From benoit.panizzon at imp.ch Sun Jun 1 15:36:59 2014 From: benoit.panizzon at imp.ch (Benoit Panizzon) Date: Sun, 1 Jun 2014 17:36:59 +0200 Subject: [Dovecot] Disabling plus sign extension delimiter in lmtp listener (or userdb) In-Reply-To: <6410034F-7D07-4329-964D-DBA262C62830@skynet.be> References: <201405301627.23393.benoit.panizzon@imp.ch> <6410034F-7D07-4329-964D-DBA262C62830@skynet.be> Message-ID: <201406011736.59688.benoit.panizzon@imp.ch> Hi Axel > This is probably related to the recipient_delimiter setting, which defaults > to '+'. Where is there such a setting in the dovecot config itself? The postfix MTA knows of such a delimiter, but the MTA is not involved as I connect directly to the dovecot LMTP service. Or does dovecot somehow try to read the postfix config? That would not make any sense. I suppose the dovecot LMTP or userdb lookup code has some hardcoded 'feature' threating + as a delimiter for userdb lookups, thus fails if + is not used as such a delimiter. -Benoit- From tlx at leuxner.net Sun Jun 1 15:58:02 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Sun, 1 Jun 2014 17:58:02 +0200 Subject: [Dovecot] Disabling plus sign extension delimiter in lmtp listener (or userdb) In-Reply-To: <201406011736.59688.benoit.panizzon@imp.ch> References: <201405301627.23393.benoit.panizzon@imp.ch> <6410034F-7D07-4329-964D-DBA262C62830@skynet.be> <201406011736.59688.benoit.panizzon@imp.ch> Message-ID: <20140601155802.GA22071@nihlus.leuxner.net> * Benoit Panizzon 2014.06.01 17:36: > Where is there such a setting in the dovecot config itself? $ doveconf -a | grep recipient lda_original_recipient_header = recipient_delimiter = + $ grep delimiter 15-lda.conf #recipient_delimiter = + -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From axel.luttgens at skynet.be Sun Jun 1 16:14:54 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Sun, 1 Jun 2014 18:14:54 +0200 Subject: [Dovecot] Disabling plus sign extension delimiter in lmtp listener (or userdb) In-Reply-To: <201406011736.59688.benoit.panizzon@imp.ch> References: <201405301627.23393.benoit.panizzon@imp.ch> <6410034F-7D07-4329-964D-DBA262C62830@skynet.be> <201406011736.59688.benoit.panizzon@imp.ch> Message-ID: <14A1333D-38A4-41B9-8057-C9587D4127DD@skynet.be> Le 1 juin 2014 ? 17:36, Benoit Panizzon a ?crit : > Hi Axel > >> This is probably related to the recipient_delimiter setting, which defaults >> to '+'. > > Where is there such a setting in the dovecot config itself? This is a LDA-related setting (see for example share/doc/dovecot/example-config/conf.d/15-lda.conf for some details). Its default value is '+', as shown by the output of: doveconf -d recipient_delimiter You could put recipient_delimiter = into dovecot.conf so as to disable the handling of such a delimiter. HTH, Axel From benoit.panizzon at imp.ch Sun Jun 1 17:51:59 2014 From: benoit.panizzon at imp.ch (Benoit Panizzon) Date: Sun, 1 Jun 2014 19:51:59 +0200 Subject: [Dovecot] Disabling plus sign extension delimiter in lmtp listener (or userdb) In-Reply-To: <20140601155802.GA22071@nihlus.leuxner.net> References: <201405301627.23393.benoit.panizzon@imp.ch> <201406011736.59688.benoit.panizzon@imp.ch> <20140601155802.GA22071@nihlus.leuxner.net> Message-ID: <201406011951.59707.benoit.panizzon@imp.ch> Am Sunday, 1. June 2014, 17.58:02 schrieb Thomas Leuxner: > * Benoit Panizzon 2014.06.01 17:36: > > Where is there such a setting in the dovecot config itself? > > $ doveconf -a | grep recipient > lda_original_recipient_header = > recipient_delimiter = + > > $ grep delimiter 15-lda.conf > #recipient_delimiter = + Thank you! -Benoit- From benoit.panizzon at imp.ch Sun Jun 1 17:54:23 2014 From: benoit.panizzon at imp.ch (Benoit Panizzon) Date: Sun, 1 Jun 2014 19:54:23 +0200 Subject: [Dovecot] Disabling plus sign extension delimiter in lmtp listener (or userdb) In-Reply-To: <14A1333D-38A4-41B9-8057-C9587D4127DD@skynet.be> References: <201405301627.23393.benoit.panizzon@imp.ch> <201406011736.59688.benoit.panizzon@imp.ch> <14A1333D-38A4-41B9-8057-C9587D4127DD@skynet.be> Message-ID: <201406011954.23834.benoit.panizzon@imp.ch> Am Sunday, 1. June 2014, 18.14:54 schrieb Axel Luttgens: > Le 1 juin 2014 ? 17:36, Benoit Panizzon a ?crit : > > Hi Axel > > > >> This is probably related to the recipient_delimiter setting, which > >> defaults to '+'. > > > > Where is there such a setting in the dovecot config itself? > > This is a LDA-related setting (see for example > share/doc/dovecot/example-config/conf.d/15-lda.conf for some details). > > Its default value is '+', as shown by the output of: > > doveconf -d recipient_delimiter > > You could put > > recipient_delimiter = > > into dovecot.conf so as to disable the handling of such a delimiter. Drat! I think that option was removed by a colleague to disable the delimiter, instead of setting it to an empty value. Thank you, will test but I'm pretty sure that's the solution. The Dovecot Wiki is not very clear as for me it looked like to be only postfix related. -Benoit- From bubreg.istvan at gmail.com Sun Jun 1 19:58:15 2014 From: bubreg.istvan at gmail.com (=?UTF-8?Q?Bubreg_Istv=C3=A1n?=) Date: Sun, 1 Jun 2014 21:58:15 +0200 Subject: [Dovecot] Combining userdbs Message-ID: Hi, I think that using more than one userdb with setting the result actions doesn't work as expected from the documentation. The goal would be to set user-specific quotas for a few users with a specific passwd-file like this : cat /etc/dovecot/quotas foo:x::::::userdb_quota_rule=*:storage=2G The first userdb is passwd (with pam passwd): userdb { driver = passwd result_failure = return-fail result_internalfail = return-fail result_success = continue-ok skip = never } The second one is for the specific quota userdb { args = username_format=%n /etc/dovecot/quotas driver = passwd-file result_failure = continue result_internalfail = continue result_success = return-ok skip = notfound } User 'foo' exists in (pam) passd, but there's no place to store his own quota rule, that's why came handy to use a second userdb for storing just one extra field. That's working quiet well, he default quota is overriding form passwd-file. BUT: I've played a lot with changing the result_* and the 'skip' parameters, but none of them worked in the situation where a user ('bar') _only_ exists in passwd (and has to use the default quota config). doveadm quota get -u bar says doveadm(bar): Fatal: User doesn't exist With changing the parameters this error has gone, but the second userdb doesn't used for user 'foo' - even if the parameters are : userdb { driver = passwd result_failure = return-fail result_internalfail = return-fail result_success = continue <-- in theory, the next userdb is coming skip = never } userdb { args = username_format=%n /etc/dovecot/quotas driver = passwd-file result_failure = continue result_internalfail = continue result_success = return-ok skip = notfound } My question is that how should i set the result_* and 'skip' parameters to solve this : - there's a default quota rule in the config - some (a few) users has a larger quota - there's no way to store the user-specific quotas in the 'real' userdb (because it's pam/passwd) Thank you for your effort. # dovecot -n # 2.2.13 (de9b10f2e168): /etc/dovecot/dovecot.conf # OS: Linux 3.11.0-15-generic i686 Ubuntu 12.04.4 LTS auth_debug = yes auth_debug_passwords = yes auth_verbose = yes auth_verbose_passwords = yes disable_plaintext_auth = no listen = * log_path = /var/log/dovecot.log mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = " quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { quota = maildir:User quota quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap sieve" service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { process_limit = 1024 } ssl = no ssl_cert = -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As far as I understood fetch -u p.heinlein at jpberlin.de hdr mailbox-guid [...]93d5 uid 58175 should fetch exactly the header of the specified mail. But on my Dovecot 2.2.12 it fetches the header *twice* (same with body, same with text). ======================================== hdr: Return-Path: Delivered-To: [...] hdr: Return-Path: Delivered-To: [...] ======================================== Peer - -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTi4ttAAoJEAOLLpq5E82HL/MIAIx1WBDdzP/u5fI/VuyfSzYO gj8M5WL8MkamOpziOfADBdRR1qZwsuS8EjFmdNSrdqrLFM1tle/0Umaa3buJBeyF OuTIodbkv5prgoF/YDxsOKXMSCDx8JP3o5twNbTQfdMT+rYww80GGqDbAFv5VMzJ vNAOQZ3Le1S45da1wL526UcPSHNBXwMMbpCS3LY60iKRbHaURXJuotbXb4DemD0J En2ZjQzmstIBbyFL7X3JfiyiEe3Dmdq5u0XJC5j2Xo3U9mfHB2FBmbEE9KdKPXgu wL2cihep5lDExS2N89ne9Zp6n/Ff104Gki1gwQu0mSBPS8OGFSIJ5iGDBdWIEGk= =4smt -----END PGP SIGNATURE----- From dovecot at webrz.net Mon Jun 2 13:35:07 2014 From: dovecot at webrz.net (Jos Chrispijn) Date: Mon, 02 Jun 2014 15:35:07 +0200 Subject: [Dovecot] Dovecot 2 | Creating message rules Message-ID: <538C7D8B.1020303@webrz.net> Can someone explain how I can create message rules to use with this version of Dovecot? I specially switched to this version because it supports then Pigeonhole Sieve. I would like to volunteer to contribute as a volunteer when someone would like to create a html driven user interface that provides a user friendly configuration interface and would make such configuration a piece of cake. -- Best regards, Jos Chrispijn --- Artificial intelligence is no match for natural stupidity From bubreg.istvan at gmail.com Mon Jun 2 13:46:34 2014 From: bubreg.istvan at gmail.com (=?UTF-8?Q?Bubreg_Istv=C3=A1n?=) Date: Mon, 2 Jun 2014 15:46:34 +0200 Subject: [Dovecot] Dovecot 2 | Creating message rules In-Reply-To: <538C7D8B.1020303@webrz.net> References: <538C7D8B.1020303@webrz.net> Message-ID: I'm using roundcube for this, it has a 'managesieve' plugin which works with dovecot well. 2014-06-02 15:35 GMT+02:00 Jos Chrispijn : > Can someone explain how I can create message rules to use with this > version of Dovecot? I specially switched to this version because it > supports then Pigeonhole Sieve. I would like to volunteer to contribute as > a volunteer when someone would like to create a html driven user interface > that provides a user friendly configuration interface and would make such > configuration a piece of cake. > > -- > > Best regards, > Jos Chrispijn > > --- Artificial intelligence is no match for natural stupidity > From dovecot at webrz.net Mon Jun 2 13:55:15 2014 From: dovecot at webrz.net (Jos Chrispijn) Date: Mon, 02 Jun 2014 15:55:15 +0200 Subject: [Dovecot] Dovecot 2 | Creating message rules In-Reply-To: References: <538C7D8B.1020303@webrz.net> Message-ID: <538C8243.4080605@webrz.net> Bubreg Istv?n: > I'm using roundcube for this, it has a 'managesieve' plugin which works > with dovecot well. Do you mean that I can create rules with Roundcube and have them processed by Dovecot without having to open Roundcube itself (or any other mailclient) to process these rules? Thant would be a perfect solution then! Can you tell me more or hint me a URL where I can raise my learning curve? Best regards, Jos Chrispijn From axel.luttgens at skynet.be Mon Jun 2 14:11:21 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Mon, 2 Jun 2014 16:11:21 +0200 Subject: [Dovecot] Dovecot 2.1.13: some questions about the mail-filter plugin Message-ID: <0F204B77-3B63-43A6-9B09-4D7D3C5D560F@skynet.be> Looking at mail_filter_mailbox_allocated() of src/plugins/mail-filter/mail-filter-plugin.c: if ((class_flags & MAIL_STORAGE_CLASS_FLAG_OPEN_STREAMS) == 0 && (class_flags & MAIL_STORAGE_CLASS_FLAG_BINARY_DATA) != 0 && muser->out_socket_path != NULL) v->save_begin = mail_filter_mail_save_begin; it seems that a backend with MAIL_STORAGE_CLASS_FLAG_OPEN_STREAMS unset and MAIL_STORAGE_CLASS_FLAG_BINARY_DATA set is expected by the plugin. Technically, this would thus exclude the mbox backend, since its flag configuration seems to be exactly the opposite: struct mail_storage mbox_storage = { .name = MBOX_STORAGE_NAME, .class_flags = MAIL_STORAGE_CLASS_FLAG_MAILBOX_IS_FILE | MAIL_STORAGE_CLASS_FLAG_OPEN_STREAMS | MAIL_STORAGE_CLASS_FLAG_HAVE_MAIL_GUIDS, [...] Is this a correct interpretation? If yes, what is the rationale? I couldn't find any info related to such a limitation in the docs; the README file of http://dovecot.org/patches/2.2/mail-filter.tar.gz even says: "Mail filter plugin can read an email from any storage supported by Dovecot and modify the mail in some way"... All of this stems from my attempts to have working mail filters when I was trying to better understand the behaviors Stanislas was describing in a recent thread... Hence another question; in sdbox-storage.c, the definition of the "alias" for sdbox comes with: struct mail_storage dbox_storage = { .name = "dbox", /* alias */ .class_flags = MAIL_STORAGE_CLASS_FLAG_FILE_PER_MSG, [...] The initialization of member class_flags seems to be incomplete, when compared to the one for the name "sdbox". A typo? On the other hand, Stanislas showed a configuration with mail_location = dbox:/mailboxes/%Ld/%Ln and seemed to have a working mail filter. If above interpretation is correct, this would mean that the "alias" definition isn't used, but that the one for "sdbox" is used instead. Out of curiosity, how/where is that substitution achieved? Regards, Axel From h.reindl at thelounge.net Mon Jun 2 14:11:42 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 02 Jun 2014 16:11:42 +0200 Subject: [Dovecot] Dovecot 2 | Creating message rules In-Reply-To: <538C8243.4080605@webrz.net> References: <538C7D8B.1020303@webrz.net> <538C8243.4080605@webrz.net> Message-ID: <538C861E.3000606@thelounge.net> Am 02.06.2014 15:55, schrieb Jos Chrispijn: > Bubreg Istv?n: >> I'm using roundcube for this, it has a 'managesieve' plugin which works >> with dovecot well. > Do you mean that I can create rules with Roundcube and have them processed by Dovecot without having to open > Roundcube itself (or any other mailclient) to process these rules? Thant would be a perfect solution then! Can you > tell me more or hint me a URL where I can raise my learning curve? that's what sieve is supposed to do in general -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From Christian.Schmidt at chemie.uni-hamburg.de Mon Jun 2 14:21:54 2014 From: Christian.Schmidt at chemie.uni-hamburg.de (Christian Schmidt) Date: Mon, 02 Jun 2014 16:21:54 +0200 Subject: [Dovecot] Dovecot 2 | Creating message rules In-Reply-To: <538C861E.3000606@thelounge.net> References: <538C7D8B.1020303@webrz.net> <538C8243.4080605@webrz.net> <538C861E.3000606@thelounge.net> Message-ID: <538C8882.3090607@chemie.uni-hamburg.de> 02.06.2014 16:11, Reindl Harald: > > Am 02.06.2014 15:55, schrieb Jos Chrispijn: >> Bubreg Istv?n: >>> I'm using roundcube for this, it has a 'managesieve' plugin >>> which works with dovecot well. >> Do you mean that I can create rules with Roundcube and have them >> processed by Dovecot without having to open Roundcube itself (or >> any other mailclient) to process these rules? Thant would be a >> perfect solution then! Can you tell me more or hint me a URL >> where I can raise my learning curve? > that's what sieve is supposed to do in general The rules defined in the sieve language will be stored on the (mail) server. They get applied whenever an e-mail is "submitted" to (sieve-enabled) dovecot. The Horde project (see http://www.horde.org) offers a web interface for creating sieve rules, too. Regards, Christian -- No signature available. From pixilla at macports.org Mon Jun 2 17:40:20 2014 From: pixilla at macports.org (Bradley Giesbrecht) Date: Mon, 2 Jun 2014 10:40:20 -0700 Subject: [Dovecot] Dovecot 2 | Creating message rules In-Reply-To: References: <538C7D8B.1020303@webrz.net> Message-ID: <414492C5-4F03-49AE-A2FA-6102209BBA8A@macports.org> +1 roundcube/managesieve On Jun 2, 2014, at 6:46 AM, Bubreg Istv?n wrote: > I'm using roundcube for this, it has a 'managesieve' plugin which works > with dovecot well. > > > 2014-06-02 15:35 GMT+02:00 Jos Chrispijn : > >> Can someone explain how I can create message rules to use with this >> version of Dovecot? I specially switched to this version because it >> supports then Pigeonhole Sieve. I would like to volunteer to contribute as >> a volunteer when someone would like to create a html driven user interface >> that provides a user friendly configuration interface and would make such >> configuration a piece of cake. >> >> -- >> >> Best regards, >> Jos Chrispijn >> >> --- Artificial intelligence is no match for natural stupidity -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: Message signed with OpenPGP using GPGMail URL: From doctor at doctor.nl2k.ab.ca Mon Jun 2 17:38:10 2014 From: doctor at doctor.nl2k.ab.ca (The Doctor, 3328-138 Ave Edmonton AB T5Y 1M4, 669-2000, 473-4587) Date: Mon, 2 Jun 2014 11:38:10 -0600 (MDT) Subject: [Dovecot] Installing Godaddy Certificate Message-ID: I have 2 certs to install: One is intermediate the other the 'actual' cert. How do I do this? From larryrtx at gmail.com Mon Jun 2 18:17:18 2014 From: larryrtx at gmail.com (Larry Rosenman) Date: Mon, 2 Jun 2014 13:17:18 -0500 Subject: [Dovecot] Installing Godaddy Certificate In-Reply-To: References: Message-ID: concatenate them together: cat actual.crt intermediate.crt >chain.crt and use that one for Dovecot. Just had to do this for my comodo cert (see https://webmail.lerctr.org) On Mon, Jun 2, 2014 at 12:38 PM, The Doctor, 3328-138 Ave Edmonton AB T5Y 1M4, 669-2000, 473-4587 wrote: > I have 2 certs to install: > > One is intermediate the other the 'actual' cert. > > How do I do this? > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 108 Turvey Cove, Hutto, TX 78634-5688 From christian at lehrer-hoffmann.de Mon Jun 2 20:38:17 2014 From: christian at lehrer-hoffmann.de (Christian Hoffmann) Date: Mon, 02 Jun 2014 22:38:17 +0200 Subject: [Dovecot] dovecot: lda(foo): Error: User foo doesn't have home dir set, disabling duplicate database In-Reply-To: <5389EF91.5040606@lehrer-hoffmann.de> References: <5389EF91.5040606@lehrer-hoffmann.de> Message-ID: <538CE0B9.3050808@lehrer-hoffmann.de> Hello, some config-trys later: I have to set allow_all_users=yes in the userdb with driver=static: |userdb { args = home=/var/mail/%u uid=Debian-exim gid=Debian-exim|||allow_all_users=yes| driver = static }| Have a good time Christian || Am 31.05.2014 17:04, schrieb Christian Hoffmann: > Hello everyone, > > I have a small problem with dovecot installed on ubuntu-13.10. I use > dovcot as LDA with a LDAP-passdb and a pam-passdb. The userdb is > static. A mail to LDAP-user 'foo' is delivered with the error-message > > dovecot: lda(foo): Error: User foo doesn't have home dir set, > disabling duplicate database > > A mail to the pam-user 'bar' will deliverd without this error. But > both users should work with the static-userdb. Where is my mistake? > > Greetings > Christian > > dovecot --version > 2.1.7 > ############################################ my dovecot.conf > # 2.1.7: /etc/dovecot/dovecot.conf > # OS: Linux 3.11.0-22-generic i686 Ubuntu 13.10 ext4 > disable_plaintext_auth = no > first_valid_uid = 107 > last_valid_uid = 109 > listen = * > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_home = /var/mail/%u > mail_location = maildir:/var/mail/%u/Maildir > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date ihave > passdb { > args = /etc/dovecot/dovecot-ldap.conf > driver = ldap > } > passdb { > driver = pam > } > plugin { > sieve = /var/mail/%u/dovecot.sieve > sieve_before = /etc/dovecot/sieve.global/spamfilter.sieve > } > protocols = imap pop3 sieve > service auth { > user = root > } > service managesieve-login { > inet_listener sieve { > port = 2000 > } > } > ssl_cert = ssl_key = syslog_facility = local0 > userdb { > args = home=/var/mail/%u uid=Debian-exim gid=Debian-exim > driver = static > } > protocol pop3 { > pop3_uidl_format = %08Xu%08Xv > } > protocol lda { > auth_socket_path = /var/run/dovecot/auth-master > hostname = ods2.schule.de > mail_plugins = sieve > postmaster_address = postmaster > sendmail_path = /usr/sbin/sendmail > } > ############################## my dovecot-ldap.conf > uris = ldaps://my.ldap.host.edu > dn = chief > dnpass = secret > auth_bind = yes > ldap_version = 3 > base = ou=Personen,DC=my,DC=ldap,DC=host,DC=eu > scope = subtree > pass_filter = > (&(objectClass=user)(cn=%u)(memberOf:1.2.840.113556.1.4.1941:=cn=Mail,ou=Gruppen,DC=my,DC=ldap,DC=host,DC=eu)) From skeffling at gmail.com Mon Jun 2 21:11:58 2014 From: skeffling at gmail.com (Skeffling) Date: Mon, 02 Jun 2014 22:11:58 +0100 Subject: [Dovecot] Pigeonhole and dsync replication not replicating 'SETACTIVE' for a sieve script Message-ID: <538CE89E.2040301@gmail.com> Hello, I'm testing dovecot replication alongside pigeonhole and liking it. Dovecot v2.2.13 Pigeonhole v0.4.3 If I create or edit a sieve script on one server (via managesieve, using the thunderbird plugin as it happens) then it does get replicated to the other - great! However, if I set a script to be active (SETACTIVE) on one side then this is not being replicated across to the other server. Is this a known issue? Thank you! -- Andrew From mangoo at wpkg.org Mon Jun 2 22:14:03 2014 From: mangoo at wpkg.org (Tomasz Chmielewski) Date: Mon, 2 Jun 2014 23:14:03 +0100 Subject: [Dovecot] list all emails from command line? Message-ID: <20140602231403.51266505@s9> This is not strictly Dovecot question, but a more general IMAP one. I'm running a Dovecot server and have a user who is claiming that some email sent to him, say, on 30 May, showed up in his mailbox on 02 Jun. I've checked Postfix logs, and the message was correctly received on 30 May and passed to Dovecot. A similar issue happens every few days. This leaves me with two possibilities: 1) Dovecot is somehow not presenting the new mail to the user in a "timely manner" 2) user's email program is broken Therefore, I wanted to do some kind of "IMAP list" of the account, with a command line tool: - specify username, pass and server, - the tool would return a list of all email in their folders (message ID, From, To, Date, Subject). I would run it i.e. daily and this would let me verify when the mail was really visible in the account. Is anyone aware of a tool I could use to achieve that? -- Tomasz Chmielewski http://www.sslrack.com From d.parthey at metaways.de Tue Jun 3 01:05:05 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Tue, 03 Jun 2014 03:05:05 +0200 Subject: [Dovecot] list all emails from command line? In-Reply-To: <20140602231403.51266505@s9> References: <20140602231403.51266505@s9> Message-ID: <15e187a4-1dbd-4bdc-b3fa-1862743fa361@email.android.com> Hi I would recommend writing some small check scripts using perl IMAP module. You can even develop your own monitoring plugins this way. A different option would be to execute mutt in batch mode on the command line. Regards Daniel From dclist.hook at hook.net.nz Tue Jun 3 02:01:49 2014 From: dclist.hook at hook.net.nz (Bruce) Date: Tue, 03 Jun 2014 14:01:49 +1200 Subject: [Dovecot] Odd ownership of the dovecot-uidlist file In-Reply-To: References: Message-ID: <538D2C8D.9060107@hook.net.nz> Hi Robert (and list), See my response below, On 27/05/14 23:05, dovecot-request at dovecot.org wrote: > Message: 4 Date: Mon, 26 May 2014 19:50:01 -0700 From: Robert L > Mathews To: Dovecot Mailing List > Subject: Re: [Dovecot] Odd ownership of the > dovecot-uidlist file Message-ID: <5383FD59.9050809 at tigertech.com> > Content-Type: text/plain; charset=UTF-8 On 5/26/14, 6:06 PM, > dclist.hook at hook.net.nz wrote: >> >It would be great if someone can give us some hints where the problem >> >maybe as this has us stumped. > Have you tried "stat dovecot-uidlist" after it's changed to look at all > three times of the file? > > The "Change" time is probably more interesting than the modification > time. It should show the time that the ownership was altered or the file > recreated, and maybe you can look at the logs to see what happened then. Thanks for the suggestion, we have had another occurrence of the wrong ownership on the dovecot-uid today. And we took a stat of the file but the logs around the time dont give any indication of the incorrect user logging in, a dovecot error or anything helpful. This is the log entry for the user as the issue started occurring: Jun 3 11:18:13 brio dovecot: pop3-login: Login: user=, method=APOP, rip=x.x.x.x, lip=x.x.x.x, mpid=31874, TLS, session= Jun 3 11:18:13 brio dovecot: Dovecot postlogin.sh running as hamish at XXXXX (/mnt/spool/keepers/h/XXXXX/hamish) userid = 7053 (7053) - uidlist = 7053 Jun 3 11:18:13 brio dovecot: Dovecot for hamish at XXXXX finished, uidlist now = 7053 Jun 3 11:28:13 brio dovecot: pop3(hamish at XXXXX): Disconnected for inactivity top=0 (0 b), retr=0 (0 b), messages=380 (41770867 b), del=0 Jun 3 11:38:51 brio dovecot: pop3-login: Login: user=, method=APOP, rip=x.x.x.x, lip=x.x.x.x, mpid=16538, TLS, session= Jun 3 11:38:51 brio dovecot: Dovecot postlogin.sh running as hamish at XXXXX (/mnt/spool/keepers/h/XXXXX/hamish) userid = 7053 (7053) - uidlist = 26624 Jun 3 11:38:51 brio dovecot: Dovecot for hamish at XXXXX finished, uidlist now = 26624 Jun 3 11:38:51 brio dovecot: pop3(hamish at XXXXX): Error: open(/mnt/spool/keepers/h/XXXXX/hamish/Maildir/dovecot-uidlist) failed: Permission denied Jun 3 11:38:51 brio dovecot: pop3(hamish at XXXXX): Error: open(/mnt/spool/keepers/h/XXXXX/hamish/Maildir/dovecot-uidlist) failed: Permission denied Jun 3 11:38:51 brio dovecot: pop3(hamish at XXXXX): Error: Couldn't init INBOX: Internal error occurred. Refer to server log for more information. [2014-06-03 11:38:51] Jun 3 11:38:51 brio dovecot: pop3(hamish at XXXXX): Mailbox init failed top=0 (0 b), retr=0 (0 b), messages=0 (0 b), del=0 You will notice our postlogin script spits out some information about the uidlist file both before it starts and after it finishes which shows uid it as running as and the owner of the uidlist file. For reference this is the current script (we have pulled a lot of the extra stuff we were doing out for testing): -- 8<-- #!/bin/bash # WARNING: Be sure to use mail_drop_priv_before_exec=yes, otherwise the files are created as root! logger -t dovecot -p mail.info "Dovecot postlogin.sh running as $USER ($HOME) userid = $EUID ($UID) - uidlist = `stat $HOME/Maildir/dovecot-uidlist -c %u`" # Removed the exec so we can run something after the login. Once the uid list issue is fixed this should be set back #exec "$1" "$1" logger -t dovecot -p mail.info "Dovecot for $USER finished, uidlist now = `stat $HOME/Maildir/dovecot-uidlist -c %u`" -- 8<-- root at brio:/mnt/spool/keepers/h/XXXXXXX/hamish/Maildir# stat dovecot-uidlist File: `dovecot-uidlist' Size: 26819 Blocks: 56 IO Block: 1048576 regular file Device: 1ah/26d Inode: 9424182 Links: 3 Access: (0600/-rw-------) Uid: (26624/info-14552) Gid: (11307/domain14552) Access: 2014-06-03 11:18:05.000000000 +1200 Modify: 2014-06-03 01:55:19.000000000 +1200 Change: 2014-06-03 11:18:33.000000000 +1200 Birth: - The stat says the change happened at 11:18:33, so we looked at the logs around that time: Jun 3 11:18:32 brio dovecot: imap-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=647, session= Jun 3 11:18:32 brio dovecot: pop3(enquiry at xxx): Disconnected: Logged out top=0 (0 b), retr=0 (0 b), messages=64 (7363643 b), del=0 Jun 3 11:18:32 brio dovecot: Dovecot postlogin.sh running as test at xxx/test) userid = 1667 (1667) - uidlist = 1667 Jun 3 11:18:32 brio dovecot: pop3-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=652, session= Jun 3 11:18:32 brio dovecot: imap(test at xxx): Disconnected: Logged out bytes=9/360 Jun 3 11:18:32 brio dovecot: pop3(haidee.b at xxx): Disconnected: Logged out top=0 (0 b), retr=0 (0 b), messages=81 (17665182 b), del=0 Jun 3 11:18:32 brio dovecot: Dovecot for test at xxx finished, uidlist now = 1667 Jun 3 11:18:32 brio dovecot: Dovecot postlogin.sh running as test at xxx/test) userid = 1667 (1667) - uidlist = 1667 Jun 3 11:18:32 brio dovecot: Dovecot for test at xxx finished, uidlist now = 1667 Jun 3 11:18:32 brio dovecot: pop3(test at xxx): Disconnected: Logged out top=0 (0 b), retr=0 (0 b), messages=1 (1756 b), del=0 Jun 3 11:18:32 brio dovecot: pop3(nz at xxx): Disconnected: Logged out top=0 (0 b), retr=0 (0 b), messages=0 (0 b), del=0 Jun 3 11:18:32 brio dovecot: imap-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=667, session= Jun 3 11:18:32 brio dovecot: Dovecot postlogin.sh running as manager at xxx/manager) userid = 12397 (12397) - uidlist = 12397 Jun 3 11:18:32 brio dovecot: Dovecot for manager at xxx finished, uidlist now = 12397 Jun 3 11:18:32 brio dovecot: imap(manager at xxx): Disconnected: Logged out bytes=91/873 Jun 3 11:18:32 brio dovecot: pop3-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=675, session= Jun 3 11:18:32 brio dovecot: Dovecot postlogin.sh running as amanda at xxx/amanda) userid = 24293 (24293) - uidlist = 24293 Jun 3 11:18:32 brio dovecot: Dovecot for amanda at xxx finished, uidlist now = 24293 Jun 3 11:18:32 brio dovecot: pop3(anton at xxx): Disconnected: Logged out top=0 (0 b), retr=0 (0 b), messages=603 (57517089 b), del=0 Jun 3 11:18:32 brio dovecot: pop3-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=685, TLS, session= Jun 3 11:18:32 brio dovecot: Dovecot postlogin.sh running as admin at xxx/admin) userid = 25119 (25119) - uidlist = 25119 Jun 3 11:18:32 brio dovecot: Dovecot for admin at xxx finished, uidlist now = 25119 Jun 3 11:18:32 brio dovecot: pop3-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=691, session= Jun 3 11:18:32 brio dovecot: pop3-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=695, session=<7MskneL6TAB97O9T> Jun 3 11:18:32 brio dovecot: Dovecot postlogin.sh running as info at xxx/info) userid = 13732 (13732) - uidlist = 13732 Jun 3 11:18:32 brio dovecot: Dovecot for info at xxx finished, uidlist now = 13732 Jun 3 11:18:32 brio dovecot: Dovecot postlogin.sh running as robb at xxx/robb) userid = 21760 (21760) - uidlist = 21760 Jun 3 11:18:32 brio dovecot: Dovecot for robb at xxx finished, uidlist now = 21760 Jun 3 11:18:33 brio dovecot: pop3(number5 at xxx): Disconnected: Logged out top=0 (0 b), retr=0 (0 b), messages=19 (422734 b), del=0 Jun 3 11:18:33 brio dovecot: pop3(admin at xxx): Disconnected: Logged out top=0 (0 b), retr=0 (0 b), messages=256 (8614214 b), del=0 Jun 3 11:18:33 brio dovecot: pop3(info at xxx): Disconnected: Logged out top=0 (0 b), retr=0 (0 b), messages=227 (56540919 b), del=0 Jun 3 11:18:33 brio dovecot: pop3(amanda at xxx): Disconnected: Logged out top=0 (0 b), retr=1 (20185 b), messages=69 (5243134 b), del=0 Jun 3 11:18:33 brio dovecot: pop3-login: Login: user=, method=APOP, rip=x.x.x.x, lip=x.x.x.x, mpid=712, session= Jun 3 11:18:33 brio dovecot: Dovecot postlogin.sh running as sbreed at xxx/sbreed) userid = 21761 (21761) - uidlist = 21761 Jun 3 11:18:33 brio dovecot: Dovecot for sbreed at xxx finished, uidlist now = 21761 Jun 3 11:18:33 brio dovecot: pop3(robb at xxx): Disconnected: Logged out top=0 (0 b), retr=0 (0 b), messages=0 (0 b), del=0 Jun 3 11:18:33 brio dovecot: imap-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=721, session= Jun 3 11:18:33 brio dovecot: Dovecot postlogin.sh running as gary at xxx/gary) userid = 26671 (26671) - uidlist = 26671 Jun 3 11:18:33 brio dovecot: Dovecot for gary at xxx finished, uidlist now = 26671 Jun 3 11:18:33 brio dovecot: imap(gary at xxx): Disconnected: Logged out bytes=394/10899 Jun 3 11:18:34 brio dovecot: imap-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=733, session=<0kc2neL6tgDAqMjK> Jun 3 11:18:34 brio dovecot: Dovecot postlogin.sh running as sales at xxx/sales) userid = 16696 (16696) - uidlist = 16696 Jun 3 11:18:34 brio dovecot: Dovecot for sales at xxx finished, uidlist now = 16696 Jun 3 11:18:34 brio dovecot: pop3-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=741, session= Jun 3 11:18:34 brio dovecot: Dovecot postlogin.sh running as tmeha at xxx/tmeha) userid = 4338 (4338) - uidlist = 4338 Jun 3 11:18:34 brio dovecot: Dovecot for tmeha at xxx finished, uidlist now = 4338 Jun 3 11:18:34 brio dovecot: imap(sales at xxx): Disconnected: Logged out bytes=467/14224 Jun 3 11:18:34 brio dovecot: pop3-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=753, session= Jun 3 11:18:34 brio dovecot: pop3-login: Login: user=, method=APOP, rip=x.x.x.x, lip=x.x.x.x, mpid=754, session= Jun 3 11:18:34 brio dovecot: Dovecot postlogin.sh running as christine at xxx/christine) userid = 29127 (29127) - uidlist = 29127 Jun 3 11:18:34 brio dovecot: Dovecot for christine at xxx finished, uidlist now = 29127 Jun 3 11:18:34 brio dovecot: Dovecot postlogin.sh running as john at xxx/john) userid = 15027 (15027) - uidlist = 15027 Jun 3 11:18:34 brio dovecot: Dovecot for john at xxx finished, uidlist now = 15027 Jun 3 11:18:34 brio dovecot: pop3-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=769, TLS, session=<0oM/neL6YwB97a8j> Jun 3 11:18:34 brio dovecot: Dovecot postlogin.sh running as res at xxx/res) userid = 35375 (35375) - uidlist = 35375 Jun 3 11:18:34 brio dovecot: Dovecot for res at xxx finished, uidlist now = 35375 Jun 3 11:18:34 brio dovecot: pop3(res at xxx): Disconnected: Logged out top=0 (0 b), retr=0 (0 b), messages=0 (0 b), del=0 Jun 3 11:18:34 brio dovecot: pop3(tmeha at xxx): Disconnected: Logged out top=0 (0 b), retr=0 (0 b), messages=0 (0 b), del=0 Jun 3 11:18:34 brio dovecot: imap-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=781, session= Jun 3 11:18:34 brio dovecot: Dovecot postlogin.sh running as test at xxx/test) userid = 1667 (1667) - uidlist = 1667 Jun 3 11:18:34 brio dovecot: Dovecot for test at xxx finished, uidlist now = 1667 Jun 3 11:18:34 brio dovecot: imap(test at xxx): Disconnected: Logged out bytes=9/360 Jun 3 11:18:34 brio dovecot: imap-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=792, session= There is nothing there which indicates anything happened at 11:18:33 which would have gone anywhere near the uidlist file or even from the user that the file changed to (remembering that the directory permission would prevent them writing to the file anyway) The stat also says the change happened at 11:18:33, and there is nothing in the logs for that time which is abnormal (a whole bunch of other logins from other customers but nothing from those two users and no errors) Any further suggestions? Cheers, James From jtam.home at gmail.com Tue Jun 3 03:02:14 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 2 Jun 2014 20:02:14 -0700 (PDT) Subject: [Dovecot] list all emails from command line? In-Reply-To: References: Message-ID: > Therefore, I wanted to do some kind of "IMAP list" of the account, with > a command line tool: > > - specify username, pass and server, > - the tool would return a list of all email in their folders (message > ID, From, To, Date, Subject). > > I would run it i.e. daily and this would let me verify when the mail was > really visible in the account. > > Is anyone aware of a tool I could use to achieve that? Not offhand, but if you want a remote tool, it ought to be simple to cobble together some feeder script and netcat (or openssl s_client). It will also be simpler if you configure the master password feature so you don't have access to all user passwords. So something like this for dumping the INBOX contents #!/bin/sh master-user=masteru master-password=masterp while read user server; do netcat --ssl $server 993 <<_EOF_ >${user}.report 1 LOGIN ${user}*${master-user} ${master-password) 2 SELECT INBOX 3 ... 4 LOGOUT _EOF_ done I don't know enough IMAP to fill in "3 ..." to dump all headers, but I'm sure it's not hard to find out. It's even simpler if you don't need to do it remotely: just use doveadm fetch -A hdr MAILBOX '*' Joseph Tam From dovecot.org at veggiechinese.net Tue Jun 3 04:22:01 2014 From: dovecot.org at veggiechinese.net (Will Yardley) Date: Mon, 2 Jun 2014 21:22:01 -0700 Subject: [Dovecot] list all emails from command line? In-Reply-To: <20140602231403.51266505@s9> References: <20140602231403.51266505@s9> Message-ID: <20140603042201.GA3008@aura.veggiechinese.net> This seems like a pretty complicated (and time / labor intensive) way to solve the problem. That said, if this is the way you want to approach the problem, Python's imaplib is pretty good at doing this kind of thing. This may not format it exactly the way you want, but it should give you a starting point. Lots of examples online. I haven't played with it much, but I think there are some things that will let you do some extended logging of IMAP commands from within Dovecot - that might be a better way to figure out why the user's client doesn't seem to be noticing the message in a timely manner. **** #!/usr/bin/env python import email import imaplib IMAPHOST='somehost.example.com' USER='username' PASSWORD='mysecretgarden' i = imaplib.IMAP4_SSL(IMAPHOST) i.login(USER, PASSWORD) for folder in i.list()[1]: folder = folder.split(' "/" ')[1] print "**** %s ****" % folder i.select(folder) typ, [msg_ids] = i.search(None, 'ALL') for num in msg_ids.split(): typ, msg_data = i.fetch(num, '(BODY.PEEK[HEADER])') for response_part in msg_data: if isinstance(response_part, tuple): email_message = email.message_from_string(response_part[1]) to = email.utils.parseaddr(email_message['to']) subject = email_message['Subject'] msgid = email_message['Message-ID'] sender = email.utils.parseaddr(email_message['From']) print "%-30s => %-30s %-30s (%s)" % (sender[1], to[1] + ':', subject[0:30], msgid) From skdovecot at smail.inf.fh-brs.de Tue Jun 3 06:11:31 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 3 Jun 2014 08:11:31 +0200 (CEST) Subject: [Dovecot] list all emails from command line? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 2 Jun 2014, Joseph Tam wrote: > So something like this for dumping the INBOX contents > > #!/bin/sh > > master-user=masteru > master-password=masterp > > while read user server; do > netcat --ssl $server 993 <<_EOF_ >${user}.report > 1 LOGIN ${user}*${master-user} ${master-password) > 2 SELECT INBOX > 3 ... > 4 LOGOUT > _EOF_ > done > > I don't know enough IMAP to fill in "3 ..." to dump all headers, but I'm > sure it's not hard to find out. 3 fetch 1:* RFC822.HEADER > It's even simpler if you don't need to do it remotely: just use > > doveadm fetch -A hdr MAILBOX '*' - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU41nFHz1H7kL/d9rAQIEkggAoqpjh3Yn/0lJbGSf9D4zI/TO8utmUGtK ZqmZ/j9KOm7+GvaS3z4WqlIkwfYFqIgTuiLBn9bHU6Dzynr+DDD8ydqGxiaQa3WY XgDQv6xU/bti4NXMZtpRxKg8r/SXW3Y/N36Y9sH3yYf7LTopQh1rW9cEdiyWY8c5 AjPmSdzxXnlmrwCCtJvjEPjvSZbIN2ilAXPMaDCbDNKZM7/VNvB+Yi8P7c6zdq6s Hdjn9h4FEqoB9zgiEGC1z4YSzVjaTGS7a+1+gS7WUJ6BX1al04eT4FlTu4WetTU8 mJmZAO/c8OA/+1FO1HW2u3FRhd1gIH/CRigfuGgfT7hwN3xcej1FPA== =gzhc -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Tue Jun 3 07:33:48 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 3 Jun 2014 09:33:48 +0200 (CEST) Subject: [Dovecot] Odd ownership of the dovecot-uidlist file In-Reply-To: <538D2C8D.9060107@hook.net.nz> References: <538D2C8D.9060107@hook.net.nz> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 3 Jun 2014, Bruce wrote: > Jun 3 11:38:51 brio dovecot: Dovecot postlogin.sh running as hamish at XXXXX > (/mnt/spool/keepers/h/XXXXX/hamish) userid = 7053 (7053) - uidlist = 26624 > Jun 3 11:38:51 brio dovecot: Dovecot for hamish at XXXXX finished, uidlist now = > 26624 who is user 26624? Is the uid valid at all? If it is invalid, are there other files owned by this uid? Maybe only one of your NFS server has this uid in its /etc/passwd? Is user "hamish" shared to another user somehow, either via symlinks, ACLs, ...? > The stat also says the change happened at 11:18:33, and there is nothing in Well, it's the last inode change time. It does not neccessarily mean that the ownership was changed then. > the logs for that time which is abnormal (a whole bunch of other logins from > other customers but nothing from those two users and no errors) What about cron jobs, message delivery, backups, ... anything that possibly can alter that file. I don't think, it's a Dovecot issue, unless the uid 26624 is valid and hamish is shared with that user. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU416XHz1H7kL/d9rAQL5HwgAlsI9PkWvcVJVQOj4P2SMsDBRoUGmt+Wy mvpnbRYWoApn4RdDHhm6UNE61OuqxFeZclKBzX7Qx6liK/4Hrq2dafsGHmFh7fSx o8qlEmOhUXwvoZ7sWtvepOPnxYJr8oTULlMoxoZHD2EUHWyG4D24QSU07Knnbasi wqXXS19Yuv6anBjfDMg7MsXYBw+M9yCxJd7h+IcapYC18DV3uSsEwyXC77QM+vjS tEvyqwRG04XM0tUBGwApkoUMmQxGggmaFSdSQTBjegfk5IwjwxbIpXIjmOP0GURA bkPHHGxuM2uMpDb7QBx5mUA8yZdFj5RzgAlkBuRFa2QVENBhE3qeVQ== =br8I -----END PGP SIGNATURE----- From giom87 at libero.it Tue Jun 3 09:07:46 2014 From: giom87 at libero.it (Giovanni Mancuso) Date: Tue, 03 Jun 2014 11:07:46 +0200 Subject: [Dovecot] Problem in Search IMAP with spaces in Subject Message-ID: <538D9062.3000101@libero.it> Hi, I deliver a test email (with 4 spaces in subject) into a maildir: Return-Path: Delivered-To: Received: from suse11 ([10.0.8.7]) by suse11 (Dovecot) with LMTP id Pf6zDTCaiFOUXwAA4Q5jHg for ; Fri, 30 May 2014 16:48:16 +0200 From: To: Message-ID: <9704BC6A-28D9-CBF2-A1D6-DD54F6AA9D9D at newsvilpec.babel.it> Subject: Test 4 Spaces Test But, if i search this email with 4 spaces in subject i don't find anthing: telnet 0 143 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. ab login user at example.com password ab OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE QUOTA ACL RIGHTS=texk] Logged in ab select inbox * FLAGS (\Answered \Flagged \Deleted \Seen \Draft PEC_INBOX) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft PEC_INBOX \*)] Flags permitted. * 1 EXISTS * 1 RECENT * OK [UNSEEN 1] First unseen. * OK [UIDVALIDITY 1401785069] UIDs valid * OK [UIDNEXT 2] Predicted next UID ab OK [READ-WRITE] Select completed (0.002 secs). a1 SEARCH CHARSET UTF-8 SUBJECT "Test 4 Spaces" * SEARCH a1 OK Search completed (0.001 secs). a1 SEARCH CHARSET UTF-8 SUBJECT "Test 4 Spaces" * SEARCH 1 a1 OK Search completed (0.000 secs). ab logout * BYE Logging out ab OK Logout completed. Connection closed by foreign host. If i run the search with one space i find a mail. I use dovecot v2.2.12 on Linux suse11 x86_64 Thanks From ChristianVaas at auspex.eu Tue Jun 3 09:30:04 2014 From: ChristianVaas at auspex.eu (Christian Vaas) Date: Tue, 3 Jun 2014 11:30:04 +0200 Subject: [Dovecot] Postfix mailing list suggestion Message-ID: Can anyone suggest a good mailing list for postfix users? Thanks Chris From tolga at ozses.net Tue Jun 3 09:31:05 2014 From: tolga at ozses.net (Muzaffer Tolga Ozses) Date: Tue, 3 Jun 2014 12:31:05 +0300 Subject: [Dovecot] Postfix mailing list suggestion In-Reply-To: References: Message-ID: postfix-users at postfix.org On 3 June 2014 12:30, Christian Vaas wrote: > Can anyone suggest a good mailing list for postfix users? > > Thanks > Chris > From stephane.cottin at vixns.com Tue Jun 3 11:37:57 2014 From: stephane.cottin at vixns.com (=?windows-1252?Q?St=E9phane_Cottin?=) Date: Tue, 3 Jun 2014 13:37:57 +0200 Subject: [Dovecot] stats error Message-ID: Hello, Errors still present after upgrading to 2.2.13 : stats: Error: Mail server input error: UPDATE-SESSION test at example.com imap: stats shrank: mlpath 378 < 379 stats: Error: Mail server input error: UPDATE-SESSION test at example.com imap: stats shrank: mlpath 1 < 2 stats: Error: Mail server input error: UPDATE-SESSION test at example.com pop3: stats shrank: mlpath 4 < 8 stats: Error: Mail server input error: UPDATE-SESSION test at example.com imap: stats shrank: mrbytes 6028260 < 7487934 stats: Error: Mail server input error: UPDATE-SESSION test at example.com imap: stats shrank: mrbytes 11134652 < 13009233 [?] doveconf -n : # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.2.53-xenU-8869-x86_64 x86_64 Debian 7.4 auth_mechanisms = plain login cram-md5 default_client_limit = 3003 lda_mailbox_autocreate = yes mail_plugins = " quota stats zlib" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate vacation-seconds namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { antispam_backend = dspam antispam_dspam_args = --source=error;--user;%u;--deliver= antispam_dspam_binary = /usr/bin/dspamc antispam_dspam_notspam = --class=innocent antispam_dspam_result_header = X-DSPAM-Result antispam_dspam_spam = --class=spam antispam_signature = X-DSPAM-Signature antispam_signature_missing = move antispam_spam = Junk antispam_spam_pattern_ignorecase = Junk;Junk.* antispam_trash = trash;Trash;Deleted Items;Deleted Messages fts = lucene fts_lucene = whitespace_chars=@. quota = maildir:User quota quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +vacation-seconds sieve_vacation_default_period = 3h sieve_vacation_max_period = 30d sieve_vacation_min_period = 3m stats_refresh = 30 secs zlib_save = gz zlib_save_level = 9 } protocols = " imap sieve pop3" recipient_delimiter = - service imap-login { service_count = 0 vsz_limit = 256 M } service quota-warning { executable = script /usr/bin/quota-warning.sh unix_listener quota-warning { user = vpopmail } user = vpopmail } service stats { fifo_listener stats-mail { mode = 0600 user = vpopmail } } ssl_cert = Hi to all. First of all.. I'm new on the mailing list.. So.. Sorry in advance for any mistake or error on posting here.. The question (or doubt..) is about sharing mail folder. I use a test mail server. Is not the production server (always dovecot + postfix + spamassassin + clamav) Well.. In test mail server i can use the share folder, follow the conf istruction on wiki dovecot. And work fine. But i need to know if is possible for user_a at mydomain.com to share only 1 or 2 subfolder (E.g. .INBOX.FOLDER_A and .INBOX.FOLDER_B shared, .INBOX_FOLDER_C not shared) When i do some test sharing folder, the user with wich user_a at mydomain.com share the mailbox can view all the subfolder of user_a at mydomain.com Following my dovecot versione e config. Thank's in advance My dovecot version is 2.0.19 My dovecot conf is : # 2.0.19: /etc/dovecot/dovecot.conf doveconf: Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied calloni at dovecot:~$ sudo -i [sudo] password for calloni: root at dovecot:~# dovecot -n # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.5.0-49-generic i686 Ubuntu 12.04.4 LTS ext4 dict { acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no first_valid_uid = 150 last_valid_uid = 150 mail_gid = mail mail_location = maildir:/var/vmail/%d/%u mail_plugins = acl mail_uid = vmail namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = yes location = maildir:%%h:INDEX=~/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_shared_dict = proxy::acl } postmaster_address = postmaster at jodovit.local protocols = " imap pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = mail mode = 0600 user = vmail } } service dict { unix_listener dict { group = mail mode = 0600 user = vmail } } ssl_cert = References: <005201cf7f30$73715a40$5a540ec0$@calloni@jodovit.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 3 Jun 2014, Gianluca Calloni wrote: > But i need to know if is possible for user_a at mydomain.com to share only 1 or > 2 subfolder (E.g. .INBOX.FOLDER_A and .INBOX.FOLDER_B shared, > .INBOX_FOLDER_C not shared) What's the dovecot-acl in .INBOX and the three directories mentioned above? Or: doveadm acl get -u user_a at mydomain.com INBOX doveadm acl get -u user_a at mydomain.com INBOX.FOLDER_A doveadm acl get -u user_a at mydomain.com INBOX.FOLDER_B doveadm acl get -u user_a at mydomain.com INBOX.FOLDER_C Did you've share "INBOX" instead of the the subfolders A and B? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU43RXHz1H7kL/d9rAQIm2Af+KLrxxvgAk8TH2f0U6ldu2NidjnncWDv9 Y6vxbuoT/3gC9hL0XlwT/KE+oh/aKsu1tkDhTSq5TQuGVZ5L26CTntIDE9WPq9jf I6lyTzaP6gT3RjhrV0MZeMGLUerWijVs+sPmZMnqTzIIMGFaSqNv6hfAeVjhw98Y 3RMfNbOudTCrg7DGM/jQ3jTXGyJEhL5aI4mFG7JUPE1eYX8ZbTgHePQQtzaFiseK 6en6o25IYpduoQhwq5KEZFkiNLVZFE0ntbwhgUkF8ovzyp3WzioTihi7n4W/IC3x SXfeq2hdq1KMqmXa1zbNKUHz/lPv+dJlXUl94LKxACwm9+zkkrS4vQ== =R2bc -----END PGP SIGNATURE----- From gianluca.calloni at jodovit.com Tue Jun 3 15:35:21 2014 From: gianluca.calloni at jodovit.com (Gianluca Calloni) Date: Tue, 3 Jun 2014 17:35:21 +0200 Subject: [Dovecot] R: Info about sharing mail folder In-Reply-To: References: <005201cf7f30$73715a40$5a540ec0$@calloni@jodovit.com> Message-ID: <007601cf7f41$6e4919c0$4adb4d40$@calloni@jodovit.com> HI Steffen. In folder /var/vmail/example.com/user_a i've a dovecot-acl file with " user=test at example.com lrwstipekxa " IN mysql table user_shares i set: +---------------------+------------------+-------+ | from_user | to_user | dummy | +---------------------+------------------+-------+ | user_a at example.com | test at example.com | 1 | +---------------------+------------------+-------+ and the doveadm acl command: doveadm acl get -u user_a at example.com INBOX ID Global Rights user=test at example.com admin create delete expunge insert lookup post read write write-deleted write-seen doveadm acl get -u user_a at example.com INBOX.FOLDER_A ID Global Rights user=test at example.com admin create delete expunge insert lookup post read write write-deleted write-seen doveadm acl get -u user_a at example.com INBOX.FOLDER_B ID Global Rights user=test at example.com admin create delete expunge insert lookup post read write write-deleted write-seen doveadm acl get -u user_a at example.com INBOX.FOLDER_C ID Global Rights user=test at example.com admin create delete expunge insert lookup post read write write-deleted write-seen Of course, user test at example.com can see all subfolder. Reading your post.. I can set an dovecot-acl file in each subfolder to set the permission? Thank's -----Messaggio originale----- Da: dovecot [mailto:dovecot-bounces at dovecot.org] Per conto di Steffen Kaiser Inviato: marted? 3 giugno 2014 15:45 A: Dovecot Mailing List Oggetto: Re: [Dovecot] Info about sharing mail folder -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 3 Jun 2014, Gianluca Calloni wrote: > But i need to know if is possible for user_a at mydomain.com to share > only 1 or > 2 subfolder (E.g. .INBOX.FOLDER_A and .INBOX.FOLDER_B shared, > .INBOX_FOLDER_C not shared) What's the dovecot-acl in .INBOX and the three directories mentioned above? Or: doveadm acl get -u user_a at mydomain.com INBOX doveadm acl get -u user_a at mydomain.com INBOX.FOLDER_A doveadm acl get -u user_a at mydomain.com INBOX.FOLDER_B doveadm acl get -u user_a at mydomain.com INBOX.FOLDER_C Did you've share "INBOX" instead of the the subfolders A and B? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU43RXHz1H7kL/d9rAQIm2Af+KLrxxvgAk8TH2f0U6ldu2NidjnncWDv9 Y6vxbuoT/3gC9hL0XlwT/KE+oh/aKsu1tkDhTSq5TQuGVZ5L26CTntIDE9WPq9jf I6lyTzaP6gT3RjhrV0MZeMGLUerWijVs+sPmZMnqTzIIMGFaSqNv6hfAeVjhw98Y 3RMfNbOudTCrg7DGM/jQ3jTXGyJEhL5aI4mFG7JUPE1eYX8ZbTgHePQQtzaFiseK 6en6o25IYpduoQhwq5KEZFkiNLVZFE0ntbwhgUkF8ovzyp3WzioTihi7n4W/IC3x SXfeq2hdq1KMqmXa1zbNKUHz/lPv+dJlXUl94LKxACwm9+zkkrS4vQ== =R2bc -----END PGP SIGNATURE----- From deano-dovecot at areyes.com Tue Jun 3 15:54:48 2014 From: deano-dovecot at areyes.com (deano-dovecot at areyes.com) Date: Tue, 03 Jun 2014 11:54:48 -0400 Subject: [Dovecot] =?utf-8?q?Replication_with_virtual_users_and_static_use?= =?utf-8?q?rdb_possible_=3F?= Message-ID: Is it possible to get replication working in a virtual user setup that uses a static userdb ? My environment is fairly simple and typical - there's a single system user (vmail) that owns all the home dirs (/var/mail/domain.com/user). The virtual users (userid at domain.com:secretpassword) are kept in a single file (/var/mail/domain.com/PASSWD) that's unique per domain, and referenced as a static userdb : passdb { driver = passwd-file args = scheme=plain username_format=%u /var/mail/%d/PASSWD } userdb { driver = static args = uid=vmail gid=vmail home=/var/mail/%d/%n } I know the wiki http://wiki2.dovecot.org/Replication states that user listing must be enabled, but that's not available for a static userdb. The wiki http://wiki2.dovecot.org/UserDatabase/Static also says that it shouldn't be a problem because it will use do a passdb lookup instead (except for PAM which isn't used here). Unfortunately, it's not working. I've testing with ssh : dsync_remote_cmd = ssh -l vmail %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace} mail_replica = remote:vmail at server2.domain.com as well as with straight tcp (SSL for later) mail_replica = tcp:server2.domain.com:999 /var/log/mail.err shows the problems ... Jun 3 11:30:53 server1 dovecot: auth: Error: Trying to iterate users, but userdbs don't support it Jun 3 11:30:53 server1 dovecot: replicator: Error: User listing returned failure Jun 3 11:30:53 server1 dovecot: replicator: Error: listing users failed, can't replicate existing data Anyone else have it working ? I'm sure it's something simple that I've just overlooked. Thanks - D. From dclist.hook at hook.net.nz Tue Jun 3 20:52:36 2014 From: dclist.hook at hook.net.nz (Bruce) Date: Wed, 04 Jun 2014 08:52:36 +1200 Subject: [Dovecot] Odd ownership of the dovecot-uidlist file In-Reply-To: References: Message-ID: <538E3594.5090006@hook.net.nz> Hi, Please see my responses below, On 04/06/14 01:35, dovecot-request at dovecot.org wrote: > Message: 4 > Date: Tue, 3 Jun 2014 09:33:48 +0200 (CEST) > From: Steffen Kaiser >> >Jun 3 11:38:51 brio dovecot: Dovecot postlogin.sh running as hamish at XXXXX >> >(/mnt/spool/keepers/h/XXXXX/hamish) userid = 7053 (7053) - uidlist = 26624 >> >Jun 3 11:38:51 brio dovecot: Dovecot for hamish at XXXXX finished, uidlist now = >> >26624 > who is user 26624? Is the uid valid at all? If it is invalid, are there > other files owned by this uid? Maybe only one of your NFS server has this > uid in its /etc/passwd? Is user "hamish" shared to another user somehow, > either via symlinks, ACLs, ...? UID 26624 is a valid user ('info' of domain14552) but under a compleltly different domain name (hamish is under domain25367). However that user has also not logged in around the time the ownership was changed. There is no relevance to the two users, except that they exist on the system and for some reason this issue happened to the hamish user. The NFS server does not know about the UIDs, it just provides the numeric IDs which is translated on the dovecot/exim servers by NSS and Dovecotr using the replicated MySQL database. Additionally both users have existed for some time and the databases are in sync. Customers also do not have any access to the file system so there will be no symlinks in place. Its also not a single server that we are seeing the issue on, it maybe one Dovecot server accessing one NFS server. Then the next time its a different Dovecot server accessing a different NFS server. >> >the logs for that time which is abnormal (a whole bunch of other logins from >> >other customers but nothing from those two users and no errors) > What about cron jobs, message delivery, backups, ... anything that > possibly can alter that file. I don't think, it's a Dovecot issue, unless > the uid 26624 is valid and hamish is shared with that user. Nothing besides Courier being replaced by Dovecot has changed in the server setup (although I could be wrong there, but we are going through one component at a time and until this issue is resolved we are not moving onto the next), and the only file which is being modified is a file which only Dovecot maintains. There are hourly backups which do an rsync to another server in case of hardware failure, there are scripts which move mailboxes between NFS servers but they show up in logs. Exim has no need to touch a dovecot controlled file, and when it writes mail into the maildir its writing as the correct user. It also seem odd that one login is fine then randomly the next login the file ownership has changed, nothing happens in between the two logins which are in some cases only 5 to 10 minutes apart. All I am really looking for is ideas on where to look, as it seems odd that nobody else is reporting this, and since its a reasonably new setup its possibly something we have done in the config (which I posted in my first email). Is there a reliable way to run a script directly when a dovecot session starts and finishes so we could output the ownership before and after which may also help eliminate the session itself. Cheers, Bruce From pch at myzel.net Tue Jun 3 23:04:56 2014 From: pch at myzel.net (Peter Chiochetti) Date: Wed, 04 Jun 2014 01:04:56 +0200 Subject: [Dovecot] Odd ownership of the dovecot-uidlist file In-Reply-To: <538E3594.5090006@hook.net.nz> References: <538E3594.5090006@hook.net.nz> Message-ID: <538E5498.5040004@myzel.net> Am 2014-06-03 22:52, schrieb Bruce: > > All I am really looking for is ideas on where to look, > Use inotify on the directory? -- peter From dovecot.org at veggiechinese.net Tue Jun 3 23:30:39 2014 From: dovecot.org at veggiechinese.net (Will Yardley) Date: Tue, 3 Jun 2014 16:30:39 -0700 Subject: [Dovecot] director with multiple instances Message-ID: <20140603233039.GA22974@aura.veggiechinese.net> I'm experiencing some problems similar to those described in http://dovecot.org/list/dovecot/2012-July/137250.html except with 2.0.9. Adding http://dovecot.org/list/dovecot/2012-July/084906.html to the main config didn't seem to help, nor did setting the list of director and backend servers to just the system itself. I get a banner connecting to port 143: [root at retr01 log]# telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK Waiting for authentication process to respond.. Log messages are: Jun 3 16:22:03 retr01 dovecot: pop3-login: Error: Timeout waiting for handshake from auth server. my pid=32152, input bytes=0 Jun 3 16:22:33 retr01 dovecot: pop3-login: Error: Timeout waiting for handshake from auth server. my pid=32152, input bytes=0 Jun 3 16:22:33 retr01 dovecot: director: Fatal: No inet_listeners defined for director service (for standalone keep director_servers empty) Jun 3 16:22:33 retr01 dovecot: master: Error: service(director): command startup failed, throttling Jun 3 16:23:08 retr01 dovecot: pop3-login: Error: Timeout waiting for handshake from auth server. my pid=32152, input bytes=0 Jun 3 16:23:33 retr01 dovecot: pop3-login: Disconnected: Inactivity (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured running dovecot procs are: root 32137 1 0 16:20 ? 00:00:00 /usr/sbin/dovecot -c /etc/dovecot-main.conf root 32145 1 0 16:20 ? 00:00:00 /usr/sbin/dovecot -c /etc/dovecot-director.conf doveconf -n for the two configs (dovecot-main.conf, dovecot-director.conf) are included below. dovecot-sql.conf has: driver = sqlite connect = /etc/dovecot/empty.db password_query = select 'y' as proxy, \ NULL as password, \ 'y' as nopassword, \ case '%a' \ when '110' then '10110' \ when '995' then '10110' \ when '143' then '10143' \ when '993' then '10143' end \ as port; (where empty.db is completely empty; this is just used since there's no other way to handle the port mapping, as described elsewhere on the list). A static proxy setup does work, with the normal imap / pop3 listeners. # 2.0.9: /etc/dovecot-main.conf # OS: Linux 2.6.32-431.11.2.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.5 (Santiago) ext4 auth_username_format = %Ln auth_worker_max_count = 60 base_dir = /var/run/dovecot-main default_client_limit = 4096 default_process_limit = 200 dotlock_use_excl = yes mail_fsync = always mail_location = maildir:/var/spool/maildir/%1Ln/%Ln:INDEX=/mnt/post/cache/%1Ln/%Ln mail_plugins = fts fts_squat quota maildir_very_dirty_syncs = yes mbox_write_locks = fcntl mmap_disable = yes namespace { inbox = yes location = prefix = Mail. separator = . type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { quota = maildir:User Quota quota_rule = *:storage=40960M:messages=3000000 } service auth-worker { user = $default_internal_user } service imap-login { inet_listener imap { port = 10143 } inet_listener imaps { port = 10993 } service_count = 0 vsz_limit = 128 M } service pop3-login { inet_listener pop3 { port = 10110 } inet_listener pop3s { port = 10995 } } ssl = required ssl_cert = References: <20140603233039.GA22974@aura.veggiechinese.net> Message-ID: <20140603235332.GB22974@aura.veggiechinese.net> And I realize that doveadm isn't setup properly yet, and that director_doveadm_port needs to be doveadm's inet_listener, not director's as it is now. Presumably this should just affect being able to run doveadm, though, and not cause the problems I mentioned? It would be really convenient if running the directors and backend services on the same set of machines was a lot easier out of the box. Especially being able to configure a static mapping of listener => backend port without having to do a fake SQL map would really simplify things. w From skdovecot at smail.inf.fh-brs.de Wed Jun 4 06:52:51 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 4 Jun 2014 08:52:51 +0200 (CEST) Subject: [Dovecot] Odd ownership of the dovecot-uidlist file In-Reply-To: <538E3594.5090006@hook.net.nz> References: <538E3594.5090006@hook.net.nz> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 4 Jun 2014, Bruce wrote: > Please see my responses below, I dislike top posting anyway :-) > On 04/06/14 01:35, dovecot-request at dovecot.org wrote: >> Message: 4 >> Date: Tue, 3 Jun 2014 09:33:48 +0200 (CEST) >> From: Steffen Kaiser >>> >Jun 3 11:38:51 brio dovecot: Dovecot postlogin.sh running as hamish at XXXXX >>> >(/mnt/spool/keepers/h/XXXXX/hamish) userid = 7053 (7053) - uidlist = >>> 26624 >>> >Jun 3 11:38:51 brio dovecot: Dovecot for hamish at XXXXX finished, uidlist >>> now = >>> >26624 >> who is user 26624? Is the uid valid at all? If it is invalid, are there >> other files owned by this uid? Maybe only one of your NFS server has this >> uid in its /etc/passwd? Is user "hamish" shared to another user somehow, >> either via symlinks, ACLs, ...? > UID 26624 is a valid user ('info' of domain14552) but under a compleltly > different domain name (hamish is under domain25367). However that user has > also not logged in around the time the ownership was changed. There is no > relevance to the two users, except that they exist on the system and for some > reason this issue happened to the hamish user. That means: no sharing, right ? > The NFS server does not know about the UIDs, it just provides the numeric IDs > which is translated on the dovecot/exim servers by NSS and Dovecotr using the > replicated MySQL database. Additionally both users have existed for some time > and the databases are in sync. Customers also do not have any access to the > file system so there will be no symlinks in place. > > Its also not a single server that we are seeing the issue on, it maybe one > Dovecot server accessing one NFS server. Then the next time its a different > Dovecot server accessing a different NFS server. Because it's NFS, any server accessing this NFS export may alter the ownership, because I still do not believe it's a Dovecot IMAP/POP issue ;-) >>> >the logs for that time which is abnormal (a whole bunch of other logins >>> from >>> >other customers but nothing from those two users and no errors) >> What about cron jobs, message delivery, backups, ... anything that >> possibly can alter that file. I don't think, it's a Dovecot issue, unless >> the uid 26624 is valid and hamish is shared with that user. > Nothing besides Courier being replaced by Dovecot has changed in the server > setup (although I could be wrong there, but we are going through one > component at a time and until this issue is resolved we are not moving onto > the next), and the only file which is being modified is a file which only > Dovecot maintains. Could there be Courier-related left-over scripts running? > There are hourly backups which do an rsync to another server in case of > hardware failure, there are scripts which move mailboxes between NFS servers > but they show up in logs. Exim has no need to touch a dovecot controlled > file, and when it writes mail into the maildir its writing as the correct > user. How does exim deliver the messages to the user storage? Via Dovecot-Deliver or directly. I interprete your sentence, that the messages are dropped directly. 00 > It also seem odd that one login is fine then randomly the next login the file > ownership has changed, nothing happens in between the two logins which are in > some cases only 5 to 10 minutes apart. > > All I am really looking for is ideas on where to look, as it seems odd that > nobody else is reporting this, and since its a reasonably new setup its That's why I point to non-Dovecot things. > possibly something we have done in the config (which I posted in my first > email). Is there a reliable way to run a script directly when a dovecot > session starts and finishes so we could output the ownership before and after > which may also help eliminate the session itself. Your post-login script does exactly that. That leaves the message delivery, if you do so via Dovecot deliver. LMTP seems to be off. I'm not sure if inotify works via NFS as Peter suggested, but that would my next idea as well. Let inotify wait for changes on that file, then fire up a script to capture "ps gaux" and maybe more. If you have SELinux running, maybe you can trigger a warning there? I don't know much about SELinux. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU47CQ3z1H7kL/d9rAQI3CAgAiXImeQ8nJcLkgEY+2Y8eOIWoNEOmPhMY yFaAYHoFnoQx8XJnlL9A0OY/L2INGdBN2ia1lUu8CkLbpfgCHY+MHuargFp6oUiP oCVhKbl4fjwk7T1Sm7tYDenW2zuBcF2kWSy3seROJYn5SUnKem4W4TRDnM/qheTg TR9pygp+1u3k6gq54Zni8JMY/m/9+8FtAHwWhkrY6LFXcdPT56q1+h2HNW2T/VVp g2GG7jKMKDl+VDxidDV/8obKQWWpgW4qO+aUwx+vxfud5GbXf0gL+PHtnf12XPHK /B/099fa8HiIpEWwqt3I5RTE1LrAsxJSwnWYfnEkqeTQrc9U7PVK7A== =NotM -----END PGP SIGNATURE----- From kiwi at oav.net Wed Jun 4 08:22:34 2014 From: kiwi at oav.net (Xavier Beaudouin) Date: Wed, 4 Jun 2014 10:22:34 +0200 Subject: [Dovecot] Dovecot + NFS + FreeBSD breakage ? Message-ID: Hi, I am trying to update my old mails servers from dovecot 2.1.15 to 2.2.12 (freebsd ports) and upgrade to FreeBSD 10.0-P3. My mail storage are on NFS with index also. On 2.1.15 everything is ok, and in 10-mail.conf I have the good things to be added as wiki tell me (eg http://wiki2.dovecot.org/NFS). BUT, when I try a single connection like : $ telnet ::1 110 Trying ::1... Connected to localhost. Escape character is '^]'. +OK Dovecot ready. user test at domain +OK pass thebloodypass Connection closed by foreign host. Looking the log : Jun 4 10:09:10 mail03 dovecot: master: Dovecot v2.2.12 starting up for imap, pop3, lmtp Jun 4 10:09:20 mail03 dovecot: pop3-login: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=5540, secured, session=<7x47Jf76IQAAAAAAAAAAAAAAAAAAAAAB> Jun 4 10:09:20 mail03 dovecot: pop3(kiwi at oav.net): Fatal: nfs flush requires mail_fsync=always This is very strange since : # doveconf -n | grep -E 'sync|nfs' mail_fsync = always mail_nfs_index = yes mail_nfs_storage = yes So either there is some breakage somewhere or something that is buggy somewhere... Here is my doveconf -n : # 2.2.12: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-RELEASE-p3 amd64 auth_cache_size = 1 M auth_mechanisms = plain login digest-md5 cram-md5 auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% auth_verbose = yes disable_plaintext_auth = no dotlock_use_excl = no lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lmtp_rcpt_check_quota = yes lmtp_save_to_detail_mailbox = yes lock_method = dotlock mail_debug = yes mail_fsync = always mail_location = maildir:~/Maildir:INDEX=/index/%d/%1n/%n mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = quota trash mail_log notify zlib fts fts_lucene mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } mailbox badh { auto = subscribe special_use = \Junk } mailbox spam { auto = subscribe special_use = \Junk } prefix = } passdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { fts = lucene fts_lucene = whitespace_chars=@.+ mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = maildir quota_grace = 10%% quota_rule2 = Trash:storage=+10%% quota_rule3 = spam:storage=+20%% trash = /usr/local/etc/dovecot/dovecot-trash.conf zlib_save = bz2 zlib_save_level = 9 } service auth { unix_listener /var/spool/postfix/private/auth { group = wheel mode = 0666 user = postfix } } service lmtp { inet_listener lmtp { port = 24 } } ssl_ca = From mailinglist at mindconnect.nl Wed Jun 4 10:08:16 2014 From: mailinglist at mindconnect.nl (Martijn) Date: Wed, 04 Jun 2014 12:08:16 +0200 Subject: [Dovecot] Change in LAYOUT=fs between 1.2.9 and 2.0.19? Message-ID: <538EF010.80107@mindconnect.nl> While testing an upgrade from Dovecot 1.2.9 (on Ubuntu 10.04 LTS) to 2.0.19 (12.04 LTS) I encountered the following change in behaviour: In both setups, mail_location is defined as follows: mail_location = maildir:~/domains/%d/%n/.Maildir:LAYOUT=fs No other mail_location-related settings are set in the config. On 1.2.9 this leads to new mail being delivered to this example directory: /home/username/domains/example-domain.ext/webmaster/.Maildir/INBOX/new/ On 2.0.19 the exact same mail_location is set, but new mail is now delivered to: /home/username/domains/example-domain.ext/webmaster/.Maildir/new/ Notice the missing /INBOX/ in the path on 2.0.19. I found no mention of this change on http://wiki2.dovecot.org/Upgrading/2.0 which first lead me to suspect this was a bug in 2.0.19. However, while browsing the 2.0-wiki I found a page which sheds some light on the behaviour that is to be expected from Dovecot 2.0.x. Quote from http://wiki2.dovecot.org/MailLocation/Maildir#Directory_layout > "Mailbox directory name": "Without DIRNAME, INBOX will be stored at ~/Maildir/{new,cur,tmp}/, but when DIRNAME is specified, we get an extra path component INBOX/ immediately prior to the DIRNAME value, so in the example above INBOX would be stored at ~/Maildir/INBOX/mAildir/{new,cur,tmp}/." I then changed mail_location to have an empty DIRNAME, like: mail_location = maildir:~/domains/%d/%n/.Maildir:LAYOUT=fs:DIRNAME= It appears this fixes the problem for new mail arriving (haven't tested other folders yet). Questions: 1. Is this a deliberate change in behaviour between the two versions? If so, may I suggest adding this change to the Upgrading to 2.0 wiki page, because I was unable to find the relevant info quickly. If not, is this a misconfiguration on my side, or a (known) bug in one of the two versions? 2. Is the DIRNAME=(empty) a good solution, or is it unusual/hacky to leave DIRNAME empty? Any particular problems I may expect using this configuration? Thanks in advance for your help. -- Kind regards, Martijn From kiwi at oav.net Wed Jun 4 10:39:45 2014 From: kiwi at oav.net (Xavier Beaudouin) Date: Wed, 4 Jun 2014 12:39:45 +0200 Subject: [Dovecot] Dovecot + NFS + FreeBSD breakage ? In-Reply-To: References: Message-ID: Replying to myself. After bumping myself ports to 2.2.13 (and pigeonhole to last version), this has been fixed. Xavier Le 4 juin 2014 ? 10:22, Xavier Beaudouin a ?crit : > Hi, > > I am trying to update my old mails servers from dovecot 2.1.15 to 2.2.12 (freebsd ports) and upgrade to FreeBSD 10.0-P3. > > My mail storage are on NFS with index also. > > On 2.1.15 everything is ok, and in 10-mail.conf I have the good things to be added as wiki tell me (eg http://wiki2.dovecot.org/NFS). > > BUT, when I try a single connection like : > > $ telnet ::1 110 > Trying ::1... > Connected to localhost. > Escape character is '^]'. > +OK Dovecot ready. > user test at domain > +OK > pass thebloodypass > Connection closed by foreign host. > > Looking the log : > > Jun 4 10:09:10 mail03 dovecot: master: Dovecot v2.2.12 starting up for imap, pop3, lmtp > Jun 4 10:09:20 mail03 dovecot: pop3-login: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=5540, secured, session=<7x47Jf76IQAAAAAAAAAAAAAAAAAAAAAB> > Jun 4 10:09:20 mail03 dovecot: pop3(kiwi at oav.net): Fatal: nfs flush requires mail_fsync=always > > This is very strange since : > > # doveconf -n | grep -E 'sync|nfs' > mail_fsync = always > mail_nfs_index = yes > mail_nfs_storage = yes > > > So either there is some breakage somewhere or something that is buggy somewhere... > > Here is my doveconf -n : > > # 2.2.12: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 10.0-RELEASE-p3 amd64 > auth_cache_size = 1 M > auth_mechanisms = plain login digest-md5 cram-md5 > auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% > auth_verbose = yes > disable_plaintext_auth = no > dotlock_use_excl = no > lda_mailbox_autocreate = yes > lda_mailbox_autosubscribe = yes > lmtp_rcpt_check_quota = yes > lmtp_save_to_detail_mailbox = yes > lock_method = dotlock > mail_debug = yes > mail_fsync = always > mail_location = maildir:~/Maildir:INDEX=/index/%d/%1n/%n > mail_nfs_index = yes > mail_nfs_storage = yes > mail_plugins = quota trash mail_log notify zlib fts fts_lucene > mailbox_list_index = yes > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > mmap_disable = yes > namespace inbox { > inbox = yes > location = > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > mailbox badh { > auto = subscribe > special_use = \Junk > } > mailbox spam { > auto = subscribe > special_use = \Junk > } > prefix = > } > passdb { > args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > plugin { > fts = lucene > fts_lucene = whitespace_chars=@.+ > mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename > mail_log_fields = uid box msgid size > quota = maildir > quota_grace = 10%% > quota_rule2 = Trash:storage=+10%% > quota_rule3 = spam:storage=+20%% > trash = /usr/local/etc/dovecot/dovecot-trash.conf > zlib_save = bz2 > zlib_save_level = 9 > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = wheel > mode = 0666 > user = postfix > } > } > service lmtp { > inet_listener lmtp { > port = 24 > } > } > > ssl_ca = ssl_cert = ssl_key = ssl_prefer_server_ciphers = yes > submission_host = server:25 > userdb { > args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > verbose_proctitle = yes > protocol lmtp { > mail_plugins = quota trash mail_log notify zlib fts fts_lucene sieve > } > protocol lda { > mail_plugins = quota trash mail_log notify zlib fts fts_lucene sieve > } > protocol imap { > mail_plugins = quota trash mail_log notify zlib fts fts_lucene imap_quota imap_zlib > } > protocol pop3 { > mail_plugins = quota trash mail_log notify zlib fts fts_lucene > } > > > NFS mounts on freebsd : > > 172.31.0.1:/vol/mail/data on /mail (nfs, noatime) > 172.31.0.1:/vol/mail/index/tmp on /index (nfs, noatime) > > NFS server is also a FreeBSD (with ZFS). > > I can give ssh accesss to this box. > > Regards, > Xavier -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: Message signed with OpenPGP using GPGMail URL: From skdovecot at smail.inf.fh-brs.de Wed Jun 4 10:56:26 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 4 Jun 2014 12:56:26 +0200 (CEST) Subject: [Dovecot] R: Info about sharing mail folder In-Reply-To: <007601cf7f41$6e4919c0$4adb4d40$@calloni@jodovit.com> References: <005201cf7f30$73715a40$5a540ec0$@calloni@jodovit.com> <007601cf7f41$6e4919c0$4adb4d40$@calloni@jodovit.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 3 Jun 2014, Gianluca Calloni wrote: > In folder /var/vmail/example.com/user_a i've a dovecot-acl file with " > user=test at example.com lrwstipekxa " > > IN mysql table user_shares i set: > > +---------------------+------------------+-------+ > | from_user | to_user | dummy | > +---------------------+------------------+-------+ > | user_a at example.com | test at example.com | 1 | > +---------------------+------------------+-------+ > > and the doveadm acl command: > > doveadm acl get -u user_a at example.com INBOX > ID > Global Rights > user=test at example.com > admin create delete expunge insert lookup post read write write-deleted > write-seen You have shared user_a's INBOX to test at example.com > doveadm acl get -u user_a at example.com INBOX.FOLDER_A > ID > Global Rights > user=test at example.com > admin create delete expunge insert lookup post read write write-deleted > write-seen > > doveadm acl get -u user_a at example.com INBOX.FOLDER_B > ID > Global Rights > user=test at example.com > admin create delete expunge insert lookup post read write write-deleted > write-seen > > doveadm acl get -u user_a at example.com INBOX.FOLDER_C > ID > Global Rights > user=test at example.com > admin create delete expunge insert lookup post read write write-deleted > write-seen > > Of course, user test at example.com can see all subfolder. Reading your post.. > I can set an dovecot-acl file in each subfolder to set the permission? Yes, remove all dovecot-acl files and add it into those folders you want to share. Or remove all dovecot-acl files and: doveadm acl add -u user_a at example.com INBOX.FOLDER_B \ user=test at example.com create read ... > > -----Messaggio originale----- > Da: dovecot [mailto:dovecot-bounces at dovecot.org] Per conto di Steffen Kaiser > Inviato: marted? 3 giugno 2014 15:45 > A: Dovecot Mailing List > Oggetto: Re: [Dovecot] Info about sharing mail folder > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 3 Jun 2014, Gianluca Calloni wrote: > >> But i need to know if is possible for user_a at mydomain.com to share >> only 1 or >> 2 subfolder (E.g. .INBOX.FOLDER_A and .INBOX.FOLDER_B shared, >> .INBOX_FOLDER_C not shared) > > What's the dovecot-acl in .INBOX and the three directories mentioned above? > > Or: > > doveadm acl get -u user_a at mydomain.com INBOX > doveadm acl get -u user_a at mydomain.com INBOX.FOLDER_A > doveadm acl get -u user_a at mydomain.com INBOX.FOLDER_B > doveadm acl get -u user_a at mydomain.com INBOX.FOLDER_C > > Did you've share "INBOX" instead of the the subfolders A and B? > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU477Wnz1H7kL/d9rAQJQTgf+MF+++/j56SbuXae8wZismkJhL5Z1NNHF bd8i5JqMhpSzh4dPb7IhdzJySZ7T5zJgDviCvnscldLrlb9+wAQwx6aB+iw929R4 wdtgjEE0hAnZuMpyTPvCL8gwmL4B/kpbvXZIGJbmIVgkh6iBGorHRKbSxFjlUKQW 9ZuiUsAmX4UJslJDisScJuPT6uB93K/cdOoMCa5D8a9IacDYoP3nrhH1kn3K7IXo xCNId2YoeDqA3OWzp+NM8ahS6MYqIN432oYP1eViAmY0pTHdoWKMBmTeskGY2ajz FG7CSv1x6WeEyyzdE7dSth+j4nqQIh0hkIS6vQYMuMTLuwq/rJW4dA== =8fCy -----END PGP SIGNATURE----- From cor at xs4all.nl Wed Jun 4 11:26:44 2014 From: cor at xs4all.nl (Cor Bosman) Date: Wed, 4 Jun 2014 13:26:44 +0200 Subject: [Dovecot] empty emails with 2.2.13/pigeonhole Message-ID: I recently upgraded from 2.2.10 to 2.2.13, and also upgraded pigeonhole. Ever since im seeing some empty emails appear in my inbox. Return-Path: Delivered-To: Received: from imapdirector1.xs4all.net ([194.109.26.173]) by userimap9.xs4all.nl (Dovecot) with LMTP id CHu0MUDDjlOBdwAAwvsqNQ for ; Wed, 04 Jun 2014 08:57:04 +0200 Thats all this mail contains. This only happens using LMTP/Sieve, and with many different senders/recipients. Debug log shows nothing out of the ordinary, except that the mail seems to be corrupted by the time it hits sieve. It's very hard to diagnose. Our path is kind of lengthy, and in theory it could happen everywhere. Mail first arrives on incoming MX server which is sendmail. From there it's sent to a dovecot director using lmtp, which sends it to a server that does final delivery with sieve. Im not sure where the email gets corrupted. Any extra debugging I could turn on? Two extra things to note. So far it seems to only happen to emails that would have hit a matching sieve filter rule. I have asked a dozen people to verify this, and all emails would have matched a filter if all was well. Instead, it gets dropped into the inbox because pigeonhole seems to be working with the corrupt file and cant match any rules anymore. And second, 99% of our email is handled differently, from the sendmail server directly into a local mailer, and that never causes issues. We're in the process of switching to lmtp. Any insights? cor From mihai at badici.ro Wed Jun 4 12:50:28 2014 From: mihai at badici.ro (Mihai Badici) Date: Wed, 04 Jun 2014 15:50:28 +0300 Subject: [Dovecot] dovecot shared folder In-Reply-To: <3960634.e0zxNg7Ben@arhivio> References: <3919733.59fUNqSxLb@arhivio> <3960634.e0zxNg7Ben@arhivio> Message-ID: <2155785.1NGtMOUV19@arhivio> On Wednesday 14 May 2014 08:31:57 you wrote: > On Wednesday 14 May 2014 01:02:28 you wrote: > Finally i found time to build another machine and try to debug : I found my slackbuild stripped the debug symbols so i made some changes and : Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f06319e9ffc in acl_mailbox_get_aclobj (box=0x18f3140) at acl- mailbox.c:31 31 return abox->aclobj; (gdb) bt full #0 0x00007f06319e9ffc in acl_mailbox_get_aclobj (box=0x18f3140) at acl- mailbox.c:31 abox = 0x0 #1 0x00007f06317d7599 in cmd_myrights (cmd=0x18eefd0) at imap-acl- plugin.c:331 ns = 0x18ec480 box = 0x18f3140 mailbox = 0x18cd2a8 "Public" orig_mailbox = 0x18d8bd0 "Public" rights = 0x18d5cb8 str = 0x7f0631e2e708 #2 0x000000000041c947 in command_exec (cmd=0x18eefd0) at imap-commands.c:158 hook = 0x18d60e0 ret = false #3 0x000000000041b828 in client_command_input (cmd=0x18eefd0) at imap- client.c:778 client = 0x18ee3d0 command = 0x7fffbea4e480 __FUNCTION__ = "client_command_input" #4 0x000000000041bb3c in client_command_input (cmd=0x18eefd0) at imap- client.c:839 client = 0x18ee3d0 command = 0x18d5cb8 __FUNCTION__ = "client_command_input" #5 0x000000000041bc5c in client_handle_next_command (client=0x18ee3d0, remove_io_r=0x7fffbea4e50d) at imap-client.c:877 No locals. #6 0x000000000041bce3 in client_handle_input (client=0x18ee3d0) at imap- client.c:889 _data_stack_cur_id = 3 ret = false remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" #7 0x000000000041be80 in client_input (client=0x18ee3d0) at imap-client.c:931 cmd = 0x18e2cb8 output = 0x18eee10 bytes = 23 __FUNCTION__ = "client_input" #8 0x00007f063225b5d4 in io_loop_call_io (io=0x18eeee0) at ioloop.c:441 ioloop = 0x18d5730 t_id = 2 __FUNCTION__ = "io_loop_call_io" #9 0x00007f063225d580 in io_loop_handler_run_internal (ioloop=0x18d5730) at ioloop-epoll.c:220 ctx = 0x18d63c0 events = 0x18d7230 event = 0x18d7230 list = 0x18d7e20 io = 0x18eeee0 ---Type to continue, or q to quit--- tv = {tv_sec = 1799, tv_usec = 998998} events_count = 5 msecs = 1799999 ret = 1 i = 0 j = 0 call = true __FUNCTION__ = "io_loop_handler_run_internal" #10 0x00007f063225b76e in io_loop_handler_run (ioloop=0x18d5730) at ioloop.c:488 No locals. #11 0x00007f063225b6c8 in io_loop_run (ioloop=0x18d5730) at ioloop.c:465 __FUNCTION__ = "io_loop_run" #12 0x00007f06321e8258 in master_service_run (service=0x18d55c0, callback=0x4292eb ) at master-service.c:566 No locals. #13 0x0000000000429652 in main (argc=1, argv=0x18d5390) at main.c:400 set_roots = {0x63a260 , 0x0} login_set = {auth_socket_path = 0x18cd050 "\210?\214\001", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x42909f , failure_callback = 0x429275 , request_auth_token = 1} service_flags = MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT username = 0x0 c = -1 (gdb) From mihai at badici.ro Wed Jun 4 13:11:57 2014 From: mihai at badici.ro (Mihai Badici) Date: Wed, 04 Jun 2014 16:11:57 +0300 Subject: [Dovecot] dovecot shared folder In-Reply-To: <2155785.1NGtMOUV19@arhivio> References: <3919733.59fUNqSxLb@arhivio> <3960634.e0zxNg7Ben@arhivio> <2155785.1NGtMOUV19@arhivio> Message-ID: <1966334.rJYoQlCi21@arhivio> > callback = 0x42909f , failure_callback = > 0x429275 , request_auth_token = 1} > service_flags = MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN > storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT > username = 0x0 > c = -1 That means dovecot try to find the owner of Public mailbox and found "0" (root) ? Can we explicitelly specify the owner as workaround? -- Mihai B?dici http://mihai.badici.ro From fauno at endefensadelsl.org Wed Jun 4 13:17:30 2014 From: fauno at endefensadelsl.org (=?utf-8?Q?Nicol=C3=A1s?= Reynolds) Date: Wed, 04 Jun 2014 10:17:30 -0300 Subject: [Dovecot] /etc/passwd userdb and long usernames Message-ID: <87d2eoddat.fsf@endefensadelsl.org> hi! i've configured dovecot to lookup usernames in /etc/passwd and it's working ok but it's having some problems retrieving info when the username is longer than 32 chars (i know it isn't recommended but everything seemed to work ok except for the hardcoded limit in useradd...) i found this on logs showing extra characters on the home field: http://pastie.org/pastes/9257902/text?key=vsxstofu3rf5wum4aic5va is there a limit on username length? i "solved" it by setting auth_username_format = %0.30u -- http://partidopirata.com.ar -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 619 bytes Desc: not available URL: From rs at sys4.de Wed Jun 4 13:25:12 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 04 Jun 2014 15:25:12 +0200 Subject: [Dovecot] empty emails with 2.2.13/pigeonhole In-Reply-To: References: Message-ID: <538F1E38.4090803@sys4.de> Am 04.06.2014 13:26, schrieb Cor Bosman: > I recently upgraded from 2.2.10 to 2.2.13, and also upgraded pigeonhole. Ever since im seeing some empty emails appear in my inbox. > > Return-Path: > Delivered-To: > Received: from imapdirector1.xs4all.net ([194.109.26.173]) > by userimap9.xs4all.nl (Dovecot) with LMTP id CHu0MUDDjlOBdwAAwvsqNQ > for ; Wed, 04 Jun 2014 08:57:04 +0200 > > Thats all this mail contains. This only happens using LMTP/Sieve, and with many different senders/recipients. Debug log shows nothing out of the ordinary, except that the mail seems to be corrupted by the time it hits sieve. It's very hard to diagnose. Our path is kind of lengthy, and in theory it could happen everywhere. > > Mail first arrives on incoming MX server which is sendmail. From there it's sent to a dovecot director using lmtp, which sends it to a server that does final delivery with sieve. Im not sure where the email gets corrupted. Any extra debugging I could turn on? > > Two extra things to note. So far it seems to only happen to emails that would have hit a matching sieve filter rule. I have asked a dozen people to verify this, and all emails would have matched a filter if all was well. Instead, it gets dropped into the inbox because pigeonhole seems to be working with the corrupt file and cant match any rules anymore. And second, 99% of our email is handled differently, from the sendmail server directly into a local mailer, and that never causes issues. We're in the process of switching to lmtp. > > Any insights? > > cor > perhaps this helps, if youre sure sieve is the problem http://pigeonhole.dovecot.org/doc/man1/sieve-test.1.html#lbAH Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From list at airstreamcomm.net Wed Jun 4 13:55:04 2014 From: list at airstreamcomm.net (List) Date: Wed, 04 Jun 2014 08:55:04 -0500 Subject: [Dovecot] NoSQL support Message-ID: <538F2538.7000309@airstreamcomm.net> Is there any support for NoSQL databases such as Cassandra (CQL) or MongoDB now or planned in the future for userdb and passdb lookups? From katja.wegner92 at web.de Wed Jun 4 14:21:04 2014 From: katja.wegner92 at web.de (Katja Wegner) Date: Wed, 4 Jun 2014 16:21:04 +0200 Subject: [Dovecot] IMAP copy fails because the mailbox size of user1 is exceeding the quota limit of user2?? Message-ID: Hi all, I do have a mailbox-quota problem in dovecot 2.0.19 that is beond my understanding. Could someone pls. give me a hint. - user1 max. mailbox quota is set to 1GB, the current mailbox size of user1 is 15MB - user2 max. mailbox quota is set to 10MB, the current mailbox size of user1 is 10kB - user1 shares the folder 'shared_folder' to user2 with all rights (read, write ...) - user2 has subscribed to 'shared_folder' the problem: - user2 tries to move a mail (20kB) to the shared folder via telnet: ". copy 1:1 shared/user1/shared_folder" - it fails with: "NO [OVERQUOTA] Quota exceeded (mailbox for user is full)" - copying the same mail to a local folder of user2 works without problems. - After I raised the max. mailbox quota of user2 from 10MB to 16MB it was possible to move the mail to the 'shared_folder' of user1. It looks like the copy operation fails because the mailbox size of user1 is exceeding the quota limit of user2! Is this possible? Is this a bug? Do I have a configuration problem? dovecot -n # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.5.0-51-generic x86_64 Ubuntu 12.04.4 LTS ext4 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes dict { sqldomainquota = mysql:/etc/dovecot/dovecot-sql-domain.conf sqluserquota = mysql:/etc/dovecot/dovecot-dict-sql-user.conf } first_valid_uid = 150 last_valid_uid = 150 mail_debug = yes mail_gid = mail mail_location = maildir:/var/vmail/%d/%n mail_plugins = " quota quota acl" mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacati on subaddress comparator-i;ascii-numeric relational regex imap4flags copy includ e variables body enotify environment mailbox date ihave namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/var/vmail/mydomain.de/%%n:CONTROL=/var/vmail/mydomain.de/%n/ shared/%%n:INDEX=/var/vmail/mydomain.de/%n/shared/%%n prefix = shared/%%n/ separator = / subscriptions = yes type = shared } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes.db quota = dict:User quota::proxy::sqluserquota quota_rule2 = shared:ignore sieve = ~/_dovecot_sieve sieve_dir = ~/sieve } postmaster_address = kontakt at mydomain.de protocols = imap pop3 sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = mail mode = 0600 user = vmail } } service dict { unix_listener dict { mode = 0600 user = vmail } } ssl_cert = was automatically rejected:%n%r } From stephan at rename-it.nl Wed Jun 4 16:29:20 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 04 Jun 2014 18:29:20 +0200 Subject: [Dovecot] empty emails with 2.2.13/pigeonhole In-Reply-To: References: Message-ID: <538F4960.70408@rename-it.nl> On 6/4/2014 1:26 PM, Cor Bosman wrote: > I recently upgraded from 2.2.10 to 2.2.13, and also upgraded pigeonhole. Ever since im seeing some empty emails appear in my inbox. > > Return-Path: > Delivered-To: > Received: from imapdirector1.xs4all.net ([194.109.26.173]) > by userimap9.xs4all.nl (Dovecot) with LMTP id CHu0MUDDjlOBdwAAwvsqNQ > for ; Wed, 04 Jun 2014 08:57:04 +0200 > > Thats all this mail contains. This only happens using LMTP/Sieve, and with many different senders/recipients. Debug log shows nothing out of the ordinary, except that the mail seems to be corrupted by the time it hits sieve. It's very hard to diagnose. Our path is kind of lengthy, and in theory it could happen everywhere. > > Mail first arrives on incoming MX server which is sendmail. From there it's sent to a dovecot director using lmtp, which sends it to a server that does final delivery with sieve. Im not sure where the email gets corrupted. Any extra debugging I could turn on? > > Two extra things to note. So far it seems to only happen to emails that would have hit a matching sieve filter rule. I have asked a dozen people to verify this, and all emails would have matched a filter if all was well. Instead, it gets dropped into the inbox because pigeonhole seems to be working with the corrupt file and cant match any rules anymore. And second, 99% of our email is handled differently, from the sendmail server directly into a local mailer, and that never causes issues. We're in the process of switching to lmtp. -> Can you tell me more about your config? Do you use any of the more obscure features like extprograms? -> You can use vnd.dovecot.debug in combination with the variables extension to see whether Sieve even gets a sensible message or not: http://hg.rename-it.nl/dovecot-2.1-pigeonhole/raw-file/tip/doc/rfc/spec-bosch-sieve-debug.txt -> The thing I find strange is that the headers you show are all added to the message in LMTP before it is fed to Sieve. It is unlikely that Sieve somehow delivers half a message, so my current hunch is that it happens before Sieve gets it. An LMTP transaction like the following: 220 host Dovecot ready. lhlo frop 250-host 250-8BITMIME 250-CHUNKING 250-DSN 250-ENHANCEDSTATUSCODES 250-PIPELINING 250 STARTTLS mail from: 250 2.1.0 OK rcpt to: 250 2.1.5 OK data 354 OK . 250 2.0.0 t+tYKQ9Hj1MBEwAAg5GDIQ Saved quit 221 2.0.0 Bye Yields: Return-Path: Delivered-To: Received: from frop ([127.0.0.1]) by host (Dovecot) with LMTP id t+tYKQ9Hj1MBEwAAg5GDIQ for ; Wed, 04 Jun 2014 18:19:34 +0200 So, my guess is that the message is empty before it arrives at the final LMTP. Can you sniff the traffic to that LMTP server? Regards, Stephan. From mihai at badici.ro Wed Jun 4 17:16:55 2014 From: mihai at badici.ro (Mihai Badici) Date: Wed, 04 Jun 2014 20:16:55 +0300 Subject: [Dovecot] dovecot shared folder In-Reply-To: <1553074.7h4EY7rkBs@arhivio> References: <3919733.59fUNqSxLb@arhivio> <1553074.7h4EY7rkBs@arhivio> Message-ID: <5336079.HVesG5qVJ0@arhivio> I think I broke the thread. It was a follow up of this post from May 12: >I try to create a shared directory in dovecot. When accessing ( from >roundcube) i can't subscribe or list the namespace. It looks like I don't >have rights. >This is an extract from debug log: When I try to create a new folder in >"Public" (i don't have rights, but i can try) loooks like the process crash: >May 12 23:10:07 imap: Debug: Module loaded: >/usr/lib/dovecot/lib01_acl_plugin.so May 12 23:10:07 imap: Debug: Module loy >12 23:10:07 imap(Mihai.*Badici*): Debug: acl vfile: file /etc/dovecot/dovecot- >acl//.DEFAULT not found May 12 23:10:07 imap(Mihai.*Badici*): Debug: acl vfile: >reading file /home/dovecot/public/dovecot-acl May 12 23:10:07 >imap(Mihai.