From dovecot at randy.pensive.org Mon Dec 1 02:18:22 2014 From: dovecot at randy.pensive.org (Randall Gellens) Date: Sun, 30 Nov 2014 18:18:22 -0800 Subject: Unable to see virtual users In-Reply-To: References: <36D3FB12-DC31-4BA5-912B-C5815D031456@iki.fi> Message-ID: One more piece of the puzzle: the explanatory comment text in /etc/dovecot/conf.d/auth-system.conf.ext: # LDA and LMTP needs to look up users only from the userdb. This of course # doesn't work with static userdb because there is no list of users. # Normally static userdb handles this by doing a passdb lookup. This works # with most passdbs, with PAM being the most notable exception. If you do # the user verification another way, you can add allow_all_users=yes to # the args in which case the passdb lookup is skipped. This explains why the static userdb prevented the system user from being recognized, since it was in PAM not /etc/passwd. -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- The first ninety percent of the task takes ninety percent of the time, and the last ten percent takes the other ninety percent. From teemu.huovila at dovecot.fi Mon Dec 1 08:56:47 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Mon, 01 Dec 2014 10:56:47 +0200 Subject: Dovecot 2.2.15, Panic: file mbox-sync.c: line 152 (mbox_sync_read_next_mail): assertion failed: In-Reply-To: <5478BF6C.3080804@msapiro.net> References: <5478BF6C.3080804@msapiro.net> Message-ID: <547C2D4F.6040102@dovecot.fi> Please see http://dovecot.markmail.org/thread/xqu3yr52c6hjxqk2 br, Teemu Huovila From teemu.huovila at dovecot.fi Mon Dec 1 10:11:28 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Mon, 01 Dec 2014 12:11:28 +0200 Subject: v2.2.15 - make check - Conditional jump or move depends on uninitialised value In-Reply-To: <547A94B3.5030500@yahoo.com> References: <547A94B3.5030500@yahoo.com> Message-ID: <547C3ED0.8080908@dovecot.fi> On 11/30/2014 05:53 AM, AMM wrote: > __strspn_sse42 (in /lib64/libc-2.14.90.so) Is it possible that you are encountering this issue? https://bugs.kde.org/show_bug.cgi?id=270925 Either way, the error seems to stem from your libc implementation (if it is not the valgrind bug). If possible, upgrade your valgrind, libc etc. br, Teemu Huovila From ammdispose-dovecot at yahoo.com Mon Dec 1 10:41:40 2014 From: ammdispose-dovecot at yahoo.com (AMM) Date: Mon, 01 Dec 2014 16:11:40 +0530 Subject: v2.2.15 - make check - Conditional jump or move depends on uninitialised value In-Reply-To: <547C3ED0.8080908@dovecot.fi> References: <547A94B3.5030500@yahoo.com> <547C3ED0.8080908@dovecot.fi> Message-ID: <547C45E4.6020807@yahoo.com> On Monday 01 December 2014 03:41 PM, Teemu Huovila wrote: > On 11/30/2014 05:53 AM, AMM wrote: >> __strspn_sse42 (in /lib64/libc-2.14.90.so) > Is it possible that you are encountering this issue? https://bugs.kde.org/show_bug.cgi?id=270925 > Either way, the error seems to stem from your libc implementation (if it is not the valgrind bug). > > If possible, upgrade your valgrind, libc etc. > > br, > Teemu Huovila Thank you for reply. But Dovecot 2.2.10 (and earlier versions) were not throwing this error. Can I can ignore it by NOT doing "make check"? OR is it something serious that if I ignore it can corrupt mailboxes? Unfortunately for some reasons I can not update libc or valgrind. Amm From absolutely_free at libero.it Mon Dec 1 11:19:32 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Mon, 1 Dec 2014 12:19:32 +0100 (CET) Subject: SORT capability Message-ID: <1673486066.155161417432772011.JavaMail.defaultUser@defaultHost> Hi, why I don't see SORT capability on my dovecot server? # telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready. 1 capability * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 1 OK Capability completed. a logout * BYE Logging out a OK Logout completed. Connection closed by foreign host. I am using # dovecot --version 2.0.9 default CentOS rpm package. Thank you From h.reindl at thelounge.net Mon Dec 1 11:21:05 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 01 Dec 2014 12:21:05 +0100 Subject: SORT capability In-Reply-To: <1673486066.155161417432772011.JavaMail.defaultUser@defaultHost> References: <1673486066.155161417432772011.JavaMail.defaultUser@defaultHost> Message-ID: <547C4F21.50204@thelounge.net> Am 01.12.2014 um 12:19 schrieb absolutely_free at libero.it: > why I don't see SORT capability on my dovecot server? > > # telnet localhost 143 > Trying ::1... > Connected to localhost. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready. > 1 capability > * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 > 1 OK Capability completed. > a logout > * BYE Logging out > a OK Logout completed. > Connection closed by foreign host DUNNO mabye output of "dovecot -n" knows -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From absolutely_free at libero.it Mon Dec 1 11:32:16 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Mon, 1 Dec 2014 12:32:16 +0100 (CET) Subject: R: Re: SORT capability Message-ID: <1861677498.163751417433536310.JavaMail.defaultUser@defaultHost> # dovecot -n |grep -i sort (nothing) Maybe to full list is only available after authentication? # telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready. a login XXXXXXXXXXX YYYYYYYYYYYYYYYY a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in >----Messaggio originale---- >Da: h.reindl at thelounge.net >Data: 01/12/2014 12.21 >A: >Ogg: Re: SORT capability > > > >Am 01.12.2014 um 12:19 schrieb absolutely_free at libero.it: >> why I don't see SORT capability on my dovecot server? >> >> # telnet localhost 143 >> Trying ::1... >> Connected to localhost. >> Escape character is '^]'. >> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready. >> 1 capability >> * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 >> 1 OK Capability completed. >> a logout >> * BYE Logging out >> a OK Logout completed. >> Connection closed by foreign host > >DUNNO > >mabye output of "dovecot -n" knows > > From h.reindl at thelounge.net Mon Dec 1 11:37:17 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 01 Dec 2014 12:37:17 +0100 Subject: SORT capability In-Reply-To: <1861677498.163751417433536310.JavaMail.defaultUser@defaultHost> References: <1861677498.163751417433536310.JavaMail.defaultUser@defaultHost> Message-ID: <547C52ED.4080404@thelounge.net> Am 01.12.2014 um 12:32 schrieb absolutely_free at libero.it: > # dovecot -n |grep -i sort > > (nothing) i meant post the complete output you can't grep for something not existing but you or some config-include may set something wrong > Maybe to full list is only available after authentication? likely > # telnet localhost 143 > Trying ::1... > Connected to localhost. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready. > a login XXXXXXXXXXX YYYYYYYYYYYYYYYY > a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN > NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT > SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in > >> ----Messaggio originale---- >> Da: h.reindl at thelounge.net >> Data: 01/12/2014 12.21 >> A: >> Ogg: Re: SORT capability >> >> Am 01.12.2014 um 12:19 schrieb absolutely_free at libero.it: >>> why I don't see SORT capability on my dovecot server? >>> >>> # telnet localhost 143 >>> Trying ::1... >>> Connected to localhost. >>> Escape character is '^]'. >>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready. >>> 1 capability >>> * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 >>> 1 OK Capability completed. >>> a logout >>> * BYE Logging out >>> a OK Logout completed. >>> Connection closed by foreign host >> >> DUNNO >> >> mabye output of "dovecot -n" knows -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From absolutely_free at libero.it Mon Dec 1 11:41:47 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Mon, 1 Dec 2014 12:41:47 +0100 (CET) Subject: R: Re: SORT capability Message-ID: <1773824878.169941417434107075.JavaMail.defaultUser@defaultHost> Here's my conf: # dovecot -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.el6.x86_64 x86_64 CentOS release 6.6 (Final) auth_mechanisms = plain login digest-md5 cram-md5 disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 mail_gid = 89 mail_location = maildir:/coraid-s2l2/domains mail_uid = 89 maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags notify mbox_write_locks = fcntl namespace { inbox = yes location = prefix = INBOX. separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = /etc/dovecot/dovecot-sql-crypt.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_max_script_size = 1M } protocols = imap pop3 lmtp sieve service imap-login { service_count = 0 } service pop3-login { service_count = 0 } ssl_cert = ----Messaggio originale---- >Da: h.reindl at thelounge.net >Data: 01/12/2014 12.37 >A: >Ogg: Re: SORT capability > > > >Am 01.12.2014 um 12:32 schrieb absolutely_free at libero.it: >> # dovecot -n |grep -i sort >> >> (nothing) > >i meant post the complete output >you can't grep for something not existing >but you or some config-include may set something wrong > >> Maybe to full list is only available after authentication? > >likely > >> # telnet localhost 143 >> Trying ::1... >> Connected to localhost. >> Escape character is '^]'. >> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE >> STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready. >> a login XXXXXXXXXXX YYYYYYYYYYYYYYYY >> a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE >> SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN >> NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT >> SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in >> >>> ----Messaggio originale---- >>> Da: h.reindl at thelounge.net >>> Data: 01/12/2014 12.21 >>> A: >>> Ogg: Re: SORT capability >>> >>> Am 01.12.2014 um 12:19 schrieb absolutely_free at libero.it: >>>> why I don't see SORT capability on my dovecot server? >>>> >>>> # telnet localhost 143 >>>> Trying ::1... >>>> Connected to localhost. >>>> Escape character is '^]'. >>>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE >> STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready. >>>> 1 capability >>>> * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE >> STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 >>>> 1 OK Capability completed. >>>> a logout >>>> * BYE Logging out >>>> a OK Logout completed. >>>> Connection closed by foreign host >>> >>> DUNNO >>> >>> mabye output of "dovecot -n" knows > > From teemu.huovila at dovecot.fi Mon Dec 1 11:54:09 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Mon, 01 Dec 2014 13:54:09 +0200 Subject: v2.2.15 - make check - Conditional jump or move depends on uninitialised value In-Reply-To: <547C45E4.6020807@yahoo.com> References: <547A94B3.5030500@yahoo.com> <547C3ED0.8080908@dovecot.fi> <547C45E4.6020807@yahoo.com> Message-ID: <547C56E1.4020908@dovecot.fi> On 12/01/2014 12:41 PM, AMM wrote: > > On Monday 01 December 2014 03:41 PM, Teemu Huovila wrote: > But Dovecot 2.2.10 (and earlier versions) were not throwing this error. This test was added in Dovecot version 2.2.14. It is also the only reference to strspn() in the whole project. > Can I can ignore it by NOT doing "make check"? I would say you can safely ignore it, but I can give no guarantee. I have no access to a Fedora 16 system, so I can not verify it, but I would say this is most likely a manifestation of the valgrind bug I linked in my first email. You could try verification yourself, by using the "Steps to Reproduce" in the linked issue tracker. br, Teemu Huovila From ammdispose-dovecot at yahoo.com Mon Dec 1 12:36:38 2014 From: ammdispose-dovecot at yahoo.com (AMM) Date: Mon, 01 Dec 2014 18:06:38 +0530 Subject: v2.2.15 - make check - Conditional jump or move depends on uninitialised value In-Reply-To: <547C56E1.4020908@dovecot.fi> References: <547A94B3.5030500@yahoo.com> <547C3ED0.8080908@dovecot.fi> <547C45E4.6020807@yahoo.com> <547C56E1.4020908@dovecot.fi> Message-ID: <547C60D6.4090203@yahoo.com> On Monday 01 December 2014 05:24 PM, Teemu Huovila wrote: > On 12/01/2014 12:41 PM, AMM wrote: >> On Monday 01 December 2014 03:41 PM, Teemu Huovila wrote: >> But Dovecot 2.2.10 (and earlier versions) were not throwing this error. > This test was added in Dovecot version 2.2.14. It is also the only reference to strspn() in the whole project. > ... > You could try verification yourself, by using the "Steps to Reproduce" in the linked issue tracker. > > br, > Teemu Huovila Verified it. It is indeed valgrind bug. Thanks for the help. Amm. From litt at acm.org Mon Dec 1 14:04:22 2014 From: litt at acm.org (Timothe Litt) Date: Mon, 01 Dec 2014 09:04:22 -0500 Subject: Panic: from mbox-sync.c; doveadm zlib-plugin Message-ID: <547C7566.7050106@acm.org> Upgraded to dovecot 2.2.15 (built from sources on Fedora linux), saw intermittent panics: From dovecot:imap Error: Next message unexpectedly corrupted in mbox file /home/xxxx/mail/Junk E-mail at 1202197 Panic: file mbox-sync.c: line 152 (mbox_sync_read_next_mail): assertion failed: (sync_ctx->input->v_offset != mail_ctx->mail.from_offset || sync_ctx->input->eof) Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0 [0x274ecf] -> /usr/local/lib/dovecot/libdovecot.so.0 [0x274f4d] -> /usr/local/lib/dovecot/libdovecot.so.0 [0x27446b] -> /usr/local/lib/dovecot/libdovecot-storage.so.0 [0x16633e] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mbox_sync+0x6b6) [0x168146] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mbox_storage_sync_init+0x81) [0x169391] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x40) [0x186270] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x3d) [0x18715d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x74) [0x1b6c44] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x5f) [0x1895bf] -> dovecot/imap(imap_status_get+0x7a) [0x806396a] -> dovecot/imap(cmd_status+0x128) [0x80588a8] -> dovecot/imap(command_exec+0x33) [0x805c8e3] -> dovecot/imap [0x805b63f] -> dovecot/imap [0x805b6c3] -> dovecot/imap(client_handl Fatal: master: service(imap): child 25461 killed with signal 6 (core dumps disabled) They are on hiatus, but thought I should report this anyway. If I get a reproducer, I'll see if I can get core dumps. The user involved had several procmail processes hung waiting for the lockfile on this mbox. Killing sendmail & dovecot, the procmails & restarting sendmail & dovecot is all that I did after the errors. It is possible that the last message delivered prior to the errors was truncated ("note the input-eof" in the trace), but this shouldn't result in a panic. I'd expect a warning, then the message truncated to whatever is there, and operations proceeding... Also, it appears that make install doesn't remove the doveadm zlib plugin, which it seems was obsoleted by http://www.dovecot.org/list/dovecot-cvs/2012-October/021796.html. This results in: doveadm log find doveadm(root): Error: Module is for different ABI version 2.1.12 (we have 2.2.ABIv15(2.2.15)): /usr/local/lib/dovecot/doveadm/lib10_doveadm_zlib_plugin.so Removing /usr/local/lib/dovecot/doveadm/lib10_doveadm_zlib_plugin.* fixes this. However, it would be better if make install either removed these from an old installation in an upgrade, renamed the files, or advised the installer to do so. FWIW: # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.22.14-72.fc6 i686 Fedora Core release 6 (Zod) first_valid_gid = 4000 first_valid_uid = 4000 hostname = smtp.example.net login_greeting = Dovecot ready. Unauthorized access is prohibited. mail_access_groups = mail mail_location = mbox:~/mail:INBOX=/var/mail/%n mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox "Train As Forgotten" { auto = subscribe } mailbox "Train As Ham" { auto = subscribe } mailbox "Train As Spam" { auto = subscribe } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / } passdb { driver = pam } service imap-login { inet_listener imap { address = imap.v4.example.net imap.v6.example.net port = 143 } inet_listener imaps { address = imap.v4.example.net imap.v6.example.net port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { address = pop.v4.example.net pop.v6.example.net port = 110 } inet_listener pop3s { address = pop.v4.example.net pop.v6.example.net port = 995 ssl = yes } } ssl_ca = From gdrub13 at gmail.com Mon Dec 1 16:11:38 2014 From: gdrub13 at gmail.com (rub zorghy) Date: Mon, 1 Dec 2014 17:11:38 +0100 Subject: Dovecot Director and Dovecot proxy Message-ID: Hi, Dovecot Director is used to keep a temporary user -> Dovecot backend server mapping. So, Director decides which backend handles each user and the user is always redirected to the same server. All user data is stored in shared storage (NFS). The Dovecot presentation featured during this webinar mentions (slide 7) a Dovecot proxy cluster (doing credentials and user info lookup) behind the LB device (F5 Big-IP) Why Dovecot Director server isn't used to perform this without Dovecot proxy ? Thus, the load balancer (F5 Big-IP) can distribute requests based on IMAP protocol to Dovecot Director cluster. Thx so much. gdrub From absolutely_free at libero.it Mon Dec 1 16:24:36 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Mon, 1 Dec 2014 17:24:36 +0100 (CET) Subject: best file system ? Message-ID: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> Hi, I'm going to set up a new storage for our email users (about 10k). It's a network attached storage (Coraid). In your opinion, what is the best file system for mail server (pop3/imap/webmail) purpose? Thank you From gedalya at gedalya.net Mon Dec 1 16:31:27 2014 From: gedalya at gedalya.net (Gedalya) Date: Mon, 01 Dec 2014 11:31:27 -0500 Subject: best file system ? In-Reply-To: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> References: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> Message-ID: <547C97DF.8000806@gedalya.net> On 12/01/2014 11:24 AM, absolutely_free at libero.it wrote: > Hi, > I'm going to set up a new storage for our email users (about 10k). > It's a network attached storage (Coraid). > In your opinion, what is the best file system for mail server (pop3/imap/webmail) purpose? > Thank you This thread (and others) has covered some options http://www.dovecot.org/list/dovecot/2013-May/090041.html About XFS, it's worth noting that it doesn't come with a version number, so XFS in a recent kernel simply doesn't mean the same thing as an older kernel. You kind of need to look at the kernel version instead of an "XFS version". Also, the devil will be in the details. You'll always need to worry about things like alignment etc., particulars of your configuration / work load. You really can't look at it as simply a question of which filesystem to choose. From alessio at skye.it Mon Dec 1 17:19:49 2014 From: alessio at skye.it (Alessio Cecchi) Date: Mon, 01 Dec 2014 18:19:49 +0100 Subject: best file system ? In-Reply-To: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> References: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> Message-ID: <547CA335.6030406@skye.it> Il 01/12/2014 17:24, absolutely_free at libero.it ha scritto: > Hi, > I'm going to set up a new storage for our email users (about 10k). > It's a network attached storage (Coraid). > In your opinion, what is the best file system for mail server (pop3/imap/webmail) purpose? > Thank you Hi, XFS, if you can use RHEL/CentOS 6, ext4 with others distro. I used XFS (with 20k users) until I switched to a NetApp (and now I'm really happy). Ciao From bertrand.caplet at chunkz.net Mon Dec 1 17:21:45 2014 From: bertrand.caplet at chunkz.net (Bertrand Caplet) Date: Mon, 01 Dec 2014 18:21:45 +0100 Subject: best file system ? In-Reply-To: <547CA335.6030406@skye.it> References: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> <547CA335.6030406@skye.it> Message-ID: <547CA3A9.3060804@chunkz.net> > I used XFS (with 20k users) until I switched to a NetApp (and now I'm > really happy). Yes, I'd say NetApp is pretty good, we are using this type of storage at work. Regards -- CHUNKZ.NET - casual fiddler and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From alessio at skye.it Mon Dec 1 17:28:56 2014 From: alessio at skye.it (Alessio Cecchi) Date: Mon, 01 Dec 2014 18:28:56 +0100 Subject: Dovecot Director and Dovecot proxy In-Reply-To: References: Message-ID: <547CA558.70100@skye.it> Il 01/12/2014 17:11, rub zorghy ha scritto: > Why Dovecot Director server isn't used to perform this without Dovecot > proxy ? Thus, the load balancer (F5 Big-IP) can distribute requests based > on IMAP protocol to Dovecot Director cluster. I think that the slide is just one example of a scenario ,very complex. In real world, unless you do not have to segment users (some users use Exchange, others use Dovecot, but all user use imap.corporate.com, the proxy, for login) you don't need a Proxy in front of Director. Load balancer is only for HA. Ciao From sami.ketola at dovecot.fi Mon Dec 1 17:45:46 2014 From: sami.ketola at dovecot.fi (Sami Ketola) Date: Mon, 1 Dec 2014 19:45:46 +0200 Subject: best file system ? In-Reply-To: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> References: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> Message-ID: > On 01 Dec 2014, at 18:24, absolutely_free at libero.it wrote: > > Hi, > I'm going to set up a new storage for our email users (about 10k). > It's a network attached storage (Coraid). > In your opinion, what is the best file system for mail server (pop3/imap/webmail) purpose? Depends on what OS you have chosen, or if OS is not the limiter I would go with ZFS. Sami From mark at msapiro.net Mon Dec 1 18:49:39 2014 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 01 Dec 2014 10:49:39 -0800 Subject: Dovecot 2.2.15, Panic: file mbox-sync.c: line 152 (mbox_sync_read_next_mail): assertion failed: In-Reply-To: <547C2D4F.6040102@dovecot.fi> References: <5478BF6C.3080804@msapiro.net> <547C2D4F.6040102@dovecot.fi> Message-ID: <547CB843.4020308@msapiro.net> On 12/01/2014 12:56 AM, Teemu Huovila wrote: > Please see http://dovecot.markmail.org/thread/xqu3yr52c6hjxqk2 Thank you. I'll install the patches. Since the Panic is very rare on my server, I won't really know if they help, but this look like my issue. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From anon_user at openmailbox.org Mon Dec 1 19:01:19 2014 From: anon_user at openmailbox.org (anon_user at openmailbox.org) Date: Mon, 01 Dec 2014 20:01:19 +0100 Subject: Dovecot Director and Dovecot proxy In-Reply-To: References: <527fcc32f758ae6dcae25fbff230fe25@openmailbox.org> Message-ID: On 2014-12-01 19:56, anon_user at openmailbox.org wrote: >> Il 01/12/2014 17:11, rub zorghy ha scritto: >> Why Dovecot Director server isn't used to perform this without Dovecot >> proxy ? Thus, the load balancer (F5 Big-IP) can distribute requests >> based >> on IMAP protocol to Dovecot Director cluster. >> I think that the slide is just one example of a scenario ,very >> complex. In real world, >> unless you do not have to segment users (some users use Exchange, >> others use Dovecot, but all user use imap.corporate.com, the proxy, > for login) you don't need a Proxy in front of Director. > > Load balancer is only for HA. > > Ciao Hello, So, dovecot director can work without dovecot proxy ? Thanks. From slusarz at curecanti.org Mon Dec 1 19:23:48 2014 From: slusarz at curecanti.org (Michael M Slusarz) Date: Mon, 01 Dec 2014 12:23:48 -0700 Subject: SORT capability In-Reply-To: <1673486066.155161417432772011.JavaMail.defaultUser@defaultHost> Message-ID: <20141201122348.Horde.EwyUKcgUpxn64ZdOKKJTTg1@bigworm.curecanti.org> Quoting absolutely_free at libero.it: > why I don't see SORT capability on my dovecot server? > > # telnet localhost 143 > Trying ::1... > Connected to localhost. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID > ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 > AUTH=CRAM-MD5] Dovecot ready. > 1 capability > * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 > 1 OK Capability completed. Because you are not authenticated. SORT isn't used in the not authenticated state. michael From marcin at mejor.pl Mon Dec 1 20:13:29 2014 From: marcin at mejor.pl (=?ISO-8859-2?Q?Marcin_Miros=B3aw?=) Date: Mon, 01 Dec 2014 21:13:29 +0100 Subject: best file system ? In-Reply-To: <547CA335.6030406@skye.it> References: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> <547CA335.6030406@skye.it> Message-ID: <547CCBE9.9070306@mejor.pl> W dniu 2014-12-01 o 18:19, Alessio Cecchi pisze: > > Il 01/12/2014 17:24, absolutely_free at libero.it ha scritto: >> Hi, >> I'm going to set up a new storage for our email users (about 10k). >> It's a network attached storage (Coraid). >> In your opinion, what is the best file system for mail server >> (pop3/imap/webmail) purpose? >> Thank you > Hi, > > XFS, if you can use RHEL/CentOS 6, ext4 with others distro. Hi! Does XFS works better on RHEL than on others distro?;) From h.reindl at thelounge.net Mon Dec 1 20:16:35 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 01 Dec 2014 21:16:35 +0100 Subject: best file system ? In-Reply-To: <547CCBE9.9070306@mejor.pl> References: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> <547CA335.6030406@skye.it> <547CCBE9.9070306@mejor.pl> Message-ID: <547CCCA3.6060401@thelounge.net> Am 01.12.2014 um 21:13 schrieb Marcin Miros?aw: > W dniu 2014-12-01 o 18:19, Alessio Cecchi pisze: >> >> Il 01/12/2014 17:24, absolutely_free at libero.it ha scritto: >>> Hi, >>> I'm going to set up a new storage for our email users (about 10k). >>> It's a network attached storage (Coraid). >>> In your opinion, what is the best file system for mail server >>> (pop3/imap/webmail) purpose? >>> Thank you >> Hi, >> >> XFS, if you can use RHEL/CentOS 6, ext4 with others distro. > > Hi! > Does XFS works better on RHEL than on others distro?;) XFS is the default system of *RHEL7/CentOS7* no idea from where it comes that is is recommended for CentOS6 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From rnowotny at rotek.at Mon Dec 1 21:06:50 2014 From: rnowotny at rotek.at (Robert Nowotny) Date: Mon, 01 Dec 2014 22:06:50 +0100 Subject: best file system ? In-Reply-To: <547CCCA3.6060401@thelounge.net> References: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> <547CA335.6030406@skye.it> <547CCBE9.9070306@mejor.pl> <547CCCA3.6060401@thelounge.net> Message-ID: <547CD86A.1040308@rotek.at> Am 2014-12-01 um 21:16 schrieb Reindl Harald: > > > Am 01.12.2014 um 21:13 schrieb Marcin Miros?aw: >> W dniu 2014-12-01 o 18:19, Alessio Cecchi pisze: >>> >>> Il 01/12/2014 17:24, absolutely_free at libero.it ha scritto: >>>> Hi, >>>> I'm going to set up a new storage for our email users (about 10k). >>>> It's a network attached storage (Coraid). >>>> In your opinion, what is the best file system for mail server >>>> (pop3/imap/webmail) purpose? >>>> Thank you >>> Hi, >>> >>> XFS, if you can use RHEL/CentOS 6, ext4 with others distro. >> >> Hi! >> Does XFS works better on RHEL than on others distro?;) > > XFS is the default system of *RHEL7/CentOS7* > no idea from where it comes that is is recommended for CentOS6 > definitely ZFS on BSD or on Solaris. And ECC Ram on the Server. check it out : http://serverfault.com/questions/190/zfs-vs-xfs and http://louwrentius.com/please-use-zfs-with-ecc-memory.html From ad+lists at uni-x.org Mon Dec 1 21:37:02 2014 From: ad+lists at uni-x.org (Alexander Dalloz) Date: Mon, 01 Dec 2014 22:37:02 +0100 Subject: best file system ? In-Reply-To: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> References: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> Message-ID: <547CDF7E.9030009@uni-x.org> Am 01.12.2014 um 17:24 schrieb absolutely_free at libero.it: > Hi, > I'm going to set up a new storage for our email users (about 10k). > It's a network attached storage (Coraid). > In your opinion, what is the best file system for mail server (pop3/imap/webmail) purpose? > Thank you If it is a NAS, as you state, then you don't have to think about the filesystem, because the storage unit does not provide block devices for filesystem creation. Else - in case you get block storage instead of NAS - "best filesystem" depends on a lot of parameters. If there would be a best one, then there wouldn't be room for several choices. Alexander From ifallison at gmail.com Tue Dec 2 00:02:33 2014 From: ifallison at gmail.com (Ian Allison) Date: Mon, 1 Dec 2014 16:02:33 -0800 Subject: Adding extra fields from an external source Message-ID: <20141202000233.GC12687@gmail.com> Hi, I have an existing (Open)LDAP which I'm using with dovecot and I would like to implement quotas. I have global quotas working, but I would like per user quotas similar to what is described in the wiki (http://wiki2.dovecot.org/Quota/Configuration#LDAP) My problem is that there is no obvious attribute in the schemas shipped in the RHEL/Centos 6 to hold the quota string. Is it possible to get User database extra fields from an external source? e.g. flat file or MySQL table. I would like to pull everything else from LDAP but just fill out quota_rule from a different source. I realize I could expand my LDAP but I'm wary of just importing some random schema. I've had mixed results doing that in the past (the qmail schema (http://www.zytrax.com/books/ldap/ape/qmail.html) was incompatible with my existing structure, and at the moment I'm using a hacked version of the linux quota project's LDAP schema (http://sourceforge.net/projects/linuxquota/) - I'd rather have something a bit more official). If there is a recommended schema that you guys use which is stable and works well I would like to give that a try. -Thanks, Ian. From dovecot.org at veggiechinese.net Tue Dec 2 00:43:02 2014 From: dovecot.org at veggiechinese.net (Will Yardley) Date: Mon, 1 Dec 2014 16:43:02 -0800 Subject: disabling certain ciphers Message-ID: <20141202004302.GR70990@aura.veggiechinese.net> Can you use both ssl_protocols *and* ssl_cipher_list in the same config (in a way that's sane)? ssl_protocols (>= 2.1) and ssl_cipher_list co-exist, or are they mutually exclusive? I have a Dovecot 2.2.13 system, and I tried setting: I also tried things like ssl_cipher_list = HIGH or ssl_cipher_list = HIGH:!MEDIUM:!LOW however, doing this seems to make v3 still work unless I explicitly do !SSLv3 in ssl_cipher_list in addition to disabling it in $ssl_protocols. This is different from Apache, which has similar parameters, but where disabling the protocol takes precedence. If I just do: ssl_protocols = !SSLv2 !SSLv3 I still get some ciphers that show up as "weak", e.g., | SSLv3: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_DHE_RSA_WITH_DES_CBC_SHA - weak [....] | TLS_RSA_WITH_DES_CBC_SHA - weak Is there a way to exclude these ciphers, while still keeping my config easy to parse and avoiding duplicative or deprecated configs? The behavior is also pretty strange; if I have something like one of the following, with or without $ssl_protocols set to exclude SSLv2 and SSLv3: ssl_cipher_list = HIGH:!MEDIUM:!LOW:!SSLv3 ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:+HIGH:!MEDIUM TLS v1.0 and v1.1 get disabled as well. I also can't seem to explicitly enable TLS 1.0 or 1.1 in $ssl_cipher_list. w From list_dovecot at bluerosetech.com Tue Dec 2 05:27:48 2014 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Mon, 01 Dec 2014 21:27:48 -0800 Subject: disabling certain ciphers In-Reply-To: <20141202004302.GR70990@aura.veggiechinese.net> References: <20141202004302.GR70990@aura.veggiechinese.net> Message-ID: <547D4DD4.7080406@bluerosetech.com> On 12/1/2014 4:43 PM, Will Yardley wrote: > Can you use both ssl_protocols *and* ssl_cipher_list in the same config > (in a way that's sane)? > Is there a way to exclude these ciphers, while still keeping my config > easy to parse and avoiding duplicative or deprecated configs? Yes to both. If you need to support older clients: ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH ssl_dh_parameters_length = 2048 ssl_parameters_regenerate = 0 ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 If your userbase is limited to current clients and OSes, you can take it a bit further: ssl_cipher_list = HIGH+kEECDH:HIGH+kEDH:!3DES:!aNULL:@STRENGTH ssl_dh_parameters_length = 4096 ssl_parameters_regenerate = 0 ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 This drops 3DES support and makes forward secrecy mandatory. From dovecot.org at veggiechinese.net Tue Dec 2 05:44:44 2014 From: dovecot.org at veggiechinese.net (Will Yardley) Date: Mon, 1 Dec 2014 21:44:44 -0800 Subject: disabling certain ciphers In-Reply-To: <547D4DD4.7080406@bluerosetech.com> References: <20141202004302.GR70990@aura.veggiechinese.net> <547D4DD4.7080406@bluerosetech.com> Message-ID: <20141202054444.GA18729@aura.veggiechinese.net> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: > On 12/1/2014 4:43 PM, Will Yardley wrote: > > Can you use both ssl_protocols *and* ssl_cipher_list in the same config > > (in a way that's sane)? > > > Is there a way to exclude these ciphers, while still keeping my config > > easy to parse and avoiding duplicative or deprecated configs? > > Yes to both. If you need to support older clients: > > ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH > ssl_dh_parameters_length = 2048 > ssl_parameters_regenerate = 0 > ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 But why does ssl_protocols behave differently depending on if $ssl_cipher_list is defined? Shouldn't !SSLv2 and !SSLv3 be sufficient? It seems that if ssl_cipher_list is defined, ssl_protocols = !SSLv2 !SSLv3 results in TLS1.2 being the only one active, but if it is defined, 1.0, 1.1, and 1.2 are all active? w From amateo at um.es Tue Dec 2 07:24:49 2014 From: amateo at um.es (Angel L. Mateo) Date: Tue, 02 Dec 2014 08:24:49 +0100 Subject: best file system ? In-Reply-To: References: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> Message-ID: <547D6941.5010600@um.es> El 01/12/14 a las 18:45, Sami Ketola escribi?: > >> On 01 Dec 2014, at 18:24, absolutely_free at libero.it wrote: >> >> Hi, >> I'm going to set up a new storage for our email users (about 10k). >> It's a network attached storage (Coraid). >> In your opinion, what is the best file system for mail server (pop3/imap/webmail) purpose? > > Depends on what OS you have chosen, or if OS is not the limiter I would go with ZFS. > Have you any performance comparison with xfs? I'm running two imap servers. One with about 9k accounts and 3.5TB of storage, and another with 55k accounts and 2TB of storage with XFS, and I'm thinking about migrating them from XFS to ZFS but I'm concern about IO performance of ZFS. When we developed these two servers, I remember reading some zfs performance problems in comparison with xfs (I have lost the link) and that was the reason to finally use xfs, but now we are having problems with LVM snapshots and we also like some zfs features (like replication) so we are thinking about the change. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 868888337 From amateo at um.es Tue Dec 2 07:26:28 2014 From: amateo at um.es (Angel L. Mateo) Date: Tue, 02 Dec 2014 08:26:28 +0100 Subject: best file system ? In-Reply-To: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> References: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> Message-ID: <547D69A4.4080809@um.es> El 01/12/14 a las 17:24, absolutely_free at libero.it escribi?: > Hi, > I'm going to set up a new storage for our email users (about 10k). > It's a network attached storage (Coraid). > In your opinion, what is the best file system for mail server (pop3/imap/webmail) purpose? > Thank you > And another related question... Does anybody of you have any experience with distributed filesystems like lustre or ceph? How is the performance of them in comparison with "legacy" filesystems like xfs? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 868888337 From alessio at skye.it Tue Dec 2 07:41:53 2014 From: alessio at skye.it (Alessio Cecchi) Date: Tue, 02 Dec 2014 08:41:53 +0100 Subject: best file system ? In-Reply-To: <547CCBE9.9070306@mejor.pl> References: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> <547CA335.6030406@skye.it> <547CCBE9.9070306@mejor.pl> Message-ID: <547D6D41.9010000@skye.it> Il 01/12/2014 21:13, Marcin Miros?aw ha scritto: > W dniu 2014-12-01 o 18:19, Alessio Cecchi pisze: >> Il 01/12/2014 17:24, absolutely_free at libero.it ha scritto: >>> Hi, >>> I'm going to set up a new storage for our email users (about 10k). >>> It's a network attached storage (Coraid). >>> In your opinion, what is the best file system for mail server >>> (pop3/imap/webmail) purpose? >>> Thank you >> Hi, >> >> XFS, if you can use RHEL/CentOS 6, ext4 with others distro. > Hi! > Does XFS works better on RHEL than on others distro?;) Yes, because in the kernel of RHEL (>= 6) there are some patchs/options (like delaylog) not present in others distro (like Debian 6) with default kernel. From skdovecot at smail.inf.fh-brs.de Tue Dec 2 08:03:31 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 2 Dec 2014 09:03:31 +0100 (CET) Subject: Adding extra fields from an external source In-Reply-To: <20141202000233.GC12687@gmail.com> References: <20141202000233.GC12687@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 1 Dec 2014, Ian Allison wrote: > I realize I could expand my LDAP but I'm wary of just importing some > random schema. Well, >>random<< schema ;-) you should know what you are doing. Check what is added to your LDAP and you'll be fine. > I've had mixed results doing that in the past (the qmail > schema (http://www.zytrax.com/books/ldap/ape/qmail.html) was > incompatible with my existing structure, and at the moment I'm using a > hacked version of the linux quota project's LDAP schema > (http://sourceforge.net/projects/linuxquota/) - I'd rather have > something a bit more official). If there is a recommended schema that > you guys use which is stable and works well I would like to give that a > try. Nobody registered Dovecot attributes with IANA, because IMHO it is quite implementor-specfic. Because of that, there cannot exist anything "official". How many quota rules do you have? Others may have plenty more, ... . But maybe, an Dovecot arc would help some people. However, see http://www.openldap.org/doc/admin22/schema.html#Extending%20Schema "To obtain a registered OID at no cost, apply for an OID under the Internet Assigned Numbers Authority (IANA) maintained Private Enterprise arc. Any private enterprise (organization) may request an OID to be assigned under this arc. Just fill out the IANA form at http://www.iana.org/cgi-bin/enterprise.pl and your official OID will be sent to you usually within a few days. Your base OID will be something like 1.3.6.1.4.1.X where X is an integer. Note: Don't let the "MIB/SNMP" statement on the IANA page confuse you. OIDs obtained using this form may be used for any purpose including identifying LDAP schema elements. Alternatively, OID name space may be available from a national authority (e.g., ANSI, BSI). For private experiments, OIDs under 1.1 may be used. The OID 1.1 arc is regarded as dead name space." You could define your own attributes and objectclasses in the arc 1.1 or get your own Private Enterprise Number. That way your additions won't conflict with other definitions. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVH1yVHz1H7kL/d9rAQIhlgf/WbiDTTdTeBKgTNgqKmdO3WIT38khLrS3 szEO/GJoj/JRYwsP9z+g1fKuUgx7cJpz+TWbyhK6CcEJCQP+H/sS6BexVWowZgLq Qv+aYsBqI06k6ixgpKwtBU+qQ4j1jUJikbELKl86L/uzpSOGRuyvqYcIZ8Z2cGB8 wCPum+CTgbmZEG2JmfYLzTgldKzEye/CAEJ+BEjV1FtY2jLBWzN5QDWHaJot2XEE pU8JYnSRJ0lip7rdgDSxqcnRbGhjx47RlCDBalHFlZVCuouUsIk7f5P/E03Srsuy /9euLMCKcaZYkTQrFgRjDCEhqvXWxf7HaWqDSvKdK8rcOjP3IotECg== =OMkh -----END PGP SIGNATURE----- From marcin at mejor.pl Tue Dec 2 09:24:26 2014 From: marcin at mejor.pl (=?ISO-8859-2?Q?Marcin_Miros=B3aw?=) Date: Tue, 02 Dec 2014 10:24:26 +0100 Subject: best file system ? In-Reply-To: <547D6D41.9010000@skye.it> References: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> <547CA335.6030406@skye.it> <547CCBE9.9070306@mejor.pl> <547D6D41.9010000@skye.it> Message-ID: <547D854A.6040400@mejor.pl> W dniu 02.12.2014 o 08:41, Alessio Cecchi pisze: > > Il 01/12/2014 21:13, Marcin Miros?aw ha scritto: >> W dniu 2014-12-01 o 18:19, Alessio Cecchi pisze: >>> Il 01/12/2014 17:24, absolutely_free at libero.it ha scritto: >>>> Hi, >>>> I'm going to set up a new storage for our email users (about 10k). >>>> It's a network attached storage (Coraid). >>>> In your opinion, what is the best file system for mail server >>>> (pop3/imap/webmail) purpose? >>>> Thank you >>> Hi, >>> >>> XFS, if you can use RHEL/CentOS 6, ext4 with others distro. >> Hi! >> Does XFS works better on RHEL than on others distro?;) > Yes, because in the kernel of RHEL (>= 6) there are some patchs/options > (like delaylog) not present in others distro (like Debian 6) with > default kernel. It means that you advice to use XFS with delaylog:) There are many distros which not uses ancient kernel like 2.6.32 with bunch of backported patches. So it's better to tell which feature from given filesystem you consider as important than suggesting distro. Regards, Marcin From h.reindl at thelounge.net Tue Dec 2 09:32:01 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 02 Dec 2014 10:32:01 +0100 Subject: disabling certain ciphers In-Reply-To: <20141202054444.GA18729@aura.veggiechinese.net> References: <20141202004302.GR70990@aura.veggiechinese.net> <547D4DD4.7080406@bluerosetech.com> <20141202054444.GA18729@aura.veggiechinese.net> Message-ID: <547D8711.2020508@thelounge.net> Am 02.12.2014 um 06:44 schrieb Will Yardley: > On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >> On 12/1/2014 4:43 PM, Will Yardley wrote: >>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>> (in a way that's sane)? >> >>> Is there a way to exclude these ciphers, while still keeping my config >>> easy to parse and avoiding duplicative or deprecated configs? >> >> Yes to both. If you need to support older clients: >> >> ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH >> ssl_dh_parameters_length = 2048 >> ssl_parameters_regenerate = 0 >> ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 > > But why does ssl_protocols behave differently depending on if > $ssl_cipher_list is defined? Shouldn't !SSLv2 and !SSLv3 be sufficient? > > It seems that if ssl_cipher_list is defined, > ssl_protocols = !SSLv2 !SSLv3 > > results in TLS1.2 being the only one active, but if it is defined, 1.0, > 1.1, and 1.2 are all active? ssl_protocols = !SSLv2 !SSLv3 and you are fine, aynthing else is nonsense because when TLSv1.3 will be released you go to each and every server to add it to the config? likely not! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From c at roessner-network-solutions.com Tue Dec 2 10:15:07 2014 From: c at roessner-network-solutions.com (=?utf-8?Q?Christian_R=C3=B6=C3=9Fner?=) Date: Tue, 2 Dec 2014 11:15:07 +0100 Subject: Adding extra fields from an external source In-Reply-To: <20141202000233.GC12687@gmail.com> References: <20141202000233.GC12687@gmail.com> Message-ID: <65B15C00-8281-4855-BC04-900D2FF728C8@roessner-network-solutions.com> > Am 02.12.2014 um 01:02 schrieb Ian Allison : > > Hi, > > I have an existing (Open)LDAP which I'm using with dovecot and I would > like to implement quotas. I have global quotas working, but I would like > per user quotas similar to what is described in the wiki > (http://wiki2.dovecot.org/Quota/Configuration#LDAP) My problem is that > there is no obvious attribute in the schemas shipped in the RHEL/Centos > 6 to hold the quota string. > > Is it possible to get User database extra fields from an external > source? e.g. flat file or MySQL table. I would like to pull everything > else from LDAP but just fill out quota_rule from a different source. > > I realize I could expand my LDAP but I'm wary of just importing some > random schema. I've had mixed results doing that in the past (the qmail > schema (http://www.zytrax.com/books/ldap/ape/qmail.html) was > incompatible with my existing structure, and at the moment I'm using a > hacked version of the linux quota project's LDAP schema > (http://sourceforge.net/projects/linuxquota/) - I'd rather have > something a bit more official). If there is a recommended schema that > you guys use which is stable and works well I would like to give that a > try. You could write your own schema. I have done so for my OpenLDAP. You can make it AUXILIARY and make attributes MAY. Example from my file: # RNS - 1.3.6.1.4.1.31612 # LDAP - 1.3.6.1.4.1.31612.1 # Mail 1.3.6.1.4.1.31612.1.2 # Attributes - 1.3.6.1.4.1.31612.1.2.1 # ObjectClasses - 1.3.6.1.4.1.31612.1.2.2 ? attributetype ( 1.3.6.1.4.1.31612.1.1.1.6 NAME 'rnsMSQuota' DESC 'An integer that represents the quota on a mailbox' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ? objectclass ( 1.3.6.1.4.1.31612.1.1.2.2 NAME 'rnsMSDovecotAccount' DESC 'Dovecot account for virtual domain mailboxes' SUP top AUXILIARY MAY ( ... $ rnsMSQuota $ ... $ ) ) ? Christian -- Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From absolutely_free at libero.it Tue Dec 2 15:38:11 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Tue, 2 Dec 2014 16:38:11 +0100 (CET) Subject: R: Re: best file system ? Message-ID: <562413438.287381417534691901.JavaMail.httpd@webmail-15.iol.local> Hi Angel, can you please share your dovecot configuration? What webmail are you using (if any)? Thank you >----Messaggio originale---- >Da: amateo at um.es >Data: 02/12/2014 8.24 >A: >Ogg: Re: best file system ? > >El 01/12/14 a las 18:45, Sami Ketola escribi?: >> >>> On 01 Dec 2014, at 18:24, absolutely_free at libero.it wrote: >>> >>> Hi, >>> I'm going to set up a new storage for our email users (about 10k). >>> It's a network attached storage (Coraid). >>> In your opinion, what is the best file system for mail server (pop3/imap/webmail) purpose? >> >> Depends on what OS you have chosen, or if OS is not the limiter I would go with ZFS. >> > Have you any performance comparison with xfs? > > I'm running two imap servers. One with about 9k accounts and 3.5TB of >storage, and another with 55k accounts and 2TB of storage with XFS, and >I'm thinking about migrating them from XFS to ZFS but I'm concern about >IO performance of ZFS. When we developed these two servers, I remember >reading some zfs performance problems in comparison with xfs (I have >lost the link) and that was the reason to finally use xfs, but now we >are having problems with LVM snapshots and we also like some zfs >features (like replication) so we are thinking about the change. > > >-- >Angel L. Mateo Mart?nez >Secci?n de Telem?tica >?rea de Tecnolog?as de la Informaci?n >y las Comunicaciones Aplicadas (ATICA) >http://www.um.es/atica >Tfo: 868887590 >Fax: 868888337 > From list_dovecot at bluerosetech.com Tue Dec 2 16:33:55 2014 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Tue, 02 Dec 2014 08:33:55 -0800 Subject: disabling certain ciphers In-Reply-To: <547D8711.2020508@thelounge.net> References: <20141202004302.GR70990@aura.veggiechinese.net> <547D4DD4.7080406@bluerosetech.com> <20141202054444.GA18729@aura.veggiechinese.net> <547D8711.2020508@thelounge.net> Message-ID: <547DE9F3.4020106@bluerosetech.com> On 12/2/2014 1:32 AM, Reindl Harald wrote: > > Am 02.12.2014 um 06:44 schrieb Will Yardley: >> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >>> On 12/1/2014 4:43 PM, Will Yardley wrote: >>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>>> (in a way that's sane)? >>> >>>> Is there a way to exclude these ciphers, while still keeping my config >>>> easy to parse and avoiding duplicative or deprecated configs? >>> >>> Yes to both. If you need to support older clients: >>> >>> ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH >>> ssl_dh_parameters_length = 2048 >>> ssl_parameters_regenerate = 0 >>> ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 >> >> But why does ssl_protocols behave differently depending on if >> $ssl_cipher_list is defined? Shouldn't !SSLv2 and !SSLv3 be sufficient? >> >> It seems that if ssl_cipher_list is defined, >> ssl_protocols = !SSLv2 !SSLv3 >> >> results in TLS1.2 being the only one active, but if it is defined, 1.0, >> 1.1, and 1.2 are all active? > > ssl_protocols = !SSLv2 !SSLv3 > > and you are fine, aynthing else is nonsense because when TLSv1.3 will be > released you go to each and every server to add it to the config? likely > not! Configuration management. :) Also, no, you need to do more than just disable SSLv3. You need to disable several cipher groups allowed in TLSv1.0 and TLSv1.1, bump up the DH parameter size, and, if your client base allows it, only allow ciphers with forward secrecy. From list_dovecot at bluerosetech.com Tue Dec 2 16:34:50 2014 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Tue, 02 Dec 2014 08:34:50 -0800 Subject: disabling certain ciphers In-Reply-To: <20141202054444.GA18729@aura.veggiechinese.net> References: <20141202004302.GR70990@aura.veggiechinese.net> <547D4DD4.7080406@bluerosetech.com> <20141202054444.GA18729@aura.veggiechinese.net> Message-ID: <547DEA2A.1090606@bluerosetech.com> On 12/1/2014 9:44 PM, Will Yardley wrote: > On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >> On 12/1/2014 4:43 PM, Will Yardley wrote: >>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>> (in a way that's sane)? >> >>> Is there a way to exclude these ciphers, while still keeping my config >>> easy to parse and avoiding duplicative or deprecated configs? >> >> Yes to both. If you need to support older clients: >> >> ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH >> ssl_dh_parameters_length = 2048 >> ssl_parameters_regenerate = 0 >> ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 > > But why does ssl_protocols behave differently depending on if > $ssl_cipher_list is defined? Shouldn't !SSLv2 and !SSLv3 be sufficient? > > It seems that if ssl_cipher_list is defined, > ssl_protocols = !SSLv2 !SSLv3 > > results in TLS1.2 being the only one active, but if it is defined, 1.0, > 1.1, and 1.2 are all active? Where are you see this behaviour? What tool is reporting this? From h.reindl at thelounge.net Tue Dec 2 16:38:38 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 02 Dec 2014 17:38:38 +0100 Subject: disabling certain ciphers In-Reply-To: <547DE9F3.4020106@bluerosetech.com> References: <20141202004302.GR70990@aura.veggiechinese.net> <547D4DD4.7080406@bluerosetech.com> <20141202054444.GA18729@aura.veggiechinese.net> <547D8711.2020508@thelounge.net> <547DE9F3.4020106@bluerosetech.com> Message-ID: <547DEB0E.3060907@thelounge.net> Am 02.12.2014 um 17:33 schrieb Darren Pilgrim: > On 12/2/2014 1:32 AM, Reindl Harald wrote: >>>> ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH >>>> ssl_dh_parameters_length = 2048 >>>> ssl_parameters_regenerate = 0 >>>> ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 >>> >>> But why does ssl_protocols behave differently depending on if >>> $ssl_cipher_list is defined? Shouldn't !SSLv2 and !SSLv3 be sufficient? >>> >>> It seems that if ssl_cipher_list is defined, >>> ssl_protocols = !SSLv2 !SSLv3 >>> >>> results in TLS1.2 being the only one active, but if it is defined, 1.0, >>> 1.1, and 1.2 are all active? >> >> ssl_protocols = !SSLv2 !SSLv3 >> >> and you are fine, aynthing else is nonsense because when TLSv1.3 will be >> released you go to each and every server to add it to the config? likely >> not! > > Configuration management. :) mis-management is the right word for disable future procotols > Also, no, you need to do more than just disable SSLv3. You need to > disable several cipher groups allowed in TLSv1.0 and TLSv1.1, bump up > the DH parameter size, and, if your client base allows it, only allow > ciphers with forward secrecy i *only* referred to "ssl_protocols" and not to ciphers that below are sane settings supporting older Outlooks only talking RC4/DES but prefer a specific order for other clients ssl_protocols = !SSLv2 !SSLv3 ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From list_dovecot at bluerosetech.com Tue Dec 2 17:36:05 2014 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Tue, 02 Dec 2014 09:36:05 -0800 Subject: disabling certain ciphers In-Reply-To: <547DEB0E.3060907@thelounge.net> References: <20141202004302.GR70990@aura.veggiechinese.net> <547D4DD4.7080406@bluerosetech.com> <20141202054444.GA18729@aura.veggiechinese.net> <547D8711.2020508@thelounge.net> <547DE9F3.4020106@bluerosetech.com> <547DEB0E.3060907@thelounge.net> Message-ID: <547DF885.304@bluerosetech.com> On 12/2/2014 8:38 AM, Reindl Harald wrote: > > > Am 02.12.2014 um 17:33 schrieb Darren Pilgrim: >> On 12/2/2014 1:32 AM, Reindl Harald wrote: >>>>> ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH >>>>> ssl_dh_parameters_length = 2048 >>>>> ssl_parameters_regenerate = 0 >>>>> ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 >>>> >>>> But why does ssl_protocols behave differently depending on if >>>> $ssl_cipher_list is defined? Shouldn't !SSLv2 and !SSLv3 be sufficient? >>>> >>>> It seems that if ssl_cipher_list is defined, >>>> ssl_protocols = !SSLv2 !SSLv3 >>>> >>>> results in TLS1.2 being the only one active, but if it is defined, 1.0, >>>> 1.1, and 1.2 are all active? >>> >>> ssl_protocols = !SSLv2 !SSLv3 >>> >>> and you are fine, aynthing else is nonsense because when TLSv1.3 will be >>> released you go to each and every server to add it to the config? likely >>> not! >> >> Configuration management. :) > > mis-management is the right word for disable future procotols It wouldn't. As you've pointed out, you don't have to explicitly enable TLSv1.0+. That's because they're (now) enabled by default. There was a period of time when TLSv1.1 and TLSv1.2 weren't enabled by default. There are also some softwares that don't do the SSL setup correctly without explicit protocol lists. It's easier to be uniformly explicit everywhere. I'd rather be needlessly explicit than have a security failure due to incorrectly assuming an implicit behaviour. >> Also, no, you need to do more than just disable SSLv3. You need to >> disable several cipher groups allowed in TLSv1.0 and TLSv1.1, bump up >> the DH parameter size, and, if your client base allows it, only allow >> ciphers with forward secrecy > > i *only* referred to "ssl_protocols" and not to ciphers Sorry, that wasn't obvious to me. > that below are sane settings supporting older Outlooks only talking > RC4/DES but prefer a specific order for other clients > > ssl_protocols = !SSLv2 !SSLv3 > ssl_prefer_server_ciphers = yes > ssl_options = no_compression > ssl_cipher_list = [really long cipherspec snipped] A student of Mozilla's security policies, I see. ;) You really only need TLSv1 3DES without PFS for Outlook on Windows XP/2003. Outlook on later Windows will do TLSv1 DHE-AES. Older Android devices will need TLSv1 AES128 without PFS. The minimum would therefore be: HIGH+kEECDH:HIGH+kEDH:-3DES:AES128-SHA:DES-CBC3-SHA:!aNULL:@STRENGTH Supporting other older ciphers may support ancient Android, IOS, MacOS and Thunderbird clients, but IME AES128-SHA and DES-CBC3-SHA are all you need for a realistic userbase of old software. From ifallison at gmail.com Tue Dec 2 17:39:08 2014 From: ifallison at gmail.com (Ian Allison) Date: Tue, 2 Dec 2014 09:39:08 -0800 Subject: Adding extra fields from an external source In-Reply-To: References: <20141202000233.GC12687@gmail.com> Message-ID: <20141202173908.GA24125@gmail.com> On Tue, Dec 02, 2014 at 09:03:31AM +0100, Steffen Kaiser wrote: > > Nobody registered Dovecot attributes with IANA, because IMHO it is quite > implementor-specfic. Because of that, there cannot exist anything > "official". How many quota rules do you have? Others may have plenty more, > ... . But maybe, an Dovecot arc would help some people. > > However, see > http://www.openldap.org/doc/admin22/schema.html#Extending%20Schema > > "To obtain a registered OID at no cost, apply for an OID under the Internet > Assigned Numbers Authority (IANA) maintained Private Enterprise arc. Any > private enterprise (organization) may request an OID to be assigned under > this arc. Just fill out the IANA form at > http://www.iana.org/cgi-bin/enterprise.pl and your official OID will be sent > to you usually within a few days. Your base OID will be something like > 1.3.6.1.4.1.X where X is an integer. I've started off the process with IANA and I've started designing an auxiliary schema as Christian suggested. I just didn't want to be doing it unnecessarily, but it looks like that is the best solution. Thanks for your help! -Ian. From dovecot.org at veggiechinese.net Tue Dec 2 17:42:50 2014 From: dovecot.org at veggiechinese.net (Will Yardley) Date: Tue, 2 Dec 2014 09:42:50 -0800 Subject: disabling certain ciphers In-Reply-To: <547DEA2A.1090606@bluerosetech.com> References: <20141202004302.GR70990@aura.veggiechinese.net> <547D4DD4.7080406@bluerosetech.com> <20141202054444.GA18729@aura.veggiechinese.net> <547DEA2A.1090606@bluerosetech.com> Message-ID: <20141202174250.GS70990@aura.veggiechinese.net> On Tue, Dec 02, 2014 at 08:34:50AM -0800, Darren Pilgrim wrote: > On 12/1/2014 9:44 PM, Will Yardley wrote: > > On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: > >> On 12/1/2014 4:43 PM, Will Yardley wrote: > >>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config > >>> (in a way that's sane)? > >> > >> Yes to both. If you need to support older clients: > > But why does ssl_protocols behave differently depending on if > > $ssl_cipher_list is defined? Shouldn't !SSLv2 and !SSLv3 be sufficient? > > > > It seems that if ssl_cipher_list is defined, > > ssl_protocols = !SSLv2 !SSLv3 > > > > results in TLS1.2 being the only one active, but if it is defined, 1.0, > > 1.1, and 1.2 are all active? > > Where are you see this behaviour? What tool is reporting this? I have mostly been testing with nmap, e.g., nmap -p 993 --script ssl-enum-ciphers [target] This then breaks down the ciphers by protocol suite. I'll test with your ssl_cipher_list example and see if it's reproducible. w From dovecot.org at veggiechinese.net Tue Dec 2 18:05:57 2014 From: dovecot.org at veggiechinese.net (Will Yardley) Date: Tue, 2 Dec 2014 10:05:57 -0800 Subject: disabling certain ciphers In-Reply-To: <20141202174250.GS70990@aura.veggiechinese.net> References: <20141202004302.GR70990@aura.veggiechinese.net> <547D4DD4.7080406@bluerosetech.com> <20141202054444.GA18729@aura.veggiechinese.net> <547DEA2A.1090606@bluerosetech.com> <20141202174250.GS70990@aura.veggiechinese.net> Message-ID: <20141202180557.GT70990@aura.veggiechinese.net> I had some problems the first few times I restarted with ssl-params seeming to hang, but it finally works. I am able to get it to work with just: ssl = required ssl_dh_parameters_length = 4096 ssl_parameters_regenerate = 0 ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list = HIGH+kEECDH:HIGH+kEDH:!3DES:!aNULL:@STRENGTH Thanks for your help! w From list_dovecot at bluerosetech.com Tue Dec 2 18:12:22 2014 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Tue, 02 Dec 2014 10:12:22 -0800 Subject: disabling certain ciphers In-Reply-To: <20141202180557.GT70990@aura.veggiechinese.net> References: <20141202004302.GR70990@aura.veggiechinese.net> <547D4DD4.7080406@bluerosetech.com> <20141202054444.GA18729@aura.veggiechinese.net> <547DEA2A.1090606@bluerosetech.com> <20141202174250.GS70990@aura.veggiechinese.net> <20141202180557.GT70990@aura.veggiechinese.net> Message-ID: <547E0106.2030303@bluerosetech.com> On 12/2/2014 10:05 AM, Will Yardley wrote: > I had some problems the first few times I restarted with ssl-params > seeming to hang, but it finally works. That would have been dovecot generating the 4096-bit DH parameters. It can take a bit, but Dovecot is quite fast at it. If Dovecot supported it, you could use OpenSSL to generate tested-safe DH parameters and supply them by file the same way you do for Postfix, nginx, etc. From dovecot.org at veggiechinese.net Tue Dec 2 18:26:38 2014 From: dovecot.org at veggiechinese.net (Will Yardley) Date: Tue, 2 Dec 2014 10:26:38 -0800 Subject: disabling certain ciphers In-Reply-To: <547E0106.2030303@bluerosetech.com> References: <20141202004302.GR70990@aura.veggiechinese.net> <547D4DD4.7080406@bluerosetech.com> <20141202054444.GA18729@aura.veggiechinese.net> <547DEA2A.1090606@bluerosetech.com> <20141202174250.GS70990@aura.veggiechinese.net> <20141202180557.GT70990@aura.veggiechinese.net> <547E0106.2030303@bluerosetech.com> Message-ID: <20141202182638.GU70990@aura.veggiechinese.net> On Tue, Dec 02, 2014 at 10:12:22AM -0800, Darren Pilgrim wrote: > On 12/2/2014 10:05 AM, Will Yardley wrote: > > I had some problems the first few times I restarted with ssl-params > > seeming to hang, but it finally works. > > That would have been dovecot generating the 4096-bit DH parameters. It > can take a bit, but Dovecot is quite fast at it. If Dovecot supported > it, you could use OpenSSL to generate tested-safe DH parameters and > supply them by file the same way you do for Postfix, nginx, etc. In this case, it was consuming a lot of CPU for 5+ minutes, and the .dat.tmp file hadn't been updated since the process started, so I'm not sure if something went wrong. strace on the ssl-params process itself (without following child procs, anyway) didn't seem to show anything happening. This happened for a couple of restarts. I enabled verbose ssl logging, restarted, and it seemed to work, then disabled verbose logging again, and it still works. w From list_dovecot at bluerosetech.com Tue Dec 2 18:34:15 2014 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Tue, 02 Dec 2014 10:34:15 -0800 Subject: disabling certain ciphers In-Reply-To: <20141202182638.GU70990@aura.veggiechinese.net> References: <20141202004302.GR70990@aura.veggiechinese.net> <547D4DD4.7080406@bluerosetech.com> <20141202054444.GA18729@aura.veggiechinese.net> <547DEA2A.1090606@bluerosetech.com> <20141202174250.GS70990@aura.veggiechinese.net> <20141202180557.GT70990@aura.veggiechinese.net> <547E0106.2030303@bluerosetech.com> <20141202182638.GU70990@aura.veggiechinese.net> Message-ID: <547E0627.4020607@bluerosetech.com> On 12/2/2014 10:26 AM, Will Yardley wrote: > In this case, it was consuming a lot of CPU for 5+ minutes, and the > .dat.tmp file hadn't been updated since the process started, so I'm not > sure if something went wrong. Yes, large DH parameters take time to generate, hence turning off regeneration. 