricht -------- Betreff: [Dovecot-news] v2.2.beta1 released Datum: Mon, 07 Jan 2013 12:33:05 +0200 Von: Timo Sirainen Antwort an: dovecot at dovecot.org An: dovecot-news at dovecot.org, dovecot at dovecot.org http://dovecot.org/releases/2.2/beta/dovecot-2.2.beta1.tar.gz http://dovecot.org/releases/2.2/beta/dovecot-2.2.beta1.tar.gz.sig Lots of fixes since 2.2.alpha1, especially related to dsync. Also dsync now supports syncing private message flags when INDEXPVT is used. Here's again the list of all the major changes in v2.2: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From CMarcus at Media-Brokers.com Mon May 6 14:52:02 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 06 May 2013 07:52:02 -0400 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: <51871387.90002@reub.net> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51853A35.1010502@luigirosa.com> <20130504170320.GJ15319@charite.de> <5186F527.7030501@thelounge.net> <42c7e6bfcae94dd7dbe874f5391a1dcb@junc.eu> <1367801184.3919.25.camel@tardis> <5186FFBC.7080603@reub.net> <1367805764.6645.5.camel@tardis> <51871387.90002@reub.net> Message-ID: <51879962.3020303@Media-Brokers.com> On 2013-05-05 10:20 PM, Reuben Farrelly wrote: > On 6/05/2013 12:02 PM, Noel Butler wrote: >> I have not got it, but I see from this msg header you CC'd to me direct >> as well? why are you not honouring the list headers, which is set as >> reply-to list? Please fix your client. > > That's what happens when you use Reply-All. Not much chance of having > Thunderbird 17 "fixed" given Mozilla are winding down support for it. Thunderbird has had Reply-To-List for a long time now... But I agree, an intelligent 'Reply' button that automatically honored explicit Reply-To header, or if none present, automatically used Reply-To-List when list headers are present, and fell back to just 'Reply' if none of the above. Bug/Feature Request added: https://bugzilla.mozilla.org/show_bug.cgi?id=868961 Feel free to vote for it... -- Best regards, Charles From amateo at um.es Mon May 6 15:12:14 2013 From: amateo at um.es (Angel L. Mateo) Date: Mon, 06 May 2013 14:12:14 +0200 Subject: [Dovecot] dsyncing lazy_expunge namespace Message-ID: <51879E1E.2020700@um.es> Hello, I'm in the process of migrating mailbox from one dovecot server running dovecot 2.1.9 with mailboxes stored in maildir format to a newer one running 2.1.16 with mailboxes stored in mdbox format. To migrate mailboxes I'm using dsync as explained at http://wiki2.dovecot.org/Tools/Dsync. The command I'm running in the newer server is: sudo dsync -o mailbox_list_index=no mirror -R -u imapc: The mailbox of the user is correctly synced to the newer server, except the lazy_expunge namespace, which is not synced at all. The config in my old server is: namespace { # hidden = yes # list = no # Temporally, only for migration hidden = no list = yes location = maildir:~/Maildir/expunged prefix = BORRADOS. separator = . } and in the newer one is: namespace { hidden = yes list = no location = mdbox:%h/expunged:INDEX=/mail/indexes/%2Ln/%Ln/expunged prefix = BORRADOS/ separator = / } With a tcpdump I have checked that old servers list the namefolder, this is the IMAP dialog for an example user: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 2 AUTHENTICATE PLAIN YW5nZWwubHVpcwBtYXN0ZXIAVkFzR293ZW0= 2 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE QUOTA ACL RIGHTS=texk] Logged in 1 LIST "" "" * LIST (\Noselect) "." "" 1 OK List completed. 3 LIST "" "*" * LIST (\HasNoChildren) "." "SPAM" * LIST (\HasNoChildren) "." "Trash" * LIST (\HasNoChildren) "." "Drafts" * LIST (\HasNoChildren) "." "INBOX" * LIST (\Noselect \HasNoChildren) "." "BORRADOS" 3 OK List completed. 4 STATUS "SPAM" (UIDNEXT UIDVALIDITY) * STATUS "SPAM" (UIDNEXT 3 UIDVALIDITY 1316372649) 4 OK Status completed. 5 EXAMINE "SPAM" * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) ... But "BORRADOS" is never selected in the rest of the dialog. Any idea? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 868888337 From dave.gattis at suhner.com Mon May 6 15:22:59 2013 From: dave.gattis at suhner.com (Dave Gattis) Date: Mon, 6 May 2013 08:22:59 -0400 Subject: [Dovecot] =?utf-8?q?Pigeonhole_for_2=2E2=3F?= In-Reply-To: <1367824154.8412.26.camel@tardis> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51853A35.1010502@luigirosa.com> <20130504170320.GJ15319@charite.de> <5186F527.7030501@thelounge.net> <42c7e6bfcae94dd7dbe874f5391a1dcb@junc.eu> <1367801184.3919.25.camel@tardis> <5186FFBC.7080603@reub.net> <1367805764.6645.5.camel@tardis> <51871387.90002@reub.net> <1367824154.8412.26.camel@tardis> Message-ID: Maybe you should ask for a refund, or assist with the next version. You do program, right? Dave On 2013-05-06 03:09, Noel Butler wrote: > On Mon, 2013-05-06 at 12:20 +1000, Reuben Farrelly wrote: > > >> Examples: >> >> http://www.dovecot.org/list/dovecot/2013-January/140156.html >> http://www.dovecot.org/list/dovecot/2012-January/062944.html >> http://www.dovecot.org/list/dovecot/2010-August/051544.html >> > > > I 've kept messages from this list since its last clean-out, in 08, > those message do not appear, it seems on jan 13, dovecots mail server > had no PTR entry, seems 11 messages in total missing - not my problem, > no idea about earlier examples, cant be bothered getting out the tape > and checking. > > >> I'm also in Australia and have no problems seeing these messages from >> FI. > > you missed the point of my "smart arse" remark > > >> >> My postfix logs show that your mail server accepted the mail from me >> at >> 10:56am and gave me a "250 2.0.0 OK" - which is 90 minutes ago. >> >> Perhaps you might want to arrange for someone to fix your mail >> server, >> because you also obviously aren't receiving all the mails from all >> the > > > Well, since you're so concerned, I'll go look .... /me back .. no > problem exists, amavisd nuked it, it seems one of the clamav extras > rulesets triggered, it just doesn't like you it seems. > > > >> directly. There are plenty of people on this list who can probably >> help >> you with these rather complex mail issues you are experiencing ;) >> > > > *chuckles* I'm rather happy with the way my anti-spam does its job, > although not identical to the commercial servers since there are too > many dummies running mail hosting servers and vps's,and that includes > idiots in govt IT units, there have been no complaints in a long > time, > well, since we ceased using SORBS anyway. From AxelLuttgens at swing.be Mon May 6 16:39:16 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Mon, 6 May 2013 15:39:16 +0200 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <1367798344.3919.15.camel@tardis> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5183EC0D.7000803@sys4.de> <518412B9.4010605@dementianati.com> <1367635083.3904.23.camel@tardis> <5184FF25.1080504@dementianati.com> <1367798344.3919.15.camel@tardis> Message-ID: <774F6569-6C11-4FBB-8D02-5D7CB51E3581@swing.be> Le 6 mai 2013 ? 01:59, Noel Butler a ?crit : > On Sat, 2013-05-04 at 05:29 -0700, Professa Dementia wrote: > >> [...] >> and enabling this option makes the server non-compliant. The section >> under "The UPDATE State" is clear about the behavior of the server: >> >> "The POP3 server removes all messages marked as deleted from the maildrop" >> > > > Did you read what I actually said? and in your quotation you have even > verified it, RFC's are very clear about compliance instructions, by use > of the words SHOULD, MUST, MUST NOT ... etc > > There is no such word in the RFC relating to deleting marked deleted > messages, as you have also even quoted, therefore, Timo's proposed flags > do not breach compliancy. Hmmm... Let's consider the RFC's part related to, for example, the TOP command: If the POP3 server issues a positive response, then the response given is multi-line. After the initial +OK, the POP3 server sends the headers of the message, the blank line separating the headers from the body, and then the number of lines of the indicated message's body, being careful to byte-stuff the termination character (as with all multi-line responses). So, no MUST keyword there. Would this mean that a server sending garbage after a positive response is a compliant one? > [...] > I can not understand why you are so outraged by this, if you feel so > strongly, just don't enable the option, or is that too simple... Don't know whether Dem felt outraged, but it could well be that Timo's proposal came with a context making the risk of being non-compliant more obvious: it could have been understood as requiring a POP user to check with an IMAP client for the effective deletion of messages, even if that user already has explicitly required the deletion through the POP protocol. There's something more ambiguous than, say, an mis-configured server with [sm]dbox yet without periodic purge. Axel From tss at iki.fi Mon May 6 17:07:15 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 06 May 2013 17:07:15 +0300 Subject: [Dovecot] dsyncing lazy_expunge namespace In-Reply-To: <51879E1E.2020700@um.es> References: <51879E1E.2020700@um.es> Message-ID: <1367849235.13573.8.camel@innu> On Mon, 2013-05-06 at 14:12 +0200, Angel L. Mateo wrote: > Hello, > > I'm in the process of migrating mailbox from one dovecot server running > dovecot 2.1.9 with mailboxes stored in maildir format to a newer one > running 2.1.16 with mailboxes stored in mdbox format. > > To migrate mailboxes I'm using dsync as explained at > http://wiki2.dovecot.org/Tools/Dsync. The command I'm running in the > newer server is: > > sudo dsync -o mailbox_list_index=no mirror -R -u imapc: > > The mailbox of the user is correctly synced to the newer server, except > the lazy_expunge namespace, which is not synced at all. dsync syncs only one namespace, except with v2.2 you can give -N parameter to sync all of them. With v2.1 you can specify which namespace to sync with "-n BORRADOS/" parameter (not sure how it's going to work with different separators). From mstevens at imt-systems.com Mon May 6 17:20:52 2013 From: mstevens at imt-systems.com (Morten Stevens) Date: Mon, 06 May 2013 16:20:52 +0200 Subject: [Dovecot] dovecot 2.2.0 corrupts mailboxes? In-Reply-To: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> References: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> Message-ID: <5187BC44.9040904@imt-systems.com> On 05.05.2013 02:56, Emmanuel Dreyfus wrote: > May 4 20:16:30 volanges dovecot: imap(jdoe): Error: Cached message size > smaller than expected (2000 < 8063) > May 4 20:16:30 volanges dovecot: imap(jdoe): Error: Corrupted index > cache file /mail/indexes/jdoe/.imap/INBOX/dovecot.index.cache: Broken > physical size for mail UID 141869 > May 4 20:19:48 volanges dovecot: imap(jdoe): Error: Cached message size > smaller than expected (9711 < 16248) > May 4 20:19:48 volanges dovecot: imap(jdoe): Error: Corrupted index > cache file /mail/indexes/jdoe/mail/.imap/Arxiv/dovecot.index.cache: > Broken physical size for mail UID 4383 > May 4 21:14:35 volanges dovecot: imap(jdoe): Error: Cached message size > smaller than expected (1878 < 8066) > May 4 21:14:35 volanges dovecot: imap(jdoe): Error: Corrupted index > cache file /mail/indexes/jdoe/mail/.imap/CNRS/dovecot.index.cache: > Broken physical size for mail UID 290 > May 4 21:15:17 volanges dovecot: imap(jdoe): Error: Cached message size > smaller than expected (17285 < 24440) > May 4 21:15:17 volanges dovecot: imap(jdoe): Error: Corrupted index > cache file /mail/indexes/jdoe/mail/.imap/Commandes/dovecot.index.cache: > Broken physical size for mail UID 680 > > Does that ring a bell? I am tempted to downgrade to 2.1.13. Does it > makes sense? Is it safe to do so? This bug has been fixed with dovecot 2.1.14. Please check: http://hg.dovecot.org/dovecot-2.1/rev/0b0399f1b6aa http://dovecot.org/list/dovecot/2013-February/088313.html Best regards, Morten From tss at iki.fi Mon May 6 17:30:51 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 6 May 2013 17:30:51 +0300 Subject: [Dovecot] doveadm search causes replication error message In-Reply-To: <20130425105120.3e38a9c3@lists.wgwh.ch> References: <20130425105120.3e38a9c3@lists.wgwh.ch> Message-ID: On 25.4.2013, at 11.51, Oli Schacher wrote: > # 2.2.1 (83d83f55e5c2+) / dsync replicated setup > > I just noticed that 'doveadm search' apparently tries to replicate > mailboxes and spits out errors if a mailbox in the search query is not > found: > > #doveadm search -u user at example.com mailbox Spamreport > doveadm(user at example.com): Error: Syncing mailbox Spamreport > failed: Mailbox doesn't exist: Spamreport > > this is especially problematic with -A searches as this causes a error > message for every user which doesn't have that folder. > Is this a bug or intended behaviour? Should I just 2>/dev/null these > errors in doveadm scripts? Not related to replication, but yeah, probably better to just ignore nonexistent mailboxes. Changed in hg. From tss at iki.fi Mon May 6 17:37:58 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 6 May 2013 17:37:58 +0300 Subject: [Dovecot] dovecot stats In-Reply-To: References: Message-ID: <28C0B64D-85F1-4A58-A5DF-1FE65D289BED@iki.fi> On 29.4.2013, at 15.30, Jan-Frode Myklebust wrote: > I just upgraded one of our servers to dovecot v2.1.16 (ee), and am looking > into the stats feature. Am I interpreting the wiki correct in reading that > the "doveadm stats dump command" only returns statistics about IMAP > commands? Right. > Is it possible to collect info about POP3 and LMTP commands also ? No. I think they would be pretty boring statistics, since with POP3 pretty much everything causing disk I/O or CPU usage would be RETRs and with LMTP everything would be DATAs. > Also, is "doveadm stats dump command" telling me the results of all > commands that has finished the last stats_command_min_time, or will it > maybe contain much more than 1 minute of activity ? It can contain much more. The stats process will keep as much data in memory as possible until it reaches the stats_memory_limit. The doveadm stats dump lists everything that the stats process knows. From tss at iki.fi Mon May 6 17:40:02 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 6 May 2013 17:40:02 +0300 Subject: [Dovecot] many SSH connexions with dsynx/SSH replication In-Reply-To: <20130429094843.GB5707@homeworld.netbsd.org> References: <20130429094843.GB5707@homeworld.netbsd.org> Message-ID: <443746C9-B4C0-47B4-96CD-268371958BB6@iki.fi> On 29.4.2013, at 12.48, Emmanuel Dreyfus wrote: > I am trying replication over dsync/ssh, as explained there: > http://wiki2.dovecot.org/Replication > > I added the options below to dovecot.conf. It works, but it > seems there is a new SSH connexion for each user, which is a bit > overkill performance-wise. Since I sync as root, I guess there > is a way of haing everything on the same SSH connexion? Nope. Separate connection every time. Also IIRC dsync permanently drops to user privileges, so it couldn't even reuse it for another user with different UID. Use tcp/tcps for better performance. From tss at iki.fi Mon May 6 17:43:03 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 6 May 2013 17:43:03 +0300 Subject: [Dovecot] SELECT/EXAMINE don't report URLMECH In-Reply-To: <377B5C06-4B20-4322-B3DB-6F15E0B6A728@apple.com> References: <377B5C06-4B20-4322-B3DB-6F15E0B6A728@apple.com> Message-ID: <2FB3C213-376B-43CB-A1F3-740CF5FBAD55@iki.fi> On 30.4.2013, at 2.25, Mike Abbott wrote: > In dovecot-2.2.1 neither the SELECT nor the EXAMINE commands include an untagged URLMECH reply. (Note, this is not the one mandated by the RESETKEY command.) > > AFAICT RFC 4467 does not require an URLMECH reply to SELECT or EXAMINE but without it clients have no way of knowing about authorization mechanisms other than INTERNAL. Now I know dovecot-2.2 supports only the INTERNAL mechanism at present so this is probably harmless, but still I think it's worthwhile to ask: Is the absence of the URLMECH reply intentional or an oversight? I think I'll leave it out unless some day another mechanism is added: http://www.ietf.org/mail-archive/web/lemonade/current/msg05127.html From dovecot at lists.wgwh.ch Mon May 6 17:43:49 2013 From: dovecot at lists.wgwh.ch (Oli Schacher) Date: Mon, 6 May 2013 16:43:49 +0200 Subject: [Dovecot] doveadm search causes replication error message In-Reply-To: References: <20130425105120.3e38a9c3@lists.wgwh.ch> Message-ID: <20130506164349.5e97e70c@lists.wgwh.ch> On Mon, 6 May 2013 17:30:51 +0300 Timo Sirainen wrote: > > Not related to replication, but yeah, probably better to just ignore > nonexistent mailboxes. Changed in hg. > ah, sorry, I thought "Syncing mailbox" meant "dsync". Anyway, thanks for the fix! -- message transmitted on 100% recycled electrons From tss at iki.fi Mon May 6 17:54:00 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 6 May 2013 17:54:00 +0300 Subject: [Dovecot] Mail deduplication In-Reply-To: References: <971614.566.1367285312578.JavaMail.root@timgws.com.au> <517F5F12.9070505@um.es> <517F6D13.9000207@univ-nantes.fr> Message-ID: On 30.4.2013, at 12.22, Jan-Frode Myklebust wrote: > Wasn't there also some issue with cleanup of attachments ? Not being able > to delete the last copy, or something. I did some testing of using SIS on a > backup dsync destination a year (or two) ago, and got quite confused.. > Don't quite remember the problems I had, but I did lose confidence in it > and decided having the attachement together with the messages felt safest. > > I would also love to hear from admins using it on large scale (100K+ active > users). Maybe we should reconsider using it.. I'm not aware of any bugs in SIS, but yeah, it can be a bit complicated. If you do things like dsync where destination is also mdbox/sdbox, it's going to keep using the same SIS directory and updating the refcounts, which you probably don't want for backups / temp directories (solution: give different parameters to the two sides of dsync where the other side disables SIS). From CMarcus at Media-Brokers.com Mon May 6 18:03:18 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 06 May 2013 11:03:18 -0400 Subject: [Dovecot] Mail deduplication In-Reply-To: References: <971614.566.1367285312578.JavaMail.root@timgws.com.au> <517F5F12.9070505@um.es> <517F6D13.9000207@univ-nantes.fr> Message-ID: <5187C636.2040509@Media-Brokers.com> On 2013-05-06 10:54 AM, Timo Sirainen wrote: > On 30.4.2013, at 12.22, Jan-Frode Myklebust wrote: >> Wasn't there also some issue with cleanup of attachments ? Not being able >> to delete the last copy, or something. I did some testing of using SIS on a >> backup dsync destination a year (or two) ago, and got quite confused.. >> Don't quite remember the problems I had, but I did lose confidence in it >> and decided having the attachement together with the messages felt safest. >> >> I would also love to hear from admins using it on large scale (100K+ active >> users). Maybe we should reconsider using it.. > I'm not aware of any bugs in SIS, but yeah, it can be a bit complicated. If you do things like dsync where destination is also mdbox/sdbox, it's going to keep using the same SIS directory and updating the refcounts, which you probably don't want for backups / temp directories (solution: give different parameters to the two sides of dsync where the other side disables SIS). Hey Timo - so, how will rsync be affected as a backup app? Will it maintain the deduped state in the backup target? -- Best regards, Charles From tss at iki.fi Mon May 6 18:23:23 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 6 May 2013 18:23:23 +0300 Subject: [Dovecot] Mail deduplication In-Reply-To: <5187C636.2040509@Media-Brokers.com> References: <971614.566.1367285312578.JavaMail.root@timgws.com.au> <517F5F12.9070505@um.es> <517F6D13.9000207@univ-nantes.fr> <5187C636.2040509@Media-Brokers.com> Message-ID: <68EB6BD4-3F14-4AE5-8413-4B2DB0DCAED3@iki.fi> On 6.5.2013, at 18.03, Charles Marcus wrote: > On 2013-05-06 10:54 AM, Timo Sirainen wrote: >> On 30.4.2013, at 12.22, Jan-Frode Myklebust wrote: >>> Wasn't there also some issue with cleanup of attachments ? Not being able >>> to delete the last copy, or something. I did some testing of using SIS on a >>> backup dsync destination a year (or two) ago, and got quite confused.. >>> Don't quite remember the problems I had, but I did lose confidence in it >>> and decided having the attachement together with the messages felt safest. >>> >>> I would also love to hear from admins using it on large scale (100K+ active >>> users). Maybe we should reconsider using it.. > >> I'm not aware of any bugs in SIS, but yeah, it can be a bit complicated. If you do things like dsync where destination is also mdbox/sdbox, it's going to keep using the same SIS directory and updating the refcounts, which you probably don't want for backups / temp directories (solution: give different parameters to the two sides of dsync where the other side disables SIS). > > Hey Timo - so, how will rsync be affected as a backup app? Will it maintain the deduped state in the backup target? Ideally you'd rsync from a filesystem snapshot instead of from live filesystem, otherwise the link counts might go wrong. And you need to use the -H parameter for rsync so it preserves hard links. From tss at iki.fi Mon May 6 18:38:16 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 6 May 2013 18:38:16 +0300 Subject: [Dovecot] imap crash during URLFETCH In-Reply-To: <473099F2-2B8F-42F2-BA67-6BA465EEC64F@apple.com> References: <0B8409CD-AC44-4504-BB6D-C4A81522918F@iki.fi> <473099F2-2B8F-42F2-BA67-6BA465EEC64F@apple.com> Message-ID: <9FB15D59-7B82-4BED-90B6-59F3B6B575F4@iki.fi> On 3.5.2013, at 4.19, Mike Abbott wrote: >>> without having set *mpurl_r to NULL >> >> Right, fixed: http://hg.dovecot.org/dovecot-2.2/rev/24aa10efe132 > > That fixes it, thanks, but I wonder if it's incomplete? I notice that these also sometimes don't set *mpurl_r: > imap_msgpart_url_create() > imap_msgpart_url_parse() > imap_urlauth_fetch() > > That last one in particular is called from imap_urlauth_fetch_local() in the same way as the one you fixed. Well, Dovecot functions in general don't set stuff to NULL when it returns failure, so I shouldn't have fixed it that way.. These fix the bugs I found: http://hg.dovecot.org/dovecot-2.2/rev/a45bfb4c7d66 clang static analyzer is pretty good at catching these though, wonder why it didn't catch these. From manu at netbsd.org Mon May 6 18:55:54 2013 From: manu at netbsd.org (Emmanuel Dreyfus) Date: Mon, 6 May 2013 15:55:54 +0000 Subject: [Dovecot] dovecot 2.2.0 corrupts mailboxes? In-Reply-To: <5187BC44.9040904@imt-systems.com> References: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> <5187BC44.9040904@imt-systems.com> Message-ID: <20130506155554.GB28423@homeworld.netbsd.org> On Mon, May 06, 2013 at 04:20:52PM +0200, Morten Stevens wrote: > >May 4 21:15:17 volanges dovecot: imap(jdoe): Error: Corrupted index > >cache file /mail/indexes/jdoe/mail/.imap/Commandes/dovecot.index.cache: > >Broken physical size for mail UID 680 > > > >Does that ring a bell? I am tempted to downgrade to 2.1.13. Does it > >makes sense? Is it safe to do so? > > This bug has been fixed with dovecot 2.1.14. But I am running 2.2.0 ... -- Emmanuel Dreyfus manu at netbsd.org From CMarcus at Media-Brokers.com Mon May 6 19:06:38 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 06 May 2013 12:06:38 -0400 Subject: [Dovecot] Mail deduplication In-Reply-To: <68EB6BD4-3F14-4AE5-8413-4B2DB0DCAED3@iki.fi> References: <971614.566.1367285312578.JavaMail.root@timgws.com.au> <517F5F12.9070505@um.es> <517F6D13.9000207@univ-nantes.fr> <5187C636.2040509@Media-Brokers.com> <68EB6BD4-3F14-4AE5-8413-4B2DB0DCAED3@iki.fi> Message-ID: <5187D50E.3030009@Media-Brokers.com> On 2013-05-06 11:23 AM, Timo Sirainen wrote: > On 6.5.2013, at 18.03, Charles Marcus wrote: >> Hey Timo - so, how will rsync be affected as a backup app? Will it >> maintain the deduped state in the backup target? > Ideally you'd rsync from a filesystem snapshot instead of from live filesystem, otherwise the link counts might go wrong. And you need to use the -H parameter for rsync so it preserves hard links. Understood, and figured as much - I'll be using lvm snapshots and rsnapshot (which keeps backups using hardlinks against previous backup snapshots, making it easy to keep backups going back years without taking up much more additional space. Thanks, -- Best regards, Charles From CMarcus at Media-Brokers.com Mon May 6 19:21:45 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 06 May 2013 12:21:45 -0400 Subject: [Dovecot] Mail deduplication In-Reply-To: <5187D50E.3030009@Media-Brokers.com> References: <971614.566.1367285312578.JavaMail.root@timgws.com.au> <517F5F12.9070505@um.es> <517F6D13.9000207@univ-nantes.fr> <5187C636.2040509@Media-Brokers.com> <68EB6BD4-3F14-4AE5-8413-4B2DB0DCAED3@iki.fi> <5187D50E.3030009@Media-Brokers.com> Message-ID: <5187D899.9090006@Media-Brokers.com> On 2013-05-06 12:06 PM, Charles Marcus wrote: > Understood, and figured as much - I'll be using lvm snapshots and > rsnapshot (which keeps backups using hardlinks against previous backup > snapshots, making it easy to keep backups going back years without > taking up much more additional space. Specifically, it uses rsync, and then some manipulation magic to rotate the snapshots. -- Best regards, Charles From asai at globalchangemusic.org Mon May 6 19:28:30 2013 From: asai at globalchangemusic.org (Asai) Date: Mon, 06 May 2013 09:28:30 -0700 Subject: [Dovecot] Upgrading from 2.0 to 2.2 Message-ID: <5187DA2E.5060005@globalchangemusic.org> Greetings, Is this possible to upgrade directly from 2.0 to 2.2? If so, is there a guide for doing this? Thank you. -- --Asai From me at staticsafe.ca Mon May 6 19:48:59 2013 From: me at staticsafe.ca (staticsafe) Date: Mon, 06 May 2013 12:48:59 -0400 Subject: [Dovecot] Upgrading from 2.0 to 2.2 In-Reply-To: <5187DA2E.5060005@globalchangemusic.org> References: <5187DA2E.5060005@globalchangemusic.org> Message-ID: <5187DEFB.8000203@staticsafe.ca> On 5/6/2013 12:28, Asai wrote: > Greetings, > > Is this possible to upgrade directly from 2.0 to 2.2? If so, is there a > guide for doing this? > > Thank you. > Make sure to read these: http://wiki2.dovecot.org/Upgrading/2.1 http://wiki2.dovecot.org/Upgrading/2.2 -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on. From tss at iki.fi Mon May 6 19:52:55 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 6 May 2013 19:52:55 +0300 Subject: [Dovecot] CATENATE mis-reads literal after bad URL In-Reply-To: <789DF7D0-674A-4759-85C9-AF67F4A99735@apple.com> References: <789DF7D0-674A-4759-85C9-AF67F4A99735@apple.com> Message-ID: <136AC2FF-CFC3-48CA-BD26-BFAE8C673CAC@iki.fi> On 3.5.2013, at 4.00, Mike Abbott wrote: > Dovecot-2.2.1 plus Timo's recent CATENATE and URLAUTH fixes mishandles literals after bad URLs. That input_skip_line is highly annoying in the APPEND code. Elsewhere it kind of makes sense, but in APPEND it's difficult to keep track of when it should be set or shouldn't be set. I fixed the most obvious places in hg, and also fixes several other bugs I noticed in parsing invalid APPEND parameters. From tss at iki.fi Mon May 6 20:22:28 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 6 May 2013 20:22:28 +0300 Subject: [Dovecot] URLAUTH assertion failures in 2.2.1 In-Reply-To: References: Message-ID: <6A95B360-5808-43A9-87ED-37BA0E56A1BF@iki.fi> On 3.5.2013, at 3.34, Mike Abbott wrote: > Testing URLAUTH in dovecot-2.2.1 plus Timo's recent CATENATE and URLAUTH fixes eventually trips some assertions. No simple sequence of commands always hits these; they appear to be timing-dependent. > > The first one is: > > May 02 17:47:17 imap(pid 50490 user submit): Panic: file imap-client.c: line 643 (client_command_free): assertion failed: (client->output_cmd_lock == NULL) .. > May 02 19:23:29 imap(pid 60229 user mja): Panic: file index-mail.c: line 1274 (index_mail_close_streams_full): assertion failed: (!mail->data.destroying_stream) Both of these are fixed in hg. From delrio at mie.utoronto.ca Mon May 6 20:52:55 2013 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Mon, 06 May 2013 13:52:55 -0400 Subject: [Dovecot] dovecot 2.2.0 corrupts mailboxes? In-Reply-To: <20130506155554.GB28423@homeworld.netbsd.org> References: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> <5187BC44.9040904@imt-systems.com> <20130506155554.GB28423@homeworld.netbsd.org> Message-ID: <5187EDF7.4080504@mie.utoronto.ca> On 05/ 6/13 11:55 AM, Emmanuel Dreyfus wrote: > On Mon, May 06, 2013 at 04:20:52PM +0200, Morten Stevens wrote: >>> May 4 21:15:17 volanges dovecot: imap(jdoe): Error: Corrupted index >>> cache file /mail/indexes/jdoe/mail/.imap/Commandes/dovecot.index.cache: >>> Broken physical size for mail UID 680 >>> >>> Does that ring a bell? I am tempted to downgrade to 2.1.13. Does it >>> makes sense? Is it safe to do so? >> This bug has been fixed with dovecot 2.1.14. > But I am running 2.2.0 ... > Have you tried 2.2.1? From tobster at brain-force.ch Mon May 6 21:24:15 2013 From: tobster at brain-force.ch (Tobi) Date: Mon, 06 May 2013 20:24:15 +0200 Subject: [Dovecot] Permission problem with LDA and dovecot 2.2.1 Message-ID: <5187F54F.6050701@brain-force.ch> Hello list today I built dovecot 2.2.1 from sources. But I have permission problems with LDA The "normal" imap part works fine, users can login and see their boxes. deliver is called as LDA from postfix master.cf as follows << dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} >> but when I try to send a testmail then I get the following in the logs << 2013 May 6 18:37:59 nordkap lda: Fatal: Internal error occurred. Refer to server log for more information. May 6 18:37:59 nordkap dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Connection refused May 6 18:37:59 nordkap dovecot: lda: Fatal: Internal error occurred. Refer to server log for more information. >> For me it looks odd because the auth-userdb is defined as << base_dir = /usr/local/var/run/dovecot/ service auth { unix_listener auth-userdb { mode = 0777 user = vmail group = vmail } .... >> The rights on the file should be correct according to the config above << ls -al /usr/local/var/run/dovecot/auth-userdb srwxrwxrwx 1 vmail vmail 0 May 6 20:11 /usr/local/var/run/dovecot/auth-userdb >> I cannot explain why the lda tries to access << Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) >> I grepped through all the configfiles but could not find the "wrong" path from the error message above. Would it might be a "fix" to symlink /usr/local/var/run/dovecot to /var/run/dovecot ? Or would that break something with dovecot? Thanks for any hint or idea tobi From kgc at corp.sonic.net Mon May 6 21:45:31 2013 From: kgc at corp.sonic.net (Kelsey Cummings) Date: Mon, 06 May 2013 11:45:31 -0700 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <51846EBD.3040706@dementianati.com> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <8BDD6399-C7AA-48C4-8062-1CA2C150F402@iki.fi> <51846EBD.3040706@dementianati.com> Message-ID: On 2013-05-03 19:13, Professa Dementia wrote: > When I specify that an email be > deleted from the server, I expect that it is *deleted*. While I see the point you're trying to make, I don't think it is valid. On our servers the deleted message could exist in filesystem snapshots, disk->disk backups and on tape. In many other places this may be a question of regulatory requirements that email be held on to for years no matter what the client thinks its status is. From slusarz at curecanti.org Tue May 7 01:10:26 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Mon, 06 May 2013 16:10:26 -0600 Subject: [Dovecot] Keyword limit? Message-ID: <20130506161026.Horde.2ULRV1cEN1yjCUs2YK2Ikg2@bigworm.curecanti.org> Running into a weird issue in a mailbox that has 26+ keywords. In one session, I do this: S: 2 SELECT "INBOX" (QRESYNC (1255685337 78608 [...uids...])) S: [...] S: * OK [HIGHESTMODSEQ 78608] Highest S: * OK [UIDVALIDITY 1255685337] UIDs valid S: 2 OK [READ-WRITE] Select completed. C: 3 UID STORE 48386 (UNCHANGEDSINCE 78608) +FLAGS AAAAAAAA S: * 8 FETCH (UID 48386 MODSEQ (78609) FLAGS (\Seen AAAAAAAA)) S: 3 OK Store completed. C: 4 LOGOUT S: * OK [CLOSED] Previous mailbox closed. S: * BYE LOGOUT received S: 4 OK Completed The next time I access that mailbox, I see this: C: 2 SELECT "INBOX" (QRESYNC (1255685337 78609 [...uids...])) S: [...] S: * OK [UIDVALIDITY 1255685337] UIDs valid S: * OK [HIGHESTMODSEQ 78609] Highest S: * 8 FETCH (MODSEQ (78610) UID 48386 FLAGS (\Seen)) S: 2 OK [READ-WRITE] Select completed. MODSEQ 78610 is entirely server-initiated. It *appears* that the mailbox doesn't handle more than 26 keywords. My dovecot-keywords looks like: 0 $Forwarded [Entries 1-24] 25 Test "Test" is a keyword I created immediately before "AAAAAAAA". If I remove Test and then add "AAAAAAAA", the keyword sticks. Is this a built-in limit? Can't find anything in the config/wiki docs (Dovecot 2.1.16). Or are my dovecot index/cache files hosed in some way? michael From noel.butler at ausics.net Tue May 7 01:16:21 2013 From: noel.butler at ausics.net (Noel Butler) Date: Tue, 07 May 2013 08:16:21 +1000 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: <5187713E.7080309@thelounge.net> References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51853A35.1010502@luigirosa.com> <20130504170320.GJ15319@charite.de> <5186F527.7030501@thelounge.net> <42c7e6bfcae94dd7dbe874f5391a1dcb@junc.eu> <1367801184.3919.25.camel@tardis> <5186FFBC.7080603@reub.net> <1367805764.6645.5.camel@tardis> <5187713E.7080309@thelounge.net> Message-ID: <1367878581.7608.1.camel@tardis> On Mon, 2013-05-06 at 11:00 +0200, Reindl Harald wrote: > > > > I 've kept messages from this list since its last clean-out, in 08, > > those message do not appear, it seems on jan 13, dovecots mail server > > had no PTR entry, seems 11 messages in total missing - not my problem > > stop this bullshit! > if you dont wish to partake sensibly (a word that escapes you so ill stoop to your level for a moment) - fuck off -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From noel.butler at ausics.net Tue May 7 01:19:22 2013 From: noel.butler at ausics.net (Noel Butler) Date: Tue, 07 May 2013 08:19:22 +1000 Subject: [Dovecot] Pigeonhole for 2.2? In-Reply-To: References: <51FA2BDC-A85B-46DF-9ABF-0DA0849D47FE@iki.fi> <20130419055344.GA2874@gaby.caf.local> <51744358.209@rename-it.nl> <5180FDF4.7040806@Media-Brokers.com> <51853A35.1010502@luigirosa.com> <20130504170320.GJ15319@charite.de> <5186F527.7030501@thelounge.net> <42c7e6bfcae94dd7dbe874f5391a1dcb@junc.eu> <1367801184.3919.25.camel@tardis> <5186FFBC.7080603@reub.net> <1367805764.6645.5.camel@tardis> <51871387.90002@reub.net> <1367824154.8412.26.camel@tardis> Message-ID: <1367878762.7608.5.camel@tardis> On Mon, 2013-05-06 at 08:22 -0400, Dave Gattis wrote: > Maybe you should ask for a refund, or assist with the next version. > You do program, right? I am involved in several projects already, Timo wouldn't accept anything from me anyway :) -------------- next part -------------- A non-text attachment was scrubbed... Name: face-smile.png Type: image/png Size: 873 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From noel.butler at ausics.net Tue May 7 01:24:10 2013 From: noel.butler at ausics.net (Noel Butler) Date: Tue, 07 May 2013 08:24:10 +1000 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <774F6569-6C11-4FBB-8D02-5D7CB51E3581@swing.be> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5183EC0D.7000803@sys4.de> <518412B9.4010605@dementianati.com> <1367635083.3904.23.camel@tardis> <5184FF25.1080504@dementianati.com> <1367798344.3919.15.camel@tardis> <774F6569-6C11-4FBB-8D02-5D7CB51E3581@swing.be> Message-ID: <1367879050.7608.10.camel@tardis> On Mon, 2013-05-06 at 15:39 +0200, Axel Luttgens wrote: > Hmmm... > Let's consider the RFC's part related to, for example, the TOP command: > > If the POP3 server issues a positive response, then the > response given is multi-line. After the initial +OK, the > POP3 server sends the headers of the message, the blank > line separating the headers from the body, and then the > number of lines of the indicated message's body, being > careful to byte-stuff the termination character (as with > all multi-line responses). > > So, no MUST keyword there. > Would this mean that a server sending garbage after a positive response is a compliant one? > Technically? Yes it would (doesn't mean it's right or wrong), RFC are updated, if one disagrees with the wording, one is always welcome to contact the author recommending a change. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From noel.butler at ausics.net Tue May 7 01:28:16 2013 From: noel.butler at ausics.net (Noel Butler) Date: Tue, 07 May 2013 08:28:16 +1000 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <8BDD6399-C7AA-48C4-8062-1CA2C150F402@iki.fi> <51846EBD.3040706@dementianati.com> Message-ID: <1367879296.7608.14.camel@tardis> On Mon, 2013-05-06 at 11:45 -0700, Kelsey Cummings wrote: > > While I see the point you're trying to make, I don't think it is valid. > On our servers the deleted message could exist in filesystem snapshots, > disk->disk backups and on tape. That's what most people forget - until they accidentally delete that one email they need :) -------------- next part -------------- A non-text attachment was scrubbed... Name: face-smile.png Type: image/png Size: 873 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From noel.butler at ausics.net Tue May 7 01:39:20 2013 From: noel.butler at ausics.net (Noel Butler) Date: Tue, 07 May 2013 08:39:20 +1000 Subject: [Dovecot] Permission problem with LDA and dovecot 2.2.1 In-Reply-To: <5187F54F.6050701@brain-force.ch> References: <5187F54F.6050701@brain-force.ch> Message-ID: <1367879960.7608.23.camel@tardis> On Mon, 2013-05-06 at 20:24 +0200, Tobi wrote: > Hello list > > today I built dovecot 2.2.1 from sources. But I have permission problems > with LDA > The "normal" imap part works fine, users can login and see their boxes. > deliver is called as LDA from postfix master.cf as follows > << > dovecot unix - n n - - pipe > flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f > ${sender} -d ${user}@${nexthop} I'd change deliver to dovecot-lda , at present IIRC its a symlink, so it might "go away" one day, otherwise, that's fine. > May 6 18:37:59 nordkap dovecot: lda: Error: userdb lookup: > connect(/var/run/dovecot/auth-userdb) failed: Connection refused > > For me it looks odd because the auth-userdb is defined as > << > base_dir = /usr/local/var/run/dovecot/ > service auth { > unix_listener auth-userdb { > mode = 0777 > user = vmail > group = vmail > } 777? it should be 0600, however, the problem might be easier to tell with output of dovecot -n -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From tim at timgws.com.au Tue May 7 03:19:41 2013 From: tim at timgws.com.au (Tim Groeneveld) Date: Mon, 6 May 2013 20:19:41 -0400 (EDT) Subject: [Dovecot] Mail deduplication In-Reply-To: <51825303.8000002@Media-Brokers.com> Message-ID: <5208631.125845.1367885981745.JavaMail.root@timgws.com.au> ----- Original Message ----- > On 2013-04-30 8:00 PM, Tim Groeneveld wrote: > > After thinking about it a little bit more, I have determined > > that just recombining the messages to send them to the client > > will be too intensive, and will cause extra latencies when > > retrieving emails. > > Scratching my head trying to figure out what you mean here... ? > > What do you mean by 'recombining the messages'? I was thinking of splitting all of the mime parts and recombining them later when the message was requested. All of the parts would be hashed and stored separate to the message. This would mean things like image signatures and the like would only be stored once. >From what I understand, SIS does not do this. (that being said, I have not looked too deeply into SIS at the moment, as I am currently working on the elasticsearch FTS plugin) Regards, Tim From ben at morrow.me.uk Tue May 7 03:21:01 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Tue, 7 May 2013 01:21:01 +0100 Subject: [Dovecot] Permission problem with LDA and dovecot 2.2.1 In-Reply-To: <5187F54F.6050701@brain-force.ch> References: <5187F54F.6050701@brain-force.ch> Message-ID: <20130507002100.GA52079@anubis.morrow.me.uk> At 8PM +0200 on 6/05/13 Tobi wrote: > > << > 2013 May 6 18:37:59 nordkap lda: Fatal: Internal error occurred. Refer > to server log for more information. > May 6 18:37:59 nordkap dovecot: lda: Error: userdb lookup: > connect(/var/run/dovecot/auth-userdb) failed: Connection refused > May 6 18:37:59 nordkap dovecot: lda: Fatal: Internal error occurred. > Refer to server log for more information. > >> > > For me it looks odd because the auth-userdb is defined as > << > base_dir = /usr/local/var/run/dovecot/ Why are you trying to put this under /usr/local? /usr/local/var is not a usual place to put things on Unix systems: generally speaking programs installed under /usr/local use /var just like those installed under /usr. > service auth { > unix_listener auth-userdb { > mode = 0777 This probably shouldn't be world-readable. > user = vmail > group = vmail > } > .... > >> > > The rights on the file should be correct according to the config above > << > ls -al /usr/local/var/run/dovecot/auth-userdb > srwxrwxrwx 1 vmail vmail 0 May 6 20:11 > /usr/local/var/run/dovecot/auth-userdb > >> > > I cannot explain why the lda tries to access > << > Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) > >> > I grepped through all the configfiles but could not find the "wrong" > path from the error message above. Probably your Dovecot binaries are built with a default base_dir of /var/run/dovecot. What do the following give you? doveconf -d base_dir (as root) doveconf base_dir (as root) doveconf base_dir (as vmail:vmail) > Would it might be a "fix" to symlink /usr/local/var/run/dovecot to > /var/run/dovecot ? Or would that break something with dovecot? It probably won't break anything, but why don't you just use /var/run/dovecot in the first place and take that base_dir definition out of dovecot.conf? Ben From ben at morrow.me.uk Tue May 7 03:36:27 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Tue, 7 May 2013 01:36:27 +0100 Subject: [Dovecot] Keyword limit? In-Reply-To: <20130506161026.Horde.2ULRV1cEN1yjCUs2YK2Ikg2@bigworm.curecanti.org> References: <20130506161026.Horde.2ULRV1cEN1yjCUs2YK2Ikg2@bigworm.curecanti.org> Message-ID: <20130507003626.GB52079@anubis.morrow.me.uk> At 4PM -0600 on 6/05/13 you (Michael M Slusarz) wrote: > Running into a weird issue in a mailbox that has 26+ keywords. You are using Maildir, yes? Maildir stores keywords in the flags field of the message filename, using lowercase letters, so there is a limit of 26 per folder. See http://wiki2.dovecot.org/MailboxFormat/Maildir . If you need more you need to use dbox instead. Ben From slusarz at curecanti.org Tue May 7 04:30:15 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Mon, 06 May 2013 19:30:15 -0600 Subject: [Dovecot] Keyword limit? In-Reply-To: <20130507003626.GB52079@anubis.morrow.me.uk> References: <20130506161026.Horde.2ULRV1cEN1yjCUs2YK2Ikg2@bigworm.curecanti.org> <20130507003626.GB52079@anubis.morrow.me.uk> Message-ID: <20130506193015.Horde.4ZXdPnc1ucJ4uVYcxsGo9g1@bigworm.curecanti.org> Quoting Ben Morrow : > At 4PM -0600 on 6/05/13 you (Michael M Slusarz) wrote: >> Running into a weird issue in a mailbox that has 26+ keywords. > > You are using Maildir, yes? Maildir stores keywords in the flags field > of the message filename, using lowercase letters, so there is a limit of > 26 per folder. See http://wiki2.dovecot.org/MailboxFormat/Maildir . Ben, Thanks for the pointer (looks like I was foolishly doing a 'keyword' Title search on the wiki and never did a 'keyword' Text search). However, I still think there is a bug. That page states: "This means that only 26 keywords are possible to store in the maildir. If more are used, they're still stored in Dovecot's index files." This is not happening for me though. Instead all keywords above 26 are lost immediately after applying them. michael From tobster at brain-force.ch Tue May 7 08:39:37 2013 From: tobster at brain-force.ch (Tobi) Date: Tue, 07 May 2013 07:39:37 +0200 Subject: [Dovecot] Permission problem with LDA and dovecot 2.2.1 In-Reply-To: <20130507002100.GA52079@anubis.morrow.me.uk> References: <5187F54F.6050701@brain-force.ch> <20130507002100.GA52079@anubis.morrow.me.uk> Message-ID: <51889399.7010400@brain-force.ch> Am 07.05.2013 02:21, schrieb Ben Morrow: > At 8PM +0200 on 6/05/13 Tobi wrote: >> << >> 2013 May 6 18:37:59 nordkap lda: Fatal: Internal error occurred. Refer >> to server log for more information. >> May 6 18:37:59 nordkap dovecot: lda: Error: userdb lookup: >> connect(/var/run/dovecot/auth-userdb) failed: Connection refused >> May 6 18:37:59 nordkap dovecot: lda: Fatal: Internal error occurred. >> Refer to server log for more information. >> >> >> >> For me it looks odd because the auth-userdb is defined as >> << >> base_dir = /usr/local/var/run/dovecot/ > Why are you trying to put this under /usr/local? /usr/local/var is not a > usual place to put things on Unix systems: generally speaking programs > installed under /usr/local use /var just like those installed under > /usr. Ah this would explain why always /var/run is used. >> service auth { >> unix_listener auth-userdb { >> mode = 0777 > This probably shouldn't be world-readable. I just set world-writeable to see which file under /var/run or /usr/local/var/run is affected. So was just for testing purposes. >> user = vmail >> group = vmail >> } >> .... >> >> >> >> The rights on the file should be correct according to the config above >> << >> ls -al /usr/local/var/run/dovecot/auth-userdb >> srwxrwxrwx 1 vmail vmail 0 May 6 20:11 >> /usr/local/var/run/dovecot/auth-userdb >> >> >> >> I cannot explain why the lda tries to access >> << >> Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) >> >> >> I grepped through all the configfiles but could not find the "wrong" >> path from the error message above. > Probably your Dovecot binaries are built with a default base_dir of > /var/run/dovecot. What do the following give you? > > doveconf -d base_dir (as root) > doveconf base_dir (as root) > doveconf base_dir (as vmail:vmail) > >> Would it might be a "fix" to symlink /usr/local/var/run/dovecot to >> /var/run/dovecot ? Or would that break something with dovecot? Yesterday I "fixed" it with a symlink. But I think better doing as you described and use /var/run/ I will remove my definition this evening and see if everything works fine if only using /var/run I just thought I "have" to use /usr/local/var/run because /usr/local is the prefix while building dovecot from source. > It probably won't break anything, but why don't you just use > /var/run/dovecot in the first place and take that base_dir definition > out of dovecot.conf? > > Ben > Thanks for your help I will try this evening From amateo at um.es Tue May 7 09:22:59 2013 From: amateo at um.es (Angel L. Mateo) Date: Tue, 07 May 2013 08:22:59 +0200 Subject: [Dovecot] Mail deduplication In-Reply-To: <5208631.125845.1367885981745.JavaMail.root@timgws.com.au> References: <5208631.125845.1367885981745.JavaMail.root@timgws.com.au> Message-ID: <51889DC3.2050401@um.es> El 07/05/13 02:19, Tim Groeneveld escribi?: > > > ----- Original Message ----- >> On 2013-04-30 8:00 PM, Tim Groeneveld wrote: >>> After thinking about it a little bit more, I have determined >>> that just recombining the messages to send them to the client >>> will be too intensive, and will cause extra latencies when >>> retrieving emails. >> >> Scratching my head trying to figure out what you mean here... ? >> >> What do you mean by 'recombining the messages'? > > I was thinking of splitting all of the mime parts and recombining > them later when the message was requested. > > All of the parts would be hashed and stored separate to the > message. This would mean things like image signatures and the > like would only be stored once. > > From what I understand, SIS does not do this. (that being said, > I have not looked too deeply into SIS at the moment, as I am > currently working on the elasticsearch FTS plugin) > I think that SiS DOES exactly this. All attachments are splited from the original message and stored in a common attachments directory. When the message is requested, then parts are recombined. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 868888337 From rs at sys4.de Tue May 7 09:49:10 2013 From: rs at sys4.de (Robert Schetterer) Date: Tue, 07 May 2013 08:49:10 +0200 Subject: [Dovecot] Permission problem with LDA and dovecot 2.2.1 In-Reply-To: <51889399.7010400@brain-force.ch> References: <5187F54F.6050701@brain-force.ch> <20130507002100.GA52079@anubis.morrow.me.uk> <51889399.7010400@brain-force.ch> Message-ID: <5188A3E6.1020808@sys4.de> Am 07.05.2013 07:39, schrieb Tobi: > Am 07.05.2013 02:21, schrieb Ben Morrow: >> At 8PM +0200 on 6/05/13 Tobi wrote: >>> << >>> 2013 May 6 18:37:59 nordkap lda: Fatal: Internal error occurred. Refer >>> to server log for more information. >>> May 6 18:37:59 nordkap dovecot: lda: Error: userdb lookup: >>> connect(/var/run/dovecot/auth-userdb) failed: Connection refused >>> May 6 18:37:59 nordkap dovecot: lda: Fatal: Internal error occurred. >>> Refer to server log for more information. >>> >> i hope you did not forget to add the needed users with compile from source i.e with adduser --system --group --no-create-home --disabled-login --force-badname dovenull adduser --system --group --no-create-home --disabled-login --force-badname dovecot adduser --no-create-home --disabled-login --gecos vmail vmail Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From manu at netbsd.org Tue May 7 10:16:02 2013 From: manu at netbsd.org (Emmanuel Dreyfus) Date: Tue, 7 May 2013 07:16:02 +0000 Subject: [Dovecot] dovecot 2.2.0 corrupts mailboxes? In-Reply-To: <5187EDF7.4080504@mie.utoronto.ca> References: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> <5187BC44.9040904@imt-systems.com> <20130506155554.GB28423@homeworld.netbsd.org> <5187EDF7.4080504@mie.utoronto.ca> Message-ID: <20130507071602.GC28423@homeworld.netbsd.org> On Mon, May 06, 2013 at 01:52:55PM -0400, Oscar del Rio wrote: > Have you tried 2.2.1? Will do, but since the problem cannot be reliabily reproduced, I have no way of knowing it is fixed. Is there anything in 2.2.1 changelog that hints it could be fixed? -- Emmanuel Dreyfus manu at netbsd.org From AxelLuttgens at swing.be Tue May 7 10:25:17 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Tue, 7 May 2013 09:25:17 +0200 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <1367879050.7608.10.camel@tardis> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5183EC0D.7000803@sys4.de> <518412B9.4010605@dementianati.com> <1367635083.3904.23.camel@tardis> <5184FF25.1080504@dementianati.com> <1367798344.3919.15.camel@tardis> <774F6569-6C11-4FBB-8D02-5D7CB51E3581@swing.be> <1367879050.7608.10.camel@tardis> Message-ID: <3AE5E4EF-8B4E-4FA9-9860-B33D9E575A99@swing.be> Le 7 mai 2013 ? 00:24, Noel Butler a ?crit : > On Mon, 2013-05-06 at 15:39 +0200, Axel Luttgens wrote: > >> Hmmm... >> Let's consider the RFC's part related to, for example, the TOP command: >> >> If the POP3 server issues a positive response, then the >> response given is multi-line. After the initial +OK, the >> POP3 server sends the headers of the message, the blank >> line separating the headers from the body, and then the >> number of lines of the indicated message's body, being >> careful to byte-stuff the termination character (as with >> all multi-line responses). >> >> So, no MUST keyword there. >> Would this mean that a server sending garbage after a positive response is a compliant one? >> > > Technically? Yes it would (doesn't mean it's right or wrong), RFC are > updated, if one disagrees with the wording, one is always welcome to > contact the author recommending a change. Reading RFCs is kind of an art. Let's have a look at RFC 2119: Authors who follow these guidelines should incorporate this phrase near the beginning of their document: The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. So, if you want to build your reasoning on those keywords for establishing compliancy or lack thereof, you should restrict yourself to RFCs posterior to RFC 2119 *and* coming with above phrase. But then, ?6 indicates that those keywords are to be used sparingly, not as a general mean to convey compliancy. Axel From AxelLuttgens at swing.be Tue May 7 11:28:19 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Tue, 7 May 2013 10:28:19 +0200 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <8BDD6399-C7AA-48C4-8062-1CA2C150F402@iki.fi> <51846EBD.3040706@dementianati.com> Message-ID: <17CD6F3E-6D1C-4A26-AE9F-C5640EA5F421@swing.be> Le 6 mai 2013 ? 20:45, Kelsey Cummings a ?crit : > On 2013-05-03 19:13, Professa Dementia wrote: >> When I specify that an email be >> deleted from the server, I expect that it is *deleted*. > > While I see the point you're trying to make, I don't think it is valid. On our servers the deleted message could exist in filesystem snapshots, disk->disk backups and on tape. In many other places this may be a question of regulatory requirements that email be held on to for years no matter what the client thinks its status is. Hello Kelsey, As Noel already stated, backups may indeed prove very useful. But they probably shouldn't be confused with the concept of "mailstores" as deployed in the POP3 specification. A mailstore's contents is reachable thru a mail protocol; if I delete parts of it, I'm expecting those parts not being remotely reachable by anyone anymore. A backup is out of the scope of the protocol, and I may have other expectations for it; for example: it should be accessible internally, by a few trusted people only. I may also disagree with abusive regulations or commercial uses of my emails; or approve such things. But, again, I'm not speaking about protocols anymore. Axel From ulrich-dovecot at topfen.net Tue May 7 12:14:15 2013 From: ulrich-dovecot at topfen.net (Ulrich Zehl) Date: Tue, 7 May 2013 11:14:15 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <518546B4.4020908@sys4.de> References: <155667055.20130503233420@dlutt.de> <51849E1F.7010609@sys4.de> <1367651529.7033.2.camel@tardis> <5185311C.2080100@sys4.de> <20130504172530.GA25169@zwirn.topfen.net> <518546B4.4020908@sys4.de> Message-ID: <20130507091415.GB25169@zwirn.topfen.net> On Sat, May 04, 2013 at 07:34:44PM +0200, Robert Schetterer wrote: > > > > I haven't actually tried it yet, so this is just from looking at the source > > code: The policy service will reject (most) messages that would put a > > mailbox over the quota limit in both 2.1 and 2.2, won't it? > > That still seems very useful, compared to bouncing it later. > > > > my understanding > you need quota-grace to make sure mailbox get overquota for setup > percent, if there ist no quota-grace ( like in 2.1.x ), most mail will > be bounced by normal lda/lmtp quota rules , so policy quota always will > seen some free space in the mailbox, unless the rare case that one ( > last ) mail fits the mailbox quota in exact 100 percent I just tested it, and now I can verify: As long as the size= attribute is present in the policy request, Dovecot will correctly reject messages that are too large to fit in whatever quota you have left. From meh47960 at yahoo.com Tue May 7 01:51:22 2013 From: meh47960 at yahoo.com (markh) Date: Mon, 6 May 2013 15:51:22 -0700 (PDT) Subject: [Dovecot] pop3 login ok then disconnects right away..outlook Message-ID: <1367880682242-42072.post@n4.nabble.com> I have dovecot with postfix on ubuntu server 12 I cannot log into outgoing server with outlook. It logs into incoming server ok with outlook. I can telnet pop3 and imap ok. Looking at mail log it looks like dovecot auths: ok then shows pop3-login: Login: user= USER#etc ok ... then next line shows..same second pop3(user): disconnected: Logged out top/0/0 etc. I have tried a lot of combinations with ssl ,tls none Any suggestions...thanks -- View this message in context: http://dovecot.2317879.n4.nabble.com/pop3-login-ok-then-disconnects-right-away-outlook-tp42072.html Sent from the Dovecot mailing list archive at Nabble.com. From Christian.Schmidt at chemie.uni-hamburg.de Tue May 7 12:53:32 2013 From: Christian.Schmidt at chemie.uni-hamburg.de (Christian Schmidt) Date: Tue, 7 May 2013 11:53:32 +0200 Subject: [Dovecot] pop3 login ok then disconnects right away..outlook In-Reply-To: <1367880682242-42072.post@n4.nabble.com> References: <1367880682242-42072.post@n4.nabble.com> Message-ID: <20130507095331.GL4230@chemie.uni-hamburg.de> Hello markh, markh, 07.05.2013 (d.m.y): > I have dovecot with postfix on ubuntu server 12 > > I cannot log into outgoing server with outlook. That's no dovecot issue. Outgoing mails will (or will not) be accepted by your postfix (if it is configured in a way that permits relaying). You should check if you can connect to the smtp (25) or submission (587) port of your server, take a look at your mail log etc. Gruss/Regards, Christian Schmidt -- You have been selected for a secret mission. From CMarcus at Media-Brokers.com Tue May 7 13:09:13 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 07 May 2013 06:09:13 -0400 Subject: [Dovecot] Mail deduplication In-Reply-To: <51889DC3.2050401@um.es> References: <5208631.125845.1367885981745.JavaMail.root@timgws.com.au> <51889DC3.2050401@um.es> Message-ID: <5188D2C9.30501@Media-Brokers.com> On 2013-05-07 2:22 AM, Angel L. Mateo wrote: > El 07/05/13 02:19, Tim Groeneveld escribi?: >> I was thinking of splitting all of the mime parts and recombining >> them later when the message was requested. >> >> All of the parts would be hashed and stored separate to the >> message. This would mean things like image signatures and the >> like would only be stored once. >> >> From what I understand, SIS does not do this. (that being said, >> I have not looked too deeply into SIS at the moment, as I am >> currently working on the elasticsearch FTS plugin) > I think that SiS DOES exactly this. That would be incorrect. SIS does *not* split the message up into its different MIME parts (ie, headers, body, etc). > All attachments are splited from the original message and stored in a > common attachments directory. When the message is requested, then > parts are recombined. *Attachments*, yes (so, an image signature that was an *attachment* would be de-duped, but if it was an *embedded* graphic, I'm pretty sure it would *not* be. -- Best regards, Charles From ulrich-dovecot at topfen.net Tue May 7 13:12:00 2013 From: ulrich-dovecot at topfen.net (Ulrich Zehl) Date: Tue, 7 May 2013 12:12:00 +0200 Subject: [Dovecot] Dovecot Postfix Quota Policy Service In-Reply-To: <155667055.20130503233420@dlutt.de> References: <155667055.20130503233420@dlutt.de> Message-ID: <20130507101200.GC25169@zwirn.topfen.net> I was able to replicate your problem with 2.1.16 rev 0fa68f3a8f6c (from Stephan's auto-built packages). I have the following configuration in 10-master.conf, and no special configuration for the service in 90-quota.conf. | service quota-status { | executable = quota-status -p postfix | inet_listener { | port = 12340 | } | client_limit = 1 | user = root | } When I first query the quota-status service, I get the correct response: | $ printf "recipient=test at example.org\nsize=1234\n\n" | nc 127.0.0.1 12340 | action=OK | But on every subsequent try, I always receive a response like this: | $ printf "recipient=test at example.org\nsize=1234\n\n" | nc 127.0.0.1 12340 | action=DEFER_IF_PERMIT Internal error occurred. Refer to server log for more information. | Where the server log only says | May 7 11:59:45 minna dovecot: quota-status(test at example.org): Error: user test at example.org: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied Looking at the quota-status process, I notice it is not running as root, but rather as $mail_uid. It seems the service drops / changes its privileges at some point, which would explains the permission error on subsequent requests. Setting service_count=1 for the service is not a viable workaround, as Postfix sends all policy requests for one SMTP session via one TCP connection. From tobster at brain-force.ch Tue May 7 19:07:22 2013 From: tobster at brain-force.ch (Tobi) Date: Tue, 07 May 2013 18:07:22 +0200 Subject: [Dovecot] Permission problem with LDA and dovecot 2.2.1 In-Reply-To: <20130507002100.GA52079@anubis.morrow.me.uk> References: <5187F54F.6050701@brain-force.ch> <20130507002100.GA52079@anubis.morrow.me.uk> Message-ID: <518926BA.4060703@brain-force.ch> hi Ben I tried with removing the base_dir definition from my config, restartet dovecot and checked with the commands you provided below: << root at nordkap:~# doveconf -d base_dir base_dir = /usr/local/var/run/dovecot root at nordkap:~# doveconf base_dir base_dir = /usr/local/var/run/dovecot root at nordkap:~# su vmail -s /bin/sh -c "doveconf base_dir" base_dir = /usr/local/var/run/dovecot >> for me it seems that all is build with /usr/local But after removing the symlink and restarting dovecot I get the errors again << May 7 17:47:57 nordkap dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: No such file or directory May 7 17:47:57 nordkap dovecot: lda: Fatal: Internal error occurred. Refer to server log for more information. >> I checked all the configs again for any path to /usr/local and found nothing (which is not commented out) that would affect basedir << root at nordkap:~# find /usr/local/etc/dovecot/ -type f -exec grep -H /usr/local/ {} \; /usr/local/etc/dovecot/README:/usr/local/share/doc/dovecot/example-config/ /usr/local/etc/dovecot/dovecot.conf:!include_try /usr/local/share/dovecot/protocols.d/*.protocol /usr/local/etc/dovecot/dovecot.conf:#base_dir = /usr/local/var/run/dovecot/ /usr/local/etc/dovecot/conf.d/10-mail.conf:#mail_plugin_dir = /usr/local/lib/dovecot/modules /usr/local/etc/dovecot/conf.d/90-quota.conf:# executable = script /usr/local/bin/quota-warning.sh >> So dovecot should use the default path /var/run if I understood you right. But it does not do so in my case. Is there any information which I could provide to help narrow down the problem? On the other side it's not really important as it works like charm with a symlink ;-) Cheers tobi > Probably your Dovecot binaries are built with a default base_dir of > /var/run/dovecot. What do the following give you? > > doveconf -d base_dir (as root) > doveconf base_dir (as root) > doveconf base_dir (as vmail:vmail) > >> Would it might be a "fix" to symlink /usr/local/var/run/dovecot to >> /var/run/dovecot ? Or would that break something with dovecot? > It probably won't break anything, but why don't you just use > /var/run/dovecot in the first place and take that base_dir definition > out of dovecot.conf? > > Ben > From christian.wiese at securepoint.de Tue May 7 19:24:07 2013 From: christian.wiese at securepoint.de (Christian Wiese) Date: Tue, 7 May 2013 18:24:07 +0200 Subject: [Dovecot] Permission problem with LDA and dovecot 2.2.1 In-Reply-To: <518926BA.4060703@brain-force.ch> References: <5187F54F.6050701@brain-force.ch> <20130507002100.GA52079@anubis.morrow.me.uk> <518926BA.4060703@brain-force.ch> Message-ID: <20130507182407.2a9bba0e@cw-desktop> Hi Tobi, take a look at the output from 'configure --help'. The problem is the imo stupid default of '--localstatedir'. ----%<---------------------------------------------------------- --localstatedir=DIR modifiable single-machine data [PREFIX/var] ----%<---------------------------------------------------------- Because you are obviously not specifying a prefix the default prefix '/usr/local' is used, thus your localstatedir is '/usr/local/var'. When examining the output of 'configure --help' we will also find: ----%<---------------------------------------------------------- --with-rundir=DIR Runtime data directory (LOCALSTATEDIR/run/dovecot) ----%<---------------------------------------------------------- I guess now you see what your problem is. AS you are compiling dovecot on your own (not using any prebuilt package) it is of course perfectly fine to use the default prefix (/usr/local), but you might want to simply specify '--localstatedir=/var' when running configure. Then there should be no need for you symlink ;) Hope that helps. Cheers, Chris Am Tue, 07 May 2013 18:07:22 +0200 schrieb Tobi : > hi Ben > > I tried with removing the base_dir definition from my config, > restartet dovecot and checked with the commands you provided below: > << > root at nordkap:~# doveconf -d base_dir > base_dir = /usr/local/var/run/dovecot > root at nordkap:~# doveconf base_dir > base_dir = /usr/local/var/run/dovecot > root at nordkap:~# su vmail -s /bin/sh -c "doveconf base_dir" > base_dir = /usr/local/var/run/dovecot > >> > for me it seems that all is build with /usr/local > But after removing the symlink and restarting dovecot I get the > errors again << > May 7 17:47:57 nordkap dovecot: lda: Error: userdb lookup: > connect(/var/run/dovecot/auth-userdb) failed: No such file or > directory May 7 17:47:57 nordkap dovecot: lda: Fatal: Internal error > occurred. Refer to server log for more information. > >> > I checked all the configs again for any path to /usr/local and found > nothing (which is not commented out) that would affect basedir > << > root at nordkap:~# find /usr/local/etc/dovecot/ -type f -exec grep -H > /usr/local/ {} \; > /usr/local/etc/dovecot/README:/usr/local/share/doc/dovecot/example-config/ > /usr/local/etc/dovecot/dovecot.conf:!include_try > /usr/local/share/dovecot/protocols.d/*.protocol > /usr/local/etc/dovecot/dovecot.conf:#base_dir > = /usr/local/var/run/dovecot/ /usr/local/etc/dovecot/conf.d/10-mail.conf:#mail_plugin_dir > = /usr/local/lib/dovecot/modules > /usr/local/etc/dovecot/conf.d/90-quota.conf:# executable = script > /usr/local/bin/quota-warning.sh > >> > So dovecot should use the default path /var/run if I understood you > right. But it does not do so in my case. > Is there any information which I could provide to help narrow down > the problem? On the other side it's not really important as it works > like charm with a symlink ;-) > > Cheers > > tobi > > > Probably your Dovecot binaries are built with a default base_dir of > > /var/run/dovecot. What do the following give you? > > > > doveconf -d base_dir (as root) > > doveconf base_dir (as root) > > doveconf base_dir (as vmail:vmail) > > > >> Would it might be a "fix" to symlink /usr/local/var/run/dovecot to > >> /var/run/dovecot ? Or would that break something with dovecot? > > It probably won't break anything, but why don't you just use > > /var/run/dovecot in the first place and take that base_dir > > definition out of dovecot.conf? > > > > Ben > > > -- Kind regards, Mit freundlichen Gr??en, Christian Wiese Follow us on Facebook: Follow us on Twitter: --------------------------------------------------------------------- Securepoint GmbH Christian Wiese Salzstr. 1 D-21335 Lueneburg http://www.securepoint.de Tele: ++49 4131 2401-0 Fax: ++49 4131 2401-50 Lueneburg HRB 1776 --------------------------------------------------------------------- CONFIDENTIALITY : This e-mail and any attachments are confidential and may be privileged. If you are not a named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose or store or copy the information in any medium. GEHEIMHALTUNGSPFLICHT : Dieses E-Mail und alle damit verbundenen Anlagen sind vertraulich und d?rfen nur bestimmten Personen zug?nglich gemacht werden. Sofern Sie nicht zu den angegebenen Empf?ngern geh?ren, benachrichtigen Sie bitte unverz?glich den Absender. Der Inhalt darf weder an Dritte weitergegeben noch zu anderen Zwecken verwendet werden. Die Informationen d?rfen auch nicht auf einem Datentr?ger gespeichert oder auf einen Datentr?ger kopiert werden. From tobster at brain-force.ch Tue May 7 19:47:24 2013 From: tobster at brain-force.ch (Tobi) Date: Tue, 07 May 2013 18:47:24 +0200 Subject: [Dovecot] Permission problem with LDA and dovecot 2.2.1 In-Reply-To: <5188A3E6.1020808@sys4.de> References: <5187F54F.6050701@brain-force.ch> <20130507002100.GA52079@anubis.morrow.me.uk> <51889399.7010400@brain-force.ch> <5188A3E6.1020808@sys4.de> Message-ID: <5189301C.5040803@brain-force.ch> Hi Robert yes all these users/groups are currently present (and were so before compiling) But as I could "fix" the problem with a symlink I won't spend much more time in finding the root cause. It works and I'm happy. It's just my private server where I know the only customer very well ;-) Cheers tobi Am 07.05.2013 08:49, schrieb Robert Schetterer: > Am 07.05.2013 07:39, schrieb Tobi: >> Am 07.05.2013 02:21, schrieb Ben Morrow: >>> At 8PM +0200 on 6/05/13 Tobi wrote: >>>> << >>>> 2013 May 6 18:37:59 nordkap lda: Fatal: Internal error occurred. Refer >>>> to server log for more information. >>>> May 6 18:37:59 nordkap dovecot: lda: Error: userdb lookup: >>>> connect(/var/run/dovecot/auth-userdb) failed: Connection refused >>>> May 6 18:37:59 nordkap dovecot: lda: Fatal: Internal error occurred. >>>> Refer to server log for more information. >>>> >> > i hope you did not forget > to add the needed users with compile from source i.e with > > > adduser --system --group --no-create-home --disabled-login > --force-badname dovenull > > adduser --system --group --no-create-home --disabled-login > --force-badname dovecot > > adduser --no-create-home --disabled-login --gecos vmail vmail > From michael.abbott at apple.com Tue May 7 22:09:42 2013 From: michael.abbott at apple.com (Mike Abbott) Date: Tue, 07 May 2013 14:09:42 -0500 Subject: [Dovecot] URLAUTH assertion failures in 2.2.1 In-Reply-To: <6A95B360-5808-43A9-87ED-37BA0E56A1BF@iki.fi> References: <6A95B360-5808-43A9-87ED-37BA0E56A1BF@iki.fi> Message-ID: > Both of these are fixed in hg. Confirmed. Thanks. I have no more major issues with URLAUTH at this time. From michael.abbott at apple.com Wed May 8 03:20:52 2013 From: michael.abbott at apple.com (Mike Abbott) Date: Tue, 07 May 2013 19:20:52 -0500 Subject: [Dovecot] CATENATE mis-reads literal after bad URL In-Reply-To: <136AC2FF-CFC3-48CA-BD26-BFAE8C673CAC@iki.fi> References: <789DF7D0-674A-4759-85C9-AF67F4A99735@apple.com> <136AC2FF-CFC3-48CA-BD26-BFAE8C673CAC@iki.fi> Message-ID: <32574DD5-44D5-4199-9429-93C21EB93DFA@apple.com> > I fixed the most obvious places in hg Thanks. Unfortunately CATENATE still fails for me in various ways. I'm trying to isolate test cases. From voytek at sbt.net.au Wed May 8 03:30:19 2013 From: voytek at sbt.net.au (voytek at sbt.net.au) Date: Wed, 8 May 2013 10:30:19 +1000 Subject: [Dovecot] ot: mirroring/archiving to a Mac? Message-ID: I have Doveot 2.1.1 on Centos, all's well user mails are kept for 60 days, then, 'aged off' (deleted) a Mac user with two domains and two dozen users asked me: can I set a mail server on my home Mac server, and, 'mirror' the real mail server mailboxes so than I can have an offline mail archive for ever ? I know very little about Macs, can I setup dovceot on Mac? any tips/suggestions/howtos for mirroring/archiving as so? From h.reindl at thelounge.net Wed May 8 03:34:25 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 08 May 2013 02:34:25 +0200 Subject: [Dovecot] ot: mirroring/archiving to a Mac? In-Reply-To: References: Message-ID: <51899D91.80905@thelounge.net> Am 08.05.2013 02:30, schrieb voytek at sbt.net.au: > I have Doveot 2.1.1 on Centos, all's well > > user mails are kept for 60 days, then, 'aged off' (deleted) > > a Mac user with two domains and two dozen users asked me: > > can I set a mail server on my home Mac server, and, 'mirror' the real mail > server mailboxes so than I can have an offline mail archive for ever ? > > I know very little about Macs, can I setup dovceot on Mac? > any tips/suggestions/howtos for mirroring/archiving as so? yes http://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/dovecot.1.html and for the archive itself imapsync and cron is his friend -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From voytek at sbt.net.au Wed May 8 03:44:29 2013 From: voytek at sbt.net.au (voytek at sbt.net.au) Date: Wed, 8 May 2013 10:44:29 +1000 Subject: [Dovecot] ot: mirroring/archiving to a Mac? In-Reply-To: <51899D91.80905@thelounge.net> References: <51899D91.80905@thelounge.net> Message-ID: <47fb6c27e719b734d3908793b4fcb7bf.squirrel@sbt.net.au> On Wed, May 8, 2013 10:34 am, Reindl Harald wrote: > yes > http://developer.apple.com/library/mac/documentation/Darwin/Reference/Man > Pages/man1/dovecot.1.html > > > and for the archive itself imapsync and cron is his friend Reindl, thanks, so, dovecot should be there already, I'd just need to config it, and, I could run imapsync on the real server to 'push' sync process to the Mac; or, possibly run impasync on Mac to 'pull' sync, thanks, sounds good From ben at morrow.me.uk Wed May 8 03:49:48 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Wed, 8 May 2013 01:49:48 +0100 Subject: [Dovecot] ot: mirroring/archiving to a Mac? In-Reply-To: <51899D91.80905@thelounge.net> References: <51899D91.80905@thelounge.net> Message-ID: <20130508004947.GC52079@anubis.morrow.me.uk> At 2AM +0200 on 8/05/13 you (Reindl Harald) wrote: > Am 08.05.2013 02:30, schrieb voytek at sbt.net.au: > > I have Doveot 2.1.1 on Centos, all's well > > > > user mails are kept for 60 days, then, 'aged off' (deleted) > > > > a Mac user with two domains and two dozen users asked me: > > > > can I set a mail server on my home Mac server, and, 'mirror' the real mail > > server mailboxes so than I can have an offline mail archive for ever ? > > > > I know very little about Macs, can I setup dovceot on Mac? > > any tips/suggestions/howtos for mirroring/archiving as so? > > yes > http://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/dovecot.1.html > > and for the archive itself imapsync and cron is his friend Is it possible to use dsync for this? You would need a way to say 'don't delete mails from the destination', and I don't know if it will do that... Ben From h.reindl at thelounge.net Wed May 8 03:52:18 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 08 May 2013 02:52:18 +0200 Subject: [Dovecot] ot: mirroring/archiving to a Mac? In-Reply-To: <20130508004947.GC52079@anubis.morrow.me.uk> References: <51899D91.80905@thelounge.net> <20130508004947.GC52079@anubis.morrow.me.uk> Message-ID: <5189A1C2.2030400@thelounge.net> Am 08.05.2013 02:49, schrieb Ben Morrow: > At 2AM +0200 on 8/05/13 you (Reindl Harald) wrote: >> Am 08.05.2013 02:30, schrieb voytek at sbt.net.au: >>> I have Doveot 2.1.1 on Centos, all's well >>> >>> user mails are kept for 60 days, then, 'aged off' (deleted) >>> >>> a Mac user with two domains and two dozen users asked me: >>> >>> can I set a mail server on my home Mac server, and, 'mirror' the real mail >>> server mailboxes so than I can have an offline mail archive for ever ? >>> >>> I know very little about Macs, can I setup dovceot on Mac? >>> any tips/suggestions/howtos for mirroring/archiving as so? >> >> yes >> http://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/dovecot.1.html >> >> and for the archive itself imapsync and cron is his friend > > Is it possible to use dsync for this? You would need a way to say 'don't > delete mails from the destination', and I don't know if it will do > that... and that is why i recommended imapsync because it does not delete as long you do not specify it explicit usage: /usr/bin/imapsync [options] Several options are mandatory. --dry : Makes imapsync doing nothing, just print what would be done without --dry. --host1 : Source or "from" imap server. Mandatory. --port1 : Port to connect on host1. Default is 143. --user1 : User to login on host1. Mandatory. --showpasswords : Shows passwords on output instead of "MASKED". Useful to restart a complete run by just reading a log. --password1 : Password for the user1. --host2 : "destination" imap server. Mandatory. --port2 : Port to connect on host2. Default is 143. --user2 : User to login on host2. Mandatory. --password2 : Password for the user2. --passfile1 : Password file for the user1. It must contain the password on the first line. This option avoids to show the password on the command line like --password1 does. --passfile2 : Password file for the user2. Contains the password. --domain1 : Domain on host1 (NTLM authentication). --domain2 : Domain on host2 (NTLM authentication). --authuser1 : User to auth with on host1 (admin user). Avoid using --authmech1 SOMETHING with --authuser1. --authuser2 : User to auth with on host2 (admin user). --proxyauth1 : Use proxyauth on host1. Requires --authuser1. Required by Sun/iPlanet/Netscape IMAP servers to be able to use an administrative user. --proxyauth2 : Use proxyauth on host2. Requires --authuser2. Required by Sun/iPlanet/Netscape IMAP servers to be able to use an administrative user --authmd51 : Use MD5 authentification for host1. --authmd52 : Use MD5 authentification for host2. --authmech1 : Auth mechanism to use with host1: PLAIN, LOGIN, CRAM-MD5 etc. Use UPPERCASE. --authmech2 : Auth mechanism to use with host2. See --authmech1 --ssl1 : Use an SSL connection on host1. --ssl2 : Use an SSL connection on host2. --tls1 : Use an TLS connection on host1. --tls2 : Use an TLS connection on host2. --folder : Sync this folder. --folder : and this one, etc. --folderrec : Sync this folder recursively. --folderrec : and this one, etc. --include : Sync folders matching this regular expression --include : or this one, etc. in case both --include --exclude options are use, include is done before. --exclude : Skips folders matching this regular expression Several folders to avoid: --exclude 'fold1|fold2|f3' skips fold1, fold2 and f3. --exclude : or this one, etc. --regextrans2 : Apply the whole regex to each destination folders. --regextrans2 : and this one. etc. When you play with the --regextrans2 option, first add also the safe options --dry --justfolders Then, when happy, remove --dry, remove --justfolders. Have in mind that --regextrans2 is applied after prefix and separator inversion. --tmpdir : Where to store temporary files and subdirectories. Will be created if it doesn't exist. Default is system specific, Unix is /tmp but it's often small and deleted at reboot. --tmpdir /var/tmp should be better. --pidfile : The file where imapsync pid is written. --pidfilelocking : Abort if pidfile already exists. Usefull to avoid concurrent transfers on the same mailbox. --prefix1 : Remove prefix to all destination folders (usually INBOX. or INBOX/ or an empty string "") you have to use --prefix1 if host1 imap server does not have NAMESPACE capability, all other cases are bad. --prefix2 : Add prefix to all host2 folders. See --prefix1 --sep1 : Host1 separator in case NAMESPACE is not supported. --sep2 : Host2 separator in case NAMESPACE is not supported. --regexmess : Apply the whole regex to each message before transfer. Example: 's/\000/ /g' # to replace null by space. --regexmess : and this one. --regexmess : and this one, etc. --regexflag : Apply the whole regex to each flags list. Example: 's/"Junk"//g' # to remove "Junk" flag. --regexflag : and this one, etc. --delete : Deletes messages on host1 server after a successful transfer. Option --delete has the following behavior: it marks messages as deleted with the IMAP flag \Deleted, then messages are really deleted with an EXPUNGE IMAP command. --delete2 : Delete messages in host2 that are not in host1 server. Useful for backup or pre-sync. --delete2duplicates : Delete messages in host2 that are duplicates. Works only without --useuid since duplicates are detected with header part of each message. --delete2folders : Delete folders in host2 that are not in host1 server. For safety, first try it like this (it is safe): --delete2folders --dry --justfolders --nofoldersizes --delete2foldersonly : Deleted only folders matching regex. --delete2foldersbutnot : Do not delete folders matching regex. Example: --delete2foldersbutnot "/Tasks|Contacts|Foo/" --noexpunge : Do not expunge messages on host1. Expunge really deletes messages marked deleted. Expunge is made at the beginning, on host1 only. Newly transferred messages are also expunged if option --delete is given. No expunge is done on host2 account (unless --expunge2) --expunge1 : Expunge messages on host1 after messages transfer. --expunge2 : Expunge messages on host2 after messages transfer. --uidexpunge2 : uidexpunge messages on the host2 account that are not on the host1 account, requires --delete2 --syncinternaldates : Sets the internal dates on host2 same as host1. Turned on by default. Internal date is the date a message arrived on a host (mtime). --idatefromheader : Sets the internal dates on host2 same as the "Date:" headers. --maxsize : Skip messages larger (or equal) than bytes --minsize : Skip messages smaller (or equal) than bytes --maxage : Skip messages older than days. final stats (skipped) don't count older messages see also --minage --minage : Skip messages newer than days. final stats (skipped) don't count newer messages You can do (+ are the messages selected): past|----maxage+++++++++++++++>now past|+++++++++++++++minage---->now past|----maxage+++++minage---->now (intersection) past|++++minage-----maxage++++>now (union) --search : Selects only messages returned by this IMAP SEARCH command. Applied on both sides. --search1 : Same as --search for selecting host1 messages only. --search2 : Same as --search for selecting host2 messages only. --search CRIT equals --search1 CRIT --search2 CRIT --exitwhenover : Stop syncing when total bytes transferred reached. Gmail per day allows 2500000000 down 500000000 upload. --useheader : Use this header to compare messages on both sides. Ex: Message-ID or Subject or Date. --useheader and this one, etc. --subscribed : Transfers subscribed folders. --subscribe : Subscribe to the folders transferred on the host2 that are subscribed on host1. On by default. --subscribe_all : Subscribe to the folders transferred on the host2 even if they are not subscribed on host1. --nofoldersizes : Do not calculate the size of each folder in bytes and message counts. Default is to calculate them. --nofoldersizesatend : Do not calculate the size of each folder in bytes and message counts at the end. Default is on. --justfoldersizes : Exit after having printed the folder sizes. --syncacls : Synchronises acls (Access Control Lists). --nosyncacls : Does not synchronize acls. This is the default. Acls in IMAP are not standardized, be careful. --usecache : Use cache to speedup. --nousecache : Do not use cache. Caveat: --useuid --nousecache creates duplicates on multiple runs. --useuid : Use uid instead of header as a criterium to recognize messages. Option --usecache is then implied unless --nousecache is used. --debug : Debug mode. --debugcontent : Debug content of the messages transfered. --debugflags : Debug flags. --debugimap1 : IMAP debug mode for host1. imap debug is very verbose. --debugimap2 : IMAP debug mode for host2. --debugimap : IMAP debug mode for host1 and host2. --version : Print software version. --noreleasecheck : Do not check for new imapsync release (a http request). --justconnect : Just connect to both servers and print useful information. Need only --host1 and --host2 options. --justlogin : Just login to both host1 and host2 with users credentials, then exit. --justfolders : Do only things about folders (ignore messages). --help : print this help. Example: to synchronize imap account "foo" on "imap.truc.org" to imap account "bar" on "imap.trac.org" with foo password "secret1" and bar password "secret2" /usr/bin/imapsync \ --host1 imap.truc.org --user1 foo --password1 secret1 \ --host2 imap.trac.org --user2 bar --password2 secret2 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From ben at morrow.me.uk Wed May 8 04:06:14 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Wed, 8 May 2013 02:06:14 +0100 Subject: [Dovecot] Keyword limit? In-Reply-To: <20130506193015.Horde.4ZXdPnc1ucJ4uVYcxsGo9g1@bigworm.curecanti.org> References: <20130506161026.Horde.2ULRV1cEN1yjCUs2YK2Ikg2@bigworm.curecanti.org> <20130507003626.GB52079@anubis.morrow.me.uk> <20130506193015.Horde.4ZXdPnc1ucJ4uVYcxsGo9g1@bigworm.curecanti.org> Message-ID: <20130508010614.GD52079@anubis.morrow.me.uk> At 7PM -0600 on 6/05/13 you (Michael M Slusarz) wrote: > Quoting Ben Morrow : > > At 4PM -0600 on 6/05/13 you (Michael M Slusarz) wrote: > >> Running into a weird issue in a mailbox that has 26+ keywords. > > > > You are using Maildir, yes? Maildir stores keywords in the flags field > > of the message filename, using lowercase letters, so there is a limit of > > 26 per folder. See http://wiki2.dovecot.org/MailboxFormat/Maildir . > > Thanks for the pointer (looks like I was foolishly doing a 'keyword' > Title search on the wiki and never did a 'keyword' Text search). > > However, I still think there is a bug. That page states: > > "This means that only 26 keywords are possible to store in the > maildir. If more are used, they're still stored in Dovecot's index > files." > > This is not happening for me though. Instead all keywords above 26 > are lost immediately after applying them. Hmm, I missed that... I don't know, I'm afraid, so I'll just ask the usual questions: which version of Dovecot are you using, have you tried the latest...? Ben From a.kostyrev at serverc.ru Wed May 8 04:24:37 2013 From: a.kostyrev at serverc.ru (=?koi8-r?B?68/T1NnSxdcg4czFy9PBzsTSIOHMxcvTxcXXyd4=?=) Date: Wed, 8 May 2013 12:24:37 +1100 Subject: [Dovecot] sieve redirect envelope address problem Message-ID: <213B51F00051AE48A9F0E11288017717B842BF@Delta.sc.local> Good day! I have a problem with mail redirection through sieve rules. I've configured sieve rule that redirects any mail coming to user to gmail mailbox (or whatever external mail system there is). But when sieve redirects any mail it puts vmail@%dovecot_hostname% into envelope address, gives it to my exim for delivery and gmail rejects my mail because user vmail@%dovecot_hostname% do not exist. Please, advice for what can be done about this behavior. my `doveconf -n` http://pastebin.com/0dyL9Jgs Thanks in advance! -- ? ?????????, ???????? ????????? ????????????? Linux-?????? From h.reindl at thelounge.net Wed May 8 04:29:47 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 08 May 2013 03:29:47 +0200 Subject: [Dovecot] sieve redirect envelope address problem In-Reply-To: <213B51F00051AE48A9F0E11288017717B842BF@Delta.sc.local> References: <213B51F00051AE48A9F0E11288017717B842BF@Delta.sc.local> Message-ID: <5189AA8B.9090407@thelounge.net> Am 08.05.2013 03:24, schrieb ???????? ????????? ??????????: > Good day! > > I have a problem with mail redirection through sieve rules. > I've configured sieve rule that redirects any mail coming to user to gmail mailbox (or whatever external mail system there is). > But when sieve redirects any mail it puts vmail@%dovecot_hostname% into envelope address, gives it to my exim for delivery and gmail rejects my mail because user vmail@%dovecot_hostname% do not exist. > Please, advice for what can be done about this behavior if you say "any mail coming to user" why do you implent the forwarding in dovecot/sieve instead directly on the MTA? i am using postfix, so no idea how to implement it in exim but i have on asverer 9000 forwarders which never touch the LDA at all and directly forwarded from the MTA -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From a.kostyrev at serverc.ru Wed May 8 05:00:25 2013 From: a.kostyrev at serverc.ru (=?koi8-r?B?68/T1NnSxdcg4czFy9PBzsTSIOHMxcvTxcXXyd4=?=) Date: Wed, 8 May 2013 13:00:25 +1100 Subject: [Dovecot] sieve redirect envelope address problem In-Reply-To: <5189AA8B.9090407@thelounge.net> References: <213B51F00051AE48A9F0E11288017717B842BF@Delta.sc.local> <5189AA8B.9090407@thelounge.net> Message-ID: <213B51F00051AE48A9F0E11288017717B842C0@Delta.sc.local> Because it should be optional for users (to use or not to use filters). -- ? ?????????, ???????? ????????? ????????????? Linux-?????? -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Reindl Harald Sent: Wednesday, May 08, 2013 12:30 PM To: dovecot at dovecot.org Subject: Re: [Dovecot] sieve redirect envelope address problem Am 08.05.2013 03:24, schrieb ???????? ????????? ??????????: > Good day! > > I have a problem with mail redirection through sieve rules. > I've configured sieve rule that redirects any mail coming to user to gmail mailbox (or whatever external mail system there is). > But when sieve redirects any mail it puts vmail@%dovecot_hostname% into envelope address, gives it to my exim for delivery and gmail rejects my mail because user vmail@%dovecot_hostname% do not exist. > Please, advice for what can be done about this behavior if you say "any mail coming to user" why do you implent the forwarding in dovecot/sieve instead directly on the MTA? i am using postfix, so no idea how to implement it in exim but i have on asverer 9000 forwarders which never touch the LDA at all and directly forwarded from the MTA From ben at morrow.me.uk Wed May 8 05:57:42 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Wed, 8 May 2013 03:57:42 +0100 Subject: [Dovecot] sieve redirect envelope address problem In-Reply-To: <213B51F00051AE48A9F0E11288017717B842BF@Delta.sc.local> References: <213B51F00051AE48A9F0E11288017717B842BF@Delta.sc.local> Message-ID: <20130508025742.GE52079@anubis.morrow.me.uk> At 12PM +1100 on 8/05/13 you (???????? ????????? ??????????) wrote: > > I have a problem with mail redirection through sieve rules. > I've configured sieve rule that redirects any mail coming to user to > gmail mailbox (or whatever external mail system there is). > But when sieve redirects any mail it puts vmail@%dovecot_hostname% > into envelope address, gives it to my exim for delivery and gmail > rejects my mail because user vmail@%dovecot_hostname% do not exist. > Please, advice for what can be done about this behavior. Sieve should be submitting the mail to the outbound SMTP with the same envelope address as it had coming in (that is, this is a true SMTP redirect, not an SPF-compatible resending-from-a-new-address). I think your SMTP server must be rewriting this based on the uid of the LDA process; this is not something Dovecot can do anything about. To test this you can run sendmail(8) with the -f switch as the vmail user: if the address you specify is rewritten, then the problem is not with Dovecot. You need to fix this in your SMTP configuration, somehow. Decide what your policy is about the envelope sender of outbound mail: are you going to rewrite to @your.domain, which is SPF-compatible but messes up bounces; or are you going to leave it alone, which is what a sieve redirect is supposed to do but which can cause problems if the original sender publishes an SPF policy and the final recipient checks it (neither of which you can control)? There are a number of other variously-unpleasant alternatives, like SRS (which attempts to preserve the original sender while still only sending mail from @your.domain), but basically none of this is specific to sieve or Dovecot. Find out what happens if mail is forwarded in the ordinary way by your MTA, and then work out how to get the MTA to do that for any mail submitted by the 'vmail' user. Ben From =?UTF-8?B?0JrQvtGB0YLRi9GA0LXQsiDQkNC70LXQutGB0LDQvdC00YAg0JDQu9C10LrRgQ==?= Wed May 8 07:51:26 2013 From: =?UTF-8?B?0JrQvtGB0YLRi9GA0LXQsiDQkNC70LXQutGB0LDQvdC00YAg0JDQu9C10LrRgQ==?= (=?UTF-8?B?0JrQvtGB0YLRi9GA0LXQsiDQkNC70LXQutGB0LDQvdC00YAg0JDQu9C10LrRgQ==?=) Date: Wed, 8 May 2013 15:51:26 +1100 Subject: [Dovecot] sieve redirect envelope address problem [solved] In-Reply-To: <20130508025742.GE52079@anubis.morrow.me.uk> References: <213B51F00051AE48A9F0E11288017717B842BF@Delta.sc.local> <20130508025742.GE52079@anubis.morrow.me.uk> Message-ID: <213B51F00051AE48A9F0E11288017717B842C3@Delta.sc.local> submission_host directive solved problem for me. Thanks! -- ? ?????????, ???????? ????????? ????????????? Linux-?????? -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Ben Morrow Sent: Wednesday, May 08, 2013 1:58 PM To: ???????? ????????? ?????????? Cc: dovecot at dovecot.org Subject: Re: [Dovecot] sieve redirect envelope address problem At 12PM +1100 on 8/05/13 you (???????? ????????? ??????????) wrote: > > I have a problem with mail redirection through sieve rules. > I've configured sieve rule that redirects any mail coming to user to > gmail mailbox (or whatever external mail system there is). > But when sieve redirects any mail it puts vmail@%dovecot_hostname% > into envelope address, gives it to my exim for delivery and gmail > rejects my mail because user vmail@%dovecot_hostname% do not exist. > Please, advice for what can be done about this behavior. Sieve should be submitting the mail to the outbound SMTP with the same envelope address as it had coming in (that is, this is a true SMTP redirect, not an SPF-compatible resending-from-a-new-address). I think your SMTP server must be rewriting this based on the uid of the LDA process; this is not something Dovecot can do anything about. To test this you can run sendmail(8) with the -f switch as the vmail user: if the address you specify is rewritten, then the problem is not with Dovecot. You need to fix this in your SMTP configuration, somehow. Decide what your policy is about the envelope sender of outbound mail: are you going to rewrite to @your.domain, which is SPF-compatible but messes up bounces; or are you going to leave it alone, which is what a sieve redirect is supposed to do but which can cause problems if the original sender publishes an SPF policy and the final recipient checks it (neither of which you can control)? There are a number of other variously-unpleasant alternatives, like SRS (which attempts to preserve the original sender while still only sending mail from @your.domain), but basically none of this is specific to sieve or Dovecot. Find out what happens if mail is forwarded in the ordinary way by your MTA, and then work out how to get the MTA to do that for any mail submitted by the 'vmail' user. Ben From AxelLuttgens at swing.be Wed May 8 10:22:14 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Wed, 8 May 2013 09:22:14 +0200 Subject: [Dovecot] ot: mirroring/archiving to a Mac? In-Reply-To: <47fb6c27e719b734d3908793b4fcb7bf.squirrel@sbt.net.au> References: <51899D91.80905@thelounge.net> <47fb6c27e719b734d3908793b4fcb7bf.squirrel@sbt.net.au> Message-ID: Le 8 mai 2013 ? 02:44, voytek at sbt.net.au a ?crit : > On Wed, May 8, 2013 10:34 am, Reindl Harald wrote: > >> yes >> http://developer.apple.com/library/mac/documentation/Darwin/Reference/Man >> Pages/man1/dovecot.1.html >> >> >> and for the archive itself imapsync and cron is his friend > > Reindl, > > thanks, so, dovecot should be there already, I'd just need to config it, > and, I could run imapsync on the real server to 'push' sync process to the > Mac; Hello, Note that Dovecot comes with the Server version of the OS only. Cost shouldn't be a problem -the Server package is terribly affordable- but, for the purpose you are considering, installing it on a client machine may be somewhat overkill, or even problematic (after all, a server isn't supposed to be run as a general purpose GUI machine...). On the other hand, Dovecot compiles easily and without a glitch on Mac OS X. HTH, Axel From janfrode at tanso.net Wed May 8 11:25:35 2013 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Wed, 8 May 2013 10:25:35 +0200 Subject: [Dovecot] dovecot stats In-Reply-To: <28C0B64D-85F1-4A58-A5DF-1FE65D289BED@iki.fi> References: <28C0B64D-85F1-4A58-A5DF-1FE65D289BED@iki.fi> Message-ID: On Mon, May 6, 2013 at 4:37 PM, Timo Sirainen wrote: > On 29.4.2013, at 15.30, Jan-Frode Myklebust wrote: > > > > Is it possible to collect info about POP3 and LMTP commands also ? > > No. I think they would be pretty boring statistics, since with POP3 pretty > much everything causing disk I/O or CPU usage would be RETRs and with LMTP > everything would be DATAs. > > I think knowing the timings of writing messages to disk / reading from disk would be very interesting and relevant data. Especially for us with mostly POP3 clients, where LMTP DATAs and POP3 RETRs probably is accounting for major parts of the server load. > > Also, is "doveadm stats dump command" telling me the results of all > > commands that has finished the last stats_command_min_time, or will it > > maybe contain much more than 1 minute of activity ? > > It can contain much more. The stats process will keep as much data in > memory as possible until it reaches the stats_memory_limit. The doveadm > stats dump lists everything that the stats process knows. > > Ok, then I guess we'll need to limit our stats dumps based on last_seen. -jf From rs at sys4.de Wed May 8 11:38:30 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 08 May 2013 10:38:30 +0200 Subject: [Dovecot] dovecot stats In-Reply-To: References: <28C0B64D-85F1-4A58-A5DF-1FE65D289BED@iki.fi> Message-ID: <518A0F06.9070001@sys4.de> Am 08.05.2013 10:25, schrieb Jan-Frode Myklebust: > On Mon, May 6, 2013 at 4:37 PM, Timo Sirainen wrote: > >> On 29.4.2013, at 15.30, Jan-Frode Myklebust wrote: >> >> >>> Is it possible to collect info about POP3 and LMTP commands also ? >> >> No. I think they would be pretty boring statistics, since with POP3 pretty >> much everything causing disk I/O or CPU usage would be RETRs and with LMTP >> everything would be DATAs. >> >> > I think knowing the timings of writing messages to disk / reading from disk > would be very interesting and relevant data. Especially for us with mostly > POP3 clients, where LMTP DATAs and POP3 RETRs probably is accounting for > major parts of the server load. no urgent need for stats i count pop3 logins with xymon out of syslog in realtime, also logwatch reports lmtp/pop3/imap daily for each user by cron in daily terms perhaps have a look at http://sys4.de/de/blog/2013/01/10/xymon-dovecot-count-imap-pop3-logins-graph-central-rsyslog-server-ubuntu-lucid/ if you have xymon monitoring etc installed you have other stuff like cpu , mem, disk io too i ll plan to write some solution for xymon retrieve data out of dovecot stats too > > >>> Also, is "doveadm stats dump command" telling me the results of all >>> commands that has finished the last stats_command_min_time, or will it >>> maybe contain much more than 1 minute of activity ? >> >> It can contain much more. The stats process will keep as much data in >> memory as possible until it reaches the stats_memory_limit. The doveadm >> stats dump lists everything that the stats process knows. >> >> > > Ok, then I guess we'll need to limit our stats dumps based on last_seen. > > > -jf > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From christian.wiese at securepoint.de Wed May 8 12:24:41 2013 From: christian.wiese at securepoint.de (Christian Wiese) Date: Wed, 8 May 2013 11:24:41 +0200 Subject: [Dovecot] Permission problem with LDA and dovecot 2.2.1 In-Reply-To: <20130507182407.2a9bba0e@cw-desktop> References: <5187F54F.6050701@brain-force.ch> <20130507002100.GA52079@anubis.morrow.me.uk> <518926BA.4060703@brain-force.ch> <20130507182407.2a9bba0e@cw-desktop> Message-ID: <20130508112441.3f4797ee@cw-desktop> Hi Tobi, > my problem is not why /usr/local is used > I choose this prefix intentionally so that I have the new dovecot > separeted from the "old" one from debian backports. As I tried to say in my mailing list post '/usr/local' is the right choice to avoid conflicts with binary packages provided by your favorite distribution. > My problem is more: why does the lda search in /var/run when all the > rest of dovecot correctly uses /usr/local/var/run > The problem is only the lda part. All other stuff from dovecot looks > in the correct location (login, plugins etc) > I wait until debian has 2.2 dovecot in repo and then this symlink is > not needed anymore ;-) It seems you didn't read my mail carefully ;) You do not have to wait for debian providing a dovecot 2.2 binary package. To solve your "symlink issue" right now, you do not even have to uninstall your current 2.2 installation, because you simply need to reconfigure your source tree using exactly the same configure options like before, only adding '--localstatedir=/var'. So if you used something like './configure --prefix=/usr/local' you simply need to run: ------%<----------------------------------------------------------- ./configure --prefix=/usr/local --localstatedir=/var' ------%<----------------------------------------------------------- Of course you also need to run 'make' and before running 'make install' you should remove your current '/var/run/dovecot' symlink. After restarting your dovecot service everything should be fine without the need to create that symlink. That's all what needs to be done. Cheers, Chris Am Tue, 7 May 2013 18:24:07 +0200 schrieb Christian Wiese : > Hi Tobi, > > take a look at the output from 'configure --help'. > The problem is the imo stupid default of '--localstatedir'. > ----%<---------------------------------------------------------- > --localstatedir=DIR modifiable single-machine data [PREFIX/var] > ----%<---------------------------------------------------------- > > Because you are obviously not specifying a prefix the default prefix > '/usr/local' is used, thus your localstatedir is '/usr/local/var'. > > When examining the output of 'configure --help' we will also find: > ----%<---------------------------------------------------------- > --with-rundir=DIR Runtime data directory > (LOCALSTATEDIR/run/dovecot) > ----%<---------------------------------------------------------- > > I guess now you see what your problem is. > > AS you are compiling dovecot on your own (not using any prebuilt > package) it is of course perfectly fine to use the default prefix > (/usr/local), but you might want to simply specify > '--localstatedir=/var' when running configure. > Then there should be no need for you symlink ;) > > Hope that helps. > > Cheers, > Chris > From janfrode at tanso.net Wed May 8 12:25:03 2013 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Wed, 8 May 2013 11:25:03 +0200 Subject: [Dovecot] dovecot stats In-Reply-To: <518A0F06.9070001@sys4.de> References: <28C0B64D-85F1-4A58-A5DF-1FE65D289BED@iki.fi> <518A0F06.9070001@sys4.de> Message-ID: Thanks, nice graphs. I've attached a graph over LMTP delays per minute as seen from the postfix side on one of our servers. This includes delays caused by both delivery to dovecot LMTP, and also LMTP communication internally on the mailservers between postfix and amavis. Unfortunately it says nothing about the delivery time to each individual dovecot backend, since these are hiding behind dovecot director, and therefor we have no way of knowing which of our backends are slow (if any). -jf > -------------- next part -------------- A non-text attachment was scrubbed... Name: lmtp-delays.png Type: image/png Size: 35049 bytes Desc: not available URL: From dovecot at cfs.parliant.com Wed May 8 15:42:33 2013 From: dovecot at cfs.parliant.com (Chris Saldanha) Date: Wed, 08 May 2013 08:42:33 -0400 Subject: [Dovecot] change inbox dotlock name Message-ID: <518A4839.8020305@cfs.parliant.com> Hi, Is there a configuration element that would allow me to change the dot-lock name for the user's /var/mail inbox when it is locked? dovecot (correctly) acquires .lock, but I'm having a problem with procmail where some obscure code path is preventing procmail's acquisition of a lock when it's that default name in /var/mail. The issue is not permissions (using a world-writeable and sticky-bit config for /var/mail). I'll dig into the procmail code if needed, but if dovecot could use a different filename for such locks, then that would solve my issue. procmail has such an option, and I only need to do this for inboxes. Thanks, Chris -- Chris Saldanha Parliant Corporation From hajo.locke at gmx.de Wed May 8 17:41:55 2013 From: hajo.locke at gmx.de (Hajo Locke) Date: Wed, 8 May 2013 16:41:55 +0200 Subject: [Dovecot] Xlist in userdb, Foldernames with whitespace? Message-ID: <184A6E7B8F5A495A94DD08A848164103@ai.local> Hello, i use dovecot 2.1.7 and exported all my XLIST FolderSettings to userdb Whole Story is here: http://dovecot.org/list/dovecot/2013-March/089209.html This is all successful, but there is one problem left. I use lines like this to realize individual XLIST Foldernames in usedb: namespace/inbox/mailbox=Sent namespace/inbox/mailbox/Sent/name=Sent namespace/inbox/mailbox/Sent/auto=subscribe namespace/inbox/mailbox/Sent/special_use=\sent My problem is to allow Foldernames with whitespace in it f.e. Sent Messages I tried to put these names in quotes in this line or mask the blank with backslash but nothing was working. Dovecot ist not accepting these settings: dovecot: imap: Debug: Added userdb setting: namespace/inbox/mailbox="Sent Messages" dovecot: imap: Debug: Unknown userdb setting: plugin/namespace/inbox/mailbox/"Sent Messages"/auto=subscribe dovecot: imap: Debug: Unknown userdb setting: plugin/namespace/inbox/mailbox/"Sent Messages"/name="Sent Messages" dovecot: imap: Debug: Unknown userdb setting: plugin/namespace/inbox/mailbox/"Sent Messages"/special_use=\sent How to code folders with whitespace etc. in my userdb settings? I tried a lot but nothing was correct. Thanks, Hajo From AxelLuttgens at swing.be Wed May 8 18:37:08 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Wed, 8 May 2013 17:37:08 +0200 Subject: [Dovecot] change inbox dotlock name In-Reply-To: <518A4839.8020305@cfs.parliant.com> References: <518A4839.8020305@cfs.parliant.com> Message-ID: <01AC9253-B0AC-4FB6-B049-2FF2122EC0E1@swing.be> Le 8 mai 2013 ? 