*Badici*): Fatal: master: service(imap): child 5013 killed with >signal 11 (core dumps disabled) On Tuesday 13 May 2014 22:12:38 you wrote: > On Tuesday 13 May 2014 15:53:55 you wrote: > > On 13.5.2014, at 10.21, Mihai Badici wrote: > > > I try to create a shared directory in dovecot. > > > When accessing ( from roundcube) i can't subscribe or list the > > > namespace. > > > It looks like I don't have rights. > > > > > > This is an extract from debug log: > > > When I try to create a new folder in "Public" (i don't have rights, but > > > i > > > can > > > > > try) loooks like the process crash: > > .. > > > > > May 12 23:10:07 imap(Mihai.Badici): Fatal: master: service(imap): child > > > 5013 killed with signal 11 (core dumps disabled) > > > > Yep. Can you get gdb backtrace? http://dovecot.org/bugreport.html > > I have this: > (gdb) core /home/dovecot/private/Mihai.Badici/core > [New LWP 1186] > Failed to read a valid object file image from memory. > Core was generated by `dovecot/imap'. > Program terminated with signal 11, Segmentation fault. > #0 0xb756b4b3 in ?? () -- Mihai B?dici http://mihai.badici.ro From patrick at spamreducer.eu Wed Jun 4 17:35:08 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Wed, 4 Jun 2014 19:35:08 +0200 Subject: [Dovecot] General questions about TCP replication with dsync Message-ID: <00c301cf801b$5441e270$fcc5a750$@spamreducer.eu> Hi Guys, I would like to question why I see this errors in my logs. Let explain me! Dovecot version: 2.2.9 (on Ubuntu 14.04 LTS) I?ve configured our dovecot servers (2 servers) to do the TCP replication with dsync. This is working flawless. 1. Question: In logs I can see this errors on every sync (on the ?slave? server / server without changes which should be updated): ---8<----------------------------------------------------------------------- ---------------------------------------------------------------------------- ---- dsync-server(email at example.com): Error: net_connect_unix(/var/run/dovecot/replicator-doveadm) failed: Permission denied ---8<----------------------------------------------------------------------- ---------------------------------------------------------------------------- ---- Googling a bit gave me the information ?This should be normal?..? Well ok, errors in logs are not nice to see, but can someone confirm this is really ok? Timo? 2. Question (much more important): We are using sieve scripts for our users, they are replicated to the replica-host but this errors appears in logs on every synchronized message: ---8<----------------------------------------------------------------------- ---------------------------------------------------------------------------- ---- dsync-server(email at example.com): Error: Failed to access mailbox dovecot/sieve: Internal error occurred. Refer to server log for more information. dsync-server(email at example.com): Error: stat(/var/vmail/example.com/email/.dovecot.sieve/tmp) failed: Not a directory ---8<----------------------------------------------------------------------- ---------------------------------------------------------------------------- ---- So what?s going on there? This is strange and should not be, right? Any hints? Thank you very much! --------------------------------------------------------------------- Mit freundlichen Gr??en / Distinti saluti / Kind regards De Zordo Patrick patrick at spamreducer.eu From rs at sys4.de Wed Jun 4 17:41:42 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 04 Jun 2014 19:41:42 +0200 Subject: [Dovecot] General questions about TCP replication with dsync In-Reply-To: <00c301cf801b$5441e270$fcc5a750$@spamreducer.eu> References: <00c301cf801b$5441e270$fcc5a750$@spamreducer.eu> Message-ID: <538F5A56.60301@sys4.de> Am 04.06.2014 19:35, schrieb Patrick De Zordo: > Hi Guys, > > I would like to question why I see this errors in my logs. > > > > Let explain me! > > > > Dovecot version: 2.2.9 (on Ubuntu 14.04 LTS) > > > > I?ve configured our dovecot servers (2 servers) to do the TCP replication > with dsync. > > This is working flawless. > > > > 1. Question: > > In logs I can see this errors on every sync (on the ?slave? server / server > without changes which should be updated): > > ---8<----------------------------------------------------------------------- > ---------------------------------------------------------------------------- > ---- > > dsync-server(email at example.com): Error: > net_connect_unix(/var/run/dovecot/replicator-doveadm) failed: Permission > denied > > ---8<----------------------------------------------------------------------- > ---------------------------------------------------------------------------- > ---- > > > > Googling a bit gave me the information ?This should be normal?..? > > Well ok, errors in logs are not nice to see, but can someone confirm this is > really ok? Timo? > > > > 2. Question (much more important): > > We are using sieve scripts for our users, they are replicated to the > replica-host but this errors appears in logs on every synchronized message: > > ---8<----------------------------------------------------------------------- > ---------------------------------------------------------------------------- > ---- > > dsync-server(email at example.com): Error: Failed to access mailbox > dovecot/sieve: Internal error occurred. Refer to server log for more > information. > > dsync-server(email at example.com): Error: > stat(/var/vmail/example.com/email/.dovecot.sieve/tmp) failed: Not a > directory > > ---8<----------------------------------------------------------------------- > ---------------------------------------------------------------------------- > ---- > > > > So what?s going on there? > > This is strange and should not be, right? > > Any hints? > > > > Thank you very much! > > > > --------------------------------------------------------------------- > > Mit freundlichen Gr??en / Distinti saluti / Kind regards > > De Zordo Patrick > > patrick at spamreducer.eu > > > 2.2.9 is not recent, before debug you might upgrade see http://hg.dovecot.org/dovecot-2.2/log?rev=replicator also you missed to attach your dove conf Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From patrick at spamreducer.eu Wed Jun 4 17:53:19 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Wed, 4 Jun 2014 19:53:19 +0200 Subject: [Dovecot] General questions about TCP replication with dsync In-Reply-To: <538F5A56.60301@sys4.de> References: <00c301cf801b$5441e270$fcc5a750$@spamreducer.eu> <538F5A56.60301@sys4.de> Message-ID: <000601cf801d$dec73d80$9c55b880$@spamreducer.eu> > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von Robert > Schetterer > Gesendet: Mittwoch, 4. Juni 2014 19:42 > An: dovecot at dovecot.org > Betreff: Re: [Dovecot] General questions about TCP replication with dsync > > Am 04.06.2014 19:35, schrieb Patrick De Zordo: > > Hi Guys, > > > > I would like to question why I see this errors in my logs. > > > > > > > > Let explain me! > > > > > > > > Dovecot version: 2.2.9 (on Ubuntu 14.04 LTS) > > > > > > > > I?ve configured our dovecot servers (2 servers) to do the TCP replication > > with dsync. > > > > This is working flawless. > > > > > > > > 1. Question: > > > > In logs I can see this errors on every sync (on the ?slave? server / server > > without changes which should be updated): > > > > ---8<----------------------------------------------------------------------- > > ---------------------------------------------------------------------------- > > ---- > > > > dsync-server(email at example.com): Error: > > net_connect_unix(/var/run/dovecot/replicator-doveadm) failed: > Permission > > denied > > > > ---8<----------------------------------------------------------------------- > > ---------------------------------------------------------------------------- > > ---- > > > > > > > > Googling a bit gave me the information ?This should be normal?..? > > > > Well ok, errors in logs are not nice to see, but can someone confirm this is > > really ok? Timo? > > > > > > > > 2. Question (much more important): > > > > We are using sieve scripts for our users, they are replicated to the > > replica-host but this errors appears in logs on every synchronized message: > > > > ---8<----------------------------------------------------------------------- > > ---------------------------------------------------------------------------- > > ---- > > > > dsync-server(email at example.com): Error: Failed to access mailbox > > dovecot/sieve: Internal error occurred. Refer to server log for more > > information. > > > > dsync-server(email at example.com): Error: > > stat(/var/vmail/example.com/email/.dovecot.sieve/tmp) failed: Not a > > directory > > > > ---8<----------------------------------------------------------------------- > > ---------------------------------------------------------------------------- > > ---- > > > > > > > > So what?s going on there? > > > > This is strange and should not be, right? > > > > Any hints? > > > > > > > > Thank you very much! > > > > > > > > --------------------------------------------------------------------- > > > > Mit freundlichen Gr??en / Distinti saluti / Kind regards > > > > De Zordo Patrick > > > > patrick at spamreducer.eu > > > > > > > > 2.2.9 is not recent, before debug you might upgrade > Well, not so easy.. we are working on a productive server; this version ships as default for this distro.. I don't even know how to compile my own dovecot version.. > see > http://hg.dovecot.org/dovecot-2.2/log?rev=replicator > > also you missed to attach your dove conf > Relevant config parts: --- /etc/dovecot/conf.d/10-mail.conf --- ---8<----------------------------------------------------------------------- mail_plugins = $mail_plugins notify replication ---8<----------------------------------------------------------------------- --- /etc/dovecot/conf.d/99-replication.conf --- ---8<----------------------------------------------------------------------- service aggregator { fifo_listener replication-notify-fifo { mode = 0666 } unix_listener replication-notify { mode = 0666 } } service replicator { unix_listener replicator-doveadm { mode = 0600 } } service doveadm { inet_listener { port = 999 } } doveadm_password = secret replication_max_conns = 1 plugin { mail_replica = tcp:server2.example.com:999 } ---8<----------------------------------------------------------------------- Thank you for any hint! > Best Regards > MfG Robert Schetterer > > -- > [*] sys4 AG > > http://sys4.de, +49 (89) 30 90 46 64 > Franziskanerstra?e 15, 81669 M?nchen > > Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Wed Jun 4 20:41:53 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 04 Jun 2014 22:41:53 +0200 Subject: [Dovecot] General questions about TCP replication with dsync In-Reply-To: <000601cf801d$dec73d80$9c55b880$@spamreducer.eu> References: <00c301cf801b$5441e270$fcc5a750$@spamreducer.eu> <538F5A56.60301@sys4.de> <000601cf801d$dec73d80$9c55b880$@spamreducer.eu> Message-ID: <538F8491.1070404@sys4.de> Am 04.06.2014 19:53, schrieb Patrick De Zordo: > Well, not so easy.. we are working on a productive server; this version ships as default for this distro.. > I don't even know how to compile my own dovecot version.. see http://wiki2.dovecot.org/PrebuiltBinaries#Automatically_Built_Packages or https://launchpad.net/~mamarley/+archive/updates/+packages recompile https://sys4.de/de/blog/2013/06/17/dovecot-patching-mit-debian-und-ubuntu/ sorry german Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From dclist.hook at hook.net.nz Wed Jun 4 21:00:03 2014 From: dclist.hook at hook.net.nz (Bruce) Date: Thu, 05 Jun 2014 09:00:03 +1200 Subject: [Dovecot] Odd ownership of the dovecot-uidlist file In-Reply-To: References: <538E3594.5090006@hook.net.nz> Message-ID: <538F88D3.1020502@hook.net.nz> Hi Steffen, See my responses below, On 04/06/14 18:52, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 4 Jun 2014, Bruce wrote: > >> Please see my responses below, > I dislike top posting anyway :-) > Yeah, its habit as I deal with people who top post and reply with 'Your email had nothing in it' if I don't say there is more below. >> >Jun 3 11:38:51 brio dovecot: Dovecot postlogin.sh running as >> hamish at XXXXX >>>> >(/mnt/spool/keepers/h/XXXXX/hamish) userid = 7053 (7053) - uidlist >>>> = 26624 >>>> >Jun 3 11:38:51 brio dovecot: Dovecot for hamish at XXXXX finished, >>>> uidlist now = >>>> >26624 >>> who is user 26624? Is the uid valid at all? If it is invalid, are there >>> other files owned by this uid? Maybe only one of your NFS server has >>> this >>> uid in its /etc/passwd? Is user "hamish" shared to another user >>> somehow, >>> either via symlinks, ACLs, ...? >> UID 26624 is a valid user ('info' of domain14552) but under a >> compleltly different domain name (hamish is under domain25367). >> However that user has also not logged in around the time the >> ownership was changed. There is no relevance to the two users, except >> that they exist on the system and for some reason this issue happened >> to the hamish user. > That means: no sharing, right ? Correct. >> The NFS server does not know about the UIDs, it just provides the >> numeric IDs which is translated on the dovecot/exim servers by NSS >> and Dovecotr using the replicated MySQL database. Additionally both >> users have existed for some time and the databases are in sync. >> Customers also do not have any access to the file system so there >> will be no symlinks in place. >> >> Its also not a single server that we are seeing the issue on, it >> maybe one Dovecot server accessing one NFS server. Then the next time >> its a different Dovecot server accessing a different NFS server. > Because it's NFS, any server accessing this NFS export may alter the > ownership, because I still do not believe it's a Dovecot IMAP/POP > issue ;-) > But we would see this with any application and file that is on NFS, in this case it is only ever one particular file, and only happened after changing to Dovecot (Previous to that we have had this NFS set up in place for 7 years). >> Nothing besides Courier being replaced by Dovecot has changed in the >> server setup (although I could be wrong there, but we are going >> through one component at a time and until this issue is resolved we >> are not moving onto the next), and the only file which is being >> modified is a file which only Dovecot maintains. > Could there be Courier-related left-over scripts running? Its highly unlikely, and why would a courier script want to modify the ownership of a Dovecot file. >> There are hourly backups which do an rsync to another server in case >> of hardware failure, there are scripts which move mailboxes between >> NFS servers but they show up in logs. Exim has no need to touch a >> dovecot controlled file, and when it writes mail into the maildir its >> writing as the correct user. > How does exim deliver the messages to the user storage? Via > Dovecot-Deliver or directly. I interprete your sentence, that the > messages are dropped directly. > 00 Exim does it directly, once again no need for it to touch a file which Dovecot creates and maintains. >> possibly something we have done in the config (which I posted in my >> first email). Is there a reliable way to run a script directly when a >> dovecot session starts and finishes so we could output the ownership >> before and after which may also help eliminate the session itself. > Your post-login script does exactly that. That leaves the message > delivery, if you do so via Dovecot deliver. LMTP seems to be off. > I thought that's what should happen but looking at timestamps of the logins after the change, the permission denied always comes after the postlogin script completes, which means something happens after then. Jun 3 12:56:31 gettas dovecot: pop3(celia at xxx): Mailbox init failed top=0 (0 b), retr=0 (0 b), messages=0 (0 b), del=0 Jun 3 12:56:32 gettas dovecot: pop3-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=19655, TLS, session= Jun 3 12:56:32 gettas dovecot: Dovecot postlogin.sh running as celia at xxx/celia) userid = 41410 (41410) - uidlist = 7903 Jun 3 12:56:32 gettas dovecot: Dovecot for celia at xxx finished, uidlist now = 7903 <---- POSTLOGIN.SH ENDS HERE Jun 3 12:56:32 gettas dovecot: pop3(celia at xxx/celia/Maildir/dovecot-uidlist) failed: Permission denied Jun 3 12:56:32 gettas dovecot: pop3(celia at xxx/celia/Maildir/dovecot-uidlist) failed: Permission denied Jun 3 12:56:32 gettas dovecot: pop3(celia at xxx): Error: Couldn't init INBOX: Internal error occurred. Refer to server log for more information. [2014-06-03 12:56:32] Jun 3 12:56:32 gettas dovecot: pop3(celia at xxx): Mailbox init failed top=0 (0 b), retr=0 (0 b), messages=0 (0 b), del=0 I could put this down to same microsecond and syslog recording in a different order, but its consistently in this order. > I'm not sure if inotify works via NFS as Peter suggested, but that > would my next idea as well. Let inotify wait for changes on that file, > then fire up a script to capture "ps gaux" and maybe more. > > If you have SELinux running, maybe you can trigger a warning there? I > don't know much about SELinux. We don't have SELinux running, and unfortunately we are talking over 400,000 mailboxes (200,000 domains) which this could happen randomly too and adding inotify requires a file handle to be opened per file, which would make the servers unstable. I have found a piece of code in the Dovecot source which I'm wondering about, so I am going to compile up a custom version and see if it continues to happen. Of course with it happening randomly being able to confirm its still happening is going to take time. So if anyone has any other ideas where to look I would be appreciative. Cheers, Bruce From deano-dovecot at areyes.com Thu Jun 5 00:50:18 2014 From: deano-dovecot at areyes.com (deano-dovecot at areyes.com) Date: Wed, 04 Jun 2014 20:50:18 -0400 Subject: [Dovecot] General questions about TCP replication with dsync In-Reply-To: <538F8491.1070404@sys4.de> References: "<00c301cf801b$5441e270$fcc5a750$@spamreducer.eu>" <538F5A56.60301@sys4.de> <000601cf801d$dec73d80$9c55b880$@spamreducer.eu> <538F8491.1070404@sys4.de> Message-ID: How does this affect the other packages and the dependencies ? For example, my test system is an Ubuntu 14.04/trusty box ... $ dpkg -l dove* | fgrep ii ii dovecot-antispam 2.0+20130822-2build1 Dovecot plugins for training spam filters ii dovecot-core 1:2.2.9-1ubuntu2.1 secure POP3/IMAP server - core files ii dovecot-imapd 1:2.2.9-1ubuntu2.1 secure POP3/IMAP server - IMAP daemon ii dovecot-lmtpd 1:2.2.9-1ubuntu2.1 secure POP3/IMAP server - LMTP server ii dovecot-managesieved 1:2.2.9-1ubuntu2.1 secure POP3/IMAP server - ManageSieve server ii dovecot-sieve 1:2.2.9-1ubuntu2.1 secure POP3/IMAP server - Sieve filters support ii dovecot-solr 1:2.2.9-1ubuntu2.1 secure POP3/IMAP server - Solr support So rather than the stock _sudo apt-get install dovecot-imapd dovecot-sieve dovecot-antispam dovecot-managesieved dovecot-lmtpd dovecot-solr_ one would install _dovecot_ from the MAMARLEY PPA ? To integrate cleanly it would have to "Provides: dovecot-common" and "Replaces: dovecot-common, mailavenger" like the stock dovecot-core does. While we can and do use non-stock packages, we really try to stay with stock(ish) packages as much as possible to ease upgrade administration. I'm dealing with a slew of custom apache2 installs, all unique, on a bunch of old Cent 5.2 boxes right now, and it's a mighty pain. D. On 2014-06-04 16:41, Robert Schetterer wrote: > Am 04.06.2014 19:53, schrieb Patrick De Zordo: > >> Well, not so easy.. we are working on a productive server; this version ships as default for this distro.. I don't even know how to compile my own dovecot version.. > > see > > http://wiki2.dovecot.org/PrebuiltBinaries#Automatically_Built_Packages > > or > > https://launchpad.net/~mamarley/+archive/updates/+packages > > recompile > > https://sys4.de/de/blog/2013/06/17/dovecot-patching-mit-debian-und-ubuntu/ From rs at sys4.de Thu Jun 5 04:36:19 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 05 Jun 2014 06:36:19 +0200 Subject: [Dovecot] General questions about TCP replication with dsync In-Reply-To: References: "<00c301cf801b$5441e270$fcc5a750$@spamreducer.eu>" <538F5A56.60301@sys4.de> <000601cf801d$dec73d80$9c55b880$@spamreducer.eu> <538F8491.1070404@sys4.de> Message-ID: <538FF3C3.7020508@sys4.de> Am 05.06.2014 02:50, schrieb deano-dovecot at areyes.com: > we really try to stay with stock(ish) packages as much as > possible to ease upgrade administration I understand, but Timo does heavy debug, so its up to the ubuntu mantainers to keep dove version up2date. I never used the Ubuntu Distro packages. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From gianluca.calloni at jodovit.com Thu Jun 5 09:16:03 2014 From: gianluca.calloni at jodovit.com (Gianluca Calloni) Date: Thu, 5 Jun 2014 11:16:03 +0200 Subject: [Dovecot] R: R: Info about sharing mail folder In-Reply-To: References: <005201cf7f30$73715a40$5a540ec0$@calloni@jodovit.com> <007601cf7f41$6e4919c0$4adb4d40$@calloni@jodovit.com> Message-ID: <001701cf809e$c66acd70$53406850$@calloni@jodovit.com> Ok. Now it work's fine and i can share only some subfolder to specified user. Only the commad you siggest me >> doveadm acl add -u user_a at example.com INBOX.FOLDER_B user=test at example.com create read << is not working. I just make all by hand (file by file...) Thank you Steffen Have a nice day -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 3 Jun 2014, Gianluca Calloni wrote: > In folder /var/vmail/example.com/user_a i've a dovecot-acl file with " > user=test at example.com lrwstipekxa " > > IN mysql table user_shares i set: > > +---------------------+------------------+-------+ > | from_user | to_user | dummy | > +---------------------+------------------+-------+ > | user_a at example.com | test at example.com | 1 | > +---------------------+------------------+-------+ > > and the doveadm acl command: > > doveadm acl get -u user_a at example.com INBOX ID Global Rights > user=test at example.com admin create delete expunge insert lookup post > read write write-deleted write-seen You have shared user_a's INBOX to test at example.com > doveadm acl get -u user_a at example.com INBOX.FOLDER_A ID Global Rights > user=test at example.com admin create delete expunge insert lookup post > read write write-deleted write-seen > > doveadm acl get -u user_a at example.com INBOX.FOLDER_B ID Global Rights > user=test at example.com admin create delete expunge insert lookup post > read write write-deleted write-seen > > doveadm acl get -u user_a at example.com INBOX.FOLDER_C ID Global Rights > user=test at example.com admin create delete expunge insert lookup post > read write write-deleted write-seen > > Of course, user test at example.com can see all subfolder. Reading your post.. > I can set an dovecot-acl file in each subfolder to set the permission? Yes, remove all dovecot-acl files and add it into those folders you want to share. Or remove all dovecot-acl files and: doveadm acl add -u user_a at example.com INBOX.FOLDER_B \ user=test at example.com create read ... > > -----Messaggio originale----- > Da: dovecot [mailto:dovecot-bounces at dovecot.org] Per conto di Steffen > Kaiser > Inviato: marted? 3 giugno 2014 15:45 > A: Dovecot Mailing List > Oggetto: Re: [Dovecot] Info about sharing mail folder > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 3 Jun 2014, Gianluca Calloni wrote: > >> But i need to know if is possible for user_a at mydomain.com to share >> only 1 or >> 2 subfolder (E.g. .INBOX.FOLDER_A and .INBOX.FOLDER_B shared, >> .INBOX_FOLDER_C not shared) > > What's the dovecot-acl in .INBOX and the three directories mentioned above? > > Or: > > doveadm acl get -u user_a at mydomain.com INBOX doveadm acl get -u > user_a at mydomain.com INBOX.FOLDER_A doveadm acl get -u > user_a at mydomain.com INBOX.FOLDER_B doveadm acl get -u > user_a at mydomain.com INBOX.FOLDER_C > > Did you've share "INBOX" instead of the the subfolders A and B? > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU477Wnz1H7kL/d9rAQJQTgf+MF+++/j56SbuXae8wZismkJhL5Z1NNHF bd8i5JqMhpSzh4dPb7IhdzJySZ7T5zJgDviCvnscldLrlb9+wAQwx6aB+iw929R4 wdtgjEE0hAnZuMpyTPvCL8gwmL4B/kpbvXZIGJbmIVgkh6iBGorHRKbSxFjlUKQW 9ZuiUsAmX4UJslJDisScJuPT6uB93K/cdOoMCa5D8a9IacDYoP3nrhH1kn3K7IXo xCNId2YoeDqA3OWzp+NM8ahS6MYqIN432oYP1eViAmY0pTHdoWKMBmTeskGY2ajz FG7CSv1x6WeEyyzdE7dSth+j4nqQIh0hkIS6vQYMuMTLuwq/rJW4dA== =8fCy -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Thu Jun 5 11:28:07 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 5 Jun 2014 13:28:07 +0200 (CEST) Subject: [Dovecot] IMAP copy fails because the mailbox size of user1 is exceeding the quota limit of user2?? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 4 Jun 2014, Katja Wegner wrote: > Date: Wed, 4 Jun 2014 16:21:04 +0200 > From: Katja Wegner > To: dovecot at dovecot.org > Subject: [Dovecot] IMAP copy fails because the mailbox size of user1 is > exceeding the quota limit of user2?? > > Hi all, > I do have a mailbox-quota problem in dovecot 2.0.19 that is beond my understanding. > Could someone pls. give me a hint. > > - user1 max. mailbox quota is set to 1GB, the current mailbox size of user1 is 15MB > - user2 max. mailbox quota is set to 10MB, the current mailbox size of user1 is 10kB > - user1 shares the folder 'shared_folder' to user2 with all rights (read, write ...) > - user2 has subscribed to 'shared_folder' > > the problem: > > - user2 tries to move a mail (20kB) to the shared folder via telnet: ". copy 1:1 shared/user1/shared_folder" > - it fails with: "NO [OVERQUOTA] Quota exceeded (mailbox for user is full)" > - copying the same mail to a local folder of user2 works without problems. > - After I raised the max. mailbox quota of user2 from 10MB to 16MB it was possible to move the mail to the 'shared_folder' of user1. See my message "quota using wrong limits in user shared mailboxes" from 13 Mar 2014 10:59:23. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5BUSHz1H7kL/d9rAQKSZQf+I7e5kHxuxeEDA+doD5IIBcPtLA9y7Mso Xtky/+2iFU1A3j3TuhApYK7p9Pasuz8riQX+KM1ecdS73BIjcalfCgxVVZ5/I/55 /ycp9SlXdAA9qMsBFKH2pW9UQ2/MJ5Ddt1dpr8d4GgKk1AKjX/2oE4UbS/dZ8nI3 SzBZOVt336gH3mFwLTubAJYXFscxc6e02cavi7Jaovf4mucc0o+KSfXOgPV0W708 B+uHs1ZyzCbNDxtsmjuj2AZnbdhF8sdnRESQAU12suBIDbfEgFCH+74uWK+PICG/ Jxghgye5nS3GH2rHU4qftib8suNBKkMgR2Q+9KCbX3RHgUd5s3Dq8w== =tQ0j -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Thu Jun 5 11:39:50 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 5 Jun 2014 13:39:50 +0200 (CEST) Subject: [Dovecot] [dovecot]Quota per user from openldap In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 27 May 2014, Selcuk Yazar wrote: > in dovecot documentation i try to implement quota per users. > > i added dovecot-ldap.conf file > user_attrs = homeDirectory=home, uidNumber=uid, gidNumber=gid, > mailbox=mail, quota=quota_rule=*:bytes=%$ > > and i see in logs > quota(quota_rule=*:bytes=%$)=*:bytes=241800 > > Debug: Added userdb setting: plugin/quota_rule=*:bytes=241800 is the quota correct at all, the limit and the current value, see: doveadm quota get -u and it's companion "recalc". - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5BXBnz1H7kL/d9rAQLSVQf+Imtw+iRGs/upcKJV3QzR8fIVU5Sykt5z smyKTINS54WS7oaErL4hPy3Si0r3XModQaQFTA30e4DzZTOix7bQh4+Xpc0p4yHM YsnXNBEWZy+/vQblLqqbEYKBkEfUGW7yYQ1dw1vztKfYtqN07DU0jvd7SMD1W/Ra tVYOAy/0AFG58qTAYG/kk93Qr+pZ/HZlSpOy+wQRta8LK6u5lpJdPP8yTXGrQSV/ fcNKl0kmHVk/er498ecSvPmUoPKPG9mSpqXhZNC0jhlV+XIfSZbx4gPpdZ8++At4 ACOhH1Bw//6QIgtWCfABgnJExZJeiUNAprpGAeDYhfwngdqO2LTV5Q== =F4Le -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Thu Jun 5 11:42:05 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 5 Jun 2014 13:42:05 +0200 (CEST) Subject: [Dovecot] SQL passdb, LDAP userdb In-Reply-To: <53842244.8030806@niif.hu> References: <53842244.8030806@niif.hu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 27 May 2014, Kristof Bajnok wrote: > in my current setup, LDAP authentication + userdb works fine. > > I'd like to integrate Dovecot with Shibboleth. I have a custom module at > the IdP (*) that inserts short-time tokens to an SQL table at user > authentication, and I want Dovecot to use the token table for passdb but > keep LDAP for storing the userdb (uid, quota, etc) > > I thought it was simple as omitting the sql user_query, but I got: > Warning: mysql: Query failed, retrying: Table 'webmail.users' doesn't > exist > Error: sql(user at domain,ipaddr): User query failed: Table > 'webmail.users' doesn't exist (using built-in default user_query: SELECT > home, uid, gid FROM users WHERE username = '%n' AND domain = '%d') > > Do you have any hints how to do this? post your doveconf -n . - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEUAwUBU5BXjXz1H7kL/d9rAQIjhwf4ovQKnTkJYSO7yJXslFHOPrASuF+XII74 9v2im0iR3Rrulxw7b1mp2T2OuOuYqVOVjDgquumNTzPXm0jJ4o7W+OY8Px8cDQI0 fGmbuTOaUKkvNYT7VEp+gZ6Keu9cDi3Kf0jebshUTzj5sS/LOl9G4jkvTweYxQoo oh0Gl1ua+ZplYDHSaT3Q/PZT4rgKWDJ2z+1huhEi/vjahZU29XDNh3upjmGjcaNu dm3XwtpAd/iHxIR0ZNjvEl5siJWacszofwJhY33AYdL5Sj7bIneKk4vAqhiNrMYK Qra7YTm1pdeFSxWcJFoPA9gD+F1MPN3kn2xCiYF7L9RU8MlKO/BR =cnoZ -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Thu Jun 5 12:06:11 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 5 Jun 2014 14:06:11 +0200 (CEST) Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: <5380C56E.9080806@pobox.com> References: <5380C56E.9080806@pobox.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 24 May 2014, Stanislas SABATIER wrote: > Dovecot is handling the final delivery, through mail-filter plugin as > follow : > > 1. both users contexts are created from user_db queries > 2. mail-filter plugin is init for user2 > 3. /mail_user_created/ for user2 > 4. mai-filter plugin arguments are parsed for user2 > 5. ???/mail_allocated/ then /mail_save_begin/ for user2 (at this stage, > the email is encrypted with users2 params) > 6. Dovecot tells to LMTP that mail for user2 is delivered > 7. then, ??? we are still in user2 context ???, an other > /mail_allocated/ is run, followed by a /istream_opened/ > 8. mail user context is swithed to user3 --> /mail_user_created/ --> > plugin's args parsed --> ??? /mail_allocated/ > 9. and??? Dovecot tells to LMTP that mail for user3 is delivered > > So, it appears that Dovecot is re-using user2's email to pass it to > user3 by opening an istream in user2's context. In my configuration, > Dovecot can't do that because it has not the user2's private rsa key to > reopen the email it has just encrypted, so it passes the email to user3 > with user2 encryption params. > Final result : user3 is receiving the email encrypted with user2's rsa key ! > > Problem : how to force Dovecot to deinit then reinit mail-filter plugin > for each user to be sure that each email is encrypted with the right key > before it is saved to users' mailboxes ? If your observation are true, you cannot. I sligthly remember a discussion about a plugin, that changes the message content. Timo answered that with "that is not supported". Also, see: http://wiki2.dovecot.org/Plugins/MailFilter "(TODO: Modifying the mail during writing would be possible with some code changes.) " in first paragraph. Encrypting the message is "to modify the mail" IMHO. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5BdM3z1H7kL/d9rAQJk9ggAotNs87I4IbLwWQEcX9Rt3NGmwxzDfcMF B5z9/O2C/xv3Kp4FVS5rGg1j1g4fQKVyhDvSaJ3ClrN5M1OyFRa8bqvM2sQ8ID88 TcU6HVDvE4SjL85rpUogvOJhkrhIjpd2Kj+X3AcuxdOAerXg5cK9b5ATH1FeS2RT vyrWLcDXZuaZS36aCgiCMm0UBT3hAWGZAlJEm5x2Fyi3uIHbyT57rxLTXekhtmOA hw+oOUXfaTSOGMb4F9XK6dfWz8ss2jdmADL2RYiCzU/5DPoBWdL8nRs2lHRA+e+h E6lIbHu38NW0fEUGxJmL7LpvMgAIpHL6Mi7P7zHJ9iignJHnSTccIw== =Yn7c -----END PGP SIGNATURE----- From bajnokk at niif.hu Thu Jun 5 12:12:51 2014 From: bajnokk at niif.hu (Kristof Bajnok) Date: Thu, 05 Jun 2014 14:12:51 +0200 Subject: [Dovecot] SQL passdb, LDAP userdb In-Reply-To: References: <53842244.8030806@niif.hu> Message-ID: <53905EC3.8000700@niif.hu> On 2014-06-05 13:42, Steffen Kaiser wrote: > in my current setup, LDAP authentication + userdb works fine. Sorry for not getting back to this earlier. It was a silly error on my side that should've been clear from doveconf -n: I had had an erroneous sql userdb definition lurking in the middle of the chain of configuration includes. Sorry for the noise, Kristof From s.sabatier at pobox.com Thu Jun 5 12:59:29 2014 From: s.sabatier at pobox.com (Stanislas SABATIER) Date: Thu, 05 Jun 2014 14:59:29 +0200 Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: References: <5380C56E.9080806@pobox.com> Message-ID: <539069B1.6080400@pobox.com> Le 05/06/2014 14:06, Steffen Kaiser a ?crit : > If your observation are true, you cannot. I sligthly remember a > discussion about a plugin, that changes the message content. Timo > answered that with "that is not supported". Also, see: > > http://wiki2.dovecot.org/Plugins/MailFilter > > "(TODO: Modifying the mail during writing would be possible with some > code changes.) " in first paragraph. > > Encrypting the message is "to modify the mail" IMHO. > > -- Steffen Kaiser Hello Steffen, I do encrypt/decrypt email on-the-fly for months now with the help of mail-filter plugin. It works perfectly as long as the decrypted email is exactly as it was before it was encrypted, which is the case with my bespoke encrypt/decrypt programs. That is not the point I raised in this thread. The point is that, in a specific circumstance, Dovecot is trying to read an email that has been encrypted without having the user this email belongs to authenticated. Regards, Stan. From deano-dovecot at areyes.com Thu Jun 5 13:57:20 2014 From: deano-dovecot at areyes.com (deano-dovecot at areyes.com) Date: Thu, 05 Jun 2014 09:57:20 -0400 Subject: [Dovecot] =?utf-8?q?Replication_with_virtual_users_and_static_use?= =?utf-8?q?rdb__possible_=3F?= In-Reply-To: References: Message-ID: <45e92cf6344143e2f5d0ded8902469ae@areyes.com> Ugh, stuff got mangled in formatting below. Anyway, I've had no luck with various permutations, so it's looking like a virtual-user setup can't make use of replication ? I guess what I want is for it to activate replication upon ANY notification of updated emails. On 2014-06-03 11:54, deano-dovecot at areyes.com wrote: > Is it possible to get replication working in a virtual user setup > that uses a static userdb ? My environment is fairly simple and > typical > - there's a single system user (vmail) that owns all the home dirs > (/var/mail/domain.com/user). The virtual users > ( userid @ domain.com : secretpassword) are kept in a single file > (/var/mail/domain.com/PASSWD) that's unique per domain, and > referenced > as a static userdb : > > passdb { > driver = passwd-file > args = scheme=plain username_format=%u /var/mail/%d/PASSWD > } > > userdb { > driver = static > args = uid=vmail gid=vmail home=/var/mail/%d/%n > } > > I know the > wiki http://wiki2.dovecot.org/Replication states that user listing > must > be enabled, but that's not available for a static userdb. The wiki > http://wiki2.dovecot.org/UserDatabase/Static also says that it > shouldn't > be a problem because it will use do a passdb lookup instead (except > for > PAM which isn't used here). > > Unfortunately, it's not working. I've testing with ssh : > > dsync_remote_cmd = ssh -l vmail %{host} doveadm dsync-server -u%u > -l%{lock_timeout} -n%{namespace} > mail_replica = remote:vmail at server2.domain.com > > as well as with straight tcp (SSL for later) > > mail_replica = tcp:server2.domain.com:999 > > /var/log/mail.err shows the problems ... > > Jun 3 11:30:53 server1 dovecot: auth: Error: Trying to iterate users, > but userdbs don't support it > Jun 3 11:30:53 server1 dovecot: replicator: Error: User listing > returned failure > Jun 3 11:30:53 server1 dovecot: replicator: Error: listing users > failed, can't replicate existing data > > Anyone else have it working ? I'm sure it's > something simple that I've just overlooked. From katja.wegner92 at web.de Thu Jun 5 14:08:46 2014 From: katja.wegner92 at web.de (Katja Wegner) Date: Thu, 5 Jun 2014 16:08:46 +0200 Subject: [Dovecot] IMAP copy fails because the mailbox size of user1 is exceeding the quota limit of user2?? In-Reply-To: References: , Message-ID: > See my message "quota using wrong limits in user shared mailboxes" from 13 > Mar 2014 10:59:23. Thank's for your answer Steffen. So I can confirm that I've the same problem as you. Could you find a solution to that? I still hope that this is a simple configuration problem, as I can't imagine, that we've been the first to experience that strange behavior that for me, is part of the core functionality of dovecot. From skdovecot at smail.inf.fh-brs.de Thu Jun 5 14:13:49 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 5 Jun 2014 16:13:49 +0200 (CEST) Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: <539069B1.6080400@pobox.com> References: <5380C56E.9080806@pobox.com> <539069B1.6080400@pobox.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 5 Jun 2014, Stanislas SABATIER wrote: Hallo Stanislas, > Le 05/06/2014 14:06, Steffen Kaiser a ?crit : >> If your observation are true, you cannot. I sligthly remember a >> discussion about a plugin, that changes the message content. Timo >> answered that with "that is not supported". Also, see: >> >> http://wiki2.dovecot.org/Plugins/MailFilter >> >> "(TODO: Modifying the mail during writing would be possible with some >> code changes.) " in first paragraph. >> >> Encrypting the message is "to modify the mail" IMHO. > > I do encrypt/decrypt email on-the-fly for months now with the help of > mail-filter plugin. > It works perfectly as long as the decrypted email is exactly as it was > before it was encrypted, which is the case with my bespoke > encrypt/decrypt programs. > That is not the point I raised in this thread. The point is that, in a > specific circumstance, Dovecot is trying to read an email that has been > encrypted without having the user this email belongs to authenticated. Yes, I understand and I've read the thread including your reply from Sat, 31 May 2014 16:24:22. Possibly, this situation is the only one or just one of the problems, why Timo wrote that TODO in the Wiki. What you've wrote seems to indicate that Dovecot passes the only existing copy of the message through the filter and drops it to user2's mailbox. In order to drop it to user3, Dovecot needs a copy of the message again. This is what the "-p" option of Dovecot deliver does. Dovecot would need to spool the incoming message somewhere before passing through the filter for each recipient. Or fork as many delivery processes as recipients there are and multiplex the incoming message to all forks. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5B7HXz1H7kL/d9rAQJVTwgArWG8s7it9JeL6gdw+EuaFlQyLWYdrePU iVLen633Cj+bOhbxCzcIIcdJ6gAFWVTUu+U/7Nizv0WIBpVvP3D2hNj8IOZiqKjd Tj4plpkKvRAnWqZfYOY5ez0GXL/oRpTWs/Z2K1Wi68TXC6B+CQgd/Xi4cSFfEAzt UYN9/uYleT2fEP/5ONDXy3nmskK4vWRuXkXIQai8LG8QNpfmWb01+4bglZl8KoeJ Rjmyzdd6gn1iDdyIq2YSXkBZBqqUCmIEiYRuIDglZf1JC/2Cv+Jfk0pge34KErxM 3RDjptajRCmbMBycupoqauOoUQ1DL3Nj3GDsmNyHzyx53tOUbQOCdQ== =mfr3 -----END PGP SIGNATURE----- From stano at websupport.sk Thu Jun 5 14:20:38 2014 From: stano at websupport.sk (Pavel Stano) Date: Thu, 5 Jun 2014 16:20:38 +0200 Subject: [Dovecot] attachment sis + EMLINK (too many links) = segfault bug (2.2.12) In-Reply-To: <20140530170247.67941b1a@ass> References: <20140530170247.67941b1a@ass> Message-ID: <20140605162038.5676958c@ass> Hi, attached patch fix problem with segfault when EMLINK happend when file has too many hard link. On Fri, 30 May 2014 17:02:47 +0200 Pavel Stano wrote: > Hi, > > we use attachment dedup with lots of emails (still migrating to it > from maildir). > We use netapp storage with wafl filesystem over nfs. > Problem is that netapp has hard limit of 100k hardlinks to one file. > And we encountered it. > > Problem is that dovecot start do segfault (lmtp,dsync,pop3 etc) when > it happend when tried to deliver new emails with that attachment. > Here is strace of dsync: > > 6740 > link("/nfsmnt/mailatch1/f9/10/hashes/f9108ddaa156ac15738e41ed3bedec1eda50175d", > "/nfsmnt/mailatch1/f9/10/f9108ddaa156ac15738e41ed3bedec1eda50175d-7bb7a20ddb598853541a000028db4a9f") > = -1 EMLINK (Too many links) 6740 --- SIGSEGV (Segmentation fault) @ > 0 (0) --- > > ls -lh: > -rw------- 100000 vmail vmail 4.7K Apr 28 > 16:54 /nfsmnt/mailatch1/f9/10/hashes/f9108ddaa156ac15738e41ed3bedec1eda50175d > > We were using mail_attachment_min_size=4kb, we solve it by increasing > it to 8kb. > > It would be nice to somehow fix this problem. Like not crash when > EMLINK happend and maybe do not deduplicate attachments but deliver > email without dedup. > Or create second file in hashes/ and start hardlinking it instead of > original. > > AFAIK ext4 has also hard-link limit 64k > (http://en.wikipedia.org/wiki/Hard_link#Limitations_of_hard_links) > So this can happen to anyone with lots of emails. > > Thanks -- [ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ] Pavel Stano | Troubleshooter http://WebSupport.sk *** BERTE A VYCHUTNAVAJTE *** -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot-2.2.13-EMLINK.patch Type: text/x-patch Size: 500 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From skdovecot at smail.inf.fh-brs.de Thu Jun 5 14:30:22 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 5 Jun 2014 16:30:22 +0200 (CEST) Subject: [Dovecot] IMAP copy fails because the mailbox size of user1 is exceeding the quota limit of user2?? In-Reply-To: References: , Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 5 Jun 2014, Katja Wegner wrote: >> See my message "quota using wrong limits in user shared mailboxes" from 13 >> Mar 2014 10:59:23. > > Thank's for your answer Steffen. So I can confirm that I've the same problem as you. Could you find a solution to that? I still hope that this is a simple configuration problem, as I can't imagine, that we've been the first to experience that strange behavior that for me, is part of the core functionality of dovecot. Well, the only configuration I can imagine is some combination of http://wiki2.dovecot.org/Quota/Configuration#Quota_for_public_namespaces "Quota for public namespaces" and with the namespace prefix of the shared namespace, users.%%u. in my case, e.g.: namespace { type = shared separator = . prefix = users.%%u. ... } plugin { # Dict quota quota = dict:User quota::proxy::quota quota2 = dict:Shared quota:%%u:ns=users.%%u.:proxy::quota ... } Duplicate all quota_rule## to quota2_rule##. If the dict processor also honors the %%u - which I doubt -, you still need exact the same quota rules for the share namespace "quota2" as for "quota". But I never tried it and it does not look correct. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5B+/nz1H7kL/d9rAQL25Af8C7qQtJud+fqlGiDzXsayAZsDDXa3fbW1 rHWeGWBkUgfLR+eTg5KFpWkqoDVEFNN8CFJXfsKpOS9fveftf59DtGYmy8ydyKy9 nKIzpoSeTVA1JARCfgOn9Dx6k1+K1H0Mj8hEecNFRHJotAmaTq2ZyZwzS1doRPNj pCQ5Y8hADhri8lP7GlyR8i89jS5FlBbqdyUOPlOL1n61fjj/3Xke1d26kr2K62Ia DWwHoEd20JnfKyVd5f/ixn1IwLKlP3xdsObSlCeIIEbBDwQmTjm+HZJg0EADf356 kwr7FdEp0HXpPTdqPtJUY5M28rb0nWD3JcH4Mv86Aad3JU9khtnotw== =xncc -----END PGP SIGNATURE----- From tss at iki.fi Thu Jun 5 14:38:04 2014 From: tss at iki.fi (Timo Sirainen) Date: Thu, 5 Jun 2014 17:38:04 +0300 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? Message-ID: Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're FETCHing large mails? I can't think of any reasonable explanation for this. From martin.rabl at rablnet.de Thu Jun 5 14:41:47 2014 From: martin.rabl at rablnet.de (Martin Rabl) Date: Thu, 05 Jun 2014 16:41:47 +0200 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: References: Message-ID: <539081AB.4010803@rablnet.de> Am 05.06.2014 16:38, schrieb Timo Sirainen: > Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're FETCHing large mails? I can't think of any reasonable explanation for this. > how large? -- Viele Gr??e, Martin Rabl From tss at iki.fi Thu Jun 5 15:02:07 2014 From: tss at iki.fi (Timo Sirainen) Date: Thu, 5 Jun 2014 18:02:07 +0300 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: <539081AB.4010803@rablnet.de> References: <539081AB.4010803@rablnet.de> Message-ID: <8FDEFFBA-329E-4A2C-A9B5-E6234766F7B7@iki.fi> On 5.6.2014, at 17.41, Martin Rabl wrote: > Am 05.06.2014 16:38, schrieb Timo Sirainen: >> Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're FETCHing large mails? I can't think of any reasonable explanation for this. >> > how large? I don't know yet if the mail size is even relevant. At least one hang was caused by downloading ~55 MB mail where it stopped just before the last 400 kB. I find it strange that v2.2 has been out for a long time and nobody before this complained about any hangs. From patrick at spamreducer.eu Thu Jun 5 15:09:57 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Thu, 5 Jun 2014 17:09:57 +0200 Subject: [Dovecot] Error with dsync in TCP replication Message-ID: <009501cf80d0$36eb58e0$a4c20aa0$@spamreducer.eu> Hey guys, again this question.. We are trying to get dsync replication over TCP working.. But we are having a bit of troubles.. Our configuration (just most important parts): ---8<--------------------------------------------------------------- # 2.2.13 (304d545927d2): /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS ext4 doveadm_password = secret first_valid_uid = 150 last_valid_uid = 150 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_gid = mail mail_location = maildir:/var/vmail/%d/%n mail_plugins = " quota listescape zlib notify replication" mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace inbox { inbox = yes location = mailbox Archiv { auto = subscribe special_use = \Archive } mailbox Archive { auto = no special_use = \Archive } mailbox Drafts { auto = no special_use = \Drafts } mailbox Entw?rfe { auto = no special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Trash { auto = no special_use = \Trash } prefix = separator = / } plugin { mail_replica = tcp:mx2.example.com:999 quota = dict:user::proxy::quota quota_rule = *:storage=10MB quota_rule2 = Trash:storage=+10%% quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve zlib_save = bz2 zlib_save_level = 9 } protocols = " imap sieve pop3" replication_max_conns = 1 service aggregator { fifo_listener replication-notify-fifo { mode = 0666 } unix_listener replication-notify { mode = 0666 } } service doveadm { inet_listener { port = 999 } } service replicator { unix_listener replicator-doveadm { mode = 0600 } } protocol lda { mail_plugins = " quota listescape zlib notify replication quota sieve listescape zlib" } protocol imap { mail_plugins = " quota listescape zlib notify replication imap_quota listescape zlib" } protocol sieve { managesieve_max_line_length = 65536 } ---8<--------------------------------------------------------------- The problem: After a user adds a sieve script with his mail application (in this case Thunderbird with plugin): 1. the script is saved in ?/var/vmail/%d/%n/sieve/script_name? == OK 2. this file (?/var/vmail/%d/%n/sieve/script_name?) is then symlinked to ?/var/vmail/%d/%n/.dovecot.sieve? == OK Now the problem kicks in: 1. On the secondary server (mail_replica server) the script is created + the same symlink == OK 2. In logs (on secondary) there is shown this error every time a sync is done: ---8<--------------------------------------------------------------- dsync-server( user at example.com): Error: Failed to access mailbox dovecot/sieve: Internal error occurred. Refer to server log for more information. dsync-server( user at example.com): Error: stat(/var/vmail/example.com/user/.dovecot.sieve/tmp) failed: Not a directory ---8<--------------------------------------------------------------- Issuing ?doveadm replicator status '*'? on first server gives back: username priority fast sync full sync failed user at example.com none 00:03:36 23:11:51 y Sync from master->secondary is interrupted but sync from secondary->master is working.. Thanks for any hint! --------------------------------------------------------------------- Mit freundlichen Gr??en / Distinti saluti / Kind regards De Zordo Patrick patrick at spamreducer.eu From eliezer at ngtech.co.il Thu Jun 5 15:09:14 2014 From: eliezer at ngtech.co.il (Eliezer Croitoru) Date: Thu, 05 Jun 2014 18:09:14 +0300 Subject: [Dovecot] What are the options for HA and\or replication and\or storage? Message-ID: <5390881A.8080204@ngtech.co.il> I am considering couple options of converting a current service into a HA using multi servers or any other solutions. The point is that I am thinking about the options and which I am looking for. NFS can be a storage which has it's own pros and cons. There is the option of DRBD but as of now it's limited for two hosts. What options do exist out-there as a solution? The main issues are that the current service is based on Maildir and is on one server with resierfs. The service is composed of one host with 50k users couple disks in raid6. On the same machine we have postfix as mailer. I would like to hear about HA environment that I can use to replicate the boxes. My basic research leaded me to smtp on one host or more and using lmtp to send the messages to dovecot o another host which will have a replicated host and will be used with storage system based on ISCSI or NFS. Any other idea to enhance the current one or to replace it is more then just welcome. Thanks, Eliezer From patrick at spamreducer.eu Thu Jun 5 15:26:06 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Thu, 5 Jun 2014 17:26:06 +0200 Subject: [Dovecot] What are the options for HA and\or replication and\or storage? In-Reply-To: <5390881A.8080204@ngtech.co.il> References: <5390881A.8080204@ngtech.co.il> Message-ID: <00a901cf80d2$786dc120$69494360$@spamreducer.eu> Well, we are trying to do the same, dovecot has this ability, it's called "dsync replication" (http://wiki2.dovecot.org/Replication) It does his job, since it just sends incremental changes to the peer, so it's very fast and low bandwidth consuming.. But I am having some problems when sieve scripts are being used; I'm trying to understand what could cause the problem.. DRBD in sync configuration could be too slow, in async too dangerous.. > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von Eliezer > Croitoru > Gesendet: Donnerstag, 5. Juni 2014 17:09 > An: dovecot at dovecot.org > Betreff: [Dovecot] What are the options for HA and\or replication and\or > storage? > > I am considering couple options of converting a current service into a HA > using multi servers or any other solutions. > The point is that I am thinking about the options and which I am looking for. > NFS can be a storage which has it's own pros and cons. > There is the option of DRBD but as of now it's limited for two hosts. > What options do exist out-there as a solution? > > The main issues are that the current service is based on Maildir and is on one > server with resierfs. > The service is composed of one host with 50k users couple disks in raid6. > On the same machine we have postfix as mailer. > > I would like to hear about HA environment that I can use to replicate the > boxes. > > My basic research leaded me to smtp on one host or more and using lmtp to > send the messages to dovecot o another host which will have a replicated > host and will be used with storage system based on ISCSI or NFS. > > Any other idea to enhance the current one or to replace it is more then just > welcome. > > Thanks, > Eliezer From ahktenzero+dovecot at mohorovi.cc Thu Jun 5 15:33:54 2014 From: ahktenzero+dovecot at mohorovi.cc (James TD Smith) Date: Thu, 5 Jun 2014 16:33:54 +0100 Subject: [Dovecot] General questions about TCP replication with dsync In-Reply-To: <000601cf801d$dec73d80$9c55b880$@spamreducer.eu> References: <00c301cf801b$5441e270$fcc5a750$@spamreducer.eu> <538F5A56.60301@sys4.de> <000601cf801d$dec73d80$9c55b880$@spamreducer.eu> Message-ID: <20140605153354.GA5730@nyarlathotep.internal.mohorovi.cc> On 2014-06-04 19:53:19(+0200), Patrick De Zordo wrote: > > -----Urspr?ngliche Nachricht----- > > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von Robert > > Schetterer > > Gesendet: Mittwoch, 4. Juni 2014 19:42 > > An: dovecot at dovecot.org > > Betreff: Re: [Dovecot] General questions about TCP replication with dsync > > > > Am 04.06.2014 19:35, schrieb Patrick De Zordo: > > > Dovecot version: 2.2.9 (on Ubuntu 14.04 LTS) > > > > > > 1. Question: > > > > > > In logs I can see this errors on every sync (on the ?slave? server / > > > server without changes which should be updated): > > > > > > ---8<---------------------------------------------------------------------- > > > > > > dsync-server(email at example.com): Error: > > > net_connect_unix(/var/run/dovecot/replicator-doveadm) failed: > > > Permission denied > > > > > > ---8<---------------------------------------------------------------------- > > > > > > Googling a bit gave me the information ?This should be normal?..? > > > > > > Well ok, errors in logs are not nice to see, but can someone confirm this > > > is really ok? Timo? I have a similar setup and have been getting the same errors about replicator-doveadm permissions on 2.2.12. I found this message in the list archives which say's its not important http://www.dovecot.org/list/dovecot/2013-April/089559.html and suggests changing the permissions on the socket. The right permissions would depend on which user(s) the doveadm-server process doing the sync is running as. From your questions below it looks like you are using virtual users with the vmail user owning the mailboxes, try service replicator { unix_listener replicator-doveadm { mode = 0660 group = vmail } } > > > 2. Question (much more important): > > > > > > We are using sieve scripts for our users, they are replicated to the > > > replica-host but this errors appears in logs on every synchronized message: > > > > > > ---8<---------------------------------------------------------------------- > > > dsync-server(email at example.com): Error: Failed to access mailbox > > > dovecot/sieve: Internal error occurred. Refer to server log for more > > > information. > > > > > > dsync-server(email at example.com): Error: > > > stat(/var/vmail/example.com/email/.dovecot.sieve/tmp) failed: Not a > > > directory > > > > > > ---8<---------------------------------------------------------------------- > > > > > > So what?s going on there? > > > > > > This is strange and should not be, right? > > > > > > Any hints? It looks like it thinks the .dovecot.sieve file should be a Maildir. Are you using the Maildir++ format for your mail stores? That uses "." as a separator for mailbox names. You might want to try changing the "sieve" config option from ".dovecot.sieve" to something which doesn't contain dots and rename the files to match. James -- }---{ From patrick at spamreducer.eu Thu Jun 5 15:39:26 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Thu, 5 Jun 2014 17:39:26 +0200 Subject: [Dovecot] General questions about TCP replication with dsync In-Reply-To: <20140605153354.GA5730@nyarlathotep.internal.mohorovi.cc> References: <00c301cf801b$5441e270$fcc5a750$@spamreducer.eu> <538F5A56.60301@sys4.de> <000601cf801d$dec73d80$9c55b880$@spamreducer.eu> <20140605153354.GA5730@nyarlathotep.internal.mohorovi.cc> Message-ID: <00b501cf80d4$554d38e0$ffe7aaa0$@spamreducer.eu> > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von James > TD Smith > Gesendet: Donnerstag, 5. Juni 2014 17:34 > An: dovecot at dovecot.org > Betreff: Re: [Dovecot] General questions about TCP replication with dsync > > On 2014-06-04 19:53:19(+0200), Patrick De Zordo wrote: > > > -----Urspr?ngliche Nachricht----- > > > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von > > > Robert Schetterer > > > Gesendet: Mittwoch, 4. Juni 2014 19:42 > > > An: dovecot at dovecot.org > > > Betreff: Re: [Dovecot] General questions about TCP replication with > > > dsync > > > > > > Am 04.06.2014 19:35, schrieb Patrick De Zordo: > > > > Dovecot version: 2.2.9 (on Ubuntu 14.04 LTS) > > > > > > > > 1. Question: > > > > > > > > In logs I can see this errors on every sync (on the ?slave? server > > > > / server without changes which should be updated): > > > > > > > > ---8<------------------------------------------------------------- > > > > --------- > > > > > > > > dsync-server(email at example.com): Error: > > > > net_connect_unix(/var/run/dovecot/replicator-doveadm) failed: > > > > Permission denied > > > > > > > > ---8<------------------------------------------------------------- > > > > --------- > > > > > > > > Googling a bit gave me the information ?This should be normal?..? > > > > > > > > Well ok, errors in logs are not nice to see, but can someone > > > > confirm this is really ok? Timo? > > I have a similar setup and have been getting the same errors about > replicator-doveadm permissions on 2.2.12. I found this message in the list > archives which say's its not important > > http://www.dovecot.org/list/dovecot/2013-April/089559.html > > and suggests changing the permissions on the socket. The right permissions > would depend on which user(s) the doveadm-server process doing the sync > is running as. From your questions below it looks like you are using virtual > users with the vmail user owning the mailboxes, try > > service replicator { > unix_listener replicator-doveadm { > mode = 0660 > group = vmail > } > } > OK, thanks! So I'm going on to read this in my logs.. ;-) > > > > 2. Question (much more important): > > > > > > > > We are using sieve scripts for our users, they are replicated to > > > > the replica-host but this errors appears in logs on every synchronized > message: > > > > > > > > ---8<------------------------------------------------------------- > > > > --------- > > > > dsync-server(email at example.com): Error: Failed to access mailbox > > > > dovecot/sieve: Internal error occurred. Refer to server log for > > > > more information. > > > > > > > > dsync-server(email at example.com): Error: > > > > stat(/var/vmail/example.com/email/.dovecot.sieve/tmp) failed: Not > > > > a directory > > > > > > > > ---8<------------------------------------------------------------- > > > > --------- > > > > > > > > So what?s going on there? > > > > > > > > This is strange and should not be, right? > > > > > > > > Any hints? > > It looks like it thinks the .dovecot.sieve file should be a Maildir. Are you using > the Maildir++ format for your mail stores? That uses "." as a separator for > mailbox names. You might want to try changing the "sieve" config option > from ".dovecot.sieve" to something which doesn't contain dots and rename > the files to match. > I'm using "/" as separator ("separator = /" in configuration).. SO it shouldn't be the problem.. Is your sync up and running? With sieve scripts? > James > > -- > }---{ From ahktenzero+dovecot at mohorovi.cc Thu Jun 5 16:28:35 2014 From: ahktenzero+dovecot at mohorovi.cc (James TD Smith) Date: Thu, 5 Jun 2014 17:28:35 +0100 Subject: [Dovecot] General questions about TCP replication with dsync In-Reply-To: <00b501cf80d4$554d38e0$ffe7aaa0$@spamreducer.eu> References: <00c301cf801b$5441e270$fcc5a750$@spamreducer.eu> <538F5A56.60301@sys4.de> <000601cf801d$dec73d80$9c55b880$@spamreducer.eu> <20140605153354.GA5730@nyarlathotep.internal.mohorovi.cc> <00b501cf80d4$554d38e0$ffe7aaa0$@spamreducer.eu> Message-ID: <20140605162835.GB5730@nyarlathotep.internal.mohorovi.cc> On 2014-06-05 17:39:26(+0200), Patrick De Zordo wrote: > > > > > 2. Question (much more important): > > > > > > > > > > We are using sieve scripts for our users, they are replicated to > > > > > the replica-host but this errors appears in logs on every synchronized > > message: > > > > > > > > > > ---8<------------------------------------------------------------- > > > > > --------- > > > > > dsync-server(email at example.com): Error: Failed to access mailbox > > > > > dovecot/sieve: Internal error occurred. Refer to server log for > > > > > more information. > > > > > > > > > > dsync-server(email at example.com): Error: > > > > > stat(/var/vmail/example.com/email/.dovecot.sieve/tmp) failed: Not > > > > > a directory > > > > > > > > > > ---8<------------------------------------------------------------- > > > > > --------- > > > > > > > > > > So what?s going on there? > > > > > > > > > > This is strange and should not be, right? > > > > > > > > > > Any hints? > > > > It looks like it thinks the .dovecot.sieve file should be a Maildir. Are you using > > the Maildir++ format for your mail stores? That uses "." as a separator for > > mailbox names. You might want to try changing the "sieve" config option > > from ".dovecot.sieve" to something which doesn't contain dots and rename > > the files to match. > > > > I'm using "/" as separator ("separator = /" in configuration).. > SO it shouldn't be the problem.. That parameter controls how the mailbox names are presented over IMAP, not how they are stored on disk. If you run "doveadm mailbox list -u email at example.com" you'll get a list like INBOX Sent Drafts MailingLists/dovecot etc, but if you look in /var/vmail/example.com/email you'll see something like cur/ new/ tmp/ .Sent/ .Drafts/ .MailingList.dovecot/ If you add LAYOUT=fs to the mail_location option it will store the mailboxes as a directory hierarchy. You'll need to convert all the mailboxes to the new layout, changing the sieve file name will be much less work. http://wiki2.dovecot.org/MailLocation/Maildir > Is your sync up and running? With sieve scripts? Yes, my sync works. I don't use sieve though. James -- }---{ From patrick at spamreducer.eu Thu Jun 5 16:34:40 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Thu, 5 Jun 2014 18:34:40 +0200 Subject: [Dovecot] General questions about TCP replication with dsync In-Reply-To: <20140605162835.GB5730@nyarlathotep.internal.mohorovi.cc> References: <00c301cf801b$5441e270$fcc5a750$@spamreducer.eu> <538F5A56.60301@sys4.de> <000601cf801d$dec73d80$9c55b880$@spamreducer.eu> <20140605153354.GA5730@nyarlathotep.internal.mohorovi.cc> <00b501cf80d4$554d38e0$ffe7aaa0$@spamreducer.eu> <20140605162835.GB5730@nyarlathotep.internal.mohorovi.cc> Message-ID: <00dd01cf80dc$0c7ad250$257076f0$@spamreducer.eu> > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von James > TD Smith > Gesendet: Donnerstag, 5. Juni 2014 18:29 > An: dovecot at dovecot.org > Betreff: Re: [Dovecot] General questions about TCP replication with dsync > > On 2014-06-05 17:39:26(+0200), Patrick De Zordo wrote: > > > > > > 2. Question (much more important): > > > > > > > > > > > > We are using sieve scripts for our users, they are replicated > > > > > > to the replica-host but this errors appears in logs on every > > > > > > synchronized > > > message: > > > > > > > > > > > > ---8<--------------------------------------------------------- > > > > > > ---- > > > > > > --------- > > > > > > dsync-server(email at example.com): Error: Failed to access > > > > > > mailbox > > > > > > dovecot/sieve: Internal error occurred. Refer to server log > > > > > > for more information. > > > > > > > > > > > > dsync-server(email at example.com): Error: > > > > > > stat(/var/vmail/example.com/email/.dovecot.sieve/tmp) failed: > > > > > > Not a directory > > > > > > > > > > > > ---8<--------------------------------------------------------- > > > > > > ---- > > > > > > --------- > > > > > > > > > > > > So what?s going on there? > > > > > > > > > > > > This is strange and should not be, right? > > > > > > > > > > > > Any hints? > > > > > > It looks like it thinks the .dovecot.sieve file should be a Maildir. > > > Are you using the Maildir++ format for your mail stores? That uses > > > "." as a separator for mailbox names. You might want to try changing > > > the "sieve" config option from ".dovecot.sieve" to something which > > > doesn't contain dots and rename the files to match. > > > > > > > I'm using "/" as separator ("separator = /" in configuration).. > > SO it shouldn't be the problem.. > > That parameter controls how the mailbox names are presented over IMAP, > not how they are stored on disk. If you run "doveadm mailbox list -u > email at example.com" > you'll get a list like > > INBOX > Sent > Drafts > MailingLists/dovecot > > etc, but if you look in /var/vmail/example.com/email you'll see something > like > > cur/ > new/ > tmp/ > .Sent/ > .Drafts/ > .MailingList.dovecot/ > > If you add LAYOUT=fs to the mail_location option it will store the mailboxes > as a directory hierarchy. You'll need to convert all the mailboxes to the new > layout, changing the sieve file name will be much less work. > Absolutely TRUE! In http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Configuration there is this little very small paragraph: " . Note: It is not wise to place this link inside your mail store, as it may be mistaken for a mail folder. Inside a maildir for instance, the default .dovecot.sieve would show up as phantom folder /dovecot/sieve in your IMAP tree." But in the example configuration they use "sieve = ~/.dovecot.sieve", well probably no one is using Maildir? ;-) DAMN! A day full of researches because of this little error.. Well thank you very much for pointing me on the right way! > http://wiki2.dovecot.org/MailLocation/Maildir > > > Is your sync up and running? With sieve scripts? > > Yes, my sync works. I don't use sieve though. > > James > > -- > }---{ From dovecot.org at veggiechinese.net Thu Jun 5 17:18:50 2014 From: dovecot.org at veggiechinese.net (Will Yardley) Date: Thu, 5 Jun 2014 10:18:50 -0700 Subject: [Dovecot] director with multiple instances In-Reply-To: <20140603233039.GA22974@aura.veggiechinese.net> References: <20140603233039.GA22974@aura.veggiechinese.net> Message-ID: <20140605171849.GA3594@aura.veggiechinese.net> I'm guessing this is the most significant issue: Jun 3 16:22:33 retr01 dovecot: director: Fatal: No inet_listeners defined for director service (for standalone keep director_servers empty) What confuses me, is that not only do I have this in my config: service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { port = 2888 } [...] but I can telnet to port 2888, and I can see that it's bound to the correct instance of Dovecot (though the first time I telnet to that port, I get the connection closed right away (this lines up with the error about inet_listeners); the second time, it doesn't close): [root at retr01 ~]# telnet localhost 2888 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host. [root at retr01 ~]# telnet localhost 2888 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. The default config (without any 'service director {}' section) for the other (backend) instance gives me (in doveconf -c /etc/dovecot-main.conf): service director { [...] service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } [...] Do I need to set mode to 00 for director-admin (again, on the *non* director instance) as well (I think I've seen something about this on the list). Does anyone have any suggestions, especially anyone who has a similar setup working on 2.0.x? w From rs at sys4.de Thu Jun 5 17:23:16 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 05 Jun 2014 19:23:16 +0200 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: <8FDEFFBA-329E-4A2C-A9B5-E6234766F7B7@iki.fi> References: <539081AB.4010803@rablnet.de> <8FDEFFBA-329E-4A2C-A9B5-E6234766F7B7@iki.fi> Message-ID: <5390A784.9090308@sys4.de> Am 05.06.2014 17:02, schrieb Timo Sirainen: > On 5.6.2014, at 17.41, Martin Rabl wrote: > >> Am 05.06.2014 16:38, schrieb Timo Sirainen: >>> Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're FETCHing large mails? I can't think of any reasonable explanation for this. >>> >> how large? > > I don't know yet if the mail size is even relevant. At least one hang was caused by downloading ~55 MB mail where it stopped just before the last 400 kB. > > I find it strange that v2.2 has been out for a long time and nobody before this complained about any hangs. > 55 MB mail may are rare ,i can test it ,but it will need some time ( old outlook install on clean new windows system....) perhaps anyone has an existing setup which could do it faster Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Thu Jun 5 17:25:36 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 05 Jun 2014 19:25:36 +0200 Subject: [Dovecot] What are the options for HA and\or replication and\or storage? In-Reply-To: <00a901cf80d2$786dc120$69494360$@spamreducer.eu> References: <5390881A.8080204@ngtech.co.il> <00a901cf80d2$786dc120$69494360$@spamreducer.eu> Message-ID: <5390A810.3080703@sys4.de> Am 05.06.2014 17:26, schrieb Patrick De Zordo: > DRBD in sync configuration could be too slow, in async too dangerous.. using DRBD master/master since years ,no problem but cluster filesystems may have problems ( also not here ) Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From konkav at freemail.hu Thu Jun 5 17:33:54 2014 From: konkav at freemail.hu (a) Date: Thu, 5 Jun 2014 19:33:54 +0200 (CEST) Subject: [Dovecot] checkpassword memory limit Message-ID: Hi. I am trying to authenticate dovecot from a wordpress database. I was thinking of using the checkpassword script to start a cli php script. That php script would then include the necessary wordpress functions, do the auth (find the wp username from user database using the email address, and authenticate with the user/pass), and return the result to the checkpassword script. I made the above scripts (the php script will be used to authenticate some other services too), and when I run them "by hand" (even with "sudo -u dovecot ..."), it works. But, when the dovecot runs them, the php runs out of memory. After a lot of debuging, I find out that when the dovecot starts the checkpassword script, it makes a 250kB memory limit. But it is not enough for the php script, it needs 14MB. I tried to put a "ulimit -v 16777216" into the checkpassword.sh, but it doesn't work.Is there some hardcoded limit in the dovecot itself? And if there is, could it be somehow changed?I am using a simple D ebian Wheezy LAMP, and installed everything from repo. Thanks for every idea. From tss at iki.fi Thu Jun 5 17:40:31 2014 From: tss at iki.fi (Timo Sirainen) Date: Thu, 5 Jun 2014 20:40:31 +0300 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: <5390A784.9090308@sys4.de> References: <539081AB.4010803@rablnet.de> <8FDEFFBA-329E-4A2C-A9B5-E6234766F7B7@iki.fi> <5390A784.9090308@sys4.de> Message-ID: <85A150C2-6486-4D3B-A8CF-5290EF219173@iki.fi> On 5.6.2014, at 20.23, Robert Schetterer wrote: > Am 05.06.2014 17:02, schrieb Timo Sirainen: >> On 5.6.2014, at 17.41, Martin Rabl wrote: >> >>> Am 05.06.2014 16:38, schrieb Timo Sirainen: >>>> Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're FETCHing large mails? I can't think of any reasonable explanation for this. >>>> >>> how large? >> >> I don't know yet if the mail size is even relevant. At least one hang was caused by downloading ~55 MB mail where it stopped just before the last 400 kB. >> >> I find it strange that v2.2 has been out for a long time and nobody before this complained about any hangs. >> > > 55 MB mail may are rare ,i can test it ,but it will need some time ( old > outlook install on clean new windows system....) > perhaps anyone has an existing setup which could do it faster Happens also with smaller mails, for example 3 MB and I think there were also even smaller ones like 1 MB. I see that once Outlook tried to download the same 3 MB mail 3 times and it stopped reading it when it had 400 kB left, but the 4th time succeeded. Dovecot sent exactly the same data with the same TCP packet boundaries all times (at least to Dovecot proxy - would have to look with tcpdump further to see if proxy does something differently..) Anyway, nobody in general has had trouble with Dovecot v2.2 and Outlook 2007/2010? Maybe the problem is something else, although strange if it started happening only immediately after Dovecot upgrade. From dovecot.org at veggiechinese.net Thu Jun 5 18:09:51 2014 From: dovecot.org at veggiechinese.net (Will Yardley) Date: Thu, 5 Jun 2014 11:09:51 -0700 Subject: [Dovecot] director with multiple instances In-Reply-To: <20140605171849.GA3594@aura.veggiechinese.net> References: <20140603233039.GA22974@aura.veggiechinese.net> <20140605171849.GA3594@aura.veggiechinese.net> Message-ID: <20140605180950.GA3851@aura.veggiechinese.net> So, going to latest 2.2 RPM from ATRPMs does seem to fix the problem (that is, the same config works as expected). So, my question then is, in terms of indices, dovecot-uidlist, etc., is it safe to move from Dovecot 1.0.7 directly to 2.2.10? Also, even if I put: doveadm_socket_path = localhost:8889 in, or even if I add this to the main (non-director) instance's config (to presumably disable the director-admin socket): service director { unix_listener director-admin { group = mode = 00 user = } } I get: [root at retr01 ~]# doveadm director status doveadm(root): Fatal: net_connect_unix(/var/run/dovecot-main/director-admin) failed: Connection refused Specifying the socket explicitly does give the expected results: [root at retr01 ~]# doveadm director status -a /var/run/dovecot-director/director-admin mail server ip vhosts users 192.168.1.71 100 1 [....] Default dovecot.conf (/etc/dovecot/dovecot.conf) is a symlink to the *director* instance's config, and I tried even with doveadm_socket_path set to localhost:8889 in both configs so I'm not sure why it's looking for the main instance's socket. The comments in the config file seem to indicate that host:port is acceptable rather than a local socket. w From bruno.galindro at gmail.com Thu Jun 5 18:30:26 2014 From: bruno.galindro at gmail.com (Bruno Galindro da Costa) Date: Thu, 5 Jun 2014 15:30:26 -0300 Subject: [Dovecot] doveadm index - Bug or expected behaviour? Message-ID: My ldap config is using the variable %d in base search for domain replacement when dovecot will search for users in LDAP. Its works fine for dovecot operation. But, for doveadm index, not. It ignores that variable and tries to pass a base search without domain. So, the search will not working. This is the command: # doveadm -v index -A INBOX This is my config: # cat /etc/dovecot/dovecot-ldap-userdb.conf hosts = 10.0.0.1 tls = no auth_bind = no ldap_version = 3 base = ou=%d,ou=mail,ou=services,dc=domain scope = subtree deref = never user_filter = (& (cn=%n)(objectclass=nisMailAlias)(ContaAtiva=TRUE) ) user_attrs = cn=rfc822mailmember,EmailQuota=quota_rule=*:storage=%$M,EmailQuotaSpecial=quota_rule=*:storage=%$M,eduPersonPrincipalName=eppn iterate_filter = (&(objectclass=nisMailAlias)(ContaAtiva=TRUE)(!(EmailQuota=0))) iterate_attrs = rfc822mailmember=user This is the error reported by doveadm index: doveadm(root): Error: User listing returned failure doveadm: Error: Failed to iterate through some users If you put a tcpdump to monitor the search, you i'll see 3 packets. The first is the LDAP searchRequest message, with this content: LDAPMessage searchRequest(3) "*ou=,*ou=mail,ou=services,dc=domain" wholeSubtree If I change the base parameter of config file to this, it works perfectly: base = ou=net.domain,ou=mail,ou=services,dc=domain tcpdump: LDAPMessage searchRequest(3) "*ou=**net.domain**,*ou=mail,ou=services,dc=domain" wholeSubtree # dovecot -n # 2.2.13 (5c877bca95e5): /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-63-virtual x86_64 Ubuntu 12.04.4 LTS zfs auth_cache_negative_ttl = 1 mins auth_cache_size = 1 k auth_cache_ttl = 10 mins auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@~ disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_gid = mail mail_home = /var/mail/mailboxes/%d/%n/home mail_location = maildir:/var/mail/mailboxes/%d/%n:INDEX=/var/mail.indexes/%d/%n mail_privileged_group = mail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = prefix = type = private } namespace spam { list = yes location = maildir:/var/mail.spam/%d/%n mailbox Filtrados { auto = subscribe } prefix = SPAM. subscriptions = yes type = private } passdb { args = /etc/dovecot/passdb.v3.1.sh driver = checkpassword } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change save mailbox_create mail_log_fields = uid box msgid from subject size vsize quota = maildir:DefaultQuota quota_exceeded_message = O destinatario desta mensagem esta com a caixa postal cheia. A sua mensagem so pode ser entregue se o destinatario apagar algumas das mensagens. quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95 %u quota_warning2 = storage=90%% /usr/local/bin/quota-warning.sh 90 %u sieve = /var/mail/sieve_scripts/%d/%n/.dovecot.sieve sieve_after = /etc/dovecot/sieve/default.sieve sieve_dir = /var/mail/sieve_scripts/%d/%n/sieve sieve_global_dir = /etc/dovecot/sieve sieve_global_path = /etc/dovecot/sieve/default.sieve trash = /etc/dovecot/dovecot-trash.conf } protocols = imap sieve pop3 service anvil { client_limit = 1603 } service auth { client_limit = 1600 unix_listener auth-client { mode = 0660 } unix_listener auth-master { group = mail mode = 0600 user = vmail } user = root vsz_limit = 256 M } service imap-login { client_limit = 1500 inet_listener imap { address = *,[::] port = 143 } inet_listener imaps { address = *,[::] port = 993 } process_limit = 500 service_count = 0 user = dovecot vsz_limit = 256 M } service imap { process_limit = 2048 vsz_limit = 450 M } service managesieve-login { client_limit = 1500 executable = /usr/lib/dovecot/managesieve-login process_limit = 500 service_count = 0 user = dovecot vsz_limit = 256 M } service managesieve { executable = /usr/lib/dovecot/managesieve process_limit = 2048 vsz_limit = 450 M } service pop3-login { client_limit = 1500 inet_listener pop3s { address = *,[::] port = 2221 } process_limit = 500 service_count = 0 user = dovecot vsz_limit = 256 M } service pop3 { process_limit = 2048 vsz_limit = 450 M } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf driver = ldap } protocol imap { mail_fsync = never mail_max_userip_connections = 2048 mail_plugins = quota imap_quota trash zlib mail_log notify ssl_ca = Hello, The sharing folders with dovecot works, but when the user that i shared the folder reads any e-mails in the folder, all my subcribed folder (the folders that i do not shared with this user) is unsubcribed from my account. The only folders that remains is the default ones ( inbox, trash, spam and sent) and the folder that i shared with that user. my configurations: # separator for master-users, example: "login_user*master_user -> user at domain.tld*masteruser auth_master_user_separator = * passdb passwd-file { driver = passwd-file args = /etc/dovecot-masterusers master = yes } namespace private { type = private separator = / prefix = #location defaults to mail_location. inbox = yes } namespace shared { type = shared separator = / prefix = Share Folders/%%u/ location = maildir:/var/spool/mail/vmail/%d/%%n:INDEX=/var/spool/mail/vmail/%d/%n/shared/%%u subscriptions = yes list = children } # cat /etc/dovecot-postlogin #!/bin/bash export MASTER_USER="$USER" exec /usr/lib64/dovecot/imap "$@" Can someone help me out with this? Thanks in advance. From jtam.home at gmail.com Thu Jun 5 22:39:21 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Thu, 5 Jun 2014 15:39:21 -0700 (PDT) Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: References: Message-ID: Timo Sirainen writes: > Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) > hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're > FETCHing large mails? I can't think of any reasonable explanation for > this. It's a shot in the dark, but I had a problem with a different client, where semi-large attachments was problematic. It turned out to be a TCP scaling problem. If a router/firewall drops packets with a TCP scaling option set, the endpoints disagree on how many outstanding non-ACK packets are allowed, resulting in timeouts. http://support.microsoft.com/kb/935400 http://en.wikipedia.org/wiki/TCP_window_scale_option The Microsoft KB does hint those versions of Outlook may be affected, but I can't figure out why there would be a difference between Dovecot 2.1 and 2.2. Joseph Tam From h.reindl at thelounge.net Thu Jun 5 22:41:43 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 06 Jun 2014 00:41:43 +0200 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: References: Message-ID: <5390F227.9030000@thelounge.net> Am 06.06.2014 00:39, schrieb Joseph Tam: > Timo Sirainen writes: > >> Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) >> hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're >> FETCHing large mails? I can't think of any reasonable explanation for >> this. > > It's a shot in the dark, but I had a problem with a different client, > where semi-large attachments was problematic. > > It turned out to be a TCP scaling problem. If a router/firewall drops > packets with a TCP scaling option set, the endpoints disagree on how many > outstanding non-ACK packets are allowed, resulting in timeouts. > > http://support.microsoft.com/kb/935400 > http://en.wikipedia.org/wiki/TCP_window_scale_option > > The Microsoft KB does hint those versions of Outlook may be affected, but > I can't figure out why there would be a difference between Dovecot 2.1 > and 2.2. TCp scaling is a problem since many years and well known for delivery problems with MTA's if there are broken network devices between both sides just disable it *anywhere* and be happy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From tonami at designet.co.jp Fri Jun 6 05:34:52 2014 From: tonami at designet.co.jp (Kenji Tonami) Date: Fri, 06 Jun 2014 14:34:52 +0900 Subject: [Dovecot] CRAM-MD5 authentication memory leak problem. Message-ID: <539152FC.80100@designet.co.jp> I used dovecot Auth daemon for postfix SMTP Auth. I saved clear password to OpenLDAP, then I set up that as the password will be used. There ware no trouble when authentication had sucessed. But when authentication failed by using "CRAM-MD5", it caused increasing memory allocation of dovecot auth daemon. In case of using "PLAIN" or "LOGIN", there were no problem even if authentication had failed. I got same result on dovecot-2.0.9(RHEL6) and dovecot-2.2.13. Does anyone know similar case? I tried restarting dovecot Auth daemon by using service_count parameter in service auth settings. When authentication failed, message on postfix was as follows: ** 535 5.7.8 Error: authentication failed: "CRAM-MD5 string" When authentication failed and restarting dovecot auth daemon at the same time, message on postfix was changed as follows: ** 535 5.7.8 Error: authentication failed: Connection lost to authentication server It looks like that the failed authentication request is suspended by restarting auth daemon. -- config (10-auth.conf) auth_mechanisms = plain login cram-md5 -- -- config (10-master.conf) service auth { executable = auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } } -- -- auth-ldap.conf.ext passdb { driver = ldap args = /etc/dovecot/ldap-passdb.conf.ext } -- -- ldap-passdb.conf.ext host = xxx.xxx.xxx.xxx dn = LDAP Manager DN dnpass = Manager DN password base = ou=mail,dc=xxxxxx,dc=xx scope = subtree pass_attrs = mailID=user,mailClearPassword=password pass_filter = (mailID=%u) auth_bind = no default_pass_scheme = plain -- Thanks. -- Kenji Tonami From skdovecot at smail.inf.fh-brs.de Fri Jun 6 06:16:42 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 6 Jun 2014 08:16:42 +0200 (CEST) Subject: [Dovecot] doveadm index - Bug or expected behaviour? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 5 Jun 2014, Bruno Galindro da Costa wrote: > My ldap config is using the variable %d in base search for domain > replacement when dovecot will search for users in LDAP. Its works fine for > dovecot operation. When an user logs into Dovecot, the login process can extract the domain part from the login username. > But, for doveadm index, not. It ignores that variable and tries to pass a > base search without domain. So, the search will not working. > > This is the command: > # doveadm -v index -A INBOX If you iterate all users (-A), doveadm would need to guess all domains and iterate through them. So, in your case you cannot use -A. However, -u should work. That is, you call the command for each single user that you've iterated from LDAP via script. > base = ou=%d,ou=mail,ou=services,dc=domain [...] > iterate_filter = > (&(objectclass=nisMailAlias)(ContaAtiva=TRUE)(!(EmailQuota=0))) > iterate_attrs = rfc822mailmember=user - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5Fcynz1H7kL/d9rAQI7IggAitRJlAU4olmkTzUqXxrxxPAtF0FMcm0c PqWdByrNM0aLr1WTIShN7y83OnTwFhznuuTg6oVO6s72KZ6Izo9COOK70kLvoGzZ G4TyNu9S671hDVWsasuI+FvChGZURM+6E4G+ctsqTSjY8N8MV6hEdwrNhxBWbbfE nQ0BEMDDaM0Qeycyiy59nhlOkLiSkv40P2NnOekkSvogxb3rpxt9FQ6vIrBkCxJd K1xlwAWzg7Hr4LIUw3PJm0YjT7T4H+1AmiIm7iaAnT8My/9SSB9WCtmFQpzFNWOD tpKc3RcQJykJMpC4oKjgTi0Vh6PTl6g3xMdA9yJ2jmgpLVqpU2fNKw== =l3yY -----END PGP SIGNATURE----- From andy at xecu.net Fri Jun 6 14:25:08 2014 From: andy at xecu.net (Andy Dills) Date: Fri, 6 Jun 2014 10:25:08 -0400 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: <85A150C2-6486-4D3B-A8CF-5290EF219173@iki.fi> References: <539081AB.4010803@rablnet.de> <8FDEFFBA-329E-4A2C-A9B5-E6234766F7B7@iki.fi> <5390A784.9090308@sys4.de> <85A150C2-6486-4D3B-A8CF-5290EF219173@iki.fi> Message-ID: We just upgraded from 2.1.16 to 2.2.13, and we have been have horrendous troubles with outlook since the upgrade. For users with large mailboxes, they are unable to sync their folders. Perhaps this is specifically because of the problem you are mentioning Timo. The only solution we could come up with for now was to configure outlook to only fetch headers and not bodies, when syncing. For the most part, bringing up individual messages is fine, haven't seen that fail. So, with that tweak to the outlook config, things are working error-free again for our users...but it was certainly an unexpected situation to tackle. Also, we found a marked improvement connecting via SSL on 993 than we do unencrypted on 143. I can definitely confirm 100% there is a regression in dovecot 2.2 that severely impacts the performance of outlook (but works great with everything else). Let me know if I can help you track this down Timo. Andy Sent from my iPhone > On Jun 5, 2014, at 1:40 PM, Timo Sirainen wrote: > >> On 5.6.2014, at 20.23, Robert Schetterer wrote: >> >> Am 05.06.2014 17:02, schrieb Timo Sirainen: >>> On 5.6.2014, at 17.41, Martin Rabl wrote: >>> >>>> Am 05.06.2014 16:38, schrieb Timo Sirainen: >>>>> Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're FETCHing large mails? I can't think of any reasonable explanation for this. >>>> how large? >>> >>> I don't know yet if the mail size is even relevant. At least one hang was caused by downloading ~55 MB mail where it stopped just before the last 400 kB. >>> >>> I find it strange that v2.2 has been out for a long time and nobody before this complained about any hangs. >> >> 55 MB mail may are rare ,i can test it ,but it will need some time ( old >> outlook install on clean new windows system....) >> perhaps anyone has an existing setup which could do it faster > > Happens also with smaller mails, for example 3 MB and I think there were also even smaller ones like 1 MB. I see that once Outlook tried to download the same 3 MB mail 3 times and it stopped reading it when it had 400 kB left, but the 4th time succeeded. Dovecot sent exactly the same data with the same TCP packet boundaries all times (at least to Dovecot proxy - would have to look with tcpdump further to see if proxy does something differently..) > > Anyway, nobody in general has had trouble with Dovecot v2.2 and Outlook 2007/2010? Maybe the problem is something else, although strange if it started happening only immediately after Dovecot upgrade. From espa at hol.gr Fri Jun 6 15:19:59 2014 From: espa at hol.gr (Manolis Spanakis) Date: Fri, 6 Jun 2014 18:19:59 +0300 Subject: [Dovecot] Running dovecot under Cygwin Message-ID: Hi, In http://wiki2.dovecot.org/DovecotFeatures I found the following statement regarding devcot support of cygwin: Cygwin works after a few code changes, but doesn't support SCM_RIGHTS I downloaded "dovecot-2.2.13.tar.gr" and tried to compile it under cygwin version 1.7.30 (0.272/5/3) CYGWIN_NT-6.3-WOW642.580 (32-bit). As I executed the: $./configure I got the following error: error: fd passing is required for Dovecot to work If I bypass this error by changing "configure" I get no other errors either in "configure" or "make". It seems that "src/lib/fdpass.c" is the only library incompatible with cygwin. Is there any file version available that provides a solution? Thank you in advance, Manolis Spanakis From rs at sys4.de Fri Jun 6 17:38:48 2014 From: rs at sys4.de (Robert Schetterer) Date: Fri, 06 Jun 2014 19:38:48 +0200 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: References: <539081AB.4010803@rablnet.de> <8FDEFFBA-329E-4A2C-A9B5-E6234766F7B7@iki.fi> <5390A784.9090308@sys4.de> <85A150C2-6486-4D3B-A8CF-5290EF219173@iki.fi> Message-ID: <5391FCA8.60908@sys4.de> Am 06.06.2014 16:25, schrieb Andy Dills: > I can definitely confirm 100% there is a regression in dovecot 2.2 that severely impacts the performance of outlook (but works great with everything else). please be exact in describing what Outlook version, i did not notice any problem testing Outlook 2013, anyway thx for informing Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From bruno.galindro at gmail.com Fri Jun 6 20:57:23 2014 From: bruno.galindro at gmail.com (Bruno Galindro da Costa) Date: Fri, 6 Jun 2014 17:57:23 -0300 Subject: [Dovecot] doveadm index - Bug or expected behaviour? In-Reply-To: <53915c96.486cb40a.62e3.63dbSMTPIN_ADDED_BROKEN@mx.google.com> References: <53915c96.486cb40a.62e3.63dbSMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: ok tks! 2014-06-06 3:16 GMT-03:00 Steffen Kaiser : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Thu, 5 Jun 2014, Bruno Galindro da Costa wrote: > > My ldap config is using the variable %d in base search for domain >> replacement when dovecot will search for users in LDAP. Its works fine for >> dovecot operation. >> > > When an user logs into Dovecot, the login process can extract the domain > part from the login username. > > > But, for doveadm index, not. It ignores that variable and tries to pass a >> base search without domain. So, the search will not working. >> >> This is the command: >> # doveadm -v index -A INBOX >> > > If you iterate all users (-A), doveadm would need to guess all domains and > iterate through them. So, in your case you cannot use -A. However, -u > should work. That is, you call the command for each single user that you've > iterated from LDAP via script. > > base = ou=%d,ou=mail,ou=services,dc=domain >> > [...] > > iterate_filter = >> (&(objectclass=nisMailAlias)(ContaAtiva=TRUE)(!(EmailQuota=0))) >> iterate_attrs = rfc822mailmember=user >> > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBU5Fcynz1H7kL/d9rAQI7IggAitRJlAU4olmkTzUqXxrxxPAtF0FMcm0c > PqWdByrNM0aLr1WTIShN7y83OnTwFhznuuTg6oVO6s72KZ6Izo9COOK70kLvoGzZ > G4TyNu9S671hDVWsasuI+FvChGZURM+6E4G+ctsqTSjY8N8MV6hEdwrNhxBWbbfE > nQ0BEMDDaM0Qeycyiy59nhlOkLiSkv40P2NnOekkSvogxb3rpxt9FQ6vIrBkCxJd > K1xlwAWzg7Hr4LIUw3PJm0YjT7T4H+1AmiIm7iaAnT8My/9SSB9WCtmFQpzFNWOD > tpKc3RcQJykJMpC4oKjgTi0Vh6PTl6g3xMdA9yJ2jmgpLVqpU2fNKw== > =l3yY > -----END PGP SIGNATURE----- > -- Att. Bruno Galindro da Costa From tlx at leuxner.net Sat Jun 7 10:15:30 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Sat, 7 Jun 2014 12:15:30 +0200 Subject: [Dovecot] imap-login killed with signal 11 in Dovecot 2.2.13 (feea8645c4d7) Message-ID: <20140607101530.GA60673@nihlus.leuxner.net> Latest 2.2.13 HG feea8645c4d7 seems to unexpectedly kill imap-login sessions: Jun 7 11:56:10 nihlus dovecot: imap(tlx at leuxner.net): Disconnected: Logged out in=2203 out=851225 Jun 7 11:56:10 nihlus dovecot: imap(tlx at leuxner.net): Disconnected: Logged out in=316 out=2417 Jun 7 11:56:10 nihlus dovecot: imap-login: Fatal: master: service(imap-login): child 60505 killed with signal 11 (core not dumped - add -D parameter to service imap-login { executable } Jun 7 11:56:10 nihlus dovecot: imap-login: Fatal: master: service(imap-login): child 60595 killed with signal 11 (core not dumped - add -D parameter to service imap-login { executable } Adding the -D parameter does not generate a core dump however... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From jost+lists at dimejo.at Sat Jun 7 11:51:53 2014 From: jost+lists at dimejo.at (Alex JOST) Date: Sat, 07 Jun 2014 13:51:53 +0200 Subject: [Dovecot] checkpassword memory limit In-Reply-To: References: Message-ID: <5392FCD9.5050108@dimejo.at> Am 2014-06-05 19:33, schrieb a: > Hi. I am trying to authenticate dovecot from a wordpress database. I was thinking of using the checkpassword script to start a cli php script. That php script would then include the necessary wordpress functions, do the auth (find the wp username from user database using the email address, and authenticate with the user/pass), and return the result to the checkpassword script. I made the above scripts (the php script will be used to authenticate some other services too), and when I run them "by hand" (even with "sudo -u dovecot ..."), it works. But, when the dovecot runs them, the php runs out of memory. After a lot of debuging, I find out that when the dovecot starts the checkpassword script, it makes a 250kB memory limit. But it is not enough for the php script, it needs 14MB. I tried to put a "ulimit -v 16777216" into the checkpassword.sh, but it doesn't work.Is there some hardcoded limit in the dovecot itself? And if there is, could it be somehow changed?I am using a > simple D > ebian Wheezy LAMP, and installed everything from repo. Thanks for every idea. The whole concept sounds quite error-prone. Can't you query the database directly? -- Alex JOST From user+dovecot at localhost.localdomain.org Sat Jun 7 14:32:15 2014 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Sat, 07 Jun 2014 14:32:15 +0000 Subject: [Dovecot] imap-login killed with signal 11 in Dovecot 2.2.13 (feea8645c4d7) In-Reply-To: <20140607101530.GA60673@nihlus.leuxner.net> References: <20140607101530.GA60673@nihlus.leuxner.net> Message-ID: <5393226F.7000904@localhost.localdomain.org> On 06/07/2014 10:15 AM Thomas Leuxner wrote: > Latest 2.2.13 HG feea8645c4d7 seems to unexpectedly kill imap-login sessions: > > Jun 7 11:56:10 nihlus dovecot: imap(tlx at leuxner.net): Disconnected: Logged out in=2203 out=851225 > Jun 7 11:56:10 nihlus dovecot: imap(tlx at leuxner.net): Disconnected: Logged out in=316 out=2417 > Jun 7 11:56:10 nihlus dovecot: imap-login: Fatal: master: service(imap-login): child 60505 killed with signal 11 (core not dumped - add -D parameter to service imap-login { executable } > Jun 7 11:56:10 nihlus dovecot: imap-login: Fatal: master: service(imap-login): child 60595 killed with signal 11 (core not dumped - add -D parameter to service imap-login { executable } > > Adding the -D parameter does not generate a core dump however... > Hi Thomas, either add "ulimit -c unlimited" to your init script or start Dovecot directly from your shell: ulimit -c unlimited dovecot [-c /path/2/dovecot.conf] That should make Dovecot dumping core files. Regards, Pascal -- The trapper recommends today: c01dcafe.1415816 at localdomain.org From kilburna at gmail.com Sat Jun 7 14:46:31 2014 From: kilburna at gmail.com (Kilburn Abrahams) Date: Sun, 08 Jun 2014 00:46:31 +1000 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: References: <539081AB.4010803@rablnet.de> <8FDEFFBA-329E-4A2C-A9B5-E6234766F7B7@iki.fi> <5390A784.9090308@sys4.de> <85A150C2-6486-4D3B-A8CF-5290EF219173@iki.fi> Message-ID: <539325C7.1080606@gmail.com> I can confirm also that since upgrading from 2.1.16 to 2.2.13 that Outlook 2013 (don't have previous versions to test) is throwing strange errors when users send emails. This predominantly happens when sending but has happened when they compose a long email then send. These users have 50GB+ mailboxes using IMAP. I will try the fetch headers and report back. The Outlook errors we are getting is "The operation failed. The messaging interfaces returned an unknown error. Please restart Outlook". So I can confirm there is problem, as one of the users who use Thunderbird with an equally large mailbox and does not have problems. Kilburn On 06/07/2014 12:25 AM, Andy Dills wrote: > We just upgraded from 2.1.16 to 2.2.13, and we have been have horrendous troubles with outlook since the upgrade. > > For users with large mailboxes, they are unable to sync their folders. Perhaps this is specifically because of the problem you are mentioning Timo. > > The only solution we could come up with for now was to configure outlook to only fetch headers and not bodies, when syncing. For the most part, bringing up individual messages is fine, haven't seen that fail. So, with that tweak to the outlook config, things are working error-free again for our users...but it was certainly an unexpected situation to tackle. > > Also, we found a marked improvement connecting via SSL on 993 than we do unencrypted on 143. > > I can definitely confirm 100% there is a regression in dovecot 2.2 that severely impacts the performance of outlook (but works great with everything else). > > Let me know if I can help you track this down Timo. > > Andy > > Sent from my iPhone > >> On Jun 5, 2014, at 1:40 PM, Timo Sirainen wrote: >> >>> On 5.6.2014, at 20.23, Robert Schetterer wrote: >>> >>> Am 05.06.2014 17:02, schrieb Timo Sirainen: >>>> On 5.6.2014, at 17.41, Martin Rabl wrote: >>>> >>>>> Am 05.06.2014 16:38, schrieb Timo Sirainen: >>>>>> Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're FETCHing large mails? I can't think of any reasonable explanation for this. >>>>> how large? >>>> I don't know yet if the mail size is even relevant. At least one hang was caused by downloading ~55 MB mail where it stopped just before the last 400 kB. >>>> >>>> I find it strange that v2.2 has been out for a long time and nobody before this complained about any hangs. >>> 55 MB mail may are rare ,i can test it ,but it will need some time ( old >>> outlook install on clean new windows system....) >>> perhaps anyone has an existing setup which could do it faster >> Happens also with smaller mails, for example 3 MB and I think there were also even smaller ones like 1 MB. I see that once Outlook tried to download the same 3 MB mail 3 times and it stopped reading it when it had 400 kB left, but the 4th time succeeded. Dovecot sent exactly the same data with the same TCP packet boundaries all times (at least to Dovecot proxy - would have to look with tcpdump further to see if proxy does something differently..) >> >> Anyway, nobody in general has had trouble with Dovecot v2.2 and Outlook 2007/2010? Maybe the problem is something else, although strange if it started happening only immediately after Dovecot upgrade. From tlx at leuxner.net Sat Jun 7 14:55:10 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Sat, 7 Jun 2014 16:55:10 +0200 Subject: [Dovecot] imap-login killed with signal 11 in Dovecot 2.2.13 (feea8645c4d7) In-Reply-To: <5393226F.7000904@localhost.localdomain.org> References: <20140607101530.GA60673@nihlus.leuxner.net> <5393226F.7000904@localhost.localdomain.org> Message-ID: <20140607145509.GA61610@nihlus.leuxner.net> * Pascal Volk 2014.06.07 16:32: > Hi Thomas, > > either add "ulimit -c unlimited" to your init script > or > start Dovecot directly from your shell: > > ulimit -c unlimited > dovecot [-c /path/2/dovecot.conf] > > That should make Dovecot dumping core files. Hi Pascal, in general dumps work for Dovecot on my box. The 'imap-login' process however is not in the mood to generate a dump. I think this happened before with some processes of Dovecot, where users had problems to get them to dump... Thanks for your help. Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From tlx at leuxner.net Sat Jun 7 15:29:22 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Sat, 7 Jun 2014 17:29:22 +0200 Subject: [Dovecot] imap-login killed with signal 11 in Dovecot 2.2.13 (feea8645c4d7) In-Reply-To: <20140607101530.GA60673@nihlus.leuxner.net> References: <20140607101530.GA60673@nihlus.leuxner.net> Message-ID: <20140607152922.GA62006@nihlus.leuxner.net> * Thomas Leuxner 2014.06.07 12:15: > Latest 2.2.13 HG feea8645c4d7 seems to unexpectedly kill imap-login sessions: I can crash the process at will over a TLS connection with mutt, which I can't when disabling TLS. So the culprit most-likely is this change: http://hg.dovecot.org/dovecot-2.2/rev/09d3c9c6f0ad It seems difficult to predict the imap-login process that will crash, hence I struggle which one to connect GDB to... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From patrick at spamreducer.eu Sat Jun 7 15:49:42 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Sat, 7 Jun 2014 17:49:42 +0200 Subject: [Dovecot] imap-login killed with signal 11 in Dovecot 2.2.13 Message-ID: <004201cf8268$1916fba0$4b44f2e0$@spamreducer.eu> Same problem here! Updated dovecot some minutes ago from xi.rename-it.nl.. Please resolve it very quick! Having big problems! Thanks, Patrick. > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von > Thomas Leuxner > Gesendet: Samstag, 7. Juni 2014 17:29 > An: dovecot at dovecot.org > Betreff: Re: [Dovecot] imap-login killed with signal 11 in Dovecot 2.2.13 > (feea8645c4d7) > > * Thomas Leuxner 2014.06.07 12:15: > > > Latest 2.2.13 HG feea8645c4d7 seems to unexpectedly kill imap-login > sessions: > > I can crash the process at will over a TLS connection with mutt, which I can't > when disabling TLS. So the culprit most-likely is this change: > > http://hg.dovecot.org/dovecot-2.2/rev/09d3c9c6f0ad > > It seems difficult to predict the imap-login process that will crash, hence I > struggle which one to connect GDB to... From rs at sys4.de Sat Jun 7 16:58:20 2014 From: rs at sys4.de (Robert Schetterer) Date: Sat, 07 Jun 2014 18:58:20 +0200 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: <539325C7.1080606@gmail.com> References: <539081AB.4010803@rablnet.de> <8FDEFFBA-329E-4A2C-A9B5-E6234766F7B7@iki.fi> <5390A784.9090308@sys4.de> <85A150C2-6486-4D3B-A8CF-5290EF219173@iki.fi> <539325C7.1080606@gmail.com> Message-ID: <539344AC.6090408@sys4.de> Am 07.06.2014 16:46, schrieb Kilburn Abrahams: > I can confirm also that since upgrading from 2.1.16 to 2.2.13 that > Outlook 2013 (don't have previous versions to test) is throwing strange > errors when users send emails. This predominantly happens when sending > but has happened when they compose a long email then send. These users > have 50GB+ mailboxes using IMAP. > > I will try the fetch headers and report back. > > The Outlook errors we are getting is "The operation failed. The > messaging interfaces returned an unknown error. Please restart Outlook". > > So I can confirm there is problem, as one of the users who use > Thunderbird with an equally large mailbox and does not have problems. > > Kilburn you mean copy to "sent" imap sent folder , after sent via smtp perhaps i find time to test this myself too, however 50 GB of Mailbox is "not very wise" to have anyway, what are youre "offline" sync policies at that mailboxes, or better to say ,what are defaults at outlook 2013 with syncing such large mailboxes in imap mode, Thunderbird per default does full sync , and gives the chance to configure by folder. At last, dont expect Outlook as good imap client, in very prime its the client of exchange, other features like imap are "on top". > > On 06/07/2014 12:25 AM, Andy Dills wrote: >> We just upgraded from 2.1.16 to 2.2.13, and we have been have horrendous troubles with outlook since the upgrade. >> >> For users with large mailboxes, they are unable to sync their folders. Perhaps this is specifically because of the problem you are mentioning Timo. >> >> The only solution we could come up with for now was to configure outlook to only fetch headers and not bodies, when syncing. For the most part, bringing up individual messages is fine, haven't seen that fail. So, with that tweak to the outlook config, things are working error-free again for our users...but it was certainly an unexpected situation to tackle. >> >> Also, we found a marked improvement connecting via SSL on 993 than we do unencrypted on 143. >> >> I can definitely confirm 100% there is a regression in dovecot 2.2 that severely impacts the performance of outlook (but works great with everything else). >> >> Let me know if I can help you track this down Timo. >> >> Andy >> >> Sent from my iPhone >> >>> On Jun 5, 2014, at 1:40 PM, Timo Sirainen wrote: >>> >>>> On 5.6.2014, at 20.23, Robert Schetterer wrote: >>>> >>>> Am 05.06.2014 17:02, schrieb Timo Sirainen: >>>>> On 5.6.2014, at 17.41, Martin Rabl wrote: >>>>> >>>>>> Am 05.06.2014 16:38, schrieb Timo Sirainen: >>>>>>> Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're FETCHing large mails? I can't think of any reasonable explanation for this. >>>>>> how large? >>>>> I don't know yet if the mail size is even relevant. At least one hang was caused by downloading ~55 MB mail where it stopped just before the last 400 kB. >>>>> >>>>> I find it strange that v2.2 has been out for a long time and nobody before this complained about any hangs. >>>> 55 MB mail may are rare ,i can test it ,but it will need some time ( old >>>> outlook install on clean new windows system....) >>>> perhaps anyone has an existing setup which could do it faster >>> Happens also with smaller mails, for example 3 MB and I think there were also even smaller ones like 1 MB. I see that once Outlook tried to download the same 3 MB mail 3 times and it stopped reading it when it had 400 kB left, but the 4th time succeeded. Dovecot sent exactly the same data with the same TCP packet boundaries all times (at least to Dovecot proxy - would have to look with tcpdump further to see if proxy does something differently..) >>> >>> Anyway, nobody in general has had trouble with Dovecot v2.2 and Outlook 2007/2010? Maybe the problem is something else, although strange if it started happening only immediately after Dovecot upgrade. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From danny at bushidosoftware.com Sun Jun 8 06:40:04 2014 From: danny at bushidosoftware.com (Danny Gorton) Date: Sun, 08 Jun 2014 02:40:04 -0400 Subject: [Dovecot] Authentication Failure (newbie) Message-ID: <53940544.7020601@bushidosoftware.com> Greetings, I'm am learning about running a mail server and I set up a brand new Ubuntu 14.04 server with postfix and dovecot. I had some initial problems with dovecot not starting, and then with not having proper permissions/access to the various directories and files and pipes, etc, and in the process starting to learn how this thing works. After searching in web-land I seem to have overcome those issues and dovecot and postfix both start and accept connections now (http://wiki2.dovecot.org/TestPop3Installation). However when I check to see if I can authenticate I get Authentication Failed. At the time of these login attempts there are no messages added to syslog or mail.log, dovecot log entries are below. Note I redacted my test user and password values to 'xxxxx', and my domain value to 'domain.com'. Also I'm testing with my plain text password, but I've tried using AUTH PLAIN . I have also tried the setup with a default auth domain, and I've tried authenticating with and without the domain name as part of the user name, with the same results. I added the debug settings and disable_plaintext_auth = no to try to solve this issue. Here is my test command set: xxxxx at apacweb:~$ sudo doveadm user xxxxx field valueuserdb lookup: user xxxxx doesn't exist and : xxxxx at apacweb:~$ telnet localhost 110 Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Dovecot (Ubuntu) ready. user xxxxx +OK pass xxxxx -ERR [AUTH] Authentication failed. Here is a cut from the dovecot log: 2014-06-08 01:22:10 auth: Error: passwd-file(xxxxx): stat(uid=vmail gid=vmail home=/home/vmail//xxxxx /etc/dovecot/users) failed: Address family not supported by protocol I figure this is the root cause of this issue and the solution to it is supposedly to tell dovecot to not listen on IPv6 (listen = *), but I did that and it didn't help (see config). Here is a cut from the dovecot.info log: 2014-06-08 00:16:25 auth: Debug: auth client connected (pid=3131) 2014-06-08 01:22:10 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth 2014-06-08 01:22:10 auth: Debug: Read auth token secret from /var/run/dovecot//auth-token-secret.dat 2014-06-08 01:22:10 auth: Debug: passwd-file /etc/dovecot/passwd: Read 1 users in 0 secs 2014-06-08 01:22:10 auth: Debug: master in: USER 1 xxxxx service=doveadm 2014-06-08 01:22:10 auth: Debug: userdb out: NOTFOUND 1 Here is my dovecot config: # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS ext4 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain cram-md5 auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no info_log_path = /var/log/dovecot.info listen = * log_path = /var/log/dovecot log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/home/vmail/%d/%n/Maildir passdb { args = /etc/dovecot/passwd driver = passwd-file } protocols = imap pop3 service auth { executable = /usr/lib/dovecot/auth unix_listener /var/spool/postfix/private/auth-client { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = postfix mode = 0777 user = postfix } user = vmail } service imap-login { chroot = login executable = /usr/lib/dovecot/imap-login user = dovecot } service imap { executable = /usr/lib/dovecot/imap } service pop3-login { chroot = login executable = /usr/lib/dovecot/pop3-login inet_listener pop3 { address = * port = 110 } inet_listener pop3s { address = * port = 995 } user = dovecot } service pop3 { executable = /usr/lib/dovecot/pop3 } ssl = required ssl_cert = References: <53940544.7020601@bushidosoftware.com> Message-ID: <7673a112-5f03-4832-b482-bafa414de081@email.android.com> Hi Danny possibly it has to do with the valid_chroot_dirs option, so that your userdb is not able to find the users file? http://wiki2.dovecot.org/Chrooting?highlight=%28valid_chroot_dirs%29 Regards Daniel From danny at bushidosoftware.com Sun Jun 8 08:25:08 2014 From: danny at bushidosoftware.com (Danny Gorton) Date: Sun, 08 Jun 2014 04:25:08 -0400 Subject: [Dovecot] Authentication Failure (newbie) In-Reply-To: <7673a112-5f03-4832-b482-bafa414de081@email.android.com> References: <53940544.7020601@bushidosoftware.com> <7673a112-5f03-4832-b482-bafa414de081@email.android.com> Message-ID: <53941DE4.1000100@bushidosoftware.com> Daniel, Thanks for the reply. After reading up on that link, I removed all chroot settings, letting dovecot use its defaults. I figure that should open things up as much as possible for testing. My configuration now looks like this, but I get no change in behavior: # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS ext4 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain cram-md5 auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no info_log_path = /var/log/dovecot.info listen = * log_path = /var/log/dovecot log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/home/vmail/%d/%n/Maildir passdb { args = /etc/dovecot/passwd driver = passwd-file } protocols = imap pop3 service auth { executable = /usr/lib/dovecot/auth unix_listener /var/spool/postfix/private/auth-client { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = postfix mode = 0777 user = postfix } user = vmail } service imap-login { executable = /usr/lib/dovecot/imap-login user = dovecot } service imap { executable = /usr/lib/dovecot/imap } service pop3-login { executable = /usr/lib/dovecot/pop3-login inet_listener pop3 { address = * port = 110 } inet_listener pop3s { address = * port = 995 } user = dovecot } service pop3 { executable = /usr/lib/dovecot/pop3 } ssl = required ssl_cert = I observed several long running dovecot/lmtp processes hogging the CPU. I then strace'd them (strace -c -p 6375) and found them munmap()-ing a lot: % time seconds usecs/call calls errors syscall ------ ----------- ----------- --------- --------- ---------------- 97.18 19.592537 1878 10430 munmap 2.28 0.458984 36 12696 epoll_ctl 0.26 0.052926 10 5288 fdatasync 0.21 0.042472 3 13679 epoll_wait ... snip ... Why would that happen? (dovecot 2.1.17) -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From d.parthey at metaways.de Sun Jun 8 10:29:02 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Sun, 08 Jun 2014 12:29:02 +0200 Subject: [Dovecot] Authentication Failure (newbie) In-Reply-To: <53941DE4.1000100@bushidosoftware.com> References: <53940544.7020601@bushidosoftware.com> <7673a112-5f03-4832-b482-bafa414de081@email.android.com> <53941DE4.1000100@bushidosoftware.com> Message-ID: <31741995-3743-4a68-92d6-cfea48792f64@email.android.com> What does the content your users file look like? Is it in the correct format? http://wiki2.dovecot.org/AuthDatabase/PasswdFile Also looks like you need to move some arguments from args to default_fields in your userdb section. Regards Daniel From danny at bushidosoftware.com Sun Jun 8 16:56:21 2014 From: danny at bushidosoftware.com (Danny Gorton) Date: Sun, 08 Jun 2014 12:56:21 -0400 Subject: [Dovecot] Authentication Failure (newbie) In-Reply-To: <31741995-3743-4a68-92d6-cfea48792f64@email.android.com> References: <53940544.7020601@bushidosoftware.com> <7673a112-5f03-4832-b482-bafa414de081@email.android.com> <53941DE4.1000100@bushidosoftware.com> <31741995-3743-4a68-92d6-cfea48792f64@email.android.com> Message-ID: <539495B5.2020805@bushidosoftware.com> Daniel, Nice catch. The arguments all being in the args = instead of the default_fields = for the userdb section was the problem. A newbie RTFM incident for sure. Thank you very much for your help. Now I'm off to see if I can break it again getting all the other mail layers added! Kind regards, Danny On 06/08/2014 06:29 AM, Daniel Parthey wrote: > What does the content your users file look like? Is it in the correct format? > > http://wiki2.dovecot.org/AuthDatabase/PasswdFile > > Also looks like you need to move some arguments from args to default_fields in your userdb section. > > Regards > Daniel > > From CMarcus at Media-Brokers.com Sun Jun 8 16:58:48 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sun, 08 Jun 2014 12:58:48 -0400 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: <539325C7.1080606@gmail.com> References: <539081AB.4010803@rablnet.de> <8FDEFFBA-329E-4A2C-A9B5-E6234766F7B7@iki.fi> <5390A784.9090308@sys4.de> <85A150C2-6486-4D3B-A8CF-5290EF219173@iki.fi> <539325C7.1080606@gmail.com> Message-ID: <53949648.7090906@Media-Brokers.com> On 6/7/2014 10:46 AM, Kilburn Abrahams wrote: > These users > have 50GB+ mailboxes using IMAP. What mailbox format (maildir? dbox? mbox?)? From konkav at freemail.hu Sun Jun 8 17:15:53 2014 From: konkav at freemail.hu (a) Date: Sun, 8 Jun 2014 19:15:53 +0200 (CEST) Subject: [Dovecot] checkpassword memory limit In-Reply-To: <5392FCD9.5050108@dimejo.at> Message-ID: Unfortunately not. It uses the PHPass, which is more complicated than a simple hash (it uses salting and stretching, making it more secure against a brute-force attacks). Although the phpass is available as python or perl script, I want to use the wordpress' functions. Then it would be "future-proof", I mean if they change the password hashing process, it wouldn't broke the other services (i.e. dovecot): there is a function in wordpress, where I supply the hash and the cleartext password, and it returns a boolean value, of the hash being the password's hash.I am working now to use curl with post methods instead the php cli. Because it will use the web-server, I think there would be no memory problem. But it means also, that the auth php would be accessible from the internet, and I didn't like it so much. But hey, something for something :) I am not a programmer, so I can't "read" source codes. But if a programmer reads this, and have a spare few minutes, please be so kind to look at the dovecot's source code, and if finds out the memory limit of the checkpassword method (is it hard-coded, or it could be changed in the config), please drop a few lines. I would be grateful. Thanks. Alex JOST ?rta: >Am 2014-06-05 19:33, schrieb a: >> Hi. I am trying to authenticate dovecot from a wordpress database. I was thinking of using the checkpassword script to start a cli php script. That php script would then include the necessary wordpress functions, do the auth (find the wp username from user database using the email address, and authenticate with the user/pass), and return the result to the checkpassword script. I made the above scripts (the php script will be used to authenticate some other services too), and when I run them "by hand" (even with "sudo -u dovecot ..."), it works. But, when the dovecot runs them, the php runs out of memory. After a lot of debuging, I find out that when the dovecot starts the checkpassword script, it makes a 250kB memory limit. But it is not enough for the php script, it needs 14MB. I tried to put a "ulimit -v 16777216" into the checkpassword.sh, but it doesn't work.Is there some hardcoded limit in the dovecot itself? And if there is, could it be somehow changed?I am using > a >> simple D >> ebian Wheezy LAMP, and installed everything from repo. Thanks for every idea. > >The whole concept sounds quite error-prone. Can't you query the database >directly? > >-- >Alex JOST From kilburna at gmail.com Sun Jun 8 21:20:45 2014 From: kilburna at gmail.com (Kilburn Abrahams) Date: Mon, 09 Jun 2014 07:20:45 +1000 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: <53949648.7090906@Media-Brokers.com> References: <539081AB.4010803@rablnet.de> <8FDEFFBA-329E-4A2C-A9B5-E6234766F7B7@iki.fi> <5390A784.9090308@sys4.de> <85A150C2-6486-4D3B-A8CF-5290EF219173@iki.fi> <539325C7.1080606@gmail.com> <53949648.7090906@Media-Brokers.com> Message-ID: <5394D3AD.8070300@gmail.com> On 06/09/2014 02:58 AM, Charles Marcus wrote: > On 6/7/2014 10:46 AM, Kilburn Abrahams wrote: >> These users >> have 50GB+ mailboxes using IMAP. > > What mailbox format (maildir? dbox? mbox?)? Maildir++. I have got most Outlook users to remove delete items so the size ~ 30GB with the exception of 2 users that I want to keep for testing. I switched to fetch headers. It seemed to reduce the error a bit but I don't know if this is factor of mail reduction or headers. Either way, there is a regression in 2.2. From tss at iki.fi Mon Jun 9 09:21:39 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 9 Jun 2014 12:21:39 +0300 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: References: Message-ID: On 5.6.2014, at 17.38, Timo Sirainen wrote: > Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're FETCHing large mails? I can't think of any reasonable explanation for this. Most likely solved by: http://hg.dovecot.org/dovecot-2.2/rev/6a9508d28d34 Strange that it didn't break more commonly or that more people weren't complaining about it.. The bug has been there since v2.2.7. From andy at xecu.net Mon Jun 9 17:49:15 2014 From: andy at xecu.net (Andy Dills) Date: Mon, 09 Jun 2014 13:49:15 -0400 Subject: [Dovecot] =?utf-8?q?Outlook_2007_=26_2010_hangs_in_v2=2E2=3F?= In-Reply-To: References: Message-ID: <67d79b33a728a1d2f4948b1f2dc91d89@xecu.net> On 06/09/2014 05:21, Timo Sirainen wrote: > On 5.6.2014, at 17.38, Timo Sirainen wrote: > >> Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're FETCHing large mails? I can't think of any reasonable explanation for this. > > Most likely solved by: http://hg.dovecot.org/dovecot-2.2/rev/6a9508d28d34 [1] > > Strange that it didn't break more commonly or that more people weren't complaining about it.. The bug has been there since v2.2.7. Thank you Timo. This patch did indeed correct the problem, we had no problem doing full syncs with the problematic accounts after implementing this. Is it perhaps something that only happens with directory/proxy environments? I'm surprised it hasn't been mentioned before, I figured it was something particular to our implementation since nobody else was mentioning it, until you did. Fascinating to me that it only affects Outlook as well. I don't understand the code well enough to grasp the impact of the bug, so if somebody has a minute to share an explanation that would be cool. Andy ----------------------------------------------------- ANDY DILLS - XECUNET, LLC 5744-R Industry Lane Frederick MD 21704 www.xecu.net [2] P: 301-682-9972 P: 1-877-XECUNET F: 240-215-0351 Twitter [3] Facebook [4] ----------------------------------------------------- Links: ------ [1] http://hg.dovecot.org/dovecot-2.2/rev/6a9508d28d34 [2] http://www.xecu.net/ [3] https://twitter.com/Xecunet [4] http://www.facebook.com/xecunet From tss at iki.fi Mon Jun 9 19:55:24 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 9 Jun 2014 22:55:24 +0300 Subject: [Dovecot] Issues with VANISHED CHANGEDSINCE In-Reply-To: <20121107150844.Horde.ZgCuUYF5lbhQmtvsBlqlJvA@bigworm.curecanti.org> References: <20121105111333.Horde.NrnxfpcRtLVQl_WtvC_yTpA@h4.theupstairsroom.com> <97249C60-AFEE-46B4-9731-E756CFBBD00F@iki.fi> <20121105133748.Horde.YebyGJcRtLVQmAd8vLpiT1A@h4.theupstairsroom.com> <20121105135951.Horde.culyfpcRtLVQmAynU3myTyA@h4.theupstairsroom.com> <20121105124311.Horde.LPWDEoF5lbhQmBbP6CqTwrA@bigworm.curecanti.org> <1352150887.13571.105.camel@hurina> <20121105204953.Horde.S9LKT5cRtLVQmGzB0aHSTpA@h4.theupstairsroom.com> <20121107150844.Horde.ZgCuUYF5lbhQmtvsBlqlJvA@bigworm.curecanti.org> Message-ID: <92FE0C14-F045-495A-9EB7-C441C2BD5668@iki.fi> Looks like there was a bug in here: http://hg.dovecot.org/dovecot-2.2/rev/98195220a0f7 On 8.11.2012, at 0.08, Michael M Slusarz wrote: > Quoting Timo Sirainen : > >> On 6.11.2012, at 3.49, Michael J Rubinsky wrote: >> >> These defines in mail-transaction-log-private.h anyway can be changed to make it much less likely to see your problem: >> >> /* Rotate when log is older than ROTATE_TIME and larger than MIN_SIZE */ >> #define MAIL_TRANSACTION_LOG_ROTATE_MIN_SIZE (1024*32) >> /* If log is larger than MAX_SIZE, rotate regardless of the time */ >> #define MAIL_TRANSACTION_LOG_ROTATE_MAX_SIZE (1024*1024) >> #define MAIL_TRANSACTION_LOG_ROTATE_TIME (60*5) >> >> /* Delete .log.2 files older than this many seconds. Don't be too eager, >> older files are useful for QRESYNC and dsync. */ >> #define MAIL_TRANSACTION_LOG2_STALE_SECS (60*60*24*2) >> >> Maybe the defaults could be changed.. > > I'm not sure changing the defaults is a good idea. But if someone does want to use a particular dovecot server as the backend for activesync clients, for example, it would probably make sense to allow these values to be tweaked via the config files. (I can see an organization having a "normal" IMAP server and a "activesync" IMAP server that differ in these details, and also in things like IDLE timeouts). > > michael > From tss at iki.fi Mon Jun 9 20:06:08 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 9 Jun 2014 23:06:08 +0300 Subject: [Dovecot] imap-login killed with signal 11 in Dovecot 2.2.13 (feea8645c4d7) In-Reply-To: <20140607101530.GA60673@nihlus.leuxner.net> References: <20140607101530.GA60673@nihlus.leuxner.net> Message-ID: <35C73FBD-91C4-41B6-8220-ED8442A4A861@iki.fi> On 7.6.2014, at 13.15, Thomas Leuxner wrote: > Latest 2.2.13 HG feea8645c4d7 seems to unexpectedly kill imap-login sessions: > > Jun 7 11:56:10 nihlus dovecot: imap(tlx at leuxner.net): Disconnected: Logged out in=2203 out=851225 > Jun 7 11:56:10 nihlus dovecot: imap(tlx at leuxner.net): Disconnected: Logged out in=316 out=2417 > Jun 7 11:56:10 nihlus dovecot: imap-login: Fatal: master: service(imap-login): child 60505 killed with signal 11 (core not dumped - add -D parameter to service imap-login { executable } > Jun 7 11:56:10 nihlus dovecot: imap-login: Fatal: master: service(imap-login): child 60595 killed with signal 11 (core not dumped - add -D parameter to service imap-login { executable } Should be fixed by these: http://hg.dovecot.org/dovecot-2.2/rev/7129fe8bc260 http://hg.dovecot.org/dovecot-2.2/rev/5259f6320e52 From tss at iki.fi Mon Jun 9 20:10:51 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 9 Jun 2014 23:10:51 +0300 Subject: [Dovecot] NoSQL support In-Reply-To: <538F2538.7000309@airstreamcomm.net> References: <538F2538.7000309@airstreamcomm.net> Message-ID: <5581DC97-9A30-462A-A450-0982E75E54C0@iki.fi> On 4.6.2014, at 16.55, List wrote: > Is there any support for NoSQL databases such as Cassandra (CQL) or MongoDB now or planned in the future for userdb and passdb lookups? CQL could probably be nicely implemented as lib-sql driver since it's close enough to SQL. I've some preliminary plans for that, but nothing concrete yet. MongoDB could be implemented as lib-dict backend and used with passdb/userdb dict. I've no plans to implement MongoDB currently. Redis and memcached are implemented already though. From tss at iki.fi Mon Jun 9 20:12:42 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 9 Jun 2014 23:12:42 +0300 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: <67d79b33a728a1d2f4948b1f2dc91d89@xecu.net> References: <67d79b33a728a1d2f4948b1f2dc91d89@xecu.net> Message-ID: On 9.6.2014, at 20.49, Andy Dills wrote: >>> Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're FETCHing large mails? I can't think of any reasonable explanation for this. >> >> Most likely solved by: http://hg.dovecot.org/dovecot-2.2/rev/6a9508d28d34 [1] >> >> Strange that it didn't break more commonly or that more people weren't complaining about it.. The bug has been there since v2.2.7. > > Thank you Timo. This patch did indeed correct the problem, we had no > problem doing full syncs with the problematic accounts after > implementing this. > > Is it perhaps something that only happens with directory/proxy > environments? I'm surprised it hasn't been mentioned before, I figured > it was something particular to our implementation since nobody else was > mentioning it, until you did. > > Fascinating to me that it only affects Outlook as well. I don't > understand the code well enough to grasp the impact of the bug, so if > somebody has a minute to share an explanation that would be cool. Only happened when using Dovecot proxy. Only happened if client sent a command while another long running command was already sending data. So basically if Outlook started downloading a large mail on background and user clicked another mail, the already running FETCH was stopped because Outlook sent another FETCH command to the same connection. I guess Outlook was the only client to do that. From tss at iki.fi Mon Jun 9 20:14:51 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 9 Jun 2014 23:14:51 +0300 Subject: [Dovecot] dovecot/lmtp munmap()-ing a lot In-Reply-To: <20140608085943.GA7734@sys4.de> References: <20140608085943.GA7734@sys4.de> Message-ID: On 8.6.2014, at 11.59, Ralf Hildebrandt wrote: > I observed several long running dovecot/lmtp processes hogging the > CPU. I then strace'd them (strace -c -p 6375) and found them > munmap()-ing a lot: > > % time seconds usecs/call calls errors syscall > ------ ----------- ----------- --------- --------- ---------------- > 97.18 19.592537 1878 10430 munmap > 2.28 0.458984 36 12696 epoll_ctl > 0.26 0.052926 10 5288 fdatasync > 0.21 0.042472 3 13679 epoll_wait > ... snip ... > > Why would that happen? (dovecot 2.1.17) Difficult to say. It could be munmap()ing memory allocations or it could be munmap()ing Dovecot index files. Weren't there equivalent number of mmap() calls?.. BTW. In v2.2 the index file handling is faster for LDA/LMTP because it doesn't even try to mmap() the full indexes into memory. From tss at iki.fi Mon Jun 9 20:27:41 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 9 Jun 2014 23:27:41 +0300 Subject: Subject tag [Dovecot] is gone Message-ID: I've actually been thinking about it almost since the beginning. It's just been annoying waste of space on my screen. And more importantly nowadays it's also breaking DKIM/DMARC signatures. So if somebody still uses Subject-based filtering it's about time to switch to List-ID header based filtering now. Another thing I'm wondering about is if I should allow text/html parts, because removing them will also break the DKIM signatures. Or mainly I'd like to allow only multipart/alternative with text/plain + text/html, but I don't think I can configure Mailman to support that. From DanielNeugart at gmx.de Mon Jun 9 21:02:26 2014 From: DanielNeugart at gmx.de (Daniel Neugart) Date: Mon, 9 Jun 2014 23:02:26 +0200 Subject: Bug when virtual mailbox is set to auto=subscribe Message-ID: Hi everybody, I'd like to submit a bug: My setup: dovecot version: 2.2.13-1 Kernel: 3.14.5-1-ARCH on arch linux x64 Filesystem: ext4 Bug description: If a virtual mailbox is defined with auto = subscribe dovecot crashes upon access via imap. Configuration is as followed: namespace inbox { [...] mailbox virtual/Flagged { auto = subscribe special_use = \Flagged } [...] dovecot-virtual file: # ~/Maildir/virtual/Flagged/dovecot-virtual * -Trash -Trash/* flagged 'auto' must be set to 'no' for virtual mailboxes, otherwise dovecot crashes when the virtual folder is tried to be accessed via a imap (thunderbird in my case). Crash log: Jun 09 21:55:07 pluto dovecot[24881]: imap($MAILADRESS): Panic: file mail-index-sync.c: line 413 (mail_index_sync_begin_to2): assertion failed: (!index->syncing) Jun 09 21:55:07 pluto dovecot[24881]: imap($MAILADRESS): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x68680) [0x7fa67a692680] -> /usr/lib/dovecot/libdovecot.so.0(+0x6876c) [0x7fa67a69276c] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fa67a64c83d] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0xc3dfe) [0x7fa67a9c3dfe] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_sync_begin_to+0x3f) [0x7fa67a9c3eaf] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_sync_begin+0x1c) [0x7fa67a9c3f3c] -> /usr/lib/dovecot/modules/lib20_virtual_plugin.so(virtual_storage_sync_init+0xc3) [0x7fa679e71d23] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x29) [0x7fa67a97cf29] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x27) [0x7fa67a97d037] -> /usr/lib/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x31) [0x7fa67a9a59e1] -> /usr/lib/dovecot/modules/lib20_virtual_plugin.so(+0x8c9d) [0x7fa679e70c9d] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31) [0x7fa67a97e321] -> /usr/lib/dovecot/modules/lib20_virtual_plugin.so(virtual_storage_sync_init+0xf94) [0x7fa679e72bf4] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x29) [0x7fa67a97cf29] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x27) [0x7fa67a97d037] -> /usr/lib/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x31) [0x7fa67a9a59e1] -> /usr/lib/dovecot/modules/lib20_virtual_plugin.so(+0x8c9d) [0x7fa679e70c9d] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31) [0x7fa67a97e321] -> /usr/lib/dovecot/modules/lib20_virtual_plugin.so(virtual_storage_sync_init+0xf94) [0x7fa679e72bf4] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x29) [0x7fa67a97cf29] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x27) [0x7fa67a97d037] -> /usr/lib/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x31) [0x7fa67a9a59e1] -> /usr/lib/dovecot/modules/lib20_virtual_plugin.so(+0x8c9d) [0x7fa679e70c9d] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31) [0x7fa67a97e321] -> dovecot/imap(imap_status_get+0x67) [0x41d6f7] -> dovecot/imap(cmd_status+0x188) [0x4131c8] -> dovecot/imap(command_exec+0x3c) [0x4171ac] -> dovecot/imap() [0x416202] Jun 09 21:55:07 pluto dovecot[24881]: imap($MAILADRESS): Fatal: master: service(imap): child 24926 killed with signal 6 (core dumped) Below a complete dump of doveconf -n (with corrected 'auto' value for virtual mailboxes): # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.14.5-1-ARCH x86_64 mail_home = /home/vmail/%d/%n mail_location = maildir:~/Maildir:LAYOUT=fs mail_plugins = " virtual" namespace { location = virtual:~/Maildir/virtual prefix = virtual/ separator = / } namespace inbox { inbox = yes location = mailbox Archive { auto = create special_use = \Archive } mailbox Drafts { auto = create special_use = \Drafts } mailbox Junk { auto = create special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = create special_use = \Trash } mailbox virtual/All { auto = no special_use = \All } mailbox virtual/Flagged { auto = no special_use = \Flagged } prefix = } passdb { args = username_format=%n scheme=SHA512-CRYPT /etc/dovecot/%d/passwd driver = passwd-file } protocols = imap lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = vmail } ssl_cert = References: <20140608085943.GA7734@sys4.de> Message-ID: <20140609214425.GA31799@sys4.de> * Timo Sirainen : > > Why would that happen? (dovecot 2.1.17) > > Difficult to say. It could be munmap()ing memory allocations or it > could be munmap()ing Dovecot index files. Weren't there equivalent > number of mmap() calls?.. > > BTW. In v2.2 the index file handling is faster for LDA/LMTP because it > doesn't even try to mmap() the full indexes into memory. That's probably the problem here. The user had LOTS of (duplicate!) mails in his inbox. -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From voytek at sbt.net.au Tue Jun 10 00:48:47 2014 From: voytek at sbt.net.au (voytek at sbt.net.au) Date: Tue, 10 Jun 2014 10:48:47 +1000 Subject: ot: accepting self certs into win pc? Message-ID: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> few month ago, I've got a new Dovecot/Postfix server with self issued certificate (like the previous server), transferred users, all went well EXCEPT for one user on Win/Outlook (or Outlook Express) who tells me his new PC 'doesn't want to accept certificate' (sorry, I'm short on exact details at this time) I need to get it sorted out, I expect it 'should just work' like it did for other users, BUT, before I start looking, trying to 'educate myself' better if any one has any pointers, dos or don't regarding win email clients with self certified server, pls point me that way is using IE with www.dom.com/mycert.crt good point to start ? (after copying mycer.crt to web linked directory first?) thanks, V From t200907 at fjl.co.uk Tue Jun 10 01:10:23 2014 From: t200907 at fjl.co.uk (Frank Leonhardt) Date: Tue, 10 Jun 2014 02:10:23 +0100 Subject: ot: accepting self certs into win pc? In-Reply-To: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> Message-ID: <53965AFF.9050806@fjl.co.uk> On 10/06/2014 01:48, voytek at sbt.net.au wrote: > few month ago, I've got a new Dovecot/Postfix server with self issued > certificate (like the previous server), transferred users, all went well > > EXCEPT for one user on Win/Outlook (or Outlook Express) who tells me his > new PC 'doesn't want to accept certificate' (sorry, I'm short on exact > details at this time) > > I need to get it sorted out, I expect it 'should just work' like it did > for other users, BUT, before I start looking, trying to 'educate myself' > better > > if any one has any pointers, dos or don't regarding win email clients with > self certified server, pls point me that way > > is using IE withwww.dom.com/mycert.crt good point to start ? (after > copying mycer.crt to web linked directory first?) > > thanks, > V I get endless grief over this, but if you think Microsoft is bad, try Apple. I wrote some notes on it once: http://blog.frankleonhardt.com/2012/certificate-errors-on-internet-explorer-9-and-how-to-stop-them/ I didn't mention it in the post, but IIRC this did work for making some versions Outlook (and other Microsoft Mail things) happy at the same time. Regards, Frank. From Leuchtfeuer18 at gmx.de Tue Jun 10 07:17:04 2014 From: Leuchtfeuer18 at gmx.de (Sandra) Date: Tue, 10 Jun 2014 09:17:04 +0200 Subject: Dovecot Configuration for access with GSSAPI / Kerberos Message-ID: <1402384624.2508.0.camel@Aquitanier.outback> Hi Dovecot-Mailinglist! I try to install a new Dovecot-Server with Kerberos-Authentification (Kerberos-Server is already authenticating user-account ). The following error-notice occurs when I use mail-programm Gnome Evolution to access IMAP-Account: "Ordner konnte nicht ge?ffnet werden (Folder can not be opened) The reported error was "GSSAPI-Legitimation ist fehlgeschlagen". (GSSAPI-Legitimation failed) Is anybody able to help me??? Thanks in advance, Sandra Dovecot Version: 2.1.17 Configuration: auth_mechanisms = gssapi auth_debug = yes auth_gssapi_hostname = kerberosServer.domain auth_realms = REALM auth_default_realm = REALM auth_krb5_keytab = /etc/krb5.keytab auth_verbose = yes disable_plaintext_auth = yes userdb { driver = static args = uid=vmail gid=vmail home=/service/mailServer_Kommunikations-Server/mails/%u } mail_location = maildir:/service/mailServer_Kommunikations-Server/mails/imap/% u/:INBOX=/service/mailServer_Kommunikations-Server/mails/maildir/%u log_timestamp = "%Y-%m-%d %H:%M:%S " managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave protocols = imap pop3 ssl = no service auth { unix_listener /var/spool/postfix/private/auth_dovecot { group = postfix mode = 0660 user = postfix } unix_listener auth-master { mode = 0600 user = mail } user = root } protocol pop3 { pop3_uidl_format = %08Xu%08Xv } protocol lda { auth_socket_path = /var/run/dovecot/auth-master postmaster_address = root at mailServer.domain } mail_privileged_group = mail Logfile: 2014-06-09T09:59:22.596608+02:00 highlands dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/modules/auth 2014-06-09T09:59:22.598243+02:00 highlands dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_mysql.so 2014-06-09T09:59:22.598559+02:00 highlands dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/modules/auth 2014-06-09T09:59:22.600354+02:00 highlands dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libmech_gssapi.so 2014-06-09T09:59:22.600982+02:00 highlands dovecot: auth: Debug: auth client connected (pid=5770) 2014-06-09T09:59:22.602211+02:00 highlands dovecot: auth: Debug: client in: AUTH#0111#011GSSAPI#011service=imap#011session=E7rSlmL70wDAqEWd#011lip=mailServerIP#011rip=clientIP#011lport=143#011rport=46035 2014-06-09T09:59:22.602498+02:00 highlands dovecot: auth: Debug: gssapi(?,clientIP,): Obtaining credentials for imap at dartmoor.outback 2014-06-09T09:59:22.610815+02:00 highlands dovecot: auth: gssapi(?,clientIP,): While acquiring service credentials: Unspecified GSS failure. Minor code may provide more information 2014-06-09T09:59:22.611097+02:00 highlands dovecot: auth: gssapi(?,clientIP,): While acquiring service credentials: No key table entry found matching imap/dartmoor.outback@ 2014-06-09T09:59:24.113071+02:00 highlands dovecot: auth: Debug: client passdb out: FAIL#0111#011temp 2014-06-09T09:59:24.113818+02:00 highlands dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<>, method=GSSAPI, rip=clientIP, lip=mailServerIP, session= From patrick at spamreducer.eu Tue Jun 10 09:06:39 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Tue, 10 Jun 2014 11:06:39 +0200 Subject: AW: [Dovecot] imap-login killed with signal 11 in Dovecot 2.2.13 (feea8645c4d7) In-Reply-To: <35C73FBD-91C4-41B6-8220-ED8442A4A861@iki.fi> References: <20140607101530.GA60673@nihlus.leuxner.net> <35C73FBD-91C4-41B6-8220-ED8442A4A861@iki.fi> Message-ID: <019f01cf848b$49dc2b00$dd948100$@spamreducer.eu> Confirmed! - No killed sessions anymore. Thanks!! > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von Timo > Sirainen > Gesendet: Montag, 9. Juni 2014 22:06 > An: dovecot at dovecot.org > Betreff: Re: [Dovecot] imap-login killed with signal 11 in Dovecot 2.2.13 > (feea8645c4d7) > > On 7.6.2014, at 13.15, Thomas Leuxner wrote: > > > Latest 2.2.13 HG feea8645c4d7 seems to unexpectedly kill imap-login > sessions: > > > > Jun 7 11:56:10 nihlus dovecot: imap(tlx at leuxner.net): Disconnected: > > Logged out in=2203 out=851225 Jun 7 11:56:10 nihlus dovecot: > > imap(tlx at leuxner.net): Disconnected: Logged out in=316 out=2417 Jun 7 > > 11:56:10 nihlus dovecot: imap-login: Fatal: master: > > service(imap-login): child 60505 killed with signal 11 (core not > > dumped - add -D parameter to service imap-login { executable } Jun 7 > > 11:56:10 nihlus dovecot: imap-login: Fatal: master: > > service(imap-login): child 60595 killed with signal 11 (core not > > dumped - add -D parameter to service imap-login { executable } > > Should be fixed by these: > > http://hg.dovecot.org/dovecot-2.2/rev/7129fe8bc260 > http://hg.dovecot.org/dovecot-2.2/rev/5259f6320e52 From tlx at leuxner.net Tue Jun 10 09:29:01 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Tue, 10 Jun 2014 11:29:01 +0200 Subject: [Dovecot] imap-login killed with signal 11 in Dovecot 2.2.13 (feea8645c4d7) In-Reply-To: <019f01cf848b$49dc2b00$dd948100$@spamreducer.eu> References: <20140607101530.GA60673@nihlus.leuxner.net> <35C73FBD-91C4-41B6-8220-ED8442A4A861@iki.fi> <019f01cf848b$49dc2b00$dd948100$@spamreducer.eu> Message-ID: <20140610092901.GA48467@nihlus.leuxner.net> * Patrick De Zordo 2014.06.10 11:06: > Confirmed! - No killed sessions anymore. > > Thanks!! Yep. Looks good now. Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From raabe at froglogic.com Tue Jun 10 09:34:10 2014 From: raabe at froglogic.com (Frerich Raabe) Date: Tue, 10 Jun 2014 11:34:10 +0200 Subject: [Dovecot] imap-login killed with signal 11 in Dovecot 2.2.13 (feea8645c4d7) In-Reply-To: <35C73FBD-91C4-41B6-8220-ED8442A4A861@iki.fi> References: <20140607101530.GA60673@nihlus.leuxner.net> <35C73FBD-91C4-41B6-8220-ED8442A4A861@iki.fi> Message-ID: <3c0ec36fa596b14919a3d298eccae497@roundcube.froglogic.com> On 2014-06-09 22:06, Timo Sirainen wrote: > Should be fixed by these: > > http://hg.dovecot.org/dovecot-2.2/rev/7129fe8bc260 > http://hg.dovecot.org/dovecot-2.2/rev/5259f6320e52 Thanks for being so transparent with the development of Dovecot. Reading through the last couple of fixes you did I wondered - do you have some separate repository (or directory?) for the (unit) tests? I suppose an IMAP server as popular as Dovecot must have some fairly extensive test suite but I only found the 'run-test.sh' script so far (and the 'src/lib-test' directory which doesn't seem to contain much). -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From CMarcus at Media-Brokers.com Tue Jun 10 11:05:45 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 10 Jun 2014 07:05:45 -0400 Subject: OT - Finding/removing duplicate emails - WAS: Re: [Dovecot] dovecot/lmtp munmap()-ing a lot In-Reply-To: <20140609214425.GA31799@sys4.de> References: <20140608085943.GA7734@sys4.de> <20140609214425.GA31799@sys4.de> Message-ID: <5396E689.5000508@Media-Brokers.com> On 6/9/2014 5:44 PM, Ralf Hildebrandt wrote: > That's probably the problem here. The user had LOTS of (duplicate!) > mails in his inbox. Anyone ever found a reliable way to do this? It sure would be nice if dovecot could perform this on a per account and/or per maildir/mailbox case with a simple doveadm command... Best regards, Charles From skdovecot at smail.inf.fh-brs.de Tue Jun 10 13:17:25 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 10 Jun 2014 15:17:25 +0200 (CEST) Subject: OT - Finding/removing duplicate emails - WAS: Re: [Dovecot] dovecot/lmtp munmap()-ing a lot In-Reply-To: <5396E689.5000508@Media-Brokers.com> References: <20140608085943.GA7734@sys4.de> <20140609214425.GA31799@sys4.de> <5396E689.5000508@Media-Brokers.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 10 Jun 2014, Charles Marcus wrote: > On 6/9/2014 5:44 PM, Ralf Hildebrandt wrote: >> That's probably the problem here. The user had LOTS of (duplicate!) >> mails in his inbox. > > Anyone ever found a reliable way to do this? > > It sure would be nice if dovecot could perform this on a per account and/or > per maildir/mailbox case with a simple doveadm command... The basic question is: what is a duplicate? I spot 100% duplicates within the same Maildir mailbox with a script similiar to "fdupes" http://linux.die.net/man/1/fdupes . Because an user may copy messages around, I scan one mailbox at a time. For some rare cases, where I merge two accounts, I use a script, that looks for the message id in one account and removes all messages with the same id in the other account. Than I merge the Maildirs. However, neither script I would call general enough for automatic processing. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5cFZXz1H7kL/d9rAQK/ogf/YWmoJBc7tg5Wsnnz2FPHcxIrnC3YZD2b FXSFsCm60Gc2eyqW2zti7bNLOzZShcIUsYeRteV4lyC0iIcDD6QV13hc50O3LlPx L31kffgtmzIi1P0nQMkiIepbm75e0Rj+4XaaYSaEY1GKSMP6MDUhoBHLPwXS/qaK IahX1ALPVt9gE4SBf9iZirMfHssLJAQvUoGHf6PJLPzWPMUgUV1bY+2U07pgEBh3 4Iaq518zDIKxPp3hWj8d0AuTuErC3xh5Abdcs7x60cUFIoLIIfC7DOszDpA0OkUv Tbc7cOS2sPbP5B0n8k4J28H9h6tlLlUxIT144TUDy9bjbuKVP0FxhA== =CwgK -----END PGP SIGNATURE----- From h.reindl at thelounge.net Tue Jun 10 13:24:57 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 10 Jun 2014 15:24:57 +0200 Subject: OT - Finding/removing duplicate emails - WAS: Re: [Dovecot] dovecot/lmtp munmap()-ing a lot In-Reply-To: References: <20140608085943.GA7734@sys4.de> <20140609214425.GA31799@sys4.de> <5396E689.5000508@Media-Brokers.com> Message-ID: <53970729.7070807@thelounge.net> Am 10.06.2014 15:17, schrieb Steffen Kaiser: > On Tue, 10 Jun 2014, Charles Marcus wrote: >> On 6/9/2014 5:44 PM, Ralf Hildebrandt wrote: >>> That's probably the problem here. The user had LOTS of (duplicate!) >>> mails in his inbox. > >> Anyone ever found a reliable way to do this? > >> It sure would be nice if dovecot could perform this on a per account and/or per maildir/mailbox case with a >> simple doveadm command... > > The basic question is: what is a duplicate? > > I spot 100% duplicates within the same Maildir mailbox with a script similiar to "fdupes" > http://linux.die.net/man/1/fdupes . > Because an user may copy messages around, I scan one mailbox at a time. > > For some rare cases, where I merge two accounts, I use a script, that looks for the message id in one account and > removes all messages with the same id in the other account. Than I merge the Maildirs. > > However, neither script I would call general enough for automatic processing dbmail has just "suppress_duplicates = yes" and silently ignores *new received* messages with the same message-id to the same user as a global setting that's fine for people not able to handling a mailing-list and hit reply-all every time -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From skdovecot at smail.inf.fh-brs.de Tue Jun 10 13:39:11 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 10 Jun 2014 15:39:11 +0200 (CEST) Subject: OT - Finding/removing duplicate emails - WAS: Re: [Dovecot] dovecot/lmtp munmap()-ing a lot In-Reply-To: <53970729.7070807@thelounge.net> References: <20140608085943.GA7734@sys4.de> <20140609214425.GA31799@sys4.de> <5396E689.5000508@Media-Brokers.com> <53970729.7070807@thelounge.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 10 Jun 2014, Reindl Harald wrote: > Am 10.06.2014 15:17, schrieb Steffen Kaiser: >> On Tue, 10 Jun 2014, Charles Marcus wrote: >>> On 6/9/2014 5:44 PM, Ralf Hildebrandt wrote: >>>> That's probably the problem here. The user had LOTS of (duplicate!) >>>> mails in his inbox. >> >>> Anyone ever found a reliable way to do this? >> >>> It sure would be nice if dovecot could perform this on a per account and/or per maildir/mailbox case with a >>> simple doveadm command... >> >> The basic question is: what is a duplicate? >> >> I spot 100% duplicates within the same Maildir mailbox with a script similiar to "fdupes" >> http://linux.die.net/man/1/fdupes . >> Because an user may copy messages around, I scan one mailbox at a time. >> >> For some rare cases, where I merge two accounts, I use a script, that looks for the message id in one account and >> removes all messages with the same id in the other account. Than I merge the Maildirs. >> >> However, neither script I would call general enough for automatic processing > > dbmail has just "suppress_duplicates = yes" and silently ignores > *new received* messages with the same message-id to the same user > as a global setting Wasn't there a thread some days/weeks ago, that Pigeonhole behaves the same by default and the poster asked how long the timeframe is Pigeonhole remembers the ids? Actually, I still wonder about whether or not the same message-id is sufficient to decide to "silently drop" a message, as I interprete "to ignore a message" as "to drop". They might came different paths, some MUA might not generate ids unqiue world-wide or time-depended, ... . It's a matter of taste, IMHO. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5cKf3z1H7kL/d9rAQIFXQf/eOVNj6OCbpbrvgvj1dUmQ4eqZuISO80A oMsncG65sYwOWZAepapdWQCxSK/+kEYmWm7nhmqC+ZfJebsEM+VRaL++gesNXlCZ Uo1VuQKgyEF0Y+buDvOSHxwn8+Fum3u6kiMkvf9Jiog+ucVwlOAsOvPrTfxdT9ST udBzpSjfE9JLWhptjKdqS/1Hum5I3UJN6nb0g2ZYTB1rVdQxmTfmnoRiMb5UeTRA aUpFBQULANbHFJiaVfnUXoYIU1cUl9iaywDSeNG34bmfXJlgGWfpMy1Ani5XdsR6 f7cnIGSdsNmthfdS3SHvY86TfYSf2qUMEJUi4k3QMjDlttWAATqvkA== =mlVS -----END PGP SIGNATURE----- From h.reindl at thelounge.net Tue Jun 10 13:56:30 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 10 Jun 2014 15:56:30 +0200 Subject: OT - Finding/removing duplicate emails - WAS: Re: [Dovecot] dovecot/lmtp munmap()-ing a lot In-Reply-To: References: <20140608085943.GA7734@sys4.de> <20140609214425.GA31799@sys4.de> <5396E689.5000508@Media-Brokers.com> <53970729.7070807@thelounge.net> Message-ID: <53970E8E.8090402@thelounge.net> Am 10.06.2014 15:39, schrieb Steffen Kaiser: > On Tue, 10 Jun 2014, Reindl Harald wrote: >> Am 10.06.2014 15:17, schrieb Steffen Kaiser: >>> The basic question is: what is a duplicate? >>> However, neither script I would call general enough for automatic processing > >> dbmail has just "suppress_duplicates = yes" and silently ignores >> *new received* messages with the same message-id to the same user >> as a global setting > > Wasn't there a thread some days/weeks ago, that Pigeonhole behaves the same by default and the poster asked how > long the timeframe is Pigeonhole remembers the ids? > > Actually, I still wonder about whether or not the same message-id is sufficient to decide to "silently drop" a > message, as I interprete "to ignore a message" as "to drop". They might came different paths, some MUA might not > generate ids unqiue world-wide or time-depended, ... . It's a matter of taste, IMHO if the MUA generates no message-id at all the MTA usually does because otherwise you would risk to get messages rejected what we did many many years ago for any incoming mail without msgid if it generates one it's unlikely to have the same message-id for the same RCPT - usually the current timestamp is part of it -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From dovecot.lista at palacio.cu Tue Jun 10 09:22:52 2014 From: dovecot.lista at palacio.cu (dovecot.lista at palacio.cu) Date: Tue, 10 Jun 2014 09:22:52 -0000 (UTC) Subject: Dovecot auth NTLM Message-ID: <2670.192.168.6.139.1402392172.squirrel@172.16.1.254> Hello, this is my first email to the list... i?m configuring Dovecot with NTLM authentication, at least this is what i wanted, but i?m having a few problems. 1-I made my configuration following the steps from this howto http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm from the dovecot official site, but my dovecot?s version is 2.1.7 and the tutorial dovecot?s version is 1.1.16. But, the fact is that when i enter to the wiki1, for the version 1.x i found that all the howtos are obsoletes and the tutorial for the version 1.x is the same for the 2.x version, so this howto is not trustful.... but, there is not another one. 2-When i implement it all seems to work OK, but the communication between dovecot and the helper in "/usr/bin/ntlm_auth". I made the tests with the binary(/usr/bin/ntlm_auth) and i got the right answers from it, and i also made the test with the tool wbinfo and were successful. During the tests i was monitoring the logs of my Domain Controller (The server from where i want to authenticate) and it logged all the requests i made however when i try to authenticate with dovecot in my Domain Controller nothing is written in the logs... then i get to the conclusion that Dovecot is not communicating with the helper, and of course in dovecot?s logs appears: auth: Info: winbind(?,10.10.10.10): user not authenticated: NT_STATUS_UNSUCCESSFUL As i said, my friends, there is no any other tutorial or howto in internet, at least i did not see it. I?m asking for your help... if any of you have configured Dovecot to auth against NTLM, please tell me how. Im working on Debian Wheezy and Dovecot 2.1.7. PS:Please forgive my English i speak Spanish From skdovecot at smail.inf.fh-brs.de Tue Jun 10 14:31:13 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 10 Jun 2014 16:31:13 +0200 (CEST) Subject: OT - Finding/removing duplicate emails - WAS: Re: [Dovecot] dovecot/lmtp munmap()-ing a lot In-Reply-To: <53970E8E.8090402@thelounge.net> References: <20140608085943.GA7734@sys4.de> <20140609214425.GA31799@sys4.de> <5396E689.5000508@Media-Brokers.com> <53970729.7070807@thelounge.net> <53970E8E.8090402@thelounge.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 10 Jun 2014, Reindl Harald wrote: > Am 10.06.2014 15:39, schrieb Steffen Kaiser: >> On Tue, 10 Jun 2014, Reindl Harald wrote: >>> Am 10.06.2014 15:17, schrieb Steffen Kaiser: >>>> The basic question is: what is a duplicate? >>>> However, neither script I would call general enough for automatic processing >> >>> dbmail has just "suppress_duplicates = yes" and silently ignores >>> *new received* messages with the same message-id to the same user >>> as a global setting >> >> Wasn't there a thread some days/weeks ago, that Pigeonhole behaves the same by default and the poster asked how >> long the timeframe is Pigeonhole remembers the ids? >> >> Actually, I still wonder about whether or not the same message-id is sufficient to decide to "silently drop" a >> message, as I interprete "to ignore a message" as "to drop". They might came different paths, some MUA might not >> generate ids unqiue world-wide or time-depended, ... . It's a matter of taste, IMHO > > if it generates one it's unlikely to have the same message-id > for the same RCPT yes, but then some recipients forward (automatically or manually). Or you a fetchmail-like grabber that re-transmits the message, ... . > - usually the current timestamp is part of it that I mean with "time-depended", but you also used "unlikely" and "usually". So you still see a little chance, that the message-id is not world-wide unique. ;-) I know, nowadays all MUAs should be capable of generating sensible message ids and some claims about bandwith and such are outdated, too. You have to rely on information you do not control -> you have to decide how far to trust. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5cWsnz1H7kL/d9rAQI+Zgf+Pp7968AvnVuOdd/RcnK2fd1rxetBtnzY DKkKjZ3jV9vwKr5yvxNQ5Ic9liHNrW7QvnFOFlPSPZTp5MgmM3dN6LpKTxmWgK4o zb4Zizp2FwWR/qRj67t+tdlyLC/ZVarSRcR4KW5y1iGr7MlvR0RDxaT5Rw1y33bG VZIlnR+LOwQaCa9sg9HjbpsG6FTkgB9VQjgMdqQYdba1+C2RPD/9fm5+CM58JXFt UUBGZITL/AEKBOJ5U1OyK1gr9BlJvbHeIuEJ4XVF7ybkV4rDSngt4Z/8SXaKf2AC FxJT3XbnsJv22iuNA+2LpZxTRQa5QYYoyZSNd70wGnb3GBXjGP4lMA== =WTSS -----END PGP SIGNATURE----- From dovecot at ace-electronics.be Tue Jun 10 14:51:47 2014 From: dovecot at ace-electronics.be (Koenraad Lelong) Date: Tue, 10 Jun 2014 16:51:47 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: References: Message-ID: <53971B83.4070109@ace-electronics.be> op 09-06-14 22:27, Timo Sirainen schreef: > I've actually been thinking about it almost since the beginning. It's just been annoying waste of space on my screen. And more importantly nowadays it's also breaking DKIM/DMARC signatures. So if somebody still uses Subject-based filtering it's about time to switch to List-ID header based filtering now. > > Another thing I'm wondering about is if I should allow text/html parts, because removing them will also break the DKIM signatures. Or mainly I'd like to allow only multipart/alternative with text/plain + text/html, but I don't think I can configure Mailman to support that. > Hi, Just wanted to ask what happened to "[Dovecot]" when I saw this mail. Could you tell me how to find the List_ID ? I looked at the raw mail, but I didn't find it : some removed stuff and anonymized... Received: from wursti.dovecot.fi (wursti.dovecot.fi [87.106.245.223]) by mailbox.ace-electronics.be (Postfix) with SMTP id 808B2A0427 for ace-electronics.be>; Mon, 9 Jun 2014 22:28:22 +0200 (CEST) Received: from wursti.dovecot.fi (localhost.localdomain [127.0.0.1]) by wursti.dovecot.fi (Postfix) with ESMTP id 16BC421F32; Mon, 9 Jun 2014 22:27:56 +0200 (CEST) Received: from talvi.dovecot.org (unknown [137.117.229.219]) by wursti.dovecot.fi (Postfix) with ESMTP; Mon, 9 Jun 2014 22:27:52 +0200 (CEST) Received: from [100.90.112.97] (localhost [127.0.0.1]) by talvi.dovecot.org (Postfix) with ESMTP id 0165E235C1; Mon, 9 Jun 2014 20:28:43 +0000 (UTC) Received: by talvi.dovecot.org (Postfix, from userid 506) id B242523584; Mon, 9 Jun 2014 20:28:39 +0000 (UTC) Received: from wursti.dovecot.fi (unknown [87.106.245.223]) by talvi.dovecot.org (Postfix) with ESMTP id 51A3023584 for ; Mon, 9 Jun 2014 20:28:39 +0000 (UTC) Received: from [192.168.10.103] (cs181255018.pp.htv.fi [82.181.255.18]) by wursti.dovecot.fi (Postfix) with ESMTPSA id 6ABD221D30 for ; Mon, 9 Jun 2014 22:27:43 +0200 (CEST) From: Timo Sirainen iki.fi> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Subject tag [Dovecot] is gone Message-Id: Date: Mon, 9 Jun 2014 23:27:41 +0300 To: Dovecot Mailing List Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) X-Mailer: Apple Mail (2.1878.2) Precedence: list Reply-To: Dovecot Mailing List X-WatchGuard-Spam-ID: str=0001.0A0B0202.539618E6.008E,ss=1,re=0.000,fgs=0 X-WatchGuard-Spam-Score: 0, clean; 0, no virus X-WatchGuard-Mail-Client-IP: 87.106.245.223 X-WatchGuard-Mail-From: dovecot-bounces at dovecot.org X-Virus-Scanned: Maia Mailguard 1.0.3 I've actually been thinking about it almost since the beginning. It's = just been annoying waste of space on my screen. And more importantly = nowadays it's also breaking DKIM/DMARC signatures. So if somebody still = uses Subject-based filtering it's about time to switch to List-ID header = based filtering now. Another thing I'm wondering about is if I should allow text/html parts, = because removing them will also break the DKIM signatures. Or mainly I'd = like to allow only multipart/alternative with text/plain + text/html, = but I don't think I can configure Mailman to support that. From mrvjtod at gmail.com Tue Jun 10 15:04:28 2014 From: mrvjtod at gmail.com (Chris Young) Date: Tue, 10 Jun 2014 11:04:28 -0400 Subject: Subject tag [Dovecot] is gone In-Reply-To: <53971B83.4070109@ace-electronics.be> References: <53971B83.4070109@ace-electronics.be> Message-ID: Gmail doesn't let me filter on message headers so I've updated my filter as follows Before, my filter was SUBJECT:([Dovecot]) But now my filter is HAS THE WORDS:(dovecot.dovecot.org OR dovecot at dovecot.org) On Tue, Jun 10, 2014 at 10:51 AM, Koenraad Lelong < dovecot at ace-electronics.be> wrote: > op 09-06-14 22:27, Timo Sirainen schreef: > > I've actually been thinking about it almost since the beginning. It's >> just been annoying waste of space on my screen. And more importantly >> nowadays it's also breaking DKIM/DMARC signatures. So if somebody still >> uses Subject-based filtering it's about time to switch to List-ID header >> based filtering now. >> >> Another thing I'm wondering about is if I should allow text/html parts, >> because removing them will also break the DKIM signatures. Or mainly I'd >> like to allow only multipart/alternative with text/plain + text/html, but I >> don't think I can configure Mailman to support that. >> >> Hi, > > Just wanted to ask what happened to "[Dovecot]" when I saw this mail. > Could you tell me how to find the List_ID ? I looked at the raw mail, but I > didn't find it : > > some removed stuff and anonymized... > Received: from wursti.dovecot.fi (wursti.dovecot.fi [87.106.245.223]) > by mailbox.ace-electronics.be (Postfix) with SMTP id 808B2A0427 > for ace-electronics.be>; Mon, 9 Jun 2014 22:28:22 > +0200 (CEST) > Received: from wursti.dovecot.fi (localhost.localdomain [127.0.0.1]) > by wursti.dovecot.fi (Postfix) with ESMTP id 16BC421F32; > Mon, 9 Jun 2014 22:27:56 +0200 (CEST) > Received: from talvi.dovecot.org (unknown [137.117.229.219]) > by wursti.dovecot.fi (Postfix) with ESMTP; > Mon, 9 Jun 2014 22:27:52 +0200 (CEST) > Received: from [100.90.112.97] (localhost [127.0.0.1]) > by talvi.dovecot.org (Postfix) with ESMTP id 0165E235C1; > Mon, 9 Jun 2014 20:28:43 +0000 (UTC) > Received: by talvi.dovecot.org (Postfix, from userid 506) > id B242523584; Mon, 9 Jun 2014 20:28:39 +0000 (UTC) > Received: from wursti.dovecot.fi (unknown [87.106.245.223]) > by talvi.dovecot.org (Postfix) with ESMTP id 51A3023584 > for ; Mon, 9 Jun 2014 20:28:39 +0000 (UTC) > Received: from [192.168.10.103] (cs181255018.pp.htv.fi [82.181.255.18]) > by wursti.dovecot.fi (Postfix) with ESMTPSA id 6ABD221D30 > for ; Mon, 9 Jun 2014 22:27:43 +0200 (CEST) > From: Timo Sirainen iki.fi> > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: quoted-printable > Subject: Subject tag [Dovecot] is gone > Message-Id: > Date: Mon, 9 Jun 2014 23:27:41 +0300 > To: Dovecot Mailing List > Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) > X-Mailer: Apple Mail (2.1878.2) > Precedence: list > Reply-To: Dovecot Mailing List > X-WatchGuard-Spam-ID: str=0001.0A0B0202.539618E6.008E,ss=1,re=0.000,fgs=0 > X-WatchGuard-Spam-Score: 0, clean; 0, no virus > X-WatchGuard-Mail-Client-IP: 87.106.245.223 > X-WatchGuard-Mail-From: dovecot-bounces at dovecot.org > X-Virus-Scanned: Maia Mailguard 1.0.3 > > I've actually been thinking about it almost since the beginning. It's = > just been annoying waste of space on my screen. And more importantly = > nowadays it's also breaking DKIM/DMARC signatures. So if somebody still = > uses Subject-based filtering it's about time to switch to List-ID header = > based filtering now. > > Another thing I'm wondering about is if I should allow text/html parts, = > because removing them will also break the DKIM signatures. Or mainly I'd = > like to allow only multipart/alternative with text/plain + text/html, = > > but I don't think I can configure Mailman to support that. > From h.reindl at thelounge.net Tue Jun 10 15:12:08 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 10 Jun 2014 17:12:08 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <53971B83.4070109@ace-electronics.be> References: <53971B83.4070109@ace-electronics.be> Message-ID: <53972048.8060204@thelounge.net> Am 10.06.2014 16:51, schrieb Koenraad Lelong: > op 09-06-14 22:27, Timo Sirainen schreef: >> I've actually been thinking about it almost since the beginning. It's just been annoying waste of space on my >> screen. And more importantly nowadays it's also breaking DKIM/DMARC signatures. So if somebody still uses >> Subject-based filtering it's about time to switch to List-ID header based filtering now. >> >> Another thing I'm wondering about is if I should allow text/html parts, because removing them will also break the >> DKIM signatures. Or mainly I'd like to allow only multipart/alternative with text/plain + text/html, but I don't >> think I can configure Mailman to support that. besides that the envelope sender is "dovecot-bounces at dovecot.org" and To/Cc always "dovecot at dovecot.org" it's easy to filter that with Sieve, subject based filters are broken anyways > Just wanted to ask what happened to "[Dovecot]" when I saw this mail. Could you tell me how to find the List_ID ? I > looked at the raw mail, but I didn't find it: than you have crap software somewhere on your side * fix that * it breaks also reply-to-list function * it breaks threading * it breaks mailing lists * it must not happen at all removing the list headers, look at the same i received and the message id which is the same Received: from wursti.dovecot.fi (wursti.dovecot.fi [87.106.245.223]) by barracuda.thelounge.net with ESMTP id o8NXn7SF4noqMeUE for ; Mon, 09 Jun 2014 22:28:02 +0200 (CEST) Received: from wursti.dovecot.fi (localhost.localdomain [127.0.0.1]) by wursti.dovecot.fi (Postfix) with ESMTP id A0CE221F10; Mon, 9 Jun 2014 22:27:50 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on wursti.dovecot.fi X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,RDNS_NONE autolearn=no version=3.3.1 Received: from talvi.dovecot.org (unknown [137.117.229.219]) by wursti.dovecot.fi (Postfix) with ESMTP; Mon, 9 Jun 2014 22:27:50 +0200 (CEST) Received: from [100.90.112.97] (localhost [127.0.0.1]) by talvi.dovecot.org (Postfix) with ESMTP id DED3F23585; Mon, 9 Jun 2014 20:28:41 +0000 (UTC) X-Original-To: dovecot at dovecot.org Delivered-To: dovecot at dovecot.org Received: by talvi.dovecot.org (Postfix, from userid 506) id B242523584; Mon, 9 Jun 2014 20:28:39 +0000 (UTC) Received: from wursti.dovecot.fi (unknown [87.106.245.223]) by talvi.dovecot.org (Postfix) with ESMTP id 51A3023584 for ; Mon, 9 Jun 2014 20:28:39 +0000 (UTC) Received: from [192.168.10.103] (cs181255018.pp.htv.fi [82.181.255.18]) by wursti.dovecot.fi (Postfix) with ESMTPSA id 6ABD221D30 for ; Mon, 9 Jun 2014 22:27:43 +0200 (CEST) From: Timo Sirainen Subject: Subject tag [Dovecot] is gone Message-Id: Date: Mon, 9 Jun 2014 23:27:41 +0300 To: Dovecot Mailing List Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) X-Mailer: Apple Mail (2.1878.2) X-BeenThere: dovecot at dovecot.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: Dovecot Mailing List List-Id: Dovecot Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dovecot-bounces at dovecot.org Sender: dovecot Received-SPF: none (thelounge.net: dovecot-bounces at dovecot.org does not designate permitted sender hosts) X-Virus-Scanned: by bsmtpd at thelounge.net Return-Path: dovecot-bounces at dovecot.org Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable > some removed stuff and anonymized... > Received: from wursti.dovecot.fi (wursti.dovecot.fi [87.106.245.223]) > by mailbox.ace-electronics.be (Postfix) with SMTP id 808B2A0427 > for ace-electronics.be>; Mon, 9 Jun 2014 22:28:22 +0200 (CEST) > Received: from wursti.dovecot.fi (localhost.localdomain [127.0.0.1]) > by wursti.dovecot.fi (Postfix) with ESMTP id 16BC421F32; > Mon, 9 Jun 2014 22:27:56 +0200 (CEST) > Received: from talvi.dovecot.org (unknown [137.117.229.219]) > by wursti.dovecot.fi (Postfix) with ESMTP; > Mon, 9 Jun 2014 22:27:52 +0200 (CEST) > Received: from [100.90.112.97] (localhost [127.0.0.1]) > by talvi.dovecot.org (Postfix) with ESMTP id 0165E235C1; > Mon, 9 Jun 2014 20:28:43 +0000 (UTC) > Received: by talvi.dovecot.org (Postfix, from userid 506) > id B242523584; Mon, 9 Jun 2014 20:28:39 +0000 (UTC) > Received: from wursti.dovecot.fi (unknown [87.106.245.223]) > by talvi.dovecot.org (Postfix) with ESMTP id 51A3023584 > for ; Mon, 9 Jun 2014 20:28:39 +0000 (UTC) > Received: from [192.168.10.103] (cs181255018.pp.htv.fi [82.181.255.18]) > by wursti.dovecot.fi (Postfix) with ESMTPSA id 6ABD221D30 > for ; Mon, 9 Jun 2014 22:27:43 +0200 (CEST) > From: Timo Sirainen iki.fi> > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: quoted-printable > Subject: Subject tag [Dovecot] is gone > Message-Id: > Date: Mon, 9 Jun 2014 23:27:41 +0300 > To: Dovecot Mailing List > Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) > X-Mailer: Apple Mail (2.1878.2) > Precedence: list > Reply-To: Dovecot Mailing List > X-WatchGuard-Spam-ID: str=0001.0A0B0202.539618E6.008E,ss=1,re=0.000,fgs=0 > X-WatchGuard-Spam-Score: 0, clean; 0, no virus > X-WatchGuard-Mail-Client-IP: 87.106.245.223 > X-WatchGuard-Mail-From: dovecot-bounces at dovecot.org > X-Virus-Scanned: Maia Mailguard 1.0.3 > > I've actually been thinking about it almost since the beginning. It's = > just been annoying waste of space on my screen. And more importantly = > nowadays it's also breaking DKIM/DMARC signatures. So if somebody still = > uses Subject-based filtering it's about time to switch to List-ID header = > based filtering now. > > Another thing I'm wondering about is if I should allow text/html parts, = > because removing them will also break the DKIM signatures. Or mainly I'd = > like to allow only multipart/alternative with text/plain + text/html, = > but I don't think I can configure Mailman to support that -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From bernd at petrovitsch.priv.at Tue Jun 10 15:15:38 2014 From: bernd at petrovitsch.priv.at (Bernd Petrovitsch) Date: Tue, 10 Jun 2014 17:15:38 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: References: <53971B83.4070109@ace-electronics.be> Message-ID: <1402413339.28639.8.camel@thorin> On Die, 2014-06-10 at 11:04 -0400, Chris Young wrote: > Gmail doesn't let me filter on message headers so I've updated my filter as > follows One more reason not to use it;-) [...] > On Tue, Jun 10, 2014 at 10:51 AM, Koenraad Lelong < > dovecot at ace-electronics.be> wrote: [...] > > Just wanted to ask what happened to "[Dovecot]" when I saw this mail. > > Could you tell me how to find the List_ID ? I looked at the raw mail, but I > > didn't find it : [...] > > Reply-To: Dovecot Mailing List You could use that header (which actually should better be gone because reply-to munging considered harmful) or some other header field with "dovecot" somewhere. FTR: I find ---- snip ---- List-Id: Dovecot Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , ---- snip ---- in every mail header (=> RFC-2919). Is someone filtering headers on your side or the MUA just not displaying really all of them? [...] > > Another thing I'm wondering about is if I should allow text/html parts, = > > because removing them will also break the DKIM signatures. Or mainly I'd = > > like to allow only multipart/alternative with text/plain + text/html, = FWIW text/html is actually overrated and - essentially - superfluous. Additionally it makes it even easier to fool the average user. Kind regards, Bernd -- Bernd Petrovitsch Email: bernd at sysprog.at From dovecot at ace-electronics.be Tue Jun 10 15:23:11 2014 From: dovecot at ace-electronics.be (Koenraad Lelong) Date: Tue, 10 Jun 2014 17:23:11 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <53972048.8060204@thelounge.net> References: <53971B83.4070109@ace-electronics.be> <53972048.8060204@thelounge.net> Message-ID: <539722DF.9090905@ace-electronics.be> op 10-06-14 17:12, Reindl Harald schreef: > > > > than you have crap software somewhere on your side What did I do to get such reply ? Koenraad From dovecot at ace-electronics.be Tue Jun 10 15:26:25 2014 From: dovecot at ace-electronics.be (Koenraad Lelong) Date: Tue, 10 Jun 2014 17:26:25 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <1402413339.28639.8.camel@thorin> References: <53971B83.4070109@ace-electronics.be> <1402413339.28639.8.camel@thorin> Message-ID: <539723A1.2000101@ace-electronics.be> op 10-06-14 17:15, Bernd Petrovitsch schreef: > ---- snip ---- > in every mail header (=> RFC-2919). > Is someone filtering headers on your side or the MUA just not displaying > really all of them? > I'm using Thunderbird as MUA. I'll look at the messages on the server. Never noticed before there was something missing. Thanks, Koenraad. From nicolas.kowalski at gmail.com Tue Jun 10 15:30:17 2014 From: nicolas.kowalski at gmail.com (Nicolas KOWALSKI) Date: Tue, 10 Jun 2014 17:30:17 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: References: <53971B83.4070109@ace-electronics.be> Message-ID: <20140610153017.GA23725@petole.demisel.net> On Tue, Jun 10, 2014 at 11:04:28AM -0400, Chris Young wrote: > Gmail doesn't let me filter on message headers so I've updated my filter as > follows Yes it does. I use this: (list:dovecot OR to:dovecot) It matches both mail received from the mailing-list and those I send to the mailing-list. +1 for te subject tag removal :) -- Nicolas From dovecot at ace-electronics.be Tue Jun 10 15:37:45 2014 From: dovecot at ace-electronics.be (Koenraad Lelong) Date: Tue, 10 Jun 2014 17:37:45 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <1402413339.28639.8.camel@thorin> References: <53971B83.4070109@ace-electronics.be> <1402413339.28639.8.camel@thorin> Message-ID: <53972649.6020801@ace-electronics.be> op 10-06-14 17:15, Bernd Petrovitsch schreef: > > FTR: I find > ---- snip ---- > List-Id: Dovecot Mailing List > List-Unsubscribe: , > > List-Archive: > List-Post: > List-Help: > List-Subscribe: , > > ---- snip ---- > in every mail header (=> RFC-2919). > Is someone filtering headers on your side or the MUA just not displaying > really all of them? > I looked at some messages on the server. Not trace of those List-lines. I think I will get in touch with Watchguard to see if they remove those lines. Thanks. Koenraad From dovecot at vosslamber.nl Tue Jun 10 15:40:10 2014 From: dovecot at vosslamber.nl (Luuk) Date: Tue, 10 Jun 2014 17:40:10 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <539722DF.9090905@ace-electronics.be> References: <53971B83.4070109@ace-electronics.be> <53972048.8060204@thelounge.net> <539722DF.9090905@ace-electronics.be> Message-ID: <539726DA.1080301@vosslamber.nl> On 10-6-2014 17:23, Koenraad Lelong wrote: > op 10-06-14 17:12, Reindl Harald schreef: >> >> > >> >> than you have crap software somewhere on your side > > What did I do to get such reply ? > > Koenraad Because you have crap software.... ;) It's not caused by Thunderbird itself (it might be an add-on!) I'm reading with thunderbird too, and in the headers of the firts post in this hread i see: List-Id: Dovecot Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dovecot-bounces at dovecot.org Sender: "dovecot" From h.reindl at thelounge.net Tue Jun 10 16:26:09 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 10 Jun 2014 18:26:09 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <539722DF.9090905@ace-electronics.be> References: <53971B83.4070109@ace-electronics.be> <53972048.8060204@thelounge.net> <539722DF.9090905@ace-electronics.be> Message-ID: <539731A1.2090503@thelounge.net> Am 10.06.2014 17:23, schrieb Koenraad Lelong: > op 10-06-14 17:12, Reindl Harald schreef: >> >> than you have crap software somewhere on your side > > What did I do to get such reply? are you a piece of software or why do you take "crap software" personally against yourself? you should have read the rest of my answer something "smart" mainpulates messages you receive this may become a *serious* problem in case of signed messages this is most likely also the reason you hit reply all because removing the list-headers makes the "reply-to-list" button in thunderbird non-functional -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From r at sys4.de Tue Jun 10 16:32:30 2014 From: r at sys4.de (Ralf Hildebrandt) Date: Tue, 10 Jun 2014 18:32:30 +0200 Subject: OT - Finding/removing duplicate emails - WAS: Re: [Dovecot] dovecot/lmtp munmap()-ing a lot In-Reply-To: <5396E689.5000508@Media-Brokers.com> References: <20140608085943.GA7734@sys4.de> <20140609214425.GA31799@sys4.de> <5396E689.5000508@Media-Brokers.com> Message-ID: <20140610163230.GC13657@sys4.de> * Charles Marcus : > On 6/9/2014 5:44 PM, Ralf Hildebrandt wrote: > >That's probably the problem here. The user had LOTS of (duplicate!) > >mails in his inbox. > > Anyone ever found a reliable way to do this? To duplicate the mails? Yeah: Just let fetchmail run unobserved for weeks, will fuck up things nicely. No manual intervention needed. -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From r at sys4.de Tue Jun 10 16:33:18 2014 From: r at sys4.de (Ralf Hildebrandt) Date: Tue, 10 Jun 2014 18:33:18 +0200 Subject: OT - Finding/removing duplicate emails - WAS: Re: [Dovecot] dovecot/lmtp munmap()-ing a lot In-Reply-To: References: <20140608085943.GA7734@sys4.de> <20140609214425.GA31799@sys4.de> <5396E689.5000508@Media-Brokers.com> Message-ID: <20140610163318.GD13657@sys4.de> > The basic question is: what is a duplicate? > > I spot 100% duplicates within the same Maildir mailbox with a script > similiar to "fdupes" http://linux.die.net/man/1/fdupes . > Because an user may copy messages around, I scan one mailbox at a time. But with mdbox? Or mailboxes != Maildir format in general? -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From r at sys4.de Tue Jun 10 16:34:39 2014 From: r at sys4.de (Ralf Hildebrandt) Date: Tue, 10 Jun 2014 18:34:39 +0200 Subject: OT - Finding/removing duplicate emails - WAS: Re: [Dovecot] dovecot/lmtp munmap()-ing a lot In-Reply-To: References: <20140608085943.GA7734@sys4.de> <20140609214425.GA31799@sys4.de> <5396E689.5000508@Media-Brokers.com> <53970729.7070807@thelounge.net> Message-ID: <20140610163439.GE13657@sys4.de> > Wasn't there a thread some days/weeks ago, that Pigeonhole behaves the > same by default and the poster asked how long the timeframe is Pigeonhole > remembers the ids? How would I go about enabling this? > Actually, I still wonder about whether or not the same message-id is > sufficient to decide to "silently drop" a message, as I interprete "to > ignore a message" as "to drop". They might came different paths, some MUA > might not generate ids unqiue world-wide or time-depended, ... . It's a > matter of taste, IMHO. You're probably right, but in the case of a runaway fetchmail it would nbe sufficient. mutt's "~=" Tagging does the same (IMHO) -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From CMarcus at Media-Brokers.com Tue Jun 10 16:57:23 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 10 Jun 2014 12:57:23 -0400 Subject: OT - Finding/removing duplicate emails - WAS: Re: [Dovecot] dovecot/lmtp munmap()-ing a lot In-Reply-To: <20140610163230.GC13657@sys4.de> References: <20140608085943.GA7734@sys4.de> <20140609214425.GA31799@sys4.de> <5396E689.5000508@Media-Brokers.com> <20140610163230.GC13657@sys4.de> Message-ID: <539738F3.4020107@Media-Brokers.com> On 6/10/2014 12:32 PM, Ralf Hildebrandt wrote: > * Charles Marcus: >> >On 6/9/2014 5:44 PM, Ralf Hildebrandt wrote: >>> > >That's probably the problem here. The user had LOTS of (duplicate!) >>> > >mails in his inbox. >> > >> >Anyone ever found a reliable way to do this? > To duplicate the mails? 'This' referred obviously to my altered SUBJECT... ;) Best regards, Charles From bruno.galindro at gmail.com Tue Jun 10 17:31:58 2014 From: bruno.galindro at gmail.com (Bruno Galindro da Costa) Date: Tue, 10 Jun 2014 14:31:58 -0300 Subject: Parse dovecot 2.2 logs with logstash Message-ID: Guys, I need to parse my dovecot log files with logstash grok patterns. Is there any document specifying the patterns used by dovecot to write it's logs? I need to find all the log possibilities that could be writed to log files by dovecot. So, if a document like that exists or if anyone could answer my question, I'll could make the parser with less difficult. -- Att. Bruno Galindro da Costa From deano-dovecot at areyes.com Tue Jun 10 17:40:04 2014 From: deano-dovecot at areyes.com (deano-dovecot at areyes.com) Date: Tue, 10 Jun 2014 13:40:04 -0400 Subject: [Dovecot] Replication with virtual users and static userdb possible =?UTF-8?Q?=3F?= In-Reply-To: <45e92cf6344143e2f5d0ded8902469ae@areyes.com> References: <45e92cf6344143e2f5d0ded8902469ae@areyes.com> Message-ID: <2e62737f6b3b423ddb749f12c8eb3811@areyes.com> Is there no-one out there using replication with virtual users ? If so how did you do it ? I just *know* someone is going to point me to a simple page describing how to do it ... On 2014-06-05 09:57, deano-dovecot at areyes.com wrote: > Ugh, stuff got mangled in formatting below. Anyway, I've had no luck with > various permutations, so it's looking like a virtual-user setup can't make > use of replication ? > > I guess what I want is for it to activate replication upon ANY notification > of updated emails. > > On 2014-06-03 11:54, deano-dovecot at areyes.comwrote: > >> Is it possible to get replication working in a virtual user setup that uses a static userdb ? My environment is fairly simple and typical - there's a single system user (vmail) that owns all the home dirs (/var/mail/domain.com/user). The virtual users ( userid @ domain.com : secretpassword) are kept in a single file (/var/mail/domain.com/PASSWD) that's unique per domain, and referenced as a static userdb : passdb { driver = passwd-file args = scheme=plain username_format=%u /var/mail/%d/PASSWD } userdb { driver = static args = uid=vmail gid=vmail home=/var/mail/%d/%n } I know the wiki http://wiki2.dovecot.org/Replication [1] states that user listing must be enabled, but that's not available for a static userdb. The wiki http://wiki2.dovecot.org/UserDatabase/Static [2] also says that it shouldn't be a problem because it will use do a passdb lookup instead (except for PAM which isn't used here). Unfortunately, it's not working. I've testing with ssh : dsync_remote_cmd = ssh -l vmail %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace} mail_replica = remote:vmail at server2.domain.com [3] as well as with straight tcp (SSL for later) mail_replica = tcp:server2.domain.com:999 /var/log/mail.err shows the problems ... Jun 3 11:30:53 server1 dovecot: auth: Error: Trying to iterate users, but userdbs don't support it Jun 3 11:30:53 server1 dovecot: replicator: Error: User listing returned failure Jun 3 11:30:53 server1 dovecot: replicator: Error: listing users failed, can't replicate existing data Anyone else have it working ? I'm sure it's something simple that I've just overlooked. Links: ------ [1] http://wiki2.dovecot.org/Replication [2] http://wiki2.dovecot.org/UserDatabase/Static [3] mailto:vmail at server2.domain.com From mark at msapiro.net Tue Jun 10 17:41:02 2014 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 10 Jun 2014 10:41:02 -0700 Subject: Subject tag [Dovecot] is gone In-Reply-To: References: Message-ID: <5397432E.3030503@msapiro.net> On 06/09/2014 01:27 PM, Timo Sirainen wrote: > > Another thing I'm wondering about is if I should allow text/html parts, because removing them will also break the DKIM signatures. Or mainly I'd like to allow only multipart/alternative with text/plain + text/html, but I don't think I can configure Mailman to support that. Yes you can, well sort of - see below, but note that in addition to content filtering, the addition of msg_footer will probably break DKIM signatures. If you put the following in pass_mime_types multipart/alternative text/plain text/html and set both collapse_alternatives and convert_html_to_plaintext to No, multipart messages which are not multipart/mixed (e.g., multipart/mixed, multipart/related and multipart/signed) will be handled according to filter_action. Messages which are multipart/alternative with only text/plain and text/html alternatives will be passed unchanged by content filtering as will single part messages of type text/plain or text/html. Potential problems with this are: 1) you may not want single part text/html on the list. 2) some people sign their posts. Because of 2), you need to add multipart/signed and application/pgp-signature to pass_mime_types, but that complicates the content filtering scenario because now a message with a structure like multipart/signed text/plain application/pgp-signature image/jpeg will be accepted by the list with the image/jpeg part removed rather than handled according to filter_action. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From professa at dementianati.com Tue Jun 10 19:31:47 2014 From: professa at dementianati.com (Professa Dementia) Date: Tue, 10 Jun 2014 12:31:47 -0700 Subject: Subject tag [Dovecot] is gone In-Reply-To: References: <53963634.5060308@dementianati.com> Message-ID: <53975D23.5040902@dementianati.com> On 6/9/2014 7:26 PM, Timo Sirainen wrote: > The main reason is DKIM, which is starting to be a real problem. I have not used DKIM much. My mail server and client mostly deal with SPF. I have a filter that colorizes messages that have no SPF or a missing DKIM or bad DKIM signature. I *have* noticed that a lot of messages from the list get marked in such manner, but it never really bothered me and I never thought about it much. Now I understand why that happens (the [Dovecot] identifier in the subject). When trying to solve a problem, the first thing is to correctly identify the problem. You cannot solve a problem if you do not even know what it is. The underlying problem is to identify and classify emails as ones you want and ones you do not want. This is not easy and involves reading a person's mind. A person may, depending on their mood, classify the same email differently at different times, which complicates things. DKIM assumes that you can, in many cases, classify emails this way based on authenticating the *domain* of the sender. This has some serious flaws in that it does not address this issue, even though it purports to. One way to classify an email as "wanted" is if it comes from someone you know and want to communicate with. Signing based on a domain does nothing to address this. If my girlfriend is judy at yahoo.com, I want to receive her emails. That does not means I want to receive all emails from the yahoo.com domain. I do not want someone else to impersonate her. If later, we break up and I no longer want to receive her emails, DKIM does nothing to help with that, either. That could be OK if such functionality is beyond its scope. DKIM erroneously bundles sender authentication with message validation. I want to know that it really was judy at yahoo.com that sent me the message and not someone trying to impersonate her. However, as a separate function, I would like to know that the message I received is not the one she sent. These functions should not be integrated. As it is now, if the signature does not verify, I do not know why. Was the sender spoofed? Was some part of the message modified in some way? And just for the record, I believe that the subject line should conceptually be treated as part of the message, along with the date. DKIM is too strict. If I want to present a legal document (email) in court, I may want to prove that the document I present to the court is exactly as it was when it was sent to me. However, this is not a common occurrence. The real world is messy and imperfect and often, changes to emails are innocuous and legitimate. Mailing lists are an example of this. A mailing list or anti-virus scanner *should* be able to add a footer or add a mailing list identifier to the subject line, as long as those changes can be marked as later additions that the original sender is not accountable for. An email program should make it clear to the recipient which parts are not accountable to the original sender. I am not proposing a new standard, simply pointing out that breaking an established protocol (by removing the [Dovecot] subject identifier) because of a flawed anti-spam system is not in people's best interest. Can a spammer spoof messages from the list? Sure. Has it happened? Not that I am aware of. Is it a problem? Not so far. So why, then, make people go through all this trouble of setting up new filters and rules, mail routing, software upgrades, etc, just to appease a standard that is clearly broken? Dem From p at sys4.de Tue Jun 10 20:05:35 2014 From: p at sys4.de (Patrick Ben Koetter) Date: Tue, 10 Jun 2014 22:05:35 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <53975D23.5040902@dementianati.com> References: <53963634.5060308@dementianati.com> <53975D23.5040902@dementianati.com> Message-ID: <20140610200535.GC3057@sys4.de> Professa, I suggest to take this discussion to the DKIM mailing list or even better to DMARC at IETF. Discussing the usefulness of DKIM or DMARC is better done there. Until people at IETF come up with a solution for DMARC that works for all participants most MLs, just like this, are better off avoiding further damage to mail transport by not adding the list name to the subject and not adding a footer. Of all available options not to break DMARC, this is still the best - be it liked or not. p at rick * Professa Dementia : > On 6/9/2014 7:26 PM, Timo Sirainen wrote: > > > The main reason is DKIM, which is starting to be a real problem. > > I have not used DKIM much. My mail server and client mostly deal with > SPF. I have a filter that colorizes messages that have no SPF or a > missing DKIM or bad DKIM signature. I *have* noticed that a lot of > messages from the list get marked in such manner, but it never really > bothered me and I never thought about it much. Now I understand why > that happens (the [Dovecot] identifier in the subject). > > When trying to solve a problem, the first thing is to correctly identify > the problem. You cannot solve a problem if you do not even know what it is. > > The underlying problem is to identify and classify emails as ones you > want and ones you do not want. This is not easy and involves reading a > person's mind. A person may, depending on their mood, classify the same > email differently at different times, which complicates things. > > DKIM assumes that you can, in many cases, classify emails this way based > on authenticating the *domain* of the sender. This has some serious > flaws in that it does not address this issue, even though it purports to. > > One way to classify an email as "wanted" is if it comes from someone you > know and want to communicate with. Signing based on a domain does > nothing to address this. If my girlfriend is judy at yahoo.com, I want to > receive her emails. That does not means I want to receive all emails > from the yahoo.com domain. I do not want someone else to impersonate her. > > If later, we break up and I no longer want to receive her emails, DKIM > does nothing to help with that, either. That could be OK if such > functionality is beyond its scope. > > DKIM erroneously bundles sender authentication with message validation. > I want to know that it really was judy at yahoo.com that sent me the > message and not someone trying to impersonate her. However, as a > separate function, I would like to know that the message I received is > not the one she sent. These functions should not be integrated. As it > is now, if the signature does not verify, I do not know why. Was the > sender spoofed? Was some part of the message modified in some way? And > just for the record, I believe that the subject line should conceptually > be treated as part of the message, along with the date. > > DKIM is too strict. If I want to present a legal document (email) in > court, I may want to prove that the document I present to the court is > exactly as it was when it was sent to me. However, this is not a common > occurrence. The real world is messy and imperfect and often, changes to > emails are innocuous and legitimate. Mailing lists are an example of this. > > A mailing list or anti-virus scanner *should* be able to add a footer or > add a mailing list identifier to the subject line, as long as those > changes can be marked as later additions that the original sender is not > accountable for. An email program should make it clear to the recipient > which parts are not accountable to the original sender. > > I am not proposing a new standard, simply pointing out that breaking an > established protocol (by removing the [Dovecot] subject identifier) > because of a flawed anti-spam system is not in people's best interest. > > Can a spammer spoof messages from the list? Sure. Has it happened? > Not that I am aware of. Is it a problem? Not so far. > > So why, then, make people go through all this trouble of setting up new > filters and rules, mail routing, software upgrades, etc, just to appease > a standard that is clearly broken? > > Dem -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From voytek at sbt.net.au Tue Jun 10 23:44:43 2014 From: voytek at sbt.net.au (voytek at sbt.net.au) Date: Wed, 11 Jun 2014 09:44:43 +1000 Subject: ot: accepting self certs into win pc? In-Reply-To: <53965AFF.9050806@fjl.co.uk> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> Message-ID: <1f83421916d8a1650d268850fb1e52ef.squirrel@emu.sbt.net.au> On Tue, June 10, 2014 11:10 am, Frank Leonhardt wrote: > I get endless grief over this, but if you think Microsoft is bad, try > Apple. I wrote some notes on it once: > http://blog.frankleonhardt.com/2012/certificate-errors-on-internet-explor > er-9-and-how-to-stop-them/ > I didn't mention it in the post, but IIRC this did work for making some > versions Outlook (and other Microsoft Mail things) happy at the same time. Frank, thanks for the link, very helpful !! however, I'm not sure I get this: "The trick is to run Internet Explorer as Administrator (not just when logged in as Administrator). " so, I need to log in as Administrator, and, then, what else ? From voytek at sbt.net.au Wed Jun 11 05:07:09 2014 From: voytek at sbt.net.au (Voytek) Date: Wed, 11 Jun 2014 15:07:09 +1000 Subject: ot: accepting self certs into win pc? In-Reply-To: <1f83421916d8a1650d268850fb1e52ef.squirrel@emu.sbt.net.au> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> <1f83421916d8a1650d268850fb1e52ef.squirrel@emu.sbt.net.au> Message-ID: <1aa15c4b-2f0c-41cb-a56e-863ac8905071@email.android.com> On 11 June 2014 9:44:43 am AEST, voytek at sbt.net.au wrote: > >"The trick is to run Internet Explorer as Administrator (not just when >logged in as Administrator). " > >so, I need to log in as Administrator, and, then, what else ? please disregard, found it -- Sent from Kaiten Mail. Please excuse my brevity. From nick.z.edwards at gmail.com Wed Jun 11 05:28:52 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Wed, 11 Jun 2014 15:28:52 +1000 Subject: Subject tag [Dovecot] is gone In-Reply-To: <539722DF.9090905@ace-electronics.be> References: <53971B83.4070109@ace-electronics.be> <53972048.8060204@thelounge.net> <539722DF.9090905@ace-electronics.be> Message-ID: Nothing. Reindel has always been an abusive troll On 6/11/14, Koenraad Lelong wrote: > op 10-06-14 17:12, Reindl Harald schreef: >> >> > >> >> than you have crap software somewhere on your side > > What did I do to get such reply ? > > Koenraad > From nick.z.edwards at gmail.com Wed Jun 11 05:31:05 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Wed, 11 Jun 2014 15:31:05 +1000 Subject: Subject tag [Dovecot] is gone In-Reply-To: <20140610200535.GC3057@sys4.de> References: <53963634.5060308@dementianati.com> <53975D23.5040902@dementianati.com> <20140610200535.GC3057@sys4.de> Message-ID: If DMARC (the new kid on the block), gets broken by simple things like subject changes on lists, then DMARC is broken, I wont go into the other 9 key reasons I consider it useless because as you said this is not the list for it. On 6/11/14, Patrick Ben Koetter