5 minutes is pretty reasonable. From user+dovecot at localhost.localdomain.org Tue Dec 2 21:25:52 2014 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Tue, 02 Dec 2014 21:25:52 +0000 Subject: Unknown scheme SSHA256.HEX.b64 In-Reply-To: <1417233897728-50803.post@n4.nabble.com> References: <1417233897728-50803.post@n4.nabble.com> Message-ID: <547E2E60.3020600@localhost.localdomain.org> On 11/29/2014 04:04 AM, grundy wrote: > I'm getting a very strange error and I'm completely mystified by it. Thank > you so much for taking a look! > > I recently migrated some users from another dovecot server to my own, and > the previous admin had the passwords in their database using the SSHA256 > scheme in HEX format. All the password hashes are in my database (MySQL) > with a {SSHA256.HEX} prefix, and I thought at first that they were working > fine, but then I checked my logs and am seeing this: > > localhost dovecot: auth: Error: password(***@***.***): Unknown scheme > SSHA256.HEX.b64 > > (I have replaced the email address with asterisks) > > I am completely flabbergasted, as I can't imagine how "SSHA256.HEX.b64" is > even coming in to existence as a string. I have triple checked the database > and that combination appears nowhere in it. > > Does anybody have any idea how that is happening? Thanks again. You forgot to show `doveconf -n` output. Check the contents of the file mentioned in: `doveconf passdb | grep args` Regards, Pascal -- The trapper recommends today: beeffeed.1433622 at localdomain.org From skdovecot at smail.inf.fh-brs.de Wed Dec 3 06:56:41 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 3 Dec 2014 07:56:41 +0100 (CET) Subject: mail_location maildir:~/Maildir Invalid user settings[SOLVED] In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 26 Nov 2014, soko.tica wrote: > I was having quite a hard time configuring dovecot on OpenBSD -current. > > The problem was default Maildir setting in 10-mail.conf, namely: > mail_location maildir:~/Maildir > was unable to locate user's home directory. Dovecot makes use of an user's home dir in some situations. You should investigate the problem further, esp. if you think about to enable Sieve. > As far as I can remember, it was the correct setting on > OpenBSD-current a week or two ago. > Once I figured out and changed it to > mail_location maildir:/path/to/home/%u/Maildir > the problem was solved. Actally, you worked around the problem. Dovecot seems to have problems to read the home dir from /etc/passwd. Do you have some Unix-hardening stuff ( Mandatory Access Control, Systrace) in place? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVH60KXz1H7kL/d9rAQK1xAf9FCQdNxQlgKSsdflMLRWvWjzYr5DXrAfO PBly3bqtY1HrjK7yXA9zngntJ3OspdBG7Sbp8wyWQ7GAsNCCFviz/f+2S+tPlZ4b abqsNQ9kuR1J6o/ewUZQgRK0NivwRUv/1VU2NJ1EUiYGd5/u9k3FRQwuzR+Hax/t Mw9Joib68+yC6eX6V2zbUOriKEfhGDJaCZcBjxHPU6peDl9EQxBPqmtTQEe9APTw rvepTq1yxlK47Gpi6wCP77zLGSHJSexlDTtBgLc/7mW+svhKoXe1ORA+F7oBpTPj XkB0b/hq+lFOBJbjU3iRt7x8wLLcdl5idqXcx4x81Zk35jZnrDf0lA== =dVRV -----END PGP SIGNATURE----- From amateo at um.es Wed Dec 3 07:13:05 2014 From: amateo at um.es (Angel L. Mateo) Date: Wed, 03 Dec 2014 08:13:05 +0100 Subject: R: Re: best file system ? In-Reply-To: <562413438.287381417534691901.JavaMail.httpd@webmail-15.iol.local> References: <562413438.287381417534691901.JavaMail.httpd@webmail-15.iol.local> Message-ID: <547EB801.4070504@um.es> El 02/12/14 a las 16:38, absolutely_free at libero.it escribi?: > Hi Angel, > can you please share your dovecot configuration? I have attached our doveconf -n output. We have two imap servers (with the same configuration) and two more acting as proxy (with director) in front of them. These last direct user request to their corresponding server. For storage we are using our SAN (a HP 3PAR 7400) connecting to it with fibre channel. We have two XFS filesystems. One for mail indexes and the other for user mailboxes and attachment files. In these servers we are running ubuntu 12.04 with kernel 3.4.0. > What webmail are you using (if any)? We are using horde. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 868888337 -------------- next part -------------- # 2.1.16: /etc/dovecot/dovecot.conf # OS: Linux 3.4.0-030400-generic x86_64 Ubuntu 12.04.5 LTS auth_cache_negative_ttl = 0 auth_cache_size = 20 M auth_cache_ttl = 1 days auth_master_user_separator = * default_process_limit = 1024 disable_plaintext_auth = no log_timestamp = %Y-%m-%d %H:%M:%S login_trusted_networks = 155.54.211.176/28 mail_attachment_dir = /mail/users/attachments mail_gid = vmail mail_home = /mail/users/mailboxes/%2Ln/%Ln mail_location = mdbox:%h/mdbox:INDEX=/mail/indexes/%2Ln/%Ln mail_plugins = quota zlib lazy_expunge acl stats mail_log notify mail_privileged_group = mail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mdbox_rotate_size = 50 M namespace { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox SPAM { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . } namespace { hidden = yes list = no location = mdbox:%h/expunged:INDEX=/mail/indexes/%2Ln/%Ln/expunged prefix = BORRADOS. separator = . } namespace { list = children location = mdbox:%%h/mdbox:INDEX=/mail/indexes/%%2Ln/%%Ln prefix = shared.%%u. separator = . subscriptions = no type = shared } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } passdb { args = /etc/dovecot/dovecot-ldap-genericas.conf.ext driver = ldap } passdb { args = session=yes cache_key=%Ln-%w dovecot driver = pam } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=3600 lazy_expunge = BORRADOS. mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change save mailbox_create mail_log_fields = uid box msgid size quota = dict:User quota::file:%h/quota quota_rule = *:storage=10G quota_rule2 = Trash:storage=+1G sieve = ~/.dovecot.sieve sieve_default = /etc/dovecot/default.sieve sieve_dir = ~/sieve sieve_max_redirects = 15 stats_refresh = 30 secs stats_track_cmds = yes zlib_save = gz zlib_save_level = 6 } postmaster_address = postmaster at um.es protocols = " imap lmtp sieve pop3 sieve" service anvil { client_limit = 3075 } service auth { client_limit = 4096 unix_listener auth-userdb { mode = 0777 } } service doveadm { inet_listener { port = 24245 } } service imap { process_limit = 12000 process_min_avail = 6 vsz_limit = 512 M } service ipc { unix_listener ipc { user = dovecot } } service lmtp { inet_listener lmtp { port = 24 } process_min_avail = 10 vsz_limit = 512 M } service pop3 { process_min_avail = 6 } service stats { fifo_listener stats-mail { mode = 0666 } } ssl = no userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } userdb { args = /etc/dovecot/dovecot-ldap-genericas.conf.ext driver = ldap } protocol lmtp { mail_plugins = quota zlib lazy_expunge acl stats mail_log notify sieve } protocol lda { mail_plugins = quota zlib lazy_expunge acl stats mail_log notify sieve } protocol imap { mail_plugins = quota zlib lazy_expunge acl stats mail_log notify imap_quota imap_acl } protocol pop3 { pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, in=%i, out=%o } local 155.54.211.160/27/27 { doveadm_password = } From list at airstreamcomm.net Wed Dec 3 17:08:10 2014 From: list at airstreamcomm.net (List) Date: Wed, 03 Dec 2014 11:08:10 -0600 Subject: Exporting plain_pass using passwd driver Message-ID: <547F437A.6030708@airstreamcomm.net> I am trying to get a postlogin script running that can see the plain_pass=%w while running the passwd driver. This is running Dovecot 2.0.7 and so far everything I have tried results in the value being empty. From nikola at pregmatch.org Wed Dec 3 20:44:46 2014 From: nikola at pregmatch.org (Nikola Derikonjic) Date: Wed, 3 Dec 2014 21:44:46 +0100 Subject: "maildir_empty_new =?utf-8?Q?=3D_?=yes" not working Message-ID: <72AF711DFB1D4A2EB552BCCAA76BD745@pregmatch.org> I need for my dovecot-uidlist to be updated with next id when new email arrives (moved from new/ to cur/). This only happens now when I check for new email with my client. Setting maildir_empty_new = yes is not working. Do I have to uncomment something else as well maybe? I want to do some proemial pipe lets say for 10 emails. All of them will have same UID since dovecot-uidlist is not updated. I am suing 2.2.13 dovecot on Gentoo 64bit. This is my dovecot -n: # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.5-gentoo x86_64 Gentoo Base System release 2.2 auth_mechanisms = plain login digest-md5 first_valid_gid = 500 last_valid_gid = 2000 last_valid_uid = 2000 login_greeting = Santa server is ready. mail_gid = vmail mail_location = /var/vmail/%d/%n/:INDEX=/var/vmail/%d/%n/indexes mail_uid = vmail maildir_empty_new = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } ssl_ca = In calculating the column width multi-byte characters (eg umlauts, utf8) not properly analyzed: Username mailbox messages guid sh_berger Spam 0 a7b32818c14e5b54bf5500006ad9a53c sh_berger Entw?rfe 0 a4b32818c14e5b54bf5500006ad9a53c sh_berger Papierkorb 0 a6b32818c14e5b54bf5500006ad9a53c From jan.widel at networkers.pl Wed Dec 3 23:03:39 2014 From: jan.widel at networkers.pl (=?UTF-8?B?SmFuIFdpZGXFgg==?=) Date: Thu, 04 Dec 2014 00:03:39 +0100 Subject: Replication sieve scripts. Message-ID: <547F96CB.2080504@networkers.pl> Hi, according to changelog 2.2.rc3, dsync should replicate sieve scripts. Do I need turn on or switch some option(s), for this to work? Replication of mailboxes works great, only sieve scripts not. root at mail-1-proidea ~ # dpkg -l dovecot* | grep ^ii ii dovecot-core 2:2.2.15-1~auto+0 amd64 secure POP3/IMAP server - core files ii dovecot-imapd 2:2.2.15-1~auto+0 amd64 secure POP3/IMAP server - IMAP daemon ii dovecot-ldap 2:2.2.15-1~auto+0 amd64 secure POP3/IMAP server - LDAP support ii dovecot-lmtpd 2:2.2.15-1~auto+0 amd64 secure POP3/IMAP server - LMTP server ii dovecot-managesieved 2:2.2.15-1~auto+0 amd64 secure POP3/IMAP server - ManageSieve server ii dovecot-pop3d 2:2.2.15-1~auto+0 amd64 secure POP3/IMAP server - POP3 daemon ii dovecot-sieve 2:2.2.15-1~auto+0 amd64 secure POP3/IMAP server - Sieve filters support My configuration (doveconf-n): # 2.2.15: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-grsec-amd64 x86_64 Debian 7.7 ext4 auth_mechanisms = plain login auth_verbose = yes default_client_limit = 5000 default_process_limit = 500 default_vsz_limit = 768 M doveadm_password = xxxxxxxxx doveadm_port = 10900 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_gid = vmail mail_location = maildir:/srv/mail/virtual/%d/%u mail_plugins = " notify replication mail_log" mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate imapflags notify namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size mail_replica = tcps:mail2.xxxxxxx:10900 sieve = file:~/sieve;active=~/dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_global_dir = /etc/dovecot/sieve/global/ sieve_global_path = /etc/dovecot/sieve/default.sieve } postmaster_address = postmaster at networkers.pl protocols = " imap lmtp sieve pop3" replication_max_conns = 5 service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-client { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service doveadm { inet_listener { address = x.x.x.x port = 10900 ssl = yes } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_limit = 500 process_min_avail = 2 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { process_limit = 1024 } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { group = vmail mode = 0660 user = dovecot } } ssl = required ssl_cert = Thank you very much for your detailed explaination! >----Messaggio originale---- >Da: amateo at um.es >Data: 03/12/2014 8.13 >A: >Ogg: Re: R: Re: best file system ? > >El 02/12/14 a las 16:38, absolutely_free at libero.it escribi?: >> Hi Angel, >> can you please share your dovecot configuration? > > I have attached our doveconf -n output. We have two imap servers (with >the same configuration) and two more acting as proxy (with director) in >front of them. These last direct user request to their corresponding server. > > For storage we are using our SAN (a HP 3PAR 7400) connecting to it with >fibre channel. We have two XFS filesystems. One for mail indexes and the >other for user mailboxes and attachment files. > > In these servers we are running ubuntu 12.04 with kernel 3.4.0. > >> What webmail are you using (if any)? > > We are using horde. > >-- >Angel L. Mateo Mart?nez >Secci?n de Telem?tica >?rea de Tecnolog?as de la Informaci?n >y las Comunicaciones Aplicadas (ATICA) >http://www.um.es/atica >Tfo: 868887590 >Fax: 868888337 > From absolutely_free at libero.it Thu Dec 4 00:03:11 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Thu, 4 Dec 2014 01:03:11 +0100 (CET) Subject: Manual (file system level) message deletion Message-ID: <1998706054.884331417651391289.JavaMail.defaultUser@defaultHost> Hi,I use Dovecot + Postfix on CentOS server. I use maildir. What happen if I manually delete some messages (eg. the ones older than 6 months) for every use?I think that dovecot's indexes will be wrong... is this a potential performance issue?If so, how can I "rebuild" index file for every user? Thank you From thierry at odry.net Thu Dec 4 00:23:49 2014 From: thierry at odry.net (Thierry de Montaudry) Date: Thu, 4 Dec 2014 01:23:49 +0100 Subject: Manual (file system level) message deletion In-Reply-To: <1998706054.884331417651391289.JavaMail.defaultUser@defaultHost> References: <1998706054.884331417651391289.JavaMail.defaultUser@defaultHost> Message-ID: > On 04 Dec 2014, at 01:03, absolutely_free at libero.it wrote: > > Hi,I use Dovecot + Postfix on CentOS server. I use maildir. > What happen if I manually delete some messages (eg. the ones older than 6 months) for every use?I think that dovecot's indexes will be wrong... is this a potential performance issue?If so, how can I "rebuild" index file for every user? > Thank you Hi, As far as I experienced, dovecot can nicely recover from manually deleting some mails in a maildir tree, but still, I wouldn?t recommend it, as it take more time to resync a folder with a lot of mails. In your case, I would rather recommend to use the ?dovecot expunge? command as it updates the indexes while removing files. I do use it to remove older files in Trash and Spam folder, and it can be used per user or for all users. Here?s and example of the command line to remove any mail older than 6 weeks in the Spam folder: doveadm expunge -u ?email" mailbox Spam savedbefore 6w Replace '-u ?email?? with ?-A? to run it on all users. Regards, Thierry From skdovecot at smail.inf.fh-brs.de Thu Dec 4 08:19:06 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 4 Dec 2014 09:19:06 +0100 (CET) Subject: "maildir_empty_new = yes" not working In-Reply-To: <72AF711DFB1D4A2EB552BCCAA76BD745@pregmatch.org> References: <72AF711DFB1D4A2EB552BCCAA76BD745@pregmatch.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 3 Dec 2014, Nikola Derikonjic wrote: > I need for my dovecot-uidlist to be updated with next id when new email arrives (moved from new/ to cur/). Er, first of all: "when new email arrives" != "moved from new/ to cur/" > This only happens now when I check for new email with my client. This is "moved from new/ to cur/", for that you need a IMAP/POP-connection > Setting maildir_empty_new = yes is not working. Do I have to uncomment something else as well maybe? So, anything is correct. > I want to do some proemial pipe lets say for 10 emails. All of them will have same UID since dovecot-uidlist is not updated. OK, here you seem to access the message outside any IMAP/POP-connection on filesystem-level and you want the uid bumped up, "when new email arrives", meaning when the LDA drops the message in the Maildir. How do you deliver the messages with the LDA of your MTA or Dovecot? I guess, you do not use Dovecot LDA or LMTP? > I am suing 2.2.13 dovecot on Gentoo 64bit. > > This is my dovecot -n: > > # 2.2.13: /etc/dovecot/dovecot.conf > # OS: Linux 3.16.5-gentoo x86_64 Gentoo Base System release 2.2 > auth_mechanisms = plain login digest-md5 > first_valid_gid = 500 > last_valid_gid = 2000 > last_valid_uid = 2000 > login_greeting = Santa server is ready. > mail_gid = vmail > mail_location = /var/vmail/%d/%n/:INDEX=/var/vmail/%d/%n/indexes > mail_uid = vmail > maildir_empty_new = yes > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > service auth-worker { > user = vmail > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > unix_listener auth-userdb { > group = vmail > mode = 0666 > user = vmail > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0666 > user = postfix > } > } > ssl_ca = ssl_cert = ssl_key = ssl_key_password = notshown > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVIAY+nz1H7kL/d9rAQJocwgAnauUEKWe4ICZX0wtR5XhrMvb6KK/9vqO UtpSJ4xYceJajdqXVbmVWGIaF+0j5O+hp2a+/c9XCRrjCsTxNBfMddPudJZnYdSx fASuk29gcdk3F5tA/ZJY4E9v76tmwbkXgc+DPU1WZLN7I0m/0vcsOJxonu7Ew8FQ 4C+ZW8xIwB0ZWLfoti7PhhwkpNHA7sJ2e1mGVB1LkyqF+GguWmqiyIy9F1iOIi6u 0dxtb4IUAzOTzb4TPXoH4k0lAnuOLbWa/SeZFYRun6MrKFhtd3kPT7eH/h5teTj/ MaGeIC1m0i2l/6EogbSCn7p4Eo38iPTZng2Yx4FInDTHdRb/4b51sA== =VcSk -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Thu Dec 4 08:22:41 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 4 Dec 2014 09:22:41 +0100 (CET) Subject: "maildir_empty_new = yes" not working In-Reply-To: References: <72AF711DFB1D4A2EB552BCCAA76BD745@pregmatch.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 4 Dec 2014, Steffen Kaiser wrote: > On Wed, 3 Dec 2014, Nikola Derikonjic wrote: > >> I need for my dovecot-uidlist to be updated with next id when new email >> arrives (moved from new/ to cur/). > > Er, first of all: > > "when new email arrives" != "moved from new/ to cur/" > >> This only happens now when I check for new email with my client. > > This is "moved from new/ to cur/", for that you need a IMAP/POP-connection > >> Setting maildir_empty_new = yes is not working. Do I have to uncomment >> something else as well maybe? > > So, anything is correct. > >> I want to do some proemial pipe lets say for 10 emails. All of them will >> have same UID since dovecot-uidlist is not updated. > > OK, here you seem to access the message outside any IMAP/POP-connection on > filesystem-level and you want the uid bumped up, "when new email arrives", > meaning when the LDA drops the message in the Maildir. How do you deliver > the messages with the LDA of your MTA or Dovecot? I guess, you do not use > Dovecot LDA or LMTP? Oh, there is: http://wiki2.dovecot.org/Tools/Doveadm/Index, too. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVIAZ0nz1H7kL/d9rAQKbdgf8DKxOM5NS/NwFqUlCy/Ir4WsArFhqj0up W6uqBuJ15FBJBRaQp5noiHy7C7IKFmJHaHnp2ae6rQv5DdzwC4/kGNosGAw9CkwB kxqtgVJZg24/sCjLKWItpAa1A6IutwAKXgD9wsZ5697WMoF67e1GJZS9NpgMRIUs PJ5Nry2NK7kquOzGBHkE/SrJSq2eYSli2UBu4sZoUdLJ5xMoIZqCWM1wOI371PNR bt/5Nlveb7VcUhWHjA+AHe6R4UlBU2/cqhgeR21ehuJvISEZpdPZi4QfyyDv1+Hs GvqDZkPd0tuooVrlduN7ICtdFdYwvE0JByZh5IWB+PtnMFWTDHh9bA== =TGyw -----END PGP SIGNATURE----- From sca at andreasschulze.de Thu Dec 4 09:36:06 2014 From: sca at andreasschulze.de (A. Schulze) Date: Thu, 04 Dec 2014 10:36:06 +0100 Subject: does lda_save_to_detail_mailbox exist? Message-ID: <20141204103606.Horde.EFFvIC9TdiIUONjYbz9f3w2@horde.andreasschulze.de> Hello, there is a nice feature in lmtp to save messages to user+foo at domain in INBOX/foo Looks like that doesn't work as good if lda is used. I have dovecot-2.2.13 mail_location = maildir:%h/ lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes *lmtp*_save_to_detail_mailbox = yes messages to user+foo generate an error and are saved to INBOX not matter if INBOX/foo exist or not: Dec 4 09:40:59 mail dovecot: lda(user at example.org): Debug: Effective uid=10020, gid=10020, home=/var/mail/user at example.org/ Dec 4 09:40:59 mail dovecot: lda(user at example.org): Debug: Destination address: user at example.org (source: user at hostname) Dec 4 09:40:59 mail dovecot: lda(user at example.org): msgid=<3jtWlm3FCHz52KG at localhost>: save failed to open mailbox foo: Mailbox can't be created Dec 4 09:40:59 mail dovecot: lda(user at example.org): msgid=<3jtWlm3FCHz52KG at localhost>: saved mail to INBOX # doveadm user -u user at example.org userdb: user at example.org home : /var/mail/user at example.org/ quota_rule: *:bytes=1000000 master_user: user at example.org # doveadm mailbox list -u user at example.org INBOX INBOX/bar Possible, that *lda*_save_to_detail_mailbox is simply not implemented? Thanks, Andreas From sca at andreasschulze.de Thu Dec 4 09:59:14 2014 From: sca at andreasschulze.de (A. Schulze) Date: Thu, 04 Dec 2014 10:59:14 +0100 Subject: SOLVED: does lda_save_to_detail_mailbox exist? In-Reply-To: <20141204103606.Horde.EFFvIC9TdiIUONjYbz9f3w2@horde.andreasschulze.de> Message-ID: <20141204105914.Horde.2oBOqGCRHSIgR_9uXlr_FA7@horde.andreasschulze.de> A. Schulze: > there is a nice feature in lmtp to save messages to user+foo at domain > in INBOX/foo > Looks like that doesn't work as good if lda is used. It works! for some reasons I don't follow the suggestion on http://wiki2.dovecot.org/LDA/Qmail I use '/var/qmail/bin/preline -f /usr/lib/dovecot/dovecot-lda -f "${SENDER}" -d ${LOCAL%+*}@${HOST} ${EXT:+ -m INBOX/$EXT}' do let qmail support the '+' as recipient delimiter. And here last variable must expand to "INBOX/$EXT". That's all. Andreas From alessio at skye.it Thu Dec 4 10:01:21 2014 From: alessio at skye.it (Alessio Cecchi) Date: Thu, 04 Dec 2014 11:01:21 +0100 Subject: does lda_save_to_detail_mailbox exist? In-Reply-To: <20141204103606.Horde.EFFvIC9TdiIUONjYbz9f3w2@horde.andreasschulze.de> References: <20141204103606.Horde.EFFvIC9TdiIUONjYbz9f3w2@horde.andreasschulze.de> Message-ID: <548030F1.9080606@skye.it> Il 04/12/2014 10:36, A. Schulze ha scritto: > Hello, > > there is a nice feature in lmtp to save messages to user+foo at domain in > INBOX/foo > Looks like that doesn't work as good if lda is used. Yes, its possibile to delivery email in "foo" but with dovecot-lda you must specify the option "-m FOLDER" to dovecot-lda, for example, if you use postfix: argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient} -m{extension} From man dovecot-lda: -m mailbox Destination mailbox (default is INBOX). If the mailbox doesn't exist, it will not be created (unless the lda_mailbox_autocreate setting is set to yes). If a message couldn't be saved to the mailbox for any reason, it's delivered to INBOX instead. Ciao From vvu at mcra.iliadgroupe.fr Fri Dec 5 09:55:01 2014 From: vvu at mcra.iliadgroupe.fr (Vu Ngoc VU) Date: Fri, 5 Dec 2014 10:55:01 +0100 (CET) Subject: speed up doveadm search Message-ID: Hello, I have recently migrated our mail accounts from old setup with courier-imapd to Dovecot 2. I thought that I can search quicky messages in mailboxes with doveadm because of indexes. Our users are asking (sometimes) to remove messages that they have sent wrongly. Some of them are coming from Exchange, and there is a feature in Outlook to recall (to delete) a message. So basically, they give me some infos (date, sender, subject) of message to remove. And I planned to do "doveadm search", then "doveadm fetch" and at last "doveadm expunge" on the found results. But it appears that the first run of doveadm is very slow. I don't know if it is because some indexes/caches are missing at this time. But when I run again same commands it is fast. Could you tell me if I speed up search on our maildir storage? I have no idea if I must manually (or with cron) run "doveadm index" on all our accounts because index/cache is only generated when users access their mailboxes. Or do I have to tune some settings like : mail_always_cache_fields, mail_cache_fields, mail_cache_min_mail_count, mail_never_cache_fields Thanks From mlnospam at yahoo.com Fri Dec 5 11:24:57 2014 From: mlnospam at yahoo.com (ML mail) Date: Fri, 5 Dec 2014 11:24:57 +0000 (UTC) Subject: MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN Message-ID: <1874692956.5487101.1417778697822.JavaMail.yahoo@jws10698.mail.bf1.yahoo.com> Hello, I am wondering which variant is more secure for user authentication and password scheme. Basically I am looking at both variants: 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism In my opinion the option 2) should be safer although it is using PLAIN auth mechanism. Of course I would always use STARTTLS and not allow unencrypted connection. What is your opinion? Best, ML From gdrub13 at gmail.com Fri Dec 5 14:16:16 2014 From: gdrub13 at gmail.com (rub zorghy) Date: Fri, 5 Dec 2014 15:16:16 +0100 Subject: Dovecot Director and Dovecot proxy In-Reply-To: <547CA558.70100@skye.it> References: <547CA558.70100@skye.it> Message-ID: Hi Alessio, Thank you very much for your detailed explanation. gdrub 2014-12-01 18:28 GMT+01:00 Alessio Cecchi : > > Il 01/12/2014 17:11, rub zorghy ha scritto: > >> Why Dovecot Director server isn't used to perform this without Dovecot >> proxy ? Thus, the load balancer (F5 Big-IP) can distribute requests based >> on IMAP protocol to Dovecot Director cluster. >> > I think that the slide is just one example of a scenario ,very complex. In > real world, > unless you do not have to segment users (some users use Exchange, others > use Dovecot, but all user use imap.corporate.com, the proxy, for login) > you don't need a Proxy in front of Director. > > Load balancer is only for HA. > > Ciao > From list_dovecot at bluerosetech.com Fri Dec 5 17:23:02 2014 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Fri, 05 Dec 2014 09:23:02 -0800 Subject: MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN In-Reply-To: <1874692956.5487101.1417778697822.JavaMail.yahoo@jws10698.mail.bf1.yahoo.com> References: <1874692956.5487101.1417778697822.JavaMail.yahoo@jws10698.mail.bf1.yahoo.com> Message-ID: <5481E9F6.3060401@bluerosetech.com> On 12/5/2014 3:24 AM, ML mail wrote: > Hello, > > I am wondering which variant is more secure for user authentication and password scheme. Basically I am looking at both variants: > > 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism > 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism > > In my opinion the option 2) should be safer although it is using PLAIN auth mechanism. Of course I would always use STARTTLS and not allow unencrypted connection. > > What is your opinion? Option 2 without hesitation. MD5-CRYPT: - is extremely weak - was phased out as the default password hash long ago - needs to die out CRAM-MD5: - is either redundant or insufficient - is not universally supported - limits your authentication backend options From list at airstreamcomm.net Fri Dec 5 17:28:15 2014 From: list at airstreamcomm.net (List) Date: Fri, 05 Dec 2014 11:28:15 -0600 Subject: doveadm backup gmail using imapc Message-ID: <5481EB2F.90406@airstreamcomm.net> I am trying to sync a gmail inbox with dovecot 2.2.10 using the following config: imapc_host = 64.233.171.108 imapc_user = %u imapc_master_user = master imapc_password = secret imapc_features = rfc822.size imapc_features = $imapc_features fetch-headers mail_prefetch_count = 20 # If the old IMAP server uses INBOX. namespace prefix, set: #imapc_list_prefix = INBOX # for SSL: imapc_port = 993 imapc_ssl = imaps #imapc_ssl_ca_dir = /etc/ssl imapc_ssl_verify = no And the doveadm command: doveadm -D -o imapc_user=test at domain.tld -o imapc_password=password backup -R -x '\All' -x '\Flagged' -x '\Important' -u test at domain.tld imapc: I am getting the error: dsync(test at domain.tld: Error: Mailbox INBOX sync: mailbox_delete failed: INBOX can't be deleted. What I really want to do is just sync Gmail's inbox, drafts, sent, trash/archive, and spam folders to my new system. Is this possible using imapc? From gdrub13 at gmail.com Fri Dec 5 19:04:38 2014 From: gdrub13 at gmail.com (rub zorghy) Date: Fri, 5 Dec 2014 20:04:38 +0100 Subject: Size of array hosts, vhosts_count and modulo operation Message-ID: Hi, Timo Sirainen wrote (May 19, 2010 1:50:34 am) : "When a connection from a newly seen user arrives, it gets assigned to a mail server according to a function: host = vhosts[ md5(username) mod vhosts_count ]" This hash function is it still used as it is without modification ? My another question sounds pretty innocent but I have doubts about vhosts_count. Taking two directors with three backend Dovecot as an example, the number of (v)hosts assigned for each host is "100" (default value of the vhost_count variable). I gather that the value for vhosts_count (to perform the modulo operation) and the size or length of the array (vhosts[]) in terms of number of elements are equal to 300. Thx so much. gdrub From nick.z.edwards at gmail.com Sat Dec 6 01:35:58 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Sat, 6 Dec 2014 11:35:58 +1000 Subject: MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN In-Reply-To: <1874692956.5487101.1417778697822.JavaMail.yahoo@jws10698.mail.bf1.yahoo.com> References: <1874692956.5487101.1417778697822.JavaMail.yahoo@jws10698.mail.bf1.yahoo.com> Message-ID: On 12/5/14, ML mail wrote: > Hello, > > I am wondering which variant is more secure for user authentication and > password scheme. Basically I am looking at both variants: > > 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism > 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism > > In my opinion the option 2) should be safer although it is using PLAIN auth > mechanism. Of course I would always use STARTTLS and not allow unencrypted > connection. Thats not exactly a true statement, if you offer STARTTLS you are optional on encryption, if you mean not allow unencrypted connections then you are forcing TLS, not STARTTLS since the latter is designed to accept unencrypted and then _try_ upgrade to encryption if possible, if not, stay unencrypted. > > What is your opinion? > Number 2 as the other poster said without hesitation and for reasons he said From jan.widel at networkers.pl Sat Dec 6 05:56:00 2014 From: jan.widel at networkers.pl (=?UTF-8?B?SmFuIFdpZGXFgg==?=) Date: Sat, 06 Dec 2014 06:56:00 +0100 Subject: MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN In-Reply-To: References: <1874692956.5487101.1417778697822.JavaMail.yahoo@jws10698.mail.bf1.yahoo.com> Message-ID: <54829A70.3030008@networkers.pl> On 12/06/2014 02:35 AM, Nick Edwards wrote: > On 12/5/14, ML mail wrote: >> Hello, >> >> I am wondering which variant is more secure for user authentication and >> password scheme. Basically I am looking at both variants: >> >> 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism >> 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism >> >> In my opinion the option 2) should be safer although it is using PLAIN auth >> mechanism. Of course I would always use STARTTLS and not allow unencrypted >> connection. > > Thats not exactly a true statement, if you offer STARTTLS you are > optional on encryption, if you mean not allow unencrypted connections > then you are forcing TLS, not STARTTLS since the latter is designed to > accept unencrypted and then _try_ upgrade to encryption if possible, > if not, stay unencrypted. If you add disable_plaintext_auth=yes ssl=required settings, then dovecot will drop authentication without STARTTLS. But damage will be done, client will send unencrypted (or in this scenario MD5 or SHA512 hash) login/password. http://wiki2.dovecot.org/SSL >> What is your opinion? >> > Number 2 as the other poster said without hesitation and for reasons he said +1 -- Jan Wide? Senior System Administrator e-mail: jan.widel at networkers.pl mobile: +48 797 004 946 www: http://www.networkers.pl GPG: http://networkers.pl/GPG/2E7359CD.asc From h.reindl at thelounge.net Sat Dec 6 12:10:58 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 06 Dec 2014 13:10:58 +0100 Subject: MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN In-Reply-To: <54829A70.3030008@networkers.pl> References: <1874692956.5487101.1417778697822.JavaMail.yahoo@jws10698.mail.bf1.yahoo.com> <54829A70.3030008@networkers.pl> Message-ID: <5482F252.8010905@thelounge.net> Am 06.12.2014 um 06:56 schrieb Jan Wide?: > If you add disable_plaintext_auth=yes ssl=required settings, then > dovecot will drop authentication without STARTTLS. But damage will be > done, client will send unencrypted (or in this scenario MD5 or SHA512 > hash) login/password no, damage will *not* be done STARTTLS happens in context of connect and *log before* any authentication is tried the handshake between client/server fails -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From pada at posteo.de Sat Dec 6 13:40:55 2014 From: pada at posteo.de (Daniel Parthey) Date: Sat, 06 Dec 2014 14:40:55 +0100 Subject: MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN In-Reply-To: <5482F252.8010905@thelounge.net> References: <1874692956.5487101.1417778697822.JavaMail.yahoo@jws10698.mail.bf1.yahoo.com> <54829A70.3030008@networkers.pl> <5482F252.8010905@thelounge.net> Message-ID: Am 6. Dezember 2014 13:10:58 MEZ, schrieb Reindl Harald : > >Am 06.12.2014 um 06:56 schrieb Jan Wide?: >> If you add disable_plaintext_auth=yes ssl=required settings, then >> dovecot will drop authentication without STARTTLS. But damage will be >> done, client will send unencrypted (or in this scenario MD5 or SHA512 >> hash) login/password > >no, damage will *not* be done > >STARTTLS happens in context of connect and *log before* any >authentication is tried the handshake between client/server fails If the client is misconfigured to not strictly require STARTTLS, but to allow plaintext authentication too, and some man in the middle strips the STARTTLS capability from the server capability message, then the client will probably send its password login attempt in plaintext, without even trying to establish a STARTTLS session, because the server seemed to be incapable of STARTTLS. So you might need to teach your users to enforce STARTTLS in their email client in order to mitigate MITM attacks. Regards Daniel From h.reindl at thelounge.net Sat Dec 6 14:12:08 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 06 Dec 2014 15:12:08 +0100 Subject: MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN In-Reply-To: References: <1874692956.5487101.1417778697822.JavaMail.yahoo@jws10698.mail.bf1.yahoo.com> <54829A70.3030008@networkers.pl> <5482F252.8010905@thelounge.net> Message-ID: <54830EB8.3050207@thelounge.net> Am 06.12.2014 um 14:40 schrieb Daniel Parthey: > Am 6. Dezember 2014 13:10:58 MEZ, schrieb Reindl Harald : >> >> Am 06.12.2014 um 06:56 schrieb Jan Wide?: >>> If you add disable_plaintext_auth=yes ssl=required settings, then >>> dovecot will drop authentication without STARTTLS. But damage will be >>> done, client will send unencrypted (or in this scenario MD5 or SHA512 >>> hash) login/password >> >> no, damage will *not* be done >> >> STARTTLS happens in context of connect and *log before* any >> authentication is tried the handshake between client/server fails > > If the client is misconfigured to not strictly require STARTTLS, but to allow plaintext authentication too, and some man in the middle strips the STARTTLS capability from the server capability message, then the client will probably send its password login attempt in plaintext, without even trying to establish a STARTTLS session, because the server seemed to be incapable of STARTTLS. > > So you might need to teach your users to enforce STARTTLS in their email client in order to mitigate MITM attacks that's so far true but: * if you require STARTTLS try to setup the account without TLS fails while "not strictly require STARTTLS" is a issue of the past where Thunderbird offered "TLS if available" * so that MITM needs to happen in the timeframe where the user configures the account the first time not chose STARTTLS * after the account was configured that MITM is no longer possible MITM which strips STARTTLS is more an issue in case of opportunistic TLS between MTA's frankly i still don't understand the stupidity of deprecate 465 in favor of STARTTLS instead use 465/993/995 in context of mail-clients which would "MITM strip away STARTTLS" not make possible at all from a straight technical point of view the only *real* use-case for STARTTLS ist MTA-to-MTA on Port 25 which don't send credentials at all -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From jan.widel at networkers.pl Sat Dec 6 14:57:53 2014 From: jan.widel at networkers.pl (=?UTF-8?Q?Jan_Wide=C5=82?=) Date: Sat, 06 Dec 2014 15:57:53 +0100 Subject: MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN In-Reply-To: <5482F252.8010905@thelounge.net> References: <1874692956.5487101.1417778697822.JavaMail.yahoo@jws10698.mail.bf1.yahoo.com> <54829A70.3030008@networkers.pl> <5482F252.8010905@thelounge.net> Message-ID: W dniu 2014-12-06 13:10, Reindl Harald napisa?(a): > Am 06.12.2014 um 06:56 schrieb Jan Wide?: >> If you add disable_plaintext_auth=yes ssl=required settings, then >> dovecot will drop authentication without STARTTLS. But damage will be >> done, client will send unencrypted (or in this scenario MD5 or SHA512 >> hash) login/password > > no, damage will *not* be done > > STARTTLS happens in context of connect and *log before* any > authentication is tried the handshake between client/server fails Yes, of course you are right. I meant that client is misconfigured by forced not to use TLS. -- Jan Wide? Senior System Administrator e-mail: jan.widel at networkers.pl mobile: +48 797 004 946 www: http://www.networkers.pl GPG: http://networkers.pl/GPG/2E7359CD.asc From nospam.list at unclassified.de Sat Dec 6 23:22:23 2014 From: nospam.list at unclassified.de (Yves Goergen) Date: Sun, 07 Dec 2014 00:22:23 +0100 Subject: userdb lookup not possible with only userdb prefetch Message-ID: <54838FAF.8030703@unclassified.de> Hello, I am setting up a new server and migrating my Dovecot 1.2.9 config to the new 2.2.9 version. There wasn't much to keep from the old version so I had to recreate the config from scratch. Now I think I'm done but I can't login to IMAP. The log says this: > dovecot: auth: Error: prefetch(box@****.de,2001:****:7765,): userdb lookup not possible with only userdb prefetch > dovecot: auth: Error: userdb(box@****.de,2001:****:7765,): user not found from userdb prefetch > dovecot: imap: Error: Authenticated user not found from userdb, auth lookup id=178651137 (client-pid=13711 client-id=1) > dovecot: imap-login: Internal login failure (pid=13711 id=1) (internal failure, 1 successful auths): user=, method=PLAIN, rip=2001:****:7765, lip=2a01:****:2, mpid=13717, TLS, session= That doesn't help me a lot. Here's parts of my configuration, dumped with 'dovecot -n': > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.13.0-40-generic x86_64 Ubuntu 14.04.1 LTS > auth_mechanisms = plain login > disable_plaintext_auth = no > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > quota = maildir > } > protocols = imap pop3 > userdb { > driver = prefetch > } > protocol imap { > mail_max_userip_connections = 100 > mail_plugins = quota imap_quota > } What's the problem here? How can I resolve this issue? -- Yves Goergen http://unclassified.de http://dev.unclassified.de From ad+lists at uni-x.org Sat Dec 6 23:56:28 2014 From: ad+lists at uni-x.org (Alexander Dalloz) Date: Sun, 07 Dec 2014 00:56:28 +0100 Subject: userdb lookup not possible with only userdb prefetch In-Reply-To: <54838FAF.8030703@unclassified.de> References: <54838FAF.8030703@unclassified.de> Message-ID: <548397AC.7040303@uni-x.org> Am 07.12.2014 um 00:22 schrieb Yves Goergen: > Hello, > > I am setting up a new server and migrating my Dovecot 1.2.9 config to > the new 2.2.9 version. There wasn't much to keep from the old version so > I had to recreate the config from scratch. Now I think I'm done but I > can't login to IMAP. The log says this: > >> dovecot: auth: Error: >> prefetch(box@****.de,2001:****:7765,): >> userdb lookup not possible with only userdb prefetch >> dovecot: auth: Error: >> userdb(box@****.de,2001:****:7765,): >> user not found from userdb prefetch >> dovecot: imap: Error: Authenticated user not found from userdb, auth >> lookup id=178651137 (client-pid=13711 client-id=1) >> dovecot: imap-login: Internal login failure (pid=13711 id=1) (internal >> failure, 1 successful auths): user=, method=PLAIN, >> rip=2001:****:7765, lip=2a01:****:2, mpid=13717, TLS, >> session= > > That doesn't help me a lot. Here's parts of my configuration, dumped > with 'dovecot -n': > >> # 2.2.9: /etc/dovecot/dovecot.conf >> # OS: Linux 3.13.0-40-generic x86_64 Ubuntu 14.04.1 LTS >> auth_mechanisms = plain login >> disable_plaintext_auth = no >> namespace inbox { >> inbox = yes >> location = >> mailbox Drafts { >> special_use = \Drafts >> } >> mailbox Junk { >> special_use = \Junk >> } >> mailbox Sent { >> special_use = \Sent >> } >> mailbox "Sent Messages" { >> special_use = \Sent >> } >> mailbox Trash { >> special_use = \Trash >> } >> prefix = >> } >> passdb { >> args = /etc/dovecot/dovecot-sql.conf.ext >> driver = sql >> } >> plugin { >> quota = maildir >> } >> protocols = imap pop3 >> userdb { >> driver = prefetch >> } >> protocol imap { >> mail_max_userip_connections = 100 >> mail_plugins = quota imap_quota >> } > > What's the problem here? How can I resolve this issue? You did fulfill the requzirements for prefetch to work documented in the wiki? http://wiki2.dovecot.org/UserDatabase/Prefetch Alexander From tk at giga.or.at Sun Dec 7 08:45:17 2014 From: tk at giga.or.at (Thomas Klausner) Date: Sun, 7 Dec 2014 09:45:17 +0100 Subject: dovecot & Apple Mail & maildir & lots of Mail In-Reply-To: <20141121215238.GK12758@danbala.tuwien.ac.at> References: <20141121215238.GK12758@danbala.tuwien.ac.at> Message-ID: <20141207084517.GW18300@danbala.tuwien.ac.at> On Fri, Nov 21, 2014 at 10:52:38PM +0100, Thomas Klausner wrote: > I have dovecot 2.1.12 running on a mail server, and recently > configured Apple Mail to connect to it using secure IMAP, for the > first time. > > At the beginning it just showed the inbox and everything was fine, but > then I wanted to look at some of my folders and found the 'subscribe' > menu. When I opened it, Apple Mail went to discover what mailboxes > there are, and that's where my trouble began. > > It seemed to make good progress for some time (though slow -- over > days), and now lists the mailboxes from starting with letters a to d > on the left hand side (filling all the visible space, so there might > be more). However, whenever Apple Mail gets focus, the cursor becomes > a spinning rainbow circle and I can't interact with it. > > I tried deleting the mail account and setting it up again. The inbox > was shown again immediately and Apple Mail was usable, but the first > time the cursor moved over the mailboxes on the left hand side, it > froze again. > > There were two imap processes on the server, one rather idle, the > other eating CPU for about two minutes, then idling, and some time > later it disappeared too. > > My Mail directory is 31G with about 180 directories, each containing > mails in maildir format. One thing that happened twice now is that files like these appear: /home/user/Mail/dir/cur/.imap/1312388125.11233_28123.host:2,S/dovecot.index.log but they don't go away for days. How can that happen? Can/should I delete these files? Thomas From nospam.list at unclassified.de Sun Dec 7 11:04:06 2014 From: nospam.list at unclassified.de (Yves Goergen) Date: Sun, 07 Dec 2014 12:04:06 +0100 Subject: userdb lookup not possible with only userdb prefetch In-Reply-To: <548397AC.7040303@uni-x.org> References: <54838FAF.8030703@unclassified.de> <548397AC.7040303@uni-x.org> Message-ID: <54843426.2030409@unclassified.de> Am 07.12.2014 um 00:56 schrieb Alexander Dalloz: > You did fulfill the requzirements for prefetch to work documented in the > wiki? > > http://wiki2.dovecot.org/UserDatabase/Prefetch Ehm, this is my SQL configuration 'dovecot-sql.conf.ext': > driver = mysql > connect = host=**** user=**** password=**** dbname=**** > default_pass_scheme = PLAIN > password_query = \ > SELECT \ > local AS username, domain, clearpass AS password, \ > concat(maildir, '/home') AS home, maildir AS mail \ > FROM mailusers \ > WHERE local = '%n' AND domain = '%d' AND forward = '' AND NOT locked Now that I've found the page you gave me (didn't see it before, but I must say that wiki is not easily readable, pretty confusing) I think the column names must be different. Instead of: username, domain, password, home, mail Should I return: username, domain, password, userdb_home, userdb_mail? And what does that comment in the example mean? "# The userdb below is used only by lda." Should I use only userdb:driver=prefetch, or should I include a separate userdb section as if I wouldn't use prefetch? Again, confusing. Why does it have to be two separate queries at all? Just use one and take what you get. If some required column is missing and the value isn't set in the configuration, you can still throw an error. -- Yves Goergen http://unclassified.de http://dev.unclassified.de From dovecot-mailing-list at whyaskwhy.org Sun Dec 7 17:44:29 2014 From: dovecot-mailing-list at whyaskwhy.org (deoren) Date: Sun, 07 Dec 2014 11:44:29 -0600 Subject: userdb lookup not possible with only userdb prefetch In-Reply-To: <54843426.2030409@unclassified.de> References: <54838FAF.8030703@unclassified.de> <548397AC.7040303@uni-x.org> <54843426.2030409@unclassified.de> Message-ID: <548491FD.3050400@whyaskwhy.org> On 12/7/2014 5:04 AM, Yves Goergen wrote: > Am 07.12.2014 um 00:56 schrieb Alexander Dalloz: >> You did fulfill the requzirements for prefetch to work documented in the >> wiki? >> >> http://wiki2.dovecot.org/UserDatabase/Prefetch > > Ehm, this is my SQL configuration 'dovecot-sql.conf.ext': > >> driver = mysql >> connect = host=**** user=**** password=**** dbname=**** >> default_pass_scheme = PLAIN >> password_query = \ >> SELECT \ >> local AS username, domain, clearpass AS password, \ >> concat(maildir, '/home') AS home, maildir AS mail \ >> FROM mailusers \ >> WHERE local = '%n' AND domain = '%d' AND forward = '' AND NOT locked > > Now that I've found the page you gave me (didn't see it before, but I > must say that wiki is not easily readable, pretty confusing) I think the > column names must be different. > > Instead of: username, domain, password, home, mail > Should I return: username, domain, password, userdb_home, userdb_mail? I too made a similar mistake and struggled for a while to understand why my attempts were failing. If using the prefetch userdb driver you have to return values from your database using appropriate aliases to match the expected names. Here is what I'm using for the 'password_query': password_query = \ SELECT email AS user, password, \ 'vmail' AS userdb_uid, \ 'vmail' AS userdb_gid, \ '/var/vmail/%d/%n' as userdb_home \ FROM virtual_users \ WHERE email = '%u' \ AND enabled = '1'; Depending on your db layout you'll have different source values, but as long as you end up returning the values under the right column names (or aliases) it should work. My current db design needs improvement (as the static placeholder values in the above query shows), but it works as-is for now. > And what does that comment in the example mean? "# The userdb below is > used only by lda." Should I use only userdb:driver=prefetch, or should I > include a separate userdb section as if I wouldn't use prefetch? Again, > confusing. Why does it have to be two separate queries at all? Just use > one and take what you get. If some required column is missing and the > value isn't set in the configuration, you can still throw an error. I can't speak to the design, but from what I've read the userdb sections have a "fall through" approach. If one doesn't provide the sought after information the next userdb section is used. >From the http://wiki2.dovecot.org/UserDatabase/Prefetch wiki page: > Prefetch userdb can be used to combine passdb and userdb lookups into a single lookup. It's usually used with SQL, LDAP and checkpassword passdbs. > > Prefetch basically works by requiring that the passdb returns the userdb information in extra fields with userdb_ prefixes. For example if a userdb typically returns uid, gid and home fields, the passdb would have to return userdb_uid, userdb_gid and userdb_home fields. > > If you're using LDA, you still need a valid userdb which can be used to locate the users. You can do this by adding a normal SQL/LDAP userdb after the userdb prefetch. The order of definitions is significant. See below for examples. > > LDAP: auth_bind=yes with auth_bind_userdn-template is incompatible with prefetch, because no passdb lookup is done then. If you want zero LDAP lookups, you might want to use static userdb instead of prefetch. Here are my values for the auth-sql.conf.ext file (comments removed): passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } userdb { driver = prefetch } userdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } Here are my comments for the last userdb entry as a reminder to myself: > Based on my readings this is used for doveadm queries which returns a list of all users, LDA (which we don't use) and LMTP (which we do). I believe the prefetch entry above will be used before this one, which would leave this entry to be used only for for doveadm queries that request a list of all users To circle back, here are the remaining two queries from my copy of dovecot-sql.conf.ext: # NEEDED for LDA/LMTP if we don't include a static userdb entry user_query = SELECT email as user, \ '/var/vmail/%d/%n' as home \ FROM virtual_users \ WHERE email = '%u' \ AND enabled = '1'; iterate_query = SELECT email AS user \ FROM virtual_users \ WHERE enabled='1'; My comments for the last query: > Query to get a list of all usernames. Requires a 'userdb' entry in # auth-sql.conf.ext that refers back to this file. Normally it matches the 'passdb' stanza aside from the name. P.S. The substitution used ('%u' vs '%n') will depend on how you have your user information stored. The comments in dovecot-sql.conf.ext provide some sample queries to illustrate that. As my queries suggest, my db setup uses the 'username at example.org' format for user names. Had I thought about it a little more I might have opted to instead store the user and domain values in separate fields, but then again maybe not. Something to be aware of anyway. From maxraafat at gmail.com Mon Dec 8 00:53:21 2014 From: maxraafat at gmail.com (Max Raafat) Date: Mon, 8 Dec 2014 01:53:21 +0100 Subject: Missing metadata on Dovecot 2.2.14, on Kolab 3.3, Centos 6.6 Message-ID: Hello everyone, We were trying to provision a system with Dovecot instead of another working cyrus kolab system. I am stuck with a problem with the metadata, especially when it comes to the Special Folders in Kolab 3.3, like Calenders, Tasks, etc, as well as any user created Folders. Emails work perfectly, and all the types are correct. But for example, If I try to change the type of Calenders, or create a new folder from inside roundcube and set it to type "Calenders", it stays at the default which is "mail". Therefore it causes problems, when sharing events, since they are displayed as "mail" type and not "event" type. We've tracked the problem down to the metadata not existing for special folders. A simple search only shows the default "mail" metadata, but nothing for shared folders, or special folders, etc. Here is the doveconf -n ------------------------------------------------------------------------------------------------------------- [root at m3 ~]# doveconf -n # 2.2.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-504.el6.x86_64 x86_64 CentOS release 6.6 (Final) imap_metadata = yes mail_attribute_dict = file:Maildir/dovecot-metadata mail_gid = 5000 mail_location = maildir:~/Maildir mail_plugins = " acl" mail_uid = 5000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%u/ separator = / type = shared } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { driver = shadow } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { group = vmail user = vmail } } service dict { unix_listener dict { group = vmail mode = 0666 user = vmail } } service lmtp { executable = lmtp unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { address = 127.0.0.1 ::1 port = 4190 } } service managesieve { process_limit = 1024 } ssl = required ssl_cert = We're running dovecot 2.2.15 with pigeonhole 0.4.6, in a clustered environment, nfs with proxy and backend on all servers. I've been seeing some odd errors from lmtp: Error: mremap_anon(127930368) failed: Cannot allocate memory It seems to affect specific users, but it doesn't seem to manifest in any particular way; no user complaints. Just the occasional log message. I would guess this is a bug? I'm open to suggestions and I'd be happy to post config if somebody has an idea. Thanks, Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- From skdovecot at smail.inf.fh-brs.de Mon Dec 8 08:05:48 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 8 Dec 2014 09:05:48 +0100 (CET) Subject: userdb lookup not possible with only userdb prefetch In-Reply-To: <54838FAF.8030703@unclassified.de> References: <54838FAF.8030703@unclassified.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 7 Dec 2014, Yves Goergen wrote: >> prefetch(box@****.de,2001:****:7765,): >> userdb lookup not possible with only userdb prefetch >> dovecot: auth: Error: >> userdb(box@****.de,2001:****:7765,): user >> not found from userdb prefetch >> dovecot: imap: Error: Authenticated user not found from userdb, auth lookup >> id=178651137 (client-pid=13711 client-id=1) >> dovecot: imap-login: Internal login failure (pid=13711 id=1) (internal >> failure, 1 successful auths): user=, method=PLAIN, >> rip=2001:****:7765, lip=2a01:****:2, mpid=13717, TLS, >> session= > > That doesn't help me a lot. Here's parts of my configuration, dumped with > 'dovecot -n': it's a bad decision to post only "parts of" the conf mostly. [cut] >> passdb { >> args = /etc/dovecot/dovecot-sql.conf.ext >> driver = sql >> } [cut] >> userdb { >> driver = prefetch >> } once you've resolved the prefetch problem with deoren's advice, also read: [found by searching for "prefetch"] http://wiki2.dovecot.org/UserDatabase/Prefetch "... the passdb returns the userdb information in extra fields with userdb_ prefixes. For example if a userdb typically returns uid, gid and home fields, the passdb would have to return userdb_uid, userdb_gid and userdb_home fields." Also note the the snippet: "If you're using LDA, you still need a valid userdb which can be used to locate the users." This advice applies to all services, that need to know user information without to auth' before, e.g. the LDA or doveadm. IMHO, you should add the fall-back SQL-userdb as shown in the Wiki page. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVIVb3Hz1H7kL/d9rAQKn5QgAhnbpqd6Xvewvzy6FTTzFU1eHH6rRUK7+ PEQWm8UYPm4a9wBdM1tMHCAaCp1BKSlRVEhrOKgyyk4rE8GQzbyerN8noN7E0jvl tS5RwntMxmYr9mgo8l04dKnd4iEPVg1s9bvYbkig1xrWxkVmAP2+w7v9Aum6pBaO yHfQsHyUNQYDtRVBtDix7h8ApvmbnAOtZRot9/6TP553ZdW0n13I165dlk1owVAq KnkxwxOOPeg4+9J2Az3rO3eBpq1quRmW/wLVCbyg6Ru8avkihWDMzj2O72DF6nO1 PnjQI+60d4iZV42IKnRCB2Mc/2bxMG+fcOLnHfZtNk/lItypJ5sWiw== =/AS/ -----END PGP SIGNATURE----- From teemu.huovila at dovecot.fi Mon Dec 8 08:07:40 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Mon, 08 Dec 2014 10:07:40 +0200 Subject: Error: mremap_anon(###) failed: Cannot allocate memory In-Reply-To: <20141207194708.X197@shell.xecu.net> References: <20141207194708.X197@shell.xecu.net> Message-ID: <54855C4C.3070904@dovecot.fi> On 12/08/2014 02:54 AM, Andy Dills wrote: > > We're running dovecot 2.2.15 with pigeonhole 0.4.6, in a clustered > environment, nfs with proxy and backend on all servers. > > I've been seeing some odd errors from lmtp: > > Error: mremap_anon(127930368) failed: Cannot allocate memory > > It seems to affect specific users, but it doesn't seem to manifest in any > particular way; no user complaints. Just the occasional log message. A config would always be useful, but I can venture a guess. Perhaps the affected users have a dovecot.index.cache file somehwere, e.g. under INBOX, that is larger than the memory limit for the lmtp process. Try increasing "default_vsz_limit" or the "service lmtp { vsz_limit }". Removing the overly large index cache file should also, temporarily, help. In case you do not get this error from the imap/pop3 processes, perhaps you have already set a higher vsz_limit for those? br, Teemu Huovila From raabe at froglogic.com Mon Dec 8 09:17:34 2014 From: raabe at froglogic.com (Frerich Raabe) Date: Mon, 08 Dec 2014 10:17:34 +0100 Subject: Missing hits when performing full-text searches Message-ID: <90b72c080f5947317ed0b341b6a31baa@roundcube.froglogic.com> Hi, we're running Dovecot 2.1.7 together with Solr for efficient fulltext search. A couple of days ago we reinstalled our Solr server on a new machine. After adjusting our Dovecot setup to use the new server, it took a few days to notice that something seems fishy about our full-text search: expected hits wouldn't be shown among the search results. For instance, one of the folders (a shared, read-only folder which is basically a mailinglist archive) with about 210k messages has a plaintext mail with the text 'Amman'. However, logging into the IMAP server and issueing a . SEARCH TEXT Amman In the folder doesn't yield any hits. It seems that this happens for older mails only -- trying other keywords, we did notice hits in recent mails but not in older ones. Some caching related to the old Solr server causing issues? Debugging this further, I noticed that the above IMAP command shows this in the Solr log files: INFO: [] webapp=/solr path=/select params={fl=uid,score&sort=uid+asc&q=(hdr:"Amman"+OR+body:"Amman")&fq=%2Bbox:b68ece09e22fb9502d34010017227a26+%2Buser:""&rows=209392} hits=0 status=0 QTime=229 And indeed, something like $ curl 'http://indexer:8080/solr/select?fl=uid,score&sort=uid+asc&q=(hdr:"Amman"+OR+body:"Amman")&fq=%2Bbox:b68ece09e22fb9502d34010017227a26+%2Buser:""&rows=209392' Yields no results. However, I noticed that if I remove the 'fq=' part from the query then I get a bunch of hits. Alas, I don't know whether those are to be expected or not. Does anybody have an idea what might cause this, or what the meaning of that 'box' checksum is? -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From jlar310 at gmail.com Mon Dec 8 17:11:50 2014 From: jlar310 at gmail.com (Jeff Larsen) Date: Mon, 8 Dec 2014 11:11:50 -0600 Subject: sdbox and IMAP folders Message-ID: We have just migrated from cyrus-imap to dovecot 2.2.9 on Ubuntu. By default, all our user's manually created folders appear at the same folder level as INBOX (i.e., they are next to INBOX, and not inside INBOX in a typical tree view of the folders). But on Dovecot, users are able to create new folders either parallel to INBOX or as subfolders within INBOX, which I think is going to lead to confusion for our users, especially when working from the limited UI of a smartphone client where folder hierarchy is not as easy to visualize. With cyrus, this behavior depended on the client setting for "IMAP server directory" as it is called in Thunderbird. If the setting was given the value "INBOX", then all folders were parallel to INBOX and you could not create any folder that would appear in the tree inside INBOX. With the setting empty, then all folders appeared as subfolders of INBOX. It was all or nothing. When the mail accounts were migrated to dovecot, the existing top-level user folders were created in dovecot at the same level as INBOX. We did nothing intentional to get this result. We just used cyrus2dovecot to export to maildir, then doveadm sync to convert to the final sdbox. With dovecot, when "IMAP server directory" is empty, we get the original folder tree with all folders parallel to inbox, but users are also able to create subfolders inside INBOX . We are using sdbox storage and the folder heirarchy as seen in the client tree (parallel folders and subfolders) is also reflected in the server's local file system. If we change the "IMAP server directory" setting on the client while using dovecot, then all the folders that were previously at the same level as INBOX become inaccessible, so that's not a viable option. So, my question is this: Can I replicate the cyrus behavior where INBOX subfolders are an all-or-nothing option? Or are we stuck with users (having questionable file management skills in the first place) getting lost between INBOX subfolders and top-level folders. Thanks, Jeff root:~# doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-40-generic x86_64 Ubuntu 14.04.1 LTS auth_mechanisms = plain login auth_verbose = yes listen = * mail_location = sdbox:%h:LAYOUT=fs:ALT=/var/alt-vmail/%n mail_plugins = " quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { quota = dict:%n::file:%h/dovecot-quota quota_grace = 10%% quota_rule = *:storage=100M quota_rule2 = Trash:storage=+20M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap sieve" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0666 } } service imap-login { inet_listener imap { address = localhost port = 143 } inet_listener imaps { port = 0 } } service managesieve-login { inet_listener sieve { address = localhost port = 4190 } } ssl = required ssl_cert = I currently use mutt to read my E-Mail on a machine which runs a postfix server to receive mail by SMTP. Mail is actually delivered to the final mbox mailboxes by a custom filtering script writtin in Python. Will dovecot happily serve mail from the existing hierarchy (obviously if I configure it right) so that I can connect using IMAP to my server machine to read mail? The mbox files are all under ~/Mail with several levels of directories in some trees. Does dovecot need any sort of notification from postfix (or my Python script) to indicate that new mail has been delivered or does it just re-scan the mbox files at intervals to see changes? -- Chris Green From list at airstreamcomm.net Mon Dec 8 18:41:57 2014 From: list at airstreamcomm.net (List) Date: Mon, 08 Dec 2014 12:41:57 -0600 Subject: Required SSL with exceptions Message-ID: <5485F0F5.5000401@airstreamcomm.net> I have a Dovecot cluster which is on separate machines from my webmail/caldav/cardav cluster, and I currently have the system setup with ssl = required. Unfortunately the caldav/cardav server I am running doesn't support STARTTLS so I was wondering if there is a way to still enforce ssl for every connection with the exception of a certain subnet, or if there is a better way to accomplish this without install a local install of Dovecot on each of my caldav/cardav servers. From rs at sys4.de Mon Dec 8 19:45:56 2014 From: rs at sys4.de (Robert Schetterer) Date: Mon, 08 Dec 2014 20:45:56 +0100 Subject: Required SSL with exceptions In-Reply-To: <5485F0F5.5000401@airstreamcomm.net> References: <5485F0F5.5000401@airstreamcomm.net> Message-ID: <5485FFF4.6080909@sys4.de> Am 08.12.2014 um 19:41 schrieb List: > I have a Dovecot cluster which is on separate machines from my > webmail/caldav/cardav cluster, and I currently have the system setup > with ssl = required. Unfortunately the caldav/cardav server I am > running doesn't support STARTTLS so I was wondering if there is a way to > still enforce ssl for every connection with the exception of a certain > subnet, or if there is a better way to accomplish this without install a > local install of Dovecot on each of my caldav/cardav servers. perhaps this helps http://wiki2.dovecot.org/SSL/DovecotConfiguration?highlight=%28trusted%29 There are a couple of different ways to specify when SSL/TLS is required: disable_plaintext_auth=yes allows plaintext authentication only when SSL/TLS is used first. ssl = required requires SSL/TLS also for non-plaintext authentication. If you have only plaintext mechanisms enabled (auth { mechanisms = plain login } ), you can use either (or both) of the above settings. They behave exactly the same way then. Note that plaintext authentication is always allowed (and SSL not required) for connections from localhost, as they're assumed to be secure anyway. This applies to all connections where the local and the remote IP addresses are equal. Also IP ranges specified by login_trusted_networks setting are assumed to be secure.<<<< Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From list at airstreamcomm.net Mon Dec 8 22:01:43 2014 From: list at airstreamcomm.net (List) Date: Mon, 08 Dec 2014 16:01:43 -0600 Subject: Required SSL with exceptions In-Reply-To: <5485FFF4.6080909@sys4.de> References: <5485F0F5.5000401@airstreamcomm.net> <5485FFF4.6080909@sys4.de> Message-ID: <54861FC7.4000402@airstreamcomm.net> On 12/8/14, 1:45 PM, Robert Schetterer wrote: > Am 08.12.2014 um 19:41 schrieb List: >> I have a Dovecot cluster which is on separate machines from my >> webmail/caldav/cardav cluster, and I currently have the system setup >> with ssl = required. Unfortunately the caldav/cardav server I am >> running doesn't support STARTTLS so I was wondering if there is a way to >> still enforce ssl for every connection with the exception of a certain >> subnet, or if there is a better way to accomplish this without install a >> local install of Dovecot on each of my caldav/cardav servers. > perhaps this helps > > http://wiki2.dovecot.org/SSL/DovecotConfiguration?highlight=%28trusted%29 > > > There are a couple of different ways to specify when SSL/TLS is required: > > disable_plaintext_auth=yes allows plaintext authentication only when > SSL/TLS is used first. > > ssl = required requires SSL/TLS also for non-plaintext authentication. > > If you have only plaintext mechanisms enabled (auth { mechanisms = > plain login } ), you can use either (or both) of the above settings. > They behave exactly the same way then. > > Note that plaintext authentication is always allowed (and SSL not > required) for connections from localhost, as they're assumed to be > secure anyway. This applies to all connections where the local and the > remote IP addresses are equal. Also IP ranges specified by > login_trusted_networks setting are assumed to be secure.<<<< > > > > Best Regards > MfG Robert Schetterer > Essentially we would like to host IMAP with SSL enforced for any connections coming from anywhere except the subnet where our other mail servers reside. The idea is to not install a local instance of dovecot on the webmail/carddav/caldav servers to reduce the number of instances that need to be managed. Is it possible to have two imap listeners, where ssl is enforced on one port, and not on another? From sol0 at lehigh.edu Mon Dec 8 22:25:13 2014 From: sol0 at lehigh.edu (Stephen Lidie) Date: Mon, 8 Dec 2014 17:25:13 -0500 Subject: devoid mailbox status for mail reloaded from a tape backup Message-ID: <168A18AE-1AB4-4BCF-9AE2-68AF587BB95A@lehigh.edu> dovecot --version 2.2.10 I've only be able to status a mailbox for currently existing users, is it possible to status a mailbox reloaded from tape to an alternate location? The user may or may not exist at this time, but I still need to inspect the mailbox ... thank you, Steve From sol0 at lehigh.edu Mon Dec 8 22:29:18 2014 From: sol0 at lehigh.edu (Stephen Lidie) Date: Mon, 8 Dec 2014 17:29:18 -0500 Subject: devoid mailbox status for mail reloaded from a tape backup In-Reply-To: <168A18AE-1AB4-4BCF-9AE2-68AF587BB95A@lehigh.edu> References: <168A18AE-1AB4-4BCF-9AE2-68AF587BB95A@lehigh.edu> Message-ID: > On Dec 8, 2014, at 5:25 PM, Stephen Lidie wrote: > > dovecot --version > 2.2.10 > > I've only be able to status a mailbox for currently existing users, is it possible to status a mailbox reloaded from tape to an alternate location? The user may or may not exist at this time, but I still need to inspect the mailbox ... thank you, > > Steve 1) subject should read "doveadm mailbox status" 2) to clarify, something like an alternate source, as with "doveadm import". From fumiyas at osstech.jp Tue Dec 9 06:50:03 2014 From: fumiyas at osstech.jp (SATOH Fumiyasu) Date: Tue, 09 Dec 2014 15:50:03 +0900 Subject: Required SSL with exceptions In-Reply-To: <54861FC7.4000402@airstreamcomm.net> References: <5485F0F5.5000401@airstreamcomm.net> <5485FFF4.6080909@sys4.de> <54861FC7.4000402@airstreamcomm.net> Message-ID: <87r3w99v1g.wl-fumiyas@osstech.jp> Hi, At Mon, 08 Dec 2014 16:01:43 -0600, List wrote: > Essentially we would like to host IMAP with SSL enforced for any connections coming from anywhere except the subnet where our other mail servers reside. The idea is to not install a local instance of dovecot on the webmail/carddav/caldav servers to reduce the number of instances that need to be managed. Is it possible to have two imap listeners, where ssl is enforced on one port, and not on another? Use login_trusted_networks parameter. -- -- Name: SATOH Fumiyasu @ OSS Technology Corp. (fumiyas @ osstech co jp) -- Business Home: http://www.OSSTech.co.jp/ -- GitHub Home: https://GitHub.com/fumiyas/ -- PGP Fingerprint: BBE1 A1C9 525A 292E 6729 CDEC ADC2 9DCA 5E1C CBCA From skdovecot at smail.inf.fh-brs.de Tue Dec 9 07:34:11 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 9 Dec 2014 08:34:11 +0100 (CET) Subject: devoid mailbox status for mail reloaded from a tape backup In-Reply-To: <168A18AE-1AB4-4BCF-9AE2-68AF587BB95A@lehigh.edu> References: <168A18AE-1AB4-4BCF-9AE2-68AF587BB95A@lehigh.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 8 Dec 2014, Stephen Lidie wrote: > I've only be able to status a mailbox for currently existing users, is > it possible to status a mailbox reloaded from tape to an alternate > location? The user may or may not exist at this time, but I still need > to inspect the mailbox ... thank you, yes - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVIal9Hz1H7kL/d9rAQIFOQf/RhmEWkElrFpbPcEZ9fkKj9B0jlGqzWDO t8nP2jC6Bza5zrRs+se5LmJhB32WIFU5vycv+XpdL3ucsumpZt2c1zDfG+3EqY1U Tu34xSNDdtjxwZunQDv61llzmQRhAYmJV8VhZq6NWiz2qH16rr9b6JgR7mG9sSFw dYFgMmqMxwK4csSi9u1SSSH8WUV3fNw9DdjQ1094DiPAEJba+WoSJA3tzBGW7Wu5 iZ6TyHSYxKnEjhcjWObZ20TtvhRmUxvxj7Q0f4U+H5+cJoUlXmakg9oar3hayKG2 LYflvKCZEObI0ZZK48sj9tyFb5bhKQ0b+twmfjfholmBoHURcxhOwQ== =OTJZ -----END PGP SIGNATURE----- From sol0 at lehigh.edu Tue Dec 9 10:42:51 2014 From: sol0 at lehigh.edu (Stephen Lidie) Date: Tue, 9 Dec 2014 05:42:51 -0500 Subject: devoid mailbox status for mail reloaded from a tape backup In-Reply-To: References: <168A18AE-1AB4-4BCF-9AE2-68AF587BB95A@lehigh.edu> Message-ID: <23E91872-24A4-4113-995C-F8DAD87BB4BF@lehigh.edu> > On Dec 9, 2014, at 2:34 AM, Steffen Kaiser wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, 8 Dec 2014, Stephen Lidie wrote: > >> I've only be able to status a mailbox for currently existing users, is it possible to status a mailbox reloaded from tape to an alternate location? The user may or may not exist at this time, but I still need to inspect the mailbox ... thank you, > > yes > :) Well, although I am able to issue a mailbox status command regardless, the implication was that the command displayed an empty string (nothing useful), and thus a working example using files not in the locations specified by mail_location would be useful. In my configuration mail_locations is defined as: mail_location = mdbox:~/mail:INDEX=/var/dovecot/index/%u So a command of the form ?doveadm mailbox status -u userName all INBOX? uses mail_location as defined in dovecot.conf to locate the mail and index files, and displays appropriate information about the specified user?s INBOX. If I have mail and index files in an alternate location - restored from a backup tape for example - how do I obtain data such as unseen, message count, vsize, etc about mailboxes residing at that alternate location, a location not pointed to by mail_location? As I mentioned, ?doveadm import? allows one to provide an alternate source location, but ?doveadm mailbox status? does not AFAIK, thus, a sample command would be wonderful. thx/stv From r at sys4.de Tue Dec 9 11:23:19 2014 From: r at sys4.de (Ralf Hildebrandt) Date: Tue, 9 Dec 2014 12:23:19 +0100 Subject: doveadm -A operations failing due to broken mdbox Message-ID: <20141209112318.GC509@sys4.de> I'm using "/usr/bin/doveadm purge -A" to purge the mdboxes of my users. Unfortunately this command terminates prematurely once it reaches a defective mdbox! Is there a workaround for this? Like using doveadm to get a list of valid users and then run "doveadm purge -u" on each of those? -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Tue Dec 9 12:03:31 2014 From: rs at sys4.de (Robert Schetterer) Date: Tue, 09 Dec 2014 13:03:31 +0100 Subject: doveadm -A operations failing due to broken mdbox In-Reply-To: <20141209112318.GC509@sys4.de> References: <20141209112318.GC509@sys4.de> Message-ID: <5486E513.8050501@sys4.de> Am 09.12.2014 um 12:23 schrieb Ralf Hildebrandt: > I'm using "/usr/bin/doveadm purge -A" to purge the mdboxes of my users. > > Unfortunately this command terminates prematurely once it reaches a > defective mdbox! > > Is there a workaround for this? > > Like using doveadm to get a list of valid users and then run "doveadm > purge -u" on each of those? > hm then you need a mech which finds broken mdboxes before better might be some force ( override stop parameter ) needs to be implemented for purge Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From list at airstreamcomm.net Tue Dec 9 14:30:01 2014 From: list at airstreamcomm.net (List) Date: Tue, 09 Dec 2014 08:30:01 -0600 Subject: Required SSL with exceptions In-Reply-To: <87r3w99v1g.wl-fumiyas@osstech.jp> References: <5485F0F5.5000401@airstreamcomm.net> <5485FFF4.6080909@sys4.de> <54861FC7.4000402@airstreamcomm.net> <87r3w99v1g.wl-fumiyas@osstech.jp> Message-ID: <54870769.9030804@airstreamcomm.net> On 12/9/14, 12:50 AM, SATOH Fumiyasu wrote: > Hi, > > At Mon, 08 Dec 2014 16:01:43 -0600, > List wrote: >> Essentially we would like to host IMAP with SSL enforced for any connections coming from anywhere except the subnet where our other mail servers reside. The idea is to not install a local instance of dovecot on the webmail/carddav/caldav servers to reduce the number of instances that need to be managed. Is it possible to have two imap listeners, where ssl is enforced on one port, and not on another? > Use login_trusted_networks parameter. > Excellent, that's exactly what I was looking for. Thank you! From jeremyhayden at airstreamcomm.net Tue Dec 9 15:25:35 2014 From: jeremyhayden at airstreamcomm.net (Jeremy Hayden) Date: Tue, 9 Dec 2014 09:25:35 -0600 Subject: Dovecot Pre-Login Scripting Message-ID: <000801d013c4$613cd9c0$23b68d40$@airstreamcomm.net> Hello, We are in the process of migrating users from one system that is currently not hosted by our company, to our dovecot 2.2.10 installation. We are planning on doing the dovecot dsync command for copying users mail over to the new installation, but the one snag we are running into is ensuring we are able to get the users credentials stored in our system. We are migrating the email from a Gmail ISP account to our installation as they are discontinuing their support next year. The setup is a multistep process we are hoping to accomplish. When a connection is started to our cluster, it will first check the database to see if the credentials match, if not it will verify against Gmail's servers. If the Gmail test is successful, it would pass the credentials to a script to store them for future login attempts. Once the authentication is verified and stored locally, we would run a post-login script to run dsync to copy the mail down to the new system. The problem we are running into is efficiently and appropriately hooking into the dovecot authentication process. We are unable to find anything regarding PreLogin Scripting to contrast the PostLoginScripting we are currently using, and the only other thing we are currently seeing as a possible option is running a custom authentication socket or password imap-login to a script. This seems like it would be a resource nightmare depending on the server load and are hoping for a more elegant option to be unveiled. Any other options or suggestions are welcome. We are also wondering, if we have to go with the custom authentication setup, if there are any examples out there to base our scripts off in setting it up. Thank you, Jeremy From skdovecot at smail.inf.fh-brs.de Tue Dec 9 16:00:26 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 9 Dec 2014 17:00:26 +0100 (CET) Subject: devoid mailbox status for mail reloaded from a tape backup In-Reply-To: <23E91872-24A4-4113-995C-F8DAD87BB4BF@lehigh.edu> References: <168A18AE-1AB4-4BCF-9AE2-68AF587BB95A@lehigh.edu> <23E91872-24A4-4113-995C-F8DAD87BB4BF@lehigh.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 9 Dec 2014, Stephen Lidie wrote: >> On Dec 9, 2014, at 2:34 AM, Steffen Kaiser wrote: >> On Mon, 8 Dec 2014, Stephen Lidie wrote: >> >>> I've only be able to status a mailbox for currently existing users, is >>> it possible to status a mailbox reloaded from tape to an alternate >>> location? The user may or may not exist at this time, but I still ^^^^^^ >>> need to inspect the mailbox ... thank you, > > Well, although I am able to issue a mailbox status command regardless, the implication was that the command displayed an empty string (nothing useful), and thus a working example using files not in the locations specified by mail_location would be useful. In my configuration mail_locations is defined as: > > mail_location = mdbox:~/mail:INDEX=/var/dovecot/index/%u > > So a command of the form ?doveadm mailbox status -u userName all INBOX? uses mail_location as defined in dovecot.conf to locate the mail and index files, and displays appropriate information about the specified user?s INBOX. > > If I have mail and index files in an alternate location - restored from a backup tape for example - how do I obtain data such as unseen, message count, vsize, etc about mailboxes residing at that alternate location, a location not pointed to by mail_location? As I mentioned, ?doveadm import? allows one to provide an alternate source location, but ?doveadm mailbox status? does not AFAIK, thus, a sample command would be wonderful. if the user does not exist at all, you could create a dummy "restore" account, where you restore the data to and can use as any other user. This would work for any existing user, too. For me this is working, too: doveadm -o mail_location=maildir:/home/user2/Maildir mailbox status \ -u user1 all INBOX shows the same as doveadm mailbox status -u user2 all INBOX but not the same as: doveadm mailbox status -u user1 all INBOX So, if you craft a good -o mail_location= and an "-u", which has access permissions on filesystem level (e.g. if you are using system users), it should work. Maybe, you need to specify "-o home=...", too. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVIccm3z1H7kL/d9rAQJ5sAgAnwLKX+GHvrvdnWOkMfAVl68tamJCZEvw 7tWQCjK7LpcctjiRO7xFVZSKq4OruD6tkU0pnPut6w2sIL8DIhp4lyVBHbuNMA4s QyA0oLq2tMfEYEiSn8g1G5NpCPnSeo8uFinhHcSAwPWJNo5ly22QHZmZI787olM2 Q7A2insZTvVKLSOe+tcK8SMX05GJLXb5lIRQHj2SkvkmBFiMKI2s6xxakLmEnB4h 3LOFqMoXTmvgGioOtoppZxPJ5jJfUNyGGCfDH7CmKwg6nbUpehf61OdQekCUSoH7 383RgWCW/BUb6ink9nzQDVGLSRCmzT5U0KRZ7nkMobqjuwZ/8L0AMw== =oNin -----END PGP SIGNATURE----- From sol0 at lehigh.edu Tue Dec 9 16:29:22 2014 From: sol0 at lehigh.edu (Stephen Lidie) Date: Tue, 9 Dec 2014 11:29:22 -0500 Subject: devoid mailbox status for mail reloaded from a tape backup In-Reply-To: References: <168A18AE-1AB4-4BCF-9AE2-68AF587BB95A@lehigh.edu> <23E91872-24A4-4113-995C-F8DAD87BB4BF@lehigh.edu> Message-ID: > On Dec 9, 2014, at 11:00 AM, Steffen Kaiser wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 9 Dec 2014, Stephen Lidie wrote: >>> On Dec 9, 2014, at 2:34 AM, Steffen Kaiser wrote: >>> On Mon, 8 Dec 2014, Stephen Lidie wrote: >>> >>>> I've only be able to status a mailbox for currently existing users, is it possible to status a mailbox reloaded from tape to an alternate location? The user may or may not exist at this time, but I still > > ^^^^^^ > >>>> need to inspect the mailbox ... thank you, >> >> Well, although I am able to issue a mailbox status command regardless, the implication was that the command displayed an empty string (nothing useful), and thus a working example using files not in the locations specified by mail_location would be useful. In my configuration mail_locations is defined as: >> >> mail_location = mdbox:~/mail:INDEX=/var/dovecot/index/%u >> >> So a command of the form ?doveadm mailbox status -u userName all INBOX? uses mail_location as defined in dovecot.conf to locate the mail and index files, and displays appropriate information about the specified user?s INBOX. >> >> If I have mail and index files in an alternate location - restored from a backup tape for example - how do I obtain data such as unseen, message count, vsize, etc about mailboxes residing at that alternate location, a location not pointed to by mail_location? As I mentioned, ?doveadm import? allows one to provide an alternate source location, but ?doveadm mailbox status? does not AFAIK, thus, a sample command would be wonderful. > > if the user does not exist at all, you could create a dummy "restore" account, where you restore the data to and can use as any other user. > This would work for any existing user, too. True, that was my last resort, because I'd have to go through "channels" to get a real dummy username added to the University's LDAP server, then I'd have to to an actual import, and finally the status. > > For me this is working, too: > > doveadm -o mail_location=maildir:/home/user2/Maildir mailbox status \ > -u user1 all INBOX Eureka!! The magic incantation snippet I was seeking :) I had tried, variously, placing this simple string: "mail_location=mdbox:/home/RESTORE/homeb/userName/mail:INDEX=/home/RESTORE/var/dovecot/index/userName" at various points on the doveadm command line, I tried exporting the string as the environment variables mail_location and MAIL_LOCATION, and I tried to find some option that would accept an alternate mail_location. I even briefly scanned the force code but saw immediately that that solution would be slow going :) I just now tried to find where -o was documented, to no avail: # man doveadm|egrep -i '\-o' # man doveadm mailbox|egrep -i '\-o' # man doveadm help|egrep -i '\-o' So, where exactly did I fail to find -o documented? Now I (or an operator) can pre-scan candidate mail files pulled from tape before actually restoring them for a real user account, to help narrow down the results. Did I mention that this is the exact solution I was hoping for?! Many thanks, Steve > > shows the same as > > doveadm mailbox status -u user2 all INBOX > > but not the same as: > > doveadm mailbox status -u user1 all INBOX > > So, if you craft a good -o mail_location= and an "-u", which has access permissions on filesystem level (e.g. if you are using system users), it should work. Maybe, you need to specify "-o home=...", too. > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBVIccm3z1H7kL/d9rAQJ5sAgAnwLKX+GHvrvdnWOkMfAVl68tamJCZEvw > 7tWQCjK7LpcctjiRO7xFVZSKq4OruD6tkU0pnPut6w2sIL8DIhp4lyVBHbuNMA4s > QyA0oLq2tMfEYEiSn8g1G5NpCPnSeo8uFinhHcSAwPWJNo5ly22QHZmZI787olM2 > Q7A2insZTvVKLSOe+tcK8SMX05GJLXb5lIRQHj2SkvkmBFiMKI2s6xxakLmEnB4h > 3LOFqMoXTmvgGioOtoppZxPJ5jJfUNyGGCfDH7CmKwg6nbUpehf61OdQekCUSoH7 > 383RgWCW/BUb6ink9nzQDVGLSRCmzT5U0KRZ7nkMobqjuwZ/8L0AMw== > =oNin > -----END PGP SIGNATURE----- From gessel at blackrosetech.com Tue Dec 9 17:35:07 2014 From: gessel at blackrosetech.com (David Gessel) Date: Tue, 09 Dec 2014 20:35:07 +0300 Subject: Sieve permissions issue following update Message-ID: <548732CB.4070606@blackrosetech.com> I recently updated dovecot and my sieve filters stopped working. Checking the logs I see: Dec 9 00:09:59 mailhost dovecot: lda(gessel at domain.com): Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.mailhost.domain.com.114.) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 mode=0775) Dec 9 00:09:59 mailhost dovecot: lda(gessel at domain.com): Error: sieve: The LDA Sieve plugin does not have permission to save global Sieve script binaries; global Sieve scripts like `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled using the sievec tool However this fairly clear advice on the failure seems to be contradicted by: # id vmail uid=5000(vmail) gid=5000(vmail) groups=5000(vmail),6(mail) ? dovecot-pigeonhole-0.4.6 = up-to-date with index dovecot2-2.2.15_1 = up-to-date with index uname -a FreeBSD host.domain.com 9.3-RELEASE FreeBSD 9.3-RELEASE #0 r268932: Mon Jul 21 15:51:38 PDT 2014 gessel at host1.domain.com:/usr/obj/usr/src/sys/BARCELONA-13-08 amd64 From user+dovecot at localhost.localdomain.org Tue Dec 9 17:39:36 2014 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Tue, 09 Dec 2014 17:39:36 +0000 Subject: doveadm -A operations failing due to broken mdbox In-Reply-To: <20141209112318.GC509@sys4.de> References: <20141209112318.GC509@sys4.de> Message-ID: <548733D8.2010303@localhost.localdomain.org> On 12/09/2014 11:23 AM, Ralf Hildebrandt wrote: > I'm using "/usr/bin/doveadm purge -A" to purge the mdboxes of my users. > > Unfortunately this command terminates prematurely once it reaches a > defective mdbox! > > Is there a workaround for this? > > Like using doveadm to get a list of valid users and then run "doveadm > purge -u" on each of those? > Are you looking for a workaround like this? for user in `doveadm user \*`; do doveadm purge -u $user; done Regards, Pascal -- The trapper recommends today: defaced.1434318 at localdomain.org From user+dovecot at localhost.localdomain.org Tue Dec 9 17:45:00 2014 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Tue, 09 Dec 2014 17:45:00 +0000 Subject: Sieve permissions issue following update In-Reply-To: <548732CB.4070606@blackrosetech.com> References: <548732CB.4070606@blackrosetech.com> Message-ID: <5487351C.7030303@localhost.localdomain.org> On 12/09/2014 05:35 PM, David Gessel wrote: > I recently updated dovecot and my sieve filters stopped working. Checking the logs I see: > > Dec 9 00:09:59 mailhost dovecot: lda(gessel at domain.com): Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.mailhost.domain.com.114.) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 mode=0775) > > Dec 9 00:09:59 mailhost dovecot: lda(gessel at domain.com): Error: sieve: The LDA Sieve plugin does not have permission to save global Sieve script binaries; global Sieve scripts like `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled using the sievec tool > > As mentioned in the error message from your logs and in the wiki : To mitigate this problem, the administrator must manually pre-compile global scripts using the sievec command line tool. Regards, Pascal -- The trapper recommends today: defaced.1434318 at localdomain.org From dovecot at outputservices.com Tue Dec 9 18:02:20 2014 From: dovecot at outputservices.com (dovecot at outputservices.com) Date: Tue, 9 Dec 2014 11:02:20 -0700 (MST) Subject: Required SSL with exceptions Message-ID: <201412091802.sB9I2K9m029530@bluemoon.outputservices.com> On 12/08/14 23:50, SATOH Fumiyasu wrote: > Hi, > > At Mon, 08 Dec 2014 16:01:43 -0600, > List wrote: >> Essentially we would like to host IMAP with SSL enforced for any connections coming from anywhere except the subnet where our other mail servers reside. The idea is to not install a local instance of dovecot on the webmail/carddav/caldav servers to reduce the number of instances that need to be managed. Is it possible to have two imap listeners, where ssl is enforced on one port, and not on another? > > Use login_trusted_networks parameter. > What is the syntax for login_trusted_networks? The docs and WIKI do not show it. From user+dovecot at localhost.localdomain.org Tue Dec 9 18:05:34 2014 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Tue, 09 Dec 2014 18:05:34 +0000 Subject: Required SSL with exceptions In-Reply-To: <201412091802.sB9I2K9m029530@bluemoon.outputservices.com> References: <201412091802.sB9I2K9m029530@bluemoon.outputservices.com> Message-ID: <548739EE.9040905@localhost.localdomain.org> On 12/09/2014 06:02 PM, dovecot at outputservices.com wrote: > > What is the syntax for login_trusted_networks? The docs and WIKI do not show it. grep -rn login_trusted_networks . ./example-config/dovecot.conf:48:#login_trusted_networks = ? # Space separated list of trusted network ranges. Connections from these # IPs are allowed to override their IP addresses and ports (for logging and # for authentication checks). disable_plaintext_auth is also ignored for # these networks. Typically you'd specify your IMAP proxy servers here. #login_trusted_networks = Regards, Pascal -- The trapper recommends today: c01dcofe.1434319 at localdomain.org From gessel at blackrosetech.com Tue Dec 9 19:50:37 2014 From: gessel at blackrosetech.com (David Gessel) Date: Tue, 09 Dec 2014 22:50:37 +0300 Subject: Sieve permissions issue following update In-Reply-To: <5487351C.7030303@localhost.localdomain.org> References: <548732CB.4070606@blackrosetech.com> <5487351C.7030303@localhost.localdomain.org> Message-ID: <5487528D.6030105@blackrosetech.com> It has been running flawlessly for quite some time until the update. Global scripts were compiled: /usr/local/etc/dovecot/sieve # ls 10-move-spam.sieve 10-move-spam.svbin However, I ran sievec again and tried saving a modified script and got the same: shiofuki dovecot: lda(gessel at blackrosetech.com): Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.shiofuki.blackrosetech.com.96421.) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 mode=0775) Dec 9 11:30:39 shiofuki dovecot: lda(gessel at blackrosetech.com): Error: sieve: The LDA Sieve plugin does not have permission to save global Sieve script binaries; global Sieve scripts like `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled using the sievec tool I use Thomas Schmid's Sieve 0.2.3d add on to Thunderbird, if that might have any significance. Compiling with sievec shouldn't change the permission error, which I still don't understand. -------- Original Message -------- Subject: Re: Sieve permissions issue following update From: Pascal Volk To: Dovecot Mailing List Date: Tue Dec 09 2014 20:45:00 GMT+0300 (Arabic Standard Time) > On 12/09/2014 05:35 PM, David Gessel wrote: >> I recently updated dovecot and my sieve filters stopped working. Checking the logs I see: >> >> Dec 9 00:09:59 mailhost dovecot: lda(gessel at domain.com): Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.mailhost.domain.com.114.) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 mode=0775) >> >> Dec 9 00:09:59 mailhost dovecot: lda(gessel at domain.com): Error: sieve: The LDA Sieve plugin does not have permission to save global Sieve script binaries; global Sieve scripts like `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled using the sievec tool >> >> > > As mentioned in the error message from your logs and in the wiki > : > > To mitigate this problem, the administrator must manually > pre-compile global scripts using the sievec command line tool. > > > Regards, > Pascal > From user+dovecot at localhost.localdomain.org Tue Dec 9 21:00:04 2014 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Tue, 09 Dec 2014 21:00:04 +0000 Subject: Sieve permissions issue following update In-Reply-To: <5487528D.6030105@blackrosetech.com> References: <548732CB.4070606@blackrosetech.com> <5487351C.7030303@localhost.localdomain.org> <5487528D.6030105@blackrosetech.com> Message-ID: <548762D4.8080303@localhost.localdomain.org> On 12/09/2014 07:50 PM, David Gessel wrote: > It has been running flawlessly for quite some time until the update. > > Global scripts were compiled: > > /usr/local/etc/dovecot/sieve # ls > 10-move-spam.sieve 10-move-spam.svbin > > However, I ran sievec again and tried saving a modified script and got the same: > > shiofuki dovecot: lda(gessel at blackrosetech.com): Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.shiofuki.blackrosetech.com.96421.) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 mode=0775) > Dec 9 11:30:39 shiofuki dovecot: lda(gessel at blackrosetech.com): Error: sieve: The LDA Sieve plugin does not have permission to save global Sieve script binaries; global Sieve scripts like `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled using the sievec tool > > > I use Thomas Schmid's Sieve 0.2.3d add on to Thunderbird, if that might have any significance. > > Compiling with sievec shouldn't change the permission error, which I still don't understand. > > >> [TOFU snipped} /usr/local/etc/dovecot/sieve is not the user's sieve_dir; see . The GLOBAL sieve scripts (see your error message above) is manged by the system administrator. Adnmins are using their favorite $EDITOR, the chmod(1) and chown(1) commands. They don't need a ManageSieve client. Regards, Pascal -- The trapper recommends today: fabaceae.1434321 at localdomain.org From gessel at blackrosetech.com Tue Dec 9 22:09:17 2014 From: gessel at blackrosetech.com (David Gessel) Date: Wed, 10 Dec 2014 01:09:17 +0300 Subject: Sieve permissions issue following update In-Reply-To: <548762D4.8080303@localhost.localdomain.org> References: <548732CB.4070606@blackrosetech.com> <5487351C.7030303@localhost.localdomain.org> <5487528D.6030105@blackrosetech.com> <548762D4.8080303@localhost.localdomain.org> Message-ID: <5487730D.8020704@blackrosetech.com> -------- Original Message -------- Subject: Re: Sieve permissions issue following update From: Pascal Volk To: Dovecot Mailing List Date: Wed Dec 10 2014 00:00:04 GMT+0300 (Arabic Standard Time) > On 12/09/2014 07:50 PM, David Gessel wrote: >> It has been running flawlessly for quite some time until the update. >> >> Global scripts were compiled: >> >> /usr/local/etc/dovecot/sieve # ls >> 10-move-spam.sieve 10-move-spam.svbin >> >> However, I ran sievec again and tried saving a modified script and got the same: >> >> shiofuki dovecot: lda(gessel at blackrosetech.com): Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.shiofuki.blackrosetech.com.96421.) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 mode=0775) >> Dec 9 11:30:39 shiofuki dovecot: lda(gessel at blackrosetech.com): Error: sieve: The LDA Sieve plugin does not have permission to save global Sieve script binaries; global Sieve scripts like `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled using the sievec tool >> >> >> I use Thomas Schmid's Sieve 0.2.3d add on to Thunderbird, if that might have any significance. >> >> Compiling with sievec shouldn't change the permission error, which I still don't understand. >> >> >>> [TOFU snipped} > > /usr/local/etc/dovecot/sieve is not the user's sieve_dir; see > . > > The GLOBAL sieve scripts (see your error message above) is manged by the > system administrator. Adnmins are using their favorite $EDITOR, the > chmod(1) and chown(1) commands. They don't need a ManageSieve client. > Pascal, Thank you very much for your prompt assistance. I apologize that I haven't been able to use your advice to sort out the issues, but I'm either not getting it or it is tangential to the problem I'm having. I apologize if I haven't provided enough information. 90-sieve.conf's specification of those file locations for global and user scripts (relevant lines from the config below): sieve = ~/.dovecot.sieve sieve_dir = ~/sieve #sieve_global_dir = sieve_before = /usr/local/etc/dovecot/sieve/ I brought up the plugin only because only two things have touched any part of the dovecot/sieve configuration between "working" and "not working" states: - An update using portmaster to dovecot2-2.2.15_1/dovecot-pigeonhole-0.4.6 and - an edit via the Sieve plugin/Managesieve. One of the two has broken sieve. Unfortunately I did take note of the last working version of dovecot/dovecot-pigeonhole, but it could not be more than a few months old as I update ports fairly regularly and my last buildworld wasn't that long ago. It is consistent with the errors and my understanding that user scripts are not the likely culprit: I included the information for the sake of completeness, which can now be dismissed. Moving back to the logged warnings: Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.shiofuki.blackrosetech.com.96421.) failed: - this seems to me to indicate that sieve tried to write "10-move-spam.svbin.shiofuki.blackrosetech.com.96421" in the directory /usr/local/etc/dovecot/sieve/ Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /usr/local/etc/dovecot/sieve - I read this as sieve determining that "vmail" is not permitted to write to /usr/local/etc/dovecot/sieve we're not in group 6(mail), dir owned by 143:6 mode=0775) - and giving a very helpful bit of advice that "we're" not in group 6(mail) - which I'm reading as "vmail" not being in group "mail" - and that the target directory is owned by 143:6 0775. The latter is consistent with the OS's reporting of the directory: drwxrwxr-x 2 dovecot mail 4B Dec 9 11:27 sieve from /etc/group mail:*:6:postfix,clamav,vscan,dovecot,vmail,spamd dovecot:*:143: IF I'm reading "we're" as "vmail" correctly, this is incorrect ("we're not in group 6(mail)). vmail IS in group "mail" and group "mail" does have write permissions to /usr/local/etc/dovecot/sieve/ (group is rwx). Perhaps "we're" now refers to another user? I see from top (I realize this is unlikely): 96387 dovenull 1 20 0 29120K 6080K kqread 7 0:00 0.00% managesieve-login As for the error dovecot: lda(gessel at blackrosetech.com): Error: sieve: The LDA Sieve plugin does not have permission to save global Sieve script binaries; global Sieve scripts like `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled using the sievec tool The reported error is consistent with the previous - a newly minted permission problem that seems to have come with the update. In this case the advice given about precompiling global scripts seems misplaced. The script is compiled, as reported by the error immediately preceding (10-move-spam.svbin, the svbin suffix is added by the compilation process) and just to be sure I ran seivec again and #service dovecot restart without changing the error. My inexpert intuition is that the latest update introduced a bug that is manifesting itself as a permission error. From grant at xtranet.com.au Tue Dec 9 23:44:32 2014 From: grant at xtranet.com.au (Grant Pasley) Date: Wed, 10 Dec 2014 01:44:32 +0200 Subject: Quota issue with mailbox. Message-ID: <54878960.5050805@xtranet.com.au> good morning, i am experiencing an issue with a quot limits with a new install of dovecot with mysql integration. quotas are set to 0 (unlimited) and show as such in the mysql database as well as via the postfixadmin frontend. i use imapsync to transfer mail from another imap server to this one, the total user mailbox size is 18gb. dovecot lda tells me mailbox is full even though i have set mailbox to unlimited. *the the error is:* Dec 9 19:17:01 sentinel dovecot: lda(grant at xxxxxxx.com): msgid=: rejected: Quota exceeded (mailbox for user is full) *[root at sentinel dovecot]# grep -v '^ *\(#.*\)\?$' dovecot-mysql.conf* driver = mysql connect = host=localhost dbname=postfix user=postfix password=xxxxxxxx default_pass_scheme = MD5-CRYPT password_query = SELECT username as user, password, concat('/home/vmail/', maildir) as userdb_home, concat('maildir:/home/vmail/', maildir) as userdb_mail, 101 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1' user_query = SELECT concat('/home/vmail/', maildir) as home, concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, 12 AS gid, CONCAT('*:messages=10000:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active = '1' *[root at sentinel dovecot]# dovecot -n* *# 2.0.9: /etc/dovecot/dovecot.conf* *# OS: Linux 2.6.32-504.1.3.el6.x86_64 x86_64 CentOS release 6.6 (Final) ext4* auth_mechanisms = plain login dict { quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf } first_valid_gid = 12 first_valid_uid = 101 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lmtp_save_to_detail_mailbox = yes mail_location = maildir:/home/vmail/%d/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } plugin { acl = vfile:/etc/dovecot/acls quota = dict:user::proxy::quotadict sieve = ~/dovecot.sieve sieve_before = /home/sieve/globalfilter.sieve sieve_dir = ~/sieve sieve_max_script_size = 1M trash = /etc/dovecot/trash.conf } protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = mail mode = 0666 user = vmail } } service dict { unix_listener dict { group = mail mode = 0666 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service imap { vsz_limit = 256 M } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 0 service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_cert = Hi, I?ve a problem with renaming directories with subdirectories. In root directory I create directory named ?lvl1? with subdirectory ?lvl2? When I rename directory lvl1 to lvl1-new I get: 1. /lvl1-new with subdir lvl2 but I can use only /lvl1-new and not /lvl1-new/lvl2 2. /lvl1 with subdir lvl2 but I can use only /lvl1/lvl2 and not /lvl1 Is it a feature or a bug? If bug is there a fix? PS: CentOS 6.6 and Dovecot 2.0.9-7 from official repository with all updates. Best regards, Dmitriy From skdovecot at smail.inf.fh-brs.de Wed Dec 10 06:42:47 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 10 Dec 2014 07:42:47 +0100 (CET) Subject: devoid mailbox status for mail reloaded from a tape backup In-Reply-To: References: <168A18AE-1AB4-4BCF-9AE2-68AF587BB95A@lehigh.edu> <23E91872-24A4-4113-995C-F8DAD87BB4BF@lehigh.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 9 Dec 2014, Stephen Lidie wrote: >> On Dec 9, 2014, at 11:00 AM, Steffen Kaiser wrote: >> On Tue, 9 Dec 2014, Stephen Lidie wrote: >>>> On Dec 9, 2014, at 2:34 AM, Steffen Kaiser wrote: >>>> On Mon, 8 Dec 2014, Stephen Lidie wrote: >> For me this is working, too: >> >> doveadm -o mail_location=maildir:/home/user2/Maildir mailbox status \ >> -u user1 all INBOX > > Eureka!! The magic incantation snippet I was seeking :) I had tried, variously, placing this simple string: > > "mail_location=mdbox:/home/RESTORE/homeb/userName/mail:INDEX=/home/RESTORE/var/dovecot/index/userName" > So, where exactly did I fail to find -o documented? http://wiki2.dovecot.org/Tools/Doveadm - -o is a global option. Dovecot v2.2.15: man doveadm /-o :-) man doveadm|egrep -i '\-o' -o setting=value ple settings, the -o option may be specified multiple times. However, I always wonder about the quoting [different shells behave differently] and would use: man doveadm|egrep -i -- -o === Actually, I remember a post of Timo each time such question comes up. And this time I dug it up in the man pages. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVIfraHz1H7kL/d9rAQISHwf/SM1vlpIaYPmkm7yflIUi6HiNlsLLSvvO 9mE5eo4AZ3d+lmfR4eb5FCYtylkGdI9Uekji9vVJ/3xYEiZWt39/ju6IA15zhajS zR71E59wa4Df49kRkB5OKAhsaWw60Dcxtb3+wQ1gdxglT6RsabwSGlQjOcGGoQtT 0RwsQXMCdfmjRpx1Xrp/fQn3iFQLMw2TyzAfwWpREy2MBnElyjknYCCKsXDYC8XY l+XpnamxLbJuJOB2itJtGpwrCugVaoLMQoqpM3EeG/2/SXiic98AvMFxnHlcsQmy JjLLE1Ki2f+bpKHtDgEz7CVHMIDR0EU1aUc2Tojb5D2aIVmWkjtf9A== =dzCo -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Wed Dec 10 06:52:57 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 10 Dec 2014 07:52:57 +0100 (CET) Subject: Sieve permissions issue following update In-Reply-To: <5487528D.6030105@blackrosetech.com> References: <548732CB.4070606@blackrosetech.com> <5487351C.7030303@localhost.localdomain.org> <5487528D.6030105@blackrosetech.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 9 Dec 2014, David Gessel wrote: > Global scripts were compiled: > > /usr/local/etc/dovecot/sieve # ls > 10-move-spam.sieve 10-move-spam.svbin > However, I ran sievec again and tried saving a modified script and got the same: Actually this "ls" output and the last sentence does not indicate that the Sieve script had been compiled: a) after changing 10-move-spam.sieve _and_ b) after the upgrade with the new Sieve tools. Did _you_ _manually_ run: cd /usr/local/etc/dovecot/sieve rm 10-move-spam.svbin sievec -D 10-move-spam.sieve ? And, is the sievec command displaying the Pigeonhole version you have installed? > -------- Original Message -------- > Subject: Re: Sieve permissions issue following update > From: Pascal Volk > To: Dovecot Mailing List > Date: Tue Dec 09 2014 20:45:00 GMT+0300 (Arabic Standard Time) > >> On 12/09/2014 05:35 PM, David Gessel wrote: >>> I recently updated dovecot and my sieve filters stopped working. Checking the logs I see: >>> >>> Dec 9 00:09:59 mailhost dovecot: lda(gessel at domain.com): Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.mailhost.domain.com.114.) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 mode=0775) >>> >>> Dec 9 00:09:59 mailhost dovecot: lda(gessel at domain.com): Error: sieve: The LDA Sieve plugin does not have permission to save global Sieve script binaries; global Sieve scripts like `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled using the sievec tool >> >> As mentioned in the error message from your logs and in the wiki >> : >> >> To mitigate this problem, the administrator must manually >> pre-compile global scripts using the sievec command line tool. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVIftyXz1H7kL/d9rAQLoLwf/bA1r7DR5AVxBUYT2R54eM8yALRJL3PLJ IfZzIAaqeoZj5JtKR84F3ApDpLRYaLw2juXeEAELV+2GJXThDIEyLzbkhA3xwPOb TViaaN1Htz3H+Scz3MDC/fxGAiNGNENGNj1GP4VJGM7DibrDOcd/pxePJjBvdKFS YzhYxAng94UZqy23CZRvsbZiHnsh1ph2C3yXhxES3Ycvgg/ETBIz98DVTfJ74b4J AEEUVnKIefWGun+WxWNgyI+p/aOSE3PyrHhmZx5ttgHhqU8KnmiKpWMaTUlpUmVb U5ddZndFIERBfuDaGUdMsW0sDORJ/XswF6O/Gp3UF4NbFmNGQv8MZg== =k9Fz -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Wed Dec 10 06:58:49 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 10 Dec 2014 07:58:49 +0100 (CET) Subject: Quota issue with mailbox. In-Reply-To: <54878960.5050805@xtranet.com.au> References: <54878960.5050805@xtranet.com.au> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 10 Dec 2014, Grant Pasley wrote: > i use imapsync to transfer mail from another imap server to this one, the > total user mailbox size is 18gb. dovecot lda tells me mailbox is full even > though i have set mailbox to unlimited. > > *the the error is:* Dec 9 19:17:01 sentinel dovecot: > lda(grant at xxxxxxx.com): > msgid=: rejected: > Quota exceeded (mailbox for user is full) > > *[root at sentinel dovecot]# grep -v '^ *\(#.*\)\?$' dovecot-mysql.conf* > driver = mysql > connect = host=localhost dbname=postfix user=postfix password=xxxxxxxx > default_pass_scheme = MD5-CRYPT > password_query = SELECT username as user, password, concat('/home/vmail/', > maildir) as userdb_home, concat('maildir:/home/vmail/', maildir) as > userdb_mail, 101 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username > = '%u' AND active = '1' > user_query = SELECT concat('/home/vmail/', maildir) as home, > concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, 12 AS gid, > CONCAT('*:messages=10000:bytes=', quota) as quota_rule FROM mailbox WHERE a) you have not set the quota to unlimited, you still limit to 10'000 messages. b) what does doveadm quota get -u grant at xxxxxxx.com say? Maybe your quota database is out of sync, try: doveadm quota recalc -u .... - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVIfvKnz1H7kL/d9rAQLAiAgAyl6A4HAXNWZt9D26ZJ24O58/0t1vTt85 WO8YHwZbg32NqMTVY5nU/rIo1P+5ETq/NaEYfVQ+ip+W+M7OE5SXymNGMmM82OIz ly6L71T4CZi6iPn0nWdIuO6hUgg8kIUPD4eU8CHIwjB4E1gAoKn3+BXXAa7TFhHY YJKNV7pF7Ema1iGkm7stplpM4/E8ppPeuWnof8BgYAg9vky3yxBAxi3qha40BGP4 hNePgmVUBKl/9bxRmytiUrZVIUQW3NCqwj0L5rQJ3I0BfbW0TjhwnJxUg7HaOSS/ ckO9wkVeolccq6T6b5lPGkWfOvCej8mYdPm8wu/a+/2j+kB/7Nomag== =kn0X -----END PGP SIGNATURE----- From sol0 at lehigh.edu Wed Dec 10 11:54:59 2014 From: sol0 at lehigh.edu (Stephen Lidie) Date: Wed, 10 Dec 2014 06:54:59 -0500 Subject: devoid mailbox status for mail reloaded from a tape backup In-Reply-To: References: <168A18AE-1AB4-4BCF-9AE2-68AF587BB95A@lehigh.edu> <23E91872-24A4-4113-995C-F8DAD87BB4BF@lehigh.edu> Message-ID: <12FF11C4-E8B4-4E1F-8936-2EA443AA1CA8@lehigh.edu> > On Dec 10, 2014, at 1:42 AM, Steffen Kaiser wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 9 Dec 2014, Stephen Lidie wrote: >>> On Dec 9, 2014, at 11:00 AM, Steffen Kaiser wrote: >>> On Tue, 9 Dec 2014, Stephen Lidie wrote: >>>>> On Dec 9, 2014, at 2:34 AM, Steffen Kaiser wrote: >>>>> On Mon, 8 Dec 2014, Stephen Lidie wrote: > >>> For me this is working, too: >>> >>> doveadm -o mail_location=maildir:/home/user2/Maildir mailbox status \ >>> -u user1 all INBOX >> >> Eureka!! The magic incantation snippet I was seeking :) I had tried, variously, placing this simple string: >> >> "mail_location=mdbox:/home/RESTORE/homeb/userName/mail:INDEX=/home/RESTORE/var/dovecot/index/userName" > >> So, where exactly did I fail to find -o documented? > > http://wiki2.dovecot.org/Tools/Doveadm > - -o is a global option. > > Dovecot v2.2.15: man doveadm > /-o > :-) > > man doveadm|egrep -i '\-o' > -o setting=value > ple settings, the -o option may be specified multiple times. > > However, I always wonder about the quoting [different shells behave differently] and would use: > > man doveadm|egrep -i -- -o The reason I did not see -o is because that option is NOT documented in the man pages for my dovecot installation, for whatever reason! Either of our egreps would have found it if only it had been there :( [root]# man doveadm|egrep -i '\-v' -v Enables verbosity, including progress counter. [root]# man doveadm|egrep -i '\-o' [root]# man doveadm|egrep -i -- -o [root]# man doveadm|egrep -i -- -v -v Enables verbosity, including progress counter. [root]# FWIW this is CentOS 7 with dovecot installed from an RPM: [root]# yum list dovecot Loaded plugins: fastestmirror, langpacks, versionlock Loading mirror speeds from cached hostfile * base: linux.cc.lehigh.edu * epel: mirror.umd.edu * extras: mirror.es.its.nyu.edu * updates: mirrors.advancedhosters.com Installed Packages dovecot.x86_64 1:2.2.10-4.el7_0.1 @updates thx/stv From teemu.huovila at dovecot.fi Wed Dec 10 12:50:37 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Wed, 10 Dec 2014 14:50:37 +0200 Subject: devoid mailbox status for mail reloaded from a tape backup In-Reply-To: <12FF11C4-E8B4-4E1F-8936-2EA443AA1CA8@lehigh.edu> References: <168A18AE-1AB4-4BCF-9AE2-68AF587BB95A@lehigh.edu> <23E91872-24A4-4113-995C-F8DAD87BB4BF@lehigh.edu> <12FF11C4-E8B4-4E1F-8936-2EA443AA1CA8@lehigh.edu> Message-ID: <5488419D.8010405@dovecot.fi> On 12/10/2014 01:54 PM, Stephen Lidie wrote: > The reason I did not see -o is because that option is NOT documented in the man pages for my dovecot installation, for whatever reason! Either of our egreps would have found it if only it had been there :( > > [root]# man doveadm|egrep -i '\-v' > -v Enables verbosity, including progress counter. > [root]# man doveadm|egrep -i '\-o' > [root]# man doveadm|egrep -i -- -o > [root]# man doveadm|egrep -i -- -v > -v Enables verbosity, including progress counter. > [root]# > > FWIW this is CentOS 7 with dovecot installed from an RPM: > > [root]# yum list dovecot > Loaded plugins: fastestmirror, langpacks, versionlock > Loading mirror speeds from cached hostfile > * base: linux.cc.lehigh.edu > * epel: mirror.umd.edu > * extras: mirror.es.its.nyu.edu > * updates: mirrors.advancedhosters.com > Installed Packages > dovecot.x86_64 1:2.2.10-4.el7_0.1 @updates Documentation for -o was added recently, it is not even on the man-pages of the 2.2.15 release. br, Teemu Huovila From r at sys4.de Wed Dec 10 13:06:21 2014 From: r at sys4.de (Ralf Hildebrandt) Date: Wed, 10 Dec 2014 14:06:21 +0100 Subject: doveadm -A operations failing due to broken mdbox In-Reply-To: <548733D8.2010303@localhost.localdomain.org> References: <20141209112318.GC509@sys4.de> <548733D8.2010303@localhost.localdomain.org> Message-ID: <20141210130621.GE9849@sys4.de> * Pascal Volk : > Are you looking for a workaround like this? > > for user in `doveadm user \*`; do doveadm purge -u $user; done Yeah! -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From r at sys4.de Wed Dec 10 13:20:54 2014 From: r at sys4.de (Ralf Hildebrandt) Date: Wed, 10 Dec 2014 14:20:54 +0100 Subject: Panic: file mail-index-sync-update.c: line 250 (sync_expunge_range): assertion failed: (count > 0) Message-ID: <20141210132054.GF9849@sys4.de> We're seeing this: % doveadm force-resync -u USERNAME INBOX doveadm(USERNAME): Panic: file mail-index-sync-update.c: line 250 (sync_expunge_range): assertion failed: (count > 0) doveadm(USERNAME): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x817ad) [0x33ab08317ad] -> /usr/lib64/dovecot/libdovecot.so.0(default_fatal_handler+0x3a) [0x33ab08318ba] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x33ab07d7570] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0xced79) [0x33ab0b7ad79] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_index_sync_record+0xc67) [0x33ab0b7ba07] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_index_sync_map+0x1a4) [0x33ab0b7bdf4] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_index_map+0x15c) [0x33ab0b6b70c] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0xba44a) [0x33ab0b6644a] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0xba5e8) [0x33ab0b665e8] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_index_open+0x88) [0x33ab0b666f8] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x45762) [0x33ab0af1762] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mdbox_map_open_or_create+0x42) [0x33ab0af1a92] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mdbox_storage_rebuild_in_context+0x10b) [0x33ab0af839b] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mdbox_sync_begin+0x222) [0x33ab0af61f2] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mdbox_sync+0x45) [0x33ab0af67d5] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mdbox_storage_sync_init+0xa8) [0x33ab0af68e8] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x3d) [0x33ab0b2490d] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) [0x33ab0b24a87] -> doveadm(+0x1c0dc) [0x5a1f7f90dc] -> doveadm(+0x1bd1b) [0x5a1f7f8d1b] -> doveadm(doveadm_mail_try_run+0x267) [0x5a1f7f9d37] -> doveadm(main+0x404) [0x5a1f7f5a64] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x33ab042cd55] -> doveadm(+0x18cb9) [0x5a1f7f5cb9] # doveadm quota get -u USERNAME Quota name Type Value Limit % user STORAGE 4587 3145728 0 user MESSAGE 3 - 0 The user has an EMPTY mailbox with 3 folders (when connecting via IMAP) But looking in $HOME, I'm seeing: # du -sh . 