14:42, Chris Saldanha a ?crit : > Hi, > > Is there a configuration element that would allow me to change the dot-lock name for the user's /var/mail inbox when it is locked? Hello Chris, This seems to be fully hard-coded. > dovecot (correctly) acquires .lock, but I'm having a problem with procmail where some obscure code path is preventing procmail's acquisition of a lock when it's that default name in /var/mail. But I fear I don't understand your problem description. Could you elaborate? Axel From trever at middleearth.sapphiresunday.org Wed May 8 19:04:45 2013 From: trever at middleearth.sapphiresunday.org (Trever L. Adams) Date: Wed, 08 May 2013 10:04:45 -0600 Subject: [Dovecot] IMAP SSL proxy (questions) Message-ID: <518A779D.6060404@middleearth.sapphiresunday.org> Hello everyone, I have seen: http://wiki.dovecot.org/HowTo/ImapProxy. It doesn't seem to fit what I need. Unfortunately, I cannot use TLS. I have to use SSL. Also, I would rather not duplicate the certificates for the IMAP servers. Hence nginx doesn't seem to be a good choice either. I am hoping that since SSL has "Client Hello" which specifies the site requested the the following could be done: Client - > Proxy [SYN] Proxy -> Client [SYN, ACK] Client -> Proxy [ACK] Client -> Proxy [SSL With "Client Hello", having server_name in Extension: server_name and sub-fields] Proxy sees intended host Proxy <-> Intended Server [SYN/SYN+ACK/ACK sequence] Proxy -> Intended Server [Replay SSL/Client Hello] Client <-> Proxy <-> Intended Server (Proxy is non decrypting Man-in-the-Middle, just acting as a pseudo-invisible relay) I know that something somewhat like this works because this is how Apache can do virtual hosts with SSL. Of course, it acts as the end point intended server, not a proxy. I believe it is also somewhat how Squid does SSL proxying, although I could be entirely wrong. Is this possible? Can this be implemented in dovecot? If not, does anyone know of such a project. Proxy needs to not have any exploitable holes and really only needs to understand enough SSL to get the server_name, pass through the connection, replaying Client Hello, and then knowing when to shut the connection. Just as a breif example, the use I have for this now is that I have several imap servers which all have IPv6 addresses, but have to share an IPv4 address. for SMTP side of things, this works well for all incoming email. (As an aside, does anyone know of a similar setup for SSL traffic on port 465 SSL for SMTP?) Thank you for any help, Trever From h.reindl at thelounge.net Wed May 8 19:57:23 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 08 May 2013 18:57:23 +0200 Subject: [Dovecot] IMAP SSL proxy (questions) In-Reply-To: <518A779D.6060404@middleearth.sapphiresunday.org> References: <518A779D.6060404@middleearth.sapphiresunday.org> Message-ID: <518A83F3.2080607@thelounge.net> Am 08.05.2013 18:04, schrieb Trever L. Adams: > Is this possible? Can this be implemented in dovecot? If not, does > anyone know of such a project. Proxy needs to not have any exploitable > holes and really only needs to understand enough SSL to get the > server_name, pass through the connection, replaying Client Hello, and > then knowing when to shut the connection it is a broken idea IMAP/PO3/SMTP is not a website with different contents you need ONE certificate and ONE server-name and you are done in case of dovecot as proxy you do not need SSL at all on the backend sevrers if they are not accessed via WAN -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From ben at morrow.me.uk Wed May 8 20:21:13 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Wed, 8 May 2013 18:21:13 +0100 Subject: [Dovecot] Permission problem with LDA and dovecot 2.2.1 In-Reply-To: <518926BA.4060703@brain-force.ch> References: <5187F54F.6050701@brain-force.ch> <20130507002100.GA52079@anubis.morrow.me.uk> <518926BA.4060703@brain-force.ch> Message-ID: <20130508172112.GF52079@anubis.morrow.me.uk> At 6PM +0200 on 7/05/13 you (Tobi) wrote: > > I tried with removing the base_dir definition from my config, restartet > dovecot and checked with the commands you provided below: > << > root at nordkap:~# doveconf -d base_dir > base_dir = /usr/local/var/run/dovecot > root at nordkap:~# doveconf base_dir > base_dir = /usr/local/var/run/dovecot > root at nordkap:~# su vmail -s /bin/sh -c "doveconf base_dir" > base_dir = /usr/local/var/run/dovecot > >> > for me it seems that all is build with /usr/local OK, that's odd. I was wondering if you had some permission problem which was stopping the lda from reading the config file, but apparently not. > But after removing the symlink and restarting dovecot I get the errors again > << > May 7 17:47:57 nordkap dovecot: lda: Error: userdb lookup: > connect(/var/run/dovecot/auth-userdb) failed: No such file or directory > May 7 17:47:57 nordkap dovecot: lda: Fatal: Internal error occurred. > Refer to server log for more information. > >> Are you sure you're running the right copy of dovecot-lda? I think you mentioned xthread that you have a Debian-provided version installed as well? Ben From tobster at brain-force.ch Wed May 8 22:53:28 2013 From: tobster at brain-force.ch (Tobi) Date: Wed, 08 May 2013 21:53:28 +0200 Subject: [Dovecot] Permission problem with LDA and dovecot 2.2.1 In-Reply-To: <20130508172112.GF52079@anubis.morrow.me.uk> References: <5187F54F.6050701@brain-force.ch> <20130507002100.GA52079@anubis.morrow.me.uk> <518926BA.4060703@brain-force.ch> <20130508172112.GF52079@anubis.morrow.me.uk> Message-ID: <518AAD38.2080006@brain-force.ch> Am 08.05.2013 19:21, schrieb Ben Morrow: > At 6PM +0200 on 7/05/13 you (Tobi) wrote: >> I tried with removing the base_dir definition from my config, restartet >> dovecot and checked with the commands you provided below: >> << >> root at nordkap:~# doveconf -d base_dir >> base_dir = /usr/local/var/run/dovecot >> root at nordkap:~# doveconf base_dir >> base_dir = /usr/local/var/run/dovecot >> root at nordkap:~# su vmail -s /bin/sh -c "doveconf base_dir" >> base_dir = /usr/local/var/run/dovecot >> >> >> for me it seems that all is build with /usr/local > OK, that's odd. I was wondering if you had some permission problem which > was stopping the lda from reading the config file, but apparently not. Sorry my subject is a bit misleading ;-) As I updated today to wheezy anyway I built dovecot again with the following options: << ./configure --prefix=/usr/local --localstatedir=/usr/local/var --with-mysql --with-sql make && make install >> but as well with those after starting dovecot and postfix the errors of the lda looking in /var/run occured again. >> But after removing the symlink and restarting dovecot I get the errors again >> << >> May 7 17:47:57 nordkap dovecot: lda: Error: userdb lookup: >> connect(/var/run/dovecot/auth-userdb) failed: No such file or directory >> May 7 17:47:57 nordkap dovecot: lda: Fatal: Internal error occurred. >> Refer to server log for more information. >> >> > Are you sure you're running the right copy of dovecot-lda? I think you > mentioned xthread that you have a Debian-provided version installed as > well? Yes I had the version from apt as well, but removed it today after upgrading to wheezy. The lda is called from postfix by these lines in master.cf << dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} >> so according to the path prefix it should be the correct copy of deliver. Is there a switch to get the version from deliver? I tried the usual -v and --version but no success. But even without the version I'm 99.99873% sure that the correct binary is used :-) tobi From ben at morrow.me.uk Wed May 8 22:57:33 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Wed, 8 May 2013 20:57:33 +0100 Subject: [Dovecot] IMAP SSL proxy (questions) In-Reply-To: <518A779D.6060404@middleearth.sapphiresunday.org> References: <518A779D.6060404@middleearth.sapphiresunday.org> Message-ID: <20130508195733.GG52079@anubis.morrow.me.uk> At 10AM -0600 on 8/05/13 you (Trever L. Adams) wrote: > Hello everyone, > > I have seen: http://wiki.dovecot.org/HowTo/ImapProxy. It doesn't seem to > fit what I need. That page is for Dovecot 1.x, which is obsolete. You should be reading http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy . > Unfortunately, I cannot use TLS. I have to use SSL. Also, I would rather > not duplicate the certificates for the IMAP servers. Hence nginx doesn't > seem to be a good choice either. > > I am hoping that since SSL has "Client Hello" which specifies the site > requested the the following could be done: > > Client - > Proxy [SYN] > Proxy -> Client [SYN, ACK] > Client -> Proxy [ACK] > Client -> Proxy [SSL With "Client Hello", having server_name in > Extension: server_name and sub-fields] Do you have any evidence that common IMAP clients support sending SNI? I've just checked, and mutt (for example) appears not to. > Proxy sees intended host > Proxy <-> Intended Server [SYN/SYN+ACK/ACK sequence] > Proxy -> Intended Server [Replay SSL/Client Hello] > Client <-> Proxy <-> Intended Server (Proxy is non decrypting > Man-in-the-Middle, just acting as a pseudo-invisible relay) > > I know that something somewhat like this works because this is how > Apache can do virtual hosts with SSL. Of course, it acts as the end > point intended server, not a proxy. I believe it is also somewhat how > Squid does SSL proxying, although I could be entirely wrong. More importantly, it only works with clients (browsers) which are new enough to send SNI. If you use, for instance, any version of IE on Windows XP, it will not work. > Is this possible? Can this be implemented in dovecot? I don't believe so. > If not, does anyone know of such a project. Proxy needs to not have > any exploitable holes and really only needs to understand enough SSL > to get the server_name, pass through the connection, replaying Client > Hello, and then knowing when to shut the connection. > > Just as a breif example, the use I have for this now is that I have > several imap servers which all have IPv6 addresses, but have to share an > IPv4 address. for SMTP side of things, this works well for all incoming > email. (As an aside, does anyone know of a similar setup for SSL traffic > on port 465 SSL for SMTP?) Similarly, I doubt this is possible for SMTP either, since the clients probably won't send SNI. Ben From noel.butler at ausics.net Thu May 9 02:10:40 2013 From: noel.butler at ausics.net (Noel Butler) Date: Thu, 09 May 2013 09:10:40 +1000 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <3AE5E4EF-8B4E-4FA9-9860-B33D9E575A99@swing.be> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5183EC0D.7000803@sys4.de> <518412B9.4010605@dementianati.com> <1367635083.3904.23.camel@tardis> <5184FF25.1080504@dementianati.com> <1367798344.3919.15.camel@tardis> <774F6569-6C11-4FBB-8D02-5D7CB51E3581@swing.be> <1367879050.7608.10.camel@tardis> <3AE5E4EF-8B4E-4FA9-9860-B33D9E575A99@swing.be> Message-ID: <1368054640.3972.47.camel@tardis> On Tue, 2013-05-07 at 09:25 +0200, Axel Luttgens wrote: > Reading RFCs is kind of an art. > That we certainly agree on :) > Let's have a look at RFC 2119: > > Authors who follow these guidelines should incorporate this phrase > near the beginning of their document: > > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL > NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and > "OPTIONAL" in this document are to be interpreted as described in > RFC 2119. > > So, if you want to build your reasoning on those keywords for establishing compliancy or lack thereof, you should restrict yourself to RFCs posterior to RFC 2119 *and* coming with above phrase. > But that leaves earlier RFC's open, once again, to individual interpretation, since there is no specific type of "direction". I'm sure there are plenty of later RFC's that do not include "directions" because they are meant to be a guide. Remember, the POP3 RFC does include a "direction" elsewhere in it (as I previously mentioned), the fact it does not include a "direction" in relation to deletion or marked deleted messages, is open IMHO to be interpreted as being "your choice". > But then, ?6 indicates that those keywords are to be used sparingly, not as a general mean to convey > compliancy. > Perhaps because it should be up to individual implementers to decide how their software/systems are setup, unless something may be rather detrimental - I fail to see Timo's proposal as detrimental since it is not configured as default. Ultimately the choice is ours, it is like everything server/network-ish, if we do not want a feature, we do not build it in, or enable the config (file) option to use that feature (kind of why I was disappointed that Timo removed the ability to disable many auth functions like we could do in 1.x series). It's also like everything else with responsibility to running services, in each of our own countries, laws differ, we need to be aware of those laws (and of any country you host content in) with regards to what can or can not be done, either outright, or with provision (eg: clear statement of data retention in your T&C's or privacy policy etc). Cheers Noel -------------- next part -------------- A non-text attachment was scrubbed... Name: face-smile.png Type: image/png Size: 873 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From noel.butler at ausics.net Thu May 9 02:17:40 2013 From: noel.butler at ausics.net (Noel Butler) Date: Thu, 09 May 2013 09:17:40 +1000 Subject: [Dovecot] IMAP SSL proxy (questions) In-Reply-To: <20130508195733.GG52079@anubis.morrow.me.uk> References: <518A779D.6060404@middleearth.sapphiresunday.org> <20130508195733.GG52079@anubis.morrow.me.uk> Message-ID: <1368055060.3972.51.camel@tardis> On Wed, 2013-05-08 at 20:57 +0100, Ben Morrow wrote: > > More importantly, it only works with clients (browsers) which are new > enough to send SNI. If you use, for instance, any version of IE on > Windows XP, it will not work. > Even old linux clients since 2006 (oldest copies of galeon and epiphany I have access to) have been SNI capable (even lynx) - M$ don't care and will not fix it, preferring you pay them hundreds of dollars and buy win7/8 instead. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From ben at morrow.me.uk Thu May 9 03:30:11 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Thu, 9 May 2013 01:30:11 +0100 Subject: [Dovecot] Permission problem with LDA and dovecot 2.2.1 In-Reply-To: <518AAD38.2080006@brain-force.ch> References: <5187F54F.6050701@brain-force.ch> <20130507002100.GA52079@anubis.morrow.me.uk> <518926BA.4060703@brain-force.ch> <20130508172112.GF52079@anubis.morrow.me.uk> <518AAD38.2080006@brain-force.ch> Message-ID: <20130509003010.GH52079@anubis.morrow.me.uk> At 9PM +0200 on 8/05/13 you (Tobi) wrote: > Am 08.05.2013 19:21, schrieb Ben Morrow: > > At 6PM +0200 on 7/05/13 you (Tobi) wrote: > >> I tried with removing the base_dir definition from my config, restartet > >> dovecot and checked with the commands you provided below: > >> << > >> root at nordkap:~# doveconf -d base_dir > >> base_dir = /usr/local/var/run/dovecot > >> root at nordkap:~# doveconf base_dir > >> base_dir = /usr/local/var/run/dovecot > >> root at nordkap:~# su vmail -s /bin/sh -c "doveconf base_dir" > >> base_dir = /usr/local/var/run/dovecot > >> >> > >> for me it seems that all is build with /usr/local > > OK, that's odd. I was wondering if you had some permission problem which > > was stopping the lda from reading the config file, but apparently not. > Sorry my subject is a bit misleading ;-) I wasn't confused by the subject: IIRC if LDA can't read a config file, it will simply ignore it (on the grounds that it is often running as an ordinary user and so might not be supposed to), meaning that if the permissions on the config file were too restrictive the LDA running as vmail might not have seen the base_dir setting. Apparently that's not the case... > As I updated today to wheezy anyway I built dovecot again with the > following options: > << > ./configure --prefix=/usr/local --localstatedir=/usr/local/var > --with-mysql --with-sql > make && make install > >> > but as well with those after starting dovecot and postfix the errors of > the lda looking in /var/run occured again. OK... interesting choice, now you understand why /usr/local/var is not usually used, but anyway... > >> But after removing the symlink and restarting dovecot I get the errors again > >> << > >> May 7 17:47:57 nordkap dovecot: lda: Error: userdb lookup: > >> connect(/var/run/dovecot/auth-userdb) failed: No such file or directory > >> May 7 17:47:57 nordkap dovecot: lda: Fatal: Internal error occurred. > >> Refer to server log for more information. > >> >> > > Are you sure you're running the right copy of dovecot-lda? I think you > > mentioned xthread that you have a Debian-provided version installed as > > well? > Yes I had the version from apt as well, but removed it today after > upgrading to wheezy. The lda is called from postfix by these lines in > master.cf > << > dovecot unix - n n - - pipe > flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f > ${sender} -d ${user}@${nexthop} > >> > so according to the path prefix it should be the correct copy of > deliver. Is there a switch to get the version from deliver? I tried the > usual -v and --version but no success. But even without the version I'm > 99.99873% sure that the correct binary is used :-) OK. So the next step is to try running deliver by hand, as vmail, feeding it a mail from stdin, to see if that fails the same way. If it does then I would next run it under strace, to see exactly what it's trying to do and what files it's looking at. You could also run ldd on deliver, just to make sure it's picking up the right versions of the dovecot libraries. The hardcoded base_dir path appears to be baked into libdovecot.so.0, so if you run strings /path/to/libdovecot.so.0 | grep /var with the appropriate full path to the library ldd says deliver is using, you can see which path got baked in. Ben Ben From jill.earles at ubc.ca Thu May 9 03:52:48 2013 From: jill.earles at ubc.ca (Earles, Jill) Date: Thu, 9 May 2013 00:52:48 +0000 Subject: [Dovecot] AuthenticationFailedException: [IN-USE] Couldn't open INBOX: Permission denied Message-ID: <6D22C585-115A-44A7-9781-82C06125D446@mail.ubc.ca> I've been pouring over the documentation for dovecot, but can't find a solution to this problem. I recently took over administration of the dovecot email service at the University where I work, and things were going smoothly. We've been creating email accounts for use with JIRA, a bug reporting/tracking system, and one day recently, when I tried to add a new account to JIRA, I got this error returned from dovecot: "AuthenticationFailedException: [IN-USE] Couldn't open INBOX: Permission denied" I got help from Atlassian, the creators of JIRA, and they sent me links to some forum posts that said that changing the permissions of that user's /var/mail/ directory to 0600 would solve the problem. I changed that and no longer got the error. Being satisfied that this was a solution, I created a bunch of new email accounts today to replace exchange accounts, and then changed the permissions on all the /var/mail/ directories to 0600. Now I'm getting that error again, even for pre-existing email addresses, including the one that I had previously fixed by changing the permissions the same way. I tried changing some of the older accounts back to 0660, which is what they had before, and I still get the error even after restarting dovecot. JIRA uses POP, port 110, to connect to the dovecot mail server. I've also had the same problem trying to connect from Mac Mail. Our JIRA application is used for tracking issues for the UBC Libraries, and those email addresses are critical for the creation of tickets and adding comments to tickets. I am at a loss for what to do. Can anyone help? Thank you very much for your time. # dovecot -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-131.0.15.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.4 (Santiago) auth_debug = yes auth_debug_passwords = yes disable_plaintext_auth = no mail_access_groups = mail mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u mail_privileged_group = mail mbox_write_locks = fcntl passdb { driver = pam } ssl_cert = , method=PLAIN, rip={ip removed}, lip={ip removed}, mpid=28302 May 8 17:46:49 moose dovecot: pop3(lib.sysadmin): Error: stat(/var/spool/mail/lib.sysadmin) failed: Permission denied May 8 17:46:49 moose dovecot: pop3(lib.sysadmin): Error: stat(/var/spool/mail/lib.sysadmin) failed: Permission denied May 8 17:46:49 moose dovecot: pop3(lib.sysadmin): Error: Couldn't open INBOX: Permission denied May 8 17:46:49 moose dovecot: pop3(lib.sysadmin): Couldn't open INBOX top=0/0, retr=0/0, del=0/0, size=0 May 8 17:46:50 moose dovecot: auth: Debug: auth client connected (pid=28303) May 8 17:46:50 moose dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=pop3#011lip={ip removed}#011rip={ip removed}#011lport=110#011rport=64420#011resp=AGJ2YXV3LnJlbGFpcwByM2xAaXMuYnZAdXc= From ben at morrow.me.uk Thu May 9 04:47:00 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Thu, 9 May 2013 02:47:00 +0100 Subject: [Dovecot] AuthenticationFailedException: [IN-USE] Couldn't open INBOX: Permission denied In-Reply-To: <6D22C585-115A-44A7-9781-82C06125D446@mail.ubc.ca> References: <6D22C585-115A-44A7-9781-82C06125D446@mail.ubc.ca> Message-ID: <20130509014700.GI52079@anubis.morrow.me.uk> At 12AM +0000 on 9/05/13 you (Earles, Jill) wrote: > I've been pouring over the documentation for dovecot, but can't find a > solution to this problem. I recently took over administration of the > dovecot email service at the University where I work, and things were > going smoothly. We've been creating email accounts for use with JIRA, > a bug reporting/tracking system, and one day recently, when I tried to > add a new account to JIRA, I got this error returned from dovecot: > > "AuthenticationFailedException: [IN-USE] Couldn't open INBOX: > Permission denied" This is not a dovecot message: presumably it's from JIRA? > I got help from Atlassian, the creators of JIRA, and they sent me > links to some forum posts that said that changing the permissions of > that user's /var/mail/ directory to 0600 would solve the problem. I > changed that and no longer got the error. You say '/var/mail directory' but your dovecot.conf suggests you mean a file in /var/spool/mail. You need to be clear about which you mean. Dovecot changes down to the user's uid to access the mail folders, so assuming the owners are correct either 0600 or 0660 should be fine. (Which you choose depends on how paranoid you are about users reading each others' mail, and what the group ownership is.) > Being satisfied that this was a solution, I created a bunch of new > email accounts today to replace exchange accounts, and then changed > the permissions on all the /var/mail/ directories to 0600. Now I'm > getting that error again, even for pre-existing email addresses, > including the one that I had previously fixed by changing the > permissions the same way. I tried changing some of the older accounts > back to 0660, which is what they had before, and I still get the error > even after restarting dovecot. [...] > # dovecot -n > # 2.0.9: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-131.0.15.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.4 (Santiago) > auth_debug = yes > auth_debug_passwords = yes Careful with this. You end up with passwords in the logs. [...] > Here's an except of the maillog from a recent attempt: [...] > > May 8 17:46:49 moose dovecot: pop3(lib.sysadmin): Error: > stat(/var/spool/mail/lib.sysadmin) failed: Permission denied This is interesting: normally stat only fails if the permissions on the directory (that is, /var/spool/mail itself) are wrong. Check you haven't changed them by mistake. > May 8 17:46:50 moose dovecot: auth: Debug: client in: > AUTH#0111#011PLAIN#011service=pop3#011lip={ip removed}#011rip={ip > removed}#011lport=110#011rport=64420#011resp=XXXXXXXXXXXXXXXXXXXX See? You've just posted the password for 'bvauw.relais'. Change it, now. Ben From jill.earles at ubc.ca Thu May 9 05:19:12 2013 From: jill.earles at ubc.ca (Earles, Jill) Date: Thu, 9 May 2013 02:19:12 +0000 Subject: [Dovecot] AuthenticationFailedException: [IN-USE] Couldn't open INBOX: Permission denied In-Reply-To: <20130509014700.GI52079@anubis.morrow.me.uk> References: <6D22C585-115A-44A7-9781-82C06125D446@mail.ubc.ca> <20130509014700.GI52079@anubis.morrow.me.uk> Message-ID: Thank you very much for your quick response. Problem solved (see below for details). On 2013-05-08, at 6:47 PM, Ben Morrow wrote: > At 12AM +0000 on 9/05/13 you (Earles, Jill) wrote: >> I've been pouring over the documentation for dovecot, but can't find a >> solution to this problem. I recently took over administration of the >> dovecot email service at the University where I work, and things were >> going smoothly. We've been creating email accounts for use with JIRA, >> a bug reporting/tracking system, and one day recently, when I tried to >> add a new account to JIRA, I got this error returned from dovecot: >> >> "AuthenticationFailedException: [IN-USE] Couldn't open INBOX: >> Permission denied" > > This is not a dovecot message: presumably it's from JIRA? You're right, that is how JIRA translated the message it got from dovecot. The message I found in the dovecot log was very similar. > >> I got help from Atlassian, the creators of JIRA, and they sent me >> links to some forum posts that said that changing the permissions of >> that user's /var/mail/ directory to 0600 would solve the problem. I >> changed that and no longer got the error. > > You say '/var/mail directory' but your dovecot.conf suggests you mean a > file in /var/spool/mail. You need to be clear about which you mean. Sorry about that. There is a symlink between the two. Yes, I changed it on /var/spool/mail. > > Dovecot changes down to the user's uid to access the mail folders, so > assuming the owners are correct either 0600 or 0660 should be fine. > (Which you choose depends on how paranoid you are about users reading > each others' mail, and what the group ownership is. > >> Being satisfied that this was a solution, I created a bunch of new >> email accounts today to replace exchange accounts, and then changed >> the permissions on all the /var/mail/ directories to 0600. Now I'm >> getting that error again, even for pre-existing email addresses, >> including the one that I had previously fixed by changing the >> permissions the same way. I tried changing some of the older accounts >> back to 0660, which is what they had before, and I still get the error >> even after restarting dovecot. > [...] >> # dovecot -n >> # 2.0.9: /etc/dovecot/dovecot.conf >> # OS: Linux 2.6.32-131.0.15.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.4 (Santiago) >> auth_debug = yes >> auth_debug_passwords = yes > > Careful with this. You end up with passwords in the logs. I'll get rid of this - was just grasping at straws trying to find a solution. > > [...] >> Here's an except of the maillog from a recent attempt: > [...] >> >> May 8 17:46:49 moose dovecot: pop3(lib.sysadmin): Error: >> stat(/var/spool/mail/lib.sysadmin) failed: Permission denied > > This is interesting: normally stat only fails if the permissions on the > directory (that is, /var/spool/mail itself) are wrong. Check you haven't > changed them by mistake. Yes, that was it. Thank you! Do you know what the permissions should be on that directory? I used 0770 for now, but could change it if that's not ideal. So glad it was a simple thing after all. And, as stupid as I feel for doing this, it's a much better feeling than having taken down the mail server and not knowing how to fix it. > >> May 8 17:46:50 moose dovecot: auth: Debug: client in: >> AUTH#0111#011PLAIN#011service=pop3#011lip={ip removed}#011rip={ip >> removed}#011lport=110#011rport=64420#011resp=XXXXXXXXXXXXXXXXXXXX > > See? You've just posted the password for 'bvauw.relais'. Change it, now. Damn, and there I was thinking I'd been careful about removing the sensitive stuff. It's been changed. > > Ben > Thank you again. Have a great day. Jill From ben at morrow.me.uk Thu May 9 06:30:16 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Thu, 9 May 2013 04:30:16 +0100 Subject: [Dovecot] AuthenticationFailedException: [IN-USE] Couldn't open INBOX: Permission denied In-Reply-To: References: <6D22C585-115A-44A7-9781-82C06125D446@mail.ubc.ca> <20130509014700.GI52079@anubis.morrow.me.uk> Message-ID: <20130509033015.GJ52079@anubis.morrow.me.uk> At 2AM +0000 on 9/05/13 you (Earles, Jill) wrote: > >> > >> May 8 17:46:49 moose dovecot: pop3(lib.sysadmin): Error: > >> stat(/var/spool/mail/lib.sysadmin) failed: Permission denied > > > > This is interesting: normally stat only fails if the permissions on the > > directory (that is, /var/spool/mail itself) are wrong. Check you haven't > > changed them by mistake. > > Yes, that was it. Thank you! Do you know what the permissions should > be on that directory? I used 0770 for now, but could change it if > that's not ideal. Well, there are basically three possibilities. If Dovecot is not using dotlocks (see http://wiki2.dovecot.org/MailboxFormat/mbox), and nothing else is either, you can probably get away with 0755, provided you precreate mailbox files for all users with the correct ownership. (On some systems the 'adduser' command or local equivalent will do this for you, or can be instructed to.) If all mail-reading and -writing programs will run with group 'mail', you can reduce that to 0750 root:mail; I noticed before you were using mail_privileged_group, so the Dovecot mail processes will run with group mail; you would need to check your MTA's configuration to see what rights your MDA runs with, and also check if there are any other processes accessing the mailboxes directly. If you are using dotlocks, then anything accessing the mbox files needs to be able to create .lock files, which means it needs write access to the directory. If all the relevant programs run with the 'mail' group, either by being setgid mail or by being given that group some other way, then 1770 root:mail is the safest option. This at least limits the potential damage to processes running with the 'mail' group, but it's worth having the sticky bit to ensure users can't delete each others' mail: see below. If you can't arrange for this, you have to use 1777, that is, world- writable and sticky. The sticky bit (bit 1000) provides some minimal protection against the insanity of making the directory world-writable, by forbidding a process from deleting a file it didn't create. This at least stops a rogue process from deleting some else's mail, but it doesn't stop them from creating a mailbox for someone that doesn't have one, nor does it stop them from (dot-)locking a mailbox which isn't locked, and leaving it locked indefinitely. All of this is dreadfully insecure, especially if you're using dotlocks, and the contortions Dovecot has to go through to delete a message from a mailbox without needing write access to the directory are just grotesque. In general, it's worth avoiding mbox if you can. [Note: I currently have my 'Unix security' hat on. It's not actually *that* insecure, on the scale of 'silly insecure things people routinely do without realising they're insecure'... :)] Ben From jill.earles at ubc.ca Thu May 9 07:11:26 2013 From: jill.earles at ubc.ca (Earles, Jill) Date: Thu, 9 May 2013 04:11:26 +0000 Subject: [Dovecot] AuthenticationFailedException: [IN-USE] Couldn't open INBOX: Permission denied In-Reply-To: <20130509033015.GJ52079@anubis.morrow.me.uk> References: <6D22C585-115A-44A7-9781-82C06125D446@mail.ubc.ca> <20130509014700.GI52079@anubis.morrow.me.uk> <20130509033015.GJ52079@anubis.morrow.me.uk> Message-ID: Wow, that is a lot of detail. Thank you very much. I appreciate the Unix security perspective - that's something I'm trying to learn more about and be more in tune with as a new systems administrator. We are not using dotlocks, and the adduser command does create all the mailbox files with the correct ownership automatically. I don't know what MTA or MDA are. Based on what you've said, I think I'll try changing it to 0750 and see how things go. Best to start with the least privileges and go from there. On 2013-05-08, at 8:30 PM, Ben Morrow wrote: > At 2AM +0000 on 9/05/13 you (Earles, Jill) wrote: >>>> >>>> May 8 17:46:49 moose dovecot: pop3(lib.sysadmin): Error: >>>> stat(/var/spool/mail/lib.sysadmin) failed: Permission denied >>> >>> This is interesting: normally stat only fails if the permissions on the >>> directory (that is, /var/spool/mail itself) are wrong. Check you haven't >>> changed them by mistake. >> >> Yes, that was it. Thank you! Do you know what the permissions should >> be on that directory? I used 0770 for now, but could change it if >> that's not ideal. > > Well, there are basically three possibilities. If Dovecot is not using > dotlocks (see http://wiki2.dovecot.org/MailboxFormat/mbox), and nothing > else is either, you can probably get away with 0755, provided you > precreate mailbox files for all users with the correct ownership. (On > some systems the 'adduser' command or local equivalent will do this for > you, or can be instructed to.) If all mail-reading and -writing programs > will run with group 'mail', you can reduce that to 0750 root:mail; I > noticed before you were using mail_privileged_group, so the Dovecot > mail processes will run with group mail; you would need to check your > MTA's configuration to see what rights your MDA runs with, and also > check if there are any other processes accessing the mailboxes directly. > > If you are using dotlocks, then anything accessing the mbox files needs > to be able to create .lock files, which means it needs write access to > the directory. If all the relevant programs run with the 'mail' group, > either by being setgid mail or by being given that group some other way, > then 1770 root:mail is the safest option. This at least limits the > potential damage to processes running with the 'mail' group, but it's > worth having the sticky bit to ensure users can't delete each others' > mail: see below. > > If you can't arrange for this, you have to use 1777, that is, world- > writable and sticky. The sticky bit (bit 1000) provides some minimal > protection against the insanity of making the directory world-writable, > by forbidding a process from deleting a file it didn't create. This at > least stops a rogue process from deleting some else's mail, but it > doesn't stop them from creating a mailbox for someone that doesn't have > one, nor does it stop them from (dot-)locking a mailbox which isn't > locked, and leaving it locked indefinitely. > > All of this is dreadfully insecure, especially if you're using dotlocks, > and the contortions Dovecot has to go through to delete a message from a > mailbox without needing write access to the directory are just > grotesque. In general, it's worth avoiding mbox if you can. > > [Note: I currently have my 'Unix security' hat on. It's not actually > *that* insecure, on the scale of 'silly insecure things people routinely > do without realising they're insecure'... :)] > > Ben > From jill.earles at ubc.ca Thu May 9 07:25:52 2013 From: jill.earles at ubc.ca (Earles, Jill) Date: Thu, 9 May 2013 04:25:52 +0000 Subject: [Dovecot] AuthenticationFailedException: [IN-USE] Couldn't open INBOX: Permission denied In-Reply-To: References: <6D22C585-115A-44A7-9781-82C06125D446@mail.ubc.ca> <20130509014700.GI52079@anubis.morrow.me.uk> <20130509033015.GJ52079@anubis.morrow.me.uk> Message-ID: 0750 seems to work just fine. I would like to know about MTA and MDA if you're willing to give me a quick rundown. Thank you very much for all of your help. On 2013-05-08, at 9:11 PM, "Earles, Jill" wrote: > Wow, that is a lot of detail. Thank you very much. I appreciate the Unix security perspective - that's something I'm trying to learn more about and be more in tune with as a new systems administrator. > > We are not using dotlocks, and the adduser command does create all the mailbox files with the correct ownership automatically. > > I don't know what MTA or MDA are. > > Based on what you've said, I think I'll try changing it to 0750 and see how things go. Best to start with the least privileges and go from there. > > On 2013-05-08, at 8:30 PM, Ben Morrow > wrote: > >> At 2AM +0000 on 9/05/13 you (Earles, Jill) wrote: >>>>> >>>>> May 8 17:46:49 moose dovecot: pop3(lib.sysadmin): Error: >>>>> stat(/var/spool/mail/lib.sysadmin) failed: Permission denied >>>> >>>> This is interesting: normally stat only fails if the permissions on the >>>> directory (that is, /var/spool/mail itself) are wrong. Check you haven't >>>> changed them by mistake. >>> >>> Yes, that was it. Thank you! Do you know what the permissions should >>> be on that directory? I used 0770 for now, but could change it if >>> that's not ideal. >> >> Well, there are basically three possibilities. If Dovecot is not using >> dotlocks (see http://wiki2.dovecot.org/MailboxFormat/mbox), and nothing >> else is either, you can probably get away with 0755, provided you >> precreate mailbox files for all users with the correct ownership. (On >> some systems the 'adduser' command or local equivalent will do this for >> you, or can be instructed to.) If all mail-reading and -writing programs >> will run with group 'mail', you can reduce that to 0750 root:mail; I >> noticed before you were using mail_privileged_group, so the Dovecot >> mail processes will run with group mail; you would need to check your >> MTA's configuration to see what rights your MDA runs with, and also >> check if there are any other processes accessing the mailboxes directly. >> >> If you are using dotlocks, then anything accessing the mbox files needs >> to be able to create .lock files, which means it needs write access to >> the directory. If all the relevant programs run with the 'mail' group, >> either by being setgid mail or by being given that group some other way, >> then 1770 root:mail is the safest option. This at least limits the >> potential damage to processes running with the 'mail' group, but it's >> worth having the sticky bit to ensure users can't delete each others' >> mail: see below. >> >> If you can't arrange for this, you have to use 1777, that is, world- >> writable and sticky. The sticky bit (bit 1000) provides some minimal >> protection against the insanity of making the directory world-writable, >> by forbidding a process from deleting a file it didn't create. This at >> least stops a rogue process from deleting some else's mail, but it >> doesn't stop them from creating a mailbox for someone that doesn't have >> one, nor does it stop them from (dot-)locking a mailbox which isn't >> locked, and leaving it locked indefinitely. >> >> All of this is dreadfully insecure, especially if you're using dotlocks, >> and the contortions Dovecot has to go through to delete a message from a >> mailbox without needing write access to the directory are just >> grotesque. In general, it's worth avoiding mbox if you can. >> >> [Note: I currently have my 'Unix security' hat on. It's not actually >> *that* insecure, on the scale of 'silly insecure things people routinely >> do without realising they're insecure'... :)] >> >> Ben >> > From jill.earles at ubc.ca Thu May 9 07:35:57 2013 From: jill.earles at ubc.ca (Earles, Jill) Date: Thu, 9 May 2013 04:35:57 +0000 Subject: [Dovecot] AuthenticationFailedException: [IN-USE] Couldn't open INBOX: Permission denied In-Reply-To: References: <6D22C585-115A-44A7-9781-82C06125D446@mail.ubc.ca> <20130509014700.GI52079@anubis.morrow.me.uk> <20130509033015.GJ52079@anubis.morrow.me.uk> Message-ID: <18A28884-7EA4-4C9E-96F5-608CA130BBF4@mail.ubc.ca> I should have done more work myself before writing that last message. I quickly found that MTA is Mail Transfer Agent. In my case, this is Postfix. And MDA is Mail Delivery Agent, in my case, this is Dovecot LDA. More details to read at http://wiki.dovecot.org/LDA/Postfix. Thanks again, Ben, for writing all you have about this. I know a lot more about this system that I did before I made this mistake, which is great. Cheers On 2013-05-08, at 9:25 PM, "Earles, Jill" wrote: > 0750 seems to work just fine. > > I would like to know about MTA and MDA if you're willing to give me a quick rundown. > > Thank you very much for all of your help. > > On 2013-05-08, at 9:11 PM, "Earles, Jill" wrote: > >> Wow, that is a lot of detail. Thank you very much. I appreciate the Unix security perspective - that's something I'm trying to learn more about and be more in tune with as a new systems administrator. >> >> We are not using dotlocks, and the adduser command does create all the mailbox files with the correct ownership automatically. >> >> I don't know what MTA or MDA are. >> >> Based on what you've said, I think I'll try changing it to 0750 and see how things go. Best to start with the least privileges and go from there. >> >> On 2013-05-08, at 8:30 PM, Ben Morrow >> wrote: >> >>> At 2AM +0000 on 9/05/13 you (Earles, Jill) wrote: >>>>>> >>>>>> May 8 17:46:49 moose dovecot: pop3(lib.sysadmin): Error: >>>>>> stat(/var/spool/mail/lib.sysadmin) failed: Permission denied >>>>> >>>>> This is interesting: normally stat only fails if the permissions on the >>>>> directory (that is, /var/spool/mail itself) are wrong. Check you haven't >>>>> changed them by mistake. >>>> >>>> Yes, that was it. Thank you! Do you know what the permissions should >>>> be on that directory? I used 0770 for now, but could change it if >>>> that's not ideal. >>> >>> Well, there are basically three possibilities. If Dovecot is not using >>> dotlocks (see http://wiki2.dovecot.org/MailboxFormat/mbox), and nothing >>> else is either, you can probably get away with 0755, provided you >>> precreate mailbox files for all users with the correct ownership. (On >>> some systems the 'adduser' command or local equivalent will do this for >>> you, or can be instructed to.) If all mail-reading and -writing programs >>> will run with group 'mail', you can reduce that to 0750 root:mail; I >>> noticed before you were using mail_privileged_group, so the Dovecot >>> mail processes will run with group mail; you would need to check your >>> MTA's configuration to see what rights your MDA runs with, and also >>> check if there are any other processes accessing the mailboxes directly. >>> >>> If you are using dotlocks, then anything accessing the mbox files needs >>> to be able to create .lock files, which means it needs write access to >>> the directory. If all the relevant programs run with the 'mail' group, >>> either by being setgid mail or by being given that group some other way, >>> then 1770 root:mail is the safest option. This at least limits the >>> potential damage to processes running with the 'mail' group, but it's >>> worth having the sticky bit to ensure users can't delete each others' >>> mail: see below. >>> >>> If you can't arrange for this, you have to use 1777, that is, world- >>> writable and sticky. The sticky bit (bit 1000) provides some minimal >>> protection against the insanity of making the directory world-writable, >>> by forbidding a process from deleting a file it didn't create. This at >>> least stops a rogue process from deleting some else's mail, but it >>> doesn't stop them from creating a mailbox for someone that doesn't have >>> one, nor does it stop them from (dot-)locking a mailbox which isn't >>> locked, and leaving it locked indefinitely. >>> >>> All of this is dreadfully insecure, especially if you're using dotlocks, >>> and the contortions Dovecot has to go through to delete a message from a >>> mailbox without needing write access to the directory are just >>> grotesque. In general, it's worth avoiding mbox if you can. >>> >>> [Note: I currently have my 'Unix security' hat on. It's not actually >>> *that* insecure, on the scale of 'silly insecure things people routinely >>> do without realising they're insecure'... :)] >>> >>> Ben >>> >> > From ben at morrow.me.uk Thu May 9 07:40:22 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Thu, 9 May 2013 05:40:22 +0100 Subject: [Dovecot] AuthenticationFailedException: [IN-USE] Couldn't open INBOX: Permission denied In-Reply-To: References: <6D22C585-115A-44A7-9781-82C06125D446@mail.ubc.ca> <20130509014700.GI52079@anubis.morrow.me.uk> <20130509033015.GJ52079@anubis.morrow.me.uk> Message-ID: <20130509044022.GK52079@anubis.morrow.me.uk> At 4AM +0000 on 9/05/13 you (Earles, Jill) wrote: > Wow, that is a lot of detail. Thank you very much. I appreciate the > Unix security perspective - that's something I'm trying to learn more > about and be more in tune with as a new systems administrator. > > We are not using dotlocks, and the adduser command does create all the > mailbox files with the correct ownership automatically. > > I don't know what MTA or MDA are. These are standard mail jargon, so you'll probably come across them again. MTA is Mail Transfer Agent, that is, the program which receives incoming mail (usually by SMTP) and decides what to do with it. Traditionally on Unix this was Sendmail; nowadays it might be Postfix or Exim or something instead. MDA is Mail Delivery Agent, and it's the program the MTA hands a mail to when it decides to deliver it to a local user. (You may also see LDA, Local Delivery Agent, used for the same thing.) Traditionally this was often mail(1) or something equally unsuitable; nowadays it might be procmail or maildrop or something else. Dovecot provides an MDA called 'deliver' or 'dovecot-lda' (they're the same program) which it's often worth using if you haven't got a good reason not to. Other terms are: MUA, Mail User Agent, which is a program users use to read mail; and MSA, Mail Submission Agent, which is the program users use to submit new mail for delivery; traditionally this was sendmail(8), but now it's more usual to have a special-purpose SMTP server, often running on port 587. (Users should not submit mail directly to MX SMTP servers, because generally mail needs to be cleaned up before being sent off-site.) >From the point-of-view of the mail system, a POP/IMAP server like Dovecot is considered part of the MUA, the other part being the user's actual client; this arrangement, and the corresponding actual- client/submission-server split for outgoing mail, is often called 'split-client'. Ben From jill.earles at ubc.ca Thu May 9 08:15:45 2013 From: jill.earles at ubc.ca (Earles, Jill) Date: Thu, 9 May 2013 05:15:45 +0000 Subject: [Dovecot] AuthenticationFailedException: [IN-USE] Couldn't open INBOX: Permission denied In-Reply-To: <20130509044022.GK52079@anubis.morrow.me.uk> References: <6D22C585-115A-44A7-9781-82C06125D446@mail.ubc.ca> <20130509014700.GI52079@anubis.morrow.me.uk> <20130509033015.GJ52079@anubis.morrow.me.uk> <20130509044022.GK52079@anubis.morrow.me.uk> Message-ID: <88FE35C7-F0B9-42EA-AAB4-F65A9269FEE2@mail.ubc.ca> Thank you very much for the additional context. On 2013-05-08, at 9:40 PM, Ben Morrow wrote: > At 4AM +0000 on 9/05/13 you (Earles, Jill) wrote: >> Wow, that is a lot of detail. Thank you very much. I appreciate the >> Unix security perspective - that's something I'm trying to learn more >> about and be more in tune with as a new systems administrator. >> >> We are not using dotlocks, and the adduser command does create all the >> mailbox files with the correct ownership automatically. >> >> I don't know what MTA or MDA are. > > These are standard mail jargon, so you'll probably come across them > again. MTA is Mail Transfer Agent, that is, the program which receives > incoming mail (usually by SMTP) and decides what to do with it. > Traditionally on Unix this was Sendmail; nowadays it might be Postfix or > Exim or something instead. > > MDA is Mail Delivery Agent, and it's the program the MTA hands a mail to > when it decides to deliver it to a local user. (You may also see LDA, > Local Delivery Agent, used for the same thing.) Traditionally this was > often mail(1) or something equally unsuitable; nowadays it might be > procmail or maildrop or something else. Dovecot provides an MDA called > 'deliver' or 'dovecot-lda' (they're the same program) which it's often > worth using if you haven't got a good reason not to. > > Other terms are: MUA, Mail User Agent, which is a program users use to > read mail; and MSA, Mail Submission Agent, which is the program users > use to submit new mail for delivery; traditionally this was sendmail(8), > but now it's more usual to have a special-purpose SMTP server, often > running on port 587. (Users should not submit mail directly to MX SMTP > servers, because generally mail needs to be cleaned up before being sent > off-site.) > > From the point-of-view of the mail system, a POP/IMAP server like > Dovecot is considered part of the MUA, the other part being the user's > actual client; this arrangement, and the corresponding actual- > client/submission-server split for outgoing mail, is often called > 'split-client'. > > Ben > From rs at sys4.de Thu May 9 09:54:18 2013 From: rs at sys4.de (Robert Schetterer) Date: Thu, 09 May 2013 08:54:18 +0200 Subject: [Dovecot] dovecot stats In-Reply-To: References: <28C0B64D-85F1-4A58-A5DF-1FE65D289BED@iki.fi> <518A0F06.9070001@sys4.de> Message-ID: <518B481A.4050209@sys4.de> Am 08.05.2013 11:25, schrieb Jan-Frode Myklebust: > Thanks, nice graphs. I've attached a graph over LMTP delays per minute as > seen from the postfix side on one of our servers. This includes delays > caused by both delivery to dovecot LMTP, and also LMTP communication > internally on the mailservers between postfix and amavis. Unfortunately it > says nothing about the delivery time to each individual dovecot backend, > since these are hiding behind dovecot director, and therefor we have no way > of knowing which of our backends are slow (if any). > > > > -jf > > > >> > i am not sure, i ll have to read more doku perhaps it makes sense to use delay stuff in log for analyse i.e after all i am not using directors, i have "real" loadbalancers private/dovecot-lmtp], delay=1.4, delays=1.2/0/0/0.17, dsn=2.0.0, status=sent Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From sb at dod.no Thu May 9 12:12:37 2013 From: sb at dod.no (Steinar Bang) Date: Thu, 09 May 2013 11:12:37 +0200 Subject: [Dovecot] SSL problems on dovecot 2.1.7 Message-ID: <87y5boecu2.fsf@dod.no> When I upgraded my debian-based imap server from squeeze to wheezy yesterday, SSL stopped working. I am using a http://cacert.org signed server sertificate, and I am reusing the certificates that were used on the 1.x dovecot of debian squeeze. My three MUAs that worked against the previous 1.x dovecot with the same certificate, now fails in various ways. Any hints and guesses as to how to debug this further will be highly appreciated. Even more appreciated will be a pin point of the issue. :-) Here are the error messages from the MUAs: - Opera 12.15 on Windows 7 just reports: "The connection with the IMAP server was unexpectedly interrupted." - Emacs24(w/linked-in gnutls)/Ma Gnus 0.8 (Gnus git HEAD) on Windows 7 says "imap.mydomain.com certificate could not be verified." - Emacs23/Ma Gnus 0.8 (also Gnus git HEAD) on debian testing (with Emacs23 gnutls-cli is run in a subprocess), says: "Opening connection to imap.mydomain.com via tls... Opening TLS connection to `imap.mydomain.com'... Opening TLS connection with `gnutls-cli --insecure -p 993 imap.mydomain.com'...done Opening TLS connection to `imap.mydomain.com'...done Unable to open server nnimap+privat due to: Process *nnimap* not running" When I try running gnutls-cli from the command line of the debian testing machine (the same gnutls-cli that is used by the emacs23/gnus combo), it seems to connect ok (the transcript of that session is below). The config for the SSL, from /etc/dovecot/conf.d/10-ssl.conf, is: # SSL/TLS support: yes, no, required. ssl = yes # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf ssl_cert = References: <5187F54F.6050701@brain-force.ch> <20130507002100.GA52079@anubis.morrow.me.uk> <518926BA.4060703@brain-force.ch> <20130508172112.GF52079@anubis.morrow.me.uk> <518AAD38.2080006@brain-force.ch> <20130509003010.GH52079@anubis.morrow.me.uk> Message-ID: <518B8533.9070203@brain-force.ch> Am 09.05.2013 02:30, schrieb Ben Morrow: > At 9PM +0200 on 8/05/13 you (Tobi) wrote: >> Am 08.05.2013 19:21, schrieb Ben Morrow: >>> At 6PM +0200 on 7/05/13 you (Tobi) wrote: >>>> I tried with removing the base_dir definition from my config, restartet >>>> dovecot and checked with the commands you provided below: >>>> << >>>> root at nordkap:~# doveconf -d base_dir >>>> base_dir = /usr/local/var/run/dovecot >>>> root at nordkap:~# doveconf base_dir >>>> base_dir = /usr/local/var/run/dovecot >>>> root at nordkap:~# su vmail -s /bin/sh -c "doveconf base_dir" >>>> base_dir = /usr/local/var/run/dovecot >>>> >> >>>> for me it seems that all is build with /usr/local >>> OK, that's odd. I was wondering if you had some permission problem which >>> was stopping the lda from reading the config file, but apparently not. >> Sorry my subject is a bit misleading ;-) > I wasn't confused by the subject: IIRC if LDA can't read a config file, > it will simply ignore it (on the grounds that it is often running as an > ordinary user and so might not be supposed to), meaning that if the > permissions on the config file were too restrictive the LDA running as > vmail might not have seen the base_dir setting. Apparently that's not > the case... > >> As I updated today to wheezy anyway I built dovecot again with the >> following options: >> << >> ./configure --prefix=/usr/local --localstatedir=/usr/local/var >> --with-mysql --with-sql >> make && make install >> >> >> but as well with those after starting dovecot and postfix the errors of >> the lda looking in /var/run occured again. > OK... interesting choice, now you understand why /usr/local/var is not > usually used, but anyway... > this localstatedir option was just a "test" to see if lda looks in the localstatedir specified with configure. At least in my case it is not. After that test I built again with localstatedir=/var (as suggested by Christian) and like that it works fine without the symlink >>>> But after removing the symlink and restarting dovecot I get the errors again >>>> << >>>> May 7 17:47:57 nordkap dovecot: lda: Error: userdb lookup: >>>> connect(/var/run/dovecot/auth-userdb) failed: No such file or directory >>>> May 7 17:47:57 nordkap dovecot: lda: Fatal: Internal error occurred. >>>> Refer to server log for more information. >>>> >> >>> Are you sure you're running the right copy of dovecot-lda? I think you >>> mentioned xthread that you have a Debian-provided version installed as >>> well? >> Yes I had the version from apt as well, but removed it today after >> upgrading to wheezy. The lda is called from postfix by these lines in >> master.cf >> << >> dovecot unix - n n - - pipe >> flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f >> ${sender} -d ${user}@${nexthop} >> >> >> so according to the path prefix it should be the correct copy of >> deliver. Is there a switch to get the version from deliver? I tried the >> usual -v and --version but no success. But even without the version I'm >> 99.99873% sure that the correct binary is used :-) > OK. So the next step is to try running deliver by hand, as vmail, > feeding it a mail from stdin, to see if that fails the same way. If it > does then I would next run it under strace, to see exactly what it's > trying to do and what files it's looking at. > > You could also run ldd on deliver, just to make sure it's picking up the > right versions of the dovecot libraries. The hardcoded base_dir path > appears to be baked into libdovecot.so.0, so if you run > > strings /path/to/libdovecot.so.0 | grep /var As I actually built with localstatedir=/var all the paths are correct << ldd /usr/local/libexec/dovecot/deliver ... libdovecot.so.0 => /usr/local/lib/dovecot/libdovecot.so.0 (0x00007fc41bcd9000) ... >> and << root at nordkap:~# strings /usr/local/lib/dovecot/libdovecot.so.0 | grep /var /var/lib/dovecot/instances /var/run/dovecot/config /var/run/dovecot /var/lib/dovecot /var/run /var/tmp >> I will built dovecot again with localstatedir=/usr/local/var and re-check the paths with the commands above. Thanks for all the help here, really a great list tobi From sb at dod.no Thu May 9 15:02:21 2013 From: sb at dod.no (Steinar Bang) Date: Thu, 09 May 2013 14:02:21 +0200 Subject: [Dovecot] dovecot not logging after upgrade to 2.1.7 on debian Message-ID: <87haice4z6.fsf@dod.no> After upgrading my IMAP server to the new debian stable, and upgrading dovecot from 1.x to 2.1.7 in the process, dovecot no longer logs anything to /var/log/mail.*. The last entries there are from before the upgrade, and no starts or error messages or failed login attempts, since then, have been logged. Does anyone know what might cause this? "doveconf -n" doesn't mention any of the log settings. Maybe the log settings aren't picked up? What could be done to make sure they are picked up? Here's the content of the /etc/dovecot/conf.d/10-logging.conf file: ## ## Log destination. ## # Log file to use for error messages. "syslog" logs to syslog, # /dev/stderr logs to stderr. log_path = syslog # Log file to use for informational messages. Defaults to log_path. #info_log_path = # Log file to use for debug messages. Defaults to info_log_path. #debug_log_path = # Syslog facility to use if you're logging to syslog. Usually if you don't # want to use "mail", you'll use local0..local7. Also other standard # facilities are supported. syslog_facility = mail ## ## Logging verbosity and debugging. ## # Log unsuccessful authentication attempts and the reasons why they failed. #auth_verbose = no # In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. #auth_verbose_passwords = no # Even more verbose logging for debugging purposes. Shows for example SQL # queries. #auth_debug = no # In case of password mismatches, log the passwords and used scheme so the # problem can be debugged. Enabling this also enables auth_debug. #auth_debug_passwords = no # Enable mail process debugging. This can help you figure out why Dovecot # isn't finding your mails. #mail_debug = no # Show protocol level SSL errors. #verbose_ssl = no # mail_log plugin provides more event logging for mail processes. plugin { # Events to log. Also available: flag_change append #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename # Available fields: uid, box, msgid, from, subject, size, vsize, flags # size and vsize are available only for expunge and copy events. #mail_log_fields = uid box msgid size } ## ## Log formatting. ## # Prefix for each line written to log file. % codes are in strftime(3) # format. #log_timestamp = "%b %d %H:%M:%S " # Space-separated list of elements we want to log. The elements which have # a non-empty variable value are joined together to form a comma-separated # string. #login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c # Login log format. %$ contains login_log_format_elements string, %s contains # the data we want to log. #login_log_format = %$: %s # Log prefix for mail processes. See doc/wiki/Variables.txt for list of # possible variables you can use. #mail_log_prefix = "%s(%u): " # Format to use for logging mail deliveries. You can use variables: # %$ - Delivery status message (e.g. "saved to INBOX") # %m - Message-ID # %s - Subject # %f - From address # %p - Physical size # %w - Virtual size #deliver_log_format = msgid=%m: %$ From trever at middleearth.sapphiresunday.org Thu May 9 15:04:56 2013 From: trever at middleearth.sapphiresunday.org (Trever L. Adams) Date: Thu, 09 May 2013 06:04:56 -0600 Subject: [Dovecot] IMAP SSL proxy (questions) In-Reply-To: <20130508195733.GG52079@anubis.morrow.me.uk> References: <518A779D.6060404@middleearth.sapphiresunday.org> <20130508195733.GG52079@anubis.morrow.me.uk> Message-ID: <518B90E8.3030708@middleearth.sapphiresunday.org> On 05/08/2013 01:57 PM, Ben Morrow wrote: > At 10AM -0600 on 8/05/13 you (Trever L. Adams) wrote: >> Hello everyone, >> >> I have seen: http://wiki.dovecot.org/HowTo/ImapProxy. It doesn't seem to >> fit what I need. > That page is for Dovecot 1.x, which is obsolete. You should be reading > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy . > >> Unfortunately, I cannot use TLS. I have to use SSL. Also, I would rather >> not duplicate the certificates for the IMAP servers. Hence nginx doesn't >> seem to be a good choice either. >> >> I am hoping that since SSL has "Client Hello" which specifies the site >> requested the the following could be done: >> >> Client - > Proxy [SYN] >> Proxy -> Client [SYN, ACK] >> Client -> Proxy [ACK] >> Client -> Proxy [SSL With "Client Hello", having server_name in >> Extension: server_name and sub-fields] > Do you have any evidence that common IMAP clients support sending SNI? > I've just checked, and mutt (for example) appears not to. > >> Proxy sees intended host >> Proxy <-> Intended Server [SYN/SYN+ACK/ACK sequence] >> Proxy -> Intended Server [Replay SSL/Client Hello] >> Client <-> Proxy <-> Intended Server (Proxy is non decrypting >> Man-in-the-Middle, just acting as a pseudo-invisible relay) >> >> I know that something somewhat like this works because this is how >> Apache can do virtual hosts with SSL. Of course, it acts as the end >> point intended server, not a proxy. I believe it is also somewhat how >> Squid does SSL proxying, although I could be entirely wrong. > More importantly, it only works with clients (browsers) which are new > enough to send SNI. If you use, for instance, any version of IE on > Windows XP, it will not work. > >> Is this possible? Can this be implemented in dovecot? > I don't believe so. > >> If not, does anyone know of such a project. Proxy needs to not have >> any exploitable holes and really only needs to understand enough SSL >> to get the server_name, pass through the connection, replaying Client >> Hello, and then knowing when to shut the connection. >> >> Just as a breif example, the use I have for this now is that I have >> several imap servers which all have IPv6 addresses, but have to share an >> IPv4 address. for SMTP side of things, this works well for all incoming >> email. (As an aside, does anyone know of a similar setup for SSL traffic >> on port 465 SSL for SMTP?) > Similarly, I doubt this is possible for SMTP either, since the clients > probably won't send SNI. > > Ben > > Thank you Ben and Noel for your responses! I know Thunderbird on Linux sends it. Right now my targets would be Thunderbird, K9 Mail and Android Mail on Android, and Apple Mail and whatever the equivalent is on iOS. I will investigate K9 and Android later (as I have access to those). I do not have access to the Apple ones at the moment. K-9 on my Droid X2 does not support SNI. Trever From user+dovecot at localhost.localdomain.org Thu May 9 16:06:31 2013 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Thu, 09 May 2013 15:06:31 +0200 Subject: [Dovecot] dovecot not logging after upgrade to 2.1.7 on debian In-Reply-To: <87haice4z6.fsf@dod.no> References: <87haice4z6.fsf@dod.no> Message-ID: <518B9F57.3060303@localhost.localdomain.org> On 05/09/2013 02:02 PM Steinar Bang wrote: > After upgrading my IMAP server to the new debian stable, and upgrading > dovecot from 1.x to 2.1.7 in the process, dovecot no longer logs > anything to /var/log/mail.*. The last entries there are from before the > upgrade, and no starts or error messages or failed login attempts, since > then, have been logged. Did you read /usr/share/doc/dovecot-core/{NEWS,README}.Debian.gz? > Does anyone know what might cause this? > > "doveconf -n" doesn't mention any of the log settings. Maybe the log > settings aren't picked up? What could be done to make sure they are > picked up? ,--[ doveconf(1) ]-- | OPTIONS | -n Show only settings with non-default values. `-- > Here's the content of the /etc/dovecot/conf.d/10-logging.conf file: > ? Please don't copy and paste stuff from files in Dovecot's configuration directory. Always provide the output generated by `doveconf -n`. ,--[ doveadm-log(1) ]-- | COMMANDS | log find | doveadm log find [directory] | | The log find command is used to show the location of the log files, to which dovecot(1) sends its log messages. If dovecot(1) logs its messages through syslogd(8) and doveadm(1) could not find any | log files, you can specify the directory where your syslogd writes its log files. `-- Regards, Pascal -- The trapper recommends today: c01dcofe.1312904 at localdomain.org From sb at dod.no Thu May 9 16:55:45 2013 From: sb at dod.no (Steinar Bang) Date: Thu, 09 May 2013 15:55:45 +0200 Subject: [Dovecot] dovecot not logging after upgrade to 2.1.7 on debian References: <87haice4z6.fsf@dod.no> <518B9F57.3060303@localhost.localdomain.org> Message-ID: <87d2t0dzq6.fsf@dod.no> >>>>> Pascal Volk : > On 05/09/2013 02:02 PM Steinar Bang wrote: >> After upgrading my IMAP server to the new debian stable, and upgrading >> dovecot from 1.x to 2.1.7 in the process, dovecot no longer logs >> anything to /var/log/mail.*. The last entries there are from before the >> upgrade, and no starts or error messages or failed login attempts, since >> then, have been logged. > Did you read /usr/share/doc/dovecot-core/{NEWS,README}.Debian.gz? I've read the README.Debian.gz file. I couldn't find anything about logging configuration there. Still can't. I just looked. I hadn't looked in the NEWS file, but now I have. Nothing there either. > Please don't copy and paste stuff from files in Dovecot's configuration > directory. Always provide the output generated by `doveconf -n`. Hard to explain that something didn't make it from the config file to the actual config without providing an example of what was lost. > ,--[ doveadm-log(1) ]-- >> COMMANDS >> log find >> doveadm log find [directory] >> >> The log find command is used to show the location of the log files, >> to which dovecot(1) sends its log messages. If dovecot(1) logs its >> messages through syslogd(8) and doveadm(1) could not find any log >> files, you can specify the directory where your syslogd writes its >> log files. Yes. Used that one yesterday, and it couldn't find any log files, and it already looks in the right place (/var/log/), and I still have no idea where to look and configure, except for the config file snip that you felt I shouldn't have pasted in. rainey:~# doveadm log find Looking for log files from /var/log Debug: Not found Info: Not found Warning: Not found Error: Not found Fatal: Not found Could the culprit be the syslogd? Could the syslogd have gone AWOL during the debian upgrade? That's a point of investigation, at least... From sb at dod.no Thu May 9 17:11:27 2013 From: sb at dod.no (Steinar Bang) Date: Thu, 09 May 2013 16:11:27 +0200 Subject: [Dovecot] dovecot not logging after upgrade to 2.1.7 on debian References: <87haice4z6.fsf@dod.no> <518B9F57.3060303@localhost.localdomain.org> <87d2t0dzq6.fsf@dod.no> Message-ID: <878v3odz00.fsf@dod.no> >>>>> Steinar Bang : > Could the culprit be the syslogd? Could the syslogd have gone AWOL > during the debian upgrade? That's a point of investigation, at least... Indeed... rainey:~# dpkg -S /etc/syslog.conf sysklogd: /etc/syslog.conf rainey:~# dpkg -l sysklogd Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-===========================-==================-==================-============================================================ rc sysklogd 1.5-6 i386 System Logging Daemon http://packages.debian.org/squeeze/sysklogd Exists for squeeze and sid, but not for wheezy. The preferred syslogd for debian is now rsyslog: http://wiki.debian.org/Rsyslog "apt-get install rsyslog" pulled the new syslogd in, and now "doveadm log find" reports meaningful values: rainey:~# doveadm log find Looking for log files from /var/log Debug: /var/log/mail.log Debug: /var/log/syslog Info: /var/log/mail.log Info: /var/log/syslog Info: /var/log/mail.info Warning: /var/log/mail.log Warning: /var/log/mail.warn Warning: /var/log/syslog Warning: /var/log/mail.info Error: /var/log/mail.log Error: /var/log/mail.warn Error: /var/log/mail.err Error: /var/log/syslog Error: /var/log/mail.info Fatal: /var/log/mail.log Fatal: /var/log/mail.warn Fatal: /var/log/mail.err Fatal: /var/log/syslog Fatal: /var/log/mail.info From stephan at rename-it.nl Thu May 9 17:16:29 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 09 May 2013 16:16:29 +0200 Subject: [Dovecot] Released Pigeonhole v0.3.5 for Dovecot v2.1.16 Message-ID: <518BAFBD.4050403@rename-it.nl> Hello Dovecot users, Before I release the first version of Pigeonhole v0.4, I quickly release a few small but important fixes for Pigeonhole v0.3. Changelog v0.3.5: - Sieve editheader extension: fixed interaction with the Sieve body extension. If used together, the deleteheader action could fail after a body test was performed. - Test suite: fixed a time zone dependency in the Sieve date extension tests. The release is available as follows: http://www.rename-it.nl/dovecot/2.1/dovecot-2.1-pigeonhole-0.3.5.tar.gz http://www.rename-it.nl/dovecot/2.1/dovecot-2.1-pigeonhole-0.3.5.tar.gz.sig Refer to http://pigeonhole.dovecot.org and the Dovecot v2.x wiki for more information. Have fun testing this new release and don't hesitate to notify me when there are any problems. Regards, -- Stephan Bosch stephan at rename-it.nl From dovecot at cfs.parliant.com Thu May 9 17:28:05 2013 From: dovecot at cfs.parliant.com (Chris Saldanha) Date: Thu, 09 May 2013 10:28:05 -0400 Subject: [Dovecot] change inbox dotlock name Message-ID: <518BB275.9040909@cfs.parliant.com> Axel Luttgens wrote: > But I fear I don't understand your problem description. > Could you elaborate? Hi Axel, The issue is that the procmail port on FreeBSD doesn't acquire a dotlock when it's the default lock file (/var/mail/username.lock). It prints that it's bypassing the dotlock and just does a lockf() lock after. Looking in the code for procmail, it seems that it's being too clever with a bunch of checks and so it doesn't try to get the lock -- it's decided it doesn't want to before doing it. The permissions and runtime environment permit the lock, and the same lock is acquired correctly by dovecot when writing to the inbox. I'm doing dotlock and then lockf() locking in all the mail software. procmail's checks only seem to apply to the default lock file for the inbox. If I specify an alternate name in the .procmailrc for the $ORGMAIL delivery of the message, then it will acquire any other lock I ask, including an alternate name in the /var/mail directory. I'll dig into the procmail sources as needed to resolve it, but I had hoped that I could get dovecot to lock with a different filename, because that would resolve the issue with minimal hackery... Cheers, Chris -- Chris Saldanha Parliant Corporation From h.reindl at thelounge.net Thu May 9 17:28:18 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 09 May 2013 16:28:18 +0200 Subject: [Dovecot] dovecot not logging after upgrade to 2.1.7 on debian In-Reply-To: <878v3odz00.fsf@dod.no> References: <87haice4z6.fsf@dod.no> <518B9F57.3060303@localhost.localdomain.org> <87d2t0dzq6.fsf@dod.no> <878v3odz00.fsf@dod.no> Message-ID: <518BB282.4050908@thelounge.net> Am 09.05.2013 16:11, schrieb Steinar Bang: >> Could the culprit be the syslogd? Could the syslogd have gone AWOL >> during the debian upgrade? That's a point of investigation, at least... > > Indeed... > > http://packages.debian.org/squeeze/sysklogd > Exists for squeeze and sid, but not for wheezy. > > The preferred syslogd for debian is now rsyslog: > http://wiki.debian.org/Rsyslog > > "apt-get install rsyslog" pulled the new syslogd in, and now "doveadm > log find" reports meaningful values and deb-packages does not support Obsoletes/Provides like RPM or only the packager too stupid not break upgrades? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From stephan at rename-it.nl Thu May 9 17:35:32 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 09 May 2013 16:35:32 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. Message-ID: <518BB434.7090905@rename-it.nl> Hello Dovecot users, I finally release the first version of Pigeonhole v0.4 for Dovecot v2.2. The main reason for the delay was that some unexpected (design) problems occurred with the new doveadm-sieve plugin, which allows synchronizing sieve scripts using doveadm sync. One important change is that I incorporated the extprograms plugin into the main Pigeonhole release. With this plugin it is possible to execute administrator-controlled external programs (shell scripts) from the Sieve interpreter, e.g. for special message delivery, filtering and string manipulation. The list of new features is not that impressive. I've been working on IMAP URLAUTH, IMAP CATENATE and HTTP support for Dovecot. Currently, I'm building an SMTP submission proxy server. After all that I plan to spend more time on Sieve development. One of the most important issues on my list is implementing support for using alternative types of storage (e.g. a database) for Sieve scripts, rather than only a filesystem directory as it is now. Changelog v0.4.0: + Added doveadm-sieve plugin that provides the possibility to sync Sieve scripts using doveadm sync along with the user's mailboxes. + Added the Sieve extprograms plugin to the main Pigeonhole package. It is still a plugin, but it is now included so that a separate compile is no longer necessary and distributors are likely to include it. The extprograms plugin provides Sieve language extensions that allows executing (administrator-controlled) external programs for message delivery, message filtering and string manipulation. Refer to doc/plugins/sieve_extprograms.txt for more information. + Added debug message showing Pigeonhole version at initialization. Makes it very clear that the plugin is properly loaded. + Finished implementation of the Sieve include extension. It should now fully conform to RFC 6609. The main addition is the new :optional tag which makes the include command ignore missing included scripts without an error. + Finished implementation of the Sieve environment extension as much as possible. Environment items "location", "phase" and "domain" now also return a usable value. The release is available as follows: http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.0.tar.gz http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.0.tar.gz.sig Refer to http://pigeonhole.dovecot.org and the Dovecot v2.x wiki for more information. Have fun testing this new release and don't hesitate to notify me when there are any problems. Regards, -- Stephan Bosch stephan at rename-it.nl From sb at dod.no Thu May 9 17:56:08 2013 From: sb at dod.no (Steinar Bang) Date: Thu, 09 May 2013 16:56:08 +0200 Subject: [Dovecot] dovecot not logging after upgrade to 2.1.7 on debian References: <87haice4z6.fsf@dod.no> <518B9F57.3060303@localhost.localdomain.org> <87d2t0dzq6.fsf@dod.no> <878v3odz00.fsf@dod.no> <518BB282.4050908@thelounge.net> Message-ID: <87zjw4cid3.fsf@dod.no> >>>>> Reindl Harald : > and deb-packages does not support Obsoletes/Provides like RPM or only > the packager too stupid not break upgrades? There isn't an "obsolete"-concept, AFAIK. But there is a way to handle upgrades that switch implementations, through a mechanism called virtual packages. Why that wasn't done here, I don't know. Perhaps it was overlooked. From stan at hardwarefreak.com Thu May 9 18:56:19 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 09 May 2013 10:56:19 -0500 Subject: [Dovecot] dovecot not logging after upgrade to 2.1.7 on debian In-Reply-To: <878v3odz00.fsf@dod.no> References: <87haice4z6.fsf@dod.no> <518B9F57.3060303@localhost.localdomain.org> <87d2t0dzq6.fsf@dod.no> <878v3odz00.fsf@dod.no> Message-ID: <518BC723.4090104@hardwarefreak.com> On 5/9/2013 9:11 AM, Steinar Bang wrote: > The preferred syslogd for debian is now rsyslog: > http://wiki.debian.org/Rsyslog Did you happen to notice that rsyslog became the default syslog daemon with the release of Lenny? That was Feb 14, 2009, over 4 years ago. Your system went through 3 distribution upgrades before you noticed. There was no "syslog" virtual or metapackage. The Lenny upgrade release notes had instructions for manually replacing syslogd with rsyslog. It could not be done automatically. I guess you missed this with Lenny, and Debian assumed everyone did it, omitting this from subsequent release notes. -- Stan From CMarcus at Media-Brokers.com Thu May 9 19:05:55 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 09 May 2013 12:05:55 -0400 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518BB434.7090905@rename-it.nl> References: <518BB434.7090905@rename-it.nl> Message-ID: <518BC963.308@Media-Brokers.com> On 2013-05-09 10:35 AM, Stephan Bosch wrote: > Hello Dovecot users, > > I finally release the first version of Pigeonhole v0.4 for Dovecot v2.2. Yay! Thanks so much Stephan. One question though... > Currently, I'm building an SMTP submission proxy server. Can you elaborate on this? Does this mean for example, that we could use dovecot as our submission server and auto-save-to-sent, avoiding the overhead of the 'Copy to Sent' behavior we are currently forced to use where a message is first uploaded when it is sent, then again when it is saved to the sent folder? This would be awesome, as we deal with a lot of large attachments, and when people are working from home, it can take many many seconds (even a minute or so for very large attachments depending on their internet connection speed) to send, and then it has to do it all over again to save to sent. Thanks again! -- Best regards, Charles From hanks_j at ligo-wa.caltech.edu Thu May 9 21:13:46 2013 From: hanks_j at ligo-wa.caltech.edu (Jonathan Hanks) Date: Thu, 09 May 2013 11:13:46 -0700 Subject: [Dovecot] Crossrealm Kerberos problems Message-ID: <518BE75A.2080708@ligo-wa.caltech.edu> I am running dovecot 2.1.7 on Debian Squeeze 64 bit, config information at the end of the email. I am working on a Kerberos/GSSAPI based setup that requires cross-realm authentication. I have regular GSSAPI working, I can log in using pam_krb5 with password based logins or with the GSSAPI support when using a kerberos ticket in the default realm. However when I attempt to authenticate using cross realm authentication the login fails (logs below). After perusing the source code I beleive that the problem is as such: All taking place in mech-gssapi.c 1. mech_gssapi_userok(...) calls mech_gssapi_krb5_userok 2. mech_gssapi_krb5_userok(...) calls krb5_kuserok(...) to verify that the given Kerberos prinicpal can log in as the requested user. 3. The authentication process is running as the Dovecot user so: 3a. krb5_kuserok(...) looks for ~dovecot/.k5login to authorize cross realm logins 3b. There is no ~dovecot/.k5login, thus no cross realm access is allowed 3c. It should be looking at the users .k5login ~poptest/.k5login 3d. This never happens and the login attempt fails I have the server set up to use system users specifically so that I can do cross-realm authentication. Do I have some basic configuration error? How do I change the authentication process to run as the user requesting to login? Should that be allowed? Another thought is to backport some of the patches proposed for 2.2 that remove krb5_kuserok from the loop. Thank you for any insight. This server is not in production use so I can experiment. May 9 10:54:49 lakeview.ligo-wa.caltech.edu dovecot: auth: Debug: gssapi(jonathan.hanks at SOME.REALM,198.129.xxx.xxx,): Negotiated security layer May 9 10:54:49 lakeview.ligo-wa.caltech.edu dovecot: auth: Debug: gssapi(jonathan.hanks at SOME.REALM,198.129.xxx.xxx,): Negotiated security layer May 9 10:54:49 lakeview.ligo-wa.caltech.edu dovecot: auth: Debug: client out: CONT#0111#011BQQF/wAMAAAAAAAACpxNKQH///+YdY3lGMDBq6TWTfc= May 9 10:54:49 lakeview.ligo-wa.caltech.edu dovecot: auth: Debug: client out: CONT#0111#011BQQF/wAMAAAAAAAACpxNKQH///+YdY3lGMDBq6TWTfc= May 9 10:54:49 lakeview.ligo-wa.caltech.edu dovecot: auth: Debug: client in: CONT May 9 10:54:49 lakeview.ligo-wa.caltech.edu dovecot: auth: Debug: client in: CONT May 9 10:54:49 lakeview.ligo-wa.caltech.edu dovecot: auth: gssapi(jonathan.hanks at SOME.REALM,198.129.xxx.xxx,): User not authorized to log in as poptest May 9 10:54:49 lakeview.ligo-wa.caltech.edu dovecot: auth: gssapi(jonathan.hanks at SOME.REALM,198.129.xxx.xxx,): User not authorized to log in as poptest My config is as follows: # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 auth_debug = yes auth_gssapi_hostname = $ALL auth_krb5_keytab = /etc/mail.keytab auth_mechanisms = plain login gssapi auth_username_format = %u auth_verbose = yes listen = * mail_location = mbox:~/mail:INBOX=/var/spool/mail/inbox/%u mail_privileged_group = mail passdb { args = dovecot driver = pam } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0666 } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 995 ssl = yes } } ssl_cert = References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> Message-ID: <518C13D0.9030109@rename-it.nl> On 5/9/2013 6:05 PM, Charles Marcus wrote: > On 2013-05-09 10:35 AM, Stephan Bosch wrote: > >> Currently, I'm building an SMTP submission proxy server. > > Can you elaborate on this? It basically acts as a front-end to your normal MTA. First of all, it provides a convenient way to add SMTP AUTH support to any MTA. But the main goal for this project is to implement an SMTP submission server with full support for the LEMONADE profile (https://tools.ietf.org/html/rfc4550). It acts as a proxy server, so it doesn't queue anything; once the client sees a success reply for the message submission, it is already accepted in the actual MTA queue. For authentication it uses the normal Dovecot login strategy. This means that after authentication, it can run with the user's privileges and access the user's mail storage directly. However, I also plan to provide support for running it as a completely unprivileged service. > Does this mean for example, that we could use dovecot as our > submission server ... Yes. > ... and auto-save-to-sent, avoiding the overhead of the 'Copy to Sent' > behavior we are currently forced to use where a message is first > uploaded when it is sent, then again when it is saved to the sent folder? Depends a bit on what you have in mind. The LEMONADE profile has a forward-without-download scheme for this, using the SMTP BURL extension (https://tools.ietf.org/html/rfc4468) and IMAP CATENATE (https://tools.ietf.org/html/rfc4469) and URLAUTH (https://tools.ietf.org/html/rfc4467). Using CATENATE, the client can combine existing message parts with new text to compose a new message. Using SMTP BURL and IMAP URLAUTH, the SMTP server can access that message directly from the IMAP server without the need for the client to download it first. Some more direct approach is also possible, e.g. let the submission server store the message in the Sent folder implicitly (as Google apparently does). This has a few problems though, mainly that the mail client will have to be configured correctly not to store an additional copy of its own. Unfortunately, there is no standardized method of signalling this from server to client. Google probably filters out the duplicates, we don't really know. Also, which folder does the user use as Sent folder? We could use the IMAP SPECIAL-USE (https://www.ietf.org/rfc/rfc6154.txt) extension to find out. Anyway, adding support for implicitly storing sent messages in the \Sent folder should be easy enough, but it is not a fool-proof solution. Timo was discussing this a while back on the SMTP mailinglist, but people there weren't too enthusiastic about standardizing a feature like this so far. > This would be awesome, as we deal with a lot of large attachments, and > when people are working from home, it can take many many seconds (even > a minute or so for very large attachments depending on their internet > connection speed) to send, and then it has to do it all over again to > save to sent. The LEMONADE profile is rather elaborate and not many clients or servers support it yet. I'm hoping that by providing a chicken, more eggs will follow soon. To provide some sort of solution for the short term, I guess I'll just add an optional auto-save-to-sent feature. When the submission service has direct access to the user's mail storage, that is trivial to implement. However, if the submission service is unprivileged, that will be a little more difficult. Probably, in that case I'll make it use a special support service to perform the actual delivery to the sent folder. Any suggestions are welcome. Regards, Stephan. From tss at iki.fi Fri May 10 00:35:02 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 10 May 2013 00:35:02 +0300 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518C13D0.9030109@rename-it.nl> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> Message-ID: <5AB3A449-DB4F-4CF5-801D-DA91F0E5CC07@iki.fi> On 10.5.2013, at 0.23, Stephan Bosch wrote: > Anyway, adding support for implicitly storing sent messages in the \Sent folder should be easy enough, but it is not a fool-proof solution. Timo was discussing this a while back on the SMTP mailinglist, but people there weren't too enthusiastic about standardizing a feature like this so far. I was thinking about continuing that after we have implemented something. It seems that the "best" idea really was the one I had in the beginning and Alexey also suggested: 250 2.0.0 [localcopy] Message accepted Very IMAP-like instead of SMTP-like, but .. well, it's a very IMAP-specific feature in any case (until IMAP replacement protocol comes some day). From stephan at rename-it.nl Fri May 10 01:36:09 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 10 May 2013 00:36:09 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <5AB3A449-DB4F-4CF5-801D-DA91F0E5CC07@iki.fi> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <5AB3A449-DB4F-4CF5-801D-DA91F0E5CC07@iki.fi> Message-ID: <518C24D9.5050800@rename-it.nl> On 5/9/2013 11:35 PM, Timo Sirainen wrote: > On 10.5.2013, at 0.23, Stephan Bosch wrote: > >> Anyway, adding support for implicitly storing sent messages in the \Sent folder should be easy enough, but it is not a fool-proof solution. Timo was discussing this a while back on the SMTP mailinglist, but people there weren't too enthusiastic about standardizing a feature like this so far. > I was thinking about continuing that after we have implemented something. Yeah, good idea. My patch queue (hg mq) is here: http://hg.rename-it.nl/dovecot-2.2-patches/ The toplevel submission.patch also updates the Dovecot TODO file, so you can look there for what remains to be done. The auto-save-to-sent feature is not mentioned there yet. > It seems that the "best" idea really was the one I had in the beginning and Alexey also suggested: > > 250 2.0.0 [localcopy] Message accepted > > Very IMAP-like instead of SMTP-like, but .. well, it's a very IMAP-specific feature in any case (until IMAP replacement protocol comes some day). ManageSieve uses this textual response-code style as well. :) Some SMTP replies already have a somewhat structured text part, e.g. a domain name as the first word, or an optional mailbox specification enclosed in '<' and '>'. So, I don't think it would be completely strange to put it there. Regards, Stephan. From AxelLuttgens at swing.be Fri May 10 10:25:32 2013 From: AxelLuttgens at swing.be (Axel Luttgens) Date: Fri, 10 May 2013 09:25:32 +0200 Subject: [Dovecot] change inbox dotlock name In-Reply-To: <518BB275.9040909@cfs.parliant.com> References: <518BB275.9040909@cfs.parliant.com> Message-ID: <0572534F-E0A2-49F3-97B6-46F914860806@swing.be> Le 9 mai 2013 ? 16:28, Chris Saldanha a ?crit : > Axel Luttgens wrote: > > But I fear I don't understand your problem description. > > Could you elaborate? > > Hi Axel, > > The issue is that the procmail port on FreeBSD doesn't acquire a dotlock when it's the default lock file (/var/mail/username.lock). It prints that it's bypassing the dotlock and just does a lockf() lock after. Hello Chris, I don't know very much about procmail (nor about you setup) but I guess just changing the dotlock file's name would anyway be quite an ugly kludge. Doesn't procmail provide a more detailed message about that "dotlock bypass" (possibly with increased verbosity)? On the other, should dotlocking really be problematic on FreeBSD, and assuming only procmail and Dovecot access the mailboxes (mbox format, I guess), perhaps could you configure both of them to use lockf only? Axel From stan at hardwarefreak.com Fri May 10 11:41:26 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 10 May 2013 03:41:26 -0500 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518BC963.308@Media-Brokers.com> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> Message-ID: <518CB2B6.5080404@hardwarefreak.com> On 5/9/2013 11:05 AM, Charles Marcus wrote: > This would be awesome, as we deal with a lot of large attachments, and > when people are working from home, it can take many many seconds (even a > minute or so for very large attachments depending on their internet > connection speed) to send, and then it has to do it all over again to > save to sent. Charles have you looked into Thunderbird Filelink? https://support.mozillamessaging.com/en-US/kb/filelink-large-attachments You can use a 3rd party service or your own WebDAV server. Keeps large attachments out of mailbox storage, doesn't save them to Sent Items, moves the file over the wire only once. -- Stan From christian.rohmann at frittentheke.de Fri May 10 13:12:44 2013 From: christian.rohmann at frittentheke.de (Christian Rohmann) Date: Fri, 10 May 2013 12:12:44 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518C13D0.9030109@rename-it.nl> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> Message-ID: <518CC81C.5040205@frittentheke.de> Hey Stephan, On 05/09/2013 11:23 PM, Stephan Bosch wrote: > It basically acts as a front-end to your normal MTA. First of all, it > provides a convenient way to add SMTP AUTH support to any MTA. But the > main goal for this project is to implement an SMTP submission server > with full support for the LEMONADE profile > (https://tools.ietf.org/html/rfc4550). It acts as a proxy server, so it > doesn't queue anything; once the client sees a success reply for the > message submission, it is already accepted in the actual MTA queue. I have one remark and one question: Remark: Don't forget XCLIENT / XFORWARD support to help the "real" MTA understand who it's really talking to. Question: Will the new SMTP submission code somehow solve the robustness issues with sieve doing SMTP submission? We talked about it last November. Subject was "[Dovecot] Sieve puts incoming message into inbox on any problem with submission_host". Regards Christian -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4089 bytes Desc: S/MIME Cryptographic Signature URL: From CMarcus at Media-Brokers.com Fri May 10 13:42:02 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 10 May 2013 06:42:02 -0400 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518CB2B6.5080404@hardwarefreak.com> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518CB2B6.5080404@hardwarefreak.com> Message-ID: <518CCEFA.7020108@Media-Brokers.com> On 2013-05-10 4:41 AM, Stan Hoeppner wrote: > On 5/9/2013 11:05 AM, Charles Marcus wrote: >> This would be awesome, as we deal with a lot of large attachments, and >> when people are working from home, it can take many many seconds (even a >> minute or so for very large attachments depending on their internet >> connection speed) to send, and then it has to do it all over again to >> save to sent. > Charles have you looked into Thunderbird Filelink? > > https://support.mozillamessaging.com/en-US/kb/filelink-large-attachments > > You can use a 3rd party service or your own WebDAV server. Keeps large > attachments out of mailbox storage, doesn't save them to Sent Items, > moves the file over the wire only once. Hi Stan, Thanks for the idea, and yes, I'm aware of filelink. While the idea is nice, it wouldn't fulfill our needs. Our data must be kept private, and while there is the WebDAV extension, its functionality is very basic (files with the same name are overwritten silently, no support for expiring links, etc). But anyway, I don't much like the idea of totally separating attachments from emails, it just feels off to me. Thanks, Charles From rs at sys4.de Fri May 10 13:47:10 2013 From: rs at sys4.de (Robert Schetterer) Date: Fri, 10 May 2013 12:47:10 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518CCEFA.7020108@Media-Brokers.com> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518CB2B6.5080404@hardwarefreak.com> <518CCEFA.7020108@Media-Brokers.com> Message-ID: <518CD02E.7090302@sys4.de> Am 10.05.2013 12:42, schrieb Charles Marcus: > On 2013-05-10 4:41 AM, Stan Hoeppner wrote: >> On 5/9/2013 11:05 AM, Charles Marcus wrote: >>> This would be awesome, as we deal with a lot of large attachments, and >>> when people are working from home, it can take many many seconds (even a >>> minute or so for very large attachments depending on their internet >>> connection speed) to send, and then it has to do it all over again to >>> save to sent. > >> Charles have you looked into Thunderbird Filelink? >> >> https://support.mozillamessaging.com/en-US/kb/filelink-large-attachments >> >> You can use a 3rd party service or your own WebDAV server. Keeps large >> attachments out of mailbox storage, doesn't save them to Sent Items, >> moves the file over the wire only once. > > Hi Stan, > > Thanks for the idea, and yes, I'm aware of filelink. While the idea is > nice, it wouldn't fulfill our needs. Our data must be kept private, and > while there is the WebDAV extension, its functionality is very basic > (files with the same name are overwritten silently, no support for > expiring links, etc). > > But anyway, I don't much like the idea of totally separating attachments > from emails, it just feels off to me. > > Thanks, > > Charles > just a little off topic but may for interest to sombody https://github.com/fincluster/owncloud_mail_attachments Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From stephan at rename-it.nl Fri May 10 14:28:35 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 10 May 2013 13:28:35 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518CC81C.5040205@frittentheke.de> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <518CC81C.5040205@frittentheke.de> Message-ID: <518CD9E3.4030606@rename-it.nl> On 5/10/2013 12:12 PM, Christian Rohmann wrote: > Hey Stephan, > > On 05/09/2013 11:23 PM, Stephan Bosch wrote: >> It basically acts as a front-end to your normal MTA. First of all, it >> provides a convenient way to add SMTP AUTH support to any MTA. But the >> main goal for this project is to implement an SMTP submission server >> with full support for the LEMONADE profile >> (https://tools.ietf.org/html/rfc4550). It acts as a proxy server, so it >> doesn't queue anything; once the client sees a success reply for the >> message submission, it is already accepted in the actual MTA queue. > > I have one remark and one question: > > Remark: Don't forget XCLIENT / XFORWARD support to help the "real" MTA > understand who it's really talking to. XCLIENT is already implemented. But, afaik, this is only supported by Postfix. I also noticed a problem with XCLIENT LOGIN=. Even when that is specified, Postfix doesn't allow relaying for a client authenticated through Dovecot submission. I am still not sure what I am messing up there (I did configure smtp_recipient_restrictions correctly I believe). What is XFORWARD good for? It looks very similar, but focused on dealing with mail filter intermediaries. I don't think this applies here. > Question: Will the new SMTP submission code somehow solve the > robustness issues with sieve doing SMTP submission? We talked about it > last November. Subject was "[Dovecot] Sieve puts incoming message into > inbox on any problem with submission_host". Probably. I'll keep that in mind when implementing the new SMTP client in lib-smtp. It will also require some changes in the LDA/LMTP handling of temporary delivery failures. This is also a good occasion to finish Sieve ereject support. Regards, Stephan. From paul at vandervlis.nl Fri May 10 15:00:40 2013 From: paul at vandervlis.nl (Paul van der Vlis) Date: Fri, 10 May 2013 14:00:40 +0200 Subject: [Dovecot] Expunge mailbox from script Message-ID: Hello, I would like to expunge all mail of a mailbox from a script. What's a good tool to do that? With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl/ From campbell at cnpapers.com Fri May 10 15:17:50 2013 From: campbell at cnpapers.com (Steve Campbell) Date: Fri, 10 May 2013 08:17:50 -0400 Subject: [Dovecot] Any way to let dovecot block pop3 attempts? Message-ID: <518CE56E.8080708@cnpapers.com> Is there a way using dovecot facilities to block an IP from attempting POP3 connections (similar to the sendmail access file for smtp connections)? I usually do this at my border firewall, but if there's a quick and dirty way in dovecot to do this, it'd make life a little simpler. Thanks steve campbell From p at sys4.de Fri May 10 15:20:42 2013 From: p at sys4.de (Patrick Ben Koetter) Date: Fri, 10 May 2013 14:20:42 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518CD9E3.4030606@rename-it.nl> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <518CC81C.5040205@frittentheke.de> <518CD9E3.4030606@rename-it.nl> Message-ID: <20130510122040.GI2372@sys4.de> * Stephan Bosch : > On 5/10/2013 12:12 PM, Christian Rohmann wrote: > >Hey Stephan, > > > >On 05/09/2013 11:23 PM, Stephan Bosch wrote: > >>It basically acts as a front-end to your normal MTA. First of all, it > >>provides a convenient way to add SMTP AUTH support to any MTA. But the > >>main goal for this project is to implement an SMTP submission server > >>with full support for the LEMONADE profile > >>(https://tools.ietf.org/html/rfc4550). It acts as a proxy server, so it > >>doesn't queue anything; once the client sees a success reply for the > >>message submission, it is already accepted in the actual MTA queue. > > > >I have one remark and one question: > > > >Remark: Don't forget XCLIENT / XFORWARD support to help the "real" > >MTA understand who it's really talking to. > > XCLIENT is already implemented. But, afaik, this is only supported > by Postfix. I also noticed a problem with XCLIENT LOGIN=. > Even when that is specified, Postfix doesn't allow relaying for a > client authenticated through Dovecot submission. I am still not sure > what I am messing up there (I did configure > smtp_recipient_restrictions correctly I believe). > > What is XFORWARD good for? It looks very similar, but focused on > dealing with mail filter intermediaries. I don't think this applies > here. It forwards the META data for logging purposes and is useful to create consistent logging. p at rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From Lutz.Pressler at SerNet.DE Fri May 10 15:21:17 2013 From: Lutz.Pressler at SerNet.DE (Lutz =?iso-8859-1?Q?Pre=DFler?=) Date: Fri, 10 May 2013 14:21:17 +0200 Subject: [Dovecot] search and UTF-8 normalization forms (NFD) In-Reply-To: <730F760C-FC67-42C0-8405-770114D27063@iki.fi> References: <730F760C-FC67-42C0-8405-770114D27063@iki.fi> Message-ID: Hello Timo, On Thu, 02 May 2013, Timo Sirainen wrote: > IMAP requires using i;unicode-casemap by default, as specified by RFC 5051. Then again, others could be supported as well, and it's not really a requirement that the search can't handle more flexible searches.. Anyway, that's what Dovecot currently has implemented, and I guess it doesn't do what you want it to do. But there is a partial solution for this: > > http://dovecot.org/patches/2.1/icu-1.2.tar.gz > > It probably does what you want, but it only works with fts-lucene. I'm trying to test it with the 2.2.1 installation, but have a problem doing so: after seemingly smooth compilation and installation, I get May 10 14:15:18 host dovecot: imap: Error: Module is for different ABI version 2.2.1 (we have 2.2.ABIv0(2.2.1)): /usr/lib/dovecot/modules/lib20_icu_plugin.so May 10 14:15:18 host dovecot: imap: Fatal: Couldn't load required plugins Any idea? Greetings, Lutz From stephan at rename-it.nl Fri May 10 15:30:13 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 10 May 2013 14:30:13 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <20130510122040.GI2372@sys4.de> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <518CC81C.5040205@frittentheke.de> <518CD9E3.4030606@rename-it.nl> <20130510122040.GI2372@sys4.de> Message-ID: <518CE855.2070604@rename-it.nl> On 5/10/2013 2:20 PM, Patrick Ben Koetter wrote: > * Stephan Bosch : >> What is XFORWARD good for? It looks very similar, but focused on >> dealing with mail filter intermediaries. I don't think this applies >> here. > It forwards the META data for logging purposes and is useful to create > consistent logging. I understood as much from: http://www.postfix.org/XFORWARD_README.html But I don't quite understand how this is different from XCLIENT, apart from the SOURCE and IDENT items perhaps. Regards, Stephan. From Lutz.Pressler at SerNet.DE Fri May 10 15:43:07 2013 From: Lutz.Pressler at SerNet.DE (Lutz =?iso-8859-1?Q?Pre=DFler?=) Date: Fri, 10 May 2013 14:43:07 +0200 Subject: [Dovecot] SMTP front-end Re: Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518CD9E3.4030606@rename-it.nl> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <518CC81C.5040205@frittentheke.de> <518CD9E3.4030606@rename-it.nl> Message-ID: Stephan, On Fri, 10 May 2013, Stephan Bosch wrote: > On 5/10/2013 12:12 PM, Christian Rohmann wrote: > > Hey Stephan, > > > > On 05/09/2013 11:23 PM, Stephan Bosch wrote: > >> It basically acts as a front-end to your normal MTA. First of all, it > >> provides a convenient way to add SMTP AUTH support to any MTA. But the > >> main goal for this project is to implement an SMTP submission server > >> with full support for the LEMONADE profile > >> (https://tools.ietf.org/html/rfc4550). It acts as a proxy server, so it > >> doesn't queue anything; once the client sees a success reply for the > >> message submission, it is already accepted in the actual MTA queue. > > > > I have one remark and one question: > > > > Remark: Don't forget XCLIENT / XFORWARD support to help the "real" MTA > > understand who it's really talking to. > > XCLIENT is already implemented. But, afaik, this is only supported by > Postfix. Exim has the "-bs" command line option. From spec: -bs This option causes Exim to accept one or more messages by reading SMTP commands on the standard input, and producing SMTP replies on the standard output. SMTP policy controls, as defined in ACLs (see chapter 42) are applied. Some user agents use this interface as a way of passing locally-generated messages to the MTA. In this usage, if the caller of Exim is trusted, or untrusted_set_sender is set, the senders of messages are taken from the SMTP MAIL commands. Otherwise the content of these commands is ignored and the sender is set up as the calling user. Unqualified addresses are automatically qualified using qualify_domain and qualify_recipient, as appropriate, unless the -bnq option is used. The -bs option is also used to run Exim from inetd, as an alternative to using a listening daemon. Exim can distinguish the two cases by checking whether the standard input is a TCP/IP socket. When Exim is called from inetd, the source of the mail is assumed to be remote, and the comments above concerning senders and qualification do not apply. In this situation, Exim behaves in exactly the same way as it does when receiving a message via the listening daemon. Could you implement this interface to a backend server, too? Thanks for your work, regards, Lutz From davide.marchi at mail.cgilfe.it Fri May 10 15:47:23 2013 From: davide.marchi at mail.cgilfe.it (Davide) Date: Fri, 10 May 2013 14:47:23 +0200 Subject: [Dovecot] Problem with LDA reject message Message-ID: <518CEC5B.5090804@mail.cgilfe.it> Hi to all, i have a problem with LDA when users are quota-full. My setup is Vpopmail + dovecot + lda; if i send a messagge internally to a user with quota full i receive correctly a messagge but in the header ( i attacch a snip) From - Fri May 10 14:42:27 2013 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: <"<>"@mail.cgilfe.it> i receive this strange Return-Path. I the messagge is sent outside other servers reply with this messagge: Subject: failure notice Hi. This is the qmail-send program at mail.cgilfe.it. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. : Connected to 80.207.169.234 but sender was rejected. Remote host said: 501 Address Syntax Error in <"<>"@mail.cgilfe.it> this is my .qmail-default file: |/var/qmail/bin/preline -f /usr/local/libexec/dovecot/dovecot-lda -d $EXT@$USER | /home/vpopmail/bin/vdelivermail "" bounce-no-mailbox Thanks in advance. -- *Davide Marchi* *T*eorema *F*errara *Srl* Via Spronello, 7 - Ferrara - 44121 Tel. *0532783161* Fax. *0532783368* E-m at il: *davide.marchi at mail.cgilfe.it* Skype: *davide.marchi73* Web: *http://www.cgilfe.it* *CONFIDENZIALITA'* *Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario/dei destinatari. Qualora il messaggio in parola Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione.* *Per favore, pensa all'ambiente. Stampa questa email solo se necessario.* From gilles.chauvin at univ-rouen.fr Fri May 10 15:54:30 2013 From: gilles.chauvin at univ-rouen.fr (Gilles Chauvin) Date: Fri, 10 May 2013 14:54:30 +0200 Subject: [Dovecot] Any way to let dovecot block pop3 attempts? In-Reply-To: <518CE56E.8080708@cnpapers.com> References: <518CE56E.8080708@cnpapers.com> Message-ID: <1926049.9tUoh1NUlU@gcn-archlinux> On Friday 10 May 2013 08:17:50 Steve Campbell wrote: > Is there a way using dovecot facilities to block an IP from attempting > POP3 connections (similar to the sendmail access file for smtp > connections)? I usually do this at my border firewall, but if there's a > quick and dirty way in dovecot to do this, it'd make life a little simpler. > Hi Steve, We've been using Fail2Ban on our mail proxies for a while without any problem. It may be what you're looking for. Regards, Gilles. From stephan at rename-it.nl Fri May 10 15:56:41 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 10 May 2013 14:56:41 +0200 Subject: [Dovecot] SMTP front-end Re: Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <518CC81C.5040205@frittentheke.de> <518CD9E3.4030606@rename-it.nl> Message-ID: <518CEE89.6010601@rename-it.nl> On 5/10/2013 2:43 PM, Lutz Pre?ler wrote: > Stephan, > On Fri, 10 May 2013, Stephan Bosch wrote: > Exim has the "-bs" command line option. From spec: > > Could you implement this interface to a backend server, too? As long as it talks SMTP, it shouldn't be that difficult to facilitate this. But, what exactly is the benefit of this over a normal TCP connection? Regards, Stephan. From p at sys4.de Fri May 10 16:02:42 2013 From: p at sys4.de (Patrick Ben Koetter) Date: Fri, 10 May 2013 15:02:42 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518CE855.2070604@rename-it.nl> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <518CC81C.5040205@frittentheke.de> <518CD9E3.4030606@rename-it.nl> <20130510122040.GI2372@sys4.de> <518CE855.2070604@rename-it.nl> Message-ID: <20130510130242.GJ2372@sys4.de> * Stephan Bosch : > On 5/10/2013 2:20 PM, Patrick Ben Koetter wrote: > >* Stephan Bosch : > >>What is XFORWARD good for? It looks very similar, but focused on > >>dealing with mail filter intermediaries. I don't think this applies > >>here. > >It forwards the META data for logging purposes and is useful to create > >consistent logging. > > I understood as much from: > > http://www.postfix.org/XFORWARD_README.html > > But I don't quite understand how this is different from XCLIENT, > apart from the SOURCE and IDENT items perhaps. XCLIENT impersonates a client and the SMTP server will act as if the XCLIENT was the real client, e.g. it will apply ACLs and other policies to the XCLIENT personality. XFORWARD will not alter the SMTP server behaviour. The client and message data from XFORWARD will only be used for logging purposes. p at rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From campbell at cnpapers.com Fri May 10 16:17:28 2013 From: campbell at cnpapers.com (Steve Campbell) Date: Fri, 10 May 2013 09:17:28 -0400 Subject: [Dovecot] Any way to let dovecot block pop3 attempts? In-Reply-To: <1926049.9tUoh1NUlU@gcn-archlinux> References: <518CE56E.8080708@cnpapers.com> <1926049.9tUoh1NUlU@gcn-archlinux> Message-ID: <518CF368.9000403@cnpapers.com> On 5/10/2013 8:54 AM, Gilles Chauvin wrote: > On Friday 10 May 2013 08:17:50 Steve Campbell wrote: >> Is there a way using dovecot facilities to block an IP from attempting >> POP3 connections (similar to the sendmail access file for smtp >> connections)? I usually do this at my border firewall, but if there's a >> quick and dirty way in dovecot to do this, it'd make life a little simpler. >> > Hi Steve, > > We've been using Fail2Ban on our mail proxies for a while without any > problem. > > It may be what you're looking for. > > > Regards, > Gilles. Thanks, But I believe fail2ban uses iptables, and I don't run a local firewall on the server. I'd prefer not to use a separate server to inject firewall rules on the border firewall. I might be wrong about fail2ban, though. I was hoping there was a file for pop and imap in dovecot similar to the smtp "access" file in sendmail (which is what I use, BTW) steve From florob at babelmonkeys.de Fri May 10 16:24:55 2013 From: florob at babelmonkeys.de (Florian Zeitz) Date: Fri, 10 May 2013 15:24:55 +0200 Subject: [Dovecot] search and UTF-8 normalization forms (NFD) In-Reply-To: <730F760C-FC67-42C0-8405-770114D27063@iki.fi> References: <730F760C-FC67-42C0-8405-770114D27063@iki.fi> Message-ID: <518CF527.3010705@babelmonkeys.de> Am 02.05.2013 17:53, schrieb Timo Sirainen: > On 25.4.2013, at 16.39, Lutz Pre?ler wrote: > >> on a system with dovecot 2.2 I've got a mailbox containing multiple mails >> from a person called Kr?ger, but From: header encoded differently. >> Some are encoded in UTF-8 normalization form decomposed (as used by Mac OSX), >> that is u and umlaut accent as sperate combined codepoints >> instead of one ?: >> >> From: =?utf-8?Q?replaced_Kru=CC=88ger?