wrote: > Professa, > > I suggest to take this discussion to the DKIM mailing list or even better > to > DMARC at IETF. Discussing the usefulness of DKIM or DMARC is better done > there. > > Until people at IETF come up with a solution for DMARC that works for all > participants most MLs, just like this, are better off avoiding further > damage > to mail transport by not adding the list name to the subject and not adding > a > footer. Of all available options not to break DMARC, this is still the best > - > be it liked or not. > > p at rick > > > * Professa Dementia : >> On 6/9/2014 7:26 PM, Timo Sirainen wrote: >> >> > The main reason is DKIM, which is starting to be a real problem. >> >> I have not used DKIM much. My mail server and client mostly deal with >> SPF. I have a filter that colorizes messages that have no SPF or a >> missing DKIM or bad DKIM signature. I *have* noticed that a lot of >> messages from the list get marked in such manner, but it never really >> bothered me and I never thought about it much. Now I understand why >> that happens (the [Dovecot] identifier in the subject). >> >> When trying to solve a problem, the first thing is to correctly identify >> the problem. You cannot solve a problem if you do not even know what it >> is. >> >> The underlying problem is to identify and classify emails as ones you >> want and ones you do not want. This is not easy and involves reading a >> person's mind. A person may, depending on their mood, classify the same >> email differently at different times, which complicates things. >> >> DKIM assumes that you can, in many cases, classify emails this way based >> on authenticating the *domain* of the sender. This has some serious >> flaws in that it does not address this issue, even though it purports to. >> >> One way to classify an email as "wanted" is if it comes from someone you >> know and want to communicate with. Signing based on a domain does >> nothing to address this. If my girlfriend is judy at yahoo.com, I want to >> receive her emails. That does not means I want to receive all emails >> from the yahoo.com domain. I do not want someone else to impersonate >> her. >> >> If later, we break up and I no longer want to receive her emails, DKIM >> does nothing to help with that, either. That could be OK if such >> functionality is beyond its scope. >> >> DKIM erroneously bundles sender authentication with message validation. >> I want to know that it really was judy at yahoo.com that sent me the >> message and not someone trying to impersonate her. However, as a >> separate function, I would like to know that the message I received is >> not the one she sent. These functions should not be integrated. As it >> is now, if the signature does not verify, I do not know why. Was the >> sender spoofed? Was some part of the message modified in some way? And >> just for the record, I believe that the subject line should conceptually >> be treated as part of the message, along with the date. >> >> DKIM is too strict. If I want to present a legal document (email) in >> court, I may want to prove that the document I present to the court is >> exactly as it was when it was sent to me. However, this is not a common >> occurrence. The real world is messy and imperfect and often, changes to >> emails are innocuous and legitimate. Mailing lists are an example of >> this. >> >> A mailing list or anti-virus scanner *should* be able to add a footer or >> add a mailing list identifier to the subject line, as long as those >> changes can be marked as later additions that the original sender is not >> accountable for. An email program should make it clear to the recipient >> which parts are not accountable to the original sender. >> >> I am not proposing a new standard, simply pointing out that breaking an >> established protocol (by removing the [Dovecot] subject identifier) >> because of a flawed anti-spam system is not in people's best interest. >> >> Can a spammer spoof messages from the list? Sure. Has it happened? >> Not that I am aware of. Is it a problem? Not so far. >> >> So why, then, make people go through all this trouble of setting up new >> filters and rules, mail routing, software upgrades, etc, just to appease >> a standard that is clearly broken? >> >> Dem > > -- > [*] sys4 AG > > https://sys4.de, +49 (89) 30 90 46 64 > Franziskanerstra?e 15, 81669 M?nchen > > Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein > > From nick.z.edwards at gmail.com Wed Jun 11 05:33:31 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Wed, 11 Jun 2014 15:33:31 +1000 Subject: Subject tag [Dovecot] is gone In-Reply-To: References: <53971B83.4070109@ace-electronics.be> Message-ID: "has the words" listid:dovecot.dovecot.org (exactly as written) seems to work well for long time On 6/11/14, Chris Young wrote: > Gmail doesn't let me filter on message headers so I've updated my filter as > follows > > Before, my filter was > SUBJECT:([Dovecot]) > > But now my filter is > HAS THE WORDS:(dovecot.dovecot.org OR dovecot at dovecot.org) > > > On Tue, Jun 10, 2014 at 10:51 AM, Koenraad Lelong < > dovecot at ace-electronics.be> wrote: > >> op 09-06-14 22:27, Timo Sirainen schreef: >> >> I've actually been thinking about it almost since the beginning. It's >>> just been annoying waste of space on my screen. And more importantly >>> nowadays it's also breaking DKIM/DMARC signatures. So if somebody still >>> uses Subject-based filtering it's about time to switch to List-ID header >>> based filtering now. >>> >>> Another thing I'm wondering about is if I should allow text/html parts, >>> because removing them will also break the DKIM signatures. Or mainly I'd >>> like to allow only multipart/alternative with text/plain + text/html, but >>> I >>> don't think I can configure Mailman to support that. >>> >>> Hi, >> >> Just wanted to ask what happened to "[Dovecot]" when I saw this mail. >> Could you tell me how to find the List_ID ? I looked at the raw mail, but >> I >> didn't find it : >> >> some removed stuff and anonymized... >> Received: from wursti.dovecot.fi (wursti.dovecot.fi [87.106.245.223]) >> by mailbox.ace-electronics.be (Postfix) with SMTP id 808B2A0427 >> for ace-electronics.be>; Mon, 9 Jun 2014 22:28:22 >> +0200 (CEST) >> Received: from wursti.dovecot.fi (localhost.localdomain [127.0.0.1]) >> by wursti.dovecot.fi (Postfix) with ESMTP id 16BC421F32; >> Mon, 9 Jun 2014 22:27:56 +0200 (CEST) >> Received: from talvi.dovecot.org (unknown [137.117.229.219]) >> by wursti.dovecot.fi (Postfix) with ESMTP; >> Mon, 9 Jun 2014 22:27:52 +0200 (CEST) >> Received: from [100.90.112.97] (localhost [127.0.0.1]) >> by talvi.dovecot.org (Postfix) with ESMTP id 0165E235C1; >> Mon, 9 Jun 2014 20:28:43 +0000 (UTC) >> Received: by talvi.dovecot.org (Postfix, from userid 506) >> id B242523584; Mon, 9 Jun 2014 20:28:39 +0000 (UTC) >> Received: from wursti.dovecot.fi (unknown [87.106.245.223]) >> by talvi.dovecot.org (Postfix) with ESMTP id 51A3023584 >> for ; Mon, 9 Jun 2014 20:28:39 +0000 (UTC) >> Received: from [192.168.10.103] (cs181255018.pp.htv.fi [82.181.255.18]) >> by wursti.dovecot.fi (Postfix) with ESMTPSA id 6ABD221D30 >> for ; Mon, 9 Jun 2014 22:27:43 +0200 (CEST) >> From: Timo Sirainen iki.fi> >> Content-Type: text/plain; charset=us-ascii >> Content-Transfer-Encoding: quoted-printable >> Subject: Subject tag [Dovecot] is gone >> Message-Id: >> Date: Mon, 9 Jun 2014 23:27:41 +0300 >> To: Dovecot Mailing List >> Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) >> X-Mailer: Apple Mail (2.1878.2) >> Precedence: list >> Reply-To: Dovecot Mailing List >> X-WatchGuard-Spam-ID: str=0001.0A0B0202.539618E6.008E,ss=1,re=0.000,fgs=0 >> X-WatchGuard-Spam-Score: 0, clean; 0, no virus >> X-WatchGuard-Mail-Client-IP: 87.106.245.223 >> X-WatchGuard-Mail-From: dovecot-bounces at dovecot.org >> X-Virus-Scanned: Maia Mailguard 1.0.3 >> >> I've actually been thinking about it almost since the beginning. It's = >> just been annoying waste of space on my screen. And more importantly = >> nowadays it's also breaking DKIM/DMARC signatures. So if somebody still = >> uses Subject-based filtering it's about time to switch to List-ID header >> = >> based filtering now. >> >> Another thing I'm wondering about is if I should allow text/html parts, = >> because removing them will also break the DKIM signatures. Or mainly I'd >> = >> like to allow only multipart/alternative with text/plain + text/html, = >> >> but I don't think I can configure Mailman to support that. >> > From giuseppe.chiesa at satprofbv.com Wed Jun 11 06:47:36 2014 From: giuseppe.chiesa at satprofbv.com (Giuseppe Chiesa) Date: Wed, 11 Jun 2014 08:47:36 +0200 Subject: [Dovecot] Can't get authentication for masterusers on Mac OS X Server 10.6.8 In-Reply-To: <1C9C8634-C43A-4D12-8CF6-AD46E6882A1A@ecgs.lu> References: <1C9C8634-C43A-4D12-8CF6-AD46E6882A1A@ecgs.lu> Message-ID: <5397FB88.5010906@satprofbv.com> Hi I'm esperiencing the same issue during the import from OSX Server to Zimbra. Did you succeded in your migration? can you share some suggestion about that? Thanks in advance for your help. -- Best regards, Giuseppe Chiesa From mailinglist at schaal-24.de Wed Jun 11 07:56:46 2014 From: mailinglist at schaal-24.de (Florian Schaal) Date: Wed, 11 Jun 2014 09:56:46 +0200 Subject: replication with plugin =?UTF-8?B?d29uwrR0IHdvcms=?= Message-ID: <53980BBE.90108@schaal-24.de> Hi all, i try to setup a master-master replication with dovecot / dsync. I?m using virtual-users. When I call doveadm sync -A remote:vmail at server2 new mails are copied to the second server, but new messages from server 2 not on Server 1. To fix this i run doveadm sync -A remote:vmail at server on the 2nd server But I want that it works with dovecot / dsync (see my config at the end - identical on bot servers, only mail_replica is different). I added some services regarding http://wiki2.dovecot.org/Replication If i send a local mail on one server it will not be replicated to the other server until i run doveadm sync. Maybe i just missed some steps in my setup? doveadm user '*' displays the right users on both servers. === docecot.conf === # 2.2.13 (7b25994a8cb7): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-042stab076.8 x86_64 Debian 7.5 auth_mechanisms = plain login ntlm disable_plaintext_auth = no dsync_remote_cmd = ssh -p 4711 -l%{login} %{host} doveadm dsync -u%u listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_debug = yes mail_plugins = " notify replication" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { mail_replica = remote:vmail at server2 quota = dict:user::file:/var/vmail/%d/%n/.quotausage replication_full_sync_interval = 1 hours sieve = /var/vmail/%d/%n/.sieve } protocols = imap pop3 service aggregator { fifo_listener replication-notify-fifo { mode = 0666 user = vmail } unix_listener replication-notify { mode = 0666 user = vmail } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service config { unix_listener config { user = vmail } } service doveadm { user = vmail } service imap-login { client_limit = 1000 process_limit = 500 } service replicator { process_min_avail = 1 } ssl_cert = References: Message-ID: <99354F33-804A-474F-8FC8-2EE4AB38FBD6@dovecot.fi> On 10 Jun 2014, at 20:31, Bruno Galindro da Costa wrote: > Guys, > > I need to parse my dovecot log files with logstash grok patterns. Is > there any document specifying the patterns used by dovecot to write it's > logs? > > I need to find all the log possibilities that could be writed to log > files by dovecot. So, if a document like that exists or if anyone could > answer my question, I'll could make the parser with less difficult. kv filter in logstash is very useful with dovecot, below is short snippet that will extract key=value pairs specified in ?include_keys? from log line. Additionally you might want to set mail_log_prefix to be something like ?service=%s, user=%s, ? to make it easier to parse. filter { if [syslog_program] == "dovecot" { kv { source => "syslog_message" trim => "," include_keys => [ "box", "from", "in", "lip", "method", "mpid", "msgid", "out", "rip", "session", "size", "user" ] } } } From h.reindl at thelounge.net Wed Jun 11 08:20:13 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 11 Jun 2014 10:20:13 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: References: <53971B83.4070109@ace-electronics.be> <53972048.8060204@thelounge.net> <539722DF.9090905@ace-electronics.be> Message-ID: <5398113D.9070607@thelounge.net> Am 11.06.2014 07:28, schrieb Nick Edwards: > Nothing. Reindel has always been an abusive troll if somebody wants to feel absued he will find always a reason - calling software stripping headers out of mails is not a good one to feel so so shut up until you can't distinguish between firt name and last name, write the last name even wrong and especially in case i abused nobody > On 6/11/14, Koenraad Lelong wrote: >> op 10-06-14 17:12, Reindl Harald schreef: >>> >>> than you have crap software somewhere on your side >> >> What did I do to get such reply ? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From sottilette at rfx.it Wed Jun 11 08:42:32 2014 From: sottilette at rfx.it (Paolo) Date: Wed, 11 Jun 2014 10:42:32 +0200 (CEST) Subject: Subject tag [Dovecot] is gone In-Reply-To: <53975D23.5040902@dementianati.com> References: <53963634.5060308@dementianati.com> <53975D23.5040902@dementianati.com> Message-ID: In this list we have Timo and many other people very skilled in dovecot and mail related stuff. I read the considerations and I suppose they are right, but ... Also there are people like me that are lower profile sysadmins. Filtering mail isn't a problem, but, in my opinion, having the tag [Dovecot] in the subject is the better solution for "visual" filtering. I receive 2-300 mail / day in the inbox. Often I don't read a dovecot or postfix thread if the subject doesn't interest me, but sometime the tag [Dovecot], increase the appeal of others keyword ... Pheraps, mail filtered in folders are rarely read in real time. Usually I look at it in my spare time (very reduced), or when I search for a specific argoment. A couple of friends agree with me, so I am not the only ... ;-) This is only our opinion as "low profile sysadmin", Anyway, thanks to Timo and others for the great product and the support. Regards, Paolo From raabe at froglogic.com Wed Jun 11 08:51:27 2014 From: raabe at froglogic.com (Frerich Raabe) Date: Wed, 11 Jun 2014 10:51:27 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <539722DF.9090905@ace-electronics.be> References: " " <53971B83.4070109@ace-electronics.be> <53972048.8060204@thelounge.net> <539722DF.9090905@ace-electronics.be> Message-ID: On 2014-06-10 17:23, Koenraad Lelong wrote: > op 10-06-14 17:12, Reindl Harald schreef: >> than you have crap software somewhere on your side > > What did I do to get such reply ? Don't bother paying too much attention, Harald has been quite the primadonna ever since I joined this list. Pretty sure he's one of those fellows who are doing the 'grumpy curmudgeon' on the Internet but then turn out to be rather quiet/shy guys in real life. ;-) - Frerich From heupink at merit.unu.edu Wed Jun 11 08:56:07 2014 From: heupink at merit.unu.edu (mourik jan heupink - merit) Date: Wed, 11 Jun 2014 10:56:07 +0200 Subject: ot: accepting self certs into win pc? In-Reply-To: <53965AFF.9050806@fjl.co.uk> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> Message-ID: <539819A7.4040305@merit.unu.edu> Hi Frank, list, On 6/10/2014 3:10, Frank Leonhardt wrote: > I get endless grief over this, but if you think Microsoft is bad, try > Apple. I wrote some notes on it once: > > http://blog.frankleonhardt.com/2012/certificate-errors-on-internet-explorer-9-and-how-to-stop-them/ > > > > I didn't mention it in the post, but IIRC this did work for making > some versions Outlook (and other Microsoft Mail things) happy at the > same time. But do the above steps work for folks here..? I've tried them (IE 11, win7, outlook 2013) but outlook keeps asking about (self signed) imaps certificates. Is it just me who cannot import self-signed certificates into microsoft products anymore? MJ From heupink at merit.unu.edu Wed Jun 11 09:00:47 2014 From: heupink at merit.unu.edu (mourik jan heupink - merit) Date: Wed, 11 Jun 2014 11:00:47 +0200 Subject: ot: accepting self certs into win pc? In-Reply-To: <539819A7.4040305@merit.unu.edu> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> <539819A7.4040305@merit.unu.edu> Message-ID: <53981ABF.6040001@merit.unu.edu> Apologies. I noticed only now that the certificate was issued for the real servername, and I'm using a dns alias to connect. Sorry. On 6/11/2014 10:56, mourik jan heupink - merit wrote: > Hi Frank, list, > > On 6/10/2014 3:10, Frank Leonhardt wrote: >> I get endless grief over this, but if you think Microsoft is bad, try >> Apple. I wrote some notes on it once: >> >> http://blog.frankleonhardt.com/2012/certificate-errors-on-internet-explorer-9-and-how-to-stop-them/ >> >> >> >> >> I didn't mention it in the post, but IIRC this did work for making >> some versions Outlook (and other Microsoft Mail things) happy at the >> same time. > > But do the above steps work for folks here..? I've tried them (IE 11, > win7, outlook 2013) but outlook keeps asking about (self signed) imaps > certificates. > > Is it just me who cannot import self-signed certificates into microsoft > products anymore? > > MJ From h.reindl at thelounge.net Wed Jun 11 09:01:46 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 11 Jun 2014 11:01:46 +0200 Subject: ot: accepting self certs into win pc? In-Reply-To: <539819A7.4040305@merit.unu.edu> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> <539819A7.4040305@merit.unu.edu> Message-ID: <53981AFA.9070402@thelounge.net> Am 11.06.2014 10:56, schrieb mourik jan heupink - merit: > On 6/10/2014 3:10, Frank Leonhardt wrote: >> I get endless grief over this, but if you think Microsoft is bad, try >> Apple. I wrote some notes on it once: >> >> http://blog.frankleonhardt.com/2012/certificate-errors-on-internet-explorer-9-and-how-to-stop-them/ >> >> I didn't mention it in the post, but IIRC this did work for making >> some versions Outlook (and other Microsoft Mail things) happy at the >> same time. > > But do the above steps work for folks here..? I've tried them (IE 11, > win7, outlook 2013) but outlook keeps asking about (self signed) imaps > certificates. > > Is it just me who cannot import self-signed certificates into microsoft > products anymore? seriously you need to setup a webserver using the same certificate and point MSIE to that server, you can import then the certificate and Outlook is using the same trust-store -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From t200907 at fjl.co.uk Wed Jun 11 09:14:20 2014 From: t200907 at fjl.co.uk (Frank Leonhardt) Date: Wed, 11 Jun 2014 10:14:20 +0100 Subject: ot: accepting self certs into win pc? In-Reply-To: <53981ABF.6040001@merit.unu.edu> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> <539819A7.4040305@merit.unu.edu> <53981ABF.6040001@merit.unu.edu> Message-ID: <53981DEC.4000707@fjl.co.uk> On 11/06/2014 10:00, mourik jan heupink - merit wrote: > Apologies. I noticed only now that the certificate was issued for the > real servername, and I'm using a dns alias to connect. > > Sorry. > > On 6/11/2014 10:56, mourik jan heupink - merit wrote: >> Hi Frank, list, >> >> On 6/10/2014 3:10, Frank Leonhardt wrote: >>> I get endless grief over this, but if you think Microsoft is bad, try >>> Apple. I wrote some notes on it once: >>> >>> http://blog.frankleonhardt.com/2012/certificate-errors-on-internet-explorer-9-and-how-to-stop-them/ >>> >>> >>> >>> >>> >>> I didn't mention it in the post, but IIRC this did work for making >>> some versions Outlook (and other Microsoft Mail things) happy at the >>> same time. >> >> But do the above steps work for folks here..? I've tried them (IE 11, >> win7, outlook 2013) but outlook keeps asking about (self signed) imaps >> certificates. >> >> Is it just me who cannot import self-signed certificates into microsoft >> products anymore? >> >> MJ There is an option to fiddle (mentioned in the blog) to tell SOME MS software to ignore name mismatches. Make a wish and try it :-) From t200907 at fjl.co.uk Wed Jun 11 09:14:35 2014 From: t200907 at fjl.co.uk (Frank Leonhardt) Date: Wed, 11 Jun 2014 10:14:35 +0100 Subject: ot: accepting self certs into win pc? In-Reply-To: <539819A7.4040305@merit.unu.edu> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> <539819A7.4040305@merit.unu.edu> Message-ID: <53981DFB.2060006@fjl.co.uk> On 11/06/2014 09:56, mourik jan heupink - merit wrote: > Hi Frank, list, > > On 6/10/2014 3:10, Frank Leonhardt wrote: >> I get endless grief over this, but if you think Microsoft is bad, try >> Apple. I wrote some notes on it once: >> >> http://blog.frankleonhardt.com/2012/certificate-errors-on-internet-explorer-9-and-how-to-stop-them/ >> >> >> >> >> I didn't mention it in the post, but IIRC this did work for making >> some versions Outlook (and other Microsoft Mail things) happy at the >> same time. > > But do the above steps work for folks here..? I've tried them (IE 11, > win7, outlook 2013) but outlook keeps asking about (self signed) imaps > certificates. > > Is it just me who cannot import self-signed certificates into microsoft > products anymore? > > MJ I did say it was a PITA and I did say it was using IE9! It's only a place to start. Another method that *has* worked is to download the certificate as a file ending in .cer. Open in and it'll give you the option to install it. As the blog says, I always install certificates in the place where they can be used for absolutely everything! You can convert a .pem to .cer, which is actually PKCS#12/PFX, using something like: openssl pkcs12 -inkey my_key.pem -in my_cert.cert -export -out my_pfx.cer I'm not guaranteeing this, and I could even be talking complete rubbish. I know enough about this stuff to know that I don't understand it fully, but I do know what's worked by pure dumb luck in the past! Regards, Frank. From professa at dementianati.com Wed Jun 11 09:15:46 2014 From: professa at dementianati.com (Professa Dementia) Date: Wed, 11 Jun 2014 02:15:46 -0700 Subject: Subject tag [Dovecot] is gone In-Reply-To: References: " " <53971B83.4070109@ace-electronics.be> <53972048.8060204@thelounge.net> <539722DF.9090905@ace-electronics.be> Message-ID: <53981E42.5020407@dementianati.com> On 6/11/2014 1:51 AM, Frerich Raabe wrote: > On 2014-06-10 17:23, Koenraad Lelong wrote: >> op 10-06-14 17:12, Reindl Harald schreef: >>> than you have crap software somewhere on your side >> >> What did I do to get such reply ? > > Don't bother paying too much attention, Harald has been quite the > primadonna ever since I joined this list. Pretty sure he's one of those > fellows who are doing the 'grumpy curmudgeon' on the Internet but then > turn out to be rather quiet/shy guys in real life. ;-) If he bothers you, a suggestion to make your life simpler. Set up a filter to simply delete any messages from him before they get to your inbox. Notice that most regulars, myself included, never reply to him. That is because we do not even see his messages except in someone else's reply to him. It really improves the quality, value and enjoyment of the list. Life is too short to put up with someone who is abrasive, obnoxious and rarely contributes anything helpful. Dem From h.reindl at thelounge.net Wed Jun 11 09:20:47 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 11 Jun 2014 11:20:47 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <53981E42.5020407@dementianati.com> References: <53971B83.4070109@ace-electronics.be> <53972048.8060204@thelounge.net> <539722DF.9090905@ace-electronics.be> <53981E42.5020407@dementianati.com> Message-ID: <53981F6F.7060000@thelounge.net> Am 11.06.2014 11:15, schrieb Professa Dementia: > On 6/11/2014 1:51 AM, Frerich Raabe wrote: >> On 2014-06-10 17:23, Koenraad Lelong wrote: >>> op 10-06-14 17:12, Reindl Harald schreef: >>>> than you have crap software somewhere on your side >>> >>> What did I do to get such reply ? >> >> Don't bother paying too much attention, Harald has been quite the >> primadonna ever since I joined this list. Pretty sure he's one of those >> fellows who are doing the 'grumpy curmudgeon' on the Internet but then >> turn out to be rather quiet/shy guys in real life. ;-) > > If he bothers you, a suggestion to make your life simpler. Set up a > filter to simply delete any messages from him before they get to your inbox. > > Notice that most regulars, myself included, never reply to him. That is > because we do not even see his messages except in someone else's reply > to him. and that is why people like you should simply *shut up* instead react on a *one line quote* stripped all helpful informations including the complete context so you see *one line* of a long reply because you filter out anything else: so *shut up at all* -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From dovecot at ace-electronics.be Wed Jun 11 09:30:01 2014 From: dovecot at ace-electronics.be (Koenraad Lelong) Date: Wed, 11 Jun 2014 11:30:01 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <53972649.6020801@ace-electronics.be> References: <53971B83.4070109@ace-electronics.be> <1402413339.28639.8.camel@thorin> <53972649.6020801@ace-electronics.be> Message-ID: <53982199.4070404@ace-electronics.be> op 10-06-14 17:37, Koenraad Lelong schreef: > I looked at some messages on the server. Not trace of those List-lines. > I think I will get in touch with Watchguard to see if they remove those > lines. I subscribed to dovecot with a home-account. There I do have those RFC2919 lines. I also just "whitelisted" the dovecot-list on my Watchguard. I'll see if that changes anything. But I also filed a "bug-report" with Watchguard concerning this. You would think such a company should know better. Koenraad. From heupink at merit.unu.edu Wed Jun 11 09:52:21 2014 From: heupink at merit.unu.edu (mourik jan heupink - merit) Date: Wed, 11 Jun 2014 11:52:21 +0200 Subject: ot: accepting self certs into win pc? In-Reply-To: <53981DEC.4000707@fjl.co.uk> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> <539819A7.4040305@merit.unu.edu> <53981ABF.6040001@merit.unu.edu> <53981DEC.4000707@fjl.co.uk> Message-ID: <539826D5.5060200@merit.unu.edu> Hi Frank, list, > There is an option to fiddle (mentioned in the blog) to tell SOME MS > software to ignore name mismatches. Make a wish and try it :-) True, but: > Unfortunately it?s either on or off; you can?t set it to ignore a > mis-match for particular names only. Because of the risk that someone > might be impersonating your bank, you?d probably be best to leave > this one checked and put up with the red warnings. So I think I'll just regenerate my certificate to match the hostname alias we use, instead of the actual hostname. Anyway: your blog is appreciated, thank you! :-) From h.reindl at thelounge.net Wed Jun 11 10:03:24 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 11 Jun 2014 12:03:24 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <53982199.4070404@ace-electronics.be> References: <53971B83.4070109@ace-electronics.be> <1402413339.28639.8.camel@thorin> <53972649.6020801@ace-electronics.be> <53982199.4070404@ace-electronics.be> Message-ID: <5398296C.1050602@thelounge.net> Am 11.06.2014 11:30, schrieb Koenraad Lelong: > op 10-06-14 17:37, Koenraad Lelong schreef: > >> I looked at some messages on the server. Not trace of those List-lines. >> I think I will get in touch with Watchguard to see if they remove those >> lines. > > I subscribed to dovecot with a home-account. There I do have those RFC2919 lines. > I also just "whitelisted" the dovecot-list on my Watchguard. I'll see if that changes anything. > But I also filed a "bug-report" with Watchguard concerning this. You would think such a company should know better. not uncommon, i saw anti-virus software mangle http traffic by spit random bytes before the http headers leading to ask the browser where to save the php-file Cisco routers by default mangle DNS traffic, break zone transfers or even put befor all CNAME blocks a $TTL 0 line never appeared on the master until you disable DNS ALG for UDP and TCP the bigger the company the more breakage and that is why i said "you have crap on your side" what for whatever reason you took as a personal attack leaded to lure all the trolls out of their holes and react to a out-of-context quote -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From Jost.Krieger+dovecot at rub.de Wed Jun 11 10:21:04 2014 From: Jost.Krieger+dovecot at rub.de (Jost Krieger) Date: Wed, 11 Jun 2014 12:21:04 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <5398296C.1050602@thelounge.net> References: <53971B83.4070109@ace-electronics.be> <1402413339.28639.8.camel@thorin> <53972649.6020801@ace-electronics.be> <53982199.4070404@ace-electronics.be> <5398296C.1050602@thelounge.net> Message-ID: <20140611102103.GX514@ruhr-uni-bochum.de> On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: > Cisco routers by default mangle DNS traffic, break zone transfers > or even put befor all CNAME blocks a $TTL 0 line never appeared > on the master until you disable DNS ALG for UDP and TCP I believe that Cisco equipment will do such things, but I doubt it's the routers. Unless you plug a firewall card in. > the bigger the company the more breakage A bit back on-topic here: My impression is that Outlook 2013 will move mails from one (Dovecot) folder to the other by downloading the mail, messing up the headers and uploading again. This will break the antispam plugin, of course. Can anyone confirm? Yours Jost Krieger -- | Jost.Krieger+sig at ruhr-uni-bochum.de Please help stamp out spam! | | Postmaster, JAPH, resident answer machine at RUB Comp. Center | | Sincere words are not sweet, sweet words are not sincere. | | Lao Tse, Tao Te King 81 | From h.reindl at thelounge.net Wed Jun 11 10:46:07 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 11 Jun 2014 12:46:07 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <20140611102103.GX514@ruhr-uni-bochum.de> References: <53971B83.4070109@ace-electronics.be> <1402413339.28639.8.camel@thorin> <53972649.6020801@ace-electronics.be> <53982199.4070404@ace-electronics.be> <5398296C.1050602@thelounge.net> <20140611102103.GX514@ruhr-uni-bochum.de> Message-ID: <5398336F.5030102@thelounge.net> Am 11.06.2014 12:21, schrieb Jost Krieger: > On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: > >> Cisco routers by default mangle DNS traffic, break zone transfers >> or even put befor all CNAME blocks a $TTL 0 line never appeared >> on the master until you disable DNS ALG for UDP and TCP > > I believe that Cisco equipment will do such things, but I doubt it's the > routers. Unless you plug a firewall card in off-topic but as response "i thought they know better" any bigger Cisco router i saw the last 8 years and even some smaller ones without rack-mount did this as default if NAT is enabled until you force the two commands below the reason likely is that if you have a public DNS server you are asking from the LAN responding with a public address the Cisco translates the repsonse to the NAT-mapping instead just allow the public IP from the LAN, but that's no valid reason to mangle outgoing DNS traffic additionally that may become "funny" if in the future DNSSEC is used "no ip nat service alg udp dns" "no ip nat service alg tcp dns" _______________________________________ the UDP ALG leads to silently supress answers of PTR's with public IP's to the WAN, larger UDP responses (EDNS) times out as well as zone-transfers the TCP ALG leads to a AFXR zone transfer looks like below while the master has only one TTL line with 86400 on top of the zone file, in that case only CNAMES are mangelded and after type the commands above all is fine rhsoft.net. 86400 IN A 91.118.73.4 **.rhsoft.net. 0 IN CNAME **.rhsoft.net. **.rhsoft.net. 0 IN CNAME **.rhsoft.net. ................................ testserver.rhsoft.net. 86400 IN A 84.113.92.77 **.rhsoft.net. 0 IN CNAME **.rhsoft.net. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From spyros.tsiolis at hotmail.com Wed Jun 11 10:52:38 2014 From: spyros.tsiolis at hotmail.com (Spyros Tsiolis) Date: Wed, 11 Jun 2014 10:52:38 +0000 Subject: Subject tag [Dovecot] is gone In-Reply-To: <5398296C.1050602@thelounge.net> References: <53971B83.4070109@ace-electronics.be> <1402413339.28639.8.camel@thorin>, <53972649.6020801@ace-electronics.be>, <53982199.4070404@ace-electronics.be>, <5398296C.1050602@thelounge.net> Message-ID: Guys, I think you were a bit harsh on Reindl. It is my opinion that he is a productive member of this list and his views are valuable. He just uses a bit stronger language. Something that I do sometimes. I don't think he wanted to be rude with someone. Just my opinion, s. ---------------------------------------- > Date: Wed, 11 Jun 2014 12:03:24 +0200 > From: h.reindl at thelounge.net > To: dovecot at dovecot.org > Subject: Re: Subject tag [Dovecot] is gone > > > Am 11.06.2014 11:30, schrieb Koenraad Lelong: >> op 10-06-14 17:37, Koenraad Lelong schreef: >> >>> I looked at some messages on the server. Not trace of those List-lines. >>> I think I will get in touch with Watchguard to see if they remove those >>> lines. >> >> I subscribed to dovecot with a home-account. There I do have those RFC2919 lines. >> I also just "whitelisted" the dovecot-list on my Watchguard. I'll see if that changes anything. >> But I also filed a "bug-report" with Watchguard concerning this. You would think such a company should know better. > > not uncommon, i saw anti-virus software mangle http traffic > by spit random bytes before the http headers leading to ask > the browser where to save the php-file > > Cisco routers by default mangle DNS traffic, break zone transfers > or even put befor all CNAME blocks a $TTL 0 line never appeared > on the master until you disable DNS ALG for UDP and TCP > > the bigger the company the more breakage > > and that is why i said "you have crap on your side" what for whatever > reason you took as a personal attack leaded to lure all the trolls > out of their holes and react to a out-of-context quote > From igord at bra.in.rs Wed Jun 11 12:01:42 2014 From: igord at bra.in.rs (igord) Date: Wed, 11 Jun 2014 05:01:42 -0700 (PDT) Subject: Change index location problem Message-ID: <1402488102893-48468.post@n4.nabble.com> Hi All, I was unable to change location of Dovecot indexes. Currently they are under /var/vmail/%d/%u, but I want to change them to /media/ephemeral0/%u I've changed conf line in /etc/dovecot/dovecot.conf: mail_location = maildir:/var/vmail/%d/%u:INDEX=/media/ephemeral0/%u and setup permissions of /media/ephemeral0 to dovecot:dovecot, tried also vmail:mail (which is default user for e-mails) and also tried with 777 on all dirs, but Dovecot is keeping creating indexes on the old location. I tried moving them from old to new location, but Dovecot recreates them on the old location. Details: # dovecot --version 2.0.9 # doveconf -a | grep location mail_location = maildir:/var/vmail/%d/%u:INDEX=/media/ephemeral0/%u Has anyone experienced something similar, any solution for this? Thanks in advance! -- View this message in context: http://dovecot.2317879.n4.nabble.com/Change-index-location-problem-tp48468.html Sent from the Dovecot mailing list archive at Nabble.com. From skdovecot at smail.inf.fh-brs.de Wed Jun 11 12:26:07 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 11 Jun 2014 14:26:07 +0200 (CEST) Subject: Change index location problem In-Reply-To: <1402488102893-48468.post@n4.nabble.com> References: <1402488102893-48468.post@n4.nabble.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 11 Jun 2014, igord wrote: > mail_location = maildir:/var/vmail/%d/%u:INDEX=/media/ephemeral0/%u > > and setup permissions of /media/ephemeral0 to dovecot:dovecot, tried also > vmail:mail (which is default user for e-mails) and also tried with 777 on > all dirs, but Dovecot is keeping creating indexes on the old location. I > tried moving them from old to new location, but Dovecot recreates them on > the old location. + Did you've restarted Dovecot after changing the conf file? + What's in the logs? Maybe you need to enable mail_debug. + What's the permission of /media? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5hK33z1H7kL/d9rAQLM0ggAhADvHkovUm1NjGxxG6EKrxz3irwHQFw+ ZQJ8XK16i7IiUwYxMOfNwb+b++VpPgwdZCREVskQs3fJemqW7WbpY9KAHmQt4eQr fVQSQVg2M3BhFVkmaVp6sUqUmrGrGIfkLyVR2ciFdFlCqxJIbahH7bM0WlNafY/S y/U/Rfha8brUN/JSwHaYUv4lbxyf1Mxgee/Yx4ANpv7+g5yt5Yk3C3gO8nn9XNhF ae3ozsJ4BJTlk+Tb7u8LpTL78VCbVpEShrQXaQ7Ww0gULWlVer1yq5l7RbjqA3my jcTmVFP4Q/JY7d9IWW9JlntN7+ONfeU7Nd1GpKhTPsDBksyTuMVLdQ== =P1Zq -----END PGP SIGNATURE----- From gheskett at wdtv.com Wed Jun 11 12:40:48 2014 From: gheskett at wdtv.com (Gene Heskett) Date: Wed, 11 Jun 2014 08:40:48 -0400 Subject: Subject tag [Dovecot] is gone In-Reply-To: <53981F6F.7060000@thelounge.net> References: <53971B83.4070109@ace-electronics.be> <53981E42.5020407@dementianati.com> <53981F6F.7060000@thelounge.net> Message-ID: <201406110840.48867.gheskett@wdtv.com> On Wednesday 11 June 2014 05:20:47 Reindl Harald did opine And Gene did reply: > Am 11.06.2014 11:15, schrieb Professa Dementia: > > On 6/11/2014 1:51 AM, Frerich Raabe wrote: > >> On 2014-06-10 17:23, Koenraad Lelong wrote: > >>> op 10-06-14 17:12, Reindl Harald schreef: > >>>> than you have crap software somewhere on your side > >>> > >>> What did I do to get such reply ? > >> > >> Don't bother paying too much attention, Harald has been quite the > >> primadonna ever since I joined this list. Pretty sure he's one of > >> those fellows who are doing the 'grumpy curmudgeon' on the Internet > >> but then turn out to be rather quiet/shy guys in real life. ;-) > > > > If he bothers you, a suggestion to make your life simpler. Set up a > > filter to simply delete any messages from him before they get to your > > inbox. > > > > Notice that most regulars, myself included, never reply to him. That > > is because we do not even see his messages except in someone else's > > reply to him. > > and that is why people like you should simply *shut up* instead > react on a *one line quote* stripped all helpful informations > including the complete context > > so you see *one line* of a long reply because you filter out > anything else: so *shut up at all* If this is the best you can do in terms of a helpful reply, I'll never see your msgs again. PLONK Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS From Jost.Krieger+dovecot at rub.de Wed Jun 11 12:50:56 2014 From: Jost.Krieger+dovecot at rub.de (Jost Krieger) Date: Wed, 11 Jun 2014 14:50:56 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <53975D23.5040902@dementianati.com> References: <53963634.5060308@dementianati.com> <53975D23.5040902@dementianati.com> Message-ID: <20140611125056.GB514@ruhr-uni-bochum.de> On Tue Jun 10 12:31:47 2014, Professa Dementia wrote: > > On 6/9/2014 7:26 PM, Timo Sirainen wrote: > > I am not proposing a new standard, simply pointing out that breaking an > established protocol (by removing the [Dovecot] subject identifier) > because of a flawed anti-spam system is not in people's best interest. > > Can a spammer spoof messages from the list? Sure. Has it happened? > Not that I am aware of. Is it a problem? Not so far. > > So why, then, make people go through all this trouble of setting up new > filters and rules, mail routing, software upgrades, etc, just to appease > a standard that is clearly broken? It's not DMARC that is broken, it is its application by AOL and Yahoo. (And it's not a standard yet, AFAIK.) It notes that the part "p=reject" should not be used in an environment where *people* send mail. DMARC works fine for paypal, amazon, etc.. As Yahoo and AOL have wilfully ignored this, my consequence is to ban addresses from domains that have "p=reject" from posting to our mailing lists. Yours Jost Krieger -- | Jost.Krieger+sig at ruhr-uni-bochum.de Please help stamp out spam! | | Postmaster, JAPH, resident answer machine at RUB Comp. Center | | Sincere words are not sweet, sweet words are not sincere. | | Lao Tse, Tao Te King 81 | From iavor at icdsoft.com Wed Jun 11 12:52:14 2014 From: iavor at icdsoft.com (Iavor Stoev) Date: Wed, 11 Jun 2014 15:52:14 +0300 Subject: ACL configuration migration from Dovecot 2.1.17 to 2.2.13 Message-ID: <539850FE.4050501@icdsoft.com> Hello, I'm preparing migration to the latest Dovecot version 2.2.13 from the previous stable branch 2.1.17 which is deployed on my servers. With version 2.1.17 I use global acl dir to prevent all mail users to delete their INBOX.Junk Mail folder, which is part from our spam protection system. My current config is: cat /etc/dovecot/acls/INBOX.Junk\ Mail owner lrwstiae With version 2.2.13, the global acl dir support is disabled (with the above config, the imap server shows no folders at all) so I must use global acl file. The problem is that the "INBOX.Junk Mail" folder contains space character and I tried to escape it with "",'',/ and enclose the whole name with "" & '' without success. If I change the acl config to INBOX.Mail it works OK. The syntax of my global acl file is: cat /etc/dovecot/acls INBOX.Junk Mail owner lrwstiae The error is: Error: Global ACL file /etc/dovecot/acls line 1: Unknown ID 'Mail' Please advise Iavor Stoev Project Manager // Head of System & Network Administration Department From igord at bra.in.rs Wed Jun 11 12:58:52 2014 From: igord at bra.in.rs (igord) Date: Wed, 11 Jun 2014 05:58:52 -0700 (PDT) Subject: Change index location problem In-Reply-To: References: <1402488102893-48468.post@n4.nabble.com> Message-ID: <1402491532135-48473.post@n4.nabble.com> > Did you've restarted Dovecot after changing the conf file? Yes, few times. > What's in the logs? Maybe you need to enable mail_debug. I've enabled now mail_debug, and looks like Dovecot doesn't see new index location: Jun 11 12:36:16 dovecot: imap(e-mail at domain): Debug: maildir++: root=/var/vmail/domain/user, index=, control=, inbox=/var/vmail/domain/user # dovecot -n | grep location mail_location = maildir:/var/vmail/%d/%u:INDEX=/media/ephemeral0/%u > What's the permission of /media? Currently it's 777 and vmail:mail, which is a user for storing e-mails, but I tried with dovecot:dovecot which Dovecot daemon is running. # ls -la / drwxrwxrwx 3 vmail mail 4096 Apr 8 21:29 media # ls -la /media drwxrwsrwx 2 vmail mail 4096 Jun 11 11:41 ephemeral0 -- View this message in context: http://dovecot.2317879.n4.nabble.com/Change-index-location-problem-tp48468p48473.html Sent from the Dovecot mailing list archive at Nabble.com. From skdovecot at smail.inf.fh-brs.de Wed Jun 11 13:29:07 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 11 Jun 2014 15:29:07 +0200 (CEST) Subject: Change index location problem In-Reply-To: <1402491532135-48473.post@n4.nabble.com> References: <1402488102893-48468.post@n4.nabble.com> <1402491532135-48473.post@n4.nabble.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 11 Jun 2014, igord wrote: >> Did you've restarted Dovecot after changing the conf file? > > Yes, few times. > >> What's in the logs? Maybe you need to enable mail_debug. > > I've enabled now mail_debug, and looks like Dovecot doesn't see new index > location: > > Jun 11 12:36:16 dovecot: imap(e-mail at domain): Debug: maildir++: > root=/var/vmail/domain/user, index=, control=, inbox=/var/vmail/domain/user is this the only log line? Some lines from UserDB? > # dovecot -n | grep location > mail_location = maildir:/var/vmail/%d/%u:INDEX=/media/ephemeral0/%u Did does not mean, that Dovecot is using this setting, though. Please post full doveconf -n output. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5hZpXz1H7kL/d9rAQLcfgf+Pye7OnPfFg1yObiyNibAjoRmUqp3d3/V /6104Ah9jEr3AUng+/FwLa9665BxbLdxOfFCNsV9TQNv8uPOTHbUxOLA7rO+HAMf z4O+j0tP+MScDJh4JWmMRc5qPInqrNzlMMSRZDgtH9jRLxbq/eKs29W4Oqv/kdGd qytEWua8yfI9C2CRLhutK+44OhqfMroetJRjktT/ZakggDzqmy/JqLyFrU41Pp65 uBEzsg6+ZQr4euDlrhBK8tiBYVxmgA4fL7WIY4Gbcbrh2qwMbbg9/66r8sm4TZ9Y Pv3i4Dy0M0F+hyYhpa2uwnILWubzAf6fUXWyOlul2dWVoeJb9Il49w== =4Ddx -----END PGP SIGNATURE----- From igord at bra.in.rs Wed Jun 11 14:41:51 2014 From: igord at bra.in.rs (igord) Date: Wed, 11 Jun 2014 07:41:51 -0700 (PDT) Subject: Change index location problem In-Reply-To: References: <1402488102893-48468.post@n4.nabble.com> <1402491532135-48473.post@n4.nabble.com> Message-ID: <1402497711551-48475.post@n4.nabble.com> You are right, I forgot to mention part which is actually crucial here - users (and their settings) are being queried by userdb settings (from mysql), which will override default dovecot.conf settings (as described here ): ... userdb { args = /etc/dovecot/sql.conf driver = sql } ... And in /etc/dovecot/sql.conf I have: user_query = SELECT concat('/var/vmail/', maildir) as home, concat('maildir:/var/vmail/', maildir) as mail, 101 AS uid, 12 AS gid, concat('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1' So I modified it to: user_query = SELECT concat('/var/vmail/', maildir) as home, concat('maildir:/var/vmail/', maildir, ':INDEX=/media/ephemeral0/%u') as mail, 101 AS uid, 12 AS gid, concat('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1' .. and now it started creating indexes in /media/ephemeral0/%u ! Thank you for assistance -- View this message in context: http://dovecot.2317879.n4.nabble.com/Change-index-location-problem-tp48468p48475.html Sent from the Dovecot mailing list archive at Nabble.com. From listflo at ricam.oeaw.ac.at Wed Jun 11 15:23:29 2014 From: listflo at ricam.oeaw.ac.at (Florian Tischler) Date: Wed, 11 Jun 2014 17:23:29 +0200 Subject: Safe to downgrade 2.2 to 2.1? Message-ID: <1868801.EXFJVfG5z3@vulcan.ricint.oeaw.ac.at> Hi, is it safe to downgrade Dovecot 2.2 to 2.1 (in my case 2.2.13 to 2.1.17 with mdbox format) or will there be troubles with index files and backup/restore is recommended? Unfortunately with 2.2+ it is not to be possible to use acl + lazy_expunge together anymore, so downgrading is the only option for me... @Timo, please fix acl + lazy_expunge in 2.2 if you find some time. Florian -- Florian Tischler System Administrator *Johann Radon Institute for Computational and Applied Mathematics (RICAM) http://www.ricam.oeaw.ac.at/ From eduardo at freedominterface.org Wed Jun 11 16:18:54 2014 From: eduardo at freedominterface.org (Eduardo Ramos) Date: Wed, 11 Jun 2014 13:18:54 -0300 Subject: Maildir index Message-ID: <5398816E.1020705@freedominterface.org> Hi all! I store my maildir mailboxes in a ocfs2 volume. By default, my indexes are stored with the inbox. If I change now to a local disk, could I have trouble? That's my production server. Thanks! From patrickc81 at gmail.com Wed Jun 11 21:15:37 2014 From: patrickc81 at gmail.com (Patrick C) Date: Wed, 11 Jun 2014 17:15:37 -0400 Subject: Converting mailboxes from one Maildir format to another Message-ID: I am currently running dovecot 2.0.9 on a CentOS 6 server with the following layout for mailboxes: mail_location = maildir:~/Maildir I would like to change the layout to this format to match the output of other software packages such as offlineimap, mbsync, etc: mail_location = maildir:~/Maildir:LAYOUT=fs:INBOX=~/Maildir/INBOX Is there a way to convert the mailbox layout for all mail accounts currently on the server? I was looking at dsync, but there aren't any Maildir <--> Maildir examples. I was also looking at potentially writing a script to manually rename directories/move files around to match the new format, but wasn't sure whether that would mess with UIDs or other dovecot internals. pat patrickc81 at gmail.com From patrick at spamreducer.eu Thu Jun 12 08:18:45 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Thu, 12 Jun 2014 10:18:45 +0200 Subject: AW: Converting mailboxes from one Maildir format to another In-Reply-To: References: Message-ID: <00ab01cf8616$eddf2360$c99d6a20$@spamreducer.eu> > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von Patrick > C > Gesendet: Mittwoch, 11. Juni 2014 23:16 > An: dovecot at dovecot.org > Betreff: Converting mailboxes from one Maildir format to another > > I am currently running dovecot 2.0.9 on a CentOS 6 server with the following > layout for mailboxes: > > mail_location = maildir:~/Maildir > > I would like to change the layout to this format to match the output of other > software packages such as offlineimap, mbsync, etc: > > mail_location = maildir:~/Maildir:LAYOUT=fs:INBOX=~/Maildir/INBOX > > Is there a way to convert the mailbox layout for all mail accounts currently on > the server? I was looking at dsync, but there aren't any Maildir <--> Maildir > examples. > Hey yah, try looking at this page: http://wiki2.dovecot.org/Migration/MailFormat It helps a lot! Cheers! > I was also looking at potentially writing a script to manually rename > directories/move files around to match the new format, but wasn't sure > whether that would mess with UIDs or other dovecot internals. > > > > > pat > patrickc81 at gmail.com From busseniu at in.tum.de Thu Jun 12 09:53:26 2014 From: busseniu at in.tum.de (=?ISO-8859-1?Q?Christoph_Bu=DFenius?=) Date: Thu, 12 Jun 2014 11:53:26 +0200 Subject: lazy_expunge mangles dovecot-acl-list Message-ID: <53997896.3000707@in.tum.de> Hi, I think I found a bug in Dovecot 2.1.17 and 2.2.13. In our setup, sometimes ACLs stop working because "dovecot-acl-list" is replaced by an empty file. We found that lazy_expunge is connected to this. To reproduce, create ACLs for "user1" in a folder. Put a mail in that folder and expunge it, so that the folder will be created in the "expunged" namespace. For instance, # cat user1/mail/mailboxes/folder/dbox-Mails/dovecot-acl user=user2 keilrwts # cat user1/mail/dovecot-acl-list 1350914868 folder # doveadm -f flow fetch -u "user1" 'guid' mailbox _EXPUNGED.\* # ls -l user1/mail/dovecot-acl-list -rw------- 1 vmail vmail 0 2014-06-12 11:40 user1/mail/dovecot-acl-list You see that we have used doveadm to list the expunged namespace, which has emptied the "dovecot-acl-list" file. Cheers, Christoph # 2.2.13: /usr/local/dovecot/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-57-server x86_64 Ubuntu 10.04.4 LTS disable_plaintext_auth = no mail_gid = vmail mail_location = mdbox:~/mail mail_plugins = acl mail_uid = vmail namespace { inbox = no list = children location = mdbox:%%h/mail prefix = INBOX.shared.%%u. separator = . subscriptions = no type = shared } namespace default { inbox = yes location = prefix = INBOX. separator = . type = private } namespace expunged { hidden = yes list = no location = mdbox:~/mail:MAILBOXDIR=expunged:SUBSCRIPTIONS=expunged-subscriptions prefix = _EXPUNGED. separator = . subscriptions = yes } passdb { args = scheme=CRYPT username_format=%u /usr/local/dovecot/etc/dovecot/users driver = passwd-file } plugin { acl = vfile acl_shared_dict = file:/mail/shared-mailboxes lazy_expunge = _EXPUNGED. } protocols = imap pop3 service auth { unix_listener auth-userdb { group = vmail mode = 0660 } } ssl_cert = References: <99354F33-804A-474F-8FC8-2EE4AB38FBD6@dovecot.fi> Message-ID: Jarkko, many, many and many thanks! This will save a LOT of work... 2014-06-11 4:52 GMT-03:00 Jarkko Mouruj?rvi : > On 10 Jun 2014, at 20:31, Bruno Galindro da Costa < > bruno.galindro at gmail.com> wrote: > > > Guys, > > > > I need to parse my dovecot log files with logstash grok patterns. Is > > there any document specifying the patterns used by dovecot to write it's > > logs? > > > > I need to find all the log possibilities that could be writed to log > > files by dovecot. So, if a document like that exists or if anyone could > > answer my question, I'll could make the parser with less difficult. > > kv filter in logstash is very useful with dovecot, below is short snippet > that will extract key=value pairs specified in ?include_keys? from log line. > > Additionally you might want to set mail_log_prefix to be something like > ?service=%s, user=%s, ? to make it easier to parse. > > filter { > if [syslog_program] == "dovecot" { > kv { > source => "syslog_message" > trim => "," > include_keys => [ "box", "from", "in", "lip", "method", "mpid", > "msgid", "out", "rip", "session", "size", "user" ] > } > } > } > -- Att. Bruno Galindro da Costa From listflo at ricam.oeaw.ac.at Thu Jun 12 13:06:33 2014 From: listflo at ricam.oeaw.ac.at (Florian Tischler) Date: Thu, 12 Jun 2014 15:06:33 +0200 Subject: lazy_expunge mangles dovecot-acl-list In-Reply-To: <53997896.3000707@in.tum.de> References: <53997896.3000707@in.tum.de> Message-ID: <7466160.JbkWikccVT@vulcan.ricint.oeaw.ac.at> Am Donnerstag, 12. Juni 2014, 11:53:26 schrieb Christoph Bu?enius: > Hi, > > I think I found a bug in Dovecot 2.1.17 and 2.2.13. > > In our setup, sometimes ACLs stop working because "dovecot-acl-list" is > replaced by an empty file. We found that lazy_expunge is connected to > this. > > To reproduce, create ACLs for "user1" in a folder. Put a mail in that > folder and expunge it, so that the folder will be created in the > "expunged" namespace. > > For instance, > > # cat user1/mail/mailboxes/folder/dbox-Mails/dovecot-acl > user=user2 keilrwts > > # cat user1/mail/dovecot-acl-list > 1350914868 folder > > # doveadm -f user1w fetch -u "user1" 'guid' mailbox _EXPUNGED.\* > > # ls -l user1/mail/dovecot-acl-list > -rw------- 1 vmail vmail 0 2014-06-12 11:40 user1/mail/dovecot-acl-list > > You see that we have used doveadm to list the expunged namespace, which > has emptied the "dovecot-acl-list" file. Hi, tried it with dovecot-ee-2.1.17.7-1.el6 and can confirm exactly the behaviour! Interestingly a doveadm acl debug recreates dovecot-acl-list: doveadm acl debug -u user2 user/user1/Folder ... doveadm(user2): Info: User user2 has rights: ... doveadm(user2): Error: Mailbox not found from dovecot-acl-list, rebuilding doveadm(user2): Info: User user1 found from ACL shared dict doveadm(user2): Info: Retrying after rebuilds: ... A question because you mention 2.2.13, is acl + lazy_expunge working for you with 2.2.13??? 2.2.13 fails for me completely with unknown namespace .EXPUNGED as soon as a user shares a folder. (as long as nothing is shared everything is file) Reproducible with: doveadm acl set -u user1 Folder user=user2 rights... 2.1.17: doveadm acl debug -u user2 user/user1/Folder everything is fine. 2.2.13: unknown namespace .EXPUNGED, user2 cannot login anymore. Unfortunately I never got any feedback to this issue and therefore stick with 2.1.17 :-( Florian > Cheers, > Christoph > > > > > # 2.2.13: /usr/local/dovecot/etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-57-server x86_64 Ubuntu 10.04.4 LTS > disable_plaintext_auth = no > mail_gid = vmail > mail_location = mdbox:~/mail > mail_plugins = acl > mail_uid = vmail > namespace { > inbox = no > list = children > location = mdbox:%%h/mail > prefix = INBOX.shared.%%u. > separator = . > subscriptions = no > type = shared > } > namespace default { > inbox = yes > location = > prefix = INBOX. > separator = . > type = private > } > namespace expunged { > hidden = yes > list = no > location = > mdbox:~/mail:MAILBOXDIR=expunged:SUBSCRIPTIONS=expunged-subscriptions > prefix = _EXPUNGED. > separator = . > subscriptions = yes > } > passdb { > args = scheme=CRYPT username_format=%u > /usr/local/dovecot/etc/dovecot/users > driver = passwd-file > } > plugin { > acl = vfile > acl_shared_dict = file:/mail/shared-mailboxes > lazy_expunge = _EXPUNGED. > } > protocols = imap pop3 > service auth { > unix_listener auth-userdb { > group = vmail > mode = 0660 > } > } > ssl_cert = ssl_key = userdb { > args = /usr/local/dovecot/etc/dovecot/users > driver = passwd-file > } > protocol imap { > imap_client_workarounds = tb-extra-mailbox-sep > mail_max_userip_connections = 20 > mail_plugins = acl imap_acl acl > } -- Florian Tischler System Administrator *Johann Radon Institute for Computational and Applied Mathematics (RICAM) http://www.ricam.oeaw.ac.at/ florian.tischler at oeaw.ac.at *Industrial Mathematics Institute http://www.indmath.uni-linz.ac.at/ tischler at indmath.uni-linz.ac.at http://www.ricam.oeaw.ac.at/people/page.cgi?firstn=Florian;lastn=Tischler GPG-Key: http://www.ricam.oeaw.ac.at/gpg/florian_tischler.asc tel: +43 732 2468 5250 fax: +43 732 2468 5212 From rs at sys4.de Thu Jun 12 13:22:20 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 12 Jun 2014 15:22:20 +0200 Subject: Parse dovecot 2.2 logs with logstash In-Reply-To: References: <99354F33-804A-474F-8FC8-2EE4AB38FBD6@dovecot.fi> Message-ID: <5399A98C.1080103@sys4.de> Am 12.06.2014 13:51, schrieb Bruno Galindro da Costa: > Jarkko, many, many and many thanks! This will save a LOT of work... > > > > 2014-06-11 4:52 GMT-03:00 Jarkko Mouruj?rvi : > >> On 10 Jun 2014, at 20:31, Bruno Galindro da Costa < >> bruno.galindro at gmail.com> wrote: >> >>> Guys, >>> >>> I need to parse my dovecot log files with logstash grok patterns. Is >>> there any document specifying the patterns used by dovecot to write it's >>> logs? >>> >>> I need to find all the log possibilities that could be writed to log >>> files by dovecot. So, if a document like that exists or if anyone could >>> answer my question, I'll could make the parser with less difficult. >> >> kv filter in logstash is very useful with dovecot, below is short snippet >> that will extract key=value pairs specified in ?include_keys? from log line. >> >> Additionally you might want to set mail_log_prefix to be something like >> ?service=%s, user=%s, ? to make it easier to parse. >> >> filter { >> if [syslog_program] == "dovecot" { >> kv { >> source => "syslog_message" >> trim => "," >> include_keys => [ "box", "from", "in", "lip", "method", "mpid", >> "msgid", "out", "rip", "session", "size", "user" ] >> } >> } >> } >> > > > should go into wiki, too Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From busseniu at in.tum.de Thu Jun 12 13:41:29 2014 From: busseniu at in.tum.de (=?ISO-8859-1?Q?Christoph_Bu=DFenius?=) Date: Thu, 12 Jun 2014 15:41:29 +0200 Subject: lazy_expunge mangles dovecot-acl-list In-Reply-To: <7466160.JbkWikccVT@vulcan.ricint.oeaw.ac.at> References: <53997896.3000707@in.tum.de> <7466160.JbkWikccVT@vulcan.ricint.oeaw.ac.at> Message-ID: <5399AE09.4020703@in.tum.de> On 06/12/2014 03:06 PM, Florian Tischler wrote: > Am Donnerstag, 12. Juni 2014, 11:53:26 schrieb Christoph Bu?enius: > Interestingly a doveadm acl debug recreates dovecot-acl-list: > doveadm acl debug -u user2 user/user1/Folder A quick fix is to just delete all empty "dovecot-acl-list" files in a cron job. They will get recreated as soon as they are needed. > A question because you mention 2.2.13, is acl + lazy_expunge working for you > with 2.2.13??? Actually we are not using 2.2 on our main mail servers. Before I reported this bug, I reproduced it with the current 2.1 and 2.2 dovecots, but I did not do much testing in these setups. > 2.2.13 fails for me completely with unknown namespace .EXPUNGED as soon as a > user shares a folder. (as long as nothing is shared everything is file) > Reproducible with: doveadm acl set -u user1 Folder user=user2 rights... > 2.1.17: doveadm acl debug -u user2 user/user1/Folder everything is fine. > 2.2.13: unknown namespace .EXPUNGED, user2 cannot login anymore. I just checked. I get the same error. As soon as user2 issues the "LIST" imap command, the imap connection is dropped and the log shows dovecot: imap(user2): Fatal: lazy_expunge: Unknown namespace: '_EXPUNGED.' Thanks for the warning.. At some point we would like to upgrade to 2.2 too, but we are going to need ACLs and lazy_expunge. >> protocol imap { >> imap_client_workarounds = tb-extra-mailbox-sep >> mail_max_userip_connections = 20 >> mail_plugins = acl imap_acl acl >> } Btw, to reproduce your bug, I had to add "lazy_expunge" to the imap section. Cheers, Christoph -- Christoph Bu?enius Rechnerbetriebsgruppe Informatik und Mathematik Technische Universit?t M?nchen From waste at preternatural.net Thu Jun 12 14:03:39 2014 From: waste at preternatural.net (James Rogers) Date: Thu, 12 Jun 2014 10:03:39 -0400 Subject: A solution : dsync(someuser) Error: Mailbox GUIDs are not permanent without index files Message-ID: While migrating from mbox to maildir using dsync, I kept running into a brick wall. Some folders would not sync. The message in stderr was: Error message GUID: Mailbox GUIDs are not permanent without index files. This is what solved things for me. I hope this might help someone. Let me know if I'm completely off sides. When working with dsync to migrate from mbox to maildir format mailboxes, I kept running into the error: dsync(someuser): Error: Couldn't get mailbox Drafts GUID: Mailbox GUIDs are not permanent without index files dsync(someuser): Error: Couldn't get mailbox Junk E-mail1 GUID: Mailbox GUIDs are not permanent without index files dsync(soemuser): Error: Couldn't get mailbox TO DO LATER - US GUID: Mailbox GUIDs are not permanent without index files dsync(someuser): Error: Couldn't get mailbox Notes GUID: Mailbox GUIDs are not permanent without index files dsync(someuser): Error: Couldn't get mailbox Orders Pending GUID: Mailbox GUIDs are not permanent without index files dsync(someuser): Error: Couldn't get mailbox Junk E-mail GUID: Mailbox GUIDs are not permanent without index files dsync(someuser): Error: Couldn't get mailbox Server Mgmt+Config GUID: Mailbox GUIDs are not permanent without index files The error messages were helpful, but it would be nice to know what prevented the creation of the indexes in the errors (permissions, settings, disk space, etc.). I finally figured it out semi-randomly when I dumped my doveconf file using doveconf -n, and saw: mbox_min_index_size = 100 k I felt very um... happy? And not too bright. The following made my problems go away, and the sync worked flawlessly. mbox_min_index_size = 0 I guess it's best to set this using dsync -o'mbox_min_index_size=0' Mail now converts quickly and completely even for 0 length mailboxes (i.e. empty folders are created). Also, I would like to note that mb2md.pl should not be used to convert mbox to maildir. The regex used to split mboxes will fragment messages. mb2md.pl uses: if ( /^From / And in the very least, the following would be less harmful: if ( /^From\s+(\S+.*@\S+.*|MAILER.DAEMON)\s+.*$/ I love dovecot. I knew it must be something bone-headed I just wasn't seeing. And now I can go get some rest. --James W. Rogers From mwegrzynek at litex.pl Thu Jun 12 12:04:43 2014 From: mwegrzynek at litex.pl (=?UTF-8?B?TWljaGHFgiBXxJlncnp5bmVr?=) Date: Thu, 12 Jun 2014 14:04:43 +0200 Subject: Problems with dsync and global acls Message-ID: <5399975B.9030207@litex.pl> Hi all! I have 2 servers running dsync tcp replication between them. After setting global ACLs to * user=admin lrwstipekxa on both hosts, I get the following errors during replication for every folder: dsync-local(mwegrzynek): Error: Mailbox Trash: Failed to set attribute vendor/vendor.dovecot/pvt/acl/user=admin: Invalid right '' This error first manifested in version 2.2.13, there were no such errors in 2.2.9 (stock Ubuntu 14.04) version. Am I doing something wrong? My configuration: # 2.2.13.3 (6dab0352ccb3+): /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-29-generic x86_64 Ubuntu 14.04 LTS ext4 auth_cache_size = 10 M auth_gssapi_hostname = $ALL auth_krb5_keytab = /etc/dovecot/krb5.keytab auth_master_user_separator = * auth_mechanisms = plain login gssapi auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@() auth_username_format = %Ln auth_verbose = yes default_client_limit = 10000 default_process_limit = 1000 default_vsz_limit = 2 G doveadm_port = 12345 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lmtp_rcpt_check_quota = yes lmtp_save_to_detail_mailbox = yes mail_gid = vmail mail_home = /var/mail/users/%u mail_location = mdbox:/var/mail/users/%u/mdbox mail_plugins = acl quota virtual zlib listescape fts fts_squat notify replication mail_prefetch_count = 20 mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate mdbox_preallocate_space = yes namespace dzielone { list = children location = mdbox:%%h/mdbox:INDEXPVT=~/shared/%%u prefix = Dzielone/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / subscriptions = yes type = private } namespace publiczne { list = children location = mdbox:/var/mail/public:INDEXPVT=~/public prefix = Publiczne/ separator = / subscriptions = no type = public } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes } passdb { args = /etc/dovecot/dovecot-ldap.passdb.ext driver = ldap } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/var/mail/config/shared-mailboxes fts = squat fts_squat = partial=4 full=10 mail_replica = tcps:xxx.yyy.zzz quota = dict:User quota::file:%h/dovecot-quota sieve = ~/.dovecot.sieve sieve_dir = ~/sieve zlib_save = gz zlib_save_level = 6 } pop3_uidl_format = %v.%u protocols = imap pop3 lmtp sieve quota_full_tempfail = yes replication_dsync_parameters = -d -l 60 -n inbox -U service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail user = vmail } } service doveadm { inet_listener { port = 12345 ssl = yes } process_limit = 10 } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 user = vmail } } ssl_ca = Sorry for the bother, but is there any way to poke or prod or query dovecot so that it will reveal what version of SSL it is currently using? dovecot --build-options tells me that openssl is there, but not the version. ldd on any of the binaries in libexec comes up empty. I can get the version and what directory it is looking at by: strings ssl-params | grep -i ssl but that is kludgy. CentOS 5, dovecot 2.2.13. Thanks for any help. Cheers, Zube From andrewho at animezone.org Thu Jun 12 16:47:06 2014 From: andrewho at animezone.org (Andrew Ho) Date: Thu, 12 Jun 2014 12:47:06 -0400 Subject: display SSL version? In-Reply-To: <20140612163431.GA10463@quantum.stat.colostate.edu> References: <20140612163431.GA10463@quantum.stat.colostate.edu> Message-ID: <5399D98A.3040801@animezone.org> You can use ldd. ldd /usr/lib64/dovecot/libdovecot-ssl.so It works. On 2014-06-12, 12:34 PM, Zube wrote: > Sorry for the bother, but is there any way to poke or prod or query > dovecot so that it will reveal what version of SSL it is currently > using? > > dovecot --build-options > > tells me that openssl is there, but not the version. > > ldd on any of the binaries in libexec comes up empty. > > I can get the version and what directory it is looking at by: > > strings ssl-params | grep -i ssl > > but that is kludgy. > > CentOS 5, dovecot 2.2.13. > > Thanks for any help. > > Cheers, > Zube -- Pressure creates diamonds. From Zube at stat.colostate.edu Thu Jun 12 17:24:32 2014 From: Zube at stat.colostate.edu (Zube) Date: Thu, 12 Jun 2014 11:24:32 -0600 Subject: display SSL version? In-Reply-To: <5399D98A.3040801@animezone.org> References: <20140612163431.GA10463@quantum.stat.colostate.edu> <5399D98A.3040801@animezone.org> Message-ID: <20140612172432.GA13570@quantum.stat.colostate.edu> On Thu Jun 12 12:47:06 PM, Andrew Ho wrote: > You can use ldd. > > ldd /usr/lib64/dovecot/libdovecot-ssl.so > > It works. I should have mentioned (drat) that I built both OpenSSL and dovecot from scratch and both are in their own directories under /usr/local. ldd on any file I've tried so far comes up without any ssl bits, (probably a side effect of the way I built it). In the dovecot lib directory, I don't even have a libdovecot-ssl.so. :) Cheers, Zube From h.reindl at thelounge.net Thu Jun 12 17:28:57 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 12 Jun 2014 19:28:57 +0200 Subject: display SSL version? In-Reply-To: <20140612172432.GA13570@quantum.stat.colostate.edu> References: <20140612163431.GA10463@quantum.stat.colostate.edu> <5399D98A.3040801@animezone.org> <20140612172432.GA13570@quantum.stat.colostate.edu> Message-ID: <5399E359.7010705@thelounge.net> Am 12.06.2014 19:24, schrieb Zube: > On Thu Jun 12 12:47:06 PM, Andrew Ho wrote: >> You can use ldd. >> >> ldd /usr/lib64/dovecot/libdovecot-ssl.so >> >> It works. > > I should have mentioned (drat) that I built both OpenSSL and dovecot > from scratch and both are in their own directories under /usr/local. > ldd on any file I've tried so far comes up without any ssl bits, > (probably a side effect of the way I built it). > > In the dovecot lib directory, I don't even have a libdovecot-ssl.so. > :) but you have %prefix/libexec/dovecot/imap-login and if you even managed to link it static why do you need to look what version - you should know and avoid static linking in general -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From Zube at stat.colostate.edu Thu Jun 12 18:32:57 2014 From: Zube at stat.colostate.edu (Zube) Date: Thu, 12 Jun 2014 12:32:57 -0600 Subject: display SSL version? In-Reply-To: <5399E359.7010705@thelounge.net> References: <20140612163431.GA10463@quantum.stat.colostate.edu> <5399D98A.3040801@animezone.org> <20140612172432.GA13570@quantum.stat.colostate.edu> <5399E359.7010705@thelounge.net> Message-ID: <20140612183257.GA15556@quantum.stat.colostate.edu> On Thu Jun 12 07:28:57 PM, Reindl Harald wrote: > but you have %prefix/libexec/dovecot/imap-login and if you > even managed to link it static Hmm. I do feel like an idiot now. I don't think it's statically linked. prompt> file imap-login imap-login: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), not stripped I certainly wasn't able to build dovecot until I rebuilt ssl with -fPIC. > why do you need to look > what version - you should know and avoid static linking > in general It's a sanity check to make sure what I think is running is running. I can get sshd to tell me it's running: "OpenSSH_6.6p1, OpenSSL 1.0.1h 5 Jun 2014" by passing it an unknown option on the command line (there is probably a better way). Similarly, I can query apache with curl and it will tell me: OpenSSL/1.0.1h I was just curious if there was an easy way with my current dovecot environment. Thanks for the feedback. Cheers, Zube From h.reindl at thelounge.net Thu Jun 12 18:36:28 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 12 Jun 2014 20:36:28 +0200 Subject: display SSL version? In-Reply-To: <20140612183257.GA15556@quantum.stat.colostate.edu> References: <20140612163431.GA10463@quantum.stat.colostate.edu> <5399D98A.3040801@animezone.org> <20140612172432.GA13570@quantum.stat.colostate.edu> <5399E359.7010705@thelounge.net> <20140612183257.GA15556@quantum.stat.colostate.edu> Message-ID: <5399F32C.3030807@thelounge.net> Am 12.06.2014 20:32, schrieb Zube: > On Thu Jun 12 07:28:57 PM, Reindl Harald wrote: > >> but you have %prefix/libexec/dovecot/imap-login and if you >> even managed to link it static > > Hmm. I do feel like an idiot now. I don't think it's statically > linked. why do you need to think? you configured how it is built > prompt> file imap-login > imap-login: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), not stripped and what says "ldd" on that file? [harry at srv-rhsoft:~]$ ldd /usr/libexec/dovecot/imap-login linux-vdso.so.1 => (0x00007fff51f21000) libdovecot-login.so.0 => /usr/lib64/dovecot/libdovecot-login.so.0 (0x00007fe5363a4000) libdovecot.so.0 => /usr/lib64/dovecot/libdovecot.so.0 (0x00007fe5360c2000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fe535ea5000) libc.so.6 => /lib64/libc.so.6 (0x00007fe535ae6000) libssl.so.10 => /lib64/libssl.so.10 (0x00007fe535878000) libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007fe535486000) libdl.so.2 => /lib64/libdl.so.2 (0x00007fe535282000) /lib64/ld-linux-x86-64.so.2 (0x00007fe5367e4000) libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fe535037000) libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fe534d57000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fe534b53000) libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fe53491d000) libz.so.1 => /lib64/libz.so.1 (0x00007fe534704000) libgomp.so.1 => /lib64/libgomp.so.1 (0x00007fe5344f5000) libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fe5342e6000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fe5340e2000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fe533ec8000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fe533ca3000) libpcre.so.1 => /lib64/libpcre.so.1 (0x00007fe533a3d000) liblzma.so.5 => /lib64/liblzma.so.5 (0x00007fe533811000) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From Zube at stat.colostate.edu Thu Jun 12 20:49:09 2014 From: Zube at stat.colostate.edu (Zube) Date: Thu, 12 Jun 2014 14:49:09 -0600 Subject: display SSL version? In-Reply-To: <5399F32C.3030807@thelounge.net> References: <20140612163431.GA10463@quantum.stat.colostate.edu> <5399D98A.3040801@animezone.org> <20140612172432.GA13570@quantum.stat.colostate.edu> <5399E359.7010705@thelounge.net> <20140612183257.GA15556@quantum.stat.colostate.edu> <5399F32C.3030807@thelounge.net> Message-ID: <20140612204909.GA20369@quantum.stat.colostate.edu> On Thu Jun 12 08:36:28 PM, Reindl Harald wrote: > > prompt> file imap-login > > imap-login: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), not stripped > > and what says "ldd" on that file? prompt> ldd imap-login linux-vdso.so.1 => (0x00007fffd03fd000) libdovecot-login.so.0 => /usr/local/dovecot/lib/dovecot/libdovecot-login.so.0 (0x00002b5798753000) libdovecot.so.0 => /usr/local/dovecot/lib/dovecot/libdovecot.so.0 (0x00002b5798b73000) libc.so.6 => /lib64/libc.so.6 (0x00000037f0e00000) libdl.so.2 => /lib64/libdl.so.2 (0x00000037f1600000) libz.so.1 => /lib64/libz.so.1 (0x00000037f1a00000) librt.so.1 => /lib64/librt.so.1 (0x00000037f5600000) /lib64/ld-linux-x86-64.so.2 (0x00000037f0a00000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00000037f1e00000) Cheers, Zube From h.reindl at thelounge.net Thu Jun 12 21:05:19 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 12 Jun 2014 23:05:19 +0200 Subject: display SSL version? In-Reply-To: <20140612204909.GA20369@quantum.stat.colostate.edu> References: <20140612163431.GA10463@quantum.stat.colostate.edu> <5399D98A.3040801@animezone.org> <20140612172432.GA13570@quantum.stat.colostate.edu> <5399E359.7010705@thelounge.net> <20140612183257.GA15556@quantum.stat.colostate.edu> <5399F32C.3030807@thelounge.net> <20140612204909.GA20369@quantum.stat.colostate.edu> Message-ID: <539A160F.4000906@thelounge.net> Am 12.06.2014 22:49, schrieb Zube: > On Thu Jun 12 08:36:28 PM, Reindl Harald wrote: > >>> prompt> file imap-login >>> imap-login: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), not stripped >> >> and what says "ldd" on that file? > > prompt> ldd imap-login > linux-vdso.so.1 => (0x00007fffd03fd000) > libdovecot-login.so.0 => /usr/local/dovecot/lib/dovecot/libdovecot-login.so.0 (0x00002b5798753000) > libdovecot.so.0 => /usr/local/dovecot/lib/dovecot/libdovecot.so.0 (0x00002b5798b73000) > libc.so.6 => /lib64/libc.so.6 (0x00000037f0e00000) > libdl.so.2 => /lib64/libdl.so.2 (0x00000037f1600000) > libz.so.1 => /lib64/libz.so.1 (0x00000037f1a00000) > librt.so.1 => /lib64/librt.so.1 (0x00000037f5600000) > /lib64/ld-linux-x86-64.so.2 (0x00000037f0a00000) > libpthread.so.0 => /lib64/libpthread.so.0 (0x00000037f1e00000) so you have no ssl support or linked openssl statically what let you come to the conclusion your build has ssl support? why not using a package manager and if you build yourself why don#t you read the output of ./configure? "uses shared libs" in the file commands don't say anything useful ______________________________- my ffmpeg build uses x264 also static but a lot of other libs dynamically [harry at srv-rhsoft:~]$ file /usr/local/bin/ffmpeg /usr/local/bin/ffmpeg: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=a3197740ffc6c0532de9c4f39eb6682b6c0259fc, stripped [harry at srv-rhsoft:~]$ ldd /usr/local/bin/ffmpeg linux-vdso.so.1 => (0x00007fff33f27000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f6ce07b2000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f6ce0595000) libvpx.so.1 => /lib64/libvpx.so.1 (0x00007f6ce01eb000) libtheoraenc.so.1 => /lib64/libtheoraenc.so.1 (0x00007f6cdffbe000) libtheoradec.so.1 => /lib64/libtheoradec.so.1 (0x00007f6cdfdae000) libmp3lame.so.0 => /lib64/libmp3lame.so.0 (0x00007f6cdfb33000) libm.so.6 => /lib64/libm.so.6 (0x00007f6cdf82c000) libbz2.so.1 => /lib64/libbz2.so.1 (0x00007f6cdf61c000) libz.so.1 => /lib64/libz.so.1 (0x00007f6cdf402000) libc.so.6 => /lib64/libc.so.6 (0x00007f6cdf043000) /lib64/ld-linux-x86-64.so.2 (0x00007f6ce09d1000) libogg.so.0 => /lib64/libogg.so.0 (0x00007f6cdee3c000) libgomp.so.1 => /lib64/libgomp.so.1 (0x00007f6cdec2c000) oh no x264 - well, yes because it's linked statically to offer use the latest upstream without break other dependencies -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From mh103 at nyu.edu Thu Jun 12 21:19:02 2014 From: mh103 at nyu.edu (Michael Hocke) Date: Thu, 12 Jun 2014 17:19:02 -0400 (EDT) Subject: display SSL version? In-Reply-To: <20140612204909.GA20369@quantum.stat.colostate.edu> References: <20140612163431.GA10463@quantum.stat.colostate.edu> <5399D98A.3040801@animezone.org> <20140612172432.GA13570@quantum.stat.colostate.edu> <5399E359.7010705@thelounge.net> <20140612183257.GA15556@quantum.stat.colostate.edu> <5399F32C.3030807@thelounge.net> <20140612204909.GA20369@quantum.stat.colostate.edu> Message-ID: On Thu, 12 Jun 2014, Zube wrote: > prompt> ldd imap-login > linux-vdso.so.1 => (0x00007fffd03fd000) > libdovecot-login.so.0 => /usr/local/dovecot/lib/dovecot/libdovecot-login.so.0 (0x00002b5798753000) > libdovecot.so.0 => /usr/local/dovecot/lib/dovecot/libdovecot.so.0 (0x00002b5798b73000) > libc.so.6 => /lib64/libc.so.6 (0x00000037f0e00000) > libdl.so.2 => /lib64/libdl.so.2 (0x00000037f1600000) > libz.so.1 => /lib64/libz.so.1 (0x00000037f1a00000) > librt.so.1 => /lib64/librt.so.1 (0x00000037f5600000) > /lib64/ld-linux-x86-64.so.2 (0x00000037f0a00000) > libpthread.so.0 => /lib64/libpthread.so.0 (0x00000037f1e00000) If OpenSSL is linked statically this will be successful: $ strings imap-login | grep OpenSSL - Michael From Zube at stat.colostate.edu Thu Jun 12 21:36:18 2014 From: Zube at stat.colostate.edu (Zube) Date: Thu, 12 Jun 2014 15:36:18 -0600 Subject: display SSL version? In-Reply-To: References: <20140612163431.GA10463@quantum.stat.colostate.edu> <5399D98A.3040801@animezone.org> <20140612172432.GA13570@quantum.stat.colostate.edu> <5399E359.7010705@thelounge.net> <20140612183257.GA15556@quantum.stat.colostate.edu> <5399F32C.3030807@thelounge.net> <20140612204909.GA20369@quantum.stat.colostate.edu> Message-ID: <20140612213618.GA21821@quantum.stat.colostate.edu> On Thu Jun 12 05:19:02 PM, Michael Hocke wrote: > $ strings imap-login | grep OpenSSL Yes, this is what I get on something like sshd, which I know points to a non-shared OpenSSL install. It also appears, as previously mentioned, on ssl-params, but not on anything else, like imap-login. ssl is most certainly there. Maybe this is a side-effect of setting LD_RUN_PATH when building. Hmm. Zube From nick.z.edwards at gmail.com Fri Jun 13 10:09:28 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Fri, 13 Jun 2014 20:09:28 +1000 Subject: Subject tag [Dovecot] is gone In-Reply-To: <20140611102103.GX514@ruhr-uni-bochum.de> References: <53971B83.4070109@ace-electronics.be> <1402413339.28639.8.camel@thorin> <53972649.6020801@ace-electronics.be> <53982199.4070404@ace-electronics.be> <5398296C.1050602@thelounge.net> <20140611102103.GX514@ruhr-uni-bochum.de> Message-ID: On 6/11/14, Jost Krieger wrote: > On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: > >> Cisco routers by default mangle DNS traffic, break zone transfers >> or even put befor all CNAME blocks a $TTL 0 line never appeared >> on the master until you disable DNS ALG for UDP and TCP > > I believe that Cisco equipment will do such things, but I doubt it's the > routers. Unless you plug a firewall card in. > I think he means junk like PIX, I've never seen a 7200, 7300, 10K, or any ASR do that. From h.reindl at thelounge.net Fri Jun 13 10:17:00 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 13 Jun 2014 12:17:00 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: References: <53971B83.4070109@ace-electronics.be> <1402413339.28639.8.camel@thorin> <53972649.6020801@ace-electronics.be> <53982199.4070404@ace-electronics.be> <5398296C.1050602@thelounge.net> <20140611102103.GX514@ruhr-uni-bochum.de> Message-ID: <539ACF9C.60208@thelounge.net> Am 13.06.2014 12:09, schrieb Nick Edwards: > On 6/11/14, Jost Krieger wrote: >> On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: >> >>> Cisco routers by default mangle DNS traffic, break zone transfers >>> or even put befor all CNAME blocks a $TTL 0 line never appeared >>> on the master until you disable DNS ALG for UDP and TCP >> >> I believe that Cisco equipment will do such things, but I doubt it's the >> routers. Unless you plug a firewall card in. >> > > think he means junk like PIX, I've never seen a 7200, 7300, 10K, or > any ASR do that http://www.2mul.com/c/en/us/products/routers/2921-integrated-services-router-isr/index.html and even the small Cisco 6 years ago supplied by our ISP did the same - most likely you just don't realize it if you are not hoster of public nameservers and have one of them in front of and one behind the NAT -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From h.reindl at thelounge.net Fri Jun 13 10:19:24 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 13 Jun 2014 12:19:24 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <539ACF9C.60208@thelounge.net> References: <53971B83.4070109@ace-electronics.be> <1402413339.28639.8.camel@thorin> <53972649.6020801@ace-electronics.be> <53982199.4070404@ace-electronics.be> <5398296C.1050602@thelounge.net> <20140611102103.GX514@ruhr-uni-bochum.de> <539ACF9C.60208@thelounge.net> Message-ID: <539AD02C.10705@thelounge.net> Am 13.06.2014 12:17, schrieb Reindl Harald: > Am 13.06.2014 12:09, schrieb Nick Edwards: >> On 6/11/14, Jost Krieger wrote: >>> On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: >>> >>>> Cisco routers by default mangle DNS traffic, break zone transfers >>>> or even put befor all CNAME blocks a $TTL 0 line never appeared >>>> on the master until you disable DNS ALG for UDP and TCP >>> >>> I believe that Cisco equipment will do such things, but I doubt it's the >>> routers. Unless you plug a firewall card in. >>> >> >> think he means junk like PIX, I've never seen a 7200, 7300, 10K, or >> any ASR do that > > http://www.2mul.com/c/en/us/products/routers/2921-integrated-services-router-isr/index.html > > and even the small Cisco 6 years ago supplied by our ISP > did the same - most likely you just don't realize it if > you are not hoster of public nameservers and have one of > them in front of and one behind the NAT here you go: http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a00801af2b9.html and here you go to disable this dumb behavior: no ip nat service alg udp dns no ip nat service alg tcp dns -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From reuben-dovecot at reub.net Fri Jun 13 10:20:01 2014 From: reuben-dovecot at reub.net (Reuben Farrelly) Date: Fri, 13 Jun 2014 20:20:01 +1000 Subject: Subject tag [Dovecot] is gone In-Reply-To: References: <53971B83.4070109@ace-electronics.be> <1402413339.28639.8.camel@thorin> <53972649.6020801@ace-electronics.be> <53982199.4070404@ace-electronics.be> <5398296C.1050602@thelounge.net> <20140611102103.GX514@ruhr-uni-bochum.de> Message-ID: <539AD051.1070905@reub.net> On 13/06/2014 8:09 PM, Nick Edwards wrote: > On 6/11/14, Jost Krieger wrote: >> On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: >> >>> Cisco routers by default mangle DNS traffic, break zone transfers >>> or even put befor all CNAME blocks a $TTL 0 line never appeared >>> on the master until you disable DNS ALG for UDP and TCP >> >> I believe that Cisco equipment will do such things, but I doubt it's the >> routers. Unless you plug a firewall card in. >> > > I think he means junk like PIX, I've never seen a 7200, 7300, 10K, or > any ASR do that. Actually you're both incorrect - this isn't a PIX/ASA specific thing and it does work that way on IOS routers in certain configurations. A Cisco IOS router (800/1800/1900 etc) running recent code will do this if you have a PAT rule translating port 53 from outside to inside. This isn't a configuration that is that common, and it is annoying when you run into it, but it's not something you can have happen "by accident" since you have to specifically configure port 53 to be NATted in to observe this behaviour. It's also easy to turn off (TBH I don't know why it's not off by default, but that's a separate matter). It doesn't impact normal outbound/dynamic NAT which is what most people use. I haven't tried 1:1 static NATs so can't verify if it works that way in that situation, though. Reuben -------------- next part -------------- A non-text attachment was scrubbed... Name: reuben-dovecot.vcf Type: text/x-vcard Size: 4 bytes Desc: not available URL: From h.reindl at thelounge.net Fri Jun 13 10:25:27 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 13 Jun 2014 12:25:27 +0200 Subject: Subject tag [Dovecot] is gone In-Reply-To: <539AD051.1070905@reub.net> References: <53971B83.4070109@ace-electronics.be> <1402413339.28639.8.camel@thorin> <53972649.6020801@ace-electronics.be> <53982199.4070404@ace-electronics.be> <5398296C.1050602@thelounge.net> <20140611102103.GX514@ruhr-uni-bochum.de> <539AD051.1070905@reub.net> Message-ID: <539AD197.70503@thelounge.net> Am 13.06.2014 12:20, schrieb Reuben Farrelly: > On 13/06/2014 8:09 PM, Nick Edwards wrote: >> On 6/11/14, Jost Krieger wrote: >>> On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: >>> >>>> Cisco routers by default mangle DNS traffic, break zone transfers >>>> or even put befor all CNAME blocks a $TTL 0 line never appeared >>>> on the master until you disable DNS ALG for UDP and TCP >>> >>> I believe that Cisco equipment will do such things, but I doubt it's the >>> routers. Unless you plug a firewall card in. >> >> I think he means junk like PIX, I've never seen a 7200, 7300, 10K, or >> any ASR do that. > > Actually you're both incorrect - this isn't a PIX/ASA specific thing and it does work that way on IOS routers in > certain configurations. A Cisco IOS router (800/1800/1900 etc) running recent code will do this if you have a PAT > rule translating port 53 from outside to inside. > > This isn't a configuration that is that common, and it is annoying when you run into it, but it's not something you > can have happen "by accident" since you have to specifically configure port 53 to be NATted in to observe this > behaviour. It's also easy to turn off (TBH I don't know why it's not off by default, but that's a separate matter). > > It doesn't impact normal outbound/dynamic NAT which is what most people use. > > I haven't tried 1:1 static NATs so can't verify if it works that way in that situation, though we are running 1:1 static NAT and it is enabled by default in that situation that's what i am talking the whole time, nobody does single port-forwardings in a server environment and *yes* you can have happen this "by accident" simply by have non Cisco hardware before with the same 1:1 NAT and then get a Cisco device due switch from bundeled DSL lines to glasfiber -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From weber.bernd