1.6G. The user cannot receive mail: Dec 10 14:09:57 lmtp(86133, USERNAME): Fatal: master: service(lmtp): child 86133 killed with signal 6 (core dumps disabled) Dec 10 14:09:57 lmtp(106153, USERNAME): Fatal: master: service(lmtp): child 106153 killed with signal 6 (core dumps disabled) -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From teemu.huovila at dovecot.fi Wed Dec 10 13:34:05 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Wed, 10 Dec 2014 15:34:05 +0200 Subject: Panic: file mail-index-sync-update.c: line 250 (sync_expunge_range): assertion failed: (count > 0) In-Reply-To: <20141210132054.GF9849@sys4.de> References: <20141210132054.GF9849@sys4.de> Message-ID: <54884BCD.3080203@dovecot.fi> On 12/10/2014 03:20 PM, Ralf Hildebrandt wrote: > We're seeing this: > > % doveadm force-resync -u USERNAME INBOX > > doveadm(USERNAME): Panic: file mail-index-sync-update.c: line 250 (sync_expunge_range): assertion failed: (count > 0) This was probably fixed in http://hg.dovecot.org/dovecot-2.2/rev/1886e0616ab5 (and cosmetically in http://hg.dovecot.org/dovecot-2.2/rev/56dca338f46b). I can not say for sure though, since your report is lacking some details. For future refrence, please read http://www.dovecot.org/bugreport.html carefully. br, Teemu Huovila From list_dovecot at bluerosetech.com Wed Dec 10 14:35:30 2014 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Wed, 10 Dec 2014 06:35:30 -0800 Subject: Renaming directories with subdirectories over IMAP In-Reply-To: References: Message-ID: <54885A32.4010400@bluerosetech.com> On 12/9/2014 6:08 PM, ????? ??????? ????????? wrote: > I?ve a problem with renaming directories with subdirectories. > > In root directory I create directory named ?lvl1? with subdirectory ?lvl2? > > When I rename directory lvl1 to lvl1-new I get: > 1. /lvl1-new with subdir lvl2 but I can use only /lvl1-new and not > /lvl1-new/lvl2 > 2. /lvl1 with subdir lvl2 but I can use only /lvl1/lvl2 and not /lvl1 > > Is it a feature or a bug? > > If bug is there a fix? It's a feature of IMAP that you can have folders with missing parents. It's a bug of your mail client that it isn't recursively renaming folders. From sol0 at lehigh.edu Wed Dec 10 14:44:04 2014 From: sol0 at lehigh.edu (Stephen Lidie) Date: Wed, 10 Dec 2014 09:44:04 -0500 Subject: devoid mailbox status for mail reloaded from a tape backup In-Reply-To: <5488419D.8010405@dovecot.fi> References: <168A18AE-1AB4-4BCF-9AE2-68AF587BB95A@lehigh.edu> <23E91872-24A4-4113-995C-F8DAD87BB4BF@lehigh.edu> <12FF11C4-E8B4-4E1F-8936-2EA443AA1CA8@lehigh.edu> <5488419D.8010405@dovecot.fi> Message-ID: <25340707-B8F5-40A9-9DE9-3E8EEDB670C0@lehigh.edu> > On Dec 10, 2014, at 7:50 AM, Teemu Huovila wrote: > > Documentation for -o was added recently, it is not even on the man-pages of the 2.2.15 release. Thank you, Steve From hanns at hannsmattes.de Wed Dec 10 20:13:56 2014 From: hanns at hannsmattes.de (Hanns Mattes) Date: Wed, 10 Dec 2014 21:13:56 +0100 Subject: Replication and Sieve Message-ID: <5488A984.9010407@hannsmattes.de> Hi, I've got two servers set up for replication, which is working fine - except the sieve scripts. While the first replication, the existing rules have been replicated well. Also the activation/Deactivation seems to work. But Changes to the rules doesn't seem to be transferred. Configuration should be the same as the other server, except for mail_replica dovecot -n: # 2.2.15: /etc/dovecot/dovecot.conf # OS: Linux 3.7.10-1.40-desktop x86_64 openSUSE 12.3 (x86_64) auth_master_user_separator = * auth_mechanisms = plain login digest-md5 cram-md5 apop auth_verbose = yes doveadm_password = strenggeheim doveadm_port = 54321 mail_location = maildir:~/Maildir mail_plugins = " quota fts fts_lucene trash zlib notify replication" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { fts = lucene fts_autoindex = yes fts_lucene = whitespace_chars=@. mail_replica = tcps:mail.bruecko.de quota = maildir:User quota quota_exceeded_message = Storage quota for this account has been exceeded, please try again later. quota_grace = 100M quota_rule = *:storage=1000M quota_rule2 = Trash:storage=+10%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full / Mailbox ist voll quota_status_success = DUNNO quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u quota_warning3 = storage=75%% quota-warning 75 %u sieve = /virtualmail/%Ld/%Ln/.dovecot.sieve sieve_dir = /virtualmail/%Ld/%Ln/sieve sieve_global_dir = /virtualmail sieve_max_redirects = 32 trash = /etc/dovecot/dovecot-trash.conf.ext zlib_save = gz zlib_save_level = 6 } postmaster_address = admin at 93er.net protocols = imap pop3 lmtp sieve service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service doveadm { inet_listener { port = 54321 ssl = yes } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { inet_listener lmtp { address = 127.0.0.1 port = 24 } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12340 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl_cert = Hi! I have lots of these files: /home/wiz/Mail/my-folder-name/cur/.imap/1238738125.13533_23713.danbala:2,S/dovecot.index.log What are they for? Why are they here? Can I remove them? Thomas From h.reindl at thelounge.net Wed Dec 10 20:26:31 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 10 Dec 2014 21:26:31 +0100 Subject: dovecot.index.log files: what are they? In-Reply-To: <20141210201911.GB23889@danbala.tuwien.ac.at> References: <20141210201911.GB23889@danbala.tuwien.ac.at> Message-ID: <5488AC77.7050605@thelounge.net> Am 10.12.2014 um 21:19 schrieb Thomas Klausner: > I have lots of these files: > > /home/wiz/Mail/my-folder-name/cur/.imap/1238738125.13533_23713.danbala:2,S/dovecot.index.log > > What are they for? > Why are they here? > Can I remove them? RTFM: http://wiki2.dovecot.org/IndexFiles https://www.google.at/search?q=dovecot.index.log -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From tk at giga.or.at Wed Dec 10 20:48:44 2014 From: tk at giga.or.at (Thomas Klausner) Date: Wed, 10 Dec 2014 21:48:44 +0100 Subject: dovecot.index.log files: what are they? In-Reply-To: <5488AC77.7050605@thelounge.net> References: <20141210201911.GB23889@danbala.tuwien.ac.at> <5488AC77.7050605@thelounge.net> Message-ID: <20141210204844.GA3456@danbala.tuwien.ac.at> On Wed, Dec 10, 2014 at 09:26:31PM +0100, Reindl Harald wrote: > > Am 10.12.2014 um 21:19 schrieb Thomas Klausner: > >I have lots of these files: > > > >/home/wiz/Mail/my-folder-name/cur/.imap/1238738125.13533_23713.danbala:2,S/dovecot.index.log > > > >What are they for? > >Why are they here? > >Can I remove them? > > RTFM: http://wiki2.dovecot.org/IndexFiles Thanks, but I had read this. I still don't know what they are good for, why they stay there for days and if I can remove them. After all, they are not the caches, but some "transaction logs" (I don't know what this is). Thomas From h.reindl at thelounge.net Wed Dec 10 21:16:45 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 10 Dec 2014 22:16:45 +0100 Subject: dovecot.index.log files: what are they? In-Reply-To: <20141210204844.GA3456@danbala.tuwien.ac.at> References: <20141210201911.GB23889@danbala.tuwien.ac.at> <5488AC77.7050605@thelounge.net> <20141210204844.GA3456@danbala.tuwien.ac.at> Message-ID: <5488B83D.5060602@thelounge.net> Am 10.12.2014 um 21:48 schrieb Thomas Klausner: > On Wed, Dec 10, 2014 at 09:26:31PM +0100, Reindl Harald wrote: >> >> Am 10.12.2014 um 21:19 schrieb Thomas Klausner: >>> I have lots of these files: >>> >>> /home/wiz/Mail/my-folder-name/cur/.imap/1238738125.13533_23713.danbala:2,S/dovecot.index.log >>> >>> What are they for? >>> Why are they here? >>> Can I remove them? >> >> RTFM: http://wiki2.dovecot.org/IndexFiles > > Thanks, but I had read this. > > I still don't know what they are good for, why they stay there for > days and if I can remove them. After all, they are not the caches, but > some "transaction logs" (I don't know what this is) http://en.wikipedia.org/wiki/Transaction_log why don't you just keep your fingers from data maintained by a server application? it's not your business to touch them -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From jtam.home at gmail.com Wed Dec 10 21:44:43 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Wed, 10 Dec 2014 13:44:43 -0800 (PST) Subject: dovecot.index.log files: what are they? In-Reply-To: References: Message-ID: Thomas Klausner writes: >> RTFM: http://wiki2.dovecot.org/IndexFiles > > Thanks, but I had read this. > > I still don't know what they are good for, why they stay there for > days and if I can remove them. After all, they are not the caches, but > some "transaction logs" (I don't know what this is). Re-read the page, all the way to the bottom. Interpreting the last section: The transaction log records recent changes to a mailbox, and together with the index, gives the current state of the mailbox. This is an I/O optimization so that mailbox states changes are quickly updated without having to compare an entire index file with the last (in-memory?) index. For large mailboxes, this can save a lot of I/O. It may persist because updates to the indices are not done immediately (again, possibly to reduce I/O), so the current mailbox state is reflected by the index file *and* deltas in the transaction log. I suspect that you could remove the transaction logs (if you do not use dbox) and dovecot should rebuild them (or more likely, rebuild the indices). Joseph Tam From grant at xtranet.com.au Thu Dec 11 00:26:48 2014 From: grant at xtranet.com.au (Grant Pasley) Date: Thu, 11 Dec 2014 02:26:48 +0200 Subject: Quota issue with mailbox. In-Reply-To: References: <54878960.5050805@xtranet.com.au> Message-ID: <5488E4C8.8000307@xtranet.com.au> thank you steffen - did not pick that up, it was the CONCAT('*:messages=10000:bytes=', quota) i set it to CONCAT('*:messages=:bytes=', quota) and it now works perfectly! On 12/10/2014 8:58 AM, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 10 Dec 2014, Grant Pasley wrote: > >> i use imapsync to transfer mail from another imap server to this one, >> the total user mailbox size is 18gb. dovecot lda tells me mailbox is >> full even though i have set mailbox to unlimited. >> >> *the the error is:* Dec 9 19:17:01 sentinel dovecot: >> lda(grant at xxxxxxx.com): >> msgid=: >> rejected: Quota exceeded (mailbox for user is full) >> >> *[root at sentinel dovecot]# grep -v '^ *\(#.*\)\?$' dovecot-mysql.conf* >> driver = mysql >> connect = host=localhost dbname=postfix user=postfix password=xxxxxxxx >> default_pass_scheme = MD5-CRYPT >> password_query = SELECT username as user, password, >> concat('/home/vmail/', maildir) as userdb_home, >> concat('maildir:/home/vmail/', maildir) as userdb_mail, 101 as >> userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' AND >> active = '1' >> user_query = SELECT concat('/home/vmail/', maildir) as home, >> concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, 12 AS >> gid, CONCAT('*:messages=10000:bytes=', quota) as quota_rule FROM >> mailbox WHERE > > a) you have not set the quota to unlimited, you still limit to 10'000 > messages. > > b) what does > doveadm quota get -u grant at xxxxxxx.com > say? Maybe your quota database is out of sync, try: > doveadm quota recalc -u .... > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBVIfvKnz1H7kL/d9rAQLAiAgAyl6A4HAXNWZt9D26ZJ24O58/0t1vTt85 > WO8YHwZbg32NqMTVY5nU/rIo1P+5ETq/NaEYfVQ+ip+W+M7OE5SXymNGMmM82OIz > ly6L71T4CZi6iPn0nWdIuO6hUgg8kIUPD4eU8CHIwjB4E1gAoKn3+BXXAa7TFhHY > YJKNV7pF7Ema1iGkm7stplpM4/E8ppPeuWnof8BgYAg9vky3yxBAxi3qha40BGP4 > hNePgmVUBKl/9bxRmytiUrZVIUQW3NCqwj0L5rQJ3I0BfbW0TjhwnJxUg7HaOSS/ > ckO9wkVeolccq6T6b5lPGkWfOvCej8mYdPm8wu/a+/2j+kB/7Nomag== > =kn0X > -----END PGP SIGNATURE----- --- This email has been checked for viruses by Avast antivirus software. http://www.avast.com From gessel at blackrosetech.com Thu Dec 11 02:56:19 2014 From: gessel at blackrosetech.com (David Gessel) Date: Thu, 11 Dec 2014 05:56:19 +0300 Subject: Sieve permissions issue following update [solved] In-Reply-To: References: <548732CB.4070606@blackrosetech.com> <5487351C.7030303@localhost.localdomain.org> <5487528D.6030105@blackrosetech.com> Message-ID: <548907D3.7090107@blackrosetech.com> -------- Original Message -------- Subject: Re: Sieve permissions issue following update From: Steffen Kaiser To: David Gessel Date: Wed Dec 10 2014 09:52:57 GMT+0300 (Arabic Standard Time) > > Actually this "ls" output and the last sentence does not indicate that the Sieve script had been compiled: a) after changing 10-move-spam.sieve _and_ b) after the upgrade with the new Sieve tools. Good point. > > Did _you_ _manually_ run: > > cd /usr/local/etc/dovecot/sieve > rm 10-move-spam.svbin Ut oh... I did not rm the existing svbin. > sievec -D 10-move-spam.sieve > > ? And, is the sievec command displaying the Pigeonhole version you have installed? And the -D directive is very useful, thanks: # rm 10-move-spam.svbin # sievec -D 10-move-spam.sieve sievec(gessel): Debug: sieve: Pigeonhole version 0.4.6 (3e924b1b6c5c+) initializing sievec(gessel): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. sievec(gessel): Debug: sieve: file storage: Using script storage path: 10-move-spam.sieve sievec(gessel): Debug: sieve: file script: Opened script `10-move-spam' from `10-move-spam.sieve' sievec(gessel): Debug: sieve: Script `10-move-spam' from 10-move-spam.sieve successfully compiled and watching the logs: dovecot: lda(gessel at blackrosetech.com): sieve: msgid=: stored mail into mailbox 'INBOX' Success! The permissions correction portion of the error below still seems wrong though, isn't it? And if so, a little misleading. Dec 9 00:09:59 mailhost dovecot: lda(gessel at domain.com): Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.mailhost.domain.com.114.) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 mode=0775) Does it seem reasonable to let the port maintainer know to submit a request to include instructions in /usr/ports/UPDATING for recompiling global scripts when necessary (and how to do it)? I checked before posting to the list and the last entry for sieve is this one: 20090828: AFFECTS: users of mail/dovecot and mail/dovecot-sieve AUTHOR: yds at CoolRat.org dovecot-sieve has been updated to a new implementation compatible with dovecot 1.2.x. For details of what this means please refer to: http://wiki.dovecot.org/LDA/Sieve/Dovecot#Migration_from_CMUSieve From skdovecot at smail.inf.fh-brs.de Thu Dec 11 10:01:23 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 11 Dec 2014 11:01:23 +0100 (CET) Subject: Sieve permissions issue following update [solved] In-Reply-To: <548907D3.7090107@blackrosetech.com> References: <548732CB.4070606@blackrosetech.com> <5487351C.7030303@localhost.localdomain.org> <5487528D.6030105@blackrosetech.com> <548907D3.7090107@blackrosetech.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 11 Dec 2014, David Gessel wrote: > and watching the logs: > dovecot: lda(gessel at blackrosetech.com): sieve: msgid=: stored mail into mailbox 'INBOX' > > Success! :-) > The permissions correction portion of the error below still seems wrong though, isn't it? And if so, a little misleading. > > Dec 9 00:09:59 mailhost dovecot: lda(gessel at domain.com): Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.mailhost.domain.com.114.) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 mode=0775) Well, the error is not wrong by itself. An user gets a new message, in order to run the user's Sieve script, the LDA must load the sieve_before script. This is out-of-sync currently, because of the upgrade, and hence must be re-compiled and its binary form storred there. One could argue, if: a) in case of failure the binary should be written somewhere else, e.g. a temporary location and re-compiled each time a message arrives, or into the user's home dir, or ... The current way tells the admin, that something is wrong. b) sieve_before/after scripts chould be textually merged with user's scripts and storred as one combined binary in the user's directory. A change of a global script would impact all user scripts then, a message to everyone would require quite a bit CPU. > Does it seem reasonable to let the port maintainer know to submit a request to include instructions in /usr/ports/UPDATING for recompiling global scripts when necessary (and how to do it)? I checked before posting to the list and the last entry for sieve is this one: You could file a bug report in your distro's bug tracking software. If these are standard locations - I mean, you did not changed the paths to point somewhere else -, the upgrade should recompile shared Sieve scripts. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVIlrdHz1H7kL/d9rAQLYBAf/bzt+3OLt6f236hd4N8fWOjo6dXJ5Cc5X EJOHKcyMeHIzVSl2GkM6ckKkfRuIIjmK5DW3h36JhaIx7wh2nQJZnNPj0xCub6hK 4xE/HRoqfpnhW36Z5XvPZc656N8ut+gx0phnHxk11K1iV8kPHQsNy29d9213UWVP yoVzaVLMBHYBRSMGIpU+10MRiSfFAbBce4mBWZ5Dt0bSUHXs5cDGRnRwH7HAvr6l k2xeBmLf4oME7Y6/Ja75CWcHnnMlTMCp4J//zfHQnsrV7nFjEMiESU8MH3Z0IXqL z4t9MVRdGWb17Sa4W22/LdainnxFcSKWR4dGX6bNu6qYLdApKXHzkQ== =4TlD -----END PGP SIGNATURE----- From bruell at simiatech.com Thu Dec 11 11:16:22 2014 From: bruell at simiatech.com (=?UTF-8?B?UGhpbGlwcCBCcsO8bGw=?=) Date: Thu, 11 Dec 2014 12:16:22 +0100 Subject: stacking istreams and ostreams Message-ID: <54897D06.2070607@simiatech.com> Hello, I'm developing an encryption plugin for dovecot and ran into a problem with the stacking of i/o-streams. The encryption i/o-streams are working fine on any kind of mail the test suite is passing through them. But as soon as the zlib plugin is enabled the logs show an cache error: failed: Cached message size larger than expected (214 > 206, box=INBOX, UID=1) I've already double-checked the return values of ostream's sendv and istream's read function. They seem correct (and equal). If the order of the streams are changed (by changing the number in the lib-filename libxx_scrambler.so); meaning that the encryption is done before the compression (which isn't efficient) both streams are working correct without any errors. Is there some way the zlib plugin changes the cached message size? Is there some behaviour of the zlib plugin that I'm missing? Any help would be very welcome. Best regards, Philipp -- simia.tech GbR http://simiatech.com From tk at giga.or.at Thu Dec 11 12:58:48 2014 From: tk at giga.or.at (Thomas Klausner) Date: Thu, 11 Dec 2014 13:58:48 +0100 Subject: dovecot & Apple Mail & maildir & lots of Mail In-Reply-To: <20141121215238.GK12758@danbala.tuwien.ac.at> References: <20141121215238.GK12758@danbala.tuwien.ac.at> Message-ID: <20141211125847.GA14503@danbala.tuwien.ac.at> On Fri, Nov 21, 2014 at 10:52:38PM +0100, Thomas Klausner wrote: > I have dovecot 2.1.12 running on a mail server, and recently > configured Apple Mail to connect to it using secure IMAP, for the > first time. > > At the beginning it just showed the inbox and everything was fine, but > then I wanted to look at some of my folders and found the 'subscribe' > menu. When I opened it, Apple Mail went to discover what mailboxes > there are, and that's where my trouble began. > > It seemed to make good progress for some time (though slow -- over > days), and now lists the mailboxes from starting with letters a to d > on the left hand side (filling all the visible space, so there might > be more). However, whenever Apple Mail gets focus, the cursor becomes > a spinning rainbow circle and I can't interact with it. > > I tried deleting the mail account and setting it up again. The inbox > was shown again immediately and Apple Mail was usable, but the first > time the cursor moved over the mailboxes on the left hand side, it > froze again. > > There were two imap processes on the server, one rather idle, the > other eating CPU for about two minutes, then idling, and some time > later it disappeared too. > > My Mail directory is 31G with about 180 directories, each containing > mails in maildir format. > > Has anyone had similar issues? > > Is my maildir too big for dovecot too handle? > > How can I debug this? I finally found out what the problem was. My mail is in the folder "$HOME/Mail". For that reason, dovecot assumed I must be using mboxes (even though it only contains maildirs), and handled each mail = maildir file as a separate mbox. I've renamed "$HOME/Mail" to "$HOME/Maildir" and configured procmail and mutt to look there, and now it works fine even with Apple Mail. Thomas From tk at giga.or.at Thu Dec 11 13:00:02 2014 From: tk at giga.or.at (Thomas Klausner) Date: Thu, 11 Dec 2014 14:00:02 +0100 Subject: dovecot.index.log files: what are they? In-Reply-To: <20141210201911.GB23889@danbala.tuwien.ac.at> References: <20141210201911.GB23889@danbala.tuwien.ac.at> Message-ID: <20141211130002.GB14503@danbala.tuwien.ac.at> On Wed, Dec 10, 2014 at 09:19:11PM +0100, Thomas Klausner wrote: > Hi! > > I have lots of these files: > > /home/wiz/Mail/my-folder-name/cur/.imap/1238738125.13533_23713.danbala:2,S/dovecot.index.log > > What are they for? > Why are they here? > Can I remove them? This was a by-product of dovecot thinking that I had mbox mailboxes, while they were maildir mailboxes. So dovecot created one of these _for every single mail_, which is why I had so many of them. Thomas From jiri.frant at gmail.com Thu Dec 11 16:19:02 2014 From: jiri.frant at gmail.com (=?UTF-8?B?SmnFmcOtIEZyYW50acWhZWs=?=) Date: Thu, 11 Dec 2014 16:19:02 +0000 Subject: mdbox backup strategy Message-ID: Hi, now we backup maildir with rdiff-backup every single day. Backup takes almost 20hours. I would like to switch to mdbox, but how to acomplish possibility of restore emails from any date what I want? Now if I need to restore mails from the day before yesterday I put the right date to parametrs of rdiff-backup restore command and I get what I want. But if I use doveadm backup I have backup only from last run. Because we have tens of TB email I couldn't do full backup every single day. Is it possible to restore state of mailbox from backup run before the last run if I use doveadm? I don't want do full backup every day, because backup storage is not unlimited. Thank you Jiri From dominik at dominikbreu.de Thu Dec 11 17:14:36 2014 From: dominik at dominikbreu.de (Dominik Breu) Date: Thu, 11 Dec 2014 18:14:36 +0100 Subject: Migrate with Dsync Message-ID: <1418318076.5546.2.camel@dominikbreu.de> Hello List, i have a simple and maybe stupid question but, read the guide on http://wiki2.dovecot.org/Migration/Dsync now i wonder where to put this configuration ? May i oversee something but i would appreciate any hint toward solving my problem. regards, dominik From andy at xecu.net Thu Dec 11 18:49:47 2014 From: andy at xecu.net (Andy Dills) Date: Thu, 11 Dec 2014 13:49:47 -0500 Subject: Error: =?UTF-8?Q?mremap=5Fanon=28=23=23=23=29=20failed=3A=20C?= =?UTF-8?Q?annot=20allocate=20memory?= In-Reply-To: <54855C4C.3070904@dovecot.fi> References: <20141207194708.X197@shell.xecu.net> <54855C4C.3070904@dovecot.fi> Message-ID: On 12/08/2014 03:07, Teemu Huovila wrote: > A config would always be useful, but I can venture a guess. Perhaps the > affected users have a dovecot.index.cache file > somehwere, e.g. under INBOX, that is larger than the memory limit for > the lmtp process. Try increasing "default_vsz_limit" or > the "service lmtp { vsz_limit }". Removing the overly large index cache > file should also, temporarily, help. In case you do > not get this error from the imap/pop3 processes, perhaps you have > already set a higher vsz_limit for those? Teemu, Thanks for your suggestion. I checked the output of doveconf, and by default it appears the vsz_limit is set to 18446744073709551615B for each of the services, and 256M for default_vsz_limit. I checked a user in question, and their index.cache was indeed large, 123M. Seemingly needlessly so, as I deleted the dovecot files and reindexed, and now it's 6K. Thanks, I'll keep an eye on the users this affects and try to get their index.cache in order. Thanks, Andy From gessel at blackrosetech.com Thu Dec 11 23:10:20 2014 From: gessel at blackrosetech.com (David Gessel) Date: Fri, 12 Dec 2014 02:10:20 +0300 Subject: Sieve permissions issue following update [!solved] :-( In-Reply-To: References: <548732CB.4070606@blackrosetech.com> <5487351C.7030303@localhost.localdomain.org> <5487528D.6030105@blackrosetech.com> <548907D3.7090107@blackrosetech.com> Message-ID: <548A245C.1080604@blackrosetech.com> Deleting the .svbin and recreating the .svbin script seems to have changed something, but didn't solve the whole problem (or not quite?). I still read the error messages incorrectly, but more on that below. I have a bit more data on the problem preventing sorting. Sieve scripts are failing only for my auto-filing system for mailing lists which uses a sub-directory system, as in: Lists/LowVol Lists/Dovecot etc. (please note that this worked fine before the recent update to 0.4.6) The scripts that fileinto a top level directory such as "Spam" work fine, the ones that fileinto a second level directory barf out. All of them give the errors as below, but I see now that messages that are supposed to go to the lists directory ALSO give this error (which was a bit obfuscated): "sieve: Execution of script /mail/blackrosetech.com/gessel//.dovecot.sieve;name=base failed, but implicit keep was successful (user logfile /mail/blackrosetech.com/gessel//.dovecot.sieve.log may reveal additional details)" which tells me that error: msgid=<548991BC.3060002 at uti.at>: failed to store into mailbox 'Lists/Libtech': Invalid mailbox name: Name must not have '/' characters. (apparently a new requirement, because the script was definitely working before the update: much mail properly sorted). Now to look up the new sub-directory delimiter: and "." works. SOLVED for realz this time. I believe this is true: depending on the dovecot storage mode, if you were successfully sieving into sub-directories delimited by "/" and it stopped working recently, try "." as the delimiter, so instead of fileinto "directory/subdirectory"; use fileinto "directory.subdirectory"; But I still get the permission errors in my logs. Dec 11 10:21:11 shiofuki dovecot: lda(gessel at blackrosetech.com): sieve: msgid=<9e56b4975f015949469c6e5400c32bfb.6925371.5157717 at ets099.teensywrite.us>: stored mail into mailbox 'Junk' Now I would argue that at this point both the first error and second error are factually wrong, though I could be misinterpreting things, and I suspect that some bug was introduced in the update I applied that is at the root of the problems as I haven't changed anything in my mail configuration: merely Working fine -update using portmaster -Rafd Sieve is not working (with the errors above). As for the reported errors, and I realize I may be completely reading this wrong, but I would parse the error messages as: "Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.shiofuki.blackrosetech.com.60095.)" -> This seems to indicate that sieve tried to save the file /usr/local/etc/dovecot/sieve/10-move-spam.svbin.shiofuki.blackrosetech.com.60095 and an error condition resulted which is being reported as not being able to save the file. "failed: Permission denied" -> This seems to indicate that sieve believes there is a permissioning problem. "(euid=5000(vmail) egid=5000(vmail)" -> I interpret this as reporting the user that sieve thinks should have permission to write to the target directory, which is what I would expect it to be. "missing +w perm: /usr/local/etc/dovecot/sieve" -> I could be totally wrong here, but I read this as sieve believing that the "vmail" user does not have write permission in the directory "/usr/local/etc/dovecot/sieve" which is incorrect. I am not sure how this can be other than an sieve bug. "we're not in group 6(mail)" -> I'm reading "we're" as referring to user "vmail," which is also incorrect. "vmail" is in group 6(mail). I am not sure this can be other than a sieve bug. "dir owned by 143:6 mode=0775" -> This is correct: the directory /usr/local/etc/dovecot/sieve is owned by 143:6. But user "vmail" is in group 6. Next, dovecot reports an error on behalf of sieve. This seems to be a continuation of the original error in that it also references what reads as the same "permission error" but comes to a different conclusion as to the cause of the error - that the global script needs to be compiled with sievec. "dovecot: lda(gessel at blackrosetech.com): Error: sieve: The LDA Sieve plugin does not have permission to save global Sieve script binaries; global Sieve scripts like `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled using the sievec tool" "The LDA Sieve plugin does not have permission to save global Sieve script binaries" -> this is the reported error condition - a permissions problem which is probably coming from sieve, but is incorrect. Sieve does have permission to write to the folder. "global Sieve scripts like `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled using the sievec tool" -> I'm sure this is true, but since the underlying problem was not fixed by deleting the svbin file and recreating it with sievec, I think we can be confident that the prescription for the reported permission error will not fix the error. Testing whether this is really a new and somewhat improperly reported permissioning problem, I changed the permissions of /usr/local/etc/dovecot/sieve/ to 777 and the errors went away. I could be wrong, but I think this proves that: 1) The first warning from sieve about a permission error is correct but the proposed solution, that vmail should be in group 6 that owns the directory and does have write permission is wrong. Sieve is now (since the update?) trying to write to the directory as some user other than "vmail" since vmail definitely is in group 6, group 6 has write permissions, and changing folder permissions to 777 from 775 makes the error go away. 2) The second warning from dovecot about a permission error is also correct, but the proposed solution, that scripts need to be complied, is not actually relevant. Now to try to figure out what user sieve is operating as... ... and I haven't a clue other than vmail. Is it possible that the new upgrade changed the name of the user that is being tested against the permissions of the target folder and that is causing sieve to fail? Is it possible that the target folder for the temporary file that needs to be written has changed? Perhaps that this temporary directory is called on during a "fileinto" command? And perhaps that it isn't the global script that is the problem, but rather in user scripts? (or that it was both, but the global script was fixed by deleting it and recompiling it)? While it is reasonable to presume that there's an easy fix, or that I'm doing something stupid (especially as it doesn't seem that anyone else is having problems), there was a big change in the storage code between 0.4.3 and 0.4.4 and minor changes between 0.4.4 and 0.4.6. I would have been running 0.4.3 before I updated based on the release dates to FreeBSD ports. -David -------- Original Message -------- Subject: Re: Sieve permissions issue following update [solved] From: Steffen Kaiser To: David Gessel Date: Thu Dec 11 2014 13:01:23 GMT+0300 (Arabic Standard Time) > On Thu, 11 Dec 2014, David Gessel wrote: > >> and watching the logs: >> dovecot: lda(gessel at blackrosetech.com): sieve: msgid=: stored mail into mailbox 'INBOX' > >> Success! > > :-) > >> The permissions correction portion of the error below still seems wrong though, isn't it? And if so, a little misleading. > >> Dec 9 00:09:59 mailhost dovecot: lda(gessel at domain.com): Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.mailhost.domain.com.114.) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 mode=0775) > > Well, the error is not wrong by itself. An user gets a new message, in order to run the user's Sieve script, the LDA must load the sieve_before script. This is out-of-sync currently, because of the upgrade, and hence must be re-compiled and its binary form storred there. > > One could argue, if: > > a) in case of failure the binary should be written somewhere else, e.g. a temporary location and re-compiled each time a message arrives, or into the user's home dir, or ... > The current way tells the admin, that something is wrong. Something is definitely wrong, that's true, but the reported error is misleading. It is very clear about what the problem is interpreted to be, which is just as clearly wrong. > > b) sieve_before/after scripts chould be textually merged with user's scripts and storred as one combined binary in the user's directory. > A change of a global script would impact all user scripts then, a message to everyone would require quite a bit CPU. > >> Does it seem reasonable to let the port maintainer know to submit a request to include instructions in /usr/ports/UPDATING for recompiling global scripts when necessary (and how to do it)? I checked before posting to the list and the last entry for sieve is this one: > > You could file a bug report in your distro's bug tracking software. If these are standard locations - I mean, you did not changed the paths to point somewhere else -, the upgrade should recompile shared Sieve scripts. > > -- Steffen Kaiser > From dovecot at randy.pensive.org Fri Dec 12 00:43:10 2014 From: dovecot at randy.pensive.org (Randall Gellens) Date: Thu, 11 Dec 2014 16:43:10 -0800 Subject: Can't get shared public folders working Message-ID: I'm trying to use a shared public namespace. Clients say it exists, but sieve scripts can't write to it. The configuration in /etc/dovecot/conf.d/10-mail.conf: # Shared namespace for Foo stuff namespace { type = public separator = '/' prefix = "#Foo/" location = maildir:/local/mnt/mail/shared:INDEXPVT=/local/mnt/mail/%n/shared:LAYOUT=fs # Use the default namespace for saving subscriptions. #subscriptions = no # List the shared/ namespace only if there are visible shared mailboxes. #list = children } I created the location, owned by the vmail user: $ ls -ld /local/mnt/mail/shared drwxr-xr-x 4 vmail vmail 4096 Dec 11 12:38 /local/mnt/mail/shared I created the subfolders, verified that they are there. Also, I see that Dovecot created a dovecot.mailbox.log file: $ ls -l /local/mnt/mail/shared total 12 -rw-r--r-- 1 vmail vmail 96 Dec 11 12:38 dovecot.mailbox.log drwxr-xr-x 3 vmail vmail 4096 Dec 11 12:37 Foo-Bugs drwxr-xr-x 3 vmail vmail 4096 Dec 11 12:38 Foo-Patches The dovecot.mailbox.log file is empty: $ more /local/mnt/mail/shared/dovecot.mailbox.log The intermediate folder is empty: $ ls -l /local/mnt/mail/shared/Foo-Bugs/ total 4 drwxr-xr-x 5 vmail vmail 4096 Dec 11 12:36 Foo-Bugs-New The mailbox has some folders in it: $ ls -l /local/mnt/mail/shared/Foo-Bugs/Foo-Bugs-New/ total 12 drwxr-xr-x 2 vmail vmail 4096 Dec 11 12:36 cur drwxr-xr-x 2 vmail vmail 4096 Dec 11 12:36 new drwxr-xr-x 2 vmail vmail 4096 Dec 11 12:36 tmp They seem to be empty: $ ls -l /local/mnt/mail/shared/Foo-Bugs/Foo-Bugs-New/* /local/mnt/mail/shared/Foo-Bugs/Foo-Bugs-New/cur: The Sieve log insists the mailbox doesn't exist: $ more /local/mnt/home/Foo-bugs/.dovecot.sieve.log sieve: info: started log at Dec 11 15:35:20. error: msgid=: failed to store into mailbox '#Foo/Q popper-Bugs/Foo-Bugs-New': Mailbox doesn't exist: #Foo/Foo-Bugs/Foo-Bugs-New. info: msgid=: stored mail into mailbox 'INBOX'. But if I telnet into the server, the mailbox shows up: a1 list "" * * LIST (\HasNoChildren \Junk) "/" Junk * LIST (\Noselect \HasChildren) "/" #Foo * LIST (\Noselect \HasChildren) "/" #Foo/Foo-Patches * LIST (\HasNoChildren) "/" #Foo/Foo-Patches/Foo-Patches-New * LIST (\Noselect \HasChildren) "/" #Foo/Foo-Bugs * LIST (\HasNoChildren) "/" #Foo/Foo-Bugs/Foo-Bugs-New * LIST (\HasNoChildren) "/" INBOX a1 OK List completed. And I can SELECT it: a2 select "#Foo/Foo-Bugs/Foo-Bugs-New" * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 1418343553] UIDs valid * OK [UIDNEXT 1] Predicted next UID * OK [NOMODSEQ] No permanent modsequences a2 OK [READ-WRITE] Select completed (0.006 secs). So why can't the Sieve script store into it? -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- Broad-mindedness: The result of flattening high-mindedness out. From dovecot at randy.pensive.org Fri Dec 12 01:02:59 2014 From: dovecot at randy.pensive.org (Randall Gellens) Date: Thu, 11 Dec 2014 17:02:59 -0800 Subject: [Corrected] Can't get shared public folders working Message-ID: I'm trying to use a shared public namespace. My mail client says it exists, and I can telnet in and SELECT it, but sieve scripts can't write to it. The configuration in /etc/dovecot/conf.d/10-mail.conf: # Shared namespace for Foo stuff namespace { type = public separator = '/' prefix = "#Foo/" location = maildir:/local/mnt/mail/shared:INDEXPVT=/local/mnt/mail/%n/shared:LAYOUT=fs # Use the default namespace for saving subscriptions. #subscriptions = no # List the shared/ namespace only if there are visible shared mailboxes. #list = children } I created the location, owned by the vmail user: $ ls -ld /local/mnt/mail/shared drwxr-xr-x 4 vmail vmail 4096 Dec 11 12:38 /local/mnt/mail/shared I created the subfolders, verified that they are there. Also, I see that Dovecot created a dovecot.mailbox.log file: $ ls -l /local/mnt/mail/shared total 12 -rw-r--r-- 1 vmail vmail 96 Dec 11 12:38 dovecot.mailbox.log drwxr-xr-x 3 vmail vmail 4096 Dec 11 12:37 Foo-Bugs drwxr-xr-x 3 vmail vmail 4096 Dec 11 12:38 Foo-Patches The dovecot.mailbox.log file is empty: $ more /local/mnt/mail/shared/dovecot.mailbox.log The intermediate folder is empty: $ ls -l /local/mnt/mail/shared/Foo-Bugs/ total 4 drwxr-xr-x 5 vmail vmail 4096 Dec 11 12:36 Foo-Bugs-New The mailbox has some folders in it: $ ls -l /local/mnt/mail/shared/Foo-Bugs/Foo-Bugs-New/ total 12 drwxr-xr-x 2 vmail vmail 4096 Dec 11 12:36 cur drwxr-xr-x 2 vmail vmail 4096 Dec 11 12:36 new drwxr-xr-x 2 vmail vmail 4096 Dec 11 12:36 tmp They seem to be empty: $ ls -l /local/mnt/mail/shared/Foo-Bugs/Foo-Bugs-New/* /local/mnt/mail/shared/Foo-Bugs/Foo-Bugs-New/cur: The Sieve log insists the mailbox doesn't exist: $ more /local/mnt/home/Foo-bugs/.dovecot.sieve.log sieve: info: started log at Dec 11 15:35:20. error: msgid=: failed to store into mailbox '#Foo/Foo-Bugs/Foo-Bugs-New': Mailbox doesn't exist: #Foo/Foo-Bugs/Foo-Bugs-New. info: msgid=: stored mail into mailbox 'INBOX'. But if I telnet into the server, the mailbox shows up: a1 list "" * * LIST (\HasNoChildren \Junk) "/" Junk * LIST (\Noselect \HasChildren) "/" #Foo * LIST (\Noselect \HasChildren) "/" #Foo/Foo-Patches * LIST (\HasNoChildren) "/" #Foo/Foo-Patches/Foo-Patches-New * LIST (\Noselect \HasChildren) "/" #Foo/Foo-Bugs * LIST (\HasNoChildren) "/" #Foo/Foo-Bugs/Foo-Bugs-New * LIST (\HasNoChildren) "/" INBOX a1 OK List completed. And I can SELECT it: a2 select "#Foo/Foo-Bugs/Foo-Bugs-New" * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 1418343553] UIDs valid * OK [UIDNEXT 1] Predicted next UID * OK [NOMODSEQ] No permanent modsequences a2 OK [READ-WRITE] Select completed (0.006 secs). So why can't the Sieve script store into it? -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- I must have a prodigious quantity of mind; it takes me as much as a week sometimes to make it up. --Mark Twain, _The Innocents Abroad_ From petehodur at gmail.com Fri Dec 12 04:04:48 2014 From: petehodur at gmail.com (Peter Hodur) Date: Fri, 12 Dec 2014 05:04:48 +0100 Subject: LMTP BUG Message-ID: Hello, just setting up mail hub with Postfix & Dovecot I have found BUG in LMTP implementation. * assumptions - latest stable Postix & Dovecot, - Postfix delivers via Dovecot LMTP (virtual_transport = lmtp:127.0.0.1:24), - Dovecot userdb & passwd lookups are made via custom checkpassword interface, - each user (email account) has different UID/GID * description LMTP process must run as root to be able to deliver msgs to each user. It drops privileges temporarily when delivering and then restoring effective UID/GID to root (saved one). The problem is, when an attempt with more than ONE recipients is made. More than one recipient within single session. It seems, that Dovecot LMTP restores root privileges not between each recipient delivery attempt but after whole transaction. The only solution is throttle Postfix to send single message with multiple recipients as many small transactions - all with only ONE rcpt. lmtp_destination_recipient_limit=1 makes this magic. Otherwise you can find: Dec 12 03:30:36 vm dovecot: lmtp(3580, info at xxx.com): Fatal: setgid(48672 from userdb lookup) failed with euid=33001, gid=43570, egid=43570: Operation not permitted (This binary should probably be called with process group set to 4867 2 instead of 43570) Can someone confirm that this is an error/bug? Thanks Pete From absolutely_free at libero.it Fri Dec 12 08:39:49 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Fri, 12 Dec 2014 09:39:49 +0100 (CET) Subject: Duplicate messages Message-ID: <1140065194.671031418373589753.JavaMail.httpd@webmail-15.iol.local> Hi, I just moved mail spool to a different network storage. Now, several users are complaining about duplicate message that are fetched by their clients (Outlook, Microsoft Outlook). What is the reason? This is my conf: # dovecot -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.el6.x86_64 x86_64 CentOS release 6.6 (Final) auth_mechanisms = plain login digest-md5 cram-md5 disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 mail_gid = 89 mail_location = maildir:/coraid-s2l2/domains mail_uid = 89 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags notify mbox_write_locks = fcntl namespace { inbox = yes location = prefix = INBOX. separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = /etc/dovecot/dovecot-sql-crypt.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_max_script_size = 1M } protocols = imap pop3 lmtp sieve ssl_cert = References: <1140065194.671031418373589753.JavaMail.httpd@webmail-15.iol.local> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 12 Dec 2014, absolutely_free at libero.it wrote: > > Hi, > I just moved mail spool to a different network storage. > Now, several users are complaining about duplicate message that are fetched by their clients (Outlook, Microsoft Outlook). > What is the reason? How did you moved the message to the other network storage? > mail_location = maildir:/coraid-s2l2/domains - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVIqq2Xz1H7kL/d9rAQJqJgf/ZYLDY6IwdTcSUFXRdFlvyv37QW/R0fm0 Ki8izVuOHRNK2/YEubN2+TVouOD7X3COkYa8RCu8XSoWRiFKSl0PMHNsVqUIocA1 fEQOnY54nmdERsZ/+w8xLW5UZ2jKH12X3gqjMSFXUvMbvlhOCZFgvlckCx/DStC+ yjCM5yoOR711KXrhEzikr1lmxyR+kikh1N+MTLNkC3uQp0vFmWJR3HoXd3x+p+Dv y0PkOZmna+B8a1ElGDYA8SyGVvVl2VT+YzGt7IPhZPB5j/CrW2Kcwm2j9OW0IWnE rPuhY/5xqZoSUuGBGNXeA6bLy0gidnnZO7NpkMJgZcP6OnK612tMgw== =qlBd -----END PGP SIGNATURE----- From teemu.huovila at dovecot.fi Fri Dec 12 08:43:33 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Fri, 12 Dec 2014 10:43:33 +0200 Subject: Error: mremap_anon(###) failed: Cannot allocate memory In-Reply-To: References: <20141207194708.X197@shell.xecu.net> <54855C4C.3070904@dovecot.fi> Message-ID: <548AAAB5.205@dovecot.fi> On 12/11/2014 08:49 PM, Andy Dills wrote: > Thanks for your suggestion. I checked the output of doveconf, and by default it appears the vsz_limit is set to > 18446744073709551615B for each of the services, and 256M for default_vsz_limit. > > I checked a user in question, and their index.cache was indeed large, 123M. Seemingly needlessly so, as I deleted the dovecot > files and reindexed, and now it's 6K. > > Thanks, I'll keep an eye on the users this affects and try to get their index.cache in order. Glad to hear that it is working now. In case the error reappears, please bear in mind that the "18446744073709551615 B" displayed in the config (Im assuming "doveconf" without switches) is the "empty" value, which actually means the value is "not set" and the default_vsz_limit is used. http://wiki2.dovecot.org/Services#Service_limits br, Teemu Huovila From absolutely_free at libero.it Fri Dec 12 10:28:35 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Fri, 12 Dec 2014 11:28:35 +0100 (CET) Subject: R: Re: Duplicate messages Message-ID: <1334348200.734491418380115254.JavaMail.httpd@webmail-15.iol.local> Hi Steffen, with rsync Thank you >----Messaggio originale---- >Da: skdovecot at smail.inf.fh-brs.de >Data: 12/12/2014 9.44 >A: "absolutely_free at libero.it" >Cc: >Ogg: Re: Duplicate messages > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Fri, 12 Dec 2014, absolutely_free at libero.it wrote: >> >> Hi, >> I just moved mail spool to a different network storage. >> Now, several users are complaining about duplicate message that are fetched by their clients (Outlook, Microsoft Outlook). >> What is the reason? > >How did you moved the message to the other network storage? > >> mail_location = maildir:/coraid-s2l2/domains > >- -- >Steffen Kaiser >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.11 (GNU/Linux) > >iQEVAwUBVIqq2Xz1H7kL/d9rAQJqJgf/ZYLDY6IwdTcSUFXRdFlvyv37QW/R0fm0 >Ki8izVuOHRNK2/YEubN2+TVouOD7X3COkYa8RCu8XSoWRiFKSl0PMHNsVqUIocA1 >fEQOnY54nmdERsZ/+w8xLW5UZ2jKH12X3gqjMSFXUvMbvlhOCZFgvlckCx/DStC+ >yjCM5yoOR711KXrhEzikr1lmxyR+kikh1N+MTLNkC3uQp0vFmWJR3HoXd3x+p+Dv >y0PkOZmna+B8a1ElGDYA8SyGVvVl2VT+YzGt7IPhZPB5j/CrW2Kcwm2j9OW0IWnE >rPuhY/5xqZoSUuGBGNXeA6bLy0gidnnZO7NpkMJgZcP6OnK612tMgw== >=qlBd >-----END PGP SIGNATURE----- > From skdovecot at smail.inf.fh-brs.de Fri Dec 12 11:01:09 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 12 Dec 2014 12:01:09 +0100 (CET) Subject: R: Re: Duplicate messages In-Reply-To: <1334348200.734491418380115254.JavaMail.httpd@webmail-15.iol.local> References: <1334348200.734491418380115254.JavaMail.httpd@webmail-15.iol.local> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 12 Dec 2014, absolutely_free at libero.it wrote: > with rsync would you be more specific: which command line, how did you shut users out etc.pp. > >> ----Messaggio originale---- >> Da: skdovecot at smail.inf.fh-brs.de >> Data: 12/12/2014 9.44 >> A: "absolutely_free at libero.it" >> Cc: >> Ogg: Re: Duplicate messages >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Fri, 12 Dec 2014, absolutely_free at libero.it wrote: >>> >>> Hi, >>> I just moved mail spool to a different network storage. >>> Now, several users are complaining about duplicate message that are fetched > by their clients (Outlook, Microsoft Outlook). >>> What is the reason? >> >> How did you moved the message to the other network storage? >> >>> mail_location = maildir:/coraid-s2l2/domains >> >> - -- >> Steffen Kaiser >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.11 (GNU/Linux) >> >> iQEVAwUBVIqq2Xz1H7kL/d9rAQJqJgf/ZYLDY6IwdTcSUFXRdFlvyv37QW/R0fm0 >> Ki8izVuOHRNK2/YEubN2+TVouOD7X3COkYa8RCu8XSoWRiFKSl0PMHNsVqUIocA1 >> fEQOnY54nmdERsZ/+w8xLW5UZ2jKH12X3gqjMSFXUvMbvlhOCZFgvlckCx/DStC+ >> yjCM5yoOR711KXrhEzikr1lmxyR+kikh1N+MTLNkC3uQp0vFmWJR3HoXd3x+p+Dv >> y0PkOZmna+B8a1ElGDYA8SyGVvVl2VT+YzGt7IPhZPB5j/CrW2Kcwm2j9OW0IWnE >> rPuhY/5xqZoSUuGBGNXeA6bLy0gidnnZO7NpkMJgZcP6OnK612tMgw== >> =qlBd >> -----END PGP SIGNATURE----- >> > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVIrK9Xz1H7kL/d9rAQL6BQgAjKW48XJ21iPtZ+fTZgxEC00uA7cjvwZM EYV9wThONbvP6zCLsbjKPOCiWX4f9NwHobgkkTIBtGogF0obNvUY2tiIRWRzwGO0 31M/53iJ7ORNy9IZg3u5r1NPcklXhsjuy4cWyj13jN2FhY2xHJGqJWujtM5dCAe0 Qq3KDH0yvJQSMJIMF2Eb4M59xD6hvXMR7qSH3ShI8DxUa0JSg7hlSTKM4Ak54dPb GObJBiAqR9TUJ5lBFvoxmt2EyAnl4h0YURdwfuCyv+vYkP0GVat5p9hHRUPDc3cU k4MrgdcVDJI5+VMzKOhcovEZ3o2k5ChGXIdzHjvp79VB1VyZsvViyQ== =QeMJ -----END PGP SIGNATURE----- From bradley.kite at gmail.com Fri Dec 12 11:35:01 2014 From: bradley.kite at gmail.com (Bradley Kite) Date: Fri, 12 Dec 2014 11:35:01 +0000 Subject: PATCH - add username_format to the PAM auth module Message-ID: Hi there, Other auth modules (eg passwd-file) allow a username_format to be specified, but not the PAM module. The use-case, is where I want a static userdb configuration which takes the domain into account but still want to use PAM for authentication, eg: userdb { driver = static args = uid=8 gid=12 home=/mnt/storage/mail/vhosts/%d/%n } passdb { driver = pam args = username_format=%n allow_pam_transform=no dovecot } The global "auth_username_format" setting ends up changing the username, so looses the ability to have different mailboxes based on domain. There is also a new setting, allow_pam_transform which stops the username being changed after a successful authentication. Normally, if PAM changes the username, then dovecot must update its record of the username for further processing - but in this use case we must disable this function. -- Brad. -------------- next part -------------- --- dovecot-2.2.10/src/auth/passdb-pam.c.orig 2014-12-11 22:48:47.861478049 +0000 +++ dovecot-2.2.10/src/auth/passdb-pam.c 2014-12-12 11:25:23.304742138 +0000 @@ -41,12 +41,13 @@ struct pam_passdb_module { struct passdb_module module; - const char *service_name, *pam_cache_key; + const char *service_name, *pam_cache_key, *username_format; unsigned int requests_left; unsigned int pam_setcred:1; unsigned int pam_session:1; unsigned int failure_show_msg:1; + unsigned int pam_allow_transform:1; }; struct pam_conv_context { @@ -67,6 +68,13 @@ char *string; int i; + const struct var_expand_table *table; + string_t *username; + + username = t_str_new(256); + table = auth_request_get_var_expand_table(ctx->request, auth_request_str_escape); + var_expand(username, passdb->username_format, table); + *resp_r = NULL; resp = calloc(num_msg, sizeof(struct pam_response)); @@ -82,7 +90,7 @@ case PAM_PROMPT_ECHO_ON: /* Assume we're asking for user. We might not ever get here because PAM already knows the user. */ - string = strdup(ctx->request->user); + string = strdup(str_c(username)); if (string == NULL) i_fatal_status(FATAL_OUTOFMEM, "Out of memory"); break; @@ -108,12 +116,14 @@ } free(resp); + str_free(&username); return PAM_CONV_ERR; } resp[i].resp_retcode = PAM_SUCCESS; resp[i].resp = string; } + str_free(&username); *resp_r = resp; return PAM_SUCCESS; @@ -231,7 +241,10 @@ pam_strerror(pamh, status)); return status; } - auth_request_set_field(request, "user", item, NULL); + if (module->pam_allow_transform) + { + auth_request_set_field(request, "user", item, NULL); + } return PAM_SUCCESS; } @@ -257,6 +270,11 @@ struct pam_conv conv; enum passdb_result result; int status, status2; + const struct var_expand_table *table; + string_t *username; + + struct passdb_module *_module = request->passdb->passdb; + struct pam_passdb_module *module = (struct pam_passdb_module *)_module; conv.conv = pam_userpass_conv; conv.appdata_ptr = &ctx; @@ -265,10 +283,15 @@ ctx.request = request; ctx.pass = password; - status = pam_start(service, request->user, &conv, &pamh); + username = t_str_new(256); + table = auth_request_get_var_expand_table(request, auth_request_str_escape); + var_expand(username, module->username_format, table); + + status = pam_start(service, str_c(username), &conv, &pamh); if (status != PAM_SUCCESS) { auth_request_log_error(request, "pam", "pam_start() failed: %s", pam_strerror(pamh, status)); + str_free(&username); return PASSDB_RESULT_INTERNAL_FAILURE; } @@ -277,6 +300,7 @@ if ((status2 = pam_end(pamh, status)) != PAM_SUCCESS) { auth_request_log_error(request, "pam", "pam_end() failed: %s", pam_strerror(pamh, status2)); + str_free(&username); return PASSDB_RESULT_INTERNAL_FAILURE; } @@ -300,6 +324,7 @@ auth_request_set_field(request, "reason", ctx.failure_msg, NULL); } + str_free(&username); return result; } @@ -319,6 +344,7 @@ } expanded_service = t_str_new(64); + var_expand(expanded_service, module->service_name, auth_request_get_var_expand_table(request, NULL)); service = str_c(expanded_service); @@ -338,6 +364,8 @@ module = p_new(pool, struct pam_passdb_module, 1); module->service_name = "dovecot"; + module->username_format = "%u"; + module->pam_allow_transform = 1; /* we're caching the password by using directly the plaintext password given by the auth mechanism */ module->module.default_pass_scheme = "PLAIN"; @@ -370,6 +398,12 @@ } } else if (t_args[i+1] == NULL) { module->service_name = p_strdup(pool, t_args[i]); + } else if (strncmp(t_args[i], "username_format=", 16) == 0) { + module->username_format = t_args[i] + 16; + } else if (strcmp(t_args[i], "allow_pam_transform=no") == 0 || + strcmp(t_args[i], "-allow_pam_transform") == 0) + { + module->pam_allow_transform = 0; } else { i_fatal("pam: Unknown setting: %s", t_args[i]); } From absolutely_free at libero.it Fri Dec 12 12:14:34 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Fri, 12 Dec 2014 13:14:34 +0100 (CET) Subject: R: Re: R: Re: Duplicate messages Message-ID: <188454425.767241418386474621.JavaMail.defaultUser@defaultHost> Hi, I mounted both network storage on this server. After that, I used: # nice -n 19 rsync -av --progress /mnt/old/domains/* /var/spool/pop/domains/ >----Messaggio originale---- >Da: skdovecot at smail.inf.fh-brs.de >Data: 12/12/2014 12.01 >A: "absolutely_free at libero.it" >Cc: >Ogg: Re: R: Re: Duplicate messages > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Fri, 12 Dec 2014, absolutely_free at libero.it wrote: > >> with rsync > >would you be more specific: > >which command line, how did you shut users out etc.pp. > >> >>> ----Messaggio originale---- >>> Da: skdovecot at smail.inf.fh-brs.de >>> Data: 12/12/2014 9.44 >>> A: "absolutely_free at libero.it" >>> Cc: >>> Ogg: Re: Duplicate messages >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On Fri, 12 Dec 2014, absolutely_free at libero.it wrote: >>>> >>>> Hi, >>>> I just moved mail spool to a different network storage. >>>> Now, several users are complaining about duplicate message that are fetched >> by their clients (Outlook, Microsoft Outlook). >>>> What is the reason? >>> >>> How did you moved the message to the other network storage? >>> >>>> mail_location = maildir:/coraid-s2l2/domains >>> >>> - -- >>> Steffen Kaiser >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.11 (GNU/Linux) >>> >>> iQEVAwUBVIqq2Xz1H7kL/d9rAQJqJgf/ZYLDY6IwdTcSUFXRdFlvyv37QW/R0fm0 >>> Ki8izVuOHRNK2/YEubN2+TVouOD7X3COkYa8RCu8XSoWRiFKSl0PMHNsVqUIocA1 >>> fEQOnY54nmdERsZ/+w8xLW5UZ2jKH12X3gqjMSFXUvMbvlhOCZFgvlckCx/DStC+ >>> yjCM5yoOR711KXrhEzikr1lmxyR+kikh1N+MTLNkC3uQp0vFmWJR3HoXd3x+p+Dv >>> y0PkOZmna+B8a1ElGDYA8SyGVvVl2VT+YzGt7IPhZPB5j/CrW2Kcwm2j9OW0IWnE >>> rPuhY/5xqZoSUuGBGNXeA6bLy0gidnnZO7NpkMJgZcP6OnK612tMgw== >>> =qlBd >>> -----END PGP SIGNATURE----- >>> >> > >- -- >Steffen Kaiser >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.11 (GNU/Linux) > >iQEVAwUBVIrK9Xz1H7kL/d9rAQL6BQgAjKW48XJ21iPtZ+fTZgxEC00uA7cjvwZM >EYV9wThONbvP6zCLsbjKPOCiWX4f9NwHobgkkTIBtGogF0obNvUY2tiIRWRzwGO0 >31M/53iJ7ORNy9IZg3u5r1NPcklXhsjuy4cWyj13jN2FhY2xHJGqJWujtM5dCAe0 >Qq3KDH0yvJQSMJIMF2Eb4M59xD6hvXMR7qSH3ShI8DxUa0JSg7hlSTKM4Ak54dPb >GObJBiAqR9TUJ5lBFvoxmt2EyAnl4h0YURdwfuCyv+vYkP0GVat5p9hHRUPDc3cU >k4MrgdcVDJI5+VMzKOhcovEZ3o2k5ChGXIdzHjvp79VB1VyZsvViyQ== >=QeMJ >-----END PGP SIGNATURE----- > From absolutely_free at libero.it Fri Dec 12 12:27:54 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Fri, 12 Dec 2014 13:27:54 +0100 (CET) Subject: R: Re: R: Re: Duplicate messages Message-ID: <840085394.771771418387274539.JavaMail.defaultUser@defaultHost> Sorry, I haven't shut users. I simply copied data between two folders >----Messaggio originale---- >Da: absolutely_free at libero.it >Data: 12/12/2014 13.14 >A: >Ogg: R: Re: R: Re: Duplicate messages > >Hi, > >I mounted both network storage on this server. >After that, I used: > ># nice -n 19 rsync -av --progress /mnt/old/domains/* /var/spool/pop/domains/ > > >>----Messaggio originale---- >>Da: skdovecot at smail.inf.fh-brs.de >>Data: 12/12/2014 12.01 >>A: "absolutely_free at libero.it" >>Cc: >>Ogg: Re: R: Re: Duplicate messages >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>On Fri, 12 Dec 2014, absolutely_free at libero.it wrote: >> >>> with rsync >> >>would you be more specific: >> >>which command line, how did you shut users out etc.pp. >> >>> >>>> ----Messaggio originale---- >>>> Da: skdovecot at smail.inf.fh-brs.de >>>> Data: 12/12/2014 9.44 >>>> A: "absolutely_free at libero.it" >>>> Cc: >>>> Ogg: Re: Duplicate messages >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> On Fri, 12 Dec 2014, absolutely_free at libero.it wrote: >>>>> >>>>> Hi, >>>>> I just moved mail spool to a different network storage. >>>>> Now, several users are complaining about duplicate message that are >fetched >>> by their clients (Outlook, Microsoft Outlook). >>>>> What is the reason? >>>> >>>> How did you moved the message to the other network storage? >>>> >>>>> mail_location = maildir:/coraid-s2l2/domains >>>> >>>> - -- >>>> Steffen Kaiser >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1.4.11 (GNU/Linux) >>>> >>>> iQEVAwUBVIqq2Xz1H7kL/d9rAQJqJgf/ZYLDY6IwdTcSUFXRdFlvyv37QW/R0fm0 >>>> Ki8izVuOHRNK2/YEubN2+TVouOD7X3COkYa8RCu8XSoWRiFKSl0PMHNsVqUIocA1 >>>> fEQOnY54nmdERsZ/+w8xLW5UZ2jKH12X3gqjMSFXUvMbvlhOCZFgvlckCx/DStC+ >>>> yjCM5yoOR711KXrhEzikr1lmxyR+kikh1N+MTLNkC3uQp0vFmWJR3HoXd3x+p+Dv >>>> y0PkOZmna+B8a1ElGDYA8SyGVvVl2VT+YzGt7IPhZPB5j/CrW2Kcwm2j9OW0IWnE >>>> rPuhY/5xqZoSUuGBGNXeA6bLy0gidnnZO7NpkMJgZcP6OnK612tMgw== >>>> =qlBd >>>> -----END PGP SIGNATURE----- >>>> >>> >> >>- -- >>Steffen Kaiser >>-----BEGIN PGP SIGNATURE----- >>Version: GnuPG v1.4.11 (GNU/Linux) >> >>iQEVAwUBVIrK9Xz1H7kL/d9rAQL6BQgAjKW48XJ21iPtZ+fTZgxEC00uA7cjvwZM >>EYV9wThONbvP6zCLsbjKPOCiWX4f9NwHobgkkTIBtGogF0obNvUY2tiIRWRzwGO0 >>31M/53iJ7ORNy9IZg3u5r1NPcklXhsjuy4cWyj13jN2FhY2xHJGqJWujtM5dCAe0 >>Qq3KDH0yvJQSMJIMF2Eb4M59xD6hvXMR7qSH3ShI8DxUa0JSg7hlSTKM4Ak54dPb >>GObJBiAqR9TUJ5lBFvoxmt2EyAnl4h0YURdwfuCyv+vYkP0GVat5p9hHRUPDc3cU >>k4MrgdcVDJI5+VMzKOhcovEZ3o2k5ChGXIdzHjvp79VB1VyZsvViyQ== >>=QeMJ >>-----END PGP SIGNATURE----- >> > From Ovidiu.Moldovan at cybercom.com Fri Dec 12 12:59:02 2014 From: Ovidiu.Moldovan at cybercom.com (Ovidiu Moldovan) Date: Fri, 12 Dec 2014 12:59:02 +0000 Subject: Dsync issues between Cyrus and Dovecot Message-ID: Hello, I have some issues related with dsync when trying to perform two way synchronization between Cyrus and Dovecot. 