= >> >> Searching within roundcube webmail for "kr?ger" as sender >> missis this mails. >> >> Roundcube sends (dovecot rawlog): >> A0003 UID THREAD REFS UTF-8 ALL HEADER FROM {7+}kr?ger >> >> Is this supposed to work? Haven't done any more debugging >> (other search variants) or read RFCs. As a user I would expect >> Unicode equivalence rules be applied (see >> http://en.wikipedia.org/wiki/Unicode_equivalence) > > IMAP requires using i;unicode-casemap by default, as specified by RFC 5051. Then again, others could be supported as well, and it's not really a requirement that the search can't handle more flexible searches.. Anyway, that's what Dovecot currently has implemented, and I guess it doesn't do what you want it to do. But there is a partial solution for this: > > http://dovecot.org/patches/2.1/icu-1.2.tar.gz > > It probably does what you want, but it only works with fts-lucene. > Could you elaborate a bit why you think i;unicode-casemap does not handle this case? Is it only applied to the query, but not the header, or vice versa? It seems to me that Step 2 should map both inputs to LATIN CAPITAL LETTER U + COMBINING DIAERESIS. Regards, Florian From gilles.chauvin at univ-rouen.fr Fri May 10 16:36:44 2013 From: gilles.chauvin at univ-rouen.fr (Gilles Chauvin) Date: Fri, 10 May 2013 15:36:44 +0200 Subject: [Dovecot] Any way to let dovecot block pop3 attempts? In-Reply-To: <518CF368.9000403@cnpapers.com> References: <518CE56E.8080708@cnpapers.com> <1926049.9tUoh1NUlU@gcn-archlinux> <518CF368.9000403@cnpapers.com> Message-ID: <1912726.lUabcyieXZ@dgs-13-322c> On Friday 10 May 2013 09:17:28 Steve Campbell wrote: > But I believe fail2ban uses iptables, and I don't run a local firewall > on the server. I'd prefer not to use a separate server to inject > firewall rules on the border firewall. I might be wrong about fail2ban, > though. > > I was hoping there was a file for pop and imap in dovecot similar to the > smtp "access" file in sendmail (which is what I use, BTW) Yes, Fail2Ban uses iptables. I don't think there is another way (using Dovecot itself) to block a remote host since Fail2Ban is documented on Dovecot' wiki: http://wiki2.dovecot.org/HowTo/Fail2Ban (it looks like one of the best way to achieve this). Gilles. -- ========================================= Gilles CHAUVIN Administrateur syst?mes P?le Syst?mes Direction de l'informatique & des syst?mes d'information Universit? de ROUEN Bat.16-IRESE-B-Place ?mile Blondel 76821 MONT-SAINT-AIGNAN C?DEX Acc?s: http://goo.gl/cYgtX T?l: 02.35.14.82.92 Fax: 02.35.14.64.64 Accueil DSI: 02.35.14.61.00 Mail fonc: systeme at univ-rouen.fr Mail pers: gilles.chauvin at univ-rouen.fr ========================================= From stephan at rename-it.nl Fri May 10 16:36:46 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 10 May 2013 15:36:46 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <20130510130242.GJ2372@sys4.de> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <518CC81C.5040205@frittentheke.de> <518CD9E3.4030606@rename-it.nl> <20130510122040.GI2372@sys4.de> <518CE855.2070604@rename-it.nl> <20130510130242.GJ2372@sys4.de> Message-ID: <518CF7EE.4080301@rename-it.nl> On 5/10/2013 3:02 PM, Patrick Ben Koetter wrote: > * Stephan Bosch : >> But I don't quite understand how this is different from XCLIENT, >> apart from the SOURCE and IDENT items perhaps. > XCLIENT impersonates a client and the SMTP server will act as if the XCLIENT > was the real client, e.g. it will apply ACLs and other policies to the XCLIENT > personality. > > XFORWARD will not alter the SMTP server behaviour. The client and message data > from XFORWARD will only be used for logging purposes. Ah. One question: what should I do when the server allows both of these? Or is that impossible? Regards, Stephan. From CMarcus at Media-Brokers.com Fri May 10 17:02:28 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 10 May 2013 10:02:28 -0400 Subject: [Dovecot] SMTP Submission/Proxy server - WAS Re: Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518C13D0.9030109@rename-it.nl> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> Message-ID: <518CFDF4.5010001@Media-Brokers.com> On 2013-05-09 5:23 PM, Stephan Bosch wrote: > On 5/9/2013 6:05 PM, Charles Marcus wrote: >> On 2013-05-09 10:35 AM, Stephan Bosch wrote: >> >>> Currently, I'm building an SMTP submission proxy server. >> >> Can you elaborate on this? > > It basically acts as a front-end to your normal MTA. First of all, it > provides a convenient way to add SMTP AUTH support to any MTA. Excellent, thanks Stephan. Just to make sure I understand this correctly, basically, this means that if someone needs to provide SASL *client* capability on a postfix+dovecot system - ie, so that postfix can relay certain emails to certain destinations through an alternate relay server that requires SASL based SMTP AUTH - they would no longer need cyrus-sasl to accomplish this? >> ... and auto-save-to-sent, avoiding the overhead of the 'Copy to >> Sent' behavior we are currently forced to use where a message is >> first uploaded when it is sent, then again when it is saved to the >> sent folder? > Depends a bit on what you have in mind. The LEMONADE profile has a > forward-without-download scheme for this, using the SMTP BURL > extension (https://tools.ietf.org/html/rfc4468) and IMAP CATENATE > (https://tools.ietf.org/html/rfc4469) and URLAUTH > (https://tools.ietf.org/html/rfc4467). Using CATENATE, the client can > combine existing message parts with new text to compose a new message. > Using SMTP BURL and IMAP URLAUTH, the SMTP server can access that > message directly from the IMAP server without the need for the client > to download it first. > > Some more direct approach is also possible, e.g. let the submission > server store the message in the Sent folder implicitly (as Google > apparently does). This has a few problems though, mainly that the mail > client will have to be configured correctly not to store an additional > copy of its own. Unfortunately, there is no standardized method of > signalling this from server to client. Google probably filters out the > duplicates, we don't really know. Also, which folder does the user use > as Sent folder? We could use the IMAP SPECIAL-USE > (https://www.ietf.org/rfc/rfc6154.txt) extension to find out. Anyway, > adding support for implicitly storing sent messages in the \Sent > folder should be easy enough, but it is not a fool-proof solution. > Timo was discussing this a while back on the SMTP mailinglist, but > people there weren't too enthusiastic about standardizing a feature > like this so far. Ok, I agree the main problem would be the possibility of duplicate messages, but I would think with the powerful filtering capabilities of sieve, it should be possible (not sure how easy though) to hard code a filter to watch for and filter/remove/delete any duplicate that the MUA uploads. > The LEMONADE profile is rather elaborate and not many clients or > servers support it yet. I'm hoping that by providing a chicken, more > eggs will follow soon. I like that dovecot is willing to take a chance on being first to support these kinds of enhanced services, but I will say, it is very important that any support for said enhancements be rock-solid. > To provide some sort of solution for the short term, I guess I'll just > add an optional auto-save-to-sent feature. Sounds great to me, but... In my opinion, because of the ubiquitous nature of MUAs saving messages to a sent folder, having a reliable and low-impact method for automatically filtering/removing/deleting these duplicates out should be a requirement before this feature is considered ready. It will be a big and immediate problem for any installation that chooses to enable this feature, as virtually all MUAs will be configured to save sent messages to a/the sent folder. It will also be an ongoing problem for all installations (existing and new alike), as users add their accounts to new computers, phones, tablets and other devices/MUAs, totally ignoring the instructions from their providers that they no longer need to enable this feature. In fact... after thinking about this some more, I wonder... Would there be some reasonably reliable way to detect when an MUA is uploading/saving messages to the Sent folder, and if so, could the LEMONADE protocol be leveraged to create/send a 'notification' email to that user based on some kind of system template (hard coded? customizable?), informing them that there is no need to do this, and even including a link to a dovecot wiki page explaining how to disable the 'Save copy to Sent folder' feature in common MUAs? Then it would be up to individual SysAdmins to keep the wiki updated with sections for any clients they become aware of that aren't already on the page. Maybe future enhancements could even (try to) detect the MUA client (is this possible to do reliably?), and a direct link to the section of the wiki for that specific client could be provided? Another thing that I know that google is really good at is automatically filtering (I guess they're deleting?) any and all duplicate emails. I have noticed this when copying a message store from one IMAP server to a gmail account. I had cases where the number of messages in certain folders wasn't the same, and upon investigation, noticed that the original/source in fact had some duplicate messages in certain folders. So, maybe you could 'kill two birds with one stone' so to speak. and whatever is done to address the duplicate Sent messages could also be leveraged to address duplicate messages in general? Although I guess it is not the same problem, so maybe not... > When the submission service has direct access to the user's mail > storage, that is trivial to implement. However, if the submission > service is unprivileged, that will be a little more difficult. Are you talking about the difference between dovecot accessing mails with one system user, vs accessing mails with the individual users userID? > Probably, in that case I'll make it use a special support service to > perform the actual delivery to the sent folder. Any suggestions are > welcome. Thanks Stephan, -- Best regards, Charles From delrio at mie.utoronto.ca Fri May 10 17:05:43 2013 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Fri, 10 May 2013 10:05:43 -0400 Subject: [Dovecot] Any way to let dovecot block pop3 attempts? In-Reply-To: <518CE56E.8080708@cnpapers.com> References: <518CE56E.8080708@cnpapers.com> Message-ID: <518CFEB7.6050105@mie.utoronto.ca> On 05/10/13 08:17 AM, Steve Campbell wrote: > Is there a way using dovecot facilities to block an IP from attempting > POP3 connections (similar to the sendmail access file for smtp > connections)? I usually do this at my border firewall, but if there's > a quick and dirty way in dovecot to do this, it'd make life a little > simpler. How about TCP wrappers? http://wiki2.dovecot.org/LoginProcess - "Login access check sockets" - "TCP wrappers support" From professa at dementianati.com Fri May 10 17:05:57 2013 From: professa at dementianati.com (Professa Dementia) Date: Fri, 10 May 2013 07:05:57 -0700 Subject: [Dovecot] Any way to let dovecot block pop3 attempts? In-Reply-To: <518CF368.9000403@cnpapers.com> References: <518CE56E.8080708@cnpapers.com> <1926049.9tUoh1NUlU@gcn-archlinux> <518CF368.9000403@cnpapers.com> Message-ID: <518CFEC5.2070702@dementianati.com> On 5/10/2013 6:17 AM, Steve Campbell wrote: > But I believe fail2ban uses iptables, and I don't run a local firewall > on the server. I'd prefer not to use a separate server to inject > firewall rules on the border firewall. I might be wrong about fail2ban, > though. > > I was hoping there was a file for pop and imap in dovecot similar to the > smtp "access" file in sendmail (which is what I use, BTW) > I run both - a border firewall and iptables on individual systems. The border firewall allows or denies traffic to specific systems; for instance, web traffic can go to web servers, but web traffic destined for mail servers is dropped. Local servers also have basic rules like this (mail servers drop all web traffic), but they also have more specific rules, such as the fail2ban abuse detection rules. This is called the belt and suspenders approach to security, and is a good idea. With your current method, if a hacker gains access to one system, they can launch attacks at other systems on the same network which they would not be able to do from outside the network. Belt and suspends mitigates much of that. Just having local iptables, but no border firewall means that a hacker that gains access to a system can disable iptables and use the system to launch attacks at other systems, use the system as a malware repository that is accessed on non-standard ports, etc. Belt and suspenders mitigates this also. If you are able, you should consider running iptables locally on each system. This would then let you run fail2ban, also. FWIW, I also run an invisible IDS at the border and local IDS's that are not so invisible, but that is beyond the scope of your comment. Dem From noeldude at gmail.com Fri May 10 17:11:47 2013 From: noeldude at gmail.com (Noel) Date: Fri, 10 May 2013 09:11:47 -0500 Subject: [Dovecot] Any way to let dovecot block pop3 attempts? In-Reply-To: <1912726.lUabcyieXZ@dgs-13-322c> References: <518CE56E.8080708@cnpapers.com> <1926049.9tUoh1NUlU@gcn-archlinux> <518CF368.9000403@cnpapers.com> <1912726.lUabcyieXZ@dgs-13-322c> Message-ID: <518D0023.3050805@gmail.com> On 5/10/2013 8:36 AM, Gilles Chauvin wrote: > On Friday 10 May 2013 09:17:28 Steve Campbell wrote: >> But I believe fail2ban uses iptables, and I don't run a local firewall >> on the server. I'd prefer not to use a separate server to inject >> firewall rules on the border firewall. I might be wrong about fail2ban, >> though. >> >> I was hoping there was a file for pop and imap in dovecot similar to the >> smtp "access" file in sendmail (which is what I use, BTW) > Yes, Fail2Ban uses iptables. I don't think there is another way (using > Dovecot itself) to block a remote host since Fail2Ban is documented on > Dovecot' wiki: http://wiki2.dovecot.org/HowTo/Fail2Ban (it looks like one of > the best way to achieve this). > > > Gilles. Although Fail2Ban uses iptables by default, it's pretty easy to define a different action, such as the old fashioned but still effective null route the offending IP, or if you build dovecot with tcp wrapper support, Fail2Ban can add the IP to hosts.deny. Of course, you can block with null routes or hosts.deny manually, but better to let the computer do the work. -- Noel Jones From davide.marchi at mail.cgilfe.it Fri May 10 17:12:50 2013 From: davide.marchi at mail.cgilfe.it (Davide) Date: Fri, 10 May 2013 16:12:50 +0200 Subject: [Dovecot] Remove Return-Path in lda rejection message Message-ID: <518D0062.6050408@mail.cgilfe.it> Is it possible to remove return-path in dovecot lda rejection? -- *Davide Marchi* *T*eorema *F*errara *Srl* Via Spronello, 7 - Ferrara - 44121 Tel. *0532783161* Fax. *0532783368* E-m at il: *davide.marchi at mail.cgilfe.it* Skype: *davide.marchi73* Web: *http://www.cgilfe.it* *CONFIDENZIALITA'* *Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario/dei destinatari. Qualora il messaggio in parola Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione.* *Per favore, pensa all'ambiente. Stampa questa email solo se necessario.* From stephan at rename-it.nl Fri May 10 17:37:48 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 10 May 2013 16:37:48 +0200 Subject: [Dovecot] SMTP Submission/Proxy server - WAS Re: Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518CFDF4.5010001@Media-Brokers.com> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <518CFDF4.5010001@Media-Brokers.com> Message-ID: <518D063C.7090203@rename-it.nl> On 5/10/2013 4:02 PM, Charles Marcus wrote: > On 2013-05-09 5:23 PM, Stephan Bosch wrote: >> First of all, it provides a convenient way to add SMTP AUTH support >> to any MTA. > > Just to make sure I understand this correctly, basically, this means > that if someone needs to provide SASL *client* capability on a > postfix+dovecot system - ie, so that postfix can relay certain emails > to certain destinations through an alternate relay server that > requires SASL based SMTP AUTH - they would no longer need cyrus-sasl > to accomplish this? Ehhh.. no :) It implements the server-side SMTP AUTH, so that your MTA doesn't have to any more. So the client will authenticate to Dovecot rather than to the regular MTA/MSA. But, again, this is a rather trivial matter and not the main reason for building this proxy. >> The LEMONADE profile is rather elaborate and not many clients or >> servers support it yet. I'm hoping that by providing a chicken, more >> eggs will follow soon. > > I like that dovecot is willing to take a chance on being first to > support these kinds of enhanced services, but I will say, it is very > important that any support for said enhancements be rock-solid. What do you mean exactly? >> To provide some sort of solution for the short term, I guess I'll >> just add an optional auto-save-to-sent feature. > > Sounds great to me, but... > > In my opinion, because of the ubiquitous nature of MUAs saving > messages to a sent folder, having a reliable and low-impact method for > automatically filtering/removing/deleting these duplicates out should > be a requirement before this feature is considered ready. It will be a > big and immediate problem for any installation that chooses to enable > this feature, as virtually all MUAs will be configured to save sent > messages to a/the sent folder. It will also be an ongoing problem for > all installations (existing and new alike), as users add their > accounts to new computers, phones, tablets and other devices/MUAs, > totally ignoring the instructions from their providers that they no > longer need to enable this feature. Yes, I agree. > In fact... after thinking about this some more, I wonder... > > Would there be some reasonably reliable way to detect when an MUA is > uploading/saving messages to the Sent folder, Hmm, not sure. Do MUAs normally generate the Message-ID header, or is that created by the server? That could be one way to detect the duplicates in the Sent folder. > and if so, could the LEMONADE protocol be leveraged to create/send a > 'notification' email to that user based on some kind of system > template (hard coded? customizable?), informing them that there is no > need to do this, and even including a link to a dovecot wiki page > explaining how to disable the 'Save copy to Sent folder' feature in > common MUAs? > > Then it would be up to individual SysAdmins to keep the wiki updated > with sections for any clients they become aware of that aren't already > on the page. > > Maybe future enhancements could even (try to) detect the MUA client > (is this possible to do reliably?), and a direct link to the section > of the wiki for that specific client could be provided? Relying on user action doesn't sound like a very appealing solution to me. :) > Another thing that I know that google is really good at is > automatically filtering (I guess they're deleting?) any and all > duplicate emails. I have noticed this when copying a message store > from one IMAP server to a gmail account. I had cases where the number > of messages in certain folders wasn't the same, and upon > investigation, noticed that the original/source in fact had some > duplicate messages in certain folders. That is entirely possible. > So, maybe you could 'kill two birds with one stone' so to speak. and > whatever is done to address the duplicate Sent messages could also be > leveraged to address duplicate messages in general? Although I guess > it is not the same problem, so maybe not... You mean something like this? http://hg.rename-it.nl/dovecot-2.2-pigeonhole/raw-file/tip/doc/rfc/spec-bosch-sieve-duplicate.txt >> When the submission service has direct access to the user's mail >> storage, that is trivial to implement. However, if the submission >> service is unprivileged, that will be a little more difficult. > > Are you talking about the difference between dovecot accessing mails > with one system user, vs accessing mails with the individual users > userID? No, I'd like to be able to run SMTP submission without any direct filesystem access privileges, with e.g. one submission process handing submissions for many clients/users at the same time. For accessing the URLAUTHs there is already a support service in current Dovecot. Something similar could be devised for storing messages to Sent folders in that case. Regards, Stephan. From michael at think-for-yourself.org Fri May 10 17:53:56 2013 From: michael at think-for-yourself.org (Michael Wessel) Date: Fri, 10 May 2013 07:53:56 -0700 Subject: [Dovecot] Any way to let dovecot block pop3 attempts? In-Reply-To: <518CE56E.8080708@cnpapers.com> References: <518CE56E.8080708@cnpapers.com> Message-ID: <518D0A04.2090500@think-for-yourself.org> Did you have a look at this? http://wiki2.dovecot.org/Authentication/RestrictAccess On 5/10/2013 5:17 AM, Steve Campbell wrote: > Is there a way using dovecot facilities to block an IP from attempting > POP3 connections (similar to the sendmail access file for smtp > connections)? I usually do this at my border firewall, but if there's > a quick and dirty way in dovecot to do this, it'd make life a little > simpler. > > Thanks > > steve campbell From campbell at cnpapers.com Fri May 10 17:55:41 2013 From: campbell at cnpapers.com (Steve Campbell) Date: Fri, 10 May 2013 10:55:41 -0400 Subject: [Dovecot] Any way to let dovecot block pop3 attempts? In-Reply-To: <518CFEB7.6050105@mie.utoronto.ca> References: <518CE56E.8080708@cnpapers.com> <518CFEB7.6050105@mie.utoronto.ca> Message-ID: <518D0A6D.90401@cnpapers.com> On 5/10/2013 10:05 AM, Oscar del Rio wrote: > On 05/10/13 08:17 AM, Steve Campbell wrote: >> Is there a way using dovecot facilities to block an IP from >> attempting POP3 connections (similar to the sendmail access file for >> smtp connections)? I usually do this at my border firewall, but if >> there's a quick and dirty way in dovecot to do this, it'd make life a >> little simpler. > > How about TCP wrappers? > http://wiki2.dovecot.org/LoginProcess - "Login access check sockets" - > "TCP wrappers support" > I use Centos and the default dovecot RPM. I seem to recall there was a way to determine if dovecot was built with "--with-libwrap". Can anyone shed light on how to determine this, please? Thanks steve From michael at think-for-yourself.org Fri May 10 17:58:20 2013 From: michael at think-for-yourself.org (Michael Wessel) Date: Fri, 10 May 2013 07:58:20 -0700 Subject: [Dovecot] Expunge mailbox from script In-Reply-To: References: Message-ID: <518D0B0C.1050402@think-for-yourself.org> Have a look here: http://wiki2.dovecot.org/Tools/Doveadm/Expunge On 5/10/2013 5:00 AM, Paul van der Vlis wrote: > Hello, > > I would like to expunge all mail of a mailbox from a script. > What's a good tool to do that? > > With regards, > Paul van der Vlis. > > > From CMarcus at Media-Brokers.com Fri May 10 18:17:52 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 10 May 2013 11:17:52 -0400 Subject: [Dovecot] SMTP Submission/Proxy server - WAS Re: Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518D063C.7090203@rename-it.nl> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <518CFDF4.5010001@Media-Brokers.com> <518D063C.7090203@rename-it.nl> Message-ID: <518D0FA0.6060106@Media-Brokers.com> On 2013-05-10 10:37 AM, Stephan Bosch wrote: > On 5/10/2013 4:02 PM, Charles Marcus wrote: >> On 2013-05-09 5:23 PM, Stephan Bosch wrote: >>> First of all, it provides a convenient way to add SMTP AUTH support >>> to any MTA. >> >> Just to make sure I understand this correctly, basically, this means >> that if someone needs to provide SASL *client* capability on a >> postfix+dovecot system - ie, so that postfix can relay certain emails >> to certain destinations through an alternate relay server that >> requires SASL based SMTP AUTH - they would no longer need cyrus-sasl >> to accomplish this? > > Ehhh.. no :) It implements the server-side SMTP AUTH, so that your MTA > doesn't have to any more. So the client will authenticate to Dovecot > rather than to the regular MTA/MSA. But, again, this is a rather > trivial matter and not the main reason for building this proxy. Ok... so, will this make it easier to add client side sasl support to dovecots dovecot-sasl implementation to eliminate the need for postfix+dovecot systems to continue to rely on cyrus-sasl for MTA client side sasl support? >>> The LEMONADE profile is rather elaborate and not many clients or >>> servers support it yet. I'm hoping that by providing a chicken, more >>> eggs will follow soon. >> >> I like that dovecot is willing to take a chance on being first to >> support these kinds of enhanced services, but I will say, it is very >> important that any support for said enhancements be rock-solid. > > What do you mean exactly? Sorry - was referring mainly to my later comments about how to implement the Save-To-Sent folder stuff... >> Would there be some reasonably reliable way to detect when an MUA is >> uploading/saving messages to the Sent folder, > > Hmm, not sure. Do MUAs normally generate the Message-ID header, or is > that created by the server? That could be one way to detect the > duplicates in the Sent folder. Sorry, I have no idea... but... Maybe this feature could simply require the use of the dovecot submission server, so all you'd have to do is figure out how to best let the submission server handle it. Maybe have it add a custom ID header that is later removed? Or maybe even not removed? >> and if so, could the LEMONADE protocol be leveraged to create/send a >> 'notification' email to that user based on some kind of system >> template (hard coded? customizable?), informing them that there is no >> need to do this, and even including a link to a dovecot wiki page >> explaining how to disable the 'Save copy to Sent folder' feature in >> common MUAs? >> >> Then it would be up to individual SysAdmins to keep the wiki updated >> with sections for any clients they become aware of that aren't >> already on the page. >> >> Maybe future enhancements could even (try to) detect the MUA client >> (is this possible to do reliably?), and a direct link to the section >> of the wiki for that specific client could be provided? > > Relying on user action doesn't sound like a very appealing solution to > me. :) Nor me, but the fact is, since MUAs are configured by end users, and there is no way dovecot can change an MUAs account settings (to disable Save-To-Sent), what choice do we have? That is why I suggested some way to automatically inform users about this. Another (maybe better) option would be the SysAdmin could define a specific email address to handle these notifications, and it would be on them to get their users' MUAs configured correctly. I'd still like to see the option to inform users directly though - again, if this is even possible. >> Another thing that I know that google is really good at is >> automatically filtering (I guess they're deleting?) any and all >> duplicate emails. I have noticed this when copying a message store >> from one IMAP server to a gmail account. I had cases where the number >> of messages in certain folders wasn't the same, and upon >> investigation, noticed that the original/source in fact had some >> duplicate messages in certain folders. > > That is entirely possible. > >> So, maybe you could 'kill two birds with one stone' so to speak. and >> whatever is done to address the duplicate Sent messages could also be >> leveraged to address duplicate messages in general? Although I guess >> it is not the same problem, so maybe not... > > You mean something like this? > > http://hg.rename-it.nl/dovecot-2.2-pigeonhole/raw-file/tip/doc/rfc/spec-bosch-sieve-duplicate.txt Lol! I see you're way ahead of me... ;) Thanks again Stephan. -- Best regards, Charles From h.reindl at thelounge.net Fri May 10 18:35:55 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 10 May 2013 17:35:55 +0200 Subject: [Dovecot] SMTP Submission/Proxy server - WAS Re: Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518D0FA0.6060106@Media-Brokers.com> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <518CFDF4.5010001@Media-Brokers.com> <518D063C.7090203@rename-it.nl> <518D0FA0.6060106@Media-Brokers.com> Message-ID: <518D13DB.9030501@thelounge.net> Am 10.05.2013 17:17, schrieb Charles Marcus: > On 2013-05-10 10:37 AM, Stephan Bosch wrote: >> Ehhh.. no :) It implements the server-side SMTP AUTH, so that your MTA doesn't have to any more. So the client >> will authenticate to Dovecot rather than to the regular MTA/MSA. But, again, this is a rather trivial matter and >> not the main reason for building this proxy. > > Ok... so, will this make it easier to add client side sasl support to dovecots dovecot-sasl implementation to > eliminate the need for postfix+dovecot systems to continue to rely on cyrus-sasl for MTA client side sasl support? [root at srv-rhsoft:~]$ postconf -n | grep dovecot smtpd_sasl_type = dovecot dovecot.conf: service auth { unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } } and any dovecot user works the same way and with the same auth-mechs with postfix - in use here since 2009 ___________________ any in this case means rally any like also below to get rid of problems with legacy client-configs of a old server which supported % instead of @, now both works equal as username auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From campbell at cnpapers.com Fri May 10 18:47:21 2013 From: campbell at cnpapers.com (Steve Campbell) Date: Fri, 10 May 2013 11:47:21 -0400 Subject: [Dovecot] Any way to let dovecot block pop3 attempts? In-Reply-To: <518D0A04.2090500@think-for-yourself.org> References: <518CE56E.8080708@cnpapers.com> <518D0A04.2090500@think-for-yourself.org> Message-ID: <518D1689.9060106@cnpapers.com> On 5/10/2013 10:53 AM, Michael Wessel wrote: > Did you have a look at this? > http://wiki2.dovecot.org/Authentication/RestrictAccess > > On 5/10/2013 5:17 AM, Steve Campbell wrote: >> Is there a way using dovecot facilities to block an IP from >> attempting POP3 connections (similar to the sendmail access file for >> smtp connections)? I usually do this at my border firewall, but if >> there's a quick and dirty way in dovecot to do this, it'd make life a >> little simpler. >> >> Thanks >> >> steve campbell > The reason I'm asking about all of this is that a particular IP address is attempting to connect to our pop server, and it's trying every possible common user name (I think this is call a dictionary attack). I can't restrict access to a particular IP subnet because our users access their email from all over the place. So this suggestion seems to not be a solution, as I see it. Thanks though. If I have to, I'll just go put this IP on the firewall, but I don't have remote access (for security), so it's a little more effort than accessing the pop server. steve From nowhere at hakkenden.ath.cx Fri May 10 16:30:41 2013 From: nowhere at hakkenden.ath.cx (Nikolay S.) Date: Fri, 10 May 2013 17:30:41 +0400 Subject: [Dovecot] Dovecot 2.2.1 subscribtion status in LIST Message-ID: <1368192641.16350.5.camel@hakkenden.homenet> Hi there, I am using Evolution to connect to dovecot imap server. Today the server was upgraded to 2.2.1 from 2.1.9, and there is problem with evolution being unable to subscribe to INBOX. This is from dovecot 2.1.9: a002 list "" "*" return (subscribed) * LIST (\Subscribed) "." "Sent Items" * LIST (\Subscribed) "." "Junk E-mail" * LIST (\Subscribed) "." "Trash" * LIST (\Subscribed) "." "Archive" * LIST (\Subscribed) "." "Drafts" * LIST (\Subscribed) "." "INBOX" <--- And this is from 2.2.1: a002 list "" "*" return (subscribed) * LIST (\Subscribed) "." "Sent Items" * LIST (\Subscribed) "." "Junk E-mail" * LIST (\Subscribed) "." Trash * LIST (\Subscribed) "." Archive * LIST (\Subscribed) "." Drafts * LIST () "." INBOX <--- a002 OK List completed. a002 lsub "" "*" * LSUB () "." Drafts * LSUB () "." "Sent Items" * LSUB () "." Archive * LSUB () "." Trash * LSUB () "." INBOX <--- * LSUB () "." "Junk E-mail" a002 OK Lsub completed. In 2.2.1 LIST does not show INBOX as subscribed, which looks to confuse evolution. INBOX is actually subscribed: cat /subscriptions Drafts Sent Items Archive Trash INBOX Junk E-mail From ronleach at tesco.net Fri May 10 20:42:18 2013 From: ronleach at tesco.net (Ron Leach) Date: Fri, 10 May 2013 18:42:18 +0100 Subject: [Dovecot] 2.2.x autobuilds: Debian Stable now Wheezy, which pool for 2.2.x? Message-ID: <518D317A.4070606@tesco.net> List, good evening, just installed a new Debian Stable (Wheezy). The Debian Stable repositories now include Dovecot 2.1.7 as standard. I haven't installed that because I wanted to try 2.2.x on this new clean install but unsure which 'pool' to use in the xi.rename-it.nl repository of autobuilds. http://xi.rename-it.nl/debian/pool/ Wheezy became Stable on May 5, just a few days ago. I'm not sure whether to still follow the advice in the wiki for obtaining 2.2.x for Wheezy, which (understandably, because the new Debian Stable release has been so very recent) continues to refer to Wheezy as 'testing'. http://wiki2.dovecot.org/PrebuiltBinaries#Automatically_Built_Packages Presumably, the packages in the 'testing' autobuild system pick up Debian's 'testing' pool libraries (or assume them to exist) and these may no longer be the ones needed for Wheezy because Wheezy is 'Stable', in Debian-speak. Does anyone know, for sure, which autobuild pool to now use for 2.2.x for Wheezy? http://xi.rename-it.nl/debian/pool/stable-auto/ or http://xi.rename-it.nl/debian/pool/testing-auto/ 2.2.x in 'stable-auto' doesn't seem to have changed since before Wheezy was released, whereas 2.2.x has changed in 'testing-auto', and I'm not sure what to make of that. Stephan does suggest that queries be directly written to him, but I posted here because I thought I might not be the only person who was unsure. I'd be grateful for any advice, regards, Ron From stephan at rename-it.nl Fri May 10 21:12:09 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 10 May 2013 20:12:09 +0200 Subject: [Dovecot] 2.2.x autobuilds: Debian Stable now Wheezy, which pool for 2.2.x? In-Reply-To: <518D317A.4070606@tesco.net> References: <518D317A.4070606@tesco.net> Message-ID: <518D3879.9010102@rename-it.nl> On 5/10/2013 7:42 PM, Ron Leach wrote: > List, good evening, just installed a new Debian Stable (Wheezy). The > Debian Stable repositories now include Dovecot 2.1.7 as standard. I > haven't installed that because I wanted to try 2.2.x on this new clean > install but unsure which 'pool' to use in the xi.rename-it.nl > repository of autobuilds. > > http://xi.rename-it.nl/debian/pool/ > > Wheezy became Stable on May 5, just a few days ago. I'm not sure > whether to still follow the advice in the wiki for obtaining 2.2.x for > Wheezy, which (understandably, because the new Debian Stable release > has been so very recent) continues to refer to Wheezy as 'testing'. > > http://wiki2.dovecot.org/PrebuiltBinaries#Automatically_Built_Packages > > Presumably, the packages in the 'testing' autobuild system pick up > Debian's 'testing' pool libraries (or assume them to exist) and these > may no longer be the ones needed for Wheezy because Wheezy is > 'Stable', in Debian-speak. > > Does anyone know, for sure, which autobuild pool to now use for 2.2.x > for Wheezy? > > http://xi.rename-it.nl/debian/pool/stable-auto/ > > or > > http://xi.rename-it.nl/debian/pool/testing-auto/ > > 2.2.x in 'stable-auto' doesn't seem to have changed since before > Wheezy was released, whereas 2.2.x has changed in 'testing-auto', and > I'm not sure what to make of that. Stephan does suggest that queries > be directly written to him, but I posted here because I thought I > might not be the only person who was unsure. Oh, I didn't notice the release of Wheezy as the new stable. I'll give this a look. Use testing-auto for now. Regards, Stephan. From stephan at rename-it.nl Fri May 10 21:24:41 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 10 May 2013 20:24:41 +0200 Subject: [Dovecot] 2.2.x autobuilds: Debian Stable now Wheezy, which pool for 2.2.x? In-Reply-To: <518D317A.4070606@tesco.net> References: <518D317A.4070606@tesco.net> Message-ID: <518D3B69.9010807@rename-it.nl> On 5/10/2013 7:42 PM, Ron Leach wrote: > List, good evening, just installed a new Debian Stable (Wheezy). The > Debian Stable repositories now include Dovecot 2.1.7 as standard. I > haven't installed that because I wanted to try 2.2.x on this new clean > install but unsure which 'pool' to use in the xi.rename-it.nl > repository of autobuilds. > > http://xi.rename-it.nl/debian/pool/ > > Wheezy became Stable on May 5, just a few days ago. I'm not sure > whether to still follow the advice in the wiki for obtaining 2.2.x for > Wheezy, which (understandably, because the new Debian Stable release > has been so very recent) continues to refer to Wheezy as 'testing'. > > http://wiki2.dovecot.org/PrebuiltBinaries#Automatically_Built_Packages > > Presumably, the packages in the 'testing' autobuild system pick up > Debian's 'testing' pool libraries (or assume them to exist) and these > may no longer be the ones needed for Wheezy because Wheezy is > 'Stable', in Debian-speak. > > Does anyone know, for sure, which autobuild pool to now use for 2.2.x > for Wheezy? > > http://xi.rename-it.nl/debian/pool/stable-auto/ > > or > > http://xi.rename-it.nl/debian/pool/testing-auto/ > > 2.2.x in 'stable-auto' doesn't seem to have changed since before > Wheezy was released, whereas 2.2.x has changed in 'testing-auto', and > I'm not sure what to make of that. Stephan does suggest that queries > be directly written to him, but I posted here because I thought I > might not be the only person who was unsure. > > I'd be grateful for any advice, Hmm, the slave builder is down due to some issues with the Xen server. This means that testing-auto i386 (the master) will be the only release updated for the moment. I hope this still installs on stable, otherwise you'll have to wait a little longer. Regards, Stephan. From ronleach at tesco.net Fri May 10 21:46:02 2013 From: ronleach at tesco.net (Ron Leach) Date: Fri, 10 May 2013 19:46:02 +0100 Subject: [Dovecot] 2.2.x autobuilds: Debian Stable now Wheezy, which pool for 2.2.x? In-Reply-To: <518D3B69.9010807@rename-it.nl> References: <518D317A.4070606@tesco.net> <518D3B69.9010807@rename-it.nl> Message-ID: <518D406A.1020900@tesco.net> On 10/05/2013 19:24, Stephan Bosch wrote: > This means that testing-auto i386 (the master) will be the only > release updated for the moment. I hope this still installs on stable, > otherwise you'll have to wait a little longer. > I'd clean-installed the amd64 version of Wheezy. I'd prefer to wait for the other builds, because running the i386 version will probably trigger a series of additional dependencies that ultimately won't be needed. And I'm genuinely happy to wait because I've still to work out various new bits of configuration to make the best use of 2.2 (we're running 1.x at the moment). And thank you, very much, for the quick reply. Ron From p at sys4.de Sat May 11 00:00:18 2013 From: p at sys4.de (Patrick Ben Koetter) Date: Fri, 10 May 2013 23:00:18 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518CF7EE.4080301@rename-it.nl> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <518CC81C.5040205@frittentheke.de> <518CD9E3.4030606@rename-it.nl> <20130510122040.GI2372@sys4.de> <518CE855.2070604@rename-it.nl> <20130510130242.GJ2372@sys4.de> <518CF7EE.4080301@rename-it.nl> Message-ID: <20130510210018.GF24892@sys4.de> * Stephan Bosch : > On 5/10/2013 3:02 PM, Patrick Ben Koetter wrote: > >* Stephan Bosch : > >>But I don't quite understand how this is different from XCLIENT, > >>apart from the SOURCE and IDENT items perhaps. > >XCLIENT impersonates a client and the SMTP server will act as if the XCLIENT > >was the real client, e.g. it will apply ACLs and other policies to the XCLIENT > >personality. > > > >XFORWARD will not alter the SMTP server behaviour. The client and message data > >from XFORWARD will only be used for logging purposes. > > Ah. > > One question: what should I do when the server allows both of these? > Or is that impossible? It is possible to offer both capabilities and I think the goal defines if you should impersonate another client or merely forward client meta data. p at rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From ben at morrow.me.uk Sat May 11 08:15:41 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Sat, 11 May 2013 06:15:41 +0100 Subject: [Dovecot] Remove Return-Path in lda rejection message In-Reply-To: <518D0062.6050408@mail.cgilfe.it> References: <518D0062.6050408@mail.cgilfe.it> Message-ID: <20130511051540.GM52079@anubis.morrow.me.uk> At 4PM +0200 on 10/05/13 you (Davide) wrote: > Is it possible to remove return-path in dovecot lda rejection? Can you explain a bit more what you mean? A message should always end up with exactly one Return-Path header, which is put in by the final (delivering) MTA. This is not something sieve has any control over: the rejection message sieve submits for delivery should not have a Return-Path header at all, since that information is (at that point) carried in the SMTP envelope. (In the case of a reject message, since this is an MDN, the SMTP FROM should be the null address <>.) Ben From jtam.home at gmail.com Sat May 11 12:53:29 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Sat, 11 May 2013 02:53:29 -0700 (PDT) Subject: [Dovecot] Any way to let dovecot block pop3 attempts? Message-ID: Steve Campbell writes: > I use Centos and the default dovecot RPM. I seem to recall there was a > way to determine if dovecot was built with "--with-libwrap". Can anyone > shed light on how to determine this, please? Maybe dovecot --build-options Or you can just test it directly by denying a connection to a test host. Joseph Tam From info at simonecaruso.com Sat May 11 16:05:39 2013 From: info at simonecaruso.com (Simone Caruso) Date: Sat, 11 May 2013 15:05:39 +0200 Subject: [Dovecot] Problem with LDA reject message In-Reply-To: <518CEC5B.5090804@mail.cgilfe.it> References: <518CEC5B.5090804@mail.cgilfe.it> Message-ID: <518E4223.1030907@simonecaruso.com> On 10/05/2013 14:47, Davide wrote: > Hi to all, i have a problem with LDA when users are quota-full. > My setup is Vpopmail + dovecot + lda; if i send a messagge internally to a > user with quota full i receive correctly a messagge but in the header ( i > attacch a snip) > > From - Fri May 10 14:42:27 2013 > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > X-Mozilla-Keys: > Return-Path: <"<>"@mail.cgilfe.it> > > i receive this strange Return-Path. > I the messagge is sent outside other servers reply with this messagge: > Autodelivey and bounce must have empty return-path -- Simone Caruso IT Consultant http://it.linkedin.com/in/simonecaruso/ From CMarcus at Media-Brokers.com Sat May 11 17:38:45 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sat, 11 May 2013 10:38:45 -0400 Subject: [Dovecot] SMTP Submission/Proxy server - WAS Re: Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518D13DB.9030501@thelounge.net> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <518CFDF4.5010001@Media-Brokers.com> <518D063C.7090203@rename-it.nl> <518D0FA0.6060106@Media-Brokers.com> <518D13DB.9030501@thelounge.net> Message-ID: <518E57F5.90201@Media-Brokers.com> Searching my mailboxes for something and noticed this in my spam bucket... On 2013-05-10 11:35 AM, Reindl Harald wrote: > Am 10.05.2013 17:17, schrieb Charles Marcus: >> On 2013-05-10 10:37 AM, Stephan Bosch wrote: >>> Ehhh.. no :) It implements the server-side SMTP AUTH, so that your MTA doesn't have to any more. So the client will authenticate to Dovecot rather than to the regular MTA/MSA. But, again, this is a rather trivial matter and not the main reason for building this proxy. >> Ok... so, will this make it easier to add client side sasl support to dovecots dovecot-sasl implementation to eliminate the need for postfix+dovecot systems to continue to rely on cyrus-sasl for MTA client side sasl support? > [root at srv-rhsoft:~]$ postconf -n | grep dovecot > smtpd_sasl_type = dovecot > > dovecot.conf: > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0660 > user = postfix > group = postfix > } > } > > and any dovecot user works the same way and with the same > auth-mechs with postfix - in use here since 2009 What does that have to do with providing MTA CLIENT-side SASL_AUTH support? Do you not know the difference between smtpD_sasl and smtP_sasl? Server-side = smtpd Client-side = smtp Currently the only way postfix can perform CLIENT-side sasl_auth is with cyrus-sasl, because dovecot_sasl doesn't support it, and never has. > any in this case means rally any like also below to get rid > of problems with legacy client-configs of a old server which > supported % instead of @, now both works equal as username > > auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz No clue what you're talking about here... From h.reindl at thelounge.net Sat May 11 17:48:06 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 11 May 2013 16:48:06 +0200 Subject: [Dovecot] SMTP Submission/Proxy server - WAS Re: Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518E57F5.90201@Media-Brokers.com> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <518CFDF4.5010001@Media-Brokers.com> <518D063C.7090203@rename-it.nl> <518D0FA0.6060106@Media-Brokers.com> <518D13DB.9030501@thelounge.net> <518E57F5.90201@Media-Brokers.com> Message-ID: <518E5A26.5000605@thelounge.net> Am 11.05.2013 16:38, schrieb Charles Marcus: > What does that have to do with providing MTA CLIENT-side SASL_AUTH support? nothing and it was explained you several times here and on the postfix-list that it is not supported after looking in the archives and so i have no clue why you do not understand that this is NOT useful because postfix's SASL client implementation is using a mapping which has usually NOTHING to do with your local users why would you use your local users to authenticate against foreign servers? so why are you hijack every random thread with the same topic? > Do you not know the difference between smtpD_sasl and smtP_sasl? > Server-side = smtpd > Client-side = smtp i understand much more than only this >> auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz > No clue what you're talking about here... well, this maybe because you understand generally not how authentication works and what makes sense and what is clueless -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From florob at babelmonkeys.de Sat May 11 18:13:54 2013 From: florob at babelmonkeys.de (Florian Zeitz) Date: Sat, 11 May 2013 17:13:54 +0200 Subject: [Dovecot] search and UTF-8 normalization forms (NFD) In-Reply-To: <518CF527.3010705@babelmonkeys.de> References: <730F760C-FC67-42C0-8405-770114D27063@iki.fi> <518CF527.3010705@babelmonkeys.de> Message-ID: <518E6032.8000304@babelmonkeys.de> Am 10.05.2013 15:24, schrieb Florian Zeitz: > Could you elaborate a bit why you think i;unicode-casemap does not > handle this case? > > Is it only applied to the query, but not the header, or vice versa? > It seems to me that Step 2 should map both inputs to LATIN CAPITAL > LETTER U + COMBINING DIAERESIS. > > Regards, > Florian > So... I had a look at this. Turns out that the current implementation of Unicode decomposition (Step 2(b) in i;unicode-casemap) in Dovecot is broken. It only handles decomposition properties that include a tag. I've attached a hg export that fixes this. -------------- next part -------------- # HG changeset patch # User Florian Zeitz # Date 1368284892 -7200 # Sat May 11 17:08:12 2013 +0200 # Node ID 91f175781d9b75f1617ca5ba50dd58860ef0ae13 # Parent 62874b472dc6e5c30fe7fbc64c1bf868e08bf482 liblib: Fix Unicode decomposition diff --git a/src/lib/test-unichar.c b/src/lib/test-unichar.c --- a/src/lib/test-unichar.c +++ b/src/lib/test-unichar.c @@ -2,11 +2,15 @@ #include "test-lib.h" #include "str.h" +#include "buffer.h" #include "unichar.h" void test_unichar(void) { - static const char *overlong_utf8 = "\xf8\x80\x95\x81\xa1"; + static const char overlong_utf8[] = "\xf8\x80\x95\x81\xa1"; + static const char collate_in[] = "\xc3\xbc \xc2\xb3"; + static const char collate_exp[] = "U\xcc\x88 3"; + buffer_t *collate_out; unichar_t chr, chr2; string_t *str = t_str_new(16); @@ -18,6 +22,13 @@ test_assert(uni_utf8_get_char(str_c(str), &chr2) > 0); test_assert(chr2 == chr); } + + collate_out = buffer_create_dynamic(default_pool, 32); + uni_utf8_to_decomposed_titlecase(collate_in, sizeof(collate_in), + collate_out); + test_assert(!strcmp(collate_out->data, collate_exp)); + buffer_free(&collate_out); + test_assert(!uni_utf8_str_is_valid(overlong_utf8)); test_assert(uni_utf8_get_char(overlong_utf8, &chr2) < 0); test_end(); diff --git a/src/lib/unichar.c b/src/lib/unichar.c --- a/src/lib/unichar.c +++ b/src/lib/unichar.c @@ -287,7 +287,7 @@ static bool uni_ucs4_decompose_multi_utf8(unichar_t chr, buffer_t *output) { - const uint16_t *value; + const uint32_t *value; unsigned int idx; if (chr < multidecomp_keys[0] || chr > 0xffff) diff --git a/src/lib/unicodemap.pl b/src/lib/unicodemap.pl --- a/src/lib/unicodemap.pl +++ b/src/lib/unicodemap.pl @@ -30,14 +30,14 @@ push @titlecase32_keys, $code; push @titlecase32_values, $value; } - } elsif ($decomp =~ /\<[^>]*> (.+)/) { + } elsif ($decomp =~ /(?:\<[^>]*> )?(.+)/) { # decompositions my $decomp_codes = $1; if ($decomp_codes =~ /^([0-9A-Z]*)$/i) { # unicharacter decomposition. use separate lists for this my $value = eval("0x$1"); - if ($value > 0xffff) { - print STDERR "Error: We've assumed decomposition codes are max. 16bit\n"; + if ($value > 0xffffffff) { + print STDERR "Error: We've assumed decomposition codes are max. 32bit\n"; exit 1; } if ($code <= 0xff) { @@ -61,8 +61,8 @@ foreach my $dcode (split(" ", $decomp_codes)) { my $value = eval("0x$dcode"); - if ($value > 0xffff) { - print STDERR "Error: We've assumed decomposition codes are max. 16bit\n"; + if ($value > 0xffffffff) { + print STDERR "Error: We've assumed decomposition codes are max. 32bit\n"; exit 1; } push @multidecomp_values, $value; @@ -78,7 +78,7 @@ my $last = $#list; my $n = 0; foreach my $key (@list) { - printf("0x%04x", $key); + printf("0x%05x", $key); last if ($n == $last); print ","; @@ -137,7 +137,7 @@ print_list(\@uni16_decomp_keys); print "\n};\n"; -print "static const uint16_t uni16_decomp_values[] = {\n\t"; +print "static const uint32_t uni16_decomp_values[] = {\n\t"; print_list(\@uni16_decomp_values); print "\n};\n"; @@ -145,7 +145,7 @@ print_list(\@uni32_decomp_keys); print "\n};\n"; -print "static const uint16_t uni32_decomp_values[] = {\n\t"; +print "static const uint32_t uni32_decomp_values[] = {\n\t"; print_list(\@uni32_decomp_values); print "\n};\n"; @@ -157,6 +157,6 @@ print_list(\@multidecomp_offsets); print "\n};\n"; -print "static const uint16_t multidecomp_values[] = {\n\t"; +print "static const uint32_t multidecomp_values[] = {\n\t"; print_list(\@multidecomp_values); print "\n};\n"; From spinner at delphinidae.org.uk Sat May 11 02:58:17 2013 From: spinner at delphinidae.org.uk (Andy R) Date: Sat, 11 May 2013 01:58:17 +0200 Subject: [Dovecot] dovecot 2.2.1: lmtp running in base_dir Message-ID: <518D8999.40906@delphinidae.org.uk> Evening all, I'm running into an issue with lmtp trying to store user mail in 'base_dir' ( same as this ( http://www.dovecot.org/list/dovecot/2011-January/056736.html )) however I'm just using PAM for auth. I've tried with chroot, without chroot and 'chroot'ing lmtp directly in ' service lmtp { } ' which just lead to lots more errors. I've not included anything of the current config so far, as I don't know what is needed here yet. I'm sure I'm missing something obvious, but I can't spot it for the life of me. Can anyone offer any new ideas? Many thanks Andy R. From daniel.parthey at informatik.tu-chemnitz.de Sat May 11 19:47:55 2013 From: daniel.parthey at informatik.tu-chemnitz.de (Daniel Parthey) Date: Sat, 11 May 2013 18:47:55 +0200 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <539181A6-B1DE-4EC8-A724-46AF6B7F37CE@iki.fi> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5183EC0D.7000803@sys4.de> <518412B9.4010605@dementianati.com> <1367635083.3904.23.camel@tardis> <5184FF25.1080504@dementianati.com> <539181A6-B1DE-4EC8-A724-46AF6B7F37CE@iki.fi> Message-ID: <20130511164754.GA28951@daniel.localdomain> Timo Sirainen wrote: > Kelsey already mentioned that lazy_expunge plugin has similar issues, and > nobody has mentioned privacy concerns related to that.. I guess there should > be something about it in the wiki. Also mdbox format doesn't physically > delete the data until doveadm purge is run (if ever). So this isn't the first > such feature. Some of our users are using pop3 collectors to fetch (and delete) the mails, while other users are using mobile phones and might want to use this feature. If the pop3_delete_flag option is globally enabled, will the pop3 user be able to delete any pop3 mails and not be billed for the storage? Our POP3 customers really don't want to pay for emails which they don't see and don't want to keep on the server, but the pop3 collector will not connect via IMAP to the server to finally expunge the mails. So this rises a quota/storage accounting question for pop3-only users. Regards Daniel -- https://plus.google.com/103021802792276734820 From gedalya at gedalya.net Sun May 12 11:03:37 2013 From: gedalya at gedalya.net (Gedalya) Date: Sun, 12 May 2013 04:03:37 -0400 Subject: [Dovecot] Pigeonhole: Typo in 20-managesieve.conf Message-ID: <518F4CD9.9010808@gedalya.net> Line 33: #process_count = 1024 Probably you mean process_limit From me at junc.eu Sun May 12 11:45:47 2013 From: me at junc.eu (Benny Pedersen) Date: Sun, 12 May 2013 10:45:47 +0200 Subject: [Dovecot] =?utf-8?q?Any_way_to_let_dovecot_block_pop3_attempts=3F?= In-Reply-To: <518CE56E.8080708@cnpapers.com> References: <518CE56E.8080708@cnpapers.com> Message-ID: Steve Campbell skrev den 2013-05-10 14:17: > Is there a way using dovecot facilities to block an IP from > attempting POP3 connections (similar to the sendmail access file for > smtp connections)? I usually do this at my border firewall, but if > there's a quick and dirty way in dovecot to do this, it'd make life a > little simpler. google fail2ban, if you using still not using ssl/tls then change to ssl/tls will help aswell, it worked for me, kids still not handle ssl/tls very well these days :) when ssl/tls works drop service on ports without it -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From sb at dod.no Sun May 12 14:17:21 2013 From: sb at dod.no (Steinar Bang) Date: Sun, 12 May 2013 13:17:21 +0200 Subject: [Dovecot] Looking for a good way to manage passwords for CRAM-MD5 Message-ID: <8738tscuri.fsf@dod.no> I prefer not to use clear text passwords, even over an encrypted connection. With IMAP, the only such mechanism with widespread client support is CRAM-MD5 (please correct my if I'm wrong... I'd love to be corrected here...). On the dovecot 2 wiki, the only way I've found to implement CRAM-MD5 support, is to use a passwd-like file: http://wiki2.dovecot.org/HowTo/CRAM-MD5 I am running a small IMAP server used by my family. As long as I was the single user on the IMAPd, manually managing the passwd file as doable (if a bit cumbersome). With 2-5 users, I'm looking for a more elegant solution. Does anyone have a similar situation, and a solution they would like to share (config/HOWTO)? Here are the possibilities that comes to mind: 1. Create a web interface to change the password (does anyone know of a ready-made solution for this that they could recommend?) 2. Convince PAM to update the dovecot HMAC-MD5 password file as well as the regular system password file (my dovecot runs on a debian stable "wheezy" system. In theory this should be possible, but it is very hard to find documentation on what PAM modules exist, and how to write a new one, and if it is possible to chain modules in PAM, ie. use one module to update-this-passwd-file and then use a different module to update a different passwd file) 3. Use LDAP, which I think can also support CRAM-MD5 when using password lookups http://wiki2.dovecot.org/AuthDatabase/LDAP/PasswordLookups (learning how to set up LDAP is something I have avoided for years, because it looks awfully complex and time consuming) I haven't looked into using databases, SQL, or key-value store, because they seem like a more cumbersome way to do the same thing as passwd files. But I am aware that this assumption could be wrong. It could e.g. be easier to make the web interface idea work with a database manager, than messing around with setuid bits to safely update a passwd file owned and touchable only by the dovecot user. Thanks for any and all responses! - Steinar From professa at dementianati.com Sun May 12 15:40:10 2013 From: professa at dementianati.com (Professa Dementia) Date: Sun, 12 May 2013 05:40:10 -0700 Subject: [Dovecot] Looking for a good way to manage passwords for CRAM-MD5 In-Reply-To: <8738tscuri.fsf@dod.no> References: <8738tscuri.fsf@dod.no> Message-ID: <518F8DAA.7070504@dementianati.com> On 5/12/2013 4:17 AM, Steinar Bang wrote: > I prefer not to use clear text passwords, even over an encrypted > connection. Why? Enforce the encrypted link by not allowing unencrypted connections. The simplest is iptables to block ports 110 and 143, while allowing 993 and 995. As long as the underlying SSL/TLS connection utilizes strong mechanisms, everything in the connection is secure, including passwords. CRAM adds complexity, without adding security if the connection is already secure. Just make sure that you have something like fail2ban to block or slow down dictionary and brute force attacks and make sure you use strong passwords. While it seems that adding encryption on top of encryption adds more security, the problem is in how the algorithms interact. There is a reason there is no Double-DES. DES has 56 bits of entropy. You would assume Double-DES had 112 and Triple-DES had 168 bits. However, due to complex and non-obvious interactions between the different layers, Double-DES only adds one bit, effectively, making 57 bits of entropy. Triple-DES adds another 56 for a total of 113. Quadruple-DES would only add another single bit, for a total of 114 - with a required key of 224 bits. Not a good use of key material, plus it is slow. Also note that MD5, the basis for CRAM-MD5, is considered weak and no longer recommended. Thus, if you face an attacker that is sophisticated enough to crack the SSL / TLS connection, they very likely will have little problem with the CRAM-MD5 mechanism. > Does anyone have a similar situation, and a solution they would like to > share (config/HOWTO)? > > Here are the possibilities that comes to mind: > 1. Create a web interface to change the password (does anyone know of a > ready-made solution for this that they could recommend?) Many webmail systems have plugins that allow the user to change their password. Look into Squirrelmail or Roundcube. You have your choice, depending on how your passwords are stored. You can use the poppassd plugin for both of these, but note IT IS NOT SECURE, so it should *only* be used to change passwords over the loopback interface (127.0.0.1). This has been the easiest to set up in my experience, but the added complexity of securing the daemon and domain socket may not be worth it. There are also plugins that interface with PAM, which I find the second easiest to set up. There are plugins that allow you to call some glue logic (Perl, Python, shell scripts, etc) which enables you to interface to pretty much any method (SQL, LDAP, shadow files, etc) you have chosen to save passwords - that is, as long as you are capable of writing the glue logic yourself. > But I am aware that this assumption could be wrong. It could e.g. be > easier to make the web interface idea work with a database manager, than > messing around with setuid bits to safely update a passwd file owned and > touchable only by the dovecot user. Ouch! Do not do this! Use the system provided command line tools for changing passwords, or better yet, the PAM API. Actually a database or LDAP is the best way to go. Shadow files are used for more than just email authentication. Adding users to the shadow files who are just supposed to get email can create all sorts of security holes. Not something you want to do, seeing as how you are trying to improve security. My recommendation: Install a webmail system and password update plugin. Disable port 80 and only allow access via port 443. Block ports 110 and 143 and only allow access to email via ports 993 and 995. You can access your webmail server via the same hostname as the mail server. Example: mailhost.mydomain.com can be access from a web browser as https://mailhost.mydomain.com. This way, you can use the same certificate for the mail server and webmail. I usually recommend separating services on physically different hardware, due to the use of a shared certificate, this is an exception. HOWEVER, only run the webmail system on your web server, do not host any other sites on this machine. The more sites you add the more chance one of them will have a vulnerability that could be used to compromise the entire machine. Think a house of cards crashing down. Avoid using a self signed certificate. Get a properly signed certificate for your server. CheapSSLS.com has them for less then $10. Unless you have experience with CRAM-MD5, I would stay away from it. The problem with security, and why it is so difficult, is that you cannot prove something to be secure, only that it is insecure. One tiny mistake and the security of your system is compromised. Unless you have experience with CRAM-MD5, the extra complexity means you have a higher chance of making a mistake that compromises your security. Stick with a simple authentication method that is easy to set up. Less chance for mistakes. Dem From gedalya at gedalya.net Sun May 12 16:18:45 2013 From: gedalya at gedalya.net (Gedalya) Date: Sun, 12 May 2013 09:18:45 -0400 Subject: [Dovecot] Looking for a good way to manage passwords for CRAM-MD5 In-Reply-To: <518F8DAA.7070504@dementianati.com> References: <8738tscuri.fsf@dod.no> <518F8DAA.7070504@dementianati.com> Message-ID: <518F96B5.3000605@gedalya.net> On 05/12/2013 08:40 AM, Professa Dementia wrote: > Avoid using a self signed certificate. Get a properly signed > certificate for your server. CheapSSLS.com has them for less then $10. Look also at https://www.startssl.com/ From professa at dementianati.com Sun May 12 16:49:54 2013 From: professa at dementianati.com (Professa Dementia) Date: Sun, 12 May 2013 06:49:54 -0700 Subject: [Dovecot] Looking for a good way to manage passwords for CRAM-MD5 In-Reply-To: <518F96B5.3000605@gedalya.net> References: <8738tscuri.fsf@dod.no> <518F8DAA.7070504@dementianati.com> <518F96B5.3000605@gedalya.net> Message-ID: <518F9E02.5030905@dementianati.com> On 5/12/2013 6:18 AM, Gedalya wrote: > On 05/12/2013 08:40 AM, Professa Dementia wrote: >> Avoid using a self signed certificate. Get a properly signed >> certificate for your server. CheapSSLS.com has them for less than $10. > Look also at https://www.startssl.com/ > StartSSL is good - and free. I have used them in the past. The reason I did not list them was that I find their interface a bit clunky and odd to navigate. Also, in order to get a free cert, it has to be for non-commercial use. They tend to turn down certs for hosts that do not begin with www and you have no recourse to convince them that your mailhost.xyz.com cert is for personal use. But, give them a try first. For free, there is nothing to lose. Dem From sb at dod.no Sun May 12 16:53:35 2013 From: sb at dod.no (Steinar Bang) Date: Sun, 12 May 2013 15:53:35 +0200 Subject: [Dovecot] Looking for a good way to manage passwords for CRAM-MD5 References: <8738tscuri.fsf@dod.no> <518F8DAA.7070504@dementianati.com> Message-ID: <87y5bkb8yo.fsf@dod.no> >>>>> Professa Dementia : > Also note that MD5, the basis for CRAM-MD5, is considered weak and no > longer recommended. Thus, if you face an attacker that is sophisticated > enough to crack the SSL / TLS connection, they very likely will have > little problem with the CRAM-MD5 mechanism. Well, yes. But the CRAM in CRAM-MD5 means that the password itself never crosses the wire, and that is the thing I'm trying to avoid. Of course the flip side of that is that you need to have a (more or less) clear text storage of the password itself on either side. Still... that feels better somehow, to passing it over the wire. [snip!] > Many webmail systems have plugins that allow the user to change their > password. Look into Squirrelmail or Roundcube. You have your choice, > depending on how your passwords are stored. > You can use the poppassd plugin for both of these, but note IT IS NOT > SECURE, so it should *only* be used to change passwords over the > loopback interface (127.0.0.1). This has been the easiest to set up in > my experience, but the added complexity of securing the daemon and > domain socket may not be worth it. "poppassd" was a useful google search word. There is a debian package for poppasd, and also a package called poppassd-cgi. The poppassd of debian uses PAM, so that gives me a easy web based password change solution for basic auth. > There are also plugins that interface with PAM, which I find the second > easiest to set up. Yes. Using PAM is the default for debian dovecot, so if I decide to go with basic auth things get easy. > There are plugins that allow you to call some glue logic (Perl, Python, > shell scripts, etc) which enables you to interface to pretty much any > method (SQL, LDAP, shadow files, etc) you have chosen to save passwords > - that is, as long as you are capable of writing the glue logic yourself. Thanks for the tip. That let me narrow down the googling to find this: https://metacpan.org/module/Authen::PAM::Module [snip! Changing passwd files from CGI scripts] > Ouch! Do not do this! Use the system provided command line tools for > changing passwords, or better yet, the PAM API. Yes, but both of those only allow for basic auth. > Actually a database or LDAP is the best way to go. Shadow files are > used for more than just email authentication. Adding users to the > shadow files who are just supposed to get email can create all sorts of > security holes. Not something you want to do, seeing as how you are > trying to improve security. Quite. However I had no intention of touching /etc/passwd or /etc/shadow. Just the HMAC-MD5 passwd file used by dovecot. > My recommendation: > Install a webmail system and password update plugin. Disable port 80 > and only allow access via port 443. > Block ports 110 and 143 and only allow access to email via ports 993 and > 995. You can access your webmail server via the same hostname as the > mail server. Example: mailhost.mydomain.com can be access from a web > browser as https://mailhost.mydomain.com. This way, you can use the > same certificate for the mail server and webmail. I usually recommend > separating services on physically different hardware, due to the use of > a shared certificate, this is an exception. HOWEVER, only run the > webmail system on your web server, do not host any other sites on this > machine. The more sites you add the more chance one of them will have a > vulnerability that could be used to compromise the entire machine. > Think a house of cards crashing down. Yes... however, this is an immediate family email server, so it is neither a high profile, nor a high traffic site. :-) (cost is also a factor) > Avoid using a self signed certificate. Get a properly signed > certificate for your server. CheapSSLS.com has them for less then $10. I have a Cacert.org signed certificate. Works fine on a debian client (has the CA cert built-in), and the CA cert can be installed for Windows MUAs like Opera and Thunderbird. But it's not possible to install the CA cert on iOS versions >4 (rumor has it the capability was present in late betas of iOS 5, but diseappeared from the final release). Also, installing a CA cert was a real pain on Android last time I looked into it. I haven't looked recently. > Unless you have experience with CRAM-MD5, I would stay away from it. I have been using CRAM-MD5 first on cyrus, later on dovecot, from 2000/2001 or thereabouts. > The problem with security, and why it is so difficult, is that you > cannot prove something to be secure, only that it is insecure. One > tiny mistake and the security of your system is compromised. Unless > you have experience with CRAM-MD5, the extra complexity means you have > a higher chance of making a mistake that compromises your security. > Stick with a simple authentication method that is easy to set up. > Less chance for mistakes. True. Thanks for your input! There are many ways forward that are easy, if I go for basic auth. Very few, and very crooked, ways if I decide to stick with CRAM-MD5. From me at junc.eu Sun May 12 17:39:48 2013 From: me at junc.eu (Benny Pedersen) Date: Sun, 12 May 2013 16:39:48 +0200 Subject: [Dovecot] Looking for a good way to manage passwords for CRAM-MD5 In-Reply-To: <518F8DAA.7070504@dementianati.com> References: <8738tscuri.fsf@dod.no> <518F8DAA.7070504@dementianati.com> Message-ID: <0de180e01cc05526e555639c7b968866@junc.eu> Professa Dementia skrev den 2013-05-12 14:40: > On 5/12/2013 4:17 AM, Steinar Bang wrote: >> I prefer not to use clear text passwords, even over an encrypted >> connection. > > Why? Enforce the encrypted link by not allowing unencrypted > connections. The simplest is iptables to block ports 110 and 143, > while > allowing 993 and 995. why not disable 110, 143 in dovecot ?, its waste leas in firewalls to not provide service on blocked ips :) > As long as the underlying SSL/TLS connection utilizes strong > mechanisms, > everything in the connection is secure, including passwords. plain passwords have no problem in treverse in ssl/tls, but it might still be possible to store unencrypted cookies on webmail, so this question is still valid, but this is not a dovecot problem to resolve more like to remove so bad writed webmail client first > CRAM adds > complexity, without adding security if the connection is already > secure. yes, avoid pam auth, use unix auth if its unix mailboxes, and setup eg postfixadmin for virtual users, follow readme in there and it mostly done with all possible powers of dovecot / postfix, (postfixadmin does not really need postfix but an sql mta that can make the same querys in sql) > Just make sure that you have something like fail2ban to block or slow > down dictionary and brute force attacks and make sure you use strong > passwords. seen in ssl/tls ports ? -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From gizmo at giz-works.com Sun May 12 20:24:00 2013 From: gizmo at giz-works.com (Chris Richards) Date: Sun, 12 May 2013 12:24:00 -0500 Subject: [Dovecot] Quota not working with dict proxy Message-ID: Hello all, I'm sure this has been covered somewhere before, but my googlefu is not up to the challenge. Basically, I'm trying to configure quota plugin to use a dictionary service (specifically proxy with mysql) so that I can store the quota usage in a database and use that information in a lookup for postfix to reject mail if over quota. I'm doing this because postfix+avamis+dovecot setup with amavis re-injecting into postfix results in mail being effectively accepted before dovecot lmtp knows if mailbox is full. I'm currently using quota maildir: quota = maildir:User quota and this works; doveadm -Df tab quota get -u 'user at domain' Quota name Type Value Limit % User quota STORAGE 55388 204800 27 User quota MESSAGE 4883 - 0 When I use quota dict: quota = dict:User quota:%u:proxy::quota I get this: "doveadm -f tab quota get -u user at domain" Quota name Type Value Limit % User quota STORAGE 0 204800 0 User quota MESSAGE 0 - 0 So far so good. But manually setting database entry to values retrieved above with maildir quota results in this: Quota name Type Value Limit % User quota STORAGE 54 204800 0 User quota MESSAGE 4883 - 0 I'm guessing this is returning values in KB, so that makes sense, I guess. Attempting to recalc quota on one account using command: "doveadm -f tab quota recalc -u user at domain" returns with nothing, and when I repeat 'quota get' command, it says: doveadm(user at domain): Fatal: User doesn't exist Err............what?! Indeed, looking in the database shows the account in question was actually DELETED! Obviously, I've got something messed here, but I don't know what. I need some guidance here. Dovecot version is 2.1.12 Here is my config: # 2.1.12: /etc/dovecot/dovecot.conf # OS: Linux 3.7.5-hardened-r1 x86_64 Gentoo Base System release 2.1 ext4 auth_master_user_separator = * auth_mechanisms = plain login auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@& auth_verbose_passwords = plain default_process_limit = 200 dict { quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no login_greeting = Awaiting command... mail_location = maildir:/home/vmail/%d/%n/Maildir mail_plugins = " quota" mail_privileged_group = 100 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = INBOX. separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { expire = Trash 7 expire2 = Trash/* 7 expire3 = Spam 7 quota = dict:User quota:%u:proxy::quota quota_rule = *:storage=200M quota_warning = storage=99%% quota-warning 99 %n %d quota_warning2 = storage=95%% quota-warning 95 %n %d quota_warning3 = storage=80%% quota-warning 80 %n %d quota_warning4 = -storage=95%% quota-warning 'less than 95' %n %d sieve = ~/.dovecot.sieve sieve_default = /home/vmail/dovecot/sieve/default.sieve sieve_dir = ~/sieve sieve_global_dir = /home/vmail/dovecot/sieve } protocols = imap pop3 sieve lmtp service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = dovecot mode = 0666 user = dovecot } user = $default_internal_user } service dict { unix_listener dict { mode = 0600 user = vmail } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service quota-warning { executable = script /etc/dovecot/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl_cert = From dovecot-dict-sql.conf.ext: connect = host=localhost dbname=maildb user=dbuser password=dbpass # CREATE TABLE quota ( # username varchar(100) not null, # bytes bigint not null default 0, # messages integer not null default 0, # primary key (username) # ); map { pattern = priv/quota/storage table = email username_field = address value_field = quota_bytes } map { pattern = priv/quota/messages table = email username_field = address value_field = quota_messages } # CREATE TABLE expires ( # username varchar(100) not null, # mailbox varchar(255) not null, # expire_stamp integer not null, # primary key (username, mailbox) # ); map { pattern = shared/expire/$user/$mailbox table = email value_field = expire_stamp fields { address = $user maildir = $mailbox } } Other than some guesswork, I've not got the FOGGIEST idea what the settings in the file actually mean; it doesn't seem to be documented anywhere. Also, the quota plugin settings, at least with respect to using a proxy service, don't seem to be real explanatory either, e.g. the reason I'm using %u for the user is because I stumbled across a post suggesting that leaving it blank would result in just getting the username instead of the username at domain. This is not at all obvious from the documentation, IMO. The docs would benefit greatly from some example use cases (no, I'm not volunteering; I'm TERRIBLE with documentation ;) ). Anyway, if someone could proffer some help or at least guidance here, I'd be very grateful. From sb at dod.no Sun May 12 20:34:37 2013 From: sb at dod.no (Steinar Bang) Date: Sun, 12 May 2013 19:34:37 +0200 Subject: [Dovecot] Looking for a good way to manage passwords for CRAM-MD5 References: <8738tscuri.fsf@dod.no> <518F8DAA.7070504@dementianati.com> <87y5bkb8yo.fsf@dod.no> Message-ID: <87obcgayq9.fsf@dod.no> >>>>> Steinar Bang : >>>>> Professa Dementia : >> There are plugins that allow you to call some glue logic (Perl, Python, >> shell scripts, etc) which enables you to interface to pretty much any >> method (SQL, LDAP, shadow files, etc) you have chosen to save passwords >> - that is, as long as you are capable of writing the glue logic yourself. > Thanks for the tip. That let me narrow down the googling to find this: > https://metacpan.org/module/Authen::PAM::Module There are claims in Authen::PAM that it can be used to write PAM modules in perl, but I have yet to find an example showing how. It is available as a debian package: http://packages.debian.org/wheezy/libauthen-pam-perl (however, while that package contains an .so, it looks like that .so is meant for inclusion into perl, rather than being an .so meant for inclusion into PAM, that would start a perl interpreter and run a script) The pam_python module is more obviously what I was looking for (ie. an .so residing in /lib/security that runs a python script) http://packages.debian.org/wheezy/libpam-python However, I'm not really all that familiar with Python, so it may just be simpler to write a module in C or C++. Here are three articles that look like they might be useful to accomplish this. http://www.linuxdevcenter.com/pub/a/linux/2002/05/02/pam_modules.html http://www.linuxdevcenter.com/pub/a/linux/2002/05/23/pam_modules.html http://www.linuxdevcenter.com/pub/a/linux/2002/05/30/pam_modules.html (The articles are 11 years old, though, so they may be a bit out of date) From gizmo at giz-works.com Sun May 12 20:49:39 2013 From: gizmo at giz-works.com (Chris Richards) Date: Sun, 12 May 2013 12:49:39 -0500 Subject: [Dovecot] Quota not working with dict proxy In-Reply-To: References: Message-ID: <4f6be78d8577ff11b14d45a113d7fdad.squirrel@www.giz-works.com> On Sun, May 12, 2013 12:24 pm, Chris Richards wrote: > Hello all, > I'm sure this has been covered somewhere before, but my googlefu is not up > to the challenge. More info; this is the debug output from the doveadm command: doveadm -Df tab quota recalc -u 'user at domain' doveadm(root): Debug: Loading modules from directory: /usr/lib64/dovecot doveadm(root): Debug: Module loaded: usr/lib64/dovecot/lib10_quota_plugin.so doveadm(root): Debug: Loading modules from directory: /usr/lib64/dovecot/doveadm doveadm(root): Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib10_doveadm_quota_plugin.so doveadm(root): Debug: Skipping module doveadm_zlib_plugin, because dlopen() failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_zlib_plugin.so: undefined symbol: i_stream_create_deflate (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib64/dovecot/doveadm/lib20_ doveadm_fts_plugin.so: undefined symbol: fts_backend_rescan (this is usually intentional, so just ignore this message) doveadm(user at domain): Debug: auth input: user at domain home=/home/vmail/domains/domain/user/ mail=maildir:/home/vmail/domains/domain/user/Maildir/ uid=1004 gid=100 quota_rule=*:storage=200M doveadm(user at domain): Debug: Added userdb setting: mail=maildir:/home/vmail/domains/domain/user/Maildir/ doveadm(user at domain): Debug: Added userdb setting: plugin/quota_rule=*:storage=200M doveadm(user at domain): Debug: Effective uid=1004, gid=100, home=/home/vmail/domains/domain/user/ doveadm(user at domain): Debug: Quota root: name=User quota backend=dict args=user at domain:proxy::quota doveadm(user at domain): Debug: Quota rule: root=User quota mailbox=* bytes=209715200 messages=0 doveadm(user at domain): Debug: Quota warning: bytes=207618048 (99%) messages=0 reverse=no command=quota-warning 99 user domain doveadm(user at domain): Debug: Quota warning: bytes=199229440 (95%) messages=0 reverse=no command=quota-warning 95 user domain doveadm(user at domain): Debug: Quota warning: bytes=167772160 (80%) messages=0 reverse=no command=quota-warning 80 user domain doveadm(user at domain): Debug: Quota warning: bytes=199229440 (95%) messages=0 reverse=yes command=quota-warning 'less than 95' user domain doveadm(user at domain): Debug: dict quota: user=user at domain, uri=proxy::quota, noenforcing=0 doveadm(user at domain): Debug: Namespace inbox: type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/home/vmail/domains/domain/user/Maildir/ doveadm(user at domain): Debug: maildir++: root=/home/vmail/domains/domain/user/Maildir, index=, control=, inbox=/home/vmail/domains/domain/user/Maildir, alt= I don't see anything here that would explain why it is deleting my user account, but I can tell you with certainty that this command is doing SOMETHING that is resulting in the deletion of my account. From stephan at rename-it.nl Sun May 12 21:30:37 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Sun, 12 May 2013 20:30:37 +0200 Subject: [Dovecot] Pigeonhole: Typo in 20-managesieve.conf In-Reply-To: <518F4CD9.9010808@gedalya.net> References: <518F4CD9.9010808@gedalya.net> Message-ID: <518FDFCD.9020206@rename-it.nl> On 5/12/2013 10:03 AM, Gedalya wrote: > Line 33: #process_count = 1024 > Probably you mean process_limit > Yes, thanks. This name changed at some point in Dovecot and I forgot to update it for ManageSieve. http://hg.rename-it.nl/dovecot-2.1-pigeonhole/rev/7319f0becc98 Regards, Stephan. From aseques at gmail.com Mon May 13 09:42:50 2013 From: aseques at gmail.com (Joan) Date: Mon, 13 May 2013 08:42:50 +0200 Subject: [Dovecot] Autocreation the home folder Message-ID: Sorry if this has been already asked, but I haven't been able to find a solution, I am trying to migrate a dovecot 1.2 config to 2.1, the 'dovecot -n > dovecot.conf' migrated all the setup without issues, and the mail is working as expected. The only issue I've had is with the change with the mail_location, mail_home, that in the 2.1 versions can't be on the same path. After reading in the wiki the various config options ( http://wiki2.dovecot.org/VirtualUsers/Home) I opted to use the 3rd: Home directory under mail, for example: Maildir: home=/var/vmail/domain/user/home/ mail=/var/vmail/domain/user/ mbox: There's really no good and safe way to do it. So I changed from: mail_location = maildir:/home/vmail/%d/%n mail_home = /var/vmail/%d/%n To: mail_location = maildir:/home/vmail/%d/%n mail_home = /var/vmail/%d/%n/home The problem is that those home directories are not created (the mailboxes already existed) automatically, and I am getting these errors: ========================================================== May 10 17:08:59 server dovecot: lda(username at example.com): Debug: Home dir not found: /var/vmail/example.com/username/home May 10 17:08:59 server dovecot: lda(username at example.com): Debug: Quota root: name=User quota backend=maildir args= May 10 17:08:59 server dovecot: lda(username at example.com): Debug: Quota rule: root=User quota mailbox=* bytes=20480000000 messages=0 May 10 17:08:59 server dovecot: lda(username at example.com): Debug: Quota rule: root=User quota mailbox=Trash ignored May 10 17:08:59 server dovecot: lda(username at example.com): Debug: Quota warning: bytes=15360000000 (75%) messages=0 reverse=no command=/etc/dovecot/quota-warning.sh 75 May 10 17:08:59 server dovecot: lda(username at example.com): Debug: Quota warning: bytes=17408000000 (85%) messages=0 reverse=no command=/etc/dovecot/quota-warning.sh 85 May 10 17:08:59 server dovecot: lda(username at example.com): Debug: maildir++: root=/home/vmail/example.com/username, index=, control=, inbox=/home/vmail/example.com/username, alt= May 10 17:08:59 server dovecot: lda(username at example.com): Debug: Quota root: name=User quota backend=maildir args= May 10 17:08:59 server dovecot: lda(username at example.com): Debug: Quota rule: root=User quota mailbox=* bytes=1073741824 messages=0 May 10 17:08:59 server dovecot: lda(username at example.com): Debug: Quota warning: bytes=805306368 (75%) messages=0 reverse=no command=/etc/dovecot/quota-warning.sh 75 ======================================================== Am I supposed to create the folders via an external script? Or is there any option to make this automatic. Regards, Joan From hajo.locke at gmx.de Mon May 13 10:06:59 2013 From: hajo.locke at gmx.de (Hajo Locke) Date: Mon, 13 May 2013 09:06:59 +0200 Subject: [Dovecot] Xlist in userdb, Foldernames with whitespace? References: <184A6E7B8F5A495A94DD08A848164103@ai.local> Message-ID: <7F307CBDF53744EABA4708392A709DA2@ai.local> Hello, unfortunately still have the same problem. Currently i believe this is a kind of bug. > My problem is to allow Foldernames with whitespace in it f.e. Sent > Messages > I tried to put these names in quotes in this line or mask the blank with > backslash but nothing was working. > Dovecot ist not accepting these settings: In your example here you created two mailboxes by commandlineparams: http://dovecot.org/list/dovecot/2013-March/089373.html 'namespace/inbox/mailbox=foo bar' After putting this to userdb i tried a lot of masking, quoting etc, but dovecot is always splitting up at the blank space, and a foldername with blank space like "Sent Mails" seems to be impossible in userdb. How to achieve this? This would be nice for other features separate from the xlist feature, autocreation of individual folders can be used for different purposes. What to do now? Thanks, Hajo From skdovecot at smail.inf.fh-brs.de Mon May 13 10:17:52 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 13 May 2013 09:17:52 +0200 (CEST) Subject: [Dovecot] Autocreation the home folder In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 13 May 2013, Joan wrote: > The only issue I've had is with the change with the mail_location, > mail_home, that in the 2.1 versions can't be on the same path. > > So I changed from: > mail_location = maildir:/home/vmail/%d/%n > mail_home = /var/vmail/%d/%n Is /home/vmail the same as /var/vmail ? > To: > mail_location = maildir:/home/vmail/%d/%n > mail_home = /var/vmail/%d/%n/home - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUZCToF3r2wJMiz2NAQImegf/WaoqkBP8cMbbc/dvwx5iIUaGUWpYUYU8 oE61/rKWu2kPIVur/njDkO6YLMTzTwiedhRQgddJPlucKQ2mj5r9AGd3Y3PWsDY8 VJNeC5D9wTVzGsJgppPazdbjabz7Kjp9p3PEC6mMU2C9Ud8DXp2XlpeS20vtk7fS ItiS4xeW6SgmenJsSavB7H9Uz46/crxgoE0MP0NZG12jRce7thBxEt6Ihds/nb8G jpaEHT/R5g3Ii2quhJAJBil+R32J5T/DKxG5DVdlAhRR+mWYWAZzBlW1VYTjgffF ilP91IO2z4WCArdT3Wg+THwwo0K6uNxHRxgP9Sz73Bb3Wb1mY9IOfQ== =wALs -----END PGP SIGNATURE----- From aseques at gmail.com Mon May 13 11:15:45 2013 From: aseques at gmail.com (Joan) Date: Mon, 13 May 2013 10:15:45 +0200 Subject: [Dovecot] Autocreation the home folder In-Reply-To: References: Message-ID: Hi Steffen, that was an error I hadn't spotted (copypasting error). Still after changing mail_home to the proper value (/home/vmail/%d/%n/home) the errors in the logs are the same Debug: Home dir not found: /home/vmail/example.com/username/home 2013/5/13 Steffen Kaiser > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Mon, 13 May 2013, Joan wrote: > > The only issue I've had is with the change with the mail_location, >> mail_home, that in the 2.1 versions can't be on the same path. >> >> So I changed from: >> mail_location = maildir:/home/vmail/%d/%n >> mail_home = /var/vmail/%d/%n >> > > Is /home/vmail the same as /var/vmail ? > > > To: >> mail_location = maildir:/home/vmail/%d/%n >> mail_home = /var/vmail/%d/%n/home >> > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUZCToF3r2wJMiz2NAQImeg**f/WaoqkBP8cMbbc/**dvwx5iIUaGUWpYUYU8 > oE61/rKWu2kPIVur/**njDkO6YLMTzTwiedhRQgddJPlucKQ2**mj5r9AGd3Y3PWsDY8 > VJNeC5D9wTVzGsJgppPazdbjabz7Kj**p9p3PEC6mMU2C9Ud8DXp2XlpeS20vt**k7fS > ItiS4xeW6SgmenJsSavB7H9Uz46/**crxgoE0MP0NZG12jRce7thBxEt6Ihd**s/nb8G > jpaEHT/R5g3Ii2quhJAJBil+**R32J5T/DKxG5DVdlAhRR+**mWYWAZzBlW1VYTjgffF > ilP91IO2z4WCArdT3Wg+**THwwo0K6uNxHRxgP9Sz73Bb3Wb1mY9**IOfQ== > =wALs > -----END PGP SIGNATURE----- > From skdovecot at smail.inf.fh-brs.de Mon May 13 18:50:26 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 13 May 2013 17:50:26 +0200 (CEST) Subject: [Dovecot] Autocreation the home folder In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 13 May 2013, Joan wrote: > Hi Steffen, that was an error I hadn't spotted (copypasting error). Still > after changing mail_home to the proper value (/home/vmail/%d/%n/home) the > errors in the logs are the same >> Am I supposed to create the folders via an external script? Or is there >> any option to make this automatic. As far as I know, the home directory is not created automatically. You will need to use an external script. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUZELwl3r2wJMiz2NAQISxwgAnYwXngFKs0JoLmwWr5ugUWk/AyTwJbMA eQ2zmAYPg9L1Bm82/q69oXJ0YQfuVjewH+mHlWqEQWQ87e61akpyE5CIVJDkkaTY VGgZAmaHjOFPeNj4DkLlNcSHPr7AJXfSRBAeTFGLA5cwwGs0A9iIxV6DQiKkF8QN AaZCS0JlZ3NHyka3DN+m2GCZeSERP8+G2rznz6p8WWZBgccl366I+9UQkQYKLqpi j+DU47DmQNMWvmA+7iekmTWWEIW8IDL0gk0Q1GtSYNKQA4o+trFZKZjDbL5KJpmk YLdnra+BCCM3g3NrZcOYO4degYO0dBMtMkPGrlU2jzu0W6RiMrkz3A== =j7UR -----END PGP SIGNATURE----- From daniel.parthey at informatik.tu-chemnitz.de Tue May 14 01:40:48 2013 From: daniel.parthey at informatik.tu-chemnitz.de (Daniel Parthey) Date: Tue, 14 May 2013 00:40:48 +0200 Subject: [Dovecot] ot: mirroring/archiving to a Mac? In-Reply-To: <20130508004947.GC52079@anubis.morrow.me.uk> References: <51899D91.80905@thelounge.net> <20130508004947.GC52079@anubis.morrow.me.uk> Message-ID: <20130513224048.GA21444@daniel.localdomain> Hi there, Ben Morrow wrote: > At 2AM +0200 on 8/05/13 you (Reindl Harald) wrote: > > Am 08.05.2013 02:30, schrieb voytek at sbt.net.au: > > > can I set a mail server on my home Mac server, and, 'mirror' the real mail > > > server mailboxes so than I can have an offline mail archive for ever? > > > > and for the archive itself imapsync and cron is his friend > > Is it possible to use dsync for this? You would need a way to say 'don't > delete mails from the destination', and I don't know if it will do > that... http://wiki2.dovecot.org/Tools/Dsync There are two operation modes for dsync: dsync mirror - does a two-way synchronization between two mail locations dsync backup - backup mails from default mail location to location2 (or vice versa, if -R parameter is given) No changes are ever done to the source location. Any changes done in destination are discarded. The advantage of dsync over imapsync is that UUIDs of mails can be preserved if Dovecot is running on target side. Imapsync cannot access Dovecot internals, it is just an IMAP client. Regards Daniel -- https://plus.google.com/103021802792276734820 From daniel.parthey at informatik.tu-chemnitz.de Tue May 14 01:55:17 2013 From: daniel.parthey at informatik.tu-chemnitz.de (Daniel Parthey) Date: Tue, 14 May 2013 00:55:17 +0200 Subject: [Dovecot] Quota not working with dict proxy In-Reply-To: References: Message-ID: <20130513225517.GA21651@daniel.localdomain> Chris Richards wrote: > Attempting to recalc quota on one account using command: > "doveadm -f tab quota recalc -u user at domain" > returns with nothing, and when I repeat 'quota get' command, it says: > doveadm(user at domain): Fatal: User doesn't exist > > Indeed, looking in the database shows the account in question was actually > DELETED! > > Obviously, I've got something messed here, but I don't know what. > > dovecot-dict-sql.conf.ext: > > connect = host=localhost dbname=maildb user=dbuser password=dbpass > > map { > pattern = priv/quota/storage > table = email > username_field = address > value_field = quota_bytes > } > map { > pattern = priv/quota/messages > table = email > username_field = address > value_field = quota_messages > } Are you using the same SQL table "email" for user lookup and quota/storage accounting? Try to use two different tables for user and quota database, because the quota accounting might have deleted an entry from the "user" table while it only tried to delete a row from the "quota" table. Regards Daniel -- https://plus.google.com/103021802792276734820 From gizmo at giz-works.com Tue May 14 05:52:11 2013 From: gizmo at giz-works.com (Chris Richards) Date: Mon, 13 May 2013 21:52:11 -0500 Subject: [Dovecot] Quota not working with dict proxy In-Reply-To: <20130513225517.GA21651@daniel.localdomain> References: <20130513225517.GA21651@daniel.localdomain> Message-ID: On Mon, May 13, 2013 5:55 pm, Daniel Parthey wrote: > Are you using the same SQL table "email" for user lookup > and quota/storage accounting? > > Try to use two different tables for user and quota database, because the > quota > accounting might have deleted an entry from the "user" table while it only > tried to delete a row from the "quota" table. > > Regards > Daniel I am using the same table for both user lookkup and quota accounting. I'll try creating another table for the lookup and quota accounting, but I find it disconcerting that it would be deleting entries from the database at all when all I asked it to do was recalc the quota. One wouldn't think that 'update an entry with the correct information' would equate to 'delete this row and recreate it'. Chris From amateo at um.es Tue May 14 08:45:40 2013 From: amateo at um.es (Angel L. Mateo) Date: Tue, 14 May 2013 07:45:40 +0200 Subject: [Dovecot] Autocreation the home folder In-Reply-To: References: Message-ID: <5191CF84.9000103@um.es> El 13/05/13 17:50, Steffen Kaiser escribi?: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, 13 May 2013, Joan wrote: > >> Hi Steffen, that was an error I hadn't spotted (copypasting error). Still >> after changing mail_home to the proper value (/home/vmail/%d/%n/home) the >> errors in the logs are the same > >>> Am I supposed to create the folders via an external script? Or is >>> there any option to make this automatic. > > As far as I know, the home directory is not created automatically. You > will need to use an external script. > I have this config: mail_home = /mail/users/mailboxes/%2Ln/%Ln mail_location = mdbox:%h/mdbox:INDEX=/mail/indexes/%2Ln/%Ln In my config, mail_home is also auto created (I have dovecot 2.1.16) Do you have any error? Has dovecot user permissions to create direcotories/files under your /var/mail? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 868888337 From aseques at gmail.com Tue May 14 11:42:46 2013 From: aseques at gmail.com (Joan) Date: Tue, 14 May 2013 10:42:46 +0200 Subject: [Dovecot] Autocreation the home folder In-Reply-To: <5191CF84.9000103@um.es> References: <5191CF84.9000103@um.es> Message-ID: Yes, all folder tree has vmail:vmail as the owner, and dovecot can create the folders without issues. I verified that when manually creating those folders, the warnings disappear, the main issue still remains though. When I send the first mail to a user he has this layout: cur dovecot.index.cache dovecot.index.log dovecot-uidlist dovecot-uidvalidity dovecot-uidvalidity.5191f7ad maildirsize new tmp Sadly ,there's no home folder, so I've no other option than to create the folder by hand? 2013/5/14 Angel L. Mateo > El 13/05/13 17:50, Steffen Kaiser escribi?: > > -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Mon, 13 May 2013, Joan wrote: >> >> Hi Steffen, that was an error I hadn't spotted (copypasting error). Still >>> after changing mail_home to the proper value (/home/vmail/%d/%n/home) the >>> errors in the logs are the same >>> >> >> Am I supposed to create the folders via an external script? Or is >>>> there any option to make this automatic. >>>> >>> >> As far as I know, the home directory is not created automatically. You >> will need to use an external script. >> >> I have this config: > > mail_home = /mail/users/mailboxes/%2Ln/%Ln > mail_location = mdbox:%h/mdbox:INDEX=/mail/**indexes/%2Ln/%Ln > > In my config, mail_home is also auto created (I have dovecot > 2.1.16) > > Do you have any error? Has dovecot user permissions to create > direcotories/files under your /var/mail? > > -- > Angel L. Mateo Mart?nez > Secci?n de Telem?tica > ?rea de Tecnolog?as de la Informaci?n > y las Comunicaciones Aplicadas (ATICA) > http://www.um.es/atica > Tfo: 868887590 > Fax: 868888337 > From cr at sys4.de Tue May 14 12:20:53 2013 From: cr at sys4.de (=?windows-1252?Q?Christian_R=F6=DFner?=) Date: Tue, 14 May 2013 11:20:53 +0200 Subject: [Dovecot] 2.2.1 and quota-status Message-ID: Hi, maybe this question already came up and I missed it in my mails, but if not? : I have configured Quota for Dovecot since decades and now with the new policy service, I wanted to include this into Postfix. I have followed Ralf's Blog and there a two Problems: I need to do this: ls -la /var/run/dovecot/config srw------- 1 root root 0 May 14 11:06 /var/run/dovecot/config chown vmail /var/run/dovecot/config ls -la /var/run/dovecot/config srw------- 1 vmail root 0 May 14 11:06 /var/run/dovecot/config Where can I tell Dovecot to set user vmail here? If I do not do this, I get the following error in the logs: May 14 10:54:50 mx0 dovecot: quota-status(c at roessner-network-solutions.com): Error: user c at roessner-network-solutions.com: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied Also the following test does not succeed: telnet localhost 12340 Trying ::1... Connected to localhost. Escape character is '^]'. request=smtpd_access_policy sender=foo at bar.tld recipient=c at roessner-network-solutions.com size=10000000000 action= ^] telnet> quit Connection closed. Nothing in the logs. Just an empty answer. Here is my config: doveconf -n # 2.2.1: /etc/dovecot/dovecot.conf # OS: Linux 3.8.6-hardened x86_64 Gentoo Base System release 2.2 auth_master_user_separator = * auth_mechanisms = plain login cram-md5 digest-md5 ntlm auth_verbose = yes hostname = mail.roessner-net.de lda_mailbox_autosubscribe = yes mail_access_groups = vmail mail_attachment_dir = /var/mail/virtual/copymail/attachments mail_gid = vmail mail_location = mdbox:~/mdbox mail_plugins = quota acl fts fts_solr zlib mail_privileged_group = mail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mdbox_rotate_size = 128 M namespace { list = children location = mdbox:%%h/mdbox prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox "Deleted Messages" { special_use = \Trash } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk-E-Mail { special_use = \Junk } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } mailbox junkmail { auto = subscribe special_use = \Junk } prefix = separator = / type = private } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile acl_shared_dict = file:/var/mail/virtual/shared-mailboxes.db fts = solr fts_solr = break-imap-search url=http://localhost:8080/solr/ quota = dict:User quota::file:%h/mdbox/dovecot-quota quota_rule = *:storage=300M:messages=20000 quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve zlib_save = gz zlib_save_level = 6 } protocols = imap pop3 lmtp sieve service auth-worker { extra_groups = ssl-cert unix_listener auth-worker { mode = 0600 user = vmail } user = vmail } service auth { extra_groups = ssl-cert unix_listener auth-userdb { mode = 0600 user = vmail } user = vmail } service dict { unix_listener dict { mode = 0600 user = vmail } } service lmtp { unix_listener /var/spool/postfix/private/lmtp-dovecot { group = postfix mode = 0666 user = postfix } } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12340 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl_ca = (Stephan Bosch's message of "Fri, 10 May 2013 20:24:41 +0200") References: <518D317A.4070606@tesco.net> <518D3B69.9010807@rename-it.nl> Message-ID: Stephan Bosch writes: > Hmm, the slave builder is down due to some issues with the Xen > server. This means that testing-auto i386 (the master) will be the > only release updated for the moment. I hope this still installs on > stable, otherwise you'll have to wait a little longer. Doesn't seem to install on Wheezy here... Installing default 2.1.7 for the moment. Best -- erik From paul.simons at onair.aero Tue May 14 11:09:04 2013 From: paul.simons at onair.aero (diskdude) Date: Tue, 14 May 2013 01:09:04 -0700 (PDT) Subject: [Dovecot] Dovecot connection problem - Too many invalid commands (no auth attempts) - v2.0.19 In-Reply-To: References: Message-ID: <1368518944918-42214.post@n4.nabble.com> I had the same trouble. After trying just about everything else I could think of (selinux, conf files, etc) I managed to fix it by deleting and recreating the users mail file. Don't know why this should work and I would be interested if it works for you? Regards -- View this message in context: http://dovecot.2317879.n4.nabble.com/Dovecot-connection-problem-Too-many-invalid-commands-no-auth-attempts-v2-0-19-tp41688p42214.html Sent from the Dovecot mailing list archive at Nabble.com. From tss at iki.fi Tue May 14 16:34:35 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 14 May 2013 16:34:35 +0300 Subject: [Dovecot] Idea: POP3 deletion as a flag In-Reply-To: <20130511164754.GA28951@daniel.localdomain> References: <40F73CAC-B7DB-478E-B6FC-939028EA0497@iki.fi> <5183EC0D.7000803@sys4.de> <518412B9.4010605@dementianati.com> <1367635083.3904.23.camel@tardis> <5184FF25.1080504@dementianati.com> <539181A6-B1DE-4EC8-A724-46AF6B7F37CE@iki.fi> <20130511164754.GA28951@daniel.localdomain> Message-ID: <93BF22B5-8767-43C1-876B-A8C86C0006FE@iki.fi> On 11.5.2013, at 19.47, Daniel Parthey wrote: > Timo Sirainen wrote: >> Kelsey already mentioned that lazy_expunge plugin has similar issues, and >> nobody has mentioned privacy concerns related to that.. I guess there should >> be something about it in the wiki. Also mdbox format doesn't physically >> delete the data until doveadm purge is run (if ever). So this isn't the first >> such feature. > > Some of our users are using pop3 collectors to fetch (and delete) the mails, > while other users are using mobile phones and might want to use this feature. > > If the pop3_delete_flag option is globally enabled, will the pop3 user > be able to delete any pop3 mails and not be billed for the storage? > Our POP3 customers really don't want to pay for emails which they > don't see and don't want to keep on the server, but the pop3 collector > will not connect via IMAP to the server to finally expunge the mails. > > So this rises a quota/storage accounting question for pop3-only users. It gets counted towards quota. If you don't want that, you could use lazy-expunge plugin, although its behavior is different. Anyway, implemented this to v2.2: http://hg.dovecot.org/dovecot-2.2/rev/5984de096e3e From agraeper at googlemail.com Tue May 14 16:41:16 2013 From: agraeper at googlemail.com (andreas graeper) Date: Tue, 14 May 2013 15:41:16 +0200 Subject: [Dovecot] protocols and privileges Message-ID: hi, 1) protocols = pop3 but when starting the service, output tells about imap. when mua fetches mails ~/mail/.imap/INDEX is created. 2) i have some users uid=500 .. 505. src in /var/mail/%u, owner is .mail and home-directories /home/ - owner is .users when dovecot tries to create directory /home//mail then it tells for user xyz (uid = 502) euid=502(xyz) egid=100(users) missing +w permission /home/xyz , euid is not dir owner. but /home/xyz is owned by xyz.users and mod = 0700 ( drwx------ ) same environment for uid = 501 works great ! thanks in advance andreas ? permission lookup from /home/xyz/mail failed do i have to create that mail directory manually ? From jim at packetalk.net Tue May 14 19:49:34 2013 From: jim at packetalk.net (Jim McNamara) Date: Tue, 14 May 2013 12:49:34 -0400 Subject: [Dovecot] Sieve was installed but doesn't work or log Message-ID: <51926B1E.6080002@packetalk.net> Hello everyone. I have dovecot version 1.2.8 installed from source. This morning I installed the sieve plugin to sort emails, and though the install reported no errors, the plugin doesn't seem to function, and no mention of it is made in the logs when I turn on verbose logging. dovecot --version 1.2.8 dovecot -n # 1.2.8: /usr/local/etc/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.0 base_dir: /usr/local/var/run/dovecot/ log_path: /dev/stderr info_log_path: /dev/stderr log_timestamp: protocols: imap imaps pop3s listen(default): 127.0.0.1:143 listen(imap): 127.0.0.1:143 listen(pop3): * ssl_listen(default): 192.168.1.1:993 ssl_listen(imap): 192.168.1.1:993 ssl_listen(pop3): 192.168.1.1:995 ssl_cert_file: /var/qmail/control/servercert.pem ssl_key_file: /var/qmail/control/servercert.pem ssl_cipher_list: ALL:!LOW verbose_ssl: yes login_dir: /usr/local/var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login verbose_proctitle: yes first_valid_uid: 89 last_valid_uid: 89 mail_location: maildir:~/Maildir mail_debug: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %v-%u namespace: type: private separator: . prefix: INBOX. inbox: yes list: yes subscriptions: yes lda: postmaster_address: postmaster at mail.domain.com hostname: mail.domain.com mail_plugins: sieve mail_plugin_dir: /usr/local/lib/dovecot/lda deliver_log_format: msgid=%m: %$ sieve: /home/vpopmail/domains/%d/%n/sieve sieve_global_path: /usr/local/etc/default.sieve log_path: /var/log/qmail/sieve/dovecot.log info_log_path: /var/log/qmail/sieve/dovecot.log auth default: user: vpopmail passdb: driver: vpopmail userdb: driver: vpopmail plugin: quota: maildir Here is the config.log from sieve root at myplace:/usr/local# head dovecot-1.2-sieve-0.1.19/config.log This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by Dovecot Sieve configure 0.1.19, which was generated by GNU Autoconf 2.67. Invocation command line was $ ./configure --with-dovecot=../dovecot-1.2.8/ That compiled cleanly, then make and make install also proceeded without error. With verbose logging enabled, the only times "sieve" appeared in the logs was when I tried to load it as a plugin for imap - grep sieve /var/log/qmail/qmail-dovecot/current |tai64nlocal 2013-05-14 09:20:05.091635500 FPlugin sieve not found from directory /usr/local/lib/dovecot/imap 2013-05-14 09:20:06.120848500 FPlugin sieve not found from directory /usr/local/lib/dovecot/imap 2013-05-14 09:20:07.142465500 FPlugin sieve not found from directory /usr/local/lib/dovecot/imap 2013-05-14 09:20:08.164247500 FPlugin sieve not found from directory /usr/local/lib/dovecot/imap Once I removed it from being loaded as an imap plugin and used it only as an lda plugin, it hasn't appeared in the dovecot logs. It also isn't logging where I asked it to in the config file (log_path: /var/log/qmail/sieve/dovecot.log, or info_log_path: /var/log/qmail/sieve/dovecot.log), but that files was touched and all directories below /var/log/qmail/sieve have the correct permissions for dovecot to write there: ls -al /var/log/qmail/sieve/ total 16 drwxr-xr-x 2 dovecot dovecot 4096 May 14 11:04 . drwxr-xr-x 7 qmaill root 12288 May 14 11:04 .. -rw-r--r-- 1 dovecot dovecot 0 May 14 11:04 dovecot.log Can anyone suggest an error they see or what I can do to get my errors with the sieve config logged somewhere? Thanks for your help and insight. From rob0 at gmx.co.uk Tue May 14 20:39:34 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Tue, 14 May 2013 12:39:34 -0500 Subject: [Dovecot] Looking for a good way to manage passwords for CRAM-MD5 In-Reply-To: <518F8DAA.7070504@dementianati.com> References: <8738tscuri.fsf@dod.no> <518F8DAA.7070504@dementianati.com> Message-ID: <20130514173934.GJ3672@harrier.slackbuilds.org> On Sun, May 12, 2013 at 05:40:10AM -0700, Professa Dementia wrote: > On 5/12/2013 4:17 AM, Steinar Bang wrote: > > I prefer not to use clear text passwords, even over an encrypted > > connection. > > Why? Enforce the encrypted link by not allowing unencrypted > connections. The simplest is iptables to block ports 110 and 143, > while allowing 993 and 995. I don't understand this advice. Why would someone who is apparently interested in heightened transport security restrict himself to the older generation SSL v.2, which was long ago superceded by TLS v.1? http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0.2C_2.0_and_3.0 http://wiki2.dovecot.org/SSL Quoting from the latter page: "Some admins want to require SSL/TLS, but don't realize that this is also possible with STARTTLS (Dovecot has disable_plaintext_auth=yes and ssl=required settings)." -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From trever at middleearth.sapphiresunday.org Tue May 14 21:54:06 2013 From: trever at middleearth.sapphiresunday.org (Trever L. Adams) Date: Tue, 14 May 2013 12:54:06 -0600 Subject: [Dovecot] dovecot 2.0 -> 2.1 sieve problem Message-ID: <5192884E.2080009@middleearth.sapphiresunday.org> I had a completely working setup before. I upgraded, now I get: Error: 7LUaNYqHklG6EAAApwKjnA: sieve: execution of script (null) failed, but implicit keep was successful sieve = /home/vmail/%Ld/%Ln/.dovecot.sieve sieve_dir = /home/vmail/%Ld/%Ln/sieve (this was ~/sieve) I am not quite sure what is going on. Is anyone else seeing this? Any idea on what has changed? (I am not readily seeing it in changelogs or mailing lists.) Thank you, Trever -- "A right is not what someone gives you; it's what no one can take from you." -- Ramsey Clark From stephan at rename-it.nl Tue May 14 22:29:47 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 14 May 2013 21:29:47 +0200 Subject: [Dovecot] dovecot 2.0 -> 2.1 sieve problem In-Reply-To: <5192884E.2080009@middleearth.sapphiresunday.org> References: <5192884E.2080009@middleearth.sapphiresunday.org> Message-ID: <519290AB.70207@rename-it.nl> On 5/14/2013 8:54 PM, Trever L. Adams wrote: > I had a completely working setup before. I upgraded, now I get: > > Error: 7LUaNYqHklG6EAAApwKjnA: sieve: execution of script (null) failed, > but implicit keep was successful > > sieve = /home/vmail/%Ld/%Ln/.dovecot.sieve > sieve_dir = /home/vmail/%Ld/%Ln/sieve (this was ~/sieve) > > I am not quite sure what is going on. Is anyone else seeing this? Any > idea on what has changed? (I am not readily seeing it in changelogs or > mailing lists.) What is the exact version of Pigeonhole you're upgrading to? Regards, Stephan. From trever at middleearth.sapphiresunday.org Tue May 14 22:35:38 2013 From: trever at middleearth.sapphiresunday.org (Trever L. Adams) Date: Tue, 14 May 2013 13:35:38 -0600 Subject: [Dovecot] dovecot 2.0 -> 2.1 sieve problem In-Reply-To: <519290AB.70207@rename-it.nl> References: <5192884E.2080009@middleearth.sapphiresunday.org> <519290AB.70207@rename-it.nl> Message-ID: <5192920A.3030302@middleearth.sapphiresunday.org> On 05/14/2013 01:29 PM, Stephan Bosch wrote: > On 5/14/2013 8:54 PM, Trever L. Adams wrote: >> I had a completely working setup before. I upgraded, now I get: >> >> Error: 7LUaNYqHklG6EAAApwKjnA: sieve: execution of script (null) failed, >> but implicit keep was successful >> >> sieve = /home/vmail/%Ld/%Ln/.dovecot.sieve >> sieve_dir = /home/vmail/%Ld/%Ln/sieve (this was ~/sieve) >> >> I am not quite sure what is going on. Is anyone else seeing this? Any >> idea on what has changed? (I am not readily seeing it in changelogs or >> mailing lists.) > > What is the exact version of Pigeonhole you're upgrading to? > > Regards, > > Stephan. > dovecot-2.2.1-2.fc19.x86_64 dovecot-pigeonhole-2.2.1-2.fc19.x86_64 It won't run ANY sieves even the sieve_before, directory or specific sieve file. Trever -- "Concentrate all your thoughts upon the work at hand. The sun's rays do not burn until brought to a focus." -- Alexander Graham Bell From noeldude at gmail.com Tue May 14 22:44:42 2013 From: noeldude at gmail.com (Noel) Date: Tue, 14 May 2013 14:44:42 -0500 Subject: [Dovecot] Looking for a good way to manage passwords for CRAM-MD5 In-Reply-To: <20130514173934.GJ3672@harrier.slackbuilds.org> References: <8738tscuri.fsf@dod.no> <518F8DAA.7070504@dementianati.com> <20130514173934.GJ3672@harrier.slackbuilds.org> Message-ID: <5192942A.90802@gmail.com> On 5/14/2013 12:39 PM, /dev/rob0 wrote: > On Sun, May 12, 2013 at 05:40:10AM -0700, Professa Dementia wrote: >> On 5/12/2013 4:17 AM, Steinar Bang wrote: >>> I prefer not to use clear text passwords, even over an encrypted >>> connection. >> Why? Enforce the encrypted link by not allowing unencrypted >> connections. The simplest is iptables to block ports 110 and 143, >> while allowing 993 and 995. > I don't understand this advice. Why would someone who is apparently > interested in heightened transport security restrict himself to the > older generation SSL v.2, which was long ago superceded by TLS v.1? Forcing the connection to 993/995 does not imply SSLv2. TLSv1.[012] is still negotiated. There is no decrease in security. > http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0.2C_2.0_and_3.0 > http://wiki2.dovecot.org/SSL > > Quoting from the latter page: > > "Some admins want to require SSL/TLS, but don't realize that this is > also possible with STARTTLS (Dovecot has disable_plaintext_auth=yes > and ssl=required settings)." It's not unreasonable to disable the plaintext ports to minimize the possibility of a fat-fingered accident. -- Noel Jones From branko at majic.rs Tue May 14 22:55:23 2013 From: branko at majic.rs (Branko Majic) Date: Tue, 14 May 2013 21:55:23 +0200 Subject: [Dovecot] Looking for a good way to manage passwords for CRAM-MD5 In-Reply-To: <20130514173934.GJ3672@harrier.slackbuilds.org> References: <8738tscuri.fsf@dod.no> <518F8DAA.7070504@dementianati.com> <20130514173934.GJ3672@harrier.slackbuilds.org> Message-ID: <20130514215523.7e828409@zetkin.primekey.se> On Tue, 14 May 2013 12:39:34 -0500 /dev/rob0 wrote: > On Sun, May 12, 2013 at 05:40:10AM -0700, Professa Dementia wrote: > > On 5/12/2013 4:17 AM, Steinar Bang wrote: > > > I prefer not to use clear text passwords, even over an encrypted > > > connection. > > > > Why? Enforce the encrypted link by not allowing unencrypted > > connections. The simplest is iptables to block ports 110 and 143, > > while allowing 993 and 995. > > I don't understand this advice. Why would someone who is apparently > interested in heightened transport security restrict himself to the > older generation SSL v.2, which was long ago superceded by TLS v.1? > > http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0.2C_2.0_and_3.0 > http://wiki2.dovecot.org/SSL > > Quoting from the latter page: > > "Some admins want to require SSL/TLS, but don't realize that this is > also possible with STARTTLS (Dovecot has disable_plaintext_auth=yes > and ssl=required settings)." SSL vs STARTTLS in this context has nothing to do with SSL/TLS versions (and available ciphers). The thing is that SSL and STARTTLS in this context represent different mechanisms by which you can initiate an SSL/TLS handshake. The "SSL method" means you connect to port 993 and start a handshake immediately (similar to HTTPS). The "STARTTLS method" means you're connecting through port 143, using plain-text communications at first, until you send a STARTTLS command to server. When a STARTTLS has been issued, both client and server proceed with an SSL/TLS handshake the same way as if the client had connected to port 993. It's unfortunately poor selection of terminology, but everyone is using it, therefore introducing a bit of confusion with people that are into PKI that much :) In effect, in both cases (if the software is built and configured correctly) you'll be using TLSv1.0 or higher. The thing is that if you connect to port 993, and Dovecot is configured to use SSL there straight away, if the client starts sending IMAP commands in plain-text, the server will cut connection due to invalid SSL/TLS handshake. When using plain-text port 143, the client may attempt to send out username/password even though the server requires TLS (well, the client shouldn't do this, since server should signal the client what are its capabilities, but you never know how bad the client implementation is). I hope this description helps a bit :) Best regards P.S. I think there's even been one discussion regarding this relatively recently on Dovecot mailing lists. -- Branko Majic Jabber: branko at majic.rs Please use only Free formats when sending attachments to me. ?????? ????? ?????: branko at majic.rs ????? ??? ?? ??????? ?????? ????????? ? ????????? ?????????. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From cr at sys4.de Tue May 14 23:30:57 2013 From: cr at sys4.de (=?windows-1252?Q?Christian_R=F6=DFner?