at imail.de Fri Jun 13 09:54:26 2014 From: weber.bernd at imail.de (Bernd Weber) Date: Fri, 13 Jun 2014 11:54:26 +0200 Subject: Dovecot and Postfix - dovecot doesn't create sockets Message-ID: <539ACA52.3010201@imail.de> Hi, Problem: Sockets /var/spool/postfix/private/auth and /var/spool/postfix/private/dovecot-lmtp are not created The only error message I get comes from postfix: no auth (SASL) founhd. Takes np wonder, the s ockets don't exist. Any help is welcome. Thanks. Bernd doveconf: # 2.1.17: /etc/dovecot/dovecot.conf # OS: Linux 3.11.10-11-default x86_64 openSUSE 13.1 (x86_64) ext4 auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_debug = yes auth_debug_passwords = yes auth_default_realm = auth_failure_delay = 2 secs auth_first_valid_uid = 500 auth_gssapi_hostname = auth_krb5_keytab = auth_last_valid_uid = 0 auth_master_user_separator = auth_mechanisms = plain login auth_proxy_self = auth_realms = auth_socket_path = /var/run/dovecot/auth-client auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Lu auth_username_translation = auth_verbose = yes auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot/ config_cache_size = 1 M debug_log_path = /var/log/dovecot.log default_client_limit = 1000 default_idle_kill = 1 mins default_internal_user = dovecot default_login_user = dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins director_username_hash = %u disable_plaintext_auth = yes dotlock_use_excl = yes doveadm_allowed_commands = doveadm_password = doveadm_proxy_port = 0 doveadm_socket_path = doveadm-server doveadm_worker_count = 0 dsync_alt_char = _ dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace} first_valid_gid = 1 first_valid_uid = 500 hostname = imap_capability = imap_client_workarounds = imap_id_log = imap_id_send = imap_idle_notify_interval = 2 mins imap_logout_format = in=%i out=%o imap_max_line_length = 64 k imapc_features = imapc_host = imapc_list_prefix = imapc_master_user = imapc_max_idle_time = 29 mins imapc_password = imapc_port = 143 imapc_rawlog_dir = imapc_ssl = no imapc_ssl_ca_dir = imapc_ssl_verify = yes imapc_user = %u import_environment = TZ LISTEN_PID LISTEN_FDS info_log_path = instance_name = dovecot last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/lib/dovecot listen = *, :: lmtp_address_translate = lmtp_proxy = no lmtp_rcpt_check_quota = no lmtp_save_to_detail_mailbox = no lock_method = fcntl log_path = syslog log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Dovecot zu Diensten. login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}> login_trusted_networks = mail_access_groups = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = yes mail_fsync = optimized mail_full_filesystem_access = no mail_gid = vmail mail_home = mail_location = maildir:/var/vmail/%d/%n:LAYOUT=fs mail_log_prefix = "%s(%u): " mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /usr/lib64/dovecot/modules mail_plugins = mail_prefetch_count = 0 mail_privileged_group = vmail mail_save_crlf = no mail_shared_explicit_inbox = yes mail_temp_dir = /tmp mail_temp_scan_interval = 1 weeks mail_uid = vmail mailbox_idle_check_interval = 30 secs mailbox_list_index = no maildir_broken_filename_sizes = no maildir_copy_with_hardlinks = yes maildir_stat_dirs = no maildir_very_dirty_syncs = no managesieve_client_workarounds = managesieve_implementation_string = Dovecot Pigeonhole managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_md5 = apop3d mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = dotlock fcntl mdbox_preallocate_space = no mdbox_rotate_interval = 0 mdbox_rotate_size = 2 M mmap_disable = no namespace inbox { disabled = no hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = no special_use = \Drafts } mailbox Junk { auto = no special_use = \Junk } mailbox Sent { auto = no special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Trash { auto = no special_use = \Trash } prefix = separator = subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext default_fields = deny = no driver = sql master = no override_fields = pass = no } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } pop3_client_workarounds = pop3_enable_last = no pop3_fast_size_lookups = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_no_flag_updates = no pop3_reuse_xuidl = no pop3_save_uidl = no pop3_uidl_duplicates = allow pop3_uidl_format = %08Xu%08Xv pop3c_host = pop3c_master_user = pop3c_password = pop3c_port = 110 pop3c_rawlog_dir = pop3c_ssl = no pop3c_ssl_ca_dir = pop3c_ssl_verify = yes pop3c_user = %u postmaster_address = bweber at casasky.com protocols = imap pop3 lmtp sieve quota_full_tempfail = no recipient_delimiter = + rejection_reason = Your message to <%t> was automatically rejected:%n%r rejection_subject = Rejected: %s replication_full_sync_interval = 12 hours replication_max_conns = 10 replicator_host = replicator replicator_port = 0 sendmail_path = /usr/sbin/sendmail service aggregator { chroot = . client_limit = 0 drop_priv_before_exec = no executable = aggregator extra_groups = fifo_listener replication-notify-fifo { group = mode = 0600 user = } group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener replication-notify { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service auth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = auth -w extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 0 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-client { group = mode = 0600 user = } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = postfix mode = 0666 user = postfix } unix_listener login/login { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service config { chroot = client_limit = 0 drop_priv_before_exec = no executable = config extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = config unix_listener config { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service dict { chroot = client_limit = 1 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service director { chroot = . client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs inet_listener { address = port = 0 ssl = no } privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener director-userdb { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dns_client { chroot = client_limit = 1 drop_priv_before_exec = no executable = dns-client extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dns-client { group = mode = 0666 user = } unix_listener login/dns-client { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service doveadm { chroot = client_limit = 1 drop_priv_before_exec = no executable = doveadm-server extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener doveadm-server { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service imap-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = imap-login extra_groups = group = idle_kill = 0 inet_listener imap { address = port = 143 ssl = no } inet_listener imaps { address = port = 993 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service imap { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener login/imap { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service indexer-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = indexer-worker extra_groups = group = idle_kill = 0 privileged_group = process_limit = 10 process_min_avail = 0 protocol = service_count = 0 type = unix_listener indexer-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service indexer { chroot = client_limit = 0 drop_priv_before_exec = no executable = indexer extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener indexer { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service ipc { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = ipc extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener ipc { group = mode = 0600 user = } unix_listener login/ipc-proxy { group = mode = 0600 user = $default_login_user } user = $default_internal_user vsz_limit = 18446744073709551615 B } service lmtp { chroot = client_limit = 1 drop_priv_before_exec = no executable = lmtp extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } unix_listener lmtp { group = mode = 0666 user = } user = vmail vsz_limit = 18446744073709551615 B } service log { chroot = client_limit = 0 drop_priv_before_exec = no executable = log extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = log unix_listener log-errors { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service managesieve-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = managesieve-login extra_groups = group = idle_kill = 0 inet_listener sieve { address = port = 4190 ssl = no } privileged_group = process_limit = 0 process_min_avail = 0 protocol = sieve service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service managesieve { chroot = client_limit = 1 drop_priv_before_exec = no executable = managesieve extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = sieve service_count = 1 type = unix_listener login/sieve { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service pop3-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = port = 110 ssl = no } inet_listener pop3s { address = port = 995 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = pop3 service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service pop3 { chroot = client_limit = 1 drop_priv_before_exec = no executable = pop3 extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = pop3 service_count = 1 type = unix_listener login/pop3 { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service replicator { chroot = client_limit = 0 drop_priv_before_exec = no executable = replicator extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener replicator { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service ssl-params { chroot = client_limit = 0 drop_priv_before_exec = no executable = ssl-params extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = startup unix_listener login/ssl-params { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = stats extra_groups = fifo_listener stats-mail { group = mode = 0600 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener stats { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service tcpwrap { chroot = client_limit = 1 drop_priv_before_exec = no executable = tcpwrap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = user = $default_internal_user vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = required ssl_ca = ssl_cert = empty_address_recipient = MAILER-DAEMON empty_address_relayhost_maps_lookup_key = <> enable_long_queue_ids = no enable_original_recipient = yes error_delivery_slot_cost = $default_delivery_slot_cost error_delivery_slot_discount = $default_delivery_slot_discount error_delivery_slot_loan = $default_delivery_slot_loan error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit error_destination_concurrency_limit = $default_destination_concurrency_limit error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback error_destination_rate_delay = $default_destination_rate_delay error_destination_recipient_limit = $default_destination_recipient_limit error_extra_recipient_limit = $default_extra_recipient_limit error_initial_destination_concurrency = $initial_destination_concurrency error_minimum_delivery_slots = $default_minimum_delivery_slots error_notice_recipient = postmaster error_recipient_limit = $default_recipient_limit error_recipient_refill_delay = $default_recipient_refill_delay error_recipient_refill_limit = $default_recipient_refill_limit error_service_name = error execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ expand_owner_alias = no export_environment = TZ MAIL_CONFIG LANG fallback_transport = fallback_transport_maps = fast_flush_domains = $relay_domains fast_flush_purge_time = 7d fast_flush_refresh_time = 12h fault_injection_code = 0 flush_service_name = flush fork_attempts = 5 fork_delay = 1s forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward frozen_delivered_to = yes hash_queue_depth = 1 hash_queue_names = deferred, defer header_address_token_limit = 10240 header_checks = header_size_limit = 102400 helpful_warnings = yes home_mailbox = hopcount_limit = 50 html_directory = /usr/share/doc/packages/postfix-doc/html ignore_mx_lookup_error = no import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C in_flow_delay = 1s inet_interfaces = all inet_protocols = all initial_destination_concurrency = 5 internal_mail_filter_classes = invalid_hostname_reject_code = 501 ipc_idle = 5s ipc_timeout = 3600s ipc_ttl = 1000s line_length_limit = 2048 lmtp_address_preference = any lmtp_assume_final = no lmtp_bind_address = lmtp_bind_address6 = lmtp_body_checks = lmtp_cname_overrides_servername = no lmtp_connect_timeout = 0s lmtp_connection_cache_destinations = lmtp_connection_cache_on_demand = yes lmtp_connection_cache_time_limit = 2s lmtp_connection_reuse_time_limit = 300s lmtp_data_done_timeout = 600s lmtp_data_init_timeout = 120s lmtp_data_xfer_timeout = 180s lmtp_defer_if_no_mx_address_found = no lmtp_delivery_slot_cost = $default_delivery_slot_cost lmtp_delivery_slot_discount = $default_delivery_slot_discount lmtp_delivery_slot_loan = $default_delivery_slot_loan lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit lmtp_destination_concurrency_limit = $default_destination_concurrency_limit lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback lmtp_destination_rate_delay = $default_destination_rate_delay lmtp_destination_recipient_limit = $default_destination_recipient_limit lmtp_discard_lhlo_keyword_address_maps = lmtp_discard_lhlo_keywords = lmtp_dns_resolver_options = lmtp_enforce_tls = no lmtp_extra_recipient_limit = $default_extra_recipient_limit lmtp_generic_maps = lmtp_header_checks = lmtp_host_lookup = dns lmtp_initial_destination_concurrency = $initial_destination_concurrency lmtp_lhlo_name = $myhostname lmtp_lhlo_timeout = 300s lmtp_line_length_limit = 998 lmtp_mail_timeout = 300s lmtp_mime_header_checks = lmtp_minimum_delivery_slots = $default_minimum_delivery_slots lmtp_mx_address_limit = 5 lmtp_mx_session_limit = 2 lmtp_nested_header_checks = lmtp_per_record_deadline = no lmtp_pix_workaround_delay_time = 10s lmtp_pix_workaround_maps = lmtp_pix_workaround_threshold_time = 500s lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf lmtp_quit_timeout = 300s lmtp_quote_rfc821_envelope = yes lmtp_randomize_addresses = yes lmtp_rcpt_timeout = 300s lmtp_recipient_limit = $default_recipient_limit lmtp_recipient_refill_delay = $default_recipient_refill_delay lmtp_recipient_refill_limit = $default_recipient_refill_limit lmtp_reply_filter = lmtp_rset_timeout = 20s lmtp_sasl_auth_cache_name = lmtp_sasl_auth_cache_time = 90d lmtp_sasl_auth_enable = no lmtp_sasl_auth_soft_bounce = yes lmtp_sasl_mechanism_filter = lmtp_sasl_password_maps = lmtp_sasl_path = lmtp_sasl_security_options = noplaintext, noanonymous lmtp_sasl_tls_security_options = $lmtp_sasl_security_options lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options lmtp_sasl_type = cyrus lmtp_send_dummy_mail_auth = no lmtp_send_xforward_command = no lmtp_sender_dependent_authentication = no lmtp_skip_5xx_greeting = yes lmtp_skip_quit_response = no lmtp_starttls_timeout = 300s lmtp_tcp_port = 24 lmtp_tls_CAfile = lmtp_tls_CApath = lmtp_tls_block_early_mail_reply = no lmtp_tls_cert_file = lmtp_tls_ciphers = export lmtp_tls_dcert_file = lmtp_tls_dkey_file = $lmtp_tls_dcert_file lmtp_tls_eccert_file = lmtp_tls_eckey_file = $lmtp_tls_eccert_file lmtp_tls_enforce_peername = yes lmtp_tls_exclude_ciphers = lmtp_tls_fingerprint_cert_match = lmtp_tls_fingerprint_digest = md5 lmtp_tls_key_file = $lmtp_tls_cert_file lmtp_tls_loglevel = 0 lmtp_tls_mandatory_ciphers = medium lmtp_tls_mandatory_exclude_ciphers = lmtp_tls_mandatory_protocols = !SSLv2 lmtp_tls_note_starttls_offer = no lmtp_tls_per_site = lmtp_tls_policy_maps = lmtp_tls_protocols = !SSLv2 lmtp_tls_scert_verifydepth = 9 lmtp_tls_secure_cert_match = nexthop lmtp_tls_security_level = lmtp_tls_session_cache_database = lmtp_tls_session_cache_timeout = 3600s lmtp_tls_verify_cert_match = hostname lmtp_use_tls = no lmtp_xforward_timeout = 300s local_command_shell = local_delivery_slot_cost = $default_delivery_slot_cost local_delivery_slot_discount = $default_delivery_slot_discount local_delivery_slot_loan = $default_delivery_slot_loan local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit local_destination_concurrency_limit = 2 local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback local_destination_rate_delay = $default_destination_rate_delay local_destination_recipient_limit = 1 local_extra_recipient_limit = $default_extra_recipient_limit local_header_rewrite_clients = permit_inet_interfaces local_initial_destination_concurrency = $initial_destination_concurrency local_minimum_delivery_slots = $default_minimum_delivery_slots local_recipient_limit = $default_recipient_limit local_recipient_maps = $virtual_mailbox_maps local_recipient_refill_delay = $default_recipient_refill_delay local_recipient_refill_limit = $default_recipient_refill_limit local_transport = local:$myhostname luser_relay = mail_name = Postfix mail_owner = postfix mail_release_date = 20130203 mail_spool_directory = /var/mail mail_version = 2.9.6 mailbox_command = mailbox_command_maps = mailbox_delivery_lock = fcntl, dotlock mailbox_size_limit = 51200000 mailbox_transport = mailbox_transport_maps = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maps_rbl_domains = maps_rbl_reject_code = 554 masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root master_service_disable = max_idle = 100s max_use = 100 maximal_backoff_time = 4000s maximal_queue_lifetime = 5d message_reject_characters = message_size_limit = 2000000 message_strip_characters = \0 milter_command_timeout = 30s milter_connect_macros = j {daemon_name} v milter_connect_timeout = 30s milter_content_timeout = 300s milter_data_macros = i milter_default_action = tempfail milter_end_of_data_macros = i milter_end_of_header_macros = i milter_header_checks = milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} milter_macro_daemon_name = $myhostname milter_macro_v = $mail_name $mail_version milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer} milter_protocol = 6 milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} milter_unknown_command_macros = mime_boundary_length_limit = 2048 mime_header_checks = $header_checks mime_nesting_limit = 100 minimal_backoff_time = 300s multi_instance_directories = multi_instance_enable = no multi_instance_group = multi_instance_name = multi_instance_wrapper = multi_recipient_bounce_reject_code = 550 mydestination = $myhostname, localhost.$mydomain mydomain = localdomain myhostname = linux.local mynetworks = 127.0.0.0/8 85.214.148.246/32 [::1]/128 [fe80::]/64 mynetworks_style = subnet myorigin = $mydomain nested_header_checks = $header_checks newaliases_path = /usr/bin/newaliases non_fqdn_reject_code = 504 non_smtpd_milters = notify_classes = resource, software owner_request_special = yes parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps permit_mx_backup_networks = pickup_service_name = pickup plaintext_reject_code = 450 postmulti_control_commands = reload flush postmulti_start_commands = start postmulti_stop_commands = stop abort drain quick-stop postscreen_access_list = permit_mynetworks postscreen_bare_newline_action = ignore postscreen_bare_newline_enable = no postscreen_bare_newline_ttl = 30d postscreen_blacklist_action = ignore postscreen_cache_cleanup_interval = 12h postscreen_cache_map = btree:$data_directory/postscreen_cache postscreen_cache_retention_time = 7d postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit postscreen_command_count_limit = 20 postscreen_command_filter = postscreen_command_time_limit = ${stress?10}${stress:300}s postscreen_disable_vrfy_command = $disable_vrfy_command postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords postscreen_dnsbl_action = ignore postscreen_dnsbl_reply_map = postscreen_dnsbl_sites = postscreen_dnsbl_threshold = 1 postscreen_dnsbl_ttl = 1h postscreen_enforce_tls = $smtpd_enforce_tls postscreen_expansion_filter = $smtpd_expansion_filter postscreen_forbidden_commands = $smtpd_forbidden_commands postscreen_greet_action = ignore postscreen_greet_banner = $smtpd_banner postscreen_greet_ttl = 1d postscreen_greet_wait = ${stress?2}${stress:6}s postscreen_helo_required = $smtpd_helo_required postscreen_non_smtp_command_action = drop postscreen_non_smtp_command_enable = no postscreen_non_smtp_command_ttl = 30d postscreen_pipelining_action = enforce postscreen_pipelining_enable = no postscreen_pipelining_ttl = 30d postscreen_post_queue_limit = $default_process_limit postscreen_pre_queue_limit = $default_process_limit postscreen_reject_footer = $smtpd_reject_footer postscreen_tls_security_level = $smtpd_tls_security_level postscreen_use_tls = $smtpd_use_tls postscreen_watchdog_timeout = 10s postscreen_whitelist_interfaces = static:all prepend_delivered_header = command, file, forward process_id_directory = pid propagate_unmatched_extensions = canonical, virtual proxy_interfaces = proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map proxymap_service_name = proxymap proxywrite_service_name = proxywrite qmgr_clog_warn_time = 300s qmgr_daemon_timeout = 1000s qmgr_fudge_factor = 100 qmgr_ipc_timeout = 60s qmgr_message_active_limit = 20000 qmgr_message_recipient_limit = 20000 qmgr_message_recipient_minimum = 10 qmqpd_authorized_clients = qmqpd_client_port_logging = no qmqpd_error_delay = 1s qmqpd_timeout = 300s queue_directory = /var/spool/postfix queue_file_attribute_count_limit = 100 queue_minfree = 0 queue_run_delay = 300s queue_service_name = qmgr rbl_reply_maps = readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES receive_override_options = recipient_bcc_maps = recipient_canonical_classes = envelope_recipient, header_recipient recipient_canonical_maps = recipient_delimiter = reject_code = 554 reject_tempfail_action = defer_if_permit relay_clientcerts = relay_delivery_slot_cost = $default_delivery_slot_cost relay_delivery_slot_discount = $default_delivery_slot_discount relay_delivery_slot_loan = $default_delivery_slot_loan relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit relay_destination_concurrency_limit = $default_destination_concurrency_limit relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback relay_destination_rate_delay = $default_destination_rate_delay relay_destination_recipient_limit = $default_destination_recipient_limit relay_domains = $mydestination relay_domains_reject_code = 554 relay_extra_recipient_limit = $default_extra_recipient_limit relay_initial_destination_concurrency = $initial_destination_concurrency relay_minimum_delivery_slots = $default_minimum_delivery_slots relay_recipient_limit = $default_recipient_limit relay_recipient_maps = relay_recipient_refill_delay = $default_recipient_refill_delay relay_recipient_refill_limit = $default_recipient_refill_limit relay_transport = relay relayhost = relocated_maps = hash:/etc/postfix/relocated remote_header_rewrite_domain = require_home_directory = no reset_owner_alias = no resolve_dequoted_address = yes resolve_null_domain = no resolve_numeric_domain = no retry_delivery_slot_cost = $default_delivery_slot_cost retry_delivery_slot_discount = $default_delivery_slot_discount retry_delivery_slot_loan = $default_delivery_slot_loan retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit retry_destination_concurrency_limit = $default_destination_concurrency_limit retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback retry_destination_rate_delay = $default_destination_rate_delay retry_destination_recipient_limit = $default_destination_recipient_limit retry_extra_recipient_limit = $default_extra_recipient_limit retry_initial_destination_concurrency = $initial_destination_concurrency retry_minimum_delivery_slots = $default_minimum_delivery_slots retry_recipient_limit = $default_recipient_limit retry_recipient_refill_delay = $default_recipient_refill_delay retry_recipient_refill_limit = $default_recipient_refill_limit rewrite_service_name = rewrite sample_directory = /usr/share/doc/packages/postfix-doc/samples send_cyrus_sasl_authzid = no sender_bcc_maps = sender_canonical_classes = envelope_sender, header_sender sender_canonical_maps = hash:/etc/postfix/sender_canonical sender_dependent_default_transport_maps = sender_dependent_relayhost_maps = sendmail_fix_line_endings = always sendmail_path = /usr/sbin/sendmail service_throttle_time = 60s setgid_group = maildrop show_user_unknown_table_name = yes showq_service_name = showq smtp_address_preference = any smtp_always_send_ehlo = yes smtp_bind_address = smtp_bind_address6 = smtp_body_checks = smtp_cname_overrides_servername = no smtp_connect_timeout = 30s smtp_connection_cache_destinations = smtp_connection_cache_on_demand = yes smtp_connection_cache_time_limit = 2s smtp_connection_reuse_time_limit = 300s smtp_data_done_timeout = 600s smtp_data_init_timeout = 120s smtp_data_xfer_timeout = 180s smtp_defer_if_no_mx_address_found = no smtp_delivery_slot_cost = $default_delivery_slot_cost smtp_delivery_slot_discount = $default_delivery_slot_discount smtp_delivery_slot_loan = $default_delivery_slot_loan smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit smtp_destination_concurrency_limit = $default_destination_concurrency_limit smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback smtp_destination_rate_delay = $default_destination_rate_delay smtp_destination_recipient_limit = $default_destination_recipient_limit smtp_discard_ehlo_keyword_address_maps = smtp_discard_ehlo_keywords = smtp_dns_resolver_options = smtp_enforce_tls = no smtp_extra_recipient_limit = $default_extra_recipient_limit smtp_fallback_relay = $fallback_relay smtp_generic_maps = smtp_header_checks = smtp_helo_name = $myhostname smtp_helo_timeout = 300s smtp_host_lookup = dns smtp_initial_destination_concurrency = $initial_destination_concurrency smtp_line_length_limit = 998 smtp_mail_timeout = 300s smtp_mime_header_checks = smtp_minimum_delivery_slots = $default_minimum_delivery_slots smtp_mx_address_limit = 5 smtp_mx_session_limit = 2 smtp_nested_header_checks = smtp_never_send_ehlo = no smtp_per_record_deadline = no smtp_pix_workaround_delay_time = 10s smtp_pix_workaround_maps = smtp_pix_workaround_threshold_time = 500s smtp_pix_workarounds = disable_esmtp,delay_dotcrlf smtp_quit_timeout = 300s smtp_quote_rfc821_envelope = yes smtp_randomize_addresses = yes smtp_rcpt_timeout = 300s smtp_recipient_limit = $default_recipient_limit smtp_recipient_refill_delay = $default_recipient_refill_delay smtp_recipient_refill_limit = $default_recipient_refill_limit smtp_reply_filter = smtp_rset_timeout = 20s smtp_sasl_auth_cache_name = smtp_sasl_auth_cache_time = 90d smtp_sasl_auth_enable = no smtp_sasl_auth_soft_bounce = yes smtp_sasl_mechanism_filter = smtp_sasl_password_maps = smtp_sasl_path = smtp_sasl_security_options = noplaintext, noanonymous smtp_sasl_tls_security_options = $smtp_sasl_security_options smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options smtp_sasl_type = cyrus smtp_send_dummy_mail_auth = no smtp_send_xforward_command = no smtp_sender_dependent_authentication = no smtp_skip_5xx_greeting = yes smtp_skip_quit_response = yes smtp_starttls_timeout = 300s smtp_tls_CAfile = smtp_tls_CApath = smtp_tls_block_early_mail_reply = no smtp_tls_cert_file = smtp_tls_ciphers = export smtp_tls_dcert_file = smtp_tls_dkey_file = $smtp_tls_dcert_file smtp_tls_eccert_file = smtp_tls_eckey_file = $smtp_tls_eccert_file smtp_tls_enforce_peername = yes smtp_tls_exclude_ciphers = smtp_tls_fingerprint_cert_match = smtp_tls_fingerprint_digest = md5 smtp_tls_key_file = smtp_tls_loglevel = 0 smtp_tls_mandatory_ciphers = medium smtp_tls_mandatory_exclude_ciphers = smtp_tls_mandatory_protocols = !SSLv2 smtp_tls_note_starttls_offer = no smtp_tls_per_site = smtp_tls_policy_maps = smtp_tls_protocols = !SSLv2 smtp_tls_scert_verifydepth = 9 smtp_tls_secure_cert_match = nexthop, dot-nexthop smtp_tls_security_level = smtp_tls_session_cache_database = smtp_tls_session_cache_timeout = 3600s smtp_tls_verify_cert_match = hostname smtp_use_tls = no smtp_xforward_timeout = 300s smtpd_authorized_verp_clients = $authorized_verp_clients smtpd_authorized_xclient_hosts = smtpd_authorized_xforward_hosts = smtpd_banner = $myhostname ESMTP smtpd_client_connection_count_limit = 50 smtpd_client_connection_rate_limit = 0 smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} smtpd_client_message_rate_limit = 0 smtpd_client_new_tls_session_rate_limit = 0 smtpd_client_port_logging = no smtpd_client_recipient_rate_limit = 0 smtpd_client_restrictions = smtpd_command_filter = smtpd_data_restrictions = smtpd_delay_open_until_valid_rcpt = yes smtpd_delay_reject = yes smtpd_discard_ehlo_keyword_address_maps = smtpd_discard_ehlo_keywords = smtpd_end_of_data_restrictions = smtpd_enforce_tls = no smtpd_error_sleep_time = 1s smtpd_etrn_restrictions = smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ smtpd_forbidden_commands = CONNECT GET POST smtpd_hard_error_limit = ${stress?1}${stress:20} smtpd_helo_required = no smtpd_helo_restrictions = smtpd_history_flush_threshold = 100 smtpd_junk_command_limit = ${stress?1}${stress:100} smtpd_milters = smtpd_noop_commands = smtpd_null_access_lookup_key = <> smtpd_peername_lookup = yes smtpd_per_record_deadline = ${stress?yes}${stress:no} smtpd_policy_service_max_idle = 300s smtpd_policy_service_max_ttl = 1000s smtpd_policy_service_timeout = 100s smtpd_proxy_ehlo = $myhostname smtpd_proxy_filter = smtpd_proxy_options = smtpd_proxy_timeout = 100s smtpd_recipient_limit = 1000 smtpd_recipient_overshoot_limit = 1000 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_reject_footer = smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = no smtpd_restriction_classes = smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_exceptions_networks = smtpd_sasl_local_domain = smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_sender_login_maps = smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_service_name = smtpd smtpd_soft_error_limit = 10 smtpd_starttls_timeout = ${stress?10}${stress:300}s smtpd_timeout = ${stress?10}${stress:300}s smtpd_tls_CAfile = smtpd_tls_CApath = smtpd_tls_always_issue_session_ids = yes smtpd_tls_ask_ccert = no smtpd_tls_auth_only = no smtpd_tls_ccert_verifydepth = 9 smtpd_tls_cert_file = smtpd_tls_ciphers = export smtpd_tls_dcert_file = smtpd_tls_dh1024_param_file = smtpd_tls_dh512_param_file = smtpd_tls_dkey_file = $smtpd_tls_dcert_file smtpd_tls_eccert_file = smtpd_tls_eckey_file = $smtpd_tls_eccert_file smtpd_tls_eecdh_grade = strong smtpd_tls_exclude_ciphers = smtpd_tls_fingerprint_digest = md5 smtpd_tls_key_file = smtpd_tls_loglevel = 0 smtpd_tls_mandatory_ciphers = medium smtpd_tls_mandatory_exclude_ciphers = smtpd_tls_mandatory_protocols = !SSLv2 smtpd_tls_protocols = smtpd_tls_received_header = no smtpd_tls_req_ccert = no smtpd_tls_security_level = smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_tls_wrappermode = no smtpd_use_tls = no soft_bounce = no stale_lock_time = 500s stress = strict_7bit_headers = no strict_8bitmime = no strict_8bitmime_body = no strict_mailbox_ownership = yes strict_mime_encoding_domain = no strict_rfc821_envelopes = no sun_mailtool_compatibility = no swap_bangpath = yes syslog_facility = mail syslog_name = ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name} tcp_windowsize = 0 tls_append_default_CA = no tls_daemon_random_bytes = 32 tls_disable_workarounds = tls_eecdh_strong_curve = prime256v1 tls_eecdh_ultra_curve = secp384r1 tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH tls_legacy_public_key_fingerprints = no tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH tls_null_cipherlist = eNULL:!aNULL tls_preempt_cipherlist = no tls_random_bytes = 32 tls_random_exchange_name = ${data_directory}/prng_exch tls_random_prng_update_period = 3600s tls_random_reseed_period = 3600s tls_random_source = dev:/dev/urandom tlsproxy_enforce_tls = $smtpd_enforce_tls tlsproxy_service_name = tlsproxy tlsproxy_tls_CAfile = $smtpd_tls_CAfile tlsproxy_tls_CApath = $smtpd_tls_CApath tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth tlsproxy_tls_cert_file = $smtpd_tls_cert_file tlsproxy_tls_ciphers = $smtpd_tls_ciphers tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest tlsproxy_tls_key_file = $smtpd_tls_key_file tlsproxy_tls_loglevel = $smtpd_tls_loglevel tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols tlsproxy_tls_protocols = $smtpd_tls_protocols tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert tlsproxy_tls_security_level = $smtpd_tls_security_level tlsproxy_tls_session_cache_timeout = $smtpd_tls_session_cache_timeout tlsproxy_use_tls = $smtpd_use_tls tlsproxy_watchdog_timeout = 10s trace_service_name = trace transport_maps = hash:/etc/postfix/transport transport_retry_time = 60s trigger_timeout = 10s undisclosed_recipients_header = unknown_address_reject_code = 450 unknown_address_tempfail_action = $reject_tempfail_action unknown_client_reject_code = 450 unknown_helo_hostname_tempfail_action = $reject_tempfail_action unknown_hostname_reject_code = 450 unknown_local_recipient_reject_code = 550 unknown_relay_recipient_reject_code = 550 unknown_virtual_alias_reject_code = 550 unknown_virtual_mailbox_reject_code = 550 unverified_recipient_defer_code = 450 unverified_recipient_reject_code = 450 unverified_recipient_reject_reason = unverified_recipient_tempfail_action = $reject_tempfail_action unverified_sender_defer_code = 450 unverified_sender_reject_code = 450 unverified_sender_reject_reason = unverified_sender_tempfail_action = $reject_tempfail_action verp_delimiter_filter = -=+ virtual_alias_domains = hash:/etc/postfix/virtual virtual_alias_expansion_limit = 1000 virtual_alias_maps = mysql:/etc/postfix/virtmysql/mysql-aliases.cf virtual_alias_recursion_limit = 1000 virtual_delivery_slot_cost = $default_delivery_slot_cost virtual_delivery_slot_discount = $default_delivery_slot_discount virtual_delivery_slot_loan = $default_delivery_slot_loan virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit virtual_destination_concurrency_limit = $default_destination_concurrency_limit virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback virtual_destination_rate_delay = $default_destination_rate_delay virtual_destination_recipient_limit = $default_destination_recipient_limit virtual_extra_recipient_limit = $default_extra_recipient_limit virtual_gid_maps = virtual_initial_destination_concurrency = $initial_destination_concurrency virtual_mailbox_base = virtual_mailbox_domains = mysql:/etc/postfix/virtmysql/mysql-domains.cf virtual_mailbox_limit = 51200000 virtual_mailbox_limit_inbox = no virtual_mailbox_limit_maps = virtual_mailbox_limit_override = no virtual_mailbox_lock = fcntl, dotlock virtual_mailbox_maps = mysql:/etc/postfix/virtmysql/mysql-maps.cf virtual_maildir_extended = no virtual_maildir_filter = no virtual_maildir_filter_maps = virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. virtual_maildir_limit_message_maps = virtual_maildir_suffix = virtual_minimum_delivery_slots = $default_minimum_delivery_slots virtual_minimum_uid = 100 virtual_overquota_bounce = no virtual_recipient_limit = $default_recipient_limit virtual_recipient_refill_delay = $default_recipient_refill_delay virtual_recipient_refill_limit = $default_recipient_refill_limit virtual_transport = lmtp:unix:private/dovecot-lmtp virtual_trash_count = no virtual_trash_name = .Trash virtual_uid_maps = From h.reindl at thelounge.net Fri Jun 13 11:02:03 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 13 Jun 2014 13:02:03 +0200 Subject: Dovecot and Postfix - dovecot doesn't create sockets In-Reply-To: <539ACA52.3010201@imail.de> References: <539ACA52.3010201@imail.de> Message-ID: <539ADA2B.3030007@thelounge.net> Am 13.06.2014 11:54, schrieb Bernd Weber: > Problem: Sockets /var/spool/postfix/private/auth and /var/spool/postfix/private/dovecot-lmtp are not created > > The only error message I get comes from postfix: no auth (SASL) founhd. Takes np wonder, the s ockets don't exist. > Any help is welcome. not a dovecot problem look for SELinux, Capabilities and whatever SMACK -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From skdovecot at smail.inf.fh-brs.de Fri Jun 13 13:22:48 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 13 Jun 2014 15:22:48 +0200 (CEST) Subject: [Dovecot] doveadm index - Bug or expected behaviour? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 5 Jun 2014, Bruno Galindro da Costa wrote: > My ldap config is using the variable %d in base search for domain > replacement when dovecot will search for users in LDAP. Its works fine for > dovecot operation. > > But, for doveadm index, not. It ignores that variable and tries to pass a > base search without domain. So, the search will not working. > > This is the command: > # doveadm -v index -A INBOX > > > This is my config: > # cat /etc/dovecot/dovecot-ldap-userdb.conf > hosts = 10.0.0.1 > tls = no > auth_bind = no > ldap_version = 3 > base = ou=%d,ou=mail,ou=services,dc=domain > scope = subtree > deref = never > user_filter = (& (cn=%n)(objectclass=nisMailAlias)(ContaAtiva=TRUE) ) > user_attrs = > cn=rfc822mailmember,EmailQuota=quota_rule=*:storage=%$M,EmailQuotaSpecial=quota_rule=*:storage=%$M,eduPersonPrincipalName=eppn Do you use rfc822mailmember and eppn somewhere? They are no Dovecot field names, IMHO. Same question applies to EmailQuota and EmailQuotaSpecial as they both expand to quota_rule. > iterate_filter = > (&(objectclass=nisMailAlias)(ContaAtiva=TRUE)(!(EmailQuota=0))) > iterate_attrs = rfc822mailmember=user Does rfc822mailmember contain the domain? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5r7KHz1H7kL/d9rAQJtdwf/Z9dG1F16zPtRLyKnBWZM/G2hnrwhP43+ bWoVzcsRxSaP1U/Wku+mOsgJT+4tH/KjOgZHxgKn+/O91zlRWwQJwOGn+t3Qq+lH L3uiW0iZ93rvEbfTXYyxiSutJNCRMjVv9CU6ZfuR7wo0mqUhu6PNE4mJYplQ65ym 1nS1w2HTkCf+BixDJg1ZZ5vsW44T+da18dSu3bqzdWOEGybuJDknNk6W2hLjElQk oyxi5KISWzIimB7UJom1577I3Xzt7II6wOf/Wq9Rqg4jNn6Fwmy4lFuDcSScv9H+ GGC3TvtqmVLbOgEYkRSKgnx2MBpoXln1IhRTmpH6dPO97E3WCq9YGQ== =q2h+ -----END PGP SIGNATURE----- From bernd at petrovitsch.priv.at Fri Jun 13 13:36:49 2014 From: bernd at petrovitsch.priv.at (Bernd Petrovitsch) Date: Fri, 13 Jun 2014 15:36:49 +0200 Subject: Dovecot and Postfix - dovecot doesn't create sockets In-Reply-To: <539ACA52.3010201@imail.de> References: <539ACA52.3010201@imail.de> Message-ID: <1402666613.15296.1.camel@thorin> Hi! On Fre, 2014-06-13 at 11:54 +0200, Bernd Weber wrote: [...] > Problem: Sockets /var/spool/postfix/private/auth and > /var/spool/postfix/private/dovecot-lmtp are not created > > The only error message I get comes from postfix: no auth (SASL) founhd. > Takes np wonder, the s ockets don't exist. Any help is welcome. Look in the log files for the error message. Bernd -- "I dislike type abstraction if it has no real reason. And saving on typing is not a good reason - if your typing speed is the main issue when you're coding, you're doing something seriously wrong." - Linus Torvalds From weber.bernd at imail.de Fri Jun 13 13:53:48 2014 From: weber.bernd at imail.de (Bernd Weber) Date: Fri, 13 Jun 2014 15:53:48 +0200 Subject: Dovecot and Postfix - dovecot doesn't create sockets In-Reply-To: <1402666613.15296.1.camel@thorin> References: <539ACA52.3010201@imail.de> <1402666613.15296.1.camel@thorin> Message-ID: <539B026C.1000606@imail.de> Thank you very much for your advice, but that error of postfx I got from the error-log. Dovecot doesn't complain. It only doesn't create the sockets, I have in the service section of 10-master.conf Am 13.06.2014 15:36, schrieb Bernd Petrovitsch: > Hi! > > On Fre, 2014-06-13 at 11:54 +0200, Bernd Weber wrote: > [...] >> Problem: Sockets /var/spool/postfix/private/auth and >> /var/spool/postfix/private/dovecot-lmtp are not created >> >> The only error message I get comes from postfix: no auth (SASL) founhd. >> Takes np wonder, the s ockets don't exist. Any help is welcome. > Look in the log files for the error message. > > Bernd From h.reindl at thelounge.net Fri Jun 13 14:02:23 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 13 Jun 2014 16:02:23 +0200 Subject: Dovecot and Postfix - dovecot doesn't create sockets In-Reply-To: <539B026C.1000606@imail.de> References: <539ACA52.3010201@imail.de> <1402666613.15296.1.camel@thorin> <539B026C.1000606@imail.de> Message-ID: <539B046F.4040708@thelounge.net> Am 13.06.2014 15:53, schrieb Bernd Weber: > Thank you very much for your advice, but that error of postfx I got from the error-log. Dovecot doesn't complain. > It only doesn't create the sockets, I have in the service section of 10-master.conf > > Am 13.06.2014 15:36, schrieb Bernd Petrovitsch: > >> On Fre, 2014-06-13 at 11:54 +0200, Bernd Weber wrote: >> [...] >>> Problem: Sockets /var/spool/postfix/private/auth and >>> /var/spool/postfix/private/dovecot-lmtp are not created >>> >>> The only error message I get comes from postfix: no auth (SASL) founhd. >>> Takes np wonder, the s ockets don't exist. Any help is welcome. >> Look in the log files for the error message you still did not answer if you have SELinux or something like that running or how your FS permissions recursive down from /var/spool are - something just prevents dovecot to create the files which is not dovecot itself i googled that for you: http://www.howtoforge.com/postfix-dovecot-warning-sasl-connect-to-private-auth-failed-no-such-file-or-directory#comment-33245 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From bernd at petrovitsch.priv.at Fri Jun 13 14:22:39 2014 From: bernd at petrovitsch.priv.at (Bernd Petrovitsch) Date: Fri, 13 Jun 2014 16:22:39 +0200 Subject: Dovecot and Postfix - dovecot doesn't create sockets In-Reply-To: <539B026C.1000606@imail.de> References: <539ACA52.3010201@imail.de> <1402666613.15296.1.camel@thorin> <539B026C.1000606@imail.de> Message-ID: <1402669360.15296.4.camel@thorin> On Fre, 2014-06-13 at 15:53 +0200, Bernd Weber wrote: > Thank you very much for your advice, but that error of postfx I got from > the error-log. Dovecot doesn't complain. It only doesn't create the > sockets, I have in the service section of 10-master.conf There should be more somewhere with "permission denied" or similar somewhere - the more useful programs log everything possibly strange. Additionally you could start 'dovecot' under "strace" - e.g. `strace -o dovecot.strace ...` and look for the socket() sys-calls for an error. Bernd -- "I dislike type abstraction if it has no real reason. And saving on typing is not a good reason - if your typing speed is the main issue when you're coding, you're doing something seriously wrong." - Linus Torvalds From weber.bernd at imail.de Fri Jun 13 16:24:29 2014 From: weber.bernd at imail.de (Bernd Weber) Date: Fri, 13 Jun 2014 18:24:29 +0200 Subject: Dovecot and Postfix - dovecot doesn't create sockets In-Reply-To: <539B046F.4040708@thelounge.net> References: <539ACA52.3010201@imail.de> <1402666613.15296.1.camel@thorin> <539B026C.1000606@imail.de> <539B046F.4040708@thelounge.net> Message-ID: <539B25BD.4060406@imail.de> Oh sorry. I didn't see that it was a question. We ve got a ROOT-Server. I decided for SuSe 13.1 as operating system. The basic configuration has the package libselinux1 installed. After your post I installed with zypper selinux-tools in the hope they come with a utility for checking whats going on. Besides in /var/spool/postfix/private are sockets with owner postfix:postfix - Am 13.06.2014 16:02, schrieb Reindl Harald: > > Am 13.06.2014 15:53, schrieb Bernd Weber: >> Thank you very much for your advice, but that error of postfx I got from the error-log. Dovecot doesn't complain. >> It only doesn't create the sockets, I have in the service section of 10-master.conf >> >> Am 13.06.2014 15:36, schrieb Bernd Petrovitsch: >> >>> On Fre, 2014-06-13 at 11:54 +0200, Bernd Weber wrote: >>> [...] >>>> Problem: Sockets /var/spool/postfix/private/auth and >>>> /var/spool/postfix/private/dovecot-lmtp are not created >>>> >>>> The only error message I get comes from postfix: no auth (SASL) founhd. >>>> Takes np wonder, the s ockets don't exist. Any help is welcome. >>> Look in the log files for the error message > you still did not answer if you have SELinux or something like that > running or how your FS permissions recursive down from /var/spool > are - something just prevents dovecot to create the files which > is not dovecot itself > > i googled that for you: > > http://www.howtoforge.com/postfix-dovecot-warning-sasl-connect-to-private-auth-failed-no-such-file-or-directory#comment-33245 > From weber.bernd at imail.de Sat Jun 14 10:07:40 2014 From: weber.bernd at imail.de (Bernd Weber) Date: Sat, 14 Jun 2014 12:07:40 +0200 Subject: Dovecot and Postfix - dovecot doesn't create sockets In-Reply-To: <1402669360.15296.4.camel@thorin> References: <539ACA52.3010201@imail.de> <1402666613.15296.1.camel@thorin> <539B026C.1000606@imail.de> <1402669360.15296.4.camel@thorin> Message-ID: <539C1EEC.3060806@imail.de> Thank you very much, Bernd, for your good advice. Though I know strace, strange enough, I hadn't the idea myself to use it. But what's stranger: to run dovecot under strace I stopped everythin and didn't start strace with: service dovecot start, but directly, an oh miracle, the sockets are created. I didn't test yet if they work, but we will see. When I find some time, I will trace the failure. And, oh shame, I mustrusted dovecot. CU Bernd On 13.06.2014 16:22, Bernd Petrovitsch wrote: > On Fre, 2014-06-13 at 15:53 +0200, Bernd Weber wrote: >> Thank you very much for your advice, but that error of postfx I got from >> the error-log. Dovecot doesn't complain. It only doesn't create the >> sockets, I have in the service section of 10-master.conf > There should be more somewhere with "permission denied" or similar > somewhere - the more useful programs log everything possibly strange. > > Additionally you could start 'dovecot' under "strace" - e.g. `strace -o > dovecot.strace ...` and look for the socket() sys-calls for an error. > > Bernd From nick.z.edwards at gmail.com Sun Jun 15 11:41:38 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Sun, 15 Jun 2014 21:41:38 +1000 Subject: [Dovecot] Outlook 2007 & 2010 hangs in v2.2? In-Reply-To: References: <67d79b33a728a1d2f4948b1f2dc91d89@xecu.net> Message-ID: The dude you forced to leave the list last year tweeted about this problem in February, so it was noticed back then, apparently Noel said "CBF reporting the issue as the fucker would ignore me anyway, 'n if he did read it, wld prolly blame my config" I'll forward your patch and see what he says LOL On 6/10/14, Timo Sirainen wrote: > On 9.6.2014, at 20.49, Andy Dills wrote: > >>>> Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) >>>> hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're >>>> FETCHing large mails? I can't think of any reasonable explanation for >>>> this. >>> >>> Most likely solved by: http://hg.dovecot.org/dovecot-2.2/rev/6a9508d28d34 >>> [1] >>> >>> Strange that it didn't break more commonly or that more people weren't >>> complaining about it.. The bug has been there since v2.2.7. >> >> Thank you Timo. This patch did indeed correct the problem, we had no >> problem doing full syncs with the problematic accounts after >> implementing this. >> >> Is it perhaps something that only happens with directory/proxy >> environments? I'm surprised it hasn't been mentioned before, I figured >> it was something particular to our implementation since nobody else was >> mentioning it, until you did. >> >> Fascinating to me that it only affects Outlook as well. I don't >> understand the code well enough to grasp the impact of the bug, so if >> somebody has a minute to share an explanation that would be cool. > > Only happened when using Dovecot proxy. Only happened if client sent a > command while another long running command was already sending data. So > basically if Outlook started downloading a large mail on background and user > clicked another mail, the already running FETCH was stopped because Outlook > sent another FETCH command to the same connection. I guess Outlook was the > only client to do that. > From stephan at rename-it.nl Mon Jun 16 06:44:25 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 16 Jun 2014 08:44:25 +0200 Subject: [Dovecot] Pigeonhole and dsync replication not replicating 'SETACTIVE' for a sieve script In-Reply-To: <538CE89E.2040301@gmail.com> References: <538CE89E.2040301@gmail.com> Message-ID: <539E9249.2040801@rename-it.nl> On 6/2/2014 11:11 PM, Skeffling wrote: > Hello, > > I'm testing dovecot replication alongside pigeonhole and liking it. > > Dovecot v2.2.13 > Pigeonhole v0.4.3 > > If I create or edit a sieve script on one server (via managesieve, using > the thunderbird plugin as it happens) then it does get replicated to the > other - great! > > However, if I set a script to be active (SETACTIVE) on one side then > this is not being replicated across to the other server. > > Is this a known issue? It is not. Could you send us your full configuration (output from `dovecot -n`). Regards, Stephan. From iavor at icdsoft.com Mon Jun 16 08:13:07 2014 From: iavor at icdsoft.com (Iavor Stoev) Date: Mon, 16 Jun 2014 11:13:07 +0300 Subject: BUG: Mail folder with space in its name is not supported in the global acl file Message-ID: <539EA713.5040002@icdsoft.com> Hello, I use Dovecot 2.2.13 The syntax of my global acl file is: cat /etc/dovecot/acls INBOX.Junk Mail owner lrwstiae The error is: Error: Global ACL file /etc/dovecot/acls line 1: Unknown ID 'Mail' I tried to escape it with "",'',/ and enclose the whole name with "" & '' without success If I change the rule to: INBOX.JunkMail owner lrwstiae or INBOX.Junk?Mail owner lrwstiae The acl works fine. Please advise how to apply the acl rule for the folder with a space in its name? Thank you Iavor Stoev Project Manager // Head of System & Network Administration Department From pw at wk-serv.de Mon Jun 16 10:57:48 2014 From: pw at wk-serv.de (Patrick Westenberg) Date: Mon, 16 Jun 2014 12:57:48 +0200 Subject: connection to director (lmtp) time out Message-ID: <539ECDAC.9090100@wk-serv.de> Hi all, I'm running two directors with lmtp proxy as relay transport for my mail exchangers. relay_transport = lmtp:inet:dovecot-directors.example.net dovecot-directors.example.net resolves to 172.17.1.3 and 172.17.1.4 Now, .3 is down and Postfix tries to deliver it to .4 but this connection gets a timeout: (delivery temporarily suspended: connect to 172.17.1.4[172.17.1.4]:24: Connection timed out There is no log entry on the director. Can anyone give me a hint how to solve this or maybe optimize my configuration? Regards Patrick auth_mechanisms = plain login default_process_limit = 150 director_mail_servers = 172.17.1.2 director_servers = 172.17.1.4 172.17.1.3 director_user_expire = 5 mins lmtp_proxy = yes log_path = /var/log/dovecot.log managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { user = dovecot } } service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { address = 172.17.1.4 port = 9090 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director } service lmtp { inet_listener lmtp { address = 172.17.1.4 port = 24 } } service managesieve-login { executable = managesieve-login director inet_listener sieve { port = 4190 } } service pop3-login { executable = pop3-login director } ssl_cert = Hello, When I upgraded my servers to dovecot 2.2.13 the monitoring tool monit started to send out warnings that it couldn't reach my imap/pop3 servers through ssl any more. The same problem didn't happen on non-ssl-connections. According to people on the monit list this is likely a dovecot issue: https://lists.gnu.org/archive/html/monit-general/2014-06/msg00031.html Let me quote: > the root cause of the error is, that dovecot 2.2.13 closes the > connection if SSL is used in response to LOGOUT command instead of > sending usual response. When no SSL is enabled, dovecot responses to > LOGOUT command normally. [...] > According to RFC 3501 (http://tools.ietf.org/html/rfc3501), LOGOUT is > any-state command, where the server MUST send response before closing > the connection: http://tools.ietf.org/html/rfc3501#section-3.4 > > => the problem is caused by dovecot 2.2.13 bug ... its behaviour is > inconsistent (LOGOUT in non-authenticated state works per RFC > requirement if no SSL is used and doesn't conform to RFC if SSL is > used). It is possible that the problem is related to their DoS-attack > modification, which has most probably unexpected side-effect. Maybe this is related to the DDoS-protection measures that have been added in dovecot 2.2.13. Would apprechiate if someone could have a look. cu, -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From teemu.huovila at dovecot.fi Mon Jun 16 12:58:38 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Mon, 16 Jun 2014 15:58:38 +0300 Subject: Problems with dovecot 2.2.13 and monit In-Reply-To: <20140616143513.798ed659@hboeck.de> References: <20140616143513.798ed659@hboeck.de> Message-ID: <539EE9FE.1080808@dovecot.fi> On 06/16/2014 03:35 PM, Hanno B?ck wrote:>> => the problem is caused by dovecot 2.2.13 bug ... its behaviour is >> inconsistent (LOGOUT in non-authenticated state works per RFC >> requirement if no SSL is used and doesn't conform to RFC if SSL is >> used). It is possible that the problem is related to their DoS-attack >> modification, which has most probably unexpected side-effect. This was fixed in commits http://hg.dovecot.org/dovecot-2.2/rev/09d3c9c6f0ad and http://hg.dovecot.org/dovecot-2.2/rev/7129fe8bc260 so it will work better in the next release. br, Teemu Huovila From Ralf.Hildebrandt at charite.de Mon Jun 16 13:45:49 2014 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Mon, 16 Jun 2014 15:45:49 +0200 Subject: SIGSEGV in 2.2.13 with IMAP Proxying to an Exchange Server Message-ID: <20140616134549.GM20042@charite.de> 100% reproducible. User is using alpine to write an email. Continue postponed composition (answering "No" won't erase it)? y -> [>Empty folder! No messages really postponed!<] Can't delete {mproxy.charite.de/ssl/novalidate-cert/user=theusername}postponed-msgs Setup: ====== http://wiki2.dovecot.org/HowTo/ImapcProxy coredump available for further inspection Full backtrace: =============== Attaching to program: /usr/lib/dovecot/imap, process 15573 [New LWP 15573] Core was generated by `dovecot/imap'. Program terminated with signal SIGSEGV, Segmentation fault. #0 imapc_client_mailbox_cmd (box=0x0, callback=callback at entry=0x7f6ba2ed40e0 , context=context at entry=0x7fff68b7f1a0) at imapc-client.c:351 #0 imapc_client_mailbox_cmd (box=0x0, callback=callback at entry=0x7f6ba2ed40e0 , context=context at entry=0x7fff68b7f1a0) at imapc-client.c:351 cmd = __FUNCTION__ = "imapc_client_mailbox_cmd" #1 0x00007f6ba2ed4815 in imapc_mailbox_noop (mbox=mbox at entry=0x1294060) at imapc-storage.c:154 cmd = sctx = {client = 0x123b400, ret = -2} #2 0x00007f6ba2ed2d30 in imapc_mailbox_sync_init (box=0x1294060, flags=(MAILBOX_SYNC_FLAG_FULL_READ | MAILBOX_SYNC_FLAG_FIX_INCONSISTENT)) at imapc-sync.c:476 mbox = 0x1294060 list = capabilities = changes = true ret = 0 #3 0x00007f6ba2ee53c9 in mailbox_sync_init (box=box at entry=0x1294060, flags=(MAILBOX_SYNC_FLAG_FULL_READ | MAILBOX_SYNC_FLAG_FIX_INCONSISTENT)) at mail-storage.c:1677 _data_stack_cur_id = 4 ctx = #4 0x00007f6ba2ee54d7 in mailbox_sync (box=box at entry=0x1294060, flags=, flags at entry=MAILBOX_SYNC_FLAG_FULL_READ) at mail-storage.c:1725 ctx = 0x1294060 status = {sync_delayed_expunges = 0} #5 0x00007f6ba2f0fdcb in mailbox_expunge_all_data (box=0x1294060) at index-storage.c:648 ctx = 0x7fff68b7f35c t = 0x7fff68b7f35c mail = 0x0 search_args = 0x0 #6 index_storage_mailbox_delete (box=0x1294060) at index-storage.c:701 metadata = {guid = "\000\000\000\000\000\000\000\000\030\377\347\242\000\000\000", virtual_size = 19480672, cache_fields = 0x0, precache_fields = (MAIL_FETCH_RECEIVED_DATE | MAIL_FETCH_SAVE_DATE | MAIL_FETCH_PHYSICAL_SIZE | MAIL_FETCH_IMAP_ENVELOPE | MAIL_FETCH_UIDL_FILE_NAME | MAIL_FETCH_GUID | unknown: 16777216), backend_ns_prefix = 0x7f6ba2ee64b0 "\211\302\061\300\205\322x\bH\203\304\030[]?\366\203\230\002", backend_ns_type = (unknown: 0)} status = {messages = 0, recent = 0, unseen = 19029536, uidvalidity = 0, uidnext = 1, first_unseen_seq = 0, first_recent_uid = 2730247353, last_cached_seq = 32619, highest_modseq = 19480672, highest_pvt_modseq = 140100271760191, keywords = 0x1, permanent_flags = 0, permanent_keywords = 0, allow_new_keywords = 0, nonpermanent_modseqs = 0, no_modseq_tracking = 0, have_guids = 0, have_save_guids = 0, have_only_guid128 = 0} ret_guid = #7 0x00007f6ba2ee66a7 in mailbox_delete (box=0x1294060) at mail-storage.c:1319 ret = #8 0x000000000040d0e1 in cmd_delete (cmd=0x125ce40) at cmd-delete.c:39 client = ns = box = 0x1294060 name = 0x121b2b8 "postponed-msgs" errstr = error = 32767 disconnect = false #9 0x0000000000416cfc in command_exec (cmd=0x125ce40) at imap-commands.c:158 hook = 0x12240e0 ret = #10 0x0000000000415d5f in client_command_input (cmd=0x125ce40) at imap-client.c:778 client = 0x1268c10 command = __FUNCTION__ = "client_command_input" #11 0x0000000000415e15 in client_command_input (cmd=0x125ce40) at imap-client.c:839 client = 0x1268c10 command = __FUNCTION__ = "client_command_input" #12 0x0000000000416115 in client_handle_next_command (remove_io_r=, client=0x1268c10) at imap-client.c:877 No locals. #13 client_handle_input (client=client at entry=0x1268c10) at imap-client.c:889 _data_stack_cur_id = 3 remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" #14 0x00000000004164a2 in client_input (client=0x1268c10) at imap-client.c:931 cmd = 0x1234630 output = 0x125cd30 bytes = 32 __FUNCTION__ = "client_input" #15 0x00007f6ba2c19e6f in io_loop_call_io (io=0x125ae10) at ioloop.c:441 ioloop = 0x1223730 t_id = 2 __FUNCTION__ = "io_loop_call_io" #16 0x00007f6ba2c1ad77 in io_loop_handler_run_internal (ioloop=ioloop at entry=0x1223730) at ioloop-epoll.c:220 ctx = 0x12243c0 list = 0x1225e20 io = tv = {tv_sec = 1739, tv_usec = 977960} events_count = msecs = ret = 1 i = 0 call = __FUNCTION__ = "io_loop_handler_run_internal" #17 0x00007f6ba2c19ed9 in io_loop_handler_run (ioloop=ioloop at entry=0x1223730) at ioloop.c:488 No locals. #18 0x00007f6ba2c19f58 in io_loop_run (ioloop=0x1223730) at ioloop.c:465 __FUNCTION__ = "io_loop_run" #19 0x00007f6ba2bc9133 in master_service_run (service=0x12235c0, callback=callback at entry=0x41ee50 ) at master-service.c:566 No locals. #20 0x000000000040b06f in main (argc=1, argv=0x1223390) at main.c:400 set_roots = {0x426ca0 , 0x0} login_set = {auth_socket_path = 0x121b048 "\001", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x41f200 , failure_callback = 0x41ef30 , request_auth_token = 1} service_flags = storage_service_flags = username = 0x0 c = -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From pch at myzel.net Mon Jun 16 20:17:46 2014 From: pch at myzel.net (Peter Chiochetti) Date: Mon, 16 Jun 2014 22:17:46 +0200 Subject: ACL group-override question Message-ID: <539F50EA.2000808@myzel.net> Trying to get ACLs working, very basic setup: Virtual users are put into different acl_group via passdb. > u:{PLAIN}B::::::userdb_acl_groups=g The global acl file restricts what they can do. > * group-override=g > * group=g lr Shouldn't this mean, that the group rights override the user rights? The effect that I see though is, that the user "u" then may not do anything, not even lookup and read. The wiki text is not fully clear to me: It tells about disabling access fully (probably by specifying a non-existent group?). But this can only be one way to use group_override? -- peter From deano-dovecot at areyes.com Tue Jun 17 02:50:45 2014 From: deano-dovecot at areyes.com (deano-dovecot at areyes.com) Date: Mon, 16 Jun 2014 22:50:45 -0400 Subject: [Dovecot] Replication with virtual users and static userdb possible =?UTF-8?Q?=3F?= In-Reply-To: References: Message-ID: I'm trying to avoid switching the userdb from a nice simple static setup to something else to enable replication. Is there anyone using replication with a virtual user configuration ? How did you do it ? Actually, anyone doing replication at all - what does your config look like ? Thanks - D. On 2014-06-03 11:54, deano-dovecot at areyes.com wrote: > Is it possible to get replication working in a virtual user setup > that uses a static userdb ? My environment is fairly simple and typical > - there's a single system user (vmail) that owns all the home dirs > (/var/mail/domain.com/user). The virtual users > (userid at domain.com:secretpassword) are kept in a single file > (/var/mail/domain.com/PASSWD) that's unique per domain, and referenced > as a static userdb : > > passdb { > driver = passwd-file > args = scheme=plain username_format=%u /var/mail/%d/PASSWD > } > > userdb { > driver = static > args = uid=vmail gid=vmail home=/var/mail/%d/%n > } > > I know the > wiki http://wiki2.dovecot.org/Replication states that user listing must > be enabled, but that's not available for a static userdb. The wiki > http://wiki2.dovecot.org/UserDatabase/Static also says that it shouldn't > be a problem because it will use do a passdb lookup instead (except for > PAM which isn't used here). > > Unfortunately, it's not working. I've testing with ssh : > > dsync_remote_cmd = ssh -l vmail %{host} doveadm > dsync-server -u%u -l%{lock_timeout} -n%{namespace} > mail_replica = > remote:vmail at server2.domain.com > as well as with straight tcp (SSL for > later) > > mail_replica = tcp:server2.domain.com:999 > > /var/log/mail.err shows the problems ... > > Jun 3 11:30:53 server1 dovecot: auth: Error: Trying to iterate users, but userdbs don't support it > Jun 3 11:30:53 server1 dovecot: replicator: Error: User listing returned failure > Jun 3 11:30:53 server1 dovecot: replicator: Error: listing users failed, can't replicate existing data > > Anyone else have it working ? I'm sure it's something simple that I've just overlooked. From amateo at um.es Tue Jun 17 10:42:54 2014 From: amateo at um.es (Angel L. Mateo) Date: Tue, 17 Jun 2014 12:42:54 +0200 Subject: Accessing a user mailbox from another user Message-ID: <53A01BAE.2090604@um.es> Hello, I'm looking for something maybe similar to master password but for final users and I don't know if there is already a way I could do it with dovecot. I have accounts that are used by a set of users who know their password. But I now want to remove this shared password and the users has to access to this shared account with their own password. Using shared folders is not an option (at least, not the first option) because of the behaviour our users are familiar with, such as: * They have and manage different sieve filters for the account * They have thier own Sent, Drafts, SPAM... for this shared account and their email client recognizes them as it (because they have its own account). What I'm looking for is something similar to master password, but for a user identifying as another regular user, not the "master" one. Do you know if there already is a way to configure a similar behaviour? I'm planning to configure an user and authentication backend (maybe pam) that gets users as $ and the realuser password, checks if should access to and then returns mail location to dovecot. Any idea? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 868888337 From giom87 at libero.it Tue Jun 17 12:11:14 2014 From: giom87 at libero.it (Giovanni Mancuso) Date: Tue, 17 Jun 2014 14:11:14 +0200 Subject: [Dovecot] Problem in Search IMAP with spaces in Subject In-Reply-To: <538D9062.3000101@libero.it> References: <538D9062.3000101@libero.it> Message-ID: <53A03062.8040502@libero.it> Hi, anyone has this problem? Il 03/06/2014 11:07, Giovanni Mancuso ha scritto: > Hi, > > I deliver a test email (with 4 spaces in subject) into a maildir: > > Return-Path: > Delivered-To: > Received: from suse11 ([10.0.8.7]) > by suse11 (Dovecot) with LMTP id Pf6zDTCaiFOUXwAA4Q5jHg > for ; Fri, 30 May 2014 16:48:16 +0200 > From: > To: > Message-ID: <9704BC6A-28D9-CBF2-A1D6-DD54F6AA9D9D at newsvilpec.babel.it> > Subject: Test 4 Spaces > > Test > > But, if i search this email with 4 spaces in subject i don't find anthing: > > telnet 0 143 > Trying 0.0.0.0... > Connected to 0. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE AUTH=PLAIN] Dovecot ready. > ab login user at example.com password > ab OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS > THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN > NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH > ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY > MOVE QUOTA ACL RIGHTS=texk] Logged in > ab select inbox > * FLAGS (\Answered \Flagged \Deleted \Seen \Draft PEC_INBOX) > * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft PEC_INBOX > \*)] Flags permitted. > * 1 EXISTS > * 1 RECENT > * OK [UNSEEN 1] First unseen. > * OK [UIDVALIDITY 1401785069] UIDs valid > * OK [UIDNEXT 2] Predicted next UID > ab OK [READ-WRITE] Select completed (0.002 secs). > a1 SEARCH CHARSET UTF-8 SUBJECT "Test 4 Spaces" > * SEARCH > a1 OK Search completed (0.001 secs). > a1 SEARCH CHARSET UTF-8 SUBJECT "Test 4 Spaces" > * SEARCH 1 > a1 OK Search completed (0.000 secs). > ab logout > * BYE Logging out > ab OK Logout completed. > Connection closed by foreign host. > > If i run the search with one space i find a mail. > > I use dovecot v2.2.12 on Linux suse11 x86_64 > > Thanks From alanm at sics.se Tue Jun 17 12:29:38 2014 From: alanm at sics.se (Alan McGinlay) Date: Tue, 17 Jun 2014 14:29:38 +0200 Subject: replicator, ldap virtual users and static userdb Message-ID: <7ade9dbafb66a8067005abb64f0a88cb@sics.se> Hi! I am trying to use the static userdb with virtual users stored in ldap and the replicator plugin. What is the best way to implement this? I was not able to find documentation about it. Thanks! From alanm at sics.se Tue Jun 17 12:30:58 2014 From: alanm at sics.se (Alan McGinlay) Date: Tue, 17 Jun 2014 14:30:58 +0200 Subject: [Dovecot] Replication with virtual users and static userdb possible =?UTF-8?Q?=3F?= In-Reply-To: References: Message-ID: On 2014-06-17 04:50, deano-dovecot at areyes.com wrote: > I'm trying to avoid switching the userdb from a nice simple static > setup to something else to enable replication. Is there anyone using > replication with a virtual user configuration ? How did you do it ? > Actually, anyone doing replication at all - what does your config look > like ? > > Thanks - > > D. > > On 2014-06-03 11:54, deano-dovecot at areyes.com > wrote: > I seem to have posted the same question just now, sorry for not reading this first! From h.reindl at thelounge.net Tue Jun 17 17:16:55 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 17 Jun 2014 19:16:55 +0200 Subject: RFE: dnsbl-support for dovecot Message-ID: <53A07807.8080401@thelounge.net> after having my own dnsbl feeded by a honeypot and even mod_security supports it for webservers i think dovecot sould support the same to prevent dictionary attacks from known bad hosts, in our case that blacklist is 100% trustable and blocks before SMTP-Auth while normal RBL's are after SASL i admit that i am not a C/C++-programmer, but i think doing the DNS request and in case it has a result block any login attemt should be not too complex setup a own honeypot and feed rbldnsd with the sources is quite easy and in case of a own, trustable RBL where no foreigners report somebody by mistake it's relieable and scales well over many machines and services as long services supporting it mod_security: http://blog.inliniac.net/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From giles at coochey.net Tue Jun 17 17:43:44 2014 From: giles at coochey.net (Giles Coochey) Date: Tue, 17 Jun 2014 18:43:44 +0100 Subject: RFE: dnsbl-support for dovecot In-Reply-To: <53A07807.8080401@thelounge.net> References: <53A07807.8080401@thelounge.net> Message-ID: <53A07E50.8080505@coochey.net> On 17/06/2014 18:16, Reindl Harald wrote: > after having my own dnsbl feeded by a honeypot and even > mod_security supports it for webservers i think dovecot > sould support the same to prevent dictionary attacks from > known bad hosts, in our case that blacklist is 100% > trustable and blocks before SMTP-Auth while normal RBL's > are after SASL > > i admit that i am not a C/C++-programmer, but i think > doing the DNS request and in case it has a result block > any login attemt should be not too complex > > setup a own honeypot and feed rbldnsd with the sources > is quite easy and in case of a own, trustable RBL where > no foreigners report somebody by mistake it's relieable > and scales well over many machines and services as long > services supporting it > > mod_security: > http://blog.inliniac.net/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists/ > If you have the bllist as a file then you may as well drop with iptables (in Linux) or ipfw (BSD). Use an IP tool for an IP block, not the application. Spamhaus project has a kind of script for this type of thing: http://www.spamhaus.org/faq/section/DROP%20FAQ I'm quite happy to use fail2ban, yes - dovecot has to handle a few failed logins for each blocked IP, but it works for me and pretty much mitigates the attack. -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk giles at coochey.net -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6454 bytes Desc: S/MIME Cryptographic Signature URL: From h.reindl at thelounge.net Tue Jun 17 17:56:13 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 17 Jun 2014 19:56:13 +0200 Subject: RFE: dnsbl-support for dovecot In-Reply-To: <53A07E50.8080505@coochey.net> References: <53A07807.8080401@thelounge.net> <53A07E50.8080505@coochey.net> Message-ID: <53A0813D.3080409@thelounge.net> Am 17.06.2014 19:43, schrieb Giles Coochey: > On 17/06/2014 18:16, Reindl Harald wrote: >> after having my own dnsbl feeded by a honeypot and even >> mod_security supports it for webservers i think dovecot >> sould support the same to prevent dictionary attacks from >> known bad hosts, in our case that blacklist is 100% >> trustable and blocks before SMTP-Auth while normal RBL's >> are after SASL >> >> i admit that i am not a C/C++-programmer, but i think >> doing the DNS request and in case it has a result block >> any login attemt should be not too complex >> >> setup a own honeypot and feed rbldnsd with the sources >> is quite easy and in case of a own, trustable RBL where >> no foreigners report somebody by mistake it's relieable >> and scales well over many machines and services as long >> services supporting it >> >> mod_security: >> http://blog.inliniac.net/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists/ >> > If you have the bllist as a file then you may as well drop with iptables (in Linux) or ipfw (BSD). > > Use an IP tool for an IP block, not the application. > > Spamhaus project has a kind of script for this type of thing: > > http://www.spamhaus.org/faq/section/DROP%20FAQ > > I'm quite happy to use fail2ban, yes - dovecot has to handle a few failed logins for each blocked IP, but it works > for me and pretty much mitigates the attack that's not the point, to achieve the same as with a RBL you need to manipulate iptables on every machine - the RBL is centrally for HTTP/SMTP and so it makes sense to use it also for IMAP/POP3 additionally you have no log - thats bad with a RBL you have a dedicated log containign much more data than source / target IP and ports also i don't want to have fail2ban on every machine, the point of a RBL with a honeypot is that bad machines are blocked for 7 days just beause they touch any unused IP and likely before they even hit the production servers iptables-rules are managed here also centralized over a lot of machines and i really don't want to marry the honeypot with the iptables -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From giles at coochey.net Tue Jun 17 18:23:55 2014 From: giles at coochey.net (Giles Coochey) Date: Tue, 17 Jun 2014 19:23:55 +0100 Subject: RFE: dnsbl-support for dovecot In-Reply-To: <53A0813D.3080409@thelounge.net> References: <53A07807.8080401@thelounge.net> <53A07E50.8080505@coochey.net> <53A0813D.3080409@thelounge.net> Message-ID: <53A087BB.2060407@coochey.net> On 17/06/2014 18:56, Reindl Harald wrote: > > Am 17.06.2014 19:43, schrieb Giles Coochey: >> On 17/06/2014 18:16, Reindl Harald wrote: >>> after having my own dnsbl feeded by a honeypot and even >>> mod_security supports it for webservers i think dovecot >>> sould support the same to prevent dictionary attacks from >>> known bad hosts, in our case that blacklist is 100% >>> trustable and blocks before SMTP-Auth while normal RBL's >>> are after SASL >>> >>> i admit that i am not a C/C++-programmer, but i think >>> doing the DNS request and in case it has a result block >>> any login attemt should be not too complex >>> >>> setup a own honeypot and feed rbldnsd with the sources >>> is quite easy and in case of a own, trustable RBL where >>> no foreigners report somebody by mistake it's relieable >>> and scales well over many machines and services as long >>> services supporting it >>> >>> mod_security: >>> http://blog.inliniac.net/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists/ >>> >> If you have the bllist as a file then you may as well drop with iptables (in Linux) or ipfw (BSD). >> >> Use an IP tool for an IP block, not the application. >> >> Spamhaus project has a kind of script for this type of thing: >> >> http://www.spamhaus.org/faq/section/DROP%20FAQ >> >> I'm quite happy to use fail2ban, yes - dovecot has to handle a few failed logins for each blocked IP, but it works >> for me and pretty much mitigates the attack > that's not the point, to achieve the same as with a RBL you > need to manipulate iptables on every machine - the RBL is > centrally for HTTP/SMTP and so it makes sense to use > it also for IMAP/POP3 Or just do it on the firewall... > additionally you have no log - thats bad with a RBL you have a > dedicated log containign much more data than source / target IP > and ports Iptables has a log option. > also i don't want to have fail2ban on every machine, the point > of a RBL with a honeypot is that bad machines are blocked > for 7 days just beause they touch any unused IP and likely > before they even hit the production servers That's your personal choice. > iptables-rules are managed here also centralized over a lot > of machines and i really don't want to marry the honeypot with > the iptables > That's specific to your deployment. I don't know how much use such a feature within dovecot would get as there are quite a few specific tools that could accomplish pretty much the same goals of what you're looking for - it is just unfortunate that they don't fit in your own environment. Perhaps others on the list would have opinions on it. -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk giles at coochey.net -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6454 bytes Desc: S/MIME Cryptographic Signature URL: From h.reindl at thelounge.net Tue Jun 17 18:32:55 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 17 Jun 2014 20:32:55 +0200 Subject: RFE: dnsbl-support for dovecot In-Reply-To: <53A087BB.2060407@coochey.net> References: <53A07807.8080401@thelounge.net> <53A07E50.8080505@coochey.net> <53A0813D.3080409@thelounge.net> <53A087BB.2060407@coochey.net> Message-ID: <53A089D7.5070809@thelounge.net> Am 17.06.2014 20:23, schrieb Giles Coochey: > On 17/06/2014 18:56, Reindl Harald wrote: >> >> Am 17.06.2014 19:43, schrieb Giles Coochey: >>> On 17/06/2014 18:16, Reindl Harald wrote: >>>> after having my own dnsbl feeded by a honeypot and even >>>> mod_security supports it for webservers i think dovecot >>>> sould support the same to prevent dictionary attacks from >>>> known bad hosts, in our case that blacklist is 100% >>>> trustable and blocks before SMTP-Auth while normal RBL's >>>> are after SASL >>>> >>>> i admit that i am not a C/C++-programmer, but i think >>>> doing the DNS request and in case it has a result block >>>> any login attemt should be not too complex >>>> >>>> setup a own honeypot and feed rbldnsd with the sources >>>> is quite easy and in case of a own, trustable RBL where >>>> no foreigners report somebody by mistake it's relieable >>>> and scales well over many machines and services as long >>>> services supporting it >>>> >>>> mod_security: >>>> http://blog.inliniac.net/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists/ >>>> >>> If you have the bllist as a file then you may as well drop with iptables (in Linux) or ipfw (BSD). >>> >>> Use an IP tool for an IP block, not the application. >>> >>> Spamhaus project has a kind of script for this type of thing: >>> >>> http://www.spamhaus.org/faq/section/DROP%20FAQ >>> >>> I'm quite happy to use fail2ban, yes - dovecot has to handle a few failed logins for each blocked IP, but it works >>> for me and pretty much mitigates the attack >> that's not the point, to achieve the same as with a RBL you >> need to manipulate iptables on every machine - the RBL is >> centrally for HTTP/SMTP and so it makes sense to use >> it also for IMAP/POP3 > Or just do it on the firewall... * you need to centralize it * it don't fit my environment >> additionally you have no log - thats bad with a RBL you have a >> dedicated log containign much more data than source / target IP >> and ports > Iptables has a log option please read again what you quoted iptables logs hardly contain the username postfix rejections based on RBLs contain From/To a huge difference if it comes to analyze logs iptables logs are *packet based* >> also i don't want to have fail2ban on every machine, the point >> of a RBL with a honeypot is that bad machines are blocked >> for 7 days just beause they touch any unused IP and likely >> before they even hit the production servers > That's your personal choice yes, and that's why i asked for RBL support and not fail2ban >> iptables-rules are managed here also centralized over a lot >> of machines and i really don't want to marry the honeypot with >> the iptables > That's specific to your deployment yes, that's why i ask for a feature i know fail2ban and like tools well > I don't know how much use such a feature within dovecot would get as there are quite a few specific tools that > could accomplish pretty much the same goals of what you're looking for - it is just unfortunate that they don't > fit in your own environment. yes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From giles at coochey.net Tue Jun 17 18:39:12 2014 From: giles at coochey.net (Giles Coochey) Date: Tue, 17 Jun 2014 19:39:12 +0100 Subject: RFE: dnsbl-support for dovecot In-Reply-To: <53A089D7.5070809@thelounge.net> References: <53A07807.8080401@thelounge.net> <53A07E50.8080505@coochey.net> <53A0813D.3080409@thelounge.net> <53A087BB.2060407@coochey.net> <53A089D7.5070809@thelounge.net> Message-ID: <53A08B50.5010905@coochey.net> On 17/06/2014 19:32, Reindl Harald wrote: > > Am 17.06.2014 20:23, schrieb Giles Coochey: >> On 17/06/2014 18:56, Reindl Harald wrote: >>> Am 17.06.2014 19:43, schrieb Giles Coochey: >>>> On 17/06/2014 18:16, Reindl Harald wrote: >>>> >> Iptables has a log option > please read again what you quoted > > iptables logs hardly contain the username > postfix rejections based on RBLs contain From/To > > a huge difference if it comes to analyze logs > > iptables logs are *packet based* > Yes, you wouldn't get more information from the (iptables) log other than what can be discerned from the packet header & timestamp information. You should probably examine the allow_nets code and see to what extent it can be used or perhaps extended if necessary. http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk giles at coochey.net -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6454 bytes Desc: S/MIME Cryptographic Signature URL: From h.reindl at thelounge.net Tue Jun 17 18:43:04 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 17 Jun 2014 20:43:04 +0200 Subject: RFE: dnsbl-support for dovecot In-Reply-To: <53A08B50.5010905@coochey.net> References: <53A07807.8080401@thelounge.net> <53A07E50.8080505@coochey.net> <53A0813D.3080409@thelounge.net> <53A087BB.2060407@coochey.net> <53A089D7.5070809@thelounge.net> <53A08B50.5010905@coochey.net> Message-ID: <53A08C38.7090108@thelounge.net> Am 17.06.2014 20:39, schrieb Giles Coochey: > On 17/06/2014 19:32, Reindl Harald wrote: >> >> Am 17.06.2014 20:23, schrieb Giles Coochey: >>> On 17/06/2014 18:56, Reindl Harald wrote: >>>> Am 17.06.2014 19:43, schrieb Giles Coochey: >>>>> On 17/06/2014 18:16, Reindl Harald wrote: >>>>> >>> Iptables has a log option >> please read again what you quoted >> >> iptables logs hardly contain the username >> postfix rejections based on RBLs contain From/To >> >> a huge difference if it comes to analyze logs >> >> iptables logs are *packet based* >> > Yes, you wouldn't get more information from the (iptables) log other than what can be discerned from the packet > header & timestamp information. > > You should probably examine the allow_nets code and see to what extent it can be used or perhaps extended if > necessary. > > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets to make it short: i know all that options the question remains in the topic i started if the answer from Timo is "no" that it's just no nothing won't change the question -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From Jochen.Bern at LINworks.de Tue Jun 17 19:04:26 2014 From: Jochen.Bern at LINworks.de (Jochen Bern) Date: Tue, 17 Jun 2014 21:04:26 +0200 Subject: RFE: dnsbl-support for dovecot In-Reply-To: <53A07807.8080401@thelounge.net> References: <53A07807.8080401@thelounge.net> Message-ID: <53A0913A.2010901@LINworks.de> On -10.01.-28163 20:59, Reindl Harald wrote: > i admit that i am not a C/C++-programmer, but i think > doing the DNS request and in case it has a result block > any login attemt should be not too complex Can't say that I actually ever *did* it, but according to the docs, the following should work: 1. Use http://wiki2.dovecot.org/Authentication/MultipleDatabases to have login requests go through a http://wiki2.dovecot.org/AuthDatabase/CheckPassword first. Insert %r into the args to pass the rip to the external executable. 2. Make that executable return failure if there is a matching DNSBL entry. (Note that in the case of a *dictionary* attack, offenders should appear in your resolver's local cache shortly, so you can set very low timeouts.) Configure the database as "result_failure = return-fail" (according to the docs, that should make dovecot generate a log entry) and "result_success = continue" (which will pass processing to the *actual* userdb/passdb). 3. *Now* you can take advantage of having the lookup being done by an external executable, instead of (hard)code(d) within dovecot: Use the iptables "recent" module to (temporarily) block packets from SRCs on a local dynamic blacklist, and let the executable feed any matches it encounters to that list through the /proc/net interface as well. > echo +addr >/proc/net/xt_recent/DEFAULT > to add addr to the DEFAULT list Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im : Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Gesch?ftsf?hrer Metin Dogan, Oliver Michel From h.reindl at thelounge.net Tue Jun 17 19:20:27 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 17 Jun 2014 21:20:27 +0200 Subject: RFE: dnsbl-support for dovecot In-Reply-To: <53A0913A.2010901@LINworks.de> References: <53A07807.8080401@thelounge.net> <53A0913A.2010901@LINworks.de> Message-ID: <53A094FB.8010509@thelounge.net> Am 17.06.2014 21:04, schrieb Jochen Bern: > On -10.01.-28163 20:59, Reindl Harald wrote: >> i admit that i am not a C/C++-programmer, but i think >> doing the DNS request and in case it has a result block >> any login attemt should be not too complex > > Can't say that I actually ever *did* it, but according to the docs, the > following should work: > > 1. Use http://wiki2.dovecot.org/Authentication/MultipleDatabases to have > login requests go through a > http://wiki2.dovecot.org/AuthDatabase/CheckPassword first. Insert %r > into the args to pass the rip to the external executable. > > 2. Make that executable return failure if there is a matching DNSBL > entry. (Note that in the case of a *dictionary* attack, offenders should > appear in your resolver's local cache shortly, so you can set very low > timeouts.) Configure the database as "result_failure = return-fail" > (according to the docs, that should make dovecot generate a log entry) > and "result_success = continue" (which will pass processing to the > *actual* userdb/passdb). > > 3. *Now* you can take advantage of having the lookup being done by an > external executable, instead of (hard)code(d) within dovecot: Use the > iptables "recent" module to (temporarily) block packets from SRCs on a > local dynamic blacklist, and let the executable feed any matches it > encounters to that list through the /proc/net interface as well. > >> echo +addr >/proc/net/xt_recent/DEFAULT >> to add addr to the DEFAULT list thanks - but all that workarounds is wwhat i want to avoid simply because the gain is not high enough, the possible points of failures are increased while having already a trustable DNSBL and how DNSBL is working - any answer means listed - no response or a NXDOMAIN means "don't block the client" finally the way a RBL works also means in case of failures you only have the DNS request timeout but no false positives -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From stephan at rename-it.nl Tue Jun 17 19:30:56 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 17 Jun 2014 21:30:56 +0200 Subject: RFE: dnsbl-support for dovecot In-Reply-To: <53A07807.8080401@thelounge.net> References: <53A07807.8080401@thelounge.net> Message-ID: <53A09770.4030903@rename-it.nl> On 6/17/2014 7:16 PM, Reindl Harald wrote: > after having my own dnsbl feeded by a honeypot and even > mod_security supports it for webservers i think dovecot > sould support the same to prevent dictionary attacks from > known bad hosts, in our case that blacklist is 100% > trustable and blocks before SMTP-Auth while normal RBL's > are after SASL > > i admit that i am not a C/C++-programmer, but i think > doing the DNS request and in case it has a result block > any login attemt should be not too complex > > setup a own honeypot and feed rbldnsd with the sources > is quite easy and in case of a own, trustable RBL where > no foreigners report somebody by mistake it's relieable > and scales well over many machines and services as long > services supporting it > > mod_security: > http://blog.inliniac.net/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists/ > There are some Dovecot developments in that area: http://www.dovecot.org/talks/berlin-20140513.pptx.pdf (page 22) Regards, Stephan. From pch at myzel.net Tue Jun 17 20:59:12 2014 From: pch at myzel.net (Peter Chiochetti) Date: Tue, 17 Jun 2014 22:59:12 +0200 Subject: ACL group-override question In-Reply-To: <539F50EA.2000808@myzel.net> References: <539F50EA.2000808@myzel.net> Message-ID: <53A0AC20.20102@myzel.net> > Trying to get ACLs working, very basic setup: > > Virtual users are put into different acl_group via passdb. > >> u:{PLAIN}B::::::userdb_acl_groups=g > > The global acl file restricts what they can do. > >> * group-override=g >> * group=g lr > > Shouldn't this mean, that the group rights override the user rights? > > The effect that I see though is, that the user "u" then may not do > anything, not even lookup and read. Further to this experiment, I made the ACLs to not use any group settings at all, only trying to lock down the server for anybody, like that: > root at xxx:/etc/dovecot# cat dovecot-acl > * user=archiv lr > * owner lr > * authenticated lr > * anyone lr Yet, I still can delete messages from anywhere - What am I missing? Below system setup info (dovecot from bigmichi1 ppa): > root at xxx:/etc/dovecot# doveconf -n > # 2.2.13 (6bb26098a45c): /etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-64-generic x86_64 Ubuntu 12.04.4 LTS > mail_debug = yes > mail_location = maildir:~/Maildir > mail_log_prefix = "%s(%{auth_user}): " > mail_plugins = " acl fts fts_solr mail_log notify" > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = /etc/dovecot/passwd > driver = passwd-file > } > plugin { > acl = vfile:/etc/dovecot/dovecot-acl > fts = solr > fts_autoindex = yes > fts_solr = url=http://localhost:8983/solr/ > mail_log_events = save copy delete undelete expunge mailbox_create mailbox_rename mailbox_delete > mail_log_fields = uid box msgid from subject > } > protocols = " imap" > ssl_cert = ssl_key = userdb { > args = uid=archiv gid=archiv home=/home/archiv user=archiv > driver = static > } The virtual users all act as the system user, their names are just icing for auditing. -- peter From przemek.orzechowski at makolab.pl Wed Jun 18 05:28:18 2014 From: przemek.orzechowski at makolab.pl (=?UTF-8?B?UHJ6ZW15c8WCYXcgT3J6ZWNob3dza2k=?=) Date: Wed, 18 Jun 2014 07:28:18 +0200 Subject: Problem syncing mailboxes using doveadm sync Message-ID: <53A12372.9040609@makolab.pl> Hi command im using command bellow on destination server rtying to make keep it in sync after initialy doing doveadm backup -R doveadm -Dv -o imapc_host=src.srv -o imapc_user=test at domain.tld -opop3c_user=test at domain.tld -o imapc_password='pass' -o pop3c_password='pass' -o mail_fsync=never -o mail_prefetch_count=20 sync -f -1 -R -u test at domain.tld imapc: Im using dovecot on both source and destination server (source is dovecot 1.0.10 destination is 2.2.9) Destination box is Ubuntu 14.04 LTS with dovecot installed using apt. When i create new mail message on the serrver where i run this command its not propagated to the remote (old) server Is this command wrong ? From patrick at spamreducer.eu Wed Jun 18 09:28:05 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Wed, 18 Jun 2014 11:28:05 +0200 Subject: AW: Problem syncing mailboxes using doveadm sync In-Reply-To: <53A12372.9040609@makolab.pl> References: <53A12372.9040609@makolab.pl> Message-ID: <009301cf8ad7$9c0af800$d420e800$@spamreducer.eu> Would you really "sync" or just "backup"? To help decide, are you changing messages on both servers or is the second one just a backup-server? In case of backup you could use this command: doveadm backup -u user at example.com ssh backup.server.com doveadm dsync-server -u user at example.com Could this help you? Cheers! --------------------------------------------------------------------- Mit freundlichen Gr??en / Distinti saluti / Kind regards De Zordo Patrick patrick at spamreducer.eu Follow me on Skype: zorpat Follow me on Facebook: https://www.facebook.com/patrick.dezordo Follow me on GIThub: https://github.com/zorpat Follow me on Twitter: https://twitter.com/PDZTECH ------------------------------------------------------------------------------------------------------- Please use S/MIME encryption when writing to me, it?s a big security benefit! The Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol to digitally sign or encrypt emails. S/MIME Encryption provides message integrity, authentication, privacy via data encryption, and non-repudiation via digital signatures. Most mail clients support S/MIME, such as Microsoft Outlook, Thunderbird, Apple Mail, Lotus Notes, and Mulberry Mail. In detail: - prevents tampering of email content - prove message origin - prevent exposure of email content - flexible and secure communication - easy to implement ------------------------------------------------------------------------------------------------------- > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von > Przemyslaw Orzechowski > Gesendet: Mittwoch, 18. Juni 2014 07:28 > An: Dovecot Mailing List > Betreff: Problem syncing mailboxes using doveadm sync > > Hi > command im using command bellow on destination server rtying to make > keep it in sync after initialy doing doveadm backup -R > > doveadm -Dv -o imapc_host=src.srv -o imapc_user=test at domain.tld - > opop3c_user=test at domain.tld -o imapc_password='pass' -o > pop3c_password='pass' -o mail_fsync=never -o mail_prefetch_count=20 > sync -f -1 -R -u test at domain.tld imapc: > > Im using dovecot on both source and destination server (source is dovecot > 1.0.10 destination is 2.2.9) > > Destination box is Ubuntu 14.04 LTS with dovecot installed using apt. > > When i create new mail message on the serrver where i run this command its > not propagated to the remote (old) server Is this command wrong ? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6281 bytes Desc: not available URL: From przemek.orzechowski at makolab.pl Wed Jun 18 10:28:42 2014 From: przemek.orzechowski at makolab.pl (=?UTF-8?B?UHJ6ZW15c8WCYXcgT3J6ZWNob3dza2k=?