1st time synchronization always works and email, folders, flags can be synced between these but once for example in dovecot side the user creates a folder, dsync fails with the following errors: Debug: brain M: Other brain should change mailbox INBOX/dove GUID c77e7711be9a6c77fc845ea745963ddb -> df0d180f71e38a544f9e00008aa015be Debug: brain M: out state=master_send_mailbox changed=1 Debug: brain S: in state=recv_mailbox_tree_deletes Error: Can't create mailbox INBOX/dove: Mailbox already exists INBOX/dove folder was created in Dovecot side and does not exist in Cyrus side. I have tried full sync or backup but without any luck. If I delete the folder from Dovecot side the sync works fine again. I can post more info on the configuration if needed. Thank you, Ova From rs at sys4.de Fri Dec 12 13:17:49 2014 From: rs at sys4.de (Robert Schetterer) Date: Fri, 12 Dec 2014 14:17:49 +0100 Subject: Dsync issues between Cyrus and Dovecot In-Reply-To: References: Message-ID: <548AEAFD.9000907@sys4.de> Am 12.12.2014 um 13:59 schrieb Ovidiu Moldovan: > Hello, > > I have some issues related with dsync when trying to perform two way synchronization between Cyrus and Dovecot. > > 1st time synchronization always works and email, folders, flags can be synced between these but once for example in dovecot side the user creates a folder, dsync fails with the following errors: > > Debug: brain M: Other brain should change mailbox INBOX/dove GUID c77e7711be9a6c77fc845ea745963ddb -> df0d180f71e38a544f9e00008aa015be > Debug: brain M: out state=master_send_mailbox changed=1 > Debug: brain S: in state=recv_mailbox_tree_deletes > Error: Can't create mailbox INBOX/dove: Mailbox already exists > > INBOX/dove folder was created in Dovecot side and does not exist in Cyrus side. I have tried full sync or backup but without any luck. > > If I delete the folder from Dovecot side the sync works fine again. > > I can post more info on the configuration if needed. > > Thank you, > Ova > dsync between cyrus and dovecot is not guaranteed to work, if in trouble use imapsync Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From dave at icdsoft.com Fri Dec 12 13:45:47 2014 From: dave at icdsoft.com (David Davidov) Date: Fri, 12 Dec 2014 15:45:47 +0200 Subject: [Dovecot] Doveadm sometimes failed "to iterate through some users" after upgrade to 2.2 Message-ID: <548AF18B.4060603@icdsoft.com> > Yes, after an upgrade works fine. Hello, Unfortunately this issue hits again. I installed the latest stable version 2.2.15 and got the following error # doveadm expunge -u "^o^@dave.s484.qa-team.net" mailbox 'INBOX.Junk Mail' SAVEDBEFORE 7d doveadm(^o^@dave.s484.qa-team.net): Error: userdb lookup(^o^@dave.s484.qa-team.net): Disconnected unexpectedly doveadm(^o^@dave.s484.qa-team.net): Fatal: User lookup failed: Internal error occurred. Refer to server log for more information. # echo $? 75 Our production servers run 2.2.13, where the situation is the same. regards, David Davidov System administrator @ icdsoft.com -- David Davidov | System Administrator | ICDSoft Ltd. From rs at sys4.de Fri Dec 12 13:56:42 2014 From: rs at sys4.de (Robert Schetterer) Date: Fri, 12 Dec 2014 14:56:42 +0100 Subject: [Dovecot] Doveadm sometimes failed "to iterate through some users" after upgrade to 2.2 In-Reply-To: <548AF18B.4060603@icdsoft.com> References: <548AF18B.4060603@icdsoft.com> Message-ID: <548AF41A.6080204@sys4.de> Am 12.12.2014 um 14:45 schrieb David Davidov: >> Yes, after an upgrade works fine. > > Hello, > > Unfortunately this issue hits again. I installed the latest stable > version 2.2.15 and got the following error > > # doveadm expunge -u "^o^@dave.s484.qa-team.net" mailbox 'INBOX.Junk > Mail' SAVEDBEFORE 7d > doveadm(^o^@dave.s484.qa-team.net): Error: userdb > lookup(^o^@dave.s484.qa-team.net): Disconnected unexpectedly > doveadm(^o^@dave.s484.qa-team.net): Fatal: User lookup failed: Internal > error occurred. Refer to server log for more information. > > # echo $? > 75 > > Our production servers run 2.2.13, where the situation is the same. > > regards, > David Davidov > System administrator @ icdsoft.com > see Refer to server log for more information. char like ^ may invoke trouble Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From bruell at simiatech.com Fri Dec 12 14:25:48 2014 From: bruell at simiatech.com (=?UTF-8?B?UGhpbGlwcCBCcsO8bGw=?=) Date: Fri, 12 Dec 2014 15:25:48 +0100 Subject: stacking istreams and ostreams In-Reply-To: <54897D06.2070607@simiatech.com> References: <54897D06.2070607@simiatech.com> Message-ID: <548AFAEC.6070403@simiatech.com> Well, I've found the bug. I've got confused with the stream-stacking function pointers. The encryption istream was stacked on top of the parent and the ostream below the parent. That caused this very confusing bug. Best, Philipp Am 11.12.2014 um 12:16 schrieb Philipp Br?ll: > Hello, > > I'm developing an encryption plugin for dovecot and ran into a problem > with the stacking of i/o-streams. > > The encryption i/o-streams are working fine on any kind of mail the test > suite is passing through them. But as soon as the zlib plugin is enabled > the logs show an cache error: > > failed: Cached message size larger than expected (214 > 206, box=INBOX, > UID=1) > > I've already double-checked the return values of ostream's sendv and > istream's read function. They seem correct (and equal). > > If the order of the streams are changed (by changing the number in the > lib-filename libxx_scrambler.so); meaning that the encryption is done > before the compression (which isn't efficient) both streams are working > correct without any errors. > > Is there some way the zlib plugin changes the cached message size? Is > there some behaviour of the zlib plugin that I'm missing? Any help would > be very welcome. > > Best regards, > Philipp > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From bruell at simiatech.com Fri Dec 12 16:40:10 2014 From: bruell at simiatech.com (=?UTF-8?B?UGhpbGlwcCBCcsO8bGw=?=) Date: Fri, 12 Dec 2014 17:40:10 +0100 Subject: stacking istreams and ostreams In-Reply-To: <548AFAEC.6070403@simiatech.com> References: <54897D06.2070607@simiatech.com> <548AFAEC.6070403@simiatech.com> Message-ID: <548B1A6A.2050505@simiatech.com> Here is my ugly solution for this: static int plugin_mail_save_begin( struct mail_save_context *context, struct istream *input ) { ... if (mbox->super.save_begin(context, input) < 0) return -1; output = scrambler_ostream_create( context->data.output->real_stream->parent, suser->public_key); o_stream_unref(&context->data.output->real_stream->parent); context->data.output->real_stream->parent = output; return 0; } The solution is ugly, because it's only working if there is another ostream (in my case the zlib ostream). It would be better to add the scrambler ostream to the other side of the ostream chain, instead of messing with the ostream's parent. I've tried to re-order the plugin itself - which brings the ostreams in order - but than the istream order is messed up. What would be the right solution here? Maybe someone with deeper insights into dovecot's architecture can help. Kind regards, Philipp Am 12.12.2014 um 15:25 schrieb Philipp Br?ll: > Well, I've found the bug. I've got confused with the stream-stacking > function pointers. The encryption istream was stacked on top of the > parent and the ostream below the parent. That caused this very confusing > bug. > > Best, > Philipp > > Am 11.12.2014 um 12:16 schrieb Philipp Br?ll: >> Hello, >> >> I'm developing an encryption plugin for dovecot and ran into a problem >> with the stacking of i/o-streams. >> >> The encryption i/o-streams are working fine on any kind of mail the test >> suite is passing through them. But as soon as the zlib plugin is enabled >> the logs show an cache error: >> >> failed: Cached message size larger than expected (214 > 206, box=INBOX, >> UID=1) >> >> I've already double-checked the return values of ostream's sendv and >> istream's read function. They seem correct (and equal). >> >> If the order of the streams are changed (by changing the number in the >> lib-filename libxx_scrambler.so); meaning that the encryption is done >> before the compression (which isn't efficient) both streams are working >> correct without any errors. >> >> Is there some way the zlib plugin changes the cached message size? Is >> there some behaviour of the zlib plugin that I'm missing? Any help would >> be very welcome. >> >> Best regards, >> Philipp >> > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From dovecot at randy.pensive.org Fri Dec 12 18:38:00 2014 From: dovecot at randy.pensive.org (Randall Gellens) Date: Fri, 12 Dec 2014 10:38:00 -0800 Subject: Migrate with Dsync In-Reply-To: <1418318076.5546.2.camel@dominikbreu.de> References: <1418318076.5546.2.camel@dominikbreu.de> Message-ID: At 6:14 PM +0100 12/11/14, Dominik Breu wrote: > i have a simple and maybe stupid question but, > read the guide on http://wiki2.dovecot.org/Migration/Dsync now i wonder > where to put this configuration ? May i oversee something but i would > appreciate any hint toward solving my problem. Hi Dominik, I'm not sure, but my guess is that it goes into a new file in '/etc/dovecot/conf.d/', perhaps with a name such as '90-dsync.conf'. I believe that it is also possible to not write this into a file but instead pass each option on the command line using '-o'. I am trying to figure this out because I want to migrate lots of mail from an old IMAP server to dovecot, and I'd like to preserve the mailbox GUIDs and the message UIDs. -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- Arithmetic is being able to count up to twenty without taking off your shoes. From orion at cora.nwra.com Fri Dec 12 21:40:32 2014 From: orion at cora.nwra.com (Orion Poplawski) Date: Fri, 12 Dec 2014 14:40:32 -0700 Subject: Is the mdbox format backwards compatible? Message-ID: <548B60D0.6070501@cora.nwra.com> I'm contemplating using dsync with dovecot-2.2.10 (el7) and then transferring the resulting mdbox files to a dovecot-2.0.9 (el6) server. Is the mdbox format backwards compatible between the two versions? Thanks, Orion -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion at nwra.com Boulder, CO 80301 http://www.nwra.com From anon_user at openmailbox.org Fri Dec 12 22:19:01 2014 From: anon_user at openmailbox.org (anon_user at openmailbox.org) Date: Fri, 12 Dec 2014 23:19:01 +0100 Subject: Convert sdbox to mdbox Message-ID: Hello, I have few hundreds mailboxes in my installation using the lastest version of dovecot. I have performances issues due to the storage don't support the high flow of I/O. I'm wondering if they are any chance to convert without downtime my sdboxes mailboxes to mdbox. Thanks in advance. From ghostlovescorebg at gmail.com Sat Dec 13 09:25:35 2014 From: ghostlovescorebg at gmail.com (=?UTF-8?B?TWlsb8WhIER1a2nEhw==?=) Date: Sat, 13 Dec 2014 10:25:35 +0100 Subject: Duplicate messages In-Reply-To: <1140065194.671031418373589753.JavaMail.httpd@webmail-15.iol.local> References: <1140065194.671031418373589753.JavaMail.httpd@webmail-15.iol.local> Message-ID: <548C060F.5020404@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 12/12/14 09:39, absolutely_free at libero.it wrote: > Hi, I just moved mail spool to a different network storage. Now, > several users are complaining about duplicate message that are > fetched by their clients (Outlook, Microsoft Outlook). What is the > reason? > > This is my conf: > > # dovecot -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux > 2.6.32-71.el6.x86_64 x86_64 CentOS release 6.6 (Final) > auth_mechanisms = plain login digest-md5 cram-md5 > disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = > 89 mail_gid = 89 mail_location = maildir:/coraid-s2l2/domains > mail_uid = 89 managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date imapflags notify mbox_write_locks = fcntl > namespace { inbox = yes location = prefix = INBOX. separator = . > type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql } passdb { args = > /etc/dovecot/dovecot-sql-crypt.conf.ext driver = sql } plugin { > sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = > +notify +imapflags sieve_max_script_size = 1M } protocols = imap > pop3 lmtp sieve ssl_cert = ssl_key = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { > mail_plugins = } protocol lda { mail_plugins = } > Hello, Please check if those users have X-UIDL header in their emails. If do, remove header. That should solve the problem. Regards, Milo? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJUjAYJAAoJEBkMFHhDgrs5LgAH/2uTkvRPLr0LEme+srIk72cw F5yYiH17K7vaPERTPrmKWZGtpezylWK/7YevjCE44+60L8JZqmIVQ99JRZcvMfSh KP5qu7A41EVXSsAiB75NfTcUEMAYYRSZHpu2rl9lFnGA+5zH9DCqSQrzyatF/DAl pdmLHVDH4Cj9rNAVdEl5u1e3rC0VCV3xXGgIBkIR9wdIhtrzW7Bdt2Ove08ct93t Uqj7mhtTxxBoUU2fDzkLZRdCSQpf8HiaKcgWQPNIcRGM0i+hbw42Sgwyl0XFiXfx f9YxPcT8OahF1+lCnVvQXhR2TiLTbBn+nFN7yWkrNkPlqs8lfIh1t9JOzldrO48= =YCbh -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Sat Dec 13 16:51:02 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen) Date: Sat, 13 Dec 2014 17:51:02 +0100 Subject: R: Re: R: Re: Duplicate messages In-Reply-To: <840085394.771771418387274539.JavaMail.defaultUser@defaultHost> References: <840085394.771771418387274539.JavaMail.defaultUser@defaultHost> Message-ID: <548C6E76.6090205@smail.inf.fh-brs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 absolutely_free at libero.it wrote: > I simply copied data between two folders >> >> I mounted both network storage on this server. After that, I >> used: >> >> # nice -n 19 rsync -av --progress /mnt/old/domains/* >> /var/spool/pop/domains/ if an user was connected to the Maildir the same time you've duplicated the Maildir, there were changes of the flags, messages moved from .../new to .../cur or from one mailbox to another. So you have some possibilities, where the duplicate messages com from. If these reasons are the ones in your case, nobody knows. > On Fri, 12 Dec 2014, absolutely_free at libero.it wrote: > >>>>>> On Fri, 12 Dec 2014, absolutely_free at libero.it wrote: >>>>>>> I just moved mail spool to a different network >>>>>>> storage. Now, several users are complaining about >>>>>>> duplicate message that are >>> fetched >>>>> by their clients (Outlook, Microsoft Outlook). >>>>>>> What is the reason? >>>>>> >>>>>> How did you moved the message to the other network >>>>>> storage? >>>>>> >>>>>>> mail_location = maildir:/coraid-s2l2/domains - -- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBVIxudnD1/YhP6VMHAQIOxggA39/H4NjYPYV6n5S2rLy8TcuQ5QmKb1on AJz3Hl/0MY8mi5Xzsgf6lSaV08HckwxMbhXkM7qi8/QWAsmhVNf3m0+YfJEPYyMt f0ndjqvhVApbDrseN1Cpg/MAHYiz+4wTJ4OsO1SuLOahG5+f7QhRPVf+6wxscgL+ rXd4OaDV2oHj8fxWeOu5k9M0fOTdbP/GDRsvZvA4I+2Qy5dHgE7YmFfTvtA071f5 H2W9dbitCGPhzfF2PbogaI3Py5CCVK2b1e7CdGiJKzGkAoQK5ypiEiYb1L35m4QA xj3ZU1ckilx6XBwRQxvPkcH+pQvOjbhDs7A0M6a0k0HkU8v4Yz5WKg== =Mf1M -----END PGP SIGNATURE----- From dovecot at randy.pensive.org Sat Dec 13 20:01:49 2014 From: dovecot at randy.pensive.org (Randall Gellens) Date: Sat, 13 Dec 2014 12:01:49 -0800 Subject: Migrate with Dsync In-Reply-To: References: <1418318076.5546.2.camel@dominikbreu.de> Message-ID: I tried putting a config file into /etc/dovecot/conf.d/90-dsync.conf, figuring that dovecot.conf would pick it up with the '!include conf.d/*.conf' line, but it didn't get picked up. I have no idea why. What is the difference between the two web pages: http://wiki2.dovecot.org/Migration/Dsync which says to run dysnc via doveadm, e.g., 'doveadm -o mail_fsync=never sync -1 -R -u user at domain imapc:', and http://linux.die.net/man/1/dsync, which says to run 'dynch'? The latter shows a dsync option '-F' to disable fast syncing, for example. Also, is there an option to run dsync in test mode, e.g., to have it show what it thinks needs to be done, without actually doing it? I'm a bit afraid of just running it, since I am not sure that the '-R' option means that the mail gets moved from the remote IMAP server to the dovecot server. Finally, is there a way to have dsync prompt for a user password? I need to do per-user migration (no master account on the remote system) and prefer not to type plain text passwords on command lines nor in config files. Thanks! At 10:38 AM -0800 12/12/14, Randall Gellens wrote: > At 6:14 PM +0100 12/11/14, Dominik Breu wrote: > >> i have a simple and maybe stupid question but, >> read the guide on http://wiki2.dovecot.org/Migration/Dsync now i wonder >> where to put this configuration ? May i oversee something but i would >> appreciate any hint toward solving my problem. > > Hi Dominik, > > I'm not sure, but my guess is that it goes into a new file in > '/etc/dovecot/conf.d/', perhaps with a name such as > '90-dsync.conf'. I believe that it is also possible to not write > this into a file but instead pass each option on the command line > using '-o'. > > I am trying to figure this out because I want to migrate lots of > mail from an old IMAP server to dovecot, and I'd like to preserve > the mailbox GUIDs and the message UIDs. > > -- > Randall Gellens > Opinions are personal; facts are suspect; I speak for myself only > -------------- Randomly selected tag: --------------- > Arithmetic is being able to count up to twenty without taking > off your shoes. -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- Hippogriff: An animal (now extinct) which was half horse and half griffin. The griffin was itself a compound creature, half lion and half eagle. The hippogriff was actually, therefore, only one quarter eagle, which is two dollars and fifty cents in gold. The study of zoology is full of surprises. From hanns at hannsmattes.de Sat Dec 13 21:13:43 2014 From: hanns at hannsmattes.de (Hanns Mattes) Date: Sat, 13 Dec 2014 22:13:43 +0100 Subject: Replication and Sieve In-Reply-To: <5488A984.9010407@hannsmattes.de> (Hanns Mattes's message of "Wed, 10 Dec 2014 21:13:56 +0100") References: <5488A984.9010407@hannsmattes.de> Message-ID: <87sigj2qyg.fsf@hannsmattes.de> Hi, Hanns Mattes schrieb: [replication not updating sieve rules] I didn't get any further but at least I saw an error message. After I deleted one user's home-directory on one of the two machines, maillog was showing (on both machines with a short delay): ,----[ /var/log/mail ] | dsync-server(someuser at example.com): Panic: file dsync-brain-mailbox.c: | line 331 (dsync_brain_sync_mailbox_deinit): assertion failed: | (brain->failed || brain->sync_type == DSYNC_BRAIN_SYNC_TYPE_CHANGED) Dec | 13 21:54:27 mail dovecot: dsync-server(someuser at example.com): Error: Raw | backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x75c0a) [0x7f51d82f1c0a] | -> /usr/lib64/dovecot/libdovecot.so.0(+0x75c76) [0x7f51d82f1c76] -> | /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f51d82a3361] -> | dovecot/doveadm-server [94.79.154.202 someuser at example.com | slave_recv_mailbox](+0x203ba) [0x7f51d8ac63ba] -> dovecot/doveadm-server | [94.79.154.202 someuser at example.com | slave_recv_mailbox](dsync_brain_slave_recv_mailbox+0x20c) | [0x7f51d8ac6ecc] -> dovecot/doveadm-server [94.79.154.202 | someuser at example.com slave_recv_mailbox](dsync_brain_run+0x312) | [0x7f51d8ac4a82] -> dovecot/doveadm-server [94.79.154.202 | someuser at example.com slave_recv_mailbox](+0x1f081) [0x7f51d8ac5081] -> | dovecot/doveadm-server [94.79.154.202 someuser at example.com | slave_recv_mailbox](+0x3196f) [0x7f51d8ad796f] -> | /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x5b) | [0x7f51d83040ab] -> | /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xaf) | [0x7f51d830514f] -> | /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) | [0x7f51d8304139] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) | [0x7f51d83041b8] -> dovecot/doveadm-server [94.79.154.202 | someuser at example.com slave_recv_mailbox](+0x104a7) [0x7f51d8ab64a7] -> | dovecot/doveadm-server [94.79.154.202 someuser at example.com | slave_recv_mailbox](+0x12f5f) [0x7f51d8ab8f5f] -> dovecot/doveadm-server | [94.79.154.202 someuser at example.com slave_recv_mailbox](+0x1d45c) | [0x7f51d8ac345c] -> | /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x5b) | [0x7f51d83040ab] -> | /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xaf) | [0x7f51d830514f] -> | /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) | [0x7f51d8304139] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) | [0x7f51d83041b8] -> | /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) | [0x7f51d82a86e3] -> dovecot/doveadm-server [94.79.154.202 | someuser at example.com slave_recv_mailbox](main+0x13e) [ Dec 13 21:54:27 | mail dovecot: dsync-server(someuser at example.com): Fatal: master: | service(doveadm): child 21645 killed with signal 6 (core dumps disabled) `---- Nevertheless the replication went fine and both machines are working as usual. Anything to worry? Regards Hanns From stephan at rename-it.nl Sat Dec 13 21:26:25 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Sat, 13 Dec 2014 22:26:25 +0100 Subject: Replication sieve scripts. In-Reply-To: <547F96CB.2080504@networkers.pl> References: <547F96CB.2080504@networkers.pl> Message-ID: <548CAF01.3040101@rename-it.nl> On 12/4/2014 12:03 AM, Jan Wide? wrote: > Hi, > according to changelog 2.2.rc3, dsync should replicate sieve scripts. Do > I need turn on or switch some option(s), for this to work? Replication > of mailboxes works great, only sieve scripts not. > What version of Pigeonhole is this? It doesn't look like the latest, since it doesn't include the version in the doveconf banner. Regards, Stephan. From bertrand.caplet at chunkz.net Sat Dec 13 21:32:42 2014 From: bertrand.caplet at chunkz.net (Bertrand Caplet) Date: Sat, 13 Dec 2014 22:32:42 +0100 Subject: Replication sieve scripts. In-Reply-To: <548CAF01.3040101@rename-it.nl> References: <547F96CB.2080504@networkers.pl> <548CAF01.3040101@rename-it.nl> Message-ID: <548CB07A.6080709@chunkz.net> > > What version of Pigeonhole is this? It doesn't look like the latest, > since it doesn't include the version in the doveconf banner. > > Regards, > > Stephan. Yes, I think it could be that. I have dovecot with replication and without any configuration unless doveadm replication, it's working perfectly for sieve rules. Regards, -- CHUNKZ.NET - script kiddie and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From hanns at hannsmattes.de Sat Dec 13 21:55:26 2014 From: hanns at hannsmattes.de (Hanns Mattes) Date: Sat, 13 Dec 2014 22:55:26 +0100 Subject: Replication sieve scripts. In-Reply-To: <548CAF01.3040101@rename-it.nl> References: <547F96CB.2080504@networkers.pl> <548CAF01.3040101@rename-it.nl> Message-ID: <548CB5CE.8060305@hannsmattes.de> Hi, Am 13.12.2014 um 22:26 schrieb Stephan Bosch: > On 12/4/2014 12:03 AM, Jan Wide? wrote: >> Hi, >> according to changelog 2.2.rc3, dsync should replicate sieve scripts. Do >> I need turn on or switch some option(s), for this to work? Replication >> of mailboxes works great, only sieve scripts not. >> > > What version of Pigeonhole is this? It doesn't look like the latest, > since it doesn't include the version in the doveconf banner. (Sorry for opening a second thread - I didn't notice Jan's original post to the same topic) I'm using the RPMs provided by https://build.opensuse.org/package/show/server:mail/dovecot22 Not being an RPM-expert, they seem to use an older pigeonhole-version. Regards Hanns From bertrand.caplet at chunkz.net Sat Dec 13 22:01:23 2014 From: bertrand.caplet at chunkz.net (Bertrand Caplet) Date: Sat, 13 Dec 2014 23:01:23 +0100 Subject: Replication sieve scripts. In-Reply-To: <548CB5CE.8060305@hannsmattes.de> References: <547F96CB.2080504@networkers.pl> <548CAF01.3040101@rename-it.nl> <548CB5CE.8060305@hannsmattes.de> Message-ID: <548CB733.7000800@chunkz.net> > (Sorry for opening a second thread - I didn't notice Jan's original post > to the same topic) > Well that's not exactly the same problem so don't worry > Not being an RPM-expert, they seem to use an older pigeonhole-version. Maybe you could at least test to build it from source the last stable version ? Regards, -- CHUNKZ.NET - script kiddie and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From jan.widel at networkers.pl Sun Dec 14 00:23:56 2014 From: jan.widel at networkers.pl (=?UTF-8?B?SmFuIFdpZGXFgg==?=) Date: Sun, 14 Dec 2014 01:23:56 +0100 Subject: Replication sieve scripts. In-Reply-To: <548CAF01.3040101@rename-it.nl> References: <547F96CB.2080504@networkers.pl> <548CAF01.3040101@rename-it.nl> Message-ID: <548CD89C.6010906@networkers.pl> On 12/13/2014 10:26 PM, Stephan Bosch wrote: > On 12/4/2014 12:03 AM, Jan Wide? wrote: >> Hi, >> according to changelog 2.2.rc3, dsync should replicate sieve scripts. Do >> I need turn on or switch some option(s), for this to work? Replication >> of mailboxes works great, only sieve scripts not. >> > > What version of Pigeonhole is this? It doesn't look like the latest, > since it doesn't include the version in the doveconf banner. Truly, I don't remember. I was thinking about sync this files by software like https://www.csync.org/, but after while (and some updates) replication sieve starts working... magically. It bugs me why, but I have no idea. Debs are from: deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.2 main My current config is: # 2.2.15 (6dd190bd6dcb): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 # OS: Linux 3.2.0-4-grsec-amd64 x86_64 Debian 7.7 ext4 doveadm_password = xxxxx doveadm_port = 10900 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environ ment mailbox date index ihave duplicate vnd.dovecot.duplicate plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size mail_replica = tcps:mail2.xxxxxx:10900 sieve = file:~/sieve;active=~/dovecot.sieve sieve_dir = ~/sieve sieve_duplicate_period = 6h sieve_extensions = +vnd.dovecot.duplicate sieve_global_dir = /etc/dovecot/sieve/global/ sieve_global_path = /etc/dovecot/sieve/default.sieve } replication_max_conns = 5 service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service managesieve { process_limit = 1024 } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { group = vmail mode = 0660 user = dovecot } } ssl_cert = When I login through imap, I can see everything in ~/mail/ just fine. I cannot save to any of them. If I have an autocreate-autosubscribe folder (ZZZ here), it shows up as empty (correct). Then if I save something to it through imap, a file ~/mail/ZZZ appears, but nothing actually gets saved to it. David Griffith dave at 661.org ===begin quote=== # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.7 auth_mechanisms = plain login auth_verbose = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_privileged_group = mail passdb { driver = pam args = login } userdb { driver = passwd } protocols = imap service auth { executable = /usr/lib/dovecot/auth unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = mail mode = 0600 user = mail } } disable_plaintext_auth = yes ssl_cert = References: Message-ID: W dniu 2014-12-14 12:31, Dave G. napisa?(a): > When I login through imap, I can see everything in ~/mail/ just fine. > I cannot save to any of them. If I have an autocreate-autosubscribe > folder (ZZZ here), it shows up as empty (correct). Then if I save > something to it through imap, a file ~/mail/ZZZ appears, but nothing > actually gets saved to it. Turn debug on, and watch log file when you copy. mail_debug=yes (...) -- Jan Wide? Senior System Administrator e-mail: jan.widel at networkers.pl mobile: +48 797 004 946 www: http://www.networkers.pl GPG: http://networkers.pl/GPG/2E7359CD.asc From hanns at hannsmattes.de Sun Dec 14 17:14:59 2014 From: hanns at hannsmattes.de (Hanns Mattes) Date: Sun, 14 Dec 2014 18:14:59 +0100 Subject: Replication sieve scripts. In-Reply-To: <548CB733.7000800@chunkz.net> (Bertrand Caplet's message of "Sat, 13 Dec 2014 23:01:23 +0100") References: <547F96CB.2080504@networkers.pl> <548CAF01.3040101@rename-it.nl> <548CB5CE.8060305@hannsmattes.de> <548CB733.7000800@chunkz.net> Message-ID: <87a92q6tm4.fsf@hannsmattes.de> Hi, Bertrand Caplet schrieb: [...] > >Maybe you could at least test to build it from source the last stable >version ? I'll give it a try. I'm using the RPMs provided by https://build.opensuse.org/package/show/server:mail/dovecot22 and they are shipping dovecot with pigeonhole 0.4.3. I'm trying to build with 0.4.6 in Opensuse build service with no luck so far which is definitely caused by my complete lack of knowledge with building RPMs, modifying *.spec-files and the OBS. But this doesn't belong to this list (though I appreciate any hints and help). Regards Hanns From rs at sys4.de Sun Dec 14 18:15:06 2014 From: rs at sys4.de (Robert Schetterer) Date: Sun, 14 Dec 2014 19:15:06 +0100 Subject: Replication sieve scripts. In-Reply-To: <87a92q6tm4.fsf@hannsmattes.de> References: <547F96CB.2080504@networkers.pl> <548CAF01.3040101@rename-it.nl> <548CB5CE.8060305@hannsmattes.de> <548CB733.7000800@chunkz.net> <87a92q6tm4.fsf@hannsmattes.de> Message-ID: <548DD3AA.8030703@sys4.de> Am 14.12.2014 um 18:14 schrieb Hanns Mattes: > Hi, > > Bertrand Caplet schrieb: > > [...] >> >> Maybe you could at least test to build it from source the last stable >> version ? > > I'll give it a try. > > I'm using the RPMs provided by > https://build.opensuse.org/package/show/server:mail/dovecot22 and they > are shipping dovecot with pigeonhole 0.4.3. > > I'm trying to build with 0.4.6 in Opensuse build service with no luck so > far which is definitely caused by my complete lack of knowledge with > building RPMs, modifying *.spec-files and the OBS. > > But this doesn't belong to this list (though I appreciate any hints and > help). > > Regards Hanns > be sure to use latest revision https://build.opensuse.org/package/view_file/openSUSE:Factory/dovecot22/dovecot22.changes https://build.opensuse.org/package/show/server:mail/dovecot22?rev=49 dovecot-2.2-pigeonhole-0.4.3_adapt_to_2.2.15.patch latest dove sieve is http://pigeonhole.dovecot.org/download.html v0.4.6 so suse people may upgrade to sieve pigeonhole latest, contact them via mail etc dovecot itself seems up2date with latest revision Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From dave at 661.org Mon Dec 15 03:53:01 2014 From: dave at 661.org (Dave G.) Date: Mon, 15 Dec 2014 03:53:01 +0000 (UTC) Subject: Can't save to folders In-Reply-To: References: Message-ID: On Sun, 14 Dec 2014, Jan Wide? wrote: > W dniu 2014-12-14 12:31, Dave G. napisa?(a): >> When I login through imap, I can see everything in ~/mail/ just fine. >> I cannot save to any of them. If I have an autocreate-autosubscribe >> folder (ZZZ here), it shows up as empty (correct). Then if I save >> something to it through imap, a file ~/mail/ZZZ appears, but nothing >> actually gets saved to it. > > Turn debug on, and watch log file when you copy. > mail_debug=yes I don't know what the problem was. I slept on it and now things are working correctly. -- David Griffith dave at 661.org From wayne.andersen at clima-tech.com Thu Dec 11 23:06:30 2014 From: wayne.andersen at clima-tech.com (Wayne Andersen) Date: Thu, 11 Dec 2014 16:06:30 -0700 Subject: Problem with TLS and Outlook 2010 Message-ID: <003001d01597$1a1345a0$4e39d0e0$@clima-tech.com> Dovecot 2.0.9 So I am trying to get my Outlook 2010 client to use TLS with Dovecot. The Outlook error that I get is: Log onto incoming mail server (IMAP): A secure connection to the server cannot be established. I have set the port to 143,993,995 none of them work, and the security to TLS. I have all of the certificates in the full chain installed on my machine and when viewing them they all show ?This certificate is OK.? I have turned on Outlook logging and am seeing this: C:\PROGRA~2\MICROS~2\Office14\OUTLMIME.DLLIMAP: 14:48:40 [db] Intializing connection [131383B0] IMAP: 14:48:40 [db] Setting internal codepage to 1200 IMAP: 14:48:40 [db] Connecting to 'mail.mydomain.com' on port 143. IMAP: 14:48:40 [db] OnNotify: asOld = 0, asNew = 2, ae = 0 IMAP: 14:48:40 [db] srv_name = "mail.mydomain.com" srv_addr = 174.46.198.101:143 IMAP: 14:48:40 [db] OnNotify: asOld = 2, asNew = 3, ae = 1 IMAP: 14:48:40 [db] OnNotify: asOld = 3, asNew = 4, ae = 0 IMAP: 14:48:40 [db] OnNotify: asOld = 4, asNew = 5, ae = 2 IMAP: 14:48:40 [db] OnNotify: asOld = 5, asNew = 5, ae = 4 IMAP: 14:48:40 [db] OnNotify: asOld = 5, asNew = 5, ae = 3 IMAP: 14:48:40 [rx] * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. ?----- not seeing the STARTTLS capability here. IMAP: 14:48:40 [tx] sx59 CAPABILITY IMAP: 14:48:40 [db] OnNotify: asOld = 5, asNew = 5, ae = 3 IMAP: 14:48:40 [rx] * CAPABILITY IMAP4REV1 LOGIN-REFERRALS IDLE AUTH=PLAIN AUTH=LOGIN IMAP: 14:48:40 [rx] sx59 OK Capability completed. IMAP: 14:48:40 [db] ERROR: "A secure connection to the server cannot be established.", hr=0x800CCCE1 IMAP: 14:48:40 [db] Connection to 'mail.mydomain.com' closed. IMAP: 14:48:40 [db] OnNotify: asOld = 5, asNew = 0, ae = 5 >From a windows 7 client if I do a telnet mail.mydomain.com 143 I get: * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. ?--- do not see STARTTLS in the capability list. Same windows client: C:\OpenSSL-Win64\bin>openssl.exe s_client -connect mail.mydomain.com:993 WARNING: can't open config file: /usr/local/ssl/openssl.cnf Loading 'screen' into random state - done CONNECTED(0000018C) depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority verify error:num=20:unable to get local issuer certificate ?--- Yes I see this and it may be an issue, but this certificate exist and is valid. verify return:0 --- Certificate chain 0 s:/OU=Domain Control Validated/OU=COMODO SSL Wildcard/CN=*.mydomain.com i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIFVjCCBD6gAwIBAgIQWCEHgEVoKToQkXoG3+g1cTANBgkqhkiG9w0BAQsFADCB kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G fs2e2XCjkEVu/YR7exKkmTf9wkhZ+tD0+S8= -----END CERTIFICATE----- subject=/OU=Domain Control Validated/OU=COMODO SSL Wildcard/CN=*.mydomain.com issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA --- No client certificate CA names sent --- SSL handshake has read 5169 bytes and written 497 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : DHE-RSA-AES256-GCM-SHA384 Session-ID: 281D21C81FA6E7656B9CA2BD13590DDE0094CC8FA43FFD31DFEEDEC74F2511BF Session-ID-ctx: Master-Key: AF36CFDBBAA955270A48E2E9740F671299511DA1B3EEAFFAEC582E100DE519EC7CBC612ED686 DBBBFE06B9D6E535B837 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 1d 2a e7 fd 94 9d a2 84-90 52 32 2f e7 89 28 59 .*.......R2/..(Y 0010 - 12 d5 b3 56 0e a7 71 c4-84 53 01 ec 95 97 59 4e ...V..q..S....YN 0020 - ac 17 3f 3f dc b6 b0 db-0f 47 0c 88 5a c2 7b a7 ..??.....G..Z.{. 0030 - d0 73 ff 19 ec 6f cd 67-d5 58 3e cd 91 eb 79 90 .s...o.g.X>...y. 0040 - 76 a9 d9 f2 17 dc da c4-bd ba 69 b4 11 c7 65 f9 v.........i...e. 0050 - 71 42 01 3b bd 6f a5 3a-9f 34 48 36 9e 31 4e 1c qB.;.o.:.4H6.1N. 0060 - 93 24 75 7f 8a c6 7f 7a-4c cd 93 bd 92 4c 9d 7f .$u....zL....L.. 0070 - df 47 11 3e 93 11 73 8e-09 5c ef 85 e2 aa bc 77 .G.>..s..\.....w 0080 - eb 29 fa c6 30 5b 27 de-50 98 47 7b 55 f0 84 91 .)..0['.P.G{U... 0090 - 97 da 66 29 1c c9 7e 63-56 8b a7 80 57 4b 2f 2c ..f)..~cV...WK/, Start Time: 1418336961 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. e logout closed >From a linux client I get : * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. I do see STARTTLS here. >From a linux client: openssl s_client -connect localhost:993 CONNECTED(00000003) depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify return:1 depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA verify return:1 depth=0 OU = Domain Control Validated, OU = COMODO SSL Wildcard, CN = *.mydomain.com verify return:1 --- Certificate chain 0 s:/OU=Domain Control Validated/OU=COMODO SSL Wildcard/CN=*.mydomain.com i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIFVjCCBD6gAwIBAgIQWCEHgEVoKToQkXoG3+g1cTANBgkqhkiG9w0BAQsFADCB fs2e2XCjkEVu/YR7exKkmTf9wkhZ+tD0+S8= -----END CERTIFICATE----- subject=/OU=Domain Control Validated/OU=COMODO SSL Wildcard/CN=*.mydomain.com issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA --- No client certificate CA names sent --- SSL handshake has read 5169 bytes and written 453 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : DHE-RSA-AES256-GCM-SHA384 Session-ID: 8357FF1D37476EEF1BE64DE443EFFBBED9CE375EA8CA5F1C5ED628B52E723D8F Session-ID-ctx: Master-Key: D6906D40FF47E7ED278AF4D0B143407A53955DA97365A09881EA0C68AAF3B879CB3136A7783B 18A46FD0A0634CBDC17D Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - cb 06 13 9a c9 2a 67 b7-3d 5b 5b 33 3b fe 1e 2e .....*g.=[[3;... 0010 - 18 73 2d ae 9e 4d f3 69-aa 13 ca 9c 07 94 73 cb .s-..M.i......s. 0020 - 02 a2 74 c9 df 70 ed 1b-33 f8 fb cb 97 1d 12 f5 ..t..p..3....... 0030 - 88 21 4e fd 7e be 69 b8-88 30 c9 99 70 f4 ea f3 .!N.~.i..0..p... 0040 - b0 90 c8 ab a6 f4 e5 37-c8 3e 4e 33 24 f9 cd 37 .......7.>N3$..7 0050 - f8 b0 8a 9a f3 44 39 27-e3 3d 96 3b ba a2 4e 85 .....D9'.=.;..N. 0060 - 77 5f a7 f7 6e 12 76 59-51 94 da 63 dd 99 cc 74 w_..n.vYQ..c...t 0070 - 1b 1b 1f 33 02 5f 3d ed-9a 57 e8 63 87 d4 8f d5 ...3._=..W.c.... 0080 - d5 fc 8c bf 89 4d 4d 91-bc 4f c7 67 79 c4 ec e9 .....MM..O.gy... 0090 - 47 68 0f 21 47 58 8a c9-10 a0 3b 46 e9 3b 08 cb Gh.!GX....;F.;.. Start Time: 1418337012 Timeout : 300 (sec) Verify return code: 0 (ok) --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. e logout closed doveconf ?n | grep ssl # 2.0.9: /etc/dovecot/dovecot.conf ssl_cert = (Robert Schetterer's message of "Sun, 14 Dec 2014 19:15:06 +0100") References: <547F96CB.2080504@networkers.pl> <548CAF01.3040101@rename-it.nl> <548CB5CE.8060305@hannsmattes.de> <548CB733.7000800@chunkz.net> <87a92q6tm4.fsf@hannsmattes.de> <548DD3AA.8030703@sys4.de> Message-ID: <87h9wxxe3y.fsf@hannsmattes.de> Hi, Robert Schetterer schrieb: >[...] > >so suse people may upgrade to sieve pigeonhole latest, contact them via >mail etc >[...] I sent a mail to one of the Maintainers (darix) and they updated only an hour later - very nice guy. After the following upgrade, the sieve-scripts are replicated - very good. Best regards Hanns Mattes From hanns at hannsmattes.de Mon Dec 15 13:05:59 2014 From: hanns at hannsmattes.de (Hanns Mattes) Date: Mon, 15 Dec 2014 14:05:59 +0100 Subject: Replication and Sieve In-Reply-To: <87sigj2qyg.fsf@hannsmattes.de> (Hanns Mattes's message of "Sat, 13 Dec 2014 22:13:43 +0100") References: <5488A984.9010407@hannsmattes.de> <87sigj2qyg.fsf@hannsmattes.de> Message-ID: <87oar5cbbc.fsf@hannsmattes.de> Hanns Mattes schrieb: >Hi, > >Hanns Mattes schrieb: > >[replication not updating sieve rules] > JFTR; Upgrading to pigeonhole 0.4.6 seems to solve the problem. Best regards Hanns From rs at sys4.de Mon Dec 15 13:22:51 2014 From: rs at sys4.de (Robert Schetterer) Date: Mon, 15 Dec 2014 14:22:51 +0100 Subject: Replication sieve scripts. In-Reply-To: <87h9wxxe3y.fsf@hannsmattes.de> References: <547F96CB.2080504@networkers.pl> <548CAF01.3040101@rename-it.nl> <548CB5CE.8060305@hannsmattes.de> <548CB733.7000800@chunkz.net> <87a92q6tm4.fsf@hannsmattes.de> <548DD3AA.8030703@sys4.de> <87h9wxxe3y.fsf@hannsmattes.de> Message-ID: <548EE0AB.5040308@sys4.de> Am 15.12.2014 um 14:00 schrieb Hanns Mattes: > Hi, > > Robert Schetterer schrieb: > >> [...] >> >> so suse people may upgrade to sieve pigeonhole latest, contact them via >> mail etc >> [...] > > I sent a mail to one of the Maintainers (darix) and they updated only an hour > later - very nice guy. > > After the following upgrade, the sieve-scripts are replicated - very > good. > > Best regards > > Hanns Mattes > cool ! Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From hummel at pasteur.fr Mon Dec 15 14:23:11 2014 From: hummel at pasteur.fr (Thomas HUMMEL) Date: Mon, 15 Dec 2014 15:23:11 +0100 Subject: Userdb's and IMAP proxying Message-ID: <20141215142311.GA1261@parmesan.sis.pasteur.fr> Hello Timo, In order to plan a migration, I want to setup an IMAP proxy (proxy_maybe) with a dovecot server (I'm running the old dovecot-2.1.15 but I could upgrade or use a proxy only dovecot-2.2.x server)/LDAP pass et userdb's. I'm won't be in charge of the migration itself but I think the idea will be to migrate a chunk of users each night and then let the proxy send them to the new server. I wonder if, instead of altering my LDAP schema to be able to add the needed attributes (matching proxy/proxy_maybe, host, ...) I could use a second userdb (preferably in a file : passwd-file ?) only for those extra_fields (i.e. the second userdb would extend the LDAP one). As a matter of fact, I guess those who will migrate users will prefer writing to a file than to add some LDAP attribute in the user entry. In other words, can I get different extra_fields for the same user in different userdb's ? -- Thomas Hummel | Institut Pasteur | Groupe Exploitation et Infrastructure From arekm at maven.pl Mon Dec 15 14:56:22 2014 From: arekm at maven.pl (Arkadiusz =?utf-8?q?Mi=C5=9Bkiewicz?=) Date: Mon, 15 Dec 2014 15:56:22 +0100 Subject: [2.3 feature request]: multiple passwords for single user Message-ID: <201412151556.22867.arekm@maven.pl> Hi. I wonder if there any plans of finishing "multiple passwords for single user" feature? Few months old thread mentioned this: http://www.dovecot.org/list/dovecot/2014-July/097217.html and even a patch that unfortunately was never finished http://dovecot.org/patches/2.0/auth-multi-password-2.0.diff Multiple passwords for single user are great since allow easy password management for users. For example you could have one password on a laptop, one on a phone, one on a tablet. Revoking access to the device is as easy as dropping single password and it doesn't affect other devices. There are more use cases. Untill that happens (not that great) workaround exists: http://wiki2.dovecot.org/Authentication/MultipleDatabases Thanks, -- Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org ) From rick at havokmon.com Mon Dec 15 15:08:37 2014 From: rick at havokmon.com (Rick Romero) Date: Mon, 15 Dec 2014 09:08:37 -0600 Subject: [2.3 feature request]: multiple passwords for single user In-Reply-To: <201412151556.22867.arekm@maven.pl> Message-ID: <20141215090837.Horde.vY3Loo3-bFSxglXdJeV5oA6@www.vfemail.net> Quoting Arkadiusz Mi?kiewicz : > Hi. > > I wonder if there any plans of finishing "multiple passwords for single > user" > feature? > > Untill that happens (not that great) workaround exists: > http://wiki2.dovecot.org/Authentication/MultipleDatabases No, just use multiple fields in SQL with IF statements.? Unless you want a single login method to support multiple passwords - which doesn't seem like a good idea to me. From rick at havokmon.com Mon Dec 15 15:12:13 2014 From: rick at havokmon.com (Rick Romero) Date: Mon, 15 Dec 2014 09:12:13 -0600 Subject: [2.3 feature request]: multiple passwords for single user Message-ID: <20141215091213.Horde.CwsMu8UFui9ZNi0eKJQTDg2@www.vfemail.net> Quoting Arkadiusz Mi?kiewicz : > Hi. > > I wonder if there any plans of finishing "multiple passwords for single > user" > feature? > > > Untill that happens (not that great) workaround exists: > http://wiki2.dovecot.org/Authentication/MultipleDatabases > > ? Whoops misfired Unless you want a single service to have multiple passwords, which doesn't seem like a good idea to me, use SQL if statements to separate by service/host.?? http://www.dovecot.org/list/dovecot/2014-July/097140.html From ghalvors78 at hushmail.com Mon Dec 15 16:28:29 2014 From: ghalvors78 at hushmail.com (ghalvors78 at hushmail.com) Date: Mon, 15 Dec 2014 11:28:29 -0500 Subject: Failed installation on Ubuntu with Postfix/Dovecot/Squirrelmail Message-ID: <20141215162829.882D860869@smtp.hushmail.com> Hello all, I did an install following a HOWTO document that has a fair number of positive reviews, but something went wrong along the way: https://www.digitalocean.com/community/tutorials/how-to-configure-a-mail-server-using-postfix-dovecot-mysql-and-spamassasin I made a couple deviations. I opted to not use StartSSL keys, and decided to stay with the default keys. Also, I chose to use Squirrelmail, but not Spamassassin. I tried to ensure that there are no issues with the Postfix installation (Dr. Venama and the team were quite helpful). I also had two Postfix book at my side, but I have none for Dovecot. While my goal is to get my server running, I would like to gain an understanding of Dovecot along the way, because sooner or later, it will break and I'll need to revisit the installation. First hint of a problem was that Squirrelmail would say the IMAP server dropped the connection on a successful login. So I went to a command line and used 'mail' to compose a test message from my laptop and see how the machine at Digital Ocean handled it. It didn't go over so well, in fact, it's generating errors as I'm writing this (every 5 minutes). For privacy, I swapped my domain name, for the generic example.com. Dec 14 20:24:18 example postfix/qmgr[13624]: EF3C0C0A17: from=, size=597, nrcpt=1 (queue active) Dec 14 20:24:18 example dovecot: lmtp(21652): Connect from local Dec 14 20:24:18 example dovecot: lmtp(21652, bob at example.com): Error: user bob at example.com: Initialization failed: namespace configuration error: inbox=yes namespace missing Dec 14 20:24:18 example dovecot: lmtp(21652): Disconnect from local: Successful quit Dec 14 20:24:18 example postfix/lmtp[21651]: EF3C0C0A17: to=, relay=mail.example.com[private/dovecot-lmtp], delay=168169, delays=168169/0.01/0.01/0.01, dsn=4.3.0, status=deferred (host mail.example.com[private/dovecot-lmtp] said: 451 4.3.0 Temporary internal error (in reply to end of DATA command)) Now when I was checking that Postfix wasn't the likely problem, one of them mentioned: http://archives.neohapsis.com/archives/postfix/2014-12/0189.html (Postfix-users archive) that I needed: namespace inbox { inbox = yes } But I'm curious why that I'm the only one that seems to have been nailed by this omission. A keyword search on 'namespace' only brought up a single comment. What are your thoughts? Below, I appended the configuration files that I modified. I tried to compress them to a minimum space for the list by omitting the comments. # # /etc/dovecot/dovecot.conf # !include_try /usr/share/dovecot/protocols.d/*.protocol protocols = imap lmtp pop3 dict { } !include conf.d/*.conf !include_try local.conf # eof # # /etc/dovecot/dovecot-sql.conf.ext # driver = mysql connect = host=127.0.0.1 dbname=servermail user=usermail password=changed_it default_pass_scheme = SHA512-CRYPT password_query = SELECT email as user, password FROM virtual_users WHERE email='%u'; # eof # # /etc/dovecot/conf.d/10-auth.conf # !include auth-sql.conf.ext # eof # # /etc/dovecot/conf.d/10-mail.conf # mail_location = maildir:/var/mail/vhosts/%d/%n mail_privileged_group = mail # eof # # /etc/dovecot/conf.d/10-master.conf # service imap-login { inet_listener imap { port = 143 } inet_listener imaps { } } service pop3-login { inet_listener pop3 { } inet_listener pop3s { } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 user = postfix group = postfix } } service imap { } service pop3 { } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service auth-worker { user = vmail } service dict { unix_listener dict { } } # eof # # /etc/dovecot/conf.d/10-ssl.conf # ssl=required ssl_cert = Hello, I have a segfault problem, and I can not resolve myself. The details below (stack trace, config....). Maybe important to reproduce, everithing working well until I connect with SoGo ActiveSync (SoGo web, and other IMAP clients are working well). So maybe the SoGo send something magical command if the user client use the ActiveSyn... (the IMAP debug attached too) Thanks, Balazs Toth Program terminated with signal 11, Segmentation fault. #0 0x000002ba68e83609 in array_count_i (array=0x52d1cf10b8) at ../../../src/lib/array.h:140 warning: Source file is more recent than executable. 140 return array->buffer->used / array->element_size; (gdb) bt full #0 0x000002ba68e83609 in array_count_i (array=0x52d1cf10b8) at ../../../src/lib/array.h:140 No locals. #1 array_get_i (count_r=, array=0x52d1cf10b8) at ../../../src/lib/array.h:188 No locals. #2 virtual_storage_set_have_guid_flags (mbox=0x52d1cf0de0) at virtual-storage.c:498 i = count = status = {messages = 3519949744, recent = 82, unseen = 2, uidvalidity = 0, uidnext = 1856604872, first_unseen_seq = 964, first_recent_uid = 3519949992, last_cached_seq = 82, highest_modseq = 355707281680, highest_pvt_modseq = 2999686621158, keywords = 0x52d1cf0de0, permanent_flags = 3520008512, permanent_keywords = 0, allow_new_keywords = 1, nonpermanent_modseqs = 0, no_modseq_tracking = 0, have_guids = 1, have_save_guids = 0, have_only_guid128 = 1} bboxes = 0x0 opened = #3 virtual_storage_get_status (box=0x52d1cf0de0, items=, status_r=0x3c46ea98b90) at virtual-storage.c:537 mbox = 0x52d1cf0de0 #4 0x000002ba694a20e4 in fts_mailbox_get_status (box=0x52d1cf0de0, items=0, status_r=0x3c46ea98b90) at fts-storage.c:94 fbox = #5 0x000002ba6a4e47a4 in acl_mailbox_get_status (box=0x52d1cf0de0, items=0, status_r=0x3c46ea98b90) at acl-mailbox.c:542 abox = #6 0x000002ba6b409966 in mailbox_get_status (box=0x52d1cf0de0, items=0, status_r=status_r at entry=0x3c46ea98b90) at mail-storage.c:1570 __FUNCTION__ = "mailbox_get_status" #7 0x00000052d01a191b in imap_status_get (cmd=cmd at entry=0x52d1ce6110, ns=ns at entry=0x52d1ce1ab0, mailbox=mailbox at entry=0x52d1c9e160 "virtual/Expunged", items=items at entry=0x3c46ea98b70, result_r=result_r at entry=0x3c46ea98b90) at imap-status.c:84 client = 0x52d1ce55b0 box = 0x52d1cf0de0 errstr = ret = 0 #8 0x00000052d0196b29 in cmd_status (cmd=0x52d1ce6110) at cmd-status.c:40 client = 0x52d1ce55b0 args = 0x52d1ce8968 list_args = 0x52d1ce8b18 items = {status = 0, metadata = MAILBOX_METADATA_GUID} result = {status = {messages = 0, recent = 0, unseen = 0, uidvalidity = 0, uidnext = 0, first_unseen_seq = 0, first_recent_uid = 0, last_cached_seq = 0, highest_modseq = 0, highest_pvt_modseq = 0, keywords = 0x0, permanent_flags = 0, permanent_keywords = 0, allow_new_keywords = 0, nonpermanent_modseqs = 0, no_modseq_tracking = 0, have_guids = 0, have_save_guids = 0, have_only_guid128 = 0}, metadata = {guid = "\027\000\000\000\000\000\000\000\000\337\354\000\027\225\023J", virtual_size = 355707281760, cache_fields = 0x52d1cd1470, precache_fields = 3519963648, backend_ns_prefix = 0x52d1ce6110 "", backend_ns_type = 3519963488}, error = MAIL_ERROR_TEMP, errstr = 0x52d1ca7288 "\240\200\312\321R"} ns = 0x52d1ce1ab0 mailbox = 0x52d1c9e160 "virtual/Expunged" orig_mailbox = 0x52d1ce8ac8 "virtual/Expunged" selected_mailbox = false #9 0x00000052d019aebc in command_exec (cmd=cmd at entry=0x52d1ce6110) at imap-commands.c:158 hook = 0x52d1ca6fa0 ret = #10 0x00000052d0199e60 in client_command_input (cmd=cmd at entry=0x52d1ce6110) at imap-client.c:782 client = 0x52d1ce55b0 command = __FUNCTION__ = "client_command_input" #11 0x00000052d0199ef4 in client_command_input (cmd=0x52d1ce6110) at imap-client.c:843 client = 0x52d1ce55b0 command = __FUNCTION__ = "client_command_input" Dovecot version: 2.2.15 Debian 7.7 (x64) FS: ext4 dovecot -n: # 2.2.15: /etc/dovecot/dovecot.conf # OS: Linux 3.14.24-kvm-guest-intel64-grsec x86_64 Debian 7.7 auth_cache_negative_ttl = 15 mins auth_cache_size = 16 M auth_cache_ttl = 8 hours auth_master_user_separator = * auth_mechanisms = plain login auth_verbose = yes auth_worker_max_count = 32 default_client_limit = 1024 default_process_limit = 64 deliver_log_format = msgid=%m [%f: %s]: %$ dict { expire = pgsql:/etc/dovecot/sql/expire.conf } first_valid_gid = 8 first_valid_uid = 8 info_log_path = /var/log/dovecot/info.log last_valid_gid = 8 last_valid_uid = 8 log_path = /var/log/dovecot/server.log log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Ready mail_location = maildir:~/mail:INDEX=~/indexes/private mail_plugins = acl expire fts fts_lucene lazy_expunge quota zlib mail_log notify stats mailbox_alias trash virtual mail_shared_explicit_inbox = yes mail_temp_dir = /run/shm/dovecot managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { list = children location = maildir:/var/mail/virtual/%%d/%%n/mail:INDEX=~/indexes/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { list = children location = maildir:/var/mail/virtual/%d/PUBLIC:INDEX=~/indexes/public prefix = public/ separator = / subscriptions = no type = public } namespace expunged { hidden = yes list = no location = maildir:~/expunged:INDEX=~/indexes/expunged prefix = expunged/ separator = / type = private } namespace inbox { inbox = yes location = maildir:~/mail:INDEX=~/indexes/private mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } mailbox virtual/All { special_use = \All } mailbox virtual/Flagged { special_use = \Flagged } prefix = separator = / type = private } namespace virtual { location = virtual:/etc/dovecot/virtual:INDEX=~/indexes/virtual prefix = virtual/ separator = / subscriptions = no type = private } passdb { args = /etc/dovecot/sql/auth.conf driver = sql } passdb { args = /etc/dovecot/sql/masteruser.conf driver = sql master = yes pass = yes } plugin { acl = vfile:/etc/dovecot/acl acl_shared_dict = file:/var/mail/virtual/%d/shared-mailboxes.db antispam_backend = MAILTRAIN antispam_mail_notspam = --ham antispam_mail_sendmail = /usr/bin/sa-learn antispam_mail_sendmail_args = --username=%u antispam_mail_spam = --spam antispam_signature_missing = move antispam_spam = Junk antispam_trash = Trash deleted_to_trash_folder = Trash expire = * expire_dict = proxy::expire fts = lucene lazy_expunge = expunged/ lazy_expunge_only_last_instance = yes mail_log_events = delete undelete expunge copy mailbox_create mailbox_delete mailbox_rename mail_log_fields = uid box msgid size from subject mailbox_alias_new = Sent Messages mailbox_alias_new2 = Sent Items mailbox_alias_new3 = sent-mail mailbox_alias_new4 = Elk?ld?tt elemek mailbox_alias_new5 = Spam mailbox_alias_new6 = Lev?lszem?t mailbox_alias_new7 = Deleted Items mailbox_alias_new8 = Deleted Messages mailbox_alias_new9 = T?r?lt elemek mailbox_alias_old = Sent mailbox_alias_old2 = Sent mailbox_alias_old3 = Sent mailbox_alias_old4 = Sent mailbox_alias_old5 = Junk mailbox_alias_old6 = Junk mailbox_alias_old7 = Trash mailbox_alias_old8 = Trash mailbox_alias_old9 = Trash quota = maildir:User quota quota_rule = *:storage=16G quota_rule2 = Trash:storage=+100M quota_rule3 = Junk:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_after = /var/lib/dovecot-sieve/default sieve_dir = ~/sieve sieve_max_actions = 64 sieve_max_redirects = 64 sieve_max_script_size = 2M sieve_quota_max_scripts = 8 stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 64 M stats_refresh = 5s stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours trash = /etc/dovecot/dovecot-trash.conf.ext } protocols = " imap lmtp sieve pop3" service auth-worker { unix_listener auth-worker { group = mail mode = 0660 user = dovecot } user = mail } service auth { unix_listener auth-userdb { group = mail mode = 0660 user = dovecot } user = mail } service dict { unix_listener dict { group = mail mode = 0660 user = dovecot } user = mail } service imap-login { process_min_avail = 8 service_count = 16 } service lmtp { process_min_avail = 5 unix_listener lmtp { group = mail mode = 0660 user = Debian-exim } user = mail } service pop3-login { process_min_avail = 8 service_count = 16 } service quota-warning { executable = script /usr/bin/dovecot-quota-warning.sh user = mail } service stats { fifo_listener stats-mail { group = mail mode = 0660 user = dovecot } user = mail } ssl_cert = References: <20141215162829.882D860869@smtp.hushmail.com> Message-ID: <548F198C.9050907@chunkz.net> > that I needed: > > namespace inbox { > inbox = yes > } Hey, I wonder where do you have set this namespace inbox ? in 10-mail.conf ? > # > # /etc/dovecot/conf.d/10-mail.conf > # > mail_location = maildir:/var/mail/vhosts/%d/%n > mail_privileged_group = mail Do /var/mail/vhosts exists and is owned by mail:mail ? When you checked all of this try to debug dovecot, see if there is something in /var/log/mail.err Regards, -- CHUNKZ.NET - script kiddie and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From bertrand.caplet at chunkz.net Mon Dec 15 17:27:16 2014 From: bertrand.caplet at chunkz.net (Bertrand Caplet) Date: Mon, 15 Dec 2014 18:27:16 +0100 Subject: Replication sieve scripts. In-Reply-To: <87h9wxxe3y.fsf@hannsmattes.de> References: <547F96CB.2080504@networkers.pl> <548CAF01.3040101@rename-it.nl> <548CB5CE.8060305@hannsmattes.de> <548CB733.7000800@chunkz.net> <87a92q6tm4.fsf@hannsmattes.de> <548DD3AA.8030703@sys4.de> <87h9wxxe3y.fsf@hannsmattes.de> Message-ID: <548F19F4.8030200@chunkz.net> > I sent a mail to one of the Maintainers (darix) and they updated only an hour > later - very nice guy. > > After the following upgrade, the sieve-scripts are replicated - very > good. > > Best regards > > Hanns Mattes Wow, very quick ! I love those kind of guys. Regards, -- CHUNKZ.NET - script kiddie and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From delrio at mie.utoronto.ca Mon Dec 15 17:52:56 2014 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Mon, 15 Dec 2014 12:52:56 -0500 Subject: Problem with TLS and Outlook 2010 In-Reply-To: <003001d01597$1a1345a0$4e39d0e0$@clima-tech.com> References: <003001d01597$1a1345a0$4e39d0e0$@clima-tech.com> Message-ID: <548F1FF8.8030907@mie.utoronto.ca> On 12/11/14 06:06 PM, Wayne Andersen wrote: > From a windows 7 client if I do a telnet mail.mydomain.com 143 I get: > > * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS IDLE AUTH=PLAIN AUTH=LOGIN] > Dovecot ready. ?