=) Date: Tue, 14 May 2013 22:30:57 +0200 Subject: [Dovecot] 2.2.1 and quota-status In-Reply-To: References: Message-ID: > ls -la /var/run/dovecot/config > srw------- 1 root root 0 May 14 11:06 /var/run/dovecot/config > > chown vmail /var/run/dovecot/config > > ls -la /var/run/dovecot/config > srw------- 1 vmail root 0 May 14 11:06 /var/run/dovecot/config thanks to e-frog, this part of the problem is solved by adding: service config { unix_listener config { mode = 0600 user = vmail } } to 10-master.conf But the service itself still is not working here. Kind regards -Christian R??ner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From stephan at rename-it.nl Tue May 14 23:56:58 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 14 May 2013 22:56:58 +0200 Subject: [Dovecot] dovecot 2.0 -> 2.1 sieve problem In-Reply-To: <5192920A.3030302@middleearth.sapphiresunday.org> References: <5192884E.2080009@middleearth.sapphiresunday.org> <519290AB.70207@rename-it.nl> <5192920A.3030302@middleearth.sapphiresunday.org> Message-ID: <5192A51A.6010803@rename-it.nl> On 5/14/2013 9:35 PM, Trever L. Adams wrote: > On 05/14/2013 01:29 PM, Stephan Bosch wrote: >> On 5/14/2013 8:54 PM, Trever L. Adams wrote: >>> I had a completely working setup before. I upgraded, now I get: >>> >>> Error: 7LUaNYqHklG6EAAApwKjnA: sieve: execution of script (null) failed, >>> but implicit keep was successful >>> >>> sieve = /home/vmail/%Ld/%Ln/.dovecot.sieve >>> sieve_dir = /home/vmail/%Ld/%Ln/sieve (this was ~/sieve) >>> >>> I am not quite sure what is going on. Is anyone else seeing this? Any >>> idea on what has changed? (I am not readily seeing it in changelogs or >>> mailing lists.) >> What is the exact version of Pigeonhole you're upgrading to? > dovecot-2.2.1-2.fc19.x86_64 > dovecot-pigeonhole-2.2.1-2.fc19.x86_64 That is not 2.1, right? > It won't run ANY sieves even the sieve_before, directory or specific > sieve file. The error you see is a bug in any case because of the '(null)' script location. You can enable mail_debug to see more information. Could you also provide dovecot -n output here? Regards, Stephan. From daniel.parthey at informatik.tu-chemnitz.de Wed May 15 00:12:57 2013 From: daniel.parthey at informatik.tu-chemnitz.de (Daniel Parthey) Date: Tue, 14 May 2013 23:12:57 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518BB434.7090905@rename-it.nl> References: <518BB434.7090905@rename-it.nl> Message-ID: <20130514211257.GA30684@daniel.localdomain> Stephan Bosch wrote: > One of the most important issues on my list is implementing support for using > alternative types of storage (e.g. a database) for Sieve scripts, rather than > only a filesystem directory as it is now. What about using Dovecot's lib-fs to abstract the storage layer? Regards Daniel -- https://plus.google.com/103021802792276734820 From stephan at rename-it.nl Wed May 15 00:42:33 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 14 May 2013 23:42:33 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <20130514211257.GA30684@daniel.localdomain> References: <518BB434.7090905@rename-it.nl> <20130514211257.GA30684@daniel.localdomain> Message-ID: <5192AFC9.905@rename-it.nl> On 5/14/2013 11:12 PM, Daniel Parthey wrote: > Stephan Bosch wrote: >> One of the most important issues on my list is implementing support for using >> alternative types of storage (e.g. a database) for Sieve scripts, rather than >> only a filesystem directory as it is now. > What about using Dovecot's lib-fs to abstract the storage layer? Yes, that is one of the possibilities I have in mind. Regards, Stephan. From stephan at rename-it.nl Wed May 15 00:43:37 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 14 May 2013 23:43:37 +0200 Subject: [Dovecot] 2.2.x autobuilds: Debian Stable now Wheezy, which pool for 2.2.x? In-Reply-To: <518D3B69.9010807@rename-it.nl> References: <518D317A.4070606@tesco.net> <518D3B69.9010807@rename-it.nl> Message-ID: <5192B009.5050607@rename-it.nl> On 5/10/2013 8:24 PM, Stephan Bosch wrote: > Hmm, the slave builder is down due to some issues with the Xen server. > This means that testing-auto i386 (the master) will be the only > release updated for the moment. I hope this still installs on stable, > otherwise you'll have to wait a little longer. Seems to be fixed now. Regards, Stephan. From daniel.parthey at informatik.tu-chemnitz.de Wed May 15 00:52:11 2013 From: daniel.parthey at informatik.tu-chemnitz.de (Daniel Parthey) Date: Tue, 14 May 2013 23:52:11 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518C13D0.9030109@rename-it.nl> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> Message-ID: <20130514215211.GA31318@daniel.localdomain> Stephan Bosch wrote: > >On 2013-05-09 10:35 AM, Stephan Bosch wrote: > >>Currently, I'm building an SMTP submission proxy server. > To provide some sort of solution for the short term, I guess I'll > just add an optional auto-save-to-sent feature. When the submission > service has direct access to the user's mail storage, that is > trivial to implement. However, if the submission service is > unprivileged, that will be a little more difficult. Probably, in > that case I'll make it use a special support service to perform the > actual delivery to the sent folder. Any suggestions are welcome. Please don't forget to implement the "submission director proxy", we absolutely need this in order to be able to work with NFS+mdbox and prevent corrupted indexes. We cannot just store something directly into the local "Sent" Folder, we need to go through the director to the appropriate NFS client host. Regards Daniel -- https://plus.google.com/103021802792276734820 From daniel.parthey at informatik.tu-chemnitz.de Wed May 15 01:28:39 2013 From: daniel.parthey at informatik.tu-chemnitz.de (Daniel Parthey) Date: Wed, 15 May 2013 00:28:39 +0200 Subject: [Dovecot] SMTP front-end Re: Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <518CEE89.6010601@rename-it.nl> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <518CC81C.5040205@frittentheke.de> <518CD9E3.4030606@rename-it.nl> <518CEE89.6010601@rename-it.nl> Message-ID: <20130514222839.GA31725@daniel.localdomain> Stephan Bosch wrote: > On 5/10/2013 2:43 PM, Lutz Pre?ler wrote: > >Stephan, > >On Fri, 10 May 2013, Stephan Bosch wrote: > >Exim has the "-bs" command line option. From spec: > > > >Could you implement this interface to a backend server, too? > > As long as it talks SMTP, it shouldn't be that difficult to > facilitate this. But, what exactly is the benefit of this over a > normal TCP connection? Might by useful with (x)inetd which opens the TCP listener itself and feeds SMTP commands into stdin of an executable. Regards Daniel -- https://plus.google.com/103021802792276734820 From stephan at rename-it.nl Wed May 15 01:37:34 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 15 May 2013 00:37:34 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1. In-Reply-To: <20130514215211.GA31318@daniel.localdomain> References: <518BB434.7090905@rename-it.nl> <518BC963.308@Media-Brokers.com> <518C13D0.9030109@rename-it.nl> <20130514215211.GA31318@daniel.localdomain> Message-ID: <5192BCAE.6090701@rename-it.nl> On 5/14/2013 11:52 PM, Daniel Parthey wrote: > Stephan Bosch wrote: >>> On 2013-05-09 10:35 AM, Stephan Bosch wrote: >>>> Currently, I'm building an SMTP submission proxy server. >> To provide some sort of solution for the short term, I guess I'll >> just add an optional auto-save-to-sent feature. When the submission >> service has direct access to the user's mail storage, that is >> trivial to implement. However, if the submission service is >> unprivileged, that will be a little more difficult. Probably, in >> that case I'll make it use a special support service to perform the >> actual delivery to the sent folder. Any suggestions are welcome. > Please don't forget to implement the "submission director proxy", > we absolutely need this in order to be able to work with NFS+mdbox > and prevent corrupted indexes. > > We cannot just store something directly into the local "Sent" Folder, > we need to go through the director to the appropriate NFS client host. Yes, that is already on the TODO list. Regards, Stephan. From noel.butler at ausics.net Wed May 15 01:55:52 2013 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 15 May 2013 08:55:52 +1000 Subject: [Dovecot] Sieve was installed but doesn't work or log In-Reply-To: <51926B1E.6080002@packetalk.net> References: <51926B1E.6080002@packetalk.net> Message-ID: <1368572152.4459.17.camel@tardis> On Tue, 2013-05-14 at 12:49 -0400, Jim McNamara wrote: > Hello everyone. > > I have dovecot version 1.2.8 installed from source. This morning I > installed the sieve plugin to sort emails, and though the install > reported no errors, the plugin doesn't seem to function, and no mention > of it is made in the logs when I turn on verbose logging. > with version 1.2.x I always found cmusieve to behave nicer. Though, if you are installing from source, why the hell are you using something so old? 1.2.17 is the latest in the now unsupported 1.2 series, but if you are building from source, try 2.1.16 and dovecot-2.1-pigeonhole-0.3.5, I've only recently (months ago) moved to 2.1 from 1.2, and it appears smoother, and lot of niggly things like hung *-login processes on busy servers have gone away, without bench testing, I'd even say its more resource friendly (at least in NFS (without director) configurations) Are you sure your sieve scripts are valid? do they get compiled? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From daniel.parthey at informatik.tu-chemnitz.de Wed May 15 02:21:17 2013 From: daniel.parthey at informatik.tu-chemnitz.de (Daniel Parthey) Date: Wed, 15 May 2013 01:21:17 +0200 Subject: [Dovecot] Looking for a good way to manage passwords for CRAM-MD5 In-Reply-To: <8738tscuri.fsf@dod.no> References: <8738tscuri.fsf@dod.no> Message-ID: <20130514232117.GA32568@daniel.localdomain> Steinar Bang wrote: > it is very hard to find documentation on what PAM modules exist, > and how to write a new one, and if it is possible to chain modules in PAM The PAM documentation can be found at: http://www.linux-pam.org/Linux-PAM-html/ The Linux-PAM System Administrators' Guide http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html contains a list of standard modules. The Linux-PAM Application Developers' Guide http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_ADG.html explains how to develop modules. Regards Daniel -- https://plus.google.com/103021802792276734820 From kengheng at mysql.cc Wed May 15 12:33:34 2013 From: kengheng at mysql.cc (kengheng) Date: Wed, 15 May 2013 17:33:34 +0800 Subject: [Dovecot] Make install error In-Reply-To: <20130424155049.GB66499@anubis.morrow.me.uk> References: <5170BEF0.6060306@mysql.cc> <1366713011.11047.345.camel@innu> <51776D42.1080103@mysql.cc> <20130424155049.GB66499@anubis.morrow.me.uk> Message-ID: <5193566E.7030303@mysql.cc> The output as below: grep ^libexecdir config.log libexecdir='${exec_prefix}/lib' grep ^exec_prefix config.log exec_prefix='${prefix}' grep ^prefix config.log prefix='/usr/local/dovecot' On 4/24/13 11:50 PM, Ben Morrow wrote: > At 1PM +0800 on 24/04/13 you (kengheng) wrote: >> Hi, I tried remove and make install, same err happended. I noticed from >> the log below, it first generate the >> "/usr/local/dovecot/lib/dovecot/auth" with checkpassword-reply, and it >> is success, the coming generation directory for auth at >> "/usr/local/dovecot/lib/dovecot/", it is weird that the make install >> generation for file auth and directory auth at same path. It is causing >> the issues. >> >> make[3]: Entering directory `/usr/local/src/dovecot-2.2.1/src/auth' >> test -z "/usr/local/dovecot/lib/dovecot" || /usr/bin/mkdir -p >> "/usr/local/dovecot/lib/dovecot" >> /bin/sh ../../libtool --mode=install /usr/bin/install -c auth >> checkpassword-reply '/usr/local/dovecot/lib/dovecot' > These files should be installed under libexec; probably > /usr/local/dovecot/libexec/dovecot, though I'm not sure how autoconf > chooses the libexec directory when you're using an explicit prefix. What > do the following give you (in the top-level Dovecot source dir)? > > grep ^libexecdir config.log > grep ^exec_prefix config.log > grep ^prefix config.log > > Ben > > > From tss at iki.fi Wed May 15 13:16:53 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 13:16:53 +0300 Subject: [Dovecot] search and UTF-8 normalization forms (NFD) In-Reply-To: <518E6032.8000304@babelmonkeys.de> References: <730F760C-FC67-42C0-8405-770114D27063@iki.fi> <518CF527.3010705@babelmonkeys.de> <518E6032.8000304@babelmonkeys.de> Message-ID: On 11.5.2013, at 18.13, Florian Zeitz wrote: > Am 10.05.2013 15:24, schrieb Florian Zeitz: >> Could you elaborate a bit why you think i;unicode-casemap does not >> handle this case? >> >> Is it only applied to the query, but not the header, or vice versa? >> It seems to me that Step 2 should map both inputs to LATIN CAPITAL >> LETTER U + COMBINING DIAERESIS. >> >> Regards, >> Florian >> > > So... I had a look at this. Turns out that the current implementation of > Unicode decomposition (Step 2(b) in i;unicode-casemap) in Dovecot is > broken. It only handles decomposition properties that include a tag. > I've attached a hg export that fixes this. Thanks, added to v2.1 and v2.2 hg. From tss at iki.fi Wed May 15 14:28:40 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 14:28:40 +0300 Subject: [Dovecot] 2.2.1 and quota-status In-Reply-To: References: Message-ID: <4A4A5B08-04CC-4B07-A971-F80DD1A0151F@iki.fi> On 14.5.2013, at 12.20, Christian R??ner wrote: > Also the following test does not succeed: > > telnet localhost 12340 > Trying ::1... > Connected to localhost. > Escape character is '^]'. > request=smtpd_access_policy > sender=foo at bar.tld > recipient=c at roessner-network-solutions.com > size=10000000000 > > action= http://hg.dovecot.org/dovecot-2.2/rev/03aac782261e should help. From tss at iki.fi Wed May 15 14:33:45 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 14:33:45 +0300 Subject: [Dovecot] quota and dict In-Reply-To: <1367557469.13802.13.camel@localhost> References: <1367557469.13802.13.camel@localhost> Message-ID: On 3.5.2013, at 8.04, Jeff Gustafson wrote: > Shouldn't I be able to use a dictionary > proxy to attach any custom program to a quota dict socket? > > plugin { > quota = dict:User quota::proxy:/tmp/test-socket > } This tells quota plugin to connect to /tmp/test-socket and talk dict protocol to it. > Neither one create a socket in /tmp. No, your external program needs to create the socket. From tss at iki.fi Wed May 15 14:50:55 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 14:50:55 +0300 Subject: [Dovecot] dovecot 2.2.0 corrupts mailboxes? In-Reply-To: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> References: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> Message-ID: On 5.5.2013, at 3.56, Emmanuel Dreyfus wrote: > On april 17th, I upgraded from dovecot 2.1.13 to 2.2.0. Since that time, > I had two different users that reported received three incident of > messages that disapeared from their mailboxes. > > The mailbox format is mbox on local FFS filesystem (no NFS), and I use > filesystem quotas (but both users are far from filling their quotas). > When the message disapeared, it was always a whole rand of dates. On the > last incident reported, the user also saw some message being duplicated > many times. There are some locking code changes between v2.1 and v2.2, which I guess might be buggy. But I can't reproduce any corruption with stress testing. What's your doveconf -n output? Are you delivering mails via dovecot-lda or something external? > Does that ring a bell? I am tempted to downgrade to 2.1.13. Does it > makes sense? Is it safe to do so? When downgrading, I recommend latest v2.1. From tss at iki.fi Wed May 15 15:12:00 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 15:12:00 +0300 Subject: [Dovecot] Mail deduplication In-Reply-To: <5188D2C9.30501@Media-Brokers.com> References: <5208631.125845.1367885981745.JavaMail.root@timgws.com.au> <51889DC3.2050401@um.es> <5188D2C9.30501@Media-Brokers.com> Message-ID: <1FF966A8-9706-456C-B6D2-9A293936FC0A@iki.fi> On 7.5.2013, at 13.09, Charles Marcus wrote: > On 2013-05-07 2:22 AM, Angel L. Mateo wrote: >> El 07/05/13 02:19, Tim Groeneveld escribi?: >>> I was thinking of splitting all of the mime parts and recombining >>> them later when the message was requested. >>> >>> All of the parts would be hashed and stored separate to the >>> message. This would mean things like image signatures and the >>> like would only be stored once. >>> >>> From what I understand, SIS does not do this. (that being said, >>> I have not looked too deeply into SIS at the moment, as I am >>> currently working on the elasticsearch FTS plugin) > >> I think that SiS DOES exactly this. > > That would be incorrect. SIS does *not* split the message up into its different MIME parts (ie, headers, body, etc). > >> All attachments are splited from the original message and stored in a common attachments directory. When the message is requested, then parts are recombined. > > *Attachments*, yes (so, an image signature that was an *attachment* would be de-duped, but if it was an *embedded* graphic, I'm pretty sure it would *not* be. SIS doesn't by default care about if a MIME part is attachment or not. It stores externally all MIME parts that are large enough and don't have Content-Type: text/. There's a hook that plugins could implement a different logic, like for example not storing embedded images externally or checking for the Content-Disposition: attachment header. From CMarcus at Media-Brokers.com Wed May 15 15:21:35 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 15 May 2013 08:21:35 -0400 Subject: [Dovecot] Mail deduplication In-Reply-To: <1FF966A8-9706-456C-B6D2-9A293936FC0A@iki.fi> References: <5208631.125845.1367885981745.JavaMail.root@timgws.com.au> <51889DC3.2050401@um.es> <5188D2C9.30501@Media-Brokers.com> <1FF966A8-9706-456C-B6D2-9A293936FC0A@iki.fi> Message-ID: <51937DCF.30308@Media-Brokers.com> On 2013-05-15 8:12 AM, Timo Sirainen wrote: > On 7.5.2013, at 13.09, Charles Marcus wrote: > >> *Attachments*, yes (so, an image signature that was an *attachment* >> would be de-duped, but if it was an *embedded* graphic, I'm pretty >> sure it would *not* be. > SIS doesn't by default care about if a MIME part is attachment or not. It stores externally all MIME parts that are large enough and don't have Content-Type: text/. There's a hook that plugins could implement a different logic, like for example not storing embedded images externally or checking for the Content-Disposition: attachment header. Interesting... so it actually will SIS inline images/attachments if they are large enough... Thanks for the correction Timo... -- Best regards, Charles From tss at iki.fi Wed May 15 15:27:42 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 15:27:42 +0300 Subject: [Dovecot] Keyword limit? In-Reply-To: <20130506161026.Horde.2ULRV1cEN1yjCUs2YK2Ikg2@bigworm.curecanti.org> References: <20130506161026.Horde.2ULRV1cEN1yjCUs2YK2Ikg2@bigworm.curecanti.org> Message-ID: <520CF308-C116-46A4-BEDC-44656B22AEF5@iki.fi> On 7.5.2013, at 1.10, Michael M Slusarz wrote: > Running into a weird issue in a mailbox that has 26+ keywords. http://hg.dovecot.org/dovecot-2.1/rev/7389ff729d2e should help. From tss at iki.fi Wed May 15 15:39:37 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 15:39:37 +0300 Subject: [Dovecot] IMAP SSL proxy (questions) In-Reply-To: <518B90E8.3030708@middleearth.sapphiresunday.org> References: <518A779D.6060404@middleearth.sapphiresunday.org> <20130508195733.GG52079@anubis.morrow.me.uk> <518B90E8.3030708@middleearth.sapphiresunday.org> Message-ID: <2E901094-9619-488E-900F-3338C88B5135@iki.fi> On 9.5.2013, at 15.04, Trever L. Adams wrote: > Thank you Ben and Noel for your responses! I know Thunderbird on Linux > sends it. Right now my targets would be Thunderbird, K9 Mail and Android > Mail on Android, and Apple Mail and whatever the equivalent is on iOS. I > will investigate K9 and Android later (as I have access to those). I do > not have access to the Apple ones at the moment. It would be useful to track these. I started a wiki page, everyone please update: http://wiki2.dovecot.org/SSL/SNIClientSupport From tss at iki.fi Wed May 15 15:47:58 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 15:47:58 +0300 Subject: [Dovecot] Crossrealm Kerberos problems In-Reply-To: <518BE75A.2080708@ligo-wa.caltech.edu> References: <518BE75A.2080708@ligo-wa.caltech.edu> Message-ID: On 9.5.2013, at 21.13, Jonathan Hanks wrote: > I am working on a Kerberos/GSSAPI based setup that requires cross-realm > authentication. I have regular GSSAPI working, I can log in using > pam_krb5 with password based logins or with the GSSAPI support when > using a kerberos ticket in the default realm. MIT or Heimdal? > However when I attempt to authenticate using cross realm authentication > the login fails (logs below). > > After perusing the source code I beleive that the problem is as such: > > All taking place in mech-gssapi.c > > 1. mech_gssapi_userok(...) calls mech_gssapi_krb5_userok > 2. mech_gssapi_krb5_userok(...) calls krb5_kuserok(...) to verify that > the given Kerberos prinicpal can log in as the requested user. > 3. The authentication process is running as the Dovecot user so: > 3a. krb5_kuserok(...) looks for ~dovecot/.k5login to authorize cross > realm logins > 3b. There is no ~dovecot/.k5login, thus no cross realm access is allowed > 3c. It should be looking at the users .k5login ~poptest/.k5login > 3d. This never happens and the login attempt fails Heimdal's man page seems to say that it's first looking up the system user and using .k5login from that user's home dir. MIT's man page doesn't really say anything. > I have the server set up to use system users specifically so that I can > do cross-realm authentication. > > Do I have some basic configuration error? How do I change the > authentication process to run as the user requesting to login? Should > that be allowed? If the auth process is running as root, you could patch the code to do that .. but seems pretty ugly to me. > Another thought is to backport some of the patches proposed for 2.2 that > remove krb5_kuserok from the loop. With v2.2 there's a "k5principals" passdb extra field that you can set, which lists all the authorized users. From jim at packetalk.net Wed May 15 15:55:31 2013 From: jim at packetalk.net (Jim McNamara) Date: Wed, 15 May 2013 08:55:31 -0400 Subject: [Dovecot] Sieve was installed but doesn't work or log In-Reply-To: <1368572152.4459.17.camel@tardis> References: <51926B1E.6080002@packetalk.net> <1368572152.4459.17.camel@tardis> Message-ID: <519385C3.6050601@packetalk.net> On 05/14/2013 06:55 PM, Noel Butler wrote: > On Tue, 2013-05-14 at 12:49 -0400, Jim McNamara wrote: > >> Hello everyone. >> >> I have dovecot version 1.2.8 installed from source. This morning I >> installed the sieve plugin to sort emails, and though the install >> reported no errors, the plugin doesn't seem to function, and no mention >> of it is made in the logs when I turn on verbose logging. >> > > with version 1.2.x I always found cmusieve to behave nicer. > > Though, if you are installing from source, why the hell are you using > something so old? > 1.2.17 is the latest in the now unsupported 1.2 series, but if you are > building from source, try 2.1.16 and dovecot-2.1-pigeonhole-0.3.5, > I've only recently (months ago) moved to 2.1 from 1.2, and it appears > smoother, and lot of niggly things like hung *-login processes on busy > servers have gone away, without bench testing, I'd even say its more > resource friendly (at least in NFS (without director) configurations) > > Are you sure your sieve scripts are valid? do they get compiled? > > I believe in the past there was some issues with newer dovecot when using qmail and vpopmail, but it has been years since I tried it. I'll compile the source this morning and see if I can get deliveries to work without sieve, then I'll proceed with the pigeonhole install. My sieve script passed the test on http://libsieve-php.sourceforge.net/ , they are not complicated scripts at all, literally if sender is A, move to subfolder A of inbox. It was just for testing. The reason I assumed there was a problem was the complete lack of logging. Also when I moved the default sieve script: sieve_global_path: /usr/local/etc/default.sieve and the user script: sieve: /home/vpopmail/domains/%d/%n/sieve there was no logging that indicated sieve couldn't run because of a lack of any sieve scripts. That plus the single sorting rule not working quickly made me think sieve simply didn't install or work. Thank you for the help, I'll post back with the success/failure of a more recent version. From aseques at gmail.com Wed May 15 15:57:08 2013 From: aseques at gmail.com (Joan) Date: Wed, 15 May 2013 14:57:08 +0200 Subject: [Dovecot] Autocreation the home folder In-Reply-To: References: <5191CF84.9000103@um.es> Message-ID: Sorry for this bump, but isn't there a better solution to have those folders than to be watching the logs for warnings and recreate them? Regards, Joan 2013/5/14 Joan > Yes, all folder tree has vmail:vmail as the owner, and dovecot can create > the folders without issues. > I verified that when manually creating those folders, the warnings > disappear, the main issue still remains though. > When I send the first mail to a user he has this layout: > cur > dovecot.index.cache > dovecot.index.log > dovecot-uidlist > dovecot-uidvalidity > dovecot-uidvalidity.5191f7ad > maildirsize > new > tmp > > Sadly ,there's no home folder, so I've no other option than to create the > folder by hand? > > > > 2013/5/14 Angel L. Mateo > > El 13/05/13 17:50, Steffen Kaiser escribi?: >> >> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On Mon, 13 May 2013, Joan wrote: >>> >>> Hi Steffen, that was an error I hadn't spotted (copypasting error). >>>> Still >>>> after changing mail_home to the proper value (/home/vmail/%d/%n/home) >>>> the >>>> errors in the logs are the same >>>> >>> >>> Am I supposed to create the folders via an external script? Or is >>>>> there any option to make this automatic. >>>>> >>>> >>> As far as I know, the home directory is not created automatically. You >>> will need to use an external script. >>> >>> I have this config: >> >> mail_home = /mail/users/mailboxes/%2Ln/%Ln >> mail_location = mdbox:%h/mdbox:INDEX=/mail/**indexes/%2Ln/%Ln >> >> In my config, mail_home is also auto created (I have dovecot >> 2.1.16) >> >> Do you have any error? Has dovecot user permissions to create >> direcotories/files under your /var/mail? >> >> -- >> Angel L. Mateo Mart?nez >> Secci?n de Telem?tica >> ?rea de Tecnolog?as de la Informaci?n >> y las Comunicaciones Aplicadas (ATICA) >> http://www.um.es/atica >> Tfo: 868887590 >> Fax: 868888337 >> > > From tss at iki.fi Wed May 15 16:11:25 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 16:11:25 +0300 Subject: [Dovecot] Dovecot 2.2.1 subscribtion status in LIST In-Reply-To: <1368192641.16350.5.camel@hakkenden.homenet> References: <1368192641.16350.5.camel@hakkenden.homenet> Message-ID: <45E0ACE4-16B2-441B-A630-9526563A89B1@iki.fi> On 10.5.2013, at 16.30, Nikolay S. wrote: > I am using Evolution to connect to dovecot imap server. Today the server was upgraded to 2.2.1 from 2.1.9, and there is problem with evolution being unable to subscribe to INBOX. > > This is from dovecot 2.1.9: > a002 list "" "*" return (subscribed) > * LIST (\Subscribed) "." "INBOX" <--- > > And this is from 2.2.1: > a002 list "" "*" return (subscribed) > * LIST () "." INBOX <--- > a002 OK List completed. Fixed: http://hg.dovecot.org/dovecot-2.2/rev/0d4d5f7f93df From tss at iki.fi Wed May 15 16:12:45 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 16:12:45 +0300 Subject: [Dovecot] dovecot 2.2.1: lmtp running in base_dir In-Reply-To: <518D8999.40906@delphinidae.org.uk> References: <518D8999.40906@delphinidae.org.uk> Message-ID: <6F268D6F-1776-4AB2-BA91-824E69370DF8@iki.fi> On 11.5.2013, at 2.58, Andy R wrote: > I'm running into an issue with lmtp trying to store user mail in 'base_dir' ( same as this ( http://www.dovecot.org/list/dovecot/2011-January/056736.html )) however I'm just using PAM for auth. I've tried with chroot, without chroot and 'chroot'ing lmtp directly in ' service lmtp { } ' which just lead to lots more errors. > > I've not included anything of the current config so far, as I don't know what is needed here yet. > > I'm sure I'm missing something obvious, but I can't spot it for the life of me. Can anyone offer any new ideas? You're using a relative path somewhere instead of an absolute path. Possibly in your home dir or mail_location. mail_debug=yes is helpful (make sure all paths begin with /). From tss at iki.fi Wed May 15 16:15:06 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 16:15:06 +0300 Subject: [Dovecot] Autocreation the home folder In-Reply-To: References: <5191CF84.9000103@um.es> Message-ID: Dovecot autocreates the mail directory, but apparently it doesn't currently autocreate the home directory if it's located elsewhere. I'm not sure if it's really worth the trouble to change the code to do that. Ideally the mail directory would be under the home directory and this wouldn't be a problem. You could also change your new user creation to trigger mkdiring the user's home. On 15.5.2013, at 15.57, Joan wrote: > Sorry for this bump, but isn't there a better solution to have those > folders than to be watching the logs for warnings and recreate them? > > Regards, > > Joan > > > 2013/5/14 Joan > >> Yes, all folder tree has vmail:vmail as the owner, and dovecot can create >> the folders without issues. >> I verified that when manually creating those folders, the warnings >> disappear, the main issue still remains though. >> When I send the first mail to a user he has this layout: >> cur >> dovecot.index.cache >> dovecot.index.log >> dovecot-uidlist >> dovecot-uidvalidity >> dovecot-uidvalidity.5191f7ad >> maildirsize >> new >> tmp >> >> Sadly ,there's no home folder, so I've no other option than to create the >> folder by hand? >> >> >> >> 2013/5/14 Angel L. Mateo >> >> El 13/05/13 17:50, Steffen Kaiser escribi?: >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> On Mon, 13 May 2013, Joan wrote: >>>> >>>> Hi Steffen, that was an error I hadn't spotted (copypasting error). >>>>> Still >>>>> after changing mail_home to the proper value (/home/vmail/%d/%n/home) >>>>> the >>>>> errors in the logs are the same >>>>> >>>> >>>> Am I supposed to create the folders via an external script? Or is >>>>>> there any option to make this automatic. >>>>>> >>>>> >>>> As far as I know, the home directory is not created automatically. You >>>> will need to use an external script. >>>> >>>> I have this config: >>> >>> mail_home = /mail/users/mailboxes/%2Ln/%Ln >>> mail_location = mdbox:%h/mdbox:INDEX=/mail/**indexes/%2Ln/%Ln >>> >>> In my config, mail_home is also auto created (I have dovecot >>> 2.1.16) >>> >>> Do you have any error? Has dovecot user permissions to create >>> direcotories/files under your /var/mail? >>> >>> -- >>> Angel L. Mateo Mart?nez >>> Secci?n de Telem?tica >>> ?rea de Tecnolog?as de la Informaci?n >>> y las Comunicaciones Aplicadas (ATICA) >>> http://www.um.es/atica >>> Tfo: 868887590 >>> Fax: 868888337 >>> >> >> From tss at iki.fi Wed May 15 16:23:25 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 16:23:25 +0300 Subject: [Dovecot] Xlist in userdb, Foldernames with whitespace? In-Reply-To: <7F307CBDF53744EABA4708392A709DA2@ai.local> References: <184A6E7B8F5A495A94DD08A848164103@ai.local> <7F307CBDF53744EABA4708392A709DA2@ai.local> Message-ID: On 13.5.2013, at 10.06, Hajo Locke wrote: >> My problem is to allow Foldernames with whitespace in it f.e. Sent Messages >> I tried to put these names in quotes in this line or mask the blank with backslash but nothing was working. >> Dovecot ist not accepting these settings: > > In your example here you created two mailboxes by commandlineparams: http://dovecot.org/list/dovecot/2013-March/089373.html > 'namespace/inbox/mailbox=foo bar' > > After putting this to userdb i tried a lot of masking, quoting etc, but dovecot is always splitting up at the blank space, and a foldername with blank space like "Sent Mails" seems to be impossible in userdb. > How to achieve this? > This would be nice for other features separate from the xlist feature, autocreation of individual folders can be used for different purposes. I think you don't need to use the actual mailbox name as the "id". So the above URL's command modified: /usr/local/libexec/dovecot/imap -o 'namespace/inbox/mailbox=foo bar' -o namespace/inbox/mailbox/foo/name="foo with spaces" -o namespace/inbox/mailbox/bar/name="bar with spaces" -o namespace/inbox/mailbox/foo/auto=create -o namespace/inbox/mailbox/bar/auto=create -o namespace/inbox/mailbox/foo/special_use=\\sent -o namespace/inbox/mailbox/bar/special_use=\\drafts From tss at iki.fi Wed May 15 16:27:40 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 16:27:40 +0300 Subject: [Dovecot] protocols and privileges In-Reply-To: References: Message-ID: <3D291131-A54E-4B73-811F-9FA60ADA7060@iki.fi> On 14.5.2013, at 16.41, andreas graeper wrote: > 1) > protocols = pop3 > but when starting the service, output tells about imap. when mua fetches > mails ~/mail/.imap/INDEX is created. It should have originally been named .dovecot instead of .imap, but it's way too late to change now. > 2) > i have some users uid=500 .. 505. src in /var/mail/%u, owner is .mail > and home-directories /home/ - owner is .users > > when dovecot tries to create directory /home//mail then it tells for > user xyz (uid = 502) > > euid=502(xyz) egid=100(users) missing +w permission /home/xyz , euid is > not dir owner. > > but /home/xyz is owned by xyz.users and mod = 0700 ( drwx------ ) > > same environment for uid = 501 works great ! Do you have multiple xyz users with different UID numbers? Check with ls -lnd /home/xyz Other than that, maybe SELinux issue. From tss at iki.fi Wed May 15 16:29:28 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 16:29:28 +0300 Subject: [Dovecot] Lucene and Zlib with 2.2.1 In-Reply-To: <20130425165552.GA637@queeg.we-be-smart.org> References: <20130425165552.GA637@queeg.we-be-smart.org> Message-ID: On 25.4.2013, at 19.55, Kyle Wheeler wrote: > I have an "archive" folder in my inbox, where I manually stick old mails into a compressed mbox format. Since upgrading to Dovecot 2.2.1, I've started seeing messages like the following in my log files: > > imap(...): Error: lucene: Failed to sync mailbox INBOX: Mailbox isn't selectable > indexer-worker(...): Error: lucene: Failed to sync mailbox INBOX: Mailbox isn't selectable > indexer-worker(...): Error: lucene: Failed to sync mailbox INBOX: Mailbox isn't selectable > indexer-worker(...): Error: lucene: Failed to sync mailbox INBOX: Mailbox isn't selectable > imap(...): Error: indexer failed to index mailbox INBOX/Archive/2007/Sent.gz What's your doveconf -n output? The errors about INBOX are especially strange (maybe just the error message is wrong and it's actually trying to index INBOX/Archive). From hajo.locke at gmx.de Wed May 15 16:55:47 2013 From: hajo.locke at gmx.de (Hajo Locke) Date: Wed, 15 May 2013 15:55:47 +0200 Subject: [Dovecot] Xlist in userdb, Foldernames with whitespace? References: <184A6E7B8F5A495A94DD08A848164103@ai.local><7F307CBDF53744EABA4708392A709DA2@ai.local> Message-ID: Hello, >>I think you don't need to use the actual mailbox name as the "id". So the >>above URL's command modified: >> /usr/local/libexec/dovecot/imap -o 'namespace/inbox/mailbox=foo bar' -o >> namespace/inbox/mailbox/foo/name="foo with spaces" -o >> namespace/inbox/mailbox/bar/name="bar with spaces" -o >> namespace/inbox/mailbox/foo/auto=create -o >> namespace/inbox/mailbox/bar/auto=create -o >> namespace/inbox/mailbox/foo/special_use=\\sent -o >> namespace/inbox/mailbox/bar/special_use=\\drafts yes, this is working. I never considered to see id and mailboxname as different things. Thanks a lot, great Support of your users, Hajo From kyle-dovecot at memoryhole.net Wed May 15 17:13:52 2013 From: kyle-dovecot at memoryhole.net (Kyle Wheeler) Date: Wed, 15 May 2013 08:13:52 -0600 Subject: [Dovecot] Lucene and Zlib with 2.2.1 In-Reply-To: References: <20130425165552.GA637@queeg.we-be-smart.org> Message-ID: <20130515141352.GA1912@queeg.we-be-smart.org> On Wednesday, May 15 at 04:29 PM, quoth Timo Sirainen: > On 25.4.2013, at 19.55, Kyle Wheeler wrote: > >> I have an "archive" folder in my inbox, where I manually stick old mails into a compressed mbox format. Since upgrading to Dovecot 2.2.1, I've started seeing messages like the following in my log files: >> >> imap(...): Error: lucene: Failed to sync mailbox INBOX: Mailbox isn't selectable >> indexer-worker(...): Error: lucene: Failed to sync mailbox INBOX: Mailbox isn't selectable >> indexer-worker(...): Error: lucene: Failed to sync mailbox INBOX: Mailbox isn't selectable >> indexer-worker(...): Error: lucene: Failed to sync mailbox INBOX: Mailbox isn't selectable >> imap(...): Error: indexer failed to index mailbox INBOX/Archive/2007/Sent.gz > > What's your doveconf -n output? The errors about INBOX are > especially strange (maybe just the error message is wrong and it's > actually trying to index INBOX/Archive). Here it is: # 2.2.1: /service/dovecot-memoryhole.net/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 auth_default_realm = memoryhole.net auth_mechanisms = plain login base_dir = /var/run/dovecot/memoryhole first_valid_gid = 64020 first_valid_uid = 64020 last_valid_gid = 64020 last_valid_uid = 64020 log_path = /dev/stderr log_timestamp = login_greeting = ...you two suckers! Stop shirkin' and get workin'! mail_gid = 64020 mail_location = maildir:%h/Maildir mail_max_userip_connections = 20 mail_plugins = fts fts_lucene zlib listescape mail_uid = 64020 mailbox_list_index = yes mbox_write_locks = fcntl namespace { hidden = no inbox = yes list = yes location = maildir:~/Maildir prefix = separator = / type = private } namespace { hidden = yes inbox = no location = mbox:~/Maildir/Archive:LAYOUT=fs:INDEX=~/Maildir/ArchiveIndexes/ prefix = INBOX/Archive/ separator = / type = private } passdb { args = /var/lib/dovecot/dovecot-ldap.conf driver = ldap } plugin { fts = lucene fts_lucene = whitespace_chars=@. zlib_save = gz zlib_save_level = 6 } protocols = imap service auth { user = vpopmail } service imap-login { inet_listener imap { address = imap.memoryhole.net port = 143 } inet_listener imaps { address = imap.memoryhole.net port = 993 } user = dovecot } service imap { executable = imap } service pop3-login { user = dovecot } ssl_cert = mail_plugins = fts fts_lucene zlib imap_zlib listescape } protocol lda { auth_socket_path = /var/run/dovecot/localhost/auth-master hostname = memoryhole.net mail_plugins = fts fts_lucene zlib listescape postmaster_address = postmaster at memoryhole.net } ~Kyle -- The borrower is the slave of the lender. -- Proverbs 22:7 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 842 bytes Desc: not available URL: From tss at iki.fi Wed May 15 17:20:40 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 17:20:40 +0300 Subject: [Dovecot] quota-related crash for doveadm dsync operation In-Reply-To: <20130429074333.GA5707@homeworld.netbsd.org> References: <20130429074333.GA5707@homeworld.netbsd.org> Message-ID: <9ADEB8C7-7580-4113-AF97-6EE1A7BA966C@iki.fi> On 29.4.2013, at 10.43, Emmanuel Dreyfus wrote: > I understand the crash below is caused by filesystem quota. I just report > it because perhaps it could have a more graceful failure. > > > Apr 29 09:39:17 danceny dovecot: dsync-local(jdoe): Error: Mailbox Sent: Saving failed: Not enough disk space > Apr 29 09:39:17 danceny syslogd[165]: last message repeated 4 times > Apr 29 09:39:17 danceny dovecot: doveadm: Error: dsync-remote(jdoe): Error: Cached message size smaller than expected (35111 < 40830) > Apr 29 09:39:17 danceny dovecot: doveadm: Error: dsync-remote(jdoe): Error: Corrupted index cache file /mail/indexes/jdoe/.imap/Sent/dovecot.index.cache: Broken physical size for mail UID 976 > Apr 29 09:39:17 danceny dovecot: doveadm: Error: dsync-remote(jdoe): Error: dsync(local): read(/home/pct/jdoe/mail/Sent) failed: Invalid argument > Apr 29 09:39:17 danceny dovecot: dsync-local(jdoe): Error: dsync(root at volanges.net.espci.fr): read() failed: Broken pipe > Apr 29 09:39:17 danceny dovecot: dsync-local(jdoe): Panic: file mail-storage.c: line 1830 (mailbox_transaction_commit_get_changes): assertion failed: (ret < 0 || seq_range_count(&changes_r->saved_uids) == save_count || array_count(&changes_r->saved_uids) == 0) > Apr 29 09:39:17 danceny dovecot: dsync-local(jdoe): Fatal: master: service(doveadm): child 23443 killed with signal 6 (core not dumped - set service doveadm { drop_priv_before_exec=yes }) Fixed the crash: http://hg.dovecot.org/dovecot-2.2/rev/1d6f42853492 Also fixed a few other mbox issues. But I see that there are still others left when running dsync+mbox. I'll try to get them fixed, but mbox isn't very high priority format.. From steven at fah-designs.co.uk Wed May 15 18:03:28 2013 From: steven at fah-designs.co.uk (stevenfah) Date: Wed, 15 May 2013 08:03:28 -0700 (PDT) Subject: [Dovecot] Fatal: Can't finish POP3 UIDL command Message-ID: <1368630208726-42258.post@n4.nabble.com> I have been setting up a new mail server and copied our client's old mail to it. The old server has Courier (under Plesk), we're using Dovecot on the new server. Most accounts seem to work fine (under IMAP or POP3), but for a few we're getting the following in the /var/log/mail.err. Error: Message ordering changed unexpectedly (msg #1: storage seq 140 -> 1) Fatal: Can't finish POP3 UIDL command And the affected accounts can't get at their email. Things work ok if people switch to IMAP but for some of our clients that is a difficulty, so we really need POP3 working. I used the Perl script given here to convert the mailboxes. The only fix we've found is the rename/delete the Dovecot-uidlist file for the affected mailboxes and we've done that, as it was only a few. The issue now is that more mailboxes are coming with the same error, even though they were fine originally. -- View this message in context: http://dovecot.2317879.n4.nabble.com/Fatal-Can-t-finish-POP3-UIDL-command-tp42258.html Sent from the Dovecot mailing list archive at Nabble.com. From trever at middleearth.sapphiresunday.org Wed May 15 18:05:01 2013 From: trever at middleearth.sapphiresunday.org (Trever L. Adams) Date: Wed, 15 May 2013 09:05:01 -0600 Subject: [Dovecot] dovecot 2.0 -> 2.1 sieve problem In-Reply-To: <5192A51A.6010803@rename-it.nl> References: <5192884E.2080009@middleearth.sapphiresunday.org> <519290AB.70207@rename-it.nl> <5192920A.3030302@middleearth.sapphiresunday.org> <5192A51A.6010803@rename-it.nl> Message-ID: <5193A41D.70601@middleearth.sapphiresunday.org> On 05/14/2013 02:56 PM, Stephan Bosch wrote: > On 5/14/2013 9:35 PM, Trever L. Adams wrote: >> On 05/14/2013 01:29 PM, Stephan Bosch wrote: >>> On 5/14/2013 8:54 PM, Trever L. Adams wrote: >>>> I had a completely working setup before. I upgraded, now I get: >>>> >>>> Error: 7LUaNYqHklG6EAAApwKjnA: sieve: execution of script (null) >>>> failed, >>>> but implicit keep was successful >>>> >>>> sieve = /home/vmail/%Ld/%Ln/.dovecot.sieve >>>> sieve_dir = /home/vmail/%Ld/%Ln/sieve (this was ~/sieve) >>>> >>>> I am not quite sure what is going on. Is anyone else seeing this? Any >>>> idea on what has changed? (I am not readily seeing it in changelogs or >>>> mailing lists.) >>> What is the exact version of Pigeonhole you're upgrading to? >> dovecot-2.2.1-2.fc19.x86_64 >> dovecot-pigeonhole-2.2.1-2.fc19.x86_64 > > That is not 2.1, right? Sorry, I had been at it for many hours when I looked at the version. You are correct. I have been racking my brain trying to figure out why some may not see what I am seeing. The only odd part of my configuration that others may not have is: import_environment = TZ KRB5CCNAME=... This was added, if I remember right, at the request of myself and another so that LDAP configuration could identify with GSSAPI base kerberos. I do use it. > >> It won't run ANY sieves even the sieve_before, directory or specific >> sieve file. > > The error you see is a bug in any case because of the '(null)' script > location. > > You can enable mail_debug to see more information. > > Could you also provide dovecot -n output here? > > Regards, > > Stephan. > > # 2.2.1: /etc/dovecot/dovecot.conf # OS: Linux 3.9.1-301.fc19.x86_64 x86_64 Fedora release 19 (Schr?dinger?s Cat) auth_gssapi_hostname = MX.DOMAIN auth_mechanisms = gssapi gss-spnego login plain auth_realms = DOMAIN auth_username_format = %u import_environment = TZ KRB5CCNAME=/etc/dovecot/krb5.cc lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_gid = vmail mail_home = /home/vmail/%Ld/%Ln mail_location = maildir:~/Maildir mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox INBOX.Dangerous { auto = subscribe } mailbox INBOX.Infected { auto = subscribe } mailbox Junk { special_use = \Junk } mailbox SPAM { auto = subscribe } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { antispam_backend = dspam antispam_dspam_args = --client;--user;%u;--source=error;--signature=%%s antispam_dspam_result_header = X-DSPAM-Result antispam_signature = X-DSPAM-Signature antispam_spam = SPAM antispam_trash = trash;Trash;Deleted Items sieve = /home/vmail/%Ld/%Ln/.dovecot.sieve sieve_before = /etc/dovecot/sieve sieve_dir = /home/vmail/%Ld/%Ln/sieve sieve_global_dir = /etc/dovecot/sieve/ } protocols = imap lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 } } service imap-login { inet_listener imap { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } ssl = required ssl_cert = References: <1368630208726-42258.post@n4.nabble.com> Message-ID: On 15.5.2013, at 18.03, stevenfah wrote: > Error: Message ordering changed unexpectedly (msg #1: storage seq 140 -> 1) > Fatal: Can't finish POP3 UIDL command That's a bug. > I used the Perl script given here to convert the mailboxes. > > The only fix we've found is the rename/delete the Dovecot-uidlist file for > the affected mailboxes and we've done that, as it was only a few. The issue > now is that more mailboxes are coming with the same error, even though they > were fine originally. Could you send me one of the broken dovecot-uidlist files so I can reproduce this? Also, you didn't mention what Dovecot version you're using. If it's an old one it might have been fixed already. From tss at iki.fi Wed May 15 18:18:06 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 18:18:06 +0300 Subject: [Dovecot] dovecot 2.0 -> 2.1 sieve problem In-Reply-To: <5193A41D.70601@middleearth.sapphiresunday.org> References: <5192884E.2080009@middleearth.sapphiresunday.org> <519290AB.70207@rename-it.nl> <5192920A.3030302@middleearth.sapphiresunday.org> <5192A51A.6010803@rename-it.nl> <5193A41D.70601@middleearth.sapphiresunday.org> Message-ID: <1021501B-A7DC-4CB2-B5AF-A58169A5FDDE@iki.fi> On 15.5.2013, at 18.05, Trever L. Adams wrote: > I have been racking my brain trying to figure out why some may not see > what I am seeing. The only odd part of my configuration that others may > not have is: > > import_environment = TZ KRB5CCNAME=... > > This was added, if I remember right, at the request of myself and > another so that LDAP configuration could identify with GSSAPI base > kerberos. I do use it. Can't really be related. > userdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } What does this file contain? What do you get in logs with auth_debug=yes and mail_debug=yes? From trever at middleearth.sapphiresunday.org Wed May 15 18:25:49 2013 From: trever at middleearth.sapphiresunday.org (Trever L. Adams) Date: Wed, 15 May 2013 09:25:49 -0600 Subject: [Dovecot] dovecot 2.0 -> 2.2.1 sieve problem In-Reply-To: <1021501B-A7DC-4CB2-B5AF-A58169A5FDDE@iki.fi> References: <5192884E.2080009@middleearth.sapphiresunday.org> <519290AB.70207@rename-it.nl> <5192920A.3030302@middleearth.sapphiresunday.org> <5192A51A.6010803@rename-it.nl> <5193A41D.70601@middleearth.sapphiresunday.org> <1021501B-A7DC-4CB2-B5AF-A58169A5FDDE@iki.fi> Message-ID: <5193A8FD.9070803@middleearth.sapphiresunday.org> On 05/15/2013 09:18 AM, Timo Sirainen wrote: > On 15.5.2013, at 18.05, Trever L. Adams wrote: > >> I have been racking my brain trying to figure out why some may not see >> what I am seeing. The only odd part of my configuration that others may >> not have is: >> >> import_environment = TZ KRB5CCNAME=... >> >> This was added, if I remember right, at the request of myself and >> another so that LDAP configuration could identify with GSSAPI base >> kerberos. I do use it. > Can't really be related. > >> userdb { >> args = /etc/dovecot/dovecot-ldap.conf.ext >> driver = ldap >> } > What does this file contain? hosts = DOMAIN base = dc=middleearth,dc=sapphiresunday,dc=org ldap_version = 3 user_attrs = userPrincipalName=user user_filter = (&(objectClass=person)(|(mail=%u)(sAMAccountName=%u)(userPrincipalName=%u))) dn = MX$@DOMAIN sasl_bind = yes sasl_mech = GSSAPI sasl_realm = DOMAIN #sasl_authz_id = MX$@DOMAIN # For using doveadm -A: iterate_attrs = userPrincipalName=user iterate_filter = (objectClass=person) This configuration works for everything but sieve. It used to work for everything. > > What do you get in logs with auth_debug=yes and mail_debug=yes? > > with auth_debug=yes and mail_debug=yes May 15 09:20:17 MX postfix/cleanup[13965]: 695311409F9: message-id=<20130515152017.695311409F9 at MX.DOMAIN> May 15 09:20:17 MX opendkim[650]: 695311409F9: DKIM-Signature header added (s=default, d=DOMAIN) May 15 09:20:17 MX postfix/qmgr[759]: 695311409F9: from=, size=562, nrcpt=1 (queue active) May 15 09:20:17 MX dovecot: lmtp(14233): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= May 15 09:20:17 MX dovecot: lmtp(14233): Connect from local May 15 09:20:17 MX dovecot: lmtp(14233): Debug: Loading modules from directory: /usr/lib64/dovecot May 15 09:20:17 MX dovecot: lmtp(14233): Debug: Module loaded: /usr/lib64/dovecot/lib90_sieve_plugin.so May 15 09:20:17 MX dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth May 15 09:20:17 MX dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so May 15 09:20:17 MX dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth May 15 09:20:17 MX dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so May 15 09:20:17 MX dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth May 15 09:20:17 MX dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so May 15 09:20:17 MX dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat May 15 09:20:17 MX dovecot: auth: Debug: master in: USER#0111#011trever at DOMAIN#011service=lmtp May 15 09:20:17 MX dovecot: auth: Debug: ldap(trever at DOMAIN): user search: base=dc=middleearth,dc=sapphiresunday,dc=org scope=subtree filter=(&(objectClass=person)(|(mail=trever at DOMAIN)(sAMAccountName=trever at DOMAIN)(userPrincipalName=trever at DOMAIN))) fields=userPrincipalName May 15 09:20:17 MX dovecot: auth: Debug: ldap(trever at DOMAIN): result: userPrincipalName=trever at DOMAIN; userPrincipalName unused May 15 09:20:17 MX dovecot: auth: Debug: auth(trever at DOMAIN): username changed trever at DOMAIN -> trever at DOMAIN May 15 09:20:17 MX dovecot: auth: Debug: ldap(trever at DOMAIN): result: userPrincipalName=trever at DOMAIN May 15 09:20:17 MX dovecot: auth: Debug: userdb out: USER#0111#011trever at DOMAIN May 15 09:20:17 MX dovecot: lmtp(14233): Debug: auth input: trever at DOMAIN May 15 09:20:17 MX dovecot: lmtp(14233): Debug: changed username to trever at DOMAIN May 15 09:20:17 MX dovecot: lmtp(14233): Debug: Added userdb setting: plugin/=yes May 15 09:20:17 MX dovecot: lmtp(14233, trever at DOMAIN): Debug: Effective uid=500, gid=500, home=/home/vmail/DOMAIN/trever May 15 09:20:17 MX dovecot: lmtp(14233, trever at DOMAIN): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir May 15 09:20:17 MX dovecot: lmtp(14233, trever at DOMAIN): Debug: maildir++: root=/home/vmail/DOMAIN/trever/Maildir, index=, indexpvt=, control=, inbox=/home/vmail/DOMAIN/trever/Maildir, alt= May 15 09:20:17 MX dovecot: lmtp(14233, trever at DOMAIN): Debug: qDM7HrGnk1GZNwAApwKjnA: sieve: executed before user's personal Sieve script(1): (null) May 15 09:20:17 MX dovecot: lmtp(14233, trever at DOMAIN): Debug: qDM7HrGnk1GZNwAApwKjnA: sieve: executed before user's personal Sieve script(2): (null) I don't think the above two lines are accurate that the scripts ran. I have one that should stuff anything from heirloom mail client into a folder (to test things) and it isn't working. May 15 09:20:17 MX dovecot: lmtp(14233, trever at DOMAIN): Debug: qDM7HrGnk1GZNwAApwKjnA: sieve: using the following location for user's Sieve script: /home/vmail/DOMAIN/trever/.dovecot.sieve;name=main script May 15 09:20:17 MX dovecot: lmtp(14233, trever at DOMAIN): Debug: qDM7HrGnk1GZNwAApwKjnA: sieve: opening script (null) May 15 09:20:17 MX dovecot: lmtp(14233, trever at DOMAIN): Error: qDM7HrGnk1GZNwAApwKjnA: sieve: binary open: failed to open: open((null)) failed: Bad address May 15 09:20:17 MX dovecot: lmtp(14233, trever at DOMAIN): Error: qDM7HrGnk1GZNwAApwKjnA: sieve: failed to stat sieve script: stat((null)) failed: Bad address May 15 09:20:17 MX dovecot: lmtp(14233, trever at DOMAIN): Error: qDM7HrGnk1GZNwAApwKjnA: sieve: parse failed May 15 09:20:17 MX dovecot: lmtp(14233, trever at DOMAIN): Error: qDM7HrGnk1GZNwAApwKjnA: sieve: failed to open script (null) May 15 09:20:17 MX dovecot: lmtp(14233, trever at DOMAIN): qDM7HrGnk1GZNwAApwKjnA: sieve: msgid=<20130515152017.695311409F9 at MX.DOMAIN>: stored mail into mailbox 'INBOX' May 15 09:20:17 MX dovecot: lmtp(14233, trever at DOMAIN): Error: qDM7HrGnk1GZNwAApwKjnA: sieve: execution of script (null) failed, but implicit keep was successful May 15 09:20:17 MX postfix/lmtp[14023]: 695311409F9: to=, orig_to=, relay=MX.DOMAIN[/var/spool/postfix/private/dovecot-lmtp], delay=0.43, delays=0.25/0/0.01/0.17, dsn=2.0.0, status=sent (250 2.0.0 qDM7HrGnk1GZNwAApwKjnA Saved) May 15 09:20:17 MX dovecot: lmtp(14233): Disconnect from local: Successful quit May 15 09:20:17 MX postfix/qmgr[759]: 695311409F9: removed Thank you, Trever From steven at fah-designs.co.uk Wed May 15 18:28:00 2013 From: steven at fah-designs.co.uk (stevenfah) Date: Wed, 15 May 2013 08:28:00 -0700 (PDT) Subject: [Dovecot] Fatal: Can't finish POP3 UIDL command In-Reply-To: References: <1368630208726-42258.post@n4.nabble.com> Message-ID: <1368631680406-42263.post@n4.nabble.com> The version we're currently using is: 2.0.19 -- View this message in context: http://dovecot.2317879.n4.nabble.com/Fatal-Can-t-finish-POP3-UIDL-command-tp42258p42263.html Sent from the Dovecot mailing list archive at Nabble.com. From tss at iki.fi Wed May 15 19:07:59 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 19:07:59 +0300 Subject: [Dovecot] Fatal: Can't finish POP3 UIDL command In-Reply-To: <1368631680406-42263.post@n4.nabble.com> References: <1368630208726-42258.post@n4.nabble.com> <1368631680406-42263.post@n4.nabble.com> Message-ID: <72F085F8-E3E3-4F2A-8744-3DCDD87DE072@iki.fi> On 15.5.2013, at 18.28, stevenfah wrote: > The version we're currently using is: 2.0.19 v2.1 has this related fix which isn't in v2.0: http://hg.dovecot.org/dovecot-2.1/rev/69826dc7a959 From hanks_j at ligo-wa.caltech.edu Wed May 15 19:29:09 2013 From: hanks_j at ligo-wa.caltech.edu (Jonathan Hanks) Date: Wed, 15 May 2013 09:29:09 -0700 Subject: [Dovecot] Crossrealm Kerberos problems In-Reply-To: References: <518BE75A.2080708@ligo-wa.caltech.edu> Message-ID: <5193B7D5.2020404@ligo-wa.caltech.edu> Answers inline On 5/15/13 5:47 AM, Timo Sirainen wrote: > On 9.5.2013, at 21.13, Jonathan Hanks wrote: > >> I am working on a Kerberos/GSSAPI based setup that requires cross-realm >> authentication. I have regular GSSAPI working, I can log in using >> pam_krb5 with password based logins or with the GSSAPI support when >> using a kerberos ticket in the default realm. > > MIT or Heimdal? MIT Kerberos > >> However when I attempt to authenticate using cross realm authentication >> the login fails (logs below). >> >> After perusing the source code I beleive that the problem is as such: >> >> All taking place in mech-gssapi.c >> >> 1. mech_gssapi_userok(...) calls mech_gssapi_krb5_userok >> 2. mech_gssapi_krb5_userok(...) calls krb5_kuserok(...) to verify that >> the given Kerberos prinicpal can log in as the requested user. >> 3. The authentication process is running as the Dovecot user so: >> 3a. krb5_kuserok(...) looks for ~dovecot/.k5login to authorize cross >> realm logins >> 3b. There is no ~dovecot/.k5login, thus no cross realm access is allowed >> 3c. It should be looking at the users .k5login ~poptest/.k5login >> 3d. This never happens and the login attempt fails > > Heimdal's man page seems to say that it's first looking up the system user and using .k5login from that user's home dir. MIT's man page doesn't really say anything. MIT Kerberos does the same. >> I have the server set up to use system users specifically so that I can >> do cross-realm authentication. >> >> Do I have some basic configuration error? How do I change the >> authentication process to run as the user requesting to login? Should >> that be allowed? > > If the auth process is running as root, you could patch the code to do that .. but seems pretty ugly to me. Running as root does not seem like a good idea to me either. What I have done for now is to modify mech-gssapi to read from the users .k5login by replacing krb5_kuserok with custom code. This did require that I change permissions to the user home directories and the .k5login file to be read by the dovecot user. For my case this is not a problem, I can get away with this due to the restrictions I put on the box, however it does not look like a general solution. >> Another thought is to backport some of the patches proposed for 2.2 that >> remove krb5_kuserok from the loop. > > With v2.2 there's a "k5principals" passdb extra field that you can set, which lists all the authorized users. > I looked at this code. I like having the extra protection of each user mail files being under restricted permissions with separate owners. However, having the mail use system users is not a hard requirement for my setup, having cross realm Kerberos/GSSAPI is a hard requirement. -- Jonathan Hanks General Computing Sys Admin LIGO Hanford Observatory From stephan at rename-it.nl Wed May 15 19:39:23 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 15 May 2013 18:39:23 +0200 Subject: [Dovecot] dovecot 2.0 -> 2.2.1 sieve problem In-Reply-To: <5193A8FD.9070803@middleearth.sapphiresunday.org> References: <5192884E.2080009@middleearth.sapphiresunday.org> <519290AB.70207@rename-it.nl> <5192920A.3030302@middleearth.sapphiresunday.org> <5192A51A.6010803@rename-it.nl> <5193A41D.70601@middleearth.sapphiresunday.org> <1021501B-A7DC-4CB2-B5AF-A58169A5FDDE@iki.fi> <5193A8FD.9070803@middleearth.sapphiresunday.org> Message-ID: <5193BA3B.4070804@rename-it.nl> On 5/15/2013 5:25 PM, Trever L. Adams wrote: > On 05/15/2013 09:18 AM, Timo Sirainen wrote: >> What do you get in logs with auth_debug=yes and mail_debug=yes? > with auth_debug=yes and mail_debug=yes This looks like a rather old version of Pigeonhole (pre-release v0.4). Due to the following change a Pigeonhole version should be logged when mail_debug is enabled: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/44721c50833e I see nothing like that in your logs, so you're running something older. This change is probably what fixes your trouble: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/f43c7609497c From the package name you provided I cannot tell which version (or rather hg revision) of Pigeonhole you are running. The released v0.4.0 should work. Regards, Stephan. From manu at netbsd.org Wed May 15 20:33:53 2013 From: manu at netbsd.org (Emmanuel Dreyfus) Date: Wed, 15 May 2013 17:33:53 +0000 Subject: [Dovecot] dovecot 2.2.0 corrupts mailboxes? In-Reply-To: References: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> Message-ID: <20130515173353.GA1039@homeworld.netbsd.org> On Wed, May 15, 2013 at 02:50:55PM +0300, Timo Sirainen wrote: > There are some locking code changes between v2.1 and v2.2, which > I guess might be buggy. But I can't reproduce any corruption with > stress testing. What's your doveconf -n output? Are you delivering > mails via dovecot-lda or something external? dovecot -n is below. dovecot takes care of delivery, through LMTP. Additionnal thoughts on possible problems: - one of the users was using mutt locally and accessed its mailbox directly without going through dovecot. - I experimented dsync replication from another machine that was not accessible through POP/IMAP/SMTP, perhaps this is what caused chaos? auth_mechanisms = plain login disable_plaintext_auth = no first_valid_uid = 400 mail_location = mbox:~/mail:INBOX=/var/mail/%u:INDEX=/mail/indexes/%u:SUBSCRIPTI ONS=../.mailboxlist mbox_very_dirty_syncs = yes passdb { args = max_requests=1 cache_key=%u dovecot driver = pam } passdb { args = /etc/dovecot-ldap.conf driver = ldap } plugin { autosubscribe = INBOX quota = fs:User quota quota_warning = storage=95%% quota-warning %u } quota_full_tempfail = yes service anvil { client_limit = 1639 } service auth { client_limit = 1736 user = root } service imap-login { chroot = login process_limit = 1024 } service imap { process_limit = 680 } service lmtp { process_min_avail = 5 unix_listener lmtp { group = smmsp mode = 0660 } } service pop3-login { chroot = login process_limit = 512 } service pop3 { process_limit = 680 } service quota-warning { executable = script /usr/local/sbin/morts unix_listener quota-warning { mode = 0666 } user = root } ssl_ca = References: <20130513225517.GA21651@daniel.localdomain> Message-ID: <984e4d045b6e8ae337944cb6863866b1.squirrel@www.giz-works.com> > Are you using the same SQL table "email" for user lookup > and quota/storage accounting? > > Try to use two different tables for user and quota database, because the > quota > accounting might have deleted an entry from the "user" table while it only > tried to delete a row from the "quota" table. > > Regards > Daniel Daniel, Per your suggestion, I created a new table, quote_usage, and changed the config files to look at it instead. Things appear to be working now. Thank you very much for your guidance. Is there any documentation that goes into more detail regarding the 'map' settings, what they mean, etc., of which you are aware? I was rather hoping to avoid digging through the code just to satisfy my curiosity. Thanks again. Chris From tss at iki.fi Wed May 15 21:36:54 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 15 May 2013 21:36:54 +0300 Subject: [Dovecot] dovecot 2.2.0 corrupts mailboxes? In-Reply-To: <20130515173353.GA1039@homeworld.netbsd.org> References: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> <20130515173353.GA1039@homeworld.netbsd.org> Message-ID: <68DE6230-F705-4E76-83CD-2CB230533395@iki.fi> On 15.5.2013, at 20.33, Emmanuel Dreyfus wrote: > On Wed, May 15, 2013 at 02:50:55PM +0300, Timo Sirainen wrote: >> There are some locking code changes between v2.1 and v2.2, which >> I guess might be buggy. But I can't reproduce any corruption with >> stress testing. What's your doveconf -n output? Are you delivering >> mails via dovecot-lda or something external? > > dovecot -n is below. dovecot takes care of delivery, through LMTP. > > Additionnal thoughts on possible problems: > - one of the users was using mutt locally and accessed its mailbox directly > without going through dovecot. That shouldn't cause problems if locking was configured the same. > - I experimented dsync replication from another machine that was not > accessible through POP/IMAP/SMTP, perhaps this is what caused chaos? That might cause trouble. I tested today and dsync was doing some strange things with mbox. From trever at middleearth.sapphiresunday.org Wed May 15 21:36:55 2013 From: trever at middleearth.sapphiresunday.org (Trever L. Adams) Date: Wed, 15 May 2013 12:36:55 -0600 Subject: [Dovecot] dovecot 2.0 -> 2.2.1 sieve problem In-Reply-To: <5193BA3B.4070804@rename-it.nl> References: <5192884E.2080009@middleearth.sapphiresunday.org> <519290AB.70207@rename-it.nl> <5192920A.3030302@middleearth.sapphiresunday.org> <5192A51A.6010803@rename-it.nl> <5193A41D.70601@middleearth.sapphiresunday.org> <1021501B-A7DC-4CB2-B5AF-A58169A5FDDE@iki.fi> <5193A8FD.9070803@middleearth.sapphiresunday.org> <5193BA3B.4070804@rename-it.nl> Message-ID: <5193D5C7.8010306@middleearth.sapphiresunday.org> On 05/15/2013 10:39 AM, Stephan Bosch wrote: > On 5/15/2013 5:25 PM, Trever L. Adams wrote: >> On 05/15/2013 09:18 AM, Timo Sirainen wrote: >>> What do you get in logs with auth_debug=yes and mail_debug=yes? >> with auth_debug=yes and mail_debug=yes > > This looks like a rather old version of Pigeonhole (pre-release v0.4). > > Due to the following change a Pigeonhole version should be logged when > mail_debug is enabled: > > http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/44721c50833e > > I see nothing like that in your logs, so you're running something older. > > This change is probably what fixes your trouble: > > http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/f43c7609497c > > From the package name you provided I cannot tell which version (or > rather hg revision) of Pigeonhole you are running. The released > v0.4.0 should work. > > Regards, > > Stephan. > I am sorry for assuming that dovecot and pigeonhole were in the same respository. They are packaged from one SRPM in Fedora. It appears that the following is the hg information, so yes, it is old: repo: d31c1c993bcf9897297b1c6a7d4fd3a7bbc4eff8 node: 99eec511aa2c03df4a7dcb2cd1506163b49e419b branch: default latesttag: 0.3.3 latesttagdistance: 22 I will file the appropriate bug there. Thank you TImo and Stephan for your help! Trever -- "I have sworn upon the altar of God, eternal hostility against every form of tyranny over the mind of man." -- Thomas Jefferson" From cr at sys4.de Wed May 15 21:37:22 2013 From: cr at sys4.de (=?windows-1252?Q?Christian_R=F6=DFner?=) Date: Wed, 15 May 2013 20:37:22 +0200 Subject: [Dovecot] 2.2.1 and quota-status In-Reply-To: <4A4A5B08-04CC-4B07-A971-F80DD1A0151F@iki.fi> References: <4A4A5B08-04CC-4B07-A971-F80DD1A0151F@iki.fi> Message-ID: <0D815E9C-C8FC-42F9-B61C-15803BDBD1BF@sys4.de> Hi, Am 15.05.2013 um 13:28 schrieb Timo Sirainen : > On 14.5.2013, at 12.20, Christian R??ner wrote: > >> Also the following test does not succeed: >> >> telnet localhost 12340 >> Trying ::1... >> Connected to localhost. >> Escape character is '^]'. >> request=smtpd_access_policy >> sender=foo at bar.tld >> recipient=c at roessner-network-solutions.com >> size=10000000000 >> >> action= > > http://hg.dovecot.org/dovecot-2.2/rev/03aac782261e should help. > telnet localhost 12340 Trying ::1... Connected to localhost. Escape character is '^]'. request=smtpd_access_policy sender=foo at bar.tld recipient=c at roessner-network-solutions.com size=10000000000 action=552 5.2.2 Mailbox is full ^] telnet> quit Connection closed. Works :) Thanks -Christian R??ner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From trever at middleearth.sapphiresunday.org Wed May 15 22:37:44 2013 From: trever at middleearth.sapphiresunday.org (Trever L. Adams) Date: Wed, 15 May 2013 13:37:44 -0600 Subject: [Dovecot] dovecot 2.0 -> 2.2.1 sieve problem In-Reply-To: <5193BA3B.4070804@rename-it.nl> References: <5192884E.2080009@middleearth.sapphiresunday.org> <519290AB.70207@rename-it.nl> <5192920A.3030302@middleearth.sapphiresunday.org> <5192A51A.6010803@rename-it.nl> <5193A41D.70601@middleearth.sapphiresunday.org> <1021501B-A7DC-4CB2-B5AF-A58169A5FDDE@iki.fi> <5193A8FD.9070803@middleearth.sapphiresunday.org> <5193BA3B.4070804@rename-it.nl> Message-ID: <5193E408.4030201@middleearth.sapphiresunday.org> On 05/15/2013 10:39 AM, Stephan Bosch wrote: > > This looks like a rather old version of Pigeonhole (pre-release v0.4). > > Due to the following change a Pigeonhole version should be logged when > mail_debug is enabled: > > http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/44721c50833e > > I see nothing like that in your logs, so you're running something older. > > This change is probably what fixes your trouble: > > http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/f43c7609497c > > From the package name you provided I cannot tell which version (or > rather hg revision) of Pigeonhole you are running. The released > v0.4.0 should work. > > Regards, > > Stephan. > When trying to compile this version, I am getting the following. I am not sure what is causing it. dovecot compiles fine. Pigeonhole is compiling, but then failing. PASS: 2 tests succeeded. Test case: ./tests/multiscript/conflicts.svtest: testsuite(root): Panic: pool_data_stack_realloc(): stack frame changed testsuite(root): Error: Raw backtrace: /root/rpmbuild/BUILD/dovecot-2.2.1/src/lib-dovecot/.libs/libdovecot.so.0(+0x5e1c7) [0x7f4e5d4801c7] -> /root/rpmbuild/BUILD/dovecot-2.2.1/src/lib-dovecot/.libs/libdovecot.so.0(default_fatal_handler+0x2a) [0x7f4e5d48021a] -> /root/rpmbuild/BUILD/dovecot-2.2.1/src/lib-dovecot/.libs/libdovecot.so.0(i_fatal+0) [0x7f4e5d442025] -> /root/rpmbuild/BUILD/dovecot-2.2.1/src/lib-dovecot/.libs/libdovecot.so.0(+0x720da) [0x7f4e5d4940da] -> /root/rpmbuild/BUILD/dovecot-2.2.1/src/lib-dovecot/.libs/libdovecot.so.0(+0x5a8ed) [0x7f4e5d47c8ed] -> /root/rpmbuild/BUILD/dovecot-2.2.1/src/lib-dovecot/.libs/libdovecot.so.0(buffer_write+0xa3) [0x7f4e5d47cc73] -> /root/rpmbuild/BUILD/dovecot-2.2.1/dovecot-2-2-pigeonhole-a32b12ab5ea6/src/lib-sieve/.libs/libdovecot-sieve.so.0(rfc2822_header_append+0x146) [0x7f4e5dc1fb46] -> /root/rpmbuild/BUILD/dovecot-2.2.1/dovecot-2-2-pigeonhole-a32b12ab5ea6/src/lib-sieve/.libs/libdovecot-sieve.so.0(rfc2822_header_printf+0xb1) [0x7f4e5dc1fd21] -> /root/rpmbuild/BUILD/dovecot-2.2.1/dovecot-2-2-pigeonhole-a32b12ab5ea6/src/lib-sieve/.libs/libdovecot-sieve.so.0(sieve_action_reject_mail+0x35f) [0x7f4e5dc3c7df] -> /root/rpmbuild/BUILD/dovecot-2.2.1/dovecot-2-2-pigeonhole-a32b12ab5ea6/src/lib-sieve/.libs/libdovecot-sieve.so.0(+0x43093) [0x7f4e5dc41093] -> /root/rpmbuild/BUILD/dovecot-2.2.1/dovecot-2-2-pigeonhole-a32b12ab5ea6/src/lib-sieve/.libs/libdovecot-sieve.so.0(sieve_result_execute+0x248) [0x7f4e5dc34468] -> /root/rpmbuild/BUILD/dovecot-2.2.1/dovecot-2-2-pigeonhole-a32b12ab5ea6/src/testsuite/.libs/lt-testsuite(testsuite_result_execute+0x21) [0x7f4e5e0b6f31] -> /root/rpmbuild/BUILD/dovecot-2.2.1/dovecot-2-2-pigeonhole-a32b12ab5ea6/src/testsuite/.libs/lt-testsuite(+0x10c84) [0x7f4e5e0bac84] -> /root/rpmbuild/BUILD/dovecot-2.2.1/dovecot-2-2-pigeonhole-a32b12ab5ea6/src/lib-sieve/.libs/libdovecot-sieve.so.0(sieve_interpreter_continue+0xce) [0x7f4e5dc3179e] -> /root/rpmbuild/BUILD/dovecot-2.2.1/dovecot-2-2-pigeonhole-a32b12ab5ea6/src/lib-sieve/.libs/libdovecot-sieve.so.0(sieve_interpreter_run+0x2b) [0x7f4e5dc3192b] -> /root/rpmbuild/BUILD/dovecot-2.2.1/dovecot-2-2-pigeonhole-a32b12ab5ea6/src/testsuite/.libs/lt-testsuite(main+0x2d4) [0x7f4e5e0b3eb4] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f4e5ce7fb75] -> /root/rpmbuild/BUILD/dovecot-2.2.1/dovecot-2-2-pigeonhole-a32b12ab5ea6/src/testsuite/.libs/lt-testsuite(+0xa075) [0x7f4e5e0b4075] make: *** [tests/multiscript/conflicts.svtest] Aborted Thank you, Trever From stephan at rename-it.nl Wed May 15 23:01:27 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 15 May 2013 22:01:27 +0200 Subject: [Dovecot] dovecot 2.0 -> 2.2.1 sieve problem In-Reply-To: <5193E408.4030201@middleearth.sapphiresunday.org> References: <5192884E.2080009@middleearth.sapphiresunday.org> <519290AB.70207@rename-it.nl> <5192920A.3030302@middleearth.sapphiresunday.org> <5192A51A.6010803@rename-it.nl> <5193A41D.70601@middleearth.sapphiresunday.org> <1021501B-A7DC-4CB2-B5AF-A58169A5FDDE@iki.fi> <5193A8FD.9070803@middleearth.sapphiresunday.org> <5193BA3B.4070804@rename-it.nl> <5193E408.4030201@middleearth.sapphiresunday.org> Message-ID: <5193E997.7010909@rename-it.nl> On 5/15/2013 9:37 PM, Trever L. Adams wrote: > On 05/15/2013 10:39 AM, Stephan Bosch wrote: > When trying to compile this version, I am getting the following. I am > not sure what is causing it. dovecot compiles fine. Pigeonhole is > compiling, but then failing. > > PASS: 2 tests succeeded. > > Test case: ./tests/multiscript/conflicts.svtest: > > testsuite(root): Panic: pool_data_stack_realloc(): stack frame changed Oh. Well, it is a good thing we have a test suite. This should fix it: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/04ad3c2f0765 Regards, Stephan. From sb at dod.no Wed May 15 23:44:14 2013 From: sb at dod.no (Steinar Bang) Date: Wed, 15 May 2013 22:44:14 +0200 Subject: [Dovecot] Looking for a good way to manage passwords for CRAM-MD5 References: <8738tscuri.fsf@dod.no> <518F8DAA.7070504@dementianati.com> <87y5bkb8yo.fsf@dod.no> <87obcgayq9.fsf@dod.no> Message-ID: <87d2ss9dnl.fsf@dod.no> >>>>> Steinar Bang : >>>>> Professa Dementia : >>> There are plugins that allow you to call some glue logic (Perl, >>> Python, shell scripts, etc) which enables you to interface to pretty >>> much any method (SQL, LDAP, shadow files, etc) you have chosen to >>> save passwords - that is, as long as you are capable of writing the >>> glue logic yourself. [snip! PAM modules in perl and python] > However, I'm not really all that familiar with Python, so it may just be > simpler to write a module in C or C++. Here are three articles that > look like they might be useful to accomplish this. > http://www.linuxdevcenter.com/pub/a/linux/2002/05/02/pam_modules.html > http://www.linuxdevcenter.com/pub/a/linux/2002/05/23/pam_modules.html > http://www.linuxdevcenter.com/pub/a/linux/2002/05/30/pam_modules.html > (The articles are 11 years old, though, so they may be a bit out of > date) The articles weren't all that helpful really. They missed the most important part: a simple example showing all of the parts that take place in a module. But anyway, here is a PAM module, written in ANSI C/POSIX, that will hook into a password change in PAM, and use the password change to update a CRAM-MD5 coded version of the same password, in the file "/etc/dovecot/cram-md5.pwd" (currently hardcoded). https://github.com/steinarb/pam_dovecotmd5pwd Some PAM module basics: 1. #define the roles your module will have. My module only hooked into password changes, so I only have the line: #define PAM_SM_PASSWORD 2. Include the pam_modules.h file (Note: this must be _after_ the #defines that defines the roles 3. Implement the method(s) for the roles you you have #define'd (I have only one) 4. Inside "#ifdef PAM_STATIC" define a struct that will hold the name of the module, and function pointers to all the implemented methods. This struct is used if all of the PAM modules are linked statically into a single binary Hm... here was actually a good example of a module that hooks into all roles and return "ignore" on all of them: http://www.rkeene.org/projects/info/wiki/222 From trever at middleearth.sapphiresunday.org Wed May 15 23:48:35 2013 From: trever at middleearth.sapphiresunday.org (Trever L. Adams) Date: Wed, 15 May 2013 14:48:35 -0600 Subject: [Dovecot] dovecot 2.0 -> 2.2.1 sieve problem In-Reply-To: <5193E997.7010909@rename-it.nl> References: <5192884E.2080009@middleearth.sapphiresunday.org> <519290AB.70207@rename-it.nl> <5192920A.3030302@middleearth.sapphiresunday.org> <5192A51A.6010803@rename-it.nl> <5193A41D.70601@middleearth.sapphiresunday.org> <1021501B-A7DC-4CB2-B5AF-A58169A5FDDE@iki.fi> <5193A8FD.9070803@middleearth.sapphiresunday.org> <5193BA3B.4070804@rename-it.nl> <5193E408.4030201@middleearth.sapphiresunday.org> <5193E997.7010909@rename-it.nl> Message-ID: <5193F4A3.4000508@middleearth.sapphiresunday.org> On 05/15/2013 02:01 PM, Stephan Bosch wrote: > On 5/15/2013 9:37 PM, Trever L. Adams wrote: >> On 05/15/2013 10:39 AM, Stephan Bosch wrote: >> When trying to compile this version, I am getting the following. I am >> not sure what is causing it. dovecot compiles fine. Pigeonhole is >> compiling, but then failing. >> >> PASS: 2 tests succeeded. >> >> Test case: ./tests/multiscript/conflicts.svtest: >> >> testsuite(root): Panic: pool_data_stack_realloc(): stack frame changed > > Oh. Well, it is a good thing we have a test suite. > > This should fix it: > > http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/04ad3c2f0765 > > Regards, > > Stephan. > > That did the trick. Thank you very much. For Fedora users who may find this: https://bugzilla.redhat.com/show_bug.cgi?id=963417 Again, thank you! Trever From sb at dod.no Wed May 15 23:52:21 2013 From: sb at dod.no (Steinar Bang) Date: Wed, 15 May 2013 22:52:21 +0200 Subject: [Dovecot] Looking for a good way to manage passwords for CRAM-MD5 References: <8738tscuri.fsf@dod.no> <20130514232117.GA32568@daniel.localdomain> Message-ID: <878v3g9da2.fsf@dod.no> >>>>> Daniel Parthey : > The PAM documentation can be found at: > http://www.linux-pam.org/Linux-PAM-html/ This one I have already visited, if the link colour in the browser is to be belived. However it didn't make much of an impression at the time. Now, however, after actually writing a PAM module, what that document says, makes sens to me... so there is probably something about that document that needs improvement. My suggestion for improvement would be: start with a simple example, and explain out from that. First "how", then later you can explain "why" and "what". > The Linux-PAM System Administrators' Guide > http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html > contains a list of standard modules. Many interesting modules here. Wonder why this one never showed up in my sources. > The Linux-PAM Application Developers' Guide > http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_ADG.html > explains how to develop modules. This one I hadn't visited before. But again: starting with a simple example and explaining ot from that would probably be a good idea. Here was a good module: http://www.rkeene.org/projects/info/wiki/222 In retrospect, after writing this module https://github.com/steinarb/pam_dovecotmd5pwd it was suprisingly easy to get the module up and running. From manu at netbsd.org Thu May 16 04:01:27 2013 From: manu at netbsd.org (Emmanuel Dreyfus) Date: Thu, 16 May 2013 01:01:27 +0000 Subject: [Dovecot] dovecot 2.2.0 corrupts mailboxes? In-Reply-To: <68DE6230-F705-4E76-83CD-2CB230533395@iki.fi> References: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> <20130515173353.GA1039@homeworld.netbsd.org> <68DE6230-F705-4E76-83CD-2CB230533395@iki.fi> Message-ID: <20130516010127.GB1039@homeworld.netbsd.org> On Wed, May 15, 2013 at 09:36:54PM +0300, Timo Sirainen wrote: > > - one of the users was using mutt locally and accessed its mailbox directly > > without going through dovecot. > That shouldn't cause problems if locking was configured the same. I never looked at it, but I assume they both use flock or fcntl since this is local storage. And it worked fine for a while, therefore there is no hint it could be wrong. > > - I experimented dsync replication from another machine that was not > > accessible through POP/IMAP/SMTP, perhaps this is what caused chaos? > That might cause trouble. I tested today and dsync was doing some strange > things with mbox. What is the advised setup? Here is the additionnal config I tried on the inacessible host: mail_plugins = $mail_plugins notify replication service replicator { process_min_avail = 1 } dsync_remote_cmd = ssh -lroot %{host} doveadm dsync-server -u%u plugin { mail_replica = remote:root at server1.example.net } service aggregator { fifo_listener replication-notify-fifo { user = dovecot } unix_listener replication-notify { user = dovecot } } service replicator { unix_listener replicator-doveadm { mode = 0600 } } service replicator { unix_listener replicator-doveadm { mode = 0600 } } service doveadm { inet_listener { port = 12345 ssl = yes } } doveadm_port = 12345 ssl_client_ca_file = /etc/openssl/certs/tcs-chain.crt doveadm_proxy_port = 0 -- Emmanuel Dreyfus manu at netbsd.org From daniel.parthey at informatik.tu-chemnitz.de Thu May 16 05:15:28 2013 From: daniel.parthey at informatik.tu-chemnitz.de (Daniel Parthey) Date: Thu, 16 May 2013 04:15:28 +0200 Subject: [Dovecot] Quota not working with dict proxy In-Reply-To: <984e4d045b6e8ae337944cb6863866b1.squirrel@www.giz-works.com> References: <20130513225517.GA21651@daniel.localdomain> <984e4d045b6e8ae337944cb6863866b1.squirrel@www.giz-works.com> Message-ID: <20130516021528.GA11896@daniel.localdomain> Chris Richards wrote: > Is there any documentation that goes into more detail regarding the 'map' > settings, what they mean, etc., of which you are aware? > hoping to avoid digging through the code just to satisfy my curiosity. I couldn't find much in the docs: http://wiki.dovecot.org/Quota/Dict So here's some documentation, please correct me if I'm wrong: map { pattern = priv/quota/storage # dictionary for storage bytes table = quota # table where to write storage count username_field = username # username of whom storage should be counted value_field = bytes # number of bytes in user mailbox } map { pattern = priv/quota/messages # dictionary for message count table = quota # table where to write email count username_field = username # username whose emails should be counted value_field = messages # number of messages in user mailbox } Regards Daniel -- https://plus.google.com/103021802792276734820 From feng.richard at gmail.com Thu May 16 10:51:39 2013 From: feng.richard at gmail.com (Richard Feng@eBay) Date: Thu, 16 May 2013 15:51:39 +0800 Subject: [Dovecot] question about /var/spool/mail/xxx Message-ID: this is Redhat 6.3 I installed sendmail and dovecot. but sendmail can continue send mail as MTA all mails go to /var/spool/mail this is problem for dovecot. dovecot cannot get it goto dovecot inbox. if setup mailbox poing to /var/spool/mail/%u, it is workable but if set up maildir to somewhere else ,I cannot receive mail by dovecot. From pvsuja at gmail.com Thu May 16 13:31:15 2013 From: pvsuja at gmail.com (pvsuja) Date: Thu, 16 May 2013 03:31:15 -0700 (PDT) Subject: [Dovecot] quota with imapc Message-ID: <1368700275463-42280.post@n4.nabble.com> Dear dovecot team, I have set up my mail system with a mail gateway connecting to mail server using imapc. Now I need my web mail client to show up the quota info. I enabled quota plugins in dovecot.conf. The problem is since all mails reside in the server, the web mail which is in mail gateway always shows the quota as 0. Is there any way the plugin will get quota info from the mail server? I am attaching my conf ## Dovecot configuration file in mail_uid = imapproxy mail_gid = imapproxy mail_home = /home/imapproxy/%u mail_location = imapc:~/imapc protocols = imap ## ## imapc settings ## imapc_host = mailserver.example.com imapc_port = 143 imapc_ssl = starttls imapc_ssl_ca_dir = /etc/postfix/certs ## ## auth settings ## auth_mechanisms = plain login passdb { driver = imap args = host=mailserver.example.com ssl=starttls ssl_ca_dir=/etc/postfix/certs default_fields = userdb_imapc_user=%u userdb_imapc_password=%w ssl=starttls } userdb { driver = prefetch } mail_plugins = $mail_plugins quota plugin { quota = maildir:User quota quota_rule = *:storage=200M } protocol imap { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins imap_quota } ## ## SSL settings ## ssl = required disable_plaintext_auth = yes #verbose_ssl = yes ssl_cert = References: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> <20130515173353.GA1039@homeworld.netbsd.org> <68DE6230-F705-4E76-83CD-2CB230533395@iki.fi> <20130516010127.GB1039@homeworld.netbsd.org> Message-ID: <5194B6F9.3070209@Media-Brokers.com> On 2013-05-15 9:01 PM, Emmanuel Dreyfus wrote: > On Wed, May 15, 2013 at 09:36:54PM +0300, Timo Sirainen wrote: >>> - one of the users was using mutt locally and accessed its mailbox directly >>> without going through dovecot. >> That shouldn't cause problems if locking was configured the same. > I never looked at it, but I assume they both use flock or fcntl Can't help with your actual problem, but... What was it that 'assumption' is supposedly the mother of? ;) -- Best regards, Charles From aseques at gmail.com Thu May 16 13:48:30 2013 From: aseques at gmail.com (Joan) Date: Thu, 16 May 2013 12:48:30 +0200 Subject: [Dovecot] Autocreation the home folder In-Reply-To: References: <5191CF84.9000103@um.es> Message-ID: The issue is more with legacy installs being upgraded than with new setups, on the later I might adjust the settings and start using the recoomended layout. On the alternative you suggest, if I understood properly, you are changing the setup to mdbox >>> mail_location = mdbox:%h/mdbox:INDEX=/mail/**indexes/%2Ln/%Ln If there was a method to move automatically the mails (preferibly not moving to mdbox) to a subfolder, I could change to the recommended layout my current install. Otherwise it seems the only current solution is to: 1.- Stop dovecot 2.- Change to recommended layout the config 3.- Via a script move the content to the new location 4.- Start dovecot with the new layout.. Am i right? Joan 2013/5/15 Timo Sirainen > Dovecot autocreates the mail directory, but apparently it doesn't > currently autocreate the home directory if it's located elsewhere. I'm not > sure if it's really worth the trouble to change the code to do that. > Ideally the mail directory would be under the home directory and this > wouldn't be a problem. You could also change your new user creation to > trigger mkdiring the user's home. > > On 15.5.2013, at 15.57, Joan wrote: > > > Sorry for this bump, but isn't there a better solution to have those > > folders than to be watching the logs for warnings and recreate them? > > > > Regards, > > > > Joan > > > > > > 2013/5/14 Joan > > > >> Yes, all folder tree has vmail:vmail as the owner, and dovecot can > create > >> the folders without issues. > >> I verified that when manually creating those folders, the warnings > >> disappear, the main issue still remains though. > >> When I send the first mail to a user he has this layout: > >> cur > >> dovecot.index.cache > >> dovecot.index.log > >> dovecot-uidlist > >> dovecot-uidvalidity > >> dovecot-uidvalidity.5191f7ad > >> maildirsize > >> new > >> tmp > >> > >> Sadly ,there's no home folder, so I've no other option than to create > the > >> folder by hand? > >> > >> > >> > >> 2013/5/14 Angel L. Mateo > >> > >> El 13/05/13 17:50, Steffen Kaiser escribi?: > >>> > >>> -----BEGIN PGP SIGNED MESSAGE----- > >>>> Hash: SHA1 > >>>> > >>>> On Mon, 13 May 2013, Joan wrote: > >>>> > >>>> Hi Steffen, that was an error I hadn't spotted (copypasting error). > >>>>> Still > >>>>> after changing mail_home to the proper value (/home/vmail/%d/%n/home) > >>>>> the > >>>>> errors in the logs are the same > >>>>> > >>>> > >>>> Am I supposed to create the folders via an external script? Or is > >>>>>> there any option to make this automatic. > >>>>>> > >>>>> > >>>> As far as I know, the home directory is not created automatically. You > >>>> will need to use an external script. > >>>> > >>>> I have this config: > >>> > >>> mail_home = /mail/users/mailboxes/%2Ln/%Ln > >>> mail_location = mdbox:%h/mdbox:INDEX=/mail/**indexes/%2Ln/%Ln > >>> > >>> In my config, mail_home is also auto created (I have dovecot > >>> 2.1.16) > >>> > >>> Do you have any error? Has dovecot user permissions to create > >>> direcotories/files under your /var/mail? > >>> > >>> -- > >>> Angel L. Mateo Mart?nez > >>> Secci?n de Telem?tica > >>> ?rea de Tecnolog?as de la Informaci?n > >>> y las Comunicaciones Aplicadas (ATICA) > >>> http://www.um.es/atica > >>> Tfo: 868887590 > >>> Fax: 868888337 > >>> > >> > >> > > From tss at iki.fi Thu May 16 13:56:23 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 16 May 2013 13:56:23 +0300 Subject: [Dovecot] dovecot 2.2.0 corrupts mailboxes? In-Reply-To: <20130516010127.GB1039@homeworld.netbsd.org> References: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> <20130515173353.GA1039@homeworld.netbsd.org> <68DE6230-F705-4E76-83CD-2CB230533395@iki.fi> <20130516010127.GB1039@homeworld.netbsd.org> Message-ID: <6471AC29-5D3B-4A8C-98B6-D631467937E4@iki.fi> On 16.5.2013, at 4.01, Emmanuel Dreyfus wrote: >>> - I experimented dsync replication from another machine that was not >>> accessible through POP/IMAP/SMTP, perhaps this is what caused chaos? >> That might cause trouble. I tested today and dsync was doing some strange >> things with mbox. > > What is the advised setup? Not using mbox, at least with dsync, at least for now. From tss at iki.fi Thu May 16 13:58:07 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 16 May 2013 13:58:07 +0300 Subject: [Dovecot] quota with imapc In-Reply-To: <1368700275463-42280.post@n4.nabble.com> References: <1368700275463-42280.post@n4.nabble.com> Message-ID: On 16.5.2013, at 13.31, pvsuja wrote: > I have set up my mail system with a mail gateway connecting to mail server > using imapc. > Now I need my web mail client to show up the quota info. > I enabled quota plugins in dovecot.conf. > The problem is since all mails reside in the server, the web mail which is > in mail gateway always shows the quota as 0. > Is there any way the plugin will get quota info from the mail server? imapc doesn't support remote IMAP QUOTA extension yet. From pvsuja at gmail.com Thu May 16 14:28:01 2013 From: pvsuja at gmail.com (pvsuja) Date: Thu, 16 May 2013 04:28:01 -0700 (PDT) Subject: [Dovecot] quota with imapc In-Reply-To: References: <1368700275463-42280.post@n4.nabble.com> Message-ID: <1368703681764-42285.post@n4.nabble.com> Ok... Thanks for the response. Waiting to see it soon :) -- View this message in context: http://dovecot.2317879.n4.nabble.com/quota-with-imapc-tp42280p42285.html Sent from the Dovecot mailing list archive at Nabble.com. From christian.wiese at securepoint.de Thu May 16 18:14:34 2013 From: christian.wiese at securepoint.de (Christian Wiese) Date: Thu, 16 May 2013 17:14:34 +0200 Subject: [Dovecot] [PATCH] example-config: fix to also distribute auth-dict.conf.ext in Message-ID: <20130516171434.22a20a22@cw-desktop> Hi, When trying to patch the dovecot 2.2.1 release with latest upstream patches I generated out of the repository, the patch fails to apply, because 'doc/example-config/conf.d/auth-dict.conf.ext' is not distributed within the release tarball. Attached patch should fix the issue. Cheers, Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: distribute-auth-dict.conf.ext.patch Type: text/x-patch Size: 1722 bytes Desc: not available URL: From listas at adminlinux.com.br Thu May 16 20:30:22 2013 From: listas at adminlinux.com.br (listas at adminlinux.com.br) Date: Thu, 16 May 2013 14:30:22 -0300 Subject: [Dovecot] Ubuntu-12.04-LTS repos with Dovecot-2.2 and Pigeonhole Message-ID: <20130516173030.EB0F81AE87A8@dovecot.org> Hi, I would like to take advantage of new features in Dovecot 2.2 on my servers. But I'm having difficulties to build packages for Ubuntu-12.04-LTS. Does anyone know a repository that has new stable versions for Dovecot and Pigeonhole ? Thanks ! --  Thiago Henrique adminlinux.com.br From manu at netbsd.org Thu May 16 21:25:21 2013 From: manu at netbsd.org (Emmanuel Dreyfus) Date: Thu, 16 May 2013 18:25:21 +0000 Subject: [Dovecot] dovecot 2.2.0 corrupts mailboxes? In-Reply-To: <5194B6F9.3070209@Media-Brokers.com> References: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> <20130515173353.GA1039@homeworld.netbsd.org> <68DE6230-F705-4E76-83CD-2CB230533395@iki.fi> <20130516010127.GB1039@homeworld.netbsd.org> <5194B6F9.3070209@Media-Brokers.com> Message-ID: <20130516182521.GD1039@homeworld.netbsd.org> On Thu, May 16, 2013 at 06:37:45AM -0400, Charles Marcus wrote: > >I never looked at it, but I assume they both use flock or fcntl > > Can't help with your actual problem, but... > What was it that 'assumption' is supposedly the mother of? I don't buy that explanation: everything worked fine for years. -- Emmanuel Dreyfus manu at netbsd.org From CMarcus at Media-Brokers.com Thu May 16 22:05:51 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 16 May 2013 15:05:51 -0400 Subject: [Dovecot] dovecot 2.2.0 corrupts mailboxes? In-Reply-To: <20130516182521.GD1039@homeworld.netbsd.org> References: <1l2dmf0.137f9t1xyhq3vM%manu@netbsd.org> <20130515173353.GA1039@homeworld.netbsd.org> <68DE6230-F705-4E76-83CD-2CB230533395@iki.fi> <20130516010127.GB1039@homeworld.netbsd.org> <5194B6F9.3070209@Media-Brokers.com> <20130516182521.GD1039@homeworld.netbsd.org> Message-ID: <51952E0F.4010805@Media-Brokers.com> On 2013-05-16 2:25 PM, Emmanuel Dreyfus wrote: > On Thu, May 16, 2013 at 06:37:45AM -0400, Charles Marcus wrote: >>> I never looked at it, but I assume they both use flock or fcntl >> Can't help with your actual problem, but... >> What was it that 'assumption' is supposedly the mother of? > I don't buy that explanation: everything worked fine for years. You miss the point entirely. -- Best regards, Charles From gizmo at giz-works.com Thu May 16 23:37:52 2013 From: gizmo at giz-works.com (Chris Richards) Date: Thu, 16 May 2013 15:37:52 -0500 Subject: [Dovecot] Quota not working with dict proxy In-Reply-To: <20130516021528.GA11896@daniel.localdomain> References: <20130513225517.GA21651@daniel.localdomain> <984e4d045b6e8ae337944cb6863866b1.squirrel@www.giz-works.com> <20130516021528.GA11896@daniel.localdomain> Message-ID: <0748134e9f49811834dd12a748308d25.squirrel@www.giz-works.com> On Wed, May 15, 2013 9:15 pm, Daniel Parthey wrote: > map { > pattern = priv/quota/storage # dictionary for storage bytes > table = quota # table where to write storage count > username_field = username # username of whom storage should be > counted > value_field = bytes # number of bytes in user mailbox > } > > map { > pattern = priv/quota/messages # dictionary for message count > table = quota # table where to write email count > username_field = username # username whose emails should be > counted > value_field = messages # number of messages in user mailbox > } > > Regards > Daniel I think more correctly, value_field is the name of the field in the db. The 'storage' dictionary will always contain bytes,and the 'messages' dictionary will always store the number of messages into the db field named by the 'value_field' parameter. I would guess that if you changed the pattern to 'shared/quota/messages' then you could set the shared quota as well. From jtam.home at gmail.com Fri May 17 02:49:27 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Thu, 16 May 2013 16:49:27 -0700 (PDT) Subject: [Dovecot] question about /var/spool/mail/xxx In-Reply-To: References: Message-ID: Richard Feng at eBay writes: > this is Redhat 6.3 > I installed sendmail and dovecot. > but sendmail can continue send mail as MTA > all mails go to /var/spool/mail OK. > this is problem for dovecot. dovecot cannot get it goto dovecot inbox. > > if setup mailbox poing to /var/spool/mail/%u, it is workable I'm guessing that you're sending new mail to mbox formatted files in /var/spool/mail/%u (using dovecot LDA?). > but if set up maildir to somewhere else ,I cannot receive mail by dovecot. You lost me. How did you "set up maildir to somewhere else"? You ought to supply configurations (output of dovecot -n), and log entries of the problem. Joseph Tam From rog7993 at web.de Fri May 17 03:46:02 2013 From: rog7993 at web.de (Ingo Rogalsky) Date: Fri, 17 May 2013 02:46:02 +0200 Subject: [Dovecot] ACLs - creating new top level folders Message-ID: <51957DCA.6000801@web.de> Hi, I'm wondering, whether it's possible, to define an ACL on the mailbox itself. We use Dovecot 1.2.15 (included in Debian 6) and maildir filesystem layout: /home/mail01/user1/Maildir/new \ /home/mail01/user1/Maildir/cur Inbox /home/mail01/user1/Maildir/tmp / /home/mail01/user1/Maildir/.folder1/new \ /home/mail01/user1/Maildir/.folder1/cur folder1 /home/mail01/user1/Maildir/.folder1/tmp / ... Assigning an ACL with full access rights for user2 to the folder Inbox works as expected. user2 can create subfolders of Inbox, too. But he can't create a new folder like folder1 parallel to Inbox. Is there a possibility of defining an ACL on the mailbox of user1 itself? Or do we need to create all subfolders beneath Inbox like this is usual with other IMAP servers? Ingo --- /usr/sbin/dovecot -c /etc/dovecot/dovecot-test.conf -n # 1.2.15: /etc/dovecot/dovecot-test.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 base_dir: /var/run/dovecot-test/ log_path(default): /var/log/dovecot-test/error.log log_path(imap): /var/log/dovecot-test/error.log log_path(pop3): /var/log/dovecot-test/error.log log_path(managesieve): /var/log/dovecot-test/managesieve.log info_log_path(default): /var/log/dovecot-test/info.log info_log_path(imap): /var/log/dovecot-test/info.log info_log_path(pop3): /var/log/dovecot-test/info.log info_log_path(managesieve): /var/log/dovecot-test/managesieve.log protocols: imap imaps pop3 pop3s managesieve listen(default): *:10143 listen(imap): *:10143 listen(pop3): *:10110 listen(managesieve): *:12000 ssl_listen(default): *:10943 ssl_listen(imap): *:10943 ssl_listen(pop3): *:10995 ssl_listen(managesieve): ssl_cert_file: /etc/ssl/certs/imap-cert.pem ssl_key_file: /etc/ssl/private/imap-key.pem shutdown_clients: no login_dir: /var/run/dovecot-test//login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login login_max_processes_count: 4096 max_mail_processes: 4096 verbose_proctitle: yes mail_location: maildir:~/Maildir:INDEX=/srv/dovecot/index/%u:CONTROL=/srv/dovecot/control/%u maildir_copy_preserve_filename: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_process_size: 1024 mail_plugins(default): fts fts_squat acl imap_acl mail_plugins(imap): fts fts_squat acl imap_acl mail_plugins(pop3): mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve pop3_lock_session(default): no pop3_lock_session(imap): no pop3_lock_session(pop3): yes pop3_lock_session(managesieve): no pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %08Xv%08Xu pop3_uidl_format(managesieve): %08Xu%08Xv namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: shared separator: / prefix: Other Users/%%u/ location: maildir:%%h/Maildir:INDEX=/srv/dovecot/index/%%u:CONTROL=/srv/dovecot/control/%%u list: children lda: postmaster_address: postmaster at ... mail_plugins: sieve acl quota_full_tempfail: yes auth_socket_path: /var/run/dovecot-test/auth-master log_path: /var/log/dovecot-test/deliver.log info_log_path: /var/log/dovecot-test/deliver.log auth default: cache_size: 1024 cache_negative_ttl: 0 username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@~ master_user_separator: * debug: yes passdb: driver: passwd-file args: /etc/dovecot/dovecot-passwd.masterusers pass: yes master: yes passdb: driver: passwd-file args: /etc/dovecot/dovecot-passwd passdb: driver: pam userdb: driver: passwd-file args: /etc/dovecot/dovecot-passwd socket: type: listen client: path: /var/run/dovecot-test/auth-client mode: 384 user: vmail master: path: /var/run/dovecot-test/auth-master mode: 384 user: vmail plugin: acl: vfile acl_shared_dict: file:/srv/dovecot/lib/shared-mailboxes sieve: ~/.dovecot.sieve sieve_dir: ~/.pysieved fts: squat fts_squat: partial=4 full=10 From amateo at um.es Fri May 17 09:15:38 2013 From: amateo at um.es (Angel L. Mateo) Date: Fri, 17 May 2013 08:15:38 +0200 Subject: [Dovecot] Autocreation the home folder In-Reply-To: References: <5191CF84.9000103@um.es> Message-ID: <5195CB0A.1050803@um.es> El 16/05/13 12:48, Joan escribi?: > The issue is more with legacy installs being upgraded than with new setups, > on the later I might adjust the settings and start using the recoomended > layout. > On the alternative you suggest, if I understood properly, you are changing > the setup to mdbox >>>> mail_location = mdbox:%h/mdbox:INDEX=/mail/**indexes/%2Ln/%Ln > If there was a method to move automatically the mails (preferibly not > moving to mdbox) to a subfolder, I could change to the recommended layout > my current install. > Otherwise it seems the only current solution is to: > 1.- Stop dovecot > 2.- Change to recommended layout the config > 3.- Via a script move the content to the new location > 4.- Start dovecot with the new layout.. > > Am i right? > I think you could this without needind dovecto to be stopped. If you could rewrite mail_location and mail_home in user's database, you could do: 1. For every user: 1.1. Change user's mail_location and mail_home 1.2. Change a user to recommended layout 2. Change the config to recommended layout 3. Remove per user's mail_location and mail_home config (I'm not really sure about the right order for 1.1 and 1.2) Another (maybe easier) suggestion... Could you just make /var/vmail a symlink to /home/vmail? This is no the ideal solution but it might works. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 868888337 From erickom at metropolitancollege.co.za Fri May 17 09:23:19 2013 From: erickom at metropolitancollege.co.za (Eric Kom) Date: Fri, 17 May 2013 08:23:19 +0200 Subject: [Dovecot] Ubuntu-12.04-LTS repos with Dovecot-2.2 and Pigeonhole In-Reply-To: <20130516173030.EB0F81AE87A8@dovecot.org> References: <20130516173030.EB0F81AE87A8@dovecot.org> Message-ID: <5195CCD7.1020607@metropolitancollege.co.za> On 16/05/2013 19:30, listas at adminlinux.com.br wrote: > Hi, > > I would like to take advantage of new features in Dovecot 2.2 on my > servers. But I'm having difficulties to build packages for > Ubuntu-12.04-LTS. Try the above deb http://xi.rename-it.nl/debian/ testing-auto/dovecot-2.2 main deb-src http://xi.rename-it.nl/debian/ testing-auto/dovecot-2.2 main > > Does anyone know a repository that has new stable versions for Dovecot > and Pigeonhole ? > > Thanks ! --  > Thiago Henrique adminlinux.com.br > > > > > > -- Kind Regards Eric Kom System Administrator & Programmer - Metropolitan College _________________________________________ / You are scrupulously honest, frank, and \ | straightforward. Therefore you have few | \ friends. / ----------------------------------------- \ \ .--. |o_o | |:_/ | // \ \ (| Kom | ) /'\_ _/`\ \___)=(___/ 2 Hennie Van Till, White River, 1240 Tel: 013 750 2255 | Fax: 013 750 0105 | Cell: 078 879 1334 erickom at kom.za.net | erickom at metropolitancollege.co.za www.kom.za.net | www.kom.za.org | www.erickom.co.za Key fingerprint: 513E E91A C243 3020 8735 09BB 2DBC 5AD7 A9DA 1EF5 From rs at sys4.de Fri May 17 09:35:23 2013 From: rs at sys4.de (Robert Schetterer) Date: Fri, 17 May 2013 08:35:23 +0200 Subject: [Dovecot] Ubuntu-12.04-LTS repos with Dovecot-2.2 and Pigeonhole In-Reply-To: <20130516173030.EB0F81AE87A8@dovecot.org> References: <20130516173030.EB0F81AE87A8@dovecot.org> Message-ID: <5195CFAB.50801@sys4.de> Am 16.05.2013 19:30, schrieb listas at adminlinux.com.br: > Hi, > > I would like to take advantage of new features in Dovecot 2.2 on my > servers. But I'm having difficulties to build packages for > Ubuntu-12.04-LTS. > > Does anyone know a repository that has new stable versions for Dovecot > and Pigeonhole ? > > Thanks ! --  > Thiago Henrique adminlinux.com.br > > > > > > http://xi.rename-it.nl/debian/pool/testing-auto/dovecot-2.2/ but you can simply compile it from source on 12.04 for small testings without any major problems Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From stephan at rename-it.nl Fri May 17 11:13:32 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 17 May 2013 10:13:32 +0200 Subject: [Dovecot] Ubuntu-12.04-LTS repos with Dovecot-2.2 and Pigeonhole In-Reply-To: <5195CCD7.1020607@metropolitancollege.co.za> References: <20130516173030.EB0F81AE87A8@dovecot.org> <5195CCD7.1020607@metropolitancollege.co.za> Message-ID: <5195E6AC.3060708@rename-it.nl> Hi Eric and Robert, Op 5/17/2013 8:23 AM, Eric Kom wrote: > On 16/05/2013 19:30, listas at adminlinux.com.br wrote: >> I would like to take advantage of new features in Dovecot 2.2 on my >> servers. But I'm having difficulties to build packages for >> Ubuntu-12.04-LTS. > Try the above > > deb http://xi.rename-it.nl/debian/ testing-auto/dovecot-2.2 main > deb-src http://xi.rename-it.nl/debian/ testing-auto/dovecot-2.2 main http://wiki2.dovecot.org/PrebuiltBinaries: "The builder scripts automatically release a new set of Debian packages when they notice any changes in any of the v2.0,v2.1 or v2.2 repositories. " and "Needless to say: do *NOT* use these repositories for systems that need to be *STABLE*." Please keep that in mind if you point people to this repository. Also, as you may have noticed, this repository is not particularly reliable in terms of uptime. It is not the first time Rename-IT gets actual phone calls (that eventually get forwarded to me somehow) from some admin in dire need of a quick bug fix, because he's using this repository for a production server. I am not particularly fond of the awesome power to break a set of production servers with one bad commit. On 16/05/2013 19:30, listas at adminlinux.com.br wrote: > Does anyone know a repository that has new *stable* versions for > Dovecot and Pigeonhole ? The Xi repository obviously does not provide what he needs. Regards, Stephan. From rs at sys4.de Fri May 17 12:31:54 2013 From: rs at sys4.de (Robert Schetterer) Date: Fri, 17 May 2013 11:31:54 +0200 Subject: [Dovecot] Ubuntu-12.04-LTS repos with Dovecot-2.2 and Pigeonhole In-Reply-To: <5195E6AC.3060708@rename-it.nl> References: <20130516173030.EB0F81AE87A8@dovecot.org> <5195CCD7.1020607@metropolitancollege.co.za> <5195E6AC.3060708@rename-it.nl> Message-ID: <5195F90A.9020503@sys4.de> Am 17.05.2013 10:13, schrieb Stephan Bosch: > "Needless to say: do *NOT* use these repositories for systems that need > to be *STABLE*." Hi Stephan ,your rep ist stable enough for me since years ,so thx !!! Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From ben at morrow.me.uk Fri May 17 14:12:34 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Fri, 17 May 2013 12:12:34 +0100 Subject: [Dovecot] Make install error In-Reply-To: <5193566E.7030303@mysql.cc> References: <5170BEF0.6060306@mysql.cc> <1366713011.11047.345.camel@innu> <51776D42.1080103@mysql.cc> <20130424155049.GB66499@anubis.morrow.me.uk> <5193566E.7030303@mysql.cc> Message-ID: <20130517111233.GO52079@anubis.morrow.me.uk> At 5PM +0800 on 15/05/13 you (kengheng) wrote: > On 4/24/13 11:50 PM, Ben Morrow wrote: > > At 1PM +0800 on 24/04/13 you (kengheng) wrote: > >> Hi, I tried remove and make install, same err happended. I noticed from > >> the log below, it first generate the > >> "/usr/local/dovecot/lib/dovecot/auth" with checkpassword-reply, and it > >> is success, the coming generation directory for auth at > >> "/usr/local/dovecot/lib/dovecot/", it is weird that the make install > >> generation for file auth and directory auth at same path. It is causing > >> the issues. > >> > >> make[3]: Entering directory `/usr/local/src/dovecot-2.2.1/src/auth' > >> test -z "/usr/local/dovecot/lib/dovecot" || /usr/bin/mkdir -p > >> "/usr/local/dovecot/lib/dovecot" > >> /bin/sh ../../libtool --mode=install /usr/bin/install -c auth > >> checkpassword-reply '/usr/local/dovecot/lib/dovecot' > > These files should be installed under libexec; probably > > /usr/local/dovecot/libexec/dovecot, though I'm not sure how autoconf > > chooses the libexec directory when you're using an explicit prefix. What > > do the following give you (in the top-level Dovecot source dir)? > > > > grep ^libexecdir config.log > > grep ^exec_prefix config.log > > grep ^prefix config.log > > grep ^libexecdir config.log > libexecdir='${exec_prefix}/lib' > > grep ^exec_prefix config.log > exec_prefix='${prefix}' > > grep ^prefix config.log > prefix='/usr/local/dovecot' That's weird, and wrong. Also, I can't reproduce it; if I run ./configure --prefix=/usr/local/dovecot grep ^libexec config.log in the 2.2.1 tarball I get libexecdir='${exec_prefix}/libexec' as I would have expected. Are you sure you didn't pass a --libexecdir argument to configure? Ben From claus.r at bayern-mail.de Fri May 17 16:59:08 2013 From: claus.r at bayern-mail.de (Claus) Date: Fri, 17 May 2013 15:59:08 +0200 Subject: [Dovecot] doveadm altmove to gzipped-mdbox Message-ID: <519637AC.4090006@bayern-mail.de> Hi, im wondering if it's possible to store old messages in a compressed mdbox on alternate storage. The main storage is uncompressed mdbox. I tried something like: doveadm -Dv -o "plugin/zlib_save=gz" altmove -u testuser sentbefore 8d Could someone tell me if it's possible and give me a hint how this can be done? I tried this with dovecot-2.2 Claus From jim at packetalk.net Fri May 17 17:47:28 2013 From: jim at packetalk.net (Jim McNamara) Date: Fri, 17 May 2013 10:47:28 -0400 Subject: [Dovecot] Sieve was installed but doesn't work or log In-Reply-To: <519385C3.6050601@packetalk.net> References: <51926B1E.6080002@packetalk.net> <1368572152.4459.17.camel@tardis> <519385C3.6050601@packetalk.net> Message-ID: <51964300.5010401@packetalk.net> On 05/15/2013 08:55 AM, Jim McNamara wrote: > On 05/14/2013 06:55 PM, Noel Butler wrote: >> On Tue, 2013-05-14 at 12:49 -0400, Jim McNamara wrote: >> >>> Hello everyone. >>> >>> I have dovecot version 1.2.8 installed from source. This morning I >>> installed the sieve plugin to sort emails, and though the install >>> reported no errors, the plugin doesn't seem to function, and no mention >>> of it is made in the logs when I turn on verbose logging. >>> >> >> with version 1.2.x I always found cmusieve to behave nicer. >> >> Though, if you are installing from source, why the hell are you using >> something so old? >> 1.2.17 is the latest in the now unsupported 1.2 series, but if you are >> building from source, try 2.1.16 and dovecot-2.1-pigeonhole-0.3.5, >> I've only recently (months ago) moved to 2.1 from 1.2, and it appears >> smoother, and lot of niggly things like hung *-login processes on busy >> servers have gone away, without bench testing, I'd even say its more >> resource friendly (at least in NFS (without director) configurations) >> >> Are you sure your sieve scripts are valid? do they get compiled? >> >> > > I believe in the past there was some issues with newer dovecot when > using qmail and vpopmail, but it has been years since I tried it. I'll > compile the source this morning and see if I can get deliveries to > work without sieve, then I'll proceed with the pigeonhole install. > > My sieve script passed the test on > http://libsieve-php.sourceforge.net/ , they are not complicated > scripts at all, literally if sender is A, move to subfolder A of > inbox. It was just for testing. The reason I assumed there was a > problem was the complete lack of logging. Also when I moved the > default sieve script: > > sieve_global_path: /usr/local/etc/default.sieve > > and the user script: > > sieve: /home/vpopmail/domains/%d/%n/sieve > > there was no logging that indicated sieve couldn't run because of a > lack of any sieve scripts. That plus the single sorting rule not > working quickly made me think sieve simply didn't install or work. > > Thank you for the help, I'll post back with the success/failure of a > more recent version. > Thank you for the solid suggestion, Noel! I now have Dovecot 2.2.1 along with Pigeonhole 0.4.0. All is working well at present. The largest issues I encountered was getting the configuration changed and functional from my previous 1.2.8 to 2.0. Once that was accomplished things more or less proceeded well. Managesieve works wonderfully, can dovecot creates the .sieve directory and its subdirectory .sieve/tmp correctly, the thunderbird plugin for sieve is able to connect and everything works, compilation happens automatically and the sieve scripts are functional. I use John Simpson's Qmail patch/setup on the server, I wasn't able to find a current dovecot config that worked with vpopmail without mysql. Here is my current config which works for me in this setup: root at hostname:/home/jim# doveconf -n # 2.2.1: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.0 auth_cache_size = 10 M auth_default_realm = mail.domain.com auth_mechanisms = plain login auth_socket_path = /usr/local/var/run/dovecot/auth-userdb default_internal_user = vpopmail default_login_user = vpopmail first_valid_gid = 89 first_valid_uid = 89 hostname = mail.domain.com last_valid_gid = 89 last_valid_uid = 89 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes log_path = /dev/stderr mail_access_groups = 89 mail_gid = 89 mail_location = maildir:%h/Maildir mail_plugins = " quota" mail_privileged_group = 89 mail_uid = 89 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave spamtest spamtestplus namespace inbox { inbox = yes location = prefix = separator = . } passdb { driver = vpopmail } plugin { sieve = ~/.sieve/dovecot.sieve sieve_dir = ~/.sieve sieve_extensions = +spamtest +spamtestplus +relational +comparator-i;ascii-numeric } postmaster_address = postmaster at mail.domain.com protocols = imap pop3 lmtp sieve sendmail_path = /var/qmail/bin/sendmail service auth-worker { user = $default_internal_user } service auth { unix_listener auth-userdb { group = vchkpw mode = 0600 user = vpopmail } user = $default_internal_user } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 64 M } ssl = required ssl_cert = Hello! I've tried to use extprograms pipe feature but stuck with "Broken pipe" errors in mail log: May 17 15:18:57 backend1 dovecot: lmtp(20338, user at domain.tld): Debug: 3VMVFWFKllFyTwAArRg8UA: sieve: action pipe: running program: learn May 17 15:18:57 backend1 dovecot: script: Error: write(response) failed: Broken pipe May 17 15:18:57 backend1 dovecot: lmtp(20338, user at domain.tld): 3VMVFWFKllFyTwAArRg8UA: sieve: execution of script /data/mail/storage/domain/user at domain.tld/.dovecot.sieve;name=main script failed, but implicit keep was successful (user logfile /data/mail/storage/domain/buser at domain.tld/.dovecot.sieve.log should reveal additional details) /data/mail/storage/domain/buser at domain.tld/.dovecot.sieve.log: error: msgid=: pipe action: failed to pipe message to program `learn': refer to server log for more information. [2013-05-17 15:18:57] ham user at domain.tld 50796. Sieve script contents: require ["fileinto","copy","mailbox","vnd.dovecot.pipe"]; if anyof (header :is "Subject" "ham") { pipe :try "learn" ["ham"]; fileinto "INBOX/ham"; stop; } Sieve plugin config uncommented conents: sieve_plugins = sieve_extprograms *sieve_pipe_socket_dir = sieve-pipe* # Define the executed script as parameter to the sieve service executable = script /etc/dovecot/scripts/spam.sh # Use some unprivileged user for executing the program user = nobody # The unix socket located in the sieve_pipe_socket_dir (as defined in the # plugin {} section above) unix_listener sieve-pipe/learn { # LDA/LMTP must have access user = nobody mode = 0777 } } spam.sh is message processing script which interacts with spamassassin. I've tested pipe with spam.sh that redirects stdin to /dev/null and returns 0 but errors were logged anyway. Note that spam.sh runs, getting the message from sieve and processing it to spamassassin without a problem, but "broken pipe" is being logged. From dovecot at anes.su Fri May 17 18:41:53 2013 From: dovecot at anes.su (Anes Mukhametov) Date: Fri, 17 May 2013 19:41:53 +0400 Subject: [Dovecot] Pigeonhole: extprograms - pipe Message-ID: Hello! I've tried to use extprograms pipe feature but stuck with "Broken pipe" errors in mail log: May 17 15:18:57 backend1 dovecot: lmtp(20338, user at domain.tld): Debug: 3VMVFWFKllFyTwAArRg8UA: sieve: action pipe: running program: learn May 17 15:18:57 backend1 dovecot: script: Error: write(response) failed: Broken pipe May 17 15:18:57 backend1 dovecot: lmtp(20338, user at domain.tld): 3VMVFWFKllFyTwAArRg8UA: sieve: execution of script /data/mail/storage/domain/user at domain.tld/.dovecot.sieve;name=main script failed, but implicit keep was successful (user logfile /data/mail/storage/domain/buser at domain.tld/.dovecot.sieve.log should reveal additional details) /data/mail/storage/domain/buser at domain.tld/.dovecot.sieve.log: error: msgid=: pipe action: failed to pipe message to program `learn': refer to server log for more information. [2013-05-17 15:18:57] ham user at domain.tld 50796. Sieve script contents: require ["fileinto","copy","mailbox","vnd.dovecot.pipe"]; if anyof (header :is "Subject" "ham") { pipe :try "learn" ["ham"]; fileinto "INBOX/ham"; stop; } Sieve plugin config uncommented conents: sieve_plugins = sieve_extprograms *sieve_pipe_socket_dir = sieve-pipe* # Define the executed script as parameter to the sieve service executable = script /etc/dovecot/scripts/spam.sh # Use some unprivileged user for executing the program user = nobody # The unix socket located in the sieve_pipe_socket_dir (as defined in the # plugin {} section above) unix_listener sieve-pipe/learn { # LDA/LMTP must have access user = nobody mode = 0777 } } spam.sh is message processing script which interacts with spamassassin. I've tested pipe with spam.sh that redirects stdin to /dev/null and returns 0 but errors were logged anyway. Note that spam.sh runs, getting the message from sieve and processing it to spamassassin without a problem, but "broken pipe" is being logged. From ben at morrow.me.uk Sat May 18 01:05:01 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Fri, 17 May 2013 23:05:01 +0100 Subject: [Dovecot] Pigeonhole: extprograms - pipe In-Reply-To: References: Message-ID: <20130517220500.GP52079@anubis.morrow.me.uk> At 7PM +0400 on 17/05/13 you (Anes Mukhametov) wrote: > Hello! > > I've tried to use extprograms pipe feature but stuck with "Broken pipe" > errors in mail log: > > May 17 15:18:57 backend1 dovecot: lmtp(20338, user at domain.tld): Debug: > 3VMVFWFKllFyTwAArRg8UA: sieve: action pipe: running program: learn > May 17 15:18:57 backend1 dovecot: script: Error: write(response) failed: > Broken pipe I suspect that what's happening here is that your script isn't reading the whole mail. However, that pipe that's broken is (I think) the socket from the script service back to the master service, so I don't quite understand how that could happen. > May 17 15:18:57 backend1 dovecot: lmtp(20338, user at domain.tld): > 3VMVFWFKllFyTwAArRg8UA: sieve: execution of script > /data/mail/storage/domain/user at domain.tld/.dovecot.sieve;name=main script > failed, but implicit keep was successful (user logfile > /data/mail/storage/domain/buser at domain.tld/.dovecot.sieve.log should reveal > additional details) > > /data/mail/storage/domain/buser at domain.tld/.dovecot.sieve.log: > error: msgid=: pipe action: > failed to pipe message to program `learn': refer to server log for more > information. [2013-05-17 15:18:57] ham user at domain.tld 50796. Mmm, recursively-referential error logs. Always fun... > spam.sh is message processing script which interacts with spamassassin. > I've tested pipe with spam.sh that redirects stdin to /dev/null and returns > 0 but errors were logged anyway. Well, you shouldn't do that: redirecting stdin from /dev/null in a shell script will close the incoming pipe, which means you won't read the mail at all and sieve will get upset. What you need to do instead (if you've got data to read and nothing to do with it) is 'cat >/dev/null', which will read it all and throw it away. > Note that spam.sh runs, getting the message from sieve and processing it to > spamassassin without a problem, but "broken pipe" is being logged. Hmm. Are you sure your real script is exitting with 0? spamc in learn mode exits 5 or 6 depending on whether the mail was already learned or not. Ben From noel.butler at ausics.net Sat May 18 04:35:10 2013 From: noel.butler at ausics.net (Noel Butler) Date: Sat, 18 May 2013 11:35:10 +1000 Subject: [Dovecot] Sieve was installed but doesn't work or log In-Reply-To: <51964300.5010401@packetalk.net> References: <51926B1E.6080002@packetalk.net> <1368572152.4459.17.camel@tardis> <519385C3.6050601@packetalk.net> <51964300.5010401@packetalk.net> Message-ID: <1368840910.5743.13.camel@tardis> On Fri, 2013-05-17 at 10:47 -0400, Jim McNamara wrote: > Thank you for the solid suggestion, Noel! I now have Dovecot 2.2.1 along > with Pigeonhole 0.4.0. All is working well at present. The largest > issues I encountered was getting the configuration changed and > functional from my previous 1.2.8 to 2.0. Once that was accomplished > things more or less proceeded well. Managesieve works wonderfully, can > dovecot creates the .sieve directory and its subdirectory .sieve/tmp > correctly, the thunderbird plugin for sieve is able to connect and > everything works, compilation happens automatically and the sieve > scripts are functional. > > I use John Simpson's Qmail patch/setup on the server, I wasn't able to > find a current dovecot config that worked with vpopmail without mysql. > Here is my current config which works for me in this setup: No problems Jim, glad it's all sorted. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From dovecot at anes.su Sat May 18 10:58:28 2013 From: dovecot at anes.su (Anes Mukhametov) Date: Sat, 18 May 2013 11:58:28 +0400 Subject: [Dovecot] Pigeonhole: extprograms - pipe In-Reply-To: <20130517220500.GP52079@anubis.morrow.me.uk> References: <20130517220500.GP52079@anubis.morrow.me.uk> Message-ID: No result: [root at backend1 scripts]# cat spam.sh #!/bin/bash cat > /dev/null exit 0 [root at backend1 scripts]# In the log: May 17 22:42:56 backend1 dovecot: script: Error: write(response) failed: Broken pipe :( On Sat, May 18, 2013 at 2:05 AM, Ben Morrow wrote: > At 7PM +0400 on 17/05/13 you (Anes Mukhametov) wrote: > > Hello! > > > > I've tried to use extprograms pipe feature but stuck with "Broken pipe" > > errors in mail log: > > > > May 17 15:18:57 backend1 dovecot: lmtp(20338, user at domain.tld): Debug: > > 3VMVFWFKllFyTwAArRg8UA: sieve: action pipe: running program: learn > > May 17 15:18:57 backend1 dovecot: script: Error: write(response) failed: > > Broken pipe > > I suspect that what's happening here is that your script isn't reading > the whole mail. However, that pipe that's broken is (I think) the socket > from the script service back to the master service, so I don't quite > understand how that could happen. > > > May 17 15:18:57 backend1 dovecot: lmtp(20338, user at domain.tld): > > 3VMVFWFKllFyTwAArRg8UA: sieve: execution of script > > /data/mail/storage/domain/user at domain.tld/.dovecot.sieve;name=main > script > > failed, but implicit keep was successful (user logfile > > /data/mail/storage/domain/buser at domain.tld/.dovecot.sieve.log should > reveal > > additional details) > > > > /data/mail/storage/domain/buser at domain.tld/.dovecot.sieve.log: > > error: msgid=: pipe action: > > failed to pipe message to program `learn': refer to server log for more > > information. [2013-05-17 15:18:57] ham user at domain.tld 50796. > > Mmm, recursively-referential error logs. Always fun... > > > spam.sh is message processing script which interacts with spamassassin. > > I've tested pipe with spam.sh that redirects stdin to /dev/null and > returns > > 0 but errors were logged anyway. > > Well, you shouldn't do that: redirecting stdin from /dev/null in a shell > script will close the incoming pipe, which means you won't read the mail > at all and sieve will get upset. What you need to do instead (if you've > got data to read and nothing to do with it) is 'cat >/dev/null', which > will read it all and throw it away. > > > Note that spam.sh runs, getting the message from sieve and processing it > to > > spamassassin without a problem, but "broken pipe" is being logged. > > Hmm. Are you sure your real script is exitting with 0? spamc in learn > mode exits 5 or 6 depending on whether the mail was already learned or > not. > > Ben > > From bushurui at gmail.com Sat May 18 12:06:09 2013 From: bushurui at gmail.com (Bu Xiaobing) Date: Sat, 18 May 2013 17:06:09 +0800 Subject: [Dovecot] How to configure ssl cert chain in dovecot 10-ssl.conf file Message-ID: <51974481.8060700@gmail.com> Hi there, Does anyone know how to do this: "Put all the certificates in the ssl_cert file. For example when using a certificate signed by TDC the correct order is: Dovecot's public certificate TDC SSL Server CA TDC Internet Root CA Globalsign Partners CA " I try to set these parameters in the conf.d/10-ssl.conf as below, but it seems doesn't work. --- ssl_cert = References: <51974481.8060700@gmail.com> Message-ID: <51974E6B.9060206@gedalya.net> On 05/18/2013 05:06 AM, Bu Xiaobing wrote: > I even cat mail.mymailserver.com.crt sub.class1.server.ca.pem certs/dovecot/ca.pem into one singe file, and define ssl_cert = < /path/to/the/singcertfile.pem, but it doesn't work too. That should be the correct way, but I think there shouldn't be a space after the < character. What exactly is the error you are getting? You can troubleshoot with openssl s_client, this is from my server: $ openssl s_client -connect 192.168.xxx.xxx:143 -starttls imap -CApath /etc/ssl/certs CONNECTED(00000003) depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify return:1 depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA verify return:1 depth=0 description = 7t3YlXVfb6bVQ2pp, C = US, CN = mail.gedalya.net, emailAddress = ______ at gedalya.net verify return:1 --- Certificate chain 0 s:/description=7t3YlXVfb6bVQ2pp/C=US/CN=mail.gedalya.net/emailAddress=postmaster at gedalya.net i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority --- From jim at packetalk.net Sat May 18 17:56:10 2013 From: jim at packetalk.net (Jim McNamara) Date: Sat, 18 May 2013 10:56:10 -0400 Subject: [Dovecot] Dovecot 2.2.1 LDA and sieve (lack of) errors Message-ID: <5197968A.6040209@packetalk.net> Hello again, all. Of course after posting yesterday that all was well with my setup, turns out all is not well. The problem I'm having is with dovecot-lda functioning and making deliveries to my mailbox, but the sieve scripts don't seem to have any effect. Attempts at logging what is/isn't happening have been total failures. Managesieve seems to work fine, port 4190 is open on the server and it allows the tunderbird plugin to function, I can create and edit scripts with the plugin. For some reason it doesn't seem to auto-compile the scripts to binary form, but if I just need to do that manually I can live with it. I only mention the lack of auto-compiling in case that sheds light on what is wrong with the LDA or sieve. I'm running the current dovecot, 2.2.1 along with pigeonhole 0.4.0. Here is the config: root at hostname:/usr/local/dovecot-2.2.1# doveconf -n # 2.2.1: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.0 auth_cache_size = 10 M auth_default_realm = mail.domain.com auth_mechanisms = plain login auth_socket_path = /usr/local/var/run/dovecot/auth-userdb debug_log_path = /dev/stderr default_internal_user = vpopmail default_login_user = vpopmail first_valid_gid = 89 first_valid_uid = 89 hostname = mail.domain.com last_valid_gid = 89 last_valid_uid = 89 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes log_path = /dev/stderr mail_access_groups = 89 mail_debug = yes mail_gid = 89 mail_location = maildir:%h/Maildir mail_plugins = " quota" mail_privileged_group = 89 mail_uid = 89 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave spamtest spamtestplus vnd.dovecot.debug namespace inbox { inbox = yes location = prefix = separator = . } passdb { driver = vpopmail } plugin { quota = maildir:User quota quota_rule = *:storage=2G quota_warning = storage=95%% quota-warning 95 %u sieve = ~/.sieve/dovecot.sieve sieve_dir = ~/.sieve sieve_extensions = +spamtest +spamtestplus +relational +comparator-i;ascii-numeric +vnd.dovecot.debug } postmaster_address = postmaster at mail.domain.com protocols = imap pop3 lmtp sieve sendmail_path = /var/qmail/bin/sendmail service auth-worker { user = $default_internal_user } service auth { unix_listener auth-userdb { group = vchkpw mode = 0600 user = vpopmail } user = $default_internal_user } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 64 M } ssl = required ssl_cert = night-test.sieve -rw------- 1 vpopmail vchkpw 303 May 18 02:22 dovecot.svbin -rw------- 1 vpopmail vchkpw 315 May 18 02:24 night-test.sieve drwx------ 2 vpopmail vchkpw 4096 May 18 02:24 tmp The contents of dovecot.sieve itself are: root at hostname:/home/vpopmail/domains/domain.com/jim/.sieve# cat dovecot.sieve # # 2013-5-17 # require ["fileinto", "envelope", "vnd.dovecot.debug"]; if header :contains ["from"] "sub1.domain.com" { debug_log "match happened and syntax changed for testing purposes"; fileinto "INBOX.folder2"; } else { debug_log "can't catch a cold when wet snowy and cold"; keep; } The compile of the script works fine as user vpopmail: vpopmail at hostname:~/domains/domain.com/jim/.sieve$ sievec dovecot.sieve /tmp/dovecot.svbin sievec(vpopmail): Debug: Loading modules from directory: /usr/local/lib/dovecot sievec(vpopmail): Debug: Module loaded: /usr/local/lib/dovecot/lib10_quota_plugin.so sievec(vpopmail): Debug: Effective uid=89, gid=89, home=/home/vpopmail sievec(vpopmail): Debug: Quota root: name=User quota backend=maildir args= sievec(vpopmail): Debug: Quota rule: root=User quota mailbox=* bytes=2147483648 messages=0 sievec(vpopmail): Debug: Quota warning: bytes=2040109465 (95%) messages=0 reverse=no command=quota-warning 95 vpopmail sievec(vpopmail): Debug: Quota grace: root=User quota bytes=214748364 (10%) A diff between dovecot.svbin and /tmp/dovecot.svbin shows no difference. Neither of the debug lines show up anywhere in the logs. When I send an email from sub1.domain.com to this server, it ends up in the main inbox rather than INBOX.folder2. Interestingly, if I run sieve-test on the mail, it tells me it should have been moved to INBOX.folder2: vpopmail at hostname:~/domains/domain.com/jim/Maildir/cur$ sieve-test ../../.sieve/dovecot.sieve 1368888104.11471.hostname\,S\=1235\:2\,a sieve-test(vpopmail): Debug: Loading modules from directory: /usr/local/lib/dovecot sieve-test(vpopmail): Debug: Module loaded: /usr/local/lib/dovecot/lib10_quota_plugin.so sieve-test(vpopmail): Debug: Effective uid=89, gid=89, home=/home/vpopmail sieve-test(vpopmail): Debug: Quota root: name=User quota backend=maildir args= sieve-test(vpopmail): Debug: Quota rule: root=User quota mailbox=* bytes=2147483648 messages=0 sieve-test(vpopmail): Debug: Quota warning: bytes=2040109465 (95%) messages=0 reverse=no command=quota-warning 95 vpopmail sieve-test(vpopmail): Debug: Quota grace: root=User quota bytes=214748364 (10%) sieve-test(vpopmail): Debug: Quota root: name=User quota backend=maildir args= sieve-test(vpopmail): Debug: Quota rule: root=User quota mailbox=* bytes=2147483648 messages=0 sieve-test(vpopmail): Debug: Quota warning: bytes=2040109465 (95%) messages=0 reverse=no command=quota-warning 95 raw mail user sieve-test(vpopmail): Debug: Quota grace: root=User quota bytes=214748364 (10%) sieve-test(vpopmail): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= dovecot: line 6: info: DEBUG: match happened and syntax changed for testing purposes. Performed actions: * store message in folder: INBOX.folder2 Implicit keep: (none) sieve-test(vpopmail): Info: final result: success And yes, INBOX.folder exists: vpopmail at hostname:~/domains/domain.com/jim/Maildir/cur$ ls -al ../.INBOX.folder2/ total 28 drwx------ 5 vpopmail vchkpw 4096 May 14 10:33 . drwx------ 15 vpopmail vchkpw 4096 May 18 10:42 .. drwx------ 2 vpopmail vchkpw 4096 May 14 10:20 cur -rw------- 1 vpopmail vchkpw 232 May 17 08:07 dovecot.index.log -rw------- 1 vpopmail vchkpw 17 May 14 10:33 dovecot-uidlist -rw------- 1 vpopmail vchkpw 0 May 14 10:20 maildirfolder drwx------ 2 vpopmail vchkpw 4096 May 14 10:20 new drwx------ 2 vpopmail vchkpw 4096 May 14 10:20 tmp Here's the file that calls dovecot-lda for user jim: vpopmail at hostname:~/domains/domain.com/jim$ cat .qmail-default |/var/qmail/bin/preline -f /usr/local/libexec/dovecot/dovecot-lda -d $EXT@$USER Both /var/qmail/bin/preline and /usr/local/libexec/dovecot/dovecot-lda exist. Any idea why my sieve doesn't seem to take effect? Thanks for reading. From stephan at rename-it.nl Sun May 19 00:35:13 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Sat, 18 May 2013 23:35:13 +0200 Subject: [Dovecot] Dovecot 2.2.1 LDA and sieve (lack of) errors In-Reply-To: <5197968A.6040209@packetalk.net> References: <5197968A.6040209@packetalk.net> Message-ID: <5197F411.7010308@rename-it.nl> On 5/18/2013 4:56 PM, Jim McNamara wrote: > Hello again, all. Of course after posting yesterday that all was well > with my setup, turns out all is not well. The problem I'm having is > with dovecot-lda functioning and making deliveries to my mailbox, but > the sieve scripts don't seem to have any effect. Attempts at logging > what is/isn't happening have been total failures. > > Managesieve seems to work fine, port 4190 is open on the server and it > allows the tunderbird plugin to function, I can create and edit > scripts with the plugin. For some reason it doesn't seem to > auto-compile the scripts to binary form, but if I just need to do that > manually I can live with it. I only mention the lack of auto-compiling > in case that sheds light on what is wrong with the LDA or sieve. > > I'm running the current dovecot, 2.2.1 along with pigeonhole 0.4.0. > Here is the config: > > root at hostname:/usr/local/dovecot-2.2.1# doveconf -n > # 2.2.1: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.0 > > mail_debug = yes So, mail_debug is enabled. > Here's the file that calls dovecot-lda for user jim: > > vpopmail at hostname:~/domains/domain.com/jim$ cat .qmail-default > |/var/qmail/bin/preline -f /usr/local/libexec/dovecot/dovecot-lda -d > $EXT@$USER > > Both /var/qmail/bin/preline and /usr/local/libexec/dovecot/dovecot-lda > exist. Are you sure this is actually being executed? What happens if you execute dovecot-lda manually? This is an example of what you're supposed to see in the logs with mail_debug=yes: May 18 23:28:02 klara dovecot: lda: Debug: Loading modules from directory: /usr/lib/dovecot/modules May 18 23:28:02 klara dovecot: lda: Debug: Module loaded: /usr/lib/dovecot/modules/lib90_sieve_plugin.so May 18 23:28:02 klara dovecot: lda(stephan): Debug: Effective uid=1000, gid=1000, home=/home/stephan May 18 23:28:02 klara dovecot: lda(stephan): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir May 18 23:28:02 klara dovecot: lda(stephan): Debug: maildir++: root=/home/stephan/Maildir, index=, indexpvt=, control=, inbox=/home/stephan/Maildir, alt= May 18 23:28:02 klara dovecot: lda(stephan): Debug: userdb lookup skipped, username taken from USER environment May 18 23:28:02 klara dovecot: lda(stephan): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= May 18 23:28:02 klara dovecot: lda(stephan): Debug: Destination address: stephan at klara (source: user at hostname) May 18 23:28:02 klara dovecot: lda(stephan): Debug: sieve: Pigeonhole version 0.4.0 initializing Regards, Stephan. From stephan at rename-it.nl Sun May 19 00:54:15 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Sat, 18 May 2013 23:54:15 +0200 Subject: [Dovecot] Pigeonhole: extprograms - pipe In-Reply-To: References: <20130517220500.GP52079@anubis.morrow.me.uk> Message-ID: <5197F887.2090000@rename-it.nl> On 5/18/2013 9:58 AM, Anes Mukhametov wrote: > No result: > > [root at backend1 scripts]# cat spam.sh > #!/bin/bash > > cat > /dev/null > > exit 0 > [root at backend1 scripts]# > > In the log: May 17 22:42:56 backend1 dovecot: script: Error: > write(response) failed: Broken pipe > > :( I must say I haven't tested the use of the script service in a while and it is not part of the test suite. I've tried it at my end and I can reproduce the error. I'll look at this more thoroughly tomorrow. Regards, Stephan. From jim at packetalk.net Sun May 19 02:32:32 2013 From: jim at packetalk.net (Jim McNamara) Date: Sat, 18 May 2013 19:32:32 -0400 Subject: [Dovecot] Dovecot 2.2.1 LDA and sieve (lack of) errors In-Reply-To: <5197F411.7010308@rename-it.nl> References: <5197968A.6040209@packetalk.net> <5197F411.7010308@rename-it.nl> Message-ID: <51980F90.9050204@packetalk.net> On 05/18/2013 05:35 PM, Stephan Bosch wrote: > >> root at hostname:/usr/local/dovecot-2.2.1# doveconf -n >> # 2.2.1: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.0 >> >> mail_debug = yes > > So, mail_debug is enabled. > >> Here's the file that calls dovecot-lda for user jim: >> >> vpopmail at hostname:~/domains/domain.com/jim$ cat .qmail-default >> |/var/qmail/bin/preline -f /usr/local/libexec/dovecot/dovecot-lda -d >> $EXT@$USER >> >> Both /var/qmail/bin/preline and >> /usr/local/libexec/dovecot/dovecot-lda exist. > > Are you sure this is actually being executed? What happens if you > execute dovecot-lda manually? I found that LDA was not being executed from the user's .qmail-default file, I changed that file to call a non-existent delivery agent, and the message still ended up in the inbox, not sorted as it should have been, so vpopmail was still handling the delivery. This is a qmail issue, simply renaming .qmail-default to .qmail in that user's vpopmail directory allowed lda to begin functioning. > > This is an example of what you're supposed to see in the logs with > mail_debug=yes: > > May 18 23:28:02 klara dovecot: lda: Debug: Loading modules from > directory: /usr/lib/dovecot/modules > May 18 23:28:02 klara dovecot: lda: Debug: Module loaded: > /usr/lib/dovecot/modules/lib90_sieve_plugin.so > May 18 23:28:02 klara dovecot: lda(stephan): Debug: Effective > uid=1000, gid=1000, home=/home/stephan > May 18 23:28:02 klara dovecot: lda(stephan): Debug: Namespace inbox: > type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, > subscriptions=yes location=maildir:~/Maildir > May 18 23:28:02 klara dovecot: lda(stephan): Debug: maildir++: > root=/home/stephan/Maildir, index=, indexpvt=, control=, > inbox=/home/stephan/Maildir, alt= > May 18 23:28:02 klara dovecot: lda(stephan): Debug: userdb lookup > skipped, username taken from USER environment > May 18 23:28:02 klara dovecot: lda(stephan): Debug: none: root=, > index=, indexpvt=, control=, inbox=, alt= > May 18 23:28:02 klara dovecot: lda(stephan): Debug: Destination > address: stephan at klara (source: user at hostname) > May 18 23:28:02 klara dovecot: lda(stephan): Debug: sieve: Pigeonhole > version 0.4.0 initializing > > Regards, > > Stephan. > > Now this is interesting - I do have Pigeonhole and sieve enabled according to doveconf -n, but the only mention of sieve is as a subdirectory of the user's home, no mention of the sieve module at all. I do see that Pigeonhole 0.4.0 is enabled. Also, there have only been 0 mentions of lda in the current dovecot log, and that log is 6 hours old. I'll try running dovecot-lda manually after checking out the man page. Thanks again for the help! From peter at jay.Phy.QueensU.CA Sun May 19 18:51:12 2013 From: peter at jay.Phy.QueensU.CA (Peter Skensved) Date: Sun, 19 May 2013 11:51:12 -0400 Subject: [Dovecot] Configure dovecot to provide SASL authentication Message-ID: <20130519155112.GA13134@jay.Phy.QueensU.CA> Hi, I'm trying to get dovecot to provide SASL authentication for postfix My setup appears to be working but I'm not 100% certain I've got it right. I've come across several examples for dovecot version 1 but I'm running 2.0.9. The output of doveconf -n is here : 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.2.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) auth_debug = yes auth_verbose = yes disable_plaintext_auth = no mbox_write_locks = fcntl passdb { driver = pam } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } ssl_cert = References: <20130519155112.GA13134@jay.Phy.QueensU.CA> Message-ID: <5198F735.3020901@thelounge.net> Am 19.05.2013 17:51, schrieb Peter Skensved: > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0666 > } chmod 666 is always a very bad idea service auth { unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From tss at iki.fi Sun May 19 22:34:32 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 19 May 2013 22:34:32 +0300 Subject: [Dovecot] doveadm altmove to gzipped-mdbox In-Reply-To: <519637AC.4090006@bayern-mail.de> References: <519637AC.4090006@bayern-mail.de> Message-ID: <1368992072.13573.43.camel@innu> On Fri, 2013-05-17 at 15:59 +0200, Claus wrote: > Hi, > > im wondering if it's possible to store old messages in a compressed > mdbox on alternate storage. > The main storage is uncompressed mdbox. > > I tried something like: doveadm -Dv -o "plugin/zlib_save=gz" altmove -u > testuser sentbefore 8d > > Could someone tell me if it's possible and give me a hint how this can > be done? I think that command should have worked, assuming zlib plugin was loaded. But it would have compressed mails in the primary storage as well for those files where it was moving mails away from (altmove runs implicit purge). From gizmo at giz-works.com Mon May 20 00:33:52 2013 From: gizmo at giz-works.com (Chris Richards) Date: Sun, 19 May 2013 16:33:52 -0500 Subject: [Dovecot] Error: dict client sent broken reply Message-ID: <0b8beb24a830ec79044996616a0e6614.squirrel@www.giz-works.com> I've been mucking about, experimenting with the expire plugin and using a dictionary. I've got the iteration query working when I do a normal expunge using: doveadm expunge -A mailbox "INBOX.Trash" savedbefore 1w and expunging works as expected. However, I've got over 12,000 accounts on this server, so I was hoping using the expire plugin to could help out. I've configured the plugin, and things kinda work, except that somewhere between 3700 and 3800 users, I abort with this: doveadm(someuseraccount at somedomain): Error: dict client (/var/run/dovecot/dict) sent broken reply doveadm(someuseraccount at somedomain): Error: Dictionary iteration failed doveadm: Error: Failed to iterate through some users It consistently fails at the same user. If I delete that user from the expire database, then it appears to fail on the next user. I also see this in the logs: dovecot: dict: Error: dict client: COMMIT: Can't commit while iterating I've absolutely no idea where to go from here to troubleshoot this. Any guidance would be appreciated. Thanks, Chris doveconf -n: # 2.1.12: /etc/dovecot/dovecot.conf # OS: Linux 3.7.5-hardened-r1 x86_64 Gentoo Base System release 2.1 ext4 auth_master_user_separator = * auth_mechanisms = plain login auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@& auth_verbose_passwords = plain default_process_limit = 200 dict { quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no login_greeting = Awaiting command... mail_location = maildir:/home/vmail/%d/%n/Maildir mail_plugins = " quota" mail_privileged_group = 100 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = INBOX. separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { expire = Trash 7 expire2 = Trash/* 7 expire3 = Spam 7 quota = dict:User quota:%u:proxy::quota quota_rule = *:storage=200M quota_warning = storage=99%% quota-warning 99 %n %d quota_warning2 = storage=95%% quota-warning 95 %n %d quota_warning3 = storage=80%% quota-warning 80 %n %d quota_warning4 = -storage=95%% quota-warning 'less than 95' %n %d sieve = ~/.dovecot.sieve sieve_default = /home/vmail/dovecot/sieve/default.sieve sieve_dir = ~/sieve sieve_global_dir = /home/vmail/dovecot/sieve } protocols = imap pop3 sieve lmtp service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = dovecot mode = 0666 user = dovecot } user = $default_internal_user } service dict { unix_listener dict { mode = 0600 user = vmail } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service quota-warning { executable = script /etc/dovecot/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl_cert = From dovecot-dict-sql.conf.ext: connect = host=localhost dbname=maildb user=dbuser password=dbpass # CREATE TABLE quota ( # username varchar(100) not null, # bytes bigint not null default 0, # messages integer not null default 0, # primary key (username) # ); map { pattern = priv/quota/storage table = quota_usage username_field = address value_field = quota_bytes } map { pattern = priv/quota/messages table = quota_usage username_field = address value_field = quota_messages } # CREATE TABLE expires ( # username varchar(100) not null, # mailbox varchar(255) not null, # expire_stamp integer not null, # primary key (username, mailbox) # ); map { pattern = shared/expire/$user/$mailbox table = expires value_field = expire_stamp fields { address = $user folder = $mailbox } } dovecot-sql.conf.ext driver = mysql connect = host=/var/run/mysqld/mysqld.sock dbname=maildb user=dbuser password=dbpass default_pass_scheme = PLAIN user_query = SELECT homedir AS home, maildir AS mail, uid AS uid, gid AS gid, quota_rule AS quota_rule FROM email WHERE address = CONVERT('%u' USING latin1) AND is_alias=0; password_query = SELECT address AS user, NULL as password, homedir AS userdb_home, maildir as userdb_mail, uid AS userdb_uid, gid AS userdb_gid, quota_rule AS userdb_quota_rule, 'Y' AS nopassword FROM email WHERE address = CASE WHEN ('%d' = '') THEN CONCAT (CONVERT('%n' USING latin1), '@bordernet.com.au') ELSE CONVERT('%u' USING latin1) END AND is_alias=0 AND CheckPasswordFunc(CONVERT('%n' USING latin1), '%d', CONVERT('%w' USING latin1), '%r'); iterate_query = SELECT address AS user FROM email WHERE is_alias=0 AND length(password) > 1 From tss at iki.fi Mon May 20 02:31:01 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 20 May 2013 02:31:01 +0300 Subject: [Dovecot] v2.2.2 released Message-ID: <1369006261.13573.52.camel@innu> http://dovecot.org/releases/2.2/dovecot-2.2.2.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.2.tar.gz.sig It's been a while since v2.2.1. I think all of the bad bugs in v2.2 series should be fixed by now, so here's a new release. I think there are still some small URLAUTH bugs left though, so you might want to wait before enabling it in production (imap_urlauth_host is empty by default, which disables it). + zlib: Keep the last mail cached uncompressed in a temp file. This fixes performance when doing small partial fetches from a large mail. + acl: If plugin { acl_defaults_from_inbox = yes } is set, get the default ACLs for private and shared namespaces from the user's INBOX. (This probably will become default in v2.3.) + pop3: Added pop3_deleted_flag setting to switch POP3 deletions to only hide the messages from POP3, but still be visible via IMAP. - ACL plugin: Mailbox creation wasn't actually checking any ACLs and always succeeded (due to some v2.2 API changes). The created mailbox couldn't have been accessed though, so this couldn't have caused any data leak. - IMAP: Various URLAUTH fixes. - IMAP: Fixed a hang with invalid APPEND parameters. - IMAP LIST-EXTENDED: INBOX was never listed with \Subscribed flag. - mailbox_list_index=yes still caused crashes. - maildir: Fixed a crash after dovecot-keywords file was re-read. - maildir: If files had reappeared unexpectedly to a Maildir, they were ignored until index files were deleted. - Maildir: Fixed handling over 26 keywords in a mailbox. - Maildir++: Fixed mail_shared_explicit_inbox=no - namespace { prefix="" list=no } was listing mailboxes. - imap/pop3-login proxying: Fixed a crash if TCP connection succeeded, but the remote login timed out. - Case-insensitive search/sort didn't work correctly for all unicode characters, as specified by i;unicode-casemap comparator. If full text search indexes were used, they need to be rebuilt for old mails to be handled correctly. (This bug has existed always in Dovecot.) From h.reindl at thelounge.net Mon May 20 02:37:24 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 20 May 2013 01:37:24 +0200 Subject: [Dovecot] [Dovecot-news] v2.2.2 released In-Reply-To: <1369006261.13573.52.camel@innu> References: <1369006261.13573.52.camel@innu> Message-ID: <51996234.6010109@thelounge.net> if it only would compile on Fedora 18 x86_64.... strange: Fedora 17 x86_64 is OK with the same SPEC file and env libtool: link: ar cru .libs/libstorage_maildir.a .libs/maildir-copy.o .libs/maildir-filename.o .libs/maildir-filename-flags.o .libs/maildir-keywords.o .libs/maildir-mail.o .libs/maildir-save.o .libs/maildir-settings.o .libs/maildir-storage.o .libs/maildir-sync.o .libs/maildir-sync-index.o .libs/maildir-uidlist.o .libs/maildir-util.o libtool: link: ranlib .libs/libstorage_maildir.a libtool: link: ( cd ".libs" && rm -f "libstorage_maildir.la" && ln -s "../libstorage_maildir.la" "libstorage_maildir.la" ) make[5]: Leaving directory `/home/builduser/rpmbuild/BUILD/dovecot-2.2.2/src/lib-storage/index/maildir' make[5]: write error make[4]: *** [all-recursive] Error 1 make[4]: Leaving directory `/home/builduser/rpmbuild/BUILD/dovecot-2.2.2/src/lib-storage/index' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/builduser/rpmbuild/BUILD/dovecot-2.2.2/src/lib-storage' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/home/builduser/rpmbuild/BUILD/dovecot-2.2.2/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/builduser/rpmbuild/BUILD/dovecot-2.2.2' make: *** [all] Error 2 Fehler: Fehler-Status beim Beenden von /var/tmp/rpm-tmp.Z02fsa (%build) Am 20.05.2013 01:31, schrieb Timo Sirainen: > http://dovecot.org/releases/2.2/dovecot-2.2.2.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.2.tar.gz.sig > > It's been a while since v2.2.1. I think all of the bad bugs in v2.2 > series should be fixed by now, so here's a new release. I think there > are still some small URLAUTH bugs left though, so you might want to wait > before enabling it in production (imap_urlauth_host is empty by default, > which disables it). > > + zlib: Keep the last mail cached uncompressed in a temp file. This > fixes performance when doing small partial fetches from a large > mail. > + acl: If plugin { acl_defaults_from_inbox = yes } is set, get the > default ACLs for private and shared namespaces from the user's INBOX. > (This probably will become default in v2.3.) > + pop3: Added pop3_deleted_flag setting to switch POP3 deletions to > only hide the messages from POP3, but still be visible via IMAP. > - ACL plugin: Mailbox creation wasn't actually checking any ACLs > and always succeeded (due to some v2.2 API changes). The created > mailbox couldn't have been accessed though, so this couldn't have > caused any data leak. > - IMAP: Various URLAUTH fixes. > - IMAP: Fixed a hang with invalid APPEND parameters. > - IMAP LIST-EXTENDED: INBOX was never listed with \Subscribed flag. > - mailbox_list_index=yes still caused crashes. > - maildir: Fixed a crash after dovecot-keywords file was re-read. > - maildir: If files had reappeared unexpectedly to a Maildir, they > were ignored until index files were deleted. > - Maildir: Fixed handling over 26 keywords in a mailbox. > - Maildir++: Fixed mail_shared_explicit_inbox=no > - namespace { prefix="" list=no } was listing mailboxes. > - imap/pop3-login proxying: Fixed a crash if TCP connection succeeded, > but the remote login timed out. > - Case-insensitive search/sort didn't work correctly for all unicode > characters, as specified by i;unicode-casemap comparator. If full > text search indexes were used, they need to be rebuilt for old mails > to be handled correctly. (This bug has existed always in Dovecot.) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From tss at iki.fi Mon May 20 02:49:28 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 20 May 2013 02:49:28 +0300 Subject: [Dovecot] [Dovecot-news] v2.2.2 released In-Reply-To: <51996234.6010109@thelounge.net> References: <1369006261.13573.52.camel@innu> <51996234.6010109@thelounge.net> Message-ID: <1369007368.13573.55.camel@innu> On Mon, 2013-05-20 at 01:37 +0200, Reindl Harald wrote: > if it only would compile on Fedora 18 x86_64.... > strange: Fedora 17 x86_64 is OK with the same SPEC file and env > > libtool: link: ar cru .libs/libstorage_maildir.a .libs/maildir-copy.o .libs/maildir-filename.o > .libs/maildir-filename-flags.o .libs/maildir-keywords.o .libs/maildir-mail.o .libs/maildir-save.o > .libs/maildir-settings.o .libs/maildir-storage.o .libs/maildir-sync.o .libs/maildir-sync-index.o > .libs/maildir-uidlist.o .libs/maildir-util.o > libtool: link: ranlib .libs/libstorage_maildir.a > libtool: link: ( cd ".libs" && rm -f "libstorage_maildir.la" && ln -s "../libstorage_maildir.la" > "libstorage_maildir.la" ) > make[5]: Leaving directory `/home/builduser/rpmbuild/BUILD/dovecot-2.2.2/src/lib-storage/index/maildir' > make[5]: write error I've seen this sometimes during make distcheck I think. Maybe only when using -j flag to use multiple cores. Never figured out how that could happen, and then it went away I guess, or at least I haven't noticed it for a while now. Every time I tried to run make via strace to figure out what was happening it didn't fail. Very annoying error message. I suspect a make bug. From h.reindl at thelounge.net Mon May 20 02:52:40 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 20 May 2013 01:52:40 +0200 Subject: [Dovecot] [Dovecot-news] v2.2.2 released In-Reply-To: <1369007368.13573.55.camel@innu> References: <1369006261.13573.52.camel@innu> <51996234.6010109@thelounge.net> <1369007368.13573.55.camel@innu> Message-ID: <519965C8.9000003@thelounge.net> Am 20.05.2013 01:49, schrieb Timo Sirainen: > On Mon, 2013-05-20 at 01:37 +0200, Reindl Harald wrote: >> if it only would compile on Fedora 18 x86_64.... >> strange: Fedora 17 x86_64 is OK with the same SPEC file and env >> >> libtool: link: ar cru .libs/libstorage_maildir.a .libs/maildir-copy.o .libs/maildir-filename.o >> .libs/maildir-filename-flags.o .libs/maildir-keywords.o .libs/maildir-mail.o .libs/maildir-save.o >> .libs/maildir-settings.o .libs/maildir-storage.o .libs/maildir-sync.o .libs/maildir-sync-index.o >> .libs/maildir-uidlist.o .libs/maildir-util.o >> libtool: link: ranlib .libs/libstorage_maildir.a >> libtool: link: ( cd ".libs" && rm -f "libstorage_maildir.la" && ln -s "../libstorage_maildir.la" >> "libstorage_maildir.la" ) >> make[5]: Leaving directory `/home/builduser/rpmbuild/BUILD/dovecot-2.2.2/src/lib-storage/index/maildir' >> make[5]: write error > > I've seen this sometimes during make distcheck I think. Maybe only when > using -j flag to use multiple cores. Never figured out how that could > happen, and then it went away I guess, or at least I haven't noticed it > for a while now. Every time I tried to run make via strace to figure out > what was happening it didn't fail. Very annoying error message. I > suspect a make bug confirmed: -j 8 a second try on F18 suceeded now strange - never seen this before, the buildroot is clean (rpmbuild) and on this VM are tons of packages built including httpd and maridadb within the last 24 hours _________________ however, build is now fine Verarbeite Daten: dovecot-2.2.2-2.fc18.20130520.rh.x86_64 Warnung: Datei doppelt aufgelistet: /usr/lib64/dovecot/libdriver_mysql.so Provides: dovecot = 1:2.2.2-2.fc18.20130520.rh dovecot(x86-64) = 1:2.2.2-2.fc18.20130520.rh dovecot-mysql libauthdb_imap.so()(64bit) libdovecot-login.so.0()(64bit) libdovecot-sql.so.0()(64bit) libdovecot-storage.so.0()(64bit) libdovecot.so.0()(64bit) libdriver_mysql.so()(64bit) libssl_iostream_openssl.so()(64bit) Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires(pre): /bin/sh shadow-utils Requires(post): /bin/sh shadow-utils Requires(preun): /bin/sh shadow-utils Requires(postun): /bin/sh Requires: /bin/sh libc.so.6()(64bit) libc.so.6(GLIBC_2.10)(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.2)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.7)(64bit) libcap.so.2()(64bit) libcrypt.so.1()(64bit) libcrypt.so.1(GLIBC_2.2.5)(64bit) libcrypto.so.10()(64bit) libcrypto.so.10(libcrypto.so.10)(64bit) libdl.so.2()(64bit) libdl.so.2(GLIBC_2.2.5)(64bit) libdovecot-login.so.0()(64bit) libdovecot-sql.so.0()(64bit) libdovecot-storage.so.0()(64bit) libdovecot.so.0()(64bit) libgomp.so.1()(64bit) libm.so.6()(64bit) libmysqlclient.so.18()(64bit) libmysqlclient.so.18(libmysqlclient_16)(64bit) libpthread.so.0()(64bit) libpthread.so.0(GLIBC_2.2.5)(64bit) librt.so.1()(64bit) librt.so.1(GLIBC_2.2.5)(64bit) libssl.so.10()(64bit) libssl.so.10(libssl.so.10)(64bit) libz.so.1()(64bit) rtld(GNU_HASH) Obsoletes: dovecot-mysql Pr?fe auf nicht gepackte Datei(en): /usr/lib/rpm/check-files /home/builduser/rpmbuild/BUILDROOT/dovecot-2.2.2-2.fc18.20130520.rh.x86_64 Erstellt: /home/builduser/rpmbuild/RPMS/x86_64/dovecot-2.2.2-2.fc18.20130520.rh.x86_64.rpm Ausf?hrung(%clean): /bin/sh -e /var/tmp/rpm-tmp.507W6s + umask 022 + cd /home/builduser/rpmbuild/BUILD + cd dovecot-2.2.2 + /usr/bin/rm -rf /home/builduser/rpmbuild/BUILDROOT/dovecot-2.2.2-2.fc18.20130520.rh.x86_64 + exit 0 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From roel at wagenaar.nu Mon May 20 11:29:24 2013 From: roel at wagenaar.nu (Roel Wagenaar) Date: Mon, 20 May 2013 10:29:24 +0200 Subject: [Dovecot] Empty file in maildirs Message-ID: I am cleaning up some old users, and found that in every maildir folder there is an empty file called maildirfolder, created at the time the original dovecot was installed. Is this empty file necessary for dovecot, or is it left there in an upgrade proces and can it be removed? Dovecot 2.1.7, on Debian wheezy. -- Roel Wagenaar, Linux-User #469851 with the Linux Counter; http://linuxcounter.net/ Antw.: Omdat het de volgorde verstoord waarin mensen tekst lezen. Vraag: Waarom is top-posting een slechte gewoonte? Antw.: Top-posting. Vraag: Wat is het meest ergerlijke in e-mail? If we aren't supposed to eat amimals, why are they made with meat? From tss at iki.fi Mon May 20 11:54:54 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 20 May 2013 11:54:54 +0300 Subject: [Dovecot] Empty file in maildirs In-Reply-To: References: Message-ID: On 20.5.2013, at 11.29, Roel Wagenaar wrote: > I am cleaning up some old users, and found that in every maildir folder there is > an empty file called maildirfolder, created at the time the original dovecot was > installed. > > Is this empty file necessary for dovecot, or is it left there in an upgrade > proces and can it be removed? It's defined by Maildir++ specs. They're used by maildrop and maybe some other Maildir++ tools that need to update the maildirsize quota file. Dovecot itself doesn't care about if they exist or not, but it does create them whenever you create a new folder, so you can't really get rid of them completely. From claus.r at bayern-mail.de Mon May 20 13:40:23 2013 From: claus.r at bayern-mail.de (Claus) Date: Mon, 20 May 2013 12:40:23 +0200 Subject: [Dovecot] doveadm altmove to gzipped-mdbox In-Reply-To: <1368992072.13573.43.camel@innu> References: <519637AC.4090006@bayern-mail.de> <1368992072.13573.43.camel@innu> Message-ID: <5199FD97.3040505@bayern-mail.de> Timo, thanks for your answer. If i understand this correctly than it's not possible to work in primary storage with uncompressed mdbox (because of better performance) and move older Mails to alternate storage in compressed Format. Am 19.05.2013 21:34, schrieb Timo Sirainen: > On Fri, 2013-05-17 at 15:59 +0200, Claus wrote: >> Hi, >> >> im wondering if it's possible to store old messages in a compressed >> mdbox on alternate storage. >> The main storage is uncompressed mdbox. >> >> I tried something like: doveadm -Dv -o "plugin/zlib_save=gz" altmove -u >> testuser sentbefore 8d >> >> Could someone tell me if it's possible and give me a hint how this can >> be done? > I think that command should have worked, assuming zlib plugin was > loaded. But it would have compressed mails in the primary storage as > well for those files where it was moving mails away from (altmove runs > implicit purge). > > > From acrow at integrafin.co.uk Mon May 20 14:00:49 2013 From: acrow at integrafin.co.uk (Alex Crow) Date: Mon, 20 May 2013 12:00:49 +0100 Subject: [Dovecot] Linking mdbox directories Message-ID: <519A0261.9@integrafin.co.uk> Hi Timo/list, We have a scenario in which some email accounts on dovecot (stored in mdbox, separate paths for indexes, email, ALT storage and also using SIS for attachments, LDAP directory) need their names changed. I know we could just change the mail LDAP attribute (and leave mailMessageStore alone) so they keep the same directories on disk, but this would throw a spanner in the works for our backups. Would it be possible to create a hard link of the user's directories under the new name, and change the LDAP mailMessageStore attribute to point to these without stopping and starting dovecot? And after a while unlink the original locations? Or would this mess up dovecot's internal state? Thanks Alex -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. "Transact" is operated by Integrated Financial Arrangements plc. 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300. (Registered office: as above; Registered in England and Wales under number: 3727592). Authorised and regulated by the Financial Conduct Authority (entered on the Financial Services Register; no. 190856). From acrow at integrafin.co.uk Mon May 20 14:28:00 2013 From: acrow at integrafin.co.uk (Alex Crow) Date: Mon, 20 May 2013 12:28:00 +0100 Subject: [Dovecot] Linking mdbox directories In-Reply-To: <519A0261.9@integrafin.co.uk> References: <519A0261.9@integrafin.co.uk> Message-ID: <519A08C0.4080705@integrafin.co.uk> Just realised you can't hardlink directories. Given that (and forgetting the "delete later" thing) would it work with a symlink? Thanks Alex ----Original Message---- *Subject:* [Dovecot] Linking mdbox directories *From:* Alex Crow *To:* dovecot at dovecot.org{ *CC:* }*Date:* Mon, 20 May 2013 12:00:49 +0100 > Hi Timo/list, > > We have a scenario in which some email accounts on dovecot (stored in > mdbox, separate paths for indexes, email, ALT storage and also using > SIS for attachments, LDAP directory) need their names changed. I know > we could just change the mail LDAP attribute (and leave > mailMessageStore alone) so they keep the same directories on disk, but > this would throw a spanner in the works for our backups. > > Would it be possible to create a hard link of the user's directories > under the new name, and change the LDAP mailMessageStore attribute to > point to these without stopping and starting dovecot? And after a > while unlink the original locations? Or would this mess up dovecot's > internal state? > > Thanks > > Alex > -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. "Transact" is operated by Integrated Financial Arrangements plc. 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300. (Registered office: as above; Registered in England and Wales under number: 3727592). Authorised and regulated by the Financial Conduct Authority (entered on the Financial Services Register; no. 190856). From karol.jurak at gmail.com Mon May 20 16:29:44 2013 From: karol.jurak at gmail.com (Karol Jurak) Date: Mon, 20 May 2013 15:29:44 +0200 Subject: [Dovecot] dsync-2.2.2 incorrectly synchronizes subscription status of deleted mailbox Message-ID: <519A2548.8000602@gmail.com> Hi, It seems that dsync-2.2.2 doesn't correctly synchronize subscription status of a deleted mailbox. The situation is as follows. There are two servers: A and B, and a test user test_mdbox. Mailboxes (mdbox) of this user on both servers are synchronized. Specifically on both of them there is a Trash/x mailbox. Replication plugin is disabled. I delete Thrash/x mailbox on A with Thunderbird. The relevant IMAP commands issued are: 71 87.068176 10.4.0.13 10.1.107.144 IMAP Request: 9 delete "Trash/x" 72 87.072238 10.1.107.144 10.4.0.13 IMAP Response: 9 OK Delete completed. 73 87.073736 10.4.0.13 10.1.107.144 IMAP Request: 10 unsubscribe "Trash/x" 74 87.085263 10.1.107.144 10.4.0.13 IMAP Response: 10 OK Unsubscribe completed. Inspecting output of 'doveadm mailbox list' and contents of subscriptions file shows that everything is as expected, ie. mailbox was deleted and unsubscribed. Moreover in dovecot.mailbox.log on A the following records appear: #480: delete-mailbox 3f3eb117a51c9a51d8280000f671379f (2013-05-20 14:54:40) #504: delete-dir f91e44cab57821aa456b525c7a2f1d7e (2013-05-20 14:54:40) #528: unsubscribe f91e44cab57821aa456b525c7a2f1d7e (2013-05-20 14:54:40) Subsequently I run 'doveadm sync -u test_mdbox -d'. It causes an entry for Thrash/x to reappear in subscriptions file on both servers and the following records are appended to dovecot.mailbox.log on B: #2112: delete-mailbox 3f3eb117a51c9a51d8280000f671379f (2013-05-20 14:55:49) #2136: delete-dir f91e44cab57821aa456b525c7a2f1d7e (2013-05-20 14:55:49) On A this record is added: #552: subscribe f91e44cab57821aa456b525c7a2f1d7e (2013-05-20 14:55:49) So, in described situation, dsync subscribes a mailbox on a server it was deleted on instead of unsubscribing it on the other one. -- Karol Jurak From tss at iki.fi Mon May 20 17:33:44 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 20 May 2013 17:33:44 +0300 Subject: [Dovecot] dsync-2.2.2 incorrectly synchronizes subscription status of deleted mailbox In-Reply-To: <519A2548.8000602@gmail.com> References: <519A2548.8000602@gmail.com> Message-ID: <1369060424.13573.73.camel@innu> On Mon, 2013-05-20 at 15:29 +0200, Karol Jurak wrote: > It seems that dsync-2.2.2 doesn't correctly synchronize subscription status > of a deleted mailbox. Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/9878986a028d (The fixed dsync protocol is still compatible with the old dsync, but the deleted mailbox subscription states aren't synced the same until both run new ones.) From tss at iki.fi Mon May 20 17:45:46 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 20 May 2013 17:45:46 +0300 Subject: [Dovecot] Linking mdbox directories In-Reply-To: <519A08C0.4080705@integrafin.co.uk> References: <519A0261.9@integrafin.co.uk> <519A08C0.4080705@integrafin.co.uk> Message-ID: <1369061146.13573.77.camel@innu> Yeah, that would work. Dovecot doesn't use absolute paths anywhere internally, except for dbox-alt-root symlink. If the alt root path changes, it logs a warning once, but other than that nothing breaks. Alternatively you could do this using dsync still with zero downtime. Basically treat it the same as user migration or mailbox format change, and afterwards delete the old user's mails (e.g. doveadm expunge -u user at domain mailbox '*' all) before rm -rfing the home dirs. http://wiki2.dovecot.org/Tools/Dsync#example_converting On Mon, 2013-05-20 at 12:28 +0100, Alex Crow wrote: > Just realised you can't hardlink directories. Given that (and forgetting > the "delete later" thing) would it work with a symlink? > > Thanks > > Alex > ----Original Message---- > *Subject:* [Dovecot] Linking mdbox directories > *From:* Alex Crow > *To:* dovecot at dovecot.org{ > *CC:* > }*Date:* Mon, 20 May 2013 12:00:49 +0100 > > > Hi Timo/list, > > > > We have a scenario in which some email accounts on dovecot (stored in > > mdbox, separate paths for indexes, email, ALT storage and also using > > SIS for attachments, LDAP directory) need their names changed. I know > > we could just change the mail LDAP attribute (and leave > > mailMessageStore alone) so they keep the same directories on disk, but > > this would throw a spanner in the works for our backups. > > > > Would it be possible to create a hard link of the user's directories > > under the new name, and change the LDAP mailMessageStore attribute to > > point to these without stopping and starting dovecot? And after a > > while unlink the original locations? Or would this mess up dovecot's > > internal state? > > > > Thanks > > > > Alex > > > > From shop at open-t.co.uk Mon May 20 18:12:25 2013 From: shop at open-t.co.uk (Sebastian Arcus) Date: Mon, 20 May 2013 16:12:25 +0100 Subject: [Dovecot] Sieve/pigeonhole with Exim and Dovecot LDA Message-ID: <519A3D59.5060300@open-t.co.uk> I am trying to configure my Dovecot installation to provide Vacation/Out-of-the-office emails using the Sieve plugin. My setup is a little bit peculiar: Internet Internet | ^ V | Provider's POP3 server Provider's SMTP server | ^ V | -------------- getmail | my server | | V | Dovecot LDA ---> Sieve/vacation -----> Exim | V Dovecot my server --------------- Sorry for the ASCII art above - I thought it would be quicker than trying to explain. The trouble I'm having is getting the Dovecot LDA to send successfully through the local exim instance out-of-office replies back to the provider's smtp server - when receiving fresh email from the provider (through getmail). Dovecot LDA tries to send the replies - but Exim freezes them because they don't contain the sender data in the format Exim wants it. Exim can either receive sender info: 1. On the command line, after the "-f" command line switch (but only when called by root or other users passed under "trusted_users" in exim.conf). 2. In the header of the email - in the "From:" field - but only, apparently, if it was called with the "-t" switch. Full exim command line documentation here: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html I can't figure out what command line options the Dovecot LDA is using when calling exim. I also couldn't find a way to get Dovecot LDA to pass extra options to exim, when trying to send email. The exim log has the following: 2013-05-20 15:35:15 1UeRBB-0001xc-Ar Frozen (message created with -f <>) I've inspected the frozen message - and it has the correct sender in the "From:" field - but it seems that exim isn't using that, because it wasn't called with the "-t" option. In dovecot.conf, I have the following for Dovecot LDA and sieve: protocols = imap sieve protocol lda { log_path = /var/log/dovecot/dovecot-deliver.log info_log_path = /var/log/dovecot/dovecot-deliver-info.log postmaster_address = admin at mydomain.co.uk hostname = mydomain.co.uk mail_plugins = sieve mail_plugin_dir = /usr/lib/dovecot sendmail_path = /usr/sbin/exim } service managesieve-login { inet_listener sieve { port = 4190 } } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } Dovecot LDA is called by getmail using the vmail user - and using the same user it is trying to call exim to deliver the out-of-office replies. I'm using Dovecot 2.2.1 with pigeonhole 0.4.0. I can post the rest of dovecot.conf if it would help. I've read through the stuff at dovecot.org - but all the Dovecot LDA and exim info refers to Exim passing email to Dovecot using Dovecot LDA - not Dovecot LDA sending email out using Exim. From tss at iki.fi Mon May 20 18:27:58 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 20 May 2013 18:27:58 +0300 Subject: [Dovecot] v2.2.2 + dsync version incompatibility Message-ID: <1369063678.13573.79.camel@innu> Looks like dsync v2.2.2 isn't fully compatible with earlier dsync versions, unless you add: http://hg.dovecot.org/dovecot-2.2/rev/e0156c479a12 From peter at jay.Phy.QueensU.CA Mon May 20 18:48:58 2013 From: peter at jay.Phy.QueensU.CA (Peter Skensved) Date: Mon, 20 May 2013 11:48:58 -0400 Subject: [Dovecot] Configure dovecot to provide SASL In-Reply-To: References: Message-ID: <20130520154858.GA14203@jay.Phy.QueensU.CA> > > > Am 19.05.2013 17:51, schrieb Peter Skensved: > > service auth { > > unix_listener /var/spool/postfix/private/auth { > > mode = 0666 > > } > > chmod 666 is always a very bad idea > > > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0660 > user = postfix > group = postfix > } > } > Thanks for the reply - - all the other sockets in /var/spool/postfix/private have mode 666 ( and the directory itself mode 700 ) but that is probably a question for the postfix list.... peter From shop at open-t.co.uk Mon May 20 19:02:44 2013 From: shop at open-t.co.uk (Sebastian Arcus) Date: Mon, 20 May 2013 17:02:44 +0100 Subject: [Dovecot] Sieve/pigeonhole with Exim and Dovecot LDA In-Reply-To: <519A3D59.5060300@open-t.co.uk> References: <519A3D59.5060300@open-t.co.uk> Message-ID: <519A4924.3080701@open-t.co.uk> On 20/05/13 16:12, Sebastian Arcus wrote: > I am trying to configure my Dovecot installation to provide > Vacation/Out-of-the-office emails using the Sieve plugin. My setup is a > little bit peculiar: > > > Internet Internet > | ^ > V | > Provider's POP3 server Provider's SMTP server > | ^ > V | -------------- > getmail | my server > | | > V | > Dovecot LDA ---> Sieve/vacation -----> Exim > | > V > Dovecot my server > --------------- > > > Sorry for the ASCII art above - I thought it would be quicker than > trying to explain. > > The trouble I'm having is getting the Dovecot LDA to send successfully > through the local exim instance out-of-office replies back to the > provider's smtp server - when receiving fresh email from the provider > (through getmail). Dovecot LDA tries to send the replies - but Exim > freezes them because they don't contain the sender data in the format > Exim wants it. Exim can either receive sender info: > > 1. On the command line, after the "-f" command line switch (but only > when called by root or other users passed under "trusted_users" in > exim.conf). > 2. In the header of the email - in the "From:" field - but only, > apparently, if it was called with the "-t" switch. Full exim command > line documentation here: > http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html > > > I can't figure out what command line options the Dovecot LDA is using > when calling exim. I also couldn't find a way to get Dovecot LDA to pass > extra options to exim, when trying to send email. The exim log has the > following: > > 2013-05-20 15:35:15 1UeRBB-0001xc-Ar Frozen (message created with -f <>) > > I've inspected the frozen message - and it has the correct sender in the > "From:" field - but it seems that exim isn't using that, because it > wasn't called with the "-t" option. > > In dovecot.conf, I have the following for Dovecot LDA and sieve: > > protocols = imap sieve > > protocol lda { > log_path = /var/log/dovecot/dovecot-deliver.log > info_log_path = /var/log/dovecot/dovecot-deliver-info.log > postmaster_address = admin at mydomain.co.uk > hostname = mydomain.co.uk > mail_plugins = sieve > mail_plugin_dir = /usr/lib/dovecot > sendmail_path = /usr/sbin/exim > } > > service managesieve-login { > inet_listener sieve { > port = 4190 > } > } > > plugin { > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > > Dovecot LDA is called by getmail using the vmail user - and using the > same user it is trying to call exim to deliver the out-of-office replies. > > I'm using Dovecot 2.2.1 with pigeonhole 0.4.0. > > I can post the rest of dovecot.conf if it would help. I've read through > the stuff at dovecot.org - but all the Dovecot LDA and exim info refers > to Exim passing email to Dovecot using Dovecot LDA - not Dovecot LDA > sending email out using Exim. I have done a bit more testing, and it seems Dovecot LDA uses the following command options when sending out email through Exim: exim -i -f <> -- recipient at address.com The problem with the above is that it sets an empty address for the "Sender" field in the message envelope. The message "From" header is set correctly - but the envelope "Sender" field is empty. As I use exim in smart relay mode, exim can only use the "Sender" field from the envelope to authenticate against the provider's SMTP server (Exim doesn't seem to have any variable expansion for the "From" field in the header to be used during SMTP authentication) - thus the authentication fails and the message can't go away. From gedalya at gedalya.net Mon May 20 19:12:29 2013 From: gedalya at gedalya.net (Gedalya) Date: Mon, 20 May 2013 12:12:29 -0400 Subject: [Dovecot] Sieve/pigeonhole with Exim and Dovecot LDA In-Reply-To: <519A4924.3080701@open-t.co.uk> References: <519A3D59.5060300@open-t.co.uk> <519A4924.3080701@open-t.co.uk> Message-ID: <519A4B6D.4090404@gedalya.net> On 05/20/2013 12:02 PM, Sebastian Arcus wrote: > Exim doesn't seem to have any variable expansion for the "From" field If using the From header actually makes sense to you... then see $h_
at http://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html, you probably want to restrict the usage of this as much as possible. The envelope sender must be empty for bounces and auto-replies, pretty good article here: https://github.com/Exim/exim/wiki/EximAutoReply Later I'll read through your whole message again and maybe I'll come up with something more concrete and detailed.. From stephan at rename-it.nl Mon May 20 22:21:50 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 20 May 2013 21:21:50 +0200 Subject: [Dovecot] Pigeonhole: extprograms - pipe In-Reply-To: <5197F887.2090000@rename-it.nl> References: <20130517220500.GP52079@anubis.morrow.me.uk> <5197F887.2090000@rename-it.nl> Message-ID: <519A77CE.8020401@rename-it.nl> On 5/18/2013 11:54 PM, Stephan Bosch wrote: > On 5/18/2013 9:58 AM, Anes Mukhametov wrote: >> No result: >> >> [root at backend1 scripts]# cat spam.sh >> #!/bin/bash >> >> cat > /dev/null >> >> exit 0 >> [root at backend1 scripts]# >> >> In the log: May 17 22:42:56 backend1 dovecot: script: Error: >> write(response) failed: Broken pipe >> >> :( > > I must say I haven't tested the use of the script service in a while > and it is not part of the test suite. I've tried it at my end and I > can reproduce the error. > > I'll look at this more thoroughly tomorrow. This should fix it: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/d4e9ca7fddcf Regards, Stephan. From shop at open-t.co.uk Tue May 21 00:13:33 2013 From: shop at open-t.co.uk (Sebastian Arcus) Date: Mon, 20 May 2013 22:13:33 +0100 Subject: [Dovecot] Sieve/pigeonhole with Exim and Dovecot LDA In-Reply-To: <519A4B6D.4090404@gedalya.net> References: <519A3D59.5060300@open-t.co.uk> <519A4924.3080701@open-t.co.uk> <519A4B6D.4090404@gedalya.net> Message-ID: <519A91FD.1010009@open-t.co.uk> On 20/05/13 17:12, Gedalya wrote: > On 05/20/2013 12:02 PM, Sebastian Arcus wrote: >> Exim doesn't seem to have any variable expansion for the "From" field > > If using the From header actually makes sense to you... then see > $h_
at > http://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html, > you probably want to restrict the usage of this as much as possible. > The envelope sender must be empty for bounces and auto-replies, pretty > good article here: https://github.com/Exim/exim/wiki/EximAutoReply > Later I'll read through your whole message again and maybe I'll come up > with something more concrete and detailed.. Thanks for that. I've just tried using $header_from: in my exim authenticator in client mode when talking to the provider's SMTP server in smart relay mode (instead of $sender_address) - but for some strange reason it just won't work. I've poured over the exim logs in debug mode - and so far I can't make sense of what is happening. I'll try some more to figure it out and get it working. From gedalya at gedalya.net Tue May 21 01:40:16 2013 From: gedalya at gedalya.net (Gedalya) Date: Mon, 20 May 2013 18:40:16 -0400 Subject: [Dovecot] Sieve/pigeonhole with Exim and Dovecot LDA In-Reply-To: <519A91FD.1010009@open-t.co.uk> References: <519A3D59.5060300@open-t.co.uk> <519A4924.3080701@open-t.co.uk> <519A4B6D.4090404@gedalya.net> <519A91FD.1010009@open-t.co.uk> Message-ID: <519AA650.4090206@gedalya.net> On 05/20/2013 05:13 PM, Sebastian Arcus wrote: > On 20/05/13 17:12, Gedalya wrote: >> On 05/20/2013 12:02 PM, Sebastian Arcus wrote: >>> Exim doesn't seem to have any variable expansion for the "From" field >> >> If using the From header actually makes sense to you... then see >> $h_
at >> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html, >> >> you probably want to restrict the usage of this as much as possible. >> The envelope sender must be empty for bounces and auto-replies, pretty >> good article here: https://github.com/Exim/exim/wiki/EximAutoReply >> Later I'll read through your whole message again and maybe I'll come up >> with something more concrete and detailed.. > > Thanks for that. I've just tried using $header_from: in my exim > authenticator in client mode when talking to the provider's SMTP > server in smart relay mode (instead of $sender_address) - but for some > strange reason it just won't work. I've poured over the exim logs in > debug mode - and so far I can't make sense of what is happening. I'll > try some more to figure it out and get it working. > > OK, now I had some more time to look at your situation. We can ask, do you really need the sender? How do you use it? You're trying to authenticate using the sender, do you have the passwords in a lookup file? Perhaps this can be a good idea: set up a special authenticator with: client_condition = ${if match_ip{$sender_host_address}{:@[]}{1}{0}} so that it can only be used for locally submitted messages (this _should_ work, test it), and statically configure it with credentials that would work with your upstream SMTP server? Either way, you shouldn't have an authenticator that would trust the From: header and do something with it, unless the situation is very tightly controlled. You probably want to put more restrictions there to make sure this works only when intended, i.e. dovecot autoreplies. Now, as for $header_from, first of all, it's "$header_from:", with the colon in the end. Yea, I know. Secondly, I have no idea if it would be available in an authenticator. Consider that an authenticator is not really something that is related to processing an individual message. One thing is for sure, you would need to set connection_max_messages = 1 in the smtp transport which would be handling these messages. I know that that helps to make $sender_address available in the authenticator, try your luck with $h_from: or try to pass that data in somehow, ACL variables or something, let me know how that goes - I'm curious, but if you need further help you should probably ask on the exim-users mailing list (and point me at the thread ;-)) From shop at open-t.co.uk Tue May 21 02:37:49 2013 From: shop at open-t.co.uk (Sebastian Arcus) Date: Tue, 21 May 2013 00:37:49 +0100 Subject: [Dovecot] Sieve/pigeonhole with Exim and Dovecot LDA In-Reply-To: <519AA650.4090206@gedalya.net> References: <519A3D59.5060300@open-t.co.uk> <519A4924.3080701@open-t.co.uk> <519A4B6D.4090404@gedalya.net> <519A91FD.1010009@open-t.co.uk> <519AA650.4090206@gedalya.net> Message-ID: <519AB3CD.2050709@open-t.co.uk> On 20/05/13 23:40, Gedalya wrote: > On 05/20/2013 05:13 PM, Sebastian Arcus wrote: >> On 20/05/13 17:12, Gedalya wrote: >>> On 05/20/2013 12:02 PM, Sebastian Arcus wrote: >>>> Exim doesn't seem to have any variable expansion for the "From" field >>> >>> If using the From header actually makes sense to you... then see >>> $h_
at >>> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html, >>> >>> you probably want to restrict the usage of this as much as possible. >>> The envelope sender must be empty for bounces and auto-replies, pretty >>> good article here: https://github.com/Exim/exim/wiki/EximAutoReply >>> Later I'll read through your whole message again and maybe I'll come up >>> with something more concrete and detailed.. >> >> Thanks for that. I've just tried using $header_from: in my exim >> authenticator in client mode when talking to the provider's SMTP >> server in smart relay mode (instead of $sender_address) - but for some >> strange reason it just won't work. I've poured over the exim logs in >> debug mode - and so far I can't make sense of what is happening. I'll >> try some more to figure it out and get it working. >> >> > > OK, now I had some more time to look at your situation. > We can ask, do you really need the sender? How do you use it? You're > trying to authenticate using the sender, do you have the passwords in a > lookup file? Yes - they are in a lookup file. > Perhaps this can be a good idea: set up a special authenticator with: > client_condition = ${if match_ip{$sender_host_address}{:@[]}{1}{0}} > so that it can only be used for locally submitted messages (this > _should_ work, test it), and statically configure it with credentials > that would work with your upstream SMTP server? This is what I'm using at the moment to authenticate against the provider's SMTP server (upstream) in smtp smart relay mode: fixed_plain_client: driver = plaintext public_name = PLAIN client_send = ^$sender_address^${lookup{$sender_address}\ lsearch{/etc/exim/exim-client.passwd}{$value}{fail}} > Either way, you shouldn't have an authenticator that would trust the > From: header and do something with it, unless the situation is very > tightly controlled. You probably want to put more restrictions there to > make sure this works only when intended, i.e. dovecot autoreplies. I only have internal lan clients connecting to this server - and even if, for any reason which I can't think at the moment - they would want to pass a fake "From:" header - it would be useless without passing the right password that goes with it. > > Now, as for $header_from, first of all, it's "$header_from:", with the > colon in the end. Yes - I've tried it with the colon. Yea, I know. > Secondly, I have no idea if it would be available in an authenticator. I just tried it again, with debugging on, and I get the following: 212.227.15.163 in hosts_try_auth? yes (matched "auth.smtp.1and1.co.uk") scanning authentication mechanisms SMTP>> AUTH PLAIN ************************************ tls_do_write(bfac815f, 49) SSL_write(SSL, bfac815f, 49) outbytes=49 error=0 waiting for data on socket Calling SSL_read(8109288, bfac855f, 4096) read response data: size=37 SMTP<< 535 no password in decoded response fixed_plain_client authenticator yielded 2 LOG: MAIN fixed_plain_client authenticator failed H=auth.smtp.1and1.co.uk [212.227.15.163] 535 no password in decoded response I don't think header_from: is available during authentication - or something else is happening which is escaping me right now. > Consider that an authenticator is not really something that is related > to processing an individual message. > One thing is for sure, you would need to set connection_max_messages = 1 > in the smtp transport which would be handling these messages. That's an interesting one. I've been running several sites for a few years now with exim in smart relay - without connection_max_messages = 1 - and had no problems so far. Maybe it's because only few lan clients are involved - or I've been lucky so far :-) I know > that that helps to make $sender_address available in the authenticator, > try your luck with $h_from: or try to pass that data in somehow, ACL > variables or something, let me know how that goes - I'm curious, but if > you need further help you should probably ask on the exim-users mailing > list (and point me at the thread ;-)) I think I'll have to do that. Thanks again for all the suggestions. From gedalya at gedalya.net Tue May 21 03:38:28 2013 From: gedalya at gedalya.net (Gedalya) Date: Mon, 20 May 2013 20:38:28 -0400 Subject: [Dovecot] Sieve/pigeonhole with Exim and Dovecot LDA In-Reply-To: <519AB3CD.2050709@open-t.co.uk> References: <519A3D59.5060300@open-t.co.uk> <519A4924.3080701@open-t.co.uk> <519A4B6D.4090404@gedalya.net> <519A91FD.1010009@open-t.co.uk> <519AA650.4090206@gedalya.net> <519AB3CD.2050709@open-t.co.uk> Message-ID: <519AC204.1080602@gedalya.net> On 05/20/2013 07:37 PM, Sebastian Arcus wrote: > > That's an interesting one. I've been running several sites for a few > years now with exim in smart relay - without connection_max_messages = > 1 - and had no problems so far. Maybe it's because only few lan > clients are involved - or I've been lucky so far :-) The point is that the transport, and then in turn the authenticator are meant to potentially process more than one message in a single connection. What is the meaning of $sender_address or $header_*? The sender of which message? The headers from which message? If you do anything message-specific at this stage, you need to set this so only one message is sent per connection, so that message-specific variables can be meaningful. From bushurui at gmail.com Tue May 21 04:39:11 2013 From: bushurui at gmail.com (Bu Xiaobing) Date: Tue, 21 May 2013 09:39:11 +0800 Subject: [Dovecot] How to configure ssl cert chain in dovecot 10-ssl.conf file In-Reply-To: <51974E6B.9060206@gedalya.net> References: <51974481.8060700@gmail.com> <51974E6B.9060206@gedalya.net> Message-ID: <519AD03F.8060407@gmail.com> Gedalya, Thanks for your reply, it works now, and finally I find it was the format problem, there should been a return between there cert files when cat into one single file. On 2013-5-18 17:48, Gedalya wrote: > On 05/18/2013 05:06 AM, Bu Xiaobing wrote: >> I even cat mail.mymailserver.com.crt sub.class1.server.ca.pem certs/dovecot/ca.pem into one singe file, and define ssl_cert = < /path/to/the/singcertfile.pem, but it doesn't work too. > That should be the correct way, but I think there shouldn't be a space > after the < character. > What exactly is the error you are getting? > > You can troubleshoot with openssl s_client, this is from my server: > > $ openssl s_client -connect 192.168.xxx.xxx:143 -starttls imap -CApath > /etc/ssl/certs > CONNECTED(00000003) > depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate > Signing, CN = StartCom Certification Authority > verify return:1 > depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate > Signing, CN = StartCom Class 1 Primary Intermediate Server CA > verify return:1 > depth=0 description = 7t3YlXVfb6bVQ2pp, C = US, CN = mail.gedalya.net, > emailAddress = ______ at gedalya.net > verify return:1 > --- > Certificate chain > 0 > s:/description=7t3YlXVfb6bVQ2pp/C=US/CN=mail.gedalya.net/emailAddress=postmaster at gedalya.net > i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Class 1 Primary Intermediate Server CA > 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Class 1 Primary Intermediate Server CA > i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > --- > From gedalya at gedalya.net Tue May 21 04:41:03 2013 From: gedalya at gedalya.net (Gedalya) Date: Mon, 20 May 2013 21:41:03 -0400 Subject: [Dovecot] How to configure ssl cert chain in dovecot 10-ssl.conf file In-Reply-To: <519AD03F.8060407@gmail.com> References: <51974481.8060700@gmail.com> <51974E6B.9060206@gedalya.net> <519AD03F.8060407@gmail.com> Message-ID: <519AD0AF.7080709@gedalya.net> Interesting. Technically, every line of text should end with a newline. Your files had the last line of text unterminated - that's the kind of thing Windows text editors do. On 05/20/2013 09:39 PM, Bu Xiaobing wrote: > Gedalya, > > Thanks for your reply, it works now, and finally I find it was the format problem, there should been a return between there cert files when cat into one single file. > > On 2013-5-18 17:48, Gedalya wrote: >> On 05/18/2013 05:06 AM, Bu Xiaobing wrote: >>> I even cat mail.mymailserver.com.crt sub.class1.server.ca.pem certs/dovecot/ca.pem into one singe file, and define ssl_cert = < /path/to/the/singcertfile.pem, but it doesn't work too. >> That should be the correct way, but I think there shouldn't be a space >> after the < character. >> What exactly is the error you are getting? >> >> You can troubleshoot with openssl s_client, this is from my server: >> >> $ openssl s_client -connect 192.168.xxx.xxx:143 -starttls imap -CApath >> /etc/ssl/certs >> CONNECTED(00000003) >> depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate >> Signing, CN = StartCom Certification Authority >> verify return:1 >> depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate >> Signing, CN = StartCom Class 1 Primary Intermediate Server CA >> verify return:1 >> depth=0 description = 7t3YlXVfb6bVQ2pp, C = US, CN = mail.gedalya.net, >> emailAddress = ______ at gedalya.net >> verify return:1 >> --- >> Certificate chain >> 0 >> s:/description=7t3YlXVfb6bVQ2pp/C=US/CN=mail.gedalya.net/emailAddress=postmaster at gedalya.net >> i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Class 1 Primary Intermediate Server CA >> 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Class 1 Primary Intermediate Server CA >> i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Certification Authority >> 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Certification Authority >> i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Certification Authority >> --- >> From ben at morrow.me.uk Tue May 21 05:16:33 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Tue, 21 May 2013 03:16:33 +0100 Subject: [Dovecot] Configure dovecot to provide SASL authentication In-Reply-To: <5198F735.3020901@thelounge.net> References: <20130519155112.GA13134@jay.Phy.QueensU.CA> <5198F735.3020901@thelounge.net> Message-ID: <20130521021632.GQ52079@anubis.morrow.me.uk> At 6PM +0200 on 19/05/13 you (Reindl Harald) wrote: > > > Am 19.05.2013 17:51, schrieb Peter Skensved: > > service auth { > > unix_listener /var/spool/postfix/private/auth { > > mode = 0666 > > } > > chmod 666 is always a very bad idea While I would agree with you in principle, the documentation (http://wiki2.dovecot.org/Services#auth) actually says client: Only SASL authentication is allowed. This can be safely exposed to entire world. Given that the SASL auth service will eventually be exposed to untrusted users via SMTP, the only additional risk from making this socket world-readable is that (AFAIK, at least) there is no rate-limiting. This makes the socket a password oracle, which can by used be any local user with access to the socket to mount a dictionary attack. However, given again that the permissions on /var/spool/postfix/private should be 0700 postfix:wheel, and that (again AFAIK) all modern systems check the permissions on the full path when connecting to a Unix-domain socket, it doesn't actually matter what the permissions on the socket are as long as postfix can connect, so 0666 is in this case entirely safe. Ben From slusarz at curecanti.org Tue May 21 09:40:50 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Tue, 21 May 2013 00:40:50 -0600 Subject: [Dovecot] CATENATE/literal8 issue Message-ID: <20130521004050.Horde.ROP9wTEW3YVpVCORD9AVvQ1@bigworm.curecanti.org> Using 2.2.2, I see this: C: 6 APPEND "INBOX" (\seen) "16-May-2013 22:05:14 -0600" CATENATE (URL "/INBOX;UIDVALIDITY=1255685337/;UID=48812/;SECTION=HEADER" TEXT ~{40} S: 6 NO [UNKNOWN-CTE] Binary input allowed only when the first part is binary. Why is there this limitation? It seems to me that CATENATE is confusing the content-type encoding of the data/part itself with the encoding of the IMAP literal. A literal 8 is nothing more than a series of OCTET's that *may* contain nulls, but not necessarily. i.e., in the above example the 40 octets of data are US-ASCII text, which is perfectly acceptable to send as a literal8. (Client rationale: If BINARY exists on the server, we don't bother to scan IMAP literal's for null data -- we just send them as literal8's. It's an optimization that I would hate to get rid of.) michael From shop at open-t.co.uk Tue May 21 10:54:15 2013 From: shop at open-t.co.uk (Sebastian Arcus) Date: Tue, 21 May 2013 08:54:15 +0100 Subject: [Dovecot] Sieve/pigeonhole with Exim and Dovecot LDA In-Reply-To: <519AC204.1080602@gedalya.net> References: <519A3D59.5060300@open-t.co.uk> <519A4924.3080701@open-t.co.uk> <519A4B6D.4090404@gedalya.net> <519A91FD.1010009@open-t.co.uk> <519AA650.4090206@gedalya.net> <519AB3CD.2050709@open-t.co.uk> <519AC204.1080602@gedalya.net> Message-ID: <519B2827.1010009@open-t.co.uk> On 21/05/13 01:38, Gedalya wrote: > On 05/20/2013 07:37 PM, Sebastian Arcus wrote: >> >> That's an interesting one. I've been running several sites for a few >> years now with exim in smart relay - without connection_max_messages = >> 1 - and had no problems so far. Maybe it's because only few lan >> clients are involved - or I've been lucky so far :-) > > The point is that the transport, and then in turn the authenticator are > meant to potentially process more than one message in a single > connection. What is the meaning of $sender_address or $header_*? The > sender of which message? The headers from which message? > If you do anything message-specific at this stage, you need to set this > so only one message is sent per connection, so that message-specific > variables can be meaningful. That makes sense - I was just surprised it hasn't bitten me in the back so far. I'll amend the configs to process one message at a time in the future. I can only assume so far it was using the sender address of the first message to be processed? From hajo.locke at gmx.de Tue May 21 11:49:02 2013 From: hajo.locke at gmx.de (Hajo Locke) Date: Tue, 21 May 2013 10:49:02 +0200 Subject: [Dovecot] Outlook 2013 - mounting folders with XLIST Message-ID: Hello, >> i do some tests with dovecot 2.1.7 and activated a default special-use >> config. To get it work with outlook 2013, i also added XLIST to imap >> capability string. basically this is working. >> >> is somebody also using special-use folders successful with outlook 2013? > yes, testet a few times, works fine, without Junk folder , cause > outlook wants this handled by it own, but i ve seen reg patches to > change this My serverside setup now is completed. I did a lot of tests last weeks and experienced some strange behaviour of some clients. Outlook 2013 is only working when adding XLIST manually to imap_capability imap_capability = +XLIST This is because outlook 2013 not supports rfc 6154 but the deprecated XLIST standard invented by google. So the problem with junkfolder is not a bug in Outlook 2013, in rfc 6154 spamfolder is tagged by \Junk, in XLIST standard \Spam is used. I did see that when using a gmailaccount in outlook 2013. Adding XLIST capability to dovecot seems to be a problem for other Clients. k9 is able to work with rfc 6154 servers. But if k9 finds XLIST and SPECIAL-USE together in capabilitystring it seems to prefer XLIST requests. Because of dovecot is accepting XLIST requests, but outputs rfc 6154 details, k9 seems to be confused and dont finds special Folders. rfc 6154 is similar but not identical to XLIST. If you dont test with really individual foldernames, you get tricked by clients behaviour. I looked around and the most imap-servers of hosting companies etc. provide XLIST feature, Special-USE unfortunately only a few. So i did now some changes to dovecot sources on my own. I added \Spam as allowed special-use attribute and created a new function for XLIST Requests. So if XLIST is requested, Clients gets lines of output with XLIST and \Junk is replaced with \Spam. So all is done in the code and i dont need to change my userdb-config. Testing this server with different clients was successful. All of them did find their special folders and worked fine, outlook 2013 also finds spamfolder now. So this changes contribute to consolidate a deprecated standard but i have to find a way where all users can benefit from new features. This is not a request to change something in dovecot, this is a call to decision makers to support one rfc Standard. Hajo From tss at iki.fi Tue May 21 13:24:07 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 21 May 2013 13:24:07 +0300 Subject: [Dovecot] CATENATE/literal8 issue In-Reply-To: <20130521004050.Horde.ROP9wTEW3YVpVCORD9AVvQ1@bigworm.curecanti.org> References: <20130521004050.Horde.ROP9wTEW3YVpVCORD9AVvQ1@bigworm.curecanti.org> Message-ID: <92A4F02B-84E1-4E64-AE66-32B67DAF3936@iki.fi> On 21.5.2013, at 9.40, Michael M Slusarz wrote: > Using 2.2.2, I see this: > > C: 6 APPEND "INBOX" (\seen) "16-May-2013 22:05:14 -0600" CATENATE (URL "/INBOX;UIDVALIDITY=1255685337/;UID=48812/;SECTION=HEADER" TEXT ~{40} > S: 6 NO [UNKNOWN-CTE] Binary input allowed only when the first part is binary. > > Why is there this limitation? It seems to me that CATENATE is confusing the content-type encoding of the data/part itself with the encoding of the IMAP literal. > > A literal 8 is nothing more than a series of OCTET's that *may* contain nulls, but not necessarily. i.e., in the above example the 40 octets of data are US-ASCII text, which is perfectly acceptable to send as a literal8. (Client rationale: If BINARY exists on the server, we don't bother to scan IMAP literal's for null data -- we just send them as literal8's. It's an optimization that I would hate to get rid of.) Well, the problem is that if it does contain NULs, the MIME part needs to be converted to something that doesn't. And to do that it needs to modify the previous header, which with current code was already read.. So to fix that it would need to read the whole message into a temporary file before actually saving it, which makes performance worse for the normal case.. Or are you saying that the error is fine if the text contains NULs, but simply should be allowed as long as it doesn't? From Lutz.Pressler at SerNet.DE Tue May 21 14:41:53 2013 From: Lutz.Pressler at SerNet.DE (Lutz =?iso-8859-1?Q?Pre=DFler?=) Date: Tue, 21 May 2013 13:41:53 +0200 Subject: [Dovecot] search and UTF-8 normalization forms (NFD) In-Reply-To: References: <730F760C-FC67-42C0-8405-770114D27063@iki.fi> <518CF527.3010705@babelmonkeys.de> <518E6032.8000304@babelmonkeys.de> Message-ID: On Mi, 15 Mai 2013, Timo Sirainen wrote: > On 11.5.2013, at 18.13, Florian Zeitz wrote: > > So... I had a look at this. Turns out that the current implementation of > > Unicode decomposition (Step 2(b) in i;unicode-casemap) in Dovecot is > > broken. It only handles decomposition properties that include a tag. > > I've attached a hg export that fixes this. > > Thanks, added to v2.1 and v2.2 hg. > Thanks, but there seems to be still a problem left. Sender search yields all Kr?ger mails without fts_lucene. But with fts_lucene enabled - and files in lucene-indexes/ existing - it's not. (If I delete the lucene-index files and search for sender, result is correct - but only until they are recreated.) Lutz From karol.jurak at gmail.com Tue May 21 16:58:09 2013 From: karol.jurak at gmail.com (Karol Jurak) Date: Tue, 21 May 2013 15:58:09 +0200 Subject: [Dovecot] dsync-2.2.2 incorrectly synchronizes subscription status of deleted mailbox In-Reply-To: <1369060424.13573.73.camel@innu> References: <519A2548.8000602@gmail.com> <1369060424.13573.73.camel@innu> Message-ID: ** On Monday 20 of May 2013 17:33:44 Timo Sirainen wrote: > On Mon, 2013-05-20 at 15:29 +0200, Karol Jurak wrote: > > It seems that dsync-2.2.2 doesn't correctly synchronize subscription > > status of a deleted mailbox. > > Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/9878986a028d I performed the test and subscription state of a deleted mailbox is still incorrectly synchronized: the mailbox is being subscribed on the first server (the one it was originally deleted on) instead of being unsubscribed on the other. One thing changed however: a subsequent attempt to unsubscribe this mailbox on the first server is now correctly synchronized. Previously every attempt to unsubscribe a nonexistent mailbox was being reverted by dsync. -- Karol Jurak From slusarz at curecanti.org Tue May 21 21:24:36 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Tue, 21 May 2013 12:24:36 -0600 Subject: [Dovecot] CATENATE/literal8 issue In-Reply-To: <92A4F02B-84E1-4E64-AE66-32B67DAF3936@iki.fi> References: <20130521004050.Horde.ROP9wTEW3YVpVCORD9AVvQ1@bigworm.curecanti.org> <92A4F02B-84E1-4E64-AE66-32B67DAF3936@iki.fi> Message-ID: <20130521122436.Horde.yx8dh87QiDQVd6pQsTmvLw1@bigworm.curecanti.org> Quoting Timo Sirainen : > On 21.5.2013, at 9.40, Michael M Slusarz wrote: > >> Using 2.2.2, I see this: >> >> C: 6 APPEND "INBOX" (\seen) "16-May-2013 22:05:14 -0600" CATENATE >> (URL "/INBOX;UIDVALIDITY=1255685337/;UID=48812/;SECTION=HEADER" >> TEXT ~{40} >> S: 6 NO [UNKNOWN-CTE] Binary input allowed only when the first part >> is binary. >> >> Why is there this limitation? It seems to me that CATENATE is >> confusing the content-type encoding of the data/part itself with >> the encoding of the IMAP literal. >> >> A literal 8 is nothing more than a series of OCTET's that *may* >> contain nulls, but not necessarily. i.e., in the above example the >> 40 octets of data are US-ASCII text, which is perfectly acceptable >> to send as a literal8. (Client rationale: If BINARY exists on the >> server, we don't bother to scan IMAP literal's for null data -- we >> just send them as literal8's. It's an optimization that I would >> hate to get rid of.) > > Well, the problem is that if it does contain NULs, the MIME part > needs to be converted to something that doesn't. And to do that it > needs to modify the previous header, which with current code was > already read.. Is altering the header something that BINARY/CATENATE is allowed to do? Especially regarding the header. I know there is language about the server changing the CTE, but this is potentially troubling since cryptographic signatures may rely on the header text. Changing things will break the message. I can see the server altering the body text to match the header. But I think the reverse is bothersome. > Or are you saying that the error is fine if the text contains NULs, > but simply should be allowed as long as it doesn't? This. As mentioned before, it seems the code is simply assuming that the text part contains NULs without ever checking it. My reading of the literal8 is that there is no requirement that NULs MUST exist in the string. In our code, the append data is often from code that the IMAP library doesn't have access to. So at APPEND time, it is unaware whether the data contains NUL or not - it just has a blob of data and a length. If BINARY exists, it is much easier for us to simply send as literal8 and stream the data - no extra overhead is needed on our side. Since each individual byte need to be handled by the server as it comes in, it seems much more efficient to do NUL checking there. michael From tss at iki.fi Tue May 21 21:43:17 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 21 May 2013 21:43:17 +0300 Subject: [Dovecot] CATENATE/literal8 issue In-Reply-To: <20130521122436.Horde.yx8dh87QiDQVd6pQsTmvLw1@bigworm.curecanti.org> References: <20130521004050.Horde.ROP9wTEW3YVpVCORD9AVvQ1@bigworm.curecanti.org> <92A4F02B-84E1-4E64-AE66-32B67DAF3936@iki.fi> <20130521122436.Horde.yx8dh87QiDQVd6pQsTmvLw1@bigworm.curecanti.org> Message-ID: <53BC2E19-3AEC-4E14-8AC1-7A97885D9E84@iki.fi> On 21.5.2013, at 21.24, Michael M Slusarz wrote: >> Or are you saying that the error is fine if the text contains NULs, but simply should be allowed as long as it doesn't? > > This. As mentioned before, it seems the code is simply assuming that the text part contains NULs without ever checking it. My reading of the literal8 is that there is no requirement that NULs MUST exist in the string. > > In our code, the append data is often from code that the IMAP library doesn't have access to. So at APPEND time, it is unaware whether the data contains NUL or not - it just has a blob of data and a length. If BINARY exists, it is much easier for us to simply send as literal8 and stream the data - no extra overhead is needed on our side. Since each individual byte need to be handled by the server as it comes in, it seems much more efficient to do NUL checking there. It's not just about NUL. It's also about if plain LFs can be converted to CRLFs. Anyway .. the BINARY APPEND converts only the MIME parts that you send with "Content-Transfer-Encoding: binary". Are you sending such header to Dovecot? If not, there's actually no difference to a regular APPEND from Dovecot's point of view (I think). If a non-binary MIME part contains NUL, what is Dovecot supposed to do? Change it to some other character? Fail the APPEND? Should there be a difference between how literal vs literal8 is handled in such case? From slusarz at curecanti.org Tue May 21 22:04:13 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Tue, 21 May 2013 13:04:13 -0600 Subject: [Dovecot] CATENATE/literal8 issue In-Reply-To: <53BC2E19-3AEC-4E14-8AC1-7A97885D9E84@iki.fi> References: <20130521004050.Horde.ROP9wTEW3YVpVCORD9AVvQ1@bigworm.curecanti.org> <92A4F02B-84E1-4E64-AE66-32B67DAF3936@iki.fi> <20130521122436.Horde.yx8dh87QiDQVd6pQsTmvLw1@bigworm.curecanti.org> <53BC2E19-3AEC-4E14-8AC1-7A97885D9E84@iki.fi> Message-ID: <20130521130413.Horde.XgF5Kh32KHLili-OF5W8dg2@bigworm.curecanti.org> Quoting Timo Sirainen : > Anyway .. the BINARY APPEND converts only the MIME parts that you > send with "Content-Transfer-Encoding: binary". Are you sending such > header to Dovecot? I don't think so. I noticed the CATENATE error when I was stripping a simple text/html part out of a multipart/alternative message. The "master" message header has a single MIME header: Content-Type: multipart/alternative; boundary="----WPFVNCCY4GPWDK6HNJXHWWE7J94BSS" For the record, here's the entire transaction, along with the fallback APPEND w/out using literal8 that was successful on the identical data: C: 6 APPEND "INBOX" (\seen) "16-May-2013 22:05:14 -0600" CATENATE (URL "/INBOX;UIDVALIDITY=1255685337/;UID=48812/;SECTION=HEADER" TEXT ~{40} S: 6 NO [UNKNOWN-CTE] Binary input allowed only when the first part is binary. C: 8 APPEND "INBOX" (\seen) "16-May-2013 22:05:14 -0600" CATENATE (URL "/INBOX;UIDVALIDITY=1255685337/;UID=48812/;SECTION=HEADER" TEXT {40+} C: [LITERAL DATA: 40 bytes] C: URL "/INBOX;UIDVALIDITY=1255685337/;UID=48812/;SECTION=1.MIME" URL "/INBOX;UIDVALIDITY=1255685337/;UID=48812/;SECTION=1" TEXT {40+} C: [LITERAL DATA: 40 bytes] C: TEXT {113+} C: [LITERAL DATA: 113 bytes] C: TEXT {42+} C: [LITERAL DATA: 42 bytes] C: ) S: 8 OK [APPENDUID 1255685337 48885] Append completed. > If a non-binary MIME part contains NUL, what is Dovecot supposed to > do? Change it to some other character? Fail the APPEND? Should there > be a difference between how literal vs literal8 is handled in such > case? I would say there is no doubt: fail the APPEND. It should be the client's responsibility to correctly format the data. I appreciate that Dovecot does its best to try to Do The Right Thing (Cyrus is much stricter about input, for example). But at some point us client authors have to be at least somewhat competent, and it is not asking to much for us to accept that GIGO. michael From jim at packetalk.net Wed May 22 01:23:16 2013 From: jim at packetalk.net (Jim McNamara) Date: Tue, 21 May 2013 18:23:16 -0400 Subject: [Dovecot] Dovecot 2.2.1 LDA and sieve (lack of) errors In-Reply-To: <51980F90.9050204@packetalk.net> References: <5197968A.6040209@packetalk.net> <5197F411.7010308@rename-it.nl> <51980F90.9050204@packetalk.net> Message-ID: <519BF3D4.9080905@packetalk.net> On 05/18/2013 07:32 PM, Jim McNamara wrote: > On 05/18/2013 05:35 PM, Stephan Bosch wrote: > Now this is interesting - I do have Pigeonhole and sieve enabled > according to doveconf -n, but the only mention of sieve is as a > subdirectory of the user's home, no mention of the sieve module at > all. I do see that Pigeonhole 0.4.0 is enabled. Also, there have only > been 0 mentions of lda in the current dovecot log, and that log is 6 > hours old. > > I'll try running dovecot-lda manually after checking out the man page. > > Thanks again for the help! > > > Turns out again it was a qmail issue - the dovecot logs didn't contain any sieve info because for my install's point of view, sieving was the last step of qmail send, so there was a subdirectory of difference. Here's the massive verbose log of one message, you see the plugin loaded and everything is finally behaving. Thanks again for the help and insight Stephan, I appreciate your time. If you're in NYC sometime, I owe you a drink! 2013-05-21 08:20:40.761051500 delivery 129452: success: May_21_08:20:40_lda:_Debug:_Loading_modules_from_directory:_/usr/local/lib/dovecot/May_21_08:20:40_lda:_Debug:_Module_loaded:_/usr/local/lib/dovecot/lib10_quota_plugin.so/May_21_08:20:40_lda:_Debug:_Module_loaded:_/usr/local/lib/dovecot/lib90_sieve_plugin.so/May_21_08:20:40_lda:_Debug:_auth_input:_jim at domain.com_uid=89_gid=89_home=/home/vpopmail/domains/domain.com/jim_quota_rule=*:backend=2000000000S/May_21_08:20:40_lda:_Debug:_Added_userdb_setting:_plugin/quota_rule=*:backend=2000000000S/May_21_08:20:40_lda(jim at domain.com):_Debug:_Effective_uid=89,_gid=89,_home=/home/vpopmail/domains/domain.com/jim/May_21_08:20:40_lda(jim at domain.com):_Debug:_quota:_No_quota_setting_-_plugin_disabled/May_21_08:20:40_lda(jim at domain.com):_Debug:_Namespace_inbox:_type=private,_prefix=,_sep=.,_inbox=yes,_hidden=no,_list=yes,_subscriptions=yes_location=maildir:/home/vpopmail/domains/domain.com/jim/Maildir/May_21_08:20:40_lda(jim at domain.com):_Debug:_maildir++:_root=/home/vpopmail/domains/domain.com/jim/Maildir,_index=,_indexpvt=,_control=,_inbox=/home/vpopmail/domains/domain.com/jim/Maildir,_alt=/May_21_08:20:40_lda(jim at domain.com):_Debug:_quota:_No_quota_setting_-_plugin_disabled/May_21_08:20:40_lda(jim at domain.com):_Debug:_none:_root=,_index=,_indexpvt=,_control=,_inbox=,_alt=/May_21_08:20:40_lda(jim at domain.com):_Debug:_Destination_address:_jim at domain.com_(source:_user at hostname)/May_21_08:20:40_lda(jim at domain.com):_Debug:_sieve:_Pigeonhole_version_0.4.0_initializing/May_21_08:20:40_lda(jim at domain.com):_Debug:_sieve:_include:_sieve_global_dir_is_not_set;_it_is_currently_not_possible_to_include_`:global'_scripts./May_21_08:20:40_lda(jim at domain.com):_Debug:_sieve:_script_file_/home/vpopmail/domains/domain.com/jim/.sieve/dovecot.sieve_not_found/May_21_08:20:40_lda(jim at domain.com):_Debug:_sieve:_user's_script_~/.sieve/dovecot.sieve_doesn't_exist_(using_default_script_location_instead)/May_21_08:20:40_lda(jim at domain.com):_Debug:_sieve:_using_the_following_location_for_user's_Sieve_script:_/usr/local/etc/dovecot/sieve/default.sieve;name=main_script/May_21_08:20:40_lda(jim at domain.com):_Debug:_sieve:_loading_script_/usr/local/etc/dovecot/sieve/default.sieve;name=main_script/May_21_08:20:40_lda(jim at domain.com):_Debug:_sieve:_script_binary_/usr/local/etc/dovecot/sieve/default.svbin_successfully_loaded/May_21_08:20:40_lda(jim at domain.com):_Debug:_sieve:_binary_save:_not_saving_binary_/usr/local/etc/dovecot/sieve/default.svbin,_because_it_is_already_stored/May_21_08:20:40_lda(jim at domain.com):_Debug:_sieve:_executing_script_from_/usr/local/etc/dovecot/sieve/default.svbin/May_21_08:20:40_lda(jim at domain.com):_Info:_sieve:_msgid=:_stored_mail_into_mailbox_'INBOX.nagios.folder2'/did_0+0+1/ From calestyo at scientia.net Wed May 22 01:45:49 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Wed, 22 May 2013 00:45:49 +0200 Subject: [Dovecot] should dovecot store maildir files with CRLF or LF? Message-ID: <1369176349.18119.10.camel@fermat.scientia.net> Hi. I've made a strange observation. When having Dovecot (at least) with maildir and moving (via IMAP) mail received by some client (Evolution 3.4) into it the following happens: Regardless of whether the mail was originally(!) set with CRLF or LF (i.e. when I use netcat to submit the plain SMTP to the relaying MTA). When the client (Evolution) had received the mail via POP3 before moving it via IMAP into Dovecot... then the maildir file within dovecot is all LF. When the client however received it via IMAP, before in turn moving it on via IMAP into Dovecot, then the maildir file is mixed CRLF and LF, i.e. the body is CRLF, the headers are terminated... Well the actually bug here is probably in Evolution (as so many others... o.O)... but I wondered... what is Dovecot expected to write files? Platform end-of-line markers (i.e. LF in case of UNIX) or always network end-of-line markers (CRLF)? Cheers, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From slitt at troubleshooters.com Wed May 22 03:18:08 2013 From: slitt at troubleshooters.com (Steve Litt) Date: Tue, 21 May 2013 20:18:08 -0400 Subject: [Dovecot] should dovecot store maildir files with CRLF or LF? In-Reply-To: <1369176349.18119.10.camel@fermat.scientia.net> References: <1369176349.18119.10.camel@fermat.scientia.net> Message-ID: <20130521201808.7bd066f7@mydesk> I'm not sure if this has any bearing on what you reported here, but I do this: fetchmail->procmail->dovecot->Claws-Mail When I open certain emails, the empty lines between paragraphs are missing. If this is part of what you're reporting, I can pay more attention as to which emails display this anomaly. Thanks, SteveT Steve Litt * http://www.troubleshooters.com/ Troubleshooting Training * Human Performance On Wed, 22 May 2013 00:45:49 +0200 Christoph Anton Mitterer wrote: > Hi. > > I've made a strange observation. > When having Dovecot (at least) with maildir and moving (via IMAP) mail > received by some client (Evolution 3.4) into it the following happens: > > Regardless of whether the mail was originally(!) set with CRLF or LF > (i.e. when I use netcat to submit the plain SMTP to the relaying MTA). > > When the client (Evolution) had received the mail via POP3 before > moving it via IMAP into Dovecot... then the maildir file within > dovecot is all LF. > > When the client however received it via IMAP, before in turn moving it > on via IMAP into Dovecot, then the maildir file is mixed CRLF and LF, > i.e. the body is CRLF, the headers are terminated... > > > Well the actually bug here is probably in Evolution (as so many > others... o.O)... but I wondered... what is Dovecot expected to write > files? Platform end-of-line markers (i.e. LF in case of UNIX) or > always network end-of-line markers (CRLF)? > > > Cheers, > Chris. From ben at morrow.me.uk Wed May 22 04:54:01 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Wed, 22 May 2013 02:54:01 +0100 Subject: [Dovecot] should dovecot store maildir files with CRLF or LF? In-Reply-To: <1369176349.18119.10.camel@fermat.scientia.net> References: <1369176349.18119.10.camel@fermat.scientia.net> Message-ID: <20130522015400.GR52079@anubis.morrow.me.uk> At 12AM +0200 on 22/05/13 you (Christoph Anton Mitterer) wrote: > > I've made a strange observation. > When having Dovecot (at least) with maildir and moving (via IMAP) mail > received by some client (Evolution 3.4) into it the following happens: > > Regardless of whether the mail was originally(!) set with CRLF or LF > (i.e. when I use netcat to submit the plain SMTP to the relaying MTA). Mail sent by SMTP has to have CRLF line endings. (Unless you're using BINARYMIME, but I don't think that's at all widely implemented yet.) If your mailserver accepts LF-only line endings it ought to translate them into CRLF before sending the message on. > When the client (Evolution) had received the mail via POP3 before moving > it via IMAP into Dovecot... then the maildir file within dovecot is all > LF. What line endings is the POP server sending? Can you verify this without involving Evolution? Is the POP server Dovecot or something else? The original (djb) definition of Maildir assumed that messages would be written to the maildir with LF line endings, and both MTA and POP server would translate back to CRLF as needed. Dovecot (as a POP server) can deal with messages in either format, and should always return them to clients with CRLF. > When the client however received it via IMAP, before in turn moving it > on via IMAP into Dovecot, then the maildir file is mixed CRLF and LF, > i.e. the body is CRLF, the headers are terminated... IMAP is similar, in that line endings on the wire are always supposed to be CRLF; it's a little more complicated in that clients can also upload messages. If I APPEND a message with mixed line endings to a Maildir Dovecot mailbox, the message is written to the Maildir with LF-only endings and comes back over IMAP with CRLF-only. Can you confirm what is actually being sent over the wire? Ben From calestyo at scientia.net Wed May 22 05:06:23 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Wed, 22 May 2013 04:06:23 +0200 Subject: [Dovecot] should dovecot store maildir files with CRLF or LF? In-Reply-To: <20130522015400.GR52079@anubis.morrow.me.uk> References: <1369176349.18119.10.camel@fermat.scientia.net> <20130522015400.GR52079@anubis.morrow.me.uk> Message-ID: <1369188383.21892.12.camel@fermat.scientia.net> On Wed, 2013-05-22 at 02:54 +0100, Ben Morrow wrote: > Mail sent by SMTP has to have CRLF line endings. (Unless you're using > BINARYMIME, but I don't think that's at all widely implemented yet.) If > your mailserver accepts LF-only line endings it ought to translate them > into CRLF before sending the message on. Sure, and I assume postfix does the later... but what's mandatory for SMTP isn't a "standard/recommendation/best-practise/etc" on what IMAP servers should do internally. > What line endings is the POP server sending? Can you verify this without > involving Evolution? Yeah... guess I should teach myself speaking POP3 as well ;) > Is the POP server Dovecot or something else? no idea... that's the one of my ISP... > The original (djb) definition of Maildir assumed that messages would be > written to the maildir with LF line endings, and both MTA and POP server > would translate back to CRLF as needed. Dovecot (as a POP server) can > deal with messages in either format, and should always return them to > clients with CRLF. > > > When the client however received it via IMAP, before in turn moving it > > on via IMAP into Dovecot, then the maildir file is mixed CRLF and LF, > > i.e. the body is CRLF, the headers are terminated... > > IMAP is similar, in that line endings on the wire are always supposed to > be CRLF; it's a little more complicated in that clients can also upload > messages. If I APPEND a message with mixed line endings to a Maildir > Dovecot mailbox, the message is written to the Maildir with LF-only > endings and comes back over IMAP with CRLF-only. IIRC such mixing is forbidding by the most recent RFC defining the format of internet mail messages... neither CR nor LF is allowed to exist (which was allowed to in the old standards and then didn't mean a newline, but rather the character CR respectively LF for itself). This is also the reason why I wonder a bit what Dovecot is doing, cause if it's compliant, then the outside world should always only see CRLF now, right? => But then it makes no sense to store mixed CRLF / LF / CR, if a buggy client presents it with that via IMAP. => It does IMHO however make sense to consider whether it may store mails in LF-only(! no mixing)... when this is the platform's native end-of-line marker. => On the other hand; I'd prefer to have this homogenous... so at least when dovecot get's new mail via IMAP, I would recommend it should use generally CRLF and - one would need to think about the following more carefully - convert and single LF / CR to it. Whether it can/should do such conversation with mail picked up from new/ respectively the LDA/MDA... is another topic... but if possible, I'd do so as well. Timo, if you read along, what do you think? > Can you confirm what is actually being sent over the wire? You mean when Dovecot re-exports the stuff via IMAP? Haven't checked that yet.. Cheers, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From f.bonnet at esiee.fr Wed May 22 11:29:42 2013 From: f.bonnet at esiee.fr (Frank Bonnet) Date: Wed, 22 May 2013 10:29:42 +0200 Subject: [Dovecot] put users's mailbox in read only mode Message-ID: <519C81F6.4050302@esiee.fr> Hello For internal purpose I need to put some users's mailboxes and IMAP folders in read only mode during few days. We use MBOX format and UNIX real users mode ( FreeBSD 9.1 ) thanks for any info From rs at sys4.de Wed May 22 11:32:45 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 22 May 2013 10:32:45 +0200 Subject: [Dovecot] dsync Migration Couldn't keep all uids dove 2.1.16 Message-ID: <519C82AD.5050603@sys4.de> Hi Timo, using http://wiki2.dovecot.org/Migration/Dsync for migration i am getting this in periods dsync(sys4-test-2 at example.de): Info: INBOX: Couldn't keep all uids dsync(sys4-test-2 at example.de): Warning: Mailbox changes caused a desync. You may want to run dsync again. dsync(sys4-test-2 at example.de): Warning: I/O leak: 0x756547164490 (line 1229, fd 15) dsync(sys4-test-2 at example.de): Warning: I/O leak: 0x756547164490 (line 1229, fd 10) dsync(sys4-test-2 at example.de): Warning: Timeout leak: 0x7565471647a0 (line 1316) dsync(sys4-test-2 at example.de): Warning: Timeout leak: 0x7565471647a0 (line 1316) Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From f.bonnet at esiee.fr Wed May 22 11:38:55 2013 From: f.bonnet at esiee.fr (Frank Bonnet) Date: Wed, 22 May 2013 10:38:55 +0200 Subject: [Dovecot] read only users's mailboxes Message-ID: <519C841F.4090905@esiee.fr> Hello for internal purpose I need to put some users's mailboxes in readonly mode during few days. We use MBOX format and UNIX user mode on a FreeBSD 9.1 box I tried to read-only mount the partition but dovecot does not work this way Any infos welcome From christian.wiese at securepoint.de Wed May 22 11:42:00 2013 From: christian.wiese at securepoint.de (Christian Wiese) Date: Wed, 22 May 2013 10:42:00 +0200 Subject: [Dovecot] read only users's mailboxes In-Reply-To: <519C841F.4090905@esiee.fr> References: <519C841F.4090905@esiee.fr> Message-ID: <20130522104200.5490f789@cw-desktop> Hi Frank, maybe you should take a look at http://wiki2.dovecot.org/ACL. Cheers, Chris Am Wed, 22 May 2013 10:38:55 +0200 schrieb Frank Bonnet : > Hello > > for internal purpose I need to put some users's mailboxes > in readonly mode during few days. > > We use MBOX format and UNIX user mode on a FreeBSD 9.1 box > > I tried to read-only mount the partition but dovecot > does not work this way > > > Any infos welcome > From f.bonnet at esiee.fr Wed May 22 11:50:42 2013 From: f.bonnet at esiee.fr (Frank Bonnet) Date: Wed, 22 May 2013 10:50:42 +0200 Subject: [Dovecot] read only users's mailboxes In-Reply-To: <20130522104200.5490f789@cw-desktop> References: <519C841F.4090905@esiee.fr> <20130522104200.5490f789@cw-desktop> Message-ID: <519C86E2.6080906@esiee.fr> On 05/22/2013 10:42 AM, Christian Wiese wrote: > Hi Frank, > > maybe you should take a look at http://wiki2.dovecot.org/ACL. > > Cheers, > Chris > > Am Wed, 22 May 2013 10:38:55 +0200 > schrieb Frank Bonnet : > >> Hello >> >> for internal purpose I need to put some users's mailboxes >> in readonly mode during few days. >> >> We use MBOX format and UNIX user mode on a FreeBSD 9.1 box >> >> I tried to read-only mount the partition but dovecot >> does not work this way >> >> >> Any infos welcome >> thank you Chris From rs at sys4.de Wed May 22 14:36:19 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 22 May 2013 13:36:19 +0200 Subject: [Dovecot] dsync Migration Couldn't keep all uids dove 2.1.16 In-Reply-To: <519C82AD.5050603@sys4.de> References: <519C82AD.5050603@sys4.de> Message-ID: <519CADB3.9080004@sys4.de> Am 22.05.2013 10:32, schrieb Robert Schetterer: > Hi Timo, using > > http://wiki2.dovecot.org/Migration/Dsync > > for migration > > i am getting this in periods > > dsync(sys4-test-2 at example.de): Info: INBOX: Couldn't keep all uids > dsync(sys4-test-2 at example.de): Warning: Mailbox changes caused a desync. > You may want to run dsync again. > dsync(sys4-test-2 at example.de): Warning: I/O leak: 0x756547164490 (line > 1229, fd 15) > dsync(sys4-test-2 at example.de): Warning: I/O leak: 0x756547164490 (line > 1229, fd 10) > dsync(sys4-test-2 at example.de): Warning: Timeout leak: 0x7565471647a0 > (line 1316) > dsync(sys4-test-2 at example.de): Warning: Timeout leak: 0x7565471647a0 > (line 1316) > > > Best Regards > MfG Robert Schetterer > sorry for noise , i did more testing, guess the general problem is in missing read Problems POP3 message order (when it's different from IMAP message order) is currently preserved only when destination is Maildir for small test procedure works with maildir anyone testet allready , if do a migration to maildir, and afterwards convert mailboxes to mdbox avoiding redownload for pop3 is working ( i.e for pop3 user that left mail on the server )?, my guess its not working by design of mdbox Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From tss at iki.fi Wed May 22 15:16:57 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 22 May 2013 15:16:57 +0300 Subject: [Dovecot] dsync-2.2.2 incorrectly synchronizes subscription status of deleted mailbox In-Reply-To: References: <519A2548.8000602@gmail.com> <1369060424.13573.73.camel@innu> Message-ID: <1369225017.13573.94.camel@innu> On Tue, 2013-05-21 at 15:58 +0200, Karol Jurak wrote: > > Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/9878986a028d > I performed the test and subscription state of a deleted mailbox is still > incorrectly synchronized: the mailbox is being subscribed on the first > server (the one it was originally deleted on) instead of being unsubscribed > on the other. One thing changed however: a subsequent attempt to > unsubscribe this mailbox on the first server is now correctly synchronized. > Previously every attempt to unsubscribe a nonexistent mailbox was being > reverted by dsync. Another fix: http://hg.dovecot.org/dovecot-2.2/rev/33efc5396e44 From rs at sys4.de Wed May 22 15:56:34 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 22 May 2013 14:56:34 +0200 Subject: [Dovecot] dsync Migration Couldn't keep all uids dove 2.1.16 In-Reply-To: <519CADB3.9080004@sys4.de> References: <519C82AD.5050603@sys4.de> <519CADB3.9080004@sys4.de> Message-ID: <519CC082.1040008@sys4.de> Am 22.05.2013 13:36, schrieb Robert Schetterer: > Am 22.05.2013 10:32, schrieb Robert Schetterer: >> Hi Timo, using >> >> http://wiki2.dovecot.org/Migration/Dsync >> >> for migration >> >> i am getting this in periods >> >> dsync(sys4-test-2 at example.de): Info: INBOX: Couldn't keep all uids >> dsync(sys4-test-2 at example.de): Warning: Mailbox changes caused a desync. >> You may want to run dsync again. >> dsync(sys4-test-2 at example.de): Warning: I/O leak: 0x756547164490 (line >> 1229, fd 15) >> dsync(sys4-test-2 at example.de): Warning: I/O leak: 0x756547164490 (line >> 1229, fd 10) >> dsync(sys4-test-2 at example.de): Warning: Timeout leak: 0x7565471647a0 >> (line 1316) >> dsync(sys4-test-2 at example.de): Warning: Timeout leak: 0x7565471647a0 >> (line 1316) >> >> >> Best Regards >> MfG Robert Schetterer >> > > sorry for noise , i did more testing, guess the general problem > is in missing read > > Problems > > POP3 message order (when it's different from IMAP message order) is > currently preserved only when destination is Maildir > > for small test procedure works with maildir > > anyone testet allready , if do a migration to maildir, and afterwards > convert mailboxes to mdbox avoiding redownload for pop3 is working ( i.e > for pop3 user that left mail on the server )?, my guess its not working > by design of mdbox > > > Best Regards > MfG Robert Schetterer > Hi Timo, more tests showed up, that expunged mails arent synced anyway whatever mailbox format is used perhaps that problem ? If source POP3 server merges multiple IMAP mailboxes into one POP3 INBOX, the migration won't be transparent. If source IMAP and POP3 servers return messages somehow differently, pop3-migration plugin might not be able to match the messages how test this on source server i dont see something special there using telnet and/or Thunderbird Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From karol.jurak at gmail.com Wed May 22 17:02:04 2013 From: karol.jurak at gmail.com (Karol Jurak) Date: Wed, 22 May 2013 16:02:04 +0200 Subject: [Dovecot] dsync-2.2.2 incorrectly synchronizes subscription status of deleted mailbox In-Reply-To: <1369225017.13573.94.camel@innu> References: <519A2548.8000602@gmail.com> <1369225017.13573.94.camel@innu> Message-ID: <1465740.JERTSaW5dv@karol-esprimo-p5925> On Wednesday 22 of May 2013 15:16:57 Timo Sirainen wrote: > Another fix: http://hg.dovecot.org/dovecot-2.2/rev/33efc5396e44 Now it works as expected. Thanks. However I discovered a similar issue when renaming a mailbox (using 33efc5396e44). After the first run of 'doveadm sync' the old mailbox name remains subscribed on the second server and the new name is not subscribed there. Repeating the sync corrects this. From francwalter at gmx.net Wed May 22 17:44:03 2013 From: francwalter at gmx.net (=?UTF-8?B?RnJhbmsgUsO2aG0=?