=) Date: Wed, 18 Jun 2014 12:28:42 +0200 Subject: AW: Problem syncing mailboxes using doveadm sync In-Reply-To: <009301cf8ad7$9c0af800$d420e800$@spamreducer.eu> References: <53A12372.9040609@makolab.pl> <009301cf8ad7$9c0af800$d420e800$@spamreducer.eu> Message-ID: <53A169DA.4020106@makolab.pl> On 18.06.2014 11:28, Patrick De Zordo wrote: > Would you really "sync" or just "backup"? > To help decide, are you changing messages on both servers or is the second one just a backup-server? > > In case of backup you could use this command: > doveadm backup -u user at example.com ssh backup.server.com doveadm dsync-server -u user at example.com the problem is messages can be changed on both servers (this situation can last for about 1 month till the old server is finally retired) I have made initial backup using this command doveadm -v -o imapc_host=src.srv -o imapc_user=test at domain.tld -o pop3c_user=test at domain.tld -o imapc_password='pass' -o pop3c_password='pass' -o mail_fsync=never -o mail_prefetch_count=20 backup -R -u test at domain.tld imapc: Backup was successfull When i try later to do sync it seems to work only from remote to loacal (src.srv to the server im runing dovecot sync command on) and not the other way if i ommit -R in the sync command dovecot generates an error. > Could this help you? > > Cheers! > > --------------------------------------------------------------------- > Mit freundlichen Gr??en / Distinti saluti / Kind regards > De Zordo Patrick > patrick at spamreducer.eu > Follow me on Skype: zorpat > Follow me on Facebook: https://www.facebook.com/patrick.dezordo > Follow me on GIThub: https://github.com/zorpat > Follow me on Twitter: https://twitter.com/PDZTECH > > ------------------------------------------------------------------------------------------------------- > Please use S/MIME encryption when writing to me, it?s a big security benefit! > The Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol to digitally sign or encrypt emails. S/MIME Encryption provides message integrity, authentication, privacy via data encryption, and non-repudiation via digital signatures. Most mail clients support S/MIME, such as Microsoft Outlook, Thunderbird, Apple Mail, Lotus Notes, and Mulberry Mail. > In detail: > - prevents tampering of email content > - prove message origin > - prevent exposure of email content > - flexible and secure communication > - easy to implement > ------------------------------------------------------------------------------------------------------- > >> -----Urspr?ngliche Nachricht----- >> Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von >> Przemyslaw Orzechowski >> Gesendet: Mittwoch, 18. Juni 2014 07:28 >> An: Dovecot Mailing List >> Betreff: Problem syncing mailboxes using doveadm sync >> >> Hi >> command im using command bellow on destination server rtying to make >> keep it in sync after initialy doing doveadm backup -R >> >> doveadm -Dv -o imapc_host=src.srv -o imapc_user=test at domain.tld - >> opop3c_user=test at domain.tld -o imapc_password='pass' -o >> pop3c_password='pass' -o mail_fsync=never -o mail_prefetch_count=20 >> sync -f -1 -R -u test at domain.tld imapc: >> >> Im using dovecot on both source and destination server (source is dovecot >> 1.0.10 destination is 2.2.9) >> >> Destination box is Ubuntu 14.04 LTS with dovecot installed using apt. >> >> When i create new mail message on the serrver where i run this command its >> not propagated to the remote (old) server Is this command wrong ? From alanm at sics.se Wed Jun 18 10:53:20 2014 From: alanm at sics.se (Alan McGinlay) Date: Wed, 18 Jun 2014 12:53:20 +0200 Subject: AW: Problem syncing mailboxes using doveadm sync In-Reply-To: <53A169DA.4020106@makolab.pl> References: <53A12372.9040609@makolab.pl> <009301cf8ad7$9c0af800$d420e800$@spamreducer.eu> <53A169DA.4020106@makolab.pl> Message-ID: <3c0238f1e91d06481fb4860138739427@sics.se> On 2014-06-18 12:28, Przemys?aw Orzechowski wrote: > On 18.06.2014 11:28, Patrick De Zordo wrote: > Would you really "sync" or just "backup"? > To help decide, are you changing messages on both servers or is the > second one just a backup-server? > > In case of backup you could use this command: > doveadm backup -u user at example.com ssh backup.server.com doveadm > dsync-server -u user at example.com > the problem is messages can be changed on both servers (this > situation can last for about 1 month till the old server is finally > retired) > I have made initial backup using this command > doveadm -v -o imapc_host=src.srv -o imapc_user=test at domain.tld -o > pop3c_user=test at domain.tld -o imapc_password='pass' -o > pop3c_password='pass' -o mail_fsync=never -o mail_prefetch_count=20 > backup -R -u test at domain.tld imapc: > Backup was successfull > > When i try later to do sync it seems to work only from remote to > loacal (src.srv to the server im runing dovecot sync command on) and > not the other way > if i ommit -R in the sync command dovecot generates an error. > Could this help you? > > Cheers! > > --------------------------------------------------------------------- > Mit freundlichen Gr??en / Distinti saluti / Kind regards > De Zordo Patrick > patrick at spamreducer.eu > Follow me on Skype: zorpat > Follow me on Facebook: https://www.facebook.com/patrick.dezordo > Follow me on GIThub: https://github.com/zorpat > Follow me on Twitter: https://twitter.com/PDZTECH > > ------------------------------------------------------------------------------------------------------- > Please use S/MIME encryption when writing to me, it?s a big security > benefit! > The Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol to > digitally sign or encrypt emails. S/MIME Encryption provides message > integrity, authentication, privacy via data encryption, and > non-repudiation via digital signatures. Most mail clients support > S/MIME, such as Microsoft Outlook, Thunderbird, Apple Mail, Lotus > Notes, and Mulberry Mail. > In detail: > - prevents tampering of email content > - prove message origin > - prevent exposure of email content > - flexible and secure communication > - easy to implement > ------------------------------------------------------------------------------------------------------- > > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von > Przemyslaw Orzechowski > Gesendet: Mittwoch, 18. Juni 2014 07:28 > An: Dovecot Mailing List > Betreff: Problem syncing mailboxes using doveadm sync > > Hi > command im using command bellow on destination server rtying to make > keep it in sync after initialy doing doveadm backup -R > > doveadm -Dv -o imapc_host=src.srv -o imapc_user=test at domain.tld - > opop3c_user=test at domain.tld -o imapc_password='pass' -o > pop3c_password='pass' -o mail_fsync=never -o mail_prefetch_count=20 > sync -f -1 -R -u test at domain.tld imapc: > > Im using dovecot on both source and destination server (source is > dovecot > 1.0.10 destination is 2.2.9) > > Destination box is Ubuntu 14.04 LTS with dovecot installed using apt. > > When i create new mail message on the serrver where i run this command > its > not propagated to the remote (old) server Is this command wrong ? What error is generated when you omit -R ? From przemek.orzechowski at makolab.pl Wed Jun 18 11:21:35 2014 From: przemek.orzechowski at makolab.pl (=?UTF-8?B?UHJ6ZW15c8WCYXcgT3J6ZWNob3dza2k=?=) Date: Wed, 18 Jun 2014 13:21:35 +0200 Subject: AW: Problem syncing mailboxes using doveadm sync In-Reply-To: <3c0238f1e91d06481fb4860138739427@sics.se> References: <53A12372.9040609@makolab.pl> <009301cf8ad7$9c0af800$d420e800$@spamreducer.eu> <53A169DA.4020106@makolab.pl> <3c0238f1e91d06481fb4860138739427@sics.se> Message-ID: <53A1763F.9030207@makolab.pl> On 18.06.2014 12:53, Alan McGinlay wrote: > > > On 2014-06-18 12:28, Przemys?aw Orzechowski wrote: >> On 18.06.2014 11:28, Patrick De Zordo wrote: >> Would you really "sync" or just "backup"? >> To help decide, are you changing messages on both servers or is the >> second one just a backup-server? >> >> In case of backup you could use this command: >> doveadm backup -u user at example.com ssh backup.server.com doveadm >> dsync-server -u user at example.com >> the problem is messages can be changed on both servers (this >> situation can last for about 1 month till the old server is finally >> retired) >> I have made initial backup using this command >> doveadm -v -o imapc_host=src.srv -o imapc_user=test at domain.tld -o >> pop3c_user=test at domain.tld -o imapc_password='pass' -o >> pop3c_password='pass' -o mail_fsync=never -o mail_prefetch_count=20 >> backup -R -u test at domain.tld imapc: >> Backup was successfull >> >> When i try later to do sync it seems to work only from remote to >> loacal (src.srv to the server im runing dovecot sync command on) and >> not the other way >> if i ommit -R in the sync command dovecot generates an error. >> Could this help you? >> >> Cheers! >> >> --------------------------------------------------------------------- >> Mit freundlichen Gr??en / Distinti saluti / Kind regards >> De Zordo Patrick >> patrick at spamreducer.eu >> Follow me on Skype: zorpat >> Follow me on Facebook: https://www.facebook.com/patrick.dezordo >> Follow me on GIThub: https://github.com/zorpat >> Follow me on Twitter: https://twitter.com/PDZTECH >> >> ------------------------------------------------------------------------------------------------------- >> >> Please use S/MIME encryption when writing to me, it?s a big security >> benefit! >> The Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol to >> digitally sign or encrypt emails. S/MIME Encryption provides message >> integrity, authentication, privacy via data encryption, and >> non-repudiation via digital signatures. Most mail clients support >> S/MIME, such as Microsoft Outlook, Thunderbird, Apple Mail, Lotus >> Notes, and Mulberry Mail. >> In detail: >> - prevents tampering of email content >> - prove message origin >> - prevent exposure of email content >> - flexible and secure communication >> - easy to implement >> ------------------------------------------------------------------------------------------------------- >> >> >> -----Urspr?ngliche Nachricht----- >> Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von >> Przemyslaw Orzechowski >> Gesendet: Mittwoch, 18. Juni 2014 07:28 >> An: Dovecot Mailing List >> Betreff: Problem syncing mailboxes using doveadm sync >> >> Hi >> command im using command bellow on destination server rtying to make >> keep it in sync after initialy doing doveadm backup -R >> >> doveadm -Dv -o imapc_host=src.srv -o imapc_user=test at domain.tld - >> opop3c_user=test at domain.tld -o imapc_password='pass' -o >> pop3c_password='pass' -o mail_fsync=never -o mail_prefetch_count=20 >> sync -f -1 -R -u test at domain.tld imapc: >> >> Im using dovecot on both source and destination server (source is >> dovecot >> 1.0.10 destination is 2.2.9) >> >> Destination box is Ubuntu 14.04 LTS with dovecot installed using apt. >> >> When i create new mail message on the serrver where i run this >> command its >> not propagated to the remote (old) server Is this command wrong ? > > What error is generated when you omit -R ? > Relevant lines (stipped all lines between successfull start and the error mostly Debug: brain lines doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm doveadm(root): Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_backend_rescan (this is usually intentional, so just ignore this message) ... dsync(test at domain.tld): Panic: file dsync-mailbox-import.c: line 2136 (reassign_unwanted_uids): assertion failed: (wanted_count == saved_count) dsync(test at domain.tld): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x5e271) [0x7fe6b1dc0271] -> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7fe6b1dc02da] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fe6b1d7ba9e] -> doveadm(dsync_mailbox_import_deinit+0x890) [0x7fe6b29e44a0] -> doveadm(+0x33489) [0x7fe6b29df489] -> doveadm(dsync_brain_sync_mails+0x723) [0x7fe6b29dfca3] -> doveadm(dsync_brain_run+0x523) [0x7fe6b29dc0f3] -> doveadm(+0x2d974) [0x7fe6b29d9974] -> doveadm(+0x15b5b) [0x7fe6b29c1b5b] -> doveadm(doveadm_mail_try_run+0x26c) [0x7fe6b29c28ac] -> doveadm(main+0x414) [0x7fe6b29c16d4] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7fe6b19bdec5] -> doveadm(+0x15922) [0x7fe6b29c1922] Aborted (core dumped) From nicolas at franceoxygene.fr Wed Jun 18 14:44:52 2014 From: nicolas at franceoxygene.fr (Nicolas Cauchie) Date: Wed, 18 Jun 2014 16:44:52 +0200 Subject: LDAP and MySQL in the same configuration Message-ID: <53A1A5E4.6060404@franceoxygene.fr> Hello there, Simple question, I'm losting hope when I search on Google : Is there a way to authenticate users from a LDAP database and to fetch their quotas stored in a MySQL database, both in the same configuration ? Thanks Nicolas -- From portase.florin at medianetork.ro Wed Jun 18 15:55:41 2014 From: portase.florin at medianetork.ro (Florin Portase) Date: Wed, 18 Jun 2014 17:55:41 +0200 Subject: dovecot sieve vacation + lmtp protocol Message-ID: <53A1B67D.70306@medianetork.ro> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Here is my setup: dovecot - 2.2.11 pigeonhole - 0.4.2 qmail I was trying to create a vacation message, but after the sive script has been created and I was checking the logs I saw some strange errors: DOVECOT LOG Jun 18 16:52:24 lda(portase.florin at medianetork.ro): Error: lmtp client: connect(medianetork.ro, 25) failed: Connection refused Jun 18 16:52:24 lda(portase.florin at medianetork.ro): Error: smtp(medianetork.ro): RCPT TO failed: 451 4.4.0 Remote server not answering (connect) Jun 18 16:52:24 lda(portase.florin at medianetork.ro): Error: sieve: msgid=: failed to send vacation response to (refer to server log for more information) DOVECOT config service lmtp { chroot = client_limit = 0 drop_priv_before_exec = no executable = lmtp extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = #inet_listener lmtp { # address = 0.0.0.0 # port = 24 #} unix_listener lmtp { group = mode = 0666 user = } user = vsz_limit = 0 } protocol lmtp { #mail_fsync = optimized log_path = /var/log/dovecot/lmtp-errors.log info_log_path = /var/log//dovecot/lmtp.log mail_plugins = quota sieve autocreate expire } Am I missing something ??? Just to specify: domain medianetork.ro is accessible from outside on port 25 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTobZ9AAoJECEzxtLP+204AisH/2t83NS5GzFEv6JET3rJFW/k yN1/EM+Veg2CX7qvh0NPAQ/5/1f9MOdlyFUEs5vg1n2YGtBCfig6RFhP0OZNa2lK 38n99Vq3uutrTmviuv5pl4c8Jwlq68jlUlTK6DvKub58AVcqln6ljQt82HhfKl1+ lzQ/Igg6V9XT9vzcgdtumac4h+jNHuvoMv697dhK5/UfaV5tuFqKIHgLMampf4lz kc7x85xocK3C1+DQIepmpOgyHpjwBRi2KYzFii2s2jT0QWmhUHaD88BNnN8mkJxZ +1+IsWqyqSpxTx5ghIh0QiiUUBKmWcngRTs67PisDuVwvOmEy/ULkp1aEYwpD7Y= =3/1y -----END PGP SIGNATURE----- From egbert at vandenbussche.nl Wed Jun 18 20:25:37 2014 From: egbert at vandenbussche.nl (Egbert) Date: Wed, 18 Jun 2014 22:25:37 +0200 Subject: config best practice Message-ID: <53A1F5C1.4000908@vandenbussche.nl> Hi! We will soon start upgrading our Ubuntu mail server (running 2.0.19) from 12.04.1 LTSto 14.04 LTS. The dovecot config is still pretty much in 1.x style; one flat file called dovecot.conf. I can easily switch to a dovecot.conf with the "!include" lines and rename my flat config file to local.conf. I've tested that and it works fine. I could also try to move all lines in local.conf to the different XX-.conf files in the conf.d subdir. What is wise and best practice? Should one edit the files in conf.d? Or will the files in conf.d be overwritten on an update of dovecot? Then I'll better stick to the way of working with the dovecot.conf with the !includes and local.conf and assume that all files in conf.d are default settings. TNX for any advise! Egbert Jan, HCC!hobbynet, NL From skdovecot at smail.inf.fh-brs.de Wed Jun 18 22:04:40 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen) Date: Thu, 19 Jun 2014 00:04:40 +0200 Subject: dovecot sieve vacation + lmtp protocol In-Reply-To: <53A1B67D.70306@medianetork.ro> References: <53A1B67D.70306@medianetork.ro> Message-ID: <53A20CF8.2070108@smail.inf.fh-brs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Florin Portase wrote: > Hello, > > Here is my setup: > > dovecot - 2.2.11 pigeonhole - 0.4.2 qmail > > I was trying to create a vacation message, but after the sive > script has been created and I was checking the logs I saw some > strange errors: > > > DOVECOT LOG > > Jun 18 16:52:24 lda(portase.florin at medianetork.ro): Error: lmtp > client: connect(medianetork.ro, 25) failed: Connection refused Jun > 18 16:52:24 lda(portase.florin at medianetork.ro): Error: > smtp(medianetork.ro): RCPT TO failed: 451 4.4.0 Remote server not > answering (connect) Jun 18 16:52:24 > lda(portase.florin at medianetork.ro): Error: sieve: > msgid=: > > failed to send vacation response to (refer to server log > for more information) > > DOVECOT config > > > service lmtp { chroot = client_limit = 0 drop_priv_before_exec = > no executable = lmtp extra_groups = group = idle_kill = 0 > privileged_group = process_limit = 0 process_min_avail = 0 protocol > = lmtp service_count = 0 type = #inet_listener lmtp { # address = > 0.0.0.0 # port = 24 #} unix_listener lmtp { group = mode = 0666 > user = } user = vsz_limit = 0 } > > > protocol lmtp { #mail_fsync = optimized log_path = > /var/log/dovecot/lmtp-errors.log info_log_path = > /var/log//dovecot/lmtp.log mail_plugins = quota sieve autocreate > expire } > > > Am I missing something ??? First of all, we miss your _full_ doveconf -n output. > Just to specify: domain medianetork.ro is accessible from outside > on port 25 is it [the IP aka A record of medianetork.ro] connectable from the local machine as well? - -- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBU6IM+HD1/YhP6VMHAQJBgAf/aJQievG2cki4crRjxcixEOFOAgXbkzOi fILPAPfOEkgzs6e8x7Ew9Ocfe73fmleenbhp5su+3a5rRaJSRLg0ExBCCqIwEnA/ OYoqB4M3yNdg++RbOsLG6MA3MrNnXFfo7J1SF0xFRDGJ0cWBeMjDYM40mIwBjP1J piuYyFa4mICsoeShL1N4V66tycSUWrBhqmcJxvu0Hj7VrZMYGodpX3Mw4HlJOJfh NLqMDwQwVKRfBZP7xZZj5ay3p7WCyXPjEZ2TYg4U/ZeDnUiyHy8xjU9MFTrDSx9V /x7PTwZ3Xm/0B/VbTa3lxhWjUsYu7QvomqAIbphjszgspBF8HbFV5A== =hlk6 -----END PGP SIGNATURE----- From jtam.home at gmail.com Wed Jun 18 23:47:21 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Wed, 18 Jun 2014 16:47:21 -0700 (PDT) Subject: config best practice In-Reply-To: References: Message-ID: From: Egbert > The dovecot config is still pretty much in 1.x style; one flat file > called dovecot.conf. I can easily switch to a dovecot.conf with the > "!include" lines and rename my flat config file to local.conf. I've > tested that and it works fine. I could also try to move all lines in > local.conf to the different XX-.conf files in the conf.d subdir. What is > wise and best practice? Should one edit the files in conf.d? Or will the > files in conf.d be overwritten on an update of dovecot? Then I'll better > stick to the way of working with the dovecot.conf with the !includes and > local.conf and assume that all files in conf.d are default settings. I think you will hear from proponents of both styles. I would say use whatever works best for you. I personally use one dovecot.conf without any includes because I like having all my configs in one place. Less editing mutiple files, and less forgetting some configuration squirreled away in some conf.d file. Joseph Tam From toml at engr.orst.edu Thu Jun 19 06:01:43 2014 From: toml at engr.orst.edu (Tom Lieuallen) Date: Wed, 18 Jun 2014 23:01:43 -0700 Subject: dovecot 2.2.13 core dump (signal 11) Message-ID: <53A27CC7.80503@engr.orst.edu> We just upgraded from 2.1.16 to 2.2.13. One user is experiencing problems when using the shared namespace. Specifically it happens when opening/reading a message and when deleting messages. These functions work for other users. So far, this appears to be only affecting one user. The shared folder is a local ext4 file system and utilizes acls # 2.2.13: /private/dovecot/etc/dovecot/dovecot.conf doveconf: Warning: service auth { client_limit=1000 } is lower than required under max. load (15360) doveconf: Warning: service anvil { client_limit=1000 } is lower than required under max. load (10243) # OS: Linux 2.6.32-358.11.1.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.5 (Santiago) default_process_limit = 5120 first_valid_uid = 100 listen = * mail_location = mbox:~/mail:INBOX=/var/mail/%u:INDEX=/a2/imap-index/%u mail_plugins = quota acl namespace { hidden = yes inbox = no list = children location = maildir:/a1/dove-shared:INDEX=/a2/imap-index/dove-shared/%u prefix = sharedimap/ separator = / type = shared } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /private/dovecot/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } passdb { args = scheme=CRYPT username_format=%u /private/dovecot/etc/passwd driver = passwd-file } plugin { acl = vfile quota = fs:INBOX:mount=/a1 quota2 = fs:Home quota:mount=%h } protocols = imap lmtp service imap-login { service_count = 1 } service imap { process_limit = 2048 } ssl_cert = skip_acl_checks) Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.132.el6_5.2.x86_64 sssd-client-1.9.2-129.el6.x86_64 (gdb) bt full #0 acl_mailbox_right_lookup (box=0x12e6730, right_idx=7) at acl-mailbox.c:40 abox = 0x0 alist = ret = #1 0x00007f4c11604d06 in acl_copy_has_rights (ctx=0x12f9810, mail=0x12f5030) at acl-mailbox.c:409 destbox = 0x12edf90 save_right = #2 acl_copy (ctx=0x12f9810, mail=0x12f5030) at acl-mailbox.c:430 t = abox = 0x12ee5f8 #3 0x00007f4c11b741ed in mailbox_copy (_ctx=, mail=0x12f5030) at mail-storage.c:2149 ctx = 0x12f9810 t = 0x12f32d0 keywords = 0x12f9b80 pvt_flags = 0 backend_mail = 0x12f5030 ret = __FUNCTION__ = "mailbox_copy" #4 0x00007f4c11b742dd in mailbox_move (_ctx=, mail=0x12f5030) at mail-storage.c:2170 ctx = 0x12f9810 #5 0x000000000040c587 in fetch_and_copy (cmd=0x12e3f10, move=true) at cmd-copy.c:67 search_ctx = 0x12f4db0 src_trans = 0x12f4090 srcset_ctx = {str = 0x12bf328, first_uid = 0, last_uid = 4294967295} ret = 1 save_ctx = 0x0 mail = 0x12f5030 copy_count = 1 src_uidset = 0x12bf328 #6 cmd_copy_full (cmd=0x12e3f10, move=true) at cmd-copy.c:123 client = 0x12e3330 dest_storage = destbox = 0x12edf90 t = 0x12f32d0 src_trans = search_args = 0x12ecf80 messageset = 0x12cac10 "112850,112871,112903:112905,112919" mailbox = 0x12cac38 "Trash" src_uidset = sync_flags = 0 imap_flags = 0 changes = {pool = 0x12e6730, uid_validity = 19807984, saved_uids = { (I'm not sure how much more info is needed; let me know if more...) thank you Tom Lieuallen From pch at myzel.net Thu Jun 19 08:52:15 2014 From: pch at myzel.net (Peter Chiochetti) Date: Thu, 19 Jun 2014 10:52:15 +0200 Subject: config best practice In-Reply-To: <53A1F5C1.4000908@vandenbussche.nl> References: <53A1F5C1.4000908@vandenbussche.nl> Message-ID: <53A2A4BF.2020709@myzel.net> Am 2014-06-18 22:25, schrieb Egbert: > Hi! We will soon start upgrading our Ubuntu mail server (running 2.0.19) > from 12.04.1 LTSto 14.04 LTS. > The dovecot config is still pretty much in 1.x style; one flat file > called dovecot.conf. I can easily switch to a dovecot.conf with the > "!include" lines and rename my flat config file to local.conf. I've > tested that and it works fine. I could also try to move all lines in > local.conf to the different XX-.conf files in the conf.d subdir. What is > wise and best practice? Should one edit the files in conf.d? Or will the > files in conf.d be overwritten on an update of dovecot? Then I'll better > stick to the way of working with the dovecot.conf with the !includes and > local.conf and assume that all files in conf.d are default settings. Another Ubuntu 12.04 admin here, having almost all local configuration in local.conf ;) and happy about a single and quite short file to maintain. That lets me ADD, but not subtract stuff from conf.d/* (I had to comment a line that pulls in pam system users authentication because that would cause a timeout with virtual users on every login?) PS: /etc is under revision control so I still get to see changes in conf.d/* when upgrading the package, in case I want to know. -- peter From bourek at thinline.cz Thu Jun 19 08:54:10 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Thu, 19 Jun 2014 10:54:10 +0200 Subject: config best practice In-Reply-To: <53A1F5C1.4000908@vandenbussche.nl> References: <53A1F5C1.4000908@vandenbussche.nl> Message-ID: <53A2A532.6050104@thinline.cz> On 18.6.2014 22:25, Egbert wrote: > Hi! We will soon start upgrading our Ubuntu mail server (running 2.0.19) > from 12.04.1 LTSto 14.04 LTS. > The dovecot config is still pretty much in 1.x style; one flat file > called dovecot.conf. I can easily switch to a dovecot.conf with the > "!include" lines and rename my flat config file to local.conf. I've > tested that and it works fine. I could also try to move all lines in > local.conf to the different XX-.conf files in the conf.d subdir. What is > wise and best practice? Should one edit the files in conf.d? Or will the > files in conf.d be overwritten on an update of dovecot? Then I'll better > stick to the way of working with the dovecot.conf with the !includes and > local.conf and assume that all files in conf.d are default settings. > > TNX for any advise! > Egbert Jan, HCC!hobbynet, NL > The split configuration is useful for automated updates/upgrades. The packaging system knows if particular config file was changed and if it wasn't, it's replaced by a new version without bothering you. For example, let's say you have single config file and only single line differs from default configuration - say "auth_verbose". When you upgrade, the packaging system tells you "the configuration was changed" and you need to either manually figure out all changes and apply them to your configuration or lose your own configuration changes (or attempt a 3-way merge) With split configuration files the packaging system silently replaces all configuration with new defaults except 10-loging.conf and you only need to worry about that file. Plus, on Ubuntu you have different Dovecot components (core, imapd, pop3d, mysql) split into different packages and these packages have separate config files as well. So I'd recommend splitting the configuration. IMO it's easy way to keep it up-to-date with upstream changes without too much trouble (package maintainer does the work for you) I ofc agree with previous post - use whatever works best for you. From portase.florin at medianetork.ro Thu Jun 19 09:43:54 2014 From: portase.florin at medianetork.ro (Florin Portase) Date: Thu, 19 Jun 2014 11:43:54 +0200 Subject: dovecot sieve vacation + lmtp protocol In-Reply-To: <53A20CF8.2070108@smail.inf.fh-brs.de> References: <53A1B67D.70306@medianetork.ro> <53A20CF8.2070108@smail.inf.fh-brs.de> Message-ID: <53A2B0DA.1070103@medianetork.ro> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/19/2014 12:04 AM, Steffen wrote: > Florin Portase wrote: >> Hello, > >> Here is my setup: > >> dovecot - 2.2.11 pigeonhole - 0.4.2 qmail > >> I was trying to create a vacation message, but after the sive >> script has been created and I was checking the logs I saw some >> strange errors: > > >> DOVECOT LOG > >> Jun 18 16:52:24 lda(portase.florin at medianetork.ro): Error: lmtp >> client: connect(medianetork.ro, 25) failed: Connection refused >> Jun 18 16:52:24 lda(portase.florin at medianetork.ro): Error: >> smtp(medianetork.ro): RCPT TO failed: 451 4.4.0 Remote server >> not answering (connect) Jun 18 16:52:24 >> lda(portase.florin at medianetork.ro): Error: sieve: >> msgid=: > >> > > failed to send vacation response to (refer to server > log >> for more information) > >> DOVECOT config > > >> service lmtp { chroot = client_limit = 0 drop_priv_before_exec = >> no executable = lmtp extra_groups = group = idle_kill = 0 >> privileged_group = process_limit = 0 process_min_avail = 0 >> protocol = lmtp service_count = 0 type = #inet_listener lmtp { # >> address = 0.0.0.0 # port = 24 #} unix_listener lmtp { group = >> mode = 0666 user = } user = vsz_limit = 0 } > > >> protocol lmtp { #mail_fsync = optimized log_path = >> /var/log/dovecot/lmtp-errors.log info_log_path = >> /var/log//dovecot/lmtp.log mail_plugins = quota sieve >> autocreate expire } > > >> Am I missing something ??? > > First of all, we miss your _full_ doveconf -n output. > >> Just to specify: domain medianetork.ro is accessible from >> outside on port 25 > > is it [the IP aka A record of medianetork.ro] connectable from the > local machine as well? > > Hello Steffen, It seems I found the error: it was this variable "submission_host" I had to setup "submission_host=localhost" If I'll change submission_host=medianetork.ro, vacation response did not work. Also, from localhost I can connect to A record of medianetork.ro . But I have to admit, I do not have a clear idea what's the purpose of this variable. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTorDaAAoJECEzxtLP+204ipYIAIh/6iEVppz4i3aRpLD1a6zP y2oY+VIPjPRO5OOwS6tTtRAg948LrRGMJweDBLRHmxfCLqtVuVI+eKjDVUIsQ+bY /DomDMRIl5FWZaXvhaY7iaLRBY/ZJL9TVIo5i+rEZAlrzEtaL7Aqf6xrkmltFR33 FaOkrw+9oM2E612/eyCeXvhpHrmvyMXkXyNvEcemFJ3GaF4Z+xeyq9rgcBSgoJHs ld0b5o4QpJiS8SY9Ale/yn1OOcaxRNAYPXFR7zbc1aFhsAg1VkTpbpdcXIiurRJw KG0UcLwEqOX2QP8Kh1YSniDAcyXGmVSfOXgElVY7NfaQA0r55D678XC4PBXkWGs= =/P+2 -----END PGP SIGNATURE----- From CMarcus at Media-Brokers.com Thu Jun 19 13:55:29 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 19 Jun 2014 09:55:29 -0400 Subject: config best practice In-Reply-To: <53A2A532.6050104@thinline.cz> References: <53A1F5C1.4000908@vandenbussche.nl> <53A2A532.6050104@thinline.cz> Message-ID: <53A2EBD1.8040006@Media-Brokers.com> On 6/19/2014 4:54 AM, Jiri Bourek wrote: > For example, let's say you have single config file and only single > line differs from default configuration - say "auth_verbose". When you > upgrade, the packaging system tells you "the configuration was > changed" and you need to either manually figure out all changes and > apply them to your configuration or lose your own configuration > changes (or attempt a 3-way merge) I prefer putting all of mine in one file in conf.d named 99-myconfig.conf. This causes this file to be loaded last, so it overwrites any settings defined in the other config files. Charles From alandaluz at gmail.com Thu Jun 19 16:46:12 2014 From: alandaluz at gmail.com (Cassidy Larson) Date: Thu, 19 Jun 2014 10:46:12 -0600 Subject: dsync initial replication failing Message-ID: Trying to get my new storage server synced up using dsync replication with SSH. Followed the wiki and everything works great for the initial sync, for about 4 hours, then I get some errors and it stops replicating: dsync-local(user at host.com): Warning: Failed to do incremental sync for mailbox INBOX, retry with a full sync dsync-local(user at host.com): Error: Remote command returned error 75: ssh -lusername doveadm dsync-server -uuser at host.com -U It happened around 2am. I restarted the new server dovecot process and it started to copy back up again, and then happened about four hours later. I have about 10,000 accounts, and it chugs through the list to replicate pretty well (~300Mbps), so I know it's working. Just not sure why it's failing after it's working so great. Running 2.2.13 on both on FreeBSD. Both show this: # doveadm replicator status Queued 'sync' requests 0 Queued 'high' requests 0 Queued 'low' requests 0 Queued 'failed' requests 0 Queued 'full resync' requests 5645 Waiting 'failed' requests 0 Total number of known users 9957 Any ideas? Suggestions? Thanks, Cassidy From laeeth at laeeth.com Thu Jun 19 17:25:46 2014 From: laeeth at laeeth.com (Laeeth Isharc) Date: Thu, 19 Jun 2014 18:25:46 +0100 Subject: Replication and namespaces Message-ID: <30431F41-B366-48F0-BCA9-672ABC55B078@laeeth.com> Hi. Replication in dovecot is running into trouble as it is trying to sync virtual namespaces and does not like it. dsync parameters With v2.2.9+ you can configure what parameters replicator uses for the doveadm sync command: replication_dsync_parameters = -d -N -l 30 -U The -f and -s parameters are added automatically when needed. Usually the only change you may want to do is replace -N (= sync all namespaces) with -n or maybe just add -x parameter(s). ........ What is the description of namespace that follows -n or -x? -x virtual Or -x 0/ Where 0/ is the prefix for my virtual namespace Does not seem to stop it trying to sync the virtual namespace... What should I be doing instead? Do I need to use all the parameters above? Or can I just use the -x ? Sent from my iPa From apm at one.com Fri Jun 20 07:01:57 2014 From: apm at one.com (Peter Mogensen) Date: Fri, 20 Jun 2014 09:01:57 +0200 Subject: Suggestion: Split login_trusted_networks Message-ID: <53A3DC65.3090707@one.com> Hi, It seems the use of login_trusted_networks is overloaded. Example: * It's used for indicating which hosts you trust to provide XCLIENT remote IP's. * It's used for indicating from which hosts you trust logins enough to disable auth penalty. (like in a webmail) However... trustwise, this is trusting two different entities. The first case you put trust in the host. In the second case, you actually put trust in the user which uses the webmail (unless of course the webmail it self implements auth-penalties). So you can't have one set of hosts which you trust for XCLIENT and another set of hosts you trust for not being the origin of brute force attacks. /Peter From era+dovecot at iki.fi Mon Jun 16 13:25:01 2014 From: era+dovecot at iki.fi (era eriksson) Date: Mon, 16 Jun 2014 13:25:01 +0000 (UTC) Subject: Procmail wiki text -- don't muck with SENDMAIL Message-ID: I tried to edit http://wiki2.dovecot.org/procmail but got stuck on the TextCha. Approaching this list instead seems to be a time-tested secondary approach, and I wasn't completely comfortable making these changes without discussion anyway. So here goes. The SENDMAIL= assignment is not only irrelevant, but actually wrong. The note down in the update section about Ubuntu explains the problem well enough, but it applies to all the sections on the page. My proposed edit was to simply remove SENDMAIL and SENDMAILFLAGS from all the recipes on the page, and then remove the Ubuntu section altogether, because it would no longer add anything useful to the page. If somebody in the Dovecot community with edit access to the wiki wants to implement this change, I would be grateful on behalf of the people who try to use Procmail with Dovecot. -- If this were my real .signature, it would suck less. Well, maybe not. From shigeru at freenet.de Thu Jun 19 12:28:18 2014 From: shigeru at freenet.de (MrLINK) Date: Thu, 19 Jun 2014 05:28:18 -0700 (PDT) Subject: IMAP Chunking Thunderbird Message-ID: <1403180898451-48549.post@n4.nabble.com> Hi, using dovecot-2.0.9-7.el6.x86_64 on CentOS release 6.5 (Final) I have an issue with thunderbird imap chunking. Some attachments are corrupted, because Thunderbird is just storing the first chunk. Since there are some workarounds by editing the "mail.imap.fetch_by_chunks" via about:config this is not the best choice for me because every client has to be edited. Is there a way to set a central value on the dovecot server (i.e disable chunking since this is not a client behaviour only)? Thanks in advance! MrLINK -- View this message in context: http://dovecot.2317879.n4.nabble.com/IMAP-Chunking-Thunderbird-tp48549.html Sent from the Dovecot mailing list archive at Nabble.com. From laeeth at laeeth.com Thu Jun 19 14:52:25 2014 From: laeeth at laeeth.com (Laeeth Isharc) Date: Thu, 19 Jun 2014 15:52:25 +0100 Subject: Sis attachment deduplication Message-ID: <155B381A-63CD-4FE6-B3D9-7FF5650D24E9@laeeth.com> Hi. Two questions: 1. Is this now reasonably stable for large mailboxes (c 2mm messages)? 2. Will this leave the filename in the message body unchanged? So for example if I have the same attachment called proposalfromvendor.pdf and proposaltoclient.pdf in two different emails, will the original names be kept ? Or will it replace the filename with some kind of numeric hash ? Many thanks. Laeeth Sent from my iPad From h.reindl at thelounge.net Fri Jun 20 11:23:06 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 20 Jun 2014 13:23:06 +0200 Subject: Sis attachment deduplication In-Reply-To: <155B381A-63CD-4FE6-B3D9-7FF5650D24E9@laeeth.com> References: <155B381A-63CD-4FE6-B3D9-7FF5650D24E9@laeeth.com> Message-ID: <53A4199A.80809@thelounge.net> Am 19.06.2014 16:52, schrieb Laeeth Isharc: > 1. Is this now reasonably stable for large mailboxes (c 2mm messages)? dunno > 2. Will this leave the filename in the message body unchanged? So for example if I have the same attachment called proposalfromvendor.pdf and proposaltoclient.pdf in two different emails, will the original names be kept ? Or will it replace the filename with some kind of numeric hash ? the message body must not be changed never, not in any single case for no reason why? because it breaks all sort of sigend mails dunno how this is implemented, in case of dbmail each message is splitted in it's mimeparts, they are all stored with a sha1sum and referenced to the messages, fetch a message re-constrcuts the whole mail from it's mimeparts and everytime a new mimepart arrives it's verified with the existing checksums to decide if a new record is needed or only a reference - after all references are gone the record for a mimepart is deleted -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From rs at sys4.de Fri Jun 20 12:51:56 2014 From: rs at sys4.de (Robert Schetterer) Date: Fri, 20 Jun 2014 14:51:56 +0200 Subject: IMAP Chunking Thunderbird In-Reply-To: <1403180898451-48549.post@n4.nabble.com> References: <1403180898451-48549.post@n4.nabble.com> Message-ID: <53A42E6C.1010805@sys4.de> Am 19.06.2014 14:28, schrieb MrLINK: > Hi, > > using dovecot-2.0.9-7.el6.x86_64 on CentOS release 6.5 (Final) I have an > issue with thunderbird imap chunking. Some attachments are corrupted, > because Thunderbird is just storing the first chunk. Since there are some > workarounds by editing the "mail.imap.fetch_by_chunks" via about:config this > is not the best choice for me because every client has to be edited. Is > there a way to set a central value on the dovecot server (i.e disable > chunking since this is not a client behaviour only)? > > Thanks in advance! > > > MrLINK > > > > -- > View this message in context: http://dovecot.2317879.n4.nabble.com/IMAP-Chunking-Thunderbird-tp48549.html > Sent from the Dovecot mailing list archive at Nabble.com. > i got no problem report with thunderbird on 2.0.x 2.0.9 is not recent , latest is 2.0.21 better would be 2.1.17 best should be 2.2.13 i found some rpm repo http://www.city-fan.org/ftp/contrib/yum-repo/rhel6/x86_64/ Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From delrio at mie.utoronto.ca Fri Jun 20 13:49:20 2014 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Fri, 20 Jun 2014 09:49:20 -0400 Subject: Sis attachment deduplication In-Reply-To: <155B381A-63CD-4FE6-B3D9-7FF5650D24E9@laeeth.com> References: <155B381A-63CD-4FE6-B3D9-7FF5650D24E9@laeeth.com> Message-ID: <53A43BE0.8050507@mie.utoronto.ca> On 06/19/14 10:52 AM, Laeeth Isharc wrote: > 1. Is this now reasonably stable for large mailboxes (c 2mm messages)? We have not had any problems. YMMV and should be tested before putting into production. > 2. Will this leave the filename in the message body unchanged? So for example if I have the same attachment called proposalfromvendor.pdf and proposaltoclient.pdf in two different emails, will the original names be kept ? Or will it replace the filename with some kind of numeric hash ? There are no changes. It is completely transparent. It stores the attachments using an internal hash. From egbert at vandenbussche.nl Fri Jun 20 16:10:28 2014 From: egbert at vandenbussche.nl (Egbert) Date: Fri, 20 Jun 2014 18:10:28 +0200 Subject: config best practice In-Reply-To: <53A2EBD1.8040006@Media-Brokers.com> References: <53A1F5C1.4000908@vandenbussche.nl> <53A2A532.6050104@thinline.cz> <53A2EBD1.8040006@Media-Brokers.com> Message-ID: <53A45CF4.4000805@vandenbussche.nl> Thanks all who replied with good advice. I think I'll go for the (short) local.conf solution. I don't like messing around with all separate files in conf.d. As long as they don't conflict with my settings, it will be OK. Egbert Jan Charles Marcus schreef op 19-6-2014 15:55: > On 6/19/2014 4:54 AM, Jiri Bourek wrote: >> For example, let's say you have single config file and only single >> line differs from default configuration - say "auth_verbose". When >> you upgrade, the packaging system tells you "the configuration was >> changed" and you need to either manually figure out all changes and >> apply them to your configuration or lose your own configuration >> changes (or attempt a 3-way merge) > > I prefer putting all of mine in one file in conf.d named > 99-myconfig.conf. > > This causes this file to be loaded last, so it overwrites any settings > defined in the other config files. > > > Charles From deano-dovecot at areyes.com Sat Jun 21 15:12:16 2014 From: deano-dovecot at areyes.com (deano-dovecot at areyes.com) Date: Sat, 21 Jun 2014 11:12:16 -0400 Subject: Managing users and home dirs Message-ID: <426fb533bc5564b3a7fe8cdb3a0959d7@areyes.com> For those of you using virtual users, and SQL, how are you managing your users and their home dirs ? That is, what process do you use for adding/deleting users, creating their home dirs etc ? I suppose it's easy enough to do manually, inserting rows in the database, creating dirs, chown/chmod yada yada, but there must be a better way to do it ... If you're doing dovecot replication then it gets even more cumbersome, having to duplicate the effort in two places (and make sure it's correct). I have a nice test setup using Percona XtraDB Clustering in a 3-node cluster which works swimmingly, albeit in VMs only at the moment. A master DB node and two dovecot nodes. Dovecot replication is up and running nicely too, and I almost have all the communications going over ipsec tunnels, so it will be nice and secure. I'm thinking of something like a cronjob with two tasks, the first would periodically scan the home dirs and compare the users to what's in the database. When it finds a new userdir (plus a file labeled PASSWD) the script would add the user to the database, create the Maildir and whatever else, then delete the PASSWD file. DB replication will push that to the other nodes. The second task is scanning the user database and comparing to the home dirs - basically opposite of the first cronjob. When it finds a user in the DB that doesn't have a home dir, it would create it and whatever else is needed. This way, to add a user one would just create a PASSWD file in /var/mail/domain.com/newusername/PASSWD on either of the dovecot replication partner systems. The first cronjob task would discover the newusername dir, create the user in the DB, create the Maildir, chown/chmod etc. and delete the PASSWD file, so it's ready to go on that system. DB replication pushes the user table to the other nodes. The second task on the other dovecot system will discover a new user in the DB that doesn't have a home dir, and do its thing to create it all. So the whole create-a-new-user process becomes something like this on either dovecot system : mkdir -p /var/mail/domain.com/newusername ; echo "changeme" > /var/mail/domain.com/newusername/PASSWD A max of 5 minutes later the user is added to the database, and the home dir/Maildir/etc/etc is created on both dovecot systems. D. From pch at myzel.net Sun Jun 22 12:48:39 2014 From: pch at myzel.net (Peter Chiochetti) Date: Sun, 22 Jun 2014 14:48:39 +0200 Subject: ACL group vs. owner question Message-ID: <53A6D0A7.4010902@myzel.net> A hopefully simple question regarding the use of ACLs - the spirit being of taking away most permissions first and then adding them back selectively: In the global ACL declaration I have: > * owner lr > * group=SYS lrwstipekxa The owner is put into the SYS group via userdb extra field in static passwd file ("archiv" is a system user, but pam is disabled for the server): > archiv:::::::userdb_acl_groups=SYS Still, the group permissions do not get applied: > root at host:/etc/dovecot# doveadm -D acl debug -u archiv INBOX > [?] > doveadm(archiv): Debug: Added userdb setting: plugin/acl_groups=SYS > doveadm(archiv): Debug: Effective uid=1002, gid=1001, home=/home/archiv > doveadm(archiv): Debug: acl: No acl_shared_dict setting - shared mailbox listing is disabled > doveadm(archiv): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir > doveadm(archiv): Debug: maildir++: root=/home/archiv/Maildir, index=, indexpvt=, control=, inbox=/home/archiv/Maildir, alt= > doveadm(archiv): Debug: acl: initializing backend with data: vfile:/etc/dovecot/dovecot-acl > doveadm(archiv): Debug: acl: acl username = archiv > doveadm(archiv): Debug: acl: owner = 1 > doveadm(archiv): Debug: acl vfile: Global ACL file: /etc/dovecot/dovecot-acl > doveadm(archiv): Info: Mailbox 'INBOX' is in namespace '' > doveadm(archiv): Info: Mailbox path: /home/archiv/Maildir > doveadm(archiv): Info: All message flags are shared across users in mailbox > doveadm(archiv): Debug: acl vfile: file /home/archiv/Maildir/dovecot-acl not found > doveadm(archiv): Info: User archiv has rights: lookup read > doveadm(archiv): Info: Mailbox in user's private namespace > doveadm(archiv): Info: Mailbox INBOX is visible in LIST My question: Shouldn't this work? (In a stock setup.) PS: when I add "* group-override=SYS" to /etc/dovecot/dovecot-acl the user will not even be able to list INBOX. PPS: As an aside, the setup also switches any sytem or /virtual/ users during login in local.conf: > userdb { > driver = static > args = uid=archiv gid=archiv home=/home/archiv user=archiv > } but I get the above result without that switching when I make it read: > userdb { > driver = static > args = home=/home/archiv > } So I suppose that it's not relevant in this case? Thank you in advance -- peter From tlx at leuxner.net Sun Jun 22 13:09:00 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Sun, 22 Jun 2014 15:09:00 +0200 Subject: ACL group vs. owner question In-Reply-To: <53A6D0A7.4010902@myzel.net> References: <53A6D0A7.4010902@myzel.net> Message-ID: <20140622130900.GA5682@nihlus.leuxner.net> * Peter Chiochetti 2014.06.22 14:48: > >* owner lr > >* group=SYS lrwstipekxa > >doveadm(archiv): Info: User archiv has rights: lookup read What version is this? There used to be a bug in versions before 2.2.13 where only the first matching ACL line was applied. From the looks this could be the case here as only 'lr' is applied. http://hg.dovecot.org/dovecot-2.2/rev/7a08a481c133 Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From Ralf.Hildebrandt at charite.de Sun Jun 22 17:38:31 2014 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Sun, 22 Jun 2014 19:38:31 +0200 Subject: SIGSEGV in 2.2.13 with IMAP Proxying to an Exchange Server Message-ID: <20140622173831.GB13382@charite.de> Reading symbols from /usr/lib/dovecot/imap...Reading symbols from /usr/lib/debug//usr/lib/dovecot/imap...done. done. Attaching to program: /usr/lib/dovecot/imap, process 28497 [New LWP 28497] Core was generated by `dovecot/imap'. Program terminated with signal SIGSEGV, Segmentation fault. #0 imapc_client_mailbox_cmd (box=0x0, callback=callback at entry=0x7fa3a78020e0 , context=context at entry=0x7fffd738b940) at imapc-client.c:351 #0 imapc_client_mailbox_cmd (box=0x0, callback=callback at entry=0x7fa3a78020e0 , context=context at entry=0x7fffd738b940) at imapc-client.c:351 cmd = __FUNCTION__ = "imapc_client_mailbox_cmd" #1 0x00007fa3a7802815 in imapc_mailbox_noop (mbox=mbox at entry=0x149d440) at imapc-storage.c:154 cmd = sctx = {client = 0x146c400, ret = -2} #2 0x00007fa3a7800d30 in imapc_mailbox_sync_init (box=0x149d440, flags=(MAILBOX_SYNC_FLAG_FULL_READ | MAILBOX_SYNC_FLAG_FIX_INCONSISTENT)) at imapc-sync.c:476 mbox = 0x149d440 list = capabilities = changes = true ret = 0 #3 0x00007fa3a78133c9 in mailbox_sync_init (box=box at entry=0x149d440, flags=(MAILBOX_SYNC_FLAG_FULL_READ | MAILBOX_SYNC_FLAG_FIX_INCONSISTENT)) at mail-storage.c:1677 _data_stack_cur_id = 4 ctx = #4 0x00007fa3a78134d7 in mailbox_sync (box=box at entry=0x149d440, flags=, flags at entry=MAILBOX_SYNC_FLAG_FULL_READ) at mail-storage.c:1725 ctx = 0x149d440 status = {sync_delayed_expunges = 0} #5 0x00007fa3a783ddcb in mailbox_expunge_all_data (box=0x149d440) at index-storage.c:648 ctx = 0x7fffd738bafc t = 0x7fffd738bafc mail = 0x0 search_args = 0x0 #6 index_storage_mailbox_delete (box=0x149d440) at index-storage.c:701 metadata = {guid = "\000\000\000\000\000\000\000\000\030\337z\247\000\000\000", virtual_size = 21615680, cache_fields = 0x0, precache_fields = (MAIL_FETCH_RECEIVED_DATE | MAIL_FETCH_SAVE_DATE | MAIL_FETCH_PHYSICAL_SIZE | MAIL_FETCH_IMAP_BODY | MAIL_FETCH_IMAP_ENVELOPE | MAIL_FETCH_HEADER_MD5 | MAIL_FETCH_UIDL_BACKEND | MAIL_FETCH_POP3_ORDER | unknown: 16777216), backend_ns_prefix = 0x7fa3a78144b0 "\211\302\061\300\205\322x\bH\203\304\030[]?\366\203\230\002", backend_ns_type = (unknown: 0)} status = {messages = 0, recent = 0, unseen = 21327392, uidvalidity = 0, uidnext = 1, first_unseen_seq = 0, first_recent_uid = 2806981817, last_cached_seq = 32675, highest_modseq = 21615680, highest_pvt_modseq = 140340866663231, keywords = 0x1, permanent_flags = 0, permanent_keywords = 0, allow_new_keywords = 0, nonpermanent_modseqs = 0, no_modseq_tracking = 0, have_guids = 0, have_save_guids = 0, have_only_guid128 = 0} ret_guid = #7 0x00007fa3a78146a7 in mailbox_delete (box=0x149d440) at mail-storage.c:1319 ret = #8 0x000000000040d0e1 in cmd_delete (cmd=0x148de40) at cmd-delete.c:39 client = ns = box = 0x149d440 name = 0x144c2b8 "postponed-msgs" errstr = error = 32767 disconnect = false #9 0x0000000000416cfc in command_exec (cmd=0x148de40) at imap-commands.c:158 hook = 0x14550e0 ret = #10 0x0000000000415d5f in client_command_input (cmd=0x148de40) at imap-client.c:778 client = 0x1499c10 command = __FUNCTION__ = "client_command_input" #11 0x0000000000415e15 in client_command_input (cmd=0x148de40) at imap-client.c:839 client = 0x1499c10 command = __FUNCTION__ = "client_command_input" #12 0x0000000000416115 in client_handle_next_command (remove_io_r=, client=0x1499c10) at imap-client.c:877 No locals. #13 client_handle_input (client=client at entry=0x1499c10) at imap-client.c:889 _data_stack_cur_id = 3 remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" #14 0x00000000004164a2 in client_input (client=0x1499c10) at imap-client.c:931 cmd = 0x1465630 output = 0x148dd30 bytes = 32 __FUNCTION__ = "client_input" #15 0x00007fa3a7547e6f in io_loop_call_io (io=0x148be10) at ioloop.c:441 ioloop = 0x1454730 t_id = 2 __FUNCTION__ = "io_loop_call_io" #16 0x00007fa3a7548d77 in io_loop_handler_run_internal (ioloop=ioloop at entry=0x1454730) at ioloop-epoll.c:220 ctx = 0x14553c0 list = 0x1456e20 io = tv = {tv_sec = 4, tv_usec = 998377} events_count = msecs = ret = 1 i = 0 call = __FUNCTION__ = "io_loop_handler_run_internal" #17 0x00007fa3a7547ed9 in io_loop_handler_run (ioloop=ioloop at entry=0x1454730) at ioloop.c:488 No locals. #18 0x00007fa3a7547f58 in io_loop_run (ioloop=0x1454730) at ioloop.c:465 __FUNCTION__ = "io_loop_run" #19 0x00007fa3a74f7133 in master_service_run (service=0x14545c0, callback=callback at entry=0x41ee50 ) at master-service.c:566 No locals. #20 0x000000000040b06f in main (argc=1, argv=0x1454390) at main.c:400 set_roots = {0x426ca0 , 0x0} login_set = {auth_socket_path = 0x144c048 "\001", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x41f200 , failure_callback = 0x41ef30 , request_auth_token = 1} service_flags = storage_service_flags = username = 0x0 c = -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From Ralf.Hildebrandt at charite.de Sun Jun 22 17:39:01 2014 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Sun, 22 Jun 2014 19:39:01 +0200 Subject: SIGSEGV in 2.2.13 with IMAP Proxying to an Exchange Server (dovecot/auth) Message-ID: <20140622173901.GC13382@charite.de> Reading symbols from /usr/lib/dovecot/auth...Reading symbols from /usr/lib/debug//usr/lib/dovecot/auth...done. done. Attaching to program: /usr/lib/dovecot/auth, process 29099 [New LWP 29099] Core was generated by `dovecot/auth'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f40b534c418 in array_append_i (count=, data=, array=) at ../../src/lib/array.h:148 #0 0x00007f40b534c418 in array_append_i (count=, data=, array=) at ../../src/lib/array.h:148 No locals. #1 imapc_connection_abort_commands_array (cmd_array=cmd_array at entry=0x2075270, dest_array=dest_array at entry=0x7fff4b6aa810, only_box=only_box at entry=0x0, keep_retriable=keep_retriable at entry=false) at imapc-connection.c:236 cmd = 0x7f40b61e3c1d i = 0 #2 0x00007f40b534c69d in imapc_connection_abort_commands (conn=0x20751a0, only_box=0x0, keep_retriable=) at imapc-connection.c:250 cmdp = cmd = tmp_array = {arr = {buffer = 0x203f6a0, element_size = 8}, v = 0x203f6a0, v_modifiable = 0x203f6a0} reply = {state = IMAPC_COMMAND_STATE_DISCONNECTED, resp_text_key = 0x0, resp_text_value = 0x0, text_full = 0x7f40b534f6a6 "Disconnected from server", text_without_resp = 0x7f40b534f6a6 "Disconnected from server"} #3 0x00007f40b61f7d7f in io_loop_handle_timeouts_real (ioloop=0x2047790) at ioloop.c:410 timeout = 0x2077e00 item = 0x2077e00 tv = {tv_sec = 0, tv_usec = 0} tv_call = {tv_sec = 1403450802, tv_usec = 614093} t_id = 3 #4 io_loop_handle_timeouts (ioloop=ioloop at entry=0x2047790) at ioloop.c:423 _data_stack_cur_id = 2 #5 0x00007f40b61f8d34 in io_loop_handler_run_internal (ioloop=ioloop at entry=0x2047790) at ioloop-epoll.c:193 ctx = 0x204d270 list = io = tv = {tv_sec = 29, tv_usec = 999992} events_count = msecs = 30000 ret = 0 i = call = __FUNCTION__ = "io_loop_handler_run_internal" #6 0x00007f40b61f7ed9 in io_loop_handler_run (ioloop=ioloop at entry=0x2047790) at ioloop.c:488 No locals. #7 0x00007f40b61f7f58 in io_loop_run (ioloop=0x2047790) at ioloop.c:465 __FUNCTION__ = "io_loop_run" #8 0x00007f40b61a7133 in master_service_run (service=0x2047620, callback=) at master-service.c:566 No locals. #9 0x000000000040b96b in main (argc=1, argv=0x2047390) at main.c:393 c = ----- End forwarded message ----- -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From laeeth at laeeth.com Sun Jun 22 21:17:24 2014 From: laeeth at laeeth.com (Laeeth Isharc) Date: Sun, 22 Jun 2014 22:17:24 +0100 Subject: Setting mail_attach_dir for destination on dsync Message-ID: Hi. What is the best way to do this, please ? I can override with -o but this applies to source as I read the docs. So I wish to do something like this dsync mirror -u myuser at me.com mdbox:/home/mail/myuser/mdboxcopy With either of: 1) attachments stored within message so mail_attachment_dir for dest being blank Or 2) attachments stored in a sub directory of mdboxcopy eg mdboxcopy/attach/ Timo hints that this is possible, but I cannot see how to do this, Any ideas ? Sent from my iPad From skdovecot at smail.inf.fh-brs.de Mon Jun 23 06:58:59 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 23 Jun 2014 08:58:59 +0200 (CEST) Subject: dovecot sieve vacation + lmtp protocol In-Reply-To: <53A2B0DA.1070103@medianetork.ro> References: <53A1B67D.70306@medianetork.ro> <53A20CF8.2070108@smail.inf.fh-brs.de> <53A2B0DA.1070103@medianetork.ro> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 19 Jun 2014, Florin Portase wrote: > It seems I found the error: > > it was this variable "submission_host" > > I had to setup "submission_host=localhost" fine > > If I'll change submission_host=medianetork.ro, vacation response did > not work. > > Also, from localhost I can connect to A record of medianetork.ro . But maybe the SMPT server rejected the message for some reason. > But I have to admit, I do not have a clear idea what's the purpose of > this variable. see: http://wiki2.dovecot.org/LDA?highlight=%28submission_host%29 you say to use SMTP to submit message instead of using the sendmail binary. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU6fQM3z1H7kL/d9rAQJQxAgAuNL6kRIrPH3JAGKsT1nQljZQRhaLcuzS HqxIXY2BK7yOEekChQzS52+Jxa2OjfmNnQWFzKrMKxgDnrXS+dlNhODZ0XNmk3BR 7VQx0/1OdfE69Qf3Zc8XI0GZt7wzPdXTetmY1BWfbK7wr45qFZ7P8k8henkX6bev LLno2+FiJiTWa5BHHU93nQm6X9dvr7E6yVRtA8YlSwM26sIdEz5qzCrLoeNtRj2v 05tR24ZYZSXDMYorO294mTMEhhFKcHBtB0W+cQa4E94vv4o0i9xTzOObS9fIkmAD ktwiGkAzE4VidgIqfF/0Saf5Ys9XYCp2MJwIwzJpIsCVAiZo1XKw2g== =t1MA -----END PGP SIGNATURE----- From tobias.dummert at schmetterling.de Mon Jun 23 08:43:01 2014 From: tobias.dummert at schmetterling.de (Tobias Dummert) Date: Mon, 23 Jun 2014 08:43:01 +0000 Subject: Dovecot authentication against active directory In-Reply-To: <87D70ABE8A85E140AFB71CE8FB2385971FBE01@srv-ex-data1> References: <87D70ABE8A85E140AFB71CE8FB2385971FBE01@srv-ex-data1> Message-ID: <87D70ABE8A85E140AFB71CE8FB2385971FBE1E@srv-ex-data1> Hello, i?ve got a problem with the dovecot authentication against active directory. I?m using dovecot 2.0.19 and windows server 2008 R2. When I try to login via telnet I get the following error message: a NO [AUTHENTICATIONFAILED] Authentication failed. My dovecot configuration: # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-60-generic x86_64 Ubuntu 12.04.4 LTS ext4 auth_mechanisms = plain login auth_username_format = %Lu disable_plaintext_auth = no first_valid_gid = 1001 first_valid_uid = 1001 last_valid_gid = 1001 last_valid_uid = 1001 log_path = /var/log/dovecot.log mail_location = maildir:/srv/mail/%u passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } protocols = imap ssl = no syslog_facility = local7 userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } valid_chroot_dirs = /srv/mail My dovecot-ldap.conf: hosts = ************** dn = CN=*****,OU=*****,OU=*****,OU=*****,DC=******,DC=*****,DC=de dnpass = **************** tls = no debug_level = -1 ldap_version = 2 base = OU=*****,DC=*****,DC=*****,DC=de deref = never scope = subtree user_attrs = sAMAccountName=home user_filter = (&(ObjectClass=user)(|(mail=%u)(sAMAccountName=%u))) pass_filter = (&(ObjectClass=user)(sAMAccountName=%u)) default_pass_scheme = plain could anybody help me with this problem? Thanks in advance! Regards, Tobias Dummert From pch at myzel.net Mon Jun 23 08:56:39 2014 From: pch at myzel.net (Peter Chiochetti) Date: Mon, 23 Jun 2014 10:56:39 +0200 Subject: ACL group vs. owner question In-Reply-To: <20140622130900.GA5682@nihlus.leuxner.net> References: <53A6D0A7.4010902@myzel.net> <20140622130900.GA5682@nihlus.leuxner.net> Message-ID: <53A7EBC7.3010002@myzel.net> Am 2014-06-22 15:09, schrieb Thomas Leuxner: > * Peter Chiochetti 2014.06.22 14:48: > >>> * owner lr >>> * group=SYS lrwstipekxa >>> doveadm(archiv): Info: User archiv has rights: lookup read > > What version is this? There used to be a bug in versions before 2.2.13 where only the first matching ACL line was applied. From the looks this could be the case here as only 'lr' is applied. > Thomas, thank you for your interest. This is with 2.2.13, after the mentioned bug was corrected. As nobody seems to know, whether such should work in stock dovecot, I guess I will have to take out all my config and try myself :( -- peter From berni at birkenwald.de Mon Jun 23 12:18:43 2014 From: berni at birkenwald.de (Bernhard Schmidt) Date: Mon, 23 Jun 2014 12:18:43 +0000 (UTC) Subject: OOM in Dovecot 2.2.13 imap Message-ID: Hi, we run Dovecot 2.2.13 on Debian Wheezy with a couple thousand mailboxes. We have two users that repeatedly trigger an OOM condition with IMAP. Jun 23 12:53:21 lxmhs74 dovecot: imap(USER): Fatal: pool_system_realloc(268435456): Out of memory Jun 23 12:53:21 lxmhs74 dovecot: imap(USER): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x6c15f) [0x7f11766cc15f] -> /usr/lib/dovecot/libdovecot.so.0(+0x6c1be) [0x7f11766cc1be] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f1176685568] -> /usr/lib/dovecot/libdovecot.so.0(+0x81e80) [0x7f11766e1e80] -> /usr/lib/dovecot/libdovecot.so.0(+0x86cda) [0x7f11766e6cda] -> /usr/lib/dovecot/libdovecot.so.0(+0x86f96) [0x7f11766e6f96] -> /usr/lib/dovecot/libdovecot.so.0(+0x87b48) [0x7f11766e7b48] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_sendv+0xcd) [0x7f11766e60cd] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_send+0x1a) [0x7f11766e615a] -> /usr/lib/dovecot/modules/lib30_imap_zlib_plugin.so(+0x5849) [0x7f1175692849] -> /usr/lib/dovecot/modules/lib30_imap_zlib_plugin.so(+0x5982) [0x7f1175692982] -> /usr/lib/dovecot/modules/lib30_imap_zlib_plugin.so(+0x5b62) [0x7f1175692b62] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_flush+0x4d) [0x7f11766e5d6d] -> /usr/lib/dovecot/libdovecot.so.0(+0x85e2c) [0x7f11766e5e2c] -> dovecot/imap [USER IP UID fetch](client_output+0xe9) [0x7f1176e8d269] -> /usr/lib/dovecot/libdovecot.so.0(+0x879d5) [0x7f11766e79d5] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x4e) [0x7f11766dcfbe] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd7) [0x7f11766ddfb7] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x7f11766dd049] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f11766dd0c8] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f117668a7b3] -> dovecot/imap [USER IP UID fetch](main+0x2ae) [0x7f1176e8152e] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7f11762f3ead] -> dovecot/imap [USER IP UID fetch](+0xd69d) [0x7f1176e8169d] Jun 23 12:53:21 lxmhs74 dovecot: imap(USER): Fatal: master: service(imap): child 33659 killed with signal 6 (core dumped) The gdb backtrace looks like this: gdb) bt full #0 0x00007f1176307475 in raise () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #1 0x00007f117630a6f0 in abort () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #2 0x00007f11766cc155 in default_fatal_finish (type=, status=status at entry=83) at failures.c:193 backtrace = 0x7f11789d4088 "/usr/lib/dovecot/libdovecot.so.0(+0x6c15f) [0x7f11766cc15f] -> /usr/lib/dovecot/libdovecot.so.0(+0x6c1be) [0x7f11766cc1be] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f1176685568] -> /usr/lib/d"... #3 0x00007f11766cc1be in i_internal_fatal_handler (ctx=0x7fff5ffedfb0, format=, args=) at failures.c:657 status = 83 #4 0x00007f1176685568 in i_fatal_status (status=status at entry=83, format=format at entry=0x7f1176702ba8 "pool_system_realloc(%lu): Out of memory") at failures.c:295 ctx = {type = LOG_TYPE_FATAL, exit_status = 83, timestamp = 0x0} args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff5ffee0a0, reg_save_area = 0x7fff5ffedfe0}} #5 0x00007f11766e1e80 in pool_system_realloc (pool=, mem=0x0, old_size=134217728, new_size=268435456) at mempool-system.c:134 __FUNCTION__ = "pool_system_realloc" #6 0x00007f11766e6cda in o_stream_grow_buffer (fstream=fstream at entry=0x7f11789f41c0, bytes=) at ostream-file.c:440 size = 268435456 new_size = end_size = #7 0x00007f11766e6f96 in o_stream_add (fstream=fstream at entry=0x7f11789f41c0, data=0x7f11789fe549, size=12113) at ostream-file.c:501 unused = sent = i = #8 0x00007f11766e7b48 in o_stream_file_sendv (stream=0x7f11789f41c0, iov=, iov_count=) at ostream-file.c:588 fstream = 0x7f11789f41c0 size = total_size = added = optimal_size = i = ret = 0 __FUNCTION__ = "o_stream_file_sendv" #9 0x00007f11766e60cd in o_stream_sendv (stream=0x7f11789f4250, iov=iov at entry=0x7fff5ffee1a0, iov_count=iov_count at entry=1) at ostream.c:239 _stream = 0x7f11789f41c0 i = total_size = 12113 ret = __FUNCTION__ = "o_stream_sendv" #10 0x00007f11766e615a in o_stream_send (stream=, data=, size=size at entry=12113) at ostream.c:217 iov = {iov_base = 0x7f11789fe549, iov_len = 12113} #11 0x00007f1175692849 in o_stream_zlib_send_outbuf (zstream=0x7f11789f9340) at ostream-zlib.c:94 ret = size = 12113 #12 0x00007f1175692982 in o_stream_zlib_send_flush (zstream=zstream at entry=0x7f11789f9340, final=final at entry=true) at ostream-zlib.c:189 zs = 0x7f11789f9420 len = done = false ret = flush = __FUNCTION__ = "o_stream_zlib_send_flush" #13 0x00007f1175692b62 in o_stream_zlib_flush (stream=0x7f11789f9340) at ostream-zlib.c:235 zstream = 0x7f11789f9340 ret = #14 0x00007f11766e5d6d in o_stream_flush (stream=stream at entry=0x7f11789f93d0) at ostream.c:157 _stream = 0x7f11789f9340 ret = 1 __FUNCTION__ = "o_stream_flush" #15 0x00007f11766e5e2c in o_stream_default_cork (_stream=0x7f11789f9340, set=) at ostream.c:429 No locals. #16 o_stream_default_cork (_stream=0x7f11789f9340, set=) at ostream.c:422 No locals. #17 0x00007f1176e8d269 in client_output (client=0x7f11789f4470) at imap-client.c:1019 ret = 0 __FUNCTION__ = "client_output" #18 0x00007f11766e79d5 in stream_send_io (fstream=0x7f11789f41c0) at ostream-file.c:468 ostream = 0x7f11789f4250 ret = #19 0x00007f11766dcfbe in io_loop_call_io (io=0x7f1178a5bbe0) at ioloop.c:441 ioloop = 0x7f11789dc750 t_id = 2 __FUNCTION__ = "io_loop_call_io" #20 0x00007f11766ddfb7 in io_loop_handler_run_internal (ioloop=ioloop at entry=0x7f11789dc750) at ioloop-epoll.c:220 ctx = 0x7f11789dd3e0 events = 0x0 event = 0x7f11789de250 list = 0x7f11789dee40 io = tv = {tv_sec = 297, tv_usec = 43980} events_count = msecs = ret = 1 i = call = __FUNCTION__ = "io_loop_handler_run_internal" #21 0x00007f11766dd049 in io_loop_handler_run (ioloop=ioloop at entry=0x7f11789dc750) at ioloop.c:488 No locals. #22 0x00007f11766dd0c8 in io_loop_run (ioloop=0x7f11789dc750) at ioloop.c:465 __FUNCTION__ = "io_loop_run" #23 0x00007f117668a7b3 in master_service_run (service=0x7f11789dc5e0, callback=callback at entry=0x7f1176e96a00 ) at master-service.c:566 No locals. #24 0x00007f1176e8152e in main (argc=1, argv=0x7f11789dc390) at main.c:400 set_roots = {0x7f11770a4960, 0x0} login_set = {auth_socket_path = 0x7f11789d4048 "\001", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x7f1176e96880 , failure_callback = 0x7f1176e96580 , request_auth_token = 1} service_flags = storage_service_flags = username = 0x0 c = I already deleted the index, but the issue persists. Bernhard From skdovecot at smail.inf.fh-brs.de Mon Jun 23 14:38:33 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 23 Jun 2014 16:38:33 +0200 (CEST) Subject: OOM in Dovecot 2.2.13 imap In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 23 Jun 2014, Bernhard Schmidt wrote: > > we run Dovecot 2.2.13 on Debian Wheezy with a couple thousand mailboxes. > We have two users that repeatedly trigger an OOM condition with IMAP. Do those users have mailboxes extra ordinary large or is one message of them extra ordinary large? Jun 23 12:53:21 lxmhs74 dovecot: imap(USER): Fatal: pool_system_realloc(268435456): Out of memory this number likely mean 256MB, is one of your memory limits that large? You can see all limits with dovecot -a (note the "-a" instead of "-n"). Memory limits are vsz_limit, IMHO. I had to increase some vsz_limits, because one particular large message caused an out of memory during LMTP. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU6g76nz1H7kL/d9rAQJeqggApw27K6NvoVJNs8zH/MeqY8sRYzooOziQ fJ6pIJS2I86ChaG/DjJkmlds17GSdBaM55FS94yrC+arBZMh/jVTe4KXcyzQMyzq GtPQzWsW3LJdFGTF7RMai74bKU/ca+uIlNCtS2rznsH6p6BnJJWlE9Nml6vPEfQg CbvED7gs+L+dclwTuKjew/6XINBaVda7k5Ow2QO+Hn7nWbnldx7QBr7sbjWPIyHy SU6VO2tUPir+bjs16yd7uEUsTzYbpK33UUKOPBX5Dw3PWzYTh8oUpCuUW0LbSjIP Og2x+PZ1U+0Mz5yPB7sQIegXhuon0K7bOTuNUWuErmRBItFBMTsIUg== =s88s -----END PGP SIGNATURE----- From bob at computerisms.ca Mon Jun 23 16:54:41 2014 From: bob at computerisms.ca (Bob Miller) Date: Mon, 23 Jun 2014 09:54:41 -0700 Subject: Dovecot authentication against active directory In-Reply-To: <87D70ABE8A85E140AFB71CE8FB2385971FBE1E@srv-ex-data1> References: <87D70ABE8A85E140AFB71CE8FB2385971FBE01@srv-ex-data1> <87D70ABE8A85E140AFB71CE8FB2385971FBE1E@srv-ex-data1> Message-ID: <1403542481.3133.345.camel@worklian> Hi , > My dovecot-ldap.conf: > > > hosts = ************** > dn = CN=*****,OU=*****,OU=*****,OU=*****,DC=******,DC=*****,DC=de > dnpass = **************** > tls = no > debug_level = -1 > ldap_version = 2 > base = OU=*****,DC=*****,DC=*****,DC=de > deref = never > scope = subtree > user_attrs = sAMAccountName=home > user_filter = (&(ObjectClass=user)(|(mail=%u)(sAMAccountName=%u))) > pass_filter = (&(ObjectClass=user)(sAMAccountName=%u)) > default_pass_scheme = plain I could be wrong, but I think you must have TLS to connect to AD. sAMAccountName, at least in cases I am familiar with, does not match a full email address, try %n instead of %u, or filter on userPrincipal instead. do you have a mail attribute in your active directory? I would suggest start by getting it working with just the sAMAccountName in your user/pass_filter lines, then flesh out your filters after you have that working... > > could anybody help me with this problem? > Thanks in advance! > > > Regards, > > Tobias Dummert From pch at myzel.net Mon Jun 23 17:20:38 2014 From: pch at myzel.net (Peter Chiochetti) Date: Mon, 23 Jun 2014 19:20:38 +0200 Subject: ACL group-override question In-Reply-To: <53A0AC20.20102@myzel.net> References: <539F50EA.2000808@myzel.net> <53A0AC20.20102@myzel.net> Message-ID: <53A861E6.2070009@myzel.net> Previous posts below, here why I guess this one fails: http://hg.dovecot.org/dovecot-2.2/file/c55c660d6e9d/src/plugins/acl/acl-api.c#l744 It says: ?a user can't match multiple usernames? In my setup this is not true: there is only one user, but she goes by several names. (Like in /etc/passwd several users can have the same ID.) I do not understand the source, but I guess the acl is attached to the "user" and therefore I am out of luck in my adventure: no way short of having a "userdb_acl_user" parameter in passdb. Kind regards Peter Am 2014-06-17 22:59, schrieb Peter Chiochetti: >> Trying to get ACLs working, very basic setup: >> >> Virtual users are put into different acl_group via passdb. >> >>> u:{PLAIN}B::::::userdb_acl_groups=g >> >> The global acl file restricts what they can do. >> >>> * group-override=g >>> * group=g lr >> >> Shouldn't this mean, that the group rights override the user rights? >> >> The effect that I see though is, that the user "u" then may not do >> anything, not even lookup and read. > > Further to this experiment, I made the ACLs to not use any group > settings at all, only trying to lock down the server for anybody, like > that: > >> root at xxx:/etc/dovecot# cat dovecot-acl >> * user=archiv lr >> * owner lr >> * authenticated lr >> * anyone lr > > Yet, I still can delete messages from anywhere - What am I missing? > > Below system setup info (dovecot from bigmichi1 ppa): > >> root at xxx:/etc/dovecot# doveconf -n >> # 2.2.13 (6bb26098a45c): /etc/dovecot/dovecot.conf >> # OS: Linux 3.2.0-64-generic x86_64 Ubuntu 12.04.4 LTS >> mail_debug = yes >> mail_location = maildir:~/Maildir >> mail_log_prefix = "%s(%{auth_user}): " >> mail_plugins = " acl fts fts_solr mail_log notify" >> namespace inbox { >> inbox = yes >> location = >> mailbox Drafts { >> special_use = \Drafts >> } >> mailbox Junk { >> special_use = \Junk >> } >> mailbox Sent { >> special_use = \Sent >> } >> mailbox "Sent Messages" { >> special_use = \Sent >> } >> mailbox Trash { >> special_use = \Trash >> } >> prefix = >> } >> passdb { >> args = /etc/dovecot/passwd >> driver = passwd-file >> } >> plugin { >> acl = vfile:/etc/dovecot/dovecot-acl >> fts = solr >> fts_autoindex = yes >> fts_solr = url=http://localhost:8983/solr/ >> mail_log_events = save copy delete undelete expunge mailbox_create >> mailbox_rename mailbox_delete >> mail_log_fields = uid box msgid from subject >> } >> protocols = " imap" >> ssl_cert = > ssl_key = > userdb { >> args = uid=archiv gid=archiv home=/home/archiv user=archiv >> driver = static >> } > > The virtual users all act as the system user, their names are just icing > for auditing. > From slitt at troubleshooters.com Mon Jun 23 17:56:49 2014 From: slitt at troubleshooters.com (Steve Litt) Date: Mon, 23 Jun 2014 13:56:49 -0400 Subject: Wheezy Dovecot workarounds Message-ID: <20140623135649.44133def@mydesk> Hi all, In switching from Ubuntu to Debian Wheezy (7.5 64bit, network install), I'm finding some surprises in getting Dovecot to work. PROBLEM: As installed, the package manager doesn't give you the dovecot executable. WORKAROUND: To install the dovecot executable, you need to follow these instructions: http://wiki2.dovecot.org/HowTo/DebianStable PROBLEM: Even when you install Dovecot, it doesn't work, as evidenced by the inability of a local email client to talk to it. Further elements of the symptom are that nmap -A -T4 LocalIPAddress, whether LocalIPAddress is the IP of eth0, or 127.0.0.1, fails to find any open ports. Telnet can't operate dovecot at port 143, and openssl can't operate it at 993. However, bizarrly, executing these same commands on a remote machine into the original machine (including accessing the machine's Dovecot from an email client) work perfectly. WORKAROUND To "solve" this problem, do the following raindance as root: ifdown lo ifup lo After the raindance, local access to Dovecot works perfectly, and all nmap commands perform as expected. LOL, hey man, don't shoot me, I'm just the messenger. SteveT Steve Litt * http://www.troubleshooters.com/ Troubleshooting Training * Human Performance From rs at sys4.de Mon Jun 23 18:29:51 2014 From: rs at sys4.de (Robert Schetterer) Date: Mon, 23 Jun 2014 20:29:51 +0200 Subject: Wheezy Dovecot workarounds In-Reply-To: <20140623135649.44133def@mydesk> References: <20140623135649.44133def@mydesk> Message-ID: <53A8721F.1020505@sys4.de> Am 23.06.2014 19:56, schrieb Steve Litt: > Hi all, > > In switching from Ubuntu to Debian Wheezy (7.5 64bit, network install), > I'm finding some surprises in getting Dovecot to work. > > PROBLEM: > As installed, the package manager doesn't give you the dovecot > executable. > > WORKAROUND: > To install the dovecot executable, you need to follow these > instructions: > > http://wiki2.dovecot.org/HowTo/DebianStable > > PROBLEM: > Even when you install Dovecot, it doesn't work, as evidenced by the > inability of a local email client to talk to it. Further elements of > the symptom are that nmap -A -T4 LocalIPAddress, whether LocalIPAddress > is the IP of eth0, or 127.0.0.1, fails to find any open ports. Telnet > can't operate dovecot at port 143, and openssl can't operate it at 993. > However, bizarrly, executing these same commands on a remote machine > into the original machine (including accessing the machine's Dovecot > from an email client) work perfectly. > > WORKAROUND > To "solve" this problem, do the following raindance as root: > > ifdown lo > ifup lo > > After the raindance, local access to Dovecot works perfectly, and all > nmap commands perform as expected. > > LOL, hey man, don't shoot me, I'm just the messenger. > > SteveT > > Steve Litt * http://www.troubleshooters.com/ > Troubleshooting Training * Human Performance > contact distro mantainer looks like https://packages.debian.org/de/wheezy-backports/dovecot-core latest possible is vers 2.2.9 from wheezy which at last isnt up2date Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From berni at birkenwald.de Mon Jun 23 19:06:37 2014 From: berni at birkenwald.de (Bernhard Schmidt) Date: Mon, 23 Jun 2014 21:06:37 +0200 Subject: OOM in Dovecot 2.2.13 imap In-Reply-To: References: Message-ID: <53A87ABD.6020606@birkenwald.de> On 23.06.2014 16:38, Steffen Kaiser wrote: > On Mon, 23 Jun 2014, Bernhard Schmidt wrote: >> >> we run Dovecot 2.2.13 on Debian Wheezy with a couple thousand mailboxes. >> We have two users that repeatedly trigger an OOM condition with IMAP. > > Do those users have mailboxes extra ordinary large or is one message of > them extra ordinary large? No, not particularly. 8000 Mails (2GB total), the largest mail is 20MB. > > Jun 23 12:53:21 lxmhs74 dovecot: imap(USER): Fatal: > pool_system_realloc(268435456): Out of memory > > this number likely mean 256MB, is one of your memory limits that large? > You can see all limits with dovecot -a (note the "-a" instead of "-n"). > Memory limits are vsz_limit, IMHO. No memory limits outside of dovecot. In dovecot there are the default settings default_vsz_limit = 256 M service imap { [...] vsz_limit = 18446744073709551615 B } Since the largest IMAP processes I can observe are at around 70MB VIRT (43MB RSS) I suspect vsz_limit is doing what it is supposed to do (limit memory consumption of a run-away process) and something went wrong in that mailbox. Thus the backtrace, hoping for someone to confirm. Regards, Bernhard From guilhem at fripost.org Mon Jun 23 21:03:02 2014 From: guilhem at fripost.org (Guilhem Moulin) Date: Mon, 23 Jun 2014 23:03:02 +0200 Subject: Wishlist: add a variable %{x509} expanding to the client cert in Dovecot-auth Message-ID: <20140623210302.GA19124@localhost> Hi there, As of Dovecot 2.2.9, it's possible to enable passwordless authentication using client certificates [1]: ssl_ca = From skdovecot at smail.inf.fh-brs.de Tue Jun 24 06:14:58 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 24 Jun 2014 08:14:58 +0200 (CEST) Subject: OOM in Dovecot 2.2.13 imap In-Reply-To: <53A87ABD.6020606@birkenwald.de> References: <53A87ABD.6020606@birkenwald.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 23 Jun 2014, Bernhard Schmidt wrote: > On 23.06.2014 16:38, Steffen Kaiser wrote: >> On Mon, 23 Jun 2014, Bernhard Schmidt wrote: >>> >>> we run Dovecot 2.2.13 on Debian Wheezy with a couple thousand mailboxes. >>> We have two users that repeatedly trigger an OOM condition with IMAP. >> >> Do those users have mailboxes extra ordinary large or is one message of >> them extra ordinary large? > > No, not particularly. 8000 Mails (2GB total), the largest mail is 20MB. >> >> Jun 23 12:53:21 lxmhs74 dovecot: imap(USER): Fatal: >> pool_system_realloc(268435456): Out of memory >> >> this number likely mean 256MB, is one of your memory limits that large? >> You can see all limits with dovecot -a (note the "-a" instead of "-n"). >> Memory limits are vsz_limit, IMHO. > > No memory limits outside of dovecot. In dovecot there are the default > settings > > default_vsz_limit = 256 M > service imap { > [...] > vsz_limit = 18446744073709551615 B > } Do you run Dovecot in High-Peformance mode or Security mode? > Since the largest IMAP processes I can observe are at around 70MB VIRT (43MB > RSS) I suspect vsz_limit is doing what it is supposed to do (limit memory > consumption of a run-away process) and something went wrong in that mailbox. > Thus the backtrace, hoping for someone to confirm. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU6kXYnz1H7kL/d9rAQIxWggAn9OnpE8oqc9tWGZIkbRYsRiBeXZNETFy CNBYmEQxhP2aYHd1zqFsdrpuve4ZrgBL56AE9Vv9HnZcnrD9yin1aFgN2efmAiBX J7j8o5cpGtZRfBmTJzNXm5+ZT6rSlZTYGfkuooQHw3xSZhlTCMCkUlOFbUXTgbHW Dm6jrZo2Obu2rRgd6QazynD1/uJwiNQV8BEGELTJyHFtegSOjyv575SfuRmgIrIT DeYJm/m6RcYI4cUdQUqm6xS6Q+siHAFx2sDIOmKBHKKW8GY4uYLOtvRJIJ5pHG02 p9ncYIRi5IRUwIMgrOYU47zPYFIrwFVsOGPcSoyCavYBr9tK33sEqw== =ML0o -----END PGP SIGNATURE----- From jost+lists at dimejo.at Tue Jun 24 07:35:14 2014 From: jost+lists at dimejo.at (Alex JOST) Date: Tue, 24 Jun 2014 09:35:14 +0200 Subject: Wheezy Dovecot workarounds In-Reply-To: <20140623135649.44133def@mydesk> References: <20140623135649.44133def@mydesk> Message-ID: <53A92A32.1010609@dimejo.at> Am 23.06.2014 19:56, schrieb Steve Litt: > Hi all, > > In switching from Ubuntu to Debian Wheezy (7.5 64bit, network install), > I'm finding some surprises in getting Dovecot to work. > > PROBLEM: > As installed, the package manager doesn't give you the dovecot > executable. > > WORKAROUND: > To install the dovecot executable, you need to follow these > instructions: > > http://wiki2.dovecot.org/HowTo/DebianStable > > PROBLEM: > Even when you install Dovecot, it doesn't work, as evidenced by the > inability of a local email client to talk to it. Further elements of > the symptom are that nmap -A -T4 LocalIPAddress, whether LocalIPAddress > is the IP of eth0, or 127.0.0.1, fails to find any open ports. Telnet > can't operate dovecot at port 143, and openssl can't operate it at 993. > However, bizarrly, executing these same commands on a remote machine > into the original machine (including accessing the machine's Dovecot > from an email client) work perfectly. > > WORKAROUND > To "solve" this problem, do the following raindance as root: > > ifdown lo > ifup lo > > After the raindance, local access to Dovecot works perfectly, and all > nmap commands perform as expected. > > LOL, hey man, don't shoot me, I'm just the messenger. > > SteveT > > Steve Litt * http://www.troubleshooters.com/ > Troubleshooting Training * Human Performance > I've just checked with a fresh installation and it's working flawlessly on my server. Dovecot is started after installation and listening. -- Alex JOST From me at rvijay.me Tue Jun 24 07:58:33 2014 From: me at rvijay.me (Vijay Rajah) Date: Tue, 24 Jun 2014 13:28:33 +0530 Subject: Mangesieve security question Message-ID: <53A92FA9.40706@rvijay.me> Hello, I have a dovecot 2.2.6 on a Linux platform. I have configured manageseive extension. I have opened the manageseive port (4190) to entire world. (since I need my thunderbird and other clients to create seive scripts). I just wanted to know if it is ok to open that port to everyone, and get some feedback on some security measures specific to manageseive. -Thanks in advance Vijay PS: I have taken reasonable server hardening measures. This question is specific to manageseive. From skdovecot at smail.inf.fh-brs.de Tue Jun 24 08:04:09 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 24 Jun 2014 10:04:09 +0200 (CEST) Subject: Mangesieve security question In-Reply-To: <53A92FA9.40706@rvijay.me> References: <53A92FA9.40706@rvijay.me> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 24 Jun 2014, Vijay Rajah wrote: > PS: I have taken reasonable server hardening measures. This question is > specific to manageseive. You can search the list archive or CERN for security reports about Dovecot's ManageSieve implementation, other than that, IMHO, all what applies to Dovecot in general (IMAP, POP3) applies to ManageSieve, no specials here. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU6kw+Xz1H7kL/d9rAQLRfwgAry6HWqh79/7urvU+EAo40Z83s0tvdmay gkT+IDmrnpREaP2YBVHrRrlGcVv6/23RbpJcZUjJU1fNQ0mGXWprLuzU4sM2z0nQ z0Nil4Lv0/KNLYSodVYKK4V7xU0pFiJ/Ox54lHRkUoBjsI6oO/GYGP6sge+yYWPo IB9mnIl9hcwcb60prdMa6FNJXEUijPs/z/u29KxVgfAkHnAi6glkrWnh/Y5xJ4F8 Xu45/CXos1BkSnBXVofcY+SmUSEWAPLe4bIfKwatcx1i3jmo5DlD/6I9QqdS6I4Q 7nJt/aPQiWUYL0QwP4mnlxFkuW6TK1FdKeTR7eGD6eEzwP4hBpUahg== =0ODb -----END PGP SIGNATURE----- From bourek at thinline.cz Tue Jun 24 08:33:23 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Tue, 24 Jun 2014 10:33:23 +0200 Subject: Wheezy Dovecot workarounds In-Reply-To: <53A8721F.1020505@sys4.de> References: <20140623135649.44133def@mydesk> <53A8721F.1020505@sys4.de> Message-ID: <53A937D3.40502@thinline.cz> On 23.6.2014 20:29, Robert Schetterer wrote: > Am 23.06.2014 19:56, schrieb Steve Litt: >> Hi all, >> >> In switching from Ubuntu to Debian Wheezy (7.5 64bit, network install), >> I'm finding some surprises in getting Dovecot to work. >> >> PROBLEM: >> As installed, the package manager doesn't give you the dovecot >> executable. >> >> WORKAROUND: >> To install the dovecot executable, you need to follow these >> instructions: >> >> http://wiki2.dovecot.org/HowTo/DebianStable >> >> PROBLEM: >> Even when you install Dovecot, it doesn't work, as evidenced by the >> inability of a local email client to talk to it. Further elements of >> the symptom are that nmap -A -T4 LocalIPAddress, whether LocalIPAddress >> is the IP of eth0, or 127.0.0.1, fails to find any open ports. Telnet >> can't operate dovecot at port 143, and openssl can't operate it at 993. >> However, bizarrly, executing these same commands on a remote machine >> into the original machine (including accessing the machine's Dovecot >> from an email client) work perfectly. >> >> WORKAROUND >> To "solve" this problem, do the following raindance as root: >> >> ifdown lo >> ifup lo >> >> After the raindance, local access to Dovecot works perfectly, and all >> nmap commands perform as expected. >> >> LOL, hey man, don't shoot me, I'm just the messenger. >> >> SteveT >> >> Steve Litt * http://www.troubleshooters.com/ >> Troubleshooting Training * Human Performance >> > > contact distro mantainer > > looks like > > https://packages.debian.org/de/wheezy-backports/dovecot-core > > latest possible is vers 2.2.9 from wheezy > > which at last isnt up2date > > > > Best Regards > MfG Robert Schetterer > Considering the link http://wiki2.dovecot.org/HowTo/DebianStable I'd say he's not trying to install Dovecot from Debian repository. (Which works correctly btw.) The wiki page directs you to use some repostitory www.backports.org, maybe it would be worth mentioning wheezy-backports too. From bind at enas.net Tue Jun 24 08:40:31 2014 From: bind at enas.net (Urban Loesch) Date: Tue, 24 Jun 2014 10:40:31 +0200 Subject: Crash in service imap with version 2.2.13 Message-ID: <53A9397F.6060008@enas.net> Hi, yesterday I upgraded to version 2.2.13 under Debian Squeeze. Since today morning sometimes my logfile shows the folling error: .. Jun 24 10:14:16 mailstore dovecot: imap(user at domain.net pid:23434 session:): Fatal: master: service(imap): child 23434 killed with signal 11 (core dumped) ... The kernel error log shows: ... Jun 24 10:14:16 mailstore kernel: [13959701.899726] imap[23434]: segfault at 1012acec0 ip 00007f7dd89b5e52 sp 00007ffffd33d9b0 error 4 in libdovecot-storage.so.0.0.0[7f7dd88ed000+10d000] ... This seems only to happen in conjunction with Horde Webmail. Other IMAP clients aren't affected. I made a backtrace: -----> start backtrace <----- Core was generated by `dovecot/imap'. Program terminated with signal 11, Segmentation fault. #0 mail_index_strmap_uid_exists (ctx=0x7ffffd33d9f0, uid=8442) at mail-index-strmap.c:395 395 mail-index-strmap.c: No such file or directory. in mail-index-strmap.c (gdb) bt full #0 mail_index_strmap_uid_exists (ctx=0x7ffffd33d9f0, uid=8442) at mail-index-strmap.c:395 rec = 0x1012acec0 #1 0x00007f7dd89b79ab in mail_index_strmap_view_renumber (_sync=) at mail-index-strmap.c:842 ctx = {view = 0x12b2d80, input = 0x0, end_offset = 0, highest_str_idx = 0, uid_lookup_seq = 0, lost_expunged_uid = 0, data = 0x0, end = 0x0, str_idx_base = 0x0, rec = {uid = 0, ref_index = 0, str_idx = 0}, next_ref_index = 0, rec_size = 0, too_large_uids = 0} str_idx = 0 count = 1 ret = prev_uid = 8442 i = 0 dest = 0 count2 = #2 mail_index_strmap_write (_sync=) at mail-index-strmap.c:1189 ret = #3 mail_index_strmap_view_sync_commit (_sync=) at mail-index-strmap.c:1236 sync = view = #4 0x00007f7dd899fc23 in mail_thread_index_map_build (box=, args=, ctx_r=) at index-thread.c:332 last_uid = 8442 search_ctx = mail = seq1 = 0 tbox = 0x12af2e0 headers_ctx = 0x12b7e50 search_args = seq2 = wanted_headers = {0x7f7dd89d8542 "message-id", 0x7f7dd89d9f96 "in-reply-to", 0x7f7dd89d9fa2 "references", 0x0} #5 mail_thread_init (box=, args=, ctx_r=) at index-thread.c:569 tbox = 0x12af2e0 ctx = 0x12afc10 search_ctx = 0x12b2b20 ret = __FUNCTION__ = "mail_thread_init" #6 0x0000000000414ef3 in imap_thread (cmd=0x12a7eb0) at cmd-thread.c:90 ctx = str = 0x12afbd0 #7 cmd_thread (cmd=0x12a7eb0) at cmd-thread.c:281 client = 0x12a72b0 thread_type = MAIL_THREAD_REFERENCES sargs = 0x12b04a0 args = 0x128faf8 charset = 0x128fc18 "US-ASCII" str = 0x128fc08 "REFERENCES" ret = #8 0x00000000004181fd in command_exec (cmd=0x12a7eb0) at imap-commands.c:158 hook = 0x128d110 ret = #9 0x00000000004172e0 in client_command_input (cmd=0x12a7eb0) at imap-client.c:778 client = 0x12a72b0 command = __FUNCTION__ = "client_command_input" #10 0x0000000000417376 in client_command_input (cmd=0x12a7eb0) at imap-client.c:839 client = 0x12a72b0 command = 0x12acd00 __FUNCTION__ = "client_command_input" #11 0x000000000041765d in client_handle_next_command (client=0x12a72b0) at imap-client.c:877 No locals. #12 client_handle_input (client=0x12a72b0) at imap-client.c:889 _data_stack_cur_id = 3 ret = 80 remove_io = handled_commands = false ---Type to continue, or q to quit--- __FUNCTION__ = "client_handle_input" #13 0x00000000004179ef in client_input (client=0x12a72b0) at imap-client.c:931 cmd = output = 0x12a7cf0 bytes = __FUNCTION__ = "client_input" #14 0x00007f7dd869808e in io_loop_call_io (io=0x12a7dc0) at ioloop.c:441 ioloop = 0x128c760 t_id = 2 __FUNCTION__ = "io_loop_call_io" #15 0x00007f7dd869923f in io_loop_handler_run_internal (ioloop=) at ioloop-epoll.c:220 ctx = 0x128d3f0 event = 0x128e260 list = 0x128ee50 io = 0x12acde0 tv = {tv_sec = 4, tv_usec = 996567} msecs = ret = 1 i = 0 call = false __FUNCTION__ = "io_loop_handler_run_internal" #16 0x00007f7dd8698119 in io_loop_handler_run (ioloop=0x12acde0) at ioloop.c:488 No locals. #17 0x00007f7dd86981a8 in io_loop_run (ioloop=0x128c760) at ioloop.c:465 __FUNCTION__ = "io_loop_run" #18 0x00007f7dd8645153 in master_service_run (service=0x128c5f0, callback=0x20fa) at master-service.c:566 No locals. #19 0x0000000000420f87 in main (argc=1, argv=0x128c3a0) at main.c:410 set_roots = {0x428fc0, 0x0} login_set = {auth_socket_path = 0x1284050 "\210@(\001", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x421180 , failure_callback = 0x421120 , request_auth_token = 1} service_flags = storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT username = 0x0 c = -----> end backtrace <----- Have you any idea how I can solve this? Many thanks Urban Loesch doveconf -n: ... # 2.2.13 (38cd37cea8b1): /etc/dovecot/dovecot.conf # OS: Linux 3.4.67-vs2.3.3.9-rol-em64t-efigpt x86_64 Debian 6.0.9 ext4 auth_cache_negative_ttl = 0 auth_cache_size = 80 M auth_cache_ttl = 1 weeks auth_mechanisms = plain login auth_verbose = yes default_client_limit = 2000 deliver_log_format = msgid=%m: %$ %p %w disable_plaintext_auth = no login_trusted_networks = INTERNAL_IPS mail_gid = mailstore mail_location = mdbox:/home/vmail/%d/%n:INDEX=/home/dovecotindex/%d/%n mail_log_prefix = "%s(%u pid:%p session:<%{session}>): " mail_plugins = " quota mail_log notify zlib" mail_uid = mailstore mailbox_idle_check_interval = 1 mins managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate imapflags notify mdbox_rotate_size = 10 M namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Items" { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-sql-account.conf driver = sql } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change save mailbox_create append mail_log_fields = uid box msgid size from mail_log_group_events = no quota = dict:Storage used::file:%h/dovecot-quota quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_max_redirects = 15 zlib_save = gz zlib_save_level = 9 } protocols = imap pop3 lmtp sieve service auth-worker { service_count = 0 vsz_limit = 512 M } service auth { unix_listener auth-userdb { group = mailstore mode = 0660 user = root } } service imap-login { inet_listener imap { port = 143 } process_limit = 256 process_min_avail = 50 service_count = 1 } service imap { process_limit = 2048 process_min_avail = 50 service_count = 1 vsz_limit = 512 M } service lmtp { inet_listener lmtp { address = * port = 24 } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service pop3-login { inet_listener pop3 { port = 110 } process_limit = 256 process_min_avail = 25 service_count = 1 } service pop3 { process_limit = 256 process_min_avail = 25 service_count = 1 } service quota-warning { executable = script /usr/local/rol/dovecot/quota-warning.sh unix_listener quota-warning { user = mailstore } user = mailstore } ssl = no ssl_cert = mail_max_userip_connections = 40 mail_plugins = " quota mail_log notify zlib imap_quota imap_zlib" } protocol pop3 { mail_plugins = " quota mail_log notify zlib" pop3_logout_format = bytes_sent=%o top=%t/%p, retr=%r/%b, del=%d/%m, size=%s uidl_hash=%u session=<%{session}> } .... From pbopbo at freemail.hu Tue Jun 24 13:04:20 2014 From: pbopbo at freemail.hu (Peter Benko) Date: Tue, 24 Jun 2014 15:04:20 +0200 (CEST) Subject: Bug/feature: mail fs pollution on IMAP select namespace/{non-existent} Message-ID: Hi all, I have noticed a strange behavior with dovecot (tested with 2.2.13). I use shared folders to share mailboxes between users. I have a namespace called "Accounts" that hosts the shared folder for the users (prefix Accounts/%%n/). However, When I issue an IMAP select command on a random non-existent mailbox name under "Accounts", dovecot auto-creates it and pollutes my mail root directory: Python test code snippet: imapConn=imaplib.IMAP4_SSL(serverIP, serverPort) imapConn.login(serverLogin, serverPass) print imapConn.select("Accounts/NonExistentMailbox") imapConn.logout() Resulting in this: drwxr-x--- 1 vmail vmail 4096 Jun 12 10:00 _attachments_ >>> drwx------ 1 vmail vmail 4096 Jun 24 14:27 NonExistentMailbox <<< drwxr-x--- 1 vmail vmail 4096 Jun 24 00:54 user1 drwxr-x--- 1 vmail vmail 4096 Jun 24 01:24 user2 ... -rwxr-x--- 1 vmail vmail 72 Jun 24 14:27 shared-mailboxes.db ls -l NonExistentMailbox/ -rw------- 1 vmail vmail 0 Jun 24 14:27 dovecot-acl-list drwx------ 1 vmail vmail 4096 Jun 24 14:27 mailboxes <<< (empty) I attached a debug log and and my sanitized dovecot config. Please help! Is this a bug or a feature? I assume it might even cause more serious problems e.g., if I would select "Accounts/_attachments_" or something similar... I noticed this behavior with the latest Thunderbird client when I tried to subscribe to shared folders and it started to pollute my mail dirs (which signals that Thunderbird might be also buggy as it should not select non-existent folders under "Accounts"). I just reproduced it for simplicity with the above python script. Best regards, Peter debug log --------- Jun 24 14:27:51 efi-backup dovecot: imap-login: Login: user=, method=PLAIN, rip=192.168.1.1, lip=192.168.1.3, mpid=10787, TLS, session= Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Loading modules from directory: /usr/lib/dovecot/modules Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib02_imap_acl_plugin.so Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib20_zlib_plugin.so Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Added userdb setting: plugin/master_user=user2 at domain.com Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Effective uid=5000, gid=5000, home=/mail/mailboxes/domain.com/user2 Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~ Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: fs: root=/mail/mailboxes/domain.com/user2, index=, indexpvt=, control=, inbox=, alt= Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: initializing backend with data: vfile Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: acl username = user2 at domain.com Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: owner = 1 Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile: Global ACLs disabled Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Namespace : type=shared, prefix=Accounts/%n/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no location=mdbox:/mail/mailboxes/%d/%n:INDEX=/mail/mailboxes/%d/%n:INDEXPVT=/mail/mailboxes/domain.com/user2/indexpvt-accounts/%n Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: initializing backend with data: vfile Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: acl username = user2 at domain.com Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: owner = 0 Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile: Global ACLs disabled Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: fs: root=/mail/mailboxes/domain.com/NonExistentMailbox, index=, indexpvt=/mail/mailboxes/domain.com/user2/indexpvt-accounts/NonExistentMailbox, control=, inbox=, alt= Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Namespace : /mail/mailboxes/domain.com/NonExistentMailbox doesn't exist yet, using default permissions Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Namespace : Using permissions from /mail/mailboxes/domain.com/NonExistentMailbox: mode=0700 gid=default Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: initializing backend with data: vfile Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: acl username = user2 at domain.com Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: owner = 0 Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile: Global ACLs disabled Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: fs: root=/mail/mailboxes/domain.com/NonExistentMailbox, index=, indexpvt=/mail/mailboxes/domain.com/user2/indexpvt-accounts/NonExistentMailbox, control=, inbox=, alt= Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: initializing backend with data: vfile Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: acl username = user2 at domain.com Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: owner = 0 Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile: Global ACLs disabled Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile: file /mail/mailboxes/domain.com/NonExistentMailbox/mailboxes/INBOX/dbox-Mails/dovecot-acl not found Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Namespace Accounts/NonExistentMailbox/: Using permissions from /mail/mailboxes/domain.com/NonExistentMailbox: mode=0700 gid=default Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile: file /mail/mailboxes/domain.com/NonExistentMailbox/mailboxes/INBOX/dbox-Mails/dovecot-acl not found Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Disconnected: Logged out in=56 out=481 doveconf -n ----------- # 2.2.13 (38cd37cea8b1): /etc/dovecot/dovecot.conf auth_master_user_separator = * auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain hostname = mail.domain.com listen = * login_greeting = $hostname IMAP server mail_attachment_dir = /mail/mailboxes/%d/_attachments_ mail_attachment_fs = sis-queue /mail/mailboxes/%d/_attachments_/queue:posix mail_attachment_min_size = 16 k mail_debug = yes mail_location = mdbox:~ mail_plugins = " zlib acl" mdbox_rotate_interval = 5 days mdbox_rotate_size = 5 M namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = mdbox:/mail/mailboxes/%%d/%%n:INDEX=/mail/mailboxes/%%d/%%n:INDEXPVT=/mail/mailboxes/%d/%n/indexpvt-accounts/%%n prefix = Accounts/%%n/ separator = / subscriptions = no type = shared } passdb { args = /mail/config/dovecot/passwd driver = passwd-file } passdb { args = /mail/config/dovecot/passwd-master driver = passwd-file master = yes pass = yes } plugin { acl = vfile acl_defaults_from_inbox = yes acl_shared_dict = file:/mail/mailboxes/%d/shared-mailboxes.db zlib_save = gz zlib_save_level = 6 } postmaster_address = postmaster at domain.com protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } ssl = required ssl_cert = References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> <539819A7.4040305@merit.unu.edu> Message-ID: <1d1ed76dbccf939e11fb96edf1dc4814.squirrel@sbt.net.au> On Wed, June 11, 2014 6:56 pm, mourik jan heupink - merit wrote: >> http://blog.frankleonhardt.com/2012/certificate-errors-on-internet-expl >> orer-9-and-how-to-stop-them/ >> >> >> >> I didn't mention it in the post, but IIRC this did work for making >> some versions Outlook (and other Microsoft Mail things) happy at the same >> time. > > But do the above steps work for folks here..? I've tried them (IE 11, > win7, outlook 2013) but outlook keeps asking about (self signed) imaps > certificates. eezy, peezy, thanks!! the secret ingridient was 'run as the wind', oops, 'run as admin' invoked IE as admin, called https:/webmail, accept, bingo Outlook no longer asking, done thanks, Frank, thanks, guys'n'galls From h.reindl at thelounge.net Tue Jun 24 13:35:32 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 24 Jun 2014 15:35:32 +0200 Subject: ot: accepting self certs into win pc? In-Reply-To: <1d1ed76dbccf939e11fb96edf1dc4814.squirrel@sbt.net.au> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> <539819A7.4040305@merit.unu.edu> <1d1ed76dbccf939e11fb96edf1dc4814.squirrel@sbt.net.au> Message-ID: <53A97EA4.4020706@thelounge.net> Am 24.06.2014 15:29, schrieb voytek at sbt.net.au: > On Wed, June 11, 2014 6:56 pm, mourik jan heupink - merit wrote: > >>> http://blog.frankleonhardt.com/2012/certificate-errors-on-internet-expl >>> orer-9-and-how-to-stop-them/ >>> >>> >>> >>> I didn't mention it in the post, but IIRC this did work for making >>> some versions Outlook (and other Microsoft Mail things) happy at the same >>> time. >> >> But do the above steps work for folks here..? I've tried them (IE 11, >> win7, outlook 2013) but outlook keeps asking about (self signed) imaps >> certificates. > > > eezy, peezy, thanks!! > > the secret ingridient was 'run as the wind', oops, 'run as admin' > > invoked IE as admin, called https:/webmail, accept, > bingo Outlook no longer asking, done > > thanks, Frank, thanks, guys'n'galls the point is not run it as admin the point is run https://samehostname-as-imap from MSIE Outlook and MSIE share the same trust store Outlook is too dumb to import a certificate in recent versions MSIE allows to do so -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From patrick at spamreducer.eu Tue Jun 24 15:03:09 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Tue, 24 Jun 2014 17:03:09 +0200 Subject: AW: ot: accepting self certs into win pc? In-Reply-To: <1d1ed76dbccf939e11fb96edf1dc4814.squirrel@sbt.net.au> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> <539819A7.4040305@merit.unu.edu> <1d1ed76dbccf939e11fb96edf1dc4814.squirrel@sbt.net.au> Message-ID: <003701cf8fbd$693b7950$3bb26bf0$@spamreducer.eu> Don't use self signed certs! - Buy some, or use free services! Your reputation will grow! Cheers! > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von > voytek at sbt.net.au > Gesendet: Dienstag, 24. Juni 2014 15:29 > An: dovecot at dovecot.org > Betreff: Re: ot: accepting self certs into win pc? > > On Wed, June 11, 2014 6:56 pm, mourik jan heupink - merit wrote: > > >> http://blog.frankleonhardt.com/2012/certificate-errors-on-internet-expl > >> orer-9-and-how-to-stop-them/ > >> > >> > >> > >> I didn't mention it in the post, but IIRC this did work for making > >> some versions Outlook (and other Microsoft Mail things) happy at the > same > >> time. > > > > But do the above steps work for folks here..? I've tried them (IE 11, > > win7, outlook 2013) but outlook keeps asking about (self signed) imaps > > certificates. > > > eezy, peezy, thanks!! > > the secret ingridient was 'run as the wind', oops, 'run as admin' > > invoked IE as admin, called https:/webmail, accept, > bingo Outlook no longer asking, done > > thanks, Frank, thanks, guys'n'galls -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6281 bytes Desc: not available URL: From mucawhite at gmail.com Tue Jun 24 15:04:33 2014 From: mucawhite at gmail.com (Muriel) Date: Tue, 24 Jun 2014 17:04:33 +0200 Subject: Dsync replication one-way Message-ID: <53A99381.6040504@gmail.com> Hi all, I know that I can do a backup using doveadm: doveadm backup -u user ssh backup.server doveadm dsync-server -u user But it's possible to use replicator service to do the same job? Or dsync with replicator can only be used in a two-way environment? Thanks, Muriel From h.reindl at thelounge.net Tue Jun 24 15:07:59 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 24 Jun 2014 17:07:59 +0200 Subject: ot: accepting self certs into win pc? In-Reply-To: <003701cf8fbd$693b7950$3bb26bf0$@spamreducer.eu> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> <539819A7.4040305@merit.unu.edu> <1d1ed76dbccf939e11fb96edf1dc4814.squirrel@sbt.net.au> <003701cf8fbd$693b7950$3bb26bf0$@spamreducer.eu> Message-ID: <53A9944F.8080001@thelounge.net> Am 24.06.2014 17:03, schrieb Patrick De Zordo: > Don't use self signed certs! - Buy some, or use free services! Your reputation will grow! pfff you know what testing and private systems are? in both cases there is no reputation that will grow and if it comes to the trustable question - depending on the userbase self signed ones may be more trustable than a unconditional trusted CA somewhere from turkey..... sadly only if you remove all the corrupt CA's out of your clients so until you asked for what usecase the certificate are your "buy some" is nonsense >> -----Urspr?ngliche Nachricht----- >> Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von >> voytek at sbt.net.au >> Gesendet: Dienstag, 24. Juni 2014 15:29 >> An: dovecot at dovecot.org >> Betreff: Re: ot: accepting self certs into win pc? >> >> On Wed, June 11, 2014 6:56 pm, mourik jan heupink - merit wrote: >> >>>> http://blog.frankleonhardt.com/2012/certificate-errors-on-internet-expl >>>> orer-9-and-how-to-stop-them/ >>>> >>>> I didn't mention it in the post, but IIRC this did work for making >>>> some versions Outlook (and other Microsoft Mail things) happy at the >> same >>>> time. >>> >>> But do the above steps work for folks here..? I've tried them (IE 11, >>> win7, outlook 2013) but outlook keeps asking about (self signed) imaps >>> certificates. >> >> >> eezy, peezy, thanks!! >> >> the secret ingridient was 'run as the wind', oops, 'run as admin' >> >> invoked IE as admin, called https:/webmail, accept, >> bingo Outlook no longer asking, done >> >> thanks, Frank, thanks, guys'n'galls -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From skraw at ithnet.com Tue Jun 24 15:15:21 2014 From: skraw at ithnet.com (Stephan von Krawczynski) Date: Tue, 24 Jun 2014 17:15:21 +0200 Subject: AW: ot: accepting self certs into win pc? In-Reply-To: <003701cf8fbd$693b7950$3bb26bf0$@spamreducer.eu> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> <539819A7.4040305@merit.unu.edu> <1d1ed76dbccf939e11fb96edf1dc4814.squirrel@sbt.net.au> <003701cf8fbd$693b7950$3bb26bf0$@spamreducer.eu> Message-ID: <20140624171521.ccf1b22b.skraw@ithnet.com> On Tue, 24 Jun 2014 17:03:09 +0200 Patrick De Zordo wrote: > Don't use self signed certs! - Buy some, or use free services! Your reputation will grow! I am sorry, but someone _has_ to say it: if anyone really thinks that a south african or US entity selling certs is the way to "grow your reputation" this alone should tell you that the whole thing is nothing but a bogus _business_. It has zero to do with security or the like. It is a _business_ and it should be obvious that you will only be lied by the corresponding entity if something bad happened (probably for years). Look at the diginotar story and _learn_. The only way to make certs worth using again is to create a way every client can verify a self-signed certificate by some kind of dns pointer inside the questionable domain and/or the certificate. You cannot prove the correctness of a third party entity, and that's why there is no reputation at all. > Cheers! Yes, have a beer... -- Regards, Stephan From patrick at spamreducer.eu Tue Jun 24 15:20:50 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Tue, 24 Jun 2014 17:20:50 +0200 Subject: AW: ot: accepting self certs into win pc? In-Reply-To: <53A9944F.8080001@thelounge.net> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> <539819A7.4040305@merit.unu.edu> <1d1ed76dbccf939e11fb96edf1dc4814.squirrel@sbt.net.au> <003701cf8fbd$693b7950$3bb26bf0$@spamreducer.eu> <53A9944F.8080001@thelounge.net> Message-ID: <005901cf8fbf$e1f5edb0$a5e1c910$@spamreducer.eu> Well, I'm reading what I see - and there is no testing system mentioned as far as I can see? Probably in an old post, some time ago? If it is a test environment you could do what you want, that's true; but if you are just testing it would not be that big problem suppressing the certificate validity error. Nothing else to amend from my side. > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von Reindl > Harald > Gesendet: Dienstag, 24. Juni 2014 17:08 > An: dovecot at dovecot.org > Betreff: Re: ot: accepting self certs into win pc? > > > > Am 24.06.2014 17:03, schrieb Patrick De Zordo: > > Don't use self signed certs! - Buy some, or use free services! Your > reputation will grow! > > pfff you know what testing and private systems are? > > in both cases there is no reputation that will grow and if it comes to the > trustable question - depending on the userbase self signed ones may be > more trustable than a unconditional trusted CA somewhere from turkey..... > sadly only if you remove all the corrupt CA's out of your clients > > so until you asked for what usecase the certificate are your "buy some" is > nonsense > > >> -----Urspr?ngliche Nachricht----- > >> Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von > >> voytek at sbt.net.au > >> Gesendet: Dienstag, 24. Juni 2014 15:29 > >> An: dovecot at dovecot.org > >> Betreff: Re: ot: accepting self certs into win pc? > >> > >> On Wed, June 11, 2014 6:56 pm, mourik jan heupink - merit wrote: > >> > >>>> http://blog.frankleonhardt.com/2012/certificate-errors-on-internet- > >>>> expl > >>>> orer-9-and-how-to-stop-them/ > >>>> > >>>> I didn't mention it in the post, but IIRC this did work for making > >>>> some versions Outlook (and other Microsoft Mail things) happy at > >>>> the > >> same > >>>> time. > >>> > >>> But do the above steps work for folks here..? I've tried them (IE > >>> 11, win7, outlook 2013) but outlook keeps asking about (self signed) > >>> imaps certificates. > >> > >> > >> eezy, peezy, thanks!! > >> > >> the secret ingridient was 'run as the wind', oops, 'run as admin' > >> > >> invoked IE as admin, called https:/webmail, accept, bingo Outlook no > >> longer asking, done > >> > >> thanks, Frank, thanks, guys'n'galls -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6281 bytes Desc: not available URL: From patrick at spamreducer.eu Tue Jun 24 15:25:30 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Tue, 24 Jun 2014 17:25:30 +0200 Subject: AW: AW: ot: accepting self certs into win pc? In-Reply-To: <20140624171521.ccf1b22b.skraw@ithnet.com> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> <539819A7.4040305@merit.unu.edu> <1d1ed76dbccf939e11fb96edf1dc4814.squirrel@sbt.net.au> <003701cf8fbd$693b7950$3bb26bf0$@spamreducer.eu> <20140624171521.ccf1b22b.skraw@ithnet.com> Message-ID: <006e01cf8fc0$88ab3c50$9a01b4f0$@spamreducer.eu> > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von > Stephan von Krawczynski > Gesendet: Dienstag, 24. Juni 2014 17:15 > An: Patrick De Zordo > Cc: 'Dovecot Mailing List' > Betreff: Re: AW: ot: accepting self certs into win pc? > > On Tue, 24 Jun 2014 17:03:09 +0200 > Patrick De Zordo wrote: > > > Don't use self signed certs! - Buy some, or use free services! Your > reputation will grow! > > I am sorry, but someone _has_ to say it: if anyone really thinks that a south > african or US entity selling certs is the way to "grow your reputation" this > alone should tell you that the whole thing is nothing but a bogus _business_. > It has zero to do with security or the like. It is a _business_ and it should be > obvious that you will only be lied by the corresponding entity if something > bad happened (probably for years). Look at the diginotar story and _learn_. > [De Zordo Patrick] Basically true if using some "strange" certs providers. The cert providers proven by big software companies should be the safe way. > The only way to make certs worth using again is to create a way every client > can verify a self-signed certificate by some kind of dns pointer inside the > questionable domain and/or the certificate. > > You cannot prove the correctness of a third party entity, and that's why there > is no reputation at all. > [De Zordo Patrick] ?? > > Cheers! > > Yes, have a beer... > [De Zordo Patrick] I will, I will.. > -- > Regards, > Stephan -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6281 bytes Desc: not available URL: From h.reindl at thelounge.net Tue Jun 24 16:10:58 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 24 Jun 2014 18:10:58 +0200 Subject: ot: accepting self certs into win pc? In-Reply-To: <006e01cf8fc0$88ab3c50$9a01b4f0$@spamreducer.eu> References: <963bc6bd846c9c0b4e3061e338479cf4.squirrel@emu.sbt.net.au> <53965AFF.9050806@fjl.co.uk> <539819A7.4040305@merit.unu.edu> <1d1ed76dbccf939e11fb96edf1dc4814.squirrel@sbt.net.au> <003701cf8fbd$693b7950$3bb26bf0$@spamreducer.eu> <20140624171521.ccf1b22b.skraw@ithnet.com> <006e01cf8fc0$88ab3c50$9a01b4f0$@spamreducer.eu> Message-ID: <53A9A312.9010903@thelounge.net> Am 24.06.2014 17:25, schrieb Patrick De Zordo: >> -----Urspr?ngliche Nachricht----- >> Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von >> Stephan von Krawczynski >> Gesendet: Dienstag, 24. Juni 2014 17:15 >> An: Patrick De Zordo >> Cc: 'Dovecot Mailing List' >> Betreff: Re: AW: ot: accepting self certs into win pc? >> >> On Tue, 24 Jun 2014 17:03:09 +0200 >> Patrick De Zordo wrote: >> >>> Don't use self signed certs! - Buy some, or use free services! Your >> reputation will grow! >> >> I am sorry, but someone _has_ to say it: if anyone really thinks that a south >> african or US entity selling certs is the way to "grow your reputation" this >> alone should tell you that the whole thing is nothing but a bogus _business_. >> It has zero to do with security or the like. It is a _business_ and it should be >> obvious that you will only be lied by the corresponding entity if something >> bad happened (probably for years). Look at the diginotar story and _learn_. >> > [De Zordo Patrick] > Basically true if using some "strange" certs providers. The cert providers proven > by big software companies should be the safe way please stop to prove that you have no clue how certs are working it does not matter who signed *your* cert the problem is that any client trust *thousands* of CA's *any* of them can sign to anybody a cert preteding he is you you can't do anything against that if someone gets a certificate for yourdomain.tld and manages the client to connect to his server instead yours you have no way to take notice, the user have no way to notice and the game is over -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From franz at qnipp.com Wed Jun 25 07:11:58 2014 From: franz at qnipp.com (Franz Knipp) Date: Wed, 25 Jun 2014 09:11:58 +0200 Subject: IMAP sessions quit when calling MYRIGHTS on shared namespace Message-ID: <53AA763E.3070305@qnipp.com> Hi, the IMAP connection is dropped, when I call MYRIGHTS on the root of my shared folders. Using the configuration below, the shared folders are located in shared/%%U/ # telnet localhost imap Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. . LOGIN XXXXXXX xxxx . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE QUOTA ACL RIGHTS=texk] Logged in . MYRIGHTS shared Connection closed by foreign host. I'd expect some kind of error message instead of dropping the connection. Kind regards, Franz # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.18.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_master_user_separator = * auth_verbose = yes debug_log_path = /var/log/dovecot_debug.log default_client_limit = 3500 disable_plaintext_auth = no import_environment = TZ DOVECOT_HOSTNAME lmtp_rcpt_check_quota = yes mail_gid = vmail mail_location = mdbox:~/mail mail_plugins = acl quota zlib mail_log notify mail_uid = vmail managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body environment mailbox date ihave duplicate vacation-seconds imapflags notify mbox_write_locks = fcntl namespace { list = children location = mdbox:%%h/mail prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { hidden = yes list = no location = pop3c: prefix = POP3-MIGRATION-NS/ } namespace inbox { inbox = yes location = mailbox Drafts { auto = no special_use = \Drafts } mailbox Sent { auto = no special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = no special_use = \Trash } prefix = INBOX/ separator = / subscriptions = yes } namespace parent { hidden = yes list = no location = prefix = separator = / subscriptions = yes } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile acl_shared_dict = file:/var/spool/imap/dovecot-shared-mailboxes mail_log_events = delete undelete expunge copy save mailbox_create mailbox_delete mailbox_rename pop3_migration_mailbox = POP3-MIGRATION-NS/INBOX quota = dict:user::file:%h/mail/dovecot-quota quota_exceeded_message = Empfaenger Postfach ist voll (Mailbox Quota Exceeded) quota_grace = 50M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/sieve/active sieve_before = /etc/dovecot/sieve_before/movespamfolder.sieve sieve_dir = ~/sieve sieve_extensions = +notify -enotify +imapflags +vacation-seconds sieve_max_actions = 1000 sieve_max_redirects = 1000 sieve_vacation_max_period = 0 sieve_vacation_min_period = 0 zlib_save = gz zlib_save_level = 6 } pop3_no_flag_updates = yes pop3_uidl_format = %v.%u pop3c_host = pop3.example.com pop3c_master_user = master pop3c_password = secret protocols = imap pop3 lmtp sieve service anvil { unix_listener anvil-auth-penalty { mode = 00 } } service auth { unix_listener auth-userdb { mode = 0777 } } service imap-login { process_limit = 3000 process_min_avail = 16 service_count = 0 } service imap { process_limit = 10240 } service lmtp { inet_listener lmtp { port = 26 } } service managesieve-login { inet_listener sieve_deprecated { port = 2000 } } service pop3-login { service_count = 0 } service pop3 { process_limit = 10240 } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } } ssl_cert = References: <53AA763E.3070305@qnipp.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 25 Jun 2014, Franz Knipp wrote: > > the IMAP connection is dropped, when I call MYRIGHTS on the root of my > shared folders. > > Using the configuration below, the shared folders are located in shared/%%U/ > > # telnet localhost imap > Trying ::1... > Connected to localhost. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE STARTTLS AUTH=PLAIN] Dovecot ready. > . LOGIN XXXXXXX xxxx > . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS > THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN > NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH > ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY > MOVE QUOTA ACL RIGHTS=texk] Logged in > . MYRIGHTS shared > Connection closed by foreign host. > > I'd expect some kind of error message instead of dropping the connection. Did you've looked in your server log? You most likely got an abort or something like that. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU6p4l3z1H7kL/d9rAQIjWggAhrG+WjBhofpruWi+G9zVBjnjm18TiSvS l/Cfz6vfapk502QCvjgiQ0+OT3FUEqZvwUpu9FGlW537u+WCkJG8fmCpwrgSg7A+ jzW0Vhhszz6P7OCThEtSBypys3QFd71nuK7w20qtNEnKihErDqFiLwKd+HwzIObn vgx4F4kFnaclHZeq/i5HksmCNKVTFMqiQ9BbI4GL+EoYPBuTXkWxHofl/ukemlFw Uk9KdEqYDimfV3FWFHWF9jNEd4PypwVxWEJFeIoR2Ir1f0Tflpd5UqIvA7xqOjXg EbVRq2xT+FoNis9XeVeXEQRj0UlfTl45Z2o6Sa+PIsL+Fp4ig6iLRg== =xc2E -----END PGP SIGNATURE----- From franz at qnipp.com Wed Jun 25 09:22:45 2014 From: franz at qnipp.com (Franz Knipp) Date: Wed, 25 Jun 2014 11:22:45 +0200 Subject: IMAP sessions quit when calling MYRIGHTS on shared namespace In-Reply-To: References: <53AA763E.3070305@qnipp.com> Message-ID: <53AA94E5.90402@qnipp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 2014-06-25 09:21, schrieb Steffen Kaiser: >> the IMAP connection is dropped, when I call MYRIGHTS on the root >> of my shared folders. > Did you've looked in your server log? You most likely got an abort > or something like that. You're right. So I enabled core dumps, this is the backtrace: #0 0x00007f6857da81c2 in acl_mailbox_get_aclobj (box=) at acl-mailbox.c:29 #1 0x00007f6857b97f33 in cmd_myrights (cmd=0x13ca1f0) at imap-acl-plugin.c:331 #2 0x000000000041709d in command_exec (cmd=0x13ca1f0) at imap-commands.c:158 #3 0x0000000000416150 in client_command_input (cmd=0x13ca1f0) at imap-client.c:778 #4 0x000000000041624a in client_command_input (cmd=0x13ca1f0) at imap-client.c:839 #5 0x00000000004164bd in client_handle_next_command (client=0x13c97d0) at imap-client.c:877 #6 client_handle_input (client=0x13c97d0) at imap-client.c:889 #7 0x000000000041682f in client_input (client=0x13c97d0) at imap-client.c:931 #8 0x00007f68589e62ee in io_loop_call_io (io=0x13ca100) at ioloop.c:441 #9 0x00007f68589e7497 in io_loop_handler_run_internal (ioloop=) at ioloop-epoll.c:220 #10 0x00007f68589e6379 in io_loop_handler_run (ioloop=0x13a4730) at ioloop.c:488 #11 0x00007f68589e63f8 in io_loop_run (ioloop=0x13a4730) at ioloop.c:465 #12 0x00007f68589935d3 in master_service_run (service=0x13a45c0, callback=) at master-service.c:566 #13 0x0000000000420088 in main (argc=1, argv=0x13a4390) at main.c:400 Hope this helps. - -- Franz Knipp, +43 664 3980169 qnipp GmbH, Hauptstra?e 54, 7064 Oslip, ?sterreich http://qnipp.com http://qnipp.com/qnipp.vcf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlOqlN8ACgkQGRK+JW9GubbFiQCeMG711IR+4RayIpWq3KTpLCgk W7EAoIu1hcYA5TG9I/y3VvYqOQHQX1TH =jq3j -----END PGP SIGNATURE----- From mtrainer at westnet.com.au Wed Jun 25 09:57:21 2014 From: mtrainer at westnet.com.au (Murray Trainer) Date: Wed, 25 Jun 2014 17:57:21 +0800 Subject: Remove all messages in a mailbox Message-ID: <22119826633000b17bea827a9a6d6113c79c9432@webmail.westnet.com.au> Hi All, I am having trouble removing all messages in a mailbox.?? The command below doesn't remove all the messages: doveadm expunge -u user at domain mailbox? '*' all Do I need to add .* or other? THanks Murray From stano at websupport.sk Wed Jun 25 10:11:31 2014 From: stano at websupport.sk (Pavel Stano) Date: Wed, 25 Jun 2014 12:11:31 +0200 Subject: Remove all messages in a mailbox In-Reply-To: <22119826633000b17bea827a9a6d6113c79c9432@webmail.westnet.com.au> References: <22119826633000b17bea827a9a6d6113c79c9432@webmail.westnet.com.au> Message-ID: <20140625121131.4db9f987@ass> Hi, we use namespace with prefix = INBOX. When we need to remove all messages in mailbox we need to run this commands: doveadm expunge -u user at domain mailbox INBOX ALL doveadm expunge -u user at domain mailbox INBOX.* ALL The first remove mailboxes in inbox and the second in other subfolders. And in case you use dbox format: doveadm purge -u user at domain On Wed, 25 Jun 2014 17:57:21 +0800 "Murray Trainer" wrote: > Hi All, > > I am having trouble removing all messages in a mailbox.?? The > command below doesn't remove all the messages: > > doveadm expunge -u user at domain mailbox? '*' all > > Do I need to add .* or other? > > THanks > > Murray > -- [ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ] Pavel Stano | Troubleshooter http://WebSupport.sk *** BERTE A VYCHUTNAVAJTE *** -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From matthijs at stdin.nl Wed Jun 25 12:53:47 2014 From: matthijs at stdin.nl (Matthijs Kooijman) Date: Wed, 25 Jun 2014 14:53:47 +0200 Subject: sievec drops privileges unexpectedly Message-ID: <20140625125346.GV1353@login.tika.stderr.nl> (Please keep me CC'd, I'm not subscribed) Hi folks, I'm using dovecot 2.1.7 (from Debian stable) with sieve. I have default sieve script configured, which lives in /etc/dovecot/sieve. I use dovecot-lda running under the virtual-mail user, which does not have write access to the /etc/dovecot/sieve directory. Now, when a mail gets delivered, I get the following message in my logs. Jun 25 14:29:43 mail dovecot: lda(2001): Error: sieve: binary save: failed to create temporary file: open(/etc/dovecot/sieve/default.svbin.mail.local.18902.) failed: Permission denied (euid=2009(virtual-mail) egid=2009(virtual-mail) missing +w perm: /etc/dovecot/sieve, dir owned by 0:0 mode=0755) Jun 25 14:29:43 mail dovecot: lda(2001): Error: sieve: the lda sieve plugin does not have permission to save global sieve script binaries; global sieve scripts like /etc/dovecot/sieve/default need to be pre-compiled using the sievec tool Due to the lack of permissions, this is of course expected. However, when I then try to precompile the script using sievec, that also fails: # sievec /etc/dovecot/sieve/default sievec(root): Error: sieve: binary save: failed to create temporary file: open(/etc/dovecot/sieve/default.svbin.mail.local.18952.) failed: Permission denied (euid=2009(virtual-mail) egid=2009(virtual-mail) missing +w perm: /etc/dovecot/sieve, dir owned by 0:0 mode=0755) So, apparently sievec drops privileges to the virtual-mail user. Why does this happen? It seems kind of counter-productive - I don't see a way to properly run sievec as root now? How is this supposed to work? Now I wrote this, I realized that it might be related that I have specified mail_uid and mail_gid globally in my dovecot.conf file. Perhaps those are intended to only be put inside the protocol imap and protocol lda blocks? This would mean duplicating of this bit of configuration, which doesn't really sound nice. Gr. Matthijs PS, here's my dovecot -n output: # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.10-1-amd64 x86_64 Debian 7.5 log_timestamp = "%Y-%m-%d %H:%M:%S " mail_access_groups = spamd-access mail_debug = yes mail_gid = virtual-mail mail_location = Maildir:~/Folders:INBOX=~/INBOX:LAYOUT=fs mail_uid = virtual-mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin { antispam_backend = pipe antispam_pipe_program = /usr/bin/spamc antispam_pipe_program_args = --socket=/var/run/spamd.socket antispam_pipe_program_notspam_arg = --learntype=ham antispam_pipe_program_spam_arg = --learntype=spam antispam_spam = Spam antispam_trash_pattern_ignorecase = trash;Deleted *;Prullenbak;Verwijderde * sieve = ~/sieve sieve_dir = ~/sieve.d sieve_global_path = /etc/dovecot/sieve/default } protocols = imap sieve service auth { unix_listener auth-client { group = Debian-exim mode = 0600 user = Debian-exim } unix_listener auth-master { group = virtual-mail mode = 0600 user = virtual-mail } user = nobody } ssl_cert = From stephan at rename-it.nl Wed Jun 25 13:08:47 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 25 Jun 2014 15:08:47 +0200 Subject: sievec drops privileges unexpectedly In-Reply-To: <20140625125346.GV1353@login.tika.stderr.nl> References: <20140625125346.GV1353@login.tika.stderr.nl> Message-ID: <53AAC9DF.2040903@rename-it.nl> Hi Matthijs, Matthijs Kooijman schreef op 25-6-2014 14:53: > Now I wrote this, I realized that it might be related that I have > specified mail_uid and mail_gid globally in my dovecot.conf file. > Perhaps those are intended to only be put inside the protocol imap and > protocol lda blocks? This would mean duplicating of this bit of > configuration, which doesn't really sound nice. > > PS, here's my dovecot -n output: > > # 2.1.7: /etc/dovecot/dovecot.conf This is a very old and obsolete version. This problem was fixed almost two years ago: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/cfe8e9f49dfe This was released in Pigeonhole v0.3.2 for Dovecot v2.1.9. Regards, Stephan. From matthijs at stdin.nl Wed Jun 25 13:27:51 2014 From: matthijs at stdin.nl (Matthijs Kooijman) Date: Wed, 25 Jun 2014 15:27:51 +0200 Subject: sievec drops privileges unexpectedly In-Reply-To: <53AAC9DF.2040903@rename-it.nl> References: <20140625125346.GV1353@login.tika.stderr.nl> <53AAC9DF.2040903@rename-it.nl> Message-ID: <20140625132751.GW1353@login.tika.stderr.nl> Hey Stephan, > ># 2.1.7: /etc/dovecot/dovecot.conf > > This is a very old and obsolete version. This problem was fixed > almost two years ago: Ah, cool. This is what Debian/stable ships, so I'll probably stick to this version for a while. Good to hear it's already fixed, then I'll just work around the issue for now :-) Thanks, Matthijs -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From leolistas at solutti.com.br Wed Jun 25 15:45:17 2014 From: leolistas at solutti.com.br (Leonardo Rodrigues) Date: Wed, 25 Jun 2014 12:45:17 -0300 Subject: question on lmtp logged message Message-ID: <53AAEE8D.9050604@solutti.com.br> Hi, I have dovecot running for IMAP4/POP3 and also local delivery through LMTP. It's working just fine, absolutely no problem on that, setup is fine. Anyway, sometimes LMTP seems to not be able to deliver some messages and keep them on postfixqueue. And on the next or third try, the message gets delivered successfully. The logged message, however, is not helping me identify what is happening.Example: (error - message was expunged) Jun 25 11:49:39 correio postfix/lmtp[21835]: ADB0A1AC05108: to=, relay=correio.domain.com.br[private/dovecot-lmtp], conn_use=6, delay=13, delays=0.07/0/0/13, dsn=4.2.0, status=deferred (host correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 Message was expunged (received-date) (in reply to end of DATA command)) (successfull delivery) Jun 25 12:34:42 correio postfix/lmtp[6411]: ADB0A1AC05108: to=, relay=correio.domain.com.br[private/dovecot-lmtp], delay=2716, delays=2714/0/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 U7pOLAHsqlPvMgAAHvf8vg Saved) During these two log entries, absolutely nothing was changed, no configuration, absolutely nothing. Everything is local, i mean, no NFS involved. So, finally, question is: what does the 'message was expunged' message given from LMTP means ??? This is happening quite often but, as i mentionted, sooner or later all messages are getting delivered. It's working despite the delay this is causing. [root at correio log]# dovecot --version 2.2.13 -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, N?O mandem email gertrudes at solutti.com.br My SPAMTRAP, do not email it From deano-dovecot at areyes.com Wed Jun 25 16:25:25 2014 From: deano-dovecot at areyes.com (deano-dovecot at areyes.com) Date: Wed, 25 Jun 2014 12:25:25 -0400 Subject: Managing users and home dirs In-Reply-To: <426fb533bc5564b3a7fe8cdb3a0959d7@areyes.com> References: <426fb533bc5564b3a7fe8cdb3a0959d7@areyes.com> Message-ID: <9b87498615c98cc7c1a388197be2bdd9@areyes.com> Just a quick update on the below ... The 3-node setup is working cleanly now. One master/backup DB node, two dovecot nodes, using Percona Xtradb Cluster 5.5. All replication (percona and dovecot dsync) is via ipsec tunnels. Adding a user or new domain is a matter of creating a /var/mail/newusers.txt file, containing the list of users to be added. john,doe.com,password,John Doe user A cronjob on both dovecot nodes scans the user database and the /var/mail dirs. For any new users in the file it adds them to the DB and creates their userdir/Maildir. Any new user in the DB without a userdir, it creates their userdir/Maildir. So it's a max of 5 minutes for a new user to be available on node1, and another 5 minutes to be replicated to node2. Once the users are created, the newusers.txt file is deleted. It would be nice to use a database trigger to create the userdir/Maildir immediately rather than the cronjob, but I haven't got that figured out yet. I found the lib_mysqludf_sys UDF library, but it doesn't seem to be working. Some issue with the db replication I think. Any ideas for creating a directory from a mysql trigger ? On 2014-06-21 11:12, deano-dovecot at areyes.com wrote: > For those of you using virtual users, and SQL, how are you managing > your users and their home dirs ? That is, what process do you use for > adding/deleting users, creating their home dirs etc ? I suppose it's > easy enough to do manually, inserting rows in the database, creating > dirs, chown/chmod yada yada, but there must be a better way to do it ... > If you're doing dovecot replication then it gets even more cumbersome, > having to duplicate the effort in two places (and make sure it's > correct). > > I have a nice test setup using Percona XtraDB Clustering in > a 3-node cluster which works swimmingly, albeit in VMs only at the > moment. A master DB node and two dovecot nodes. Dovecot replication is > up and running nicely too, and I almost have all the communications > going over ipsec tunnels, so it will be nice and secure. > > D. From jogi at mur.at Wed Jun 25 17:16:57 2014 From: jogi at mur.at (=?UTF-8?B?Sm9naSBIb2Ztw7xsbGVy?=) Date: Wed, 25 Jun 2014 19:16:57 +0200 Subject: imap/pop3/lmtp proxy question/problem Message-ID: <53AB0409.2030501@mur.at> Dear list, We are finally back to our task of migrating from cyrus to dovecot. dovecot mostly does what we want in terms of POP3/IMAP server. Now we are preparing for migration. The plan is to use dovecot as proxy for not-yet migrated accounts. This works wonderfully for IMAP but not for LMTP. Here's what I find in the logs when I try to deliver e-mail to the dovecot lmtp port: Jun 25 19:03:06 klee dovecot: lmtp(5037): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= Jun 25 19:03:06 klee dovecot: lmtp(5037): Connect from IP-address Jun 25 19:03:06 klee dovecot: lmtp(5037): Debug: user USER: Auth PASS lookup returned temporary failure: reason=Configured passdbs don't support crentials lookups Jun 25 19:03:06 klee dovecot: lmtp(5037): Debug: auth input: reason=Configured passdbs don't support crentials lookups Delivery works fine without proxy (lmtp_proxy = no). What I would need to do is to configure the proxy part so that POP3/IMAP uses the accounts username/password and LMTP uses a special account to deliver e-mail. This is dovecot-ldap.auth (the =proxy=y will be replaced by a field from ldap once the tests work): uris = ldaps://our.ldap.server/ tls = no auth_bind = yes base = dc=mur,dc=at deref = never scope = subtree user_attrs = =home=/srv/vmail/mail/%Lu,=uid=999,=gid=999 user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password,=proxy=y,=host=our.imap.server,=starttls=yes iterate_attrs = uid=user iterate_filter = (objectClass=posixAccount) dovecot -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.14-1-amd64 x86_64 Debian jessie/sid auth_verbose = yes disable_plaintext_auth = no lmtp_proxy = yes login_greeting = Dovecot is spitze! mail_debug = yes mail_location = maildir:/srv/vmail/mail/%u mail_plugins = acl namespace { hidden = no inbox = no list = children location = maildir:/srv/vmail/mail/%%u:INDEX=/srv/vmail/mail/%u/shared/%%u prefix = shared.%%u. separator = . subscriptions = yes type = shared } namespace inbox { hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = INBOX. separator = . subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap lmtp pop3" service auth { unix_listener auth-userdb { group = vmail user = vmail } } service lmtp { inet_listener lmtp { address = 172.16.16.78 port = 24 } user = vmail } ssl_cert = From skdovecot at smail.inf.fh-brs.de Thu Jun 26 06:32:03 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 26 Jun 2014 08:32:03 +0200 (CEST) Subject: question on lmtp logged message In-Reply-To: <53AAEE8D.9050604@solutti.com.br> References: <53AAEE8D.9050604@solutti.com.br> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 25 Jun 2014, Leonardo Rodrigues wrote: > Anyway, sometimes LMTP seems to not be able to deliver some messages and > keep them on postfixqueue. And on the next or third try, the message gets > delivered successfully. The logged message, however, is not helping me > identify what is happening.Example: > > (error - message was expunged) > Jun 25 11:49:39 correio postfix/lmtp[21835]: ADB0A1AC05108: > to=, > relay=correio.domain.com.br[private/dovecot-lmtp], conn_use=6, delay=13, > delays=0.07/0/0/13, dsn=4.2.0, status=deferred (host > correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 > Message was expunged (received-date) (in > reply to end of DATA command)) What does the Dovecot log says for the delivery attempt? How many recipients does the message has and, if so, what about the other recipients? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU6u+ZHz1H7kL/d9rAQKh9Af8DNlglX8tfG4MpApNOO/Xx5VUsrNX4lxe cXp8RXjY6pl+MGWctd3zMcjCBocXP0MXbe3P2tMRsw7/vINi8EBkcA4B70gWLiRB Fo3XW40FUbCmnckNsi7ctzmwnV+tzk6KxEl8sl0n5RCMQ8joSjcdGXJ1IKOpla+G jtCAEs9nag0vXG5/ckmbybA/u41hAwBqEBbOZxeAByn2wUICOY9dYljR78dKApSy 8rQsbh5SSihVdXZ9EXcqbSsK88MTkq8nnV6jCNaTSv9R2YKVB+ViFiYm/a7LXiqt XAOm7dEWAZ1IIrvfjdEMSzwwwbeOnCgRl5UXOj+rT/STYPfb4Mb2wQ== =Kxhj -----END PGP SIGNATURE----- From bind at enas.net Thu Jun 26 07:25:27 2014 From: bind at enas.net (Urban Loesch) Date: Thu, 26 Jun 2014 09:25:27 +0200 Subject: Another Crash in service imap with version 2.2.13 - Debian Wheezy Message-ID: <53ABCAE7.3020208@enas.net> Hi, yesterday I updated my second server from Debian Squeeze to Debian Wheezy. Since todaay I get the followinig errors in my logs: Error-Log: ... Jun 26 09:08:28 mailstore dovecot: imap(user at domain.net pid:28898 session:): Fatal: master: service(imap): child 28898 killed with signal 11 (core dumped) ... Mail-log ... Jun 26 09:08:28 mailstore dovecot: imap-login: ID sent: x-session-id=iuMX3Lf8fACXLrFC, x-originating-ip=CLIENT_IP, x-originating-port=52092, x-connected-ip=PROXY_IP, x-connected-port=143, x-proxy-ttl=4: user=<>, rip=CLIENT_IP, lip=PROXY_IP, secured, session= Jun 26 09:08:28 mailstore dovecot: imap-login: Login: user=, method=PLAIN, rip=CLIENT_IP, lip=PROXY_IP, mpid=28898, secured, session= Jun 26 09:08:28 mailstore dovecot: imap(user at domain.net pid:28898 session:): ID sent: name=iPhone Mail, version=11D201, os=iOS, os-version=7.1.1 (11D201) Jun 26 09:08:28 mailstore dovecot: imap(user at domain.net pid:28898 session:): Fatal: master: service(imap): child 28898 killed with signal 11 (core dumped) ... I made a backtrace: -----> start backtrace <----- [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `dovecot/imap'. Program terminated with signal 11, Segmentation fault. #0 0x0000000000000000 in ?? () (gdb) bt full #0 0x0000000000000000 in ?? () No symbol table info available. #1 0x00007fbf26650c44 in mailbox_save_cancel (_ctx=) at mail-storage.c:2116 ctx = 0xa95500 keywords = 0x0 mail = #2 0x00007fbf2665104f in mailbox_save_begin (ctx=ctx at entry=0x7fff64b53048, input=0xaaaea0) at mail-storage.c:2041 box = 0xa6f800 ret = #3 0x00007fbf26648bb6 in mail_storage_try_copy (mail=0xa90d20, _ctx=0x7fff64b53048) at mail-copy.c:76 ctx = 0xa95500 pmail = 0xa90d20 input = 0xaaaea0 #4 mail_storage_copy (ctx=0x0, mail=0xa90d20) at mail-copy.c:101 No locals. #5 0x00007fbf24f12679 in notify_copy (ctx=0xa95500, mail=0xa90d20) at notify-storage.c:107 lt = 0xa8bdd0 lbox = 0xa70870 ret = #6 0x00007fbf2573d06b in acl_copy (ctx=0xa95500, mail=0xa90d20) at acl-mailbox.c:435 t = abox = 0xa6fe48 #7 0x00007fbf26650e8d in mailbox_copy (_ctx=_ctx at entry=0x7fff64b53190, mail=0xa90d20) at mail-storage.c:2152 ctx = 0xa95500 t = 0xa8de20 keywords = 0x0 pvt_flags = 0 backend_mail = 0xa90d20 ret = __FUNCTION__ = "mailbox_copy" #8 0x000000000040dd34 in fetch_and_copy (copy_count_r=, src_uidset_r=, search_args=, src_trans_r=0x7fff64b53168, t=0xa8de20, move=false, client=0xa00f40) at cmd-copy.c:70 search_ctx = 0xa90a80 src_trans = 0xa8f3f0 srcset_ctx = {str = 0x9d4318, first_uid = 0, last_uid = 4294967295} ret = 1 save_ctx = 0x0 mail = 0xa90d20 copy_count = 1 src_uidset = 0x9d4318 #9 cmd_copy_full (cmd=0xa01a50, move=false) at cmd-copy.c:123 client = 0xa00f40 dest_storage = destbox = 0xa6f800 t = 0xa8de20 src_trans = search_args = 0xa6e7f0 messageset = 0xa04410 "1309,1310" mailbox = 0xa04420 "[rolmail]/Unseen" src_uidset = sync_flags = 0 imap_flags = 0 changes = {pool = 0x7fff64b53290, uid_validity = 1689596352, saved_uids = {arr = {buffer = 0x9dd0f0, element_size = 10492496}, v = 0x9dd0f0, v_modifiable = 0x9dd0f0}, ignored_modseq_changes = 10492496, changed = false, no_read_perm = false} copy_count = msg = ret = __FUNCTION__ = "cmd_copy_full" #10 0x000000000041841c in command_exec (cmd=cmd at entry=0xa01a50) at imap-commands.c:158 hook = 0x9dd100 ret = #11 0x0000000000417480 in client_command_input (cmd=cmd at entry=0xa01a50) at imap-client.c:778 client = 0xa00f40 ---Type to continue, or q to quit--- command = __FUNCTION__ = "client_command_input" #12 0x0000000000417514 in client_command_input (cmd=0xa01a50) at imap-client.c:839 client = 0xa00f40 command = __FUNCTION__ = "client_command_input" #13 0x00000000004177f5 in client_handle_next_command (remove_io_r=, client=0xa00f40) at imap-client.c:877 No locals. #14 client_handle_input (client=client at entry=0xa00f40) at imap-client.c:889 _data_stack_cur_id = 3 ret = 2 remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" #15 0x0000000000417ba2 in client_input (client=0xa00f40) at imap-client.c:931 cmd = output = 0xa062d0 bytes = 39 __FUNCTION__ = "client_input" #16 0x00007fbf2637478e in io_loop_call_io (io=0x9ffb60) at ioloop.c:439 ioloop = 0x9dc740 t_id = __FUNCTION__ = "io_loop_call_io" #17 0x00007fbf263757b7 in io_loop_handler_run_internal (ioloop=) at ioloop-epoll.c:206 ctx = 0x9dd3d0 events = 0xa955f0 event = 0x9de240 list = 0x9dee30 io = 0xa955f0 tv = {tv_sec = 29, tv_usec = 742827} events_count = msecs = ret = 1 i = call = __FUNCTION__ = "io_loop_handler_run_internal" #18 0x00007fbf26374819 in io_loop_call_io (io=0x9dc740) at ioloop.c:443 ioloop = 0x7fff64b533f0 t_id = 0 __FUNCTION__ = "io_loop_call_io" #19 0x00007fbf26321a23 in master_service_run (service=0x9dc740, callback=callback at entry=0x420d20 ) at master-service.c:566 No locals. #20 0x000000000040c1e8 in main (argc=1, argv=0x9dc390) at main.c:410 set_roots = {0x428960, 0x0} login_set = {auth_socket_path = 0x9d4048 "\001", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x420bb0 , failure_callback = 0x4208c0 , request_auth_token = 1} service_flags = storage_service_flags = username = 0x9dc5d0 "@?" c = -----> end backtrace <----- Have you any idea how I can solve this? Many thanks Urban Loesch doveconf -n: # 2.2.13 (705fd8f3f485): /etc/dovecot/dovecot.conf # OS: Linux 3.4.67-vs2.3.3.9-rol-em64t-efigpt x86_64 Debian 7.5 ext4 auth_cache_negative_ttl = 0 auth_cache_size = 40 M auth_cache_ttl = 1 weeks auth_mechanisms = plain login deliver_log_format = msgid=%m: %$ %p %w disable_plaintext_auth = no info_log_path = syslog login_trusted_networks = INTERNAL_IP mail_gid = mailstore mail_location = mdbox:/home/vmail/%d/%n mail_log_prefix = "%s(%u pid:%p session:<%{session}>): " mail_plugins = " quota mail_log notify acl zlib stats virtual" mail_uid = mailstore managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate imapflags notify mdbox_rotate_size = 10 M namespace { list = children location = mdbox:/home/vmail/%%d/%%n prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { hidden = no inbox = no list = children location = virtual:/home/virtual:INDEX=~/virtual prefix = [mymail]/ separator = / subscriptions = yes type = private } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Items" { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } mailbox [mymail]/All { auto = no special_use = \All } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-sql-account.conf driver = sql } plugin { acl = vfile acl_shared_dict = file:/home/vmail/%d/shared-mailboxes mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change save mailbox_create append mail_log_fields = uid box msgid size from mail_log_group_events = no quota = dict:Storage used::file:%h/dovecot-quota quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_max_redirects = 15 stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 16 M stats_refresh = 30 secs stats_session_min_time = 15 mins stats_track_cmds = no stats_user_min_time = 1 hours zlib_save = gz zlib_save_level = 9 } protocols = imap pop3 lmtp sieve service auth { unix_listener auth-userdb { group = mailstore mode = 0660 user = root } } service imap-login { inet_listener imap { port = 143 } process_limit = 48 process_min_avail = 3 service_count = 1 } service imap { process_limit = 48 process_min_avail = 2 service_count = 1 } service lmtp { inet_listener lmtp { port = 24 } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service pop3-login { inet_listener pop3 { port = 110 } process_limit = 16 process_min_avail = 2 service_count = 1 } service pop3 { process_limit = 16 process_min_avail = 2 service_count = 1 } service quota-warning { executable = script /usr/local/rol/dovecot/quota-warning.sh unix_listener quota-warning { user = mailstore } user = mailstore } service stats { fifo_listener stats-mail { mode = 0600 user = mailstore } } ssl = no ssl_cert = mail_max_userip_connections = 20 mail_plugins = " quota mail_log notify acl zlib stats virtual imap_quota imap_acl imap_zlib imap_stats" } protocol pop3 { mail_plugins = " quota mail_log notify acl zlib stats virtual" pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_lock_session = yes pop3_logout_format = bytes_sent=%o top=%t/%p, retr=%r/%b, del=%d/%m, size=%s uidl_hash=%u session=<%{session}> pop3_reuse_xuidl = yes } From franz at qnipp.com Thu Jun 26 08:28:54 2014 From: franz at qnipp.com (Franz Knipp) Date: Thu, 26 Jun 2014 10:28:54 +0200 Subject: Bug in quota_get_status Message-ID: <53ABD9C6.9070801@qnipp.com> Hi, the configuration option lmtp_rcpt_check_quota = yes didn't work, so I traced down the problem: quota_get_status (quota_storage.c:89) calls quota_test_alloc (quota.c:1352) with size = 0 bytes, which leads always to a FALSE result in quota_is_over (quota.c:1305). I've fixed the function quota_is_over by considering ctx->bytes_over and ctx->count_over. See the included patch. Kind regards, Franz -- Franz Knipp, +43 664 3980169 qnipp GmbH, Hauptstra?e 54, 7064 Oslip, ?sterreich http://qnipp.com http://qnipp.com/qnipp.vcf -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot-2.2.13-quota_is_over.patch Type: text/x-patch Size: 611 bytes Desc: not available URL: From adi at cg.tuwien.ac.at Thu Jun 26 09:53:49 2014 From: adi at cg.tuwien.ac.at (Adi Kriegisch) Date: Thu, 26 Jun 2014 11:53:49 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <537CFB12.5070009@sys4.de> References: <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> <53779EDB.9050908@sys4.de> <5378F610.6040102@goodrick.ch> <5379000F.1050503@sys4.de> <537CE6CB.6070908@goodrick.ch> <537CFB12.5070009@sys4.de> Message-ID: <20140626095349.GA28654@vrvis.at> On Wed, May 21, 2014 at 09:14:26PM +0200, Robert Schetterer wrote: > Am 21.05.2014 19:47, schrieb Sebastian Goodrick: > > I just installed the (rapid-ssl) certificate and it works now. > > Needless to say that I don't understand it. The old certificate worked > > with all other clients but win8/outlook, plus the old dovecot install > > worked with win8/outlook as well. I am struggling with the same issue for some time now: win8/outlook isn't able to connect to dovecot 2.2.9 (from Debian/backports); the error on the outlook side of things is 0x800CCC0E which is really helpful. The suggestion to disable TLSv1.2 on the windows side is dangerous: win8/8.1 requires TLSv1.2 for downloading updates -- no TLSv1.2, no updates. If absolutely necessary, disable TLSv1.2 on the dovecot side of things! I decided to do some additional debugging by running 'openssl s_server' on the imap server with the very same certificates and settings (as far as it is possible with s_server) on a different port, changed the port in outlook and manually proxied the imap requests through: That way outlook works just fine: openssl s_server -tls1_2 -accept 8993 -cert /etc/dovecot/my.crt \ -key /etc/dovecot/private/my.key -serverpref -cipher '...(*)' \ -dhparam /root/group16.pem (group16.pem contains 4096bit DH params that are standardized; on the dovecot side, the dhparam length is set to 4096bit as well) The very same thing happens with two different classes of ciphers: ECDHE-RSA-AES256-SHA (which is what win8/outlook used to use before the last update) and with DHE-RSA-AES256-GCM-SHA384 (which was just recently added by the last update by Microsoft). So neither EC nor DHE cause any changes in the behavior (as I was suspecting dovecot's dh params for some time). I think something in the handshake doesn't work the way it should and causes ms crypto api (v6.3 and v6.2) to just close the connection after handshake (a paket capture just shows the client sends a RST after key exchange). > there where some bugfixes with certificates ( windows ) > but that should not impact brand new installs with full recent patch level AFAIK new (pretty cool) ciphers were introduced and I don't see how the issue can be solved by changing the certificate: I used a cert from CACert and a Cert signed by my own CA -- both resulting in a non-working connection between dovecot and outlook on win8(.1). However using the very same certificate with OpenSSL's s_server, the connection worked just fine (as did disabling TLSv1.2) -- both indicators that the certificates are just fine. The only thing I can imagine that EC and DHE have in common are some SSL extensions like session tickets (which outlook tried to use). Here are the details of the session outlook established with s_server: openssl sess_id -text -in param SSL-Session: Protocol : TLSv1.2 Cipher : C014 ## this is ECDHE-RSA-AES256-SHA or: Cipher : 009F ## this is with DHE-RSA-AES256-GCM-SHA384 Session-ID: Session-ID-ctx: 01000000 Master-Key: (...) Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1403774959 Timeout : 7200 (sec) Verify return code: 0 (ok) I hope someone can help me/us out here! Thanks! -- Adi (*) see https://bettercrypto.org for a usable cipher string... From jerry at seibercom.net Thu Jun 26 10:11:43 2014 From: jerry at seibercom.net (Jerry) Date: Thu, 26 Jun 2014 06:11:43 -0400 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <20140626095349.GA28654@vrvis.at> References: <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> <53779EDB.9050908@sys4.de> <5378F610.6040102@goodrick.ch> <5379000F.1050503@sys4.de> <537CE6CB.6070908@goodrick.ch> <537CFB12.5070009@sys4.de> <20140626095349.GA28654@vrvis.at> Message-ID: <20140626061143.62b52ff4@scorpio> On Thu, 26 Jun 2014 11:53:49 +0200, Adi Kriegisch stated: > On Wed, May 21, 2014 at 09:14:26PM +0200, Robert Schetterer wrote: > > Am 21.05.2014 19:47, schrieb Sebastian Goodrick: > > > I just installed the (rapid-ssl) certificate and it works now. > > > Needless to say that I don't understand it. The old certificate worked > > > with all other clients but win8/outlook, plus the old dovecot install > > > worked with win8/outlook as well. > I am struggling with the same issue for some time now: win8/outlook isn't > able to connect to dovecot 2.2.9 (from Debian/backports); the error on the > outlook side of things is 0x800CCC0E which is really helpful. > > The suggestion to disable TLSv1.2 on the windows side is dangerous: > win8/8.1 requires TLSv1.2 for downloading updates -- no TLSv1.2, no > updates. If absolutely necessary, disable TLSv1.2 on the dovecot side of > things! > > I decided to do some additional debugging by running 'openssl s_server' on > the imap server with the very same certificates and settings (as far as it > is possible with s_server) on a different port, changed the port in outlook > and manually proxied the imap requests through: That way outlook works just > fine: > > openssl s_server -tls1_2 -accept 8993 -cert /etc/dovecot/my.crt \ > -key /etc/dovecot/private/my.key -serverpref -cipher '...(*)' \ > -dhparam /root/group16.pem > > (group16.pem contains 4096bit DH params that are standardized; on the > dovecot side, the dhparam length is set to 4096bit as well) > > The very same thing happens with two different classes of ciphers: > ECDHE-RSA-AES256-SHA (which is what win8/outlook used to use before the > last update) and with DHE-RSA-AES256-GCM-SHA384 (which was just recently > added by the last update by Microsoft). So neither EC nor DHE cause any > changes in the behavior (as I was suspecting dovecot's dh params for some > time). > > I think something in the handshake doesn't work the way it should and > causes ms crypto api (v6.3 and v6.2) to just close the connection after > handshake (a paket capture just shows the client sends a RST after key > exchange). > > > > there where some bugfixes with certificates ( windows ) > > but that should not impact brand new installs with full recent patch level > AFAIK new (pretty cool) ciphers were introduced and I don't see how the > issue can be solved by changing the certificate: I used a cert from CACert > and a Cert signed by my own CA -- both resulting in a non-working > connection between dovecot and outlook on win8(.1). > However using the very same certificate with OpenSSL's s_server, the > connection worked just fine (as did disabling TLSv1.2) -- both indicators > that the certificates are just fine. > > The only thing I can imagine that EC and DHE have in common are some SSL > extensions like session tickets (which outlook tried to use). Here are the > details of the session outlook established with s_server: > openssl sess_id -text -in param > SSL-Session: > Protocol : TLSv1.2 > Cipher : C014 ## this is ECDHE-RSA-AES256-SHA > or: > Cipher : 009F ## this is with DHE-RSA-AES256-GCM-SHA384 > Session-ID: > Session-ID-ctx: 01000000 > Master-Key: (...) > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1403774959 > Timeout : 7200 (sec) > Verify return code: 0 (ok) > > I hope someone can help me/us out here! > > Thanks! > > -- Adi > > (*) see https://bettercrypto.org for a usable cipher string... I did some checking on MS forums for this problem. SMTP, Port: 25, Secure(SSL): No, Socket Error: 10060, Error Number: 0x800CCC0E According to many of the posters, the problem is often causes by the AV program blocking or messing with port 25. What version of Outlook are you using anyway? -- Jerry From jerry at seibercom.net Thu Jun 26 10:17:12 2014 From: jerry at seibercom.net (Jerry) Date: Thu, 26 Jun 2014 06:17:12 -0400 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <20140626095349.GA28654@vrvis.at> References: <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> <53779EDB.9050908@sys4.de> <5378F610.6040102@goodrick.ch> <5379000F.1050503@sys4.de> <537CE6CB.6070908@goodrick.ch> <537CFB12.5070009@sys4.de> <20140626095349.GA28654@vrvis.at> Message-ID: <20140626061712.5920a6ad@scorpio> On Thu, 26 Jun 2014 11:53:49 +0200, Adi Kriegisch stated: > I am struggling with the same issue for some time now: win8/outlook isn't > able to connect to dovecot 2.2.9 (from Debian/backports); the error on the > outlook side of things is 0x800CCC0E which is really helpful. A listing of all of Window's error codes: http://support.microsoft.com/kb/942495 -- Jerry From adi at cg.tuwien.ac.at Thu Jun 26 10:24:21 2014 From: adi at cg.tuwien.ac.at (Adi Kriegisch) Date: Thu, 26 Jun 2014 12:24:21 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <20140626061712.5920a6ad@scorpio> References: <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> <53779EDB.9050908@sys4.de> <5378F610.6040102@goodrick.ch> <5379000F.1050503@sys4.de> <537CE6CB.6070908@goodrick.ch> <537CFB12.5070009@sys4.de> <20140626095349.GA28654@vrvis.at> <20140626061712.5920a6ad@scorpio> Message-ID: <20140626102421.GB28654@vrvis.at> Hi! > > I am struggling with the same issue for some time now: win8/outlook isn't > > able to connect to dovecot 2.2.9 (from Debian/backports); the error on the > > outlook side of things is 0x800CCC0E which is really helpful. > > A listing of all of Window's error codes: > > http://support.microsoft.com/kb/942495 Yeah: 0x800CCC0E IXP_E_FAILED_TO_CONNECT Cannot connect to server Pretty helpful error message after all... ;-) Seriously, Outlook (tried 2007 and 2013) use the MS Crypto API for establishing the SSL connection. This works with openssl s_server but does not with dovecot. -- Adi From skdovecot at smail.inf.fh-brs.de Thu Jun 26 11:40:20 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 26 Jun 2014 13:40:20 +0200 (CEST) Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <20140626102421.GB28654@vrvis.at> References: <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> <53779EDB.9050908@sys4.de> <5378F610.6040102@goodrick.ch> <5379000F.1050503@sys4.de> <537CE6CB.6070908@goodrick.ch> <537CFB12.5070009@sys4.de> <20140626095349.GA28654@vrvis.at> <20140626061712.5920a6ad@scorpio> <20140626102421.GB28654@vrvis.at> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 26 Jun 2014, Adi Kriegisch wrote: > >>> I am struggling with the same issue for some time now: win8/outlook isn't >>> able to connect to dovecot 2.2.9 (from Debian/backports); the error on the >>> outlook side of things is 0x800CCC0E which is really helpful. >> >> A listing of all of Window's error codes: >> >> http://support.microsoft.com/kb/942495 > Yeah: > 0x800CCC0E IXP_E_FAILED_TO_CONNECT Cannot connect to server > Pretty helpful error message after all... ;-) Well, _did_ you've verified that the connection is started at all? I mean: http://support.microsoft.com/kb/302339/EN-US "If you are connected to the Internet through MSN, the Microsoft Network, and you attempt to send messages by using an account other than your MSN e-mail account, you may receive an error message that is similar to the following error message: The connection to the server has failed. Account: '', Server: '', Protocol: SMTP, Port: 25, Secure (SSL): No, Socket Error: 10051, Error Number: 0x800CCC0E Cause This behavior can occur because MSN does not allow messages to be sent to another Simple Mail Transfer Protocol (SMTP) server while you are connected to their network." - From that description I would first check if this error means the basic TCP connection. No SSL stuff or something. > Seriously, Outlook (tried 2007 and 2013) use the MS Crypto API for > establishing the SSL connection. This works with openssl s_server but does > not with dovecot. Actually, as Jerry already wrote, some other program may interfere, e.g. an antivirus program that stalls the connection as soon as the connection changes from text to binary after the STARTTLS command. That's what we had problems with. Did you checked the connection with wireshark / tcpdump on the server side? What side sents the last packet, does one side terminates the connection, ... ? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU6wGpHz1H7kL/d9rAQK+1gf/QTiHjIu+YLKLrzmp5L17i7DZuSGqtilG jpBm+psTpDkF1vFC9TA0F0r8JRTUrQAOLQsqfg3EZo7/ANwP+P/sW2wWR51Y3ZLt A5BYydEgFd6d3Tb+c2Zvx+B5/MXbFS/vggPnPnCHdMzCFucZOrevdfmtIKpILkt3 /u3+j3H34OOXXRYqbQcPK8P05wtLw1Rm1h5bMoBGEXeNJHHK53LKX93TRSB2Usza zhRryXw6rtnqlD4O/lkX1Z9K4CPsH8KHZAOHDRda/6mwBmrAIo4z/azajCjRZIcs GBgOh0Z50uu7SQQ36dthn7c9zB0x/Fcj0BTI3pehgILY+z1/QgdW5A== =7yQ4 -----END PGP SIGNATURE----- From leolistas at solutti.com.br Thu Jun 26 12:03:47 2014 From: leolistas at solutti.com.br (Leonardo Rodrigues) Date: Thu, 26 Jun 2014 09:03:47 -0300 Subject: question on lmtp logged message In-Reply-To: <53abbe7f.9048b40a.0d8f.fffff185SMTPIN_ADDED_BROKEN@mx.google.com> References: <53AAEE8D.9050604@solutti.com.br> <53abbe7f.9048b40a.0d8f.fffff185SMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: <53AC0C23.2070309@solutti.com.br> Em 26/06/14 03:32, Steffen Kaiser escreveu: > > On Wed, 25 Jun 2014, Leonardo Rodrigues wrote: > >> Anyway, sometimes LMTP seems to not be able to deliver some >> messages and keep them on postfixqueue. And on the next or third try, >> the message gets delivered successfully. The logged message, however, >> is not helping me identify what is happening.Example: >> >> (error - message was expunged) >> Jun 25 11:49:39 correio postfix/lmtp[21835]: ADB0A1AC05108: >> to=, >> relay=correio.domain.com.br[private/dovecot-lmtp], conn_use=6, >> delay=13, delays=0.07/0/0/13, dsn=4.2.0, status=deferred (host >> correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 >> Message was expunged >> (received-date) (in reply to end of DATA command)) > > What does the Dovecot log says for the delivery attempt? exactly what's reported by postfix, no extra information there Jun 25 11:49:39 correio dovecot: lmtp(766, vanilson.parreira at domain.com.br): 645hNV7hqlP+AgAAHvf8vg: msgid=: save failed to INBOX: Message was expunged (received-date) > How many recipients does the message has and, if so, what about the > other recipients? > After analyzing lots of cases (made a script for doing that), this seems to occur only on messages with more than 1 recipient, usually on messages with lots of recipients (>10) altough i got some on messages with 2 or 3. Some days ago, when trying to optimize somethings on the server, i changed two dovecot parameters: maildir_copy_with_hardlinks to yes pop3_fast_size_lookups to yes previously, both were no. I have returned both values to 'no' and this situation, 'message was expunged' seems to not be occurring anymore. Can this behavior by any chance related to these settings ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, N?O mandem email gertrudes at solutti.com.br My SPAMTRAP, do not email it From adi at cg.tuwien.ac.at Thu Jun 26 12:13:29 2014 From: adi at cg.tuwien.ac.at (Adi Kriegisch) Date: Thu, 26 Jun 2014 14:13:29 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: References: <536C92E0.8040107@sys4.de> <53779EDB.9050908@sys4.de> <5378F610.6040102@goodrick.ch> <5379000F.1050503@sys4.de> <537CE6CB.6070908@goodrick.ch> <537CFB12.5070009@sys4.de> <20140626095349.GA28654@vrvis.at> <20140626061712.5920a6ad@scorpio> <20140626102421.GB28654@vrvis.at> Message-ID: <20140626121327.GC28654@vrvis.at> Hey! > >0x800CCC0E IXP_E_FAILED_TO_CONNECT Cannot connect to server > >Pretty helpful error message after all... ;-) > > Well, _did_ you've verified that the connection is started at all? Yup. As written in my first mail, the client tears down the connection after the ssl key exchange with a FIN,ACK. > I mean: http://support.microsoft.com/kb/302339/EN-US > > "If you are connected to the Internet through MSN, the Microsoft > Network, and you attempt to send messages by using an account other (...) > (SSL): No, Socket Error: 10051, Error Number: 0x800CCC0E The windows machine is a vm on my machine. No antivirus, no nothing inbetween -- just win8.1 (at the latest patch level) and outlook. > Did you checked the connection with wireshark / tcpdump on the > server side? What side sents the last packet, does one side > terminates the connection, ... ? Yes. And as I said already: the connection with s_server works from the very same setup. Here is a log extract from just right now with 'verbose_ssl': Jun 26 13:56:36 mail dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Jun 26 13:56:36 mail dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [10.10.10.20] Jun 26 13:56:36 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [10.10.10.20] Jun 26 13:56:36 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [10.10.10.20] Jun 26 13:56:36 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [10.10.10.20] Jun 26 13:56:36 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [10.10.10.20] Jun 26 13:56:36 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [10.10.10.20] Jun 26 13:56:36 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [10.10.10.20] Jun 26 13:56:36 mail dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [10.10.10.20] Jun 26 13:56:36 mail dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [10.10.10.20] Jun 26 13:56:36 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.10.10.20, lip=10.10.10.10, TLS handshaking: Disconnected So, yes, I guess outlook talks to dovecot... -- Adi From bind at enas.net Thu Jun 26 13:10:46 2014 From: bind at enas.net (Urban Loesch) Date: Thu, 26 Jun 2014 15:10:46 +0200 Subject: [UPDATE]: Another Crash in service imap with version 2.2.13 - Debian Wheezy In-Reply-To: <53ABCAE7.3020208@enas.net> References: <53ABCAE7.3020208@enas.net> Message-ID: <53AC1BD6.6020801@enas.net> Hi, short update. I switched back to Debian Squeeze. Same Dovecot Version 2.2.13. The crash happens also on Squeeze. Very strange is that the crash don't happened yesterday. And it happens only to one certain user. Other users with the same iOS "os-version=7.1.1 (11D201)" aren't affected. Also very strange is, that the crash doens't happen every time (I don't saw that before). Logs in cronological order from the last attempt: ... Jun 26 15:00:07 mailstore dovecot: imap-login: ID sent: x-session-id=1ji1xbz8fACXEq4b, x-originating-ip=CLIENT_IP, x-originating-port=51580, x-connected-ip=PROXY_IP, x-connected-port=143, x-proxy-ttl=4: user=<>, rip=CLIENT_IP, lip=PROXY_IP, secured, session=<1ji1xbz8fACXEq4b> Jun 26 15:00:08 mailstore dovecot: imap-login: Login: user=, method=PLAIN, rip=CLIENT_IP, lip=PROXY_IP, mpid=6407, secured, session=<1ji1xbz8fACXEq4b> Jun 26 15:00:08 mailstore dovecot: imap(user at domain.net pid:6407 session:<1ji1xbz8fACXEq4b>): ID sent: name=iPhone Mail, version=11D201, os=iOS, os-version=7.1.1 (11D201) Jun 26 15:00:09 mailstore dovecot: imap(user at domain.net pid:6407 session:<1ji1xbz8fACXEq4b>): Fatal: master: service(imap): child 6407 killed with signal 11 (core dumped) Jun 26 15:00:09 mailstore dovecot: imap-login: ID sent: x-session-id=hWTKxbz8gACXEq4b, x-originating-ip=CLIENT_IP, x-originating-port=51584, x-connected-ip=PROXY_IP, x-connected-port=143, x-proxy-ttl=4: user=<>, rip=CLIENT_IP, lip=PROXY_IP, secured, session= Jun 26 15:00:09 mailstore dovecot: imap-login: Login: user=, method=PLAIN, rip=CLIENT_IP, lip=PROXY_IP, mpid=46064, secured, session= Jun 26 15:00:09 mailstore dovecot: imap(user at domain.net pid:46064 session:): ID sent: name=iPhone Mail, version=11D201, os=iOS, os-version=7.1.1 (11D201) Jun 26 15:00:09 mailstore dovecot: imap(user at domain.net pid:46064 session:): Fatal: master: service(imap): child 46064 killed with signal 11 (core dumped) Jun 26 15:00:18 mailstore dovecot: imap-login: ID sent: x-session-id=M7BRxrz8iQCXEq4b, x-originating-ip=CLIENT_IP, x-originating-port=51593, x-connected-ip=PROXY_IP, x-connected-port=143, x-proxy-ttl=4: user=<>, rip=CLIENT_IP, lip=PROXY_IP, secured, session= Jun 26 15:00:18 mailstore dovecot: imap-login: Login: user=, method=PLAIN, rip=CLIENT_IP, lip=PROXY_IP, mpid=41143, secured, session= Jun 26 15:00:18 mailstore dovecot: imap(user at domain.net pid:41143 session:): ID sent: name=iPhone Mail, version=11D201, os=iOS, os-version=7.1.1 (11D201) Jun 26 15:02:17 mailstore dovecot: imap(user at domain.net pid:41143 session:): Connection closed bytes=341/1991 session= ... The last session has been endet normallly. Very strange to me. I think this is a problem only with that specific user and his Iphone. On the other hand, the crash isn't fine at all. Thanks Urban Loesch -------- Original-Nachricht -------- Betreff: Another Crash in service imap with version 2.2.13 - Debian Wheezy Datum: Thu, 26 Jun 2014 09:25:27 +0200 Von: Urban Loesch Antwort an: Dovecot Mailing List An: Dovecot Mailing List Hi, yesterday I updated my second server from Debian Squeeze to Debian Wheezy. Since todaay I get the followinig errors in my logs: Error-Log: ... Jun 26 09:08:28 mailstore dovecot: imap(user at domain.net pid:28898 session:): Fatal: master: service(imap): child 28898 killed with signal 11 (core dumped) ... Mail-log ... Jun 26 09:08:28 mailstore dovecot: imap-login: ID sent: x-session-id=iuMX3Lf8fACXLrFC, x-originating-ip=CLIENT_IP, x-originating-port=52092, x-connected-ip=PROXY_IP, x-connected-port=143, x-proxy-ttl=4: user=<>, rip=CLIENT_IP, lip=PROXY_IP, secured, session= Jun 26 09:08:28 mailstore dovecot: imap-login: Login: user=, method=PLAIN, rip=CLIENT_IP, lip=PROXY_IP, mpid=28898, secured, session= Jun 26 09:08:28 mailstore dovecot: imap(user at domain.net pid:28898 session:): ID sent: name=iPhone Mail, version=11D201, os=iOS, os-version=7.1.1 (11D201) Jun 26 09:08:28 mailstore dovecot: imap(user at domain.net pid:28898 session:): Fatal: master: service(imap): child 28898 killed with signal 11 (core dumped) ... I made a backtrace: -----> start backtrace <----- [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `dovecot/imap'. Program terminated with signal 11, Segmentation fault. #0 0x0000000000000000 in ?? () (gdb) bt full #0 0x0000000000000000 in ?? () No symbol table info available. #1 0x00007fbf26650c44 in mailbox_save_cancel (_ctx=) at mail-storage.c:2116 ctx = 0xa95500 keywords = 0x0 mail = #2 0x00007fbf2665104f in mailbox_save_begin (ctx=ctx at entry=0x7fff64b53048, input=0xaaaea0) at mail-storage.c:2041 box = 0xa6f800 ret = #3 0x00007fbf26648bb6 in mail_storage_try_copy (mail=0xa90d20, _ctx=0x7fff64b53048) at mail-copy.c:76 ctx = 0xa95500 pmail = 0xa90d20 input = 0xaaaea0 #4 mail_storage_copy (ctx=0x0, mail=0xa90d20) at mail-copy.c:101 No locals. #5 0x00007fbf24f12679 in notify_copy (ctx=0xa95500, mail=0xa90d20) at notify-storage.c:107 lt = 0xa8bdd0 lbox = 0xa70870 ret = #6 0x00007fbf2573d06b in acl_copy (ctx=0xa95500, mail=0xa90d20) at acl-mailbox.c:435 t = abox = 0xa6fe48 #7 0x00007fbf26650e8d in mailbox_copy (_ctx=_ctx at entry=0x7fff64b53190, mail=0xa90d20) at mail-storage.c:2152 ctx = 0xa95500 t = 0xa8de20 keywords = 0x0 pvt_flags = 0 backend_mail = 0xa90d20 ret = __FUNCTION__ = "mailbox_copy" #8 0x000000000040dd34 in fetch_and_copy (copy_count_r=, src_uidset_r=, search_args=, src_trans_r=0x7fff64b53168, t=0xa8de20, move=false, client=0xa00f40) at cmd-copy.c:70 search_ctx = 0xa90a80 src_trans = 0xa8f3f0 srcset_ctx = {str = 0x9d4318, first_uid = 0, last_uid = 4294967295} ret = 1 save_ctx = 0x0 mail = 0xa90d20 copy_count = 1 src_uidset = 0x9d4318 #9 cmd_copy_full (cmd=0xa01a50, move=false) at cmd-copy.c:123 client = 0xa00f40 dest_storage = destbox = 0xa6f800 t = 0xa8de20 src_trans = search_args = 0xa6e7f0 messageset = 0xa04410 "1309,1310" mailbox = 0xa04420 "[rolmail]/Unseen" src_uidset = sync_flags = 0 imap_flags = 0 changes = {pool = 0x7fff64b53290, uid_validity = 1689596352, saved_uids = {arr = {buffer = 0x9dd0f0, element_size = 10492496}, v = 0x9dd0f0, v_modifiable = 0x9dd0f0}, ignored_modseq_changes = 10492496, changed = false, no_read_perm = false} copy_count = msg = ret = __FUNCTION__ = "cmd_copy_full" #10 0x000000000041841c in command_exec (cmd=cmd at entry=0xa01a50) at imap-commands.c:158 hook = 0x9dd100 ret = #11 0x0000000000417480 in client_command_input (cmd=cmd at entry=0xa01a50) at imap-client.c:778 client = 0xa00f40 ---Type to continue, or q to quit--- command = __FUNCTION__ = "client_command_input" #12 0x0000000000417514 in client_command_input (cmd=0xa01a50) at imap-client.c:839 client = 0xa00f40 command = __FUNCTION__ = "client_command_input" #13 0x00000000004177f5 in client_handle_next_command (remove_io_r=, client=0xa00f40) at imap-client.c:877 No locals. #14 client_handle_input (client=client at entry=0xa00f40) at imap-client.c:889 _data_stack_cur_id = 3 ret = 2 remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" #15 0x0000000000417ba2 in client_input (client=0xa00f40) at imap-client.c:931 cmd = output = 0xa062d0 bytes = 39 __FUNCTION__ = "client_input" #16 0x00007fbf2637478e in io_loop_call_io (io=0x9ffb60) at ioloop.c:439 ioloop = 0x9dc740 t_id = __FUNCTION__ = "io_loop_call_io" #17 0x00007fbf263757b7 in io_loop_handler_run_internal (ioloop=) at ioloop-epoll.c:206 ctx = 0x9dd3d0 events = 0xa955f0 event = 0x9de240 list = 0x9dee30 io = 0xa955f0 tv = {tv_sec = 29, tv_usec = 742827} events_count = msecs = ret = 1 i = call = __FUNCTION__ = "io_loop_handler_run_internal" #18 0x00007fbf26374819 in io_loop_call_io (io=0x9dc740) at ioloop.c:443 ioloop = 0x7fff64b533f0 t_id = 0 __FUNCTION__ = "io_loop_call_io" #19 0x00007fbf26321a23 in master_service_run (service=0x9dc740, callback=callback at entry=0x420d20 ) at master-service.c:566 No locals. #20 0x000000000040c1e8 in main (argc=1, argv=0x9dc390) at main.c:410 set_roots = {0x428960, 0x0} login_set = {auth_socket_path = 0x9d4048 "\001", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x420bb0 , failure_callback = 0x4208c0 , request_auth_token = 1} service_flags = storage_service_flags = username = 0x9dc5d0 "@?" c = -----> end backtrace <----- Have you any idea how I can solve this? Many thanks Urban Loesch doveconf -n: # 2.2.13 (705fd8f3f485): /etc/dovecot/dovecot.conf # OS: Linux 3.4.67-vs2.3.3.9-rol-em64t-efigpt x86_64 Debian 7.5 ext4 auth_cache_negative_ttl = 0 auth_cache_size = 40 M auth_cache_ttl = 1 weeks auth_mechanisms = plain login deliver_log_format = msgid=%m: %$ %p %w disable_plaintext_auth = no info_log_path = syslog login_trusted_networks = INTERNAL_IP mail_gid = mailstore mail_location = mdbox:/home/vmail/%d/%n mail_log_prefix = "%s(%u pid:%p session:<%{session}>): " mail_plugins = " quota mail_log notify acl zlib stats virtual" mail_uid = mailstore managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate imapflags notify mdbox_rotate_size = 10 M namespace { list = children location = mdbox:/home/vmail/%%d/%%n prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { hidden = no inbox = no list = children location = virtual:/home/virtual:INDEX=~/virtual prefix = [mymail]/ separator = / subscriptions = yes type = private } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Items" { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } mailbox [mymail]/All { auto = no special_use = \All } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-sql-account.conf driver = sql } plugin { acl = vfile acl_shared_dict = file:/home/vmail/%d/shared-mailboxes mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change save mailbox_create append mail_log_fields = uid box msgid size from mail_log_group_events = no quota = dict:Storage used::file:%h/dovecot-quota quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_max_redirects = 15 stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 16 M stats_refresh = 30 secs stats_session_min_time = 15 mins stats_track_cmds = no stats_user_min_time = 1 hours zlib_save = gz zlib_save_level = 9 } protocols = imap pop3 lmtp sieve service auth { unix_listener auth-userdb { group = mailstore mode = 0660 user = root } } service imap-login { inet_listener imap { port = 143 } process_limit = 48 process_min_avail = 3 service_count = 1 } service imap { process_limit = 48 process_min_avail = 2 service_count = 1 } service lmtp { inet_listener lmtp { port = 24 } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service pop3-login { inet_listener pop3 { port = 110 } process_limit = 16 process_min_avail = 2 service_count = 1 } service pop3 { process_limit = 16 process_min_avail = 2 service_count = 1 } service quota-warning { executable = script /usr/local/rol/dovecot/quota-warning.sh unix_listener quota-warning { user = mailstore } user = mailstore } service stats { fifo_listener stats-mail { mode = 0600 user = mailstore } } ssl = no ssl_cert = mail_max_userip_connections = 20 mail_plugins = " quota mail_log notify acl zlib stats virtual imap_quota imap_acl imap_zlib imap_stats" } protocol pop3 { mail_plugins = " quota mail_log notify acl zlib stats virtual" pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_lock_session = yes pop3_logout_format = bytes_sent=%o top=%t/%p, retr=%r/%b, del=%d/%m, size=%s uidl_hash=%u session=<%{session}> pop3_reuse_xuidl = yes } From skdovecot at smail.inf.fh-brs.de Thu Jun 26 14:06:23 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 26 Jun 2014 16:06:23 +0200 (CEST) Subject: question on lmtp logged message In-Reply-To: <53AC0C23.2070309@solutti.com.br> References: <53AAEE8D.9050604@solutti.com.br> <53abbe7f.9048b40a.0d8f.fffff185SMTPIN_ADDED_BROKEN@mx.google.com> <53AC0C23.2070309@solutti.com.br> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 26 Jun 2014, Leonardo Rodrigues wrote: > Em 26/06/14 03:32, Steffen Kaiser escreveu: >> >> On Wed, 25 Jun 2014, Leonardo Rodrigues wrote: >> >>> Anyway, sometimes LMTP seems to not be able to deliver some messages >>> and keep them on postfixqueue. And on the next or third try, the message >>> gets delivered successfully. The logged message, however, is not helping >>> me identify what is happening.Example: >>> >>> (error - message was expunged) >>> Jun 25 11:49:39 correio postfix/lmtp[21835]: ADB0A1AC05108: >>> to=, >>> relay=correio.domain.com.br[private/dovecot-lmtp], conn_use=6, delay=13, >>> delays=0.07/0/0/13, dsn=4.2.0, status=deferred (host >>> correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 >>> Message was expunged (received-date) (in >>> reply to end of DATA command)) >> >> What does the Dovecot log says for the delivery attempt? > > exactly what's reported by postfix, no extra information there > > Jun 25 11:49:39 correio dovecot: lmtp(766, vanilson.parreira at domain.com.br): > 645hNV7hqlP+AgAAHvf8vg: > msgid=: save failed to INBOX: > Message was expunged (received-date) > >> How many recipients does the message has and, if so, what about the other >> recipients? > > After analyzing lots of cases (made a script for doing that), this seems > to occur only on messages with more than 1 recipient, usually on messages > with lots of recipients (>10) altough i got some on messages with 2 or 3. > > Some days ago, when trying to optimize somethings on the server, i > changed two dovecot parameters: > > maildir_copy_with_hardlinks to yes > pop3_fast_size_lookups to yes > > previously, both were no. I have returned both values to 'no' and this > situation, 'message was expunged' seems to not be occurring anymore. Can this > behavior by any chance related to these settings ? > maildir_copy_with_hardlinks is set on my server, too. It's the default now. I do not see these errors. Can you check if the failed recipient is _never_ the first one? I remember some discussions about that the Dovecot LDA has to re-open the storred message of the first recipient, in order to spool it for the other ones. That caused problems because the server used an user-specific encryption key. If that applies to LMTP, too, this might become problematic, if the first recipient deletes the message very quickly. Therefore my question, if the error pops up for the second recipient and maybe all following ones. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU6wo4Hz1H7kL/d9rAQIstQf/T1gj/rSwe68Lz8TkdsRbDdnFCp8XHmSP EDsoCapxWxfJi9Vb7wXHoklHeqb9Qxj2lYF+130/wIRQytJge26PnRHjR+CGl5Y6 2QMfpUyHvSoRD6aRI5DTLy4UI2ZLZJt4U22vkyMrjvDeXk8IYW+kShP17fRT0n7W tiESIuoOn2RMBhlHktrhJhvTIvwj4tI6cO9oSHJayG3gD+tYvK5Hpd7b6/PEMY+w NTn4Y7CWyzlsop4K7EgcODsxgSuFjA8YLZqK3Ugi3bmji3rEkdI65fIowPOv4vey oHnDk7u6+gv9vzKRBI09jgqigV+n01T6aUwF3ignghuMngpm2sEE7g== =g8Gw -----END PGP SIGNATURE----- From przemek.orzechowski at makolab.pl Thu Jun 26 14:52:21 2014 From: przemek.orzechowski at makolab.pl (=?UTF-8?B?UHJ6ZW15c8WCYXcgT3J6ZWNob3dza2k=?=) Date: Thu, 26 Jun 2014 16:52:21 +0200 Subject: quota warning configuration problem Message-ID: <53AC33A5.10805@makolab.pl> Hi Im trying to setup automatic quota warning in dovecot but somehow cant get it to work Quota usage is displayed properly in roundcube so quota plugin is working. But somehow i cant get quota warning to work my dovecot is 2.2.9 (stock version in ubuntu) doveconf -n output in attached file dovecot-quota-warning-sh is as found in wiki Best regards Przemys?aw Orzechowski -------------- next part -------------- # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-29-generic x86_64 Ubuntu 14.04 LTS auth_mechanisms = plain login imap_client_workarounds = delay-newmail mail_location = maildir:~/Maildir:INDEX=/var/lib/dovecot-virtualmin/index/%u:CONTROL=/var/lib/dovecot-virtualmin/control/%u mail_plugins = quota namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { quota = fs:Limit_uzytkownika:user quota2 = fs:Limit_domeny:group quota_warning = storage=95%% quota-warning 95 %u quota_warning01 = Limit_uzytkownika=95%% quota-warning 95 %u quota_warning02 = Limit_uzytkownika=80%% quota-warning 80 %u quota_warning2 = storage=90%% quota-warning 80 %u } postmaster_address = postmaster@ protocols = imap pop3 pop3 service imap-login { inet_listener imap { port = 0 } inet_listener imaps { address = * port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { address = * port = 995 ssl = yes } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl_ca = References: <53ABD9C6.9070801@qnipp.com> Message-ID: On 26.06.2014, at 10:28, Franz Knipp wrote: > the configuration option > > lmtp_rcpt_check_quota = yes I noticed that too, and my quick&dirty fix was to make quota_get_status() call quota_test_alloc() with size = 1, which fixes the problem as well. See patch below [1]. > didn't work, so I traced down the problem: > > quota_get_status (quota_storage.c:89) calls quota_test_alloc > (quota.c:1352) with size = 0 bytes, which leads always to a FALSE result > in quota_is_over (quota.c:1305). > > I've fixed the function quota_is_over by considering ctx->bytes_over and > ctx->count_over. See the included patch. I keep wondering why quota_is_over() does not just check ctx->*_over in the first place instead of doing math with ctx->*_used and ctx->*_ceil. It would seem so much easier. So either ctx->*over was added after quota_is_over() had been written, or this is an oversight, or there?s a specific reason the author did not use/trust ctx->*_over and preferred doing it in a more complicated way. Grepping trough the file, I see much more places the the ctx->*_used and ctx->*_ceil get updated compared to ctx->*_over, so that might indicate that the latter is only updated in specific cases, and cannot be trusted under all circumstances. Then again, I just took a short look at the quota code, so this hunch might me completely wrong. Markus [1] --- src/plugins/quota/quota-storage.c.orig 2014-05-24 17:06:44.822308741 +0200 +++ src/plugins/quota/quota-storage.c 2014-05-24 17:06:55.340307810 +0200 @@ -86,7 +86,7 @@ if ((items & STATUS_CHECK_OVER_QUOTA) != 0) { qt = quota_transaction_begin(box); - if ((ret = quota_test_alloc(qt, 0, &too_large)) == 0) { + if ((ret = quota_test_alloc(qt, 1, &too_large)) == 0) { mail_storage_set_error(box->storage, MAIL_ERROR_NOSPACE, qt->quota->set->quota_exceeded_msg); ret = -1; From rs at sys4.de Thu Jun 26 15:13:20 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 26 Jun 2014 17:13:20 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <20140626095349.GA28654@vrvis.at> References: <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> <53779EDB.9050908@sys4.de> <5378F610.6040102@goodrick.ch> <5379000F.1050503@sys4.de> <537CE6CB.6070908@goodrick.ch> <537CFB12.5070009@sys4.de> <20140626095349.GA28654@vrvis.at> Message-ID: <53AC3890.7050608@sys4.de> Am 26.06.2014 11:53, schrieb Adi Kriegisch: > On Wed, May 21, 2014 at 09:14:26PM +0200, Robert Schetterer wrote: >> Am 21.05.2014 19:47, schrieb Sebastian Goodrick: >>> I just installed the (rapid-ssl) certificate and it works now. >>> Needless to say that I don't understand it. The old certificate worked >>> with all other clients but win8/outlook, plus the old dovecot install >>> worked with win8/outlook as well. > I am struggling with the same issue for some time now: win8/outlook isn't > able to connect to dovecot 2.2.9 (from Debian/backports); the error on the > outlook side of things is 0x800CCC0E which is really helpful. read again orig thread, i ve tested brand new win 8.1 outlook 2013 install all latest patchlevel with dovecot 2.2.13 tls, no problem, the orig problem had gone using another crt from rapid-ssl by unknown reason, needless to say that there may tons of other reasons why it fails at your site, however im nearly sure tha tthere is no default bug in dovecot > > The suggestion to disable TLSv1.2 on the windows side is dangerous: > win8/8.1 requires TLSv1.2 for downloading updates -- no TLSv1.2, no > updates. If absolutely necessary, disable TLSv1.2 on the dovecot side of > things! > > I decided to do some additional debugging by running 'openssl s_server' on > the imap server with the very same certificates and settings (as far as it > is possible with s_server) on a different port, changed the port in outlook > and manually proxied the imap requests through: That way outlook works just > fine: > > openssl s_server -tls1_2 -accept 8993 -cert /etc/dovecot/my.crt \ > -key /etc/dovecot/private/my.key -serverpref -cipher '...(*)' \ > -dhparam /root/group16.pem > > (group16.pem contains 4096bit DH params that are standardized; on the > dovecot side, the dhparam length is set to 4096bit as well) > > The very same thing happens with two different classes of ciphers: > ECDHE-RSA-AES256-SHA (which is what win8/outlook used to use before the > last update) and with DHE-RSA-AES256-GCM-SHA384 (which was just recently > added by the last update by Microsoft). So neither EC nor DHE cause any > changes in the behavior (as I was suspecting dovecot's dh params for some > time). > > I think something in the handshake doesn't work the way it should and > causes ms crypto api (v6.3 and v6.2) to just close the connection after > handshake (a paket capture just shows the client sends a RST after key > exchange). > > >> there where some bugfixes with certificates ( windows ) >> but that should not impact brand new installs with full recent patch level > AFAIK new (pretty cool) ciphers were introduced and I don't see how the > issue can be solved by changing the certificate: I used a cert from CACert > and a Cert signed by my own CA -- both resulting in a non-working > connection between dovecot and outlook on win8(.1). > However using the very same certificate with OpenSSL's s_server, the > connection worked just fine (as did disabling TLSv1.2) -- both indicators > that the certificates are just fine. > > The only thing I can imagine that EC and DHE have in common are some SSL > extensions like session tickets (which outlook tried to use). Here are the > details of the session outlook established with s_server: > openssl sess_id -text -in param > SSL-Session: > Protocol : TLSv1.2 > Cipher : C014 ## this is ECDHE-RSA-AES256-SHA > or: > Cipher : 009F ## this is with DHE-RSA-AES256-GCM-SHA384 > Session-ID: > Session-ID-ctx: 01000000 > Master-Key: (...) > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1403774959 > Timeout : 7200 (sec) > Verify return code: 0 (ok) > > I hope someone can help me/us out here! > > Thanks! > > -- Adi > > (*) see https://bettercrypto.org for a usable cipher string... > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From ihab_mishriki at hotmail.com Thu Jun 26 15:50:00 2014 From: ihab_mishriki at hotmail.com (ihab_mishriki) Date: Thu, 26 Jun 2014 18:50:00 +0300 Subject: quota warning configuration problem Message-ID: Hello I faced the problem but try to stop mail debug conf from devcot.conf -------- Original message -------- From: Przemys?aw Orzechowski Date:26/06/2014 17:53 (GMT+02:00) To: dovecot at dovecot.org Subject: quota warning configuration problem Hi Im trying to setup automatic quota warning in dovecot but somehow cant get it to work Quota usage is displayed properly in roundcube so quota plugin is working. But somehow i cant get quota warning to work my dovecot is 2.2.9 (stock version in ubuntu) doveconf -n output in attached file dovecot-quota-warning-sh is as found in wiki Best regards Przemys?aw Orzechowski From przemek.orzechowski at makolab.pl Thu Jun 26 17:37:13 2014 From: przemek.orzechowski at makolab.pl (=?UTF-8?B?UHJ6ZW15c8WCYXcgT3J6ZWNob3dza2k=?=) Date: Thu, 26 Jun 2014 19:37:13 +0200 Subject: quota warning configuration problem In-Reply-To: References: Message-ID: <53AC5A49.7090704@makolab.pl> On 26.06.2014 17:50, ihab_mishriki wrote: > Hello > I faced the problem but try to stop mail debug conf from devcot.conf After turning on debug mode i got this line I assume it describes the problem Jun 26 18:57:17 mail dovecot: lda: Debug: auth input: test at domain.tld system_groups_user=test at domain.tld uid=1536 gid=1003 home=/home/domain.tld/homes/test Jun 26 18:57:17 mail dovecot: lda(test at domain.tld): Fatal: setgid(1003(domain.tld) from userdb lookup) failed with euid=108(dovecot), gid=116(dovecot), egid=116(dovecot): Operation not permitted (This binary should probably be called with process group set to 1003(domain.tld) instead of 116(dovecot)) I have multiple domains with unix users in them (all users from domain1.tld have group domain1.tld from domain2 group domain2 and so on). > > -------- Original message -------- > From: Przemys?aw Orzechowski > Date:26/06/2014 17:53 (GMT+02:00) > To: dovecot at dovecot.org > Subject: quota warning configuration problem > > Hi > > Im trying to setup automatic quota warning in dovecot but somehow cant > get it to work > Quota usage is displayed properly in roundcube so quota plugin is working. > But somehow i cant get quota warning to work > my dovecot is 2.2.9 (stock version in ubuntu) > doveconf -n output in attached file > dovecot-quota-warning-sh is as found in wiki > > Best regards > Przemys?aw Orzechowski > From nick.z.edwards at gmail.com Thu Jun 26 22:07:40 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Fri, 27 Jun 2014 08:07:40 +1000 Subject: quota warning configuration problem In-Reply-To: <53AC33A5.10805@makolab.pl> References: <53AC33A5.10805@makolab.pl> Message-ID: I don't use fs, but, service quota-warning { executable = script /usr/local/scripts/quota-warning.sh user = vmail unix_listener quota-warning { mode = 0666 <------------------------------------------------- } } You also have quota_warning2 = storage=90%% quota-warning 80 %u shouldn't that be 90 / 90 or 80 / 80 Not sure on validity of those other "quota_warning02" (zero-%d) etc since we dont use fs, suggest you check, we use maildir (and I dont have time at present to read up on fs to offer any further help right now - need sleep), but maybe try using maildir? quota = maildir quota_rule = *:storage=800M quota_rule2 = Trash:storage=+100M quota_rule3 = Junk:storage=+100M On 6/27/14, Przemys?aw Orzechowski wrote: > Hi > > Im trying to setup automatic quota warning in dovecot but somehow cant > get it to work > Quota usage is displayed properly in roundcube so quota plugin is working. > But somehow i cant get quota warning to work > my dovecot is 2.2.9 (stock version in ubuntu) > doveconf -n output in attached file > dovecot-quota-warning-sh is as found in wiki > > Best regards > Przemys?aw Orzechowski > From przemek.orzechowski at makolab.pl Thu Jun 26 22:34:58 2014 From: przemek.orzechowski at makolab.pl (=?ISO-8859-2?Q?Przemys=B3aw_Orzechowski?