--- do not see STARTTLS in the capability list. > > > > From a linux client I get : > > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. > > I do see STARTTLS here. > It looks like they are connecting to different servers. DNS or proxy problem? Did you check the server logs? From ghalvors78 at hushmail.com Mon Dec 15 18:00:34 2014 From: ghalvors78 at hushmail.com (ghalvors78 at hushmail.com) Date: Mon, 15 Dec 2014 13:00:34 -0500 Subject: Failed installation on Ubuntu with Postfix/Dovecot/Squirrelmail In-Reply-To: <548F198C.9050907@chunkz.net> References: <20141215162829.882D860869@smtp.hushmail.com> <548F198C.9050907@chunkz.net> Message-ID: <20141215180035.12AFC60868@smtp.hushmail.com> On 12/15/2014 at 12:26 PM, "Bertrand Caplet" wrote: > >> that I needed: >> >> namespace inbox { >> inbox = yes >> } > >Hey, >I wonder where do you have set this namespace inbox ? in 10- >mail.conf ? > The word 'namespace' does not appear in any file within the tree of /etc/dovecot/ This was a suggestion that was offered to me from the Postfix list when I was cleaning up my postfix installation, but I wasn't certain of which file it should be in (or if it even matters from the software perspective). I'm curious how so many other users could have gotten the HOWTO to work for them without having to add this. This is maybe day 4 of my experience with dovecot, so I am very cautious, but I can try adding this to 10-mail.conf and restart the service... According to the mail.log, Postfix handed dovecot a message. Might have been the test email from a couple days ago. Hey, there is content in the directory tree of /var/mail/vhosts/example.com/bob/ That was empty before. >> # >> # /etc/dovecot/conf.d/10-mail.conf >> # >> mail_location = maildir:/var/mail/vhosts/%d/%n >> mail_privileged_group = mail > >Do /var/mail/vhosts exists and is owned by mail:mail ? >When you checked all of this try to debug dovecot, see if there is >something in /var/log/mail.err > /var/mail/vhosts does exist and it's owned by vmail, which was a user and group that was created during the process. drwxrwsr-x 3 vmail vmail 4096 Dec 11 12:53 . drwxr-xr-x 13 root root 4096 Nov 7 18:39 .. -rw------- 1 root vmail 0 Dec 11 12:53 root drwxr-sr-x 4 vmail vmail 4096 Dec 8 00:14 vhosts Permissions seem to be good enough for writing to it. The privacy and permissions of the subdirectories are good too. I'm not entirely certain why an addition mail user vmail when I already have a user called postfix and dovecot. Anyway, the directory has been written to by dovecot since the subdirectories have changed since adding the change to 10-mail.conf and starting the server And guess what, I can log into squirrelmail's interface just fine. No more dropped connection to the IMAP server. And now that the panic is over, I'd like to get smart on dovecot. >Regards, >-- >CHUNKZ.NET - script kiddie and computer technician >Bertrand Caplet, Flers (FR) >Feel free to send encrypted/signed messages >Key ID: FF395BD9 >GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 From bertrand.caplet at chunkz.net Mon Dec 15 18:12:35 2014 From: bertrand.caplet at chunkz.net (Bertrand Caplet) Date: Mon, 15 Dec 2014 19:12:35 +0100 Subject: Failed installation on Ubuntu with Postfix/Dovecot/Squirrelmail In-Reply-To: <20141215180035.12AFC60868@smtp.hushmail.com> References: <20141215162829.882D860869@smtp.hushmail.com> <548F198C.9050907@chunkz.net> <20141215180035.12AFC60868@smtp.hushmail.com> Message-ID: <548F2493.7080803@chunkz.net> > > The word 'namespace' does not appear in any file within the tree of /etc/dovecot/ This was a suggestion that was offered to me from the Postfix list when I was cleaning up my postfix installation, but I wasn't certain of which file it should be in (or if it even matters from the software perspective). I'm curious how so many other users could have gotten the HOWTO to work for them without having to add this. This is maybe day 4 of my experience with dovecot, so I am very cautious, but I can try adding this to 10-mail.conf and restart the service... > > According to the mail.log, Postfix handed dovecot a message. Might have been the test email from a couple days ago. Wow, you actually need to set this namespace in 10-mail.conf > > Hey, there is content in the directory tree of /var/mail/vhosts/example.com/bob/ That was empty before. > > > /var/mail/vhosts does exist and it's owned by vmail, which was a user and group that was created during the process. > > drwxrwsr-x 3 vmail vmail 4096 Dec 11 12:53 . > drwxr-xr-x 13 root root 4096 Nov 7 18:39 .. > -rw------- 1 root vmail 0 Dec 11 12:53 root > drwxr-sr-x 4 vmail vmail 4096 Dec 8 00:14 vhosts > > Permissions seem to be good enough for writing to it. The privacy and permissions of the subdirectories are good too. I'm not entirely certain why an addition mail user vmail when I already have a user called postfix and dovecot. Anyway, the directory has been written to by dovecot since the subdirectories have changed since adding the change to 10-mail.conf and starting the server > > And guess what, I can log into squirrelmail's interface just fine. No more dropped connection to the IMAP server. > > And now that the panic is over, I'd like to get smart on dovecot. Well we are fixed. I thought it wasn't that. Try adding the namespace restart and tell me what it does. -- CHUNKZ.NET - script kiddie and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From ghalvors78 at hushmail.com Mon Dec 15 18:24:54 2014 From: ghalvors78 at hushmail.com (ghalvors78 at hushmail.com) Date: Mon, 15 Dec 2014 13:24:54 -0500 Subject: Failed installation on Ubuntu with Postfix/Dovecot/Squirrelmail In-Reply-To: <548F2493.7080803@chunkz.net> References: <20141215162829.882D860869@smtp.hushmail.com> <548F198C.9050907@chunkz.net> <20141215180035.12AFC60868@smtp.hushmail.com> <548F2493.7080803@chunkz.net> Message-ID: <20141215182454.5FDC260868@smtp.hushmail.com> I added the namespace to 10-mail.conf (that was the only change I made today). And when I turned on dovecot (it had been stopped since yesterday) the message immediately passed through. So yes, the namespace suggestion from the postfix guy worked. I've been reading up on namespaces since then. I have a feeling that there are some wonderful things I can do with this package. In some ways, the parts of the documentation seem vague and inexact so I guess it will have to grow on me. http://wiki2.dovecot.org/Namespaces "If the configuration doesn't explicitly specify a namespace (as was in v2.0 and older) a default namespace is created automatically." I think this might have been what was going on. The HOWTO I read may have already gotten stale and Dovecot has since grown. > >Try adding the namespace restart and tell me what it does. >-- >CHUNKZ.NET - script kiddie and computer technician >Bertrand Caplet, Flers (FR) >Feel free to send encrypted/signed messages >Key ID: FF395BD9 >GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 From skdovecot at smail.inf.fh-brs.de Tue Dec 16 07:29:40 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 16 Dec 2014 08:29:40 +0100 (CET) Subject: Problem with TLS and Outlook 2010 In-Reply-To: <003001d01597$1a1345a0$4e39d0e0$@clima-tech.com> References: <003001d01597$1a1345a0$4e39d0e0$@clima-tech.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 11 Dec 2014, Wayne Andersen wrote: > Log onto incoming mail server (IMAP): A secure connection to the server > cannot be established. > > I have set the port to 143,993,995 none of them work, and the security to > TLS. 993 is IMAP-over-SSL, which is probably not named "TLS", but "SSL" in Outlook. Usually "TLS" means to use STARTTLS. See: http://www.cs.umd.edu/faq/mailclient/outlook.html But there are a lot of different Outlook versions and different names for settings. > IMAP: 14:48:40 [db] srv_name = "mail.mydomain.com" srv_addr = > 174.46.198.101:143 is this IP correct? > IMAP: 14:48:40 [rx] * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS IDLE > AUTH=PLAIN AUTH=LOGIN] Dovecot ready. ?----- not seeing the STARTTLS > capability here. Do you have a local Firewall or a Cisco-Router between this client and the server? Some firewalls filter out STARTTLS in order to scan the transferred content. > C:\OpenSSL-Win64\bin>openssl.exe s_client -connect mail.mydomain.com:993 > > verify error:num=20:unable to get local issuer certificate ?--- Yes I see > this and it may be an issue, but this certificate exist and is valid. openssl does not guess certificates, you need to specify them on command line. > --- > From a linux client I get : > > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. > > I do see STARTTLS here. does this client run in the same network as the windows client? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVI/fZHz1H7kL/d9rAQJivAgAiatTp5CXbTEwKMN5HTHvN9B4BB3sIN99 P8adumkEAZ5AZVIRSfmWvhGf77jsyC5/Rxc/R2OuqY+hLUkyU0svu6OqhNMEgXrR hA9PFUp3MXj4FBzxkFMOC/RKdzyClNuPEAAwUU/IvZugRhF95C9+5fa66rKIXgDl /s5eKhcml9M1Zx4qK0336XmV6W0VXXiOJM1YBSwUt/yq0NseUuyDE6+FS50z+5kL lIk7BRf3p/pJC8hUBJmtVu67S0ZSUD6i9kYbuKvpd7bAfWDOMtXDZTRl8VoEVJWg QXz7fF1FPy7KqEo67gthkMwwTeXeN6tHm0cpgu53FnXZEVSKR+nuuQ== =VHS1 -----END PGP SIGNATURE----- From absolutely_free at libero.it Tue Dec 16 15:43:09 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Tue, 16 Dec 2014 16:43:09 +0100 (CET) Subject: R: Re: Duplicate messages Message-ID: <2031126148.1255231418744589432.JavaMail.httpd@webmail-15.iol.local> Hi Milo?, unfortunately, I have no X-UIDL header in my mailboxes. Thank you >----Messaggio originale---- >Da: ghostlovescorebg at gmail.com >Data: 13/12/2014 10.25 >A: "absolutely_free at libero.it", >Ogg: Re: Duplicate messages > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 > >On 12/12/14 09:39, absolutely_free at libero.it wrote: >> Hi, I just moved mail spool to a different network storage. Now, >> several users are complaining about duplicate message that are >> fetched by their clients (Outlook, Microsoft Outlook). What is the >> reason? >> >> This is my conf: >> >> # dovecot -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux >> 2.6.32-71.el6.x86_64 x86_64 CentOS release 6.6 (Final) >> auth_mechanisms = plain login digest-md5 cram-md5 >> disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = >> 89 mail_gid = 89 mail_location = maildir:/coraid-s2l2/domains >> mail_uid = 89 managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope >> encoded-character vacation subaddress comparator-i;ascii-numeric >> relational regex imap4flags copy include variables body enotify >> environment mailbox date imapflags notify mbox_write_locks = fcntl >> namespace { inbox = yes location = prefix = INBOX. separator = . >> type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext >> driver = sql } passdb { args = >> /etc/dovecot/dovecot-sql-crypt.conf.ext driver = sql } plugin { >> sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = >> +notify +imapflags sieve_max_script_size = 1M } protocols = imap >> pop3 lmtp sieve ssl_cert = > ssl_key = > /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { >> mail_plugins = } protocol lda { mail_plugins = } >> >Hello, > >Please check if those users have X-UIDL header in their emails. If do, >remove header. That should solve the problem. > >Regards, >Milo? >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v2 > >iQEcBAEBCAAGBQJUjAYJAAoJEBkMFHhDgrs5LgAH/2uTkvRPLr0LEme+srIk72cw >F5yYiH17K7vaPERTPrmKWZGtpezylWK/7YevjCE44+60L8JZqmIVQ99JRZcvMfSh >KP5qu7A41EVXSsAiB75NfTcUEMAYYRSZHpu2rl9lFnGA+5zH9DCqSQrzyatF/DAl >pdmLHVDH4Cj9rNAVdEl5u1e3rC0VCV3xXGgIBkIR9wdIhtrzW7Bdt2Ove08ct93t >Uqj7mhtTxxBoUU2fDzkLZRdCSQpf8HiaKcgWQPNIcRGM0i+hbw42Sgwyl0XFiXfx >f9YxPcT8OahF1+lCnVvQXhR2TiLTbBn+nFN7yWkrNkPlqs8lfIh1t9JOzldrO48= >=YCbh >-----END PGP SIGNATURE----- > From alessio at skye.it Tue Dec 16 16:07:50 2014 From: alessio at skye.it (Alessio Cecchi) Date: Tue, 16 Dec 2014 17:07:50 +0100 Subject: Dovecot lda Panic: file mail-transaction-log.c Message-ID: <549058D6.60800@skye.it> Hi, I'm running: # 2.2.15: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 (3e924b1b6c5c+) # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.10 with mailbox in Maildir format and LDA to delivery new email (+ sieve for filter) on the server there is an email account that is used for "archive", it only receives messages and nobody connects to it. Today dovecot was unable to delibery, via LDA, email in the Maildir and in the log i found the following error. Login via POP or IMAP works fine but is impossibile to delivery new email (the INBOX have about 135000 emails). I have delete all files in Maildir except cur/ new/ tmp/ and rebuild the dovecot cache, but the error is the same. Could be a sieve problem? In the user's home there was a file called .dovecot.lda-dupes.lock What is wrong? Dec 16 06:53:25 mx02eeh dovecot: lda(user at domain.com): sieve: msgid=, from=sgv at pippo.com, subject="xxxx": stored mail into mailbox 'INBOX' Dec 16 06:53:25 mx02eeh dovecot: lda(user at domain.com): Panic: file mail-transaction-log.c: line 271 (mail_transaction_log_rotate): assertion failed: (file->locked) Dec 16 06:53:25 mx02eeh dovecot: lda(user at domain.com): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x75e1a) [0x7f8f2aca4e1a] -> /usr/lib/ dovecot/libdovecot.so.0(i_syslog_fatal_handler+0x33) [0x7f8f2aca4ee3] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f8f2ac562bf] -> /usr/lib/dovecot/lib dovecot-storage.so.0(+0xd6fc5) [0x7f8f2afe5fc5] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_write+0x1f5) [0x7f8f2afe4e15] -> /usr/lib/dovecot/libd ovecot-storage.so.0(mail_index_sync_commit+0x2c4) [0x7f8f2afdc854] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x55b08) [0x7f8f2af64b08] -> /usr/lib/dovecot /libdovecot-storage.so.0(maildir_transaction_save_commit_pre+0x40f) [0x7f8f2af5f43f] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0xb7038) [0x7f8f2afc6038] - > /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_transaction_commit_full+0x9f) [0x7f8f2afd3c6f] -> /usr/lib/dovecot/libdovecot-storage.so.0(index_transa ction_commit+0xa5) [0x7f8f2afc5bf5] -> /usr/lib/dovecot/lib10_quota_plugin.so(+0xbd82) [0x7f8f29c7ed82] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x99ca6) [0x7f8f2afa8ca6] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_transaction_commit_get_changes+0x4f) [0x7f8f2af91b9f] -> /usr/lib/dovecot/libdovecot-st orage.so.0(mailbox_transaction_commit+0x16) [0x7f8f2af91c56] -> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x44047) [0x7f8f29616047] -> /usr/lib/dovecot/libdove cot-sieve.so.0(+0x3a829) [0x7f8f2960c829] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_result_execute+0x1e2) [0x7f8f2960cb72] -> /usr/lib/dovecot/libdovec ot-sieve.so.0(sieve_execute+0x56) [0x7f8f2961d936] -> /usr/lib/dovecot/lib90_sieve_plugin.so(+0x2f2e) [0x7f8f2986df2e] -> /usr/lib/dovecot/libdovecot-lda.so. 0(mail_deliver+0x45) [0x7f8f2b2313c5] -> /usr/libexec/dovecot/dovecot-lda(main+0x6ac) [0x402eec] -> /lib/libc.so.6(__libc_start_main+0xfd) [0x7f8f2a8ebcad] - > /usr/libexec/dovecot/dovecot-lda() [0x4025c9] My dovecot config: # 2.2.15: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 (3e924b1b6c5c+) # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.10 auth_cache_negative_ttl = 10 mins auth_cache_size = 10 M auth_cache_ttl = 20 mins auth_worker_max_count = 50 deliver_log_format = msgid=%m, from=%f, subject="%s": %$ dict { acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext expire = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags imap_idle_notify_interval = 29 mins imap_logout_format = in=%i out=%o session=<%{session}> last_valid_gid = 89 last_valid_uid = 89 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = * mail_fsync = always mail_location = maildir:~/Maildir mail_plugins = quota acl expire mailbox_list_index = yes maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate vnd.dovecot.duplicate mmap_disable = yes namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%n/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / } passdb { args = /etc/dovecot/dovecot-deny-sql.conf.ext deny = yes driver = sql } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_shared_dict = proxy::acl expire = Trash expire2 = Spam expire_dict = proxy::expire quota = maildir:UserQuota quota2 = dict:Quota Usage::noenforcing:proxy::sqlquota quota_grace = 10M quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_before = /etc/dovecot/sieve/before.sieve sieve_dir = ~/sieve sieve_extensions = +vnd.dovecot.duplicate -vacation } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_fast_size_lookups = yes pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, bytes=%i/%o, session=<%{session}> protocols = imap pop3 sieve sendmail_path = /var/qmail/bin/sendmail service auth { client_limit = 6500 unix_listener auth-userdb { group = vchkpw mode = 0660 user = vpopmail } } service dict { process_limit = 500 unix_listener dict { group = vchkpw mode = 0660 user = vpopmail } } service imap-login { process_min_avail = 4 service_count = 0 } service imap-postlogin { executable = script-login /etc/dovecot/scripts/imap-postlogin.sh unix_listener imap-postlogin { group = vchkpw mode = 0660 user = vpopmail } user = vpopmail } service imap { process_limit = 5000 service_count = 100 } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3-login { process_min_avail = 4 service_count = 0 } service pop3-postlogin { executable = script-login /etc/dovecot/scripts/pop3-postlogin.sh unix_listener pop3-postlogin { group = vchkpw mode = 0660 user = vpopmail } user = vpopmail } service pop3 { process_limit = 1024 service_count = 100 } service quota-warning { executable = script /etc/dovecot/scripts/quota-warning.sh unix_listener quota-warning { user = vpopmail } user = vpopmail } ssl_cert = Hello List I have a strange problem here which i try to analyse, but i'm stuck. Maybe someone has a hint? What happened: A few weeks ago one of the LDAPS Servers which is not maintained by us has crashed. From that moment on, users could still login to check their emails, but they were not able to send any email through postfix (which uses smtpd_sasl_type = dovecot) What i do not understand, is why did dovecot not switch to the second configured LDAPS Server? It looks like it retried for ever to reconnect to the crashed LDAP Server. From the moment of the crash we see a lot of Errors like these in our logfiles: Nov 30 16:51:53 servername dovecot: [ID 583609 mail.error] auth: Error: ldap(userone,USERS_IP1,): Connection appears to be hanging, reconnecting AND Nov 30 16:51:59 servername dovecot: [ID 583609 mail.error] auth: Error: plain(usertwo,USERS_IP2,): Request 1982.83548 timed out after 151 secs, state=1 The used dovecot version is 2.2.13, runs on a solaris 10 system and the configuration for passdb and userdb are: passdb { args = /etc/dovecot-ldap.conf default_fields = deny = no driver = ldap master = no name = override_fields = pass = no result_failure = continue result_internalfail = continue result_success = return-ok skip = never } userdb { args = /etc/dovecot-ldap.conf default_fields = driver = ldap name = override_fields = result_failure = continue result_internalfail = continue result_success = return-ok skip = never } And the dovecot-ldap.conf contains (obfuscated): uris = ldaps://server2.tld ldaps://server1.tld ldaps://server4.tld ldaps://server3.tld dn = ... dnpass = ... ldap_version = 3 auth_bind = yes base = ... scope = onelevel user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = ... pass_attrs = uid=user pass_filter = ... The strange thing is, that with the very same binaries and configuration (okay, some minimal modifications have been made to bind to the correct interfaces...) a test on our testsystem works as it should. When we shutdown slapd, dovecot recognizes it an connects to the alternate LDAPS. When we shutdown slapd and start a netcat (just to let something listening without responding)... you guess it. Dovecot does recognize it and switches over to the alternate testsystem. So on our testsystem, everything worked as it should. But the productive system did not. And since the LDAPS are not maintained by us it is somewhat hard to try to reproduce something. At least i got the logfiles from server2.tld and server1.tld. But they only show what i still knew. Our server connected to server2.tld until the crash happened. But server1.tld never got any connection. Has someone an idea what i could try to find out why dovecot did not switch to server1.tld? Best regards Matthias Egger -- Matthias Egger ETH Zurich Department of Information Technology maegger at ee.ethz.ch and Electrical Engineering IT Support Group (ISG.EE), ETL/F/24.1 Phone +41 (0)44 632 03 90 Physikstrasse 3, CH-8092 Zurich Fax +41 (0)44 632 11 95 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4099 bytes Desc: S/MIME Cryptographic Signature URL: From srf at sanger.ac.uk Tue Dec 16 16:38:57 2014 From: srf at sanger.ac.uk (Simon Fraser) Date: Tue, 16 Dec 2014 16:38:57 +0000 Subject: LDAP: Connection appears to be hanging, reconnecting In-Reply-To: <54905E3D.9070209@ee.ethz.ch> References: <54905E3D.9070209@ee.ethz.ch> Message-ID: <54906021.5000405@sanger.ac.uk> On 16/12/14 16:30, Matthias Egger wrote: > What happened: > A few weeks ago one of the LDAPS Servers which is not maintained by us > has crashed. From that moment on, users could still login to check their > emails, but they were not able to send any email through postfix (which > uses smtpd_sasl_type = dovecot) > > What i do not understand, is why did dovecot not switch to the second > configured LDAPS Server? It looks like it retried for ever to reconnect > to the crashed LDAP Server. This is speculation, but what has happened to us in the past is that the LDAP server stopped responding to queries, but the TCP socket was still open for connections. A new TCP connection would be established, but the daemon would not be notified of it. So, depending on precisely how the first LDAP server crashed, it may not be the same test as killing the process, but closer to sending it 'kill -STOP' (and then 'kill -CONT' afterwards, obviously) Simon. -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. From alessio at skye.it Tue Dec 16 16:51:50 2014 From: alessio at skye.it (Alessio Cecchi) Date: Tue, 16 Dec 2014 17:51:50 +0100 Subject: Dovecot lda Panic: file mail-transaction-log.c In-Reply-To: <549058D6.60800@skye.it> References: <549058D6.60800@skye.it> Message-ID: <54906326.6010205@skye.it> Il 16/12/2014 17:07, Alessio Cecchi ha scritto: > Hi, > > I'm running: > > # 2.2.15: /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.6 (3e924b1b6c5c+) > # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.10 > > with mailbox in Maildir format and LDA to delivery new email (+ sieve > for filter) I found the problem but not the solution. This is my sieve default: require ["vnd.dovecot.duplicate", "fileinto", "mailbox"]; if header :matches "X-Spam-Status" "Yes, *" { fileinto "Spam"; } if duplicate { fileinto "Trash"; } If I remove the "if duplicate" rule delivery works fine. Could be a Pigeonhole bug? From hanns at hannsmattes.de Tue Dec 16 19:49:39 2014 From: hanns at hannsmattes.de (Hanns Mattes) Date: Tue, 16 Dec 2014 20:49:39 +0100 Subject: Replication sieve scripts. In-Reply-To: <87h9wxxe3y.fsf@hannsmattes.de> References: <547F96CB.2080504@networkers.pl> <548CAF01.3040101@rename-it.nl> <548CB5CE.8060305@hannsmattes.de> <548CB733.7000800@chunkz.net> <87a92q6tm4.fsf@hannsmattes.de> <548DD3AA.8030703@sys4.de> <87h9wxxe3y.fsf@hannsmattes.de> Message-ID: <54908CD3.7040306@hannsmattes.de> Hi Am 15.12.2014 um 14:00 schrieb Hanns Mattes: > After the following upgrade, the sieve-scripts are replicated - very > good. I stand corrected. They are sometimes updated, sometimes not. I didn't have time for testing (and I don't see a system), but it's not reliably. I will report after some testing. Regards Hanns From Ron at Cleven.com Tue Dec 16 20:13:01 2014 From: Ron at Cleven.com (Ron Cleven) Date: Tue, 16 Dec 2014 14:13:01 -0600 (CST) Subject: replication - more than 2 servers? Message-ID: <5490924C.7070403@Cleven.com> We tested dovecot for a fair amount of time and decided finally to put it into production under CentOS 7 (we are running 2.2.10). I just joined the list, so I apologize for what is probably a question that has been answered many times, but I was wondering if there are any plans to implement replication among 3 or more servers (all "masters", as with 2)? As best as I can tell, replication seems to be limited to 2 servers, and it is not obvious to me even how more than 2 would be supported syntactically in the configs. That is, what might be an example of the "mail_replica" clauses if such a thing was supported? From h.reindl at thelounge.net Tue Dec 16 20:39:21 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 16 Dec 2014 21:39:21 +0100 Subject: replication - more than 2 servers? In-Reply-To: <5490924C.7070403@Cleven.com> References: <5490924C.7070403@Cleven.com> Message-ID: <54909879.5000706@thelounge.net> Am 16.12.2014 um 21:13 schrieb Ron Cleven: > We tested dovecot for a fair amount of time and decided finally to put > it into production under CentOS 7 (we are running 2.2.10). I just > joined the list, so I apologize for what is probably a question that has > been answered many times, but I was wondering if there are any plans to > implement replication among 3 or more servers (all "masters", as with > 2)? As best as I can tell, replication seems to be limited to 2 > servers, and it is not obvious to me even how more than 2 would be > supported syntactically in the configs. That is, what might be an > example of the "mail_replica" clauses if such a thing was supported? if you *really* have that large number of users and load you should split them to different servers (replicated server pairs) because you end in replication overhead eating away all the benefits otherwise master-master replication independent of the software is somehow limited by phyiscs (delays, replication traffic, replication I/O) and can't scale endless -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From list at airstreamcomm.net Tue Dec 16 23:32:23 2014 From: list at airstreamcomm.net (list at airstreamcomm.net) Date: Tue, 16 Dec 2014 17:32:23 -0600 Subject: replication - more than 2 servers? In-Reply-To: <54909879.5000706@thelounge.net> References: <5490924C.7070403@Cleven.com> <54909879.5000706@thelounge.net> Message-ID: <37A1CD67-D75E-4E95-99BE-89038F07FC67@airstreamcomm.net> Dovecot replication will never scale until it implements some form of token ring topology where data is sharded. You should look at obox plugin for dovecot and some form of S3 compatible storage that can be available in multiple data centers. We are using (pithos.io) and the Cassandra database to backend a test cluster with good results between two data centers. This could potentially scale infinitely if that's what you need. > On Dec 16, 2014, at 2:39 PM, Reindl Harald wrote: > > >> Am 16.12.2014 um 21:13 schrieb Ron Cleven: >> We tested dovecot for a fair amount of time and decided finally to put >> it into production under CentOS 7 (we are running 2.2.10). I just >> joined the list, so I apologize for what is probably a question that has >> been answered many times, but I was wondering if there are any plans to >> implement replication among 3 or more servers (all "masters", as with >> 2)? As best as I can tell, replication seems to be limited to 2 >> servers, and it is not obvious to me even how more than 2 would be >> supported syntactically in the configs. That is, what might be an >> example of the "mail_replica" clauses if such a thing was supported? > > if you *really* have that large number of users and load you should split them to different servers (replicated server pairs) because you end in replication overhead eating away all the benefits otherwise > > master-master replication independent of the software is somehow limited by phyiscs (delays, replication traffic, replication I/O) and can't scale endless > From dovecot at randy.pensive.org Wed Dec 17 05:09:15 2014 From: dovecot at randy.pensive.org (Randall Gellens) Date: Tue, 16 Dec 2014 21:09:15 -0800 Subject: dsync "Error: imapc: Remote server didn't send BODY[] for UID" Message-ID: Anyone know what this means and what the implications are? Does this mean some messages are missing? $sudo dsync -D -v -f -R -o mail_fsync=never backup -u test imapc: ... dsync(test): Error: imapc: Remote server didn't send BODY[] for UID 266 in #somefolder -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- Hippogriff: An animal (now extinct) which was half horse and half griffin. The griffin was itself a compound creature, half lion and half eagle. The hippogriff was actually, therefore, only one quarter eagle, which is two dollars and fifty cents in gold. The study of zoology is full of surprises. From dovecot at randy.pensive.org Wed Dec 17 09:39:14 2014 From: dovecot at randy.pensive.org (Randall Gellens) Date: Wed, 17 Dec 2014 01:39:14 -0800 Subject: dsync summary? Message-ID: Is there a way for dsync to report a summary of what it did? For example, when finished, it could report how many messages in how many folders were added (or deleted for a two-way sync) or had flags modified, and if any messages/folders were skipped due to errors or whatever. This could provide a sanity check that a sync looks like it worked. -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- Hippogriff: An animal (now extinct) which was half horse and half griffin. The griffin was itself a compound creature, half lion and half eagle. The hippogriff was actually, therefore, only one quarter eagle, which is two dollars and fifty cents in gold. The study of zoology is full of surprises. From arekm at maven.pl Wed Dec 17 11:26:14 2014 From: arekm at maven.pl (Arkadiusz =?utf-8?q?Mi=C5=9Bkiewicz?=) Date: Wed, 17 Dec 2014 12:26:14 +0100 Subject: [2.3 feature request]: multiple passwords for single user In-Reply-To: <20141215091213.Horde.CwsMu8UFui9ZNi0eKJQTDg2@www.vfemail.net> References: <20141215091213.Horde.CwsMu8UFui9ZNi0eKJQTDg2@www.vfemail.net> Message-ID: <201412171226.14774.arekm@maven.pl> On Monday 15 of December 2014, Rick Romero wrote: > Quoting Arkadiusz Mi?kiewicz : > > Hi. > > > > I wonder if there any plans of finishing "multiple passwords for single > > user" > > feature? > > > > > > Untill that happens (not that great) workaround exists: > > http://wiki2.dovecot.org/Authentication/MultipleDatabases > > > > > > Whoops misfired > > Unless you want a single service to have multiple passwords, I do want exactly that. > which doesn't > seem like a good idea to me, Good/bad depends on usage scenario and needs, so don't worry about this. > use SQL if statements to separate by > service/host. > > http://www.dovecot.org/list/dovecot/2014-July/097140.html That won't work in my scenario. I need two (or more) passwords for the same service. -- Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org ) From dominik at dominikbreu.de Wed Dec 17 11:56:37 2014 From: dominik at dominikbreu.de (Dominik Breu) Date: Wed, 17 Dec 2014 12:56:37 +0100 Subject: dsync summary? In-Reply-To: References: Message-ID: <1418817397.17076.1.camel@dominikbreu.de> Hi Randall, i poked a bit anround in the dovecot wiki and found this article http://wiki2.dovecot.org/Tools/Doveadm/Sync maybe when u apply the -D parameter you will get what u looking for. greetings, dominik Am Mittwoch, den 17.12.2014, 01:39 -0800 schrieb Randall Gellens: > Is there a way for dsync to report a summary of what it did? For > example, when finished, it could report how many messages in how many > folders were added (or deleted for a two-way sync) or had flags > modified, and if any messages/folders were skipped due to errors or > whatever. This could provide a sanity check that a sync looks like > it worked. > From maegger at ee.ethz.ch Wed Dec 17 15:41:13 2014 From: maegger at ee.ethz.ch (Matthias Egger) Date: Wed, 17 Dec 2014 16:41:13 +0100 Subject: LDAP: Connection appears to be hanging, reconnecting In-Reply-To: <54906021.5000405@sanger.ac.uk> References: <54905E3D.9070209@ee.ethz.ch> <54906021.5000405@sanger.ac.uk> Message-ID: <5491A419.2050108@ee.ethz.ch> Hello Simon On 12/16/2014 05:38 PM, Simon Fraser wrote: > This is speculation, but what has happened to us in the past is that the > LDAP server stopped responding to queries, but the TCP socket was still > open for connections. A new TCP connection would be established, but the > daemon would not be notified of it. > > So, depending on precisely how the first LDAP server crashed, it may not > be the same test as killing the process, but closer to sending it 'kill > -STOP' (and then 'kill -CONT' afterwards, obviously) Thank you very much for that hint. You were right. When i -SIGSTOP the slapd i receive a similar behaviour of dovecot as we had a few weeks ago. So do you (or someone other) has a hint on how i could work around such a situation? I found a statement from Timo Sirainen from June 2011: http://www.dovecot.org/pipermail/dovecot/2011-June/059905.html "...Fallbacking to another LDAP server is done by OpenLDAP internally..." So i thought, there should be a possibility to "tweak" the ldap.conf. I then found a german Post: https://listen.jpberlin.de/pipermail/dovecot/2014-June/000506.html Where someone mentioned some ldap.conf Settings: BIND_POLICY soft TIMELIMIT 5 NETWORK_TIMEOUT 5 TIMEOUT 8 and a link to: http://www.linuxquestions.org/questions/linux-enterprise-47/ldap-failover-timeout-client-setting-847718/ which also uses these two settings: BIND_TIMELIMIT 10 IDE_TIMELIMIT 10 I gave i try to them, but the result was still the same. Dovecot respectively OpenLDAP does not switch to another LDAP. Best regards Matthias -- Matthias Egger ETH Zurich Department of Information Technology maegger at ee.ethz.ch and Electrical Engineering IT Support Group (ISG.EE), ETL/F/24.1 Phone +41 (0)44 632 03 90 Physikstrasse 3, CH-8092 Zurich Fax +41 (0)44 632 11 95 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4099 bytes Desc: S/MIME Cryptographic Signature URL: From dovecot.org at veggiechinese.net Wed Dec 17 22:49:53 2014 From: dovecot.org at veggiechinese.net (Will Yardley) Date: Wed, 17 Dec 2014 14:49:53 -0800 Subject: Dovecot-ee In-Reply-To: References: <544126B8.9050700@mail.cgilfe.it> Message-ID: <20141217224953.GA50450@aura.veggiechinese.net> On Fri, Oct 17, 2014 at 12:08:38PM -0700, Timo Sirainen wrote: > On 17 Oct 2014, at 07:24, Davide wrote: > > Hi to all, i found that dovecot-ee repository access is free 0,00 $ > > cost; i'm running dovecot community 2.2.13 can i migrate my system > > to dovecot-ee? What are difference between Dovecot-ee and > > Dovecot-community? > > It's the same, except somewhat more stable with latest important > bugfixes. Sorry to respond so late, but just to confirm, assuming one can get repo access without paying (I could), there are no licensing issues to using Dovecot EE in production (without any of the proprietary modules)? I tried contacting the sales address, but didn't hear back. w From mail at marc-stuermer.de Thu Dec 18 08:57:59 2014 From: mail at marc-stuermer.de (Marc Stuermer) Date: Thu, 18 Dec 2014 09:57:59 +0100 Subject: best file system ? In-Reply-To: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> References: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> Message-ID: <54929717.5020204@marc-stuermer.de> Am 01.12.2014 um 17:24 schrieb absolutely_free at libero.it: > I'm going to set up a new storage for our email users (about 10k). > It's a network attached storage (Coraid). > In your opinion, what is the best file system for mail server (pop3/imap/webmail) purpose? It depends on how conservative you are. Btrfs won't cut it, because too slow and still too much experimental. ZFS on Linux is being maintained outside the kernel and eats up memory like a horde of cockroaches. So this is also for most no viable choice. This brings down either ext4 or XFS. Both file systems have a decade old code base and are quite mature. If you need the ability to shrink a file system, it's ext4. If you are on the conservative side, it's also quite ext4. If you are feeling a little bit more adventurous, it's XFS. Note that XFS had some serious bottle necks in writing to its journal which have been solved in kernel 3.3. XFS is kinda a somewhat difficult topic; some people love it and have no problems with it at all, while other people say they've seen serious problems with it. There's been for example a talk by Peer Heinlein on Linux Tag 2012, where he gave us his insights about migrating his mail user base (> 100.000 accounts on roughly 12 TB storage) away from Maildir to mdbox. He told there that he had seen at least three cases of XFS failure and therefore he considers it unreliable; he switched from ext3 to ext4. From davide.marchi at mail.cgilfe.it Thu Dec 18 09:51:06 2014 From: davide.marchi at mail.cgilfe.it (Davide) Date: Thu, 18 Dec 2014 10:51:06 +0100 Subject: Migrate dovecot maildirbetween servers Message-ID: <5492A38A.50503@mail.cgilfe.it> Hi to all, i have two servers with dovecot 2.2.15 one is actualy on production (server A) and another that i put on production soon (server B) My goal is migrate maildir from server A and server B. How can i achieve that? I read http://wiki2.dovecot.org/Migration/Dsync but i haven't understand well where to put such configuration (in which server). Thanks in advance for any help. -- *Davide Marchi Teorema Ferrara Srl** **Via Spronello, 7 - Ferrara - 44121 05327831610532783368 davide.marchi at mail.cgilfe.it davide.marchi73 Web: http://www.cgilfe.it* * CONFIDENZIALITA'* *Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario/dei destinatari. Qualora il messaggio in parola Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione.* *Per favore, pensa all'ambiente. Stampa questa email solo se necessario.* From davide.marchi at gmail.com Thu Dec 18 10:09:11 2014 From: davide.marchi at gmail.com (Davide Gmail) Date: Thu, 18 Dec 2014 11:09:11 +0100 Subject: Migrate maildir between servers dovecot Message-ID: <5492A7C7.4070101@gmail.com> Hi to all, i have two servers with dovecot 2.2.15 one is actualy on production (server A) and another that i put on production soon (server B) My goal is migrate maildir from server A and server B. How can i achieve that? I read http://wiki2.dovecot.org/Migration/Dsync but i haven't understand well where to put such configuration (in which server). Thanks in advance for any help. From skdovecot at smail.inf.fh-brs.de Thu Dec 18 10:20:49 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 18 Dec 2014 11:20:49 +0100 (CET) Subject: Migrate maildir between servers dovecot In-Reply-To: <5492A7C7.4070101@gmail.com> References: <5492A7C7.4070101@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 18 Dec 2014, Davide Gmail wrote: > Hi to all, i have two servers with dovecot 2.2.15 one is actualy on > production (server A) and another that i put on production soon (server B) > My goal is migrate maildir from server A and server B. if you can shut out all users and new deliveries between the hot phase of the migration, use rsync rsync -aHAX --delete /path/to/base/on/old/server/ \ new_server:/path/to/base/on/new/server 1) Run rsync before the hot migration to copy over most files, 2) shutdown Dovecot and mail delivery 3) run rsync another time (hot migration phase) 4) start Dovecot and mail delivery on new server 5) test migration with your own account(s) 6) enable access of all users 7) never allow users or mail delivery to the old server again steps 2) and 3) prevent "duplicate messages" you read about on this list from time to time. Step 7) ensures, that both mail storages do not de-sync later. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVJKqgXz1H7kL/d9rAQIufAf/SE2RPgZ6O2uWYuSDaBR8Z8quxSIpLzSV tDVfe8fI1EKVRtp3Qe4iODzFqP1LtApfvWQr+9pklp7EuRc2EGV0X9DN/0YbSm2K 4AKdWPB9qOmriBvdfKsEz+Avl68BqSuR5upP4n/4j5brLAwhlCTM+uEIIEHYlCoh jkAKTm9ZdxNhL4xk/hO4AAJYhmzaNMav77DiFjvPo30KhNVQ9BwCLfC1L5fHUYQA SWBN1HFYiPFRjzPNmmFQUCo5RpI+NT3xjue1mgM20I3+PR457vDfHKD1ZBV3Md+y oNZjJa/+jSEOJ7K5Tdz2BWUs/410lnK720/C8O5ATrkWTTKIKKe6UA== =OI/Q -----END PGP SIGNATURE----- From mail at marc-stuermer.de Thu Dec 18 10:18:55 2014 From: mail at marc-stuermer.de (Marc Stuermer) Date: Thu, 18 Dec 2014 11:18:55 +0100 Subject: Migrate dovecot maildirbetween servers In-Reply-To: <5492A38A.50503@mail.cgilfe.it> References: <5492A38A.50503@mail.cgilfe.it> Message-ID: <5492AA0F.5010701@marc-stuermer.de> Am 18.12.2014 um 10:51 schrieb Davide: > My goal is migrate maildir from server A and server B. > How can i achieve that? > I read http://wiki2.dovecot.org/Migration/Dsync but i haven't understand > well where to put such configuration (in which server). You could export the mail storage of B via NFS for example, mount it on A and run dsync on A then. From lista at xdrv.co.uk Thu Dec 18 10:45:13 2014 From: lista at xdrv.co.uk (James) Date: Thu, 18 Dec 2014 10:45:13 +0000 Subject: best file system ? In-Reply-To: <54929717.5020204@marc-stuermer.de> References: <2047325594.322921417451076603.JavaMail.defaultUser@defaultHost> <54929717.5020204@marc-stuermer.de> Message-ID: <5492B039.80000@xdrv.co.uk> On 18/12/2014 08:57, Marc Stuermer wrote: > ZFS on Linux is being maintained outside the kernel and eats up memory > like a horde of cockroaches. So this is also for most no viable choice. I can't speak for ZFS on Linux but the subject is "best file system?" not "best file system for Linux?". ZFS uses spare RAM but does not "eat" it. I have a system here with 64GB RAM and 48GB is being used by ZFS. It's only using RAM that is otherwise unused and if my file system were not using 48GB RAM it would be wasted. It's not taking RAM from programs and if I ask for RAM the amount used by ZFS reduces. The system has an amount of a free RAM and in timing tests I can not perceive any difference in taking RAM from the free buffer or when the amount requested is large enough to require ZFS to give some up. I also have ZFS on a 12 year old Celeron laptop with 1G RAM and it runs without any problems. That ZFS needs a lot of RAM or CPU is false. "zfs set -o compress=gzip" works wonders for mail storage. From dominik at dominikbreu.de Thu Dec 18 12:48:29 2014 From: dominik at dominikbreu.de (Dominik Breu) Date: Thu, 18 Dec 2014 13:48:29 +0100 Subject: Migrate maildir between servers dovecot In-Reply-To: <5492A7C7.4070101@gmail.com> References: <5492A7C7.4070101@gmail.com> Message-ID: <1418906909.25899.4.camel@dominikbreu.de> Hello, i put it in 90-dsync.conf in conf.d in /etc/dovecot and run doveadm with doveadm -o mail_fsync=never -v sync -1 -R -u user at localserver.com imapc: and it works just fine. Maybe you look at some post from randall he has the same problems to deal with. greetings, dominik Am Donnerstag, den 18.12.2014, 11:09 +0100 schrieb Davide Gmail: > Hi to all, i have two servers with dovecot 2.2.15 one is actualy on > production (server A) and another that i put on production soon (server B) > My goal is migrate maildir from server A and server B. > How can i achieve that? > I read http://wiki2.dovecot.org/Migration/Dsync but i haven't understand > well where to put such configuration (in which server). > Thanks in advance for any help. From lazy404 at gmail.com Fri Dec 19 07:27:46 2014 From: lazy404 at gmail.com (Lazy) Date: Fri, 19 Dec 2014 08:27:46 +0100 Subject: lmtp usernames with - Message-ID: Hello I have a problem with lmtp delivery to usernames with '-' char. Everythong after - is ignored. when delivering to test-test2 the error message is. User doesn't exist: test I suspect this is a sideefect of auth_username_format = %Lu I have tried %Ln without success. Imap works without problems for those users. How can I disable this mapping for lmtp and use verbatim username for lookup. Thanks in advance for any answers. From lazy404 at gmail.com Fri Dec 19 08:14:20 2014 From: lazy404 at gmail.com (Lazy) Date: Fri, 19 Dec 2014 09:14:20 +0100 Subject: lmtp usernames with - In-Reply-To: References: Message-ID: 2014-12-19 8:27 GMT+01:00 Lazy : > Hello > > I have a problem with lmtp delivery to usernames with '-' char. > Everythong after - is ignored. > > when delivering to test-test2 the error message is. > > User doesn't exist: test > > I suspect this is a sideefect of auth_username_format = %Lu > I have tried %Ln without success. > > Imap works without problems for those users. > > How can I disable this mapping for lmtp and use verbatim username for lookup. > > Thanks in advance for any answers. We are using lmtp proxing but the username is passed verbatim to backend by the director. the recipient was test_user-test2 on director Dec 19 09:03:36 thebe2b dovecot: lmtp(12272): Debug: auth input: user=test_user proxy=y nopassword= port=24 host=10.0.100.21 proxy_refresh=450 on backend Dec 19 09:03:36 dovecot1 dovecot: auth: Debug: master in: USER#0111#011test_user#011service=lmtp#011lip=10.0.100.21#011lport=24#011rip=10.0.100.3#011rport=40001 but in the director sends full login to lmtp backend RCPT TO: auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ so it contains the - char Michal Grzedzicki From skdovecot at smail.inf.fh-brs.de Fri Dec 19 08:22:36 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 19 Dec 2014 09:22:36 +0100 (CET) Subject: lmtp usernames with - In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 19 Dec 2014, Lazy wrote: > I have a problem with lmtp delivery to usernames with '-' char. > Everythong after - is ignored. > > when delivering to test-test2 the error message is. > > User doesn't exist: test some MTAs use '-' as delimiter for details (subaddress). http://cweiske.de/tagebuch/postfix-plus-addressing.htm Maybe you've configured Dovecot like so. > > I suspect this is a sideefect of auth_username_format = %Lu > I have tried %Ln without success. > > Imap works without problems for those users. > > How can I disable this mapping for lmtp and use verbatim username for lookup. > > Thanks in advance for any answers. > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVJPgTHz1H7kL/d9rAQL65wf+LPYJn/Hw6Zt64pR5u/Nyq0QYFWa0wBkf f59Cb/6nX0AFqVeYTiCtCmmSialzaRfEJL9QDwE+lyhD8SWtWET3xOPCBrG8d1PX n1NQ0t2yJXOnMZaONCqakj4q+gjR7e0wpxPUySQWIE6Jmdz75fI0CWFUTJdrVMsv Ag0toWsF8C82uuoVx/3PsLNkVoxaYcKtVdRV8leCkGF1JWpbLE200Dck0tNm7BSx y1QCAz5dzUt1pKUoIbmnGs3jmCkfPq7mCvNok6KzYuwP2e2yAUD+45OindxZNNz0 bGBpGw7I8uXleJuYi1od3W5Qxb2rwyX3m9u3jsJym5PrBo0YdZza9A== =+uh2 -----END PGP SIGNATURE----- From lazy404 at gmail.com Fri Dec 19 08:45:19 2014 From: lazy404 at gmail.com (Lazy) Date: Fri, 19 Dec 2014 09:45:19 +0100 Subject: lmtp usernames with - In-Reply-To: References: Message-ID: 2014-12-19 9:22 GMT+01:00 Steffen Kaiser : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 19 Dec 2014, Lazy wrote: > >> I have a problem with lmtp delivery to usernames with '-' char. >> Everythong after - is ignored. thank You his was it From tobster at brain-force.ch Fri Dec 19 16:17:58 2014 From: tobster at brain-force.ch (Tobi) Date: Fri, 19 Dec 2014 17:17:58 +0100 Subject: error: iostream-ssl.h: No such file or directory Message-ID: <54944FB6.2010102@brain-force.ch> Hi list I'm trying to build dovecot 2.2.15 from source on a debian wheezy (64bit). As I wanted to get starttls support for dovecot's lmtp I got the patched files from here: http://hg.dovecot.org/dovecot-2.2/rev/297192cfbd37 My ./configure ./configure --prefix=/usr/local/dovecot-test --with-solr --with-mysql --with-sql --without-shadow --without-pam configure seems to run fine but the following make ends up in client.c:17:26: fatal error: iostream-ssl.h: No such file or directory compilation terminated. make[3]: *** [client.o] Error 1 make[3]: Leaving directory `/usr/local/src/dovecot-2.2.15/src/lmtp' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/usr/local/src/dovecot-2.2.15/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/src/dovecot-2.2.15' make: *** [all] Error 2 Any ideas what I'm missing? libssl-dev is installed via apt Thanks for any idea Cheers tobi From bytesplit at gmail.com Fri Dec 19 16:19:45 2014 From: bytesplit at gmail.com (Philon) Date: Fri, 19 Dec 2014 17:19:45 +0100 Subject: zlib, mdbox and spam filtering scripts Message-ID: <7C8938F2-CB74-4FE4-8BF1-06498EF369EA@googlemail.com> Hi all, I am quite happily running a dovecot setup with maildirs. This was once running courier but since the migration I have never ever looked back. Now, with growing userbase I?m looking into using zlib compression and mdbox instead of maildir. This seems to go quite well using dsync on a testbed server. So let?s go production! Before final decision I came across this: - I?m using a spam learning address, where users forward their mails to train SpamAssassin. - there is a cron script on the server, mime-stripping the attachments and feeding them into SA - works quite well even for the still numerous POP users So well? compression ok, I could add a gunzip into the script and go from there. But mdbox seems only accessible via dovecot. I don?t think that accessing via IMAP makes sense for a local script. So I would block myself out when using mdbox. How are your spam/ham training routines? How do you feed SA? thank you! Philon From sven at svenhartge.de Fri Dec 19 17:57:27 2014 From: sven at svenhartge.de (Sven Hartge) Date: Fri, 19 Dec 2014 18:57:27 +0100 Subject: zlib, mdbox and spam filtering scripts References: <7C8938F2-CB74-4FE4-8BF1-06498EF369EA@googlemail.com> Message-ID: <0b84dmt5mov8@mids.svenhartge.de> Philon wrote: > How are your spam/ham training routines? How do you feed SA? You have to use "doveadm fetch" to retrieve messages to feed into Spamassassin. Gr??e, Sven. -- Sigmentation fault. Core dumped. From delrio at mie.utoronto.ca Fri Dec 19 19:34:56 2014 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Fri, 19 Dec 2014 14:34:56 -0500 Subject: zlib, mdbox and spam filtering scripts In-Reply-To: <7C8938F2-CB74-4FE4-8BF1-06498EF369EA@googlemail.com> References: <7C8938F2-CB74-4FE4-8BF1-06498EF369EA@googlemail.com> Message-ID: <54947DE0.4040206@mie.utoronto.ca> On 12/19/14 11:19 AM, Philon wrote: > Before final decision I came across this: > - I?m using a spam learning address, where users forward their mails to train SpamAssassin. > - there is a cron script on the server, mime-stripping the attachments and feeding them into SA > - works quite well even for the still numerous POP users > > So well? compression ok, I could add a gunzip into the script and go from there. But mdbox seems only accessible via dovecot. I don?t think that accessing via IMAP makes sense for a local script. So I would block myself out when using mdbox. > > How are your spam/ham training routines? How do you feed SA? Let the MTA feed SA. http://gtmp.org/doku.php?id=publications:sa-postfix-en From herbert at oslo.ath.cx Sat Dec 20 00:38:40 2014 From: herbert at oslo.ath.cx (Herbert J. Skuhra) Date: Sat, 20 Dec 2014 01:38:40 +0100 Subject: error: iostream-ssl.h: No such file or directory In-Reply-To: <54944FB6.2010102@brain-force.ch> References: <54944FB6.2010102@brain-force.ch> Message-ID: <20141220003840.GA44481@oslo.ath.cx> On Fri, Dec 19, 2014 at 05:17:58PM +0100, Tobi wrote: > Hi list > > I'm trying to build dovecot 2.2.15 from source on a debian wheezy > (64bit). As I wanted to get starttls support for dovecot's lmtp I got > the patched files from here: > http://hg.dovecot.org/dovecot-2.2/rev/297192cfbd37 > > My ./configure > > ./configure --prefix=/usr/local/dovecot-test --with-solr --with-mysql > --with-sql --without-shadow --without-pam > > configure seems to run fine but the following make ends up in > > client.c:17:26: fatal error: iostream-ssl.h: No such file or directory > compilation terminated. > make[3]: *** [client.o] Error 1 > make[3]: Leaving directory `/usr/local/src/dovecot-2.2.15/src/lmtp' > make[2]: *** [all-recursive] Error 1 > make[2]: Leaving directory `/usr/local/src/dovecot-2.2.15/src' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/usr/local/src/dovecot-2.2.15' > make: *** [all] Error 2 > > Any ideas what I'm missing? libssl-dev is installed via apt AM_CPPFLAGS in src/lmtp/Makefile.in does not include -I$(top_srcdir)/src/lib-ssl-iostream. Try: % rm src/lmtp/Makefile.in % automake % ./configure % make or the below patch: --- src/lmtp/Makefile.in.orig 2014-12-20 01:34:24.954195978 +0100 +++ src/lmtp/Makefile.in 2014-12-20 01:36:26.757153501 +0100 @@ -356,6 +356,7 @@ -I$(top_srcdir)/src/lib-index \ -I$(top_srcdir)/src/lib-master \ -I$(top_srcdir)/src/lib-lda \ + -I$(top_srcdir)/src/lib-ssl-iostream \ -I$(top_srcdir)/src/lib-storage \ -I$(top_srcdir)/src/lib-storage/index \ -I$(top_srcdir)/src/lib-storage/index/raw -- Herbert From teemu.huovila at dovecot.fi Mon Dec 22 07:34:25 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Mon, 22 Dec 2014 09:34:25 +0200 Subject: error: iostream-ssl.h: No such file or directory In-Reply-To: <54944FB6.2010102@brain-force.ch> References: <54944FB6.2010102@brain-force.ch> Message-ID: <5497C981.4010304@dovecot.fi> On 12/19/2014 06:17 PM, Tobi wrote: > Hi list > > I'm trying to build dovecot 2.2.15 from source on a debian wheezy (64bit). As I wanted to get starttls support for dovecot's > lmtp I got the patched files from here: http://hg.dovecot.org/dovecot-2.2/rev/297192cfbd37 Please note that is not the complete lmtp starttls implementation. There have been fixes, at least in: http://hg.dovecot.org/dovecot-2.2/rev/1d811ffd1832 and http://hg.dovecot.org/dovecot-2.2/rev/ef8b7e44e96c perhaps you should try the hg tip. The current enterprise version also has the lmtp starttls support, including fixes. br, Teemu Huovila From laeeth at laeeth.com Mon Dec 22 09:11:00 2014 From: laeeth at laeeth.com (Laeeth Isharc) Date: Mon, 22 Dec 2014 01:11:00 -0800 (PST) Subject: Dovecot FTS using ElasticSearch In-Reply-To: <3995313.2035.1372306451028.JavaMail.root@timgws.com.au> References: <3995313.2035.1372306451028.JavaMail.root@timgws.com.au> Message-ID: <1419239460536-51028.post@n4.nabble.com> Tim Groeneveld wrote > ----- Original Message ----- >> I would like to know if is possible to use ElasticSearch instead of >> Solr for FTS. > > I have started work on an ElasticSearch implementation based on fts-solr. > > There is still around 20-30 hours more work for me to do until it is > complete > (and I need to hunt down the reason for a random crash that happens every > now and then) but I would be more then happy to share the code with you > when I am done if you are interested? > > Regards, > Tim Hi Tim. I wonder if you would mind sharing the code (in whatever state it is in)? If so, I would like to try to pick things up, as this would be very useful for us. Solr has its virtues, but I would much rather move everything to elasticsearch. [If you do see this message and reply, would be great if you could cc my email as I only occasionally have time to catch up with the full mailing list]. Very much appreciate it if you are able to help. (Or if anyone else has done the same thing...) Thanks. Laeeth. -- View this message in context: http://dovecot.2317879.n4.nabble.com/Dovecot-FTS-using-ElasticSearch-tp43012p51028.html Sent from the Dovecot mailing list archive at Nabble.com. From guenhael.le-moing at capgemini.com Mon Dec 22 18:06:22 2014 From: guenhael.le-moing at capgemini.com (=?iso-8859-1?Q?Le_Moing=2C_Guenha=EBl?=) Date: Mon, 22 Dec 2014 18:06:22 +0000 Subject: Configuring LMTP/IMAP proxy Message-ID: <00BAC74D51F021489DFAFB3DE7E555E909B706DC@de-cm-mbx21> Hi, First, my version: [root at centos1 conf.d]# dovecot --version 2.2.15 [root at centos1 conf.d]# I have already configured dovecot that way (on one single VM, so everythinh is stored on the same machine) - A post fix server sending out to LMTP - LMTP is the dovecot LMTP server, configured with "lmtp-proxy= no", - LMTP checks the users receiving messages by using Linux passwd file "userdb" section in auth-passwdfile.conf.ext, - IMAP LOGINS are authenticated using DIGEST-MD5 also configured in auth-passwdfile.conf.ext : - # Authentication for passwd-file users. Included from 10-auth.conf. # # passwd-like file with specified location. # passdb { driver = passwd-file args = scheme=DIGEST-MD5 username_format=%n /etc/dovecot/users.DIGEST-MD5 #args = scheme=CRAM-MD5 username_format=%n /etc/dovecot/users.CRAM-MD5 } userdb { driver = passwd # Default fields that can be overridden by passwd-file #default_fields = quota_rule=*:storage=1G default_fields = uid=root gid=root home=/home/%n # Override fields from passwd-file #override_fields = home=/home/virtual/%u } This works fine, I can send messages through SMTP, and read them using IMAP access. But now, I woukd like to have amore structured architecture with : - A LMTP server configured as PROXY : has to identify the user, and proxy the request to the backen LMTP server (where its mailbox will stand) - On backend, I also have to start another LMTP serevr, but not configured in proxy mode of course, - Same for IMAP : IMAP proxy first checking LOGIN credentials, and then forwarding to IMAP server running on backend. As a first step, I would like to continue using my files to authenticate uses (so passwd file , and users.DIGEST-MD5), but final goal will be using a MySQL DB. So my main question are : 1) I just made a test and changed "lmtp_proxy" to "yes" in my 20_lmtp.cong file, but, strangely, this did not cah nge anything ! The LMTP process still receives mails and stores them on the local host , 2) Are there any documentation describing this process in details ? I only found some pieces on wiki pages, but not enough unfortunately ... 