=) Date: Wed, 22 May 2013 16:44:03 +0200 Subject: [Dovecot] Problems with Apple Mail: Enter Password for Account "..." Message-ID: <519CD9B3.2040101@gmx.net> Hello I have on Ubuntu 12.04 a postfix 2.9.3-2 mailserver with dovecot 2.0.19 I get email from my pc (thunderbird), my smartphone (k9mail) and my MacBook (Apple Mail 4.6 - 1085 on Mac OS 10.6.8) all with IMAP and SSL. All is working normally but sometimes I get an error message from my MacBook, which is irritating. It says this (more or less): "Enter Password for Account "..." The IMAP-Server "..." rejected the password for user "..." Enter your password again or cancel. ... o Remember this password in my keychain" The password was NOT wrong, but anyway, if reenter it, Apple Mail won't accept it, the message will come again and again. I guess that dovecot blocks apple mail maybe because the other two clients try to login at the same time? Is there any setting where I could adjust this blocking (if it is blocking) in dovecot? Only if this really is the reason. The issue is coming not regularily but when it comes, often for half an hour I cannot check mails for this account (other accounts on apple mail won't be touched). If I restart Apple Mail, the problem could be fixed, but maybe not. In the logfiles of Dovecot I don't find anything about this. Thank you and kind regards frank From larryrtx at gmail.com Wed May 22 18:01:23 2013 From: larryrtx at gmail.com (Larry Rosenman) Date: Wed, 22 May 2013 10:01:23 -0500 Subject: [Dovecot] lda: duplicate prefix? In-Reply-To: References: <28755E7A-F711-4282-A627-7CB0D10955DC@iki.fi> <374FC8DC-B861-48C7-AE44-E2CB63EC76CD@iki.fi> <1363808051.13923.9.camel@innu> Message-ID: as a final followup (finally) 2.2.2 (maybe 2.2 in general) fixes this issue. Works great! Thanks! On Wed, Mar 20, 2013 at 2:53 PM, Larry Rosenman wrote: > Ok. I'll wait for 2.2 to hit the FreeBSD ports tree. > > Thanks! > > > On Wed, Mar 20, 2013 at 2:34 PM, Timo Sirainen wrote: > >> Looks like I can reproduce this with v2.1.15, but it works with v2.2. >> Probably too much trouble to debug&fix it for v2.1. So I suggest v2.2. >> (I'll release v2.2.rc3 probably today.) >> >> On Wed, 2013-03-20 at 13:41 -0500, Larry Rosenman wrote: >> > Also, I *CAN* give SSH access to the box if you need/want it. >> > >> > >> > >> > On Wed, Mar 20, 2013 at 1:18 PM, Larry Rosenman >> wrote: >> > >> > > The issue is this is my production box, and I've gotten around this >> by NOT >> > > using the LDA, and just having Exim writing the mbox files. >> > > >> > > Is there any easy way to test just the LDA? Or trace this? >> > > >> > > >> > > >> > > On Wed, Mar 20, 2013 at 1:06 PM, Timo Sirainen wrote: >> > > >> > >> Test first if it's because of the snarf plugin? I'm not sure that it >> is. >> > >> >> > >> On 20.3.2013, at 20.02, Larry Rosenman wrote: >> > >> >> > >> > I really need the snarf plugin to work, also, I don't think LMTP >> will >> > >> let >> > >> > me redirect to files using the Exim Filters. >> > >> > >> > >> > What can you tell me to help debug this? >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > On Wed, Mar 20, 2013 at 1:00 PM, Timo Sirainen wrote: >> > >> > >> > >> >> On 4.3.2013, at 8.50, Larry Rosenman wrote: >> > >> >> >> > >> >>> I've just started using Dovecot, and can't seem to get the LDA to >> > >> work. >> > >> >>> >> > >> >>> I get the following error: >> > >> >>> Mar 4 00:47:19 thebighonker dovecot: lda(ler): Error: user ler: >> > >> >>> Initialization failed: namespace configuration error: Duplicate >> > >> namespace >> > >> >>> prefix: "" >> > >> >> >> > >> >> Something's broken. It's complaining about duplicate namespace { >> > >> prefix= } >> > >> >> but your config has only one such namespace. My guess is that it's >> > >> related >> > >> >> to the snarf plugin. Does it work without it? Also you could see >> if >> > >> LMTP >> > >> >> works instead of LDA. >> > >> >> >> > >> >> >> > >> > >> > >> > >> > >> > -- >> > >> > Larry Rosenman http://www.lerctr.org/~ler >> > >> > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com >> > >> > US Mail: 430 Valona Loop, Round Rock, TX 78681-3893 >> > >> >> > >> >> > > >> > > >> > > -- >> > > Larry Rosenman http://www.lerctr.org/~ler >> > > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com >> > > US Mail: 430 Valona Loop, Round Rock, TX 78681-3893 >> > > >> > >> > >> > >> >> >> > > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com > US Mail: 430 Valona Loop, Round Rock, TX 78681-3893 > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 430 Valona Loop, Round Rock, TX 78681-3893 From professa at dementianati.com Wed May 22 18:16:44 2013 From: professa at dementianati.com (Professa Dementia) Date: Wed, 22 May 2013 08:16:44 -0700 Subject: [Dovecot] Problems with Apple Mail: Enter Password for Account "..." In-Reply-To: <519CD9B3.2040101@gmx.net> References: <519CD9B3.2040101@gmx.net> Message-ID: <519CE15C.4040902@dementianati.com> On 5/22/2013 7:44 AM, Frank R?hm wrote: > Hello > > I have on Ubuntu 12.04 a postfix 2.9.3-2 mailserver with dovecot 2.0.19 > > I get email from my pc (thunderbird), my smartphone (k9mail) and my > MacBook (Apple Mail 4.6 - 1085 on Mac OS 10.6.8) all with IMAP and SSL. > > All is working normally but sometimes I get an error message from my > MacBook, which is irritating. It says this (more or less): > > "Enter Password for Account > "..." > > The IMAP-Server "..." rejected the password > for user "..." > > Enter your password again or cancel. > ... > o Remember this password in my keychain" > > The password was NOT wrong, but anyway, if reenter it, Apple Mail won't > accept it, the message will come again and again. This is one of my pet peeves about Apple Mail and to some extent, outlook. If *any* error occurs during the authentication phase, Apple Mail, usually mistakenly, displays the error about bad login credentials. These errors may include such things as network problems, DNS issues, local mailstore errors or corruption, issues with the mail server not related to authentication, such as file locks, etc. Besides being annoying, and misleading, Apple Mail will invalidate your saved password, requiring you to enter it again. If you have chosen a strong password, you may not remember it, which can be a real pain in the tuchus. First look in your logs (Finder > Applications/Utilities > Console) to see if there are any errors. Second, if you can and it does not create a security problem for you, temporarily use a non-SSL connection for mail and a network sniffer like Wireshark to watch the transaction. Right click on a packet and select "Follow TCP Stream", which is particularly useful to see the interaction and any errors that may occur during the interaction between Mail and the server. The above also applies to similar problems with outlook. Wireshark also runs on windows, although mail error logging is not quite as good on windows. Dem From rog7993 at web.de Wed May 22 18:33:18 2013 From: rog7993 at web.de (rog7993 at web.de) Date: Wed, 22 May 2013 17:33:18 +0200 Subject: [Dovecot] ACLs - creating new top level folders In-Reply-To: <51957DCA.6000801@web.de> References: <51957DCA.6000801@web.de> Message-ID: <519CE53E.2010309@web.de> Hello, I didn't found a solution for this problem until now. Is it possible to define an ACL, which allows an user to create a new top level folder in a foreign mailbox which is accessible in a shared namespace? Creating subfolders within existing top level folders (like Inbox) works, if an appropriate dovecot-acl exists. But in an usual maildir structure, there is no parent folder for top level folders, in which I could place a dovecot-acl file. Ingo Am 17.05.2013 02:46, schrieb Ingo Rogalsky: > Hi, > > I'm wondering, whether it's possible, to define an ACL on the mailbox > itself. We use Dovecot 1.2.15 (included in Debian 6) and maildir > filesystem layout: > > /home/mail01/user1/Maildir/new \ > /home/mail01/user1/Maildir/cur Inbox > /home/mail01/user1/Maildir/tmp / > /home/mail01/user1/Maildir/.folder1/new \ > /home/mail01/user1/Maildir/.folder1/cur folder1 > /home/mail01/user1/Maildir/.folder1/tmp / > ... > > Assigning an ACL with full access rights for user2 to the folder Inbox > works as expected. user2 can create subfolders of Inbox, too. But he > can't create a new folder like folder1 parallel to Inbox. Is there a > possibility of defining an ACL on the mailbox of user1 itself? Or do we > need to create all subfolders beneath Inbox like this is usual with > other IMAP servers? > > Ingo > > --- > /usr/sbin/dovecot -c /etc/dovecot/dovecot-test.conf -n > > # 1.2.15: /etc/dovecot/dovecot-test.conf > # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 > base_dir: /var/run/dovecot-test/ > log_path(default): /var/log/dovecot-test/error.log > log_path(imap): /var/log/dovecot-test/error.log > log_path(pop3): /var/log/dovecot-test/error.log > log_path(managesieve): /var/log/dovecot-test/managesieve.log > info_log_path(default): /var/log/dovecot-test/info.log > info_log_path(imap): /var/log/dovecot-test/info.log > info_log_path(pop3): /var/log/dovecot-test/info.log > info_log_path(managesieve): /var/log/dovecot-test/managesieve.log > protocols: imap imaps pop3 pop3s managesieve > listen(default): *:10143 > listen(imap): *:10143 > listen(pop3): *:10110 > listen(managesieve): *:12000 > ssl_listen(default): *:10943 > ssl_listen(imap): *:10943 > ssl_listen(pop3): *:10995 > ssl_listen(managesieve): > ssl_cert_file: /etc/ssl/certs/imap-cert.pem > ssl_key_file: /etc/ssl/private/imap-key.pem > shutdown_clients: no > login_dir: /var/run/dovecot-test//login > login_executable(default): /usr/lib/dovecot/imap-login > login_executable(imap): /usr/lib/dovecot/imap-login > login_executable(pop3): /usr/lib/dovecot/pop3-login > login_executable(managesieve): /usr/lib/dovecot/managesieve-login > login_max_processes_count: 4096 > max_mail_processes: 4096 > verbose_proctitle: yes > mail_location: > maildir:~/Maildir:INDEX=/srv/dovecot/index/%u:CONTROL=/srv/dovecot/control/%u > > maildir_copy_preserve_filename: yes > mbox_write_locks: fcntl dotlock > mail_executable(default): /usr/lib/dovecot/imap > mail_executable(imap): /usr/lib/dovecot/imap > mail_executable(pop3): /usr/lib/dovecot/pop3 > mail_executable(managesieve): /usr/lib/dovecot/managesieve > mail_process_size: 1024 > mail_plugins(default): fts fts_squat acl imap_acl > mail_plugins(imap): fts fts_squat acl imap_acl > mail_plugins(pop3): > mail_plugins(managesieve): > mail_plugin_dir(default): /usr/lib/dovecot/modules/imap > mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap > mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 > mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve > pop3_lock_session(default): no > pop3_lock_session(imap): no > pop3_lock_session(pop3): yes > pop3_lock_session(managesieve): no > pop3_uidl_format(default): %08Xu%08Xv > pop3_uidl_format(imap): %08Xu%08Xv > pop3_uidl_format(pop3): %08Xv%08Xu > pop3_uidl_format(managesieve): %08Xu%08Xv > namespace: > type: private > separator: / > inbox: yes > list: yes > subscriptions: yes > namespace: > type: shared > separator: / > prefix: Other Users/%%u/ > location: > maildir:%%h/Maildir:INDEX=/srv/dovecot/index/%%u:CONTROL=/srv/dovecot/control/%%u > > list: children > lda: > postmaster_address: postmaster at ... > mail_plugins: sieve acl > quota_full_tempfail: yes > auth_socket_path: /var/run/dovecot-test/auth-master > log_path: /var/log/dovecot-test/deliver.log > info_log_path: /var/log/dovecot-test/deliver.log > auth default: > cache_size: 1024 > cache_negative_ttl: 0 > username_chars: > abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@~ > master_user_separator: * > debug: yes > passdb: > driver: passwd-file > args: /etc/dovecot/dovecot-passwd.masterusers > pass: yes > master: yes > passdb: > driver: passwd-file > args: /etc/dovecot/dovecot-passwd > passdb: > driver: pam > userdb: > driver: passwd-file > args: /etc/dovecot/dovecot-passwd > socket: > type: listen > client: > path: /var/run/dovecot-test/auth-client > mode: 384 > user: vmail > master: > path: /var/run/dovecot-test/auth-master > mode: 384 > user: vmail > plugin: > acl: vfile > acl_shared_dict: file:/srv/dovecot/lib/shared-mailboxes > sieve: ~/.dovecot.sieve > sieve_dir: ~/.pysieved > fts: squat > fts_squat: partial=4 full=10 From slusarz at curecanti.org Wed May 22 18:38:26 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Wed, 22 May 2013 09:38:26 -0600 Subject: [Dovecot] CATENATE/literal8 issue In-Reply-To: <20130521130413.Horde.XgF5Kh32KHLili-OF5W8dg2@bigworm.curecanti.org> References: <20130521004050.Horde.ROP9wTEW3YVpVCORD9AVvQ1@bigworm.curecanti.org> <92A4F02B-84E1-4E64-AE66-32B67DAF3936@iki.fi> <20130521122436.Horde.yx8dh87QiDQVd6pQsTmvLw1@bigworm.curecanti.org> <53BC2E19-3AEC-4E14-8AC1-7A97885D9E84@iki.fi> <20130521130413.Horde.XgF5Kh32KHLili-OF5W8dg2@bigworm.curecanti.org> Message-ID: <20130522093826.Horde.VietegxEiCMZBwrlm3Zj2A4@bigworm.curecanti.org> Quoting Michael M Slusarz : > Quoting Timo Sirainen : > >> Anyway .. the BINARY APPEND converts only the MIME parts that you >> send with "Content-Transfer-Encoding: binary". Are you sending such >> header to Dovecot? I can verify this isn't working as you described above: 1 APPEND "INBOX" CATENATE (TEXT {49+} Content-Type: multipart/alternative; boundary="A" TEXT ~{1} 1 NO [UNKNOWN-CTE] Binary input allowed only when the first part is binary. michael From davide.marchi at mail.cgilfe.it Wed May 22 18:47:49 2013 From: davide.marchi at mail.cgilfe.it (Davide) Date: Wed, 22 May 2013 17:47:49 +0200 Subject: [Dovecot] LDA and enkive Message-ID: <519CE8A5.5040200@mail.cgilfe.it> Hi to all is it possible to use dovecot lda to pipe emails into enkive socket? if yes how? -- *Davide Marchi* *T*eorema *F*errara *Srl* Via Spronello, 7 - Ferrara - 44121 Tel. *0532783161* Fax. *0532783368* E-m at il: *davide.marchi at mail.cgilfe.it* Skype: *davide.marchi73* Web: *http://www.cgilfe.it* *CONFIDENZIALITA'* *Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario/dei destinatari. Qualora il messaggio in parola Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione.* *Per favore, pensa all'ambiente. Stampa questa email solo se necessario.* From tss at iki.fi Wed May 22 19:35:46 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 22 May 2013 19:35:46 +0300 Subject: [Dovecot] ACLs - creating new top level folders In-Reply-To: <519CE53E.2010309@web.de> References: <51957DCA.6000801@web.de> <519CE53E.2010309@web.de> Message-ID: <1939C4F2-8519-4B67-8DFF-5AEB030716FA@iki.fi> With v2.2.2: http://hg.dovecot.org/dovecot-2.2/rev/714dfc072d60 Doesn't work for public namespaces though. On 22.5.2013, at 18.33, rog7993 at web.de wrote: > Hello, > > I didn't found a solution for this problem until now. > > Is it possible to define an ACL, which allows an user to create a new top level folder in a foreign mailbox which is accessible in a shared namespace? > > Creating subfolders within existing top level folders (like Inbox) works, if an appropriate dovecot-acl exists. But in an usual maildir structure, there is no parent folder for top level folders, in which I could place a dovecot-acl file. > > Ingo > > Am 17.05.2013 02:46, schrieb Ingo Rogalsky: >> Hi, >> >> I'm wondering, whether it's possible, to define an ACL on the mailbox >> itself. We use Dovecot 1.2.15 (included in Debian 6) and maildir >> filesystem layout: >> >> /home/mail01/user1/Maildir/new \ >> /home/mail01/user1/Maildir/cur Inbox >> /home/mail01/user1/Maildir/tmp / >> /home/mail01/user1/Maildir/.folder1/new \ >> /home/mail01/user1/Maildir/.folder1/cur folder1 >> /home/mail01/user1/Maildir/.folder1/tmp / >> ... >> >> Assigning an ACL with full access rights for user2 to the folder Inbox >> works as expected. user2 can create subfolders of Inbox, too. But he >> can't create a new folder like folder1 parallel to Inbox. Is there a >> possibility of defining an ACL on the mailbox of user1 itself? Or do we >> need to create all subfolders beneath Inbox like this is usual with >> other IMAP servers? >> >> Ingo >> >> --- >> /usr/sbin/dovecot -c /etc/dovecot/dovecot-test.conf -n >> >> # 1.2.15: /etc/dovecot/dovecot-test.conf >> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 >> base_dir: /var/run/dovecot-test/ >> log_path(default): /var/log/dovecot-test/error.log >> log_path(imap): /var/log/dovecot-test/error.log >> log_path(pop3): /var/log/dovecot-test/error.log >> log_path(managesieve): /var/log/dovecot-test/managesieve.log >> info_log_path(default): /var/log/dovecot-test/info.log >> info_log_path(imap): /var/log/dovecot-test/info.log >> info_log_path(pop3): /var/log/dovecot-test/info.log >> info_log_path(managesieve): /var/log/dovecot-test/managesieve.log >> protocols: imap imaps pop3 pop3s managesieve >> listen(default): *:10143 >> listen(imap): *:10143 >> listen(pop3): *:10110 >> listen(managesieve): *:12000 >> ssl_listen(default): *:10943 >> ssl_listen(imap): *:10943 >> ssl_listen(pop3): *:10995 >> ssl_listen(managesieve): >> ssl_cert_file: /etc/ssl/certs/imap-cert.pem >> ssl_key_file: /etc/ssl/private/imap-key.pem >> shutdown_clients: no >> login_dir: /var/run/dovecot-test//login >> login_executable(default): /usr/lib/dovecot/imap-login >> login_executable(imap): /usr/lib/dovecot/imap-login >> login_executable(pop3): /usr/lib/dovecot/pop3-login >> login_executable(managesieve): /usr/lib/dovecot/managesieve-login >> login_max_processes_count: 4096 >> max_mail_processes: 4096 >> verbose_proctitle: yes >> mail_location: >> maildir:~/Maildir:INDEX=/srv/dovecot/index/%u:CONTROL=/srv/dovecot/control/%u >> >> maildir_copy_preserve_filename: yes >> mbox_write_locks: fcntl dotlock >> mail_executable(default): /usr/lib/dovecot/imap >> mail_executable(imap): /usr/lib/dovecot/imap >> mail_executable(pop3): /usr/lib/dovecot/pop3 >> mail_executable(managesieve): /usr/lib/dovecot/managesieve >> mail_process_size: 1024 >> mail_plugins(default): fts fts_squat acl imap_acl >> mail_plugins(imap): fts fts_squat acl imap_acl >> mail_plugins(pop3): >> mail_plugins(managesieve): >> mail_plugin_dir(default): /usr/lib/dovecot/modules/imap >> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap >> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 >> mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve >> pop3_lock_session(default): no >> pop3_lock_session(imap): no >> pop3_lock_session(pop3): yes >> pop3_lock_session(managesieve): no >> pop3_uidl_format(default): %08Xu%08Xv >> pop3_uidl_format(imap): %08Xu%08Xv >> pop3_uidl_format(pop3): %08Xv%08Xu >> pop3_uidl_format(managesieve): %08Xu%08Xv >> namespace: >> type: private >> separator: / >> inbox: yes >> list: yes >> subscriptions: yes >> namespace: >> type: shared >> separator: / >> prefix: Other Users/%%u/ >> location: >> maildir:%%h/Maildir:INDEX=/srv/dovecot/index/%%u:CONTROL=/srv/dovecot/control/%%u >> >> list: children >> lda: >> postmaster_address: postmaster at ... >> mail_plugins: sieve acl >> quota_full_tempfail: yes >> auth_socket_path: /var/run/dovecot-test/auth-master >> log_path: /var/log/dovecot-test/deliver.log >> info_log_path: /var/log/dovecot-test/deliver.log >> auth default: >> cache_size: 1024 >> cache_negative_ttl: 0 >> username_chars: >> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@~ >> master_user_separator: * >> debug: yes >> passdb: >> driver: passwd-file >> args: /etc/dovecot/dovecot-passwd.masterusers >> pass: yes >> master: yes >> passdb: >> driver: passwd-file >> args: /etc/dovecot/dovecot-passwd >> passdb: >> driver: pam >> userdb: >> driver: passwd-file >> args: /etc/dovecot/dovecot-passwd >> socket: >> type: listen >> client: >> path: /var/run/dovecot-test/auth-client >> mode: 384 >> user: vmail >> master: >> path: /var/run/dovecot-test/auth-master >> mode: 384 >> user: vmail >> plugin: >> acl: vfile >> acl_shared_dict: file:/srv/dovecot/lib/shared-mailboxes >> sieve: ~/.dovecot.sieve >> sieve_dir: ~/.pysieved >> fts: squat >> fts_squat: partial=4 full=10 > From claus.r at bayern-mail.de Wed May 22 19:37:50 2013 From: claus.r at bayern-mail.de (Claus) Date: Wed, 22 May 2013 18:37:50 +0200 Subject: [Dovecot] problem with proxy setup Message-ID: <519CF45E.7000201@bayern-mail.de> Hi all, i have some troubles in the implementation of my proxyconfiguration. i have two kind of users, the first will be proxied to a dovecot backend with masteruser-login, the other one will be proxied to another non-dovecot imapserver with nopassword. Everything looks to work if i use passwd-file like this: user1:{PLAIN}pass1:::::::proxy=y host=192.168.1.1 destuser=user1*masteruser pass=masterpass user2::::::::nopassword proxy=y host=192.168.2.2 In an second step i try the same behavior with sql (postgresql), but there are my problems. In my thinking, the sql query should return the right fields (in passwd-file) like proxy, host, .. but whats the trick, to get only the correct fields i need for the different funktions? first proxy, host, destuser, pass and on the other side nopassword, proxy and host. Maybe i have mistakes in reasoning, but in sql i get in one query always the same fields. I hope someone can give me some hints an tricks. thanks, Claus From tss at iki.fi Wed May 22 20:03:33 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 22 May 2013 20:03:33 +0300 Subject: [Dovecot] dsync Migration Couldn't keep all uids dove 2.1.16 In-Reply-To: <519CC082.1040008@sys4.de> References: <519C82AD.5050603@sys4.de> <519CADB3.9080004@sys4.de> <519CC082.1040008@sys4.de> Message-ID: <38A1DC7A-0CA4-4625-92EF-245C93650C74@iki.fi> On 22.5.2013, at 15.56, Robert Schetterer wrote: > Am 22.05.2013 13:36, schrieb Robert Schetterer: >> Am 22.05.2013 10:32, schrieb Robert Schetterer: >>> Hi Timo, using >>> >>> http://wiki2.dovecot.org/Migration/Dsync >>> >>> for migration >>> >>> i am getting this in periods >>> >>> dsync(sys4-test-2 at example.de): Info: INBOX: Couldn't keep all uids Did the destination server maybe already get some new mails? >>> dsync(sys4-test-2 at example.de): Warning: Mailbox changes caused a desync. >>> You may want to run dsync again. Does this help? >> sorry for noise , i did more testing, guess the general problem >> is in missing read >> >> Problems >> >> POP3 message order (when it's different from IMAP message order) is >> currently preserved only when destination is Maildir This doesn't break dsync in any way, it just means that POP3 clients will see the UIDL list in different order then they used to, which will probably cause them to redownload mails. I already implemented the ordering support for dbox, but the ordering then also needs to be added to dovecot.index.cache, and that's causing some problems, so I haven't committed the change yet.. > more tests showed up, that expunged mails arent synced anyway whatever > mailbox format is used > > perhaps that problem ? The source is IMAP+POP3 server? Yeah, could be that it's not handling expunges when doing dsync the second time. v2.2 should be handling them better I think, although I haven't really tested much yet. > If source POP3 server merges multiple IMAP mailboxes into one POP3 > INBOX, the migration won't be transparent. > If source IMAP and POP3 servers return messages somehow differently, > pop3-migration plugin might not be able to match the messages > > how test this on source server i dont see something special there using > telnet and/or Thunderbird That is about if the same messages exist in POP3 session and IMAP INBOX. Just checking if their counts are equivalent is pretty much enough alone. In any case even if that happened, it doesn't cause your dsync problems. From tss at iki.fi Wed May 22 20:06:39 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 22 May 2013 20:06:39 +0300 Subject: [Dovecot] should dovecot store maildir files with CRLF or LF? In-Reply-To: <1369176349.18119.10.camel@fermat.scientia.net> References: <1369176349.18119.10.camel@fermat.scientia.net> Message-ID: On 22.5.2013, at 1.45, Christoph Anton Mitterer wrote: > Hi. > > I've made a strange observation. > When having Dovecot (at least) with maildir and moving (via IMAP) mail > received by some client (Evolution 3.4) into it the following happens: > > Regardless of whether the mail was originally(!) set with CRLF or LF > (i.e. when I use netcat to submit the plain SMTP to the relaying MTA). > > When the client (Evolution) had received the mail via POP3 before moving > it via IMAP into Dovecot... then the maildir file within dovecot is all > LF. mail_save_crlf setting controls if mails are saved as CRLF or LF to storage. > When the client however received it via IMAP, before in turn moving it > on via IMAP into Dovecot, then the maildir file is mixed CRLF and LF, > i.e. the body is CRLF, the headers are terminated? Sounds like the client was saving mails using CRCRLF, and Dovecot changed that to CRLF. Perhaps Dovecot should have changed the other CR to some other character.. You could verify by looking at the IMAP traffic, e.g. http://wiki2.dovecot.org/Debugging/Rawlog From rog7993 at web.de Wed May 22 20:29:40 2013 From: rog7993 at web.de (rog7993 at web.de) Date: Wed, 22 May 2013 19:29:40 +0200 Subject: [Dovecot] ACLs - creating new top level folders In-Reply-To: <1939C4F2-8519-4B67-8DFF-5AEB030716FA@iki.fi> References: <51957DCA.6000801@web.de> <519CE53E.2010309@web.de> <1939C4F2-8519-4B67-8DFF-5AEB030716FA@iki.fi> Message-ID: <519D0084.2010203@web.de> Hello, Am 22.05.2013 18:35, schrieb Timo Sirainen: > With v2.2.2: http://hg.dovecot.org/dovecot-2.2/rev/714dfc072d60 > > Doesn't work for public namespaces though. Thanks for this hint. It seems I should upgrade our server in near future. Public namespaces do not have this problem. While I was looking for a solution for my problem, I also played with them instead of a shared namespace. With this config snippet: namespace public { separator = / prefix = "Shared\ Folders/" location = maildir:/home/mail01/shared/Maildir:INDEX=/srv/dovecot/index/shared:CONTROL=/srv/dovecot/control/shared subscriptions = no list = children } This leads to this folder layout: /home/mail01/shared/Maildir/.project1/cur /home/mail01/shared/Maildir/.project1/new /home/mail01/shared/Maildir/.project1/tmp /home/mail01/shared/Maildir/.project1/dovecot-acl /home/mail01/shared/Maildir/.project1.bbbb/cur /home/mail01/shared/Maildir/.project1.bbbb/new /home/mail01/shared/Maildir/.project1.bbbb/tmp /home/mail01/shared/Maildir/.project1.bbbb/dovecot-acl /home/mail01/shared/Maildir/.project1.bbbb/maildirfolder /home/mail01/shared/Maildir/.project1.jjjjj/cur /home/mail01/shared/Maildir/.project1.jjjjj/new /home/mail01/shared/Maildir/.project1.jjjjj/tmp /home/mail01/shared/Maildir/.project1.jjjjj/dovecot-acl /home/mail01/shared/Maildir/.project1.jjjjj/maildirfolder Now I have a parent folder, where I can place the dovecot-acl file: /home/mail01/shared/Maildir/.project1/ Probably because this folder is not handled as INBOX like with private and shared namespaces. It would be a little tricky to put new mail in these kind of folders with Dovecot LDA. But it could be done. The next question would be, where to put sieve scripts? The main reason, why I don't like this solution, is the fear, that this can be problematic from a performance view. Access permissions of public namespaces are not listed in the file "shared-mailboxes". What if the folder "/home/mail01/shared/Maildir" contains some thousand subfolders? Is this a problem, because every imap process have to open all dovecot-acl files in these directories? Ingo Rogalsky From sysadmin at e-positive.ee Wed May 22 20:31:48 2013 From: sysadmin at e-positive.ee (Mart Pirita) Date: Wed, 22 May 2013 20:31:48 +0300 Subject: [Dovecot] Dovecot 2.2.2 compiling error Message-ID: <519D0104.4060001@e-positive.ee> Hello. I cant build 2.2.2, but I can build fine version 2.1.16 with same options: RedHat based customized distro, 2.6.28.10 kernel Build options: export CPPFLAGS export LDFLAGS CPPFLAGS=-I/usr/local/ssl/include LDFLAGS=-L/usr/local/ssl/lib ./configure \ --prefix=/usr \ --with-ssl=openssl \ --with-ssldir=/etc/ssl \ --sysconfdir=/etc \ --without-vpopmail \ --with-pam \ --without-bsdauth \ --without-sql \ --without-nss \ --without-ldap \ --without-pgsql \ --without-mysql \ --without-sqlite \ --with-rundir=/var/run/dovecot\ --without-deliver \ --without-gssapi Build error: /bin/sh ../../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib -I../../../src/lib-test -I../../../src/lib-dict -I../../../src/lib-fs -I../../../src/lib-mail -I../../../src/lib-imap -I../../../src/lib-index -I../../../src/lib-storage -I/usr/local/ssl/include -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -MT index-search.lo -MD -MP -MF .deps/index-search.Tpo -c -o index-search.lo index-search.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib -I../../../src/lib-test -I../../../src/lib-dict -I../../../src/lib-fs -I../../../src/lib-mail -I../../../src/lib-imap -I../../../src/lib-index -I../../../src/lib-storage -I/usr/local/ssl/include -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -MT index-search.lo -MD -MP -MF .deps/index-search.Tpo -c index-search.c -fPIC -DPIC -o .libs/index-search.o index-search.c: In function `search_arg_match_text': index-search.c:715: error: size of array `type name' is negative make[5]: *** [index-search.lo] Error 1 make[5]: Leaving directory `/usr/src/redhat/BUILD/dovecot-2.2.2/src/lib-storage/index' make[4]: *** [all-recursive] Error 1 make[4]: Leaving directory `/usr/src/redhat/BUILD/dovecot-2.2.2/src/lib-storage/index' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/usr/src/redhat/BUILD/dovecot-2.2.2/src/lib-storage' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/usr/src/redhat/BUILD/dovecot-2.2.2/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/src/redhat/BUILD/dovecot-2.2.2' make: *** [all] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.57532 (%build) Please advise? -- Mart From tss at iki.fi Wed May 22 20:42:17 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 22 May 2013 20:42:17 +0300 Subject: [Dovecot] Dovecot 2.2.2 compiling error In-Reply-To: <519D0104.4060001@e-positive.ee> References: <519D0104.4060001@e-positive.ee> Message-ID: <1ADBA2BB-49C4-4D33-9811-B168D8A55CAA@iki.fi> On 22.5.2013, at 20.31, Mart Pirita wrote: > I cant build 2.2.2, but I can build fine version 2.1.16 with same options: > > RedHat based customized distro, 2.6.28.10 kernel What gcc version? From rs at sys4.de Wed May 22 21:01:03 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 22 May 2013 20:01:03 +0200 Subject: [Dovecot] dsync Migration Couldn't keep all uids dove 2.1.16 In-Reply-To: <38A1DC7A-0CA4-4625-92EF-245C93650C74@iki.fi> References: <519C82AD.5050603@sys4.de> <519CADB3.9080004@sys4.de> <519CC082.1040008@sys4.de> <38A1DC7A-0CA4-4625-92EF-245C93650C74@iki.fi> Message-ID: <519D07DF.2060906@sys4.de> Am 22.05.2013 19:03, schrieb Timo Sirainen: > On 22.5.2013, at 15.56, Robert Schetterer wrote: > >> Am 22.05.2013 13:36, schrieb Robert Schetterer: >>> Am 22.05.2013 10:32, schrieb Robert Schetterer: >>>> Hi Timo, using >>>> >>>> http://wiki2.dovecot.org/Migration/Dsync >>>> >>>> for migration >>>> >>>> i am getting this in periods >>>> >>>> dsync(sys4-test-2 at example.de): Info: INBOX: Couldn't keep all uids > > Did the destination server maybe already get some new mails? > >>>> dsync(sys4-test-2 at example.de): Warning: Mailbox changes caused a desync. >>>> You may want to run dsync again. > > Does this help? no, run again dsync , does not fix the expunge problem > >>> sorry for noise , i did more testing, guess the general problem >>> is in missing read >>> >>> Problems >>> >>> POP3 message order (when it's different from IMAP message order) is >>> currently preserved only when destination is Maildir > > This doesn't break dsync in any way, it just means that POP3 clients will see the UIDL list in different order then they used to, which will probably cause them to redownload mails. I already implemented the ordering support for dbox, but the ordering then also needs to be added to dovecot.index.cache, and that's causing some problems, so I haven't committed the change yet.. > >> more tests showed up, that expunged mails arent synced anyway whatever >> mailbox format is used >> >> perhaps that problem ? > > The source is IMAP+POP3 server? Yeah, could be that it's not handling expunges when doing dsync the second time. v2.2 should be handling them better I think, although I haven't really tested much yet. Hi Timo, it looks like a problem with dsync migration in 2.1.16, with "that" source server, a friend reported dsync migration form cyrus to sdbox had worked fine with 2.1.15 > >> If source POP3 server merges multiple IMAP mailboxes into one POP3 >> INBOX, the migration won't be transparent. >> If source IMAP and POP3 servers return messages somehow differently, >> pop3-migration plugin might not be able to match the messages >> >> how test this on source server i dont see something special there using >> telnet and/or Thunderbird > > That is about if the same messages exist in POP3 session and IMAP INBOX. Just checking if their counts are equivalent is pretty much enough alone. In any case even if that happened, it doesn't cause your dsync problems. > i think i wont invest more time in this, dsync has/will much changed code in 2.2.x , so i may retest again with 2.2.x sometime, meanwhile for this case i might use imapsync, but thx for repeat anyway however in case i would discover any more big news with dsnyc migration 2.1.16 , i will report Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From usselmann.m at icg-online.de Wed May 22 22:31:56 2013 From: usselmann.m at icg-online.de (Manfred Usselmann) Date: Wed, 22 May 2013 21:31:56 +0200 Subject: [Dovecot] Speed up mail retrieval by keyword Message-ID: <7c414fab933f69623cdf571e3e03e523@webmail.scheller-usselmann.de> Hi, I' m using a roundcube plugin for adding attributes to mails, which are stored as IMAP keywords (https://github.com/umount/message_label [1]). This plugin allows me to retrieve mails with a certain attribute across all my mail folders. Selecting mails this way is very convenient, but also very slow, probably because I've got a lot of mails and folders. Is there a way to speed this up somehow by changing any configuration options? Versions in use are Roundcube 0.9.0 and Dovecot 2.1.10 (Maildir). Thanks Manfred Links: ------ [1] https://github.com/umount/message_label From rs at sys4.de Wed May 22 23:13:52 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 22 May 2013 22:13:52 +0200 Subject: [Dovecot] auth with passwd file , doublepoint in paasword Message-ID: <519D2700.50907@sys4.de> Hi, does anyone know if a doublepoint : is in the password how it gets escaped when using http://wiki2.dovecot.org/AuthDatabase/PasswdFile Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From calestyo at scientia.net Wed May 22 23:22:06 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Wed, 22 May 2013 22:22:06 +0200 Subject: [Dovecot] should dovecot store maildir files with CRLF or LF? In-Reply-To: References: <1369176349.18119.10.camel@fermat.scientia.net> Message-ID: <1369254126.5217.10.camel@fermat.scientia.net> On Wed, 2013-05-22 at 20:06 +0300, Timo Sirainen wrote: > mail_save_crlf setting controls if mails are saved as CRLF or LF to storage. I see... hmm that seems to be missing from the documentation?! Can it be added? What values can it have? What exactly happens there? Any LF or CRLF converted to the value set? or does it also handle single CRs (and therefore also LFCRs)? Are there other such options which control what of a mail / how they are stored into maildirs? I mean regarding the content of the mails? I'm aware of the one that controls how subfolders are made in maildirs (LAYOUT=fs)... but anything else? > Sounds like the client was saving mails using CRCRLF, and Dovecot > changed that to CRLF. Perhaps Dovecot should have changed the other CR > to some other character.. Perhaps you should add handling single CRs (to CRLF or LF depending on mail_save_crlf) as well. > You could verify by looking at the IMAP traffic, e.g. > http://wiki2.dovecot.org/Debugging/Rawlog I'll try to debug that further. Thx, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From ben at morrow.me.uk Thu May 23 02:47:19 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Thu, 23 May 2013 00:47:19 +0100 Subject: [Dovecot] auth with passwd file , doublepoint in paasword In-Reply-To: <519D2700.50907@sys4.de> References: <519D2700.50907@sys4.de> Message-ID: <20130522234718.GA53132@anubis.morrow.me.uk> At 10PM +0200 on 22/05/13 you (Robert Schetterer) wrote: > Hi, does anyone know > if a doublepoint : is in the password how it gets escaped > > when using > > http://wiki2.dovecot.org/AuthDatabase/PasswdFile I don't think it can be; that is, I don't think any of the fields can contain a colon if you're using passwd-file. Surely a password would usually be crypted, and so cannot contain a colon? Ben From jgardner at izeni.com Thu May 23 03:30:32 2013 From: jgardner at izeni.com (Joshua Gardner) Date: Wed, 22 May 2013 18:30:32 -0600 Subject: [Dovecot] Virtual Servers, or different authentication setups. Message-ID: I want to know if there is any virtual server functionality in Dovecot? I would like to have two separate configurations, that access the same email, running in the same Dovecot instance. They would bind different ports and/or IPs, but have different authentication settings. In particular, one would use a PLAIN password scheme, the other SSHA. How would I go about setting up these virtual servers? Or, would I have to run separate instances of Dovecot? If I do have to run separate instances, how do I keep them from interfering with eachother? -Josh From sysadmin at e-positive.ee Thu May 23 09:05:33 2013 From: sysadmin at e-positive.ee (Mart Pirita) Date: Thu, 23 May 2013 09:05:33 +0300 Subject: [Dovecot] Dovecot 2.2.2 compiling error In-Reply-To: <1ADBA2BB-49C4-4D33-9811-B168D8A55CAA@iki.fi> References: <519D0104.4060001@e-positive.ee> <1ADBA2BB-49C4-4D33-9811-B168D8A55CAA@iki.fi> Message-ID: <519DB1AD.1090204@e-positive.ee> Timo Sirainen kirjutas: > On 22.5.2013, at 20.31, Mart Pirita wrote: > >> I cant build 2.2.2, but I can build fine version 2.1.16 with same options: >> >> RedHat based customized distro, 2.6.28.10 kernel > What gcc version? > gcc -v Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/3.3.6/specs Configured with: ../configure --prefix=/usr --with-slibdir=/lib --infodir=/usr/share/info --mandir=/usr/share/man --enable-shared --enable-threads=posix --enable-languages=c,c++,f77,java,objc --enable-__cxa_atexit --enable-c99 --enable-nls --enable-long-long --enable-multilib --with-gnu-as --with-gnu-ld --with-system-zlib --without-x i386-redhat-linux Thread model: posix gcc version 3.3.6 -- Mart From stan at hardwarefreak.com Thu May 23 09:54:11 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 23 May 2013 01:54:11 -0500 Subject: [Dovecot] LDA and enkive In-Reply-To: <519CE8A5.5040200@mail.cgilfe.it> References: <519CE8A5.5040200@mail.cgilfe.it> Message-ID: <519DBD13.50004@hardwarefreak.com> On 5/22/2013 10:47 AM, Davide wrote: > Hi to all is it possible to use dovecot lda to pipe emails into enkive > socket? if yes how? No. See: http://wiki.enkive.org/index.php/1.2_Installation_Instructions#Postfix Why would you want Dovecot to feed Enkive? -- Stan From tlx at leuxner.net Thu May 23 10:48:46 2013 From: tlx at leuxner.net (Thomas Leuxner) Date: Thu, 23 May 2013 09:48:46 +0200 Subject: [Dovecot] Problems with Apple Mail: Enter Password for Account "..." In-Reply-To: <519CD9B3.2040101@gmx.net> References: <519CD9B3.2040101@gmx.net> Message-ID: <20130523074846.GA22147@nihlus.leuxner.net> * Frank R?hm 2013.05.22 16:44: > In the logfiles of Dovecot I don't find anything about this. Mail.App is known to utilize many concurrent connections. Look again, most likely it maxes out the limit: protocol imap { mail_max_userip_connections = 10 } Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From kavish.karkera at yahoo.com Thu May 23 11:48:52 2013 From: kavish.karkera at yahoo.com (Kavish Karkera) Date: Thu, 23 May 2013 16:48:52 +0800 (SGT) Subject: [Dovecot] Error: Initial status notification not received Message-ID: <1369298932.57806.YahooMailNeo@web193506.mail.sg3.yahoo.com> Hi , We are getting a below error on our Dovecot POP/IMAP server on every alternate days. Please help us in knowing with the errors are related to May 23 02:40:05 blade7 dovecot: master: Error: service(pop3-login): Initial status notification not received in 30 seconds, k illing the process May 23 02:40:05 blade7 dovecot: master: Error: service(log): child 8697 killed with signal 9 May 23 02:42:04 blade7 dovecot: master: Error: service(pop3-login): Initial status notification not received in 30 seconds, k illing the process May 23 02:42:04 blade7 dovecot: master: Error: service(ssl-params): Initial status notification not received in 30 seconds, k illing the process May 23 02:42:04 blade7 dovecot: master: Error: service(log): Initial status notification not received in 30 seconds, killing the process May 23 02:42:04 blade7 dovecot: master: Error: service(anvil): Initial status notification not received in 30 seconds, killin g the process May 23 02:42:04 blade7 dovecot: master: Error: service(imap-login): Initial status notification not received in 30 seconds, k illing the process Regards, Kavish Karkera From claus.r at bayern-mail.de Thu May 23 12:16:25 2013 From: claus.r at bayern-mail.de (Claus.R) Date: Thu, 23 May 2013 11:16:25 +0200 Subject: [Dovecot] problem with proxy setup In-Reply-To: <519CF45E.7000201@bayern-mail.de> References: <519CF45E.7000201@bayern-mail.de> Message-ID: <519DDE69.2000703@bayern-mail.de> Hi all, i could solve my problem. the solution is to set the unneeded fields to "NULL" - it's described in WIKI, but i overlooked this important statement. Sorry for my blindness On 22.05.2013 18:37, Claus wrote: > Hi all, > > i have some troubles in the implementation of my proxyconfiguration. > i have two kind of users, the first will be proxied to a dovecot > backend with masteruser-login, the other one will be proxied to > another non-dovecot imapserver with nopassword. > Everything looks to work if i use passwd-file like this: > > user1:{PLAIN}pass1:::::::proxy=y host=192.168.1.1 > destuser=user1*masteruser pass=masterpass > user2::::::::nopassword proxy=y host=192.168.2.2 > > In an second step i try the same behavior with sql (postgresql), but > there are my problems. > In my thinking, the sql query should return the right fields (in > passwd-file) like proxy, host, .. > but whats the trick, to get only the correct fields i need for the > different funktions? > first proxy, host, destuser, pass and on the other side nopassword, > proxy and host. > > Maybe i have mistakes in reasoning, but in sql i get in one query > always the same fields. > > I hope someone can give me some hints an tricks. > > thanks, Claus > From tss at iki.fi Thu May 23 13:25:21 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 23 May 2013 13:25:21 +0300 Subject: [Dovecot] Dovecot 2.2.2 compiling error In-Reply-To: <519DB1AD.1090204@e-positive.ee> References: <519D0104.4060001@e-positive.ee> <1ADBA2BB-49C4-4D33-9811-B168D8A55CAA@iki.fi> <519DB1AD.1090204@e-positive.ee> Message-ID: <143487B8-6507-4E4F-90D2-BB6B53D356B3@iki.fi> On 23.5.2013, at 9.05, Mart Pirita wrote: > Timo Sirainen kirjutas: >> On 22.5.2013, at 20.31, Mart Pirita wrote: >> >>> I cant build 2.2.2, but I can build fine version 2.1.16 with same options: >>> >>> RedHat based customized distro, 2.6.28.10 kernel >> What gcc version? >> > gcc -v > gcc version 3.3.6 Hmh. Does the attached patch help? -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: application/octet-stream Size: 478 bytes Desc: not available URL: From rs at sys4.de Thu May 23 14:08:30 2013 From: rs at sys4.de (Robert Schetterer) Date: Thu, 23 May 2013 13:08:30 +0200 Subject: [Dovecot] auth with passwd file , doublepoint in paasword In-Reply-To: <20130522234718.GA53132@anubis.morrow.me.uk> References: <519D2700.50907@sys4.de> <20130522234718.GA53132@anubis.morrow.me.uk> Message-ID: <519DF8AE.1010307@sys4.de> Am 23.05.2013 01:47, schrieb Ben Morrow: > At 10PM +0200 on 22/05/13 you (Robert Schetterer) wrote: >> Hi, does anyone know >> if a doublepoint : is in the password how it gets escaped >> >> when using >> >> http://wiki2.dovecot.org/AuthDatabase/PasswdFile > > I don't think it can be; that is, I don't think any of the fields can > contain a colon if you're using passwd-file. > > Surely a password would usually be crypted, and so cannot contain a > colon? > > Ben > thats only for one time migration in a script, no big deal, i can change it manually, but a solution may welcome anyway Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From bra at fsn.hu Thu May 23 14:26:44 2013 From: bra at fsn.hu (Attila Nagy) Date: Thu, 23 May 2013 13:26:44 +0200 Subject: [Dovecot] How the does "new" autocreate method works? Message-ID: <519DFCF4.1090404@fsn.hu> Hi, I'm trying to migrate from the deprecated autocreate plugin to the mailbox { auto }setting without success. What do I forget, or misunderstand? I deliver mails via LMTP and log in on IMAP, neither of them create the folders other than the inbox itself. # doveconf -n # 2.2.2: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-STABLE amd64 auth_cache_negative_ttl = 0 auth_cache_size = 100 M default_process_limit = 1000 default_vsz_limit = 1 G disable_plaintext_auth = no import_environment = LD_PRELOAD info_log_path = syslog lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lmtp_save_to_detail_mailbox = yes log_path = /var/log/dovecot-errors.log mail_gid = 999 mail_location = maildir:~/Maildir mail_plugins = " quota" mail_temp_dir = /data/tmp mail_uid = 999 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /usr/local/etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { mail_log_events = delete mailbox_delete mail_log_fields = uid box msgid size flags vsize from subject quota = maildir:User quota quota_warning = storage=95%% quota-warning 95 %h quota_warning2 = storage=80%% quota-warning 80 %h recipient_delimiter = + sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = pop3 imap lmtp service auth { unix_listener auth-userdb { mode = 0600 user = qmailldap } } service lmtp { inet_listener lmtp { port = 24 } user = qmailldap } service managesieve-login { inet_listener sieve { port = 4190 } } service quota-warning { executable = script /usr/local/quota-warning/quota-warning.sh unix_listener quota-warning { user = qmailldap } user = qmailldap } ssl = no userdb { driver = prefetch } userdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } userdb { args = /usr/local/etc/dovecot/dovecot-ldap-catchall.conf.ext driver = ldap } verbose_proctitle = yes protocol lmtp { mail_plugins = " quota mail_log notify sieve" } protocol imap { mail_plugins = " quota imap_quota mail_log notify" } Thanks, From tss at iki.fi Thu May 23 15:01:35 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 23 May 2013 15:01:35 +0300 Subject: [Dovecot] How the does "new" autocreate method works? In-Reply-To: <519DFCF4.1090404@fsn.hu> References: <519DFCF4.1090404@fsn.hu> Message-ID: <5E3DA8C6-4BFE-4FE1-8CCD-95E97277CAB0@iki.fi> On 23.5.2013, at 14.26, Attila Nagy wrote: > I'm trying to migrate from the deprecated autocreate plugin to the mailbox { auto }setting without success. > What do I forget, or misunderstand? > > I deliver mails via LMTP and log in on IMAP, neither of them create the folders other than the inbox itself. The new method is creating the folders lazily to disk. They will be visible in IMAP session, but they won't be actually created to disk until the folder is opened. Your config looks correct to me. From bra at fsn.hu Thu May 23 15:06:05 2013 From: bra at fsn.hu (Attila Nagy) Date: Thu, 23 May 2013 14:06:05 +0200 Subject: [Dovecot] How the does "new" autocreate method works? In-Reply-To: <5E3DA8C6-4BFE-4FE1-8CCD-95E97277CAB0@iki.fi> References: <519DFCF4.1090404@fsn.hu> <5E3DA8C6-4BFE-4FE1-8CCD-95E97277CAB0@iki.fi> Message-ID: <519E062D.4000105@fsn.hu> On 05/23/13 14:01, Timo Sirainen wrote: > On 23.5.2013, at 14.26, Attila Nagy wrote: > >> I'm trying to migrate from the deprecated autocreate plugin to the mailbox { auto }setting without success. >> What do I forget, or misunderstand? >> >> I deliver mails via LMTP and log in on IMAP, neither of them create the folders other than the inbox itself. > The new method is creating the folders lazily to disk. They will be visible in IMAP session, but they won't be actually created to disk until the folder is opened. > > Your config looks correct to me. > Exactly what I see, but I thought this was an error. Could you please clarify this somewhere appropriate? BTW, this is a problem for us, because we have a custom software accessing the maildir, which won't see these until created. Would it be possible to set the laziness of this process and provide the possibility to create the folders on disk? Thanks! From tss at iki.fi Thu May 23 15:08:56 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 23 May 2013 15:08:56 +0300 Subject: [Dovecot] How the does "new" autocreate method works? In-Reply-To: <519E062D.4000105@fsn.hu> References: <519DFCF4.1090404@fsn.hu> <5E3DA8C6-4BFE-4FE1-8CCD-95E97277CAB0@iki.fi> <519E062D.4000105@fsn.hu> Message-ID: On 23.5.2013, at 15.06, Attila Nagy wrote: > On 05/23/13 14:01, Timo Sirainen wrote: >> On 23.5.2013, at 14.26, Attila Nagy wrote: >> >>> I'm trying to migrate from the deprecated autocreate plugin to the mailbox { auto }setting without success. >>> What do I forget, or misunderstand? >>> >>> I deliver mails via LMTP and log in on IMAP, neither of them create the folders other than the inbox itself. >> The new method is creating the folders lazily to disk. They will be visible in IMAP session, but they won't be actually created to disk until the folder is opened. >> >> Your config looks correct to me. >> > Exactly what I see, but I thought this was an error. Could you please clarify this somewhere appropriate? > BTW, this is a problem for us, because we have a custom software accessing the maildir, which won't see these until created. > Would it be possible to set the laziness of this process and provide the possibility to create the folders on disk? This changed, because the previous behavior was unnecessarily accessing the disk all the time at each login. I wasn't really planning on adding the old behavior back anymore. Maybe you could create the folders when the user is created? From bra at fsn.hu Thu May 23 15:11:27 2013 From: bra at fsn.hu (Attila Nagy) Date: Thu, 23 May 2013 14:11:27 +0200 Subject: [Dovecot] How the does "new" autocreate method works? In-Reply-To: References: <519DFCF4.1090404@fsn.hu> <5E3DA8C6-4BFE-4FE1-8CCD-95E97277CAB0@iki.fi> <519E062D.4000105@fsn.hu> Message-ID: <519E076F.9010301@fsn.hu> On 05/23/13 14:08, Timo Sirainen wrote: > On 23.5.2013, at 15.06, Attila Nagy wrote: > >> On 05/23/13 14:01, Timo Sirainen wrote: >>> On 23.5.2013, at 14.26, Attila Nagy wrote: >>> >>>> I'm trying to migrate from the deprecated autocreate plugin to the mailbox { auto }setting without success. >>>> What do I forget, or misunderstand? >>>> >>>> I deliver mails via LMTP and log in on IMAP, neither of them create the folders other than the inbox itself. >>> The new method is creating the folders lazily to disk. They will be visible in IMAP session, but they won't be actually created to disk until the folder is opened. >>> >>> Your config looks correct to me. >>> >> Exactly what I see, but I thought this was an error. Could you please clarify this somewhere appropriate? >> BTW, this is a problem for us, because we have a custom software accessing the maildir, which won't see these until created. >> Would it be possible to set the laziness of this process and provide the possibility to create the folders on disk? > This changed, because the previous behavior was unnecessarily accessing the disk all the time at each login. I wasn't really planning on adding the old behavior back anymore. Maybe you could create the folders when the user is created? > Very good point, will do. Thanks. From sysadmin at e-positive.ee Thu May 23 22:03:46 2013 From: sysadmin at e-positive.ee (Mart Pirita) Date: Thu, 23 May 2013 22:03:46 +0300 Subject: [Dovecot] Dovecot 2.2.2 compiling error In-Reply-To: <143487B8-6507-4E4F-90D2-BB6B53D356B3@iki.fi> References: <519D0104.4060001@e-positive.ee> <1ADBA2BB-49C4-4D33-9811-B168D8A55CAA@iki.fi> <519DB1AD.1090204@e-positive.ee> <143487B8-6507-4E4F-90D2-BB6B53D356B3@iki.fi> Message-ID: <519E6812.90509@e-positive.ee> Timo Sirainen kirjutas: >> gcc -v >> gcc version 3.3.6 > Hmh. Does the attached patch help? > Yes, it does, thanks! -- Mart From danm at prime.gushi.org Fri May 24 02:10:01 2013 From: danm at prime.gushi.org (Dan Mahoney, System Admin) Date: Thu, 23 May 2013 16:10:01 -0700 (PDT) Subject: [Dovecot] Passwordless auth? Message-ID: Hey all, I'm in the process of writing some scripts which I want to be able to take actions on my local mailbox. (For example, to move a subset of messages to the trash over time, if unread for a week. To act on messages in my learn-spam folder and then delete them). What occured to me as being a Neat Idea is if Dovecot could honor ident (rfc1413) lookups, from trusted hosts (i.e. 127.0.0.1). In this way I get all the benefits of dovecot's indexing being updated and nice locking, but I don't have to leave my password laying around in a plaintext file. (Yes, this assumes I'm running a shell on the mail server. I'm not concerned about the same level of security when you could simply cat my mail spool). I'd definitely consider something like an SSH key with a forced command (I do see questions in the FAQ about making dovecot work over a socket connection), but that forgoes using standard imap clients. I could also create a dovecot-only user with my UID and no other login privileges, but I'd like this to "just work" for anyone. I don't know anything about if dovecot supports X509 auth, but this would require the client libraries to support such a thing, which not all do. I'd love to hear about any other ways people have thought about to do this. Any ideas? -Dan Mahoney -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- From rob0 at gmx.co.uk Fri May 24 02:27:37 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Thu, 23 May 2013 18:27:37 -0500 Subject: [Dovecot] Passwordless auth? In-Reply-To: References: Message-ID: <20130523232737.GF3886@harrier.slackbuilds.org> On Thu, May 23, 2013 at 04:10:01PM -0700, Dan Mahoney, System Admin wrote: > I'd love to hear about any other ways people have thought about > to do this. Any ideas? Are you familiar with the mutt(1) MUA? I use it with a: set tunnel="MAILDIR=~/Mail/ /usr/libexec/dovecot/imap" So it speaks IMAP, but to its own /usr/libexec/dovecot/imap process, not through a network socket. Maybe you could adapt this idea in some way. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From ben at morrow.me.uk Fri May 24 02:43:11 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Fri, 24 May 2013 00:43:11 +0100 Subject: [Dovecot] Passwordless auth? In-Reply-To: References: Message-ID: <20130523234310.GB53132@anubis.morrow.me.uk> At 4PM -0700 on 23/05/13 you (Dan Mahoney, System Admin) wrote: > > I'm in the process of writing some scripts which I want to be able to take > actions on my local mailbox. (For example, to move a subset of messages > to the trash over time, if unread for a week. To act on messages in my > learn-spam folder and then delete them). http://wiki2.dovecot.org/PreAuth You can also use doveadm for quite a lot of this sort of administration; this may be easier if you're scripting in shell rather than something more sophisticated. > I'd definitely consider something like an SSH key with a forced > command (I do see questions in the FAQ about making dovecot work over a > socket connection), but that forgoes using standard imap clients. Well, I'm not sure what you consider 'standard' here, but there are both Perl and Python IMAP libraries which will connect to a command rather than a socket. If you're using a client which insists on connecting to an (INET) socket, it's a little harder; while you can obviously connect preauthed imap to a listening socket with netcat, that's not remotely secure. > I could also create a dovecot-only user with my UID and no other login > privileges, but I'd like this to "just work" for anyone. I believe with the latest 2.2 you can also do this with Kerberos principals, if you're running Kerberos; I haven't looked into this yet, but I mean to (for much the same reason). Ben From danm at prime.gushi.org Fri May 24 02:57:28 2013 From: danm at prime.gushi.org (Dan Mahoney, System Admin) Date: Thu, 23 May 2013 16:57:28 -0700 (PDT) Subject: [Dovecot] Passwordless auth? In-Reply-To: <20130523234310.GB53132@anubis.morrow.me.uk> References: <20130523234310.GB53132@anubis.morrow.me.uk> Message-ID: On Fri, 24 May 2013, Ben Morrow wrote: > At 4PM -0700 on 23/05/13 you (Dan Mahoney, System Admin) wrote: >> >> I'm in the process of writing some scripts which I want to be able to take >> actions on my local mailbox. (For example, to move a subset of messages >> to the trash over time, if unread for a week. To act on messages in my >> learn-spam folder and then delete them). > > http://wiki2.dovecot.org/PreAuth > Aah! I came across this in the Q&A, and assumed such a thing wasn't possible: -=- Can Dovecot authenticate and work via UNIX sockets? Dovecot authentication already works via UNIX sockets, but it only speaks its internal protocol. You could always create a "socket" passdb/userdb. Probably should be made compatible with "checkpassword" protocol. Patches welcome :) -=- Which could probably use some expansion/repointing. The "preauth" name kind of just implies in my mind "things you check before pam" -- I would have not looked there if not pointed. > You can also use doveadm for quite a lot of this sort of administration; > this may be easier if you're scripting in shell rather than something > more sophisticated. I'm pretty much resigned to trying to parse the whole mailbox anyway, because I want functions like "when I move a message to the "threadkill" folder, move any message with the referenced messageid's in said message to folder X". All this is in pursuit of making that little red number in my mail.app window meaningful -- and it seems the only real control plane mobile clients give you is the ability to move a message to a folder :) >> I'd definitely consider something like an SSH key with a forced >> command (I do see questions in the FAQ about making dovecot work over a >> socket connection), but that forgoes using standard imap clients. > > Well, I'm not sure what you consider 'standard' here, but there are both > Perl and Python IMAP libraries which will connect to a command rather > than a socket. If you're using a client which insists on connecting to > an (INET) socket, it's a little harder; while you can obviously connect > preauthed imap to a listening socket with netcat, that's not remotely > secure. I'm constructing a client, really. In perl, it looks like Mail::Box::Manager is the thing I want, in conjunction with the above. >> I could also create a dovecot-only user with my UID and no other login >> privileges, but I'd like this to "just work" for anyone. > > I believe with the latest 2.2 you can also do this with Kerberos > principals, if you're running Kerberos; I haven't looked into this yet, > but I mean to (for much the same reason). we are at the day job, but I'm not doing so personally. -Dan -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- From calestyo at scientia.net Fri May 24 04:41:40 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Fri, 24 May 2013 03:41:40 +0200 Subject: [Dovecot] . (dot) in maildir folder names Message-ID: <1369359700.10903.14.camel@fermat.scientia.net> Hi. Uhm... yeah as the topic implies I want to have . (dots) in my folder names... Unfortunately dovecot's maildirmake hasn't a -f switch as the one from courier/maildrop, but that one in turn is buggy[0] and doesn't encode any characters at all. In principle, maildir++ should allow[1] having (encoded) dots in folder names,... but I don't quite understand how the encoding actually works, cause UTF-7 seems to be already the encoded (without padding and such)... but . is . in UTF-7 as well. Does dovecot support this? At least my mail clients (well I only tried Evolution so far which sucks in so many areas)... couldn't create it... but I guess it's rather a stupid client issue. Anyone knows how it would be encoded? Interestingly, and this might be actually an inssue in doveocot when I create maildirs with non-ASCII chars without encoding these, e.g. maildir/.M?nchen/ (instead of the correctly encoded (.M&APw-nchen) Dovecot seems to "export" these to the clients,... at least Evolution shows it in the list of subscribable folders (even correctly as "M?nchen")... but it doesn't allow me to actually subscribe to it. Cheers & thx, Chris. [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709555 [1] http://www.courier-mta.org/maildir.html#id351803 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From calestyo at scientia.net Fri May 24 05:12:59 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Fri, 24 May 2013 04:12:59 +0200 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1369359700.10903.14.camel@fermat.scientia.net> References: <1369359700.10903.14.camel@fermat.scientia.net> Message-ID: <1369361579.10903.16.camel@fermat.scientia.net> Maybe the whole thing IS actually also a dovecot issue... When trying to create a folder with a dot with thunderbird (which doesn't simply forbid this)... it actually transmits the folder name to dovecote (e.g. "kernel.org")... but dovecot then literally takes this over and creates .kernel.org, i.e. no encoding and thus org becomes a subfolder. Cheers, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From bob at computerisms.ca Fri May 24 05:36:45 2013 From: bob at computerisms.ca (Bob Miller) Date: Thu, 23 May 2013 19:36:45 -0700 Subject: [Dovecot] Passwordless auth? In-Reply-To: <20130523234310.GB53132@anubis.morrow.me.uk> References: <20130523234310.GB53132@anubis.morrow.me.uk> Message-ID: <1369363005.2535.140.camel@worklian> > You can also use doveadm for quite a lot of this sort of administration; > this may be easier if you're scripting in shell rather than something > more sophisticated. +1 From list_dovecot at bluerosetech.com Fri May 24 05:58:50 2013 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Thu, 23 May 2013 19:58:50 -0700 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1369359700.10903.14.camel@fermat.scientia.net> References: <1369359700.10903.14.camel@fermat.scientia.net> Message-ID: <519ED76A.8070802@bluerosetech.com> On 2013-05-23 18:41, Christoph Anton Mitterer wrote: > Uhm... yeah as the topic implies I want to have . (dots) in my folder > names... > Unfortunately dovecot's maildirmake hasn't a -f switch as the one from > courier/maildrop, but that one in turn is buggy[0] and doesn't encode > any characters at all. Does adding LAYOUT=fs to mail_location, which makes Dovecot use a dir hierarchy instead of dot-prefixing, make this possible? P.S., You don't need to use a maildirmake script with Dovecot--it will automatically create the Maildir on the first mail delivery (assuming you're using the deliver agent). -- Please reply on list. From rs at sys4.de Fri May 24 09:32:55 2013 From: rs at sys4.de (Robert Schetterer) Date: Fri, 24 May 2013 08:32:55 +0200 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1369359700.10903.14.camel@fermat.scientia.net> References: <1369359700.10903.14.camel@fermat.scientia.net> Message-ID: <519F0997.6080401@sys4.de> Am 24.05.2013 03:41, schrieb Christoph Anton Mitterer: > Hi. > > Uhm... yeah as the topic implies I want to have . (dots) in my folder > names... > Unfortunately dovecot's maildirmake hasn't a -f switch as the one from > courier/maildrop, but that one in turn is buggy[0] and doesn't encode > any characters at all. > > In principle, maildir++ should allow[1] having (encoded) dots in folder > names,... but I don't quite understand how the encoding actually works, > cause UTF-7 seems to be already the encoded (without padding and > such)... but . is . in UTF-7 as well. > > Does dovecot support this? > At least my mail clients (well I only tried Evolution so far which sucks > in so many areas)... couldn't create it... but I guess it's rather a > stupid client issue. > Anyone knows how it would be encoded? > > > Interestingly, and this might be actually an inssue in doveocot when I > create maildirs with non-ASCII chars without encoding these, e.g. > maildir/.M?nchen/ (instead of the correctly encoded (.M&APw-nchen) > Dovecot seems to "export" these to the clients,... at least Evolution > shows it in the list of subscribable folders (even correctly as > "M?nchen")... but it doesn't allow me to actually subscribe to it. > > > Cheers & thx, > Chris. > > > > > [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709555 > [1] http://www.courier-mta.org/maildir.html#id351803 > look http://wiki2.dovecot.org/Plugins/Listescape Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From Wolfgang.Friebel at desy.de Fri May 24 10:20:32 2013 From: Wolfgang.Friebel at desy.de (Wolfgang.Friebel at desy.de) Date: Fri, 24 May 2013 09:20:32 +0200 (CEST) Subject: [Dovecot] Passwordless auth? In-Reply-To: <20130523234310.GB53132@anubis.morrow.me.uk> References: <20130523234310.GB53132@anubis.morrow.me.uk> Message-ID: On Fri, 24 May 2013, Ben Morrow wrote: > At 4PM -0700 on 23/05/13 you (Dan Mahoney, System Admin) wrote: >> >> I'm in the process of writing some scripts which I want to be able to take >> actions on my local mailbox. (For example, to move a subset of messages >> to the trash over time, if unread for a week. To act on messages in my >> learn-spam folder and then delete them). > > http://wiki2.dovecot.org/PreAuth > > You can also use doveadm for quite a lot of this sort of administration; > this may be easier if you're scripting in shell rather than something > more sophisticated. > >> I'd definitely consider something like an SSH key with a forced >> command (I do see questions in the FAQ about making dovecot work over a >> socket connection), but that forgoes using standard imap clients. > > Well, I'm not sure what you consider 'standard' here, but there are both > Perl and Python IMAP libraries which will connect to a command rather > than a socket. If you're using a client which insists on connecting to > an (INET) socket, it's a little harder; while you can obviously connect > preauthed imap to a listening socket with netcat, that's not remotely > secure. > >> I could also create a dovecot-only user with my UID and no other login >> privileges, but I'd like this to "just work" for anyone. > > I believe with the latest 2.2 you can also do this with Kerberos > principals, if you're running Kerberos; I haven't looked into this yet, > but I mean to (for much the same reason). > > Ben > > To access the mail storage on the imap server you can just speak the imap protocol and authenticate against the imap server just like any other mail client would do. If you are using Kerberos and have a ticket granting ticket (after e.g. kinit) then the authentication against a properly configured imap server is done without typing passwords. If the imap server does support pam (and dovecot does) then this is handled there. As an example I do attach a script that logs a user into an imap server using Kerberos authentication and then displays the mail quota. Any other action on the users mailboxes could be done as well. The script makes use of SASL, therefore by changing the authenticate call and the callback routine any other SASL mechanism could be used as well. If you intend to perform tasks centrally for more than one user then doveadm is certainly the right choice as was pointed out already For accessing local mailboxes (i.e. not stored on an imap server) I'd recommend one of the perl modules that can parse and process mailboxes (typically in mbox format) Wolfgang -------------- next part -------------- #!/usr/bin/perl -w use strict; use vars qw ( %opt $imap $SERVICE $realm $host $gss_api_step $sasl $sasl_step $conn ); use Getopt::Std; use Mail::IMAPClient; use MIME::Base64; use Term::ReadKey; use Authen::Krb5; # Authen::SASL::Cyrus needs to be installed as well !!! # SASL2 needs to provide the gssapi auth library use Authen::SASL; use Authen::SASL::Cyrus; (my $prog = $0) =~ s!.*/!!; # on Solaris there is no system sasl2 if ( $^O eq 'solaris' ) { $ENV{SASL_PATH} = "/usr/local/lib/sasl/2.1.15/lib/sasl2" if -d "/usr/local/lib/sasl/2.1.15/lib/sasl2"; } getopts('vh:r:u:', \%opt) or usage(); my $user = getusername(); Authen::Krb5::init_context() or die "no context: $@\n"; Authen::Krb5::init_ets(); my $realm = Authen::Krb5::get_default_realm(); if ( $opt{r} and $realm ne $opt{r} ) { print "using realm $opt{r} instead of default realm $realm\n"; $realm = $opt{r}; } die "Kerberos realm unknown, please provide it with -r\n" if ! $realm; # get the host name(s) of the imap server(s) # the IMAP server is often called mail or imap, let's assume it is called imap my @hosts; if ( $opt{h} ) { @hosts = split(/[,\s]+/, $opt{h}); } else { my $server = "imap.\L$realm"; my $rawip = gethostbyname($server); $server = "mail.\L$realm" if ! $rawip; $rawip = gethostbyname($server); @hosts = ( $server ) if $rawip; } die "No imap server name found, please specify a valid name with -h\n" if ! @hosts; for $host ( @hosts ) { $gss_api_step = $sasl_step = 0; print "Connecting to $host:143 User $user\n" if $opt{v}; $imap = Mail::IMAPClient->new( Server => $host, User => $user, ) or die "couldn't connect to $host port 143: $!\n"; $SERVICE = 'imap'; $imap->authenticate('GSSAPI', \&gssapi_auth) or die "Could not authenticate:$@\n"; # handle change in Mail::IMAPClient API since version 3 my ($quota, $maxquota); my $major_version = substr($Mail::IMAPClient::VERSION, 0, 1); if ( $major_version >= 3 ) { $quota = ($imap->tag_and_run('GETQUOTAROOT "INBOX" '))[2]; } else { $quota = ($imap->GETQUOTAROOT("INBOX"))[1]; } if ( ! $@ ) { ($quota, $maxquota) = $quota =~ /STORAGE (\d+) (\d+)/; if ( $maxquota ) { printf "MAILQUOTA on %s: %d of %d kB used (%.1f percent)\n", $host, $quota, $maxquota, 100*$quota/$maxquota; } } else { print $imap->LastError, "\n"; } $imap->logout; # or die "Logout error: ", $imap->LastError, "\n"; } exit; sub usage { print <new(mechanism => 'GSSAPI', callback => { user => \&getusername, realm => $realm } ); my $ac = Authen::Krb5::AuthContext->new() or die "no context: $@\n"; my $cc = Authen::Krb5::cc_default(); my $ticket = Authen::Krb5::mk_req($ac, 0, $SERVICE, $host, 0, $cc); if ($user and ! $ticket) { # system "kinit", $user; my $psw = read_password($user); my $client = Authen::Krb5::parse_name($user); $realm = Authen::Krb5::get_default_realm(); my $server = Authen::Krb5::parse_name("krbtgt/$realm"); $cc->initialize($client); my $i = Authen::Krb5::get_in_tkt_with_password($client, $server, $psw, $cc); die "could not get ticket:$@\n", Authen::Krb5::error($i), "\n" unless $i; $ticket = Authen::Krb5::mk_req($ac, 0, $SERVICE, $host, 0, $cc); $ticket or die "mk_req failed"; } $conn = $sasl->client_new($SERVICE, $host); my $err = $conn->error; die "gssapi_auth error in client_new: $err\n" if $err !~ /successful/; if ( ! grep {$_ eq 'GSSAPI' } $conn->global_listmech() ) { die "SASL mechanism GSSAPI not available, known methods are\n", join(', ', $conn->global_listmech()), "\n"; } my $mesg = $conn->client_start; $err = $conn->error; die "gssapi_auth error in step $gss_api_step: $err\n" if $err !~ /successful/; return encode_base64($mesg, ''); } else { my $mesg=$conn->client_step(decode_base64($_[0])); my $err = $conn->error; #print "gssapi_auth error in step $gss_api_step: $err\n" if $err; return encode_base64($mesg || '', ''); } } sub read_password { local $|=1; my $user = $_[0] || getusername; print "Please enter (UNIX) password for user $user:"; ReadMode('noecho'); my $psw = ReadLine(0); chomp $psw; ReadMode('restore'); print "\n"; die "Empty password for $user, exiting.\n" unless $psw; return $psw; } From sb at dod.no Fri May 24 10:39:56 2013 From: sb at dod.no (Steinar Bang) Date: Fri, 24 May 2013 09:39:56 +0200 Subject: [Dovecot] Passwordless auth? References: <20130523232737.GF3886@harrier.slackbuilds.org> Message-ID: >>>>> /dev/rob0 : > On Thu, May 23, 2013 at 04:10:01PM -0700, > Dan Mahoney, System Admin wrote: >> I'd love to hear about any other ways people have thought about >> to do this. Any ideas? > Are you familiar with the mutt(1) MUA? I use it with a: > set tunnel="MAILDIR=~/Mail/ /usr/libexec/dovecot/imap" > So it speaks IMAP, but to its own /usr/libexec/dovecot/imap process, > not through a network socket. Gnus can do the same thing, ie. run the daemon as its own subprocess (I used to do that back when I was running UoW imapd in the late 1990-ies, early 2000-ies). Gnus can also run ssh in a subprocess, that ssh-es into the mail server, and then starts the imap daemon as a program on the other side, and communicate with IMAP over the SSH connection. I've done that as well. Of course, both of those was with the old nnimap backend. (And Gnus probably doesn't classify as a "standard imap client") From wdgarc88 at gmail.com Fri May 24 10:45:41 2013 From: wdgarc88 at gmail.com (Edwardo Garcia) Date: Fri, 24 May 2013 17:45:41 +1000 Subject: [Dovecot] Dovecot mysql replication Message-ID: Halo, (First time posting, please forgive English is not native) Change from Courier to Dovecot 2.1.16 Having two server. Having mysql on thiz two server, one master, one slave. What we wish is slave Dovecot only ask slave mysql, unless slave mysql not work when then ask master, we have Postfix do thiz fallover good, but Dovecot talk to slave and master no mater what, we think thiz defeat fallover as we not want this aktion, but aktion like Postfix. The problemo is can not find Dovecot option for thiz in wiki2.dovecot.org, is possible? From acrow at integrafin.co.uk Fri May 24 10:48:50 2013 From: acrow at integrafin.co.uk (Alex Crow) Date: Fri, 24 May 2013 08:48:50 +0100 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: References: Message-ID: <519F1B62.4000708@integrafin.co.uk> On 24/05/13 08:45, Edwardo Garcia wrote: > Halo, > > (First time posting, please forgive English is not native) > > Change from Courier to Dovecot 2.1.16 > > Having two server. > > Having mysql on thiz two server, one master, one slave. > > What we wish is slave Dovecot only ask slave mysql, unless slave mysql not > work when then ask master, we have Postfix do thiz fallover good, but > Dovecot talk to slave and master no mater what, we think thiz defeat > fallover as we not want this aktion, but aktion like Postfix. > > The problemo is can not find Dovecot option for thiz in wiki2.dovecot.org, > is possible? > You could set up MySQL in Dual Master mode instead.... Alex From wdgarc88 at gmail.com Fri May 24 10:52:33 2013 From: wdgarc88 at gmail.com (Edwardo Garcia) Date: Fri, 24 May 2013 17:52:33 +1000 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <519F1B62.4000708@integrafin.co.uk> References: <519F1B62.4000708@integrafin.co.uk> Message-ID: But mysql not problemo, it be Dovecot talk to both, do not want Dovecot to talk to both at same time unless slave (local) copy die On Fri, May 24, 2013 at 5:48 PM, Alex Crow wrote: > On 24/05/13 08:45, Edwardo Garcia wrote: > >> Halo, >> >> (First time posting, please forgive English is not native) >> >> Change from Courier to Dovecot 2.1.16 >> >> Having two server. >> >> Having mysql on thiz two server, one master, one slave. >> >> What we wish is slave Dovecot only ask slave mysql, unless slave mysql not >> work when then ask master, we have Postfix do thiz fallover good, but >> Dovecot talk to slave and master no mater what, we think thiz defeat >> fallover as we not want this aktion, but aktion like Postfix. >> >> The problemo is can not find Dovecot option for thiz in wiki2.dovecot.org >> , >> is possible? >> >> > You could set up MySQL in Dual Master mode instead.... > > Alex > From rs at sys4.de Fri May 24 10:57:22 2013 From: rs at sys4.de (Robert Schetterer) Date: Fri, 24 May 2013 09:57:22 +0200 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: References: Message-ID: <519F1D62.5070700@sys4.de> Am 24.05.2013 09:45, schrieb Edwardo Garcia: > Halo, > > (First time posting, please forgive English is not native) > > Change from Courier to Dovecot 2.1.16 > > Having two server. > > Having mysql on thiz two server, one master, one slave. > > What we wish is slave Dovecot only ask slave mysql, unless slave mysql not > work when then ask master, we have Postfix do thiz fallover good, but > Dovecot talk to slave and master no mater what, we think thiz defeat > fallover as we not want this aktion, but aktion like Postfix. > > The problemo is can not find Dovecot option for thiz in wiki2.dovecot.org, > is possible? > i am not really up2date with your question, but last time, i was involved with it, only kinda master/master solution did work, no problem here with it, but i wouldnt recommend it in general, also many new more database cluster tecs were anounced since my last install, so there may more recent news in that point, wait for other answers Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From info at netocean.de Fri May 24 11:10:46 2013 From: info at netocean.de (Leander S.) Date: Fri, 24 May 2013 10:10:46 +0200 Subject: [Dovecot] Store Mails into SQL DB Message-ID: <519F2086.1020009@netocean.de> Hi, is there an option to store eMails into DB right away instead of storing them as files on the HDD? From rs at sys4.de Fri May 24 11:14:30 2013 From: rs at sys4.de (Robert Schetterer) Date: Fri, 24 May 2013 10:14:30 +0200 Subject: [Dovecot] Store Mails into SQL DB In-Reply-To: <519F2086.1020009@netocean.de> References: <519F2086.1020009@netocean.de> Message-ID: <519F2166.1050006@sys4.de> Am 24.05.2013 10:10, schrieb Leander S.: > Hi, > > is there an option to store eMails into DB right away instead of storing > them as files on the HDD? > not to my knowledge with dovecot but you may study http://www.dovecot.fi/dovecot-object-storage-plugins-available-for-online-purchase/ Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From h.reindl at thelounge.net Fri May 24 11:24:54 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 24 May 2013 10:24:54 +0200 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: References: <519F1B62.4000708@integrafin.co.uk> Message-ID: <519F23D6.90803@thelounge.net> Am 24.05.2013 09:52, schrieb Edwardo Garcia: > But mysql not problemo, it be Dovecot talk to both, do not want Dovecot to > talk to both at same time unless slave (local) copy die and this mostly for a good resason to support your argument if you configure "localhost" and the slave in postfix you can be sure in case of postfix that all day long "localhost" is used and only if it fails the slave over TCP/IP dovecot is using randomly the manitudes slower salve and to make it perfectly worse if you reboot the slave in the wrong moment you trigger errors on the dovecot side which is not the idea of having redundancy on the mysql side -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From kiran at uniceltech.com Fri May 24 11:36:59 2013 From: kiran at uniceltech.com (Kiran Reddy) Date: Fri, 24 May 2013 14:06:59 +0530 Subject: [Dovecot] How to rewrite header from X-Original-To to Delivered-To Message-ID: <519F26AB.1000506@uniceltech.com> HiAll, How to rewrite mail headers from X-Original-To to Delivered-To using sieve script. I am using Dovecot-2.2 and Pigeonhole 0.4. -- Thanks & Regards Kiran Reddy Lead Systems Administrator Unicel Technologies Pvt. Ltd. | C-Block | Second Floor | Vaishnavi Silicon Terrace, 30/1 | Hosur Main Road | Koramangala | Bangalore- 560095 Mobile (+91) 7829007447 Skype My status Unicel Technologies website | newsletter | map | email *Confidentiality Note:* This e-mail and any attachments are confidential and may be protected by legal privilege. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of this e-mail or any attachment is prohibited. If you have received this e-mail in error, please notify us immediately by returning it to the sender and delete this copy from your system. Thank you for your cooperation. -------------- next part -------------- A non-text attachment was scrubbed... Name: kiranreddyi Type: image/png Size: 1367 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: logo.png Type: image/png Size: 13464 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: logo-facebook.jpg Type: image/jpeg Size: 2581 bytes Desc: not available URL: From kiran at uniceltech.com Fri May 24 11:39:07 2013 From: kiran at uniceltech.com (Kiran Reddy) Date: Fri, 24 May 2013 14:09:07 +0530 Subject: [Dovecot] How to rewrite header from X-Original-To to Delivered-To Message-ID: <519F272B.4060102@uniceltech.com> HiAll, How to rewrite mail headers from X-Original-To to Delivered-To using sieve script. I am using Dovecot-2.2 and Pigeonhole 0.4. Thanks, Kiran Reddy From stephan at rename-it.nl Fri May 24 11:57:10 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 24 May 2013 10:57:10 +0200 Subject: [Dovecot] How to rewrite header from X-Original-To to Delivered-To In-Reply-To: <519F272B.4060102@uniceltech.com> References: <519F272B.4060102@uniceltech.com> Message-ID: <519F2B66.4040208@rename-it.nl> Op 5/24/2013 10:39 AM, Kiran Reddy schreef: > HiAll, > > How to rewrite mail headers from X-Original-To to Delivered-To using > sieve script. > > I am using Dovecot-2.2 and Pigeonhole 0.4. > Ehmmm.. why do you need to do that? :) Anyway, something like this: require "editheader"; require "variables"; # Take value from first header occurrence if header :matches "X-Original-To" "*" { # delete existing headers to prevent creating duplicate (optional) deleteheader "Delivered-To"; # add the new header addheader "Delivered-To" "${1}"; # delete old header (optional) deleteheader "X-Original-To"; } Regards, Stephan. From noel.butler at ausics.net Fri May 24 12:48:13 2013 From: noel.butler at ausics.net (Noel Butler) Date: Fri, 24 May 2013 19:48:13 +1000 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <519F23D6.90803@thelounge.net> References: <519F1B62.4000708@integrafin.co.uk> <519F23D6.90803@thelounge.net> Message-ID: <1369388893.10995.6.camel@tardis> On Fri, 2013-05-24 at 10:24 +0200, Reindl Harald wrote: > Am 24.05.2013 09:52, schrieb Edwardo Garcia: > > But mysql not problemo, it be Dovecot talk to both, do not want Dovecot to > > talk to both at same time unless slave (local) copy die > > and this mostly for a good resason to support your argument > > if you configure "localhost" and the slave in postfix you > can be sure in case of postfix that all day long "localhost" > is used and only if it fails the slave over TCP/IP > > dovecot is using randomly the manitudes slower salve and > to make it perfectly worse if you reboot the slave in the > wrong moment you trigger errors on the dovecot side which > is not the idea of having redundancy on the mysql side > This is how an old broken dovecot used to work, then someone complained and Timo fixed it, I asked him nearly 2 years ago whn he fixed it, that since he was changing its behaviour, it would be beneficial for an option to make it work only in failover mode, he at the time said " might be useful " but has said nothing more since, so NFI if he's even given it a second thought or even put it on his official todo list (since this was back in the 1.2.x days) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From CMarcus at Media-Brokers.com Fri May 24 13:57:37 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 24 May 2013 06:57:37 -0400 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1369361579.10903.16.camel@fermat.scientia.net> References: <1369359700.10903.14.camel@fermat.scientia.net> <1369361579.10903.16.camel@fermat.scientia.net> Message-ID: <519F47A1.3040407@Media-Brokers.com> On 2013-05-23 10:12 PM, Christoph Anton Mitterer wrote: > Maybe the whole thing IS actually also a dovecot issue... > When trying to create a folder with a dot with thunderbird (which > doesn't simply forbid this)... it actually transmits the folder name to > dovecote (e.g. "kernel.org")... but dovecot then literally takes this > over and creates .kernel.org, i.e. no encoding and thus org becomes a > subfolder. And for some reason, the Parent folder is created as a folder that cannot contain files, only folders. I have to fix these occasionally for users who do this. This is why I'll be implementing a different character for the separator on my new box - something much less likely to be used in a foldername - I'm currently thinking the caret (^) symbol may be best... -- Best regards, Charles From kiran at uniceltech.com Fri May 24 14:45:52 2013 From: kiran at uniceltech.com (Kiran Reddy) Date: Fri, 24 May 2013 17:15:52 +0530 Subject: [Dovecot] How to rewrite header from X-Original-To to Delivered-To In-Reply-To: <519F2B66.4040208@rename-it.nl> References: <519F272B.4060102@uniceltech.com> <519F2B66.4040208@rename-it.nl> Message-ID: <519F52F0.5090902@uniceltech.com> Hi, If mail headers contains 2 lines Delivered-To and 1 X-Original-To. I want to keep first line of Delivered-To and X-Original-To and delete 2nd line of Delivered-To and rewrite X-Original-To to Delivered-To. Please find the mail headers as below. X-Original-To: 98862xxx65 at example.in ====> Rewrite this to Delivered-TO Delivered-To: mobilemail at example.in ====> KEEP This Header Delivered-To: example.com-mobilenumbers at example.com =======> Delete This Header Return-Path: X-Original-To: 98862xxx65 at example.in ====> Rewrite this to Delivered-TO Delivered-To: mobilemail at example.in ====> KEEP This Header Received: from localhost (mail.example.in [127.0.0.1]) by mail.example.in (Postfix) with ESMTP id 2D34CC2C8103 for <98862xxx65 at example.in>; Tue, 14 May 2013 17:04:59 +0530 (IST) X-Virus-Scanned: amavisd-new at mail.example.in Received: from mail.example.in ([127.0.0.1]) by localhost (mail.example.in [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lMJ9xX4+xvVE for <98862xxx65 at example.in>; Tue, 14 May 2013 17:04:58 +0530 (IST) Received: from s461.sureserver.com (unknown [64.14.73.27]) by mail.example.in (Postfix) with ESMTPS id 5A7C7C2C8104 for <9886232265 at example.in>; Tue, 14 May 2013 17:04:55 +0530 (IST) Received: (qmail 3678 invoked by uid 1003); 14 May 2013 11:34:53 -0000 Delivered-To: example.com-mobilenumbers at example.com =======> Delete This Header Received: (qmail 3611 invoked by uid 1003); 14 May 2013 11:34:52 -0000 Received: from unknown (HELO ?172.16.6.226?) (syed.s at 110.234.117.194) by s461.sureserver.com with ESMTPA; 14 May 2013 11:34:52 -0000 Message-ID: <51922159.9030505 at example.com> Date: Tue, 14 May 2013 17:04:49 +0530 From: Syed Sharfuddin User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: mobilenumbers at example.com Subject: Fwd: Fwd: TEST EMAIL Thanks, Kiran Reddy On 5/24/2013 2:27 PM, Stephan Bosch wrote: > Op 5/24/2013 10:39 AM, Kiran Reddy schreef: >> HiAll, >> >> How to rewrite mail headers from X-Original-To to Delivered-To using >> sieve script. >> >> I am using Dovecot-2.2 and Pigeonhole 0.4. >> > > Ehmmm.. why do you need to do that? :) > > Anyway, something like this: > > require "editheader"; > require "variables"; > > # Take value from first header occurrence > if header :matches "X-Original-To" "*" { > # delete existing headers to prevent creating duplicate (optional) > deleteheader "Delivered-To"; > > # add the new header > addheader "Delivered-To" "${1}"; > > # delete old header (optional) > deleteheader "X-Original-To"; > } > > Regards, > > Stephan. > > From pw at wk-serv.de Fri May 24 14:57:30 2013 From: pw at wk-serv.de (Patrick Westenberg) Date: Fri, 24 May 2013 13:57:30 +0200 Subject: [Dovecot] NFS mount permissions Message-ID: <519F55AA.1060407@wk-serv.de> Hi everyone, I would like to move my mails from ocfs2 to an NFS share. As the mountpoint and all folders and files belong to nobody/nogroup, dovecot is only able to access the mails if I give full access to "others". I don't like that. How do you NFS-using guys solve this problem? Regards Patrick From stephan at rename-it.nl Fri May 24 15:09:13 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 24 May 2013 14:09:13 +0200 Subject: [Dovecot] How to rewrite header from X-Original-To to Delivered-To In-Reply-To: <519F52F0.5090902@uniceltech.com> References: <519F272B.4060102@uniceltech.com> <519F2B66.4040208@rename-it.nl> <519F52F0.5090902@uniceltech.com> Message-ID: <519F5869.9010409@rename-it.nl> Op 5/24/2013 1:45 PM, Kiran Reddy schreef: > Hi, > > If mail headers contains 2 lines Delivered-To and 1 X-Original-To. I > want to keep first line of Delivered-To and X-Original-To and delete > 2nd line of Delivered-To and rewrite X-Original-To to Delivered-To. > > Please find the mail headers as below. > > X-Original-To: 98862xxx65 at example.in ====> Rewrite this to Delivered-TO > Delivered-To: mobilemail at example.in ====> KEEP This Header > Delivered-To: example.com-mobilenumbers at example.com =======> Delete > This Header If you can rely on the exact order of these headers, this should work: require "editheader"; require "variables"; if header :matches "X-Original-To" "*" { deleteheader :index 2 "Delivered-To"; addheader "Delivered-To" "${1}"; deleteheader "X-Original-To"; } Regards, Stephan. From kiran at uniceltech.com Fri May 24 15:15:38 2013 From: kiran at uniceltech.com (Kiran Reddy) Date: Fri, 24 May 2013 17:45:38 +0530 Subject: [Dovecot] How to rewrite header from X-Original-To to Delivered-To In-Reply-To: <519F5869.9010409@rename-it.nl> References: <519F272B.4060102@uniceltech.com> <519F2B66.4040208@rename-it.nl> <519F52F0.5090902@uniceltech.com> <519F5869.9010409@rename-it.nl> Message-ID: <519F59EA.3090703@uniceltech.com> Thanks for quick reply. a {color: #F77A1E;} On 5/24/2013 5:39 PM, Stephan Bosch wrote: > Op 5/24/2013 1:45 PM, Kiran Reddy schreef: >> Hi, >> >> If mail headers contains 2 lines Delivered-To and 1 X-Original-To. I >> want to keep first line of Delivered-To and X-Original-To and delete >> 2nd line of Delivered-To and rewrite X-Original-To to Delivered-To. >> >> Please find the mail headers as below. >> >> X-Original-To: 98862xxx65 at example.in ====> Rewrite this to Delivered-TO >> Delivered-To: mobilemail at example.in ====> KEEP This Header >> Delivered-To: example.com-mobilenumbers at example.com =======> Delete >> This Header > > If you can rely on the exact order of these headers, this should work: > > require "editheader"; > require "variables"; > > if header :matches "X-Original-To" "*" { > deleteheader :index 2 "Delivered-To"; > addheader "Delivered-To" "${1}"; > deleteheader "X-Original-To"; > } > > Regards, > > Stephan. > From calestyo at scientia.net Fri May 24 15:29:38 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Fri, 24 May 2013 14:29:38 +0200 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <519ED76A.8070802@bluerosetech.com> References: <1369359700.10903.14.camel@fermat.scientia.net> <519ED76A.8070802@bluerosetech.com> Message-ID: <1369398578.5175.10.camel@fermat.scientia.net> On Thu, 2013-05-23 at 19:58 -0700, Darren Pilgrim wrote: > Does adding LAYOUT=fs to mail_location, which makes Dovecot use a dir > hierarchy instead of dot-prefixing, make this possible? I would expect that one then runs into the same troubles when using "/" in a foldername... Moreover one has the problem that cur/new/tmp need to be hidden in another special dir name that mustn't be used. Cheers, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From calestyo at scientia.net Fri May 24 15:31:51 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Fri, 24 May 2013 14:31:51 +0200 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <519F0997.6080401@sys4.de> References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> Message-ID: <1369398711.5175.12.camel@fermat.scientia.net> On Fri, 2013-05-24 at 08:32 +0200, Robert Schetterer wrote: > http://wiki2.dovecot.org/Plugins/Listescape That sounds interesting... and I'll have a look at it.. but it also seems to use an standard-incompliant encoding (\NN)... might become a problem when one uses other tools on such maildirs (maildrop?) Cheers, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From calestyo at scientia.net Fri May 24 15:32:59 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Fri, 24 May 2013 14:32:59 +0200 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <519F47A1.3040407@Media-Brokers.com> References: <1369359700.10903.14.camel@fermat.scientia.net> <1369361579.10903.16.camel@fermat.scientia.net> <519F47A1.3040407@Media-Brokers.com> Message-ID: <1369398779.5175.13.camel@fermat.scientia.net> On Fri, 2013-05-24 at 06:57 -0400, Charles Marcus wrote: > And for some reason, the Parent folder is created as a folder that > cannot contain files, only folders. I'll try that out.. > This is why I'll be implementing a different character for the separator > on my new box - something much less likely to be used in a foldername - > I'm currently thinking the caret (^) symbol may be best... Sure.... but it's not a real solution... it only moves the problem. Cheers, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From CMarcus at Media-Brokers.com Fri May 24 15:41:19 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 24 May 2013 08:41:19 -0400 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1369398779.5175.13.camel@fermat.scientia.net> References: <1369359700.10903.14.camel@fermat.scientia.net> <1369361579.10903.16.camel@fermat.scientia.net> <519F47A1.3040407@Media-Brokers.com> <1369398779.5175.13.camel@fermat.scientia.net> Message-ID: <519F5FEF.20800@Media-Brokers.com> On 2013-05-24 8:32 AM, Christoph Anton Mitterer wrote: > On Fri, 2013-05-24 at 06:57 -0400, Charles Marcus wrote: >> This is why I'll be implementing a different character for the separator >> on my new box - something much less likely to be used in a foldername - >> I'm currently thinking the caret (^) symbol may be best... > Sure.... but it's not a real solution... it only moves the problem. Well... I disagree. If changing the separator to a character that 99.999% of the time no one will ever use in a foldername, it eliminates the problem in 99.999% of cases. I can live with that... ;) -- Best regards, Charles From tss at iki.fi Fri May 24 16:14:40 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 24 May 2013 16:14:40 +0300 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1369398711.5175.12.camel@fermat.scientia.net> References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> <1369398711.5175.12.camel@fermat.scientia.net> Message-ID: On 24.5.2013, at 15.31, Christoph Anton Mitterer wrote: > On Fri, 2013-05-24 at 08:32 +0200, Robert Schetterer wrote: >> http://wiki2.dovecot.org/Plugins/Listescape > That sounds interesting... and I'll have a look at it.. but it also > seems to use an standard-incompliant encoding (\NN)... might become a > problem when one uses other tools on such maildirs (maildrop?) There is no standard escaping. From lev at serebryakov.spb.ru Fri May 24 16:59:44 2013 From: lev at serebryakov.spb.ru (Lev Serebryakov) Date: Fri, 24 May 2013 17:59:44 +0400 Subject: [Dovecot] Is it possible to palce "detailed" (with local+folder@domai.com) messages not to INBOX/folder, but to INBOX/FixedSubfolder/folder? Message-ID: <411283970.20130524175944@serebryakov.spb.ru> Hello, Dovecot. Now, with enabled "recipient_delimiter = +", "lmtp_save_to_detail_mailbox" and using LMTP, messages with "detail" in address, are placed in auto-created mailboxes. It is great, but what if I want to put all such mailboxes not in inbox directly, but lower in mailbox hierarchy? Is it possible without using sieve? -- // Black Lion AKA Lev Serebryakov From calestyo at scientia.net Fri May 24 17:08:07 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Fri, 24 May 2013 16:08:07 +0200 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> <1369398711.5175.12.camel@fermat.scientia.net> Message-ID: <1c21cdb6-0907-42fc-8858-c6bfd4291cfe@email.android.com> Well... I thought courier was defining maildir++ which we use an they also defined an escaping.... Cheers, Chris. Timo Sirainen schrieb: >On 24.5.2013, at 15.31, Christoph Anton Mitterer > wrote: > >> On Fri, 2013-05-24 at 08:32 +0200, Robert Schetterer wrote: >>> http://wiki2.dovecot.org/Plugins/Listescape >> That sounds interesting... and I'll have a look at it.. but it also >> seems to use an standard-incompliant encoding (\NN)... might become a >> problem when one uses other tools on such maildirs (maildrop?) > >There is no standard escaping. From tss at iki.fi Fri May 24 17:17:34 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 24 May 2013 17:17:34 +0300 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1c21cdb6-0907-42fc-8858-c6bfd4291cfe@email.android.com> References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> <1369398711.5175.12.camel@fermat.scientia.net> <1c21cdb6-0907-42fc-8858-c6bfd4291cfe@email.android.com> Message-ID: <2606AC2A-B2E9-4806-96B9-1B471647B7C7@iki.fi> I'm not aware of Courier doing any kind of escaping. On 24.5.2013, at 17.08, Christoph Anton Mitterer wrote: > Well... I thought courier was defining maildir++ which we use an they also defined an escaping.... > > Cheers, > Chris. > > > > Timo Sirainen schrieb: > >> On 24.5.2013, at 15.31, Christoph Anton Mitterer >> wrote: >> >>> On Fri, 2013-05-24 at 08:32 +0200, Robert Schetterer wrote: >>>> http://wiki2.dovecot.org/Plugins/Listescape >>> That sounds interesting... and I'll have a look at it.. but it also >>> seems to use an standard-incompliant encoding (\NN)... might become a >>> problem when one uses other tools on such maildirs (maildrop?) >> >> There is no standard escaping. > From rs at sys4.de Fri May 24 17:26:30 2013 From: rs at sys4.de (Robert Schetterer) Date: Fri, 24 May 2013 16:26:30 +0200 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1c21cdb6-0907-42fc-8858-c6bfd4291cfe@email.android.com> References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> <1369398711.5175.12.camel@fermat.scientia.net> <1c21cdb6-0907-42fc-8858-c6bfd4291cfe@email.android.com> Message-ID: <519F7896.7090808@sys4.de> Am 24.05.2013 16:08, schrieb Christoph Anton Mitterer: > Well... I thought courier was defining maildir++ which we use an they also defined an escaping.... > > Cheers, > Chris. > > > > Timo Sirainen schrieb: > >> On 24.5.2013, at 15.31, Christoph Anton Mitterer >> wrote: >> >>> On Fri, 2013-05-24 at 08:32 +0200, Robert Schetterer wrote: >>>> http://wiki2.dovecot.org/Plugins/Listescape >>> That sounds interesting... and I'll have a look at it.. but it also >>> seems to use an standard-incompliant encoding (\NN)... might become a >>> problem when one uses other tools on such maildirs (maildrop?) >> >> There is no standard escaping. > however, just for Info, i use Listescape with maildir in 2.1.15 without Problems, i used it for archive mailbox with sieve sorting in subfolders named like email adresses ( which might have a dot ) Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From ben at morrow.me.uk Fri May 24 18:16:28 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Fri, 24 May 2013 16:16:28 +0100 Subject: [Dovecot] Passwordless auth? In-Reply-To: References: <20130523234310.GB53132@anubis.morrow.me.uk> Message-ID: <20130524151628.GC53132@anubis.morrow.me.uk> At 9AM +0200 on 24/05/13 you (Wolfgang.Friebel at desy.de) wrote: > On Fri, 24 May 2013, Ben Morrow wrote: > > At 4PM -0700 on 23/05/13 you (Dan Mahoney, System Admin) wrote: > > > >> I could also create a dovecot-only user with my UID and no other login > >> privileges, but I'd like this to "just work" for anyone. > > > > I believe with the latest 2.2 you can also do this with Kerberos > > principals, if you're running Kerberos; I haven't looked into this yet, > > but I mean to (for much the same reason). > > To access the mail storage on the imap server you can just speak the imap > protocol and authenticate against the imap server just like any other mail > client would do. If you are using Kerberos and have a ticket granting > ticket (after e.g. kinit) then the authentication against a properly > configured imap server is done without typing passwords. If the imap > server does support pam (and dovecot does) then this is handled there. I didn't quite mean that: yes, that is 'passwordless' in a sense, but you still have to have typed a password into kinit fairly recently. What I meant was that with 2.2 it's finally possible to set a list of krb5 principals for imap which is different from the list in .k5login. This makes it possible to create special-purpose principals, which can have their keys put in a keytab, which can then log on as an ordinary imap user. This is somewhat similar to the 'ssh keys with a forced command' idea, except that the whole thing is a good deal more secure because the keys can be cancelled centrally. Ben From dirk.jahnke-zumbusch at desy.de Fri May 24 18:27:07 2013 From: dirk.jahnke-zumbusch at desy.de (Dirk Jahnke-Zumbusch) Date: Fri, 24 May 2013 17:27:07 +0200 (CEST) Subject: [Dovecot] Passwordless auth? In-Reply-To: <20130524151628.GC53132@anubis.morrow.me.uk> References: <20130523234310.GB53132@anubis.morrow.me.uk> <20130524151628.GC53132@anubis.morrow.me.uk> Message-ID: Hi, >I didn't quite mean that: yes, that is 'passwordless' in a sense, but >you still have to have typed a password into kinit fairly recently. > >What I meant was that with 2.2 it's finally possible to set a list of >krb5 principals for imap which is different from the list in .k5login. >This makes it possible to create special-purpose principals, which can >have their keys put in a keytab, which can then log on as an ordinary >imap user. perhaps I misunderstand you, but something like kinit -k -t /path/to/keytab authenticates w/o the need of typing a password. Cheers Dirk From simon.buongiorno at gmail.com Fri May 24 19:32:32 2013 From: simon.buongiorno at gmail.com (Simon B) Date: Fri, 24 May 2013 18:32:32 +0200 Subject: [Dovecot] Upgrading 1.2 to 2.x Message-ID: Hi In an unscheduled maintenance window next week, I will have the opportunity to upgrade to 2.x should I wish to do and provided I can get it working on stage first. My questions: I've seen a lot on the list about the rock-solidness of 1.2 but also some people saying that some versions of 2.x better than others. Is there a recommended version - I don't need bleeding edge, I'd prefer stability, or one most of you can agree on? What am I missing by not upgrading? A few months ago I tried to convert a Dovecot 1.2 config into 2.1 and wasn't very successful. Any tips on how to go about it? Thanks. Simon From me at junc.eu Fri May 24 20:20:15 2013 From: me at junc.eu (Benny Pedersen) Date: Fri, 24 May 2013 19:20:15 +0200 Subject: [Dovecot] Store Mails into SQL DB In-Reply-To: <519F2086.1020009@netocean.de> References: <519F2086.1020009@netocean.de> Message-ID: Leander S. skrev den 2013-05-24 10:10: > is there an option to store eMails into DB right away instead of > storing them as files on the HDD? yes, but not currently with dovecot, it was designed for speed in mind :) if you like to misuse db make sure the db is replicated, then google DBMAIL, still use db without replicate is possible just like miss whole mailstore without any backup, well the same can happend on real filesystem, so whats my point ? :) -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From me at junc.eu Fri May 24 21:08:37 2013 From: me at junc.eu (Benny Pedersen) Date: Fri, 24 May 2013 20:08:37 +0200 Subject: [Dovecot] Upgrading 1.2 to 2.x In-Reply-To: References: Message-ID: <0c1dda65675790dbd0d1a44f0d6cfe37@junc.eu> Simon B skrev den 2013-05-24 18:32: > In an unscheduled maintenance window next week, I will have the > opportunity to upgrade to 2.x should I wish to do and provided I can > get it working on stage first. +1, i would have installed 2.x if it was first time install of dovecot, i would keep 1.x until i need a new server, since 1.x is all i need, and wiki page for 1.x still exits so all is fine imho :=) > My questions: > > I've seen a lot on the list about the rock-solidness of 1.2 but also > some people saying that some versions of 2.x better than others. Is > there a recommended version - I don't need bleeding edge, I'd prefer > stability, or one most of you can agree on? imho its not just a version change, its more then that, mailstore and backend and out support and whole new config layout keeps me away from migradeing it, well when i migraded from curier-imap to dovecot i have both running the same time binded to diff localhost ips, then it was simple to use imapsync to migrade over storages for all mailboxes, but now with dovecot 1.x to 2.x its not that simple anymore > What am I missing by not upgrading? if 1.x is working now, then you miss nothing, no matter that dovecot 1.x is nearly not supported in any distros anymore, so i keep my 1.x ebuild on gentoo, just in case i still really need to build it again > A few months ago I tried to convert a Dovecot 1.2 config into 2.1 and > wasn't very successful. Any tips on how to go about it? its dangoryous to ask that here, most people would just say read the docs or do "dovecot -n >new.conf" with the new dovecot installed, not there fault it ends with single conf like dovecot 1.x had suggested keep 1.x for now -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From me at junc.eu Fri May 24 21:49:29 2013 From: me at junc.eu (Benny Pedersen) Date: Fri, 24 May 2013 20:49:29 +0200 Subject: [Dovecot] NFS mount permissions In-Reply-To: <519F55AA.1060407@wk-serv.de> References: <519F55AA.1060407@wk-serv.de> Message-ID: <980e78b9cf63e1725d3c9d934c407648@junc.eu> Patrick Westenberg skrev den 2013-05-24 13:57: > How do you NFS-using guys solve this problem? you ask nfs questions in another maillist ? there is 2 kinds of people, one that understand unix auth, and the others that dont :) -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it From ka at pacific.net Fri May 24 22:09:57 2013 From: ka at pacific.net (Ken A) Date: Fri, 24 May 2013 14:09:57 -0500 Subject: [Dovecot] userdb section order seems important in config file Message-ID: <519FBB05.6040700@pacific.net> Hi Timo, et al, I'm using Dovecot 2.2.2, with dict file based quota and a quota_rule in dovecot.conf. I have userdb configured like so: userdb { driver = passwd-file args = /etc/dovecot/passwd-file } userdb { driver = passwd } I get the behavior I want with a single line in the passwd-file for any users that I'd like to override the default quota. BUT, if I list the userdb sections in the reverse order, with the driver=passwd first, then the quotas in passwd-file are ignored. I have a feeling I am counting on undocumented behavior that might change in the future. Or is this okay to depend on? Thanks, Ken -- Ken Anderson Pacific Internet - http://www.pacific.net From pw at wk-serv.de Fri May 24 22:10:50 2013 From: pw at wk-serv.de (Patrick Westenberg) Date: Fri, 24 May 2013 21:10:50 +0200 Subject: [Dovecot] NFS mount permissions In-Reply-To: <980e78b9cf63e1725d3c9d934c407648@junc.eu> References: <519F55AA.1060407@wk-serv.de> <980e78b9cf63e1725d3c9d934c407648@junc.eu> Message-ID: <519FBB3A.4010903@wk-serv.de> Benny Pedersen schrieb: > there is 2 kinds of people, one that understand unix auth, and the > others that dont :) There are friendly people ... and you :) From gizmo at giz-works.com Fri May 24 22:43:19 2013 From: gizmo at giz-works.com (Chris Richards) Date: Fri, 24 May 2013 14:43:19 -0500 Subject: [Dovecot] Error: dict client sent broken reply In-Reply-To: <0b8beb24a830ec79044996616a0e6614.squirrel@www.giz-works.com> References: <0b8beb24a830ec79044996616a0e6614.squirrel@www.giz-works.com> Message-ID: Anyone have any thoughts on this? Chris On Sun, May 19, 2013 4:33 pm, Chris Richards wrote: > I've been mucking about, experimenting with the expire plugin and using a > dictionary. I've got the iteration query working when I do a normal > expunge using: > > doveadm expunge -A mailbox "INBOX.Trash" savedbefore 1w > > and expunging works as expected. However, I've got over 12,000 accounts > on this server, so I was hoping using the expire plugin to could help out. > I've configured the plugin, and things kinda work, except that somewhere > between 3700 and 3800 users, I abort with this: > > doveadm(someuseraccount at somedomain): Error: dict client > (/var/run/dovecot/dict) sent broken reply > doveadm(someuseraccount at somedomain): Error: Dictionary iteration failed > doveadm: Error: Failed to iterate through some users > > It consistently fails at the same user. If I delete that user from the > expire database, then it appears to fail on the next user. > > I also see this in the logs: > > dovecot: dict: Error: dict client: COMMIT: Can't commit while iterating > > I've absolutely no idea where to go from here to troubleshoot this. Any > guidance would be appreciated. > > Thanks, > Chris > > doveconf -n: > > # 2.1.12: /etc/dovecot/dovecot.conf > # OS: Linux 3.7.5-hardened-r1 x86_64 Gentoo Base System release 2.1 ext4 > auth_master_user_separator = * > auth_mechanisms = plain login > auth_username_chars = > abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@& > auth_verbose_passwords = plain > default_process_limit = 200 > dict { > quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext > } > disable_plaintext_auth = no > login_greeting = Awaiting command... > mail_location = maildir:/home/vmail/%d/%n/Maildir > mail_plugins = " quota" > mail_privileged_group = 100 > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date ihave > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = INBOX. > separator = . > type = private > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > expire = Trash 7 > expire2 = Trash/* 7 > expire3 = Spam 7 > quota = dict:User quota:%u:proxy::quota > quota_rule = *:storage=200M > quota_warning = storage=99%% quota-warning 99 %n %d > quota_warning2 = storage=95%% quota-warning 95 %n %d > quota_warning3 = storage=80%% quota-warning 80 %n %d > quota_warning4 = -storage=95%% quota-warning 'less than 95' %n %d > sieve = ~/.dovecot.sieve > sieve_default = /home/vmail/dovecot/sieve/default.sieve > sieve_dir = ~/sieve > sieve_global_dir = /home/vmail/dovecot/sieve > } > protocols = imap pop3 sieve lmtp > service auth-worker { > user = $default_internal_user > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > unix_listener auth-userdb { > group = dovecot > mode = 0666 > user = dovecot > } > user = $default_internal_user > } > service dict { > unix_listener dict { > mode = 0600 > user = vmail > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service quota-warning { > executable = script /etc/dovecot/quota-warning.sh > unix_listener quota-warning { > user = vmail > } > user = dovecot > } > ssl_cert = ssl_key = userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocol lmtp { > mail_plugins = sieve quota > postmaster_address = postmaster at domain > } > protocol lda { > mail_plugins = " quota sieve quota" > } > protocol imap { > mail_max_userip_connections = 20 > mail_plugins = " quota quota imap_quota" > } > protocol pop3 { > mail_plugins = " quota quota" > } > > > From dovecot-dict-sql.conf.ext: > > connect = host=localhost dbname=maildb user=dbuser password=dbpass > > # CREATE TABLE quota ( > # username varchar(100) not null, > # bytes bigint not null default 0, > # messages integer not null default 0, > # primary key (username) > # ); > > map { > pattern = priv/quota/storage > table = quota_usage > username_field = address > value_field = quota_bytes > } > map { > pattern = priv/quota/messages > table = quota_usage > username_field = address > value_field = quota_messages > } > > # CREATE TABLE expires ( > # username varchar(100) not null, > # mailbox varchar(255) not null, > # expire_stamp integer not null, > # primary key (username, mailbox) > # ); > > map { > pattern = shared/expire/$user/$mailbox > table = expires > value_field = expire_stamp > > fields { > address = $user > folder = $mailbox > } > } > > > > dovecot-sql.conf.ext > > driver = mysql > connect = host=/var/run/mysqld/mysqld.sock dbname=maildb user=dbuser > > password=dbpass > default_pass_scheme = PLAIN > > user_query = SELECT homedir AS home, maildir AS mail, uid AS uid, gid AS > gid, quota_rule AS quota_rule FROM email WHERE address = CONVERT('%u' > USING latin1) AND is_alias=0; > > password_query = SELECT address AS user, NULL as password, homedir AS > userdb_home, maildir as userdb_mail, uid AS userdb_uid, gid AS userdb_gid, > quota_rule AS userdb_quota_rule, 'Y' AS nopassword FROM email WHERE > address = CASE WHEN ('%d' = '') THEN CONCAT (CONVERT('%n' USING latin1), > '@bordernet.com.au') ELSE CONVERT('%u' USING latin1) END AND is_alias=0 > AND CheckPasswordFunc(CONVERT('%n' USING latin1), '%d', CONVERT('%w' USING > latin1), '%r'); > > iterate_query = SELECT address AS user FROM email WHERE is_alias=0 AND > length(password) > 1 > > From lev at serebryakov.spb.ru Fri May 24 23:20:36 2013 From: lev at serebryakov.spb.ru (Lev Serebryakov) Date: Sat, 25 May 2013 00:20:36 +0400 Subject: [Dovecot] dovecot-sieve (pigeonhole) -- is is possible to "re-filter" INBOX when filters have been updated? Message-ID: <17910192223.20130525002036@serebryakov.spb.ru> Hello, Dovecot. I want to migrate to webmail (roundcube) over dovecot + sieve (pigeonhole). Now I'm using on-client (The Bat!) filters, but I need to have acccess to my mail everywhere, not only on my workstation. And I wonder, is here simple way to re-filter INBOX after sieve filters have been changed? Any offline (desktop) mail client could run new filters on old messages -- is here any way to do this with dovecot-sieve (pigeonhole)? I'm using postfix + dovecot LMTP to run sieve filters. -- // Black Lion AKA Lev Serebryakov From ka at pacific.net Fri May 24 23:50:01 2013 From: ka at pacific.net (Ken A) Date: Fri, 24 May 2013 15:50:01 -0500 Subject: [Dovecot] userdb section order seems important in config file In-Reply-To: <519FBB05.6040700@pacific.net> References: <519FBB05.6040700@pacific.net> Message-ID: <519FD279.2080906@pacific.net> Ah, it looks like this is by design. Great. http://wiki2.dovecot.org/Authentication/MultipleDatabases It wasn't mentioned as a solution on http://wiki2.dovecot.org/Quota/Configuration#passwd-file so I missed it. Ken On 5/24/2013 2:09 PM, Ken A wrote: > Hi Timo, et al, > > I'm using Dovecot 2.2.2, with dict file based quota and a quota_rule in > dovecot.conf. I have userdb configured like so: > > userdb { > driver = passwd-file > args = /etc/dovecot/passwd-file > } > userdb { > driver = passwd > } > > I get the behavior I want with a single line in the passwd-file for any > users that I'd like to override the default quota. BUT, if I list the > userdb sections in the reverse order, with the driver=passwd first, then > the quotas in passwd-file are ignored. > > I have a feeling I am counting on undocumented behavior that might > change in the future. Or is this okay to depend on? > > Thanks, > Ken > -- Ken Anderson Pacific Internet - http://www.pacific.net From ben at morrow.me.uk Sat May 25 00:11:33 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Fri, 24 May 2013 22:11:33 +0100 Subject: [Dovecot] Passwordless auth? In-Reply-To: References: <20130523234310.GB53132@anubis.morrow.me.uk> <20130524151628.GC53132@anubis.morrow.me.uk> Message-ID: <20130524211132.GD53132@anubis.morrow.me.uk> At 5PM +0200 on 24/05/13 you (Dirk Jahnke-Zumbusch) wrote: > [I wrote:] > > > >I didn't quite mean that: yes, that is 'passwordless' in a sense, but > >you still have to have typed a password into kinit fairly recently. > > > >What I meant was that with 2.2 it's finally possible to set a list of > >krb5 principals for imap which is different from the list in .k5login. > >This makes it possible to create special-purpose principals, which can > >have their keys put in a keytab, which can then log on as an ordinary > >imap user. > > perhaps I misunderstand you, but something like > > kinit -k -t /path/to/keytab > > authenticates w/o the need of typing a password. Yes, but that means putting your ordinary user's key into a keytab, and since that key can (probably) be used for a whole lot more than just accessing IMAP, this isn't exactly very safe. The advantage of using a dedicated principal is that you can give it the minimum rights it needs to do its job, making the keytab much safer. You can also disable just that principal on the KDC if it gets compromised without locking the user out altogether. Ben From gizmo at giz-works.com Sat May 25 00:26:55 2013 From: gizmo at giz-works.com (Chris Richards) Date: Fri, 24 May 2013 16:26:55 -0500 Subject: [Dovecot] dovecot-sieve (pigeonhole) -- is is possible to "re-filter" INBOX when filters have been updated? In-Reply-To: <17910192223.20130525002036@serebryakov.spb.ru> References: <17910192223.20130525002036@serebryakov.spb.ru> Message-ID: <5e509fc89fc5cfc960eee06ff788f328.squirrel@www.giz-works.com> On Fri, May 24, 2013 3:20 pm, Lev Serebryakov wrote: > Hello, Dovecot. > > And I wonder, is here simple way to re-filter INBOX after sieve > filters have been changed? Any offline (desktop) mail client could run > new filters on old messages -- is here any way to do this with > dovecot-sieve (pigeonhole)? Take a look at sieve-filter, which is part of the pigeonhole package since 0.3. It should provide you the capability to do what you want. Chris From calestyo at scientia.net Sat May 25 00:40:13 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Fri, 24 May 2013 23:40:13 +0200 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <519F47A1.3040407@Media-Brokers.com> References: <1369359700.10903.14.camel@fermat.scientia.net> <1369361579.10903.16.camel@fermat.scientia.net> <519F47A1.3040407@Media-Brokers.com> Message-ID: <1369431613.5194.6.camel@fermat.scientia.net> On Fri, 2013-05-24 at 06:57 -0400, Charles Marcus wrote: > And for some reason, the Parent folder is created as a folder that > cannot contain files, only folders. I think the reason for this is that the folder is not really created, i.e. when you create "folder.subfolder" with TB, Dovcote will create .folder.subfolder But there is not maildir for: .folder Not sure whom to blame for this... is it a dovecot issue? Cheers, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From calestyo at scientia.net Sat May 25 00:48:00 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Fri, 24 May 2013 23:48:00 +0200 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> <1369398711.5175.12.camel@fermat.scientia.net> Message-ID: <1369432080.5194.9.camel@fermat.scientia.net> On Fri, 2013-05-24 at 16:14 +0300, Timo Sirainen wrote: > There is no standard escaping. btw... When I create a folder with unicode chars ... e.g. via Evolution or TB.. then the maildirs created on the dovecot side use the encoding schema as described here http://www.courier-mta.org/maildir.html Is this encoding then done by Dovecot or is it the client who does this? Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From list_dovecot at bluerosetech.com Sat May 25 00:53:11 2013 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Fri, 24 May 2013 14:53:11 -0700 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1369398578.5175.10.camel@fermat.scientia.net> References: <1369359700.10903.14.camel@fermat.scientia.net> <519ED76A.8070802@bluerosetech.com> <1369398578.5175.10.camel@fermat.scientia.net> Message-ID: <519FE147.5050209@bluerosetech.com> On 2013-05-24 05:29, Christoph Anton Mitterer wrote: > On Thu, 2013-05-23 at 19:58 -0700, Darren Pilgrim wrote: >> Does adding LAYOUT=fs to mail_location, which makes Dovecot use a dir >> hierarchy instead of dot-prefixing, make this possible? > > I would expect that one then runs into the same troubles when using "/" > in a foldername... I often wondered by '.' was chosen. A comma works just as well and, unlike '.', ',' isn't valid in a domain name or unquoted local part. Using the FS does solve the only major issue I run into doing automated mailing list sorting based on the List-ID header. From tss at iki.fi Sat May 25 01:19:14 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 25 May 2013 01:19:14 +0300 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1369432080.5194.9.camel@fermat.scientia.net> References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> <1369398711.5175.12.camel@fermat.scientia.net> <1369432080.5194.9.camel@fermat.scientia.net> Message-ID: <7EA4237D-B802-4DF5-885C-9FEC1AD18F19@iki.fi> On 25.5.2013, at 0.48, Christoph Anton Mitterer wrote: > On Fri, 2013-05-24 at 16:14 +0300, Timo Sirainen wrote: >> There is no standard escaping. > btw... When I create a folder with unicode chars ... e.g. via Evolution > or TB.. then the maildirs created on the dovecot side use the encoding > schema as described here http://www.courier-mta.org/maildir.html > > Is this encoding then done by Dovecot or is it the client who does this? That is pretty much standard IMAP mUTF-7. Wonder why that's not mentioned in there. But yeah, looks like it also suggests encoding the '.' and '/' using the mUTF-7 format. That is forbidden by IMAP. So having such names in the maildir and serving them to IMAP clients would actually violate the IMAP protocol. From calestyo at scientia.net Sat May 25 01:46:35 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Sat, 25 May 2013 00:46:35 +0200 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <7EA4237D-B802-4DF5-885C-9FEC1AD18F19@iki.fi> References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> <1369398711.5175.12.camel@fermat.scientia.net> <1369432080.5194.9.camel@fermat.scientia.net> <7EA4237D-B802-4DF5-885C-9FEC1AD18F19@iki.fi> Message-ID: <1369435595.9631.3.camel@fermat.scientia.net> On Sat, 2013-05-25 at 01:19 +0300, Timo Sirainen wrote: > That is pretty much standard IMAP mUTF-7. Wonder why that's not > mentioned in there. > But yeah, looks like it also suggests encoding the '.' and '/' using > the mUTF-7 format. That is forbidden by IMAP. So having such names in > the maildir and serving them to IMAP clients would actually violate > the IMAP protocol. I see... so what's the best / most standards compliant way of enabling all possible folder names now? Using that plugin? I mean I do not quite understand what happens when I use the plugin... so as far as I understood you know IMAP itself already has an encoding way... i.e. the client already sends mUTF-7 encoded foldernames to dovecot, and dovecot simply passes this through and creates these as file names, right? When I use the list encode plugin... will it then \NN encode the (possibly already mUTF-7 encoded) string... to also allow things like "." and "/"? So the client will never see any \NN encoding as this is done purely dovecot internally? Thanks, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From tss at iki.fi Sat May 25 02:12:32 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 25 May 2013 02:12:32 +0300 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1369435595.9631.3.camel@fermat.scientia.net> References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> <1369398711.5175.12.camel@fermat.scientia.net> <1369432080.5194.9.camel@fermat.scientia.net> <7EA4237D-B802-4DF5-885C-9FEC1AD18F19@iki.fi> <1369435595.9631.3.camel@fermat.scientia.net> Message-ID: <75771715-2A2B-4424-AED2-F658BD57CB26@iki.fi> On 25.5.2013, at 1.46, Christoph Anton Mitterer wrote: > On Sat, 2013-05-25 at 01:19 +0300, Timo Sirainen wrote: >> That is pretty much standard IMAP mUTF-7. Wonder why that's not >> mentioned in there. >> But yeah, looks like it also suggests encoding the '.' and '/' using >> the mUTF-7 format. That is forbidden by IMAP. So having such names in >> the maildir and serving them to IMAP clients would actually violate >> the IMAP protocol. > I see... so what's the best / most standards compliant way of enabling > all possible folder names now? Using that plugin? IMAP protocol requires that one character is reserved for being hierarchy separator. There's no way around that. But with listescape plugin you can use any other character. > I mean I do not quite understand what happens when I use the plugin... > so as far as I understood you know IMAP itself already has an encoding > way... i.e. the client already sends mUTF-7 encoded foldernames to > dovecot, and dovecot simply passes this through and creates these as > file names, right? > > When I use the list encode plugin... will it then \NN encode the > (possibly already mUTF-7 encoded) string... to also allow things like > "." and "/"? > So the client will never see any \NN encoding as this is done purely > dovecot internally? Right. It encodes those chars that can't be used in filesystem, but can be used in IMAP protocol. With Maildir the separator is always '.' in the filesystem, but it can be something else visible to IMAP clients, which allows using '.' in IMAP protocol but not in filesystem unescaped. From calestyo at scientia.net Sat May 25 02:30:53 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Sat, 25 May 2013 01:30:53 +0200 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <75771715-2A2B-4424-AED2-F658BD57CB26@iki.fi> References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> <1369398711.5175.12.camel@fermat.scientia.net> <1369432080.5194.9.camel@fermat.scientia.net> <7EA4237D-B802-4DF5-885C-9FEC1AD18F19@iki.fi> <1369435595.9631.3.camel@fermat.scientia.net> <75771715-2A2B-4424-AED2-F658BD57CB26@iki.fi> Message-ID: <1369438253.9631.19.camel@fermat.scientia.net> On Sat, 2013-05-25 at 02:12 +0300, Timo Sirainen wrote: > IMAP protocol requires that one character is reserved for being > hierarchy separator. There's no way around that. But with listescape > plugin you can use any other character. Okay... than IMAP really sucks in that matter ^^... why not allowing it to be used quoted ... weird... IIRC, clients can find out that character via the LIST command, right? So there should be no need for them to block anything else but that specific character (per server). > Right. It encodes those chars that can't be used in filesystem, but > can be used in IMAP protocol. With Maildir the separator is always '.' > in the filesystem well unless one use LAYOUT=fs > , but it can be something else visible to IMAP clients, which allows > using '.' in IMAP protocol but not in filesystem unescaped. but that basically also means that the plugins will never encode characters but . and / (okay and that ~ case, which AFAIU wouldn't be strictly necessary), right? It will encode "/" because it can't be used in the POSIX filenames. And it will encode "." only when LAYOUT=fs is _not_ used. Other Unicode chars are already encoded by IMAP via UTF7 and can go straight into the FS. And the virtual separator cannot be used, regardless what one does... Is this just an IMAP issue or also a POP issue? And how are other unicode chars encoded in POP? I ask cause then I'd update the wiki a bit. Cheers, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From tss at iki.fi Sat May 25 02:33:29 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 25 May 2013 02:33:29 +0300 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1369438253.9631.19.camel@fermat.scientia.net> References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> <1369398711.5175.12.camel@fermat.scientia.net> <1369432080.5194.9.camel@fermat.scientia.net> <7EA4237D-B802-4DF5-885C-9FEC1AD18F19@iki.fi> <1369435595.9631.3.camel@fermat.scientia.net> <75771715-2A2B-4424-AED2-F658BD57CB26@iki.fi> <1369438253.9631.19.camel@fermat.scientia.net> Message-ID: On 25.5.2013, at 2.30, Christoph Anton Mitterer wrote: > On Sat, 2013-05-25 at 02:12 +0300, Timo Sirainen wrote: >> IMAP protocol requires that one character is reserved for being >> hierarchy separator. There's no way around that. But with listescape >> plugin you can use any other character. > Okay... than IMAP really sucks in that matter ^^... why not allowing it > to be used quoted ... weird... > > IIRC, clients can find out that character via the LIST command, right? > So there should be no need for them to block anything else but that > specific character (per server). Yeah. >> , but it can be something else visible to IMAP clients, which allows >> using '.' in IMAP protocol but not in filesystem unescaped. > > but that basically also means that the plugins will never encode > characters but . and / (okay and that ~ case, which AFAIU wouldn't be > strictly necessary), right? > > It will encode "/" because it can't be used in the POSIX filenames. > And it will encode "." only when LAYOUT=fs is _not_ used. > Other Unicode chars are already encoded by IMAP via UTF7 and can go > straight into the FS. Right. > And the virtual separator cannot be used, regardless what one does... > Is this just an IMAP issue or also a POP issue? > > And how are other unicode chars encoded in POP? I ask cause then I'd > update the wiki a bit. POP3 has no folders at all. From calestyo at scientia.net Sat May 25 03:18:31 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Sat, 25 May 2013 02:18:31 +0200 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> <1369398711.5175.12.camel@fermat.scientia.net> <1369432080.5194.9.camel@fermat.scientia.net> <7EA4237D-B802-4DF5-885C-9FEC1AD18F19@iki.fi> <1369435595.9631.3.camel@fermat.scientia.net> <75771715-2A2B-4424-AED2-F658BD57CB26@iki.fi> <1369438253.9631.19.camel@fermat.scientia.net> Message-ID: <1369441111.9631.64.camel@fermat.scientia.net> On Sat, 2013-05-25 at 02:33 +0300, Timo Sirainen wrote: > > And the virtual separator cannot be used, regardless what one does... > > Is this just an IMAP issue or also a POP issue? > > > > And how are other unicode chars encoded in POP? I ask cause then I'd > > update the wiki a bit. > > POP3 has no folders at all. Ah sure... I didn't think clearly.... what I actually meant was... are there similar issues when using folder with mbox as backend? I mean I haven't tried it with Dovecot so far, but I guess it also uses the folder.sbd/ schema? Does this also involve any special forbidden characters? I'm just making some tests... and everything seems to be as you described (not that I didn't trust you ;) )... One thing though... I think when a character is used that is neither the (IMAP) virtual separator (and therefore already forbidden as a folder character by this - which a good client could check[0]) nor the listencode plugin is enabled... then Dovecot should give an error when one tries to create a folder that contains a character special to the underlying mail storage. Example: separator = / listencode is disabled maildir is used withOUT LAYOUT=fs I create a folder named "foo.bar" => The client cannot know that "." causes troubles as it only knows about "/". Dovecot actually creates such a folder but it's the issue described before by some person here, that you have a non working folder "foo" and a subfolder "bar". I think, Dovecot should bail out in such a folder creation, if that is possible. Especially as it seems one cannot get rid of such folders anymore... Evolution e.g. still thinks there should be a folder "foo" and it leaves it even when I deleted "bar". And one could make perhaps even more evil things like creating folders named "..." (and maildir get's crazy ;) ) I made some changes to the wiki,... guess you got notified anyway... please double check them. Cheers, Chris [0] To my big surprise.... evolution does... and e.g. allows "." if "/" is used as separator :-O -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From calestyo at scientia.net Sat May 25 03:43:44 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Sat, 25 May 2013 02:43:44 +0200 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1369441111.9631.64.camel@fermat.scientia.net> References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> <1369398711.5175.12.camel@fermat.scientia.net> <1369432080.5194.9.camel@fermat.scientia.net> <7EA4237D-B802-4DF5-885C-9FEC1AD18F19@iki.fi> <1369435595.9631.3.camel@fermat.scientia.net> <75771715-2A2B-4424-AED2-F658BD57CB26@iki.fi> <1369438253.9631.19.camel@fermat.scientia.net> <1369441111.9631.64.camel@fermat.scientia.net> Message-ID: <1369442624.9631.69.camel@fermat.scientia.net> And I may have found one further issue: I set: separator = '\\' maildir with _not_ using LAYOUT=fs the list encode plugin is on listescape_char is left to default When I now create a folder "foo.bar" it seemingly works (the client shows it as "a.a"), but what comes out is: .a.2ea how can this work? Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From calestyo at scientia.net Sat May 25 05:21:10 2013 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Sat, 25 May 2013 04:21:10 +0200 Subject: [Dovecot] . (dot) in maildir folder names In-Reply-To: <1369442624.9631.69.camel@fermat.scientia.net> References: <1369359700.10903.14.camel@fermat.scientia.net> <519F0997.6080401@sys4.de> <1369398711.5175.12.camel@fermat.scientia.net> <1369432080.5194.9.camel@fermat.scientia.net> <7EA4237D-B802-4DF5-885C-9FEC1AD18F19@iki.fi> <1369435595.9631.3.camel@fermat.scientia.net> <75771715-2A2B-4424-AED2-F658BD57CB26@iki.fi> <1369438253.9631.19.camel@fermat.scientia.net> <1369441111.9631.64.camel@fermat.scientia.net> <1369442624.9631.69.camel@fermat.scientia.net> Message-ID: <1369448470.9631.87.camel@fermat.scientia.net> On Sat, 2013-05-25 at 02:43 +0200, Christoph Anton Mitterer wrote: > And I may have found one further issue: > > I set: > separator = '\\' > maildir with _not_ using LAYOUT=fs > the list encode plugin is on > listescape_char is left to default > > > When I now create a folder "foo.bar" it seemingly works (the client > shows it as "a.a"), but what comes out is: > .a.2ea > how can this work? Quite sure this must be a bug... I played a bit more... I can create a folder which is shown as "a.2ea" and in the filesystem this becomes ".a.2e2ea". When I make a folder "a" and then try to make a subfolder "2ea" of it... it doesn't work (the client seems to already fail). When I make subfolders (below) like "3e" or "65"... they first show up as these.... but after several times refreshing... they become folder "a>" and "ae". Using another quote character like: listescape_char = ^ and things seem to work again as expected, i.e. a folder "e.e" becomes ".e^2ee" Cheers, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5113 bytes Desc: not available URL: From wdgarc88 at gmail.com Sat May 25 05:49:35 2013 From: wdgarc88 at gmail.com (Edwardo Garcia) Date: Sat, 25 May 2013 12:49:35 +1000 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <519F1D62.5070700@sys4.de> References: <519F1D62.5070700@sys4.de> Message-ID: Halo Robert, Yes indeed, so it seem it does not do at all. Timo or other developer? Are you still plan introduce option? If so, may ask what version? For now we disable use two hosts, but thiz not optimum for network. On Fri, May 24, 2013 at 5:57 PM, Robert Schetterer wrote: > Am 24.05.2013 09:45, schrieb Edwardo Garcia: > > Halo, > > > > (First time posting, please forgive English is not native) > > > > Change from Courier to Dovecot 2.1.16 > > > > Having two server. > > > > Having mysql on thiz two server, one master, one slave. > > > > What we wish is slave Dovecot only ask slave mysql, unless slave mysql > not > > work when then ask master, we have Postfix do thiz fallover good, but > > Dovecot talk to slave and master no mater what, we think thiz defeat > > fallover as we not want this aktion, but aktion like Postfix. > > > > The problemo is can not find Dovecot option for thiz in > wiki2.dovecot.org, > > is possible? > > > > i am not really up2date with your question, but last time, i was > involved with it, only kinda master/master solution did work, no > problem here with it, but i wouldnt recommend it in general, also many > new more database cluster tecs were anounced since my last install, > so there may more recent news in that point, wait for other answers > > > Best Regards > MfG Robert Schetterer > > -- > [*] sys4 AG > > http://sys4.de, +49 (89) 30 90 46 64 > Franziskanerstra?e 15, 81669 M?nchen > > Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 > Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein > From wdgarc88 at gmail.com Sat May 25 05:53:31 2013 From: wdgarc88 at gmail.com (Edwardo Garcia) Date: Sat, 25 May 2013 12:53:31 +1000 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <519F23D6.90803@thelounge.net> References: <519F1B62.4000708@integrafin.co.uk> <519F23D6.90803@thelounge.net> Message-ID: Yes, thiz why the slave be localhost on same machine work many time faster, backup host set for master database server as last resort fallover since network traffic bottleneck Hope Timo comment on option, so far he ignore thread, so maybe no plan now. On Fri, May 24, 2013 at 6:24 PM, Reindl Harald wrote: > > Am 24.05.2013 09:52, schrieb Edwardo Garcia: > > But mysql not problemo, it be Dovecot talk to both, do not want Dovecot > to > > talk to both at same time unless slave (local) copy die > > and this mostly for a good resason to support your argument > > if you configure "localhost" and the slave in postfix you > can be sure in case of postfix that all day long "localhost" > is used and only if it fails the slave over TCP/IP > > dovecot is using randomly the manitudes slower salve and > to make it perfectly worse if you reboot the slave in the > wrong moment you trigger errors on the dovecot side which > is not the idea of having redundancy on the mysql side > > From wdgarc88 at gmail.com Sat May 25 05:54:37 2013 From: wdgarc88 at gmail.com (Edwardo Garcia) Date: Sat, 25 May 2013 12:54:37 +1000 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <1369388893.10995.6.camel@tardis> References: <519F1B62.4000708@integrafin.co.uk> <519F23D6.90803@thelounge.net> <1369388893.10995.6.camel@tardis> Message-ID: What version broken where thiz work like need? Maybe I try. On Fri, May 24, 2013 at 7:48 PM, Noel Butler wrote: > On Fri, 2013-05-24 at 10:24 +0200, Reindl Harald wrote: > > > Am 24.05.2013 09:52, schrieb Edwardo Garcia: > > > But mysql not problemo, it be Dovecot talk to both, do not want > Dovecot to > > > talk to both at same time unless slave (local) copy die > > > > and this mostly for a good resason to support your argument > > > > if you configure "localhost" and the slave in postfix you > > can be sure in case of postfix that all day long "localhost" > > is used and only if it fails the slave over TCP/IP > > > > dovecot is using randomly the manitudes slower salve and > > to make it perfectly worse if you reboot the slave in the > > wrong moment you trigger errors on the dovecot side which > > is not the idea of having redundancy on the mysql side > > > > > This is how an old broken dovecot used to work, then someone complained > and Timo fixed it, I asked him nearly 2 years ago whn he fixed it, that > since he was changing its behaviour, it would be beneficial for an > option to make it work only in failover mode, he at the time said " > might be useful " but has said nothing more since, so NFI if he's even > given it a second thought or even put it on his official todo list > (since this was back in the 1.2.x days) > > > From lev at serebryakov.spb.ru Sat May 25 11:53:07 2013 From: lev at serebryakov.spb.ru (Lev Serebryakov) Date: Sat, 25 May 2013 12:53:07 +0400 Subject: [Dovecot] dovecot-sieve (pigeonhole) -- is is possible to "re-filter" INBOX when filters have been updated? In-Reply-To: <5e509fc89fc5cfc960eee06ff788f328.squirrel@www.giz-works.com> References: <17910192223.20130525002036@serebryakov.spb.ru> <5e509fc89fc5cfc960eee06ff788f328.squirrel@www.giz-works.com> Message-ID: <1874727193.20130525125307@serebryakov.spb.ru> Hello, Chris. You wrote 25 ??? 2013 ?., 1:26:55: >> And I wonder, is here simple way to re-filter INBOX after sieve >> filters have been changed? Any offline (desktop) mail client could run >> new filters on old messages -- is here any way to do this with >> dovecot-sieve (pigeonhole)? CR> Take a look at sieve-filter, which is part of the pigeonhole package since CR> 0.3. It should provide you the capability to do what you want. So, I need a way to run it from httpd (running with credentials of web user) on behalf mail subsystem (running with credentials of v-mail user) according command from PHP script... It could be non-trivial... -- // Black Lion AKA Lev Serebryakov From andreas at cymail.eu Sat May 25 12:36:22 2013 From: andreas at cymail.eu (Andreas Kasenides) Date: Sat, 25 May 2013 12:36:22 +0300 Subject: [Dovecot] Virtual Servers, or different authentication setups. In-Reply-To: References: Message-ID: <35150aa4c74ba30f04ede17ca25f18cd@cymail.eu> Look at Running Multiple Invocations of Dovecot at http://wiki2.dovecot.org/RunningDovecot Andreas On 23-05-2013 03:30, Joshua Gardner wrote: > I want to know if there is any virtual server functionality in > Dovecot? > > I would like to have two separate configurations, that access the > same > email, running in the same Dovecot instance. They would bind > different > ports and/or IPs, but have different authentication settings. In > particular, one would use a PLAIN password scheme, the other SSHA. > > How would I go about setting up these virtual servers? Or, would I > have to run separate instances of Dovecot? If I do have to run > separate instances, how do I keep them from interfering with > eachother? > > -Josh From gizmo at giz-works.com Sat May 25 23:36:47 2013 From: gizmo at giz-works.com (Chris Richards) Date: Sat, 25 May 2013 15:36:47 -0500 Subject: [Dovecot] dovecot-sieve (pigeonhole) -- is is possible to "re-filter" INBOX when filters have been updated? In-Reply-To: <1874727193.20130525125307@serebryakov.spb.ru> References: <17910192223.20130525002036@serebryakov.spb.ru> <5e509fc89fc5cfc960eee06ff788f328.squirrel@www.giz-works.com> <1874727193.20130525125307@serebryakov.spb.ru> Message-ID: <4ae5dbf42d43cc77136ff6f389385d48.squirrel@www.giz-works.com> On Sat, May 25, 2013 3:53 am, Lev Serebryakov wrote: > So, I need a way to run it from httpd (running with credentials of > web user) on behalf mail subsystem (running with credentials of > v-mail user) according command from PHP script... > It could be non-trivial... > There's a dovecot plugin that extends the sieve protocol and allows you to execute applications on the server. I don't know anything about it (I've never used it), but perhaps that is a path you could investigate? https://sftp.netscout.com/human.aspx?r=1484766944&Arg12=fileview&Arg11=1&Arg07=903982830&Arg06=904052910 Chris From gizmo at giz-works.com Sat May 25 23:38:11 2013 From: gizmo at giz-works.com (Chris Richards) Date: Sat, 25 May 2013 15:38:11 -0500 Subject: [Dovecot] dovecot-sieve (pigeonhole) -- is is possible to "re-filter" INBOX when filters have been updated? In-Reply-To: <4ae5dbf42d43cc77136ff6f389385d48.squirrel@www.giz-works.com> References: <17910192223.20130525002036@serebryakov.spb.ru> <5e509fc89fc5cfc960eee06ff788f328.squirrel@www.giz-works.com> <1874727193.20130525125307@serebryakov.spb.ru> <4ae5dbf42d43cc77136ff6f389385d48.squirrel@www.giz-works.com> Message-ID: <8ea8199b001288c81b800bc2d205ef86.squirrel@www.giz-works.com> On Sat, May 25, 2013 3:36 pm, Chris Richards wrote: > On Sat, May 25, 2013 3:53 am, Lev Serebryakov wrote: >> So, I need a way to run it from httpd (running with credentials of >> web user) on behalf mail subsystem (running with credentials of >> v-mail user) according command from PHP script... >> It could be non-trivial... >> > > There's a dovecot plugin that extends the sieve protocol and allows you to > execute applications on the server. I don't know anything about it (I've > never used it), but perhaps that is a path you could investigate? woops, wrong link, use this one: http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extprograms Chris From daniel.parthey at informatik.tu-chemnitz.de Sun May 26 18:33:22 2013 From: daniel.parthey at informatik.tu-chemnitz.de (Daniel Parthey) Date: Sun, 26 May 2013 17:33:22 +0200 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: References: <519F1D62.5070700@sys4.de> Message-ID: <20130526153321.GA27814@daniel.localdomain> Edwardo Garcia wrote: > Yes indeed, so it seem it does not do at all. > For now we disable use two hosts, but thiz not optimum for network. You might try to put mysqlproxy in between dovecot and your mysql cluster and have dovecot connect to the failover proxy (or proxies) instead of connecting the database directly. mysqlproxy makes use of the lua scripting language, where you might want to implement the failover or filter mechanisms you need. Regards Daniel -- https://plus.google.com/103021802792276734820 From daniel.parthey at informatik.tu-chemnitz.de Sun May 26 18:48:34 2013 From: daniel.parthey at informatik.tu-chemnitz.de (Daniel Parthey) Date: Sun, 26 May 2013 17:48:34 +0200 Subject: [Dovecot] NFS mount permissions In-Reply-To: <519F55AA.1060407@wk-serv.de> References: <519F55AA.1060407@wk-serv.de> Message-ID: <20130526154834.GA28006@daniel.localdomain> Patrick Westenberg wrote: > I would like to move my mails from ocfs2 to an NFS share. > As the mountpoint and all folders and files belong to > nobody/nogroup, dovecot is only able to access the mails if I give > full access to "others". I don't like that. We are using user vmail via NFSv4. Which NFS version are you migrating to? The userid vmail needs to exist on both systems (NFSv4 and mail server) and rpc.identd needs to be running on both sides with the same domain. Then the user should not be displayed as nobody, if the files are owned by vmail:vmail on the NFSv4 server. Regards Daniel -- https://plus.google.com/103021802792276734820 From francwalter at gmx.net Sun May 26 20:01:44 2013 From: francwalter at gmx.net (francwalter at gmx.net) Date: Sun, 26 May 2013 19:01:44 +0200 Subject: [Dovecot] Problems with Apple Mail: Enter Password for Account "..." In-Reply-To: <20130523074846.GA22147@nihlus.leuxner.net> References: <519CD9B3.2040101@gmx.net> <20130523074846.GA22147@nihlus.leuxner.net> Message-ID: <8990705F-F2B7-4FE2-8E0A-2616B0798F59@gmx.net> Am 23.05.2013 um 09:48 schrieb Thomas Leuxner: >> > > Mail.App is known to utilize many concurrent connections. Look again, most likely it maxes out the limit: > > protocol imap { > mail_max_userip_connections = 10 > } > > Regards > Thomas OK, along another advice I put the limit (there was none previously in my conf) to 1000, and try it a while. Thank you for the hint! franc From listes at imec-archives.com Sun May 26 20:21:05 2013 From: listes at imec-archives.com (Julien Beauviala) Date: Sun, 26 May 2013 19:21:05 +0200 Subject: [Dovecot] mixing virtual and system users Message-ID: <51A24481.70100@imec-archives.com> Hello all, I'm setting up a small mail server for aprox 20 users, and I'm trying to keep it really simple so I went the virtual users as text file way, following this page : http://lukas-schulze.de/2012/02/setup-postfix-and-dovecot-on-debian-squeeze-with-users-stored-text-file/ It seemed to work fine except for the 'system' users, and I am stumped by this. Basically the config does not 'see' /etc/aliases, so mail to root or mailman are 'Recipient address rejected: User unknown'. I've added the backup pam as explained by the following page* and tried many permutations in /etc/postfix/main.cf but still not good, systems users are rejected. Obviously something is amiss. * http://wiki2.dovecot.org/Authentication/MultipleDatabases If someone could point me in the right direction, that would be great. The system is debian 6, details of the configuration below. dovecot -n : ------------ # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s ssl_cert_file: /etc/ssl/certs/postfix.pem ssl_key_file: /etc/ssl/private/postfix.key login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login first_valid_uid: 5000 last_valid_uid: 5000 first_valid_gid: 5000 last_valid_gid: 5000 mail_privileged_group: vmail mail_location: maildir:/var/vmail/%d/%n/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 lda: auth_socket_path: /var/run/dovecot/auth-master postmaster_address: postmaster at example.net mail_plugins: sieve log_path: auth default: mechanisms: plain login verbose: yes passdb: driver: pam passdb: driver: passwd-file args: scheme=CRAM-MD5 /etc/dovecot/users.conf userdb: driver: static args: uid=5000 gid=5000 home=/var/vmail/%d/%n allow_all_users=yes userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail postconf -n : ------------- alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix debug_peer_level = 2 inet_interfaces = all mailbox_size_limit = 0 mydestination = localhost mydomain = example.net myhostname = osiris.example.net mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = $mydomain queue_directory = /var/spool/postfix recipient_delimiter = + relayhost = show_user_unknown_table_name = no smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_recipient_restrictions = reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem smtpd_tls_key_file = /etc/ssl/private/postfix.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps virtual_gid_maps = static:5000 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = hash:/etc/postfix/virtual_mailbox_domains virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox_maps virtual_minimum_uid = 100 virtual_transport = dovecot virtual_uid_maps = static:5000 /etc/postfix/virtual_mailbox_domains : -------------------------------------- @example.net OK @osiris.example.net OK /etc/postfix/virtual_mailbox_maps : ----------------------------------- elisabethp at example.net example.net/elisabethp /etc/postfix/virtual_alias_maps : --------------------------------- elisabeth at example.net elisabethp at example.net j. From acrow at integrafin.co.uk Sun May 26 20:29:24 2013 From: acrow at integrafin.co.uk (Alex Crow) Date: Sun, 26 May 2013 18:29:24 +0100 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: References: <519F1B62.4000708@integrafin.co.uk> Message-ID: <51A24674.9000001@integrafin.co.uk> Hi, Balls, the silly script (written in largely incomprehensible perl by a predecessor of mine) is supposed to catch mailing lists, and HR won't let us have it auto-terminate or update... :-( Thanks for giving me an another few hours work :-) Alex On 24/05/13 08:54, Edwardo Garcia wrote: > Alex, you on long vacation? > > Hi, I am on leave, returning on Thursday 9th May If your query is > urgent, please raise contact the team onitdept at integrafin.co.uk > . Regards Alex > > > On Fri, May 24, 2013 at 5:48 PM, Alex Crow > wrote: > > On 24/05/13 08:45, Edwardo Garcia wrote: > > Halo, > > (First time posting, please forgive English is not native) > > Change from Courier to Dovecot 2.1.16 > > Having two server. > > Having mysql on thiz two server, one master, one slave. > > What we wish is slave Dovecot only ask slave mysql, unless > slave mysql not > work when then ask master, we have Postfix do thiz fallover > good, but > Dovecot talk to slave and master no mater what, we think thiz > defeat > fallover as we not want this aktion, but aktion like Postfix. > > The problemo is can not find Dovecot option for thiz in > wiki2.dovecot.org , > is possible? > > > You could set up MySQL in Dual Master mode instead.... > > Alex > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. From francwalter at gmx.net Sun May 26 20:30:10 2013 From: francwalter at gmx.net (francwalter at gmx.net) Date: Sun, 26 May 2013 19:30:10 +0200 Subject: [Dovecot] Problems with Apple Mail: Enter Password for Account "..." In-Reply-To: <20130523074846.GA22147@nihlus.leuxner.net> References: <519CD9B3.2040101@gmx.net> <20130523074846.GA22147@nihlus.leuxner.net> Message-ID: <51A90FC4-B097-4C86-BDAD-DA319F45C980@gmx.net> At Wed May 22 18:16:44 EEST 2013 Professa Dementia professa wrote: > This is one of my pet peeves about Apple Mail and to some extent, > outlook. If *any* error occurs during the authentication phase, Apple > Mail, usually mistakenly, displays the error about bad login credentials. Ok, this is already a relief, that not my good Dovecot is the main problem :) > These errors may include such things as network problems, DNS issues, > local mailstore errors or corruption, issues with the mail server not > related to authentication, such as file locks, etc. This makes the search a bit more difficult, I guess. > Besides being annoying, and misleading, Apple Mail will invalidate your > saved password, requiring you to enter it again. And I didn?t enter it again, but just cancelled the message, I wonder that mail would really has invalidated it. > First look in your logs (Finder > Applications/Utilities > Console) to > see if there are any errors. Where exactly? I don?t know where I find the apple mail logs, I have to try system.log and secure.log the next time. > ... temporarily use a non-SSL connection for > mail and a network sniffer like Wireshark to watch the transaction?. > Dem I will try this next time! Thank you very much, Dem. frank From daniel.parthey at informatik.tu-chemnitz.de Sun May 26 20:33:57 2013 From: daniel.parthey at informatik.tu-chemnitz.de (Daniel Parthey) Date: Sun, 26 May 2013 19:33:57 +0200 Subject: [Dovecot] NFS mount permissions In-Reply-To: <20130526154834.GA28006@daniel.localdomain> References: <519F55AA.1060407@wk-serv.de> <20130526154834.GA28006@daniel.localdomain> Message-ID: <20130526173357.GA29272@daniel.localdomain> Daniel Parthey wrote: > and rpc.identd needs to be running on both sides with the same domain. Sorry, I meant idmapd which is configured in /etc/idmapd.conf Regards Daniel -- https://plus.google.com/103021802792276734820 From ben at morrow.me.uk Mon May 27 04:32:11 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Mon, 27 May 2013 02:32:11 +0100 Subject: [Dovecot] mixing virtual and system users In-Reply-To: <51A24481.70100@imec-archives.com> References: <51A24481.70100@imec-archives.com> Message-ID: <20130527013210.GE53132@anubis.morrow.me.uk> At 7PM +0200 on 26/05/13 you (Julien Beauviala) wrote: > > I'm setting up a small mail server for aprox 20 users, and I'm trying to > keep it really simple so I went the virtual users as text file way, > following this page : > > http://lukas-schulze.de/2012/02/setup-postfix-and-dovecot-on-debian- > squeeze-with-users-stored-text-file/ While howtos can be useful to see how someone else has solved a similar problem, they are no substitute for reading and understanding the documentation yourself. > It seemed to work fine except for the 'system' users, and I am stumped > by this. Basically the config does not 'see' /etc/aliases, so mail to > root or mailman are 'Recipient address rejected: User unknown'. This sounds like a Postfix rather than a Dovecot problem. It's not clear which users you mean when you say 'system' users, but I note that your Postfix 'local' users are not delivered through Dovecot. (This would require setting either local_transport or mailbox_transport.) Postfix 'virtual mailbox' users don't use /etc/aliases (this is a function of the local(8) transport) so if you want root at osiris.example.net to go somewhere sensible you will need to implement that with a Postfix virtual alias. See the Postfix ADDRESS_CLASS_README. > I've added the backup pam as explained by the following page* and tried > many permutations in /etc/postfix/main.cf but still not good, systems > users are rejected. Obviously something is amiss. Rejected where? Unless you are talking about SASL auth, this has nothing to do with Dovecot, and you should ask on a Postfix list. > * http://wiki2.dovecot.org/Authentication/MultipleDatabases > > If someone could point me in the right direction, that would be great. > > The system is debian 6, details of the configuration below. > > dovecot -n : > ------------ > # 1.2.15: /etc/dovecot/dovecot.conf It's a bad idea to set up a new machine with 1.2. The 1.x series is completely unsupported at this point, so you should really use the latest 2.1 instead. If you prefer to stick to Debian packages see http://wiki2.dovecot.org/PrebuiltBinaries#Debian . [...] > userdb: > driver: static > args: uid=5000 gid=5000 home=/var/vmail/%d/%n allow_all_users=yes > userdb: > driver: passwd These two are backwards. Userdb 'static' will always match, so this will never return user information from /etc/passwd for your system users. Ben From blevi.linux at gmail.com Mon May 27 13:07:37 2013 From: blevi.linux at gmail.com (Birta Levente) Date: Mon, 27 May 2013 13:07:37 +0300 Subject: [Dovecot] Dovecot 2.2 build rpm on Centos6 Message-ID: <51A33069.1080508@gmail.com> Hi list, I tried to build rpm based on dovecot-2.2.2-2.fc20.src.rpm on Centos 6.4 rpmbuild --define 'rhel 64' -ba dovecot-2.2.spec I get this error: checking for C compiler default output file name... configure: error: in `/home/builder/rpmbuild/BUILD/dovecot-2.2.2': configure: error: C compiler cannot create executables See `config.log' for more details. (config.log attached) What I missing? I'm not totally beginner, built dovecot 2.1 rpm-s many times same way like this, but not know mutch about building rpms and with this I just can get to work. Thank you! Levi -------------- next part -------------- This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by Dovecot configure 2.2.2, which was generated by GNU Autoconf 2.63. Invocation command line was $ ./configure --host=x86_64-redhat-linux-gnu --build=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info INSTALL_DATA=install -c -p -m644 --docdir=/usr/share/doc/dovecot-2.2.2 --disable-static --disable-rpath --with-nss --with-shadow --with-pam --with-gssapi=plugin --with-ldap=plugin --with-sql=plugin --with-pgsql --with-mysql --with-sqlite --with-zlib --with-libcap --with-lucene --with-ssl=openssl --with-ssldir=/etc/pki/dovecot --with-solr --with-systemdsystemunitdir=%{_unitdir} --with-docs ## --------- ## ## Platform. ## ## --------- ## hostname = uname -m = x86_64 uname -r = 2.6.32-358.6.2.el6.x86_64 uname -s = Linux uname -v = #1 SMP Thu May 16 20:59:36 UTC 2013 /usr/bin/uname -p = unknown /bin/uname -X = unknown /bin/arch = x86_64 /usr/bin/arch -k = unknown /usr/convex/getsysinfo = unknown /usr/bin/hostinfo = unknown /bin/machine = unknown /usr/bin/oslevel = unknown /bin/universe = unknown PATH: /usr/local/sbin PATH: /usr/local/bin PATH: /sbin PATH: /bin PATH: /usr/sbin PATH: /usr/bin PATH: /root/bin ## ----------- ## ## Core tests. ## ## ----------- ## configure:2290: checking for a BSD-compatible install configure:2358: result: /usr/bin/install -c configure:2369: checking whether build environment is sane configure:2429: result: yes configure:2570: checking for a thread-safe mkdir -p configure:2609: result: /bin/mkdir -p configure:2622: checking for gawk configure:2638: found /bin/gawk configure:2649: result: gawk configure:2660: checking whether make sets $(MAKE) configure:2682: result: yes configure:2766: checking whether to enable maintainer-specific portions of Makefiles configure:2775: result: no configure:2794: checking for x86_64-redhat-linux-gnu-pkg-config configure:2827: result: no configure:2837: checking for pkg-config configure:2855: found /usr/bin/pkg-config configure:2867: result: /usr/bin/pkg-config configure:2892: checking pkg-config is at least version 0.9.0 configure:2895: result: yes configure:3823: checking for style of include used by make configure:3851: result: GNU configure:3881: checking for x86_64-redhat-linux-gnu-gcc configure:3911: result: no configure:3921: checking for gcc configure:3937: found /usr/bin/gcc configure:3948: result: gcc configure:4180: checking for C compiler version configure:4188: gcc --version >&5 gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-3) Copyright (C) 2010 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. configure:4192: $? = 0 configure:4199: gcc -v >&5 Using built-in specs. Target: x86_64-redhat-linux Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre --enable-libgcj-multifile --enable-java-maintainer-mode --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib --with-ppl --with-cloog --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux Thread model: posix gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) configure:4203: $? = 0 configure:4210: gcc -V >&5 gcc: '-V' option must have argument configure:4214: $? = 1 configure:4237: checking for C compiler default output file name configure:4259: gcc %{__global_cflags} -fno-strict-aliasing -Wl,-z,now -Wl,-z,relro %{__global_ldflags} conftest.c >&5 gcc: %{__global_cflags}: No such file or directory gcc: %{__global_ldflags}: No such file or directory configure:4263: $? = 1 configure:4301: result: configure: failed program was: | /* confdefs.h. */ | #define PACKAGE_NAME "Dovecot" | #define PACKAGE_TARNAME "dovecot" | #define PACKAGE_VERSION "2.2.2" | #define PACKAGE_STRING "Dovecot 2.2.2" | #define PACKAGE_BUGREPORT "dovecot at dovecot.org" | #define DOVECOT_ABI_VERSION "2.2.ABIv2(2.2.2)" | #define PACKAGE "dovecot" | #define VERSION "2.2.2" | #define HAVE_SYSTEMD /**/ | /* end confdefs.h. */ | | int | main () | { | | ; | return 0; | } configure:4307: error: in `/home/builder/rpmbuild/BUILD/dovecot-2.2.2': configure:4310: error: C compiler cannot create executables See `config.log' for more details. ## ---------------- ## ## Cache variables. ## ## ---------------- ## ac_cv_env_CCC_set= ac_cv_env_CCC_value= ac_cv_env_CC_set= ac_cv_env_CC_value= ac_cv_env_CFLAGS_set=set ac_cv_env_CFLAGS_value='%{__global_cflags} -fno-strict-aliasing' ac_cv_env_CLUCENE_CFLAGS_set= ac_cv_env_CLUCENE_CFLAGS_value= ac_cv_env_CLUCENE_LIBS_set= ac_cv_env_CLUCENE_LIBS_value= ac_cv_env_CPPFLAGS_set= ac_cv_env_CPPFLAGS_value= ac_cv_env_CPP_set= ac_cv_env_CPP_value= ac_cv_env_CXXCPP_set= ac_cv_env_CXXCPP_value= ac_cv_env_CXXFLAGS_set=set ac_cv_env_CXXFLAGS_value='-O2 -g' ac_cv_env_CXX_set= ac_cv_env_CXX_value= ac_cv_env_LDFLAGS_set=set ac_cv_env_LDFLAGS_value='-Wl,-z,now -Wl,-z,relro %{__global_ldflags}' ac_cv_env_LIBS_set= ac_cv_env_LIBS_value= ac_cv_env_PKG_CONFIG_set= ac_cv_env_PKG_CONFIG_value= ac_cv_env_SSL_CFLAGS_set= ac_cv_env_SSL_CFLAGS_value= ac_cv_env_SSL_LIBS_set= ac_cv_env_SSL_LIBS_value= ac_cv_env_build_alias_set=set ac_cv_env_build_alias_value=x86_64-redhat-linux-gnu ac_cv_env_host_alias_set=set ac_cv_env_host_alias_value=x86_64-redhat-linux-gnu ac_cv_env_target_alias_set= ac_cv_env_target_alias_value= ac_cv_path_ac_pt_PKG_CONFIG=/usr/bin/pkg-config ac_cv_path_install='/usr/bin/install -c' ac_cv_path_mkdir=/bin/mkdir ac_cv_prog_AWK=gawk ac_cv_prog_ac_ct_CC=gcc ac_cv_prog_make_make_set=yes ## ----------------- ## ## Output variables. ## ## ----------------- ## ACLOCAL='${SHELL} /home/builder/rpmbuild/BUILD/dovecot-2.2.2/missing --run aclocal-1.11' ACLOCAL_AMFLAGS='-I $(top_srcdir)' AMDEPBACKSLASH='\' AMDEP_FALSE='#' AMDEP_TRUE='' AMTAR='${SHELL} /home/builder/rpmbuild/BUILD/dovecot-2.2.2/missing --run tar' AR='' AUTH_CFLAGS='' AUTH_LIBS='' AUTOCONF='${SHELL} /home/builder/rpmbuild/BUILD/dovecot-2.2.2/missing --run autoconf' AUTOHEADER='${SHELL} /home/builder/rpmbuild/BUILD/dovecot-2.2.2/missing --run autoheader' AUTOMAKE='${SHELL} /home/builder/rpmbuild/BUILD/dovecot-2.2.2/missing --run automake-1.11' AWK='gawk' BUILD_DOCS_FALSE='#' BUILD_DOCS_TRUE='' BUILD_LUCENE_EXTTEXTCAT_FALSE='' BUILD_LUCENE_EXTTEXTCAT_TRUE='' BUILD_LUCENE_FALSE='#' BUILD_LUCENE_STEMMER_FALSE='' BUILD_LUCENE_STEMMER_TRUE='' BUILD_LUCENE_TEXTCAT_FALSE='' BUILD_LUCENE_TEXTCAT_TRUE='' BUILD_LUCENE_TRUE='' BUILD_MYSQL_FALSE='' BUILD_MYSQL_TRUE='' BUILD_OPENSSL_FALSE='' BUILD_OPENSSL_TRUE='' BUILD_PGSQL_FALSE='' BUILD_PGSQL_TRUE='' BUILD_SHARED_LIBS_FALSE='#' BUILD_SHARED_LIBS_TRUE='' BUILD_SOLR_FALSE='' BUILD_SOLR_TRUE='' BUILD_SQLITE_FALSE='' BUILD_SQLITE_TRUE='' BUILD_ZLIB_PLUGIN_FALSE='' BUILD_ZLIB_PLUGIN_TRUE='' CC='gcc' CCDEPMODE='' CDB_LIBS='' CFLAGS='%{__global_cflags} -fno-strict-aliasing' CLUCENE_CFLAGS='' CLUCENE_LIBS='' COMPRESS_LIBS='' CPP='' CPPFLAGS='' CRYPT_LIBS='' CXX='' CXXCPP='' CXXDEPMODE='' CXXFLAGS='-O2 -g' CYGPATH_W='echo' DEFS='' DEPDIR='.deps' DICT_LIBS='' DOVECOT_PLUGIN_DEPS_FALSE='' DOVECOT_PLUGIN_DEPS_TRUE='' DSYMUTIL='' DUMPBIN='' ECHO_C='' ECHO_N='-n' ECHO_T='' EGREP='' EXEEXT='' FGREP='' GREP='' GSSAPI_PLUGIN_FALSE='' GSSAPI_PLUGIN_TRUE='' HAVE_RQUOTA_FALSE='' HAVE_RQUOTA_TRUE='' HAVE_SYSTEMD_FALSE='#' HAVE_SYSTEMD_TRUE='' INSTALL_DATA='install -c -p -m644' INSTALL_PROGRAM='${INSTALL}' INSTALL_SCRIPT='${INSTALL}' INSTALL_STRIP_PROGRAM='$(install_sh) -c -s' KRB5CONFIG='' KRB5_CFLAGS='' KRB5_LIBS='' LD='' LDAP_LIBS='' LDAP_PLUGIN_FALSE='' LDAP_PLUGIN_TRUE='' LDFLAGS='-Wl,-z,now -Wl,-z,relro %{__global_ldflags}' LIBCAP='' LIBDOVECOT='' LIBDOVECOT_COMPRESS='' LIBDOVECOT_DEPS='' LIBDOVECOT_LDA='' LIBDOVECOT_LOGIN='' LIBDOVECOT_SQL='' LIBDOVECOT_STORAGE='' LIBDOVECOT_STORAGE_DEPS='' LIBICONV='' LIBOBJS='' LIBS='' LIBTOOL='' LIBWRAP_LIBS='' LINKED_STORAGE_LDADD='' LINKED_STORAGE_LIBS='' LIPO='' LN_S='' LTLIBICONV='' LTLIBOBJS='' MAINT='#' MAINTAINER_MODE_FALSE='' MAINTAINER_MODE_TRUE='#' MAKEINFO='${SHELL} /home/builder/rpmbuild/BUILD/dovecot-2.2.2/missing --run makeinfo' MKDIR_P='/bin/mkdir -p' MODULE_LIBS='' MODULE_SUFFIX='' MYSQL_CFLAGS='' MYSQL_CONFIG='' MYSQL_LIBS='' NM='' NMEDIT='' NOPLUGIN_LDFLAGS='' OBJDUMP='' OBJEXT='' OTOOL64='' OTOOL='' PACKAGE='dovecot' PACKAGE_BUGREPORT='dovecot at dovecot.org' PACKAGE_NAME='Dovecot' PACKAGE_STRING='Dovecot 2.2.2' PACKAGE_TARNAME='dovecot' PACKAGE_VERSION='2.2.2' PATH_SEPARATOR=':' PGSQL_CFLAGS='' PGSQL_LIBS='' PG_CONFIG='' PKG_CONFIG='/usr/bin/pkg-config' QUOTA_LIBS='' RANLIB='' RPCGEN='' RUN_TEST='' SED='' SETTING_FILES='' SET_MAKE='' SHELL='/bin/sh' SQLITE_CFLAGS='' SQLITE_LIBS='' SQL_CFLAGS='' SQL_LIBS='' SQL_PLUGINS_FALSE='' SQL_PLUGINS_TRUE='' SSL_CFLAGS='' SSL_LIBS='' STRIP='' TCPWRAPPERS_FALSE='' TCPWRAPPERS_TRUE='' VALGRIND='' VERSION='2.2.2' abs_top_builddir='' ac_ct_CC='gcc' ac_ct_CXX='' ac_ct_DUMPBIN='' am__EXEEXT_FALSE='' am__EXEEXT_TRUE='' am__fastdepCC_FALSE='' am__fastdepCC_TRUE='' am__fastdepCXX_FALSE='' am__fastdepCXX_TRUE='' am__include='include' am__isrc='' am__leading_dot='.' am__quote='' am__tar='${AMTAR} chof - "$$tardir"' am__untar='${AMTAR} xf -' bindir='/usr/bin' build='x86_64-redhat-linux-gnu' build_alias='x86_64-redhat-linux-gnu' build_cpu='' build_os='' build_vendor='' datadir='/usr/share' datarootdir='${prefix}/share' dict_drivers='' docdir='/usr/share/doc/dovecot-2.2.2' dvidir='${docdir}' exec_prefix='/usr' host='x86_64-redhat-linux-gnu' host_alias='x86_64-redhat-linux-gnu' host_cpu='' host_os='' host_vendor='' htmldir='${docdir}' includedir='/usr/include' infodir='/usr/share/info' install_sh='${SHELL} /home/builder/rpmbuild/BUILD/dovecot-2.2.2/install-sh' libdir='/usr/lib64' libexecdir='/usr/libexec' localedir='${datarootdir}/locale' localstatedir='/var' lt_ECHO='echo' mail_storages='shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail' mailbox_list_drivers='' mandir='/usr/share/man' mkdir_p='/bin/mkdir -p' moduledir='/usr/lib64/dovecot' oldincludedir='/usr/include' pdfdir='${docdir}' prefix='/usr' program_transform_name='s&^&&' psdir='${docdir}' rundir='/var/run/dovecot' sbindir='/usr/sbin' sharedstatedir='/var/lib' sql_drivers='' ssldir='/etc/pki/dovecot' statedir='/var/lib/dovecot' sysconfdir='/etc' systemdsystemunitdir='%{_unitdir}' target_alias='' ## ----------- ## ## confdefs.h. ## ## ----------- ## #define PACKAGE_NAME "Dovecot" #define PACKAGE_TARNAME "dovecot" #define PACKAGE_VERSION "2.2.2" #define PACKAGE_STRING "Dovecot 2.2.2" #define PACKAGE_BUGREPORT "dovecot at dovecot.org" #define DOVECOT_ABI_VERSION "2.2.ABIv2(2.2.2)" #define PACKAGE "dovecot" #define VERSION "2.2.2" #define HAVE_SYSTEMD /**/ configure: exit 77 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3889 bytes Desc: S/MIME Cryptographic Signature URL: From christian.wiese at securepoint.de Mon May 27 13:42:20 2013 From: christian.wiese at securepoint.de (Christian Wiese) Date: Mon, 27 May 2013 12:42:20 +0200 Subject: [Dovecot] Dovecot 2.2 build rpm on Centos6 In-Reply-To: <51A33069.1080508@gmail.com> References: <51A33069.1080508@gmail.com> Message-ID: <20130527124220.53ca3fc2@cw-desktop> Hi Birta, it looks like you are having an issue with your RPM spec file. I am not doing RPM builds at all, but it seems to me that %{__global_cflags} is somehow not expanded. --------%<------------------------------------------------------------ configure:4237: checking for C compiler default output file name configure:4259: gcc %{__global_cflags} -fno-strict-aliasing -Wl,-z,now -Wl,-z,relro %{__global_ldflags} conftest.c >&5 gcc: %{__global_cflags}: No such file or directory gcc: %{__global_ldflags}: No such file or directory Am Mon, 27 May 2013 13:07:37 +0300 --------%<------------------------------------------------------------ 'gcc %{__global_cflags} ...' as seen in the config.log is of course not valid, so you need to find the reason why it is not getting expanded. This is clearly not an issue with dovecot itself but an issue with your "build system". Cheers, Chris schrieb Birta Levente : > Hi list, > > I tried to build rpm based on dovecot-2.2.2-2.fc20.src.rpm on Centos > 6.4 > > rpmbuild --define 'rhel 64' -ba dovecot-2.2.spec > > I get this error: > > checking for C compiler default output file name... > configure: error: in `/home/builder/rpmbuild/BUILD/dovecot-2.2.2': > configure: error: C compiler cannot create executables > See `config.log' for more details. > > > (config.log attached) > > > What I missing? > > I'm not totally beginner, built dovecot 2.1 rpm-s many times same way > like this, but not know mutch about building rpms and with this I > just can get to work. > > Thank you! > > Levi > > From blevi.linux at gmail.com Mon May 27 15:10:41 2013 From: blevi.linux at gmail.com (Birta Levente) Date: Mon, 27 May 2013 15:10:41 +0300 Subject: [Dovecot] Dovecot 2.2 build rpm on Centos6 In-Reply-To: <20130527124220.53ca3fc2@cw-desktop> References: <51A33069.1080508@gmail.com> <20130527124220.53ca3fc2@cw-desktop> Message-ID: <51A34D41.3030400@gmail.com> On 27/05/2013 13:42, Christian Wiese wrote: > Hi Birta, > > it looks like you are having an issue with your RPM spec file. > I am not doing RPM builds at all, but it seems to me that > %{__global_cflags} is somehow not expanded. > --------%<------------------------------------------------------------ > configure:4237: checking for C compiler default output file name > configure:4259: gcc %{__global_cflags} -fno-strict-aliasing -Wl,-z,now > -Wl,-z,relro %{__global_ldflags} conftest.c >&5 gcc: > %{__global_cflags}: No such file or directory gcc: %{__global_ldflags}: > No such file or directory Am Mon, 27 May 2013 13:07:37 +0300 > --------%<------------------------------------------------------------ > > 'gcc %{__global_cflags} ...' as seen in the config.log is of course not > valid, so you need to find the reason why it is not getting expanded. > This is clearly not an issue with dovecot itself but an issue with your > "build system". > > Cheers, > Chris > Thanks for the reply. You probably right, but I have no idea what is this {__global_??flags}. I tried to delete from the spec file ... before: export CFLAGS="%{__global_cflags} -fno-strictaliasing" export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{__global_ldflags}" after: export CFLAGS="-fno-strictaliasing" export LDFLAGS="-Wl,-z,now -Wl,-z,relro" and get over the configure stage, but in the make stage I get many errors. So I think this is searching in the dark. Maybe someone who built dovecot 2.2 on rhel/centos 6 help me how do that? Thanks Levi > > schrieb Birta Levente : > >> Hi list, >> >> I tried to build rpm based on dovecot-2.2.2-2.fc20.src.rpm on Centos >> 6.4 >> >> rpmbuild --define 'rhel 64' -ba dovecot-2.2.spec >> >> I get this error: >> >> checking for C compiler default output file name... >> configure: error: in `/home/builder/rpmbuild/BUILD/dovecot-2.2.2': >> configure: error: C compiler cannot create executables >> See `config.log' for more details. >> >> >> (config.log attached) >> >> >> What I missing? >> >> I'm not totally beginner, built dovecot 2.1 rpm-s many times same way >> like this, but not know mutch about building rpms and with this I >> just can get to work. >> >> Thank you! >> >> Levi >> >> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3889 bytes Desc: S/MIME Cryptographic Signature URL: From mstevens at imt-systems.com Mon May 27 15:40:50 2013 From: mstevens at imt-systems.com (Morten Stevens) Date: Mon, 27 May 2013 14:40:50 +0200 Subject: [Dovecot] Dovecot 2.2 build rpm on Centos6 In-Reply-To: <51A34D41.3030400@gmail.com> References: <51A33069.1080508@gmail.com> <20130527124220.53ca3fc2@cw-desktop> <51A34D41.3030400@gmail.com> Message-ID: <51A35452.5020303@imt-systems.com> On 27.05.2013 14:10, Birta Levente wrote: > Maybe someone who built dovecot 2.2 on rhel/centos 6 help me how do that? Yes: http://mstevens.fedorapeople.org/el6/dovecot/2.2/ Best regards, Morten From blevi.linux at gmail.com Mon May 27 16:12:46 2013 From: blevi.linux at gmail.com (Birta Levente) Date: Mon, 27 May 2013 16:12:46 +0300 Subject: [Dovecot] Dovecot 2.2 build rpm on Centos6 In-Reply-To: <51A35452.5020303@imt-systems.com> References: <51A33069.1080508@gmail.com> <20130527124220.53ca3fc2@cw-desktop> <51A34D41.3030400@gmail.com> <51A35452.5020303@imt-systems.com> Message-ID: <51A35BCE.4010709@gmail.com> On 27/05/2013 15:40, Morten Stevens wrote: > On 27.05.2013 14:10, Birta Levente wrote: >> Maybe someone who built dovecot 2.2 on rhel/centos 6 help me how do that? > > Yes: http://mstevens.fedorapeople.org/el6/dovecot/2.2/ > > Best regards, > > Morten > Thank you!!! It's work Levi -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3889 bytes Desc: S/MIME Cryptographic Signature URL: From simon.buongiorno at gmail.com Mon May 27 16:18:47 2013 From: simon.buongiorno at gmail.com (Simon B) Date: Mon, 27 May 2013 15:18:47 +0200 Subject: [Dovecot] Upgrading 1.2 to 2.x In-Reply-To: <0c1dda65675790dbd0d1a44f0d6cfe37@junc.eu> References: <0c1dda65675790dbd0d1a44f0d6cfe37@junc.eu> Message-ID: On 24 May 2013 20:08, Benny Pedersen wrote: > Simon B skrev den 2013-05-24 18:32: > >> In an unscheduled maintenance window next week, I will have the >> opportunity to upgrade to 2.x should I wish to do and provided I can >> get it working on stage first. > > > +1, i would have installed 2.x if it was first time install of dovecot, i > would keep 1.x until i need a new server, since 1.x is all i need, and wiki > page for 1.x still exits so all is fine imho :=) Thanks for the response Benny - the opportunity is that it's a new server :) >> My questions: >> >> I've seen a lot on the list about the rock-solidness of 1.2 but also >> some people saying that some versions of 2.x better than others. Is >> there a recommended version - I don't need bleeding edge, I'd prefer >> stability, or one most of you can agree on? > > > imho its not just a version change, its more then that, mailstore and > backend and out support and whole new config layout keeps me away from > migradeing it, well when i migraded from curier-imap to dovecot i have both > running the same time binded to diff localhost ips, then it was simple to > use imapsync to migrade over storages for all mailboxes, but now with > dovecot 1.x to 2.x its not that simple anymore > >> What am I missing by not upgrading? > > > if 1.x is working now, then you miss nothing, no matter that dovecot 1.x is > nearly not supported in any distros anymore, so i keep my 1.x ebuild on > gentoo, just in case i still really need to build it again Yeah, 1.2 is working and I never have to worry about it. The problem is I don't really see a feature list to give me an idea of whether the reward is worth the risk. >> A few months ago I tried to convert a Dovecot 1.2 config into 2.1 and >> wasn't very successful. Any tips on how to go about it? > > > its dangoryous to ask that here, most people would just say read the docs or > do "dovecot -n >new.conf" with the new dovecot installed, not there fault it > ends with single conf like dovecot 1.x had Yes, that's what I did - failed spectacularly. And I've just reread it again. > suggested keep 1.x for now Cheers. Unless anyone has anything to add, that is probably what I will do. Simon From nmilas at noa.gr Mon May 27 16:56:29 2013 From: nmilas at noa.gr (Nikolaos Milas) Date: Mon, 27 May 2013 16:56:29 +0300 Subject: [Dovecot] Dovecot 2.2 build rpm on Centos6 In-Reply-To: <51A33069.1080508@gmail.com> References: <51A33069.1080508@gmail.com> Message-ID: <51A3660D.3000700@noa.gr> On 27/5/2013 1:07 ??, Birta Levente wrote: > I tried to build rpm based on dovecot-2.2.2-2.fc20.src.rpm on Centos 6.4 You may want to try: dovecot-2.2.2-2.noa.el6.src.rpm which produces: dovecot-2.2.2-2.noa.el6.x86_64.rpm dovecot-debuginfo-2.2.2-2.noa.el6.x86_64.rpm dovecot-devel-2.2.2-2.noa.el6.x86_64.rpm dovecot-mysql-2.2.2-2.noa.el6.x86_64.rpm dovecot-pgsql-2.2.2-2.noa.el6.x86_64.rpm dovecot-pigeonhole-2.2.2-2.noa.el6.x86_64.rpm available at: http://www.noa.gr/rpmfiles/ This package is using LTB Project's Openldap RPMs for LDAP linking: http://ltb-project.org/wiki/download#openldap The above Dovecot SRPM has evolved from fakessh's rpms: http://ns.fakessh.eu/rpms/ and I like it because it is clean and clear (to me, at least). Nick From nicolas.roche at fluid-e.com Mon May 27 17:09:41 2013 From: nicolas.roche at fluid-e.com (Nicolas ROCHE) Date: Mon, 27 May 2013 14:09:41 +0000 Subject: [Dovecot] Problem with dsync replication : mails are not deleted correctly Message-ID: <9EC9DF8E63BF3C45906CAAA684E3A1F45738D83E@DBXPRD0610MB358.eurprd06.prod.outlook.com> Hello, I would like to configure a postfix / dovecot cluster based on ssh / dsync replication. I have two linux serveurs (Oracle RHEL 5 86_64) and I install both sides dovecot (V2.2.2+), postfix (2.10.0) and mysql (Ver 14.12 Distrib 5.0.77). I configured these servers in order to make them replicate, and I created some virtual users. I use some java code in order to send mail (with SMTP) and to get mail (with POP3). When the java code get a mail, it deletes it from mailbox (the flag "DELETED" is set to true). When I send a mail on server A, I can see the mail replicated on both servers A and B : a file containing the message data exists in /home/vmail/test03/new/ in both sides. When I get the mail from server A with my java POP3 client, all is OK : the mail is deleted on both servers A and B (no more file in /home/vmail/test03/new/). The problem is when I send a mail on server A and I get it from server B : I can get the mail, but the mail is not deleted from server B, and neither from server A. When I try a second time to get the mail on server B, then all becomes OK : the mail is deleted on both server A and B. I can reproduce the problem every time. Is it a known bug or not ? If yes, is there a patch ? If no, may the problem come from my config ? Regards, Nicolas. [root at int-proxy1 dovecot-2.2.2-p1]# doveconf -n # 2.2.2: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-194.el5xen x86_64 Red Hat Enterprise Linux Server release 5.5 (Tikanga) ext3 disable_plaintext_auth = no hostname = int-proxy1 mail_location = maildir:/home/vmail/%u mail_plugins = acl quota notify replication mail_privileged_group = mail mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf driver = sql } plugin { mail_replica = remote:vmail at int-proxy2 replication_full_sync_interval = 1 hours } pop3_uidl_format = %g postmaster_address = postmaster at mail.fluid-e.int service aggregator { fifo_listener replication-notify-fifo { mode = 0666 user = vmail } unix_listener replication-notify { mode = 0666 user = vmail } } service auth-worker { user = root } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0666 user = vmail } user = root } service config { unix_listener config { user = vmail } } service doveadm { user = vmail } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service replicator { process_min_avail = 1 } ssl_cert = References: <9EC9DF8E63BF3C45906CAAA684E3A1F45738D83E@DBXPRD0610MB358.eurprd06.prod.outlook.com> Message-ID: On 27.5.2013, at 17.09, Nicolas ROCHE wrote: > I have two linux serveurs (Oracle RHEL 5 86_64) and I install both sides dovecot (V2.2.2+), postfix (2.10.0) and mysql (Ver 14.12 Distrib 5.0.77). > I configured these servers in order to make them replicate, and I created some virtual users. > I use some java code in order to send mail (with SMTP) and to get mail (with POP3). > When the java code get a mail, it deletes it from mailbox (the flag "DELETED" is set to true). > > When I send a mail on server A, I can see the mail replicated on both servers A and B : a file containing the message data exists in /home/vmail/test03/new/ in both sides. The mail is delivered via LMTP? > When I get the mail from server A with my java POP3 client, all is OK : the mail is deleted on both servers A and B (no more file in /home/vmail/test03/new/). > > The problem is when I send a mail on server A and I get it from server B : I can get the mail, but the mail is not deleted from server B, and neither from server A. > When I try a second time to get the mail on server B, then all becomes OK : the mail is deleted on both server A and B. > > I can reproduce the problem every time. > > Is it a known bug or not ? If yes, is there a patch ? If no, may the problem come from my config ? Shouldn't happen. Try this: 1. Disable the replication plugin (remove from mail_plugins) 2. Deliver a new mail on A 3. Sync the new mail to the replica: doveadm sync -u user at domain -d 4. Read + delete mail on B (and verify it gets deleted from B) 5. Sync the deletion to the replica with rawlog enabled: doveadm sync -r rawlog -u user at domain -d Now assuming that the mail was added back to B instead of being deleted from A, send the rawlog to me. From nicolas.roche at fluid-e.com Mon May 27 17:50:34 2013 From: nicolas.roche at fluid-e.com (Nicolas ROCHE) Date: Mon, 27 May 2013 14:50:34 +0000 Subject: [Dovecot] Problem with dsync replication : mails are not deleted correctly In-Reply-To: References: <9EC9DF8E63BF3C45906CAAA684E3A1F45738D83E@DBXPRD0610MB358.eurprd06.prod.outlook.com> Message-ID: <9EC9DF8E63BF3C45906CAAA684E3A1F45738D892@DBXPRD0610MB358.eurprd06.prod.outlook.com> > I have two linux serveurs (Oracle RHEL 5 86_64) and I install both sides dovecot (V2.2.2+), postfix (2.10.0) and mysql (Ver 14.12 Distrib 5.0.77). > I configured these servers in order to make them replicate, and I created some virtual users. > I use some java code in order to send mail (with SMTP) and to get mail (with POP3). > When the java code get a mail, it deletes it from mailbox (the flag "DELETED" is set to true). > > When I send a mail on server A, I can see the mail replicated on both servers A and B : a file containing the message data exists in /home/vmail/test03/new/ in both sides. The mail is delivered via LMTP? ==> I don't think so (but I don't know exactly what is LMTP). > When I get the mail from server A with my java POP3 client, all is OK : the mail is deleted on both servers A and B (no more file in /home/vmail/test03/new/). > > The problem is when I send a mail on server A and I get it from server B : I can get the mail, but the mail is not deleted from server B, and neither from server A. > When I try a second time to get the mail on server B, then all becomes OK : the mail is deleted on both server A and B. > > I can reproduce the problem every time. > > Is it a known bug or not ? If yes, is there a patch ? If no, may the problem come from my config ? Shouldn't happen. Try this: 1. Disable the replication plugin (remove from mail_plugins) 2. Deliver a new mail on A 3. Sync the new mail to the replica: doveadm sync -u user at domain -d 4. Read + delete mail on B (and verify it gets deleted from B) 5. Sync the deletion to the replica with rawlog enabled: doveadm sync -r rawlog -u user at domain -d Now assuming that the mail was added back to B instead of being deleted from A, send the rawlog to me. I tried the 5 steps successfully : 1 - I commented "mail_plugins" in my config and restart dovecot service 2 - I delivered I mail on server A : I can see the mail on the server A in /home/vmail/test03/new/ but not in server B. 3 - I synchronized servers : from server A I executed the command "doveadm sync -u test03 test03 at int-proxy2". The mail is then in /home/vmail/test03/new/ on both servers A and B. 4 - I read and delete mail on server B. The mail is deleted from server B but is still on server A in /home/vmail/test03/new/. 5 - I synchronized servers : from server B I executed the command "doveadm sync -r rawlog -u test03 test03 at int-proxy1". The mail is then deleted on both servers. From tss at iki.fi Mon May 27 18:22:52 2013 From: tss at iki.fi (Timo Sirainen) Date: Mon, 27 May 2013 18:22:52 +0300 Subject: [Dovecot] Problem with dsync replication : mails are not deleted correctly In-Reply-To: <9EC9DF8E63BF3C45906CAAA684E3A1F45738D892@DBXPRD0610MB358.eurprd06.prod.outlook.com> References: <9EC9DF8E63BF3C45906CAAA684E3A1F45738D83E@DBXPRD0610MB358.eurprd06.prod.outlook.com> <9EC9DF8E63BF3C45906CAAA684E3A1F45738D892@DBXPRD0610MB358.eurprd06.prod.outlook.com> Message-ID: On 27.5.2013, at 17.50, Nicolas ROCHE wrote: >> I have two linux serveurs (Oracle RHEL 5 86_64) and I install both sides dovecot (V2.2.2+), postfix (2.10.0) and mysql (Ver 14.12 Distrib 5.0.77). >> I configured these servers in order to make them replicate, and I created some virtual users. >> I use some java code in order to send mail (with SMTP) and to get mail (with POP3). >> When the java code get a mail, it deletes it from mailbox (the flag "DELETED" is set to true). >> >> When I send a mail on server A, I can see the mail replicated on both servers A and B : a file containing the message data exists in /home/vmail/test03/new/ in both sides. > > The mail is delivered via LMTP? > ==> I don't think so (but I don't know exactly what is LMTP). How is Postfix configured to deliver the mail to Maildir? If it's not via Dovecot LDA or LMTP, that might be the cause of your problems. From nicolas.roche at fluid-e.com Mon May 27 18:33:33 2013 From: nicolas.roche at fluid-e.com (Nicolas ROCHE) Date: Mon, 27 May 2013 15:33:33 +0000 Subject: [Dovecot] Problem with dsync replication : mails are not deleted correctly In-Reply-To: References: <9EC9DF8E63BF3C45906CAAA684E3A1F45738D83E@DBXPRD0610MB358.eurprd06.prod.outlook.com> <9EC9DF8E63BF3C45906CAAA684E3A1F45738D892@DBXPRD0610MB358.eurprd06.prod.outlook.com> Message-ID: <9EC9DF8E63BF3C45906CAAA684E3A1F45738D8F0@DBXPRD0610MB358.eurprd06.prod.outlook.com> On 27.5.2013, at 17.50, Nicolas ROCHE wrote: >> I have two linux serveurs (Oracle RHEL 5 86_64) and I install both sides dovecot (V2.2.2+), postfix (2.10.0) and mysql (Ver 14.12 Distrib 5.0.77). >> I configured these servers in order to make them replicate, and I created some virtual users. >> I use some java code in order to send mail (with SMTP) and to get mail (with POP3). >> When the java code get a mail, it deletes it from mailbox (the flag "DELETED" is set to true). >> >> When I send a mail on server A, I can see the mail replicated on both servers A and B : a file containing the message data exists in /home/vmail/test03/new/ in both sides. > > The mail is delivered via LMTP? > ==> I don't think so (but I don't know exactly what is LMTP). How is Postfix configured to deliver the mail to Maildir? If it's not via Dovecot LDA or LMTP, that might be the cause of your problems. I checked my config and I can say that I am using dovecot LDA : In /etc/postfix/main.cf I use "virtual_transport = dovecot" In /etc/postfix/master.cf I use : dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -d ${user} I confirm I do not use LMTP : I removed all LMTP instructions from my dovecot config and I still have the same symptoms when I delete a message... Is postfix used when a mail is deleted ? Is not it only dovecot (and dsync utility) who is used to synchronise the mail deletion ? From CMarcus at Media-Brokers.com Mon May 27 19:17:29 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 27 May 2013 12:17:29 -0400 Subject: [Dovecot] Problem with dsync replication : mails are not deleted correctly In-Reply-To: <9EC9DF8E63BF3C45906CAAA684E3A1F45738D8F0@DBXPRD0610MB358.eurprd06.prod.outlook.com> References: <9EC9DF8E63BF3C45906CAAA684E3A1F45738D83E@DBXPRD0610MB358.eurprd06.prod.outlook.com> <9EC9DF8E63BF3C45906CAAA684E3A1F45738D892@DBXPRD0610MB358.eurprd06.prod.outlook.com> <9EC9DF8E63BF3C45906CAAA684E3A1F45738D8F0@DBXPRD0610MB358.eurprd06.prod.outlook.com> Message-ID: <51A38719.5000702@Media-Brokers.com> On 2013-05-27 11:33 AM, Nicolas ROCHE wrote: > I checked my config and I can say that I am using dovecot LDA : > > In /etc/postfix/main.cf I use "virtual_transport = dovecot" > In /etc/postfix/master.cf I use : > dovecot unix - n n - - pipe > flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -d ${user} > > I confirm I do not use LMTP : I removed all LMTP instructions from my dovecot config and I still have the same symptoms when I delete a message... > > Is postfix used when a mail is deleted ? Is not it only dovecot (and dsync utility) who is used to synchronise the mail deletion ? Please provide logs of a successful delivery showing that dovecot KDA is used. Also, please don't show copy/snips of config files, always only show doveconf -n (or postconf -n for postfix) output - this makes sure that you are using the config that you think you are using. -- Best regards, Charles From nicolas.roche at fluid-e.com Mon May 27 19:30:42 2013 From: nicolas.roche at fluid-e.com (Nicolas ROCHE) Date: Mon, 27 May 2013 16:30:42 +0000 Subject: [Dovecot] Problem with dsync replication : mails are not deleted correctly In-Reply-To: <51A38719.5000702@Media-Brokers.com> References: <9EC9DF8E63BF3C45906CAAA684E3A1F45738D83E@DBXPRD0610MB358.eurprd06.prod.outlook.com> <9EC9DF8E63BF3C45906CAAA684E3A1F45738D892@DBXPRD0610MB358.eurprd06.prod.outlook.com> <9EC9DF8E63BF3C45906CAAA684E3A1F45738D8F0@DBXPRD0610MB358.eurprd06.prod.outlook.com> <51A38719.5000702@Media-Brokers.com> Message-ID: <9EC9DF8E63BF3C45906CAAA684E3A1F45738D943@DBXPRD0610MB358.eurprd06.prod.outlook.com> These are the logs and config I can give you at the moment. I suppose it is possible to configure more verbose logs : I will search how to... Regards, Nicolas. ====================================== When I send a mail on serveur A : ====================================== Server A : /var/log/maillog : ============================= May 27 18:20:41 tmpl-vm03 postfix/smtpd[14476]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled May 27 18:20:41 tmpl-vm03 postfix/smtpd[14476]: warning: smtpd_sasl_auth_enable is true, but SASL support is not compiled in May 27 18:20:41 tmpl-vm03 postfix/smtpd[14476]: connect from unknown[192.168.0.70] May 27 18:20:41 tmpl-vm03 postfix/smtpd[14476]: 6FB077E415B: client=unknown[192.168.0.70] May 27 18:20:41 tmpl-vm03 postfix/cleanup[14482]: 6FB077E415B: message-id=<7866553.0.1369671641306.JavaMail.Administrateur at NICOLAS-ROCHE-P> May 27 18:20:41 tmpl-vm03 postfix/qmgr[30415]: 6FB077E415B: from=, size=504, nrcpt=1 (queue active) May 27 18:20:41 tmpl-vm03 postfix/smtpd[14476]: disconnect from unknown[192.168.0.70] May 27 18:20:41 tmpl-vm03 dovecot: lda(test03): msgid=<7866553.0.1369671641306.JavaMail.Administrateur at NICOLAS-ROCHE-P>: saved mail to INBOX May 27 18:20:41 tmpl-vm03 postfix/pipe[14484]: 6FB077E415B: to=, relay=dovecot, delay=0.16, delays=0.08/0.01/0/0.08, dsn=2.0.0, status=sent (delivered via dovecot service) May 27 18:20:41 tmpl-vm03 postfix/qmgr[30415]: 6FB077E415B: removed Server B : /var/log/maillog : ============================= No log. ====================================== When I get a mail on serveur B (first time) : ====================================== Server A : /var/log/maillog : ============================= No log. Server B : /var/log/maillog : ============================= May 27 18:23:14 tmpl-vm03 dovecot: pop3-login: Login: user=, method=PLAIN, rip=192.168.0.70, lip=10.254.2.61, mpid=15472, session= May 27 18:23:14 tmpl-vm03 dovecot: pop3(test03): Disconnected: Logged out top=1/580, retr=0/0, del=1/1, size=585 ====================================== When I get a mail on serveur B (second time) : ====================================== Server A : /var/log/maillog : ============================= No log. Server B : /var/log/maillog : ============================= May 27 18:24:15 tmpl-vm03 dovecot: pop3-login: Login: user=, method=PLAIN, rip=192.168.0.70, lip=10.254.2.61, mpid=15479, session= May 27 18:24:15 tmpl-vm03 dovecot: pop3(test03): Disconnected: Logged out top=1/580, retr=0/0, del=1/1, size=585 ================================= doveconf -n ================================= [root at int-proxy1 ~]# doveconf -n # 2.2.2: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-194.el5xen x86_64 Red Hat Enterprise Linux Server release 5.5 (Tikanga) ext3 disable_plaintext_auth = no hostname = int-proxy1 mail_location = maildir:/home/vmail/%u mail_plugins = acl quota notify replication mail_privileged_group = mail mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf driver = sql } plugin { mail_replica = remote:vmail at int-proxy2 replication_full_sync_interval = 1 hours } pop3_uidl_format = %g postmaster_address = postmaster at mail.fluid-e.int protocols = imap pop3 service aggregator { fifo_listener replication-notify-fifo { mode = 0666 user = vmail } unix_listener replication-notify { mode = 0666 user = vmail } } service auth-worker { user = root } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0666 user = vmail } user = root } service config { unix_listener config { user = vmail } } service doveadm { user = vmail } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service replicator { process_min_avail = 1 } ssl_cert = wrote: > I checked my config and I can say that I am using dovecot LDA : > > In /etc/postfix/main.cf I use "virtual_transport = dovecot" > In /etc/postfix/master.cf I use : > dovecot unix - n n - - pipe > flags=DRhu user=vmail:vmail > argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -d ${user} > > I confirm I do not use LMTP : I removed all LMTP instructions from my dovecot config and I still have the same symptoms when I delete a message... > > Is postfix used when a mail is deleted ? Is not it only dovecot (and dsync utility) who is used to synchronise the mail deletion ? Please provide logs of a successful delivery showing that dovecot KDA is used. Also, please don't show copy/snips of config files, always only show doveconf -n (or postconf -n for postfix) output - this makes sure that you are using the config that you think you are using. -- Best regards, Charles From oajara at frsf.utn.edu.ar Mon May 27 21:08:06 2013 From: oajara at frsf.utn.edu.ar (Oscar A. Jara) Date: Mon, 27 May 2013 15:08:06 -0300 Subject: [Dovecot] UIDLs problem on migration to dovecot Message-ID: <5271cc85eb8b3511e9c398978af6b1f7@frsf.utn.edu.ar> Hello list, I'm about to migrate from Courier 4.6 (POP and IMAP) to Dovecot 1.2. I am currently trying to match UIDLs of both servers to avoid redownload of mails but I could not success. I've already configured dovecot POP3 to format UIDLs like this: pop3_uidl_format = UID%u-%v I also executed the script 'courier-dovecot-migrate.pl' to do the migration in a couple of test accounts but the IDs don't match for all mails and the script didn't report any errors. I have production courier pop3 server running on port 110 and the new dovecot server running on another port. Here I paste some of the missmatches in one of the test accounts: 8827 UID9060-1259354075 | 8827 UID9041-1259354075 8828 UID9061-1259354075 | 8828 UID9023-1259354075 8829 UID9062-1259354075 | 8829 UID9067-1259354075 8830 UID9063-1259354075 | 8830 UID9064-1259354075 8831 UID9064-1259354075 | 8831 UID9043-1259354075 8832 UID9065-1259354075 | 8832 UID9061-1259354075 8833 UID9066-1259354075 | 8833 UID9025-1259354075 8834 UID9067-1259354075 | 8834 UID9047-1259354075 One thing that I don't know if is important is that I am using dovecot-lda since long ago, not courier lda. I don't know what I am missing here and I would appreciate some help. Thank you. __________ Information from ESET Mail Security, version of virus signature database 8381 (20130527) __________ The message was checked by ESET Mail Security. http://www.eset.com From ibrahim.harrani at gmail.com Mon May 27 23:40:24 2013 From: ibrahim.harrani at gmail.com (Ibrahim Harrani) Date: Mon, 27 May 2013 23:40:24 +0300 Subject: [Dovecot] post-login script and original remote ip in proxy mode Message-ID: Hi, I am running dovecot on 3 qmail-ldap server backend. dovecot configured to use auth_pop3 wrapper for authentication. Users logins to the qmail-ldap pop3&imap pools randomly. If a user is mailhost is not the connected server, dovecot proxies the connection to the user mailhost. In this case, I can not get the original client IP address via post-logins script on user host. I see only the first connected server IP as $IP environment. Any idea to get original client IP in this setup with postlogin scripts? Thanks From ya.mwork at yandex.ru Tue May 28 08:45:49 2013 From: ya.mwork at yandex.ru (Evgeny Basov) Date: Tue, 28 May 2013 09:45:49 +0400 Subject: [Dovecot] Question about directory hash function. Message-ID: <51A4448D.1080506@yandex.ru> Hello, Timo. I have a question about %H in http://wiki2.dovecot.org/Variables : what the hash function uses for calculations and how to get this value manually? This is need for bypass way getting home directory. With best regards, Evgeny Basov. From skdovecot at smail.inf.fh-brs.de Tue May 28 10:20:14 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 28 May 2013 09:20:14 +0200 (CEST) Subject: [Dovecot] put users's mailbox in read only mode In-Reply-To: <519C81F6.4050302@esiee.fr> References: <519C81F6.4050302@esiee.fr> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 22 May 2013, Frank Bonnet wrote: > For internal purpose I need to put some users's mailboxes > and IMAP folders in read only mode during few days. > > We use MBOX format and UNIX real users mode ( FreeBSD 9.1 ) chown the files and directories they are located in to some user / group, the real mailbox user has no write, but read permission only. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUaRarl3r2wJMiz2NAQLLUwf+N55y0GYQKYr+xmU6nE/l1XSJIwQJ5ZUq RoRFWykvnwFYS96CpEPWaMzvveLEy55YC7/sHJh6ytraYGBZpuBXZe7NYNg9LgKu Pymx7mUjsSuNpQYHyVeaGPlM/qBhlGzvf/H9mFWgE36jl78DdAJe4tHH7hualaZ5 1H8WVQwzRr9UuMwMpXHTvL52HUxYYjMxuKhpdyqWpnhYVYKHBvCOLDSOHEht9DQd MkoSQQHiWcBZsM9Vbe3DrKE272liq1KIoCnNSSlgwskFkqU+mB9kLfW/2VifkzmL Tz/YeIRs1z5BwKCnQTU//BMUN8fsFXc72z6CuOT1o72I7g273gm8kw== =LjIA -----END PGP SIGNATURE----- From blevi.linux at gmail.com Tue May 28 10:42:20 2013 From: blevi.linux at gmail.com (Birta Levente) Date: Tue, 28 May 2013 10:42:20 +0300 Subject: [Dovecot] Dovecot 2.2 build rpm on Centos6 In-Reply-To: <51A3660D.3000700@noa.gr> References: <51A33069.1080508@gmail.com> <51A3660D.3000700@noa.gr> Message-ID: <51A45FDC.5010100@gmail.com> On 27/05/2013 16:56, Nikolaos Milas wrote: > On 27/5/2013 1:07 ??, Birta Levente wrote: > >> I tried to build rpm based on dovecot-2.2.2-2.fc20.src.rpm on Centos 6.4 > > You may want to try: > > dovecot-2.2.2-2.noa.el6.src.rpm > > > available at: http://www.noa.gr/rpmfiles/ Thank you Nick, but I can't reach this link ... > > This package is using LTB Project's Openldap RPMs for LDAP linking: > > http://ltb-project.org/wiki/download#openldap > > The above Dovecot SRPM has evolved from fakessh's rpms: > http://ns.fakessh.eu/rpms/ and I like it because it is clean and clear > (to me, at least). > > Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3889 bytes Desc: S/MIME Cryptographic Signature URL: From ya.mwork at yandex.ru Tue May 28 11:21:44 2013 From: ya.mwork at yandex.ru (Evgeny Basov) Date: Tue, 28 May 2013 12:21:44 +0400 Subject: [Dovecot] Perfect LDAP tree Message-ID: <51A46918.40407@yandex.ru> Hello everybody and Timo. I have the next problem. With LDAP tree like ou=mail | - dc=example1.com,ou=Mail | - mail=box1 at example1.com,dc=example1.com,ou=Mail | - mail=box2 at example1.com,dc=example1.com,ou=Mail ? | - dc=example2.com,ou=Mail | - mail=box1 at example2.com,dc=example2.com,ou=Mail | - mail=box2 at example2.com,dc=example2.com,ou=Mail ? and settings in dovecot configuration files auth_bind = yes auth_bind_userdn = mail=%u,dc=%d,ou=mail base = ou=mail user_attrs = \ =home=/var/vmail/%Ld/%Ln, \ =quota_rule=*:storage=%{ldap:mailQuota}M user_filter = (&(objectClass=mailUser)(accountStatus=active)(mail=%u)) pass_attrs = \ =user=%{ldap:mail}, \ =proxy_maybe=yes, \ =host=%{ldap:mailHost}, \ =userdb_home=/var/vmail/%Ld/%Ln, \ =userdb_quota_rule=*:storage=%{ldap:mailQuota}M pass_filter = (&(objectClass=mailUser)(accountStatus=active)(mail=%u)) iterate_attrs = mail=user iterate_filter = (&(objectClass=mailUser)(accountStatus=active)) all works fine. But my soul of perfectionist do not like this configuration because in every mailbox record duplicated information about domain: mail=box1 at example2.com and dc=example2.com I want to set next LDAP tree ou=mail | - dc=example1.com,ou=Mail | - mail=box1,dc=example1.com,ou=Mail | - mail=box2,dc=example1.com,ou=Mail ? | - dc=example2.com,ou=Mail | - mail=box1,dc=example2.com,ou=Mail | - mail=box2,dc=example2.com,ou=Mail ? but I don't understand how to limit query to box1 at example1.com in dc=example1.com,ou=mail without using base=dc=%d,ou=Clients,o=m and how to get working iterate query for all boxes to get list box1 at example1.com box2 at example1.com box1 at example2.com box2 at example2.com in some command like doveadm quota recalc -A. Is it possible? How to take it? From arung at cdac.in Tue May 28 13:42:11 2013 From: arung at cdac.in (Arun Gupta) Date: Tue, 28 May 2013 16:12:11 +0530 (IST) Subject: [Dovecot] IMAP QUOTA Message-ID: Hi, I configured imap quota on dovecot-2.0 with backend Maildir++, after exceeding user quota the sender receiving bounce mails, Is there any way that after exceeding user quota the mail will deliver somewhere else like user spool area? so that after increasing quota user will get the mails. -- Regards, Arun Kumar Gupta ------------------------------------------------------------------------------------------------------------------------------- This e-mail is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies and the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email is strictly prohibited and appropriate legal action will be taken. ------------------------------------------------------------------------------------------------------------------------------- From CMarcus at Media-Brokers.com Tue May 28 14:00:17 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 28 May 2013 07:00:17 -0400 Subject: [Dovecot] IMAP QUOTA In-Reply-To: References: Message-ID: <51A48E41.2020909@Media-Brokers.com> On 2013-05-28 6:42 AM, Arun Gupta wrote: > I configured imap quota on dovecot-2.0 with backend Maildir++, after > exceeding user quota the sender receiving bounce mails, Is there any > way that after exceeding user quota the mail will deliver somewhere > else like user spool area? so that after increasing quota user will > get the mails. Even if it is/was possible, it would be a really bad idea (in my opinion). If you want to use quotas, use them. Define the policy, and make sure all of your users are fully aware of the policy, and just let it be. -- Best regards, Charles From skdovecot at smail.inf.fh-brs.de Tue May 28 17:06:30 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 28 May 2013 16:06:30 +0200 (CEST) Subject: [Dovecot] Perfect LDAP tree In-Reply-To: <51A46918.40407@yandex.ru> References: <51A46918.40407@yandex.ru> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 28 May 2013, Evgeny Basov wrote: > With LDAP tree like > > ou=mail > | > - dc=example1.com,ou=Mail > | > - mail=box1 at example1.com,dc=example1.com,ou=Mail > | > - mail=box2 at example1.com,dc=example1.com,ou=Mail > ? > | > - dc=example2.com,ou=Mail > | > - mail=box1 at example2.com,dc=example2.com,ou=Mail > | > - mail=box2 at example2.com,dc=example2.com,ou=Mail Hmm, IMHO, the recommended use of dc= (by OpenLDAP) would be: mail=box2 at example2.com,dc=example2,dc=com maybe, mail=box2 at example2.com,ou=mail,dc=example2,dc=com > > But my soul of perfectionist do not like this configuration because in > every mailbox record duplicated information about domain: > > mail=box1 at example2.com and dc=example2.com > > I want to set next LDAP tree > > | > - dc=example2.com,ou=Mail > | > - mail=box1,dc=example2.com,ou=Mail > | > - mail=box2,dc=example2.com,ou=Mail the LDAP mail attribute is to contain a mail address, not just a part of it. Actually, your LDAP server should reject mail=box2. You could use another attribute though. > but I don't understand how to limit query to box1 at example1.com in > dc=example1.com,ou=mail without using base=dc=%d,ou=Clients,o=m and > how to get working iterate query for all boxes to get list > > box1 at example1.com > box2 at example1.com > box1 at example2.com > box2 at example2.com > > in some command like doveadm quota recalc -A. > > Is it possible? How to take it? In my opinion, you try make LDAP more complicate is it is designed as. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUaS5513r2wJMiz2NAQL41Af+PMFN0YiLJCsAnDVpGYPkBbnVWsG6YH7N KdcYDWqd5o67xy1u3dhOAfPtlmJWkAog3icN0/lUC/GD+5go5lnK1ZA1kAKyMgQ+ a4SpRnUdOWxoB2820KxHZB7WPHFLvTu/Kgmup8qPleAX/JuO90Xt1w2+dMDEJA6G a697Zo/tHGnraAf4Nn8YESHcHCBPI/Uf6D8AphBaevCb6gfT8kQSBXNI6vQc62Hp thQlsLnB/L0JsGveGTxX4a8E16rgo3MHmo+gKjcsbImM00tOK1nv4pXulco6KzRf W1itCjbDFON8JDrQAUCDi/y99pfOks5CIzc1lMmDFU152B4nODuDqQ== =rn/V -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Tue May 28 17:09:02 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 28 May 2013 16:09:02 +0200 (CEST) Subject: [Dovecot] IMAP QUOTA In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 28 May 2013, Arun Gupta wrote: > I configured imap quota on dovecot-2.0 with backend Maildir++, after > exceeding user quota the sender receiving bounce mails, Is there any way that > after exceeding user quota the mail will deliver somewhere else like user > spool area? so that after increasing quota user will get the mails. Check out the "slurp" plugin and let your MTA deliver mails to, say, /var/mail/ . You will have no Sieve rules then, I think. However, some sort of quota enforcing you will need there, too. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUaS6fl3r2wJMiz2NAQL0DggAnZ0zQ24cKNdrpuy+ThJ9z77H5upgcGJE b8UpHs+m42xAF3Lp5r6AZ1exyP+VT7ERaR81mL4o+hCEUiDctW0L0zekJUW+bJ9i AbgnAC8VhVBRwzJt/2N6NS9H89Hf12PDF+ws4KllLODpqfmTWhBH65PPhn3UjRlO 4ABRiH4kcXLdn+OSLKabqY6wu+hGcGCJKjDOw9+p+nZziiXcg7P1Pn3TRDO5Tghe yxxCfLzMHm3o8PH0bVnewUjirofqdqg8v+beBRPRaUs7ONAB6jG54E115ETaBQD1 gTbu3Nh4M3UdSqGW8iV+RJAqHxbTBdDlwn96H0I+EMLq5LD2i1mX8w== =TM+V -----END PGP SIGNATURE----- From nmilas at noa.gr Tue May 28 17:15:43 2013 From: nmilas at noa.gr (Nikolaos Milas) Date: Tue, 28 May 2013 17:15:43 +0300 Subject: [Dovecot] Dovecot 2.2 build rpm on Centos6 In-Reply-To: <51A45FDC.5010100@gmail.com> References: <51A33069.1080508@gmail.com> <51A3660D.3000700@noa.gr> <51A45FDC.5010100@gmail.com> Message-ID: <51A4BC0F.6010809@noa.gr> On 28/5/2013 10:42 ??, Birta Levente wrote: > Thank you Nick, but I can't reach this link ... You can access each file separately by using the whole link, like: http://www.noa.gr/rpmfiles/dovecot-2.2.2-2.noa.el6.src.rpm We don't allow directory listing, but if you know the file name, it works :-) Try it! Best regards, Nick From rventura at h-st.com Tue May 28 17:44:10 2013 From: rventura at h-st.com (Romer Ventura) Date: Tue, 28 May 2013 09:44:10 -0500 Subject: [Dovecot] Email migration Message-ID: <24942_1369751999_51A4C1BF_24942_22_1_0a9201ce5bb1$d0c73be0$7255b3a0$@h-st.com> Hello, So I am currently running dovecot 1.2.11 on Debian 5 for our production email systems. We just deployed some new Debian 7 servers and we will be upgrading to the latest dovecot version. I've been reading the docs, but I wanted to heard some feedback on the import of all my current email into the new installation. We have 320GB worth of email. Any gotchas I should be prepared for? Any complications I should be aware of when importing all these data? Any thoughts would be appreciated. Thanks.

This document and attachments may contain technical data controlled under the U.S. International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR) and may not be exported to a Foreign Person, either in the U.S. or abroad, without the proper authorization by the U.S. Department of State or Department of Commerce, whichever is applicable. CONFIDENTIALITY NOTE: This electronic transmission, including all attachments, is directed in confidence solely to the person(s) to whom it is addressed, or an authorized recipient, and may not otherwise be distributed, copied or disclosed. The contents of the transmission may also be subject to intellectual property rights and such rights are expressly claimed and are not waived. If you have received this transmission in error, please notify the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same. The recipient should check this e-mail and any attachments for the presence of viruses. Houston Sigma Technologies L.P. accepts no liability for any damage caused by any virus transmitted by this e-mail.

From mpn at icabs.co.zw Tue May 28 20:20:37 2013 From: mpn at icabs.co.zw (MP Netsai) Date: Tue, 28 May 2013 19:20:37 +0200 Subject: [Dovecot] imap/pop problem Message-ID: <9F93F3D350544C2EAF4C8D31E221B11A@jedi> Dear All, I hope you can help me on this trouble i am getting. I cant seem to get email even though i have given the correct directory for mail location. Here is my config: ===== # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.0 ext4 auth_mechanisms = plain login disable_plaintext_auth = no first_valid_uid = 1001 last_valid_uid = 1001 mail_debug = yes mail_gid = exim mail_location = maildir:/var/mail/virtual/%d/%n mail_uid = exim namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap pop3" service auth { unix_listener auth-userdb { group = exim mode = 0600 user = exim } } ssl_cert = Hi! I hope someone knows more about the issues I've encountered in: Setup: I am running dovecot 2.1.7 on Debian Wheezy in a virtual machine (kvm-style qemu-kvm: host: ubuntu 13.04/1.4.0-dfsg-1expubuntu). The mail storage is a directory on the host machine mounted via virtfs (9p2000.L) on the guest. Furthermore ISPConfig is involved in that setup, but that should not make any significant difference at that point. Problem resolved: The problem is, that similar to nfs mmap() and dotlocking seem to fail - the mmap issue could be resolved by adding: mmap_disable=yes to dovecot.conf Problem remaining: Still the following errors remain, despite dotlock_use_excl=no May 27 12:54:51 host dovecot: imap(test at mydomain): Error: fstat(/var/vmail/mydomain/test/.quotausage.lock) failed: No such file or directory May 27 12:54:51 host dovecot: imap(test at mydomain): Error: file dict commit: file_dotlock_open(/var/vmail/mydomain/test/.quotausage) failed: No such file or directory May 27 12:54:51 host dovecot: imap(test at mydomain): Error: fstat(/var/vmail/mydomain/test/Maildir/dovecot-uidlist.lock) failed: No such file or directory May 27 12:54:51 host dovecot: imap(test at mydomain): Error: fstat(/var/vmail/mydomain/test/Maildir/dovecot-uidlist.lock) failed: No such file or directory May 27 12:54:51 host dovecot: imap(test at mydomain): Error: fstat(/var/vmail/mydomain/test/Maildir/dovecot-uidlist.lock) failed: No such file or directory May 27 12:54:51 host dovecot: imap(test at mydomain): Error: fstat(/var/vmail/mydomain/test/Maildir/dovecot-uidlist.lock) failed: No such file or directory May 27 12:54:51 host dovecot: imap(test at mydomain): Error: fstat(/var/vmail/mydomain/test/Maildir/dovecot-uidlist.lock) failed: No such file or directory May 27 12:54:51 host dovecot: imap(test at mydomain): Error: fstat(/var/vmail/mydomain/test/Maildir/dovecot-uidlist.lock) failed: No such file or directory May 27 12:54:52 host dovecot: imap(test at mydomain): Error: fstat(/var/vmail/mydomain/test/Maildir/dovecot-uidlist.lock) failed: No such file or directory May 27 12:54:52 host dovecot: imap(test at mydomain): Error: file_dotlock_create(/var/vmail/mydomain/test/Maildir/dovecot-uidlist) failed: No such file or directory May 27 12:54:52 host dovecot: imap(test at mydomain): Error: fstat(/var/vmail/mydomain/test/Maildir/dovecot-uidlist.lock) failed: No such file or directory May 27 12:54:52 host dovecot: imap(test at mydomain): Error: fstat(/var/vmail/mydomain/test/Maildir/dovecot-uidlist.lock) failed: No such file or directory May 27 12:54:52 host dovecot: imap(test at mydomain): Error: file_dotlock_create(/var/vmail/mydomain/test/Maildir/dovecot-uidlist) failed: No such file or directory The "failed" files are existing on that path - permissions for the configured "vmail" user and group exist (0600). I'd be greatful for any hint on how to resolve that issue - Thanks in advance! Regards Erich From rventura at h-st.com Wed May 29 00:23:30 2013 From: rventura at h-st.com (Romer Ventura) Date: Tue, 28 May 2013 16:23:30 -0500 Subject: [Dovecot] Load Balancing and HA Message-ID: <408_1369775960_51A51F58_408_11_1_0b5401ce5be9$9998ab30$ccca0190$@h-st.com> Hello, I've been thinking about the best way to achieve load balancing and making my mail servers highly available. So far I believe I have 2 scenarios: Scenario1: This should allow any to lose any of the servers and clients still have access to their emails (although I am not sure how the indexes would react to this and sudden disconnection) - 2 Dovecot Proxy servers, using a virtual IP to where the clients will connect to from the WAN and LAN - 2 Dovecot+Postfix servers with local cache - 2 NFS servers and synced with dsync (mirror, 1 server writes to its own NFS and changes synced to the other via dsync) Scenario2: Pretty much as above on the back end. However, with this there is no way to load balance users. - 2 Dovecot+Postfix server with local cache - 2 NFS servers synced with dsync - Make use of DNS MX record priority to provide access to secondary email server Anyone care to comment? Thanks.

This document and attachments may contain technical data controlled under the U.S. International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR) and may not be exported to a Foreign Person, either in the U.S. or abroad, without the proper authorization by the U.S. Department of State or Department of Commerce, whichever is applicable. CONFIDENTIALITY NOTE: This electronic transmission, including all attachments, is directed in confidence solely to the person(s) to whom it is addressed, or an authorized recipient, and may not otherwise be distributed, copied or disclosed. The contents of the transmission may also be subject to intellectual property rights and such rights are expressly claimed and are not waived. If you have received this transmission in error, please notify the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same. The recipient should check this e-mail and any attachments for the presence of viruses. Houston Sigma Technologies L.P. accepts no liability for any damage caused by any virus transmitted by this e-mail.