=) Date: Fri, 27 Jun 2014 00:34:58 +0200 Subject: quota warning configuration problem In-Reply-To: References: <53AC33A5.10805@makolab.pl> Message-ID: <53ACA012.2060303@makolab.pl> On 27.06.2014 00:07, Nick Edwards wrote: > I don't use fs, but, I got rid of the first problem but it seems quota_warning is usless when using fs backend as its not geting the values from backend althrough they are avaliable to imap clients as those are showing quota info. Seems the limit stays 0 for this backend :/ If i define a static (same for all users) limit with quota_rule = *:storage=200MB quota warning gets executed but there is no way (of wich i know) to get the data from backend. If i try to define something like: quota_rule = *:backend i get an error Initialization failed: Failed to initialize quota: Invalid quota root quota: Invalid rule *:backend: Unknown rule limit name: backend > service quota-warning { > executable = script /usr/local/scripts/quota-warning.sh > user = vmail > unix_listener quota-warning { > mode = 0666 <------------------------------------------------- > } > } > > > You also have > quota_warning2 = storage=90%% quota-warning 80 %u > shouldn't that be 90 / 90 or 80 / 80 > > Not sure on validity of those other "quota_warning02" (zero-%d) etc > since we dont use fs, suggest you check, we use maildir (and I dont > have time at present to read up on fs to offer any further help right > now - need sleep), but maybe try using maildir? > > quota = maildir > quota_rule = *:storage=800M > quota_rule2 = Trash:storage=+100M > quota_rule3 = Junk:storage=+100M > > > > > On 6/27/14, Przemys?aw Orzechowski wrote: >> Hi >> >> Im trying to setup automatic quota warning in dovecot but somehow cant >> get it to work >> Quota usage is displayed properly in roundcube so quota plugin is working. >> But somehow i cant get quota warning to work >> my dovecot is 2.2.9 (stock version in ubuntu) >> doveconf -n output in attached file >> dovecot-quota-warning-sh is as found in wiki >> >> Best regards >> Przemys?aw Orzechowski >> From leolistas at solutti.com.br Thu Jun 26 23:03:15 2014 From: leolistas at solutti.com.br (Leonardo Rodrigues) Date: Thu, 26 Jun 2014 20:03:15 -0300 Subject: question on lmtp logged message In-Reply-To: <53ac290f.aa52b40a.7e68.ffffbba7SMTPIN_ADDED_BROKEN@mx.google.com> References: <53AAEE8D.9050604@solutti.com.br> <53abbe7f.9048b40a.0d8f.fffff185SMTPIN_ADDED_BROKEN@mx.google.com> <53AC0C23.2070309@solutti.com.br> <53ac290f.aa52b40a.7e68.ffffbba7SMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: <53ACA6B3.1020900@solutti.com.br> Hi Steffen, Em 26/06/14 11:06, Steffen Kaiser escreveu: > > maildir_copy_with_hardlinks is set on my server, too. It's the default > now. I do not see these errors. > > Can you check if the failed recipient is _never_ the first one? I > remember some discussions about that the Dovecot LDA has to re-open > the storred message of the first recipient, in order to spool it for > the other ones. That caused problems because the server used an > user-specific encryption key. > > If that applies to LMTP, too, this might become problematic, if the > first recipient deletes the message very quickly. Therefore my > question, if the error pops up for the second recipient and maybe all > following ones. Just did some more scripting and got a total of 1413 distinct emails (distinct queueids) that suffered from this 'message was expunged' problem on the 36 hours i got the problems. As noted before, not even a single one of these 1413 were nrcpt=1. Problems were from nrcpt=2 or greater. So, whatever this is, it really seems to NOT affect single recipient messages. As you suspected, on those 1413 the very first recipient ALWAYS got a status=sent from dovecot/lmtp. "Message was expunged" never happened on the very first recipient delivery. About the first user (the first delivered message) checking the message right after delivery, i tried to confirm that by the logs. To make things a little easier, i used nrcpt=2 and nrcpt=3 situations, just to avoid posting lots of logs here. Case #1 1st recipient delivery OK, failed on 2nd recipient, just delivered successfully on 2nd try Jun 25 17:08:53 correio postfix/qmgr[3059]: 2AFA01BF7496F: from=, size=49366, nrcpt=2 (queue active) Jun 25 17:09:52 correio postfix/lmtp[6029]: 2AFA01BF7496F: to=, relay=correio.domain.com.br[private/dovecot-lmtp], delay=59, delays=0.01/47/0/12, dsn=2.0.0, status=sent (250 2.0.0 UbjnEywqq1MTPwAAHvf8vg Saved) Jun 25 17:09:55 correio postfix/lmtp[6029]: 2AFA01BF7496F: to=, relay=correio.domain.com.br[private/dovecot-lmtp], delay=63, delays=0.01/47/0/16, dsn=4.2.0, status=deferred (host correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 Message was expunged (received-date) (in reply to end of DATA command)) Jun 25 17:24:11 correio postfix/lmtp[26595]: 2AFA01BF7496F: to=, relay=correio.domain.com.br[private/dovecot-lmtp], delay=918, delays=908/0/0/10, dsn=2.0.0, status=sent (250 2.0.0 hWS4JMorq1OIdAAAHvf8vg Saved) and in fact the first recipient was checking its email during the LMTP delivery. This is the actual order of the logs: Jun 25 17:09:47 correio dovecot: pop3-login: Login: user=, method=PLAIN, rip=10.253.x.x, lip=10.252.x.x, mpid=21164 Jun 25 17:09:52 correio postfix/lmtp[6029]: 2AFA01BF7496F: to=, relay=correio.domain.com.br[private/dovecot-lmtp], delay=59, delays=0.01/47/0/12, dsn=2.0.0, status=sent (250 2.0.0 UbjnEywqq1MTPwAAHvf8vg Saved) Jun 25 17:09:52 correio dovecot: pop3(fabio.kado at domain.com.br), rip=10.253.x.x, lip=10.252.x.x: Disconnected: Logged out top=0/0, retr=1/49582, del=1/1, size=49550 and by the size= of the 'disconnected' pop3 log (size=49550) and the size from qmgr (size=49366), user really seems to have checked (and deleted after that) exactly the message right BEFORE the 2nd recipient delivery was tried by LMTP Case #2 1st and 2nd recipient delivery OK, failed on 3rd recipient, just delivered successfully on 2nd try Jun 25 10:00:31 correio postfix/qmgr[804]: EFEB31A4BB227: from=, size=26667, nrcpt=3 (queue active) Jun 25 10:00:47 correio postfix/lmtp[6549]: EFEB31A4BB227: to=, relay=correio.domain.com.br[private/dovecot-lmtp], delay=16, delays=0/0/0/16, dsn=2.0.0, status=sent (250 2.0.0 uTsNO+/HqlOHGQAAHvf8vg Saved) Jun 25 10:00:54 correio postfix/lmtp[6549]: EFEB31A4BB227: to=, relay=correio.domain.com.br[private/dovecot-lmtp], delay=22, delays=0/0/0/22, dsn=2.0.0, status=sent (250 2.0.0 uTsNO+/HqlOHGQAAHvf8vg Saved) Jun 25 10:00:55 correio postfix/lmtp[6549]: EFEB31A4BB227: to=, relay=correio.domain.com.br[private/dovecot-lmtp], delay=24, delays=0/0/0/24, dsn=4.2.0, status=deferred (host correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 Message was expunged (received-date) (in reply to end of DATA command)) Jun 25 10:03:57 correio postfix/lmtp[7312]: EFEB31A4BB227: to=, relay=correio.domain.com.br[private/dovecot-lmtp], delay=205, delays=202/1/0/2.2, dsn=2.0.0, status=sent (250 2.0.0 j1dRAU/IqlN6QAAAHvf8vg Saved) 1st recipient in fact checked email (and deleted the message) right after the delivery. Actual log sequence is: Jun 25 10:00:40 correio dovecot: pop3-login: Login: user=, method=PLAIN, rip=10.253.22.56, lip=10.252.38.2, mpid=7233 Jun 25 10:00:47 correio postfix/lmtp[6549]: EFEB31A4BB227: to=, relay=correio.domain.com.br[private/dovecot-lmtp], delay=16, delays=0/0/0/16, dsn=2.0.0, status=sent (250 2.0.0 uTsNO+/HqlOHGQAAHvf8vg Saved) Jun 25 10:00:48 correio dovecot: pop3(marcos.pereira at domain.com.br), rip=10.253.22.56, lip=10.252.38.2: Disconnected: Logged out top=0/0, retr=1/26872, del=1/1, size=26849 2nd recipient did NOT checked email near the delivery Jun 25 09:54:08 correio dovecot: pop3-login: Login: user=, method=PLAIN, rip=10.253.22.72, lip=10.252.38.2, mpid=29125 Jun 25 09:54:12 correio dovecot: pop3(mario.cabreira at domain.com.br), rip=10.253.22.72, lip=10.252.38.2: Disconnected: Logged out top=0/0, retr=11/1408320, del=11/11, size=1408058 Jun 25 10:06:49 correio dovecot: pop3-login: Login: user=, method=PLAIN, rip=10.253.22.72, lip=10.252.38.2, mpid=13391 Jun 25 10:06:50 correio dovecot: pop3(mario.cabreira at domain.com.br), rip=10.253.22.72, lip=10.252.38.2: Disconnected: Logged out top=0/0, retr=10/1923222, del=10/10, size=1923004 this is interesting ... logs seems to show clearly that right after the message was delivered to the 1st recipient, it was checked and deleted. Despite of that, 2nd recipient got the message successfully delivered. But we have also a delay=22 ... maybe lmtp instance had already opened the message BEFORE it was erased by the 1st user ? this delay is high, i know that and, usually, server do NOT suffer from this delays on deliveries. Anyway, during this problem period, queues were pretty large and, thus, load was very high, which i think explains this unusual delays. With these two cases, it really seems that this is somehow related to: - lmtp as delivery agent - multiple recipient messages - first (or previous users in fact) checked and deleted the message before all the recipients got the message delivery About the two parameters, maildir_copy_with_hardlinks and pop3_fast_size_lookups, i'll try to change them one at a time and try to reproduce the problems. Fact is i only had the problem with both set to yes and problems were completly vanished when both were set to no. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, N?O mandem email gertrudes at solutti.com.br My SPAMTRAP, do not email it From HFlor at gmx.de Fri Jun 27 08:13:40 2014 From: HFlor at gmx.de (Hardy Flor) Date: Fri, 27 Jun 2014 10:13:40 +0200 Subject: [Dovecot] mdbox-files not approximately 2 MB In-Reply-To: <5326964E.1050306@gmx.de> References: <5326964E.1050306@gmx.de> Message-ID: <53AD27B4.5050602@gmx.de> Depending on a defined mail extent a new file should be created. However, I am not clear what is used as this Mail extent. Does the application use the entire contents of a mail (including attachments), or only the mail contents without the actual attachment? Am 17.03.2014 07:29, schrieb Hardy Flor: > there are copies with different size in 3 mailboxes of the user > sequentially about 3800 emails. > why not something 2MB files? > > ------------------------------------- doveconf: > > # 2.2.12: /etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.4 ext4 > mail_attachment_dir = /var/mail/attachments > mail_attachment_hash = %{md5} > mail_attachment_min_size = 16 k > mail_location = mdbox:/var/mail/user/%n > mdbox_rotate_interval = 1 weeks > mdbox_rotate_size = 2 M > > ------------------------------------- directory: > > root at xxx:/var/mail/user/xxx/storage# ls -al > insgesamt 76532 > drwx--S--- 2 vmail mail 4096 M?r 16 13:52 . > drwx--S--- 6 vmail mail 4096 M?r 16 12:10 .. > -rw------- 1 vmail mail 74360 M?r 16 12:39 dovecot.map.index > -rw------- 1 vmail mail 25204 M?r 16 13:52 dovecot.map.index.log > -rw------- 1 vmail mail 63544 M?r 16 12:39 dovecot.map.index.log.2 > -rw------- 1 vmail mail 2092921 M?r 16 12:15 m.00000001 > -rw------- 1 vmail mail 2086746 M?r 16 12:15 m.00000002 > -rw------- 1 vmail mail 2084182 M?r 16 12:15 m.00000003 > -rw------- 1 vmail mail 2096826 M?r 16 12:15 m.00000004 > -rw------- 1 vmail mail 1882666 M?r 16 12:15 m.00000005 > -rw------- 1 vmail mail 1903965 M?r 16 12:15 m.00000006 > -rw------- 1 vmail mail 2091169 M?r 16 12:15 m.00000007 > -rw------- 1 vmail mail 2086396 M?r 16 12:15 m.00000008 > -rw------- 1 vmail mail 507205 M?r 16 12:16 m.00000009 > -rw------- 1 vmail mail 2031456 M?r 16 12:17 m.00000010 > -rw------- 1 vmail mail 2095697 M?r 16 12:17 m.00000011 > -rw------- 1 vmail mail 1689071 M?r 16 12:17 m.00000012 > -rw------- 1 vmail mail 2092124 M?r 16 12:17 m.00000013 > -rw------- 1 vmail mail 1950602 M?r 16 12:17 m.00000014 > -rw------- 1 vmail mail 2092215 M?r 16 12:17 m.00000015 > -rw------- 1 vmail mail 2087463 M?r 16 12:17 m.00000016 > -rw------- 1 vmail mail 2079795 M?r 16 12:17 m.00000017 > -rw------- 1 vmail mail 2014121 M?r 16 12:17 m.00000018 > -rw------- 1 vmail mail 2081893 M?r 16 12:17 m.00000019 > -rw------- 1 vmail mail 2092088 M?r 16 12:17 m.00000020 > -rw------- 1 vmail mail 2090508 M?r 16 12:17 m.00000021 > -rw------- 1 vmail mail 1929296 M?r 16 12:17 m.00000022 > -rw------- 1 vmail mail 2067685 M?r 16 12:17 m.00000023 > -rw------- 1 vmail mail 1745743 M?r 16 12:20 m.00000024 > -rw------- 1 vmail mail 866452 M?r 16 12:20 m.00000025 > -rw------- 1 vmail mail 296379 M?r 16 12:20 m.00000026 > -rw------- 1 vmail mail 433541 M?r 16 12:39 m.00000027 > -rw------- 1 vmail mail 92526 M?r 16 12:39 m.00000028 > -rw------- 1 vmail mail 19094 M?r 16 12:39 m.00000029 > -rw------- 1 vmail mail 106837 M?r 16 12:39 m.00000030 > -rw------- 1 vmail mail 162012 M?r 16 12:39 m.00000031 > -rw------- 1 vmail mail 412080 M?r 16 13:51 m.00000032 > -rw------- 1 vmail mail 1715868 M?r 16 13:51 m.00000033 > -rw------- 1 vmail mail 14433784 M?r 16 13:51 m.00000034 > -rw------- 1 vmail mail 3280 M?r 16 13:51 m.00000035 > -rw------- 1 vmail mail 6308 M?r 16 13:51 m.00000036 > -rw------- 1 vmail mail 534274 M?r 16 13:51 m.00000037 > -rw------- 1 vmail mail 378719 M?r 16 13:51 m.00000038 > -rw------- 1 vmail mail 458528 M?r 16 13:51 m.00000039 > -rw------- 1 vmail mail 192504 M?r 16 13:51 m.00000040 > -rw------- 1 vmail mail 1277766 M?r 16 13:51 m.00000041 > -rw------- 1 vmail mail 33417 M?r 16 13:51 m.00000042 > -rw------- 1 vmail mail 142866 M?r 16 13:51 m.00000043 > -rw------- 1 vmail mail 113529 M?r 16 13:51 m.00000044 > -rw------- 1 vmail mail 55888 M?r 16 13:51 m.00000045 > -rw------- 1 vmail mail 673504 M?r 16 13:51 m.00000046 > -rw------- 1 vmail mail 430738 M?r 16 13:51 m.00000047 > -rw------- 1 vmail mail 218494 M?r 16 13:51 m.00000048 > -rw------- 1 vmail mail 96165 M?r 16 13:51 m.00000049 > -rw------- 1 vmail mail 8370 M?r 16 13:51 m.00000050 > -rw------- 1 vmail mail 29251 M?r 16 13:51 m.00000051 > -rw------- 1 vmail mail 394680 M?r 16 13:51 m.00000052 > -rw------- 1 vmail mail 674892 M?r 16 13:51 m.00000053 > -rw------- 1 vmail mail 1076919 M?r 16 13:51 m.00000054 > -rw------- 1 vmail mail 258806 M?r 16 13:51 m.00000055 > -rw------- 1 vmail mail 60069 M?r 16 13:51 m.00000056 > -rw------- 1 vmail mail 297891 M?r 16 13:51 m.00000057 > -rw------- 1 vmail mail 92772 M?r 16 13:51 m.00000058 > -rw------- 1 vmail mail 129272 M?r 16 13:51 m.00000059 > -rw------- 1 vmail mail 56073 M?r 16 13:51 m.00000060 > -rw------- 1 vmail mail 528260 M?r 16 13:51 m.00000061 > -rw------- 1 vmail mail 29468 M?r 16 13:51 m.00000062 > -rw------- 1 vmail mail 3250 M?r 16 13:51 m.00000063 > -rw------- 1 vmail mail 96445 M?r 16 13:51 m.00000064 > -rw------- 1 vmail mail 337663 M?r 16 13:51 m.00000065 > -rw------- 1 vmail mail 187505 M?r 16 13:51 m.00000066 > -rw------- 1 vmail mail 98839 M?r 16 13:51 m.00000067 > -rw------- 1 vmail mail 5294 M?r 16 13:51 m.00000068 > -rw------- 1 vmail mail 28276 M?r 16 13:51 m.00000069 > -rw------- 1 vmail mail 67950 M?r 16 13:52 m.00000070 > -rw------- 1 vmail mail 704457 M?r 16 13:52 m.00000071 > -rw------- 1 vmail mail 1410205 M?r 16 13:52 m.00000072 > -rw------- 1 vmail mail 736330 M?r 16 13:52 m.00000073 > -rw------- 1 vmail mail 616992 M?r 16 13:52 m.00000074 From laszlo.toth at linguamatics.com Fri Jun 27 10:24:39 2014 From: laszlo.toth at linguamatics.com (Laszlo Toth) Date: Fri, 27 Jun 2014 11:24:39 +0100 Subject: BUG: segfault in auth when user listed multiple times in LDAP Message-ID: <53AD4667.8000102@linguamatics.com> Hi, I think I found a bug in the auth module. It can be triggered when the userdb is in LDAP and an user is found multiple times in LDAP. Dovecot version 2.2.10 (from ATrpms Testing) running on CentOS 6.5 x64. Jun 27 10:34:34 server dovecot: auth: Debug: ldap(USER): user search: base=dc=linguamatics,dc=com scope=subtree filter=( & (uid=user) (| (&(objectClass=posixAccount)(|(employeeType=staff)(employeeType=guest))) (objectClass=account) ) ) fields=uid Jun 27 10:34:34 server kernel: auth[15916]: segfault at 8 ip 00007f45e5aa9bef sp 00007fff5b17e210 error 4 in libauthdb_ldap.so[7f45e5aa4000+a000] Jun 27 10:34:34 server dovecot: auth: Error: ldap(user): LDAP search returned multiple entries Jun 27 10:34:34 server dovecot: auth: Debug: ldap(user): no fields returned by the server Jun 27 10:34:35 server abrtd: Directory 'ccpp-2014-06-27-10:34:34-15916' creation detected Jun 27 10:34:35 server abrt[16137]: Saved core dump of pid 15916 (/usr/libexec/dovecot/auth) to /var/spool/abrt/ccpp-2014-06-27-10:34:34-15916 (2863104 bytes) Jun 27 10:34:35 server dovecot: doveadm(user): Error: userdb lookup(user): Disconnected unexpectedly Jun 27 10:34:35 server dovecot: doveadm(user): Error: sync: User lookup failed: Internal error occurred. Refer to server log for more information. Jun 27 10:34:35 server dovecot: auth: Fatal: master: service(auth): child 15916 killed with signal 11 (core dumped) If more information is needed just let me know. I have the core dump but I was not able to find the debuginfo package for the installed Dovecot packages to extract the trace. Thanks, Laszlo -- Laszlo Toth Systems administrator Linguamatics 324 Cambridge Science Park Milton Road Cambridge CB4 0WG UK Telephone number: +44 (0)1223 651910 www.linguamatics.com From HFlor at gmx.de Fri Jun 27 11:50:13 2014 From: HFlor at gmx.de (Hardy Flor) Date: Fri, 27 Jun 2014 13:50:13 +0200 Subject: remove unreferenced files from mail_attachment_dir Message-ID: <53AD5A75.8090108@gmx.de> Hello, I restore a backup from all users (mail_location ...) the mail_attachment_dir backup was not from the same time. How can I the unreferenced files from mail_attachment_dir? Hardy From lists at wiesinger.com Sat Jun 28 05:40:31 2014 From: lists at wiesinger.com (Gerhard Wiesinger) Date: Sat, 28 Jun 2014 07:40:31 +0200 Subject: Procmail to Sieve translation Message-ID: <53AE554F.8050009@wiesinger.com> Hello, I'm trying to move from procmail to dovecot sieve. I found the translation script at http://www.dovecot.org/tools/procmail2sieve.pl It works well except the following use cases: * ^From:.*myemail at mydomain.com.* | formail -I"X-Priority: 2 (high)" -I"X-mydomain-com-seen: yes" | $SENDMAIL -oi \ myemail at mydomain2.com \ myemail at mydomain3.com :0c * ^From:.*myemail at mydomain.com.* ! +1123456789 at mysmsprovider.com :0c * ^(To|Cc|Bcc):.*myemail at mydomain.com.* ! myemail at mydomain2.com myemail at mydomain3.com Is there a possibility to support these use cases (can be done manually)? How does forwarding to another domain work at the deliver process? :copy seems not to be supported, right? Thank you. Ciao, Gerhard From 7wangsong at gmail.com Sat Jun 28 11:40:13 2014 From: 7wangsong at gmail.com (Charlot W) Date: Sat, 28 Jun 2014 19:40:13 +0800 Subject: change dovecot mbox localtion Message-ID: hi, i use: dovecot 1.2.7, sendmail and unbuntu to serve my mail service. recent my disk space is not enough, so i want to mange my mail in two ways: *1. change the mail location:* i use: mail_location = mbox:/var/mail:INBOX=/var/mail/%u when i changed it to mail_location = mbox:/home/mail:INBOX=/home/mail/%u but the mail still write to the old path *2. limit the mail file size* i want the mail file reduce when it reach to 100MB how can i config dovecot/sendmail to do in last 2 ways? thank you all:) From jerry at seibercom.net Sat Jun 28 12:19:49 2014 From: jerry at seibercom.net (Jerry) Date: Sat, 28 Jun 2014 08:19:49 -0400 Subject: Dovecot virtual and SASL with Postfix Message-ID: <20140628081949.55da5404@scorpio> This is my first attempt to set up virtual users and sasl with Postfix. Can I use a regular password file in this format: user:{plain}password user2:{plain}password2 or do I need to use a different format? I have been trying to find an example of a virtual user SASL file, but without any luck. I suck at Googling too. All of the mail will be delivered to :/var/mail/vmail// -- Jerry From ad+lists at uni-x.org Sat Jun 28 12:30:31 2014 From: ad+lists at uni-x.org (Alexander Dalloz) Date: Sat, 28 Jun 2014 14:30:31 +0200 Subject: Dovecot virtual and SASL with Postfix In-Reply-To: <20140628081949.55da5404@scorpio> References: <20140628081949.55da5404@scorpio> Message-ID: <53AEB567.1050709@uni-x.org> Am 28.06.2014 14:19, schrieb Jerry: > This is my first attempt to set up virtual users and sasl with Postfix. > > Can I use a regular password file in this format: > > user:{plain}password > user2:{plain}password2 > > or do I need to use a different format? I have been trying to find an example > of a virtual user SASL file, but without any luck. I suck at Googling too. > > All of the mail will be delivered to :/var/mail/vmail// http://wiki2.dovecot.org/AuthDatabase/PasswdFile Alexander From d.parthey at metaways.de Sat Jun 28 12:33:23 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Sat, 28 Jun 2014 14:33:23 +0200 Subject: Procmail to Sieve translation In-Reply-To: <53AE554F.8050009@wiesinger.com> References: <53AE554F.8050009@wiesinger.com> Message-ID: <53AEB613.2050203@metaways.de> Hi Gerhard, Am 28.06.2014 07:40, schrieb Gerhard Wiesinger: > I'm trying to move from procmail to dovecot sieve. > > How does forwarding to another domain work at the deliver process? > > :copy seems not to be supported, right? http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples#Mail_filtering_by_various_headers if header :contains "subject" ["order", "buy"] { redirect "recipient at example.org"; } Dovecot/Pigeonhole simply uses the sendmail executable or SMTP to reinject the redirected/forwarded mail: See Dovecot Options * sendmail_path (to send mail via pipe) * submission_host (to send mail via smtp) Regards Daniel -- Dipl.-Inf. Daniel Parthey System Engineer Metaways Infosystems GmbH Pickhuben 2, D-20457 Hamburg E-Mail: d.parthey at metaways.de Web: http://www.metaways.de Tel: +49 (0)40 317031-537 Fax: +49 (0)40 317031-937 Metaways Infosystems GmbH - Sitz: D-22967 Tremsb?ttel Handelsregister: Amtsgericht L?beck HRB 4508 AH Gesch?ftsf?hrung: Hermann Thaele, L?der-H.Thaele From d.parthey at metaways.de Sat Jun 28 12:39:52 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Sat, 28 Jun 2014 14:39:52 +0200 Subject: Procmail to Sieve translation In-Reply-To: <53AE554F.8050009@wiesinger.com> References: <53AE554F.8050009@wiesinger.com> Message-ID: <53AEB798.4010008@metaways.de> Am 28.06.2014 07:40, schrieb Gerhard Wiesinger: > :copy seems not to be supported, right? Copy is supported, you just need to require the extension in your SIEVE script like this: require ["copy"]; For a complete list of supported extensions please take a look at: http://wiki2.dovecot.org/Pigeonhole/Sieve Regards Daniel -- Dipl.-Inf. Daniel Parthey System Engineer Metaways Infosystems GmbH Pickhuben 2, D-20457 Hamburg E-Mail: d.parthey at metaways.de Web: http://www.metaways.de Tel: +49 (0)40 317031-537 Fax: +49 (0)40 317031-937 Metaways Infosystems GmbH - Sitz: D-22967 Tremsb?ttel Handelsregister: Amtsgericht L?beck HRB 4508 AH Gesch?ftsf?hrung: Hermann Thaele, L?der-H.Thaele From jerry at seibercom.net Sat Jun 28 13:03:44 2014 From: jerry at seibercom.net (Jerry) Date: Sat, 28 Jun 2014 09:03:44 -0400 Subject: Dovecot virtual and SASL with Postfix In-Reply-To: <53AEB567.1050709@uni-x.org> References: <20140628081949.55da5404@scorpio> <53AEB567.1050709@uni-x.org> Message-ID: <20140628090344.136639f4@scorpio> On Sat, 28 Jun 2014 14:30:31 +0200, Alexander Dalloz stated: > Am 28.06.2014 14:19, schrieb Jerry: > > This is my first attempt to set up virtual users and sasl with Postfix. > > > > Can I use a regular password file in this format: > > > > user:{plain}password > > user2:{plain}password2 > > > > or do I need to use a different format? I have been trying to find an > > example of a virtual user SASL file, but without any luck. I suck at > > Googling too. > > > > All of the mail will be delivered to :/var/mail/vmail// > > http://wiki2.dovecot.org/AuthDatabase/PasswdFile Okay, bear with me now. I assume I should be using a file in this format: user:{plain}pass:1000:1000::/home/user::userdb_mail=maildir:~/Maildir user2:{plain}pass2:1001:1001::/home/user2 Since all of the mail is going to be delivered as I showed above, how do I configure the line? user:{PLAIN}secret:1002:1002:::::userdb_mail=maildir:/var/mail/vmail/%d/%u The virtual user "vmail" is 1002:1002 on my system. -- Jerry From lists at wiesinger.com Sat Jun 28 13:48:39 2014 From: lists at wiesinger.com (Gerhard Wiesinger) Date: Sat, 28 Jun 2014 15:48:39 +0200 Subject: Procmail to Sieve translation In-Reply-To: <53AEB613.2050203@metaways.de> References: <53AE554F.8050009@wiesinger.com> <53AEB613.2050203@metaways.de> Message-ID: <53AEC7B7.50802@wiesinger.com> On 28.06.2014 14:33, Daniel Parthey wrote: > Hi Gerhard, > > Am 28.06.2014 07:40, schrieb Gerhard Wiesinger: >> I'm trying to move from procmail to dovecot sieve. >> >> How does forwarding to another domain work at the deliver process? >> >> :copy seems not to be supported, right? > > http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples#Mail_filtering_by_various_headers > > > if header :contains "subject" ["order", "buy"] { > redirect "recipient at example.org"; > } > > Dovecot/Pigeonhole simply uses the sendmail executable or SMTP to > reinject the redirected/forwarded mail: > > See Dovecot Options > * sendmail_path (to send mail via pipe) > * submission_host (to send mail via smtp) Thank you. As I'm new to sieve can someone verify the example translations? ################################################################################################################################################################ * ^From:.*myemail at mydomain.com.* | formail -I"X-Priority: 2 (high)" -I"X-mydomain-com-seen: yes" | $SENDMAIL -oi \ myemail at mydomain2.com \ myemail at mydomain3.com ################################################################################ # http://www.emaildiscussions.com/showthread.php?t=57138 # http://tools.ietf.org/html/rfc5293 if header :contains ["from"] ["myemail at mydomain.com"] { addheader "X-Priority" "2 (high)"; addheader "X-mydomain-com-seen" "yes"; redirect :copy "myemail at mydomain2.com"; redirect "myemail at mydomain3.com"; } ################################################################################################################################################################ :0c * ^From:.*myemail at mydomain.com.* ! +1123456789 at mysmsprovider.com ################################################################################ if header :contains ["from"] ["myemail at mydomain.com"] { redirect "+1123456789 at mysmsprovider.com"; } ################################################################################################################################################################ :0c * ^(To|Cc|Bcc):.*myemail at mydomain.com.* ! myemail at mydomain2.com myemail at mydomain3.com ################################################################################ if envelope :detail :contains ["to", "cc", "bcc"] "myemail at mydomain.com" { redirect :copy "myemail at mydomain2.com"; redirect "myemail at mydomain3.com"; } ################################################################################################################################################################ Thank you. Ciao, Gerhard -- http://www.wiesinger.com/ From aellert at numeezy.com Sat Jun 28 15:54:36 2014 From: aellert at numeezy.com (Alexandre Ellert) Date: Sat, 28 Jun 2014 17:54:36 +0200 Subject: postfix alias and dovecot quota Message-ID: <5068E3FB-381B-4EDA-B40A-6D8943D797F9@numeezy.com> Hello, Can someone tell me if it?s possible to configure dovecot to answer quota information about real mailbox when I query a postfix alias mailbox (this information is actually in a mysql database) ? Example : doveadm quota get - u alias at domain.com doveadm(alias at domain.com): Fatal: User doesn't exist doveadm quota get - u realmailbox at domain.com Quota name Type Value Limit % user STORAGE 2048853 2048000 100 user MESSAGE 6783 - 0 I?d like to have this result : doveadm quota get - u alias at domain.com Quota name Type Value Limit % user STORAGE 2048853 2048000 100 user MESSAGE 6783 - 0 doveadm quota get - u realmailbox at domain.com Quota name Type Value Limit % user STORAGE 2048853 2048000 100 user MESSAGE 6783 - 0 Thanks for your help. Alexandre. From deano-dovecot at areyes.com Sat Jun 28 22:09:36 2014 From: deano-dovecot at areyes.com (deano-dovecot at areyes.com) Date: Sat, 28 Jun 2014 18:09:36 -0400 Subject: Any issues with dsync between 2.1.7 and 2.2.9 =?UTF-8?Q?=3F?= Message-ID: <953572c6a7cbe8a97ec47b6deef380ac@areyes.com> My current production system is running dovecot 2.1.7-7ubuntu1 on Ubuntu 13.04, and I'm building a new setup based on Ubuntu 14.04 with dovecot 2.2.9-1ubuntu2.1 - current standard in the repos. I'd like to use replication to get the mailstore from the old system to the new. Are there any caveats or gotchas to be aware of ? Is it possible to make it a one-way replication ? So problems or glitches on the new setup don't propagate to the old production ? Thanks - D. From nick.z.edwards at gmail.com Sun Jun 29 04:24:18 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Sun, 29 Jun 2014 14:24:18 +1000 Subject: postfix alias and dovecot quota In-Reply-To: <5068E3FB-381B-4EDA-B40A-6D8943D797F9@numeezy.com> References: <5068E3FB-381B-4EDA-B40A-6D8943D797F9@numeezy.com> Message-ID: it is the job of postfix to do this, aliases are just that, aliases of the real mail account, they do not exist in real storage, else, they would not be aliaes. On 6/29/14, Alexandre Ellert wrote: > Hello, > > Can someone tell me if it's possible to configure dovecot to answer quota > information about real mailbox when I query a postfix alias mailbox (this > information is actually in a mysql database) ? > > Example : > > doveadm quota get - u alias at domain.com > doveadm(alias at domain.com): Fatal: User doesn't exist > > doveadm quota get - u realmailbox at domain.com > Quota name Type Value Limit > % > user STORAGE 2048853 2048000 > 100 > user MESSAGE 6783 - > 0 > > I'd like to have this result : > doveadm quota get - u alias at domain.com > Quota name Type Value Limit > % > user STORAGE 2048853 2048000 > 100 > user MESSAGE 6783 - > 0 > > doveadm quota get - u realmailbox at domain.com > Quota name Type Value Limit > % > user STORAGE 2048853 2048000 > 100 > user MESSAGE 6783 - > 0 > > Thanks for your help. > > Alexandre. From lists at wiesinger.com Sun Jun 29 05:53:14 2014 From: lists at wiesinger.com (Gerhard Wiesinger) Date: Sun, 29 Jun 2014 07:53:14 +0200 Subject: Dovecot and remote SASL Client via TLS Message-ID: <53AFA9CA.6010103@wiesinger.com> Hello, Is it possible to configure Dovecot as SASL client for central authentication (also remotely via TCP/TLS)? Following use case: IMAP server (host 1) <=> Windows Domain Controller and /etc/shadow authenticator via pam (host2) Should work as: IMAP server (host 1) <=> SASL Client via TLS <=> Network <=> SASL Server via TLS <=> Local SASL via pam <=> Windows Domain Controller and /etc/shadow authenticator via pam (host2) Thank you. Ciao, Gerhard -- http://www.wiesinger.com/ From aellert at numeezy.com Sun Jun 29 08:06:58 2014 From: aellert at numeezy.com (Alexandre Ellert) Date: Sun, 29 Jun 2014 10:06:58 +0200 Subject: postfix alias and dovecot quota In-Reply-To: References: <5068E3FB-381B-4EDA-B40A-6D8943D797F9@numeezy.com> Message-ID: Le 29 juin 2014 ? 06:24, Nick Edwards a ?crit : > it is the job of postfix to do this, aliases are just that, aliases of > the real mail account, they do not exist in real storage, else, they > would not be alias. The problem i?m trying to solve is about dovecot capability to serve quota status via Postfix policy server protocol. It works fine when the destination address is a real mailbox, but if it?s a Postfix alias, then the email is not rejected because dovecot doesn?t know this user. Maybe it?s a wrong idea to try to make Postfix alias visible to dovecot. Do you have another suggestion ? From jerry at seibercom.net Sun Jun 29 23:03:13 2014 From: jerry at seibercom.net (Jerry) Date: Sun, 29 Jun 2014 19:03:13 -0400 Subject: Dovecot and Postfix Message-ID: <20140629190313.56db7014@scorpio> Does this configuration look sane? I seem to have a few duplicates and I am not sure if that is a problem or not. It seems I have multiple "userdb" sections and I am not sure where they are all originating from. # 2.2.13: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-RELEASE-p3 amd64 ufs auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain log_path = /var/log/dovecot mail_location = maildir:/var/mail/vmail/seibercom/gerard managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = username_format=%u /usr/local/etc/dovecot/user/passwd driver = passwd-file } passdb { driver = pam } passdb { args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/user/passwd driver = passwd-file } plugin { sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail user = vmail } } ssl_cert = References: <20140629190313.56db7014@scorpio> Message-ID: <53B1141A.2080909@dimejo.at> Am 30.06.2014 01:03, schrieb Jerry: > Does this configuration look sane? I seem to have a few duplicates and I am > not sure if that is a problem or not. It seems I have multiple "userdb" > sections and I am not sure where they are all originating from. > > # 2.2.13: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 10.0-RELEASE-p3 amd64 ufs > auth_debug_passwords = yes > auth_mechanisms = plain login > auth_verbose = yes > auth_verbose_passwords = plain > log_path = /var/log/dovecot > mail_location = maildir:/var/mail/vmail/seibercom/gerard > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = username_format=%u /usr/local/etc/dovecot/user/passwd > driver = passwd-file > } > passdb { > driver = pam > } > passdb { > args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/user/passwd > driver = passwd-file > } > plugin { > sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vmail > user = vmail > } > } > ssl_cert = ssl_key = userdb { > args = username_format=%u /usr/local/etc/dovecot/user/passwd > default_fields = uid=vmail gid=vmail > driver = passwd-file > } > userdb { > driver = passwd > } > userdb { > args = username_format=%u /usr/local/etc/dovecot/user/passwd > driver = passwd-file > } > protocol lda { > mail_plugins = " sieve" > } You probably have included more than 1 auth file. Check the bottom of /etc/dovecot/conf.d/10-auth.conf (or whatever that corresponds to on FreeBSD). Your configuration does not specify any protocol to enable. -- Alex JOST From jerry at seibercom.net Mon Jun 30 08:51:46 2014 From: jerry at seibercom.net (Jerry) Date: Mon, 30 Jun 2014 04:51:46 -0400 Subject: Dovecot and Postfix In-Reply-To: <53B1141A.2080909@dimejo.at> References: <20140629190313.56db7014@scorpio> <53B1141A.2080909@dimejo.at> Message-ID: <20140630045146.6bef79f6@scorpio> On Mon, 30 Jun 2014 09:39:06 +0200, Alex JOST stated: > Am 30.06.2014 01:03, schrieb Jerry: > > Does this configuration look sane? I seem to have a few duplicates and I > > am not sure if that is a problem or not. It seems I have multiple "userdb" > > sections and I am not sure where they are all originating from. > > > > # 2.2.13: /usr/local/etc/dovecot/dovecot.conf > > # OS: FreeBSD 10.0-RELEASE-p3 amd64 ufs > > auth_debug_passwords = yes > > auth_mechanisms = plain login > > auth_verbose = yes > > auth_verbose_passwords = plain > > log_path = /var/log/dovecot > > mail_location = maildir:/var/mail/vmail/seibercom/gerard > > managesieve_notify_capability = mailto > > managesieve_sieve_capability = fileinto reject envelope encoded-character > > vacation subaddress comparator-i;ascii-numeric relational regex > > imap4flags copy include variables body enotify environment mailbox date > > ihave duplicate namespace inbox { inbox = yes location = > > mailbox Drafts { > > special_use = \Drafts > > } > > mailbox Junk { > > special_use = \Junk > > } > > mailbox Sent { > > special_use = \Sent > > } > > mailbox "Sent Messages" { > > special_use = \Sent > > } > > mailbox Trash { > > special_use = \Trash > > } > > prefix = > > } > > passdb { > > args = username_format=%u /usr/local/etc/dovecot/user/passwd > > driver = passwd-file > > } > > passdb { > > driver = pam > > } > > passdb { > > args = scheme=CRYPT > > username_format=%u /usr/local/etc/dovecot/user/passwd driver = passwd-file > > } > > plugin { > > sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve > > } > > service auth { > > unix_listener /var/spool/postfix/private/auth { > > group = postfix > > mode = 0660 > > user = postfix > > } > > unix_listener auth-userdb { > > group = vmail > > user = vmail > > } > > } > > ssl_cert = > ssl_key = > userdb { > > args = username_format=%u /usr/local/etc/dovecot/user/passwd > > default_fields = uid=vmail gid=vmail > > driver = passwd-file > > } > > userdb { > > driver = passwd > > } > > userdb { > > args = username_format=%u /usr/local/etc/dovecot/user/passwd > > driver = passwd-file > > } > > protocol lda { > > mail_plugins = " sieve" > > } > > You probably have included more than 1 auth file. Check the bottom of > /etc/dovecot/conf.d/10-auth.conf (or whatever that corresponds to on > FreeBSD). > > Your configuration does not specify any protocol to enable. At the bottom of dovecot.conf: !include conf.d/*.conf At the bottom of 10-auth.conf: #!include auth-deny.conf.ext #!include auth-master.conf.ext !include auth-system.conf.ext #!include auth-sql.conf.ext !include auth-passwdfile.conf.ext #!include auth-checkpassword.conf.ext #!include auth-vpopmail.conf.ext #!include auth-static.conf.ext Do I have to uncomment "include" files in 10-auth.conf to get them pulled in? Does't the "include" from the dovecot.conf do that? It looks like the "10-master.conf" isn't being used. -- Jerry From bind at enas.net Mon Jun 30 09:09:54 2014 From: bind at enas.net (Urban Loesch) Date: Mon, 30 Jun 2014 11:09:54 +0200 Subject: Sieve seems to break mailbody during automatic redirection Message-ID: <53B12962.2030900@enas.net> Hi, I have a strange problem with sieve. After upgrading to 2.2.13 sieve seems to break the mailbody during automatic redirection. I have the following configuration. - User A sends mail to User B. - User B has an automatic redirect to User C - User C geht the mailbody broken I did some debugging. This is a part of the mailbody which i grabbed from the mailqueue before the mail gets delivered to user B: ... Message-ID: <53B12105.2020207 at domain.net> Date: Mon, 30 Jun 2014 10:34:13 +0200 From: =?ISO-8859-15?Q?Urban_L=F6sch_Enas?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Urban Loesch Subject: testmail 5 X-Enigmail-Version: 1.6 Content-Type: multipart/mixed; boundary="------------040308070600090201000704" This is a multi-part message in MIME format. --------------040308070600090201000704 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit --------------040308070600090201000704 Content-Type: application/rtf; name="elenco_siti_inibiti.2.rtf" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="elenco_siti_inibiti.2.rtf" e1xydGYxXGFkZWZsYW5nMTAyNVxhbnNpXGFuc2ljcGcxMjUyXHVjMVxhZGVmZjBcZGVmZjBc c3RzaGZkYmNoMFxzdHNoZmxvY2gwXHN0c2hmaGljaDBcc3RzaGZiaTBcZGVmbGFuZzEwNDBc ZGVmbGFuZ2ZlMTA0MFx0aGVtZWxhbmcxMDQwXHRoZW1lbGFuZ2ZlMFx0aGVtZWxhbmdjczB7 XGZvbnR0Ymx7XGYwXGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAw MjAyMDYwMzA1MDQwNTAyMDMwNH1UaW1lcyBOZXcgUm9tYW47fQ0Ke1xmMVxmYmlkaSBcZnN3 aXNzXGZjaGFyc2V0MFxmcHJxMntcKlxwYW5vc2UgMDIwYjA2MDQwMjAyMDIwMjAyMDR9QXJp YWx7XCpcZmFsdCBBcmlhbH07fXtcZjJcZmJpZGkgXGZtb2Rlcm5cZmNoYXJzZXQwXGZwcnEx e1wqXHBhbm9zZSAwMjA3MDMwOTAyMDIwNTAyMDQwNH1Db3VyaWVyIE5ldzt9e1xmM1xmYmlk aSBcZnJvbWFuXGZjaGFyc2V0MlxmcHJxMntcKlxwYW5vc2UgMDUwNTAxMDIwMTA3MDYwMjA1 MDd9U3ltYm9sO30NCntcZjRcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDBcZnBycTJ7XCpccGFu b3NlIDAyMGIwNjA0MDIwMjAyMDIwMjA0fUhlbHZldGljYTt9e1xmNVxmYmlkaSBcZm1vZGVy blxmY2hhcnNldDBcZnBycTF7XCpccGFub3NlIDAyMDcwNDA5MDIwMjA1MDIwNDA0fUNvdXJp ZXI7fXtcZjZcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMDIw NjAzMDQwNTA1MDIwMzA0fVRtcyBSbW57XCpcZmFsdCBUaW1lcyBOZXcgUm9tYW59O30NCntc ZjdcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMGIwNjA0MDIw MjAyMDMwMjA0fUhlbHY7fXtcZjhcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7XCpc cGFub3NlIDAyMDQwNTAzMDYwNTA2MDIwMzA0fU5ldyBZb3JrO317XGY5XGZiaWRpIFxmc3dp c3NcZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAwMDAwMDAwMDAwMDAwMDAwMDAwMH1TeXN0 ZW07fQ0Ke1xmMTBcZmJpZGkgXGZuaWxcZmNoYXJzZXQyXGZwcnEye1wqXHBhbm9zZSAwNTAw MDAwMDAwMDAwMDAwMDAwMH1XaW5nZGluZ3M7fXtcZjExXGZiaWRpIFxmbW9kZXJuXGZjaGFy c2V0MTI4XGZwcnExe1wqXHBhbm9zZSAwMjAyMDYwOTA0MDIwNTA4MDMwNH1NUyBNaW5jaG97 XCpcZmFsdCA/bD9yID8/XCc4MVwnNjZjfTt9DQp7XGYxMlxmYmlkaSBcZnJvbWFuXGZjaGFy c2V0MTI5XGZwcnEye1wqXHBhbm9zZSAwMjAzMDYwMDAwMDEwMTAxMDEwMX1CYXRhbmd7XCpc ZmFsdCA/Pz8/P0U/Pz8/P0VjRT8/Pz8/RT8/Y0VjRT8/Pz8/fTt9e1xmMTNcZmJpZGkgXGZu aWxcZmNoYXJzZXQxMzRcZnBycTJ7XCpccGFub3NlIDAyMDEwNjAwMDMwMTAxMDEwMTAxfVNp bVN1bntcKlxmYWx0ID8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz99O30NCntcZjE0 XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxMzZcZnBycTJ7XCpccGFub3NlIDAyMDIwNTAwMDAw MDAwMDAwMDAwfVBNaW5nTGlVe1wqXGZhbHQgIVBzMk9jdUFlfTt9e1xmMTVcZmJpZGkgXGZt b2Rlcm5cZmNoYXJzZXQxMjhcZnBycTF7XCpccGFub3NlIDAyMGIwNjA5MDcwMjA1MDgwMjA0 fU1TIEdvdGhpY3tcKlxmYWx0ID9sP3IgP1M/Vj9iP059O30NCntcZjE2XGZiaWRpIFxmc3dp c3NcZmNoYXJzZXQxMjlcZnBycTJ7XCpccGFub3NlIDAyMGIwNjAwMDAwMTAxMDEwMTAxfURv dHVte1wqXGZhbHQgPz8/Pz9FPz9jRT8/Pz8/RWNFPz8/Pz9FPz8/Pz9FY307fXtcZjE3XGZi aWRpIFxmbW9kZXJuXGZjaGFyc2V0MTM0XGZwcnExe1wqXHBhbm9zZSAwMjAxMDYwOTA2MDEw MTAxMDEwMX1TaW1IZWl7XCpcZmFsdCBvPz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/ fTt9DQp7XGYxOFxmYmlkaSBcZm1vZGVyblxmY2hhcnNldDEzNlxmcHJxMXtcKlxwYW5vc2Ug ... Looks normal to me. Now: This is the part of the mailbody which i grabbed from the mailqueue after user B has received the mail and sieve has injectd it to the mailqueue for delivering to user C. ... Message-ID: <53B12105.2020207 at domain.net> Date: Mon, 30 Jun 2014 10:34:13 +0200 From: =?ISO-8859-15?Q?Urban_L=F6sch_Enas?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Urban Loesch Subject: testmail 5 X-Enigmail-Version: 1.6 Content-Type: multipart/mixed; boundary="------------040308070600090201000704" This is a multi-part message in MIME format.^M --------------040308070600090201000704^M Content-Type: text/plain; charset=ISO-8859-15^M Content-Transfer-Encoding: 7bit^M ^M ^M --------------040308070600090201000704^M Content-Type: application/rtf;^M name="elenco_siti_inibiti.2.rtf"^M Content-Transfer-Encoding: base64^M Content-Disposition: attachment;^M filename="elenco_siti_inibiti.2.rtf"^M ^M e1xydGYxXGFkZWZsYW5nMTAyNVxhbnNpXGFuc2ljcGcxMjUyXHVjMVxhZGVmZjBcZGVmZjBc^M c3RzaGZkYmNoMFxzdHNoZmxvY2gwXHN0c2hmaGljaDBcc3RzaGZiaTBcZGVmbGFuZzEwNDBc^M ZGVmbGFuZ2ZlMTA0MFx0aGVtZWxhbmcxMDQwXHRoZW1lbGFuZ2ZlMFx0aGVtZWxhbmdjczB7^M XGZvbnR0Ymx7XGYwXGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAw^M MjAyMDYwMzA1MDQwNTAyMDMwNH1UaW1lcyBOZXcgUm9tYW47fQ0Ke1xmMVxmYmlkaSBcZnN3^M aXNzXGZjaGFyc2V0MFxmcHJxMntcKlxwYW5vc2UgMDIwYjA2MDQwMjAyMDIwMjAyMDR9QXJp^M YWx7XCpcZmFsdCBBcmlhbH07fXtcZjJcZmJpZGkgXGZtb2Rlcm5cZmNoYXJzZXQwXGZwcnEx^M e1wqXHBhbm9zZSAwMjA3MDMwOTAyMDIwNTAyMDQwNH1Db3VyaWVyIE5ldzt9e1xmM1xmYmlk^M aSBcZnJvbWFuXGZjaGFyc2V0MlxmcHJxMntcKlxwYW5vc2UgMDUwNTAxMDIwMTA3MDYwMjA1^M MDd9U3ltYm9sO30NCntcZjRcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDBcZnBycTJ7XCpccGFu^M b3NlIDAyMGIwNjA0MDIwMjAyMDIwMjA0fUhlbHZldGljYTt9e1xmNVxmYmlkaSBcZm1vZGVy^M blxmY2hhcnNldDBcZnBycTF7XCpccGFub3NlIDAyMDcwNDA5MDIwMjA1MDIwNDA0fUNvdXJp^M ZXI7fXtcZjZcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMDIw^M NjAzMDQwNTA1MDIwMzA0fVRtcyBSbW57XCpcZmFsdCBUaW1lcyBOZXcgUm9tYW59O30NCntc^M ZjdcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMGIwNjA0MDIw^M MjAyMDMwMjA0fUhlbHY7fXtcZjhcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7XCpc^M cGFub3NlIDAyMDQwNTAzMDYwNTA2MDIwMzA0fU5ldyBZb3JrO317XGY5XGZiaWRpIFxmc3dp^M c3NcZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAwMDAwMDAwMDAwMDAwMDAwMDAwMH1TeXN0^M ZW07fQ0Ke1xmMTBcZmJpZGkgXGZuaWxcZmNoYXJzZXQyXGZwcnEye1wqXHBhbm9zZSAwNTAw^M MDAwMDAwMDAwMDAwMDAwMH1XaW5nZGluZ3M7fXtcZjExXGZiaWRpIFxmbW9kZXJuXGZjaGFy^M c2V0MTI4XGZwcnExe1wqXHBhbm9zZSAwMjAyMDYwOTA0MDIwNTA4MDMwNH1NUyBNaW5jaG97^M XCpcZmFsdCA/bD9yID8/XCc4MVwnNjZjfTt9DQp7XGYxMlxmYmlkaSBcZnJvbWFuXGZjaGFy^M c2V0MTI5XGZwcnEye1wqXHBhbm9zZSAwMjAzMDYwMDAwMDEwMTAxMDEwMX1CYXRhbmd7XCpc^M ZmFsdCA/Pz8/P0U/Pz8/P0VjRT8/Pz8/RT8/Y0VjRT8/Pz8/fTt9e1xmMTNcZmJpZGkgXGZu^M aWxcZmNoYXJzZXQxMzRcZnBycTJ7XCpccGFub3NlIDAyMDEwNjAwMDMwMTAxMDEwMTAxfVNp^M bVN1bntcKlxmYWx0ID8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz99O30NCntcZjE0^M XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxMzZcZnBycTJ7XCpccGFub3NlIDAyMDIwNTAwMDAw^M MDAwMDAwMDAwfVBNaW5nTGlVe1wqXGZhbHQgIVBzMk9jdUFlfTt9e1xmMTVcZmJpZGkgXGZt^M b2Rlcm5cZmNoYXJzZXQxMjhcZnBycTF7XCpccGFub3NlIDAyMGIwNjA5MDcwMjA1MDgwMjA0^M fU1TIEdvdGhpY3tcKlxmYWx0ID9sP3IgP1M/Vj9iP059O30NCntcZjE2XGZiaWRpIFxmc3dp^M c3NcZmNoYXJzZXQxMjlcZnBycTJ7XCpccGFub3NlIDAyMGIwNjAwMDAwMTAxMDEwMTAxfURv^M dHVte1wqXGZhbHQgPz8/Pz9FPz9jRT8/Pz8/RWNFPz8/Pz9FPz8/Pz9FY307fXtcZjE3XGZi^M aWRpIFxmbW9kZXJuXGZjaGFyc2V0MTM0XGZwcnExe1wqXHBhbm9zZSAwMjAxMDYwOTA2MDEw^M MTAxMDEwMX1TaW1IZWl7XCpcZmFsdCBvPz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/^M fTt9DQp7XGYxOFxmYmlkaSBcZm1vZGVyblxmY2hhcnNldDEzNlxmcHJxMXtcKlxwYW5vc2Ug^M MDIwMjA1MDkwMDAwMDAwMDAwMDB9TWluZ0xpVXtcKlxmYWx0IDJPY3VBZX07fXtcZjE5XGZi^M aWRpIFxmcm9tYW5cZmNoYXJzZXQxMjhcZnBycTF7XCpccGFub3NlIDAyMDIwNjA5MDQwMzA1^M MDgwMzA1fU1pbmNob3tcKlxmYWx0ID8/XCc4MVwnNjZjfTt9DQp7XGYyMFxmYmlkaSBcZnN3^M ... The part of the mail-header looks normal. But as you can see at beginning of the mailbody something inserts the strange character "^M" after each newline. According to Google this is a endline charachter from Windows. And this seems to break some clients (Eg. Lotus Notes). With dovecot version 2.1.x I don't have this problem. Have you any solution for me? Many thanks Urban Loesch From nick.z.edwards at gmail.com Mon Jun 30 10:33:07 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Mon, 30 Jun 2014 20:33:07 +1000 Subject: postfix alias and dovecot quota In-Reply-To: References: <5068E3FB-381B-4EDA-B40A-6D8943D797F9@numeezy.com> Message-ID: On 6/29/14, Alexandre Ellert wrote: > Le 29 juin 2014 ? 06:24, Nick Edwards a ?crit : > >> it is the job of postfix to do this, aliases are just that, aliases of > >> the real mail account, they do not exist in real storage, else, they >> would not be alias. > > The problem i'm trying to solve is about dovecot capability to serve quota > status via Postfix policy server protocol. > It works fine when the destination address is a real mailbox, but if it's a > Postfix alias, then the email is not rejected because dovecot doesn't know > this user. > Maybe it's a wrong idea to try to make Postfix alias visible to dovecot. > > Do you have another suggestion ? of course its wrong mail aliases are for MTA's *only* its not for dovecot (or any pop3/imap server), if postfix is not saying oh ok alias foo really goes to user bar, do we;ll check out bar's quota, status etc,, then ur postfix is foobarred somehow. From bourek at thinline.cz Mon Jun 30 11:37:26 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Mon, 30 Jun 2014 13:37:26 +0200 Subject: postfix alias and dovecot quota In-Reply-To: References: <5068E3FB-381B-4EDA-B40A-6D8943D797F9@numeezy.com> Message-ID: <53B14BF6.3000206@thinline.cz> On 30.6.2014 12:33, Nick Edwards wrote: > On 6/29/14, Alexandre Ellert wrote: >> Le 29 juin 2014 ? 06:24, Nick Edwards a ?crit : >> >>> it is the job of postfix to do this, aliases are just that, aliases of >> >>> the real mail account, they do not exist in real storage, else, they >>> would not be alias. >> >> The problem i'm trying to solve is about dovecot capability to serve quota >> status via Postfix policy server protocol. >> It works fine when the destination address is a real mailbox, but if it's a >> Postfix alias, then the email is not rejected because dovecot doesn't know >> this user. >> Maybe it's a wrong idea to try to make Postfix alias visible to dovecot. >> >> Do you have another suggestion ? > > of course its wrong > mail aliases are for MTA's *only* its not for dovecot (or any > pop3/imap server), if postfix is not saying oh ok alias foo really > goes to user bar, do we;ll check out bar's quota, status etc,, then ur > postfix is foobarred somehow. > I'm not completely sure about that. If you want to use Dovecot's quota-status to reject message during SMTP session, Postfix' smtpd process needs to do that and - to my knowledge - it's only able to pass recipient address, not the aliases involved. I was looking for a solution to this few months ago as well. In the end I created sort of policy service proxy between Postfix and Dovecot. The proxy looks up aliases in database, converts them into real users and asks Dovecot about those. Final result is then reported back to postfix/smtpd. From bind at enas.net Mon Jun 30 12:23:17 2014 From: bind at enas.net (Urban Loesch) Date: Mon, 30 Jun 2014 14:23:17 +0200 Subject: Sieve seems to break mailbody during automatic redirection In-Reply-To: <53B12962.2030900@enas.net> References: <53B12962.2030900@enas.net> Message-ID: <53B156B5.3040805@enas.net> Hi, short update. I found out that with Debian Wheezy I don't have this problem. The problem seems only to be on Debian squeeze. I have configured to use "/usr/bin/sendmail". It seems that there is some problem with the squeeze version of sendmail. The only strange thing is, that until the upgrade from Dovecot 2.1.15 to 2.2.13 it worked without any problems. I changed to "submission_host = localhost:25" in 15-lda.conf and now it works correctly. Seems better than using the sendmail binary. Many thanks Urban Loesch Am 30.06.2014 11:09, schrieb Urban Loesch: > Hi, > > I have a strange problem with sieve. > After upgrading to 2.2.13 sieve seems to break the mailbody during automatic redirection. > > I have the following configuration. > > - User A sends mail to User B. > - User B has an automatic redirect to User C > - User C geht the mailbody broken > > I did some debugging. > > > This is a part of the mailbody which i grabbed from the mailqueue before the mail gets delivered to user B: > > ... > Message-ID: <53B12105.2020207 at domain.net> > Date: Mon, 30 Jun 2014 10:34:13 +0200 > From: =?ISO-8859-15?Q?Urban_L=F6sch_Enas?= > User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 > MIME-Version: 1.0 > To: Urban Loesch > Subject: testmail 5 > X-Enigmail-Version: 1.6 > Content-Type: multipart/mixed; > boundary="------------040308070600090201000704" > > This is a multi-part message in MIME format. > --------------040308070600090201000704 > Content-Type: text/plain; charset=ISO-8859-15 > Content-Transfer-Encoding: 7bit > > > --------------040308070600090201000704 > Content-Type: application/rtf; > name="elenco_siti_inibiti.2.rtf" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="elenco_siti_inibiti.2.rtf" > > e1xydGYxXGFkZWZsYW5nMTAyNVxhbnNpXGFuc2ljcGcxMjUyXHVjMVxhZGVmZjBcZGVmZjBc > c3RzaGZkYmNoMFxzdHNoZmxvY2gwXHN0c2hmaGljaDBcc3RzaGZiaTBcZGVmbGFuZzEwNDBc > ZGVmbGFuZ2ZlMTA0MFx0aGVtZWxhbmcxMDQwXHRoZW1lbGFuZ2ZlMFx0aGVtZWxhbmdjczB7 > XGZvbnR0Ymx7XGYwXGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAw > MjAyMDYwMzA1MDQwNTAyMDMwNH1UaW1lcyBOZXcgUm9tYW47fQ0Ke1xmMVxmYmlkaSBcZnN3 > aXNzXGZjaGFyc2V0MFxmcHJxMntcKlxwYW5vc2UgMDIwYjA2MDQwMjAyMDIwMjAyMDR9QXJp > YWx7XCpcZmFsdCBBcmlhbH07fXtcZjJcZmJpZGkgXGZtb2Rlcm5cZmNoYXJzZXQwXGZwcnEx > e1wqXHBhbm9zZSAwMjA3MDMwOTAyMDIwNTAyMDQwNH1Db3VyaWVyIE5ldzt9e1xmM1xmYmlk > aSBcZnJvbWFuXGZjaGFyc2V0MlxmcHJxMntcKlxwYW5vc2UgMDUwNTAxMDIwMTA3MDYwMjA1 > MDd9U3ltYm9sO30NCntcZjRcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDBcZnBycTJ7XCpccGFu > b3NlIDAyMGIwNjA0MDIwMjAyMDIwMjA0fUhlbHZldGljYTt9e1xmNVxmYmlkaSBcZm1vZGVy > blxmY2hhcnNldDBcZnBycTF7XCpccGFub3NlIDAyMDcwNDA5MDIwMjA1MDIwNDA0fUNvdXJp > ZXI7fXtcZjZcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMDIw > NjAzMDQwNTA1MDIwMzA0fVRtcyBSbW57XCpcZmFsdCBUaW1lcyBOZXcgUm9tYW59O30NCntc > ZjdcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMGIwNjA0MDIw > MjAyMDMwMjA0fUhlbHY7fXtcZjhcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7XCpc > cGFub3NlIDAyMDQwNTAzMDYwNTA2MDIwMzA0fU5ldyBZb3JrO317XGY5XGZiaWRpIFxmc3dp > c3NcZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAwMDAwMDAwMDAwMDAwMDAwMDAwMH1TeXN0 > ZW07fQ0Ke1xmMTBcZmJpZGkgXGZuaWxcZmNoYXJzZXQyXGZwcnEye1wqXHBhbm9zZSAwNTAw > MDAwMDAwMDAwMDAwMDAwMH1XaW5nZGluZ3M7fXtcZjExXGZiaWRpIFxmbW9kZXJuXGZjaGFy > c2V0MTI4XGZwcnExe1wqXHBhbm9zZSAwMjAyMDYwOTA0MDIwNTA4MDMwNH1NUyBNaW5jaG97 > XCpcZmFsdCA/bD9yID8/XCc4MVwnNjZjfTt9DQp7XGYxMlxmYmlkaSBcZnJvbWFuXGZjaGFy > c2V0MTI5XGZwcnEye1wqXHBhbm9zZSAwMjAzMDYwMDAwMDEwMTAxMDEwMX1CYXRhbmd7XCpc > ZmFsdCA/Pz8/P0U/Pz8/P0VjRT8/Pz8/RT8/Y0VjRT8/Pz8/fTt9e1xmMTNcZmJpZGkgXGZu > aWxcZmNoYXJzZXQxMzRcZnBycTJ7XCpccGFub3NlIDAyMDEwNjAwMDMwMTAxMDEwMTAxfVNp > bVN1bntcKlxmYWx0ID8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz99O30NCntcZjE0 > XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxMzZcZnBycTJ7XCpccGFub3NlIDAyMDIwNTAwMDAw > MDAwMDAwMDAwfVBNaW5nTGlVe1wqXGZhbHQgIVBzMk9jdUFlfTt9e1xmMTVcZmJpZGkgXGZt > b2Rlcm5cZmNoYXJzZXQxMjhcZnBycTF7XCpccGFub3NlIDAyMGIwNjA5MDcwMjA1MDgwMjA0 > fU1TIEdvdGhpY3tcKlxmYWx0ID9sP3IgP1M/Vj9iP059O30NCntcZjE2XGZiaWRpIFxmc3dp > c3NcZmNoYXJzZXQxMjlcZnBycTJ7XCpccGFub3NlIDAyMGIwNjAwMDAwMTAxMDEwMTAxfURv > dHVte1wqXGZhbHQgPz8/Pz9FPz9jRT8/Pz8/RWNFPz8/Pz9FPz8/Pz9FY307fXtcZjE3XGZi > aWRpIFxmbW9kZXJuXGZjaGFyc2V0MTM0XGZwcnExe1wqXHBhbm9zZSAwMjAxMDYwOTA2MDEw > MTAxMDEwMX1TaW1IZWl7XCpcZmFsdCBvPz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/ > fTt9DQp7XGYxOFxmYmlkaSBcZm1vZGVyblxmY2hhcnNldDEzNlxmcHJxMXtcKlxwYW5vc2Ug > ... > > Looks normal to me. > > Now: > This is the part of the mailbody which i grabbed from the mailqueue after user B has received the mail and sieve has injectd > it to the mailqueue for delivering to user C. > > ... > Message-ID: <53B12105.2020207 at domain.net> > Date: Mon, 30 Jun 2014 10:34:13 +0200 > From: =?ISO-8859-15?Q?Urban_L=F6sch_Enas?= > User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 > MIME-Version: 1.0 > To: Urban Loesch > Subject: testmail 5 > X-Enigmail-Version: 1.6 > Content-Type: multipart/mixed; > boundary="------------040308070600090201000704" > > This is a multi-part message in MIME format.^M > --------------040308070600090201000704^M > Content-Type: text/plain; charset=ISO-8859-15^M > Content-Transfer-Encoding: 7bit^M > ^M > ^M > --------------040308070600090201000704^M > Content-Type: application/rtf;^M > name="elenco_siti_inibiti.2.rtf"^M > Content-Transfer-Encoding: base64^M > Content-Disposition: attachment;^M > filename="elenco_siti_inibiti.2.rtf"^M > ^M > e1xydGYxXGFkZWZsYW5nMTAyNVxhbnNpXGFuc2ljcGcxMjUyXHVjMVxhZGVmZjBcZGVmZjBc^M > c3RzaGZkYmNoMFxzdHNoZmxvY2gwXHN0c2hmaGljaDBcc3RzaGZiaTBcZGVmbGFuZzEwNDBc^M > ZGVmbGFuZ2ZlMTA0MFx0aGVtZWxhbmcxMDQwXHRoZW1lbGFuZ2ZlMFx0aGVtZWxhbmdjczB7^M > XGZvbnR0Ymx7XGYwXGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAw^M > MjAyMDYwMzA1MDQwNTAyMDMwNH1UaW1lcyBOZXcgUm9tYW47fQ0Ke1xmMVxmYmlkaSBcZnN3^M > aXNzXGZjaGFyc2V0MFxmcHJxMntcKlxwYW5vc2UgMDIwYjA2MDQwMjAyMDIwMjAyMDR9QXJp^M > YWx7XCpcZmFsdCBBcmlhbH07fXtcZjJcZmJpZGkgXGZtb2Rlcm5cZmNoYXJzZXQwXGZwcnEx^M > e1wqXHBhbm9zZSAwMjA3MDMwOTAyMDIwNTAyMDQwNH1Db3VyaWVyIE5ldzt9e1xmM1xmYmlk^M > aSBcZnJvbWFuXGZjaGFyc2V0MlxmcHJxMntcKlxwYW5vc2UgMDUwNTAxMDIwMTA3MDYwMjA1^M > MDd9U3ltYm9sO30NCntcZjRcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDBcZnBycTJ7XCpccGFu^M > b3NlIDAyMGIwNjA0MDIwMjAyMDIwMjA0fUhlbHZldGljYTt9e1xmNVxmYmlkaSBcZm1vZGVy^M > blxmY2hhcnNldDBcZnBycTF7XCpccGFub3NlIDAyMDcwNDA5MDIwMjA1MDIwNDA0fUNvdXJp^M > ZXI7fXtcZjZcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMDIw^M > NjAzMDQwNTA1MDIwMzA0fVRtcyBSbW57XCpcZmFsdCBUaW1lcyBOZXcgUm9tYW59O30NCntc^M > ZjdcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMGIwNjA0MDIw^M > MjAyMDMwMjA0fUhlbHY7fXtcZjhcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7XCpc^M > cGFub3NlIDAyMDQwNTAzMDYwNTA2MDIwMzA0fU5ldyBZb3JrO317XGY5XGZiaWRpIFxmc3dp^M > c3NcZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAwMDAwMDAwMDAwMDAwMDAwMDAwMH1TeXN0^M > ZW07fQ0Ke1xmMTBcZmJpZGkgXGZuaWxcZmNoYXJzZXQyXGZwcnEye1wqXHBhbm9zZSAwNTAw^M > MDAwMDAwMDAwMDAwMDAwMH1XaW5nZGluZ3M7fXtcZjExXGZiaWRpIFxmbW9kZXJuXGZjaGFy^M > c2V0MTI4XGZwcnExe1wqXHBhbm9zZSAwMjAyMDYwOTA0MDIwNTA4MDMwNH1NUyBNaW5jaG97^M > XCpcZmFsdCA/bD9yID8/XCc4MVwnNjZjfTt9DQp7XGYxMlxmYmlkaSBcZnJvbWFuXGZjaGFy^M > c2V0MTI5XGZwcnEye1wqXHBhbm9zZSAwMjAzMDYwMDAwMDEwMTAxMDEwMX1CYXRhbmd7XCpc^M > ZmFsdCA/Pz8/P0U/Pz8/P0VjRT8/Pz8/RT8/Y0VjRT8/Pz8/fTt9e1xmMTNcZmJpZGkgXGZu^M > aWxcZmNoYXJzZXQxMzRcZnBycTJ7XCpccGFub3NlIDAyMDEwNjAwMDMwMTAxMDEwMTAxfVNp^M > bVN1bntcKlxmYWx0ID8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz99O30NCntcZjE0^M > XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxMzZcZnBycTJ7XCpccGFub3NlIDAyMDIwNTAwMDAw^M > MDAwMDAwMDAwfVBNaW5nTGlVe1wqXGZhbHQgIVBzMk9jdUFlfTt9e1xmMTVcZmJpZGkgXGZt^M > b2Rlcm5cZmNoYXJzZXQxMjhcZnBycTF7XCpccGFub3NlIDAyMGIwNjA5MDcwMjA1MDgwMjA0^M > fU1TIEdvdGhpY3tcKlxmYWx0ID9sP3IgP1M/Vj9iP059O30NCntcZjE2XGZiaWRpIFxmc3dp^M > c3NcZmNoYXJzZXQxMjlcZnBycTJ7XCpccGFub3NlIDAyMGIwNjAwMDAwMTAxMDEwMTAxfURv^M > dHVte1wqXGZhbHQgPz8/Pz9FPz9jRT8/Pz8/RWNFPz8/Pz9FPz8/Pz9FY307fXtcZjE3XGZi^M > aWRpIFxmbW9kZXJuXGZjaGFyc2V0MTM0XGZwcnExe1wqXHBhbm9zZSAwMjAxMDYwOTA2MDEw^M > MTAxMDEwMX1TaW1IZWl7XCpcZmFsdCBvPz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/^M > fTt9DQp7XGYxOFxmYmlkaSBcZm1vZGVyblxmY2hhcnNldDEzNlxmcHJxMXtcKlxwYW5vc2Ug^M > MDIwMjA1MDkwMDAwMDAwMDAwMDB9TWluZ0xpVXtcKlxmYWx0IDJPY3VBZX07fXtcZjE5XGZi^M > aWRpIFxmcm9tYW5cZmNoYXJzZXQxMjhcZnBycTF7XCpccGFub3NlIDAyMDIwNjA5MDQwMzA1^M > MDgwMzA1fU1pbmNob3tcKlxmYWx0ID8/XCc4MVwnNjZjfTt9DQp7XGYyMFxmYmlkaSBcZnN3^M > ... > > The part of the mail-header looks normal. > > But as you can see at beginning of the mailbody something inserts the strange character "^M" > after each newline. According to Google this is a endline charachter from Windows. And this > seems to break some clients (Eg. Lotus Notes). > > With dovecot version 2.1.x I don't have this problem. > > Have you any solution for me? > > Many thanks > Urban Loesch > From jost+lists at dimejo.at Mon Jun 30 12:47:24 2014 From: jost+lists at dimejo.at (Alex JOST) Date: Mon, 30 Jun 2014 14:47:24 +0200 Subject: Dovecot and Postfix In-Reply-To: <20140630045146.6bef79f6@scorpio> References: <20140629190313.56db7014@scorpio> <53B1141A.2080909@dimejo.at> <20140630045146.6bef79f6@scorpio> Message-ID: <53B15C5C.1030009@dimejo.at> Am 30.06.2014 10:51, schrieb Jerry: > At the bottom of dovecot.conf: !include conf.d/*.conf > > At the bottom of 10-auth.conf: > #!include auth-deny.conf.ext > #!include auth-master.conf.ext > !include auth-system.conf.ext > #!include auth-sql.conf.ext > !include auth-passwdfile.conf.ext > #!include auth-checkpassword.conf.ext > #!include auth-vpopmail.conf.ext > #!include auth-static.conf.ext > > Do I have to uncomment "include" files in 10-auth.conf to get them pulled in? Yes. > Does't the "include" from the dovecot.conf do that? No. Notice the extra .ext at the end of the auth files. That's why they are not matched by !include conf.d/*.conf > It looks like the "10-master.conf" isn't being used. Why do you think so? -- Alex JOST From dave.gattis at suhner.com Mon Jun 30 12:47:26 2014 From: dave.gattis at suhner.com (Dave Gattis) Date: Mon, 30 Jun 2014 08:47:26 -0400 Subject: unsubscribe Message-ID: <000c01cf9461$72357bc0$56a07340$@suhner.com> Dave Gattis Suhner Manufacturing, Inc. IT Manager 43 Anderson Rd SW Rome, GA 30161 Phone: 706-314-2943 Fax: 706-235-8045 dave.gattis at suhner.com www.suhner.com Description: Description: Description: suhner_100_logo_standard NOTE: This message and all attachments should be considered confidential and proprietary to Suhner Manufacturing Inc and are intended only for the individual or company to whom addressed, and only for the purpose stated or intended. Any other viewing, copying, distribution or other use of this information is prohibited. If you received this message in error, please immediately notify the sender and then delete. -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 3022 bytes Desc: not available URL: From nathan at schultheiss.fr Mon Jun 30 13:01:55 2014 From: nathan at schultheiss.fr (Nathan Schultheiss) Date: Mon, 30 Jun 2014 15:01:55 +0200 (CEST) Subject: postfix alias and dovecot quota In-Reply-To: <53B14BF6.3000206@thinline.cz> References: <5068E3FB-381B-4EDA-B40A-6D8943D797F9@numeezy.com> <53B14BF6.3000206@thinline.cz> Message-ID: <1213763824.82208.1404133315647.JavaMail.zimbra@schultheiss.fr> I've the same problem. Dovecot can reply REJECT when Postfix ask for know the quota of the real user. But if the email it's alias, Dovecot does not know the email and reply DUNNO, but when the mail must be delivred by the LDA, Dovecot reject because the user it's over quota. I search since several weeks how to fix that and for postfix ask the quota-service with the real user email and not the alias. Because Postfix know the real user email because it's search it on the first time before ask Dovecot... I don't understand that postfix can't have a feature for check the quota-service with the real user email and not the alias... It's possible that I was wrong and not really understand the Postfix doku (that's really possible). If anobody have one idea that would be great, because I'm really lost, and I think i'm not alone :) Bests Regards, Nathan ----- Mail original ----- De: "Jiri Bourek" ?: dovecot at dovecot.org Envoy?: Lundi 30 Juin 2014 13:37:26 Objet: Re: postfix alias and dovecot quota On 30.6.2014 12:33, Nick Edwards wrote: > On 6/29/14, Alexandre Ellert wrote: >> Le 29 juin 2014 ? 06:24, Nick Edwards a ?crit : >> >>> it is the job of postfix to do this, aliases are just that, aliases of >> >>> the real mail account, they do not exist in real storage, else, they >>> would not be alias. >> >> The problem i'm trying to solve is about dovecot capability to serve quota >> status via Postfix policy server protocol. >> It works fine when the destination address is a real mailbox, but if it's a >> Postfix alias, then the email is not rejected because dovecot doesn't know >> this user. >> Maybe it's a wrong idea to try to make Postfix alias visible to dovecot. >> >> Do you have another suggestion ? > > of course its wrong > mail aliases are for MTA's *only* its not for dovecot (or any > pop3/imap server), if postfix is not saying oh ok alias foo really > goes to user bar, do we;ll check out bar's quota, status etc,, then ur > postfix is foobarred somehow. > I'm not completely sure about that. If you want to use Dovecot's quota-status to reject message during SMTP session, Postfix' smtpd process needs to do that and - to my knowledge - it's only able to pass recipient address, not the aliases involved. I was looking for a solution to this few months ago as well. In the end I created sort of policy service proxy between Postfix and Dovecot. The proxy looks up aliases in database, converts them into real users and asks Dovecot about those. Final result is then reported back to postfix/smtpd. From jerry at seibercom.net Mon Jun 30 13:16:23 2014 From: jerry at seibercom.net (Jerry) Date: Mon, 30 Jun 2014 09:16:23 -0400 Subject: Dovecot and Postfix In-Reply-To: <53B15C5C.1030009@dimejo.at> References: <20140629190313.56db7014@scorpio> <53B1141A.2080909@dimejo.at> <20140630045146.6bef79f6@scorpio> <53B15C5C.1030009@dimejo.at> Message-ID: <20140630091623.511800df@scorpio> On Mon, 30 Jun 2014 14:47:24 +0200, Alex JOST stated: > Am 30.06.2014 10:51, schrieb Jerry: > > At the bottom of dovecot.conf: !include conf.d/*.conf > > > > At the bottom of 10-auth.conf: > > #!include auth-deny.conf.ext > > #!include auth-master.conf.ext > > !include auth-system.conf.ext > > #!include auth-sql.conf.ext > > !include auth-passwdfile.conf.ext > > #!include auth-checkpassword.conf.ext > > #!include auth-vpopmail.conf.ext > > #!include auth-static.conf.ext > > > > Do I have to uncomment "include" files in 10-auth.conf to get them pulled > > in? > > Yes. > > > Does't the "include" from the dovecot.conf do that? > > No. Notice the extra .ext at the end of the auth files. That's why they > are not matched by !include conf.d/*.conf Yes, I see that now. A note in the file making that crystal clear might not be such a bad idea though. -- Jerry From h.reindl at thelounge.net Mon Jun 30 13:30:46 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 30 Jun 2014 15:30:46 +0200 Subject: unsubscribe In-Reply-To: <000c01cf9461$72357bc0$56a07340$@suhner.com> References: <000c01cf9461$72357bc0$56a07340$@suhner.com> Message-ID: <53B16686.3060409@thelounge.net> who did subscribe you? ask the same person to unsubsribe..... the samme for any othe rmailing-list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From mailinglists at easy-mail.it Mon Jun 30 13:34:53 2014 From: mailinglists at easy-mail.it (Francesco) Date: Mon, 30 Jun 2014 15:34:53 +0200 Subject: i need a little advice with dovecot master user Message-ID: <1404135293.3677.35.camel@secoges-laptop> Hello, As a step to migrate to a newer version of dovecot, i've been asked to configure a master user for logging in into mailboxes of a dovecot 1.2. I've followed the instructions from this page: http://wiki1.dovecot.org/Authentication/MasterUsers but appearently something is going wrong. I've turned on the auth verbose and what i get in the log is: 2014-06-30 15:25:03 auth(default): Info: passdb(administrator,127.0.0.1,master): Master user logging in as user at domain.tld but the output from a telnet session says: Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=LOGIN AUTH=PLAIN] server ready. a1 login user at domain.tld*administrator a1 NO [AUTHORIZATIONFAILED] Authorization failed what i noticed is that if i type a wrong password i get an AUTHENTICATIONFAILED, which, to me, sounds different from authorization. what am i doing wrong? here is the auth configuration: ____________________________________ auth_master_user_separator=* auth default { mechanisms = login plain passdb sql { args = /etc/dovecot/dovecot-sql.conf } passdb passwd-file { args = /etc/dovecot/passwd.masterusers master = yes pass = yes } userdb sql { args = /etc/dovecot/dovecot-sql.conf } userdb static { args = uid=65000 gid=65000 mail=maildir:/var/utenti/ADS/%Lu/Maildir } passdb pam { } user = root socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } } ____________________________________ From list at grootstyr.eu Mon Jun 30 14:59:33 2014 From: list at grootstyr.eu (Matthijs de Groot) Date: Mon, 30 Jun 2014 16:59:33 +0200 Subject: postfix alias and dovecot quota In-Reply-To: <1213763824.82208.1404133315647.JavaMail.zimbra@schultheiss.fr> References: <5068E3FB-381B-4EDA-B40A-6D8943D797F9@numeezy.com> <53B14BF6.3000206@thinline.cz> <1213763824.82208.1404133315647.JavaMail.zimbra@schultheiss.fr> Message-ID: > On 30 Jun 2014, at 15:01, Nathan Schultheiss wrote: > > ... > > I search since several weeks how to fix that and for postfix ask the quota-service with the real user email and not the alias. > Because Postfix know the real user email because it's search it on the first time before ask Dovecot... > > I don't understand that postfix can't have a feature for check the quota-service with the real user email and not the alias... > > It's possible that I was wrong and not really understand the Postfix doku (that's really possible). > You?re not: http://www.postfix.org/SMTPD_POLICY_README.html#protocol > If anobody have one idea that would be great, because I'm really lost, and I think i'm not alone :) One idea is to use the same data source for the userdb of postfix and dovecot. Mail alias data that postfix uses would then also become available for dovecot. Dovecot would then be able to correctly resolve mail aliases to users and provide useful quota information about the mailbox. From uothrawn at yahoo.com Mon Jun 30 16:47:48 2014 From: uothrawn at yahoo.com (G H) Date: Mon, 30 Jun 2014 09:47:48 -0700 Subject: Login failure with SElinux enforcing + Sqlite user DB Message-ID: <1404146868.71195.YahooMailNeo@web161405.mail.bf1.yahoo.com> I am having a very strange issue with Dovecot + Sqlite + SELinux in enforcing. I am able to log in via IMAPS if SELinux is in permissive, but not able to do so when in enforcing. I do not see any SELinux denials even with dontaudit's enabled. I am running Centos 5 on x86_64 with a customized kernel build and SElinux Strict policy. The log dumps below are in the following order:? 1. My syslog output when SElinux is enforcing 2. My mail client's protocol log (using Sylpheed) 3. My syslog output when SElinux is permissive. From the audit log, syscall 2 (from the message "type=SYSCALL ... syscall=2 success=no" appears to be sys_open for x86_64 architectures. syscall 87 is sys_unlink. Why is my mail client getting a SQL error message even though dovecot's auth log reported login success? Is this a sqlite problem instead of a dovecot one? FYI, I am using dovecot-2.2.10 (from ATrpms.net) and sqlite-3.3.6-7 There appears to be several options related to the temporary store on sqlite's documentation, the solution may be to use memory (instead of files) for temporary tables... dovecot: auth-worker(29695): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so dovecot: auth-worker(29695): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so dovecot: auth-worker(29695): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so dovecot: auth-worker(29695): Debug: sql(mailadmin,10.0.77.80): query: SELECT password FROM users WHERE username = 'mailadmin' dovecot: auth: Debug: client passdb out: OK 1 user=mailadmin dovecot: auth: Debug: master in: REQUEST 3487432705 29692 1 17d4d0374be5dec51ce20917470caed8 session_pid=29696 request_auth_token dovecot: auth-worker(29695): Debug: sql(mailadmin,10.0.77.80): SELECT username FROM users WHERE username = 'mailadmin' AND view_mail = 't' AND 'imap' = 'imap' dovecot: auth: Debug: master userdb out: USER 3487432705 mailadmin uid=97 gid=12 home=/var/mail/mailadmin auth_token=e0d0ed3080574ab089f1a5302d43110ffa15ec42 dovecot: imap-login: Login: user=, method=PLAIN, rip=10.0.77.80, lip=10.0.78.223, mpid=29696, TLS, session=<0C+M3A/9OwCsEQFQ> audispd: node=myhost.somewhere type=SYSCALL msg=audit(1404144473.421:46298): arch=c000003e syscall=2 success=no exit=-13 a0=7fff97f77ce0 a1=c2 a2=1a4 a3=0 items=1 ppid=29697 pid=29699 auid=7033 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=108 comm="sqlite3" exe="/usr/bin/sqlite3" subj=system_u:system_r:dovecot_t:s0 key="access" audispd: node=myhost.somewhere type=CWD msg=audit(1404144473.421:46298): cwd="/var/run/dovecot" audispd: node=myhost.somewhere type=PATH msg=audit(1404144473.421:46298): item=0 name="./sqlite_ZPh8vGq4ia1CCsJ" inode=8192027 dev=fb:02 mode=040755 ouid=0 ogid=97 rdev=00:00 obj=system_u:object_r:dovecot_var_run_t:s0 audispd: node=myhost.somewhere type=EOE msg=audit(1404144473.421:46298):? audispd: node=myhost.somewhere type=SYSCALL msg=audit(1404144473.422:46299): arch=c000003e syscall=2 success=no exit=-13 a0=7fff97f77ce0 a1=c2 a2=1a4 a3=0 items=1 ppid=29697 pid=29699 auid=7033 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=108 comm="sqlite3" exe="/usr/bin/sqlite3" subj=system_u:system_r:dovecot_t:s0 key="access" audispd: node=myhost.somewhere type=CWD msg=audit(1404144473.422:46299): cwd="/var/run/dovecot" audispd: node=myhost.somewhere type=PATH msg=audit(1404144473.422:46299): item=0 name="./sqlite_9i9aIbK0rBuJWFS" inode=8192027 dev=fb:02 mode=040755 ouid=0 ogid=97 rdev=00:00 obj=system_u:object_r:dovecot_var_run_t:s0 ... REPEATED MANY TIMES ... audispd: node=myhost.somewhere type=SYSCALL msg=audit(1404145638.097:46407): arch=c000003e syscall=87 success=yes exit=0 a0=608872 a1=60aa50 a2=60e0d0 a3=0 items=2 ppid=29774 pid=29776 auid=7033 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=108 comm="sqlite3" exe="/usr/bin/sqlite3" subj=system_u:system_r:dovecot_t:s0 key="delete" audispd: node=myhost.somewhere type=CWD msg=audit(1404145638.097:46407): cwd="/var/run/dovecot" dovecot: imap(mailadmin): Debug: Effective uid=97, gid=12, home=/var/mail/mailadmin dovecot: imap(mailadmin): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:/var/mail/mailadmin dovecot: imap(mailadmin): Debug: fs: root=/var/mail/mailadmin, index=, indexpvt=, control=, inbox=, alt= audispd: node=myhost.somewhere type=PATH msg=audit(1404145638.097:46407): item=0 name="/var/lib/maildb/" inode=3735776 dev=fb:02 mode=040775 ouid=0 ogid=12 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 audispd: node=myhost.somewhere type=PATH msg=audit(1404145638.097:46407): item=1 name="/var/lib/maildb/users.db-journal" inode=3735779 dev=fb:02 mode=0100600 ouid=8 ogid=12 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 audispd: node=myhost.somewhere type=EOE msg=audit(1404145638.097:46407):? * creating IMAP4 connection to 10.0.78.223:993 ... * SSL certificate of 10.0.78.223 previously accepted [12:17:37] IMAP4< * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. [12:17:37] IMAP4> 1 CAPABILITY [12:17:37] IMAP4< * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN [12:17:37] IMAP4< 1 OK Pre-login capabilities listed, post-login capabilities have more. [12:17:37] IMAP4> 2 AUTHENTICATE PLAIN [12:17:37] IMAP4< +? [12:17:37] IMAP4> **************** [12:17:37] IMAP4< SQL error: unable to open database file ** LibSylph-WARNING: [12:17:37] IMAP4 authentication failed. dovecot: auth-worker(29747): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so dovecot: auth-worker(29747): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so dovecot: auth-worker(29747): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so dovecot: auth-worker(29747): Debug: sql(mailadmin,10.0.77.80): query: SELECT password FROM users WHERE username = 'mailadmin' dovecot: auth: Debug: client passdb out: OK 1 user=mailadmin dovecot: auth: Debug: master in: REQUEST 1811939329 29745 1 8ec504decee63fdeb7c94b1193a70872 session_pid=29748 request_auth_token dovecot: auth-worker(29747): Debug: sql(mailadmin,10.0.77.80): SELECT username FROM users WHERE username = 'mailadmin' AND view_mail = 't' AND 'imap' = 'imap' dovecot: auth: Debug: master userdb out: USER 1811939329 mailadmin uid=97 gid=12 home=/var/mail/mailadmin auth_token=2015ca3583c60fd9108a639c35c066d2613a2219 dovecot: imap-login: Login: user=, method=PLAIN, rip=10.0.77.80, lip=10.0.78.223, mpid=29748, TLS, session= audispd: node=myhost.somewhere type=SYSCALL msg=audit(1404144754.513:46369): arch=c000003e syscall=87 success=yes exit=0 a0=7fffc59431a0 a1=0 a2=7ffa4c972b40 a3=0 items=2 ppid=29749 pid=29751 auid=7033 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=108 comm="sqlite3" exe="/usr/bin/sqlite3" subj=system_u:system_r:dovecot_t:s0 key="delete" audispd: node=myhost.somewhere type=CWD msg=audit(1404144754.513:46369): cwd="/var/run/dovecot" audispd: node=myhost.somewhere type=PATH msg=audit(1404144754.513:46369): item=0 name="/var/tmp/" inode=2 dev=fb:01 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 audispd: node=myhost.somewhere type=PATH msg=audit(1404144754.513:46369): item=1 name="/var/tmp/sqlite_vxCdWSgpDUDm7VV" inode=98307 dev=fb:01 mode=0100600 ouid=8 ogid=12 rdev=00:00 obj=system_u:object_r:tmp_t:s0 audispd: node=myhost.somewhere type=EOE msg=audit(1404144754.513:46369):? audispd: node=myhost.somewhere type=SYSCALL msg=audit(1404144754.513:46370): arch=c000003e syscall=87 success=yes exit=0 a0=7fffc59431a0 a1=0 a2=7ffa4c972b40 a3=0 items=2 ppid=29749 pid=29751 auid=7033 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=108 comm="sqlite3" exe="/usr/bin/sqlite3" subj=system_u:system_r:dovecot_t:s0 key="delete" audispd: node=myhost.somewhere type=CWD msg=audit(1404144754.513:46370): cwd="/var/run/dovecot" audispd: node=myhost.somewhere type=PATH msg=audit(1404144754.513:46370): item=0 name="/var/tmp/" inode=2 dev=fb:01 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 audispd: node=myhost.somewhere type=PATH msg=audit(1404144754.513:46370): item=1 name="/var/tmp/sqlite_4h8lCyF8htbWvZb" inode=98310 dev=fb:01 mode=0100600 ouid=8 ogid=12 rdev=00:00 obj=system_u:object_r:tmp_t:s0 audispd: node=myhost.somewhere type=EOE msg=audit(1404144754.513:46370): ... REPEATED MANY TIMES ... audispd: node=myhost.somewhere type=SYSCALL msg=audit(1404144754.533:46373): arch=c000003e syscall=87 success=yes exit=0 a0=608872 a1=60aa50 a2=60e0d0 a3=0 items=2 ppid=29749 pid=29751 auid=7033 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=108 comm="sqlite3" exe="/usr/bin/sqlite3" subj=system_u:system_r:dovecot_t:s0 key="delete" audispd: node=myhost.somewhere type=CWD msg=audit(1404144754.533:46373): cwd="/var/run/dovecot" audispd: node=myhost.somewhere type=PATH msg=audit(1404144754.533:46373): item=0 name="/var/lib/maildb/" inode=3735776 dev=fb:02 mode=040775 ouid=0 ogid=12 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 audispd: node=myhost.somewhere type=PATH msg=audit(1404144754.533:46373): item=1 name="/var/lib/maildb/users.db-journal" inode=3735779 dev=fb:02 mode=0100600 ouid=8 ogid=12 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 audispd: node=myhost.somewhere type=EOE msg=audit(1404144754.533:46373):? dovecot: imap(mailadmin): Debug: Effective uid=97, gid=12, home=/var/mail/mailadmin dovecot: imap(mailadmin): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:/var/mail/mailadmin dovecot: imap(mailadmin): Debug: fs: root=/var/mail/mailadmin, index=, indexpvt=, control=, inbox=, alt= From Dovecot-mailing-list at whyaskwhy.org Mon Jun 30 22:28:37 2014 From: Dovecot-mailing-list at whyaskwhy.org (deoren) Date: Mon, 30 Jun 2014 17:28:37 -0500 Subject: Mailboxes are in Maildir format. Any good backup =?UTF-8?Q?tips=3F=20Had=20success=20with=20version=20control=3F?= Message-ID: I'm still pretty new to running a mail server, but one thing I've come to appreciate over the years is a good backup strategy. Since I have always run my own servers for practice and for personal use I don't have access to Enterprise backup solutions. Because of that I usually just fall back to scripts and tarballs and offload the content on a regular basis. Right now I'm using LVM snapshots + tarballs for daily backups, but I'd like to get better coverage for incremental changes that occur throughout the day. The size of existing content is low, but (small) changes are frequent. I went with Maildir format because based on my reading it is referred to as time tested and corruption resistant. Because individual emails are stored as separate files this also leads me to believe that a version control system (Git, SVN) would allow for easy point in time restores. I'm also going to research the GNU tar utility's support for incremental archives as that sounds promising. Suggestions and warnings are most welcome. Thanks! From bourek at thinline.cz Mon Jun 30 22:52:56 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Tue, 01 Jul 2014 00:52:56 +0200 Subject: Mailboxes are in Maildir format. Any good backup tips? Had success with version control? In-Reply-To: References: Message-ID: <53B1EA48.2020806@thinline.cz> On 1.7.2014 00:28, deoren wrote: > I'm still pretty new to running a mail server, but one thing I've come > to appreciate over the years is a good backup strategy. Since I have > always run my own servers for practice and for personal use I don't have > access to Enterprise backup solutions. Because of that I usually just > fall back to scripts and tarballs and offload the content on a regular > basis. > > Right now I'm using LVM snapshots + tarballs for daily backups, but I'd > like to get better coverage for incremental changes that occur > throughout the day. The size of existing content is low, but (small) > changes are frequent. > > I went with Maildir format because based on my reading it is referred to > as time tested and corruption resistant. Because individual emails are > stored as separate files this also leads me to believe that a version > control system (Git, SVN) would allow for easy point in time restores. > > I'm also going to research the GNU tar utility's support for incremental > archives as that sounds promising. > > Suggestions and warnings are most welcome. > > Thanks! Since you're using maildir, you might want to check rsync out as well, especially with --link-dest. In short, you call rsync on your backup machine like this: rsync --link-dest=previous-backup-dir source new-backup-dir This compares current files with their copies in previous backup. All files which didn't change are hardlinked, saving storage space. From bob at computerisms.ca Mon Jun 30 23:41:25 2014 From: bob at computerisms.ca (Bob Miller) Date: Mon, 30 Jun 2014 16:41:25 -0700 Subject: Mailboxes are in Maildir format. Any good backup tips? Had success with version control? In-Reply-To: <53B1EA48.2020806@thinline.cz> References: <53B1EA48.2020806@thinline.cz> Message-ID: <1404171685.5018.15.camel@worklian> Hi, > > > > Suggestions and warnings are most welcome. > > > > Thanks! > > Since you're using maildir, you might want to check rsync out as well, > especially with --link-dest. In short, you call rsync on your backup > machine like this: > > rsync --link-dest=previous-backup-dir source new-backup-dir check out rsnapshot. Tried, tested, and true on my systems for just short of a decade now... From kaustubh at mithi.com Thu Jun 26 09:37:26 2014 From: kaustubh at mithi.com (kaustubh) Date: Thu, 26 Jun 2014 02:37:26 -0700 (PDT) Subject: Imaptest script testing Message-ID: <1403775446782-48607.post@n4.nabble.com> http://www.imapwiki.org/ImapTest/ I am doing imap testing using imaptest scripts. But, i am unable to append message. APPEND INBOX "15-Jun-2015 05:30:05 -0700" "From:abc at gmail.com" "Subject: test. HI this is msg". This command i am using in my testing script. Command executed properly. But, it is not appending mail which is i entered into command. Imaptest appending his own mail into mailbox. please tell me whether i am doing it wrong way. How to append msg i entered into command using imaptest ?? -- View this message in context: http://dovecot.2317879.n4.nabble.com/Imaptest-script-testing-tp48607.html Sent from the Dovecot mailing list archive at Nabble.com. From gfa at zumbi.com.ar Sat Jun 28 02:57:51 2014 From: gfa at zumbi.com.ar (gustavo panizzo ) Date: Fri, 27 Jun 2014 23:57:51 -0300 Subject: mixing Maildir and mdbox Message-ID: <53AE2F2F.2040209@zumbi.com.ar> Hello i'm in the process to architect a new email system. i plan to use dovecot 2.2.9 (debian's wheezy). i would like to use maildir for 2 folders on each account (spam and no-spam) and the rest of the folders stored on mdbox. this should be opaque to my users. the reason for this, is i want to be able to train my anti-spam tools, but they read maildir or mbox, they don't read mdbox or dbox. but i want the other folders as mdbox (performance, backups, alternate storage) is there any way?, i prefer if is configurable in advance for all accounts but i could live with something that is done after account is created thanks! PD: please keep me CC'ed as i'm not subscribed to the list -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 From frank2 at fjl.co.uk Mon Jun 30 10:59:47 2014 From: frank2 at fjl.co.uk (Frank Leonhardt (M)) Date: Mon, 30 Jun 2014 11:59:47 +0100 Subject: Sieve seems to break mailbody during automatic redirection In-Reply-To: <53B12962.2030900@enas.net> References: <53B12962.2030900@enas.net> Message-ID: In case this helps, ctrl-m (0x0d) is ASCII carriage return. Ctrl-a (0x0a) is line feed. On old mechanical terminal (e.g. Teletype) you needed both to get to start of new line. CP/M, on which MS-DOS was based maintained this. UNIX used just 0x0a for new line. AppleDOS used just 0x0d. And it's been a PITA ever since as nothing based on these early systems has ever changed. IBM didn't use ASCII, so be glad there are only three "standards" Regards, Frank On June 30, 2014 10:09:54 AM GMT+01:00, Urban Loesch wrote: >Hi, > >I have a strange problem with sieve. >After upgrading to 2.2.13 sieve seems to break the mailbody during >automatic redirection. > >I have the following configuration. > >- User A sends mail to User B. >- User B has an automatic redirect to User C >- User C geht the mailbody broken > >I did some debugging. > > >This is a part of the mailbody which i grabbed from the mailqueue >before the mail gets delivered to user B: > >... >Message-ID: <53B12105.2020207 at domain.net> >Date: Mon, 30 Jun 2014 10:34:13 +0200 >From: =?ISO-8859-15?Q?Urban_L=F6sch_Enas?= >User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 >Thunderbird/24.2.0 >MIME-Version: 1.0 >To: Urban Loesch >Subject: testmail 5 >X-Enigmail-Version: 1.6 >Content-Type: multipart/mixed; > boundary="------------040308070600090201000704" > >This is a multi-part message in MIME format. >--------------040308070600090201000704 >Content-Type: text/plain; charset=ISO-8859-15 >Content-Transfer-Encoding: 7bit > > >--------------040308070600090201000704 >Content-Type: application/rtf; > name="elenco_siti_inibiti.2.rtf" >Content-Transfer-Encoding: base64 >Content-Disposition: attachment; > filename="elenco_siti_inibiti.2.rtf" > >e1xydGYxXGFkZWZsYW5nMTAyNVxhbnNpXGFuc2ljcGcxMjUyXHVjMVxhZGVmZjBcZGVmZjBc >c3RzaGZkYmNoMFxzdHNoZmxvY2gwXHN0c2hmaGljaDBcc3RzaGZiaTBcZGVmbGFuZzEwNDBc >ZGVmbGFuZ2ZlMTA0MFx0aGVtZWxhbmcxMDQwXHRoZW1lbGFuZ2ZlMFx0aGVtZWxhbmdjczB7 >XGZvbnR0Ymx7XGYwXGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAw >MjAyMDYwMzA1MDQwNTAyMDMwNH1UaW1lcyBOZXcgUm9tYW47fQ0Ke1xmMVxmYmlkaSBcZnN3 >aXNzXGZjaGFyc2V0MFxmcHJxMntcKlxwYW5vc2UgMDIwYjA2MDQwMjAyMDIwMjAyMDR9QXJp >YWx7XCpcZmFsdCBBcmlhbH07fXtcZjJcZmJpZGkgXGZtb2Rlcm5cZmNoYXJzZXQwXGZwcnEx >e1wqXHBhbm9zZSAwMjA3MDMwOTAyMDIwNTAyMDQwNH1Db3VyaWVyIE5ldzt9e1xmM1xmYmlk >aSBcZnJvbWFuXGZjaGFyc2V0MlxmcHJxMntcKlxwYW5vc2UgMDUwNTAxMDIwMTA3MDYwMjA1 >MDd9U3ltYm9sO30NCntcZjRcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDBcZnBycTJ7XCpccGFu >b3NlIDAyMGIwNjA0MDIwMjAyMDIwMjA0fUhlbHZldGljYTt9e1xmNVxmYmlkaSBcZm1vZGVy >blxmY2hhcnNldDBcZnBycTF7XCpccGFub3NlIDAyMDcwNDA5MDIwMjA1MDIwNDA0fUNvdXJp >ZXI7fXtcZjZcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMDIw >NjAzMDQwNTA1MDIwMzA0fVRtcyBSbW57XCpcZmFsdCBUaW1lcyBOZXcgUm9tYW59O30NCntc >ZjdcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMGIwNjA0MDIw >MjAyMDMwMjA0fUhlbHY7fXtcZjhcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7XCpc >cGFub3NlIDAyMDQwNTAzMDYwNTA2MDIwMzA0fU5ldyBZb3JrO317XGY5XGZiaWRpIFxmc3dp >c3NcZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAwMDAwMDAwMDAwMDAwMDAwMDAwMH1TeXN0 >ZW07fQ0Ke1xmMTBcZmJpZGkgXGZuaWxcZmNoYXJzZXQyXGZwcnEye1wqXHBhbm9zZSAwNTAw >MDAwMDAwMDAwMDAwMDAwMH1XaW5nZGluZ3M7fXtcZjExXGZiaWRpIFxmbW9kZXJuXGZjaGFy >c2V0MTI4XGZwcnExe1wqXHBhbm9zZSAwMjAyMDYwOTA0MDIwNTA4MDMwNH1NUyBNaW5jaG97 >XCpcZmFsdCA/bD9yID8/XCc4MVwnNjZjfTt9DQp7XGYxMlxmYmlkaSBcZnJvbWFuXGZjaGFy >c2V0MTI5XGZwcnEye1wqXHBhbm9zZSAwMjAzMDYwMDAwMDEwMTAxMDEwMX1CYXRhbmd7XCpc >ZmFsdCA/Pz8/P0U/Pz8/P0VjRT8/Pz8/RT8/Y0VjRT8/Pz8/fTt9e1xmMTNcZmJpZGkgXGZu >aWxcZmNoYXJzZXQxMzRcZnBycTJ7XCpccGFub3NlIDAyMDEwNjAwMDMwMTAxMDEwMTAxfVNp >bVN1bntcKlxmYWx0ID8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz99O30NCntcZjE0 >XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxMzZcZnBycTJ7XCpccGFub3NlIDAyMDIwNTAwMDAw >MDAwMDAwMDAwfVBNaW5nTGlVe1wqXGZhbHQgIVBzMk9jdUFlfTt9e1xmMTVcZmJpZGkgXGZt >b2Rlcm5cZmNoYXJzZXQxMjhcZnBycTF7XCpccGFub3NlIDAyMGIwNjA5MDcwMjA1MDgwMjA0 >fU1TIEdvdGhpY3tcKlxmYWx0ID9sP3IgP1M/Vj9iP059O30NCntcZjE2XGZiaWRpIFxmc3dp >c3NcZmNoYXJzZXQxMjlcZnBycTJ7XCpccGFub3NlIDAyMGIwNjAwMDAwMTAxMDEwMTAxfURv >dHVte1wqXGZhbHQgPz8/Pz9FPz9jRT8/Pz8/RWNFPz8/Pz9FPz8/Pz9FY307fXtcZjE3XGZi >aWRpIFxmbW9kZXJuXGZjaGFyc2V0MTM0XGZwcnExe1wqXHBhbm9zZSAwMjAxMDYwOTA2MDEw >MTAxMDEwMX1TaW1IZWl7XCpcZmFsdCBvPz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/ >fTt9DQp7XGYxOFxmYmlkaSBcZm1vZGVyblxmY2hhcnNldDEzNlxmcHJxMXtcKlxwYW5vc2Ug >... > >Looks normal to me. > >Now: >This is the part of the mailbody which i grabbed from the mailqueue >after user B has received the mail and sieve has injectd >it to the mailqueue for delivering to user C. > >... >Message-ID: <53B12105.2020207 at domain.net> >Date: Mon, 30 Jun 2014 10:34:13 +0200 >From: =?ISO-8859-15?Q?Urban_L=F6sch_Enas?= >User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 >Thunderbird/24.2.0 >MIME-Version: 1.0 >To: Urban Loesch >Subject: testmail 5 >X-Enigmail-Version: 1.6 >Content-Type: multipart/mixed; > boundary="------------040308070600090201000704" > >This is a multi-part message in MIME format.^M >--------------040308070600090201000704^M >Content-Type: text/plain; charset=ISO-8859-15^M >Content-Transfer-Encoding: 7bit^M >^M >^M >--------------040308070600090201000704^M >Content-Type: application/rtf;^M > name="elenco_siti_inibiti.2.rtf"^M >Content-Transfer-Encoding: base64^M >Content-Disposition: attachment;^M > filename="elenco_siti_inibiti.2.rtf"^M >^M >e1xydGYxXGFkZWZsYW5nMTAyNVxhbnNpXGFuc2ljcGcxMjUyXHVjMVxhZGVmZjBcZGVmZjBc^M >c3RzaGZkYmNoMFxzdHNoZmxvY2gwXHN0c2hmaGljaDBcc3RzaGZiaTBcZGVmbGFuZzEwNDBc^M >ZGVmbGFuZ2ZlMTA0MFx0aGVtZWxhbmcxMDQwXHRoZW1lbGFuZ2ZlMFx0aGVtZWxhbmdjczB7^M >XGZvbnR0Ymx7XGYwXGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAw^M >MjAyMDYwMzA1MDQwNTAyMDMwNH1UaW1lcyBOZXcgUm9tYW47fQ0Ke1xmMVxmYmlkaSBcZnN3^M >aXNzXGZjaGFyc2V0MFxmcHJxMntcKlxwYW5vc2UgMDIwYjA2MDQwMjAyMDIwMjAyMDR9QXJp^M >YWx7XCpcZmFsdCBBcmlhbH07fXtcZjJcZmJpZGkgXGZtb2Rlcm5cZmNoYXJzZXQwXGZwcnEx^M >e1wqXHBhbm9zZSAwMjA3MDMwOTAyMDIwNTAyMDQwNH1Db3VyaWVyIE5ldzt9e1xmM1xmYmlk^M >aSBcZnJvbWFuXGZjaGFyc2V0MlxmcHJxMntcKlxwYW5vc2UgMDUwNTAxMDIwMTA3MDYwMjA1^M >MDd9U3ltYm9sO30NCntcZjRcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDBcZnBycTJ7XCpccGFu^M >b3NlIDAyMGIwNjA0MDIwMjAyMDIwMjA0fUhlbHZldGljYTt9e1xmNVxmYmlkaSBcZm1vZGVy^M >blxmY2hhcnNldDBcZnBycTF7XCpccGFub3NlIDAyMDcwNDA5MDIwMjA1MDIwNDA0fUNvdXJp^M >ZXI7fXtcZjZcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMDIw^M >NjAzMDQwNTA1MDIwMzA0fVRtcyBSbW57XCpcZmFsdCBUaW1lcyBOZXcgUm9tYW59O30NCntc^M >ZjdcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMGIwNjA0MDIw^M >MjAyMDMwMjA0fUhlbHY7fXtcZjhcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7XCpc^M >cGFub3NlIDAyMDQwNTAzMDYwNTA2MDIwMzA0fU5ldyBZb3JrO317XGY5XGZiaWRpIFxmc3dp^M >c3NcZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAwMDAwMDAwMDAwMDAwMDAwMDAwMH1TeXN0^M >ZW07fQ0Ke1xmMTBcZmJpZGkgXGZuaWxcZmNoYXJzZXQyXGZwcnEye1wqXHBhbm9zZSAwNTAw^M >MDAwMDAwMDAwMDAwMDAwMH1XaW5nZGluZ3M7fXtcZjExXGZiaWRpIFxmbW9kZXJuXGZjaGFy^M >c2V0MTI4XGZwcnExe1wqXHBhbm9zZSAwMjAyMDYwOTA0MDIwNTA4MDMwNH1NUyBNaW5jaG97^M >XCpcZmFsdCA/bD9yID8/XCc4MVwnNjZjfTt9DQp7XGYxMlxmYmlkaSBcZnJvbWFuXGZjaGFy^M >c2V0MTI5XGZwcnEye1wqXHBhbm9zZSAwMjAzMDYwMDAwMDEwMTAxMDEwMX1CYXRhbmd7XCpc^M >ZmFsdCA/Pz8/P0U/Pz8/P0VjRT8/Pz8/RT8/Y0VjRT8/Pz8/fTt9e1xmMTNcZmJpZGkgXGZu^M >aWxcZmNoYXJzZXQxMzRcZnBycTJ7XCpccGFub3NlIDAyMDEwNjAwMDMwMTAxMDEwMTAxfVNp^M >bVN1bntcKlxmYWx0ID8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz99O30NCntcZjE0^M >XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxMzZcZnBycTJ7XCpccGFub3NlIDAyMDIwNTAwMDAw^M >MDAwMDAwMDAwfVBNaW5nTGlVe1wqXGZhbHQgIVBzMk9jdUFlfTt9e1xmMTVcZmJpZGkgXGZt^M >b2Rlcm5cZmNoYXJzZXQxMjhcZnBycTF7XCpccGFub3NlIDAyMGIwNjA5MDcwMjA1MDgwMjA0^M >fU1TIEdvdGhpY3tcKlxmYWx0ID9sP3IgP1M/Vj9iP059O30NCntcZjE2XGZiaWRpIFxmc3dp^M >c3NcZmNoYXJzZXQxMjlcZnBycTJ7XCpccGFub3NlIDAyMGIwNjAwMDAwMTAxMDEwMTAxfURv^M >dHVte1wqXGZhbHQgPz8/Pz9FPz9jRT8/Pz8/RWNFPz8/Pz9FPz8/Pz9FY307fXtcZjE3XGZi^M >aWRpIFxmbW9kZXJuXGZjaGFyc2V0MTM0XGZwcnExe1wqXHBhbm9zZSAwMjAxMDYwOTA2MDEw^M >MTAxMDEwMX1TaW1IZWl7XCpcZmFsdCBvPz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/^M >fTt9DQp7XGYxOFxmYmlkaSBcZm1vZGVyblxmY2hhcnNldDEzNlxmcHJxMXtcKlxwYW5vc2Ug^M >MDIwMjA1MDkwMDAwMDAwMDAwMDB9TWluZ0xpVXtcKlxmYWx0IDJPY3VBZX07fXtcZjE5XGZi^M >aWRpIFxmcm9tYW5cZmNoYXJzZXQxMjhcZnBycTF7XCpccGFub3NlIDAyMDIwNjA5MDQwMzA1^M >MDgwMzA1fU1pbmNob3tcKlxmYWx0ID8/XCc4MVwnNjZjfTt9DQp7XGYyMFxmYmlkaSBcZnN3^M >... > >The part of the mail-header looks normal. > >But as you can see at beginning of the mailbody something inserts the >strange character "^M" >after each newline. According to Google this is a endline charachter >from Windows. And this >seems to break some clients (Eg. Lotus Notes). > >With dovecot version 2.1.x I don't have this problem. > >Have you any solution for me? > >Many thanks >Urban Loesch From robert.gierzinger at hpc.at Mon Jun 30 23:05:56 2014 From: robert.gierzinger at hpc.at (Robert Gierzinger) Date: Tue, 01 Jul 2014 01:05:56 +0200 Subject: Mailboxes are in Maildir format. Any good backup tips? Had success with version control? In-Reply-To: References: Message-ID: <53B1ED54.8000800@hpc.at> On 2014-07-01 00:28, deoren wrote: > I'm still pretty new to running a mail server, but one thing I've come > to appreciate over the years is a good backup strategy. Since I have > always run my own servers for practice and for personal use I don't > have access to Enterprise backup solutions. Because of that I usually > just fall back to scripts and tarballs and offload the content on a > regular basis. > > Suggestions and warnings are most welcome. > I suggest rdiff-backup: a great tool that keeps an actual sync (rsync-based) of the data-directory and the metadata (delta) in a seperate directory to restore data from any date. Alternatively, you might want to take a look at bacula, which was faster in most cases (development seems to have stalled, but there is a fork I have not had time to take a look at: bareos). However, I liked the rdiff-backup way because I can restore files via scp or rsync (most of my requests were like "please restore from yesterday") or if I want to restore data from a certain date I can use rdiff-backup from command line (bacula is much more complex, and you need the admin tool to restore files) hth, Robert