3) Are there some configuratiion files ready to use for my configuration. Thanks in advance. Cordialement. Guenha?l. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. From bytesplit at gmail.com Mon Dec 22 22:24:21 2014 From: bytesplit at gmail.com (Philon) Date: Mon, 22 Dec 2014 23:24:21 +0100 Subject: zlib, mdbox and spam filtering scripts In-Reply-To: <54947DE0.4040206@mie.utoronto.ca> References: <7C8938F2-CB74-4FE4-8BF1-06498EF369EA@googlemail.com> <54947DE0.4040206@mie.utoronto.ca> Message-ID: > Let the MTA feed SA. > http://gtmp.org/doku.php?id=publications:sa-postfix-en Hi Oscar, Hi dovecot-list, I read through the docs, quite interesting read. But I?m wondering, mails are in this case only kept temporary? So re-reading spam and ham is not possible?!? It seems useful still, as it?s direct and not run via a daily cron script. I also looked into Sven?s advice (Danke!) about doveadm fetch. I just came across this script here: https://git.mnt-tech.fr/admintools.git/raw/master/blacklist.sh. It does much more than just fetch, but for me it was a good reference for retrival of mails using doveadm. So thanks for the hints and merry X-mas! Philon From sven at svenhartge.de Mon Dec 22 22:45:20 2014 From: sven at svenhartge.de (Sven Hartge) Date: Mon, 22 Dec 2014 23:45:20 +0100 Subject: zlib, mdbox and spam filtering scripts References: <7C8938F2-CB74-4FE4-8BF1-06498EF369EA@googlemail.com> <54947DE0.4040206@mie.utoronto.ca> Message-ID: <5b8crdf5mov8@mids.svenhartge.de> Philon wrote: > I also looked into Sven?s advice (Danke!) about doveadm fetch. I just > came across this script here: > https://git.mnt-tech.fr/admintools.git/raw/master/blacklist.sh. It > does much more than just fetch, but for me it was a good reference for > retrival of mails using doveadm. My code for my personal "salearn" script looks like this: ,---- | #!/bin/bash | | tempdir=`mktemp -d` | | doveadm search mailbox SPAM | while read guid uid; | do | tempfile=`mktemp --tmpdir=$tempdir` | echo -n "$uid " | doveadm fetch text mailbox-guid $guid uid $uid | tail -n +2 | head -n -1 > $tempfile | done | echo | | sa-learn --spam --no-sync --progress $tempdir | sa-learn --sync | | rm -r $tempdir `---- Some notes: - The dance with "| tail -n +2 | head -n -1" is to remove the leading "text:" line and the ^L (page feed) at the end doveadm inserts. (I really would like to have an option to fetch the raw source of the mail without doveadm adding, removing or reformatting anything.) - I don't use "-u '*'" here since this script runs as my user only directly on the server where the mails are stored. If you want to learn mails from multiple users you will of course need to iterate over all of them, just as the example script from mnt-tech.fr does. Gr??e, Sven. -- Sigmentation fault. Core dumped. From manuel.delgado at ucr.ac.cr Tue Dec 23 04:02:36 2014 From: manuel.delgado at ucr.ac.cr (Manuel Delgado) Date: Mon, 22 Dec 2014 22:02:36 -0600 Subject: Configuring LMTP/IMAP proxy In-Reply-To: <00BAC74D51F021489DFAFB3DE7E555E909B706DC@de-cm-mbx21> References: <00BAC74D51F021489DFAFB3DE7E555E909B706DC@de-cm-mbx21> Message-ID: On Mon, Dec 22, 2014 at 12:06 PM, Le Moing, Guenha?l < guenhael.le-moing at capgemini.com> wrote: > > So my main question are : > > > 1) I just made a test and changed "lmtp_proxy" to "yes" in my > 20_lmtp.cong file, but, strangely, this did not cah nge anything ! The LMTP > process still receives mails and stores them on the local host , > > 2) Are there any documentation describing this process in details ? I > only found some pieces on wiki pages, but not enough unfortunately ... > > 3) Are there some configuratiion files ready to use for my > configuration. > > Thanks in advance. > > Cordialement. > > Guenha?l. > This message contains information that may be privileged or confidential > and is the property of the Capgemini Group. It is intended only for the > person to whom it is addressed. If you are not the intended recipient, you > are not authorized to read, print, retain, copy, disseminate, distribute, > or use this message or any part thereof. If you receive this message in > error, please notify the sender immediately and delete all copies of this > message. > Hi Guenha?l I was working in a project with 2 "front-end" servers (POP3/IMAP/LMTP proxy) and 2 "back-end" servers (Mailbox). I configured Director[1] in the proxies to reduce conflicts and master-password[2]. My proxies don't have userdb nor location because they do not store emails, those configs are in the back-end. My backend is an "standalone" Dovecot but with master-password allowed in trusted networks as described in the wiki[2][3]. Also, I configured PoolMon[4] in all proxies and added Debian/Ubuntu scripts[5]. [... I removed some configs for short...] ------------ PROXY doveconf -------------- [...] director_mail_servers = 10.0.0.74 10.0.0.75 director_servers = 10.0.0.72 10.0.0.73 doveadm_port = 24245 lmtp_proxy = yes passdb { driver = pam override_fields = proxy=y ssl=any-cert master=proxy at alpha.mydomain.com pass= } service director { fifo_listener login/proxy-notify { mode = 0600 user = $default_login_user } inet_listener { port = 9090 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service doveadm { inet_listener { port = 24245 } } service imap-login { executable = imap-login director [...] } service ipc { unix_listener ipc { user = dovecot } } service lmtp { executable = lmtp -L [...] } service pop3-login { executable = pop3-login director [...] } protocol lmtp { auth_socket_path = director-userdb [...] } protocol doveadm { auth_socket_path = director-userdb } local 10.0.0.0/24/24 { doveadm_password = doveadm_port = 24245 } ----------------- END -------------------------------------- Not sure if this will work for you but maybe it helps you to get an idea. Regards, Manuel Delgado ----------------------------------------------------------- *Usuario Linux* *#520940 * Bach. Computaci?n e Inform?tica Universidad de Costa Rica [1] http://wiki2.dovecot.org/Director [2] http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy [3] http://wiki2.dovecot.org/Authentication/MasterUsers [4] http://www.dovecot.org/list/dovecot/2010-August/051946.html [5] https://github.com/valarauco/poolmon From anon_user at openmailbox.org Tue Dec 23 21:51:19 2014 From: anon_user at openmailbox.org (anon_user at openmailbox.org) Date: Tue, 23 Dec 2014 22:51:19 +0100 Subject: Curious dovecot behavior with =?UTF-8?Q?service=5Fcount=20=3D=20?= =?UTF-8?Q?=30?= Message-ID: Hello, I'm not experiencing this problem at all with service_count = 1 With service_count = 0, this is what I got randomly in my logs: TLS: SSL_read() syscall failed: Connection reset by peer To be successfully logged, the user have to initiate a new connection. I primary thought about vsz_limit but I've put this value to 10GB (yes this is very overkill, that was just for the test) and that don't change anything. I use the lastest version of dovecot. Any ideas ? Thanks. From lazy404 at gmail.com Thu Dec 25 03:10:51 2014 From: lazy404 at gmail.com (Lazy) Date: Thu, 25 Dec 2014 04:10:51 +0100 Subject: director + lmtp + ldap user Message-ID: Hi, recently I have migrated our prevoius dovecot-lda to 2.2 with director + lmtp. And we are having some issues. When lmtp delivers to ldap uid names everything works except sieve vacation (login is not found in headers so reply is not sent). When using full email addresses in rcpt to vacation works but usernames are inconsistent (one user can login using his email address, or aliases, or uid). To fix that in ldap settings a have added uid=user which should be setting the username to approperate values. Most of the times it works but some deliveries are using email addresses not ldap uid's which seems to break dict quota's. It's must be related to auth cache (flushing the cache fixes the issue temporarly for given account). I think that the cache can be "polluted" by some other dovecot service. Does anyone have an idea where this can be comming from ? doveadm auth lookup -f user mon at test.com returns expected ldap uid no email address Thanks in advance for any help. Michal Grzedzicki from dovecot-ldap.conf.ext from backends user_attrs = uid=user, mailMessageStore=home, mailQuotaSize=quota_rule=*:bytes=%$ user_filter = (&(&(!(accountStatus=deleted))(objectClass=qMailUser))(|(mail=%u)(uid=%u)(mailAlternateAddress=%u))) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=qMailUser)(|(mail=%u)(uid=%u)(mailAlternateAddress=%u))) iterate_attrs = uid=user iterate_filter = (&(&(objectClass=qmailUser)(!(accountStatus=deleted)))) director is doing the authorization and passing it to the backend using a master user protocol lmtp { passdb { args = proxy=y nopassword=y port=24 } } backend doveconf -n # 2.2.15: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.7 auth_cache_negative_ttl = 5 mins auth_cache_size = 10 M auth_cache_ttl = 5 mins auth_debug = yes auth_master_user_separator = * auth_mechanisms = plain login auth_username_format = %u auth_verbose = yes base_dir = /var/run/dovecot/ deliver_log_format = msgid=%m f:%f s:%s %$ disable_plaintext_auth = no first_valid_gid = 300 first_valid_uid = 300 import_environment = TZ last_valid_gid = 300 last_valid_uid = 300 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = Delivered-To login_greeting = Imap ready. mail_debug = yes mail_gid = 300 mail_location = maildir:~/Maildir:INDEX=/var/dovecot_indexes%h mail_plugins = quota expire notify mail_log mail_uid = 300 maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox SPAM { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { expire = SPAM expire_dict = redis:host=127.0.0.1:prefix=expire/ mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid from subject size quota = dict:User quota::redis:host=127.0.0.1:prefix=user/ quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve_global_dir = /etc/sieve_global sieve_max_redirects = 20 } postmaster_address = postmaster at iq.pl protocols = imap pop3 lmtp sieve recipient_delimiter = service auth { unix_listener auth-userdb { mode = 0777 } } service dict { unix_listener dict { group = vmail user = vmail } } service doveadm { inet_listener { port = 2424 } } service imap-login { process_min_avail = 8 service_count = 0 } service imap { process_limit = 14000 } service lmtp { inet_listener lmtp { address = dovecot1 port = 24 } process_min_avail = 5 user = vmail } service managesieve-login { inet_listener sieve { address = 0.0.0.0 port = 4090 } protocol = sieve } service pop3-login { process_min_avail = 8 service_count = 0 } service pop3 { process_limit = 10000 } service quota-warning { executable = script /usr/local/bin/quota_warning.sh unix_listener quota-warning { user = vmail } user = vmail } ssl = no syslog_facility = local2 userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } verbose_proctitle = yes protocol lmtp { auth_username_format = %u info_log_path = /var/log/dovecot-lmtp mail_plugins = quota expire notify mail_log sieve syslog_facility = local3 } protocol lda { mail_plugins = quota expire notify mail_log sieve syslog_facility = local3 } protocol imap { mail_max_userip_connections = 30 mail_plugins = quota expire notify mail_log imap_quota } From reikred at gmail.com Sat Dec 20 05:55:51 2014 From: reikred at gmail.com (reik red) Date: Fri, 19 Dec 2014 21:55:51 -0800 Subject: doveadm pw generates different hash each time it is invoked !? Message-ID: <54950F67.2050502@gmail.com> I am absolutely dumbfounded by "doveadm pw". My understanding is that the command should be used to create a hashed password that should in turn be placed into /etc/dovecot/passwd Here comes the "dumbfounded" part. I was creating a new virtual user, running doveadm pw to generate the hashed password. But when I tried to login via imap, the password was rejected. So I started checking that I had populated /etc/dovecot/passwd with the correct values, and in the process I ran "doveadm pw" again to make certain I had not accidentally pasted the wrong value along with a username. (I'm re-submittting after setting up a subscription, so I don't have to wait for the moderator) , What happened next surprised me greatly: if I specify "-s ssha", the resulting hashed password changes each time I invoke "doveadm pw", but if I do not specify the hashing method, I get the same password each time (as I expect). What on earth is going on here? There must be something fundamental that I am missing. ============================================== Illustrative example: machine(user) 6136 > doveadm pw -u joebob Enter new password: Retype new password: {CRAM-MD5}00747cf2ffaf11c5ea4a64979c3901fc1d20dee13f480bb598f7d8575b23e61b machine(user) 6137 > doveadm pw -u joebob Enter new password: Retype new password: {CRAM-MD5}00747cf2ffaf11c5ea4a64979c3901fc1d20dee13f480bb598f7d8575b23e61b #SAME, as expected machine(user) > doveadm pw -u glorg Enter new password: Retype new password: {CRAM-MD5}00747cf2ffaf11c5ea4a64979c3901fc1d20dee13f480bb598f7d8575b23e61b #another surprising behavior: The (virtual) username specified does not affect the hash!!! machine(user) 6138 > doveadm pw -u joebob -s ssha Enter new password: Retype new password: {SSHA}AtjINkQra967qIhU6khRED4U1x3aKwDi machine(user) 6139 > doveadm pw -u joebob -s ssha Enter new password: Retype new password: {SSHA}fZiFlHPKDn6ESM/gnUIcjJ14hRlH10DV # DIFFERENT, very unexpected ============================================== I'm on fedora 19, using dovecot.x86_64 version 1:2.2.15-1.fc19 per yum. From wayne.andersen at clima-tech.com Tue Dec 16 17:09:07 2014 From: wayne.andersen at clima-tech.com (Wayne Andersen) Date: Tue, 16 Dec 2014 10:09:07 -0700 Subject: Problem with TLS and Outlook 2010 In-Reply-To: References: <003001d01597$1a1345a0$4e39d0e0$@clima-tech.com> Message-ID: <006801d01953$00693820$013ba860$@clima-tech.com> Thank you, see my answers below. > -----Original Message----- > From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] > Sent: Tuesday, December 16, 2014 12:30 AM > To: Wayne Andersen > Cc: dovecot at dovecot.org > Subject: Re: Problem with TLS and Outlook 2010 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 11 Dec 2014, Wayne Andersen wrote: > > > Log onto incoming mail server (IMAP): A secure connection to the > > server cannot be established. > > > > I have set the port to 143,993,995 none of them work, and the security > > to TLS. > > 993 is IMAP-over-SSL, which is probably not named "TLS", but "SSL" in > Outlook. > Usually "TLS" means to use STARTTLS. > See: http://www.cs.umd.edu/faq/mailclient/outlook.html > But there are a lot of different Outlook versions and different names for > settings. > My preference is STARTTLS, which I assumed I would get by selecting port 143 and TLS. > > IMAP: 14:48:40 [db] srv_name = "mail.mydomain.com" srv_addr = > > 174.46.198.101:143 > > is this IP correct? > Yes, it is correct. > > IMAP: 14:48:40 [rx] * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS IDLE > > AUTH=PLAIN AUTH=LOGIN] Dovecot ready. ?----- not seeing the > STARTTLS > > capability here. > > Do you have a local Firewall or a Cisco-Router between this client and the > server? Some firewalls filter out STARTTLS in order to scan the transferred > content. > No, all of these machines are on a local subnet. > > C:\OpenSSL-Win64\bin>openssl.exe s_client -connect > > mail.mydomain.com:993 > > > > verify error:num=20:unable to get local issuer certificate ?--- Yes I > > see this and it may be an issue, but this certificate exist and is valid. > > openssl does not guess certificates, you need to specify them on command > line. > I am not sure I understand this. Dovecot has the certificate chain, which it should send to the client if I understand correctly. There may be an issue with the format of the certificate chain file, but if there is I don?t know how to fix it. > > --- > > From a linux client I get : > > > > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID > ENABLE > > IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. > > > > I do see STARTTLS here. > > does this client run in the same network as the windows client? > Yes, same local subnet, in fact the Linux client is a virtual machine running on the same machine as the windows client. > - -- > Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBVI/fZHz1H7kL/d9rAQJivAgAiatTp5CXbTEwKMN5HTHvN9B4BB3sIN > 99 > P8adumkEAZ5AZVIRSfmWvhGf77jsyC5/Rxc/R2OuqY+hLUkyU0svu6OqhNME > gXrR > hA9PFUp3MXj4FBzxkFMOC/RKdzyClNuPEAAwUU/IvZugRhF95C9+5fa66rKIXg > Dl > /s5eKhcml9M1Zx4qK0336XmV6W0VXXiOJM1YBSwUt/yq0NseUuyDE6+FS50z > +5kL > lIk7BRf3p/pJC8hUBJmtVu67S0ZSUD6i9kYbuKvpd7bAfWDOMtXDZTRl8VoEVJ > Wg > QXz7fF1FPy7KqEo67gthkMwwTeXeN6tHm0cpgu53FnXZEVSKR+nuuQ== > =VHS1 > -----END PGP SIGNATURE----- From litt at acm.org Thu Dec 18 12:23:31 2014 From: litt at acm.org (Timothe Litt) Date: Thu, 18 Dec 2014 07:23:31 -0500 Subject: Crashes with tracebacks Message-ID: <5492C743.6040406@acm.org> Crashes, redux. I hope I have provided all the information required for a solution. Many thanks in advance for having a look. I have 71 core files for a user, that all happened in the space of about 6 hours. It appears that mail delivered to 'Junk E-mail' is being accessed. I suspect they're all the same issue. I saw the same syslog entry a while back; did a resync & enabled process dumps. Naturally, it went away -- until this cluster of crashes. File system is ext3. It is NFS mounted by other machines, but only the local machine should be touching the mail directories. The user does not have an interactive login - it's an e-mail only account. This user's IMAP client is AppleMail. The delivery agent is procmail; Junk is detected by spamassassin; clamav is also present. pop3 is configured, but I don't think anyone uses it. Typical syslog (time matches core.20063): Dec 17 18:06:22 overkill dovecot: imap(): Error: Next message unexpectedly corrupted in mbox file /home//mail/Junk E-mail at 1021601 Dec 17 18:06:22 overkill dovecot: imap(): Panic: file mbox-sync.c: line 152 (mbox_sync_read_next_mail): assertion failed: (sync_ctx->input->v_offset != mail_ctx->mail.from_offset || sync_ctx->input->eof) Dec 17 18:06:22 overkill dovecot: imap(): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0 [0x274ecf] -> /usr/local/lib/dovecot/libdovecot.so.0 [0x274f4d] -> /usr/local/lib/dovecot/libdovecot.so.0 [0x27446b] -> /usr/local/lib/dovecot/libdovecot-storage.so.0 [0x16633e] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mbox_sync+0x6b6) [0x168146] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mbox_storage_sync_init+0x81) [0x169391] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x40) [0x186270] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x3d) [0x18715d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x74) [0x1b6c44] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x5f) [0x1895bf] -> dovecot/imap(imap_status_get+0x7a) [0x806396a] -> dovecot/imap(cmd_status+0x128) [0x80588a8] -> dovecot/imap(command_exec+0x33) [0x805c8e3] -> dovecot/imap [0x805b63f] -> dovecot/imap [0x805b6c3] -> dovecot/imap(client_handl Dec 17 18:06:22 overkill dovecot: imap(): Fatal: master: service(imap): child 20063 killed with signal 6 (core dumped) Tracebacks in attached archive were generated with: > cd ~; for C in core.*; do gdb /usr/local/libexec/dovecot/imap $C > -x gdb -q ; mv gdb.log gdb.$C.log; done where 'gdb' is: > set pagination off > set logging overwrite > set logging file gdb.log > set logging on > bt full > q Note that there are unprintable characters in the log files (binary arguments). I have saved, but not attached the mail file & it's .lock file before doing a doveadm force-resync -u 'Junk E-mail'. Let me know if you require a copy to debug this. I have also saved the core files. Here is the dovecot config (I have replaced the domain with example.net). dovecot -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.22.14-72.fc6 i686 Fedora Core release 6 (Zod) first_valid_gid = 4000 first_valid_uid = 4000 hostname = smtp.example.net login_greeting = Dovecot ready. Unauthorized access is prohibited. mail_access_groups = mail mail_location = mbox:~/mail:INBOX=/var/mail/%n mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox "Train As Forgotten" { auto = subscribe } mailbox "Train As Ham" { auto = subscribe } mailbox "Train As Spam" { auto = subscribe } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / } passdb { driver = pam } service imap-login { inet_listener imap { address = imap.v4.example.net imap.v6.example.net port = 143 } inet_listener imaps { address = imap.v4.example.net imap.v6.example.net port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { address = pop.v4.example.net pop.v6.example.net port = 110 } inet_listener pop3s { address = pop.v4.example.net pop.v6.example.net port = 995 ssl = yes } } ssl_ca = -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4942 bytes Desc: S/MIME Cryptographic Signature URL: From lobbin at gmail.com Thu Dec 18 16:56:37 2014 From: lobbin at gmail.com (Robin Helgelin) Date: Thu, 18 Dec 2014 17:56:37 +0100 Subject: Awfully slow dovecot Message-ID: Hi, We?re using dovecot 1.0.7, which seems to be the latest version available on CentOS 5. Downloading emails are dead slow. Really small emails goes quickly, but normal emails and emails with attachments are so slow to download it?s almost ridiculous. I?ve googled some and found that it could be related to quota, but I disabled the quota plugins on imap with no difference. dovecot -n: # 1.0.7: /etc/dovecot.conf ssl_cert_file: /etc/dovecot/cert.pem ssl_key_file: /etc/dovecot/key.pem disable_plaintext_auth: yes verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login valid_chroot_dirs: /var/mail/domains verbose_proctitle: yes last_valid_uid: 500 mail_location: maildir:/var/mail/domains/%d/%n/mail mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugins(default): mail_plugins(imap): mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 384 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: mail plugin: convert_mail: maildir:/var/mail/domains/%d/%u/mail dovecot-ldap.conf: auth_bind = yes hosts = example.com ldap_version = 3 base = o=hosting,dc=example,dc=com dn = cn=phamm,o=hosting,dc=example,dc=com dnpass = password pass_attrs = mail pass_filter = (&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=%u)) user_attrs = mail,,,mail,,,quota=quota=maildir:storage user_filter = (&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=%u)) deref = never scope = subtree default_pass_scheme = MD5 user_global_uid = 500 user_global_gid = 12 From von at vdrandom.org Wed Dec 24 12:21:15 2014 From: von at vdrandom.org (Von Random) Date: Wed, 24 Dec 2014 15:21:15 +0300 Subject: Maildir permissions on creation? Message-ID: <2333451419423675@web25m.yandex.ru> Hello. In my configuration dovecot reads home from mysql and uses no variables within it. It uses Maildir++ storage with virtual users. I also happen to use LMTP. I want to use a backup solution that does not involve running itself as root. Neither do I want to run it as dovecot's mail user. And there lies the problem: dovecot creates maildirs with 0700 and files within them inherit that set of permissions. And there seems to be no sane way to control it. I think I've figured out what to patch in order to change that default, but if possible, I'd like to avoid doing that. tl;dr: is it possible to change the default set of permissions for new maildirs created by dovecot? From tss at iki.fi Thu Dec 25 17:16:03 2014 From: tss at iki.fi (Timo Sirainen) Date: Thu, 25 Dec 2014 12:16:03 -0500 Subject: Dovecot-ee In-Reply-To: <20141217224953.GA50450@aura.veggiechinese.net> References: <544126B8.9050700@mail.cgilfe.it> <20141217224953.GA50450@aura.veggiechinese.net> Message-ID: > On 17 Dec 2014, at 17:49, Will Yardley wrote: > > On Fri, Oct 17, 2014 at 12:08:38PM -0700, Timo Sirainen wrote: >> On 17 Oct 2014, at 07:24, Davide wrote: > >>> Hi to all, i found that dovecot-ee repository access is free 0,00 $ >>> cost; i'm running dovecot community 2.2.13 can i migrate my system >>> to dovecot-ee? What are difference between Dovecot-ee and >>> Dovecot-community? >> >> It's the same, except somewhat more stable with latest important >> bugfixes. > > Sorry to respond so late, but just to confirm, assuming one can get repo > access without paying (I could), there are no licensing issues to using > Dovecot EE in production (without any of the proprietary modules)? > > I tried contacting the sales address, but didn't hear back. No issues. From rs at sys4.de Thu Dec 25 18:49:08 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 25 Dec 2014 19:49:08 +0100 Subject: Awfully slow dovecot In-Reply-To: References: Message-ID: <549C5C24.8000001@sys4.de> Am 18.12.2014 um 17:56 schrieb Robin Helgelin: > We?re using dovecot 1.0.7 that version is total out of date , update to recent version Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From me at junc.eu Thu Dec 25 20:07:43 2014 From: me at junc.eu (Benny Pedersen) Date: Thu, 25 Dec 2014 21:07:43 +0100 Subject: Awfully slow dovecot In-Reply-To: References: Message-ID: <56353d58c5dda0cc2a62c65a8085b760@junc.eu> Robin Helgelin skrev den 2014-12-18 17:56: > We?re using dovecot 1.0.7, which seems to be the latest version > available on CentOS 5. update to centos 7 if dovecot still not working, report again From me at junc.eu Thu Dec 25 20:09:58 2014 From: me at junc.eu (Benny Pedersen) Date: Thu, 25 Dec 2014 21:09:58 +0100 Subject: Awfully slow dovecot In-Reply-To: <549C5C24.8000001@sys4.de> References: <549C5C24.8000001@sys4.de> Message-ID: <91a8c0ac235d87919cc1f2ab9ff04a25@junc.eu> Robert Schetterer skrev den 2014-12-25 19:49: > Am 18.12.2014 um 17:56 schrieb Robin Helgelin: >> We?re using dovecot 1.0.7 > that version is total out of date , update to recent version centos is a precompiled problem :=) sorry could not resists From h.reindl at thelounge.net Thu Dec 25 20:15:41 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 25 Dec 2014 21:15:41 +0100 Subject: Awfully slow dovecot In-Reply-To: <91a8c0ac235d87919cc1f2ab9ff04a25@junc.eu> References: <549C5C24.8000001@sys4.de> <91a8c0ac235d87919cc1f2ab9ff04a25@junc.eu> Message-ID: <549C706D.6060402@thelounge.net> Am 25.12.2014 um 21:09 schrieb Benny Pedersen: > Robert Schetterer skrev den 2014-12-25 19:49: >> Am 18.12.2014 um 17:56 schrieb Robin Helgelin: >>> We?re using dovecot 1.0.7 >> that version is total out of date , update to recent version > > centos is a precompiled problem :=) no it is not do you realy think the RPMS are falling from heaven or is it more likely be able to use rpmbuild as i do on Fedora for packages like dovecot-2.2.15-3.fc20.20141025.rh.x86_64 or postfix-2.11.3-1.fc20.20141020.rh.x86_64? your Gentoo is nice in a small environment on larger setups someone is using binary packages and can setup his own repo with overrides while maintain *testable* setups -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From pada at posteo.de Fri Dec 26 00:06:35 2014 From: pada at posteo.de (Daniel Parthey) Date: Fri, 26 Dec 2014 01:06:35 +0100 Subject: doveadm pw generates different hash each time it is invoked !? In-Reply-To: <54950F67.2050502@gmail.com> References: <54950F67.2050502@gmail.com> Message-ID: <2738738E-6E90-4668-9973-B7130EDB9B63@posteo.de> Hi there, if you are getting different results on each invocation of the hash function, you might have selected a salted hashing function which generates a random salt. When you provide the same salt, you should get the same result for the same input, but when you omit the salt, it generates a random one for you. Regards Daniel From jeffrey.mitchell at gmail.com Fri Dec 26 01:11:55 2014 From: jeffrey.mitchell at gmail.com (Jeff Mitchell) Date: Thu, 25 Dec 2014 20:11:55 -0500 Subject: Awfully slow dovecot In-Reply-To: <549C706D.6060402@thelounge.net> References: <549C5C24.8000001@sys4.de> <91a8c0ac235d87919cc1f2ab9ff04a25@junc.eu> <549C706D.6060402@thelounge.net> Message-ID: On Dec 25, 2014 3:15 PM, "Reindl Harald" wrote: > > > Am 25.12.2014 um 21:09 schrieb Benny Pedersen: > >> Robert Schetterer skrev den 2014-12-25 19:49: >>> >>> Am 18.12.2014 um 17:56 schrieb Robin Helgelin: >>>> >>>> We?re using dovecot 1.0.7 >>> >>> that version is total out of date , update to recent version >> >> >> centos is a precompiled problem :=) > > > no it is not > > do you realy think the RPMS are falling from heaven or is it more likely be able to use rpmbuild as i do on Fedora for packages like dovecot-2.2.15-3.fc20.20141025.rh.x86_64 or postfix-2.11.3-1.fc20.20141020.rh.x86_64? > > your Gentoo is nice in a small environment > > on larger setups someone is using binary packages and can setup his own repo with overrides while maintain *testable* setups > Just to point out, it is possible to set up a binary Gentoo setup with a single server compiling packages then made available to downstream computers -- I ran such a setup for a few years. Can also have multiple of these in an overlay fashion for testing. Pros and cons vs. normal binary distros, but it can be done. Anyways, regarding the OP's problem, 1.0.7 is only the latest available package from RedHat/CentOS. It's so out of date and so many bugs have been squashed that it makes little sense for anyone to spend much time trying to figure out the problem. Even Red Hat doesn't support it in production anymore. Might be time to break out the compiler. From wdgarc88 at gmail.com Fri Dec 26 01:20:07 2014 From: wdgarc88 at gmail.com (Edwardo Garcia) Date: Fri, 26 Dec 2014 11:20:07 +1000 Subject: Awfully slow dovecot In-Reply-To: References: <549C5C24.8000001@sys4.de> <91a8c0ac235d87919cc1f2ab9ff04a25@junc.eu> <549C706D.6060402@thelounge.net> Message-ID: On 12/26/14, Jeff Mitchell wrote: > On Dec 25, 2014 3:15 PM, "Reindl Harald" wrote: >> >> your Gentoo is nice in a small environment >> >> on larger setups someone is using binary packages and can setup his own > repo with overrides while maintain *testable* setups >> > > Just to point out, it is possible to set up a binary Gentoo setup with a > single server compiling packages then made available to downstream > computers -- I ran such a setup for a few years. Can also have multiple of > these in an overlay fashion for testing. Pros and cons vs. normal binary > distros, but it can be done. > As we do today for some 417 servers (real servers, not virtual crap), its very easy to do, even my previous employer who used slackware with a few hundred servers used almost identical fashion. Amazing at how rpm and deb users think they are the only ones in this world who can manage large enterprise server farms, just shows how narrow sighted and ill-informed they are. From h.reindl at thelounge.net Fri Dec 26 02:06:00 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 26 Dec 2014 03:06:00 +0100 Subject: Awfully slow dovecot In-Reply-To: References: <549C5C24.8000001@sys4.de> <91a8c0ac235d87919cc1f2ab9ff04a25@junc.eu> <549C706D.6060402@thelounge.net> Message-ID: <549CC288.2000200@thelounge.net> Am 26.12.2014 um 02:20 schrieb Edwardo Garcia: > On 12/26/14, Jeff Mitchell wrote: >> On Dec 25, 2014 3:15 PM, "Reindl Harald" wrote: >>> >>> your Gentoo is nice in a small environment >>> >>> on larger setups someone is using binary packages and can setup his own >> repo with overrides while maintain *testable* setups >> >> Just to point out, it is possible to set up a binary Gentoo setup with a >> single server compiling packages then made available to downstream >> computers -- I ran such a setup for a few years. Can also have multiple of >> these in an overlay fashion for testing. Pros and cons vs. normal binary >> distros, but it can be done. > > As we do today for some 417 servers (real servers, not virtual crap), > its very easy to do, even my previous employer who used slackware with > a few hundred servers used almost identical fashion. > > Amazing at how rpm and deb users think they are the only ones in this > world who can manage large enterprise server farms, just shows how > narrow sighted and ill-informed they are. narrow sighted are people thinking others are ill-informed or as Benny thinking outdated RPM packages are a persistent problem not easily solveable sure, you can manage anything if you write enough tools to automate things, nothing new for me as software developer, but don't you think there is a reason why advanced package management exists and 95% of all production environments are uusing them? and if it is only to have a *formal verification* based on the rpm database that there are no dep errors and compare 100, 200, 1000 machine setups automated with a single click -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From edgar at pettijohn-web.com Fri Dec 26 02:28:58 2014 From: edgar at pettijohn-web.com (Edgar Pettijohn III) Date: Thu, 25 Dec 2014 20:28:58 -0600 Subject: Awfully slow dovecot In-Reply-To: References: <549C5C24.8000001@sys4.de> <91a8c0ac235d87919cc1f2ab9ff04a25@junc.eu> <549C706D.6060402@thelounge.net> Message-ID: <6FFD7AF9-591A-46FB-BDD2-8500191DB303@pettijohn-web.com> binary packages vs. compiled has nothing to do with the op issue. The problem is an outdated version of the software. Update by whatever means necessary and get on with your day. On Dec 25, 2014, at 7:11 PM, Jeff Mitchell wrote: > On Dec 25, 2014 3:15 PM, "Reindl Harald" wrote: >> >> >> Am 25.12.2014 um 21:09 schrieb Benny Pedersen: >> >>> Robert Schetterer skrev den 2014-12-25 19:49: >>>> >>>> Am 18.12.2014 um 17:56 schrieb Robin Helgelin: >>>>> >>>>> We?re using dovecot 1.0.7 >>>> >>>> that version is total out of date , update to recent version >>> >>> >>> centos is a precompiled problem :=) >> >> >> no it is not >> >> do you realy think the RPMS are falling from heaven or is it more likely > be able to use rpmbuild as i do on Fedora for packages like > dovecot-2.2.15-3.fc20.20141025.rh.x86_64 or > postfix-2.11.3-1.fc20.20141020.rh.x86_64? >> >> your Gentoo is nice in a small environment >> >> on larger setups someone is using binary packages and can setup his own > repo with overrides while maintain *testable* setups >> > > Just to point out, it is possible to set up a binary Gentoo setup with a > single server compiling packages then made available to downstream > computers -- I ran such a setup for a few years. Can also have multiple of > these in an overlay fashion for testing. Pros and cons vs. normal binary > distros, but it can be done. > > Anyways, regarding the OP's problem, 1.0.7 is only the latest available > package from RedHat/CentOS. It's so out of date and so many bugs have been > squashed that it makes little sense for anyone to spend much time trying to > figure out the problem. Even Red Hat doesn't support it in production > anymore. > > Might be time to break out the compiler. From von at vdrandom.org Fri Dec 26 08:35:18 2014 From: von at vdrandom.org (Von Random) Date: Fri, 26 Dec 2014 11:35:18 +0300 Subject: Maildir permissions on creation? In-Reply-To: <8B93B457-D114-447B-A547-B59069DB99F7@brain-force.ch> References: <2333451419423675@web25m.yandex.ru> <8B93B457-D114-447B-A547-B59069DB99F7@brain-force.ch> Message-ID: <2519001419582918@web3o.yandex.ru> The main reason is that I don't want to provide backup user with unnecessary write permissions within maildirs and mail user within backup logs dir. I was talking about mail_user:mail_group 0750 on dirs and 0640 on files. (Or, possibly, mail_user:backup_group 2750 and 2640.) 26.12.2014, 11:19, "Tobi" : > Whats the reason you do not want to use default dovecot user. Your idea would assume that at least the group must have write access. For me a no-go on mailboxes. > > Am 24. Dezember 2014 13:21:15 MEZ, schrieb Von Random : >> Hello. >> >> In my configuration dovecot reads home from mysql and uses no variables >> within it. It uses Maildir++ storage with virtual users. I also happen >> to use LMTP. >> >> I want to use a backup solution that does not involve running itself as >> root. Neither do I want to run it as dovecot's mail user. >> >> And there lies the problem: dovecot creates maildirs with 0700 and >> files within them inherit that set of permissions. And there seems to >> be no sane way to control it. I think I've figured out what to patch in >> order to change that default, but if possible, I'd like to avoid doing >> that. >> >> tl;dr: is it possible to change the default set of permissions for new >> maildirs created by dovecot? > > - -- > Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet. >> -----BEGIN PGP SIGNATURE----- >> Version: APG v1.1.1 >> >> iQI7BAEBCgAlBQJUnRoiHhxUb2JpIDx0b2JzdGVyQGJyYWluLWZvcmNlLmNoPgAK >> CRA1HOYlqGik5L9iD/9FIE2JzWfB7fWJEbI3vVg+ar4LRGwW1xNIf8ahlytPbsmH >> D9dFP3kWpJH6TO41AksNjz/FxHcUqSrlsKYTFUsDZCyb9Zyxd8Jv+dH04FwUzw+y >> kq+ayoylnTN7Q8mQnqkUpWEuYd5ohWbbUUSguwzN8Zd1T4jCFR9/Lvu0cweE6meu >> mBGwvXBbfBP4El+mAM2lKnoMXQpMycS6aX7FwQ/fBaoWSkzg/2az69UtqG6LLF67 >> ZhJkbn17cpT3y/l/2nV5urdcFVh8RoSXNuYyMN4r7IDKQ6BPsneD+839LS9X/gP/ >> QMuo5nO5xdx4q1bT9gtv1zz5eKAJ1f3R2oPZyxdpiV5PruSY3J3kvu0cF0aJvQF6 >> +s0iDsoDBcueB6JEUnYAarteWvBvxRnqb8ytju1xbIEkKLZtaS8Gf2cpZ8eA+Ha/ >> D0zkYfq7bt+Ra7BY6Qh7XMfiN5z9eWe5RqOmVLZRLf9N75U6wWa+fmXpvlqEtGNV >> pKsgif/ivCHiA24+JSJ1PBRjwO36Tu4MsSlT2WnkvyFBQzFzg9T00fl+uTXzgNEz >> SBta2wmXk9XVJ9mPzfNrAaAA3+T6H90Sj1CbRt7NZx30UdwYoIL5XXEtnG0p1XdS >> moe91H2UE+NT+jgj7emAOLxJf86vIwiHCqI0Zl/7wVNJEnKBXJP5WIHcdEDEHg== >> =Tl/z >> -----END PGP SIGNATURE----- From von at vdrandom.org Fri Dec 26 08:37:37 2014 From: von at vdrandom.org (Von Random) Date: Fri, 26 Dec 2014 11:37:37 +0300 Subject: Maildir permissions on creation? In-Reply-To: <2519001419582918@web3o.yandex.ru> References: <2333451419423675@web25m.yandex.ru> <8B93B457-D114-447B-A547-B59069DB99F7@brain-force.ch> <2519001419582918@web3o.yandex.ru> Message-ID: <2530321419583057@web3o.yandex.ru> Err, my bad, of course 0640 on files in case of setgid on directories. 26.12.2014, 11:36, "Von Random" : > The main reason is that I don't want to provide backup user with unnecessary write permissions within maildirs and mail user within backup logs dir. I was talking about mail_user:mail_group 0750 on dirs and 0640 on files. (Or, possibly, mail_user:backup_group 2750 and 2640.) > > 26.12.2014, 11:19, "Tobi" : >> ?Whats the reason you do not want to use default dovecot user. Your idea would assume that at least the group must have write access. For me a no-go on mailboxes. >> >> ?Am 24. Dezember 2014 13:21:15 MEZ, schrieb Von Random : >>> ?Hello. >>> >>> ?In my configuration dovecot reads home from mysql and uses no variables >>> ?within it. It uses Maildir++ storage with virtual users. I also happen >>> ?to use LMTP. >>> >>> ?I want to use a backup solution that does not involve running itself as >>> ?root. Neither do I want to run it as dovecot's mail user. >>> >>> ?And there lies the problem: dovecot creates maildirs with 0700 and >>> ?files within them inherit that set of permissions. And there seems to >>> ?be no sane way to control it. I think I've figured out what to patch in >>> ?order to change that default, but if possible, I'd like to avoid doing >>> ?that. >>> >>> ?tl;dr: is it possible to change the default set of permissions for new >>> ?maildirs created by dovecot? >> ?- -- >> ?Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet. >>> ?-----BEGIN PGP SIGNATURE----- >>> ?Version: APG v1.1.1 >>> >>> ?iQI7BAEBCgAlBQJUnRoiHhxUb2JpIDx0b2JzdGVyQGJyYWluLWZvcmNlLmNoPgAK >>> ?CRA1HOYlqGik5L9iD/9FIE2JzWfB7fWJEbI3vVg+ar4LRGwW1xNIf8ahlytPbsmH >>> ?D9dFP3kWpJH6TO41AksNjz/FxHcUqSrlsKYTFUsDZCyb9Zyxd8Jv+dH04FwUzw+y >>> ?kq+ayoylnTN7Q8mQnqkUpWEuYd5ohWbbUUSguwzN8Zd1T4jCFR9/Lvu0cweE6meu >>> ?mBGwvXBbfBP4El+mAM2lKnoMXQpMycS6aX7FwQ/fBaoWSkzg/2az69UtqG6LLF67 >>> ?ZhJkbn17cpT3y/l/2nV5urdcFVh8RoSXNuYyMN4r7IDKQ6BPsneD+839LS9X/gP/ >>> ?QMuo5nO5xdx4q1bT9gtv1zz5eKAJ1f3R2oPZyxdpiV5PruSY3J3kvu0cF0aJvQF6 >>> ?+s0iDsoDBcueB6JEUnYAarteWvBvxRnqb8ytju1xbIEkKLZtaS8Gf2cpZ8eA+Ha/ >>> ?D0zkYfq7bt+Ra7BY6Qh7XMfiN5z9eWe5RqOmVLZRLf9N75U6wWa+fmXpvlqEtGNV >>> ?pKsgif/ivCHiA24+JSJ1PBRjwO36Tu4MsSlT2WnkvyFBQzFzg9T00fl+uTXzgNEz >>> ?SBta2wmXk9XVJ9mPzfNrAaAA3+T6H90Sj1CbRt7NZx30UdwYoIL5XXEtnG0p1XdS >>> ?moe91H2UE+NT+jgj7emAOLxJf86vIwiHCqI0Zl/7wVNJEnKBXJP5WIHcdEDEHg== >>> ?=Tl/z >>> ?-----END PGP SIGNATURE----- From mail at marc-stuermer.de Fri Dec 26 08:42:58 2014 From: mail at marc-stuermer.de (=?UTF-8?B?TWFyYyBTdMO8cm1lcg==?=) Date: Fri, 26 Dec 2014 09:42:58 +0100 Subject: Awfully slow dovecot In-Reply-To: <56353d58c5dda0cc2a62c65a8085b760@junc.eu> References: <56353d58c5dda0cc2a62c65a8085b760@junc.eu> Message-ID: <549D1F92.8090102@marc-stuermer.de> Am 25.12.2014 um 21:07 schrieb Benny Pedersen: >> We?re using dovecot 1.0.7, which seems to be the latest version >> available on CentOS 5. > > update to centos 7 > > if dovecot still not working, report again And if it is then still slow because some people have folders with shitloads of emails, you may consider switching your mail storage over to mdbox with enabled compression. From me at junc.eu Fri Dec 26 10:01:00 2014 From: me at junc.eu (Benny Pedersen) Date: Fri, 26 Dec 2014 11:01:00 +0100 Subject: Awfully slow dovecot In-Reply-To: <549D1F92.8090102@marc-stuermer.de> References: <56353d58c5dda0cc2a62c65a8085b760@junc.eu> <549D1F92.8090102@marc-stuermer.de> Message-ID: <6d9cb5278c70c2a0d9eda5c2a39001aa@junc.eu> Marc St?rmer skrev den 2014-12-26 09:42: > And if it is then still slow because some people have folders with > shitloads of emails, you may consider switching your mail storage over > to mdbox with enabled compression. using dovecot 1.2.17 here with maildir, still have to see performance issues, but yes will move to ssd soon, i will just fix problems that are here, not things that are not a problem, the above will kill my server, so need to have an intel i7 with 25MB L1 cache, so far i just keep it simple From mail at marc-stuermer.de Fri Dec 26 10:35:05 2014 From: mail at marc-stuermer.de (Marc =?utf-8?b?U3TDvHJtZXI=?=) Date: Fri, 26 Dec 2014 11:35:05 +0100 Subject: Awfully slow dovecot In-Reply-To: <6d9cb5278c70c2a0d9eda5c2a39001aa@junc.eu> References: <56353d58c5dda0cc2a62c65a8085b760@junc.eu> <549D1F92.8090102@marc-stuermer.de> <6d9cb5278c70c2a0d9eda5c2a39001aa@junc.eu> Message-ID: <20141226113505.Horde.WiM4k2f2zlHXFw3JQAbdsQ1@webmail.no-carrier.info> Zitat von Benny Pedersen : > using dovecot 1.2.17 here with maildir, still have to see > performance issues, but yes will move to ssd soon, i will just fix > problems that are here, not things that are not a problem, the above > will kill my server, so need to have an intel i7 with 25MB L1 cache, > so far i just keep it simple Look... if you want to get a real speedup in I/O on the same hardware without getting a SSD, you should grab yourself a recent dovecot version (2.2.X), enable gzip compression and switch over to mdbox. Maildir is fine as long as you don't have too much mail on your storage, but there comes a point when you are getting big enough where Maildir really isn't going to behave really nicely anymore, because too many files and way too many seeks. Mdbox is quite different and scales beyond the point of Maildir with ease. From von at vdrandom.org Fri Dec 26 11:40:20 2014 From: von at vdrandom.org (Von Random) Date: Fri, 26 Dec 2014 14:40:20 +0300 Subject: Maildir permissions on creation? In-Reply-To: References: <2333451419423675@web25m.yandex.ru> <8B93B457-D114-447B-A547-B59069DB99F7@brain-force.ch> <2519001419582918@web3o.yandex.ru> <2530321419583057@web3o.yandex.ru> Message-ID: <3784011419594020@web20h.yandex.ru> Yes, and it is not my use case, sadly. ACLs are meant for imap, not filesystem access and mail_access_groups is also useless for some reason. It just does not change anything. Probably because I don't use mail_location and variables when I provide path for home. (It's stored as is in a database on mailbox creation.) 26.12.2014, 12:07, "Tobi" : > Have you checked the dovecot wiki for 'filepermissions in shared mailboxes' ? > Explains how dovecot set ACL when creating mailboxes > > Am 26. Dezember 2014 09:37:37 MEZ, schrieb Von Random : >> Err, my bad, of course 0640 on files in case of setgid on directories. >> >> 26.12.2014, 11:36, "Von Random" : >>> ?The main reason is that I don't want to provide backup user with >> unnecessary write permissions within maildirs and mail user within >> backup logs dir. I was talking about mail_user:mail_group 0750 on dirs >> and 0640 on files. (Or, possibly, mail_user:backup_group 2750 and >> 2640.) >>> ?26.12.2014, 11:19, "Tobi" : >>>> ??Whats the reason you do not want to use default dovecot user. Your >> idea would assume that at least the group must have write access. For >> me a no-go on mailboxes. >>>> ??Am 24. Dezember 2014 13:21:15 MEZ, schrieb Von Random >> : >>>>> ??Hello. >>>>> >>>>> ??In my configuration dovecot reads home from mysql and uses no >> variables >>>>> ??within it. It uses Maildir++ storage with virtual users. I also >> happen >>>>> ??to use LMTP. >>>>> >>>>> ??I want to use a backup solution that does not involve running >> itself as >>>>> ??root. Neither do I want to run it as dovecot's mail user. >>>>> >>>>> ??And there lies the problem: dovecot creates maildirs with 0700 and >>>>> ??files within them inherit that set of permissions. And there seems >> to >>>>> ??be no sane way to control it. I think I've figured out what to >> patch in >>>>> ??order to change that default, but if possible, I'd like to avoid >> doing >>>>> ??that. >>>>> >>>>> ??tl;dr: is it possible to change the default set of permissions for >> new >>>>> ??maildirs created by dovecot? >>>> ??- -- >>>> ??Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail >> gesendet. >>>>>> -----BEGIN PGP SIGNATURE----- >>>>>> ??Version: APG v1.1.1 >>>>>> >>>>>> ??iQI7BAEBCgAlBQJUnRoiHhxUb2JpIDx0b2JzdGVyQGJyYWluLWZvcmNlLmNoPgAK >>>>>> ??CRA1HOYlqGik5L9iD/9FIE2JzWfB7fWJEbI3vVg+ar4LRGwW1xNIf8ahlytPbsmH >>>>>> ??D9dFP3kWpJH6TO41AksNjz/FxHcUqSrlsKYTFUsDZCyb9Zyxd8Jv+dH04FwUzw+y >>>>>> ??kq+ayoylnTN7Q8mQnqkUpWEuYd5ohWbbUUSguwzN8Zd1T4jCFR9/Lvu0cweE6meu >>>>>> ??mBGwvXBbfBP4El+mAM2lKnoMXQpMycS6aX7FwQ/fBaoWSkzg/2az69UtqG6LLF67 >>>>>> ??ZhJkbn17cpT3y/l/2nV5urdcFVh8RoSXNuYyMN4r7IDKQ6BPsneD+839LS9X/gP/ >>>>>> ??QMuo5nO5xdx4q1bT9gtv1zz5eKAJ1f3R2oPZyxdpiV5PruSY3J3kvu0cF0aJvQF6 >>>>>> ??+s0iDsoDBcueB6JEUnYAarteWvBvxRnqb8ytju1xbIEkKLZtaS8Gf2cpZ8eA+Ha/ >>>>>> ??D0zkYfq7bt+Ra7BY6Qh7XMfiN5z9eWe5RqOmVLZRLf9N75U6wWa+fmXpvlqEtGNV >>>>>> ??pKsgif/ivCHiA24+JSJ1PBRjwO36Tu4MsSlT2WnkvyFBQzFzg9T00fl+uTXzgNEz >>>>>> ??SBta2wmXk9XVJ9mPzfNrAaAA3+T6H90Sj1CbRt7NZx30UdwYoIL5XXEtnG0p1XdS >>>>>> ??moe91H2UE+NT+jgj7emAOLxJf86vIwiHCqI0Zl/7wVNJEnKBXJP5WIHcdEDEHg== >>>>>> ??=Tl/z >>>>>> ??-----END PGP SIGNATURE----- > > - -- > Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet. > -----BEGIN PGP SIGNATURE----- > Version: APG v1.1.1 > > iQI7BAEBCgAlBQJUnSVbHhxUb2JpIDx0b2JzdGVyQGJyYWluLWZvcmNlLmNoPgAK > CRA1HOYlqGik5GvTEACYhFfqS5hK4rAoHCzDd5vFwCLIE/ESheJhREbpewE4k7Nq > BGR1hKygYeAnj3w1CB9R4sgRBOTHSpRuIzk1ZMId5UuQOBxy8ukRzA5xiAoP22lw > AxB6Ek7e7VLz0998GmoN7uw1t5tczR1SkHscs0XfuBCBJrvo79DHYs7CP18oDTic > m5NVJS0MZzJGWPSDGwN6WPwRbLZMTZHc79h+WTmYz9Fzet2As71npvP0PiLd4hQP > xMlgUXCF1vXTUPUGf/NtQfy/xjaww4sEMqOxpigjLLMmnz+OFPo9Mar0uWvNBCgq > 3rTUqAUaMcLS8ANyvqzPXXba67dl+rNYuK33tWom+H17JzNf1rdYKxtc7IVQgm/E > RfYhIejH9yQR0/8CHw+ySF3mJdiQsZHMKL4PwXhRzp9OuOU8RZts1bve8pJEHGSr > ZQjqjiNB/DyE0s9uNh94U58mwGT8FKHQPR52EPF2WyNlyet1aYUCNQlXm2Qe+3FI > k4D4eJpRfWIHS5x7NALuwrki+/OqFvDphzKCTmhIC2Qa8UnKvxaS9VccW2Z5D9R9 > PHoOb2pgm5bIOUtsWUCykDiTwh5IA0jReoGPRlXmFK/tuhHawdrbfUlQ/YrVAX8w > p+FhchB5e5LNnBOjIXDB9c+viuobF3qo3uoOqjAwGTkEqIdwsiswCUPfjZJD+A== > =XfBH > -----END PGP SIGNATURE----- From anon_user at openmailbox.org Fri Dec 26 14:26:57 2014 From: anon_user at openmailbox.org (anon_user at openmailbox.org) Date: Fri, 26 Dec 2014 15:26:57 +0100 Subject: Curious dovecot behavior with =?UTF-8?Q?service=5Fcount=20=3D?= =?UTF-8?Q?=20=30?= In-Reply-To: References: Message-ID: On 2014-12-23 22:51, anon_user at openmailbox.org wrote: > Hello, > > I'm not experiencing this problem at all with service_count = 1 > > With service_count = 0, this is what I got randomly in my logs: > > TLS: SSL_read() syscall failed: Connection reset by peer > > To be successfully logged, the user have to initiate a new connection. > > I primary thought about vsz_limit but I've put this value to 10GB (yes > this is very overkill, that was just for the test) and that don't > change anything. > > I use the lastest version of dovecot. > > Any ideas ? > > Thanks. Any advice ? Thanks. From nick.z.edwards at gmail.com Fri Dec 26 16:16:15 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Sat, 27 Dec 2014 02:16:15 +1000 Subject: Awfully slow dovecot In-Reply-To: <549CC288.2000200@thelounge.net> References: <549C5C24.8000001@sys4.de> <91a8c0ac235d87919cc1f2ab9ff04a25@junc.eu> <549C706D.6060402@thelounge.net> <549CC288.2000200@thelounge.net> Message-ID: On 12/26/14, Reindl Harald wrote: > > Am 26.12.2014 um 02:20 schrieb Edwardo Garcia: >> On 12/26/14, Jeff Mitchell wrote: >>> On Dec 25, 2014 3:15 PM, "Reindl Harald" wrote: >>>> >>>> your Gentoo is nice in a small environment >>>> >>>> on larger setups someone is using binary packages and can setup his own >>> repo with overrides while maintain *testable* setups >>> >>> Just to point out, it is possible to set up a binary Gentoo setup with a >>> single server compiling packages then made available to downstream >>> computers -- I ran such a setup for a few years. Can also have multiple >>> of >>> these in an overlay fashion for testing. Pros and cons vs. normal binary >>> distros, but it can be done. >> >> As we do today for some 417 servers (real servers, not virtual crap), >> its very easy to do, even my previous employer who used slackware with >> a few hundred servers used almost identical fashion. >> >> Amazing at how rpm and deb users think they are the only ones in this >> world who can manage large enterprise server farms, just shows how >> narrow sighted and ill-informed they are. > > narrow sighted are people thinking others are ill-informed or as Benny > thinking outdated RPM packages are a persistent problem not easily > solveable > > sure, you can manage anything if you write enough tools to automate > things, nothing new for me as software developer, but don't you think > there is a reason why advanced package management exists and 95% of all > production environments are uusing them? it takes no more than a few minutes to write a perl script to handle all. and you can not claim 95% of anything in real world, even if so, there is no difference to automated tools, than yum or apt, they can do the same thing and as every machine is identical, if work on dev box, there is no way it not work on production. its simple, if it is not work on rpm, erase rpm and use source. it is silly and time waste to try log bug problem with version not supported in years From nick.z.edwards at gmail.com Fri Dec 26 16:21:20 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Sat, 27 Dec 2014 02:21:20 +1000 Subject: Awfully slow dovecot In-Reply-To: <20141226113505.Horde.WiM4k2f2zlHXFw3JQAbdsQ1@webmail.no-carrier.info> References: <56353d58c5dda0cc2a62c65a8085b760@junc.eu> <549D1F92.8090102@marc-stuermer.de> <6d9cb5278c70c2a0d9eda5c2a39001aa@junc.eu> <20141226113505.Horde.WiM4k2f2zlHXFw3JQAbdsQ1@webmail.no-carrier.info> Message-ID: On 12/26/14, Marc St?rmer wrote: > > > Maildir is fine as long as you don't have too much mail on your > storage, but there comes a point when you are getting big enough where > Maildir really isn't going to behave really nicely anymore, because > too many files and way too many seeks. Mdbox is quite different and > scales beyond the point of Maildir with ease. > that may only be true depending om your filesystem it may be no more supported for obvious reasons, but reiserfs will never be beaten for maildir and maildir is time tested and proven in very large environments with millions of users, with many GB quotas runs perfect with depuping on netapps too. From mail at marc-stuermer.de Fri Dec 26 17:43:00 2014 From: mail at marc-stuermer.de (=?windows-1252?Q?Marc_St=FCrmer?