From noel.butler at ausics.net Wed May 29 02:09:30 2013 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 29 May 2013 09:09:30 +1000 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <20130526153321.GA27814@daniel.localdomain> References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> Message-ID: <1369782570.3886.5.camel@tardis> But each additional link added to the chain, is one more point of failure, unless he's replied to OP privately I'm amazed Timo has ignored this, since its been brought up from time to time before, if he no longer plans on doing it, he should just say so, so people can look at complete alternatives, we are a long way passed early 1.2 series. On Sun, 2013-05-26 at 17:33 +0200, Daniel Parthey wrote: > Edwardo Garcia wrote: > > Yes indeed, so it seem it does not do at all. > > For now we disable use two hosts, but thiz not optimum for network. > > You might try to put mysqlproxy in between dovecot and your mysql cluster > and have dovecot connect to the failover proxy (or proxies) instead of > connecting the database directly. > > mysqlproxy makes use of the lua scripting language, where you might > want to implement the failover or filter mechanisms you need. > > Regards > Daniel -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From tss at iki.fi Wed May 29 03:52:48 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 29 May 2013 03:52:48 +0300 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <1369782570.3886.5.camel@tardis> References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> Message-ID: <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> I haven't replied to most of the threads recently. Anyway, after thinking about this, I'm thinking this kind of connection fallback handling isn't really Dovecot's job. A load balancer could be configured to do it just as well (whereas LB couldn't do actual load balancing for multiple sql servers, because Dovecot uses long running TCP connections). On 29.5.2013, at 2.09, Noel Butler wrote: > But each additional link added to the chain, is one more point of > failure, unless he's replied to OP privately I'm amazed Timo has ignored > this, since its been brought up from time to time before, if he no > longer plans on doing it, he should just say so, so people can look at > complete alternatives, we are a long way passed early 1.2 series. > > > On Sun, 2013-05-26 at 17:33 +0200, Daniel Parthey wrote: > >> Edwardo Garcia wrote: >>> Yes indeed, so it seem it does not do at all. >>> For now we disable use two hosts, but thiz not optimum for network. >> >> You might try to put mysqlproxy in between dovecot and your mysql cluster >> and have dovecot connect to the failover proxy (or proxies) instead of >> connecting the database directly. >> >> mysqlproxy makes use of the lua scripting language, where you might >> want to implement the failover or filter mechanisms you need. >> >> Regards >> Daniel > > From yann.shukor at azurtem.net Tue May 28 23:10:27 2013 From: yann.shukor at azurtem.net (Yann Shukor) Date: Tue, 28 May 2013 22:10:27 +0200 Subject: [Dovecot] system account delivery userdb authentication Message-ID: <51A50F33.7080400@azurtem.net> Hi I have a remaining issue with a mail server setup. Composed of Postfix and Dovecot it is is a 'local' mail server At first I relied upon Mysql to store the various parameters, and then switched to a flat file approach I also initially set the server up to handle virtual users, but then I realized that it was destined to manage local system accounts only. So I reconfigured it accordingly Relying on system accounts for authentication means that the domain name component is absent from the username (as opposed to virtual user identifiers) This caused me some difficulty at first with roundcube, but I was able to get around it through a manual adjustment in Mysql The remaining aspect that isn't working is the delivery of emails. The entry in master.cf for dovecot looks looks this: dovecot unix - n n - - pipe flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deli ver -d ${recipient} The problem is that the recipient equates to the users email address, which can't in fact be used for authentication purposes with system accounts. I then tried replacing recipient with user: dovecot unix - n n - - pipe flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -d ${user} There seems to be a rights issue because I get the following error: dovecot Fatal: setgid(100(users)) failed with euid=8(mail), gid=8(mail), egid=8(mail): Operation not permitted Any ideas ? thanks yann # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-686 i686 Debian 6.0.7 ext4 log_timestamp: %d-%m-%Y %H:%M:%S protocols: imap imaps pop3 pop3s ssl_cert_file: /etc/ssl/certs/postfix.pem ssl_key_file: /etc/ssl/private/postfix.key login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_privileged_group: mail mail_location: maildir:/var/mail/%u mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 lda: auth_socket_path: /var/run/dovecot/auth-master postmaster_address: postmaster at holinice.com mail_plugins: sieve log_path: syslog_facility: mail auth default: mechanisms: plain login verbose: yes passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 432 user: mail group: mail From ben at morrow.me.uk Wed May 29 06:26:51 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Wed, 29 May 2013 04:26:51 +0100 Subject: [Dovecot] system account delivery userdb authentication In-Reply-To: <51A50F33.7080400@azurtem.net> References: <51A50F33.7080400@azurtem.net> Message-ID: <20130529032651.GG53132@anubis.morrow.me.uk> At 10PM +0200 on 28/05/13 you (Yann Shukor) wrote: > > The remaining aspect that isn't working is the delivery of emails. > > The entry in master.cf for dovecot looks looks this: > > dovecot unix - n n - - pipe > flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deli > ver -d ${recipient} [Just like someone who was posting a little while ago, your Dovecot binaries are under /usr/lib. This is very weird: they should really be under /usr/libexec...] > The problem is that the recipient equates to the users email address, > which can't in fact be used for authentication purposes with system > accounts. You can get around this problem with auth_username_format on the Dovecot side. On my system I have auth_username_format = %Lu which instructs Dovecot to look up users by the lowercased username part only. It's also best, when passing a recipient address to the LDA, to use -a rather than -d, since this will also strip off any +extension to the username (assuming you've configured Postfix and Dovecot to use the same extension character), while making it available to Sieve scripts later on. > I then tried replacing recipient with user: > > dovecot unix - n n - - pipe > flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -d ${user} > > There seems to be a rights issue because I get the following error: > > dovecot Fatal: setgid(100(users)) failed with euid=8(mail), gid=8(mail), > egid=8(mail): Operation not permitted Think a bit about what's going on here. Postfix is running deliver as user 'mail', and you're passing the -d argument, so deliver looks up that user in the userdb and tries to setuid and setgid to the uid and gid for that user. Since 'mail' is neither the target u/gid nor root, it is not allowed to do that. There are three basic strategies here. The first, and in some ways the simplest, is to forget you're using 'system users' and store all the mails under the 'mail' userid. This means you need to configure Dovecot just as you had for virtual users: in particular, the Dovecot userdb should return mail's u/gid for all users, and each user needs a 'Dovecot home directory' owned by 'mail'. (You can easily do this with the 'static' userdb, just as you would have for virtual users.) The advantage here is the simplicity. The disadvantages are: first, that users logged in to the mail server can't access their own mail spool directly but have to go through IMAP (probably not important, but this was the historical reason for doing deliveries as the delivered-to user); second, that if you have any OS-level filesystem quotas set up a user's mail will be counted against mail's quota rather than their own; and third, that there is a small chance a user might find some way to break Dovecot's 'imap' process and use it to read or modify other people's mail. The second, which is what I currently do, is to use Postfix's local(8) delivery agent, which runs as root and setuids down to the delivered-to user's uid before doing final delivery. You can get local(8) to deliver through Dovecot by setting Postfix's mailbox_command parameter: the important thing here is that when the LDA is invoked it already has the correct u/gid. With this method you keep the other features of local(8), like /etc/aliases and .forward files; this may be an advantage or a disadvantage depending on your setup. The third is to have the Dovcot delivery process running as root, so it can successfully setuid down to the user's credentials itself. Probably the easiest way to do this is to use the LMTP server (and Postfix's lmtp(8) transport rather than a dedicated Dovecot master.cf entry), though I would expect that if you simply changed that LDA entry to 'user=root:wheel' that the LDA would correctly setuid down to the user's credentials before doing any deliveries. This is what I would recommend for a new installation; the only reason I don't do this is because I upgraded from 1.2, which didn't have LMTP, and I haven't got round to migrating yet. > # 1.2.15: /etc/dovecot/dovecot.conf Oh Lord, you're still using 1.2... Don't do that. Use the latest 2.1. You can get Debian packages from http://wiki2.dovecot.org/PrebuiltBinaries . Ben From skdovecot at smail.inf.fh-brs.de Wed May 29 10:31:48 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 29 May 2013 09:31:48 +0200 (CEST) Subject: [Dovecot] Email migration In-Reply-To: <24942_1369751999_51A4C1BF_24942_22_1_0a9201ce5bb1$d0c73be0$7255b3a0$@h-st.com> References: <24942_1369751999_51A4C1BF_24942_22_1_0a9201ce5bb1$d0c73be0$7255b3a0$@h-st.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 28 May 2013, Romer Ventura wrote: > So I am currently running dovecot 1.2.11 on Debian 5 for our production > email systems. We just deployed some new Debian 7 servers and we will be > upgrading to the latest dovecot version. I've been reading the docs, but I > wanted to heard some feedback on the import of all my current email into the > new installation. We have 320GB worth of email. Any gotchas I should be > prepared for? Any complications I should be aware of when importing all > these data? Because you upgrade from Dovecot to Dovecot, there should be no trouble, if you keep any UID-related settings from the config. However, I would test it before with at least some users ;-) But see http://wiki2.dovecot.org/Upgrading esp. about doveconf at top of "Upgrading Dovecot v1.2 to v2.0" - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUaWu5F3r2wJMiz2NAQLVeAf/bYB5dZeWaIKUI9bsA/jqErJ4UARWLaCX DkYf8eOmBPMRgfHkCAtUfbrK8RTrHhdrmY/Cu8i6HIm/ouf1jgP/qGQEiymFzrTZ IzUA2OxA6gJbdb2qPyekUDUeMAc2hUpdN87suV0fSc9Dp4rIJUr4gFnPJMRnU4iz K/PdxKng2revvo+OIPsYqN3wCbWyRzpKbosDE274zLLTABRx6i+wWm1QCiqIE2ms x9b/4+64daXoUmt58nxapjnUJDcWvYip2Py97OUniyc7x9229IP/OlT5tsMJFi6P N239CGtVE9x62bNcGGe51cIEfykpJBflilh2g+mOUbMPhA8mBC6Kcw== =Ein3 -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Wed May 29 10:35:06 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 29 May 2013 09:35:06 +0200 (CEST) Subject: [Dovecot] imap/pop problem In-Reply-To: <9F93F3D350544C2EAF4C8D31E221B11A@jedi> References: <9F93F3D350544C2EAF4C8D31E221B11A@jedi> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 28 May 2013, MP Netsai wrote: increase logging, see http://wiki2.dovecot.org/Logging then check out the logs and - if required still, because Dovecot's log message usually speak an understandable tongue - post the logs along. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUaWvql3r2wJMiz2NAQIKHAf/Zabc0bCGIXDYwZwnzuRPof/r2wDJPQA6 c7SG3R6HUZmSL5dEHYgwwoK/UhS/p8xJ9TZqjAzUPQ/CGWR8zHX5tSS360gQIMrU hNK59cDFXHr+h5RQUkq7D5JPs/k2U0gE6Z1iMPTVTdAILb56KReuINbeYUsqyWOV 1D23NH86gr/7UzPWxVl1CmwQOOSitMqJ7N6fDiB9D+2F1bHN8+5Lu1S/+VohPyw7 croUdMup8+p/lEYYfkBfMRDICm2uCfuKPVAgJKyC/4mknK6vqPyK8YDmE7NXlD9K UhmZye1enW/lvoiybmyyVOg5rjVdgVxcBoFvIqLc97/5uFSrIRrSoQ== =/0+W -----END PGP SIGNATURE----- From noel.butler at ausics.net Wed May 29 10:53:54 2013 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 29 May 2013 17:53:54 +1000 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> Message-ID: <1369814034.5150.8.camel@tardis> Respectfully, I would disagree, if dovecot offers the capability to use two host='s then you should be able to configure the order, remember, earlier dovecot did this but you claimed it was broken shouldnt have and fixed it, which is why not only myself but another at the time suggested when you were fixing it, to make it a configurable option, it makes little sense to use two hosts otherwise in an ordinary network, where you have nanoseconds response from localhost, but milliseconds, to maybe more if there are network issues when on a second query second database server with network latency. otherwise, might as well delete the second host, I've seen the network lag affect logins, only to disappear once I only change to use only one box, the localhost replicated copy. I ask you reconsider, or, at least put it out there to see how many others agree or disagree with hte feature On Wed, 2013-05-29 at 03:52 +0300, Timo Sirainen wrote: > I haven't replied to most of the threads recently. Anyway, after thinking about this, I'm thinking this kind of connection fallback handling isn't really Dovecot's job. A load balancer could be configured to do it just as well (whereas LB couldn't do actual load balancing for multiple sql servers, because Dovecot uses long running TCP connections). > > On 29.5.2013, at 2.09, Noel Butler wrote: > > > But each additional link added to the chain, is one more point of > > failure, unless he's replied to OP privately I'm amazed Timo has ignored > > this, since its been brought up from time to time before, if he no > > longer plans on doing it, he should just say so, so people can look at > > complete alternatives, we are a long way passed early 1.2 series. > > > > > > On Sun, 2013-05-26 at 17:33 +0200, Daniel Parthey wrote: > > > >> Edwardo Garcia wrote: > >>> Yes indeed, so it seem it does not do at all. > >>> For now we disable use two hosts, but thiz not optimum for network. > >> > >> You might try to put mysqlproxy in between dovecot and your mysql cluster > >> and have dovecot connect to the failover proxy (or proxies) instead of > >> connecting the database directly. > >> > >> mysqlproxy makes use of the lua scripting language, where you might > >> want to implement the failover or filter mechanisms you need. > >> > >> Regards > >> Daniel > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From dovecot at lists.wgwh.ch Wed May 29 10:54:43 2013 From: dovecot at lists.wgwh.ch (Oli Schacher) Date: Wed, 29 May 2013 09:54:43 +0200 Subject: [Dovecot] dsync Panic: Unknown key: send_mail_requests Message-ID: <20130529095443.66ecc61f@lists.wgwh.ch> Hi Timo With the current dovecot hg we're getting dsync replication errors "Panic: Unknown key: send_mail_requests" followed by a crash. This seems to have been introduced somewhere around http://hg.dovecot.org/dovecot-2.2/rev/4883a8e1db13 Log output from latest hg, 2.2.2 (e7c474011934+): May 29 09:30:53 munged03 dovecot: doveadm(luke at example.com): Panic: Unknown key: send_mail_requests May 29 09:30:53 munged03 dovecot: doveadm(luke at example.com): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x5f7da) [0x7f84f84637da] -> /usr/lib64/dovecot/libdovecot.so.0(+0x5f826) [0x7f84f8463826] -> /usr/lib64/dovecot/libdovecot.so.0(+0x2006a) [0x7f84f842406a] -> dovecot/doveadm-server() [0x42c41b] -> dovecot/doveadm-server() [0x42908b] -> dovecot/doveadm-server(dsync_brain_master_init+0x1c9) [0x4186f9] -> dovecot/doveadm-server() [0x416606] -> dovecot/doveadm-server() [0x40c94f] -> dovecot/doveadm-server() [0x414b7a] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f84f8472b66] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0xa7) [0x7f84f8473c17] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7f84f8472b08] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f84f8428ae3] -> dovecot/doveadm-server(main+0x121) [0x4152c1] -> /lib64/libc.so.6(__libc_start_main+0xfd) [0x34de41ecdd] -> dovecot/doveadm-server() [0x40c1b9] May 29 09:30:53 munged03 dovecot: doveadm(luke at example.com): Fatal: master: service(doveadm): child 49077 killed with signal 6 (core dumped) dovecot -n is attached Best regards Oli -- message transmitted on 100% recycled electrons -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: dovecot-n.txt URL: From h.reindl at thelounge.net Wed May 29 11:29:52 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 29 May 2013 10:29:52 +0200 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> Message-ID: <51A5BC80.3050609@thelounge.net> so better remove the option to specify more than one host instead let people run over years in troubles until they find out that a logical behavior like for postfix is not given for dovecot's mysql-connections - yes i was one of the who thought "hey both works the same way" until i realized that dovecot has no fun at reboot the replication slave which was intented only as failover and used regulary *it is* dovecots job if it offers more than one host to handle this in a useful way or not support more than one host, but you can't seriously say "it's not dovecots job" after having a half-baken support implemented Am 29.05.2013 02:52, schrieb Timo Sirainen: > I haven't replied to most of the threads recently. Anyway, after thinking about this, I'm thinking this kind of connection fallback handling isn't really Dovecot's job. A load balancer could be configured to do it just as well (whereas LB couldn't do actual load balancing for multiple sql servers, because Dovecot uses long running TCP connections). > > On 29.5.2013, at 2.09, Noel Butler wrote: > >> But each additional link added to the chain, is one more point of >> failure, unless he's replied to OP privately I'm amazed Timo has ignored >> this, since its been brought up from time to time before, if he no >> longer plans on doing it, he should just say so, so people can look at >> complete alternatives, we are a long way passed early 1.2 series. >> >> >> On Sun, 2013-05-26 at 17:33 +0200, Daniel Parthey wrote: >> >>> Edwardo Garcia wrote: >>>> Yes indeed, so it seem it does not do at all. >>>> For now we disable use two hosts, but thiz not optimum for network. >>> >>> You might try to put mysqlproxy in between dovecot and your mysql cluster >>> and have dovecot connect to the failover proxy (or proxies) instead of >>> connecting the database directly. >>> >>> mysqlproxy makes use of the lua scripting language, where you might >>> want to implement the failover or filter mechanisms you need -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From simone at edinet.info Wed May 29 11:37:53 2013 From: simone at edinet.info (Simone Marx :: Edinet Srl) Date: Wed, 29 May 2013 10:37:53 +0200 Subject: [Dovecot] Enable IMAP only for certain users/IP Message-ID: Hi, I'm trying to config dovecot to enable IMAP protocol only for certain IPs and users. The logical steps I've followed are: 1. If a user is trying to login from an IP that I've authorized ( listed in a file) the request is authorized. 2. If not, if the user is listed in a second file the request is authorized. 3. If also this check fails the request is rejected. I'm using PAM for passdb and a passwd-file for userdb: passdb { driver = pam args = session=yes failure_show_msg=yes max_requests=16 cache_key=%u%r%l dovecot-%s } userdb { driver = passwd-file args = /etc/passwd-dovecot } In /etc/pam.d/ there are two files: dovecot-pop3 dovecot-imap dovecot-pop3: #%PAM-1.0 @include common-auth @include common-account @include common-session (for this protocol everything works fine, I don't want to limit it.) dovecot-imap: #%PAM-1.0 @include common-auth auth sufficient pam_listfile.so item=rhost sense=allow file=/etc/dovecot/imaphosts onerr=fail auth required pam_listfile.so item=user sense=allow file=/etc/dovecot/imapusers onerr=fail @include common-account @include common-session If I'm not wrong, once the user is authenticated, PAM checks if the remote IP address is in imaphosts; if it's true, it returns PAM_SUCCESS and stops the execution of the auth block, else if it's false, PAM executes the next line, verifying the presence of the username in imapusers file; if found, then return PAM_SUCCESS, else fail. If this can work, I've a problem with pam_listfile.so and IP addresses: I want to do something smarter than specifying 2^11 IP addresses instead a /21 or IP/netmask Are there alternatives for doing it better? Thanks. Sincerely, Simone Marx. From rs at sys4.de Wed May 29 11:46:42 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 29 May 2013 10:46:42 +0200 Subject: [Dovecot] Enable IMAP only for certain users/IP In-Reply-To: References: Message-ID: <51A5C072.5010402@sys4.de> Am 29.05.2013 10:37, schrieb Simone Marx :: Edinet Srl: > Hi, > I'm trying to config dovecot to enable IMAP protocol only for certain > IPs and users. > The logical steps I've followed are: > 1. If a user is trying to login from an IP that I've authorized ( listed > in a file) the request is authorized. > 2. If not, if the user is listed in a second file the request is > authorized. > 3. If also this check fails the request is rejected. > > I'm using PAM for passdb and a passwd-file for userdb: > > passdb { > driver = pam > args = session=yes failure_show_msg=yes max_requests=16 > cache_key=%u%r%l dovecot-%s > } > > userdb { > driver = passwd-file > args = /etc/passwd-dovecot > } > > > In /etc/pam.d/ there are two files: > dovecot-pop3 > dovecot-imap > > dovecot-pop3: > > #%PAM-1.0 > > @include common-auth > @include common-account > @include common-session > > (for this protocol everything works fine, I don't want to limit it.) > > > dovecot-imap: > > #%PAM-1.0 > > @include common-auth > > auth sufficient pam_listfile.so item=rhost sense=allow > file=/etc/dovecot/imaphosts onerr=fail > auth required pam_listfile.so item=user sense=allow > file=/etc/dovecot/imapusers onerr=fail > > @include common-account > @include common-session > > > If I'm not wrong, once the user is authenticated, PAM checks if the > remote IP address is in imaphosts; if it's true, > it returns PAM_SUCCESS and stops the execution of the auth block, else > if it's false, PAM executes the next line, verifying the presence of the > username in imapusers file; if found, then return PAM_SUCCESS, else fail. > > If this can work, I've a problem with pam_listfile.so and IP addresses: > I want to do something smarter than specifying 2^11 IP addresses instead > a /21 or IP/netmask > > Are there alternatives for doing it better? > > Thanks. > > Sincerely, > Simone Marx. > you may have a look at http://wiki.dovecot.org/Authentication/RestrictAccess Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From arung at cdac.in Wed May 29 12:19:20 2013 From: arung at cdac.in (Arun Gupta) Date: Wed, 29 May 2013 14:49:20 +0530 (IST) Subject: [Dovecot] IMAP QUOTA In-Reply-To: References: Message-ID: Hi, Thanks for replying... Dear Steffen I search about "slurp" plugin but didn't get it if possible kindly provde me the doc, link etc for the same. Regards, Arun Gupta On Tue, 28 May 2013, Arun Gupta wrote: > I configured imap quota on dovecot-2.0 with backend Maildir++, after > exceeding user quota the sender receiving bounce mails, Is there any way that > after exceeding user quota the mail will deliver somewhere else like user > spool area? so that after increasing quota user will get the mails. Check out the "slurp" plugin and let your MTA deliver mails to, say, /var/mail/ . You will have no Sieve rules then, I think. However, some sort of quota enforcing you will need there, too. - -- Steffen Kaiser ------------------------------------------------------------------------------------------------------------------------------- This e-mail is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies and the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email is strictly prohibited and appropriate legal action will be taken. ------------------------------------------------------------------------------------------------------------------------------- From tss at iki.fi Wed May 29 12:33:45 2013 From: tss at iki.fi (Timo Sirainen) Date: Wed, 29 May 2013 12:33:45 +0300 Subject: [Dovecot] dsync Panic: Unknown key: send_mail_requests In-Reply-To: <20130529095443.66ecc61f@lists.wgwh.ch> References: <20130529095443.66ecc61f@lists.wgwh.ch> Message-ID: <94FF64A4-AB55-4C6B-8412-439444FAF8D1@iki.fi> On 29.5.2013, at 10.54, Oli Schacher wrote: > With the current dovecot hg we're getting dsync replication errors > "Panic: Unknown key: send_mail_requests" followed by a crash. This > seems to have been introduced somewhere around > http://hg.dovecot.org/dovecot-2.2/rev/4883a8e1db13 Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/239e0e2098c1 From paul at fudj.net Wed May 29 07:34:36 2013 From: paul at fudj.net (Paul Lim) Date: Wed, 29 May 2013 04:34:36 +0000 (UTC) Subject: [Dovecot] Corrupt index file zlib Message-ID: Hi, I'm getting this error constantly on a couple of folders. No matter what I do it keeps recurring. -- 2013-05-29 14:15:03 imap(nj@***.com.au): Error: Cached message size smaller than expected (2551 < 8192) 2013-05-29 14:15:03 imap(nj@***.com.au): Error: Maildir filename has wrong S value, renamed the file from /home/***.com.au/nj/.***.Builders/cur/1369030267.M775209P12595.pygmy,S= /2551:2,S to /home/***.com.au/nj/.***.Builders/cur/1369030267.M775209P12595.pygmy,S= /2551:2,S 2013-05-29 14:15:03 imap(nj@***.com.au): Error: Corrupted index cache file /home/archarch.com.au/nj/.***.Builders/dovecot.index.cache: Broken /physical size for mail UID 13 2013-05-29 14:15:03 imap(nj@***.com.au): Error: Cached message size smaller than expected (2551 < 8284) 2013-05-29 14:15:03 imap(nj@***.com.au): Error: Maildir filename has wrong S value, renamed the file from /home/***.com.au/nj/.***.Builders/cur/1369030267.M775209P12595.pygmy,S= /2551:2,S to /home/***.com.au/nj/.***.Builders/cur/1369030267.M775209P12595.pygmy,S= /2551:2,S 2013-05-29 14:15:03 imap(nj@***.com.au): Error: Corrupted index cache file /home/archarch.com.au/nj/.***.Builders/dovecot.index.cache: Broken /physical size for mail UID 13 2013-05-29 14:15:03 imap(nj@***.com.au): Error: read(/home/***.com.au/nj/.***.Builders/cur/1369030267.M775209P12595. pygmy,S=2551:2,S) failed: Input/output error (uid=13) --- stuff I've done: - Deleted dovecot* in .Builders/ - run maildir-size-fix.pl -v -r -f- c on .Builders/ - delete and recreate the folder Dovecot 2.1.7 (wheezy) zlib enabled maildir_broken_filename_sizes = yes There are only 6 emails, so it's only building dovecot.index.log, not the cache file --- dovecot-uidlist --- 3 V1317717759 N1 G1b2d4a37936fa551430d0000c0318918 1 :1369030267.M775209P12595.pygmy,S=8284 2 :1369030564.M957106P12595.pygmy,S=13188 3 :1369030568.M223636P12595.pygmy,S=23270 4 :1369030568.M223637P12595.pygmy,S=10813 5 :1369030568.M223638P12595.pygmy,S=58600 6 :1369030615.M783237P12595.pygmy,S=9677 7 :1369030267.M775209P12595.pygmy,S=2551 8 :1369030564.M957106P12595.pygmy,S=3560 ----- --- ls cur --- 1369030267.M775209P12595.pygmy,S=8284:2,S 1369030564.M957106P12595.pygmy,S=13188:2,RS 1369030568.M223636P12595.pygmy,S=23270:2,RS 1369030568.M223637P12595.pygmy,S=10813:2,RS 1369030568.M223638P12595.pygmy,S=58600:2,RS 1369030615.M783237P12595.pygmy,S=9677:2,RS ---- It all seems to match... but it continues to break. If I delete the first email file, it breaks on the next one as well. Any thoughts?? I'm thinking I'll probably disable zlib if I can't find a solution... will this mean I have to decompress all the compressed emails? cheers Paul From skdovecot at smail.inf.fh-brs.de Wed May 29 12:54:16 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 29 May 2013 11:54:16 +0200 (CEST) Subject: [Dovecot] IMAP QUOTA In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 29 May 2013, Arun Gupta wrote: > Dear Steffen I search about "slurp" plugin but didn't get it if possible > kindly provde me the doc, link etc for the same. Um, sorry, "slurp" is the term UW-Imap uses, in Dovecot: http://wiki2.dovecot.org/Plugins/Snarf - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUaXQSF3r2wJMiz2NAQK+4ggAxfxgkVVu/4YPm/vcAm+/oqPeDOMXrhei iL9SBThzBeP5jtMqaKHLASucFn8s5Rjmwo0uFP2kTUJ+n1P6nRPh69+NhJ0kATLQ 7WSi86loNV0IJ5ZzmYmldFtL0O2tySjDX9qqVXrqwX3b5y0wtUp5RQZpFNDtQCOP LYSNKPzFnriwwcBC3ix4VoF9R9FOSy9PM9HPr2mWecsyYrUhuZ0abX99KwNEqHYm 7gfqUCjlELc+ZlcTfruNZ1Qpj84vFhzl4xiB1XJQ5nISOWRJ0T1x4Re1kjncAOFw DdCswgTsRpQ9UaIoBQpmOodqRFzfPluHBvLNkJYi+WxsL11lrPvmJA== =3pOF -----END PGP SIGNATURE----- From simone at edinet.info Wed May 29 13:08:35 2013 From: simone at edinet.info (Simone Marx :: Edinet Srl) Date: Wed, 29 May 2013 12:08:35 +0200 Subject: [Dovecot] Enable IMAP only for certain users/IP In-Reply-To: <51A5C072.5010402@sys4.de> References: <51A5C072.5010402@sys4.de> Message-ID: <16b54ea3986d50ffe8ae509de0418d38@webmail.edinet.info> Hi Robert, thank you for your answer. My prevoius mail is based on the wiki page you specified. Also, the allow_nets parameter seems not to do what I want. I want to combime remote IP address check (system wide - common for all users) and single user permission check. The problem is that I would specify for the IP section something similar to: 127.0.0.1 1.2.0.0/21 and not: 127.0.0.1 1.2.0.1 1.2.0.2 1.2.0.3 1.2.0.4 1.2.0.5 . . . 1.2.7.254 Thank you. Sincerely, Simone. From tsj at swampthing.dk Wed May 29 13:41:01 2013 From: tsj at swampthing.dk (Torben Schou Jensen) Date: Wed, 29 May 2013 12:41:01 +0200 Subject: [Dovecot] Dovecot 2.1.7-7 only allow localhost access to IMAP and POP3 Message-ID: Recently I have upgraded my server to Debian 7. Debian have now removed uw-imapd and suggest using dovecot instead. Debian include dovecot version 2.1.7-7. On http://www.debian-administration.org/articles/275 and http://www.debian-administration.org/articles/200 I can read how to setup older version of dovecot with SquirrelMail. They recommend to use uncrypted IMAP when SquirrelMail is on same server. What I would like to support is then imap, imaps, pop3 and pop3s. imaps and pop3s for external users. imap and pop3 only open for localhost, that is SquirrelMail on same machine. With dovecot 1 you could restrict access using "imap_listen = localhost" How do I make the same restriction with localhost on dovecot 2 ??? Brgds Torben From h.reindl at thelounge.net Wed May 29 14:13:51 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 29 May 2013 13:13:51 +0200 Subject: [Dovecot] Dovecot 2.1.7-7 only allow localhost access to IMAP and POP3 In-Reply-To: References: Message-ID: <51A5E2EF.7080204@thelounge.net> Am 29.05.2013 12:41, schrieb Torben Schou Jensen: > I can read how to setup older version of dovecot with SquirrelMail. > > They recommend to use uncrypted IMAP when SquirrelMail is on same server. > > What I would like to support is then imap, imaps, pop3 and pop3s. > > imaps and pop3s for external users. > imap and pop3 only open for localhost, that is SquirrelMail on same machine. > > With dovecot 1 you could restrict access using > "imap_listen = localhost" > > How do I make the same restriction with localhost on dovecot 2 ??? if it listens only on localhost how should "imaps and pop3s for external users" work and additionally these days STARTTLS is recommended which works on the default ports 110/143 why do you not simply *offer* encryption *or* use webmail also with encryption? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From rs at sys4.de Wed May 29 14:21:38 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 29 May 2013 13:21:38 +0200 Subject: [Dovecot] Corrupt index file zlib In-Reply-To: References: Message-ID: <51A5E4C2.3090602@sys4.de> Am 29.05.2013 06:34, schrieb Paul Lim: > Hi, > I'm getting this error constantly on a couple of folders. No matter > what I do it keeps recurring. > 2.1.7 is old use the recent version then retry fixing Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Wed May 29 14:25:12 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 29 May 2013 13:25:12 +0200 Subject: [Dovecot] Enable IMAP only for certain users/IP In-Reply-To: <16b54ea3986d50ffe8ae509de0418d38@webmail.edinet.info> References: <51A5C072.5010402@sys4.de> <16b54ea3986d50ffe8ae509de0418d38@webmail.edinet.info> Message-ID: <51A5E598.5000305@sys4.de> Am 29.05.2013 12:08, schrieb Simone Marx :: Edinet Srl: > Hi Robert, > thank you for your answer. > > My prevoius mail is based on the wiki page you specified. > > Also, the allow_nets parameter seems not to do what I want. > > I want to combime remote IP address check (system wide - common for all > users) > and single user permission check. > > The problem is that I would specify for the IP section something similar > to: > > 127.0.0.1 > 1.2.0.0/21 > > and not: > 127.0.0.1 > 1.2.0.1 > 1.2.0.2 > 1.2.0.3 > 1.2.0.4 > 1.2.0.5 > . > . > . > 1.2.7.254 > > Thank you. > > > Sincerely, > Simone. > > what about using some kind of http://wiki2.dovecot.org/PostLoginScripting Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From tom at whyscream.net Wed May 29 14:37:07 2013 From: tom at whyscream.net (Tom Hendrikx) Date: Wed, 29 May 2013 13:37:07 +0200 Subject: [Dovecot] Dovecot 2.1.7-7 only allow localhost access to IMAP and POP3 In-Reply-To: <51A5E2EF.7080204@thelounge.net> References: <51A5E2EF.7080204@thelounge.net> Message-ID: <51A5E863.8090300@whyscream.net> On 05/29/2013 01:13 PM, Reindl Harald wrote: > > Am 29.05.2013 12:41, schrieb Torben Schou Jensen: >> I can read how to setup older version of dovecot with SquirrelMail. >> >> They recommend to use uncrypted IMAP when SquirrelMail is on same server. >> >> What I would like to support is then imap, imaps, pop3 and pop3s. >> >> imaps and pop3s for external users. >> imap and pop3 only open for localhost, that is SquirrelMail on same machine. >> >> With dovecot 1 you could restrict access using >> "imap_listen = localhost" >> >> How do I make the same restriction with localhost on dovecot 2 ??? > > if it listens only on localhost how should "imaps and pop3s for external > users" work and additionally these days STARTTLS is recommended which > works on the default ports 110/143 > > why do you not simply *offer* encryption *or* use webmail also > with encryption? > You should use imap with starttls (disable_plaintext_auth=yes) for the imap service, then use login_trusted_networks=<127.0.0.1/8 to allow webmail logins from localhost without ssl. Webmail doesn't use pop3, so no changes there. If you insist on using imaps and/or pop3s, then these can live alongside the above without problems. -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 899 bytes Desc: OpenPGP digital signature URL: From paul at fudj.net Wed May 29 15:06:52 2013 From: paul at fudj.net (Paul Lim) Date: Wed, 29 May 2013 12:06:52 +0000 (UTC) Subject: [Dovecot] Corrupt index file zlib References: <51A5E4C2.3090602@sys4.de> Message-ID: Robert Schetterer sys4.de> writes: > > Am 29.05.2013 06:34, schrieb Paul Lim: > > Hi, > > I'm getting this error constantly on a couple of folders. No matter > > what I do it keeps recurring. > > > > 2.1.7 is old use the recent version then retry fixing > > Best Regards > MfG Robert Schetterer > Hi Robert, I've got 2.1.7-7 installed which is the stable package release for wheezy. I'd prefer not to break from stable releases on my production server. thanks Paul From rs at sys4.de Wed May 29 15:31:07 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 29 May 2013 14:31:07 +0200 Subject: [Dovecot] Corrupt index file zlib In-Reply-To: References: <51A5E4C2.3090602@sys4.de> Message-ID: <51A5F50B.8070200@sys4.de> Am 29.05.2013 14:06, schrieb Paul Lim: > > Robert Schetterer sys4.de> writes: > >> >> Am 29.05.2013 06:34, schrieb Paul Lim: >>> Hi, >>> I'm getting this error constantly on a couple of folders. No matter >>> what I do it keeps recurring. >>> >> >> 2.1.7 is old use the recent version then retry fixing >> >> Best Regards >> MfG Robert Schetterer >> > > Hi Robert, > I've got 2.1.7-7 installed which is the stable package release for wheezy. > I'd prefer not to break from stable releases on my production server. > > thanks > Paul so you might miss bugfixes, current 2.1.x is 2.1.16 in this case you shouldnt share debians meaning of what is stable > > > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From simone at edinet.info Wed May 29 17:47:37 2013 From: simone at edinet.info (Simone Marx :: Edinet Srl) Date: Wed, 29 May 2013 16:47:37 +0200 Subject: [Dovecot] Enable IMAP only for certain users/IP In-Reply-To: <51A5E598.5000305@sys4.de> References: <51A5C072.5010402@sys4.de> <16b54ea3986d50ffe8ae509de0418d38@webmail.edinet.info> <51A5E598.5000305@sys4.de> Message-ID: <42066bf125cba51735d102d2d3fc26b0@webmail.edinet.info> > what about using some kind of > http://wiki2.dovecot.org/PostLoginScripting You got it, a script call for post-login does the trick. Thank you, Robert. Sincerely, Simone. From eco at ecocode.net Wed May 29 18:35:51 2013 From: eco at ecocode.net (Erik Colson) Date: Wed, 29 May 2013 17:35:51 +0200 Subject: [Dovecot] dsync Message-ID: Hi Is dovecot dsync considered an alternative to offlineimap (or others) when both distant and local are IMAP dovecot servers ? I used offlineimap for this, but somehow offlineimap got messed up (more than once, but without me able to explain how it happened). So I'm considering dsync for this purpose... Thanks! -- erik From ben at morrow.me.uk Wed May 29 20:44:39 2013 From: ben at morrow.me.uk (Ben Morrow) Date: Wed, 29 May 2013 18:44:39 +0100 Subject: [Dovecot] system account delivery userdb authentication In-Reply-To: <3A5C812C-08A3-4D00-BB9F-FB8F3F8AFABA@azurtem.net> References: <51A50F33.7080400@azurtem.net> <20130529032651.GG53132@anubis.morrow.me.uk> <3A5C812C-08A3-4D00-BB9F-FB8F3F8AFABA@azurtem.net> Message-ID: <20130529174439.GH53132@anubis.morrow.me.uk> [Please keep replies on the list.] At 6AM +0200 on 29/05/13 you (Yann Shukor) wrote: > > Although simpler to set up, I chose to steer clear of the single user > representing 'all' because I liked the idea of giving users access to > Usermin allowing them to manage their own password and vacation msg > (+filtering, ...) and furthermore they could login with their username > (domain-less). While it's often convenient to make a distinction between 'system' and 'virtual' users, Dovecot doesn't actually know the difference. It just looks users up in the passdb and userdb you have configured. This means it's perfectly straightforward to do a completely 'virtual user' setup, and then change the passdb to 'pam', which will let the users log in with their ordinary Unix password. To allow users to log in with just a username, all you need to do is make sure the users in the userdb and passdb are listed that way. Userdb passwd and passdb pam naturally are, but there's nothing to stop you using other userdbs if you want to. The only trick here is that if you're using LDA/LMTP then incoming deliveries will (or, at least, usually should) be addressed to a full email address, so you need auth_username_format to trim that back to a username. I don't know anything about Usermin, but if it is trying to set up traditional procmail filtering and vacation(1), you may be in trouble. Or, at least, you may have to give up on using Dovecot to deliver the mail and let Postfix's local(8) and procmail deliver it into maildirs themselves. If you're happy with this, this isn't a problem for Dovecot, but it might be better to go with Sieve filtering instead. Sieve is a newish mail filtering language, designed primarily to be safe (procmail has a nasty habit of letting users run arbitrary programs). Dovecot's LDA has a pretty complete sieve implementation called Pigeonhole (you may need to install it separately), which also supports a protocol called ManageSieve designed for uploading sieve scripts remotely. There are plugins for some webmail systems (and some desktop mail clients, for that matter) which let the user edit their filters in a gooey way; this includes setting up vacation messages. I use Roundcube webmail for this purpose; it also has a perfectly good PAM password- changing plugin. Ben From andreas at cymail.eu Wed May 29 23:46:44 2013 From: andreas at cymail.eu (Andreas Kasenides) Date: Wed, 29 May 2013 23:46:44 +0300 Subject: [Dovecot] Load Balancing and HA In-Reply-To: <408_1369775960_51A51F58_408_11_1_0b5401ce5be9$9998ab30$ccca0190$@h-st.com> References: <408_1369775960_51A51F58_408_11_1_0b5401ce5be9$9998ab30$ccca0190$@h-st.com> Message-ID: <947a7c9627f3977247586a4fca58bc67@cymail.eu> I am actually going through the first stages of implementing your Scenario1. There is small difference: there will also be 2*Postfix relays also on the Dovecot Proxies. This allows placing them in a DMZ such that the "real" Dovecot/Postfix servers are placed away from the WAN. After much arguing and thinking I decided to go with this option as the most basic and possibly the simplest way to achieve MY goals: 1. fault tolerance of the entire system such that a failure will not impact mail delivery/access. 2. distribute users on at least two Dovecot servers to help when peak times arrive. 3. Ability to expand easily if demand rises 4. No use of custom hardware 5. Both internal (LAN) users and "away from office" (WAN) users will "see" the same setup to ease configuration (mostly done by users these days) I should say that other more complicated setups like full blown clusters and distributed file systems have been rejected due to their complexity (and the fact we do not have experience with them). Our user base is around 3-4K of heavy users. Andreas On 29-05-2013 00:23, Romer Ventura wrote: > Hello, > > > > I've been thinking about the best way to achieve load balancing and > making > my mail servers highly available. So far I believe I have 2 > scenarios: > > Scenario1: This should allow any to lose any of the servers and > clients > still have access to their emails (although I am not sure how the > indexes > would react to this and sudden disconnection) > > - 2 Dovecot Proxy servers, using a virtual IP to where the > clients > will connect to from the WAN and LAN > > - 2 Dovecot+Postfix servers with local cache > > - 2 NFS servers and synced with dsync (mirror, 1 server > writes to > its own NFS and changes synced to the other via dsync) > > > > Scenario2: Pretty much as above on the back end. However, with this > there is > no way to load balance users. > > - 2 Dovecot+Postfix server with local cache > > - 2 NFS servers synced with dsync > > - Make use of DNS MX record priority to provide access to > secondary > email server > > > > > > Anyone care to comment? > > > > Thanks. From wdgarc88 at gmail.com Thu May 30 04:41:10 2013 From: wdgarc88 at gmail.com (Edwardo Garcia) Date: Thu, 30 May 2013 11:41:10 +1000 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <51A5BC80.3050609@thelounge.net> References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> <51A5BC80.3050609@thelounge.net> Message-ID: As oringanal poster, I agree with previouz comment, I too feel thiz dovecot responsibile for thiz work handoff, or should delete ability to use two host, people twitter I ask all along thought this how it work too! On Wed, May 29, 2013 at 6:29 PM, Reindl Harald wrote: > so better remove the option to specify more than one host > instead let people run over years in troubles until they > find out that a logical behavior like for postfix is not > given for dovecot's mysql-connections - yes i was one of > the who thought "hey both works the same way" until > i realized that dovecot has no fun at reboot the replication > slave which was intented only as failover and used regulary > > *it is* dovecots job if it offers more than one host > to handle this in a useful way or not support more than > one host, but you can't seriously say "it's not dovecots job" > after having a half-baken support implemented > > Am 29.05.2013 02:52, schrieb Timo Sirainen: > > I haven't replied to most of the threads recently. Anyway, after > thinking about this, I'm thinking this kind of connection fallback handling > isn't really Dovecot's job. A load balancer could be configured to do it > just as well (whereas LB couldn't do actual load balancing for multiple sql > servers, because Dovecot uses long running TCP connections). > > > > On 29.5.2013, at 2.09, Noel Butler wrote: > > > >> But each additional link added to the chain, is one more point of > >> failure, unless he's replied to OP privately I'm amazed Timo has ignored > >> this, since its been brought up from time to time before, if he no > >> longer plans on doing it, he should just say so, so people can look at > >> complete alternatives, we are a long way passed early 1.2 series. > >> > >> > >> On Sun, 2013-05-26 at 17:33 +0200, Daniel Parthey wrote: > >> > >>> Edwardo Garcia wrote: > >>>> Yes indeed, so it seem it does not do at all. > >>>> For now we disable use two hosts, but thiz not optimum for network. > >>> > >>> You might try to put mysqlproxy in between dovecot and your mysql > cluster > >>> and have dovecot connect to the failover proxy (or proxies) instead of > >>> connecting the database directly. > >>> > >>> mysqlproxy makes use of the lua scripting language, where you might > >>> want to implement the failover or filter mechanisms you need > > From rs at sys4.de Thu May 30 06:39:59 2013 From: rs at sys4.de (Robert Schetterer) Date: Thu, 30 May 2013 05:39:59 +0200 Subject: [Dovecot] Load Balancing and HA In-Reply-To: <947a7c9627f3977247586a4fca58bc67@cymail.eu> References: <408_1369775960_51A51F58_408_11_1_0b5401ce5be9$9998ab30$ccca0190$@h-st.com> <947a7c9627f3977247586a4fca58bc67@cymail.eu> Message-ID: <51A6CA0F.3050500@sys4.de> Am 29.05.2013 22:46, schrieb Andreas Kasenides: > I should say that other more complicated setups like full blown clusters > and > distributed file systems have been rejected due to their complexity (and > the > fact we do not have experience with them). > Our user base is around 3-4K of heavy users. i have no problems with storage ocfs2 on drbd maildir 4000 heavy users behind loadbalancers, its not that much complicated, also setups with nfs have their problems, you have to find a solution which fits best to your needs, tec skills and finance possibilities Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Thu May 30 06:42:23 2013 From: rs at sys4.de (Robert Schetterer) Date: Thu, 30 May 2013 05:42:23 +0200 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> <51A5BC80.3050609@thelounge.net> Message-ID: <51A6CA9F.1080405@sys4.de> Am 30.05.2013 03:41, schrieb Edwardo Garcia: > As oringanal poster, I agree with previouz comment, I too feel thiz > dovecot responsibile for thiz work handoff, or should delete ability to use > two host, people twitter I ask all along thought this how it work too! where is the problem, nobody presses you to use it, but i agree there should be more docs on it i.e wiki Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From nick.z.edwards at gmail.com Thu May 30 09:52:34 2013 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Thu, 30 May 2013 16:52:34 +1000 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> <51A5BC80.3050609@thelounge.net> Message-ID: +1 On 5/30/13, Edwardo Garcia wrote: > As oringanal poster, I agree with previouz comment, I too feel thiz > dovecot responsibile for thiz work handoff, or should delete ability to use > two host, people twitter I ask all along thought this how it work too! > > > On Wed, May 29, 2013 at 6:29 PM, Reindl Harald > wrote: > >> so better remove the option to specify more than one host >> instead let people run over years in troubles until they >> find out that a logical behavior like for postfix is not >> given for dovecot's mysql-connections - yes i was one of >> the who thought "hey both works the same way" until >> i realized that dovecot has no fun at reboot the replication >> slave which was intented only as failover and used regulary >> >> *it is* dovecots job if it offers more than one host >> to handle this in a useful way or not support more than >> one host, but you can't seriously say "it's not dovecots job" >> after having a half-baken support implemented >> >> Am 29.05.2013 02:52, schrieb Timo Sirainen: >> > I haven't replied to most of the threads recently. Anyway, after >> thinking about this, I'm thinking this kind of connection fallback >> handling >> isn't really Dovecot's job. A load balancer could be configured to do it >> just as well (whereas LB couldn't do actual load balancing for multiple >> sql >> servers, because Dovecot uses long running TCP connections). >> > >> > On 29.5.2013, at 2.09, Noel Butler wrote: >> > >> >> But each additional link added to the chain, is one more point of >> >> failure, unless he's replied to OP privately I'm amazed Timo has >> >> ignored >> >> this, since its been brought up from time to time before, if he no >> >> longer plans on doing it, he should just say so, so people can look at >> >> complete alternatives, we are a long way passed early 1.2 series. >> >> >> >> >> >> On Sun, 2013-05-26 at 17:33 +0200, Daniel Parthey wrote: >> >> >> >>> Edwardo Garcia wrote: >> >>>> Yes indeed, so it seem it does not do at all. >> >>>> For now we disable use two hosts, but thiz not optimum for network. >> >>> >> >>> You might try to put mysqlproxy in between dovecot and your mysql >> cluster >> >>> and have dovecot connect to the failover proxy (or proxies) instead >> >>> of >> >>> connecting the database directly. >> >>> >> >>> mysqlproxy makes use of the lua scripting language, where you might >> >>> want to implement the failover or filter mechanisms you need >> >> > From nick.z.edwards at gmail.com Thu May 30 09:59:22 2013 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Thu, 30 May 2013 16:59:22 +1000 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <51A6CA9F.1080405@sys4.de> References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> <51A5BC80.3050609@thelounge.net> <51A6CA9F.1080405@sys4.de> Message-ID: On 5/30/13, Robert Schetterer wrote: > Am 30.05.2013 03:41, schrieb Edwardo Garcia: >> As oringanal poster, I agree with previouz comment, I too feel thiz >> dovecot responsibile for thiz work handoff, or should delete ability to >> use >> two host, people twitter I ask all along thought this how it work too! > > where is the problem, nobody presses you to use it, nobody makes us dovecot true, but dovecot works fine and in perfect harmony with postfix, except this one option. I remember the earlier thread and have been waiting for this option, but now I see Timo has decided to drop the idea after earlier saying it would be beneficial, and seems some people have been waiting for long time for no reason, so maybe time to consider all other options, including server software. From mpn at icabs.co.zw Thu May 30 10:09:56 2013 From: mpn at icabs.co.zw (MP Netsai) Date: Thu, 30 May 2013 09:09:56 +0200 Subject: [Dovecot] imap/pop problem In-Reply-To: References: <9F93F3D350544C2EAF4C8D31E221B11A@jedi> Message-ID: <2A6A54791DE2478DB77ED93BA89F3429@jedi> I have discovered it. I enabled the namespace inbox and location of mailbox. it all looks good now. thanks for your efforts. -----Original Message----- From: Steffen Kaiser Sent: Wednesday, May 29, 2013 9:35 AM To: MP Netsai Cc: Dovecot MM Subject: Re: [Dovecot] imap/pop problem -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 28 May 2013, MP Netsai wrote: increase logging, see http://wiki2.dovecot.org/Logging then check out the logs and - if required still, because Dovecot's log message usually speak an understandable tongue - post the logs along. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUaWvql3r2wJMiz2NAQIKHAf/Zabc0bCGIXDYwZwnzuRPof/r2wDJPQA6 c7SG3R6HUZmSL5dEHYgwwoK/UhS/p8xJ9TZqjAzUPQ/CGWR8zHX5tSS360gQIMrU hNK59cDFXHr+h5RQUkq7D5JPs/k2U0gE6Z1iMPTVTdAILb56KReuINbeYUsqyWOV 1D23NH86gr/7UzPWxVl1CmwQOOSitMqJ7N6fDiB9D+2F1bHN8+5Lu1S/+VohPyw7 croUdMup8+p/lEYYfkBfMRDICm2uCfuKPVAgJKyC/4mknK6vqPyK8YDmE7NXlD9K UhmZye1enW/lvoiybmyyVOg5rjVdgVxcBoFvIqLc97/5uFSrIRrSoQ== =/0+W -----END PGP SIGNATURE----- From arung at cdac.in Thu May 30 10:26:09 2013 From: arung at cdac.in (Arun Gupta) Date: Thu, 30 May 2013 12:56:09 +0530 (IST) Subject: [Dovecot] IMAP QUOTA In-Reply-To: References: Message-ID: Hi, I read about Snarf plugin, it works if the mail already in spool area, but I want to know whether it is possible if users quota exceeded then instead of mail rejected it should delived to user spool area or somewhere else. Regards, Arun Gupta On Wed, 29 May 2013, Arun Gupta wrote: > > Hi, > > Thanks for replying... > > Dear Steffen I search about "slurp" plugin but didn't get it if possible > kindly provde me the doc, link etc for the same. > > Regards, > > Arun Gupta > > On Tue, 28 May 2013, Arun Gupta wrote: > >> I configured imap quota on dovecot-2.0 with backend Maildir++, after >> exceeding user quota the sender receiving bounce mails, Is there any way > that >> after exceeding user quota the mail will deliver somewhere else like > user >> spool area? so that after increasing quota user will get the mails. > > Check out the "slurp" plugin and let your MTA deliver mails to, say, > /var/mail/ . You will have no Sieve rules then, I think. > > However, some sort of quota enforcing you will need there, too. > > - -- > Steffen Kaiser > > -- Regards, Arun Kumar Gupta Mail Administrator National PARAM Supercomputing Facility (NPSF) Centre for Development of Advanced Computing Ganeshkhind Road Pune University Campus PUNE-Maharastra Phone : +91-20-25704347 WEB : http://www.cdac.in/ ------------------------------------------------------------------------------------------------------------------------------- This e-mail is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies and the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email is strictly prohibited and appropriate legal action will be taken. ------------------------------------------------------------------------------------------------------------------------------- From burak4burak at msn.com Thu May 30 10:34:05 2013 From: burak4burak at msn.com (=?UTF-8?B?QnVyYWsgR8OcUkVS?=) Date: Thu, 30 May 2013 10:34:05 +0300 Subject: [Dovecot] Dovecot 2.2 build rpm on Centos6 In-Reply-To: <51A3660D.3000700@noa.gr> References: <51A33069.1080508@gmail.com> <51A3660D.3000700@noa.gr> Message-ID: <51A700ED.9090002@msn.com> On 27-05-2013 16:56, Nikolaos Milas wrote: > On 27/5/2013 1:07 ??, Birta Levente wrote: > >> I tried to build rpm based on dovecot-2.2.2-2.fc20.src.rpm on Centos 6.4 > > You may want to try: > > dovecot-2.2.2-2.noa.el6.src.rpm > > which produces: > > dovecot-2.2.2-2.noa.el6.x86_64.rpm > dovecot-debuginfo-2.2.2-2.noa.el6.x86_64.rpm > dovecot-devel-2.2.2-2.noa.el6.x86_64.rpm > dovecot-mysql-2.2.2-2.noa.el6.x86_64.rpm > dovecot-pgsql-2.2.2-2.noa.el6.x86_64.rpm > dovecot-pigeonhole-2.2.2-2.noa.el6.x86_64.rpm > > available at: http://www.noa.gr/rpmfiles/ > > This package is using LTB Project's Openldap RPMs for LDAP linking: > > http://ltb-project.org/wiki/download#openldap > > The above Dovecot SRPM has evolved from fakessh's rpms: > http://ns.fakessh.eu/rpms/ and I like it because it is clean and clear > (to me, at least). > > Nick another question.. anybody built dovecot 2.2 on rhel/centos 5 there is any knowhow or any builded pack From arto.saraniva at artio.net Thu May 30 10:52:27 2013 From: arto.saraniva at artio.net (Arto Saraniva) Date: Thu, 30 May 2013 10:52:27 +0300 Subject: [Dovecot] Dovecot 2.2 build rpm on Centos6 In-Reply-To: <51A700ED.9090002@msn.com> References: <51A33069.1080508@gmail.com> <51A3660D.3000700@noa.gr> <51A700ED.9090002@msn.com> Message-ID: <036c01ce5d0a$a12e3820$e38aa860$@saraniva@artio.net> > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] > On Behalf Of Burak G?RER > Sent: Thursday, May 30, 2013 10:34 AM > To: Nikolaos Milas > Cc: Dovecot Mailing List > Subject: Re: [Dovecot] Dovecot 2.2 build rpm on Centos6 > > On 27-05-2013 16:56, Nikolaos Milas wrote: > > On 27/5/2013 1:07 ??, Birta Levente wrote: > > > >> I tried to build rpm based on dovecot-2.2.2-2.fc20.src.rpm on Centos > >> 6.4 > > > > You may want to try: > > > > dovecot-2.2.2-2.noa.el6.src.rpm > > > > which produces: > > > > dovecot-2.2.2-2.noa.el6.x86_64.rpm > > dovecot-debuginfo-2.2.2-2.noa.el6.x86_64.rpm > > dovecot-devel-2.2.2-2.noa.el6.x86_64.rpm > > dovecot-mysql-2.2.2-2.noa.el6.x86_64.rpm > > dovecot-pgsql-2.2.2-2.noa.el6.x86_64.rpm > > dovecot-pigeonhole-2.2.2-2.noa.el6.x86_64.rpm > > > > available at: http://www.noa.gr/rpmfiles/ > > > > This package is using LTB Project's Openldap RPMs for LDAP linking: > > > > http://ltb-project.org/wiki/download#openldap > > > > The above Dovecot SRPM has evolved from fakessh's rpms: > > http://ns.fakessh.eu/rpms/ and I like it because it is clean and > clear > > (to me, at least). > > > > Nick > > another question.. anybody built dovecot 2.2 on rhel/centos 5 > > there is any knowhow or any builded pack http://www.city-fan.org/ftp/contrib/mail/ -arto From ya.mwork at yandex.ru Thu May 30 11:26:57 2013 From: ya.mwork at yandex.ru (Evgeny Basov) Date: Thu, 30 May 2013 12:26:57 +0400 Subject: [Dovecot] Perfect LDAP tree In-Reply-To: References: <51A46918.40407@yandex.ru> Message-ID: <51A70D51.1030302@yandex.ru> Good morning. 28.05.2013 18:06, Steffen Kaiser ?????: > > > mail=box2 at example2.com,ou=mail,dc=example2,dc=com > Thank you, I lost sight of that. > > In my opinion, you try make LDAP more complicate is it is designed as. I'm tried to create error-robust structure. For example when schema for mail test at example.com presents as dn: dc=com dn: dc=example,dc=com dn: mail=test,dc=example,dc=com it looks much better than dn: dc=example.com dn: mail=test at example.com,dc=example.com because we are don't make a mistake and never get dn: dc=example.com dn: mail=test at example.org,dc=example.com With best regards, Evgeny Basov. From blevi.linux at gmail.com Thu May 30 13:14:09 2013 From: blevi.linux at gmail.com (Birta Levente) Date: Thu, 30 May 2013 13:14:09 +0300 Subject: [Dovecot] Dovecot 2.2 build rpm on Centos6 In-Reply-To: <51A700ED.9090002@msn.com> References: <51A33069.1080508@gmail.com> <51A3660D.3000700@noa.gr> <51A700ED.9090002@msn.com> Message-ID: <51A72671.2090902@gmail.com> On 30/05/2013 10:34, Burak G?RER wrote: > On 27-05-2013 16:56, Nikolaos Milas wrote: >> On 27/5/2013 1:07 ??, Birta Levente wrote: >> >>> I tried to build rpm based on dovecot-2.2.2-2.fc20.src.rpm on Centos 6.4 >> >> You may want to try: >> >> dovecot-2.2.2-2.noa.el6.src.rpm >> >> which produces: >> >> dovecot-2.2.2-2.noa.el6.x86_64.rpm >> dovecot-debuginfo-2.2.2-2.noa.el6.x86_64.rpm >> dovecot-devel-2.2.2-2.noa.el6.x86_64.rpm >> dovecot-mysql-2.2.2-2.noa.el6.x86_64.rpm >> dovecot-pgsql-2.2.2-2.noa.el6.x86_64.rpm >> dovecot-pigeonhole-2.2.2-2.noa.el6.x86_64.rpm >> >> available at: http://www.noa.gr/rpmfiles/ >> >> This package is using LTB Project's Openldap RPMs for LDAP linking: >> >> http://ltb-project.org/wiki/download#openldap >> >> The above Dovecot SRPM has evolved from fakessh's rpms: >> http://ns.fakessh.eu/rpms/ and I like it because it is clean and clear >> (to me, at least). >> >> Nick > > another question.. anybody built dovecot 2.2 on rhel/centos 5 > > there is any knowhow or any builded pack I done yesterday with spec that I used on centos 6 without any modification src rpm from http://mstevens.fedorapeople.org/el6/dovecot/2.2/ Levi -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3889 bytes Desc: S/MIME Cryptographic Signature URL: From burak4burak at msn.com Thu May 30 13:45:23 2013 From: burak4burak at msn.com (=?UTF-8?B?QnVyYWsgR8OcUkVS?=) Date: Thu, 30 May 2013 13:45:23 +0300 Subject: [Dovecot] Dovecot 2.2 build rpm on Centos6 In-Reply-To: <036c01ce5d0a$a12e3820$e38aa860$@saraniva@artio.net> References: <51A33069.1080508@gmail.com> <51A3660D.3000700@noa.gr> <51A700ED.9090002@msn.com> <036c01ce5d0a$a12e3820$e38aa860$@saraniva@artio.net> Message-ID: <51A72DC3.8070701@msn.com> On 30-05-2013 10:52, Arto Saraniva wrote: > >> -----Original Message----- >> From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] >> On Behalf Of Burak G?RER >> Sent: Thursday, May 30, 2013 10:34 AM >> To: Nikolaos Milas >> Cc: Dovecot Mailing List >> Subject: Re: [Dovecot] Dovecot 2.2 build rpm on Centos6 >> >> On 27-05-2013 16:56, Nikolaos Milas wrote: >>> On 27/5/2013 1:07 ??, Birta Levente wrote: >>> >>>> I tried to build rpm based on dovecot-2.2.2-2.fc20.src.rpm on Centos >>>> 6.4 >>> You may want to try: >>> >>> dovecot-2.2.2-2.noa.el6.src.rpm >>> >>> which produces: >>> >>> dovecot-2.2.2-2.noa.el6.x86_64.rpm >>> dovecot-debuginfo-2.2.2-2.noa.el6.x86_64.rpm >>> dovecot-devel-2.2.2-2.noa.el6.x86_64.rpm >>> dovecot-mysql-2.2.2-2.noa.el6.x86_64.rpm >>> dovecot-pgsql-2.2.2-2.noa.el6.x86_64.rpm >>> dovecot-pigeonhole-2.2.2-2.noa.el6.x86_64.rpm >>> >>> available at: http://www.noa.gr/rpmfiles/ >>> >>> This package is using LTB Project's Openldap RPMs for LDAP linking: >>> >>> http://ltb-project.org/wiki/download#openldap >>> >>> The above Dovecot SRPM has evolved from fakessh's rpms: >>> http://ns.fakessh.eu/rpms/ and I like it because it is clean and >> clear >>> (to me, at least). >>> >>> Nick >> another question.. anybody built dovecot 2.2 on rhel/centos 5 >> >> there is any knowhow or any builded pack > http://www.city-fan.org/ftp/contrib/mail/ > > -arto > thanks arto From h.reindl at thelounge.net Thu May 30 13:54:10 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 30 May 2013 12:54:10 +0200 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <51A6CA9F.1080405@sys4.de> References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> <51A5BC80.3050609@thelounge.net> <51A6CA9F.1080405@sys4.de> Message-ID: <51A72FD2.2040709@thelounge.net> Am 30.05.2013 05:42, schrieb Robert Schetterer: > Am 30.05.2013 03:41, schrieb Edwardo Garcia: >> As oringanal poster, I agree with previouz comment, I too feel thiz >> dovecot responsibile for thiz work handoff, or should delete ability to use >> two host, people twitter I ask all along thought this how it work too! > > where is the problem, nobody presses you to use it so what - that makes not bugs go away > but i agree there should be more docs on it i.e wiki how can whatever documentation repair a broken by design implementation like using the replicaton slave while the master on localhost is available and throw errors if the slave is rebooted in the wrong moment? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From shop at open-t.co.uk Thu May 30 13:55:55 2013 From: shop at open-t.co.uk (Sebastian Arcus) Date: Thu, 30 May 2013 11:55:55 +0100 Subject: [Dovecot] Sieve/pigeonhole with Exim and Dovecot LDA In-Reply-To: <519AA650.4090206@gedalya.net> References: <519A3D59.5060300@open-t.co.uk> <519A4924.3080701@open-t.co.uk> <519A4B6D.4090404@gedalya.net> <519A91FD.1010009@open-t.co.uk> <519AA650.4090206@gedalya.net> Message-ID: <51A7303B.4060109@open-t.co.uk> On 20/05/13 23:40, Gedalya wrote: > On 05/20/2013 05:13 PM, Sebastian Arcus wrote: >> On 20/05/13 17:12, Gedalya wrote: >>> On 05/20/2013 12:02 PM, Sebastian Arcus wrote: >>>> Exim doesn't seem to have any variable expansion for the "From" field >>> >>> If using the From header actually makes sense to you... then see >>> $h_
at >>> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html, >>> >>> you probably want to restrict the usage of this as much as possible. >>> The envelope sender must be empty for bounces and auto-replies, pretty >>> good article here: https://github.com/Exim/exim/wiki/EximAutoReply >>> Later I'll read through your whole message again and maybe I'll come up >>> with something more concrete and detailed.. >> >> Thanks for that. I've just tried using $header_from: in my exim >> authenticator in client mode when talking to the provider's SMTP >> server in smart relay mode (instead of $sender_address) - but for some >> strange reason it just won't work. I've poured over the exim logs in >> debug mode - and so far I can't make sense of what is happening. I'll >> try some more to figure it out and get it working. >> >> > > OK, now I had some more time to look at your situation. > We can ask, do you really need the sender? How do you use it? You're > trying to authenticate using the sender, do you have the passwords in a > lookup file? > Perhaps this can be a good idea: set up a special authenticator with: > client_condition = ${if match_ip{$sender_host_address}{:@[]}{1}{0}} > so that it can only be used for locally submitted messages (this > _should_ work, test it), and statically configure it with credentials > that would work with your upstream SMTP server? > Either way, you shouldn't have an authenticator that would trust the > From: header and do something with it, unless the situation is very > tightly controlled. You probably want to put more restrictions there to > make sure this works only when intended, i.e. dovecot autoreplies. > > Now, as for $header_from, first of all, it's "$header_from:", with the > colon in the end. Yea, I know. > Secondly, I have no idea if it would be available in an authenticator. > Consider that an authenticator is not really something that is related > to processing an individual message. > One thing is for sure, you would need to set connection_max_messages = 1 > in the smtp transport which would be handling these messages. I know > that that helps to make $sender_address available in the authenticator, > try your luck with $h_from: or try to pass that data in somehow, ACL > variables or something, let me know how that goes - I'm curious, but if > you need further help you should probably ask on the exim-users mailing > list (and point me at the thread ;-)) Just a follow-up to my previous messages. I've posted to the exim list, and the best option seems to be to run a check in the authenticator, and if the $sender_address is empty, to use a default one instead. Note that this is probably safe in my setup, on a small lan with tightly controlled clients and where exim accepts no outside incoming email - but it might not be safe in some other different arrangements. Here is my authenticator, in case it helps anybody else (replace "my at default_address.com" with something suitable for your setup): #modified client auth for sieve ($sender_address missing) fixed_plain_client: driver = plaintext public_name = PLAIN client_send = ^${if eq{$sender_address}{}{my at default_address.com}\ {$sender_address}}^${lookup{${if eq{$sender_address}{}\ {my at default_address.com}{$sender_address}}}\ lsearch{/etc/exim/exim-client.passwd}{$value}{fail}} And here is a link to the thread on exim list: https://lists.exim.org/lurker/message/20130523.094659.1dc9fbe2.en.html From CMarcus at Media-Brokers.com Thu May 30 14:01:00 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 30 May 2013 07:01:00 -0400 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> <51A5BC80.3050609@thelounge.net> <51A6CA9F.1080405@sys4.de> Message-ID: <51A7316C.6040802@Media-Brokers.com> On 2013-05-30 2:59 AM, Nick Edwards wrote: > nobody makes us dovecot true, but dovecot works fine and in perfect > harmony with postfix, except this one option. I remember the earlier > thread and have been waiting for this option, but now I see Timo has > decided to drop the idea after earlier saying it would be beneficial, > and seems some people have been waiting for long time for no reason, > so maybe time to consider all other options, including server software. Oh, grow up. I can see if this was something that was super critical to a functioning - and I agree that it should be fixed to either work as expected (best), or no longer support the ability to add multiple hosts - but it isn't up to me or you. Just because 'some' people have been waiting for this feature, doesn't mean that it is important to everyone. Now, if you can provide evidence that a large percentage of people desire this feature and it is important enough to them that they might actually consider switching from dovecot to something else (but what choices do you have, really? I know I have no desire to switch back to courier-imap), then I think Timo may reconsider. In fact, he may already be doing so. But the bottom line is, there are other ways to achieve this feature, and I think it is plain silly and juvenile to threaten to switch from dovecot just because Timo doesn't agree with you. Oh - and of course, the very last point... This *is* open source software. I'd wager an entire months pay that if you coded up a solution and provided a working, properly coded patch (that isn't full of security holes and bad coding practices), Timo would accept/merge it. -- Best regards, Charles From CMarcus at Media-Brokers.com Thu May 30 14:03:03 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 30 May 2013 07:03:03 -0400 Subject: [Dovecot] IMAP QUOTA In-Reply-To: References: Message-ID: <51A731E7.5010502@Media-Brokers.com> On 2013-05-30 3:26 AM, Arun Gupta wrote: > I read about Snarf plugin, it works if the mail already in spool area, > but I want to know whether it is possible if users quota exceeded then > instead of mail rejected it should delived to user spool area or > somewhere else. Again, you are tilting at windmills. If you want to use Quotas, *use* them. If you don't, then *don't*. Otherwise you are just asking for headaches. -- Best regards, Charles From eric at ericabrahamsen.net Thu May 30 05:33:01 2013 From: eric at ericabrahamsen.net (Eric Abrahamsen) Date: Thu, 30 May 2013 10:33:01 +0800 Subject: [Dovecot] recursive mail_location? Message-ID: <87obbt42oy.fsf@ericabrahamsen.net> Forgive what may be a newby question, but I'm trying to get a new setup working, and there are many different things confusing me. I'm trying for a gnus + dovecot + mbsync arrangement, with mbsync writing to maildirs, and gnus reading from those dirs with a dovecot invocation. Fairly standard, I think. I have multiple email accounts I'm trying to sync, all of them gmail. My problem is that mbsync creates one maildir structure for each mailbox in each account. So I end up with: ~/mail ??? acc1 ? ??? INBOX ? ? ??? cur ? ? ??? new ? ? ??? tmp ? ??? OTHERBOX ? ??? cur ? ??? new ? ??? tmp ??? acc2 ??? INBOX ? ??? cur ? ??? new ? ??? tmp ??? OTHERBOX ??? cur ??? new ??? tmp And so on, for many accounts, and many mailboxes. I believe there's something I can configure in mbsync to collapse this a little, but there's still going to be quite a bit of nesting. Gnus, meanwhile, is meant to invoke dovecot with the "-o mail_location" switch, and as far as I can tell that needs to be pointed at a maildir structure, which means I would need a separate gnus server for each mailbox in each account. Does anyone have a recommended way of handling this? Is it possible to either "flatten" the structure further, or somehow tell dovecot to recurse into directories? I don't mind having a separate gnus server for each mail account, but I'd hate to have to do one per mailbox. I'm only just getting started and haven't invested myself in any particular setup, so if the answer is "you're doing it all wrong", I would love to hear that. Thanks! Eric From rs at sys4.de Thu May 30 16:10:26 2013 From: rs at sys4.de (Robert Schetterer) Date: Thu, 30 May 2013 15:10:26 +0200 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <51A72FD2.2040709@thelounge.net> References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> <51A5BC80.3050609@thelounge.net> <51A6CA9F.1080405@sys4.de> <51A72FD2.2040709@thelounge.net> Message-ID: <51A74FC2.4020104@sys4.de> Am 30.05.2013 12:54, schrieb Reindl Harald: > > > Am 30.05.2013 05:42, schrieb Robert Schetterer: >> Am 30.05.2013 03:41, schrieb Edwardo Garcia: >>> As oringanal poster, I agree with previouz comment, I too feel thiz >>> dovecot responsibile for thiz work handoff, or should delete ability to use >>> two host, people twitter I ask all along thought this how it work too! >> >> where is the problem, nobody presses you to use it > > so what - that makes not bugs go away > >> but i agree there should be more docs on it i.e wiki > > how can whatever documentation repair a broken by design > implementation like using the replicaton slave while the > master on localhost is available and throw errors if > the slave is rebooted in the wrong moment? > Hi Harald, if you declare this broken, why not fix it yourself, instead of barking to the moon, however the current behave should be written in the wiki, to avoid recover the same questions on the list in periods Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From CMarcus at Media-Brokers.com Thu May 30 16:17:28 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 30 May 2013 09:17:28 -0400 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <51A74FC2.4020104@sys4.de> References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> <51A5BC80.3050609@thelounge.net> <51A6CA9F.1080405@sys4.de> <51A72FD2.2040709@thelounge.net> <51A74FC2.4020104@sys4.de> Message-ID: <51A75168.7090605@Media-Brokers.com> On 2013-05-30 9:10 AM, Robert Schetterer wrote: > Hi Harald, if you declare this broken, why not fix it yourself, instead > of barking to the moon, however the current behave should be written in > the wiki, to avoid recover the same questions on the list in periods Well, I'd add that the config itself should complain (with a link to the wiki page explaining the issue) if more than one server is added. In other words, it should tell the admin that it will not work as they may be expecting. -- Best regards, Charles From karol.jurak at gmail.com Thu May 30 16:45:21 2013 From: karol.jurak at gmail.com (Karol Jurak) Date: Thu, 30 May 2013 15:45:21 +0200 Subject: [Dovecot] recursive mail_location? In-Reply-To: <87obbt42oy.fsf@ericabrahamsen.net> References: <87obbt42oy.fsf@ericabrahamsen.net> Message-ID: <1579535.YRSr3nuAER@karol1-530u3c-530u4c> On Thursday 30 of May 2013 10:33:01 Eric Abrahamsen wrote: > Does anyone have a recommended way of handling this? Is it possible to > either "flatten" the structure further, or somehow tell dovecot to > recurse into directories? I don't mind having a separate gnus server > for each mail account, but I'd hate to have to do one per mailbox. Maybe setting LAYOUT=fs (and possibly DIRNAME) in mail_location could somehow help you? More on this settings is here: http://wiki2.dovecot.org/MailLocation/Maildir -- Karol Jurak From skdovecot at smail.inf.fh-brs.de Thu May 30 18:09:27 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen) Date: Thu, 30 May 2013 17:09:27 +0200 Subject: [Dovecot] IMAP QUOTA In-Reply-To: References: Message-ID: <51A76BA7.8040501@smail.inf.fh-brs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Arun Gupta wrote: > > I read about Snarf plugin, it works if the mail already in spool > area, but I want to know whether it is possible if users quota > exceeded then instead of mail rejected it should delived to user > spool area or somewhere else. I understand and you should consider Charles' advice :-) This is something your MDA should do. Neither the Dovecot LMTP server nor the current Dovecot deliver can do so. But deliver is rather small, so you could hack it in. Or use Dovecot deliver in combination with Snarf and a MDA wrapper, e.g.: The wrapper script first checks, if the recipient is over quota, in that case use another maildrop programm, such as procmail, that delivers the message to a spool area; otherwise call Dovecot deliver with the usual arguments. Or if you call Dovecot deliver and it exits with exit code 69 (Tempfailure), call that other MDA. Then let Snarf pull the messages into the INBOX next time. - -- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBUadrp13r2wJMiz2NAQIpiAf+JSeuZns89NoJV5aW2Li4myLp209HycHt j3varTiBYgekw1vMAhDXYH/RKnMwWlOFSe15YIMTcCIY8gjTIqCx6YA/W1cJVZL+ 3zRVA/75t3CsAFx70/+fecrZJnY6u0Ok7VUXJ4DAxdJgsOyqXZy9/6bt+t43TcaT pUlug3nAmIP9GwZ2GQFGkEFxfD74EPVRVg8opAZzTaSPuv/IfKsC8f4RA64JtQ2S EACc/nEC4xVmjDAz/9cpLLsWiLlYfy/cEDIw49XA2MrQsIIS7qkHcDLawuqsVsAk HHXX/iqmcRBtznpO94XS9SCtvUa/5fDkVYv56uuDazEHpy4urBrtyA== =Qo2f -----END PGP SIGNATURE----- From mariajose1982 at gmail.com Thu May 30 18:34:24 2013 From: mariajose1982 at gmail.com (=?ISO-8859-1?Q?Maria_Jose_Ya=F1ez_Dacosta?=) Date: Thu, 30 May 2013 12:34:24 -0300 Subject: [Dovecot] Settings: Dovecot + NTLM + Single Sing On + Windows + Outlook or Thunderbird. Message-ID: I am following the steps listed in: http://wiki.dovecot.org/HowTo/ActiveDirectoryNtlm My goal is to have single sign-on for Microsoft Outlook applications. I working and I have some doubts since I never set up an imap server, hope I can help :). The version that I have installed is devecot 2.0.9. "dovecot -n" shows the following: # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_use_winbind = yes mbox_write_locks = fcntl passdb { driver = pam } protocols = imap pop3 ssl = no userdb { args = uid=10000 gid=10000 home=/mail/%d/%n driver = static } I show what I have in /etc/samba/smb.conf [global] workgroup = EJEMPLO realm = EJEMPLO.COM.UY server string = %h (Samba %v) security = ADS password server = ad.domain.dom username map = /etc/samba/mapeousuarios map untrusted to domain = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = wins host bcast local master = No domain master = No dns proxy = No wins server = here active directory ip panic action = /usr/share/samba/panic-action %d winbind separator = + winbind use default domain = Yes winbind rpc only = Yes idmap config * : range = 1200-3000 idmap config * : backend = tdb [usuarios3] path = /exports/archivos-usuarios read only = No map acl inherit = Yes store dos attributes = Yes "wbinfo -g" and "wbinfo -u" work well. kinit Administrator work well also. Some steps of the configuration in dovecot.conf does not recognize: 1) "protocols = imap imaps pop3 pop3s". 2) "mechanisms = plain ntlm login". 3) "allow_all_users=yes" y "mail=maildir:/home/vmail/%d/%1Ln/%Ln:INBOX=/home/vmail/%d/%1Ln/%Ln". I'm not sure I should put in place. I also have some doubts: 1) I have to create a keytab file containing the principal for imap and pop?, as it would indicate Dovecot?. 2) That should indicate values uid y el gid? 3) I have to set something in pam? if I make "telnet localhost imap" shows the following: OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready NTLM not appears in the options. I hope I can shed some light on the subject :) Thanks and greetings. -- Maria Jos? From CMarcus at Media-Brokers.com Thu May 30 19:41:57 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 30 May 2013 12:41:57 -0400 Subject: [Dovecot] Settings: Dovecot + NTLM + Single Sing On + Windows + Outlook or Thunderbird. In-Reply-To: References: Message-ID: <51A78155.8030804@Media-Brokers.com> The wiki link you refer to is for dovecot v1. You are using v2. Use the correct wiki link... http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm Also, you are using an old version of v2 - use the latest 2.1 (2.1.16), or better yet, the latest 2.2 (2.2.2)... Charles On 2013-05-30 11:34 AM, Maria Jose Ya?ez Dacosta wrote: > I am following the steps listed in: > http://wiki.dovecot.org/HowTo/ActiveDirectoryNtlm > > My goal is to have single sign-on for Microsoft Outlook applications. > > I working and I have some doubts since I never set up an imap server, hope > I can help :). > > The version that I have installed is devecot 2.0.9. > > "dovecot -n" shows the following: > > # 2.0.9: /etc/dovecot/dovecot.conf > -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6224 | 678.514.6299 fax From tss at iki.fi Thu May 30 20:16:12 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 30 May 2013 20:16:12 +0300 Subject: [Dovecot] IMAP QUOTA In-Reply-To: References: Message-ID: <0B4D63FD-677F-49F1-9CA7-3D0CE6FA2F16@iki.fi> On 28.5.2013, at 13.42, Arun Gupta wrote: > I configured imap quota on dovecot-2.0 with backend Maildir++, after exceeding user quota the sender receiving bounce mails, Is there any way that after exceeding user quota the mail will deliver somewhere else like user spool area? so that after increasing quota user will get the mails. quota_full_tempfail = yes From mariajose1982 at gmail.com Thu May 30 20:29:05 2013 From: mariajose1982 at gmail.com (=?ISO-8859-1?Q?Maria_Jose_Ya=F1ez_Dacosta?=) Date: Thu, 30 May 2013 14:29:05 -0300 Subject: [Dovecot] Settings: Dovecot + NTLM + Single Sing On + Windows + Outlook or Thunderbird. In-Reply-To: <51A78155.8030804@Media-Brokers.com> References: <51A78155.8030804@Media-Brokers.com> Message-ID: Sorry!, And try to install the latest version and tell them. Thanks! 2013/5/30 Charles Marcus > The wiki link you refer to is for dovecot v1. > > You are using v2. > > Use the correct wiki link... > > http://wiki2.dovecot.org/**HowTo/ActiveDirectoryNtlm > > Also, you are using an old version of v2 - use the latest 2.1 (2.1.16), or > better yet, the latest 2.2 (2.2.2)... > > Charles > > > > > On 2013-05-30 11:34 AM, Maria Jose Ya?ez Dacosta > wrote: > >> I am following the steps listed in: >> http://wiki.dovecot.org/HowTo/**ActiveDirectoryNtlm >> >> My goal is to have single sign-on for Microsoft Outlook applications. >> >> I working and I have some doubts since I never set up an imap server, hope >> I can help :). >> >> The version that I have installed is devecot 2.0.9. >> >> "dovecot -n" shows the following: >> >> # 2.0.9: /etc/dovecot/dovecot.conf >> >> > -- > > Best regards, > > Charles Marcus > I.T. Director > Media Brokers International, Inc. > 678.514.6224 | 678.514.6299 fax > > > -- Maria Jos? From rs at sys4.de Thu May 30 21:24:46 2013 From: rs at sys4.de (Robert Schetterer) Date: Thu, 30 May 2013 20:24:46 +0200 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <51A75168.7090605@Media-Brokers.com> References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> <51A5BC80.3050609@thelounge.net> <51A6CA9F.1080405@sys4.de> <51A72FD2.2040709@thelounge.net> <51A74FC2.4020104@sys4.de> <51A75168.7090605@Media-Brokers.com> Message-ID: <51A7996E.8060604@sys4.de> Am 30.05.2013 15:17, schrieb Charles Marcus: > On 2013-05-30 9:10 AM, Robert Schetterer wrote: >> Hi Harald, if you declare this broken, why not fix it yourself, instead >> of barking to the moon, however the current behave should be written in >> the wiki, to avoid recover the same questions on the list in periods > > Well, I'd add that the config itself should complain (with a link to the > wiki page explaining the issue) if more than one server is added. In > other words, it should tell the admin that it will not work as they may > be expecting. > yes , doing such ,sounds ok to me Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From noel.butler at ausics.net Fri May 31 02:40:45 2013 From: noel.butler at ausics.net (Noel Butler) Date: Fri, 31 May 2013 09:40:45 +1000 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <51A7996E.8060604@sys4.de> References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> <51A5BC80.3050609@thelounge.net> <51A6CA9F.1080405@sys4.de> <51A72FD2.2040709@thelounge.net> <51A74FC2.4020104@sys4.de> <51A75168.7090605@Media-Brokers.com> <51A7996E.8060604@sys4.de> Message-ID: <1369957245.4628.9.camel@tardis> On Thu, 2013-05-30 at 20:24 +0200, Robert Schetterer wrote: > > Well, I'd add that the config itself should complain (with a link to the > > wiki page explaining the issue) if more than one server is added. In > > other words, it should tell the admin that it will not work as they may > > be expecting. > > > > yes , doing such ,sounds ok to me > > > Best Regards > MfG Robert Schetterer > One thing I have always expected of my people, which was once instilled upon me many many years ago by one of my managers.. is fix the root cause, dont play catch-up patch-up ... in other words, dont apply a bandaid solution when the bandaid will eventually come off. The change to the wiki or print warnings to say this that whatever, is IMHO, only a bandaid solution. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From noel.butler at ausics.net Fri May 31 03:00:06 2013 From: noel.butler at ausics.net (Noel Butler) Date: Fri, 31 May 2013 10:00:06 +1000 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <51A7316C.6040802@Media-Brokers.com> References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> <51A5BC80.3050609@thelounge.net> <51A6CA9F.1080405@sys4.de> <51A7316C.6040802@Media-Brokers.com> Message-ID: <1369958407.4628.29.camel@tardis> On Thu, 2013-05-30 at 07:01 -0400, Charles Marcus wrote: > On 2013-05-30 2:59 AM, Nick Edwards wrote: > > nobody makes us dovecot true, but dovecot works fine and in perfect > > harmony with postfix, except this one option. I remember the earlier > > thread and have been waiting for this option, but now I see Timo has > > decided to drop the idea after earlier saying it would be beneficial, > > and seems some people have been waiting for long time for no reason, > > so maybe time to consider all other options, including server software. > > Oh, grow up. > Good 'ol charlie boy, you still havnt learnt have you, maybe you should grow up and stop telling anyone who disagrees with you to " grow up" There is nothing wrong with Nicks statement about considering all options, in fact any executive officer would expect that of people in sys admin positions, if something does not do what you need, find something that does, fanboi-ism and loyalty dont cut it in teh real world Changes never come about unless you put a case forward, which is what four people at least have done so now in this thread, and at least two others who have under a previous thread, so maybe call it six, take into account the number of members on this list who use multiple boxes with databases, then look at the number of those who are not members of this list who use the software, the OP of this thread made mention of twitter, and had replies there. > I can see if this was something that was super critical to a functioning how the fark would you know little SOHO boy whgat is critical to anyone else's operations, when you become responsible for a decent size network which demands 5 9's uptime, maybe then, and only then, will people take your little tangents more seriously, Harold and the OP have already stated, as have I, why such a function in its current state, is flawed. Daniel's comment about mysqlproxy is a good interim bandaid fix, but is not suited as long term fix since it adds extra link in the chain which leads to extra point of failure, be it through program error or exploit, I know that Wietse and Timo take security seriously, far more so than Oracle. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From noel.butler at ausics.net Fri May 31 03:05:56 2013 From: noel.butler at ausics.net (Noel Butler) Date: Fri, 31 May 2013 10:05:56 +1000 Subject: [Dovecot] Dovecot mysql replication In-Reply-To: <51A74FC2.4020104@sys4.de> References: <519F1D62.5070700@sys4.de> <20130526153321.GA27814@daniel.localdomain> <1369782570.3886.5.camel@tardis> <46575A3A-75D8-41FB-98AA-44A5128ED640@iki.fi> <51A5BC80.3050609@thelounge.net> <51A6CA9F.1080405@sys4.de> <51A72FD2.2040709@thelounge.net> <51A74FC2.4020104@sys4.de> Message-ID: <1369958756.4628.35.camel@tardis> On Thu, 2013-05-30 at 15:10 +0200, Robert Schetterer wrote: > Hi Harald, if you declare this broken, why not fix it yourself, instead > of barking to the moon, however the current behave should be written in > the wiki, to avoid recover the same questions on the list in periods > Question Robert, if you think something is amiss with bit of software, or think it can be enhanced by a feature, say with dovecot or postfix, or mysql, what do you do? I bet you do not develop the code and submit it, most system admins would not, you ask the dev team but putting your case forward to them, showing justification if need by why feature is good/bad blah blah blah, so why if tis does not affect you, do you pop in with comments saying those people are just barking to the moon... You and others, namely Mr Marcus, should think about that before you put your fingers back on your keyboard with any reply. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From eric at ericabrahamsen.net Fri May 31 03:36:19 2013 From: eric at ericabrahamsen.net (Eric Abrahamsen) Date: Fri, 31 May 2013 08:36:19 +0800 Subject: [Dovecot] recursive mail_location? References: <87obbt42oy.fsf@ericabrahamsen.net> <1579535.YRSr3nuAER@karol1-530u3c-530u4c> Message-ID: <87wqqggf3w.fsf@ericabrahamsen.net> Karol Jurak writes: > On Thursday 30 of May 2013 10:33:01 Eric Abrahamsen wrote: >> Does anyone have a recommended way of handling this? Is it possible to >> either "flatten" the structure further, or somehow tell dovecot to >> recurse into directories? I don't mind having a separate gnus server >> for each mail account, but I'd hate to have to do one per mailbox. > > Maybe setting LAYOUT=fs (and possibly DIRNAME) in mail_location could > somehow help you? > > More on this settings is here: > > http://wiki2.dovecot.org/MailLocation/Maildir Thanks for this! I've tried a couple of different things now. With the original mbsync invocation (a top-level ~/.mail, one subdir per account, another subdir per mailbox), I tried one of these per account, in gnus: "/usr/lib/dovecot/imap -o mail_location=maildir:$HOME/.mail/acc1/:LAYOUT=fs" I get this: .mail ??? acc1 ? ??? cur ? ??? dovecot.index.log ? ??? dovecot-uidlist ? ??? dovecot-uidvalidity ? ??? dovecot-uidvalidity.51a7e756 ? ??? [Gmail].Drafts ? ? ??? cur ? ? ??? new ? ? ??? tmp ? ??? [Gmail].Important ? ? ??? cur ? ? ??? new ? ? ??? tmp ? ??? [Gmail].Sent Mail ? ? ??? cur ? ? ??? dovecot.index.cache ? ? ??? dovecot.index.log ? ? ??? dovecot-uidlist ? ? ??? new ? ? ??? tmp ? ??? Inbox ? ? ??? cur ? ? ??? new ? ? ??? tmp ? ? (the other usual boxes) ? ??? new ? ??? tmp (repeat for other accounts, all exactly the same) So dovecot makes top-level {cur,new,tmp} directories, but there's nothing in them. In the mailboxes, only [Gmail].Sent Mail seems to be properly read. Inside Gnus, only Inbox and [Gmail].Sent Mail are listed as available boxes, and only Sent Mail actually has mail in it. Inbox reports as empty (though there are plenty of messages in the "cur" directory). Then I tried changing the dovecot invocations to this: "/usr/lib/dovecot/imap -o mail_location=maildir:$HOME/.mail/:LAYOUT=fs:DIRNAME=acc1" So each invocation has the same maildir path, but a different account name in DIRNAME. That got me this: .mail ??? acc1 ? ??? [Gmail].Drafts ? ? ??? cur ? ? ??? new ? ? ??? tmp ? ??? [Gmail].Important ? ? ??? cur ? ? ??? new ? ? ??? tmp ? ? Other boxes ? ??? Inbox ? ??? cur ? ??? new ? ??? tmp ??? dovecot.mailbox.log ??? dovecot-uidvalidity ??? dovecot-uidvalidity.51a7eea4 ??? acc2 ? ??? [Gmail].Drafts ? ? ??? cur ? ? ??? new ? ? ??? tmp ? ??? [Gmail].Important ? ? ??? cur ? ? ??? new ? ? ??? tmp ? ? Other boxes ? ??? Inbox ? ??? cur ? ??? new ? ??? tmp ??? INBOX ? ??? acc1 ? ? ??? cur ? ? ??? dovecot.index.log ? ? ??? dovecot-uidlist ? ? ??? new ? ? ??? tmp ? ??? acc2 ? ??? cur ? ??? dovecot.index.log ? ??? dovecot-uidlist ? ??? new ? ??? tmp Now *only* the INBOX for each account shows up in gnus, but it's still empty. Sorry for this monster posting, but I feel like this would all line up properly with the right tweaks, either in mbsync or dovecot -- I just don't know how. Any further advice would be much appreciated! Eric From arung at cdac.in Fri May 31 10:57:15 2013 From: arung at cdac.in (Arun Gupta) Date: Fri, 31 May 2013 13:27:15 +0530 (IST) Subject: [Dovecot] dovecot Digest, Vol 121, Issue 84 In-Reply-To: References: Message-ID: Thanks...... On Fri, 31 May 2013, dovecot-request at dovecot.org wrote: > Send dovecot mailing list submissions to > dovecot at dovecot.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://dovecot.org/cgi-bin/mailman/listinfo/dovecot > or, via email, send a message with subject or body 'help' to > dovecot-request at dovecot.org > > You can reach the person managing the list at > dovecot-owner at dovecot.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of dovecot digest..." > > > Today's Topics: > > 1. Re: IMAP QUOTA (Steffen) > 2. Settings: Dovecot + NTLM + Single Sing On + Windows + Outlook > or Thunderbird. (Maria Jose Ya?ez Dacosta) > 3. Re: Settings: Dovecot + NTLM + Single Sing On + Windows + > Outlook or Thunderbird. (Charles Marcus) > 4. Re: IMAP QUOTA (Timo Sirainen) > 5. Re: Settings: Dovecot + NTLM + Single Sing On + Windows + > Outlook or Thunderbird. (Maria Jose Ya?ez Dacosta) > 6. Re: Dovecot mysql replication (Robert Schetterer) > 7. Re: Dovecot mysql replication (Noel Butler) > 8. Re: Dovecot mysql replication (Noel Butler) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 30 May 2013 17:09:27 +0200 > From: Steffen > To: Dovecot Mailing List > Subject: Re: [Dovecot] IMAP QUOTA > Message-ID: <51A76BA7.8040501 at smail.inf.fh-brs.de> > Content-Type: text/plain; charset=ISO-8859-1 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Arun Gupta wrote: >> >> I read about Snarf plugin, it works if the mail already in spool >> area, but I want to know whether it is possible if users quota >> exceeded then instead of mail rejected it should delived to user >> spool area or somewhere else. > > I understand and you should consider Charles' advice :-) > > This is something your MDA should do. Neither the Dovecot LMTP server > nor the current Dovecot deliver can do so. But deliver is rather > small, so you could hack it in. > > Or use Dovecot deliver in combination with Snarf and a MDA wrapper, e.g.: > > The wrapper script first checks, if the recipient is over quota, in > that case use another maildrop programm, such as procmail, that > delivers the message to a spool area; otherwise call Dovecot deliver > with the usual arguments. Or if you call Dovecot deliver and it exits > with exit code 69 (Tempfailure), call that other MDA. > > Then let Snarf pull the messages into the INBOX next time. > > - -- > Steffen > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (Darwin) > Comment: Using GnuPG with undefined - http://www.enigmail.net/ > > iQEVAwUBUadrp13r2wJMiz2NAQIpiAf+JSeuZns89NoJV5aW2Li4myLp209HycHt > j3varTiBYgekw1vMAhDXYH/RKnMwWlOFSe15YIMTcCIY8gjTIqCx6YA/W1cJVZL+ > 3zRVA/75t3CsAFx70/+fecrZJnY6u0Ok7VUXJ4DAxdJgsOyqXZy9/6bt+t43TcaT > pUlug3nAmIP9GwZ2GQFGkEFxfD74EPVRVg8opAZzTaSPuv/IfKsC8f4RA64JtQ2S > EACc/nEC4xVmjDAz/9cpLLsWiLlYfy/cEDIw49XA2MrQsIIS7qkHcDLawuqsVsAk > HHXX/iqmcRBtznpO94XS9SCtvUa/5fDkVYv56uuDazEHpy4urBrtyA== > =Qo2f > -----END PGP SIGNATURE----- > > > ------------------------------ > > Message: 2 > Date: Thu, 30 May 2013 12:34:24 -0300 > From: Maria Jose Ya?ez Dacosta > To: dovecot at dovecot.org > Subject: [Dovecot] Settings: Dovecot + NTLM + Single Sing On + Windows > + Outlook or Thunderbird. > Message-ID: > > Content-Type: text/plain; charset="iso-8859-1" > > I am following the steps listed in: > http://wiki.dovecot.org/HowTo/ActiveDirectoryNtlm > > My goal is to have single sign-on for Microsoft Outlook applications. > > I working and I have some doubts since I never set up an imap server, hope > I can help :). > > The version that I have installed is devecot 2.0.9. > > "dovecot -n" shows the following: > > # 2.0.9: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-71.el6.x86_64 x86_64 CentOS release 6.4 (Final) > auth_use_winbind = yes > mbox_write_locks = fcntl > passdb { > driver = pam > } > protocols = imap pop3 > ssl = no > userdb { > args = uid=10000 gid=10000 home=/mail/%d/%n > driver = static > } > > I show what I have in /etc/samba/smb.conf > > [global] > workgroup = EJEMPLO > realm = EJEMPLO.COM.UY > server string = %h (Samba %v) > security = ADS > password server = ad.domain.dom > username map = /etc/samba/mapeousuarios > map untrusted to domain = Yes > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > name resolve order = wins host bcast > local master = No > domain master = No > dns proxy = No > wins server = here active directory ip > panic action = /usr/share/samba/panic-action %d > winbind separator = + > winbind use default domain = Yes > winbind rpc only = Yes > idmap config * : range = 1200-3000 > idmap config * : backend = tdb > > [usuarios3] > path = /exports/archivos-usuarios > read only = No > map acl inherit = Yes > store dos attributes = Yes > > > "wbinfo -g" and "wbinfo -u" work well. > > kinit Administrator work well also. > > Some steps of the configuration in dovecot.conf does not recognize: > > 1) "protocols = imap imaps pop3 pop3s". > > 2) "mechanisms = plain ntlm login". > > 3) "allow_all_users=yes" y > "mail=maildir:/home/vmail/%d/%1Ln/%Ln:INBOX=/home/vmail/%d/%1Ln/%Ln". > > I'm not sure I should put in place. > > I also have some doubts: > > 1) I have to create a keytab file containing the principal for > imap and pop?, as it would indicate Dovecot?. > > 2) That should indicate values uid y el gid? > > 3) I have to set something in pam? > > if I make "telnet localhost imap" shows the following: > > OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > AUTH=PLAIN] Dovecot ready > > NTLM not appears in the options. > > I hope I can shed some light on the subject :) Thanks and greetings. > > > -- Regards, Arun Kumar Gupta Mail Administrator National PARAM Supercomputing Facility (NPSF) Centre for Development of Advanced Computing Ganeshkhind Road Pune University Campus PUNE-Maharastra Phone : +91-20-25704347 WEB : http://www.cdac.in/ ------------------------------------------------------------------------------------------------------------------------------- This e-mail is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies and the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email is strictly prohibited and appropriate legal action will be taken. ------------------------------------------------------------------------------------------------------------------------------- From tol at kth.se Fri May 31 12:00:43 2013 From: tol at kth.se (Tomas Olsson) Date: Fri, 31 May 2013 09:00:43 +0000 Subject: [Dovecot] dsync assert failure in 2.2.2 In-Reply-To: <6EA5D2AF40F2C948A46828308DB8AFEF2EE629C1@EXDB1.ug.kth.se> References: <6EA5D2AF40F2C948A46828308DB8AFEF2EE629C1@EXDB1.ug.kth.se> Message-ID: <6EA5D2AF40F2C948A46828308DB8AFEF2EE629DF@EXDB1.ug.kth.se> Hi, with 2.2.2 and today's hg, dsync crashes with dsync(root): Panic: file ../../../../../src/lib-storage/index/mbox/mbox-lock.c: line 797 (mbox_lock): assertion failed: (lock_type == F_RDLCK || mbox->mbox_lock_type != F_RDLCK) when I run USER=root 2.2-hg/bin/dsync -c etc/dovecot.conf -f -o mail_location=mbox:/tmp/imap/fwadmin.tmp:INBOX=/tmp/imap/fwadmin.tmp/INBOX mirror mdbox:/tmp/imap/fwadmin It seems to happen for all mailboxes that are not empty. 2.2.1 completes the conversion without any complaints. config: # 2.2.2 (a3b5b762639a): etc/dovecot.conf # OS: Linux 3.2.0-32-generic i686 Ubuntu 12.04.2 LTS default_internal_user = nobody default_login_user = nobody Backtrace (hg version): #0 i_panic (format=0x252530 "file %s: line %d (%s): assertion failed: (%s)") at ../../../src/lib/failures.c:255 #1 0x001c643f in mbox_lock (mbox=0x80d9b40, lock_type=, lock_id_r=0x811352c) at ../../../../../src/lib-storage/index/mbox/mbox-lock.c:797 #2 0x001c695c in mbox_mail_seek (mail=0x81188e0) at ../../../../../src/lib-storage/index/mbox/mbox-mail.c:82 #3 0x001c6ee1 in mbox_mail_init_stream (mail=0x81188e0) at ../../../../../src/lib-storage/index/mbox/mbox-mail.c:335 #4 mbox_mail_get_stream (_mail=0x81188e0, get_body=false, hdr_size=0x0, body_size=0x0, stream_r=0xbffff77c) at ../../../../../src/lib-storage/index/mbox/mbox-mail.c:375 #5 0x001e65b0 in mail_get_hdr_stream (mail=0x81188e0, hdr_size=0x0, stream_r=0xbffff77c) at ../../../src/lib-storage/mail.c:226 #6 0x00215532 in index_mail_get_header_stream (_mail=0x81188e0, headers=0x8106fd0, stream_r=0xbffff7e0) at ../../../../src/lib-storage/index/index-mail-headers.c:837 #7 0x001e649d in mail_get_header_stream (mail=0x81188e0, headers=0x8106fd0, stream_r=0xbffff7e0) at ../../../src/lib-storage/mail.c:190 #8 0x08084bf2 in dsync_mail_get_hdr_hash (mail=0x81188e0, hdr_hash_r=0xbffff8ec) at ../../../../src/doveadm/dsync/dsync-mail.c:32 #9 0x080736a8 in importer_try_next_mail (wanted_uid=1, importer=0x81136e0) at ../../../../src/doveadm/dsync/dsync-mailbox-import.c:515 #10 importer_next_mail (importer=0x81136e0, wanted_uid=1) at ../../../../src/doveadm/dsync/dsync-mailbox-import.c:536 #11 0x0807729a in dsync_mailbox_import_changes_finish (importer=0x81136e0) at ../../../../src/doveadm/dsync/dsync-mailbox-import.c:1754 #12 0x08072e3b in dsync_brain_recv_mail_change (brain=0x80beaf8) at ../../../../src/doveadm/dsync/dsync-brain-mails.c:102 #13 dsync_brain_sync_mails (brain=0x80beaf8) at ../../../../src/doveadm/dsync/dsync-brain-mails.c:319 #14 0x0806f11b in dsync_brain_run_real (changed_r=0xbffffae6, brain=0x80beaf8) at ../../../../src/doveadm/dsync/dsync-brain.c:440 #15 dsync_brain_run (brain=0x80beaf8, changed_r=0xbffffae6) at ../../../../src/doveadm/dsync/dsync-brain.c:469 #16 0x0806d1ef in cmd_dsync_run_local (ibc2=0x80be8d8, brain=0x80beaf8, user=0x80ba8f0, ctx=0x80b2ca8) at ../../../../src/doveadm/dsync/doveadm-dsync.c:356 #17 cmd_dsync_run (_ctx=0x80b2ca8, user=0x80ba8f0) at ../../../../src/doveadm/dsync/doveadm-dsync.c:543 #18 0x08055424 in doveadm_mail_next_user (error_r=0xbffffbcc, ctx=0x80b2ca8, input=) at ../../../src/doveadm/doveadm-mail.c:308 #19 doveadm_mail_next_user (ctx=0x80b2ca8, input=, error_r=0xbffffbcc) at ../../../src/doveadm/doveadm-mail.c:267 #20 0x080560fc in doveadm_mail_cmd (argv=0x80af1ec, argc=, cmd=0x80b226c) at ../../../src/doveadm/doveadm-mail.c:517 #21 doveadm_mail_try_run (cmd_name=0x80af286 "sync", argc=3, argv=0x80af1e4) at ../../../src/doveadm/doveadm-mail.c:609 #22 0x08055046 in main (argc=3, argv=0x80af1e4) at ../../../src/doveadm/doveadm.c:398 I'm attaching the mbox file. /t -------------- next part -------------- A non-text attachment was scrubbed... Name: INBOX Type: application/octet-stream Size: 788 bytes Desc: INBOX URL: From pw at wk-serv.de Fri May 31 12:57:37 2013 From: pw at wk-serv.de (Patrick Westenberg) Date: Fri, 31 May 2013 11:57:37 +0200 Subject: [Dovecot] Load Balancing and HA In-Reply-To: <408_1369775960_51A51F58_408_11_1_0b5401ce5be9$9998ab30$ccca0190$@h-st.com> References: <408_1369775960_51A51F58_408_11_1_0b5401ce5be9$9998ab30$ccca0190$@h-st.com> Message-ID: <51A87411.7070301@wk-serv.de> Romer Ventura schrieb: > Scenario1: This should allow any to lose any of the servers and clients > still have access to their emails (although I am not sure how the indexes > would react to this and sudden disconnection) > > - 2 Dovecot Proxy servers, using a virtual IP to where the clients > will connect to from the WAN and LAN > > - 2 Dovecot+Postfix servers with local cache Your proxy won't reconnect a user to backend B if the backend A fails. From Olivier.Girard at univ-angers.fr Fri May 31 13:52:41 2013 From: Olivier.Girard at univ-angers.fr (Olivier Girard) Date: Fri, 31 May 2013 12:52:41 +0200 Subject: [Dovecot] Configuration advice needed. Message-ID: <51A880F9.80902@univ-angers.fr> Hello, First, thanks for this great piece of software. I'm new to dovecot and i've just converted my old courier configuration on pop/imap server side, everithing is working just fine on this side and speed gain expected was found (not enough for our busy servers :). Setup is done with 3 dovecot virtual servers load balanced with a Hardware load balancer (this part is a big point of the question). Postfix and dovecot servers use an NFS share on a NetApp for mail, Postfix servers are writting directly to inbox maildirs. Load balanced is maintaining afinity betwen client and server so i've got no problem with this for the moment. Now, i want to setup postfix (3 HW load balanced) for local delivery with LMTP on deovecot servers, and here come my questions. Afinity can't be maintained between IMAP and LMTP for a user with my load balancer so mail can be delivered on dovecot01 and read on dovecot02, from what i've read this can be an issue with indexes. I think i need to setup a director to maintain LMTP and IMAP afinity between users and servers but on imap servers i'm identifying user with their UID, and LMTP need to see emails. Does dovecot see the same user or 2 users with the same homedir? So my question is: could you point me to the right direction with this setup, do you have any advice on this config. Actual configurations: (postlogin not in real use, just a touch on (imap/pop3)_last_login) POP/IMAP server: dovecot01# doveconf -n # 2.1.15: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.3-RELEASE-p3 amd64 auth_cache_negative_ttl = 0 auth_cache_size = 10 M auth_mechanisms = plain login auth_verbose = yes default_client_limit = 1500 default_process_limit = 500 default_vsz_limit = 1 G disable_plaintext_auth = no dotlock_use_excl = no lock_method = dotlock mail_fsync = always mail_gid = vmail mail_location = maildir:%h/Maildir:INDEX=/mail_index%h mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = " stats" mail_uid = vmail mmap_disable = yes namespace { inbox = yes location = prefix = INBOX. separator = . } passdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { stats_refresh = 30 secs stats_track_cmds = yes } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } user = $default_internal_user } service imap-postlogin { executable = script-login /usr/local/bin/imap-postlogin.sh user = vmail } service imap { executable = imap imap-postlogin process_limit = 1024 } service pop3-postlogin { executable = script-login /usr/local/bin/pop3-postlogin.sh user = vmail } service pop3 { executable = pop3 pop3-postlogin process_limit = 1024 } service stats { fifo_listener stats-mail { mode = 0600 user = vmail } } ssl_cert = References: <408_1369775960_51A51F58_408_11_1_0b5401ce5be9$9998ab30$ccca0190$@h-st.com> <51A87411.7070301@wk-serv.de> Message-ID: <357f21a54e272af6a629ff7657eae27c@cymail.eu> On 31-05-2013 12:57, Patrick Westenberg wrote: > Romer Ventura schrieb: > >> Scenario1: This should allow any to lose any of the servers and >> clients >> still have access to their emails (although I am not sure how the >> indexes >> would react to this and sudden disconnection) >> >> - 2 Dovecot Proxy servers, using a virtual IP to where the >> clients >> will connect to from the WAN and LAN >> >> - 2 Dovecot+Postfix servers with local cache > > Your proxy won't reconnect a user to backend B if the backend A > fails. But doesn't that depend on how the vitual IP is managed ie what kind of system is behind it? For example a simple heartbeat setup would correct this at the cost of one machine sitting idle. Other setups using load balancers can correct this. There is a better solution using the Director service of Dovecot where users are assigned to one of several bacend machines and disconnected when idle. Even, there is a script that monitors the health of the Director backends and adjusts accordingly (which I haven't personally tried yet). See http://wiki2.dovecot.org/Director http://www.dovecot.org/list/dovecot/2010-August/051946.html From heshiming at gmail.com Fri May 31 16:33:03 2013 From: heshiming at gmail.com (He Shiming) Date: Fri, 31 May 2013 21:33:03 +0800 Subject: [Dovecot] dovecot-lmtp does not work Message-ID: Dear Community, I've got a weird problem regarding lmtp setup with dovecot 2.0.19 on ubuntu 12.04.2 LTS. My reference of the configuration is at https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql , and my configuration is identical to it with the exception of opening the 110 pop3 port, and enabling plain text auth. Everything from imap, smtp, pop3 (including auth) works except for lmtp. I saw thousands of the following messages in /var/log/mail.log: May 31 09:05:24 postfix/lmtp[3664]: 2FD80321F4: to=, relay=none, delay=0.41, delays=0.41/0/0/0, dsn=4.4.1, status=deferred (connect to me.com[private/dovecot-lmtp]: No such file or directory) And it happens when an incoming email is received. Here's the output of configuration: root at prosp:/etc/dovecot/conf.d# dovecot -n # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.8.4-linode50 i686 Ubuntu 12.04.2 LTS ext3 auth_mechanisms = plain login disable_plaintext_auth = no mail_location = maildir:/var/mail/vhosts/%d/%n mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 sieve service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service imap-login { inet_listener imap { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3 { port = 110 } } ssl_cert = was automatically rejected:%n%r } This problem has been discussed here: http://serverfault.com/questions/512219/dovecot-lmtp-does-not-exist . I've then tried switching from unix socket to inet listener, and still got the same result. I cannot get lmtp service to start. I'm also seeing no errors in the log when dovecot is restarted (see the above link for the log). I'm wondering how do I go about troubleshooting this problem? What might be the possible cause? Is it possible for dovecot to output verbose logs regarding service startups? Thank you. -- Best regards, He Shiming *Kaoya.me | Goals.io | Toppin'Wiper | MediaMan * From tss at iki.fi Fri May 31 16:41:15 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 31 May 2013 16:41:15 +0300 Subject: [Dovecot] LDA/LMTP - saving to INBOX fallback on tempfail? Message-ID: <95826BD9-3DE8-470B-8D66-E618DF5C6E9C@iki.fi> Currently if saving to mailbox fails for any reason, the mail is saved to INBOX instead. Same if a Sieve redirect fails, the mail is saved to INBOX. I'm wondering if anyone actually prefers this behavior when the error is temporary? For example if some index file corruption was detected, the save will most likely succeed the next time it's attempted. Or if the redirect fails because the SMTP server can't be connected to at the moment. So I was thinking about changing v2.2 LDA/LMTP to simply return temporary failure instead of saving the mail to INBOX. From larryrtx at gmail.com Fri May 31 16:44:52 2013 From: larryrtx at gmail.com (Larry Rosenman) Date: Fri, 31 May 2013 08:44:52 -0500 Subject: [Dovecot] LDA/LMTP - saving to INBOX fallback on tempfail? In-Reply-To: <95826BD9-3DE8-470B-8D66-E618DF5C6E9C@iki.fi> References: <95826BD9-3DE8-470B-8D66-E618DF5C6E9C@iki.fi> Message-ID: I think I like the temporary failure idea. BUT, please make sure to log all pertinent information to maillog so the admin/user can fix it if it's not something that is automatically fixed. I.E. permissions, etc. Thanks! Love dovecot btw. works great in my setup (FreeBSD/ZFS/mbox/LDA/Exim). On Fri, May 31, 2013 at 8:41 AM, Timo Sirainen wrote: > Currently if saving to mailbox fails for any reason, the mail is saved to > INBOX instead. Same if a Sieve redirect fails, the mail is saved to INBOX. > I'm wondering if anyone actually prefers this behavior when the error is > temporary? For example if some index file corruption was detected, the save > will most likely succeed the next time it's attempted. Or if the redirect > fails because the SMTP server can't be connected to at the moment. So I was > thinking about changing v2.2 LDA/LMTP to simply return temporary failure > instead of saving the mail to INBOX. > > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 430 Valona Loop, Round Rock, TX 78681-3893 From tss at iki.fi Fri May 31 16:51:27 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 31 May 2013 16:51:27 +0300 Subject: [Dovecot] LDA/LMTP - saving to INBOX fallback on tempfail? In-Reply-To: References: <95826BD9-3DE8-470B-8D66-E618DF5C6E9C@iki.fi> Message-ID: <2096A356-C43C-4554-A320-DD2CE7F3FE28@iki.fi> On 31.5.2013, at 16.44, Larry Rosenman wrote: > I think I like the temporary failure idea. BUT, please make sure to log > all pertinent information to maillog so the admin/user can fix it if it's > not something that is automatically fixed. Sure, error logging would work as it does now. > I.E. permissions, etc. Permission error isn't actually a temporary failure. In that situation the mail would be delivered to INBOX. A temporary error is only something that really should fix itself by waiting/retrying, without the user or sysadmin having to do anything specific to that user. > Thanks! Love dovecot btw. works great in my setup > (FreeBSD/ZFS/mbox/LDA/Exim). > > > > On Fri, May 31, 2013 at 8:41 AM, Timo Sirainen wrote: > >> Currently if saving to mailbox fails for any reason, the mail is saved to >> INBOX instead. Same if a Sieve redirect fails, the mail is saved to INBOX. >> I'm wondering if anyone actually prefers this behavior when the error is >> temporary? For example if some index file corruption was detected, the save >> will most likely succeed the next time it's attempted. Or if the redirect >> fails because the SMTP server can't be connected to at the moment. So I was >> thinking about changing v2.2 LDA/LMTP to simply return temporary failure >> instead of saving the mail to INBOX. >> >> > > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com > US Mail: 430 Valona Loop, Round Rock, TX 78681-3893 From blevi.linux at gmail.com Fri May 31 16:52:13 2013 From: blevi.linux at gmail.com (Birta Levente) Date: Fri, 31 May 2013 16:52:13 +0300 Subject: [Dovecot] LDA/LMTP - saving to INBOX fallback on tempfail? In-Reply-To: <95826BD9-3DE8-470B-8D66-E618DF5C6E9C@iki.fi> References: <95826BD9-3DE8-470B-8D66-E618DF5C6E9C@iki.fi> Message-ID: <51A8AB0D.2070507@gmail.com> On 31/05/2013 16:41, Timo Sirainen wrote: > Currently if saving to mailbox fails for any reason, the mail is saved to INBOX instead. Same if a Sieve redirect fails, the mail is saved to INBOX. I'm wondering if anyone actually prefers this behavior when the error is temporary? For example if some index file corruption was detected, the save will most likely succeed the next time it's attempted. Or if the redirect fails because the SMTP server can't be connected to at the moment. So I was thinking about changing v2.2 LDA/LMTP to simply return temporary failure instead of saving the mail to INBOX. > What about configurable save_to_inbox_if_tmperror = yes / no ? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3889 bytes Desc: S/MIME Cryptographic Signature URL: From larryrtx at gmail.com Fri May 31 16:53:48 2013 From: larryrtx at gmail.com (Larry Rosenman) Date: Fri, 31 May 2013 08:53:48 -0500 Subject: [Dovecot] LDA/LMTP - saving to INBOX fallback on tempfail? In-Reply-To: <2096A356-C43C-4554-A320-DD2CE7F3FE28@iki.fi> References: <95826BD9-3DE8-470B-8D66-E618DF5C6E9C@iki.fi> <2096A356-C43C-4554-A320-DD2CE7F3FE28@iki.fi> Message-ID: Ok. Wasn't sure. I've seen my filter rules screw up, and not have a mailbox, or bad perms on the mailbox, and those went to INBOX, and if that continued to happen, I'm fine with that too. Thanks! On 5/31/13, Timo Sirainen wrote: > On 31.5.2013, at 16.44, Larry Rosenman wrote: > >> I think I like the temporary failure idea. BUT, please make sure to log >> all pertinent information to maillog so the admin/user can fix it if it's >> not something that is automatically fixed. > > Sure, error logging would work as it does now. > >> I.E. permissions, etc. > > Permission error isn't actually a temporary failure. In that situation the > mail would be delivered to INBOX. A temporary error is only something that > really should fix itself by waiting/retrying, without the user or sysadmin > having to do anything specific to that user. > >> Thanks! Love dovecot btw. works great in my setup >> (FreeBSD/ZFS/mbox/LDA/Exim). >> >> >> >> On Fri, May 31, 2013 at 8:41 AM, Timo Sirainen wrote: >> >>> Currently if saving to mailbox fails for any reason, the mail is saved >>> to >>> INBOX instead. Same if a Sieve redirect fails, the mail is saved to >>> INBOX. >>> I'm wondering if anyone actually prefers this behavior when the error is >>> temporary? For example if some index file corruption was detected, the >>> save >>> will most likely succeed the next time it's attempted. Or if the >>> redirect >>> fails because the SMTP server can't be connected to at the moment. So I >>> was >>> thinking about changing v2.2 LDA/LMTP to simply return temporary failure >>> instead of saving the mail to INBOX. >>> >>> >> >> >> -- >> Larry Rosenman http://www.lerctr.org/~ler >> Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com >> US Mail: 430 Valona Loop, Round Rock, TX 78681-3893 > > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 430 Valona Loop, Round Rock, TX 78681-3893 From tss at iki.fi Fri May 31 16:55:53 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 31 May 2013 16:55:53 +0300 Subject: [Dovecot] LDA/LMTP - saving to INBOX fallback on tempfail? In-Reply-To: <51A8AB0D.2070507@gmail.com> References: <95826BD9-3DE8-470B-8D66-E618DF5C6E9C@iki.fi> <51A8AB0D.2070507@gmail.com> Message-ID: <053A98F5-20E6-4A3D-B33D-7391F9B12A5C@iki.fi> On 31.5.2013, at 16.52, Birta Levente wrote: > On 31/05/2013 16:41, Timo Sirainen wrote: >> Currently if saving to mailbox fails for any reason, the mail is saved to INBOX instead. Same if a Sieve redirect fails, the mail is saved to INBOX. I'm wondering if anyone actually prefers this behavior when the error is temporary? For example if some index file corruption was detected, the save will most likely succeed the next time it's attempted. Or if the redirect fails because the SMTP server can't be connected to at the moment. So I was thinking about changing v2.2 LDA/LMTP to simply return temporary failure instead of saving the mail to INBOX. >> > > What about configurable save_to_inbox_if_tmperror = yes / no ? I'll add that if someone can tell me a good reason why they would ever want to set it to "yes". I try to avoid adding settings that nobody uses. From michael.miller at 12mm.net Fri May 31 21:23:57 2013 From: michael.miller at 12mm.net (Michael Miller) Date: Fri, 31 May 2013 20:23:57 +0200 Subject: [Dovecot] imapc "moving email to another folder" crashes Message-ID: Hello List, I am having the same problem with dovecot 2.2.1 on RHEL and dovecot 2.2.2 on FreeBSD and the imapc proxy. moving eMail from one folder to another folder. the error is reproducible. Logfile RHEL/Dovecot 2.2.1: May 31 19:57:45 imap(mail at --------.com): Panic: file mail-storage.c: line 2100 (mailbox_copy): assertion failed: (!ctx->unfinished) May 31 19:57:45 imap(mail at --------.com): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x5f68a) [0x7fd60b76a68a] -> /usr/lib64/dovecot/libdovecot.so.0(+0x5f6d6) [0x7fd60b76a6d6] -> /usr/lib64/dovecot/libdovecot.so.0(+0x1fffa) [0x7fd60b72affa] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x792f2) [0x7fd60ba402f2] -> dovecot/imap() [0x40bebb] -> dovecot/imap(command_exec+0x3d) [0x41502d] -> dovecot/imap() [0x414190] -> dovecot/imap() [0x41427d] -> dovecot/imap(client_handle_input+0x11d) [0x4144fd] -> dovecot/imap(client_input+0x6f) [0x41486f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7fd60b7799d6] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0xa7) [0x7fd60b77aa87] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7fd60b779978] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fd60b72fa63] -> dovecot/imap(main+0x2a9) [0x41dcf9] -> /lib64/libc.so.6(__libc_start_main+0xfd) [0x7fd60b396cdd] -> dovecot/imap() [0x40a579] May 31 19:57:45 imap(mail at --------.com): Fatal: master: service(imap): child 27742 killed with signal 6 (core dumped) Logfile FreeBSD / Dovecot 2.2.2: May 31 19:53:41 imap(mail at --------.com): Panic: file mail-storage.c: line 2105 (mailbox_copy): assertion failed: (!ctx->unfinished) May 31 19:53:41 imap(mail at --------.com): Fatal: master: service(imap): child 2077 killed with signal 6 (core not dumped) the configuration is more or less the same on both: # 2.2.1: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.6.2.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_mechanisms = plain login first_valid_uid = 97 imapc_host = imap.upstreamserver.com log_path = /var/log/dovecot.log mail_gid = dovecot mail_home = /clusterdata2/imapcache/%u mail_location = imapc:~/imapc mail_uid = dovecot passdb { args = host=imap.upstreamserver.com default_fields = userdb_imapc_user=%u userdb_imapc_password=%w driver = imap } protocols = imap service auth { unix_listener auth-client { mode = 0666 user = dovecot } } service imap { drop_priv_before_exec = yes } ssl_cert = This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /usr/libexec/dovecot/imap...(no debugging symbols found)...done. [New Thread 27742] Reading symbols from /usr/lib64/dovecot/libdovecot-storage.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/dovecot/libdovecot-storage.so.0 Reading symbols from /usr/lib64/dovecot/libdovecot.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/dovecot/libdovecot.so.0 Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/librt.so.1 Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. [Thread debugging using libthread_db enabled] Loaded symbols for /lib64/libpthread.so.0 Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_files.so.2 Reading symbols from /lib64/libgcc_s.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libgcc_s.so.1 Core was generated by `dovecot/imap'. Program terminated with signal 6, Aborted. #0 0x00007fd60b3aa8a5 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install dovecot-2.2.1-0_134.el6.x86_64 (gdb) bt full #0 0x00007fd60b3aa8a5 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x00007fd60b3ac085 in abort () from /lib64/libc.so.6 No symbol table info available. #2 0x00007fd60b76a698 in ?? () from /usr/lib64/dovecot/libdovecot.so.0 No symbol table info available. #3 0x00007fd60b76a6d6 in ?? () from /usr/lib64/dovecot/libdovecot.so.0 No symbol table info available. #4 0x00007fd60b72affa in i_panic () from /usr/lib64/dovecot/libdovecot.so.0 No symbol table info available. #5 0x00007fd60ba402f2 in mailbox_copy () from /usr/lib64/dovecot/libdovecot-storage.so.0 No symbol table info available. #6 0x000000000040bebb in ?? () No symbol table info available. #7 0x000000000041502d in command_exec () No symbol table info available. #8 0x0000000000414190 in ?? () No symbol table info available. #9 0x000000000041427d in ?? () No symbol table info available. #10 0x00000000004144fd in client_handle_input () No symbol table info available. #11 0x000000000041486f in client_input () No symbol table info available. #12 0x00007fd60b7799d6 in io_loop_call_io () from /usr/lib64/dovecot/libdovecot.so.0 No symbol table info available. #13 0x00007fd60b77aa87 in io_loop_handler_run () from /usr/lib64/dovecot/libdovecot.so.0 No symbol table info available. #14 0x00007fd60b779978 in io_loop_run () from /usr/lib64/dovecot/libdovecot.so.0 No symbol table info available. #15 0x00007fd60b72fa63 in master_service_run () from /usr/lib64/dovecot/libdovecot.so.0 No symbol table info available. #16 0x000000000041dcf9 in main () No symbol table info available. (gdb) any ideas ? From tss at iki.fi Fri May 31 21:57:36 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 31 May 2013 21:57:36 +0300 Subject: [Dovecot] imapc "moving email to another folder" crashes In-Reply-To: References: Message-ID: <954B1241-6420-40B1-AED0-D4A61A16C48D@iki.fi> On 31.5.2013, at 21.23, Michael Miller wrote: > Hello List, > > I am having the same problem with dovecot 2.2.1 on RHEL and dovecot 2.2.2 on FreeBSD and the imapc proxy. > moving eMail from one folder to another folder. the error is reproducible. > > May 31 19:57:45 imap(mail at --------.com): Panic: file mail-storage.c: line 2100 (mailbox_copy): assertion failed: (!ctx->unfinished) Yeah, I noticed a few days ago: http://hg.dovecot.org/dovecot-2.2/rev/0b02dc66e9f1 From spinner.dc at delphinidae.org.uk Fri May 31 21:59:39 2013 From: spinner.dc at delphinidae.org.uk (Andy R) Date: Fri, 31 May 2013 20:59:39 +0200 Subject: [Dovecot] dovecot-lmtp does not work In-Reply-To: References: Message-ID: <51A8F31B.904@delphinidae.org.uk> Hi there, Have you added 'lmtp' to the protocols line in dovecot.conf ? It's not listed in your doveconf -n. IE :- # Protocols we want to be serving. #protocols = imap pop3 sieve protocols = imap pop3 sieve lmtp For logging, set "mail_debug = yes" (in /etc/dovecot/conf.d/10-logging.conf on my system). On 31/05/2013 15:33, He Shiming wrote: > Dear Community, > > I've got a weird problem regarding lmtp setup with dovecot 2.0.19 on ubuntu > 12.04.2 LTS. My reference of the configuration is at > https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql , > and my configuration is identical to it with the exception of opening the > 110 pop3 port, and enabling plain text auth. Everything from imap, smtp, > pop3 (including auth) works except for lmtp. > > I saw thousands of the following messages in /var/log/mail.log: > > May 31 09:05:24 postfix/lmtp[3664]: 2FD80321F4: to=, > relay=none, delay=0.41, delays=0.41/0/0/0, dsn=4.4.1, status=deferred > (connect to me.com[private/dovecot-lmtp]: No such file or directory) > > And it happens when an incoming email is received. > > Here's the output of configuration: > > root at prosp:/etc/dovecot/conf.d# dovecot -n > # 2.0.19: /etc/dovecot/dovecot.conf > # OS: Linux 3.8.4-linode50 i686 Ubuntu 12.04.2 LTS ext3 > auth_mechanisms = plain login > disable_plaintext_auth = no > mail_location = maildir:/var/mail/vhosts/%d/%n > mail_privileged_group = mail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date ihave > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > protocols = imap pop3 sieve > service auth-worker { > user = vmail > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > unix_listener /var/spool/postfix/private/dovecot-auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > mode = 0600 > user = vmail > } > user = dovecot > } > service imap-login { > inet_listener imap { > port = 0 > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service pop3-login { > inet_listener pop3 { > port = 110 > } > } > ssl_cert = ssl_cipher_list = > ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM > ssl_key = userdb { > args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n > driver = static > } > protocol imap { > imap_client_workarounds = delay-newmail > mail_max_userip_connections = 10 > } > protocol pop3 { > mail_max_userip_connections = 10 > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } > protocol lda { > deliver_log_format = msgid=%m: %$ > mail_plugins = sieve > postmaster_address = postmaster > quota_full_tempfail = yes > rejection_reason = Your message to <%t> was automatically rejected:%n%r > } > > This problem has been discussed here: > http://serverfault.com/questions/512219/dovecot-lmtp-does-not-exist . I've > then tried switching from unix socket to inet listener, and still got the > same result. I cannot get lmtp service to start. > > I'm also seeing no errors in the log when dovecot is restarted (see the > above link for the log). > > I'm wondering how do I go about troubleshooting this problem? What might be > the possible cause? Is it possible for dovecot to output verbose logs > regarding service startups? > > Thank you. > From mariajose1982 at gmail.com Fri May 31 22:02:58 2013 From: mariajose1982 at gmail.com (=?ISO-8859-1?Q?Maria_Jose_Ya=F1ez_Dacosta?=) Date: Fri, 31 May 2013 16:02:58 -0300 Subject: [Dovecot] Settings: Dovecot + NTLM + Single Sing On + Windows + Outlook or Thunderbird. In-Reply-To: References: <51A78155.8030804@Media-Brokers.com> Message-ID: Hi!, Change the version, now I have installed the version 2.1.16. If I do "doveconf -n" it show # 2.1.16: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.6.2.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_use_winbind = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap pop3 ssl = no userdb { args = uid=10000 gid=10000 home=/mail/%d/%n allow_all_users=yes driver = static } The things I do not recognize are: mechanisms = plain ntlm login Looking at the log (In /var/log/maillog ) when I do telnet localhost imap: May 31 15:45:55 prueba-mail dovecot: master: Dovecot v2.1.16 starting up (core dumps disabled) May 31 15:46:04 prueba-mail dovecot: auth: Fatal: Support not compiled in for passdb driver 'pam' May 31 15:46:04 prueba-mail dovecot: master: Error: service(auth): command startup failed, throttling for 2 secs May 31 15:46:04 prueba-mail dovecot: imap-login: Disconnected: Auth process broken (disconnected before greeting, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session= What can be causing this error?, What should go in place of those lines that are not recognized? I'm using the how to: http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm Thank!!. 2013/5/30 Maria Jose Ya?ez Dacosta > Sorry!, And try to install the latest version and tell them. > Thanks! > > > 2013/5/30 Charles Marcus > >> The wiki link you refer to is for dovecot v1. >> >> You are using v2. >> >> Use the correct wiki link... >> >> http://wiki2.dovecot.org/**HowTo/ActiveDirectoryNtlm >> >> Also, you are using an old version of v2 - use the latest 2.1 (2.1.16), >> or better yet, the latest 2.2 (2.2.2)... >> >> Charles >> >> >> >> >> On 2013-05-30 11:34 AM, Maria Jose Ya?ez Dacosta >> wrote: >> >>> I am following the steps listed in: >>> http://wiki.dovecot.org/HowTo/**ActiveDirectoryNtlm >>> >>> My goal is to have single sign-on for Microsoft Outlook applications. >>> >>> I working and I have some doubts since I never set up an imap server, >>> hope >>> I can help :). >>> >>> The version that I have installed is devecot 2.0.9. >>> >>> "dovecot -n" shows the following: >>> >>> # 2.0.9: /etc/dovecot/dovecot.conf >>> >>> >> -- >> >> Best regards, >> >> Charles Marcus >> I.T. Director >> Media Brokers International, Inc. >> 678.514.6224 | 678.514.6299 fax >> >> >> > > > -- > Maria Jos? > -- Maria Jos? From tss at iki.fi Fri May 31 23:21:40 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 31 May 2013 23:21:40 +0300 Subject: [Dovecot] imapc - different settings for different namespaces Message-ID: <75314229-D383-4A2C-BCA7-C39F73DE8FE5@iki.fi> Originally I was planning on allowing all kinds of mail settings inside namespace {}, including imapc_* settings. But that's a bit difficult to implement (although I think it will happen some day). So for now I was thinking: imapc foo { host = imap.foo.com master_user = foomaster password = foopass } imapc bar { host = imap.bar.com ... } namespace { prefix = foo/ location = imapc:foo } namespace { prefix = bar/ location = imapc:bar } So basically if the path after imapc isn't absolute (/path or ~/path), then treat the path as the imapc section name and use its settings. Anyone have any improvement suggestions? I was planning on adding this to v2.2.3. I'm not sure if the section names should be "imapc" or something else (e.g. imap_remote {}).