=) Date: Fri, 26 Dec 2014 18:43:00 +0100 Subject: Awfully slow dovecot In-Reply-To: References: <56353d58c5dda0cc2a62c65a8085b760@junc.eu> <549D1F92.8090102@marc-stuermer.de> <6d9cb5278c70c2a0d9eda5c2a39001aa@junc.eu> <20141226113505.Horde.WiM4k2f2zlHXFw3JQAbdsQ1@webmail.no-carrier.info> Message-ID: <549D9E24.3040504@marc-stuermer.de> Am 26.12.2014 um 17:21 schrieb Nick Edwards: >> Maildir is fine as long as you don't have too much mail on your >> storage, but there comes a point when you are getting big enough where >> Maildir really isn't going to behave really nicely anymore, because >> too many files and way too many seeks. Mdbox is quite different and >> scales beyond the point of Maildir with ease. >> > that may only be true depending om your filesystem > > it may be no more supported for obvious reasons, but reiserfs will > never be beaten for maildir > and maildir is time tested and proven in very large environments with > millions of users, with many GB quotas runs perfect with depuping on > netapps too. Wrong. ReiserFS is something you should really avoid nowadays on servers. V3, while stable and not getting much love nor features anyway, has some serious known quirks. There's a reason why Reiser4 was invented back then. ReiserFS4 will almost certainly never find its way in the kernel and goesn't get much love either, especially since its author went into jail for murder. Because Reiser4 is being maintained outside the kernel you have either to compile the kernels yourself or get community kernels. Aside that, Reiser4 is still experimental and not stable. Aside from some still raging and alive fanboys who didn't get the message ReiserFS doesn't really matter anymore. It had some nice ideas, but people moved on to other systems and are happy with those. The thing is, that Maildir means every mail is one file and you've got to maintain some index files to get a decent speed out of it. Robust, also yes, because all data is in the file system itself. This means for every modern file system, regardless if you are using XFS, ext4 or Reiser, that you need to lookup that file in the folder and read/write it. All modern file systems use for that some kind of binary tree algorithm. Some older file systems tend do slow down drastically if you put enough mails in one folder. Just consider one mail folder with the contents of the LKML of one year, this folder alone would be around 100.000 files or even more. And if your machines are getting big enough, Maildir plainly sucks and making backups takes more and more time, because reading 100000 files for a backup means many seeks and lots of work for the HDD, it means of course much more protocol overhead e.g. on rsync. For example my mailbox had a lkml archive with over > 30000 mails and I switched to mdbox. On the pro side you get much more speed out of your hardware, because you can do more with less I/O operations. On the con side you cannot read mails on the file system level anymore and need to learn the dovecot tool chain, which though IMHO is absolutely worth it, backups need proper preparations and losing the mapping files would be a desaster. Now instead of maybe around 60000 files I had and taking over 800 MB my mail storage consists of 347 files and takes 485 MB and I didn't throw any mail away. How comes? Simple, I enabled compressed saving with gzip. CPU power is cheap, getting more memory and hdd speed is most time not. Because of all my mails are now compressed in much less files on the HDD, looking them up in that folder is blazingly fast, because it's quite a small tree needed to maintain those. And it also means that I can use the same amount of memory to cache more mails in the file system cache (roughly around 30-40% more), because the data itself is compressed. That's the beauty of it, and much faster backups again. If you really run millions of accounts, you wouldn't want Maildir anymore when you can have mdbox. If you want to build a really large imap server on Linux, either take ext4 or XFS as file system. From h.reindl at thelounge.net Fri Dec 26 19:57:06 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 26 Dec 2014 20:57:06 +0100 Subject: Awfully slow dovecot In-Reply-To: References: <549C5C24.8000001@sys4.de> <91a8c0ac235d87919cc1f2ab9ff04a25@junc.eu> <549C706D.6060402@thelounge.net> <549CC288.2000200@thelounge.net> Message-ID: <549DBD92.1080301@thelounge.net> Am 26.12.2014 um 17:16 schrieb Nick Edwards: > On 12/26/14, Reindl Harald wrote: >> sure, you can manage anything if you write enough tools to automate >> things, nothing new for me as software developer, but don't you think >> there is a reason why advanced package management exists and 95% of all >> production environments are uusing them? > > it takes no more than a few minutes to write a perl script to handle all. > and you can not claim 95% of anything in real world, even if so, there > is no difference to automated tools, than yum or apt, they can do the > same thing and as every machine is identical, if work on dev box, > there is no way it not work on production. deployment yes versioned, clean downgrades and preserve permissions, get rid of obsolete files to keep the system clean over many years take more effort > its simple, if it is not work on rpm, erase rpm and use source. > > it is silly and time waste to try log bug problem with version not > supported in years hence i recommended use rpmbuild and build a *override* from recent source, in case of dovecot just build from source may be easy, if it comes to dependencies rpm become the easier and safer way because it would refuse to override incompatible libraries until you take care of the dependencie tree which does not come from rpm itself but is managed by using it -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From jeffrey.mitchell at gmail.com Fri Dec 26 22:36:56 2014 From: jeffrey.mitchell at gmail.com (Jeff Mitchell) Date: Fri, 26 Dec 2014 17:36:56 -0500 Subject: Deleting files in sdbox Message-ID: Hello, I'm curious as to what happens if I were to manually delete files in an sdbox on the server. A long time ago -- I'm not sure how, as it was several years ago -- something happened and a number of users got a large number of mail messages duplicated. Literally duplicated -- all headers, all body content. I have a script that can find these duplicated messages (by ignoring the first few and last few lines of each message, and using SHAs to compare and find the duplicates). However, I don't see a doveadm style command to manually delete messages, except for doveadm-expunge. In the past I've used that with search queries but my experience is that trying to do many individual operations on individual files with doveadm-expunge can be quite slow. So, if Dovecot is going to just say "huh, my indexes/metadata are wrong, lemme rebuild them", I'd rather just rm the messages and let Dovecot do its thing. Again, this is with sdbox storage. Dovecot version is 2.2.9. Thanks! --Jeff From p at sys4.de Fri Dec 26 22:39:15 2014 From: p at sys4.de (Patrick Ben Koetter) Date: Fri, 26 Dec 2014 23:39:15 +0100 Subject: Thunderbird supports SPECIAL-USE (Merry x-mas!) Message-ID: <20141226223915.GA9911@sys4.de> I've waited about two years to write this mail... :) As of Dezember, 24th Mozilla Thunderbird can handle SPECIAL-USE. The patch, which adds the required functionality, has passed review and TBs nightly build was successful. The next official Thunderbird release (version 38, release date 2015-05-19) will very likely ship SPECIAL-USE included. \o/ SPECIAL USE is an IMAP extension. It means less mailbox chaos for admins. But more than that it means less configuration work and easier orientation for end users. If IMAP server and client are capable of SPECIAL-USE [1] the server may tell the client some of the folders (Inbox, Drafts, Sent, Trash etc.) are reserved for SPECIAL-USE. Any client, capable of SPECIAL-USE, may adapts its local folders to the servers view. It may map e.g. "Sent Items" to "Sent", "Deleted Items" to "Trassh" etc. pp. All this takes place automatically. No more user interaction. No more locale problems. When all components - server, desktop-, webmail-, and mobile client - can handle SPECIAL-USE live becomes easier. Clients don't create their own 'special folders'. They understand special folders already exist and adapt. No more superfluous ambiguous folders. Users will know where their messages have been stored. Note: Combined with automx [2] users will only have to enter their realname, mail address and (optional) password and their client will setup all the rest automatically. SPECIAL-USE started as a suggestion to friends at IETF. We sponsored its implementation in Dovecot [3], when it had become a RFC standard. Then we took out to bring it to Thunderbird. This took use longer than expected. The moment we had begun to work on it, Mozilla withdrew most people from the Thunderbird team and reassigned them to Firefox OS. Things slowed down significantly and Microsoft Outlook became the first mail client to adopt SPECIAL-USE. Two years later - together with Ben Bucksch (Thunderbird developer) - we finally succeeded and it is about time to close the RFE [4]. Nobody should have to spend more time than required to configure their client. Everyone should be able to focus on their primary goal - communication via mail. We - sys4 and our business partner Becon - sponsored SPECIAL-USE. I hope SPECIAL-USE will make your and your customers life easier. The patch just became ready for x-mas. :) p at rick P.S. Unpacking the gift will have to wait until 2015-05-19. ;) [1] IMAP LIST Extension for Special-Use Mailboxes [2] automx - mail setup made easy! [3] Mailbox settings http://wiki2.dovecot.org/MailboxSettings [4] Bug 558659 - (RFC6154) Support IMAP LIST SPECIAL-USE (RFC 6154) to autoconfigure Sent, Trash, Draft folders on IMAP servers -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From mkliewe at gmx.de Sat Dec 27 00:59:24 2014 From: mkliewe at gmx.de (Michael Kliewe) Date: Sat, 27 Dec 2014 01:59:24 +0100 Subject: Thunderbird supports SPECIAL-USE (Merry x-mas!) In-Reply-To: <20141226223915.GA9911@sys4.de> References: <20141226223915.GA9911@sys4.de> Message-ID: <549E046C.6010303@gmx.de> Am 26.12.2014 um 23:39 schrieb Patrick Ben Koetter: > We - sys4 and our business partner Becon - sponsored SPECIAL-USE. I hope > SPECIAL-USE will make your and your customers life easier. The patch just > became ready for x-mas. :) Hi Patrick, many thanks for this feature in Thunderbird, a great X-MAS gift! It was one of the features I was missing in Thunderbird, and now (in a few month) we will finally have it! Thanks for your work! Another thing that I'm waiting for is IMAP NOTIFY support (RFC 5465 [1]). It's already in Bugzilla since 5 years [2], and I hope someone will work on it in the near future, because it will reduce the amount of IMAP connections to servers a lot (instead of 5+ Thunderbird IMAP connections just 1). Dovecot (of cause) supports IMAP NOTIFY, but no client I'm aware of uses it. Do you have plans which Thunderbird feature to work on next? Maybe it makes sense to find some people for sponsoring, so more useful features get implemented in clients like Thunderbird? That would help all of us mailserver administrators. Thanks for your work! Michael [1] http://tools.ietf.org/rfc/rfc5465.txt [2] https://bugzilla.mozilla.org/show_bug.cgi?id=479133 From mail at marc-stuermer.de Sat Dec 27 08:18:46 2014 From: mail at marc-stuermer.de (Marc =?utf-8?b?U3TDvHJtZXI=?=) Date: Sat, 27 Dec 2014 09:18:46 +0100 Subject: Deleting files in sdbox In-Reply-To: Message-ID: <20141227091846.Horde.s7LooX9BMH1mFUe68F2WTQ8@webmail.no-carrier.info> Zitat von Jeff Mitchell : > I have a script that can find these duplicated messages (by ignoring > the first few and last few lines of each message, and using SHAs to > compare and find the duplicates). However, I don't see a doveadm style > command to manually delete messages, except for doveadm-expunge. In Well... doveadm is an abstraction layer to the user. It doesn't care that you want to delete file x or y, it does care that you want to delete that one specific mail and locates it for you and deletes it then. That's being done on purpose. And deleting mails with doveadm needs to operations: 1. you need to mark the mail for deletion, means you need to expunge it, then 2. you need to purge it. Purging all your mailboxes should be done in a maybe daily run cron job. And how to construct a dovecot search query is documented here: http://wiki2.dovecot.org/Tools/Doveadm/SearchQuery You could use the message UID to delete those pesky messages maybe. Of course you could try deleting those messages on your own and run afterwards a doveadm index. This should also do the job. From rs at sys4.de Sat Dec 27 09:23:24 2014 From: rs at sys4.de (Robert Schetterer) Date: Sat, 27 Dec 2014 10:23:24 +0100 Subject: Thunderbird supports SPECIAL-USE (Merry x-mas!) In-Reply-To: <20141226223915.GA9911@sys4.de> References: <20141226223915.GA9911@sys4.de> Message-ID: <549E7A8C.6050202@sys4.de> Am 26.12.2014 um 23:39 schrieb Patrick Ben Koetter: > I've waited about two years to write this mail... :) > > As of Dezember, 24th Mozilla Thunderbird can handle SPECIAL-USE. The patch, > which adds the required functionality, has passed review and TBs nightly build > was successful. The next official Thunderbird release (version 38, release > date 2015-05-19) will very likely ship SPECIAL-USE included. \o/ > > SPECIAL USE is an IMAP extension. It means less mailbox chaos for admins. But > more than that it means less configuration work and easier orientation for end > users. > > If IMAP server and client are capable of SPECIAL-USE [1] the server may tell > the client some of the folders (Inbox, Drafts, Sent, Trash etc.) are reserved > for SPECIAL-USE. > > Any client, capable of SPECIAL-USE, may adapts its local folders to the > servers view. It may map e.g. "Sent Items" to "Sent", "Deleted Items" to > "Trassh" etc. pp. All this takes place automatically. No more user > interaction. No more locale problems. > > When all components - server, desktop-, webmail-, and mobile client - can > handle SPECIAL-USE live becomes easier. Clients don't create their own > 'special folders'. They understand special folders already exist and adapt. No > more superfluous ambiguous folders. Users will know where their messages have > been stored. > > Note: Combined with automx [2] users will only have to enter their > realname, mail address and (optional) password and their client will setup > all the rest automatically. > > SPECIAL-USE started as a suggestion to friends at IETF. We sponsored its > implementation in Dovecot [3], when it had become a RFC standard. Then we took > out to bring it to Thunderbird. > > This took use longer than expected. The moment we had begun to work on it, > Mozilla withdrew most people from the Thunderbird team and reassigned them to > Firefox OS. Things slowed down significantly and Microsoft Outlook became the > first mail client to adopt SPECIAL-USE. Two years later - together with Ben > Bucksch (Thunderbird developer) - we finally succeeded and it is about time to > close the RFE [4]. > > Nobody should have to spend more time than required to configure their client. > Everyone should be able to focus on their primary goal - communication via > mail. > > We - sys4 and our business partner Becon - sponsored SPECIAL-USE. I hope > SPECIAL-USE will make your and your customers life easier. The patch just > became ready for x-mas. :) > > > p at rick > > > P.S. > Unpacking the gift will have to wait until 2015-05-19. ;) > > > [1] IMAP LIST Extension for Special-Use Mailboxes > > > [2] automx - mail setup made easy! > > > [3] Mailbox settings > http://wiki2.dovecot.org/MailboxSettings > > [4] Bug 558659 - (RFC6154) Support IMAP LIST SPECIAL-USE (RFC 6154) to > autoconfigure Sent, Trash, Draft folders on IMAP servers > > Many thx, long awaited feature. So lets party as its done now ! Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From dovecot at vosslamber.nl Sat Dec 27 10:54:45 2014 From: dovecot at vosslamber.nl (Luuk) Date: Sat, 27 Dec 2014 11:54:45 +0100 Subject: Thunderbird supports SPECIAL-USE (Merry x-mas!) In-Reply-To: <20141226223915.GA9911@sys4.de> References: <20141226223915.GA9911@sys4.de> Message-ID: <549E8FF5.8000408@vosslamber.nl> On 26-12-2014 23:39, Patrick Ben Koetter wrote: > They understand special folders already exist and *adapt*. I think i have heard a similar phrase somewhere before ... ;-) From mail at marc-stuermer.de Sat Dec 27 11:56:36 2014 From: mail at marc-stuermer.de (Marc Stuermer) Date: Sat, 27 Dec 2014 11:56:36 +0000 Subject: Thunderbird supports SPECIAL-USE (Merry x-mas!) In-Reply-To: <20141226223915.GA9911@sys4.de> References: <20141226223915.GA9911@sys4.de> Message-ID: <549E9E74.1060700@marc-stuermer.de> Am 26.12.2014 um 22:39 schrieb Patrick Ben Koetter: > As of Dezember, 24th Mozilla Thunderbird can handle SPECIAL-USE. The patch, > which adds the required functionality, has passed review and TBs nightly build > was successful. The next official Thunderbird release (version 38, release > date 2015-05-19) will very likely ship SPECIAL-USE included. \o/ Nice! Many thanks! From jeffrey.mitchell at gmail.com Sat Dec 27 15:18:29 2014 From: jeffrey.mitchell at gmail.com (Jeff Mitchell) Date: Sat, 27 Dec 2014 10:18:29 -0500 Subject: Deleting files in sdbox In-Reply-To: <20141227091846.Horde.s7LooX9BMH1mFUe68F2WTQ8@webmail.no-carrier.info> References: <20141227091846.Horde.s7LooX9BMH1mFUe68F2WTQ8@webmail.no-carrier.info> Message-ID: On Dec 27, 2014 3:19 AM, "Marc St?rmer" wrote: > You could use the message UID to delete those pesky messages maybe. > > Of course you could try deleting those messages on your own and run afterwards a doveadm index. This should also do the job. As I said in my OP I could use doveadm-expunge with a search query. But I've done that and it's very slow to rerun constantly with various UIDs. I could maybe write a query with thousands of UIDs if it wouldn't complain. My actual question as stated was what happens if I just rm those files... if Dovecot will be okay with it, figure out that the mailboxes don't match, and fix the index and cache files. If rerunning doveadm-index after manually will make everything happy, this seems like the faster approach. But I just want to make sure I won't damage the sdbox in a permanent sense. Thanks, Jeff From tss at iki.fi Sun Dec 28 19:49:40 2014 From: tss at iki.fi (Timo Sirainen) Date: Sun, 28 Dec 2014 14:49:40 -0500 Subject: Deleting files in sdbox In-Reply-To: References: <20141227091846.Horde.s7LooX9BMH1mFUe68F2WTQ8@webmail.no-carrier.info> Message-ID: On 27 Dec 2014, at 10:18, Jeff Mitchell wrote: > On Dec 27, 2014 3:19 AM, "Marc St?rmer" wrote: >> You could use the message UID to delete those pesky messages maybe. >> >> Of course you could try deleting those messages on your own and run > afterwards a doveadm index. This should also do the job. > > As I said in my OP I could use doveadm-expunge with a search query. But > I've done that and it's very slow to rerun constantly with various UIDs. I > could maybe write a query with thousands of UIDs if it wouldn't complain. I'd think you should be able to run doveadm expunge -u user at domain mailbox foo uid 5,10,100,101,102,etc. That shouldn't be much slower than rm'ing them. > My actual question as stated was what happens if I just rm those files... > if Dovecot will be okay with it, figure out that the mailboxes don't match, > and fix the index and cache files. If rerunning doveadm-index after > manually will make everything happy, this seems like the faster approach. > But I just want to make sure I won't damage the sdbox in a permanent sense. doveadm force-resync fixes it, but it's a bit ugly way. How about using doveadm deduplicate command instead? From richigp at gmail.com Mon Dec 29 00:53:16 2014 From: richigp at gmail.com (Ricardo) Date: Mon, 29 Dec 2014 01:53:16 +0100 Subject: Quota, doveadm, postfixadmin Message-ID: Hello all and happy holidays. I have Postfix+Dovecot+MySQL+Postfixadmin with CentOS 6.6, a virtual machines for testing, and then pass it to servers in production, my problem is the next: I add 30 MB for domain.local, then cast 10 MB for test1 at domain.local and 20 MB for test2 at domain.local, so far so good. Sending an attachment from one account to another, the example of test1 at domain.local to test2 at domain.local, test2 at domain.local receive the email with the attachment. If I write in the shell doveadm quota get -u test2 at domain.local I get the following: Quota name Type Value Limit % user STORAGE 3391 20000 16 user MESSAGE 3 10000 0 Informs me that I this consuming 16% of the 20 MB assigned to this account, but if I delete the file and again write doveadm quota get -u test2 at domain.local I release this: Quota name Type Value Limit % user STORAGE 6782 20000 33 user MESSAGE 4 10000 0 Normal serious you continue using 16%, not 33%, when you go into the trash, because that happens from one place to another, right? These statistics the Postfixadmin Dame them so much as writing in the shell doveadm quota get -u test2 at domain.local. I delete the file in the trash and to again write doveadm quota get -u test2 at domain.local still see me. Quota name Type Value Limit % user STORAGE 6782 20000 33 user MESSAGE 4 10000 0 But I realize that so that it resets to 0%, I have to close the mail client, if not would follow using 33% and is when is 0% as shown here. Quota name Type Value Limit % user STORAGE 1 20000 0 user MESSAGE 2 10000 0 Is this normal? The client to send emails and exceed quota will having to always close the mail client, so you reset and stays at 0%? Can anyone help me? I have looked online but I can't find information about this. Has happened to someone? Thanks so much. Best regards. From jtam.home at gmail.com Mon Dec 29 09:25:09 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 29 Dec 2014 01:25:09 -0800 (PST) Subject: Awfully slow dovecot In-Reply-To: References: Message-ID: Robin Helgelin writes: > We?re using dovecot 1.0.7, which seems to be the latest version > available on CentOS 5. It wouldn't be a bad idea to update this if you can, even if you have to compile it yourself. You'll benefit from many bug fixes, one of which may solve your problem. > Downloading emails are dead slow. Really small emails goes quickly, > but normal emails and emails with attachments are so slow to download > it?s almost ridiculous. I?ve googled some and found that it could be > related to quota, but I disabled the quota plugins on imap with no > difference. The problem with "slowness" is that it can result from just about anything. I've seen reports of slowness caused by LDAP handups, filesystem and I/O polling, client issues, network issues, firewall issues, anti-virus stuff, resource starvation. That's just the stuff I remember. You'll need to dig further to reduce the scope of where it can be going wrong. I would suggest getting hints from - process tracing - network snooping - logs Test if it's a mail client issue by sampling more than one mail client (or better yet, talk IMAP directly to the server via telnet or netcat and download a large piece of Email). If that provokes a problem, work your way back to the server and do the same thing on the server itself (bypassing the network stack) and see if the problem still persists. Depending on what you find out, at least you'll know which side of the fence you should be looking at. (Also, asks yourself the obvious question: did you change anything before dovecot performance went down the tubes? New hardware? Patches?) Joseph Tam From jtam.home at gmail.com Mon Dec 29 10:02:44 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 29 Dec 2014 02:02:44 -0800 (PST) Subject: doveadm pw generates different hash each time it is invoked In-Reply-To: References: Message-ID: reik red writes: > (I'm re-submittting after setting up a subscription, so I don't have to wait for the moderator) > , > What happened next surprised me greatly: if I specify "-s ssha", the > resulting hashed password changes each time I invoke "doveadm pw", but > if I do not specify the hashing method, I get the same password each time (as I > expect). What on earth is going on here? There must be something > fundamental that I am missing. "doveadm pw" is working correctly. CRAM-MD5 and SSHA use hashing in 2 different ways to authenticate a user. CRAM-MD5 is a challenge-response system where the server sends the client a random string each and every session. The client hashes the password and the random string and sends it to the server as proof of authenticity. The server performs the same calculation to verify. However, the server needs to know the password (or password equivalent) in order to duplicate the hash calculation. SSHA precomputes the random strings (salt) and hashes the password with it, and stores both salt and hash in the password database. During authentication, the password is (or ought to be) transmitted plain within a SSL connection from the client to the server, then the server hashes the password with the stored salt and compares with the hash in the database. Every time you run "doveadm pw -s sha" a new random salt is generated, hence a new hash is produced even though you use the same password. You would use challenge-response in situations where the communication channel is insecure (i.e. non-SSL). However, the drawback is the password database contains enough information for someone to authenticate if it should fall into the wrong hands. Joseph Tam From apm at one.com Mon Dec 29 10:22:56 2014 From: apm at one.com (Peter Mogensen) Date: Mon, 29 Dec 2014 11:22:56 +0100 Subject: SPECIAL-USE again Message-ID: <54A12B80.6080208@one.com> Hi, Great to see Thunderbird support SPECIAL-USE now. I would like to hear the list about the intended use of SPECIAL-USE. I get the impression from several earlier mails here that the intention is for the server to globally decide what the folder-name of a specific SPECIAL-USE folder is for all users. That's the way the documentation exemplifies it and what I get from posts like this: http://www.dovecot.org/list/dovecot/2013-February/088129.html I get the point that if *all* clients ignored the real folder-name and only obeyed SPECIAL-USE, the clients could locally in the GUI decide language and name of the \Sent, \Drafts, \Trash folders. And the real folder name would become just an opaque identifier. However that's not how the world is like. There are plenty of clients ignoring SPECIAL-USE and placing meaning in the actual folder name in a language of their own choice. It seems natural for me to let the user configure their own individual SPECIAL-USE tagging according to their language and/or mix of IMAP clients. - either by setting IMAP METADATA (RFC5464) or by having the userdb return entries like: "namespace/inbox/Papperskorg/specialuse=\Trash" (for a swede) /Peter PS: Also... Isn't there a need for a Sieve extension to allow "fileinto" to target a folder based on special-use ? From lazy404 at gmail.com Mon Dec 29 11:47:32 2014 From: lazy404 at gmail.com (Lazy) Date: Mon, 29 Dec 2014 12:47:32 +0100 Subject: Authcache and user changing Message-ID: Hi, I have noticed that during auth cache hits usernames are not updated. (We use ldap backend and change username with user_attrs = uid=user, mailMessageStore=home, mailQuotaSize=quota_rule=*:bytes=%$ cold cache lmtp(14414): Debug: auth input: testmon_testmon home=/vmail/te/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14414): Debug: changed username to testmon_testmon lmtp(14414): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 hot cache lmtp(14715): Debug: auth input: iqmon at mon.test.pl home=/vmail/iq/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14715): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 this kills our dictionary based quota (users have multiple quota instances depending on timing and alias the email was delivered to. Is there a way to force addition of user to the auth cache ? -- Michal Grzedzicki From listas at adminlinux.com.br Mon Dec 29 15:09:02 2014 From: listas at adminlinux.com.br (Listas@Adminlinux) Date: Mon, 29 Dec 2014 13:09:02 -0200 Subject: Designing an Object Storage Plugin for a specific platform Message-ID: <54A16E8E.6060207@adminlinux.com.br> Hi! I'm planning to develop a OSP (Object Storage Plugin) to support a specific platform of my company. Is there any API documentation or sample code of a simple plugin that can be used as a basis for an implementation? Thanks! -- Thiago Henrique From stephan at rename-it.nl Mon Dec 29 19:45:32 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 29 Dec 2014 20:45:32 +0100 Subject: SPECIAL-USE again In-Reply-To: <54A12B80.6080208@one.com> References: <54A12B80.6080208@one.com> Message-ID: <54A1AF5C.5020707@rename-it.nl> On 12/29/2014 11:22 AM, Peter Mogensen wrote: > Hi, > > Great to see Thunderbird support SPECIAL-USE now. > > I would like to hear the list about the intended use of SPECIAL-USE. > > I get the impression from several earlier mails here that the > intention is for the server to globally decide what the folder-name of > a specific SPECIAL-USE folder is for all users. > That's the way the documentation exemplifies it and what I get from > posts like this: > http://www.dovecot.org/list/dovecot/2013-February/088129.html > > I get the point that if *all* clients ignored the real folder-name and > only obeyed SPECIAL-USE, the clients could locally in the GUI decide > language and name of the \Sent, \Drafts, \Trash folders. > And the real folder name would become just an opaque identifier. > > However that's not how the world is like. There are plenty of clients > ignoring SPECIAL-USE and placing meaning in the actual folder name in > a language of their own choice. > > It seems natural for me to let the user configure their own individual > SPECIAL-USE tagging according to their language and/or mix of IMAP > clients. > - either by setting IMAP METADATA (RFC5464) or by having the userdb > return entries like: "namespace/inbox/Papperskorg/specialuse=\Trash" > (for a swede) For creating a special use mailbox there is the CREATE-SPECIAL-USE capability (https://tools.ietf.org/html/rfc6154, Section 3). As you suggested, the special use attributes can also be changed using the METADATA capability (https://tools.ietf.org/html/rfc6154, Section 4). Unfortunately, both of these features are not yet supported by Dovecot. I think it is already possible to return special use attributes from userdb, although I haven't verified that. Regards, Stephan. From apm at one.com Mon Dec 29 20:24:31 2014 From: apm at one.com (Peter Mogensen) Date: Mon, 29 Dec 2014 21:24:31 +0100 Subject: SPECIAL-USE again In-Reply-To: <54A1AF5C.5020707@rename-it.nl> References: <54A12B80.6080208@one.com> <54A1AF5C.5020707@rename-it.nl> Message-ID: <54A1B87F.2090200@one.com> On 2014-12-29 20:45, Stephan Bosch wrote: > For creating a special use mailbox there is the CREATE-SPECIAL-USE > capability (https://tools.ietf.org/html/rfc6154, Section 3). As you > suggested, the special use attributes can also be changed using the > METADATA capability (https://tools.ietf.org/html/rfc6154, Section 4). > Unfortunately, both of these features are not yet supported by Dovecot. They are also basically two sides of the same feature. For Dovecot to support CREATE-SPECIAL-USE it has to store that state somewhere anyway... and that would probably be in a METADATA dict. > I think it is already possible to return special use attributes from > userdb, although I haven't verified that. Neither have I, but I see no reason why it shouldn't work. That would probably be the easiest way to support per-user SPECIAL-USE (which I think makes more sense than a global hardwired setting). But to make it really useful, it would require Sieve support. Like: http://www.ietf.org/mail-archive/web/sieve/current/msg05171.html /Peter From orion at cora.nwra.com Mon Dec 29 21:02:01 2014 From: orion at cora.nwra.com (Orion Poplawski) Date: Mon, 29 Dec 2014 14:02:01 -0700 Subject: Segmentation fault in pigeonhole lib-sieve Message-ID: <54A1C149.6050507@cora.nwra.com> The sieve plugin for Thundirbird likes to rapidly compile work in progress sieve scripts to continually give feedback on any errors in the script. This can trigger segmentation faults in lib-sieve with certain pathologically incomplete sieve scripts. One example: #0 tag_comparator_validate (valdtr=0x7f291aa713a0, arg=0x7fff5c3cfa58, cmd=0x7f291aa69360) at sieve-comparators.c:143 143 if ( (*arg)->type != SAAT_STRING ) { Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.6-12.el7.x86_64 glibc-2.17-55.el7_0.3.x86_64 sssd-client-1.11.2-68.el7_0.6.x86_64 zlib-1.2.7-13.el7.x86_64 (gdb) list 138 *arg = sieve_ast_argument_next(*arg); 139 140 /* Check syntax: 141 * ":comparator" 142 */ 143 if ( (*arg)->type != SAAT_STRING ) { 144 sieve_argument_validate_error(valdtr, *arg, 145 ":comparator tag requires one string argument, but %s was found", 146 sieve_ast_argument_name(*arg) ); 147 return FALSE; (gdb) print arg $1 = (struct sieve_ast_argument **) 0x7fff5c3cfa58 (gdb) print *arg $2 = (struct sieve_ast_argument *) 0x0 So sieve_ast_argument_next() is returning NULL and we're trying to dereference it without checking. Here's a completely naive attempt at a patch: --- dovecot-2.2.15/dovecot-2.2-pigeonhole-0.4.3/src/lib-sieve/sieve-comparators.c.null 2014-01-01 15:46:39.000000000 -0700 +++ dovecot-2.2.15/dovecot-2.2-pigeonhole-0.4.3/src/lib-sieve/sieve-comparators.c 2014-12-29 14:01:00.233436697 -0700 @@ -140,6 +140,11 @@ static bool tag_comparator_validate /* Check syntax: * ":comparator" */ + if ( *arg == NULL ) { + sieve_argument_validate_error(valdtr, *arg, + ":comparator tag requires one string argument, but none was found"); + return FALSE; + } if ( (*arg)->type != SAAT_STRING ) { sieve_argument_validate_error(valdtr, *arg, ":comparator tag requires one string argument, but %s was found", -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion at nwra.com Boulder, CO 80301 http://www.nwra.com From stephan at rename-it.nl Mon Dec 29 21:15:15 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 29 Dec 2014 22:15:15 +0100 Subject: SPECIAL-USE again In-Reply-To: <54A1B87F.2090200@one.com> References: <54A12B80.6080208@one.com> <54A1AF5C.5020707@rename-it.nl> <54A1B87F.2090200@one.com> Message-ID: <54A1C463.5050101@rename-it.nl> On 12/29/2014 9:24 PM, Peter Mogensen wrote: > On 2014-12-29 20:45, Stephan Bosch wrote: >> For creating a special use mailbox there is the CREATE-SPECIAL-USE >> capability (https://tools.ietf.org/html/rfc6154, Section 3). As you >> suggested, the special use attributes can also be changed using the >> METADATA capability (https://tools.ietf.org/html/rfc6154, Section 4). >> Unfortunately, both of these features are not yet supported by Dovecot. > > They are also basically two sides of the same feature. > For Dovecot to support CREATE-SPECIAL-USE it has to store that state > somewhere anyway... and that would probably be in a METADATA dict. Something like that, yes. >> I think it is already possible to return special use attributes from >> userdb, although I haven't verified that. > > Neither have I, but I see no reason why it shouldn't work. That would > probably be the easiest way to support per-user SPECIAL-USE (which I > think makes more sense than a global hardwired setting). Yes, although that doesn't mean that users can modify the special-use attributes themselves, unless some sort of web management interface has a dialog for that. The METADATA/CREATE-SPECIAL-USE capabilities would provide a standard means for a user to do this, from within the MUA. > But to make it really useful, it would require Sieve support. Like: > http://www.ietf.org/mail-archive/web/sieve/current/msg05171.html Right. Maybe I should give this another look. Regards, Stephan. From alec at alec.pl Tue Dec 30 07:25:12 2014 From: alec at alec.pl (A.L.E.C) Date: Tue, 30 Dec 2014 08:25:12 +0100 Subject: SPECIAL-USE again In-Reply-To: <54A1C463.5050101@rename-it.nl> References: <54A12B80.6080208@one.com> <54A1AF5C.5020707@rename-it.nl> <54A1B87F.2090200@one.com> <54A1C463.5050101@rename-it.nl> Message-ID: <54A25358.8030406@alec.pl> On 12/29/2014 10:15 PM, Stephan Bosch wrote: > Yes, although that doesn't mean that users can modify the special-use > attributes themselves, unless some sort of web management interface has > a dialog for that. The METADATA/CREATE-SPECIAL-USE capabilities would > provide a standard means for a user to do this, from within the MUA. Roundcube 1.1 has this feature. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl From lazy404 at gmail.com Tue Dec 30 14:04:59 2014 From: lazy404 at gmail.com (Lazy) Date: Tue, 30 Dec 2014 15:04:59 +0100 Subject: Authcache and user changing In-Reply-To: References: Message-ID: 2014-12-29 12:47 GMT+01:00 Lazy : > Hi, > > > I have noticed that during auth cache hits usernames are not updated. > (We use ldap backend > and change username with > user_attrs = uid=user, mailMessageStore=home, > mailQuotaSize=quota_rule=*:bytes=%$ > > cold cache > > lmtp(14414): Debug: auth input: testmon_testmon > home=/vmail/te/testmon_testmon quota_rule=*:bytes=104857600 > lmtp(14414): Debug: changed username to testmon_testmon > lmtp(14414): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 > > > hot cache > > lmtp(14715): Debug: auth input: iqmon at mon.test.pl > home=/vmail/iq/testmon_testmon quota_rule=*:bytes=104857600 > lmtp(14715): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 auth replays are USER\t2\ttestmon_testmon\thome=/vmail/te/testmon_testmon\tquota_rule=*:bytes=104857600\n on a cache miss and USER\t3\ttestmon at mon.test.pl\thome=/vmail/te/testmon_testmon\tquota_rule=*:bytes=104857600\n with a cache hit without cache user is rewriten as expected, with cache it isn't -- Michal Grzedzicki From lazy404 at gmail.com Tue Dec 30 14:37:10 2014 From: lazy404 at gmail.com (Lazy) Date: Tue, 30 Dec 2014 15:37:10 +0100 Subject: Authcache and user changing In-Reply-To: References: Message-ID: 2014-12-30 15:04 GMT+01:00 Lazy : > 2014-12-29 12:47 GMT+01:00 Lazy : >> Hi, >> >> >> I have noticed that during auth cache hits usernames are not updated. >> (We use ldap backend >> and change username with >> user_attrs = uid=user, mailMessageStore=home, >> mailQuotaSize=quota_rule=*:bytes=%$ >> >> cold cache >> >> lmtp(14414): Debug: auth input: testmon_testmon >> home=/vmail/te/testmon_testmon quota_rule=*:bytes=104857600 >> lmtp(14414): Debug: changed username to testmon_testmon >> lmtp(14414): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 >> >> >> hot cache >> >> lmtp(14715): Debug: auth input: iqmon at mon.test.pl >> home=/vmail/iq/testmon_testmon quota_rule=*:bytes=104857600 >> lmtp(14715): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 > > auth replays are > > > USER\t2\ttestmon_testmon\thome=/vmail/te/testmon_testmon\tquota_rule=*:bytes=104857600\n > on a cache miss > > and > > USER\t3\ttestmon at mon.test.pl\thome=/vmail/te/testmon_testmon\tquota_rule=*:bytes=104857600\n > with a cache hit > > > without cache user is rewriten as expected, with cache it isn't requests made by imap or pop3 are always rewriting the usernames is it a bug or is it intentional ? -- Michal Grzedzicki From code at mmayer.net Tue Dec 30 21:44:22 2014 From: code at mmayer.net (Markus Mayer) Date: Tue, 30 Dec 2014 13:44:22 -0800 Subject: PAM issues on OS X Yosemite Message-ID: Hi, I have been running dovecot successfully on OS X Mavericks for several months. After upgrading to Yosemite, however, PAM authentication for dovecot is failing. Or rather, creating the PAM session is failing. Either way, I can't get to my e-mail. $ /usr/pkg/sbin/dovecot --version 2.2.15 $ /usr/pkg/sbin/dovecot -n # 2.2.15: /usr/pkg/etc/dovecot/dovecot.conf # OS: Darwin 14.0.0 x86_64 hfs auth_debug = yes auth_verbose = yes mail_location = maildir:/Volumes/Secure/%u/Maildir mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = session=yes dovecot driver = pam } ssl_cert = Dec 30 13:21:51 my.host.name dovecot[49247]: auth-worker(49286): Debug: pam(markus,::1): lookup service=dovecot Dec 30 13:21:51 my.host.name dovecot[49247]: auth-worker(49286): Debug: pam(markus,::1): #1/1 style=1 msg=Password: Dec 30 13:21:51 my.host.name dovecot[49247]: auth-worker(49286): Error: pam(markus,::1): pam_open_session() failed: session failure Dec 30 13:21:53 my.host.name dovecot[49247]: auth: Debug: client passdb out: FAIL 1 user=markus It does successfully verify my password. If I purposefully enter a wrong password the error becomes "pam_authenticate() failed: authentication error (password mismatch?)". So that portion is okay. Do you have any suggestions how I might find out why pam_open_session() is failing? The auth process *is* running as root. I have tried these two PAM configurations. The first one based on Maverick's /etc/pam.d/login and used to work fine on Mavericks. # dovecot: auth account password session auth optional pam_krb5.so use_kcminit auth optional pam_ntlm.so try_first_pass auth optional pam_mount.so try_first_pass auth required pam_opendirectory.so try_first_pass account required pam_nologin.so account required pam_opendirectory.so password required pam_opendirectory.so session required pam_launchd.so session required pam_uwtmp.so session optional pam_mount.so I tried to simplify it by using the one suggested on dovecot's PAM wiki. # dovecot: auth account password session auth required pam_opendirectory.so try_first_pass account required pam_nologin.so account required pam_opendirectory.so password required pam_opendirectory.so On Yosemite, neither works. Or, quite possibly, both configurations are fine and the problem lies elsewhere. Any pointers would be greatly appreciated. In the mean time I'll be using auth-passwdfile, since that works. Thanks, -Markus From stephan at rename-it.nl Tue Dec 30 22:04:08 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 30 Dec 2014 23:04:08 +0100 Subject: Segmentation fault in pigeonhole lib-sieve In-Reply-To: <54A1C149.6050507@cora.nwra.com> References: <54A1C149.6050507@cora.nwra.com> Message-ID: <54A32158.8070007@rename-it.nl> On 12/29/2014 10:02 PM, Orion Poplawski wrote: > The sieve plugin for Thundirbird likes to rapidly compile work in > progress sieve scripts to continually give feedback on any errors in > the script. This can trigger segmentation faults in lib-sieve with > certain pathologically incomplete sieve scripts. One example: Yes. This is a very straightforward problem. > Here's a completely naive attempt at a patch: That is a good fix. However, lib-sieve has a utility function for verifications like this and that should have been used. Comparator handling predates this function, so I must have forgot to change comparator validation accordingly, which would have fixed this problem implicitly. Well, it is fixed now: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/b6c55ac6460d Thanks! Regards, Stephan. From orion at cora.nwra.com Tue Dec 30 22:13:12 2014 From: orion at cora.nwra.com (Orion Poplawski) Date: Tue, 30 Dec 2014 15:13:12 -0700 Subject: Segmentation fault in pigeonhole lib-sieve In-Reply-To: <54A32158.8070007@rename-it.nl> References: <54A1C149.6050507@cora.nwra.com> <54A32158.8070007@rename-it.nl> Message-ID: <54A32378.3060808@cora.nwra.com> On 12/30/2014 03:04 PM, Stephan Bosch wrote: > On 12/29/2014 10:02 PM, Orion Poplawski wrote: >> The sieve plugin for Thundirbird likes to rapidly compile work in >> progress sieve scripts to continually give feedback on any errors in >> the script. This can trigger segmentation faults in lib-sieve with >> certain pathologically incomplete sieve scripts. One example: > > Yes. This is a very straightforward problem. > >> Here's a completely naive attempt at a patch: > > That is a good fix. However, lib-sieve has a utility function for > verifications like this and that should have been used. Comparator > handling predates this function, so I must have forgot to change > comparator validation accordingly, which would have fixed this problem > implicitly. > > Well, it is fixed now: > > http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/b6c55ac6460d > > Thanks! > > Regards, > > Stephan. Excellent, thanks for the quick fix! -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion at cora.nwra.com Boulder, CO 80301 http://www.cora.nwra.com From leon at dexterous.org Wed Dec 31 02:49:22 2014 From: leon at dexterous.org (Leon Kyneur) Date: Wed, 31 Dec 2014 13:49:22 +1100 Subject: Authenticating Virtual Users without domain Message-ID: Hi, I'm trying to migrate a large number of users to a new Dovecot cluster. The existing mail system allows a user to authenticate with a bare username if they have connected to the correct local IP on the server. e.g. imap.somedomain.com = 1.1.1.1 imap.anotheromain.com = 2.2.2.2 charlie at somedomain can authnenticate as 'charlie' or 'charlie at somedomain.com' as long as he is connected to imap.somedomain.com (1.1.1.1) likewise for bare usernames if they connect to imap.anotherdomain.com. A previous colleague actually achieved this by hacking with the Dovecot source code and writing in a lookup table feature. The code is very old and won't patch cleanly to the latest 2.2.15 source. Another platform we are using (commercial product) also has this feature but we also need to migrate these users to Dovecot. I already have a Dovecot proxy layer for mailbox lookup - so ideally I would like to do this on my Dovecot proxies. I know I can also do this kind of thing if I swapped my dovecot proxy for Perdition, however I don't really want to do that. I've looked into checkpassword scripts and could possibly make something work (albeit ugly) - is this the right direction to take here? Thanks, Leon From professa at dementianati.com Wed Dec 31 03:51:51 2014 From: professa at dementianati.com (Professa Dementia) Date: Tue, 30 Dec 2014 19:51:51 -0800 Subject: Authenticating Virtual Users without domain In-Reply-To: References: Message-ID: <54A372D7.3000901@dementianati.com> On 12/30/2014 6:49 PM, Leon Kyneur wrote: > Hi, > > I'm trying to migrate a large number of users to a new Dovecot > cluster. The existing mail system allows a user to authenticate with a > bare username if they have connected to the correct local IP on the > server. > > e.g. > imap.somedomain.com = 1.1.1.1 > imap.anotheromain.com = 2.2.2.2 > > charlie at somedomain can authnenticate as 'charlie' or > 'charlie at somedomain.com' as long as he is connected to > imap.somedomain.com (1.1.1.1) > > likewise for bare usernames if they connect to imap.anotherdomain.com. > > A previous colleague actually achieved this by hacking with the > Dovecot source code and writing in a lookup table feature. The code is > very old and won't patch cleanly to the latest 2.2.15 source. Another > platform we are using (commercial product) also has this feature but > we also need to migrate these users to Dovecot. > > I already have a Dovecot proxy layer for mailbox lookup - so ideally I > would like to do this on my Dovecot proxies. > > I know I can also do this kind of thing if I swapped my dovecot proxy > for Perdition, however I don't really want to do that. > > I've looked into checkpassword scripts and could possibly make > something work (albeit ugly) - is this the right direction to take > here? Using SQL as the user database, set up a table for the mail users. The following example uses the table named "mail_users" with the following fields: user_name = part left of @ in email address (EX: joe) user_domain = part right of @ in email address( EX: mydomain.com) domain_ip = the IP they connect to for their domain (EX: 1.1.1.1) password = hashed password home = full path to user's home directory uid = user's uid gid = user's gid In dovecot-sql.conf.ext: (line breaks and indenting are added to improve readability but your statement should be all one line in the dovecot-sql.conf.ext file) password_query = SELECT CONCAT(user_name, '@', user_domain) AS user, password, home AS userdb_home, CONCAT('maildir:', home) AS userdb_mail, uid AS userdb_uid, gid AS userdb_gid FROM mail_users WHERE user_name = '%Lu' AND domain_ip = '%l' NOTE: %Lu is used on purpose, rather than %Ln. %Lu will fail the lookup if the user provides a full email address, and this is deliberate. If you also want to allow the user to connect to *any* IP with their full email address as their login, use: password_query = SELECT CONCAT(user_name, '@', user_domain) AS user, password, home AS userdb_home, CONCAT('maildir:', home) AS userdb_mail, uid AS userdb_uid, gid AS userdb_gid FROM mail_users WHERE ( user_name = '%Lu' AND domain_ip = '%l' ) OR ( user_name = '%Ln' AND user_domain = '%Ld' ) With this query, the user can log in as "joe" by connecting to their domain's specific IP, or they can log in as joe at mydomain.com by connecting to any IP the server is listening on. This is just a simple example to get started. You will probably want to expand this by adding fields to specify if the account is active and so on. Also, you can put the domain to local IP mapping in another table and use a JOIN in your SELECT query, so you can eliminate the "domain_ip" field from the "mail_users" table. This is an exercise left to the reader. The "mail_users" table should have a primary index on the combined "user_name" and "user_domain" fields, which should be unique. In your dovecot-sql.conf.ext file, you will need to create a "user_query" statement similar to your finalized "password_query" statement, as well as an appropriate "iterate_query" statement. See the Dovecot documentation. Cheers. Dem From rblayzor.bulk at inoc.net Wed Dec 31 16:05:20 2014 From: rblayzor.bulk at inoc.net (Robert Blayzor) Date: Wed, 31 Dec 2014 11:05:20 -0500 Subject: Sieve permissions issue following update In-Reply-To: References: <548732CB.4070606@blackrosetech.com> <5487351C.7030303@localhost.localdomain.org> <5487528D.6030105@blackrosetech.com> Message-ID: On Dec 10, 2014, at 1:52 AM, Steffen Kaiser wrote: > >> Global scripts were compiled: >> >> /usr/local/etc/dovecot/sieve # ls >> 10-move-spam.sieve 10-move-spam.svbin > >> However, I ran sievec again and tried saving a modified script and got the same: > > Actually this "ls" output and the last sentence does not indicate that the Sieve script had been compiled: a) after changing 10-move-spam.sieve _and_ b) after the upgrade with the new Sieve tools. > > Did _you_ _manually_ run: > > cd /usr/local/etc/dovecot/sieve > rm 10-move-spam.svbin > sievec -D 10-move-spam.sieve > > ? And, is the sievec command displaying the Pigeonhole version you have installed? I've been following this thread and have been seeing a similar problem. Dovecot 2.2.5 and pigeonhole-0.4.6 The problem I'm having is with "sieve_default" script that's in a directory users have no permission to: sieve = ~/.dovecot.sieve sieve_dir = ~/.sieve.d sieve_default = /etc/dovecot/sieve/default.sieve My sieve.default only has "keep;" and I manually removed and compiled it. sievec(root): Debug: sieve: Pigeonhole version 0.4.6 (3e924b1b6c5c+) initializing sievec(root): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. sievec(root): Debug: sieve: file storage: Using script storage path: default.sieve sievec(root): Debug: sieve: file script: Opened script `default' from `default.sieve' sievec(root): Debug: sieve: Script `default' from default.sieve successfully compiled ls -l -rw-r--r-- 1 root wheel 6 Dec 31 15:54 default.sieve -rw-r--r-- 1 root wheel 142 Dec 31 15:54 default.svbin Yet, dovecot still tries to compile it under the user in that path. Dec 31 15:55:11 dovecot: lda(fred): Error: sieve: binary save: failed to create temporary file: open(/etc/dovecot/sieve/default.svbin.localhost.87581.) failed: Permission denied (euid=1002(fred) egid=1002(fred) missing +w perm: /etc/dovecot/sieve, dir owned by 26:0 mode=0755) Dec 31 15:55:11 dovecot: lda(fred): Error: sieve: The LDA Sieve plugin does not have permission to save global Sieve script binaries; global Sieve scripts like `/etc/dovecot/sieve/default.sieve' need to be pre-compiled using the sievec tool Dec 31 15:55:11 dovecot: lda(fred): sieve: msgid=<63706CEA-E77F-45BE-B848-1E664773EBDE at inoc.net>: stored mail into mailbox 'INBOX' Ideas? From rs at sys4.de Wed Dec 31 16:18:35 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 31 Dec 2014 17:18:35 +0100 Subject: Sieve permissions issue following update In-Reply-To: References: <548732CB.4070606@blackrosetech.com> <5487351C.7030303@localhost.localdomain.org> <5487528D.6030105@blackrosetech.com> Message-ID: <54A421DB.6010605@sys4.de> see Am 31.12.2014 um 17:05 schrieb Robert Blayzor: > missing +w perm: /etc/dovecot/sieve, dir owned by 26:0 mode=0755) Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From dan at langille.org Wed Dec 31 16:29:04 2014 From: dan at langille.org (Dan Langille) Date: Wed, 31 Dec 2014 11:29:04 -0500 Subject: dovecot-auth only configuration Message-ID: <4DC8CC41-54FD-44E3-B837-D13E071D5AC2@langille.org> I am configuring a dovecot-auth only installation. Postfix will use dovecot for sasl auth. Here is the configuration I?ve settled upon. I welcome suggestions for improving this setup. Thanks. # doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.3-RELEASE-p5 amd64 auth_mechanisms = plain login mail_max_userip_connections = 80 mail_privileged_group = mail passdb { args = scheme=SHA512-CRYPT /var/db/dovecot.users driver = passwd-file } protocols = none service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root } userdb { args = /var/db/dovecot.users driver = passwd-file } verbose_proctitle = yes ? Dan Langille http://langille.org/ From dan at langille.org Wed Dec 31 16:32:10 2014 From: dan at langille.org (Dan Langille) Date: Wed, 31 Dec 2014 11:32:10 -0500 Subject: Postfix and Dovecot SASL - wiki update Message-ID: <6DE2147F-0A36-4E69-9D32-8E8D214C5767@langille.org> I wanted to mention I updated the Postfix and Dovecot SASL wiki entry yesterday. http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL The entry: submission inet n - - - - smtpd was incorrect. It should be: submission inet n - n - - smtpd By specifying n for chroot, it ensures that DNS lookups can occur. Otherwise, if you are using reject_unknown_recipient_domain the following error will occur: Recipient address rejected: Domain not found Hope that helps. ? Dan Langille http://langille.org/ From rblayzor.bulk at inoc.net Wed Dec 31 17:36:20 2014 From: rblayzor.bulk at inoc.net (Robert Blayzor) Date: Wed, 31 Dec 2014 12:36:20 -0500 Subject: Sieve permissions issue following update In-Reply-To: <54A421DB.6010605@sys4.de> References: <548732CB.4070606@blackrosetech.com> <5487351C.7030303@localhost.localdomain.org> <5487528D.6030105@blackrosetech.com> <54A421DB.6010605@sys4.de> Message-ID: <3C3B5D0A-0368-4E3B-9FDC-3E643ED75D62@inoc.net> On Dec 31, 2014, at 11:18 AM, Robert Schetterer wrote: > Am 31.12.2014 um 17:05 schrieb Robert Blayzor: >> missing +w perm: /etc/dovecot/sieve, dir owned by 26:0 mode=0755) > > > > Best Regards > MfG Robert Schetterer Which is correct. Dovecot-lda is running as the local user account, the default is not owned by them and the local user cannot write into the global/default sieve location. The path has a precompiled default sieve script that the user does not own, it's a default. So why is trying to compile the script (which is already compiled) in the default location? That is the problem. -Robert From rs at sys4.de Wed Dec 31 18:18:53 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 31 Dec 2014 19:18:53 +0100 Subject: Sieve permissions issue following update In-Reply-To: <3C3B5D0A-0368-4E3B-9FDC-3E643ED75D62@inoc.net> References: <548732CB.4070606@blackrosetech.com> <5487351C.7030303@localhost.localdomain.org> <5487528D.6030105@blackrosetech.com> <54A421DB.6010605@sys4.de> <3C3B5D0A-0368-4E3B-9FDC-3E643ED75D62@inoc.net> Message-ID: <54A43E0D.3090308@sys4.de> Am 31.12.2014 um 18:36 schrieb Robert Blayzor: > On Dec 31, 2014, at 11:18 AM, Robert Schetterer wrote: >> Am 31.12.2014 um 17:05 schrieb Robert Blayzor: >>> missing +w perm: /etc/dovecot/sieve, dir owned by 26:0 mode=0755) >> >> >> >> Best Regards >> MfG Robert Schetterer > > > Which is correct. Dovecot-lda is running as the local user account, the default is not owned by them and the local user cannot write into the global/default sieve location. The path has a precompiled default sieve script that the user does not own, it's a default. > > So why is trying to compile the script (which is already compiled) in the default location? That is the problem. > > -Robert > However logs mostly tells truth , you have a permission problem Happy New Year Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From tlx at leuxner.net Wed Dec 31 21:10:45 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Wed, 31 Dec 2014 22:10:45 +0100 Subject: Different behavior of ACLs in MUA and doveadm Message-ID: <20141231211045.GA43677@nihlus.leuxner.net> I have noticed a difference in the behavior of ACLs. When used in a MUA the following global ACL works fine and has the desired effect - new mailboxes can be created by a user being part of the 'PublicMailboxAdmins' group: [ global-acl: ] INBOX owner lrwstiekxap Public/* group=PublicMailboxAdmins lrwsipk Public/* anyone lr Public/* authenticated lrws Creating the same mailbox via doveadm however fails with a permission problem: doveadm(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl doveadm(tlx at leuxner.net): Debug: Namespace : type=public, prefix=Public/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=mdbox:/var/vmail/public:INDEXPVT=~/mdbox/public doveadm(tlx at leuxner.net): Debug: fs: root=/var/vmail/public, index=, indexpvt=/var/vmail/domains/leuxner.net/tlx/mdbox/public, control=, inbox=, alt= doveadm(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 doveadm(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net doveadm(tlx at leuxner.net): Debug: acl: owner = 0 doveadm(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl doveadm(tlx at leuxner.net): Debug: Namespace : type=private, prefix=Virtual/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=virtual:~/mdbox/virtual doveadm(tlx at leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox/virtual, index=, indexpvt=, control=, inbox=, alt= doveadm(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 doveadm(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net doveadm(tlx at leuxner.net): Debug: acl: owner = 1 doveadm(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl doveadm(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/dovecot-acl not found doveadm(tlx at leuxner.net): Error: Can't create mailbox Public/Archive/Newsletters/heise-security/2014: Permission denied Interestingly, doveadm succeeds when dovecot-acl is present in the namespace root - which of course is not desirable in the light of the global ACL: [ dovecot-acl: ] group=PublicMailboxAdmins lrwsipk doveadm(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl doveadm(tlx at leuxner.net): Debug: Namespace : type=public, prefix=Public/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=mdbox:/var/vmail/public:INDEXPVT=~/mdbox/public doveadm(tlx at leuxner.net): Debug: fs: root=/var/vmail/public, index=, indexpvt=/var/vmail/domains/leuxner.net/tlx/mdbox/public, control=, inbox=, alt= doveadm(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 doveadm(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net doveadm(tlx at leuxner.net): Debug: acl: owner = 0 doveadm(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl doveadm(tlx at leuxner.net): Debug: Namespace : type=private, prefix=Virtual/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=virtual:~/mdbox/virtual doveadm(tlx at leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox/virtual, index=, indexpvt=, control=, inbox=, alt= doveadm(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 doveadm(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net doveadm(tlx at leuxner.net): Debug: acl: owner = 1 doveadm(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl doveadm(tlx at leuxner.net): Debug: acl vfile: reading file /var/vmail/public/mailboxes/dovecot-acl doveadm(tlx at leuxner.net): Debug: Namespace Public/: /var/vmail/public/mailboxes/Archive/Newsletters/heise-security/2014 doesn't exist yet, using default permissions doveadm(tlx at leuxner.net): Debug: Namespace Public/: Using permissions from /var/vmail/public: mode=0700 gid=default doveadm(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Newsletters/heise-security/dbox-Mails/dovecot-acl not found doveadm(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Newsletters/heise-security/2014/dbox-Mails/dovecot-acl not found doveadm(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Newsletters/heise-security/2014/dbox-Mails/dovecot-acl not found doveadm(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Newsletters/heise-security/2014/dbox-Mails/dovecot-acl not found # 2.2.15 (6078354e6238): /etc/dovecot/dovecot.conf I know there have been some changes in Mercurial as to how global ACLs are interpreted. Is doveadm probably behind on them? Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From wojtek at puchar.net Wed Dec 31 18:23:45 2014 From: wojtek at puchar.net (Wojciech Puchar) Date: Wed, 31 Dec 2014 19:23:45 +0100 (CET) Subject: dovecot 2 low TCP speed (fetching big mail) Message-ID: i use dovecot 2 under FreeBSD (dovecot2-2.2.15 compiled from ports). tried both with kqueue enabled or not. everything works very fast, EXCEPT fetching big mail. tried multiple clients (thunderbird on windows, alpine on the same server, alpine on other unix server connected by 1Gb/s LAN) and fetching peaks at 1MB/s. NO SSL! could you please point me where to search for a problem. hints: writing over IMAP (eg. writing to Sent folder) works at full speed. Doesn't seem like a problem with unix server, every other service goes at speed 70-100MB/s both directions (like samba, ftp). tried to turn off "kqueue" compile time option, no difference. Please give me a hint at least what to check. Does dovecot use other way to sent data over TCP socket than other programs? thank you. From rblayzor.bulk at inoc.net Wed Dec 31 23:19:46 2014 From: rblayzor.bulk at inoc.net (Robert Blayzor) Date: Wed, 31 Dec 2014 18:19:46 -0500 Subject: dovecot 2 low TCP speed (fetching big mail) In-Reply-To: References: Message-ID: On Dec 31, 2014, at 1:23 PM, Wojciech Puchar wrote: > > i use dovecot 2 under FreeBSD (dovecot2-2.2.15 compiled from ports). > > tried both with kqueue enabled or not. > > everything works very fast, EXCEPT fetching big mail. > > tried multiple clients (thunderbird on windows, alpine on the same server, alpine on other unix server connected by 1Gb/s LAN) and fetching peaks at 1MB/s. NO SSL! > > could you please point me where to search for a problem. > > hints: > > writing over IMAP (eg. writing to Sent folder) works at full speed. > > Doesn't seem like a problem with unix server, every other service goes at speed 70-100MB/s both directions (like samba, ftp). > > tried to turn off "kqueue" compile time option, no difference. > > Please give me a hint at least what to check. Does dovecot use other way to sent data over TCP socket than other programs? Beat metal or VM? Which NIC driver? IPv4 or IPv6? Is the mail spool on the local server or on a SAN like NFS or ISCSI? How slow is "slow" ? How big is "big" ? Does it stall? Does it start of fast and slow down? -Robert